Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-RAY
CF-Cache-Status
X-XSS-Protection
Accept-Ranges
Link
Pragma
ETag
Expect-CT
X-Powered-By
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
Alt-Svc
X-UA-Compatible
X-Served-By
X-Timer
X-Download-Options
Access-Control-Allow-Headers
X-Request-Id
X-Varnish
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-Runtime
X-AspNet-Version
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Permitted-Cross-Domain-Policies
X-Check
X-Xss-Protection
X-Cache-Status
X-Generator
X-DNS-Prefetch-Control
X-Cacheable
Timing-Allow-Origin
X-Content-Security-Policy
X-FRAME-OPTIONS
X-Iinfo
X-Ua-Compatible
X-Request-ID
Content-Encoding
X-CDN
Feature-Policy
X-AspNetMvc-Version
Status
X-Envoy-Upstream-Service-Time
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
Upgrade
Access-Control-Max-Age
X-Via
Keep-Alive
X-Ws-Request-Id
X-Age
X-Robots-Tag
X-AH-Environment
X-Turbo-Charged-By
Request-Context
EagleId
X-Proxy-Cache
X-Cache-Group
Server-Timing
X-Server
X-Backend
X-Hacker
X-Server-Powered-By
Host-Header
Report-To
X-Amz-Request-Id
X-Nginx-Cache-Status
Grace
X-Amz-Id-2
X-UA-Device
X-Dns-Prefetch-Control
X-Rq
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-Page-Speed
X-LiteSpeed-Cache
Cf-Railgun
X-Pingback
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-OneAgent-JS-Injection
X-Device
X-CST
X-Amz-Version-Id
X-Cache-Spec
NEL
Allow
X-Host
X-Vhost
X-WebKit-CSP
X-Backend-Server
X-ASPNET-VERSION
X-Server-Id
Xkey
X-Dispatcher
EagleEye-TraceId
Surrogate-Control
X-Node
Request-Id
X-Response-Time
Content-Location
X-Akam-SW-Version
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
P3p
X-Cache-Lookup
X-Application-Context
X-Country
Accept-Ch-Lifetime
X-Ruxit-JS-Agent
X-Ac
Accept-CH
Accept-Ch
X-Mod-Pagespeed
X-Template
X-Readtime
X-Language
X-Cloud-Trace-Context
X-B3-TraceId
MS-Author-Via
X-HW
Rating
X-Url
Accept-CH-Lifetime
X-Cnection
X-MS-InvokeApp
X-Origin-Cache
X-Vname
X-PC
X-TtlSet
Edge-Control
X-ESI
X-Clacks-Overhead
X-GitHub-Request-Id
X-Trace
X-Middleton-Response
X-Sol
X-Middleton-Display
Pagespeed
Response
Display
X-Content-Type
X-D2id
Verso
Arr-Disable-Session-Affinity
X-Exp-Variant
X-Cdn-Fetch
X-Use-Magma
X-Exp-Id
X-Kinja-Server
X-Kinja-Build
X-Kinja
X-Kinja-Revision
X-GoogleNews-Bot
X-ORACLE-DMS-RID
X-Varnish-TTL
X-Vcap-Request-Id
X-ORACLE-DMS-ECID
X-Country-Code
X-Powered-By-Plesk
X-Goog-Hash
X-Rack-Cache
X-Navigation-Version
X-VARITI-CCR
X-TTL
X-Server-Name
