Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-RAY
CF-Cache-Status
Accept-Ranges
Link
X-XSS-Protection
Pragma
ETag
Expect-CT
X-Powered-By
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
P3P
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
Alt-Svc
X-UA-Compatible
X-Served-By
X-Timer
X-Request-Id
X-Download-Options
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Xss-Protection
Access-Control-Allow-Credentials
X-Runtime
X-AspNet-Version
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Permitted-Cross-Domain-Policies
X-Check
X-Cache-Status
X-Generator
X-DNS-Prefetch-Control
X-Cacheable
Timing-Allow-Origin
X-Content-Security-Policy
X-FRAME-OPTIONS
X-Iinfo
X-Ua-Compatible
Content-Encoding
X-CDN
Feature-Policy
X-AspNetMvc-Version
Status
X-Request-ID
X-Envoy-Upstream-Service-Time
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
Upgrade
Access-Control-Max-Age
X-Via
Keep-Alive
X-Ws-Request-Id
X-Age
X-AH-Environment
X-Robots-Tag
Request-Context
X-Turbo-Charged-By
EagleId
X-Cache-Group
X-Proxy-Cache
Server-Timing
X-Server
X-Backend
X-Hacker
Host-Header
X-Server-Powered-By
Report-To
X-Amz-Request-Id
X-Nginx-Cache-Status
Grace
X-Amz-Id-2
X-UA-Device
X-Dns-Prefetch-Control
X-Rq
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
P3p
Ali-Swift-Global-Savetime
X-LiteSpeed-Cache
X-Page-Speed
Cf-Railgun
X-Pingback
X-OneAgent-JS-Injection
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Device
X-CST
NEL
X-Amz-Version-Id
X-Cache-Spec
Allow
X-Vhost
X-Backend-Server
X-Host
X-WebKit-CSP
X-Server-Id
X-ASPNET-VERSION
X-Dispatcher
Xkey
Surrogate-Control
EagleEye-TraceId
X-Node
Request-Id
X-Response-Time
Content-Location
X-Akam-SW-Version
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Accept-CH
X-Ruxit-JS-Agent
X-Cache-Lookup
X-Application-Context
X-Country
X-Ac
X-Mod-Pagespeed
X-Cloud-Trace-Context
X-Readtime
Accept-CH-Lifetime
X-Template
X-Language
X-B3-TraceId
Accept-Ch-Lifetime
MS-Author-Via
X-HW
Rating
X-Url
Accept-Ch
X-Cnection
X-MS-InvokeApp
X-Origin-Cache
X-PC
X-TtlSet
X-Vname
Edge-Control
X-Clacks-Overhead
X-ESI
X-GitHub-Request-Id
X-Trace
X-Webkit-CSP
X-Sol
X-Middleton-Display
X-Middleton-Response
Response
Pagespeed
Display
X-D2id
X-Content-Type
Verso
Arr-Disable-Session-Affinity
X-Exp-Variant
X-Exp-Id
X-Cdn-Fetch
X-Kinja
X-GoogleNews-Bot
X-Use-Magma
X-Kinja-Server
X-Kinja-Revision
X-Kinja-Build
X-Vcap-Request-Id
X-Powered-By-Plesk
X-Country-Code
X-ORACLE-DMS-RID
X-Goog-Hash
X-Rack-Cache
X-Varnish-TTL
