Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
CF-RAY
Cf-Request-Id
CF-Cache-Status
X-XSS-Protection
Accept-Ranges
Link
Pragma
ETag
Expect-CT
X-Powered-By
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
Alt-Svc
X-UA-Compatible
X-Served-By
X-Timer
X-Download-Options
Access-Control-Allow-Headers
X-Request-Id
X-Varnish
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-Runtime
X-AspNet-Version
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Permitted-Cross-Domain-Policies
X-Check
X-Xss-Protection
X-Cache-Status
X-Generator
X-DNS-Prefetch-Control
X-Cacheable
Timing-Allow-Origin
X-Content-Security-Policy
X-Iinfo
X-Ua-Compatible
X-Request-ID
Content-Encoding
X-CDN
Feature-Policy
X-AspNetMvc-Version
Status
X-Envoy-Upstream-Service-Time
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
Upgrade
Access-Control-Max-Age
X-Via
Keep-Alive
X-Ws-Request-Id
X-Age
X-Robots-Tag
X-AH-Environment
X-Turbo-Charged-By
Request-Context
EagleId
X-Cache-Group
X-Proxy-Cache
Server-Timing
X-Server
X-Backend
X-Hacker
Host-Header
X-Server-Powered-By
Report-To
X-Amz-Request-Id
X-Nginx-Cache-Status
X-Amz-Id-2
Grace
X-UA-Device
X-Dns-Prefetch-Control
X-Rq
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-LiteSpeed-Cache
X-Page-Speed
Cf-Railgun
X-Pingback
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Device
X-Amz-Version-Id
NEL
X-CST
X-OneAgent-JS-Injection
X-Cache-Spec
X-WebKit-CSP
X-Vhost
Allow
X-Host
X-Backend-Server
X-Server-Id
Xkey
X-ASPNET-VERSION
EagleEye-TraceId
X-Dispatcher
Surrogate-Control
X-Node
Request-Id
X-Response-Time
Content-Location
X-Akam-SW-Version
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Accept-CH
X-Cache-Lookup
P3p
X-Application-Context
X-Country
X-Ac
X-Ruxit-JS-Agent
Accept-Ch-Lifetime
X-Mod-Pagespeed
X-Cloud-Trace-Context
X-Template
X-Readtime
X-Language
Accept-Ch
X-B3-TraceId
MS-Author-Via
Accept-CH-Lifetime
X-Url
Rating
X-HW
X-Cnection
X-MS-InvokeApp
X-Origin-Cache
X-TtlSet
X-PC
X-Vname
Edge-Control
X-Clacks-Overhead
X-GitHub-Request-Id
X-ESI
X-Trace
Display
X-Sol
X-Middleton-Response
X-Middleton-Display
Pagespeed
Response
X-Content-Type
X-D2id
X-ORACLE-DMS-RID
Arr-Disable-Session-Affinity
Verso
X-Oneagent-Js-Injection
X-ORACLE-DMS-ECID
X-Exp-Id
X-Kinja
X-Cdn-Fetch
X-GoogleNews-Bot
X-Use-Magma
X-Kinja-Build
X-Exp-Variant
X-Kinja-Server
X-Kinja-Revision
X-Varnish-TTL
X-Vcap-Request-Id
X-Goog-Hash
X-Country-Code
X-Powered-By-Plesk
X-Rack-Cache
X-Navigation-Version
