Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Pragma
Accept-Ranges
Last-Modified
Strict-Transport-Security
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
X-XSS-Protection
Expect-CT
Via
X-Cache
Age
Access-Control-Allow-Origin
Content-Security-Policy
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Served-By
X-Varnish
X-Amz-Cf-Id
Referrer-Policy
X-Request-Id
X-Timer
X-AspNet-Version
CF-Cache-Status
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Runtime
Access-Control-Allow-Credentials
X-Download-Options
X-Drupal-Cache
X-Cacheable
X-Generator
Alt-Svc
Content-Security-Policy-Report-Only
X-Xss-Protection
X-AspNetMvc-Version
Status
X-Check
Timing-Allow-Origin
X-Cache-Status
X-Adblock-Key
X-DNS-Prefetch-Control
P3p
X-Iinfo
X-Permitted-Cross-Domain-Policies
X-Content-Security-Policy
X-Template
X-CDN
Content-Encoding
X-Language
X-Turbo-Charged-By
X-Request-ID
X-Buckets
Keep-Alive
X-Type
X-AH-Environment
X-Via
EagleId
Xkey
X-Backend
WPE-Backend
X-Age
X-Pass-Why
Access-Control-Max-Age
X-Cache-Group
X-Server
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-Varnish-Cache
X-Pingback
X-Nginx-Cache-Status
Upgrade
X-Server-Powered-By
X-Drupal-Dynamic-Cache
Grace
Access-Control-Expose-Headers
X-Hacker
X-UA-Device
Cf-Railgun
X-Amz-Request-Id
X-Amz-Id-2
X-Robots-Tag
X-Ua-Compatible
X-LiteSpeed-Cache
X-Proxy-Cache
X-Envoy-Upstream-Service-Time
X-Page-Speed
Request-Context
X-CST
X-Node
X-Ac
X-Cache-Lookup
X-Device
Content-Location
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Cnection
X-WebKit-CSP
X-Amz-Version-Id
X-Host
Surrogate-Control
X-Backend-Server
X-Rack-Cache
X-Response-Time
X-Px
X-Rq
X-Readtime
Allow
Pinterest-Generated-By
X-Application-Context
X-Url
X-Instart-Request-ID
X-Clacks-Overhead
EagleEye-TraceId
Request-Id
X-Server-Id
Server-Timing
X-Country
X-OneAgent-JS-Injection
X-Do-Not-Hack
X-HeyJason
Permitted-Cross-Domain-Policies
X-Server-ID
Report-To
Rating
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Country-Code
X-Cloud-Trace-Context
Edge-Control
X-Varnish-TTL
Charset
X-ESI
X-Powered-CMS
X-PC
X-TtlSet
X-Vname
X-TTL
X-FTR-Request-ID
X-Server-Name
X-CF-Powered-By
X-MS-InvokeApp
X-Cached
X-DataDome
X-Goog-Hash
Feature-Policy
NEL
X-DynaTrace-JS-Agent
X-Vhost
X-Recruiting
Public-Key-Pins
X-Origin-Cache
X-Powered-By-Plesk
X-Cdn-Fetch
X-Exp-Id
X-Exp-Variant
X-Kinja-Revision
X-Kinja-Server
X-Kinja
X-GoogleNews-Bot
X-Geo-Segment
X-Dns-Prefetch-Control
X-Kinja-Build
X-VARITI-CCR
X-F-Cache
X-T
X-DynaTrace
X-Mod-Pagespeed
X-Version
X-D2id
X-ORACLE-DMS-ECID
Pinterest-Version
X-Pinterest-Rid
X-Upstream-Env
Verso
X-Client-IP
X-Abt-Application-Version
X-Dispatcher
SPRequestGuid
X-SharePointHealthScore
PB-RID
PB-PID
X-SRCache-Store-Status
