Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
CF-RAY
Cf-Request-Id
CF-Cache-Status
Last-Modified
X-XSS-Protection
Accept-Ranges
Link
Pragma
ETag
Expect-CT
X-Powered-By
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
Alt-Svc
X-Served-By
X-Timer
X-Download-Options
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-Runtime
X-AspNet-Version
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Permitted-Cross-Domain-Policies
X-Check
X-Xss-Protection
X-Cache-Status
X-Generator
X-Request-ID
X-DNS-Prefetch-Control
X-Cacheable
Timing-Allow-Origin
X-Iinfo
X-Content-Security-Policy
Content-Encoding
X-CDN
X-Envoy-Upstream-Service-Time
Status
Feature-Policy
X-Ua-Compatible
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
X-AspNetMvc-Version
Access-Control-Max-Age
X-Via
Upgrade
Keep-Alive
X-Ws-Request-Id
X-Age
X-Turbo-Charged-By
X-AH-Environment
X-Robots-Tag
Request-Context
X-Proxy-Cache
EagleId
X-Cache-Group
Server-Timing
X-Backend
X-Hacker
X-Amz-Request-Id
Report-To
X-Server
Host-Header
X-Amz-Id-2
X-Server-Powered-By
Grace
X-Nginx-Cache-Status
X-UA-Device
X-LiteSpeed-Cache
X-Dns-Prefetch-Control
X-Varnish-Cache
X-Rq
Ali-Swift-Global-Savetime
X-Swift-CacheTime
X-Swift-SaveTime
X-Page-Speed
Cf-Railgun
X-Pingback
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
NEL
X-Amz-Version-Id
X-OneAgent-JS-Injection
Xkey
X-WebKit-CSP
X-Cache-Spec
Allow
X-Backend-Server
X-Host
X-CST
X-Vhost
X-Device
EagleEye-TraceId
X-Server-Id
X-ASPNET-VERSION
Surrogate-Control
Request-Id
X-Dispatcher
X-Node
Accept-CH
Content-Location
X-Response-Time
Accept-CH-Lifetime
X-Akam-SW-Version
X-Ruxit-JS-Agent
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Ac
X-Template
X-Application-Context
X-Language
X-Kinja-Server-Push
X-Country
X-Cache-Lookup
X-Readtime
X-Mod-Pagespeed
X-Cloud-Trace-Context
MS-Author-Via
X-B3-TraceId
X-Origin-Cache
Rating
X-Cnection
X-MS-InvokeApp
X-Url
X-HW
X-Vname
X-PC
X-TtlSet
X-ORACLE-DMS-ECID
Accept-Ch
X-Clacks-Overhead
X-ESI
X-GitHub-Request-Id
X-FastCGI-Cache
Edge-Control
X-Trace
Accept-Ch-Lifetime
X-Middleton-Response
Response
Pagespeed
X-Sol
X-Middleton-Display
Display
X-Content-Type
X-D2id
X-GoogleNews-Bot
Arr-Disable-Session-Affinity
X-Kinja-Revision
X-Exp-Id
X-Kinja-Server
X-Use-Magma
X-Vcap-Request-Id
Verso
X-Exp-Variant
X-Cdn-Fetch
X-Kinja
X-Kinja-Build
X-Buckets
X-Goog-Hash
X-Rack-Cache
X-Server-Name
X-Country-Code
Service-Worker-Allowed
