Threat Level: green Handler on Duty: Rick Wanner

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
Last-Modified
Accept-Ranges
Pragma
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
X-XSS-Protection
Expect-CT
Via
X-Cache
Age
Access-Control-Allow-Origin
Content-Security-Policy
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Served-By
X-Amz-Cf-Id
X-Varnish
Referrer-Policy
X-Timer
X-Xss-Protection
CF-Cache-Status
X-FRAME-OPTIONS
X-Request-Id
Access-Control-Allow-Headers
X-AspNet-Version
Access-Control-Allow-Methods
X-Runtime
X-Download-Options
Access-Control-Allow-Credentials
X-Drupal-Cache
X-Cacheable
Alt-Svc
X-Generator
Content-Security-Policy-Report-Only
X-Request-ID
X-Check
X-AspNetMvc-Version
Status
X-Cache-Status
X-Adblock-Key
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Iinfo
X-Permitted-Cross-Domain-Policies
X-Template
Content-Encoding
X-Language
X-Content-Security-Policy
X-Turbo-Charged-By
X-CDN
X-Type
Keep-Alive
X-Buckets
Xkey
X-AH-Environment
X-Backend
X-Cache-Group
WPE-Backend
Access-Control-Max-Age
X-Pass-Why
X-Age
X-Server
CF-Ray
Upgrade
X-POWERED-BY
EagleId
Access-Control-Expose-Headers
X-Via
X-Nginx-Cache-Status
X-Server-Powered-By
X-Pingback
X-Drupal-Dynamic-Cache
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Grace
X-Hacker
X-Amz-Request-Id
X-Amz-Id-2
X-UA-Device
Ali-Swift-Global-Savetime
X-Robots-Tag
Cf-Railgun
P3p
X-LiteSpeed-Cache
X-Envoy-Upstream-Service-Time
X-Proxy-Cache
X-Page-Speed
X-Ua-Compatible
Request-Context
Content-Location
X-Device
X-Ac
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Node
X-Cnection
X-Host
X-Amz-Version-Id
X-Cache-Lookup
Surrogate-Control
X-Server-Id
X-WebKit-CSP
X-Backend-Server
X-Rack-Cache
X-Rq
X-Response-Time
X-Application-Context
X-Readtime
X-CST
EagleEye-TraceId
Server-Timing
X-Url
Pinterest-Generated-By
X-Cloud-Trace-Context
X-OneAgent-JS-Injection
X-Instart-Request-ID
Request-Id
X-TTL
Report-To
X-Px
X-Country
X-Dns-Prefetch-Control
X-Clacks-Overhead
X-ORACLE-DMS-ECID
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Feature-Policy
Rating
Edge-Control
X-Country-Code
Allow
X-DynaTrace-JS-Agent
X-ESI
Charset
X-Server-Name
X-Powered-CMS
X-FTR-Request-ID
X-PC
X-DataDome
X-TtlSet
X-Vname
X-Origin-Cache
X-DynaTrace
NEL
X-MS-InvokeApp
X-Goog-Hash
X-Recruiting
X-Varnish-TTL
X-Cached
X-ORACLE-DMS-RID
X-Vhost
X-VARITI-CCR
X-GitHub-Request-Id
RTSS
Content-MD5
X-F-Cache
X-Version
X-Kinja-Revision
X-Kinja
X-Geo-Segment
X-GoogleNews-Bot
X-Cdn-Fetch
X-Kinja-Build
X-Exp-Id
X-Exp-Variant
X-Kinja-Server
X-Powered-By-Plesk
Public-Key-Pins
Accept-CH
PB-PID
PB-RID
X-Mobile-Rewrite
Arc-Version
X-Mod-Pagespeed
Pinterest-Version
X-Upstream-Env
X-Pinterest-Rid
X-D2id
Verso
X-Client-IP
MS-Author-Via
