Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
CF-RAY
Cf-Request-Id
CF-Cache-Status
X-XSS-Protection
Accept-Ranges
Link
Pragma
ETag
Expect-CT
X-Powered-By
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
P3P
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
Alt-Svc
X-UA-Compatible
X-Served-By
X-Timer
X-Download-Options
Access-Control-Allow-Headers
X-Request-Id
X-Varnish
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-Runtime
X-AspNet-Version
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Permitted-Cross-Domain-Policies
X-Check
X-Xss-Protection
X-Cache-Status
X-Generator
X-DNS-Prefetch-Control
X-Cacheable
Timing-Allow-Origin
X-Content-Security-Policy
X-Iinfo
X-Ua-Compatible
X-Request-ID
Content-Encoding
X-CDN
Feature-Policy
X-AspNetMvc-Version
Status
X-Envoy-Upstream-Service-Time
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
Upgrade
Access-Control-Max-Age
X-Via
Keep-Alive
X-Ws-Request-Id
X-Age
X-AH-Environment
X-Robots-Tag
X-Turbo-Charged-By
Request-Context
EagleId
X-Cache-Group
X-Proxy-Cache
Server-Timing
X-Server
X-Backend
X-Hacker
Host-Header
X-Server-Powered-By
Report-To
X-Amz-Request-Id
X-Nginx-Cache-Status
X-Amz-Id-2
Grace
X-UA-Device
X-Dns-Prefetch-Control
X-Rq
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
P3p
Ali-Swift-Global-Savetime
X-LiteSpeed-Cache
X-Page-Speed
Cf-Railgun
X-Pingback
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Device
X-Amz-Version-Id
NEL
X-CST
X-OneAgent-JS-Injection
X-Cache-Spec
X-WebKit-CSP
Allow
X-Vhost
X-Host
X-Backend-Server
X-Server-Id
Xkey
X-ASPNET-VERSION
EagleEye-TraceId
X-Dispatcher
Surrogate-Control
X-Node
Request-Id
X-Response-Time
Content-Location
X-Akam-SW-Version
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Accept-CH
X-Cache-Lookup
X-Application-Context
X-Ac
X-Country
X-Ruxit-JS-Agent
Accept-Ch-Lifetime
X-Mod-Pagespeed
X-Cloud-Trace-Context
X-Template
X-Readtime
X-Language
Accept-Ch
X-B3-TraceId
MS-Author-Via
Accept-CH-Lifetime
X-Url
Rating
X-HW
X-Cnection
X-Origin-Cache
X-MS-InvokeApp
X-PC
X-TtlSet
X-Vname
X-Clacks-Overhead
Edge-Control
X-GitHub-Request-Id
X-ESI
X-Trace
Display
X-Middleton-Response
X-Sol
X-Middleton-Display
X-Content-Type
Response
Pagespeed
X-D2id
X-ORACLE-DMS-RID
Arr-Disable-Session-Affinity
Verso
X-Oneagent-Js-Injection
X-ORACLE-DMS-ECID
X-GoogleNews-Bot
X-Kinja-Server
X-Exp-Id
X-Use-Magma
X-Kinja-Build
X-Cdn-Fetch
X-Kinja
X-Exp-Variant
X-Kinja-Revision
X-Varnish-TTL
X-Goog-Hash
X-Vcap-Request-Id
