Threat Level: green Handler on Duty: Rick Wanner

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
Last-Modified
Accept-Ranges
Pragma
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
X-XSS-Protection
Expect-CT
Via
X-Cache
Age
Access-Control-Allow-Origin
Content-Security-Policy
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Served-By
X-Amz-Cf-Id
X-Varnish
Referrer-Policy
X-Timer
X-Xss-Protection
CF-Cache-Status
X-FRAME-OPTIONS
X-Request-Id
Access-Control-Allow-Headers
X-AspNet-Version
Access-Control-Allow-Methods
X-Runtime
X-Download-Options
Access-Control-Allow-Credentials
X-Drupal-Cache
X-Cacheable
Alt-Svc
X-Generator
Content-Security-Policy-Report-Only
X-Request-ID
X-Check
X-AspNetMvc-Version
Status
X-Cache-Status
X-Adblock-Key
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Iinfo
X-Permitted-Cross-Domain-Policies
X-Template
Content-Encoding
X-Language
X-Content-Security-Policy
X-Turbo-Charged-By
X-CDN
X-Type
Keep-Alive
X-Buckets
Xkey
X-AH-Environment
X-Backend
X-Cache-Group
Access-Control-Max-Age
WPE-Backend
X-Pass-Why
X-Age
X-Server
CF-Ray
Upgrade
X-POWERED-BY
EagleId
Access-Control-Expose-Headers
X-Via
X-Nginx-Cache-Status
X-Server-Powered-By
X-Drupal-Dynamic-Cache
X-Pingback
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Grace
X-Hacker
X-Amz-Request-Id
X-Amz-Id-2
X-UA-Device
Ali-Swift-Global-Savetime
X-Robots-Tag
Cf-Railgun
P3p
X-LiteSpeed-Cache
X-Proxy-Cache
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Ua-Compatible
Request-Context
Content-Location
X-Device
X-Ac
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Node
X-Cnection
X-Host
X-Amz-Version-Id
X-Cache-Lookup
Surrogate-Control
X-Server-Id
X-WebKit-CSP
X-Backend-Server
X-Rack-Cache
X-Rq
X-Response-Time
X-Application-Context
X-Readtime
X-CST
EagleEye-TraceId
Server-Timing
X-Url
Pinterest-Generated-By
X-Cloud-Trace-Context
X-TTL
X-OneAgent-JS-Injection
X-Instart-Request-ID
Request-Id
Report-To
X-Px
X-Country
X-Dns-Prefetch-Control
X-ORACLE-DMS-ECID
X-Clacks-Overhead
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Feature-Policy
Rating
Edge-Control
X-Country-Code
Allow
X-DynaTrace-JS-Agent
Charset
X-Server-Name
X-Powered-CMS
X-FTR-Request-ID
X-TtlSet
X-DataDome
X-Vname
X-PC
X-ESI
X-Origin-Cache
X-DynaTrace
NEL
X-MS-InvokeApp
X-ORACLE-DMS-RID
X-Goog-Hash
X-Recruiting
X-Varnish-TTL
X-Cached
X-Vhost
X-VARITI-CCR
X-GitHub-Request-Id
RTSS
Content-MD5
X-F-Cache
X-Version
X-Kinja-Revision
X-Kinja
X-Geo-Segment
X-GoogleNews-Bot
X-Cdn-Fetch
X-Kinja-Build
X-Exp-Id
X-Exp-Variant
X-Kinja-Server
X-Powered-By-Plesk
Public-Key-Pins
Accept-CH
PB-PID
PB-RID
X-Mobile-Rewrite
Arc-Version
X-Mod-Pagespeed
Pinterest-Version
X-Upstream-Env
X-Pinterest-Rid
X-D2id
Verso
X-Client-IP
