Threat Level: green Handler on Duty: Renato Marinho

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-RAY
CF-Cache-Status
Accept-Ranges
Link
X-XSS-Protection
Pragma
ETag
Expect-CT
X-Powered-By
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
P3P
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
Alt-Svc
X-UA-Compatible
X-Served-By
X-Timer
X-Request-Id
X-Download-Options
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Xss-Protection
Access-Control-Allow-Credentials
X-Runtime
X-AspNet-Version
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Permitted-Cross-Domain-Policies
X-Check
X-Cache-Status
X-Generator
X-DNS-Prefetch-Control
X-Cacheable
Timing-Allow-Origin
X-FRAME-OPTIONS
X-Content-Security-Policy
X-Ua-Compatible
X-Iinfo
Content-Encoding
X-CDN
X-Request-ID
Feature-Policy
X-AspNetMvc-Version
Status
X-Envoy-Upstream-Service-Time
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
Upgrade
Access-Control-Max-Age
X-Via
Keep-Alive
X-Ws-Request-Id
X-AH-Environment
X-Age
X-Robots-Tag
Request-Context
EagleId
X-Turbo-Charged-By
X-Cache-Group
X-Proxy-Cache
Server-Timing
X-Server
X-Backend
X-Hacker
Host-Header
X-Server-Powered-By
Report-To
X-Amz-Request-Id
X-Nginx-Cache-Status
Grace
X-Amz-Id-2
X-UA-Device
X-Dns-Prefetch-Control
X-Rq
P3p
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-LiteSpeed-Cache
X-Page-Speed
X-OneAgent-JS-Injection
Cf-Railgun
X-Pingback
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Device
X-CST
X-Amz-Version-Id
NEL
X-Cache-Spec
Allow
X-Vhost
X-Backend-Server
X-WebKit-CSP
X-ASPNET-VERSION
X-Host
X-Server-Id
X-Dispatcher
Surrogate-Control
X-Node
EagleEye-TraceId
Xkey
Request-Id
X-Response-Time
Content-Location
X-Akam-SW-Version
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Accept-CH
X-Ruxit-JS-Agent
X-Cache-Lookup
X-Application-Context
X-Country
X-Ac
Accept-CH-Lifetime
X-Mod-Pagespeed
X-Cloud-Trace-Context
X-Readtime
X-Template
X-Language
X-B3-TraceId
MS-Author-Via
X-HW
Rating
Accept-Ch-Lifetime
X-Url
X-Cnection
X-MS-InvokeApp
Accept-Ch
X-Origin-Cache
X-TtlSet
X-PC
X-Vname
Edge-Control
X-Clacks-Overhead
X-ESI
X-GitHub-Request-Id
X-Trace
X-Middleton-Response
X-D2id
X-Middleton-Display
Display
Pagespeed
Response
X-Sol
X-Content-Type
Verso
Arr-Disable-Session-Affinity
X-Exp-Id
X-Cdn-Fetch
X-GoogleNews-Bot
X-Kinja
X-Use-Magma
X-Kinja-Server
X-Kinja-Revision
X-Kinja-Build
X-Exp-Variant
X-Varnish-TTL
X-Powered-By-Plesk
X-Vcap-Request-Id
X-Country-Code
X-Goog-Hash
