Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
CF-RAY
Cf-Request-Id
CF-Cache-Status
Last-Modified
Accept-Ranges
Link
X-XSS-Protection
Pragma
ETag
Expect-CT
X-Powered-By
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
Alt-Svc
X-Served-By
X-Timer
X-Download-Options
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-Xss-Protection
X-Runtime
X-AspNet-Version
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Permitted-Cross-Domain-Policies
X-Check
X-Cache-Status
X-Generator
X-Request-ID
X-DNS-Prefetch-Control
X-Cacheable
Timing-Allow-Origin
X-Iinfo
X-Content-Security-Policy
Content-Encoding
X-CDN
X-Envoy-Upstream-Service-Time
Status
X-Ua-Compatible
Feature-Policy
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
X-AspNetMvc-Version
Access-Control-Max-Age
X-Via
Upgrade
Keep-Alive
X-Ws-Request-Id
X-Age
X-Turbo-Charged-By
X-AH-Environment
X-Robots-Tag
Request-Context
X-Proxy-Cache
EagleId
X-Cache-Group
Server-Timing
X-Backend
X-Hacker
Report-To
X-Amz-Request-Id
X-Server
Host-Header
X-Amz-Id-2
X-Server-Powered-By
Grace
X-UA-Device
X-Nginx-Cache-Status
X-LiteSpeed-Cache
X-Dns-Prefetch-Control
X-Varnish-Cache
X-Rq
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-Page-Speed
Cf-Railgun
X-Pingback
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
NEL
X-Amz-Version-Id
X-OneAgent-JS-Injection
Xkey
X-Cache-Spec
X-WebKit-CSP
Allow
X-Backend-Server
X-Host
X-CST
X-Vhost
X-Device
EagleEye-TraceId
X-Server-Id
X-ASPNET-VERSION
Surrogate-Control
Request-Id
X-Dispatcher
X-Node
Accept-CH
Content-Location
X-Response-Time
X-Akam-SW-Version
Accept-CH-Lifetime
X-Ruxit-JS-Agent
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Ac
X-Template
X-Application-Context
X-Language
X-Kinja-Server-Push
X-Country
X-Cache-Lookup
P3p
X-Readtime
X-Mod-Pagespeed
X-Cloud-Trace-Context
X-B3-TraceId
MS-Author-Via
X-Origin-Cache
Rating
X-Cnection
X-MS-InvokeApp
X-HW
X-Url
X-ORACLE-DMS-ECID
X-TtlSet
X-Vname
X-PC
Accept-Ch
X-Clacks-Overhead
X-ESI
Edge-Control
X-GitHub-Request-Id
X-FastCGI-Cache
Accept-Ch-Lifetime
X-Trace
Response
X-Middleton-Display
Pagespeed
Display
X-Sol
X-Middleton-Response
X-Content-Type
X-Kinja
X-Use-Magma
X-D2id
X-Kinja-Server
X-Kinja-Build
X-GoogleNews-Bot
X-Cdn-Fetch
X-Kinja-Revision
X-Exp-Variant
X-Exp-Id
Arr-Disable-Session-Affinity
X-Vcap-Request-Id
Verso
X-Buckets
X-Rack-Cache
X-Goog-Hash
X-Server-Name
X-Country-Code
Service-Worker-Allowed
X-Navigation-Version