X-Navigation-Version
X-Varnish-TTL
X-VARITI-CCR
X-Abt-Application-Version
X-Amz-Rid
X-Oneagent-Js-Injection
X-Powered-By-Plesk
X-ORACLE-DMS-RID
X-Pinterest-Rid
Pinterest-Generated-By
Pinterest-Version
X-Cache-TTL
X-Client-IP
SPRequestGuid
X-SharePointHealthScore
X-Fastly-Request-ID
X-Release
X-MSEdge-Ref
SPRequestDuration
SPIisLatency
X-Dw-Request-Base-Id
Fastly-Restarts
X-Element-Page-Cache
X-TTL
X-NF-Request-ID
X-Cached
Public-Key-Pins
MRF-Tech
X-B3-TraceId-Primal
Mrf-Cache-Status
RTSS
X-Origin-Upstream-Status
X-Edge
AR-ATIME
AR-CACHE
AR-PoweredBy
Ar-Sid
AR-Request-ID
Access-Control-Request-Method
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Px
X-Webkit-CSP
X-LLID
X-Powered-CMS
Fusion-Deployment-Id
Fusion-Content-Id
Fusion-Template-Id
Fusion-Component-Id
Fusion-Source
Fusion-Content-Source
X-Ezoic-Cdn
X-Ttl
X-Upstream
Content-MD5
X-HP-Webp
X-Jurisdiction
X-Mid
X-Amz-Server-Side-Encryption
X-MCACHE
X-ECACHE
Charset
Cache-Tag
X-Recruiting
X-Content-Digest
X-Mg-S
S
X-Pinterest-Direct
X-PressLabs-Stats
X-Version
X-Aspnetmvc-Version
TCN
MicrosoftSharePointTeamServices
Fastcgi-Cache
X-Debug
Front-End-Https
X-Content-Security-Policy-Report-Only
X-T
X-Grace
X-Id
X-Kinsta-Cache
Filters
Cache-Tags
Server-Node
Edge-Cache-Tag
X-Forwarded-Proto
X-Accel-Expires
X-Logged-In
X-Forwarded-For
X-Amzn-Trace-Id
X-Yandex-Sdch-Disable
Server-Name
Nginx-Cache
X-XRDS-Location
Surrogate-Key
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Varnish-Age
X-Cache-Key
X-Correlation-Id
TP-Cache
TP-L2-Cache
X-B3-Sampled
X-DynaTrace
X-Microsite
X-Hits
X-Request-Received
X-Request-Processing-Time
X-Request-Handler-Origin-Region
X-Ser
X-DIS-Request-ID
Powered-By-ChinaCache
X-Shield-Request-Id
X-AppVersion
X-Activity-Id
X-Az
X-Amz-Replication-Status
X-Server-ID
X-HS-Hub-Id
X-F-Cache
X-HS-Combine-CSS
X-HS-Content-Id
X-HS-Cache-Config
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-Origin-Server
Accept-Charset
X-Git-Hash
X-FTR-Request-ID
X-Hostname
X-Respond-Thread
X-Geo-Country
X-LB-Cache
X-Upgrade-Enabled
X-DataDome
X-Rid
Section-Io-Cache
X-XRDS-LOCATION
X-Frontend
Access-Control-Allow-Method
X-Cache-Age
Alternate-Protocol
Cache
X-Mobile-URL
Host
Cleartype
MS-CV
Paypal-Debug-Id
Healthy
X-Type
X-Content-Options
X-IPLB-Instance
X-Ruxit-Js-Agent
X-WebKit-CSP-Report-Only
ServerID
X-AOL-HN
X-Whom
X-App-Environment
Payment
X-Varnish-Backend
X-Request-Guid
X-Flags
X-B-Cache
X-Route-Name
