Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Pragma
Accept-Ranges
Last-Modified
Strict-Transport-Security
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
X-XSS-Protection
Expect-CT
Via
X-Cache
Age
Access-Control-Allow-Origin
Content-Security-Policy
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Served-By
X-Varnish
X-Amz-Cf-Id
Referrer-Policy
X-Request-Id
X-Timer
X-AspNet-Version
CF-Cache-Status
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Runtime
Access-Control-Allow-Credentials
X-Download-Options
X-Drupal-Cache
X-Cacheable
X-Generator
Content-Security-Policy-Report-Only
Alt-Svc
X-Xss-Protection
Status
X-AspNetMvc-Version
X-Check
X-Cache-Status
Timing-Allow-Origin
X-Adblock-Key
X-DNS-Prefetch-Control
X-Iinfo
X-Permitted-Cross-Domain-Policies
X-Content-Security-Policy
X-CDN
X-Template
Content-Encoding
X-Language
X-Turbo-Charged-By
X-Request-ID
X-Buckets
Keep-Alive
P3p
X-Type
X-Via
X-AH-Environment
Xkey
X-Backend
EagleId
X-Cache-Group
WPE-Backend
X-Age
X-Pass-Why
Access-Control-Max-Age
X-Server
X-Swift-SaveTime
X-Swift-CacheTime
X-Varnish-Cache
Ali-Swift-Global-Savetime
X-Pingback
X-Nginx-Cache-Status
Upgrade
X-Server-Powered-By
X-Drupal-Dynamic-Cache
Grace
Access-Control-Expose-Headers
X-Hacker
X-UA-Device
Cf-Railgun
X-Amz-Request-Id
X-Amz-Id-2
X-Robots-Tag
X-Ua-Compatible
X-Proxy-Cache
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-LiteSpeed-Cache
Request-Context
X-CST
X-Node
X-Ac
X-Device
X-Cache-Lookup
Content-Location
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Cnection
X-WebKit-CSP
X-Host
X-Amz-Version-Id
Surrogate-Control
X-Backend-Server
X-Rack-Cache
X-Response-Time
X-Px
X-Rq
X-Readtime
X-Url
Allow
Pinterest-Generated-By
X-Application-Context
X-Instart-Request-ID
X-Server-Id
X-Clacks-Overhead
Request-Id
Server-Timing
X-OneAgent-JS-Injection
EagleEye-TraceId
X-Country
X-HeyJason
X-Do-Not-Hack
Permitted-Cross-Domain-Policies
X-Server-ID
Rating
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Report-To
X-Country-Code
Edge-Control
X-Varnish-TTL
Charset
X-Cloud-Trace-Context
X-ESI
X-Powered-CMS
X-Vname
X-PC
X-TtlSet
X-FTR-Request-ID
X-Server-Name
X-MS-InvokeApp
X-DataDome
X-CF-Powered-By
X-Cached
X-Goog-Hash
X-Vhost
NEL
Feature-Policy
X-Recruiting
Public-Key-Pins
X-DynaTrace-JS-Agent
X-Origin-Cache
X-Powered-By-Plesk
X-Exp-Id
X-Cdn-Fetch
X-Exp-Variant
X-GoogleNews-Bot
X-Kinja-Revision
X-Kinja-Build
X-Kinja
X-Geo-Segment
X-Kinja-Server
X-F-Cache
X-VARITI-CCR
X-TTL
X-T
X-Ttl
X-D2id
X-Dns-Prefetch-Control
X-DynaTrace
X-Mod-Pagespeed
X-Version
X-Upstream-Env
Pinterest-Version
X-Pinterest-Rid
SPRequestGuid
X-SharePointHealthScore
X-Client-IP
Verso
X-Dispatcher
X-Abt-Application-Version
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-N
