Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
CF-RAY
Cf-Request-Id
CF-Cache-Status
X-XSS-Protection
Accept-Ranges
Link
Pragma
ETag
Expect-CT
X-Powered-By
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
Alt-Svc
X-UA-Compatible
X-Served-By
X-Timer
X-Download-Options
Access-Control-Allow-Headers
X-Request-Id
X-Varnish
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-Runtime
X-AspNet-Version
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Permitted-Cross-Domain-Policies
X-Check
X-Xss-Protection
X-Cache-Status
X-Generator
X-DNS-Prefetch-Control
X-Cacheable
Timing-Allow-Origin
X-Content-Security-Policy
X-Iinfo
X-Ua-Compatible
X-Request-ID
Content-Encoding
X-CDN
Feature-Policy
X-AspNetMvc-Version
Status
X-Envoy-Upstream-Service-Time
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
Upgrade
Access-Control-Max-Age
X-Via
Keep-Alive
X-Ws-Request-Id
X-Age
X-AH-Environment
X-Robots-Tag
X-Turbo-Charged-By
Request-Context
EagleId
X-Cache-Group
X-Proxy-Cache
Server-Timing
X-Server
X-Backend
X-Hacker
Host-Header
X-Server-Powered-By
Report-To
X-Amz-Request-Id
X-Nginx-Cache-Status
X-Amz-Id-2
Grace
X-UA-Device
X-Dns-Prefetch-Control
X-Rq
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-Page-Speed
X-LiteSpeed-Cache
Cf-Railgun
X-Pingback
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Device
X-Amz-Version-Id
X-OneAgent-JS-Injection
X-CST
X-Cache-Spec
NEL
X-WebKit-CSP
X-Vhost
Allow
X-Host
X-Backend-Server
X-Server-Id
Xkey
X-ASPNET-VERSION
EagleEye-TraceId
X-Dispatcher
Surrogate-Control
X-Node
Request-Id
X-Response-Time
Content-Location
X-Akam-SW-Version
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Cache-Lookup
P3p
X-Application-Context
Accept-Ch-Lifetime
X-Country
X-Ac
X-Ruxit-JS-Agent
Accept-CH
Accept-Ch
X-Mod-Pagespeed
X-Template
X-Readtime
X-Language
X-Cloud-Trace-Context
X-B3-TraceId
MS-Author-Via
X-Url
Rating
X-HW
Accept-CH-Lifetime
X-Cnection
X-MS-InvokeApp
X-Origin-Cache
X-Vname
X-PC
X-TtlSet
Edge-Control
X-Clacks-Overhead
X-GitHub-Request-Id
X-ESI
X-Trace
X-Content-Type
Display
Response
X-Middleton-Display
X-Sol
X-Middleton-Response
Pagespeed
X-D2id
X-ORACLE-DMS-RID
Verso
Arr-Disable-Session-Affinity
X-Oneagent-Js-Injection
X-ORACLE-DMS-ECID
X-Cdn-Fetch
X-Kinja-Revision
X-Kinja-Build
X-Exp-Variant
X-Exp-Id
X-Use-Magma
X-Kinja-Server
X-GoogleNews-Bot
X-Kinja
X-Varnish-TTL
X-Goog-Hash
X-Vcap-Request-Id
X-Country-Code
X-Rack-Cache
X-Powered-By-Plesk
X-Navigation-Version
