Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-RAY
CF-Cache-Status
X-XSS-Protection
Accept-Ranges
Link
Pragma
ETag
Expect-CT
X-Powered-By
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
Alt-Svc
X-UA-Compatible
X-Served-By
X-Timer
X-Request-Id
X-Download-Options
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-Runtime
X-AspNet-Version
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Permitted-Cross-Domain-Policies
X-Check
X-Xss-Protection
X-Cache-Status
X-Generator
X-DNS-Prefetch-Control
X-Cacheable
Timing-Allow-Origin
X-FRAME-OPTIONS
X-Content-Security-Policy
X-Ua-Compatible
X-Iinfo
Content-Encoding
X-CDN
X-Request-ID
Feature-Policy
X-AspNetMvc-Version
Status
X-Envoy-Upstream-Service-Time
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
Upgrade
Access-Control-Max-Age
X-Via
Keep-Alive
X-Ws-Request-Id
X-Age
X-AH-Environment
X-Robots-Tag
X-Turbo-Charged-By
EagleId
Request-Context
X-Proxy-Cache
X-Cache-Group
Server-Timing
X-Server
X-Backend
X-Hacker
Host-Header
X-Server-Powered-By
Report-To
X-Amz-Request-Id
X-Nginx-Cache-Status
Grace
X-Amz-Id-2
X-UA-Device
X-Dns-Prefetch-Control
X-Rq
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-LiteSpeed-Cache
X-Page-Speed
Cf-Railgun
X-Pingback
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-OneAgent-JS-Injection
X-Device
X-CST
X-Amz-Version-Id
NEL
X-Cache-Spec
Allow
X-Host
X-Vhost
X-Backend-Server
X-WebKit-CSP
X-ASPNET-VERSION
Xkey
X-Server-Id
X-Dispatcher
EagleEye-TraceId
Surrogate-Control
X-Node
Request-Id
X-Response-Time
Content-Location
X-Akam-SW-Version
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
P3p
X-Cache-Lookup
X-Application-Context
Accept-CH
X-Country
X-Ac
X-Ruxit-JS-Agent
Accept-Ch-Lifetime
X-Mod-Pagespeed
X-Cloud-Trace-Context
X-Template
Accept-Ch
X-Readtime
X-Language
X-B3-TraceId
MS-Author-Via
X-HW
Rating
Accept-CH-Lifetime
X-Url
X-Cnection
X-MS-InvokeApp
X-Origin-Cache
X-Vname
X-TtlSet
X-PC
Edge-Control
X-Clacks-Overhead
X-ESI
X-GitHub-Request-Id
X-Trace
Display
X-Middleton-Response
X-Sol
X-Middleton-Display
Response
Pagespeed
X-Content-Type
X-D2id
Verso
Arr-Disable-Session-Affinity
X-ORACLE-DMS-RID
X-Kinja-Build
X-Exp-Variant
X-Kinja-Revision
X-Cdn-Fetch
X-Use-Magma
X-Kinja-Server
X-Kinja
X-GoogleNews-Bot
X-Exp-Id
X-Varnish-TTL
X-ORACLE-DMS-ECID
X-Vcap-Request-Id
X-Goog-Hash
X-Powered-By-Plesk
X-Country-Code
X-Rack-Cache
X-Webkit-CSP
X-Navigation-Version
X-VARITI-CCR
X-Server-Name
Service-Worker-Allowed