SPRequestGuid
X-CF-Powered-By
X-Abt-Application-Version
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-N
X-Dispatcher
X-SharePointHealthScore
X-Amz-Rid
AR-ATIME
AR-PoweredBy
AR-CACHE
Accept-CH-Lifetime
X-Navigation-Version
Nginx-Cache
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-T
X-Dw-Request-Base-Id
DynaTrace
X-Trace
X-Fastly-Request-ID
Paypal-Debug-Id
X-Do-Not-Hack
X-HeyJason
Permitted-Cross-Domain-Policies
X-Grace
X-Upstream
X-Varnish-Age
Arr-Disable-Session-Affinity
TCN
X-Forwarded-Proto
X-FastCGI-Cache
X-DIS-Request-ID
X-Amz-Meta-S3cmd-Attrs
X-Id
X-Hits
X-Origin-Upstream-Status
X-Shield-Request-Id
X-Pad
SPRequestDuration
SPIisLatency
AR-SID
X-Content-Options
X-Ruxit-JS-Agent
X-Content-Digest
X-Cache-Hit
Realpath
X-Logged-In
X-NF-Request-ID
X-IPLB-Instance
Access-Control-Request-Method
Mrf-Cache-Status
MRF-Tech
X-Acc-Meta-Resource-Type
X-Kinsta-Cache
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
X-B
X-Server-ID
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Storage-Class
X-SS-Set-Cookie
X-HW
X-Vcap-Request-Id
X-XRDS-Location
X-Debug
S
X-MSEdge-Ref
Service-Worker-Allowed
X-Ser
Server-Name
X-FTR-DC
X-Wix-Server-Artifact-Id
X-FTR-Cache-Status
X-FTR-Realm
X-FTR-Balancer
X-Country-Code-Real
X-PressLabs-Stats
X-FTR-Backend
X-FTR-Backend-Server
X-Frontend
Tracecode
X-Cache-Key
X-NewRelic-App-Data
AMP-Access-Control-Allow-Source-Origin
X-FTR-Expires
Rt-Fastcgi-Cache
Fastcgi-Cache
X-GUploader-UploadID
Eomportal-Instance
X-Oneagent-Js-Injection
Surrogate-Key
X-Forwarded-For
Alternate-Protocol
Cleartype
X-Cache-Rule
Cache-Status
X-Srv
Fastly-Restarts
Backend-Timing
X-Analytics
X-HS-Content-Id
X-HS-Hub-Id
X-VCache
X-Revision
Host
TP-L2-Cache
TP-Cache
X-Rid
X-User-Agent
X-NWS-LOG-UUID
X-Ttl
FilterID
X-Whom
Public-Key-Pins-Report-Only
X-Debug-Info
X-FTR-Cache-Host
X-RateLimit-Remaining
X-Akam-SW-Version
X-Oracle-Dms-Rid
X-AOL-HN
ServerID
X-Accel-Buffering
X-Cache-2
X-Varnish-Backend
X-Via-JSL
X-Content-Powered-By
X-Request-Received
X-Request-Processing-Time
Accept-Charset
X-XRDS-LOCATION
Front-End-Https
X-Webkit-CSP
X-Zen-Fury
X-Mobile
X-TA-CDN-Provider
X-Cdn
Viewport
X-Kinja-Server-Push
X-WPE-Loopback-Upstream-Addr
X-Cached-By
X-Node-Name
Liferay-Portal
X-App-Environment
X-B3-Traceid
X-LB-Cache
X-Magnolia-Registration
X-Content-Security-Policy-Report-Only
X-Varnish-Hostname
X-Page-Id
X-Cluster
X-Tumblr-Pixel-0
X-Tumblr-User
X-Tumblr-Pixel
X-Framework
X-B3-Sampled
X-Handled-By
Host-Header
X-Request-Guid
X-Device-Type
X-Cache-Control
X-Akamai-Edgescape
X-TT
X-Platform-Server
X-FB-Debug
X-Instance
Cache-Tag
X-Signature
X-B-Cache
Upgrade-Insecure-Requests
X-BCube-Filmed-By
DC
X-Hostname
X-Cache-Server
X-Correlation-Id
X-Origin-Server
Server-Node
