Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
CF-RAY
Cf-Request-Id
CF-Cache-Status
X-XSS-Protection
Accept-Ranges
Link
Pragma
ETag
Expect-CT
X-Powered-By
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
Alt-Svc
X-UA-Compatible
X-Served-By
X-Timer
X-Request-Id
X-Download-Options
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-Runtime
X-AspNet-Version
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Permitted-Cross-Domain-Policies
X-Check
X-Xss-Protection
X-Cache-Status
X-Generator
X-DNS-Prefetch-Control
X-Cacheable
Timing-Allow-Origin
X-Ua-Compatible
X-Content-Security-Policy
X-Iinfo
Content-Encoding
X-CDN
X-Request-ID
Feature-Policy
X-AspNetMvc-Version
Status
X-Envoy-Upstream-Service-Time
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
Upgrade
Access-Control-Max-Age
X-Via
Keep-Alive
X-Ws-Request-Id
X-Age
X-Robots-Tag
X-AH-Environment
X-Turbo-Charged-By
EagleId
Request-Context
X-Proxy-Cache
X-Cache-Group
Server-Timing
X-Server
X-Backend
X-Hacker
Host-Header
X-Server-Powered-By
Report-To
X-Amz-Request-Id
X-Nginx-Cache-Status
X-Amz-Id-2
Grace
X-UA-Device
X-Dns-Prefetch-Control
X-Rq
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-LiteSpeed-Cache
X-Page-Speed
Cf-Railgun
X-Pingback
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-OneAgent-JS-Injection
X-Device
X-CST
X-Amz-Version-Id
NEL
X-Cache-Spec
X-Vhost
Allow
X-Host
X-Backend-Server
X-WebKit-CSP
X-ASPNET-VERSION
Xkey
X-Server-Id
X-Dispatcher
EagleEye-TraceId
Surrogate-Control
X-Node
Request-Id
X-Response-Time
Content-Location
X-Akam-SW-Version
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
P3p
X-Cache-Lookup
X-Ruxit-JS-Agent
X-Application-Context
Accept-CH
X-Country
X-Ac
Accept-Ch-Lifetime
X-Mod-Pagespeed
X-Cloud-Trace-Context
X-Template
Accept-Ch
X-Readtime
X-Language
X-B3-TraceId
MS-Author-Via
X-Url
Rating
X-HW
Accept-CH-Lifetime
X-Cnection
X-MS-InvokeApp
X-Origin-Cache
X-PC
X-TtlSet
X-Vname
Edge-Control
X-Clacks-Overhead
X-GitHub-Request-Id
X-ESI
X-Trace
X-Middleton-Response
X-Middleton-Display
Response
Display
Pagespeed
X-Content-Type
X-Sol
X-D2id
Arr-Disable-Session-Affinity
Verso
X-ORACLE-DMS-RID
X-Exp-Id
X-Exp-Variant
X-GoogleNews-Bot
X-Kinja
X-Kinja-Build
X-Use-Magma
X-Cdn-Fetch
X-Kinja-Server
X-Kinja-Revision
X-Goog-Hash
X-ORACLE-DMS-ECID
X-Varnish-TTL
X-Country-Code
X-Vcap-Request-Id
X-Powered-By-Plesk
X-Rack-Cache
X-Navigation-Version
X-VARITI-CCR
X-Webkit-CSP
X-Server-Name
X-Oneagent-Js-Injection