X-Rack-Cache
X-ORACLE-DMS-RID
X-TTL
X-FastCGI-Cache
X-Webkit-CSP
X-ORACLE-DMS-ECID
X-Navigation-Version
X-VARITI-CCR
X-Server-Name
X-Abt-Application-Version
X-Amz-Rid
Service-Worker-Allowed
Fastly-Restarts
X-Fastly-Request-ID
X-Client-IP
X-Cached
X-Buckets
X-MSEdge-Ref
X-Release
X-Cache-TTL
X-Element-Page-Cache
Cache-Tag
X-Dw-Request-Base-Id
X-NF-Request-ID
X-B3-TraceId-Primal
Mrf-Cache-Status
MRF-Tech
X-SharePointHealthScore
SPRequestGuid
Public-Key-Pins
Access-Control-Request-Method
RTSS
SPRequestDuration
SPIisLatency
Ar-Sid
AR-ATIME
AR-PoweredBy
AR-Request-ID
AR-CACHE
X-Edge
X-Ezoic-Cdn
X-LLID
X-Powered-CMS
X-Pinterest-Rid
Pinterest-Version
Pinterest-Generated-By
X-Upstream
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Version
S
Content-MD5
X-HP-Webp
X-Jurisdiction
X-Recruiting
X-ECACHE
X-Oneagent-Js-Injection
X-MCACHE
X-Kinsta-Cache
X-Mid
Charset
X-Mg-S
X-PressLabs-Stats
X-Origin-Upstream-Status
X-DynaTrace
X-T
Cache-Tags
X-Content-Digest
X-Accel-Expires
Fusion-Content-Id
Fusion-Component-Id
Fusion-Deployment-Id
Fusion-Source
Fusion-Content-Source
Fusion-Template-Id
X-Forwarded-Proto
Fastcgi-Cache
X-Px
X-Litespeed-Cache
X-Content-Security-Policy-Report-Only
X-Id
X-Logged-In
Filters
X-Ttl
TP-Cache
TP-L2-Cache
Server-Node
Edge-Cache-Tag
TCN
Server-Name
X-Ruxit-Js-Agent
X-Amz-Server-Side-Encryption
Front-End-Https
X-Forwarded-For
X-Request-Received
X-Request-Processing-Time
MicrosoftSharePointTeamServices
Nginx-Cache
X-Grace
X-Correlation-Id
X-Shield-Request-Id
X-Hits
X-B3-Sampled
X-Amzn-Trace-Id
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
Alternate-Protocol
X-Server-ID
X-Request-Handler-Origin-Region
X-Microsite
X-AppVersion
X-Az
X-Activity-Id
X-F-Cache
X-NWS-LOG-UUID
X-XRDS-Location
X-Fastcgi-Cache
X-Varnish-Age
X-HS-Hub-Id
X-HS-Cache-Config
X-Amz-Replication-Status
X-HS-Combine-CSS
X-HS-Content-Id
X-Debug
X-Origin-Server
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-GUploader-UploadID
X-Goog-Stored-Content-Length
X-Frontend
X-Rid
X-Yandex-Sdch-Disable
Nel
Surrogate-Key
Host
X-Geo-Country
X-Cache-Age
Section-Io-Cache
X-XRDS-LOCATION
X-DIS-Request-ID
X-Daa-Tunnel
Accept-Charset
Realpath
X-Ser
X-Hostname
X-Git-Hash
X-RateLimit-Remaining
X-VCache
Access-Control-Allow-Method
X-Mobile-URL
X-Respond-Thread
X-Source
X-Upgrade-Enabled
MS-CV
X-Seen-By
X-DataDome
ServerID
Cleartype
Paypal-Debug-Id
X-Type
X-AOL-HN
X-Time
X-LB-Cache
Payment
X-Varnish-Backend
X-Contextid
X-IPLB-Instance