Service-Worker-Allowed
X-Amz-Rid
X-Webkit-CSP
X-Abt-Application-Version
X-Fastly-Request-ID
X-Oneagent-Js-Injection
Fastly-Restarts
X-Client-IP
X-Cached
X-Buckets
X-Cache-TTL
X-MSEdge-Ref
X-Release
X-Element-Page-Cache
X-Dw-Request-Base-Id
X-FastCGI-Cache
X-NF-Request-ID
SPRequestGuid
X-SharePointHealthScore
X-B3-TraceId-Primal
Mrf-Cache-Status
MRF-Tech
Public-Key-Pins
Access-Control-Request-Method
SPRequestDuration
SPIisLatency
RTSS
Cache-Tag
Pinterest-Generated-By
X-Pinterest-Rid
Pinterest-Version
AR-PoweredBy
AR-ATIME
X-Edge
AR-Request-ID
AR-CACHE
Ar-Sid
X-Powered-CMS
X-Ezoic-Cdn
X-LLID
X-SRCache-Store-Status
X-Upstream
X-SRCache-Fetch-Status
X-Litespeed-Cache
X-Version
Content-MD5
S
X-Ruxit-Js-Agent
X-HP-Webp
X-Jurisdiction
X-Recruiting
X-ECACHE
X-MCACHE
Charset
X-Mid
X-Origin-Upstream-Status
X-Kinsta-Cache
X-DynaTrace
X-Mg-S
X-PressLabs-Stats
Fusion-Source
Fusion-Template-Id
Fusion-Component-Id
X-Fastcgi-Cache
Fusion-Deployment-Id
Fusion-Content-Id
Fusion-Content-Source
X-T
X-Content-Digest
Cache-Tags
X-Px
X-Ttl
Fastcgi-Cache
X-Accel-Expires
X-Id
X-Forwarded-Proto
X-Logged-In
X-Content-Security-Policy-Report-Only
Filters
Server-Node
Edge-Cache-Tag
TP-L2-Cache
X-Amz-Server-Side-Encryption
TP-Cache
Server-Name
Front-End-Https
MicrosoftSharePointTeamServices
TCN
X-Forwarded-For
X-Grace
X-Request-Processing-Time
X-Request-Received
Nginx-Cache
Nel
X-Correlation-Id
X-Hits
X-Amzn-Trace-Id
X-Shield-Request-Id
X-B3-Sampled
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Request-Handler-Origin-Region
X-Microsite
X-Debug
Alternate-Protocol
X-Az
X-Activity-Id
X-AppVersion
X-Varnish-Age
X-Server-ID
X-F-Cache
X-HS-Cache-Config
X-HS-Content-Id
X-HS-Combine-CSS
X-HS-Hub-Id
X-Amz-Replication-Status
X-Origin-Server
X-Yandex-Sdch-Disable
X-XRDS-Location
Surrogate-Key
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Goog-Generation
X-Goog-Metageneration
X-GUploader-UploadID
X-Goog-Stored-Content-Encoding
X-XRDS-LOCATION
X-NWS-LOG-UUID
X-Frontend
X-Rid
X-DIS-Request-ID
X-Geo-Country
X-Ser
Accept-Charset
X-Cache-Age
Host
Section-Io-Cache
X-Hostname
X-Git-Hash
X-Time
X-Respond-Thread
Access-Control-Allow-Method
X-Daa-Tunnel
X-VCache
X-Mobile-URL
MS-CV
X-DataDome
X-Upgrade-Enabled
X-RateLimit-Remaining
X-Type
Realpath
ServerID
X-LB-Cache
Paypal-Debug-Id
X-Source
Cleartype
X-Seen-By
X-TT
X-Varnish-Backend
X-AOL-HN
X-IPLB-Instance
Payment
Healthy
X-Content-Options
X-Whom
X-B-Cache
X-Cache-Action
X-Signature
X-Aspnet-Duration-Ms
X-Flags
