Threat Level: green Handler on Duty: Rick Wanner

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
Last-Modified
Accept-Ranges
Pragma
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
X-XSS-Protection
Expect-CT
Via
X-Cache
Age
Access-Control-Allow-Origin
Content-Security-Policy
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Served-By
X-Amz-Cf-Id
X-Varnish
Referrer-Policy
X-Timer
CF-Cache-Status
X-FRAME-OPTIONS
Access-Control-Allow-Headers
X-AspNet-Version
X-Request-Id
Access-Control-Allow-Methods
X-Xss-Protection
X-Runtime
X-Download-Options
Access-Control-Allow-Credentials
X-Drupal-Cache
X-Cacheable
X-Request-ID
Alt-Svc
X-Generator
Content-Security-Policy-Report-Only
X-Check
X-AspNetMvc-Version
Status
X-Cache-Status
X-Adblock-Key
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Iinfo
X-Permitted-Cross-Domain-Policies
X-Template
Content-Encoding
X-Language
X-Content-Security-Policy
X-Turbo-Charged-By
X-CDN
X-Type
Keep-Alive
X-Buckets
Xkey
X-AH-Environment
X-Backend
X-Cache-Group
Access-Control-Max-Age
WPE-Backend
X-Pass-Why
X-Age
CF-Ray
X-POWERED-BY
X-Server
Upgrade
EagleId
Access-Control-Expose-Headers
X-Via
X-Nginx-Cache-Status
X-Server-Powered-By
X-Pingback
X-Drupal-Dynamic-Cache
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Grace
X-Hacker
X-Amz-Id-2
X-Amz-Request-Id
X-UA-Device
Ali-Swift-Global-Savetime
X-Robots-Tag
P3p
Cf-Railgun
X-LiteSpeed-Cache
X-Envoy-Upstream-Service-Time
X-Proxy-Cache
X-Ua-Compatible
X-Page-Speed
Request-Context
Content-Location
X-Device
X-Ac
X-Node
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Cnection
X-Host
X-Server-Id
X-Cache-Lookup
X-Amz-Version-Id
Surrogate-Control
X-WebKit-CSP
X-Backend-Server
X-Rack-Cache
X-Rq
X-Response-Time
X-Application-Context
X-Readtime
X-CST
EagleEye-TraceId
Server-Timing
X-Url
Pinterest-Generated-By
X-Cloud-Trace-Context
X-TTL
X-OneAgent-JS-Injection
Request-Id
X-Instart-Request-ID
X-Dns-Prefetch-Control
Report-To
X-Px
X-Country
X-ORACLE-DMS-ECID
X-Clacks-Overhead
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Feature-Policy
Rating
Edge-Control
X-Country-Code
Allow
X-DynaTrace-JS-Agent
Charset
X-DataDome
X-ESI
X-Powered-CMS
X-Server-Name
X-FTR-Request-ID
X-Vname
X-TtlSet
X-PC
X-Origin-Cache
X-DynaTrace
NEL
X-MS-InvokeApp
X-ORACLE-DMS-RID
X-Goog-Hash
X-Recruiting
X-Varnish-TTL
X-Cached
X-VARITI-CCR
X-Vhost
X-GitHub-Request-Id
Content-MD5
RTSS
X-F-Cache
X-Version
X-Geo-Segment
X-Exp-Id
X-GoogleNews-Bot
X-Kinja-Build
X-Kinja-Server
X-Kinja-Revision
X-Cdn-Fetch
X-Kinja
X-Exp-Variant
X-Powered-By-Plesk
Public-Key-Pins
PB-PID
Accept-CH
PB-RID
Arc-Version
X-Mobile-Rewrite
X-Pinterest-Rid
X-Upstream-Env
Pinterest-Version
X-Mod-Pagespeed
X-D2id
