Threat Level: green Handler on Duty: Renato Marinho

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-RAY
CF-Cache-Status
Accept-Ranges
Link
X-XSS-Protection
Pragma
ETag
Expect-CT
X-Powered-By
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
Alt-Svc
X-UA-Compatible
X-Served-By
X-Timer
X-Request-Id
X-Download-Options
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Xss-Protection
Access-Control-Allow-Credentials
X-Runtime
X-AspNet-Version
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Permitted-Cross-Domain-Policies
X-Check
X-Cache-Status
X-Generator
X-DNS-Prefetch-Control
X-Cacheable
Timing-Allow-Origin
X-FRAME-OPTIONS
X-Content-Security-Policy
X-Ua-Compatible
X-Iinfo
Content-Encoding
X-CDN
X-Request-ID
Feature-Policy
X-AspNetMvc-Version
Status
X-Envoy-Upstream-Service-Time
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
Upgrade
Access-Control-Max-Age
X-Via
Keep-Alive
X-Ws-Request-Id
X-AH-Environment
X-Age
X-Robots-Tag
Request-Context
EagleId
X-Turbo-Charged-By
X-Cache-Group
X-Proxy-Cache
Server-Timing
X-Server
X-Backend
X-Hacker
Host-Header
X-Server-Powered-By
Report-To
X-Amz-Request-Id
X-Nginx-Cache-Status
Grace
X-Amz-Id-2
X-Dns-Prefetch-Control
X-UA-Device
X-Rq
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-LiteSpeed-Cache
X-Page-Speed
Cf-Railgun
X-Pingback
X-OneAgent-JS-Injection
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Device
X-CST
X-Amz-Version-Id
NEL
X-Cache-Spec
Allow
X-Vhost
X-Host
X-Backend-Server
X-WebKit-CSP
X-ASPNET-VERSION
X-Server-Id
X-Dispatcher
Surrogate-Control
EagleEye-TraceId
X-Node
Xkey
Request-Id
X-Response-Time
Content-Location
X-Akam-SW-Version
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Accept-CH
P3p
X-Cache-Lookup
X-Ruxit-JS-Agent
X-Application-Context
X-Country
X-Ac
Accept-CH-Lifetime
X-Mod-Pagespeed
X-Cloud-Trace-Context
X-Readtime
X-Template
X-Language
X-B3-TraceId
MS-Author-Via
X-HW
Rating
Accept-Ch-Lifetime
X-Url
X-Cnection
X-MS-InvokeApp
Accept-Ch
X-Origin-Cache
X-Vname
X-PC
X-TtlSet
Edge-Control
X-Clacks-Overhead
X-GitHub-Request-Id
X-ESI
X-Trace
X-Varnish-TTL
Response
Display
X-Content-Type
X-Sol
X-Middleton-Display
Pagespeed
X-Middleton-Response
Verso
X-D2id
Arr-Disable-Session-Affinity
X-Cdn-Fetch
X-Exp-Id
X-Kinja
X-Kinja-Build
X-Kinja-Revision
X-Kinja-Server
X-Use-Magma
X-GoogleNews-Bot
X-Exp-Variant
X-Powered-By-Plesk
X-Vcap-Request-Id
X-Country-Code
X-Goog-Hash
X-Rack-Cache
X-ORACLE-DMS-RID
X-Webkit-CSP
