Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-RAY
CF-Cache-Status
X-XSS-Protection
Accept-Ranges
Link
Pragma
ETag
Expect-CT
X-Powered-By
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
Alt-Svc
X-UA-Compatible
X-Served-By
X-Timer
X-Request-Id
X-Download-Options
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-Runtime
X-AspNet-Version
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Permitted-Cross-Domain-Policies
X-Check
X-Xss-Protection
X-Cache-Status
X-Generator
X-DNS-Prefetch-Control
X-Cacheable
Timing-Allow-Origin
X-Content-Security-Policy
X-FRAME-OPTIONS
X-Iinfo
X-Ua-Compatible
Content-Encoding
X-CDN
X-AspNetMvc-Version
Feature-Policy
Status
X-Request-ID
X-Envoy-Upstream-Service-Time
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
Upgrade
Access-Control-Max-Age
X-Via
Keep-Alive
X-Ws-Request-Id
X-Age
X-AH-Environment
X-Robots-Tag
X-Turbo-Charged-By
Request-Context
EagleId
X-Cache-Group
X-Proxy-Cache
Server-Timing
X-Server
X-Backend
X-Hacker
Host-Header
X-Server-Powered-By
Report-To
X-Amz-Request-Id
X-Nginx-Cache-Status
X-Amz-Id-2
Grace
X-UA-Device
X-Dns-Prefetch-Control
X-Rq
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-LiteSpeed-Cache
X-Page-Speed
Cf-Railgun
X-Pingback
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-OneAgent-JS-Injection
X-Device
X-CST
X-Amz-Version-Id
NEL
X-Cache-Spec
Allow
X-Host
X-WebKit-CSP
X-Vhost
X-Backend-Server
X-Server-Id
X-ASPNET-VERSION
Xkey
EagleEye-TraceId
X-Dispatcher
Surrogate-Control
X-Node
Request-Id
X-Response-Time
Content-Location
X-Akam-SW-Version
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Accept-CH
P3p
X-Cache-Lookup
X-Application-Context
X-Country
X-Ruxit-JS-Agent
X-Ac
Accept-Ch-Lifetime
X-Mod-Pagespeed
X-Cloud-Trace-Context
X-Template
X-Readtime
X-Language
X-B3-TraceId
Accept-Ch
MS-Author-Via
Accept-CH-Lifetime
X-HW
Rating
X-Url
X-Cnection
X-MS-InvokeApp
X-Origin-Cache
X-PC
X-TtlSet
X-Vname
Edge-Control
X-Clacks-Overhead
X-ESI
X-GitHub-Request-Id
X-Trace
Display
Pagespeed
Response
X-Sol
X-Middleton-Response
X-Middleton-Display
X-D2id
X-Content-Type
Arr-Disable-Session-Affinity
Verso
X-GoogleNews-Bot
X-Exp-Variant
X-Exp-Id
X-Cdn-Fetch
X-Kinja
X-ORACLE-DMS-RID
X-Kinja-Build
X-Use-Magma
X-Kinja-Revision
X-Kinja-Server
X-Vcap-Request-Id
X-ORACLE-DMS-ECID
X-Powered-By-Plesk
X-Goog-Hash
X-Country-Code
X-Rack-Cache
X-Varnish-TTL
X-Navigation-Version
X-VARITI-CCR
X-Server-Name
Service-Worker-Allowed
X-Amz-Rid
X-Webkit-CSP
