Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Pragma
Accept-Ranges
Last-Modified
Strict-Transport-Security
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
X-XSS-Protection
Expect-CT
Via
X-Cache
Age
Access-Control-Allow-Origin
Content-Security-Policy
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Served-By
X-Amz-Cf-Id
X-Varnish
Referrer-Policy
X-Request-Id
X-Timer
X-AspNet-Version
CF-Cache-Status
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Runtime
Access-Control-Allow-Credentials
X-Download-Options
X-Drupal-Cache
X-Cacheable
X-Generator
Content-Security-Policy-Report-Only
Alt-Svc
X-Xss-Protection
Status
X-AspNetMvc-Version
X-Check
X-Cache-Status
Timing-Allow-Origin
X-Adblock-Key
X-DNS-Prefetch-Control
X-Iinfo
X-FRAME-OPTIONS
X-Permitted-Cross-Domain-Policies
X-Content-Security-Policy
X-CDN
X-Template
Content-Encoding
X-Language
X-Turbo-Charged-By
X-Request-ID
X-Buckets
Keep-Alive
P3p
X-Type
X-AH-Environment
X-Via
Xkey
X-Backend
EagleId
X-Cache-Group
WPE-Backend
X-Age
X-Pass-Why
Access-Control-Max-Age
X-Server
X-Swift-SaveTime
X-Swift-CacheTime
X-Varnish-Cache
Ali-Swift-Global-Savetime
X-Pingback
X-Nginx-Cache-Status
Upgrade
X-Drupal-Dynamic-Cache
X-Server-Powered-By
Grace
Access-Control-Expose-Headers
X-Hacker
X-UA-Device
Cf-Railgun
X-Amz-Request-Id
X-Amz-Id-2
X-Robots-Tag
X-Ua-Compatible
X-Proxy-Cache
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-LiteSpeed-Cache
Request-Context
X-CST
X-Node
X-Ac
X-Device
X-Cache-Lookup
Content-Location
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Cnection
X-WebKit-CSP
X-Amz-Version-Id
X-Host
Surrogate-Control
X-Backend-Server
X-Rack-Cache
X-Response-Time
X-Px
X-Rq
X-Readtime
X-Url
X-Server-Id
Allow
Pinterest-Generated-By
X-Application-Context
X-Instart-Request-ID
X-Clacks-Overhead
Request-Id
X-OneAgent-JS-Injection
Server-Timing
EagleEye-TraceId
X-Country
X-Do-Not-Hack
Permitted-Cross-Domain-Policies
X-HeyJason
Report-To
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Country-Code
Edge-Control
Rating
Charset
X-Varnish-TTL
X-Server-ID
X-Cloud-Trace-Context
X-ESI
X-Powered-CMS
X-Vname
X-TtlSet
X-PC
X-FTR-Request-ID
X-Server-Name
X-MS-InvokeApp
X-CF-Powered-By
X-DataDome
X-Cached
X-Goog-Hash
NEL
X-Vhost
Feature-Policy
X-Recruiting
Public-Key-Pins
X-DynaTrace-JS-Agent
X-Origin-Cache
X-Powered-By-Plesk
X-Exp-Id
X-Exp-Variant
X-Cdn-Fetch
X-Geo-Segment
X-Kinja-Server
X-GoogleNews-Bot
X-Kinja-Revision
X-Kinja-Build
X-Kinja
X-TTL
X-VARITI-CCR
X-F-Cache
X-Ttl
X-T
X-DynaTrace
X-D2id
X-Dns-Prefetch-Control
X-Mod-Pagespeed
X-Version
Pinterest-Version
X-Pinterest-Rid
X-Upstream-Env
X-SharePointHealthScore
SPRequestGuid
Verso
X-Abt-Application-Version
X-Dispatcher
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