Service-Worker-Allowed
X-Amz-Rid
X-Abt-Application-Version
X-Fastly-Request-ID
Fastly-Restarts
X-Client-IP
X-Buckets
X-Cached
X-Cache-TTL
X-TTL
X-Release
X-MSEdge-Ref
X-Element-Page-Cache
X-Dw-Request-Base-Id
X-NF-Request-ID
SPRequestGuid
X-SharePointHealthScore
X-B3-TraceId-Primal
Mrf-Cache-Status
MRF-Tech
X-FastCGI-Cache
Public-Key-Pins
SPRequestDuration
SPIisLatency
Access-Control-Request-Method
RTSS
Cache-Tag
Pinterest-Generated-By
Pinterest-Version
X-Pinterest-Rid
X-Edge
AR-Request-ID
AR-ATIME
AR-CACHE
AR-PoweredBy
Ar-Sid
X-Ezoic-Cdn
X-LLID
X-Powered-CMS
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Upstream
X-Version
Content-MD5
X-Ttl
X-HP-Webp
X-Jurisdiction
S
X-MCACHE
X-ECACHE
X-Mid
X-Recruiting
Charset
X-Origin-Upstream-Status
X-Kinsta-Cache
X-DynaTrace
X-Mg-S
X-Fastcgi-Cache
X-PressLabs-Stats
X-Ruxit-Js-Agent
Fusion-Template-Id
Fusion-Content-Id
Fusion-Component-Id
Fusion-Content-Source
X-Content-Digest
Fusion-Deployment-Id
Fusion-Source
X-Px
X-T
Cache-Tags
Fastcgi-Cache
X-Accel-Expires
X-Litespeed-Cache
X-Forwarded-Proto
X-Id
X-Logged-In
X-Content-Security-Policy-Report-Only
Edge-Cache-Tag
Server-Node
Filters
TP-L2-Cache
TP-Cache
TCN
X-Amz-Server-Side-Encryption
MicrosoftSharePointTeamServices
Server-Name
Front-End-Https
X-Correlation-Id
X-Forwarded-For
X-Grace
Nginx-Cache
X-Request-Received
X-Request-Processing-Time
X-Hits
X-XRDS-Location
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Shield-Request-Id
X-B3-Sampled
X-Amzn-Trace-Id
X-Server-ID
X-Microsite
X-Request-Handler-Origin-Region
Alternate-Protocol
X-Debug
X-AppVersion
X-Activity-Id
X-Az
X-Varnish-Age
X-HS-Content-Id
X-HS-Hub-Id
X-HS-Combine-CSS
X-HS-Cache-Config
X-Amz-Replication-Status
X-F-Cache
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Generation
X-Yandex-Sdch-Disable
X-GUploader-UploadID
X-Goog-Stored-Content-Length
X-Origin-Server
Surrogate-Key
X-NWS-LOG-UUID
X-Frontend
Nel
X-Ser
X-DIS-Request-ID
Accept-Charset
X-Rid
X-Geo-Country
X-Cache-Age
Host
X-XRDS-LOCATION
Section-Io-Cache
X-Git-Hash
X-Hostname
X-Time
X-Respond-Thread
X-RateLimit-Remaining
X-Daa-Tunnel
Access-Control-Allow-Method
X-VCache
X-Upgrade-Enabled
X-DataDome
X-Mobile-URL
MS-CV
X-Source
X-LB-Cache
X-AOL-HN
X-Seen-By
X-Content-Options
X-TT
Cleartype
X-Cache-Action
X-Type
X-Varnish-Backend
X-Whom
Payment
Healthy
Paypal-Debug-Id
X-App-Environment
X-IPLB-Instance
X-Route-Name
X-Is-Crawler
X-Providence-Cookie
X-Flags
X-Request-Guid
X-Debug-Info
