Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
Last-Modified
Accept-Ranges
Pragma
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
Expect-CT
Via
X-XSS-Protection
X-Cache
Age
Access-Control-Allow-Origin
Content-Security-Policy
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Served-By
X-Amz-Cf-Id
X-Varnish
Referrer-Policy
X-Xss-Protection
X-Timer
CF-Cache-Status
X-FRAME-OPTIONS
Access-Control-Allow-Headers
X-AspNet-Version
X-Request-Id
Access-Control-Allow-Methods
X-Runtime
X-Download-Options
Access-Control-Allow-Credentials
X-Drupal-Cache
X-Cacheable
Alt-Svc
X-Request-ID
X-Generator
Content-Security-Policy-Report-Only
X-Check
X-AspNetMvc-Version
Status
X-Cache-Status
X-Adblock-Key
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Iinfo
X-Permitted-Cross-Domain-Policies
X-Template
Content-Encoding
X-Language
X-Content-Security-Policy
X-Turbo-Charged-By
X-CDN
X-Type
X-Buckets
Keep-Alive
Xkey
X-AH-Environment
X-Backend
X-Cache-Group
Access-Control-Max-Age
WPE-Backend
X-Pass-Why
X-Age
CF-Ray
Upgrade
X-POWERED-BY
X-Server
EagleId
Access-Control-Expose-Headers
X-Via
X-Nginx-Cache-Status
X-Server-Powered-By
X-Drupal-Dynamic-Cache
X-Pingback
X-Varnish-Cache
Grace
X-Hacker
X-Amz-Id-2
X-Amz-Request-Id
X-Swift-SaveTime
X-Swift-CacheTime
X-UA-Device
X-Robots-Tag
Ali-Swift-Global-Savetime
Cf-Railgun
P3p
X-LiteSpeed-Cache
X-Proxy-Cache
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Ua-Compatible
Request-Context
Content-Location
X-Device
X-Ac
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Cnection
X-Node
X-Amz-Version-Id
X-Host
X-Cache-Lookup
Surrogate-Control
X-Server-Id
X-WebKit-CSP
X-Backend-Server
X-Rq
X-Rack-Cache
X-Response-Time
X-Application-Context
X-Readtime
EagleEye-TraceId
X-CST
Server-Timing
X-Url
Pinterest-Generated-By
X-Cloud-Trace-Context
X-TTL
Request-Id
X-Instart-Request-ID
Report-To
X-OneAgent-JS-Injection
X-Px
X-Country
X-ORACLE-DMS-ECID
X-Clacks-Overhead
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Feature-Policy
Edge-Control
Rating
X-Country-Code
Allow
X-DynaTrace-JS-Agent
Charset
X-Powered-CMS
X-Server-Name
X-TtlSet
X-Vname
X-PC
X-Dns-Prefetch-Control
X-FTR-Request-ID
X-DataDome
X-ESI
X-Origin-Cache
X-DynaTrace
NEL
X-MS-InvokeApp
X-Cached
X-Goog-Hash
X-Recruiting
X-ORACLE-DMS-RID
X-Varnish-TTL
X-Vhost
X-VARITI-CCR
X-GitHub-Request-Id
RTSS
Content-MD5
X-F-Cache
X-Version
X-Geo-Segment
X-Cdn-Fetch
X-Exp-Variant
X-Exp-Id
X-Kinja
X-GoogleNews-Bot
X-Kinja-Revision
X-Kinja-Server
X-Kinja-Build
X-Powered-By-Plesk
Public-Key-Pins
Accept-CH
PB-RID
PB-PID
Arc-Version
X-Mobile-Rewrite
X-Mod-Pagespeed
X-D2id
X-Upstream-Env
X-Pinterest-Rid
Pinterest-Version
Verso
X-Client-IP
MS-Author-Via
