Threat Level: green Handler on Duty: Rick Wanner

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
Last-Modified
Accept-Ranges
Pragma
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
X-XSS-Protection
Expect-CT
Via
X-Cache
Age
Access-Control-Allow-Origin
Content-Security-Policy
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Served-By
X-Amz-Cf-Id
X-Varnish
Referrer-Policy
X-Timer
CF-Cache-Status
X-FRAME-OPTIONS
X-Request-Id
Access-Control-Allow-Headers
X-AspNet-Version
Access-Control-Allow-Methods
X-Xss-Protection
X-Runtime
X-Download-Options
Access-Control-Allow-Credentials
X-Drupal-Cache
X-Cacheable
Alt-Svc
X-Generator
Content-Security-Policy-Report-Only
X-Request-ID
X-Check
X-AspNetMvc-Version
Status
X-Cache-Status
X-Adblock-Key
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Iinfo
X-Permitted-Cross-Domain-Policies
X-Template
Content-Encoding
X-Language
X-Content-Security-Policy
X-Turbo-Charged-By
X-CDN
X-Type
Keep-Alive
X-Buckets
Xkey
X-AH-Environment
X-Backend
X-Cache-Group
WPE-Backend
Access-Control-Max-Age
X-Pass-Why
X-Age
CF-Ray
X-POWERED-BY
X-Server
Upgrade
EagleId
Access-Control-Expose-Headers
X-Via
X-Nginx-Cache-Status
X-Server-Powered-By
X-Pingback
X-Drupal-Dynamic-Cache
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Grace
X-Hacker
X-Amz-Id-2
X-Amz-Request-Id
X-UA-Device
Ali-Swift-Global-Savetime
X-Robots-Tag
P3p
Cf-Railgun
X-LiteSpeed-Cache
X-Proxy-Cache
X-Envoy-Upstream-Service-Time
X-Ua-Compatible
X-Page-Speed
Request-Context
Content-Location
X-Device
X-Ac
X-Node
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Cnection
X-Host
X-Server-Id
X-Cache-Lookup
X-Amz-Version-Id
Surrogate-Control
X-WebKit-CSP
X-Backend-Server
X-Rack-Cache
X-Rq
X-Response-Time
X-Readtime
X-Application-Context
X-CST
EagleEye-TraceId
Server-Timing
X-Url
Pinterest-Generated-By
X-Cloud-Trace-Context
X-Instart-Request-ID
Request-Id
X-OneAgent-JS-Injection
X-Dns-Prefetch-Control
Report-To
X-TTL
X-Px
X-Country
X-ORACLE-DMS-ECID
X-Clacks-Overhead
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Feature-Policy
Edge-Control
Rating
X-Country-Code
Allow
X-DynaTrace-JS-Agent
X-DataDome
Charset
X-ESI
X-Server-Name
X-FTR-Request-ID
X-Powered-CMS
X-TtlSet
X-PC
X-Vname
X-Origin-Cache
X-DynaTrace
NEL
X-MS-InvokeApp
X-Goog-Hash
X-Recruiting
X-Varnish-TTL
X-Cached
X-ORACLE-DMS-RID
X-Vhost
X-VARITI-CCR
X-GitHub-Request-Id
Content-MD5
X-Version
RTSS
X-F-Cache
X-Exp-Id
X-Geo-Segment
X-Exp-Variant
X-Kinja
X-Kinja-Server
X-Kinja-Revision
X-Kinja-Build
X-GoogleNews-Bot
X-Cdn-Fetch
X-Powered-By-Plesk
Public-Key-Pins
PB-RID
Accept-CH
PB-PID
X-Mobile-Rewrite
Arc-Version
X-Upstream-Env
Pinterest-Version
X-Pinterest-Rid
X-Mod-Pagespeed
X-D2id
SPRequestGuid
