Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
CF-RAY
Cf-Request-Id
CF-Cache-Status
Accept-Ranges
Link
Pragma
ETag
Expect-CT
X-XSS-Protection
X-Powered-By
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
P3P
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
Alt-Svc
X-UA-Compatible
X-Served-By
X-Timer
X-Download-Options
Access-Control-Allow-Headers
X-Request-Id
X-Xss-Protection
X-Varnish
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-Runtime
X-AspNet-Version
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Permitted-Cross-Domain-Policies
X-Check
X-Cache-Status
X-Generator
X-DNS-Prefetch-Control
X-Cacheable
Timing-Allow-Origin
X-FRAME-OPTIONS
X-Content-Security-Policy
X-Ua-Compatible
X-Request-ID
X-Iinfo
Content-Encoding
X-CDN
Feature-Policy
X-AspNetMvc-Version
Status
X-Envoy-Upstream-Service-Time
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
Upgrade
Access-Control-Max-Age
X-Via
Keep-Alive
X-Ws-Request-Id
X-AH-Environment
X-Age
X-Robots-Tag
Request-Context
EagleId
X-Cache-Group
X-Turbo-Charged-By
X-Proxy-Cache
Server-Timing
X-Server
X-Backend
X-Hacker
Host-Header
X-Server-Powered-By
Report-To
X-Amz-Request-Id
X-Nginx-Cache-Status
X-Amz-Id-2
Grace
X-UA-Device
X-Dns-Prefetch-Control
X-Rq
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-LiteSpeed-Cache
X-Page-Speed
X-OneAgent-JS-Injection
Cf-Railgun
X-Pingback
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Device
X-CST
X-Amz-Version-Id
NEL
X-Cache-Spec
Allow
X-Vhost
X-Host
X-Backend-Server
X-WebKit-CSP
X-ASPNET-VERSION
X-Server-Id
X-Dispatcher
Surrogate-Control
X-Node
EagleEye-TraceId
Xkey
Request-Id
X-Response-Time
Content-Location
Accept-CH
X-Akam-SW-Version
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Ruxit-JS-Agent
P3p
X-Cache-Lookup
Accept-CH-Lifetime
X-Application-Context
X-Country
X-Ac
X-Mod-Pagespeed
X-Cloud-Trace-Context
X-Readtime
X-Template
X-B3-TraceId
X-Language
MS-Author-Via
X-HW
Rating
X-Url
X-Cnection
X-MS-InvokeApp
Accept-Ch-Lifetime
X-Vname
X-TtlSet
X-PC
X-Origin-Cache
Edge-Control
X-Clacks-Overhead
X-ESI
X-GitHub-Request-Id
X-Trace
Accept-Ch
X-Varnish-TTL
Display
X-Middleton-Response
X-Middleton-Display
Pagespeed
Response
X-Sol
X-Content-Type
X-D2id
Verso
Arr-Disable-Session-Affinity
X-Exp-Id
X-Cdn-Fetch
X-Exp-Variant
X-Kinja
X-Use-Magma
X-Kinja-Server
X-Kinja-Build
X-GoogleNews-Bot
X-Kinja-Revision
X-FastCGI-Cache
X-Powered-By-Plesk
X-Goog-Hash
X-Country-Code
X-Vcap-Request-Id
X-Rack-Cache
