Threat Level: green Handler on Duty: Rick Wanner

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
Last-Modified
Accept-Ranges
Pragma
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
X-XSS-Protection
Expect-CT
Via
X-Cache
Age
Access-Control-Allow-Origin
Content-Security-Policy
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Served-By
X-Amz-Cf-Id
X-Varnish
Referrer-Policy
X-Timer
X-Xss-Protection
CF-Cache-Status
X-FRAME-OPTIONS
X-Request-Id
Access-Control-Allow-Headers
X-AspNet-Version
Access-Control-Allow-Methods
X-Runtime
X-Download-Options
Access-Control-Allow-Credentials
X-Drupal-Cache
X-Cacheable
Alt-Svc
X-Generator
Content-Security-Policy-Report-Only
X-Request-ID
X-Check
X-AspNetMvc-Version
Status
X-Cache-Status
X-Adblock-Key
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Iinfo
X-Permitted-Cross-Domain-Policies
X-Template
Content-Encoding
X-Language
X-Content-Security-Policy
X-Turbo-Charged-By
X-CDN
X-Type
Keep-Alive
X-Buckets
Xkey
X-AH-Environment
X-Backend
X-Cache-Group
WPE-Backend
Access-Control-Max-Age
X-Pass-Why
X-Age
P3p
X-Server
CF-Ray
Upgrade
X-POWERED-BY
EagleId
Access-Control-Expose-Headers
X-Via
X-Nginx-Cache-Status
X-Server-Powered-By
X-Pingback
X-Drupal-Dynamic-Cache
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Grace
X-Hacker
X-Amz-Request-Id
X-Amz-Id-2
X-UA-Device
Ali-Swift-Global-Savetime
X-Robots-Tag
Cf-Railgun
X-LiteSpeed-Cache
X-Proxy-Cache
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Ua-Compatible
Request-Context
Content-Location
X-Device
X-Ac
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Node
X-Host
X-Cnection
X-Amz-Version-Id
X-Cache-Lookup
Surrogate-Control
X-Server-Id
X-WebKit-CSP
X-Backend-Server
X-Rack-Cache
X-Rq
X-Response-Time
X-Application-Context
X-Readtime
X-CST
EagleEye-TraceId
Server-Timing
Pinterest-Generated-By
X-Url
X-Cloud-Trace-Context
X-TTL
X-OneAgent-JS-Injection
X-Instart-Request-ID
Request-Id
Report-To
X-Px
X-Dns-Prefetch-Control
X-ORACLE-DMS-ECID
X-Country
X-Clacks-Overhead
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Feature-Policy
Rating
Edge-Control
X-Country-Code
Allow
X-DynaTrace-JS-Agent
X-DataDome
Charset
X-Powered-CMS
X-FTR-Request-ID
X-PC
X-Vname
X-TtlSet
X-ESI
X-Origin-Cache
X-Server-Name
X-DynaTrace
NEL
X-MS-InvokeApp
X-ORACLE-DMS-RID
X-Goog-Hash
X-Recruiting
X-Varnish-TTL
X-Cached
X-Vhost
X-VARITI-CCR
X-GitHub-Request-Id
Content-MD5
RTSS
X-F-Cache
X-Version
X-Exp-Id
X-Cdn-Fetch
X-Exp-Variant
X-Kinja-Build
X-Kinja-Revision
X-Kinja-Server
X-GoogleNews-Bot
X-Kinja
X-Geo-Segment
X-Powered-By-Plesk
Public-Key-Pins
Accept-CH
PB-PID
PB-RID
X-Mobile-Rewrite
Arc-Version
X-Mod-Pagespeed
X-Upstream-Env
Pinterest-Version
X-Pinterest-Rid
X-D2id
Verso
X-Client-IP
