Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
CF-RAY
Cf-Request-Id
CF-Cache-Status
X-XSS-Protection
Accept-Ranges
Link
Pragma
ETag
Expect-CT
X-Powered-By
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
Alt-Svc
X-UA-Compatible
X-Served-By
X-Timer
X-Download-Options
Access-Control-Allow-Headers
X-Varnish
X-Request-Id
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Permitted-Cross-Domain-Policies
X-Check
X-Xss-Protection
X-Cache-Status
X-Generator
X-Cacheable
X-DNS-Prefetch-Control
X-Request-ID
Timing-Allow-Origin
X-Ua-Compatible
X-Content-Security-Policy
X-Iinfo
Content-Encoding
X-CDN
Feature-Policy
X-AspNetMvc-Version
Status
X-Envoy-Upstream-Service-Time
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
Upgrade
X-Via
Access-Control-Max-Age
Keep-Alive
X-Ws-Request-Id
X-Age
X-Robots-Tag
X-AH-Environment
X-Turbo-Charged-By
Request-Context
EagleId
X-Proxy-Cache
X-Cache-Group
Server-Timing
X-Backend
X-Server
X-Hacker
X-Dns-Prefetch-Control
Host-Header
Report-To
X-Server-Powered-By
X-Amz-Request-Id
X-Nginx-Cache-Status
X-Amz-Id-2
Grace
X-UA-Device
X-Rq
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-LiteSpeed-Cache
X-Page-Speed
Cf-Railgun
X-Pingback
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-OneAgent-JS-Injection
X-Amz-Version-Id
X-Cache-Spec
X-Device
NEL
X-CST
Allow
X-Vhost
X-WebKit-CSP
X-Host
X-Backend-Server
Xkey
X-Server-Id
EagleEye-TraceId
X-Dispatcher
Surrogate-Control
X-Node
Request-Id
Content-Location
X-Response-Time
X-Akam-SW-Version
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
P3p
X-ASPNET-VERSION
X-Ruxit-JS-Agent
X-Cache-Lookup
X-Application-Context
X-Ac
X-Country
Accept-Ch
Accept-Ch-Lifetime
X-Mod-Pagespeed
Accept-CH
X-Template
X-Language
X-Readtime
X-Cloud-Trace-Context
X-B3-TraceId
MS-Author-Via
Rating
Accept-CH-Lifetime
X-HW
X-Url
X-Cnection
X-Origin-Cache
X-MS-InvokeApp
X-Vname
X-PC
X-TtlSet
Edge-Control
X-Clacks-Overhead
X-GitHub-Request-Id
X-ESI
X-Trace
X-ORACLE-DMS-RID
X-Middleton-Response
X-Middleton-Display
X-Sol
Response
Display
Pagespeed
X-Varnish-TTL
X-Content-Type
X-ORACLE-DMS-ECID
X-D2id
Verso
Arr-Disable-Session-Affinity
X-Vcap-Request-Id
X-Kinja-Server
X-Kinja-Revision
X-Use-Magma
X-Exp-Id
X-Cdn-Fetch
X-Exp-Variant
X-GoogleNews-Bot
X-Kinja
X-Kinja-Build
X-Country-Code
X-Rack-Cache
X-Goog-Hash
X-Powered-By-Plesk
X-Navigation-Version
X-Oneagent-Js-Injection
X-VARITI-CCR
Service-Worker-Allowed
X-Server-Name
X-Amz-Rid