X-Client-IP
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-N
PB-PID
Arc-Version
PB-RID
X-Mobile-Rewrite
Content-MD5
X-Forwarded-Proto
RTSS
X-Amz-Rid
X-Cdn
X-Hits
X-GitHub-Request-Id
X-Navigation-Version
X-Dw-Request-Base-Id
Nginx-Cache
AR-ATIME
AR-PoweredBy
X-Ruxit-JS-Agent
Realpath
AR-CACHE
X-B
Paypal-Debug-Id
SPRequestDuration
SPIisLatency
X-Content-Digest
X-Grace
X-TEC-API-ORIGIN
X-Content-Options
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Upstream
X-Pad
X-Id
X-Shield-Request-Id
X-Varnish-Age
X-Kinsta-Cache
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
Access-Control-Request-Method
TCN
Arr-Disable-Session-Affinity
X-Acc-Meta-Resource-Type
X-NWS-LOG-UUID
X-Oneagent-Js-Injection
MRF-Tech
X-Mrf-Section-Lastmod
Mrf-Cache-Status
X-Mrf-Item-Lastmod
DynaTrace
X-Cache-Hit
X-Logged-In
MS-Author-Via
S
X-Trace
X-Zen-Fury
X-Vcap-Request-Id
X-HW
Front-End-Https
X-Origin-Upstream-Status
X-MSEdge-Ref
Cleartype
X-VCache
X-DIS-Request-ID
X-Frontend
Eomportal-Instance
X-HS-Content-Id
Surrogate-Key
X-HS-Hub-Id
X-FTR-Cache-Status
X-FTR-Realm
X-FTR-DC
X-FTR-Balancer
X-FTR-Expires
X-FTR-Backend
X-Country-Code-Real
X-FTR-Backend-Server
X-Cache-Rule
X-User-Agent
X-Via-JSL
X-PressLabs-Stats
X-Fastly-Request-ID
X-XRDS-Location
X-NF-Request-ID
X-Request-Processing-Time
Fastcgi-Cache
Alternate-Protocol
X-Forwarded-For
X-Request-Received
Service-Worker-Allowed
Tracecode
Cache-Status
MicrosoftSharePointTeamServices
AR-SID
X-Middleton-Display
X-Sol
X-IPLB-Instance
X-Hostname
Display
Server-Name
Backend-Timing
X-Analytics
Host
X-Ser
Rt-Fastcgi-Cache
X-FastCGI-Cache
FilterID
X-Az
X-Activity-Id
X-Varnish-Backend
X-AppVersion
X-Fastcgi-Cache
X-AOL-HN
Viewport
TP-L2-Cache
Public-Key-Pins-Report-Only
TP-Cache
Response
X-Whom
X-Oracle-Dms-Rid
X-Oracle-Dms-Ecid
X-Middleton-Response
X-Cache-2
X-Rid
X-Wix-Server-Artifact-Id
X-FTR-Cache-Host
X-Contextid
X-Proxied
X-SS-Set-Cookie
X-Revision
Powered-By-ChinaCache
X-Cache-Control
X-XRDS-LOCATION
ServerID
X-Magnolia-Registration
X-Debug
X-Srv
X-Content-Powered-By
Refresh
X-Cached-By
X-Debug-Info
X-Cache-Key
X-Litespeed-Cache
X-B3-Traceid
X-NewRelic-App-Data
X-Mobile
X-Cache-Server
X-Instance
X-WPE-Loopback-Upstream-Addr
X-Akam-SW-Version
X-CLOUD-TRACE-CONTEXT
X-ATG-Version
AMP-Access-Control-Allow-Source-Origin
HitInfo
Server-Info
HitType
X-Cache-Age
Accept-Charset
X-Page-Id
X-FB-Debug
X-Framework
X-LB-Cache
X-Generated-By
X-Content-Security-Policy-Report-Only
X-Daa-Tunnel
X-App-Environment
X-PHP-Backend
Cache-Tag
Retry-After
X-BCube-Filmed-By
X-B-Cache
X-Webkit-Csp
X-Varnish-Hostname
X-TT
X-Signature
X-App-Server
X-Request-Guid
X-Tumblr-Pixel-0
Host-Header
X-Tumblr-User
X-Geo-Country
X-Cache-Operation
X-Handled-By
Source
X-Tumblr-Pixel
