Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-RAY
CF-Cache-Status
X-XSS-Protection
Accept-Ranges
Link
Pragma
ETag
Expect-CT
X-Powered-By
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
Alt-Svc
X-UA-Compatible
X-Served-By
X-Timer
X-Download-Options
Access-Control-Allow-Headers
X-Request-Id
X-Varnish
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Permitted-Cross-Domain-Policies
X-Check
X-Xss-Protection
X-Cache-Status
X-Generator
X-DNS-Prefetch-Control
X-Cacheable
Timing-Allow-Origin
X-Ua-Compatible
X-Content-Security-Policy
X-Iinfo
X-Request-ID
Content-Encoding
X-CDN
Feature-Policy
X-AspNetMvc-Version
Status
X-Envoy-Upstream-Service-Time
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
Upgrade
X-Via
Access-Control-Max-Age
Keep-Alive
X-Ws-Request-Id
X-Age
X-AH-Environment
X-Robots-Tag
X-Turbo-Charged-By
EagleId
Request-Context
X-Proxy-Cache
X-Cache-Group
Server-Timing
X-Server
X-Backend
X-Hacker
Host-Header
Report-To
X-Server-Powered-By
X-Amz-Request-Id
X-Nginx-Cache-Status
Grace
X-Amz-Id-2
X-Dns-Prefetch-Control
X-UA-Device
X-Rq
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-LiteSpeed-Cache
X-Page-Speed
Cf-Railgun
X-Pingback
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-OneAgent-JS-Injection
X-Device
X-Amz-Version-Id
NEL
X-Cache-Spec
X-CST
X-WebKit-CSP
X-Vhost
Allow
X-Host
X-Backend-Server
X-Server-Id
Xkey
X-Dispatcher
EagleEye-TraceId
X-Node
Surrogate-Control
Request-Id
X-Response-Time
Content-Location
X-Akam-SW-Version
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
P3p
X-ASPNET-VERSION
X-Cache-Lookup
X-Application-Context
Accept-CH
X-Ac
X-Country
X-Ruxit-JS-Agent
X-Mod-Pagespeed
X-Template
Accept-Ch-Lifetime
Accept-Ch
X-Cloud-Trace-Context
X-Language
X-Readtime
Accept-CH-Lifetime
MS-Author-Via
X-B3-TraceId
X-Url
Rating
X-HW
X-Cnection
X-Origin-Cache
X-MS-InvokeApp
X-Vname
X-PC
X-TtlSet
Edge-Control
X-Clacks-Overhead
X-GitHub-Request-Id
X-ESI
X-Trace
Response
Pagespeed
Display
X-Middleton-Response
X-Middleton-Display
X-Sol
X-ORACLE-DMS-RID
X-Content-Type
X-Varnish-TTL
X-D2id
Verso
Arr-Disable-Session-Affinity
X-ORACLE-DMS-ECID
X-Use-Magma
X-GoogleNews-Bot
X-Kinja-Revision
X-Kinja
X-Exp-Variant
X-Kinja-Build
X-Exp-Id
X-Kinja-Server
X-Cdn-Fetch
X-Vcap-Request-Id
X-Country-Code
X-Goog-Hash
X-Rack-Cache
X-Powered-By-Plesk
X-Oneagent-Js-Injection
X-Navigation-Version
X-Server-Name
X-VARITI-CCR
Service-Worker-Allowed
X-Amz-Rid
X-Abt-Application-Version