X-Oneagent-Js-Injection
X-Amz-Rid
X-TTL
X-Abt-Application-Version
X-Fastly-Request-ID
Fastly-Restarts
X-Client-IP
X-Buckets
X-Cached
X-Cache-TTL
X-FastCGI-Cache
X-MSEdge-Ref
X-Release
X-Element-Page-Cache
X-Dw-Request-Base-Id
X-NF-Request-ID
SPRequestGuid
X-SharePointHealthScore
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
Public-Key-Pins
SPRequestDuration
SPIisLatency
Access-Control-Request-Method
RTSS
Cache-Tag
Pinterest-Generated-By
X-Pinterest-Rid
Pinterest-Version
X-Edge
AR-PoweredBy
Ar-Sid
AR-CACHE
AR-ATIME
AR-Request-ID
X-Powered-CMS
X-Ezoic-Cdn
X-LLID
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Upstream
X-Ruxit-Js-Agent
X-Version
Content-MD5
X-Jurisdiction
X-HP-Webp
S
X-Recruiting
X-ECACHE
X-MCACHE
X-Mid
Charset
X-Origin-Upstream-Status
X-DynaTrace
X-Kinsta-Cache
X-Mg-S
X-PressLabs-Stats
X-Ttl
Fusion-Template-Id
Fusion-Content-Id
Fusion-Source
Fusion-Content-Source
Fusion-Component-Id
Fusion-Deployment-Id
X-T
X-Content-Digest
X-Px
Cache-Tags
Fastcgi-Cache
X-Accel-Expires
X-Litespeed-Cache
X-Fastcgi-Cache
X-Forwarded-Proto
X-Id
X-Logged-In
Filters
X-Content-Security-Policy-Report-Only
Server-Node
Edge-Cache-Tag
TCN
X-Amz-Server-Side-Encryption
TP-L2-Cache
TP-Cache
Server-Name
MicrosoftSharePointTeamServices
Front-End-Https
X-Forwarded-For
X-Grace
Nginx-Cache
X-Request-Received
X-Request-Processing-Time
X-Hits
X-Correlation-Id
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Amzn-Trace-Id
X-B3-Sampled
X-Shield-Request-Id
X-Request-Handler-Origin-Region
X-Microsite
X-Server-ID
X-Debug
X-AppVersion
X-Varnish-Age
X-Activity-Id
Alternate-Protocol
X-Az
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Combine-CSS
X-XRDS-Location
X-F-Cache
X-HS-Cache-Config
X-Amz-Replication-Status
X-Yandex-Sdch-Disable
X-Origin-Server
X-Goog-Generation
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
Surrogate-Key
X-NWS-LOG-UUID
Nel
X-Frontend
X-Ser
X-Rid
X-DIS-Request-ID
Accept-Charset
X-Cache-Age
Host
X-Geo-Country
X-XRDS-LOCATION
Section-Io-Cache
X-Git-Hash
X-Hostname
X-Time
X-RateLimit-Remaining
X-Daa-Tunnel
X-Respond-Thread
Access-Control-Allow-Method
X-VCache
X-Mobile-URL
X-Upgrade-Enabled
X-DataDome
MS-CV
ServerID
X-Type
X-LB-Cache
Paypal-Debug-Id
X-Source
X-AOL-HN
X-TT
X-Varnish-Backend
X-Seen-By
Cleartype
Payment
X-Cache-Action
Healthy
X-Content-Options
X-IPLB-Instance
X-Cache-Key
X-Signature
X-Whom
X-B-Cache
X-Debug-Info
X-Route-Name
X-Is-Crawler
X-Aspnet-Duration-Ms
