Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Cf-Request-Id
CF-RAY
CF-Cache-Status
Last-Modified
X-XSS-Protection
Accept-Ranges
Link
Pragma
ETag
Expect-CT
X-Powered-By
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
Alt-Svc
X-Served-By
X-Timer
X-Download-Options
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-Runtime
X-AspNet-Version
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Permitted-Cross-Domain-Policies
X-Check
X-Xss-Protection
X-Cache-Status
X-Generator
X-Request-ID
X-DNS-Prefetch-Control
X-Cacheable
Timing-Allow-Origin
X-Iinfo
X-Content-Security-Policy
Content-Encoding
X-CDN
X-Envoy-Upstream-Service-Time
Status
Feature-Policy
X-Ua-Compatible
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
X-AspNetMvc-Version
Access-Control-Max-Age
X-Via
Upgrade
Keep-Alive
X-Ws-Request-Id
X-Age
X-Turbo-Charged-By
X-AH-Environment
X-Robots-Tag
Request-Context
X-Proxy-Cache
EagleId
X-Cache-Group
Server-Timing
X-Backend
X-Hacker
X-Amz-Request-Id
Report-To
X-Server
Host-Header
X-Amz-Id-2
X-Server-Powered-By
Grace
X-Nginx-Cache-Status
X-UA-Device
X-LiteSpeed-Cache
X-Dns-Prefetch-Control
X-Varnish-Cache
X-Rq
Ali-Swift-Global-Savetime
X-Swift-CacheTime
X-Swift-SaveTime
X-Page-Speed
Cf-Railgun
X-Pingback
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
NEL
X-Amz-Version-Id
X-OneAgent-JS-Injection
Xkey
X-WebKit-CSP
X-Cache-Spec
Allow
X-Backend-Server
X-Host
X-CST
X-Vhost
X-Device
EagleEye-TraceId
X-Server-Id
X-ASPNET-VERSION
Surrogate-Control
Request-Id
X-Dispatcher
Accept-CH
X-Node
Content-Location
X-Response-Time
Accept-CH-Lifetime
X-Akam-SW-Version
X-Ruxit-JS-Agent
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Ac
X-Template
X-Application-Context
X-Language
X-Kinja-Server-Push
X-Country
X-Cache-Lookup
X-Readtime
X-Mod-Pagespeed
X-Cloud-Trace-Context
MS-Author-Via
X-B3-TraceId
X-Origin-Cache
Rating
X-Cnection
X-MS-InvokeApp
X-Url
X-HW
X-Vname
X-TtlSet
X-PC
X-ORACLE-DMS-ECID
Accept-Ch
X-Clacks-Overhead
X-ESI
X-FastCGI-Cache
X-GitHub-Request-Id
Edge-Control
X-Trace
Accept-Ch-Lifetime
X-Sol
X-Middleton-Response
X-Middleton-Display
Pagespeed
Response
Display
X-Content-Type
X-D2id
X-Kinja
Arr-Disable-Session-Affinity
X-Vcap-Request-Id
X-Kinja-Build
X-Exp-Variant
Verso
X-Cdn-Fetch
X-Exp-Id
X-Kinja-Server
X-GoogleNews-Bot
X-Kinja-Revision
X-Use-Magma
X-Buckets
X-Goog-Hash
X-Rack-Cache
X-Server-Name
X-Country-Code
Service-Worker-Allowed
X-Navigation-Version
