Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-RAY
CF-Cache-Status
X-XSS-Protection
Accept-Ranges
Link
Pragma
ETag
Expect-CT
X-Powered-By
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
Alt-Svc
X-UA-Compatible
X-Served-By
X-Timer
X-Download-Options
Access-Control-Allow-Headers
X-Request-Id
X-Varnish
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-Runtime
X-AspNet-Version
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Permitted-Cross-Domain-Policies
X-Check
X-Xss-Protection
X-Cache-Status
X-Generator
X-DNS-Prefetch-Control
X-Cacheable
X-Ua-Compatible
Timing-Allow-Origin
X-Content-Security-Policy
X-FRAME-OPTIONS
X-Iinfo
X-Request-ID
Content-Encoding
X-CDN
Feature-Policy
X-AspNetMvc-Version
Status
X-Envoy-Upstream-Service-Time
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
Upgrade
Access-Control-Max-Age
X-Via
Keep-Alive
X-Ws-Request-Id
X-Age
X-AH-Environment
X-Robots-Tag
X-Turbo-Charged-By
Request-Context
EagleId
X-Cache-Group
X-Proxy-Cache
Server-Timing
X-Server
X-Backend
X-Hacker
Host-Header
X-Server-Powered-By
Report-To
X-Amz-Request-Id
X-Nginx-Cache-Status
Grace
X-Amz-Id-2
X-UA-Device
X-Dns-Prefetch-Control
X-Rq
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-LiteSpeed-Cache
X-Page-Speed
Cf-Railgun
X-Pingback
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Device
X-CST
X-OneAgent-JS-Injection
X-Amz-Version-Id
NEL
X-Cache-Spec
Allow
X-Vhost
X-Host
X-WebKit-CSP
X-Backend-Server
X-Server-Id
X-ASPNET-VERSION
X-Dispatcher
EagleEye-TraceId
Xkey
Surrogate-Control
X-Node
Request-Id
X-Response-Time
Content-Location
X-Akam-SW-Version
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Accept-CH
X-Cache-Lookup
P3p
X-Application-Context
X-Country
Accept-Ch-Lifetime
X-Ac
X-Mod-Pagespeed
X-Ruxit-JS-Agent
X-Cloud-Trace-Context
X-Template
X-Readtime
X-Language
X-B3-TraceId
Accept-Ch
MS-Author-Via
X-HW
Rating
X-Url
Accept-CH-Lifetime
X-Cnection
X-MS-InvokeApp
X-Origin-Cache
X-TtlSet
X-Vname
X-PC
Edge-Control
X-Clacks-Overhead
X-ESI
X-GitHub-Request-Id
X-Trace
Pagespeed
Display
Response
X-Content-Type
X-D2id
X-Sol
X-Middleton-Response
X-Middleton-Display
Verso
Arr-Disable-Session-Affinity
X-ORACLE-DMS-RID
X-Varnish-TTL
X-Oneagent-Js-Injection
X-Exp-Variant
X-GoogleNews-Bot
X-Cdn-Fetch
X-Kinja
X-Exp-Id
X-Kinja-Build
X-Kinja-Server
X-Use-Magma
X-Kinja-Revision
X-ORACLE-DMS-ECID
X-Vcap-Request-Id
X-Goog-Hash
X-Powered-By-Plesk
X-Country-Code
X-Rack-Cache
X-Navigation-Version
