Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
CF-RAY
Cf-Request-Id
CF-Cache-Status
X-XSS-Protection
Accept-Ranges
Link
Pragma
ETag
Expect-CT
X-Powered-By
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
P3P
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
Alt-Svc
X-UA-Compatible
X-Served-By
X-Timer
X-Request-Id
X-Download-Options
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-Runtime
X-AspNet-Version
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Permitted-Cross-Domain-Policies
X-Check
X-Xss-Protection
X-Cache-Status
X-Generator
X-Cacheable
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Ua-Compatible
X-Content-Security-Policy
X-Iinfo
Content-Encoding
X-CDN
X-Request-ID
Feature-Policy
X-AspNetMvc-Version
Status
X-Envoy-Upstream-Service-Time
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
Upgrade
X-Via
Access-Control-Max-Age
Keep-Alive
X-Ws-Request-Id
X-Age
X-AH-Environment
X-Robots-Tag
X-Turbo-Charged-By
EagleId
Request-Context
X-Cache-Group
X-Proxy-Cache
Server-Timing
X-Server
X-Backend
X-Hacker
X-Dns-Prefetch-Control
Host-Header
X-Server-Powered-By
Report-To
X-Amz-Request-Id
X-Nginx-Cache-Status
Grace
X-Amz-Id-2
X-UA-Device
X-Rq
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
P3p
Ali-Swift-Global-Savetime
X-LiteSpeed-Cache
X-Page-Speed
Cf-Railgun
X-Pingback
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-OneAgent-JS-Injection
X-Device
X-Amz-Version-Id
X-CST
NEL
X-Cache-Spec
X-Vhost
X-WebKit-CSP
Allow
X-Host
X-Backend-Server
X-ASPNET-VERSION
X-Server-Id
Xkey
X-Dispatcher
X-Node
Surrogate-Control
EagleEye-TraceId
Request-Id
Content-Location
X-Response-Time
X-Akam-SW-Version
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Accept-CH
X-Cache-Lookup
X-Ruxit-JS-Agent
X-Application-Context
X-Country
X-Ac
X-Mod-Pagespeed
X-Cloud-Trace-Context
X-Template
Accept-Ch-Lifetime
X-Language
X-Readtime
Accept-CH-Lifetime
MS-Author-Via
Accept-Ch
X-B3-TraceId
X-Url
Rating
X-HW
X-Cnection
X-MS-InvokeApp
X-Origin-Cache
X-PC
X-Vname
X-TtlSet
Edge-Control
X-Clacks-Overhead
X-ESI
X-GitHub-Request-Id
X-Trace
X-Middleton-Display
Pagespeed
Response
Display
X-Sol
X-Middleton-Response
X-Content-Type
X-D2id
Arr-Disable-Session-Affinity
Verso
X-ORACLE-DMS-RID
X-GoogleNews-Bot
X-Exp-Variant
X-Kinja
X-Kinja-Build
X-Use-Magma
X-Kinja-Server
X-Kinja-Revision
X-Cdn-Fetch
X-Exp-Id
X-ORACLE-DMS-ECID
X-Powered-By-Plesk
X-Varnish-TTL
X-Country-Code
X-Goog-Hash
X-Vcap-Request-Id
X-Rack-Cache
