Threat Level: green Handler on Duty: Remco Verhoef

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Pragma
Accept-Ranges
Last-Modified
Strict-Transport-Security
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
X-XSS-Protection
Expect-CT
Via
X-Cache
Age
Access-Control-Allow-Origin
Content-Security-Policy
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Served-By
X-Varnish
X-Amz-Cf-Id
Referrer-Policy
X-Request-Id
X-Timer
X-AspNet-Version
CF-Cache-Status
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Runtime
X-Xss-Protection
Access-Control-Allow-Credentials
X-Download-Options
X-Drupal-Cache
X-Cacheable
Alt-Svc
X-Generator
Content-Security-Policy-Report-Only
X-AspNetMvc-Version
Status
X-Check
Timing-Allow-Origin
X-Cache-Status
X-Adblock-Key
X-Iinfo
X-DNS-Prefetch-Control
X-Permitted-Cross-Domain-Policies
X-Content-Security-Policy
X-Template
X-CDN
Content-Encoding
X-Language
X-Turbo-Charged-By
X-Request-ID
Keep-Alive
P3p
X-Buckets
X-Type
EagleId
X-Via
Xkey
X-AH-Environment
X-Backend
WPE-Backend
X-Age
Access-Control-Max-Age
X-Pass-Why
X-Swift-CacheTime
X-Swift-SaveTime
X-Server
X-Cache-Group
Ali-Swift-Global-Savetime
X-Varnish-Cache
X-Pingback
Upgrade
X-Nginx-Cache-Status
X-Server-Powered-By
X-Drupal-Dynamic-Cache
Grace
Access-Control-Expose-Headers
X-Hacker
X-UA-Device
Cf-Railgun
X-Amz-Request-Id
X-Amz-Id-2
X-Robots-Tag
X-LiteSpeed-Cache
X-Ua-Compatible
X-Proxy-Cache
X-Envoy-Upstream-Service-Time
X-Page-Speed
Request-Context
X-CST
X-Node
X-Cache-Lookup
X-Device
X-Ac
Content-Location
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Cnection
X-Host
X-Amz-Version-Id
Surrogate-Control
X-WebKit-CSP
X-Backend-Server
X-Rack-Cache
X-Response-Time
X-Rq
X-Px
X-Readtime
X-Application-Context
Pinterest-Generated-By
Allow
X-Instart-Request-ID
X-Dns-Prefetch-Control
EagleEye-TraceId
X-Clacks-Overhead
X-OneAgent-JS-Injection
X-Server-Id
X-Url
Request-Id
Server-Timing
X-Country
X-HeyJason
X-Do-Not-Hack
Permitted-Cross-Domain-Policies
X-Cloud-Trace-Context
X-Server-ID
Report-To
Rating
X-TTL
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Country-Code
X-Varnish-TTL
Edge-Control
Charset
X-Powered-CMS
X-PC
X-Vname
X-TtlSet
X-ESI
X-FTR-Request-ID
X-Server-Name
X-CF-Powered-By
Feature-Policy
X-MS-InvokeApp
X-DynaTrace-JS-Agent
X-Goog-Hash
X-Cached
X-DataDome
NEL
X-Origin-Cache
X-Vhost
X-Recruiting
Public-Key-Pins
X-Geo-Segment
X-Exp-Variant
X-Cdn-Fetch
X-GoogleNews-Bot
X-Exp-Id
X-Kinja-Revision
X-Kinja
X-Kinja-Build
X-Kinja-Server
X-F-Cache
X-VARITI-CCR
X-Powered-By-Plesk
X-Version
X-Mod-Pagespeed
X-T
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-DynaTrace
X-D2id
Pinterest-Version
X-Upstream-Env
X-Pinterest-Rid
X-SRCache-Fetch-Status
Verso