X-FastCGI-Cache
X-VARITI-CCR
X-ORACLE-DMS-ECID
X-Navigation-Version
X-Abt-Application-Version
X-Server-Name
X-Amz-Rid
Service-Worker-Allowed
X-TTL
X-Fastly-Request-ID
Fastly-Restarts
X-Client-IP
X-Cached
X-Buckets
X-MSEdge-Ref
X-Release
X-Cache-TTL
X-Element-Page-Cache
Cache-Tag
X-Dw-Request-Base-Id
X-NF-Request-ID
MRF-Tech
X-B3-TraceId-Primal
Mrf-Cache-Status
Public-Key-Pins
Access-Control-Request-Method
X-SharePointHealthScore
SPRequestGuid
RTSS
X-Oneagent-Js-Injection
SPRequestDuration
SPIisLatency
AR-PoweredBy
Ar-Sid
AR-Request-ID
AR-CACHE
AR-ATIME
X-Edge
X-Ezoic-Cdn
X-LLID
X-Powered-CMS
X-Pinterest-Rid
Pinterest-Version
Pinterest-Generated-By
X-Upstream
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Version
S
X-HP-Webp
X-Jurisdiction
Content-MD5
X-Recruiting
X-MCACHE
X-Kinsta-Cache
X-ECACHE
X-Mid
Charset
X-Mg-S
X-Ruxit-Js-Agent
X-Ttl
X-DynaTrace
X-PressLabs-Stats
X-Origin-Upstream-Status
X-T
Cache-Tags
X-Content-Digest
X-Accel-Expires
Fusion-Content-Id
Fusion-Template-Id
Fusion-Content-Source
Fusion-Deployment-Id
Fusion-Source
Fusion-Component-Id
X-Forwarded-Proto
X-Litespeed-Cache
X-Px
Fastcgi-Cache
X-Logged-In
X-Content-Security-Policy-Report-Only
Filters
TP-Cache
TP-L2-Cache
Server-Node
TCN
Edge-Cache-Tag
Server-Name
X-Id
X-Amz-Server-Side-Encryption
X-Correlation-Id
Front-End-Https
X-Request-Processing-Time
MicrosoftSharePointTeamServices
X-Request-Received
Nginx-Cache
X-Grace
X-Forwarded-For
X-Shield-Request-Id
X-XRDS-Location
X-B3-Sampled
X-Hits
X-Amzn-Trace-Id
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
Alternate-Protocol
X-Server-ID
X-Request-Handler-Origin-Region
X-Microsite
X-Activity-Id
X-AppVersion
X-Az
X-NWS-LOG-UUID
X-F-Cache
X-Varnish-Age
X-Fastcgi-Cache
X-Amz-Replication-Status
X-HS-Hub-Id
X-HS-Combine-CSS
X-HS-Content-Id
X-HS-Cache-Config
X-Debug
X-Origin-Server
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-Goog-Stored-Content-Encoding
X-Frontend
X-Rid
X-Yandex-Sdch-Disable
Nel
Host
Surrogate-Key
X-Geo-Country
Section-Io-Cache
X-Cache-Age
X-RateLimit-Remaining
X-DIS-Request-ID
X-Daa-Tunnel
Accept-Charset
X-Hostname
X-Ser
Realpath
X-Git-Hash
X-VCache
Access-Control-Allow-Method
X-Mobile-URL
X-Respond-Thread
X-Upgrade-Enabled
MS-CV
X-Seen-By
X-Source
Cleartype
X-XRDS-LOCATION
Paypal-Debug-Id
X-DataDome
X-Type
X-AOL-HN
ServerID
X-LB-Cache
X-Time
Payment
X-Contextid
Healthy
X-TT
X-Cache-Action
X-Varnish-Backend
X-Signature
X-B-Cache
X-Debug-Info
X-IPLB-Instance