SPRequestGuid
MS-Author-Via
X-CF-Powered-By
X-Abt-Application-Version
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-N
X-Dispatcher
X-SharePointHealthScore
X-Amz-Rid
AR-ATIME
AR-PoweredBy
AR-CACHE
X-Navigation-Version
Accept-CH-Lifetime
Nginx-Cache
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-T
X-Dw-Request-Base-Id
DynaTrace
X-Trace
X-Fastly-Request-ID
Paypal-Debug-Id
X-Do-Not-Hack
X-HeyJason
Permitted-Cross-Domain-Policies
X-Grace
X-Upstream
X-Varnish-Age
Arr-Disable-Session-Affinity
TCN
X-Forwarded-Proto
X-FastCGI-Cache
X-DIS-Request-ID
X-Id
X-Amz-Meta-S3cmd-Attrs
X-Hits
X-Origin-Upstream-Status
X-Shield-Request-Id
X-Pad
SPRequestDuration
SPIisLatency
AR-SID
X-Ruxit-JS-Agent
X-Content-Options
X-Content-Digest
X-Cache-Hit
Realpath
X-Logged-In
X-IPLB-Instance
X-NF-Request-ID
X-Kinsta-Cache
Access-Control-Request-Method
X-Acc-Meta-Resource-Type
Mrf-Cache-Status
X-B
MRF-Tech
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
X-Server-ID
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-SS-Set-Cookie
X-Vcap-Request-Id
X-HW
X-XRDS-Location
X-Debug
S
X-MSEdge-Ref
Service-Worker-Allowed
X-Ser
Server-Name
X-PressLabs-Stats
X-Wix-Server-Artifact-Id
X-FTR-DC
X-FTR-Backend
X-FTR-Balancer
X-Country-Code-Real
X-FTR-Realm
X-FTR-Backend-Server
X-FTR-Cache-Status
X-Frontend
Tracecode
X-Cache-Key
AMP-Access-Control-Allow-Source-Origin
X-NewRelic-App-Data
X-FTR-Expires
Rt-Fastcgi-Cache
Fastcgi-Cache
X-GUploader-UploadID
Eomportal-Instance
X-Oneagent-Js-Injection
Surrogate-Key
X-Forwarded-For
Alternate-Protocol
X-Cache-Rule
Cleartype
Cache-Status
X-Srv
Fastly-Restarts
X-Analytics
Backend-Timing
X-HS-Content-Id
X-HS-Hub-Id
Host
X-VCache
X-Revision
TP-L2-Cache
TP-Cache
X-Rid
X-User-Agent
X-NWS-LOG-UUID
X-Whom
FilterID
Public-Key-Pins-Report-Only
X-FTR-Cache-Host
X-Debug-Info
X-Akam-SW-Version
X-RateLimit-Remaining
X-AOL-HN
ServerID
X-Accel-Buffering
X-Cache-2
X-Varnish-Backend
X-Via-JSL
X-Content-Powered-By
Accept-Charset
X-XRDS-LOCATION
X-Request-Processing-Time
X-Request-Received
Front-End-Https
X-Mobile
X-Webkit-CSP
X-Zen-Fury
X-Cdn
X-TA-CDN-Provider
X-Kinja-Server-Push
Viewport
X-Cached-By
X-WPE-Loopback-Upstream-Addr
X-Oracle-Dms-Rid
X-Ttl
X-Node-Name
Liferay-Portal
X-App-Environment
X-LB-Cache
X-B3-Traceid
X-Magnolia-Registration
X-Varnish-Hostname
X-Cluster
X-Tumblr-User
X-Tumblr-Pixel-0
X-Page-Id
X-Tumblr-Pixel
X-Content-Security-Policy-Report-Only
Host-Header
X-Framework
X-Handled-By
X-Cache-Control
X-B3-Sampled
X-Akamai-Edgescape
X-Request-Guid
X-Device-Type
X-TT
X-FB-Debug
X-BCube-Filmed-By
Upgrade-Insecure-Requests
X-B-Cache
Cache-Tag
X-Signature
X-Platform-Server
X-Instance
DC
X-Hostname
X-Cache-Server
X-Correlation-Id
X-Origin-Server
Server-Node