SPRequestGuid
MS-Author-Via
X-Abt-Application-Version
X-CF-Powered-By
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-N
X-Dispatcher
X-SharePointHealthScore
X-Amz-Rid
AR-PoweredBy
AR-ATIME
AR-CACHE
X-Navigation-Version
Accept-CH-Lifetime
Nginx-Cache
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-T
X-Dw-Request-Base-Id
DynaTrace
X-Trace
X-Fastly-Request-ID
Paypal-Debug-Id
X-HeyJason
X-Do-Not-Hack
Permitted-Cross-Domain-Policies
X-Grace
X-Upstream
X-Varnish-Age
Arr-Disable-Session-Affinity
TCN
X-Forwarded-Proto
X-FastCGI-Cache
X-DIS-Request-ID
X-Amz-Meta-S3cmd-Attrs
X-Id
X-Hits
X-Origin-Upstream-Status
X-Shield-Request-Id
SPRequestDuration
SPIisLatency
X-Pad
AR-SID
X-Ruxit-JS-Agent
X-Content-Options
X-Cdn
X-Cache-Hit
X-Content-Digest
Realpath
X-IPLB-Instance
X-Logged-In
X-NF-Request-ID
X-Kinsta-Cache
MRF-Tech
Access-Control-Request-Method
X-Mrf-Section-Lastmod
X-Acc-Meta-Resource-Type
Mrf-Cache-Status
X-Mrf-Item-Lastmod
X-B
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Server-ID
X-Goog-Stored-Content-Length
X-SS-Set-Cookie
X-HW
X-Vcap-Request-Id
X-XRDS-Location
S
X-Debug
X-MSEdge-Ref
Service-Worker-Allowed
X-Ser
Server-Name
X-PressLabs-Stats
X-FTR-Backend-Server
X-FTR-Realm
X-FTR-Balancer
X-FTR-Cache-Status
X-FTR-DC
X-Wix-Server-Artifact-Id
X-FTR-Backend
X-Country-Code-Real
X-Frontend
X-Cache-Key
Tracecode
X-NewRelic-App-Data
AMP-Access-Control-Allow-Source-Origin
X-FTR-Expires
Rt-Fastcgi-Cache
Fastcgi-Cache
X-GUploader-UploadID
Eomportal-Instance
X-Forwarded-For
X-Oneagent-Js-Injection
Surrogate-Key
Alternate-Protocol
Cleartype
X-Cache-Rule
Cache-Status
X-Srv
X-Analytics
Backend-Timing
X-HS-Content-Id
X-HS-Hub-Id
Fastly-Restarts
Host
TP-Cache
TP-L2-Cache
X-Revision
X-VCache
X-Rid
X-User-Agent
X-NWS-LOG-UUID
FilterID
X-Whom
Public-Key-Pins-Report-Only
X-Debug-Info
X-FTR-Cache-Host
X-RateLimit-Remaining
X-Akam-SW-Version
X-AOL-HN
ServerID
X-Cache-2
X-Accel-Buffering
X-Varnish-Backend
X-Via-JSL
X-Content-Powered-By
X-XRDS-LOCATION
Accept-Charset
X-Request-Received
X-Request-Processing-Time
Front-End-Https
X-Mobile
X-Webkit-CSP
X-Zen-Fury
X-TA-CDN-Provider
Viewport
X-Kinja-Server-Push
X-WPE-Loopback-Upstream-Addr
X-Cached-By
X-Ttl
X-Oracle-Dms-Rid
X-Node-Name
Liferay-Portal
X-App-Environment
X-B3-Traceid
X-LB-Cache
Host-Header
X-Cluster
X-Content-Security-Policy-Report-Only
X-Page-Id
X-Magnolia-Registration
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Tumblr-User
X-Varnish-Hostname
X-B3-Sampled
X-Request-Guid
X-Akamai-Edgescape
X-Framework
X-Handled-By
X-Cache-Control
X-TT
X-Device-Type
Cache-Tag
X-Platform-Server
X-Signature
X-FB-Debug
X-B-Cache
X-BCube-Filmed-By
X-Instance
Upgrade-Insecure-Requests
DC
X-Hostname
X-Cache-Server
