Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-RAY
CF-Cache-Status
Accept-Ranges
Link
X-XSS-Protection
Pragma
ETag
Expect-CT
X-Powered-By
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
Alt-Svc
X-UA-Compatible
X-Served-By
X-Timer
X-Request-Id
X-Download-Options
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Xss-Protection
Access-Control-Allow-Credentials
X-Runtime
X-AspNet-Version
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Permitted-Cross-Domain-Policies
X-Check
X-Cache-Status
X-Generator
X-DNS-Prefetch-Control
X-Cacheable
X-Ua-Compatible
Timing-Allow-Origin
X-Content-Security-Policy
X-FRAME-OPTIONS
X-Iinfo
Content-Encoding
X-AspNetMvc-Version
Feature-Policy
X-CDN
Status
X-Request-ID
X-Envoy-Upstream-Service-Time
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
Upgrade
Access-Control-Max-Age
X-Via
Keep-Alive
X-Ws-Request-Id
X-AH-Environment
X-Age
X-Robots-Tag
Request-Context
X-Turbo-Charged-By
EagleId
X-Cache-Group
X-Proxy-Cache
Server-Timing
X-Server
X-Backend
X-Hacker
Host-Header
X-Server-Powered-By
Report-To
X-Amz-Request-Id
X-Nginx-Cache-Status
Grace
X-Amz-Id-2
X-UA-Device
X-Dns-Prefetch-Control
X-Rq
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-Page-Speed
X-LiteSpeed-Cache
Cf-Railgun
X-Pingback
X-OneAgent-JS-Injection
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Device
NEL
X-CST
X-Amz-Version-Id
X-Cache-Spec
Allow
X-Vhost
X-Host
X-Backend-Server
X-WebKit-CSP
X-Server-Id
X-ASPNET-VERSION
X-Dispatcher
Xkey
EagleEye-TraceId
Surrogate-Control
X-Node
Request-Id
X-Response-Time
Content-Location
X-Akam-SW-Version
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Ruxit-JS-Agent
Accept-CH
X-Cache-Lookup
P3p
X-Application-Context
X-Country
X-Ac
X-Mod-Pagespeed
X-Cloud-Trace-Context
Accept-Ch-Lifetime
X-Template
X-Readtime
X-Language
X-B3-TraceId
Accept-Ch
MS-Author-Via
Accept-CH-Lifetime
X-HW
Rating
X-Url
X-Cnection
X-MS-InvokeApp
X-Origin-Cache
X-PC
X-TtlSet
X-Vname
Edge-Control
X-Clacks-Overhead
X-ESI
X-GitHub-Request-Id
X-Trace
X-Webkit-CSP
Pagespeed
Display
Response
X-Content-Type
X-Sol
X-Middleton-Response
X-Middleton-Display
X-D2id
Arr-Disable-Session-Affinity
Verso
X-Exp-Id
X-Cdn-Fetch
X-Exp-Variant
X-Kinja-Build
X-Use-Magma
X-Kinja-Server
X-Kinja-Revision
X-Kinja
X-GoogleNews-Bot
X-Varnish-TTL
X-Vcap-Request-Id
X-ORACLE-DMS-RID
X-Powered-By-Plesk
X-Country-Code
X-Rack-Cache
X-Goog-Hash
X-ORACLE-DMS-ECID
X-Navigation-Version
X-VARITI-CCR
X-TTL
X-Server-Name
