Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-RAY
CF-Cache-Status
X-XSS-Protection
Accept-Ranges
Link
Pragma
ETag
Expect-CT
X-Powered-By
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
Alt-Svc
X-UA-Compatible
X-Served-By
X-Timer
X-Request-Id
X-Download-Options
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-Runtime
X-AspNet-Version
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Permitted-Cross-Domain-Policies
X-Check
X-Xss-Protection
X-Cache-Status
X-Generator
X-DNS-Prefetch-Control
X-Cacheable
Timing-Allow-Origin
X-FRAME-OPTIONS
X-Content-Security-Policy
X-Ua-Compatible
X-Iinfo
Content-Encoding
X-CDN
Feature-Policy
X-AspNetMvc-Version
Status
X-Envoy-Upstream-Service-Time
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
Upgrade
Access-Control-Max-Age
X-Via
X-Request-ID
Keep-Alive
X-Ws-Request-Id
X-Age
X-AH-Environment
X-Robots-Tag
Request-Context
X-Turbo-Charged-By
EagleId
X-Cache-Group
X-Proxy-Cache
Server-Timing
X-Server
X-Backend
X-Hacker
Host-Header
X-Server-Powered-By
Report-To
X-Amz-Request-Id
X-Nginx-Cache-Status
Grace
X-Amz-Id-2
X-UA-Device
X-Dns-Prefetch-Control
X-Rq
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-LiteSpeed-Cache
X-Page-Speed
Cf-Railgun
X-Pingback
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Device
X-OneAgent-JS-Injection
X-CST
X-Amz-Version-Id
NEL
X-Cache-Spec
Allow
X-Host
X-Vhost
X-Backend-Server
X-WebKit-CSP
X-ASPNET-VERSION
Xkey
X-Server-Id
X-Dispatcher
Surrogate-Control
EagleEye-TraceId
X-Node
Request-Id
X-Response-Time
Content-Location
X-Akam-SW-Version
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Accept-CH
P3p
X-Cache-Lookup
X-Application-Context
X-Country
X-Ac
X-Ruxit-JS-Agent
X-Mod-Pagespeed
X-Cloud-Trace-Context
X-Template
X-Readtime
X-Language
Accept-Ch-Lifetime
Accept-CH-Lifetime
X-B3-TraceId
MS-Author-Via
X-HW
Accept-Ch
Rating
X-Url
X-Cnection
X-MS-InvokeApp
X-Origin-Cache
X-Vname
X-PC
X-TtlSet
Edge-Control
X-Clacks-Overhead
X-GitHub-Request-Id
X-ESI
X-Trace
Display
X-Sol
X-Middleton-Response
Response
X-Middleton-Display
Pagespeed
X-D2id
X-Content-Type
Verso
Arr-Disable-Session-Affinity
X-Kinja-Build
X-Kinja-Revision
X-Kinja-Server
X-Use-Magma
X-Kinja
X-GoogleNews-Bot
X-Cdn-Fetch
X-Exp-Id
X-Exp-Variant
X-Varnish-TTL
X-ORACLE-DMS-RID
X-Powered-By-Plesk
X-Vcap-Request-Id
X-Country-Code
X-Goog-Hash
X-Rack-Cache
X-ORACLE-DMS-ECID
X-Webkit-CSP
X-Navigation-Version
X-VARITI-CCR
X-Server-Name
X-Abt-Application-Version