X-Mobile-Rewrite
Arc-Version
PB-RID
PB-PID
Content-MD5
X-Forwarded-Proto
RTSS
X-Amz-Rid
X-Cdn
X-Hits
X-GitHub-Request-Id
X-Navigation-Version
X-Dw-Request-Base-Id
Nginx-Cache
AR-ATIME
AR-PoweredBy
Realpath
AR-CACHE
X-Ruxit-JS-Agent
X-B
Paypal-Debug-Id
X-Content-Digest
SPIisLatency
SPRequestDuration
X-Grace
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Upstream
X-TEC-API-ORIGIN
X-Content-Options
X-Pad
X-Id
X-Shield-Request-Id
X-Varnish-Age
X-Kinsta-Cache
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Stored-Content-Length
Access-Control-Request-Method
Arr-Disable-Session-Affinity
TCN
X-Oneagent-Js-Injection
X-Acc-Meta-Resource-Type
X-NWS-LOG-UUID
X-Cache-Hit
X-Mrf-Section-Lastmod
Mrf-Cache-Status
X-Mrf-Item-Lastmod
MRF-Tech
DynaTrace
X-Logged-In
MS-Author-Via
S
X-Trace
X-Zen-Fury
X-Vcap-Request-Id
X-HW
Front-End-Https
X-XRDS-Location
X-Origin-Upstream-Status
X-MSEdge-Ref
Cleartype
X-VCache
X-DIS-Request-ID
X-Frontend
Eomportal-Instance
X-HS-Content-Id
X-HS-Hub-Id
X-FTR-Realm
X-FTR-Expires
X-FTR-Cache-Status
X-FTR-DC
X-FTR-Backend-Server
X-FTR-Balancer
X-Country-Code-Real
X-FTR-Backend
Surrogate-Key
X-User-Agent
X-Via-JSL
X-Cache-Rule
X-PressLabs-Stats
X-Fastly-Request-ID
X-NF-Request-ID
X-Request-Received
X-Request-Processing-Time
Alternate-Protocol
X-Forwarded-For
Fastcgi-Cache
Cache-Status
Tracecode
Service-Worker-Allowed
MicrosoftSharePointTeamServices
AR-SID
X-Sol
X-Hostname
Display
X-Middleton-Display
X-IPLB-Instance
Server-Name
Rt-Fastcgi-Cache
Backend-Timing
Host
X-Analytics
X-FastCGI-Cache
X-Ser
X-AOL-HN
X-AppVersion
X-Activity-Id
Viewport
FilterID
X-Az
X-Fastcgi-Cache
X-Varnish-Backend
TP-L2-Cache
X-Wix-Server-Artifact-Id
TP-Cache
Response
X-FTR-Cache-Host
Public-Key-Pins-Report-Only
X-Cache-2
X-Oracle-Dms-Rid
X-Oracle-Dms-Ecid
X-Middleton-Response
X-Proxied
X-Rid
X-Whom
ServerID
X-SS-Set-Cookie
X-Contextid
X-Revision
Powered-By-ChinaCache
X-Cache-Control
X-Magnolia-Registration
X-Debug
X-Srv
Refresh
X-Content-Powered-By
X-Cached-By
X-Cache-Key
X-Litespeed-Cache
X-NewRelic-App-Data
X-B3-Traceid
X-Debug-Info
X-Mobile
X-Cache-Server
X-Instance
X-WPE-Loopback-Upstream-Addr
X-Akam-SW-Version
X-CLOUD-TRACE-CONTEXT
X-XRDS-LOCATION
X-ATG-Version
Server-Info
HitType
HitInfo
X-Cache-Age
AMP-Access-Control-Allow-Source-Origin
Accept-Charset
X-Page-Id
X-FB-Debug
X-Framework
X-LB-Cache
X-Content-Security-Policy-Report-Only
X-Daa-Tunnel
X-Generated-By
X-App-Server
X-Varnish-Hostname
Cache-Tag
X-BCube-Filmed-By
X-Request-Guid
Retry-After
X-App-Environment
X-B-Cache
X-PHP-Backend
X-Geo-Country
X-TT
X-Signature
X-Webkit-Csp
X-Origin-Server
Host-Header
X-Tumblr-Pixel
X-Handled-By
X-Tumblr-Pixel-0
X-Tumblr-User
Source
X-Device-Type
X-Cache-Operation
Server-Node
