Threat Level: green Handler on Duty: Rick Wanner

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
Last-Modified
Accept-Ranges
Pragma
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
X-XSS-Protection
Expect-CT
Via
X-Cache
Age
Access-Control-Allow-Origin
Content-Security-Policy
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Served-By
X-Amz-Cf-Id
X-Varnish
Referrer-Policy
X-Timer
CF-Cache-Status
X-FRAME-OPTIONS
X-Request-Id
Access-Control-Allow-Headers
X-AspNet-Version
Access-Control-Allow-Methods
X-Xss-Protection
X-Runtime
X-Download-Options
Access-Control-Allow-Credentials
X-Drupal-Cache
X-Cacheable
Alt-Svc
X-Generator
Content-Security-Policy-Report-Only
X-Request-ID
X-Check
X-AspNetMvc-Version
Status
X-Cache-Status
X-Adblock-Key
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Iinfo
X-Permitted-Cross-Domain-Policies
X-Template
Content-Encoding
X-Language
X-Content-Security-Policy
X-Turbo-Charged-By
X-CDN
X-Type
Keep-Alive
X-Buckets
Xkey
X-AH-Environment
X-Backend
X-Cache-Group
Access-Control-Max-Age
WPE-Backend
X-Pass-Why
X-Age
CF-Ray
X-POWERED-BY
X-Server
Upgrade
EagleId
X-Ua-Compatible
Access-Control-Expose-Headers
X-Via
X-Nginx-Cache-Status
X-Server-Powered-By
X-Pingback
X-Drupal-Dynamic-Cache
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Grace
X-Hacker
X-Amz-Id-2
X-Amz-Request-Id
X-UA-Device
Ali-Swift-Global-Savetime
X-Robots-Tag
P3p
Cf-Railgun
X-LiteSpeed-Cache
X-Proxy-Cache
X-Envoy-Upstream-Service-Time
X-Page-Speed
Request-Context
Content-Location
X-Device
X-Ac
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Node
X-Cnection
X-Host
X-Server-Id
X-Cache-Lookup
X-Amz-Version-Id
Surrogate-Control
X-WebKit-CSP
X-Backend-Server
X-Rack-Cache
X-Rq
X-Response-Time
X-Application-Context
X-Readtime
X-CST
EagleEye-TraceId
Server-Timing
X-Url
Pinterest-Generated-By
X-Cloud-Trace-Context
X-TTL
X-OneAgent-JS-Injection
Request-Id
X-Instart-Request-ID
X-Dns-Prefetch-Control
Report-To
X-Px
X-Country
X-ORACLE-DMS-ECID
X-Clacks-Overhead
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Feature-Policy
Edge-Control
Rating
X-Country-Code
Allow
Charset
X-DynaTrace-JS-Agent
X-DataDome
X-ESI
X-Powered-CMS
X-Server-Name
X-FTR-Request-ID
X-PC
X-TtlSet
X-Vname
X-Origin-Cache
X-DynaTrace
NEL
X-MS-InvokeApp
X-Goog-Hash
X-Recruiting
X-Varnish-TTL
X-Cached
X-ORACLE-DMS-RID
X-VARITI-CCR
X-Vhost
X-GitHub-Request-Id
Content-MD5
RTSS
X-Version
X-F-Cache
X-Exp-Id
X-Kinja
X-Kinja-Build
X-Kinja-Revision
X-Cdn-Fetch
X-GoogleNews-Bot
X-Exp-Variant
X-Geo-Segment
X-Kinja-Server
X-Powered-By-Plesk
Public-Key-Pins
PB-PID
Accept-CH
PB-RID
Arc-Version
X-Mobile-Rewrite
X-Pinterest-Rid
Pinterest-Version
X-Upstream-Env
X-Mod-Pagespeed
Verso
X-D2id
SPRequestGuid