Healthy
X-TT
X-Content-Options
X-Cache-Action
X-B-Cache
X-Signature
X-Debug-Info
X-Route-Name
X-Request-Guid
X-Flags
X-Aspnet-Duration-Ms
X-Providence-Cookie
X-Whom
X-Is-Crawler
X-Cache-Key
X-WebKit-CSP-Report-Only
X-Load-Cache
X-App-Environment
X-Page-Id
X-N
Fastcgi-Useragent
X-FB-Debug
Cache
X-Jobs
Node
X-Webkit-Csp
X-Rule
X-Mobile
X-Cache-Expired-At
X-Tec-Api-Version
X-Tec-Api-Root
X-Erf-Bev-Bev
X-Tec-Api-Origin
Refresh
X-Browser-Type
X-FTR-Request-ID
X-Erf-Bev-Bev-Is-Generated
X-Response-Served-From
X-Accel-Buffering
X-Original-Request-Id
X-FireWall-Port
X-Wix-Request-Id
Viewport
DC
Ms-Operation-Id
X-RTag
X-Cacheable-TTL
X-Content-Powered-By
X-Cluster-Name
Access-Control-Request-Headers
X-B
X-Drupal-Cache-Tags
X-Instance
X-Real-IP
X-Debug-IsConnected
X-ProcessESI
X-RemovedCookies
X-Zen-Fury
X-HTML-Minification-Powered-By
X-Distributor
X-Framework
Referer-Policy
X-Debug-IsPreview
X-IPS-LoggedIn
Version
Eomportal-Instance
X-Region
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-UUID
X-Cache-Time
X-Cache-Control
X-Tt-Trace-Host
X-Proxy
X-Tt-Trace-Tag
X-Page-View
Countrycode
X-Drupal-Cache-Contexts
X-Www-Served-By
X-FW-Serve
X-FW-Hash
X-FW-Server
X-FW-Type
X-Nginx-Cache
X-App-Server
X-FW-Dynamic
X-FW-Static
X-Protected-By
X-G
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
X-Tumblr-User
Xserver
X-Tumblr-Pixel
X-Cached-By
X-Yottaa-Optimizations
X-Cache-Operation
Liferay-Portal
X-Cache-Rule
X-Yottaa-Metrics
X-Via-JSL
Powered-By-ChinaCache
X-Akamai-Edgescape
X-L-Path
X-Cache-Hit
X-Environment-Context
X-Pinterest-Direct
Section-Io-Origin-Status
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
Section-Io-Id
SRV
X-Pass-Why
X-Varnish-Grace
X-Device-Type
CF-IPCountry
GEO-INFO
Server-Info
X-TA-CDN-Provider
DynaTrace
X-User-Agent
X-Varnish-Server
X-Adobe-Content
X-Adobe-Loc
Cache-Status
Retry-After
Frame-Options
From-Origin
X-Tumblr-Pixel-2
Ec-Rule-Version
X-Mode
Meta-Geo
X-UPSTREAM-Address
X-RN-RSRV
Webserver
X-Endurance-Cache-Level
X-Handled-By
X-ES-SERVER
X-Hl-Ver
X-Varnish-Ttl
X-FB-TRIP-ID
Cache-Tv-Group
X-Backend-Name
X-ProxyCache-Key
X-Origin-Hint
X-MP-GENERATED-AT
Apigw-Requestid
X-Varnishpool
X-ProxyCache-Status
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-OCL
X-Uri
X-NYM-Debug-Backend
X-Request-Time
X-PCL
X-Pubstack
X-TEC-API-VERSION
X-Storage
Fastly-SSL
X-Access
Webcakes-Region
Webcakes-App-Version
Webcakes-App-Name
X-Section
X-Be
X-Cache-Server
X-Format
X-BYPASS-REASON
Country