X-Providence-Cookie
X-Is-Crawler
X-Request-Guid
X-Route-Name
X-Debug-Info
Cache
X-Page-Id
X-App-Environment
X-Load-Cache
X-Contextid
X-Cache-Key
X-Jobs
X-N
X-FB-Debug
X-WebKit-CSP-Report-Only
Fastcgi-Useragent
X-FTR-Request-ID
Node
X-Browser-Type
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Mobile
X-Webkit-Csp
X-Pinterest-Direct
X-Rule
X-Cache-Expired-At
Refresh
X-Accel-Buffering
X-Response-Served-From
X-Original-Request-Id
Ms-Operation-Id
Viewport
DC
X-RTag
Version
X-Cacheable-TTL
X-Content-Powered-By
X-RemovedCookies
X-Zen-Fury
X-HTML-Minification-Powered-By
X-Real-IP
X-Drupal-Cache-Tags
X-Instance
X-Framework
Access-Control-Request-Headers
X-Cluster-Name
X-ProcessESI
X-B
X-FireWall-Port
VIX-Pulpo-Upstream-Status
X-Cache-Time
X-Distributor
X-Region
X-Cache-Control
VIX-Pulpo-Node
X-Proxy
X-Wix-Request-Id
Eomportal-Instance
Referer-Policy
X-Tec-Api-Root
X-Tec-Api-Version
X-Tec-Api-Origin
Powered-By-ChinaCache
X-Tt-Trace-Tag
X-UUID
X-Tt-Trace-Host
X-IPS-LoggedIn
X-Page-View
X-Drupal-Cache-Contexts
Countrycode
X-FW-Static
X-FW-Server
X-FW-Hash
X-FW-Dynamic
X-FW-Serve
X-FW-Type
X-Cached-By
X-Via-JSL
X-Cache-Operation
X-G
X-Cache-Rule
X-Tumblr-User
X-Tumblr-Pixel
Liferay-Portal
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
X-App-Server
X-Debug-IsConnected
X-Debug-IsPreview
X-Nginx-Cache
Xserver
X-Www-Served-By
X-Akamai-Edgescape
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-L-Path
X-Environment-Context
X-Cache-Hit
X-Protected-By
X-Pass-Why
SRV
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
Section-Io-Origin-Status
Section-Io-Id
Server-Info
X-Varnish-Grace
X-Device-Type
DynaTrace
X-User-Agent
CF-IPCountry
X-Tumblr-Pixel-2
From-Origin
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-Adobe-Content
X-Adobe-Loc
X-TEC-API-ROOT
X-Mode
Webserver
X-Varnish-Server
Ec-Rule-Version
Retry-After
Frame-Options
X-RN-RSRV
X-UPSTREAM-Address
GEO-INFO
AMP-Access-Control-Allow-Source-Origin
X-Endurance-Cache-Level
Meta-Geo
Cache-Status
X-Handled-By
X-Hl-Ver
X-ES-SERVER
X-Backend-Name
Cache-Tv-Group
Webcakes-App-Version
TWC-Connection-Speed
TWC-GeoIP-Country
Webcakes-Region
X-PCL
X-Soup
X-Storage
Webcakes-App-Name
X-FB-TRIP-ID
TWC-Locale-Group
TWC-GeoIP-LatLong
X-OCL
X-Pubstack
TWC-Privacy
X-Uri
Apigw-Requestid
X-Access
TWC-Device-Class
X-Varnishpool
X-Cache-Server
X-Section
Country
X-Format
Fastly-SSL
X-Origin-Hint
X-MP-GENERATED-AT
Property-Id
Selected-Fe
Mn-Server-Ip
X-Server-W
Decoy-Debug-Status
