Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-RAY
CF-Cache-Status
Accept-Ranges
Link
X-XSS-Protection
Pragma
ETag
Expect-CT
X-Powered-By
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
Alt-Svc
X-UA-Compatible
X-Served-By
X-Timer
X-Request-Id
X-Download-Options
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Xss-Protection
Access-Control-Allow-Credentials
X-Runtime
X-AspNet-Version
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Permitted-Cross-Domain-Policies
X-Check
X-Cache-Status
X-Generator
X-DNS-Prefetch-Control
X-Cacheable
X-Ua-Compatible
Timing-Allow-Origin
X-Content-Security-Policy
X-FRAME-OPTIONS
X-Iinfo
Content-Encoding
Feature-Policy
X-AspNetMvc-Version
X-CDN
Status
X-Request-ID
X-Envoy-Upstream-Service-Time
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
Upgrade
Access-Control-Max-Age
X-Via
Keep-Alive
X-Ws-Request-Id
X-Age
X-AH-Environment
X-Robots-Tag
Request-Context
X-Turbo-Charged-By
EagleId
X-Cache-Group
X-Proxy-Cache
Server-Timing
X-Server
X-Backend
X-Hacker
Host-Header
X-Server-Powered-By
Report-To
X-Amz-Request-Id
X-Nginx-Cache-Status
Grace
X-Amz-Id-2
X-UA-Device
X-Dns-Prefetch-Control
X-Rq
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-Page-Speed
X-LiteSpeed-Cache
Cf-Railgun
X-Pingback
X-OneAgent-JS-Injection
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Device
X-CST
NEL
X-Amz-Version-Id
X-Cache-Spec
Allow
X-Vhost
X-Host
X-Backend-Server
X-WebKit-CSP
X-Server-Id
X-ASPNET-VERSION
X-Dispatcher
Xkey
Surrogate-Control
EagleEye-TraceId
X-Node
Request-Id
X-Response-Time
Content-Location
X-Akam-SW-Version
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Ruxit-JS-Agent
Accept-CH
X-Cache-Lookup
P3p
X-Application-Context
X-Country
X-Ac
X-Mod-Pagespeed
X-Cloud-Trace-Context
Accept-Ch-Lifetime
X-Template
X-Readtime
X-Language
X-B3-TraceId
Accept-Ch
MS-Author-Via
Accept-CH-Lifetime
X-HW
Rating
X-Url
X-Cnection
X-MS-InvokeApp
X-Origin-Cache
X-PC
X-TtlSet
X-Vname
Edge-Control
X-ESI
X-Clacks-Overhead
X-GitHub-Request-Id
X-Trace
X-Webkit-CSP
Pagespeed
Display
Response
X-Middleton-Display
X-Sol
X-Middleton-Response
X-Content-Type
X-D2id
Verso
Arr-Disable-Session-Affinity
X-Exp-Id
X-Cdn-Fetch
X-Exp-Variant
X-Kinja-Build
X-Use-Magma
X-Kinja-Server
X-Kinja-Revision
X-Kinja
X-GoogleNews-Bot
X-Varnish-TTL
X-Vcap-Request-Id
X-Powered-By-Plesk
X-ORACLE-DMS-RID
X-Country-Code
X-Goog-Hash
X-Rack-Cache
X-ORACLE-DMS-ECID
X-Navigation-Version
X-VARITI-CCR
X-TTL
