Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-RAY
CF-Cache-Status
X-XSS-Protection
Accept-Ranges
Link
Pragma
ETag
Expect-CT
X-Powered-By
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
Alt-Svc
X-UA-Compatible
X-Served-By
X-Timer
X-Download-Options
Access-Control-Allow-Headers
X-Request-Id
X-Varnish
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-Runtime
X-AspNet-Version
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Permitted-Cross-Domain-Policies
X-Check
X-Xss-Protection
X-Cache-Status
X-Generator
X-DNS-Prefetch-Control
X-Cacheable
Timing-Allow-Origin
X-Content-Security-Policy
X-FRAME-OPTIONS
X-Iinfo
X-Ua-Compatible
X-Request-ID
Content-Encoding
X-CDN
Feature-Policy
X-AspNetMvc-Version
Status
X-Envoy-Upstream-Service-Time
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
Upgrade
Access-Control-Max-Age
X-Via
Keep-Alive
X-Ws-Request-Id
X-Age
X-AH-Environment
X-Robots-Tag
X-Turbo-Charged-By
Request-Context
EagleId
X-Cache-Group
X-Proxy-Cache
Server-Timing
X-Server
X-Backend
X-Hacker
X-Server-Powered-By
Host-Header
Report-To
X-Amz-Request-Id
X-Nginx-Cache-Status
Grace
X-Amz-Id-2
X-UA-Device
X-Dns-Prefetch-Control
X-Rq
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-Page-Speed
X-LiteSpeed-Cache
Cf-Railgun
X-Pingback
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-OneAgent-JS-Injection
X-Device
X-CST
X-Amz-Version-Id
X-Cache-Spec
NEL
Allow
X-Host
X-Vhost
X-WebKit-CSP
X-Backend-Server
X-Server-Id
X-ASPNET-VERSION
Xkey
X-Dispatcher
EagleEye-TraceId
Surrogate-Control
X-Node
Request-Id
X-Response-Time
Content-Location
X-Akam-SW-Version
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Cache-Lookup
P3p
X-Application-Context
X-Country
Accept-Ch-Lifetime
X-Ruxit-JS-Agent
X-Ac
Accept-CH
Accept-Ch
X-Mod-Pagespeed
X-Template
X-Readtime
X-Language
X-Cloud-Trace-Context
X-B3-TraceId
MS-Author-Via
X-HW
Rating
X-Url
Accept-CH-Lifetime
X-Cnection
X-MS-InvokeApp
X-Origin-Cache
X-TtlSet
X-Vname
X-PC
Edge-Control
X-Clacks-Overhead
X-ESI
X-GitHub-Request-Id
X-Trace
Display
X-Sol
Response
X-Middleton-Response
X-Middleton-Display
Pagespeed
X-Content-Type
X-D2id
Verso
Arr-Disable-Session-Affinity
X-Exp-Variant
X-GoogleNews-Bot
X-Cdn-Fetch
X-Use-Magma
X-Kinja-Server
X-Kinja
X-Exp-Id
X-Varnish-TTL
X-ORACLE-DMS-RID
X-Kinja-Revision
X-Kinja-Build
X-Vcap-Request-Id
X-ORACLE-DMS-ECID
X-Powered-By-Plesk
X-Country-Code
X-Goog-Hash
X-Rack-Cache
X-Navigation-Version
X-VARITI-CCR
X-TTL
X-Server-Name