Verso
X-Client-IP
SPRequestGuid
X-CF-Powered-By
MS-Author-Via
X-Abt-Application-Version
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-N
X-Dispatcher
X-SharePointHealthScore
AR-ATIME
AR-PoweredBy
X-Amz-Rid
AR-CACHE
X-Navigation-Version
Accept-CH-Lifetime
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-T
X-Do-Not-Hack
Nginx-Cache
Permitted-Cross-Domain-Policies
DynaTrace
X-HeyJason
X-Dw-Request-Base-Id
X-Trace
X-Fastly-Request-ID
Paypal-Debug-Id
X-Upstream
Arr-Disable-Session-Affinity
X-Hits
X-Varnish-Age
TCN
X-Forwarded-Proto
X-Amz-Meta-S3cmd-Attrs
X-Grace
X-Id
X-Origin-Upstream-Status
X-DIS-Request-ID
X-Shield-Request-Id
X-Pad
SPRequestDuration
SPIisLatency
X-FastCGI-Cache
X-Content-Options
AR-SID
X-Cache-Hit
X-Content-Digest
Realpath
X-Logged-In
X-Ruxit-JS-Agent
X-IPLB-Instance
Access-Control-Request-Method
X-Kinsta-Cache
X-NF-Request-ID
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
X-Acc-Meta-Resource-Type
Mrf-Cache-Status
MRF-Tech
X-B
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Generation
X-XRDS-Location
X-SS-Set-Cookie
X-HW
X-Vcap-Request-Id
X-Debug
S
X-MSEdge-Ref
X-Ser
Service-Worker-Allowed
Server-Name
X-NewRelic-App-Data
X-PressLabs-Stats
X-FTR-DC
X-Frontend
X-FTR-Realm
X-Country-Code-Real
X-FTR-Cache-Status
X-FTR-Backend
X-FTR-Backend-Server
X-FTR-Balancer
X-Wix-Server-Artifact-Id
Tracecode
X-Server-ID
X-Oneagent-Js-Injection
AMP-Access-Control-Allow-Source-Origin
X-FTR-Expires
Rt-Fastcgi-Cache
Fastcgi-Cache
Eomportal-Instance
X-Cache-Key
Alternate-Protocol
Surrogate-Key
Cleartype
X-Cache-Rule
X-Forwarded-For
Cache-Status
X-GUploader-UploadID
X-Srv
X-NWS-LOG-UUID
Backend-Timing
X-Analytics
X-HS-Content-Id
X-HS-Hub-Id
Host
X-User-Agent
TP-Cache
TP-L2-Cache
X-Revision
X-VCache
X-Rid
Fastly-Restarts
FilterID
X-Whom
X-Debug-Info
Public-Key-Pins-Report-Only
X-FTR-Cache-Host
X-AOL-HN
X-Akam-SW-Version
X-Cache-2
ServerID
X-RateLimit-Remaining
X-Via-JSL
X-Varnish-Backend
X-Content-Powered-By
X-Accel-Buffering
X-Webkit-CSP
X-Cdn
X-Request-Received
X-Request-Processing-Time
X-Kinja-Server-Push
Accept-Charset
Front-End-Https
X-Ttl
X-Zen-Fury
Viewport
X-Oracle-Dms-Rid
X-Mobile
X-XRDS-LOCATION
X-Cached-By
X-Node-Name
Liferay-Portal
X-WPE-Loopback-Upstream-Addr
X-App-Environment
X-Varnish-Hostname
X-Magnolia-Registration
X-Tumblr-Pixel-0
X-Correlation-Id
X-Cluster
X-Cache-Control
X-Tumblr-Pixel
X-Tumblr-User
X-Content-Security-Policy-Report-Only
X-LB-Cache
X-Device-Type
X-Framework
X-Handled-By
X-TT
Host-Header
Cache-Tag
X-Akamai-Edgescape
X-B3-Sampled
X-BCube-Filmed-By
X-Hostname
X-B-Cache
X-Platform-Server
X-FB-Debug
Upgrade-Insecure-Requests
X-Signature
DC
X-Instance
X-Page-Id
X-Request-Guid
X-Cache-Server
