Threat Level: green Handler on Duty: Rick Wanner

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
Last-Modified
Accept-Ranges
Pragma
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
X-XSS-Protection
Expect-CT
Via
X-Cache
Age
Access-Control-Allow-Origin
Content-Security-Policy
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Served-By
X-Amz-Cf-Id
X-Varnish
Referrer-Policy
X-Timer
CF-Cache-Status
X-FRAME-OPTIONS
X-Request-Id
Access-Control-Allow-Headers
X-AspNet-Version
Access-Control-Allow-Methods
X-Xss-Protection
X-Runtime
X-Download-Options
Access-Control-Allow-Credentials
X-Drupal-Cache
X-Cacheable
Alt-Svc
X-Generator
Content-Security-Policy-Report-Only
X-Request-ID
X-Check
X-AspNetMvc-Version
Status
X-Cache-Status
X-Adblock-Key
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Iinfo
X-Permitted-Cross-Domain-Policies
X-Template
Content-Encoding
X-Language
X-Content-Security-Policy
X-Turbo-Charged-By
X-CDN
X-Type
Keep-Alive
X-Buckets
Xkey
X-AH-Environment
X-Backend
X-Cache-Group
WPE-Backend
Access-Control-Max-Age
X-Pass-Why
X-Age
CF-Ray
X-POWERED-BY
X-Server
Upgrade
EagleId
Access-Control-Expose-Headers
X-Via
X-Nginx-Cache-Status
X-Server-Powered-By
X-Pingback
X-Drupal-Dynamic-Cache
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Grace
X-Hacker
X-Amz-Id-2
X-Amz-Request-Id
X-UA-Device
Ali-Swift-Global-Savetime
X-Robots-Tag
P3p
Cf-Railgun
X-LiteSpeed-Cache
X-Proxy-Cache
X-Envoy-Upstream-Service-Time
X-Ua-Compatible
X-Page-Speed
Request-Context
Content-Location
X-Device
X-Ac
X-Node
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Cnection
X-Host
X-Server-Id
X-Cache-Lookup
X-Amz-Version-Id
Surrogate-Control
X-WebKit-CSP
X-Backend-Server
X-Rack-Cache
X-Rq
X-Response-Time
X-Application-Context
X-Readtime
X-CST
EagleEye-TraceId
Server-Timing
Pinterest-Generated-By
X-Url
X-Cloud-Trace-Context
X-OneAgent-JS-Injection
X-Instart-Request-ID
Request-Id
X-Dns-Prefetch-Control
Report-To
X-TTL
X-Px
X-Country
X-ORACLE-DMS-ECID
X-Clacks-Overhead
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Feature-Policy
Edge-Control
Rating
X-Country-Code
Allow
X-DynaTrace-JS-Agent
Charset
X-DataDome
X-ESI
X-Powered-CMS
X-Server-Name
X-FTR-Request-ID
X-Vname
X-TtlSet
X-PC
X-Origin-Cache
NEL
X-DynaTrace
X-MS-InvokeApp
X-ORACLE-DMS-RID
X-Recruiting
X-Goog-Hash
X-Varnish-TTL
X-Cached
X-Vhost
X-VARITI-CCR
X-GitHub-Request-Id
Content-MD5
RTSS
X-Version
X-F-Cache
X-Exp-Variant
X-Kinja-Build
X-Kinja
X-GoogleNews-Bot
X-Kinja-Server
X-Kinja-Revision
X-Exp-Id
X-Cdn-Fetch
X-Geo-Segment
X-Powered-By-Plesk
Public-Key-Pins
Accept-CH
PB-RID
PB-PID
Arc-Version
X-Mobile-Rewrite
X-Pinterest-Rid
X-Upstream-Env
Pinterest-Version
X-Mod-Pagespeed
X-D2id
