Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Pragma
Accept-Ranges
Last-Modified
Strict-Transport-Security
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
X-XSS-Protection
Expect-CT
Via
X-Cache
Age
Access-Control-Allow-Origin
Content-Security-Policy
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Served-By
X-Varnish
X-Amz-Cf-Id
Referrer-Policy
X-Request-Id
X-Timer
X-AspNet-Version
CF-Cache-Status
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Runtime
Access-Control-Allow-Credentials
X-Download-Options
X-Drupal-Cache
X-Cacheable
X-Generator
Content-Security-Policy-Report-Only
Alt-Svc
X-Xss-Protection
Status
X-AspNetMvc-Version
X-Check
X-Cache-Status
Timing-Allow-Origin
X-Adblock-Key
X-DNS-Prefetch-Control
X-Iinfo
X-Permitted-Cross-Domain-Policies
X-Content-Security-Policy
X-Template
X-CDN
Content-Encoding
X-Language
X-Turbo-Charged-By
X-Request-ID
X-Buckets
Keep-Alive
P3p
X-Type
X-AH-Environment
X-Via
Xkey
X-Backend
EagleId
X-Cache-Group
WPE-Backend
X-Age
X-Pass-Why
Access-Control-Max-Age
X-Server
X-Swift-CacheTime
X-Swift-SaveTime
X-Varnish-Cache
Ali-Swift-Global-Savetime
X-Pingback
X-Nginx-Cache-Status
Upgrade
X-Drupal-Dynamic-Cache
X-Server-Powered-By
Grace
Access-Control-Expose-Headers
X-Hacker
X-UA-Device
Cf-Railgun
X-Amz-Request-Id
X-Amz-Id-2
X-Robots-Tag
X-Ua-Compatible
X-Proxy-Cache
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-LiteSpeed-Cache
Request-Context
X-CST
X-Node
X-Ac
X-Device
X-Cache-Lookup
Content-Location
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Cnection
X-WebKit-CSP
X-Host
X-Amz-Version-Id
Surrogate-Control
X-Backend-Server
X-Rack-Cache
X-Response-Time
X-Px
X-Rq
X-Readtime
X-Server-Id
Allow
X-Url
X-Application-Context
X-Instart-Request-ID
X-Clacks-Overhead
Pinterest-Generated-By
Request-Id
Server-Timing
EagleEye-TraceId
X-OneAgent-JS-Injection
X-Country
Permitted-Cross-Domain-Policies
X-Do-Not-Hack
X-HeyJason
Report-To
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Rating
X-Country-Code
Edge-Control
X-Server-ID
X-Varnish-TTL
Charset
X-Cloud-Trace-Context
X-ESI
X-Powered-CMS
X-Vname
X-TtlSet
X-PC
X-FTR-Request-ID
X-Server-Name
X-MS-InvokeApp
X-DataDome
X-CF-Powered-By
X-Cached
X-Goog-Hash
NEL
X-DynaTrace-JS-Agent
X-Vhost
Feature-Policy
X-TTL
X-Recruiting
Public-Key-Pins
X-Origin-Cache
X-Powered-By-Plesk
X-Exp-Id
X-Cdn-Fetch
X-Kinja-Build
X-GoogleNews-Bot
X-Geo-Segment
X-Exp-Variant
X-Kinja-Server
X-Kinja
X-Kinja-Revision
X-F-Cache
X-VARITI-CCR
X-T
X-D2id
X-Dns-Prefetch-Control
X-Version
X-DynaTrace
X-Mod-Pagespeed
SPRequestGuid
X-SharePointHealthScore
Verso
X-Abt-Application-Version
X-Client-IP
X-Dispatcher
X-Ttl
X-Upstream-Env
Pinterest-Version
X-Pinterest-Rid
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-SRCache-Store-Status
