Threat Level: green Handler on Duty: Jim Clausing

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
X-XSS-Protection
Cf-Request-Id
CF-RAY
CF-Cache-Status
Last-Modified
Accept-Ranges
Link
Pragma
Expect-CT
ETag
X-Powered-By
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
Alt-Svc
X-Served-By
X-Timer
X-Download-Options
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Permitted-Cross-Domain-Policies
X-Check
X-Cache-Status
X-Generator
X-Request-ID
X-DNS-Prefetch-Control
X-Cacheable
Timing-Allow-Origin
X-Iinfo
X-Content-Security-Policy
Content-Encoding
X-CDN
X-Envoy-Upstream-Service-Time
Status
X-Ua-Compatible
Feature-Policy
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
X-AspNetMvc-Version
Access-Control-Max-Age
X-Xss-Protection
X-Via
Upgrade
Keep-Alive
X-Ws-Request-Id
X-Age
X-Turbo-Charged-By
X-AH-Environment
X-Robots-Tag
Request-Context
X-Proxy-Cache
EagleId
X-Cache-Group
Server-Timing
X-Backend
X-Hacker
X-Amz-Request-Id
Report-To
X-Server
X-Amz-Id-2
Host-Header
X-Server-Powered-By
X-UA-Device
Grace
X-Nginx-Cache-Status
X-LiteSpeed-Cache
X-Dns-Prefetch-Control
X-Varnish-Cache
X-Rq
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-Page-Speed
Cf-Railgun
X-Pingback
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
NEL
X-Amz-Version-Id
X-OneAgent-JS-Injection
Xkey
X-WebKit-CSP
Allow
X-Backend-Server
X-Cache-Spec
X-Vhost
X-Host
X-CST
X-Device
EagleEye-TraceId
X-Server-Id
Surrogate-Control
Request-Id
X-Dispatcher
Accept-CH
X-Node
X-Kinja-Server-Push
Content-Location
X-Response-Time
Accept-CH-Lifetime
X-Akam-SW-Version
X-Ruxit-JS-Agent
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-ASPNET-VERSION
X-Template
X-Language
X-Ac
X-Application-Context
X-Country
X-Readtime
X-Cache-Lookup
X-Cloud-Trace-Context
X-Mod-Pagespeed
MS-Author-Via
X-Origin-Cache
X-B3-TraceId
Rating
X-Cnection
X-MS-InvokeApp
X-HW
X-ORACLE-DMS-ECID
X-Url
X-TtlSet
X-Vname
X-PC
Accept-Ch
X-Clacks-Overhead
X-ESI
X-FastCGI-Cache
X-GitHub-Request-Id
Edge-Control
Accept-Ch-Lifetime
X-Trace
X-Middleton-Response
X-Sol
Response
X-Middleton-Display
Pagespeed
Display
X-Content-Type
X-D2id
X-Buckets
X-Kinja
X-GoogleNews-Bot
X-Kinja-Revision
X-Vcap-Request-Id
X-Kinja-Build
X-Exp-Id
X-Cdn-Fetch
Verso
X-Use-Magma
X-Exp-Variant
X-Kinja-Server
Arr-Disable-Session-Affinity
X-Goog-Hash
X-Server-Name
X-Rack-Cache
X-Varnish-TTL
X-Country-Code
Service-Worker-Allowed
X-Navigation-Version
X-VARITI-CCR
