Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-RAY
CF-Cache-Status
Accept-Ranges
Link
X-XSS-Protection
Pragma
ETag
Expect-CT
X-Powered-By
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
P3P
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
Alt-Svc
X-UA-Compatible
X-Served-By
X-Timer
X-Request-Id
X-Download-Options
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Xss-Protection
Access-Control-Allow-Credentials
X-Runtime
X-AspNet-Version
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Permitted-Cross-Domain-Policies
X-Check
X-Cache-Status
X-Generator
X-DNS-Prefetch-Control
X-Cacheable
Timing-Allow-Origin
X-Content-Security-Policy
X-FRAME-OPTIONS
X-Iinfo
X-Ua-Compatible
Content-Encoding
X-CDN
Feature-Policy
X-AspNetMvc-Version
Status
X-Request-ID
X-Envoy-Upstream-Service-Time
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
Upgrade
Access-Control-Max-Age
X-Via
Keep-Alive
X-Ws-Request-Id
X-Age
X-AH-Environment
X-Robots-Tag
Request-Context
X-Turbo-Charged-By
EagleId
X-Cache-Group
X-Proxy-Cache
Server-Timing
X-Server
X-Backend
X-Hacker
Host-Header
X-Server-Powered-By
Report-To
X-Amz-Request-Id
X-Nginx-Cache-Status
Grace
X-Amz-Id-2
X-UA-Device
X-Dns-Prefetch-Control
X-Rq
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-LiteSpeed-Cache
P3p
X-Page-Speed
Cf-Railgun
X-OneAgent-JS-Injection
X-Pingback
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Device
X-CST
X-Amz-Version-Id
NEL
X-Cache-Spec
Allow
X-Vhost
X-Backend-Server
X-Host
X-WebKit-CSP
X-Server-Id
X-ASPNET-VERSION
X-Dispatcher
Xkey
Surrogate-Control
EagleEye-TraceId
X-Node
Request-Id
X-Response-Time
Content-Location
X-Akam-SW-Version
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Accept-CH
X-Ruxit-JS-Agent
X-Cache-Lookup
X-Application-Context
X-Country
X-Ac
X-Cloud-Trace-Context
X-Mod-Pagespeed
Accept-CH-Lifetime
X-Template
X-Readtime
X-Language
X-B3-TraceId
Accept-Ch-Lifetime
MS-Author-Via
X-HW
Rating
X-Url
Accept-Ch
X-Cnection
X-MS-InvokeApp
X-Origin-Cache
X-Vname
X-PC
X-TtlSet
Edge-Control
X-ESI
X-Clacks-Overhead
X-GitHub-Request-Id
X-Trace
X-Webkit-CSP
X-Sol
X-Middleton-Display
X-Middleton-Response
Response
Pagespeed
Display
X-D2id
X-Content-Type
Verso
Arr-Disable-Session-Affinity
X-Exp-Variant
X-Exp-Id
X-Cdn-Fetch
X-Kinja
X-GoogleNews-Bot
X-Use-Magma
X-Kinja-Server
X-Kinja-Revision
X-Kinja-Build
X-Vcap-Request-Id
X-Powered-By-Plesk
X-Country-Code
X-ORACLE-DMS-RID
X-Goog-Hash
X-Rack-Cache
X-Varnish-TTL
X-ORACLE-DMS-ECID