X-TTL
X-Fastly-Request-ID
Fastly-Restarts
X-Buckets
X-Client-IP
X-Cached
X-Cache-TTL
X-FastCGI-Cache
X-MSEdge-Ref
X-Release
X-Element-Page-Cache
X-Dw-Request-Base-Id
X-NF-Request-ID
SPRequestGuid
X-SharePointHealthScore
MRF-Tech
X-B3-TraceId-Primal
Mrf-Cache-Status
Public-Key-Pins
SPIisLatency
SPRequestDuration
Pinterest-Generated-By
Pinterest-Version
X-Pinterest-Rid
Access-Control-Request-Method
RTSS
Cache-Tag
X-Edge
AR-PoweredBy
Ar-Sid
AR-CACHE
AR-Request-ID
AR-ATIME
X-Ezoic-Cdn
X-LLID
X-Powered-CMS
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Upstream
X-Ruxit-Js-Agent
Content-MD5
X-HP-Webp
X-Version
X-Jurisdiction
X-Webkit-CSP
S
X-Origin-Upstream-Status
X-Recruiting
X-DynaTrace
X-Mid
X-MCACHE
X-ECACHE
Charset
Fusion-Template-Id
X-Mg-S
Fusion-Component-Id
Fusion-Deployment-Id
Fusion-Source
Fusion-Content-Source
Fusion-Content-Id
X-Kinsta-Cache
X-PressLabs-Stats
X-Content-Digest
X-Ttl
X-Px
X-T
Fastcgi-Cache
Cache-Tags
X-Fastcgi-Cache
X-Accel-Expires
X-Litespeed-Cache
X-Id
X-Forwarded-Proto
X-Logged-In
Filters
X-Content-Security-Policy-Report-Only
X-Amz-Server-Side-Encryption
Server-Node
Edge-Cache-Tag
TCN
MicrosoftSharePointTeamServices
TP-L2-Cache
TP-Cache
Server-Name
Front-End-Https
X-Forwarded-For
X-Correlation-Id
X-Grace
Nginx-Cache
X-Request-Received
X-Request-Processing-Time
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Hits
X-Amzn-Trace-Id
X-Debug
X-Shield-Request-Id
X-B3-Sampled
X-Microsite
X-Request-Handler-Origin-Region
X-Varnish-Age
X-Az
X-Activity-Id
X-AppVersion
X-HS-Cache-Config
X-HS-Hub-Id
X-HS-Combine-CSS
X-HS-Content-Id
X-Yandex-Sdch-Disable
X-Amz-Replication-Status
Alternate-Protocol
Surrogate-Key
X-F-Cache
X-XRDS-LOCATION
X-Origin-Server
X-XRDS-Location
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-Goog-Generation
X-Goog-Storage-Class
X-Ser
X-DIS-Request-ID
Nel
X-NWS-LOG-UUID
X-Rid
Accept-Charset
X-Frontend
X-Geo-Country
X-Git-Hash
Section-Io-Cache
Host
X-Cache-Age
X-Hostname
X-Respond-Thread
X-Upgrade-Enabled
X-DataDome
X-Time
X-RateLimit-Remaining
X-LB-Cache
X-Mobile-URL
Access-Control-Allow-Method
X-Daa-Tunnel
MS-CV
X-Server-ID
X-VCache
X-Seen-By
ServerID
Paypal-Debug-Id
X-Type
X-IPLB-Instance
Payment
Healthy
X-Cache-Action
X-Providence-Cookie
X-Aspnet-Duration-Ms
X-Content-Options
X-Is-Crawler
X-App-Environment
X-Flags
X-Varnish-Backend
X-Request-Guid
X-Cache-Key
X-Route-Name
X-AOL-HN
X-Source
Cleartype
X-Debug-Info
Cache
X-TT
X-B-Cache
X-Whom
