Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
CF-RAY
Cf-Request-Id
CF-Cache-Status
Accept-Ranges
Link
X-XSS-Protection
Pragma
ETag
Expect-CT
X-Powered-By
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
P3P
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
Alt-Svc
X-UA-Compatible
X-Served-By
X-Timer
X-Download-Options
Access-Control-Allow-Headers
X-Varnish
X-Request-Id
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-Xss-Protection
X-Runtime
X-AspNet-Version
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Permitted-Cross-Domain-Policies
X-Check
X-Cache-Status
X-Generator
X-DNS-Prefetch-Control
X-Cacheable
Timing-Allow-Origin
X-Request-ID
X-Content-Security-Policy
X-Iinfo
X-Ua-Compatible
Content-Encoding
X-CDN
Feature-Policy
X-AspNetMvc-Version
Status
X-Envoy-Upstream-Service-Time
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
Upgrade
Access-Control-Max-Age
X-Via
Keep-Alive
X-Ws-Request-Id
X-Age
X-Robots-Tag
X-AH-Environment
X-Turbo-Charged-By
Request-Context
EagleId
X-Cache-Group
X-Proxy-Cache
Server-Timing
X-Server
X-Backend
X-Hacker
Host-Header
X-Server-Powered-By
Report-To
X-Amz-Request-Id
X-Nginx-Cache-Status
Grace
X-Amz-Id-2
X-UA-Device
X-Dns-Prefetch-Control
X-Rq
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
P3p
X-LiteSpeed-Cache
X-Page-Speed
Cf-Railgun
X-Pingback
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Device
X-Amz-Version-Id
NEL
X-OneAgent-JS-Injection
X-CST
X-Cache-Spec
X-WebKit-CSP
X-Vhost
Allow
X-Backend-Server
X-Server-Id
X-Host
Xkey
X-ASPNET-VERSION
X-Dispatcher
EagleEye-TraceId
Surrogate-Control
X-Node
Request-Id
X-Response-Time
Content-Location
X-Akam-SW-Version
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Accept-CH
X-Cache-Lookup
X-Application-Context
X-Ac
X-Country
X-Ruxit-JS-Agent
Accept-Ch-Lifetime
X-Mod-Pagespeed
X-Cloud-Trace-Context
X-Template
X-Language
X-Readtime
Accept-Ch
X-B3-TraceId
MS-Author-Via
Accept-CH-Lifetime
X-Url
Rating
X-HW
X-Cnection
X-Origin-Cache
X-MS-InvokeApp
X-PC
X-Vname
X-TtlSet
X-Clacks-Overhead
Edge-Control
X-ESI
X-GitHub-Request-Id
X-Trace
X-Content-Type
Pagespeed
Response
X-Middleton-Display
X-Sol
X-Middleton-Response
Display
X-D2id
Verso
Arr-Disable-Session-Affinity
X-ORACLE-DMS-RID
X-Oneagent-Js-Injection
X-Exp-Id
X-Cdn-Fetch
X-Exp-Variant
X-Kinja
X-Use-Magma
X-Kinja-Server
X-Kinja-Revision
X-Kinja-Build
X-GoogleNews-Bot
X-ORACLE-DMS-ECID
X-Vcap-Request-Id
X-Goog-Hash
X-Country-Code
X-Rack-Cache
