Threat Level: green Handler on Duty: Renato Marinho

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-RAY
CF-Cache-Status
Accept-Ranges
Link
Pragma
ETag
X-XSS-Protection
Expect-CT
X-Powered-By
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
P3P
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
Alt-Svc
X-UA-Compatible
X-Served-By
X-Timer
X-Download-Options
Access-Control-Allow-Headers
X-Request-Id
X-Varnish
X-Xss-Protection
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-Runtime
X-AspNet-Version
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Permitted-Cross-Domain-Policies
X-Check
X-Cache-Status
X-Generator
X-DNS-Prefetch-Control
X-Cacheable
X-Ua-Compatible
Timing-Allow-Origin
X-Content-Security-Policy
X-FRAME-OPTIONS
X-Iinfo
X-Request-ID
Content-Encoding
Feature-Policy
X-AspNetMvc-Version
Status
X-CDN
X-Envoy-Upstream-Service-Time
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
Upgrade
Access-Control-Max-Age
X-Via
Keep-Alive
X-Ws-Request-Id
X-AH-Environment
X-Age
X-Robots-Tag
Request-Context
X-Turbo-Charged-By
EagleId
X-Cache-Group
X-Proxy-Cache
Server-Timing
X-Server
X-Backend
X-Hacker
X-Server-Powered-By
Host-Header
Report-To
X-Amz-Request-Id
X-Nginx-Cache-Status
X-Amz-Id-2
Grace
X-UA-Device
X-Dns-Prefetch-Control
X-Rq
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-Page-Speed
X-LiteSpeed-Cache
X-OneAgent-JS-Injection
Cf-Railgun
X-Pingback
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Device
X-CST
X-Amz-Version-Id
NEL
X-Cache-Spec
Allow
X-Vhost
X-Host
X-Backend-Server
X-WebKit-CSP
X-Server-Id
X-ASPNET-VERSION
X-Dispatcher
Surrogate-Control
EagleEye-TraceId
X-Node
Xkey
Request-Id
X-Response-Time
Content-Location
X-Akam-SW-Version
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Ruxit-JS-Agent
Accept-CH
X-Cache-Lookup
P3p
X-Application-Context
X-Country
X-Ac
X-Mod-Pagespeed
X-Cloud-Trace-Context
X-Readtime
Accept-CH-Lifetime
X-Template
X-B3-TraceId
X-Language
MS-Author-Via
Accept-Ch-Lifetime
X-HW
Rating
X-Url
Accept-Ch
X-Cnection
X-MS-InvokeApp
X-Origin-Cache
X-TtlSet
X-PC
X-Vname
Edge-Control
X-Clacks-Overhead
X-ESI
X-GitHub-Request-Id
X-Trace
X-Webkit-CSP
X-Varnish-TTL
Pagespeed
X-Sol
Display
X-Middleton-Response
Response
X-Middleton-Display
X-D2id
X-Content-Type
Verso
Arr-Disable-Session-Affinity
X-Cdn-Fetch
X-Kinja-Revision
X-GoogleNews-Bot
X-Kinja-Build
X-Kinja-Server
X-Exp-Variant
X-Exp-Id
X-Kinja
X-Use-Magma
X-Powered-By-Plesk
X-Country-Code
X-FastCGI-Cache