X-TT-TIMESTAMP
MicrosoftSharePointTeamServices
Source
Retry-After
X-Amzn-Trace-Id
X-WA-Info
X-Accel-Expires
X-Servedby
X-Contextid
X-APP-VERSION
X-Cache-Action
Display
X-Sol
X-Middleton-Display
Server-Info
HitInfo
X-Varnish-Server
HitType
X-Distil-CS
X-Cache-Operation
X-Port
X-Esi
X-Amz-Replication-Status
X-Seen-By
X-Edge-Location
X-Wix-Request-Id
X-GeoIP
X-Generated-By
X-Daa-Tunnel
X-Geo-Country
X-WebKit-CSP-Report-Only
X-S
X-RequestSource
AsisCache
X-Tumblr-Pixel-2
Content-Script-Type
Content-Style-Type
GEO-INFO
Webserver
X-Tumblr-Pixel-1
X-Status
X-Locale
Actual-Object-TTL
X-Region
X-FW-Type
ServedBy
X-Hyper-Cache
X-Response-Served-From
X-Jobs
X-Edge-Cache
X-Varnish-Hits
Healthy
X-Edge-Cache-Key
User-Agent
X-FW-Hash
X-FW-Serve
X-TX-ID
X-FW-Static
X-FW-Server
X-UUID
X-Adobe-Content
X-Adobe-Loc
X-Drupal-Cache-Tags
SRV
X-Newrelic-App-Data
X-Varnish-Grace
X-DataStream-Cache-Status
Refresh
Filters
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Cache-TTL-Remaining
X-Amz-Server-Side-Encryption
IBM-Web2-Location
S-Cnection
Response
X-Middleton-Response
NGB
X-Fastcgi-Cache
X-Cache-Age
X-Proxied
X-Cache-NE
X-Activity-Id
X-Az
X-AppVersion
X-ATG-Version
Payment
X-Content-Type
X-CDN-Forward
X-Pc-Key
Cache
X-App-Server
X-Cache-Remote
X-Pc-Hit
X-Pc-Appver
AR-Request-ID
Datacenter
X-Cacheable-TTL
X-Unique-ID
X-Ruxit-Js-Agent
X-Cache-TTL
X-Kong-Proxy-Latency
X-Vg-Webcache
X-Kong-Upstream-Latency
Country
X-UA
X-HS-Cache-Config
Edge-Cache-Tag
Served-By
X-Akamai-Transformed
X-Correlation-ID
X-Sucuri-ID
X-Mode
X-Real-IP
X-RN-RSRV
X-Varnish-IP
X-Detected-As
Meta-Geo
Load-Balancing
X-Rendered-As
Machine
X-Is-Bot
X-FC-Vary-Parameters
X-Proxy
X-RemovedCookies
X-ProcessESI
X-Rocket-Nginx-Bypass
X-Cache-Category-Id
X-Varnish-Cacheable
X-BYPASS-REASON
DB-Nickname
Cache-Name
Access-Control-Allow-Method
X-Iejgwucgyu
X-OCL
X-Human
X-Hosted-By
X-BB-IP
X-EIG-Tracking-Id
Backend
Property-Id
User-Cache-Control
TWC-Privacy
Webcakes-App-Name
Webcakes-App-Version
Webcakes-Region
TWC-Locale-Group
TWC-GeoIP-LatLong
X-Origin
X-Amz-Meta-Surrogate-Control
TWC-Connection-Speed
TWC-Device-Class
TWC-GeoIP-Country
Mn-Server-Ip
X-Grey
X-ProxyCache-Status
X-Origin-Hint
X-ServerID
X-ProxyCache-Key
X-Tb
X-PCL
X-Zipkin-Id
L5d-Success-Class
X-Generated
X-OVcl-Cache
X-Section
X-Rule
X-Cache-Var-Map
X-Format
X-Environment-Context
X-Cache-Var
X-Debug-Cache
Azure-RegionName
Azure-SiteName
Azure-SlotName
Azure-Version
Azure-InstanceId
X-Site-Version
X-CDN-Cache
X-Viewer-Country
X-Original-Request
X-Cache-Config
X-Hit
Now
X-Loop
X-Upgrade-Enabled
X-Varnish-Cache-Hits
X-OVcl
X-PERF
X-NodeID
X-Access
X-TNCMS
X-Pubstack
X-L-Path
X-Routing-Service
X-ApacheServer
Cache-Key
S-Rt
X-JoinUs
ServerName
X-Backend-Name
X-Agile-Age
