Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-RAY
CF-Cache-Status
X-XSS-Protection
Accept-Ranges
Link
Pragma
ETag
Expect-CT
X-Powered-By
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
Alt-Svc
X-UA-Compatible
X-Served-By
X-Timer
X-Request-Id
X-Download-Options
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-Runtime
X-AspNet-Version
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Permitted-Cross-Domain-Policies
X-Check
X-Xss-Protection
X-Cache-Status
X-Generator
X-DNS-Prefetch-Control
X-Cacheable
X-FRAME-OPTIONS
Timing-Allow-Origin
X-Content-Security-Policy
X-Ua-Compatible
X-Iinfo
Content-Encoding
X-CDN
X-Request-ID
Feature-Policy
X-AspNetMvc-Version
Status
X-Envoy-Upstream-Service-Time
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
Upgrade
Access-Control-Max-Age
X-Via
Keep-Alive
X-Ws-Request-Id
X-Age
X-AH-Environment
X-Robots-Tag
X-Turbo-Charged-By
Request-Context
EagleId
X-Cache-Group
X-Proxy-Cache
Server-Timing
X-Server
X-Backend
X-Hacker
Host-Header
X-Server-Powered-By
Report-To
X-Amz-Request-Id
X-Nginx-Cache-Status
Grace
X-Amz-Id-2
X-UA-Device
X-Dns-Prefetch-Control
X-Rq
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-LiteSpeed-Cache
X-Page-Speed
Cf-Railgun
X-Pingback
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-OneAgent-JS-Injection
X-Device
X-Amz-Version-Id
X-CST
X-Cache-Spec
X-Vhost
NEL
X-WebKit-CSP
Allow
X-Host
X-Backend-Server
X-ASPNET-VERSION
Xkey
X-Server-Id
X-Dispatcher
EagleEye-TraceId
Surrogate-Control
X-Node
Request-Id
X-Response-Time
Content-Location
X-Akam-SW-Version
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
P3p
X-Cache-Lookup
X-Ruxit-JS-Agent
X-Application-Context
Accept-CH
X-Country
X-Ac
Accept-Ch-Lifetime
X-Mod-Pagespeed
X-Cloud-Trace-Context
X-Template
Accept-Ch
X-Readtime
X-Language
X-B3-TraceId
MS-Author-Via
Rating
X-Url
X-HW
Accept-CH-Lifetime
X-Cnection
X-MS-InvokeApp
X-Origin-Cache
X-TtlSet
X-PC
X-Vname
Edge-Control
X-Clacks-Overhead
X-GitHub-Request-Id
X-ESI
X-Trace
Display
X-Middleton-Response
Pagespeed
Response
X-Sol
X-Middleton-Display
X-Content-Type
X-D2id
Verso
Arr-Disable-Session-Affinity
X-ORACLE-DMS-RID
X-Kinja-Build
X-Kinja-Revision
X-GoogleNews-Bot
X-Exp-Variant
X-Cdn-Fetch
X-Exp-Id
X-Kinja-Server
X-Kinja
X-Use-Magma
X-ORACLE-DMS-ECID
X-Varnish-TTL
X-Goog-Hash
X-Vcap-Request-Id
X-Country-Code
X-Powered-By-Plesk
X-Rack-Cache
X-Navigation-Version
X-VARITI-CCR
X-Server-Name
X-Oneagent-Js-Injection