X-ORACLE-DMS-ECID
X-Navigation-Version
X-VARITI-CCR
X-TTL
X-Server-Name
X-FastCGI-Cache
X-Abt-Application-Version
X-Amz-Rid
Service-Worker-Allowed
X-Fastly-Request-ID
Fastly-Restarts
X-Client-IP
X-Cached
X-Buckets
X-MSEdge-Ref
X-Release
X-Cache-TTL
X-Element-Page-Cache
X-Dw-Request-Base-Id
X-NF-Request-ID
X-B3-TraceId-Primal
Mrf-Cache-Status
MRF-Tech
Cache-Tag
SPRequestGuid
X-SharePointHealthScore
Public-Key-Pins
Access-Control-Request-Method
RTSS
SPRequestDuration
SPIisLatency
X-Oneagent-Js-Injection
AR-Request-ID
AR-ATIME
AR-PoweredBy
AR-CACHE
Ar-Sid
X-Edge
X-Ezoic-Cdn
X-Pinterest-Rid
Pinterest-Generated-By
X-LLID
X-Powered-CMS
Pinterest-Version
X-Upstream
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Version
S
Content-MD5
X-Jurisdiction
X-HP-Webp
X-Recruiting
X-MCACHE
X-ECACHE
X-Mid
Charset
X-Kinsta-Cache
X-Mg-S
X-Origin-Upstream-Status
X-DynaTrace
X-PressLabs-Stats
X-T
Cache-Tags
X-Content-Digest
Fusion-Deployment-Id
Fusion-Content-Id
Fusion-Component-Id
Fusion-Template-Id
Fusion-Content-Source
Fusion-Source
X-Ttl
X-Ruxit-Js-Agent
X-Accel-Expires
X-Px
Fastcgi-Cache
X-Forwarded-Proto
X-Id
X-Content-Security-Policy-Report-Only
X-Logged-In
Filters
TP-Cache
Server-Node
TP-L2-Cache
X-Litespeed-Cache
TCN
Edge-Cache-Tag
Server-Name
X-Amz-Server-Side-Encryption
Front-End-Https
X-Forwarded-For
MicrosoftSharePointTeamServices
X-Grace
X-Request-Received
X-Request-Processing-Time
Nginx-Cache
X-Fastcgi-Cache
X-Hits
X-Shield-Request-Id
X-Amzn-Trace-Id
X-B3-Sampled
X-Correlation-Id
Alternate-Protocol
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Request-Handler-Origin-Region
X-XRDS-Location
X-Microsite
X-Activity-Id
X-Az
X-AppVersion
X-Debug
X-Varnish-Age
X-F-Cache
X-HS-Content-Id
X-HS-Cache-Config
X-Amz-Replication-Status
X-HS-Hub-Id
X-HS-Combine-CSS
X-Server-ID
X-Origin-Server
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-NWS-LOG-UUID
X-GUploader-UploadID
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Storage-Class
X-Yandex-Sdch-Disable
Surrogate-Key
X-Frontend
X-Rid
X-Geo-Country
X-Cache-Age
Host
X-DIS-Request-ID
Section-Io-Cache
Accept-Charset
Nel
X-Ser
X-Hostname
X-Git-Hash
Realpath
X-XRDS-LOCATION
X-Daa-Tunnel
X-VCache
X-Respond-Thread
Access-Control-Allow-Method
X-Mobile-URL
MS-CV
X-Upgrade-Enabled
X-Source
X-Seen-By
X-RateLimit-Remaining
X-DataDome
X-Time
Paypal-Debug-Id
Cleartype
X-AOL-HN
X-LB-Cache
ServerID
X-Type
X-TT
Payment
X-IPLB-Instance
X-Varnish-Backend
Healthy
X-Cache-Key
X-B-Cache