X-VARITI-CCR
Service-Worker-Allowed
X-Server-Name
X-Amz-Rid
X-Fastly-Request-ID
X-Abt-Application-Version
X-Client-IP
Fastly-Restarts
X-Buckets
X-TTL
X-Cache-TTL
X-Cached
X-MSEdge-Ref
X-Release
X-Element-Page-Cache
X-Dw-Request-Base-Id
X-NF-Request-ID
X-FastCGI-Cache
SPRequestGuid
X-SharePointHealthScore
MRF-Tech
Mrf-Cache-Status
X-B3-TraceId-Primal
SPIisLatency
Public-Key-Pins
SPRequestDuration
Access-Control-Request-Method
RTSS
Pinterest-Generated-By
Pinterest-Version
X-Webkit-CSP
X-Pinterest-Rid
Cache-Tag
X-Edge
Ar-Sid
AR-CACHE
AR-ATIME
AR-Request-ID
AR-PoweredBy
X-Ezoic-Cdn
X-Powered-CMS
X-LLID
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Upstream
Content-MD5
X-Version
X-Ruxit-Js-Agent
X-Jurisdiction
S
X-HP-Webp
X-Origin-Upstream-Status
X-ECACHE
X-Recruiting
X-Mid
X-Ttl
X-MCACHE
X-DynaTrace
Charset
X-Mg-S
X-Kinsta-Cache
Fusion-Source
Fusion-Deployment-Id
Fusion-Content-Source
Fusion-Component-Id
Fusion-Template-Id
Fusion-Content-Id
X-PressLabs-Stats
X-Content-Digest
X-Px
X-Fastcgi-Cache
Cache-Tags
X-T
Fastcgi-Cache
X-Id
X-Accel-Expires
X-Logged-In
X-Forwarded-Proto
Filters
X-Content-Security-Policy-Report-Only
TCN
X-Litespeed-Cache
X-Amz-Server-Side-Encryption
Server-Node
Edge-Cache-Tag
TP-L2-Cache
TP-Cache
Front-End-Https
MicrosoftSharePointTeamServices
Server-Name
X-Forwarded-For
X-Grace
Nginx-Cache
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Request-Received
X-Request-Processing-Time
X-Correlation-Id
X-Hits
X-Amzn-Trace-Id
X-Shield-Request-Id
X-B3-Sampled
X-Debug
X-Microsite
X-Request-Handler-Origin-Region
X-Varnish-Age
X-XRDS-LOCATION
X-Activity-Id
X-AppVersion
X-Az
Alternate-Protocol
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Combine-CSS
X-HS-Cache-Config
X-Amz-Replication-Status
X-F-Cache
X-Yandex-Sdch-Disable
Surrogate-Key
X-Goog-Storage-Class
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-Origin-Server
X-XRDS-Location
X-Ser
X-DIS-Request-ID
X-Frontend
Accept-Charset
X-Rid
X-NWS-LOG-UUID
X-Cache-Age
X-Geo-Country
Host
Nel
X-Git-Hash
X-Hostname
Section-Io-Cache
X-RateLimit-Remaining
X-Respond-Thread
X-Upgrade-Enabled
X-VCache
X-DataDome
Access-Control-Allow-Method
X-Time
X-Mobile-URL
X-Daa-Tunnel
MS-CV
X-LB-Cache
X-Type
Paypal-Debug-Id
ServerID
X-Cache-Key
X-AOL-HN
X-Source
X-Cache-Action
Cleartype
X-Varnish-Backend
X-Content-Options
X-IPLB-Instance
X-TT
X-Seen-By
Healthy
X-Whom
Cache
X-App-Environment
X-Signature
X-Debug-Info
X-B-Cache
X-Request-Guid
X-Route-Name
