Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
CF-RAY
Cf-Request-Id
CF-Cache-Status
Accept-Ranges
Link
X-XSS-Protection
Pragma
ETag
Expect-CT
X-Powered-By
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
Alt-Svc
X-UA-Compatible
X-Served-By
X-Timer
X-Request-Id
X-Download-Options
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Xss-Protection
Access-Control-Allow-Credentials
X-Runtime
X-AspNet-Version
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Permitted-Cross-Domain-Policies
X-Check
X-Cache-Status
X-Generator
X-DNS-Prefetch-Control
X-Cacheable
Timing-Allow-Origin
X-Content-Security-Policy
X-FRAME-OPTIONS
X-Iinfo
X-Ua-Compatible
Content-Encoding
X-CDN
Feature-Policy
X-AspNetMvc-Version
Status
X-Request-ID
X-Envoy-Upstream-Service-Time
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
Upgrade
Access-Control-Max-Age
X-Via
Keep-Alive
X-Ws-Request-Id
X-AH-Environment
X-Age
X-Robots-Tag
Request-Context
X-Turbo-Charged-By
EagleId
X-Cache-Group
X-Proxy-Cache
Server-Timing
X-Server
X-Backend
X-Hacker
X-Server-Powered-By
Host-Header
Report-To
X-Amz-Request-Id
X-Nginx-Cache-Status
Grace
X-Amz-Id-2
X-UA-Device
X-Dns-Prefetch-Control
X-Rq
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-LiteSpeed-Cache
X-Page-Speed
Cf-Railgun
X-Pingback
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-OneAgent-JS-Injection
X-Device
X-CST
NEL
X-Amz-Version-Id
X-Cache-Spec
Allow
X-Host
X-Vhost
X-Backend-Server
X-WebKit-CSP
X-Server-Id
X-ASPNET-VERSION
Xkey
X-Dispatcher
Surrogate-Control
EagleEye-TraceId
X-Node
Request-Id
X-Response-Time
Content-Location
X-Akam-SW-Version
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Accept-CH
X-Cache-Lookup
P3p
X-Application-Context
X-Country
X-Ruxit-JS-Agent
X-Ac
X-Mod-Pagespeed
X-Cloud-Trace-Context
Accept-Ch-Lifetime
X-Template
X-Readtime
X-Language
X-B3-TraceId
MS-Author-Via
Accept-CH-Lifetime
X-HW
Rating
Accept-Ch
X-Url
X-Cnection
X-MS-InvokeApp
X-Origin-Cache
X-PC
X-Vname
X-TtlSet
Edge-Control
X-Clacks-Overhead
X-ESI
X-GitHub-Request-Id
X-Trace
X-Webkit-CSP
X-D2id
Display
X-Middleton-Response
Response
X-Middleton-Display
X-Sol
Pagespeed
Verso
X-Content-Type
Arr-Disable-Session-Affinity
X-Kinja
X-Cdn-Fetch
X-Exp-Id
X-Exp-Variant
X-Kinja-Server
X-GoogleNews-Bot
X-Use-Magma
X-Kinja-Build
X-Kinja-Revision
X-Powered-By-Plesk
X-Vcap-Request-Id
X-ORACLE-DMS-RID
X-Country-Code
X-Goog-Hash
X-Rack-Cache
X-ORACLE-DMS-ECID
X-Varnish-TTL
X-Navigation-Version
X-VARITI-CCR
