Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
CF-RAY
Cf-Request-Id
CF-Cache-Status
X-XSS-Protection
Accept-Ranges
Link
Pragma
ETag
Expect-CT
X-Powered-By
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
Alt-Svc
X-UA-Compatible
X-Served-By
X-Timer
X-Request-Id
X-Download-Options
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-Runtime
X-AspNet-Version
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Permitted-Cross-Domain-Policies
X-Check
X-Xss-Protection
X-Cache-Status
X-Generator
X-Ua-Compatible
X-DNS-Prefetch-Control
X-Cacheable
Timing-Allow-Origin
X-Content-Security-Policy
X-Iinfo
Content-Encoding
X-CDN
X-Request-ID
Feature-Policy
X-AspNetMvc-Version
Status
X-Envoy-Upstream-Service-Time
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
Upgrade
Access-Control-Max-Age
X-Via
Keep-Alive
X-Ws-Request-Id
X-Age
X-AH-Environment
X-Robots-Tag
X-Turbo-Charged-By
Request-Context
EagleId
X-Cache-Group
X-Proxy-Cache
Server-Timing
X-Server
X-Backend
X-Hacker
Host-Header
X-Server-Powered-By
Report-To
X-Amz-Request-Id
X-Nginx-Cache-Status
Grace
X-Amz-Id-2
X-UA-Device
X-Dns-Prefetch-Control
X-Rq
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-Page-Speed
X-LiteSpeed-Cache
Cf-Railgun
X-Pingback
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-OneAgent-JS-Injection
X-Device
X-Amz-Version-Id
X-CST
NEL
X-Cache-Spec
X-WebKit-CSP
X-Vhost
Allow
X-Host
X-Backend-Server
X-Server-Id
X-ASPNET-VERSION
Xkey
X-Dispatcher
EagleEye-TraceId
X-Node
Surrogate-Control
Request-Id
X-Response-Time
Content-Location
X-Akam-SW-Version
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Accept-CH
P3p
X-Cache-Lookup
X-Ruxit-JS-Agent
X-Application-Context
X-Country
X-Ac
X-Mod-Pagespeed
X-Cloud-Trace-Context
X-Template
Accept-Ch-Lifetime
X-Readtime
X-Language
Accept-CH-Lifetime
X-B3-TraceId
MS-Author-Via
Accept-Ch
X-Url
Rating
X-HW
X-Cnection
X-MS-InvokeApp
X-Origin-Cache
X-PC
X-TtlSet
X-Vname
Edge-Control
X-Clacks-Overhead
X-ESI
X-GitHub-Request-Id
X-Trace
Display
Pagespeed
Response
X-Middleton-Display
X-Sol
X-Content-Type
X-Middleton-Response
X-D2id
Arr-Disable-Session-Affinity
Verso
X-ORACLE-DMS-RID
X-Kinja
X-Exp-Variant
X-Kinja-Build
X-Kinja-Revision
X-Kinja-Server
X-Cdn-Fetch
X-GoogleNews-Bot
X-Use-Magma
X-Exp-Id
X-Varnish-TTL
X-Goog-Hash
X-Country-Code
X-ORACLE-DMS-ECID
X-Vcap-Request-Id
X-Powered-By-Plesk
X-Rack-Cache
X-Navigation-Version
X-VARITI-CCR
X-Server-Name
Service-Worker-Allowed
X-Oneagent-Js-Injection
