Threat Level: green Handler on Duty: Renato Marinho

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-Cache-Status
Accept-Ranges
CF-RAY
Link
Pragma
ETag
X-XSS-Protection
Expect-CT
X-Powered-By
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
P3P
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
Alt-Svc
X-UA-Compatible
X-Served-By
X-Timer
X-Download-Options
Access-Control-Allow-Headers
X-Request-Id
X-Varnish
X-Xss-Protection
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-Runtime
X-AspNet-Version
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Permitted-Cross-Domain-Policies
X-Check
X-Cache-Status
X-Generator
X-DNS-Prefetch-Control
X-Cacheable
Timing-Allow-Origin
X-Content-Security-Policy
X-FRAME-OPTIONS
X-Iinfo
X-Ua-Compatible
X-Request-ID
Content-Encoding
X-CDN
Feature-Policy
X-AspNetMvc-Version
Status
X-Envoy-Upstream-Service-Time
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
Upgrade
Access-Control-Max-Age
CF-Ray
X-Via
Keep-Alive
X-Ws-Request-Id
X-AH-Environment
X-Age
X-Robots-Tag
Request-Context
X-Turbo-Charged-By
EagleId
X-Cache-Group
X-Proxy-Cache
Server-Timing
X-Server
X-Backend
X-Hacker
X-Server-Powered-By
Host-Header
Report-To
X-Amz-Request-Id
X-Nginx-Cache-Status
X-Amz-Id-2
Grace
X-UA-Device
X-Dns-Prefetch-Control
X-Rq
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-LiteSpeed-Cache
X-Page-Speed
Cf-Railgun
X-Pingback
X-OneAgent-JS-Injection
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Device
X-CST
NEL
X-Amz-Version-Id
X-Cache-Spec
Allow
X-Vhost
X-Host
X-Backend-Server
X-WebKit-CSP
X-Server-Id
X-ASPNET-VERSION
X-Dispatcher
Surrogate-Control
EagleEye-TraceId
X-Node
Xkey
Request-Id
X-Response-Time
Content-Location
X-Akam-SW-Version
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Accept-CH
X-Ruxit-JS-Agent
X-Cache-Lookup
P3p
X-Application-Context
X-Country
X-Ac
X-Mod-Pagespeed
X-Cloud-Trace-Context
X-Readtime
Accept-CH-Lifetime
X-Template
X-B3-TraceId
X-Language
MS-Author-Via
Accept-Ch-Lifetime
X-HW
Rating
X-Url
X-Cnection
X-MS-InvokeApp
X-Origin-Cache
X-PC
X-TtlSet
X-Vname
Edge-Control
Accept-Ch
X-Clacks-Overhead
X-ESI
X-GitHub-Request-Id
X-Trace
X-Webkit-CSP
X-Sol
Pagespeed
Response
Display
X-Middleton-Response
X-Middleton-Display
X-D2id
X-Content-Type
Verso
Arr-Disable-Session-Affinity
X-Kinja
X-Kinja-Build
X-GoogleNews-Bot
X-Exp-Variant
X-Cdn-Fetch
X-Exp-Id
X-Kinja-Server
X-Kinja-Revision
X-Use-Magma
X-Varnish-TTL
X-Powered-By-Plesk
X-Country-Code
X-Goog-Hash