X-Abt-Application-Version
X-Server-Name
X-FastCGI-Cache
X-Amz-Rid
Service-Worker-Allowed
X-Fastly-Request-ID
Fastly-Restarts
X-Client-IP
X-Cached
X-Buckets
X-MSEdge-Ref
X-Release
X-Cache-TTL
X-Element-Page-Cache
X-Dw-Request-Base-Id
X-NF-Request-ID
X-B3-TraceId-Primal
Cache-Tag
Mrf-Cache-Status
MRF-Tech
SPRequestGuid
X-SharePointHealthScore
Public-Key-Pins
Access-Control-Request-Method
RTSS
SPIisLatency
SPRequestDuration
X-Oneagent-Js-Injection
AR-CACHE
AR-Request-ID
AR-PoweredBy
Ar-Sid
AR-ATIME
X-Edge
X-Ezoic-Cdn
X-Powered-CMS
Pinterest-Version
X-LLID
Pinterest-Generated-By
X-Pinterest-Rid
X-Upstream
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Version
X-Litespeed-Cache
S
Content-MD5
X-Jurisdiction
X-HP-Webp
X-Recruiting
X-ECACHE
X-Mid
X-MCACHE
Charset
X-Kinsta-Cache
X-Mg-S
X-Origin-Upstream-Status
X-DynaTrace
X-PressLabs-Stats
X-T
X-Content-Digest
Cache-Tags
Fusion-Source
Fusion-Content-Id
Fusion-Deployment-Id
Fusion-Template-Id
Fusion-Component-Id
Fusion-Content-Source
X-Ttl
X-Ruxit-Js-Agent
X-Accel-Expires
X-Px
Fastcgi-Cache
X-Forwarded-Proto
X-Id
X-Content-Security-Policy-Report-Only
X-Logged-In
Filters
Server-Node
TP-L2-Cache
TP-Cache
Edge-Cache-Tag
Server-Name
X-Amz-Server-Side-Encryption
Front-End-Https
TCN
MicrosoftSharePointTeamServices
X-Forwarded-For
X-Request-Received
X-Grace
X-Request-Processing-Time
X-Correlation-Id
Nginx-Cache
X-Fastcgi-Cache
X-Shield-Request-Id
X-Hits
X-Amzn-Trace-Id
X-B3-Sampled
Alternate-Protocol
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Microsite
X-XRDS-Location
X-Request-Handler-Origin-Region
X-AppVersion
X-Activity-Id
X-Az
X-Debug
X-Varnish-Age
X-F-Cache
X-HS-Content-Id
X-Amz-Replication-Status
X-HS-Combine-CSS
X-HS-Hub-Id
X-HS-Cache-Config
X-Server-ID
X-Origin-Server
X-Goog-Generation
X-GUploader-UploadID
X-NWS-LOG-UUID
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Yandex-Sdch-Disable
X-Frontend
Surrogate-Key
X-Rid
X-Geo-Country
Host
X-DIS-Request-ID
X-Cache-Age
Section-Io-Cache
Accept-Charset
Nel
X-Ser
X-Git-Hash
Realpath
X-XRDS-LOCATION
X-Daa-Tunnel
X-Time
X-VCache
X-Hostname
Access-Control-Allow-Method
X-Respond-Thread
X-Mobile-URL
X-Upgrade-Enabled
X-RateLimit-Remaining
MS-CV
X-Seen-By
X-Source
X-Type
Paypal-Debug-Id
X-AOL-HN
Cleartype
X-DataDome
ServerID
X-LB-Cache
X-TT
Healthy
X-Varnish-Backend
X-IPLB-Instance
Payment
X-Signature
X-B-Cache
X-Content-Options
X-Cache-Action
X-Debug-Info
X-Aspnet-Duration-Ms
X-Whom
X-Contextid
X-Route-Name
