Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-RAY
CF-Cache-Status
X-XSS-Protection
Accept-Ranges
Link
Pragma
ETag
Expect-CT
X-Powered-By
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
Alt-Svc
X-UA-Compatible
X-Served-By
X-Timer
X-Request-Id
X-Download-Options
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-Runtime
X-AspNet-Version
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Permitted-Cross-Domain-Policies
X-Check
X-Xss-Protection
X-Cache-Status
X-Generator
X-Cacheable
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Content-Security-Policy
X-FRAME-OPTIONS
X-Iinfo
X-Ua-Compatible
Content-Encoding
X-CDN
Feature-Policy
X-AspNetMvc-Version
Status
X-Request-ID
X-Envoy-Upstream-Service-Time
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
Upgrade
Access-Control-Max-Age
X-Via
Keep-Alive
X-Ws-Request-Id
X-Age
X-AH-Environment
X-Robots-Tag
X-Turbo-Charged-By
EagleId
Request-Context
X-Cache-Group
X-Proxy-Cache
Server-Timing
X-Server
X-Backend
X-Hacker
Host-Header
X-Server-Powered-By
X-Dns-Prefetch-Control
Report-To
X-Amz-Request-Id
X-Nginx-Cache-Status
Grace
X-Amz-Id-2
X-UA-Device
X-Rq
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-LiteSpeed-Cache
X-Page-Speed
Cf-Railgun
X-Pingback
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Device
X-CST
X-OneAgent-JS-Injection
X-Amz-Version-Id
X-Cache-Spec
NEL
Allow
X-Vhost
X-Host
X-WebKit-CSP
X-Backend-Server
X-Server-Id
X-ASPNET-VERSION
X-Dispatcher
EagleEye-TraceId
Xkey
Surrogate-Control
X-Node
Request-Id
X-Response-Time
Content-Location
X-Akam-SW-Version
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
P3p
X-Cache-Lookup
X-Application-Context
X-Country
X-Ac
Accept-Ch-Lifetime
Accept-CH
X-Ruxit-JS-Agent
X-Mod-Pagespeed
X-Cloud-Trace-Context
Accept-Ch
X-Readtime
X-Template
X-Language
X-B3-TraceId
MS-Author-Via
X-HW
Rating
X-Url
Accept-CH-Lifetime
X-Cnection
X-MS-InvokeApp
X-Origin-Cache
X-PC
X-TtlSet
X-Vname
Edge-Control
X-Clacks-Overhead
X-ESI
X-GitHub-Request-Id
X-Trace
X-D2id
Pagespeed
X-Middleton-Response
Response
Display
X-Middleton-Display
X-Sol
X-Content-Type
Verso
Arr-Disable-Session-Affinity
X-ORACLE-DMS-RID
X-Varnish-TTL
X-Oneagent-Js-Injection
X-GoogleNews-Bot
X-Kinja-Build
X-Exp-Variant
X-Exp-Id
X-Cdn-Fetch
X-Kinja-Revision
X-Kinja
X-Use-Magma
X-Kinja-Server
X-ORACLE-DMS-ECID
X-Vcap-Request-Id
X-Goog-Hash
X-Powered-By-Plesk
X-Country-Code
X-Rack-Cache
X-Navigation-Version
X-VARITI-CCR
X-TTL
X-Server-Name