X-Webkit-CSP
X-VARITI-CCR
X-ORACLE-DMS-RID
X-Navigation-Version
X-Server-Name
X-Abt-Application-Version
X-Amz-Rid
X-ORACLE-DMS-ECID
X-TTL
Fastly-Restarts
Service-Worker-Allowed
X-Cached
X-Fastly-Request-ID
X-Client-IP
X-MSEdge-Ref
X-Buckets
X-Release
Cache-Tag
X-Element-Page-Cache
X-Dw-Request-Base-Id
X-NF-Request-ID
MRF-Tech
Mrf-Cache-Status
X-B3-TraceId-Primal
X-Cache-TTL
RTSS
Access-Control-Request-Method
Public-Key-Pins
SPRequestGuid
X-SharePointHealthScore
SPRequestDuration
SPIisLatency
X-Ezoic-Cdn
AR-ATIME
AR-Request-ID
X-Edge
AR-PoweredBy
AR-CACHE
Ar-Sid
X-Powered-CMS
X-LLID
X-Upstream
X-Version
X-Pinterest-Rid
X-SRCache-Store-Status
Pinterest-Generated-By
X-SRCache-Fetch-Status
Pinterest-Version
S
X-HP-Webp
X-Jurisdiction
Content-MD5
X-Kinsta-Cache
X-Recruiting
X-Mid
X-ECACHE
X-MCACHE
Charset
X-Mg-S
X-Ttl
X-PressLabs-Stats
X-T
Cache-Tags
X-DynaTrace
X-Accel-Expires
X-Origin-Upstream-Status
X-Content-Digest
X-Forwarded-Proto
Fastcgi-Cache
Fusion-Template-Id
X-Litespeed-Cache
Fusion-Source
Fusion-Deployment-Id
Fusion-Component-Id
Fusion-Content-Source
Fusion-Content-Id
X-Content-Security-Policy-Report-Only
X-Id
X-Logged-In
X-Px
X-Correlation-Id
TP-L2-Cache
TP-Cache
Filters
Server-Node
TCN
Server-Name
Edge-Cache-Tag
X-Amz-Server-Side-Encryption
X-Oneagent-Js-Injection
Front-End-Https
X-Forwarded-For
X-Request-Processing-Time
X-Request-Received
Nginx-Cache
MicrosoftSharePointTeamServices
X-Grace
Alternate-Protocol
X-Shield-Request-Id
X-Hits
X-Amzn-Trace-Id
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-B3-Sampled
X-Microsite
X-Server-ID
X-Request-Handler-Origin-Region
X-NWS-LOG-UUID
X-Az
X-AppVersion
X-XRDS-Location
X-Activity-Id
X-Ruxit-Js-Agent
X-F-Cache
X-HS-Content-Id
X-HS-Combine-CSS
X-Amz-Replication-Status
X-HS-Hub-Id
X-HS-Cache-Config
X-Origin-Server
X-Varnish-Age
X-Goog-Stored-Content-Encoding
X-GUploader-UploadID
X-Goog-Storage-Class
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-Debug
X-Frontend
X-Rid
Realpath
Nel
X-Daa-Tunnel
Host
X-Yandex-Sdch-Disable
Section-Io-Cache
X-Cache-Age
X-RateLimit-Remaining
Accept-Charset
X-Geo-Country
X-XRDS-LOCATION
X-DIS-Request-ID
X-Fastcgi-Cache
X-Hostname
Surrogate-Key
X-Ser
X-Git-Hash
X-VCache
X-Respond-Thread
Access-Control-Allow-Method
X-Time
X-Mobile-URL
X-WebKit-CSP-Report-Only
Cleartype
X-Contextid
MS-CV
X-Source
X-Seen-By
X-DataDome
X-Upgrade-Enabled
ServerID
Paypal-Debug-Id
X-Type
X-AOL-HN
X-Is-Crawler
X-Providence-Cookie
X-Request-Guid
X-Flags
