Threat Level: green Handler on Duty: Bojan Zdrnja

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Pragma
Accept-Ranges
Last-Modified
Strict-Transport-Security
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
X-XSS-Protection
Expect-CT
Via
X-Cache
Age
Access-Control-Allow-Origin
Content-Security-Policy
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Served-By
X-Varnish
X-Amz-Cf-Id
Referrer-Policy
X-Request-Id
X-Timer
X-AspNet-Version
CF-Cache-Status
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Runtime
Access-Control-Allow-Credentials
X-Download-Options
X-Drupal-Cache
X-Cacheable
X-Generator
Alt-Svc
Content-Security-Policy-Report-Only
X-Xss-Protection
X-AspNetMvc-Version
Status
X-Check
X-Cache-Status
Timing-Allow-Origin
X-Adblock-Key
X-DNS-Prefetch-Control
X-Iinfo
X-Permitted-Cross-Domain-Policies
X-Content-Security-Policy
X-CDN
X-Template
Content-Encoding
X-Language
X-Turbo-Charged-By
X-Request-ID
X-Buckets
Keep-Alive
P3p
X-Type
X-AH-Environment
X-Via
Xkey
EagleId
X-Backend
WPE-Backend
X-Age
X-Pass-Why
Access-Control-Max-Age
X-Cache-Group
X-Server
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-Varnish-Cache
X-Pingback
Upgrade
X-Nginx-Cache-Status
X-Server-Powered-By
X-Drupal-Dynamic-Cache
Grace
Access-Control-Expose-Headers
X-Hacker
X-UA-Device
Cf-Railgun
X-Amz-Request-Id
X-Amz-Id-2
X-Robots-Tag
X-Ua-Compatible
X-Proxy-Cache
X-Envoy-Upstream-Service-Time
X-LiteSpeed-Cache
X-Page-Speed
Request-Context
X-CST
X-Node
X-Ac
X-Device
X-Cache-Lookup
Content-Location
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Cnection
X-WebKit-CSP
X-Host
X-Amz-Version-Id
Surrogate-Control
X-Backend-Server
X-Rack-Cache
X-Response-Time
X-Px
X-Rq
X-Readtime
X-Server-Id
Pinterest-Generated-By
Allow
X-Application-Context
X-Url
X-Instart-Request-ID
X-Clacks-Overhead
Request-Id
EagleEye-TraceId
Server-Timing
X-OneAgent-JS-Injection
X-Country
X-Do-Not-Hack
Permitted-Cross-Domain-Policies
X-HeyJason
Report-To
Rating
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Cloud-Trace-Context
X-Country-Code
Edge-Control
Charset
X-Varnish-TTL
X-Server-ID
X-Powered-CMS
X-TtlSet
X-PC
X-Vname
X-ESI
X-FTR-Request-ID
X-TTL
X-MS-InvokeApp
X-DataDome
X-CF-Powered-By
X-Server-Name
X-Cached
X-DynaTrace-JS-Agent
X-Goog-Hash
NEL
Feature-Policy
X-Vhost
X-Recruiting
Public-Key-Pins
X-Origin-Cache
X-Powered-By-Plesk
X-F-Cache
X-VARITI-CCR
X-Kinja-Revision
X-Geo-Segment
X-Kinja-Build
X-Kinja-Server
X-Cdn-Fetch
X-GoogleNews-Bot
X-Exp-Id
X-Kinja
X-Exp-Variant
X-T
X-DynaTrace
X-Dns-Prefetch-Control
X-D2id
X-Version
X-Mod-Pagespeed
X-Upstream-Env
Pinterest-Version
X-Pinterest-Rid
Verso
SPRequestGuid
X-Client-IP
X-Abt-Application-Version
X-SharePointHealthScore
X-Dispatcher
