Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-RAY
CF-Cache-Status
X-XSS-Protection
Accept-Ranges
Link
Pragma
ETag
Expect-CT
X-Powered-By
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
P3P
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
Alt-Svc
X-UA-Compatible
X-Served-By
X-Timer
X-Request-Id
X-Download-Options
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-Runtime
X-AspNet-Version
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Permitted-Cross-Domain-Policies
X-Check
X-Xss-Protection
X-Cache-Status
X-Generator
X-DNS-Prefetch-Control
X-Cacheable
Timing-Allow-Origin
X-Content-Security-Policy
X-Ua-Compatible
X-Iinfo
Content-Encoding
X-CDN
X-Request-ID
Feature-Policy
X-AspNetMvc-Version
Status
X-Envoy-Upstream-Service-Time
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
Upgrade
Access-Control-Max-Age
X-Via
Keep-Alive
X-Ws-Request-Id
X-Age
X-AH-Environment
X-Robots-Tag
X-Turbo-Charged-By
Request-Context
EagleId
X-Cache-Group
X-Proxy-Cache
Server-Timing
X-Server
X-Backend
X-Hacker
Host-Header
X-Server-Powered-By
Report-To
X-Amz-Request-Id
X-Nginx-Cache-Status
Grace
X-Amz-Id-2
X-UA-Device
X-Dns-Prefetch-Control
X-Rq
P3p
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-LiteSpeed-Cache
X-Page-Speed
Cf-Railgun
X-Pingback
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Device
X-OneAgent-JS-Injection
X-Amz-Version-Id
X-CST
NEL
X-Cache-Spec
X-Vhost
Allow
X-WebKit-CSP
X-Host
X-Backend-Server
X-ASPNET-VERSION
X-Server-Id
Xkey
X-Dispatcher
EagleEye-TraceId
Surrogate-Control
X-Node
Request-Id
X-Response-Time
Content-Location
X-Akam-SW-Version
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Accept-CH
X-Cache-Lookup
X-Ruxit-JS-Agent
X-Application-Context
X-Country
X-Ac
X-Mod-Pagespeed
X-Cloud-Trace-Context
Accept-Ch-Lifetime
X-Template
X-Readtime
X-Language
Accept-CH-Lifetime
X-B3-TraceId
MS-Author-Via
Accept-Ch
Rating
X-Url
X-HW
X-Cnection
X-MS-InvokeApp
X-Origin-Cache
X-Vname
X-PC
X-TtlSet
X-Clacks-Overhead
Edge-Control
X-GitHub-Request-Id
X-ESI
X-Trace
Display
X-Sol
Pagespeed
X-Content-Type
X-Middleton-Response
X-Middleton-Display
Response
X-D2id
Arr-Disable-Session-Affinity
Verso
X-ORACLE-DMS-RID
X-Exp-Variant
X-Cdn-Fetch
X-Exp-Id
X-GoogleNews-Bot
X-Use-Magma
X-Kinja-Server
X-Kinja-Revision
X-Kinja
X-Kinja-Build
X-ORACLE-DMS-ECID
X-Goog-Hash
X-Varnish-TTL
X-Country-Code
X-Vcap-Request-Id
X-Powered-By-Plesk
X-Rack-Cache
X-Navigation-Version
X-VARITI-CCR
X-Server-Name
X-Oneagent-Js-Injection
