Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
Last-Modified
Accept-Ranges
Pragma
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
Expect-CT
Via
X-XSS-Protection
X-Cache
Age
Access-Control-Allow-Origin
Content-Security-Policy
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Served-By
X-Amz-Cf-Id
X-Varnish
Referrer-Policy
X-Xss-Protection
X-Timer
CF-Cache-Status
X-FRAME-OPTIONS
Access-Control-Allow-Headers
X-AspNet-Version
Access-Control-Allow-Methods
X-Request-Id
X-Runtime
X-Download-Options
Access-Control-Allow-Credentials
X-Drupal-Cache
X-Request-ID
X-Cacheable
Alt-Svc
X-Generator
Content-Security-Policy-Report-Only
X-Check
X-AspNetMvc-Version
Status
X-Cache-Status
X-Adblock-Key
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Iinfo
X-Permitted-Cross-Domain-Policies
X-Template
Content-Encoding
X-Language
X-Content-Security-Policy
X-Turbo-Charged-By
X-CDN
X-Type
X-Buckets
Keep-Alive
Xkey
X-AH-Environment
X-Cache-Group
X-Backend
Access-Control-Max-Age
WPE-Backend
X-Pass-Why
X-Age
CF-Ray
X-POWERED-BY
X-Server
Upgrade
EagleId
Access-Control-Expose-Headers
X-Via
X-Nginx-Cache-Status
X-Server-Powered-By
X-Drupal-Dynamic-Cache
X-Pingback
X-Varnish-Cache
X-Amz-Id-2
X-Amz-Request-Id
Grace
X-Hacker
X-Swift-CacheTime
X-Swift-SaveTime
X-UA-Device
X-Robots-Tag
Ali-Swift-Global-Savetime
P3p
Cf-Railgun
X-LiteSpeed-Cache
X-Proxy-Cache
X-Envoy-Upstream-Service-Time
X-Ua-Compatible
X-Page-Speed
Request-Context
Content-Location
X-Device
X-Ac
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Cnection
X-Node
X-Amz-Version-Id
X-Host
X-Cache-Lookup
Surrogate-Control
X-Server-Id
X-WebKit-CSP
X-Backend-Server
X-Rq
X-Rack-Cache
X-Response-Time
X-Application-Context
X-Readtime
EagleEye-TraceId
X-CST
Server-Timing
X-Url
Pinterest-Generated-By
X-Cloud-Trace-Context
X-TTL
X-OneAgent-JS-Injection
Request-Id
Report-To
X-Instart-Request-ID
X-Country
X-Px
X-ORACLE-DMS-ECID
X-Clacks-Overhead
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Feature-Policy
Edge-Control
Rating
X-Country-Code
Allow
X-DynaTrace-JS-Agent
X-Dns-Prefetch-Control
X-DataDome
X-ESI
Charset
X-Powered-CMS
X-Vname
X-TtlSet
X-PC
X-Server-Name
X-FTR-Request-ID
X-Origin-Cache
X-DynaTrace
NEL
X-MS-InvokeApp
X-Cached
X-Goog-Hash
X-Recruiting
X-Vhost
X-Varnish-TTL
X-GitHub-Request-Id
X-VARITI-CCR
RTSS
Content-MD5
X-Version
X-F-Cache
X-ORACLE-DMS-RID
X-GoogleNews-Bot
X-Exp-Id
X-Exp-Variant
X-Cdn-Fetch
X-Geo-Segment
X-Kinja-Build
X-Kinja-Server
X-Kinja-Revision
X-Kinja
X-Powered-By-Plesk
Public-Key-Pins
Accept-CH
PB-PID
PB-RID
Arc-Version
X-Mobile-Rewrite
X-D2id
X-Mod-Pagespeed
X-Upstream-Env
Pinterest-Version
X-Pinterest-Rid
Verso
MS-Author-Via
X-Client-IP
SPRequestGuid
X-Abt-Application-Version
