Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
CF-RAY
Cf-Request-Id
CF-Cache-Status
Last-Modified
X-XSS-Protection
Accept-Ranges
Link
Pragma
ETag
Expect-CT
X-Powered-By
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
Alt-Svc
X-Served-By
X-Timer
X-Download-Options
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-Runtime
X-AspNet-Version
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Permitted-Cross-Domain-Policies
X-Check
X-Xss-Protection
X-Cache-Status
X-Generator
X-Request-ID
X-DNS-Prefetch-Control
X-Cacheable
Timing-Allow-Origin
X-Iinfo
X-Content-Security-Policy
Content-Encoding
X-CDN
X-Envoy-Upstream-Service-Time
Status
Feature-Policy
X-Ua-Compatible
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
X-AspNetMvc-Version
Access-Control-Max-Age
X-Via
Upgrade
Keep-Alive
X-Ws-Request-Id
X-Age
X-Turbo-Charged-By
X-AH-Environment
X-Robots-Tag
Request-Context
X-Proxy-Cache
EagleId
X-Cache-Group
Server-Timing
X-Backend
X-Hacker
X-Amz-Request-Id
Report-To
X-Server
Host-Header
X-Amz-Id-2
X-Server-Powered-By
Grace
X-Nginx-Cache-Status
X-UA-Device
X-LiteSpeed-Cache
X-Dns-Prefetch-Control
X-Varnish-Cache
X-Rq
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-Page-Speed
Cf-Railgun
X-Pingback
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
NEL
X-Amz-Version-Id
X-OneAgent-JS-Injection
Xkey
X-WebKit-CSP
X-Cache-Spec
Allow
X-Backend-Server
X-Host
X-Vhost
X-CST
X-Device
EagleEye-TraceId
X-Server-Id
X-ASPNET-VERSION
Surrogate-Control
Request-Id
X-Dispatcher
Accept-CH
X-Node
Content-Location
X-Response-Time
Accept-CH-Lifetime
X-Akam-SW-Version
X-Ruxit-JS-Agent
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Ac
X-Template
X-Application-Context
X-Language
X-Kinja-Server-Push
X-Country
X-Cache-Lookup
X-Readtime
X-Mod-Pagespeed
X-Cloud-Trace-Context
MS-Author-Via
X-B3-TraceId
X-Origin-Cache
Rating
X-Cnection
X-MS-InvokeApp
X-HW
X-Url
X-TtlSet
X-PC
X-Vname
X-ORACLE-DMS-ECID
Accept-Ch
X-Clacks-Overhead
X-ESI
X-FastCGI-Cache
Edge-Control
X-GitHub-Request-Id
X-Trace
Accept-Ch-Lifetime
Display
Pagespeed
Response
X-Sol
X-Middleton-Response
X-Middleton-Display
X-Content-Type
X-D2id
X-Exp-Variant
X-GoogleNews-Bot
X-Exp-Id
Verso
Arr-Disable-Session-Affinity
X-Kinja
X-Cdn-Fetch
X-Kinja-Build
X-Vcap-Request-Id
X-Kinja-Server
X-Kinja-Revision
X-Use-Magma
X-Buckets
X-Goog-Hash
X-Rack-Cache
X-Server-Name
X-Country-Code
Service-Worker-Allowed
X-Navigation-Version
