Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
CF-RAY
Cf-Request-Id
CF-Cache-Status
X-XSS-Protection
Accept-Ranges
Link
Pragma
ETag
Expect-CT
X-Powered-By
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
Alt-Svc
X-UA-Compatible
X-Served-By
X-Timer
X-Download-Options
Access-Control-Allow-Headers
X-Varnish
X-Request-Id
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-Runtime
X-AspNet-Version
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Permitted-Cross-Domain-Policies
X-Check
X-Xss-Protection
X-Cache-Status
X-Generator
X-DNS-Prefetch-Control
X-Cacheable
Timing-Allow-Origin
X-Request-ID
X-Content-Security-Policy
X-Iinfo
X-Ua-Compatible
Content-Encoding
X-CDN
Feature-Policy
X-AspNetMvc-Version
Status
X-Envoy-Upstream-Service-Time
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
Upgrade
Access-Control-Max-Age
X-Via
Keep-Alive
X-Ws-Request-Id
X-Age
X-AH-Environment
X-Robots-Tag
X-Turbo-Charged-By
Request-Context
EagleId
X-Cache-Group
X-Proxy-Cache
Server-Timing
X-Server
X-Backend
X-Hacker
Host-Header
X-Server-Powered-By
Report-To
X-Amz-Request-Id
X-Nginx-Cache-Status
X-Amz-Id-2
Grace
X-UA-Device
X-Dns-Prefetch-Control
X-Rq
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-Page-Speed
X-LiteSpeed-Cache
Cf-Railgun
X-Pingback
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Device
X-Amz-Version-Id
X-OneAgent-JS-Injection
X-CST
X-Cache-Spec
NEL
X-WebKit-CSP
X-Vhost
Allow
X-Host
X-Backend-Server
X-Server-Id
Xkey
X-ASPNET-VERSION
EagleEye-TraceId
X-Dispatcher
Surrogate-Control
X-Node
Request-Id
X-Response-Time
Content-Location
X-Akam-SW-Version
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Cache-Lookup
P3p
X-Application-Context
Accept-Ch-Lifetime
X-Country
X-Ac
X-Ruxit-JS-Agent
Accept-CH
Accept-Ch
X-Mod-Pagespeed
X-Template
X-Readtime
X-Language
X-Cloud-Trace-Context
X-B3-TraceId
MS-Author-Via
X-Url
Rating
X-HW
X-Cnection
Accept-CH-Lifetime
X-MS-InvokeApp
X-Origin-Cache
X-Vname
X-TtlSet
X-PC
Edge-Control
X-Clacks-Overhead
X-ESI
X-GitHub-Request-Id
X-Trace
X-Sol
X-Middleton-Response
Response
X-Content-Type
Display
X-Middleton-Display
Pagespeed
X-D2id
X-ORACLE-DMS-RID
Verso
Arr-Disable-Session-Affinity
X-Oneagent-Js-Injection
X-ORACLE-DMS-ECID
X-Kinja-Revision
X-Kinja-Server
X-Use-Magma
X-Kinja-Build
X-Kinja
X-Exp-Id
X-GoogleNews-Bot
X-Cdn-Fetch
X-Exp-Variant
X-Varnish-TTL
X-Goog-Hash
X-Vcap-Request-Id
X-Country-Code
X-Powered-By-Plesk
X-Rack-Cache
X-Navigation-Version
X-VARITI-CCR