X-Abt-Application-Version
X-Fastly-Request-ID
X-Oneagent-Js-Injection
Fastly-Restarts
X-TTL
X-Buckets
X-Client-IP
X-FastCGI-Cache
X-Cached
X-Cache-TTL
X-MSEdge-Ref
X-Release
X-Element-Page-Cache
X-Dw-Request-Base-Id
X-NF-Request-ID
X-SharePointHealthScore
SPRequestGuid
MRF-Tech
X-B3-TraceId-Primal
Mrf-Cache-Status
Public-Key-Pins
Access-Control-Request-Method
SPRequestDuration
SPIisLatency
Cache-Tag
RTSS
X-Pinterest-Rid
Pinterest-Version
Pinterest-Generated-By
AR-PoweredBy
AR-CACHE
AR-Request-ID
Ar-Sid
X-Edge
AR-ATIME
X-Ezoic-Cdn
X-Powered-CMS
X-LLID
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Upstream
X-Version
S
Content-MD5
X-HP-Webp
X-Jurisdiction
X-Ruxit-Js-Agent
X-Recruiting
X-Ttl
Charset
X-Origin-Upstream-Status
X-ECACHE
X-Mid
X-MCACHE
X-Kinsta-Cache
X-DynaTrace
X-Mg-S
X-PressLabs-Stats
Fusion-Template-Id
Fusion-Content-Source
Fusion-Component-Id
Fusion-Content-Id
Fusion-Deployment-Id
Fusion-Source
X-T
X-Content-Digest
X-Px
Cache-Tags
Fastcgi-Cache
X-Accel-Expires
X-Id
X-Forwarded-Proto
X-Logged-In
X-Content-Security-Policy-Report-Only
Filters
X-Litespeed-Cache
Server-Node
X-Fastcgi-Cache
Edge-Cache-Tag
X-Amz-Server-Side-Encryption
TCN
TP-L2-Cache
TP-Cache
MicrosoftSharePointTeamServices
Server-Name
Front-End-Https
X-Forwarded-For
X-Grace
X-Request-Received
Nginx-Cache
X-Request-Processing-Time
X-Hits
X-Correlation-Id
X-Amzn-Trace-Id
X-Shield-Request-Id
X-B3-Sampled
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Request-Handler-Origin-Region
X-Microsite
X-Debug
Alternate-Protocol
X-Az
X-Activity-Id
X-AppVersion
X-Varnish-Age
X-HS-Cache-Config
X-HS-Combine-CSS
X-HS-Hub-Id
X-F-Cache
X-HS-Content-Id
X-Server-ID
X-Amz-Replication-Status
X-Origin-Server
X-Goog-Stored-Content-Encoding
X-GUploader-UploadID
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-Goog-Storage-Class
X-Goog-Generation
X-Yandex-Sdch-Disable
Surrogate-Key
X-XRDS-Location
X-XRDS-LOCATION
X-NWS-LOG-UUID
X-Frontend
X-Rid
X-DIS-Request-ID
X-Cache-Age
Accept-Charset
X-Geo-Country
X-Ser
Host
Section-Io-Cache
Nel
X-Git-Hash
X-Hostname
X-Time
X-Respond-Thread
X-Daa-Tunnel
X-Upgrade-Enabled
X-VCache
Access-Control-Allow-Method
X-Mobile-URL
MS-CV
Realpath
X-RateLimit-Remaining
X-DataDome
X-LB-Cache
Paypal-Debug-Id
ServerID
X-AOL-HN
X-Type
Cleartype
X-Source
X-TT
X-Seen-By
X-Varnish-Backend
X-Cache-Action
X-IPLB-Instance
Payment
X-Content-Options
X-Whom
X-Debug-Info
X-Signature
X-B-Cache
Healthy
X-Route-Name
X-Request-Guid
X-Providence-Cookie