X-Providence-Cookie
X-Aspnet-Duration-Ms
X-Server-ID
X-Flags
Payment
X-Is-Crawler
X-Page-Id
X-WebKit-CSP-Report-Only
Realpath
X-Load-Cache
X-N
X-Jobs
X-Contextid
X-Pinterest-Direct
Fastcgi-Useragent
X-FB-Debug
X-FTR-Request-ID
X-Mobile
X-Erf-Bev-Bev-Is-Generated
X-Browser-Type
X-Erf-Bev-Bev
Node
X-Webkit-Csp
X-Rule
Refresh
X-Cache-Expired-At
Powered-By-ChinaCache
X-Original-Request-Id
X-Response-Served-From
X-Accel-Buffering
Version
DC
X-RTag
Ms-Operation-Id
Access-Control-Request-Headers
X-Cluster-Name
Viewport
X-Cacheable-TTL
X-Zen-Fury
X-Drupal-Cache-Tags
X-Content-Powered-By
X-Framework
Referer-Policy
X-B
X-ProcessESI
X-RemovedCookies
X-Wix-Request-Id
X-Instance
X-HTML-Minification-Powered-By
X-Cache-Control
X-Proxy
X-Real-IP
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-FireWall-Port
X-Region
Eomportal-Instance
X-UUID
VIX-Pulpo-Node
X-Cache-Time
VIX-Pulpo-Upstream-Status
X-IPS-LoggedIn
X-Page-View
X-Distributor
X-Via-JSL
Countrycode
X-Cached-By
X-Drupal-Cache-Contexts
X-Cache-Operation
X-FW-Hash
X-FW-Dynamic
X-FW-Type
X-Cache-Rule
X-FW-Server
X-FW-Static
X-FW-Serve
X-Tec-Api-Version
X-Tec-Api-Origin
X-Tec-Api-Root
X-Akamai-Edgescape
X-G
X-Tumblr-User
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
Liferay-Portal
X-Yottaa-Optimizations
X-Tumblr-Pixel
X-Yottaa-Metrics
X-Nginx-Cache
X-Cache-Hit
X-App-Server
X-Environment-Context
X-L-Path
Xserver
X-Www-Served-By
X-Debug-IsPreview
X-Pass-Why
SRV
X-Debug-IsConnected
X-Protected-By
DynaTrace
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
Section-Io-Origin-Status
Section-Origin-Responded
Server-Info
Section-Io-Id
Section-Io-Origin-Time-Seconds
CF-IPCountry
X-Device-Type
X-User-Agent
X-Varnish-Grace
From-Origin
Webserver
X-Tumblr-Pixel-2
X-Mode
X-Adobe-Content
X-Adobe-Loc
Retry-After
X-Handled-By
X-Hl-Ver
Cache-Status
X-RN-RSRV
Meta-Geo
Ec-Rule-Version
X-ES-SERVER
X-UPSTREAM-Address
GEO-INFO
Cache-Tv-Group
X-MP-GENERATED-AT
X-Backend-Name
X-Endurance-Cache-Level
X-Uri
X-Varnish-Server
Frame-Options
TWC-Device-Class
TWC-GeoIP-Country
TWC-GeoIP-LatLong
Webcakes-App-Version
X-Access
Webcakes-App-Name
TWC-Privacy
TWC-Locale-Group
X-Section
Country
Apigw-Requestid
X-Varnishpool
Decoy-Debug-Key
Decoy-Debug-Status
Property-Id
Fastly-SSL
Decoy-Debug-TTL
TWC-Connection-Speed
Webcakes-Region
X-PHP-Host
X-PCL
X-Origin-Hint
X-Labrador-Cache-Channel
X-ProxyCache-Key
X-ProxyCache-Status
X-Soup
X-Request-Time
X-Pubstack
X-Human
X-OCL
X-BYPASS-REASON
X-Format