X-Origin-Server
Server-Node
X-Device-Type
X-RateLimit-Remaining
X-Hyper-Cache
X-Varnish-Grace
X-Ruxit-Js-Agent
DC
X-Amzn-Trace-Id
Upgrade-Insecure-Requests
X-Drupal-Cache-Tags
X-APP-VERSION
X-Accel-Expires
X-Platform-Server
X-WA-Info
X-Varnish-Server
X-GUploader-UploadID
X-TT-TIMESTAMP
X-HOST
X-PC-AppVer
X-PC-Key
X-PC-Hit
MS-CV
Cartoon
X-Cache-Action
X-Akamai-Edgescape
Pagespeed
X-PC-Host
X-PC-Date
NGB
X-B3-Sampled
X-TA-CDN-Provider
Served-By
X-GeoIP
X-Jobs
X-WebKit-CSP-Report-Only
X-Accel-Buffering
Webserver
X-Locale
Filters
X-Correlation-ID
X-Cacheable-TTL
X-Cluster
X-Dynatrace-Js-Agent
ServedBy
Actual-Object-TTL
X-RTag
X-S
X-Node-Name
S-Cnection
X-Tumblr-Pixel-1
X-Newrelic-App-Data
AsisCache
X-Tumblr-Pixel-2
X-Source
X-Seen-By
X-Wix-Petri-Ex
X-FW-Hash
X-FW-Server
X-FW-Serve
X-Varnish-Hits
X-FW-Static
X-FW-Type
X-Wix-Request-Id
X-Cache-Config
X-RequestSource
X-Edge-Location
Fastly-Restarts
Liferay-Portal
X-Port
X-UA
X-Distil-CS
Datacenter
X-Guploader-Uploadid
X-ServedBy
X-Vg-Webcache
X-Amz-Replication-Status
X-Cache-TTL-Remaining
X-Ocache
Content-Script-Type
X-Correlation-Id
Cache
X-Drupal-Cache-Contexts
Content-Style-Type
GEO-INFO
X-Region
Country
X-UUID
Ohc-File-Size
X-Sucuri-ID
X-Internal-Host
X-GZip
X-UA-Device-Type
X-Amz-Meta-S3cmd-Attrs
X-Edge-Cache-Key
X-Microcachable
X-Edge-Cache
X-RateLimit-Limit
X-Cache-Remote
X-Adobe-Content
X-Adobe-Loc
Ar-Sid
X-Status
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Varnish-IP
X-Real-IP
X-Akamai-Transformed
X-Esi
X-Proxy
User-Agent
HostName
X-DataStream-Cache-Status
X-URL
Meta-Geo
X-Detected-As
X-Akamai-Request-ID
X-Generated
X-Rendered-As
X-App-Name
Machine
X-IP
X-RN-RSRV
Load-Balancing
X-Is-Bot
Access-Control-Allow-Method
X-JoinUs
X-Path-Route
X-Varnish-Cache-Hits
X-Timing-Wait
User-Cache-Control
X-Loop
Healthy
X-Web-Node
Selected-FE
X-OVcl-Cache
X-Agile-Age
X-Agile
X-OVcl
X-Agile-Id
X-TNCMS
X-Grey
X-Proxy-Build
X-Backend-Name
X-Cache-Category-Id
S-Rt
Payment
X-Human
Mn-Server-Ip
ServerName
X-Ezoic-Cdn
X-BYPASS-REASON
Backend
SRV
X-ProxyCache-Status
X-Debug-Cache
X-BB-IP
Xserver
X-Origin
X-Time-Microsecs
X-Tb
X-TX-ID
X-Instance-Name
X-ServerID
X-Upgrade-Enabled
X-ProxyCache-Key
X-Varnish-Cacheable
X-Hosted-By
X-FC-Vary-Parameters
X-Cache-Ttl
X-Amz-Server-Side-Encryption
X-Content-Type
X-Site-Version
Cache-Name
X-ApacheServer
Cache-Hits
Cache-Key
L5d-Success-Class
X-EIG-Tracking-Id
X-OCL
X-PCL
X-Original-Request
X-ProcessESI
X-PERF
X-NodeID
Now
X-Distributor
X-NCache
X-Viewer-Country
X-CDN-Cache
X-RemovedCookies
DB-Nickname
X-Unique-ID
X-TWH-CORRELATION-ID
X-Time
Azure-Version
IBM-Web2-Location
X-LJ-Flow-ID
X-VWS-Id
X-Via-Fastly
Azure-SlotName
X-AWS-Id
X-Www-Served-By
X-SplitTest
Azure-SiteName
X-CCM
Azure-InstanceId