X-Goog-Hash
X-Rack-Cache
X-Vcap-Request-Id
X-ORACLE-DMS-RID
X-VARITI-CCR
X-Navigation-Version
X-ORACLE-DMS-ECID
X-TTL
X-Server-Name
X-Abt-Application-Version
X-Amz-Rid
Service-Worker-Allowed
Fastly-Restarts
X-Fastly-Request-ID
X-Client-IP
X-Cached
X-Buckets
X-MSEdge-Ref
X-Release
X-Element-Page-Cache
Cache-Tag
X-Dw-Request-Base-Id
X-NF-Request-ID
Mrf-Cache-Status
MRF-Tech
X-B3-TraceId-Primal
X-Cache-TTL
RTSS
Access-Control-Request-Method
Public-Key-Pins
X-SharePointHealthScore
SPRequestGuid
SPIisLatency
SPRequestDuration
AR-PoweredBy
AR-ATIME
AR-CACHE
AR-Request-ID
Ar-Sid
X-Edge
X-Ezoic-Cdn
X-LLID
X-Powered-CMS
X-Pinterest-Rid
Pinterest-Version
Pinterest-Generated-By
X-Upstream
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Litespeed-Cache
X-Version
S
X-HP-Webp
X-Jurisdiction
Content-MD5
X-Kinsta-Cache
X-Recruiting
X-Mid
X-ECACHE
X-MCACHE
Charset
X-Mg-S
X-Oneagent-Js-Injection
X-PressLabs-Stats
X-DynaTrace
X-T
X-Origin-Upstream-Status
Cache-Tags
X-Ttl
X-Content-Digest
X-Accel-Expires
X-Forwarded-Proto
Fusion-Template-Id
Fusion-Source
Fusion-Content-Source
Fusion-Component-Id
Fusion-Deployment-Id
Fusion-Content-Id
Fastcgi-Cache
X-Id
X-Content-Security-Policy-Report-Only
X-Px
X-Logged-In
TP-Cache
Filters
TP-L2-Cache
Server-Node
Edge-Cache-Tag
Server-Name
X-Correlation-Id
X-Amz-Server-Side-Encryption
Front-End-Https
TCN
X-Forwarded-For
X-Request-Received
X-Request-Processing-Time
MicrosoftSharePointTeamServices
X-Ruxit-Js-Agent
Nginx-Cache
X-Grace
X-Shield-Request-Id
X-Hits
Alternate-Protocol
X-Amzn-Trace-Id
X-B3-Sampled
X-XRDS-Location
X-Microsite
X-Request-Handler-Origin-Region
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-AppVersion
X-Az
X-Activity-Id
X-F-Cache
X-HS-Combine-CSS
X-HS-Cache-Config
X-Amz-Replication-Status
X-Server-ID
X-HS-Content-Id
X-HS-Hub-Id
X-Varnish-Age
X-NWS-LOG-UUID
X-Debug
X-Origin-Server
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Storage-Class
X-Goog-Generation
X-GUploader-UploadID
X-Fastcgi-Cache
X-Frontend
X-Rid
X-Yandex-Sdch-Disable
Host
X-Cache-Age
Realpath
Section-Io-Cache
X-Geo-Country
Surrogate-Key
X-DIS-Request-ID
Nel
Accept-Charset
X-Daa-Tunnel
X-Ser
X-RateLimit-Remaining
X-Git-Hash
X-XRDS-LOCATION
X-Hostname
X-Time
X-VCache
Access-Control-Allow-Method
X-Mobile-URL
X-Respond-Thread
MS-CV
Cleartype
X-Upgrade-Enabled
X-Seen-By
X-AOL-HN
X-Source
X-DataDome
ServerID
Paypal-Debug-Id
X-Type
X-LB-Cache
X-Contextid
X-TT
Healthy
X-IPLB-Instance
X-Varnish-Backend
Payment