X-Abt-Application-Version
X-Amz-Rid
X-Server-Name
X-FastCGI-Cache
Service-Worker-Allowed
X-Fastly-Request-ID
X-Client-IP
Fastly-Restarts
X-Oneagent-Js-Injection
X-TTL
X-Buckets
X-Cached
X-MSEdge-Ref
X-Release
X-Element-Page-Cache
X-NF-Request-ID
X-Dw-Request-Base-Id
X-B3-TraceId-Primal
Mrf-Cache-Status
MRF-Tech
X-SharePointHealthScore
SPRequestGuid
Cache-Tag
X-Cache-TTL
Public-Key-Pins
Access-Control-Request-Method
RTSS
SPRequestDuration
SPIisLatency
AR-ATIME
AR-PoweredBy
Ar-Sid
AR-Request-ID
AR-CACHE
X-Edge
X-Powered-CMS
Pinterest-Generated-By
Pinterest-Version
X-Pinterest-Rid
X-LLID
X-Ezoic-Cdn
X-Upstream
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Version
S
Content-MD5
X-Jurisdiction
X-Ruxit-Js-Agent
X-HP-Webp
X-Ttl
X-Recruiting
X-Mid
X-MCACHE
X-ECACHE
Charset
X-Kinsta-Cache
X-Mg-S
X-Origin-Upstream-Status
X-PressLabs-Stats
X-DynaTrace
X-T
Cache-Tags
Fusion-Content-Source
Fusion-Content-Id
Fusion-Component-Id
X-Content-Digest
Fusion-Deployment-Id
Fusion-Source
Fusion-Template-Id
X-Accel-Expires
X-Px
Fastcgi-Cache
X-Forwarded-Proto
X-Id
X-Content-Security-Policy-Report-Only
X-Logged-In
Filters
TP-Cache
Server-Node
TP-L2-Cache
X-Litespeed-Cache
Edge-Cache-Tag
TCN
X-Amz-Server-Side-Encryption
Server-Name
Front-End-Https
MicrosoftSharePointTeamServices
X-Forwarded-For
X-Request-Received
X-Request-Processing-Time
X-Grace
Nginx-Cache
X-XRDS-Location
X-Fastcgi-Cache
X-Shield-Request-Id
X-B3-Sampled
X-Amzn-Trace-Id
X-Hits
X-Correlation-Id
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Microsite
X-Request-Handler-Origin-Region
Alternate-Protocol
X-Activity-Id
X-Az
X-AppVersion
X-Debug
X-F-Cache
X-Varnish-Age
X-Amz-Replication-Status
X-HS-Combine-CSS
X-Server-ID
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Cache-Config
X-Origin-Server
X-NWS-LOG-UUID
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-GUploader-UploadID
X-Goog-Metageneration
X-Yandex-Sdch-Disable
X-Frontend
Surrogate-Key
X-Rid
X-Geo-Country
Host
X-DIS-Request-ID
X-Cache-Age
Section-Io-Cache
Nel
X-Ser
Accept-Charset
X-Hostname
X-RateLimit-Remaining
X-Git-Hash
Realpath
X-Daa-Tunnel
X-Time
Access-Control-Allow-Method
X-VCache
X-Mobile-URL
X-Seen-By
X-Source
X-Respond-Thread
X-Upgrade-Enabled
MS-CV
X-AOL-HN
ServerID
Paypal-Debug-Id
X-Type
X-DataDome
Cleartype
X-LB-Cache
X-Cache-Key
X-IPLB-Instance
X-Varnish-Backend
X-TT
Payment
X-Cache-Action
Healthy
X-B-Cache
X-Debug-Info
X-Signature
X-Content-Options
X-Contextid
X-Whom
X-XRDS-LOCATION