X-Flags
X-Request-Guid
Realpath
X-Providence-Cookie
X-Page-Id
Cache
X-App-Environment
X-Load-Cache
X-Contextid
X-Jobs
X-N
X-FB-Debug
Fastcgi-Useragent
X-WebKit-CSP-Report-Only
X-FTR-Request-ID
X-Webkit-Csp
X-Erf-Bev-Bev-Is-Generated
X-Pinterest-Direct
X-Browser-Type
X-Erf-Bev-Bev
Node
X-Mobile
X-Rule
X-Cache-Expired-At
Refresh
X-Response-Served-From
X-Accel-Buffering
X-Original-Request-Id
DC
X-RTag
Ms-Operation-Id
X-Drupal-Cache-Tags
Version
X-Cacheable-TTL
Powered-By-ChinaCache
Viewport
X-Cluster-Name
X-Content-Powered-By
Access-Control-Request-Headers
X-Real-IP
X-RemovedCookies
Referer-Policy
X-ProcessESI
X-HTML-Minification-Powered-By
X-B
X-Framework
X-Proxy
X-Zen-Fury
X-Instance
VIX-Pulpo-Upstream-Status
X-IPS-LoggedIn
X-UUID
X-Wix-Request-Id
X-Distributor
X-Cache-Time
X-Region
X-FireWall-Port
X-Cache-Control
Eomportal-Instance
VIX-Pulpo-Node
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-Tec-Api-Origin
X-Tec-Api-Version
X-Page-View
X-Tec-Api-Root
X-Drupal-Cache-Contexts
Countrycode
X-Via-JSL
X-FW-Type
X-FW-Static
X-FW-Server
X-FW-Hash
X-FW-Serve
X-FW-Dynamic
X-Cache-Operation
X-Cache-Rule
X-Cached-By
X-G
Liferay-Portal
X-App-Server
X-Tumblr-Pixel
X-Yottaa-Optimizations
X-Tumblr-Pixel-1
X-Tumblr-User
X-Debug-IsConnected
X-Akamai-Edgescape
X-Tumblr-Pixel-0
X-Nginx-Cache
X-Debug-IsPreview
X-Yottaa-Metrics
Xserver
X-L-Path
X-Environment-Context
X-Pass-Why
X-Cache-Hit
X-Www-Served-By
SRV
X-Protected-By
Section-Io-Origin-Time-Seconds
Section-Io-Id
Section-Origin-Responded
Section-Io-Origin-Status
Server-Info
DynaTrace
X-Device-Type
X-Varnish-Grace
X-TEC-API-ROOT
X-User-Agent
X-TEC-API-VERSION
X-TEC-API-ORIGIN
CF-IPCountry
X-Tumblr-Pixel-2
From-Origin
GEO-INFO
X-Mode
Ec-Rule-Version
X-Adobe-Content
X-Adobe-Loc
Webserver
X-UPSTREAM-Address
Cache-Status
X-RN-RSRV
X-Endurance-Cache-Level
Meta-Geo
X-Varnish-Server
X-Hl-Ver
X-ES-SERVER
X-Handled-By
Retry-After
X-Backend-Name
Cache-Tv-Group
X-Varnish-Ttl
Frame-Options
X-Cache-Server
X-Request-Time
Country
X-Pubstack
X-Uri
X-MP-GENERATED-AT
X-Storage
X-ProxyCache-Key
X-Soup
Property-Id
X-BYPASS-REASON
Apigw-Requestid
X-Access
X-Section
X-Varnishpool
X-Format
Webcakes-Region
Webcakes-App-Version
TWC-Privacy
X-FB-TRIP-ID
Webcakes-App-Name
TWC-Locale-Group
TWC-Device-Class
X-ProxyCache-Status
TWC-Connection-Speed
TWC-GeoIP-Country
X-PCL
X-Origin-Hint
TWC-GeoIP-LatLong
Fastly-SSL
X-OCL
Decoy-Debug-Status
X-Server-W
X-S-Maxage
Decoy-Debug-Key
Mn-Server-Ip