X-B-Cache
X-Signature
X-Cache-Action
X-WebKit-CSP-Report-Only
X-Content-Options
X-Debug-Info
X-Route-Name
X-Whom
X-Is-Crawler
X-Flags
X-Aspnet-Duration-Ms
X-Request-Guid
X-Providence-Cookie
X-Load-Cache
X-App-Environment
X-Page-Id
X-N
X-FB-Debug
Fastcgi-Useragent
X-Cache-Key
X-Jobs
Node
Cache
X-Rule
X-Webkit-Csp
X-Mobile
X-Cache-Expired-At
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Browser-Type
Refresh
X-FireWall-Port
Viewport
X-Accel-Buffering
X-Wix-Request-Id
X-Response-Served-From
X-Original-Request-Id
X-RTag
Ms-Operation-Id
DC
X-FTR-Request-ID
X-Cluster-Name
X-Content-Powered-By
X-Cacheable-TTL
Access-Control-Request-Headers
X-Framework
X-Instance
X-Zen-Fury
X-B
X-RemovedCookies
X-Tec-Api-Root
X-Tec-Api-Version
X-Real-IP
X-ProcessESI
X-Debug-IsPreview
X-Tec-Api-Origin
X-HTML-Minification-Powered-By
X-Distributor
X-Debug-IsConnected
X-Region
X-Cache-Control
X-Cache-Time
Referer-Policy
X-Drupal-Cache-Tags
X-IPS-LoggedIn
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Proxy
X-UUID
Eomportal-Instance
Version
X-Page-View
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-Www-Served-By
Countrycode
X-Drupal-Cache-Contexts
X-Protected-By
X-Nginx-Cache
X-FW-Hash
X-FW-Static
Xserver
X-FW-Serve
X-G
X-FW-Type
X-FW-Dynamic
X-FW-Server
X-Tumblr-User
X-Tumblr-Pixel-1
X-Cached-By
X-App-Server
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Cache-Rule
X-Yottaa-Metrics
Liferay-Portal
X-Yottaa-Optimizations
X-Cache-Operation
X-Via-JSL
X-Akamai-Edgescape
X-Varnish-Grace
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
Section-Io-Id
Section-Io-Origin-Status
X-L-Path
X-Environment-Context
X-Cache-Hit
X-Pass-Why
Powered-By-ChinaCache
SRV
X-Device-Type
CF-IPCountry
X-Pinterest-Direct
X-TA-CDN-Provider
Server-Info
GEO-INFO
DynaTrace
X-Adobe-Loc
X-Adobe-Content
X-Varnish-Server
X-User-Agent
Cache-Status
Retry-After
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
Frame-Options
X-Tumblr-Pixel-2
From-Origin
X-Handled-By
Meta-Geo
X-Hl-Ver
X-RN-RSRV
X-UPSTREAM-Address
Ec-Rule-Version
X-Endurance-Cache-Level
X-ES-SERVER
Webserver
X-Backend-Name
X-Mode
X-FB-TRIP-ID
Cache-Tv-Group
X-Origin-Hint
Uber-Trace-Id
X-Access
Webcakes-Region
X-Be
X-BYPASS-REASON
X-MP-GENERATED-AT
X-Format
X-Cache-Server
X-NYM-Debug-Backend
Webcakes-App-Name
Property-Id
TWC-Connection-Speed
Country
Apigw-Requestid
X-Proxy-Cache-Status
TWC-Device-Class
TWC-GeoIP-Country
X-PCL
TWC-Privacy
TWC-Locale-Group
TWC-GeoIP-LatLong
Webcakes-App-Version