X-Debug-Info
X-Cache-Action
X-Signature
X-Content-Options
X-Is-Crawler
X-Flags
X-Aspnet-Duration-Ms
X-Contextid
X-Providence-Cookie
X-Whom
X-Route-Name
X-Request-Guid
X-App-Environment
X-Page-Id
X-Load-Cache
Cache
Fastcgi-Useragent
X-N
X-WebKit-CSP-Report-Only
X-FB-Debug
X-Jobs
Node
X-Browser-Type
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Mobile
X-FTR-Request-ID
X-Webkit-Csp
X-Rule
X-Cache-Expired-At
Refresh
Viewport
X-Accel-Buffering
X-Response-Served-From
X-Original-Request-Id
X-Wix-Request-Id
DC
X-FireWall-Port
X-RTag
Ms-Operation-Id
X-Content-Powered-By
X-Tec-Api-Origin
X-Cacheable-TTL
X-Cluster-Name
X-Tec-Api-Version
X-Tec-Api-Root
Access-Control-Request-Headers
X-Zen-Fury
X-Drupal-Cache-Tags
X-B
X-Framework
X-Distributor
Version
X-Real-IP
X-ProcessESI
X-RemovedCookies
X-HTML-Minification-Powered-By
X-Instance
X-IPS-LoggedIn
Eomportal-Instance
X-Region
X-UUID
VIX-Pulpo-Node
Referer-Policy
VIX-Pulpo-Upstream-Status
X-Cache-Time
X-Cache-Control
X-Proxy
X-Tt-Trace-Host
X-Page-View
X-Tt-Trace-Tag
Countrycode
X-Drupal-Cache-Contexts
X-Debug-IsPreview
X-Pinterest-Direct
X-Debug-IsConnected
X-FW-Type
X-FW-Server
X-FW-Dynamic
X-FW-Serve
X-FW-Static
X-Www-Served-By
X-FW-Hash
Powered-By-ChinaCache
X-Cached-By
X-Nginx-Cache
X-G
X-App-Server
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
X-Tumblr-User
Xserver
X-Protected-By
X-Cache-Rule
X-Tumblr-Pixel
X-Cache-Operation
Liferay-Portal
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Via-JSL
X-Akamai-Edgescape
X-Environment-Context
X-Cache-Hit
X-L-Path
SRV
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
Section-Io-Id
Section-Io-Origin-Status
X-Pass-Why
X-Varnish-Grace
X-Device-Type
X-Varnish-Ttl
Server-Info
DynaTrace
GEO-INFO
CF-IPCountry
X-User-Agent
X-Adobe-Content
X-Adobe-Loc
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
Cache-Status
X-TA-CDN-Provider
X-Varnish-Server
From-Origin
X-Tumblr-Pixel-2
Retry-After
Webserver
Frame-Options
X-Mode
Ec-Rule-Version
X-Handled-By
X-RN-RSRV
X-Hl-Ver
X-ES-SERVER
X-UPSTREAM-Address
X-Endurance-Cache-Level
Meta-Geo
X-Backend-Name
Cache-Tv-Group
X-FB-TRIP-ID
X-Storage
X-Section
Property-Id
TWC-Privacy
Webcakes-App-Name
Webcakes-App-Version
Webcakes-Region
X-Access
TWC-Locale-Group
X-Soup
TWC-Device-Class
TWC-GeoIP-Country
TWC-GeoIP-LatLong
TWC-Connection-Speed
X-Be
X-Format
X-Request-Time
X-Pubstack
Apigw-Requestid
X-NYM-Debug-Backend
X-PCL
X-Origin-Hint
X-OCL
X-MP-GENERATED-AT
X-Cache-Server
X-ProxyCache-Status
