Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
CF-RAY
Cf-Request-Id
CF-Cache-Status
X-XSS-Protection
Accept-Ranges
Link
Pragma
ETag
Expect-CT
X-Powered-By
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
P3P
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
Alt-Svc
X-UA-Compatible
X-Served-By
X-Timer
X-Request-Id
X-Download-Options
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-Runtime
X-AspNet-Version
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Permitted-Cross-Domain-Policies
X-Check
X-Xss-Protection
X-Cache-Status
X-Generator
X-DNS-Prefetch-Control
X-Cacheable
Timing-Allow-Origin
X-Content-Security-Policy
X-Ua-Compatible
X-Iinfo
Content-Encoding
X-CDN
X-Request-ID
Feature-Policy
X-AspNetMvc-Version
Status
X-Envoy-Upstream-Service-Time
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
Upgrade
Access-Control-Max-Age
X-Via
Keep-Alive
X-Ws-Request-Id
X-Age
X-Robots-Tag
X-AH-Environment
X-Turbo-Charged-By
EagleId
Request-Context
X-Cache-Group
X-Proxy-Cache
Server-Timing
X-Server
X-Backend
X-Hacker
Host-Header
X-Server-Powered-By
Report-To
X-Amz-Request-Id
X-Nginx-Cache-Status
Grace
X-Amz-Id-2
X-UA-Device
X-Dns-Prefetch-Control
P3p
X-Rq
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-LiteSpeed-Cache
X-Page-Speed
Cf-Railgun
X-Pingback
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-OneAgent-JS-Injection
X-Device
X-Amz-Version-Id
X-CST
NEL
X-Cache-Spec
X-Vhost
X-WebKit-CSP
Allow
X-Host
X-Backend-Server
X-Server-Id
X-ASPNET-VERSION
Xkey
X-Dispatcher
EagleEye-TraceId
Surrogate-Control
X-Node
Request-Id
X-Response-Time
Content-Location
X-Akam-SW-Version
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Accept-CH
X-Cache-Lookup
X-Ruxit-JS-Agent
X-Application-Context
X-Country
X-Ac
X-Mod-Pagespeed
X-Cloud-Trace-Context
X-Template
Accept-Ch-Lifetime
X-Readtime
X-Language
Accept-CH-Lifetime
X-B3-TraceId
MS-Author-Via
Accept-Ch
X-Url
Rating
X-HW
X-Cnection
X-MS-InvokeApp
X-Origin-Cache
X-Vname
X-TtlSet
X-PC
Edge-Control
X-Clacks-Overhead
X-ESI
X-GitHub-Request-Id
X-Trace
X-Content-Type
X-Middleton-Response
Response
Pagespeed
Display
X-Middleton-Display
X-Sol
X-D2id
Verso
Arr-Disable-Session-Affinity
X-ORACLE-DMS-RID
X-Kinja-Server
X-Exp-Variant
X-Cdn-Fetch
X-Kinja-Build
X-Kinja
X-Exp-Id
X-GoogleNews-Bot
X-Use-Magma
X-Kinja-Revision
X-ORACLE-DMS-ECID
X-Varnish-TTL
X-Goog-Hash
X-Country-Code
X-Vcap-Request-Id
X-Powered-By-Plesk
X-Rack-Cache
X-Navigation-Version
X-VARITI-CCR