X-Powered-By-Plesk
X-Varnish-TTL
X-Navigation-Version
X-VARITI-CCR
X-Server-Name
Service-Worker-Allowed
X-Amz-Rid
X-Fastly-Request-ID
X-Abt-Application-Version
X-Client-IP
Fastly-Restarts
X-Buckets
X-TTL
X-Cache-TTL
X-Cached
X-MSEdge-Ref
X-Release
X-Element-Page-Cache
X-Dw-Request-Base-Id
X-FastCGI-Cache
X-NF-Request-ID
X-SharePointHealthScore
SPRequestGuid
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
Public-Key-Pins
SPRequestDuration
SPIisLatency
RTSS
Access-Control-Request-Method
X-Pinterest-Rid
X-Webkit-CSP
Pinterest-Generated-By
Pinterest-Version
Cache-Tag
X-Edge
AR-PoweredBy
AR-ATIME
AR-CACHE
Ar-Sid
AR-Request-ID
X-Powered-CMS
X-LLID
X-Ezoic-Cdn
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Upstream
Content-MD5
X-Version
X-Ruxit-Js-Agent
X-HP-Webp
X-Jurisdiction
S
X-Recruiting
X-MCACHE
X-Mid
X-ECACHE
X-Origin-Upstream-Status
X-Ttl
X-DynaTrace
Charset
X-Mg-S
X-Kinsta-Cache
X-PressLabs-Stats
Fusion-Deployment-Id
Fusion-Template-Id
Fusion-Component-Id
Fusion-Content-Source
Fusion-Source
Fusion-Content-Id
X-Content-Digest
X-Fastcgi-Cache
X-Px
X-T
Cache-Tags
Fastcgi-Cache
X-Id
X-Accel-Expires
X-Logged-In
X-Forwarded-Proto
Filters
X-Content-Security-Policy-Report-Only
TCN
X-Litespeed-Cache
X-Amz-Server-Side-Encryption
Server-Node
Edge-Cache-Tag
TP-Cache
TP-L2-Cache
Server-Name
Front-End-Https
MicrosoftSharePointTeamServices
X-Forwarded-For
X-Grace
X-Request-Processing-Time
Nginx-Cache
X-Request-Received
X-Correlation-Id
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Hits
X-Amzn-Trace-Id
X-Shield-Request-Id
X-Debug
X-Microsite
X-Request-Handler-Origin-Region
X-B3-Sampled
X-Varnish-Age
X-XRDS-LOCATION
Alternate-Protocol
X-Az
X-Activity-Id
X-AppVersion
X-Amz-Replication-Status
X-HS-Cache-Config
X-HS-Combine-CSS
X-HS-Content-Id
X-Yandex-Sdch-Disable
X-HS-Hub-Id
X-F-Cache
Surrogate-Key
X-GUploader-UploadID
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Origin-Server
X-XRDS-Location
X-Ser
X-DIS-Request-ID
X-Frontend
X-Rid
X-NWS-LOG-UUID
Accept-Charset
X-Geo-Country
Host
X-Cache-Age
Nel
X-Git-Hash
Section-Io-Cache
X-Hostname
X-Respond-Thread
X-Time
Access-Control-Allow-Method
X-VCache
X-DataDome
X-Upgrade-Enabled
X-Mobile-URL
X-RateLimit-Remaining
X-LB-Cache
X-Daa-Tunnel
Paypal-Debug-Id
ServerID
X-Type
MS-CV
X-AOL-HN
X-Source
X-Seen-By
X-TT
X-Content-Options
X-Varnish-Backend
X-Cache-Key
X-Whom
Cleartype
X-Cache-Action
X-IPLB-Instance
Healthy
Payment
X-App-Environment
X-Debug-Info
Cache
X-Server-ID
