Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-RAY
CF-Cache-Status
X-XSS-Protection
Accept-Ranges
Link
Pragma
ETag
Expect-CT
X-Powered-By
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
Alt-Svc
X-UA-Compatible
X-Served-By
X-Timer
X-Request-Id
X-Download-Options
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-Runtime
X-AspNet-Version
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Permitted-Cross-Domain-Policies
X-Check
X-Xss-Protection
X-Cache-Status
X-Generator
X-DNS-Prefetch-Control
X-Cacheable
Timing-Allow-Origin
X-Content-Security-Policy
X-FRAME-OPTIONS
X-Iinfo
X-Ua-Compatible
Content-Encoding
X-CDN
Feature-Policy
X-AspNetMvc-Version
Status
X-Request-ID
X-Envoy-Upstream-Service-Time
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
Upgrade
Access-Control-Max-Age
X-Via
Keep-Alive
X-Ws-Request-Id
X-Age
X-AH-Environment
X-Robots-Tag
X-Turbo-Charged-By
Request-Context
EagleId
X-Cache-Group
X-Proxy-Cache
Server-Timing
X-Server
X-Backend
X-Hacker
X-Server-Powered-By
Host-Header
Report-To
X-Amz-Request-Id
X-Nginx-Cache-Status
Grace
X-Amz-Id-2
X-UA-Device
X-Dns-Prefetch-Control
X-Rq
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-Page-Speed
X-LiteSpeed-Cache
Cf-Railgun
X-Pingback
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-OneAgent-JS-Injection
X-Device
X-CST
X-Amz-Version-Id
NEL
X-Cache-Spec
Allow
X-Host
X-Vhost
X-WebKit-CSP
X-Backend-Server
X-Server-Id
X-ASPNET-VERSION
Xkey
X-Dispatcher
EagleEye-TraceId
Surrogate-Control
X-Node
Request-Id
X-Response-Time
Content-Location
X-Akam-SW-Version
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Cache-Lookup
P3p
X-Application-Context
X-Country
Accept-Ch-Lifetime
X-Ruxit-JS-Agent
X-Ac
Accept-CH
X-Mod-Pagespeed
Accept-Ch
X-Cloud-Trace-Context
X-Template
X-Readtime
X-Language
X-B3-TraceId
MS-Author-Via
X-HW
Rating
X-Url
Accept-CH-Lifetime
X-Cnection
X-MS-InvokeApp
X-Origin-Cache
X-PC
X-TtlSet
X-Vname
Edge-Control
X-ESI
X-Clacks-Overhead
X-GitHub-Request-Id
X-Trace
Response
X-Middleton-Display
X-Middleton-Response
X-Sol
Display
Pagespeed
X-Content-Type
X-D2id
Verso
Arr-Disable-Session-Affinity
X-Varnish-TTL
X-Exp-Id
X-Kinja
X-ORACLE-DMS-RID
X-Kinja-Build
X-Kinja-Revision
X-Use-Magma
X-Kinja-Server
X-Exp-Variant
X-GoogleNews-Bot
X-Cdn-Fetch
X-Vcap-Request-Id
X-ORACLE-DMS-ECID
X-Powered-By-Plesk
X-Goog-Hash
X-Country-Code
X-Rack-Cache
X-Navigation-Version
X-VARITI-CCR
X-TTL
X-Server-Name
Service-Worker-Allowed
X-Amz-Rid