X-Server-Name
Service-Worker-Allowed
X-Oneagent-Js-Injection
X-Amz-Rid
X-TTL
X-Abt-Application-Version
X-Fastly-Request-ID
Fastly-Restarts
X-Client-IP
X-Buckets
X-Cached
X-Cache-TTL
X-FastCGI-Cache
X-MSEdge-Ref
X-Release
X-Element-Page-Cache
X-Dw-Request-Base-Id
X-NF-Request-ID
X-Webkit-CSP
X-SharePointHealthScore
SPRequestGuid
X-B3-TraceId-Primal
Mrf-Cache-Status
MRF-Tech
Public-Key-Pins
SPRequestDuration
SPIisLatency
Access-Control-Request-Method
RTSS
Cache-Tag
X-Pinterest-Rid
Pinterest-Generated-By
Pinterest-Version
X-Edge
AR-CACHE
AR-PoweredBy
AR-ATIME
Ar-Sid
AR-Request-ID
X-Ezoic-Cdn
X-LLID
X-Powered-CMS
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Upstream
X-Version
Content-MD5
X-HP-Webp
X-Jurisdiction
S
X-Recruiting
X-Mid
X-Origin-Upstream-Status
X-ECACHE
X-MCACHE
Charset
X-DynaTrace
X-Kinsta-Cache
X-Mg-S
X-PressLabs-Stats
Fusion-Template-Id
Fusion-Content-Id
Fusion-Component-Id
X-Ruxit-Js-Agent
Fusion-Content-Source
Fusion-Source
Fusion-Deployment-Id
X-Ttl
X-Content-Digest
X-T
X-Px
Cache-Tags
Fastcgi-Cache
X-Accel-Expires
X-Litespeed-Cache
X-Fastcgi-Cache
X-Id
X-Forwarded-Proto
X-Logged-In
Filters
X-Content-Security-Policy-Report-Only
TCN
Server-Node
Edge-Cache-Tag
TP-L2-Cache
TP-Cache
X-Amz-Server-Side-Encryption
Server-Name
Front-End-Https
MicrosoftSharePointTeamServices
X-Forwarded-For
X-Grace
Nginx-Cache
X-Request-Processing-Time
X-Request-Received
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Hits
X-Correlation-Id
X-Amzn-Trace-Id
X-Shield-Request-Id
X-B3-Sampled
X-Microsite
X-Request-Handler-Origin-Region
X-Debug
Alternate-Protocol
X-Varnish-Age
X-Az
X-AppVersion
X-Activity-Id
X-HS-Content-Id
X-HS-Hub-Id
X-HS-Combine-CSS
X-HS-Cache-Config
X-Amz-Replication-Status
X-F-Cache
X-XRDS-Location
X-XRDS-LOCATION
X-Yandex-Sdch-Disable
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Goog-Generation
X-GUploader-UploadID
X-Goog-Metageneration
X-Origin-Server
Surrogate-Key
X-NWS-LOG-UUID
X-Ser
X-Frontend
Nel
X-Rid
Accept-Charset
X-DIS-Request-ID
X-Geo-Country
X-Cache-Age
Host
Section-Io-Cache
X-Git-Hash
X-Hostname
X-Respond-Thread
X-Daa-Tunnel
X-RateLimit-Remaining
X-VCache
X-Upgrade-Enabled
Access-Control-Allow-Method
X-DataDome
X-Mobile-URL
X-Time
X-Server-ID
MS-CV
X-LB-Cache
X-Type
Paypal-Debug-Id
X-Source
ServerID
X-Seen-By
X-AOL-HN
X-TT
X-Cache-Action
X-Varnish-Backend
Cleartype
X-Content-Options
Payment
X-App-Environment
X-Whom
X-IPLB-Instance
Healthy
X-Flags
X-Providence-Cookie