X-Providence-Cookie
X-Route-Name
X-Signature
X-Is-Crawler
X-Request-Guid
X-Page-Id
X-B-Cache
X-Flags
X-Aspnet-Duration-Ms
X-WebKit-CSP-Report-Only
X-Load-Cache
X-N
X-Jobs
X-Contextid
Realpath
Fastcgi-Useragent
X-Pinterest-Direct
X-FB-Debug
X-FTR-Request-ID
X-Browser-Type
X-Mobile
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
Node
X-Webkit-Csp
X-Rule
Refresh
Powered-By-ChinaCache
X-Cache-Expired-At
X-Accel-Buffering
X-Original-Request-Id
X-Response-Served-From
DC
Version
X-Cacheable-TTL
X-Cluster-Name
X-Content-Powered-By
X-Framework
X-RTag
Access-Control-Request-Headers
Ms-Operation-Id
X-Real-IP
X-UUID
X-RemovedCookies
X-ProcessESI
X-Cache-Control
X-Zen-Fury
X-Wix-Request-Id
Viewport
X-Proxy
X-Instance
X-B
X-HTML-Minification-Powered-By
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
Eomportal-Instance
Referer-Policy
X-IPS-LoggedIn
X-FireWall-Port
X-Cache-Time
X-Distributor
X-Region
X-Drupal-Cache-Tags
X-Via-JSL
X-Tt-Trace-Host
X-Page-View
X-Tt-Trace-Tag
Countrycode
X-Cached-By
X-Drupal-Cache-Contexts
X-Cache-Operation
X-Cache-Rule
X-Tec-Api-Origin
X-FW-Serve
X-FW-Static
X-FW-Type
X-FW-Server
X-FW-Hash
X-Tec-Api-Version
X-FW-Dynamic
X-Tec-Api-Root
X-Akamai-Edgescape
X-G
X-Tumblr-Pixel-1
X-Tumblr-User
X-Tumblr-Pixel-0
X-Tumblr-Pixel
Liferay-Portal
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Nginx-Cache
X-Cache-Hit
X-App-Server
Xserver
X-Pass-Why
X-L-Path
X-Environment-Context
X-Debug-IsConnected
X-Debug-IsPreview
X-Www-Served-By
X-Protected-By
X-TEC-API-ROOT
DynaTrace
Section-Io-Origin-Time-Seconds
Section-Io-Id
Section-Io-Origin-Status
X-TEC-API-ORIGIN
Section-Origin-Responded
X-TEC-API-VERSION
SRV
X-Varnish-Ttl
Server-Info
CF-IPCountry
X-User-Agent
X-Device-Type
X-Varnish-Grace
Webserver
X-Tumblr-Pixel-2
From-Origin
X-Adobe-Loc
X-Adobe-Content
Ec-Rule-Version
Retry-After
X-Handled-By
X-Hl-Ver
X-RN-RSRV
X-UPSTREAM-Address
GEO-INFO
Cache-Status
Meta-Geo
X-Endurance-Cache-Level
X-ES-SERVER
Frame-Options
X-Mode
X-MP-GENERATED-AT
X-Backend-Name
X-Varnish-Server
Cache-Tv-Group
Webcakes-Region
Webcakes-App-Version
X-ProxyCache-Key
X-Access
X-Section
X-Cache-Server
X-FB-TRIP-ID
X-Format
TWC-Privacy
X-Human
Property-Id
Webcakes-App-Name
X-BYPASS-REASON
X-Labrador-Cache-Channel
X-Uri
TWC-Device-Class
X-Pubstack
Decoy-Debug-Key
Country
X-PCL
TWC-GeoIP-Country
X-Varnishpool
X-Origin-Hint
TWC-Locale-Group
X-OCL
Fastly-SSL
X-Soup
X-PHP-Host
X-Storage
Apigw-Requestid
TWC-GeoIP-LatLong
X-ProxyCache-Status