X-Correlation-Id
X-Origin-Server
Server-Node
X-TT-TIMESTAMP
MicrosoftSharePointTeamServices
Source
Retry-After
X-Amzn-Trace-Id
X-Accel-Expires
X-Contextid
X-WA-Info
X-Servedby
X-APP-VERSION
X-Sol
Display
X-Middleton-Display
X-Cache-Action
HitInfo
HitType
Server-Info
X-Varnish-Server
X-Distil-CS
X-Cache-Operation
X-Port
X-Esi
Content-Script-Type
Content-Style-Type
X-Seen-By
X-Wix-Request-Id
X-Amz-Replication-Status
X-Generated-By
X-GeoIP
X-Edge-Location
X-Tumblr-Pixel-2
X-Daa-Tunnel
X-Tumblr-Pixel-1
X-Geo-Country
Webserver
AsisCache
GEO-INFO
X-S
X-WebKit-CSP-Report-Only
X-RequestSource
X-Locale
Actual-Object-TTL
X-Status
X-Varnish-Hits
X-Hyper-Cache
X-FW-Static
User-Agent
X-UUID
X-Response-Served-From
X-TX-ID
X-Edge-Cache-Key
X-FW-Serve
X-FW-Server
X-FW-Hash
X-FW-Type
ServedBy
Healthy
X-Edge-Cache
X-Region
X-Jobs
X-Adobe-Content
X-Drupal-Cache-Tags
X-Adobe-Loc
X-DataStream-Cache-Status
SRV
X-Newrelic-App-Data
Refresh
X-Varnish-Grace
X-Yottaa-Optimizations
Filters
X-Yottaa-Metrics
X-Middleton-Response
X-Cache-TTL-Remaining
S-Cnection
IBM-Web2-Location
X-Amz-Server-Side-Encryption
Response
NGB
X-Fastcgi-Cache
X-CDN-Forward
X-Cache-Age
X-Proxied
X-Cache-NE
X-ATG-Version
X-URL
Payment
X-Activity-Id
X-Content-Type
X-AppVersion
X-Az
X-Pc-Appver
X-Pc-Key
X-Pc-Hit
X-Cache-Remote
X-App-Server
AR-Request-ID
X-UA
X-Cacheable-TTL
X-Ruxit-Js-Agent
X-Unique-ID
X-Cache-TTL
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Vg-Webcache
Country
Datacenter
Cache
Served-By
Edge-Cache-Tag
X-HS-Cache-Config
X-Akamai-Transformed
X-Correlation-ID
X-Mode
X-Sucuri-ID
Meta-Geo
X-RemovedCookies
X-Is-Bot
X-ProcessESI
X-Detected-As
X-Rendered-As
X-RN-RSRV
X-Varnish-IP
Load-Balancing
Machine
X-Proxy
X-Rocket-Nginx-Bypass
X-FC-Vary-Parameters
DB-Nickname
X-BYPASS-REASON
X-BB-IP
X-Origin-Hint
X-PCL
X-Cache-Category-Id
X-Hosted-By
X-Amz-Meta-Surrogate-Control
TWC-GeoIP-LatLong
Webcakes-App-Name
TWC-Privacy
X-Origin
TWC-Locale-Group
Webcakes-Region
Webcakes-App-Version
X-EIG-Tracking-Id
X-ProxyCache-Key
Mn-Server-Ip
Property-Id
X-Grey
User-Cache-Control
Backend
X-OCL
TWC-Connection-Speed
X-Varnish-Cacheable
TWC-GeoIP-Country
X-ProxyCache-Status
TWC-Device-Class
X-Human
X-Tb
X-ServerID
Access-Control-Allow-Method
Cache-Name
X-Iejgwucgyu
X-JoinUs
Cache-Key
X-Hit
X-L-Path
Now
X-NodeID
X-Loop
X-Generated
X-Original-Request
X-Format
Azure-Version
Azure-SlotName
Azure-SiteName
Azure-InstanceId
X-Cache-Config
X-ApacheServer
X-Environment-Context
X-Debug-Cache
X-CDN-Cache
X-OVcl
X-OVcl-Cache
X-Viewer-Country
L5d-Success-Class
X-Varnish-Cache-Hits
X-Upgrade-Enabled
S-Rt
X-Zipkin-Id
X-Rule
X-Cache-Var-Map
X-Cache-Var
X-TNCMS
ServerName
Azure-RegionName
X-Pubstack
X-PERF
X-Routing-Service
X-Section
X-Access