Service-Worker-Allowed
X-Amz-Rid
X-TTL
X-Abt-Application-Version
X-Fastly-Request-ID
Fastly-Restarts
X-Client-IP
X-Buckets
X-Cached
X-Cache-TTL
X-FastCGI-Cache
X-MSEdge-Ref
X-Release
X-Element-Page-Cache
X-Dw-Request-Base-Id
X-NF-Request-ID
X-Webkit-CSP
X-SharePointHealthScore
SPRequestGuid
MRF-Tech
X-B3-TraceId-Primal
Mrf-Cache-Status
Public-Key-Pins
SPRequestDuration
Access-Control-Request-Method
SPIisLatency
RTSS
Cache-Tag
X-Pinterest-Rid
Pinterest-Generated-By
Pinterest-Version
X-Edge
AR-Request-ID
AR-ATIME
AR-CACHE
AR-PoweredBy
Ar-Sid
X-Ezoic-Cdn
X-Powered-CMS
X-LLID
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Upstream
X-Version
Content-MD5
X-HP-Webp
X-Jurisdiction
S
X-Recruiting
X-Mid
X-MCACHE
X-Origin-Upstream-Status
X-ECACHE
Charset
X-DynaTrace
X-Kinsta-Cache
X-Mg-S
X-PressLabs-Stats
Fusion-Content-Id
X-Ttl
Fusion-Source
X-Ruxit-Js-Agent
Fusion-Content-Source
Fusion-Component-Id
Fusion-Template-Id
Fusion-Deployment-Id
X-Content-Digest
X-T
X-Px
Cache-Tags
Fastcgi-Cache
X-Accel-Expires
X-Litespeed-Cache
X-Fastcgi-Cache
X-Forwarded-Proto
X-Logged-In
X-Content-Security-Policy-Report-Only
Filters
Edge-Cache-Tag
Server-Node
TCN
TP-Cache
X-Amz-Server-Side-Encryption
TP-L2-Cache
X-Id
Server-Name
MicrosoftSharePointTeamServices
Front-End-Https
Nel
X-Correlation-Id
X-Forwarded-For
X-Grace
Nginx-Cache
X-Request-Received
X-Request-Processing-Time
X-Hits
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-XRDS-Location
X-Amzn-Trace-Id
X-Server-ID
X-Shield-Request-Id
X-B3-Sampled
X-Request-Handler-Origin-Region
X-Debug
X-Microsite
Alternate-Protocol
X-Varnish-Age
X-AppVersion
X-Az
X-Activity-Id
X-HS-Hub-Id
X-HS-Cache-Config
X-HS-Content-Id
X-HS-Combine-CSS
X-F-Cache
X-Amz-Replication-Status
X-Yandex-Sdch-Disable
X-GUploader-UploadID
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Origin-Server
X-Goog-Generation
X-Goog-Metageneration
Surrogate-Key
X-NWS-LOG-UUID
X-Frontend
X-Ser
X-Rid
Accept-Charset
X-DIS-Request-ID
Host
X-Cache-Age
X-Geo-Country
X-XRDS-LOCATION
Section-Io-Cache
X-Git-Hash
X-Hostname
X-Time
X-Daa-Tunnel
X-Respond-Thread
X-RateLimit-Remaining
Access-Control-Allow-Method
X-VCache
X-Upgrade-Enabled
X-DataDome
X-Mobile-URL
MS-CV
X-Source
X-Type
Paypal-Debug-Id
ServerID
X-LB-Cache
X-Seen-By
X-AOL-HN
X-Varnish-Backend
X-Content-Options
X-Cache-Action
Cleartype
X-TT
Payment
Healthy
X-Whom
X-App-Environment
X-IPLB-Instance
X-Request-Guid
X-Route-Name
X-Signature
X-B-Cache
X-Debug-Info