X-Fastly-Request-ID
X-Buckets
X-Abt-Application-Version
X-TTL
Fastly-Restarts
X-Client-IP
X-Cache-TTL
X-Cached
X-MSEdge-Ref
X-Release
X-Element-Page-Cache
X-Dw-Request-Base-Id
X-SharePointHealthScore
SPRequestGuid
X-NF-Request-ID
Pinterest-Generated-By
Pinterest-Version
X-Pinterest-Rid
SPIisLatency
SPRequestDuration
Mrf-Cache-Status
MRF-Tech
X-B3-TraceId-Primal
X-FastCGI-Cache
Public-Key-Pins
X-Webkit-CSP
Access-Control-Request-Method
RTSS
AR-ATIME
AR-PoweredBy
AR-CACHE
X-Edge
Ar-Sid
AR-Request-ID
Cache-Tag
X-LLID
X-Powered-CMS
X-Ezoic-Cdn
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Upstream
Content-MD5
X-HP-Webp
X-Jurisdiction
X-Version
X-Origin-Upstream-Status
S
X-Recruiting
X-Mid
X-ECACHE
X-MCACHE
Charset
Fusion-Template-Id
Fusion-Component-Id
Fusion-Source
Fusion-Content-Source
Fusion-Content-Id
Fusion-Deployment-Id
X-Mg-S
X-Fastcgi-Cache
X-Px
X-Ruxit-Js-Agent
X-DynaTrace
X-PressLabs-Stats
X-Content-Digest
X-Kinsta-Cache
X-Ttl
X-T
Fastcgi-Cache
Cache-Tags
X-Litespeed-Cache
X-Id
X-Amz-Server-Side-Encryption
X-Logged-In
X-Accel-Expires
Filters
X-Forwarded-Proto
Server-Node
X-Content-Security-Policy-Report-Only
Edge-Cache-Tag
Front-End-Https
MicrosoftSharePointTeamServices
TP-L2-Cache
TP-Cache
Server-Name
X-Correlation-Id
X-Grace
X-Forwarded-For
TCN
Nginx-Cache
X-Hits
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Request-Received
X-Request-Processing-Time
X-Debug
X-Amzn-Trace-Id
X-XRDS-LOCATION
X-B3-Sampled
X-Shield-Request-Id
X-Microsite
X-Request-Handler-Origin-Region
X-Varnish-Age
X-Yandex-Sdch-Disable
X-AppVersion
X-Az
X-Activity-Id
Surrogate-Key
X-F-Cache
X-HS-Cache-Config
X-HS-Content-Id
X-HS-Hub-Id
X-Amz-Replication-Status
X-HS-Combine-CSS
X-Ser
Alternate-Protocol
X-Origin-Server
X-Goog-Stored-Content-Encoding
X-GUploader-UploadID
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Goog-Generation
X-Goog-Metageneration
X-DIS-Request-ID
Accept-Charset
Nel
X-Geo-Country
X-Frontend
X-XRDS-Location
X-Rid
X-NWS-LOG-UUID
X-Git-Hash
Section-Io-Cache
Host
X-Respond-Thread
X-Time
X-Cache-Age
X-Pinterest-Direct
X-Upgrade-Enabled
X-Hostname
Access-Control-Allow-Method
X-LB-Cache
X-DataDome
X-Mobile-URL
X-VCache
X-Server-ID
X-Seen-By
MS-CV
ServerID
Paypal-Debug-Id
X-Type
X-IPLB-Instance
Cache
X-RateLimit-Remaining
X-TT
X-Varnish-Backend
X-Cache-Key
Payment
X-Daa-Tunnel
Healthy
X-AOL-HN
X-Content-Options
X-Source
X-Whom
X-Aspnet-Duration-Ms
X-App-Environment
X-Flags
X-Providence-Cookie