Service-Worker-Allowed
X-Webkit-CSP
X-Amz-Rid
X-Fastly-Request-ID
X-Abt-Application-Version
Fastly-Restarts
X-Client-IP
X-Cached
X-Buckets
X-Cache-TTL
X-MSEdge-Ref
X-Release
X-Element-Page-Cache
X-FastCGI-Cache
X-NF-Request-ID
X-Dw-Request-Base-Id
SPRequestGuid
X-SharePointHealthScore
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
Public-Key-Pins
Access-Control-Request-Method
SPRequestDuration
SPIisLatency
Cache-Tag
RTSS
Pinterest-Generated-By
Pinterest-Version
X-Pinterest-Rid
X-Edge
X-Ruxit-Js-Agent
X-Powered-CMS
X-Ezoic-Cdn
AR-ATIME
Ar-Sid
AR-PoweredBy
AR-CACHE
X-LLID
AR-Request-ID
X-Upstream
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Version
X-HP-Webp
X-Jurisdiction
Content-MD5
S
X-Recruiting
X-ECACHE
X-MCACHE
Charset
X-Mid
X-Origin-Upstream-Status
X-DynaTrace
X-Kinsta-Cache
X-PressLabs-Stats
X-Mg-S
X-T
Fusion-Source
Fusion-Template-Id
Fusion-Content-Id
Fusion-Component-Id
Fusion-Content-Source
Fusion-Deployment-Id
X-Fastcgi-Cache
X-Content-Digest
Cache-Tags
X-Px
X-Ttl
Fastcgi-Cache
X-Accel-Expires
X-Id
X-Forwarded-Proto
X-Logged-In
X-Content-Security-Policy-Report-Only
Filters
Server-Node
X-Litespeed-Cache
Edge-Cache-Tag
X-Amz-Server-Side-Encryption
TP-Cache
Server-Name
MicrosoftSharePointTeamServices
TP-L2-Cache
Front-End-Https
TCN
X-Grace
X-Forwarded-For
X-Request-Received
X-Request-Processing-Time
Nginx-Cache
X-Hits
X-Correlation-Id
X-Amzn-Trace-Id
Nel
X-B3-Sampled
X-Shield-Request-Id
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Microsite
X-Request-Handler-Origin-Region
Alternate-Protocol
X-Debug
X-Az
X-AppVersion
X-Activity-Id
X-Varnish-Age
X-HS-Combine-CSS
X-HS-Cache-Config
X-HS-Hub-Id
X-HS-Content-Id
X-Server-ID
X-F-Cache
X-Amz-Replication-Status
X-Origin-Server
X-Yandex-Sdch-Disable
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-Goog-Stored-Content-Encoding
X-XRDS-Location
Surrogate-Key
X-XRDS-LOCATION
X-Frontend
X-NWS-LOG-UUID
X-Rid
Host
Accept-Charset
X-Ser
X-Cache-Age
Section-Io-Cache
X-DIS-Request-ID
X-Geo-Country
X-Git-Hash
X-Hostname
X-RateLimit-Remaining
X-Time
X-Respond-Thread
X-Daa-Tunnel
X-Upgrade-Enabled
X-VCache
X-Mobile-URL
Access-Control-Allow-Method
X-DataDome
MS-CV
X-Type
ServerID
Paypal-Debug-Id
Realpath
X-LB-Cache
Cleartype
X-Source
X-AOL-HN
X-TT
X-Content-Options
X-Cache-Action
X-Varnish-Backend
Payment
X-IPLB-Instance
Healthy
X-B-Cache
X-Aspnet-Duration-Ms
X-Signature
X-Route-Name
X-Is-Crawler
X-Seen-By
X-Debug-Info
X-Providence-Cookie