X-Mode
AR-Request-ID
Azure-RegionName
TWC-Connection-Speed
Webcakes-App-Version
X-MP-GENERATED-AT
Property-Id
Webcakes-App-Name
Webcakes-Region
X-Access
X-Origin-Hint
TWC-GeoIP-Country
X-Xfnlog-Site
TWC-GeoIP-LatLong
TWC-Device-Class
TWC-Locale-Group
X-Section
TWC-Privacy
X-Pubstack
X-Geo
X-Amz-Meta-Surrogate-Control
X-CDN-Forward
X-Vgn-Hpd-Reason
X-Format
X-Zipkin-Id
X-Routing-Service
X-Origin-CC
X-Dc
Dont-Set-Cookie
X-Webstats-RespID
LB
X-Storage
X-HS-Cache-Config
Edge-Cache-Tag
X-Proto
X-Generation-Time
X-NGENIX-Cache
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Cache-NE
X-B3-Spanid
X-Cache-HT
Countrycode
X-Sucuri-Cache
X-Optimization
X-Rocket-Nginx-Bypass
X-Labrador-Cache-Channel
Apicache-Store
Apicache-Version
X-Nc
X-Newrelic-Synthetics
Access-Control-Request-Headers
X-Meta-Tbi-Cache-Vertical
X-Birta-Served
X-Birta-Cache-Post
X-Tumblr-Pixel-3
X-Cache-Backend
Fastly-SSL
X-Nf-Srv-Version
X-Real-Ip
X-L-Path
X-Environment-Context
X-Rule
X-Transaction
X-Connection-Hash
Accept-CH
X-Twitter-Response-Tags
X-SERVER-NAME
Ec-Rule-Version
WZWS-RAY
From-Origin
Ws
NnCoection
X-Oss-Hash-Crc64ecma
X-Oss-Server-Time
X-Oss-Storage-Class
X-Oss-Request-Id
X-Oss-Object-Type
X-Hit
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-EdgeConnect-Cache-Status
X-Alicdn-Da-Ups-Status
X-Upstream-HT
Cteonnt-Length
PageSpeed
X-Upstream-CT
NODE
X-Servedby
X-Cache-Enabled
X-CCM-LastModified
T-Server
Host-ID
GMS-Ver
Fly-Cache
SN
Fly-Request-Id
Country-Code
Cache-Prefix
MI-Cache-Age
MI-Cache
Meta-Geo-Continent
Cneonction
Rendered-Blocks
BehaviorPad-Version
Resin-Trace
Thinkindot-CacheControl
MD5-Digest
Server-Host
X-B-Cookie
X-Response-By
X-Region-Sid
X-Rewrite-Enabled
X-Rojux
X-ScT
X-S-Cookie
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-MI-In-Market
X-Matched-Rule
X-NU-AKA-ACS-Version
X-PAYTM-SRV-ID
X-Planisys-CDN-Cache
X-Server-By
X-Server-Time
X-Via-CDN
X-VG-WebServer
X-Via-Edge
X-We-Are-Hiring
Xc-Version
X-Wix-Route-ID
X-UE-Client-Country
X-TT-LOGID
X-SVT-ORM-RULES
X-SRCache-Key
X-SVT-ORM-VERSION
X-Thinkindot-L3
X-Trv-Group
X-Hl-Ver
X-Hash
X-A-Dcw
X-A-Dam
X-A-Dgt
X-A-Wwc
X-Application
X-Accel-Expires-Debug
X-A-Ccd
X-A
V-Age
Thinkindot-Control
VivaBuild
Warning
Www
X-ARC
X-BB-ID
X-Fetched-On
X-Died
X-From
X-G
X-Generated-In
X-Developer
X-Destination
X-CF-Lambda-Fn
X-BBXSRF
X-CF-Lambda-Version
X-D
X-Date
Thinkindot-CacheControl-Type
Viewtype
X-SERVER
ProcessTime
X-M-Reqid
X-Qnm-Cache
X-HS-Combine-CSS
X-M-Log
X-App-Version
X-Backend-Url
X-Backend-State
X-Backend-Host
X-Cache-Bucket
X-Alternate-Cache-Key
X-CS
X-Dispatcher-Server
X-Edge-IP
X-ElasticPress-Search
Web-Mar-Node
X-Core-Mission
X-Crawler
X-Cache-URL
Server-ID
Origin-Cache-Control
Origin-Edge-Control
NGX
Kp-EeAlive
IsBot
PFcat