X-Route-Name
X-LB-Cache
X-Aspnet-Duration-Ms
X-Varnish-Backend
Healthy
Payment
X-IPLB-Instance
X-Content-Options
X-TT
X-Signature
X-Cache-Action
X-Whom
X-B-Cache
X-Debug-Info
X-Load-Cache
X-Page-Id
X-N
X-App-Environment
X-FB-Debug
Fastcgi-Useragent
Node
X-Cache-Key
X-Jobs
Cache
X-Webkit-Csp
X-Rule
X-Cache-Expired-At
X-Mobile
X-Erf-Bev-Bev-Is-Generated
X-Browser-Type
X-Erf-Bev-Bev
X-FireWall-Port
Refresh
Viewport
X-Tec-Api-Version
X-Tec-Api-Root
X-Tec-Api-Origin
X-Accel-Buffering
X-Original-Request-Id
X-Response-Served-From
X-Wix-Request-Id
X-Cacheable-TTL
Ms-Operation-Id
X-RTag
DC
X-HTML-Minification-Powered-By
Access-Control-Request-Headers
X-Cache-Control
X-Instance
X-Cluster-Name
X-Real-IP
X-Content-Powered-By
X-Debug-IsPreview
X-Framework
X-Page-View
X-ProcessESI
Referer-Policy
X-UUID
X-B
X-RemovedCookies
X-Zen-Fury
X-Distributor
X-Debug-IsConnected
X-Proxy
X-IPS-LoggedIn
X-Drupal-Cache-Tags
X-Region
X-Tt-Trace-Tag
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
Version
Eomportal-Instance
X-Cache-Time
X-Tt-Trace-Host
X-Www-Served-By
X-FTR-Request-ID
Countrycode
X-Protected-By
X-Drupal-Cache-Contexts
X-Nginx-Cache
X-FW-Serve
X-G
X-App-Server
X-FW-Server
X-FW-Static
X-FW-Hash
X-FW-Dynamic
Xserver
X-FW-Type
X-Tumblr-Pixel-0
X-Tumblr-User
X-Tumblr-Pixel-1
X-Cached-By
X-Tumblr-Pixel
Liferay-Portal
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Varnish-Grace
X-Via-JSL
X-Cache-Operation
X-Cache-Rule
GEO-INFO
CF-IPCountry
Section-Io-Origin-Time-Seconds
Section-Io-Id
Section-Io-Origin-Status
Section-Origin-Responded
X-Pass-Why
X-Device-Type
X-Akamai-Edgescape
X-L-Path
X-Environment-Context
X-Cache-Hit
X-TA-CDN-Provider
Powered-By-ChinaCache
SRV
Server-Info
Retry-After
X-Varnish-Server
X-Adobe-Content
X-Adobe-Loc
DynaTrace
Cache-Status
X-User-Agent
Frame-Options
X-Pinterest-Direct
Ec-Rule-Version
X-Handled-By
Meta-Geo
X-Tumblr-Pixel-2
X-Hl-Ver
From-Origin
X-Endurance-Cache-Level
X-ES-SERVER
X-RN-RSRV
X-UPSTREAM-Address
X-FB-TRIP-ID
X-Proxy-Cache-Status
Webserver
Uber-Trace-Id
Fastly-SSL
Cache-Tv-Group
X-Backend-Name
X-Mode
TWC-Locale-Group
TWC-GeoIP-LatLong
X-Human
X-Request-Time
X-Cache-Server
X-Format
Webcakes-App-Name
TWC-Privacy
TWC-GeoIP-Country
Property-Id
X-ProxyCache-Key
X-Varnishpool
X-Origin-Hint
X-Storage
X-Pubstack
X-ProxyCache-Status
X-BYPASS-REASON
TWC-Connection-Speed
Decoy-Debug-TTL
TWC-Device-Class
Decoy-Debug-Status
X-NYM-Debug-Backend
Webcakes-App-Version
Country
Apigw-Requestid