TWC-Connection-Speed
Decoy-Debug-TTL
Decoy-Debug-Status
X-Be
X-PERF
X-Request-Time
X-Redis-Cache
X-ApacheServer
X-S-Maxage
X-Via-Fastly
X-LAGOON
Selected-Fe
Azure-RegionName
X-Timing-Wait
X-Ratelimit-Limit
Azure-InstanceId
X-NYM-Debug-Backend
X-R9-Blue-Green-Version
X-No-Session
X-Proxy-Build
Azure-Version
Azure-SlotName
Azure-SiteName
Cache-Name
Protected
Mn-Server-Ip
X-VWS-Id
X-Web-Node
X-Status
X-Server-W
X-UA-Device-Type
X-Origin-Date
X-LJ-Flow-ID
X-Proto
X-Xfnlog-Site
X-Cache-TTL-Remaining
X-AWS-Id
X-Info
X-Say-Cacheable
X-SayCDN-TTL
X-Say-TTL
X-WA-Info
X-TNCMS
X-Locale
X-Hyper-Cache
X-Hosted-By
X-GG-Cache-Date
X-Loop
X-Site-Version
X-Sql-Duration-Ms
X-Sql-Count
X-ShopId
X-Alternate-Cache-Key
X-Storefront-Renderer-Rendered
X-Sorting-Hat-ShopId
X-ShardId
X-Shopify-Stage
X-Sorting-Hat-PodId
AMP-Access-Control-Allow-Source-Origin
X-Routing-Service
X-Zipkin-Id
X-Proxied
X-Is-Bot
X-AIR-PT
X-FW-Version
X-TA-CDN-Provider
Uber-Trace-Id
X-Rendered-As
X-Dc
X-Proxy-Cache-Status
X-Cache-Enabled
S-Cnection
X-Content-Age
X-Microcachable
X-Node-Name
X-Cache-Grace
X-Forwarded-Host
X-Cluster
X-TT-LOGID
X-NWS-UUID-VERIFY
X-Revision
X-CCM
X-Platform
X-Azure-Ref
X-Backend-Host
X-Qloud-Router
X-Via-CDN
X-CSRF-Token
X-SRV
Cache-Hits
X-App-Version
Akamai-GRN
X-Trace-Id
X-Ratelimit-Remaining
X-EdgeConnect-Cache-Status
ServedBy
X-Detected-As
X-Aspnetmvc-Version
X-ATG-Version
X-Cache-NGX
X-Correlation-ID
X-Cache-PHP
Amp-Access-Control-Allow-Source-Origin
X-Varnish-Hostname
X-Debug-Cache
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Cache-Host
X-Amzn-Remapped-Content-Length
X-B3-SpanId
X-FTR-Balancer
X-FTR-Backend
X-FTR-Cache-Status
X-FTR-Backend-Server
X-FTR-Realm
HostName
X-Country-Code-Real
X-FTR-DC
X-Amz-Meta-S3cmd-Attrs
X-RCS-CacheZone
X-Nc
X-TX-ID
SD-X-WS
DB-Nickname
X-Akamai-Transformed
X-CS
X-Oss-Storage-Class
X-Oss-Server-Time
X-Oss-Object-Type
X-Oss-Request-Id
X-Oss-Hash-Crc64ecma
X-BCube-Filmed-By
X-Time-Microsecs
X-Adobe-Source
X-DynaTrace-JS-Agent
X-CACHE-KEY
X-Ms-Request-Id
X-Cdn-Forward
X-Ms-Version
X-Backend-TTL
X-ServerID
Backend
X-S
Machine
X-D
X-Origin-TTL
X-Owner
X-Application
X-ARC
X-External-Request-Id
X-CF-Lambda-Fn
X-S-Cookie
X-PAYTM-SRV-ID
MD5-Digest
X-Level-Front-Cache
Fastcgi-X-Cache-Version
DCR-Processing-Time-Ms
X-Rojux
X-Rewrite-Enabled
Expiry
Who
X-Request-UUID
X-A-Wwc
X-Destination
X-Origin-CC
X-NAPM-TraceId
X-Location
X-CF-Lambda-Version
X-Varnish-Cache-Hits
DCR-Decision-By
X-From