Proxy-Connection
X-Env
Server-Int
Request-EU
Request-Country
Release
Uber-Trace-Id
X-GeoIP-Country-Code
X-Server-IP
X-ServiceProvider
X-Ver
X-S-Maxage
X-Release
X-WebServer
X-Sf
X-ShardId
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-SIPLIST1
X-Shopify-Stage
X-ShopId
X-RCS-CacheZone
X-Worker
X-IN-SSL-APIGATEWAY
X-IN-WAF
X-IN-APIGATEWAY
X-Hnp-Log
X-GeoIP-City
Httpd-Identifier
X-Info
X-Logtrace-Id
X-Origin-Expires
X-P-T
X-Origin-Date
X-Node-Id
X-No-Session
X-Gen-Mode
X-Block-Status
Ajk
Fastly-Soc-X-Request-Id
Decoy-Debug-TTL
Decoy-Debug-Key
Decoy-Debug-Status
X-GoCache-CacheStatus
X-V
X-C
Ms-Operation-Id
Time
X-HCF
X-Amz-Meta-Cache-Control
CDCHOST
X-Org
X-Fstrz
X-Actual-URL
X-Backend-TTL
Apple-News-Services-Request-Url
Who
AKAMAI
Fastly-SIE
X-Passed-To-DLL
X-Passed-To-BeforeDispatch
Apple-News-Services-Handled
Apple-News-Services-Host
Fastly-Backend-Name
Apple-News-Services-Parsed-Url
X-Forwarded-Host
X-NX-Host
X-Passed-To
X-Eu-Site
X-DPWN-IS-SECURE
X-CGP
XServer
X-Cdn-Srv
X-Cdn-Origin
X-Device-Os
X-Clientip
Content-Disposition
X-Debug-Log
X-Core-Value
HA-Host
X-Cache-Time
X-Cache-Srv
X-Cache-CFC
X-Cache-ASPX
X-Epic-Correlation-Id
X-Debug-Cookies
X-Cache-Control-Set-By
Cdn-Host
Cdn-Request-Time
X-Cache-Host
X-Edge-Server
X-Cache-Expires
X-Fastly-Cache
X-Passed-To-PostProcessResponse
HA-Georegion
X-Server-Group
HA-Geolon
X-Sn-Servicetimems
Platform
Fastly-SWR
X-VG-TLSProxy
Pragrma
Powered-By
HA-Cloudapp
HA-Geocity
X-User
X-Up
HA-Geolat
X-UnsetCookies
HA-Geocountry
Odigeo-Trace-Id
Origin
On-Server
X-Varnish-HitMiss
X-VServer
Is-Eu
X-Reboot
HA-Ipaddr
X-Req
X-Request-URI
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
True-Client-Country-4JS
X-Phone
X-Platform
Adler-Geo
HA-Servedtime
HA-Urlpath
HTTPS
X-Returned-From-DLL
X-Returned-From-PostProcessResponse
Ha-Gx-Prefs
Request-Time
X-Returned-From
Heartbleed
X-Returned-From-BeforeDispatch
X-Trace-Id
X-Nginx-Cache
X-WR-MODIFICATION
X-Stale
X-FireWall-Port
X-Origin-TTL
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-Refresh
X-Swa-Ws
Backend-Name
X-Skip-Cache
X-F5-Cache
Cache-Tags
X-Location
X-Var-Ttl
X-Developers
X-Ms-Blob-Type
X-Ms-Lease-Status
Ohc-Response-Time
MI-API
X-Ms-Version
Esi-Enabled
X-Ms-Request-Id
RNT-Time
RequestId
X-Ckpd-Fst-Backend
RNT-Machine
X-Content-Age
X-B3-TraceId
Mime-Version
X-Croise-Owner
X-Cdn-Forward
X-Redis-Cache
X-From-Cache
NtCoent-Length
X-Pjax-Url
UCS
Cdn
GW-Server
X-Servername
X-MSEdge-Flight
X-MSEdge-Features
X-Micro-Cache
X-Hail-Hydra
Dnion-Transfer-Encoding
X-Varnish-Beresp-TTL
X-CSRF-Token
X-TIME
X-Cache-Handler
X-Pf-Uncompressing
X-GRACE
X-Varnish-Beresp-Ttl
WP-Super-Cache
X-Cache-FS-Status
X-Request-Time
X-Varnish-Id
X-Varnish-Url
X-Via-SSL
Dynatrace
X-Thanos
X-Be
CF-IPCountry