X-OCL
X-Section
X-Request-Time
X-ProxyCache-Status
X-Varnishpool
X-Soup
X-Uri
X-Storage
X-ProxyCache-Key
X-Pubstack
Fastly-SSL
Decoy-Debug-TTL
Cache-Name
X-Human
X-WA-Info
X-Via-Fastly
X-VWS-Id
X-UA-Device-Type
Selected-Fe
Mn-Server-Ip
Decoy-Debug-Key
Decoy-Debug-Status
X-Server-W
X-Proxy-Build
X-LJ-Flow-ID
X-Proto
X-PHP-Host
X-Origin-Date
X-Labrador-Cache-Channel
X-Info
X-ApacheServer
X-PERF
X-AWS-Id
X-S-Maxage
X-R9-Blue-Green-Version
X-Timing-Wait
X-No-Session
X-GG-Cache-Date
Protected
X-Cache-TTL-Remaining
Azure-InstanceId
Azure-RegionName
Azure-Version
Azure-SlotName
Azure-SiteName
X-LAGOON
X-Xfnlog-Site
X-Sql-Duration-Ms
X-TNCMS
X-Web-Node
X-Sql-Count
X-SayCDN-TTL
X-Loop
X-Say-Cacheable
X-Say-TTL
X-Hosted-By
X-Alternate-Cache-Key
X-Hyper-Cache
X-Sorting-Hat-PodId
X-Status
X-Sorting-Hat-ShopId
X-Shopify-Stage
X-ShopId
X-ShardId
X-Storefront-Renderer-Rendered
X-Redis-Cache
X-App-Version
X-Routing-Service
X-Proxied
X-Zipkin-Id
X-Cache-Enabled
X-Ratelimit-Limit
X-NWS-UUID-VERIFY
X-Content-Age
X-Locale
X-SRV
X-Is-Bot
X-Rendered-As
X-Backend-Host
X-Site-Version
X-Microcachable
X-Azure-Ref
AMP-Access-Control-Allow-Source-Origin
X-FW-Version
X-Cluster
S-Cnection
Amp-Access-Control-Allow-Source-Origin
X-Forwarded-Host
X-Cache-Grace
X-AIR-PT
X-TT-LOGID
X-Platform
X-CSRF-Token
X-Qloud-Router
Akamai-GRN
X-Trace-Id
X-Revision
ServedBy
X-Dc
X-Via-CDN
X-Cache-PHP
X-Cache-NGX
X-ATG-Version
X-Varnish-Hostname
X-EdgeConnect-Cache-Status
X-Cdn
Cache-Hits
X-Varnish-Ttl
X-Debug-Cache
X-RCS-CacheZone
X-Aspnetmvc-Version
X-CACHE-KEY
X-Node-Name
Who
X-Akamai-Transformed
Country-Code
X-CCM
DB-Nickname
X-TX-ID
X-CS
Filterid
X-Cache-Host
X-B3-SpanId
X-Detected-As
X-Amzn-Remapped-Content-Length
X-Amzn-RequestId
X-Amz-Apigw-Id
X-RateLimit-Limit
X-Adobe-Source
X-Ratelimit-Remaining
X-BCube-Filmed-By
X-Ms-Request-Id
X-Varnish-Beresp-Grace
X-Ms-Version
SD-X-WS
Backend
X-GEO
X-Unique-Id
X-Varnish-Beresp-Ttl
X-Nc
Rendered-Blocks
BehaviorPad-Version
Mobile-Detection-Method
Expiry
Odigeo-Trace-Id
MD5-Digest
X-Varnish-Beresp-Status
X-External-Request-Id
DCR-Decision-By
Fastcgi-X-Cache-Version
X-Oss-Server-Time
X-Oss-Hash-Crc64ecma
X-A
DCR-Processing-Time-Ms
Machine
X-Oss-Request-Id
X-Oss-Object-Type
X-Oss-Storage-Class
X-A-Dcw
Meta-Geo-Continent
X-Generated-On
X-From
X-A-Dam
T-Server
X-A-Ccd
X-Varnish-Cache-Hits
X-VG-WebCache
X-PAYTM-SRV-ID
X-PBS-Appsvrname
X-SRCache-Key
X-Session-Fingerprint
X-Generation-Time
X-B-Cookie
X-CF-Lambda-Fn
X-D
X-Cache-NE