X-Load-Cache
Cache
X-App-Environment
Fastcgi-Useragent
X-Page-Id
X-N
X-Aspnet-Duration-Ms
X-Is-Crawler
X-Route-Name
X-Request-Guid
X-Providence-Cookie
X-Flags
X-FB-Debug
X-WebKit-CSP-Report-Only
X-Jobs
Node
X-FTR-Request-ID
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Browser-Type
X-Mobile
X-Rule
X-Webkit-Csp
X-Cache-Expired-At
Refresh
X-Accel-Buffering
X-Original-Request-Id
X-Wix-Request-Id
X-Response-Served-From
X-RTag
Ms-Operation-Id
DC
Viewport
X-Tec-Api-Origin
X-Tec-Api-Version
X-Tec-Api-Root
X-FireWall-Port
Access-Control-Request-Headers
X-Content-Powered-By
X-Cluster-Name
X-ProcessESI
Version
X-Drupal-Cache-Tags
X-Framework
X-RemovedCookies
X-Distributor
X-Cacheable-TTL
X-B
VIX-Pulpo-Node
X-Cache-Time
X-Zen-Fury
VIX-Pulpo-Upstream-Status
Referer-Policy
Eomportal-Instance
X-Instance
X-IPS-LoggedIn
X-Region
X-HTML-Minification-Powered-By
X-Real-IP
X-Proxy
X-UUID
X-Cache-Control
X-Tt-Trace-Host
X-Tt-Trace-Tag
Countrycode
X-Drupal-Cache-Contexts
X-Debug-IsConnected
X-Pinterest-Direct
X-Debug-IsPreview
X-FW-Serve
X-FW-Server
X-FW-Type
X-FW-Hash
X-FW-Dynamic
X-FW-Static
X-Www-Served-By
X-Page-View
Powered-By-ChinaCache
X-App-Server
X-G
X-Nginx-Cache
Xserver
X-Cache-Rule
X-Tumblr-Pixel-1
X-Protected-By
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Tumblr-User
X-Cached-By
X-Cache-Operation
X-Yottaa-Optimizations
X-Via-JSL
X-Yottaa-Metrics
Liferay-Portal
X-Akamai-Edgescape
X-Environment-Context
X-L-Path
X-Cache-Hit
SRV
X-Pass-Why
Section-Origin-Responded
Section-Io-Origin-Status
Section-Io-Id
Section-Io-Origin-Time-Seconds
X-Device-Type
X-Varnish-Grace
Server-Info
X-Varnish-Ttl
X-User-Agent
DynaTrace
X-Adobe-Loc
GEO-INFO
CF-IPCountry
X-Adobe-Content
X-Varnish-Server
X-TEC-API-VERSION
X-TA-CDN-Provider
X-TEC-API-ROOT
Cache-Status
X-TEC-API-ORIGIN
X-Tumblr-Pixel-2
From-Origin
Ec-Rule-Version
Webserver
X-Mode
X-RN-RSRV
X-UPSTREAM-Address
X-ES-SERVER
Frame-Options
Meta-Geo
X-Endurance-Cache-Level
X-Hl-Ver
Retry-After
X-Handled-By
X-FB-TRIP-ID
Cache-Tv-Group
X-Backend-Name
TWC-GeoIP-LatLong
X-Uri
X-Origin-Hint
TWC-GeoIP-Country
X-NYM-Debug-Backend
TWC-Connection-Speed
X-OCL
Webcakes-App-Version
Property-Id
X-Format
TWC-Device-Class
TWC-Privacy
X-BYPASS-REASON
X-ProxyCache-Key
Webcakes-Region
X-Access
X-Request-Time
X-Pubstack
Apigw-Requestid
X-ProxyCache-Status
X-Be
X-MP-GENERATED-AT
X-Soup
X-Storage
X-PCL
X-Section
Webcakes-App-Name
TWC-Locale-Group
X-Varnishpool
Country
X-Cache-Server
Cache-Name
X-Proxy-Build