X-Rack-Cache
X-Vcap-Request-Id
X-FastCGI-Cache
X-ORACLE-DMS-RID
X-VARITI-CCR
X-Navigation-Version
X-ORACLE-DMS-ECID
X-Server-Name
X-Abt-Application-Version
X-Amz-Rid
Service-Worker-Allowed
X-Fastly-Request-ID
Fastly-Restarts
X-Cached
X-Client-IP
X-TTL
X-Buckets
X-MSEdge-Ref
X-Release
X-Element-Page-Cache
Cache-Tag
X-Dw-Request-Base-Id
X-NF-Request-ID
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
Access-Control-Request-Method
RTSS
SPRequestGuid
Public-Key-Pins
X-SharePointHealthScore
SPIisLatency
SPRequestDuration
X-Cache-TTL
X-Oneagent-Js-Injection
AR-CACHE
AR-ATIME
AR-PoweredBy
AR-Request-ID
Ar-Sid
X-Edge
X-Ezoic-Cdn
X-Powered-CMS
X-LLID
Pinterest-Version
Pinterest-Generated-By
X-Pinterest-Rid
X-Upstream
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Version
S
X-Jurisdiction
X-HP-Webp
Content-MD5
X-Ttl
X-Kinsta-Cache
X-Recruiting
X-ECACHE
X-MCACHE
X-Mid
Charset
X-Mg-S
X-PressLabs-Stats
X-DynaTrace
X-T
X-Origin-Upstream-Status
Cache-Tags
X-Ruxit-Js-Agent
X-Content-Digest
X-Accel-Expires
Fusion-Template-Id
Fusion-Component-Id
Fusion-Content-Id
Fusion-Content-Source
Fusion-Deployment-Id
Fusion-Source
X-Forwarded-Proto
Fastcgi-Cache
X-Id
X-Content-Security-Policy-Report-Only
X-Px
X-Logged-In
Filters
TP-Cache
TP-L2-Cache
X-Litespeed-Cache
Server-Node
TCN
Edge-Cache-Tag
Server-Name
X-Amz-Server-Side-Encryption
Front-End-Https
X-Forwarded-For
X-Request-Processing-Time
X-Request-Received
X-Correlation-Id
MicrosoftSharePointTeamServices
X-XRDS-Location
Nginx-Cache
X-Grace
X-Shield-Request-Id
X-Hits
X-Amzn-Trace-Id
Alternate-Protocol
X-B3-Sampled
X-Kong-Upstream-Latency
X-Microsite
X-Request-Handler-Origin-Region
X-Kong-Proxy-Latency
X-Activity-Id
X-AppVersion
X-Az
X-F-Cache
X-HS-Combine-CSS
X-HS-Hub-Id
X-HS-Cache-Config
X-HS-Content-Id
X-Server-ID
X-Amz-Replication-Status
X-NWS-LOG-UUID
X-Varnish-Age
X-Debug
X-Origin-Server
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-GUploader-UploadID
X-Goog-Metageneration
X-Goog-Storage-Class
X-Goog-Generation
X-Fastcgi-Cache
X-Frontend
X-Rid
X-Yandex-Sdch-Disable
X-Geo-Country
X-RateLimit-Remaining
Host
Surrogate-Key
Realpath
X-Cache-Age
Section-Io-Cache
X-DIS-Request-ID
X-Daa-Tunnel
Accept-Charset
Nel
X-Hostname
X-Ser
X-Git-Hash
X-Time
Access-Control-Allow-Method
X-VCache
X-Mobile-URL
X-Respond-Thread
X-Seen-By
X-Upgrade-Enabled
MS-CV
Cleartype
ServerID
X-Source
X-DataDome
Paypal-Debug-Id
X-Type
X-AOL-HN
X-Contextid
X-Cache-Key
X-LB-Cache
Payment
X-IPLB-Instance
X-TT
X-Varnish-Backend
