Threat Level: green Handler on Duty: Rick Wanner

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
Last-Modified
Accept-Ranges
Pragma
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
X-XSS-Protection
Expect-CT
Via
X-Cache
Age
Access-Control-Allow-Origin
Content-Security-Policy
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Served-By
X-Amz-Cf-Id
X-Varnish
Referrer-Policy
X-Timer
X-Xss-Protection
CF-Cache-Status
X-FRAME-OPTIONS
X-Request-Id
Access-Control-Allow-Headers
X-AspNet-Version
Access-Control-Allow-Methods
X-Runtime
X-Download-Options
Access-Control-Allow-Credentials
X-Drupal-Cache
X-Cacheable
Alt-Svc
X-Generator
Content-Security-Policy-Report-Only
X-Request-ID
X-Check
X-AspNetMvc-Version
Status
X-Cache-Status
X-Adblock-Key
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Iinfo
X-Permitted-Cross-Domain-Policies
X-Template
Content-Encoding
X-Language
X-Content-Security-Policy
X-Turbo-Charged-By
X-CDN
X-Type
Keep-Alive
X-Buckets
Xkey
X-AH-Environment
X-Backend
X-Cache-Group
WPE-Backend
Access-Control-Max-Age
X-Pass-Why
X-Age
CF-Ray
X-POWERED-BY
X-Server
Upgrade
EagleId
Access-Control-Expose-Headers
X-Via
X-Nginx-Cache-Status
X-Server-Powered-By
X-Pingback
X-Drupal-Dynamic-Cache
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Grace
X-Hacker
X-Amz-Id-2
X-Amz-Request-Id
X-UA-Device
Ali-Swift-Global-Savetime
X-Robots-Tag
P3p
Cf-Railgun
X-LiteSpeed-Cache
X-Envoy-Upstream-Service-Time
X-Proxy-Cache
X-Ua-Compatible
X-Page-Speed
Request-Context
Content-Location
X-Device
X-Ac
X-Node
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Cnection
X-Host
X-Cache-Lookup
X-Amz-Version-Id
Surrogate-Control
X-Server-Id
X-WebKit-CSP
X-Backend-Server
X-Rack-Cache
X-Rq
X-Response-Time
X-Application-Context
X-Readtime
X-CST
EagleEye-TraceId
Server-Timing
Pinterest-Generated-By
X-Url
X-Cloud-Trace-Context
X-TTL
X-OneAgent-JS-Injection
X-Instart-Request-ID
Request-Id
X-Dns-Prefetch-Control
Report-To
X-Px
X-Country
X-ORACLE-DMS-ECID
X-Clacks-Overhead
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Feature-Policy
Edge-Control
Rating
X-Country-Code
Allow
X-DynaTrace-JS-Agent
Charset
X-DataDome
X-ESI
X-Powered-CMS
X-Server-Name
X-FTR-Request-ID
X-PC
X-TtlSet
X-Vname
X-Origin-Cache
X-DynaTrace
NEL
X-MS-InvokeApp
X-ORACLE-DMS-RID
X-Goog-Hash
X-Recruiting
X-Cached
X-Vhost
X-VARITI-CCR
X-GitHub-Request-Id
X-Varnish-TTL
Content-MD5
RTSS
X-Version
X-F-Cache
X-GoogleNews-Bot
X-Exp-Variant
X-Geo-Segment
X-Exp-Id
X-Cdn-Fetch
X-Kinja-Server
X-Kinja-Revision
X-Kinja
X-Kinja-Build
X-Powered-By-Plesk
Public-Key-Pins
Accept-CH
PB-RID
PB-PID
X-Mobile-Rewrite
Arc-Version
Pinterest-Version
X-Pinterest-Rid
X-Upstream-Env
X-Mod-Pagespeed
Verso
X-D2id
