Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Pragma
Accept-Ranges
Last-Modified
Strict-Transport-Security
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
X-XSS-Protection
Expect-CT
Via
X-Cache
Age
Access-Control-Allow-Origin
Content-Security-Policy
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Served-By
X-Varnish
X-Amz-Cf-Id
Referrer-Policy
X-Request-Id
X-Timer
X-AspNet-Version
CF-Cache-Status
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Runtime
Access-Control-Allow-Credentials
X-Download-Options
X-Drupal-Cache
X-Cacheable
X-Generator
Alt-Svc
Content-Security-Policy-Report-Only
X-Xss-Protection
X-AspNetMvc-Version
Status
X-Check
Timing-Allow-Origin
X-Cache-Status
X-Adblock-Key
X-DNS-Prefetch-Control
X-Iinfo
X-Permitted-Cross-Domain-Policies
X-Content-Security-Policy
X-Template
X-CDN
Content-Encoding
X-Language
X-Turbo-Charged-By
X-Request-ID
P3p
X-Buckets
Keep-Alive
X-Type
X-AH-Environment
X-Via
EagleId
Xkey
X-Backend
WPE-Backend
X-Age
X-Pass-Why
Access-Control-Max-Age
X-Cache-Group
X-Server
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-Varnish-Cache
X-Pingback
X-Nginx-Cache-Status
Upgrade
X-Server-Powered-By
X-Drupal-Dynamic-Cache
Grace
Access-Control-Expose-Headers
X-Hacker
X-UA-Device
Cf-Railgun
X-Amz-Request-Id
X-Amz-Id-2
X-Robots-Tag
X-Ua-Compatible
X-LiteSpeed-Cache
X-Proxy-Cache
X-Envoy-Upstream-Service-Time
X-Page-Speed
Request-Context
X-CST
X-Node
X-Ac
X-Cache-Lookup
X-Device
Content-Location
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Cnection
X-WebKit-CSP
X-Amz-Version-Id
X-Host
Surrogate-Control
X-Backend-Server
X-Rack-Cache
X-Response-Time
X-Px
X-Rq
X-Readtime
Allow
Pinterest-Generated-By
X-Application-Context
X-Server-Id
X-Url
X-Instart-Request-ID
X-Clacks-Overhead
EagleEye-TraceId
Request-Id
Server-Timing
X-Country
X-OneAgent-JS-Injection
Permitted-Cross-Domain-Policies
X-HeyJason
X-Do-Not-Hack
Report-To
Rating
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Server-ID
X-Country-Code
X-Cloud-Trace-Context
Edge-Control
X-Varnish-TTL
Charset
X-ESI
X-Powered-CMS
X-PC
X-TtlSet
X-Vname
X-TTL
X-FTR-Request-ID
X-Server-Name
X-CF-Powered-By
X-MS-InvokeApp
X-Cached
X-DataDome
X-Goog-Hash
Feature-Policy
NEL
X-DynaTrace-JS-Agent
X-Vhost
X-Recruiting
Public-Key-Pins
X-Origin-Cache
X-Powered-By-Plesk
X-GoogleNews-Bot
X-Kinja
X-Cdn-Fetch
X-Geo-Segment
X-Kinja-Server
X-Dns-Prefetch-Control
X-Exp-Id
X-Kinja-Revision
X-Kinja-Build
X-Exp-Variant
X-VARITI-CCR
X-F-Cache
X-T
X-DynaTrace
X-Mod-Pagespeed
X-Version
X-D2id
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
X-Pinterest-Rid
Pinterest-Version
X-Upstream-Env
Verso
X-Client-IP
X-Abt-Application-Version
X-Dispatcher
SPRequestGuid
X-SharePointHealthScore