X-Page-Id
X-Signature
X-Pinterest-Direct
Fastcgi-Useragent
X-Load-Cache
X-WebKit-CSP-Report-Only
X-FTR-Request-ID
X-N
X-Contextid
X-Jobs
Realpath
X-FB-Debug
X-Webkit-Csp
X-Erf-Bev-Bev-Is-Generated
X-Mobile
X-Browser-Type
X-Erf-Bev-Bev
Node
Powered-By-ChinaCache
X-Rule
Refresh
X-Cache-Expired-At
X-Original-Request-Id
X-Accel-Buffering
X-Response-Served-From
DC
X-Drupal-Cache-Tags
Ms-Operation-Id
X-RTag
X-Wix-Request-Id
X-Proxy
Referer-Policy
X-Framework
X-Zen-Fury
X-Cluster-Name
X-RemovedCookies
X-B
X-ProcessESI
X-Cache-Control
X-HTML-Minification-Powered-By
X-Instance
X-Cacheable-TTL
Access-Control-Request-Headers
X-UUID
Viewport
X-Content-Powered-By
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-IPS-LoggedIn
X-Via-JSL
X-Page-View
X-Real-IP
X-Distributor
X-Drupal-Cache-Contexts
X-Cache-Time
X-Region
X-FireWall-Port
Eomportal-Instance
Version
VIX-Pulpo-Node
X-FW-Server
X-FW-Serve
X-FW-Dynamic
X-FW-Static
X-FW-Type
X-FW-Hash
VIX-Pulpo-Upstream-Status
Countrycode
X-Cache-Rule
X-Cache-Operation
Liferay-Portal
X-Cached-By
X-Akamai-Edgescape
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Cache-Hit
X-Tumblr-Pixel
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
X-Tumblr-User
X-G
X-Tec-Api-Root
X-Tec-Api-Version
X-Tec-Api-Origin
X-Pass-Why
X-Environment-Context
X-App-Server
X-L-Path
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-Debug-IsConnected
X-Debug-IsPreview
X-Nginx-Cache
DynaTrace
SRV
CF-IPCountry
Section-Io-Origin-Status
Section-Io-Id
X-Www-Served-By
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
Xserver
Server-Info
X-Protected-By
X-User-Agent
X-Device-Type
X-Varnish-Grace
From-Origin
X-Tumblr-Pixel-2
Webserver
Ec-Rule-Version
GEO-INFO
X-Mode
X-Adobe-Loc
X-Adobe-Content
X-ES-SERVER
X-RN-RSRV
Meta-Geo
Retry-After
X-Hl-Ver
X-UPSTREAM-Address
X-Handled-By
X-Endurance-Cache-Level
Cache-Status
X-Backend-Name
X-MP-GENERATED-AT
Webcakes-Region
X-Access
X-Storage
X-FB-TRIP-ID
X-Section
X-Request-Time
X-Soup
TWC-Privacy
Cache-Tv-Group
Property-Id
Country
Decoy-Debug-Key
Decoy-Debug-TTL
Decoy-Debug-Status
TWC-Connection-Speed
TWC-Device-Class
X-Format
Webcakes-App-Name
TWC-Locale-Group
TWC-GeoIP-LatLong
TWC-GeoIP-Country
Webcakes-App-Version
X-Cache-Server
Fastly-SSL
X-PCL
X-Origin-Hint
X-OCL
X-Varnishpool
X-Human
X-Uri
X-Pubstack
X-Proxy-Build
X-LJ-Flow-ID
X-Sql-Count
X-VWS-Id
Azure-RegionName
Apigw-Requestid
Azure-InstanceId
X-Via-Fastly
Selected-Fe
X-PERF
Mn-Server-Ip