X-Varnish-TTL
X-Abt-Application-Version
X-VARITI-CCR
X-Amz-Rid
X-Oneagent-Js-Injection
X-ORACLE-DMS-RID
X-Powered-By-Plesk
Pinterest-Generated-By
X-Pinterest-Rid
Pinterest-Version
X-Cache-TTL
X-Client-IP
X-SharePointHealthScore
SPRequestGuid
X-Fastly-Request-ID
X-Release
SPIisLatency
X-MSEdge-Ref
SPRequestDuration
X-Dw-Request-Base-Id
Fastly-Restarts
X-Element-Page-Cache
X-NF-Request-ID
X-TTL
X-Cached
Public-Key-Pins
Mrf-Cache-Status
X-B3-TraceId-Primal
MRF-Tech
RTSS
X-Origin-Upstream-Status
Ar-Sid
AR-Request-ID
AR-CACHE
AR-ATIME
AR-PoweredBy
X-Edge
X-SRCache-Fetch-Status
X-SRCache-Store-Status
Access-Control-Request-Method
X-Webkit-CSP
X-Px
X-LLID
X-Powered-CMS
Fusion-Content-Id
Fusion-Content-Source
Fusion-Source
Fusion-Template-Id
Fusion-Component-Id
Fusion-Deployment-Id
X-Ezoic-Cdn
X-Ttl
Content-MD5
X-Upstream
X-HP-Webp
X-Jurisdiction
X-Amz-Server-Side-Encryption
X-Mid
X-ECACHE
X-MCACHE
Charset
Cache-Tag
X-Recruiting
S
X-Content-Digest
X-Mg-S
X-Pinterest-Direct
X-PressLabs-Stats
X-Version
X-Aspnetmvc-Version
TCN
MicrosoftSharePointTeamServices
Fastcgi-Cache
Front-End-Https
X-Debug
X-T
X-Content-Security-Policy-Report-Only
X-Id
X-Grace
X-Kinsta-Cache
Filters
Cache-Tags
Server-Node
Edge-Cache-Tag
X-Forwarded-Proto
X-Accel-Expires
X-Logged-In
X-Amzn-Trace-Id
X-Forwarded-For
X-Yandex-Sdch-Disable
Server-Name
X-XRDS-Location
Nginx-Cache
Surrogate-Key
X-Kong-Proxy-Latency
X-Varnish-Age
X-Kong-Upstream-Latency
X-Cache-Key
X-Correlation-Id
TP-Cache
TP-L2-Cache
X-B3-Sampled
X-Request-Processing-Time
X-Request-Received
X-Microsite
X-DynaTrace
X-Hits
X-Request-Handler-Origin-Region
X-Ser
X-DIS-Request-ID
Powered-By-ChinaCache
X-Shield-Request-Id
X-AppVersion
X-Activity-Id
X-Az
X-Amz-Replication-Status
X-Server-ID
X-HS-Cache-Config
X-HS-Combine-CSS
X-HS-Hub-Id
X-F-Cache
X-HS-Content-Id
X-Goog-Metageneration
X-Goog-Storage-Class
X-Goog-Generation
X-GUploader-UploadID
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
Accept-Charset
X-Origin-Server
X-Git-Hash
X-FTR-Request-ID
X-Hostname
X-Respond-Thread
X-Geo-Country
X-LB-Cache
X-Upgrade-Enabled
X-DataDome
Section-Io-Cache
X-Rid
X-XRDS-LOCATION
X-Frontend
Access-Control-Allow-Method
X-Cache-Age
Cache
Alternate-Protocol
X-Mobile-URL
Host
Cleartype
MS-CV
Paypal-Debug-Id
X-Content-Options
X-IPLB-Instance
X-Type
Healthy
X-AOL-HN
X-Ruxit-Js-Agent
ServerID
X-WebKit-CSP-Report-Only
X-App-Environment
Payment
X-Varnish-Backend