X-Is-Crawler
X-Aspnet-Duration-Ms
X-Cache-Action
X-Signature
X-Seen-By
X-Providence-Cookie
X-VCache
X-TT
X-Debug-Info
Fastcgi-Useragent
X-Page-Id
X-Jobs
X-NWS-LOG-UUID
X-N
X-Source
X-Mobile
X-Time
X-Erf-Bev-Bev
X-Browser-Type
X-Erf-Bev-Bev-Is-Generated
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Load-Cache
X-TEC-API-VERSION
X-RateLimit-Remaining
X-Via-JSL
X-Cached-By
X-Daa-Tunnel
X-Akamai-Edgescape
X-FB-Debug
Version
Nel
X-Litespeed-Cache
X-Cache-Operation
X-Cache-Rule
Viewport
Refresh
X-Response-Served-From
X-Rule
X-Accel-Buffering
X-Original-Request-Id
DynaTrace
X-Framework
X-Proxy
X-Zen-Fury
DC
X-Drupal-Cache-Tags
X-Instance
X-Cacheable-TTL
X-ProcessESI
GEO-INFO
X-RTag
Ms-Operation-Id
X-RemovedCookies
X-Fastcgi-Cache
X-Tt-Trace-Tag
X-Tt-Trace-Host
Access-Control-Request-Headers
Realpath
X-Real-IP
X-Cache-Time
X-Wix-Request-Id
X-Contextid
X-Region
X-HTML-Minification-Powered-By
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-UUID
X-Page-View
Referer-Policy
Node
X-FW-Dynamic
X-FW-Serve
X-FW-Server
X-FW-Static
X-FW-Type
X-FW-Hash
X-Drupal-Cache-Contexts
VIX-Pulpo-Upstream-Status
X-Cache-Expired-At
X-Distributor
Countrycode
VIX-Pulpo-Node
X-B
X-Environment-Context
X-L-Path
Eomportal-Instance
X-Cluster-Name
Liferay-Portal
X-Tumblr-Pixel
X-Tumblr-User
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
X-Node-Name
X-G
X-Cache-Control
X-Content-Powered-By
X-IPS-LoggedIn
X-Cache-Hit
X-User-Agent
X-Tumblr-Pixel-2
Webserver
Server-Info
X-Ratelimit-Limit
X-Pass-Why
X-Amz-Meta-S3cmd-Attrs
From-Origin
X-App-Server
X-Varnish-Ttl
Section-Origin-Responded
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
Section-Io-Id
Protected
SRV
X-Protected-By
X-FireWall-Port
Ec-Rule-Version
X-Revision
X-Backend-Name
X-Oracle-Dms-Rid
X-Cache-Server
Frame-Options
Cache-Status
CF-IPCountry
X-Handled-By
Meta-Geo
X-Hl-Ver
X-RN-RSRV
X-Hyper-Cache
X-Www-Served-By
X-Mode
X-UPSTREAM-Address
X-ES-SERVER
X-Forwarded-Host
X-FB-TRIP-ID
X-Storage
X-NYM-Debug-Backend
X-Endurance-Cache-Level
X-Site-Version
Retry-After
X-Soup
X-Locale
X-Be
X-Cache-Grace
X-Human
Cache-Tv-Group
Decoy-Debug-Key
Fastly-SSL
X-Pubstack
Decoy-Debug-TTL
Decoy-Debug-Status
Country
X-Varnishpool
X-Web-Node
Azure-SiteName
Azure-RegionName
Azure-InstanceId
Azure-SlotName
X-Format
Cache-Name
Azure-Version
X-SayCDN-TTL
Property-Id
X-Uri
X-UA-Device-Type
X-Redis-Cache
X-ProxyCache-Status
X-ProxyCache-Key
Webcakes-App-Name