X-R9-Blue-Green-Version
Decoy-Debug-TTL
X-PERF
X-Labrador-Cache-Channel
X-ApacheServer
AMP-Access-Control-Allow-Source-Origin
X-AWS-Id
X-Human
X-PHP-Host
X-NYM-Debug-Backend
X-No-Session
X-LJ-Flow-ID
X-Be
X-UA-Device-Type
Selected-Fe
X-Timing-Wait
X-Proxy-Build
X-VWS-Id
X-Via-Fastly
X-WA-Info
Azure-SlotName
Azure-Version
Azure-RegionName
Azure-InstanceId
X-LAGOON
Azure-SiteName
X-Info
Cache-Name
X-Zipkin-Id
X-Xfnlog-Site
X-Cache-TTL-Remaining
X-Routing-Service
X-Proto
X-Origin-Date
X-Proxied
Protected
X-Alternate-Cache-Key
X-Locale
X-SayCDN-TTL
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-Shopify-Stage
X-Ratelimit-Limit
X-Say-Cacheable
X-Status
X-GG-Cache-Date
X-Loop
X-Storefront-Renderer-Rendered
X-Say-TTL
X-ShopId
X-Sql-Count
X-Web-Node
X-Sql-Duration-Ms
X-TNCMS
X-ShardId
X-Redis-Cache
X-Hosted-By
X-Hyper-Cache
X-Proxy-Cache-Status
Uber-Trace-Id
X-Site-Version
X-TA-CDN-Provider
X-FW-Version
X-Cache-Enabled
X-Is-Bot
X-Rendered-As
X-Microcachable
X-Cluster
X-Content-Age
X-Dc
S-Cnection
X-Cache-Grace
X-AIR-PT
X-TT-LOGID
X-Forwarded-Host
X-NWS-UUID-VERIFY
X-Qloud-Router
X-Backend-Host
X-App-Version
X-CCM
X-Node-Name
X-Platform
X-Azure-Ref
X-Revision
X-Via-CDN
X-CSRF-Token
Cache-Hits
X-Aspnetmvc-Version
X-SRV
X-Trace-Id
Akamai-GRN
X-Correlation-ID
ServedBy
X-Varnish-Hostname
X-ATG-Version
X-Cache-NGX
X-Cache-PHP
X-Detected-As
X-Cache-Host
X-EdgeConnect-Cache-Status
X-Debug-Cache
X-RCS-CacheZone
X-Amz-Apigw-Id
X-Amzn-RequestId
Amp-Access-Control-Allow-Source-Origin
X-Amzn-Remapped-Content-Length
X-B3-SpanId
X-Ratelimit-Remaining
X-CS
DB-Nickname
HostName
X-FTR-Backend
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-Cache-Status
X-FTR-DC
X-FTR-Realm
X-TX-ID
SD-X-WS
X-Akamai-Transformed
X-CACHE-KEY
X-Country-Code-Real
X-Nc
X-BCube-Filmed-By
X-Oss-Request-Id
X-Oss-Server-Time
X-Time-Microsecs
Who
X-Adobe-Source
X-Unique-ID
X-Oss-Storage-Class
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-RateLimit-Limit
X-Ms-Request-Id
X-Ms-Version
Country-Code
X-A-Dcw
T-Server
X-A-Dam
Rendered-Blocks
X-A-Ccd
X-A
Expiry
DCR-Decision-By
DCR-Processing-Time-Ms
BehaviorPad-Version
X-Varnish-Beresp-Grace
X-Varnish-Cache-Hits
X-A-Dgt
Fastcgi-X-Cache-Version
Mobile-Detection-Method
Meta-Geo-Continent
MD5-Digest
Machine
Odigeo-Trace-Id
X-CF-Lambda-Version
X-S
X-S-Cookie
X-ScT
X-Rojux
X-Rewrite-Enabled
X-PBS-Appsvrname
X-Processor
X-Request-UUID
X-Session-Fingerprint
X-SRCache-Key
X-VG-WebServer