Service-Worker-Allowed
X-Amz-Rid
X-TTL
X-Fastly-Request-ID
X-Abt-Application-Version
Fastly-Restarts
X-Client-IP
X-Buckets
X-Cached
X-Cache-TTL
X-FastCGI-Cache
X-MSEdge-Ref
X-Release
X-Element-Page-Cache
X-Dw-Request-Base-Id
X-NF-Request-ID
SPRequestGuid
X-Webkit-CSP
X-SharePointHealthScore
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
Public-Key-Pins
SPRequestDuration
SPIisLatency
RTSS
Access-Control-Request-Method
Cache-Tag
X-Pinterest-Rid
Pinterest-Generated-By
Pinterest-Version
X-Edge
AR-Request-ID
AR-PoweredBy
AR-CACHE
AR-ATIME
Ar-Sid
X-Ezoic-Cdn
X-Powered-CMS
X-LLID
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Upstream
X-Version
Content-MD5
X-HP-Webp
X-Jurisdiction
S
X-Origin-Upstream-Status
X-ECACHE
X-MCACHE
X-Mid
Charset
X-Recruiting
X-DynaTrace
X-Kinsta-Cache
X-Mg-S
X-PressLabs-Stats
Fusion-Template-Id
X-Ruxit-Js-Agent
Fusion-Component-Id
X-Ttl
Fusion-Source
Fusion-Content-Id
Fusion-Deployment-Id
Fusion-Content-Source
X-Content-Digest
X-Px
X-T
Cache-Tags
Fastcgi-Cache
X-Accel-Expires
X-Litespeed-Cache
X-Fastcgi-Cache
X-Id
X-Forwarded-Proto
X-Logged-In
X-Content-Security-Policy-Report-Only
Filters
TCN
Server-Node
Edge-Cache-Tag
X-Amz-Server-Side-Encryption
TP-L2-Cache
TP-Cache
Server-Name
MicrosoftSharePointTeamServices
Front-End-Https
X-Forwarded-For
X-Grace
Nginx-Cache
X-Request-Processing-Time
X-Request-Received
X-Kong-Proxy-Latency
X-Hits
X-Kong-Upstream-Latency
X-Correlation-Id
X-Shield-Request-Id
X-Amzn-Trace-Id
X-B3-Sampled
X-Request-Handler-Origin-Region
X-Microsite
X-Debug
X-Varnish-Age
X-AppVersion
Alternate-Protocol
X-Activity-Id
X-Az
X-HS-Combine-CSS
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Cache-Config
X-F-Cache
X-Amz-Replication-Status
X-XRDS-Location
X-XRDS-LOCATION
X-Yandex-Sdch-Disable
X-GUploader-UploadID
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Goog-Storage-Class
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Origin-Server
Surrogate-Key
X-NWS-LOG-UUID
X-Ser
X-Frontend
Nel
X-Rid
X-DIS-Request-ID
Accept-Charset
Host
X-Geo-Country
X-Cache-Age
X-Git-Hash
Section-Io-Cache
X-Hostname
X-Respond-Thread
X-Daa-Tunnel
X-RateLimit-Remaining
X-Upgrade-Enabled
X-VCache
Access-Control-Allow-Method
X-Mobile-URL
X-DataDome
X-Time
MS-CV
X-Server-ID
X-Source
X-Type
X-LB-Cache
Paypal-Debug-Id
ServerID
X-AOL-HN
X-Varnish-Backend
X-Seen-By
X-Cache-Action
X-Content-Options
Cleartype
X-App-Environment
X-Whom
X-IPLB-Instance
Healthy
X-TT
X-Is-Crawler
X-Flags
