Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-RAY
CF-Cache-Status
X-XSS-Protection
Accept-Ranges
Link
Pragma
ETag
Expect-CT
X-Powered-By
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
Alt-Svc
X-UA-Compatible
X-Served-By
X-Timer
X-Request-Id
X-Download-Options
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-Runtime
X-AspNet-Version
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Permitted-Cross-Domain-Policies
X-Check
X-Xss-Protection
X-Cache-Status
X-Generator
X-DNS-Prefetch-Control
X-Cacheable
Timing-Allow-Origin
X-Content-Security-Policy
X-Ua-Compatible
X-Iinfo
Content-Encoding
X-CDN
X-Request-ID
Feature-Policy
X-AspNetMvc-Version
Status
X-Envoy-Upstream-Service-Time
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
Upgrade
Access-Control-Max-Age
X-Via
Keep-Alive
X-Ws-Request-Id
X-Age
X-AH-Environment
X-Robots-Tag
X-Turbo-Charged-By
EagleId
Request-Context
X-Cache-Group
X-Proxy-Cache
Server-Timing
X-Server
X-Backend
X-Hacker
Host-Header
X-Server-Powered-By
Report-To
X-Amz-Request-Id
X-Nginx-Cache-Status
Grace
X-Amz-Id-2
X-UA-Device
X-Dns-Prefetch-Control
X-Rq
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-LiteSpeed-Cache
X-Page-Speed
Cf-Railgun
X-Pingback
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Device
X-CST
X-Amz-Version-Id
NEL
X-OneAgent-JS-Injection
X-Cache-Spec
X-Vhost
X-WebKit-CSP
Allow
X-Host
X-Backend-Server
X-Server-Id
X-ASPNET-VERSION
Xkey
X-Dispatcher
EagleEye-TraceId
Surrogate-Control
X-Node
Request-Id
X-Response-Time
Content-Location
X-Akam-SW-Version
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Accept-CH
P3p
X-Cache-Lookup
X-Application-Context
X-Country
X-Ac
X-Ruxit-JS-Agent
X-Mod-Pagespeed
X-Cloud-Trace-Context
X-Template
Accept-Ch-Lifetime
X-Readtime
X-Language
Accept-CH-Lifetime
X-B3-TraceId
MS-Author-Via
Accept-Ch
X-Url
Rating
X-HW
X-Cnection
X-MS-InvokeApp
X-Origin-Cache
X-PC
X-TtlSet
X-Vname
Edge-Control
X-Clacks-Overhead
X-GitHub-Request-Id
X-Trace
X-ESI
X-Content-Type
X-Oneagent-Js-Injection
Pagespeed
Response
Display
X-Middleton-Response
X-Middleton-Display
X-Sol
X-D2id
Verso
Arr-Disable-Session-Affinity
X-ORACLE-DMS-RID
X-GoogleNews-Bot
X-Exp-Id
X-Cdn-Fetch
X-Kinja-Revision
X-Use-Magma
X-Kinja-Server
X-Kinja-Build
X-Kinja
X-Exp-Variant
X-Varnish-TTL
X-ORACLE-DMS-ECID
X-Goog-Hash
X-Vcap-Request-Id
X-Country-Code
X-Powered-By-Plesk
X-Rack-Cache
X-Navigation-Version
X-VARITI-CCR
Service-Worker-Allowed