X-Country-Code
X-Powered-By-Plesk
X-Rack-Cache
X-Navigation-Version
X-VARITI-CCR
X-Server-Name
Service-Worker-Allowed
X-Amz-Rid
X-Fastly-Request-ID
X-Abt-Application-Version
X-Client-IP
Fastly-Restarts
X-TTL
X-Buckets
X-Cache-TTL
X-Cached
X-MSEdge-Ref
X-Release
X-Element-Page-Cache
X-Dw-Request-Base-Id
X-NF-Request-ID
X-FastCGI-Cache
X-SharePointHealthScore
SPRequestGuid
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
SPIisLatency
SPRequestDuration
Public-Key-Pins
RTSS
Access-Control-Request-Method
Pinterest-Version
X-Pinterest-Rid
X-Webkit-CSP
Pinterest-Generated-By
Cache-Tag
X-Edge
AR-PoweredBy
AR-Request-ID
Ar-Sid
AR-ATIME
AR-CACHE
X-Powered-CMS
X-Ezoic-Cdn
X-LLID
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Upstream
X-Version
Content-MD5
X-Ruxit-Js-Agent
X-Jurisdiction
X-HP-Webp
S
X-Origin-Upstream-Status
X-ECACHE
X-MCACHE
X-Ttl
X-Mid
X-Recruiting
X-DynaTrace
Charset
X-Mg-S
X-Kinsta-Cache
X-PressLabs-Stats
Fusion-Component-Id
Fusion-Content-Id
Fusion-Source
Fusion-Template-Id
Fusion-Deployment-Id
Fusion-Content-Source
X-Content-Digest
X-Px
X-Fastcgi-Cache
Cache-Tags
X-T
Fastcgi-Cache
X-Accel-Expires
X-Id
X-Logged-In
X-Forwarded-Proto
X-Content-Security-Policy-Report-Only
Filters
TCN
Server-Node
Edge-Cache-Tag
X-Amz-Server-Side-Encryption
X-Litespeed-Cache
TP-L2-Cache
TP-Cache
MicrosoftSharePointTeamServices
Front-End-Https
Server-Name
X-Forwarded-For
X-Grace
Nginx-Cache
X-Request-Processing-Time
X-Hits
X-Correlation-Id
X-Kong-Upstream-Latency
X-Request-Received
X-Kong-Proxy-Latency
X-Amzn-Trace-Id
X-Shield-Request-Id
X-B3-Sampled
X-Debug
X-Microsite
X-Request-Handler-Origin-Region
X-Varnish-Age
X-XRDS-LOCATION
X-AppVersion
X-Activity-Id
X-Az
X-HS-Content-Id
X-HS-Combine-CSS
X-HS-Hub-Id
X-HS-Cache-Config
Alternate-Protocol
X-F-Cache
X-Amz-Replication-Status
X-Yandex-Sdch-Disable
Surrogate-Key
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-Origin-Server
X-XRDS-Location
X-Ser
X-DIS-Request-ID
X-Frontend
X-Rid
Accept-Charset
X-NWS-LOG-UUID
X-Geo-Country
Host
X-Cache-Age
X-Git-Hash
Nel
X-Hostname
Section-Io-Cache
X-RateLimit-Remaining
X-Respond-Thread
X-Upgrade-Enabled
X-VCache
X-Time
X-DataDome
Access-Control-Allow-Method
X-Mobile-URL
MS-CV
X-Daa-Tunnel
X-LB-Cache
X-Type
ServerID
Paypal-Debug-Id
X-AOL-HN
X-Source
X-Content-Options
X-IPLB-Instance
X-Varnish-Backend
X-Seen-By
X-Cache-Action
Cleartype
X-Cache-Key
X-Whom
X-TT
Healthy
X-App-Environment
Cache
X-Request-Guid
X-Route-Name
X-Is-Crawler