X-Aspnet-Duration-Ms
Realpath
X-Cache-Key
X-Signature
X-B-Cache
ServerID
X-Page-Id
Cache
X-Load-Cache
X-Contextid
X-Jobs
X-N
Fastcgi-Useragent
X-FB-Debug
X-WebKit-CSP-Report-Only
X-Webkit-Csp
X-FTR-Request-ID
Node
X-Browser-Type
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Pinterest-Direct
X-Mobile
X-Rule
Refresh
X-Cache-Expired-At
X-Response-Served-From
X-Accel-Buffering
X-Original-Request-Id
Ms-Operation-Id
X-RTag
X-Drupal-Cache-Tags
Referer-Policy
Version
Powered-By-ChinaCache
X-Content-Powered-By
Viewport
X-Cacheable-TTL
X-Zen-Fury
Access-Control-Request-Headers
X-Framework
X-Wix-Request-Id
X-RemovedCookies
X-ProcessESI
X-Real-IP
X-B
X-Cache-Control
DC
X-Cluster-Name
X-UUID
X-HTML-Minification-Powered-By
X-Distributor
X-Proxy
X-Region
X-FireWall-Port
X-Tt-Trace-Tag
X-IPS-LoggedIn
X-Tt-Trace-Host
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Instance
X-Page-View
X-Cache-Time
Eomportal-Instance
X-Drupal-Cache-Contexts
X-Via-JSL
Countrycode
X-Cached-By
X-FW-Type
X-FW-Static
X-FW-Serve
X-FW-Hash
X-FW-Dynamic
X-Cache-Operation
X-Cache-Rule
X-FW-Server
X-G
Liferay-Portal
X-App-Server
X-Debug-IsPreview
X-Nginx-Cache
X-Akamai-Edgescape
X-Debug-IsConnected
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Tec-Api-Origin
X-Cache-Hit
X-Tec-Api-Root
X-Tec-Api-Version
X-Pass-Why
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
X-Tumblr-User
X-L-Path
X-Tumblr-Pixel
Xserver
X-Environment-Context
X-Www-Served-By
SRV
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
Section-Io-Id
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
Section-Io-Origin-Status
X-Protected-By
DynaTrace
Server-Info
X-Device-Type
X-Varnish-Grace
X-User-Agent
CF-IPCountry
From-Origin
GEO-INFO
Webserver
X-Adobe-Loc
X-Adobe-Content
X-Mode
Ec-Rule-Version
Meta-Geo
X-ES-SERVER
X-UPSTREAM-Address
Retry-After
X-Endurance-Cache-Level
X-Tumblr-Pixel-2
Cache-Status
X-RN-RSRV
X-Hl-Ver
Frame-Options
X-Varnish-Ttl
X-Varnish-Server
X-Handled-By
X-Uri
Fastly-SSL
X-OCL
X-PHP-Host
X-ProxyCache-Key
X-MP-GENERATED-AT
X-Labrador-Cache-Channel
X-Backend-Name
X-BYPASS-REASON
X-Human
X-ProxyCache-Status
X-PCL
X-FB-TRIP-ID
Apigw-Requestid
X-Storage
X-Varnishpool
X-Soup
X-Request-Time
Cache-Tv-Group
TWC-Privacy
TWC-Connection-Speed
TWC-Device-Class
TWC-Locale-Group
TWC-GeoIP-Country
TWC-GeoIP-LatLong
Selected-Fe
Decoy-Debug-TTL
Country
Decoy-Debug-Status
Webcakes-App-Name
X-VWS-Id
Decoy-Debug-Key
Property-Id
X-Via-Fastly
X-Cache-Server