X-CF-Powered-By
SPRequestGuid
X-Client-IP
MS-Author-Via
X-Abt-Application-Version
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-N
X-Dispatcher
X-SharePointHealthScore
AR-ATIME
AR-PoweredBy
X-Amz-Rid
AR-CACHE
X-Navigation-Version
Accept-CH-Lifetime
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
Nginx-Cache
X-T
X-HeyJason
X-Do-Not-Hack
Permitted-Cross-Domain-Policies
DynaTrace
X-Trace
X-Dw-Request-Base-Id
X-Fastly-Request-ID
Paypal-Debug-Id
X-Upstream
Arr-Disable-Session-Affinity
X-Hits
X-Varnish-Age
TCN
X-Forwarded-Proto
X-Amz-Meta-S3cmd-Attrs
X-Grace
X-DIS-Request-ID
X-Id
X-Origin-Upstream-Status
X-Shield-Request-Id
SPRequestDuration
X-Pad
SPIisLatency
X-FastCGI-Cache
AR-SID
X-Content-Options
X-Cache-Hit
X-Server-ID
X-Logged-In
Realpath
X-Ruxit-JS-Agent
X-Content-Digest
X-IPLB-Instance
Access-Control-Request-Method
X-NF-Request-ID
X-Kinsta-Cache
MRF-Tech
Mrf-Cache-Status
X-Mrf-Section-Lastmod
X-Acc-Meta-Resource-Type
X-Mrf-Item-Lastmod
X-B
X-Goog-Storage-Class
X-XRDS-Location
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Goog-Metageneration
X-SS-Set-Cookie
X-HW
X-Vcap-Request-Id
X-Debug
S
X-MSEdge-Ref
X-Ser
Service-Worker-Allowed
Server-Name
X-FTR-Backend
X-FTR-Balancer
X-FTR-Backend-Server
X-Country-Code-Real
X-PressLabs-Stats
X-FTR-DC
X-FTR-Realm
X-FTR-Cache-Status
X-Frontend
X-Wix-Server-Artifact-Id
Tracecode
X-Cache-Key
X-Oneagent-Js-Injection
X-FTR-Expires
AMP-Access-Control-Allow-Source-Origin
Rt-Fastcgi-Cache
Fastcgi-Cache
X-NewRelic-App-Data
Alternate-Protocol
Eomportal-Instance
X-GUploader-UploadID
X-Forwarded-For
Surrogate-Key
Cleartype
X-Cache-Rule
Cache-Status
X-NWS-LOG-UUID
X-HS-Content-Id
X-HS-Hub-Id
Backend-Timing
X-Analytics
X-VCache
Host
TP-Cache
X-User-Agent
X-Revision
TP-L2-Cache
X-Rid
X-Srv
Fastly-Restarts
FilterID
X-Whom
X-Debug-Info
X-FTR-Cache-Host
Public-Key-Pins-Report-Only
X-AOL-HN
X-Akam-SW-Version
X-Cache-2
X-RateLimit-Remaining
X-Via-JSL
X-Varnish-Backend
X-Accel-Buffering
X-Content-Powered-By
X-Webkit-CSP
ServerID
X-Cdn
X-Request-Processing-Time
X-Request-Received
X-Kinja-Server-Push
Accept-Charset
Front-End-Https
X-Zen-Fury
X-Ttl
Viewport
X-Mobile
X-Oracle-Dms-Rid
X-XRDS-LOCATION
X-Cached-By
X-WPE-Loopback-Upstream-Addr
X-Node-Name
Liferay-Portal
X-App-Environment
X-LB-Cache
X-Page-Id
X-Tumblr-User
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Varnish-Hostname
Host-Header
X-Magnolia-Registration
X-Content-Security-Policy-Report-Only
X-Cache-Control
X-Cluster
X-Framework
X-Device-Type
X-TT
Cache-Tag
X-B3-Sampled
X-Request-Guid
X-Handled-By
X-Akamai-Edgescape
X-Hostname
X-Signature
X-B-Cache
X-Platform-Server
X-BCube-Filmed-By
X-FB-Debug
Upgrade-Insecure-Requests
X-Instance
DC
X-Cache-Server