X-Vtex-Remote-Cache
X-Processor
X-Varnish-Beresp-Grace
X-Cache-NE
BehaviorPad-Version
X-A-Dgt
Rendered-Blocks
Odigeo-Trace-Id
X-SRCache-Key
X-Unique-ID
Tracecode
X-Air-Hostname
X-Generated-On
X-Generation-Time
X-Aed
T-Server
X-Trv-Group
X-A
X-B-Cookie
X-Connection-Hash
Mobile-Detection-Method
X-A-Dam
X-PBS-Appsvrname
X-VG-WebServer
X-Session-Fingerprint
X-VG-WebCache
X-A-Ccd
X-Vdms-Version
X-Vdms-Path
X-A-Dcw
X-Vtex-Processado-Em
Meta-Geo-Continent
X-ScT
X-FTR-Expires
X-RateLimit-Limit
Country-Code
X-Fastly-Cache
X-Fetched-On
X-Varnish-Beresp-Ttl
Cache-Host
X-Generated-In
X-GeoIP-City
AKAMAI
X-Geo-Header
CacheControlHeader
Wxu-Next-Region
Ssr
X-Bip
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
Thinkindot-Control
X-Cache-Bucket
Server-Host
Pagetype
Release
X-Cms-Context
X-Cache-Info
UCS
V-Age
Gh-Request-Id
X-Developers
X-Device-Os
Fastly-Backend-Name
Host-ID
X-Core-Value
Wxu-Next-Commit
Wxu-Next-Hostname
Path
Magicmarker
Content-Disposition
X-TrackingId
X-Magnolia-Registration
X-Tb
X-Tumblr-Pixel-3
X-Irp-Debug
X-OVcl-Cache
X-OVcl
X-Thinkindot-L3
X-Thanos
X-Mvc-Supplant-Cachable
X-Micro-Cache
X-Reqid
X-Swa-Ws
Xc-Version
X-HS-Content-Campaign-Id
X-NewRelic-App-Data
X-Sucuri-ID
X-Varnish-Beresp-Status
Filterid
X-Skip-Cache
X-Csrf-Jwt
L5d-Success-Class
L
X-Branch-Name
X-SVT-ORM-VERSION
X-Developer
X-Origin
Ha-Gx-Prefs
HA-Ipaddr
X-Gzip
Locid
PFcat
X-Ratelimit-Reset
On-Server
X-Cache-Id
X-Request-Host
PB-RID
NM-Fastcgi-Cache
NGX
X-Scheme
PB-PID
X-Request-URI
X-CGP
X-Policy
X-Clara-WADP
Location
X-User
C-Via
X-IP
Arc-Version
X-Is-Gdpr
X-JWT-State
X-WADP-Cache
X-Wikidot-Backend
X-Generated-By
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
X-GeoIP
X-Has-Esi
X-Wikidot-Static-Cache
X-Azure-Ref-OriginShield
X-HN
Apple-News-Services-Host
Apple-News-Services-Handled
X-B3-Traceid
X-VG-TLSProxy
X-Fmm-Version
DSUID
X-Envoy-Decorator-Operation
X-Esi-Check
X-Var-Ttl
Esi-Enabled
X-Dispatcher-Server
X-SVT-ORM-RULES
True-Client-Country-4JS
X-Old-Content-Length
X-Eu-Site
X-Varnish-Hits
X-FC-Vary-Parameters
X-VarnishDD-TTL
Vix-Hermes-Req-Id
Cf-Bgj
Cf-Device-Type
X-Method
X-Backend-State
X-APP-VERSION
X-GEO
User-Cache-Control
X-Unique-Id
X-Li-Fabric
X-LB-ID
X-Varnish-Remaining-TTL
X-Li-Pop
X-Varnish-CookieHashed-On
X-Varnish-CookieINHashed-On
X-VServer
X-Gamma-Serve
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Aicache-OS
X-GoCache-CacheStatus
X-Hash
X-Gen-Mode
X-Hnp-Log
X-Fastly-Backend
X-LI-UUID
X-Origin-Response-Time