X-VARITI-CCR
X-Navigation-Version
X-TTL
X-Server-Name
X-FastCGI-Cache
X-Abt-Application-Version
X-Amz-Rid
Service-Worker-Allowed
X-Fastly-Request-ID
Fastly-Restarts
X-Client-IP
X-Buckets
X-Cached
X-MSEdge-Ref
X-Release
X-Cache-TTL
X-Element-Page-Cache
X-Dw-Request-Base-Id
X-NF-Request-ID
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
Public-Key-Pins
Cache-Tag
SPRequestGuid
X-SharePointHealthScore
Access-Control-Request-Method
RTSS
SPIisLatency
SPRequestDuration
X-Oneagent-Js-Injection
AR-CACHE
Ar-Sid
AR-PoweredBy
AR-Request-ID
AR-ATIME
X-Edge
X-Ezoic-Cdn
Pinterest-Version
Pinterest-Generated-By
X-Pinterest-Rid
X-LLID
X-Powered-CMS
X-Upstream
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Version
S
X-Jurisdiction
Content-MD5
X-HP-Webp
X-Recruiting
X-MCACHE
X-ECACHE
X-Mid
Charset
X-Kinsta-Cache
X-Mg-S
X-Origin-Upstream-Status
X-DynaTrace
X-PressLabs-Stats
X-T
Cache-Tags
X-Content-Digest
Fusion-Deployment-Id
Fusion-Content-Source
Fusion-Content-Id
Fusion-Component-Id
Fusion-Source
Fusion-Template-Id
X-Ttl
X-Ruxit-Js-Agent
X-Accel-Expires
X-Px
Fastcgi-Cache
X-Forwarded-Proto
X-Id
X-Content-Security-Policy-Report-Only
X-Logged-In
Filters
X-Litespeed-Cache
TCN
TP-L2-Cache
TP-Cache
Server-Node
Server-Name
Edge-Cache-Tag
X-Amz-Server-Side-Encryption
Front-End-Https
MicrosoftSharePointTeamServices
X-Forwarded-For
X-Request-Received
X-Request-Processing-Time
X-Grace
Nginx-Cache
X-Fastcgi-Cache
X-Shield-Request-Id
X-Hits
X-Amzn-Trace-Id
X-Correlation-Id
X-B3-Sampled
Alternate-Protocol
X-Microsite
X-Request-Handler-Origin-Region
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-XRDS-Location
X-AppVersion
X-Activity-Id
X-Az
X-Debug
X-Varnish-Age
X-Amz-Replication-Status
X-F-Cache
X-Server-ID
X-HS-Content-Id
X-HS-Hub-Id
X-HS-Cache-Config
X-HS-Combine-CSS
X-Origin-Server
X-GUploader-UploadID
X-Goog-Stored-Content-Encoding
X-NWS-LOG-UUID
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Yandex-Sdch-Disable
X-Frontend
Surrogate-Key
X-Rid
X-Geo-Country
Host
X-DIS-Request-ID
Section-Io-Cache
X-Cache-Age
Nel
Accept-Charset
X-Ser
X-Git-Hash
X-Hostname
X-XRDS-LOCATION
X-Daa-Tunnel
Realpath
X-VCache
X-Respond-Thread
Access-Control-Allow-Method
X-Mobile-URL
X-Source
X-RateLimit-Remaining
X-Seen-By
X-AOL-HN
X-Type
Cleartype
X-Time
X-LB-Cache
X-Upgrade-Enabled
ServerID
Paypal-Debug-Id
MS-CV
X-DataDome
X-Varnish-Backend
Healthy
X-TT
Payment
X-IPLB-Instance
X-Debug-Info
X-Content-Options
X-Cache-Key
X-Cache-Action