X-Agile-Id
X-Agile
X-App-Name
X-Via-Fastly
Selected-FE
X-Proxy-Build
X-CCM
X-TWH-CORRELATION-ID
X-NGENIX-Cache
X-Ocache
X-Timing-Wait
X-HS-Combine-CSS
X-IP
Access-Control-Request-Headers
X-Source
X-Drupal-Cache-Contexts
X-Origin-CC
X-RateLimit-Limit
X-Www-Served-By
X-Xfnlog-Site
X-LJ-Flow-ID
X-VWS-Id
X-SplitTest
X-AWS-Id
OT-Force-Account-Verify
X-URL
X-Akamai-Request-ID
X-Storage
HostName
X-Upstream-HT
X-Upstream-CT
X-Nginx-Cache
X-NC
X-Vgn-Hpd-Reason
X-Pc-Date
X-Pc-Host
X-Mrs-Cache-Hits
X-Mshield-Cache-Status
X-Mrs-Cache
X-Mrs-Age
Fastcgi-Useragent
Fastcgi-X-Cache
Fastcgi-X-Cache-Version
From-Origin
Powered-By-ChinaCache
X-Time-Microsecs
X-Litespeed-Cache
X-Amzn-RequestId
X-Forwarded-Host
X-NCache
X-Amz-Apigw-Id
X-Internal-Host
Fastly-SSL
XServer
X-Microcachable
X-M-Log
X-Distributor
X-Feature
X-M-Reqid
X-Qnm-Cache
X-Release
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-UA-Device-Type
LB
X-Birta-Served
X-Birta-Cache-Post
X-PHP-Backend
Pagetype
X-Labrador-Cache-Channel
X-Ms-Version
X-Ms-Lease-Status
X-Ms-Request-Id
X-Ms-Blob-Type
NtCoent-Length
X-Cache-Backend
Pagespeed
X-VG-TLSProxy
X-Connection-Hash
MIME-Version
X-Twitter-Response-Tags
X-EdgeConnect-Cache-Status
X-Transaction
X-Webkit-Csp
X-B3-Spanid
Time
Frame-Options
X-GZip
X-Instance-Name
PageSpeed
X-Web-Node
X-C
X-V
Cneonction
X-Rojux
X-A-Dcw
X-A-Dam
X-Cache-Bucket
X-B-Cookie
Fly-Request-Id
X-ARC
Fly-Cache
X-Application
X-S-Cookie
Ec-Rule-Version
X-A-Wwc
X-BB-ID
X-Accel-Expires-Debug
X-A-Dgt
IsBot
Mobile-Detection-Method
T-Server
BehaviorPad-Version
V-Age
Viewtype
Arc-Country
Server-Int
AKAMAI
X-Server-Time
Ajk
Rendered-Blocks
X-Server-By
X-Sucuri-Cache
Cache-Prefix
X-A
X-SRCache-Key
X-A-Ccd
NGX
X-UE-Client-Country
MD5-Digest
Www
Meta-Geo-Continent
X-Trv-Group
VivaBuild
X-ScT
Host-ID
X-Rewrite-Enabled
X-Region-Sid
X-Destination
X-Developer
X-IN-APIGATEWAY
X-Date
X-IN-SSL-APIGATEWAY
X-D
X-Died
Xc-Version
X-Generated-In
X-Request-UUID
X-From
X-Generation-Time
X-VG-WebServer
X-Dispatcher-Server
X-DPWN-IS-SECURE
X-G
X-CUA
X-Via-CDN
X-No-Session
X-Via-Edge
X-NU-AKA-ACS-Version
X-SIPLIST1
X-PAYTM-SRV-ID
X-Org
X-CS
X-Via-SSL
X-Irp-Debug
X-WebServer
X-IN-WAF
X-Logtrace-Id
X-Redis-Cache
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Powered-By-ANYU
WZWS-RAY
X-SERVER-NAME
X-FireWall-Port
X-Cache-Enabled
X-Owner
X-Phone
HA-Urlpath
Magicmarker
X-Origin-TTL
X-Block-Status
X-Node-Id
X-Cache-CFC
X-NX-Host
HA-Servedtime
HA-Ipaddr
HA-Cloudapp
HA-Geocity
GMS-Ver
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
HA-Geocountry
HA-Geolat
Ha-Gx-Prefs
HA-Georegion
HA-Geolon
X-Platform
X-CGP
NodeID
X-Eu-Site
X-External-Request-Id
X-Hl-Ver
X-Hnp-Log
X-Debug-Log
X-Request-URI
X-GeoIP-City
Web-Mar-Node
X-Gen-Mode