X-Webkit-CSP
X-Abt-Application-Version
X-Fastly-Request-ID
X-Oneagent-Js-Injection
Fastly-Restarts
X-Client-IP
X-Cached
X-Buckets
X-FastCGI-Cache
X-Cache-TTL
X-MSEdge-Ref
X-Release
X-Element-Page-Cache
X-Dw-Request-Base-Id
X-NF-Request-ID
SPRequestGuid
X-SharePointHealthScore
X-B3-TraceId-Primal
Mrf-Cache-Status
MRF-Tech
Public-Key-Pins
Access-Control-Request-Method
SPRequestDuration
SPIisLatency
RTSS
Cache-Tag
X-Pinterest-Rid
Pinterest-Generated-By
Pinterest-Version
X-Edge
Ar-Sid
AR-ATIME
AR-Request-ID
AR-PoweredBy
AR-CACHE
X-Ezoic-Cdn
X-Powered-CMS
X-LLID
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Upstream
X-Litespeed-Cache
X-Version
Content-MD5
S
X-HP-Webp
X-Jurisdiction
X-Ruxit-Js-Agent
X-Recruiting
X-Mid
X-ECACHE
X-MCACHE
Charset
X-Origin-Upstream-Status
X-Kinsta-Cache
X-DynaTrace
X-PressLabs-Stats
X-Mg-S
Fusion-Component-Id
Fusion-Content-Source
Fusion-Content-Id
Fusion-Template-Id
Fusion-Deployment-Id
Fusion-Source
X-T
X-Content-Digest
Cache-Tags
X-Px
X-Ttl
Fastcgi-Cache
X-Accel-Expires
X-Id
X-Forwarded-Proto
X-Logged-In
X-Content-Security-Policy-Report-Only
Filters
Server-Node
X-Fastcgi-Cache
Edge-Cache-Tag
X-Amz-Server-Side-Encryption
TP-Cache
TP-L2-Cache
Server-Name
MicrosoftSharePointTeamServices
Front-End-Https
TCN
X-Forwarded-For
X-Grace
X-Request-Processing-Time
Nginx-Cache
X-Request-Received
X-Correlation-Id
X-Hits
X-Shield-Request-Id
X-Amzn-Trace-Id
X-B3-Sampled
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Microsite
X-Request-Handler-Origin-Region
X-Debug
Alternate-Protocol
X-Az
X-Activity-Id
X-AppVersion
X-Varnish-Age
X-F-Cache
X-Server-ID
X-HS-Combine-CSS
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Cache-Config
X-Amz-Replication-Status
X-Origin-Server
X-Yandex-Sdch-Disable
X-GUploader-UploadID
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-Goog-Metageneration
Surrogate-Key
X-XRDS-Location
X-XRDS-LOCATION
X-Frontend
X-NWS-LOG-UUID
X-Rid
X-DIS-Request-ID
Accept-Charset
Host
X-Geo-Country
X-Ser
X-Cache-Age
Section-Io-Cache
Nel
X-Git-Hash
X-Time
X-Respond-Thread
X-Hostname
Access-Control-Allow-Method
X-VCache
X-Daa-Tunnel
X-Mobile-URL
X-Upgrade-Enabled
X-DataDome
MS-CV
ServerID
Realpath
X-RateLimit-Remaining
X-LB-Cache
Paypal-Debug-Id
X-Type
X-Source
Cleartype
X-AOL-HN
X-Varnish-Backend
X-TT
X-Seen-By
Healthy
X-IPLB-Instance
Payment
X-Cache-Action
X-Content-Options
X-Whom
X-Debug-Info
X-B-Cache
X-Signature
X-Providence-Cookie
X-Is-Crawler
X-Request-Guid