X-Flags
X-Is-Crawler
X-Aspnet-Duration-Ms
X-App-Environment
X-Page-Id
X-Contextid
X-Load-Cache
X-Cache-Key
X-Jobs
X-N
Cache
Fastcgi-Useragent
X-FB-Debug
X-WebKit-CSP-Report-Only
X-FTR-Request-ID
X-Browser-Type
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
Node
X-Mobile
X-Webkit-Csp
X-Rule
X-Pinterest-Direct
Refresh
X-Cache-Expired-At
X-Response-Served-From
X-Original-Request-Id
X-Accel-Buffering
X-RTag
Viewport
Ms-Operation-Id
DC
X-Content-Powered-By
X-Cacheable-TTL
X-Cluster-Name
Access-Control-Request-Headers
Version
X-Framework
X-HTML-Minification-Powered-By
X-Real-IP
X-B
X-RemovedCookies
X-Drupal-Cache-Tags
X-ProcessESI
X-Tec-Api-Origin
X-FireWall-Port
X-Tec-Api-Version
X-Tec-Api-Root
VIX-Pulpo-Node
Eomportal-Instance
X-Wix-Request-Id
X-Zen-Fury
X-Proxy
VIX-Pulpo-Upstream-Status
Powered-By-ChinaCache
X-Cache-Control
X-Cache-Time
X-UUID
X-Distributor
X-Instance
Referer-Policy
X-Region
X-IPS-LoggedIn
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-Page-View
Countrycode
X-Drupal-Cache-Contexts
X-FW-Server
X-Via-JSL
X-FW-Serve
X-FW-Dynamic
X-FW-Static
X-Cached-By
X-FW-Hash
X-FW-Type
X-Cache-Rule
X-Cache-Operation
X-G
X-Nginx-Cache
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-App-Server
X-Tumblr-Pixel-1
X-Tumblr-User
Liferay-Portal
X-Debug-IsConnected
X-Debug-IsPreview
X-Akamai-Edgescape
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Www-Served-By
Xserver
X-L-Path
X-Environment-Context
X-Cache-Hit
X-Protected-By
X-Pass-Why
Section-Io-Origin-Time-Seconds
Section-Io-Origin-Status
Section-Io-Id
Section-Origin-Responded
SRV
Server-Info
X-Device-Type
X-Varnish-Ttl
X-Varnish-Grace
DynaTrace
X-User-Agent
CF-IPCountry
X-TEC-API-VERSION
From-Origin
X-Adobe-Loc
X-Adobe-Content
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Tumblr-Pixel-2
X-Mode
GEO-INFO
Webserver
Ec-Rule-Version
Retry-After
X-Endurance-Cache-Level
X-ES-SERVER
X-Hl-Ver
Cache-Status
Meta-Geo
X-Varnish-Server
X-Handled-By
X-UPSTREAM-Address
X-RN-RSRV
Cache-Tv-Group
X-Backend-Name
Frame-Options
AMP-Access-Control-Allow-Source-Origin
X-Storage
X-Varnishpool
X-OCL
Country
X-Uri
X-Request-Time
X-ProxyCache-Key
X-Cache-Server
X-PCL
X-FB-TRIP-ID
X-BYPASS-REASON
Apigw-Requestid
X-MP-GENERATED-AT
X-Pubstack
X-Soup
X-ProxyCache-Status
TWC-GeoIP-LatLong
X-R9-Blue-Green-Version
TWC-GeoIP-Country
Property-Id
Fastly-SSL
Decoy-Debug-TTL
Decoy-Debug-Status
Decoy-Debug-Key
Webcakes-Region
Webcakes-App-Name
Selected-Fe
X-Server-W