X-Varnish-TTL
X-Abt-Application-Version
X-VARITI-CCR
X-Amz-Rid
X-Oneagent-Js-Injection
X-ORACLE-DMS-RID
Pinterest-Generated-By
X-Powered-By-Plesk
Pinterest-Version
X-Pinterest-Rid
X-Cache-TTL
X-Client-IP
X-SharePointHealthScore
SPRequestGuid
X-Fastly-Request-ID
X-Release
X-MSEdge-Ref
SPIisLatency
SPRequestDuration
X-Element-Page-Cache
X-Dw-Request-Base-Id
Fastly-Restarts
X-NF-Request-ID
X-TTL
X-Cached
Public-Key-Pins
MRF-Tech
Mrf-Cache-Status
X-B3-TraceId-Primal
RTSS
X-Origin-Upstream-Status
X-Edge
Ar-Sid
AR-PoweredBy
AR-Request-ID
AR-ATIME
AR-CACHE
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Webkit-CSP
X-Px
Access-Control-Request-Method
X-LLID
X-Powered-CMS
Fusion-Component-Id
Fusion-Template-Id
Fusion-Content-Id
Fusion-Content-Source
Fusion-Source
Fusion-Deployment-Id
X-Ezoic-Cdn
X-Ttl
X-Upstream
Content-MD5
X-HP-Webp
X-Jurisdiction
X-ECACHE
X-Mid
X-Amz-Server-Side-Encryption
X-MCACHE
Charset
Cache-Tag
X-Recruiting
X-Content-Digest
X-Mg-S
S
X-Pinterest-Direct
X-PressLabs-Stats
X-Version
X-Aspnetmvc-Version
TCN
MicrosoftSharePointTeamServices
Fastcgi-Cache
X-Debug
Front-End-Https
X-Content-Security-Policy-Report-Only
X-T
X-Grace
X-Id
Filters
X-Kinsta-Cache
Cache-Tags
Server-Node
Edge-Cache-Tag
X-Forwarded-Proto
X-Accel-Expires
X-Logged-In
X-Forwarded-For
X-Amzn-Trace-Id
X-Yandex-Sdch-Disable
Server-Name
X-XRDS-Location
Nginx-Cache
Surrogate-Key
X-Kong-Proxy-Latency
X-Varnish-Age
X-Kong-Upstream-Latency
X-Cache-Key
X-Correlation-Id
TP-L2-Cache
TP-Cache
X-B3-Sampled
X-Request-Received
X-Request-Handler-Origin-Region
X-DynaTrace
X-Request-Processing-Time
X-Microsite
X-Hits
X-Ser
X-DIS-Request-ID
Powered-By-ChinaCache
X-Shield-Request-Id
X-Az
X-AppVersion
X-Activity-Id
X-Amz-Replication-Status
X-Server-ID
X-HS-Cache-Config
X-F-Cache
X-HS-Combine-CSS
X-HS-Hub-Id
X-HS-Content-Id
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-Goog-Generation
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
Accept-Charset
X-Origin-Server
X-FTR-Request-ID
X-Git-Hash
X-Respond-Thread
X-Hostname
X-Geo-Country
X-LB-Cache
X-Upgrade-Enabled
X-DataDome
X-Rid
Section-Io-Cache
X-XRDS-LOCATION
X-Frontend
X-Cache-Age
Access-Control-Allow-Method
Cache
Alternate-Protocol
X-Mobile-URL
Host
Cleartype
Paypal-Debug-Id
MS-CV
X-Type
X-IPLB-Instance
X-Content-Options
Healthy
ServerID
X-AOL-HN
X-WebKit-CSP-Report-Only
X-Ruxit-Js-Agent
X-Whom
Payment
X-App-Environment
X-Varnish-Backend
X-B-Cache