X-SRCache-Fetch-Status
Content-MD5
PB-PID
Arc-Version
X-Mobile-Rewrite
PB-RID
X-Forwarded-Proto
X-N
RTSS
X-Amz-Rid
X-Cdn
X-Hits
X-Navigation-Version
X-Dw-Request-Base-Id
X-GitHub-Request-Id
Nginx-Cache
AR-PoweredBy
AR-ATIME
Realpath
X-Ruxit-JS-Agent
AR-CACHE
X-B
Paypal-Debug-Id
SPRequestDuration
SPIisLatency
X-Content-Digest
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Upstream
X-Content-Options
X-Pad
X-Id
X-Grace
X-Shield-Request-Id
X-Varnish-Age
X-Kinsta-Cache
Arr-Disable-Session-Affinity
X-Goog-Metageneration
Access-Control-Request-Method
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Generation
TCN
X-Acc-Meta-Resource-Type
X-Oneagent-Js-Injection
X-NWS-LOG-UUID
X-Cache-Hit
DynaTrace
MS-Author-Via
X-Mrf-Item-Lastmod
Mrf-Cache-Status
MRF-Tech
X-Mrf-Section-Lastmod
X-Logged-In
S
X-Vcap-Request-Id
X-Zen-Fury
X-Trace
X-HW
Front-End-Https
X-XRDS-Location
X-MSEdge-Ref
X-Origin-Upstream-Status
X-VCache
Cleartype
Eomportal-Instance
X-Frontend
X-DIS-Request-ID
X-FTR-Cache-Status
X-FTR-DC
X-FTR-Expires
X-FTR-Backend-Server
X-FTR-Realm
X-FTR-Balancer
X-Country-Code-Real
X-FTR-Backend
X-HS-Content-Id
X-HS-Hub-Id
X-User-Agent
Surrogate-Key
X-Via-JSL
X-PressLabs-Stats
X-Cache-Rule
X-NF-Request-ID
X-Fastly-Request-ID
X-Request-Received
X-Request-Processing-Time
X-Forwarded-For
Cache-Status
Tracecode
X-Fastcgi-Cache
Fastcgi-Cache
Service-Worker-Allowed
Alternate-Protocol
X-Hostname
AR-SID
MicrosoftSharePointTeamServices
X-IPLB-Instance
Server-Name
X-Sol
Display
X-Middleton-Display
Backend-Timing
X-Analytics
Host
X-Ser
Rt-Fastcgi-Cache
FilterID
X-Activity-Id
X-AOL-HN
X-Az
Viewport
X-AppVersion
Public-Key-Pins-Report-Only
X-Wix-Server-Artifact-Id
X-Varnish-Backend
TP-Cache
X-Oracle-Dms-Rid
X-Whom
X-Oracle-Dms-Ecid
TP-L2-Cache
X-FTR-Cache-Host
X-Cache-2
X-Middleton-Response
Response
X-Rid
X-Proxied
X-SS-Set-Cookie
Powered-By-ChinaCache
ServerID
X-Contextid
X-Revision
X-Debug
X-Magnolia-Registration
X-FastCGI-Cache
X-Cache-Control
X-Srv
Refresh
X-Content-Powered-By
X-Cached-By
X-Debug-Info
X-Litespeed-Cache
X-B3-Traceid
X-Mobile
X-NewRelic-App-Data
X-Cache-Key
X-Cache-Server
X-Instance
X-Akam-SW-Version
X-CLOUD-TRACE-CONTEXT
X-WPE-Loopback-Upstream-Addr
X-XRDS-LOCATION
Server-Info
X-Cache-Age
HitInfo
HitType
AMP-Access-Control-Allow-Source-Origin
Accept-Charset
X-ATG-Version
X-Page-Id
X-FB-Debug
X-Framework
X-RateLimit-Remaining
X-LB-Cache
X-Generated-By
X-Daa-Tunnel
X-App-Server
X-Content-Security-Policy-Report-Only
X-Webkit-Csp
Cache-Tag
Retry-After
X-TT
Server-Node
X-Geo-Country
X-Signature
X-Varnish-Hostname
X-Request-Guid
X-PHP-Backend
X-BCube-Filmed-By
X-Origin-Server
X-B-Cache
Source
X-Handled-By
X-Cache-Operation
X-Device-Type
X-App-Environment