X-Signature
X-B-Cache
X-Whom
X-Contextid
X-Route-Name
X-Providence-Cookie
X-Request-Guid
X-Is-Crawler
X-Flags
X-Aspnet-Duration-Ms
X-App-Environment
X-Page-Id
X-Load-Cache
Fastcgi-Useragent
Cache
X-N
X-WebKit-CSP-Report-Only
X-FB-Debug
X-Jobs
Node
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Browser-Type
X-Mobile
X-Webkit-Csp
X-FTR-Request-ID
X-Rule
X-Cache-Expired-At
Refresh
X-Response-Served-From
X-Accel-Buffering
Viewport
X-Original-Request-Id
X-Wix-Request-Id
X-FireWall-Port
DC
X-RTag
Access-Control-Request-Headers
Ms-Operation-Id
X-Cacheable-TTL
X-Content-Powered-By
X-Cluster-Name
X-Tec-Api-Root
X-Tec-Api-Version
X-Tec-Api-Origin
X-Real-IP
X-ProcessESI
Version
X-Instance
X-Framework
X-RemovedCookies
X-B
X-Distributor
X-Zen-Fury
Eomportal-Instance
VIX-Pulpo-Node
X-Cache-Control
X-Cache-Time
VIX-Pulpo-Upstream-Status
X-HTML-Minification-Powered-By
X-IPS-LoggedIn
X-Region
X-Drupal-Cache-Tags
X-UUID
X-Tt-Trace-Tag
X-Proxy
Referer-Policy
X-Tt-Trace-Host
X-Page-View
Countrycode
X-Debug-IsPreview
X-Drupal-Cache-Contexts
X-Debug-IsConnected
X-Pinterest-Direct
X-Www-Served-By
X-App-Server
X-FW-Server
X-G
X-Nginx-Cache
X-FW-Static
X-FW-Serve
X-FW-Hash
X-FW-Dynamic
X-FW-Type
Powered-By-ChinaCache
X-Cached-By
X-Tumblr-Pixel-0
X-Tumblr-User
Xserver
X-Tumblr-Pixel
X-Protected-By
X-Tumblr-Pixel-1
X-Cache-Operation
X-Cache-Rule
X-Yottaa-Optimizations
X-Via-JSL
X-Yottaa-Metrics
Liferay-Portal
X-Akamai-Edgescape
X-Cache-Hit
X-L-Path
X-Environment-Context
Section-Io-Id
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
X-Pass-Why
Section-Origin-Responded
X-Varnish-Grace
SRV
X-Varnish-Ttl
X-Device-Type
Server-Info
DynaTrace
GEO-INFO
CF-IPCountry
X-User-Agent
X-Adobe-Loc
X-Adobe-Content
X-TA-CDN-Provider
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Varnish-Server
Cache-Status
X-TEC-API-VERSION
Retry-After
X-Tumblr-Pixel-2
From-Origin
Webserver
Ec-Rule-Version
Frame-Options
X-Hl-Ver
X-ES-SERVER
X-RN-RSRV
X-Endurance-Cache-Level
X-Handled-By
X-UPSTREAM-Address
Meta-Geo
X-FB-TRIP-ID
X-Backend-Name
Cache-Tv-Group
X-Be
Country
X-Varnishpool
X-BYPASS-REASON
TWC-GeoIP-LatLong
X-Pubstack
Webcakes-App-Version
X-Cache-Server
Apigw-Requestid
TWC-Privacy
X-Section
X-Soup
TWC-Locale-Group
X-ProxyCache-Status
X-Mode
X-NYM-Debug-Backend
X-Storage
TWC-Device-Class
X-OCL
X-Origin-Hint
X-Format
Property-Id
X-PCL
X-ProxyCache-Key
TWC-GeoIP-Country
X-Access
Webcakes-Region
TWC-Connection-Speed
X-MP-GENERATED-AT
Fastly-SSL
Webcakes-App-Name