Fastly-SSL
X-Varnishpool
X-ProxyCache-Key
Country
X-Uri
X-BYPASS-REASON
X-Info
Cache-Name
Decoy-Debug-TTL
X-ApacheServer
X-AWS-Id
Decoy-Debug-Status
Decoy-Debug-Key
X-Human
Selected-Fe
Mn-Server-Ip
X-Proxy-Build
X-PHP-Host
X-PERF
X-UA-Device-Type
X-Timing-Wait
X-Proto
X-R9-Blue-Green-Version
X-WA-Info
X-VWS-Id
X-Via-Fastly
X-Ratelimit-Limit
X-S-Maxage
X-Server-W
X-Origin-Date
X-No-Session
X-Labrador-Cache-Channel
X-LJ-Flow-ID
X-Sql-Count
Azure-Version
Azure-RegionName
Azure-SiteName
Azure-SlotName
X-Sql-Duration-Ms
X-Zipkin-Id
X-Say-TTL
X-Say-Cacheable
X-TNCMS
X-SayCDN-TTL
X-Routing-Service
Protected
X-Xfnlog-Site
Azure-InstanceId
X-Proxied
Uber-Trace-Id
X-GG-Cache-Date
X-LAGOON
X-Proxy-Cache-Status
X-Loop
X-Web-Node
X-Cache-TTL-Remaining
X-Hyper-Cache
X-Storefront-Renderer-Rendered
X-Hosted-By
X-Sorting-Hat-ShopId
X-Status
X-Sorting-Hat-PodId
X-Alternate-Cache-Key
X-ShardId
X-ShopId
X-Shopify-Stage
X-Redis-Cache
X-Locale
X-Cache-Enabled
X-FW-Version
X-Site-Version
X-Content-Age
X-Rendered-As
X-Is-Bot
X-Backend-Host
X-Cluster
X-Microcachable
X-NWS-UUID-VERIFY
X-Azure-Ref
S-Cnection
AMP-Access-Control-Allow-Source-Origin
X-Forwarded-Host
X-AIR-PT
X-Cache-Grace
X-SRV
X-Correlation-ID
X-Dc
Amp-Access-Control-Allow-Source-Origin
X-TT-LOGID
X-Qloud-Router
X-App-Version
X-Platform
X-CSRF-Token
X-Revision
X-Node-Name
Akamai-GRN
X-Trace-Id
X-Via-CDN
ServedBy
Cache-Hits
X-Cache-NGX
X-Cache-PHP
X-EdgeConnect-Cache-Status
X-Ratelimit-Remaining
X-Varnish-Hostname
X-CCM
X-ATG-Version
X-Aspnetmvc-Version
X-Debug-Cache
X-RCS-CacheZone
X-Cache-Host
X-Detected-As
X-B3-SpanId
X-Amzn-RequestId
X-Amzn-Remapped-Content-Length
X-Amz-Apigw-Id
DB-Nickname
X-Akamai-Transformed
X-TX-ID
Who
Country-Code
X-Nc
X-CS
X-Adobe-Source
HostName
X-BCube-Filmed-By
SD-X-WS
Filterid
X-Oss-Object-Type
X-Oss-Request-Id
X-Oss-Hash-Crc64ecma
X-CACHE-KEY
X-Oss-Storage-Class
X-Oss-Server-Time
X-Country-Code-Real
X-FTR-Balancer
X-FTR-Backend
X-Varnish-Beresp-Grace
X-FTR-Realm
X-FTR-DC
X-FTR-Backend-Server
X-FTR-Cache-Status
X-RateLimit-Limit
X-Ms-Request-Id
X-Time-Microsecs
X-Ms-Version
X-A-Ccd
X-Connection-Hash
X-B-Cookie
X-D
X-Destination
X-Location
X-NAPM-TraceId
BehaviorPad-Version
X-Cache-NE
X-A-Dam
X-A
X-CF-Lambda-Fn
X-Level-Front-Cache
X-CF-Lambda-Version
X-Application
X-A-Wwc
X-External-Request-Id
X-Generation-Time
X-A-Dgt
X-Generated-On
X-From
Expiry
X-Aed
X-Varnish-Beresp-Ttl
X-ARC
Fastcgi-X-Cache-Version
DCR-Decision-By
X-Varnish-Cache-Hits
DCR-Processing-Time-Ms