X-Proto
X-Sql-Duration-Ms
X-NYM-Debug-Backend
X-ApacheServer
X-No-Session
X-Be
Azure-Version
Azure-SlotName
X-R9-Blue-Green-Version
X-Redis-Cache
X-ProxyCache-Key
X-ProxyCache-Status
Frame-Options
X-AWS-Id
X-Labrador-Cache-Channel
X-BYPASS-REASON
X-PHP-Host
X-WA-Info
X-Timing-Wait
Azure-SiteName
X-UA-Device-Type
X-LAGOON
X-Server-W
X-Proxied
Cache-Name
X-S-Maxage
X-Locale
X-Zipkin-Id
X-Info
X-SayCDN-TTL
X-Xfnlog-Site
X-Web-Node
X-Varnish-Server
X-Routing-Service
X-Say-TTL
X-Say-Cacheable
X-Site-Version
X-FW-Version
X-GG-Cache-Date
X-Origin-Date
X-Hosted-By
X-AIR-PT
X-Status
X-Cache-TTL-Remaining
X-Hyper-Cache
X-Ratelimit-Limit
X-Shopify-Stage
X-ShopId
X-ShardId
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-TNCMS
X-Storefront-Renderer-Rendered
X-Alternate-Cache-Key
X-Loop
Protected
X-TT-LOGID
X-Rendered-As
X-Is-Bot
AMP-Access-Control-Allow-Source-Origin
X-Proxy-Cache-Status
X-Cache-Enabled
X-Node-Name
Uber-Trace-Id
X-Dc
S-Cnection
X-Microcachable
X-CCM
X-Cache-Grace
X-Cluster
X-Forwarded-Host
X-TA-CDN-Provider
X-NWS-UUID-VERIFY
X-Revision
X-Qloud-Router
X-Content-Age
X-Azure-Ref
X-SRV
X-Platform
X-Via-CDN
X-Backend-Host
Cache-Hits
X-B3-Traceid
Amp-Access-Control-Allow-Source-Origin
X-Varnish-Ttl
X-Aspnetmvc-Version
X-CSRF-Token
Akamai-GRN
X-Trace-Id
X-Detected-As
X-EdgeConnect-Cache-Status
X-ATG-Version
X-App-Version
ServedBy
X-Amz-Apigw-Id
X-FTR-DC
X-FTR-Cache-Status
X-Amzn-Remapped-Content-Length
X-FTR-Balancer
X-FTR-Realm
X-FTR-Backend
X-Cache-PHP
X-Cache-Host
X-Amzn-RequestId
X-Varnish-Hostname
X-FTR-Backend-Server
X-Country-Code-Real
X-Debug-Cache
X-Cache-NGX
X-RCS-CacheZone
X-B3-SpanId
X-Ratelimit-Remaining
X-Amz-Meta-S3cmd-Attrs
X-CS
SD-X-WS
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-CACHE-KEY
X-Oss-Request-Id
X-Oss-Server-Time
X-Oss-Storage-Class
X-Nc
X-FTR-Expires
X-BCube-Filmed-By
X-Correlation-ID
DB-Nickname
X-Akamai-Transformed
X-DynaTrace-JS-Agent
HostName
Tracecode
X-Ms-Version
X-Time-Microsecs
X-Ms-Request-Id
X-Adobe-Source
X-TX-ID
X-Backend-TTL
X-Generated-On
Who
X-Generation-Time
X-Varnish-Cache-Hits
X-External-Request-Id
DCR-Decision-By
Mobile-Detection-Method
X-A
X-A-Ccd
X-A-Dcw
X-A-Dam
DCR-Processing-Time-Ms
Expiry
MD5-Digest
Meta-Geo-Continent
Machine
Rendered-Blocks
Fastcgi-X-Cache-Version
T-Server
X-A-Dgt
X-A-Wwc
X-Connection-Hash
X-CF-Lambda-Version
X-D
X-Location
X-From
X-Destination
X-CF-Lambda-Fn
X-Cache-NE
X-Application
X-Aed
X-ARC
X-B-Cookie