X-B-Cache
X-Providence-Cookie
X-Request-Guid
X-Signature
X-Route-Name
X-Aspnet-Duration-Ms
Payment
X-Cache-Key
X-Page-Id
X-Debug-Info
Realpath
Cache
X-WebKit-CSP-Report-Only
X-Load-Cache
X-N
X-Jobs
X-Contextid
Fastcgi-Useragent
X-FB-Debug
X-FTR-Request-ID
X-Webkit-Csp
X-Browser-Type
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Pinterest-Direct
Node
X-Mobile
X-Rule
Refresh
X-Cache-Expired-At
X-Original-Request-Id
X-Accel-Buffering
X-Response-Served-From
DC
X-RTag
Ms-Operation-Id
X-Zen-Fury
X-Cacheable-TTL
X-Drupal-Cache-Tags
Viewport
X-Cluster-Name
Access-Control-Request-Headers
Referer-Policy
Version
Powered-By-ChinaCache
X-Framework
X-Content-Powered-By
X-B
X-Instance
X-HTML-Minification-Powered-By
X-RemovedCookies
X-Proxy
X-Wix-Request-Id
X-Cache-Control
X-FireWall-Port
X-Real-IP
X-ProcessESI
VIX-Pulpo-Node
X-UUID
VIX-Pulpo-Upstream-Status
X-Cache-Time
X-IPS-LoggedIn
X-Region
X-Page-View
X-Tec-Api-Version
Eomportal-Instance
X-Tec-Api-Root
X-Distributor
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-Tec-Api-Origin
Countrycode
X-Via-JSL
X-Drupal-Cache-Contexts
X-FW-Type
X-FW-Hash
X-Cached-By
X-FW-Server
X-FW-Serve
X-FW-Static
X-FW-Dynamic
X-Cache-Rule
X-Cache-Operation
X-G
X-Tumblr-Pixel
X-App-Server
X-Yottaa-Optimizations
X-Akamai-Edgescape
X-Yottaa-Metrics
X-Nginx-Cache
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
X-Tumblr-User
X-Debug-IsConnected
X-Cache-Hit
X-Debug-IsPreview
X-Environment-Context
Liferay-Portal
X-L-Path
Xserver
X-Pass-Why
X-Www-Served-By
SRV
X-Protected-By
Section-Io-Origin-Time-Seconds
Section-Io-Origin-Status
Section-Io-Id
Section-Origin-Responded
Server-Info
DynaTrace
CF-IPCountry
X-Varnish-Grace
X-Device-Type
X-User-Agent
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
Webserver
From-Origin
GEO-INFO
X-Tumblr-Pixel-2
X-Mode
Retry-After
X-Adobe-Content
X-Adobe-Loc
X-UPSTREAM-Address
X-Hl-Ver
X-RN-RSRV
Cache-Status
Ec-Rule-Version
Meta-Geo
X-Varnish-Server
X-ES-SERVER
X-Handled-By
Frame-Options
X-Endurance-Cache-Level
Cache-Tv-Group
X-Backend-Name
X-Uri
X-MP-GENERATED-AT
X-Ratelimit-Limit
X-Varnish-Ttl
Decoy-Debug-TTL
X-Pubstack
Decoy-Debug-Status
Fastly-SSL
X-Origin-Hint
Property-Id
X-Request-Time
X-ProxyCache-Status
Decoy-Debug-Key
X-Labrador-Cache-Channel
X-FB-TRIP-ID
X-Cache-Server
X-PHP-Host
X-Human
X-ProxyCache-Key
Country
X-Format
X-Varnishpool
X-Soup
Webcakes-App-Name
TWC-Privacy
X-Storage
Webcakes-Region
X-BYPASS-REASON
X-Access
TWC-Locale-Group
Webcakes-App-Version