Arc-Version
X-SRCache-Fetch-Status
X-Mobile-Rewrite
X-ORACLE-DMS-RID
Content-MD5
X-N
X-Cdn
RTSS
X-Forwarded-Proto
X-Amz-Rid
X-Hits
X-GitHub-Request-Id
X-Navigation-Version
AR-PoweredBy
AR-ATIME
X-Dw-Request-Base-Id
Nginx-Cache
AR-CACHE
X-Ttl
Realpath
X-B
Paypal-Debug-Id
X-Oneagent-Js-Injection
X-Content-Digest
X-Upstream
X-Pad
X-Grace
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Content-Options
X-TEC-API-VERSION
X-Ruxit-JS-Agent
SPIisLatency
SPRequestDuration
X-Shield-Request-Id
X-Id
X-Varnish-Age
X-Kinsta-Cache
Arr-Disable-Session-Affinity
X-NWS-LOG-UUID
X-Goog-Metageneration
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Generation
Access-Control-Request-Method
MS-Author-Via
X-Acc-Meta-Resource-Type
TCN
X-Cache-Hit
X-Mrf-Section-Lastmod
MRF-Tech
Mrf-Cache-Status
X-Mrf-Item-Lastmod
X-Logged-In
DynaTrace
S
X-Trace
X-Vcap-Request-Id
X-Zen-Fury
X-Origin-Upstream-Status
X-HW
X-MSEdge-Ref
Front-End-Https
X-VCache
Cleartype
X-DIS-Request-ID
X-Frontend
Eomportal-Instance
X-HS-Hub-Id
X-HS-Content-Id
X-FTR-Realm
X-FTR-Balancer
X-FTR-DC
X-FTR-Backend-Server
X-Country-Code-Real
X-FTR-Cache-Status
X-FTR-Backend
Surrogate-Key
X-FTR-Expires
X-Cache-Rule
X-Via-JSL
X-PressLabs-Stats
X-Fastly-Request-ID
X-User-Agent
X-NF-Request-ID
X-XRDS-Location
Service-Worker-Allowed
X-Request-Received
X-Request-Processing-Time
Cache-Status
X-Forwarded-For
Tracecode
Alternate-Protocol
AR-SID
X-IPLB-Instance
Fastcgi-Cache
X-Hostname
Server-Name
X-Fastcgi-Cache
X-Sol
Display
X-Middleton-Display
X-Varnish-Backend
Host
X-Analytics
Backend-Timing
X-FastCGI-Cache
X-Oracle-Dms-Rid
Rt-Fastcgi-Cache
FilterID
X-AOL-HN
Viewport
MicrosoftSharePointTeamServices
TP-Cache
X-Az
X-Activity-Id
X-AppVersion
Public-Key-Pins-Report-Only
TP-L2-Cache
X-Cache-2
X-Wix-Server-Artifact-Id
X-Middleton-Response
X-FTR-Cache-Host
Response
X-Whom
X-Ser
X-XRDS-LOCATION
X-SS-Set-Cookie
X-Proxied
X-Rid
X-Revision
ServerID
X-Contextid
X-Content-Powered-By
X-Srv
X-Cache-Control
X-Magnolia-Registration
X-HOST
X-Debug
AMP-Access-Control-Allow-Source-Origin
X-Cached-By
Refresh
X-Debug-Info
Powered-By-ChinaCache
X-B3-Traceid
X-Oracle-Dms-Ecid
X-Ruxit-Js-Agent
X-Cache-Key
X-Cache-Server
X-Mobile
X-Instance
X-Akam-SW-Version
X-Daa-Tunnel
HitType
HitInfo
Server-Info
X-Webkit-Csp
X-Page-Id
Accept-Charset
X-FB-Debug
X-WPE-Loopback-Upstream-Addr
X-Cache-Age
X-Framework
X-Generated-By
Cache-Tag
X-Content-Security-Policy-Report-Only
X-LB-Cache
X-App-Server
X-BCube-Filmed-By
X-B-Cache
X-App-Environment
Retry-After
X-PHP-Backend
X-TT
X-Signature
X-Request-Guid
X-Geo-Country
X-Varnish-Hostname
X-Handled-By
X-Cache-Operation
Host-Header
X-NewRelic-App-Data
Source
Server-Node
X-Tumblr-User
X-ATG-Version
X-Origin-Server
X-RateLimit-Remaining