X-SRCache-Store-Status
X-SRCache-Fetch-Status
Arc-Version
PB-RID
X-Mobile-Rewrite
PB-PID
Content-MD5
X-N
X-Forwarded-Proto
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
RTSS
X-Amz-Rid
X-Cdn
X-Hits
X-Ttl
X-GitHub-Request-Id
X-Navigation-Version
Nginx-Cache
X-Dw-Request-Base-Id
AR-ATIME
AR-PoweredBy
AR-CACHE
Realpath
X-B
X-Ruxit-JS-Agent
Paypal-Debug-Id
X-Content-Digest
X-Upstream
X-Grace
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-Content-Options
X-TEC-API-ROOT
SPRequestDuration
SPIisLatency
X-Pad
X-Id
X-Shield-Request-Id
X-Varnish-Age
X-Kinsta-Cache
Arr-Disable-Session-Affinity
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-Goog-Generation
Access-Control-Request-Method
X-NWS-LOG-UUID
TCN
X-Oneagent-Js-Injection
X-Acc-Meta-Resource-Type
X-Cache-Hit
MS-Author-Via
X-Mrf-Section-Lastmod
Mrf-Cache-Status
MRF-Tech
X-Mrf-Item-Lastmod
X-Logged-In
X-Trace
S
X-Vcap-Request-Id
X-Zen-Fury
X-HW
DynaTrace
X-Origin-Upstream-Status
X-XRDS-Location
X-MSEdge-Ref
Front-End-Https
X-VCache
Cleartype
X-DIS-Request-ID
Eomportal-Instance
X-Frontend
X-Country-Code-Real
X-FTR-Backend
Surrogate-Key
X-FTR-Backend-Server
X-FTR-Expires
X-FTR-Realm
X-HS-Hub-Id
X-FTR-DC
X-FTR-Balancer
X-FTR-Cache-Status
X-HS-Content-Id
X-Cache-Rule
X-Via-JSL
X-PressLabs-Stats
X-Fastly-Request-ID
X-User-Agent
X-NF-Request-ID
X-Oracle-Dms-Ecid
X-Oracle-Dms-Rid
X-Request-Received
Service-Worker-Allowed
X-Request-Processing-Time
X-Forwarded-For
Cache-Status
Tracecode
Fastcgi-Cache
Alternate-Protocol
AR-SID
X-IPLB-Instance
X-Hostname
Server-Name
Display
X-Middleton-Display
X-FastCGI-Cache
X-Sol
MicrosoftSharePointTeamServices
X-Varnish-Backend
Backend-Timing
X-Analytics
Host
Rt-Fastcgi-Cache
X-Az
X-Fastcgi-Cache
FilterID
X-AOL-HN
Viewport
X-Activity-Id
X-AppVersion
X-Cache-2
TP-Cache
X-Ser
X-Wix-Server-Artifact-Id
Public-Key-Pins-Report-Only
TP-L2-Cache
X-Whom
X-FTR-Cache-Host
Response
X-Middleton-Response
X-Proxied
X-Rid
X-SS-Set-Cookie
ServerID
X-Revision
X-Contextid
X-Cache-Control
X-Magnolia-Registration
X-Srv
X-Content-Powered-By
X-Cached-By
X-Debug
Refresh
Powered-By-ChinaCache
X-B3-Traceid
X-Debug-Info
X-Cache-Key
AMP-Access-Control-Allow-Source-Origin
X-Cache-Server
X-Mobile
X-Instance
X-Akam-SW-Version
X-XRDS-LOCATION
X-WPE-Loopback-Upstream-Addr
Server-Info
HitType
HitInfo
X-Page-Id
X-Cache-Age
Accept-Charset
X-Daa-Tunnel
X-FB-Debug
X-Generated-By
X-Framework
X-Content-Security-Policy-Report-Only
Cache-Tag
X-LB-Cache
X-App-Server
X-B-Cache
X-Request-Guid
X-Webkit-Csp
Retry-After
X-BCube-Filmed-By
X-RateLimit-Remaining
X-Signature
X-PHP-Backend
X-Varnish-Hostname
X-Geo-Country
X-App-Environment
X-TT
Server-Node
Host-Header
X-Tumblr-User
X-Cache-Operation
X-Origin-Server
X-Tumblr-Pixel
X-Tumblr-Pixel-0