X-Abt-Application-Version
SPRequestGuid
X-CF-Powered-By
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Dispatcher
X-N
X-SharePointHealthScore
X-Amz-Rid
Accept-CH-Lifetime
AR-PoweredBy
AR-ATIME
X-Navigation-Version
Nginx-Cache
AR-CACHE
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Dw-Request-Base-Id
X-Trace
X-T
DynaTrace
X-Fastly-Request-ID
Paypal-Debug-Id
X-Upstream
X-Varnish-Age
X-Hits
Arr-Disable-Session-Affinity
X-Server-ID
TCN
X-Forwarded-Proto
X-DIS-Request-ID
X-Origin-Upstream-Status
X-Id
X-Grace
X-Amz-Meta-S3cmd-Attrs
X-Pad
SPIisLatency
SPRequestDuration
X-Shield-Request-Id
X-HeyJason
X-Ruxit-JS-Agent
Permitted-Cross-Domain-Policies
X-FastCGI-Cache
X-Do-Not-Hack
X-Content-Options
AR-SID
X-Content-Digest
Realpath
X-NF-Request-ID
X-Cache-Hit
X-Kinsta-Cache
X-IPLB-Instance
Access-Control-Request-Method
X-Logged-In
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
X-Acc-Meta-Resource-Type
Mrf-Cache-Status
MRF-Tech
X-B
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-HW
X-Vcap-Request-Id
X-SS-Set-Cookie
X-Oneagent-Js-Injection
X-Debug
S
Service-Worker-Allowed
X-MSEdge-Ref
X-Ser
X-XRDS-Location
X-Wix-Server-Artifact-Id
Server-Name
X-Frontend
X-PressLabs-Stats
X-Cache-Key
X-Country-Code-Real
X-FTR-Cache-Status
X-FTR-DC
X-FTR-Balancer
Tracecode
X-FTR-Backend
X-FTR-Backend-Server
X-FTR-Realm
X-NewRelic-App-Data
AMP-Access-Control-Allow-Source-Origin
X-FTR-Expires
Rt-Fastcgi-Cache
Fastcgi-Cache
Surrogate-Key
X-Forwarded-For
X-Webkit-CSP
X-GUploader-UploadID
Eomportal-Instance
Alternate-Protocol
Fastly-Restarts
X-Cache-Rule
Cleartype
Cache-Status
Backend-Timing
X-Analytics
X-Srv
Host
X-HS-Content-Id
X-HS-Hub-Id
X-Revision
TP-L2-Cache
TP-Cache
X-Rid
X-VCache
X-RateLimit-Remaining
X-User-Agent
X-Whom
Public-Key-Pins-Report-Only
X-XRDS-LOCATION
X-FTR-Cache-Host
X-Accel-Buffering
FilterID
X-Debug-Info
X-Akam-SW-Version
X-NWS-LOG-UUID
X-Oracle-Dms-Rid
ServerID
X-AOL-HN
X-TA-CDN-Provider
X-Cache-2
X-Varnish-Backend
X-Via-JSL
Front-End-Https
X-Content-Powered-By
Accept-Charset
X-Mobile
X-Request-Received
X-Request-Processing-Time
X-Zen-Fury
X-Cdn
X-Kinja-Server-Push
Viewport
X-Cached-By
X-Ttl
X-WPE-Loopback-Upstream-Addr
X-Node-Name
X-B3-Traceid
X-App-Environment
X-Magnolia-Registration
X-LB-Cache
Liferay-Portal
X-Correlation-Id
X-Cluster
X-Tumblr-Pixel-0
X-Tumblr-User
X-Tumblr-Pixel
X-Page-Id
X-Varnish-Hostname
Host-Header
X-Content-Security-Policy-Report-Only
X-Cache-Control
X-Handled-By
X-Framework
X-Request-Guid
X-TT
X-Device-Type
X-B3-Sampled
X-Akamai-Edgescape
X-Instance
X-Platform-Server
X-Signature
X-B-Cache
X-BCube-Filmed-By
X-FB-Debug
DC
Upgrade-Insecure-Requests
Cache-Tag
X-Cache-Server
X-Hostname
X-Origin-Server
Server-Node