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
X-VG-WebCache
X-Vdms-Version
X-Trv-Group
X-Vdms-Path
X-PAYTM-SRV-ID
X-Owner
X-CF-Lambda-Fn
X-Connection-Hash
X-D
X-Cache-NE
X-B-Cookie
X-Aed
X-Application
X-ARC
X-Destination
X-External-Request-Id
X-NAPM-TraceId
X-Origin-CC
X-Origin-TTL
X-Location
X-Level-Front-Cache
X-From
X-Generation-Time
X-A-Wwc
X-Generated-On
X-Backend-TTL
X-ServerID
X-Amz-Meta-S3cmd-Attrs
Backend
X-Fetched-On
Magicmarker
X-Magnolia-Registration
On-Server
Pagetype
X-DynaTrace-JS-Agent
Path
Gh-Request-Id
CacheControlHeader
Cache-Host
AKAMAI
Xc-Version
X-GeoIP-City
Content-Disposition
Release
Fastly-Backend-Name
X-Geo-Header
Host-ID
Server-Host
X-Cms-Context
Wxu-Next-Region
Wxu-Next-Hostname
X-Tumblr-Pixel-3
Tracecode
X-Cache-Bucket
X-Bip
X-Air-Hostname
Wxu-Next-Commit
V-Age
Ssr
X-Developers
X-Varnish-Beresp-Ttl
X-Core-Value
Thinkindot-CacheControl
UCS
Thinkindot-Control
Thinkindot-CacheControl-Type
X-Device-Os
X-Generated-In
X-Swa-Ws
X-OVcl-Cache
X-Reqid
X-Policy
X-B3-Traceid
X-OVcl
X-Thanos
X-TrackingId
X-Thinkindot-L3
X-EC-Lua
X-NewRelic-App-Data
X-Varnish-Beresp-Status
X-FTR-Expires
Filterid
Server-Ext
Sever-Int
X-Csrf-Jwt
X-Developer
Server-Hostname
PFcat
NM-Fastcgi-Cache
X-Eu-Site
Cf-Device-Type
Arc-Version
Origin
X-Cdn-Forward
X-Dispatcher-Server
X-Envoy-Decorator-Operation
X-Request-URI
X-Ratelimit-Reset
X-VarnishDD-TTL
X-SVT-ORM-VERSION
X-FC-Vary-Parameters
X-CGP
X-Has-Esi
PB-RID
X-Azure-Ref-OriginShield
X-Branch-Name
X-Cache-Debug
X-Backend-State
X-Cache-Info
X-Is-Gdpr
PB-PID
X-Varnish-Hits
X-Fastly-Cache
True-Client-Country-4JS
X-Scheme
Vix-Hermes-Req-Id
X-Skip-Cache
X-JWT-State
X-SVT-ORM-RULES
X-User
X-Var-Ttl
X-VG-TLSProxy
NGX
CDN-PullZone
CDN-EdgeStorageId
CDN-CachedAt
CDN-Cache
CDN-RequestCountryCode
CDN-RequestId
X-GeoIP
X-Mvc-Supplant-Cachable
X-Micro-Cache
CDN-Uid
CDCHOST
X-Method
X-HN
X-HS-Content-Campaign-Id
X-Irp-Debug
X-IP
X-Sucuri-ID
Apple-News-Services-Handled
C-Via
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
DSUID
Cf-Bgj
HA-Ipaddr
Ha-Gx-Prefs
Location
X-Origin
L
L5d-Success-Class
X-Nginx-Cache-Key
Locid
Esi-Enabled
X-Tb
X-Unique-Id
X-ID
User-Cache-Control
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Hnp-Log
X-WADP-Cache
X-Hash
X-Fmm-Version
X-Cache-Id
X-Gzip
Platform
X-LB-ID
X-Old-Content-Length
Is-Eu
X-Gen-Mode
X-Origin-Response-Time
X-Generated-By
X-Request-Host
X-Cache-Tags
X-Wikidot-Backend
IsBot
X-Esi-Check
X-Wikidot-Static-Cache