Service-Worker-Allowed
X-Amz-Rid
X-Webkit-CSP
X-Abt-Application-Version
X-Fastly-Request-ID
X-Oneagent-Js-Injection
Fastly-Restarts
X-Client-IP
X-Cached
X-Buckets
X-Cache-TTL
X-MSEdge-Ref
X-Release
X-Element-Page-Cache
X-Dw-Request-Base-Id
X-NF-Request-ID
X-FastCGI-Cache
X-SharePointHealthScore
SPRequestGuid
X-B3-TraceId-Primal
Mrf-Cache-Status
MRF-Tech
Public-Key-Pins
Access-Control-Request-Method
SPIisLatency
SPRequestDuration
Cache-Tag
RTSS
Pinterest-Generated-By
Pinterest-Version
X-Pinterest-Rid
X-Edge
Ar-Sid
AR-Request-ID
AR-PoweredBy
AR-ATIME
AR-CACHE
X-Powered-CMS
X-Ezoic-Cdn
X-LLID
X-SRCache-Store-Status
X-Upstream
X-SRCache-Fetch-Status
X-Litespeed-Cache
X-Version
S
Content-MD5
X-Ruxit-Js-Agent
X-HP-Webp
X-Jurisdiction
X-Recruiting
X-Mid
X-MCACHE
X-ECACHE
Charset
X-Origin-Upstream-Status
X-Kinsta-Cache
X-DynaTrace
X-Mg-S
X-PressLabs-Stats
Fusion-Template-Id
X-Fastcgi-Cache
Fusion-Source
Fusion-Content-Source
Fusion-Deployment-Id
Fusion-Component-Id
Fusion-Content-Id
X-T
X-Content-Digest
Cache-Tags
X-Ttl
X-Px
Fastcgi-Cache
X-Accel-Expires
X-Id
X-Forwarded-Proto
X-Logged-In
X-Content-Security-Policy-Report-Only
Filters
Server-Node
Edge-Cache-Tag
TP-L2-Cache
X-Amz-Server-Side-Encryption
TP-Cache
Server-Name
Front-End-Https
MicrosoftSharePointTeamServices
TCN
X-Forwarded-For
X-Grace
X-Request-Received
Nginx-Cache
X-Request-Processing-Time
Nel
X-Correlation-Id
X-Hits
X-Amzn-Trace-Id
X-Shield-Request-Id
X-B3-Sampled
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Microsite
X-Request-Handler-Origin-Region
X-Debug
Alternate-Protocol
X-AppVersion
X-Az
X-Activity-Id
X-Varnish-Age
X-F-Cache
X-HS-Combine-CSS
X-HS-Cache-Config
X-Server-ID
X-HS-Hub-Id
X-HS-Content-Id
X-Amz-Replication-Status
X-Origin-Server
X-Yandex-Sdch-Disable
X-GUploader-UploadID
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Stored-Content-Length
X-XRDS-Location
Surrogate-Key
X-XRDS-LOCATION
X-NWS-LOG-UUID
X-Frontend
X-Rid
X-DIS-Request-ID
X-Ser
Accept-Charset
Host
X-Cache-Age
X-Geo-Country
Section-Io-Cache
X-Hostname
X-Git-Hash
X-Time
X-Respond-Thread
X-Daa-Tunnel
Access-Control-Allow-Method
X-VCache
X-Mobile-URL
X-Upgrade-Enabled
X-DataDome
MS-CV
Paypal-Debug-Id
X-Type
X-RateLimit-Remaining
X-LB-Cache
ServerID
Realpath
X-Source
Cleartype
X-AOL-HN
X-Varnish-Backend
X-Seen-By
X-TT
Healthy
X-Content-Options
Payment
X-Cache-Action
X-IPLB-Instance
X-Debug-Info
X-B-Cache
X-Whom
X-Signature
X-Providence-Cookie
X-Aspnet-Duration-Ms