X-Client-IP
X-CF-Powered-By
MS-Author-Via
X-Abt-Application-Version
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-N
X-Dispatcher
X-SharePointHealthScore
AR-PoweredBy
AR-ATIME
X-Amz-Rid
AR-CACHE
X-Navigation-Version
Accept-CH-Lifetime
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
Nginx-Cache
X-T
DynaTrace
Permitted-Cross-Domain-Policies
X-Do-Not-Hack
X-HeyJason
X-Trace
X-Dw-Request-Base-Id
X-Fastly-Request-ID
Paypal-Debug-Id
X-Upstream
X-Grace
X-Varnish-Age
X-Hits
Arr-Disable-Session-Affinity
TCN
X-Forwarded-Proto
X-Amz-Meta-S3cmd-Attrs
X-DIS-Request-ID
X-Id
X-Origin-Upstream-Status
X-Shield-Request-Id
SPIisLatency
SPRequestDuration
X-Pad
X-FastCGI-Cache
X-Content-Options
AR-SID
X-Cache-Hit
X-Logged-In
X-Ruxit-JS-Agent
Realpath
X-Content-Digest
X-IPLB-Instance
Access-Control-Request-Method
X-NF-Request-ID
X-Kinsta-Cache
X-Mrf-Section-Lastmod
Mrf-Cache-Status
X-Acc-Meta-Resource-Type
X-Mrf-Item-Lastmod
MRF-Tech
X-B
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-XRDS-Location
X-Goog-Storage-Class
X-Goog-Generation
X-HW
X-Vcap-Request-Id
X-SS-Set-Cookie
S
X-Debug
X-MSEdge-Ref
X-Ser
Service-Worker-Allowed
Server-Name
X-NewRelic-App-Data
X-Country-Code-Real
X-FTR-DC
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-Backend
X-PressLabs-Stats
X-FTR-Realm
X-FTR-Cache-Status
X-Frontend
X-Wix-Server-Artifact-Id
Tracecode
X-Server-ID
X-Oneagent-Js-Injection
X-FTR-Expires
Rt-Fastcgi-Cache
Fastcgi-Cache
Eomportal-Instance
X-Forwarded-For
X-Cache-Key
Alternate-Protocol
Surrogate-Key
AMP-Access-Control-Allow-Source-Origin
Cleartype
X-Cache-Rule
Cache-Status
X-GUploader-UploadID
X-Srv
X-NWS-LOG-UUID
X-HS-Hub-Id
X-Analytics
X-HS-Content-Id
Backend-Timing
X-VCache
Host
X-Oracle-Dms-Rid
X-User-Agent
X-Revision
Fastly-Restarts
FilterID
X-FTR-Cache-Host
X-Debug-Info
X-Rid
TP-Cache
TP-L2-Cache
X-Whom
Public-Key-Pins-Report-Only
X-Akam-SW-Version
X-AOL-HN
X-Cache-2
ServerID
X-RateLimit-Remaining
X-Varnish-Backend
X-Via-JSL
X-Content-Powered-By
X-Accel-Buffering
X-Webkit-CSP
X-Cdn
X-Request-Processing-Time
X-Request-Received
Accept-Charset
X-Kinja-Server-Push
Front-End-Https
X-Zen-Fury
X-Mobile
Viewport
X-Ttl
X-XRDS-LOCATION
X-Cached-By
X-WPE-Loopback-Upstream-Addr
X-Node-Name
Liferay-Portal
X-App-Environment
X-LB-Cache
Host-Header
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Correlation-Id
X-Cluster
X-Page-Id
X-Magnolia-Registration
X-Tumblr-User
X-Content-Security-Policy-Report-Only
X-Cache-Control
X-Varnish-Hostname
Cache-Tag
X-Framework
X-Device-Type
X-TT
X-Request-Guid
X-B3-Sampled
X-Akamai-Edgescape
X-Hostname
X-B-Cache
X-Instance
X-Handled-By
X-Signature
X-Platform-Server
Upgrade-Insecure-Requests
X-FB-Debug
DC
X-Cache-Server