X-Cache-Server
X-Storage
X-FB-TRIP-ID
Azure-InstanceId
Azure-RegionName
Azure-SiteName
X-Server-W
X-Redis-Cache
X-WA-Info
X-VWS-Id
X-Via-Fastly
X-ApacheServer
Azure-SlotName
X-S-Maxage
X-NYM-Debug-Backend
Selected-Fe
X-No-Session
X-LJ-Flow-ID
Mn-Server-Ip
X-Be
X-UA-Device-Type
X-Proxy-Build
X-PERF
X-Timing-Wait
Azure-Version
X-AWS-Id
X-Routing-Service
X-R9-Blue-Green-Version
X-Say-Cacheable
X-Say-TTL
X-SayCDN-TTL
X-Varnish-Ttl
Protected
X-Ratelimit-Limit
X-Origin-Date
X-Proto
X-Proxied
X-LAGOON
X-Sql-Count
Cache-Name
X-Sql-Duration-Ms
X-Web-Node
X-Status
X-Zipkin-Id
X-Xfnlog-Site
X-Info
X-Hyper-Cache
X-Loop
X-Cache-TTL-Remaining
X-GG-Cache-Date
X-Hosted-By
X-Alternate-Cache-Key
X-Locale
X-Site-Version
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-TNCMS
X-Shopify-Stage
X-Storefront-Renderer-Rendered
X-ShardId
X-ShopId
AMP-Access-Control-Allow-Source-Origin
X-AIR-PT
X-FW-Version
X-Is-Bot
X-TA-CDN-Provider
X-Rendered-As
Uber-Trace-Id
X-Dc
X-Proxy-Cache-Status
X-Cluster
X-Cache-Enabled
X-TT-LOGID
X-Node-Name
X-Content-Age
X-Microcachable
S-Cnection
X-Cache-Grace
X-Forwarded-Host
X-Qloud-Router
X-Revision
X-NWS-UUID-VERIFY
X-CCM
X-Backend-Host
X-Platform
X-Azure-Ref
X-CSRF-Token
X-Via-CDN
X-SRV
Cache-Hits
X-App-Version
Akamai-GRN
Amp-Access-Control-Allow-Source-Origin
X-Trace-Id
X-EdgeConnect-Cache-Status
ServedBy
X-Aspnetmvc-Version
X-ATG-Version
X-Correlation-ID
X-Detected-As
X-Cache-Host
X-Cache-PHP
X-Cache-NGX
X-Varnish-Hostname
X-Debug-Cache
X-RCS-CacheZone
X-B3-SpanId
X-Amzn-Remapped-Content-Length
X-Amz-Apigw-Id
X-Amzn-RequestId
X-FTR-Backend
X-FTR-DC
X-FTR-Realm
X-FTR-Cache-Status
X-FTR-Backend-Server
X-Country-Code-Real
HostName
X-FTR-Balancer
X-Amz-Meta-S3cmd-Attrs
SD-X-WS
X-Nc
DB-Nickname
X-TX-ID
X-Oss-Server-Time
X-Ratelimit-Remaining
X-Oss-Request-Id
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-CS
X-Oss-Storage-Class
X-Time-Microsecs
X-Akamai-Transformed
X-BCube-Filmed-By
X-DynaTrace-JS-Agent
X-CACHE-KEY
Backend
X-Adobe-Source
X-ServerID
Who
X-Ms-Version
X-Ms-Request-Id
X-Backend-TTL
X-PAYTM-SRV-ID
X-Rojux
MD5-Digest
X-Air-Hostname
Meta-Geo-Continent
X-Rewrite-Enabled
X-PBS-Appsvrname
X-S
Tracecode
BehaviorPad-Version
DCR-Decision-By
X-A-Ccd
DCR-Processing-Time-Ms
X-Varnish-Cache-Hits
X-NAPM-TraceId
X-Destination
X-Varnish-Beresp-Grace
X-From
Rendered-Blocks
X-Origin-TTL
Machine
X-Vdms-Path
X-External-Request-Id
X-Origin-CC
Expiry
Fastcgi-X-Cache-Version
X-Owner
Mobile-Detection-Method