SPRequestGuid
Verso
X-CF-Powered-By
X-Client-IP
X-Abt-Application-Version
MS-Author-Via
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-N
X-Dispatcher
X-SharePointHealthScore
AR-ATIME
AR-PoweredBy
X-Amz-Rid
AR-CACHE
X-Navigation-Version
Accept-CH-Lifetime
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
Nginx-Cache
X-T
Permitted-Cross-Domain-Policies
X-HeyJason
X-Do-Not-Hack
DynaTrace
X-Dw-Request-Base-Id
X-Trace
Paypal-Debug-Id
X-Fastly-Request-ID
X-Upstream
X-Varnish-Age
Arr-Disable-Session-Affinity
X-Hits
TCN
X-Forwarded-Proto
X-Amz-Meta-S3cmd-Attrs
X-FastCGI-Cache
X-Id
X-DIS-Request-ID
X-Grace
X-Origin-Upstream-Status
X-Shield-Request-Id
SPIisLatency
X-Pad
SPRequestDuration
X-Content-Options
X-Cache-Hit
AR-SID
X-Content-Digest
Realpath
X-Ruxit-JS-Agent
X-Logged-In
X-IPLB-Instance
X-NF-Request-ID
Access-Control-Request-Method
X-Kinsta-Cache
X-Mrf-Section-Lastmod
X-Acc-Meta-Resource-Type
MRF-Tech
Mrf-Cache-Status
X-Mrf-Item-Lastmod
X-B
X-XRDS-Location
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-SS-Set-Cookie
X-HW
X-Vcap-Request-Id
S
X-Debug
X-MSEdge-Ref
X-Ser
Service-Worker-Allowed
Server-Name
X-NewRelic-App-Data
X-PressLabs-Stats
X-FTR-Backend
X-FTR-Realm
X-Country-Code-Real
X-FTR-DC
X-FTR-Cache-Status
X-FTR-Balancer
X-FTR-Backend-Server
X-Frontend
X-Wix-Server-Artifact-Id
Tracecode
X-Server-ID
X-Oneagent-Js-Injection
X-FTR-Expires
AMP-Access-Control-Allow-Source-Origin
Rt-Fastcgi-Cache
Fastcgi-Cache
Eomportal-Instance
Alternate-Protocol
X-Cache-Key
X-Forwarded-For
Surrogate-Key
Cleartype
X-Cache-Rule
Cache-Status
X-GUploader-UploadID
X-Srv
X-Ttl
X-HS-Content-Id
X-Analytics
Backend-Timing
X-HS-Hub-Id
X-NWS-LOG-UUID
Host
X-VCache
TP-L2-Cache
X-Revision
TP-Cache
X-User-Agent
X-Rid
FilterID
X-FTR-Cache-Host
X-Debug-Info
X-Whom
Fastly-Restarts
Public-Key-Pins-Report-Only
X-Akam-SW-Version
X-AOL-HN
ServerID
X-RateLimit-Remaining
X-Cache-2
X-Via-JSL
X-Varnish-Backend
X-Accel-Buffering
X-Content-Powered-By
X-Webkit-CSP
X-Cdn
X-Request-Processing-Time
X-Request-Received
X-Kinja-Server-Push
Accept-Charset
Front-End-Https
X-Zen-Fury
Viewport
X-Mobile
X-Oracle-Dms-Rid
X-XRDS-LOCATION
X-Node-Name
X-WPE-Loopback-Upstream-Addr
X-Cached-By
Liferay-Portal
X-App-Environment
X-LB-Cache
Host-Header
X-Page-Id
X-Content-Security-Policy-Report-Only
X-Varnish-Hostname
X-Magnolia-Registration
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Cluster
X-Correlation-Id
X-Tumblr-User
Cache-Tag
X-Akamai-Edgescape
X-B3-Sampled
X-TT
X-Handled-By
X-Framework
X-Device-Type
X-Hostname
X-B-Cache
X-FB-Debug
Upgrade-Insecure-Requests
X-BCube-Filmed-By
X-Instance
X-Platform-Server
X-Signature
X-Cache-Control
X-Request-Guid
DC
X-Cache-Server
X-B3-Traceid