X-R9-Blue-Green-Version
X-Pubstack
X-Proxy-Build
X-PERF
X-Redis-Cache
X-S-Maxage
X-Timing-Wait
X-WA-Info
X-Section
X-Origin-Hint
X-No-Session
X-ApacheServer
X-Access
Webcakes-Region
X-AWS-Id
X-UA-Device-Type
X-LJ-Flow-ID
X-LAGOON
X-Format
Webcakes-App-Version
Mn-Server-Ip
X-Info
X-Web-Node
X-NYM-Debug-Backend
Azure-Version
X-Origin-Date
Azure-SlotName
Azure-SiteName
X-Sql-Duration-Ms
X-Say-TTL
X-Be
X-Say-Cacheable
X-SayCDN-TTL
X-Sql-Count
Azure-RegionName
Azure-InstanceId
Cache-Name
X-Zipkin-Id
X-Proxied
X-Xfnlog-Site
X-Status
X-Routing-Service
X-Cache-TTL-Remaining
X-Server-W
X-Storefront-Renderer-Rendered
X-Shopify-Stage
X-Site-Version
X-TNCMS
X-Alternate-Cache-Key
X-ShardId
X-Sorting-Hat-PodId
X-Locale
X-Ratelimit-Limit
X-ShopId
X-Proto
X-Hosted-By
X-Loop
X-Sorting-Hat-ShopId
X-Hyper-Cache
X-GG-Cache-Date
Protected
X-Proxy-Cache-Status
Uber-Trace-Id
AMP-Access-Control-Allow-Source-Origin
X-Is-Bot
X-Rendered-As
X-Cache-Enabled
X-TA-CDN-Provider
X-Microcachable
X-Cluster
X-Content-Age
X-TT-LOGID
X-NWS-UUID-VERIFY
X-FW-Version
S-Cnection
X-Forwarded-Host
X-AIR-PT
X-Cache-Grace
X-App-Version
X-Qloud-Router
X-Dc
X-Azure-Ref
X-Revision
X-CCM
X-Node-Name
X-Platform
X-Backend-Host
X-Via-CDN
X-CSRF-Token
Amp-Access-Control-Allow-Source-Origin
Cache-Hits
X-SRV
X-Aspnetmvc-Version
Akamai-GRN
X-Trace-Id
ServedBy
X-ATG-Version
X-Cache-NGX
X-Detected-As
X-EdgeConnect-Cache-Status
X-Cache-PHP
X-Cache-Host
X-Varnish-Hostname
X-Debug-Cache
X-RCS-CacheZone
X-Amz-Apigw-Id
X-Amzn-Remapped-Content-Length
X-B3-SpanId
X-Amzn-RequestId
X-Ratelimit-Remaining
X-TX-ID
X-CS
SD-X-WS
X-Oss-Hash-Crc64ecma
X-FTR-Backend-Server
X-Country-Code-Real
HostName
DB-Nickname
X-Oss-Storage-Class
X-CACHE-KEY
X-Oss-Object-Type
X-FTR-Realm
X-FTR-DC
X-FTR-Cache-Status
X-Oss-Request-Id
X-FTR-Backend
X-Akamai-Transformed
X-Oss-Server-Time
X-FTR-Balancer
X-BCube-Filmed-By
X-Correlation-ID
X-Nc
Who
Country-Code
X-RateLimit-Limit
X-Time-Microsecs
X-Amz-Meta-S3cmd-Attrs
X-Adobe-Source
Backend
X-Ms-Version
X-Unique-ID
X-Ms-Request-Id
MD5-Digest
X-PBS-Appsvrname
X-PAYTM-SRV-ID
X-Processor
X-Request-UUID
X-Rewrite-Enabled
X-Owner
X-Origin-TTL
X-Generated-On
X-From
X-Level-Front-Cache
X-NAPM-TraceId
X-Origin-CC
X-Rojux
X-S
X-VG-WebCache
X-Vdms-Version
X-VG-WebServer
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
X-Vdms-Path
X-Trv-Group
X-S-Cookie
X-ScT
X-Session-Fingerprint
X-SRCache-Key
X-External-Request-Id
X-Destination
Odigeo-Trace-Id