TWC-Connection-Speed
TWC-GeoIP-LatLong
X-Section
TWC-Device-Class
TWC-GeoIP-Country
Mn-Server-Ip
X-Be
Apigw-Requestid
X-ApacheServer
X-Info
Azure-RegionName
X-WA-Info
Selected-Fe
Azure-Version
Azure-SlotName
Azure-SiteName
Azure-InstanceId
X-OCL
X-Proxy-Build
X-Timing-Wait
X-Redis-Cache
X-Server-W
X-S-Maxage
X-PCL
X-PERF
X-NYM-Debug-Backend
X-UA-Device-Type
X-Sql-Duration-Ms
X-Sql-Count
X-SayCDN-TTL
X-Say-TTL
Cache-Name
X-VWS-Id
X-R9-Blue-Green-Version
Protected
X-Via-Fastly
X-Zipkin-Id
X-Proto
X-Web-Node
X-Say-Cacheable
X-LJ-Flow-ID
X-No-Session
X-Status
X-AWS-Id
X-Origin-Date
X-Routing-Service
X-LAGOON
X-Proxied
X-Cache-TTL-Remaining
X-Storefront-Renderer-Rendered
X-Sorting-Hat-ShopId
X-ShardId
X-ShopId
X-Shopify-Stage
X-Alternate-Cache-Key
X-Site-Version
X-Sorting-Hat-PodId
X-TNCMS
X-Hosted-By
X-GG-Cache-Date
X-Loop
X-Locale
X-Hyper-Cache
Uber-Trace-Id
X-Xfnlog-Site
X-TA-CDN-Provider
X-AIR-PT
AMP-Access-Control-Allow-Source-Origin
X-Is-Bot
X-Cache-Enabled
X-FW-Version
X-Proxy-Cache-Status
X-Rendered-As
X-Content-Age
X-NWS-UUID-VERIFY
X-Cluster
X-Dc
X-Microcachable
X-TT-LOGID
S-Cnection
X-Forwarded-Host
X-Cache-Grace
X-Qloud-Router
X-Node-Name
X-Azure-Ref
X-CCM
X-Revision
X-Backend-Host
X-Platform
X-Via-CDN
X-CSRF-Token
Cache-Hits
Amp-Access-Control-Allow-Source-Origin
X-SRV
X-Correlation-ID
Akamai-GRN
X-Aspnetmvc-Version
X-App-Version
X-EdgeConnect-Cache-Status
X-ATG-Version
ServedBy
X-Trace-Id
X-Cache-PHP
X-Cache-Host
X-Varnish-Hostname
X-Cache-NGX
X-Detected-As
X-RCS-CacheZone
X-Amz-Apigw-Id
X-Amzn-Remapped-Content-Length
X-Amzn-RequestId
X-B3-SpanId
X-Ratelimit-Remaining
DB-Nickname
X-Debug-Cache
HostName
X-Oss-Request-Id
X-FTR-Backend-Server
X-FTR-Backend
X-Oss-Hash-Crc64ecma
X-Country-Code-Real
X-FTR-Balancer
X-Oss-Object-Type
X-FTR-DC
X-Nc
X-CACHE-KEY
X-Oss-Server-Time
X-FTR-Realm
X-Oss-Storage-Class
SD-X-WS
X-FTR-Cache-Status
Who
X-Akamai-Transformed
X-CS
X-BCube-Filmed-By
X-Amz-Meta-S3cmd-Attrs
Country-Code
X-TX-ID
X-Time-Microsecs
X-Adobe-Source
Backend
X-Varnish-Cache-Hits
Meta-Geo-Continent
X-PAYTM-SRV-ID
X-Owner
X-PBS-Appsvrname
X-Processor
X-Request-UUID
X-Origin-TTL
X-Origin-CC
X-Generation-Time
X-Generated-On
X-Level-Front-Cache
X-Location
X-NAPM-TraceId
X-Rewrite-Enabled
X-Rojux
X-VG-WebCache
X-Vdms-Version
X-VG-WebServer
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
X-Vdms-Path
X-Trv-Group
X-S-Cookie
X-S
X-ScT
X-Session-Fingerprint
X-SRCache-Key
X-From
X-External-Request-Id