X-Abt-Application-Version
X-Amz-Rid
X-ORACLE-DMS-RID
X-Oneagent-Js-Injection
Pinterest-Version
X-Pinterest-Rid
Pinterest-Generated-By
X-Client-IP
X-Cache-TTL
X-Powered-By-Plesk
SPRequestGuid
X-SharePointHealthScore
X-TTL
SPIisLatency
X-Fastly-Request-ID
SPRequestDuration
X-Release
X-MSEdge-Ref
X-Dw-Request-Base-Id
X-Element-Page-Cache
Fastly-Restarts
X-Cached
X-NF-Request-ID
Public-Key-Pins
MRF-Tech
Mrf-Cache-Status
X-B3-TraceId-Primal
RTSS
X-Origin-Upstream-Status
AR-CACHE
Ar-Sid
X-Edge
AR-PoweredBy
AR-Request-ID
AR-ATIME
X-Px
X-Webkit-CSP
Access-Control-Request-Method
X-SRCache-Store-Status
X-SRCache-Fetch-Status
Fusion-Deployment-Id
Fusion-Component-Id
Fusion-Content-Source
X-Powered-CMS
Fusion-Source
Fusion-Template-Id
Fusion-Content-Id
X-LLID
X-Upstream
X-Ezoic-Cdn
Content-MD5
X-Pinterest-Direct
X-HP-Webp
X-Jurisdiction
X-Amz-Server-Side-Encryption
X-Mid
X-MCACHE
X-ECACHE
Charset
X-Content-Digest
X-Mg-S
X-Recruiting
S
X-Ttl
Cache-Tag
X-PressLabs-Stats
X-Aspnetmvc-Version
MicrosoftSharePointTeamServices
X-Version
TCN
X-Debug
Front-End-Https
Fastcgi-Cache
X-Content-Security-Policy-Report-Only
X-Grace
X-T
Filters
Cache-Tags
X-Kinsta-Cache
X-XRDS-Location
Edge-Cache-Tag
Server-Node
X-Id
X-Forwarded-Proto
X-Yandex-Sdch-Disable
X-Amzn-Trace-Id
X-Cache-Key
X-Accel-Expires
X-Logged-In
Server-Name
X-Forwarded-For
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
Surrogate-Key
X-Varnish-Age
Nginx-Cache
Powered-By-ChinaCache
X-Correlation-Id
X-DynaTrace
TP-L2-Cache
X-B3-Sampled
TP-Cache
X-Hits
X-Microsite
X-Request-Handler-Origin-Region
X-DIS-Request-ID
X-Ser
X-Request-Processing-Time
X-Request-Received
X-Shield-Request-Id
X-AppVersion
X-Activity-Id
X-Amz-Replication-Status
X-Az
X-Server-ID
X-HS-Combine-CSS
X-HS-Cache-Config
X-HS-Content-Id
X-HS-Hub-Id
X-F-Cache
X-FTR-Request-ID
Accept-Charset
X-Goog-Generation
X-Goog-Storage-Class
X-GUploader-UploadID
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Git-Hash
X-Origin-Server
X-Respond-Thread
X-Hostname
X-Geo-Country
X-DataDome
X-LB-Cache
X-Upgrade-Enabled
Section-Io-Cache
X-Rid
X-Frontend
X-Cache-Age
Access-Control-Allow-Method
Host
X-Mobile-URL
Cleartype
Healthy
X-Type
Paypal-Debug-Id
Alternate-Protocol
Cache
MS-CV
ServerID
X-IPLB-Instance
X-Content-Options
X-WebKit-CSP-Report-Only
X-AOL-HN
X-Ruxit-Js-Agent
X-Whom
X-Varnish-Backend
X-App-Environment
X-B-Cache
X-Aspnet-Duration-Ms
Payment
X-Flags
X-Is-Crawler
X-Route-Name