X-Amz-Rid
X-Oneagent-Js-Injection
Service-Worker-Allowed
X-TTL
X-FastCGI-Cache
X-Fastly-Request-ID
Fastly-Restarts
X-Client-IP
X-Buckets
X-Cached
X-Cache-TTL
X-MSEdge-Ref
X-Release
X-Element-Page-Cache
X-Dw-Request-Base-Id
X-NF-Request-ID
MRF-Tech
Mrf-Cache-Status
X-B3-TraceId-Primal
SPRequestGuid
X-SharePointHealthScore
Cache-Tag
Public-Key-Pins
Access-Control-Request-Method
RTSS
SPIisLatency
SPRequestDuration
AR-CACHE
AR-PoweredBy
Ar-Sid
AR-Request-ID
AR-ATIME
X-Pinterest-Rid
Pinterest-Generated-By
X-Edge
Pinterest-Version
X-Ezoic-Cdn
X-Powered-CMS
X-LLID
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Upstream
X-Ruxit-Js-Agent
X-Version
Content-MD5
S
X-HP-Webp
X-Jurisdiction
X-Recruiting
X-MCACHE
X-ECACHE
X-Mid
Charset
X-Kinsta-Cache
X-Origin-Upstream-Status
X-Mg-S
X-DynaTrace
X-PressLabs-Stats
X-Ttl
X-T
Fusion-Source
Fusion-Content-Id
Fusion-Component-Id
X-Content-Digest
Fusion-Deployment-Id
Fusion-Content-Source
Fusion-Template-Id
Cache-Tags
X-Px
X-Accel-Expires
Fastcgi-Cache
X-Forwarded-Proto
X-Litespeed-Cache
X-Content-Security-Policy-Report-Only
X-Logged-In
Filters
Server-Node
TP-Cache
TP-L2-Cache
Edge-Cache-Tag
TCN
Server-Name
X-Amz-Server-Side-Encryption
X-Id
Front-End-Https
MicrosoftSharePointTeamServices
X-Grace
X-Fastcgi-Cache
X-Request-Received
X-Request-Processing-Time
Nginx-Cache
X-Correlation-Id
X-XRDS-Location
X-Forwarded-For
X-Hits
X-Shield-Request-Id
X-B3-Sampled
X-Amzn-Trace-Id
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Server-ID
Alternate-Protocol
X-Request-Handler-Origin-Region
X-Microsite
X-AppVersion
X-Activity-Id
X-Debug
X-Az
X-Varnish-Age
X-F-Cache
X-HS-Content-Id
X-HS-Hub-Id
X-HS-Combine-CSS
X-HS-Cache-Config
X-Amz-Replication-Status
X-NWS-LOG-UUID
X-Origin-Server
X-Yandex-Sdch-Disable
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Generation
X-GUploader-UploadID
Surrogate-Key
X-Frontend
X-Rid
Nel
X-Geo-Country
X-DIS-Request-ID
X-Cache-Age
Host
Accept-Charset
X-Ser
Section-Io-Cache
X-Git-Hash
X-Daa-Tunnel
X-Hostname
X-RateLimit-Remaining
X-VCache
X-Respond-Thread
Access-Control-Allow-Method
X-Mobile-URL
Realpath
X-Source
MS-CV
X-Seen-By
X-Upgrade-Enabled
X-DataDome
Paypal-Debug-Id
X-LB-Cache
X-AOL-HN
X-XRDS-LOCATION
X-Time
ServerID
X-Type
Cleartype
X-IPLB-Instance
X-Varnish-Backend
X-TT
Healthy
Payment
X-Debug-Info
X-B-Cache
X-Cache-Action
X-Content-Options
X-Signature
X-Cache-Key
X-Aspnet-Duration-Ms
X-Request-Guid
X-Providence-Cookie