X-R9-Blue-Green-Version
Decoy-Debug-TTL
X-Request-Time
Decoy-Debug-Key
X-Timing-Wait
X-WA-Info
X-Proxy-Build
X-ProxyCache-Key
X-BYPASS-REASON
X-LJ-Flow-ID
X-NYM-Debug-Backend
X-Labrador-Cache-Channel
X-PERF
X-PHP-Host
X-ProxyCache-Status
X-VWS-Id
X-No-Session
X-Be
X-TA-CDN-Provider
X-UA-Device-Type
X-AWS-Id
X-Via-Fastly
X-ApacheServer
X-Human
Cache-Name
X-Ratelimit-Limit
X-Xfnlog-Site
X-Zipkin-Id
X-LAGOON
X-Proxied
Protected
X-Proto
X-Origin-Date
X-Varnish-Ttl
X-Cache-TTL-Remaining
X-S-Maxage
X-Routing-Service
Azure-Version
Azure-SiteName
Azure-RegionName
X-Alternate-Cache-Key
Azure-SlotName
X-ShopId
X-Status
X-Loop
X-Info
X-Say-Cacheable
X-Storefront-Renderer-Rendered
Azure-InstanceId
X-Say-TTL
X-SayCDN-TTL
X-Sql-Count
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Sql-Duration-Ms
X-Web-Node
X-TNCMS
X-Shopify-Stage
X-ShardId
X-Hosted-By
X-Locale
X-Hyper-Cache
X-Proxy-Cache-Status
Uber-Trace-Id
X-Redis-Cache
X-GG-Cache-Date
X-Site-Version
X-Rendered-As
X-Microcachable
X-Cache-Enabled
X-FW-Version
X-Dc
X-Is-Bot
X-Cluster
X-Content-Age
X-App-Version
S-Cnection
X-AIR-PT
X-Forwarded-Host
X-NWS-UUID-VERIFY
X-Cache-Grace
X-TT-LOGID
X-Qloud-Router
X-Backend-Host
X-Node-Name
X-Platform
X-Azure-Ref
X-CSRF-Token
X-Revision
X-Via-CDN
X-SRV
X-CCM
Cache-Hits
Akamai-GRN
X-Trace-Id
ServedBy
X-EdgeConnect-Cache-Status
X-Cache-PHP
X-Ratelimit-Remaining
X-Cache-NGX
X-Aspnetmvc-Version
X-ATG-Version
X-RCS-CacheZone
X-Debug-Cache
X-Varnish-Hostname
X-Detected-As
X-Correlation-ID
X-CACHE-KEY
X-Cache-Host
X-B3-SpanId
X-CS
X-Amzn-Remapped-Content-Length
X-Amzn-RequestId
X-Amz-Apigw-Id
DB-Nickname
HostName
X-Nc
Amp-Access-Control-Allow-Source-Origin
X-TX-ID
X-Akamai-Transformed
SD-X-WS
X-FTR-Backend
X-FTR-DC
X-Country-Code-Real
X-FTR-Realm
X-Unique-ID
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-Cache-Status
X-BCube-Filmed-By
Who
X-Adobe-Source
X-Oss-Storage-Class
X-Time-Microsecs
X-Oss-Request-Id
Country-Code
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-Oss-Server-Time
X-Ms-Request-Id
X-Ms-Version
T-Server
X-A-Wwc
X-A-Dgt
X-A-Dcw
X-A-Dam
X-A-Ccd
X-A
Machine
DCR-Processing-Time-Ms
Expiry
DCR-Decision-By
BehaviorPad-Version
X-Varnish-Beresp-Grace
Fastcgi-X-Cache-Version
X-Aed
Odigeo-Trace-Id
Mobile-Detection-Method
Meta-Geo-Continent
MD5-Digest
Rendered-Blocks
X-Connection-Hash
X-S
X-S-Cookie
X-ScT
X-Rojux
X-Rewrite-Enabled
X-Processor
X-Request-UUID
X-Session-Fingerprint
X-SRCache-Key
X-VG-WebServer