X-B3-Traceid
Server-Node
X-Origin-Server
X-TT-TIMESTAMP
X-TA-CDN-Provider
MicrosoftSharePointTeamServices
Source
Retry-After
X-WA-Info
X-Amzn-Trace-Id
X-Accel-Expires
X-Servedby
X-Contextid
X-Cache-Action
X-Varnish-Server
Server-Info
HitInfo
HitType
X-Cache-Operation
X-Distil-CS
X-Sol
X-Middleton-Display
Display
X-Port
X-Daa-Tunnel
X-Amz-Replication-Status
Content-Script-Type
X-Generated-By
Content-Style-Type
AsisCache
X-Fastcgi-Cache
X-GeoIP
X-APP-VERSION
X-Seen-By
X-Wix-Request-Id
X-TX-ID
X-WebKit-CSP-Report-Only
Webserver
X-Tumblr-Pixel-2
GEO-INFO
X-Tumblr-Pixel-1
X-Geo-Country
X-RequestSource
X-Edge-Location
X-Hyper-Cache
Actual-Object-TTL
ServedBy
Healthy
X-S
X-Status
X-FW-Type
X-Varnish-Hits
X-Response-Served-From
X-FW-Static
X-Region
X-FW-Server
X-Jobs
User-Agent
X-Edge-Cache
X-Edge-Cache-Key
X-FW-Serve
X-FW-Hash
X-UUID
X-Locale
X-Adobe-Loc
X-Drupal-Cache-Tags
X-Adobe-Content
X-DataStream-Cache-Status
SRV
S-Cnection
Filters
X-Yottaa-Metrics
Refresh
X-Yottaa-Optimizations
X-Amz-Server-Side-Encryption
X-Cache-Age
X-Esi
X-Varnish-Grace
IBM-Web2-Location
NGB
X-Cache-TTL-Remaining
X-Proxied
X-Cache-NE
X-AppVersion
X-Middleton-Response
AR-Request-ID
X-Az
X-Activity-Id
Response
X-Content-Type
X-App-Server
X-Newrelic-App-Data
Payment
X-Ruxit-Js-Agent
X-Cache-Remote
X-ATG-Version
X-Pc-Appver
X-Pc-Hit
X-Pc-Key
X-CDN-Forward
X-Webkit-Csp
Datacenter
X-Kong-Proxy-Latency
X-Unique-ID
X-Kong-Upstream-Latency
X-Cacheable-TTL
X-Cache-TTL
Cache
X-Vg-Webcache
Country
Served-By
X-HS-Cache-Config
Edge-Cache-Tag
X-UA
X-Akamai-Transformed
X-Mode
X-Sucuri-ID
Machine
X-Is-Bot
X-RemovedCookies
X-ProcessESI
X-Varnish-IP
X-Detected-As
Meta-Geo
X-Rendered-As
Load-Balancing
X-RN-RSRV
X-FC-Vary-Parameters
X-ProxyCache-Status
X-ProxyCache-Key
X-BYPASS-REASON
X-PCL
X-OCL
X-Proxy
X-Rocket-Nginx-Bypass
Access-Control-Allow-Method
X-Tb
Backend
TWC-Locale-Group
TWC-Privacy
X-Pubstack
X-Amz-Meta-Surrogate-Control
Cache-Key
X-PERF
X-Origin
X-Varnish-Cacheable
X-Viewer-Country
X-ServerID
Webcakes-Region
L5d-Success-Class
DB-Nickname
Property-Id
TWC-Connection-Speed
Now
X-ApacheServer
X-Grey
Mn-Server-Ip
Webcakes-App-Version
X-EIG-Tracking-Id
TWC-Device-Class
User-Cache-Control
X-Hosted-By
TWC-GeoIP-LatLong
TWC-GeoIP-Country
X-Cache-Category-Id
X-Debug-Cache
X-Origin-Hint
X-Cache-Config
Webcakes-App-Name
Cache-Name
X-BB-IP
X-Backend-Name
X-CCM
X-Environment-Context
X-Human
X-Format
X-Access
ServerName
Azure-RegionName
Azure-InstanceId
Azure-SiteName
Azure-SlotName
Azure-Version
X-JoinUs
X-L-Path
X-Via-Fastly
X-Upgrade-Enabled
X-Zipkin-Id
X-Cache-Var-Map
X-Rule
X-Section
X-Routing-Service
X-Correlation-ID
X-NodeID
X-Original-Request
X-OVcl
X-OVcl-Cache
Access-Control-Request-Headers