X-TT-TIMESTAMP
MicrosoftSharePointTeamServices
Source
X-Amzn-Trace-Id
X-Sol
X-Middleton-Display
Display
Retry-After
X-Accel-Expires
X-Servedby
X-WA-Info
X-Contextid
X-Varnish-Server
HitInfo
Server-Info
X-Cache-Action
HitType
X-Distil-CS
X-Cache-Operation
X-APP-VERSION
X-Esi
X-Wix-Request-Id
X-Port
X-Seen-By
Content-Style-Type
Content-Script-Type
Webserver
X-GeoIP
X-RequestSource
X-Generated-By
X-Tumblr-Pixel-2
X-Fastcgi-Cache
X-Edge-Location
X-Tumblr-Pixel-1
X-S
X-WebKit-CSP-Report-Only
GEO-INFO
X-Locale
User-Agent
X-Status
Healthy
X-Jobs
X-Amz-Replication-Status
Actual-Object-TTL
X-Region
X-Edge-Cache-Key
X-Edge-Cache
X-Varnish-Hits
AsisCache
X-Geo-Country
X-Response-Served-From
X-UUID
X-FW-Serve
X-FW-Server
X-TX-ID
X-Adobe-Loc
X-Drupal-Cache-Tags
X-FW-Static
X-FW-Hash
X-FW-Type
ServedBy
X-Adobe-Content
SRV
X-Hyper-Cache
X-Daa-Tunnel
Refresh
X-DataStream-Cache-Status
X-Newrelic-App-Data
X-ATG-Version
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Middleton-Response
X-Varnish-Grace
Response
X-Cache-TTL-Remaining
Filters
IBM-Web2-Location
X-Iejgwucgyu
X-Cache-NE
X-Cache-Age
X-Amz-Server-Side-Encryption
NGB
S-Cnection
Payment
X-Content-Type
X-Az
X-Activity-Id
X-AppVersion
X-Proxied
Datacenter
X-Pc-Appver
X-Pc-Key
X-CDN-Forward
X-Pc-Hit
X-Cache-Remote
X-App-Server
X-Cache-TTL
X-Cacheable-TTL
X-Ruxit-Js-Agent
X-Vg-Webcache
Cache
Country
X-Kong-Proxy-Latency
Served-By
X-Kong-Upstream-Latency
X-Unique-ID
X-HS-Cache-Config
X-UA
Edge-Cache-Tag
AR-Request-ID
X-Sucuri-ID
X-Mode
X-Akamai-Transformed
Machine
X-Varnish-IP
X-RemovedCookies
X-Rendered-As
X-RN-RSRV
X-Is-Bot
X-Cache-Var
X-ProcessESI
X-Detected-As
X-Cache-Var-Map
Load-Balancing
Meta-Geo
X-Proxy
X-Rocket-Nginx-Bypass
X-Real-IP
X-FC-Vary-Parameters
X-Varnish-Cache-Hits
TWC-GeoIP-Country
TWC-Privacy
X-Grey
X-EIG-Tracking-Id
X-Hosted-By
X-Rule
X-Human
X-Varnish-Cacheable
User-Cache-Control
Webcakes-App-Name
Webcakes-Region
Webcakes-App-Version
X-Amz-Meta-Surrogate-Control
X-BB-IP
X-Cache-Category-Id
X-BYPASS-REASON
X-Tb
X-ServerID
TWC-Connection-Speed
TWC-Device-Class
Property-Id
Mn-Server-Ip
Cache-Name
DB-Nickname
TWC-GeoIP-LatLong
X-Origin-Hint
TWC-Locale-Group
X-ProxyCache-Status
X-ProxyCache-Key
X-OCL
X-PCL
X-Origin
Access-Control-Allow-Method
Backend
X-Generated
X-Format
X-Environment-Context
Azure-InstanceId
X-Hit
X-JoinUs
X-NodeID
X-Loop
S-Rt
Azure-RegionName
Azure-SiteName
X-Access
Now
ServerName
L5d-Success-Class
X-CDN-Cache
Azure-SlotName
Azure-Version
X-Debug-Cache
X-Original-Request
X-L-Path
X-Site-Version
X-Section
X-TNCMS
X-Viewer-Country
X-HS-Combine-CSS
X-Zipkin-Id
X-Routing-Service
X-Upgrade-Enabled
X-AWS-Id
X-App-Name
X-Cache-Config
Cache-Key
X-Via-Fastly
X-VWS-Id