X-Providence-Cookie
X-Flags
X-Is-Crawler
X-Aspnet-Duration-Ms
X-Cache-Key
Realpath
X-Page-Id
Cache
X-Load-Cache
X-WebKit-CSP-Report-Only
X-Contextid
X-N
X-Jobs
Fastcgi-Useragent
X-FB-Debug
X-FTR-Request-ID
X-Webkit-Csp
X-Erf-Bev-Bev-Is-Generated
X-Pinterest-Direct
X-Erf-Bev-Bev
X-Browser-Type
Node
X-Mobile
X-Rule
Refresh
X-Cache-Expired-At
X-Accel-Buffering
X-Response-Served-From
X-Original-Request-Id
X-RTag
DC
Ms-Operation-Id
X-Cluster-Name
Version
X-Framework
X-Content-Powered-By
Viewport
Access-Control-Request-Headers
X-Cacheable-TTL
Powered-By-ChinaCache
X-Zen-Fury
X-Drupal-Cache-Tags
Referer-Policy
X-UUID
X-Wix-Request-Id
X-Proxy
X-HTML-Minification-Powered-By
X-Instance
X-RemovedCookies
X-B
X-FireWall-Port
X-Real-IP
X-Cache-Control
X-ProcessESI
VIX-Pulpo-Upstream-Status
X-Cache-Time
X-Region
X-Tt-Trace-Tag
Eomportal-Instance
X-Distributor
X-Tt-Trace-Host
X-IPS-LoggedIn
VIX-Pulpo-Node
X-Page-View
X-Drupal-Cache-Contexts
Countrycode
X-Via-JSL
X-FW-Static
X-FW-Type
X-FW-Serve
X-FW-Hash
X-FW-Dynamic
X-FW-Server
X-Cached-By
X-Cache-Operation
X-Cache-Rule
Liferay-Portal
X-G
X-Yottaa-Metrics
X-Tumblr-User
X-Debug-IsPreview
X-Yottaa-Optimizations
X-Tumblr-Pixel
X-App-Server
X-Akamai-Edgescape
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
X-Debug-IsConnected
X-Nginx-Cache
X-Tec-Api-Version
X-Tec-Api-Root
X-Cache-Hit
X-Tec-Api-Origin
X-Pass-Why
X-Environment-Context
X-L-Path
Xserver
X-Www-Served-By
X-TEC-API-ROOT
X-TEC-API-VERSION
SRV
X-Protected-By
X-TEC-API-ORIGIN
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
Section-Io-Id
Section-Io-Origin-Status
Server-Info
DynaTrace
X-Device-Type
CF-IPCountry
X-Varnish-Grace
X-User-Agent
GEO-INFO
Webserver
From-Origin
X-Tumblr-Pixel-2
X-Mode
Ec-Rule-Version
X-Adobe-Loc
X-Adobe-Content
Retry-After
X-Handled-By
Meta-Geo
X-Endurance-Cache-Level
X-UPSTREAM-Address
Cache-Status
X-Varnish-Server
X-ES-SERVER
X-RN-RSRV
X-Hl-Ver
X-Uri
Frame-Options
X-MP-GENERATED-AT
X-Varnish-Ttl
Cache-Tv-Group
X-Backend-Name
Apigw-Requestid
Webcakes-Region
X-Origin-Hint
X-PCL
X-PHP-Host
X-OCL
X-Labrador-Cache-Channel
X-FB-TRIP-ID
X-Human
X-ProxyCache-Key
X-ProxyCache-Status
X-Soup
X-Section
X-Storage
X-Varnishpool
X-Pubstack
X-Request-Time
X-Cache-Server
X-BYPASS-REASON
Property-Id
TWC-Connection-Speed
Fastly-SSL
Decoy-Debug-TTL
Decoy-Debug-Key
Decoy-Debug-Status
TWC-Device-Class
TWC-GeoIP-Country
Webcakes-App-Version
X-Access
Webcakes-App-Name
TWC-Privacy