X-Whom
X-Request-Guid
X-Flags
X-Page-Id
X-App-Environment
X-Contextid
Cache
X-Load-Cache
X-Cache-Key
X-Jobs
X-N
X-WebKit-CSP-Report-Only
X-FB-Debug
Fastcgi-Useragent
X-FTR-Request-ID
Node
X-Browser-Type
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Mobile
X-Webkit-Csp
X-Pinterest-Direct
X-Rule
X-Cache-Expired-At
Refresh
X-Response-Served-From
X-Original-Request-Id
X-Accel-Buffering
Ms-Operation-Id
DC
Viewport
X-RTag
Version
X-Content-Powered-By
X-Real-IP
X-Instance
X-B
Access-Control-Request-Headers
X-Zen-Fury
X-Cacheable-TTL
X-Cluster-Name
X-HTML-Minification-Powered-By
X-Tec-Api-Origin
X-Tec-Api-Version
X-Tec-Api-Root
Eomportal-Instance
Powered-By-ChinaCache
X-Drupal-Cache-Tags
Referer-Policy
VIX-Pulpo-Node
X-Cache-Control
X-ProcessESI
X-RemovedCookies
X-IPS-LoggedIn
X-UUID
X-Framework
VIX-Pulpo-Upstream-Status
X-Proxy
X-FireWall-Port
X-Distributor
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Cache-Time
X-Region
X-Page-View
Countrycode
X-Wix-Request-Id
X-Drupal-Cache-Contexts
X-Cached-By
X-FW-Dynamic
X-FW-Serve
X-FW-Hash
X-FW-Static
X-FW-Server
X-Cache-Rule
X-Cache-Operation
X-FW-Type
X-Nginx-Cache
X-Via-JSL
Liferay-Portal
Xserver
X-G
X-Www-Served-By
X-Tumblr-Pixel-0
X-Tumblr-User
X-Tumblr-Pixel-1
X-App-Server
X-Debug-IsPreview
X-Debug-IsConnected
X-Tumblr-Pixel
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Akamai-Edgescape
X-L-Path
X-Cache-Hit
X-Environment-Context
X-Protected-By
X-Pass-Why
SRV
Section-Origin-Responded
Section-Io-Origin-Status
Section-Io-Id
Section-Io-Origin-Time-Seconds
DynaTrace
X-Device-Type
X-Varnish-Grace
Server-Info
X-User-Agent
CF-IPCountry
X-Tumblr-Pixel-2
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-Adobe-Content
X-Adobe-Loc
X-Mode
From-Origin
Retry-After
X-Varnish-Server
Webserver
X-RN-RSRV
AMP-Access-Control-Allow-Source-Origin
Frame-Options
Cache-Status
GEO-INFO
X-ES-SERVER
X-Endurance-Cache-Level
X-UPSTREAM-Address
Meta-Geo
X-Hl-Ver
X-Backend-Name
X-Handled-By
Ec-Rule-Version
X-Request-Time
X-Uri
X-Varnishpool
X-Section
Property-Id
Apigw-Requestid
Webcakes-App-Name
TWC-Privacy
X-PCL
TWC-Locale-Group
Webcakes-App-Version
X-OCL
X-ProxyCache-Key
X-BYPASS-REASON
X-Cache-Server
X-Access
Webcakes-Region
TWC-GeoIP-LatLong
TWC-GeoIP-Country
X-Origin-Hint
X-MP-GENERATED-AT
Country
Cache-Tv-Group
X-Pubstack
Fastly-SSL
TWC-Connection-Speed
TWC-Device-Class
X-ProxyCache-Status
X-Format
X-Proxy-Build
X-Human
X-No-Session
X-PERF
X-LJ-Flow-ID