X-CF-Powered-By
Verso
X-Client-IP
X-Abt-Application-Version
MS-Author-Via
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-N
X-Dispatcher
X-SharePointHealthScore
AR-PoweredBy
AR-ATIME
X-Amz-Rid
AR-CACHE
X-Navigation-Version
Accept-CH-Lifetime
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
Nginx-Cache
Permitted-Cross-Domain-Policies
X-Do-Not-Hack
DynaTrace
X-T
X-HeyJason
X-Dw-Request-Base-Id
X-Trace
Paypal-Debug-Id
X-Fastly-Request-ID
X-Upstream
X-Grace
X-Hits
X-Varnish-Age
Arr-Disable-Session-Affinity
TCN
X-Forwarded-Proto
X-Amz-Meta-S3cmd-Attrs
X-DIS-Request-ID
X-Id
X-Origin-Upstream-Status
X-Shield-Request-Id
X-Pad
SPIisLatency
SPRequestDuration
X-FastCGI-Cache
X-Content-Options
AR-SID
X-Cache-Hit
Realpath
X-Content-Digest
X-Logged-In
X-IPLB-Instance
Access-Control-Request-Method
X-Kinsta-Cache
X-Ruxit-JS-Agent
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
Mrf-Cache-Status
X-NF-Request-ID
MRF-Tech
X-Acc-Meta-Resource-Type
X-B
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-SS-Set-Cookie
X-HW
X-Vcap-Request-Id
X-Debug
S
X-XRDS-Location
X-MSEdge-Ref
X-Ser
Service-Worker-Allowed
Server-Name
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-Cache-Status
X-NewRelic-App-Data
X-FTR-Realm
X-PressLabs-Stats
X-FTR-Backend
X-FTR-DC
X-Country-Code-Real
X-Frontend
X-Wix-Server-Artifact-Id
X-Server-ID
Tracecode
X-Cache-Key
X-FTR-Expires
X-Oneagent-Js-Injection
AMP-Access-Control-Allow-Source-Origin
Rt-Fastcgi-Cache
Fastcgi-Cache
Alternate-Protocol
Eomportal-Instance
X-Forwarded-For
Surrogate-Key
Cleartype
X-Cache-Rule
Cache-Status
X-GUploader-UploadID
X-Srv
X-NWS-LOG-UUID
X-HS-Content-Id
X-Analytics
Backend-Timing
X-HS-Hub-Id
X-Ttl
X-VCache
Host
X-User-Agent
X-Oracle-Dms-Rid
TP-Cache
TP-L2-Cache
FilterID
Fastly-Restarts
X-Revision
X-Rid
X-Whom
X-Debug-Info
X-FTR-Cache-Host
Public-Key-Pins-Report-Only
X-AOL-HN
X-Akam-SW-Version
X-RateLimit-Remaining
X-Cache-2
ServerID
X-Via-JSL
X-Varnish-Backend
X-XRDS-LOCATION
X-Content-Powered-By
X-Webkit-CSP
X-Accel-Buffering
X-Cdn
X-Request-Processing-Time
X-Request-Received
X-Kinja-Server-Push
Accept-Charset
Front-End-Https
X-Mobile
X-Zen-Fury
Viewport
X-WPE-Loopback-Upstream-Addr
X-Cached-By
X-Node-Name
X-TA-CDN-Provider
Liferay-Portal
X-App-Environment
X-LB-Cache
X-Page-Id
X-Cluster
X-Tumblr-Pixel
Host-Header
X-B3-Traceid
X-Correlation-Id
X-Tumblr-User
X-Cache-Control
X-Varnish-Hostname
X-Tumblr-Pixel-0
Cache-Tag
X-Framework
X-Akamai-Edgescape
X-Device-Type
X-Magnolia-Registration
X-Handled-By
X-Request-Guid
X-TT
X-FB-Debug
X-Hostname
Upgrade-Insecure-Requests
X-BCube-Filmed-By
X-B3-Sampled
X-B-Cache
X-Signature
X-Content-Security-Policy-Report-Only
X-Platform-Server
DC
X-Instance