PB-PID
X-SRCache-Fetch-Status
X-Mobile-Rewrite
X-SRCache-Store-Status
PB-RID
Arc-Version
Content-MD5
X-N
X-Cdn
RTSS
X-Forwarded-Proto
X-Amz-Rid
X-Hits
X-GitHub-Request-Id
X-Navigation-Version
AR-ATIME
AR-PoweredBy
X-Dw-Request-Base-Id
Nginx-Cache
AR-CACHE
X-Ttl
Realpath
X-B
Paypal-Debug-Id
X-Oneagent-Js-Injection
X-Content-Digest
X-Upstream
X-Pad
X-Grace
X-TEC-API-ORIGIN
X-Content-Options
X-TEC-API-ROOT
X-TEC-API-VERSION
SPIisLatency
SPRequestDuration
X-Ruxit-JS-Agent
X-Id
X-Shield-Request-Id
X-Varnish-Age
X-Kinsta-Cache
Arr-Disable-Session-Affinity
X-NWS-LOG-UUID
X-Goog-Metageneration
X-Goog-Storage-Class
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
Access-Control-Request-Method
TCN
MS-Author-Via
X-Acc-Meta-Resource-Type
X-Cache-Hit
Mrf-Cache-Status
MRF-Tech
X-Logged-In
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
DynaTrace
S
X-Trace
X-Vcap-Request-Id
X-Zen-Fury
X-Origin-Upstream-Status
X-HW
X-MSEdge-Ref
Front-End-Https
X-DIS-Request-ID
Cleartype
Eomportal-Instance
X-Frontend
X-FTR-Realm
X-HS-Content-Id
X-HS-Hub-Id
Surrogate-Key
X-FTR-Backend
X-Country-Code-Real
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-DC
X-FTR-Expires
X-FTR-Cache-Status
X-Cache-Rule
X-PressLabs-Stats
X-Via-JSL
X-VCache
X-Fastly-Request-ID
X-NF-Request-ID
X-User-Agent
X-XRDS-Location
X-Request-Processing-Time
X-Request-Received
Service-Worker-Allowed
X-Forwarded-For
Cache-Status
Tracecode
AR-SID
Alternate-Protocol
X-IPLB-Instance
Fastcgi-Cache
X-Hostname
Server-Name
X-Fastcgi-Cache
Display
X-Middleton-Display
X-Sol
X-Varnish-Backend
X-Analytics
Backend-Timing
Host
X-FastCGI-Cache
Rt-Fastcgi-Cache
FilterID
MicrosoftSharePointTeamServices
Viewport
X-AOL-HN
TP-L2-Cache
TP-Cache
X-Cache-2
X-Wix-Server-Artifact-Id
Public-Key-Pins-Report-Only
X-Az
X-Activity-Id
X-AppVersion
X-Middleton-Response
X-Ser
X-Whom
X-FTR-Cache-Host
Response
X-SS-Set-Cookie
X-XRDS-LOCATION
X-Proxied
X-Rid
X-Revision
ServerID
X-Contextid
X-Content-Powered-By
X-Cache-Control
X-Srv
X-Magnolia-Registration
X-HOST
X-Debug
AMP-Access-Control-Allow-Source-Origin
X-Cached-By
Refresh
Powered-By-ChinaCache
X-Debug-Info
X-B3-Traceid
X-Oracle-Dms-Ecid
X-Oracle-Dms-Rid
X-Ruxit-Js-Agent
X-Mobile
X-Cache-Server
X-Cache-Key
X-Akam-SW-Version
X-Instance
X-Daa-Tunnel
HitType
HitInfo
Server-Info
X-Webkit-Csp
Accept-Charset
X-Page-Id
X-FB-Debug
X-WPE-Loopback-Upstream-Addr
X-Cache-Age
X-Generated-By
X-Framework
Cache-Tag
X-App-Server
X-Content-Security-Policy-Report-Only
X-LB-Cache
X-PHP-Backend
X-TT
X-Varnish-Hostname
X-NewRelic-App-Data
X-B-Cache
X-Geo-Country
X-BCube-Filmed-By
Retry-After
X-App-Environment
X-Signature
X-Request-Guid
X-RateLimit-Remaining
X-Origin-Server
X-Tumblr-Pixel-0
Host-Header
Source