X-Aspnet-Duration-Ms
X-Signature
X-Request-Guid
X-Is-Crawler
X-Providence-Cookie
X-Cache-Action
X-Flags
X-Route-Name
X-Seen-By
X-TT
X-VCache
X-Debug-Info
X-Page-Id
Fastcgi-Useragent
X-Jobs
X-NWS-LOG-UUID
X-Source
X-N
X-Time
X-Mobile
X-Browser-Type
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-TEC-API-VERSION
X-Load-Cache
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-RateLimit-Remaining
X-Via-JSL
X-Cached-By
X-Daa-Tunnel
X-FB-Debug
X-Akamai-Edgescape
Version
Nel
X-Cache-Operation
X-Litespeed-Cache
X-Cache-Rule
Viewport
Refresh
X-Rule
X-Response-Served-From
X-Original-Request-Id
DynaTrace
X-Accel-Buffering
X-Zen-Fury
X-Framework
X-Drupal-Cache-Tags
DC
X-Proxy
X-Instance
Ms-Operation-Id
X-RTag
X-RemovedCookies
X-ProcessESI
GEO-INFO
X-Cacheable-TTL
X-Fastcgi-Cache
Realpath
X-Real-IP
Access-Control-Request-Headers
X-HTML-Minification-Powered-By
X-Region
X-Cache-Time
X-Tt-Trace-Host
X-Contextid
X-Tt-Trace-Tag
X-Wix-Request-Id
X-UUID
X-Page-View
Referer-Policy
X-FW-Dynamic
X-Drupal-Cache-Contexts
Node
Countrycode
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Distributor
X-FW-Server
X-FW-Type
X-FW-Hash
X-Yottaa-Metrics
X-FW-Static
X-FW-Serve
X-Yottaa-Optimizations
X-Cache-Expired-At
X-L-Path
X-B
X-Environment-Context
Eomportal-Instance
X-Cluster-Name
X-Node-Name
X-G
X-Cache-Control
X-Tumblr-User
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
Liferay-Portal
X-Content-Powered-By
X-IPS-LoggedIn
X-Cache-Hit
X-User-Agent
Server-Info
X-Ratelimit-Limit
X-Tumblr-Pixel-2
Webserver
X-Amz-Meta-S3cmd-Attrs
X-Pass-Why
X-App-Server
From-Origin
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
Section-Io-Id
X-Varnish-Ttl
Protected
SRV
Ec-Rule-Version
X-FireWall-Port
X-Protected-By
X-Revision
Frame-Options
X-Cache-Server
X-Oracle-Dms-Rid
X-Backend-Name
Cache-Status
CF-IPCountry
X-Www-Served-By
Meta-Geo
X-ES-SERVER
X-RN-RSRV
X-Handled-By
X-Hyper-Cache
X-Mode
X-UPSTREAM-Address
X-Hl-Ver
X-Forwarded-Host
X-Site-Version
X-FB-TRIP-ID
X-Storage
X-Soup
X-NYM-Debug-Backend
X-Endurance-Cache-Level
Retry-After
X-Locale
X-Pubstack
X-Varnishpool
X-Human
Decoy-Debug-TTL
Decoy-Debug-Status
X-Be
X-Web-Node
X-Cache-Grace
Decoy-Debug-Key
Fastly-SSL
Cache-Tv-Group
Country
Azure-SlotName
X-BYPASS-REASON
X-Say-Cacheable
X-UA-Device-Type
Azure-SiteName
Azure-RegionName
Azure-InstanceId
X-TT-LOGID
X-Timing-Wait
X-Format
Azure-Version
X-Access
Webcakes-Region
TWC-Connection-Speed