X-B3-Traceid
X-Origin-Server
Server-Node
X-TT-TIMESTAMP
X-Correlation-Id
X-TA-CDN-Provider
MicrosoftSharePointTeamServices
Source
Retry-After
X-Amzn-Trace-Id
X-Contextid
X-WA-Info
X-Accel-Expires
X-Servedby
HitType
Server-Info
HitInfo
X-Cache-Action
X-Varnish-Server
X-Cache-Operation
X-Distil-CS
X-Sol
X-Middleton-Display
Display
X-Port
X-Daa-Tunnel
X-Fastcgi-Cache
X-Amz-Replication-Status
Content-Script-Type
AsisCache
X-Generated-By
Content-Style-Type
X-Seen-By
X-Geo-Country
X-Wix-Request-Id
X-Edge-Location
X-GeoIP
X-APP-VERSION
X-TX-ID
X-WebKit-CSP-Report-Only
X-Tumblr-Pixel-1
X-RequestSource
X-S
GEO-INFO
X-Tumblr-Pixel-2
Webserver
X-Hyper-Cache
X-Status
X-Locale
Healthy
ServedBy
Actual-Object-TTL
X-FW-Type
X-FW-Static
X-FW-Serve
X-Edge-Cache
X-FW-Hash
X-Edge-Cache-Key
X-FW-Server
X-UUID
X-Varnish-Hits
X-Region
User-Agent
X-Response-Served-From
X-Jobs
X-Adobe-Loc
X-Adobe-Content
X-Drupal-Cache-Tags
X-Newrelic-App-Data
X-DataStream-Cache-Status
SRV
S-Cnection
X-Varnish-Grace
X-Yottaa-Optimizations
Refresh
X-Yottaa-Metrics
Filters
X-Amz-Server-Side-Encryption
NGB
IBM-Web2-Location
X-Esi
X-URL
X-Cache-TTL-Remaining
X-Proxied
Cache
X-Cache-Age
X-Cache-NE
X-Middleton-Response
Response
X-AppVersion
X-Activity-Id
AR-Request-ID
X-Az
X-Content-Type
Payment
X-Pc-Appver
X-ATG-Version
X-App-Server
X-Pc-Key
X-Pc-Hit
X-Ruxit-Js-Agent
X-Cache-Remote
X-CDN-Forward
Datacenter
X-Cacheable-TTL
X-Unique-ID
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Cache-TTL
X-Correlation-ID
X-Vg-Webcache
Country
Served-By
X-HS-Cache-Config
Edge-Cache-Tag
X-UA
X-Mode
X-Akamai-Transformed
X-Sucuri-ID
Load-Balancing
Meta-Geo
Machine
X-Rendered-As
X-Detected-As
X-ProcessESI
X-Is-Bot
X-RemovedCookies
X-Varnish-IP
X-RN-RSRV
User-Cache-Control
X-Real-IP
X-OCL
X-ProxyCache-Key
X-BYPASS-REASON
X-ProxyCache-Status
X-Rocket-Nginx-Bypass
X-Proxy
X-FC-Vary-Parameters
X-PCL
X-Human
X-Grey
L5d-Success-Class
Cache-Key
DB-Nickname
Backend
Access-Control-Allow-Method
X-BB-IP
X-Tb
TWC-Device-Class
TWC-GeoIP-Country
X-EIG-Tracking-Id
TWC-Connection-Speed
X-Debug-Cache
X-PERF
TWC-GeoIP-LatLong
Webcakes-App-Version
X-Origin-Hint
Webcakes-App-Name
TWC-Privacy
TWC-Locale-Group
Property-Id
X-Pubstack
X-Cache-Config
X-Varnish-Cacheable
X-Viewer-Country
X-Cache-Category-Id
X-ApacheServer
Mn-Server-Ip
X-Amz-Meta-Surrogate-Control
X-Hosted-By
Now
Webcakes-Region
X-ServerID
X-Origin
Cache-Name
Azure-SlotName
Azure-Version
X-Site-Version
X-Section
Azure-SiteName
Azure-RegionName
X-Upgrade-Enabled
X-TNCMS
Access-Control-Request-Headers
Azure-InstanceId
X-Generated
X-Routing-Service
X-L-Path
X-JoinUs
S-Rt
ServerName
X-Loop
X-NodeID
X-OVcl-Cache
X-OVcl
X-Hit
X-Original-Request
X-Varnish-Cache-Hits