X-Navigation-Version
X-VARITI-CCR
X-Server-Name
X-Oneagent-Js-Injection
X-Amz-Rid
Service-Worker-Allowed
X-Abt-Application-Version
X-TTL
X-Fastly-Request-ID
Fastly-Restarts
X-Client-IP
X-Buckets
X-Cached
X-Cache-TTL
X-MSEdge-Ref
X-FastCGI-Cache
X-Release
X-Dw-Request-Base-Id
X-Element-Page-Cache
X-NF-Request-ID
X-Webkit-CSP
X-SharePointHealthScore
SPRequestGuid
MRF-Tech
X-B3-TraceId-Primal
Mrf-Cache-Status
Public-Key-Pins
SPIisLatency
SPRequestDuration
Access-Control-Request-Method
RTSS
Cache-Tag
X-Pinterest-Rid
Pinterest-Version
Pinterest-Generated-By
X-Edge
AR-PoweredBy
Ar-Sid
AR-Request-ID
AR-ATIME
X-Powered-CMS
AR-CACHE
X-Ezoic-Cdn
X-LLID
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Upstream
Content-MD5
X-Version
X-HP-Webp
X-Jurisdiction
S
X-Recruiting
X-Origin-Upstream-Status
X-Mid
X-ECACHE
X-MCACHE
Charset
X-DynaTrace
X-Kinsta-Cache
X-Mg-S
X-PressLabs-Stats
X-Ttl
X-Ruxit-Js-Agent
Fusion-Deployment-Id
Fusion-Content-Id
Fusion-Content-Source
Fusion-Source
Fusion-Template-Id
Fusion-Component-Id
X-Content-Digest
X-T
X-Px
Cache-Tags
Fastcgi-Cache
X-Accel-Expires
X-Litespeed-Cache
X-Fastcgi-Cache
X-Forwarded-Proto
X-Logged-In
X-Content-Security-Policy-Report-Only
Edge-Cache-Tag
Server-Node
TCN
Filters
X-Amz-Server-Side-Encryption
X-Id
TP-Cache
TP-L2-Cache
Server-Name
MicrosoftSharePointTeamServices
Front-End-Https
X-Forwarded-For
X-Correlation-Id
X-Grace
Nginx-Cache
X-Request-Received
X-Request-Processing-Time
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Hits
X-Amzn-Trace-Id
X-Shield-Request-Id
X-B3-Sampled
X-XRDS-Location
X-Request-Handler-Origin-Region
X-Microsite
X-Debug
X-Varnish-Age
X-AppVersion
X-Az
X-Activity-Id
Alternate-Protocol
X-HS-Cache-Config
X-HS-Content-Id
X-HS-Hub-Id
X-HS-Combine-CSS
X-Amz-Replication-Status
X-Yandex-Sdch-Disable
X-F-Cache
X-Origin-Server
X-Goog-Storage-Class
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Generation
X-GUploader-UploadID
Surrogate-Key
X-NWS-LOG-UUID
Nel
X-Rid
X-Ser
X-Frontend
X-DIS-Request-ID
Accept-Charset
X-Geo-Country
X-XRDS-LOCATION
Host
X-Git-Hash
X-Cache-Age
Section-Io-Cache
X-Hostname
X-Respond-Thread
X-Daa-Tunnel
X-Upgrade-Enabled
X-RateLimit-Remaining
Access-Control-Allow-Method
X-DataDome
X-Time
X-Mobile-URL
MS-CV
X-VCache
X-Server-ID
Paypal-Debug-Id
X-Type
ServerID
X-Seen-By
X-LB-Cache
X-IPLB-Instance
X-Varnish-Backend
Healthy
Payment
Cleartype
X-Content-Options
X-Cache-Action
X-App-Environment
X-AOL-HN
X-Source
X-Flags
X-Is-Crawler