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
X-VG-WebCache
X-Vdms-Version
X-Trv-Group
X-Vdms-Path
X-PBS-Appsvrname
X-PAYTM-SRV-ID
X-CF-Lambda-Version
X-D
X-Destination
X-CF-Lambda-Fn
X-Cache-NE
X-ARC
X-B-Cookie
X-External-Request-Id
X-From
X-Origin-CC
X-Origin-TTL
X-Owner
X-NAPM-TraceId
X-Location
X-Generated-On
X-Level-Front-Cache
X-Application
X-Generation-Time
X-Backend-TTL
X-Amz-Meta-S3cmd-Attrs
X-ServerID
Filterid
Backend
X-RateLimit-Limit
X-Policy
X-Reqid
X-OVcl-Cache
X-OVcl
X-Magnolia-Registration
Release
Pagetype
On-Server
Magicmarker
Content-Disposition
CacheControlHeader
Cache-Host
AKAMAI
X-Tumblr-Pixel-3
X-TrackingId
Gh-Request-Id
Fastly-Backend-Name
X-Thanos
X-Thinkindot-L3
Server-Host
Thinkindot-CacheControl-Type
X-Bip
X-Fetched-On
X-DynaTrace-JS-Agent
X-Cache-Bucket
X-Device-Os
X-Cms-Context
X-Core-Value
X-Developers
X-Generated-In
X-Geo-Header
UCS
Thinkindot-Control
X-Varnish-Beresp-Ttl
V-Age
Wxu-Next-Commit
X-GeoIP-City
Wxu-Next-Region
Wxu-Next-Hostname
Thinkindot-CacheControl
Host-ID
X-Varnish-Cache-Hits
X-EC-Lua
X-Varnish-Beresp-Status
X-FTR-Expires
X-FC-Vary-Parameters
Server-Ext
Server-Hostname
X-Micro-Cache
Ssr
X-Sucuri-ID
Sever-Int
X-Method
X-Mvc-Supplant-Cachable
X-Nginx-Cache-Key
X-Ratelimit-Reset
X-Azure-Ref-OriginShield
X-Request-URI
Locid
NGX
NM-Fastcgi-Cache
PFcat
Path
X-B3-Traceid
X-Irp-Debug
True-Client-Country-4JS
X-Cache-Debug
X-Dispatcher-Server
X-Envoy-Decorator-Operation
X-Branch-Name
X-Developer
X-Cache-Info
Tracecode
X-Csrf-Jwt
X-Air-Hostname
X-Eu-Site
X-Fastly-Cache
X-IP
X-JWT-State
Location
X-Is-Gdpr
Vix-Hermes-Req-Id
X-HS-Content-Campaign-Id
X-Backend-State
X-GeoIP
X-HN
X-Has-Esi
X-Origin
CDN-RequestCountryCode
CDN-PullZone
CDN-EdgeStorageId
CDN-Cache
CDN-RequestId
CDN-Uid
DSUID
Cf-Device-Type
X-User
Cf-Bgj
CDCHOST
Arc-Version
Apple-News-Services-Handled
Xc-Version
X-VarnishDD-TTL
X-VG-TLSProxy
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
C-Via
X-Var-Ttl
Apple-News-Services-Request-Url
Esi-Enabled
CDN-CachedAt
Ha-Gx-Prefs
PB-RID
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-CGP
L5d-Success-Class
X-Scheme
X-Skip-Cache
PB-PID
HA-Ipaddr
X-Swa-Ws
X-NewRelic-App-Data
User-Cache-Control
X-Tb
Fastly-SWR
X-Request-Host
X-Fmm-Version
Platform
X-Esi-Check
X-SIPLIST1
X-Cache-Tags
X-Variation
Fastly-SIE
X-Clientip
X-Varnish-Hits
X-Varnish-Remaining-TTL
X-VServer
X-Clara-WADP
X-Wikidot-Backend
X-WADP-Cache
X-Cdn-Forward
X-Varnish-CookieINHashed-On
X-Fastly-Backend
Is-Eu