TWC-Connection-Speed
X-Section
X-S-Maxage
TWC-Privacy
X-Access
TWC-Device-Class
Webcakes-App-Version
TWC-Locale-Group
X-AWS-Id
X-Format
X-PHP-Host
X-WA-Info
X-Be
X-TA-CDN-Provider
X-LJ-Flow-ID
X-Human
X-Labrador-Cache-Channel
X-Origin-Hint
X-Proxy-Build
X-Ratelimit-Limit
X-Via-Fastly
X-No-Session
X-VWS-Id
X-Timing-Wait
X-UA-Device-Type
X-LAGOON
X-Zipkin-Id
X-ApacheServer
Azure-RegionName
Azure-Version
Azure-SlotName
Azure-SiteName
Azure-InstanceId
Cache-Name
X-Proto
X-Routing-Service
X-Info
X-Proxied
Protected
Mn-Server-Ip
X-PERF
X-NYM-Debug-Backend
X-Origin-Date
X-Say-TTL
X-Loop
X-SayCDN-TTL
X-Storefront-Renderer-Rendered
X-Sql-Count
X-Say-Cacheable
X-GG-Cache-Date
X-Xfnlog-Site
X-Cache-TTL-Remaining
X-ShardId
X-ShopId
X-Web-Node
X-Alternate-Cache-Key
X-Shopify-Stage
X-Sql-Duration-Ms
X-TNCMS
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Locale
X-Status
X-Redis-Cache
X-Proxy-Cache-Status
X-Hosted-By
X-Hyper-Cache
Uber-Trace-Id
X-Site-Version
X-Is-Bot
X-FW-Version
X-Dc
X-Rendered-As
X-Cache-Enabled
X-Microcachable
X-Content-Age
X-Cluster
S-Cnection
X-Cache-Grace
X-TT-LOGID
X-NWS-UUID-VERIFY
X-AIR-PT
X-Qloud-Router
X-Backend-Host
X-Node-Name
X-Platform
X-Azure-Ref
X-Forwarded-Host
X-CSRF-Token
X-App-Version
X-Revision
X-SRV
X-Via-CDN
X-CCM
Cache-Hits
X-Trace-Id
Akamai-GRN
ServedBy
X-Ratelimit-Remaining
X-Cache-NGX
X-EdgeConnect-Cache-Status
X-Varnish-Hostname
X-Cache-PHP
X-ATG-Version
X-Aspnetmvc-Version
X-Debug-Cache
X-Detected-As
X-Correlation-ID
X-CACHE-KEY
X-Cache-Host
X-RCS-CacheZone
X-Amzn-RequestId
X-Amzn-Remapped-Content-Length
X-Amz-Apigw-Id
HostName
X-Nc
DB-Nickname
X-B3-SpanId
X-Akamai-Transformed
X-TX-ID
Amp-Access-Control-Allow-Source-Origin
X-FTR-Realm
X-FTR-Cache-Status
X-Country-Code-Real
X-CS
X-FTR-Backend
X-FTR-Backend-Server
X-FTR-Balancer
SD-X-WS
X-FTR-DC
X-Adobe-Source
X-BCube-Filmed-By
Who
X-Oss-Server-Time
X-Time-Microsecs
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-Oss-Request-Id
Country-Code
X-Oss-Storage-Class
X-Ms-Request-Id
X-Ms-Version
X-Amz-Meta-S3cmd-Attrs
X-Varnish-Beresp-Grace
T-Server
X-A-Ccd
X-A-Dcw
X-A-Dam
X-A-Dgt
X-A
Expiry
DCR-Processing-Time-Ms
X-A-Wwc
DCR-Decision-By
BehaviorPad-Version
X-Varnish-Cache-Hits
Fastcgi-X-Cache-Version
Machine
Odigeo-Trace-Id
Mobile-Detection-Method
Meta-Geo-Continent
MD5-Digest
Rendered-Blocks
X-CF-Lambda-Fn
X-S
X-S-Cookie
X-ScT
X-Rojux
X-Rewrite-Enabled
X-PBS-Appsvrname
X-Processor
X-Request-UUID
X-Session-Fingerprint
X-SRCache-Key