X-VARITI-CCR
Service-Worker-Allowed
X-Server-Name
X-Amz-Rid
X-Fastly-Request-ID
X-Abt-Application-Version
X-Client-IP
Fastly-Restarts
X-Buckets
X-TTL
X-Cache-TTL
X-Cached
X-MSEdge-Ref
X-Release
X-Element-Page-Cache
X-Dw-Request-Base-Id
X-NF-Request-ID
SPRequestGuid
X-SharePointHealthScore
Mrf-Cache-Status
MRF-Tech
X-B3-TraceId-Primal
SPIisLatency
Public-Key-Pins
SPRequestDuration
Access-Control-Request-Method
RTSS
Pinterest-Version
X-Webkit-CSP
X-Pinterest-Rid
Pinterest-Generated-By
Cache-Tag
X-FastCGI-Cache
X-Edge
AR-Request-ID
Ar-Sid
AR-ATIME
AR-PoweredBy
AR-CACHE
X-Powered-CMS
X-Ezoic-Cdn
X-LLID
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Upstream
X-Litespeed-Cache
Content-MD5
X-Version
X-Ruxit-Js-Agent
X-HP-Webp
S
X-Jurisdiction
X-Fastcgi-Cache
X-Origin-Upstream-Status
X-Recruiting
X-Ttl
X-Mid
X-ECACHE
X-MCACHE
Charset
X-DynaTrace
X-Mg-S
X-Kinsta-Cache
Fusion-Content-Source
Fusion-Template-Id
Fusion-Deployment-Id
Fusion-Content-Id
X-PressLabs-Stats
Fusion-Source
Fusion-Component-Id
X-Content-Digest
X-Px
X-T
Cache-Tags
Fastcgi-Cache
X-Id
X-Accel-Expires
X-Forwarded-Proto
X-Logged-In
Filters
X-Content-Security-Policy-Report-Only
Server-Node
X-Amz-Server-Side-Encryption
Edge-Cache-Tag
TP-L2-Cache
TP-Cache
MicrosoftSharePointTeamServices
Front-End-Https
Server-Name
X-Correlation-Id
TCN
X-Forwarded-For
X-Grace
Nginx-Cache
Nel
X-Request-Received
X-Request-Processing-Time
X-Hits
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Amzn-Trace-Id
X-Shield-Request-Id
X-B3-Sampled
X-Debug
X-Request-Handler-Origin-Region
X-Microsite
X-Varnish-Age
X-XRDS-LOCATION
X-Az
X-Activity-Id
X-AppVersion
Alternate-Protocol
X-HS-Cache-Config
X-HS-Content-Id
X-HS-Combine-CSS
X-HS-Hub-Id
X-Amz-Replication-Status
X-F-Cache
X-Yandex-Sdch-Disable
Surrogate-Key
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-Origin-Server
X-Goog-Storage-Class
X-Goog-Metageneration
X-XRDS-Location
X-Ser
X-Frontend
X-DIS-Request-ID
X-Rid
Accept-Charset
X-NWS-LOG-UUID
X-Cache-Age
X-Geo-Country
Host
X-Git-Hash
X-Hostname
Section-Io-Cache
X-Time
X-Respond-Thread
X-Upgrade-Enabled
Access-Control-Allow-Method
X-DataDome
X-VCache
X-Mobile-URL
MS-CV
X-Daa-Tunnel
X-LB-Cache
X-RateLimit-Remaining
X-Type
ServerID
Paypal-Debug-Id
X-AOL-HN
X-Seen-By
X-Source
X-TT
X-Content-Options
X-Cache-Action
Cleartype
X-Varnish-Backend
X-IPLB-Instance
X-Whom
X-App-Environment
Payment
Cache
Healthy
X-Signature
X-Is-Crawler
X-Flags
X-Debug-Info
X-B-Cache