BehaviorPad-Version
Odigeo-Trace-Id
X-Level-Front-Cache
X-Origin-TTL
X-Trv-Group
X-S-Cookie
X-Vdms-Path
X-Processor
X-Rewrite-Enabled
X-Origin-CC
X-VG-WebCache
X-Request-UUID
X-RateLimit-Limit
X-Session-Fingerprint
X-NAPM-TraceId
Xc-Version
X-SRCache-Key
X-Vdms-Version
X-PBS-Appsvrname
X-PAYTM-SRV-ID
X-S
X-VG-WebServer
X-ScT
X-Vtex-Remote-Cache
X-Rojux
X-Vtex-Processado-Em
X-Unique-Id
Backend
X-ServerID
X-NewRelic-App-Data
X-Cache-Info
X-Cms-Context
X-Magnolia-Registration
X-Varnish-Beresp-Grace
AKAMAI
X-Cache-Bucket
CacheControlHeader
Cache-Host
X-Bip
X-Unique-ID
Wxu-Next-Hostname
Pagetype
Path
Release
Host-ID
X-Policy
Magicmarker
X-OVcl
X-Owner
On-Server
Gh-Request-Id
Ssr
UCS
Wxu-Next-Commit
Content-Disposition
Thinkindot-Control
Fastly-Backend-Name
X-Reqid
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
Wxu-Next-Region
X-Core-Value
X-Tb
X-Mvc-Supplant-Cachable
X-Fastly-Cache
X-Geo-Header
X-Thinkindot-L3
X-FC-Vary-Parameters
X-Air-Hostname
X-Fetched-On
X-TrackingId
X-Generated-In
X-Thanos
X-Swa-Ws
Country-Code
X-Device-Os
X-OVcl-Cache
X-Developers
X-Irp-Debug
X-HS-Content-Campaign-Id
X-GeoIP-City
X-Micro-Cache
X-Tumblr-Pixel-3
User-Cache-Control
X-Sucuri-ID
Server-Ext
Server-Host
X-Hnp-Log
X-Skip-Cache
X-SVT-ORM-RULES
Server-Hostname
X-Eu-Site
X-GoCache-CacheStatus
X-Has-Esi
X-HN
Sever-Int
PFcat
PB-RID
X-Is-Gdpr
X-Csrf-Jwt
X-JWT-State
X-VServer
NGX
X-IP
X-Envoy-Decorator-Operation
PB-PID
X-VG-TLSProxy
X-Method
Origin
X-SVT-ORM-VERSION
X-Clara-WADP
X-Generated-By
X-Origin-Response-Time
X-Fmm-Version
X-Wikidot-Backend
X-Block-Status
X-Backend-State
X-User
X-Node-Id
X-Azure-Ref-OriginShield
X-Wikidot-Static-Cache
X-Gen-Mode
X-Cache-Debug
X-Developer
X-GeoIP
X-CGP
X-Request-URI
X-Request-Host
V-Age
Web-Mar-Node
X-Varnish-Hits
X-Nginx-Cache-Key
X-VarnishDD-TTL
X-WADP-Cache
X-Var-Ttl
X-Cache-Var-Map
DSUID
Cf-Bgj
X-GEO
Esi-Enabled
X-Cdn-Forward
HA-Ipaddr
Ha-Gx-Prefs
CDCHOST
C-Via
Apple-News-Services-Handled
X-Varnish-Beresp-Ttl
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Arc-Version
Apple-News-Services-Request-Url
X-Cache-Var
Cf-Device-Type
Locid
L
L5d-Success-Class
X-APP-VERSION
X-Varnish-Beresp-Status
Filterid
X-ID
X-EC-Lua
CDN-EdgeStorageId
Location
X-Aicache-OS
X-Ratelimit-Reset
CDN-PullZone
X-Rebelmouse-Surrogate-Control
CDN-CachedAt
X-Cache-Id
IsBot
X-Fastly-Backend
X-Branch-Name
X-Esi-Check
X-Rebelmouse-Cache-Control
X-Dispatcher-Server
X-Gzip
CDN-RequestCountryCode