X-A-Dcw
X-Origin-CC
MD5-Digest
X-Processor
X-Session-Fingerprint
Meta-Geo-Continent
X-SRCache-Key
X-PAYTM-SRV-ID
X-PBS-Appsvrname
T-Server
X-ScT
X-Request-UUID
X-Rewrite-Enabled
X-Rojux
Machine
X-S-Cookie
X-S
X-Magnolia-Registration
Mobile-Detection-Method
X-VG-WebServer
X-VG-WebCache
X-Vtex-Processado-Em
X-Origin-TTL
X-Vtex-Remote-Cache
X-Vdms-Path
X-Vdms-Version
X-Trv-Group
X-Owner
Odigeo-Trace-Id
Rendered-Blocks
X-Unique-ID
X-Varnish-Beresp-Status
X-Backend-TTL
X-ServerID
X-EC-Lua
Backend
Path
X-OVcl-Cache
Host-ID
Cf-Device-Type
Pagetype
Release
Wxu-Next-Hostname
Content-Disposition
X-Device-Os
Wxu-Next-Commit
X-Developers
X-Azure-Ref-OriginShield
PB-PID
X-Bip
Arc-Version
Cache-Host
CacheControlHeader
X-Cache-Bucket
UCS
PB-RID
V-Age
X-Core-Value
X-Cms-Context
AKAMAI
X-OVcl
X-Has-Esi
Server-Host
Thinkindot-CacheControl
X-Is-Gdpr
X-Policy
Thinkindot-CacheControl-Type
Thinkindot-Control
X-DynaTrace-JS-Agent
Magicmarker
X-Amz-Meta-S3cmd-Attrs
Fastly-Backend-Name
X-GeoIP-City
X-Reqid
X-Geo-Header
Ssr
X-Generated-In
X-JWT-State
X-Thinkindot-L3
X-TrackingId
X-GEO
X-Tumblr-Pixel-3
Gh-Request-Id
X-Thanos
Wxu-Next-Region
X-Fetched-On
X-FC-Vary-Parameters
X-Unique-Id
Server-Ext
X-Branch-Name
Sever-Int
True-Client-Country-4JS
X-Backend-State
Server-Hostname
Vix-Hermes-Req-Id
X-Irp-Debug
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Request-URI
X-Scheme
X-SIPLIST1
X-Ratelimit-Reset
X-Platform-Server
X-Node-Id
X-Nginx-Cache-Key
X-NU-AKA-ACS-Version
X-Origin
X-Origin-Expires
X-Skip-Cache
X-SVT-ORM-RULES
X-Varnish-Remaining-TTL
X-Varnish-Hits
X-VarnishDD-TTL
X-VG-TLSProxy
X-VServer
X-Varnish-CookieINHashed-On
X-Varnish-CookieHashed-On
X-SVT-ORM-VERSION
X-User
X-Var-Ttl
X-Variation
X-Mvc-Supplant-Cachable
X-Micro-Cache
X-Dispatcher-Server
X-Developer
X-DPWN-IS-SECURE
X-Envoy-Decorator-Operation
X-Epic-Correlation-Id
X-DefHash
X-DefElseHash
X-Cache-Info
X-Cache-Tags
X-CGP
X-Clientip
X-Eu-Site
X-Fastly-Backend
X-Li-Fabric
Platform
X-Li-Pop
X-LI-UUID
X-Method
X-IP
X-HS-Content-Campaign-Id
X-Fastly-Cache
X-GeoIP
X-GoCache-CacheStatus
X-HN
X-Cache-Debug
X-Csrf-Jwt
Cf-Bgj
CDN-Uid
CDN-RequestId
CDN-RequestCountryCode
DSUID
Esi-Enabled
Ha-Gx-Prefs
Fastly-SWR
Fastly-SIE
CDN-PullZone
CDN-EdgeStorageId
X-B3-Traceid
Apple-News-Services-Host
Apple-News-Services-Handled
Adler-Geo
Apple-News-Services-Request-Url
C-Via
CDN-CachedAt
CDN-Cache
CDCHOST
HA-Ipaddr
Apple-News-Services-Parsed-Url
L5d-Success-Class
L
Location
NGX
Locid
PFcat