Selected-Fe
Property-Id
TWC-Device-Class
TWC-GeoIP-Country
TWC-Privacy
Webcakes-App-Name
X-Labrador-Cache-Channel
TWC-GeoIP-LatLong
X-Origin-Date
X-Origin-Hint
X-ProxyCache-Key
TWC-Locale-Group
X-ProxyCache-Status
X-Redis-Cache
X-Say-TTL
X-Proxy-Build
X-Section
Cache-Name
X-PHP-Host
X-Proto
X-SayCDN-TTL
X-Uri
Webcakes-App-Version
X-Tec-Api-Root
X-Adobe-Content
X-Adobe-Loc
X-Tec-Api-Origin
X-Tec-Api-Version
X-OCL
X-PERF
X-FW-Version
X-ApacheServer
X-Via-CDN
X-AIR-PT
X-S-Maxage
X-PCL
X-WA-Info
X-Server-W
X-Sql-Count
X-Sql-Duration-Ms
X-No-Session
Xserver
X-Via-Fastly
X-Request-Time
X-Loop
X-LAGOON
X-Hosted-By
X-R9-Blue-Green-Version
X-TNCMS
X-MP-GENERATED-AT
X-Country-Code-Real
Mn-Server-Ip
X-FTR-Balancer
X-FTR-Backend
X-FTR-Backend-Server
X-Status
X-FTR-Cache-Status
X-Qloud-Router
X-Cluster
X-AWS-Id
X-VWS-Id
S-Cnection
X-LJ-Flow-ID
X-FTR-DC
X-FTR-Realm
X-Sorting-Hat-PodId
X-Shopify-Stage
X-ShopId
X-Proxied
X-Sorting-Hat-ShopId
X-Storefront-Renderer-Rendered
X-ShardId
X-Cache-TTL-Remaining
X-Routing-Service
X-Alternate-Cache-Key
X-Zipkin-Id
X-FTR-Expires
X-Ratelimit-Remaining
Cache-Hits
X-Rendered-As
X-Is-Bot
X-CCM
X-Dc
X-Dynatrace
X-Xfnlog-Site
X-Device-Type
X-Unique-Id
X-Cache-Var
X-Air-Hostname
X-Cache-Var-Map
X-Detected-As
X-Nginx-Cache
X-Info
AMP-Access-Control-Allow-Source-Origin
X-EdgeConnect-Cache-Status
X-Cache-Host
X-Webkit-Csp
Apigw-Requestid
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Amzn-Remapped-Content-Length
X-Cdn
X-Debug-IsConnected
X-Debug-IsPreview
X-Microcachable
X-SRV
X-APP-VERSION
X-Cache-Enabled
X-Content-Age
X-Varnish-Grace
X-GEO
SD-X-WS
X-Varnish-Server
X-Platform
X-Correlation-ID
Tracecode
X-Time-Microsecs
Amp-Access-Control-Allow-Source-Origin
X-Backend-TTL
X-Azure-Ref
X-GG-Cache-Date
X-DynaTrace-JS-Agent
X-ServerID
X-Cache-Backend
Uber-Trace-Id
X-Backend-Host
X-Erf-Stays-Bingo-Pdp-Web
X-Proxy-Cache-Status
DSUID
X-Oss-Server-Time
X-BCube-Filmed-By
Akamai-GRN
X-Oss-Request-Id
X-NewRelic-App-Data
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-Tb
X-Oss-Storage-Class
X-ATG-Version
X-CSRF-Token
PB-PID
X-Sucuri-ID
Backend
Arc-Version
PB-RID
ServedBy
X-Magnolia-Registration
X-Trace-Id
X-Varnish-Hostname
X-RCS-CacheZone
X-VG-WebCache
Lfy
X-Cache-NGX
X-Vdms-Version
BehaviorPad-Version
X-Cache-PHP
Instruction
DCR-Processing-Time-Ms
X-Vtex-Remote-Cache
X-VG-WebServer
DCR-Decision-By
Expiry
Fastcgi-X-Cache-Version
X-Varnish-Cache-Hits
Xc-Version