Webcakes-Region
X-Access
X-BYPASS-REASON
X-Say-Cacheable
X-Timing-Wait
X-Say-TTL
X-TT-LOGID
TWC-Privacy
TWC-Locale-Group
Selected-Fe
X-PCL
X-Origin-Hint
X-Origin-Date
X-Labrador-Cache-Channel
X-OCL
X-PHP-Host
TWC-Connection-Speed
X-Proxy-Build
TWC-GeoIP-LatLong
TWC-GeoIP-Country
X-Proto
TWC-Device-Class
X-Section
Webcakes-App-Version
X-Tec-Api-Origin
X-Adobe-Loc
X-Tec-Api-Root
X-Adobe-Content
X-Tec-Api-Version
X-S-Maxage
X-Sql-Count
X-Via-Fastly
X-Server-W
X-WA-Info
X-PERF
X-Via-CDN
X-ApacheServer
X-AIR-PT
X-No-Session
X-Sql-Duration-Ms
X-FW-Version
X-R9-Blue-Green-Version
Xserver
X-LJ-Flow-ID
X-Hosted-By
X-Loop
X-AWS-Id
X-LAGOON
X-TNCMS
X-VWS-Id
X-Request-Time
S-Cnection
X-FTR-Cache-Status
X-FTR-DC
Mn-Server-Ip
X-Country-Code-Real
X-FTR-Backend
X-FTR-Balancer
X-FTR-Realm
X-Cluster
X-FTR-Backend-Server
X-Qloud-Router
X-MP-GENERATED-AT
X-Status
X-Sorting-Hat-ShopId
X-Alternate-Cache-Key
X-Storefront-Renderer-Rendered
X-CCM
X-Sorting-Hat-PodId
X-Shopify-Stage
X-ShopId
X-ShardId
X-Cache-TTL-Remaining
X-Proxied
X-Zipkin-Id
X-Routing-Service
X-Ratelimit-Remaining
Cache-Hits
X-FTR-Expires
X-Rendered-As
X-Is-Bot
X-Xfnlog-Site
X-Dynatrace
X-Dc
X-Device-Type
X-Unique-Id
X-Cache-Var
X-Cache-Var-Map
X-Air-Hostname
AMP-Access-Control-Allow-Source-Origin
X-EdgeConnect-Cache-Status
X-Nginx-Cache
X-Detected-As
Apigw-Requestid
X-Info
X-Webkit-Csp
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Cache-Host
X-Amzn-Remapped-Content-Length
X-Cdn
X-Microcachable
X-Debug-IsConnected
X-Debug-IsPreview
X-SRV
X-Cache-Enabled
X-APP-VERSION
X-Content-Age
SD-X-WS
X-Varnish-Grace
X-GEO
X-Platform
X-Varnish-Server
Amp-Access-Control-Allow-Source-Origin
Tracecode
X-Correlation-ID
X-Time-Microsecs
X-Backend-TTL
X-Azure-Ref
X-Backend-Host
X-GG-Cache-Date
X-DynaTrace-JS-Agent
X-Cache-Backend
Uber-Trace-Id
X-ServerID
X-Erf-Stays-Bingo-Pdp-Web
DSUID
X-Proxy-Cache-Status
X-NewRelic-App-Data
X-Tb
X-BCube-Filmed-By
X-Oss-Object-Type
X-Oss-Request-Id
Akamai-GRN
X-Oss-Server-Time
X-Oss-Storage-Class
X-Oss-Hash-Crc64ecma
X-ATG-Version
X-CSRF-Token
X-Sucuri-ID
PB-PID
PB-RID
X-Trace-Id
Arc-Version
Backend
ServedBy
X-Magnolia-Registration
Fastcgi-X-Cache-Version
DCR-Decision-By
Expiry
Path
DCR-Processing-Time-Ms
BehaviorPad-Version
Meta-Geo-Continent
Mobile-Detection-Method
Machine
Odigeo-Trace-Id
Lfy
Instruction
MD5-Digest
X-A
X-CF-Lambda-Fn
X-Varnish-Hostname
Thinkindot-CacheControl
X-A-Dcw