X-Providence-Cookie
X-Request-Guid
X-Is-Crawler
X-Flags
X-App-Environment
X-Page-Id
X-Load-Cache
Fastcgi-Useragent
X-Cache-Key
X-N
X-WebKit-CSP-Report-Only
X-FB-Debug
X-Jobs
Cache
Node
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Browser-Type
X-Mobile
X-Rule
X-FTR-Request-ID
X-Webkit-Csp
X-Cache-Expired-At
Refresh
X-Accel-Buffering
X-Response-Served-From
X-Wix-Request-Id
X-Original-Request-Id
Viewport
Ms-Operation-Id
DC
X-FireWall-Port
X-RTag
Access-Control-Request-Headers
X-Tec-Api-Root
X-Content-Powered-By
X-Cluster-Name
X-Tec-Api-Origin
X-Cacheable-TTL
X-Tec-Api-Version
Version
X-Drupal-Cache-Tags
X-RemovedCookies
X-Zen-Fury
X-Real-IP
X-ProcessESI
X-HTML-Minification-Powered-By
X-Framework
X-Distributor
X-Instance
X-B
X-UUID
VIX-Pulpo-Node
Referer-Policy
VIX-Pulpo-Upstream-Status
X-Cache-Control
X-Region
X-Cache-Time
X-IPS-LoggedIn
Eomportal-Instance
X-Tt-Trace-Tag
X-Proxy
X-Tt-Trace-Host
X-Page-View
Countrycode
X-Debug-IsPreview
X-Debug-IsConnected
X-Pinterest-Direct
X-Drupal-Cache-Contexts
X-FW-Serve
X-FW-Dynamic
X-Www-Served-By
X-FW-Server
X-FW-Hash
X-FW-Static
X-FW-Type
X-Nginx-Cache
X-Cached-By
X-G
X-App-Server
Powered-By-ChinaCache
X-Cache-Operation
X-Protected-By
X-Tumblr-User
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
X-Tumblr-Pixel
Xserver
X-Cache-Rule
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Via-JSL
Liferay-Portal
X-Akamai-Edgescape
X-Environment-Context
X-L-Path
X-Cache-Hit
SRV
Section-Io-Origin-Time-Seconds
Section-Io-Origin-Status
X-Pass-Why
Section-Io-Id
Section-Origin-Responded
X-Varnish-Grace
X-Device-Type
Server-Info
DynaTrace
CF-IPCountry
X-User-Agent
X-Adobe-Content
GEO-INFO
X-Adobe-Loc
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Varnish-Server
X-TEC-API-VERSION
Cache-Status
X-TA-CDN-Provider
Retry-After
X-Tumblr-Pixel-2
From-Origin
X-Mode
Frame-Options
Ec-Rule-Version
Webserver
X-Hl-Ver
X-Handled-By
X-ES-SERVER
Meta-Geo
X-Endurance-Cache-Level
X-RN-RSRV
X-UPSTREAM-Address
X-Backend-Name
Cache-Tv-Group
X-FB-TRIP-ID
Fastly-SSL
Apigw-Requestid
X-Format
X-Section
Country
X-BYPASS-REASON
X-Be
X-Soup
X-Storage
X-Cache-Server
X-NYM-Debug-Backend
X-Pubstack
TWC-GeoIP-LatLong
X-Request-Time
TWC-GeoIP-Country
X-ProxyCache-Status
TWC-Connection-Speed
X-MP-GENERATED-AT
TWC-Locale-Group
TWC-Privacy
X-Uri
X-Varnishpool
X-Access
Webcakes-Region
Webcakes-App-Name
Webcakes-App-Version
X-ProxyCache-Key
TWC-Device-Class
X-OCL
Property-Id
X-PCL
X-Origin-Hint
Decoy-Debug-Key
