Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
CF-RAY
Cf-Request-Id
CF-Cache-Status
X-XSS-Protection
Accept-Ranges
Link
Pragma
ETag
Expect-CT
X-Powered-By
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
Alt-Svc
X-UA-Compatible
X-Served-By
X-Timer
X-Request-Id
X-Download-Options
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-Runtime
X-AspNet-Version
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Permitted-Cross-Domain-Policies
X-Check
X-Xss-Protection
X-Cache-Status
X-Generator
X-DNS-Prefetch-Control
X-Cacheable
Timing-Allow-Origin
X-Content-Security-Policy
X-Ua-Compatible
X-Iinfo
Content-Encoding
X-CDN
X-Request-ID
Feature-Policy
X-AspNetMvc-Version
Status
X-Envoy-Upstream-Service-Time
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
Upgrade
Access-Control-Max-Age
X-Via
Keep-Alive
X-Ws-Request-Id
X-Age
X-AH-Environment
X-Robots-Tag
X-Turbo-Charged-By
EagleId
Request-Context
X-Proxy-Cache
X-Cache-Group
Server-Timing
X-Server
X-Backend
X-Hacker
Host-Header
X-Server-Powered-By
Report-To
X-Amz-Request-Id
X-Nginx-Cache-Status
Grace
X-Amz-Id-2
X-UA-Device
X-Dns-Prefetch-Control
X-Rq
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-LiteSpeed-Cache
X-Page-Speed
Cf-Railgun
X-Pingback
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-OneAgent-JS-Injection
X-Device
X-CST
X-Amz-Version-Id
NEL
X-Cache-Spec
X-Vhost
X-WebKit-CSP
Allow
X-Host
X-Backend-Server
X-ASPNET-VERSION
Xkey
X-Server-Id
X-Dispatcher
EagleEye-TraceId
Surrogate-Control
X-Node
Request-Id
X-Response-Time
Content-Location
X-Akam-SW-Version
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Accept-CH
P3p
X-Cache-Lookup
X-Ruxit-JS-Agent
X-Application-Context
X-Country
X-Ac
X-Mod-Pagespeed
X-Cloud-Trace-Context
X-Template
Accept-Ch-Lifetime
X-Readtime
X-Language
Accept-CH-Lifetime
X-B3-TraceId
MS-Author-Via
Accept-Ch
Rating
X-Url
X-HW
X-Cnection
X-MS-InvokeApp
X-Origin-Cache
X-PC
X-Vname
X-TtlSet
Edge-Control
X-Clacks-Overhead
X-GitHub-Request-Id
X-ESI
X-Trace
X-Middleton-Response
X-Sol
X-Middleton-Display
Pagespeed
Display
Response
X-Content-Type
X-D2id
Arr-Disable-Session-Affinity
Verso
X-ORACLE-DMS-RID
X-GoogleNews-Bot
X-Exp-Variant
X-Cdn-Fetch
X-Kinja-Build
X-Exp-Id
X-Kinja
X-Kinja-Server
X-Use-Magma
X-Kinja-Revision
X-Varnish-TTL
X-Goog-Hash
X-ORACLE-DMS-ECID
X-Vcap-Request-Id
X-Country-Code
X-Powered-By-Plesk
X-Rack-Cache
X-Navigation-Version
X-VARITI-CCR
X-Server-Name
X-Oneagent-Js-Injection