X-Flags
Payment
X-Aspnet-Duration-Ms
X-B-Cache
X-Signature
X-Providence-Cookie
X-Server-ID
X-Page-Id
X-Debug-Info
X-WebKit-CSP-Report-Only
Realpath
X-Load-Cache
X-N
X-Jobs
X-Pinterest-Direct
Fastcgi-Useragent
X-Contextid
X-FB-Debug
X-FTR-Request-ID
X-Erf-Bev-Bev-Is-Generated
X-Browser-Type
X-Mobile
X-Erf-Bev-Bev
Node
X-Webkit-Csp
X-Rule
Refresh
Powered-By-ChinaCache
X-Cache-Expired-At
X-Accel-Buffering
X-Original-Request-Id
X-Response-Served-From
Version
X-RTag
Ms-Operation-Id
DC
X-Cluster-Name
X-Framework
X-Cacheable-TTL
Access-Control-Request-Headers
Viewport
X-Zen-Fury
X-Content-Powered-By
X-Drupal-Cache-Tags
X-B
X-Instance
Referer-Policy
X-Cache-Control
X-HTML-Minification-Powered-By
X-ProcessESI
X-Proxy
X-RemovedCookies
X-Real-IP
X-Wix-Request-Id
X-Cache-Time
X-FireWall-Port
VIX-Pulpo-Node
X-Region
X-IPS-LoggedIn
X-UUID
VIX-Pulpo-Upstream-Status
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-Distributor
X-Page-View
Eomportal-Instance
X-Via-JSL
X-Drupal-Cache-Contexts
Countrycode
X-Cached-By
X-Cache-Rule
X-FW-Static
X-FW-Type
X-FW-Server
X-Cache-Operation
X-FW-Dynamic
X-FW-Hash
X-FW-Serve
X-Tec-Api-Root
X-Tec-Api-Origin
X-Tec-Api-Version
X-G
X-Akamai-Edgescape
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Tumblr-Pixel
X-Tumblr-User
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
X-Nginx-Cache
X-App-Server
X-Cache-Hit
X-Environment-Context
X-L-Path
Liferay-Portal
Xserver
X-Pass-Why
X-Debug-IsPreview
SRV
X-Debug-IsConnected
X-Www-Served-By
X-TEC-API-ROOT
X-Protected-By
DynaTrace
X-TEC-API-ORIGIN
X-TEC-API-VERSION
Section-Io-Id
Section-Io-Origin-Status
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
Server-Info
CF-IPCountry
X-User-Agent
X-Varnish-Grace
X-Device-Type
X-Tumblr-Pixel-2
From-Origin
Webserver
X-Mode
Retry-After
X-Adobe-Content
X-Adobe-Loc
Cache-Status
X-Handled-By
X-Hl-Ver
Ec-Rule-Version
GEO-INFO
X-ES-SERVER
X-RN-RSRV
Meta-Geo
X-UPSTREAM-Address
X-MP-GENERATED-AT
X-Uri
Frame-Options
X-Endurance-Cache-Level
Cache-Tv-Group
X-Backend-Name
X-Varnish-Server
Decoy-Debug-TTL
X-Origin-Hint
TWC-Locale-Group
X-Labrador-Cache-Channel
Country
Webcakes-App-Version
TWC-GeoIP-LatLong
X-Section
X-Human
Decoy-Debug-Status
Webcakes-App-Name
TWC-Connection-Speed
X-Access
X-Pubstack
X-ProxyCache-Key
X-Storage
X-Cache-Server
X-Request-Time
Property-Id
Decoy-Debug-Key
X-BYPASS-REASON
X-Soup
TWC-Device-Class
X-ProxyCache-Status
X-Varnishpool
X-Format
Webcakes-Region
Fastly-SSL
X-PHP-Host