X-Cache-Var
X-AWS-Id
X-Varnish-Cache-Hits
X-CDN-Cache
X-App-Name
X-TWH-CORRELATION-ID
X-TNCMS
S-Rt
Selected-FE
X-Ocache
X-Generated
X-VWS-Id
X-LJ-Flow-ID
X-Loop
X-NGENIX-Cache
X-Www-Served-By
X-HS-Combine-CSS
X-Hit
X-Xfnlog-Site
X-Timing-Wait
X-Proxy-Build
X-Site-Version
X-SplitTest
X-Source
X-Agile-Age
X-Agile-Id
X-Agile
X-Origin-CC
X-Drupal-Cache-Contexts
X-Storage
X-URL
HostName
X-Real-IP
X-Akamai-Request-ID
X-IP
X-Upstream-HT
X-Pc-Host
X-Pc-Date
X-Upstream-CT
OT-Force-Account-Verify
X-Vgn-Hpd-Reason
X-Nginx-Cache
X-RateLimit-Limit
X-Mshield-Cache-Status
X-Mrs-Cache-Hits
X-Mrs-Cache
X-Mrs-Age
X-Time-Microsecs
X-Litespeed-Cache
Fastcgi-X-Cache-Version
Fastcgi-Useragent
From-Origin
Fastcgi-X-Cache
X-UA-Device-Type
X-NCache
X-NC
X-Feature
X-Internal-Host
XServer
X-Forwarded-Host
Powered-By-ChinaCache
X-Iejgwucgyu
X-Amzn-RequestId
X-Microcachable
X-Amz-Apigw-Id
X-Varnish-Beresp-Grace
X-Release
Fastly-SSL
X-Varnish-Beresp-Status
X-Distributor
X-Qnm-Cache
X-M-Reqid
X-M-Log
X-PHP-Backend
X-Ms-Blob-Type
X-Ms-Request-Id
X-Ms-Lease-Status
X-Ms-Version
LB
X-Birta-Cache-Post
X-Birta-Served
Pagespeed
X-Labrador-Cache-Channel
NtCoent-Length
Pagetype
X-EdgeConnect-Cache-Status
X-Transaction
X-Twitter-Response-Tags
X-Connection-Hash
X-VG-TLSProxy
X-App-Version
X-Cache-Backend
X-B3-Spanid
X-Instance-Name
X-V
MIME-Version
Frame-Options
X-SERVER-NAME
Time
X-C
X-GZip
X-Org
X-Irp-Debug
Cneonction
X-Logtrace-Id
X-NU-AKA-ACS-Version
X-No-Session
Ajk
X-IN-WAF
AKAMAI
Arc-Country
BehaviorPad-Version
Cache-Prefix
VivaBuild
X-CF-Lambda-Version
X-PAYTM-SRV-ID
X-Hnp-Log
X-IN-SSL-APIGATEWAY
Viewtype
X-Date
X-IN-APIGATEWAY
V-Age
X-Rewrite-Enabled
NGX
Mobile-Detection-Method
X-DPWN-IS-SECURE
X-Via-Edge
X-SRCache-Key
X-Dispatcher-Server
X-SIPLIST1
X-Accel-Expires-Debug
MD5-Digest
X-A-Dgt
Meta-Geo-Continent
X-Via-SSL
X-A-Wwc
X-Died
X-CUA
Rendered-Blocks
X-Block-Status
X-Via-CDN
X-VG-WebServer
X-BB-ID
X-Destination
X-Developer
X-UE-Client-Country
X-ARC
X-Application
X-Trv-Group
X-B-Cookie
X-D
T-Server
IsBot
X-CF-Lambda-Fn
Fly-Cache
Fly-Request-Id
Www
X-G
X-Varnish-Beresp-Ttl
X-Request-URI
X-Gen-Mode
X-Generation-Time
Ec-Rule-Version
X-Generated-In
X-Region-Sid
Web-Mar-Node
X-WebServer
X-A
X-Server-By
X-A-Dam
X-A-Dcw
X-Server-Time
Host-ID
X-CS
X-ScT
X-Rojux
X-A-Ccd
Xc-Version
X-S-Cookie
X-From
Server-Int
X-Sucuri-Cache
X-Web-Node
X-HOST
X-FireWall-Port
X-NWS-UUID-VERIFY
X-Sf
X-Eu-Site
Kp-EeAlive
Server-Host
MI-API
X-VServer
X-We-Are-Hiring
X-External-Request-Id
Magicmarker
X-F5-Cache
Ha-Gx-Prefs
HA-Host
HA-Georegion
HA-Geolon
HA-Geolat
HA-Ipaddr
HA-Servedtime
X-Fastly-Cache
X-ServiceProvider
X-Wikidot-Backend
HA-Urlpath
MI-Cache
NodeID
Request-Country
X-Var-Ttl