X-Via-Fastly
X-VWS-Id
X-PERF
X-PHP-Host
X-R9-Blue-Green-Version
X-Timing-Wait
X-S-Maxage
X-Server-W
Fastly-SSL
Mn-Server-Ip
Selected-Fe
X-ApacheServer
X-UA-Device-Type
X-Labrador-Cache-Channel
X-Info
X-AWS-Id
X-No-Session
X-LJ-Flow-ID
X-Origin-Date
X-Human
Decoy-Debug-TTL
Azure-SlotName
Azure-Version
Decoy-Debug-Status
Decoy-Debug-Key
Azure-RegionName
Azure-InstanceId
X-Routing-Service
X-GG-Cache-Date
Azure-SiteName
Protected
X-Proxied
X-Zipkin-Id
X-Xfnlog-Site
X-WA-Info
Uber-Trace-Id
X-Proxy-Cache-Status
X-Cache-TTL-Remaining
X-Proto
X-SayCDN-TTL
X-Loop
X-Say-TTL
X-LAGOON
X-Hosted-By
X-Hyper-Cache
X-Alternate-Cache-Key
X-Say-Cacheable
X-Storefront-Renderer-Rendered
X-Sorting-Hat-ShopId
X-TNCMS
X-Status
X-Web-Node
X-Sorting-Hat-PodId
X-ShardId
X-Shopify-Stage
X-ShopId
AMP-Access-Control-Allow-Source-Origin
X-Sql-Duration-Ms
X-Redis-Cache
X-Sql-Count
X-Cache-Enabled
X-Ratelimit-Limit
X-App-Version
X-FW-Version
X-Locale
X-Cluster
X-Content-Age
X-Microcachable
X-Backend-Host
X-NWS-UUID-VERIFY
X-Site-Version
X-AIR-PT
S-Cnection
X-Is-Bot
X-Correlation-ID
X-Forwarded-Host
X-Rendered-As
X-Azure-Ref
X-Dc
X-Cache-Grace
X-Platform
X-Qloud-Router
X-CSRF-Token
X-TT-LOGID
X-SRV
X-Trace-Id
X-Node-Name
X-Revision
Akamai-GRN
X-Via-CDN
Cache-Hits
ServedBy
X-Varnish-Hostname
Amp-Access-Control-Allow-Source-Origin
X-CCM
X-ATG-Version
X-Cache-NGX
X-Cache-PHP
X-EdgeConnect-Cache-Status
X-RCS-CacheZone
X-Debug-Cache
X-Aspnetmvc-Version
X-Cache-Host
X-Detected-As
X-CS
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Amzn-Remapped-Content-Length
X-B3-SpanId
DB-Nickname
X-Akamai-Transformed
Who
X-RateLimit-Limit
X-TX-ID
Country-Code
X-Oss-Hash-Crc64ecma
X-Country-Code-Real
X-Nc
X-Adobe-Source
X-Oss-Object-Type
X-Oss-Storage-Class
X-FTR-Balancer
X-FTR-DC
X-FTR-Backend-Server
X-FTR-Backend
X-Oss-Server-Time
X-FTR-Cache-Status
X-Oss-Request-Id
X-FTR-Realm
X-Ratelimit-Remaining
SD-X-WS
X-BCube-Filmed-By
HostName
Filterid
X-CACHE-KEY
X-Varnish-Beresp-Grace
X-Time-Microsecs
X-Ms-Request-Id
X-Ms-Version
Mobile-Detection-Method
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-D
MD5-Digest
Meta-Geo-Continent
X-SRCache-Key
X-Destination
X-Request-UUID
X-Location
BehaviorPad-Version
Rendered-Blocks
X-A-Dcw
Odigeo-Trace-Id
X-ScT
DCR-Decision-By
X-Varnish-Cache-Hits
X-Vtex-Processado-Em
Fastcgi-X-Cache-Version
Expiry
DCR-Processing-Time-Ms
X-Level-Front-Cache
X-ARC
X-Vtex-Remote-Cache
X-Cache-NE
Machine
X-B-Cookie
X-Generated-On
X-NAPM-TraceId