X-Route-Name
X-Is-Crawler
X-Flags
X-Whom
X-Contextid
X-Page-Id
X-Load-Cache
X-App-Environment
Cache
Fastcgi-Useragent
X-N
X-Jobs
X-FB-Debug
X-WebKit-CSP-Report-Only
Node
X-Webkit-Csp
X-FTR-Request-ID
X-Erf-Bev-Bev-Is-Generated
X-Browser-Type
X-Erf-Bev-Bev
X-Mobile
X-Rule
X-Cache-Expired-At
Refresh
X-Response-Served-From
X-Wix-Request-Id
X-Original-Request-Id
X-Accel-Buffering
DC
Viewport
X-RTag
Ms-Operation-Id
X-Cacheable-TTL
Access-Control-Request-Headers
X-Drupal-Cache-Tags
X-Cluster-Name
X-FireWall-Port
X-Content-Powered-By
X-Distributor
X-Framework
Referer-Policy
X-Instance
Version
X-HTML-Minification-Powered-By
X-ProcessESI
X-Pinterest-Direct
X-RemovedCookies
X-Zen-Fury
X-B
X-Real-IP
Eomportal-Instance
X-UUID
X-Proxy
VIX-Pulpo-Node
X-Region
VIX-Pulpo-Upstream-Status
X-Cache-Control
X-IPS-LoggedIn
X-Cache-Time
X-Tt-Trace-Tag
X-Page-View
X-Tt-Trace-Host
X-Tec-Api-Root
X-Tec-Api-Origin
Countrycode
X-Tec-Api-Version
X-Drupal-Cache-Contexts
X-Debug-IsPreview
X-Debug-IsConnected
X-FW-Hash
X-FW-Server
X-FW-Dynamic
X-FW-Type
Powered-By-ChinaCache
X-FW-Static
X-FW-Serve
X-App-Server
X-Nginx-Cache
X-G
X-Via-JSL
X-Cache-Rule
X-Cached-By
X-Cache-Operation
X-Yottaa-Metrics
Liferay-Portal
X-Tumblr-User
X-Tumblr-Pixel-1
X-Www-Served-By
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Yottaa-Optimizations
X-Akamai-Edgescape
X-Protected-By
X-L-Path
X-Cache-Hit
X-Environment-Context
X-Pass-Why
SRV
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
Section-Io-Id
Xserver
Section-Io-Origin-Status
Server-Info
X-Varnish-Grace
X-Device-Type
GEO-INFO
DynaTrace
CF-IPCountry
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-User-Agent
X-Adobe-Loc
X-Adobe-Content
X-Tumblr-Pixel-2
From-Origin
X-Varnish-Server
Cache-Status
Ec-Rule-Version
X-Mode
Webserver
Retry-After
X-UPSTREAM-Address
Meta-Geo
X-Endurance-Cache-Level
X-TA-CDN-Provider
X-ES-SERVER
Frame-Options
X-RN-RSRV
X-Handled-By
X-Hl-Ver
Cache-Tv-Group
X-Varnish-Ttl
X-Backend-Name
X-FB-TRIP-ID
X-OCL
X-ProxyCache-Status
TWC-Privacy
TWC-Locale-Group
X-ProxyCache-Key
X-NYM-Debug-Backend
Country
Webcakes-App-Version
X-Varnishpool
X-Access
X-PCL
X-Uri
Webcakes-Region
Webcakes-App-Name
Fastly-SSL
X-Format
TWC-GeoIP-LatLong
X-Soup
Apigw-Requestid
X-Section
Property-Id
X-Cache-Server
X-BYPASS-REASON
X-Be
TWC-Connection-Speed
X-Storage
X-Pubstack
X-Origin-Hint
TWC-Device-Class
X-MP-GENERATED-AT
TWC-GeoIP-Country
X-Request-Time
X-ApacheServer
Mn-Server-Ip
X-Origin-Date