X-Is-Crawler
X-Request-Guid
X-Flags
X-Route-Name
X-App-Environment
X-Page-Id
Cache
X-Contextid
X-Load-Cache
X-Cache-Key
X-N
X-Jobs
X-WebKit-CSP-Report-Only
X-FB-Debug
Fastcgi-Useragent
Node
X-FTR-Request-ID
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Browser-Type
X-Mobile
X-Webkit-Csp
X-Pinterest-Direct
X-Rule
X-Cache-Expired-At
Refresh
X-Original-Request-Id
X-Response-Served-From
X-Accel-Buffering
DC
Ms-Operation-Id
X-RTag
Viewport
X-Cluster-Name
Version
X-Cacheable-TTL
X-Content-Powered-By
Access-Control-Request-Headers
X-Real-IP
X-ProcessESI
X-Zen-Fury
X-Instance
X-RemovedCookies
X-Framework
X-HTML-Minification-Powered-By
X-B
X-Drupal-Cache-Tags
X-Tec-Api-Root
X-FireWall-Port
X-Tec-Api-Origin
X-Tec-Api-Version
X-UUID
Referer-Policy
X-Region
X-IPS-LoggedIn
VIX-Pulpo-Upstream-Status
X-Cache-Control
VIX-Pulpo-Node
X-Wix-Request-Id
X-Proxy
Powered-By-ChinaCache
Eomportal-Instance
X-Cache-Time
X-Distributor
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-Page-View
X-Drupal-Cache-Contexts
Countrycode
X-FW-Type
X-FW-Static
X-FW-Serve
X-FW-Hash
X-FW-Server
X-FW-Dynamic
X-Cached-By
X-Via-JSL
X-G
X-Cache-Rule
X-Cache-Operation
X-Tumblr-User
X-Tumblr-Pixel
Liferay-Portal
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
X-App-Server
X-Nginx-Cache
X-Debug-IsConnected
X-Debug-IsPreview
X-Akamai-Edgescape
Xserver
X-Www-Served-By
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Environment-Context
X-L-Path
X-Cache-Hit
X-Protected-By
X-Pass-Why
SRV
Section-Io-Origin-Status
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
Section-Io-Id
Server-Info
DynaTrace
X-Device-Type
X-Varnish-Grace
CF-IPCountry
X-User-Agent
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Tumblr-Pixel-2
From-Origin
X-Adobe-Content
X-Adobe-Loc
Webserver
X-Mode
Cache-Status
Ec-Rule-Version
Retry-After
X-Varnish-Server
X-UPSTREAM-Address
GEO-INFO
Meta-Geo
X-Endurance-Cache-Level
X-ES-SERVER
X-RN-RSRV
X-Hl-Ver
Frame-Options
X-Handled-By
AMP-Access-Control-Allow-Source-Origin
X-Backend-Name
Cache-Tv-Group
X-FB-TRIP-ID
X-Request-Time
TWC-Privacy
Webcakes-Region
Webcakes-App-Version
Apigw-Requestid
Webcakes-App-Name
TWC-Locale-Group
TWC-GeoIP-Country
X-Pubstack
Property-Id
X-Section
X-Storage
X-Soup
TWC-Connection-Speed
X-Origin-Hint
Fastly-SSL
TWC-Device-Class
Country
TWC-GeoIP-LatLong
X-Access
X-ProxyCache-Status
X-Format
X-ProxyCache-Key
X-BYPASS-REASON
X-PCL
X-Cache-Server
X-MP-GENERATED-AT
X-OCL
X-Uri
X-Varnishpool