Source
X-Device-Type
X-Handled-By
X-APP-VERSION
X-Varnish-Grace
X-Hyper-Cache
X-NewRelic-App-Data
X-ATG-Version
Upgrade-Insecure-Requests
X-Ruxit-Js-Agent
DC
X-Newrelic-App-Data
X-Amzn-Trace-Id
X-GUploader-UploadID
X-Drupal-Cache-Tags
X-Accel-Expires
X-Platform-Server
X-WA-Info
X-CLOUD-TRACE-CONTEXT
X-Varnish-Server
X-TT-TIMESTAMP
X-Correlation-ID
X-HOST
X-Akamai-Edgescape
X-Cache-Action
MS-CV
X-PC-Hit
X-PC-AppVer
X-PC-Key
X-B3-Sampled
NGB
Webserver
X-Locale
X-Accel-Buffering
X-Cluster
X-Litespeed-Cache
Filters
X-Jobs
X-WebKit-CSP-Report-Only
X-GeoIP
X-Cacheable-TTL
X-PC-Host
X-PC-Date
X-S
X-Seen-By
X-RTag
Actual-Object-TTL
X-Wix-Request-Id
X-Wix-Petri-Ex
ServedBy
X-Source
X-Tumblr-Pixel-1
X-FW-Hash
X-FW-Serve
AsisCache
X-FW-Server
X-Tumblr-Pixel-2
X-RequestSource
X-FW-Type
X-FW-Static
X-URL
Served-By
S-Cnection
Pagespeed
X-Varnish-Hits
Liferay-Portal
X-Port
Fastly-Restarts
X-Edge-Location
X-Node-Name
Cartoon
X-Esi
X-Cache-Config
X-Distil-CS
Datacenter
X-Vg-Webcache
X-Cache-TTL-Remaining
X-TA-CDN-Provider
X-Amz-Meta-S3cmd-Attrs
X-Amz-Replication-Status
X-Region
GEO-INFO
X-Ocache
Cache
X-UA
X-Drupal-Cache-Contexts
Content-Script-Type
Content-Style-Type
Ohc-File-Size
Country
X-Sucuri-ID
X-ServedBy
X-Edge-Cache-Key
X-Edge-Cache
X-UUID
X-UA-Device-Type
X-Internal-Host
X-RateLimit-Limit
X-GZip
X-Cache-Remote
X-Guploader-Uploadid
X-Dynatrace-Js-Agent
X-Microcachable
X-Real-IP
HostName
X-Adobe-Content
X-Adobe-Loc
X-Correlation-Id
Ar-Sid
X-Status
X-Varnish-IP
X-Akamai-Transformed
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Proxy
X-Unique-ID
User-Agent
X-DataStream-Cache-Status
Load-Balancing
X-Akamai-Request-ID
X-RN-RSRV
X-Ezoic-Cdn
X-Is-Bot
X-Path-Route
X-JoinUs
X-IP
Meta-Geo
AR-Request-ID
X-Generated
X-App-Name
Access-Control-Allow-Method
Machine
X-Rendered-As
X-Detected-As
X-Amz-Server-Side-Encryption
X-Agile
User-Cache-Control
Selected-FE
X-Mode
X-Agile-Age
Healthy
Mn-Server-Ip
X-Agile-Id
X-Varnish-Cache-Hits
Xserver
X-OVcl-Cache
X-OVcl
X-Loop
X-Backend-Name
X-TNCMS
X-Proxy-Build
X-Web-Node
X-Grey
X-Timing-Wait
X-Cache-Category-Id
X-FC-Vary-Parameters
S-Rt
ServerName
X-Upgrade-Enabled
X-Debug-Cache
X-SERVER-NAME
X-BB-IP
X-ProxyCache-Key
X-ServerID
X-BYPASS-REASON
X-Varnish-Cacheable
X-Origin
Payment
X-Instance-Name
X-Hosted-By
X-Cache-Ttl
X-ProxyCache-Status
X-CDN-Forward
X-Time-Microsecs
X-Tb
DB-Nickname
X-RemovedCookies
X-ProcessESI
IBM-Web2-Location
L5d-Success-Class
Cache-Key
X-EIG-Tracking-Id
Azure-SlotName
Backend
X-PERF
Azure-SiteName
Azure-Version
X-Viewer-Country
X-NCache
X-TX-ID
X-NodeID
X-CDN-Cache
X-Content-Type
X-Distributor
X-ApacheServer
Azure-RegionName
X-OCL
X-Site-Version
Now
X-Human
X-PCL
Cache-Name
Azure-InstanceId
X-Time
SRV