X-Cache-Server
X-Origin-Server
Server-Node
X-TT-TIMESTAMP
MicrosoftSharePointTeamServices
Retry-After
Source
X-Amzn-Trace-Id
X-Accel-Expires
X-WA-Info
X-Contextid
X-Servedby
HitType
HitInfo
Server-Info
X-Varnish-Server
X-Cache-Operation
X-Middleton-Display
X-Cache-Action
Display
X-Sol
X-APP-VERSION
X-Distil-CS
X-Port
X-Daa-Tunnel
X-Amz-Replication-Status
X-Fastcgi-Cache
AsisCache
Content-Style-Type
Content-Script-Type
X-GeoIP
X-Generated-By
X-Geo-Country
X-Edge-Location
Webserver
X-TX-ID
X-RequestSource
X-S
X-Seen-By
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-Wix-Request-Id
X-Hyper-Cache
GEO-INFO
Actual-Object-TTL
ServedBy
X-Locale
X-WebKit-CSP-Report-Only
X-Status
Healthy
X-FW-Type
X-FW-Static
X-FW-Server
User-Agent
X-FW-Serve
X-Region
X-UUID
X-Jobs
X-Response-Served-From
X-Varnish-Hits
X-FW-Hash
X-Edge-Cache-Key
X-Edge-Cache
X-Adobe-Loc
X-Adobe-Content
X-Drupal-Cache-Tags
X-DataStream-Cache-Status
SRV
S-Cnection
X-Varnish-Grace
X-Yottaa-Optimizations
Filters
X-Yottaa-Metrics
Refresh
X-Esi
X-Amz-Server-Side-Encryption
NGB
IBM-Web2-Location
X-Cache-TTL-Remaining
X-Cache-Age
X-Middleton-Response
Response
X-Proxied
X-CDN-Forward
X-Cache-NE
X-Az
AR-Request-ID
X-Activity-Id
X-AppVersion
X-Content-Type
X-App-Server
X-Newrelic-App-Data
Payment
X-Pc-Appver
X-Pc-Key
X-Ruxit-Js-Agent
X-Pc-Hit
X-ATG-Version
X-Cache-Remote
Datacenter
X-Cacheable-TTL
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
Cache
X-UA
X-Cache-TTL
X-Vg-Webcache
Country
X-Unique-ID
X-HS-Cache-Config
Edge-Cache-Tag
X-Akamai-Transformed
Served-By
X-Mode
X-Rendered-As
X-Varnish-IP
X-RemovedCookies
X-Detected-As
X-Is-Bot
X-RN-RSRV
Load-Balancing
X-ProcessESI
Machine
Meta-Geo
X-PCL
X-Rocket-Nginx-Bypass
X-Sucuri-ID
User-Cache-Control
X-FC-Vary-Parameters
X-Proxy
X-ProxyCache-Key
X-ProxyCache-Status
X-OCL
X-BYPASS-REASON
TWC-Privacy
X-Human
X-Amz-Meta-Surrogate-Control
Webcakes-App-Name
Mn-Server-Ip
TWC-GeoIP-LatLong
TWC-Device-Class
TWC-GeoIP-Country
X-Hosted-By
TWC-Connection-Speed
TWC-Locale-Group
Now
Property-Id
L5d-Success-Class
Access-Control-Allow-Method
X-Origin
X-Cache-Category-Id
X-Cache-Config
DB-Nickname
X-PERF
Cache-Key
X-Origin-Hint
X-Debug-Cache
Backend
Webcakes-App-Version
X-Grey
X-Tb
X-Pubstack
Webcakes-Region
X-ApacheServer
X-ServerID
X-Varnish-Cacheable
Cache-Name
ServerName
X-Original-Request
X-OVcl
X-Cache-Var-Map
X-Cache-Var
X-Access
X-Section
X-OVcl-Cache
X-Rule
Azure-RegionName
Azure-InstanceId
Azure-SiteName
Azure-SlotName
X-TNCMS
Azure-Version
X-Zipkin-Id
X-Backend-Name
X-Correlation-ID
X-Hit
X-Generated
X-JoinUs
X-Loop
X-NodeID
X-Upgrade-Enabled
X-Format
X-Varnish-Cache-Hits
X-CCM
X-BB-IP
X-CDN-Cache
X-Viewer-Country
X-EIG-Tracking-Id
X-Via-Fastly