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Device-Type
X-Hyper-Cache
X-Varnish-Grace
Upgrade-Insecure-Requests
X-APP-VERSION
DC
X-Amzn-Trace-Id
X-Accel-Expires
X-CLOUD-TRACE-CONTEXT
X-Platform-Server
X-Drupal-Cache-Tags
X-WA-Info
X-GUploader-UploadID
X-Newrelic-App-Data
X-Varnish-Server
X-TT-TIMESTAMP
X-Akamai-Edgescape
X-Cache-Action
MS-CV
Webserver
X-PC-AppVer
NGB
X-URL
X-PC-Hit
X-PC-Key
X-B3-Sampled
Filters
Pagespeed
X-GeoIP
X-Jobs
X-Accel-Buffering
X-WebKit-CSP-Report-Only
X-Cacheable-TTL
X-Cluster
X-Locale
X-Node-Name
Actual-Object-TTL
ServedBy
X-Seen-By
X-Source
X-Wix-Petri-Ex
X-Wix-Request-Id
X-S
X-RTag
X-PC-Host
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-PC-Date
Fastly-Restarts
AsisCache
X-FW-Serve
X-FW-Hash
Liferay-Portal
X-FW-Server
X-FW-Static
X-Correlation-ID
X-RequestSource
X-FW-Type
X-Edge-Location
S-Cnection
Served-By
X-Port
X-Varnish-Hits
X-Cache-Config
X-Distil-CS
X-UA
X-Amz-Meta-S3cmd-Attrs
X-Correlation-Id
Datacenter
X-Amz-Replication-Status
X-Vg-Webcache
X-Cache-TTL-Remaining
X-Region
GEO-INFO
X-TA-CDN-Provider
Country
X-Ocache
Ohc-File-Size
Cache
Content-Script-Type
Content-Style-Type
X-Drupal-Cache-Contexts
Cartoon
X-Guploader-Uploadid
X-Dynatrace-Js-Agent
X-Edge-Cache
X-Edge-Cache-Key
HostName
X-UA-Device-Type
X-Sucuri-ID
X-Cache-Remote
X-RateLimit-Limit
X-Internal-Host
X-GZip
Ar-Sid
X-UUID
X-ServedBy
X-Esi
X-Adobe-Content
X-Adobe-Loc
X-Microcachable
AR-Request-ID
X-Real-IP
X-Varnish-IP
X-Akamai-Transformed
X-Status
X-Yottaa-Metrics
X-Proxy
X-Yottaa-Optimizations
X-DataStream-Cache-Status
X-Cache-Ttl
X-IP
X-Ezoic-Cdn
X-JoinUs
X-Is-Bot
X-Generated
X-Detected-As
X-RN-RSRV
X-Rendered-As
X-Time
X-Akamai-Request-ID
Access-Control-Allow-Method
Meta-Geo
X-App-Name
X-Path-Route
Machine
User-Agent
Load-Balancing
X-OVcl
X-Grey
X-TNCMS
Selected-FE
User-Cache-Control
X-Proxy-Build
X-Backend-Name
Mn-Server-Ip
Healthy
X-OVcl-Cache
X-Timing-Wait
X-Amz-Server-Side-Encryption
X-Cache-Category-Id
X-Mode
X-Web-Node
X-Agile-Id
X-Loop
X-Agile
X-Agile-Age
X-Varnish-Cache-Hits
X-Varnish-Cacheable
IBM-Web2-Location
X-Unique-ID
X-Upgrade-Enabled
X-BYPASS-REASON
X-Debug-Cache
Backend
X-Tb
X-Time-Microsecs
X-FC-Vary-Parameters
X-ServerID
X-ProxyCache-Status
X-Origin
X-ProxyCache-Key
S-Rt
X-Instance-Name
X-BB-IP
X-Hosted-By
X-Human
Payment
ServerName
Cache-Key
X-PERF
X-Distributor
X-OCL
X-ProcessESI
Now
Azure-RegionName
Azure-SlotName
Azure-Version
X-ApacheServer
Xserver
Azure-InstanceId
X-Site-Version
SRV
X-CDN-Forward
X-NodeID
X-RemovedCookies
DB-Nickname
X-PCL
X-NCache
L5d-Success-Class
Azure-SiteName
X-Content-Type
X-CDN-Cache
X-Viewer-Country
Cache-Name
X-TX-ID
X-Original-Request
X-EIG-Tracking-Id
X-Xfnlog-Site
TWC-Connection-Speed