X-VARITI-CCR
X-Server-Name
Service-Worker-Allowed
X-Webkit-CSP
X-Amz-Rid
X-Fastly-Request-ID
X-Abt-Application-Version
Fastly-Restarts
X-Cached
X-Client-IP
X-TTL
X-Buckets
X-Cache-TTL
X-MSEdge-Ref
X-Release
X-Element-Page-Cache
X-Dw-Request-Base-Id
X-NF-Request-ID
X-FastCGI-Cache
X-SharePointHealthScore
SPRequestGuid
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
Public-Key-Pins
Access-Control-Request-Method
SPRequestDuration
SPIisLatency
Cache-Tag
RTSS
X-Pinterest-Rid
Pinterest-Version
Pinterest-Generated-By
X-Edge
X-Ruxit-Js-Agent
AR-PoweredBy
AR-ATIME
X-Ezoic-Cdn
Ar-Sid
AR-CACHE
AR-Request-ID
X-Powered-CMS
X-LLID
X-Upstream
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Version
S
Content-MD5
X-Jurisdiction
X-HP-Webp
X-Recruiting
X-Ttl
X-ECACHE
X-Mid
X-MCACHE
Charset
X-Origin-Upstream-Status
X-DynaTrace
X-Kinsta-Cache
X-PressLabs-Stats
X-Mg-S
X-Fastcgi-Cache
X-T
Fusion-Template-Id
Fusion-Content-Id
Fusion-Content-Source
Fusion-Deployment-Id
Fusion-Component-Id
Fusion-Source
Cache-Tags
X-Content-Digest
X-Px
Fastcgi-Cache
X-Accel-Expires
X-Id
X-Forwarded-Proto
X-Logged-In
X-Content-Security-Policy-Report-Only
Filters
X-Litespeed-Cache
Server-Node
Edge-Cache-Tag
TCN
TP-Cache
TP-L2-Cache
X-Amz-Server-Side-Encryption
Server-Name
MicrosoftSharePointTeamServices
Front-End-Https
X-Forwarded-For
X-Grace
X-Request-Processing-Time
X-Request-Received
Nginx-Cache
X-Hits
X-Correlation-Id
X-Amzn-Trace-Id
X-Shield-Request-Id
X-Kong-Upstream-Latency
X-B3-Sampled
X-Kong-Proxy-Latency
X-Microsite
X-Request-Handler-Origin-Region
X-Debug
Alternate-Protocol
X-Activity-Id
X-Az
X-AppVersion
X-Varnish-Age
X-HS-Cache-Config
X-HS-Combine-CSS
X-HS-Content-Id
X-Server-ID
X-HS-Hub-Id
X-F-Cache
X-Amz-Replication-Status
X-Origin-Server
X-Yandex-Sdch-Disable
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-GUploader-UploadID
X-XRDS-Location
Surrogate-Key
X-XRDS-LOCATION
X-Frontend
X-NWS-LOG-UUID
X-Rid
Host
Accept-Charset
X-Ser
X-DIS-Request-ID
X-Cache-Age
X-Geo-Country
Nel
Section-Io-Cache
X-Hostname
X-Git-Hash
X-RateLimit-Remaining
X-Time
X-Respond-Thread
Access-Control-Allow-Method
X-VCache
X-Upgrade-Enabled
X-Mobile-URL
X-Daa-Tunnel
MS-CV
X-DataDome
Paypal-Debug-Id
ServerID
Realpath
X-Type
X-LB-Cache
Cleartype
X-Source
X-Varnish-Backend
X-AOL-HN
X-TT
X-Content-Options
X-Cache-Action
Healthy
X-IPLB-Instance
Payment
X-Whom
X-Is-Crawler
X-Providence-Cookie
X-Request-Guid
X-Signature
X-B-Cache
X-Flags
X-Seen-By
X-Route-Name