X-Route-Name
X-Flags
X-Aspnet-Duration-Ms
X-App-Environment
X-Page-Id
X-Contextid
X-Load-Cache
X-Cache-Key
X-Jobs
X-N
Cache
Fastcgi-Useragent
X-WebKit-CSP-Report-Only
X-FB-Debug
X-FTR-Request-ID
Node
X-Browser-Type
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Mobile
X-Webkit-Csp
X-Pinterest-Direct
X-Rule
X-Cache-Expired-At
Refresh
X-Response-Served-From
X-Original-Request-Id
X-Accel-Buffering
Viewport
X-RTag
Ms-Operation-Id
DC
Version
X-Content-Powered-By
X-Cluster-Name
X-Cacheable-TTL
Access-Control-Request-Headers
X-Drupal-Cache-Tags
X-Instance
X-HTML-Minification-Powered-By
X-Framework
X-ProcessESI
X-Real-IP
X-B
X-RemovedCookies
X-Zen-Fury
X-Tec-Api-Origin
X-Tec-Api-Version
X-Tec-Api-Root
X-FireWall-Port
Powered-By-ChinaCache
Eomportal-Instance
X-Cache-Time
X-Cache-Control
X-Proxy
X-Wix-Request-Id
X-IPS-LoggedIn
X-Region
Referer-Policy
X-Distributor
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-UUID
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Page-View
X-Drupal-Cache-Contexts
Countrycode
X-FW-Hash
X-FW-Serve
X-FW-Server
X-Cached-By
X-FW-Dynamic
X-Via-JSL
X-FW-Static
X-FW-Type
X-G
X-Cache-Operation
X-Cache-Rule
X-App-Server
X-Tumblr-User
X-Tumblr-Pixel-1
X-Tumblr-Pixel
Liferay-Portal
X-Tumblr-Pixel-0
X-Nginx-Cache
X-Debug-IsConnected
X-Debug-IsPreview
X-Yottaa-Optimizations
X-Akamai-Edgescape
X-Www-Served-By
Xserver
X-Yottaa-Metrics
X-Cache-Hit
X-L-Path
X-Environment-Context
X-Pass-Why
X-Protected-By
SRV
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
Section-Io-Origin-Status
Section-Io-Id
Server-Info
X-Varnish-Grace
DynaTrace
X-Device-Type
X-User-Agent
CF-IPCountry
X-Tumblr-Pixel-2
X-TEC-API-ROOT
X-Adobe-Content
X-TEC-API-VERSION
X-Adobe-Loc
From-Origin
X-TEC-API-ORIGIN
Webserver
X-Mode
Retry-After
Cache-Status
X-Varnish-Server
Ec-Rule-Version
X-RN-RSRV
X-UPSTREAM-Address
AMP-Access-Control-Allow-Source-Origin
X-Handled-By
X-ES-SERVER
Frame-Options
X-Endurance-Cache-Level
X-Hl-Ver
Meta-Geo
GEO-INFO
X-Backend-Name
Cache-Tv-Group
X-Request-Time
Apigw-Requestid
X-Pubstack
Fastly-SSL
Property-Id
X-Soup
TWC-Device-Class
X-Section
Country
X-Uri
TWC-Connection-Speed
X-Storage
X-Varnishpool
Webcakes-App-Version
Webcakes-Region
X-FB-TRIP-ID
X-ProxyCache-Key
X-Access
X-OCL
X-BYPASS-REASON
X-Format
X-MP-GENERATED-AT
Webcakes-App-Name
TWC-Privacy
X-Origin-Hint
TWC-GeoIP-LatLong
TWC-GeoIP-Country
X-ProxyCache-Status
TWC-Locale-Group
X-PCL
X-Cache-Server
Mn-Server-Ip
X-R9-Blue-Green-Version