Host-Header
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Tumblr-User
X-Hyper-Cache
X-Varnish-Grace
X-Amzn-Trace-Id
DC
X-Ruxit-Js-Agent
Upgrade-Insecure-Requests
X-APP-VERSION
X-Drupal-Cache-Tags
X-Accel-Expires
X-Platform-Server
X-WA-Info
X-Varnish-Server
X-GUploader-UploadID
X-HOST
Pagespeed
X-PC-AppVer
X-PC-Hit
X-PC-Key
X-TT-TIMESTAMP
MS-CV
Cartoon
X-Cache-Action
X-B3-Sampled
X-PC-Host
X-PC-Date
X-Akamai-Edgescape
NGB
X-TA-CDN-Provider
Served-By
X-Cacheable-TTL
X-Jobs
X-GeoIP
X-Correlation-ID
X-Accel-Buffering
Filters
ServedBy
X-S
X-WebKit-CSP-Report-Only
X-Node-Name
Webserver
X-Wix-Request-Id
X-Cluster
X-Wix-Petri-Ex
X-Locale
X-RTag
X-Seen-By
X-Source
Actual-Object-TTL
X-Newrelic-App-Data
S-Cnection
X-RequestSource
X-FW-Server
X-Varnish-Hits
X-FW-Hash
X-FW-Serve
X-FW-Type
X-FW-Static
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
AsisCache
X-Cache-Config
X-Port
Fastly-Restarts
X-Edge-Location
Liferay-Portal
X-URL
X-Distil-CS
X-Vg-Webcache
X-ServedBy
Datacenter
X-Guploader-Uploadid
X-Ocache
X-Cache-TTL-Remaining
GEO-INFO
Content-Style-Type
X-UA
Cache
Content-Script-Type
X-Drupal-Cache-Contexts
X-Amz-Replication-Status
Country
X-Correlation-Id
X-Region
Ohc-File-Size
X-RateLimit-Limit
X-Sucuri-ID
X-UUID
X-UA-Device-Type
X-GZip
X-Internal-Host
X-Edge-Cache
X-Edge-Cache-Key
X-Amz-Meta-S3cmd-Attrs
X-Microcachable
X-Real-IP
X-Dynatrace-Js-Agent
X-Cache-Remote
X-Status
X-Adobe-Content
X-Adobe-Loc
X-Varnish-IP
Ar-Sid
X-Yottaa-Metrics
X-Akamai-Transformed
X-Esi
X-Yottaa-Optimizations
X-DataStream-Cache-Status
X-Unique-ID
HostName
X-Akamai-Request-ID
X-App-Name
X-JoinUs
X-Detected-As
X-IP
X-Is-Bot
Meta-Geo
Machine
Access-Control-Allow-Method
X-Rendered-As
X-RN-RSRV
Load-Balancing
X-Path-Route
X-Proxy
X-Varnish-Cache-Hits
Selected-FE
X-Generated
X-Agile
X-Proxy-Build
X-Agile-Age
Mn-Server-Ip
X-Cache-Category-Id
X-Loop
X-Agile-Id
Xserver
X-TNCMS
X-Timing-Wait
X-Grey
User-Agent
X-Backend-Name
X-OVcl
X-ProxyCache-Key
X-BB-IP
X-BYPASS-REASON
X-ProxyCache-Status
X-OVcl-Cache
X-Mode
X-Upgrade-Enabled
X-Web-Node
X-Time-Microsecs
ServerName
X-Varnish-Cacheable
X-Cache-Ttl
User-Cache-Control
X-ServerID
X-TX-ID
Healthy
X-Debug-Cache
SRV
S-Rt
Payment
X-Origin
X-Ezoic-Cdn
Backend
Cache-Hits
Cache-Name
X-NodeID
Now
L5d-Success-Class
X-ProcessESI
X-Original-Request
X-RemovedCookies
X-Instance-Name
X-Content-Type
X-Tb
X-CDN-Cache
X-EIG-Tracking-Id
Cache-Key
X-FC-Vary-Parameters
X-Hosted-By
X-Human
Property-Id
IBM-Web2-Location
X-Distributor
X-OCL
X-CCM
X-AWS-Id
TWC-Locale-Group
TWC-GeoIP-LatLong
TWC-Privacy
Webcakes-Region
Webcakes-App-Version
TWC-GeoIP-Country
X-Access
X-ApacheServer
Webcakes-App-Name
X-Amz-Server-Side-Encryption
TWC-Connection-Speed
TWC-Device-Class