TWC-GeoIP-LatLong
TWC-Locale-Group
Country
X-Format
X-LAGOON
X-LJ-Flow-ID
X-No-Session
Mn-Server-Ip
X-Timing-Wait
X-PERF
X-Via-Fastly
X-UA-Device-Type
X-Server-W
X-S-Maxage
X-Redis-Cache
X-R9-Blue-Green-Version
X-Proxy-Build
Azure-Version
Azure-SlotName
Azure-InstanceId
Azure-RegionName
Azure-SiteName
X-WA-Info
X-VWS-Id
X-Info
X-AWS-Id
X-ApacheServer
X-Be
Selected-Fe
X-NYM-Debug-Backend
X-Say-TTL
X-Say-Cacheable
X-SayCDN-TTL
X-Sql-Duration-Ms
X-Routing-Service
X-Sql-Count
X-Proto
X-Proxied
Protected
Cache-Name
X-Zipkin-Id
X-Cache-TTL-Remaining
X-Status
X-Xfnlog-Site
X-Web-Node
X-Origin-Date
X-Alternate-Cache-Key
X-Locale
X-Sorting-Hat-ShopId
X-Hosted-By
X-Hyper-Cache
X-Loop
X-TNCMS
X-GG-Cache-Date
X-Storefront-Renderer-Rendered
X-ShopId
X-Shopify-Stage
X-Sorting-Hat-PodId
X-Ratelimit-Limit
X-ShardId
X-Site-Version
X-TA-CDN-Provider
X-Proxy-Cache-Status
Uber-Trace-Id
X-Rendered-As
X-FW-Version
X-Is-Bot
X-Cache-Enabled
AMP-Access-Control-Allow-Source-Origin
X-Cluster
X-TT-LOGID
X-NWS-UUID-VERIFY
X-Content-Age
X-Microcachable
S-Cnection
X-Cache-Grace
X-Forwarded-Host
X-AIR-PT
X-Qloud-Router
X-App-Version
X-Dc
X-CCM
X-Node-Name
X-SRV
X-Azure-Ref
X-Backend-Host
X-Revision
X-Platform
X-Via-CDN
X-CSRF-Token
Amp-Access-Control-Allow-Source-Origin
Cache-Hits
Akamai-GRN
X-Aspnetmvc-Version
X-Trace-Id
X-ATG-Version
ServedBy
X-EdgeConnect-Cache-Status
X-Detected-As
X-Varnish-Hostname
X-Cache-Host
X-Cache-NGX
X-Cache-PHP
X-Debug-Cache
X-RCS-CacheZone
X-Amzn-Remapped-Content-Length
X-Amz-Apigw-Id
X-B3-SpanId
X-Amzn-RequestId
X-CS
X-Ratelimit-Remaining
DB-Nickname
X-TX-ID
X-Oss-Request-Id
X-FTR-DC
X-FTR-Cache-Status
X-Country-Code-Real
X-Oss-Server-Time
X-FTR-Balancer
X-Oss-Object-Type
X-Oss-Storage-Class
X-FTR-Backend
X-FTR-Backend-Server
X-Oss-Hash-Crc64ecma
X-FTR-Realm
X-Akamai-Transformed
X-CACHE-KEY
X-ID
SD-X-WS
Who
X-Correlation-ID
X-BCube-Filmed-By
X-Adobe-Source
X-Time-Microsecs
X-RateLimit-Limit
X-Amz-Meta-S3cmd-Attrs
Country-Code
HostName
X-Ms-Version
Backend
X-Ms-Request-Id
Meta-Geo-Continent
Expiry
DCR-Decision-By
X-Vtex-Processado-Em
MD5-Digest
DCR-Processing-Time-Ms
Machine
Mobile-Detection-Method
X-Varnish-Beresp-Grace
Fastcgi-X-Cache-Version
Rendered-Blocks
X-A-Dcw
X-A-Dgt
X-VG-WebServer
X-Varnish-Cache-Hits
X-A-Ccd
X-A
X-A-Wwc
X-Aed
X-B-Cookie
X-Vtex-Remote-Cache
X-A-Dam
T-Server
X-Application
X-ARC
Odigeo-Trace-Id
X-Trv-Group
X-ScT
X-ServerID
X-S-Cookie
X-PAYTM-SRV-ID
X-PBS-Appsvrname
X-SRCache-Key