X-FastCGI-Cache
X-Amz-Rid
X-Abt-Application-Version
Service-Worker-Allowed
X-Fastly-Request-ID
Fastly-Restarts
X-Client-IP
X-Cached
X-Buckets
X-Release
X-MSEdge-Ref
X-Cache-TTL
X-Element-Page-Cache
X-Dw-Request-Base-Id
X-NF-Request-ID
Cache-Tag
SPRequestGuid
X-SharePointHealthScore
MRF-Tech
Mrf-Cache-Status
X-B3-TraceId-Primal
Access-Control-Request-Method
Public-Key-Pins
SPIisLatency
SPRequestDuration
RTSS
X-Oneagent-Js-Injection
AR-ATIME
AR-PoweredBy
AR-CACHE
AR-Request-ID
Ar-Sid
X-Edge
X-Ezoic-Cdn
X-Pinterest-Rid
X-LLID
Pinterest-Generated-By
Pinterest-Version
X-Powered-CMS
X-Upstream
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Version
X-Litespeed-Cache
S
Content-MD5
X-Jurisdiction
X-HP-Webp
X-MCACHE
X-ECACHE
X-Mid
X-Recruiting
X-Kinsta-Cache
Charset
X-Mg-S
X-Origin-Upstream-Status
X-DynaTrace
X-PressLabs-Stats
X-T
X-Content-Digest
Fusion-Content-Id
Fusion-Deployment-Id
Cache-Tags
Fusion-Template-Id
Fusion-Content-Source
Fusion-Source
Fusion-Component-Id
X-Ttl
X-Ruxit-Js-Agent
X-Accel-Expires
Fastcgi-Cache
X-Px
X-Forwarded-Proto
X-Id
X-Logged-In
X-Content-Security-Policy-Report-Only
Filters
TP-Cache
TP-L2-Cache
Edge-Cache-Tag
Server-Node
Server-Name
X-Amz-Server-Side-Encryption
Front-End-Https
TCN
X-Forwarded-For
MicrosoftSharePointTeamServices
X-Request-Processing-Time
X-Request-Received
Nginx-Cache
X-Grace
X-Correlation-Id
X-Fastcgi-Cache
X-Shield-Request-Id
X-Hits
X-Amzn-Trace-Id
X-B3-Sampled
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
Alternate-Protocol
X-Microsite
X-Request-Handler-Origin-Region
X-XRDS-Location
X-Activity-Id
X-Az
X-AppVersion
X-Debug
X-HS-Hub-Id
X-HS-Cache-Config
X-HS-Combine-CSS
X-HS-Content-Id
X-Varnish-Age
X-F-Cache
X-Amz-Replication-Status
X-Server-ID
X-Origin-Server
X-NWS-LOG-UUID
X-Goog-Generation
X-Goog-Metageneration
X-GUploader-UploadID
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Yandex-Sdch-Disable
X-Goog-Storage-Class
Surrogate-Key
X-Rid
X-Frontend
Host
X-DIS-Request-ID
X-Geo-Country
X-Cache-Age
Accept-Charset
Section-Io-Cache
Nel
X-Ser
X-Git-Hash
Realpath
X-Daa-Tunnel
X-XRDS-LOCATION
X-Time
X-VCache
Access-Control-Allow-Method
X-Hostname
X-Respond-Thread
X-Mobile-URL
X-Source
X-Seen-By
MS-CV
X-RateLimit-Remaining
X-Upgrade-Enabled
X-LB-Cache
Paypal-Debug-Id
Cleartype
ServerID
X-Type
X-AOL-HN
X-DataDome
X-TT
X-IPLB-Instance
X-Varnish-Backend
Healthy
X-Content-Options
Payment
X-Signature
X-Whom
X-Route-Name
X-B-Cache
X-Aspnet-Duration-Ms
X-Debug-Info