X-BCube-Filmed-By
X-B3-Traceid
X-Origin-Server
Server-Node
X-TT-TIMESTAMP
X-TA-CDN-Provider
MicrosoftSharePointTeamServices
Source
Retry-After
X-Amzn-Trace-Id
X-WA-Info
X-Contextid
X-Servedby
X-Accel-Expires
Server-Info
HitType
HitInfo
X-Cache-Action
X-Varnish-Server
X-Cache-Operation
X-Sol
X-Distil-CS
X-Middleton-Display
Display
X-Daa-Tunnel
X-Port
X-Fastcgi-Cache
X-Amz-Replication-Status
AsisCache
X-Generated-By
Content-Script-Type
Content-Style-Type
X-APP-VERSION
X-Geo-Country
X-GeoIP
X-Edge-Location
X-Wix-Request-Id
X-Seen-By
GEO-INFO
X-TX-ID
X-Tumblr-Pixel-2
X-S
X-RequestSource
X-Tumblr-Pixel-1
X-WebKit-CSP-Report-Only
Actual-Object-TTL
X-Locale
ServedBy
Webserver
X-Status
Healthy
X-Hyper-Cache
X-FW-Hash
User-Agent
X-Edge-Cache
X-Jobs
X-Varnish-Hits
X-Edge-Cache-Key
X-FW-Serve
X-FW-Static
X-FW-Type
X-Region
X-FW-Server
X-Response-Served-From
X-Adobe-Content
X-UUID
X-Adobe-Loc
X-Drupal-Cache-Tags
X-DataStream-Cache-Status
SRV
X-Varnish-Grace
S-Cnection
X-Yottaa-Optimizations
Refresh
X-Yottaa-Metrics
Filters
X-Cache-Age
X-Amz-Server-Side-Encryption
X-Esi
IBM-Web2-Location
NGB
X-Cache-TTL-Remaining
X-Proxied
X-Middleton-Response
Cache
X-Cache-NE
Response
X-AppVersion
X-Activity-Id
AR-Request-ID
X-Content-Type
X-Az
X-Pc-Hit
X-Newrelic-App-Data
X-ATG-Version
X-App-Server
X-Pc-Key
X-Pc-Appver
Payment
X-Ruxit-Js-Agent
X-CDN-Forward
X-Cache-Remote
X-Cacheable-TTL
Datacenter
X-Webkit-Csp
X-Unique-ID
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Cache-TTL
X-UA
Country
X-Vg-Webcache
Served-By
X-Akamai-Transformed
Edge-Cache-Tag
X-HS-Cache-Config
X-Mode
X-Sucuri-ID
X-RN-RSRV
X-Rendered-As
X-Varnish-IP
X-RemovedCookies
Meta-Geo
X-Is-Bot
X-ProcessESI
X-Detected-As
Machine
Load-Balancing
X-FC-Vary-Parameters
X-Proxy
X-ProxyCache-Status
X-PCL
User-Cache-Control
X-ProxyCache-Key
X-OCL
X-Rocket-Nginx-Bypass
X-BYPASS-REASON
Backend
X-Human
TWC-Locale-Group
Webcakes-App-Name
X-Pubstack
X-Hosted-By
X-ServerID
X-Tb
X-Origin-Hint
X-EIG-Tracking-Id
Webcakes-App-Version
X-Cache-Config
X-BB-IP
X-ApacheServer
X-Amz-Meta-Surrogate-Control
Webcakes-Region
X-Varnish-Cacheable
TWC-Privacy
Now
Property-Id
Mn-Server-Ip
L5d-Success-Class
DB-Nickname
TWC-Connection-Speed
TWC-Device-Class
X-Origin
X-Viewer-Country
X-PERF
TWC-GeoIP-LatLong
TWC-GeoIP-Country
Cache-Name
Cache-Key
X-Debug-Cache
X-CDN-Cache
X-CCM
X-Environment-Context
X-Format
X-JoinUs
X-Hit
X-Generated
X-Cache-Category-Id
X-Backend-Name
Azure-SiteName
Azure-RegionName
Azure-InstanceId
Azure-SlotName
Azure-Version
X-Access
ServerName
X-L-Path
X-Loop
X-Via-Fastly
X-Varnish-Cache-Hits
X-Upgrade-Enabled
X-Zipkin-Id
X-Cache-Var
X-Rule
X-Cache-Var-Map
X-TNCMS
X-Site-Version
X-Original-Request
X-Correlation-ID