Mobile-Detection-Method
Rendered-Blocks
T-Server
X-A
Meta-Geo-Continent
Machine
DCR-Decision-By
BehaviorPad-Version
DCR-Processing-Time-Ms
Expiry
Fastcgi-X-Cache-Version
X-A-Dam
X-A-Dcw
X-CF-Lambda-Fn
X-Cache-NE
X-CF-Lambda-Version
X-Connection-Hash
X-D
X-B-Cookie
X-ARC
X-A-Dgt
X-A-Wwc
X-Aed
X-Application
X-Varnish-Beresp-Grace
X-A-Ccd
X-ServerID
Filterid
X-Device-Os
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
Cache-Host
X-Air-Hostname
Thinkindot-Control
Server-Host
X-Generation-Time
X-Magnolia-Registration
X-Generated-In
X-GeoIP-City
UCS
X-Fetched-On
Wxu-Next-Commit
Wxu-Next-Hostname
X-Reqid
X-Varnish-Beresp-Ttl
X-Policy
X-DynaTrace-JS-Agent
X-Fastly-Cache
V-Age
X-Core-Value
Release
X-Irp-Debug
X-HS-Content-Campaign-Id
X-Backend-TTL
X-Cache-Bucket
X-Varnish-Cache-Hits
X-Location
Magicmarker
X-Cache-Info
Xc-Version
Tracecode
Host-ID
X-Micro-Cache
X-TrackingId
X-Thinkindot-L3
X-Thanos
X-Swa-Ws
Path
X-Tumblr-Pixel-3
X-Mvc-Supplant-Cachable
X-B3-Traceid
X-Bip
Pagetype
Wxu-Next-Region
X-Varnish-Beresp-Status
X-EC-Lua
X-NewRelic-App-Data
X-Tb
User-Cache-Control
X-GEO
X-FTR-Expires
On-Server
X-HN
X-Block-Status
Origin
X-Cms-Context
PFcat
X-Gzip
NGX
X-Cache-Debug
X-Cache-Id
X-FC-Vary-Parameters
X-CGP
X-Clara-WADP
X-Backend-State
X-Hnp-Log
X-Branch-Name
NM-Fastcgi-Cache
Server-Ext
X-Esi-Check
X-Envoy-Decorator-Operation
X-Dispatcher-Server
X-Developers
True-Client-Country-4JS
X-Eu-Site
X-Fmm-Version
Web-Mar-Node
Vix-Hermes-Req-Id
X-Gen-Mode
Ssr
X-Wikidot-Static-Cache
Locid
X-GeoIP
Server-Hostname
X-Geo-Header
X-Generated-By
X-Developer
Sever-Int
X-Csrf-Jwt
Ha-Gx-Prefs
X-Azure-Ref-OriginShield
X-OVcl-Cache
X-Ratelimit-Reset
X-Request-Host
X-Sucuri-ID
X-Request-URI
AKAMAI
Apple-News-Services-Host
C-Via
CacheControlHeader
X-OVcl
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
X-Scheme
PB-RID
Arc-Version
X-VarnishDD-TTL
X-VG-TLSProxy
X-WADP-Cache
X-Wikidot-Backend
X-Varnish-Hits
X-Var-Ttl
X-Skip-Cache
PB-PID
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-User
CDCHOST
Apple-News-Services-Handled
X-Method
L
X-Old-Content-Length
X-Cdn-Forward
X-Nginx-Cache-Key
Gh-Request-Id
Esi-Enabled
CDN-Cache
HA-Ipaddr
DSUID
L5d-Success-Class
Content-Disposition
CDN-RequestCountryCode
CDN-RequestId
CDN-PullZone
CDN-EdgeStorageId
CDN-CachedAt
CDN-Uid
Fastly-Backend-Name
X-Origin-Response-Time
Cf-Bgj
Location
X-ID
X-Unique-Id
Fastly-SIE
X-Has-Esi
Adler-Geo
X-GoCache-CacheStatus
X-IP
X-Epic-Correlation-Id