X-Server-W
Decoy-Debug-Status
Decoy-Debug-Key
X-R9-Blue-Green-Version
Decoy-Debug-TTL
Mn-Server-Ip
X-ApacheServer
X-S-Maxage
Selected-Fe
X-AWS-Id
X-Storage
X-Soup
X-FB-TRIP-ID
X-WA-Info
X-Timing-Wait
X-VWS-Id
X-Via-Fastly
Azure-SiteName
Azure-SlotName
X-Info
Azure-Version
Azure-RegionName
Azure-InstanceId
X-LAGOON
X-Xfnlog-Site
Protected
X-Zipkin-Id
X-Be
X-Labrador-Cache-Channel
X-Varnish-Ttl
X-Proto
X-Proxied
X-NYM-Debug-Backend
X-PHP-Host
X-Cache-TTL-Remaining
X-Routing-Service
X-UA-Device-Type
X-Shopify-Stage
X-ShopId
X-Sorting-Hat-ShopId
X-Alternate-Cache-Key
Cache-Name
X-Sql-Duration-Ms
X-Sql-Count
X-Sorting-Hat-PodId
X-Status
X-ShardId
X-Origin-Date
X-Storefront-Renderer-Rendered
X-Say-TTL
X-SayCDN-TTL
X-TNCMS
X-Redis-Cache
X-GG-Cache-Date
X-Locale
X-Say-Cacheable
X-Loop
Uber-Trace-Id
X-Proxy-Cache-Status
X-Hyper-Cache
X-Hosted-By
X-Ratelimit-Limit
X-Site-Version
X-Web-Node
X-Dc
X-Rendered-As
X-Cache-Enabled
X-Is-Bot
X-Content-Age
X-Cluster
X-App-Version
X-Microcachable
X-TA-CDN-Provider
X-FW-Version
S-Cnection
X-NWS-UUID-VERIFY
X-TT-LOGID
X-AIR-PT
X-Qloud-Router
X-Backend-Host
X-Platform
X-Node-Name
X-Cache-Grace
X-Forwarded-Host
X-Azure-Ref
X-CSRF-Token
X-Revision
X-CCM
X-Via-CDN
X-SRV
Cache-Hits
Akamai-GRN
X-Trace-Id
ServedBy
X-Aspnetmvc-Version
X-Cache-NGX
X-Varnish-Hostname
X-EdgeConnect-Cache-Status
X-RCS-CacheZone
X-Cache-PHP
X-ATG-Version
X-Debug-Cache
X-Detected-As
X-Correlation-ID
X-Cache-Host
X-CACHE-KEY
X-Amzn-RequestId
X-B3-SpanId
X-Amzn-Remapped-Content-Length
X-Amz-Apigw-Id
X-CS
DB-Nickname
HostName
Amp-Access-Control-Allow-Source-Origin
X-Nc
X-TX-ID
X-Akamai-Transformed
SD-X-WS
X-FTR-Balancer
X-FTR-Realm
X-RateLimit-Limit
X-FTR-Cache-Status
X-FTR-DC
X-FTR-Backend-Server
X-Ratelimit-Remaining
X-Unique-ID
X-Country-Code-Real
X-FTR-Backend
Who
X-BCube-Filmed-By
X-Adobe-Source
Country-Code
X-Varnish-Beresp-Grace
X-Ms-Request-Id
X-Ms-Version
X-Aed
X-A-Dgt
X-A-Wwc
X-A-Dcw
X-A-Dam
X-A-Ccd
X-A
Machine
DCR-Decision-By
DCR-Processing-Time-Ms
BehaviorPad-Version
X-Varnish-Cache-Hits
X-Oss-Storage-Class
Expiry
Fastcgi-X-Cache-Version
Odigeo-Trace-Id
Rendered-Blocks
Mobile-Detection-Method
Meta-Geo-Continent
MD5-Digest
T-Server
X-Connection-Hash
X-S
X-S-Cookie
X-ScT
X-Rojux
X-Rewrite-Enabled
X-PBS-Appsvrname
X-Processor
X-Request-UUID
X-Session-Fingerprint
X-SRCache-Key
X-VG-WebServer
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
X-VG-WebCache
X-Vdms-Version
X-Trv-Group
X-Vdms-Path