Selected-Fe
X-No-Session
X-Proxy-Build
X-Info
Decoy-Debug-Key
X-R9-Blue-Green-Version
X-Timing-Wait
X-Human
Decoy-Debug-Status
Cache-Name
X-S-Maxage
X-Server-W
X-WA-Info
X-VWS-Id
X-UA-Device-Type
X-PERF
X-LJ-Flow-ID
X-PHP-Host
X-AWS-Id
X-Via-Fastly
X-Labrador-Cache-Channel
X-Proto
Decoy-Debug-TTL
X-Sql-Duration-Ms
Azure-Version
X-Sql-Count
X-TNCMS
X-Web-Node
X-Zipkin-Id
X-Xfnlog-Site
X-SayCDN-TTL
X-Say-TTL
X-LAGOON
X-GG-Cache-Date
X-Loop
X-Proxied
X-Say-Cacheable
X-Routing-Service
Protected
X-Cache-TTL-Remaining
Azure-InstanceId
Azure-SiteName
Azure-RegionName
Azure-SlotName
X-ShardId
X-Ratelimit-Limit
X-ShopId
X-Hosted-By
X-Sorting-Hat-ShopId
X-Storefront-Renderer-Rendered
X-Status
X-Alternate-Cache-Key
X-Sorting-Hat-PodId
X-Shopify-Stage
X-Hyper-Cache
X-Proxy-Cache-Status
Uber-Trace-Id
X-Redis-Cache
X-Locale
X-Cache-Enabled
X-Site-Version
X-FW-Version
AMP-Access-Control-Allow-Source-Origin
X-Cluster
X-Rendered-As
X-Is-Bot
X-NWS-UUID-VERIFY
X-Microcachable
X-Content-Age
X-Backend-Host
X-Azure-Ref
X-Forwarded-Host
X-AIR-PT
X-Cache-Grace
S-Cnection
X-TT-LOGID
X-SRV
X-Qloud-Router
X-Dc
X-Platform
X-Via-CDN
X-CCM
X-Revision
Amp-Access-Control-Allow-Source-Origin
X-Node-Name
X-Aspnetmvc-Version
Akamai-GRN
X-Trace-Id
Cache-Hits
X-App-Version
X-Correlation-ID
X-CSRF-Token
ServedBy
X-Cache-PHP
X-Cache-NGX
X-Varnish-Hostname
X-EdgeConnect-Cache-Status
X-ATG-Version
X-RCS-CacheZone
X-Debug-Cache
X-Cache-Host
X-Detected-As
X-Amzn-RequestId
X-Amzn-Remapped-Content-Length
X-Amz-Apigw-Id
X-CS
DB-Nickname
X-Ratelimit-Remaining
X-B3-SpanId
X-Nc
Who
X-Akamai-Transformed
Country-Code
X-CACHE-KEY
X-FTR-Backend-Server
X-Oss-Storage-Class
X-FTR-Cache-Status
X-ID
X-FTR-DC
X-Oss-Object-Type
X-FTR-Realm
X-Oss-Server-Time
X-Oss-Hash-Crc64ecma
X-Country-Code-Real
X-Oss-Request-Id
X-FTR-Backend
X-FTR-Balancer
X-Adobe-Source
SD-X-WS
X-RateLimit-Limit
X-BCube-Filmed-By
HostName
X-TX-ID
X-Ms-Version
X-Varnish-Beresp-Grace
Filterid
X-Time-Microsecs
X-Ms-Request-Id
X-Varnish-Cache-Hits
X-Location
Rendered-Blocks
X-Level-Front-Cache
T-Server
Mobile-Detection-Method
Odigeo-Trace-Id
Meta-Geo-Continent
X-External-Request-Id
Machine
X-Application
X-ARC
Fastcgi-X-Cache-Version
Expiry
X-Aed
X-A-Wwc
X-A-Ccd
X-A
X-A-Dam
X-A-Dcw
X-A-Dgt
X-B-Cookie
DCR-Processing-Time-Ms
X-Destination
X-D
MD5-Digest
X-From
X-Generated-On
BehaviorPad-Version
X-Connection-Hash
DCR-Decision-By
X-Cache-NE
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Generation-Time