Server-Node
X-Origin-Server
X-TT-TIMESTAMP
X-TA-CDN-Provider
MicrosoftSharePointTeamServices
Source
Retry-After
X-Amzn-Trace-Id
X-Contextid
X-WA-Info
X-Servedby
X-Accel-Expires
Server-Info
HitInfo
HitType
X-Cache-Action
X-Varnish-Server
X-Cache-Operation
X-Distil-CS
Display
X-Sol
X-Middleton-Display
X-Port
X-Daa-Tunnel
X-Amz-Replication-Status
Content-Style-Type
Content-Script-Type
AsisCache
X-Generated-By
X-Wix-Request-Id
X-APP-VERSION
X-Geo-Country
X-GeoIP
X-Seen-By
X-Edge-Location
X-TX-ID
X-WebKit-CSP-Report-Only
Webserver
X-Tumblr-Pixel-2
GEO-INFO
X-Tumblr-Pixel-1
X-S
X-RequestSource
ServedBy
X-Status
X-Hyper-Cache
Healthy
X-Locale
X-FW-Type
X-Varnish-Hits
X-Response-Served-From
X-UUID
X-Region
X-FW-Static
X-Edge-Cache-Key
Actual-Object-TTL
X-Jobs
X-FW-Hash
X-Edge-Cache
X-FW-Serve
X-FW-Server
X-Adobe-Loc
X-Adobe-Content
X-Drupal-Cache-Tags
User-Agent
X-DataStream-Cache-Status
SRV
S-Cnection
X-Varnish-Grace
Refresh
Filters
X-Fastcgi-Cache
X-Cache-Age
X-Amz-Server-Side-Encryption
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Esi
IBM-Web2-Location
NGB
X-Cache-TTL-Remaining
X-Proxied
X-URL
X-Middleton-Response
X-Cache-NE
Response
X-Az
X-AppVersion
X-Activity-Id
X-Content-Type
AR-Request-ID
X-Pc-Appver
X-Newrelic-App-Data
X-Pc-Hit
X-Pc-Key
X-ATG-Version
Payment
X-App-Server
X-CDN-Forward
X-Cache-Remote
X-Ruxit-Js-Agent
X-Cacheable-TTL
X-Unique-ID
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
Datacenter
Cache
X-Cache-TTL
X-Vg-Webcache
Country
Served-By
X-UA
Edge-Cache-Tag
X-HS-Cache-Config
X-Mode
X-Akamai-Transformed
X-Sucuri-ID
X-Detected-As
X-Rendered-As
X-RN-RSRV
Machine
Meta-Geo
X-ProcessESI
Load-Balancing
X-Varnish-IP
X-RemovedCookies
X-Is-Bot
X-BYPASS-REASON
X-Proxy
X-ProxyCache-Key
X-Rocket-Nginx-Bypass
X-ProxyCache-Status
X-Real-IP
Backend
Cache-Name
Access-Control-Allow-Method
X-PERF
L5d-Success-Class
DB-Nickname
TWC-Connection-Speed
X-OCL
X-Amz-Meta-Surrogate-Control
X-Human
X-Origin
X-Debug-Cache
X-Varnish-Cacheable
X-Viewer-Country
X-Hosted-By
X-Grey
X-BB-IP
X-PCL
X-EIG-Tracking-Id
X-Cache-Category-Id
X-FC-Vary-Parameters
X-ApacheServer
X-Tb
X-ServerID
TWC-GeoIP-LatLong
TWC-Locale-Group
TWC-GeoIP-Country
TWC-Device-Class
Now
Property-Id
TWC-Privacy
User-Cache-Control
X-Pubstack
Webcakes-Region
X-Cache-Config
X-Origin-Hint
Webcakes-App-Name
Webcakes-App-Version
Mn-Server-Ip
Cache-Key
X-Environment-Context
X-CDN-Cache
X-CCM
X-Format
X-Generated
X-JoinUs
X-Hit
X-Backend-Name
X-Access
Azure-SiteName
Azure-RegionName
Azure-SlotName
Azure-Version
ServerName
S-Rt
X-L-Path
X-Loop
X-Upgrade-Enabled
X-TNCMS
X-Varnish-Cache-Hits
X-Via-Fastly
X-Cache-Var
X-Zipkin-Id
X-Site-Version
X-Section
X-Correlation-ID
X-NodeID