X-Application
X-Magnolia-Registration
X-Processor
X-VG-WebCache
X-Rewrite-Enabled
X-A-Dgt
X-Origin-TTL
X-A-Wwc
X-PAYTM-SRV-ID
X-Owner
X-VG-WebServer
X-Connection-Hash
X-Origin-CC
X-A
X-A-Ccd
X-A-Dam
X-Vdms-Version
X-S
X-S-Cookie
X-From
X-Varnish-Beresp-Ttl
X-PBS-Appsvrname
X-Trv-Group
X-Vdms-Path
X-Session-Fingerprint
X-External-Request-Id
X-Aed
T-Server
X-Generation-Time
X-Rojux
X-EC-Lua
X-Varnish-Beresp-Status
X-Backend-TTL
X-Unique-ID
X-Amz-Meta-S3cmd-Attrs
X-ServerID
Backend
X-Has-Esi
Cf-Device-Type
X-Thanos
AKAMAI
Arc-Version
Content-Disposition
CacheControlHeader
Cache-Host
Pagetype
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
Ssr
Server-Host
Thinkindot-Control
UCS
Wxu-Next-Region
Wxu-Next-Hostname
Wxu-Next-Commit
V-Age
X-Tumblr-Pixel-3
Release
X-GeoIP-City
Host-ID
Gh-Request-Id
X-Thinkindot-L3
Magicmarker
X-TrackingId
X-Geo-Header
PB-RID
PB-PID
Path
X-Azure-Ref-OriginShield
X-Bip
X-Policy
X-Generated-In
X-Device-Os
X-OVcl-Cache
X-FC-Vary-Parameters
X-Developers
X-JWT-State
X-Is-Gdpr
X-DynaTrace-JS-Agent
X-OVcl
X-Cms-Context
X-Reqid
X-Core-Value
X-Fetched-On
X-Unique-Id
X-FTR-Expires
On-Server
Location
L5d-Success-Class
Origin
X-Rebelmouse-Surrogate-Control
X-SIPLIST1
X-Cache-Info
X-Cache-Tags
X-Skip-Cache
X-GeoIP
X-DefElseHash
X-Envoy-Decorator-Operation
PFcat
X-CGP
NM-Fastcgi-Cache
X-DefHash
NGX
Locid
X-User
True-Client-Country-4JS
X-Eu-Site
X-B3-Traceid
X-Fastly-Backend
X-Mvc-Supplant-Cachable
Vix-Hermes-Req-Id
X-Scheme
X-Csrf-Jwt
X-Origin
X-Origin-Expires
X-Platform-Server
X-Clientip
X-Method
X-Ratelimit-Reset
L
X-Rebelmouse-Cache-Control
X-Micro-Cache
Server-Ext
Sever-Int
X-Fastly-Cache
Server-Hostname
Platform
Is-Eu
X-HS-Content-Campaign-Id
C-Via
X-SVT-ORM-RULES
Apple-News-Services-Request-Url
X-Cache-Bucket
CDCHOST
CDN-PullZone
IsBot
CDN-CachedAt
CDN-Cache
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
X-SVT-ORM-VERSION
X-Branch-Name
X-VG-TLSProxy
X-Nginx-Cache-Key
X-HN
X-VarnishDD-TTL
Apple-News-Services-Handled
X-Node-Id
Adler-Geo
X-Varnish-Remaining-TTL
CDN-RequestCountryCode
CDN-EdgeStorageId
X-Varnish-CookieHashed-On
X-Dispatcher-Server
Fastly-SWR
CDN-RequestId
Fastly-Backend-Name
X-DPWN-IS-SECURE
Ha-Gx-Prefs
X-Epic-Correlation-Id
X-NU-AKA-ACS-Version
X-Variation
HA-Ipaddr
X-Cache-Debug
Fastly-SIE
X-Varnish-CookieINHashed-On
X-Developer
Cf-Bgj
CDN-Uid
X-Request-URI
X-Varnish-Hits
DSUID
X-Tb
X-GEO
X-Cache-Id
X-Clara-WADP
X-Swa-Ws
X-Gamma-Serve
X-Backend-State
X-Aicache-OS