X-VG-WebServer
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
X-VG-WebCache
X-Vdms-Version
X-Trv-Group
X-Vdms-Path
X-PAYTM-SRV-ID
X-Owner
X-CF-Lambda-Version
X-Connection-Hash
X-D
X-Cache-NE
X-B-Cookie
X-Application
X-ARC
X-Destination
X-External-Request-Id
X-NAPM-TraceId
X-Origin-CC
X-Origin-TTL
X-Location
X-Level-Front-Cache
X-From
X-Generated-On
X-Aed
X-Generation-Time
X-Unique-ID
X-Backend-TTL
X-ServerID
X-RateLimit-Limit
Backend
X-Varnish-Beresp-Ttl
Filterid
UCS
X-OVcl-Cache
X-GeoIP-City
X-Magnolia-Registration
AKAMAI
X-OVcl
Thinkindot-Control
Server-Host
X-Varnish-Beresp-Status
X-Core-Value
X-Cms-Context
Release
Path
Pagetype
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
Ssr
On-Server
V-Age
CacheControlHeader
X-Thinkindot-L3
X-Thanos
X-Swa-Ws
X-TrackingId
Gh-Request-Id
X-DynaTrace-JS-Agent
Fastly-Backend-Name
X-Tumblr-Pixel-3
X-Fetched-On
Content-Disposition
X-Device-Os
X-Reqid
Cache-Host
Host-ID
X-Geo-Header
X-Bip
X-Cache-Bucket
X-Policy
X-EC-Lua
X-FTR-Expires
X-Unique-Id
X-Cdn-Forward
X-Var-Ttl
PB-PID
PB-RID
Magicmarker
X-Dispatcher-Server
Location
X-Branch-Name
X-Air-Hostname
X-FC-Vary-Parameters
X-Has-Esi
X-Is-Gdpr
X-JWT-State
X-Fastly-Cache
Wxu-Next-Region
Wxu-Next-Hostname
Origin
Sever-Int
Esi-Enabled
Tracecode
Server-Ext
Server-Hostname
True-Client-Country-4JS
NM-Fastcgi-Cache
Wxu-Next-Commit
X-Azure-Ref-OriginShield
X-Developer
Vix-Hermes-Req-Id
NGX
X-Cache-Info
X-Developers
DSUID
X-VG-TLSProxy
X-Scheme
X-HS-Content-Campaign-Id
X-Skip-Cache
X-Origin
C-Via
X-Nginx-Cache-Key
X-Mvc-Supplant-Cachable
X-IP
X-Sucuri-ID
X-Ratelimit-Reset
X-B3-Traceid
X-Micro-Cache
Xc-Version
X-Irp-Debug
X-GeoIP
CDN-Cache
CDN-RequestId
X-Varnish-Hits
CDN-Uid
Cf-Device-Type
X-Generated-In
X-SVT-ORM-RULES
CDN-RequestCountryCode
CDN-CachedAt
CDN-EdgeStorageId
Arc-Version
X-SVT-ORM-VERSION
CDN-PullZone
X-GEO
User-Cache-Control
X-NewRelic-App-Data
X-Tb
Adler-Geo
X-Origin-Response-Time
X-Cache-Id
X-DefHash
X-Block-Status
X-Epic-Correlation-Id
X-Fastly-Backend
X-User
X-VarnishDD-TTL
X-DPWN-IS-SECURE
X-Request-Host
X-Cache-Debug
X-Request-URI
X-WADP-Cache
X-Method
X-Envoy-Decorator-Operation
X-Esi-Check
X-Csrf-Jwt
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Gzip
X-Eu-Site
IsBot
X-Backend-State
X-Gamma-Serve
X-Fmm-Version
X-Gen-Mode
X-Generated-By
X-Hash
X-HN
X-Cache-Tags
Is-Eu
X-Clientip
X-DefElseHash
X-APP-VERSION
Fastly-SIE
X-CGP
Fastly-SWR
X-Hnp-Log
Platform
X-Clara-WADP
X-LB-ID
X-Old-Content-Length
