Threat Level: green Handler on Duty: Renato Marinho

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
CF-RAY
Cf-Request-Id
CF-Cache-Status
Accept-Ranges
Link
X-XSS-Protection
Pragma
ETag
Expect-CT
X-Powered-By
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
P3P
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
Alt-Svc
X-UA-Compatible
X-Served-By
X-Timer
X-Request-Id
X-Download-Options
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Xss-Protection
Access-Control-Allow-Credentials
X-Runtime
X-AspNet-Version
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Permitted-Cross-Domain-Policies
X-Check
X-Cache-Status
X-Generator
X-DNS-Prefetch-Control
X-Cacheable
Timing-Allow-Origin
X-FRAME-OPTIONS
X-Content-Security-Policy
X-Ua-Compatible
X-Iinfo
Content-Encoding
X-CDN
X-Request-ID
Feature-Policy
X-AspNetMvc-Version
Status
X-Envoy-Upstream-Service-Time
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
Upgrade
Access-Control-Max-Age
X-Via
Keep-Alive
X-Ws-Request-Id
X-AH-Environment
X-Age
X-Robots-Tag
Request-Context
X-Turbo-Charged-By
EagleId
X-Cache-Group
X-Proxy-Cache
Server-Timing
X-Server
X-Backend
X-Hacker
Host-Header
X-Server-Powered-By
Report-To
X-Amz-Request-Id
X-Nginx-Cache-Status
Grace
X-Amz-Id-2
X-UA-Device
X-Dns-Prefetch-Control
X-Rq
X-Varnish-Cache
P3p
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-LiteSpeed-Cache
X-Page-Speed
X-OneAgent-JS-Injection
Cf-Railgun
X-Pingback
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Device
X-CST
X-Amz-Version-Id
NEL
X-Cache-Spec
Allow
X-Vhost
X-Host
X-Backend-Server
X-WebKit-CSP
X-ASPNET-VERSION
X-Server-Id
X-Dispatcher
Surrogate-Control
X-Node
EagleEye-TraceId
Xkey
Request-Id
X-Response-Time
Content-Location
X-Akam-SW-Version
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Accept-CH
X-Ruxit-JS-Agent
X-Cache-Lookup
X-Application-Context
X-Country
X-Ac
Accept-CH-Lifetime
X-Mod-Pagespeed
X-Cloud-Trace-Context
X-Template
X-Readtime
X-Language
X-B3-TraceId
MS-Author-Via
X-HW
Rating
Accept-Ch-Lifetime
X-Url
X-Cnection
X-MS-InvokeApp
Accept-Ch
X-Origin-Cache
X-TtlSet
X-PC
X-Vname
Edge-Control
X-Clacks-Overhead
X-ESI
X-GitHub-Request-Id
X-Trace
X-Varnish-TTL
Display
X-D2id
Pagespeed
Response
X-Sol
X-Middleton-Display
X-Middleton-Response
X-Content-Type
Verso
Arr-Disable-Session-Affinity
X-Kinja-Revision
X-Use-Magma
X-Kinja-Server
X-Kinja-Build
X-Exp-Id
X-Kinja
X-GoogleNews-Bot
X-Exp-Variant
X-Cdn-Fetch
X-Powered-By-Plesk
X-Vcap-Request-Id