X-Abt-Application-Version
X-Varnish-TTL
X-VARITI-CCR
X-Amz-Rid
X-Oneagent-Js-Injection
X-ORACLE-DMS-RID
X-Powered-By-Plesk
Pinterest-Version
X-Pinterest-Rid
Pinterest-Generated-By
X-Cache-TTL
X-Client-IP
SPRequestGuid
X-SharePointHealthScore
X-Release
X-Fastly-Request-ID
SPRequestDuration
SPIisLatency
X-MSEdge-Ref
X-Dw-Request-Base-Id
Fastly-Restarts
X-Element-Page-Cache
X-NF-Request-ID
X-TTL
X-Cached
Public-Key-Pins
X-B3-TraceId-Primal
Mrf-Cache-Status
MRF-Tech
RTSS
X-Origin-Upstream-Status
X-Edge
AR-PoweredBy
AR-CACHE
AR-Request-ID
AR-ATIME
Ar-Sid
Access-Control-Request-Method
X-Webkit-CSP
X-Px
X-SRCache-Store-Status
X-LLID
X-SRCache-Fetch-Status
X-Powered-CMS
Fusion-Component-Id
Fusion-Deployment-Id
Fusion-Content-Id
Fusion-Source
Fusion-Content-Source
Fusion-Template-Id
X-Ezoic-Cdn
X-Ttl
X-Upstream
Content-MD5
X-Jurisdiction
X-HP-Webp
X-Amz-Server-Side-Encryption
X-MCACHE
X-Mid
X-ECACHE
Charset
X-Recruiting
X-Content-Digest
Cache-Tag
S
X-Pinterest-Direct
X-Mg-S
X-PressLabs-Stats
X-Aspnetmvc-Version
X-Version
TCN
MicrosoftSharePointTeamServices
Fastcgi-Cache
X-Debug
Front-End-Https
X-Content-Security-Policy-Report-Only
X-T
Filters
X-Id
X-Kinsta-Cache
X-Grace
Cache-Tags
Server-Node
Edge-Cache-Tag
X-XRDS-Location
X-Forwarded-Proto
X-Accel-Expires
X-Forwarded-For
X-Logged-In
X-Correlation-Id
X-Amzn-Trace-Id
X-Yandex-Sdch-Disable
Server-Name
Nginx-Cache
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
Surrogate-Key
X-Varnish-Age
X-Cache-Key
X-B3-Sampled
X-Request-Received
TP-Cache
TP-L2-Cache
X-Request-Processing-Time
X-Microsite
X-DynaTrace
X-Request-Handler-Origin-Region
X-Hits
X-DIS-Request-ID
Powered-By-ChinaCache
X-Shield-Request-Id
X-Ser
X-Az
X-AppVersion
X-Activity-Id
X-Amz-Replication-Status
X-Server-ID
X-HS-Cache-Config
X-HS-Combine-CSS
X-HS-Content-Id
X-HS-Hub-Id
X-F-Cache
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-Origin-Server
X-Goog-Metageneration
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Git-Hash
X-FTR-Request-ID
Accept-Charset
X-Respond-Thread
X-Hostname
X-Geo-Country
X-LB-Cache
X-DataDome
X-Upgrade-Enabled
Section-Io-Cache
X-Rid
X-Frontend
Access-Control-Allow-Method
Alternate-Protocol
Cache
X-Mobile-URL
X-Cache-Age
Host
Paypal-Debug-Id
MS-CV
Cleartype
X-Type
Healthy
X-IPLB-Instance
ServerID
X-WebKit-CSP-Report-Only
X-Ruxit-Js-Agent
X-Content-Options
X-App-Environment
Payment
X-Is-Crawler
X-Flags
X-Debug-Info
X-AOL-HN