X-Content-Options
X-Route-Name
X-Flags
X-Is-Crawler
X-Providence-Cookie
X-Request-Guid
X-Aspnet-Duration-Ms
X-Whom
X-WebKit-CSP-Report-Only
X-Cache-Key
X-Page-Id
X-N
X-Load-Cache
Fastcgi-Useragent
X-App-Environment
X-FB-Debug
Cache
X-Jobs
Node
X-Webkit-Csp
X-Rule
X-Mobile
X-Cache-Expired-At
X-FTR-Request-ID
Refresh
X-Browser-Type
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Response-Served-From
X-Wix-Request-Id
X-FireWall-Port
X-Original-Request-Id
X-Accel-Buffering
Viewport
X-RTag
DC
Ms-Operation-Id
X-Cacheable-TTL
Access-Control-Request-Headers
X-Content-Powered-By
X-Cluster-Name
X-Drupal-Cache-Tags
X-Real-IP
X-Framework
X-Debug-IsPreview
X-Distributor
X-Debug-IsConnected
X-Instance
Referer-Policy
X-Zen-Fury
X-ProcessESI
X-RemovedCookies
X-B
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
Version
X-Region
X-HTML-Minification-Powered-By
Eomportal-Instance
X-UUID
X-Cache-Control
X-Page-View
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-IPS-LoggedIn
X-Proxy
X-Cache-Time
X-Tec-Api-Root
X-Tec-Api-Origin
X-Tec-Api-Version
X-Drupal-Cache-Contexts
Countrycode
X-Www-Served-By
X-Nginx-Cache
X-FW-Type
X-FW-Static
X-FW-Dynamic
X-FW-Server
X-FW-Serve
X-FW-Hash
X-Protected-By
X-App-Server
X-G
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Cached-By
X-Tumblr-User
X-Tumblr-Pixel-1
X-Yottaa-Metrics
X-Yottaa-Optimizations
Liferay-Portal
X-Cache-Operation
X-Cache-Rule
X-Via-JSL
Powered-By-ChinaCache
X-Pinterest-Direct
X-Cache-Hit
X-L-Path
X-Akamai-Edgescape
X-Environment-Context
Section-Io-Origin-Status
Xserver
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
Section-Io-Id
X-Pass-Why
SRV
X-Varnish-Grace
CF-IPCountry
X-Device-Type
GEO-INFO
Server-Info
DynaTrace
X-TA-CDN-Provider
X-TEC-API-ORIGIN
X-Adobe-Loc
X-Varnish-Server
X-Adobe-Content
X-TEC-API-ROOT
X-TEC-API-VERSION
X-User-Agent
Cache-Status
Retry-After
Ec-Rule-Version
X-Mode
Frame-Options
From-Origin
X-Tumblr-Pixel-2
X-UPSTREAM-Address
X-Hl-Ver
X-Handled-By
Meta-Geo
X-RN-RSRV
X-Endurance-Cache-Level
X-ES-SERVER
Webserver
X-Backend-Name
X-FB-TRIP-ID
Cache-Tv-Group
Webcakes-App-Version
X-Access
X-BYPASS-REASON
Webcakes-App-Name
Webcakes-Region
TWC-Locale-Group
Property-Id
Country
TWC-Connection-Speed
TWC-Device-Class
TWC-GeoIP-LatLong
TWC-GeoIP-Country
TWC-Privacy
X-Format
X-Soup
X-Section
X-Storage
X-Uri
Fastly-SSL
X-Varnishpool
X-Request-Time
X-Pubstack
X-OCL
X-MP-GENERATED-AT
X-Origin-Hint
X-PCL
X-ProxyCache-Status