X-Esi-Check
X-VServer
X-LI-UUID
X-Hash
X-Gzip
X-Loc
X-WADP-Cache
X-Li-Pop
X-Li-Fabric
X-LB-ID
X-Irp-Debug
X-IP
X-Fmm-Version
Xc-Version
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Var-Ttl
X-Air-Hostname
NGB
X-GoCache-CacheStatus
Esi-Enabled
Fastly-Drupal-HTML
Rt-Fastcgi-Cache
User-Cache-Control
X-Sucuri-ID
X-ID
X-NewRelic-App-Data
Web-Mar-Node
X-Gen-Mode
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-Request-Host
X-Block-Status
X-Varnish-Url
X-Old-Content-Length
X-Generated-By
X-Hnp-Log
X-Origin-Response-Time
Tracecode
X-Cdn-Forward
X-Servername
Pics-Label
X-Edge-Location-Klb
X-Mvc-Supplant-OutputCached
X-PF-Uncompressing
X-Via-Popv
Cmstype
X-Via-Poph
Cmsid
X-Slack-Backend
X-Planisys-CDN-TTL
Req-Svc-Chain
X-Via-Popn
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-APP-VERSION
Url
X-Refresh
SR-User-Adfree
Kp-EeAlive
X-Served-From
Svr
Instruction
X-Instrumentation
X-Cache-Var-Map
X-Kraken-Routeconfig-Destination
X-Kraken-Loop-Name
X-Cache-Var
X-Server-Lifecycle-Phase
X-Vgn-Hpd-Reason
X-CUA
A
Geo-Info
X-TraceId
VivaBuild
Lfy
Viewtype
M-TraceId
X-Matched-Rule
X-PHP-Backend
X-JoinUs
X-NGENIX-Cache
X-Webkit-CSP-Report-Only
X-SaId
CloudFront-Viewer-Country
SID
X-Cdn-Origin
Cross-Origin-Opener-Policy
X-Srv
X-Cache-Expires
X-Sn-Servicetimems
Cache-Key
Arc-Country
MIME-Version
Sid
X-Edge-Location
X-Cache-Backend
TDXMobile
X-NCache
X-Tb-Optimization-Total-Bytes-Saved
Pramga
DataCenter
X-CDN-Forward
X-DC
Server-ID
X-Servedbyhost
X-Core-Mission
X-Vc
X-Cache-Date
X-NC
X-Request-Start
X-Service
X-Wa
Content-Secure-Policy
X-Extlb
X-CLOUD-TRACE-CONTEXT
NtCoent-Length
X-Internal-Host
Tcn
X-Error
Source
X-Bc-Bl
X-FireWall-Protection
X-HS-Status
FSS-Cache
Geoip-Latitude
GeoIp-Country-Code
X-Vcl-Version
X-B3-Spanid
X-Varnish-Cacheable
X-Geo
X-LI-Proto
X-Proxy-Upstream
X-Req
Surrogated-Key
LB
X-Via-NSCOPI
X-Response-By
X-Forwarded-Site
Memcached
X-Air-Source
X-Esi
CACHE
X-Newrelic-Synthetics
X-VHOST
X-Accel-Expires-Debug
Xkeyi7
X-VC-Cache
X-PJAX-URL
We-Hiring
X-Date
X-Proxy-Cachei7
Mail-Subject
Upgrade-Insecure-Requests
X-HOST
X-LiteSpeed-Cache-Control
X-CCDN-CacheTTL
X-Viewer-Country
GeoIP-Country-Code
HitType
GeoIP-Latitude
X-Rocket-Build-Number
Env
X-RateLimit-Limit-Second
N-Cache
X-Li-Proto
Request-ID
X-VCL-Version
Resin-Trace
X-CCDN-Origin-Time
X-Hcs-Proxy-Type
Hostname
X-RateLimit-Remaining-Second
X-Sigma-Backend
X-Sigma
Server-Ttl
X-BBXSRF
X-Zone
X-Cache-Ttl
Time
X-RPM
X-Men
CF-Cached-On
X-RSL
X-DW
X-DI
X-DB