X-Is-Crawler
X-Providence-Cookie
X-Request-Guid
X-Flags
X-Cache-Action
X-Page-Id
X-Load-Cache
X-Contextid
X-App-Environment
Fastcgi-Useragent
X-Cache-Key
X-N
X-FB-Debug
X-Jobs
X-WebKit-CSP-Report-Only
Cache
Node
X-Erf-Bev-Bev
X-Browser-Type
X-Erf-Bev-Bev-Is-Generated
X-Rule
X-Mobile
X-Webkit-Csp
X-FTR-Request-ID
X-Cache-Expired-At
Refresh
X-Wix-Request-Id
Viewport
X-Response-Served-From
X-Original-Request-Id
X-Accel-Buffering
X-FireWall-Port
X-RTag
Ms-Operation-Id
DC
Access-Control-Request-Headers
X-Content-Powered-By
X-Tec-Api-Origin
X-Tec-Api-Version
X-Cluster-Name
X-Tec-Api-Root
X-Cacheable-TTL
X-ProcessESI
X-Real-IP
X-RemovedCookies
X-Instance
X-Framework
X-B
X-Drupal-Cache-Tags
X-Zen-Fury
X-HTML-Minification-Powered-By
X-Distributor
X-Cache-Time
Referer-Policy
X-Region
X-UUID
X-Cache-Control
Eomportal-Instance
Version
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-Proxy
X-Page-View
X-IPS-LoggedIn
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
Countrycode
X-Pinterest-Direct
X-Drupal-Cache-Contexts
X-Debug-IsPreview
X-Debug-IsConnected
X-Www-Served-By
X-FW-Static
X-FW-Hash
X-FW-Dynamic
X-FW-Type
X-FW-Serve
X-FW-Server
X-App-Server
X-G
X-Nginx-Cache
Powered-By-ChinaCache
X-Cached-By
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
X-Cache-Rule
X-Cache-Operation
X-Protected-By
X-Tumblr-User
Liferay-Portal
X-Via-JSL
Xserver
X-Akamai-Edgescape
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Cache-Hit
X-Environment-Context
X-L-Path
X-Pass-Why
SRV
X-Varnish-Grace
Section-Io-Id
Section-Io-Origin-Status
X-Device-Type
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
Server-Info
CF-IPCountry
DynaTrace
X-User-Agent
X-Adobe-Content
X-Adobe-Loc
GEO-INFO
X-Varnish-Server
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TA-CDN-Provider
X-TEC-API-VERSION
Cache-Status
From-Origin
Retry-After
X-Tumblr-Pixel-2
X-Mode
Webserver
Ec-Rule-Version
Frame-Options
X-Handled-By
Meta-Geo
X-UPSTREAM-Address
X-Hl-Ver
X-RN-RSRV
X-ES-SERVER
X-Endurance-Cache-Level
X-FB-TRIP-ID
X-Backend-Name
Cache-Tv-Group
X-MP-GENERATED-AT
X-Request-Time
X-Uri
X-Be
X-BYPASS-REASON
X-Cache-Server
X-Varnishpool
Fastly-SSL
X-NYM-Debug-Backend
Webcakes-App-Version
TWC-Locale-Group
TWC-GeoIP-LatLong
TWC-GeoIP-Country
TWC-Connection-Speed
X-Origin-Hint
TWC-Device-Class
X-ProxyCache-Key
Property-Id
Webcakes-Region
Webcakes-App-Name
X-ProxyCache-Status
TWC-Privacy
X-PHP-Host
Selected-Fe
X-Ratelimit-Limit
X-Proto
X-Labrador-Cache-Channel
X-Human