X-Server-Name
X-Amz-Rid
X-Fastly-Request-ID
X-Abt-Application-Version
Fastly-Restarts
X-Client-IP
X-Buckets
X-Cached
X-Cache-TTL
X-FastCGI-Cache
X-TTL
X-MSEdge-Ref
X-Release
X-Element-Page-Cache
X-Dw-Request-Base-Id
X-NF-Request-ID
SPRequestGuid
X-Webkit-CSP
X-SharePointHealthScore
X-B3-TraceId-Primal
Mrf-Cache-Status
MRF-Tech
Public-Key-Pins
Access-Control-Request-Method
SPRequestDuration
SPIisLatency
RTSS
Cache-Tag
X-Pinterest-Rid
Pinterest-Version
Pinterest-Generated-By
X-Edge
Ar-Sid
AR-ATIME
AR-CACHE
AR-PoweredBy
AR-Request-ID
X-Ezoic-Cdn
X-Powered-CMS
X-LLID
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Upstream
X-Ruxit-Js-Agent
X-Version
Content-MD5
X-Ttl
S
X-HP-Webp
X-Jurisdiction
X-Recruiting
X-Mid
X-MCACHE
X-ECACHE
X-Origin-Upstream-Status
Charset
X-DynaTrace
X-Kinsta-Cache
X-Mg-S
X-PressLabs-Stats
Fusion-Source
Fusion-Deployment-Id
Fusion-Content-Id
Fusion-Template-Id
Fusion-Component-Id
Fusion-Content-Source
X-Content-Digest
X-T
X-Px
Cache-Tags
Fastcgi-Cache
X-Accel-Expires
X-Litespeed-Cache
X-Fastcgi-Cache
X-Forwarded-Proto
X-Logged-In
X-Content-Security-Policy-Report-Only
Filters
Server-Node
Edge-Cache-Tag
TCN
TP-Cache
X-Amz-Server-Side-Encryption
TP-L2-Cache
X-Id
MicrosoftSharePointTeamServices
Server-Name
Front-End-Https
X-Correlation-Id
X-Grace
Nginx-Cache
X-Request-Received
X-Request-Processing-Time
X-Forwarded-For
X-Hits
X-Kong-Proxy-Latency
X-XRDS-Location
X-Amzn-Trace-Id
X-Kong-Upstream-Latency
X-Shield-Request-Id
X-B3-Sampled
X-Microsite
X-Request-Handler-Origin-Region
X-Debug
Alternate-Protocol
X-Varnish-Age
X-AppVersion
X-Activity-Id
X-Az
X-HS-Combine-CSS
X-HS-Cache-Config
X-HS-Content-Id
X-HS-Hub-Id
X-Amz-Replication-Status
X-F-Cache
X-Yandex-Sdch-Disable
X-Goog-Generation
X-Origin-Server
X-GUploader-UploadID
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Storage-Class
Surrogate-Key
X-NWS-LOG-UUID
X-Ser
Nel
X-Frontend
X-Rid
X-DIS-Request-ID
Accept-Charset
X-Geo-Country
Host
X-Cache-Age
X-XRDS-LOCATION
Section-Io-Cache
X-Git-Hash
X-Hostname
X-Daa-Tunnel
X-Respond-Thread
X-RateLimit-Remaining
X-VCache
X-Upgrade-Enabled
Access-Control-Allow-Method
X-DataDome
X-Mobile-URL
X-Time
MS-CV
X-Server-ID
X-LB-Cache
X-Source
ServerID
Paypal-Debug-Id
X-Type
X-AOL-HN
X-Seen-By
X-TT
X-Varnish-Backend
Cleartype
X-Cache-Action
X-Whom
Payment
X-Content-Options
Healthy
X-Signature
X-Is-Crawler
X-Aspnet-Duration-Ms
X-B-Cache
X-Request-Guid
X-Route-Name