X-Format
X-CDN-Cache
X-Cache-Var-Map
X-CCM
X-Rule
X-Access
X-Backend-Name
X-Zipkin-Id
X-Cache-Var
X-Environment-Context
X-Via-Fastly
X-Agile-Id
X-HS-Combine-CSS
X-Timing-Wait
X-Ocache
X-TWH-CORRELATION-ID
X-LJ-Flow-ID
X-Agile
X-NGENIX-Cache
X-Source
X-IP
X-App-Name
X-VWS-Id
X-SplitTest
X-Agile-Age
X-AWS-Id
X-Www-Served-By
X-Proxy-Build
Selected-FE
X-Xfnlog-Site
X-Drupal-Cache-Contexts
X-Storage
X-Origin-CC
HostName
X-Akamai-Request-ID
X-Pc-Host
X-Pc-Date
OT-Force-Account-Verify
X-Upstream-CT
X-Upstream-HT
X-Nginx-Cache
X-RateLimit-Limit
X-Vgn-Hpd-Reason
X-Mrs-Cache-Hits
X-Mrs-Cache
X-Mshield-Cache-Status
X-Time-Microsecs
X-NC
X-Mrs-Age
X-Litespeed-Cache
Fastcgi-X-Cache-Version
Fastcgi-X-Cache
Fastcgi-Useragent
From-Origin
X-UA-Device-Type
X-NCache
X-Amzn-RequestId
X-Internal-Host
X-Forwarded-Host
X-Amz-Apigw-Id
Powered-By-ChinaCache
X-Feature
XServer
X-Microcachable
Fastly-SSL
X-Iejgwucgyu
X-Release
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-Distributor
X-PHP-Backend
X-M-Reqid
X-Qnm-Cache
X-M-Log
X-Ms-Request-Id
X-Ms-Version
X-Ms-Lease-Status
X-Ms-Blob-Type
Pagetype
X-Birta-Cache-Post
X-Birta-Served
LB
X-Labrador-Cache-Channel
X-Cache-Backend
X-App-Version
X-EdgeConnect-Cache-Status
X-Webkit-Csp
NtCoent-Length
X-Connection-Hash
X-VG-TLSProxy
X-Twitter-Response-Tags
X-Transaction
MIME-Version
X-V
Pagespeed
X-Instance-Name
Frame-Options
Time
PageSpeed
X-C
X-SERVER-NAME
X-B3-Spanid
X-Web-Node
Meta-Geo-Continent
X-G
X-Gen-Mode
Host-ID
X-From
MD5-Digest
X-Generated-In
IsBot
X-WebServer
Xc-Version
X-PAYTM-SRV-ID
X-Logtrace-Id
Arc-Country
BehaviorPad-Version
Cneonction
X-Org
AKAMAI
X-SIPLIST1
X-No-Session
Ajk
X-NU-AKA-ACS-Version
Cache-Prefix
X-Irp-Debug
X-Varnish-Beresp-Ttl
X-Hnp-Log
Fly-Cache
Fly-Request-Id
Ec-Rule-Version
X-IN-APIGATEWAY
X-IN-WAF
X-IN-SSL-APIGATEWAY
X-Via-SSL
X-Generation-Time
Rendered-Blocks
X-A-Ccd
X-ScT
X-A-Dam
X-A-Dcw
X-Server-By
X-A
Www
X-S-Cookie
X-Trv-Group
VivaBuild
Web-Mar-Node
X-SRCache-Key
X-A-Dgt
X-B-Cookie
X-ARC
X-BB-ID
X-Block-Status
X-Cache-Bucket
X-Application
X-CF-Lambda-Fn
X-A-Wwc
X-Server-Time
X-Accel-Expires-Debug
X-CF-Lambda-Version
X-Via-Edge
Viewtype
X-Died
X-Redis-Cache
X-Developer
X-Region-Sid
X-Dispatcher-Server
X-DPWN-IS-SECURE
X-Via-CDN
X-VG-WebServer
Mobile-Detection-Method
NGX
V-Age
X-Destination
X-CS
X-CUA
X-UE-Client-Country
X-Rewrite-Enabled
X-Rojux
X-Request-URI
X-D
X-Request-UUID
Server-Int
X-Date
T-Server
X-Sucuri-Cache
WZWS-RAY
X-Powered-By-ANYU
X-NWS-UUID-VERIFY
X-FireWall-Port
X-GZip
X-HOST
X-RCS-CacheZone
X-Varnish-Action
X-F5-Cache
MI-Cache-Age
Origin-Cache-Control
On-Server
X-External-Request-Id
MI-Cache
X-Eu-Site
MI-API
X-Wikidot-Static-Cache
X-RateLimit-Remaining-Second