X-R9-Blue-Green-Version
X-Storage
Mn-Server-Ip
X-LJ-Flow-ID
X-Proxy-Build
X-Section
X-UA-Device-Type
Country
X-Server-W
X-No-Session
X-Via-Fastly
X-Soup
X-Access
X-Format
X-AWS-Id
X-OCL
X-WA-Info
X-Pubstack
X-Timing-Wait
X-Origin-Date
X-PCL
X-VWS-Id
Cache-Name
Apigw-Requestid
X-ApacheServer
X-Cache-TTL-Remaining
Decoy-Debug-TTL
Uber-Trace-Id
Decoy-Debug-Status
Decoy-Debug-Key
Protected
X-Proxy-Cache-Status
X-Xfnlog-Site
X-TNCMS
X-Web-Node
X-Zipkin-Id
X-PERF
X-Routing-Service
X-Loop
X-Varnish-Ttl
X-Sql-Count
X-S-Maxage
X-Proxied
X-Sql-Duration-Ms
X-Info
X-Sorting-Hat-PodId
X-Shopify-Stage
X-Say-TTL
X-Storefront-Renderer-Rendered
X-Say-Cacheable
X-SayCDN-TTL
X-ShardId
X-Alternate-Cache-Key
X-Status
AMP-Access-Control-Allow-Source-Origin
X-Sorting-Hat-ShopId
X-ShopId
Azure-RegionName
X-Hyper-Cache
X-LAGOON
Azure-SiteName
Azure-SlotName
X-Hosted-By
Azure-InstanceId
Azure-Version
X-Redis-Cache
X-GG-Cache-Date
X-Locale
X-Cache-Enabled
X-Site-Version
X-FW-Version
X-Content-Age
X-Rendered-As
X-Is-Bot
X-NWS-UUID-VERIFY
X-Microcachable
X-Cluster
X-Backend-Host
X-App-Version
X-Azure-Ref
S-Cnection
X-Forwarded-Host
X-Cache-Grace
X-AIR-PT
X-SRV
X-TT-LOGID
X-Dc
X-Qloud-Router
X-Platform
X-CSRF-Token
X-Node-Name
X-Via-CDN
Akamai-GRN
X-Trace-Id
X-Ratelimit-Remaining
Amp-Access-Control-Allow-Source-Origin
X-Revision
ServedBy
X-CCM
X-ATG-Version
X-Varnish-Hostname
Cache-Hits
X-Aspnetmvc-Version
X-Cache-NGX
X-RCS-CacheZone
X-Cache-PHP
X-EdgeConnect-Cache-Status
X-Debug-Cache
X-CACHE-KEY
X-Correlation-ID
X-Cache-Host
X-Detected-As
DB-Nickname
X-Amz-Apigw-Id
X-Akamai-Transformed
X-Amzn-Remapped-Content-Length
X-B3-SpanId
X-Amzn-RequestId
X-CS
X-TX-ID
Who
Country-Code
X-Adobe-Source
HostName
SD-X-WS
X-BCube-Filmed-By
Filterid
X-Nc
X-Country-Code-Real
X-Cdn
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Oss-Request-Id
X-Oss-Server-Time
X-Oss-Storage-Class
X-FTR-Balancer
X-FTR-DC
X-FTR-Realm
X-FTR-Cache-Status
X-Varnish-Beresp-Grace
X-FTR-Backend
X-FTR-Backend-Server
X-RateLimit-Limit
X-Ms-Version
X-Ms-Request-Id
X-Time-Microsecs
X-B-Cookie
X-Cache-NE
X-Aed
Machine
X-Application
X-ARC
Expiry
DCR-Decision-By
X-CF-Lambda-Version
X-A-Wwc
DCR-Processing-Time-Ms
X-CF-Lambda-Fn
Fastcgi-X-Cache-Version
X-A-Dam
X-A
X-A-Ccd
Odigeo-Trace-Id
Rendered-Blocks
T-Server
Mobile-Detection-Method
X-Varnish-Beresp-Ttl
X-A-Dgt
X-A-Dcw
BehaviorPad-Version
Meta-Geo-Continent
MD5-Digest
X-Destination
X-Level-Front-Cache
X-Location
X-NAPM-TraceId