X-A-Dgt
X-Vtex-Processado-Em
X-Aed
X-D
X-Trv-Group
X-S-Cookie
X-Vtex-Remote-Cache
X-Application
X-Cache-NE
X-SRCache-Key
X-Unique-ID
X-CF-Lambda-Version
X-Vdms-Version
X-VG-WebCache
X-VG-WebServer
Country-Code
X-A-Wwc
X-CF-Lambda-Fn
X-ARC
Odigeo-Trace-Id
X-A-Dcw
X-ScT
X-Processor
X-A-Dam
X-Session-Fingerprint
X-Connection-Hash
X-Location
X-A
X-Generation-Time
X-B-Cookie
T-Server
X-Level-Front-Cache
X-Generated-On
X-Request-UUID
X-RateLimit-Limit
X-FTR-Expires
X-Varnish-Beresp-Ttl
AKAMAI
X-Geo-Header
CacheControlHeader
Cache-Host
X-GeoIP-City
Pagetype
Thinkindot-Control
UCS
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
Ssr
V-Age
Wxu-Next-Commit
X-Cache-Bucket
X-Cache-Info
Wxu-Next-Region
Wxu-Next-Hostname
X-Cms-Context
Server-Host
Gh-Request-Id
Host-ID
X-Fetched-On
Fastly-Backend-Name
Content-Disposition
Magicmarker
X-Device-Os
Release
Path
On-Server
X-Developers
X-Generated-In
X-Tb
X-Swa-Ws
X-Mvc-Supplant-Cachable
X-Micro-Cache
Xc-Version
X-Thinkindot-L3
X-TrackingId
X-Thanos
X-OVcl
X-Tumblr-Pixel-3
X-OVcl-Cache
X-Magnolia-Registration
X-Policy
X-Bip
X-Reqid
X-HS-Content-Campaign-Id
X-Irp-Debug
X-Sucuri-ID
Filterid
X-Varnish-Beresp-Status
User-Cache-Control
X-NewRelic-App-Data
X-Unique-Id
X-Cdn-Forward
X-Var-Ttl
X-Wikidot-Backend
NM-Fastcgi-Cache
Vix-Hermes-Req-Id
X-Developer
X-HN
L
True-Client-Country-4JS
X-WADP-Cache
L5d-Success-Class
X-Dispatcher-Server
X-B3-Traceid
Locid
Location
X-User
X-Skip-Cache
X-Core-Value
X-Csrf-Jwt
Web-Mar-Node
X-Clara-WADP
Sever-Int
Server-Ext
X-SVT-ORM-RULES
Server-Hostname
X-Scheme
X-Request-URI
X-Wikidot-Static-Cache
PB-PID
X-SVT-ORM-VERSION
Origin
PB-RID
PFcat
X-Request-Host
X-VG-TLSProxy
X-VarnishDD-TTL
X-Varnish-Hits
X-Origin-Response-Time
C-Via
Arc-Version
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
X-Azure-Ref-OriginShield
X-Method
CDN-EdgeStorageId
CDN-CachedAt
CDN-Cache
CDCHOST
Apple-News-Services-Host
Apple-News-Services-Handled
X-Has-Esi
X-IP
X-Hnp-Log
X-Block-Status
X-Gzip
X-Branch-Name
X-Backend-State
X-JWT-State
X-Is-Gdpr
X-GeoIP
CDN-PullZone
CDN-RequestCountryCode
X-Cache-Id
X-Origin
X-Old-Content-Length
Esi-Enabled
X-FC-Vary-Parameters
X-Fastly-Cache
X-Eu-Site
HA-Ipaddr
Ha-Gx-Prefs
X-CGP
X-Fmm-Version
DSUID
Cf-Device-Type
Cf-Bgj
CDN-Uid
CDN-RequestId
X-Generated-By
X-Gen-Mode
X-Cache-Debug
X-Nginx-Cache-Key
X-Esi-Check
X-APP-VERSION
X-GEO
X-NU-AKA-ACS-Version
X-Node-Id
X-Origin-Expires
X-Fastly-Backend
X-DPWN-IS-SECURE
X-Envoy-Decorator-Operation