X-PAYTM-SRV-ID
X-Owner
X-CF-Lambda-Version
X-Oss-Server-Time
X-D
X-CF-Lambda-Fn
X-Cache-NE
X-ARC
X-B-Cookie
X-Destination
X-External-Request-Id
X-NAPM-TraceId
X-Origin-CC
X-Origin-TTL
X-Location
X-Level-Front-Cache
X-From
X-Generated-On
X-Application
X-Generation-Time
X-Oss-Object-Type
X-ServerID
X-Oss-Request-Id
X-Amz-Meta-S3cmd-Attrs
X-Oss-Hash-Crc64ecma
X-Time-Microsecs
X-Backend-TTL
X-Varnish-Beresp-Ttl
Backend
Filterid
X-Developers
Wxu-Next-Commit
Ssr
UCS
X-Geo-Header
X-Generated-In
V-Age
X-Cms-Context
X-Varnish-Beresp-Status
X-Cache-Bucket
AKAMAI
X-Bip
Wxu-Next-Region
Cache-Host
CacheControlHeader
X-Core-Value
Content-Disposition
Wxu-Next-Hostname
Server-Host
X-Swa-Ws
Fastly-Backend-Name
X-Reqid
X-Policy
X-Thanos
X-TrackingId
Host-ID
Magicmarker
Gh-Request-Id
X-Tumblr-Pixel-3
X-OVcl
X-OVcl-Cache
Pagetype
On-Server
Path
X-EC-Lua
Thinkindot-CacheControl
Location
Release
L5d-Success-Class
X-Air-Hostname
PFcat
Origin
X-Backend-State
Vix-Hermes-Req-Id
True-Client-Country-4JS
X-Magnolia-Registration
Thinkindot-CacheControl-Type
Thinkindot-Control
NM-Fastcgi-Cache
X-Developer
X-Micro-Cache
X-Mvc-Supplant-Cachable
X-Origin
X-Method
X-Sucuri-ID
X-IP
X-Irp-Debug
X-Ratelimit-Reset
X-Scheme
X-VG-TLSProxy
Xc-Version
X-VarnishDD-TTL
X-Varnish-Hits
X-Thinkindot-L3
X-Var-Ttl
X-HS-Content-Campaign-Id
X-HN
X-Csrf-Jwt
L
X-CGP
Tracecode
X-Cache-Debug
X-Cache-Info
X-Device-Os
X-Dispatcher-Server
X-Fetched-On
X-GeoIP-City
X-Fastly-Cache
X-DynaTrace-JS-Agent
X-Envoy-Decorator-Operation
X-Eu-Site
X-Branch-Name
X-Request-URI
CDN-PullZone
CDN-EdgeStorageId
CDN-CachedAt
CDN-Cache
CDN-RequestCountryCode
CDN-RequestId
X-B3-Traceid
Apple-News-Services-Parsed-Url
Cf-Bgj
CDN-Uid
CDCHOST
Esi-Enabled
Apple-News-Services-Request-Url
Ha-Gx-Prefs
Apple-News-Services-Handled
HA-Ipaddr
Apple-News-Services-Host
User-Cache-Control
X-NewRelic-App-Data
X-FTR-Expires
X-Cache-Id
X-Clara-WADP
X-Block-Status
X-Hash
X-Gzip
X-Gamma-Serve
X-GeoIP
X-Generated-By
X-Hnp-Log
X-Fmm-Version
X-Esi-Check
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Gen-Mode
X-Old-Content-Length
X-FC-Vary-Parameters
X-GoCache-CacheStatus
X-Epic-Correlation-Id
X-Azure-Ref-OriginShield
PB-RID
X-Has-Esi
X-Is-Gdpr
X-LI-UUID
X-Li-Pop
X-Li-Fabric
X-JWT-State
PB-PID
Cf-Device-Type
X-Skip-Cache
X-SVT-ORM-RULES
X-Request-Host
X-Origin-Response-Time
X-Nginx-Cache-Key
X-SVT-ORM-VERSION
X-User
Arc-Version
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-Cdn-Forward