X-Vgn-Hpd-Reason
Property-Id
X-Origin-Hint
X-AWS-Id
TWC-Device-Class
TWC-GeoIP-LatLong
Webcakes-App-Name
Webcakes-App-Version
Webcakes-Region
X-Zipkin-Id
TWC-Privacy
X-Access
TWC-Locale-Group
TWC-GeoIP-Country
X-Www-Served-By
X-LJ-Flow-ID
X-Section
Dont-Set-Cookie
X-VWS-Id
X-CCM
X-SplitTest
X-Routing-Service
X-TWH-CORRELATION-ID
X-Via-Fastly
X-Amz-Meta-Surrogate-Control
X-Pubstack
X-Format
X-Origin-CC
X-MP-GENERATED-AT
LB
X-NGENIX-Cache
X-Storage
X-Litespeed-Cache
X-Nc
X-Rocket-Nginx-Bypass
X-HS-Cache-Config
X-Webstats-RespID
Cache-Hits
Edge-Cache-Tag
Countrycode
X-Amz-Apigw-Id
Access-Control-Request-Headers
X-Generation-Time
X-Proto
X-Amzn-RequestId
X-Cache-HT
X-B3-Spanid
X-Geo
X-Optimization
X-Newrelic-Synthetics
X-Sucuri-Cache
X-Dc
X-Labrador-Cache-Channel
Apicache-Store
Apicache-Version
X-Cache-NE
Accept-CH
X-Cache-Backend
WZWS-RAY
X-Meta-Tbi-Cache-Vertical
X-Environment-Context
X-L-Path
X-Birta-Served
X-Birta-Cache-Post
X-SERVER-NAME
X-Connection-Hash
X-Twitter-Response-Tags
X-Tumblr-Pixel-3
X-Transaction
X-Oss-Request-Id
X-Oss-Server-Time
X-Oss-Storage-Class
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-Webkit-CSP
Fastly-SSL
X-Servedby
X-Real-Ip
Ec-Rule-Version
From-Origin
X-CACHE-GROUP
X-Hit
NnCoection
Ws
X-M-Reqid
X-M-Log
PageSpeed
X-Qnm-Cache
X-Rule
X-EdgeConnect-Cache-Status
X-Varnish-Beresp-Grace
X-Alicdn-Da-Ups-Status
X-Varnish-Beresp-Status
Cteonnt-Length
NODE
X-SERVER
X-Upstream-HT
ProcessTime
Ms-Operation-Id
X-Upstream-CT
X-Cache-Enabled
X-Planisys-CDN-TTL
X-Destination
Meta-Geo-Continent
MI-Cache
X-B-Cookie
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-Developer
X-BBXSRF
MI-Cache-Age
X-Region-Sid
X-Rewrite-Enabled
X-Rojux
X-S-Cookie
X-ScT
X-A-Ccd
X-Response-By
X-Date
X-ARC
X-Application
MD5-Digest
X-PAYTM-SRV-ID
Fly-Request-Id
X-Matched-Rule
X-MI-In-Market
Cache-Prefix
Cneonction
Fly-Cache
X-Hl-Ver
Fastly-Soc-X-Request-Id
Country-Code
X-Hash
X-NU-AKA-ACS-Version
X-Generated-In
X-From
X-Fetched-On
X-Died
Host-ID
X-G
X-BB-ID
BehaviorPad-Version
X-Org
GMS-Ver
X-Server-By
X-D
X-UE-Client-Country
X-A-Dcw
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
Thinkindot-Control
X-TT-LOGID
X-Trv-Group
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
SN
T-Server
X-VG-WebServer
X-Via-CDN
X-Wix-Route-ID
Warning
Xc-Version
Www
X-A
VivaBuild
Viewtype
X-Via-Edge
X-A-Dam
V-Age
X-We-Are-Hiring
X-SRCache-Key
X-Thinkindot-L3
X-CF-Lambda-Version
X-Server-Time
X-Accel-Expires-Debug
Rendered-Blocks
X-CF-Lambda-Fn
Resin-Trace
X-A-Dgt
Server-Host
X-A-Wwc
X-V
X-C
X-HS-Combine-CSS
X-GeoIP-City
Proxy-Connection
X-Crawler
X-CS
PFcat
X-Core-Mission
X-GeoIP-Country-Code
X-Alternate-Cache-Key
Web-Mar-Node
X-Cache-Bucket
X-IN-APIGATEWAY
X-Hnp-Log