X-ProxyCache-Key
Apigw-Requestid
X-NYM-Debug-Backend
X-S-Maxage
Selected-Fe
X-Via-Fastly
X-Proxy-Build
X-PHP-Host
X-Human
Cache-Name
Decoy-Debug-Key
X-Timing-Wait
X-Proxy-Cache-Status
Decoy-Debug-Status
Decoy-Debug-TTL
X-ApacheServer
X-R9-Blue-Green-Version
X-WA-Info
X-Labrador-Cache-Channel
X-Info
X-PERF
X-Cache-Server
X-Be
X-LJ-Flow-ID
X-No-Session
Azure-InstanceId
X-Proxied
X-Proto
X-UA-Device-Type
X-GG-Cache-Date
Azure-SiteName
Azure-Version
Protected
X-Server-W
X-Origin-Date
Mn-Server-Ip
X-AWS-Id
X-Routing-Service
X-Cache-TTL-Remaining
Azure-SlotName
Azure-RegionName
X-Sql-Count
Uber-Trace-Id
X-Say-Cacheable
X-SayCDN-TTL
X-LAGOON
X-Sql-Duration-Ms
X-TNCMS
X-Loop
X-VWS-Id
X-Xfnlog-Site
X-Say-TTL
X-Zipkin-Id
X-Web-Node
X-Alternate-Cache-Key
X-ShardId
X-ShopId
X-Storefront-Renderer-Rendered
X-Hyper-Cache
X-Hosted-By
X-Status
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-Shopify-Stage
X-Redis-Cache
X-Locale
X-Cache-Enabled
X-NWS-UUID-VERIFY
X-Content-Age
X-Is-Bot
X-Microcachable
X-FW-Version
X-SRV
X-Site-Version
X-Rendered-As
X-Ratelimit-Limit
X-Cluster
Amp-Access-Control-Allow-Source-Origin
X-Backend-Host
X-Azure-Ref
S-Cnection
X-Forwarded-Host
X-Cache-Grace
X-AIR-PT
X-TT-LOGID
AMP-Access-Control-Allow-Source-Origin
X-Qloud-Router
X-Platform
X-App-Version
X-Varnish-Ttl
Akamai-GRN
X-Trace-Id
ServedBy
X-Via-CDN
X-Aspnetmvc-Version
X-Revision
X-EdgeConnect-Cache-Status
X-Cache-PHP
X-Cache-NGX
X-ATG-Version
X-Dc
X-CSRF-Token
Cache-Hits
X-Varnish-Hostname
X-CCM
X-Debug-Cache
X-RCS-CacheZone
X-Node-Name
X-RateLimit-Limit
Who
Country-Code
X-Akamai-Transformed
X-Detected-As
DB-Nickname
X-Cache-Host
X-Amz-Apigw-Id
X-Amzn-Remapped-Content-Length
X-Amzn-RequestId
X-B3-SpanId
X-CS
Filterid
X-Adobe-Source
X-CACHE-KEY
X-ID
X-BCube-Filmed-By
X-TX-ID
X-Nc
X-Oss-Storage-Class
SD-X-WS
X-Varnish-Beresp-Grace
X-Oss-Server-Time
X-Correlation-ID
X-Oss-Request-Id
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-Ms-Version
X-Ms-Request-Id
X-Varnish-Beresp-Ttl
Expiry
DCR-Processing-Time-Ms
Fastcgi-X-Cache-Version
X-A-Dam
X-A
X-A-Ccd
X-Vdms-Path
DCR-Decision-By
X-A-Dcw
X-Application
X-PBS-Appsvrname
X-PAYTM-SRV-ID
X-Aed
BehaviorPad-Version
X-Country-Code-Real
X-A-Wwc
Backend
X-Processor
Machine
X-S
Rendered-Blocks
X-D
X-CF-Lambda-Fn
X-S-Cookie
X-CF-Lambda-Version
Mobile-Detection-Method
Odigeo-Trace-Id
X-Connection-Hash
X-VG-WebCache
X-Rewrite-Enabled
X-Request-UUID
X-Destination
X-Varnish-Cache-Hits
X-Rojux