X-FB-TRIP-ID
TWC-GeoIP-Country
TWC-Privacy
Azure-SlotName
Azure-RegionName
Azure-InstanceId
X-ApacheServer
Mn-Server-Ip
Azure-SiteName
Selected-Fe
Apigw-Requestid
Azure-Version
X-Be
X-UA-Device-Type
X-PERF
X-PCL
X-Server-W
X-Proxy-Build
X-S-Maxage
X-Redis-Cache
X-WA-Info
X-Timing-Wait
X-OCL
X-NYM-Debug-Backend
X-SayCDN-TTL
Cache-Name
X-Say-TTL
X-Say-Cacheable
X-Info
X-Zipkin-Id
X-AWS-Id
X-Sql-Count
X-Routing-Service
X-Via-Fastly
X-VWS-Id
X-Status
X-Sql-Duration-Ms
X-Varnish-Ttl
X-Web-Node
Protected
X-Ratelimit-Limit
X-Origin-Date
X-No-Session
X-Proto
X-LAGOON
X-Proxied
X-LJ-Flow-ID
X-R9-Blue-Green-Version
X-Hosted-By
X-Locale
X-Storefront-Renderer-Rendered
X-Hyper-Cache
X-Alternate-Cache-Key
X-Sorting-Hat-PodId
X-Cache-TTL-Remaining
X-TNCMS
X-Sorting-Hat-ShopId
X-GG-Cache-Date
X-Loop
X-ShardId
X-ShopId
X-Shopify-Stage
X-Site-Version
AMP-Access-Control-Allow-Source-Origin
X-Xfnlog-Site
X-TA-CDN-Provider
X-Is-Bot
X-AIR-PT
X-Dc
X-Rendered-As
Uber-Trace-Id
X-FW-Version
X-Cache-Enabled
X-Cluster
X-Proxy-Cache-Status
X-TT-LOGID
S-Cnection
X-Content-Age
X-Microcachable
X-Node-Name
X-Cache-Grace
X-Forwarded-Host
X-Revision
X-Qloud-Router
X-NWS-UUID-VERIFY
X-CCM
X-Platform
X-Azure-Ref
X-Backend-Host
X-Via-CDN
X-CSRF-Token
Cache-Hits
X-App-Version
Akamai-GRN
Amp-Access-Control-Allow-Source-Origin
X-Correlation-ID
X-EdgeConnect-Cache-Status
X-Cache-Host
X-Detected-As
X-ATG-Version
X-Aspnetmvc-Version
ServedBy
X-SRV
X-Trace-Id
X-Cache-PHP
X-Cache-NGX
X-Varnish-Hostname
X-Amz-Apigw-Id
X-Amzn-RequestId
X-RCS-CacheZone
X-B3-SpanId
X-Amzn-Remapped-Content-Length
X-FTR-Balancer
X-FTR-Cache-Status
X-FTR-DC
X-FTR-Realm
X-FTR-Backend-Server
X-FTR-Backend
HostName
X-Country-Code-Real
X-Amz-Meta-S3cmd-Attrs
DB-Nickname
X-Debug-Cache
SD-X-WS
X-Nc
X-Oss-Request-Id
X-Oss-Hash-Crc64ecma
X-Oss-Storage-Class
X-Oss-Object-Type
X-CS
X-Ratelimit-Remaining
X-Oss-Server-Time
X-BCube-Filmed-By
X-Akamai-Transformed
X-Time-Microsecs
X-DynaTrace-JS-Agent
X-TX-ID
X-CACHE-KEY
X-ServerID
Who
X-Backend-TTL
Backend
X-Adobe-Source
Mobile-Detection-Method
X-Destination
Odigeo-Trace-Id
Meta-Geo-Continent
MD5-Digest
X-Varnish-Cache-Hits
Machine
X-NAPM-TraceId
X-Origin-CC
X-Cache-NE
X-Origin-TTL
T-Server
X-Owner
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-D
Rendered-Blocks
X-Connection-Hash
X-External-Request-Id
Fastcgi-X-Cache-Version
X-Generated-On
BehaviorPad-Version
X-A
Country-Code
X-Generation-Time
X-Varnish-Beresp-Grace
X-VG-WebServer
X-A-Ccd