TWC-Device-Class
TWC-GeoIP-Country
X-LJ-Flow-ID
TWC-Connection-Speed
TWC-GeoIP-LatLong
Property-Id
TWC-Locale-Group
Webcakes-Region
X-Access
X-AWS-Id
Webcakes-App-Version
Webcakes-App-Name
TWC-Privacy
X-CCM
X-Origin-Hint
X-Original-Request
X-Section
X-SplitTest
Dont-Set-Cookie
X-VWS-Id
X-Www-Served-By
X-Routing-Service
LB
X-Via-Fastly
X-Zipkin-Id
X-Xfnlog-Site
X-Vgn-Hpd-Reason
X-TWH-CORRELATION-ID
X-Format
X-Amz-Meta-Surrogate-Control
X-Pubstack
X-MP-GENERATED-AT
X-Storage
X-NGENIX-Cache
X-Rocket-Nginx-Bypass
X-Webstats-RespID
Edge-Cache-Tag
X-Origin-CC
X-Newrelic-Synthetics
X-HS-Cache-Config
Countrycode
Cache-Hits
X-Proto
X-Geo
X-Amz-Apigw-Id
X-Generation-Time
X-Amzn-RequestId
X-Cache-HT
Access-Control-Request-Headers
X-Optimization
X-Sucuri-Cache
X-Cache-NE
X-B3-Spanid
X-Labrador-Cache-Channel
Apicache-Version
Apicache-Store
X-Dc
X-Cache-Backend
X-Nc
Accept-CH
X-Meta-Tbi-Cache-Vertical
X-Birta-Cache-Post
X-Birta-Served
X-Tumblr-Pixel-3
X-Environment-Context
X-L-Path
Fastly-SSL
WZWS-RAY
X-Rule
X-Twitter-Response-Tags
X-Transaction
X-Connection-Hash
PageSpeed
X-Oss-Object-Type
From-Origin
X-Webkit-CSP
Ec-Rule-Version
X-Oss-Storage-Class
X-Oss-Server-Time
X-Oss-Hash-Crc64ecma
X-Oss-Request-Id
X-Servedby
NnCoection
Ws
X-Real-Ip
X-Hit
X-CACHE-GROUP
NODE
X-EdgeConnect-Cache-Status
X-Alicdn-Da-Ups-Status
X-Nf-Srv-Version
Cteonnt-Length
X-M-Log
X-Upstream-CT
X-M-Reqid
X-Upstream-HT
X-Qnm-Cache
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-Cache-Enabled
Ms-Operation-Id
Cneonction
SN
T-Server
X-We-Are-Hiring
Cache-Prefix
X-Wix-Route-ID
Xc-Version
Thinkindot-CacheControl
Rendered-Blocks
Country-Code
Host-ID
GMS-Ver
Fastly-Soc-X-Request-Id
Thinkindot-CacheControl-Type
Fly-Request-Id
MD5-Digest
Meta-Geo-Continent
Resin-Trace
Server-Host
Fly-Cache
MI-Cache-Age
MI-Cache
BehaviorPad-Version
X-VG-WebServer
X-From
X-Fetched-On
X-ScT
X-G
X-Generated-In
X-Server-By
X-Died
X-D
X-Server-Time
X-Date
X-Destination
X-Developer
X-Hash
X-S-Cookie
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Region-Sid
X-Response-By
X-Rewrite-Enabled
X-Planisys-CDN-Cache
X-Rojux
X-Matched-Rule
X-Hl-Ver
X-MI-In-Market
X-NU-AKA-ACS-Version
X-PAYTM-SRV-ID
X-CF-Lambda-Version
X-SRCache-Key
X-A-Dam
X-Via-CDN
X-UE-Client-Country
X-TT-LOGID
X-A-Dcw
X-A-Ccd
X-A
V-Age
Thinkindot-Control
VivaBuild
Warning
Www
X-A-Dgt
X-Trv-Group
X-Thinkindot-L3
X-BBXSRF
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-CF-Lambda-Fn
X-BB-ID
X-B-Cookie
X-A-Wwc
X-Accel-Expires-Debug
X-Application
X-ARC
X-Via-Edge
Viewtype
ProcessTime
X-SERVER
X-V
X-C
X-HS-Combine-CSS
Kp-EeAlive
Server-Int
IsBot
X-Gen-Mode
X-Alternate-Cache-Key
X-GeoIP-City
X-Release
X-Req
X-GeoIP-Country-Code
X-S-Maxage
Httpd-Identifier
X-Block-Status