X-Vtex-Processado-Em
X-SRCache-Key
X-D
X-Connection-Hash
X-Destination
X-Device-Os
X-Rewrite-Enabled
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-Aed
X-A-Wwc
X-Application
X-ARC
X-Cache-NE
X-External-Request-Id
X-Fetched-On
X-Origin-CC
X-Matched-Rule
X-Processor
X-Origin-TTL
X-PAYTM-SRV-ID
X-Location
X-Request-UUID
X-Generated-On
X-From
X-Generation-Time
X-GeoIP-City
X-Level-Front-Cache
X-Rojux
X-A-Dgt
Rendered-Blocks
Release
X-Trv-Group
SR-User-Adfree
T-Server
X-Vdms-Path
Pramga
Meta-Geo-Continent
MD5-Digest
Mobile-Detection-Method
Odigeo-Trace-Id
Path
X-Thinkindot-L3
Thinkindot-CacheControl
X-S
X-S-Cookie
X-A-Ccd
X-A-Dam
X-A-Dcw
X-A
Thinkindot-Control
X-PBS-Appsvrname
X-Session-Fingerprint
X-ScT
Thinkindot-CacheControl-Type
Machine
X-B-Cookie
X-Origin-Response-Time
X-Akamai-Transformed
X-Cache-Date
X-Cache-Bucket
X-Bip
X-Cache-Info
X-Cdn-Origin
X-Eu-Site
X-Csrf-Jwt
X-CGP
X-NWS-UUID-VERIFY
X-Backend-State
X-FC-Vary-Parameters
HA-Ipaddr
Ha-Gx-Prefs
Gh-Request-Id
Fastly-Backend-Name
Host-ID
L5d-Success-Class
UCS
Ssr
Pagetype
X-Azure-Ref-OriginShield
X-Generated-In
X-SVT-ORM-RULES
X-Sn-Servicetimems
X-Skip-Cache
X-Reqid
X-SVT-ORM-VERSION
X-Swa-Ws
X-VServer
X-User
X-Tumblr-Pixel-3
X-Thanos
X-Owner
X-OVcl-Cache
X-HS-Content-Campaign-Id
X-Has-Esi
X-GeoIP
X-Geo-Header
X-Irp-Debug
X-Is-Gdpr
X-Node-Id
X-Mvc-Supplant-Cachable
X-Micro-Cache
X-JWT-State
Cf-Device-Type
X-OVcl
CacheControlHeader
Cache-Host
X-Debug-Cache
AKAMAI
X-Ms-Request-Id
X-Ms-Version
C-Via
DB-Nickname
X-Generated-By
X-Varnish-Hits
NGX
X-B3-Traceid
PFcat
Server-Hostname
Sever-Int
X-Adobe-Source
Server-Ext
Server-Host
X-Fastly-Backend
X-TrackingId
Wxu-Next-Hostname
Wxu-Next-Commit
Wxu-Next-Region
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-Cache-Tags
X-Clientip
X-Developer
User-Cache-Control
X-CUA
X-VarnishDD-TTL
V-Age
X-Developers
On-Server
CloudFront-Viewer-Country
X-IP
X-Request-Host
X-Scheme
X-Policy
X-Origin-Expires
X-Nginx-Cache-Key
X-Cache-Remote
L
X-Var-Ttl
Magicmarker
Locid
X-Request-URI
X-HN
X-Servername
X-SIPLIST1
X-Core-Value
X-Varnish-Remaining-TTL
X-Request-Start
X-Cms-Context
X-Rebelmouse-Cache-Control
Adler-Geo
Apple-News-Services-Handled
X-Block-Status
X-DefElseHash
X-Cache-Id
X-Rebelmouse-Surrogate-Control
Apple-News-Services-Host
X-Branch-Name
X-Method
X-Varnish-CookieHashed-On
X-Fastly-Cache
X-Variation
X-Varnish-CookieINHashed-On
Apple-News-Services-Parsed-Url
X-Gen-Mode