Access-Control-Request-Headers
S-Rt
X-Site-Version
X-Routing-Service
X-Www-Served-By
X-Agile-Age
X-Agile
X-VWS-Id
X-Xfnlog-Site
Selected-FE
X-Timing-Wait
X-App-Name
X-AWS-Id
X-SplitTest
X-Environment-Context
X-Proxy-Build
X-LJ-Flow-ID
X-NGENIX-Cache
X-L-Path
X-Source
X-Agile-Id
X-IP
X-TWH-CORRELATION-ID
X-HS-Combine-CSS
X-URL
X-Ocache
X-Storage
X-Drupal-Cache-Contexts
X-Origin-CC
HostName
X-Real-IP
X-Akamai-Request-ID
X-Upstream-CT
X-Upstream-HT
OT-Force-Account-Verify
X-Vgn-Hpd-Reason
X-Nginx-Cache
X-RateLimit-Limit
X-Pc-Host
X-Pc-Date
X-Mrs-Cache-Hits
X-Mrs-Cache
X-Mrs-Age
X-Mshield-Cache-Status
X-Time-Microsecs
X-Litespeed-Cache
From-Origin
Fastcgi-X-Cache-Version
Fastcgi-X-Cache
Fastcgi-Useragent
X-UA-Device-Type
X-NC
X-NCache
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Internal-Host
X-Feature
Powered-By-ChinaCache
XServer
X-Microcachable
X-Forwarded-Host
X-Distributor
X-Varnish-Beresp-Status
X-Iejgwucgyu
X-Varnish-Beresp-Grace
Fastly-SSL
X-Release
X-M-Reqid
X-PHP-Backend
X-M-Log
X-Qnm-Cache
X-Ms-Lease-Status
X-Ms-Request-Id
X-Ms-Version
Pagespeed
X-Ms-Blob-Type
LB
X-Birta-Served
X-Birta-Cache-Post
NtCoent-Length
X-Webkit-Csp
X-Labrador-Cache-Channel
Pagetype
X-Connection-Hash
X-Twitter-Response-Tags
X-Transaction
X-Cache-Backend
X-EdgeConnect-Cache-Status
X-VG-TLSProxy
X-Instance-Name
X-V
X-B3-Spanid
Frame-Options
MIME-Version
X-GZip
Time
X-SERVER-NAME
X-C
X-Web-Node
BehaviorPad-Version
Cache-Prefix
Arc-Country
AKAMAI
Server-Int
Ajk
Ec-Rule-Version
Rendered-Blocks
MD5-Digest
Meta-Geo-Continent
NGX
IsBot
Host-ID
Mobile-Detection-Method
Fly-Request-Id
Fly-Cache
X-B-Cookie
X-PAYTM-SRV-ID
X-Org
X-Redis-Cache
X-Region-Sid
X-Request-UUID
X-Request-URI
X-NU-AKA-ACS-Version
X-No-Session
X-IN-APIGATEWAY
X-Hnp-Log
X-IN-SSL-APIGATEWAY
X-IN-WAF
X-Logtrace-Id
X-Irp-Debug
X-Rewrite-Enabled
X-Rojux
X-Via-CDN
X-VG-WebServer
X-Via-Edge
X-Via-SSL
Xc-Version
X-WebServer
X-UE-Client-Country
X-Trv-Group
X-ScT
X-S-Cookie
X-Server-By
X-Server-Time
X-SRCache-Key
X-SIPLIST1
X-Generation-Time
X-Generated-In
X-A-Wwc
X-A-Dgt
X-Accel-Expires-Debug
X-Application
X-BB-ID
X-ARC
X-A-Dcw
X-A-Dam
VivaBuild
Viewtype
Web-Mar-Node
Www
X-A-Ccd
X-A
X-Block-Status
X-Cache-Bucket
X-Dispatcher-Server
X-Died
X-DPWN-IS-SECURE
X-From
X-Gen-Mode
X-G
X-Developer
X-Destination
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-CUA
X-D
X-Date
V-Age
T-Server
X-Varnish-Beresp-Ttl
Cneonction
X-NWS-UUID-VERIFY
X-HOST
X-App-Version
X-Powered-By-ANYU
X-FireWall-Port
WZWS-RAY
MI-Cache-Age
HA-Host
MI-Cache
X-Hl-Ver
NodeID
Origin-Edge-Control
Origin-Cache-Control
Ha-Gx-Prefs
On-Server
MI-API
HA-Ipaddr
HA-Servedtime
X-GeoIP-City
X-Cache-CFC
X-Cache-Enabled
X-Origin-TTL
X-Owner
Kp-EeAlive