X-Debug-Info
X-Content-Options
X-B-Cache
X-Cache-Action
X-Signature
Healthy
X-WebKit-CSP-Report-Only
X-Whom
X-Route-Name
X-Request-Guid
X-Load-Cache
X-Providence-Cookie
X-XRDS-LOCATION
X-Is-Crawler
X-Aspnet-Duration-Ms
X-Flags
X-App-Environment
X-N
X-Page-Id
Fastcgi-Useragent
X-FB-Debug
Cache
X-Jobs
Node
X-Rule
X-Webkit-Csp
X-Mobile
X-Cache-Expired-At
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Browser-Type
Refresh
X-FireWall-Port
Viewport
X-Response-Served-From
X-Accel-Buffering
X-Original-Request-Id
X-Wix-Request-Id
Ms-Operation-Id
DC
X-RTag
X-Content-Powered-By
X-Cluster-Name
X-FTR-Request-ID
Access-Control-Request-Headers
X-Cacheable-TTL
X-B
X-Real-IP
X-Tec-Api-Root
X-ProcessESI
X-Framework
X-Debug-IsConnected
X-HTML-Minification-Powered-By
X-Distributor
X-Tec-Api-Version
X-Tec-Api-Origin
X-RemovedCookies
X-Debug-IsPreview
X-Zen-Fury
X-UUID
X-Cache-Control
X-Proxy
X-IPS-LoggedIn
X-Instance
X-Cache-Time
Eomportal-Instance
X-Region
Referer-Policy
X-Drupal-Cache-Tags
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
Version
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-Page-View
X-Www-Served-By
Countrycode
X-Drupal-Cache-Contexts
X-Protected-By
X-Nginx-Cache
X-FW-Static
X-FW-Serve
X-FW-Dynamic
X-FW-Hash
Xserver
X-FW-Server
X-FW-Type
X-G
X-Tumblr-Pixel-0
X-Cached-By
X-App-Server
X-Tumblr-Pixel-1
X-Tumblr-User
X-Tumblr-Pixel
Liferay-Portal
X-Yottaa-Metrics
X-Cache-Operation
X-Yottaa-Optimizations
X-Cache-Rule
X-Via-JSL
X-Akamai-Edgescape
X-Varnish-Grace
X-Environment-Context
X-Pass-Why
X-L-Path
Powered-By-ChinaCache
X-Cache-Hit
Section-Io-Origin-Time-Seconds
SRV
Section-Io-Origin-Status
Section-Origin-Responded
Section-Io-Id
X-Device-Type
X-Pinterest-Direct
X-TA-CDN-Provider
Server-Info
CF-IPCountry
GEO-INFO
DynaTrace
X-Adobe-Loc
X-Varnish-Server
X-Adobe-Content
X-User-Agent
Cache-Status
Retry-After
Frame-Options
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
From-Origin
X-Tumblr-Pixel-2
Ec-Rule-Version
X-Handled-By
X-Endurance-Cache-Level
X-RN-RSRV
Webserver
Meta-Geo
X-UPSTREAM-Address
X-Hl-Ver
X-ES-SERVER
X-Backend-Name
X-FB-TRIP-ID
Cache-Tv-Group
X-Mode
TWC-GeoIP-LatLong
X-MP-GENERATED-AT
Apigw-Requestid
Country
Property-Id
X-PCL
X-Origin-Hint
X-Proxy-Cache-Status
X-OCL
Uber-Trace-Id
TWC-Privacy
TWC-Connection-Speed
TWC-Device-Class
X-ProxyCache-Status
X-NYM-Debug-Backend
X-Pubstack
X-Access
X-ProxyCache-Key
Webcakes-Region
TWC-GeoIP-Country
Webcakes-App-Name
Webcakes-App-Version