X-Providence-Cookie
X-Aspnet-Duration-Ms
X-Route-Name
X-Request-Guid
X-Server-ID
X-Page-Id
X-WebKit-CSP-Report-Only
X-Load-Cache
Realpath
X-Cache-Key
X-N
X-Jobs
X-Contextid
X-Pinterest-Direct
Fastcgi-Useragent
X-FB-Debug
X-FTR-Request-ID
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Mobile
X-Browser-Type
Node
X-Webkit-Csp
X-Rule
Refresh
X-Cache-Expired-At
Powered-By-ChinaCache
X-Original-Request-Id
X-Accel-Buffering
X-Response-Served-From
X-RTag
Version
DC
Ms-Operation-Id
X-Drupal-Cache-Tags
Viewport
Access-Control-Request-Headers
X-Framework
X-Zen-Fury
X-Cluster-Name
X-Content-Powered-By
X-Cacheable-TTL
X-Instance
X-Cache-Control
X-Real-IP
X-ProcessESI
X-Proxy
X-B
Referer-Policy
X-HTML-Minification-Powered-By
X-RemovedCookies
X-UUID
X-Wix-Request-Id
X-Cache-Time
Eomportal-Instance
X-IPS-LoggedIn
X-Region
VIX-Pulpo-Upstream-Status
X-Tt-Trace-Host
X-Tt-Trace-Tag
VIX-Pulpo-Node
X-FireWall-Port
X-Distributor
X-Page-View
X-Via-JSL
X-Drupal-Cache-Contexts
Countrycode
X-Cached-By
X-FW-Static
X-FW-Hash
X-FW-Type
X-Cache-Rule
X-Cache-Operation
X-FW-Server
X-FW-Serve
X-FW-Dynamic
X-Tec-Api-Version
X-Tec-Api-Origin
X-Tec-Api-Root
X-G
X-Akamai-Edgescape
Liferay-Portal
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Tumblr-User
X-Yottaa-Metrics
X-Tumblr-Pixel-1
X-Yottaa-Optimizations
X-App-Server
X-Cache-Hit
X-Nginx-Cache
X-Environment-Context
Xserver
X-L-Path
X-Pass-Why
X-Debug-IsConnected
X-Www-Served-By
X-Debug-IsPreview
SRV
X-Protected-By
X-TEC-API-VERSION
X-TEC-API-ORIGIN
DynaTrace
X-TEC-API-ROOT
Section-Io-Origin-Time-Seconds
Section-Io-Origin-Status
Section-Io-Id
Section-Origin-Responded
Server-Info
CF-IPCountry
X-Device-Type
X-User-Agent
X-Varnish-Grace
Webserver
X-Tumblr-Pixel-2
From-Origin
X-Adobe-Content
Ec-Rule-Version
X-Adobe-Loc
X-Mode
Retry-After
X-UPSTREAM-Address
X-Endurance-Cache-Level
X-RN-RSRV
X-ES-SERVER
X-Handled-By
Cache-Status
X-Hl-Ver
AMP-Access-Control-Allow-Source-Origin
Meta-Geo
X-Uri
X-MP-GENERATED-AT
X-Backend-Name
X-Varnish-Server
Frame-Options
Cache-Tv-Group
TWC-Locale-Group
X-OCL
X-Origin-Hint
X-PCL
X-Labrador-Cache-Channel
X-Human
X-FB-TRIP-ID
X-Format
X-PHP-Host
X-ProxyCache-Key
X-Storage
X-Varnishpool
X-Soup
X-Section
X-ProxyCache-Status
X-Request-Time
X-Cache-Server
X-BYPASS-REASON
Fastly-SSL
Property-Id
TWC-Connection-Speed
Decoy-Debug-TTL
Decoy-Debug-Status
Country
Decoy-Debug-Key
TWC-Device-Class
TWC-GeoIP-Country
Webcakes-Region
X-Access
Webcakes-App-Version