X-Providence-Cookie
X-Route-Name
X-Aspnet-Duration-Ms
X-Cache-Key
X-Debug-Info
X-Request-Guid
X-B-Cache
X-Page-Id
X-TT
X-Whom
X-Signature
X-Load-Cache
X-WebKit-CSP-Report-Only
Realpath
Cache
X-Contextid
X-N
Fastcgi-Useragent
X-Jobs
X-FB-Debug
X-FTR-Request-ID
X-Webkit-Csp
X-Pinterest-Direct
X-Erf-Bev-Bev-Is-Generated
X-Browser-Type
X-Erf-Bev-Bev
X-Mobile
Node
X-Rule
Refresh
X-Cache-Expired-At
X-Response-Served-From
X-Original-Request-Id
X-Accel-Buffering
Ms-Operation-Id
DC
X-RTag
Viewport
X-Zen-Fury
Referer-Policy
X-Drupal-Cache-Tags
X-Framework
X-Cluster-Name
Powered-By-ChinaCache
X-Instance
X-B
X-Proxy
X-HTML-Minification-Powered-By
X-Wix-Request-Id
X-Cacheable-TTL
X-Cache-Control
X-Content-Powered-By
X-RemovedCookies
X-ProcessESI
X-UUID
X-FireWall-Port
Access-Control-Request-Headers
X-Real-IP
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-IPS-LoggedIn
X-Cache-Time
X-Page-View
X-Region
X-Distributor
VIX-Pulpo-Upstream-Status
Version
X-Drupal-Cache-Contexts
Eomportal-Instance
VIX-Pulpo-Node
X-Via-JSL
X-FW-Type
X-FW-Static
X-FW-Server
X-FW-Dynamic
X-FW-Hash
X-FW-Serve
X-Cache-Rule
X-Cache-Operation
X-Cached-By
Liferay-Portal
X-Tumblr-Pixel
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Tumblr-User
Countrycode
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
X-Tec-Api-Root
X-Tec-Api-Origin
X-Cache-Hit
X-Debug-IsPreview
X-Debug-IsConnected
X-G
X-App-Server
X-Tec-Api-Version
X-Akamai-Edgescape
X-Pass-Why
X-Environment-Context
X-L-Path
X-Nginx-Cache
X-Www-Served-By
SRV
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
Section-Io-Id
Xserver
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
Section-Io-Origin-Status
DynaTrace
X-Protected-By
Server-Info
CF-IPCountry
X-Varnish-Grace
X-Device-Type
X-User-Agent
X-Tumblr-Pixel-2
GEO-INFO
Webserver
From-Origin
X-Mode
Ec-Rule-Version
X-Adobe-Content
Retry-After
X-Adobe-Loc
X-UPSTREAM-Address
X-Hl-Ver
X-RN-RSRV
X-Handled-By
X-ES-SERVER
Meta-Geo
Cache-Status
X-Endurance-Cache-Level
X-Backend-Name
X-MP-GENERATED-AT
X-Varnish-Ttl
Decoy-Debug-TTL
TWC-GeoIP-Country
Decoy-Debug-Status
Decoy-Debug-Key
TWC-Locale-Group
TWC-Device-Class
TWC-GeoIP-LatLong
Country
TWC-Connection-Speed
Property-Id
X-Varnish-Server
Frame-Options
Cache-Tv-Group
Fastly-SSL
X-Cache-Server
X-Human
X-Format
X-FB-TRIP-ID
X-Section
X-Storage
X-Origin-Hint
X-OCL
TWC-Privacy
X-PCL
X-Soup
Webcakes-Region
Webcakes-App-Version
Webcakes-App-Name
X-Uri
X-Request-Time
X-Varnishpool
X-Pubstack
X-Access