X-ElasticPress-Search
X-Phone
Magicmarker
Proxy-Connection
SN
X-RCS-CacheZone
X-RateLimit-Remaining-Second
Server-Host
X-Layer
True-Client-Country-4JS
X-S-Maxage
X-Key
Ar-Sid
X-HTML-Minification-Powered-By
X-RateLimit-Limit-Second
X-Sf
Release
HA-Georegion
Pragrma
Request-Country
Request-EU
X-Platform
X-ServiceProvider
Request-Time
X-Amz-Meta-Cache-Control
HA-Urlpath
X-F5-Cache
X-VServer
X-We-Are-Hiring
CDCHOST
X-External-Request-Id
HA-Geolon
Decoy-Debug-TTL
Decoy-Debug-Status
Decoy-Debug-Key
Cache-Tags
X-Wikidot-Backend
X-CS
X-VCT
X-Fastly-Cache
X-MI-In-Market
X-Crawler
X-Core-Value
Backend-Name
X-Wikidot-Static-Cache
X-CGP
X-Varnish-Action
Country-Code
HA-Geocountry
HA-Geolat
X-Node-Id
HA-Geocity
HA-Cloudapp
X-UnsetCookies
X-Eu-Site
GMS-Ver
Esi-Enabled
X-Webstats-RespID
X-Actual-URL
X-Clientip
X-Content-Age
X-Returned-From-DLL
X-Developers
X-Returned-From
X-Matched-Rule
X-Returned-From-BeforeDispatch
X-Response-By
X-Request-Time
X-Ckpd-Fst-Backend
X-Reboot
X-Croise-Owner
X-MSEdge-Flight
X-Cdn-Srv
X-Passed-To-PostProcessResponse
X-Backend-Url
X-Cache-URL
X-Passed-To-DLL
X-Backend-State
X-Backend-Host
X-Debug-Cookies
X-Passed-To-BeforeDispatch
X-Alternate-Cache-Key
X-Cache-Expires
X-Backend-TTL
X-MSEdge-Features
X-Debug-Log
X-Nginx-Cache-Key
X-Passed-To
X-Cache-Srv
X-NX-Host
X-ShopId
X-Up
X-Tumblr-Pixel-3
X-Var-Ttl
X-Variation
Fastly-Backend-Name
X-TT-LOGID
X-Epic-Correlation-Id
Is-Eu
X-Swa-Ws
X-Thinkindot-L3
Heartbleed
Countrycode
Apple-News-Services-Request-Url
Adler-Geo
X-Store
X-Sucuri-Cache
X-Fetched-On
X-FW-Version
X-Hash
X-Gannett-Site-Version
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Apple-News-Services-Handled
X-Worker
X-Stale
X-Sorting-Hat-ShopId
PageSpeed
Thinkindot-CacheControl
Server-ID
Section-Io-Cache
RNT-Time
Thinkindot-CacheControl-Type
Thinkindot-Control
X-Secret
X-Device-Os
X-Server-IP
Uber-Trace-Id
RNT-Machine
X-Fstrz
Odigeo-Trace-Id
X-Skip-Cache
X-GeoIP-Country-Code
X-Sorting-Hat-PodId
X-Shopify-Stage
Origin
X-ShardId
Platform
X-Location
PFcat
X-Returned-From-PostProcessResponse
Resin-Trace
X-Trace-Id
HTTPS
X-Cdn-Origin
Content-Disposition
Cteonnt-Length
X-Policy
X-Core-Mission
X-Servername
X-Sn-Servicetimems
X-Alicdn-Da-Ups-Status
X-Cache-Host
Sid
X-Oss-Request-Id
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-Oss-Storage-Class
X-Oss-Server-Time
REQUESTUUID
X-Rebelmouse-Surrogate-Control
Powered
X-Rebelmouse-Cache-Control
X-Real-Ip
Fastly-SWR
X-Cluster-Node
Fastly-SIE
X-CACHE-AGE
ProcessTime
WP-Super-Cache
X-Ezoic-Cdn
X-Csrf-Token
Xserver
X-Planisys-CDN-Cache
X-Dc
X-Planisys-CDN-Rules
X-Pf-Uncompressing
X-Planisys-CDN-TTL
RequestId
X-Refresh
X-Ua
Warning
ViewerVersion
CDN
X-Proto
CF-IPCountry
X-Servedbyhost
X-GEO