Fastly-SWR
X-Clara-WADP
X-Gamma-Serve
Fastly-SIE
Adler-Geo
X-Li-Pop
Web-Mar-Node
X-SIPLIST1
X-Variation
X-Li-Fabric
X-Varnish-CookieHashed-On
X-LI-UUID
X-Rebelmouse-Surrogate-Control
X-Origin-Expires
X-NU-AKA-ACS-Version
X-Platform-Server
Fastly-Drupal-HTML
X-Rebelmouse-Cache-Control
X-Node-Id
X-GoCache-CacheStatus
X-VServer
X-DefElseHash
X-Clientip
X-GEO
X-Block-Status
X-DefHash
X-DPWN-IS-SECURE
X-Fastly-Backend
X-Varnish-CookieINHashed-On
X-Epic-Correlation-Id
X-Varnish-Remaining-TTL
X-Aicache-OS
X-Cache-Var-Map
X-Cache-Var
Rt-Fastcgi-Cache
Instruction
X-Slack-Backend
X-Loc
X-Varnish-Url
SR-User-Adfree
X-APP-VERSION
X-Via-Popn
X-PF-Uncompressing
X-CUA
X-Mvc-Supplant-OutputCached
Pics-Label
X-Planisys-CDN-TTL
X-Via-Poph
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-Via-Popv
Geo-Info
X-Matched-Rule
Cmstype
Cmsid
Req-Svc-Chain
NGB
Url
X-Refresh
Lfy
X-Servername
Kp-EeAlive
X-Cache-Expires
CloudFront-Viewer-Country
X-Cache-Backend
X-Served-From
Svr
Sid
Pramga
X-Webkit-CSP-Report-Only
X-Srv
X-Cdn-Origin
X-Sn-Servicetimems
A
X-NCache
Viewtype
VivaBuild
M-TraceId
X-TraceId
X-Vgn-Hpd-Reason
MIME-Version
X-Core-Mission
X-Cache-Date
X-Tb-Optimization-Total-Bytes-Saved
Cache-Key
Cross-Origin-Opener-Policy
Arc-Country
X-CLOUD-TRACE-CONTEXT
Server-ID
DataCenter
X-JoinUs
X-SaId
TDXMobile
X-PHP-Backend
X-NGENIX-Cache
SID
X-Request-Start
X-Edge-Location
X-Servedbyhost
X-Error
X-DC
X-Vc
X-FireWall-Protection
Source
X-Server-Lifecycle-Phase
X-NC
X-Instrumentation
X-Kraken-Loop-Name
X-Kraken-Routeconfig-Destination
X-Wa
Content-Secure-Policy
X-Edge-Location-Klb
X-Service
Tcn
X-Varnish-Cacheable
X-CDN-Forward
X-Geo
NtCoent-Length
X-Internal-Host
GeoIp-Country-Code
X-Vcl-Version
Geoip-Latitude
X-Response-By
X-Air-Source
X-HS-Status
X-Extlb
X-B3-Spanid
X-LI-Proto
X-Proxy-Cachei7
Xkeyi7
FSS-Cache
X-Bc-Bl
X-Esi
X-VHOST
CACHE
N-Cache
Server-Ttl
Resin-Trace
X-BBXSRF
HitType
X-Forwarded-Site
X-HOST
X-LiteSpeed-Cache-Control
X-Cache-2
X-Req
X-Via-NSCOPI
X-Proxy-Upstream
Request-ID
X-CCDN-CacheTTL
X-PJAX-URL
Memcached
X-Li-Proto
LB
X-RAMCache
X-CCDN-Origin-Time
X-Hcs-Proxy-Type
Surrogated-Key
S-Rt
X-VC-Cache
D-Cc-Upstream
X-RSL
X-Accel-Expires-Debug
X-Date
We-Hiring
X-TIM-N
X-Newrelic-Synthetics
Mail-Subject
X-RPS
X-DB
X-DSS
X-DW
X-RPM
X-VCL-Version
X-DI
X-Cc-Via
GeoIP-Latitude
X-Cache-ASPX
X-Cc-Req-Id
X-Varnish-Authentication
X-Svr
GeoIP-Country-Code
X-Viewer-Country
X-Contensis-Viewer-Groups
X-Cache-Remote