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-CF-Powered-By
X-Dispatcher
X-N
X-SharePointHealthScore
X-Amz-Rid
Accept-CH-Lifetime
X-Navigation-Version
Nginx-Cache
X-TEC-API-ORIGIN
AR-ATIME
X-TEC-API-VERSION
AR-PoweredBy
X-TEC-API-ROOT
X-Dw-Request-Base-Id
X-Trace
X-Fastly-Request-ID
DynaTrace
AR-CACHE
X-T
Paypal-Debug-Id
X-Varnish-Age
X-Hits
X-Upstream
Arr-Disable-Session-Affinity
X-Forwarded-Proto
TCN
X-DIS-Request-ID
X-Origin-Upstream-Status
X-Id
X-Amz-Meta-S3cmd-Attrs
X-Ruxit-JS-Agent
X-Pad
SPRequestDuration
X-Grace
SPIisLatency
X-Shield-Request-Id
X-Content-Options
X-Content-Digest
Realpath
X-NF-Request-ID
X-HeyJason
X-Do-Not-Hack
Permitted-Cross-Domain-Policies
X-Server-ID
X-IPLB-Instance
X-Kinsta-Cache
X-Cache-Hit
Access-Control-Request-Method
MRF-Tech
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
X-Acc-Meta-Resource-Type
X-Logged-In
Mrf-Cache-Status
X-FastCGI-Cache
X-B
AR-SID
X-Goog-Metageneration
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-HW
X-Goog-Stored-Content-Length
X-Vcap-Request-Id
X-SS-Set-Cookie
X-Debug
X-XRDS-Location
S
X-Ser
Service-Worker-Allowed
X-MSEdge-Ref
X-NewRelic-App-Data
X-Wix-Server-Artifact-Id
Server-Name
X-PressLabs-Stats
Tracecode
X-Frontend
X-FTR-Cache-Status
X-FTR-DC
X-FTR-Backend-Server
X-FTR-Backend
X-FTR-Balancer
X-FTR-Realm
X-Country-Code-Real
X-Oneagent-Js-Injection
AMP-Access-Control-Allow-Source-Origin
X-FTR-Expires
X-Cache-Key
X-Oracle-Dms-Rid
Rt-Fastcgi-Cache
Fastcgi-Cache
X-Forwarded-For
Surrogate-Key
Eomportal-Instance
Fastly-Restarts
Alternate-Protocol
X-Cache-Rule
Cleartype
X-GUploader-UploadID
Cache-Status
Backend-Timing
X-Analytics
X-Srv
Host
TP-Cache
X-HS-Hub-Id
TP-L2-Cache
X-HS-Content-Id
X-Revision
X-Rid
X-Accel-Buffering
X-Whom
Public-Key-Pins-Report-Only
X-TA-CDN-Provider
X-VCache
X-User-Agent
X-RateLimit-Remaining
X-FTR-Cache-Host
FilterID
X-Debug-Info
X-Akam-SW-Version
X-NWS-LOG-UUID
ServerID
X-AOL-HN
X-XRDS-LOCATION
X-Cache-2
X-Varnish-Backend
X-Webkit-CSP
X-Via-JSL
X-Cdn
Front-End-Https
Accept-Charset
X-Content-Powered-By
X-Mobile
X-Kinja-Server-Push
X-Request-Received
X-Request-Processing-Time
X-Zen-Fury
X-WPE-Loopback-Upstream-Addr
X-Cached-By
Viewport
X-Correlation-Id
X-Node-Name
X-App-Environment
X-LB-Cache
X-Magnolia-Registration
X-Cluster
Host-Header
X-Varnish-Hostname
X-Tumblr-User
X-Tumblr-Pixel
X-Content-Security-Policy-Report-Only
X-Tumblr-Pixel-0
X-Page-Id
Liferay-Portal
X-Akamai-Edgescape
X-Framework
X-Handled-By
X-Request-Guid
X-TT
X-Cache-Control
X-Device-Type
X-B3-Sampled
X-Instance
X-Platform-Server
X-Signature
X-BCube-Filmed-By
Upgrade-Insecure-Requests
X-B-Cache
X-FB-Debug
Cache-Tag
DC
X-Cache-Server
X-Hostname
X-B3-Traceid
Server-Node