X-Server-Name
Service-Worker-Allowed
X-Amz-Rid
X-Fastly-Request-ID
X-Abt-Application-Version
X-Client-IP
X-Buckets
Fastly-Restarts
X-TTL
X-Cache-TTL
X-Cached
X-MSEdge-Ref
X-Release
X-Element-Page-Cache
X-Dw-Request-Base-Id
X-NF-Request-ID
X-SharePointHealthScore
SPRequestGuid
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
SPRequestDuration
SPIisLatency
Public-Key-Pins
RTSS
Access-Control-Request-Method
Pinterest-Generated-By
X-Pinterest-Rid
X-Webkit-CSP
Pinterest-Version
Cache-Tag
X-FastCGI-Cache
X-Edge
Ar-Sid
AR-CACHE
AR-ATIME
AR-Request-ID
AR-PoweredBy
X-Powered-CMS
X-LLID
X-Ezoic-Cdn
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Upstream
X-Litespeed-Cache
Content-MD5
X-Version
X-Ruxit-Js-Agent
X-HP-Webp
S
X-Jurisdiction
X-Fastcgi-Cache
X-Origin-Upstream-Status
X-Recruiting
X-Mid
X-Ttl
X-ECACHE
X-MCACHE
Charset
X-DynaTrace
X-Mg-S
X-Kinsta-Cache
Fusion-Content-Id
Fusion-Component-Id
Fusion-Content-Source
X-PressLabs-Stats
Fusion-Template-Id
Fusion-Deployment-Id
Fusion-Source
X-Content-Digest
X-Px
X-T
Cache-Tags
Fastcgi-Cache
X-Id
X-Accel-Expires
X-Forwarded-Proto
X-Logged-In
Filters
X-Content-Security-Policy-Report-Only
Server-Node
Edge-Cache-Tag
X-Amz-Server-Side-Encryption
TP-Cache
TP-L2-Cache
MicrosoftSharePointTeamServices
Front-End-Https
Server-Name
X-Correlation-Id
TCN
X-Forwarded-For
X-Grace
Nel
Nginx-Cache
X-Request-Received
X-Request-Processing-Time
X-Kong-Proxy-Latency
X-Hits
X-Kong-Upstream-Latency
X-Amzn-Trace-Id
X-Shield-Request-Id
X-Debug
X-B3-Sampled
X-Microsite
X-Request-Handler-Origin-Region
X-Varnish-Age
X-XRDS-LOCATION
X-Az
X-AppVersion
X-Activity-Id
Alternate-Protocol
X-HS-Combine-CSS
X-HS-Hub-Id
X-HS-Cache-Config
X-HS-Content-Id
X-Amz-Replication-Status
X-F-Cache
X-Yandex-Sdch-Disable
Surrogate-Key
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-Goog-Generation
X-Origin-Server
X-GUploader-UploadID
X-XRDS-Location
X-Ser
X-DIS-Request-ID
X-Frontend
X-Rid
Accept-Charset
X-NWS-LOG-UUID
X-Cache-Age
X-Geo-Country
Host
X-Git-Hash
X-Hostname
Section-Io-Cache
X-Time
X-Respond-Thread
X-Upgrade-Enabled
X-DataDome
X-VCache
Access-Control-Allow-Method
X-Mobile-URL
X-Daa-Tunnel
X-RateLimit-Remaining
MS-CV
X-LB-Cache
Paypal-Debug-Id
ServerID
X-Type
X-AOL-HN
X-Seen-By
X-Source
Cleartype
X-Varnish-Backend
X-Cache-Action
X-Content-Options
X-TT
X-IPLB-Instance
X-App-Environment
Payment
Cache
Healthy
X-Whom
X-Request-Guid
X-Route-Name
X-Signature
X-Providence-Cookie
X-B-Cache