X-Original-Request
X-OVcl
X-Routing-Service
X-OVcl-Cache
Azure-InstanceId
X-Cache-Var-Map
Access-Control-Request-Headers
X-IP
X-Xfnlog-Site
X-LJ-Flow-ID
X-VWS-Id
X-NGENIX-Cache
Selected-FE
X-Rule
X-Agile
X-Agile-Age
X-App-Name
X-AWS-Id
X-Ocache
X-Agile-Id
X-Www-Served-By
X-TWH-CORRELATION-ID
X-SplitTest
X-HS-Combine-CSS
X-Source
X-Proxy-Build
X-Timing-Wait
X-Drupal-Cache-Contexts
X-Origin-CC
X-Storage
HostName
X-Pc-Host
X-Pc-Date
X-Akamai-Request-ID
X-Upstream-CT
X-Upstream-HT
OT-Force-Account-Verify
X-Vgn-Hpd-Reason
X-RateLimit-Limit
X-Nginx-Cache
X-Time-Microsecs
X-Mshield-Cache-Status
X-Mrs-Cache-Hits
X-Mrs-Cache
X-Mrs-Age
X-Litespeed-Cache
Fastcgi-X-Cache
Fastcgi-Useragent
Fastcgi-X-Cache-Version
From-Origin
X-UA-Device-Type
X-NC
X-NCache
X-Feature
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Internal-Host
X-Forwarded-Host
XServer
Powered-By-ChinaCache
X-Microcachable
Fastly-SSL
X-Varnish-Beresp-Status
X-Distributor
X-Release
X-Varnish-Beresp-Grace
X-Iejgwucgyu
X-PHP-Backend
X-M-Log
X-M-Reqid
X-Qnm-Cache
X-Ms-Request-Id
X-Ms-Lease-Status
X-Ms-Version
X-Ms-Blob-Type
X-Birta-Cache-Post
LB
Pagespeed
X-Birta-Served
Pagetype
NtCoent-Length
X-Cache-Backend
X-Labrador-Cache-Channel
X-Webkit-Csp
X-App-Version
X-EdgeConnect-Cache-Status
X-Twitter-Response-Tags
X-Transaction
X-VG-TLSProxy
X-Connection-Hash
X-V
X-B3-Spanid
X-Instance-Name
Frame-Options
Time
MIME-Version
X-SERVER-NAME
X-C
X-Web-Node
X-GZip
Arc-Country
X-PAYTM-SRV-ID
Ec-Rule-Version
X-IN-APIGATEWAY
X-Logtrace-Id
X-No-Session
X-IN-WAF
X-Generation-Time
Cache-Prefix
Cneonction
Ajk
X-Org
X-IN-SSL-APIGATEWAY
X-NU-AKA-ACS-Version
X-BB-ID
BehaviorPad-Version
AKAMAI
NGX
Viewtype
V-Age
VivaBuild
X-SIPLIST1
X-CF-Lambda-Fn
X-CF-Lambda-Version
T-Server
X-VG-WebServer
X-CUA
X-Varnish-Beresp-Ttl
X-Server-Time
X-Via-CDN
Server-Int
X-CS
Www
X-A
X-UE-Client-Country
X-Accel-Expires-Debug
X-Application
X-ARC
X-Cache-Bucket
X-B-Cookie
X-A-Wwc
X-Trv-Group
X-A-Ccd
X-SRCache-Key
X-A-Dam
X-A-Dcw
X-A-Dgt
X-D
X-Server-By
X-Request-UUID
X-Request-URI
X-From
IsBot
Meta-Geo-Continent
MD5-Digest
Host-ID
X-G
Fly-Request-Id
Fly-Cache
X-Generated-In
X-Redis-Cache
X-Region-Sid
X-Via-Edge
Mobile-Detection-Method
X-Rojux
Xc-Version
Rendered-Blocks
X-Date
X-Destination
X-S-Cookie
X-Rewrite-Enabled
X-WebServer
X-DPWN-IS-SECURE
X-ScT
X-Dispatcher-Server
X-Died
X-Developer
X-Via-SSL
X-Powered-By-ANYU
X-Sucuri-Cache
WZWS-RAY
X-FireWall-Port
X-NWS-UUID-VERIFY
X-HOST
MI-Cache-Age
MI-Cache
X-External-Request-Id
NodeID
X-Eu-Site
Proxy-Connection
Pragrma
X-ElasticPress-Search
On-Server
X-F5-Cache
Kp-EeAlive
HA-Host
Ha-Gx-Prefs
HA-Georegion
HA-Geolon
HA-Ipaddr
HA-Servedtime
X-Fastly-Cache
Ar-Sid
HA-Urlpath
Release