Request-Country
X-Gen-Mode
Request-EU
X-Cache-URL
Origin-Cache-Control
Kp-EeAlive
IsBot
X-Backend-Url
Release
X-Backend-State
NGX
Httpd-Identifier
X-Block-Status
Origin-Edge-Control
X-Clientip
X-Backend-Host
Server-ID
X-Env
Server-Int
X-Edge-IP
Uber-Trace-Id
Apple-News-Services-Host
X-ShopId
X-P-T
X-ShardId
X-Origin-Expires
X-Shopify-Stage
X-SIPLIST1
X-Dispatcher-Server
X-Sf
X-ServiceProvider
X-Req
X-Release
X-RCS-CacheZone
X-WebServer
X-Nf-Srv-Version
X-Server-IP
X-IN-SSL-APIGATEWAY
X-Ver
Ajk
X-IN-WAF
X-Info
X-Logtrace-Id
Decoy-Debug-Key
XServer
Decoy-Debug-TTL
Decoy-Debug-Status
X-No-Session
X-Node-Id
X-Sorting-Hat-PodId
X-Origin-Date
X-S-Maxage
Apple-News-Services-Handled
Apple-News-Services-Parsed-Url
X-Sorting-Hat-ShopId
Apple-News-Services-Request-Url
X-Worker
X-ElasticPress-Search
X-CCM-LastModified
X-Nginx-Cache
X-Cache-Host
X-VG-TLSProxy
X-Cache-ASPX
X-Edge-Server
X-Cache-CFC
X-Varnish-HitMiss
X-Up
X-UnsetCookies
X-DPWN-IS-SECURE
X-Cache-Time
X-Amz-Meta-Cache-Control
X-Origin-TTL
Pragrma
X-Trace-Id
X-Wikidot-Static-Cache
Is-Eu
Cdn-Request-Time
Adler-Geo
X-Cache-Control-Set-By
X-Wikidot-Backend
MI-API
Platform
X-Cache-Srv
X-Cache-Expires
Odigeo-Trace-Id
X-VServer
Cdn-Host
X-Returned-From-PostProcessResponse
X-Passed-To-BeforeDispatch
X-Passed-To
X-Device-Os
X-Developers
X-Passed-To-DLL
X-Phone
X-Passed-To-PostProcessResponse
X-Epic-Correlation-Id
X-Eu-Site
X-NX-Host
X-HCF
X-Fstrz
X-Forwarded-Host
X-F5-Cache
X-Fastly-Cache
X-Platform
X-Rebelmouse-Cache-Control
X-Server-Group
X-Core-Value
X-CGP
X-Sn-Servicetimems
X-Swa-Ws
X-Cdn-Srv
X-Returned-From-DLL
X-Returned-From-BeforeDispatch
X-Reboot
X-Rebelmouse-Surrogate-Control
X-Debug-Log
X-Debug-Cookies
X-Returned-From
X-Request-URI
X-Cdn-Origin
X-Content-Age
HA-Host
HA-Ipaddr
Ha-Gx-Prefs
HA-Georegion
HA-Geolon
HA-Servedtime
HA-Urlpath
On-Server
Ohc-Response-Time
HTTPS
CDCHOST
HA-Geolat
HA-Geocountry
AKAMAI
Fastly-Backend-Name
Backend-Name
Content-Disposition
Cache-Tags
Fastly-SIE
Fastly-SWR
HA-Geocity
HA-Cloudapp
X-App-Version
Time
Origin
Heartbleed
Request-Time
RNT-Time
RNT-Machine
X-Actual-URL
Powered-By
True-Client-Country-4JS
X-Backend-TTL
Who
X-Ms-Blob-Type
X-Ms-Version
X-Ms-Lease-Status
Mime-Version
X-GoCache-CacheStatus
X-Ms-Request-Id
X-Var-Ttl
NtCoent-Length
X-User
Esi-Enabled
X-Refresh
X-Location
X-Stale
X-Skip-Cache
RequestId
X-Ckpd-Fst-Backend
X-FireWall-Port
Dnion-Transfer-Encoding
X-Croise-Owner
Cdn
X-Micro-Cache
X-Redis-Cache
X-From-Cache
X-Servername
X-CSRF-Token
X-Pjax-Url
X-Varnish-Beresp-Ttl
X-B3-TraceId
X-WR-MODIFICATION
X-Cdn-Forward
X-MSEdge-Features
X-Cache-FS-Status
X-Pf-Uncompressing
UCS
GW-Server
X-Via-SSL
X-MSEdge-Flight
X-GRACE
WP-Super-Cache
Dynatrace
X-Varnish-Beresp-TTL
X-Cache-Handler