On-Server
Origin
NM-Fastcgi-Cache
Is-Eu
IsBot
X-NewRelic-App-Data
X-Cdn-Forward
X-FTR-Expires
X-Sucuri-ID
X-Tb
User-Cache-Control
X-APP-VERSION
NGB
X-Swa-Ws
X-WADP-Cache
X-Esi-Check
X-Clara-WADP
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-Gen-Mode
X-LB-ID
X-Hnp-Log
X-Origin-Response-Time
X-Old-Content-Length
X-Loc
X-Hash
X-Gzip
X-Gamma-Serve
X-Request-Host
Rt-Fastcgi-Cache
X-Generated-By
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Fmm-Version
X-Air-Hostname
Xc-Version
X-Block-Status
Fastly-Drupal-HTML
X-Aicache-OS
Web-Mar-Node
X-Cache-Id
X-ID
X-Slack-Backend
X-Planisys-CDN-Rules
Tracecode
X-HOST
X-Planisys-CDN-TTL
X-Planisys-CDN-Cache
X-Varnish-Url
X-Servername
X-Via-Poph
X-Edge-Location-Klb
X-Via-Popv
Cmsid
X-PF-Uncompressing
X-Mvc-Supplant-OutputCached
Req-Svc-Chain
X-Via-Popn
Cmstype
X-Kraken-Routeconfig-Destination
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
X-Instrumentation
Instruction
Url
SR-User-Adfree
Svr
Kp-EeAlive
X-Refresh
Pics-Label
X-Cache-Var-Map
X-Cache-Var
X-Served-From
X-Vgn-Hpd-Reason
A
X-CUA
Sid
M-TraceId
Lfy
Viewtype
VivaBuild
X-Matched-Rule
X-TraceId
Arc-Country
X-PHP-Backend
Cache-Key
Geo-Info
Cross-Origin-Opener-Policy
X-Cache-Expires
X-Cdn-Origin
X-SaId
X-Sn-Servicetimems
CloudFront-Viewer-Country
X-JoinUs
X-Webkit-CSP-Report-Only
X-NGENIX-Cache
X-Edge-Location
X-Cache-Backend
X-NCache
MIME-Version
X-Tb-Optimization-Total-Bytes-Saved
TDXMobile
Pramga
DataCenter
SID
X-Vc
X-Srv
X-DC
X-Cache-Date
X-Core-Mission
X-NC
Content-Secure-Policy
X-CLOUD-TRACE-CONTEXT
NtCoent-Length
X-Service
X-Request-Start
X-Servedbyhost
Server-ID
X-Extlb
X-CDN-Forward
X-Wa
X-Internal-Host
X-Bc-Bl
Tcn
GeoIp-Country-Code
Source
X-Error
X-FireWall-Protection
Geoip-Latitude
X-Varnish-Cacheable
X-Vcl-Version
X-Forwarded-Site
X-LI-Proto
FSS-Cache
X-HS-Status
X-B3-Spanid
X-Req
X-Proxy-Upstream
X-Response-By
Memcached
X-Air-Source
LB
X-Geo
Surrogated-Key
X-Via-NSCOPI
X-Esi
X-VHOST
CACHE
X-Newrelic-Synthetics
X-Li-Proto
Mail-Subject
We-Hiring
X-Accel-Expires-Debug
Xkeyi7
X-PJAX-URL
Resin-Trace
X-Proxy-Cachei7
X-Date
X-VC-Cache
X-LiteSpeed-Cache-Control
Upgrade-Insecure-Requests
X-Hcs-Proxy-Type
X-CCDN-Origin-Time
X-CCDN-CacheTTL
Hostname
X-RateLimit-Remaining-Second
X-Sigma
X-Sigma-Backend
X-App
Server-Ttl
X-VCL-Version
X-BBXSRF
Request-ID
X-Viewer-Country
GeoIP-Country-Code
HitType
GeoIP-Latitude
X-RateLimit-Limit-Second
N-Cache
X-Rocket-Build-Number
Env
X-Cs
CF-Cached-On
X-WA
X-RPS
Time
X-TIM-N
X-DB
X-RPM