X-Aspnet-Duration-Ms
X-Debug-Info
X-Flags
X-Server-ID
X-Is-Crawler
X-Page-Id
X-WebKit-CSP-Report-Only
X-Load-Cache
Realpath
X-N
X-Cache-Key
X-Jobs
X-Contextid
Fastcgi-Useragent
X-Pinterest-Direct
X-FB-Debug
X-FTR-Request-ID
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Browser-Type
Node
X-Mobile
X-Webkit-Csp
X-Rule
Refresh
X-Cache-Expired-At
Powered-By-ChinaCache
X-Response-Served-From
X-Original-Request-Id
X-Accel-Buffering
Ms-Operation-Id
DC
Version
X-RTag
X-Framework
X-Content-Powered-By
X-Zen-Fury
X-Drupal-Cache-Tags
X-Cacheable-TTL
X-Cluster-Name
Viewport
Access-Control-Request-Headers
X-RemovedCookies
X-Wix-Request-Id
X-UUID
X-B
X-Proxy
X-ProcessESI
X-Instance
X-HTML-Minification-Powered-By
X-Real-IP
Referer-Policy
X-Cache-Control
X-Cache-Time
VIX-Pulpo-Upstream-Status
Eomportal-Instance
X-IPS-LoggedIn
X-Region
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Distributor
X-FireWall-Port
VIX-Pulpo-Node
X-Page-View
X-Drupal-Cache-Contexts
X-Via-JSL
Countrycode
X-Cached-By
X-FW-Hash
X-FW-Static
X-FW-Type
X-Cache-Rule
X-FW-Server
X-FW-Serve
X-Cache-Operation
X-FW-Dynamic
X-Tec-Api-Version
X-Tec-Api-Origin
X-Tec-Api-Root
X-Akamai-Edgescape
Liferay-Portal
X-G
X-Tumblr-Pixel-1
X-Tumblr-User
X-Tumblr-Pixel-0
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Tumblr-Pixel
X-Nginx-Cache
X-Cache-Hit
X-App-Server
X-L-Path
X-Environment-Context
Xserver
X-Pass-Why
X-Www-Served-By
X-Debug-IsConnected
X-Debug-IsPreview
SRV
X-Protected-By
X-TEC-API-ORIGIN
DynaTrace
X-TEC-API-ROOT
X-TEC-API-VERSION
Section-Io-Id
Section-Origin-Responded
Server-Info
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
CF-IPCountry
X-User-Agent
X-Device-Type
X-Varnish-Grace
From-Origin
X-Tumblr-Pixel-2
Webserver
X-Adobe-Loc
X-Mode
X-Adobe-Content
Ec-Rule-Version
Retry-After
Meta-Geo
AMP-Access-Control-Allow-Source-Origin
X-ES-SERVER
X-Handled-By
X-Endurance-Cache-Level
X-UPSTREAM-Address
X-Hl-Ver
X-RN-RSRV
Cache-Tv-Group
X-Backend-Name
Cache-Status
X-Varnish-Server
X-Uri
X-MP-GENERATED-AT
TWC-GeoIP-Country
TWC-Device-Class
Webcakes-App-Name
Webcakes-Region
X-PCL
X-Access
Webcakes-App-Version
TWC-Connection-Speed
TWC-Locale-Group
TWC-Privacy
TWC-GeoIP-LatLong
Fastly-SSL
Frame-Options
Apigw-Requestid
X-Origin-Hint
X-BYPASS-REASON
X-OCL
X-Human
Decoy-Debug-Key
X-Format
Property-Id
Decoy-Debug-TTL
X-Labrador-Cache-Channel
Decoy-Debug-Status
X-FB-TRIP-ID
X-Pubstack
X-ProxyCache-Status
X-ProxyCache-Key
X-Cache-Server
X-Request-Time