CDN-Cache
CDN-Uid
True-Client-Country-4JS
X-Origin
CDN-RequestId
X-Platform-Server
Fastly-SIE
SR-User-Adfree
X-NU-AKA-ACS-Version
Fastly-SWR
NM-Fastcgi-Cache
Vix-Hermes-Req-Id
X-Clientip
X-Scheme
Instruction
X-Cache-Tags
X-Li-Fabric
X-SIPLIST1
X-LI-UUID
X-Li-Pop
X-Old-Content-Length
X-Epic-Correlation-Id
X-DPWN-IS-SECURE
X-DefElseHash
X-DefHash
X-Varnish-CookieHashed-On
X-Variation
X-LB-ID
X-Loc
X-Mvc-Supplant-OutputCached
X-Origin-Expires
X-Slack-Backend
X-Varnish-CookieINHashed-On
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Varnish-Url
X-Hash
X-Varnish-Remaining-TTL
X-Gamma-Serve
X-CUA
Rt-Fastcgi-Cache
Platform
Adler-Geo
Is-Eu
Fastly-Drupal-HTML
X-Matched-Rule
X-PF-Uncompressing
Pics-Label
Lfy
Geo-Info
X-Cache-Backend
X-Planisys-CDN-TTL
X-Via-Poph
X-Refresh
CloudFront-Viewer-Country
X-Via-Popv
X-Via-Popn
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Cache-Expires
Sid
Url
X-Servername
X-Sn-Servicetimems
NGB
X-NCache
Cmsid
Req-Svc-Chain
Cmstype
X-Cdn-Origin
Pramga
X-TraceId
Kp-EeAlive
X-Cache-Date
X-Core-Mission
X-Served-From
Svr
X-Tb-Optimization-Total-Bytes-Saved
Viewtype
VivaBuild
A
X-Ua-Device
MIME-Version
X-Srv
Cache-Key
M-TraceId
X-Request-Start
Arc-Country
Cross-Origin-Opener-Policy
X-CLOUD-TRACE-CONTEXT
X-FireWall-Protection
X-Error
Source
X-Vgn-Hpd-Reason
X-Webkit-CSP-Report-Only
X-DC
TDXMobile
GeoIp-Country-Code
Server-ID
X-Varnish-Cacheable
Geoip-Latitude
X-JoinUs
X-SaId
X-PHP-Backend
X-NGENIX-Cache
X-NC
X-Response-By
SID
Tcn
X-HS-Status
X-Vc
X-Edge-Location
X-Servedbyhost
X-Wa
Content-Secure-Policy
DataCenter
X-CDN-Forward
Xkeyi7
X-Proxy-Cachei7
X-Vcl-Version
X-B3-Spanid
NtCoent-Length
X-Geo
Resin-Trace
X-Internal-Host
X-Air-Source
N-Cache
X-Esi
X-Service
Server-Ttl
X-LiteSpeed-Cache-Control
HitType
X-BBXSRF
X-Extlb
CACHE
X-Kraken-Routeconfig-Destination
X-LI-Proto
X-Server-Lifecycle-Phase
X-Li-Proto
X-Kraken-Loop-Name
X-Instrumentation
S-Rt
X-Forwarded-Site
X-Cache-2
FSS-Cache
X-HOST
X-Cache-Remote
X-Bc-Bl
D-Cc-Upstream
Request-ID
X-Hcs-Proxy-Type
X-CCDN-Origin-Time
X-Via-NSCOPI
X-Viewer-Country
X-Cc-Via
X-Varnish-Authentication
X-Edge-Location-Klb
X-VCL-Version
X-CCDN-CacheTTL
X-Svr
X-Cache-ASPX
X-Cc-Req-Id
X-RAMCache
X-Contensis-Viewer-Groups
Cteonnt-Length
XServer
X-UA
X-Erf-Stays-Bingo-Pdp-Web
X-Proxy-Upstream
X-DSS
X-TIM-N
X-PJAX-URL
Surrogated-Key
We-Hiring
X-DW
Memcached
X-RSL
X-RPS
LB
X-DB
X-DI
X-Newrelic-Synthetics
X-RPM
Mail-Subject
X-WA
Hostname