X-Request-Guid
X-Route-Name
X-Is-Crawler
X-Signature
Cleartype
X-Cache-Action
X-B-Cache
X-FTR-Request-ID
X-Page-Id
X-Debug-Info
Fastcgi-Useragent
X-Jobs
X-WebKit-CSP-Report-Only
X-Load-Cache
X-N
X-FB-Debug
X-Contextid
Realpath
X-Webkit-Csp
Powered-By-ChinaCache
X-Mobile
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Browser-Type
Node
Refresh
X-Rule
X-Cache-Expired-At
X-Accel-Buffering
X-Response-Served-From
X-Original-Request-Id
X-RTag
Version
X-Drupal-Cache-Tags
X-Wix-Request-Id
Ms-Operation-Id
X-Proxy
DC
X-Zen-Fury
X-Framework
Referer-Policy
X-Via-JSL
X-Cacheable-TTL
X-ProcessESI
X-Instance
X-Real-IP
X-B
X-Cache-Control
X-HTML-Minification-Powered-By
X-RemovedCookies
X-Content-Powered-By
X-Cluster-Name
Access-Control-Request-Headers
X-Tt-Trace-Host
X-Tt-Trace-Tag
Eomportal-Instance
VIX-Pulpo-Node
Viewport
X-Page-View
X-Region
X-Cache-Time
X-UUID
VIX-Pulpo-Upstream-Status
X-Distributor
X-FW-Static
X-FW-Serve
X-FW-Hash
X-IPS-LoggedIn
X-FW-Dynamic
X-FW-Server
X-Drupal-Cache-Contexts
X-FW-Type
X-TEC-API-VERSION
X-Cached-By
X-TEC-API-ROOT
X-TEC-API-ORIGIN
Countrycode
X-FireWall-Port
X-Akamai-Edgescape
X-Cache-Operation
Liferay-Portal
X-Cache-Rule
X-Cache-Hit
X-Yottaa-Optimizations
X-G
X-Yottaa-Metrics
X-Tumblr-Pixel-0
X-Pass-Why
X-Tumblr-User
X-Tumblr-Pixel-1
X-Tumblr-Pixel
X-Environment-Context
X-L-Path
X-App-Server
Xserver
DynaTrace
X-Nginx-Cache
SRV
Server-Info
Section-Io-Id
Section-Origin-Responded
Section-Io-Origin-Status
CF-IPCountry
Section-Io-Origin-Time-Seconds
X-Tec-Api-Version
X-Debug-IsPreview
X-Debug-IsConnected
X-Tec-Api-Root
X-Tec-Api-Origin
X-Www-Served-By
X-Protected-By
X-User-Agent
X-Tumblr-Pixel-2
From-Origin
Webserver
X-Device-Type
Ec-Rule-Version
X-Mode
X-Varnish-Grace
X-RN-RSRV
X-Endurance-Cache-Level
X-Adobe-Content
X-Hl-Ver
X-Handled-By
X-UPSTREAM-Address
Meta-Geo
X-Adobe-Loc
X-ES-SERVER
Cache-Tv-Group
X-MP-GENERATED-AT
X-Uri
Retry-After
GEO-INFO
X-Backend-Name
X-Format
Property-Id
X-Ratelimit-Limit
X-FB-TRIP-ID
TWC-Device-Class
X-Varnishpool
TWC-Connection-Speed
Decoy-Debug-Key
Decoy-Debug-TTL
Fastly-SSL
X-Cache-Server
Decoy-Debug-Status
X-Section
X-Pubstack
TWC-GeoIP-Country
X-Storage
Webcakes-App-Name
X-PHP-Host
X-PCL
X-OCL
X-Origin-Hint
Webcakes-Region
Webcakes-App-Version
X-Access
TWC-Locale-Group
X-Labrador-Cache-Channel
TWC-GeoIP-LatLong
TWC-Privacy
X-No-Session
X-Proto
X-LAGOON
Mn-Server-Ip
X-Locale
X-PERF
X-LJ-Flow-ID
Selected-Fe
X-ApacheServer