X-MP-GENERATED-AT
X-Uri
X-Soup
X-Be
X-OCL
X-WA-Info
X-PCL
Decoy-Debug-Key
X-Access
Webcakes-Region
X-Section
Mn-Server-Ip
X-Proxy-Build
X-PERF
X-PHP-Host
X-Proto
X-Timing-Wait
Cache-Name
X-R9-Blue-Green-Version
X-TNCMS
X-Loop
X-LAGOON
X-Info
X-Web-Node
X-TEC-API-VERSION
X-Sql-Count
X-TEC-API-ORIGIN
X-VWS-Id
X-Server-W
X-Via-Fastly
X-AWS-Id
X-ApacheServer
X-No-Session
X-Labrador-Cache-Channel
X-TEC-API-ROOT
X-LJ-Flow-ID
X-SayCDN-TTL
X-Say-Cacheable
X-S-Maxage
X-Origin-Date
X-Sql-Duration-Ms
Selected-Fe
X-Say-TTL
X-UA-Device-Type
Azure-InstanceId
Azure-RegionName
Azure-SlotName
Azure-SiteName
Protected
X-Cache-TTL-Remaining
Azure-Version
X-GG-Cache-Date
X-Xfnlog-Site
X-Alternate-Cache-Key
X-Hyper-Cache
X-ShopId
X-ShardId
X-SRV
X-Shopify-Stage
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Hosted-By
X-Content-Age
X-NWS-UUID-VERIFY
X-Status
X-Redis-Cache
X-Storefront-Renderer-Rendered
X-Cache-Enabled
X-Is-Bot
X-Zipkin-Id
X-Proxied
X-Routing-Service
X-Rendered-As
X-Locale
X-Backend-Host
X-Ratelimit-Limit
X-Site-Version
X-Azure-Ref
X-FW-Version
Amp-Access-Control-Allow-Source-Origin
X-Microcachable
X-Cluster
S-Cnection
AMP-Access-Control-Allow-Source-Origin
X-Cache-Grace
X-App-Version
X-Forwarded-Host
X-AIR-PT
X-TT-LOGID
X-Platform
X-Varnish-Ttl
X-CSRF-Token
X-Qloud-Router
X-Trace-Id
Akamai-GRN
X-Revision
ServedBy
X-Aspnetmvc-Version
X-CACHE-KEY
X-Cache-PHP
X-Varnish-Hostname
X-Cache-NGX
X-ATG-Version
X-EdgeConnect-Cache-Status
X-RCS-CacheZone
X-Via-CDN
X-Dc
X-Debug-Cache
Who
Cache-Hits
Filterid
X-Akamai-Transformed
X-Detected-As
X-TX-ID
X-RateLimit-Limit
Country-Code
DB-Nickname
X-CCM
X-Cache-Host
X-Node-Name
X-B3-SpanId
X-Amz-Apigw-Id
X-Amzn-Remapped-Content-Length
X-Amzn-RequestId
X-Varnish-Beresp-Grace
X-Adobe-Source
SD-X-WS
X-Unique-Id
X-Ms-Version
X-Varnish-Beresp-Ttl
X-CS
X-BCube-Filmed-By
X-Ms-Request-Id
X-GEO
X-Varnish-Beresp-Status
Backend
X-Edge-Location-Klb
X-Oss-Request-Id
X-Oss-Server-Time
X-Oss-Storage-Class
Fastly-Backend-Name
X-Origin-TTL
X-B-Cookie
X-Owner
X-Oss-Object-Type
X-PAYTM-SRV-ID
X-Application
X-From
X-A-Wwc
X-Ratelimit-Remaining
X-Processor
X-PBS-Appsvrname
X-ARC
X-Oss-Hash-Crc64ecma
X-Origin-CC
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-Cache-NE
X-Location
X-Connection-Hash
X-Destination
X-D
X-Level-Front-Cache
X-NAPM-TraceId
X-External-Request-Id
X-Varnish-Cache-Hits
Expiry
BehaviorPad-Version
X-Cache-Bucket
DCR-Processing-Time-Ms
X-Generation-Time
X-Generated-On
DCR-Decision-By