X-NAPM-TraceId
X-Request-UUID
X-Rewrite-Enabled
X-Rojux
X-Vdms-Path
X-Vtex-Processado-Em
X-PBS-Appsvrname
X-Processor
X-S
X-VG-WebServer
X-Session-Fingerprint
X-SRCache-Key
X-Magnolia-Registration
X-ScT
X-VG-WebCache
X-Vdms-Version
X-S-Cookie
X-PAYTM-SRV-ID
X-Vtex-Remote-Cache
X-Origin-CC
X-Owner
X-Trv-Group
X-Origin-TTL
X-ServerID
Backend
X-Varnish-Beresp-Ttl
X-Unique-Id
X-Backend-TTL
Host-ID
X-Bip
Wxu-Next-Commit
X-Tumblr-Pixel-3
Fastly-Backend-Name
Wxu-Next-Hostname
X-Unique-ID
Content-Disposition
X-Cache-Bucket
Cf-Device-Type
Wxu-Next-Region
X-Swa-Ws
X-Varnish-Beresp-Status
Arc-Version
X-Core-Value
X-Thanos
X-Thinkindot-L3
CacheControlHeader
X-Cms-Context
X-EC-Lua
X-FC-Vary-Parameters
X-Device-Os
Cache-Host
X-Developers
X-TrackingId
AKAMAI
Gh-Request-Id
X-Azure-Ref-OriginShield
X-Generated-In
X-Is-Gdpr
X-Policy
On-Server
Thinkindot-CacheControl
Thinkindot-Control
Thinkindot-CacheControl-Type
X-JWT-State
Pagetype
X-OVcl-Cache
X-OVcl
Ssr
PB-PID
Path
PB-RID
X-B3-Traceid
X-Amz-Meta-S3cmd-Attrs
Release
UCS
X-Fetched-On
V-Age
Magicmarker
X-Geo-Header
Server-Host
X-Has-Esi
X-Reqid
X-GeoIP-City
X-GEO
X-DynaTrace-JS-Agent
X-APP-VERSION
X-FTR-Expires
Server-Ext
Sever-Int
Server-Hostname
X-Variation
X-Varnish-Hits
X-VarnishDD-TTL
X-VServer
X-VG-TLSProxy
X-Backend-State
True-Client-Country-4JS
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
Xc-Version
Vix-Hermes-Req-Id
X-Varnish-CookieHashed-On
X-Developer
X-IP
X-Rebelmouse-Cache-Control
X-Ratelimit-Reset
X-Irp-Debug
X-HS-Content-Campaign-Id
X-HN
X-GeoIP
X-GoCache-CacheStatus
X-Request-URI
X-Rebelmouse-Surrogate-Control
X-Platform-Server
X-Li-Fabric
X-Mvc-Supplant-Cachable
X-Nginx-Cache-Key
X-Origin
X-Node-Id
X-Micro-Cache
X-Method
X-Li-Pop
X-LI-UUID
X-Origin-Expires
X-Scheme
X-SIPLIST1
X-Clientip
X-Csrf-Jwt
X-DefElseHash
X-DefHash
X-CGP
X-Cache-Tags
X-User
X-Branch-Name
X-Cache-Debug
X-NU-AKA-ACS-Version
X-Dispatcher-Server
X-SVT-ORM-RULES
X-Fastly-Backend
X-Fastly-Cache
X-Skip-Cache
X-Eu-Site
X-SVT-ORM-VERSION
X-DPWN-IS-SECURE
X-Envoy-Decorator-Operation
X-Epic-Correlation-Id
X-Var-Ttl
X-Cache-Info
CDN-Cache
HA-Ipaddr
Ha-Gx-Prefs
Is-Eu
IsBot
L5d-Success-Class
L
X-Air-Hostname
CDN-CachedAt
DSUID
Esi-Enabled
CDN-RequestCountryCode
CDN-PullZone
Fastly-SIE
CDN-EdgeStorageId
Fastly-SWR
C-Via
CDCHOST
PFcat
Location
Origin
Adler-Geo
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Platform
NM-Fastcgi-Cache
NGX
CDN-RequestId
Cf-Bgj