X-Origin-Server
MicrosoftSharePointTeamServices
X-TT-TIMESTAMP
X-Ttl
X-Fastcgi-Cache
Source
X-Amzn-Trace-Id
X-Sol
X-Middleton-Display
Display
Retry-After
X-Accel-Expires
X-Contextid
X-Servedby
X-WA-Info
X-Varnish-Server
Server-Info
HitType
X-Cache-Action
HitInfo
X-Distil-CS
X-Cache-Operation
X-APP-VERSION
Content-Script-Type
X-Seen-By
X-Wix-Request-Id
Content-Style-Type
Webserver
X-Port
X-GeoIP
X-S
User-Agent
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-WebKit-CSP-Report-Only
X-RequestSource
X-Amz-Replication-Status
GEO-INFO
X-Status
Actual-Object-TTL
X-Locale
X-Generated-By
X-Edge-Location
X-Jobs
X-Edge-Cache-Key
X-UUID
X-FW-Type
X-Edge-Cache
X-FW-Hash
X-FW-Serve
X-FW-Static
AsisCache
X-Region
X-Response-Served-From
Healthy
X-FW-Server
X-Adobe-Loc
X-Adobe-Content
ServedBy
SRV
X-Drupal-Cache-Tags
X-Geo-Country
X-TX-ID
X-Varnish-Hits
X-Hyper-Cache
Refresh
X-Daa-Tunnel
X-DataStream-Cache-Status
X-Iejgwucgyu
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-ATG-Version
X-Cache-Age
X-Cache-NE
X-Esi
Response
X-Middleton-Response
X-Cache-TTL-Remaining
X-Varnish-Grace
IBM-Web2-Location
Filters
S-Cnection
X-Amz-Server-Side-Encryption
X-Content-Type
Payment
NGB
X-Newrelic-App-Data
Datacenter
X-AppVersion
X-Activity-Id
X-Az
X-Pc-Hit
X-Pc-Key
X-Pc-Appver
X-Webkit-Csp
X-CDN-Forward
X-Cache-Remote
X-Proxied
X-Vg-Webcache
X-Cache-TTL
X-Cacheable-TTL
X-App-Server
Country
Edge-Cache-Tag
X-HS-Cache-Config
Served-By
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Unique-ID
X-Sucuri-ID
X-Mode
X-UA
X-Varnish-IP
X-Akamai-Transformed
X-RemovedCookies
X-ProcessESI
Machine
Meta-Geo
X-Rendered-As
X-Detected-As
X-RN-RSRV
X-HS-Combine-CSS
X-Is-Bot
X-Cache-Var
X-Cache-Var-Map
Load-Balancing
X-Ruxit-Js-Agent
X-Proxy
X-Rocket-Nginx-Bypass
X-FC-Vary-Parameters
X-Rule
AR-Request-ID
X-Grey
X-Hosted-By
X-Origin-Hint
X-OCL
X-Origin
X-PCL
X-Human
X-ServerID
TWC-Locale-Group
TWC-GeoIP-LatLong
TWC-Privacy
User-Cache-Control
Webcakes-App-Name
TWC-GeoIP-Country
DB-Nickname
Mn-Server-Ip
Property-Id
TWC-Connection-Speed
TWC-Device-Class
Webcakes-App-Version
Cache-Name
Access-Control-Allow-Method
X-Tb
X-Varnish-Cache-Hits
X-ProxyCache-Status
X-ProxyCache-Key
X-Varnish-Cacheable
X-Cache-Category-Id
Webcakes-Region
X-Amz-Meta-Surrogate-Control
X-BB-IP
X-BYPASS-REASON
X-EIG-Tracking-Id
Backend
X-JoinUs
S-Rt
X-Hit
X-L-Path
X-Loop
Azure-RegionName
X-Original-Request
X-NodeID
X-Generated
X-Format
Azure-SlotName
Azure-SiteName
Azure-InstanceId
X-CDN-Cache
X-Debug-Cache
X-Environment-Context
Azure-Version
X-OVcl-Cache
X-OVcl
X-Site-Version
ServerName
X-Viewer-Country
X-TNCMS
X-Access
X-Section
Now
L5d-Success-Class
X-Upgrade-Enabled
X-Zipkin-Id
X-Routing-Service
Cache