X-Request-Guid
X-Providence-Cookie
X-VCache
X-Signature
X-Debug-Info
X-TT
X-XRDS-LOCATION
X-Cache-Action
X-Seen-By
X-Page-Id
X-TEC-API-VERSION
X-TEC-API-ROOT
Fastcgi-Useragent
X-TEC-API-ORIGIN
X-Erf-Bev-Bev
X-Jobs
X-Erf-Bev-Bev-Is-Generated
X-Mobile
X-N
X-Source
X-NWS-LOG-UUID
X-Time
X-RateLimit-Remaining
X-Browser-Type
X-Load-Cache
X-Cached-By
X-Via-JSL
X-Akamai-Edgescape
Version
X-FB-Debug
Nel
X-Daa-Tunnel
X-Cache-Operation
DynaTrace
X-Cache-Rule
X-Litespeed-Cache
Viewport
X-Rule
X-Accel-Buffering
Refresh
X-Response-Served-From
X-Original-Request-Id
X-Drupal-Cache-Tags
X-Proxy
X-Framework
DC
X-ProcessESI
Realpath
X-Cacheable-TTL
GEO-INFO
X-Instance
Referer-Policy
X-Zen-Fury
X-RemovedCookies
Ms-Operation-Id
X-RTag
X-Region
Access-Control-Request-Headers
X-Fastcgi-Cache
X-Real-IP
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-HTML-Minification-Powered-By
X-Cache-Time
X-Environment-Context
X-UUID
X-Contextid
X-FW-Type
X-FW-Dynamic
X-Page-View
X-L-Path
X-FW-Serve
X-FW-Hash
X-FW-Server
X-FW-Static
X-Yottaa-Optimizations
X-Distributor
X-Drupal-Cache-Contexts
X-Wix-Request-Id
VIX-Pulpo-Node
X-Yottaa-Metrics
VIX-Pulpo-Upstream-Status
X-Node-Name
X-Cache-Expired-At
X-B
Eomportal-Instance
Node
X-Cluster-Name
Countrycode
X-Tumblr-Pixel
X-G
X-Tumblr-Pixel-0
X-Tumblr-User
X-Tumblr-Pixel-1
X-Cache-Control
Liferay-Portal
X-Content-Powered-By
X-IPS-LoggedIn
X-User-Agent
X-Cache-Hit
X-Amz-Meta-S3cmd-Attrs
X-Tumblr-Pixel-2
Webserver
X-Ratelimit-Limit
Section-Io-Origin-Time-Seconds
Section-Io-Origin-Status
Section-Io-Id
Section-Origin-Responded
Server-Info
SRV
Protected
From-Origin
X-App-Server
X-Revision
X-Protected-By
X-Pass-Why
Ec-Rule-Version
Cache-Status
X-Backend-Name
X-FireWall-Port
X-Cache-Server
Frame-Options
X-Oracle-Dms-Rid
X-Hyper-Cache
X-Mode
X-Handled-By
Retry-After
X-UPSTREAM-Address
Meta-Geo
X-ES-SERVER
X-Hl-Ver
X-RN-RSRV
X-Endurance-Cache-Level
X-Forwarded-Host
X-Www-Served-By
X-FB-TRIP-ID
X-Storage
CF-IPCountry
X-Locale
X-Site-Version
X-Soup
X-NYM-Debug-Backend
TWC-Privacy
Fastly-SSL
X-Format
Decoy-Debug-TTL
Decoy-Debug-Status
Decoy-Debug-Key
Property-Id
X-Origin-Hint
TWC-Device-Class
X-Human
X-Section
X-Pubstack
Country
Cache-Tv-Group
X-Web-Node
X-Varnishpool
TWC-Locale-Group
Webcakes-Region
Webcakes-App-Version
TWC-GeoIP-LatLong
TWC-Connection-Speed
X-Cache-Grace
X-Be
Webcakes-App-Name
X-Access
X-Via-CDN
TWC-GeoIP-Country
X-Adobe-Loc
X-Adobe-Content
X-ApacheServer