X-PERF
X-R9-Blue-Green-Version
Decoy-Debug-Status
Decoy-Debug-TTL
Decoy-Debug-Key
X-LJ-Flow-ID
X-No-Session
X-TA-CDN-Provider
X-Labrador-Cache-Channel
X-Human
X-S-Maxage
Mn-Server-Ip
X-Server-W
X-PHP-Host
X-ApacheServer
X-NYM-Debug-Backend
X-VWS-Id
X-Timing-Wait
X-Ratelimit-Limit
X-Proxy-Build
X-Via-Fastly
X-AWS-Id
X-Be
X-WA-Info
X-UA-Device-Type
Selected-Fe
X-Zipkin-Id
X-Info
Azure-RegionName
Azure-InstanceId
Cache-Name
Azure-SlotName
Azure-Version
X-Xfnlog-Site
X-Varnish-Ttl
Protected
Azure-SiteName
X-Proxied
X-Proto
X-Origin-Date
X-Routing-Service
X-LAGOON
X-Cache-TTL-Remaining
X-Alternate-Cache-Key
X-ShopId
X-Sorting-Hat-ShopId
X-Loop
X-Storefront-Renderer-Rendered
X-Sorting-Hat-PodId
X-SayCDN-TTL
X-Sql-Count
X-Status
X-Say-Cacheable
X-Say-TTL
X-Sql-Duration-Ms
X-GG-Cache-Date
X-Web-Node
X-TNCMS
X-Shopify-Stage
X-ShardId
X-Hyper-Cache
X-Locale
Uber-Trace-Id
X-Redis-Cache
X-Hosted-By
X-Proxy-Cache-Status
X-Site-Version
X-FW-Version
X-Rendered-As
X-Dc
X-Is-Bot
X-Microcachable
X-Cache-Enabled
X-Content-Age
X-Cluster
X-App-Version
S-Cnection
X-NWS-UUID-VERIFY
X-TT-LOGID
X-AIR-PT
X-Cache-Grace
X-Forwarded-Host
X-Backend-Host
X-Qloud-Router
X-Platform
X-Node-Name
X-Azure-Ref
X-CSRF-Token
X-CCM
X-SRV
X-Revision
X-Via-CDN
Cache-Hits
Akamai-GRN
X-Trace-Id
X-Ratelimit-Remaining
ServedBy
X-Aspnetmvc-Version
X-Varnish-Hostname
X-ATG-Version
X-Cache-NGX
X-EdgeConnect-Cache-Status
X-Cache-PHP
X-RCS-CacheZone
X-Debug-Cache
X-Detected-As
X-CACHE-KEY
X-Cache-Host
X-Correlation-ID
X-B3-SpanId
X-Amzn-Remapped-Content-Length
X-Amz-Apigw-Id
X-Amzn-RequestId
X-CS
X-Nc
HostName
DB-Nickname
Amp-Access-Control-Allow-Source-Origin
X-TX-ID
X-Akamai-Transformed
X-Unique-ID
X-FTR-Realm
X-FTR-Balancer
X-FTR-Backend
X-Country-Code-Real
X-FTR-DC
SD-X-WS
X-FTR-Backend-Server
X-FTR-Cache-Status
Who
X-Adobe-Source
X-BCube-Filmed-By
X-Oss-Object-Type
X-Oss-Request-Id
X-Oss-Server-Time
X-Oss-Storage-Class
X-Oss-Hash-Crc64ecma
X-Time-Microsecs
Country-Code
X-Ms-Version
X-Ms-Request-Id
X-Varnish-Beresp-Grace
T-Server
X-A-Dam
X-A
X-A-Dcw
X-A-Dgt
X-A-Ccd
Fastcgi-X-Cache-Version
DCR-Processing-Time-Ms
Expiry
DCR-Decision-By
BehaviorPad-Version
X-Varnish-Cache-Hits
X-A-Wwc
Machine
Odigeo-Trace-Id
Mobile-Detection-Method
Meta-Geo-Continent
MD5-Digest
Rendered-Blocks
X-Connection-Hash
X-S
X-S-Cookie
X-ScT
X-Rojux
X-Rewrite-Enabled
X-PBS-Appsvrname
X-Processor
X-Request-UUID
X-Session-Fingerprint
X-SRCache-Key
X-VG-WebServer