Service-Worker-Allowed
X-Amz-Rid
X-Abt-Application-Version
X-Fastly-Request-ID
Fastly-Restarts
X-Client-IP
X-Buckets
X-Cached
X-Cache-TTL
X-TTL
X-MSEdge-Ref
X-Release
X-Element-Page-Cache
X-Dw-Request-Base-Id
X-NF-Request-ID
X-SharePointHealthScore
X-Webkit-CSP
SPRequestGuid
Mrf-Cache-Status
X-B3-TraceId-Primal
MRF-Tech
X-FastCGI-Cache
Public-Key-Pins
SPIisLatency
SPRequestDuration
Access-Control-Request-Method
RTSS
Cache-Tag
Pinterest-Generated-By
X-Pinterest-Rid
Pinterest-Version
X-Edge
AR-Request-ID
Ar-Sid
AR-PoweredBy
AR-ATIME
AR-CACHE
X-Ezoic-Cdn
X-LLID
X-Powered-CMS
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Upstream
X-Version
X-Ttl
Content-MD5
X-HP-Webp
S
X-Jurisdiction
X-Recruiting
X-Mid
X-ECACHE
X-MCACHE
X-Origin-Upstream-Status
Charset
X-DynaTrace
X-Kinsta-Cache
X-Mg-S
X-Fastcgi-Cache
Fusion-Content-Id
Fusion-Component-Id
Fusion-Source
X-Ruxit-Js-Agent
Fusion-Template-Id
Fusion-Deployment-Id
Fusion-Content-Source
X-Content-Digest
X-T
X-Px
X-PressLabs-Stats
Cache-Tags
Fastcgi-Cache
X-Accel-Expires
X-Litespeed-Cache
X-Forwarded-Proto
X-Id
X-Logged-In
X-Content-Security-Policy-Report-Only
Server-Node
Edge-Cache-Tag
TCN
Filters
TP-L2-Cache
TP-Cache
X-Amz-Server-Side-Encryption
MicrosoftSharePointTeamServices
Server-Name
Front-End-Https
X-Forwarded-For
X-Correlation-Id
X-Grace
X-Request-Received
X-Request-Processing-Time
Nginx-Cache
X-Hits
X-XRDS-Location
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Shield-Request-Id
X-Amzn-Trace-Id
X-B3-Sampled
X-Server-ID
X-Request-Handler-Origin-Region
X-Microsite
X-Debug
Alternate-Protocol
X-AppVersion
X-Az
X-Activity-Id
X-Varnish-Age
X-HS-Cache-Config
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Combine-CSS
X-F-Cache
X-Amz-Replication-Status
X-Yandex-Sdch-Disable
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Origin-Server
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-GUploader-UploadID
X-Goog-Generation
Surrogate-Key
X-NWS-LOG-UUID
X-Ser
X-Frontend
Nel
X-Rid
Accept-Charset
X-DIS-Request-ID
X-Cache-Age
X-Geo-Country
Host
X-XRDS-LOCATION
Section-Io-Cache
X-Git-Hash
X-Hostname
X-Time
X-RateLimit-Remaining
X-Respond-Thread
X-Daa-Tunnel
X-VCache
Access-Control-Allow-Method
X-Upgrade-Enabled
X-Mobile-URL
X-DataDome
MS-CV
ServerID
X-Source
X-LB-Cache
X-AOL-HN
Paypal-Debug-Id
X-Seen-By
X-Type
X-Cache-Action
X-Content-Options
X-TT
Cleartype
X-Varnish-Backend
X-Whom
Payment
X-IPLB-Instance
Healthy
X-App-Environment
X-Is-Crawler
X-Flags