X-Country-Code
X-Goog-Hash
X-Rack-Cache
X-ORACLE-DMS-RID
X-TTL
X-FastCGI-Cache
X-Webkit-CSP
X-ORACLE-DMS-ECID
X-Navigation-Version
X-VARITI-CCR
X-Server-Name
X-Abt-Application-Version
X-Amz-Rid
Service-Worker-Allowed
Fastly-Restarts
X-Fastly-Request-ID
X-Client-IP
X-Cached
X-Buckets
X-MSEdge-Ref
X-Release
X-Cache-TTL
X-Element-Page-Cache
Cache-Tag
X-Dw-Request-Base-Id
X-NF-Request-ID
X-B3-TraceId-Primal
Mrf-Cache-Status
MRF-Tech
X-SharePointHealthScore
SPRequestGuid
Public-Key-Pins
Access-Control-Request-Method
RTSS
SPRequestDuration
SPIisLatency
AR-ATIME
AR-PoweredBy
AR-CACHE
AR-Request-ID
Ar-Sid
X-Edge
X-Ezoic-Cdn
X-LLID
X-Powered-CMS
X-Pinterest-Rid
Pinterest-Version
Pinterest-Generated-By
X-Upstream
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Version
S
X-HP-Webp
Content-MD5
X-Jurisdiction
X-Oneagent-Js-Injection
X-Recruiting
X-ECACHE
X-MCACHE
X-Mid
Charset
X-Kinsta-Cache
X-Mg-S
X-PressLabs-Stats
X-DynaTrace
X-Origin-Upstream-Status
X-T
Cache-Tags
X-Content-Digest
X-Accel-Expires
Fusion-Deployment-Id
Fusion-Component-Id
Fusion-Template-Id
Fusion-Content-Id
Fusion-Source
Fusion-Content-Source
X-Forwarded-Proto
Fastcgi-Cache
X-Px
X-Litespeed-Cache
X-Id
X-Content-Security-Policy-Report-Only
X-Logged-In
Filters
X-Ttl
TP-L2-Cache
TP-Cache
Server-Node
Edge-Cache-Tag
Server-Name
TCN
X-Amz-Server-Side-Encryption
X-Ruxit-Js-Agent
Front-End-Https
X-Forwarded-For
X-Request-Processing-Time
MicrosoftSharePointTeamServices
X-Request-Received
Nginx-Cache
X-Grace
X-Correlation-Id
X-Shield-Request-Id
X-Hits
X-B3-Sampled
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Amzn-Trace-Id
Alternate-Protocol
X-Microsite
X-Request-Handler-Origin-Region
X-Server-ID
X-Az
X-AppVersion
X-Activity-Id
X-F-Cache
X-NWS-LOG-UUID
X-Amz-Replication-Status
X-Varnish-Age
X-HS-Hub-Id
X-HS-Combine-CSS
X-Fastcgi-Cache
X-HS-Cache-Config
X-HS-Content-Id
X-XRDS-Location
X-Debug
X-Origin-Server
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-GUploader-UploadID
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Frontend
X-Yandex-Sdch-Disable
X-Rid
Nel
Host
Surrogate-Key
X-Geo-Country
X-RateLimit-Remaining
Section-Io-Cache
X-DIS-Request-ID
X-XRDS-LOCATION
X-Cache-Age
X-Daa-Tunnel
Accept-Charset
X-Ser
Realpath
X-Git-Hash
X-Hostname
X-VCache
Access-Control-Allow-Method
X-Source
X-Mobile-URL
X-Respond-Thread
X-Seen-By
MS-CV
X-Upgrade-Enabled
X-DataDome
ServerID
X-Type
X-AOL-HN
Cleartype
Paypal-Debug-Id
X-Time
X-LB-Cache
Payment
Healthy