X-NodeID
X-OVcl
X-OVcl-Cache
X-Section
X-Routing-Service
Access-Control-Request-Headers
X-Grey
Access-Control-Allow-Method
X-AWS-Id
X-LJ-Flow-ID
X-NGENIX-Cache
X-App-Name
X-Agile-Id
Selected-FE
X-Agile
X-Agile-Age
X-Proxy-Build
X-Www-Served-By
X-Xfnlog-Site
X-HS-Combine-CSS
X-VWS-Id
X-TWH-CORRELATION-ID
X-SplitTest
X-Timing-Wait
S-Rt
X-Ocache
X-Source
X-URL
X-Storage
X-Origin-CC
X-IP
HostName
X-Real-IP
X-Drupal-Cache-Contexts
X-Upstream-HT
X-Pc-Date
X-Pc-Host
X-Upstream-CT
OT-Force-Account-Verify
X-Akamai-Request-ID
X-RateLimit-Limit
X-Vgn-Hpd-Reason
X-Nginx-Cache
X-Time-Microsecs
X-Mshield-Cache-Status
X-Mrs-Cache-Hits
X-Mrs-Age
X-Mrs-Cache
X-Litespeed-Cache
Fastcgi-X-Cache-Version
From-Origin
Fastcgi-X-Cache
Fastcgi-Useragent
X-UA-Device-Type
X-NCache
X-NC
X-Internal-Host
X-Forwarded-Host
X-Amzn-RequestId
Powered-By-ChinaCache
X-Amz-Apigw-Id
X-Feature
XServer
X-Microcachable
Fastly-SSL
X-Iejgwucgyu
X-Release
X-Varnish-Beresp-Status
X-Distributor
X-Varnish-Beresp-Grace
X-M-Reqid
X-Qnm-Cache
X-M-Log
X-PHP-Backend
X-Ms-Request-Id
X-Ms-Version
X-Ms-Lease-Status
X-Ms-Blob-Type
X-Birta-Cache-Post
LB
X-Birta-Served
Pagespeed
NtCoent-Length
X-Cache-Backend
Pagetype
X-App-Version
X-Labrador-Cache-Channel
X-VG-TLSProxy
X-Transaction
X-EdgeConnect-Cache-Status
X-Twitter-Response-Tags
X-Connection-Hash
X-B3-Spanid
X-V
X-Instance-Name
Frame-Options
Time
MIME-Version
X-C
X-Web-Node
X-GZip
X-SERVER-NAME
BehaviorPad-Version
X-WebServer
X-Hnp-Log
X-Redis-Cache
Rendered-Blocks
X-CS
NGX
X-G
Arc-Country
AKAMAI
X-Region-Sid
X-From
X-D
X-Via-SSL
X-CUA
X-Rojux
Ajk
X-IN-WAF
X-IN-SSL-APIGATEWAY
MD5-Digest
Meta-Geo-Continent
X-DPWN-IS-SECURE
IsBot
Host-ID
Fly-Cache
Fly-Request-Id
X-Generation-Time
Cache-Prefix
Xc-Version
X-Rewrite-Enabled
X-Gen-Mode
X-Generated-In
Mobile-Detection-Method
X-S-Cookie
X-CF-Lambda-Version
Ec-Rule-Version
X-Died
X-Server-Time
X-Via-CDN
X-VG-WebServer
X-Application
X-Accel-Expires-Debug
X-IN-APIGATEWAY
X-A-Dcw
X-A-Dgt
X-A-Wwc
X-Block-Status
X-UE-Client-Country
X-Request-UUID
X-Trv-Group
X-SRCache-Key
X-SIPLIST1
X-Destination
X-NU-AKA-ACS-Version
X-ARC
X-BB-ID
X-B-Cookie
X-Org
X-A-Dam
X-PAYTM-SRV-ID
X-Request-URI
X-Irp-Debug
V-Age
X-Date
X-Via-Edge
X-Cache-Bucket
X-Dispatcher-Server
Server-Int
Viewtype
X-Logtrace-Id
Www
X-Server-By
X-A
X-A-Ccd
Web-Mar-Node
X-ScT
X-Developer
X-No-Session
VivaBuild
X-CF-Lambda-Fn
T-Server
Cneonction
X-Varnish-Beresp-Ttl
X-HOST
X-FireWall-Port
X-Sucuri-Cache
X-NWS-UUID-VERIFY
X-Powered-By-ANYU
WZWS-RAY
X-Amz-Meta-Cache-Control
SN
Ar-Sid
X-Cache-CFC
True-Client-Country-4JS
X-CGP
X-Debug-Cookies
X-Crawler
X-Core-Value
X-Debug-Log
X-Cache-Enabled
Request-Country
On-Server
Origin-Cache-Control
NodeID
MI-Cache-Age
MI-API