X-Gamma-Serve
X-LI-UUID
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Hash
X-LB-ID
X-Li-Fabric
X-Li-Pop
X-Cache-Tags
X-Platform-Server
X-DefElseHash
X-DefHash
X-SIPLIST1
X-Clientip
X-Slack-Backend
X-Varnish-Remaining-TTL
X-Rebelmouse-Surrogate-Control
X-Variation
X-Ratelimit-Reset
X-Varnish-CookieHashed-On
X-Varnish-CookieINHashed-On
X-Rebelmouse-Cache-Control
X-VServer
X-Cache-Var-Map
IsBot
NGX
Platform
Is-Eu
Fastly-SWR
X-Cache-Var
Adler-Geo
Fastly-Drupal-HTML
X-Aicache-OS
Fastly-SIE
X-ID
X-EC-Lua
Rt-Fastcgi-Cache
X-Mvc-Supplant-OutputCached
X-GoCache-CacheStatus
X-Epic-Correlation-Id
SR-User-Adfree
Instruction
Geo-Info
X-Varnish-Url
X-Loc
X-Via-Popv
X-Via-Popn
X-CUA
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-Via-Poph
X-PF-Uncompressing
Lfy
X-Matched-Rule
Url
Pics-Label
Sid
X-Refresh
NGB
X-Cache-Backend
Req-Svc-Chain
Cmsid
Cmstype
CloudFront-Viewer-Country
X-Cache-Expires
X-Servername
Svr
Pramga
X-Sn-Servicetimems
Kp-EeAlive
X-NCache
X-Cdn-Origin
X-Served-From
X-Tb-Optimization-Total-Bytes-Saved
X-Srv
VivaBuild
X-Cache-Date
A
X-TraceId
X-Core-Mission
Viewtype
X-Vgn-Hpd-Reason
M-TraceId
Cache-Key
MIME-Version
X-Request-Start
Cross-Origin-Opener-Policy
X-Ua-Device
Source
Arc-Country
X-NGENIX-Cache
X-PHP-Backend
X-FireWall-Protection
X-JoinUs
Server-ID
X-CLOUD-TRACE-CONTEXT
TDXMobile
DataCenter
X-Error
X-SaId
X-Edge-Location
X-Webkit-CSP-Report-Only
X-Instrumentation
X-Kraken-Loop-Name
X-Kraken-Routeconfig-Destination
X-Server-Lifecycle-Phase
Geoip-Latitude
X-Vcl-Version
X-DC
X-Varnish-Cacheable
X-Vc
X-Edge-Location-Klb
GeoIp-Country-Code
SID
X-NC
X-Servedbyhost
Content-Secure-Policy
Tcn
X-Response-By
X-Geo
X-HS-Status
X-Service
X-Air-Source
NtCoent-Length
X-Extlb
X-Internal-Host
X-Wa
Xkeyi7
X-Proxy-Cachei7
X-B3-Spanid
X-CDN-Forward
Resin-Trace
X-Esi
Server-Ttl
N-Cache
HitType
X-Bc-Bl
X-BBXSRF
X-LiteSpeed-Cache-Control
X-Li-Proto
FSS-Cache
X-Forwarded-Site
CACHE
X-Viewer-Country
X-LI-Proto
X-Cache-2
X-Via-NSCOPI
S-Rt
X-HOST
X-Cache-Remote
X-Cache-ASPX
X-CCDN-CacheTTL
D-Cc-Upstream
X-Hcs-Proxy-Type
X-Varnish-Authentication
X-CCDN-Origin-Time
X-Svr
Surrogated-Key
LB
X-Date
X-Proxy-Upstream
Request-ID
X-PJAX-URL
Mail-Subject
Memcached
X-Cc-Req-Id
X-Req
X-Accel-Expires-Debug
X-RAMCache
X-Contensis-Viewer-Groups
X-Cc-Via
We-Hiring
X-Erf-Stays-Bingo-Pdp-Web
X-Cs
X-UA
Cteonnt-Length
X-ServedByHost
X-RPM
X-WA
X-DW
X-RateLimit-Remaining-Second
X-DB
X-RateLimit-Limit-Second
X-DSS
X-DI
X-RPS