X-Providence-Cookie
X-Debug-Info
Realpath
X-Cache-Key
X-Flags
X-IPLB-Instance
X-App-Environment
X-Page-Id
X-Load-Cache
Cache
X-WebKit-CSP-Report-Only
X-Contextid
X-N
X-Jobs
Fastcgi-Useragent
X-FB-Debug
X-Webkit-Csp
X-FTR-Request-ID
X-Pinterest-Direct
X-Browser-Type
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Mobile
Node
X-Rule
Refresh
X-Cache-Expired-At
X-Response-Served-From
X-Accel-Buffering
X-Original-Request-Id
X-RTag
DC
Ms-Operation-Id
Referer-Policy
Version
Access-Control-Request-Headers
X-Framework
Powered-By-ChinaCache
X-Cacheable-TTL
X-Content-Powered-By
Viewport
X-Cluster-Name
X-Drupal-Cache-Tags
X-Zen-Fury
X-ProcessESI
X-FireWall-Port
X-Instance
X-B
X-Wix-Request-Id
X-RemovedCookies
X-Proxy
X-UUID
X-Real-IP
X-HTML-Minification-Powered-By
VIX-Pulpo-Node
X-Tt-Trace-Tag
X-Distributor
X-IPS-LoggedIn
VIX-Pulpo-Upstream-Status
X-Cache-Control
X-Tt-Trace-Host
X-Region
Eomportal-Instance
X-Cache-Time
X-Page-View
X-Drupal-Cache-Contexts
Countrycode
X-Via-JSL
X-FW-Hash
X-FW-Server
X-FW-Type
X-FW-Dynamic
X-FW-Static
X-FW-Serve
X-Cached-By
X-Cache-Rule
X-Cache-Operation
X-G
Liferay-Portal
X-Debug-IsConnected
X-Debug-IsPreview
X-Tumblr-Pixel-0
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Tumblr-User
X-Tumblr-Pixel
X-Tumblr-Pixel-1
X-Nginx-Cache
X-App-Server
X-Tec-Api-Origin
X-Tec-Api-Version
X-Cache-Hit
X-Tec-Api-Root
X-Akamai-Edgescape
X-L-Path
X-Pass-Why
X-Environment-Context
X-Www-Served-By
X-Protected-By
SRV
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
Section-Io-Id
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
Xserver
Server-Info
DynaTrace
CF-IPCountry
X-Device-Type
X-User-Agent
X-Varnish-Grace
X-Tumblr-Pixel-2
Webserver
From-Origin
X-Adobe-Content
X-Adobe-Loc
X-Mode
GEO-INFO
Ec-Rule-Version
Retry-After
X-RN-RSRV
Meta-Geo
X-UPSTREAM-Address
X-Varnish-Server
X-Handled-By
X-ES-SERVER
X-Hl-Ver
Cache-Status
X-Endurance-Cache-Level
Frame-Options
X-MP-GENERATED-AT
X-Varnish-Ttl
X-Uri
X-Backend-Name
Cache-Tv-Group
Decoy-Debug-Key
X-FB-TRIP-ID
X-Varnishpool
X-Soup
X-Storage
Decoy-Debug-Status
Apigw-Requestid
Country
Webcakes-App-Name
X-Format
X-Human
X-Labrador-Cache-Channel
X-Section
X-Cache-Server
X-Access
Decoy-Debug-TTL
X-OCL
X-Origin-Hint
X-Pubstack
X-Request-Time
X-ProxyCache-Status
X-ProxyCache-Key
X-PCL
X-PHP-Host
Webcakes-Region
X-BYPASS-REASON
TWC-Device-Class
TWC-Connection-Speed
Property-Id
Webcakes-App-Version
TWC-GeoIP-LatLong
TWC-GeoIP-Country