X-Aspnet-Duration-Ms
X-Debug-Info
X-App-Environment
X-Page-Id
X-Contextid
X-Load-Cache
Cache
X-Cache-Key
X-Jobs
X-N
X-WebKit-CSP-Report-Only
X-FB-Debug
Fastcgi-Useragent
X-FTR-Request-ID
X-Erf-Bev-Bev
X-Browser-Type
Node
X-Erf-Bev-Bev-Is-Generated
X-Mobile
X-Webkit-Csp
X-Rule
X-Pinterest-Direct
X-Cache-Expired-At
Refresh
X-Response-Served-From
X-Original-Request-Id
X-Accel-Buffering
X-RTag
DC
Viewport
Ms-Operation-Id
Version
X-Content-Powered-By
X-Cacheable-TTL
Access-Control-Request-Headers
X-Cluster-Name
X-Zen-Fury
X-Instance
X-HTML-Minification-Powered-By
X-Framework
X-ProcessESI
X-RemovedCookies
X-Real-IP
X-B
X-Tec-Api-Origin
X-FireWall-Port
X-Tec-Api-Root
X-Tec-Api-Version
X-Cache-Time
X-Cache-Control
X-UUID
X-IPS-LoggedIn
X-Region
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
Powered-By-ChinaCache
Referer-Policy
X-Drupal-Cache-Tags
X-Proxy
Eomportal-Instance
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Distributor
X-Page-View
Countrycode
X-Wix-Request-Id
X-Drupal-Cache-Contexts
X-Cached-By
X-Via-JSL
X-FW-Static
X-FW-Type
X-FW-Server
X-FW-Serve
X-FW-Dynamic
X-Cache-Operation
X-FW-Hash
X-G
X-Cache-Rule
X-App-Server
X-Tumblr-User
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Nginx-Cache
X-Tumblr-Pixel-1
Liferay-Portal
X-Www-Served-By
X-Debug-IsConnected
X-Debug-IsPreview
Xserver
X-Akamai-Edgescape
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Environment-Context
X-L-Path
X-Cache-Hit
X-Pass-Why
X-Protected-By
SRV
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
Section-Io-Id
Section-Io-Origin-Status
DynaTrace
Server-Info
X-Device-Type
X-Varnish-Grace
X-User-Agent
CF-IPCountry
X-Tumblr-Pixel-2
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Mode
X-Adobe-Content
Webserver
From-Origin
X-Adobe-Loc
X-Varnish-Server
Retry-After
Meta-Geo
X-Endurance-Cache-Level
X-Handled-By
X-Hl-Ver
GEO-INFO
Frame-Options
X-ES-SERVER
X-UPSTREAM-Address
AMP-Access-Control-Allow-Source-Origin
Cache-Status
X-RN-RSRV
X-Backend-Name
Cache-Tv-Group
Ec-Rule-Version
X-BYPASS-REASON
X-Format
X-MP-GENERATED-AT
X-Origin-Hint
X-PCL
X-Cache-Server
X-Section
TWC-Device-Class
TWC-GeoIP-Country
Apigw-Requestid
Country
TWC-Connection-Speed
X-Pubstack
Fastly-SSL
X-ProxyCache-Status
TWC-GeoIP-LatLong
TWC-Locale-Group
Webcakes-App-Version
Webcakes-Region
X-Access
Webcakes-App-Name
Property-Id
X-Request-Time
TWC-Privacy
X-ProxyCache-Key
X-Soup
X-OCL
X-Varnishpool
X-Uri
X-Storage
X-Server-W
X-PHP-Host
X-PERF