MD5-Digest
X-Owner
T-Server
Meta-Geo-Continent
X-A-Dgt
X-External-Request-Id
X-Generation-Time
X-Cache-NE
X-ScT
X-Time-Microsecs
X-FTR-Realm
X-Generated-On
X-FTR-Backend
X-FTR-DC
X-FTR-Cache-Status
X-SRCache-Key
X-From
X-Trv-Group
X-Vtex-Remote-Cache
X-FTR-Backend-Server
X-ARC
X-Origin-TTL
X-Session-Fingerprint
X-FTR-Balancer
X-Vdms-Version
X-VG-WebServer
X-B-Cookie
X-NAPM-TraceId
X-Origin-CC
X-GEO
X-Level-Front-Cache
X-Vtex-Processado-Em
X-Location
X-Varnish-Beresp-Status
X-Magnolia-Registration
X-Ratelimit-Remaining
X-Unique-Id
HostName
X-Tumblr-Pixel-3
Magicmarker
X-Developers
X-Thanos
Cf-Device-Type
Content-Disposition
Cache-Host
Fastly-Backend-Name
Arc-Version
X-Cache-Bucket
X-Thinkindot-L3
Host-ID
Gh-Request-Id
X-Cms-Context
X-Bip
X-Device-Os
Ssr
X-GeoIP-City
Wxu-Next-Region
Wxu-Next-Hostname
X-Geo-Header
Wxu-Next-Commit
X-Has-Esi
X-Azure-Ref-OriginShield
X-OVcl
X-OVcl-Cache
X-Policy
X-JWT-State
X-Is-Gdpr
Thinkindot-Control
X-Generated-In
Server-Host
X-Core-Value
Release
PB-RID
PB-PID
X-ServerID
AKAMAI
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
X-Fetched-On
X-FC-Vary-Parameters
Path
V-Age
X-B3-Traceid
X-Backend-TTL
X-EC-Lua
X-Unique-ID
X-APP-VERSION
Platform
X-Skip-Cache
X-SVT-ORM-RULES
X-SIPLIST1
X-Request-URI
Server-Hostname
Server-Ext
X-Scheme
X-DynaTrace-JS-Agent
X-SVT-ORM-VERSION
Pagetype
NGX
X-Variation
X-Varnish-CookieHashed-On
X-Varnish-CookieINHashed-On
X-User
X-TrackingId
X-Reqid
Origin
On-Server
PFcat
Sever-Int
X-LI-UUID
X-Method
X-Micro-Cache
X-Mvc-Supplant-Cachable
X-Li-Pop
X-Li-Fabric
X-HN
X-HS-Content-Campaign-Id
NGB
X-GoCache-CacheStatus
Vix-Hermes-Req-Id
X-Nginx-Cache-Key
X-Platform-Server
X-Ratelimit-Reset
X-Rebelmouse-Cache-Control
X-Varnish-Remaining-TTL
X-Origin-Expires
X-Origin
X-Node-Id
UCS
True-Client-Country-4JS
X-NU-AKA-ACS-Version
X-Rebelmouse-Surrogate-Control
X-Varnish-Hits
CDN-RequestId
CDN-RequestCountryCode
CDN-PullZone
CDN-EdgeStorageId
CDN-Uid
Cf-Bgj
X-Irp-Debug
X-Developer
X-DefHash
X-DefElseHash
CDN-CachedAt
CDN-Cache
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Apple-News-Services-Handled
Adler-Geo
Apple-News-Services-Request-Url
X-Clientip
CDCHOST
CacheControlHeader
C-Via
DSUID
X-Cache-Info
L
IsBot
Is-Eu
X-Fastly-Cache
X-VServer
X-VG-TLSProxy
X-VarnishDD-TTL
Locid
Location
X-IP
X-Fastly-Backend
X-Epic-Correlation-Id
X-Cache-Debug
X-Backend-State
Fastly-SIE
X-DPWN-IS-SECURE
X-Envoy-Decorator-Operation
Fastly-SWR
X-NewRelic-App-Data