X-SRCache-Store-Status
X-Client-IP
X-Abt-Application-Version
PB-RID
Arc-Version
PB-PID
X-Mobile-Rewrite
Content-MD5
X-Dispatcher
SPRequestGuid
X-N
RTSS
AR-ATIME
AR-PoweredBy
X-SharePointHealthScore
AR-CACHE
X-Amz-Rid
X-Forwarded-Proto
X-Cdn
X-Hits
X-GitHub-Request-Id
X-Navigation-Version
Nginx-Cache
X-Dw-Request-Base-Id
X-Ruxit-JS-Agent
X-B
Realpath
Paypal-Debug-Id
X-Upstream
X-Grace
X-Pad
X-Content-Digest
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Content-Options
X-Varnish-Age
X-Id
X-Shield-Request-Id
Arr-Disable-Session-Affinity
SPIisLatency
SPRequestDuration
X-Kinsta-Cache
X-Ttl
MS-Author-Via
X-Cache-Hit
TCN
X-NWS-LOG-UUID
Access-Control-Request-Method
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Logged-In
X-Acc-Meta-Resource-Type
S
X-Trace
X-Mrf-Item-Lastmod
Mrf-Cache-Status
MRF-Tech
X-Mrf-Section-Lastmod
X-XRDS-Location
X-Vcap-Request-Id
X-Origin-Upstream-Status
DynaTrace
X-MSEdge-Ref
X-VCache
X-HW
X-Zen-Fury
X-DIS-Request-ID
Front-End-Https
Eomportal-Instance
X-Country-Code-Real
Surrogate-Key
X-FTR-Backend
X-FTR-DC
X-HS-Content-Id
Cleartype
X-HS-Hub-Id
X-FTR-Realm
X-FTR-Expires
X-FTR-Balancer
X-FTR-Cache-Status
X-FTR-Backend-Server
X-Oneagent-Js-Injection
X-Cache-Rule
X-Frontend
X-Fastly-Request-ID
X-PressLabs-Stats
X-Via-JSL
X-NF-Request-ID
Service-Worker-Allowed
X-User-Agent
Cache-Status
X-IPLB-Instance
X-Forwarded-For
X-FastCGI-Cache
Server-Name
Tracecode
X-Request-Received
X-Request-Processing-Time
Fastcgi-Cache
X-Hostname
Alternate-Protocol
X-SS-Set-Cookie
Backend-Timing
X-Varnish-Backend
X-Analytics
X-Cache-2
Host
FilterID
X-Wix-Server-Artifact-Id
X-Middleton-Display
Display
X-Sol
X-AOL-HN
X-Fastcgi-Cache
Rt-Fastcgi-Cache
TP-L2-Cache
X-Whom
X-FTR-Cache-Host
TP-Cache
Public-Key-Pins-Report-Only
Viewport
X-Rid
X-Proxied
X-Az
Response
X-AppVersion
X-Activity-Id
X-Revision
X-Middleton-Response
X-Content-Powered-By
AR-SID
X-Ser
ServerID
X-Srv
X-Debug
X-Debug-Info
X-Cache-Control
X-Contextid
MicrosoftSharePointTeamServices
AMP-Access-Control-Allow-Source-Origin
X-Magnolia-Registration
X-Cached-By
X-B3-Traceid
Refresh
X-Akam-SW-Version
X-Mobile
X-Cache-Server
X-Daa-Tunnel
X-Oracle-Dms-Rid
X-Oracle-Dms-Ecid
X-WPE-Loopback-Upstream-Addr
X-Instance
X-Cache-Key
Server-Info
HitType
Powered-By-ChinaCache
HitInfo
Cache-Tag
Accept-Charset
X-Page-Id
X-FB-Debug
X-Framework
X-Newrelic-App-Data
X-App-Server
X-Cache-Age
X-Generated-By
Retry-After
X-PHP-Backend
X-Varnish-Hostname
X-Geo-Country
X-LB-Cache
X-Content-Security-Policy-Report-Only
X-Signature
X-Request-Guid
X-TT
Host-Header
X-Webkit-Csp
X-B-Cache
X-BCube-Filmed-By
X-Cache-Operation
X-App-Environment
X-Tumblr-User
X-RateLimit-Remaining
X-Varnish-Grace
X-Tumblr-Pixel-0
X-Tumblr-Pixel
Source
X-Handled-By