X-Origin-CC
X-NAPM-TraceId
BehaviorPad-Version
X-S
X-External-Request-Id
X-From
X-Processor
X-Generated-On
X-Generation-Time
X-Request-UUID
X-Rewrite-Enabled
X-Rojux
X-Location
X-Level-Front-Cache
X-Backend-TTL
X-Session-Fingerprint
X-CF-Lambda-Fn
X-Origin-TTL
X-Destination
X-Vdms-Path
X-VG-WebCache
X-Vdms-Version
X-Owner
X-Cache-NE
X-Connection-Hash
X-Nc
X-CF-Lambda-Version
X-D
X-Unique-Id
Filterid
X-GeoIP-City
Pagetype
Path
X-Geo-Header
Release
On-Server
Host-ID
X-HS-Content-Campaign-Id
X-Micro-Cache
X-Mvc-Supplant-Cachable
Magicmarker
Gh-Request-Id
X-OVcl
Fastly-Backend-Name
X-Irp-Debug
Content-Disposition
CacheControlHeader
Thinkindot-Control
X-Core-Value
X-Cms-Context
X-Thanos
X-Developers
Wxu-Next-Region
X-Swa-Ws
X-Thinkindot-L3
X-TrackingId
X-Cache-Info
X-Tumblr-Pixel-3
X-OVcl-Cache
X-Bip
Xc-Version
X-Device-Os
Wxu-Next-Hostname
X-Generated-In
X-Reqid
Thinkindot-CacheControl
Ssr
Server-Host
Thinkindot-CacheControl-Type
X-Fetched-On
V-Age
Wxu-Next-Commit
UCS
X-Cache-Bucket
X-Fastly-Cache
X-Policy
Cache-Host
AKAMAI
X-Varnish-Beresp-Ttl
X-Air-Hostname
Tracecode
X-DynaTrace-JS-Agent
X-B3-Traceid
X-Magnolia-Registration
X-Unique-ID
X-EC-Lua
X-GEO
X-Tb
User-Cache-Control
X-FTR-Expires
X-NewRelic-App-Data
X-Varnish-Beresp-Status
X-Clara-WADP
X-SVT-ORM-VERSION
X-CGP
X-Cache-Debug
X-Cache-Id
X-SVT-ORM-RULES
X-Backend-State
True-Client-Country-4JS
X-VarnishDD-TTL
X-Azure-Ref-OriginShield
X-VG-TLSProxy
Vix-Hermes-Req-Id
Web-Mar-Node
X-Block-Status
X-Skip-Cache
X-User
X-Varnish-Hits
X-Branch-Name
Apple-News-Services-Host
X-Gzip
X-HN
X-GeoIP
X-FC-Vary-Parameters
X-Generated-By
X-Ratelimit-Reset
X-Hnp-Log
X-Origin-Response-Time
X-Cdn-Forward
X-Method
X-Old-Content-Length
X-Origin
X-IP
X-Gen-Mode
X-Has-Esi
X-Dispatcher-Server
X-JWT-State
X-Scheme
X-Developer
X-Csrf-Jwt
Sever-Int
X-Envoy-Decorator-Operation
X-Esi-Check
X-Request-Host
X-Fmm-Version
X-Request-URI
X-Is-Gdpr
X-Eu-Site
X-Sucuri-ID
X-Var-Ttl
L
Location
PB-PID
X-Nginx-Cache-Key
X-Wikidot-Static-Cache
PB-RID
Cf-Bgj
PFcat
DSUID
Esi-Enabled
Ha-Gx-Prefs
NM-Fastcgi-Cache
NGX
HA-Ipaddr
Arc-Version
Origin
Cf-Device-Type
CDN-RequestId
CDN-Uid
Server-Ext
C-Via
CDN-RequestCountryCode
Server-Hostname
Apple-News-Services-Handled
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
CDCHOST
X-WADP-Cache
CDN-EdgeStorageId
CDN-Cache
Locid
L5d-Success-Class
CDN-CachedAt
CDN-PullZone
X-Wikidot-Backend
X-DPWN-IS-SECURE
X-Li-Fabric
IsBot
X-Slack-Backend
X-DefHash