X-Providence-Cookie
X-Request-Guid
X-Signature
X-Route-Name
X-Debug-Info
X-B-Cache
X-Aspnet-Duration-Ms
Realpath
X-Cache-Key
X-Page-Id
Cache
X-Load-Cache
X-Contextid
X-Jobs
X-N
Fastcgi-Useragent
X-FB-Debug
X-WebKit-CSP-Report-Only
X-Webkit-Csp
X-FTR-Request-ID
X-Pinterest-Direct
Node
X-Erf-Bev-Bev
X-Browser-Type
X-Erf-Bev-Bev-Is-Generated
X-Mobile
X-Rule
Refresh
X-Cache-Expired-At
X-Response-Served-From
X-Original-Request-Id
X-Accel-Buffering
Ms-Operation-Id
X-RTag
X-Zen-Fury
X-Framework
Referer-Policy
Version
Powered-By-ChinaCache
X-Content-Powered-By
X-Drupal-Cache-Tags
Access-Control-Request-Headers
X-Cluster-Name
X-Cacheable-TTL
Viewport
DC
X-UUID
X-Cache-Control
X-RemovedCookies
X-Instance
X-B
X-HTML-Minification-Powered-By
X-ProcessESI
X-Real-IP
X-Wix-Request-Id
X-IPS-LoggedIn
VIX-Pulpo-Node
X-Region
X-Proxy
X-FireWall-Port
VIX-Pulpo-Upstream-Status
X-Cache-Time
X-Distributor
X-Tt-Trace-Host
X-Tt-Trace-Tag
Eomportal-Instance
X-Page-View
X-Drupal-Cache-Contexts
Countrycode
X-Via-JSL
X-FW-Static
X-FW-Dynamic
X-FW-Hash
X-FW-Server
X-FW-Serve
X-FW-Type
X-Cached-By
X-Cache-Operation
X-Cache-Rule
X-G
Liferay-Portal
X-Tumblr-Pixel-0
X-App-Server
X-Nginx-Cache
X-Yottaa-Optimizations
X-Akamai-Edgescape
X-Yottaa-Metrics
X-Tumblr-Pixel
X-Tumblr-User
X-Tumblr-Pixel-1
X-Debug-IsPreview
X-Debug-IsConnected
X-Tec-Api-Root
X-Tec-Api-Version
X-Cache-Hit
X-Tec-Api-Origin
X-Pass-Why
Xserver
X-Environment-Context
X-L-Path
X-Www-Served-By
SRV
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-Protected-By
Section-Io-Origin-Time-Seconds
Section-Io-Origin-Status
Section-Io-Id
Section-Origin-Responded
DynaTrace
Server-Info
CF-IPCountry
X-Device-Type
X-Varnish-Grace
X-User-Agent
GEO-INFO
From-Origin
X-Tumblr-Pixel-2
Webserver
X-Adobe-Loc
X-Mode
Ec-Rule-Version
X-Adobe-Content
X-UPSTREAM-Address
X-ES-SERVER
X-RN-RSRV
X-Endurance-Cache-Level
X-Handled-By
Meta-Geo
Retry-After
Cache-Status
X-Hl-Ver
Frame-Options
X-Backend-Name
X-Varnish-Server
X-Varnish-Ttl
X-Uri
TWC-Device-Class
X-PCL
X-Storage
X-Origin-Hint
X-Soup
X-OCL
Fastly-SSL
X-Request-Time
X-Varnishpool
X-ProxyCache-Key
X-PHP-Host
X-ProxyCache-Status
Country
X-Pubstack
Cache-Tv-Group
Property-Id
TWC-GeoIP-LatLong
TWC-GeoIP-Country
TWC-Locale-Group
TWC-Privacy
Webcakes-App-Version
Webcakes-App-Name
X-FB-TRIP-ID
X-Human
Webcakes-Region
Apigw-Requestid
X-MP-GENERATED-AT
TWC-Connection-Speed
X-Labrador-Cache-Channel
X-BYPASS-REASON
X-Format
X-Access
Selected-Fe