Fastly-SSL
TWC-Privacy
TWC-Locale-Group
X-Proxy-Build
Azure-Version
Selected-Fe
X-Redis-Cache
Azure-SlotName
X-R9-Blue-Green-Version
X-No-Session
X-S-Maxage
X-ApacheServer
X-Timing-Wait
X-LAGOON
Azure-InstanceId
Azure-SiteName
Azure-RegionName
X-PERF
X-Via-Fastly
X-WA-Info
X-Be
X-NYM-Debug-Backend
X-Info
X-UA-Device-Type
X-Proto
Mn-Server-Ip
X-Origin-Date
Protected
X-Say-Cacheable
X-SayCDN-TTL
X-Server-W
X-LJ-Flow-ID
X-Proxied
X-Cache-TTL-Remaining
X-Web-Node
X-Sql-Count
X-AWS-Id
X-Say-TTL
X-Sql-Duration-Ms
Cache-Name
X-Zipkin-Id
X-Xfnlog-Site
X-Status
X-Routing-Service
X-VWS-Id
X-ShopId
X-Site-Version
X-Loop
X-Hyper-Cache
X-Shopify-Stage
X-Hosted-By
X-ShardId
X-Alternate-Cache-Key
X-Ratelimit-Limit
X-TNCMS
X-Sorting-Hat-ShopId
X-Locale
X-Sorting-Hat-PodId
X-GG-Cache-Date
X-Storefront-Renderer-Rendered
X-Proxy-Cache-Status
X-TA-CDN-Provider
X-Cache-Enabled
X-Is-Bot
X-Rendered-As
Uber-Trace-Id
AMP-Access-Control-Allow-Source-Origin
X-FW-Version
X-Microcachable
X-NWS-UUID-VERIFY
X-Content-Age
X-TT-LOGID
X-Cluster
S-Cnection
X-AIR-PT
X-Cache-Grace
X-Forwarded-Host
X-Qloud-Router
X-Node-Name
X-Revision
X-Azure-Ref
X-CCM
X-SRV
X-Dc
X-Backend-Host
X-Platform
X-Via-CDN
Cache-Hits
Amp-Access-Control-Allow-Source-Origin
Akamai-GRN
X-Aspnetmvc-Version
X-CSRF-Token
X-App-Version
X-Trace-Id
X-ATG-Version
X-EdgeConnect-Cache-Status
ServedBy
X-Cache-NGX
X-Cache-PHP
X-Detected-As
X-Cache-Host
X-RCS-CacheZone
X-Varnish-Hostname
X-Debug-Cache
X-Amzn-RequestId
X-B3-SpanId
X-Amz-Apigw-Id
X-Amzn-Remapped-Content-Length
X-CS
X-Ratelimit-Remaining
DB-Nickname
X-Akamai-Transformed
X-Oss-Hash-Crc64ecma
X-Oss-Request-Id
X-Oss-Server-Time
X-Oss-Storage-Class
X-Oss-Object-Type
X-CACHE-KEY
X-Country-Code-Real
X-FTR-Realm
X-Nc
X-ID
SD-X-WS
X-FTR-DC
X-FTR-Cache-Status
X-FTR-Backend
X-FTR-Balancer
X-FTR-Backend-Server
X-Correlation-ID
X-BCube-Filmed-By
Who
Country-Code
X-Amz-Meta-S3cmd-Attrs
X-Adobe-Source
X-TX-ID
X-RateLimit-Limit
HostName
X-Time-Microsecs
X-Ms-Version
Backend
X-Ms-Request-Id
X-NAPM-TraceId
X-Location
X-Origin-CC
X-Origin-TTL
X-Varnish-Beresp-Grace
X-Generated-On
X-Level-Front-Cache
X-From
X-Vtex-Remote-Cache
X-Generation-Time
X-Varnish-Cache-Hits
X-Vtex-Processado-Em
BehaviorPad-Version
X-Destination
X-A-Dam
X-A-Dcw
X-A-Ccd
X-A
T-Server
X-A-Dgt
X-A-Wwc
X-ARC
X-B-Cookie
X-Application
X-Aed
X-Cache-NE
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-D
Machine
Fastcgi-X-Cache-Version
Expiry