X-Site-Version
X-Agile-Age
Selected-FE
X-Agile-Id
X-Agile
X-LJ-Flow-ID
X-Timing-Wait
X-SplitTest
X-Via-Fastly
X-VWS-Id
X-Www-Served-By
X-Proxy-Build
X-Ocache
X-Backend-Name
X-AWS-Id
X-CCM
X-IP
X-NGENIX-Cache
X-App-Name
X-TWH-CORRELATION-ID
Access-Control-Request-Headers
X-HS-Combine-CSS
X-Origin-CC
X-Drupal-Cache-Contexts
X-Source
X-Real-IP
X-Xfnlog-Site
X-Storage
OT-Force-Account-Verify
X-Akamai-Request-ID
X-Pc-Host
X-Upstream-HT
X-Pc-Date
X-Upstream-CT
HostName
X-Nginx-Cache
X-NC
X-Vgn-Hpd-Reason
X-Mrs-Cache
X-Mrs-Age
X-Mrs-Cache-Hits
X-Mshield-Cache-Status
XServer
Fastcgi-X-Cache-Version
From-Origin
Fastcgi-Useragent
Fastcgi-X-Cache
X-RateLimit-Limit
Powered-By-ChinaCache
X-Time-Microsecs
X-Litespeed-Cache
X-Amzn-RequestId
X-NCache
X-Amz-Apigw-Id
X-Forwarded-Host
Pagespeed
X-Internal-Host
Fastly-SSL
X-UA-Device-Type
X-Microcachable
X-SERVER-NAME
X-Release
X-M-Log
X-Feature
X-M-Reqid
X-Distributor
X-Qnm-Cache
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
LB
X-Birta-Served
X-Birta-Cache-Post
X-PHP-Backend
Pagetype
X-Ms-Request-Id
X-Ms-Blob-Type
X-Ms-Lease-Status
X-Ms-Version
X-Labrador-Cache-Channel
NtCoent-Length
X-Cache-Backend
X-VG-TLSProxy
X-EdgeConnect-Cache-Status
X-Twitter-Response-Tags
X-Transaction
X-Connection-Hash
MIME-Version
X-Webkit-Csp
Time
X-B3-Spanid
Frame-Options
X-V
X-C
X-GZip
X-Web-Node
X-Instance-Name
X-IN-WAF
X-Irp-Debug
X-Rewrite-Enabled
AKAMAI
X-S-Cookie
Ajk
X-CS
X-D
X-CUA
X-Redis-Cache
X-Rojux
X-CF-Lambda-Version
BehaviorPad-Version
Arc-Country
X-CF-Lambda-Fn
X-SRCache-Key
X-Date
Ec-Rule-Version
X-UE-Client-Country
X-DPWN-IS-SECURE
X-BB-ID
Cneonction
Fly-Request-Id
Fly-Cache
X-Dispatcher-Server
X-Died
X-Sucuri-Cache
X-Destination
X-Trv-Group
X-Cache-Bucket
X-Developer
X-SIPLIST1
Host-ID
X-A-Dcw
X-A-Dgt
X-NU-AKA-ACS-Version
X-A-Dam
X-Request-UUID
X-A-Ccd
X-Region-Sid
X-Org
X-IN-APIGATEWAY
X-Accel-Expires-Debug
X-Via-Edge
X-A-Wwc
X-Via-SSL
Mobile-Detection-Method
X-WebServer
X-Generated-In
VivaBuild
Rendered-Blocks
X-Logtrace-Id
Viewtype
Server-Int
V-Age
Xc-Version
X-Server-By
X-No-Session
X-Generation-Time
X-A
Www
X-Server-Time
Meta-Geo-Continent
NGX
X-B-Cookie
X-G
X-ScT
X-ARC
X-Application
X-From
IsBot
X-VG-WebServer
X-IN-SSL-APIGATEWAY
X-PAYTM-SRV-ID
T-Server
MD5-Digest
X-Via-CDN
Cache-Prefix
X-FireWall-Port
X-Powered-By-ANYU
WZWS-RAY
Pragrma
Release
SN
HA-Host
Request-Time
HA-Servedtime
X-Cache-Enabled
Server-Host
Web-Mar-Node
HA-Ipaddr
Country-Code
Ha-Gx-Prefs
HA-Geocity
HA-Geocountry
Magicmarker
NodeID
HA-Urlpath
GMS-Ver
HA-Cloudapp
HA-Geolat
X-Block-Status
HA-Georegion
X-Amz-Meta-Cache-Control
HA-Geolon
Origin-Edge-Control
Origin-Cache-Control
X-S-Maxage
X-Cache-CFC
X-UnsetCookies
X-RateLimit-Limit-Second
X-Platform