X-ServiceProvider
X-Sf
X-ShardId
X-P-T
X-Backend-Url
X-Server-IP
X-Backend-Host
X-Backend-State
NGX
X-Hnp-Log
Request-Country
X-Node-Id
Proxy-Connection
X-RCS-CacheZone
Request-EU
X-Origin-Date
X-CCM-LastModified
Server-ID
X-Origin-Expires
Web-Mar-Node
X-Logtrace-Id
X-IN-SSL-APIGATEWAY
X-ShopId
X-IN-APIGATEWAY
Origin-Cache-Control
Origin-Edge-Control
X-Info
PFcat
X-IN-WAF
Uber-Trace-Id
X-Env
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
X-Ver
X-Shopify-Stage
Decoy-Debug-Key
X-Dispatcher-Server
Apple-News-Services-Handled
X-Clientip
X-CS
X-Worker
X-Org
X-Crawler
X-WebServer
Ajk
X-Core-Mission
Decoy-Debug-Status
X-Cache-URL
X-Cache-Bucket
X-Sorting-Hat-PodId
X-SIPLIST1
X-Sorting-Hat-ShopId
Decoy-Debug-TTL
X-Edge-IP
X-ElasticPress-Search
X-Content-Age
X-NX-Host
X-Cache-CFC
X-Backend-TTL
X-No-Session
XServer
X-Eu-Site
X-Epic-Correlation-Id
True-Client-Country-4JS
X-Origin-TTL
X-Edge-Server
X-Cache-Control-Set-By
X-Debug-Log
X-Cache-ASPX
X-Core-Value
X-F5-Cache
X-Forwarded-Host
X-Cache-Srv
X-Cache-Time
X-Cache-Host
X-DPWN-IS-SECURE
X-Cache-Expires
X-Amz-Meta-Cache-Control
X-HCF
X-Cdn-Origin
X-Developers
X-Fastly-Cache
X-Fstrz
X-CGP
X-GoCache-CacheStatus
X-Cdn-Srv
X-Device-Os
Who
Platform
X-Sn-Servicetimems
Fastly-SWR
Fastly-SIE
Fastly-Backend-Name
X-Trace-Id
Content-Disposition
HA-Cloudapp
HA-Geocity
HA-Georegion
HA-Host
HA-Geolon
HA-Geolat
HA-Geocountry
X-UnsetCookies
Cdn-Request-Time
Adler-Geo
AKAMAI
X-VServer
X-Wikidot-Backend
Time
X-Wikidot-Static-Cache
Backend-Name
X-VG-TLSProxy
CDCHOST
Cdn-Host
Cache-Tags
X-Up
X-Varnish-HitMiss
HA-Ipaddr
Ha-Gx-Prefs
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Debug-Cookies
HA-Servedtime
X-Refresh
Pragrma
Release
RNT-Machine
RNT-Time
X-Phone
Request-Time
X-Platform
Origin
X-Reboot
X-Server-Group
HA-Urlpath
X-Request-URI
Is-Eu
On-Server
Ohc-Response-Time
Odigeo-Trace-Id
X-Nginx-Cache
X-Passed-To-PostProcessResponse
X-Passed-To
X-Passed-To-BeforeDispatch
MI-API
X-Passed-To-DLL
X-Var-Ttl
X-Returned-From
X-Skip-Cache
X-Location
X-Returned-From-BeforeDispatch
X-User
X-Returned-From-DLL
X-Swa-Ws
X-Returned-From-PostProcessResponse
X-FireWall-Port
HTTPS
X-App-Version
Heartbleed
X-Ckpd-Fst-Backend
Esi-Enabled
X-Actual-URL
Powered-By
X-Croise-Owner
X-Ms-Version
X-Ms-Request-Id
X-Ms-Lease-Status
X-Ms-Blob-Type
X-From-Cache
RequestId
X-Stale
NtCoent-Length
X-Redis-Cache
Dynatrace
X-Micro-Cache
Dnion-Transfer-Encoding
X-Servername
X-Varnish-Beresp-Ttl
Mime-Version
X-WR-MODIFICATION
Cdn
X-Pjax-Url
UCS
X-Pf-Uncompressing
GW-Server
X-B3-TraceId
X-TIME
X-Cdn-Forward
WP-Super-Cache
X-MSEdge-Features
X-Via-SSL
X-MSEdge-Flight
X-Cache-FS-Status
X-Csrf-Token
X-GRACE
X-CSRF-Token
X-Varnish-Url
X-Cache-Handler
X-Request-Time
CF-IPCountry