X-Amz-Rid
X-TTL
X-Abt-Application-Version
X-Fastly-Request-ID
Fastly-Restarts
X-Client-IP
X-Buckets
X-Cache-TTL
X-Cached
X-FastCGI-Cache
X-MSEdge-Ref
X-Release
X-Element-Page-Cache
X-Dw-Request-Base-Id
X-NF-Request-ID
X-Webkit-CSP
SPRequestGuid
X-SharePointHealthScore
Mrf-Cache-Status
MRF-Tech
X-B3-TraceId-Primal
Public-Key-Pins
SPRequestDuration
SPIisLatency
Access-Control-Request-Method
RTSS
Cache-Tag
Pinterest-Generated-By
Pinterest-Version
X-Pinterest-Rid
AR-CACHE
Ar-Sid
AR-PoweredBy
AR-ATIME
AR-Request-ID
X-Ezoic-Cdn
X-Edge
X-Powered-CMS
X-LLID
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Litespeed-Cache
X-Upstream
Content-MD5
X-Version
S
X-HP-Webp
X-Jurisdiction
X-Recruiting
X-Origin-Upstream-Status
Charset
X-MCACHE
X-Mid
X-ECACHE
X-DynaTrace
X-Kinsta-Cache
X-Mg-S
Fusion-Deployment-Id
Fusion-Content-Source
Fusion-Content-Id
Fusion-Component-Id
Fusion-Source
X-Ruxit-Js-Agent
Fusion-Template-Id
X-Ttl
X-Content-Digest
X-T
X-Px
Cache-Tags
X-PressLabs-Stats
Fastcgi-Cache
X-Accel-Expires
X-Fastcgi-Cache
X-Forwarded-Proto
X-Logged-In
X-Content-Security-Policy-Report-Only
Edge-Cache-Tag
Server-Node
TCN
TP-L2-Cache
Filters
TP-Cache
X-Amz-Server-Side-Encryption
X-Id
Front-End-Https
Server-Name
MicrosoftSharePointTeamServices
X-Correlation-Id
X-Grace
Nginx-Cache
X-Request-Received
X-Request-Processing-Time
X-Hits
X-Forwarded-For
X-XRDS-Location
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Amzn-Trace-Id
X-Shield-Request-Id
X-B3-Sampled
X-Debug
X-Request-Handler-Origin-Region
X-Microsite
X-Varnish-Age
Alternate-Protocol
X-Activity-Id
X-AppVersion
X-Az
X-HS-Content-Id
X-HS-Hub-Id
X-HS-Cache-Config
X-HS-Combine-CSS
X-F-Cache
X-Amz-Replication-Status
X-Yandex-Sdch-Disable
X-Goog-Storage-Class
X-Origin-Server
X-Goog-Metageneration
X-GUploader-UploadID
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Generation
Surrogate-Key
X-NWS-LOG-UUID
Nel
X-Frontend
X-Ser
X-Rid
X-DIS-Request-ID
Accept-Charset
X-Geo-Country
Host
X-Cache-Age
X-XRDS-LOCATION
X-Git-Hash
Section-Io-Cache
X-Hostname
X-Daa-Tunnel
X-RateLimit-Remaining
X-Respond-Thread
X-Upgrade-Enabled
X-VCache
X-Time
Access-Control-Allow-Method
X-Mobile-URL
X-DataDome
X-Server-ID
X-Source
Paypal-Debug-Id
X-Type
MS-CV
ServerID
X-AOL-HN
X-Seen-By
X-LB-Cache
X-Varnish-Backend
X-Content-Options
X-Cache-Action
Cleartype
X-IPLB-Instance
X-TT
X-Whom
X-App-Environment
Healthy
X-Request-Guid
X-Route-Name
X-Signature
X-Providence-Cookie
X-Is-Crawler