Azure-Version
Azure-SlotName
X-Server-W
Apigw-Requestid
X-Via-Fastly
X-VWS-Id
X-Be
X-UA-Device-Type
Azure-InstanceId
Azure-SiteName
Azure-RegionName
X-Timing-Wait
X-PHP-Host
X-AWS-Id
X-BYPASS-REASON
X-Labrador-Cache-Channel
X-ApacheServer
Mn-Server-Ip
X-NYM-Debug-Backend
Selected-Fe
X-LAGOON
X-LJ-Flow-ID
X-ProxyCache-Key
X-ProxyCache-Status
X-Proxy-Build
X-PERF
X-No-Session
X-Info
X-Redis-Cache
X-R9-Blue-Green-Version
X-Say-TTL
X-SayCDN-TTL
X-WA-Info
X-Sql-Duration-Ms
X-Say-Cacheable
X-Proto
X-Xfnlog-Site
X-Zipkin-Id
Cache-Name
X-Web-Node
X-Sql-Count
X-S-Maxage
X-Routing-Service
X-Proxied
X-Locale
X-Status
X-Cache-TTL-Remaining
X-Site-Version
X-Ratelimit-Limit
X-Origin-Date
X-GG-Cache-Date
X-Hyper-Cache
X-Hosted-By
X-Loop
X-TNCMS
Uber-Trace-Id
Protected
X-Proxy-Cache-Status
X-TA-CDN-Provider
X-Shopify-Stage
AMP-Access-Control-Allow-Source-Origin
X-Is-Bot
X-Sorting-Hat-PodId
X-Alternate-Cache-Key
X-Storefront-Renderer-Rendered
X-AIR-PT
X-FW-Version
X-ShopId
X-Rendered-As
X-ShardId
X-Cache-Enabled
X-Sorting-Hat-ShopId
X-Microcachable
X-NWS-UUID-VERIFY
X-TT-LOGID
S-Cnection
X-Content-Age
X-Cache-Grace
X-Forwarded-Host
X-Cluster
X-Qloud-Router
X-Node-Name
X-Backend-Host
X-Revision
X-Azure-Ref
X-Dc
X-CCM
X-SRV
X-Platform
X-B3-Traceid
X-Via-CDN
Cache-Hits
Amp-Access-Control-Allow-Source-Origin
Akamai-GRN
X-Aspnetmvc-Version
X-CSRF-Token
X-Trace-Id
X-App-Version
ServedBy
X-ATG-Version
X-EdgeConnect-Cache-Status
X-Detected-As
X-Varnish-Hostname
X-Cache-PHP
X-Debug-Cache
X-Cache-NGX
X-RCS-CacheZone
X-Amz-Apigw-Id
X-Amzn-Remapped-Content-Length
X-Amzn-RequestId
X-Cache-Host
X-B3-SpanId
X-Ratelimit-Remaining
X-CS
X-Oss-Request-Id
X-Oss-Server-Time
X-FTR-Backend
X-Akamai-Transformed
X-Nc
X-FTR-Realm
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-FTR-Balancer
X-Country-Code-Real
X-FTR-Backend-Server
SD-X-WS
X-FTR-DC
DB-Nickname
X-Oss-Storage-Class
X-CACHE-KEY
X-FTR-Cache-Status
X-Correlation-ID
Who
X-BCube-Filmed-By
HostName
X-Amz-Meta-S3cmd-Attrs
X-TX-ID
X-Adobe-Source
X-RateLimit-Limit
X-ID
X-Ms-Request-Id
X-Ms-Version
Country-Code
X-CF-Lambda-Fn
X-Location
X-VG-WebCache
Fastcgi-X-Cache-Version
X-ARC
Meta-Geo-Continent
X-Level-Front-Cache
X-Cache-NE
X-Generation-Time
X-Vtex-Remote-Cache
Machine
X-Connection-Hash
X-External-Request-Id
X-D
Odigeo-Trace-Id
BehaviorPad-Version
Mobile-Detection-Method
X-Destination
MD5-Digest
X-PAYTM-SRV-ID
X-Vtex-Processado-Em
X-Generated-On
X-Varnish-Cache-Hits
DCR-Decision-By
DCR-Processing-Time-Ms