Odigeo-Trace-Id
Mobile-Detection-Method
Rendered-Blocks
T-Server
X-A
MD5-Digest
Machine
DCR-Decision-By
BehaviorPad-Version
DCR-Processing-Time-Ms
Expiry
Fastcgi-X-Cache-Version
X-A-Ccd
X-A-Dcw
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-Connection-Hash
X-D
X-Destination
X-Cache-NE
X-B-Cookie
X-A-Wwc
X-A-Dgt
X-Aed
X-Application
X-ARC
X-Varnish-Beresp-Grace
X-A-Dam
X-ServerID
X-DynaTrace-JS-Agent
X-Backend-TTL
X-Ms-Request-Id
X-Ms-Version
X-Unique-Id
Filterid
Wxu-Next-Region
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
X-Bip
Wxu-Next-Hostname
Thinkindot-Control
X-Varnish-Beresp-Ttl
UCS
X-Air-Hostname
Wxu-Next-Commit
V-Age
Path
Gh-Request-Id
Host-ID
Fastly-Backend-Name
X-B3-Traceid
CacheControlHeader
Magicmarker
AKAMAI
Release
Server-Host
X-Cache-Bucket
Pagetype
On-Server
Ssr
X-Magnolia-Registration
X-Swa-Ws
X-Thanos
X-Reqid
X-Policy
X-OVcl-Cache
X-Thinkindot-L3
X-TrackingId
Xc-Version
Tracecode
X-Tumblr-Pixel-3
X-Unique-ID
X-Cache-Info
X-OVcl
X-Fetched-On
X-Generated-In
X-Device-Os
X-Developers
Cache-Host
X-Geo-Header
X-GeoIP-City
X-Micro-Cache
X-Mvc-Supplant-Cachable
X-HS-Content-Campaign-Id
X-Irp-Debug
X-APP-VERSION
X-RateLimit-Limit
X-FTR-Expires
X-NewRelic-App-Data
X-Tb
X-Varnish-Beresp-Status
User-Cache-Control
X-GEO
X-Dispatcher-Server
X-Esi-Check
X-Is-Gdpr
X-Developer
X-Csrf-Jwt
X-Eu-Site
X-Fastly-Cache
X-Gzip
X-HN
X-GeoIP
X-Generated-By
X-Gen-Mode
X-Core-Value
X-Cms-Context
Web-Mar-Node
X-Backend-State
Vix-Hermes-Req-Id
True-Client-Country-4JS
X-Sucuri-ID
X-JWT-State
X-Block-Status
X-CGP
X-Cache-Id
X-Cache-Debug
X-Branch-Name
X-Hnp-Log
X-IP
X-Varnish-Hits
C-Via
X-Var-Ttl
X-User
X-FC-Vary-Parameters
X-Wikidot-Backend
X-Wikidot-Static-Cache
PB-RID
PB-PID
Cf-Device-Type
Arc-Version
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Old-Content-Length
X-Origin
X-Nginx-Cache-Key
Sever-Int
X-Method
X-Origin-Response-Time
X-Request-Host
X-Skip-Cache
X-Scheme
X-Has-Esi
X-Request-URI
X-Azure-Ref-OriginShield
X-VarnishDD-TTL
Ha-Gx-Prefs
Apple-News-Services-Parsed-Url
PFcat
HA-Ipaddr
Apple-News-Services-Host
DSUID
L
CDN-PullZone
CDN-RequestCountryCode
Cf-Bgj
Content-Disposition
Esi-Enabled
CDN-Uid
Apple-News-Services-Request-Url
CDN-RequestId
NM-Fastcgi-Cache
CDN-CachedAt
CDN-EdgeStorageId
Locid
Server-Hostname
X-Cdn-Forward
CDN-Cache
Location
Apple-News-Services-Handled
CDCHOST
L5d-Success-Class
Origin
Server-Ext
X-EC-Lua
X-ID
X-Fmm-Version
X-Slack-Backend
X-Envoy-Decorator-Operation
NGX
X-Gamma-Serve
X-LB-ID