X-ApacheServer
X-Agile-Id
X-RateLimit-Limit
Selected-FE
X-PERF
X-Agile
X-Agile-Age
X-Proxy-Build
X-Www-Served-By
X-SplitTest
X-Timing-Wait
X-Pubstack
X-IP
X-LJ-Flow-ID
X-TWH-CORRELATION-ID
X-Ocache
Access-Control-Request-Headers
X-NGENIX-Cache
X-Origin-CC
OT-Force-Account-Verify
X-Drupal-Cache-Contexts
X-CCM
X-Backend-Name
X-OVcl
X-Source
X-Correlation-ID
X-OVcl-Cache
X-HOST
X-Nginx-Cache
X-Xfnlog-Site
X-Upstream-HT
X-Upstream-CT
X-URL
X-Pc-Host
X-Pc-Date
Powered-By-ChinaCache
X-Akamai-Request-ID
HostName
X-Mrs-Cache-Hits
X-Mshield-Cache-Status
X-Mrs-Cache
Fastcgi-X-Cache-Version
Fastcgi-X-Cache
X-Mrs-Age
Fastcgi-Useragent
X-Storage
X-Vgn-Hpd-Reason
From-Origin
X-Forwarded-Host
X-Amzn-RequestId
X-NC
X-Amz-Apigw-Id
X-Litespeed-Cache
Fastly-SSL
Pagespeed
X-Time-Microsecs
X-Internal-Host
X-NCache
X-Feature
X-M-Reqid
X-M-Log
X-Qnm-Cache
X-Distributor
X-Varnish-Beresp-Grace
X-Microcachable
X-Release
X-Varnish-Beresp-Status
X-UA-Device-Type
X-Birta-Cache-Post
XServer
X-Labrador-Cache-Channel
LB
X-Birta-Served
Pagetype
X-Ms-Blob-Type
X-Ms-Request-Id
X-Ms-Lease-Status
X-Ms-Version
NtCoent-Length
X-VG-TLSProxy
X-EdgeConnect-Cache-Status
X-Cache-Backend
X-B3-Spanid
X-Transaction
X-Twitter-Response-Tags
X-App-Version
X-PHP-Backend
X-Connection-Hash
X-Webkit-Csp
Time
MIME-Version
Frame-Options
X-Sucuri-Cache
X-C
X-IN-APIGATEWAY
Xc-Version
Mobile-Detection-Method
X-D
X-Dispatcher-Server
MD5-Digest
X-Web-Node
X-PAYTM-SRV-ID
X-CUA
X-NU-AKA-ACS-Version
BehaviorPad-Version
X-Destination
Cache-Prefix
Www
X-Date
VivaBuild
Viewtype
V-Age
Arc-Country
X-Developer
AKAMAI
Ajk
X-Logtrace-Id
X-A
X-Org
X-Irp-Debug
Cneonction
X-IN-WAF
X-IN-SSL-APIGATEWAY
X-A-Wwc
X-No-Session
Meta-Geo-Continent
X-A-Ccd
X-A-Dam
X-A-Dcw
X-A-Dgt
X-Accel-Expires-Debug
NGX
X-Died
X-CF-Lambda-Fn
X-BB-ID
X-UE-Client-Country
X-Generated-In
X-Region-Sid
X-Generation-Time
X-CF-Lambda-Version
Host-ID
X-Request-UUID
X-Rewrite-Enabled
X-Trv-Group
X-G
X-SRCache-Key
X-SIPLIST1
Rendered-Blocks
X-Instance-Name
X-From
X-S-Cookie
X-Rojux
Fly-Request-Id
X-Via-SSL
X-Cache-Bucket
X-DPWN-IS-SECURE
X-ScT
T-Server
Ec-Rule-Version
X-Server-Time
X-WebServer
X-Server-By
X-Redis-Cache
X-CS
Server-Int
X-VG-WebServer
IsBot
X-B-Cookie
X-Via-Edge
X-ARC
X-Via-CDN
Fly-Cache
X-Application
X-Powered-By-ANYU
WZWS-RAY
X-FireWall-Port
X-SERVER-NAME
Magicmarker
Backend-Name
Server-Host
X-Layer
HA-Geocity
Country-Code
X-Gen-Mode
GMS-Ver
X-GeoIP-City
SN
X-Hnp-Log
X-Hl-Ver
X-Hash
HA-Cloudapp
HA-Geocountry
HA-Host
HA-Ipaddr
HA-Servedtime
Ha-Gx-Prefs
HA-Georegion
X-Key
HA-Geolat
HA-Geolon
HA-Urlpath
X-CGP
X-Fastly-Cache
X-GZip
Origin-Cache-Control
X-UnsetCookies
NodeID
X-Amz-Meta-Cache-Control
X-Varnish-Action
X-Var-Ttl