X-Hyper-Cache
X-RateLimit-Remaining
X-Varnish-Grace
DC
X-Ruxit-Js-Agent
X-Amzn-Trace-Id
Upgrade-Insecure-Requests
X-APP-VERSION
X-Drupal-Cache-Tags
X-Accel-Expires
X-WA-Info
X-Platform-Server
X-Varnish-Server
X-GUploader-UploadID
X-PC-AppVer
X-PC-Hit
X-PC-Key
X-TT-TIMESTAMP
X-HOST
MS-CV
Cartoon
X-Akamai-Edgescape
X-Cache-Action
Pagespeed
X-B3-Sampled
X-PC-Host
X-PC-Date
X-TA-CDN-Provider
NGB
X-Accel-Buffering
X-Correlation-ID
Webserver
Filters
Served-By
X-GeoIP
X-Cacheable-TTL
X-Cluster
X-Jobs
X-WebKit-CSP-Report-Only
X-Locale
X-Wix-Petri-Ex
ServedBy
X-Seen-By
X-Wix-Request-Id
Actual-Object-TTL
X-RTag
X-S
X-Dynatrace-Js-Agent
S-Cnection
X-Node-Name
X-FW-Static
X-Source
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-RequestSource
X-FW-Type
X-FW-Serve
X-FW-Server
X-Newrelic-App-Data
X-FW-Hash
AsisCache
X-Varnish-Hits
X-Cache-Config
X-Port
Liferay-Portal
Fastly-Restarts
X-Edge-Location
X-UA
X-Distil-CS
Datacenter
X-Guploader-Uploadid
X-ServedBy
X-Vg-Webcache
X-Cache-TTL-Remaining
X-Amz-Replication-Status
X-Ocache
X-Region
Content-Script-Type
Content-Style-Type
X-Correlation-Id
Cache
GEO-INFO
Ohc-File-Size
X-Drupal-Cache-Contexts
Country
X-Sucuri-ID
X-UUID
X-Internal-Host
X-GZip
X-Amz-Meta-S3cmd-Attrs
X-UA-Device-Type
X-RateLimit-Limit
X-Edge-Cache-Key
X-Edge-Cache
X-Microcachable
X-Cache-Remote
X-Adobe-Content
X-Status
Ar-Sid
X-Adobe-Loc
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Varnish-IP
X-Akamai-Transformed
X-Real-IP
X-Esi
X-Proxy
User-Agent
HostName
X-DataStream-Cache-Status
X-URL
X-Detected-As
X-Generated
X-JoinUs
X-Akamai-Request-ID
X-Is-Bot
X-IP
Load-Balancing
X-Rendered-As
Access-Control-Allow-Method
Meta-Geo
X-Path-Route
X-RN-RSRV
Machine
X-App-Name
X-Grey
X-Loop
X-Mode
Healthy
X-TNCMS
Mn-Server-Ip
X-OVcl
X-Backend-Name
X-Agile
X-Timing-Wait
Xserver
X-Agile-Age
X-OVcl-Cache
X-Cache-Category-Id
X-Agile-Id
X-Proxy-Build
X-Web-Node
Selected-FE
User-Cache-Control
Backend
X-Hosted-By
X-Ezoic-Cdn
X-Human
X-Instance-Name
X-Varnish-Cache-Hits
S-Rt
X-Cache-Ttl
X-Time-Microsecs
X-BB-IP
X-TX-ID
X-ServerID
X-ProxyCache-Key
ServerName
X-Debug-Cache
X-BYPASS-REASON
SRV
X-FC-Vary-Parameters
X-ProxyCache-Status
Payment
Now
X-EIG-Tracking-Id
Azure-Version
DB-Nickname
Azure-SlotName
Cache-Hits
X-CDN-Cache
X-Content-Type
Azure-InstanceId
Azure-RegionName
Azure-SiteName
X-Distributor
Cache-Name
X-Original-Request
X-Viewer-Country
X-Tb
X-Amz-Server-Side-Encryption
X-PERF
X-Upgrade-Enabled
X-ProcessESI
X-Time
X-ApacheServer
X-Varnish-Cacheable
X-Origin
X-NCache
X-Unique-ID
X-NodeID
X-RemovedCookies
X-Site-Version
Webcakes-App-Version
IBM-Web2-Location
L5d-Success-Class
X-Routing-Service
Property-Id
TWC-GeoIP-LatLong
TWC-Locale-Group
TWC-Privacy
TWC-GeoIP-Country