X-LJ-Flow-ID
DB-Nickname
X-VWS-Id
X-Viewer-Country
Azure-Version
X-PERF
X-PCL
LB
X-Xfnlog-Site
X-Www-Served-By
Azure-InstanceId
Azure-RegionName
X-Section
AR-Request-ID
X-SplitTest
X-Site-Version
X-Time
X-TWH-CORRELATION-ID
Azure-SiteName
Azure-SlotName
X-Origin-Hint
X-Pubstack
X-Via-Fastly
X-Zipkin-Id
X-MP-GENERATED-AT
Dont-Set-Cookie
X-Routing-Service
X-Format
X-Vgn-Hpd-Reason
X-Amz-Meta-Surrogate-Control
X-CDN-Forward
X-Geo
X-NCache
X-Origin-CC
X-Storage
Countrycode
X-Dc
Edge-Cache-Tag
X-Webstats-RespID
X-HS-Cache-Config
X-Amzn-RequestId
X-Proto
X-Amz-Apigw-Id
X-Generation-Time
X-NGENIX-Cache
X-Optimization
X-Cache-HT
X-Cache-NE
X-Sucuri-Cache
X-Nc
X-Rocket-Nginx-Bypass
X-Labrador-Cache-Channel
X-B3-Spanid
Apicache-Store
X-Newrelic-Synthetics
Access-Control-Request-Headers
Apicache-Version
X-Birta-Cache-Post
X-Meta-Tbi-Cache-Vertical
X-Birta-Served
X-Cache-Backend
Fastly-SSL
X-Tumblr-Pixel-3
X-Rule
X-Nf-Srv-Version
X-Connection-Hash
X-Transaction
X-Twitter-Response-Tags
X-Environment-Context
Accept-CH
X-L-Path
X-SERVER-NAME
WZWS-RAY
Ec-Rule-Version
From-Origin
Ws
X-Real-Ip
NnCoection
X-Oss-Request-Id
X-Oss-Storage-Class
X-Oss-Server-Time
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Varnish-Beresp-Grace
X-Alicdn-Da-Ups-Status
X-Hit
X-Varnish-Beresp-Status
X-Upstream-CT
X-Upstream-HT
X-Cache-Enabled
Cteonnt-Length
X-EdgeConnect-Cache-Status
NODE
X-CCM-LastModified
X-Fetched-On
Cache-Prefix
X-From
Cneonction
Fastly-Soc-X-Request-Id
Country-Code
X-G
X-Developer
X-Died
X-MI-In-Market
X-Destination
X-NU-AKA-ACS-Version
ProcessTime
X-Matched-Rule
X-SERVER
X-Generated-In
X-Hash
VivaBuild
BehaviorPad-Version
X-Date
X-A-Dam
X-A-Ccd
Server-Host
Resin-Trace
X-A-Dcw
X-A-Wwc
X-A-Dgt
X-A
T-Server
Warning
V-Age
Viewtype
Www
Thinkindot-Control
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
Rendered-Blocks
X-Accel-Expires-Debug
X-CF-Lambda-Fn
Host-ID
MD5-Digest
X-CF-Lambda-Version
X-D
Fly-Request-Id
GMS-Ver
Meta-Geo-Continent
MI-Cache
X-ARC
X-Application
X-B-Cookie
X-BB-ID
MI-Cache-Age
X-BBXSRF
Fly-Cache
X-Hl-Ver
X-Server-By
X-PAYTM-SRV-ID
X-SRCache-Key
X-SVT-ORM-RULES
X-ScT
X-S-Cookie
X-Servedby
X-Rewrite-Enabled
X-Rojux
X-SVT-ORM-VERSION
X-Thinkindot-L3
X-Via-Edge
X-We-Are-Hiring
X-Wix-Route-ID
Xc-Version
X-Via-CDN
X-VG-WebServer
X-Trv-Group
X-TT-LOGID
X-UE-Client-Country
X-Response-By
X-Server-Time
X-Planisys-CDN-Cache
X-Region-Sid
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Qnm-Cache
X-C
X-M-Reqid
X-HS-Combine-CSS
X-App-Version
X-M-Log
X-Sf
X-Sorting-Hat-PodId
IsBot
Kp-EeAlive
X-ServiceProvider
X-Origin-Date
X-Sorting-Hat-ShopId
X-Cache-URL
X-SIPLIST1
X-ShardId
X-ShopId
X-Shopify-Stage
X-CS
NGX
X-Release
X-Crawler
X-Clientip
X-Backend-Host
Server-ID
X-P-T
X-Ver