X-Seen-By
X-Providence-Cookie
X-Aspnet-Duration-Ms
X-Varnish-Backend
X-Route-Name
X-Request-Guid
X-Signature
X-Cache-Action
X-Whom
X-B-Cache
X-XRDS-LOCATION
X-TT
Fastcgi-Useragent
X-Page-Id
X-VCache
X-NWS-LOG-UUID
X-Jobs
X-Time
X-Mobile
X-N
X-Erf-Bev-Bev
X-Browser-Type
X-Erf-Bev-Bev-Is-Generated
X-Load-Cache
X-Source
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-Via-JSL
X-RateLimit-Remaining
X-Cached-By
X-Daa-Tunnel
X-Akamai-Edgescape
Nel
X-FB-Debug
X-Litespeed-Cache
X-Cache-Rule
X-Cache-Operation
Viewport
Refresh
Version
X-Accel-Buffering
X-Response-Served-From
DynaTrace
X-Rule
X-Original-Request-Id
DC
X-Zen-Fury
X-Proxy
X-Drupal-Cache-Tags
X-Framework
X-RTag
GEO-INFO
Ms-Operation-Id
X-Instance
X-ProcessESI
X-RemovedCookies
X-Tt-Trace-Tag
X-Contextid
Realpath
X-Cacheable-TTL
X-Tt-Trace-Host
X-Fastcgi-Cache
X-Real-IP
X-UUID
Access-Control-Request-Headers
X-HTML-Minification-Powered-By
X-Yottaa-Metrics
X-Yottaa-Optimizations
Referer-Policy
X-Cache-Time
X-Page-View
X-Drupal-Cache-Contexts
X-Wix-Request-Id
X-Region
Countrycode
X-Distributor
X-Cache-Expired-At
X-FW-Hash
X-FW-Serve
X-FW-Dynamic
X-FW-Type
X-FW-Server
X-FW-Static
Eomportal-Instance
X-B
VIX-Pulpo-Upstream-Status
X-L-Path
X-Cluster-Name
Node
VIX-Pulpo-Node
X-Environment-Context
Liferay-Portal
X-Tumblr-Pixel-0
X-Tumblr-User
X-Cache-Control
X-Tumblr-Pixel-1
X-Tumblr-Pixel
X-Node-Name
X-G
X-IPS-LoggedIn
X-Content-Powered-By
X-Cache-Hit
X-User-Agent
X-Tumblr-Pixel-2
Webserver
X-Amz-Meta-S3cmd-Attrs
X-Pass-Why
Server-Info
Section-Io-Id
Section-Origin-Responded
From-Origin
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
X-Varnish-Ttl
X-App-Server
SRV
X-Ratelimit-Limit
Ec-Rule-Version
X-FireWall-Port
Protected
X-Revision
X-Protected-By
X-Backend-Name
X-Cache-Server
X-Oracle-Dms-Rid
Cache-Status
Frame-Options
CF-IPCountry
X-Hl-Ver
X-UPSTREAM-Address
X-RN-RSRV
X-Handled-By
X-ES-SERVER
X-Mode
Meta-Geo
X-Www-Served-By
X-FB-TRIP-ID
X-Hyper-Cache
X-NYM-Debug-Backend
X-Storage
X-Soup
X-Endurance-Cache-Level
X-Site-Version
X-Locale
X-Forwarded-Host
Retry-After
Fastly-SSL
Decoy-Debug-TTL
Decoy-Debug-Status
Decoy-Debug-Key
X-Varnishpool
X-Pubstack
Country
X-Human
X-Be
X-Web-Node
X-Cache-Grace
Webcakes-App-Name
X-Proto
X-Proxy-Build
X-PCL
X-Origin-Hint
X-Format
X-OCL
X-UA-Device-Type
X-TT-LOGID
X-SayCDN-TTL
X-Say-TTL
X-Section
X-Say-Cacheable
X-Timing-Wait
X-Redis-Cache
X-Access
Webcakes-Region
Cache-Name
Cache-Tv-Group