X-MSEdge-Features
X-MSEdge-Flight
X-TIM-N
X-DSS
Memory
X-RPS
X-Cache-2
X-RAMCache
X-App
X-Cc-Via
X-Cc-Req-Id
X-APP
X-Varnish-Authentication
S-Rt
D-Cc-Upstream
X-WA
X-Contensis-Viewer-Groups
X-Svr
X-Cache-ASPX
X-Cs
XServer
X-ServedByHost
X-Mg-Request-UUID
ProcessTime
X-ZONE
CPC-Cache
X-Air-Trace-Id
VNS-Age
X-UA
VNS-Cache
X-Action
CPC-Age
X-HostName
X-Cache-Remote
Cteonnt-Length
X-Nyt-Route
X-FPC
X-Gdpr
X-API-Version
My-App
X-Region-Sid
X-Server-IP
X-Cache-Config
Fastcgi-Cache-TTL
X-Origin-Time
State
X-Oss-Cdn-Auth
X-Fpc
Server-Id
X-Sucuri-Cache
Cross-Origin-Window-Policy
Ohc-File-Size
X-Dynatrace-Js-Agent
X-Provided-By
X-Swift-Error
Cf-Ipcountry
X-FORWARDED-FOR
X-Minions-Version
Cache-Provider
W
X-CF-Powered-By
Mime-Version
X-Depends-On
X-Cdn-Request-ID
Srv
CDN
X-Erf-Stays-Bingo-Pdp-Web
X-UnsetCookies
X-TIME
X-URL
X-VC
X-Cache-Type
X-SN
X-Dw-Trace-Id
X-Check-Cacheable
X-NodeID
X-BACKEND-TTL
X-Ftr-Cache-Host
X-CSRF-TOKEN
X-Xrds-Location
X-ServerName
Ohc-Cache-HIT
X-Host-Name
X-Akamai-Pragma-Client-IP
X-Client-Ip
X-Webstats-RespID
Proxy-Connection
X-ABtesting
X-Flog
X-Hello
OT-Force-Account-Verify
X-SB
Cdn
X-SD-PageType
X-Fastly-Request-Id
X-Parent-Response-Time
X-Fastly-Backend-Reqs
Dnion-Transfer-Encoding
X-Tenant
X-Pf-Uncompressing
X-Shop-Environment
X-ND-Cache
Media-Length
X-Cluster-Node
X-BBC-Edge-Cache-Status
X-Forwarded-Path
X-Orig-Expires
X-Pad
X-Presslabs-Stats
Vha6-Origin
X-Oracle-DMS-ECID
X-Snapshot-Date
X-NGINX-Cache
EpKe-Alive
X-Via-PopN
X-Via-PopV
X-ElasticPress-Search
X-Cache-Tag
X-Via-PopH
X-Air-Pt
X-Render-Time
WZWS-RAY
Epwk-X-Cache
PICS-Label
X-LiteSpeed-Tag
X-Varnish-URL
X-Lb-Id
X-Acquia-Application-UUID
Warning
X-C
X-Traceid
X-Acquia-Site
X-Acquia-Application-Trace
X-Acquia-Purge-Tags
Xet-Cookie
X-Ms-Meta-Originalurl
X-Ms-Meta-Staticbatchstarttime
X-Vcache
X-Varnish-Beresp-TTL
X-Akamai-ERRuleID
X-MiniProfiler-Ids
X-Request-URL
X-Akamai-ERPolicy
X-BBC-Origin-Response-Status
X-Ua
Datacenter
CountryCode
X-Apw-Access-Token
X-Mg-Request-Id
NnCoection
X-Cache-Status-Check
X-Apw-Hits
X-Redis-Duration-Ms
X-Yottaa-OS
X-Pjax-Url
X-Redis-Count
Environment
X-Apw-Access-Object
X-Ftr-Request-Id
X-B3-Parentspanid
X-Amz-Meta-Cb-Modifiedtime
X-Storefront-Renderer-Verified
Phost
X-Tid
X-Auto-Login
Inserted-Into-Cache-At
Processtime
URI
X-Worker
Content-Script-Type
Content-Style-Type
X-ElasticPress-Query
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-Litespeed-Cache-Control
Ohc-Response-Time
X-Apw-Access-Action