MI-Cache
Origin-Edge-Control
Pragrma
Request-EU
Request-Time
X-ElasticPress-Search
Release
Proxy-Connection
Server-Host
X-F5-Cache
X-Sf
X-UnsetCookies
X-ServiceProvider
X-S-Maxage
X-RateLimit-Remaining-Second
X-RCS-CacheZone
X-Var-Ttl
X-Varnish-Action
X-Wikidot-Static-Cache
X-VCT
X-Wikidot-Backend
X-We-Are-Hiring
X-VServer
X-RateLimit-Limit-Second
X-Platform
X-Hl-Ver
X-HTML-Minification-Powered-By
X-GeoIP-City
X-Fastly-Cache
X-External-Request-Id
Magicmarker
X-Key
X-MI-In-Market
X-Owner
X-Phone
X-Origin-TTL
X-NX-Host
X-Node-Id
X-Eu-Site
X-Layer
HA-Host
Ha-Gx-Prefs
HA-Georegion
Esi-Enabled
HA-Ipaddr
HA-Urlpath
HA-Servedtime
Cache-Tags
HA-Geolat
GMS-Ver
Country-Code
HA-Cloudapp
Backend-Name
HA-Geocountry
HA-Geocity
Decoy-Debug-TTL
HA-Geolon
Decoy-Debug-Key
Kp-EeAlive
CDCHOST
Decoy-Debug-Status
X-Webstats-RespID
X-Cdn-Origin
X-Cache-Srv
X-Returned-From-BeforeDispatch
X-Cdn-Srv
X-Request-Time
X-Ckpd-Fst-Backend
X-Cache-Host
X-Response-By
X-Returned-From
X-Cache-Expires
X-Backend-State
Apple-News-Services-Parsed-Url
Countrycode
X-ShardId
X-Backend-TTL
X-Secret
X-GeoIP-Country-Code
X-Clientip
X-Returned-From-PostProcessResponse
Apple-News-Services-Request-Url
X-Returned-From-DLL
X-Reboot
Fastly-Backend-Name
X-Epic-Correlation-Id
X-Passed-To-BeforeDispatch
X-Passed-To-DLL
X-MSEdge-Flight
X-FW-Version
X-Fetched-On
X-Nginx-Cache-Key
X-Fstrz
X-Passed-To-PostProcessResponse
X-Gannett-Site-Version
X-Location
X-Developers
X-Passed-To
X-Croise-Owner
X-Matched-Rule
X-Device-Os
X-ShopId
PageSpeed
X-MSEdge-Features
X-Content-Age
Apple-News-Services-Host
X-Up
X-Variation
Platform
Apple-News-Services-Handled
X-Tumblr-Pixel-3
Thinkindot-CacheControl
X-Trace-Id
PFcat
Adler-Geo
Uber-Trace-Id
Thinkindot-CacheControl-Type
Section-Io-Cache
Server-ID
RNT-Time
X-Alternate-Cache-Key
Thinkindot-Control
RNT-Machine
X-Thinkindot-L3
Heartbleed
X-Swa-Ws
Origin
X-Hash
Odigeo-Trace-Id
X-Store
Is-Eu
X-Actual-URL
X-Skip-Cache
X-Shopify-Stage
X-Stale
X-Sn-Servicetimems
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
Content-Disposition
X-Policy
HTTPS
X-Core-Mission
X-Worker
Resin-Trace
Fastly-SIE
X-Rebelmouse-Cache-Control
X-TT-LOGID
Cteonnt-Length
X-Server-IP
X-Backend-Url
X-Alicdn-Da-Ups-Status
X-Backend-Host
X-Rebelmouse-Surrogate-Control
X-Cache-URL
Fastly-SWR
X-Csrf-Token
X-Oss-Storage-Class
X-Oss-Request-Id
X-Oss-Object-Type
X-Oss-Server-Time
X-Oss-Hash-Crc64ecma
ProcessTime
Powered
X-CACHE-AGE
X-Real-Ip
REQUESTUUID
Sid
WP-Super-Cache
X-Cluster-Node
X-Servername
X-GEO
ViewerVersion
X-Refresh
X-Planisys-CDN-Cache
Xserver
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Dc
RequestId
X-Ezoic-Cdn
X-Ua
X-B3-TraceId
CDN
Warning
X-Servedbyhost
X-Proto
X-Pf-Uncompressing
X-TIME