X-ApacheServer
X-Human
X-Labrador-Cache-Channel
X-Info
Cache-Name
X-PERF
X-Origin-Date
X-No-Session
X-Proxy-Build
X-PHP-Host
X-Uri
X-Proto
Decoy-Debug-TTL
Decoy-Debug-Status
X-Ratelimit-Limit
X-R9-Blue-Green-Version
Selected-Fe
X-Request-Time
X-Timing-Wait
X-Via-Fastly
Decoy-Debug-Key
X-S-Maxage
Azure-Version
X-AWS-Id
Mn-Server-Ip
Protected
Azure-SlotName
Azure-SiteName
X-Cache-TTL-Remaining
Azure-InstanceId
Azure-RegionName
X-Server-W
X-LJ-Flow-ID
X-SayCDN-TTL
X-WA-Info
X-Xfnlog-Site
X-Say-TTL
X-TNCMS
X-Loop
X-Say-Cacheable
X-UA-Device-Type
Uber-Trace-Id
X-GG-Cache-Date
X-VWS-Id
X-Web-Node
X-LAGOON
X-Proxy-Cache-Status
X-Hosted-By
X-Sql-Duration-Ms
X-Hyper-Cache
X-Status
X-Sql-Count
X-Sorting-Hat-PodId
X-Alternate-Cache-Key
X-Sorting-Hat-ShopId
X-Redis-Cache
X-Shopify-Stage
X-Storefront-Renderer-Rendered
X-ShopId
X-ShardId
X-Proxied
X-Zipkin-Id
X-Routing-Service
X-Locale
X-Cache-Enabled
X-Content-Age
X-Is-Bot
X-FW-Version
X-Rendered-As
X-Site-Version
X-NWS-UUID-VERIFY
X-Microcachable
X-Cluster
X-Backend-Host
X-Azure-Ref
AMP-Access-Control-Allow-Source-Origin
S-Cnection
X-Forwarded-Host
X-AIR-PT
X-Cache-Grace
X-SRV
X-TT-LOGID
X-Correlation-ID
X-Dc
X-App-Version
X-Platform
X-CSRF-Token
Amp-Access-Control-Allow-Source-Origin
X-Qloud-Router
Akamai-GRN
X-Via-CDN
X-Trace-Id
X-Revision
X-Node-Name
ServedBy
Cache-Hits
X-Cache-PHP
X-Ratelimit-Remaining
X-EdgeConnect-Cache-Status
X-ATG-Version
X-Cache-NGX
X-Varnish-Hostname
X-CCM
X-Debug-Cache
X-Aspnetmvc-Version
X-Detected-As
DB-Nickname
X-Amzn-RequestId
X-Amzn-Remapped-Content-Length
X-Amz-Apigw-Id
X-Akamai-Transformed
X-RCS-CacheZone
X-TX-ID
X-B3-SpanId
X-Cache-Host
Who
X-CS
X-Nc
X-Adobe-Source
Country-Code
Filterid
X-BCube-Filmed-By
SD-X-WS
HostName
X-Country-Code-Real
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Oss-Storage-Class
X-CACHE-KEY
X-Oss-Request-Id
X-Varnish-Beresp-Grace
X-Oss-Server-Time
X-FTR-Cache-Status
X-FTR-Realm
X-FTR-Balancer
X-FTR-DC
X-FTR-Backend-Server
X-FTR-Backend
X-Ms-Request-Id
X-Ms-Version
X-Time-Microsecs
X-RateLimit-Limit
X-Vtex-Processado-Em
X-D
X-Vtex-Remote-Cache
X-Connection-Hash
X-Cache-NE
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Trv-Group
X-Varnish-Beresp-Ttl
X-VG-WebServer
X-From
X-Varnish-Cache-Hits
X-Generated-On
X-Vdms-Path
X-Vdms-Version
X-Generation-Time
X-VG-WebCache
BehaviorPad-Version
X-Destination
X-Aed
Rendered-Blocks
T-Server
Fastcgi-X-Cache-Version
Expiry
Machine
MD5-Digest
Odigeo-Trace-Id