HA-Urlpath
HA-Servedtime
X-Wikidot-Backend
Kp-EeAlive
X-VServer
X-We-Are-Hiring
X-Fastly-Cache
Magicmarker
Origin-Edge-Control
Pragrma
X-Core-Value
X-Crawler
True-Client-Country-4JS
X-UnsetCookies
X-S-Maxage
X-CGP
X-Cache-Enabled
X-Sf
X-Amz-Meta-Cache-Control
X-ServiceProvider
SN
X-Debug-Cookies
Request-Country
Release
Proxy-Connection
HA-Ipaddr
Request-EU
Request-Time
Server-Host
X-Debug-Log
X-Var-Ttl
X-ElasticPress-Search
NodeID
X-Origin-TTL
X-HTML-Minification-Powered-By
Country-Code
X-Phone
Decoy-Debug-Status
Decoy-Debug-TTL
X-VCT
Esi-Enabled
X-Platform
X-Node-Id
X-Key
Backend-Name
X-Owner
X-Layer
X-MI-In-Market
HA-Host
CDCHOST
X-NX-Host
Cache-Tags
X-Hl-Ver
Decoy-Debug-Key
HA-Geocity
GMS-Ver
HA-Georegion
HA-Geocountry
HA-Geolon
HA-Geolat
Ha-Gx-Prefs
HA-Cloudapp
X-RateLimit-Limit-Second
X-GeoIP-City
X-Cache-CFC
X-Webstats-RespID
X-CACHE-AGE
X-Stale
X-Shopify-Stage
X-Thinkindot-L3
X-Secret
X-Content-Age
X-Matched-Rule
X-Sorting-Hat-ShopId
X-Clientip
X-Swa-Ws
X-Ckpd-Fst-Backend
X-Skip-Cache
X-Cache-Host
X-MSEdge-Flight
X-ShardId
X-Cache-Srv
X-Cache-URL
X-Cache-Expires
X-Cdn-Origin
X-MSEdge-Features
X-Sorting-Hat-PodId
X-ShopId
X-Sn-Servicetimems
X-Cdn-Srv
X-Server-IP
X-Passed-To-BeforeDispatch
X-GeoIP-Country-Code
X-Nginx-Cache-Key
X-Epic-Correlation-Id
X-Variation
X-Passed-To-PostProcessResponse
X-Reboot
X-Store
X-Hash
X-FW-Version
X-Worker
X-Fstrz
X-Fetched-On
X-Gannett-Site-Version
X-Passed-To-DLL
X-Device-Os
X-Returned-From-PostProcessResponse
X-Returned-From-DLL
X-Croise-Owner
X-Tumblr-Pixel-3
X-TT-LOGID
X-Location
X-Returned-From-BeforeDispatch
X-Returned-From
X-Up
X-Developers
X-Request-Time
X-Passed-To
X-Response-By
X-Trace-Id
Thinkindot-Control
RNT-Machine
Platform
PFcat
Section-Io-Cache
Server-ID
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
Origin
Adler-Geo
Fastly-Backend-Name
Heartbleed
Countrycode
Is-Eu
Odigeo-Trace-Id
Cteonnt-Length
Uber-Trace-Id
RNT-Time
X-Backend-Host
X-Alternate-Cache-Key
X-Backend-State
Apple-News-Services-Handled
X-Backend-Url
X-Backend-TTL
X-Actual-URL
Apple-News-Services-Host
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
X-Varnish-Ttl
X-Ua
X-Alicdn-Da-Ups-Status
Sid
X-Policy
Content-Disposition
Fastly-SWR
X-Core-Mission
X-Csrf-Token
Resin-Trace
Fastly-SIE
X-Rebelmouse-Surrogate-Control
HTTPS
X-Servername
X-Rebelmouse-Cache-Control
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-Oss-Request-Id
X-Oss-Server-Time
X-Oss-Storage-Class
WP-Super-Cache
REQUESTUUID
Powered
ProcessTime
X-Cluster-Node
Ar-Sid
X-Refresh
X-Planisys-CDN-Rules
X-B3-TraceId
Xserver
X-Planisys-CDN-Cache
X-Pf-Uncompressing
X-Planisys-CDN-TTL
RequestId
X-Ezoic-Cdn
X-Servedbyhost
ViewerVersion
CDN
Warning
X-Proto