X-Varnish-CookieHashed-On
X-Gen-Mode
X-Li-Pop
X-LI-UUID
X-Node-Id
X-Hnp-Log
X-DefHash
X-Li-Fabric
X-Wikidot-Static-Cache
X-LB-ID
X-DPWN-IS-SECURE
X-Origin-Response-Time
X-NU-AKA-ACS-Version
X-Origin-Expires
Adler-Geo
X-Rebelmouse-Surrogate-Control
X-Generated-By
X-GoCache-CacheStatus
X-Rebelmouse-Cache-Control
IsBot
X-DefElseHash
X-Hash
X-Gzip
X-Platform-Server
X-Gamma-Serve
X-Old-Content-Length
X-Cache-Id
X-Block-Status
L
Origin
Web-Mar-Node
X-Aicache-OS
X-ID
X-CLOUD-TRACE-CONTEXT
X-Unique-Id
X-Goog-Meta-Goog-Reserved-File-Mtime
Fastly-Drupal-HTML
X-Loc
X-Epic-Correlation-Id
Rt-Fastcgi-Cache
X-GEO
X-Varnish-Url
X-Slack-Backend
Geo-Info
X-Cache-Var-Map
X-Cache-Var
X-PF-Uncompressing
X-Mvc-Supplant-OutputCached
SR-User-Adfree
NGB
Pics-Label
X-Planisys-CDN-TTL
X-Via-Popv
X-Via-Popn
X-Via-Poph
Instruction
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-APP-VERSION
X-Refresh
Req-Svc-Chain
Cmsid
Cmstype
X-CUA
Url
X-Servername
X-Matched-Rule
X-Served-From
Kp-EeAlive
Svr
Sid
Lfy
X-Cache-Expires
CloudFront-Viewer-Country
A
X-Cache-Backend
X-Vgn-Hpd-Reason
X-TraceId
MIME-Version
Viewtype
VivaBuild
M-TraceId
X-Cdn-Origin
X-Srv
X-Webkit-CSP-Report-Only
X-NCache
X-Sn-Servicetimems
Pramga
X-Kraken-Routeconfig-Destination
X-Kraken-Loop-Name
X-Edge-Location-Klb
X-Server-Lifecycle-Phase
X-Instrumentation
Arc-Country
X-Cache-Date
Tcn
Cache-Key
X-Core-Mission
X-SaId
X-PHP-Backend
X-NGENIX-Cache
X-JoinUs
DataCenter
Server-ID
TDXMobile
Cross-Origin-Opener-Policy
X-Edge-Location
X-Tb-Optimization-Total-Bytes-Saved
SID
X-Request-Start
X-Vc
X-CDN-Forward
X-FireWall-Protection
X-Geo
X-Service
Content-Secure-Policy
Source
X-Servedbyhost
X-DC
X-Error
X-NC
X-Wa
X-Internal-Host
X-Vcl-Version
X-Extlb
X-Varnish-Cacheable
GeoIp-Country-Code
Geoip-Latitude
X-Bc-Bl
NtCoent-Length
X-Response-By
FSS-Cache
X-Air-Source
X-B3-Spanid
X-HS-Status
Xkeyi7
X-Forwarded-Site
X-LI-Proto
X-Esi
X-Proxy-Cachei7
X-VHOST
CACHE
LB
X-PJAX-URL
HitType
N-Cache
Server-Ttl
X-Req
Surrogated-Key
X-Via-NSCOPI
Memcached
X-Li-Proto
X-Proxy-Upstream
Resin-Trace
X-BBXSRF
X-LiteSpeed-Cache-Control
X-HOST
X-RAMCache
Request-ID
X-VC-Cache
X-CCDN-CacheTTL
X-Cache-2
X-Viewer-Country
X-Date
We-Hiring
Mail-Subject
X-CCDN-Origin-Time
X-Newrelic-Synthetics
X-Hcs-Proxy-Type
X-Accel-Expires-Debug
Upgrade-Insecure-Requests
S-Rt
X-RPM
X-Cc-Via
X-APP
X-DB
X-Cache-ASPX
X-VCL-Version
X-Sigma
X-DI
X-RPS
D-Cc-Upstream
X-DW
X-DSS
X-Sigma-Backend
X-Varnish-Authentication
GeoIP-Country-Code
GeoIP-Latitude