X-TT-TIMESTAMP
MicrosoftSharePointTeamServices
Source
Retry-After
X-Amzn-Trace-Id
X-Accel-Expires
X-Contextid
X-Servedby
X-WA-Info
X-APP-VERSION
X-Middleton-Display
X-Sol
Display
HitInfo
HitType
Server-Info
X-Cache-Action
X-Varnish-Server
X-Cache-Operation
X-Distil-CS
X-Port
Content-Style-Type
Content-Script-Type
X-GeoIP
X-Generated-By
X-Edge-Location
X-Seen-By
X-Wix-Request-Id
X-Amz-Replication-Status
X-WebKit-CSP-Report-Only
Webserver
AsisCache
GEO-INFO
X-Tumblr-Pixel-1
X-RequestSource
X-Tumblr-Pixel-2
X-Geo-Country
X-S
X-Daa-Tunnel
X-Locale
Actual-Object-TTL
X-Status
X-Region
ServedBy
User-Agent
X-Jobs
Healthy
X-Edge-Cache
X-Edge-Cache-Key
X-FW-Static
X-FW-Type
X-FW-Server
X-FW-Serve
X-FW-Hash
X-Hyper-Cache
X-Response-Served-From
X-UUID
X-TX-ID
X-Drupal-Cache-Tags
X-Adobe-Loc
X-Adobe-Content
X-Varnish-Hits
SRV
X-DataStream-Cache-Status
X-Newrelic-App-Data
X-Varnish-Grace
Refresh
Filters
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Cache-TTL-Remaining
X-Amz-Server-Side-Encryption
IBM-Web2-Location
Response
X-Middleton-Response
S-Cnection
NGB
X-Fastcgi-Cache
X-Cache-Age
X-Esi
X-Cache-NE
X-Proxied
X-AppVersion
X-Az
X-Activity-Id
X-Content-Type
Payment
X-Pc-Appver
X-CDN-Forward
X-Pc-Hit
X-Pc-Key
Cache
X-Cache-Remote
X-App-Server
AR-Request-ID
X-ATG-Version
X-Cacheable-TTL
Datacenter
X-Cache-TTL
X-Ruxit-Js-Agent
X-Unique-ID
X-Vg-Webcache
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
Country
X-UA
Served-By
Edge-Cache-Tag
X-HS-Cache-Config
X-Akamai-Transformed
X-Mode
X-Correlation-ID
X-Sucuri-ID
X-ProcessESI
X-Is-Bot
X-RemovedCookies
X-Rendered-As
X-Detected-As
X-Real-IP
Machine
X-RN-RSRV
Load-Balancing
X-Varnish-IP
Meta-Geo
X-FC-Vary-Parameters
X-Proxy
X-Rocket-Nginx-Bypass
X-BB-IP
X-Tb
Mn-Server-Ip
X-Iejgwucgyu
X-Amz-Meta-Surrogate-Control
Access-Control-Allow-Method
X-Origin-Hint
X-Grey
X-Origin
Cache-Name
X-EIG-Tracking-Id
Backend
X-Cache-Category-Id
DB-Nickname
X-OCL
X-BYPASS-REASON
Property-Id
X-ServerID
Webcakes-App-Name
X-ProxyCache-Key
X-ProxyCache-Status
Webcakes-App-Version
X-PCL
X-Hosted-By
Webcakes-Region
User-Cache-Control
TWC-Privacy
TWC-Device-Class
TWC-Connection-Speed
X-Human
TWC-GeoIP-Country
TWC-GeoIP-LatLong
TWC-Locale-Group
X-CDN-Cache
X-Cache-Config
X-Viewer-Country
X-Debug-Cache
X-Format
X-OVcl-Cache
X-Cache-Var
X-Zipkin-Id
X-Environment-Context
L5d-Success-Class
X-ApacheServer
Now
S-Rt
ServerName
X-Access
X-Varnish-Cacheable
X-Varnish-Cache-Hits
Azure-SiteName
Azure-RegionName
Azure-SlotName
Azure-Version
Cache-Key
Azure-InstanceId
X-Generated
X-L-Path
X-Rule
X-Site-Version
X-Section
X-Upgrade-Enabled
X-Loop
X-NodeID
X-TNCMS
X-Hit
X-Routing-Service
X-Original-Request
X-Pubstack
X-JoinUs
X-OVcl
X-PERF
X-Cache-Var-Map
X-Agile