X-Csrf-Token
X-COUNTRY
X-Bip
Memcached
X-GDPR
X-Page-Type
WWW-Authenticate
Is-Session-Tracking
PICS-Label
X-Powered-By-ANYU
Get-Access-Time
X-Cluster-Node
Rt-Proxy-Cache
X-Cache-Id
PageType
Memory
X-Cache-TTL
X-NC
X-NWS-UUID-VERIFY
X-Ua
X-Via-NSCOPI
X-Owner
X-Key
Frame-Options
X-Aicache-OS
MIME-Version
Geoip-Latitude
Geoip-City
NodeID
GeoIp-Country-Code
X-CUA
RATING
X-DataStream-MidMile-RTT
X-Kong-Upstream-Latency
FastCGI-Cache
X-Kong-Proxy-Latency
X-DataStream-Origin-MEX-Latency
X-External-Request-Id
Sta2Tusw
Mail-Subject
We-Hiring
X-Response-Served-From
X-Auto-Login
X-Webkit-CSP
X-ServedByHost
X-TId
X-Dynatrace
X-StackifyID
X-Atg-Version
X-Servedbyhost
CACHE
X-LiteSpeed-Cache-Control
X-UPSTREAM-Address
Section-Io-Cache
X-Frame-Option
X-ADI-VCache
X-Fastly-Backend-Reqs
Version
X-Shield-Cache-Expires
Node
X-CACHE-KEY
Magicmarker
X-Tid
X-Varnish-Action
If-Modified-Since
X-EC-Security-Audit
X-DC
X-Nananana
X-Bug-Bounty
Pramga
X-BE
GeoIP-Country-Code
GeoIP-Latitude
GeoIP-City
X-Load-Cache
X-Sentry-ID
COMMERCE-SERVER-SOFTWARE
X-Request-UUID
X-Ig-Deployment-Stage
Pics-Label
X-Haproxy-Hostname
Pagetype
X-Public
X-Haproxy-Ip
Processtime
CDN
X-Proxy-Server
X-ND-Cache
Cache-Cookie-Set-From
X-GEO
Cache-Cookie-Set-Idcheck
Cache-Provider
X-Variation
X-Cache-Debug
X-Varnish-Ttl
X-Shard
X-PAGE-TYPE
Cache-Cookie-Set-Lfrom
X-Surge-Debug
X-Gdpr
Group
X-Ratelimit-Remaining
V-Cache
Fastcgi-Useragent
X-Endurance-Cache-Level
URI
X-Varnish-URL
OT-Force-Account-Verify
X-Irp-Debug
Cf-Ipcountry
X-FORWARDED-FOR
Amp-Access-Control-Allow-Source-Origin
X-Server-W
X-Ibm-Trace
X-Datadome
X-Sorting-Hat-Section
X-Sorting-Hat-ShopId-Cached
X-Sorting-Hat-PrivacyLevel
Arc-Country
X-Wa
X-Pc-Appver
REQUESTUUID
X-Sorting-Hat-PodId-Cached
X-SRV
X-Pc-Key
Srv
X-Pc-Hit
Accept-Ch
X-Cache-Var
X-Cache-Var-Map
X-Sorting-Hat-FeatureSet
Hostname
X-Pc-Host
X-Pc-Date
Fastcgi-X-Cache
Powered
X-HTML-Minification-Powered-By
Fastcgi-X-Cache-Version
X-Ratelimit-Limit
Sid
X-Ms-Lease-State
X-Fastly-Cache-Hits
X-Gen-Id
X-PF-Uncompressing
X-ID
X-FW-Version
X-Layer
GEO-REGION-INFO
X-PJAX-URL
X-CacheKey
DataCenter
X-GZIP
X-Unique-Id
X-Requestid
X-Litespeed-Cache-Control
X-Nginx-Cache-Key
X-Served-From
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Front
X-Feature
X-B3-SpanId
X-Vcache
X-RequestId
X-Policy
N-Cache
Xet-Cookie
X-VG-WebCache
Serverid
X-Grace-Duration
X-APP
X-Dw-Trace-Id
X-Amz-Meta-S3b-Last-Modified
X-Svr
X-SB
X-Amz-Meta-Sha256
X-NGINX-Cache
Lb
X-Distil-Cs
X-VC
X-CDN-Pop-IP
X-Varnish-Info
X-CDN-Pop
X-DW
X-RPS
SID
X-WA
X-RSL
X-DSS
X-VID
X-RPM
Requestid
X-Akamai-ERRuleID
X-Fe
X-Akamai-ERPolicy
X-RAMCache
X-Cookie
X-Varnish-ID
X-DB
X-ServerName
X-Amzn-Remapped-Connection
X-Amzn-Remapped-Date
X-DI
X-HS-Status
X-Request-Start