X-Contextid
X-Varnish-Backend
X-IPLB-Instance
X-TT
X-Signature
X-Content-Options
X-B-Cache
X-Cache-Action
X-Debug-Info
X-Is-Crawler
X-Providence-Cookie
X-Route-Name
X-Whom
X-Flags
X-Request-Guid
X-Aspnet-Duration-Ms
X-WebKit-CSP-Report-Only
X-App-Environment
X-Page-Id
X-Cache-Key
X-Load-Cache
X-N
Fastcgi-Useragent
X-FB-Debug
Cache
X-Jobs
Node
X-Webkit-Csp
X-Rule
X-Mobile
X-Cache-Expired-At
X-Tec-Api-Version
X-Tec-Api-Root
Refresh
X-Browser-Type
X-Erf-Bev-Bev-Is-Generated
X-FTR-Request-ID
X-Tec-Api-Origin
X-Erf-Bev-Bev
X-FireWall-Port
X-Response-Served-From
X-Original-Request-Id
X-Accel-Buffering
Viewport
X-Wix-Request-Id
X-RTag
Ms-Operation-Id
DC
X-Cacheable-TTL
X-Cluster-Name
Access-Control-Request-Headers
X-Content-Powered-By
X-Distributor
X-B
X-Debug-IsPreview
X-ProcessESI
X-Framework
Referer-Policy
X-Instance
X-Zen-Fury
X-HTML-Minification-Powered-By
X-RemovedCookies
X-Real-IP
X-Debug-IsConnected
X-Drupal-Cache-Tags
VIX-Pulpo-Node
Eomportal-Instance
Version
VIX-Pulpo-Upstream-Status
X-IPS-LoggedIn
X-Cache-Time
X-Cache-Control
X-UUID
X-Region
X-Proxy
X-Page-View
X-Tt-Trace-Host
Countrycode
X-Tt-Trace-Tag
X-Drupal-Cache-Contexts
X-FW-Serve
X-Nginx-Cache
X-FW-Hash
X-App-Server
X-FW-Server
X-FW-Static
X-FW-Type
X-FW-Dynamic
X-G
X-Www-Served-By
X-Protected-By
X-Tumblr-Pixel-0
X-Tumblr-User
X-Tumblr-Pixel
X-Tumblr-Pixel-1
Xserver
X-Cached-By
X-Cache-Operation
X-Yottaa-Metrics
X-Cache-Rule
X-Yottaa-Optimizations
Liferay-Portal
X-Via-JSL
X-Akamai-Edgescape
Powered-By-ChinaCache
X-Environment-Context
X-L-Path
X-Cache-Hit
X-Pinterest-Direct
SRV
Section-Io-Origin-Status
Section-Origin-Responded
X-Varnish-Grace
Section-Io-Id
X-Pass-Why
Section-Io-Origin-Time-Seconds
X-Device-Type
GEO-INFO
CF-IPCountry
Server-Info
X-TA-CDN-Provider
DynaTrace
X-User-Agent
X-Adobe-Content
X-Varnish-Server
X-Adobe-Loc
Cache-Status
Retry-After
Frame-Options
From-Origin
X-Mode
X-Tumblr-Pixel-2
Ec-Rule-Version
X-Endurance-Cache-Level
Meta-Geo
X-Handled-By
X-Hl-Ver
X-RN-RSRV
X-UPSTREAM-Address
X-ES-SERVER
Webserver
X-FB-TRIP-ID
Cache-Tv-Group
X-Backend-Name
Property-Id
TWC-GeoIP-LatLong
X-Soup
Webcakes-App-Name
X-Uri
TWC-Locale-Group
X-MP-GENERATED-AT
X-Format
X-Section
X-BYPASS-REASON
X-Be
X-Cache-Server
TWC-Device-Class
X-Storage
TWC-Connection-Speed
X-NYM-Debug-Backend
X-Varnishpool
X-ProxyCache-Key
X-TEC-API-ROOT
X-ProxyCache-Status
X-Pubstack
X-Request-Time
Webcakes-App-Version
X-TEC-API-VERSION
Webcakes-Region
X-Origin-Hint
Country