X-Cache-Operation
X-Handled-By
X-Tumblr-User
X-ATG-Version
X-Tumblr-Pixel
Server-Node
X-Device-Type
X-Varnish-Grace
X-Hyper-Cache
X-APP-VERSION
Upgrade-Insecure-Requests
DC
X-Amzn-Trace-Id
X-Accel-Expires
X-Platform-Server
X-Drupal-Cache-Tags
X-CLOUD-TRACE-CONTEXT
X-WA-Info
X-GUploader-UploadID
X-Newrelic-App-Data
X-Varnish-Server
X-TT-TIMESTAMP
X-Akamai-Edgescape
X-Cache-Action
MS-CV
X-PC-Key
X-PC-Hit
X-URL
Webserver
NGB
X-PC-AppVer
X-B3-Sampled
X-Cacheable-TTL
X-Accel-Buffering
X-Cluster
Pagespeed
X-GeoIP
X-WebKit-CSP-Report-Only
X-Locale
X-Jobs
Filters
X-Wix-Request-Id
X-Seen-By
X-Node-Name
X-Source
Actual-Object-TTL
ServedBy
X-S
X-Wix-Petri-Ex
Fastly-Restarts
X-RTag
X-FW-Hash
X-Correlation-ID
X-FW-Static
X-FW-Type
X-Tumblr-Pixel-1
X-FW-Serve
X-PC-Host
X-Edge-Location
X-FW-Server
AsisCache
X-PC-Date
Liferay-Portal
X-RequestSource
X-Tumblr-Pixel-2
X-Port
Served-By
S-Cnection
X-Varnish-Hits
X-Distil-CS
X-Cache-Config
Datacenter
X-Amz-Meta-S3cmd-Attrs
X-Correlation-Id
X-UA
X-Vg-Webcache
X-Amz-Replication-Status
X-Cache-TTL-Remaining
GEO-INFO
X-Region
Country
Ohc-File-Size
X-Ocache
Cache
X-TA-CDN-Provider
X-Guploader-Uploadid
Cartoon
X-Drupal-Cache-Contexts
Content-Style-Type
Content-Script-Type
X-Dynatrace-Js-Agent
X-Edge-Cache-Key
X-Cache-Remote
X-Edge-Cache
HostName
X-UA-Device-Type
X-Sucuri-ID
X-RateLimit-Limit
X-GZip
X-Internal-Host
Ar-Sid
X-UUID
X-ServedBy
X-Adobe-Content
X-Adobe-Loc
X-Esi
X-Microcachable
AR-Request-ID
X-Real-IP
X-Status
X-Varnish-IP
X-Akamai-Transformed
X-Yottaa-Metrics
Xserver
X-Unique-ID
X-Yottaa-Optimizations
X-Proxy
X-Cache-Ttl
X-DataStream-Cache-Status
X-Detected-As
X-Akamai-Request-ID
X-Generated
X-App-Name
Machine
Load-Balancing
X-RN-RSRV
Access-Control-Allow-Method
X-Rendered-As
Meta-Geo
X-Is-Bot
X-JoinUs
X-Path-Route
X-IP
X-Ezoic-Cdn
User-Agent
X-Proxy-Build
Mn-Server-Ip
Selected-FE
Healthy
X-Amz-Server-Side-Encryption
X-Agile-Age
X-Agile
User-Cache-Control
X-Agile-Id
X-TNCMS
X-Loop
X-OVcl
X-OVcl-Cache
X-Grey
X-Cache-Category-Id
X-Timing-Wait
X-Backend-Name
X-Mode
X-Web-Node
IBM-Web2-Location
X-Varnish-Cacheable
X-Varnish-Cache-Hits
Payment
Backend
X-Origin
X-ProxyCache-Key
X-BYPASS-REASON
X-ServerID
S-Rt
ServerName
X-Hosted-By
X-Human
X-Instance-Name
X-FC-Vary-Parameters
X-Debug-Cache
X-BB-IP
X-Time-Microsecs
X-Tb
X-ProxyCache-Status
X-Upgrade-Enabled
Azure-SlotName
Azure-Version
Azure-RegionName
Azure-InstanceId
X-CDN-Cache
X-Site-Version
SRV
Cache-Key
X-Viewer-Country
Now
L5d-Success-Class
X-TX-ID
DB-Nickname
X-ApacheServer
X-CDN-Forward
Azure-SiteName
X-PERF
X-PCL
X-NCache
X-NodeID
X-Content-Type
X-RemovedCookies
X-EIG-Tracking-Id
X-ProcessESI
Cache-Name
X-Original-Request
X-OCL
X-Distributor
TWC-Locale-Group