X-GeoIP-City
X-Fastly-Cache
X-RateLimit-Remaining-Second
X-F5-Cache
X-Var-Ttl
X-Layer
X-Origin-TTL
X-Key
X-Varnish-Action
Backend-Name
X-We-Are-Hiring
X-VServer
X-NX-Host
X-Owner
X-Gen-Mode
X-Node-Id
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-Phone
X-Eu-Site
X-External-Request-Id
X-Crawler
X-Debug-Log
X-Core-Value
X-Hnp-Log
X-CGP
X-Hl-Ver
X-Debug-Cookies
X-Request-URI
X-Varnish-Beresp-Ttl
X-HOST
X-Request-Time
X-Webstats-RespID
X-NWS-UUID-VERIFY
X-App-Version
X-Matched-Rule
X-Location
Thinkindot-CacheControl
X-Response-By
X-GeoIP-Country-Code
X-HTML-Minification-Powered-By
Thinkindot-CacheControl-Type
Thinkindot-Control
X-Server-IP
X-MSEdge-Features
X-Nginx-Cache-Key
X-MI-In-Market
Uber-Trace-Id
X-MSEdge-Flight
True-Client-Country-4JS
X-Secret
X-Fetched-On
X-Developers
X-Cache-Expires
X-ElasticPress-Search
X-Returned-From-PostProcessResponse
X-Backend-Url
X-Epic-Correlation-Id
X-Croise-Owner
X-Cache-Host
X-Cdn-Origin
X-Cdn-Srv
X-Cache-URL
X-Clientip
X-Cache-Srv
X-Backend-TTL
X-Backend-State
X-Passed-To-DLL
X-Passed-To-PostProcessResponse
X-Actual-URL
X-Returned-From
X-Passed-To-BeforeDispatch
X-Gannett-Site-Version
X-FW-Version
X-Reboot
X-Returned-From-DLL
X-RCS-CacheZone
X-Backend-Host
X-Returned-From-BeforeDispatch
X-Passed-To
X-Thinkindot-L3
Countrycode
Decoy-Debug-Key
X-Stale
X-Swa-Ws
CDCHOST
Decoy-Debug-Status
Decoy-Debug-TTL
X-Sf
Is-Eu
Heartbleed
X-Sn-Servicetimems
Esi-Enabled
Cache-Tags
Apple-News-Services-Request-Url
X-Variation
X-Up
X-Hash
X-Store
X-VCT
X-TT-LOGID
Adler-Geo
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Apple-News-Services-Handled
X-Trace-Id
X-ServiceProvider
X-Tumblr-Pixel-3
Origin
MI-API
MI-Cache-Age
Request-EU
Request-Country
Odigeo-Trace-Id
Proxy-Connection
Kp-EeAlive
Section-Io-Cache
PFcat
Platform
On-Server
MI-Cache
X-Sorting-Hat-PodId
X-Alternate-Cache-Key
X-CACHE-AGE
X-ShardId
X-ShopId
X-Shopify-Stage
X-Sorting-Hat-ShopId
X-COUNTRY
X-Device-Os
X-Core-Mission
Resin-Trace
PageSpeed
HTTPS
X-Worker
Sid
X-Rebelmouse-Cache-Control
X-Fstrz
RNT-Time
RNT-Machine
X-Alicdn-Da-Ups-Status
X-Skip-Cache
X-Ezoic-Cdn
X-Ckpd-Fst-Backend
Fastly-SWR
X-Content-Age
X-Servername
Fastly-Backend-Name
X-Rebelmouse-Surrogate-Control
Content-Disposition
Fastly-SIE
Server-ID
X-Cluster-Node
X-Policy
Powered
REQUESTUUID
Cteonnt-Length
ViewerVersion
X-Csrf-Token
X-Oss-Server-Time
X-Oss-Request-Id
X-Oss-Storage-Class
WP-Super-Cache
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
ProcessTime
RequestId
X-Pf-Uncompressing
X-Refresh
X-Real-Ip
Ar-Sid
CDN
Warning
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Servedbyhost
X-Ua
X-Proto
X-Planisys-CDN-Cache
CF-IPCountry
X-TIME
X-Newrelic-Synthetics
X-Dc
Cache-Cookie-Set-Idcheck
We-Hiring