X-Aspnet-Duration-Ms
X-B-Cache
X-Debug-Info
X-Flags
Payment
Realpath
X-Cache-Key
X-Load-Cache
Cache
X-Page-Id
X-WebKit-CSP-Report-Only
X-Contextid
X-N
X-Jobs
Fastcgi-Useragent
X-FB-Debug
X-Webkit-Csp
X-FTR-Request-ID
X-Pinterest-Direct
Node
X-Browser-Type
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Mobile
X-Rule
Refresh
X-Cache-Expired-At
X-Accel-Buffering
X-Response-Served-From
X-Original-Request-Id
DC
Version
Ms-Operation-Id
X-Cluster-Name
X-Cacheable-TTL
X-Content-Powered-By
X-Framework
X-RTag
Referer-Policy
Powered-By-ChinaCache
X-Zen-Fury
Viewport
X-Drupal-Cache-Tags
X-HTML-Minification-Powered-By
X-RemovedCookies
X-ProcessESI
X-Wix-Request-Id
X-B
Access-Control-Request-Headers
X-Cache-Control
X-Instance
X-Proxy
X-UUID
X-FireWall-Port
X-Cache-Time
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Real-IP
X-Region
X-Distributor
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-IPS-LoggedIn
Eomportal-Instance
X-Page-View
X-Drupal-Cache-Contexts
X-Via-JSL
X-FW-Hash
X-Cached-By
X-FW-Serve
X-FW-Dynamic
X-FW-Static
X-FW-Type
X-FW-Server
X-Cache-Operation
X-Cache-Rule
Liferay-Portal
X-G
X-Debug-IsPreview
X-Tumblr-Pixel
X-Tumblr-User
X-Debug-IsConnected
X-Tumblr-Pixel-0
X-App-Server
X-Tumblr-Pixel-1
X-Akamai-Edgescape
Countrycode
X-Nginx-Cache
X-Tec-Api-Root
X-Tec-Api-Origin
X-Cache-Hit
X-Tec-Api-Version
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Environment-Context
X-L-Path
X-Pass-Why
X-Www-Served-By
X-Protected-By
SRV
Section-Io-Id
X-TEC-API-ROOT
X-TEC-API-ORIGIN
Section-Origin-Responded
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
Xserver
X-TEC-API-VERSION
DynaTrace
Server-Info
CF-IPCountry
X-Device-Type
X-Varnish-Grace
X-User-Agent
GEO-INFO
Webserver
X-Tumblr-Pixel-2
From-Origin
X-Adobe-Content
X-Mode
Ec-Rule-Version
X-Adobe-Loc
Retry-After
Meta-Geo
X-Endurance-Cache-Level
X-UPSTREAM-Address
X-Varnish-Server
X-RN-RSRV
X-ES-SERVER
X-Handled-By
Cache-Status
X-MP-GENERATED-AT
X-Varnish-Ttl
X-Hl-Ver
Cache-Tv-Group
Frame-Options
X-Uri
Decoy-Debug-Status
TWC-GeoIP-Country
Decoy-Debug-Key
TWC-Device-Class
TWC-Connection-Speed
TWC-GeoIP-LatLong
X-Storage
Decoy-Debug-TTL
Fastly-SSL
X-Soup
Property-Id
X-Backend-Name
X-OCL
X-Origin-Hint
X-Labrador-Cache-Channel
X-Human
X-Format
X-PCL
Apigw-Requestid
X-Pubstack
X-ProxyCache-Status
X-ProxyCache-Key
X-PHP-Host
X-Section
Country
X-FB-TRIP-ID
Webcakes-Region
Webcakes-App-Version
Webcakes-App-Name
TWC-Locale-Group
TWC-Privacy