User-Cache-Control
X-Gzip
X-Clara-WADP
X-Gamma-Serve
X-Dispatcher-Server
X-Fmm-Version
X-Eu-Site
X-Csrf-Jwt
X-Esi-Check
X-GeoIP
X-Tb
X-Var-Ttl
X-Request-Host
X-Origin-Response-Time
X-Old-Content-Length
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-Hnp-Log
X-Generated-By
X-WADP-Cache
X-CGP
X-Swa-Ws
X-Loc
Xc-Version
Esi-Enabled
X-Gen-Mode
X-Block-Status
Web-Mar-Node
X-LB-ID
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Cache-Id
L5d-Success-Class
X-Aicache-OS
X-Branch-Name
Rt-Fastcgi-Cache
X-Sucuri-ID
NM-Fastcgi-Cache
Fastly-Drupal-HTML
X-Cache-Tags
Ha-Gx-Prefs
HA-Ipaddr
X-Amz-Meta-S3cmd-Attrs
X-FTR-Expires
X-Air-Hostname
X-Hash
Cmstype
X-Slack-Backend
X-Varnish-Url
Cmsid
X-Edge-Location-Klb
Req-Svc-Chain
X-Kraken-Routeconfig-Destination
X-Servername
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
X-Instrumentation
X-Served-From
Svr
X-Mvc-Supplant-OutputCached
Pics-Label
X-Via-Popn
Tracecode
X-Cdn-Forward
X-Via-Poph
X-Via-Popv
A
X-Refresh
X-PF-Uncompressing
Instruction
Kp-EeAlive
X-Vgn-Hpd-Reason
SR-User-Adfree
X-Cache-Var
X-Cache-Var-Map
M-TraceId
Url
Viewtype
VivaBuild
X-CUA
X-NGENIX-Cache
X-Matched-Rule
SID
X-DC
X-JoinUs
Cache-Key
Lfy
Cross-Origin-Opener-Policy
Arc-Country
X-SaId
X-Esi
X-Edge-Location
X-PHP-Backend
TDXMobile
X-Tb-Optimization-Total-Bytes-Saved
MIME-Version
X-Sn-Servicetimems
CloudFront-Viewer-Country
X-Cache-Expires
X-Cdn-Origin
X-TraceId
Sid
X-CDN-Forward
Pramga
X-Cache-Backend
X-NCache
X-NC
Geo-Info
X-Webkit-CSP-Report-Only
Server-ID
Content-Secure-Policy
X-Core-Mission
X-Vc
X-Service
DataCenter
X-Extlb
X-CLOUD-TRACE-CONTEXT
X-Servedbyhost
X-Cache-Date
NtCoent-Length
X-Request-Start
X-Internal-Host
X-Wa
X-Srv
X-Bc-Bl
Tcn
Source
X-Error
X-B3-Spanid
GeoIp-Country-Code
X-FireWall-Protection
Geoip-Latitude
FSS-Cache
X-Forwarded-Site
X-LI-Proto
X-HS-Status
X-Via-NSCOPI
X-Varnish-Cacheable
X-Req
LB
Surrogated-Key
X-Proxy-Upstream
X-Newrelic-Synthetics
Hostname
CACHE
X-VHOST
X-Air-Source
X-Vcl-Version
Resin-Trace
X-VCL-Version
X-Response-By
X-PJAX-URL
Memcached
X-Date
X-VC-Cache
X-Accel-Expires-Debug
X-HOST
X-Geo
Xkeyi7
X-RateLimit-Remaining-Second
X-CCDN-CacheTTL
X-App
X-RateLimit-Limit-Second
XServer
Request-ID
X-Viewer-Country
Mail-Subject
X-Li-Proto
X-CCDN-Origin-Time
Server-Ttl
X-Hcs-Proxy-Type
We-Hiring
X-Proxy-Cachei7
Env
X-LiteSpeed-Cache-Control
Upgrade-Insecure-Requests
HitType
GeoIP-Latitude
X-BBXSRF
X-DW
X-TIM-N
X-RPM
X-Rocket-Build-Number
X-Sigma-Backend