Webcakes-App-Name
TWC-GeoIP-LatLong
TWC-Privacy
Apigw-Requestid
X-Pubstack
X-Be
X-Server-W
X-VWS-Id
X-Ratelimit-Limit
X-AWS-Id
X-S-Maxage
X-WA-Info
Azure-Version
Azure-RegionName
Azure-InstanceId
Azure-SiteName
X-UA-Device-Type
Azure-SlotName
X-ApacheServer
X-Via-Fastly
X-NYM-Debug-Backend
Selected-Fe
X-Timing-Wait
X-PERF
X-No-Session
X-Proxy-Build
X-LAGOON
X-LJ-Flow-ID
Mn-Server-Ip
X-R9-Blue-Green-Version
X-Redis-Cache
Protected
X-Sql-Count
X-Sql-Duration-Ms
X-Web-Node
X-Status
Cache-Name
X-Varnish-Ttl
X-Say-TTL
X-SayCDN-TTL
X-Xfnlog-Site
X-Say-Cacheable
X-Routing-Service
X-Origin-Date
GEO-INFO
X-Zipkin-Id
X-Proxied
X-Info
X-Cache-TTL-Remaining
X-Proto
X-Storefront-Renderer-Rendered
X-Locale
X-Loop
X-Hyper-Cache
X-GG-Cache-Date
X-Shopify-Stage
X-Site-Version
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-ShopId
X-Hosted-By
X-ShardId
X-Alternate-Cache-Key
X-TNCMS
X-Rendered-As
X-AIR-PT
X-Proxy-Cache-Status
X-Is-Bot
Uber-Trace-Id
X-FW-Version
X-Dc
X-TA-CDN-Provider
X-Cluster
X-Cache-Enabled
X-TT-LOGID
X-Microcachable
S-Cnection
X-Content-Age
X-Node-Name
X-App-Version
X-Cache-Grace
X-Forwarded-Host
X-NWS-UUID-VERIFY
X-Qloud-Router
X-Revision
X-CCM
X-Platform
X-Azure-Ref
X-Backend-Host
X-CSRF-Token
X-Via-CDN
X-SRV
Cache-Hits
Akamai-GRN
X-Trace-Id
X-Ratelimit-Remaining
X-Detected-As
ServedBy
X-EdgeConnect-Cache-Status
X-Aspnetmvc-Version
X-Cache-Host
X-ATG-Version
X-Cache-NGX
X-Cache-PHP
X-CACHE-KEY
X-Varnish-Hostname
X-B3-SpanId
X-Amz-Apigw-Id
X-Amzn-Remapped-Content-Length
X-Debug-Cache
X-Amzn-RequestId
X-RCS-CacheZone
X-CS
X-FTR-DC
X-Country-Code-Real
X-FTR-Realm
X-FTR-Cache-Status
X-FTR-Backend
X-FTR-Balancer
X-FTR-Backend-Server
HostName
X-TX-ID
SD-X-WS
Amp-Access-Control-Allow-Source-Origin
X-Nc
DB-Nickname
X-Amz-Meta-S3cmd-Attrs
X-Oss-Request-Id
X-Oss-Object-Type
X-Oss-Server-Time
X-Oss-Storage-Class
X-Akamai-Transformed
X-Oss-Hash-Crc64ecma
X-Unique-ID
X-Time-Microsecs
X-BCube-Filmed-By
X-Adobe-Source
X-DynaTrace-JS-Agent
X-Correlation-ID
X-Backend-TTL
Who
X-Ms-Version
X-ServerID
Backend
X-Ms-Request-Id
X-A-Dam
X-A-Dcw
X-A-Dgt
X-Rewrite-Enabled
X-A-Ccd
X-Origin-CC
X-A
X-Generation-Time
X-A-Wwc
X-PAYTM-SRV-ID
Fastcgi-X-Cache-Version
X-Owner
X-Application
X-SRCache-Key
X-Origin-TTL
DCR-Decision-By
X-From
X-Session-Fingerprint
Meta-Geo-Continent
X-Varnish-Cache-Hits
X-Varnish-Beresp-Grace
X-ScT
X-D
DCR-Processing-Time-Ms
X-NAPM-TraceId
X-S-Cookie
X-Rojux
X-Destination
X-Location