X-TEC-API-ORIGIN
TWC-Privacy
Fastly-SSL
X-Access
TWC-GeoIP-Country
Mn-Server-Ip
Decoy-Debug-Status
Decoy-Debug-Key
Apigw-Requestid
Decoy-Debug-TTL
Uber-Trace-Id
X-Human
X-Server-W
Cache-Name
Selected-Fe
X-ApacheServer
X-PERF
X-PCL
X-Origin-Date
X-UA-Device-Type
X-PHP-Host
X-Proto
X-R9-Blue-Green-Version
X-Proxy-Build
X-S-Maxage
X-Labrador-Cache-Channel
X-OCL
X-Timing-Wait
X-Info
X-WA-Info
Azure-InstanceId
Azure-RegionName
X-VWS-Id
X-AWS-Id
X-Via-Fastly
X-Routing-Service
X-Proxied
Azure-SlotName
Protected
X-No-Session
X-GG-Cache-Date
Azure-Version
X-Cache-TTL-Remaining
X-LJ-Flow-ID
Azure-SiteName
X-Sql-Count
X-Say-Cacheable
X-TNCMS
X-LAGOON
X-Loop
X-Say-TTL
X-SayCDN-TTL
X-Web-Node
X-Sql-Duration-Ms
X-Zipkin-Id
X-Proxy-Cache-Status
X-Ratelimit-Limit
X-Storefront-Renderer-Rendered
X-Sorting-Hat-PodId
X-Xfnlog-Site
X-Sorting-Hat-ShopId
X-Status
X-Hosted-By
X-ShardId
X-Alternate-Cache-Key
X-Hyper-Cache
X-ShopId
X-Shopify-Stage
X-Redis-Cache
X-NWS-UUID-VERIFY
X-Locale
X-Cache-Enabled
X-Content-Age
X-Microcachable
X-FW-Version
X-Rendered-As
X-Backend-Host
X-Is-Bot
X-Site-Version
X-Azure-Ref
X-Cluster
Amp-Access-Control-Allow-Source-Origin
S-Cnection
X-Forwarded-Host
X-Cache-Grace
X-AIR-PT
X-SRV
AMP-Access-Control-Allow-Source-Origin
X-TT-LOGID
X-Dc
X-Platform
X-Qloud-Router
X-App-Version
X-CSRF-Token
X-Varnish-Ttl
Akamai-GRN
ServedBy
X-Aspnetmvc-Version
X-Trace-Id
X-Via-CDN
X-Revision
X-Cache-NGX
Cache-Hits
X-Correlation-ID
X-EdgeConnect-Cache-Status
X-ATG-Version
X-Cache-PHP
X-Varnish-Hostname
X-CCM
X-RCS-CacheZone
X-Node-Name
Who
X-Debug-Cache
Country-Code
X-Cache-Host
DB-Nickname
X-Detected-As
X-Akamai-Transformed
X-Amzn-Remapped-Content-Length
X-B3-SpanId
X-Amz-Apigw-Id
X-Amzn-RequestId
Filterid
X-Adobe-Source
X-CACHE-KEY
X-RateLimit-Limit
X-Nc
X-CS
X-BCube-Filmed-By
X-TX-ID
X-Varnish-Beresp-Grace
X-Oss-Storage-Class
SD-X-WS
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-Oss-Server-Time
X-Oss-Request-Id
HostName
X-Ms-Request-Id
X-Ms-Version
X-A-Ccd
X-Country-Code-Real
X-Session-Fingerprint
X-A-Dam
X-Rojux
X-ScT
X-A
X-S-Cookie
X-FTR-Backend
X-S
X-A-Dcw
X-FTR-Backend-Server
X-SRCache-Key
X-Varnish-Cache-Hits
X-Trv-Group
X-Location
X-Cache-NE
X-B-Cookie
X-ARC
X-A-Dgt
Meta-Geo-Continent
X-Aed
X-Application
X-Rewrite-Enabled
X-FTR-Balancer
X-PAYTM-SRV-ID
X-Owner
Fastcgi-X-Cache-Version
Expiry
DCR-Processing-Time-Ms
Odigeo-Trace-Id
X-Origin-CC
MD5-Digest
Machine
Mobile-Detection-Method
X-Origin-TTL
DCR-Decision-By