X-Request-Guid
X-Route-Name
X-Aspnet-Duration-Ms
X-Cache-Key
X-Signature
X-B-Cache
X-Debug-Info
X-Is-Crawler
X-Page-Id
Realpath
X-Load-Cache
Cache
X-WebKit-CSP-Report-Only
X-N
X-Contextid
X-Jobs
Fastcgi-Useragent
X-FB-Debug
X-Webkit-Csp
X-FTR-Request-ID
X-Erf-Bev-Bev
X-Browser-Type
Node
X-Pinterest-Direct
X-Erf-Bev-Bev-Is-Generated
X-Mobile
X-Rule
Refresh
X-Cache-Expired-At
X-Original-Request-Id
X-Accel-Buffering
X-Response-Served-From
X-RTag
Ms-Operation-Id
DC
X-Drupal-Cache-Tags
Version
Referer-Policy
Viewport
X-Cluster-Name
Powered-By-ChinaCache
X-Zen-Fury
X-Cacheable-TTL
Access-Control-Request-Headers
X-Framework
X-Content-Powered-By
X-Wix-Request-Id
X-HTML-Minification-Powered-By
X-FireWall-Port
X-UUID
X-Proxy
X-Cache-Control
X-RemovedCookies
X-Real-IP
X-ProcessESI
X-B
X-Instance
X-Tt-Trace-Tag
X-Cache-Time
X-Region
Eomportal-Instance
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-IPS-LoggedIn
X-Tt-Trace-Host
X-Distributor
X-Page-View
X-Tec-Api-Origin
X-Tec-Api-Root
X-Tec-Api-Version
X-Drupal-Cache-Contexts
Countrycode
X-Via-JSL
X-FW-Serve
X-FW-Server
X-FW-Static
X-FW-Type
X-FW-Hash
X-FW-Dynamic
X-Cached-By
X-Cache-Rule
X-Cache-Operation
X-G
Liferay-Portal
X-App-Server
X-Yottaa-Optimizations
X-Akamai-Edgescape
X-Debug-IsConnected
X-Tumblr-Pixel
X-Tumblr-User
X-Tumblr-Pixel-1
X-Yottaa-Metrics
X-Nginx-Cache
X-Debug-IsPreview
X-Tumblr-Pixel-0
X-Cache-Hit
Xserver
X-L-Path
X-Environment-Context
X-Pass-Why
X-Www-Served-By
SRV
X-Protected-By
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
Section-Io-Origin-Status
Section-Io-Id
Server-Info
DynaTrace
CF-IPCountry
X-Device-Type
X-Varnish-Grace
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-User-Agent
Webserver
From-Origin
GEO-INFO
X-Tumblr-Pixel-2
X-Adobe-Content
X-Adobe-Loc
Ec-Rule-Version
X-Mode
Retry-After
X-Ratelimit-Limit
X-UPSTREAM-Address
X-Hl-Ver
X-RN-RSRV
X-Endurance-Cache-Level
X-Varnish-Server
Cache-Status
Meta-Geo
X-ES-SERVER
X-Handled-By
X-MP-GENERATED-AT
X-Backend-Name
Cache-Tv-Group
Frame-Options
X-Uri
X-Varnish-Ttl
X-Human
X-Access
Webcakes-Region
X-Request-Time
X-Format
X-BYPASS-REASON
X-PCL
Webcakes-App-Version
X-Cache-Server
X-Labrador-Cache-Channel
X-Section
X-Storage
Property-Id
TWC-Privacy
TWC-Connection-Speed
TWC-Locale-Group
TWC-GeoIP-Country
TWC-Device-Class
Webcakes-App-Name
Fastly-SSL
Country
Apigw-Requestid
X-Soup
Decoy-Debug-Key
Decoy-Debug-TTL
Decoy-Debug-Status
TWC-GeoIP-LatLong
X-Varnishpool
X-ProxyCache-Status