X-NU-AKA-ACS-Version
HA-Ipaddr
Ha-Gx-Prefs
Fastly-Drupal-HTML
X-Variation
X-SIPLIST1
L
PFcat
Locid
L5d-Success-Class
X-Varnish-CookieHashed-On
X-Varnish-CookieINHashed-On
Apple-News-Services-Handled
X-Varnish-Remaining-TTL
X-GoCache-CacheStatus
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Cf-Bgj
CDCHOST
Apple-News-Services-Request-Url
X-Rebelmouse-Surrogate-Control
X-VServer
X-Li-Pop
X-Li-Fabric
X-Aicache-OS
X-Platform-Server
Web-Mar-Node
X-Rebelmouse-Cache-Control
X-Origin-Expires
X-LI-UUID
X-Node-Id
X-ID
X-Loc
X-Wikidot-Static-Cache
X-Wikidot-Backend
Rt-Fastcgi-Cache
X-Slack-Backend
X-Cache-Var
X-Cache-Var-Map
NGB
X-Varnish-Url
X-Via-Poph
X-Via-Popv
X-PF-Uncompressing
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-Via-Popn
X-Mvc-Supplant-OutputCached
SR-User-Adfree
Instruction
Req-Svc-Chain
Cmstype
Cmsid
X-Servername
Url
Pics-Label
X-CUA
X-Refresh
Geo-Info
X-Matched-Rule
Sid
Lfy
Kp-EeAlive
Svr
X-Served-From
X-Cache-Expires
CloudFront-Viewer-Country
X-Cache-Backend
A
X-TraceId
X-Vgn-Hpd-Reason
X-Srv
X-NCache
X-Sn-Servicetimems
X-Webkit-CSP-Report-Only
M-TraceId
Pramga
X-Cdn-Origin
X-Kraken-Loop-Name
X-Kraken-Routeconfig-Destination
X-Instrumentation
X-Server-Lifecycle-Phase
X-Edge-Location-Klb
X-Cache-Date
MIME-Version
Cross-Origin-Opener-Policy
Viewtype
X-Core-Mission
VivaBuild
Arc-Country
Cache-Key
X-JoinUs
DataCenter
X-PHP-Backend
X-SaId
X-NGENIX-Cache
X-Tb-Optimization-Total-Bytes-Saved
TDXMobile
X-Edge-Location
X-CLOUD-TRACE-CONTEXT
SID
X-Vc
Server-ID
X-Request-Start
Content-Secure-Policy
Source
X-Error
X-Servedbyhost
X-FireWall-Protection
X-Service
X-DC
X-NC
GeoIp-Country-Code
Geoip-Latitude
X-Extlb
X-Internal-Host
Tcn
X-Varnish-Cacheable
CACHE
X-Vcl-Version
X-Wa
X-CDN-Forward
X-Geo
NtCoent-Length
X-Bc-Bl
FSS-Cache
X-Response-By
X-HS-Status
X-B3-Spanid
X-Air-Source
Xkeyi7
X-Esi
X-LI-Proto
X-Forwarded-Site
X-Proxy-Cachei7
X-VHOST
Surrogated-Key
LB
X-Li-Proto
Memcached
X-PJAX-URL
N-Cache
Resin-Trace
Server-Ttl
HitType
X-Via-NSCOPI
X-Proxy-Upstream
X-BBXSRF
X-Req
X-Newrelic-Synthetics
X-LiteSpeed-Cache-Control
X-HOST
X-Cache-2
X-CCDN-Origin-Time
X-Hcs-Proxy-Type
Request-ID
X-CCDN-CacheTTL
X-RAMCache
X-Date
X-VC-Cache
We-Hiring
X-Accel-Expires-Debug
X-Viewer-Country
Mail-Subject
S-Rt
Upgrade-Insecure-Requests
X-VCL-Version
X-DB
D-Cc-Upstream
X-Cs
X-APP
Env
X-Rocket-Build-Number
X-Sigma
X-Sigma-Backend
X-WA
X-TIM-N
X-Varnish-Authentication
X-DSS
X-RPM
X-RPS
X-RSL
X-DI
X-DW
GeoIP-Latitude