X-PHP-Host
Decoy-Debug-Status
X-S-Maxage
X-NYM-Debug-Backend
X-Labrador-Cache-Channel
X-Server-W
Decoy-Debug-Key
Decoy-Debug-TTL
X-Via-Fastly
X-PERF
X-TA-CDN-Provider
X-VWS-Id
X-Ratelimit-Limit
X-WA-Info
Selected-Fe
X-Timing-Wait
X-ApacheServer
X-AWS-Id
X-Be
X-LJ-Flow-ID
X-UA-Device-Type
X-Proxy-Build
X-Human
X-No-Session
Azure-Version
X-LAGOON
Azure-SiteName
Azure-InstanceId
Azure-SlotName
X-Proxied
X-Zipkin-Id
X-Xfnlog-Site
X-Varnish-Ttl
Azure-RegionName
Cache-Name
X-Cache-TTL-Remaining
X-Origin-Date
X-Proto
X-Info
Protected
X-Routing-Service
X-Alternate-Cache-Key
X-Status
X-Say-Cacheable
X-Shopify-Stage
X-TNCMS
X-Web-Node
X-Sorting-Hat-PodId
X-Loop
X-ShopId
X-ShardId
X-Sql-Count
X-Sql-Duration-Ms
X-SayCDN-TTL
X-Storefront-Renderer-Rendered
X-Say-TTL
X-GG-Cache-Date
X-Sorting-Hat-ShopId
X-Hosted-By
X-Locale
X-Proxy-Cache-Status
X-Hyper-Cache
Uber-Trace-Id
X-Redis-Cache
X-Site-Version
X-Cache-Enabled
X-Is-Bot
X-FW-Version
X-Rendered-As
X-Dc
X-Microcachable
X-Cluster
X-Content-Age
X-App-Version
S-Cnection
X-NWS-UUID-VERIFY
X-Forwarded-Host
X-TT-LOGID
X-AIR-PT
X-Cache-Grace
X-Qloud-Router
X-Backend-Host
X-Platform
X-Azure-Ref
X-Node-Name
X-CSRF-Token
X-Revision
X-SRV
X-Via-CDN
X-CCM
Cache-Hits
Akamai-GRN
X-Cdn
X-Trace-Id
ServedBy
X-Ratelimit-Remaining
X-ATG-Version
X-Cache-PHP
X-EdgeConnect-Cache-Status
X-Aspnetmvc-Version
X-Varnish-Hostname
X-Cache-NGX
X-RCS-CacheZone
X-Debug-Cache
X-Detected-As
X-Cache-Host
X-CACHE-KEY
X-Correlation-ID
X-Amzn-RequestId
X-B3-SpanId
X-Amzn-Remapped-Content-Length
X-Amz-Apigw-Id
X-CS
HostName
DB-Nickname
X-Nc
X-TX-ID
Amp-Access-Control-Allow-Source-Origin
X-Akamai-Transformed
X-FTR-Backend
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-Cache-Status
X-FTR-DC
X-FTR-Realm
X-Country-Code-Real
SD-X-WS
Who
X-BCube-Filmed-By
X-Adobe-Source
X-Oss-Storage-Class
X-Oss-Server-Time
X-Oss-Request-Id
X-Oss-Hash-Crc64ecma
Country-Code
X-Time-Microsecs
X-Oss-Object-Type
X-Varnish-Beresp-Grace
X-Ms-Version
X-Amz-Meta-S3cmd-Attrs
X-Ms-Request-Id
X-A-Wwc
T-Server
X-A-Dgt
X-A-Dam
X-A-Dcw
X-A-Ccd
X-A
Fastcgi-X-Cache-Version
DCR-Processing-Time-Ms
DCR-Decision-By
BehaviorPad-Version
X-Varnish-Cache-Hits
Expiry
Machine
Odigeo-Trace-Id
Mobile-Detection-Method
Meta-Geo-Continent
MD5-Digest
Rendered-Blocks
X-CF-Lambda-Version
X-S
X-S-Cookie
X-ScT
X-Rojux
X-Rewrite-Enabled
X-PBS-Appsvrname
X-Processor
X-Request-UUID
X-Session-Fingerprint
X-SRCache-Key
X-VG-WebServer