X-BYPASS-REASON
X-FW-Version
X-Labrador-Cache-Channel
Selected-Fe
Azure-RegionName
Azure-SlotName
Azure-Version
Cache-Name
X-PERF
Azure-SiteName
X-PHP-Host
X-Timing-Wait
X-SayCDN-TTL
X-TT-LOGID
X-UA-Device-Type
X-Uri
X-Say-TTL
X-Say-Cacheable
X-Proxy-Build
X-Proto
X-ProxyCache-Key
X-ProxyCache-Status
X-Redis-Cache
Azure-InstanceId
X-Origin-Date
X-FTR-Backend
X-FTR-Backend-Server
X-PCL
X-OCL
X-AIR-PT
X-Country-Code-Real
X-Varnish-Ttl
X-S-Maxage
X-FTR-DC
X-FTR-Realm
X-Sql-Duration-Ms
X-Sql-Count
X-FTR-Cache-Status
X-Server-W
S-Cnection
X-FTR-Balancer
X-Hosted-By
X-Loop
X-TNCMS
X-No-Session
Mn-Server-Ip
X-WA-Info
X-LAGOON
X-Via-Fastly
X-Status
X-FTR-Expires
X-R9-Blue-Green-Version
X-VWS-Id
X-Request-Time
X-Cluster
X-LJ-Flow-ID
X-AWS-Id
Cache-Hits
X-Routing-Service
X-Qloud-Router
X-Cache-TTL-Remaining
X-MP-GENERATED-AT
X-Zipkin-Id
X-Proxied
X-Sorting-Hat-PodId
X-Shopify-Stage
X-Alternate-Cache-Key
X-Sorting-Hat-ShopId
X-ShopId
X-ShardId
Xserver
X-Storefront-Renderer-Rendered
X-Rendered-As
X-Ratelimit-Remaining
X-Is-Bot
X-Cache-Var
X-Cache-Var-Map
X-CCM
X-Air-Hostname
X-Dynatrace
X-Xfnlog-Site
X-Unique-Id
X-Tec-Api-Origin
X-Tec-Api-Version
AMP-Access-Control-Allow-Source-Origin
X-Tec-Api-Root
X-Detected-As
X-Amz-Apigw-Id
X-Amzn-Remapped-Content-Length
X-Device-Type
X-Amzn-RequestId
X-EdgeConnect-Cache-Status
X-Info
X-Webkit-Csp
X-Nginx-Cache
Apigw-Requestid
X-Cdn
X-Dc
X-Cache-Host
X-SRV
X-Microcachable
SD-X-WS
X-APP-VERSION
X-Cache-Enabled
X-B3-Traceid
X-GEO
X-Content-Age
X-Time-Microsecs
Tracecode
X-Varnish-Server
X-Correlation-ID
X-Backend-TTL
X-Cache-Backend
X-ServerID
X-Platform
X-Varnish-Grace
X-Debug-IsPreview
X-Debug-IsConnected
Amp-Access-Control-Allow-Source-Origin
X-Azure-Ref
X-Backend-Host
X-DynaTrace-JS-Agent
DSUID
Uber-Trace-Id
X-Erf-Stays-Bingo-Pdp-Web
X-GG-Cache-Date
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Oss-Request-Id
X-Oss-Server-Time
X-Sucuri-ID
Akamai-GRN
X-Tb
X-Oss-Storage-Class
X-BCube-Filmed-By
PB-RID
X-Proxy-Cache-Status
Arc-Version
PB-PID
X-NewRelic-App-Data
X-ATG-Version
Backend
X-ID
X-Magnolia-Registration
X-Origin-Response-Time
X-ScT
X-Session-Fingerprint
X-Device-Os
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
Thinkindot-CacheControl-Type
X-Trace-Id
X-External-Request-Id
X-A-Wwc
X-Destination
Thinkindot-Control
X-S-Cookie
X-CSRF-Token
X-A-Dcw
Expiry
X-A-Dam
X-B-Cookie
DCR-Processing-Time-Ms
X-Application
X-Aed
X-ARC