X-Rewrite-Enabled
X-Magnolia-Registration
X-PAYTM-SRV-ID
X-Trv-Group
X-Owner
X-Rojux
X-Session-Fingerprint
X-ScT
X-S-Cookie
X-Origin-TTL
X-Origin-CC
X-S
X-SRCache-Key
X-Vdms-Version
X-Vdms-Path
X-Request-UUID
X-External-Request-Id
X-VG-WebCache
X-Vtex-Remote-Cache
X-Processor
X-Connection-Hash
X-D
X-VG-WebServer
X-Vtex-Processado-Em
X-Generation-Time
X-Generated-On
X-From
X-PBS-Appsvrname
Backend
X-EC-Lua
X-ServerID
X-Varnish-Beresp-Status
X-Unique-Id
X-Backend-TTL
Magicmarker
X-Reqid
X-Thinkindot-L3
Content-Disposition
Cf-Device-Type
CacheControlHeader
Arc-Version
X-Tumblr-Pixel-3
X-TrackingId
Gh-Request-Id
X-Thanos
Fastly-Backend-Name
Host-ID
Release
X-Geo-Header
X-Generated-In
X-GeoIP-City
X-Has-Esi
Wxu-Next-Hostname
Wxu-Next-Region
X-Fetched-On
X-Azure-Ref-OriginShield
X-Developers
AKAMAI
X-Device-Os
X-Cache-Bucket
X-FC-Vary-Parameters
X-Bip
Wxu-Next-Commit
X-Is-Gdpr
X-OVcl-Cache
Server-Host
X-Cms-Context
PB-RID
Pagetype
PB-PID
Ssr
X-OVcl
UCS
X-JWT-State
Thinkindot-Control
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
X-Policy
X-Core-Value
X-Amz-Meta-S3cmd-Attrs
X-Varnish-Cache-Hits
X-DynaTrace-JS-Agent
X-GEO
X-Unique-ID
V-Age
X-Platform-Server
X-B3-Traceid
X-Node-Id
X-Nginx-Cache-Key
X-NU-AKA-ACS-Version
X-Origin
X-Origin-Expires
X-Ratelimit-Reset
Sever-Int
On-Server
Origin
X-SIPLIST1
NM-Fastcgi-Cache
NGX
Path
X-Scheme
Server-Hostname
X-Backend-State
Server-Ext
Platform
PFcat
X-Rebelmouse-Surrogate-Control
X-Micro-Cache
X-Developer
X-GoCache-CacheStatus
X-DefHash
X-DefElseHash
X-Csrf-Jwt
X-Dispatcher-Server
X-DPWN-IS-SECURE
X-Fastly-Backend
X-Fastly-Cache
X-Eu-Site
X-Envoy-Decorator-Operation
X-GeoIP
X-HN
X-Clientip
X-LI-UUID
X-Cache-Debug
X-Method
X-Branch-Name
X-Skip-Cache
X-Li-Pop
X-Li-Fabric
X-HS-Content-Campaign-Id
X-CGP
X-IP
X-Irp-Debug
X-Cache-Tags
X-Mvc-Supplant-Cachable
X-Rebelmouse-Cache-Control
X-Varnish-CookieINHashed-On
X-Varnish-CookieHashed-On
Esi-Enabled
X-Varnish-Remaining-TTL
X-VarnishDD-TTL
Fastly-SIE
Fastly-SWR
Ha-Gx-Prefs
X-User
X-Var-Ttl
X-Variation
Cf-Bgj
CDN-Uid
Cache-Host
CDCHOST
C-Via
Adler-Geo
X-VServer
CDN-Cache
CDN-CachedAt
CDN-RequestId
CDN-RequestCountryCode
CDN-PullZone
CDN-EdgeStorageId
HA-Ipaddr
DSUID
IsBot
Is-Eu
Locid
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
Location
L5d-Success-Class
X-Sucuri-ID
User-Cache-Control
X-Tb
X-FTR-Expires
X-Hash
X-Cache-Id
X-Cache-Info
X-Wikidot-Static-Cache
X-LB-ID
X-Hnp-Log
X-Clara-WADP
Xc-Version
X-VG-TLSProxy
X-Esi-Check