X-PBS-Appsvrname
X-Varnish-Beresp-Ttl
X-FTR-Cache-Status
X-FTR-DC
X-FTR-Realm
X-Request-UUID
X-Processor
T-Server
X-Vdms-Path
Rendered-Blocks
BehaviorPad-Version
X-NAPM-TraceId
X-Level-Front-Cache
X-A-Wwc
X-Destination
X-GEO
X-VG-WebServer
X-D
X-Connection-Hash
X-Generated-On
X-Time-Microsecs
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
X-From
X-External-Request-Id
X-CF-Lambda-Version
X-Generation-Time
X-CF-Lambda-Fn
X-Vdms-Version
X-VG-WebCache
X-Varnish-Beresp-Status
X-Unique-Id
X-Ratelimit-Remaining
X-Magnolia-Registration
Backend
V-Age
X-GeoIP-City
Wxu-Next-Region
X-Generated-In
Fastly-Backend-Name
X-Reqid
X-Policy
Wxu-Next-Commit
PB-RID
Wxu-Next-Hostname
X-Has-Esi
Thinkindot-Control
Cache-Host
X-Fetched-On
CacheControlHeader
Cf-Device-Type
X-FC-Vary-Parameters
Server-Host
Arc-Version
Ssr
Thinkindot-CacheControl-Type
PB-PID
AKAMAI
Thinkindot-CacheControl
Magicmarker
UCS
Path
X-Is-Gdpr
X-Azure-Ref-OriginShield
X-Geo-Header
X-OVcl
Host-ID
X-Thanos
X-JWT-State
X-Bip
X-TrackingId
X-B3-Traceid
X-Thinkindot-L3
X-Core-Value
X-OVcl-Cache
X-Cache-Bucket
X-Backend-TTL
X-Developers
X-Device-Os
Pagetype
X-ServerID
Release
X-Tumblr-Pixel-3
Gh-Request-Id
X-APP-VERSION
X-Unique-ID
X-EC-Lua
Platform
X-Origin
X-Origin-Expires
On-Server
PFcat
NGX
X-GeoIP
Origin
X-GoCache-CacheStatus
NM-Fastcgi-Cache
Vix-Hermes-Req-Id
X-HS-Content-Campaign-Id
X-Clientip
X-CGP
X-Mvc-Supplant-Cachable
X-Cms-Context
X-Csrf-Jwt
X-HN
X-Micro-Cache
X-Method
X-Cache-Info
X-Cache-Tags
X-Li-Pop
X-Cache-Debug
X-Branch-Name
X-LI-UUID
X-DefElseHash
X-DefHash
X-Fastly-Cache
True-Client-Country-4JS
Sever-Int
X-Nginx-Cache-Key
Server-Hostname
X-Node-Id
X-Fastly-Backend
X-Li-Fabric
X-Dispatcher-Server
X-Developer
X-DPWN-IS-SECURE
X-Envoy-Decorator-Operation
X-Eu-Site
X-Epic-Correlation-Id
Server-Ext
Content-Disposition
X-Request-URI
X-VServer
X-Scheme
X-SIPLIST1
X-Skip-Cache
X-Rebelmouse-Surrogate-Control
X-DynaTrace-JS-Agent
Apple-News-Services-Handled
Apple-News-Services-Host
Adler-Geo
X-Platform-Server
X-Ratelimit-Reset
X-SVT-ORM-RULES
Esi-Enabled
X-Variation
X-Var-Ttl
X-Varnish-CookieHashed-On
X-Varnish-CookieINHashed-On
X-Varnish-Hits
X-Irp-Debug
X-User
X-Backend-State
X-Varnish-Remaining-TTL
X-SVT-ORM-VERSION
Locid
X-IP
Apple-News-Services-Parsed-Url
X-Rebelmouse-Cache-Control
Fastly-SIE
Fastly-SWR
X-VG-TLSProxy
Apple-News-Services-Request-Url
Cf-Bgj
X-VarnishDD-TTL
Ha-Gx-Prefs
HA-Ipaddr
L5d-Success-Class
Location
L
IsBot
Is-Eu
CDN-Uid
DSUID