CF-IPCountry
X-Real-Ip
X-GEO
X-Dc
Mail-Subject
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
We-Hiring
Cache-Cookie-Set-Lfrom
X-Cache-ASPX
X-Endurance-Cache-Level
X-Pjax-Url
X-Req
Dnion-Transfer-Encoding
X-Newrelic-Synthetics
X-TIME
X-Atg-Version
X-GoCache-CacheStatus
NODE
X-Surge-Debug
X-DC
Hostname
X-Time
X-GRACE
NnCoection
X-CLOUD-TRACE-CONTEXT
X-COUNTRY
X-Origin-Date
X-Edge-IP
X-Aed
X-Page-Type
X-Origin-Expires
X-Guploader-Uploadid
X-Nc
X-Ms-Lease-State
GeoIp-Country-Code
X-HCF
Geoip-Latitude
X-Server-W
Pramga
X-Cache-Control-Set-By
X-Varnish-HitMiss
X-Oracle-Dms-Ecid
X-CSRF-Token
SD-X-WS
X-Varnish-Beresp-TTL
TSSecure
X-Cdn-Forward
CACHE
X-Aicache-OS
WWW-Authenticate
X-Server-Group
X-Varnish-Url
A
Processtime
MS-CV
X-Amz-Cf-Pop
X-Hello
X-Flog
X-DataStream-MidMile-RTT
X-Geo
X-DataStream-Origin-MEX-Latency
X-Datadome
Geoip-City
X-ABtesting
X-Wix-Route-ID
PICS-Label
X-WA
X-Wa
X-Varnish-URL
Cdn
X-Ratelimit-Limit
Node
X-Auto-Login
X-From-Cache
Lfy
X-SRV
Dont-Set-Cookie
FSS-Proxy
X-Akamai-Request-ID2
FSS-Cache
X-UPSTREAM-Address
X-Edge-Server
Lb
Cdn-Host
X-Gdpr
Cdn-Request-Time
Mime-Version
X-Use-Magma
GeoIP-Country-Code
GeoIP-Latitude
X-EC-Security-Audit
X-Gen-Id
X-APP
X-Sentry-ID
X-Nananana
X-RTag
X-Check-Cacheable
X-PAGE-TYPE
Ms-Operation-Id
X-Via-NSCOPI
COMMERCE-SERVER-SOFTWARE
GeoIP-City
PageType
Rt-Proxy-Cache
DataCenter
X-WR-MODIFICATION
X-Cookie
X-Cache-Id
X-Unique-Id
X-Fastly-Backend-Reqs
X-Cache-HT
Get-Access-Time
X-Optimization
X-CACHE-KEY
Is-Session-Tracking
X-Served-From
X-Env
X-Load-Cache
X-Thanos
X-Proxy-Server
Memcached
X-Bip
X-GDPR
Who
X-Cache-Info
X-Dynatrace-Js-Agent
X-Cache-FS-Status
X-Be
X-FORWARDED-FOR
X-Wix-Petri-Ex
Pics-Label
X-Ibm-Trace
Memory
X-PJAX-URL
X-Swift-Error
X-B3-SpanId
X-Request-Start
X-Ver
Ws
X-Meta-Tbi-Cache-Vertical
X-MP-GENERATED-AT
Serverid
V-Cache
Httpd-Identifier
X-HS-Status
Group
X-Cache-Ttl
X-Fastly-Cache-Hits
X-RateLimit-Reset
X-Fe
GW-Server
UCS
X-CDN-Pop-IP
X-GZIP
X-CDN-Pop
X-Shard
Powered-By
X-SVT-ORM-VERSION
URI
X-ServedByHost
Cf-Ipcountry
X-Dw-Trace-Id
X-SVT-ORM-RULES
X-NGINX-Cache
X-ID
Ohc-File-Size
Amp-Access-Control-Allow-Source-Origin
X-VC
AGE-Hash
X-User
Version
Requestid
X-Path-Route
NX-Cache
X-SB
X-PF-Uncompressing
X-Bug-Bounty
N-Cache
CDN-Cache
CDN-Cache-Hit
X-LiteSpeed-Cache-Control
Cache-Hits
X-P-T
X-StackifyID
CDN-Node
X-Varnish-Info
Xet-Cookie
X-Ratelimit-Remaining
X-CacheKey
Apicache-Version
X-Grace-Duration
X-Akamai-ERPolicy
Apicache-Store
X-Akamai-ERRuleID
X-Goog-Meta-Goog-Reserved-File-Mtime
Https
X-Route-Name
X-RequestId
X-Cache-Handler
X-Flags
X-Is-Crawler
Ohc-Response-Time
X-Litespeed-Cache-Control
X-SD-PageType
X-ServerName
Fastly-Soc-X-Request-Id
X-Providence-Cookie