X-Block-Status
X-Platform-Server
X-Cache-Debug
X-Cache-Tags
X-Clientip
X-DefElseHash
X-Origin-Expires
X-DPWN-IS-SECURE
X-Slack-Backend
X-Nginx-Cache-Key
X-Node-Id
X-DefHash
X-NU-AKA-ACS-Version
X-Variation
X-Cache-Var-Map
CDN-RequestCountryCode
CDN-RequestId
CDN-PullZone
Platform
CDN-EdgeStorageId
CDN-Uid
Fastly-Drupal-HTML
Origin
Is-Eu
Server-Ext
Server-Hostname
CDN-CachedAt
Sever-Int
Web-Mar-Node
X-Cache-Var
Adler-Geo
CDCHOST
CDN-Cache
X-EC-Lua
X-ID
Instruction
X-Epic-Correlation-Id
X-Loc
IsBot
Fastly-SWR
Geo-Info
X-SIPLIST1
X-Mvc-Supplant-OutputCached
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
Fastly-SIE
Rt-Fastcgi-Cache
SR-User-Adfree
X-Via-Popv
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-Via-Popn
X-Via-Poph
X-Planisys-CDN-TTL
X-Varnish-Url
X-CUA
X-PF-Uncompressing
X-HOST
X-Refresh
Pics-Label
Url
X-Matched-Rule
NGB
Sid
Lfy
X-Cache-Backend
CloudFront-Viewer-Country
X-Cache-Expires
Cmsid
Cmstype
X-Servername
X-Sn-Servicetimems
Svr
X-NCache
Pramga
X-Served-From
Kp-EeAlive
Req-Svc-Chain
X-Cdn-Origin
A
X-TraceId
X-Tb-Optimization-Total-Bytes-Saved
X-Srv
VivaBuild
X-Cache-Date
Viewtype
X-Core-Mission
M-TraceId
MIME-Version
Cache-Key
Cross-Origin-Opener-Policy
X-Request-Start
Source
X-Vgn-Hpd-Reason
TDXMobile
X-SaId
X-JoinUs
X-NGENIX-Cache
X-PHP-Backend
Server-ID
X-Error
Arc-Country
X-FireWall-Protection
X-CLOUD-TRACE-CONTEXT
DataCenter
X-Webkit-CSP-Report-Only
X-Edge-Location
X-Vc
X-Vcl-Version
X-Varnish-Cacheable
X-Server-Lifecycle-Phase
X-Kraken-Routeconfig-Destination
X-DC
X-Instrumentation
X-Kraken-Loop-Name
Geoip-Latitude
GeoIp-Country-Code
X-NC
SID
X-Edge-Location-Klb
X-Response-By
X-Geo
Tcn
X-HS-Status
X-Servedbyhost
Content-Secure-Policy
X-Service
X-Air-Source
NtCoent-Length
Xkeyi7
X-Proxy-Cachei7
X-Wa
X-B3-Spanid
X-LiteSpeed-Cache-Control
X-Forwarded-Site
FSS-Cache
X-Li-Proto
HitType
X-Extlb
Server-Ttl
X-Internal-Host
Resin-Trace
X-BBXSRF
X-Esi
N-Cache
X-Bc-Bl
CACHE
X-CDN-Forward
X-Viewer-Country
X-Cache-2
X-LI-Proto
X-Via-NSCOPI
S-Rt
X-Cache-Remote
X-Proxy-Upstream
X-PJAX-URL
Request-ID
X-Req
X-Varnish-Authentication
D-Cc-Upstream
X-RAMCache
X-Contensis-Viewer-Groups
X-Accel-Expires-Debug
X-Cc-Via
X-Cc-Req-Id
X-Cache-ASPX
LB
Mail-Subject
We-Hiring
Surrogated-Key
Memcached
X-Date
X-WA
X-Hcs-Proxy-Type
X-CCDN-CacheTTL
X-Svr
X-CCDN-Origin-Time
X-UA
X-Cs
Cteonnt-Length
X-Erf-Stays-Bingo-Pdp-Web
Upgrade-Insecure-Requests
X-RPM
X-ServedByHost
X-TIM-N
X-VC-Cache
X-RateLimit-Remaining-Second