Selected-FE
X-RateLimit-Limit
X-Agile-Id
X-AWS-Id
X-App-Name
Cache-Key
X-Cache-Config
X-Agile-Age
X-ApacheServer
X-Agile
X-IP
X-TWH-CORRELATION-ID
X-Timing-Wait
X-SplitTest
X-HOST
X-Via-Fastly
OT-Force-Account-Verify
X-Www-Served-By
X-VWS-Id
X-Pubstack
X-Proxy-Build
X-NGENIX-Cache
X-LJ-Flow-ID
Access-Control-Request-Headers
X-Ocache
X-PERF
X-CCM
X-Drupal-Cache-Contexts
X-Backend-Name
X-Origin-CC
X-URL
HostName
X-Mrs-Cache
X-Mrs-Cache-Hits
X-Mshield-Cache-Status
X-Source
X-Mrs-Age
X-Xfnlog-Site
Fastcgi-X-Cache-Version
Fastcgi-X-Cache
Fastcgi-Useragent
X-Nginx-Cache
X-Upstream-HT
X-Upstream-CT
Powered-By-ChinaCache
X-Real-IP
X-Akamai-Request-ID
X-Pc-Host
X-Pc-Date
X-Correlation-ID
X-Storage
From-Origin
X-Litespeed-Cache
X-Vgn-Hpd-Reason
Pagespeed
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Forwarded-Host
Fastly-SSL
X-Feature
X-NCache
X-Time-Microsecs
X-Internal-Host
LB
X-M-Reqid
X-Varnish-Beresp-Status
X-Qnm-Cache
X-Varnish-Beresp-Grace
X-M-Log
X-Ms-Blob-Type
X-Distributor
X-NC
NtCoent-Length
X-Ms-Lease-Status
X-Ms-Version
X-Ms-Request-Id
X-Release
X-Birta-Cache-Post
X-Microcachable
X-Birta-Served
X-Labrador-Cache-Channel
X-UA-Device-Type
X-VG-TLSProxy
X-EdgeConnect-Cache-Status
XServer
X-App-Version
X-Cache-Backend
X-B3-Spanid
Pagetype
X-Connection-Hash
X-Twitter-Response-Tags
X-Transaction
Time
X-PHP-Backend
X-Sucuri-Cache
X-SERVER-NAME
Frame-Options
X-Date
X-Server-Time
X-NU-AKA-ACS-Version
X-A-Wwc
X-Accel-Expires-Debug
X-A-Ccd
X-Server-By
X-A-Dcw
VivaBuild
X-CF-Lambda-Fn
X-A-Dgt
X-A
X-Org
Cneonction
X-A-Dam
Www
X-CUA
X-PAYTM-SRV-ID
X-Powered-By-ANYU
X-CF-Lambda-Version
X-D
X-SIPLIST1
X-No-Session
Xc-Version
WZWS-RAY
X-Cache-Bucket
X-Redis-Cache
X-Died
X-G
X-Rewrite-Enabled
IsBot
X-Rojux
X-UE-Client-Country
Server-Int
Fly-Cache
Ec-Rule-Version
Fly-Request-Id
X-Generation-Time
X-Generated-In
X-S-Cookie
X-Dispatcher-Server
NGX
Mobile-Detection-Method
X-From
Rendered-Blocks
X-BB-ID
Meta-Geo-Continent
MD5-Digest
X-C
X-ScT
X-Trv-Group
X-DPWN-IS-SECURE
T-Server
X-IN-APIGATEWAY
X-Developer
X-CS
X-Application
X-WebServer
Arc-Country
X-Destination
V-Age
Viewtype
X-Logtrace-Id
Ajk
AKAMAI
X-Region-Sid
X-ARC
X-VG-WebServer
Cache-Prefix
X-Irp-Debug
X-IN-WAF
X-IN-SSL-APIGATEWAY
X-B-Cookie
X-Via-CDN
BehaviorPad-Version
X-Request-UUID
X-Via-SSL
X-Via-Edge
X-SRCache-Key
X-FireWall-Port
X-NWS-UUID-VERIFY
ViewerVersion
X-Web-Node
X-GZip
X-Instance-Name
Ha-Gx-Prefs
HA-Host
HA-Geocountry
HA-Georegion
HA-Geolat
HA-Geolon
HA-Geocity
X-Gen-Mode
X-Hl-Ver
SN
X-Hnp-Log
X-Node-Id
X-GeoIP-City
GMS-Ver
HA-Ipaddr
X-UnsetCookies
HA-Cloudapp
HA-Urlpath
Release
X-Cache-Enabled
MIME-Version
Origin-Cache-Control
Origin-Edge-Control
X-External-Request-Id
X-F5-Cache