X-RSL
Upgrade-Insecure-Requests
X-Newrelic-Synthetics
Env
X-TIM-N
X-VC-Cache
X-VCL-Version
Ohc-File-Size
Hostname
Cross-Origin-Window-Policy
X-Sucuri-Cache
X-APP
X-Sigma
GeoIP-Latitude
X-Rocket-Build-Number
GeoIP-Country-Code
X-App
X-Men
X-Server-IP
X-Sigma-Backend
X-Host-Name
XServer
X-ZONE
CF-Cached-On
X-Origin-Time
X-Air-Trace-Id
Server-Id
Time
X-MSEdge-Features
Memory
X-Gdpr
X-API-Version
X-CF-Powered-By
ProcessTime
X-FPC
X-Cache-Config
X-Nyt-Route
X-Action
X-MSEdge-Flight
X-HostName
X-TIME
X-Zone
X-Oss-Cdn-Auth
X-VC
CPC-Cache
CPC-Age
Cache-Provider
X-Region-Sid
X-SN
X-Check-Cacheable
X-Fpc
VNS-Cache
X-NodeID
VNS-Age
Mime-Version
X-Dynatrace-Js-Agent
Ohc-Cache-HIT
X-Provided-By
X-Swift-Error
W
X-Webstats-RespID
X-SB
X-Depends-On
X-SD-PageType
X-FORWARDED-FOR
Srv
X-ServerName
X-Cdn-Request-ID
CDN
X-UnsetCookies
Cdn
X-BACKEND-TTL
Fastcgi-Cache-TTL
My-App
X-BBC-Edge-Cache-Status
State
X-Ftr-Cache-Host
X-CSRF-TOKEN
X-Client-Ip
X-Akamai-Pragma-Client-IP
X-ABtesting
X-Flog
X-Fastly-Backend-Reqs
X-Dw-Trace-Id
X-Minions-Version
X-Parent-Response-Time
EpKe-Alive
X-Hello
X-Mg-Request-UUID
X-Render-Time
Dnion-Transfer-Encoding
X-Fastly-Request-Id
PICS-Label
X-Pad
Media-Length
X-Presslabs-Stats
X-Acquia-Site
X-Acquia-Application-Trace
X-Acquia-Application-UUID
X-Acquia-Purge-Tags
Vha6-Origin
Cf-Ipcountry
X-Oracle-DMS-ECID
Proxy-Connection
X-Cache-Tag
X-NGINX-Cache
X-Pf-Uncompressing
Processtime
X-Worker
X-Cache-Type
X-Auto-Login
X-Snapshot-Date
Epwk-X-Cache
X-ElasticPress-Search
X-Via-PopH
X-Via-PopV
X-LiteSpeed-Tag
OT-Force-Account-Verify
X-BBC-Origin-Response-Status
X-Via-PopN
X-FTR-Cache-Host
X-Shop-Environment
X-Tenant
X-Ms-Meta-Staticbatchstarttime
X-Akamai-ERRuleID
X-Orig-Expires
Warning
X-Forwarded-Path
X-ND-Cache
X-Akamai-ERPolicy
X-Varnish-URL
X-Vcache
X-MiniProfiler-Ids
X-Varnish-Beresp-TTL
X-Request-URL
X-Lb-Id
X-Ms-Meta-Originalurl
X-Cluster-Node
X-Traceid
X-ElasticPress-Query
Xet-Cookie
X-Air-Pt
CountryCode
X-Ua
X-Apw-Hits
WZWS-RAY
X-Apw-Access-Token
X-Apw-Access-Object
X-Yottaa-OS
X-Cache-Status-Check
Ohc-Response-Time
Phost
X-B3-Parentspanid
NnCoection
X-Mg-Request-Id
X-Ftr-Request-Id
X-Apw-Access-Action
Content-Script-Type
X-IN-APIGATEWAYSSL
X-IN-APIGATEWAY
Inserted-Into-Cache-At
X-Storefront-Renderer-Verified
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-Tid
X-Amz-Meta-Cb-Modifiedtime
Content-Style-Type
X-Redis-Duration-Ms
X-Litespeed-Cache-Control
X-Redis-Count
Datacenter
Environment
URI