Server-Int
SN
X-ElasticPress-Search
X-Worker
X-WebServer
Request-EU
Request-Country
X-Backend-State
X-Backend-Url
X-RCS-CacheZone
X-Server-IP
X-Alternate-Cache-Key
Release
Proxy-Connection
X-Origin-Expires
X-Cache-Bucket
X-Core-Mission
X-V
X-Node-Id
X-IN-APIGATEWAY
Apple-News-Services-Request-Url
X-IN-SSL-APIGATEWAY
X-GeoIP-Country-Code
X-GeoIP-City
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Apple-News-Services-Handled
X-No-Session
Ajk
X-Edge-IP
X-Env
X-Dispatcher-Server
X-Info
Decoy-Debug-TTL
Decoy-Debug-Status
X-S-Maxage
Decoy-Debug-Key
X-Logtrace-Id
X-IN-WAF
X-GoCache-CacheStatus
Ms-Operation-Id
X-Trace-Id
X-UnsetCookies
X-Passed-To-DLL
Web-Mar-Node
X-Passed-To-PostProcessResponse
X-Actual-URL
X-Org
X-Up
X-Request-URI
X-Req
X-Passed-To
X-VServer
X-Hnp-Log
X-VG-TLSProxy
X-Passed-To-BeforeDispatch
X-User
X-Varnish-HitMiss
X-HCF
X-Returned-From
X-Cache-ASPX
X-Edge-Server
X-CGP
X-NX-Host
X-Sn-Servicetimems
X-Cdn-Srv
X-Cache-Time
X-Epic-Correlation-Id
X-Content-Age
X-Core-Value
X-Rebelmouse-Cache-Control
X-Developers
X-Device-Os
X-Debug-Log
X-DPWN-IS-SECURE
X-Debug-Cookies
X-Cache-Srv
X-Cache-Host
X-Rebelmouse-Surrogate-Control
X-Returned-From-DLL
X-Block-Status
X-Returned-From-BeforeDispatch
X-Gen-Mode
X-Platform
X-Fstrz
X-Returned-From-PostProcessResponse
X-Reboot
X-Eu-Site
X-Forwarded-Host
X-Cache-Expires
X-Cache-CFC
X-Cache-Control-Set-By
X-Backend-TTL
X-Cdn-Origin
Ha-Gx-Prefs
HA-Ipaddr
HA-Georegion
HA-Geolon
HA-Geocountry
HA-Geolat
HA-Servedtime
HA-Urlpath
Is-Eu
Odigeo-Trace-Id
HTTPS
Httpd-Identifier
Heartbleed
HA-Geocity
HA-Cloudapp
CDCHOST
Cdn-Host
Cache-Tags
Backend-Name
Adler-Geo
AKAMAI
Cdn-Request-Time
Content-Disposition
Fastly-SWR
XServer
Fastly-SIE
Fastly-Backend-Name
PageSpeed
Ohc-Response-Time
HA-Host
Origin
RNT-Machine
Origin-Cache-Control
Origin-Edge-Control
PFcat
Powered-By
Request-Time
On-Server
Uber-Trace-Id
Pragrma
Platform
True-Client-Country-4JS
RNT-Time
X-GRACE
X-Refresh
X-Swa-Ws
X-Nginx-Cache
RequestId
X-Fastly-Cache
Who
Time
X-Phone
X-FireWall-Port
X-Amz-Meta-Cache-Control
X-F5-Cache
X-Origin-TTL
X-Location
X-Ms-Request-Id
X-Ms-Lease-Status
X-Ms-Blob-Type
X-Ms-Version
X-Var-Ttl
MI-API
X-Stale
X-Skip-Cache
X-Wikidot-Backend
X-Ckpd-Fst-Backend
X-Wikidot-Static-Cache
X-Server-Group
X-WR-MODIFICATION
X-Croise-Owner
Mime-Version
X-Redis-Cache
X-From-Cache
X-B3-TraceId
X-Cdn-Forward
Esi-Enabled
NtCoent-Length
Cdn
X-Servername
GW-Server
X-Pjax-Url
UCS
Dnion-Transfer-Encoding
X-Varnish-Beresp-Ttl
X-MSEdge-Features
X-Micro-Cache
X-Hail-Hydra
X-MSEdge-Flight
WP-Super-Cache
X-TIME
X-Pf-Uncompressing
X-Cache-Handler
X-Varnish-Beresp-TTL
X-Csrf-Token
X-CSRF-Token
X-Via-SSL
X-Varnish-Url
X-Varnish-Id
X-Cache-FS-Status
Dynatrace
X-Ua
X-Be
CF-IPCountry