Mobile-Detection-Method
Meta-Geo-Continent
X-A
DCR-Processing-Time-Ms
X-A-Wwc
X-Level-Front-Cache
X-Application
X-ARC
X-A-Dgt
X-A-Dcw
DCR-Decision-By
X-A-Ccd
X-A-Dam
X-B-Cookie
X-External-Request-Id
X-PBS-Appsvrname
X-Rojux
X-Location
X-NAPM-TraceId
X-Owner
X-Rewrite-Enabled
X-Origin-CC
X-Magnolia-Registration
X-SRCache-Key
X-Request-UUID
X-Processor
X-S
X-PAYTM-SRV-ID
X-S-Cookie
X-ScT
X-Origin-TTL
X-Session-Fingerprint
X-Backend-TTL
X-ServerID
Backend
X-EC-Lua
X-Varnish-Beresp-Status
X-OVcl
X-Core-Value
X-Azure-Ref-OriginShield
X-Reqid
Arc-Version
X-Cache-Bucket
X-Bip
Cache-Host
AKAMAI
X-OVcl-Cache
CacheControlHeader
X-Policy
Wxu-Next-Hostname
Release
Server-Host
Ssr
X-Amz-Meta-S3cmd-Attrs
PB-RID
Magicmarker
X-DynaTrace-JS-Agent
Pagetype
Path
PB-PID
Host-ID
Thinkindot-CacheControl
Wxu-Next-Commit
Fastly-Backend-Name
Wxu-Next-Region
Content-Disposition
V-Age
UCS
Thinkindot-CacheControl-Type
Thinkindot-Control
Gh-Request-Id
Cf-Device-Type
X-Cms-Context
X-Thanos
X-Has-Esi
X-Device-Os
X-Developers
X-GeoIP-City
X-Geo-Header
X-FC-Vary-Parameters
X-Fetched-On
X-Thinkindot-L3
X-Generated-In
X-TrackingId
X-Tumblr-Pixel-3
X-Is-Gdpr
X-JWT-State
X-GEO
X-Unique-Id
X-Var-Ttl
True-Client-Country-4JS
X-LI-UUID
Vix-Hermes-Req-Id
X-Method
X-Variation
Origin
X-User
X-Micro-Cache
X-Irp-Debug
X-HN
On-Server
X-Li-Pop
Platform
X-Mvc-Supplant-Cachable
X-Scheme
X-GeoIP
X-IP
X-GoCache-CacheStatus
X-HS-Content-Campaign-Id
PFcat
X-Request-URI
X-Cache-Tags
X-SVT-ORM-RULES
X-Developer
X-SVT-ORM-VERSION
X-Cache-Info
X-Branch-Name
X-Node-Id
X-CGP
X-Clientip
X-DefElseHash
X-Origin-Expires
X-VServer
X-DefHash
X-Li-Fabric
X-NU-AKA-ACS-Version
X-Dispatcher-Server
X-VG-TLSProxy
X-Varnish-Hits
X-Varnish-Remaining-TTL
X-VarnishDD-TTL
X-Varnish-CookieINHashed-On
X-Fastly-Cache
X-Origin
X-Varnish-CookieHashed-On
X-Ratelimit-Reset
X-Fastly-Backend
X-Backend-State
X-DPWN-IS-SECURE
X-Envoy-Decorator-Operation
X-Epic-Correlation-Id
X-Eu-Site
X-Platform-Server
X-Skip-Cache
X-Csrf-Jwt
Cf-Bgj
C-Via
DSUID
Esi-Enabled
HA-Ipaddr
Ha-Gx-Prefs
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
X-B3-Traceid
NM-Fastcgi-Cache
Adler-Geo
Apple-News-Services-Handled
Apple-News-Services-Host
Is-Eu
X-Unique-ID
L
NGX
Locid
Location
L5d-Success-Class
X-NewRelic-App-Data
X-Tb
X-Cdn-Forward
X-FTR-Expires
X-APP-VERSION
X-Sucuri-ID
X-Swa-Ws
X-Origin-Response-Time
X-Old-Content-Length
CDCHOST
CDN-Cache
IsBot
X-Clara-WADP
CDN-CachedAt
X-Nginx-Cache-Key
X-Esi-Check
X-Request-Host