Fastcgi-X-Cache-Version
X-Aed
Mobile-Detection-Method
X-A-Dgt
X-Vdms-Path
X-Trv-Group
Meta-Geo-Continent
X-SRCache-Key
Machine
MD5-Digest
X-Vdms-Version
NGB
X-Vtex-Remote-Cache
T-Server
Rendered-Blocks
X-Vtex-Processado-Em
X-VG-WebServer
X-Nc
X-VG-WebCache
X-Session-Fingerprint
Odigeo-Trace-Id
X-ScT
X-Rojux
X-A-Ccd
X-S-Cookie
X-S
X-A-Dam
X-Rewrite-Enabled
X-Request-UUID
X-A
X-A-Dcw
X-Instrumentation
X-Server-Lifecycle-Phase
HostName
X-Kraken-Routeconfig-Destination
X-Kraken-Loop-Name
X-Time-Microsecs
X-Device-Os
AKAMAI
X-Bip
X-Developers
Arc-Version
Cache-Host
Thinkindot-CacheControl
X-Backend-State
X-FC-Vary-Parameters
Release
Host-ID
Server-Host
Ssr
X-Fetched-On
X-Azure-Ref-OriginShield
Wxu-Next-Hostname
CacheControlHeader
Magicmarker
Thinkindot-Control
Content-Disposition
V-Age
PB-RID
PB-PID
Pagetype
Path
Wxu-Next-Region
Esi-Enabled
X-Core-Value
Wxu-Next-Commit
Gh-Request-Id
Thinkindot-CacheControl-Type
Cf-Device-Type
X-Cms-Context
UCS
X-Irp-Debug
X-Tumblr-Pixel-3
X-TrackingId
X-Policy
X-Var-Ttl
X-IP
X-Is-Gdpr
X-Magnolia-Registration
X-Thinkindot-L3
X-OVcl-Cache
X-Backend-TTL
X-OVcl
X-Reqid
X-Thanos
X-ServerID
X-B3-Traceid
X-JWT-State
X-Geo-Header
X-Has-Esi
X-Generated-In
X-GeoIP-City
X-APP-VERSION
User-Cache-Control
X-Request-URI
X-Scheme
Sever-Int
X-Skip-Cache
X-SIPLIST1
X-Rebelmouse-Surrogate-Control
X-Ratelimit-Reset
X-Planisys-CDN-TTL
X-Rebelmouse-Cache-Control
X-SVT-ORM-RULES
Server-Hostname
X-Request-Host
X-Planisys-CDN-Rules
True-Client-Country-4JS
X-Variation
X-VG-TLSProxy
X-Varnish-CookieHashed-On
X-VarnishDD-TTL
X-Varnish-Hits
X-Varnish-CookieINHashed-On
X-VServer
X-User
X-Planisys-CDN-Cache
X-Varnish-Remaining-TTL
X-Wikidot-Static-Cache
X-Wikidot-Backend
Vix-Hermes-Req-Id
Web-Mar-Node
X-SVT-ORM-VERSION
X-Origin-Expires
X-HS-Content-Campaign-Id
X-Developer
X-Hnp-Log
Server-Ext
X-DefHash
X-Li-Fabric
X-Csrf-Jwt
X-DefElseHash
X-HN
X-Dispatcher-Server
X-Fastly-Backend
X-Fastly-Cache
X-Generated-By
X-GeoIP
X-Epic-Correlation-Id
X-DPWN-IS-SECURE
X-GoCache-CacheStatus
X-Envoy-Decorator-Operation
X-Li-Pop
X-Clientip
X-Branch-Name
X-NU-AKA-ACS-Version
X-Cache-Debug
X-Old-Content-Length
X-Origin
X-Block-Status
X-Origin-Response-Time
X-Gen-Mode
X-Cache-Info
X-Node-Id
X-Method
X-LI-UUID
X-CGP
X-Cache-Tags
X-Micro-Cache
X-Nginx-Cache-Key
X-Mvc-Supplant-Cachable
X-Platform-Server
X-Eu-Site
Fastly-SIE
CDCHOST
DSUID
Adler-Geo
Cf-Bgj
Fastly-SWR
Ha-Gx-Prefs
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-Backend