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
X-VG-WebCache
X-Vdms-Version
X-Trv-Group
X-Vdms-Path
X-PAYTM-SRV-ID
X-Owner
X-CF-Lambda-Fn
X-Connection-Hash
X-D
X-Cache-NE
X-B-Cookie
X-Application
X-ARC
X-Destination
X-External-Request-Id
X-NAPM-TraceId
X-Origin-CC
X-Origin-TTL
X-Location
X-Level-Front-Cache
X-From
X-Generated-On
X-Aed
X-Generation-Time
X-Unique-ID
X-ServerID
X-Backend-TTL
X-Varnish-Beresp-Ttl
X-RateLimit-Limit
Backend
Filterid
Thinkindot-CacheControl-Type
Thinkindot-Control
Thinkindot-CacheControl
Ssr
CacheControlHeader
Cache-Host
AKAMAI
UCS
X-DynaTrace-JS-Agent
X-Fetched-On
Wxu-Next-Region
X-Varnish-Beresp-Status
V-Age
Wxu-Next-Commit
X-Generated-In
Server-Host
X-Device-Os
X-GeoIP-City
Fastly-Backend-Name
Magicmarker
Host-ID
Gh-Request-Id
On-Server
Pagetype
Release
X-Magnolia-Registration
X-Geo-Header
Path
Content-Disposition
X-OVcl
Wxu-Next-Hostname
X-Cache-Bucket
X-Core-Value
X-TrackingId
X-Bip
X-Thanos
X-Reqid
X-Cms-Context
X-OVcl-Cache
X-Swa-Ws
X-Policy
X-Thinkindot-L3
X-Developers
X-Tumblr-Pixel-3
X-FTR-Expires
X-EC-Lua
X-Unique-Id
X-Envoy-Decorator-Operation
PB-RID
X-Csrf-Jwt
L5d-Success-Class
PFcat
X-HS-Content-Campaign-Id
NGX
Locid
X-Developer
NM-Fastcgi-Cache
X-GeoIP
X-Dispatcher-Server
Location
Origin
X-Azure-Ref-OriginShield
X-Var-Ttl
X-FC-Vary-Parameters
L
Vix-Hermes-Req-Id
X-Backend-State
X-JWT-State
X-Air-Hostname
X-Has-Esi
X-Is-Gdpr
X-Branch-Name
X-Fastly-Cache
Tracecode
X-CGP
Server-Hostname
Server-Ext
Sever-Int
PB-PID
True-Client-Country-4JS
X-Cache-Debug
X-Cache-Info
X-Eu-Site
X-HN
CDN-Cache
CDCHOST
C-Via
Arc-Version
CDN-CachedAt
CDN-EdgeStorageId
CDN-RequestCountryCode
CDN-PullZone
Xc-Version
X-Origin
X-Sucuri-ID
X-Nginx-Cache-Key
X-Mvc-Supplant-Cachable
X-Micro-Cache
Apple-News-Services-Handled
Apple-News-Services-Host
Cf-Device-Type
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
X-Ratelimit-Reset
CDN-RequestId
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-VarnishDD-TTL
X-Irp-Debug
X-IP
X-Varnish-Hits
X-User
HA-Ipaddr
Ha-Gx-Prefs
X-Method
Esi-Enabled
X-B3-Traceid
Cf-Bgj
CDN-Uid
X-Request-URI
X-Scheme
DSUID
X-Skip-Cache
X-VG-TLSProxy
X-GEO
X-NewRelic-App-Data
User-Cache-Control
X-Tb
X-DefHash
X-Cdn-Forward
X-DefElseHash
X-Clientip
X-Request-Host
X-Cache-Id
IsBot
X-DPWN-IS-SECURE
X-WADP-Cache
X-Rebelmouse-Surrogate-Control
X-LB-ID
X-Varnish-CookieINHashed-On
X-Cache-Tags
X-Gzip
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Hash
Fastly-Drupal-HTML
X-Hnp-Log