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
X-VG-WebCache
X-Vdms-Version
X-Trv-Group
X-Vdms-Path
X-PAYTM-SRV-ID
X-Owner
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-D
X-Cache-NE
X-B-Cookie
X-Application
X-ARC
X-Destination
X-External-Request-Id
X-NAPM-TraceId
X-Origin-CC
X-Origin-TTL
X-Location
X-Level-Front-Cache
X-From
X-Generated-On
X-Aed
X-Generation-Time
X-Amz-Meta-S3cmd-Attrs
X-ServerID
X-Backend-TTL
X-Varnish-Beresp-Ttl
X-RateLimit-Limit
Backend
Filterid
X-Magnolia-Registration
Release
Wxu-Next-Region
Wxu-Next-Hostname
Wxu-Next-Commit
X-OVcl
X-OVcl-Cache
X-Policy
X-GeoIP-City
Pagetype
Path
Content-Disposition
X-Varnish-Beresp-Status
V-Age
Ssr
Thinkindot-CacheControl
Cache-Host
CacheControlHeader
X-Geo-Header
Thinkindot-CacheControl-Type
Thinkindot-Control
X-Generated-In
UCS
AKAMAI
Server-Host
X-Cache-Bucket
X-Bip
X-Device-Os
X-Developers
Magicmarker
X-Core-Value
X-Swa-Ws
X-Thanos
X-Tumblr-Pixel-3
Host-ID
X-TrackingId
X-Thinkindot-L3
X-Fetched-On
Gh-Request-Id
X-Reqid
X-Cms-Context
X-DynaTrace-JS-Agent
On-Server
Fastly-Backend-Name
X-EC-Lua
X-FTR-Expires
NM-Fastcgi-Cache
Server-Hostname
NGX
X-Irp-Debug
Location
Origin
Server-Ext
X-IP
Locid
X-Eu-Site
X-HS-Content-Campaign-Id
PFcat
Vix-Hermes-Req-Id
X-Azure-Ref-OriginShield
X-Csrf-Jwt
X-CGP
Tracecode
X-Air-Hostname
X-Fastly-Cache
PB-RID
X-Envoy-Decorator-Operation
PB-PID
X-Dispatcher-Server
X-Developer
X-Cache-Info
X-Cache-Debug
X-User
L5d-Success-Class
True-Client-Country-4JS
X-GeoIP
X-JWT-State
X-Is-Gdpr
X-Branch-Name
X-Backend-State
X-FC-Vary-Parameters
X-Has-Esi
Sever-Int
X-HN
CDN-RequestCountryCode
CDN-PullZone
CDN-EdgeStorageId
X-Origin
CDN-RequestId
X-Varnish-Hits
L
Cf-Bgj
CDN-Uid
CDN-CachedAt
CDN-Cache
Apple-News-Services-Host
Apple-News-Services-Handled
X-Mvc-Supplant-Cachable
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
CDCHOST
C-Via
Arc-Version
Xc-Version
X-Ratelimit-Reset
Cf-Device-Type
X-VarnishDD-TTL
X-VG-TLSProxy
X-Skip-Cache
X-SVT-ORM-VERSION
X-Sucuri-ID
HA-Ipaddr
Ha-Gx-Prefs
X-Nginx-Cache-Key
Esi-Enabled
X-Request-URI
X-B3-Traceid
X-Micro-Cache
X-Var-Ttl
DSUID
X-Method
X-Scheme
X-SVT-ORM-RULES
X-NewRelic-App-Data
User-Cache-Control
X-Tb
X-Varnish-CookieHashed-On
X-Request-Host
X-DefElseHash
X-Clientip
X-Fmm-Version
X-Cache-Id
IsBot
X-DefHash
X-DPWN-IS-SECURE
X-Cdn-Forward
Fastly-SWR
X-Gzip
X-Cache-Tags
X-WADP-Cache
X-Hnp-Log
X-CLOUD-TRACE-CONTEXT
Fastly-SIE
Fastly-Drupal-HTML
Is-Eu
X-SIPLIST1
Platform
X-Variation
X-Clara-WADP