X-COUNTRY
Get-Access-Time
X-TIME
X-Powered-By-ANYU
Is-Session-Tracking
CF-IPCountry
X-Varnish-Url
WWW-Authenticate
X-Request-Time
X-Owner
PICS-Label
X-Key
X-GDPR
Rt-Proxy-Cache
X-Varnish-Id
Frame-Options
X-NWS-UUID-VERIFY
X-Csrf-Token
NodeID
X-Thanos
X-Hail-Hydra
X-Ua
X-Bip
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Aicache-OS
Memcached
X-CUA
PageType
X-Atg-Version
X-Response-Served-From
Mail-Subject
X-Be
Memory
Geoip-City
GeoIp-Country-Code
Geoip-Latitude
X-Page-Type
X-Cache-Id
X-External-Request-Id
We-Hiring
X-Cache-TTL
X-NC
FastCGI-Cache
X-Cluster-Node
X-Via-NSCOPI
MIME-Version
X-Dynatrace
X-ServedByHost
X-LiteSpeed-Cache-Control
Section-Io-Cache
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
CACHE
X-Auto-Login
Version
Sta2Tusw
X-Nananana
X-Varnish-Action
X-UPSTREAM-Address
X-TId
If-Modified-Since
X-DC
X-Servedbyhost
X-Fastly-Backend-Reqs
Magicmarker
X-StackifyID
X-Load-Cache
X-Frame-Option
X-Tid
X-CACHE-KEY
Node
GeoIP-City
GeoIP-Latitude
X-BE
X-Request-UUID
GeoIP-Country-Code
Pagetype
X-PAGE-TYPE
X-Ig-Deployment-Stage
X-EC-Security-Audit
COMMERCE-SERVER-SOFTWARE
X-GEO
X-Variation
X-Sentry-ID
Processtime
X-Shield-Cache-Expires
X-Ibm-Trace
X-Shard
X-ADI-VCache
RATING
Pics-Label
X-Proxy-Server
X-Pc-Key
X-Pc-Appver
X-Varnish-Ttl
X-Bug-Bounty
URI
X-Pc-Hit
X-Server-W
Pramga
X-Irp-Debug
Group
CDN
V-Cache
X-Pc-Date
X-Pc-Host
Sid
X-FORWARDED-FOR
X-Gdpr
X-Public
X-Haproxy-Hostname
X-Haproxy-Ip
Arc-Country
X-Wa
X-Varnish-URL
X-Datadome
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
Srv
X-SRV
X-HTML-Minification-Powered-By
X-ND-Cache
X-Endurance-Cache-Level
X-Cache-Debug
Cache-Provider
Cf-Ipcountry
Cache-Cookie-Set-Lfrom
X-Surge-Debug
X-Layer
X-FW-Version
X-Ratelimit-Remaining
X-Fastly-Cache-Hits
OT-Force-Account-Verify
Fastcgi-Useragent
X-RateLimit-Remaining-Second
DataCenter
X-Sorting-Hat-PodId-Cached
X-Sorting-Hat-PrivacyLevel
X-Gen-Id
X-PJAX-URL
X-Sorting-Hat-FeatureSet
GEO-REGION-INFO
X-ID
X-Nginx-Cache-Key
X-Sorting-Hat-ShopId-Cached
X-Sorting-Hat-Section
REQUESTUUID
Accept-Ch
X-RateLimit-Limit-Second
X-PF-Uncompressing
X-GZIP
X-Ratelimit-Limit
X-APP
X-Litespeed-Cache-Control
X-Dw-Trace-Id
X-CacheKey
X-B3-SpanId
X-Unique-Id
Powered
X-Cache-Var-Map
X-Feature
N-Cache
X-Cache-Var
X-Ms-Lease-State
Fastcgi-X-Cache
X-RequestId
Fastcgi-X-Cache-Version
X-Vcache
Serverid
Hostname
X-Policy
X-Distil-Cs
X-RAMCache
X-CDN-Pop
X-Front
Lb
X-CDN-Pop-IP
X-VC
X-SB
X-Varnish-Info
Xet-Cookie
X-NGINX-Cache
X-Served-From
X-Cookie
X-Requestid
X-Gannett-Site-Version
X-Secret
X-WA
X-Grace-Duration
X-Request-Start
X-Varnish-ID
X-Fe
X-Akamai-ERRuleID
X-Akamai-ERPolicy
X-VG-WebCache
X-Amzn-Remapped-Connection
X-ServerName
X-Amzn-Remapped-Date
Requestid
X-HS-Status