X-Cache-Server
X-Access
X-Request-Time
X-BYPASS-REASON
Azure-SlotName
Azure-SiteName
Azure-RegionName
Azure-Version
Azure-InstanceId
X-Be
X-Redis-Cache
X-R9-Blue-Green-Version
X-PERF
X-S-Maxage
X-Server-W
X-Varnishpool
X-UA-Device-Type
X-No-Session
X-Via-Fastly
X-ApacheServer
X-Info
X-AWS-Id
X-VWS-Id
X-LJ-Flow-ID
X-LAGOON
Mn-Server-Ip
X-NYM-Debug-Backend
X-Say-TTL
X-Cache-TTL-Remaining
X-SayCDN-TTL
X-Sql-Count
X-Web-Node
X-Sql-Duration-Ms
X-Say-Cacheable
X-Origin-Date
X-WA-Info
X-Status
X-Routing-Service
X-Xfnlog-Site
X-Proxied
X-Zipkin-Id
Protected
X-Proto
X-Hyper-Cache
X-Loop
X-Locale
Cache-Name
X-GG-Cache-Date
X-TNCMS
X-Site-Version
X-Hosted-By
X-Ratelimit-Limit
Selected-Fe
X-Proxy-Build
X-Storefront-Renderer-Rendered
X-Alternate-Cache-Key
X-Sorting-Hat-PodId
X-ShardId
X-Shopify-Stage
X-ShopId
X-Sorting-Hat-ShopId
X-Timing-Wait
Uber-Trace-Id
X-Proxy-Cache-Status
X-TA-CDN-Provider
X-AIR-PT
X-FW-Version
X-Is-Bot
AMP-Access-Control-Allow-Source-Origin
X-Rendered-As
X-Cache-Enabled
X-TT-LOGID
X-Cluster
X-Microcachable
X-NWS-UUID-VERIFY
X-Content-Age
S-Cnection
X-Forwarded-Host
X-Cache-Grace
X-Qloud-Router
X-CCM
X-Dc
X-Revision
X-SRV
X-Azure-Ref
X-Backend-Host
X-Node-Name
X-Platform
X-Via-CDN
Amp-Access-Control-Allow-Source-Origin
Cache-Hits
X-Aspnetmvc-Version
Akamai-GRN
X-Trace-Id
X-App-Version
X-CSRF-Token
ServedBy
X-ATG-Version
X-EdgeConnect-Cache-Status
X-Detected-As
X-Cache-Host
X-Varnish-Hostname
X-RCS-CacheZone
X-Cache-PHP
X-Cache-NGX
X-Debug-Cache
X-B3-SpanId
X-Amzn-Remapped-Content-Length
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Ratelimit-Remaining
X-CS
DB-Nickname
X-FTR-Balancer
SD-X-WS
X-FTR-Cache-Status
X-Akamai-Transformed
X-Nc
X-FTR-Realm
X-FTR-Backend-Server
X-FTR-DC
X-Oss-Server-Time
X-Oss-Request-Id
X-FTR-Backend
X-Oss-Hash-Crc64ecma
X-Oss-Storage-Class
X-Oss-Object-Type
X-Country-Code-Real
X-CACHE-KEY
X-Correlation-ID
X-BCube-Filmed-By
Who
X-ID
X-RateLimit-Limit
X-TX-ID
Country-Code
X-Amz-Meta-S3cmd-Attrs
X-Adobe-Source
HostName
X-Time-Microsecs
X-Ms-Version
Backend
X-Ms-Request-Id
X-A-Ccd
Rendered-Blocks
X-A
T-Server
X-A-Dam
X-A-Wwc
X-Vdms-Version
X-Application
X-Aed
Odigeo-Trace-Id
X-A-Dgt
X-A-Dcw
Machine
BehaviorPad-Version
X-Varnish-Beresp-Grace
X-ScT
X-Varnish-Cache-Hits
DCR-Decision-By
DCR-Processing-Time-Ms
MD5-Digest
X-ARC
Fastcgi-X-Cache-Version
Expiry
Mobile-Detection-Method
X-Cache-NE
X-Origin-CC
X-Origin-TTL
X-NAPM-TraceId
X-Location
X-Rojux
X-Level-Front-Cache
X-Owner