X-Rebelmouse-Surrogate-Control
X-Hash
X-LB-ID
X-Block-Status
X-Node-Id
Adler-Geo
X-Rebelmouse-Cache-Control
X-Generated-By
X-LI-UUID
X-Platform-Server
X-NU-AKA-ACS-Version
Web-Mar-Node
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
X-Old-Content-Length
X-Origin-Expires
X-Li-Pop
X-Li-Fabric
X-Goog-Meta-Goog-Reserved-File-Mtime
X-GoCache-CacheStatus
X-Gamma-Serve
X-Wikidot-Static-Cache
X-Fastly-Backend
X-VServer
X-Esi-Check
X-Wikidot-Backend
X-Origin-Response-Time
X-Gen-Mode
X-Aicache-OS
X-Epic-Correlation-Id
X-Unique-Id
X-ID
X-Loc
X-GEO
X-Varnish-Url
Rt-Fastcgi-Cache
X-Slack-Backend
X-Cache-Var-Map
X-Cache-Var
Geo-Info
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
Instruction
Pics-Label
X-Planisys-CDN-TTL
X-PF-Uncompressing
NGB
X-Via-Poph
X-Via-Popn
X-Via-Popv
SR-User-Adfree
X-Mvc-Supplant-OutputCached
X-APP-VERSION
Req-Svc-Chain
Cmstype
X-Refresh
X-CUA
X-Servername
Cmsid
Url
X-Matched-Rule
Svr
Sid
Lfy
X-Served-From
Kp-EeAlive
X-Cache-Expires
CloudFront-Viewer-Country
A
X-Cache-Backend
X-TraceId
X-Vgn-Hpd-Reason
VivaBuild
Pramga
X-Cdn-Origin
Viewtype
X-Webkit-CSP-Report-Only
M-TraceId
X-NCache
MIME-Version
X-Sn-Servicetimems
X-Srv
X-Server-Lifecycle-Phase
X-Kraken-Routeconfig-Destination
X-Kraken-Loop-Name
X-Edge-Location-Klb
X-Instrumentation
Arc-Country
X-Core-Mission
Cross-Origin-Opener-Policy
Cache-Key
Tcn
X-Cache-Date
X-PHP-Backend
X-NGENIX-Cache
X-JoinUs
X-SaId
DataCenter
X-Edge-Location
TDXMobile
Server-ID
X-Tb-Optimization-Total-Bytes-Saved
X-Request-Start
X-Vc
SID
X-CDN-Forward
X-Service
X-DC
X-Geo
Content-Secure-Policy
X-FireWall-Protection
Source
X-Servedbyhost
X-Error
X-NC
GeoIp-Country-Code
X-Varnish-Cacheable
X-Vcl-Version
X-Extlb
Geoip-Latitude
X-Internal-Host
X-Wa
NtCoent-Length
X-Bc-Bl
FSS-Cache
X-Response-By
X-B3-Spanid
X-HS-Status
X-Air-Source
X-Proxy-Cachei7
X-Esi
Xkeyi7
X-LI-Proto
X-Forwarded-Site
CACHE
X-VHOST
LB
Memcached
Surrogated-Key
HitType
X-Li-Proto
Server-Ttl
Resin-Trace
N-Cache
X-Req
X-BBXSRF
X-PJAX-URL
X-Proxy-Upstream
X-Via-NSCOPI
X-HOST
X-LiteSpeed-Cache-Control
X-Cache-2
X-CCDN-Origin-Time
Request-ID
X-Hcs-Proxy-Type
X-CCDN-CacheTTL
X-Newrelic-Synthetics
X-VC-Cache
X-Date
X-Viewer-Country
X-Accel-Expires-Debug
X-RAMCache
Mail-Subject
We-Hiring
S-Rt
Upgrade-Insecure-Requests
D-Cc-Upstream
X-WA
X-Sigma
X-Sigma-Backend
X-Rocket-Build-Number
X-APP
Env
X-VCL-Version
X-RPM
X-RPS
X-RSL
X-DSS
X-DI
X-RateLimit-Limit-Second
X-TIM-N
X-DB
X-RateLimit-Remaining-Second