X-Varnish-Cache-Hits
X-A-Dgt
Thinkindot-CacheControl-Type
Thinkindot-Control
X-Cache-NGX
X-A-Ccd
X-A-Dam
X-Cache-PHP
X-A-Wwc
X-Aed
Rendered-Blocks
Release
Pramga
X-RCS-CacheZone
X-B-Cookie
X-ARC
T-Server
X-Application
SR-User-Adfree
X-Cache-NE
X-Generated-On
X-Location
X-Matched-Rule
X-Origin-CC
X-Origin-TTL
X-Level-Front-Cache
X-Thinkindot-L3
X-Vdms-Path
X-GeoIP-City
X-ScT
X-Trv-Group
X-CF-Lambda-Version
X-SRCache-Key
X-Rojux
X-S
X-S-Cookie
X-Session-Fingerprint
X-Rewrite-Enabled
X-Request-UUID
X-PAYTM-SRV-ID
X-PBS-Appsvrname
X-Processor
X-Vdms-Version
X-Origin-Response-Time
X-Destination
X-Device-Os
X-External-Request-Id
X-D
X-Vtex-Processado-Em
Xc-Version
X-Connection-Hash
X-Vtex-Remote-Cache
X-From
X-Fetched-On
X-VG-WebServer
X-Generation-Time
X-VG-WebCache
X-Akamai-Transformed
X-Sn-Servicetimems
X-Skip-Cache
Host-ID
Pagetype
X-Tumblr-Pixel-3
X-User
X-VServer
X-SVT-ORM-VERSION
X-Swa-Ws
X-Thanos
L5d-Success-Class
Gh-Request-Id
HA-Ipaddr
Fastly-Backend-Name
X-SVT-ORM-RULES
Ha-Gx-Prefs
X-OVcl-Cache
X-Cache-Bucket
X-Generated-In
Cf-Device-Type
X-Bip
X-Geo-Header
X-Cache-Date
X-FC-Vary-Parameters
X-Cdn-Origin
X-CGP
X-Csrf-Jwt
X-Eu-Site
X-Cache-Info
X-GeoIP
X-Azure-Ref-OriginShield
X-OVcl
X-Node-Id
X-Owner
UCS
X-Reqid
X-Mvc-Supplant-Cachable
X-Micro-Cache
X-HS-Content-Campaign-Id
X-Has-Esi
X-Irp-Debug
X-Is-Gdpr
X-JWT-State
Ssr
X-Backend-State
CacheControlHeader
X-Ms-Request-Id
Cache-Host
C-Via
AKAMAI
X-Debug-Cache
X-NWS-UUID-VERIFY
X-Ms-Version
DB-Nickname
Sever-Int
Server-Hostname
X-Developers
X-CUA
V-Age
X-Wikidot-Static-Cache
Server-Host
Server-Ext
On-Server
User-Cache-Control
PFcat
X-Policy
Wxu-Next-Commit
X-TrackingId
X-Developer
X-Generated-By
X-B3-Traceid
X-Nginx-Cache-Key
X-Var-Ttl
X-IP
X-Cache-Tags
X-HN
X-Wikidot-Backend
X-Origin-Expires
X-Cms-Context
X-VarnishDD-TTL
Wxu-Next-Hostname
Wxu-Next-Region
X-Clientip
NGX
X-Varnish-Hits
X-Adobe-Source
X-Request-URI
Magicmarker
Content-Disposition
X-Fastly-Backend
CloudFront-Viewer-Country
Locid
X-Request-Host
X-Cache-Remote
X-Scheme
L
X-Servername
X-Branch-Name
X-TA-CDN-Provider
X-Hnp-Log
X-Variation
X-DPWN-IS-SECURE
X-Block-Status
X-TX-ID
X-Method
NM-Fastcgi-Cache
X-Loc
X-LI-UUID
X-Li-Fabric
X-Li-Pop
X-Cache-Expires
X-SIPLIST1
Cf-Bgj
X-Core-Value
X-Gen-Mode
X-Varnish-CookieINHashed-On
X-DefElseHash
X-Varnish-CookieHashed-On
X-DefHash
X-Varnish-Remaining-TTL
X-Clara-WADP
X-NU-AKA-ACS-Version
HostName
X-Gzip
X-GoCache-CacheStatus