Fastcgi-X-Cache-Version
X-Cache-NE
X-CF-Lambda-Version
X-A
X-Connection-Hash
X-Varnish-Cache-Hits
X-CF-Lambda-Fn
X-SRCache-Key
X-A-Ccd
X-VG-WebServer
X-D
X-Trv-Group
Thinkindot-CacheControl
X-Origin-TTL
X-Origin-CC
X-Matched-Rule
ServedBy
X-Location
MD5-Digest
Path
Lfy
T-Server
X-Cache-Remote
Rendered-Blocks
Meta-Geo-Continent
Pramga
Machine
SR-User-Adfree
X-Generation-Time
DCR-Decision-By
X-A-Dgt
X-PAYTM-SRV-ID
X-Level-Front-Cache
X-VG-WebCache
X-From
Odigeo-Trace-Id
X-Request-UUID
X-Rewrite-Enabled
X-S
X-Rojux
X-Fetched-On
Xc-Version
Instruction
X-Generated-On
X-Processor
X-Vdms-Version
X-Thinkindot-L3
X-PBS-Appsvrname
Mobile-Detection-Method
X-Vdms-Path
X-Varnish-Hostname
X-Cache-PHP
X-Akamai-Transformed
X-RCS-CacheZone
X-Cache-NGX
PFcat
Pagetype
Locid
Wxu-Next-Region
L
Host-ID
Wxu-Next-Commit
L5d-Success-Class
Ha-Gx-Prefs
Ssr
Fastly-Backend-Name
HA-Ipaddr
Gh-Request-Id
Magicmarker
X-Generated-In
X-Mvc-Supplant-Cachable
X-Node-Id
X-OVcl
X-OVcl-Cache
X-Micro-Cache
X-Wikidot-Static-Cache
X-HS-Content-Campaign-Id
X-Irp-Debug
X-Is-Gdpr
X-JWT-State
X-Owner
X-Reqid
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Swa-Ws
X-Thanos
X-Sn-Servicetimems
X-Skip-Cache
X-Request-Start
X-Request-URI
X-Wikidot-Backend
X-HN
X-Has-Esi
X-Cdn-Origin
X-CGP
X-Csrf-Jwt
X-Developers
X-Cache-Info
X-Cache-Date
X-Backend-State
X-Bip
X-Cache-Bucket
X-Eu-Site
X-VServer
BehaviorPad-Version
X-Tumblr-Pixel-3
X-Geo-Header
X-GeoIP
Release
X-User
X-FC-Vary-Parameters
X-GeoIP-City
X-VarnishDD-TTL
X-Azure-Ref-OriginShield
Wxu-Next-Hostname
Cf-Device-Type
CACHE
CacheControlHeader
DB-Nickname
C-Via
Cache-Host
AKAMAI
X-Debug-Cache
X-Adobe-Source
V-Age
UCS
Apple-News-Services-Host
Sever-Int
Server-Host
Rt-Fastcgi-Cache
X-Clientip
Apple-News-Services-Handled
Server-Ext
Server-Hostname
User-Cache-Control
X-Scheme
X-Nginx-Cache-Key
X-Method
X-Origin-Expires
X-Policy
X-NWS-UUID-VERIFY
X-Request-Host
X-IP
X-NC
On-Server
X-CUA
X-Developer
X-Fastly-Backend
X-Var-Ttl
X-Generated-By
X-Varnish-Hits
X-Cache-Tags
CDCHOST
Apple-News-Services-Parsed-Url
Cf-Bgj
CloudFront-Viewer-Country
Apple-News-Services-Request-Url
X-Ms-Version
X-Varnish-Beresp-Grace
X-Ms-Request-Id
X-DefHash
X-Dispatcher-Server
X-DPWN-IS-SECURE
X-Core-Value
X-Varnish-CookieINHashed-On
X-Branch-Name
IsBot
X-B3-Spanid
Is-Eu
X-Varnish-Remaining-TTL
X-Cms-Context
X-Envoy-Decorator-Operation
X-Cache-Id
X-Varnish-CookieHashed-On
X-Loc
X-LI-UUID
X-SIPLIST1