X-B-Cookie
Rendered-Blocks
X-S
X-PBS-Appsvrname
X-Vtex-Remote-Cache
X-Level-Front-Cache
X-Cdn-Forward
X-ARC
X-Air-Hostname
X-VG-WebServer
X-External-Request-Id
X-Processor
X-VG-WebCache
X-Vdms-Version
MD5-Digest
Mobile-Detection-Method
Tracecode
Odigeo-Trace-Id
T-Server
X-Generated-On
X-Vdms-Path
X-Request-UUID
BehaviorPad-Version
X-Vtex-Processado-Em
Expiry
X-Connection-Hash
X-CF-Lambda-Version
Country-Code
X-Cache-NE
Machine
X-Aed
X-Trv-Group
X-CF-Lambda-Fn
X-FTR-Expires
X-RateLimit-Limit
Xc-Version
X-HS-Content-Campaign-Id
Server-Host
X-Core-Value
X-Irp-Debug
AKAMAI
On-Server
CacheControlHeader
X-Generated-In
Magicmarker
X-Device-Os
X-Developers
Cache-Host
Pagetype
X-GeoIP-City
Release
X-Geo-Header
Content-Disposition
Path
X-Varnish-Beresp-Ttl
V-Age
X-Magnolia-Registration
X-Thanos
Gh-Request-Id
X-OVcl-Cache
X-OVcl
Wxu-Next-Hostname
X-Cms-Context
X-Tumblr-Pixel-3
X-Policy
X-Bip
Host-ID
X-TrackingId
X-Reqid
X-Cache-Info
X-Thinkindot-L3
X-Tb
Wxu-Next-Commit
Wxu-Next-Region
UCS
X-Cache-Bucket
X-Fetched-On
Thinkindot-Control
Thinkindot-CacheControl-Type
X-Swa-Ws
Ssr
Thinkindot-CacheControl
X-Micro-Cache
Fastly-Backend-Name
X-Fastly-Cache
X-Mvc-Supplant-Cachable
User-Cache-Control
X-NewRelic-App-Data
Filterid
X-Varnish-Beresp-Status
X-Sucuri-ID
X-Envoy-Decorator-Operation
L
L5d-Success-Class
Locid
X-Dispatcher-Server
Location
X-Esi-Check
True-Client-Country-4JS
X-Clara-WADP
X-Eu-Site
X-Backend-State
Sever-Int
Vix-Hermes-Req-Id
Web-Mar-Node
X-Cache-Id
X-Cache-Debug
X-CGP
X-Azure-Ref-OriginShield
X-Branch-Name
Server-Hostname
PB-RID
PB-PID
Origin
NM-Fastcgi-Cache
PFcat
X-Developer
Server-Ext
X-Csrf-Jwt
X-Block-Status
NGX
Apple-News-Services-Handled
X-Skip-Cache
X-Wikidot-Static-Cache
X-Method
X-Scheme
X-Old-Content-Length
X-Nginx-Cache-Key
X-JWT-State
HA-Ipaddr
X-SVT-ORM-VERSION
X-Has-Esi
X-HN
X-Hnp-Log
X-IP
X-Origin
X-B3-Traceid
X-VarnishDD-TTL
X-VG-TLSProxy
X-Ratelimit-Reset
X-Varnish-Hits
X-User
Geo-Info
X-Request-Host
X-WADP-Cache
X-Wikidot-Backend
X-SVT-ORM-RULES
X-Origin-Response-Time
X-Request-URI
X-Gzip
X-Is-Gdpr
CDN-RequestId
CDCHOST
CDN-Uid
Cf-Bgj
X-FC-Vary-Parameters
CDN-Cache
Esi-Enabled
CDN-RequestCountryCode
CDN-PullZone
CDN-EdgeStorageId
CDN-CachedAt
Cf-Device-Type
C-Via
X-Var-Ttl
X-GeoIP
X-Gen-Mode
DSUID
Ha-Gx-Prefs
Apple-News-Services-Host
X-Generated-By
Arc-Version
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
X-Fmm-Version
X-Cache-Tags
X-Rebelmouse-Surrogate-Control