X-Fastly-Cache
NodeID
X-Store
Server-Host
Host-ID
X-Var-Ttl
X-S-Maxage
Magicmarker
X-Eu-Site
X-Core-Value
HA-Servedtime
X-Hash
X-Wikidot-Backend
X-RateLimit-Remaining-Second
X-Crawler
X-Phone
X-We-Are-Hiring
X-Request-Time
X-Wikidot-Static-Cache
X-Debug-Log
X-Debug-Cookies
Web-Mar-Node
X-CGP
X-RateLimit-Limit-Second
Pragrma
X-Platform
Backend-Name
X-Amz-Meta-Cache-Control
X-Block-Status
X-VServer
X-Varnish-Action
Country-Code
X-Cluster-Node
X-NX-Host
X-Origin-TTL
X-Cache-CFC
X-Layer
X-Owner
X-Key
X-VCT
X-V
X-Webstats-RespID
Proxy-Connection
X-Epic-Correlation-Id
Request-Country
X-Cache-Expires
Request-EU
X-Croise-Owner
X-Cdn-Srv
Thinkindot-CacheControl-Type
Thinkindot-Control
X-Backend-Host
X-Backend-State
X-Developers
Thinkindot-CacheControl
X-Cache-URL
Uber-Trace-Id
X-Actual-URL
X-Cache-Srv
X-Core-Mission
Section-Io-Cache
X-Backend-Url
X-Backend-TTL
X-Cdn-Origin
X-Cache-Host
X-Passed-To-PostProcessResponse
X-Request-URI
X-Reboot
X-RCS-CacheZone
X-Response-By
X-Returned-From
X-Returned-From-DLL
X-Returned-From-BeforeDispatch
X-Clientip
X-Passed-To-DLL
Platform
X-MI-In-Market
X-MSEdge-Flight
X-Nginx-Cache-Key
X-Passed-To-BeforeDispatch
X-Passed-To
X-Returned-From-PostProcessResponse
X-Secret
X-Up
X-Tumblr-Pixel-3
X-Variation
Powered
REQUESTUUID
X-Policy
X-TT-LOGID
X-Trace-Id
X-Sf
X-Server-IP
X-Sn-Servicetimems
X-Stale
X-Thinkindot-L3
X-Swa-Ws
X-Alternate-Cache-Key
X-MSEdge-Features
X-Gannett-Site-Version
Is-Eu
Heartbleed
X-ShardId
X-HTML-Minification-Powered-By
Esi-Enabled
X-FW-Version
Kp-EeAlive
X-Fetched-On
Origin
Odigeo-Trace-Id
MI-Cache-Age
MI-API
MI-Cache
Countrycode
X-GeoIP-Country-Code
X-Matched-Rule
Adler-Geo
CDCHOST
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-ShopId
X-Shopify-Stage
Apple-News-Services-Host
Apple-News-Services-Handled
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
X-Location
X-Ua
X-Content-Age
X-Worker
X-Device-Os
X-Rebelmouse-Surrogate-Control
X-Fstrz
X-ElasticPress-Search
X-Rebelmouse-Cache-Control
X-ServiceProvider
Server-ID
On-Server
Fastly-SWR
PageSpeed
PFcat
Request-Time
RNT-Machine
Resin-Trace
Fastly-SIE
Fastly-Backend-Name
Cache-Tags
ProcessTime
X-Dc
Content-Disposition
Decoy-Debug-Key
Decoy-Debug-TTL
Decoy-Debug-Status
RNT-Time
HTTPS
X-Ckpd-Fst-Backend
Sid
True-Client-Country-4JS
X-Alicdn-Da-Ups-Status
Xserver
X-Varnish-Beresp-Ttl
CACHE
X-Servername
X-Skip-Cache
X-Real-Ip
X-CACHE-AGE
X-Ezoic-Cdn
X-B3-TraceId
X-Csrf-Token
RequestId
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
X-Endurance-Cache-Level
Ar-Sid
Warning
Cteonnt-Length
X-TIME
X-Req
X-Pf-Uncompressing
X-Proto
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-Oss-Request-Id
X-Oss-Server-Time
X-GEO
X-Oss-Storage-Class
WP-Super-Cache