X-FB-TRIP-ID
X-ApacheServer
X-S-Maxage
X-Proxy-Build
Mn-Server-Ip
X-Human
X-WA-Info
X-AWS-Id
Selected-Fe
Decoy-Debug-TTL
X-Timing-Wait
X-No-Session
X-Via-Fastly
X-UA-Device-Type
X-LJ-Flow-ID
X-R9-Blue-Green-Version
Decoy-Debug-Status
X-Labrador-Cache-Channel
Decoy-Debug-Key
X-VWS-Id
Protected
X-Proto
X-Xfnlog-Site
Azure-InstanceId
Azure-Version
X-NYM-Debug-Backend
Azure-SlotName
Azure-SiteName
Azure-RegionName
X-Zipkin-Id
X-Routing-Service
X-Proxied
X-Varnish-Ttl
X-LAGOON
X-Be
X-Info
X-Cache-TTL-Remaining
X-Sorting-Hat-PodId
X-Sql-Count
X-Storefront-Renderer-Rendered
Cache-Name
X-Sql-Duration-Ms
X-Status
X-Sorting-Hat-ShopId
X-ShopId
X-Shopify-Stage
X-Alternate-Cache-Key
X-ShardId
X-Origin-Date
X-Say-Cacheable
X-Say-TTL
X-SayCDN-TTL
X-Loop
X-GG-Cache-Date
X-Locale
X-Web-Node
X-Proxy-Cache-Status
X-Redis-Cache
Uber-Trace-Id
X-TNCMS
X-Hyper-Cache
X-Hosted-By
X-Site-Version
X-Ratelimit-Limit
X-Dc
X-Rendered-As
X-Is-Bot
X-Cache-Enabled
X-Content-Age
X-App-Version
X-Microcachable
X-Cluster
X-TA-CDN-Provider
S-Cnection
X-FW-Version
X-AIR-PT
X-NWS-UUID-VERIFY
X-TT-LOGID
X-Backend-Host
X-Qloud-Router
X-Node-Name
X-Forwarded-Host
X-Cache-Grace
X-Platform
X-Azure-Ref
X-CSRF-Token
X-Revision
X-Via-CDN
X-CCM
Cache-Hits
X-Trace-Id
Akamai-GRN
ServedBy
X-Varnish-Hostname
X-Cache-NGX
X-ATG-Version
X-EdgeConnect-Cache-Status
X-Aspnetmvc-Version
X-SRV
X-Cache-PHP
X-RCS-CacheZone
X-Debug-Cache
X-Detected-As
X-Correlation-ID
X-Cache-Host
X-CACHE-KEY
X-Amzn-Remapped-Content-Length
X-B3-SpanId
X-Amz-Apigw-Id
X-CS
X-Amzn-RequestId
DB-Nickname
HostName
X-Nc
Amp-Access-Control-Allow-Source-Origin
X-Akamai-Transformed
X-TX-ID
X-FTR-DC
X-FTR-Realm
X-RateLimit-Limit
X-FTR-Backend
X-FTR-Cache-Status
X-FTR-Balancer
X-FTR-Backend-Server
X-Unique-ID
X-Ratelimit-Remaining
X-Country-Code-Real
SD-X-WS
X-BCube-Filmed-By
Who
X-Time-Microsecs
X-Adobe-Source
Country-Code
X-Ms-Version
X-Ms-Request-Id
X-Varnish-Beresp-Grace
X-A
X-A-Dcw
X-A-Dam
X-A-Wwc
X-A-Ccd
X-Aed
X-A-Dgt
MD5-Digest
DCR-Processing-Time-Ms
Expiry
DCR-Decision-By
BehaviorPad-Version
X-Varnish-Cache-Hits
Fastcgi-X-Cache-Version
Machine
Odigeo-Trace-Id
Rendered-Blocks
Mobile-Detection-Method
Meta-Geo-Continent
X-Application
T-Server
X-D
X-S
X-S-Cookie
X-ScT
X-Rojux
X-Rewrite-Enabled
X-Processor
X-Request-UUID
X-Session-Fingerprint
X-SRCache-Key
X-VG-WebServer
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
X-VG-WebCache
X-Vdms-Version
X-Trv-Group
X-Vdms-Path
X-PBS-Appsvrname