X-GoCache-CacheStatus
X-Varnish-Beresp-Grace
X-Hnp-Log
X-Esi-Check
X-Envoy-Decorator-Operation
X-Loc
X-Gzip
X-Old-Content-Length
X-Origin
X-LI-UUID
X-Li-Pop
X-DPWN-IS-SECURE
X-Dispatcher-Server
X-Li-Fabric
X-DefHash
X-Cache-Expires
Content-Disposition
HostName
X-TA-CDN-Provider
IsBot
NM-Fastcgi-Cache
Web-Mar-Node
True-Client-Country-4JS
Vix-Hermes-Req-Id
Platform
Origin
Is-Eu
Apple-News-Services-Request-Url
Cf-Bgj
CDCHOST
Fastly-SIE
Fastly-SWR
Location
X-NC
X-ID
X-NAPM-TraceId
CDN-EdgeStorageId
Rt-Fastcgi-Cache
X-Slack-Backend
CDN-CachedAt
Fastly-Drupal-HTML
CDN-Cache
X-Varnish-Beresp-Status
X-B3-Spanid
X-TX-ID
X-NU-AKA-ACS-Version
X-WADP-Cache
X-Varnish-Beresp-Ttl
CDN-PullZone
X-Gamma-Serve
X-Fmm-Version
X-Platform-Server
X-VG-TLSProxy
X-Ratelimit-Reset
X-Goog-Meta-Goog-Reserved-File-Mtime
CDN-RequestCountryCode
CDN-RequestId
CDN-Uid
X-Clara-WADP
X-Cache-Debug
X-Hash
X-Varnish-Url
X-Core-Mission
X-EC-Lua
Url
X-NCache
X-Host-Name
CACHE
X-PF-Uncompressing
S-Rt
X-Mvc-Supplant-OutputCached
X-Aicache-OS
X-Varnish-Cacheable
X-Cdn-Forward
X-Response-By
X-B3-SpanId
Sid
X-LB-ID
X-CS
X-Proxy-Cachei7
Xkeyi7
X-Refresh
X-App-Version
X-CACHE-GROUP
X-BBXSRF
N-Cache
Cross-Origin-Window-Policy
Pics-Label
X-CDN-Forward
Content-Secure-Policy
X-Sucuri-Cache
Esi-Enabled
X-Cache-2
X-FireWall-Protection
Ohc-File-Size
X-Cc-Req-Id
X-Cc-Via
D-Cc-Upstream
Cteonnt-Length
X-Srv
X-Varnish-Authentication
X-Via-Popv
X-Via-Popn
X-Cache-ASPX
X-Contensis-Viewer-Groups
X-Epic-Correlation-Id
X-Via-Poph
X-Cs
X-Error
X-Svr
X-Tb-Optimization-Total-Bytes-Saved
X-TraceId
X-Nc
X-Wa
Source
Who
X-Servedbyhost
Req-Svc-Chain
X-Server-IP
MIME-Version
X-Unique-ID
Country-Code
GeoIp-Country-Code
Geoip-Latitude
X-Webkit-CSP-Report-Only
X-Planisys-CDN-Rules
X-Cache-Config
X-API-Version
X-Planisys-CDN-TTL
X-HS-Status
HitType
X-Nyt-Route
X-DC
X-Origin-Time
X-Gdpr
X-FPC
X-Planisys-CDN-Cache
X-RateLimit-Limit
Server-Ttl
X-LiteSpeed-Cache-Control
X-SN
X-VC
X-NGINX-Cache
X-Fastly-Request-Id
X-TIME
X-URL
Ohc-Cache-HIT
Hostname
Kp-EeAlive
Cmstype
X-NodeID
X-Webstats-RespID
X-LI-Proto
Cmsid
Svr
XServer
X-SB
Geo-Info
X-CACHE-KEY
X-Served-From
X-Check-Cacheable
X-SD-PageType
X-VCL-Version
Viewtype
Server-ID
VivaBuild
X-Esi
Cache-Key
A
X-Ua
X-Vgn-Hpd-Reason
X-Viewer-Country
X-Render-Time
NtCoent-Length
X-HOST
X-BBC-Edge-Cache-Status
X-Hcs-Proxy-Type
SID
X-Li-Proto
X-CCDN-Origin-Time
Request-ID
M-TraceId
X-CCDN-CacheTTL
Server-Id
X-Vcl-Version