X-PHP-Host
X-FB-TRIP-ID
X-Pubstack
X-OCL
X-ProxyCache-Key
X-Origin-Hint
Azure-SlotName
Azure-SiteName
Azure-InstanceId
X-No-Session
Azure-RegionName
X-AWS-Id
Mn-Server-Ip
Selected-Fe
X-NYM-Debug-Backend
X-Proxy-Build
X-LAGOON
X-Timing-Wait
X-ApacheServer
X-Info
Azure-Version
X-Be
X-PERF
X-VWS-Id
X-Via-Fastly
X-S-Maxage
X-WA-Info
X-R9-Blue-Green-Version
X-Redis-Cache
X-Server-W
X-LJ-Flow-ID
X-UA-Device-Type
X-Proxied
X-Sql-Count
X-Say-TTL
X-Web-Node
X-Xfnlog-Site
Protected
X-Zipkin-Id
X-SayCDN-TTL
X-Origin-Date
X-Cache-TTL-Remaining
Cache-Name
X-Sql-Duration-Ms
X-Status
X-Proto
X-Say-Cacheable
X-Routing-Service
X-TNCMS
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Alternate-Cache-Key
X-Hyper-Cache
X-Loop
X-Storefront-Renderer-Rendered
X-Site-Version
X-Shopify-Stage
X-GG-Cache-Date
X-ShopId
X-Locale
X-ShardId
X-Hosted-By
X-Proxy-Cache-Status
Uber-Trace-Id
X-TA-CDN-Provider
X-Cache-Enabled
X-Is-Bot
X-FW-Version
X-Rendered-As
X-AIR-PT
AMP-Access-Control-Allow-Source-Origin
X-Microcachable
X-Content-Age
X-Dc
X-Cluster
X-NWS-UUID-VERIFY
X-TT-LOGID
S-Cnection
X-Cache-Grace
X-Forwarded-Host
X-Qloud-Router
X-Azure-Ref
X-Revision
X-CCM
X-Backend-Host
X-Node-Name
X-Platform
X-Via-CDN
X-CSRF-Token
Amp-Access-Control-Allow-Source-Origin
Cache-Hits
X-SRV
Akamai-GRN
X-Aspnetmvc-Version
X-Correlation-ID
X-Trace-Id
X-App-Version
X-ATG-Version
ServedBy
X-EdgeConnect-Cache-Status
X-Varnish-Hostname
X-Detected-As
X-Cache-NGX
X-Cache-Host
X-Cache-PHP
X-Debug-Cache
X-RCS-CacheZone
X-Amz-Apigw-Id
X-Amzn-Remapped-Content-Length
X-Amzn-RequestId
X-B3-SpanId
X-Ratelimit-Remaining
HostName
DB-Nickname
X-Oss-Server-Time
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-Oss-Storage-Class
X-Akamai-Transformed
X-Oss-Request-Id
X-FTR-Backend
X-Nc
X-CACHE-KEY
X-FTR-DC
X-Country-Code-Real
SD-X-WS
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-Cache-Status
X-FTR-Realm
Who
X-BCube-Filmed-By
X-CS
X-TX-ID
Country-Code
X-Adobe-Source
X-Time-Microsecs
X-Amz-Meta-S3cmd-Attrs
Backend
X-Ms-Request-Id
X-Ms-Version
X-Connection-Hash
X-Owner
X-PAYTM-SRV-ID
X-PBS-Appsvrname
X-A-Dgt
X-Origin-TTL
X-Varnish-Beresp-Grace
Odigeo-Trace-Id
X-NAPM-TraceId
X-Origin-CC
DCR-Decision-By
X-Vtex-Remote-Cache
X-Generated-On
X-Generation-Time
X-A-Ccd
X-A
X-External-Request-Id
X-From
Machine
MD5-Digest
X-A-Dam
X-Level-Front-Cache
X-Location
X-Destination
X-A-Wwc
X-A-Dcw
X-Varnish-Cache-Hits
Meta-Geo-Continent
Mobile-Detection-Method
X-D
X-VG-WebServer