X-Agile-Id
X-Agile-Age
X-Timing-Wait
X-Backend-Name
X-SplitTest
Selected-FE
X-NGENIX-Cache
X-Proxy-Build
X-App-Name
X-AWS-Id
X-Ocache
X-VWS-Id
Access-Control-Request-Headers
X-CCM
X-Via-Fastly
X-LJ-Flow-ID
X-Www-Served-By
X-IP
X-TWH-CORRELATION-ID
X-HS-Combine-CSS
X-Source
X-Drupal-Cache-Contexts
X-Origin-CC
X-RateLimit-Limit
X-Xfnlog-Site
X-Storage
OT-Force-Account-Verify
X-Akamai-Request-ID
X-URL
HostName
X-Pc-Date
X-Pc-Host
X-Upstream-HT
X-Upstream-CT
X-Nginx-Cache
X-NC
X-Vgn-Hpd-Reason
X-Mrs-Cache
X-Mrs-Cache-Hits
X-Mshield-Cache-Status
X-Mrs-Age
Fastcgi-X-Cache-Version
Fastcgi-Useragent
Fastcgi-X-Cache
From-Origin
Powered-By-ChinaCache
X-Time-Microsecs
X-Litespeed-Cache
X-Amz-Apigw-Id
Pagespeed
X-NCache
X-Amzn-RequestId
X-Forwarded-Host
Fastly-SSL
XServer
X-Internal-Host
X-Microcachable
X-Feature
X-M-Log
X-M-Reqid
X-Distributor
X-Release
X-Qnm-Cache
X-UA-Device-Type
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
LB
X-Birta-Served
Pagetype
X-PHP-Backend
X-Birta-Cache-Post
X-Labrador-Cache-Channel
X-Ms-Lease-Status
X-Ms-Request-Id
X-Ms-Version
X-Ms-Blob-Type
NtCoent-Length
X-Cache-Backend
X-VG-TLSProxy
X-Twitter-Response-Tags
X-EdgeConnect-Cache-Status
X-Connection-Hash
MIME-Version
X-Transaction
X-Webkit-Csp
Time
X-B3-Spanid
Frame-Options
X-Instance-Name
X-GZip
X-V
X-C
X-Web-Node
X-A-Dam
X-A-Dgt
X-ARC
X-B-Cookie
X-BB-ID
X-S-Cookie
X-Application
X-Accel-Expires-Debug
X-A-Dcw
X-Cache-Bucket
X-A-Wwc
Cneonction
Www
MD5-Digest
BehaviorPad-Version
Arc-Country
Meta-Geo-Continent
NGX
Mobile-Detection-Method
Cache-Prefix
IsBot
X-SIPLIST1
Fly-Request-Id
Ec-Rule-Version
X-SRCache-Key
Host-ID
X-Server-Time
Ajk
VivaBuild
Viewtype
X-VG-WebServer
X-ScT
X-UE-Client-Country
X-A
X-Server-By
X-Sucuri-Cache
Server-Int
Rendered-Blocks
T-Server
V-Age
X-Trv-Group
X-A-Ccd
X-Via-CDN
X-Generated-In
X-PAYTM-SRV-ID
X-Generation-Time
X-Request-UUID
X-G
X-From
X-Developer
X-Died
Xc-Version
X-Dispatcher-Server
X-Rojux
X-IN-APIGATEWAY
X-NU-AKA-ACS-Version
X-No-Session
X-Region-Sid
X-Logtrace-Id
X-Redis-Cache
X-Org
X-IN-SSL-APIGATEWAY
X-IN-WAF
X-Irp-Debug
X-Destination
X-DPWN-IS-SECURE
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Rewrite-Enabled
X-Via-SSL
Fly-Cache
X-Via-Edge
X-CS
X-WebServer
X-CUA
X-Date
X-D
X-SERVER-NAME
X-Powered-By-ANYU
X-FireWall-Port
WZWS-RAY
X-NX-Host
HA-Geolat
X-RateLimit-Limit-Second
Ha-Gx-Prefs
HA-Servedtime
X-Node-Id
NodeID
HA-Geolon
X-Phone
X-RateLimit-Remaining-Second
GMS-Ver
HA-Urlpath
Magicmarker
HA-Georegion
X-Owner
HA-Geocity
HA-Cloudapp
X-Origin-TTL
Origin-Cache-Control
HA-Geocountry
HA-Ipaddr
X-Platform
X-Hnp-Log
X-Debug-Cookies
X-S-Maxage
X-Debug-Log
X-Eu-Site
X-External-Request-Id
X-Crawler
X-Amz-Meta-Cache-Control
X-Cache-CFC
X-Cache-Enabled