X-Whom
X-Seen-By
X-Aspnet-Duration-Ms
X-Cache-Action
X-B-Cache
X-Flags
X-Debug-Info
X-Providence-Cookie
X-Route-Name
X-Signature
X-TT
X-Is-Crawler
X-Request-Guid
X-VCache
Fastcgi-Useragent
X-Page-Id
X-Jobs
X-NWS-LOG-UUID
X-Source
X-N
X-Mobile
X-Time
X-Erf-Bev-Bev
X-Load-Cache
X-Erf-Bev-Bev-Is-Generated
X-Browser-Type
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-RateLimit-Remaining
X-Cached-By
X-Via-JSL
X-Daa-Tunnel
X-FB-Debug
X-Akamai-Edgescape
Version
Nel
X-Cache-Rule
X-Cache-Operation
X-Litespeed-Cache
Viewport
Refresh
DynaTrace
X-Rule
X-Accel-Buffering
X-Response-Served-From
X-Original-Request-Id
X-Drupal-Cache-Tags
DC
X-Framework
X-Zen-Fury
X-Proxy
X-Cacheable-TTL
X-ProcessESI
X-RTag
GEO-INFO
Ms-Operation-Id
Realpath
X-Instance
X-RemovedCookies
X-Tt-Trace-Tag
X-Contextid
X-Tt-Trace-Host
X-Real-IP
X-Fastcgi-Cache
Access-Control-Request-Headers
X-Wix-Request-Id
X-Region
X-HTML-Minification-Powered-By
X-UUID
X-Cache-Time
X-Drupal-Cache-Contexts
Referer-Policy
X-Distributor
X-Page-View
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-FW-Hash
X-FW-Dynamic
X-Cache-Expired-At
Node
Eomportal-Instance
X-FW-Static
X-FW-Type
Countrycode
VIX-Pulpo-Upstream-Status
X-FW-Server
X-FW-Serve
VIX-Pulpo-Node
X-B
X-L-Path
X-Environment-Context
X-Cluster-Name
Liferay-Portal
X-G
X-Tumblr-Pixel-1
X-Cache-Control
X-Tumblr-Pixel-0
X-Tumblr-User
X-Node-Name
X-Tumblr-Pixel
X-Content-Powered-By
X-IPS-LoggedIn
X-Cache-Hit
X-User-Agent
X-Ratelimit-Limit
Server-Info
Webserver
X-Tumblr-Pixel-2
X-Pass-Why
X-Amz-Meta-S3cmd-Attrs
Section-Io-Id
Section-Io-Origin-Time-Seconds
From-Origin
Section-Origin-Responded
Section-Io-Origin-Status
X-App-Server
X-Varnish-Ttl
SRV
Protected
Ec-Rule-Version
X-Protected-By
X-FireWall-Port
X-Revision
X-Oracle-Dms-Rid
X-Backend-Name
X-Cache-Server
Frame-Options
Cache-Status
CF-IPCountry
Meta-Geo
X-Hyper-Cache
X-Endurance-Cache-Level
X-ES-SERVER
X-Www-Served-By
X-Mode
X-Hl-Ver
X-RN-RSRV
X-Handled-By
X-UPSTREAM-Address
X-Storage
X-Site-Version
X-NYM-Debug-Backend
Retry-After
X-Soup
X-Forwarded-Host
X-Locale
X-FB-TRIP-ID
X-Adobe-Content
Decoy-Debug-Key
Cache-Tv-Group
X-Web-Node
Fastly-SSL
X-Varnishpool
Decoy-Debug-Status
X-Adobe-Loc
Decoy-Debug-TTL
X-Human
X-Be
X-Cache-Grace
X-Pubstack
Country
X-Section
Azure-Version
Azure-InstanceId
X-Format
Azure-RegionName
Azure-SiteName
Cache-Name
Azure-SlotName
X-Labrador-Cache-Channel
X-Say-Cacheable
X-PHP-Host