X-Epic-Correlation-Id
NGB
X-Fmm-Version
X-Gen-Mode
X-Gamma-Serve
Apple-News-Services-Handled
Apple-News-Services-Host
X-Swa-Ws
X-WADP-Cache
X-Gzip
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
X-Air-Hostname
L
X-Aicache-OS
X-Origin-Response-Time
X-Generated-By
X-Varnish-Hits
Fastly-Drupal-HTML
Rt-Fastcgi-Cache
X-Wikidot-Backend
X-Old-Content-Length
X-Request-URI
X-Request-Host
True-Client-Country-4JS
Vix-Hermes-Req-Id
Web-Mar-Node
X-Block-Status
X-NewRelic-App-Data
X-ID
X-Planisys-CDN-TTL
X-Goog-Meta-Goog-Reserved-File-Mtime
Tracecode
X-Slack-Backend
X-Loc
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-Cdn-Forward
X-Servername
Cmsid
X-PF-Uncompressing
X-Varnish-Url
X-Via-Popn
Cmstype
Pics-Label
X-Mvc-Supplant-OutputCached
X-Via-Popv
X-Via-Poph
X-APP-VERSION
X-Edge-Location-Klb
X-Server-Lifecycle-Phase
X-Kraken-Routeconfig-Destination
X-Kraken-Loop-Name
X-Instrumentation
X-Cache-Var-Map
X-Refresh
X-Served-From
Instruction
Req-Svc-Chain
X-Cache-Var
SR-User-Adfree
Url
A
Svr
X-CUA
X-Vgn-Hpd-Reason
Kp-EeAlive
Geo-Info
VivaBuild
X-Matched-Rule
Viewtype
M-TraceId
Sid
Lfy
X-TraceId
Cross-Origin-Opener-Policy
CloudFront-Viewer-Country
X-SaId
X-Webkit-CSP-Report-Only
X-JoinUs
X-Cache-Expires
X-PHP-Backend
X-Cdn-Origin
Arc-Country
X-Sn-Servicetimems
X-NGENIX-Cache
Cache-Key
X-Edge-Location
X-Cache-Backend
Pramga
Tcn
TDXMobile
MIME-Version
X-Tb-Optimization-Total-Bytes-Saved
X-NCache
X-CDN-Forward
SID
DataCenter
X-Srv
X-Vc
X-DC
X-Cache-Date
X-Core-Mission
X-NC
Server-ID
X-Request-Start
X-CLOUD-TRACE-CONTEXT
X-Servedbyhost
Content-Secure-Policy
X-Service
X-Extlb
NtCoent-Length
X-Wa
X-Internal-Host
X-FireWall-Protection
Source
Geoip-Latitude
GeoIp-Country-Code
X-Bc-Bl
X-Error
CACHE
X-HS-Status
X-Varnish-Cacheable
X-B3-Spanid
X-Vcl-Version
X-LI-Proto
FSS-Cache
X-Forwarded-Site
X-Via-NSCOPI
X-Proxy-Upstream
X-Geo
X-Response-By
Memcached
X-Air-Source
X-Esi
LB
X-Req
Surrogated-Key
X-VHOST
X-Newrelic-Synthetics
X-VC-Cache
Xkeyi7
Resin-Trace
We-Hiring
Mail-Subject
X-Li-Proto
X-Accel-Expires-Debug
X-Proxy-Cachei7
X-Date
X-PJAX-URL
X-LiteSpeed-Cache-Control
X-HOST
GeoIP-Country-Code
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
GeoIP-Latitude
X-BBXSRF
X-CCDN-Origin-Time
X-Hcs-Proxy-Type
Env
X-CCDN-CacheTTL
HitType
Server-Ttl
Hostname
N-Cache
Request-ID
X-VCL-Version
Upgrade-Insecure-Requests
CF-Cached-On
X-Zone
X-Sigma-Backend
X-Men
X-Sigma
X-App
X-RSL
X-TIM-N
X-Rocket-Build-Number
Time
X-DI
Memory
X-RPM
X-DSS
X-DB
X-RPS