X-Varnishpool
X-Storage
X-Section
X-PHP-Host
X-VWS-Id
X-Server-W
X-LAGOON
X-Via-Fastly
X-Timing-Wait
Country
Azure-SlotName
Azure-SiteName
Azure-RegionName
Azure-Version
X-PERF
X-WA-Info
X-LJ-Flow-ID
X-UA-Device-Type
X-Be
X-S-Maxage
Mn-Server-Ip
X-Soup
X-R9-Blue-Green-Version
X-AWS-Id
X-Proxy-Build
X-Redis-Cache
X-NYM-Debug-Backend
Azure-InstanceId
X-ApacheServer
X-Ratelimit-Limit
X-No-Session
Selected-Fe
X-Sql-Count
X-Sql-Duration-Ms
X-Status
Protected
X-SayCDN-TTL
X-Say-TTL
Cache-Name
X-Web-Node
X-Routing-Service
X-Cache-TTL-Remaining
X-Origin-Date
X-Proxied
X-Proto
X-Varnish-Ttl
GEO-INFO
X-Zipkin-Id
X-Say-Cacheable
X-Xfnlog-Site
X-Info
X-Loop
X-ShardId
X-Sorting-Hat-PodId
X-ShopId
X-Shopify-Stage
X-GG-Cache-Date
X-Sorting-Hat-ShopId
X-Site-Version
X-Alternate-Cache-Key
X-Hosted-By
X-Hyper-Cache
X-TNCMS
X-Locale
X-Storefront-Renderer-Rendered
Uber-Trace-Id
X-FW-Version
X-TA-CDN-Provider
X-Rendered-As
X-Is-Bot
X-Dc
X-Proxy-Cache-Status
X-AIR-PT
X-Cluster
X-TT-LOGID
X-Cache-Enabled
S-Cnection
X-Node-Name
X-Content-Age
X-Microcachable
X-Cache-Grace
X-Forwarded-Host
X-Revision
X-Qloud-Router
X-NWS-UUID-VERIFY
X-CCM
X-App-Version
X-Azure-Ref
X-Backend-Host
X-Platform
X-CSRF-Token
X-SRV
Cache-Hits
X-Via-CDN
Akamai-GRN
X-Ratelimit-Remaining
X-Trace-Id
X-ATG-Version
ServedBy
X-Cache-Host
X-Detected-As
X-Aspnetmvc-Version
X-Varnish-Hostname
X-EdgeConnect-Cache-Status
X-Cache-NGX
X-Cache-PHP
X-CACHE-KEY
X-B3-SpanId
X-Amzn-RequestId
X-Debug-Cache
X-Amz-Apigw-Id
X-Amzn-Remapped-Content-Length
X-RCS-CacheZone
X-CS
X-FTR-Realm
X-FTR-Backend
X-Country-Code-Real
X-FTR-Backend-Server
X-FTR-Cache-Status
X-FTR-DC
X-FTR-Balancer
HostName
Amp-Access-Control-Allow-Source-Origin
X-Amz-Meta-S3cmd-Attrs
X-Nc
SD-X-WS
X-TX-ID
DB-Nickname
X-Oss-Object-Type
X-Oss-Request-Id
X-Akamai-Transformed
X-Unique-ID
X-Oss-Storage-Class
X-Oss-Hash-Crc64ecma
X-Oss-Server-Time
X-BCube-Filmed-By
X-Time-Microsecs
X-DynaTrace-JS-Agent
X-Adobe-Source
Backend
X-ServerID
X-Ms-Version
X-Backend-TTL
X-Correlation-ID
X-Ms-Request-Id
Who
X-B-Cookie
X-Generation-Time
X-Application
X-Location
X-Aed
X-Level-Front-Cache
X-ARC
X-A-Wwc
X-Varnish-Cache-Hits
X-A-Dcw
X-D
T-Server
X-A-Ccd
X-Connection-Hash
X-Destination
Fastcgi-X-Cache-Version
Expiry
X-Varnish-Beresp-Grace
X-A
DCR-Processing-Time-Ms
Country-Code
X-From
DCR-Decision-By
X-A-Dam
X-Generated-On
BehaviorPad-Version
X-Cache-NE
X-External-Request-Id
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-A-Dgt