X-PAYTM-SRV-ID
X-Connection-Hash
X-Oss-Storage-Class
X-Destination
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-B-Cookie
X-Cache-NE
X-External-Request-Id
X-From
X-Origin-CC
X-Origin-TTL
X-Owner
X-NAPM-TraceId
X-Location
X-Generated-On
X-Level-Front-Cache
X-ARC
X-Generation-Time
X-Oss-Server-Time
X-Oss-Request-Id
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-ServerID
X-Amz-Meta-S3cmd-Attrs
X-Backend-TTL
Filterid
Backend
X-Varnish-Beresp-Ttl
Content-Disposition
UCS
V-Age
Magicmarker
X-Device-Os
X-Fetched-On
X-Generated-In
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
Thinkindot-Control
X-Geo-Header
X-Developers
X-Varnish-Beresp-Status
X-Cache-Bucket
Wxu-Next-Region
Cache-Host
CacheControlHeader
X-Bip
Wxu-Next-Hostname
AKAMAI
Wxu-Next-Commit
X-Tumblr-Pixel-3
X-Core-Value
X-Cms-Context
Ssr
X-GeoIP-City
Path
X-Reqid
Release
X-Policy
Pagetype
On-Server
X-TrackingId
X-Thinkindot-L3
X-Thanos
X-Swa-Ws
X-OVcl-Cache
Host-ID
Server-Host
Fastly-Backend-Name
X-OVcl
Gh-Request-Id
X-EC-Lua
X-Magnolia-Registration
X-VG-TLSProxy
X-Air-Hostname
X-Backend-State
Server-Hostname
NGX
Xc-Version
Sever-Int
PFcat
True-Client-Country-4JS
Origin
Vix-Hermes-Req-Id
NM-Fastcgi-Cache
Server-Ext
X-Csrf-Jwt
X-Origin
X-VarnishDD-TTL
X-Nginx-Cache-Key
X-Mvc-Supplant-Cachable
X-Method
X-Micro-Cache
X-Ratelimit-Reset
X-Varnish-Hits
X-SVT-ORM-VERSION
X-User
X-SVT-ORM-RULES
X-Skip-Cache
X-Var-Ttl
X-Scheme
X-Sucuri-ID
X-Irp-Debug
X-Developer
X-Dispatcher-Server
X-CGP
Tracecode
X-Cache-Debug
X-Cache-Info
X-Envoy-Decorator-Operation
X-Eu-Site
X-HS-Content-Campaign-Id
X-IP
X-HN
X-GeoIP
X-Fastly-Cache
X-DynaTrace-JS-Agent
X-Branch-Name
X-Request-URI
CDN-PullZone
CDN-RequestCountryCode
Ha-Gx-Prefs
Cf-Bgj
Apple-News-Services-Handled
Esi-Enabled
CDN-RequestId
CDN-Uid
X-B3-Traceid
DSUID
CDCHOST
Apple-News-Services-Host
HA-Ipaddr
Location
C-Via
L
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
CDN-EdgeStorageId
CDN-Cache
CDN-CachedAt
L5d-Success-Class
X-NewRelic-App-Data
X-FTR-Expires
User-Cache-Control
X-Gzip
X-Block-Status
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Esi-Check
X-Clara-WADP
X-Fmm-Version
X-Gamma-Serve
X-Generated-By
X-Gen-Mode
X-Cache-Id
X-Old-Content-Length
X-Has-Esi
X-GoCache-CacheStatus
X-FC-Vary-Parameters
X-Epic-Correlation-Id
X-Is-Gdpr
X-JWT-State
X-VServer
X-LI-UUID
X-Li-Pop
X-Li-Fabric
X-Azure-Ref-OriginShield
PB-RID
X-Request-Host
X-Origin-Response-Time
X-LB-ID
X-Hnp-Log
X-Cdn-Forward