X-Sigma
X-RPS
CF-Cached-On
X-Men
X-RSL
N-Cache
X-DI
X-DSS
X-MSEdge-Features
X-MSEdge-Flight
X-DB
GeoIP-Country-Code
X-FORWARDED-FOR
X-ZONE
Time
X-RAMCache
Memory
X-Cs
X-Cache-2
X-APP
X-WA
X-Zone
CPC-Age
X-Svr
X-Cache-ASPX
X-ServedByHost
X-Cc-Via
X-Cc-Req-Id
X-Air-Trace-Id
X-Action
X-Mg-Request-UUID
X-Varnish-Authentication
VNS-Cache
CPC-Cache
VNS-Age
ProcessTime
S-Rt
X-Contensis-Viewer-Groups
X-UA
D-Cc-Upstream
X-TIME
X-HostName
My-App
X-Region-Sid
X-Oss-Cdn-Auth
Fastcgi-Cache-TTL
Server-Id
State
X-FPC
X-Swift-Error
X-CSRF-TOKEN
X-Dynatrace-Js-Agent
X-Provided-By
Mime-Version
W
Cache-Provider
X-Minions-Version
X-Depends-On
X-Server-IP
X-Cache-Config
X-Origin-Time
X-CF-Powered-By
X-Fpc
X-Gdpr
X-Nyt-Route
X-API-Version
X-Cdn-Request-ID
Srv
Cteonnt-Length
X-Cache-Remote
CDN
X-Cache-Type
X-Sucuri-Cache
X-UnsetCookies
Ohc-File-Size
X-BACKEND-TTL
X-URL
X-Dw-Trace-Id
Cross-Origin-Window-Policy
X-Cache-Ttl
X-Erf-Stays-Bingo-Pdp-Web
X-Akamai-Pragma-Client-IP
X-Xrds-Location
X-ServerName
X-Client-Ip
X-Hello
X-NodeID
X-Flog
X-ABtesting
X-SN
X-Pf-Uncompressing
Proxy-Connection
X-Check-Cacheable
Cdn
OT-Force-Account-Verify
X-Parent-Response-Time
X-Fastly-Request-Id
X-VC
Ohc-Cache-HIT
X-Ftr-Cache-Host
X-Tenant
X-Shop-Environment
Media-Length
Vha6-Origin
X-NGINX-Cache
X-Orig-Expires
X-Snapshot-Date
X-SD-PageType
X-ND-Cache
X-Pad
X-Webstats-RespID
X-SB
X-Presslabs-Stats
Dnion-Transfer-Encoding
Cf-Ipcountry
X-Oracle-DMS-ECID
X-Forwarded-Path
X-Fastly-Backend-Reqs
X-Host-Name
X-BBC-Edge-Cache-Status
X-Via-PopV
X-Traceid
X-LiteSpeed-Tag
X-Air-Pt
X-ElasticPress-Search
X-Via-PopN
X-Via-PopH
PICS-Label
WZWS-RAY
Epwk-X-Cache
Datacenter
X-BBC-Origin-Response-Status
X-Ftr-Request-Id
Warning
X-Acquia-Purge-Tags
X-Varnish-URL
X-Acquia-Application-Trace
X-Acquia-Application-UUID
X-Acquia-Site
X-Vcache
X-Ms-Meta-Originalurl
X-Ms-Meta-Staticbatchstarttime
X-Request-URL
X-Lb-Id
Xet-Cookie
X-Cache-Tag
X-MiniProfiler-Ids
EpKe-Alive
X-Render-Time
X-Varnish-Beresp-TTL
X-Cluster-Node
X-Akamai-ERRuleID
X-Akamai-ERPolicy
CountryCode
X-Tx-Id
X-Debug-Cache-Store
NnCoection
X-Redis-Count
X-Tid
Environment
URI
X-Pjax-Url
X-Conf
X-C
X-Yottaa-OS
X-Mg-Request-Id
X-Redis-Duration-Ms
X-Apw-Hits
Content-Script-Type
Content-Style-Type
X-Amz-Meta-Cb-Modifiedtime
Phost
X-Litespeed-Cache-Control
Inserted-Into-Cache-At
X-Debug-Cache-Fetch
Ohc-Response-Time
X-Cache-Status-Check
X-Apw-Access-Token
X-Apw-Access-Object
X-Apw-Access-Action
X-B3-Parentspanid