X-Request-Time
X-Uri
TWC-Locale-Group
X-Format
X-BYPASS-REASON
X-Be
X-Varnishpool
X-Soup
X-Storage
X-Section
X-Cache-Server
X-Origin-Date
Fastly-SSL
Decoy-Debug-TTL
Decoy-Debug-Status
X-PHP-Host
X-PERF
Decoy-Debug-Key
X-Human
X-Info
X-No-Session
X-LJ-Flow-ID
Cache-Name
X-ApacheServer
Selected-Fe
Mn-Server-Ip
X-Labrador-Cache-Channel
X-AWS-Id
X-Server-W
X-Proxy-Build
X-UA-Device-Type
X-Timing-Wait
X-R9-Blue-Green-Version
X-VWS-Id
X-Via-Fastly
X-S-Maxage
X-WA-Info
X-Cache-TTL-Remaining
X-Proto
X-Say-Cacheable
Azure-InstanceId
Azure-SiteName
Azure-RegionName
Azure-SlotName
Azure-Version
X-Web-Node
X-Say-TTL
X-Xfnlog-Site
X-GG-Cache-Date
X-SayCDN-TTL
X-LAGOON
Protected
X-Varnish-Ttl
X-TNCMS
X-Sql-Count
X-ShardId
X-ShopId
X-Sql-Duration-Ms
X-Hosted-By
X-Shopify-Stage
X-Loop
X-Alternate-Cache-Key
X-Hyper-Cache
X-Storefront-Renderer-Rendered
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-Status
X-Proxied
X-Zipkin-Id
X-App-Version
X-Routing-Service
X-Redis-Cache
X-Cache-Enabled
X-Locale
X-NWS-UUID-VERIFY
X-Backend-Host
X-Rendered-As
X-Is-Bot
X-Content-Age
X-FW-Version
X-Microcachable
AMP-Access-Control-Allow-Source-Origin
X-Site-Version
X-Azure-Ref
X-Cluster
S-Cnection
X-SRV
X-Ratelimit-Limit
X-Forwarded-Host
X-Cache-Grace
X-AIR-PT
Amp-Access-Control-Allow-Source-Origin
X-Platform
X-TT-LOGID
X-Qloud-Router
X-CSRF-Token
Akamai-GRN
X-Revision
X-Trace-Id
X-Dc
ServedBy
X-Via-CDN
X-ATG-Version
X-Cache-NGX
X-Varnish-Hostname
X-Cache-PHP
X-EdgeConnect-Cache-Status
X-RCS-CacheZone
Cache-Hits
X-Debug-Cache
X-RateLimit-Limit
X-Aspnetmvc-Version
X-Correlation-ID
X-Akamai-Transformed
Who
X-Node-Name
X-CCM
Country-Code
DB-Nickname
Filterid
X-B3-SpanId
X-CS
X-Detected-As
X-TX-ID
X-Cache-Host
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Amzn-Remapped-Content-Length
X-Adobe-Source
X-Varnish-Beresp-Grace
X-BCube-Filmed-By
X-Ms-Request-Id
X-Ms-Version
X-CACHE-KEY
SD-X-WS
X-Varnish-Beresp-Ttl
Backend
X-Nc
X-Oss-Request-Id
X-Oss-Server-Time
X-Oss-Object-Type
X-B-Cookie
X-Oss-Hash-Crc64ecma
X-Origin-CC
X-Origin-TTL
DCR-Processing-Time-Ms
X-Processor
Fastcgi-X-Cache-Version
X-ARC
X-Application
X-From
X-PBS-Appsvrname
X-Oss-Storage-Class
X-Owner
X-PAYTM-SRV-ID
DCR-Decision-By
X-CF-Lambda-Fn
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
X-Varnish-Beresp-Status
X-Vdms-Version
X-External-Request-Id
X-Generation-Time
X-VG-WebServer
X-Generated-On
X-VG-WebCache
X-Vdms-Path
X-Destination
BehaviorPad-Version
X-CF-Lambda-Version
X-NAPM-TraceId