X-ApacheServer
X-AWS-Id
X-LAGOON
X-Cache-Server
Mn-Server-Ip
Decoy-Debug-TTL
Azure-SiteName
Azure-RegionName
Azure-SlotName
Azure-Version
Decoy-Debug-Status
Decoy-Debug-Key
X-LJ-Flow-ID
X-No-Session
X-Via-Fastly
X-UA-Device-Type
X-VWS-Id
X-WA-Info
X-NYM-Debug-Backend
X-Info
X-Timing-Wait
X-Server-W
X-Proxy-Build
X-PERF
X-R9-Blue-Green-Version
X-Redis-Cache
X-S-Maxage
Azure-InstanceId
X-Section
X-Say-TTL
X-Cache-TTL-Remaining
X-Say-Cacheable
X-SayCDN-TTL
X-Sql-Count
X-Web-Node
X-Sql-Duration-Ms
X-Origin-Date
X-Be
X-Xfnlog-Site
X-Status
X-Routing-Service
X-Zipkin-Id
X-Proxied
Cache-Name
Protected
X-Proto
X-GG-Cache-Date
X-Locale
X-Hosted-By
X-Loop
X-TNCMS
X-Alternate-Cache-Key
X-ShardId
X-ShopId
X-Sorting-Hat-ShopId
X-Storefront-Renderer-Rendered
X-Sorting-Hat-PodId
X-Site-Version
X-Shopify-Stage
X-Ratelimit-Limit
X-Hyper-Cache
X-TA-CDN-Provider
X-Proxy-Cache-Status
Uber-Trace-Id
X-FW-Version
AMP-Access-Control-Allow-Source-Origin
X-Rendered-As
X-Is-Bot
X-Cache-Enabled
X-Cluster
X-TT-LOGID
X-Microcachable
X-NWS-UUID-VERIFY
X-Content-Age
S-Cnection
X-AIR-PT
X-Forwarded-Host
X-Cache-Grace
X-Qloud-Router
X-App-Version
X-Dc
X-Revision
X-Node-Name
X-Backend-Host
X-SRV
X-CCM
X-Azure-Ref
X-Platform
X-Via-CDN
X-CSRF-Token
Cache-Hits
Amp-Access-Control-Allow-Source-Origin
X-Aspnetmvc-Version
X-Trace-Id
Akamai-GRN
ServedBy
X-ATG-Version
X-Detected-As
X-Varnish-Hostname
X-Cache-Host
X-Cache-PHP
X-Cache-NGX
X-EdgeConnect-Cache-Status
X-RCS-CacheZone
X-Debug-Cache
X-Amzn-RequestId
X-Amz-Apigw-Id
X-B3-SpanId
X-Amzn-Remapped-Content-Length
X-Ratelimit-Remaining
X-CS
X-TX-ID
DB-Nickname
HostName
X-FTR-DC
X-Oss-Request-Id
SD-X-WS
X-Oss-Object-Type
X-Oss-Server-Time
X-FTR-Backend-Server
X-Akamai-Transformed
X-FTR-Balancer
X-FTR-Cache-Status
X-FTR-Backend
X-Oss-Hash-Crc64ecma
X-CACHE-KEY
X-FTR-Realm
X-Oss-Storage-Class
X-Country-Code-Real
X-Correlation-ID
X-BCube-Filmed-By
Who
Country-Code
X-Adobe-Source
X-Time-Microsecs
X-RateLimit-Limit
X-Amz-Meta-S3cmd-Attrs
Backend
X-Ms-Request-Id
X-Ms-Version
X-Owner
X-PAYTM-SRV-ID
Rendered-Blocks
T-Server
X-Varnish-Cache-Hits
X-A
X-Origin-CC
X-A-Wwc
X-Trv-Group
X-A-Dgt
X-A-Dcw
X-PBS-Appsvrname
X-A-Ccd
X-A-Dam
X-ScT
X-SRCache-Key
Expiry
X-Rojux
Fastcgi-X-Cache-Version
X-S
DCR-Processing-Time-Ms
DCR-Decision-By
X-Varnish-Beresp-Grace
X-S-Cookie
X-Rewrite-Enabled
Machine
Mobile-Detection-Method
Odigeo-Trace-Id
X-Session-Fingerprint
X-Nc
Meta-Geo-Continent
X-Request-UUID
MD5-Digest