X-RSL
X-Cache-2
X-RAMCache
X-Men
X-DSS
X-DW
X-MSEdge-Flight
X-MSEdge-Features
Memory
X-DI
X-ZONE
X-Cc-Req-Id
X-Zone
S-Rt
X-Cache-ASPX
D-Cc-Upstream
X-Varnish-Authentication
X-Contensis-Viewer-Groups
X-Svr
X-APP
X-ServedByHost
X-Cc-Via
XServer
Server-Id
ProcessTime
X-Mg-Request-UUID
X-Air-Trace-Id
X-Action
CPC-Age
CPC-Cache
X-UA
VNS-Age
VNS-Cache
X-Cache-Remote
X-HostName
Cteonnt-Length
X-TIME
X-FPC
Mime-Version
X-Region-Sid
X-Nyt-Route
X-Oss-Cdn-Auth
X-Origin-Time
X-API-Version
My-App
X-Server-IP
Fastcgi-Cache-TTL
X-Cache-Config
State
X-Fpc
X-Gdpr
Cross-Origin-Window-Policy
Ohc-File-Size
X-Sucuri-Cache
X-Dynatrace-Js-Agent
X-Swift-Error
X-Provided-By
X-Depends-On
W
X-CF-Powered-By
Cache-Provider
X-FORWARDED-FOR
X-Minions-Version
X-Akamai-Pragma-Client-IP
Srv
X-Cdn-Request-ID
X-Check-Cacheable
CDN
X-Dw-Trace-Id
X-Cache-Type
X-CSRF-TOKEN
X-Ftr-Cache-Host
X-UnsetCookies
X-VC
X-URL
X-SN
X-NodeID
X-Erf-Stays-Bingo-Pdp-Web
X-BACKEND-TTL
X-Cache-Ttl
X-Host-Name
X-Client-Ip
X-ServerName
X-Xrds-Location
Ohc-Cache-HIT
Cf-Ipcountry
OT-Force-Account-Verify
Cdn
X-Hello
X-Flog
X-Webstats-RespID
X-SD-PageType
X-Fastly-Request-Id
X-ABtesting
Proxy-Connection
X-SB
X-Parent-Response-Time
Vha6-Origin
PICS-Label
Dnion-Transfer-Encoding
X-Pad
X-Snapshot-Date
X-BBC-Edge-Cache-Status
X-Fastly-Backend-Reqs
X-Tenant
X-Shop-Environment
X-Oracle-DMS-ECID
X-Orig-Expires
Media-Length
X-ND-Cache
X-Presslabs-Stats
X-NGINX-Cache
X-Pf-Uncompressing
X-Cluster-Node
X-Forwarded-Path
X-Render-Time
X-ElasticPress-Search
X-Air-Pt
WZWS-RAY
Epwk-X-Cache
X-Via-PopH
X-LiteSpeed-Tag
X-Via-PopV
EpKe-Alive
X-Cache-Tag
X-Via-PopN
X-Acquia-Application-Trace
X-Ftr-Request-Id
X-Acquia-Application-UUID
X-Acquia-Purge-Tags
Warning
X-Acquia-Site
X-Varnish-URL
X-Traceid
X-Akamai-ERPolicy
Xet-Cookie
X-Akamai-ERRuleID
X-Vcache
X-MiniProfiler-Ids
X-Lb-Id
X-Ms-Meta-Originalurl
X-Request-URL
X-Varnish-Beresp-TTL
X-Ms-Meta-Staticbatchstarttime
X-BBC-Origin-Response-Status
CountryCode
Datacenter
X-Ua
X-Cache-Status-Check
X-Worker
X-Apw-Hits
X-Apw-Access-Token
X-Storefront-Renderer-Verified
X-Pjax-Url
X-Conf
X-C
X-Yottaa-OS
X-Apw-Access-Object
X-ElasticPress-Query
X-Mg-Request-Id
Content-Style-Type
X-Tid
X-Amz-Meta-Cb-Modifiedtime
X-B3-Parentspanid
Processtime
Phost
X-Debug-Cache-Fetch
Inserted-Into-Cache-At
Ohc-Response-Time
NnCoection
X-Auto-Login
Environment
Content-Script-Type
X-Debug-Cache-Store
X-Redis-Count
X-Redis-Duration-Ms
URI
X-Litespeed-Cache-Control
X-Apw-Access-Action