TWC-Device-Class
X-Zipkin-Id
TWC-Connection-Speed
X-TWH-CORRELATION-ID
X-Xfnlog-Site
X-PCL
X-CCM
LB
Webcakes-App-Name
X-OCL
X-Origin-Hint
Dont-Set-Cookie
AR-Request-ID
Cache-Key
Webcakes-Region
X-Via-Fastly
X-Www-Served-By
X-AWS-Id
X-Access
X-MP-GENERATED-AT
X-LJ-Flow-ID
X-SplitTest
X-Pubstack
X-VWS-Id
X-Section
X-CDN-Forward
X-Vgn-Hpd-Reason
X-Format
X-Geo
X-Amz-Meta-Surrogate-Control
X-Dc
X-Origin-CC
X-HS-Cache-Config
X-Storage
Edge-Cache-Tag
X-Webstats-RespID
Countrycode
X-Generation-Time
X-Proto
X-NGENIX-Cache
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Cache-HT
X-Cache-NE
X-Sucuri-Cache
X-B3-Spanid
X-Optimization
X-Rocket-Nginx-Bypass
X-Labrador-Cache-Channel
Access-Control-Request-Headers
Apicache-Store
X-Nc
Apicache-Version
X-Newrelic-Synthetics
X-Birta-Cache-Post
X-Birta-Served
X-Meta-Tbi-Cache-Vertical
X-Tumblr-Pixel-3
X-Cache-Backend
Fastly-SSL
X-Rule
X-Real-Ip
X-Environment-Context
X-L-Path
X-Nf-Srv-Version
X-Twitter-Response-Tags
X-Transaction
X-SERVER-NAME
X-Connection-Hash
Ec-Rule-Version
Accept-CH
WZWS-RAY
From-Origin
NnCoection
Ws
X-Hit
X-Oss-Request-Id
X-Oss-Server-Time
X-Oss-Hash-Crc64ecma
X-Oss-Storage-Class
X-Oss-Object-Type
X-EdgeConnect-Cache-Status
X-Alicdn-Da-Ups-Status
X-Ah-Environment
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-Upstream-CT
X-Upstream-HT
PageSpeed
Cteonnt-Length
X-Cache-Enabled
X-CCM-LastModified
X-Servedby
NODE
ProcessTime
X-Date
X-SERVER
X-D
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-Application
SN
Server-Host
Resin-Trace
T-Server
Thinkindot-CacheControl
Cneonction
Thinkindot-CacheControl-Type
Country-Code
Fastly-Soc-X-Request-Id
Rendered-Blocks
MI-Cache
Meta-Geo-Continent
MD5-Digest
MI-Cache-Age
GMS-Ver
Fly-Cache
Fly-Request-Id
Thinkindot-Control
V-Age
X-A-Wwc
X-A-Dgt
X-A-Dcw
X-Accel-Expires-Debug
Host-ID
X-BB-ID
X-B-Cookie
X-ARC
X-A-Dam
X-A-Ccd
Warning
VivaBuild
Viewtype
Cache-Prefix
Www
BehaviorPad-Version
X-A
X-BBXSRF
X-Destination
X-PAYTM-SRV-ID
X-SVT-ORM-RULES
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-SVT-ORM-VERSION
X-NU-AKA-ACS-Version
X-UE-Client-Country
X-MI-In-Market
X-TT-LOGID
X-Trv-Group
X-SRCache-Key
X-Region-Sid
X-ScT
X-Server-By
Xc-Version
X-Server-Time
X-S-Cookie
X-Rojux
X-Developer
X-Wix-Route-ID
X-Response-By
X-Rewrite-Enabled
X-Matched-Rule
X-Thinkindot-L3
X-Via-Edge
X-Via-CDN
X-VG-WebServer
X-Hash
X-G
X-From
X-Died
X-We-Are-Hiring
X-Fetched-On
X-Hl-Ver
X-Generated-In
X-App-Version
X-C
X-M-Log
X-Qnm-Cache
X-M-Reqid
X-HS-Combine-CSS
IsBot
Kp-EeAlive
Httpd-Identifier
X-Worker
X-Sorting-Hat-PodId
X-Shopify-Stage
Uber-Trace-Id
X-SIPLIST1
Proxy-Connection
X-Ver
X-WebServer
NGX
Origin-Edge-Control
Server-ID
Server-Int
Request-EU
Origin-Cache-Control
X-ShopId
Request-Country