X-Varnish-Beresp-Grace
X-Fastly-Cache
X-Dispatcher-Server
X-Cache-Id
X-Envoy-Decorator-Operation
Apple-News-Services-Host
X-Fmm-Version
X-WADP-Cache
IsBot
X-Esi-Check
True-Client-Country-4JS
Apple-News-Services-Handled
Adler-Geo
Origin
X-Request-Start
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
Platform
Is-Eu
Location
Apple-News-Services-Request-Url
X-Origin
Fastly-SIE
Fastly-SWR
Web-Mar-Node
CDCHOST
Apple-News-Services-Parsed-Url
X-Old-Content-Length
Vix-Hermes-Req-Id
X-NC
X-ID
CDN-PullZone
CDN-RequestId
X-Slack-Backend
Fastly-Drupal-HTML
X-Platform-Server
CDN-Uid
X-Ratelimit-Reset
CDN-Cache
X-NAPM-TraceId
X-VG-TLSProxy
X-Gamma-Serve
X-Cache-Debug
CDN-EdgeStorageId
X-Varnish-Beresp-Ttl
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Hash
X-Varnish-Beresp-Status
CDN-CachedAt
CDN-RequestCountryCode
X-B3-Spanid
Rt-Fastcgi-Cache
Url
X-Core-Mission
X-PF-Uncompressing
X-Host-Name
X-Varnish-Url
X-EC-Lua
X-NCache
CACHE
X-Cdn-Forward
X-Response-By
S-Rt
X-Varnish-Cacheable
X-Aicache-OS
X-Mvc-Supplant-OutputCached
X-B3-SpanId
Sid
X-App-Version
X-CS
X-Refresh
Xkeyi7
X-LB-ID
X-Proxy-Cachei7
X-CACHE-GROUP
Cross-Origin-Window-Policy
N-Cache
Pics-Label
X-BBXSRF
Ohc-File-Size
Content-Secure-Policy
X-FireWall-Protection
Esi-Enabled
X-CDN-Forward
X-Via-Popn
X-Via-Poph
X-Sucuri-Cache
X-Cache-2
X-Via-Popv
X-Cc-Req-Id
X-Cc-Via
X-Contensis-Viewer-Groups
D-Cc-Upstream
X-Cs
X-Varnish-Authentication
X-Epic-Correlation-Id
Cteonnt-Length
X-Srv
X-Cache-ASPX
X-TraceId
X-Svr
Source
X-Error
X-Tb-Optimization-Total-Bytes-Saved
X-Nc
X-Wa
Who
X-Unique-ID
MIME-Version
Req-Svc-Chain
GeoIp-Country-Code
Country-Code
X-Servedbyhost
Geoip-Latitude
X-Server-IP
X-Webkit-CSP-Report-Only
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-HS-Status
HitType
X-Nyt-Route
X-Gdpr
X-DC
X-Cache-Config
X-API-Version
X-Planisys-CDN-TTL
X-FPC
X-Origin-Time
X-RateLimit-Limit
X-VC
X-SN
Server-Ttl
X-LiteSpeed-Cache-Control
Ohc-Cache-HIT
X-Fastly-Request-Id
Hostname
X-URL
X-TIME
X-NGINX-Cache
XServer
X-LI-Proto
Cmsid
Cmstype
X-Webstats-RespID
X-NodeID
Svr
Kp-EeAlive
X-SB
X-CACHE-KEY
Geo-Info
Server-ID
X-Served-From
X-VCL-Version
X-Esi
X-Check-Cacheable
Viewtype
VivaBuild
X-SD-PageType
Cache-Key
X-Ua
X-Viewer-Country
A
X-Render-Time
X-Vgn-Hpd-Reason
X-Vcl-Version
NtCoent-Length
X-HOST
X-BBC-Edge-Cache-Status
M-TraceId
X-Hcs-Proxy-Type
X-Li-Proto
EpKe-Alive
X-CCDN-Origin-Time
SID
Request-ID