X-Li-Pop
X-Variation
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Gamma-Serve
X-Hash
Is-Eu
X-LB-ID
X-Fastly-Backend
X-Varnish-CookieHashed-On
X-Varnish-Remaining-TTL
Fastly-Drupal-HTML
X-Epic-Correlation-Id
X-Varnish-CookieINHashed-On
X-SIPLIST1
X-VServer
X-Clientip
X-Aicache-OS
X-Origin-Expires
X-NU-AKA-ACS-Version
X-Node-Id
X-Platform-Server
X-Rebelmouse-Cache-Control
Platform
X-Cache-Tags
X-GoCache-CacheStatus
X-DefElseHash
Adler-Geo
X-Rebelmouse-Surrogate-Control
X-LI-UUID
Fastly-SWR
Fastly-SIE
X-Cache-Var-Map
X-Cache-Var
X-Mvc-Supplant-OutputCached
SR-User-Adfree
X-Loc
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
Instruction
X-Varnish-Url
Rt-Fastcgi-Cache
X-Planisys-CDN-Cache
X-APP-VERSION
X-Via-Popv
X-PF-Uncompressing
Pics-Label
X-Via-Poph
X-Via-Popn
X-CUA
NGB
Geo-Info
Req-Svc-Chain
Cmstype
X-Matched-Rule
Cmsid
Url
Lfy
X-Refresh
X-Servername
X-Served-From
Svr
CloudFront-Viewer-Country
X-Cache-Backend
X-Cache-Expires
Kp-EeAlive
Sid
X-NCache
X-Cdn-Origin
X-Sn-Servicetimems
Pramga
Viewtype
VivaBuild
A
M-TraceId
X-Core-Mission
Cache-Key
X-Vgn-Hpd-Reason
X-Cache-Date
MIME-Version
X-TraceId
X-Tb-Optimization-Total-Bytes-Saved
X-Srv
Arc-Country
X-DC
Cross-Origin-Opener-Policy
X-NC
Server-ID
TDXMobile
Source
X-PHP-Backend
X-NGENIX-Cache
X-SaId
SID
X-JoinUs
X-Request-Start
X-CLOUD-TRACE-CONTEXT
X-Edge-Location
X-Webkit-CSP-Report-Only
X-Instrumentation
X-Server-Lifecycle-Phase
X-Servedbyhost
X-Kraken-Loop-Name
X-FireWall-Protection
X-Kraken-Routeconfig-Destination
X-Vc
X-Error
X-Edge-Location-Klb
DataCenter
X-Service
Content-Secure-Policy
X-Wa
X-Varnish-Cacheable
Tcn
X-CDN-Forward
NtCoent-Length
X-B3-Spanid
X-Internal-Host
X-Extlb
X-Air-Source
GeoIp-Country-Code
X-Vcl-Version
X-HS-Status
Geoip-Latitude
X-Response-By
X-Geo
Xkeyi7
X-Bc-Bl
X-Forwarded-Site
X-Esi
FSS-Cache
X-LI-Proto
X-Proxy-Cachei7
CACHE
N-Cache
X-Via-NSCOPI
Resin-Trace
HitType
X-BBXSRF
Server-Ttl
X-HOST
X-LiteSpeed-Cache-Control
LB
X-CCDN-CacheTTL
X-CCDN-Origin-Time
X-Hcs-Proxy-Type
X-Li-Proto
Mail-Subject
X-Req
X-Date
X-Proxy-Upstream
X-Accel-Expires-Debug
We-Hiring
X-VCL-Version
Surrogated-Key
Memcached
X-Cache-2
Hostname
Request-ID
X-RAMCache
X-Viewer-Country
S-Rt
X-TIM-N
X-RateLimit-Remaining-Second
Upgrade-Insecure-Requests
Env
X-Cc-Req-Id
X-Cache-ASPX
X-PJAX-URL
D-Cc-Upstream
X-VC-Cache
X-DB
X-RPS
X-RSL
GeoIP-Latitude
X-RPM
X-DW
X-Cc-Via
X-DI
X-DSS
X-Newrelic-Synthetics
X-RateLimit-Limit-Second
X-Svr