EpKe-Alive
X-UA
X-Air-Source
X-DSS
X-Auto-Login
X-DI
X-Worker
Resin-Trace
Cache-Provider
X-CF-Powered-By
X-DB
X-DW
X-RAMCache
X-RSL
Cross-Origin-Opener-Policy
X-TIM-N
Arc-Country
X-RPS
TDXMobile
X-RPM
Filterid
X-Ftr-Cache-Host
Upgrade-Insecure-Requests
X-App
ProcessTime
GeoIP-Country-Code
X-Internal-Host
GeoIP-Latitude
X-Dynatrace-Js-Agent
X-CSRF-TOKEN
Processtime
X-Vc
Mime-Version
CDN
Srv
X-Action
X-Cluster-Node
X-FTR-Cache-Host
X-Newrelic-Synthetics
NGB
X-Oss-Cdn-Auth
X-WA
Tcn
X-ServedByHost
X-Service
Proxy-Connection
X-Fpc
CF-Cached-On
X-CLOUD-TRACE-CONTEXT
X-BBC-Origin-Response-Status
X-FORWARDED-FOR
DataCenter
X-Geo
Datacenter
X-HostName
X-HITS
OT-Force-Account-Verify
X-MSEdge-Features
X-MSEdge-Flight
FSS-Cache
X-Forwarded-Site
Cdn
X-Via-NSCOPI
X-Dw-Trace-Id
WZWS-RAY
X-ND-Cache
X-JoinUs
X-NGENIX-Cache
X-PHP-Backend
X-SaId
X-BACKEND-TTL
X-Via-PopV
X-Akamai-Pragma-Client-IP
X-Via-PopN
X-Via-PopH
X-Fastly-Backend-Reqs
X-Extlb
X-Edge-Location
X-Client-Ip
X-Cdn-Request-ID
X-CACHE-AGE
X-Cache-Tag
W
X-Hello
X-Flog
X-ABtesting
X-Lb-Id
X-Parent-Response-Time
PICS-Label
Dnion-Transfer-Encoding
X-IN-APIGATEWAYSSL
X-IN-APIGATEWAY
X-Provided-By
X-Swift-Error
Vha6-Origin
X-PJAX-URL
Surrogated-Key
X-Proxy-Upstream
We-Hiring
X-Pf-Uncompressing
X-Bc-Bl
X-Date
X-Depends-On
X-RateLimit-Limit-Second
X-Pad
X-Region-Sid
X-Oracle-DMS-ECID
Mail-Subject
Epwk-X-Cache
X-Presslabs-Stats
Media-Length
X-RateLimit-Remaining-Second
Memcached
X-Req
X-VC-Cache
X-Accel-Expires-Debug
X-UnsetCookies
Memory
LB
Xet-Cookie
Time
X-ZONE
X-LiteSpeed-Tag
X-Sigma
X-Sigma-Backend
Env
X-Rocket-Build-Number
URI
X-MiniProfiler-Ids
Cf-Ipcountry
X-Zone
X-Men
X-Vcache
X-Amz-Meta-Cb-Modifiedtime
X-Varnish-URL
X-Request-Url
X-APP
X-Air-Trace-Id
X-Ms-Meta-Staticbatchstarttime
X-Acquia-Application-UUID
X-ElasticPress-Search
X-ElasticPress-Query
X-Acquia-Purge-Tags
X-Acquia-Site
X-Akamai-Request-ID
X-Acquia-Application-Trace
X-Akamai-ERPolicy
X-Csrf-Token
X-Akamai-ERRuleID
X-Varnish-Beresp-TTL
X-Request-URL
X-Ms-Meta-Originalurl
X-B3-Parentspanid
CountryCode
X-Snapshot-Date
X-Redis-Duration-Ms
X-Redis-Count
X-Acc-Rdl
Inserted-Into-Cache-At
X-Traceid
X-Tid
Content-Style-Type
X-Acc-Debug-Context
Content-Script-Type
Edge-Copy-Time
NnCoection
X-ServerName
Environment
Phost
X-C
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-Litespeed-Cache-Control
X-Via-Edge
X-Storefront-Renderer-Verified
Ohc-Response-Time
X-Via-SSL