X-We-Are-Hiring
X-CGP
X-Varnish-Action
True-Client-Country-4JS
X-Core-Value
Web-Mar-Node
X-Cache-Enabled
X-Block-Status
X-Var-Ttl
X-Cache-CFC
X-UnsetCookies
X-Crawler
SN
X-VServer
Request-Time
Request-EU
Request-Country
X-Debug-Log
X-Debug-Cookies
X-Sf
X-ServiceProvider
Server-Host
X-S-Maxage
HA-Geolat
MI-API
X-RateLimit-Limit-Second
X-VCT
X-Platform
X-Irp-Debug
X-HTML-Minification-Powered-By
Country-Code
Decoy-Debug-Status
Decoy-Debug-Key
X-Hnp-Log
CDCHOST
Cache-Tags
X-Owner
X-Origin-TTL
X-NX-Host
X-Node-Id
X-MI-In-Market
X-Layer
HA-Geocountry
Backend-Name
X-Key
Decoy-Debug-TTL
X-Phone
X-RateLimit-Remaining-Second
HA-Cloudapp
GMS-Ver
X-RCS-CacheZone
X-Gen-Mode
HA-Geocity
Esi-Enabled
X-Hl-Ver
X-GeoIP-City
X-Webstats-RespID
X-Sn-Servicetimems
X-Cdn-Srv
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-Shopify-Stage
X-Ckpd-Fst-Backend
X-ShopId
X-Passed-To
X-Stale
X-MSEdge-Features
X-Request-Time
X-Skip-Cache
X-Tumblr-Pixel-3
X-Cache-Expires
X-Cache-Host
X-Up
X-Variation
X-MSEdge-Flight
X-Cache-Srv
X-Cache-URL
X-Trace-Id
X-Thinkindot-L3
X-TT-LOGID
X-Clientip
X-Cdn-Origin
X-Swa-Ws
X-Passed-To-BeforeDispatch
X-Developers
X-Device-Os
X-Wikidot-Backend
X-Store
X-Returned-From
X-GeoIP-Country-Code
X-Wikidot-Static-Cache
X-Returned-From-PostProcessResponse
X-Epic-Correlation-Id
X-Returned-From-DLL
X-Nginx-Cache-Key
X-Hash
X-Worker
X-Fetched-On
X-Response-By
X-Location
X-Croise-Owner
X-ShardId
X-Returned-From-BeforeDispatch
X-Content-Age
X-Matched-Rule
X-FW-Version
X-Passed-To-DLL
X-Passed-To-PostProcessResponse
X-Fstrz
X-Reboot
X-Secret
X-Server-IP
X-Gannett-Site-Version
Thinkindot-Control
RNT-Machine
Platform
PageSpeed
RNT-Time
Section-Io-Cache
Thinkindot-CacheControl-Type
Is-Eu
Server-ID
PFcat
Origin-Edge-Control
Odigeo-Trace-Id
Adler-Geo
Magicmarker
Heartbleed
Origin
Origin-Cache-Control
X-Backend-Url
Uber-Trace-Id
Thinkindot-CacheControl
Apple-News-Services-Host
X-Amz-Meta-Cache-Control
X-Alternate-Cache-Key
X-Backend-Host
X-Backend-State
X-Backend-TTL
Apple-News-Services-Handled
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
X-Actual-URL
Fastly-Backend-Name
Countrycode
X-Ua
Content-Disposition
Sid
HTTPS
Fastly-SIE
Cteonnt-Length
X-Csrf-Token
X-Servername
Fastly-SWR
Resin-Trace
X-Core-Mission
X-Alicdn-Da-Ups-Status
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Policy
X-Oss-Storage-Class
X-Oss-Request-Id
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Oss-Server-Time
X-CACHE-AGE
X-Cluster-Node
WP-Super-Cache
ProcessTime
REQUESTUUID
X-GEO
Powered
X-B3-TraceId
X-Dc
X-Planisys-CDN-Cache
X-Refresh
X-Servedbyhost
X-Planisys-CDN-TTL
ViewerVersion
X-Planisys-CDN-Rules
RequestId
X-Ezoic-Cdn
Xserver
Warning
CDN
X-Proto
X-Pf-Uncompressing