X-Sorting-Hat-ShopId
PFcat
X-Release
X-IN-SSL-APIGATEWAY
X-IN-APIGATEWAY
X-Hnp-Log
X-IN-WAF
X-Info
X-Clientip
X-Logtrace-Id
X-GeoIP-City
X-Gen-Mode
X-CS
X-Dispatcher-Server
X-Edge-IP
X-Env
X-Core-Mission
X-Crawler
X-No-Session
X-Node-Id
X-S-Maxage
X-Alternate-Cache-Key
X-RCS-CacheZone
X-Server-IP
Web-Mar-Node
X-Sf
X-ServiceProvider
X-Backend-Host
X-Backend-Url
X-Origin-Date
X-Cache-URL
X-Origin-Expires
X-P-T
X-Block-Status
X-Cache-Bucket
X-ShardId
Release
Decoy-Debug-Status
Decoy-Debug-TTL
Ajk
X-V
Decoy-Debug-Key
X-ElasticPress-Search
Ms-Operation-Id
X-GoCache-CacheStatus
X-Passed-To-DLL
Adler-Geo
X-Passed-To-PostProcessResponse
X-Passed-To-BeforeDispatch
X-Backend-TTL
X-Backend-State
X-Reboot
X-Passed-To
X-Phone
X-Amz-Meta-Cache-Control
Who
Apple-News-Services-Parsed-Url
X-Rebelmouse-Cache-Control
Backend-Name
Apple-News-Services-Host
Apple-News-Services-Handled
X-Rebelmouse-Surrogate-Control
X-Actual-URL
XServer
AKAMAI
Apple-News-Services-Request-Url
X-Org
X-Cdn-Srv
X-Edge-Server
X-Cdn-Origin
Time
X-Cache-Time
X-DPWN-IS-SECURE
X-Content-Age
X-Debug-Log
X-Developers
X-Core-Value
X-Device-Os
X-Cache-Srv
X-F5-Cache
X-Cache-ASPX
X-Fstrz
X-GeoIP-Country-Code
X-HCF
Cache-Tags
X-Cache-CFC
X-Cache-Control-Set-By
X-Cache-Host
X-Fastly-Cache
X-Cache-Expires
X-Forwarded-Host
X-NX-Host
Cdn-Host
On-Server
Ohc-Response-Time
Odigeo-Trace-Id
Origin
X-Server-Group
Pragrma
CDCHOST
Platform
X-Sn-Servicetimems
X-Wikidot-Static-Cache
HTTPS
X-Varnish-HitMiss
Heartbleed
Is-Eu
X-User
X-Wikidot-Backend
X-Trace-Id
X-UnsetCookies
Fastly-SWR
Powered-By
X-Returned-From-BeforeDispatch
X-Returned-From
Fastly-SIE
RNT-Time
RNT-Machine
X-Request-URI
Content-Disposition
X-Debug-Cookies
Cdn-Request-Time
True-Client-Country-4JS
X-Req
X-Returned-From-PostProcessResponse
X-Returned-From-DLL
Request-Time
Fastly-Backend-Name
X-Nginx-Cache
X-Platform
X-Var-Ttl
X-Ms-Request-Id
X-Swa-Ws
X-VG-TLSProxy
X-Refresh
X-Origin-TTL
X-Epic-Correlation-Id
X-Up
X-Ms-Version
X-VServer
X-WR-MODIFICATION
X-Ms-Blob-Type
X-Location
X-Skip-Cache
X-Ms-Lease-Status
X-Stale
HA-Urlpath
X-Eu-Site
HA-Servedtime
Ha-Gx-Prefs
HA-Host
X-Ckpd-Fst-Backend
HA-Cloudapp
RequestId
HA-Geocity
X-CGP
Esi-Enabled
HA-Geolon
HA-Geolat
HA-Geocountry
HA-Georegion
HA-Ipaddr
MI-API
X-Croise-Owner
X-B3-TraceId
X-FireWall-Port
X-Cdn-Forward
X-Redis-Cache
X-From-Cache
Mime-Version
NtCoent-Length
GW-Server
X-Pjax-Url
UCS
Cdn
X-Micro-Cache
X-Varnish-Beresp-TTL
X-Servername
Dnion-Transfer-Encoding
X-MSEdge-Flight
X-MSEdge-Features
X-Hail-Hydra
X-CSRF-Token
X-TIME
WP-Super-Cache
X-Pf-Uncompressing
X-Cache-Handler
X-Varnish-Beresp-Ttl
X-GRACE
X-Via-SSL
X-Cache-FS-Status
X-Varnish-Id
X-Varnish-Url
Dynatrace
X-Csrf-Token
CF-IPCountry
X-Thanos
X-COUNTRY
X-Request-Time