X-From
X-Level-Front-Cache
DCR-Processing-Time-Ms
X-Location
Expiry
DCR-Decision-By
X-A-Wwc
X-A-Dcw
X-A-Dgt
X-PAYTM-SRV-ID
X-A-Dam
X-ARC
X-Request-UUID
X-Vtex-Processado-Em
X-Air-Hostname
Tracecode
X-Rewrite-Enabled
X-Application
X-SRCache-Key
X-S-Cookie
X-S
X-Rojux
X-Trv-Group
X-B-Cookie
X-Aed
X-ScT
X-Processor
X-VG-WebCache
X-Vdms-Version
X-Unique-ID
X-PBS-Appsvrname
X-Session-Fingerprint
X-Vtex-Remote-Cache
X-Vdms-Path
X-RateLimit-Limit
X-FTR-Expires
X-Ms-Request-Id
X-Ms-Version
X-Tumblr-Pixel-3
Cache-Host
X-GeoIP-City
X-Thinkindot-L3
X-Varnish-Beresp-Ttl
X-Geo-Header
X-TrackingId
X-Magnolia-Registration
Wxu-Next-Region
AKAMAI
CacheControlHeader
Wxu-Next-Commit
Release
V-Age
Path
Server-Host
Ssr
Thinkindot-Control
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
Pagetype
On-Server
Gh-Request-Id
Wxu-Next-Hostname
Fastly-Backend-Name
Host-ID
X-Thanos
X-Developers
Magicmarker
X-Device-Os
X-Fetched-On
X-Generated-In
X-Reqid
X-Bip
X-Cache-Info
Xc-Version
X-Micro-Cache
UCS
X-Cache-Bucket
X-Irp-Debug
X-Tb
X-OVcl
X-OVcl-Cache
X-Mvc-Supplant-Cachable
X-Policy
X-HS-Content-Campaign-Id
X-Swa-Ws
User-Cache-Control
X-Cdn-Forward
X-Unique-Id
Filterid
X-NewRelic-App-Data
X-Varnish-Beresp-Status
X-Sucuri-ID
X-Developer
NM-Fastcgi-Cache
Web-Mar-Node
X-Dispatcher-Server
L5d-Success-Class
X-Azure-Ref-OriginShield
Location
L
X-Request-URI
X-Block-Status
X-Old-Content-Length
Locid
X-Nginx-Cache-Key
PB-RID
X-Cms-Context
Server-Hostname
Server-Ext
X-B3-Traceid
X-Origin-Response-Time
Sever-Int
True-Client-Country-4JS
X-Backend-State
X-CGP
X-Core-Value
X-VarnishDD-TTL
PB-PID
X-Wikidot-Backend
Origin
X-Origin
PFcat
Vix-Hermes-Req-Id
X-Cache-Id
X-Csrf-Jwt
X-Request-Host
X-Varnish-Hits
X-Eu-Site
C-Via
X-SVT-ORM-VERSION
Arc-Version
Apple-News-Services-Request-Url
X-JWT-State
X-SVT-ORM-RULES
CDN-CachedAt
CDN-Cache
X-Generated-By
CDCHOST
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
X-Gzip
X-Hnp-Log
X-HN
X-Has-Esi
X-GeoIP
X-IP
Apple-News-Services-Handled
X-Is-Gdpr
X-Branch-Name
X-Esi-Check
CDN-EdgeStorageId
X-FC-Vary-Parameters
X-Scheme
X-User
Esi-Enabled
X-Fastly-Cache
X-Method
HA-Ipaddr
Ha-Gx-Prefs
X-Var-Ttl
CDN-PullZone
X-Wikidot-Static-Cache
Cf-Bgj
CDN-Uid
CDN-RequestId
CDN-RequestCountryCode
DSUID
Cf-Device-Type
X-Cache-Debug
X-Gen-Mode
X-Skip-Cache
Content-Disposition
X-GEO
X-APP-VERSION
X-Cache-Tags
X-Hash
X-SIPLIST1
X-Slack-Backend
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Ratelimit-Reset
X-WADP-Cache
X-Variation