X-S-Cookie
X-Aed
X-S
X-Application
X-Trv-Group
X-ARC
Expiry
X-Processor
X-Vdms-Path
X-Session-Fingerprint
X-SRCache-Key
X-Vdms-Version
Rendered-Blocks
X-ScT
X-Rojux
X-DynaTrace-JS-Agent
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-ServerID
X-VG-WebCache
X-Vtex-Processado-Em
X-B-Cookie
Fastcgi-X-Cache-Version
T-Server
X-Request-UUID
X-Rewrite-Enabled
X-Cache-NE
BehaviorPad-Version
DCR-Processing-Time-Ms
X-Backend-TTL
Filterid
X-Unique-Id
AKAMAI
X-Core-Value
X-Varnish-Beresp-Ttl
Content-Disposition
X-Cms-Context
Gh-Request-Id
Wxu-Next-Region
Xc-Version
Host-ID
Fastly-Backend-Name
X-Developers
X-Cache-Bucket
X-Cache-Info
CacheControlHeader
X-Bip
Cache-Host
X-Device-Os
X-Irp-Debug
X-Fastly-Cache
X-Policy
Release
X-OVcl-Cache
Thinkindot-CacheControl
X-Swa-Ws
V-Age
X-OVcl
Pagetype
X-Magnolia-Registration
UCS
X-B3-Traceid
Thinkindot-Control
Path
Thinkindot-CacheControl-Type
X-Unique-ID
X-Reqid
On-Server
X-Thanos
Magicmarker
X-Generated-In
X-Geo-Header
Server-Host
Ssr
X-Fetched-On
Wxu-Next-Hostname
Tracecode
X-GeoIP-City
X-Thinkindot-L3
X-Micro-Cache
X-Mvc-Supplant-Cachable
X-TrackingId
X-Tumblr-Pixel-3
Wxu-Next-Commit
X-HS-Content-Campaign-Id
X-Air-Hostname
X-Tb
User-Cache-Control
X-RateLimit-Limit
X-APP-VERSION
X-NewRelic-App-Data
X-GEO
X-FTR-Expires
X-Varnish-Beresp-Status
PB-PID
Web-Mar-Node
PB-RID
Vix-Hermes-Req-Id
True-Client-Country-4JS
X-Gen-Mode
X-Old-Content-Length
X-Origin
X-Origin-Response-Time
X-Ratelimit-Reset
X-Nginx-Cache-Key
X-Method
X-HN
X-Hnp-Log
X-IP
X-Request-Host
X-Request-URI
X-SVT-ORM-VERSION
X-User
X-Var-Ttl
X-Varnish-Hits
X-SVT-ORM-RULES
X-VarnishDD-TTL
X-VG-TLSProxy
X-Scheme
X-Skip-Cache
X-Gzip
X-GeoIP
X-Cache-Id
X-Wikidot-Static-Cache
X-CGP
X-Wikidot-Backend
X-Cache-Debug
Arc-Version
X-Block-Status
X-Branch-Name
Cf-Device-Type
X-Clara-WADP
X-WADP-Cache
X-Eu-Site
X-Fmm-Version
Sever-Int
X-Generated-By
X-Esi-Check
X-Envoy-Decorator-Operation
X-Csrf-Jwt
X-Developer
X-Dispatcher-Server
X-Backend-State
NM-Fastcgi-Cache
CDN-RequestCountryCode
CDN-PullZone
CDN-EdgeStorageId
CDN-CachedAt
CDN-RequestId
CDN-Uid
Ha-Gx-Prefs
X-Sucuri-ID
DSUID
Cf-Bgj
X-JWT-State
CDN-Cache
Apple-News-Services-Host
Apple-News-Services-Handled
X-Has-Esi
X-FC-Vary-Parameters
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
CDCHOST
C-Via
X-Is-Gdpr
HA-Ipaddr
Esi-Enabled
Origin
NGX
Location
PFcat
X-Azure-Ref-OriginShield
X-Cdn-Forward
Server-Hostname
Server-Ext
L5d-Success-Class
Locid
L
X-EC-Lua
X-ID