X-Origin-Date
X-R9-Blue-Green-Version
X-PERF
X-Human
X-Timing-Wait
X-Via-Fastly
X-UA-Device-Type
X-ApacheServer
X-No-Session
Decoy-Debug-TTL
X-VWS-Id
X-WA-Info
Decoy-Debug-Status
X-Info
X-Proxy-Build
X-Proto
X-Ratelimit-Limit
Selected-Fe
X-S-Maxage
X-Server-W
X-PHP-Host
X-LJ-Flow-ID
Cache-Name
X-Labrador-Cache-Channel
Mn-Server-Ip
X-AWS-Id
Azure-Version
Protected
X-Cache-TTL-Remaining
Azure-InstanceId
Azure-RegionName
Azure-SiteName
Azure-SlotName
X-Loop
X-Say-Cacheable
X-Proxied
X-Say-TTL
X-SayCDN-TTL
X-Proxy-Cache-Status
X-Routing-Service
X-Zipkin-Id
X-Varnish-Ttl
X-TNCMS
X-Web-Node
X-Xfnlog-Site
X-Sql-Count
X-Sql-Duration-Ms
X-LAGOON
X-GG-Cache-Date
Uber-Trace-Id
AMP-Access-Control-Allow-Source-Origin
X-ShopId
X-Hosted-By
X-Alternate-Cache-Key
X-Status
X-Storefront-Renderer-Rendered
X-Hyper-Cache
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Shopify-Stage
X-ShardId
X-Redis-Cache
X-Locale
X-Cache-Enabled
X-App-Version
X-FW-Version
X-Site-Version
X-Content-Age
X-Is-Bot
X-Rendered-As
X-Microcachable
X-NWS-UUID-VERIFY
X-Cluster
X-Backend-Host
X-Azure-Ref
S-Cnection
X-Forwarded-Host
X-Cache-Grace
X-SRV
X-AIR-PT
X-Dc
X-TT-LOGID
X-Platform
X-Qloud-Router
X-CSRF-Token
X-Via-CDN
X-Trace-Id
X-Node-Name
Akamai-GRN
X-Revision
ServedBy
Cache-Hits
X-Varnish-Hostname
X-CCM
X-Cache-NGX
X-Ratelimit-Remaining
X-Cdn
X-ATG-Version
Amp-Access-Control-Allow-Source-Origin
X-Cache-PHP
X-EdgeConnect-Cache-Status
X-Debug-Cache
X-Aspnetmvc-Version
X-RCS-CacheZone
X-CACHE-KEY
X-Correlation-ID
X-Cache-Host
X-Detected-As
X-Amz-Apigw-Id
X-Akamai-Transformed
X-Amzn-RequestId
X-Amzn-Remapped-Content-Length
X-B3-SpanId
X-CS
DB-Nickname
Who
X-TX-ID
Country-Code
X-Adobe-Source
X-Nc
HostName
SD-X-WS
X-BCube-Filmed-By
Filterid
X-Country-Code-Real
X-Oss-Server-Time
X-Oss-Object-Type
X-Oss-Request-Id
X-Oss-Hash-Crc64ecma
X-Oss-Storage-Class
X-FTR-Realm
X-FTR-DC
X-Varnish-Beresp-Grace
X-FTR-Balancer
X-FTR-Cache-Status
X-FTR-Backend-Server
X-FTR-Backend
X-Ms-Version
X-Ms-Request-Id
X-RateLimit-Limit
X-Time-Microsecs
X-ARC
X-B-Cookie
X-Aed
X-A-Wwc
X-Application
DCR-Decision-By
BehaviorPad-Version
X-CF-Lambda-Version
X-A-Dgt
DCR-Processing-Time-Ms
X-Cache-NE
X-CF-Lambda-Fn
X-Varnish-Beresp-Ttl
Machine
Mobile-Detection-Method
Meta-Geo-Continent
Odigeo-Trace-Id
Rendered-Blocks
T-Server
X-A
MD5-Digest
X-A-Dam
X-A-Dcw
Fastcgi-X-Cache-Version
X-Varnish-Cache-Hits
X-A-Ccd
Expiry
X-Connection-Hash
X-Processor
X-PBS-Appsvrname
X-Unique-Id