TWC-Privacy
Property-Id
X-Soup
TWC-Locale-Group
TWC-Connection-Speed
TWC-Device-Class
TWC-GeoIP-LatLong
TWC-GeoIP-Country
X-Origin-Date
X-PERF
X-PHP-Host
X-Info
Mn-Server-Ip
Cache-Name
Selected-Fe
X-ApacheServer
X-AWS-Id
X-Labrador-Cache-Channel
X-LJ-Flow-ID
X-UA-Device-Type
X-Proxy-Cache-Status
X-Timing-Wait
X-No-Session
Uber-Trace-Id
X-Proto
X-Via-Fastly
Decoy-Debug-TTL
X-WA-Info
X-R9-Blue-Green-Version
X-VWS-Id
Decoy-Debug-Key
Decoy-Debug-Status
X-Human
X-Server-W
X-S-Maxage
X-Proxy-Build
Azure-Version
Azure-SlotName
Azure-RegionName
X-Cache-TTL-Remaining
Azure-InstanceId
X-Web-Node
X-GG-Cache-Date
X-Zipkin-Id
Protected
X-Xfnlog-Site
X-Routing-Service
Azure-SiteName
X-Proxied
X-TNCMS
X-Sql-Count
X-Loop
X-Say-TTL
X-SayCDN-TTL
X-Ratelimit-Limit
X-LAGOON
X-Sql-Duration-Ms
X-Say-Cacheable
X-ShopId
X-Alternate-Cache-Key
X-ShardId
X-Shopify-Stage
X-Sorting-Hat-PodId
X-Status
X-Hyper-Cache
X-Storefront-Renderer-Rendered
X-Hosted-By
X-Sorting-Hat-ShopId
X-Redis-Cache
X-Locale
X-Cache-Enabled
X-NWS-UUID-VERIFY
X-Content-Age
X-FW-Version
X-Is-Bot
X-SRV
X-Backend-Host
X-Rendered-As
X-Microcachable
X-Site-Version
X-Cluster
X-Azure-Ref
Amp-Access-Control-Allow-Source-Origin
S-Cnection
X-Cache-Grace
X-AIR-PT
X-Forwarded-Host
AMP-Access-Control-Allow-Source-Origin
X-TT-LOGID
X-Platform
X-Qloud-Router
X-Dc
X-CSRF-Token
X-App-Version
Akamai-GRN
X-Trace-Id
X-Via-CDN
ServedBy
X-Aspnetmvc-Version
X-Revision
X-Varnish-Hostname
X-Correlation-ID
X-ATG-Version
X-EdgeConnect-Cache-Status
X-Cache-NGX
X-Cache-PHP
Cache-Hits
X-Debug-Cache
X-CCM
X-RCS-CacheZone
X-Node-Name
Who
X-Akamai-Transformed
Country-Code
DB-Nickname
X-Detected-As
X-Cache-Host
X-Amzn-RequestId
X-Ratelimit-Remaining
X-B3-SpanId
X-Amzn-Remapped-Content-Length
X-TX-ID
X-Amz-Apigw-Id
Filterid
X-CACHE-KEY
X-Adobe-Source
X-RateLimit-Limit
X-BCube-Filmed-By
X-CS
X-Nc
X-Varnish-Beresp-Grace
X-Oss-Storage-Class
X-Oss-Request-Id
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
SD-X-WS
X-Oss-Server-Time
HostName
X-Ms-Version
X-Ms-Request-Id
X-PBS-Appsvrname
X-Processor
X-FTR-Backend-Server
X-CF-Lambda-Version
X-Origin-TTL
X-Owner
X-PAYTM-SRV-ID
X-Destination
X-Varnish-Cache-Hits
X-Request-UUID
X-S
X-S-Cookie
X-A-Dam
X-ScT
X-A-Ccd
X-Rojux
X-A
X-Rewrite-Enabled
X-Cache-NE
X-Origin-CC
X-Session-Fingerprint
DCR-Processing-Time-Ms
DCR-Decision-By
Odigeo-Trace-Id
BehaviorPad-Version
Expiry
Fastcgi-X-Cache-Version
MD5-Digest
Meta-Geo-Continent
Mobile-Detection-Method
X-Generation-Time