X-PAYTM-SRV-ID
X-VG-WebCache
X-Request-UUID
X-VG-WebServer
X-Processor
X-PBS-Appsvrname
X-Generation-Time
X-Generated-On
X-Connection-Hash
X-Vtex-Remote-Cache
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-Vdms-Path
X-D
X-Destination
X-S
X-From
X-External-Request-Id
X-S-Cookie
X-Vtex-Processado-Em
X-B-Cookie
Meta-Geo-Continent
X-Backend-TTL
X-SRCache-Key
X-Trv-Group
X-ServerID
X-Session-Fingerprint
X-Rewrite-Enabled
X-Unique-Id
Filterid
Thinkindot-Control
Thinkindot-CacheControl
Wxu-Next-Region
X-Swa-Ws
Ssr
Wxu-Next-Hostname
Wxu-Next-Commit
V-Age
X-B3-Traceid
Fastly-Backend-Name
Content-Disposition
CacheControlHeader
Cache-Host
Host-ID
Magicmarker
X-Cache-Bucket
Path
Pagetype
On-Server
Server-Host
X-Thinkindot-L3
X-Air-Hostname
X-Irp-Debug
X-Tumblr-Pixel-3
X-HS-Content-Campaign-Id
X-Micro-Cache
X-Mvc-Supplant-Cachable
X-Reqid
X-OVcl-Cache
X-OVcl
X-Geo-Header
X-Generated-In
Tracecode
AKAMAI
X-Cms-Context
Xc-Version
X-Core-Value
X-Developers
X-Fetched-On
X-Fastly-Cache
X-Device-Os
X-Cache-Info
Thinkindot-CacheControl-Type
X-Varnish-Beresp-Ttl
X-DynaTrace-JS-Agent
X-Unique-ID
X-NewRelic-App-Data
X-GEO
X-FTR-Expires
X-Tb
X-APP-VERSION
X-Varnish-Beresp-Status
User-Cache-Control
X-Gzip
X-Backend-State
Server-Hostname
X-Is-Gdpr
Sever-Int
X-Magnolia-Registration
X-JWT-State
X-CGP
X-GeoIP
X-GeoIP-City
Server-Ext
X-HN
PFcat
X-Has-Esi
X-Cache-Debug
Origin
X-IP
Apple-News-Services-Handled
X-Hnp-Log
Release
X-Azure-Ref-OriginShield
X-TrackingId
X-Cache-Id
X-Scheme
X-Eu-Site
X-SVT-ORM-VERSION
X-Cdn-Forward
X-Esi-Check
X-Envoy-Decorator-Operation
X-Clara-WADP
X-Developer
X-Dispatcher-Server
X-Sucuri-ID
X-Fmm-Version
X-Gen-Mode
X-Generated-By
UCS
True-Client-Country-4JS
Vix-Hermes-Req-Id
Web-Mar-Node
X-VarnishDD-TTL
X-Request-URI
X-WADP-Cache
X-Varnish-Hits
X-Thanos
X-Wikidot-Backend
X-Policy
X-SVT-ORM-RULES
X-Wikidot-Static-Cache
X-Branch-Name
Esi-Enabled
X-Block-Status
X-Skip-Cache
Apple-News-Services-Request-Url
X-VG-TLSProxy
Cf-Bgj
CDN-CachedAt
CDN-Cache
CDCHOST
X-FC-Vary-Parameters
CDN-EdgeStorageId
CDN-PullZone
CDN-Uid
CDN-RequestId
CDN-RequestCountryCode
X-Ratelimit-Reset
X-Var-Ttl
X-Bip
Apple-News-Services-Parsed-Url
X-Nginx-Cache-Key
Locid
Cf-Device-Type
X-Csrf-Jwt
NGX
X-Method
Apple-News-Services-Host
Gh-Request-Id
Location
X-Origin-Response-Time
HA-Ipaddr
Ha-Gx-Prefs
X-User
X-Origin
X-Old-Content-Length
L5d-Success-Class
L
NM-Fastcgi-Cache
X-EC-Lua
X-Node-Id
X-Origin-Expires
X-Varnish-CookieHashed-On