X-Node-Id
X-Varnish-CookieHashed-On
X-Rebelmouse-Surrogate-Control
X-NU-AKA-ACS-Version
X-Fastly-Backend
X-GoCache-CacheStatus
X-SIPLIST1
X-Variation
X-Platform-Server
X-Origin-Expires
X-Slack-Backend
X-Li-Pop
X-LI-UUID
X-Varnish-Remaining-TTL
X-VServer
X-Hash
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Varnish-CookieINHashed-On
X-Li-Fabric
X-Gamma-Serve
X-Rebelmouse-Cache-Control
X-LB-ID
X-Epic-Correlation-Id
Is-Eu
X-DefHash
X-Clientip
Fastly-SWR
X-DefElseHash
X-Aicache-OS
Platform
Fastly-Drupal-HTML
IsBot
Fastly-SIE
X-Cache-Tags
Adler-Geo
X-DPWN-IS-SECURE
X-Cache-Var
X-Cache-Var-Map
X-Planisys-CDN-TTL
SR-User-Adfree
Instruction
X-Mvc-Supplant-OutputCached
Rt-Fastcgi-Cache
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Varnish-Url
X-Loc
Pics-Label
NGB
X-CUA
X-PF-Uncompressing
Geo-Info
Cmstype
X-Matched-Rule
Lfy
Url
Req-Svc-Chain
X-Via-Popv
X-Via-Poph
Sid
X-Via-Popn
Cmsid
X-Refresh
X-Servername
Svr
Kp-EeAlive
X-Cache-Expires
X-Served-From
X-Cache-Backend
CloudFront-Viewer-Country
X-NCache
Pramga
A
VivaBuild
X-Srv
Viewtype
X-Sn-Servicetimems
X-Cdn-Origin
Cache-Key
M-TraceId
X-Vgn-Hpd-Reason
X-Core-Mission
X-Cache-Date
X-TraceId
X-Tb-Optimization-Total-Bytes-Saved
Arc-Country
MIME-Version
Cross-Origin-Opener-Policy
TDXMobile
X-CLOUD-TRACE-CONTEXT
X-JoinUs
Source
X-Request-Start
DataCenter
X-NGENIX-Cache
X-PHP-Backend
X-SaId
X-Webkit-CSP-Report-Only
X-Edge-Location
X-Kraken-Routeconfig-Destination
X-Error
X-Edge-Location-Klb
X-Server-Lifecycle-Phase
X-FireWall-Protection
X-Kraken-Loop-Name
X-DC
Server-ID
X-Servedbyhost
X-Instrumentation
X-Vc
SID
X-NC
Geoip-Latitude
X-Wa
X-Varnish-Cacheable
Tcn
GeoIp-Country-Code
X-Service
Content-Secure-Policy
X-CDN-Forward
NtCoent-Length
X-Air-Source
X-Extlb
X-HS-Status
X-Internal-Host
X-Response-By
X-Vcl-Version
X-B3-Spanid
X-Geo
Xkeyi7
FSS-Cache
X-Forwarded-Site
X-Bc-Bl
X-Proxy-Cachei7
X-Esi
CACHE
Server-Ttl
X-LI-Proto
Resin-Trace
N-Cache
X-Li-Proto
HitType
X-BBXSRF
X-Via-NSCOPI
X-HOST
X-LiteSpeed-Cache-Control
X-VCL-Version
X-PJAX-URL
X-Proxy-Upstream
X-Date
X-Accel-Expires-Debug
Mail-Subject
Surrogated-Key
LB
We-Hiring
X-RAMCache
X-Req
Memcached
X-Hcs-Proxy-Type
X-Viewer-Country
X-Cache-2
Request-ID
X-CCDN-Origin-Time
X-CCDN-CacheTTL
S-Rt
X-Cs
X-TIM-N
X-RPM
X-Varnish-Authentication
X-DSS
X-RSL
X-DW
X-DB
X-RPS
X-DI
X-Newrelic-Synthetics
Upgrade-Insecure-Requests
X-Cc-Req-Id
X-VC-Cache
X-Cc-Via
X-Contensis-Viewer-Groups
X-Svr
X-Cache-ASPX
Env