Release
Proxy-Connection
Request-EU
Request-Time
X-Debug-Cookies
X-Debug-Log
X-Varnish-Action
Pragrma
X-UnsetCookies
X-Cache-Enabled
On-Server
X-ElasticPress-Search
HA-Geocountry
Origin-Cache-Control
Origin-Edge-Control
X-Cache-Bucket
X-Amz-Meta-Cache-Control
X-Cache-CFC
MI-Cache-Age
HA-Geocity
X-Phone
Backend-Name
X-CGP
X-VCT
Cache-Tags
X-Hl-Ver
X-HTML-Minification-Powered-By
CDCHOST
X-Owner
X-Core-Value
WZWS-RAY
X-MI-In-Market
True-Client-Country-4JS
X-Powered-By-ANYU
X-Node-Id
X-Layer
X-Origin-TTL
X-NX-Host
X-RateLimit-Limit-Second
X-Platform
X-Crawler
Ar-Sid
Country-Code
X-RCS-CacheZone
X-Request-UUID
X-Wikidot-Static-Cache
HA-Cloudapp
GMS-Ver
X-S-Maxage
Esi-Enabled
X-Redis-Cache
X-RateLimit-Remaining-Second
Decoy-Debug-Status
Decoy-Debug-Key
Decoy-Debug-TTL
X-GeoIP-City
X-Webstats-RespID
X-Cache-Srv
X-Cache-Host
X-Clientip
X-Croise-Owner
X-Cache-Expires
X-Cdn-Origin
X-Cache-URL
X-Content-Age
X-Ckpd-Fst-Backend
X-Passed-To-BeforeDispatch
X-ShardId
X-ShopId
X-Shopify-Stage
X-Skip-Cache
X-Server-IP
X-Secret
X-Returned-From-PostProcessResponse
X-Hash
X-Worker
X-Sn-Servicetimems
X-Sorting-Hat-PodId
X-TT-LOGID
X-Tumblr-Pixel-3
X-Up
X-Variation
X-Trace-Id
X-Thinkindot-L3
X-Sorting-Hat-ShopId
X-Stale
X-Swa-Ws
X-Returned-From-DLL
X-Returned-From-BeforeDispatch
X-Gannett-Site-Version
X-GeoIP-Country-Code
X-Key
X-Matched-Rule
X-FW-Version
X-Fstrz
X-Device-Os
X-Epic-Correlation-Id
X-Fetched-On
X-MSEdge-Features
X-MSEdge-Flight
X-Store
X-Request-Time
X-Returned-From
X-Backend-Url
X-Passed-To-PostProcessResponse
X-Nginx-Cache-Key
X-Passed-To
X-Passed-To-DLL
X-Developers
Thinkindot-CacheControl
Platform
PFcat
Origin
RNT-Machine
Section-Io-Cache
X-Backend-TTL
SN
Server-ID
Odigeo-Trace-Id
Adler-Geo
Apple-News-Services-Request-Url
Countrycode
Fastly-Backend-Name
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Is-Eu
Apple-News-Services-Handled
Heartbleed
Thinkindot-CacheControl-Type
RNT-Time
X-Alternate-Cache-Key
Thinkindot-Control
X-Actual-URL
X-Backend-Host
PageSpeed
X-Ua
HTTPS
X-Backend-State
X-Rebelmouse-Surrogate-Control
X-Location
X-Policy
Content-Disposition
Fastly-SWR
X-Core-Mission
X-Rebelmouse-Cache-Control
Fastly-SIE
X-Cdn-Srv
Resin-Trace
X-Csrf-Token
Cteonnt-Length
Uber-Trace-Id
Sid
X-Servername
X-Response-By
X-Reboot
X-Oss-Server-Time
X-Oss-Storage-Class
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-Oss-Request-Id
REQUESTUUID
ProcessTime
Powered
X-Cluster-Node
WP-Super-Cache
X-CACHE-AGE
X-Alicdn-Da-Ups-Status
X-Real-Ip
X-Ezoic-Cdn
X-Servedbyhost
RequestId
ViewerVersion
X-GEO
Xserver
X-B3-TraceId
X-Refresh
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Dc
X-Planisys-CDN-Cache
Warning
CDN
X-Pf-Uncompressing
X-TIME
We-Hiring