X-Goog-Meta-Goog-Reserved-File-Mtime
Fastly-Drupal-HTML
X-Ratelimit-Reset
X-Hash
Fastly-SWR
X-Origin-Expires
X-Rebelmouse-Cache-Control
X-Node-Id
X-LI-UUID
X-Li-Pop
X-Rebelmouse-Surrogate-Control
X-SIPLIST1
X-Varnish-Remaining-TTL
X-VServer
X-Varnish-CookieINHashed-On
X-Varnish-CookieHashed-On
X-Variation
X-Li-Fabric
X-Fastly-Backend
Is-Eu
Platform
Fastly-SIE
Adler-Geo
X-WADP-Cache
X-Cache-Tags
X-Clientip
X-Epic-Correlation-Id
X-DPWN-IS-SECURE
X-DefHash
X-DefElseHash
X-VG-TLSProxy
IsBot
X-Aicache-OS
X-Clara-WADP
X-Cache-Var-Map
X-Cache-Var
X-Varnish-Url
X-Mvc-Supplant-OutputCached
Rt-Fastcgi-Cache
Instruction
X-GoCache-CacheStatus
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Planisys-CDN-Cache
SR-User-Adfree
X-NU-AKA-ACS-Version
X-Loc
X-Platform-Server
X-PF-Uncompressing
X-CUA
Geo-Info
Sid
Url
X-Refresh
Lfy
Req-Svc-Chain
X-Via-Popv
NGB
X-Via-Popn
Cmstype
Cmsid
X-Matched-Rule
Pics-Label
X-Via-Poph
X-Servername
X-Served-From
Kp-EeAlive
CloudFront-Viewer-Country
X-Cache-Expires
Svr
X-Cache-Backend
VivaBuild
Viewtype
X-NCache
A
X-Cdn-Origin
Pramga
X-Sn-Servicetimems
X-Srv
M-TraceId
X-Vgn-Hpd-Reason
X-Core-Mission
Cache-Key
X-Cache-Date
X-TraceId
X-Tb-Optimization-Total-Bytes-Saved
Cross-Origin-Opener-Policy
MIME-Version
Arc-Country
TDXMobile
Source
X-PHP-Backend
X-SaId
X-JoinUs
X-Request-Start
DataCenter
X-CLOUD-TRACE-CONTEXT
X-Webkit-CSP-Report-Only
X-Error
X-Vc
X-Instrumentation
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
X-FireWall-Protection
X-Edge-Location
X-Kraken-Routeconfig-Destination
Server-ID
X-DC
X-Edge-Location-Klb
X-NGENIX-Cache
SID
X-NC
GeoIp-Country-Code
X-Varnish-Cacheable
Geoip-Latitude
Content-Secure-Policy
X-Service
Tcn
X-Servedbyhost
NtCoent-Length
X-Wa
X-Vcl-Version
X-B3-Spanid
X-Response-By
X-Air-Source
X-HS-Status
X-Internal-Host
X-Extlb
X-Geo
X-CDN-Forward
X-Forwarded-Site
X-Esi
FSS-Cache
X-Bc-Bl
X-Proxy-Cachei7
Xkeyi7
CACHE
X-BBXSRF
Resin-Trace
N-Cache
HitType
X-Via-NSCOPI
X-LI-Proto
X-Li-Proto
Server-Ttl
X-LiteSpeed-Cache-Control
X-HOST
X-CCDN-Origin-Time
X-CCDN-CacheTTL
X-Hcs-Proxy-Type
Request-ID
Surrogated-Key
We-Hiring
Memcached
Mail-Subject
X-Cache-2
X-Accel-Expires-Debug
X-Date
X-Req
X-RAMCache
X-PJAX-URL
X-Viewer-Country
LB
X-Cs
S-Rt
X-Proxy-Upstream
X-TIM-N
X-Newrelic-Synthetics
X-DI
X-DB
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
Upgrade-Insecure-Requests
X-Contensis-Viewer-Groups
Env
X-VC-Cache
X-Cc-Req-Id
X-Cc-Via
X-DSS
X-VCL-Version
X-RSL
D-Cc-Upstream