X-DW
X-WA
X-Viewer-Country
X-APP
X-RAMCache
X-Cache-2
X-HostName
X-Cache-ASPX
X-Contensis-Viewer-Groups
X-ServedByHost
X-Cs
X-MSEdge-Features
S-Rt
X-Cc-Via
D-Cc-Upstream
X-Svr
X-Cc-Req-Id
X-Varnish-Authentication
X-MSEdge-Flight
XServer
X-ZONE
X-Mg-Request-UUID
ProcessTime
X-Action
X-Air-Trace-Id
X-UA
CPC-Cache
VNS-Cache
CPC-Age
VNS-Age
X-Cache-Remote
Cteonnt-Length
X-Origin-Time
X-API-Version
X-FPC
X-Nyt-Route
X-Oss-Cdn-Auth
State
My-App
X-Server-IP
Fastcgi-Cache-TTL
X-Cache-Config
X-Gdpr
Server-Id
X-Fpc
X-Region-Sid
Cross-Origin-Window-Policy
X-Sucuri-Cache
X-Dynatrace-Js-Agent
X-Swift-Error
Ohc-File-Size
X-Provided-By
W
X-FORWARDED-FOR
X-Depends-On
X-Minions-Version
Cache-Provider
X-CF-Powered-By
Mime-Version
Srv
X-Cdn-Request-ID
X-Akamai-Pragma-Client-IP
CDN
X-SN
X-Ftr-Cache-Host
X-Check-Cacheable
X-BACKEND-TTL
X-CSRF-TOKEN
X-Erf-Stays-Bingo-Pdp-Web
X-Dw-Trace-Id
X-URL
X-Cache-Ttl
X-NodeID
X-VC
X-TIME
X-UnsetCookies
X-Client-Ip
Ohc-Cache-HIT
X-ServerName
X-Xrds-Location
X-Host-Name
Cf-Ipcountry
X-Flog
X-SB
X-Webstats-RespID
X-Parent-Response-Time
Cdn
X-ABtesting
X-Fastly-Request-Id
X-Hello
Proxy-Connection
X-SD-PageType
X-Cache-Type
OT-Force-Account-Verify
Vha6-Origin
X-Shop-Environment
X-Forwarded-Path
X-Fastly-Backend-Reqs
Dnion-Transfer-Encoding
X-Snapshot-Date
Media-Length
X-Pad
X-NGINX-Cache
X-ND-Cache
X-Orig-Expires
X-Pf-Uncompressing
X-Cluster-Node
X-BBC-Edge-Cache-Status
X-Presslabs-Stats
X-Tenant
X-Oracle-DMS-ECID
X-Via-PopV
X-Via-PopH
X-ElasticPress-Search
X-Cache-Tag
X-Via-PopN
X-Render-Time
PICS-Label
Epwk-X-Cache
X-Air-Pt
X-LiteSpeed-Tag
EpKe-Alive
X-Vcache
X-Varnish-URL
X-C
X-Request-URL
X-Acquia-Application-UUID
X-Acquia-Purge-Tags
X-Acquia-Site
X-Acquia-Application-Trace
X-BBC-Origin-Response-Status
X-Varnish-Beresp-TTL
X-Lb-Id
Xet-Cookie
X-MiniProfiler-Ids
X-Akamai-ERPolicy
X-Akamai-ERRuleID
X-Ms-Meta-Originalurl
Warning
X-Traceid
WZWS-RAY
X-Ms-Meta-Staticbatchstarttime
X-Ftr-Request-Id
CountryCode
Datacenter
X-Ua
X-Apw-Access-Object
X-Apw-Access-Action
X-Pjax-Url
X-Mg-Request-Id
X-Cache-Status-Check
X-Apw-Access-Token
X-Worker
X-Apw-Hits
X-Yottaa-OS
X-Redis-Duration-Ms
X-Auto-Login
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-ElasticPress-Query
Ohc-Response-Time
X-B3-Parentspanid
NnCoection
Phost
Processtime
URI
X-Litespeed-Cache-Control
Content-Script-Type
Content-Style-Type
X-Amz-Meta-Cb-Modifiedtime
X-Tid
X-Redis-Count
Environment
Inserted-Into-Cache-At
X-Storefront-Renderer-Verified