X-NAPM-TraceId
X-Session-Fingerprint
Machine
X-SRCache-Key
Tracecode
X-Air-Hostname
X-S-Cookie
X-S
Rendered-Blocks
X-Request-UUID
X-Rewrite-Enabled
X-Rojux
MD5-Digest
Meta-Geo-Continent
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
Odigeo-Trace-Id
X-Cdn-Forward
X-VG-WebServer
X-VG-WebCache
X-Trv-Group
Mobile-Detection-Method
X-Vdms-Path
X-Vdms-Version
X-Processor
X-ScT
X-Origin-TTL
X-PBS-Appsvrname
X-PAYTM-SRV-ID
X-Owner
X-Origin-CC
X-FTR-Expires
X-RateLimit-Limit
X-Varnish-Beresp-Ttl
Path
X-Developers
On-Server
X-Tumblr-Pixel-3
Thinkindot-CacheControl-Type
X-TrackingId
X-Thinkindot-L3
Xc-Version
X-Swa-Ws
Wxu-Next-Region
X-Thanos
X-Device-Os
Release
X-Mvc-Supplant-Cachable
Thinkindot-CacheControl
X-Cache-Info
X-Micro-Cache
CacheControlHeader
X-Cache-Bucket
Content-Disposition
Host-ID
AKAMAI
X-Core-Value
Pagetype
X-Bip
X-Cms-Context
X-Magnolia-Registration
Wxu-Next-Hostname
X-GeoIP-City
Thinkindot-Control
V-Age
UCS
X-HS-Content-Campaign-Id
Server-Host
X-Geo-Header
X-Reqid
X-Policy
Gh-Request-Id
X-Tb
X-Generated-In
Fastly-Backend-Name
Ssr
X-Fetched-On
X-Fastly-Cache
Wxu-Next-Commit
X-Irp-Debug
X-OVcl
X-OVcl-Cache
Magicmarker
X-Sucuri-ID
X-Varnish-Beresp-Status
User-Cache-Control
Filterid
X-NewRelic-App-Data
Sever-Int
PB-RID
Vix-Hermes-Req-Id
Web-Mar-Node
PFcat
Server-Hostname
True-Client-Country-4JS
PB-PID
Server-Ext
X-Has-Esi
X-Ratelimit-Reset
X-Request-Host
X-Request-URI
X-Scheme
X-Origin-Response-Time
X-Origin
X-JWT-State
X-Method
X-Nginx-Cache-Key
X-Old-Content-Length
X-Skip-Cache
X-SVT-ORM-RULES
X-VG-TLSProxy
X-WADP-Cache
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-VarnishDD-TTL
X-Varnish-Hits
X-SVT-ORM-VERSION
X-User
X-Var-Ttl
X-Is-Gdpr
X-IP
X-CGP
X-Csrf-Jwt
X-Developer
X-Dispatcher-Server
X-Cache-Id
X-Cache-Debug
X-Backend-State
X-Block-Status
X-Branch-Name
X-Envoy-Decorator-Operation
X-Esi-Check
X-GeoIP
X-Gzip
X-HN
X-Hnp-Log
X-Generated-By
X-Gen-Mode
X-Eu-Site
X-FC-Vary-Parameters
X-Fmm-Version
X-Azure-Ref-OriginShield
X-Clara-WADP
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
X-B3-Traceid
Apple-News-Services-Request-Url
CDN-RequestId
CDN-Uid
HA-Ipaddr
Ha-Gx-Prefs
Cf-Device-Type
DSUID
Esi-Enabled
CDCHOST
Cf-Bgj
Apple-News-Services-Handled
Geo-Info
L
Cache-Host
C-Via
CDN-CachedAt
CDN-Cache
NM-Fastcgi-Cache
NGX
CDN-EdgeStorageId
Arc-Version
Locid
CDN-RequestCountryCode
L5d-Success-Class
Origin
Location
CDN-PullZone
X-DPWN-IS-SECURE
X-DefHash
X-Cache-Tags
X-Clientip