Cross-Origin-Window-Policy
Ohc-File-Size
X-Sucuri-Cache
X-Server-IP
X-ServedByHost
GeoIP-Latitude
X-Accel-Expires-Debug
X-App
GeoIP-Country-Code
X-VC-Cache
X-RateLimit-Limit-Second
X-Date
X-RateLimit-Remaining-Second
X-Cs
X-Req
X-Host-Name
X-Cache-Config
X-Men
X-API-Version
X-Sigma-Backend
ProcessTime
X-Sigma
X-Nyt-Route
X-FPC
X-Gdpr
CF-Cached-On
X-Action
X-ZONE
Env
Upgrade-Insecure-Requests
X-Rocket-Build-Number
X-APP
X-Origin-Time
X-HostName
X-TIME
Memory
CPC-Age
CPC-Cache
VNS-Age
VNS-Cache
X-Region-Sid
Time
X-MSEdge-Features
X-MSEdge-Flight
Server-Id
Cache-Provider
X-Oss-Cdn-Auth
X-CF-Powered-By
X-Fpc
X-VC
X-SN
X-NodeID
X-Check-Cacheable
X-Dynatrace-Js-Agent
X-Swift-Error
Ohc-Cache-HIT
X-Provided-By
X-Zone
X-Webstats-RespID
X-Depends-On
X-SB
X-SD-PageType
X-Air-Trace-Id
X-FORWARDED-FOR
W
Mime-Version
X-Akamai-Pragma-Client-IP
Srv
X-Cdn-Request-ID
CDN
X-BACKEND-TTL
X-BBC-Edge-Cache-Status
X-CSRF-TOKEN
X-UnsetCookies
X-Ftr-Cache-Host
Cdn
X-Client-Ip
X-NGINX-Cache
X-ServerName
Fastcgi-Cache-TTL
My-App
X-Render-Time
Dnion-Transfer-Encoding
X-Dw-Trace-Id
X-Parent-Response-Time
X-Fastly-Backend-Reqs
X-Fastly-Request-Id
EpKe-Alive
X-Hello
X-Flog
X-ABtesting
Media-Length
X-Presslabs-Stats
Vha6-Origin
X-Acquia-Purge-Tags
X-Oracle-DMS-ECID
X-Pad
Proxy-Connection
X-Pf-Uncompressing
X-Cache-Tag
X-Acquia-Application-UUID
X-Acquia-Application-Trace
X-Acquia-Site
X-ElasticPress-Search
State
X-BBC-Origin-Response-Status
Epwk-X-Cache
X-Minions-Version
Processtime
X-Snapshot-Date
PICS-Label
X-Via-PopN
X-Via-PopH
X-Worker
X-Auto-Login
X-Via-PopV
X-LiteSpeed-Tag
X-Mg-Request-UUID
Cf-Ipcountry
X-FTR-Cache-Host
Xet-Cookie
Warning
X-Varnish-URL
X-Varnish-Beresp-TTL
X-Lb-Id
X-Vcache
X-Ms-Meta-Originalurl
X-ElasticPress-Query
X-Akamai-ERPolicy
X-Cluster-Node
Datacenter
X-Ms-Meta-Staticbatchstarttime
X-Request-URL
X-Akamai-ERRuleID
OT-Force-Account-Verify
X-MiniProfiler-Ids
CountryCode
X-Tx-Id
X-Ua
X-Cache-Type
X-ND-Cache
X-Orig-Expires
X-Tenant
Ohc-Response-Time
X-Forwarded-Path
X-Shop-Environment
X-Apw-Access-Object
X-Apw-Access-Token
X-Apw-Hits
Content-Style-Type
X-Storefront-Renderer-Verified
X-Cache-Status-Check
X-Mg-Request-Id
X-Apw-Access-Action
X-Tid
X-Debug-Cache-Store
X-IN-APIGATEWAYSSL
X-B3-Parentspanid
X-Debug-Cache-Fetch
X-IN-APIGATEWAY
X-Traceid
Phost
NnCoection
Inserted-Into-Cache-At
URI
X-Litespeed-Cache-Control
X-Amz-Meta-Cb-Modifiedtime
X-Redis-Duration-Ms
X-Redis-Count
Environment
Content-Script-Type