X-Svr
X-Cache-ASPX
X-RPS
X-Varnish-Authentication
X-DW
X-RPM
X-Cache-Remote
Hostname
GeoIP-Latitude
X-APP
X-App
X-Rocket-Build-Number
X-Sigma
X-Sigma-Backend
GeoIP-Country-Code
X-Men
X-WA
X-UA
Cteonnt-Length
XServer
Time
Memory
X-Air-Trace-Id
Server-Id
X-MSEdge-Features
X-ServedByHost
ProcessTime
X-Action
X-MSEdge-Flight
Cross-Origin-Window-Policy
X-Server-IP
CF-Cached-On
Ohc-File-Size
X-ZONE
X-Sucuri-Cache
X-TIME
X-Zone
X-Erf-Stays-Bingo-Pdp-Web
X-HostName
VNS-Cache
VNS-Age
Mime-Version
X-FPC
X-Gdpr
X-API-Version
X-Fpc
X-Oss-Cdn-Auth
X-CF-Powered-By
X-Nyt-Route
X-Origin-Time
CPC-Cache
CPC-Age
X-Region-Sid
X-Cache-Config
X-Provided-By
X-Host-Name
X-Dynatrace-Js-Agent
X-Swift-Error
X-NodeID
X-SN
X-FORWARDED-FOR
X-Check-Cacheable
W
X-Depends-On
X-VC
Cache-Provider
X-Cdn-Request-ID
Srv
Ohc-Cache-HIT
X-CSRF-TOKEN
My-App
X-Webstats-RespID
X-Ftr-Cache-Host
Fastcgi-Cache-TTL
X-UnsetCookies
CDN
X-SD-PageType
X-BACKEND-TTL
X-SB
X-ServerName
X-Client-Ip
X-Akamai-Pragma-Client-IP
X-Flog
X-Parent-Response-Time
X-ABtesting
X-Hello
X-Dw-Trace-Id
X-Fastly-Backend-Reqs
X-BBC-Edge-Cache-Status
Cdn
State
X-Fastly-Request-Id
X-Mg-Request-UUID
Media-Length
EpKe-Alive
X-Minions-Version
Vha6-Origin
Proxy-Connection
X-Oracle-DMS-ECID
Dnion-Transfer-Encoding
X-Cache-Tag
X-Render-Time
X-Presslabs-Stats
X-Pf-Uncompressing
X-Pad
Cf-Ipcountry
X-NGINX-Cache
X-Acquia-Purge-Tags
X-Snapshot-Date
PICS-Label
OT-Force-Account-Verify
X-ElasticPress-Search
X-LiteSpeed-Tag
X-Via-PopH
X-Acquia-Application-Trace
X-Via-PopV
X-Acquia-Site
X-Acquia-Application-UUID
Epwk-X-Cache
X-Via-PopN
X-Cache-Type
X-Varnish-Beresp-TTL
X-Worker
X-BBC-Origin-Response-Status
X-Varnish-URL
Warning
X-Orig-Expires
X-Shop-Environment
X-Tenant
X-ND-Cache
X-Forwarded-Path
X-Vcache
X-Auto-Login
X-Akamai-ERPolicy
X-Request-URL
Xet-Cookie
X-Ms-Meta-Originalurl
X-Traceid
Processtime
X-ElasticPress-Query
X-Lb-Id
X-Cluster-Node
X-MiniProfiler-Ids
X-Akamai-ERRuleID
X-Ms-Meta-Staticbatchstarttime
X-Ua
CountryCode
X-Air-Pt
WZWS-RAY
X-Tx-Id
X-Apw-Access-Token
X-Yottaa-OS
X-Apw-Hits
X-Cache-Status-Check
Ohc-Response-Time
Phost
X-Mg-Request-Id
X-Apw-Access-Object
X-Ftr-Request-Id
Content-Style-Type
X-Tid
Environment
X-Amz-Meta-Cb-Modifiedtime
X-Storefront-Renderer-Verified
X-Redis-Duration-Ms
Inserted-Into-Cache-At
X-Redis-Count
X-FTR-Cache-Host
URI
Content-Script-Type
NnCoection
X-Litespeed-Cache-Control
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-B3-Parentspanid
X-Apw-Access-Action