X-VG-WebServer
X-Processor
Rendered-Blocks
X-From
X-Origin-TTL
X-PBS-Appsvrname
X-CF-Lambda-Version
Expiry
X-A-Ccd
X-A
X-Time-Microsecs
X-S-Cookie
X-A-Dam
X-Rojux
X-S
X-Backend-TTL
X-B-Cookie
X-ScT
X-SRCache-Key
X-Application
X-Aed
X-Trv-Group
X-Session-Fingerprint
X-Vdms-Version
X-Vdms-Path
X-Rewrite-Enabled
X-NAPM-TraceId
X-A-Dgt
X-A-Wwc
T-Server
X-A-Dcw
X-Origin-CC
X-Request-UUID
Filterid
Backend
X-Unique-Id
X-Varnish-Beresp-Grace
X-Magnolia-Registration
Path
X-TrackingId
Pagetype
X-Core-Value
Ssr
X-OVcl-Cache
UCS
Tracecode
X-ServerID
X-Thinkindot-L3
Gh-Request-Id
X-Device-Os
X-Reqid
X-Thanos
Xc-Version
AKAMAI
CacheControlHeader
X-Developers
X-Swa-Ws
X-Cache-Bucket
Release
On-Server
Cache-Host
Magicmarker
X-OVcl
X-HS-Content-Campaign-Id
X-Geo-Header
Thinkindot-Control
X-Generated-In
Wxu-Next-Region
X-Cache-Info
Content-Disposition
X-Unique-ID
X-Mvc-Supplant-Cachable
Host-ID
X-GeoIP-City
Thinkindot-CacheControl
X-Irp-Debug
X-Cms-Context
X-Fetched-On
X-DynaTrace-JS-Agent
X-Fastly-Cache
Thinkindot-CacheControl-Type
X-Micro-Cache
Wxu-Next-Commit
X-Bip
Fastly-Backend-Name
X-Policy
Wxu-Next-Hostname
X-Tumblr-Pixel-3
X-Owner
User-Cache-Control
X-FTR-Expires
X-NewRelic-App-Data
X-Varnish-Beresp-Ttl
X-Tb
X-Azure-Ref-OriginShield
Server-Hostname
PB-RID
Sever-Int
V-Age
Web-Mar-Node
L
X-Backend-State
HA-Ipaddr
Server-Host
PFcat
Origin
Arc-Version
NGX
Cf-Device-Type
X-Block-Status
L5d-Success-Class
PB-PID
Locid
Server-Ext
X-Cache-Debug
X-IP
X-Hnp-Log
X-GEO
X-Method
X-Varnish-Hits
X-HN
Ha-Gx-Prefs
X-Eu-Site
X-Fmm-Version
X-Gen-Mode
X-Generated-By
X-Var-Ttl
X-Air-Hostname
X-Cdn-Forward
X-Nginx-Cache-Key
X-Request-URI
X-Origin-Response-Time
X-VG-TLSProxy
X-Skip-Cache
X-User
X-Sucuri-ID
X-VarnishDD-TTL
X-APP-VERSION
X-Envoy-Decorator-Operation
X-GeoIP
CDCHOST
X-WADP-Cache
C-Via
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
X-Clara-WADP
Cf-Bgj
X-Wikidot-Static-Cache
Esi-Enabled
X-CGP
X-Wikidot-Backend
Apple-News-Services-Host
X-Csrf-Jwt
X-Has-Esi
Apple-News-Services-Handled
X-Is-Gdpr
X-FC-Vary-Parameters
X-JWT-State
X-Developer
X-Varnish-Beresp-Status
X-EC-Lua
X-Esi-Check
X-Ratelimit-Reset
X-Aicache-OS
IsBot
X-Origin
X-Dispatcher-Server
X-Request-Host
X-Scheme
X-Branch-Name
Fastly-SIE
Fastly-SWR
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Cache-Id
X-Gzip
X-Old-Content-Length
X-SIPLIST1
CDN-PullZone
CDN-EdgeStorageId
CDN-CachedAt
CDN-RequestCountryCode
CDN-RequestId
DSUID
CDN-Uid
CDN-Cache
X-Epic-Correlation-Id