X-Varnish-CookieINHashed-On
X-Varnish-CookieHashed-On
X-Variation
X-Fastly-Backend
X-Varnish-Remaining-TTL
X-Gamma-Serve
X-DPWN-IS-SECURE
X-Rebelmouse-Cache-Control
X-VServer
X-NU-AKA-ACS-Version
X-Slack-Backend
X-Clientip
X-Hash
X-GoCache-CacheStatus
X-DefElseHash
X-Goog-Meta-Goog-Reserved-File-Mtime
X-LB-ID
X-Li-Fabric
X-DefHash
X-Origin-Expires
X-Node-Id
X-SIPLIST1
X-Li-Pop
X-LI-UUID
X-Platform-Server
X-Cache-Var-Map
Fastly-SWR
IsBot
Platform
Fastly-SIE
Fastly-Drupal-HTML
X-Cache-Var
Adler-Geo
X-Aicache-OS
Is-Eu
X-CLOUD-TRACE-CONTEXT
X-ID
X-EC-Lua
X-Unique-Id
X-Loc
SR-User-Adfree
Instruction
X-GEO
X-Mvc-Supplant-OutputCached
Rt-Fastcgi-Cache
X-Varnish-Url
X-Epic-Correlation-Id
X-Planisys-CDN-TTL
X-Via-Poph
Pics-Label
X-PF-Uncompressing
X-Planisys-CDN-Rules
X-CUA
X-Planisys-CDN-Cache
X-Via-Popv
X-Via-Popn
X-APP-VERSION
Lfy
NGB
Url
Sid
X-Matched-Rule
X-Refresh
X-Cache-Backend
Req-Svc-Chain
Cmstype
X-Cache-Expires
Cmsid
CloudFront-Viewer-Country
X-Servername
X-Sn-Servicetimems
Kp-EeAlive
Svr
X-Served-From
X-Cdn-Origin
Pramga
X-NCache
Viewtype
X-TraceId
MIME-Version
X-Core-Mission
A
X-Srv
X-Cache-Date
X-Tb-Optimization-Total-Bytes-Saved
VivaBuild
Tcn
X-Vgn-Hpd-Reason
M-TraceId
Cache-Key
Source
Arc-Country
X-Request-Start
Server-ID
Cross-Origin-Opener-Policy
X-SaId
X-PHP-Backend
X-JoinUs
TDXMobile
X-NGENIX-Cache
X-Error
X-FireWall-Protection
DataCenter
X-Edge-Location
X-Webkit-CSP-Report-Only
X-Geo
X-Kraken-Loop-Name
X-Kraken-Routeconfig-Destination
X-Vcl-Version
X-Edge-Location-Klb
GeoIp-Country-Code
X-Vc
X-DC
X-Instrumentation
Geoip-Latitude
X-Server-Lifecycle-Phase
X-Varnish-Cacheable
NtCoent-Length
SID
X-NC
X-Servedbyhost
X-HS-Status
X-Service
X-Response-By
Content-Secure-Policy
X-Air-Source
X-Extlb
X-Proxy-Cachei7
X-B3-Spanid
Xkeyi7
X-Wa
X-Internal-Host
X-BBXSRF
Server-Ttl
X-Esi
N-Cache
X-LiteSpeed-Cache-Control
X-Forwarded-Site
HitType
FSS-Cache
X-Li-Proto
Resin-Trace
X-Bc-Bl
CACHE
X-CDN-Forward
X-Viewer-Country
X-Via-NSCOPI
X-LI-Proto
S-Rt
X-Cache-2
X-Cache-Remote
X-HOST
D-Cc-Upstream
LB
X-Hcs-Proxy-Type
X-Cache-ASPX
X-RAMCache
X-CCDN-CacheTTL
X-Cc-Req-Id
X-Varnish-Authentication
X-Svr
Memcached
X-Accel-Expires-Debug
X-Contensis-Viewer-Groups
X-WA
We-Hiring
Request-ID
X-Date
X-Req
Mail-Subject
X-Cc-Via
X-Proxy-Upstream
X-PJAX-URL
Surrogated-Key
X-CCDN-Origin-Time
X-Erf-Stays-Bingo-Pdp-Web
X-UA
Cteonnt-Length
X-RateLimit-Limit-Second
X-RSL
Upgrade-Insecure-Requests
X-RateLimit-Remaining-Second