X-Processor
X-Aed
X-Origin-TTL
X-Destination
X-B-Cookie
X-D
BehaviorPad-Version
X-Vtex-Processado-Em
X-VG-WebServer
X-External-Request-Id
X-ARC
X-Vdms-Version
X-From
X-VG-WebCache
X-ServerID
X-Connection-Hash
X-Vtex-Remote-Cache
X-NAPM-TraceId
X-Backend-TTL
X-Vdms-Path
X-CF-Lambda-Fn
X-Location
X-Cache-NE
X-Level-Front-Cache
X-Application
X-CF-Lambda-Version
X-Generated-On
X-Unique-Id
Filterid
X-HS-Content-Campaign-Id
X-Irp-Debug
Host-ID
Magicmarker
X-OVcl
X-Device-Os
X-TrackingId
X-Reqid
Gh-Request-Id
X-Core-Value
X-Micro-Cache
X-Mvc-Supplant-Cachable
CacheControlHeader
Cache-Host
Xc-Version
Wxu-Next-Region
Wxu-Next-Hostname
X-Cache-Bucket
X-Cache-Info
Wxu-Next-Commit
V-Age
X-Generated-In
X-Thinkindot-L3
X-Tumblr-Pixel-3
Thinkindot-Control
Server-Host
X-GeoIP-City
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
X-Thanos
X-OVcl-Cache
Release
Pagetype
On-Server
UCS
Path
X-Fastly-Cache
X-Policy
X-Swa-Ws
X-Fetched-On
X-Generation-Time
X-Bip
X-Air-Hostname
X-Magnolia-Registration
X-Unique-ID
X-B3-Traceid
Tracecode
X-Varnish-Beresp-Ttl
X-DynaTrace-JS-Agent
User-Cache-Control
X-NewRelic-App-Data
X-EC-Lua
X-FTR-Expires
X-GEO
X-Tb
X-Varnish-Beresp-Status
X-Developer
X-Gen-Mode
X-Csrf-Jwt
X-Cms-Context
X-Generated-By
X-Esi-Check
X-Eu-Site
X-Fmm-Version
X-Envoy-Decorator-Operation
X-Dispatcher-Server
X-Developers
X-Cache-Debug
Web-Mar-Node
X-Backend-State
Vix-Hermes-Req-Id
True-Client-Country-4JS
Ssr
X-Block-Status
X-Branch-Name
X-CGP
X-Sucuri-ID
X-Cache-Id
X-Geo-Header
X-Clara-WADP
X-Hnp-Log
X-VarnishDD-TTL
X-VG-TLSProxy
X-Varnish-Hits
X-Var-Ttl
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-WADP-Cache
X-Wikidot-Backend
X-Azure-Ref-OriginShield
X-FC-Vary-Parameters
PB-RID
PB-PID
X-Wikidot-Static-Cache
Arc-Version
X-Skip-Cache
X-Scheme
X-Cdn-Forward
X-Method
X-IP
Sever-Int
X-Gzip
X-HN
X-Nginx-Cache-Key
X-Old-Content-Length
X-Request-Host
X-Request-URI
X-Ratelimit-Reset
X-Origin-Response-Time
X-Origin
X-GeoIP
X-User
CDN-PullZone
CDN-EdgeStorageId
CDN-CachedAt
NM-Fastcgi-Cache
CDN-RequestCountryCode
CDN-Uid
CDN-RequestId
NGX
CDN-Cache
CDCHOST
AKAMAI
Apple-News-Services-Parsed-Url
Apple-News-Services-Handled
Origin
PFcat
C-Via
Apple-News-Services-Request-Url
Apple-News-Services-Host
Cf-Bgj
L
HA-Ipaddr
Content-Disposition
L5d-Success-Class
Location
Locid
Server-Hostname
Server-Ext
Ha-Gx-Prefs
DSUID
Esi-Enabled
Fastly-Backend-Name
X-ID
X-Slack-Backend
X-Goog-Meta-Goog-Reserved-File-Mtime
Fastly-Drupal-HTML