Origin-Edge-Control
X-Core-Value
X-Cache-Enabled
X-External-Request-Id
X-S-Maxage
X-Crawler
X-Block-Status
X-Store
Release
X-F5-Cache
X-RateLimit-Remaining-Second
X-VCT
X-Origin-TTL
X-Owner
X-Eu-Site
X-RateLimit-Limit-Second
X-NX-Host
X-Node-Id
Web-Mar-Node
X-Debug-Log
X-Debug-Cookies
X-Request-Time
X-V
X-Cache-CFC
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-We-Are-Hiring
X-VServer
X-Phone
X-Platform
X-Webstats-RespID
X-NWS-UUID-VERIFY
PageSpeed
ViewerVersion
Request-Country
X-Epic-Correlation-Id
Proxy-Connection
Request-EU
X-Core-Mission
X-Cache-URL
X-Cdn-Origin
X-Backend-TTL
X-Backend-State
X-Cache-Srv
X-Backend-Url
X-Croise-Owner
X-Cache-Expires
X-Cache-Host
X-Cdn-Srv
X-Backend-Host
Thinkindot-Control
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
X-Developers
Uber-Trace-Id
Pragrma
X-Clientip
X-Actual-URL
Section-Io-Cache
X-Passed-To-BeforeDispatch
X-Passed-To-PostProcessResponse
X-Passed-To-DLL
X-RCS-CacheZone
X-Reboot
X-Response-By
X-Request-URI
X-Passed-To
X-Cluster-Node
X-Matched-Rule
X-Alternate-Cache-Key
X-MI-In-Market
Platform
X-Nginx-Cache-Key
X-MSEdge-Flight
X-Returned-From
X-Returned-From-BeforeDispatch
X-Trace-Id
X-Thinkindot-L3
X-TT-LOGID
X-Tumblr-Pixel-3
X-Variation
X-Up
X-Swa-Ws
X-Stale
X-Returned-From-PostProcessResponse
X-Returned-From-DLL
X-Secret
X-Server-IP
X-Sn-Servicetimems
X-Sf
X-ShardId
X-MSEdge-Features
Is-Eu
Kp-EeAlive
X-ShopId
X-Gannett-Site-Version
Esi-Enabled
X-GeoIP-Country-Code
MI-API
MI-Cache
Origin
PFcat
X-Fetched-On
Odigeo-Trace-Id
MI-Cache-Age
X-HTML-Minification-Powered-By
Heartbleed
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
Countrycode
X-Location
Adler-Geo
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
X-Shopify-Stage
CDCHOST
Apple-News-Services-Handled
Apple-News-Services-Request-Url
X-CACHE-AGE
X-Policy
Powered
X-Worker
X-Fstrz
X-Device-Os
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-FW-Version
X-Servername
X-Content-Age
X-ServiceProvider
X-ElasticPress-Search
Sid
Fastly-Backend-Name
Resin-Trace
X-Ckpd-Fst-Backend
RNT-Time
X-Varnish-Beresp-Ttl
Cache-Tags
Fastly-SIE
On-Server
Content-Disposition
Fastly-SWR
Request-Time
Server-ID
RNT-Machine
X-Alicdn-Da-Ups-Status
Decoy-Debug-Key
Decoy-Debug-TTL
True-Client-Country-4JS
Decoy-Debug-Status
X-Ezoic-Cdn
X-Ua
X-Skip-Cache
HTTPS
ProcessTime
X-SERVER
REQUESTUUID
X-Dc
Xserver
Cteonnt-Length
X-Pf-Uncompressing
Warning
X-Csrf-Token
CF-IPCountry
X-Proto
X-Oss-Server-Time
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
X-Oss-Request-Id
RequestId
X-Oss-Storage-Class
X-Endurance-Cache-Level
WP-Super-Cache
CDN
X-Planisys-CDN-TTL
X-Refresh
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-TIME
We-Hiring