X-Request-UUID
X-Rewrite-Enabled
X-PAYTM-SRV-ID
X-Magnolia-Registration
X-Location
X-NAPM-TraceId
X-Origin-CC
X-Origin-TTL
X-Rojux
X-S
X-VG-WebCache
X-Vdms-Version
X-VG-WebServer
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
X-Vdms-Path
X-Trv-Group
X-S-Cookie
X-ScT
X-Session-Fingerprint
X-SRCache-Key
X-Level-Front-Cache
X-Owner
X-From
X-Generated-On
X-Generation-Time
X-External-Request-Id
X-Destination
X-D
Backend
X-Varnish-Beresp-Status
X-Backend-TTL
X-EC-Lua
X-ServerID
X-TrackingId
X-Device-Os
X-Tumblr-Pixel-3
X-Bip
Fastly-Backend-Name
Gh-Request-Id
Thinkindot-CacheControl-Type
X-Thanos
X-Thinkindot-L3
Host-ID
X-Cache-Bucket
X-Developers
CacheControlHeader
Cache-Host
AKAMAI
Arc-Version
Cf-Device-Type
Content-Disposition
Thinkindot-Control
UCS
V-Age
X-Is-Gdpr
Magicmarker
X-Azure-Ref-OriginShield
Wxu-Next-Hostname
X-GeoIP-City
PB-RID
X-Policy
Wxu-Next-Region
Release
X-OVcl
Server-Host
X-OVcl-Cache
X-Cms-Context
X-Geo-Header
Wxu-Next-Commit
X-Generated-In
Thinkindot-CacheControl
X-Fetched-On
X-FC-Vary-Parameters
X-Has-Esi
X-JWT-State
X-Reqid
PB-PID
Path
Pagetype
Ssr
X-Core-Value
X-DynaTrace-JS-Agent
X-Amz-Meta-S3cmd-Attrs
X-GEO
X-Eu-Site
X-Epic-Correlation-Id
X-Envoy-Decorator-Operation
X-Dispatcher-Server
X-DPWN-IS-SECURE
X-Fastly-Backend
X-Fastly-Cache
X-IP
X-Irp-Debug
X-HS-Content-Campaign-Id
X-HN
X-GeoIP
X-GoCache-CacheStatus
X-Developer
X-DefElseHash
Vix-Hermes-Req-Id
X-B3-Traceid
True-Client-Country-4JS
Sever-Int
Server-Ext
Server-Hostname
X-Backend-State
X-Branch-Name
X-Clientip
X-Csrf-Jwt
X-CGP
X-Cache-Tags
X-Cache-Debug
X-Cache-Info
X-DefHash
X-Li-Pop
X-SVT-ORM-VERSION
X-User
X-Var-Ttl
X-SVT-ORM-RULES
X-Skip-Cache
X-Scheme
X-SIPLIST1
X-Variation
X-Varnish-CookieHashed-On
X-VG-TLSProxy
X-VServer
X-VarnishDD-TTL
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
X-Varnish-Hits
X-Request-URI
X-Rebelmouse-Surrogate-Control
X-Mvc-Supplant-Cachable
X-Nginx-Cache-Key
X-Micro-Cache
X-Method
Platform
X-LI-UUID
X-Node-Id
X-NU-AKA-ACS-Version
X-Ratelimit-Reset
Apple-News-Services-Handled
X-Platform-Server
X-Unique-ID
X-Origin
X-Origin-Expires
X-Li-Fabric
X-Rebelmouse-Cache-Control
L5d-Success-Class
Apple-News-Services-Request-Url
Location
L
CDN-Cache
Is-Eu
Cf-Bgj
Locid
CDN-EdgeStorageId
Origin
CDN-Uid
Fastly-SWR
CDN-RequestId
CDN-CachedAt
Apple-News-Services-Host
DSUID
IsBot
NGX
Adler-Geo
CDCHOST
NM-Fastcgi-Cache
HA-Ipaddr
Fastly-SIE
Ha-Gx-Prefs
Esi-Enabled
PFcat
CDN-RequestCountryCode
On-Server