Env
X-Newrelic-Synthetics
X-RateLimit-Limit-Second
X-DI
X-DSS
X-DW
X-VCL-Version
X-DB
X-RPS
X-RSL
X-Sucuri-Cache
Hostname
Cross-Origin-Window-Policy
Ohc-File-Size
X-Sigma-Backend
X-Server-IP
X-Men
X-Sigma
X-Rocket-Build-Number
GeoIP-Latitude
X-APP
GeoIP-Country-Code
XServer
X-Host-Name
X-Air-Trace-Id
X-FPC
ProcessTime
Memory
Time
X-Origin-Time
X-CF-Powered-By
X-Cache-Config
X-Action
Server-Id
X-API-Version
X-Nyt-Route
X-Gdpr
CF-Cached-On
X-MSEdge-Flight
X-ZONE
X-App
X-MSEdge-Features
X-HostName
CPC-Age
Mime-Version
X-Region-Sid
X-NodeID
Cache-Provider
X-TIME
X-Oss-Cdn-Auth
VNS-Cache
X-VC
VNS-Age
X-SN
X-Fpc
CPC-Cache
X-Zone
X-Check-Cacheable
X-Swift-Error
X-Dynatrace-Js-Agent
Ohc-Cache-HIT
X-Provided-By
X-SB
X-Webstats-RespID
X-FORWARDED-FOR
X-Depends-On
W
X-SD-PageType
Srv
X-ServerName
X-Cdn-Request-ID
CDN
X-BBC-Edge-Cache-Status
X-Ftr-Cache-Host
Cdn
State
My-App
X-UnsetCookies
X-BACKEND-TTL
X-CSRF-TOKEN
X-Client-Ip
X-Akamai-Pragma-Client-IP
X-Hello
X-Flog
X-Minions-Version
X-ABtesting
X-Parent-Response-Time
X-Mg-Request-UUID
EpKe-Alive
X-Fastly-Backend-Reqs
Fastcgi-Cache-TTL
X-Dw-Trace-Id
X-Render-Time
X-Fastly-Request-Id
Dnion-Transfer-Encoding
X-Acquia-Site
Media-Length
Proxy-Connection
X-NGINX-Cache
X-Pad
X-Oracle-DMS-ECID
Cf-Ipcountry
X-Cache-Tag
X-Presslabs-Stats
PICS-Label
X-Acquia-Application-UUID
X-Pf-Uncompressing
Vha6-Origin
X-Acquia-Purge-Tags
X-Acquia-Application-Trace
Processtime
X-Auto-Login
X-BBC-Origin-Response-Status
X-LiteSpeed-Tag
X-ElasticPress-Search
X-Cache-Type
Epwk-X-Cache
X-Snapshot-Date
X-Via-PopN
X-Via-PopV
X-Worker
OT-Force-Account-Verify
X-Via-PopH
X-FTR-Cache-Host
Warning
X-Forwarded-Path
X-Akamai-ERRuleID
X-Vcache
X-Akamai-ERPolicy
Xet-Cookie
X-Tenant
X-Varnish-URL
X-Ms-Meta-Originalurl
X-Varnish-Beresp-TTL
X-Request-URL
X-Lb-Id
X-Orig-Expires
X-MiniProfiler-Ids
X-Traceid
X-ND-Cache
X-Cluster-Node
X-Shop-Environment
X-Ms-Meta-Staticbatchstarttime
X-ElasticPress-Query
X-Air-Pt
CountryCode
X-Ua
X-Mg-Request-Id
X-Ftr-Request-Id
X-Apw-Access-Action
X-Apw-Access-Object
X-Apw-Access-Token
WZWS-RAY
X-Apw-Hits
X-Cache-Status-Check
X-Yottaa-OS
URI
X-Redis-Count
X-Redis-Duration-Ms
NnCoection
Environment
X-Storefront-Renderer-Verified
X-IN-APIGATEWAYSSL
X-IN-APIGATEWAY
Datacenter
X-B3-Parentspanid
Phost
X-Amz-Meta-Cb-Modifiedtime
X-Litespeed-Cache-Control
Content-Script-Type
X-Tid
Inserted-Into-Cache-At
Ohc-Response-Time
X-Debug-Cache-Fetch
X-Debug-Cache-Store
Content-Style-Type