Azure-Version
Azure-SlotName
Azure-RegionName
Azure-SiteName
Property-Id
Selected-Fe
TWC-Locale-Group
TWC-Privacy
TWC-GeoIP-LatLong
TWC-GeoIP-Country
TWC-Connection-Speed
TWC-Device-Class
Azure-InstanceId
Webcakes-App-Version
X-Tec-Api-Version
X-Tec-Api-Root
X-Tec-Api-Origin
X-Adobe-Loc
X-Adobe-Content
X-PERF
X-PHP-Host
X-Origin-Date
X-Labrador-Cache-Channel
X-ApacheServer
X-AIR-PT
X-BYPASS-REASON
X-FW-Version
X-ProxyCache-Key
X-No-Session
X-LAGOON
X-Via-Fastly
X-Server-W
X-Sql-Count
X-WA-Info
X-Via-CDN
X-Sql-Duration-Ms
X-ProxyCache-Status
X-Uri
X-AWS-Id
X-LJ-Flow-ID
X-S-Maxage
X-R9-Blue-Green-Version
X-VWS-Id
X-Request-Time
X-FTR-DC
X-FTR-Balancer
X-FTR-Cache-Status
X-FTR-Backend-Server
X-MP-GENERATED-AT
X-FTR-Backend
X-Qloud-Router
X-Country-Code-Real
X-TNCMS
S-Cnection
X-FTR-Realm
X-Hosted-By
Mn-Server-Ip
X-Loop
X-Status
X-CCM
X-Proxied
X-Zipkin-Id
X-Routing-Service
X-Cluster
X-Storefront-Renderer-Rendered
X-ShardId
X-Xfnlog-Site
X-Sorting-Hat-ShopId
X-Ratelimit-Remaining
X-ShopId
X-Shopify-Stage
X-Cache-TTL-Remaining
X-Alternate-Cache-Key
X-Sorting-Hat-PodId
Cache-Hits
X-FTR-Expires
X-Rendered-As
Xserver
X-Is-Bot
X-Dynatrace
X-Dc
X-Unique-Id
X-Cache-Var
X-Cache-Var-Map
X-SRV
X-EdgeConnect-Cache-Status
X-Info
AMP-Access-Control-Allow-Source-Origin
X-Detected-As
X-Device-Type
X-Amz-Apigw-Id
X-Amzn-Remapped-Content-Length
X-Webkit-Csp
X-Air-Hostname
Apigw-Requestid
X-Amzn-RequestId
X-Cdn
X-Microcachable
X-Cache-Host
X-Cache-Enabled
X-Nginx-Cache
X-Debug-IsConnected
X-Debug-IsPreview
SD-X-WS
X-Varnish-Grace
X-Platform
X-Content-Age
X-GEO
Tracecode
Amp-Access-Control-Allow-Source-Origin
X-Varnish-Server
X-Azure-Ref
X-Backend-TTL
Uber-Trace-Id
X-APP-VERSION
X-GG-Cache-Date
X-Time-Microsecs
X-Cache-Backend
X-Backend-Host
X-ServerID
X-DynaTrace-JS-Agent
X-Erf-Stays-Bingo-Pdp-Web
DSUID
X-Tb
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-Oss-Request-Id
X-NewRelic-App-Data
X-Proxy-Cache-Status
Akamai-GRN
X-Oss-Storage-Class
X-BCube-Filmed-By
X-Oss-Server-Time
X-ATG-Version
PB-PID
PB-RID
Arc-Version
X-Trace-Id
X-Sucuri-ID
X-Correlation-ID
X-Magnolia-Registration
ServedBy
X-Akamai-Transformed
Machine
MD5-Digest
Instruction
X-Varnish-Hostname
Meta-Geo-Continent
BehaviorPad-Version
X-RCS-CacheZone
Fastcgi-X-Cache-Version
X-Cache-PHP
DCR-Decision-By
X-Varnish-Cache-Hits
DCR-Processing-Time-Ms
Expiry
Lfy
X-A-Dgt
X-PBS-Appsvrname
X-PAYTM-SRV-ID
X-Processor
X-Request-UUID