X-Proxy-Build
X-NYM-Debug-Backend
Frame-Options
Cache-Status
X-AWS-Id
X-Be
Country
X-Via-Fastly
X-VWS-Id
X-UA-Device-Type
X-Timing-Wait
X-Sql-Duration-Ms
Protected
X-R9-Blue-Green-Version
Apigw-Requestid
X-Request-Time
X-Soup
X-ProxyCache-Status
X-ProxyCache-Key
X-BYPASS-REASON
X-Human
X-Sql-Count
X-WA-Info
X-Redis-Cache
X-Site-Version
X-Server-W
Azure-RegionName
Azure-SlotName
Azure-InstanceId
X-Xfnlog-Site
X-Web-Node
Azure-Version
X-Zipkin-Id
X-Routing-Service
X-Cache-TTL-Remaining
X-FW-Version
X-Hosted-By
X-Hyper-Cache
AMP-Access-Control-Allow-Source-Origin
X-S-Maxage
X-Proxied
Azure-SiteName
X-Origin-Date
Cache-Name
X-Varnish-Server
X-Status
X-Sorting-Hat-PodId
X-AIR-PT
X-Alternate-Cache-Key
X-Say-TTL
X-Say-Cacheable
X-SayCDN-TTL
X-Storefront-Renderer-Rendered
X-ShardId
X-Shopify-Stage
X-TNCMS
X-Sorting-Hat-ShopId
X-ShopId
X-Loop
X-Node-Name
X-TT-LOGID
X-Cluster
X-CCM
X-Info
X-Is-Bot
X-Rendered-As
X-GG-Cache-Date
X-Dc
X-Forwarded-Host
X-Cache-Grace
X-Cache-Enabled
X-Revision
X-TA-CDN-Provider
X-Qloud-Router
S-Cnection
X-Content-Age
X-Microcachable
Uber-Trace-Id
X-Proxy-Cache-Status
X-SRV
X-NWS-UUID-VERIFY
X-Via-CDN
X-Platform
X-Azure-Ref
Cache-Hits
X-Backend-Host
X-CSRF-Token
X-Varnish-Ttl
X-App-Version
X-Aspnetmvc-Version
X-Ratelimit-Remaining
X-Cache-Host
X-Detected-As
Akamai-GRN
X-FTR-Cache-Status
X-FTR-DC
X-Amz-Meta-S3cmd-Attrs
X-FTR-Balancer
X-FTR-Backend
X-Country-Code-Real
X-FTR-Backend-Server
X-FTR-Realm
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Amzn-Remapped-Content-Length
X-EdgeConnect-Cache-Status
ServedBy
X-ATG-Version
X-Cache-NGX
X-B3-SpanId
X-Cache-PHP
X-Trace-Id
Amp-Access-Control-Allow-Source-Origin
X-RCS-CacheZone
X-CS
X-Debug-Cache
SD-X-WS
X-FTR-Expires
X-Varnish-Hostname
HostName
X-Oss-Hash-Crc64ecma
X-Oss-Storage-Class
X-Oss-Server-Time
X-Oss-Request-Id
X-Oss-Object-Type
X-Time-Microsecs
X-CACHE-KEY
Tracecode
X-Akamai-Transformed
DB-Nickname
X-BCube-Filmed-By
X-TX-ID
X-Correlation-ID
X-Nc
X-DynaTrace-JS-Agent
X-Unique-ID
X-Air-Hostname
X-Backend-TTL
X-ServerID
X-NewRelic-App-Data
X-Ms-Version
Backend
X-Ms-Request-Id
X-Location
X-Destination
X-A-Dcw
X-A-Ccd
X-Origin-CC
X-From
X-A
Xc-Version
X-Vtex-Remote-Cache
X-A-Dam
X-NAPM-TraceId
X-Aed
X-B-Cookie
Expiry
Fastcgi-X-Cache-Version
BehaviorPad-Version
DCR-Processing-Time-Ms
DCR-Decision-By
Rendered-Blocks
T-Server
X-Generation-Time
X-Origin-TTL
X-A-Wwc
X-A-Dgt
X-Level-Front-Cache
X-Application
X-Generated-On