Locid
CDN-Uid
Apple-News-Services-Handled
Apple-News-Services-Request-Url
X-NewRelic-App-Data
X-Sucuri-ID
X-Tb
User-Cache-Control
X-LB-ID
X-Cache-Id
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Gen-Mode
X-Gamma-Serve
X-Fmm-Version
X-Esi-Check
X-Generated-By
X-Loc
X-Hash
X-Gzip
X-Clara-WADP
X-Hnp-Log
Tracecode
X-Aicache-OS
Rt-Fastcgi-Cache
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-WADP-Cache
Web-Mar-Node
Fastly-Drupal-HTML
X-Request-Host
X-Origin-Response-Time
X-Old-Content-Length
X-Block-Status
X-Cdn-Forward
X-Planisys-CDN-Cache
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
NGB
X-Varnish-Url
X-Slack-Backend
Req-Svc-Chain
X-Servername
Cmstype
X-Cache-Var
Cmsid
X-Via-Popv
X-Via-Poph
X-Mvc-Supplant-OutputCached
X-Via-Popn
X-Cache-Var-Map
Instruction
SR-User-Adfree
Pics-Label
Kp-EeAlive
Url
X-CUA
X-Refresh
Svr
X-PF-Uncompressing
X-Served-From
X-Matched-Rule
Lfy
A
X-Vgn-Hpd-Reason
X-Cache-Expires
CloudFront-Viewer-Country
X-Webkit-CSP-Report-Only
X-Cdn-Origin
X-Sn-Servicetimems
M-TraceId
Viewtype
X-Esi
Geo-Info
VivaBuild
Sid
X-Edge-Location-Klb
X-Instrumentation
X-Kraken-Loop-Name
X-Kraken-Routeconfig-Destination
X-Server-Lifecycle-Phase
X-TraceId
X-Cache-Backend
X-NCache
Cross-Origin-Opener-Policy
MIME-Version
Pramga
Cache-Key
Arc-Country
SID
X-JoinUs
X-NGENIX-Cache
X-PHP-Backend
X-SaId
TDXMobile
X-DC
X-Srv
X-Cache-Date
X-Tb-Optimization-Total-Bytes-Saved
X-Core-Mission
X-Edge-Location
Server-ID
X-Servedbyhost
X-CLOUD-TRACE-CONTEXT
X-Request-Start
DataCenter
X-CDN-Forward
X-Vc
X-Wa
Content-Secure-Policy
X-Service
X-NC
X-Extlb
NtCoent-Length
Tcn
Source
X-FireWall-Protection
X-Error
X-Internal-Host
GeoIp-Country-Code
X-Bc-Bl
Geoip-Latitude
X-LI-Proto
FSS-Cache
X-HS-Status
X-B3-Spanid
X-Varnish-Cacheable
X-Vcl-Version
X-Forwarded-Site
X-Air-Source
X-Response-By
X-Geo
X-VHOST
CACHE
Surrogated-Key
X-Via-NSCOPI
Memcached
LB
X-Proxy-Upstream
Xkeyi7
X-Req
X-PJAX-URL
X-Proxy-Cachei7
X-LiteSpeed-Cache-Control
X-Newrelic-Synthetics
X-HOST
GeoIP-Country-Code
X-VCL-Version
Hostname
XServer
X-VC-Cache
N-Cache
Server-Ttl
X-CCDN-CacheTTL
Resin-Trace
X-Date
Mail-Subject
X-BBXSRF
X-Accel-Expires-Debug
X-Li-Proto
Request-ID
X-Hcs-Proxy-Type
We-Hiring
HitType
GeoIP-Latitude
X-CCDN-Origin-Time
Upgrade-Insecure-Requests
X-Viewer-Country
X-RateLimit-Remaining-Second
Env
X-Rocket-Build-Number
X-Sigma-Backend
X-Sigma
X-RateLimit-Limit-Second
X-TIM-N
X-DSS
X-DI
X-DW
X-RPS
X-App
X-RSL
X-DB
X-RPM