CDN-EdgeStorageId
CDN-RequestId
CDN-CachedAt
CDN-Cache
CDN-RequestCountryCode
C-Via
CDCHOST
CDN-PullZone
X-NewRelic-App-Data
X-Amz-Meta-S3cmd-Attrs
User-Cache-Control
X-ID
X-Gzip
X-Wikidot-Backend
X-Request-Host
X-Origin-Response-Time
X-Old-Content-Length
X-Hash
NGB
Web-Mar-Node
X-Sucuri-ID
X-Esi-Check
X-Gamma-Serve
X-Block-Status
X-Hnp-Log
X-Generated-By
X-Gen-Mode
Xc-Version
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Planisys-CDN-Cache
X-Planisys-CDN-TTL
X-Tb
X-Planisys-CDN-Rules
X-Swa-Ws
Rt-Fastcgi-Cache
Fastly-Drupal-HTML
X-NU-AKA-ACS-Version
X-Loc
X-Aicache-OS
X-Wikidot-Static-Cache
X-Cache-Id
X-LB-ID
X-FTR-Expires
X-Air-Hostname
Cmsid
X-Fmm-Version
X-Clara-WADP
X-Varnish-Url
X-WADP-Cache
Cmstype
X-Slack-Backend
Req-Svc-Chain
X-Kraken-Routeconfig-Destination
X-Instrumentation
X-Server-Lifecycle-Phase
X-Edge-Location-Klb
X-Kraken-Loop-Name
X-Servername
X-Cdn-Forward
X-PF-Uncompressing
Tracecode
X-Mvc-Supplant-OutputCached
Svr
X-Served-From
Kp-EeAlive
Pics-Label
A
X-Via-Popv
X-Via-Popn
X-Refresh
X-Via-Poph
Url
SR-User-Adfree
X-Vgn-Hpd-Reason
Instruction
X-Cache-Var
X-Cache-Var-Map
VivaBuild
Viewtype
M-TraceId
X-CUA
Sid
X-Matched-Rule
Lfy
X-PHP-Backend
Arc-Country
Cross-Origin-Opener-Policy
Cache-Key
X-SaId
X-JoinUs
X-TraceId
CloudFront-Viewer-Country
X-Tb-Optimization-Total-Bytes-Saved
X-Cache-Expires
X-Sn-Servicetimems
X-Cdn-Origin
X-Edge-Location
TDXMobile
X-CDN-Forward
DataCenter
SID
X-NGENIX-Cache
X-Cache-Backend
X-NCache
X-DC
X-Vc
X-Srv
Pramga
MIME-Version
Geo-Info
X-NC
X-Cache-Date
X-Service
X-Core-Mission
X-Webkit-CSP-Report-Only
X-Extlb
Content-Secure-Policy
X-CLOUD-TRACE-CONTEXT
NtCoent-Length
X-Request-Start
X-Servedbyhost
X-Wa
Server-ID
X-Internal-Host
Source
GeoIp-Country-Code
Geoip-Latitude
Tcn
X-Bc-Bl
X-B3-Spanid
X-Error
X-HS-Status
X-Forwarded-Site
X-FireWall-Protection
FSS-Cache
X-Esi
X-Via-NSCOPI
X-Req
Surrogated-Key
X-LI-Proto
Memcached
X-Varnish-Cacheable
X-VHOST
CACHE
X-PJAX-URL
X-Air-Source
X-VC-Cache
Resin-Trace
X-Date
LB
X-Accel-Expires-Debug
X-Li-Proto
X-Response-By
We-Hiring
Mail-Subject
X-Proxy-Upstream
X-Vcl-Version
X-HOST
X-Geo
Upgrade-Insecure-Requests
X-Newrelic-Synthetics
Env
Xkeyi7
X-Rocket-Build-Number
X-RateLimit-Remaining-Second
X-CCDN-Origin-Time
X-Sigma
X-Hcs-Proxy-Type
X-Sigma-Backend
X-Viewer-Country
X-VCL-Version
Hostname
X-CCDN-CacheTTL
Request-ID
X-App
X-RateLimit-Limit-Second
X-Proxy-Cachei7
X-LiteSpeed-Cache-Control
X-Cs
X-DSS
X-TIM-N
X-RSL
CF-Cached-On
Server-Ttl