X-Rebelmouse-Surrogate-Control
X-Cache-Debug
CDN-EdgeStorageId
X-LB-ID
X-Loc
X-Cache-Id
X-SIPLIST1
X-Rebelmouse-Cache-Control
X-Air-Hostname
Rt-Fastcgi-Cache
Xc-Version
X-Wikidot-Static-Cache
X-Wikidot-Backend
CDN-PullZone
X-Generated-By
Server-Ext
Server-Hostname
X-Fmm-Version
X-Gamma-Serve
Sever-Int
Fastly-SWR
X-WADP-Cache
Fastly-SIE
CDN-Uid
NGB
CDN-RequestCountryCode
X-Aicache-OS
X-Hash
X-Goog-Meta-Goog-Reserved-File-Mtime
Fastly-Drupal-HTML
X-Gzip
CDN-RequestId
User-Cache-Control
X-ID
X-Hnp-Log
X-Gen-Mode
X-Block-Status
Web-Mar-Node
Tracecode
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Slack-Backend
X-Planisys-CDN-TTL
X-Servername
Cmsid
Cmstype
X-Via-Popv
X-HOST
X-Varnish-Url
X-Mvc-Supplant-OutputCached
X-PF-Uncompressing
X-Via-Popn
X-Edge-Location-Klb
X-Via-Poph
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
X-Kraken-Routeconfig-Destination
X-Instrumentation
SR-User-Adfree
Pics-Label
X-Refresh
Req-Svc-Chain
Url
X-Served-From
X-Cache-Var-Map
X-Cache-Var
Kp-EeAlive
Instruction
Svr
A
X-CUA
X-Vgn-Hpd-Reason
Lfy
X-Matched-Rule
Viewtype
M-TraceId
VivaBuild
Sid
X-TraceId
X-PHP-Backend
X-Webkit-CSP-Report-Only
X-SaId
X-JoinUs
CloudFront-Viewer-Country
X-Sn-Servicetimems
Cross-Origin-Opener-Policy
X-Cdn-Origin
X-NGENIX-Cache
X-Cache-Expires
Geo-Info
Cache-Key
X-Edge-Location
X-Cache-Backend
X-NCache
TDXMobile
Arc-Country
Pramga
MIME-Version
X-Tb-Optimization-Total-Bytes-Saved
DataCenter
SID
X-DC
X-Core-Mission
X-Vc
X-Srv
X-Cache-Date
X-NC
Server-ID
Content-Secure-Policy
X-Servedbyhost
NtCoent-Length
X-Request-Start
X-CLOUD-TRACE-CONTEXT
X-Service
X-CDN-Forward
X-Wa
X-Extlb
GeoIp-Country-Code
Geoip-Latitude
Tcn
X-Internal-Host
X-Error
X-Bc-Bl
X-FireWall-Protection
Source
FSS-Cache
X-Varnish-Cacheable
X-HS-Status
X-Forwarded-Site
X-Vcl-Version
X-B3-Spanid
X-LI-Proto
X-Via-NSCOPI
X-Esi
X-Geo
X-Response-By
Memcached
LB
X-Proxy-Upstream
X-Air-Source
X-Req
Surrogated-Key
CACHE
X-VHOST
X-Newrelic-Synthetics
X-Li-Proto
X-VC-Cache
X-Proxy-Cachei7
Resin-Trace
Xkeyi7
X-PJAX-URL
Mail-Subject
X-Accel-Expires-Debug
We-Hiring
X-Date
Upgrade-Insecure-Requests
X-LiteSpeed-Cache-Control
GeoIP-Latitude
Hostname
Env
GeoIP-Country-Code
X-BBXSRF
X-Hcs-Proxy-Type
X-RateLimit-Remaining-Second
N-Cache
X-Sigma
Request-ID
X-Sigma-Backend
X-VCL-Version
X-Viewer-Country
Server-Ttl
X-RateLimit-Limit-Second
X-Rocket-Build-Number
HitType
X-CCDN-Origin-Time
X-CCDN-CacheTTL
CF-Cached-On
X-Cs
X-Men
X-MSEdge-Features
X-DSS
X-DI
X-DW
X-RPM