X-RAMCache
X-Cache-2
X-FORWARDED-FOR
X-Cs
Memory
Time
S-Rt
X-Cache-ASPX
X-Varnish-Authentication
CF-Cached-On
X-Svr
X-MSEdge-Features
X-MSEdge-Flight
X-Contensis-Viewer-Groups
X-Zone
X-Cc-Via
X-APP
X-Men
X-Cc-Req-Id
X-WA
D-Cc-Upstream
X-ZONE
ProcessTime
X-Air-Trace-Id
X-ServedByHost
X-Action
X-UA
Cteonnt-Length
X-TIME
X-Cache-Remote
X-HostName
X-API-Version
X-Oss-Cdn-Auth
VNS-Cache
VNS-Age
X-Server-IP
Server-Id
X-Region-Sid
X-Origin-Time
X-FPC
CPC-Age
CPC-Cache
X-Cache-Config
X-Fpc
X-Gdpr
X-Nyt-Route
X-Provided-By
X-Swift-Error
X-Sucuri-Cache
Ohc-File-Size
X-CSRF-TOKEN
Cross-Origin-Window-Policy
X-Dynatrace-Js-Agent
Mime-Version
X-Depends-On
X-CF-Powered-By
W
X-Mg-Request-UUID
X-VC
Fastcgi-Cache-TTL
My-App
State
Cache-Provider
X-Akamai-Pragma-Client-IP
Srv
X-Cdn-Request-ID
X-Erf-Stays-Bingo-Pdp-Web
X-Check-Cacheable
CDN
X-Dw-Trace-Id
X-URL
X-UnsetCookies
X-BACKEND-TTL
X-SN
X-NodeID
X-Ftr-Cache-Host
X-Minions-Version
Ohc-Cache-HIT
X-Host-Name
X-ServerName
X-Xrds-Location
Cf-Ipcountry
X-Client-Ip
Cdn
X-Flog
X-ABtesting
X-Hello
X-Pf-Uncompressing
Proxy-Connection
X-Parent-Response-Time
X-Fastly-Request-Id
X-Webstats-RespID
X-SB
X-SD-PageType
X-Cache-Type
X-Oracle-DMS-ECID
X-Pad
X-Fastly-Backend-Reqs
X-BBC-Edge-Cache-Status
X-Snapshot-Date
X-NGINX-Cache
OT-Force-Account-Verify
Vha6-Origin
Media-Length
X-Presslabs-Stats
Dnion-Transfer-Encoding
X-Air-Pt
X-Orig-Expires
X-Shop-Environment
X-Render-Time
X-Forwarded-Path
X-ND-Cache
X-Cluster-Node
X-Via-PopV
X-LiteSpeed-Tag
X-Via-PopN
X-Via-PopH
X-Tenant
Epwk-X-Cache
PICS-Label
X-ElasticPress-Search
EpKe-Alive
X-Cache-Tag
X-Acquia-Purge-Tags
Warning
X-Acquia-Site
X-Akamai-ERRuleID
X-Varnish-URL
X-Ms-Meta-Staticbatchstarttime
X-Acquia-Application-Trace
X-Traceid
X-Acquia-Application-UUID
X-Ms-Meta-Originalurl
X-Akamai-ERPolicy
Xet-Cookie
X-Vcache
X-BBC-Origin-Response-Status
X-Request-URL
X-Varnish-Beresp-TTL
WZWS-RAY
X-Lb-Id
X-MiniProfiler-Ids
X-Tx-Id
CountryCode
Datacenter
X-Ua
X-Mg-Request-Id
X-Auto-Login
X-Apw-Access-Object
X-Ftr-Request-Id
X-Apw-Access-Action
X-Apw-Access-Token
X-Apw-Hits
Processtime
X-C
X-Cache-Status-Check
X-Yottaa-OS
Inserted-Into-Cache-At
X-Debug-Cache-Store
NnCoection
X-Worker
X-Debug-Cache-Fetch
X-B3-Parentspanid
Phost
Ohc-Response-Time
Environment
X-ElasticPress-Query
X-Storefront-Renderer-Verified
X-Litespeed-Cache-Control
Content-Script-Type
Content-Style-Type
X-Amz-Meta-Cb-Modifiedtime
X-Tid
X-Redis-Count
X-Redis-Duration-Ms
URI