Mail-Subject
Cache-Cookie-Set-From
Cache-Cookie-Set-Lfrom
X-GEO
X-Endurance-Cache-Level
Xserver
CACHE
X-Req
X-Cache-ASPX
X-B3-TraceId
Dnion-Transfer-Encoding
X-Pjax-Url
X-GoCache-CacheStatus
X-Surge-Debug
X-Atg-Version
Hostname
X-DC
NODE
X-Varnish-Ttl
Geoip-Latitude
GeoIp-Country-Code
X-Aed
X-Edge-IP
X-Amz-Cf-Pop
X-CLOUD-TRACE-CONTEXT
NnCoection
X-CSRF-Token
Pramga
X-Page-Type
X-Origin-Date
X-Origin-Expires
X-Time
X-Varnish-Beresp-TTL
X-Guploader-Uploadid
X-Nc
TSSecure
X-Varnish-HitMiss
X-Server-W
X-Ms-Lease-State
X-HCF
X-Cache-Control-Set-By
X-Oracle-Dms-Ecid
SD-X-WS
X-Aicache-OS
X-Geo
X-Ratelimit-Limit
X-Varnish-Url
A
WWW-Authenticate
X-Server-Group
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
MS-CV
Processtime
X-WA
X-Hello
X-Flog
X-ABtesting
X-GRACE
Geoip-City
X-Datadome
X-Cdn-Forward
X-Varnish-URL
PICS-Label
X-Wa
X-Auto-Login
X-Wix-Route-ID
X-Akamai-Request-ID2
X-From-Cache
FSS-Cache
Cdn
Lfy
FSS-Proxy
Node
X-UPSTREAM-Address
X-Gdpr
Dont-Set-Cookie
Cdn-Host
X-APP
X-Edge-Server
Lb
Cdn-Request-Time
Mime-Version
X-Use-Magma
X-Nananana
DataCenter
X-Sentry-ID
X-PAGE-TYPE
Rt-Proxy-Cache
X-Via-NSCOPI
X-EC-Security-Audit
GeoIP-Country-Code
GeoIP-City
GeoIP-Latitude
X-Cache-Id
Ms-Operation-Id
X-Gen-Id
X-Cookie
X-SRV
COMMERCE-SERVER-SOFTWARE
PageType
X-RTag
X-WR-MODIFICATION
X-Cache-Info
X-Served-From
X-Env
X-Check-Cacheable
X-Thanos
Memcached
X-CACHE-KEY
X-Cache-HT
Get-Access-Time
X-Unique-Id
Is-Session-Tracking
X-Bip
X-Fastly-Backend-Reqs
X-Optimization
X-Load-Cache
X-Be
X-GDPR
Who
X-Proxy-Server
X-Dynatrace-Js-Agent
X-Cache-FS-Status
X-Fastly-Cache-Hits
X-Request-Start
Memory
X-PJAX-URL
X-FORWARDED-FOR
X-MP-GENERATED-AT
X-Ver
Ws
X-Wix-Petri-Ex
X-Meta-Tbi-Cache-Vertical
X-HS-Status
Pics-Label
X-Ibm-Trace
X-Swift-Error
X-RateLimit-Reset
X-B3-SpanId
Group
UCS
GW-Server
X-Fe
V-Cache
Httpd-Identifier
X-HITS
X-Cache-Ttl
X-Shard
X-CDN-Pop-IP
X-NGINX-Cache
X-CDN-Pop
Cf-Ipcountry
X-User
Powered-By
X-Dw-Trace-Id
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-ServedByHost
URI
Ohc-File-Size
X-ID
Amp-Access-Control-Allow-Source-Origin
Cache-Hits
NX-Cache
Requestid
X-SB
X-Path-Route
X-GZIP
X-Bug-Bounty
X-PF-Uncompressing
Xet-Cookie
AGE-Hash
X-VC
Version
Serverid
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Varnish-Info
N-Cache
CDN-Cache-Hit
CDN-Node
CDN-Cache
X-P-T
X-LiteSpeed-Cache-Control
X-StackifyID
X-Ratelimit-Remaining
X-CacheKey
X-SD-PageType
Ohc-Response-Time
Fastly-Soc-X-Request-Id
Apicache-Version
Https
X-Cache-Debug
X-LI-UUID
X-LI-Proto
X-Li-Pop
X-Li-Fabric
Apicache-Store
X-Akamai-ERRuleID
X-ServerName
X-Route-Name
X-Providence-Cookie
X-Is-Crawler
X-Litespeed-Cache-Control
X-Grace-Duration
X-Cache-Handler
X-Akamai-ERPolicy
X-RequestId
X-Flags