X-Proto
Mail-Subject
CF-IPCountry
Cache-Cookie-Set-From
Cache-Cookie-Set-Lfrom
X-Endurance-Cache-Level
X-Cache-ASPX
Cache-Cookie-Set-Idcheck
X-Guploader-Uploadid
X-Req
X-GoCache-CacheStatus
Dnion-Transfer-Encoding
X-Atg-Version
X-Newrelic-Synthetics
X-Pjax-Url
NODE
X-Surge-Debug
X-Varnish-Ttl
X-Nc
Hostname
CACHE
X-GRACE
X-CLOUD-TRACE-CONTEXT
NnCoection
X-DC
X-Origin-Expires
X-Origin-Date
X-COUNTRY
X-Aed
X-Time
X-Page-Type
X-Ms-Lease-State
X-Varnish-HitMiss
Pramga
X-Cache-Control-Set-By
X-Server-W
X-HCF
GeoIp-Country-Code
Geoip-Latitude
X-Edge-IP
X-Oracle-Dms-Ecid
X-CSRF-Token
TSSecure
X-Varnish-Beresp-TTL
SD-X-WS
X-Cdn-Forward
WWW-Authenticate
X-Server-Group
X-Aicache-OS
A
X-Varnish-Url
Processtime
MS-CV
X-DataStream-MidMile-RTT
Geoip-City
X-DataStream-Origin-MEX-Latency
X-Datadome
X-Amz-Cf-Pop
X-Varnish-URL
X-Wa
X-Flog
X-ABtesting
PICS-Label
Cdn
X-Hello
X-Wix-Route-ID
X-WA
X-Ratelimit-Limit
X-Geo
Node
X-Auto-Login
X-From-Cache
X-CACHE-KEY
Mime-Version
X-Akamai-Request-ID2
Dont-Set-Cookie
X-Edge-Server
Lb
X-Gdpr
Cdn-Request-Time
Cdn-Host
X-UPSTREAM-Address
Lfy
X-Use-Magma
GeoIP-Country-Code
GeoIP-Latitude
X-Gen-Id
X-Sentry-ID
FSS-Proxy
PageType
FSS-Cache
X-Nananana
X-RTag
X-PAGE-TYPE
X-SRV
X-FORWARDED-FOR
X-APP
Rt-Proxy-Cache
GeoIP-City
X-Check-Cacheable
Ms-Operation-Id
COMMERCE-SERVER-SOFTWARE
X-EC-Security-Audit
DataCenter
X-WR-MODIFICATION
Get-Access-Time
X-Fastly-Backend-Reqs
X-Env
X-Optimization
X-Unique-Id
X-Via-NSCOPI
X-Cookie
X-Served-From
X-Cache-HT
X-Cache-Id
Is-Session-Tracking
X-Load-Cache
X-Proxy-Server
Who
X-GDPR
X-Cache-Info
X-Thanos
X-Bip
X-Dynatrace-Js-Agent
X-Cache-FS-Status
X-Be
Memcached
Ws
X-MP-GENERATED-AT
X-Request-Start
X-Ver
X-Fastly-Cache-Hits
X-PJAX-URL
X-Meta-Tbi-Cache-Vertical
X-Wix-Petri-Ex
X-Ibm-Trace
Pics-Label
X-Swift-Error
X-HS-Status
Memory
Cf-Ipcountry
X-Cache-Ttl
Group
X-Fe
V-Cache
X-B3-SpanId
Httpd-Identifier
X-RateLimit-Reset
X-PF-Uncompressing
URI
X-SVT-ORM-RULES
GW-Server
UCS
Powered-By
X-NGINX-Cache
X-CDN-Pop-IP
X-SVT-ORM-VERSION
X-Shard
X-Dw-Trace-Id
X-CDN-Pop
X-ServedByHost
Amp-Access-Control-Allow-Source-Origin
Ohc-File-Size
X-ID
Requestid
X-Path-Route
Version
X-GZIP
X-Bug-Bounty
X-SB
X-User
X-VC
NX-Cache
AGE-Hash
Serverid
Cache-Hits
X-Varnish-Info
X-P-T
CDN-Cache
CDN-Cache-Hit
X-LiteSpeed-Cache-Control
CDN-Node
X-CacheKey
X-StackifyID
X-Ratelimit-Remaining
Xet-Cookie
N-Cache
X-ServerName
X-Route-Name
Apicache-Version
X-Providence-Cookie
X-Litespeed-Cache-Control
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Flags
X-Is-Crawler
X-Cache-Handler
X-Akamai-ERPolicy
X-SD-PageType
X-Grace-Duration
Fastly-Soc-X-Request-Id
Https
X-Akamai-ERRuleID
X-RequestId
Ohc-Response-Time
Apicache-Store