X-Rebelmouse-Cache-Control
X-VServer
X-Platform-Server
X-NU-AKA-ACS-Version
X-GoCache-CacheStatus
X-Node-Id
Location
X-Rebelmouse-Surrogate-Control
True-Client-Country-4JS
Vix-Hermes-Req-Id
NM-Fastcgi-Cache
X-Cache-Tags
X-Cache-Var
X-Cache-Var-Map
X-Li-Fabric
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Fastly-Backend
SR-User-Adfree
X-Li-Pop
X-LI-UUID
X-Origin-Expires
Is-Eu
X-Mvc-Supplant-OutputCached
X-Varnish-CookieHashed-On
X-Loc
X-Variation
X-Varnish-Remaining-TTL
X-Hash
X-DPWN-IS-SECURE
X-LB-ID
X-Varnish-CookieINHashed-On
X-DefHash
X-DefElseHash
Fastly-Drupal-HTML
Adler-Geo
X-Clientip
X-Gamma-Serve
Platform
X-Slack-Backend
X-Varnish-Url
Instruction
NGB
Rt-Fastcgi-Cache
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
Pics-Label
X-PF-Uncompressing
X-CUA
X-Planisys-CDN-Cache
Geo-Info
Cmstype
X-Refresh
X-Via-Popn
X-Via-Poph
X-Via-Popv
Cmsid
Req-Svc-Chain
X-Matched-Rule
Lfy
X-Cache-Expires
X-Servername
CloudFront-Viewer-Country
Kp-EeAlive
Url
X-Cache-Backend
X-Served-From
Svr
Sid
Viewtype
A
X-NCache
VivaBuild
Pramga
X-Sn-Servicetimems
X-Cdn-Origin
X-Cache-Date
X-Core-Mission
Cache-Key
M-TraceId
X-Tb-Optimization-Total-Bytes-Saved
X-TraceId
X-Vgn-Hpd-Reason
Cross-Origin-Opener-Policy
MIME-Version
Arc-Country
X-Srv
X-Ua-Device
X-NGENIX-Cache
Source
X-Request-Start
TDXMobile
X-JoinUs
X-DC
X-CLOUD-TRACE-CONTEXT
X-SaId
X-Webkit-CSP-Report-Only
X-PHP-Backend
X-Edge-Location
SID
Server-ID
X-Servedbyhost
X-Kraken-Routeconfig-Destination
X-FireWall-Protection
X-Server-Lifecycle-Phase
X-Instrumentation
X-Kraken-Loop-Name
X-Vc
X-Error
DataCenter
X-NC
X-Edge-Location-Klb
Tcn
GeoIp-Country-Code
X-Varnish-Cacheable
X-Wa
Geoip-Latitude
X-CDN-Forward
NtCoent-Length
X-Response-By
Content-Secure-Policy
X-HS-Status
X-Extlb
X-Service
X-Vcl-Version
X-Internal-Host
X-B3-Spanid
X-Geo
X-Air-Source
X-Proxy-Cachei7
FSS-Cache
X-Esi
Xkeyi7
CACHE
Server-Ttl
X-BBXSRF
Resin-Trace
N-Cache
HitType
X-LI-Proto
X-Forwarded-Site
X-Via-NSCOPI
X-HOST
X-LiteSpeed-Cache-Control
X-Bc-Bl
X-Proxy-Upstream
X-CCDN-CacheTTL
X-VCL-Version
X-CCDN-Origin-Time
X-PJAX-URL
X-Hcs-Proxy-Type
X-Li-Proto
Request-ID
LB
Mail-Subject
Surrogated-Key
We-Hiring
Memcached
X-Cache-2
X-RAMCache
X-Viewer-Country
S-Rt
XServer
X-DI
X-DB
Upgrade-Insecure-Requests
X-Req
X-DW
X-RPS
X-RSL
X-RPM
X-TIM-N
X-Newrelic-Synthetics
X-Varnish-Authentication
X-DSS
X-Contensis-Viewer-Groups
X-Date
X-RateLimit-Limit-Second
X-Cc-Req-Id
X-Svr
X-Accel-Expires-Debug
X-VC-Cache