X-LB-ID
X-WADP-Cache
Server-Hostname
Server-Ext
NGX
DSUID
Sever-Int
C-Via
Web-Mar-Node
X-Aicache-OS
Locid
Fastly-Drupal-HTML
X-Unique-Id
X-ID
X-Tb
X-SIPLIST1
X-DPWN-IS-SECURE
Platform
IsBot
X-VServer
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
X-Variation
X-Rebelmouse-Cache-Control
X-Clientip
X-Slack-Backend
X-DefElseHash
X-DefHash
X-Fastly-Backend
X-Node-Id
X-NU-AKA-ACS-Version
X-Rebelmouse-Surrogate-Control
X-GEO
X-Platform-Server
X-Origin-Expires
X-Cache-Tags
X-Varnish-CookieHashed-On
Fastly-SWR
Adler-Geo
Fastly-SIE
Is-Eu
X-Varnish-Url
X-Cache-Var-Map
Geo-Info
X-Cache-Var
X-Mvc-Supplant-OutputCached
Pics-Label
Instruction
Rt-Fastcgi-Cache
X-Planisys-CDN-Rules
X-Via-Popv
X-Loc
X-PF-Uncompressing
X-Via-Popn
SR-User-Adfree
X-Planisys-CDN-Cache
X-Via-Poph
NGB
X-Planisys-CDN-TTL
X-APP-VERSION
Url
Req-Svc-Chain
Cmsid
X-Refresh
Cmstype
X-CUA
Lfy
X-Matched-Rule
Svr
X-Served-From
Kp-EeAlive
X-Servername
Sid
X-Cache-Expires
A
X-Cache-Backend
CloudFront-Viewer-Country
X-Vgn-Hpd-Reason
Pramga
X-NCache
M-TraceId
VivaBuild
Viewtype
X-Sn-Servicetimems
X-Srv
X-Cdn-Origin
X-Webkit-CSP-Report-Only
MIME-Version
X-Cache-Date
X-TraceId
X-Core-Mission
Arc-Country
Cross-Origin-Opener-Policy
X-JoinUs
DataCenter
X-SaId
X-Edge-Location-Klb
X-NGENIX-Cache
X-PHP-Backend
Cache-Key
X-Tb-Optimization-Total-Bytes-Saved
Server-ID
X-Edge-Location
Tcn
SID
X-Request-Start
X-CLOUD-TRACE-CONTEXT
TDXMobile
X-Vc
X-Server-Lifecycle-Phase
X-Instrumentation
X-CDN-Forward
X-Kraken-Loop-Name
X-Kraken-Routeconfig-Destination
X-Servedbyhost
X-Service
X-Geo
X-FireWall-Protection
X-Error
X-DC
Source
X-NC
X-Vcl-Version
GeoIp-Country-Code
X-Wa
X-Varnish-Cacheable
X-Extlb
Content-Secure-Policy
Geoip-Latitude
NtCoent-Length
X-Bc-Bl
FSS-Cache
X-B3-Spanid
X-Internal-Host
X-Air-Source
X-Response-By
X-HS-Status
X-Forwarded-Site
X-LI-Proto
Xkeyi7
X-Esi
X-Proxy-Cachei7
X-VHOST
CACHE
X-Proxy-Upstream
X-Req
X-PJAX-URL
LB
X-Li-Proto
HitType
Memcached
Surrogated-Key
N-Cache
Resin-Trace
Server-Ttl
X-BBXSRF
X-LiteSpeed-Cache-Control
X-HOST
X-RAMCache
X-Newrelic-Synthetics
X-Cache-2
X-CCDN-Origin-Time
X-Viewer-Country
X-CCDN-CacheTTL
Request-ID
X-Hcs-Proxy-Type
Mail-Subject
X-Date
X-Accel-Expires-Debug
X-Via-NSCOPI
We-Hiring
Upgrade-Insecure-Requests
S-Rt
X-Contensis-Viewer-Groups
X-RPM
X-DW
X-DSS
X-RPS
X-DI
X-DB
X-Cc-Req-Id
X-APP
Env
X-Rocket-Build-Number
X-Sigma
X-Sigma-Backend
X-VC-Cache
X-RateLimit-Remaining-Second
X-Cc-Via
X-TIM-N
X-Cache-ASPX