X-Newrelic-Synthetics
X-APP
X-ServedByHost
Env
X-VC-Cache
X-RPS
X-RPM
X-DSS
X-DI
X-DB
X-VCL-Version
X-TIM-N
X-DW
Ohc-File-Size
Cross-Origin-Window-Policy
X-Sucuri-Cache
Hostname
X-Sigma-Backend
X-Sigma
X-Cs
X-Rocket-Build-Number
GeoIP-Latitude
GeoIP-Country-Code
X-Server-IP
X-Men
X-Host-Name
XServer
X-API-Version
X-MSEdge-Features
X-Origin-Time
Memory
X-Nyt-Route
Time
X-MSEdge-Flight
X-Gdpr
X-FPC
X-Action
X-ZONE
CF-Cached-On
X-Cache-Config
ProcessTime
X-App
X-Air-Trace-Id
X-Zone
X-HostName
VNS-Age
X-VC
X-CF-Powered-By
X-SN
X-Oss-Cdn-Auth
CPC-Age
X-Region-Sid
VNS-Cache
X-Check-Cacheable
Server-Id
Cache-Provider
X-NodeID
X-Fpc
CPC-Cache
X-Swift-Error
X-Dynatrace-Js-Agent
Ohc-Cache-HIT
X-Provided-By
X-SB
X-FORWARDED-FOR
W
X-SD-PageType
X-Depends-On
Mime-Version
X-Webstats-RespID
Srv
X-Cdn-Request-ID
X-ServerName
CDN
X-UnsetCookies
Cdn
X-BACKEND-TTL
Fastcgi-Cache-TTL
My-App
X-BBC-Edge-Cache-Status
State
X-Ftr-Cache-Host
X-CSRF-TOKEN
X-TIME
X-Client-Ip
X-Akamai-Pragma-Client-IP
X-ABtesting
EpKe-Alive
X-Fastly-Backend-Reqs
X-Minions-Version
X-Dw-Trace-Id
X-Flog
Dnion-Transfer-Encoding
X-Fastly-Request-Id
X-Render-Time
X-Mg-Request-UUID
X-Parent-Response-Time
X-Hello
X-Pad
Media-Length
X-Presslabs-Stats
X-Oracle-DMS-ECID
X-Cache-Tag
Proxy-Connection
Vha6-Origin
Cf-Ipcountry
X-Acquia-Application-Trace
X-Acquia-Site
X-Acquia-Purge-Tags
X-Acquia-Application-UUID
X-Pf-Uncompressing
X-NGINX-Cache
X-Via-PopV
X-Worker
X-BBC-Origin-Response-Status
X-Via-PopN
X-Via-PopH
X-Cache-Type
Processtime
X-LiteSpeed-Tag
PICS-Label
X-Auto-Login
Epwk-X-Cache
OT-Force-Account-Verify
X-Snapshot-Date
X-ElasticPress-Search
X-FTR-Cache-Host
X-Akamai-ERPolicy
X-Ms-Meta-Originalurl
X-Akamai-ERRuleID
X-Traceid
X-Tenant
X-Shop-Environment
X-Orig-Expires
X-Vcache
Xet-Cookie
X-Varnish-Beresp-TTL
X-ND-Cache
X-MiniProfiler-Ids
Warning
X-Request-URL
X-Varnish-URL
X-ElasticPress-Query
X-Cluster-Node
X-Lb-Id
X-Forwarded-Path
X-Ms-Meta-Staticbatchstarttime
X-Air-Pt
X-Ua
CountryCode
X-Mg-Request-Id
X-Redis-Count
Environment
X-Cache-Status-Check
X-Apw-Access-Token
X-Apw-Hits
X-Redis-Duration-Ms
X-Ftr-Request-Id
NnCoection
X-Yottaa-OS
X-B3-Parentspanid
Ohc-Response-Time
URI
X-Apw-Access-Object
X-Apw-Access-Action
Datacenter
Inserted-Into-Cache-At
X-IN-APIGATEWAYSSL
X-Amz-Meta-Cb-Modifiedtime
X-IN-APIGATEWAY
Phost
X-Litespeed-Cache-Control
X-Debug-Cache-Fetch
X-Storefront-Renderer-Verified
X-Debug-Cache-Store
Content-Style-Type
Content-Script-Type
X-Tid