X-Gamma-Serve
X-LB-ID
X-Hash
Cf-Device-Type
X-Origin-Expires
X-Platform-Server
X-NU-AKA-ACS-Version
X-Node-Id
X-Li-Pop
X-LI-UUID
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-Varnish-Remaining-TTL
X-VServer
X-Varnish-CookieINHashed-On
X-Varnish-CookieHashed-On
X-SIPLIST1
X-Variation
X-Li-Fabric
X-JWT-State
X-Cache-Tags
X-Clientip
Platform
Is-Eu
Fastly-SIE
Fastly-SWR
X-DefElseHash
X-DefHash
X-Has-Esi
X-Is-Gdpr
X-GoCache-CacheStatus
X-Fastly-Backend
X-DPWN-IS-SECURE
X-Epic-Correlation-Id
Adler-Geo
IsBot
X-Aicache-OS
X-Cache-Var
X-Cache-Var-Map
SR-User-Adfree
X-Loc
X-Mvc-Supplant-OutputCached
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
Rt-Fastcgi-Cache
X-Planisys-CDN-Cache
Instruction
X-Varnish-Url
X-APP-VERSION
X-Via-Popv
X-Via-Poph
NGB
X-PF-Uncompressing
X-Via-Popn
Pics-Label
X-CUA
Geo-Info
Req-Svc-Chain
Lfy
Url
Cmsid
X-Matched-Rule
Cmstype
X-Refresh
X-Servername
CloudFront-Viewer-Country
X-Cache-Expires
X-Cache-Backend
Svr
Kp-EeAlive
X-Served-From
Sid
Viewtype
VivaBuild
X-Cdn-Origin
A
X-Sn-Servicetimems
Pramga
X-NCache
X-Webkit-CSP-Report-Only
X-Core-Mission
MIME-Version
M-TraceId
X-TraceId
Cache-Key
X-Vgn-Hpd-Reason
X-Tb-Optimization-Total-Bytes-Saved
X-Cache-Date
Arc-Country
Cross-Origin-Opener-Policy
X-DC
X-Srv
X-NC
X-NGENIX-Cache
X-JoinUs
Server-ID
SID
X-SaId
X-Request-Start
X-PHP-Backend
X-CLOUD-TRACE-CONTEXT
TDXMobile
X-Edge-Location
X-Vc
X-Error
X-Edge-Location-Klb
X-FireWall-Protection
X-Kraken-Loop-Name
X-Servedbyhost
X-Server-Lifecycle-Phase
Source
X-Instrumentation
X-Kraken-Routeconfig-Destination
DataCenter
X-Wa
X-Service
X-Varnish-Cacheable
Content-Secure-Policy
Tcn
NtCoent-Length
X-CDN-Forward
GeoIp-Country-Code
Geoip-Latitude
X-Extlb
X-Vcl-Version
X-Internal-Host
X-Response-By
X-HS-Status
X-B3-Spanid
X-Air-Source
X-Geo
X-Proxy-Cachei7
Xkeyi7
X-Bc-Bl
X-Forwarded-Site
FSS-Cache
X-Esi
X-LI-Proto
CACHE
X-BBXSRF
X-Via-NSCOPI
Server-Ttl
N-Cache
Resin-Trace
HitType
X-LiteSpeed-Cache-Control
X-HOST
X-Accel-Expires-Debug
We-Hiring
X-Proxy-Upstream
X-Req
X-RAMCache
X-Date
Mail-Subject
X-Hcs-Proxy-Type
X-CCDN-Origin-Time
X-Li-Proto
LB
Memcached
X-CCDN-CacheTTL
Surrogated-Key
X-VCL-Version
X-Viewer-Country
Request-ID
X-Cache-2
S-Rt
X-RSL
X-RPS
X-Cc-Req-Id
X-TIM-N
GeoIP-Latitude
X-Newrelic-Synthetics
X-RPM
X-Svr
X-Cc-Via
X-Contensis-Viewer-Groups
X-DB
X-DI
X-DW
X-DSS
X-Varnish-Authentication
X-Cache-ASPX
X-RateLimit-Remaining-Second
D-Cc-Upstream
X-VC-Cache
GeoIP-Country-Code