X-Rojux
X-Rewrite-Enabled
X-Origin-TTL
X-Origin-CC
X-GeoIP-City
X-Generation-Time
X-Level-Front-Cache
X-Location
X-Matched-Rule
X-S
X-S-Cookie
X-VG-WebServer
X-VG-WebCache
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
Xc-Version
X-Vdms-Version
X-Vdms-Path
X-Session-Fingerprint
X-ScT
X-SRCache-Key
X-Thinkindot-L3
X-Trv-Group
X-Generated-On
X-From
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
Thinkindot-Control
X-A
X-A-Dam
X-A-Ccd
T-Server
SR-User-Adfree
Path
Odigeo-Trace-Id
Pramga
Release
Rendered-Blocks
X-A-Dcw
X-A-Wwc
X-Destination
X-D
X-Device-Os
X-External-Request-Id
X-Fetched-On
X-Connection-Hash
X-CF-Lambda-Version
X-Application
X-Aed
X-B-Cookie
X-Cache-NE
X-CF-Lambda-Fn
Mobile-Detection-Method
X-ARC
Backend
X-Origin-Response-Time
X-CSRF-Token
X-Cache-NGX
X-Ms-Request-Id
X-Ms-Version
X-FC-Vary-Parameters
X-Azure-Ref-OriginShield
L5d-Success-Class
X-Eu-Site
X-HS-Content-Campaign-Id
X-Has-Esi
X-Generated-In
Cache-Host
X-GeoIP
X-Backend-State
X-Geo-Header
C-Via
CacheControlHeader
X-Cache-Bucket
Gh-Request-Id
X-Adobe-Source
X-Cache-Date
Fastly-Backend-Name
X-Cdn-Origin
X-CGP
Ha-Gx-Prefs
X-Csrf-Jwt
AKAMAI
X-Bip
Host-ID
X-NWS-UUID-VERIFY
HA-Ipaddr
Cf-Device-Type
X-Irp-Debug
X-Skip-Cache
Ssr
X-Reqid
UCS
X-Sn-Servicetimems
X-SVT-ORM-RULES
X-Tumblr-Pixel-3
X-Thanos
X-Swa-Ws
X-SVT-ORM-VERSION
X-User
X-OVcl-Cache
Pagetype
X-Micro-Cache
X-JWT-State
X-Is-Gdpr
X-Cache-Info
X-VServer
X-Mvc-Supplant-Cachable
X-OVcl
X-Node-Id
Sever-Int
Server-Ext
On-Server
Server-Hostname
L
Wxu-Next-Hostname
Wxu-Next-Region
Wxu-Next-Commit
Locid
Magicmarker
X-B3-Traceid
NGX
User-Cache-Control
X-Policy
X-Request-Host
X-Owner
X-Nginx-Cache-Key
X-Cache-Remote
X-Request-URI
X-Var-Ttl
X-Wikidot-Static-Cache
X-TrackingId
X-Wikidot-Backend
X-VarnishDD-TTL
X-Varnish-Hits
X-IP
X-HN
X-CUA
X-Developer
X-Core-Value
X-Cms-Context
X-Clientip
Content-Disposition
CloudFront-Viewer-Country
PFcat
X-Generated-By
X-Fastly-Cache
X-Envoy-Decorator-Operation
X-Developers
X-Cache-Tags
DB-Nickname
X-Debug-Cache
X-Rebelmouse-Surrogate-Control
X-Request-Start
X-Rebelmouse-Cache-Control
X-Cache-Expires
X-Platform-Server
X-Gen-Mode
X-Scheme
X-SIPLIST1
X-TX-ID
X-Servername
Apple-News-Services-Request-Url
Fastly-SWR
IsBot
Fastly-SIE
Apple-News-Services-Host
X-Fastly-Backend
X-Fmm-Version
X-Hnp-Log
Apple-News-Services-Parsed-Url
Apple-News-Services-Handled
Cf-Bgj
X-Clara-WADP
X-Origin-Expires
X-NU-AKA-ACS-Version