HA-Ipaddr
Apple-News-Services-Handled
CDN-Uid
Apple-News-Services-Request-Url
CDN-CachedAt
CDN-Cache
C-Via
CDN-EdgeStorageId
CDN-PullZone
CDN-RequestId
CDN-RequestCountryCode
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Is-Eu
X-Country-Code-Real
Origin
PFcat
Platform
X-FTR-Realm
NM-Fastcgi-Cache
IsBot
NGX
Locid
X-FTR-DC
X-FTR-Cache-Status
L
L5d-Success-Class
Location
X-Amz-Meta-S3cmd-Attrs
X-DynaTrace-JS-Agent
X-NewRelic-App-Data
X-ID
X-Esi-Check
Rt-Fastcgi-Cache
Cmsid
X-Clara-WADP
X-WADP-Cache
X-Fmm-Version
On-Server
Req-Svc-Chain
X-Cache-Id
X-Tb
Cmstype
X-EC-Lua
X-Slack-Backend
X-Aicache-OS
X-Loc
Fastly-Drupal-HTML
X-LB-ID
X-Gamma-Serve
X-Gzip
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Hash
X-Unique-ID
X-Correlation-ID
X-Sucuri-ID
X-Servername
X-Served-From
Kp-EeAlive
Xc-Version
Svr
X-Swa-Ws
X-Vgn-Hpd-Reason
X-Cdn-Forward
X-Via-Poph
X-Varnish-Url
X-Air-Hostname
X-Mvc-Supplant-OutputCached
X-PF-Uncompressing
X-Via-Popn
A
X-Via-Popv
X-FTR-Expires
M-TraceId
X-Refresh
Pics-Label
Viewtype
VivaBuild
Url
X-JoinUs
X-SaId
X-PHP-Backend
X-NGENIX-Cache
Cache-Key
X-Edge-Location
Arc-Country
Instruction
Cross-Origin-Opener-Policy
Tracecode
SR-User-Adfree
SID
X-DC
X-Cache-Var
X-Cache-Var-Map
X-CUA
TDXMobile
X-NC
Sid
Lfy
X-Matched-Rule
X-Vc
DataCenter
X-TraceId
NtCoent-Length
X-CDN-Forward
X-Sn-Servicetimems
CloudFront-Viewer-Country
MIME-Version
X-NCache
X-Cdn-Origin
Content-Secure-Policy
X-Tb-Optimization-Total-Bytes-Saved
X-Service
X-Cache-Expires
X-Extlb
X-CLOUD-TRACE-CONTEXT
X-Internal-Host
Pramga
X-Cache-Backend
X-Servedbyhost
X-Cache-Date
Server-ID
X-Bc-Bl
X-Core-Mission
Geo-Info
Source
Geoip-Latitude
X-Wa
X-Request-Start
Tcn
GeoIp-Country-Code
X-Forwarded-Site
X-Newrelic-Synthetics
X-B3-Spanid
X-Req
LB
X-Webkit-CSP-Report-Only
Memcached
FSS-Cache
X-Srv
X-Proxy-Upstream
Surrogated-Key
X-Error
X-Date
X-Via-NSCOPI
We-Hiring
X-Accel-Expires-Debug
Mail-Subject
X-HS-Status
X-Esi
X-VC-Cache
X-LI-Proto
X-FireWall-Protection
CACHE
Hostname
Upgrade-Insecure-Requests
X-VHOST
X-Viewer-Country
X-PJAX-URL
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
Env
X-Sigma
X-Sigma-Backend
X-Vcl-Version
X-VCL-Version
X-Rocket-Build-Number
X-Li-Proto
X-Varnish-Cacheable
X-Response-By
X-HOST
X-CCDN-CacheTTL
X-Hcs-Proxy-Type
X-App
Server-Ttl
Resin-Trace
X-MSEdge-Features
X-Men
X-CCDN-Origin-Time
X-Cache-Ttl
X-Air-Source
Request-ID
Memory
X-MSEdge-Flight
Time
X-ZONE
X-Cs
X-LiteSpeed-Cache-Control
X-Geo
X-Proxy-Cachei7