Env
X-PJAX-URL
X-RateLimit-Limit-Second
Upgrade-Insecure-Requests
Hostname
X-Cache-Remote
X-Sigma-Backend
X-Men
X-APP
X-Rocket-Build-Number
X-WA
X-Cs
Cteonnt-Length
X-App
X-Sigma
X-UA
XServer
ProcessTime
X-Air-Trace-Id
Ohc-File-Size
X-ServedByHost
Memory
Time
X-MSEdge-Flight
X-MSEdge-Features
X-Action
X-Server-IP
Cross-Origin-Window-Policy
CF-Cached-On
X-Sucuri-Cache
X-ZONE
X-Erf-Stays-Bingo-Pdp-Web
X-Zone
X-HostName
X-Dynatrace-Js-Agent
X-Nyt-Route
X-FPC
X-Origin-Time
X-Gdpr
CPC-Cache
VNS-Age
VNS-Cache
CPC-Age
X-API-Version
X-Fpc
X-Region-Sid
X-Cache-Config
X-Oss-Cdn-Auth
Server-Id
X-CF-Powered-By
X-Host-Name
X-Swift-Error
X-Provided-By
X-Presslabs-Stats
Cache-Provider
X-Depends-On
X-NodeID
X-SN
W
X-Check-Cacheable
Mime-Version
X-FORWARDED-FOR
X-VC
Ohc-Cache-HIT
Srv
X-Cdn-Request-ID
X-Webstats-RespID
State
X-SB
X-Ftr-Cache-Host
X-CSRF-TOKEN
X-SD-PageType
X-Dw-Trace-Id
X-TIME
X-BACKEND-TTL
X-UnsetCookies
CDN
X-ServerName
X-Akamai-Pragma-Client-IP
X-Client-Ip
X-ABtesting
X-Mg-Request-UUID
Proxy-Connection
X-Parent-Response-Time
X-BBC-Edge-Cache-Status
Fastcgi-Cache-TTL
X-Hello
X-Fastly-Request-Id
X-Fastly-Backend-Reqs
X-Minions-Version
Cdn
My-App
X-Flog
X-NGINX-Cache
Media-Length
X-Cache-Tag
X-Pad
Dnion-Transfer-Encoding
X-Oracle-DMS-ECID
X-Render-Time
X-Snapshot-Date
Vha6-Origin
Cf-Ipcountry
X-Pf-Uncompressing
EpKe-Alive
PICS-Label
X-Cache-Type
X-Acquia-Application-Trace
X-Acquia-Application-UUID
X-Acquia-Purge-Tags
X-Acquia-Site
X-Air-Pt
Epwk-X-Cache
X-Via-PopN
X-Via-PopV
OT-Force-Account-Verify
X-Via-PopH
X-LiteSpeed-Tag
X-ElasticPress-Search
X-Worker
X-Cluster-Node
Xet-Cookie
X-Request-URL
X-Varnish-Beresp-TTL
X-Orig-Expires
X-Shop-Environment
X-Tenant
X-ND-Cache
X-Forwarded-Path
X-Traceid
Warning
X-Lb-Id
X-Varnish-URL
X-Akamai-ERPolicy
X-MiniProfiler-Ids
X-Auto-Login
X-Akamai-ERRuleID
X-Vcache
X-Ms-Meta-Originalurl
X-BBC-Origin-Response-Status
X-ElasticPress-Query
Processtime
X-Ms-Meta-Staticbatchstarttime
CountryCode
Datacenter
X-Ua
X-Apw-Hits
X-Pjax-Url
X-Apw-Access-Token
X-Cache-Status-Check
X-Yottaa-OS
WZWS-RAY
X-Apw-Access-Object
X-Redis-Count
Ohc-Response-Time
X-Mg-Request-Id
X-Ftr-Request-Id
Content-Style-Type
URI
X-Tid
X-Redis-Duration-Ms
NnCoection
X-B3-Parentspanid
Inserted-Into-Cache-At
Environment
X-Amz-Meta-Cb-Modifiedtime
Phost
Content-Script-Type
X-Storefront-Renderer-Verified
X-Litespeed-Cache-Control
X-Debug-Cache-Fetch
X-FTR-Cache-Host
X-Debug-Cache-Store
X-Apw-Access-Action