X-Varnish-Remaining-TTL
X-VG-TLSProxy
X-VServer
X-Varnish-CookieINHashed-On
X-Varnish-CookieHashed-On
X-Origin-Expires
X-Node-Id
X-Envoy-Decorator-Operation
X-Fastly-Backend
X-DPWN-IS-SECURE
X-DefHash
X-DefElseHash
X-Fmm-Version
X-Gamma-Serve
X-Li-Pop
X-LI-UUID
X-Li-Fabric
X-LB-ID
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Clientip
X-Clara-WADP
X-Aicache-OS
Platform
Adler-Geo
X-Cache-Var-Map
Fastly-SWR
X-Cache-Var
Fastly-Drupal-HTML
NGX
Is-Eu
IsBot
Fastly-SIE
X-EC-Lua
X-ID
SR-User-Adfree
Geo-Info
X-GoCache-CacheStatus
Rt-Fastcgi-Cache
Instruction
X-Loc
X-Epic-Correlation-Id
X-NU-AKA-ACS-Version
X-Mvc-Supplant-OutputCached
X-Platform-Server
X-Varnish-Url
X-Planisys-CDN-Rules
X-CUA
X-Planisys-CDN-Cache
X-PF-Uncompressing
X-Planisys-CDN-TTL
X-Via-Popn
X-Refresh
Lfy
X-Via-Poph
X-Matched-Rule
X-Via-Popv
Pics-Label
Url
Sid
X-Cache-Backend
NGB
Cmstype
CloudFront-Viewer-Country
Req-Svc-Chain
Cmsid
X-Cache-Expires
X-Srv
X-Servername
Kp-EeAlive
Svr
X-Sn-Servicetimems
X-Served-From
X-Cdn-Origin
Pramga
X-NCache
A
X-Cache-Date
Viewtype
X-TraceId
X-Tb-Optimization-Total-Bytes-Saved
VivaBuild
X-Core-Mission
Cache-Key
M-TraceId
X-Vgn-Hpd-Reason
MIME-Version
X-Request-Start
Cross-Origin-Opener-Policy
Source
Arc-Country
X-PHP-Backend
X-SaId
Server-ID
X-JoinUs
X-Error
TDXMobile
DataCenter
X-CLOUD-TRACE-CONTEXT
X-FireWall-Protection
X-Webkit-CSP-Report-Only
X-Kraken-Loop-Name
Geoip-Latitude
X-Edge-Location
GeoIp-Country-Code
X-DC
X-Instrumentation
X-Kraken-Routeconfig-Destination
X-Varnish-Cacheable
X-Server-Lifecycle-Phase
X-Vc
X-NC
X-Edge-Location-Klb
SID
X-NGENIX-Cache
X-Vcl-Version
Tcn
X-Geo
X-Response-By
X-Air-Source
X-HS-Status
X-Service
X-Servedbyhost
Content-Secure-Policy
NtCoent-Length
X-Wa
X-Internal-Host
Xkeyi7
X-B3-Spanid
X-Proxy-Cachei7
X-Extlb
X-CDN-Forward
X-LiteSpeed-Cache-Control
X-Forwarded-Site
X-Esi
X-Li-Proto
X-BBXSRF
HitType
N-Cache
X-Bc-Bl
Resin-Trace
FSS-Cache
Server-Ttl
CACHE
X-LI-Proto
X-Via-NSCOPI
S-Rt
X-Viewer-Country
X-Cache-2
X-Cache-Remote
X-HOST
Surrogated-Key
We-Hiring
Memcached
LB
D-Cc-Upstream
X-Contensis-Viewer-Groups
X-Cc-Via
Mail-Subject
X-Svr
X-Cc-Req-Id
X-CCDN-Origin-Time
X-Req
X-Hcs-Proxy-Type
Request-ID
X-CCDN-CacheTTL
X-Accel-Expires-Debug
X-Varnish-Authentication
X-Date
X-RAMCache
X-PJAX-URL
X-Cache-ASPX
Cteonnt-Length
X-UA
X-Cs
X-Erf-Stays-Bingo-Pdp-Web
X-RateLimit-Remaining-Second
X-DI
X-DB
Env
X-RSL
X-VC-Cache
X-RPM
X-WA
X-DSS
X-DW
X-Proxy-Upstream
X-RPS
X-VCL-Version