X-DW
X-Cc-Via
GeoIP-Latitude
X-Cache-ASPX
GeoIP-Country-Code
X-Cc-Req-Id
X-Svr
X-Varnish-Authentication
X-Contensis-Viewer-Groups
Hostname
X-Cache-Remote
X-UA
X-Zone
Cteonnt-Length
X-Cs
X-ServedByHost
X-Men
Time
Memory
X-MSEdge-Flight
X-App
X-MSEdge-Features
XServer
Cross-Origin-Window-Policy
CF-Cached-On
X-Server-IP
ProcessTime
X-Air-Trace-Id
Ohc-File-Size
X-ZONE
X-Action
X-Sucuri-Cache
X-HostName
X-Erf-Stays-Bingo-Pdp-Web
CPC-Cache
CPC-Age
X-Cache-Config
X-Oss-Cdn-Auth
X-Origin-Time
Server-Id
X-Nyt-Route
X-Region-Sid
X-FPC
X-Gdpr
X-API-Version
X-Fpc
VNS-Cache
VNS-Age
X-CF-Powered-By
X-Dynatrace-Js-Agent
X-Host-Name
X-Swift-Error
X-Provided-By
X-FORWARDED-FOR
My-App
State
X-VC
Mime-Version
X-Depends-On
X-NodeID
Cache-Provider
W
X-Mg-Request-UUID
X-SN
Fastcgi-Cache-TTL
X-Check-Cacheable
Srv
Ohc-Cache-HIT
X-Cdn-Request-ID
X-SD-PageType
X-UnsetCookies
X-BACKEND-TTL
CDN
X-Ftr-Cache-Host
X-CSRF-TOKEN
Proxy-Connection
X-Dw-Trace-Id
X-TIME
X-Webstats-RespID
X-URL
X-Minions-Version
X-SB
X-ServerName
Cf-Ipcountry
X-Client-Ip
X-Akamai-Pragma-Client-IP
X-Xrds-Location
X-Fastly-Backend-Reqs
X-ABtesting
X-Fastly-Request-Id
X-Hello
X-BBC-Edge-Cache-Status
X-Flog
X-Parent-Response-Time
Cdn
X-Cache-Type
Media-Length
Vha6-Origin
X-Oracle-DMS-ECID
X-Presslabs-Stats
X-Pf-Uncompressing
OT-Force-Account-Verify
X-Render-Time
X-Cache-Tag
X-Pad
Dnion-Transfer-Encoding
X-NGINX-Cache
EpKe-Alive
X-Snapshot-Date
X-Tenant
X-ND-Cache
X-Acquia-Site
X-Acquia-Application-UUID
X-Acquia-Application-Trace
X-Forwarded-Path
X-Orig-Expires
X-Shop-Environment
X-Via-PopH
X-Via-PopN
PICS-Label
X-ElasticPress-Search
X-Via-PopV
X-LiteSpeed-Tag
X-Acquia-Purge-Tags
Epwk-X-Cache
X-Air-Pt
X-Auto-Login
Processtime
X-Varnish-URL
X-MiniProfiler-Ids
X-Request-URL
X-BBC-Origin-Response-Status
X-Varnish-Beresp-TTL
X-Cluster-Node
Warning
X-Traceid
X-ElasticPress-Query
X-Lb-Id
X-Ms-Meta-Originalurl
X-Akamai-ERRuleID
X-Vcache
X-Worker
X-Ms-Meta-Staticbatchstarttime
Xet-Cookie
X-Akamai-ERPolicy
X-Ua
CountryCode
X-Mg-Request-Id
X-Apw-Hits
X-Apw-Access-Token
Ohc-Response-Time
X-Cache-Status-Check
X-Ftr-Request-Id
WZWS-RAY
X-Apw-Access-Object
X-Debug-Cache-Fetch
X-Yottaa-OS
X-Debug-Cache-Store
X-Redis-Count
X-Amz-Meta-Cb-Modifiedtime
X-Storefront-Renderer-Verified
X-Tid
X-FTR-Cache-Host
Inserted-Into-Cache-At
NnCoection
URI
X-Redis-Duration-Ms
Phost
Environment
X-B3-Parentspanid
Content-Style-Type
X-Litespeed-Cache-Control
Content-Script-Type
X-Apw-Access-Action