X-Cache-ASPX
X-RateLimit-Remaining-Second
X-Cc-Via
D-Cc-Upstream
X-Cache-Remote
Hostname
X-App
GeoIP-Latitude
GeoIP-Country-Code
X-UA
X-Cs
X-Sigma
X-Rocket-Build-Number
X-APP
Env
X-WA
Cteonnt-Length
X-Sigma-Backend
Cross-Origin-Window-Policy
Ohc-File-Size
ProcessTime
X-Action
X-MSEdge-Flight
X-Sucuri-Cache
Time
Memory
X-MSEdge-Features
X-ZONE
X-Men
CF-Cached-On
X-ServedByHost
X-Server-IP
X-Erf-Stays-Bingo-Pdp-Web
X-TIME
X-HostName
X-Region-Sid
Server-Id
CPC-Age
VNS-Age
CPC-Cache
VNS-Cache
X-FPC
X-Air-Trace-Id
X-Oss-Cdn-Auth
X-Gdpr
X-Nyt-Route
X-Origin-Time
X-CF-Powered-By
X-Cache-Config
X-Fpc
X-API-Version
X-Dynatrace-Js-Agent
X-Swift-Error
X-Provided-By
X-Host-Name
X-SN
X-FORWARDED-FOR
X-VC
X-NodeID
Mime-Version
Cache-Provider
X-Check-Cacheable
X-Zone
X-Depends-On
W
Srv
Ohc-Cache-HIT
X-Cdn-Request-ID
X-Webstats-RespID
CDN
X-BACKEND-TTL
X-CSRF-TOKEN
X-SB
X-UnsetCookies
Fastcgi-Cache-TTL
X-SD-PageType
My-App
X-Ftr-Cache-Host
X-ServerName
X-Client-Ip
X-NGINX-Cache
X-Akamai-Pragma-Client-IP
X-ABtesting
X-Dw-Trace-Id
X-Parent-Response-Time
X-Flog
Cdn
X-Hello
X-BBC-Edge-Cache-Status
X-Fastly-Backend-Reqs
X-Fastly-Request-Id
State
X-Minions-Version
X-Mg-Request-UUID
Proxy-Connection
X-Render-Time
Dnion-Transfer-Encoding
Media-Length
X-Pad
X-Cache-Tag
EpKe-Alive
X-Presslabs-Stats
X-Oracle-DMS-ECID
X-Pf-Uncompressing
Cf-Ipcountry
Vha6-Origin
X-ElasticPress-Search
CountryCode
PICS-Label
X-Acquia-Application-Trace
OT-Force-Account-Verify
X-Acquia-Site
X-Snapshot-Date
X-Cache-Type
X-Acquia-Purge-Tags
X-Acquia-Application-UUID
X-LiteSpeed-Tag
Epwk-X-Cache
X-Via-PopV
X-Via-PopH
X-Via-PopN
X-ND-Cache
X-ElasticPress-Query
X-Forwarded-Path
Warning
X-Request-URL
X-Varnish-Beresp-TTL
X-Varnish-URL
X-BBC-Origin-Response-Status
X-Akamai-ERRuleID
X-Ms-Meta-Staticbatchstarttime
X-Ms-Meta-Originalurl
X-Orig-Expires
X-Worker
X-Auto-Login
Xet-Cookie
Processtime
X-Cluster-Node
X-Tenant
X-Vcache
X-Akamai-ERPolicy
X-Shop-Environment
X-MiniProfiler-Ids
X-Traceid
X-Lb-Id
X-Tx-Id
X-Air-Pt
X-Ua
X-Apw-Access-Token
X-Apw-Access-Object
X-Apw-Access-Action
X-Apw-Hits
WZWS-RAY
X-Ftr-Request-Id
X-Mg-Request-Id
Datacenter
X-Cache-Status-Check
X-Yottaa-OS
Environment
Ohc-Response-Time
X-B3-Parentspanid
NnCoection
X-Redis-Duration-Ms
X-Debug-Cache-Store
X-Redis-Count
X-Debug-Cache-Fetch
Phost
Inserted-Into-Cache-At
URI
X-Litespeed-Cache-Control
Content-Script-Type
X-Amz-Meta-Cb-Modifiedtime
X-Tid
X-Storefront-Renderer-Verified
X-FTR-Cache-Host
Content-Style-Type