X-Req
X-Servedbyhost
Mail-Subject
X-Real-Ip
X-Newrelic-Synthetics
X-Pjax-Url
X-Surge-Debug
X-Datadome
CACHE
X-GEO
X-Cache-ASPX
Hostname
X-B3-TraceId
Ar-Sid
X-Aed
Dnion-Transfer-Encoding
X-Time
X-GoCache-CacheStatus
X-CSRF-Token
X-Nc
X-Varnish-Ttl
X-Edge-IP
X-Varnish-Beresp-TTL
Pramga
X-CLOUD-TRACE-CONTEXT
X-DC
X-GRACE
NODE
X-Atg-Version
X-Server-W
TSSecure
X-COUNTRY
GeoIp-Country-Code
X-Geo
Geoip-Latitude
NnCoection
X-Guploader-Uploadid
X-Ms-Lease-State
X-Origin-Expires
X-Page-Type
X-Origin-Date
X-Oracle-Dms-Ecid
X-Cache-Control-Set-By
X-Hello
X-DataStream-MidMile-RTT
X-HCF
X-Flog
X-ABtesting
X-Aicache-OS
X-DataStream-Origin-MEX-Latency
X-Varnish-HitMiss
X-Cdn-Forward
MS-CV
SD-X-WS
A
X-WA
X-Varnish-Url
X-Akamai-Request-ID2
X-Auto-Login
Lfy
WWW-Authenticate
X-Amz-Cf-Pop
X-Server-Group
Cdn
X-UPSTREAM-Address
Geoip-City
FSS-Proxy
Processtime
FSS-Cache
X-Ratelimit-Limit
X-Wix-Route-ID
X-Wa
PICS-Label
Mime-Version
Node
X-Varnish-URL
X-Via-NSCOPI
Rt-Proxy-Cache
X-From-Cache
X-PAGE-TYPE
Lb
X-Sentry-ID
X-Use-Magma
GeoIP-Country-Code
X-EC-Security-Audit
X-APP
X-Cache-Id
X-Check-Cacheable
X-Edge-Server
GeoIP-Latitude
X-Unique-Id
X-Gdpr
Cdn-Host
Cdn-Request-Time
X-RTag
Dont-Set-Cookie
Ms-Operation-Id
X-Nananana
X-NODE
X-Served-From
X-Thanos
X-Cache-Info
X-Bip
Memcached
X-SRV
GeoIP-City
X-Gen-Id
PageType
COMMERCE-SERVER-SOFTWARE
X-CACHE-KEY
X-Cookie
X-WR-MODIFICATION
X-Fastly-Cache-Hits
X-Proxy-Server
X-Request-Start
X-Env
X-GDPR
Is-Session-Tracking
Get-Access-Time
X-Fastly-Backend-Reqs
X-Be
X-Optimization
X-Cache-HT
X-MP-GENERATED-AT
DataCenter
X-Load-Cache
X-Dynatrace-Js-Agent
X-FORWARDED-FOR
X-HS-Status
Who
Pics-Label
X-PJAX-URL
X-Ver
Memory
X-Cache-FS-Status
X-Swift-Error
UCS
GW-Server
X-Fe
X-Cache-Ttl
Group
Ws
X-RateLimit-Reset
X-B3-SpanId
X-ServedByHost
V-Cache
X-Ibm-Trace
X-User
X-Meta-Tbi-Cache-Vertical
Cache-Hits
Requestid
X-CDN-Pop-IP
X-Dw-Trace-Id
URI
Cf-Ipcountry
X-CDN-Pop
Httpd-Identifier
X-Wix-Petri-Ex
X-Shard
Amp-Access-Control-Allow-Source-Origin
X-ID
AGE-Hash
X-VC
X-SVT-ORM-RULES
X-Goog-Meta-Goog-Reserved-File-Mtime
Powered-By
X-SVT-ORM-VERSION
NX-Cache
X-SB
Xet-Cookie
X-PF-Uncompressing
X-Bug-Bounty
X-GZIP
X-NGINX-Cache
Serverid
Accept-Language
Ohc-File-Size
X-Urbn-Context-Path
X-Urbn-Site-Id
Https
X-Ratelimit-Remaining
Locale
X-BBXSRF
X-LI-UUID
X-Li-Pop
X-Li-Fabric
X-StackifyID
X-Content-Encoded-By
X-LI-Proto
Version
CDN-Node
N-Cache
CDN-Cache-Hit
X-Varnish-Info
X-CacheKey
CDN-Cache
X-Path-Route
X-LiteSpeed-Cache-Control
X-RequestId
X-Litespeed-Cache-Control
X-BE
RequestUuid
X-Grace-Duration
X-Akamai-ERRuleID
X-Akamai-ERPolicy
X-Providence-Cookie
X-Route-Name
X-Cache-Handler
X-Is-Crawler
X-Flags
X-P-T
X-ServerName
X-Cache-Debug