X-Aed
X-Location
X-Varnish-Cache-Hits
X-D
X-Connection-Hash
X-Level-Front-Cache
X-Cache-NE
Expiry
Machine
X-Session-Fingerprint
HostName
X-Trv-Group
X-S-Cookie
Odigeo-Trace-Id
T-Server
Meta-Geo-Continent
Mobile-Detection-Method
X-Time-Microsecs
X-SRCache-Key
MD5-Digest
X-A
X-ScT
X-A-Dcw
X-A-Ccd
X-Rewrite-Enabled
X-Request-UUID
X-A-Wwc
X-A-Dgt
Rendered-Blocks
X-A-Dam
X-Rojux
X-S
X-Magnolia-Registration
X-Unique-ID
X-Edge-Location-Klb
X-FC-Vary-Parameters
Thinkindot-CacheControl
X-Developers
X-Device-Os
X-Fetched-On
PB-PID
Path
Server-Host
Ssr
Pagetype
Thinkindot-CacheControl-Type
PB-RID
CacheControlHeader
Wxu-Next-Hostname
Wxu-Next-Commit
V-Age
Content-Disposition
Wxu-Next-Region
Gh-Request-Id
X-Azure-Ref-OriginShield
Host-ID
UCS
X-Bip
Arc-Version
Thinkindot-Control
X-Core-Value
X-Cms-Context
Cache-Host
Cf-Device-Type
Magicmarker
AKAMAI
X-Geo-Header
X-Reqid
NGB
X-OVcl
X-Thanos
X-OVcl-Cache
X-Country-Code-Real
X-ServerID
X-Is-Gdpr
X-Cache-Bucket
X-Backend-TTL
X-GEO
Release
X-JWT-State
X-TrackingId
X-Thinkindot-L3
X-Policy
X-FTR-Backend
X-FTR-Realm
X-Tumblr-Pixel-3
X-Generated-In
X-FTR-Cache-Status
X-FTR-DC
X-Has-Esi
X-GeoIP-City
X-FTR-Backend-Server
X-FTR-Balancer
X-Instrumentation
X-Server-Lifecycle-Phase
X-Ratelimit-Remaining
X-Kraken-Routeconfig-Destination
X-Kraken-Loop-Name
X-Unique-Id
X-Request-URI
X-Rebelmouse-Surrogate-Control
X-Varnish-CookieINHashed-On
X-Varnish-CookieHashed-On
True-Client-Country-4JS
X-Backend-State
X-SVT-ORM-VERSION
Sever-Int
Server-Hostname
Server-Ext
X-SVT-ORM-RULES
X-Skip-Cache
Vix-Hermes-Req-Id
X-Variation
X-User
X-Rebelmouse-Cache-Control
X-SIPLIST1
X-Scheme
X-Origin
X-Dispatcher-Server
X-VG-TLSProxy
X-DPWN-IS-SECURE
X-IP
X-HS-Content-Campaign-Id
X-DefHash
X-VarnishDD-TTL
X-Developer
X-Envoy-Decorator-Operation
X-HN
X-Irp-Debug
X-Fastly-Cache
X-Var-Ttl
X-Fastly-Backend
Fastly-Backend-Name
X-Epic-Correlation-Id
X-GeoIP
X-DefElseHash
Esi-Enabled
X-Cache-Debug
X-Cache-Info
X-Cache-Tags
X-Branch-Name
X-Node-Id
X-Platform-Server
X-Origin-Expires
X-NU-AKA-ACS-Version
X-Nginx-Cache-Key
X-Mvc-Supplant-Cachable
X-Method
X-Csrf-Jwt
X-Varnish-Remaining-TTL
X-Micro-Cache
X-Varnish-Hits
X-CGP
X-Clientip
X-Ratelimit-Reset
X-Eu-Site
CDN-EdgeStorageId
X-B3-Traceid
HA-Ipaddr
Is-Eu
IsBot
L5d-Success-Class
L
Ha-Gx-Prefs
CDN-PullZone
CDN-Uid
Fastly-SIE
Cf-Bgj
Apple-News-Services-Parsed-Url
CDN-RequestId
CDN-RequestCountryCode
Fastly-SWR
CDN-CachedAt
CDN-Cache
PFcat
Apple-News-Services-Handled
CDCHOST
C-Via
Platform