X-Varnish-Remaining-TTL
X-Platform-Server
X-Request-Host
X-Varnish-CookieINHashed-On
X-Rebelmouse-Cache-Control
X-NU-AKA-ACS-Version
X-Gamma-Serve
X-VServer
X-Rebelmouse-Surrogate-Control
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Hash
X-Variation
Fastly-SWR
Is-Eu
X-DefElseHash
X-Li-Pop
X-LI-UUID
X-Fastly-Backend
IsBot
PB-PID
DSUID
X-GoCache-CacheStatus
Fastly-Drupal-HTML
PB-RID
Platform
C-Via
X-Aicache-OS
Adler-Geo
X-DefHash
X-Li-Fabric
X-SIPLIST1
X-Cache-Tags
Fastly-SIE
Arc-Version
X-Slack-Backend
X-DPWN-IS-SECURE
X-Epic-Correlation-Id
X-Cache-Var-Map
X-Cache-Var
X-LB-ID
X-Planisys-CDN-TTL
X-Clientip
X-Mvc-Supplant-OutputCached
X-Loc
X-Planisys-CDN-Cache
Rt-Fastcgi-Cache
X-Planisys-CDN-Rules
X-Varnish-Url
Instruction
SR-User-Adfree
NGB
X-Via-Poph
Pics-Label
X-PF-Uncompressing
X-Via-Popv
X-CUA
X-Via-Popn
Geo-Info
Url
Lfy
Req-Svc-Chain
X-Matched-Rule
Cmstype
X-Refresh
Cmsid
X-Servername
Svr
X-Cache-Expires
CloudFront-Viewer-Country
Kp-EeAlive
X-Served-From
X-Cache-Backend
Sid
VivaBuild
X-Cdn-Origin
X-NCache
X-Sn-Servicetimems
Pramga
A
Viewtype
X-Cache-Date
X-Core-Mission
M-TraceId
X-Vgn-Hpd-Reason
Cache-Key
MIME-Version
X-Tb-Optimization-Total-Bytes-Saved
X-TraceId
Cross-Origin-Opener-Policy
X-Srv
Arc-Country
X-DC
X-PHP-Backend
X-JoinUs
TDXMobile
X-Request-Start
Server-ID
X-CLOUD-TRACE-CONTEXT
X-SaId
Source
SID
X-Webkit-CSP-Report-Only
X-Edge-Location
X-NGENIX-Cache
X-Servedbyhost
X-Vc
X-Instrumentation
X-Edge-Location-Klb
X-Kraken-Loop-Name
X-Kraken-Routeconfig-Destination
X-Server-Lifecycle-Phase
X-FireWall-Protection
X-Error
X-NC
DataCenter
X-Service
Geoip-Latitude
GeoIp-Country-Code
Tcn
X-Wa
Content-Secure-Policy
X-Varnish-Cacheable
NtCoent-Length
X-CDN-Forward
X-Extlb
X-Air-Source
X-HS-Status
X-Vcl-Version
X-Response-By
X-Internal-Host
X-B3-Spanid
X-Geo
X-Proxy-Cachei7
X-Esi
X-LI-Proto
FSS-Cache
Xkeyi7
CACHE
X-Bc-Bl
HitType
X-Forwarded-Site
N-Cache
X-BBXSRF
Server-Ttl
Resin-Trace
X-Via-NSCOPI
X-LiteSpeed-Cache-Control
X-HOST
X-Accel-Expires-Debug
X-CCDN-CacheTTL
XServer
X-Date
X-PJAX-URL
X-Hcs-Proxy-Type
X-CCDN-Origin-Time
Request-ID
X-VCL-Version
LB
X-Li-Proto
Hostname
Memcached
We-Hiring
Surrogated-Key
X-Proxy-Upstream
Mail-Subject
X-Req
X-Viewer-Country
X-RAMCache
X-Cache-2
S-Rt
X-RPM
X-Contensis-Viewer-Groups
X-Varnish-Authentication
Env
X-Newrelic-Synthetics
X-Svr
X-TIM-N
X-RSL
Upgrade-Insecure-Requests
X-RPS
X-Cc-Req-Id
X-Cc-Via
X-Cache-ASPX
X-DB
X-RateLimit-Remaining-Second
X-DI