GeoIP-Country-Code
X-Contensis-Viewer-Groups
X-Svr
X-Cc-Req-Id
X-Cc-Via
X-Cache-ASPX
X-Cache-Remote
Hostname
X-ServedByHost
X-UA
X-Men
X-Zone
X-RateLimit-Remaining-Second
Cteonnt-Length
X-MSEdge-Flight
Time
X-RateLimit-Limit-Second
X-App
Memory
X-MSEdge-Features
XServer
X-Server-IP
Ohc-File-Size
X-Air-Trace-Id
X-ZONE
ProcessTime
Server-Id
CF-Cached-On
Cross-Origin-Window-Policy
X-Sucuri-Cache
X-Action
X-HostName
X-Erf-Stays-Bingo-Pdp-Web
CPC-Cache
VNS-Age
Srv
X-Fpc
X-Gdpr
X-FPC
X-Region-Sid
X-API-Version
X-Oss-Cdn-Auth
X-Cache-Config
CPC-Age
Mime-Version
X-Nyt-Route
VNS-Cache
X-Origin-Time
X-Dynatrace-Js-Agent
X-Host-Name
X-Swift-Error
X-Provided-By
X-Depends-On
X-FORWARDED-FOR
W
X-Check-Cacheable
Cache-Provider
My-App
X-VC
X-Mg-Request-UUID
X-SN
X-NodeID
Fastcgi-Cache-TTL
X-CF-Powered-By
State
X-Cdn-Request-ID
Ohc-Cache-HIT
X-Minions-Version
X-BACKEND-TTL
CDN
X-TIME
X-Webstats-RespID
X-Ftr-Cache-Host
X-Dw-Trace-Id
X-URL
X-CSRF-TOKEN
X-UnsetCookies
X-SB
Proxy-Connection
X-SD-PageType
X-Xrds-Location
Cf-Ipcountry
X-Client-Ip
X-ServerName
X-Akamai-Pragma-Client-IP
X-Fastly-Request-Id
X-Hello
X-Flog
X-ABtesting
X-Fastly-Backend-Reqs
Cdn
X-BBC-Edge-Cache-Status
X-Parent-Response-Time
X-Snapshot-Date
X-Cache-Tag
X-Presslabs-Stats
Media-Length
X-NGINX-Cache
X-Render-Time
X-Pad
Dnion-Transfer-Encoding
Vha6-Origin
EpKe-Alive
X-Pf-Uncompressing
OT-Force-Account-Verify
X-Cache-Type
X-Oracle-DMS-ECID
X-Varnish-URL
X-Acquia-Application-UUID
X-Acquia-Application-Trace
X-Tenant
X-Orig-Expires
X-ND-Cache
X-Acquia-Purge-Tags
X-Forwarded-Path
X-Shop-Environment
X-Via-PopH
X-Via-PopN
X-Via-PopV
X-Acquia-Site
X-LiteSpeed-Tag
PICS-Label
X-Air-Pt
X-ElasticPress-Search
Epwk-X-Cache
Warning
X-Akamai-ERPolicy
X-Varnish-Beresp-TTL
Processtime
X-Worker
X-Akamai-ERRuleID
X-Traceid
X-Cluster-Node
X-ElasticPress-Query
X-MiniProfiler-Ids
X-Request-URL
X-Ms-Meta-Staticbatchstarttime
WZWS-RAY
X-BBC-Origin-Response-Status
X-Ms-Meta-Originalurl
X-Lb-Id
X-Vcache
X-Auto-Login
Xet-Cookie
CountryCode
X-Ua
X-Apw-Access-Token
X-Apw-Access-Action
X-Apw-Hits
X-Apw-Access-Object
X-Ftr-Request-Id
X-Yottaa-OS
X-Mg-Request-Id
Environment
X-Cache-Status-Check
X-Amz-Meta-Cb-Modifiedtime
Inserted-Into-Cache-At
X-B3-Parentspanid
NnCoection
Phost
Ohc-Response-Time
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-Tid
X-FTR-Cache-Host
Content-Style-Type
X-Redis-Duration-Ms
Content-Script-Type
X-Litespeed-Cache-Control
X-Storefront-Renderer-Verified
URI
X-Redis-Count