X-Be
X-Bip
Memcached
X-Page-Type
X-GDPR
PageType
PICS-Label
Rt-Proxy-Cache
Get-Access-Time
Memory
X-Cluster-Node
X-Cache-Id
Is-Session-Tracking
WWW-Authenticate
X-Powered-By-ANYU
X-Cache-TTL
X-NC
X-NWS-UUID-VERIFY
X-Via-NSCOPI
X-Ua
X-Key
X-Owner
X-Aicache-OS
X-CUA
Geoip-Latitude
MIME-Version
Geoip-City
GeoIp-Country-Code
Frame-Options
NodeID
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-DataStream-Origin-MEX-Latency
FastCGI-Cache
X-DataStream-MidMile-RTT
X-Webkit-CSP
Mail-Subject
X-Response-Served-From
We-Hiring
Sta2Tusw
X-External-Request-Id
X-TId
X-Auto-Login
X-Dynatrace
X-ServedByHost
X-StackifyID
X-Atg-Version
X-Servedbyhost
X-Frame-Option
X-LiteSpeed-Cache-Control
X-UPSTREAM-Address
CACHE
Version
Section-Io-Cache
X-Shield-Cache-Expires
X-Fastly-Backend-Reqs
X-ADI-VCache
Node
If-Modified-Since
GeoIP-Latitude
GeoIP-Country-Code
X-Varnish-Action
X-CACHE-KEY
X-EC-Security-Audit
X-Tid
GeoIP-City
Magicmarker
X-DC
X-Bug-Bounty
X-BE
Pramga
X-Load-Cache
X-Nananana
Processtime
X-Sentry-ID
COMMERCE-SERVER-SOFTWARE
Pagetype
X-Haproxy-Hostname
X-Public
X-Ig-Deployment-Stage
Pics-Label
X-Request-UUID
X-Haproxy-Ip
CDN
Cache-Cookie-Set-From
X-Gdpr
X-Variation
X-Varnish-Ttl
X-Cache-Debug
X-PAGE-TYPE
RATING
X-Shard
X-ND-Cache
Cache-Provider
X-GEO
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
X-Proxy-Server
X-Surge-Debug
Fastcgi-Useragent
X-Ratelimit-Remaining
Group
V-Cache
X-FORWARDED-FOR
X-Ibm-Trace
Amp-Access-Control-Allow-Source-Origin
Cf-Ipcountry
OT-Force-Account-Verify
X-Irp-Debug
URI
X-Server-W
X-Endurance-Cache-Level
X-Varnish-URL
X-Datadome
X-Pc-Key
X-Pc-Hit
X-Cache-Var
Arc-Country
Accept-Ch
X-Sorting-Hat-ShopId-Cached
X-Cache-Var-Map
X-Pc-Appver
X-SRV
REQUESTUUID
X-Sorting-Hat-FeatureSet
X-Wa
X-Sorting-Hat-PodId-Cached
X-Sorting-Hat-PrivacyLevel
X-Sorting-Hat-Section
Srv
Hostname
X-Pc-Date
X-Pc-Host
X-Ms-Lease-State
X-Fastly-Cache-Hits
Sid
X-HTML-Minification-Powered-By
X-Ratelimit-Limit
X-PF-Uncompressing
Powered
Fastcgi-X-Cache-Version
Fastcgi-X-Cache
X-CacheKey
X-Layer
GEO-REGION-INFO
DataCenter
X-PJAX-URL
X-FW-Version
X-Gen-Id
X-ID
X-GZIP
X-Requestid
N-Cache
X-Feature
X-Served-From
X-Nginx-Cache-Key
X-RequestId
X-Policy
X-Front
X-B3-SpanId
X-RateLimit-Remaining-Second
X-Vcache
X-RateLimit-Limit-Second
X-Litespeed-Cache-Control
X-Unique-Id
Serverid
Xet-Cookie
X-APP
X-NGINX-Cache
X-CDN-Pop
X-Svr
X-Amz-Meta-Sha256
X-CDN-Pop-IP
X-VC
X-Varnish-Info
X-SB
X-Amz-Meta-S3b-Last-Modified
X-Distil-Cs
X-Dw-Trace-Id
Requestid
X-Request-Start
X-Grace-Duration
SID
X-WA
X-ServerName
X-VID
X-DSS
X-DW
X-DI
X-Cookie
X-Amzn-Remapped-Date
X-Amzn-Remapped-Connection
X-DB
X-VG-WebCache
X-HS-Status
X-Akamai-ERRuleID
X-Fe
X-Varnish-ID
X-Akamai-ERPolicy
X-RAMCache
X-RPM
X-RPS
X-RSL