X-Block-Status
X-CGP
X-Core-Value
X-F5-Cache
X-Fastly-Cache
Server-Host
X-Key
X-Layer
Release
Pragrma
SN
X-Request-URI
X-Gen-Mode
Web-Mar-Node
X-GeoIP-City
X-Hl-Ver
Origin-Edge-Control
HA-Host
X-VServer
Country-Code
X-Wikidot-Backend
X-UnsetCookies
X-We-Are-Hiring
X-Wikidot-Static-Cache
X-Var-Ttl
AKAMAI
Backend-Name
X-NWS-UUID-VERIFY
X-App-Version
X-Varnish-Beresp-Ttl
X-Request-Time
X-HOST
X-Webstats-RespID
X-Backend-Host
X-Actual-URL
X-MI-In-Market
X-MSEdge-Features
X-Varnish-Action
X-Variation
X-Up
Uber-Trace-Id
X-TT-LOGID
True-Client-Country-4JS
Thinkindot-Control
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
X-Passed-To-BeforeDispatch
X-Passed-To
X-Nginx-Cache-Key
X-Backend-State
X-Secret
X-Response-By
X-Tumblr-Pixel-3
X-MSEdge-Flight
X-Cache-Host
X-Epic-Correlation-Id
X-Hash
X-Returned-From-DLL
X-ElasticPress-Search
X-Returned-From-PostProcessResponse
X-Returned-From-BeforeDispatch
X-Store
X-FW-Version
X-Gannett-Site-Version
X-Returned-From
X-VCT
X-Fetched-On
X-GeoIP-Country-Code
X-Developers
X-Cache-Expires
X-Cache-Srv
X-Location
X-Matched-Rule
X-Backend-Url
X-Cache-URL
X-Cdn-Origin
X-HTML-Minification-Powered-By
X-Croise-Owner
X-Clientip
X-Cdn-Srv
X-Backend-TTL
X-Reboot
Apple-News-Services-Handled
X-Stale
Apple-News-Services-Host
Heartbleed
X-Swa-Ws
Odigeo-Trace-Id
On-Server
X-ServiceProvider
X-Trace-Id
X-Thinkindot-L3
Origin
Apple-News-Services-Parsed-Url
X-RCS-CacheZone
X-Sf
Kp-EeAlive
Is-Eu
CDCHOST
Cache-Tags
X-Sn-Servicetimems
MI-Cache-Age
MI-Cache
MI-API
Apple-News-Services-Request-Url
X-Passed-To-PostProcessResponse
PFcat
Request-Time
Decoy-Debug-Status
X-Server-IP
X-Passed-To-DLL
Section-Io-Cache
Decoy-Debug-Key
Countrycode
Request-Country
Request-EU
Proxy-Connection
Decoy-Debug-TTL
Adler-Geo
Esi-Enabled
Platform
X-ShardId
X-Alternate-Cache-Key
X-Sorting-Hat-PodId
X-CACHE-AGE
X-Shopify-Stage
X-ShopId
X-Sorting-Hat-ShopId
Content-Disposition
X-Worker
PageSpeed
X-Device-Os
Fastly-Backend-Name
X-Core-Mission
X-Rebelmouse-Surrogate-Control
X-Fstrz
X-Ezoic-Cdn
X-Content-Age
X-Alicdn-Da-Ups-Status
Resin-Trace
RNT-Machine
Sid
Server-ID
RNT-Time
X-Servername
X-Skip-Cache
Fastly-SWR
Fastly-SIE
X-Ckpd-Fst-Backend
X-Rebelmouse-Cache-Control
X-Cluster-Node
X-Ua
X-Policy
HTTPS
Cteonnt-Length
X-Oracle-Dms-Ecid
X-Csrf-Token
Powered
ViewerVersion
X-Oss-Object-Type
X-Oss-Storage-Class
X-Oss-Server-Time
X-Oss-Request-Id
X-Oss-Hash-Crc64ecma
ProcessTime
X-Refresh
REQUESTUUID
CDN
X-Pf-Uncompressing
Ar-Sid
WP-Super-Cache
Warning
X-Servedbyhost
Xserver
X-Atg-Version
RequestId
X-Planisys-CDN-TTL
X-Proto
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
CF-IPCountry
X-Dc
X-Newrelic-Synthetics
Mail-Subject
We-Hiring
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