TWC-Locale-Group
TWC-GeoIP-LatLong
TWC-GeoIP-Country
X-Proxy-Build
X-Proto
X-BYPASS-REASON
TWC-Privacy
Webcakes-App-Version
Webcakes-App-Name
X-Origin-Hint
X-Access
X-PCL
TWC-Device-Class
X-Origin-Date
X-Uri
X-Say-TTL
X-UA-Device-Type
X-TT-LOGID
X-SayCDN-TTL
X-Redis-Cache
X-ProxyCache-Status
Selected-Fe
TWC-Connection-Speed
Property-Id
X-OCL
X-ProxyCache-Key
X-Timing-Wait
Webcakes-Region
X-Tec-Api-Version
X-Tec-Api-Origin
X-Tec-Api-Root
X-LAGOON
X-No-Session
X-FW-Version
X-ApacheServer
X-AIR-PT
X-PERF
X-WA-Info
X-Server-W
X-S-Maxage
X-Sql-Duration-Ms
X-Via-CDN
X-Sql-Count
X-Via-Fastly
X-VWS-Id
Xserver
X-R9-Blue-Green-Version
X-AWS-Id
X-LJ-Flow-ID
X-Loop
X-Hosted-By
X-TNCMS
X-Request-Time
X-FTR-Backend-Server
X-Cluster
X-Qloud-Router
X-Status
X-MP-GENERATED-AT
X-FTR-Balancer
X-FTR-Cache-Status
Mn-Server-Ip
X-Country-Code-Real
X-FTR-Realm
X-FTR-DC
X-FTR-Backend
S-Cnection
X-Cache-TTL-Remaining
X-Routing-Service
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Storefront-Renderer-Rendered
X-Shopify-Stage
X-ShopId
X-Proxied
X-Zipkin-Id
X-ShardId
X-CCM
X-Alternate-Cache-Key
X-Ratelimit-Remaining
X-FTR-Expires
Cache-Hits
X-Xfnlog-Site
X-Rendered-As
X-Is-Bot
X-Dynatrace
X-Dc
X-Unique-Id
X-Device-Type
X-Cache-Var
X-Air-Hostname
X-Cache-Var-Map
AMP-Access-Control-Allow-Source-Origin
X-Nginx-Cache
X-Info
X-Detected-As
Apigw-Requestid
X-EdgeConnect-Cache-Status
X-Webkit-Csp
X-Cache-Host
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Amzn-Remapped-Content-Length
X-Cdn
X-Debug-IsConnected
X-Debug-IsPreview
X-SRV
X-Microcachable
X-APP-VERSION
X-Cache-Enabled
SD-X-WS
X-Content-Age
X-Varnish-Grace
X-GEO
X-Varnish-Server
X-Platform
X-Time-Microsecs
Amp-Access-Control-Allow-Source-Origin
Tracecode
X-Correlation-ID
X-Backend-TTL
X-Azure-Ref
X-Cache-Backend
Uber-Trace-Id
X-ServerID
X-GG-Cache-Date
X-DynaTrace-JS-Agent
X-Backend-Host
DSUID
X-Erf-Stays-Bingo-Pdp-Web
X-Proxy-Cache-Status
Akamai-GRN
X-Oss-Hash-Crc64ecma
X-BCube-Filmed-By
X-Oss-Storage-Class
X-NewRelic-App-Data
X-Tb
X-Oss-Server-Time
X-Oss-Request-Id
X-Oss-Object-Type
X-CSRF-Token
X-ATG-Version
X-Sucuri-ID
X-Trace-Id
PB-PID
Backend
Arc-Version
PB-RID
X-Magnolia-Registration
X-Akamai-Transformed
ServedBy
X-Aed
X-VG-WebCache
X-Application
X-Thinkindot-L3
X-Device-Os
X-ARC
X-Matched-Rule
X-Location
X-VG-WebServer
BehaviorPad-Version
X-A-Wwc
X-A-Dgt
X-External-Request-Id
X-Trv-Group
X-Level-Front-Cache
X-Origin-Response-Time