X-RPS
X-MSEdge-Flight
X-RSL
X-RAMCache
X-TIM-N
X-WA
Memory
X-Cache-2
Time
X-App
X-DB
X-Svr
X-ServedByHost
X-Cc-Via
X-ZONE
X-Cache-ASPX
X-APP
X-Cc-Req-Id
X-Zone
S-Rt
X-Contensis-Viewer-Groups
X-Varnish-Authentication
D-Cc-Upstream
XServer
ProcessTime
CPC-Age
Server-Id
VNS-Cache
VNS-Age
X-Mg-Request-UUID
X-Action
X-Air-Trace-Id
X-UA
CPC-Cache
Cteonnt-Length
X-Cache-Remote
X-HostName
X-TIME
X-Region-Sid
X-Cache-Config
X-Fpc
X-Gdpr
X-Server-IP
My-App
State
X-API-Version
Fastcgi-Cache-TTL
X-Nyt-Route
Mime-Version
X-Origin-Time
X-FPC
X-Oss-Cdn-Auth
Ohc-File-Size
X-Swift-Error
X-Dynatrace-Js-Agent
X-Provided-By
Cross-Origin-Window-Policy
X-Sucuri-Cache
X-CF-Powered-By
X-FORWARDED-FOR
X-Minions-Version
X-Depends-On
Cache-Provider
W
X-Cdn-Request-ID
X-Akamai-Pragma-Client-IP
Srv
X-Cache-Ttl
X-Dw-Trace-Id
X-URL
X-BACKEND-TTL
CDN
X-NodeID
X-CSRF-TOKEN
X-Check-Cacheable
X-Erf-Stays-Bingo-Pdp-Web
X-SN
X-Ftr-Cache-Host
X-VC
X-Cache-Type
X-UnsetCookies
Cf-Ipcountry
X-Host-Name
Ohc-Cache-HIT
X-Xrds-Location
X-Client-Ip
X-ServerName
X-Flog
X-Hello
X-ABtesting
X-SB
Proxy-Connection
X-Parent-Response-Time
Cdn
X-SD-PageType
X-Fastly-Request-Id
OT-Force-Account-Verify
X-Webstats-RespID
X-Presslabs-Stats
X-ND-Cache
X-Oracle-DMS-ECID
X-Forwarded-Path
Vha6-Origin
X-Pad
X-Orig-Expires
X-Tenant
X-BBC-Edge-Cache-Status
X-Shop-Environment
X-Cluster-Node
X-NGINX-Cache
PICS-Label
X-Fastly-Backend-Reqs
Dnion-Transfer-Encoding
X-Snapshot-Date
Media-Length
X-Pf-Uncompressing
X-Air-Pt
EpKe-Alive
X-Via-PopH
WZWS-RAY
X-Via-PopN
X-Cache-Tag
X-Via-PopV
X-ElasticPress-Search
X-LiteSpeed-Tag
X-Render-Time
Epwk-X-Cache
X-Varnish-URL
Warning
X-Acquia-Purge-Tags
X-Acquia-Application-Trace
X-Acquia-Site
X-Ftr-Request-Id
X-Acquia-Application-UUID
X-Akamai-ERRuleID
X-MiniProfiler-Ids
X-Akamai-ERPolicy
Xet-Cookie
X-Varnish-Beresp-TTL
X-Vcache
X-BBC-Origin-Response-Status
X-Request-URL
X-Lb-Id
X-Traceid
X-Ms-Meta-Staticbatchstarttime
X-Ms-Meta-Originalurl
Datacenter
CountryCode
X-Ua
X-Apw-Access-Token
X-Cache-Status-Check
X-Pjax-Url
X-Conf
X-C
X-Apw-Hits
X-Auto-Login
X-Apw-Access-Object
X-ElasticPress-Query
X-Storefront-Renderer-Verified
Processtime
X-Mg-Request-Id
X-Yottaa-OS
Content-Style-Type
X-Tid
X-Amz-Meta-Cb-Modifiedtime
X-B3-Parentspanid
Phost
Ohc-Response-Time
X-Debug-Cache-Fetch
Inserted-Into-Cache-At
NnCoection
URI
Content-Script-Type
X-Debug-Cache-Store
X-Worker
Environment
X-Redis-Count
X-Redis-Duration-Ms
X-Litespeed-Cache-Control
X-Apw-Access-Action