Webcakes-App-Name
TWC-GeoIP-Country
X-Time
TWC-Connection-Speed
TWC-Device-Class
Webcakes-App-Version
TWC-GeoIP-LatLong
X-Origin-Hint
Property-Id
X-CCM
X-Routing-Service
X-Section
X-LJ-Flow-ID
X-SplitTest
X-Access
X-TWH-CORRELATION-ID
X-AWS-Id
Webcakes-Region
TWC-Privacy
X-Xfnlog-Site
X-VWS-Id
Dont-Set-Cookie
X-Vgn-Hpd-Reason
X-Via-Fastly
X-Www-Served-By
X-Zipkin-Id
X-Pubstack
X-Amz-Meta-Surrogate-Control
X-Format
X-Origin-CC
X-MP-GENERATED-AT
X-NGENIX-Cache
LB
X-Nc
X-Storage
X-Rocket-Nginx-Bypass
X-Litespeed-Cache
Countrycode
X-Webstats-RespID
X-HS-Cache-Config
Cache-Hits
Edge-Cache-Tag
X-Proto
X-Amz-Apigw-Id
X-Generation-Time
X-Amzn-RequestId
Access-Control-Request-Headers
X-Sucuri-Cache
X-Cache-HT
X-Geo
X-Optimization
X-Newrelic-Synthetics
X-B3-Spanid
X-Dc
X-Labrador-Cache-Channel
Apicache-Store
Apicache-Version
X-Cache-NE
Accept-CH
X-Cache-Backend
WZWS-RAY
X-Environment-Context
X-Meta-Tbi-Cache-Vertical
X-L-Path
X-Birta-Cache-Post
X-Birta-Served
X-SERVER-NAME
X-Connection-Hash
X-Transaction
X-Tumblr-Pixel-3
X-Twitter-Response-Tags
Fastly-SSL
X-Oss-Object-Type
X-Oss-Server-Time
X-Oss-Request-Id
X-Oss-Storage-Class
X-Oss-Hash-Crc64ecma
X-Webkit-CSP
X-Servedby
X-Real-Ip
From-Origin
Ec-Rule-Version
X-CACHE-GROUP
NnCoection
X-Hit
Ws
X-Qnm-Cache
X-M-Log
X-M-Reqid
PageSpeed
X-Alicdn-Da-Ups-Status
X-EdgeConnect-Cache-Status
X-Varnish-Beresp-Status
X-Rule
NODE
X-Varnish-Beresp-Grace
Cteonnt-Length
X-Upstream-HT
X-Upstream-CT
Ms-Operation-Id
X-SERVER
X-Cache-Enabled
X-Hl-Ver
X-B-Cookie
X-Hash
X-SVT-ORM-VERSION
MI-Cache-Age
X-Application
X-Destination
BehaviorPad-Version
X-Matched-Rule
X-Wix-Route-ID
X-MI-In-Market
Country-Code
X-ARC
X-TT-LOGID
X-Developer
Fastly-Soc-X-Request-Id
X-BB-ID
X-Trv-Group
X-Fetched-On
Host-ID
X-BBXSRF
X-Via-CDN
GMS-Ver
X-VG-WebServer
X-CF-Lambda-Version
X-Thinkindot-L3
X-Died
X-Via-Edge
X-Generated-In
X-We-Are-Hiring
X-SVT-ORM-RULES
Meta-Geo-Continent
MD5-Digest
X-G
X-From
Fly-Request-Id
Fly-Cache
MI-Cache
X-NU-AKA-ACS-Version
Thinkindot-Control
X-A-Ccd
X-A
X-Response-By
Thinkindot-CacheControl-Type
X-Region-Sid
X-CF-Lambda-Fn
X-SRCache-Key
T-Server
Thinkindot-CacheControl
Www
V-Age
X-S-Cookie
X-ScT
X-Server-Time
X-Server-By
Warning
X-Rojux
Viewtype
VivaBuild
X-Rewrite-Enabled
Cneonction
SN
X-A-Wwc
Resin-Trace
X-PAYTM-SRV-ID
X-D
X-Accel-Expires-Debug
X-Date
Cache-Prefix
X-Org
X-UE-Client-Country
Rendered-Blocks
X-Planisys-CDN-Cache
X-A-Dgt
Xc-Version
Server-Host
X-A-Dam
X-A-Dcw
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-HS-Combine-CSS
X-V
X-C
ProcessTime
Decoy-Debug-Key
X-Clientip
Decoy-Debug-Status
X-Core-Mission
Decoy-Debug-TTL
Origin-Edge-Control
Release
Proxy-Connection
X-Alternate-Cache-Key
PFcat
Request-Country
Request-EU