X-Origin-Server
Server-Node
X-Device-Type
X-Hyper-Cache
Upgrade-Insecure-Requests
X-URL
X-Accel-Expires
X-XRDS-LOCATION
X-Webkit-CSP
DC
X-Platform-Server
Ar-Sid
X-WA-Info
X-GUploader-UploadID
X-Amzn-Trace-Id
X-Akamai-Edgescape
X-APP-VERSION
X-Drupal-Cache-Tags
X-Correlation-ID
X-NewRelic-App-Data
X-TT-TIMESTAMP
X-CACHE-GROUP
Liferay-Portal
X-Cache-Action
X-ATG-Version
X-Varnish-Server
X-HOST
X-SERVER
X-Amz-Meta-S3cmd-Attrs
X-Cluster
X-Ruxit-Js-Agent
Webserver
Fastly-Restarts
X-Port
X-Edge-Location
X-Accel-Buffering
X-B3-Sampled
NGB
X-S
X-Cacheable-TTL
X-Wix-Petri-Ex
X-GeoIP
X-Wix-Request-Id
X-WebKit-CSP-Report-Only
Filters
X-Node-Name
X-Source
X-Seen-By
X-Locale
ServedBy
X-Jobs
Actual-Object-TTL
X-FW-Serve
X-Tumblr-Pixel-2
X-FW-Hash
X-FW-Server
X-RequestSource
X-FW-Static
X-FW-Type
AsisCache
X-Tumblr-Pixel-1
MS-CV
X-Varnish-Hits
AR-Request-ID
X-RTag
HostName
S-Cnection
Served-By
X-Distil-CS
X-Esi
X-Region
X-Cache-TTL-Remaining
GEO-INFO
X-Amz-Replication-Status
Cache
X-Cache-Config
X-UA
X-Cache-Remote
X-PC-Hit
X-UA-Device-Type
X-PC-AppVer
X-Vg-Webcache
X-PC-Key
X-Edge-Cache
X-Edge-Cache-Key
Country
Ohc-File-Size
Content-Style-Type
Content-Script-Type
X-Ocache
X-PC-Date
X-Drupal-Cache-Contexts
X-Adobe-Loc
X-TA-CDN-Provider
X-PC-Host
X-Adobe-Content
Datacenter
X-Sucuri-ID
Accept-CH
X-Guploader-Uploadid
X-UUID
X-GZip
X-Dynatrace-Js-Agent
X-RateLimit-Limit
X-Internal-Host
Pagespeed
X-Correlation-Id
X-Microcachable
X-Unique-ID
X-Real-IP
X-Varnish-IP
X-Status
X-Akamai-Transformed
X-Ezoic-Cdn
X-Amz-Server-Side-Encryption
X-TX-ID
X-Yottaa-Metrics
X-DataStream-Cache-Status
X-Yottaa-Optimizations
Machine
X-Proxy
Meta-Geo
Load-Balancing
User-Cache-Control
Access-Control-Allow-Method
IBM-Web2-Location
X-BYPASS-REASON
X-Path-Route
X-Agile
X-Grey
X-Generated
X-RN-RSRV
X-Web-Node
X-ProxyCache-Status
X-IP
X-Is-Bot
X-ProxyCache-Key
X-JoinUs
X-Detected-As
X-Rendered-As
X-App-Name
X-Cache-Category-Id
LB
X-Akamai-Request-ID
X-Agile-Id
X-Agile-Age
X-Loop
X-Debug-Cache
X-Origin
X-Backend-Name
X-Mode
X-CCM
Healthy
X-CLOUD-TRACE-CONTEXT
Xserver
Selected-FE
X-Xfnlog-Site
X-ServerID
X-OVcl-Cache
X-Instance-Name
X-Proxy-Build
X-TNCMS
Mn-Server-Ip
X-Timing-Wait
X-OVcl
X-PCL
X-NodeID
X-OCL
Backend
X-Vgn-Hpd-Reason
DB-Nickname
S-Rt
X-Tb
X-Time-Microsecs
X-FC-Vary-Parameters
X-Content-Type
X-BB-IP
ServerName
X-Upgrade-Enabled
X-Varnish-Cache-Hits
Now
X-Human
X-Hosted-By
Payment
X-Varnish-Cacheable
X-Viewer-Country
L5d-Success-Class
Cache-Name
User-Agent
X-Cache-Ttl
Azure-Version
Azure-SlotName
Azure-SiteName
X-EIG-Tracking-Id
Cache-Key
X-CDN-Cache
Azure-RegionName
X-ApacheServer
X-Distributor
X-Site-Version
Azure-InstanceId
X-PERF
X-NCache
TWC-Privacy
Webcakes-App-Version
Webcakes-App-Name