X-ARC
X-D
X-Vtex-Processado-Em
MD5-Digest
X-SRCache-Key
Meta-Geo-Continent
X-Session-Fingerprint
X-ScT
X-S
X-S-Cookie
X-Cache-NE
Mobile-Detection-Method
X-Adobe-Source
X-Trv-Group
Odigeo-Trace-Id
X-Connection-Hash
X-Vdms-Path
X-CF-Lambda-Version
X-Vdms-Version
X-External-Request-Id
X-Rojux
X-CF-Lambda-Fn
X-PAYTM-SRV-ID
X-Owner
X-PBS-Appsvrname
X-VG-WebCache
X-Processor
Machine
X-VG-WebServer
X-Request-UUID
X-Rewrite-Enabled
X-Tb
X-Cache-Var-Map
X-Cdn-Forward
X-Cache-Var
X-Cms-Context
X-Cache-Bucket
X-Fetched-On
X-FC-Vary-Parameters
X-Geo-Header
X-Fastly-Cache
AKAMAI
CacheControlHeader
X-GeoIP-City
X-Developers
X-Generated-In
X-Bip
Content-Disposition
X-Device-Os
X-Varnish-Beresp-Grace
X-OVcl-Cache
X-TrackingId
X-Tumblr-Pixel-3
V-Age
X-Sucuri-ID
X-Thinkindot-L3
Magicmarker
X-Thanos
UCS
On-Server
Thinkindot-CacheControl
Release
Thinkindot-CacheControl-Type
Thinkindot-Control
Pagetype
Path
Wxu-Next-Commit
X-Reqid
Gh-Request-Id
X-Micro-Cache
X-Mvc-Supplant-Cachable
Server-Host
X-Irp-Debug
X-HS-Content-Campaign-Id
Fastly-Backend-Name
Host-ID
X-Magnolia-Registration
X-Policy
Wxu-Next-Hostname
X-Core-Value
X-OVcl
X-B3-Traceid
Wxu-Next-Region
X-Varnish-Cache-Hits
Who
User-Cache-Control
X-Scheme
X-Request-URI
X-Skip-Cache
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
Web-Mar-Node
Vix-Hermes-Req-Id
X-Request-Host
X-Old-Content-Length
X-Node-Id
X-Origin
X-Origin-Response-Time
X-Ratelimit-Reset
X-User
X-Var-Ttl
SR-User-Adfree
Ssr
Sever-Int
X-Cache-Info
Server-Hostname
X-Swa-Ws
Cache-Host
X-Wikidot-Static-Cache
X-VG-TLSProxy
X-VarnishDD-TTL
X-VServer
X-WADP-Cache
X-Wikidot-Backend
True-Client-Country-4JS
X-Nginx-Cache-Key
X-Method
X-Cache-Id
X-Fmm-Version
X-Cache-Debug
X-Gen-Mode
X-Generated-By
X-Branch-Name
X-Fastly-Backend
X-Eu-Site
X-Dispatcher-Server
X-Developer
X-Envoy-Decorator-Operation
X-Clara-WADP
X-CGP
X-Block-Status
X-GeoIP
X-Is-Gdpr
X-Azure-Ref-OriginShield
X-JWT-State
X-Li-Fabric
X-LI-UUID
X-Li-Pop
X-IP
X-Hnp-Log
X-Gzip
X-GoCache-CacheStatus
X-Backend-State
X-Has-Esi
X-HN
X-Csrf-Jwt
X-Esi-Check
CDN-RequestCountryCode
CDN-PullZone
CDN-EdgeStorageId
CDN-CachedAt
CDN-RequestId
CDN-Uid
Esi-Enabled
DSUID
Cf-Device-Type
Cf-Bgj
CDN-Cache
CDCHOST
Apple-News-Services-Handled
Country-Code
Server-Ext
X-RateLimit-Limit
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
C-Via
Arc-Version
Apple-News-Services-Request-Url
Ha-Gx-Prefs
X-Varnish-Beresp-Ttl
PB-PID
NGX
Instruction
PB-RID
L5d-Success-Class