Rendered-Blocks
X-Connection-Hash
T-Server
X-D
X-NAPM-TraceId
X-Varnish-Beresp-Ttl
X-Location
X-Generated-On
X-Level-Front-Cache
X-From
Machine
X-CF-Lambda-Fn
X-B-Cookie
X-Time-Microsecs
X-VG-WebCache
X-VG-WebServer
X-Vtex-Processado-Em
X-Application
X-FTR-DC
X-Vdms-Path
X-Trv-Group
X-FTR-Cache-Status
X-Vdms-Version
X-ARC
X-GEO
X-Vtex-Remote-Cache
X-FTR-Balancer
X-FTR-Realm
X-Aed
X-SRCache-Key
X-A-Dgt
X-A-Dcw
X-FTR-Backend
X-A-Wwc
X-Country-Code-Real
X-External-Request-Id
X-Varnish-Beresp-Status
X-Magnolia-Registration
X-Unique-Id
Backend
X-ServerID
X-Bip
X-JWT-State
X-Cms-Context
Ssr
Server-Host
X-Generated-In
AKAMAI
PB-PID
X-GeoIP-City
Content-Disposition
X-Is-Gdpr
X-Has-Esi
Gh-Request-Id
Host-ID
Magicmarker
Cf-Device-Type
Pagetype
CacheControlHeader
Cache-Host
Arc-Version
X-Geo-Header
PB-RID
Path
Thinkindot-CacheControl
Release
X-Core-Value
X-Thinkindot-L3
Fastly-Backend-Name
X-Device-Os
X-Policy
V-Age
X-Tumblr-Pixel-3
X-TrackingId
Wxu-Next-Commit
Wxu-Next-Hostname
X-Cache-Bucket
X-FC-Vary-Parameters
X-B3-Traceid
X-Backend-TTL
X-Thanos
X-Reqid
Wxu-Next-Region
X-OVcl-Cache
X-Developers
X-Fetched-On
Thinkindot-Control
Thinkindot-CacheControl-Type
X-Azure-Ref-OriginShield
UCS
X-OVcl
X-APP-VERSION
X-Unique-ID
X-EC-Lua
X-Fastly-Backend
X-Fastly-Cache
X-GeoIP
X-Envoy-Decorator-Operation
NGX
True-Client-Country-4JS
X-CGP
L5d-Success-Class
X-GoCache-CacheStatus
Location
X-Dispatcher-Server
X-Cache-Info
X-Cache-Debug
X-Csrf-Jwt
Locid
NM-Fastcgi-Cache
PFcat
Server-Hostname
X-DefHash
X-Eu-Site
Platform
X-Developer
X-Branch-Name
Sever-Int
Vix-Hermes-Req-Id
X-Epic-Correlation-Id
X-Cache-Tags
X-DPWN-IS-SECURE
Server-Ext
X-DefElseHash
Origin
On-Server
X-Clientip
X-Micro-Cache
X-Request-URI
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Scheme
X-SIPLIST1
X-SVT-ORM-RULES
X-Skip-Cache
L
X-Platform-Server
X-Nginx-Cache-Key
X-Mvc-Supplant-Cachable
X-Node-Id
X-NU-AKA-ACS-Version
X-Origin-Expires
X-Origin
X-SVT-ORM-VERSION
X-User
X-Backend-State
Esi-Enabled
X-DynaTrace-JS-Agent
X-IP
NGB
X-Var-Ttl
X-Irp-Debug
X-VServer
X-VG-TLSProxy
X-Varnish-CookieHashed-On
X-Variation
X-Varnish-CookieINHashed-On
X-Varnish-Hits
X-VarnishDD-TTL
X-Varnish-Remaining-TTL
X-Method
X-Ratelimit-Reset
CDN-RequestId
CDN-Uid
X-HS-Content-Campaign-Id
CDN-RequestCountryCode
CDN-PullZone
CDN-CachedAt
CDN-EdgeStorageId
DSUID
X-HN
Is-Eu
IsBot
HA-Ipaddr
Ha-Gx-Prefs
Fastly-SIE
Fastly-SWR
CDN-Cache
Cf-Bgj
Apple-News-Services-Handled
Apple-News-Services-Host