DCR-Processing-Time-Ms
MD5-Digest
Meta-Geo-Continent
Rendered-Blocks
Odigeo-Trace-Id
Mobile-Detection-Method
X-Connection-Hash
DCR-Decision-By
X-External-Request-Id
X-Request-UUID
X-Session-Fingerprint
X-Vdms-Path
X-VG-WebServer
X-Processor
X-Vdms-Version
X-Rewrite-Enabled
X-S-Cookie
X-VG-WebCache
X-S
X-ScT
X-Rojux
X-PBS-Appsvrname
X-SRCache-Key
X-Trv-Group
X-Backend-TTL
X-ServerID
X-Owner
X-PAYTM-SRV-ID
X-Unique-Id
Fastly-Backend-Name
Wxu-Next-Hostname
X-Swa-Ws
X-Cache-Info
X-Thanos
X-Core-Value
Host-ID
Gh-Request-Id
X-Air-Hostname
X-DynaTrace-JS-Agent
Cache-Host
X-Bip
AKAMAI
X-Device-Os
X-OVcl-Cache
X-Developers
X-Cache-Bucket
X-Tumblr-Pixel-3
Magicmarker
V-Age
Server-Host
X-Varnish-Beresp-Ttl
Xc-Version
Ssr
Thinkindot-Control
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
Release
Path
Wxu-Next-Region
X-TrackingId
Wxu-Next-Commit
X-Cms-Context
X-Thinkindot-L3
Pagetype
On-Server
UCS
Content-Disposition
X-Micro-Cache
X-Unique-ID
X-HS-Content-Campaign-Id
X-Irp-Debug
X-Fetched-On
Tracecode
X-Fastly-Cache
X-Mvc-Supplant-Cachable
X-B3-Traceid
X-OVcl
Filterid
X-GeoIP-City
X-Geo-Header
X-Magnolia-Registration
X-Reqid
X-Generated-In
X-Policy
X-APP-VERSION
X-FTR-Expires
X-Tb
X-EC-Lua
X-GEO
X-NewRelic-App-Data
X-Varnish-Beresp-Status
User-Cache-Control
X-SVT-ORM-RULES
Server-Ext
X-User
X-SVT-ORM-VERSION
Sever-Int
X-Azure-Ref-OriginShield
Server-Hostname
Cf-Device-Type
PFcat
X-Block-Status
X-Request-Host
X-Clara-WADP
X-Wikidot-Static-Cache
X-Origin-Response-Time
X-Gzip
X-CGP
X-Backend-State
X-Hnp-Log
Vix-Hermes-Req-Id
Arc-Version
X-Request-URI
Web-Mar-Node
X-Origin
X-Nginx-Cache-Key
X-Method
X-Old-Content-Length
X-Ratelimit-Reset
True-Client-Country-4JS
X-IP
X-Cache-Debug
X-Sucuri-ID
X-Cache-Id
X-VarnishDD-TTL
PB-RID
PB-PID
X-HN
NGX
CDN-CachedAt
CDN-Cache
CDCHOST
CacheControlHeader
CDN-EdgeStorageId
CDN-PullZone
Cf-Bgj
CDN-Uid
CDN-RequestId
CDN-RequestCountryCode
X-Is-Gdpr
C-Via
X-Envoy-Decorator-Operation
X-FC-Vary-Parameters
X-Esi-Check
X-Has-Esi
X-WADP-Cache
Apple-News-Services-Handled
X-Scheme
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Origin
X-JWT-State
Location
X-Wikidot-Backend
L5d-Success-Class
X-Gen-Mode
Locid
X-Generated-By
X-Cdn-Forward
X-Eu-Site
X-Skip-Cache
X-Csrf-Jwt
L
X-Fmm-Version
X-Developer
X-Varnish-Hits
X-VG-TLSProxy
DSUID
Ha-Gx-Prefs
HA-Ipaddr
X-GeoIP
Fastly-SIE
X-Branch-Name
X-Slack-Backend
X-Goog-Meta-Goog-Reserved-File-Mtime
X-LB-ID
Adler-Geo