Locid
Location
HA-Ipaddr
PFcat
NM-Fastcgi-Cache
X-Unique-Id
Geo-Info
X-Varnish-Beresp-Status
X-ID
X-EC-Lua
X-Variation
X-Clientip
L
X-CUA
X-GEO
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
X-LB-ID
X-Gamma-Serve
X-Hash
X-Varnish-Hits
X-Varnish-CookieHashed-On
X-DefHash
Platform
Adler-Geo
X-DPWN-IS-SECURE
X-DefElseHash
Origin
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Slack-Backend
X-NU-AKA-ACS-Version
Fastly-SIE
Fastly-SWR
Rt-Fastcgi-Cache
X-Aicache-OS
X-SIPLIST1
Is-Eu
X-Platform-Server
X-Cache-Tags
IsBot
X-Origin-Expires
X-CLOUD-TRACE-CONTEXT
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Varnish-Url
X-Cache-Backend
Lfy
X-Matched-Rule
X-Mvc-Supplant-OutputCached
Fastly-Drupal-HTML
X-APP-VERSION
Filterid
X-Via-Poph
X-Loc
X-Via-Popn
CloudFront-Viewer-Country
X-Epic-Correlation-Id
X-PF-Uncompressing
Pics-Label
X-Via-Popv
Sid
X-NCache
X-Sn-Servicetimems
X-Refresh
X-Planisys-CDN-TTL
X-Cdn-Origin
X-Cache-Expires
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
Pramga
X-Cache-Date
Url
X-Core-Mission
Cmsid
Cmstype
Req-Svc-Chain
X-Servername
X-TraceId
X-Tb-Optimization-Total-Bytes-Saved
X-Served-From
Tcn
X-Request-Start
Svr
NGB
Kp-EeAlive
Viewtype
A
X-Error
MIME-Version
X-Srv
X-FireWall-Protection
VivaBuild
M-TraceId
Cache-Key
X-Varnish-Cacheable
Source
X-Webkit-CSP-Report-Only
GeoIp-Country-Code
X-DC
Arc-Country
Geoip-Latitude
X-Vgn-Hpd-Reason
Server-ID
X-Response-By
Cross-Origin-Opener-Policy
X-NC
X-Proxy-Cachei7
X-HS-Status
X-Geo
X-Vcl-Version
TDXMobile
Xkeyi7
X-PHP-Backend
X-NGENIX-Cache
HitType
N-Cache
SID
X-Air-Source
X-SaId
Server-Ttl
X-BBXSRF
X-Vc
Content-Secure-Policy
X-Wa
X-JoinUs
X-Servedbyhost
DataCenter
X-B3-Spanid
S-Rt
X-Cache-Remote
X-Erf-Stays-Bingo-Pdp-Web
NtCoent-Length
X-Edge-Location
X-Li-Proto
X-LiteSpeed-Cache-Control
X-Service
Resin-Trace
X-Esi
X-Cache-2
CACHE
X-CDN-Forward
X-Internal-Host
X-Cache-ASPX
D-Cc-Upstream
X-Varnish-Authentication
X-LI-Proto
X-Cc-Req-Id
X-Cc-Via
X-Contensis-Viewer-Groups
Cteonnt-Length
X-HOST
X-Extlb
X-WA
Request-ID
Cross-Origin-Window-Policy
X-Viewer-Country
X-RAMCache
X-Svr
Ohc-File-Size
FSS-Cache
X-Forwarded-Site
X-CCDN-Origin-Time
X-Sucuri-Cache
X-Hcs-Proxy-Type
X-CCDN-CacheTTL
X-Host-Name
X-HostName
X-UA
X-ServedByHost
X-DB
X-Server-IP
X-RSL
X-Via-NSCOPI
X-Bc-Bl
X-VCL-Version
X-RPS
X-RPM
X-DW
X-Newrelic-Synthetics
X-TIM-N
X-DI
X-DSS
Hostname
X-PJAX-URL
GeoIP-Latitude
X-Proxy-Upstream
GeoIP-Country-Code