X-Vdms-Path
X-B-Cookie
Xc-Version
X-Connection-Hash
X-Cache-NGX
X-Cache-PHP
X-CF-Lambda-Version
X-Origin-CC
X-Varnish-Cache-Hits
X-Origin-TTL
X-Vdms-Version
X-CF-Lambda-Fn
X-S
X-Rojux
X-Destination
X-PAYTM-SRV-ID
X-D
X-RCS-CacheZone
X-Cache-NE
X-Varnish-Hostname
X-Request-UUID
X-Session-Fingerprint
Instruction
Rendered-Blocks
Release
SR-User-Adfree
X-Generation-Time
Expiry
Fastcgi-X-Cache-Version
X-Generated-On
X-S-Cookie
Lfy
Meta-Geo-Continent
Mobile-Detection-Method
Path
X-PBS-Appsvrname
MD5-Digest
Machine
X-GeoIP-City
Pramga
X-From
X-Vtex-Processado-Em
Thinkindot-Control
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
X-A
X-A-Ccd
X-ScT
X-A-Dcw
X-A-Dam
X-SRCache-Key
T-Server
X-Vtex-Remote-Cache
Odigeo-Trace-Id
X-Fetched-On
DCR-Processing-Time-Ms
DCR-Decision-By
X-Processor
X-Rewrite-Enabled
X-Ms-Version
X-Ms-Request-Id
CacheControlHeader
Cache-Host
X-Owner
X-JWT-State
X-Is-Gdpr
C-Via
X-Skip-Cache
X-Sn-Servicetimems
AKAMAI
X-Generated-In
X-Eu-Site
X-VServer
X-Irp-Debug
L5d-Success-Class
X-Reqid
Host-ID
HA-Ipaddr
X-FC-Vary-Parameters
X-Tumblr-Pixel-3
UCS
Cf-Device-Type
X-GeoIP
X-Geo-Header
Gh-Request-Id
X-User
X-Micro-Cache
X-Azure-Ref-OriginShield
X-SVT-ORM-VERSION
X-Debug-Cache
X-Cdn-Origin
Ssr
X-Mvc-Supplant-Cachable
X-Node-Id
X-Thanos
X-SVT-ORM-RULES
X-HS-Content-Campaign-Id
X-NWS-UUID-VERIFY
Pagetype
X-OVcl
Ha-Gx-Prefs
X-Cache-Info
X-Adobe-Source
X-Backend-State
X-Swa-Ws
X-Has-Esi
X-Bip
X-Cache-Bucket
X-Cache-Date
Fastly-Backend-Name
X-CGP
X-Csrf-Jwt
X-OVcl-Cache
DB-Nickname
Server-Host
X-Var-Ttl
X-HN
On-Server
PFcat
Server-Hostname
Server-Ext
X-Varnish-Hits
X-IP
X-Request-Host
X-Developer
X-Developers
X-Envoy-Decorator-Operation
X-Fastly-Backend
X-CUA
X-Core-Value
X-Clientip
X-Cms-Context
X-Nginx-Cache-Key
X-Cache-Tags
X-Request-URI
X-Origin-Expires
X-Fastly-Cache
X-VarnishDD-TTL
X-Policy
X-Generated-By
X-Scheme
V-Age
Wxu-Next-Region
Wxu-Next-Hostname
Wxu-Next-Commit
Sever-Int
CloudFront-Viewer-Country
L
Locid
Content-Disposition
X-B3-Traceid
X-Wikidot-Static-Cache
User-Cache-Control
X-Wikidot-Backend
Magicmarker
NGX
X-Cache-Remote
X-TrackingId
Location
X-TA-CDN-Provider
X-Li-Pop
X-Li-Fabric
Apple-News-Services-Handled
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
X-Loc
Apple-News-Services-Host
Adler-Geo
X-LI-UUID
X-VG-TLSProxy
X-Gzip
X-Esi-Check
HostName
X-Fmm-Version
X-DPWN-IS-SECURE
X-Dispatcher-Server
X-DefElseHash
X-DefHash
NM-Fastcgi-Cache