X-S-Maxage
X-F5-Cache
X-Debug-Cookies
SN
Pragrma
X-Amz-Meta-Cache-Control
Origin-Edge-Control
Origin-Cache-Control
X-Layer
X-Key
Server-Host
X-Crawler
X-Core-Value
Release
X-Fastly-Cache
HA-Host
X-We-Are-Hiring
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-VServer
X-Varnish-Action
X-UnsetCookies
X-Var-Ttl
Country-Code
Backend-Name
X-Varnish-Beresp-Ttl
X-HOST
X-App-Version
X-Webstats-RespID
X-Request-Time
X-NWS-UUID-VERIFY
X-Response-By
X-Up
X-Actual-URL
X-Variation
X-VCT
X-Backend-TTL
X-Backend-State
X-Backend-Host
X-MSEdge-Flight
X-Nginx-Cache-Key
X-TT-LOGID
X-Passed-To-BeforeDispatch
Uber-Trace-Id
True-Client-Country-4JS
Thinkindot-Control
X-Trace-Id
X-Passed-To
X-Reboot
X-Tumblr-Pixel-3
X-Backend-Url
X-Gannett-Site-Version
X-FW-Version
X-MI-In-Market
X-Croise-Owner
X-Hash
X-Returned-From
X-Store
X-Clientip
X-HTML-Minification-Powered-By
X-GeoIP-Country-Code
X-ElasticPress-Search
X-Returned-From-DLL
X-Developers
X-Epic-Correlation-Id
X-Fetched-On
X-Cdn-Srv
X-Cache-Expires
X-Location
X-Matched-Rule
X-Returned-From-BeforeDispatch
X-Cache-Host
Thinkindot-CacheControl-Type
X-Cdn-Origin
X-Cache-URL
X-Cache-Srv
X-Returned-From-PostProcessResponse
X-MSEdge-Features
X-Secret
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Thinkindot-CacheControl
MI-Cache
Cache-Tags
MI-API
Odigeo-Trace-Id
X-Passed-To-PostProcessResponse
Apple-News-Services-Handled
PFcat
Apple-News-Services-Host
Origin
On-Server
CDCHOST
X-Stale
Decoy-Debug-TTL
Decoy-Debug-Status
Esi-Enabled
X-Sf
X-RCS-CacheZone
Decoy-Debug-Key
Countrycode
Is-Eu
Kp-EeAlive
X-ServiceProvider
X-Sn-Servicetimems
Heartbleed
X-Swa-Ws
MI-Cache-Age
Request-EU
X-Passed-To-DLL
Section-Io-Cache
Platform
Request-Country
Request-Time
Adler-Geo
X-Thinkindot-L3
Proxy-Connection
X-Server-IP
X-Alternate-Cache-Key
X-Shopify-Stage
X-Sorting-Hat-PodId
X-CACHE-AGE
X-ShopId
X-Sorting-Hat-ShopId
X-ShardId
Content-Disposition
X-Skip-Cache
Fastly-SWR
Sid
X-Device-Os
X-Worker
X-Core-Mission
X-Fstrz
Fastly-Backend-Name
Server-ID
Fastly-SIE
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
RNT-Machine
X-Alicdn-Da-Ups-Status
RNT-Time
Resin-Trace
X-Content-Age
X-Ckpd-Fst-Backend
X-Ezoic-Cdn
X-Servername
X-Cluster-Node
X-Ua
X-Policy
ViewerVersion
HTTPS
Powered
X-Csrf-Token
Cteonnt-Length
X-Oss-Server-Time
X-Oss-Request-Id
X-Oss-Storage-Class
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Refresh
CDN
X-Pf-Uncompressing
REQUESTUUID
ProcessTime
Ar-Sid
WP-Super-Cache
Warning
X-Servedbyhost
Xserver
RequestId
CF-IPCountry
X-Planisys-CDN-TTL
X-Proto
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-Newrelic-Synthetics
X-Dc
Mail-Subject
We-Hiring
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
X-TIME
X-GEO
X-Real-Ip