X-DefElseHash
Adler-Geo
X-LB-ID
X-Variation
X-SIPLIST1
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Varnish-CookieHashed-On
X-Varnish-CookieINHashed-On
X-Cache-Var
X-Cache-Var-Map
X-VServer
X-Varnish-Remaining-TTL
X-Platform-Server
X-Origin-Expires
X-Hash
X-Goog-Meta-Goog-Reserved-File-Mtime
X-GoCache-CacheStatus
X-Gamma-Serve
X-Li-Fabric
X-Li-Pop
X-NU-AKA-ACS-Version
X-Node-Id
X-LI-UUID
X-Fastly-Backend
X-Slack-Backend
Platform
Fastly-SWR
Fastly-SIE
Fastly-Drupal-HTML
Is-Eu
X-Aicache-OS
IsBot
X-CLOUD-TRACE-CONTEXT
X-Unique-Id
X-ID
X-EC-Lua
X-GEO
Rt-Fastcgi-Cache
X-Varnish-Url
X-Epic-Correlation-Id
X-Mvc-Supplant-OutputCached
Instruction
SR-User-Adfree
X-Via-Popn
X-PF-Uncompressing
Pics-Label
X-Via-Popv
X-CUA
X-Via-Poph
X-Planisys-CDN-TTL
X-Loc
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-APP-VERSION
Sid
NGB
Url
X-Refresh
X-Matched-Rule
Lfy
X-Cache-Backend
Cmsid
Req-Svc-Chain
X-Cache-Expires
CloudFront-Viewer-Country
Cmstype
X-Servername
X-Sn-Servicetimems
X-NCache
Pramga
Svr
X-Served-From
X-Cdn-Origin
Kp-EeAlive
X-Srv
X-Cache-Date
VivaBuild
A
X-Core-Mission
X-TraceId
Viewtype
X-Tb-Optimization-Total-Bytes-Saved
Tcn
MIME-Version
Cache-Key
X-Vgn-Hpd-Reason
M-TraceId
X-Request-Start
Arc-Country
Source
Cross-Origin-Opener-Policy
X-PHP-Backend
X-SaId
Server-ID
X-NGENIX-Cache
X-Error
X-JoinUs
X-FireWall-Protection
TDXMobile
DataCenter
X-Geo
X-Edge-Location
X-Webkit-CSP-Report-Only
X-Kraken-Routeconfig-Destination
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
X-Edge-Location-Klb
X-DC
X-Varnish-Cacheable
X-Vc
X-Vcl-Version
GeoIp-Country-Code
X-Instrumentation
Geoip-Latitude
NtCoent-Length
X-NC
SID
X-HS-Status
X-Air-Source
Content-Secure-Policy
X-Response-By
X-Servedbyhost
X-Service
X-Extlb
X-Internal-Host
Xkeyi7
X-Wa
X-B3-Spanid
X-Proxy-Cachei7
X-Forwarded-Site
Server-Ttl
N-Cache
X-Bc-Bl
X-Li-Proto
FSS-Cache
X-LiteSpeed-Cache-Control
HitType
X-Esi
Resin-Trace
X-BBXSRF
CACHE
X-CDN-Forward
S-Rt
X-Cache-2
X-Viewer-Country
X-Via-NSCOPI
X-LI-Proto
X-Cache-Remote
X-HOST
X-Date
X-Req
Memcached
X-Varnish-Authentication
X-Cache-ASPX
X-PJAX-URL
X-CCDN-CacheTTL
X-Svr
X-Proxy-Upstream
X-Contensis-Viewer-Groups
X-RAMCache
X-CCDN-Origin-Time
LB
Surrogated-Key
X-Cc-Req-Id
Request-ID
X-Hcs-Proxy-Type
Mail-Subject
We-Hiring
X-Cc-Via
D-Cc-Upstream
X-WA
X-Accel-Expires-Debug
Cteonnt-Length
X-Erf-Stays-Bingo-Pdp-Web
X-UA
X-RateLimit-Remaining-Second
X-RPS
X-RSL
X-APP
X-VC-Cache
Env
X-TIM-N
X-RPM
X-DI
X-DB
X-VCL-Version