X-Cache-Id
X-Hnp-Log
X-Branch-Name
X-Method
X-GoCache-CacheStatus
X-Cache-Expires
X-Gen-Mode
X-Block-Status
X-NU-AKA-ACS-Version
Fastly-SIE
X-TX-ID
X-SIPLIST1
X-Servername
X-Request-Start
CDCHOST
Fastly-SWR
X-Variation
X-Varnish-CookieHashed-On
IsBot
Is-Eu
X-Varnish-CookieINHashed-On
X-Varnish-Beresp-Grace
X-WADP-Cache
True-Client-Country-4JS
X-Origin
X-Varnish-Remaining-TTL
X-Old-Content-Length
X-Clara-WADP
Origin
X-Platform-Server
X-Ratelimit-Reset
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
Cf-Bgj
Vix-Hermes-Req-Id
Web-Mar-Node
Platform
X-ID
X-NC
X-B3-Spanid
X-NAPM-TraceId
X-Varnish-Beresp-Status
X-Varnish-Beresp-Ttl
X-Gamma-Serve
CDN-RequestCountryCode
Fastly-Drupal-HTML
Rt-Fastcgi-Cache
X-Slack-Backend
X-Cache-Debug
X-Hash
X-Goog-Meta-Goog-Reserved-File-Mtime
CDN-CachedAt
CDN-Cache
CDN-Uid
CDN-EdgeStorageId
CDN-PullZone
CDN-RequestId
X-PF-Uncompressing
X-EC-Lua
CACHE
X-Host-Name
X-NCache
Url
X-Core-Mission
X-Varnish-Url
X-Cdn-Forward
X-Response-By
X-Aicache-OS
S-Rt
X-Mvc-Supplant-OutputCached
X-Varnish-Cacheable
Sid
X-B3-SpanId
X-CS
X-App-Version
Pics-Label
X-Refresh
X-Proxy-Cachei7
X-CACHE-GROUP
X-LB-ID
Xkeyi7
Cross-Origin-Window-Policy
X-BBXSRF
N-Cache
X-CDN-Forward
Esi-Enabled
X-Cache-2
X-Sucuri-Cache
Ohc-File-Size
X-FireWall-Protection
Content-Secure-Policy
X-Srv
X-Cs
D-Cc-Upstream
X-Contensis-Viewer-Groups
X-Epic-Correlation-Id
X-Via-Popv
X-Via-Poph
Cteonnt-Length
X-Varnish-Authentication
X-Cc-Via
X-Cc-Req-Id
X-Cache-ASPX
X-Via-Popn
X-Svr
X-Tb-Optimization-Total-Bytes-Saved
X-TraceId
Source
X-Error
X-Wa
X-Servedbyhost
X-Nc
Who
Geoip-Latitude
GeoIp-Country-Code
X-Unique-ID
MIME-Version
Req-Svc-Chain
Country-Code
X-Server-IP
X-Webkit-CSP-Report-Only
X-LiteSpeed-Cache-Control
X-DC
X-Nyt-Route
X-Cache-Config
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
HitType
X-Gdpr
X-HS-Status
X-FPC
X-Planisys-CDN-TTL
X-API-Version
X-Origin-Time
X-RateLimit-Limit
X-VC
X-SN
Server-Ttl
X-Fastly-Request-Id
X-NGINX-Cache
X-URL
Hostname
X-TIME
Ohc-Cache-HIT
Cmsid
Cmstype
Kp-EeAlive
Svr
X-LI-Proto
XServer
X-NodeID
X-SB
X-VCL-Version
X-Webstats-RespID
X-CACHE-KEY
Geo-Info
X-Served-From
X-Esi
Server-ID
X-SD-PageType
VivaBuild
X-Check-Cacheable
Viewtype
X-Render-Time
X-Ua
A
Cache-Key
X-Viewer-Country
X-Vgn-Hpd-Reason
NtCoent-Length
X-HOST
X-CCDN-CacheTTL
X-Li-Proto
X-CCDN-Origin-Time
X-Hcs-Proxy-Type
M-TraceId
X-Vcl-Version
Server-Id
X-BBC-Edge-Cache-Status
SID