X-Fastly-Backend
Cf-Device-Type
X-Clientip
X-DefElseHash
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Origin
X-Cache-Tags
X-Gamma-Serve
X-LB-ID
X-Hash
X-DefHash
IsBot
Is-Eu
X-Slack-Backend
X-DPWN-IS-SECURE
Platform
Fastly-SWR
X-Node-Id
X-Aicache-OS
X-Is-Gdpr
X-NU-AKA-ACS-Version
X-VServer
X-Variation
X-Origin-Expires
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Platform-Server
X-SIPLIST1
X-Varnish-Remaining-TTL
X-Li-Fabric
X-Varnish-CookieINHashed-On
X-JWT-State
X-LI-UUID
X-Li-Pop
X-Varnish-CookieHashed-On
Fastly-Drupal-HTML
X-Cache-Var
X-Cache-Var-Map
Instruction
X-Mvc-Supplant-OutputCached
Rt-Fastcgi-Cache
SR-User-Adfree
X-Planisys-CDN-Rules
X-Varnish-Url
X-Loc
X-Planisys-CDN-TTL
X-Planisys-CDN-Cache
X-APP-VERSION
Pics-Label
X-Via-Popn
X-CUA
X-Via-Poph
X-Via-Popv
X-PF-Uncompressing
NGB
Geo-Info
Cmsid
Cmstype
X-Refresh
Req-Svc-Chain
Lfy
Url
X-Matched-Rule
X-Servername
Svr
Kp-EeAlive
CloudFront-Viewer-Country
X-Cache-Expires
X-Cache-Backend
X-Served-From
Sid
Viewtype
X-NCache
X-Cdn-Origin
VivaBuild
X-Sn-Servicetimems
Pramga
A
X-Srv
X-Webkit-CSP-Report-Only
X-Vgn-Hpd-Reason
X-Tb-Optimization-Total-Bytes-Saved
M-TraceId
Cache-Key
MIME-Version
X-Cache-Date
X-TraceId
X-Core-Mission
Arc-Country
X-DC
Cross-Origin-Opener-Policy
X-PHP-Backend
X-Request-Start
X-NGENIX-Cache
X-JoinUs
X-CLOUD-TRACE-CONTEXT
Server-ID
TDXMobile
X-SaId
SID
X-Error
X-Servedbyhost
X-Vc
X-FireWall-Protection
X-Edge-Location-Klb
X-Instrumentation
X-Server-Lifecycle-Phase
X-Edge-Location
X-Kraken-Routeconfig-Destination
X-Kraken-Loop-Name
Source
X-NC
DataCenter
X-Varnish-Cacheable
Tcn
Content-Secure-Policy
X-Wa
X-Service
NtCoent-Length
X-Vcl-Version
X-HS-Status
X-CDN-Forward
X-B3-Spanid
GeoIp-Country-Code
X-Internal-Host
X-Air-Source
Geoip-Latitude
X-Extlb
X-Response-By
X-Geo
X-Forwarded-Site
Xkeyi7
X-Bc-Bl
X-Esi
X-LI-Proto
FSS-Cache
X-Proxy-Cachei7
CACHE
X-BBXSRF
N-Cache
Resin-Trace
Server-Ttl
X-Via-NSCOPI
HitType
X-HOST
X-LiteSpeed-Cache-Control
X-Hcs-Proxy-Type
X-CCDN-Origin-Time
X-CCDN-CacheTTL
X-VCL-Version
Mail-Subject
Surrogated-Key
Request-ID
LB
X-Li-Proto
X-Cache-2
We-Hiring
X-Req
X-Proxy-Upstream
X-Date
X-Accel-Expires-Debug
X-RAMCache
Memcached
X-Viewer-Country
S-Rt
X-TIM-N
X-Cache-ASPX
X-Svr
X-Cc-Req-Id
X-Varnish-Authentication
X-Cc-Via
X-RSL
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-PJAX-URL
Env
X-Newrelic-Synthetics
GeoIP-Country-Code
D-Cc-Upstream
X-DSS
X-RPS
X-VC-Cache
X-RPM
X-DB
X-DI
GeoIP-Latitude