X-Esi-Check
Platform
Web-Mar-Node
X-Clara-WADP
X-Varnish-CookieHashed-On
X-Variation
X-SIPLIST1
X-Epic-Correlation-Id
X-Gamma-Serve
X-Node-Id
X-Fmm-Version
X-LI-UUID
X-Li-Pop
X-NU-AKA-ACS-Version
Fastly-SIE
X-Varnish-Remaining-TTL
X-VServer
Is-Eu
X-Origin-Expires
Fastly-SWR
X-Wikidot-Backend
X-Li-Fabric
X-Rebelmouse-Cache-Control
Adler-Geo
X-Fastly-Backend
X-Wikidot-Static-Cache
X-Block-Status
X-Origin-Response-Time
X-GoCache-CacheStatus
X-Aicache-OS
X-Old-Content-Length
X-Gen-Mode
X-Generated-By
X-Platform-Server
X-ID
X-Slack-Backend
X-Loc
Rt-Fastcgi-Cache
Geo-Info
X-Cache-Var-Map
X-Cache-Var
X-Planisys-CDN-TTL
X-Varnish-Url
X-Planisys-CDN-Rules
SR-User-Adfree
X-Planisys-CDN-Cache
X-PF-Uncompressing
X-Mvc-Supplant-OutputCached
X-Via-Popn
X-Via-Poph
X-Via-Popv
Pics-Label
NGB
Instruction
X-APP-VERSION
X-Servername
X-Refresh
Req-Svc-Chain
Cmsid
Cmstype
X-CUA
Url
X-Served-From
X-Matched-Rule
Lfy
Svr
Sid
Kp-EeAlive
X-Cache-Expires
CloudFront-Viewer-Country
X-Cache-Backend
A
X-TraceId
X-Vgn-Hpd-Reason
M-TraceId
X-Srv
Viewtype
X-Cdn-Origin
X-Webkit-CSP-Report-Only
VivaBuild
Pramga
X-Sn-Servicetimems
X-NCache
X-Instrumentation
X-Edge-Location-Klb
X-Server-Lifecycle-Phase
X-Kraken-Routeconfig-Destination
X-Kraken-Loop-Name
X-Cache-Date
Cross-Origin-Opener-Policy
X-Core-Mission
MIME-Version
Cache-Key
Tcn
Arc-Country
X-JoinUs
DataCenter
X-NGENIX-Cache
X-PHP-Backend
X-SaId
X-Tb-Optimization-Total-Bytes-Saved
TDXMobile
X-Edge-Location
Server-ID
X-Vc
SID
X-CLOUD-TRACE-CONTEXT
X-Request-Start
X-CDN-Forward
X-DC
Source
X-Error
X-FireWall-Protection
X-Service
X-Servedbyhost
Content-Secure-Policy
X-NC
Geoip-Latitude
X-Varnish-Cacheable
GeoIp-Country-Code
CACHE
X-Internal-Host
X-Wa
X-Extlb
X-Vcl-Version
X-Bc-Bl
X-Geo
NtCoent-Length
FSS-Cache
X-Response-By
X-HS-Status
X-Air-Source
X-B3-Spanid
X-Esi
X-Proxy-Cachei7
X-LI-Proto
X-Forwarded-Site
Xkeyi7
X-VHOST
X-Li-Proto
Resin-Trace
Surrogated-Key
Server-Ttl
Memcached
N-Cache
HitType
X-Via-NSCOPI
LB
X-Proxy-Upstream
X-PJAX-URL
X-BBXSRF
X-Req
X-HOST
X-LiteSpeed-Cache-Control
X-Newrelic-Synthetics
X-Date
X-CCDN-CacheTTL
Mail-Subject
X-Cache-2
X-VC-Cache
X-CCDN-Origin-Time
Request-ID
X-Hcs-Proxy-Type
X-Accel-Expires-Debug
We-Hiring
X-RAMCache
X-Viewer-Country
X-HostName
S-Rt
Upgrade-Insecure-Requests
D-Cc-Upstream
X-WA
X-APP
X-Sigma-Backend
X-Sigma
X-Rocket-Build-Number
Env
X-DSS
X-RPS
X-RSL
X-RateLimit-Limit-Second
X-TIM-N
X-RPM
X-Varnish-Authentication
X-VCL-Version
X-DB
X-DI