EpKe-Alive
Request-ID
X-UA
X-DB
Resin-Trace
X-RAMCache
Cache-Provider
X-CF-Powered-By
X-DSS
X-Air-Source
X-Worker
X-DI
X-TIM-N
Arc-Country
X-Auto-Login
Cross-Origin-Opener-Policy
TDXMobile
X-DW
X-RSL
X-RPS
X-RPM
Filterid
X-Ftr-Cache-Host
X-Internal-Host
X-App
Upgrade-Insecure-Requests
GeoIP-Latitude
GeoIP-Country-Code
ProcessTime
X-CSRF-TOKEN
X-Dynatrace-Js-Agent
Mime-Version
CDN
X-Action
Processtime
Srv
X-Cluster-Node
X-Vc
X-FTR-Cache-Host
X-Newrelic-Synthetics
Tcn
X-ServedByHost
X-WA
X-Fpc
Proxy-Connection
NGB
X-Service
X-Oss-Cdn-Auth
X-CLOUD-TRACE-CONTEXT
CF-Cached-On
X-Geo
X-Via-PopH
X-Via-PopN
X-Via-PopV
X-FORWARDED-FOR
Datacenter
DataCenter
X-BBC-Origin-Response-Status
X-HostName
X-HITS
OT-Force-Account-Verify
WZWS-RAY
X-BACKEND-TTL
X-PHP-Backend
X-SaId
X-ND-Cache
X-Via-NSCOPI
X-Forwarded-Site
FSS-Cache
X-MSEdge-Features
Cdn
X-JoinUs
X-Cache-Tag
X-MSEdge-Flight
X-NGENIX-Cache
X-Dw-Trace-Id
X-Fastly-Backend-Reqs
X-Akamai-Pragma-Client-IP
X-Edge-Location
X-CACHE-AGE
X-Extlb
X-Cdn-Request-ID
X-Client-Ip
X-IN-APIGATEWAYSSL
X-ABtesting
PICS-Label
X-Parent-Response-Time
X-Lb-Id
X-IN-APIGATEWAY
Dnion-Transfer-Encoding
X-Hello
X-Flog
W
X-Provided-By
X-Oracle-DMS-ECID
X-Proxy-Upstream
X-LiteSpeed-Tag
X-Accel-Expires-Debug
X-Swift-Error
X-Bc-Bl
X-Region-Sid
We-Hiring
Memcached
X-Presslabs-Stats
X-RateLimit-Limit-Second
Media-Length
X-RateLimit-Remaining-Second
Mail-Subject
Epwk-X-Cache
Surrogated-Key
X-Pf-Uncompressing
X-PJAX-URL
X-VC-Cache
X-Req
X-UnsetCookies
X-Date
X-Pad
X-Depends-On
Vha6-Origin
X-Sigma-Backend
Env
Xet-Cookie
X-Rocket-Build-Number
URI
X-ZONE
X-Sigma
Memory
Time
X-MiniProfiler-Ids
LB
X-Zone
Cf-Ipcountry
X-Acquia-Site
X-APP
X-Request-URL
X-Varnish-Beresp-TTL
X-ElasticPress-Query
X-Acquia-Purge-Tags
X-Ms-Meta-Staticbatchstarttime
X-Akamai-ERRuleID
X-Akamai-ERPolicy
X-Vcache
X-B3-Parentspanid
X-Amz-Meta-Cb-Modifiedtime
X-Men
X-Csrf-Token
X-Air-Trace-Id
X-Varnish-URL
X-Ms-Meta-Originalurl
X-ElasticPress-Search
X-Acquia-Application-Trace
X-Akamai-Request-ID
X-Request-Url
X-Acquia-Application-UUID
CountryCode
Inserted-Into-Cache-At
X-Tid
Lb
Environment
Content-Style-Type
Content-Script-Type
X-Litespeed-Cache-Control
X-C
Edge-Copy-Time
X-Via-SSL
X-Acc-Rdl
X-Acc-Debug-Context
X-Via-Edge
X-ServerName
X-Storefront-Renderer-Verified
Phost
Ohc-Response-Time
X-Debug-Cache-Fetch
NnCoection
X-Traceid
X-Redis-Count
X-Redis-Duration-Ms
X-Snapshot-Date
X-Debug-Cache-Store