X-TIME
Cache-Cookie-Set-From
X-Cache-ASPX
Mail-Subject
We-Hiring
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
X-Guploader-Uploadid
X-Endurance-Cache-Level
X-Newrelic-Synthetics
Dnion-Transfer-Encoding
X-Pjax-Url
X-B3-TraceId
X-GoCache-CacheStatus
X-Req
X-Atg-Version
NODE
X-Surge-Debug
X-Varnish-Ttl
X-Nc
Hostname
CACHE
NnCoection
X-CLOUD-TRACE-CONTEXT
GeoIp-Country-Code
X-Edge-IP
X-Origin-Date
X-Time
X-COUNTRY
X-CSRF-Token
X-Aed
Geoip-Latitude
X-DC
X-Origin-Expires
X-Server-W
X-Varnish-HitMiss
X-HCF
X-Ms-Lease-State
X-Cache-Control-Set-By
Pramga
X-Page-Type
X-Oracle-Dms-Ecid
SD-X-WS
X-Varnish-Beresp-TTL
TSSecure
X-Server-Group
WWW-Authenticate
X-Aicache-OS
A
X-Varnish-Url
Processtime
X-WA
X-Flog
X-Amz-Cf-Pop
X-Hello
X-GRACE
X-Datadome
X-DataStream-Origin-MEX-Latency
Geoip-City
X-DataStream-MidMile-RTT
MS-CV
X-ABtesting
X-Geo
X-Cdn-Forward
Cdn
X-Wix-Route-ID
X-Varnish-URL
PICS-Label
X-Ratelimit-Limit
X-Akamai-Request-ID2
Lfy
X-Auto-Login
X-From-Cache
Node
X-Wa
Mime-Version
Lb
FSS-Cache
Cdn-Request-Time
X-Gdpr
Cdn-Host
X-UPSTREAM-Address
FSS-Proxy
Dont-Set-Cookie
X-Edge-Server
PageType
X-Use-Magma
X-APP
X-PAGE-TYPE
X-Unique-Id
X-EC-Security-Audit
X-Sentry-ID
X-Nananana
X-SRV
GeoIP-Latitude
X-Gen-Id
GeoIP-City
GeoIP-Country-Code
Ms-Operation-Id
X-Check-Cacheable
X-RTag
Rt-Proxy-Cache
COMMERCE-SERVER-SOFTWARE
X-Via-NSCOPI
X-WR-MODIFICATION
DataCenter
X-Served-From
X-Cookie
Get-Access-Time
X-Optimization
X-CACHE-KEY
X-Cache-HT
X-Fastly-Backend-Reqs
X-Env
Is-Session-Tracking
X-Load-Cache
Memcached
X-Cache-Id
Who
X-Proxy-Server
X-GDPR
X-Thanos
X-Bip
X-Dynatrace-Js-Agent
X-Be
X-Cache-Info
X-FORWARDED-FOR
X-Cache-FS-Status
X-Wix-Petri-Ex
X-Meta-Tbi-Cache-Vertical
X-Request-Start
X-Fastly-Cache-Hits
X-MP-GENERATED-AT
Memory
X-PJAX-URL
Pics-Label
X-Ibm-Trace
X-Swift-Error
Ws
X-Ver
X-HS-Status
X-B3-SpanId
X-Fe
X-ServedByHost
X-Cache-Ttl
X-RateLimit-Reset
V-Cache
Group
Httpd-Identifier
X-Shard
GW-Server
X-SVT-ORM-RULES
X-CDN-Pop
X-SVT-ORM-VERSION
X-NGINX-Cache
Powered-By
X-CDN-Pop-IP
URI
UCS
Cf-Ipcountry
X-Dw-Trace-Id
Amp-Access-Control-Allow-Source-Origin
X-ID
Ohc-File-Size
X-VC
Requestid
X-Bug-Bounty
Version
AGE-Hash
X-GZIP
X-PF-Uncompressing
X-User
NX-Cache
X-Path-Route
X-SB
Serverid
Xet-Cookie
X-Ratelimit-Remaining
Cache-Hits
X-Varnish-Info
X-CacheKey
CDN-Cache-Hit
CDN-Node
X-StackifyID
X-P-T
CDN-Cache
X-LiteSpeed-Cache-Control
N-Cache
X-SD-PageType
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Route-Name
X-Flags
X-Is-Crawler
X-Litespeed-Cache-Control
X-Cache-Handler
Ohc-Response-Time
X-RequestId
X-Providence-Cookie
X-ServerName
Https
X-Grace-Duration
Apicache-Version
Apicache-Store
X-Akamai-ERPolicy
X-Akamai-ERRuleID
Fastly-Soc-X-Request-Id