X-VC-Cache
X-RateLimit-Limit-Second
D-Cc-Upstream
X-DW
X-DSS
X-Cache-Remote
Cteonnt-Length
X-UA
X-App
X-Men
X-Cs
X-WA
GeoIP-Country-Code
GeoIP-Latitude
X-Sigma-Backend
X-Rocket-Build-Number
X-Sigma
X-APP
X-FORWARDED-FOR
CF-Cached-On
Time
Ohc-File-Size
X-MSEdge-Flight
X-MSEdge-Features
Memory
ProcessTime
X-ServedByHost
X-Server-IP
X-ZONE
X-Sucuri-Cache
X-Air-Trace-Id
Cross-Origin-Window-Policy
X-Action
X-HostName
X-Dynatrace-Js-Agent
X-Erf-Stays-Bingo-Pdp-Web
X-TIME
X-Region-Sid
VNS-Cache
CPC-Age
CPC-Cache
Server-Id
VNS-Age
X-FPC
X-Oss-Cdn-Auth
X-Gdpr
X-CF-Powered-By
X-Zone
X-Nyt-Route
X-Origin-Time
X-Cache-Config
X-Fpc
X-API-Version
X-Swift-Error
X-Provided-By
X-CSRF-TOKEN
X-Host-Name
X-Presslabs-Stats
X-VC
X-SN
X-NodeID
X-Check-Cacheable
Mime-Version
X-Depends-On
W
Cache-Provider
Ohc-Cache-HIT
X-Cdn-Request-ID
Srv
Fastcgi-Cache-TTL
X-BACKEND-TTL
State
CDN
My-App
X-SD-PageType
X-SB
X-UnsetCookies
X-Webstats-RespID
X-Ftr-Cache-Host
X-ServerName
X-Client-Ip
X-Akamai-Pragma-Client-IP
X-ABtesting
X-Fastly-Backend-Reqs
X-Dw-Trace-Id
X-Minions-Version
X-BBC-Edge-Cache-Status
X-Parent-Response-Time
X-Hello
X-Flog
X-Mg-Request-UUID
X-Fastly-Request-Id
Cdn
Dnion-Transfer-Encoding
X-Snapshot-Date
X-Pad
X-Pf-Uncompressing
X-Oracle-DMS-ECID
EpKe-Alive
Media-Length
Vha6-Origin
X-NGINX-Cache
Proxy-Connection
X-Render-Time
X-Cache-Tag
Cf-Ipcountry
PICS-Label
OT-Force-Account-Verify
X-Acquia-Application-Trace
X-Acquia-Site
X-Acquia-Purge-Tags
X-Acquia-Application-UUID
X-LiteSpeed-Tag
X-Cache-Type
X-ElasticPress-Search
X-Via-PopV
X-Via-PopH
X-Via-PopN
CountryCode
Epwk-X-Cache
X-Auto-Login
X-Vcache
X-Worker
X-ElasticPress-Query
X-Lb-Id
X-Request-URL
X-Ms-Meta-Originalurl
X-BBC-Origin-Response-Status
X-Ms-Meta-Staticbatchstarttime
X-ND-Cache
X-Orig-Expires
X-Cluster-Node
X-Varnish-Beresp-TTL
X-Akamai-ERRuleID
X-Shop-Environment
Xet-Cookie
X-Akamai-ERPolicy
X-Traceid
Warning
X-Varnish-URL
X-MiniProfiler-Ids
X-Tenant
Processtime
X-Forwarded-Path
X-Tx-Id
X-Air-Pt
Datacenter
X-Ua
X-Apw-Hits
Environment
X-Cache-Status-Check
X-Mg-Request-Id
Phost
Ohc-Response-Time
X-B3-Parentspanid
WZWS-RAY
X-Yottaa-OS
X-Storefront-Renderer-Verified
NnCoection
X-Apw-Access-Token
X-Ftr-Request-Id
X-Apw-Access-Action
X-Debug-Cache-Store
X-Debug-Cache-Fetch
Inserted-Into-Cache-At
X-Amz-Meta-Cb-Modifiedtime
X-FTR-Cache-Host
URI
X-Litespeed-Cache-Control
X-Redis-Count
X-Tid
X-Redis-Duration-Ms
Content-Style-Type
Content-Script-Type
X-Apw-Access-Object