X-Method
X-Loc
X-TA-CDN-Provider
X-Block-Status
CDCHOST
X-GoCache-CacheStatus
Web-Mar-Node
V-Age
Origin
X-WADP-Cache
X-VG-TLSProxy
Server-Host
X-ID
X-NC
X-Cache-Debug
X-DefHash
X-Ratelimit-Reset
X-Cache-Id
X-Origin
X-Esi-Check
X-B3-Spanid
X-LI-UUID
NM-Fastcgi-Cache
Adler-Geo
X-Old-Content-Length
Location
X-DPWN-IS-SECURE
X-Dispatcher-Server
Is-Eu
X-Variation
X-Gzip
X-Varnish-CookieINHashed-On
X-Varnish-Beresp-Grace
X-Li-Pop
Platform
X-Varnish-CookieHashed-On
X-Varnish-Remaining-TTL
X-NAPM-TraceId
Rt-Fastcgi-Cache
X-Li-Fabric
True-Client-Country-4JS
X-DefElseHash
Vix-Hermes-Req-Id
X-Branch-Name
HostName
CDN-RequestId
CDN-EdgeStorageId
X-Gamma-Serve
X-Slack-Backend
CDN-PullZone
CDN-Uid
CDN-RequestCountryCode
X-Hash
CDN-CachedAt
X-EC-Lua
CACHE
X-Host-Name
X-Varnish-Url
X-Varnish-Beresp-Ttl
X-Varnish-Beresp-Status
CDN-Cache
X-App-Version
Fastly-Drupal-HTML
X-PF-Uncompressing
X-Goog-Meta-Goog-Reserved-File-Mtime
X-NCache
X-Cdn-Forward
X-Aicache-OS
Url
X-Response-By
S-Rt
X-CS
X-Core-Mission
X-Mvc-Supplant-OutputCached
X-Varnish-Cacheable
X-B3-SpanId
X-Refresh
Xkeyi7
Pics-Label
X-CACHE-GROUP
X-Proxy-Cachei7
X-LB-ID
Cross-Origin-Window-Policy
Sid
X-BBXSRF
N-Cache
X-CDN-Forward
Ohc-File-Size
X-Cache-2
Esi-Enabled
X-FireWall-Protection
Content-Secure-Policy
X-Sucuri-Cache
X-Via-Popv
X-Cc-Req-Id
X-Contensis-Viewer-Groups
X-Via-Popn
X-Cc-Via
X-Cache-ASPX
X-Via-Poph
D-Cc-Upstream
Cteonnt-Length
X-Epic-Correlation-Id
X-Varnish-Authentication
X-Svr
X-Wa
X-Servedbyhost
Source
X-Nc
X-Error
X-TraceId
X-Tb-Optimization-Total-Bytes-Saved
Who
X-Cs
X-RateLimit-Limit
X-Srv
X-Server-IP
MIME-Version
Req-Svc-Chain
X-Unique-ID
GeoIp-Country-Code
Geoip-Latitude
Country-Code
X-Webkit-CSP-Report-Only
X-NGINX-Cache
X-DC
X-API-Version
X-Cache-Config
X-LiteSpeed-Cache-Control
X-Origin-Time
X-HS-Status
X-FPC
X-Gdpr
X-Nyt-Route
HitType
XServer
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Planisys-CDN-Cache
X-VC
Server-Ttl
X-SN
Hostname
X-URL
X-TIME
X-Fastly-Request-Id
Ohc-Cache-HIT
Svr
Kp-EeAlive
Cmstype
X-Webstats-RespID
Cmsid
X-VCL-Version
X-LI-Proto
X-NodeID
X-SB
X-CACHE-KEY
Geo-Info
X-Esi
X-Served-From
Viewtype
Server-ID
X-Check-Cacheable
X-SD-PageType
VivaBuild
X-Ua
X-Viewer-Country
A
X-Render-Time
Cache-Key
SID
X-HOST
NtCoent-Length
X-CCDN-CacheTTL
X-Vcl-Version
X-CCDN-Origin-Time
X-BBC-Edge-Cache-Status
X-Hcs-Proxy-Type
EpKe-Alive
X-Vgn-Hpd-Reason
Request-ID
M-TraceId
X-UA