TWC-Locale-Group
TWC-GeoIP-LatLong
TWC-Connection-Speed
TWC-Device-Class
TWC-GeoIP-Country
Webcakes-Region
X-Via-Fastly
Property-Id
X-Routing-Service
X-Original-Request
X-Section
X-Time
X-Zipkin-Id
X-TWH-CORRELATION-ID
X-Access
X-Origin-Hint
Dont-Set-Cookie
X-Origin-CC
X-NGENIX-Cache
X-CDN-Forward
SRV
X-Amz-Meta-Surrogate-Control
X-Pubstack
X-Format
X-ProcessESI
X-Rocket-Nginx-Bypass
X-RemovedCookies
X-LJ-Flow-ID
X-AWS-Id
X-Www-Served-By
X-ServedBy
X-VWS-Id
X-SplitTest
X-Servedby
Access-Control-Request-Headers
X-Storage
PageSpeed
X-HS-Cache-Config
X-Cache-Backend
Edge-Cache-Tag
Countrycode
X-Webstats-RespID
X-L-Path
X-Environment-Context
X-Proto
X-Cache-HT
X-Labrador-Cache-Channel
X-MP-GENERATED-AT
X-Optimization
X-Generation-Time
X-Sucuri-Cache
X-Amz-Apigw-Id
X-Amzn-RequestId
Cartoon
WZWS-RAY
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Oss-Request-Id
X-B3-Spanid
X-Oss-Storage-Class
X-Oss-Server-Time
X-Twitter-Response-Tags
X-Nc
X-Connection-Hash
Cache-Hits
X-Transaction
Apicache-Store
Apicache-Version
X-Newrelic-Synthetics
X-Cache-NE
Ms-Operation-Id
X-Meta-Tbi-Cache-Vertical
X-M-Log
X-SERVER-NAME
X-Ah-Environment
Cteonnt-Length
X-M-Reqid
X-Qnm-Cache
X-Birta-Served
X-Birta-Cache-Post
X-Hit
X-Tumblr-Pixel-3
Fastly-SSL
From-Origin
X-Geo
X-Real-Ip
NnCoection
Ec-Rule-Version
NODE
Ws
X-EdgeConnect-Cache-Status
X-Varnish-Beresp-Grace
X-Cache-Enabled
X-Varnish-Beresp-Status
X-Dc
X-Release
X-V
X-Upstream-CT
X-Upstream-HT
X-Rule
X-Alicdn-Da-Ups-Status
Warning
X-SRCache-Key
Web-Mar-Node
X-Server-Time
X-SVT-ORM-RULES
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-Sf
Viewtype
VivaBuild
X-Shopify-Stage
X-SVT-ORM-VERSION
Www
X-A-Dcw
X-S-Maxage
X-S-Cookie
X-Rojux
X-ScT
X-Thinkindot-L3
X-A
X-A-Ccd
X-A-Dam
X-Server-By
V-Age
Thinkindot-Control
Kp-EeAlive
Httpd-Identifier
MD5-Digest
Meta-Geo-Continent
MI-Cache
Host-ID
GMS-Ver
Country-Code
Fastly-Soc-X-Request-Id
Fly-Cache
Fly-Request-Id
MI-Cache-Age
Rendered-Blocks
SN
Thinkindot-CacheControl
X-ShopId
Thinkindot-CacheControl-Type
Server-ID
Server-Host
Request-Country
Request-EU
Resin-Trace
X-ShardId
X-Rewrite-Enabled
X-Response-By
Cneonction
X-Date
X-Destination
X-Developer
X-Via-CDN
X-VG-WebServer
X-Wix-Route-ID
X-Block-Status
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-D
X-Hnp-Log
X-WebServer
X-Gen-Mode
X-Env
X-Via-Edge
X-Fetched-On
X-From
X-DPWN-IS-SECURE
X-We-Are-Hiring
X-Died
X-Dispatcher-Server
X-Hl-Ver
X-Generated-In
X-Worker
X-Matched-Rule
X-Accel-Expires-Debug
X-A-Wwc
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-UE-Client-Country
X-A-Dgt
X-Region-Sid
X-Trv-Group
X-RCS-CacheZone
X-TT-LOGID
X-PAYTM-SRV-ID
X-Origin-Expires
X-Org
X-NU-AKA-ACS-Version
X-BB-ID
X-MI-In-Market
X-B-Cookie