X-Real-Ip
X-Endurance-Cache-Level
X-GEO
X-TIME
X-Req
X-Cache-ASPX
X-Pjax-Url
X-Datadome
X-Surge-Debug
X-GoCache-CacheStatus
X-B3-TraceId
Hostname
Dnion-Transfer-Encoding
NODE
X-DC
X-Varnish-Ttl
X-Time
X-Edge-IP
X-Aed
X-CLOUD-TRACE-CONTEXT
CACHE
NnCoection
X-CSRF-Token
X-COUNTRY
Pramga
X-Origin-Expires
GeoIp-Country-Code
X-Page-Type
X-Origin-Date
Geoip-Latitude
X-Guploader-Uploadid
X-Varnish-Beresp-TTL
X-Nc
TSSecure
X-Varnish-HitMiss
X-Ms-Lease-State
X-Server-W
X-Cache-Control-Set-By
X-HCF
X-Aicache-OS
X-Geo
SD-X-WS
X-Cdn-Forward
MS-CV
X-Varnish-Url
WWW-Authenticate
A
X-Server-Group
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
X-Hello
X-ABtesting
X-Flog
Processtime
Geoip-City
X-WA
X-Amz-Cf-Pop
X-GRACE
X-Akamai-Request-ID2
X-Varnish-URL
X-Wix-Route-ID
X-Wa
PICS-Label
X-Auto-Login
Lfy
X-Ratelimit-Limit
X-From-Cache
Node
Cdn
FSS-Cache
X-UPSTREAM-Address
FSS-Proxy
Lb
Dont-Set-Cookie
X-APP
Cdn-Host
Cdn-Request-Time
X-Edge-Server
X-Gdpr
Mime-Version
X-Use-Magma
X-Nananana
X-RTag
X-Sentry-ID
Rt-Proxy-Cache
Ms-Operation-Id
GeoIP-Country-Code
GeoIP-Latitude
X-Via-NSCOPI
X-PAGE-TYPE
X-EC-Security-Audit
X-Gen-Id
PageType
X-Cache-Id
X-SRV
GeoIP-City
COMMERCE-SERVER-SOFTWARE
DataCenter
X-WR-MODIFICATION
Memcached
X-Cache-HT
X-Optimization
X-Check-Cacheable
X-Thanos
X-Served-From
X-Fastly-Backend-Reqs
Is-Session-Tracking
X-Cache-Info
X-Bip
Get-Access-Time
X-Env
X-Unique-Id
X-Cookie
X-CACHE-KEY
X-Load-Cache
X-GDPR
X-Proxy-Server
Who
X-Dynatrace-Js-Agent
X-Cache-FS-Status
Memory
X-MP-GENERATED-AT
X-Be
X-Request-Start
X-Fastly-Cache-Hits
X-FORWARDED-FOR
X-Swift-Error
X-HS-Status
Ws
X-PJAX-URL
Pics-Label
X-Meta-Tbi-Cache-Vertical
X-Wix-Petri-Ex
X-Ver
X-Ibm-Trace
V-Cache
X-Fe
Httpd-Identifier
UCS
GW-Server
X-HITS
Group
X-RateLimit-Reset
X-B3-SpanId
X-Cache-Ttl
X-ServedByHost
X-CDN-Pop-IP
X-SVT-ORM-VERSION
X-CDN-Pop
Requestid
X-SVT-ORM-RULES
X-Shard
URI
X-NGINX-Cache
Cf-Ipcountry
Powered-By
X-Dw-Trace-Id
X-ID
Amp-Access-Control-Allow-Source-Origin
Ohc-File-Size
AGE-Hash
X-Path-Route
Version
X-PF-Uncompressing
NX-Cache
Xet-Cookie
X-SB
X-User
X-VC
Cache-Hits
X-Bug-Bounty
X-GZIP
Serverid
X-Varnish-Info
X-Goog-Meta-Goog-Reserved-File-Mtime
CDN-Cache-Hit
X-CacheKey
CDN-Cache
X-Ratelimit-Remaining
X-LiteSpeed-Cache-Control
X-StackifyID
N-Cache
CDN-Node
X-P-T
Https
X-BBXSRF
X-BE
RequestUuid
Accept-Language
Locale
X-Cache-Debug
X-Content-Encoded-By
X-Urbn-Context-Path
X-Urbn-Site-Id
X-LI-UUID
X-LI-Proto
X-Li-Fabric
X-Li-Pop
Apicache-Version
X-Grace-Duration
X-Litespeed-Cache-Control
X-ServerName
X-Route-Name
Apicache-Store
X-Flags
X-Providence-Cookie
X-RequestId
X-SD-PageType
Ohc-Response-Time
X-Is-Crawler
X-Cache-Handler
X-Akamai-ERRuleID
X-Akamai-ERPolicy
Fastly-Soc-X-Request-Id