X-COUNTRY
X-Request-Time
Memcached
X-Bip
X-Thanos
Get-Access-Time
X-Page-Type
X-GDPR
X-Cache-Id
Is-Session-Tracking
Memory
PICS-Label
WWW-Authenticate
X-Powered-By-ANYU
X-Cluster-Node
Rt-Proxy-Cache
PageType
X-NWS-UUID-VERIFY
X-NC
X-Cache-TTL
X-Owner
X-Via-NSCOPI
Geoip-City
GeoIp-Country-Code
Geoip-Latitude
Frame-Options
X-Key
NodeID
MIME-Version
X-Aicache-OS
X-CUA
X-DataStream-Origin-MEX-Latency
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-DataStream-MidMile-RTT
FastCGI-Cache
X-Auto-Login
X-External-Request-Id
Sta2Tusw
We-Hiring
Mail-Subject
X-Webkit-CSP
X-TId
X-Response-Served-From
X-Servedbyhost
X-Dynatrace
X-CACHE-KEY
X-StackifyID
X-Atg-Version
X-Frame-Option
X-LiteSpeed-Cache-Control
CACHE
Section-Io-Cache
X-ServedByHost
X-UPSTREAM-Address
Version
X-Shield-Cache-Expires
X-ADI-VCache
X-Fastly-Backend-Reqs
Node
X-Varnish-Action
If-Modified-Since
X-Tid
X-EC-Security-Audit
GeoIP-Latitude
GeoIP-City
GeoIP-Country-Code
X-DC
Pramga
Magicmarker
X-Bug-Bounty
X-BE
X-Nananana
X-Load-Cache
X-Request-UUID
COMMERCE-SERVER-SOFTWARE
Processtime
Pics-Label
X-Ig-Deployment-Stage
X-Sentry-ID
X-Haproxy-Ip
Pagetype
X-Public
X-Haproxy-Hostname
CDN
X-Varnish-Ttl
X-GEO
Cache-Cookie-Set-Idcheck
X-Cache-Debug
X-PAGE-TYPE
X-Shard
X-Proxy-Server
X-Variation
Cache-Provider
X-ND-Cache
Cache-Cookie-Set-Lfrom
RATING
X-Surge-Debug
X-Gdpr
Cache-Cookie-Set-From
V-Cache
Group
Fastcgi-Useragent
X-Varnish-URL
Cf-Ipcountry
X-Wa
OT-Force-Account-Verify
X-FORWARDED-FOR
X-Ibm-Trace
X-Server-W
Amp-Access-Control-Allow-Source-Origin
URI
X-Endurance-Cache-Level
X-Datadome
X-Sorting-Hat-PrivacyLevel
X-Sorting-Hat-FeatureSet
Sid
X-Sorting-Hat-PodId-Cached
X-SRV
X-Cache-Var-Map
X-Irp-Debug
X-Cache-Var
REQUESTUUID
Srv
X-Sorting-Hat-Section
X-Sorting-Hat-ShopId-Cached
Accept-Ch
X-Pc-Key
Hostname
X-Pc-Hit
X-Pc-Appver
X-Pc-Date
Fastcgi-X-Cache
Arc-Country
Powered
X-Ratelimit-Remaining
X-Ms-Lease-State
X-Pc-Host
X-HTML-Minification-Powered-By
Fastcgi-X-Cache-Version
X-Fastly-Cache-Hits
X-PF-Uncompressing
X-ID
X-PJAX-URL
X-CacheKey
X-Gen-Id
GEO-REGION-INFO
DataCenter
X-Ratelimit-Limit
X-GZIP
X-Front
X-Policy
X-Litespeed-Cache-Control
X-Requestid
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Layer
X-Served-From
N-Cache
X-RequestId
X-FW-Version
X-B3-SpanId
X-Vcache
X-Feature
X-Dw-Trace-Id
Serverid
X-Nginx-Cache-Key
X-Grace-Duration
X-CDN-Pop
X-VC
X-CDN-Pop-IP
X-SB
X-Varnish-Info
X-Amz-Meta-Sha256
X-Amz-Meta-S3b-Last-Modified
X-Distil-Cs
X-Svr
X-NGINX-Cache
Xet-Cookie
X-RPM
Requestid
X-Request-Start
X-RSL
X-APP
X-DB
X-VID
X-RPS
X-Amzn-Remapped-Date
X-RAMCache
X-DSS
X-DW
X-Cookie
X-Unique-Id
X-ServerName
X-Akamai-ERPolicy
X-Akamai-ERRuleID
X-DI
X-VG-WebCache
X-Varnish-ID
X-HS-Status
X-Fe
X-Amzn-Remapped-Connection