X-RateLimit-Remaining-Second
X-DW
GeoIP-Country-Code
X-Contensis-Viewer-Groups
X-Cc-Via
X-Svr
GeoIP-Latitude
X-Cc-Req-Id
X-Cache-ASPX
X-Cache-Remote
Hostname
X-Zone
X-App
Cteonnt-Length
X-Cs
X-UA
X-Men
X-ServedByHost
Time
Memory
X-MSEdge-Features
X-MSEdge-Flight
XServer
Cross-Origin-Window-Policy
ProcessTime
X-Sucuri-Cache
X-ZONE
X-Server-IP
X-Action
Server-Id
CF-Cached-On
X-Air-Trace-Id
Ohc-File-Size
X-Erf-Stays-Bingo-Pdp-Web
X-Nyt-Route
X-CF-Powered-By
VNS-Age
VNS-Cache
CPC-Cache
X-Oss-Cdn-Auth
X-Fpc
CPC-Age
X-API-Version
X-FPC
X-Cache-Config
X-Gdpr
X-Region-Sid
X-Origin-Time
Mime-Version
X-Host-Name
X-Provided-By
X-Swift-Error
X-Dynatrace-Js-Agent
X-Depends-On
Cache-Provider
X-VC
X-NodeID
X-SN
X-Check-Cacheable
My-App
W
X-FORWARDED-FOR
State
Fastcgi-Cache-TTL
X-Mg-Request-UUID
Srv
Ohc-Cache-HIT
X-Cdn-Request-ID
CDN
X-Ftr-Cache-Host
X-TIME
X-SB
X-SD-PageType
X-UnsetCookies
X-CSRF-TOKEN
X-URL
X-Dw-Trace-Id
X-Minions-Version
Proxy-Connection
X-BACKEND-TTL
X-Webstats-RespID
X-Akamai-Pragma-Client-IP
X-Client-Ip
X-Xrds-Location
X-ServerName
Cf-Ipcountry
X-Fastly-Request-Id
X-Flog
Cdn
X-Hello
X-ABtesting
X-BBC-Edge-Cache-Status
X-Parent-Response-Time
X-Fastly-Backend-Reqs
X-Cache-Type
X-Pf-Uncompressing
X-Cache-Tag
X-Pad
Media-Length
X-Render-Time
X-Oracle-DMS-ECID
Dnion-Transfer-Encoding
Vha6-Origin
X-Snapshot-Date
EpKe-Alive
OT-Force-Account-Verify
X-Presslabs-Stats
X-NGINX-Cache
X-Tenant
X-Shop-Environment
X-Acquia-Application-UUID
X-Varnish-URL
X-Acquia-Site
X-Forwarded-Path
X-ND-Cache
X-Acquia-Application-Trace
X-Orig-Expires
X-Via-PopN
X-Via-PopH
X-Air-Pt
X-ElasticPress-Search
X-LiteSpeed-Tag
PICS-Label
X-Via-PopV
X-Acquia-Purge-Tags
Epwk-X-Cache
Processtime
X-Worker
X-BBC-Origin-Response-Status
X-Akamai-ERRuleID
X-Akamai-ERPolicy
X-ElasticPress-Query
X-MiniProfiler-Ids
X-Traceid
X-Cluster-Node
X-Varnish-Beresp-TTL
Warning
X-Auto-Login
X-Ms-Meta-Originalurl
WZWS-RAY
X-Vcache
X-Request-URL
X-Lb-Id
X-Ms-Meta-Staticbatchstarttime
Xet-Cookie
X-Ua
CountryCode
X-Cache-Status-Check
X-Apw-Hits
X-Apw-Access-Object
X-Apw-Access-Token
X-Ftr-Request-Id
Environment
X-Apw-Access-Action
X-Yottaa-OS
X-Mg-Request-Id
X-Amz-Meta-Cb-Modifiedtime
Inserted-Into-Cache-At
X-B3-Parentspanid
NnCoection
Phost
Ohc-Response-Time
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-Tid
X-FTR-Cache-Host
URI
X-Redis-Duration-Ms
Content-Style-Type
Content-Script-Type
X-Storefront-Renderer-Verified
X-Litespeed-Cache-Control
X-Redis-Count