X-Real-Ip
X-TIME
Mail-Subject
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
X-Cache-ASPX
CF-IPCountry
We-Hiring
X-Endurance-Cache-Level
Dnion-Transfer-Encoding
X-Guploader-Uploadid
X-Pjax-Url
X-Newrelic-Synthetics
X-Req
X-Atg-Version
X-GoCache-CacheStatus
X-Surge-Debug
NODE
X-Nc
X-Varnish-Ttl
Hostname
CACHE
NnCoection
X-CLOUD-TRACE-CONTEXT
X-GRACE
X-Edge-IP
X-COUNTRY
X-Origin-Expires
X-DC
X-Page-Type
X-Aed
X-Time
X-Origin-Date
X-Server-W
GeoIp-Country-Code
X-Ms-Lease-State
X-Cache-Control-Set-By
Pramga
X-HCF
X-Varnish-HitMiss
Geoip-Latitude
X-CSRF-Token
X-Oracle-Dms-Ecid
TSSecure
X-Varnish-Beresp-TTL
SD-X-WS
X-Cdn-Forward
X-Aicache-OS
A
WWW-Authenticate
X-Varnish-Url
X-Server-Group
Processtime
X-ABtesting
X-DataStream-MidMile-RTT
Geoip-City
X-DataStream-Origin-MEX-Latency
X-Amz-Cf-Pop
X-Flog
MS-CV
X-Datadome
X-Hello
X-Varnish-URL
X-Wa
X-WA
Cdn
X-Wix-Route-ID
PICS-Label
X-Ratelimit-Limit
Lfy
X-Auto-Login
Node
Mime-Version
X-CACHE-KEY
X-Geo
X-From-Cache
X-Edge-Server
FSS-Proxy
Dont-Set-Cookie
X-Akamai-Request-ID2
X-UPSTREAM-Address
FSS-Cache
Lb
X-Gdpr
Cdn-Request-Time
Cdn-Host
X-Use-Magma
X-Gen-Id
GeoIP-Country-Code
X-EC-Security-Audit
X-Sentry-ID
GeoIP-Latitude
X-Nananana
X-PAGE-TYPE
PageType
GeoIP-City
X-APP
X-RTag
X-SRV
COMMERCE-SERVER-SOFTWARE
X-Check-Cacheable
Ms-Operation-Id
X-Via-NSCOPI
Rt-Proxy-Cache
DataCenter
X-WR-MODIFICATION
X-Unique-Id
X-Env
X-Fastly-Backend-Reqs
X-Cache-HT
Is-Session-Tracking
X-Cookie
X-Optimization
X-Served-From
X-Cache-Id
Get-Access-Time
X-Load-Cache
X-Thanos
Who
Memcached
X-Proxy-Server
X-Cache-Info
X-GDPR
X-Bip
X-Dynatrace-Js-Agent
X-Be
X-Cache-FS-Status
X-FORWARDED-FOR
X-Request-Start
X-Meta-Tbi-Cache-Vertical
Pics-Label
X-MP-GENERATED-AT
Memory
X-Wix-Petri-Ex
X-Ibm-Trace
X-Fastly-Cache-Hits
X-PJAX-URL
Ws
X-Ver
X-Swift-Error
X-B3-SpanId
Group
X-Cache-Ttl
Cf-Ipcountry
V-Cache
X-HS-Status
X-RateLimit-Reset
X-Fe
Httpd-Identifier
X-PF-Uncompressing
GW-Server
UCS
X-CDN-Pop-IP
X-CDN-Pop
X-Shard
X-ServedByHost
X-SVT-ORM-VERSION
URI
X-NGINX-Cache
X-SVT-ORM-RULES
Powered-By
X-Dw-Trace-Id
Ohc-File-Size
X-ID
Amp-Access-Control-Allow-Source-Origin
X-VC
NX-Cache
AGE-Hash
X-Path-Route
X-Bug-Bounty
Version
X-User
X-GZIP
X-SB
Requestid
Serverid
X-StackifyID
CDN-Node
X-Varnish-Info
X-Ratelimit-Remaining
N-Cache
X-CacheKey
CDN-Cache
CDN-Cache-Hit
Cache-Hits
X-P-T
Xet-Cookie
X-LiteSpeed-Cache-Control
X-Goog-Meta-Goog-Reserved-File-Mtime
Apicache-Version
Apicache-Store
X-App
X-SD-PageType
X-Cache-Handler
X-Providence-Cookie
X-Route-Name
X-Is-Crawler
X-Flags
X-Litespeed-Cache-Control
X-ServerName
X-RequestId
X-Grace-Duration
Ohc-Response-Time
Https
X-Akamai-ERRuleID
X-Akamai-ERPolicy
Fastly-Soc-X-Request-Id