Apple-News-Services-Parsed-Url
C-Via
CDN-PullZone
X-FTR-Expires
X-Tb
User-Cache-Control
X-Sucuri-ID
X-Clara-WADP
X-Cache-Id
NGB
X-Gzip
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Hash
X-Hnp-Log
X-Old-Content-Length
X-Generated-By
X-Gen-Mode
X-Esi-Check
X-LB-ID
X-Fmm-Version
X-Gamma-Serve
X-Swa-Ws
X-Origin-Response-Time
X-Wikidot-Backend
X-WADP-Cache
X-Aicache-OS
X-Wikidot-Static-Cache
Xc-Version
Rt-Fastcgi-Cache
X-Request-Host
Web-Mar-Node
X-Air-Hostname
Fastly-Drupal-HTML
X-Block-Status
X-Loc
X-NewRelic-App-Data
X-ID
X-Planisys-CDN-Cache
X-Planisys-CDN-TTL
X-Slack-Backend
X-Planisys-CDN-Rules
Tracecode
X-Cdn-Forward
X-Servername
X-Varnish-Url
X-PF-Uncompressing
Pics-Label
X-Via-Poph
Cmsid
Cmstype
Req-Svc-Chain
X-Via-Popn
X-Mvc-Supplant-OutputCached
X-Edge-Location-Klb
X-Via-Popv
X-Kraken-Loop-Name
X-Instrumentation
X-Kraken-Routeconfig-Destination
X-Server-Lifecycle-Phase
X-APP-VERSION
Kp-EeAlive
X-Cache-Var
X-Served-From
Svr
Url
Instruction
X-Cache-Var-Map
X-Refresh
SR-User-Adfree
X-CUA
Geo-Info
A
X-Vgn-Hpd-Reason
VivaBuild
X-Matched-Rule
M-TraceId
Lfy
Viewtype
Sid
X-TraceId
Arc-Country
CloudFront-Viewer-Country
Cross-Origin-Opener-Policy
Cache-Key
X-SaId
X-Cdn-Origin
X-NGENIX-Cache
X-PHP-Backend
X-JoinUs
X-Webkit-CSP-Report-Only
X-Cache-Expires
X-Sn-Servicetimems
X-Cache-Backend
X-Edge-Location
MIME-Version
TDXMobile
X-Tb-Optimization-Total-Bytes-Saved
X-NCache
Tcn
Pramga
X-CDN-Forward
SID
DataCenter
X-Vc
X-Srv
X-Cache-Date
X-DC
X-Core-Mission
X-NC
X-Extlb
X-Servedbyhost
X-CLOUD-TRACE-CONTEXT
Server-ID
NtCoent-Length
X-Service
X-Request-Start
Content-Secure-Policy
X-Internal-Host
X-Wa
GeoIp-Country-Code
X-Error
Source
Geoip-Latitude
X-FireWall-Protection
CACHE
X-Bc-Bl
X-Varnish-Cacheable
X-Vcl-Version
X-HS-Status
FSS-Cache
X-LI-Proto
X-Forwarded-Site
X-B3-Spanid
LB
X-Response-By
Surrogated-Key
X-Geo
X-Air-Source
X-Proxy-Upstream
Memcached
X-Req
X-Esi
X-Via-NSCOPI
X-Newrelic-Synthetics
X-VHOST
X-Li-Proto
X-Date
X-VC-Cache
X-PJAX-URL
X-Accel-Expires-Debug
We-Hiring
Mail-Subject
Resin-Trace
Xkeyi7
X-Proxy-Cachei7
Upgrade-Insecure-Requests
X-HOST
X-LiteSpeed-Cache-Control
N-Cache
Hostname
X-Sigma-Backend
GeoIP-Country-Code
Server-Ttl
X-Sigma
Env
X-Viewer-Country
HitType
X-Rocket-Build-Number
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Hcs-Proxy-Type
X-CCDN-Origin-Time
X-BBXSRF
X-CCDN-CacheTTL
Request-ID
X-VCL-Version
GeoIP-Latitude
CF-Cached-On
X-Zone
X-HostName
X-DI
X-DSS
X-APP
X-DB
X-Men
X-RPS