Upgrade-Insecure-Requests
X-RateLimit-Limit-Second
X-Newrelic-Synthetics
X-TIM-N
Cross-Origin-Window-Policy
Ohc-File-Size
Hostname
X-Sucuri-Cache
GeoIP-Country-Code
X-Sigma-Backend
GeoIP-Latitude
X-Men
X-APP
X-ServedByHost
X-Rocket-Build-Number
X-Server-IP
X-Sigma
X-App
X-Host-Name
XServer
ProcessTime
X-MSEdge-Features
X-MSEdge-Flight
X-ZONE
Server-Id
Time
X-API-Version
X-CF-Powered-By
X-FPC
X-Action
X-Cache-Config
X-Gdpr
Memory
X-Air-Trace-Id
X-Origin-Time
CF-Cached-On
X-Nyt-Route
X-Zone
X-HostName
X-TIME
X-SN
VNS-Age
CPC-Cache
X-Region-Sid
X-VC
VNS-Cache
X-Oss-Cdn-Auth
Mime-Version
Cache-Provider
CPC-Age
X-Check-Cacheable
X-Fpc
X-NodeID
X-Provided-By
X-Dynatrace-Js-Agent
Ohc-Cache-HIT
X-Swift-Error
W
X-SD-PageType
X-FORWARDED-FOR
X-Depends-On
X-Webstats-RespID
X-SB
Srv
X-ServerName
X-Cdn-Request-ID
CDN
X-BBC-Edge-Cache-Status
X-UnsetCookies
My-App
Fastcgi-Cache-TTL
X-Ftr-Cache-Host
X-CSRF-TOKEN
Cdn
X-BACKEND-TTL
X-Client-Ip
X-Akamai-Pragma-Client-IP
X-Dw-Trace-Id
X-Flog
X-ABtesting
X-Fastly-Backend-Reqs
X-Parent-Response-Time
X-Hello
X-Fastly-Request-Id
Dnion-Transfer-Encoding
EpKe-Alive
X-Render-Time
X-Mg-Request-UUID
State
X-Minions-Version
X-Pad
Media-Length
X-NGINX-Cache
X-Acquia-Application-UUID
X-Acquia-Purge-Tags
X-Acquia-Site
Vha6-Origin
X-Acquia-Application-Trace
Cf-Ipcountry
X-Cache-Tag
X-Oracle-DMS-ECID
X-Presslabs-Stats
X-Pf-Uncompressing
Proxy-Connection
X-LiteSpeed-Tag
X-Via-PopN
X-Via-PopV
Processtime
X-Cache-Type
X-Worker
X-BBC-Origin-Response-Status
X-Via-PopH
X-Snapshot-Date
PICS-Label
X-Auto-Login
X-ElasticPress-Search
OT-Force-Account-Verify
Epwk-X-Cache
X-FTR-Cache-Host
X-Forwarded-Path
X-Tenant
Warning
X-Akamai-ERRuleID
X-Orig-Expires
X-Vcache
X-Varnish-URL
X-ND-Cache
X-Shop-Environment
X-Ms-Meta-Originalurl
X-Akamai-ERPolicy
X-Request-URL
X-Varnish-Beresp-TTL
X-MiniProfiler-Ids
X-Lb-Id
X-Ms-Meta-Staticbatchstarttime
X-ElasticPress-Query
X-Traceid
Xet-Cookie
X-Cluster-Node
X-Air-Pt
CountryCode
X-Ua
X-Mg-Request-Id
Ohc-Response-Time
X-Apw-Hits
X-Cache-Status-Check
X-Apw-Access-Token
Phost
X-Tx-Id
X-Yottaa-OS
WZWS-RAY
X-Apw-Access-Object
X-B3-Parentspanid
X-Ftr-Request-Id
NnCoection
Content-Script-Type
X-IN-APIGATEWAYSSL
X-Tid
X-IN-APIGATEWAY
Inserted-Into-Cache-At
X-Storefront-Renderer-Verified
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-Amz-Meta-Cb-Modifiedtime
Environment
X-Redis-Duration-Ms
URI
Content-Style-Type
X-Litespeed-Cache-Control
Datacenter
X-Redis-Count
X-Apw-Access-Action