Web-Mar-Node
Uber-Trace-Id
Server-Int
Server-ID
Origin-Cache-Control
X-Sorting-Hat-ShopId
Httpd-Identifier
X-Backend-Url
X-Block-Status
X-Cache-Bucket
IsBot
Kp-EeAlive
NGX
X-Backend-Host
X-Backend-State
X-Cache-URL
X-Ver
X-IN-SSL-APIGATEWAY
X-IN-APIGATEWAY
X-IN-WAF
X-Info
X-Worker
X-Logtrace-Id
X-Hnp-Log
X-Crawler
X-GeoIP-City
X-Gen-Mode
X-GeoIP-Country-Code
X-SIPLIST1
X-WebServer
X-ShopId
X-No-Session
X-Release
X-Nf-Srv-Version
X-Req
X-Dispatcher-Server
X-ServiceProvider
X-RCS-CacheZone
X-ShardId
X-Origin-Date
X-Node-Id
X-Origin-Expires
X-P-T
X-S-Maxage
X-Server-IP
X-Shopify-Stage
Ajk
X-Sorting-Hat-PodId
X-Edge-IP
Apple-News-Services-Handled
Apple-News-Services-Host
X-CS
Apple-News-Services-Request-Url
X-Env
Apple-News-Services-Parsed-Url
X-Nginx-Cache
X-ElasticPress-Search
X-CCM-LastModified
X-Rebelmouse-Cache-Control
X-Developers
X-Rebelmouse-Surrogate-Control
X-Sf
X-Platform
X-Forwarded-Host
X-Content-Age
X-Reboot
X-Device-Os
X-Core-Value
X-Returned-From-BeforeDispatch
X-Returned-From-DLL
X-Returned-From-PostProcessResponse
X-Server-Group
X-Returned-From
X-Fastly-Cache
X-Phone
X-Debug-Cookies
X-Request-URI
X-Debug-Log
X-Passed-To-DLL
X-Cdn-Origin
X-Cdn-Srv
X-Eu-Site
Who
X-Cache-ASPX
X-Cache-Srv
X-Cache-Control-Set-By
X-Cache-Expires
X-HCF
X-F5-Cache
X-CGP
X-Actual-URL
X-Passed-To-BeforeDispatch
X-Epic-Correlation-Id
X-Passed-To
X-Backend-TTL
X-Fstrz
X-NX-Host
X-Sn-Servicetimems
X-Passed-To-PostProcessResponse
Origin
CDCHOST
X-UnsetCookies
Cache-Tags
X-Up
Backend-Name
X-Varnish-HitMiss
Content-Disposition
Fastly-Backend-Name
HA-Cloudapp
HA-Geocity
Cdn-Host
X-Trace-Id
Fastly-SIE
Fastly-SWR
Adler-Geo
X-VG-TLSProxy
X-Wikidot-Backend
X-Cache-Host
X-Wikidot-Static-Cache
X-Edge-Server
X-DPWN-IS-SECURE
X-App-Version
X-VServer
Time
Platform
Odigeo-Trace-Id
Pragrma
X-Amz-Meta-Cache-Control
X-Cache-CFC
HA-Geocountry
AKAMAI
X-Swa-Ws
Ohc-Response-Time
Cdn-Request-Time
HTTPS
HA-Urlpath
Heartbleed
On-Server
X-Origin-TTL
RNT-Time
True-Client-Country-4JS
RNT-Machine
HA-Geolat
Powered-By
HA-Servedtime
Request-Time
HA-Georegion
Ha-Gx-Prefs
HA-Ipaddr
HA-Geolon
Is-Eu
MI-API
HA-Host
X-GoCache-CacheStatus
X-Ms-Version
Mime-Version
X-Ms-Blob-Type
X-Ms-Lease-Status
X-Ms-Request-Id
X-Refresh
X-Cache-Time
X-Location
X-Skip-Cache
RequestId
X-Stale
Esi-Enabled
X-Var-Ttl
X-Ckpd-Fst-Backend
X-User
X-FireWall-Port
X-Croise-Owner
Dnion-Transfer-Encoding
NtCoent-Length
XServer
X-Redis-Cache
Cdn
X-Micro-Cache
X-From-Cache
X-Servername
X-CSRF-Token
X-Pjax-Url
X-Varnish-Beresp-Ttl
X-WR-MODIFICATION
X-Cdn-Forward
X-B3-TraceId
UCS
GW-Server
X-Pf-Uncompressing
X-Via-SSL
X-Cache-FS-Status
X-MSEdge-Features
X-TIME
X-MSEdge-Flight
WP-Super-Cache
X-GRACE
Dynatrace
X-Powered-By-ANYU
WWW-Authenticate