X-Dispatcher-Server
X-Gamma-Serve
X-Var-Ttl
NM-Fastcgi-Cache
X-Li-Fabric
X-Li-Pop
X-LI-UUID
X-Node-Id
X-GoCache-CacheStatus
X-Fastly-Backend
Esi-Enabled
X-DefHash
X-DPWN-IS-SECURE
X-Epic-Correlation-Id
X-NU-AKA-ACS-Version
X-Origin-Expires
X-Varnish-CookieHashed-On
X-Varnish-CookieINHashed-On
X-Varnish-Remaining-TTL
X-VServer
X-Variation
X-SIPLIST1
Fastly-SWR
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
Fastly-Drupal-HTML
X-Platform-Server
IsBot
Platform
Is-Eu
X-Cache-Tags
X-DefElseHash
X-Aicache-OS
X-Clientip
X-Cache-Var
X-Cache-Var-Map
X-Loc
X-Hash
X-Mvc-Supplant-OutputCached
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
Rt-Fastcgi-Cache
SR-User-Adfree
Instruction
X-Varnish-Url
X-Via-Popv
X-CUA
X-Via-Popn
X-Via-Poph
NGB
Pics-Label
Geo-Info
X-Matched-Rule
Cmsid
Req-Svc-Chain
X-Refresh
X-PF-Uncompressing
Lfy
Url
Cmstype
X-Servername
Svr
CloudFront-Viewer-Country
X-Cache-Expires
X-Served-From
X-Cache-Backend
Sid
X-NCache
X-Sn-Servicetimems
Viewtype
VivaBuild
X-Cdn-Origin
X-Esi
Kp-EeAlive
A
Pramga
X-Core-Mission
M-TraceId
X-Tb-Optimization-Total-Bytes-Saved
X-TraceId
X-Cache-Date
X-Vgn-Hpd-Reason
Cache-Key
MIME-Version
Arc-Country
X-Srv
Cross-Origin-Opener-Policy
X-DC
TDXMobile
X-CLOUD-TRACE-CONTEXT
Server-ID
SID
X-Request-Start
Source
X-SaId
X-JoinUs
X-NGENIX-Cache
X-PHP-Backend
X-Webkit-CSP-Report-Only
X-Edge-Location
X-Kraken-Routeconfig-Destination
X-Server-Lifecycle-Phase
X-Servedbyhost
X-Instrumentation
X-Edge-Location-Klb
X-FireWall-Protection
X-Error
X-Kraken-Loop-Name
DataCenter
X-NC
Tcn
Content-Secure-Policy
X-Varnish-Cacheable
X-Vc
X-Service
X-Wa
X-CDN-Forward
NtCoent-Length
X-Extlb
X-B3-Spanid
X-Vcl-Version
X-Air-Source
Geoip-Latitude
GeoIp-Country-Code
X-Internal-Host
X-Response-By
X-HS-Status
X-Geo
FSS-Cache
X-Forwarded-Site
Xkeyi7
X-Bc-Bl
X-LI-Proto
X-Proxy-Cachei7
CACHE
N-Cache
Server-Ttl
X-BBXSRF
HitType
Resin-Trace
X-Via-NSCOPI
X-HOST
X-LiteSpeed-Cache-Control
Hostname
X-Cache-2
X-PJAX-URL
X-CCDN-CacheTTL
Request-ID
XServer
X-VCL-Version
X-CCDN-Origin-Time
X-Hcs-Proxy-Type
X-Proxy-Upstream
X-RAMCache
X-Accel-Expires-Debug
X-Viewer-Country
Surrogated-Key
We-Hiring
Mail-Subject
X-Req
LB
X-Date
X-Li-Proto
S-Rt
X-DB
Env
X-Newrelic-Synthetics
Memcached
X-RSL
X-RateLimit-Limit-Second
X-TIM-N
X-RateLimit-Remaining-Second
X-RPS
X-Varnish-Authentication
X-DSS
X-VC-Cache
X-DW
X-DI
X-RPM
X-Cache-ASPX
X-Svr
D-Cc-Upstream
X-Contensis-Viewer-Groups
X-Cc-Req-Id