X-Li-Fabric
CDCHOST
X-LI-UUID
X-Li-Pop
Apple-News-Services-Parsed-Url
Adler-Geo
C-Via
Apple-News-Services-Request-Url
X-Amz-Meta-S3cmd-Attrs
X-ID
User-Cache-Control
X-NewRelic-App-Data
X-Request-Host
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Old-Content-Length
X-Origin-Response-Time
X-Wikidot-Backend
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Gzip
X-Wikidot-Static-Cache
X-Loc
X-Hash
X-LB-ID
X-WADP-Cache
X-Fmm-Version
X-Tb
X-Swa-Ws
Xc-Version
X-Gamma-Serve
X-Generated-By
X-Gen-Mode
X-Block-Status
Web-Mar-Node
X-Hnp-Log
X-Esi-Check
X-Aicache-OS
X-Cache-Id
X-Sucuri-ID
X-HOST
Fastly-Drupal-HTML
Rt-Fastcgi-Cache
X-Clara-WADP
X-Cdn-Forward
X-Air-Hostname
X-FTR-Expires
X-Edge-Location-Klb
Cmsid
Req-Svc-Chain
X-Slack-Backend
Cmstype
X-Varnish-Url
X-Kraken-Loop-Name
X-Instrumentation
X-Server-Lifecycle-Phase
X-Servername
X-Kraken-Routeconfig-Destination
Kp-EeAlive
X-Via-Poph
Svr
Tracecode
X-Served-From
X-Via-Popn
X-Via-Popv
X-Mvc-Supplant-OutputCached
X-PF-Uncompressing
A
Instruction
Pics-Label
X-Refresh
SR-User-Adfree
X-Vgn-Hpd-Reason
Url
X-Cache-Var
X-Cache-Var-Map
Viewtype
VivaBuild
M-TraceId
X-CUA
X-NGENIX-Cache
X-Matched-Rule
X-JoinUs
Arc-Country
Sid
X-SaId
Lfy
X-PHP-Backend
Cross-Origin-Opener-Policy
Cache-Key
X-Edge-Location
X-TraceId
X-Cache-Expires
X-Sn-Servicetimems
TDXMobile
CloudFront-Viewer-Country
X-Tb-Optimization-Total-Bytes-Saved
X-Cdn-Origin
SID
DataCenter
X-NCache
X-Vc
Pramga
MIME-Version
X-DC
X-Cache-Backend
Geo-Info
X-NC
X-CLOUD-TRACE-CONTEXT
X-Extlb
X-Core-Mission
Content-Secure-Policy
X-Cache-Date
NtCoent-Length
X-Webkit-CSP-Report-Only
X-Service
X-CDN-Forward
X-Internal-Host
X-Request-Start
X-Srv
X-Servedbyhost
Server-ID
Source
X-Wa
Tcn
Geoip-Latitude
GeoIp-Country-Code
X-Bc-Bl
X-B3-Spanid
X-FireWall-Protection
FSS-Cache
X-Error
X-Forwarded-Site
X-HS-Status
X-Req
X-Varnish-Cacheable
X-LI-Proto
X-Via-NSCOPI
X-Vcl-Version
Memcached
X-Proxy-Upstream
X-Esi
LB
Surrogated-Key
X-Newrelic-Synthetics
CACHE
X-VHOST
X-Air-Source
We-Hiring
X-VC-Cache
X-Response-By
X-Li-Proto
Resin-Trace
X-PJAX-URL
Mail-Subject
X-Date
X-Accel-Expires-Debug
X-Geo
Upgrade-Insecure-Requests
X-Viewer-Country
Xkeyi7
Hostname
X-Rocket-Build-Number
X-Hcs-Proxy-Type
X-Sigma
Env
X-VCL-Version
X-App
X-Sigma-Backend
X-Proxy-Cachei7
X-RateLimit-Remaining-Second
X-CCDN-CacheTTL
X-CCDN-Origin-Time
Request-ID
X-RateLimit-Limit-Second
X-LiteSpeed-Cache-Control
CF-Cached-On
X-Cs
GeoIP-Country-Code
X-DSS