X-Endurance-Cache-Level
X-Req
X-Cache-ASPX
X-Datadome
X-Pjax-Url
X-Atg-Version
Hostname
X-Surge-Debug
Dnion-Transfer-Encoding
X-GoCache-CacheStatus
X-B3-TraceId
X-DC
NODE
X-Varnish-Ttl
X-Time
X-Aed
X-Edge-IP
X-CLOUD-TRACE-CONTEXT
CACHE
NnCoection
Pramga
X-CSRF-Token
Geoip-Latitude
X-Origin-Expires
X-Origin-Date
X-COUNTRY
X-Page-Type
GeoIp-Country-Code
X-Varnish-Beresp-TTL
X-Guploader-Uploadid
X-Nc
TSSecure
X-Ms-Lease-State
X-Server-W
X-Varnish-HitMiss
X-Cache-Control-Set-By
X-HCF
X-Oracle-Dms-Ecid
SD-X-WS
X-Geo
X-Aicache-OS
MS-CV
X-Cdn-Forward
X-Server-Group
WWW-Authenticate
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
X-Varnish-Url
A
X-Hello
X-ABtesting
X-Flog
Processtime
X-Amz-Cf-Pop
X-GRACE
Geoip-City
X-WA
X-Akamai-Request-ID2
X-Wa
X-Varnish-URL
Lfy
X-Wix-Route-ID
X-Auto-Login
PICS-Label
X-Ratelimit-Limit
Cdn
Node
FSS-Proxy
X-From-Cache
FSS-Cache
X-UPSTREAM-Address
Dont-Set-Cookie
Lb
X-APP
Cdn-Host
X-Gdpr
Cdn-Request-Time
X-Edge-Server
X-Nananana
X-Use-Magma
Mime-Version
X-RTag
Rt-Proxy-Cache
Ms-Operation-Id
GeoIP-Country-Code
GeoIP-Latitude
X-Sentry-ID
X-Via-NSCOPI
X-PAGE-TYPE
X-EC-Security-Audit
X-SRV
X-Gen-Id
PageType
GeoIP-City
X-Cache-Id
COMMERCE-SERVER-SOFTWARE
X-WR-MODIFICATION
DataCenter
Is-Session-Tracking
X-Thanos
X-Served-From
X-Cache-HT
X-Optimization
X-Check-Cacheable
Memcached
X-Bip
Get-Access-Time
X-CACHE-KEY
X-Env
X-Fastly-Backend-Reqs
X-Cache-Info
X-Unique-Id
X-Cookie
X-Load-Cache
X-Proxy-Server
X-GDPR
Who
X-Dynatrace-Js-Agent
X-MP-GENERATED-AT
X-Cache-FS-Status
Memory
X-Be
X-Fastly-Cache-Hits
X-Request-Start
X-FORWARDED-FOR
X-Swift-Error
Ws
X-HS-Status
X-Ver
X-Meta-Tbi-Cache-Vertical
X-Wix-Petri-Ex
X-PJAX-URL
Pics-Label
X-Ibm-Trace
V-Cache
Httpd-Identifier
UCS
X-Fe
X-HITS
X-B3-SpanId
Group
GW-Server
X-RateLimit-Reset
X-Cache-Ttl
X-NGINX-Cache
X-ServedByHost
X-Dw-Trace-Id
X-SVT-ORM-RULES
Requestid
X-SVT-ORM-VERSION
X-CDN-Pop-IP
X-User
X-Shard
URI
Powered-By
Cf-Ipcountry
X-CDN-Pop
X-ID
Ohc-File-Size
Amp-Access-Control-Allow-Source-Origin
Xet-Cookie
X-VC
AGE-Hash
Cache-Hits
X-SB
X-GZIP
X-Bug-Bounty
X-Path-Route
Version
NX-Cache
X-PF-Uncompressing
Serverid
X-Varnish-Info
X-Goog-Meta-Goog-Reserved-File-Mtime
CDN-Cache-Hit
X-CacheKey
CDN-Cache
X-Ratelimit-Remaining
X-P-T
X-StackifyID
X-LiteSpeed-Cache-Control
CDN-Node
N-Cache
Https
X-BE
X-BBXSRF
RequestUuid
Accept-Language
Locale
X-Cache-Debug
X-Content-Encoded-By
X-Urbn-Context-Path
X-Urbn-Site-Id
X-LI-UUID
X-LI-Proto
X-Li-Fabric
X-Li-Pop
Apicache-Store
Fastly-Soc-X-Request-Id
X-ServerName
X-RequestId
X-Litespeed-Cache-Control
X-Route-Name
X-Flags
X-Providence-Cookie
X-SD-PageType
X-Akamai-ERPolicy
X-Grace-Duration
X-Is-Crawler
Ohc-Response-Time
X-Cache-Handler
X-Akamai-ERRuleID
Apicache-Version