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
D-Cc-Upstream
Hostname
X-Cache-Remote
Cteonnt-Length
X-APP
X-UA
X-Men
X-App
X-WA
X-Sigma-Backend
X-Sigma
X-Rocket-Build-Number
GeoIP-Latitude
GeoIP-Country-Code
XServer
X-ZONE
X-Air-Trace-Id
CF-Cached-On
X-Server-IP
Time
ProcessTime
Ohc-File-Size
Memory
X-Action
X-ServedByHost
Server-Id
X-Sucuri-Cache
X-MSEdge-Flight
Cross-Origin-Window-Policy
X-MSEdge-Features
X-Erf-Stays-Bingo-Pdp-Web
X-Zone
X-HostName
X-TIME
X-Region-Sid
X-FPC
Mime-Version
CPC-Age
CPC-Cache
VNS-Age
VNS-Cache
X-Oss-Cdn-Auth
X-Nyt-Route
X-Origin-Time
X-CF-Powered-By
X-Gdpr
X-API-Version
X-Fpc
X-Cache-Config
X-Dynatrace-Js-Agent
X-Provided-By
X-Swift-Error
X-Host-Name
X-NodeID
X-SN
X-VC
X-FORWARDED-FOR
X-Depends-On
Cache-Provider
W
X-Check-Cacheable
Ohc-Cache-HIT
Srv
X-Cdn-Request-ID
My-App
X-BACKEND-TTL
Fastcgi-Cache-TTL
CDN
X-SB
X-UnsetCookies
X-Webstats-RespID
State
X-SD-PageType
X-CSRF-TOKEN
X-Ftr-Cache-Host
X-Client-Ip
X-ServerName
X-Akamai-Pragma-Client-IP
X-Fastly-Backend-Reqs
X-Parent-Response-Time
X-BBC-Edge-Cache-Status
X-Flog
X-Dw-Trace-Id
X-Hello
Cdn
X-ABtesting
X-Fastly-Request-Id
X-Minions-Version
X-Mg-Request-UUID
Media-Length
X-Presslabs-Stats
X-NGINX-Cache
Vha6-Origin
Cf-Ipcountry
Dnion-Transfer-Encoding
Proxy-Connection
EpKe-Alive
X-Cache-Tag
X-Oracle-DMS-ECID
X-Pf-Uncompressing
X-Via-PopH
X-Render-Time
X-Via-PopV
X-Via-PopN
X-Pad
PICS-Label
X-Cache-Type
X-Snapshot-Date
X-Acquia-Purge-Tags
OT-Force-Account-Verify
X-LiteSpeed-Tag
X-Acquia-Application-Trace
X-ElasticPress-Search
X-Acquia-Site
X-Acquia-Application-UUID
Epwk-X-Cache
X-Tenant
X-Auto-Login
X-Orig-Expires
X-Varnish-URL
Warning
X-ND-Cache
X-ElasticPress-Query
X-Worker
X-Forwarded-Path
X-Shop-Environment
X-Akamai-ERRuleID
X-Ms-Meta-Staticbatchstarttime
X-Varnish-Beresp-TTL
X-Vcache
X-Ms-Meta-Originalurl
X-Lb-Id
X-BBC-Origin-Response-Status
X-Traceid
Xet-Cookie
X-Akamai-ERPolicy
X-Request-URL
Processtime
X-Cluster-Node
X-MiniProfiler-Ids
X-Ua
X-Air-Pt
X-Tx-Id
CountryCode
X-Cache-Status-Check
X-Apw-Hits
X-Apw-Access-Token
X-Apw-Access-Object
X-Yottaa-OS
WZWS-RAY
X-Redis-Duration-Ms
Environment
X-Ftr-Request-Id
X-Apw-Access-Action
X-Mg-Request-Id
X-B3-Parentspanid
Ohc-Response-Time
Phost
Inserted-Into-Cache-At
X-Redis-Count
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-FTR-Cache-Host
X-Tid
Content-Style-Type
NnCoection
Content-Script-Type
X-Litespeed-Cache-Control
X-Amz-Meta-Cb-Modifiedtime
URI
X-Storefront-Renderer-Verified