X-Servername
Content-Disposition
X-Origin
X-Old-Content-Length
X-Li-Pop
X-Li-Fabric
X-Block-Status
X-Fastly-Cache
X-Gen-Mode
X-Variation
X-Hnp-Log
X-Gzip
X-Esi-Check
X-DefElseHash
X-TrackingId
NGX
Platform
Adler-Geo
Location
NM-Fastcgi-Cache
True-Client-Country-4JS
X-Host-Name
Vix-Hermes-Req-Id
Web-Mar-Node
Origin
X-Goog-Meta-Goog-Reserved-File-Mtime
X-GoCache-CacheStatus
X-Clara-WADP
X-Fmm-Version
X-TX-ID
X-Slack-Backend
X-Platform-Server
X-Ratelimit-Reset
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-NU-AKA-ACS-Version
X-NCache
Fastly-SWR
Fastly-SIE
X-Varnish-Url
Fastly-Drupal-HTML
X-Hash
X-Gamma-Serve
X-Cache-Expires
X-VG-TLSProxy
X-WADP-Cache
X-Cache-Debug
X-Varnish-Beresp-Ttl
X-Varnish-Beresp-Status
HostName
Url
CDN-RequestId
CDN-EdgeStorageId
S-Rt
CDN-Cache
X-NAPM-TraceId
X-Varnish-Cacheable
CDN-Uid
X-Refresh
X-Core-Mission
CDN-PullZone
CDN-CachedAt
CDN-RequestCountryCode
X-PF-Uncompressing
X-Response-By
X-CS
X-EC-Lua
X-Aicache-OS
X-Proxy-Cachei7
Xkeyi7
X-Mvc-Supplant-OutputCached
Cross-Origin-Window-Policy
Content-Secure-Policy
X-URL
X-BBXSRF
N-Cache
Pics-Label
X-App-Version
X-Sucuri-Cache
X-CACHE-GROUP
X-Cdn-Forward
X-Cache-2
Ohc-File-Size
X-CDN-Forward
X-B3-SpanId
X-FireWall-Protection
X-LB-ID
Sid
X-Cache-ASPX
Cteonnt-Length
X-Cc-Req-Id
X-Contensis-Viewer-Groups
X-Cc-Via
X-Varnish-Authentication
D-Cc-Upstream
X-Via-Popv
X-Via-Popn
Esi-Enabled
X-Tb-Optimization-Total-Bytes-Saved
X-Srv
X-Svr
X-Via-Poph
X-Servedbyhost
X-DC
X-Server-IP
X-Cs
X-Wa
Source
X-TA-CDN-Provider
X-Error
X-Epic-Correlation-Id
MIME-Version
X-Origin-Time
X-Cache-Config
X-Gdpr
X-Unique-ID
X-API-Version
X-TIME
GeoIp-Country-Code
X-FPC
Geoip-Latitude
X-Nyt-Route
X-Webkit-CSP-Report-Only
X-TraceId
X-SN
Hostname
X-VC
XServer
Who
HitType
X-Nc
X-RateLimit-Limit
Ohc-Cache-HIT
Country-Code
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Webstats-RespID
Server-Ttl
X-Planisys-CDN-Cache
Req-Svc-Chain
X-SB
X-LI-Proto
X-NodeID
X-Fastly-Request-Id
X-NGINX-Cache
X-SD-PageType
X-VCL-Version
X-HS-Status
Server-ID
X-LiteSpeed-Cache-Control
X-Check-Cacheable
Geo-Info
X-Ua
X-Esi
Svr
Cmstype
Cmsid
Kp-EeAlive
NtCoent-Length
X-BBC-Edge-Cache-Status
EpKe-Alive
X-Vgn-Hpd-Reason
Viewtype
X-Viewer-Country
SID
X-Render-Time
X-Served-From
VivaBuild
X-HOST
Request-ID
X-Auto-Login
X-Ftr-Cache-Host
X-Worker
A
Cache-Key
X-RAMCache
X-Dynatrace-Js-Agent
X-UA
ProcessTime
Cache-Provider
Server-Id
Resin-Trace
X-Vcl-Version