GeoIP-Country-Code
X-Varnish-Authentication
X-Contensis-Viewer-Groups
X-Cache-Remote
X-WA
X-UA
X-Cs
Cteonnt-Length
X-Rocket-Build-Number
X-APP
X-Sigma
X-App
X-Men
X-Sigma-Backend
XServer
Memory
ProcessTime
Time
X-ZONE
X-Sucuri-Cache
X-Server-IP
X-MSEdge-Flight
X-Action
CF-Cached-On
X-MSEdge-Features
Cross-Origin-Window-Policy
X-Air-Trace-Id
Ohc-File-Size
X-ServedByHost
X-Zone
X-Dynatrace-Js-Agent
X-Erf-Stays-Bingo-Pdp-Web
X-HostName
X-Cache-Config
X-API-Version
X-Oss-Cdn-Auth
Server-Id
X-Origin-Time
VNS-Cache
X-Gdpr
X-Nyt-Route
CPC-Age
VNS-Age
X-CF-Powered-By
CPC-Cache
X-FPC
X-Fpc
X-Region-Sid
X-Swift-Error
X-Provided-By
X-Host-Name
Cache-Provider
X-VC
X-FORWARDED-FOR
X-Depends-On
X-NodeID
Mime-Version
X-SN
X-Check-Cacheable
W
Ohc-Cache-HIT
Srv
X-Cdn-Request-ID
Fastcgi-Cache-TTL
X-SB
CDN
X-SD-PageType
X-CSRF-TOKEN
State
X-UnsetCookies
My-App
X-BACKEND-TTL
X-TIME
X-Dw-Trace-Id
X-Ftr-Cache-Host
X-Webstats-RespID
X-Client-Ip
X-ServerName
X-Akamai-Pragma-Client-IP
X-Hello
X-Flog
X-ABtesting
Proxy-Connection
X-Mg-Request-UUID
X-BBC-Edge-Cache-Status
X-Minions-Version
X-Parent-Response-Time
X-Fastly-Backend-Reqs
Cdn
X-Fastly-Request-Id
X-Oracle-DMS-ECID
X-Pf-Uncompressing
X-Pad
X-Snapshot-Date
Dnion-Transfer-Encoding
Media-Length
X-NGINX-Cache
Cf-Ipcountry
EpKe-Alive
X-Presslabs-Stats
X-Cache-Tag
Vha6-Origin
X-Render-Time
X-Acquia-Site
X-LiteSpeed-Tag
X-Acquia-Purge-Tags
X-Air-Pt
X-Acquia-Application-Trace
X-Acquia-Application-UUID
PICS-Label
X-Cache-Type
X-Via-PopH
OT-Force-Account-Verify
X-ElasticPress-Search
Epwk-X-Cache
X-Via-PopV
X-Via-PopN
X-Ms-Meta-Staticbatchstarttime
X-ElasticPress-Query
X-Traceid
X-Ms-Meta-Originalurl
X-Auto-Login
X-Worker
X-Orig-Expires
X-Shop-Environment
X-Tenant
X-ND-Cache
X-Forwarded-Path
Processtime
Warning
X-Cluster-Node
X-Varnish-URL
X-MiniProfiler-Ids
X-Akamai-ERRuleID
X-BBC-Origin-Response-Status
X-Vcache
X-Request-URL
X-Varnish-Beresp-TTL
Xet-Cookie
X-Akamai-ERPolicy
X-Lb-Id
Datacenter
CountryCode
X-Ua
X-Mg-Request-Id
X-Cache-Status-Check
X-Apw-Access-Token
X-Apw-Hits
NnCoection
Environment
X-Pjax-Url
X-Yottaa-OS
WZWS-RAY
X-Apw-Access-Object
X-Redis-Duration-Ms
X-Ftr-Request-Id
Content-Style-Type
X-Amz-Meta-Cb-Modifiedtime
Ohc-Response-Time
X-Redis-Count
X-Tid
Inserted-Into-Cache-At
Phost
URI
X-FTR-Cache-Host
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-B3-Parentspanid
X-Storefront-Renderer-Verified
X-Litespeed-Cache-Control
Content-Script-Type
X-Apw-Access-Action