X-WA
X-RSL
X-RateLimit-Remaining-Second
X-Cc-Req-Id
Env
X-Contensis-Viewer-Groups
X-TIM-N
X-RateLimit-Limit-Second
X-Svr
X-Rocket-Build-Number
Hostname
X-Cache-Remote
Memory
Cteonnt-Length
X-App
Time
X-UA
X-Cs
X-Men
X-ServedByHost
X-Zone
XServer
ProcessTime
X-MSEdge-Features
X-Action
X-Server-IP
Ohc-File-Size
X-Sucuri-Cache
X-Air-Trace-Id
X-MSEdge-Flight
Cross-Origin-Window-Policy
CF-Cached-On
X-ZONE
X-HostName
X-Erf-Stays-Bingo-Pdp-Web
X-Region-Sid
X-Oss-Cdn-Auth
X-FPC
Server-Id
X-API-Version
X-CF-Powered-By
VNS-Cache
X-Nyt-Route
X-Origin-Time
CPC-Cache
VNS-Age
X-Fpc
CPC-Age
X-Gdpr
X-Cache-Config
X-Swift-Error
X-Provided-By
X-Host-Name
X-Dynatrace-Js-Agent
Mime-Version
X-FORWARDED-FOR
X-SN
X-Mg-Request-UUID
X-Check-Cacheable
X-VC
W
X-NodeID
Cache-Provider
State
My-App
Fastcgi-Cache-TTL
X-Depends-On
X-Cdn-Request-ID
Srv
Ohc-Cache-HIT
X-TIME
X-Webstats-RespID
X-Dw-Trace-Id
CDN
X-CSRF-TOKEN
X-Ftr-Cache-Host
X-Minions-Version
X-UnsetCookies
X-URL
X-SB
Proxy-Connection
X-SD-PageType
X-BACKEND-TTL
Cf-Ipcountry
X-ServerName
X-Xrds-Location
X-Akamai-Pragma-Client-IP
X-Client-Ip
X-BBC-Edge-Cache-Status
X-Fastly-Backend-Reqs
X-Parent-Response-Time
Cdn
X-Hello
X-Flog
X-ABtesting
X-Fastly-Request-Id
X-Cache-Type
Vha6-Origin
OT-Force-Account-Verify
Media-Length
X-NGINX-Cache
X-Pf-Uncompressing
EpKe-Alive
X-Presslabs-Stats
X-Oracle-DMS-ECID
X-Cache-Tag
X-Render-Time
Dnion-Transfer-Encoding
X-Pad
X-Snapshot-Date
PICS-Label
X-Orig-Expires
X-ND-Cache
X-Acquia-Purge-Tags
X-Forwarded-Path
X-Acquia-Site
Epwk-X-Cache
X-Acquia-Application-UUID
X-ElasticPress-Search
X-Via-PopH
X-Via-PopN
X-Air-Pt
X-LiteSpeed-Tag
X-Acquia-Application-Trace
X-Tenant
X-Shop-Environment
X-Via-PopV
X-Varnish-URL
WZWS-RAY
Warning
X-Akamai-ERRuleID
X-Cluster-Node
X-Request-URL
X-Varnish-Beresp-TTL
X-MiniProfiler-Ids
X-Worker
X-Vcache
Processtime
X-Auto-Login
X-ElasticPress-Query
X-Akamai-ERPolicy
X-Traceid
X-BBC-Origin-Response-Status
X-Ms-Meta-Originalurl
X-Ms-Meta-Staticbatchstarttime
Xet-Cookie
X-Lb-Id
CountryCode
X-Ua
X-Mg-Request-Id
X-Tid
X-Redis-Duration-Ms
X-Cache-Status-Check
X-FTR-Cache-Host
X-Apw-Hits
Phost
X-Yottaa-OS
X-Debug-Cache-Fetch
Ohc-Response-Time
X-Apw-Access-Token
X-Ftr-Request-Id
X-Apw-Access-Object
Inserted-Into-Cache-At
X-Debug-Cache-Store
X-B3-Parentspanid
Environment
NnCoection
X-Litespeed-Cache-Control
Content-Script-Type
URI
X-Apw-Access-Action
X-Redis-Count
X-Storefront-Renderer-Verified
Content-Style-Type
X-Amz-Meta-Cb-Modifiedtime