X-WADP-Cache
PB-PID
Cf-Device-Type
Arc-Version
X-Wikidot-Backend
X-Hash
X-Wikidot-Static-Cache
Locid
X-Aicache-OS
Fastly-Drupal-HTML
Web-Mar-Node
X-ID
X-Tb
X-Unique-Id
X-Varnish-CookieHashed-On
X-Rebelmouse-Cache-Control
X-Origin-Expires
X-Varnish-CookieINHashed-On
X-Node-Id
X-Variation
X-Varnish-Url
X-Clientip
X-SIPLIST1
X-GEO
X-Slack-Backend
X-NU-AKA-ACS-Version
Adler-Geo
X-Varnish-Remaining-TTL
X-DefElseHash
IsBot
X-DefHash
X-Platform-Server
X-DPWN-IS-SECURE
Is-Eu
X-Cache-Tags
Fastly-SIE
Fastly-SWR
X-Fastly-Backend
X-Rebelmouse-Surrogate-Control
Platform
Geo-Info
X-Cache-Var
X-Cache-Var-Map
X-Mvc-Supplant-OutputCached
X-Planisys-CDN-TTL
X-Via-Popv
Instruction
X-Planisys-CDN-Cache
Pics-Label
Rt-Fastcgi-Cache
X-Via-Popn
X-Via-Poph
SR-User-Adfree
NGB
X-Planisys-CDN-Rules
X-Loc
X-PF-Uncompressing
X-APP-VERSION
X-CUA
X-Refresh
Cmstype
Cmsid
Url
Req-Svc-Chain
X-Matched-Rule
X-Srv
Svr
Lfy
Kp-EeAlive
X-Served-From
X-Servername
X-Cache-Expires
X-Cache-Backend
CloudFront-Viewer-Country
A
X-Vgn-Hpd-Reason
Sid
X-NCache
X-Sn-Servicetimems
MIME-Version
Pramga
X-Cdn-Origin
Viewtype
M-TraceId
VivaBuild
X-Webkit-CSP-Report-Only
X-Server-Lifecycle-Phase
X-Instrumentation
X-Kraken-Routeconfig-Destination
X-Edge-Location-Klb
X-Kraken-Loop-Name
Arc-Country
X-Cache-Date
X-TraceId
Cross-Origin-Opener-Policy
X-Core-Mission
DataCenter
X-NGENIX-Cache
SID
X-PHP-Backend
X-SaId
X-JoinUs
Cache-Key
TDXMobile
X-Tb-Optimization-Total-Bytes-Saved
X-Edge-Location
Server-ID
X-Vc
X-Request-Start
X-CLOUD-TRACE-CONTEXT
X-CDN-Forward
X-DC
X-FireWall-Protection
Content-Secure-Policy
X-Servedbyhost
Source
X-Geo
X-Service
X-Error
X-NC
Geoip-Latitude
GeoIp-Country-Code
X-Extlb
Tcn
X-Vcl-Version
X-Wa
X-Varnish-Cacheable
X-Bc-Bl
NtCoent-Length
X-HS-Status
X-Air-Source
X-Response-By
X-Internal-Host
FSS-Cache
X-B3-Spanid
Xkeyi7
X-LI-Proto
X-Esi
X-Forwarded-Site
X-Proxy-Cachei7
X-VHOST
CACHE
Resin-Trace
X-Req
Server-Ttl
X-Proxy-Upstream
X-PJAX-URL
X-Li-Proto
LB
Memcached
N-Cache
X-BBXSRF
Surrogated-Key
HitType
X-Via-NSCOPI
X-HOST
X-LiteSpeed-Cache-Control
We-Hiring
X-Hcs-Proxy-Type
X-Accel-Expires-Debug
X-CCDN-Origin-Time
X-RAMCache
X-Date
Request-ID
X-Cache-2
X-Viewer-Country
X-CCDN-CacheTTL
X-Newrelic-Synthetics
Mail-Subject
S-Rt
Upgrade-Insecure-Requests
X-DSS
X-DB
X-DI
X-DW
X-VCL-Version
X-TIM-N
X-APP
X-Cc-Via
X-Cc-Req-Id
X-Rocket-Build-Number
Env
X-VC-Cache
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Contensis-Viewer-Groups
D-Cc-Upstream
X-Sigma