Xkeyi7
X-DB
CF-Cached-On
X-RPM
X-TIM-N
X-APP
X-WA
X-Mg-Request-UUID
X-RSL
GeoIP-Country-Code
X-DW
X-RPS
X-DI
X-DSS
X-BBXSRF
GeoIP-Latitude
X-ServedByHost
CPC-Cache
X-RAMCache
VNS-Cache
X-Zone
N-Cache
CPC-Age
VNS-Age
HitType
XServer
X-Air-Trace-Id
X-Cache-ASPX
My-App
X-Contensis-Viewer-Groups
S-Rt
Fastcgi-Cache-TTL
State
Server-Id
ProcessTime
X-Cache-2
X-Action
X-Varnish-Authentication
Srv
X-HostName
X-Cc-Req-Id
X-UA
X-Oss-Cdn-Auth
X-Cc-Via
Mime-Version
X-Minions-Version
X-Svr
X-FPC
D-Cc-Upstream
X-Region-Sid
X-Provided-By
X-Swift-Error
X-Cache-Type
X-Dynatrace-Js-Agent
X-Depends-On
Cache-Provider
W
X-FORWARDED-FOR
X-Cdn-Request-ID
X-Cache-Config
X-Dw-Trace-Id
X-UnsetCookies
X-BACKEND-TTL
X-Server-IP
CDN
X-API-Version
X-Gdpr
X-URL
X-Origin-Time
OT-Force-Account-Verify
X-Fpc
X-TIME
X-CSRF-TOKEN
X-Nyt-Route
X-CF-Powered-By
X-Xrds-Location
X-Client-Ip
X-ServerName
Cteonnt-Length
X-Orig-Expires
X-Forwarded-Path
X-Shop-Environment
X-Fastly-Request-Id
X-Tenant
X-Parent-Response-Time
X-ND-Cache
X-ABtesting
X-Flog
Proxy-Connection
Cdn
X-Hello
X-Akamai-Pragma-Client-IP
X-Cache-Remote
Ohc-File-Size
Cross-Origin-Window-Policy
X-Sucuri-Cache
X-Pad
PICS-Label
X-Fastly-Backend-Reqs
X-SN
Media-Length
X-Pf-Uncompressing
Dnion-Transfer-Encoding
WZWS-RAY
X-VC
X-NGINX-Cache
X-Oracle-DMS-ECID
Vha6-Origin
X-NodeID
X-Check-Cacheable
X-Snapshot-Date
X-Presslabs-Stats
X-SD-PageType
Ohc-Cache-HIT
X-Erf-Stays-Bingo-Pdp-Web
X-Ftr-Request-Id
X-Varnish-URL
X-Cluster-Node
X-Webstats-RespID
X-Traceid
X-LiteSpeed-Tag
Datacenter
Cf-Ipcountry
X-Ftr-Cache-Host
X-SB
X-BBC-Edge-Cache-Status
X-ElasticPress-Search
X-Air-Pt
X-Via-PopV
X-Via-PopH
X-Via-PopN
Epwk-X-Cache
X-Akamai-ERRuleID
X-Ms-Meta-Originalurl
X-Vcache
X-Host-Name
X-Acquia-Application-UUID
X-Acquia-Purge-Tags
X-Acquia-Application-Trace
EpKe-Alive
X-MiniProfiler-Ids
X-Akamai-ERPolicy
X-Conf
X-Pjax-Url
X-Ms-Meta-Staticbatchstarttime
Xet-Cookie
X-Lb-Id
X-IN-APIGATEWAYSSL
X-Yottaa-OS
Warning
X-Acquia-Site
X-Cache-Tag
X-IN-APIGATEWAY
CountryCode
X-Redis-Duration-Ms
X-Cache-Status-Check
X-Mg-Request-Id
X-C
Environment
X-Apw-Hits
X-Redis-Count
X-Litespeed-Cache-Control
Inserted-Into-Cache-At
NnCoection
X-Tid
X-BBC-Origin-Response-Status
X-B3-Parentspanid
X-Debug-Cache-Fetch
Ohc-Response-Time
Phost
X-Varnish-Beresp-TTL
X-Request-URL
X-Render-Time
X-Apw-Access-Action
X-Apw-Access-Object
Content-Style-Type
Content-Script-Type
X-Amz-Meta-Cb-Modifiedtime
URI
X-Debug-Cache-Store
X-Apw-Access-Token