Server-Ttl
Memory
X-WA
X-Men
X-MSEdge-Features
X-DB
X-MSEdge-Flight
X-DI
GeoIP-Latitude
X-BBXSRF
X-RPS
X-RPM
X-TIM-N
X-DW
X-RSL
N-Cache
Time
HitType
X-ZONE
X-Zone
X-APP
X-RAMCache
X-Cache-2
X-ServedByHost
XServer
X-Action
VNS-Cache
X-Varnish-Authentication
D-Cc-Upstream
S-Rt
X-Svr
ProcessTime
X-Cache-ASPX
X-UA
X-Cc-Via
CPC-Cache
X-Cc-Req-Id
VNS-Age
X-Contensis-Viewer-Groups
CPC-Age
Server-Id
X-Mg-Request-UUID
X-Air-Trace-Id
X-TIME
X-HostName
X-Oss-Cdn-Auth
Mime-Version
Fastcgi-Cache-TTL
My-App
X-FPC
X-Region-Sid
State
X-Dynatrace-Js-Agent
X-Provided-By
X-Swift-Error
X-Minions-Version
X-Fpc
X-CF-Powered-By
X-API-Version
X-Server-IP
X-Cache-Config
X-Origin-Time
W
Cache-Provider
X-Nyt-Route
X-Gdpr
X-Depends-On
X-FORWARDED-FOR
Srv
X-Cdn-Request-ID
X-Cache-Remote
X-Akamai-Pragma-Client-IP
Cteonnt-Length
CDN
X-Sucuri-Cache
Ohc-File-Size
X-Cache-Ttl
X-Erf-Stays-Bingo-Pdp-Web
X-Cache-Type
X-BACKEND-TTL
Cross-Origin-Window-Policy
X-URL
X-UnsetCookies
X-Dw-Trace-Id
X-CSRF-TOKEN
X-Xrds-Location
X-ServerName
X-Client-Ip
X-SN
X-Fastly-Request-Id
X-NodeID
X-Hello
Proxy-Connection
X-Parent-Response-Time
OT-Force-Account-Verify
X-ABtesting
X-Check-Cacheable
X-VC
Cdn
X-Flog
X-Ftr-Cache-Host
Ohc-Cache-HIT
X-Pad
PICS-Label
Media-Length
X-Webstats-RespID
X-Oracle-DMS-ECID
X-Presslabs-Stats
Dnion-Transfer-Encoding
X-Forwarded-Path
X-NGINX-Cache
X-SB
X-ND-Cache
X-Tenant
Cf-Ipcountry
X-Shop-Environment
X-Orig-Expires
X-SD-PageType
X-Fastly-Backend-Reqs
Vha6-Origin
X-Snapshot-Date
X-Pf-Uncompressing
X-Host-Name
X-Via-PopN
X-Via-PopH
X-Via-PopV
X-Cluster-Node
WZWS-RAY
X-BBC-Edge-Cache-Status
X-ElasticPress-Search
X-Air-Pt
Epwk-X-Cache
X-LiteSpeed-Tag
X-Acquia-Purge-Tags
X-Acquia-Site
X-Varnish-URL
X-Acquia-Application-UUID
X-Acquia-Application-Trace
X-Ftr-Request-Id
Warning
X-Akamai-ERPolicy
X-Traceid
X-Cache-Tag
X-Request-URL
X-Varnish-Beresp-TTL
EpKe-Alive
X-Vcache
X-MiniProfiler-Ids
X-Akamai-ERRuleID
Xet-Cookie
X-Render-Time
X-Ms-Meta-Originalurl
X-BBC-Origin-Response-Status
X-Lb-Id
X-Ms-Meta-Staticbatchstarttime
Datacenter
CountryCode
X-Conf
X-Cache-Status-Check
X-Pjax-Url
X-Apw-Hits
Environment
X-Apw-Access-Token
X-Yottaa-OS
X-Mg-Request-Id
X-C
X-Redis-Count
Phost
X-Amz-Meta-Cb-Modifiedtime
X-B3-Parentspanid
X-Tid
Ohc-Response-Time
X-Debug-Cache-Store
X-Debug-Cache-Fetch
NnCoection
X-Litespeed-Cache-Control
Inserted-Into-Cache-At
X-Apw-Access-Action
Content-Style-Type
Content-Script-Type
URI
X-Redis-Duration-Ms
X-Apw-Access-Object