Apple-News-Services-Host
Apple-News-Services-Request-Url
Origin
Adler-Geo
Locid
Location
X-EC-Lua
NGX
NM-Fastcgi-Cache
DSUID
X-DynaTrace-JS-Agent
X-Amz-Meta-S3cmd-Attrs
User-Cache-Control
X-NewRelic-App-Data
X-Esi-Check
X-Old-Content-Length
X-Origin-Response-Time
X-Request-Host
X-Fmm-Version
X-Tb
X-VServer
X-Gen-Mode
Web-Mar-Node
X-Generated-By
X-Hnp-Log
X-WADP-Cache
X-Gamma-Serve
X-Wikidot-Backend
X-LI-UUID
X-Hash
X-Planisys-CDN-Cache
X-LB-ID
X-Block-Status
X-Gzip
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Wikidot-Static-Cache
X-Li-Pop
X-Planisys-CDN-Rules
X-GoCache-CacheStatus
X-Loc
X-Planisys-CDN-TTL
X-Li-Fabric
Fastly-Drupal-HTML
X-Aicache-OS
X-Cache-Id
On-Server
Rt-Fastcgi-Cache
X-Clara-WADP
X-ID
X-Sucuri-ID
Cmsid
Xc-Version
X-Varnish-Url
X-Swa-Ws
X-Servername
Cmstype
Req-Svc-Chain
X-Slack-Backend
X-Air-Hostname
X-FTR-Expires
Pics-Label
X-Served-From
Kp-EeAlive
X-Mvc-Supplant-OutputCached
X-Via-Poph
Svr
X-Via-Popn
X-Via-Popv
X-PF-Uncompressing
X-APP-VERSION
X-Vgn-Hpd-Reason
X-Refresh
Tracecode
A
X-Cdn-Forward
Url
M-TraceId
Viewtype
VivaBuild
Instruction
SR-User-Adfree
X-Cache-Var-Map
SID
X-Cache-Var
X-PHP-Backend
X-SaId
X-NGENIX-Cache
X-JoinUs
Cache-Key
X-CUA
X-Edge-Location
Arc-Country
Cross-Origin-Opener-Policy
X-CDN-Forward
TDXMobile
Lfy
X-DC
MIME-Version
X-Matched-Rule
X-NC
Geo-Info
X-Tb-Optimization-Total-Bytes-Saved
X-Cache-Expires
X-Sn-Servicetimems
CloudFront-Viewer-Country
X-Vc
X-Cdn-Origin
DataCenter
X-TraceId
NtCoent-Length
Sid
X-Srv
Pramga
X-Servedbyhost
X-Cache-Backend
X-NCache
X-Service
Server-ID
Content-Secure-Policy
X-Extlb
X-Core-Mission
X-Webkit-CSP-Report-Only
X-Cache-Date
X-Wa
X-Internal-Host
X-CLOUD-TRACE-CONTEXT
X-Cache-Ttl
X-Bc-Bl
X-Request-Start
X-Forwarded-Site
Tcn
Source
X-Newrelic-Synthetics
Surrogated-Key
GeoIp-Country-Code
X-Error
X-HS-Status
Geoip-Latitude
X-LI-Proto
X-B3-Spanid
Memcached
X-Proxy-Upstream
X-Req
LB
FSS-Cache
X-Via-NSCOPI
X-FireWall-Protection
X-Accel-Expires-Debug
Resin-Trace
We-Hiring
X-Geo
Mail-Subject
X-Vcl-Version
X-Esi
X-Varnish-Cacheable
X-Date
X-VC-Cache
Upgrade-Insecure-Requests
Hostname
CACHE
X-VHOST
Server-Ttl
X-Viewer-Country
Env
X-RateLimit-Remaining-Second
X-Rocket-Build-Number
X-Sigma
X-VCL-Version
X-Sigma-Backend
X-Response-By
X-Air-Source
X-RateLimit-Limit-Second
X-PJAX-URL
X-HOST
Xkeyi7
X-Li-Proto
X-ZONE
X-Men
X-CCDN-Origin-Time
X-Hcs-Proxy-Type
Time
X-CCDN-CacheTTL
X-App
Request-ID
X-MSEdge-Features
X-Proxy-Cachei7
GeoIP-Latitude
GeoIP-Country-Code