CF-IPCountry
X-Endurance-Cache-Level
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-From
Mail-Subject
Cache-Cookie-Set-Idcheck
X-Cache-ASPX
We-Hiring
X-Newrelic-Synthetics
X-Guploader-Uploadid
Dnion-Transfer-Encoding
X-Atg-Version
X-Req
X-GoCache-CacheStatus
X-Pjax-Url
NODE
X-Surge-Debug
Hostname
X-Varnish-Ttl
X-Nc
X-CLOUD-TRACE-CONTEXT
NnCoection
X-Aed
X-Time
X-Origin-Expires
X-DC
X-Origin-Date
X-COUNTRY
X-Edge-IP
X-Page-Type
Pramga
X-Server-W
Geoip-Latitude
X-Ms-Lease-State
X-Cache-Control-Set-By
X-HCF
GeoIp-Country-Code
X-Varnish-HitMiss
X-CSRF-Token
X-Oracle-Dms-Ecid
X-Varnish-Beresp-TTL
SD-X-WS
TSSecure
X-Cdn-Forward
CACHE
WWW-Authenticate
X-Aicache-OS
X-Server-Group
A
X-Varnish-Url
Processtime
X-ABtesting
X-Flog
MS-CV
X-Amz-Cf-Pop
X-Hello
X-Datadome
Geoip-City
X-GRACE
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
X-WA
X-Dynatrace-Js-Agent
X-Wix-Route-ID
Cdn
PICS-Label
X-Varnish-URL
X-Ratelimit-Limit
Lfy
X-Auto-Login
Node
X-CACHE-KEY
X-From-Cache
X-Geo
X-Wa
Mime-Version
X-Akamai-Request-ID2
FSS-Proxy
X-Edge-Server
FSS-Cache
X-UPSTREAM-Address
X-Gdpr
Cdn-Request-Time
Dont-Set-Cookie
Cdn-Host
Lb
PageType
X-Use-Magma
GeoIP-Latitude
X-APP
X-EC-Security-Audit
X-Sentry-ID
GeoIP-Country-Code
X-Gen-Id
X-Nananana
X-Check-Cacheable
X-PAGE-TYPE
Rt-Proxy-Cache
COMMERCE-SERVER-SOFTWARE
GeoIP-City
X-SRV
X-Via-NSCOPI
Ms-Operation-Id
X-RTag
X-WR-MODIFICATION
DataCenter
X-Unique-Id
X-Env
Is-Session-Tracking
X-Fastly-Backend-Reqs
X-Served-From
Get-Access-Time
X-Cookie
X-Cache-HT
X-Optimization
X-Cache-Id
X-Load-Cache
Memcached
X-Cache-Info
X-GDPR
X-Thanos
X-Proxy-Server
Who
X-Bip
Amp-Access-Control-Allow-Source-Origin
X-Be
X-Cache-FS-Status
X-FORWARDED-FOR
X-Fastly-Cache-Hits
X-Request-Start
X-Meta-Tbi-Cache-Vertical
X-MP-GENERATED-AT
X-Ibm-Trace
X-Wix-Petri-Ex
Ws
Memory
X-Ver
Pics-Label
X-PJAX-URL
X-Swift-Error
Httpd-Identifier
Cf-Ipcountry
V-Cache
Group
X-B3-SpanId
X-Fe
X-HS-Status
X-ServedByHost
X-Cache-Ttl
X-RateLimit-Reset
X-CDN-Pop-IP
X-PF-Uncompressing
X-SVT-ORM-VERSION
X-CDN-Pop
X-SVT-ORM-RULES
Powered-By
GW-Server
X-Dw-Trace-Id
UCS
URI
X-NGINX-Cache
X-Shard
X-ID
Ohc-File-Size
AGE-Hash
X-Bug-Bounty
X-SB
Requestid
Version
X-VC
NX-Cache
X-Path-Route
X-GZIP
Serverid
X-Ratelimit-Remaining
X-StackifyID
CDN-Cache-Hit
CDN-Node
Cache-Hits
X-Varnish-Info
X-LiteSpeed-Cache-Control
CDN-Cache
X-P-T
Xet-Cookie
X-ServerName
X-CacheKey
N-Cache
X-User
SID
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Litespeed-Cache-Control
X-Cache-Handler
X-RequestId
X-SD-PageType
Ohc-Response-Time
Apicache-Version
Apicache-Store
X-Flags
X-Is-Crawler
Fastly-Soc-X-Request-Id
Https
X-Akamai-ERRuleID
X-Akamai-ERPolicy
X-Providence-Cookie
X-Route-Name
X-Grace-Duration