X-Connection-Hash
X-ScT
X-S
X-Request-UUID
X-Rojux
X-A-Dgt
X-Processor
X-S-Cookie
X-ARC
X-Application
HostName
X-Owner
X-Destination
X-Location
X-Vdms-Version
X-Correlation-ID
X-Level-Front-Cache
X-Vtex-Remote-Cache
X-Vtex-Processado-Em
X-VG-WebServer
X-Vdms-Path
X-NAPM-TraceId
X-Time-Microsecs
X-A-Wwc
X-Aed
X-Rewrite-Enabled
X-Origin-TTL
X-Trv-Group
X-Origin-CC
X-CF-Lambda-Version
X-Edge-Location-Klb
X-Magnolia-Registration
X-Fetched-On
Gh-Request-Id
X-FC-Vary-Parameters
X-Cms-Context
X-TrackingId
Host-ID
X-OVcl
X-Cache-Bucket
X-Generated-In
Magicmarker
X-OVcl-Cache
X-Device-Os
X-Tumblr-Pixel-3
CacheControlHeader
Cache-Host
X-Has-Esi
Arc-Version
Cf-Device-Type
X-JWT-State
X-Developers
Fastly-Backend-Name
X-Is-Gdpr
Content-Disposition
X-Thinkindot-L3
X-Thanos
X-Policy
UCS
X-Geo-Header
X-GeoIP-City
Release
X-Reqid
Server-Host
AKAMAI
Thinkindot-CacheControl-Type
Thinkindot-Control
Ssr
X-FTR-DC
Wxu-Next-Commit
Wxu-Next-Hostname
Wxu-Next-Region
X-Core-Value
X-Bip
Pagetype
Path
X-ServerID
X-Azure-Ref-OriginShield
PB-RID
PB-PID
Thinkindot-CacheControl
V-Age
X-FTR-Backend
X-FTR-Backend-Server
X-Backend-TTL
X-Country-Code-Real
X-FTR-Cache-Status
NGB
X-FTR-Balancer
X-FTR-Realm
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
X-Kraken-Routeconfig-Destination
X-Instrumentation
X-Fastly-Backend
X-Eu-Site
X-Rebelmouse-Cache-Control
Vix-Hermes-Req-Id
X-Rebelmouse-Surrogate-Control
X-Fastly-Cache
True-Client-Country-4JS
X-Epic-Correlation-Id
X-DynaTrace-JS-Agent
Platform
X-Platform-Server
PFcat
X-GoCache-CacheStatus
X-Variation
X-User
X-Ratelimit-Reset
Server-Hostname
Server-Ext
X-SVT-ORM-VERSION
Sever-Int
X-Dispatcher-Server
X-Var-Ttl
X-VServer
X-Scheme
X-Branch-Name
X-B3-Traceid
X-Cache-Debug
X-Clientip
X-CGP
Esi-Enabled
X-Cache-Tags
X-Cache-Info
X-Request-URI
X-SIPLIST1
X-Node-Id
Origin
X-DPWN-IS-SECURE
X-SVT-ORM-RULES
X-Developer
X-Backend-State
X-Skip-Cache
X-Csrf-Jwt
X-DefElseHash
X-DefHash
X-Envoy-Decorator-Operation
X-GeoIP
X-Micro-Cache
X-EC-Lua
Cf-Bgj
CDN-Uid
CDN-RequestCountryCode
CDN-RequestId
X-Method
X-LI-UUID
X-Li-Pop
Fastly-SWR
X-NU-AKA-ACS-Version
X-VarnishDD-TTL
DSUID
CDN-PullZone
CDN-EdgeStorageId
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Apple-News-Services-Handled
X-Nginx-Cache-Key
Adler-Geo
Apple-News-Services-Request-Url
X-Mvc-Supplant-Cachable
CDN-Cache
CDN-CachedAt
CDCHOST
X-VG-TLSProxy
C-Via
X-Li-Fabric
Fastly-SIE
L5d-Success-Class
X-Origin-Expires
L
X-Varnish-CookieHashed-On
X-Varnish-Hits