X-Svr
X-RPS
X-RPM
GeoIP-Country-Code
X-Varnish-Authentication
X-RSL
X-Sigma-Backend
X-Cache-ASPX
GeoIP-Latitude
Hostname
X-Cache-Remote
Cteonnt-Length
X-WA
X-Men
X-Zone
Time
X-MSEdge-Features
X-MSEdge-Flight
Memory
X-UA
X-Cs
X-App
XServer
ProcessTime
X-Air-Trace-Id
X-Server-IP
Cross-Origin-Window-Policy
X-Sucuri-Cache
X-ServedByHost
Ohc-File-Size
CF-Cached-On
X-ZONE
X-Action
X-Erf-Stays-Bingo-Pdp-Web
X-HostName
Server-Id
X-Oss-Cdn-Auth
X-Region-Sid
X-FPC
X-Fpc
X-Origin-Time
X-CF-Powered-By
X-Gdpr
X-Nyt-Route
X-Cache-Config
X-API-Version
X-Dynatrace-Js-Agent
X-Provided-By
X-Host-Name
X-Swift-Error
Fastcgi-Cache-TTL
VNS-Cache
X-SN
My-App
X-VC
State
VNS-Age
X-FORWARDED-FOR
CPC-Age
X-Check-Cacheable
X-NodeID
CPC-Cache
W
X-Depends-On
Mime-Version
X-Dw-Trace-Id
Cache-Provider
Srv
Ohc-Cache-HIT
X-Mg-Request-UUID
X-ServerName
X-Cdn-Request-ID
X-SD-PageType
X-Ftr-Cache-Host
X-TIME
X-UnsetCookies
CDN
X-SB
X-URL
X-BACKEND-TTL
Proxy-Connection
X-Webstats-RespID
X-Minions-Version
X-CSRF-TOKEN
X-Xrds-Location
Cf-Ipcountry
X-Client-Ip
X-Akamai-Pragma-Client-IP
X-BBC-Edge-Cache-Status
X-ABtesting
X-Hello
X-Flog
Cdn
X-Fastly-Backend-Reqs
X-Fastly-Request-Id
X-Parent-Response-Time
X-Cache-Type
X-Pf-Uncompressing
X-Presslabs-Stats
X-Oracle-DMS-ECID
X-Cache-Tag
Dnion-Transfer-Encoding
Vha6-Origin
X-NGINX-Cache
X-Snapshot-Date
X-Render-Time
Media-Length
EpKe-Alive
OT-Force-Account-Verify
X-Pad
X-Acquia-Application-Trace
X-Acquia-Application-UUID
PICS-Label
X-Via-PopH
X-Shop-Environment
Epwk-X-Cache
X-ElasticPress-Search
X-Forwarded-Path
X-LiteSpeed-Tag
X-ND-Cache
X-Air-Pt
X-Via-PopN
X-Acquia-Purge-Tags
X-Acquia-Site
X-Tenant
X-Via-PopV
X-Orig-Expires
WZWS-RAY
X-MiniProfiler-Ids
X-Varnish-URL
X-Auto-Login
Warning
X-Request-URL
X-Akamai-ERPolicy
X-Varnish-Beresp-TTL
Xet-Cookie
X-Vcache
X-Ms-Meta-Staticbatchstarttime
X-Lb-Id
X-Cluster-Node
X-BBC-Origin-Response-Status
X-Worker
X-Akamai-ERRuleID
X-ElasticPress-Query
Processtime
X-Traceid
X-Ms-Meta-Originalurl
CountryCode
X-Ua
X-Apw-Access-Object
X-Apw-Access-Token
X-Apw-Hits
X-Cache-Status-Check
X-B3-Parentspanid
X-Yottaa-OS
NnCoection
X-Ftr-Request-Id
X-Apw-Access-Action
X-Mg-Request-Id
X-Litespeed-Cache-Control
Ohc-Response-Time
X-Redis-Duration-Ms
Inserted-Into-Cache-At
X-FTR-Cache-Host
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-Tid
X-Storefront-Renderer-Verified
Content-Style-Type
URI
Content-Script-Type
Environment
Phost
X-Amz-Meta-Cb-Modifiedtime
X-Redis-Count