Xc-Version
X-Alternate-Cache-Key
X-Application
X-Origin-Date
X-ARC
X-G
T-Server
ProcessTime
X-Varnish-Beresp-Ttl
Cache-Prefix
BehaviorPad-Version
X-HS-Combine-CSS
X-App-Version
X-C
X-IN-WAF
CDCHOST
X-Logtrace-Id
Platform
Proxy-Connection
Release
X-IN-APIGATEWAY
X-IN-SSL-APIGATEWAY
Adler-Geo
PFcat
X-No-Session
Ajk
X-Cache-Host
MI-API
NGX
Odigeo-Trace-Id
X-Backend-Url
Origin-Cache-Control
X-Node-Id
X-Hash
X-GeoIP-Country-Code
X-CS
X-Device-Os
X-Edge-Server
X-Crawler
X-Content-Age
X-Cache-URL
X-Backend-Host
X-Clientip
Uber-Trace-Id
True-Client-Country-4JS
Apple-News-Services-Handled
RNT-Machine
X-Cache-CFC
RNT-Time
X-Cache-Bucket
X-Backend-State
Server-Int
X-Fstrz
X-Amz-Meta-Cache-Control
Origin-Edge-Control
X-Request-URI
Decoy-Debug-Key
XServer
X-VServer
Decoy-Debug-TTL
X-Server-IP
Fastly-Backend-Name
X-Origin-TTL
X-SIPLIST1
X-ServiceProvider
Apple-News-Services-Request-Url
Decoy-Debug-Status
IsBot
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Cdn-Host
Is-Eu
Cdn-Request-Time
X-Ms-Version
X-Ms-Request-Id
X-Ms-Lease-Status
X-ElasticPress-Search
X-Ms-Blob-Type
X-Cache-Expires
X-Core-Value
X-Varnish-HitMiss
X-Debug-Log
X-Up
X-Developers
X-Debug-Cookies
X-Wikidot-Backend
X-Cdn-Srv
X-Cdn-Origin
X-Edge-IP
X-Wikidot-Static-Cache
X-CGP
X-Ckpd-Fst-Backend
X-Cache-Srv
X-Ver
X-VG-TLSProxy
X-Cache-Control-Set-By
X-Core-Mission
X-Forwarded-Host
X-Rebelmouse-Cache-Control
X-Platform
X-Rebelmouse-Surrogate-Control
X-Reboot
X-Returned-From
X-Phone
X-Passed-To-PostProcessResponse
X-NX-Host
X-P-T
X-Passed-To
X-Passed-To-BeforeDispatch
X-Passed-To-DLL
X-HCF
X-Returned-From-BeforeDispatch
X-Eu-Site
X-F5-Cache
X-Epic-Correlation-Id
X-Swa-Ws
X-Trace-Id
X-Fastly-Cache
X-FireWall-Port
X-Returned-From-PostProcessResponse
X-Returned-From-DLL
X-Server-Group
X-GeoIP-City
X-Sn-Servicetimems
X-UnsetCookies
X-Info
HA-Urlpath
Time
Heartbleed
HA-Servedtime
HA-Ipaddr
HA-Georegion
Ha-Gx-Prefs
HA-Host
Who
Backend-Name
Powered-By
Pragrma
Request-Time
Origin
On-Server
AKAMAI
Content-Disposition
Ohc-Response-Time
X-Actual-URL
Esi-Enabled
HA-Geocountry
HA-Geocity
HA-Cloudapp
X-Backend-TTL
HA-Geolat
Fastly-SWR
HA-Geolon
Fastly-SIE
Cache-Tags
Dnion-Transfer-Encoding
NtCoent-Length
X-Location
HTTPS
X-BBXSRF
X-Var-Ttl
X-Req
X-GoCache-CacheStatus
X-Redis-Cache
X-From-Cache
X-Croise-Owner
X-Stale
X-Refresh
X-Skip-Cache
X-Cache-ASPX
X-Atg-Version
X-Nginx-Cache
X-Via-SSL
X-Cdn-Forward
RequestId
X-Micro-Cache
X-Cache-Time
X-Cache-FS-Status
Dynatrace
X-MSEdge-Features
X-Pjax-Url
Mime-Version
X-MSEdge-Flight
X-Servername
X-Csrf-Token
X-CCM-LastModified
X-WR-MODIFICATION
Cdn
Get-Access-Time
X-User
X-Response-Served-From
X-Pf-Uncompressing
WWW-Authenticate
Is-Session-Tracking
X-B3-TraceId
Frame-Options