TDXMobile
Cross-Origin-Opener-Policy
Arc-Country
X-RPM
X-CF-Powered-By
X-Worker
Cache-Provider
X-RSL
X-RAMCache
X-DW
X-DSS
X-DB
X-DI
Resin-Trace
X-TIM-N
X-RPS
X-Li-Proto
X-Auto-Login
Server-Id
X-Ftr-Cache-Host
Filterid
Upgrade-Insecure-Requests
X-Air-Source
GeoIP-Latitude
X-Internal-Host
GeoIP-Country-Code
X-App
ProcessTime
X-CSRF-TOKEN
X-Dynatrace-Js-Agent
CDN
Processtime
X-Action
Srv
X-Vc
X-Cluster-Node
X-Newrelic-Synthetics
X-FTR-Cache-Host
X-ServedByHost
X-Oss-Cdn-Auth
X-Fpc
Mime-Version
X-WA
Datacenter
Proxy-Connection
Tcn
X-CLOUD-TRACE-CONTEXT
CF-Cached-On
X-BBC-Origin-Response-Status
X-FORWARDED-FOR
NGB
X-Service
X-Geo
X-HostName
X-HITS
OT-Force-Account-Verify
X-Dw-Trace-Id
X-SaId
Cdn
X-MSEdge-Flight
FSS-Cache
WZWS-RAY
X-BACKEND-TTL
X-Forwarded-Site
X-Via-PopH
X-PHP-Backend
X-Cache-Tag
X-MSEdge-Features
X-Akamai-Pragma-Client-IP
X-Via-PopN
X-Fastly-Backend-Reqs
X-JoinUs
X-Via-PopV
X-Via-NSCOPI
X-ND-Cache
X-Extlb
DataCenter
X-CACHE-AGE
X-Client-Ip
X-Cdn-Request-ID
X-Lb-Id
X-Edge-Location
X-ABtesting
Dnion-Transfer-Encoding
X-Flog
X-Parent-Response-Time
X-IN-APIGATEWAYSSL
X-IN-APIGATEWAY
PICS-Label
X-Hello
W
X-Provided-By
X-NGENIX-Cache
X-Pf-Uncompressing
X-LiteSpeed-Tag
X-Swift-Error
Vha6-Origin
We-Hiring
X-PJAX-URL
X-Pad
X-Oracle-DMS-ECID
X-Depends-On
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-VC-Cache
X-UnsetCookies
X-Region-Sid
X-Bc-Bl
X-Presslabs-Stats
Mail-Subject
Epwk-X-Cache
Media-Length
Surrogated-Key
Memcached
X-Accel-Expires-Debug
X-Rocket-Build-Number
X-Sigma
X-Sigma-Backend
Xet-Cookie
X-Req
X-Proxy-Upstream
X-Date
Time
LB
Memory
X-MiniProfiler-Ids
URI
X-ZONE
Cf-Ipcountry
X-Zone
X-Request-Url
X-Acquia-Application-Trace
X-Acquia-Purge-Tags
X-Acquia-Application-UUID
X-B3-Parentspanid
Env
X-ElasticPress-Search
X-Akamai-Request-ID
X-Akamai-ERPolicy
X-Akamai-ERRuleID
X-Vcache
X-Csrf-Token
X-Acquia-Site
X-Varnish-Beresp-TTL
X-Ms-Meta-Originalurl
X-Varnish-URL
X-Ms-Meta-Staticbatchstarttime
X-Amz-Meta-Cb-Modifiedtime
X-ElasticPress-Query
X-APP
X-Request-URL
X-Men
CountryCode
X-Air-Trace-Id
Content-Script-Type
Content-Style-Type
Edge-Copy-Time
Inserted-Into-Cache-At
X-Tid
X-Via-SSL
X-Redis-Count
Phost
Environment
X-Redis-Duration-Ms
X-Snapshot-Date
NnCoection
X-Traceid
X-Storefront-Renderer-Verified
Ohc-Response-Time
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-Acc-Debug-Context
X-Via-Edge
X-Litespeed-Cache-Control
X-ServerName
X-C
X-Acc-Rdl