X-Req
X-API-Version
X-Cache-Config
X-Accel-Expires-Debug
LB
Mail-Subject
X-Date
X-Origin-Time
X-Cs
CF-Cached-On
X-Nyt-Route
X-FPC
X-Gdpr
We-Hiring
Surrogated-Key
Memcached
XServer
X-RateLimit-Limit-Second
X-Action
X-APP
X-VC-Cache
ProcessTime
X-App
X-RateLimit-Remaining-Second
Env
X-VC
X-Kraken-Routeconfig-Destination
X-Kraken-Loop-Name
Cache-Provider
X-Server-Lifecycle-Phase
X-SN
X-Instrumentation
X-ZONE
X-Check-Cacheable
X-NodeID
Ohc-Cache-HIT
X-Sigma
X-SB
X-Region-Sid
Server-Id
X-Men
X-Sigma-Backend
X-Webstats-RespID
Upgrade-Insecure-Requests
X-Edge-Location-Klb
X-CF-Powered-By
X-Rocket-Build-Number
X-Oss-Cdn-Auth
X-Fpc
X-Swift-Error
X-Dynatrace-Js-Agent
X-Provided-By
X-URL
X-FORWARDED-FOR
X-Depends-On
Mime-Version
X-Air-Trace-Id
VNS-Cache
X-MSEdge-Flight
W
Memory
Time
VNS-Age
X-SD-PageType
CPC-Age
CPC-Cache
X-MSEdge-Features
X-Cdn-Request-ID
Srv
X-Ftr-Cache-Host
X-BACKEND-TTL
X-Render-Time
X-BBC-Edge-Cache-Status
X-UnsetCookies
X-CSRF-TOKEN
X-Dw-Trace-Id
X-TIME
CDN
Cdn
X-ServerName
X-Akamai-Pragma-Client-IP
X-Zone
X-Client-Ip
X-Parent-Response-Time
X-NGINX-Cache
Dnion-Transfer-Encoding
EpKe-Alive
X-ABtesting
X-Hello
X-Fastly-Backend-Reqs
X-Flog
X-Fastly-Request-Id
X-Dynatrace
X-Pad
X-FTR-Cache-Host
Media-Length
X-Presslabs-Stats
My-App
Fastcgi-Cache-TTL
X-Worker
X-Auto-Login
X-Acquia-Application-Trace
State
X-Cache-Tag
X-Acquia-Site
X-Acquia-Purge-Tags
X-Acquia-Application-UUID
Vha6-Origin
Proxy-Connection
X-Pf-Uncompressing
Processtime
X-Oracle-DMS-ECID
PICS-Label
X-Via-PopH
X-LiteSpeed-Tag
X-ElasticPress-Search
X-Minions-Version
X-BBC-Origin-Response-Status
X-Via-PopN
X-Via-PopV
X-Ua
X-Cluster-Node
X-Snapshot-Date
Epwk-X-Cache
Cf-Ipcountry
X-CACHE-AGE
Datacenter
X-Varnish-URL
X-Lb-Id
Xet-Cookie
X-Ms-Meta-Originalurl
X-Varnish-Beresp-TTL
X-Request-URL
X-Akamai-ERRuleID
X-Vcache
X-Ms-Meta-Staticbatchstarttime
X-ElasticPress-Query
X-Akamai-ERPolicy
X-MiniProfiler-Ids
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
CountryCode
X-Storefront-Renderer-Verified
Content-Style-Type
Content-Script-Type
X-Apw-Hits
X-Mg-Request-Id
Warning
X-Mg-Request-UUID
X-Cache-Status-Check
X-Litespeed-Cache-Control
X-Apw-Access-Object
X-Apw-Access-Token
X-Apw-Access-Action
X-Amz-Meta-Cb-Modifiedtime
Inserted-Into-Cache-At
X-B3-Parentspanid
X-C
Phost
X-Debug-Cache-Fetch
Ohc-Response-Time
NnCoection
OT-Force-Account-Verify
X-Redis-Duration-Ms
X-Redis-Count
URI
X-Debug-Cache-Store
X-Traceid
X-Tid
Environment