Upgrade-Insecure-Requests
Hostname
X-RateLimit-Limit-Second
X-Rocket-Build-Number
X-Sigma
X-APP
Env
Cteonnt-Length
X-WA
X-Sigma-Backend
X-RateLimit-Remaining-Second
X-UA
X-App
X-Cs
XServer
X-ServedByHost
X-Server-IP
ProcessTime
Cross-Origin-Window-Policy
Ohc-File-Size
X-MSEdge-Features
X-ZONE
X-MSEdge-Flight
Memory
Time
X-Men
X-Sucuri-Cache
X-Air-Trace-Id
X-Action
CF-Cached-On
X-Zone
X-HostName
X-Erf-Stays-Bingo-Pdp-Web
X-Nyt-Route
X-Origin-Time
X-API-Version
X-Cache-Config
X-Oss-Cdn-Auth
X-Fpc
Server-Id
X-Region-Sid
X-FPC
X-Gdpr
X-Provided-By
X-Swift-Error
X-Dynatrace-Js-Agent
X-Host-Name
X-NodeID
Mime-Version
W
Cache-Provider
X-SN
X-Depends-On
VNS-Cache
X-CF-Powered-By
VNS-Age
CPC-Age
X-VC
CPC-Cache
X-FORWARDED-FOR
X-Check-Cacheable
X-Cdn-Request-ID
Srv
Ohc-Cache-HIT
State
CDN
My-App
Fastcgi-Cache-TTL
X-Webstats-RespID
X-Ftr-Cache-Host
X-UnsetCookies
X-CSRF-TOKEN
X-SD-PageType
X-BACKEND-TTL
X-TIME
X-URL
X-SB
X-Dw-Trace-Id
X-Xrds-Location
X-Client-Ip
X-ServerName
X-Akamai-Pragma-Client-IP
Cf-Ipcountry
X-Flog
X-ABtesting
X-Fastly-Request-Id
X-Hello
Proxy-Connection
Cdn
X-Mg-Request-UUID
X-Parent-Response-Time
X-BBC-Edge-Cache-Status
X-Fastly-Backend-Reqs
X-Minions-Version
X-Pf-Uncompressing
X-Render-Time
X-Presslabs-Stats
X-Oracle-DMS-ECID
Media-Length
X-NGINX-Cache
X-Snapshot-Date
Vha6-Origin
EpKe-Alive
X-Pad
Dnion-Transfer-Encoding
X-Cache-Tag
X-LiteSpeed-Tag
X-Air-Pt
PICS-Label
X-Cache-Type
X-ElasticPress-Search
Epwk-X-Cache
X-Acquia-Site
X-Via-PopH
X-Via-PopN
X-Acquia-Application-Trace
OT-Force-Account-Verify
X-Acquia-Purge-Tags
X-Via-PopV
X-Acquia-Application-UUID
Warning
X-BBC-Origin-Response-Status
X-Tenant
X-Forwarded-Path
X-Orig-Expires
X-Cluster-Node
X-ND-Cache
X-Varnish-URL
X-Request-URL
X-Shop-Environment
Processtime
X-MiniProfiler-Ids
X-Traceid
X-Ms-Meta-Staticbatchstarttime
X-Lb-Id
X-Ms-Meta-Originalurl
X-Vcache
X-ElasticPress-Query
X-Akamai-ERRuleID
Xet-Cookie
X-Varnish-Beresp-TTL
X-Akamai-ERPolicy
X-Auto-Login
X-Worker
X-Ua
CountryCode
X-Apw-Hits
X-Apw-Access-Object
X-Apw-Access-Token
X-Apw-Access-Action
X-Mg-Request-Id
X-Yottaa-OS
WZWS-RAY
X-B3-Parentspanid
X-Ftr-Request-Id
X-Cache-Status-Check
Content-Script-Type
X-Redis-Count
X-Debug-Cache-Store
X-Debug-Cache-Fetch
Inserted-Into-Cache-At
X-Storefront-Renderer-Verified
Environment
NnCoection
X-Redis-Duration-Ms
X-Tid
Content-Style-Type
X-FTR-Cache-Host
X-Litespeed-Cache-Control
Ohc-Response-Time
URI
X-Amz-Meta-Cb-Modifiedtime
Phost