X-Cc-Via
Upgrade-Insecure-Requests
X-Cache-Remote
X-FORWARDED-FOR
X-APP
X-Men
X-UA
X-WA
Cteonnt-Length
X-App
X-Cs
GeoIP-Latitude
GeoIP-Country-Code
ProcessTime
X-Sigma-Backend
X-MSEdge-Features
X-MSEdge-Flight
X-Sigma
X-Action
X-Server-IP
Ohc-File-Size
X-Rocket-Build-Number
X-ServedByHost
X-Air-Trace-Id
CF-Cached-On
Cross-Origin-Window-Policy
X-ZONE
X-Sucuri-Cache
X-Dynatrace-Js-Agent
X-Erf-Stays-Bingo-Pdp-Web
X-Zone
X-TIME
X-HostName
X-Origin-Time
CPC-Cache
X-FPC
X-Oss-Cdn-Auth
X-API-Version
X-Nyt-Route
Time
X-Cache-Config
X-Fpc
X-Region-Sid
Server-Id
VNS-Age
CPC-Age
VNS-Cache
X-Gdpr
X-CF-Powered-By
Memory
X-Provided-By
X-Swift-Error
X-CSRF-TOKEN
X-Host-Name
X-Depends-On
Cache-Provider
X-NodeID
X-SN
X-Check-Cacheable
X-VC
Mime-Version
W
Srv
X-Cdn-Request-ID
Ohc-Cache-HIT
X-Webstats-RespID
CDN
X-UnsetCookies
My-App
X-SB
Fastcgi-Cache-TTL
X-Dw-Trace-Id
X-Ftr-Cache-Host
X-SD-PageType
X-BACKEND-TTL
State
X-Client-Ip
X-Akamai-Pragma-Client-IP
X-ServerName
X-Fastly-Request-Id
X-Fastly-Backend-Reqs
X-Minions-Version
X-Flog
X-Hello
X-ABtesting
X-Mg-Request-UUID
Proxy-Connection
X-BBC-Edge-Cache-Status
X-Parent-Response-Time
X-Pf-Uncompressing
Cdn
EpKe-Alive
X-Pad
Vha6-Origin
X-Oracle-DMS-ECID
Media-Length
X-Presslabs-Stats
X-Snapshot-Date
Dnion-Transfer-Encoding
X-NGINX-Cache
Cf-Ipcountry
X-Render-Time
X-Cache-Tag
Epwk-X-Cache
PICS-Label
X-ElasticPress-Search
OT-Force-Account-Verify
X-Acquia-Purge-Tags
X-Cache-Type
X-Acquia-Site
X-LiteSpeed-Tag
X-Acquia-Application-UUID
X-Acquia-Application-Trace
X-Via-PopN
X-Via-PopV
X-Via-PopH
X-Akamai-ERPolicy
X-Worker
X-Akamai-ERRuleID
X-Varnish-URL
X-Request-URL
X-ND-Cache
X-Orig-Expires
X-Shop-Environment
X-Tenant
X-Forwarded-Path
Warning
X-Varnish-Beresp-TTL
X-Traceid
X-BBC-Origin-Response-Status
X-Vcache
X-MiniProfiler-Ids
X-Ms-Meta-Staticbatchstarttime
X-ElasticPress-Query
X-Lb-Id
Xet-Cookie
X-Cluster-Node
X-Auto-Login
X-Ms-Meta-Originalurl
Processtime
X-Tx-Id
X-Air-Pt
X-Ua
CountryCode
X-Cache-Status-Check
X-Yottaa-OS
X-Apw-Access-Token
X-Apw-Hits
X-Mg-Request-Id
Datacenter
Ohc-Response-Time
X-Ftr-Request-Id
X-Apw-Access-Object
WZWS-RAY
Phost
Content-Style-Type
Environment
X-Tid
X-Debug-Cache-Store
X-Redis-Count
X-Redis-Duration-Ms
URI
Inserted-Into-Cache-At
X-Debug-Cache-Fetch
X-Amz-Meta-Cb-Modifiedtime
Content-Script-Type
X-Storefront-Renderer-Verified
X-Litespeed-Cache-Control
X-FTR-Cache-Host
NnCoection
X-B3-Parentspanid
X-Apw-Access-Action