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Request-Time
X-Powered-By-ANYU
WP-Super-Cache
X-Key
X-Owner
X-Dynatrace
X-GRACE
NodeID
X-TIME
CF-IPCountry
X-NC
X-CUA
X-Varnish-Url
X-Page-Type
X-Ua
X-Litespeed-Cache
X-Cache-TTL
Mail-Subject
We-Hiring
GW-Server
X-CSRF-Token
X-External-Request-Id
UCS
X-COUNTRY
X-Nf-Srv-Version
PICS-Label
X-Cache-Handler
X-DC
MIME-Version
X-NWS-UUID-VERIFY
PageType
X-Aicache-OS
X-LiteSpeed-Cache-Control
X-GDPR
Section-Io-Cache
Geoip-Latitude
Geoip-City
X-Cache-Id
Rt-Proxy-Cache
GeoIp-Country-Code
Version
X-Varnish-Id
FastCGI-Cache
Memcached
X-Thanos
X-Bip
Magicmarker
X-Servedbyhost
X-Varnish-Action
X-Varnish-Beresp-TTL
X-Nananana
X-Datadome
Memory
X-Fastly-Backend-Reqs
X-Pc-Appver
X-Pc-Hit
X-Pc-Key
X-Via-NSCOPI
CACHE
X-Request-UUID
If-Modified-Since
X-ServedByHost
X-Be
Pagetype
X-GEO
X-Pc-Date
X-Hail-Hydra
X-Variation
X-Cluster-Node
X-Pc-Host
CDN
X-TId
GeoIP-Country-Code
X-CACHE-KEY
GeoIP-Latitude
Sta2Tusw
Processtime
GeoIP-City
COMMERCE-SERVER-SOFTWARE
X-Ibm-Trace
X-Auto-Login
X-Irp-Debug
X-Wa
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
X-Server-W
X-Load-Cache
X-StackifyID
X-UPSTREAM-Address
X-BE
Arc-Country
X-Tid
X-Gdpr
Node
X-Frame-Option
Sid
X-Sentry-ID
Accept-CH-Lifetime
X-HTML-Minification-Powered-By
X-Ig-Deployment-Stage
X-Layer
DataCenter
RATING
X-Varnish-Ttl
X-FW-Version
X-Shard
X-Proxy-Server
Pics-Label
X-PAGE-TYPE
X-Nginx-Cache-Key
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-EC-Security-Audit
X-FORWARDED-FOR
URI
X-Varnish-URL
Cf-Ipcountry
V-Cache
Srv
X-NGINX-Cache
X-Bug-Bounty
X-SRV
Pramga
Group
X-ADI-VCache
X-Shield-Cache-Expires
X-Haproxy-Ip
X-Haproxy-Hostname
X-Ratelimit-Remaining
X-Public
X-Fastly-Cache-Hits
X-Surge-Debug
X-Endurance-Cache-Level
Cache-Provider
X-Akamai-Request-ID2
Cache-Cookie-Set-Lfrom
X-Gannett-Site-Version
Cache-Cookie-Set-Idcheck
X-PF-Uncompressing
X-Cache-Debug
X-Gen-Id
X-PJAX-URL
X-Secret
X-ID
Cache-Cookie-Set-From
X-ND-Cache
X-GZIP
X-Ratelimit-Limit
X-APP
X-Litespeed-Cache-Control
X-Dw-Trace-Id
X-CacheKey
X-B3-SpanId
X-Ms-Lease-State
X-Sorting-Hat-PrivacyLevel
X-RequestId
X-Sorting-Hat-Section
X-Sorting-Hat-PodId-Cached
X-Sorting-Hat-FeatureSet
X-Sorting-Hat-ShopId-Cached
X-Feature
Serverid
Xet-Cookie
Mobile-Detection-Method
SD-X-WS
REQUESTUUID
N-Cache
X-CDN-Pop
X-Distil-Cs
X-CDN-Pop-IP
GEO-REGION-INFO
Requestid
OT-Force-Account-Verify
Accept-Ch
X-Akamai-ERPolicy
X-Akamai-ERRuleID
X-Fe
X-RAMCache
Fastcgi-Useragent
X-Varnish-Info
X-Grace-Duration
Fastcgi-X-Cache-Version
X-VC
X-Policy
Https
X-SD-PageType
X-ServerName
Fastcgi-X-Cache
X-Amzn-Remapped-Connection
X-Request-Start
X-HS-Status
X-Varnish-ID
X-Unique-Id
X-Cookie
X-Amzn-Remapped-Date
X-SB
X-VG-WebCache
Powered