X-CCDN-CacheTTL
Server-Id
X-UA
Cache-Provider
X-TIM-N
TDXMobile
Cross-Origin-Opener-Policy
X-RSL
X-RAMCache
X-Air-Source
X-RPS
Arc-Country
X-CF-Powered-By
Resin-Trace
X-Worker
X-RPM
X-Auto-Login
X-DW
X-DI
X-DB
X-DSS
X-Ftr-Cache-Host
Filterid
ProcessTime
Upgrade-Insecure-Requests
X-Internal-Host
GeoIP-Latitude
GeoIP-Country-Code
X-App
X-Dynatrace-Js-Agent
X-CSRF-TOKEN
X-Action
Srv
X-ServedByHost
X-Vc
CDN
Mime-Version
Processtime
X-Cluster-Node
X-FTR-Cache-Host
X-Newrelic-Synthetics
Tcn
X-WA
Proxy-Connection
X-Fpc
X-Service
X-Oss-Cdn-Auth
NGB
CF-Cached-On
X-CLOUD-TRACE-CONTEXT
DataCenter
X-BBC-Origin-Response-Status
Datacenter
X-FORWARDED-FOR
X-Geo
OT-Force-Account-Verify
X-HostName
X-HITS
X-ND-Cache
WZWS-RAY
X-Via-NSCOPI
X-Via-PopN
X-Via-PopH
X-BACKEND-TTL
X-JoinUs
X-MSEdge-Flight
FSS-Cache
X-Forwarded-Site
X-MSEdge-Features
X-Akamai-Pragma-Client-IP
X-NGENIX-Cache
X-PHP-Backend
X-Via-PopV
X-SaId
Cdn
X-Fastly-Backend-Reqs
X-Dw-Trace-Id
PICS-Label
X-CACHE-AGE
X-Extlb
X-Cdn-Request-ID
X-Edge-Location
X-Client-Ip
X-IN-APIGATEWAY
X-Lb-Id
W
X-Cache-Tag
X-Hello
X-Flog
Dnion-Transfer-Encoding
X-IN-APIGATEWAYSSL
X-ABtesting
X-Parent-Response-Time
X-Provided-By
X-Swift-Error
X-Bc-Bl
Vha6-Origin
X-RateLimit-Remaining-Second
X-Pad
X-UnsetCookies
X-RateLimit-Limit-Second
X-Pf-Uncompressing
X-Date
Surrogated-Key
X-PJAX-URL
X-Req
X-Depends-On
X-VC-Cache
Media-Length
We-Hiring
Memcached
Mail-Subject
Epwk-X-Cache
X-Oracle-DMS-ECID
X-Proxy-Upstream
X-Accel-Expires-Debug
X-Region-Sid
X-Presslabs-Stats
LB
Memory
Xet-Cookie
X-Sigma-Backend
Time
X-Sigma
X-Rocket-Build-Number
URI
Env
X-ZONE
X-LiteSpeed-Tag
X-MiniProfiler-Ids
X-Zone
Cf-Ipcountry
X-Request-Url
X-Varnish-Beresp-TTL
X-Akamai-ERPolicy
X-Akamai-ERRuleID
X-Varnish-URL
X-Request-URL
X-Air-Trace-Id
X-ElasticPress-Query
X-Acquia-Application-UUID
X-Acquia-Application-Trace
X-Amz-Meta-Cb-Modifiedtime
X-Ms-Meta-Staticbatchstarttime
X-Vcache
X-Acquia-Purge-Tags
X-ElasticPress-Search
X-Ms-Meta-Originalurl
X-Akamai-Request-ID
X-B3-Parentspanid
X-APP
X-Acquia-Site
X-Csrf-Token
X-Men
CountryCode
X-Tid
Inserted-Into-Cache-At
NnCoection
X-Redis-Duration-Ms
X-Snapshot-Date
X-Via-SSL
X-C
X-Redis-Count
Environment
X-ServerName
X-Via-Edge
X-Storefront-Renderer-Verified
X-Traceid
X-Acc-Rdl
Phost
Ohc-Response-Time
X-Debug-Cache-Fetch
Content-Script-Type
Content-Style-Type
X-Acc-Debug-Context
X-Litespeed-Cache-Control
Edge-Copy-Time
X-Debug-Cache-Store