X-App
X-WA
Time
X-MSEdge-Flight
X-MSEdge-Features
X-RAMCache
X-TIM-N
X-RSL
Memory
X-RPM
X-DW
X-Cache-2
X-Contensis-Viewer-Groups
X-ServedByHost
D-Cc-Upstream
X-Cache-ASPX
S-Rt
X-Cc-Via
X-Varnish-Authentication
X-Cc-Req-Id
X-Cs
X-Svr
XServer
VNS-Cache
VNS-Age
Server-Id
X-Air-Trace-Id
X-Action
ProcessTime
CPC-Age
CPC-Cache
X-Mg-Request-UUID
X-ZONE
X-UA
X-Cache-Remote
Cteonnt-Length
X-Server-IP
X-API-Version
X-Cache-Config
X-Region-Sid
X-Nyt-Route
X-Oss-Cdn-Auth
Fastcgi-Cache-TTL
Mime-Version
X-Origin-Time
State
My-App
X-Fpc
X-Gdpr
X-FPC
X-Sucuri-Cache
X-Swift-Error
X-Dynatrace-Js-Agent
X-Provided-By
Ohc-File-Size
Cross-Origin-Window-Policy
X-Depends-On
Cache-Provider
X-Minions-Version
W
X-CF-Powered-By
X-FORWARDED-FOR
Srv
X-Akamai-Pragma-Client-IP
X-Cdn-Request-ID
CDN
X-UnsetCookies
X-NodeID
X-Check-Cacheable
X-Cache-Ttl
X-Dw-Trace-Id
X-BACKEND-TTL
X-TIME
X-CSRF-TOKEN
X-URL
X-Erf-Stays-Bingo-Pdp-Web
X-Cache-Type
X-Ftr-Cache-Host
X-VC
X-SN
X-ServerName
X-Xrds-Location
X-Client-Ip
Cf-Ipcountry
X-Host-Name
Ohc-Cache-HIT
X-Hello
X-ABtesting
X-Flog
X-Parent-Response-Time
Cdn
Proxy-Connection
X-Fastly-Request-Id
X-Webstats-RespID
OT-Force-Account-Verify
X-SD-PageType
X-SB
Dnion-Transfer-Encoding
X-Orig-Expires
Media-Length
X-ND-Cache
X-Snapshot-Date
X-Forwarded-Path
X-Oracle-DMS-ECID
X-Presslabs-Stats
X-Tenant
X-Cluster-Node
X-NGINX-Cache
X-Pf-Uncompressing
X-Pad
X-BBC-Edge-Cache-Status
X-Shop-Environment
X-Fastly-Backend-Reqs
Vha6-Origin
X-Cache-Tag
X-Varnish-URL
X-Via-PopH
X-LiteSpeed-Tag
X-Render-Time
X-Air-Pt
WZWS-RAY
EpKe-Alive
X-Via-PopN
X-Via-PopV
X-ElasticPress-Search
Epwk-X-Cache
PICS-Label
X-Traceid
X-Request-URL
X-C
X-Acquia-Site
X-MiniProfiler-Ids
X-Acquia-Purge-Tags
X-Acquia-Application-UUID
X-BBC-Origin-Response-Status
X-Acquia-Application-Trace
X-Varnish-Beresp-TTL
X-Vcache
X-Ms-Meta-Originalurl
X-Ms-Meta-Staticbatchstarttime
Warning
X-Ftr-Request-Id
Xet-Cookie
X-Lb-Id
X-Akamai-ERRuleID
X-Akamai-ERPolicy
CountryCode
Datacenter
X-Ua
X-Cache-Status-Check
X-Pjax-Url
X-Mg-Request-Id
X-Apw-Access-Action
X-Yottaa-OS
X-Apw-Access-Object
X-Apw-Access-Token
X-Apw-Hits
Ohc-Response-Time
X-Storefront-Renderer-Verified
NnCoection
X-B3-Parentspanid
Phost
X-Worker
URI
X-Redis-Count
X-Redis-Duration-Ms
Environment
X-ElasticPress-Query
X-Debug-Cache-Fetch
Processtime
X-Litespeed-Cache-Control
Content-Script-Type
X-Amz-Meta-Cb-Modifiedtime
X-Tid
X-Debug-Cache-Store
Inserted-Into-Cache-At
X-Auto-Login
Content-Style-Type