X-RateLimit-Limit-Second
X-RSL
X-VCL-Version
X-Varnish-Authentication
GeoIP-Country-Code
X-Svr
D-Cc-Upstream
GeoIP-Latitude
Hostname
X-Cache-Remote
Cteonnt-Length
X-WA
X-Zone
X-UA
Time
Memory
X-MSEdge-Flight
X-App
X-Cs
X-MSEdge-Features
X-Men
XServer
X-Air-Trace-Id
ProcessTime
X-Action
X-Server-IP
CF-Cached-On
Cross-Origin-Window-Policy
X-ZONE
X-ServedByHost
X-Sucuri-Cache
Ohc-File-Size
X-HostName
X-Erf-Stays-Bingo-Pdp-Web
X-Fpc
X-Oss-Cdn-Auth
X-Origin-Time
X-Cache-Config
X-API-Version
X-FPC
Server-Id
X-Gdpr
X-Region-Sid
X-CF-Powered-By
X-Nyt-Route
X-Provided-By
X-Dynatrace-Js-Agent
X-Host-Name
X-Swift-Error
X-Depends-On
CPC-Age
VNS-Age
Cache-Provider
W
X-Check-Cacheable
X-FORWARDED-FOR
VNS-Cache
State
My-App
X-VC
Mime-Version
Fastcgi-Cache-TTL
CPC-Cache
X-NodeID
X-SN
Ohc-Cache-HIT
X-Cdn-Request-ID
Srv
X-ServerName
X-UnsetCookies
X-CSRF-TOKEN
X-Webstats-RespID
X-Minions-Version
CDN
X-Mg-Request-UUID
X-TIME
X-Ftr-Cache-Host
Proxy-Connection
X-Dw-Trace-Id
X-SB
X-SD-PageType
X-BACKEND-TTL
X-URL
X-Client-Ip
X-Akamai-Pragma-Client-IP
Cf-Ipcountry
X-Xrds-Location
Cdn
X-BBC-Edge-Cache-Status
X-ABtesting
X-Hello
X-Flog
X-Fastly-Request-Id
X-Fastly-Backend-Reqs
X-Parent-Response-Time
X-Cache-Type
Dnion-Transfer-Encoding
Vha6-Origin
OT-Force-Account-Verify
X-Render-Time
X-Pf-Uncompressing
Media-Length
X-Cache-Tag
X-Snapshot-Date
X-Presslabs-Stats
X-NGINX-Cache
X-Pad
X-Oracle-DMS-ECID
EpKe-Alive
PICS-Label
X-Tenant
X-Shop-Environment
X-Orig-Expires
X-ND-Cache
X-Acquia-Purge-Tags
X-Air-Pt
X-Via-PopH
X-Forwarded-Path
X-ElasticPress-Search
X-Acquia-Application-Trace
X-LiteSpeed-Tag
X-Via-PopN
X-Acquia-Application-UUID
X-Acquia-Site
X-Via-PopV
Epwk-X-Cache
X-Akamai-ERRuleID
X-Vcache
X-Worker
WZWS-RAY
X-MiniProfiler-Ids
X-Varnish-URL
X-Cluster-Node
X-Traceid
X-Akamai-ERPolicy
Xet-Cookie
X-Ms-Meta-Staticbatchstarttime
X-ElasticPress-Query
X-Varnish-Beresp-TTL
Processtime
X-Ms-Meta-Originalurl
X-Lb-Id
X-Auto-Login
X-Request-URL
Warning
X-BBC-Origin-Response-Status
X-Ua
CountryCode
URI
X-Redis-Duration-Ms
X-Mg-Request-Id
NnCoection
X-Cache-Status-Check
X-Ftr-Request-Id
X-Redis-Count
X-Yottaa-OS
X-Storefront-Renderer-Verified
X-FTR-Cache-Host
Environment
X-Apw-Hits
X-Apw-Access-Token
X-Debug-Cache-Fetch
X-Litespeed-Cache-Control
X-Debug-Cache-Store
Inserted-Into-Cache-At
X-Tid
Content-Script-Type
Content-Style-Type
X-Apw-Access-Action
X-Apw-Access-Object
X-B3-Parentspanid
Phost
Ohc-Response-Time
X-Amz-Meta-Cb-Modifiedtime