X-Newrelic-Synthetics
Mail-Subject
X-Planisys-CDN-Cache
X-Surge-Debug
X-Planisys-CDN-Rules
X-Servedbyhost
X-Planisys-CDN-TTL
We-Hiring
X-Refresh
CF-IPCountry
X-Nc
X-Guploader-Uploadid
X-Pjax-Url
CDN
Dnion-Transfer-Encoding
X-Aed
X-Cache-ASPX
X-Varnish-Ttl
X-Varnish-Beresp-TTL
Pramga
X-GoCache-CacheStatus
X-GRACE
X-CLOUD-TRACE-CONTEXT
X-Atg-Version
Hostname
X-Time
TSSecure
X-CSRF-Token
X-Edge-IP
X-COUNTRY
GeoIp-Country-Code
X-Ms-Lease-State
NODE
Geoip-Latitude
X-Server-W
X-Page-Type
X-Oracle-Dms-Ecid
NnCoection
X-DC
X-Hello
X-Origin-Date
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
X-Flog
X-Geo
X-ABtesting
X-Origin-Expires
X-Cdn-Forward
A
X-Varnish-HitMiss
X-Aicache-OS
Cdn
X-Varnish-Url
X-HCF
X-Cache-Control-Set-By
SD-X-WS
MS-CV
Lfy
X-Datadome
X-WA
X-Auto-Login
X-Amz-Cf-Pop
Mime-Version
FSS-Proxy
X-Akamai-Request-ID2
FSS-Cache
X-Server-Group
WWW-Authenticate
X-Ratelimit-Limit
Geoip-City
X-CACHE-KEY
Node
X-Wa
Processtime
X-Varnish-URL
PICS-Label
X-Wix-Route-ID
X-UPSTREAM-Address
X-Sentry-ID
Rt-Proxy-Cache
X-Via-NSCOPI
PageType
X-Use-Magma
X-EC-Security-Audit
X-APP
X-Unique-Id
X-Cache-Id
X-Check-Cacheable
GeoIP-Latitude
X-From-Cache
GeoIP-Country-Code
X-PAGE-TYPE
X-Nananana
X-NODE
X-Cache-Info
Memcached
X-Served-From
X-Bip
GeoIP-City
X-Thanos
Lb
X-Edge-Server
Cdn-Host
Cdn-Request-Time
X-SRV
X-Gdpr
Ms-Operation-Id
X-Cookie
X-Be
X-RTag
Dont-Set-Cookie
X-Gen-Id
X-MP-GENERATED-AT
X-Proxy-Server
X-GDPR
X-Fastly-Backend-Reqs
COMMERCE-SERVER-SOFTWARE
X-Request-Start
X-WR-MODIFICATION
X-Load-Cache
X-Dynatrace-Js-Agent
DataCenter
X-Cache-HT
Is-Session-Tracking
X-Env
X-Optimization
Memory
X-Fastly-Cache-Hits
Get-Access-Time
X-HS-Status
X-FORWARDED-FOR
Who
UCS
X-PJAX-URL
Pics-Label
X-Swift-Error
GW-Server
X-User
X-Ver
X-Cache-Ttl
X-B3-SpanId
Group
V-Cache
X-RateLimit-Reset
Cf-Ipcountry
X-ServedByHost
X-Cache-FS-Status
X-PF-Uncompressing
X-Meta-Tbi-Cache-Vertical
X-Fe
Ws
URI
Cache-Hits
X-Ibm-Trace
X-Dw-Trace-Id
X-CDN-Pop-IP
X-CDN-Pop
Amp-Access-Control-Allow-Source-Origin
X-ID
X-Shard
NX-Cache
X-Goog-Meta-Goog-Reserved-File-Mtime
X-GZIP
X-SB
X-Bug-Bounty
Xet-Cookie
AGE-Hash
X-VC
Requestid
Httpd-Identifier
Accept-Language
X-NGINX-Cache
Serverid
X-Ratelimit-Remaining
Locale
X-Wix-Petri-Ex
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
N-Cache
X-BBXSRF
X-Cache-Debug
X-Urbn-Context-Path
X-Urbn-Site-Id
X-LI-UUID
X-LI-Proto
X-Li-Fabric
X-Li-Pop
X-Content-Encoded-By
X-CacheKey
CDN-Node
Powered-By
X-ServerName
CDN-Cache-Hit
X-Varnish-Info
CDN-Cache
X-Route-Name
Ohc-File-Size
X-RequestId
X-Akamai-ERPolicy
X-Grace-Duration
X-Akamai-ERRuleID
X-Providence-Cookie
X-StackifyID
X-Litespeed-Cache-Control
Version
X-Cache-Handler
Https
X-Flags
X-Is-Crawler