X-RPS
X-Men
X-BBXSRF
GeoIP-Country-Code
Time
Memory
GeoIP-Latitude
X-DI
X-RPM
N-Cache
HitType
X-MSEdge-Features
X-MSEdge-Flight
X-DW
X-DB
X-ZONE
X-WA
X-RAMCache
X-APP
X-Zone
X-Cache-2
XServer
X-ServedByHost
X-Varnish-Authentication
X-Cc-Via
X-Cc-Req-Id
X-Action
X-Contensis-Viewer-Groups
VNS-Cache
S-Rt
ProcessTime
D-Cc-Upstream
X-Mg-Request-UUID
X-Svr
CPC-Age
Server-Id
VNS-Age
CPC-Cache
X-UA
X-Cache-ASPX
X-Air-Trace-Id
X-HostName
X-TIME
My-App
Mime-Version
State
X-Oss-Cdn-Auth
Fastcgi-Cache-TTL
X-FPC
X-Region-Sid
X-Swift-Error
X-Dynatrace-Js-Agent
X-Provided-By
X-Depends-On
Cache-Provider
X-Gdpr
X-Cache-Config
X-FORWARDED-FOR
X-Fpc
X-Nyt-Route
W
X-Origin-Time
X-Server-IP
X-API-Version
X-CF-Powered-By
Cteonnt-Length
Srv
X-Cache-Remote
X-Cdn-Request-ID
X-Akamai-Pragma-Client-IP
CDN
X-UnsetCookies
Cross-Origin-Window-Policy
X-Minions-Version
X-URL
X-Sucuri-Cache
X-BACKEND-TTL
X-CSRF-TOKEN
X-Cache-Type
Ohc-File-Size
X-Cache-Ttl
X-Erf-Stays-Bingo-Pdp-Web
X-Dw-Trace-Id
X-Client-Ip
X-ServerName
X-Xrds-Location
X-NodeID
X-Hello
OT-Force-Account-Verify
X-ABtesting
X-Parent-Response-Time
X-VC
Cdn
X-SN
Proxy-Connection
X-Flog
X-Check-Cacheable
X-Fastly-Request-Id
Ohc-Cache-HIT
X-Ftr-Cache-Host
X-Forwarded-Path
X-Tenant
X-Orig-Expires
X-Pad
X-Shop-Environment
X-ND-Cache
Media-Length
Vha6-Origin
X-Snapshot-Date
Cf-Ipcountry
X-Webstats-RespID
X-Pf-Uncompressing
X-Oracle-DMS-ECID
X-SB
X-NGINX-Cache
X-Fastly-Backend-Reqs
X-Presslabs-Stats
X-SD-PageType
Dnion-Transfer-Encoding
X-Host-Name
X-Air-Pt
X-BBC-Edge-Cache-Status
X-LiteSpeed-Tag
X-Via-PopH
Epwk-X-Cache
X-Cluster-Node
X-ElasticPress-Search
PICS-Label
WZWS-RAY
X-Via-PopV
X-Via-PopN
EpKe-Alive
X-Vcache
X-Acquia-Application-Trace
X-Render-Time
X-Ftr-Request-Id
X-Akamai-ERRuleID
X-Varnish-Beresp-TTL
X-Acquia-Site
X-Acquia-Purge-Tags
Warning
X-Acquia-Application-UUID
X-Request-URL
X-Varnish-URL
X-BBC-Origin-Response-Status
X-Traceid
X-Lb-Id
Xet-Cookie
X-Cache-Tag
X-Ms-Meta-Staticbatchstarttime
X-Ms-Meta-Originalurl
X-MiniProfiler-Ids
X-Akamai-ERPolicy
CountryCode
Datacenter
X-Debug-Cache-Store
X-Mg-Request-Id
X-B3-Parentspanid
X-Debug-Cache-Fetch
X-Conf
X-C
Phost
X-Cache-Status-Check
X-Pjax-Url
X-Yottaa-OS
X-Tx-Id
X-Apw-Access-Action
Inserted-Into-Cache-At
X-Litespeed-Cache-Control
Environment
X-Redis-Count
X-Tid
X-Amz-Meta-Cb-Modifiedtime
X-Redis-Duration-Ms
URI
X-Apw-Access-Object
X-Apw-Access-Token
Ohc-Response-Time
NnCoection
Content-Script-Type
Content-Style-Type
X-Apw-Hits