Memory
X-MSEdge-Flight
X-LiteSpeed-Cache-Control
X-DI
X-DB
X-DW
X-DSS
X-RPS
X-RSL
X-RPM
X-TIM-N
X-APP
X-Mg-Request-UUID
CF-Cached-On
HitType
X-BBXSRF
N-Cache
X-Zone
CPC-Cache
VNS-Age
CPC-Age
X-RAMCache
X-WA
X-Cs
X-Cache-2
VNS-Cache
XServer
My-App
State
D-Cc-Upstream
X-Cc-Req-Id
X-Cc-Via
Fastcgi-Cache-TTL
X-Cache-ASPX
X-Action
X-Air-Trace-Id
X-UA
X-Svr
ProcessTime
X-Varnish-Authentication
X-Contensis-Viewer-Groups
S-Rt
X-ServedByHost
X-HostName
X-FPC
X-Minions-Version
Server-Id
X-Oss-Cdn-Auth
X-Region-Sid
X-Provided-By
X-Cache-Type
X-Swift-Error
X-Dynatrace-Js-Agent
Cache-Provider
X-API-Version
X-Origin-Time
Mime-Version
X-Gdpr
X-Nyt-Route
X-Server-IP
X-FORWARDED-FOR
X-Depends-On
X-Fpc
W
X-CF-Powered-By
X-Cache-Config
Srv
Cteonnt-Length
X-Cache-Remote
X-Cdn-Request-ID
Cf-Ipcountry
Cross-Origin-Window-Policy
X-CSRF-TOKEN
X-UnsetCookies
X-TIME
Ohc-File-Size
X-Sucuri-Cache
X-Erf-Stays-Bingo-Pdp-Web
CDN
X-BACKEND-TTL
X-URL
X-Dw-Trace-Id
OT-Force-Account-Verify
X-Xrds-Location
X-Akamai-Pragma-Client-IP
X-ServerName
X-Client-Ip
Proxy-Connection
X-Tenant
X-Hello
X-Shop-Environment
Cdn
X-Parent-Response-Time
X-Flog
X-ABtesting
X-ND-Cache
X-NodeID
X-Check-Cacheable
X-VC
X-Forwarded-Path
X-Orig-Expires
X-Fastly-Request-Id
X-SN
X-Ftr-Cache-Host
Ohc-Cache-HIT
WZWS-RAY
X-Presslabs-Stats
X-Cluster-Node
X-Oracle-DMS-ECID
X-SB
Vha6-Origin
X-Pad
X-SD-PageType
X-Webstats-RespID
Dnion-Transfer-Encoding
X-Fastly-Backend-Reqs
X-NGINX-Cache
X-Snapshot-Date
Media-Length
X-Traceid
X-Pf-Uncompressing
X-Host-Name
X-Via-PopH
X-Air-Pt
X-LiteSpeed-Tag
X-Ftr-Request-Id
X-Via-PopN
X-BBC-Edge-Cache-Status
Datacenter
X-ElasticPress-Search
PICS-Label
Epwk-X-Cache
X-Via-PopV
Warning
X-Vcache
X-BBC-Origin-Response-Status
X-Request-URL
X-Acquia-Application-UUID
X-Acquia-Purge-Tags
X-Varnish-Beresp-TTL
X-IN-APIGATEWAYSSL
X-Pjax-Url
X-Conf
X-Cache-Tag
X-Akamai-ERRuleID
X-Acquia-Application-Trace
X-IN-APIGATEWAY
X-Acquia-Site
X-Varnish-URL
X-Lb-Id
X-MiniProfiler-Ids
Xet-Cookie
X-Akamai-ERPolicy
X-Ms-Meta-Staticbatchstarttime
EpKe-Alive
X-Ms-Meta-Originalurl
X-Render-Time
CountryCode
URI
X-Tid
X-Redis-Count
X-Yottaa-OS
X-C
X-Mg-Request-Id
Inserted-Into-Cache-At
Phost
X-Apw-Hits
X-Amz-Meta-Cb-Modifiedtime
Content-Script-Type
X-B3-Parentspanid
X-Litespeed-Cache-Control
Environment
Ohc-Response-Time
Content-Style-Type
X-Debug-Cache-Store
X-Redis-Duration-Ms
X-Cache-Status-Check
X-Apw-Access-Token
X-Apw-Access-Object
NnCoection
X-Apw-Access-Action
X-Debug-Cache-Fetch