X-DW
X-Contensis-Viewer-Groups
Hostname
Upgrade-Insecure-Requests
X-Cache-Remote
X-Sigma-Backend
X-Sigma
X-Cs
Cteonnt-Length
X-Men
X-Rocket-Build-Number
X-App
X-WA
X-UA
X-APP
XServer
CF-Cached-On
X-Action
X-ZONE
X-Air-Trace-Id
X-Sucuri-Cache
ProcessTime
X-ServedByHost
Cross-Origin-Window-Policy
Ohc-File-Size
Time
Memory
X-Server-IP
X-Zone
X-Erf-Stays-Bingo-Pdp-Web
X-HostName
CPC-Cache
X-Fpc
X-Cache-Config
VNS-Cache
X-Oss-Cdn-Auth
X-API-Version
X-Gdpr
VNS-Age
CPC-Age
X-Region-Sid
X-Origin-Time
X-MSEdge-Flight
Server-Id
X-CF-Powered-By
X-FPC
X-MSEdge-Features
X-Nyt-Route
X-Swift-Error
X-Provided-By
X-Host-Name
X-Dynatrace-Js-Agent
X-SN
X-Depends-On
Cache-Provider
X-Check-Cacheable
X-VC
Mime-Version
X-FORWARDED-FOR
X-NodeID
W
Ohc-Cache-HIT
Srv
X-Cdn-Request-ID
CDN
X-UnsetCookies
State
X-TIME
X-BACKEND-TTL
X-Ftr-Cache-Host
X-CSRF-TOKEN
X-Dw-Trace-Id
X-SB
X-Webstats-RespID
X-SD-PageType
X-ServerName
X-Client-Ip
X-Akamai-Pragma-Client-IP
Cf-Ipcountry
My-App
X-Mg-Request-UUID
X-Hello
X-Flog
X-ABtesting
Cdn
X-Fastly-Backend-Reqs
Fastcgi-Cache-TTL
X-Parent-Response-Time
Proxy-Connection
X-Fastly-Request-Id
X-BBC-Edge-Cache-Status
X-Minions-Version
X-Pf-Uncompressing
X-Render-Time
X-Pad
X-NGINX-Cache
EpKe-Alive
Media-Length
X-Snapshot-Date
Dnion-Transfer-Encoding
X-Cache-Tag
X-Oracle-DMS-ECID
Vha6-Origin
X-Presslabs-Stats
PICS-Label
X-Acquia-Application-UUID
X-Acquia-Purge-Tags
Epwk-X-Cache
X-Acquia-Application-Trace
X-Via-PopH
X-Air-Pt
X-LiteSpeed-Tag
OT-Force-Account-Verify
X-Acquia-Site
X-ElasticPress-Search
X-Via-PopN
X-Cache-Type
X-Via-PopV
X-Tenant
X-Orig-Expires
X-Shop-Environment
X-ND-Cache
X-Varnish-URL
Processtime
Warning
X-Forwarded-Path
X-Akamai-ERRuleID
X-Request-URL
X-Vcache
X-BBC-Origin-Response-Status
X-Cluster-Node
X-Ms-Meta-Originalurl
X-Lb-Id
X-Worker
Xet-Cookie
X-Auto-Login
X-MiniProfiler-Ids
X-Akamai-ERPolicy
X-Ms-Meta-Staticbatchstarttime
X-Varnish-Beresp-TTL
X-ElasticPress-Query
X-Traceid
X-Ua
CountryCode
Serverid
Datacenter
NnCoection
X-Ftr-Request-Id
X-Cache-Status-Check
X-Debug-Cache-Fetch
X-Mg-Request-Id
X-Redis-Count
Environment
URI
X-Pjax-Url
X-Yottaa-OS
WZWS-RAY
X-Debug-Cache-Store
X-Apw-Hits
X-Redis-Duration-Ms
X-Apw-Access-Object
Inserted-Into-Cache-At
X-Litespeed-Cache-Control
Phost
X-Storefront-Renderer-Verified
X-Amz-Meta-Cb-Modifiedtime
Content-Script-Type
Content-Style-Type
X-Apw-Access-Action
X-Tid
X-B3-Parentspanid
X-FTR-Cache-Host
Ohc-Response-Time
X-Apw-Access-Token