X-ServedByHost
X-Newrelic-Synthetics
X-DSS
X-DW
X-RateLimit-Limit-Second
Upgrade-Insecure-Requests
Cross-Origin-Window-Policy
Hostname
Ohc-File-Size
X-Sucuri-Cache
GeoIP-Latitude
GeoIP-Country-Code
X-Server-IP
X-Men
X-Cs
X-Host-Name
XServer
X-Sigma-Backend
X-Cache-Config
X-Sigma
X-App
ProcessTime
X-Air-Trace-Id
X-Rocket-Build-Number
X-API-Version
X-Gdpr
Time
X-Action
X-Nyt-Route
X-Origin-Time
Memory
X-FPC
CF-Cached-On
X-ZONE
X-MSEdge-Flight
X-MSEdge-Features
X-HostName
X-Zone
CPC-Age
VNS-Age
Cache-Provider
X-NodeID
CPC-Cache
X-CF-Powered-By
X-Oss-Cdn-Auth
Server-Id
X-VC
X-SN
VNS-Cache
X-Region-Sid
X-Check-Cacheable
X-Fpc
X-Provided-By
X-Dynatrace-Js-Agent
Ohc-Cache-HIT
X-Swift-Error
X-SB
X-FORWARDED-FOR
W
X-Depends-On
Mime-Version
X-Webstats-RespID
X-SD-PageType
Srv
X-ServerName
X-Cdn-Request-ID
X-TIME
X-BBC-Edge-Cache-Status
CDN
X-CSRF-TOKEN
X-Ftr-Cache-Host
X-BACKEND-TTL
Cdn
X-UnsetCookies
State
My-App
Fastcgi-Cache-TTL
X-Client-Ip
X-Akamai-Pragma-Client-IP
X-Dw-Trace-Id
Dnion-Transfer-Encoding
X-Mg-Request-UUID
X-Fastly-Request-Id
X-Render-Time
X-Hello
X-Minions-Version
X-Flog
X-ABtesting
EpKe-Alive
X-Fastly-Backend-Reqs
X-Parent-Response-Time
X-NGINX-Cache
X-Presslabs-Stats
X-Oracle-DMS-ECID
Media-Length
Cf-Ipcountry
Vha6-Origin
X-Acquia-Application-UUID
X-Acquia-Purge-Tags
X-Acquia-Site
Proxy-Connection
X-Acquia-Application-Trace
X-Pad
X-Cache-Tag
X-Pf-Uncompressing
X-Auto-Login
Epwk-X-Cache
X-BBC-Origin-Response-Status
PICS-Label
X-Via-PopH
X-LiteSpeed-Tag
X-ElasticPress-Search
X-Snapshot-Date
X-Via-PopV
X-Via-PopN
X-Worker
Processtime
X-FTR-Cache-Host
X-Request-URL
X-Varnish-URL
X-ElasticPress-Query
X-Varnish-Beresp-TTL
Warning
X-Shop-Environment
X-Tenant
X-Orig-Expires
X-ND-Cache
OT-Force-Account-Verify
X-Forwarded-Path
X-MiniProfiler-Ids
X-Cluster-Node
X-Akamai-ERRuleID
X-Ms-Meta-Originalurl
X-Vcache
X-Ms-Meta-Staticbatchstarttime
X-Lb-Id
X-Traceid
X-Akamai-ERPolicy
Xet-Cookie
X-Air-Pt
X-Cache-Type
X-Ua
CountryCode
X-Apw-Access-Token
X-Apw-Access-Action
URI
X-Apw-Hits
X-Apw-Access-Object
X-Yottaa-OS
Phost
WZWS-RAY
X-Ftr-Request-Id
X-Mg-Request-Id
X-Cache-Status-Check
Content-Script-Type
X-Tid
X-IN-APIGATEWAY
X-Storefront-Renderer-Verified
Ohc-Response-Time
Inserted-Into-Cache-At
X-B3-Parentspanid
NnCoection
X-Amz-Meta-Cb-Modifiedtime
X-Debug-Cache-Store
X-Litespeed-Cache-Control
Datacenter
Content-Style-Type
X-Redis-Count
X-IN-APIGATEWAYSSL
X-Debug-Cache-Fetch
Environment
X-Redis-Duration-Ms