X-Li-Proto
X-DB
X-CACHE-KEY
X-CSRF-TOKEN
X-TIM-N
M-TraceId
X-CCDN-Origin-Time
X-CCDN-CacheTTL
X-Hcs-Proxy-Type
X-RSL
X-DSS
X-DI
X-RPS
X-DW
X-RPM
Upgrade-Insecure-Requests
TDXMobile
Cross-Origin-Opener-Policy
X-CF-Powered-By
Arc-Country
GeoIP-Country-Code
X-Air-Source
GeoIP-Latitude
X-App
CDN
X-Cluster-Node
X-Newrelic-Synthetics
Processtime
X-Action
X-Internal-Host
X-FTR-Cache-Host
X-Fpc
Mime-Version
X-Vc
Datacenter
Tcn
Filterid
X-Oss-Cdn-Auth
OT-Force-Account-Verify
CF-Cached-On
X-CLOUD-TRACE-CONTEXT
X-WA
Srv
X-Service
WZWS-RAY
X-BBC-Origin-Response-Status
X-Geo
X-ServedByHost
X-FORWARDED-FOR
X-HostName
X-HITS
NGB
X-Dw-Trace-Id
X-MSEdge-Features
X-MSEdge-Flight
Cdn
X-Hello
X-Cache-Tag
X-Lb-Id
X-ND-Cache
Proxy-Connection
X-Pinterest-Sli-Response-Type
X-Flog
X-Via-PopH
X-Via-PopN
X-Via-PopV
X-Fastly-Backend-Reqs
X-Pinterest-Sli-Endpoint-Name
X-ABtesting
X-BACKEND-TTL
X-Parent-Response-Time
X-Pinterest-Sli-Latency-Threshold
X-CACHE-AGE
X-Client-Ip
DataCenter
X-Via-NSCOPI
Dnion-Transfer-Encoding
FSS-Cache
X-IN-APIGATEWAYSSL
X-IN-APIGATEWAY
X-Forwarded-Site
W
X-JoinUs
X-NGENIX-Cache
X-Edge-Location
X-SaId
X-Cdn-Request-ID
X-PHP-Backend
URI
X-Presslabs-Stats
Media-Length
X-Pf-Uncompressing
X-Oracle-DMS-ECID
Vha6-Origin
X-Extlb
PICS-Label
X-Acc-Debug-Context
X-Acc-Rdl
CountryCode
X-Region-Sid
X-PJAX-URL
X-Akamai-Request-ID
X-MiniProfiler-Ids
X-Depends-On
X-Provided-By
X-Pad
X-UnsetCookies
X-Req
X-ZONE
Epwk-X-Cache
Mail-Subject
Surrogated-Key
X-RateLimit-Limit-Second
We-Hiring
X-Accel-Expires-Debug
X-RateLimit-Remaining-Second
X-Date
Memcached
X-VC-Cache
X-Proxy-Upstream
X-Bc-Bl
X-Request-URL
X-LiteSpeed-Tag
X-Varnish-Beresp-TTL
X-Akamai-Pragma-Client-IP
Cf-Ipcountry
X-Rocket-Build-Number
X-Akamai-ERPolicy
LB
X-Akamai-ERRuleID
X-ElasticPress-Search
X-Swift-Error
X-Traceid
Edge-Copy-Time
X-Sigma-Backend
X-Tid
X-Sigma
Content-Style-Type
X-Acquia-Application-Trace
X-Vcache
Inserted-Into-Cache-At
X-Ms-Meta-Originalurl
X-Ms-Meta-Staticbatchstarttime
X-Acquia-Application-UUID
X-Via-Edge
X-Csrf-Token
X-Request-Url
X-B3-Parentspanid
Env
X-ElasticPress-Query
X-Acquia-Site
X-Via-SSL
X-Acquia-Purge-Tags
Content-Script-Type
X-APP
X-Zone
X-Varnish-URL
Akamai-Age-Ms
X-Storefront-Renderer-Verified
X-Litespeed-Cache-Control
X-ServerName
Environment
X-Redis-Count
X-Snapshot-Date
X-Redis-Duration-Ms
X-C
NnCoection
Time
X-Debug-Cache-Fetch
Memory
Ohc-Response-Time
Xet-Cookie
Phost
X-Debug-Cache-Store