Location
Locid
X-HN
X-HS-Content-Campaign-Id
X-IP
X-Varnish-CookieINHashed-On
Is-Eu
IsBot
HA-Ipaddr
X-Origin
Ha-Gx-Prefs
X-Irp-Debug
X-Varnish-Remaining-TTL
NGX
NM-Fastcgi-Cache
X-NewRelic-App-Data
X-Unique-ID
User-Cache-Control
X-Amz-Meta-S3cmd-Attrs
X-Hash
X-Gzip
X-Wikidot-Backend
X-Clara-WADP
X-Fmm-Version
X-Esi-Check
X-Goog-Meta-Goog-Reserved-File-Mtime
X-WADP-Cache
X-LB-ID
X-Loc
X-Wikidot-Static-Cache
X-Request-Host
X-Gamma-Serve
X-Planisys-CDN-Cache
X-Aicache-OS
On-Server
X-Generated-By
X-Sucuri-ID
X-Block-Status
X-Tb
X-Gen-Mode
Rt-Fastcgi-Cache
Fastly-Drupal-HTML
X-Hnp-Log
X-Origin-Response-Time
X-Cache-Id
X-Planisys-CDN-Rules
Web-Mar-Node
X-Old-Content-Length
X-Planisys-CDN-TTL
X-ID
X-Servername
Cmsid
Xc-Version
X-Swa-Ws
Req-Svc-Chain
Cmstype
X-Slack-Backend
X-Air-Hostname
X-FTR-Expires
X-PF-Uncompressing
X-Via-Poph
X-Varnish-Url
Svr
X-Served-From
Kp-EeAlive
X-Via-Popv
Pics-Label
X-Via-Popn
X-Mvc-Supplant-OutputCached
X-APP-VERSION
X-Vgn-Hpd-Reason
A
Url
Tracecode
X-Refresh
X-Cdn-Forward
VivaBuild
Instruction
Viewtype
SR-User-Adfree
M-TraceId
X-Cache-Var-Map
X-Cache-Var
X-SaId
X-NGENIX-Cache
X-JoinUs
X-PHP-Backend
Cache-Key
X-Edge-Location
Arc-Country
X-CUA
Cross-Origin-Opener-Policy
X-CDN-Forward
X-DC
SID
X-Matched-Rule
Sid
TDXMobile
Lfy
Geo-Info
X-NC
X-TraceId
X-Cache-Expires
CloudFront-Viewer-Country
MIME-Version
X-Sn-Servicetimems
X-Tb-Optimization-Total-Bytes-Saved
Tcn
X-Cdn-Origin
X-Vc
NtCoent-Length
DataCenter
X-NCache
Pramga
Content-Secure-Policy
X-Cache-Backend
X-Service
X-Extlb
Server-ID
X-Servedbyhost
X-CLOUD-TRACE-CONTEXT
X-Core-Mission
X-Internal-Host
X-Cache-Date
X-Webkit-CSP-Report-Only
X-Wa
X-Request-Start
X-Srv
X-Bc-Bl
CACHE
X-Forwarded-Site
Geoip-Latitude
Source
GeoIp-Country-Code
X-Newrelic-Synthetics
Memcached
X-LI-Proto
X-B3-Spanid
X-Via-NSCOPI
Surrogated-Key
X-Proxy-Upstream
X-Error
X-FireWall-Protection
LB
X-HS-Status
FSS-Cache
X-Req
X-Varnish-Cacheable
Mail-Subject
X-Date
X-Accel-Expires-Debug
X-Vcl-Version
We-Hiring
X-VC-Cache
X-Esi
Upgrade-Insecure-Requests
X-VHOST
Hostname
X-Sigma
X-Viewer-Country
Env
X-PJAX-URL
X-VCL-Version
X-RateLimit-Remaining-Second
Resin-Trace
X-Rocket-Build-Number
X-Response-By
Server-Ttl
X-Air-Source
X-RateLimit-Limit-Second
X-Sigma-Backend
X-Li-Proto
X-Geo
X-HOST
Xkeyi7
X-Cache-Ttl
X-Hcs-Proxy-Type
X-App
X-ZONE
GeoIP-Latitude
X-Men
Request-ID
X-MSEdge-Flight
X-CCDN-Origin-Time
GeoIP-Country-Code
Time
X-HostName
Memory
X-Proxy-Cachei7
X-MSEdge-Features