X-NC
X-Hail-Hydra
X-Ua
X-Atg-Version
Get-Access-Time
X-Powered-By-ANYU
WWW-Authenticate
Is-Session-Tracking
PICS-Label
X-COUNTRY
X-Varnish-Beresp-TTL
X-Varnish-Id
Rt-Proxy-Cache
X-Bip
X-Aicache-OS
X-Owner
PageType
X-Key
Memcached
X-Page-Type
X-Thanos
Frame-Options
X-Be
X-NWS-UUID-VERIFY
MIME-Version
X-Cache-TTL
NodeID
X-Cache-Id
X-GDPR
X-CUA
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
Memory
X-Cluster-Node
X-Via-NSCOPI
X-External-Request-Id
X-Response-Served-From
Geoip-Latitude
GeoIp-Country-Code
Geoip-City
FastCGI-Cache
Mail-Subject
We-Hiring
X-Auto-Login
X-Servedbyhost
Sta2Tusw
X-UPSTREAM-Address
X-Dynatrace
X-DataStream-Origin-MEX-Latency
X-LiteSpeed-Cache-Control
X-DataStream-MidMile-RTT
Section-Io-Cache
X-DC
If-Modified-Since
X-ServedByHost
CACHE
X-TId
X-Nananana
X-StackifyID
Version
X-Varnish-Action
Magicmarker
X-Fastly-Backend-Reqs
X-Frame-Option
GeoIP-City
GeoIP-Country-Code
GeoIP-Latitude
X-Tid
X-CACHE-KEY
X-BE
X-EC-Security-Audit
Node
X-Request-UUID
X-ADI-VCache
X-Shield-Cache-Expires
CDN
X-Load-Cache
Processtime
X-Sentry-ID
X-Bug-Bounty
X-Variation
X-Gdpr
X-Ig-Deployment-Stage
COMMERCE-SERVER-SOFTWARE
Pagetype
X-GEO
Pramga
X-Varnish-Ttl
X-Pc-Hit
RATING
X-Wa
URI
X-Haproxy-Ip
X-Proxy-Server
X-PAGE-TYPE
X-Pc-Key
X-Ibm-Trace
Pics-Label
X-Public
X-Pc-Appver
X-Haproxy-Hostname
X-Server-W
X-Irp-Debug
X-Shard
Group
X-Pc-Date
V-Cache
X-Pc-Host
X-Endurance-Cache-Level
X-FORWARDED-FOR
Arc-Country
X-Cache-Debug
Sid
Cache-Cookie-Set-Idcheck
X-Varnish-URL
Cache-Cookie-Set-From
X-ND-Cache
Cache-Cookie-Set-Lfrom
X-Surge-Debug
Cache-Provider
X-Datadome
Srv
Cf-Ipcountry
OT-Force-Account-Verify
X-SRV
Fastcgi-Useragent
X-HTML-Minification-Powered-By
X-Sorting-Hat-FeatureSet
X-Sorting-Hat-PrivacyLevel
X-PJAX-URL
X-Fastly-Cache-Hits
REQUESTUUID
X-FW-Version
X-Sorting-Hat-Section
X-Sorting-Hat-PodId-Cached
X-Ratelimit-Remaining
Accept-Ch
X-Sorting-Hat-ShopId-Cached
X-Cache-Var
X-Cache-Var-Map
X-Layer
X-RateLimit-Limit-Second
DataCenter
X-ID
X-RateLimit-Remaining-Second
X-Gen-Id
X-Nginx-Cache-Key
Fastcgi-X-Cache
Powered
X-PF-Uncompressing
Fastcgi-X-Cache-Version
GEO-REGION-INFO
Hostname
X-Ms-Lease-State
X-Ratelimit-Limit
X-GZIP
Amp-Access-Control-Allow-Source-Origin
X-Litespeed-Cache-Control
X-Dw-Trace-Id
X-Vcache
X-Front
X-CacheKey
N-Cache
X-RequestId
X-APP
X-B3-SpanId
X-Feature
X-Policy
Serverid
X-NGINX-Cache
X-Distil-Cs
X-CDN-Pop
X-SB
X-Varnish-Info
X-VC
X-CDN-Pop-IP
X-Served-From
X-Requestid
Xet-Cookie
X-Grace-Duration
X-Amz-Meta-S3b-Last-Modified
X-Amz-Meta-Sha256
X-Request-Start
X-Svr
Requestid
X-Akamai-ERPolicy
X-Akamai-ERRuleID
X-Unique-Id
X-VG-WebCache
X-RAMCache
X-Fe
X-Cookie
X-ServerName
X-Amzn-Remapped-Date
X-HS-Status
X-Varnish-ID
X-Amzn-Remapped-Connection