Get-Access-Time
X-COUNTRY
X-Request-Time
X-Varnish-Beresp-TTL
CF-IPCountry
X-Varnish-Url
Is-Session-Tracking
X-Cache-Handler
X-Owner
Rt-Proxy-Cache
PICS-Label
X-Varnish-Id
X-Key
X-Csrf-Token
X-NWS-UUID-VERIFY
Frame-Options
X-Thanos
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
NodeID
X-Aicache-OS
Memcached
X-Bip
X-CUA
PageType
X-GDPR
X-Ua
X-Hail-Hydra
X-Atg-Version
X-Cache-Id
X-External-Request-Id
X-Response-Served-From
Mail-Subject
X-Page-Type
We-Hiring
GeoIp-Country-Code
Memory
Geoip-City
X-Be
Geoip-Latitude
FastCGI-Cache
X-NC
X-Cache-TTL
X-Cluster-Node
X-Via-NSCOPI
MIME-Version
X-LiteSpeed-Cache-Control
X-Dynatrace
Section-Io-Cache
Sta2Tusw
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
X-Auto-Login
CACHE
X-ServedByHost
X-Servedbyhost
Version
X-Nananana
X-TId
Magicmarker
X-DC
X-UPSTREAM-Address
X-Varnish-Action
If-Modified-Since
X-Fastly-Backend-Reqs
X-StackifyID
X-Tid
X-Load-Cache
X-CACHE-KEY
X-Frame-Option
GeoIP-Latitude
GeoIP-City
GeoIP-Country-Code
X-Request-UUID
X-BE
Node
Processtime
Pagetype
X-EC-Security-Audit
X-Sentry-ID
X-Variation
X-PAGE-TYPE
COMMERCE-SERVER-SOFTWARE
X-GEO
X-Ig-Deployment-Stage
X-ADI-VCache
X-Gdpr
X-Pc-Key
X-Pc-Hit
X-Irp-Debug
X-Ibm-Trace
X-Pc-Appver
X-Varnish-Ttl
Pramga
X-Bug-Bounty
URI
X-Shield-Cache-Expires
X-Server-W
X-Proxy-Server
X-Shard
Pics-Label
RATING
X-Pc-Host
CDN
Group
V-Cache
X-Pc-Date
X-Wa
X-FORWARDED-FOR
X-Haproxy-Ip
Arc-Country
X-Public
Sid
X-Haproxy-Hostname
X-Varnish-URL
X-Vcache
X-Datadome
Cache-Cookie-Set-From
X-HTML-Minification-Powered-By
Cache-Cookie-Set-Idcheck
Cf-Ipcountry
Srv
Cache-Cookie-Set-Lfrom
X-ND-Cache
Cache-Provider
X-Surge-Debug
X-Cache-Debug
X-SRV
X-Endurance-Cache-Level
X-Layer
X-Fastly-Cache-Hits
X-FW-Version
X-Ratelimit-Remaining
Fastcgi-Useragent
OT-Force-Account-Verify
DataCenter
X-Sorting-Hat-FeatureSet
X-Sorting-Hat-PrivacyLevel
REQUESTUUID
X-Sorting-Hat-PodId-Cached
X-Gen-Id
X-PJAX-URL
Accept-Ch
X-PF-Uncompressing
X-Sorting-Hat-Section
GEO-REGION-INFO
X-ID
X-Nginx-Cache-Key
X-RateLimit-Remaining-Second
X-Sorting-Hat-ShopId-Cached
X-RateLimit-Limit-Second
X-Ratelimit-Limit
X-GZIP
X-Cache-Var-Map
X-Cache-Var
X-RequestId
X-CacheKey
Fastcgi-X-Cache
X-APP
X-Ms-Lease-State
Powered
Fastcgi-X-Cache-Version
N-Cache
X-B3-SpanId
X-Litespeed-Cache-Control
X-Dw-Trace-Id
X-Feature
Serverid
Hostname
Lb
X-Distil-Cs
X-Front
X-VC
X-CDN-Pop
X-Varnish-Info
X-SB
X-CDN-Pop-IP
X-Policy
X-RAMCache
Xet-Cookie
X-NGINX-Cache
X-Amzn-Remapped-Date
X-Cookie
X-Amzn-Remapped-Connection
X-HS-Status
X-Grace-Duration
X-WA
X-SF
X-Secret
X-Gannett-Site-Version
X-Served-From
X-Requestid
X-Akamai-ERRuleID
Requestid
X-Fe
X-Request-Start
X-Akamai-ERPolicy
X-Unique-Id
X-VG-WebCache
X-ServerName
X-Varnish-ID