X-CCDN-CacheTTL
X-LiteSpeed-Cache-Control
X-TIM-N
X-BBXSRF
N-Cache
CF-Cached-On
HitType
X-RPM
X-Mg-Request-UUID
X-DSS
X-DI
X-DB
X-RSL
X-WA
X-RPS
X-DW
X-APP
X-RAMCache
X-Zone
X-Cache-2
CPC-Age
X-ServedByHost
CPC-Cache
VNS-Age
X-Cs
VNS-Cache
XServer
X-Cc-Req-Id
X-Cc-Via
Server-Id
X-Air-Trace-Id
D-Cc-Upstream
State
My-App
Fastcgi-Cache-TTL
X-Svr
X-Action
X-Varnish-Authentication
X-UA
ProcessTime
S-Rt
X-Cache-ASPX
X-Contensis-Viewer-Groups
X-Minions-Version
Mime-Version
X-Region-Sid
X-Oss-Cdn-Auth
X-FPC
X-Swift-Error
X-Provided-By
X-Dynatrace-Js-Agent
X-Cache-Type
X-Origin-Time
X-FORWARDED-FOR
X-Server-IP
Cache-Provider
X-Depends-On
X-API-Version
X-Fpc
X-Gdpr
X-CF-Powered-By
W
X-Nyt-Route
X-Cache-Config
Srv
Cteonnt-Length
X-Cdn-Request-ID
X-Cache-Remote
CDN
X-UnsetCookies
X-TIME
X-BACKEND-TTL
X-CSRF-TOKEN
Cross-Origin-Window-Policy
X-URL
X-Erf-Stays-Bingo-Pdp-Web
Ohc-File-Size
X-Dw-Trace-Id
X-Sucuri-Cache
OT-Force-Account-Verify
X-ServerName
X-Xrds-Location
X-Client-Ip
X-Akamai-Pragma-Client-IP
X-Tenant
X-VC
Cdn
X-Flog
X-Hello
X-SN
X-NodeID
X-ND-Cache
X-Check-Cacheable
X-Orig-Expires
X-Forwarded-Path
X-ABtesting
X-Shop-Environment
X-Fastly-Request-Id
X-Parent-Response-Time
Proxy-Connection
Ohc-Cache-HIT
X-Ftr-Cache-Host
X-NGINX-Cache
X-SD-PageType
X-Pf-Uncompressing
X-Pad
X-Presslabs-Stats
X-Snapshot-Date
X-Cluster-Node
Vha6-Origin
WZWS-RAY
X-Oracle-DMS-ECID
X-Fastly-Backend-Reqs
Cf-Ipcountry
X-BBC-Edge-Cache-Status
Media-Length
Dnion-Transfer-Encoding
X-SB
X-Webstats-RespID
X-Host-Name
X-Via-PopV
X-Ftr-Request-Id
X-Via-PopH
X-LiteSpeed-Tag
X-Varnish-URL
X-ElasticPress-Search
Epwk-X-Cache
X-Traceid
Datacenter
PICS-Label
X-Air-Pt
X-Via-PopN
X-Acquia-Site
X-Cache-Tag
X-Acquia-Purge-Tags
Warning
X-Acquia-Application-Trace
X-Acquia-Application-UUID
X-Request-URL
X-Yottaa-OS
X-Ms-Meta-Staticbatchstarttime
X-Ms-Meta-Originalurl
X-MiniProfiler-Ids
X-Conf
X-IN-APIGATEWAY
X-Render-Time
X-IN-APIGATEWAYSSL
X-Akamai-ERPolicy
X-Akamai-ERRuleID
EpKe-Alive
Xet-Cookie
X-Pjax-Url
X-Lb-Id
X-Varnish-Beresp-TTL
X-Vcache
X-BBC-Origin-Response-Status
CountryCode
Phost
X-Tid
URI
X-Amz-Meta-Cb-Modifiedtime
Inserted-Into-Cache-At
X-C
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-Redis-Count
X-Redis-Duration-Ms
NnCoection
Ohc-Response-Time
X-Apw-Access-Token
X-Apw-Access-Object
X-Apw-Access-Action
Content-Style-Type
X-Apw-Hits
X-Cache-Status-Check
X-B3-Parentspanid
X-Litespeed-Cache-Control
X-Mg-Request-Id
Content-Script-Type
Environment