Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Pragma
Accept-Ranges
Last-Modified
Strict-Transport-Security
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
X-XSS-Protection
Expect-CT
Via
X-Cache
Age
Access-Control-Allow-Origin
Content-Security-Policy
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Served-By
X-Varnish
X-Amz-Cf-Id
Referrer-Policy
X-Request-Id
X-Timer
X-AspNet-Version
CF-Cache-Status
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Runtime
X-Xss-Protection
Access-Control-Allow-Credentials
X-Download-Options
X-Drupal-Cache
X-Cacheable
X-Generator
Alt-Svc
Content-Security-Policy-Report-Only
X-AspNetMvc-Version
Status
X-Check
Timing-Allow-Origin
X-Cache-Status
X-Adblock-Key
X-DNS-Prefetch-Control
X-Iinfo
X-Permitted-Cross-Domain-Policies
X-Content-Security-Policy
X-Template
X-CDN
Content-Encoding
X-Language
X-Turbo-Charged-By
X-Request-ID
P3p
X-Buckets
Keep-Alive
X-Type
X-AH-Environment
X-Via
EagleId
Xkey
X-Backend
WPE-Backend
X-Age
X-Pass-Why
Access-Control-Max-Age
X-Cache-Group
X-Server
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-Varnish-Cache
X-Pingback
X-Nginx-Cache-Status
Upgrade
X-Server-Powered-By
X-Drupal-Dynamic-Cache
Grace
Access-Control-Expose-Headers
X-Hacker
X-UA-Device
Cf-Railgun
X-Amz-Request-Id
X-Amz-Id-2
X-Robots-Tag
X-Ua-Compatible
X-LiteSpeed-Cache
X-Proxy-Cache
X-Envoy-Upstream-Service-Time
X-Page-Speed
Request-Context
X-CST
X-Node
X-Ac
X-Cache-Lookup
X-Device
Content-Location
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Cnection
X-WebKit-CSP
X-Host
X-Amz-Version-Id
Surrogate-Control
X-Backend-Server
X-Rack-Cache
X-Response-Time
X-Px
X-Rq
X-Readtime
Allow
X-Application-Context
Pinterest-Generated-By
X-Server-Id
X-Url
X-Instart-Request-ID
X-Clacks-Overhead
EagleEye-TraceId
Request-Id
Server-Timing
X-OneAgent-JS-Injection
X-Country
X-Do-Not-Hack
Permitted-Cross-Domain-Policies
X-HeyJason
X-Cloud-Trace-Context
Report-To
Rating
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Server-ID
X-Country-Code
Edge-Control
Charset
X-Varnish-TTL
X-ESI
X-Powered-CMS
X-PC
X-TtlSet
X-Vname
X-TTL
X-FTR-Request-ID
X-Server-Name
X-MS-InvokeApp
X-CF-Powered-By
X-Cached
X-DataDome
X-Goog-Hash
Feature-Policy
X-DynaTrace-JS-Agent
NEL
X-Vhost
X-Recruiting
Public-Key-Pins
X-Origin-Cache
X-Powered-By-Plesk
X-Dns-Prefetch-Control
X-Kinja-Build
X-Geo-Segment
X-GoogleNews-Bot
X-Kinja-Revision
X-Exp-Variant
X-Kinja
X-Exp-Id
X-Kinja-Server
X-Cdn-Fetch
X-F-Cache
X-VARITI-CCR
X-T
X-DynaTrace
X-Version
X-Mod-Pagespeed
X-D2id
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
Pinterest-Version
X-Upstream-Env
X-Pinterest-Rid
Verso
X-Client-IP
X-Abt-Application-Version
X-Dispatcher
SPRequestGuid
X-SharePointHealthScore
X-Mobile-Rewrite
PB-RID
X-SRCache-Store-Status
Arc-Version
PB-PID
X-SRCache-Fetch-Status
Content-MD5
X-N
X-Cdn
RTSS
X-Forwarded-Proto
X-Amz-Rid
X-Hits
X-GitHub-Request-Id
X-Navigation-Version
AR-ATIME
AR-PoweredBy
X-Dw-Request-Base-Id
Nginx-Cache
AR-CACHE
X-Ttl
Realpath
X-B
Paypal-Debug-Id
X-Ruxit-JS-Agent
X-Content-Digest
X-Upstream
X-Pad
X-Grace
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Content-Options
SPIisLatency
SPRequestDuration
X-Shield-Request-Id
X-Id
X-Varnish-Age
X-Kinsta-Cache
X-Oneagent-Js-Injection
Arr-Disable-Session-Affinity
X-NWS-LOG-UUID
X-Goog-Stored-Content-Encoding
Access-Control-Request-Method
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
TCN
MS-Author-Via
X-Cache-Hit
X-Acc-Meta-Resource-Type
X-Logged-In
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
Mrf-Cache-Status
MRF-Tech
DynaTrace
S
X-Trace
X-Vcap-Request-Id
X-Zen-Fury
X-Origin-Upstream-Status
X-HW
X-MSEdge-Ref
Front-End-Https
X-XRDS-Location
X-VCache
X-DIS-Request-ID
Cleartype
Eomportal-Instance
X-Country-Code-Real
X-FTR-Backend
X-FTR-Backend-Server
Surrogate-Key
X-FTR-Cache-Status
X-FTR-DC
X-Frontend
X-FTR-Realm
X-FTR-Balancer
X-FTR-Expires
X-HS-Content-Id
X-HS-Hub-Id
X-PressLabs-Stats
X-Cache-Rule
X-Via-JSL
X-Fastly-Request-ID
X-User-Agent
X-NF-Request-ID
X-Request-Processing-Time
Service-Worker-Allowed
X-Request-Received
Cache-Status
X-Forwarded-For
Tracecode
Alternate-Protocol
X-IPLB-Instance
X-Hostname
Fastcgi-Cache
Server-Name
X-Fastcgi-Cache
X-Sol
X-Middleton-Display
Display
X-Analytics
Backend-Timing
Host
X-Varnish-Backend
X-FastCGI-Cache
FilterID
Rt-Fastcgi-Cache
Viewport
MicrosoftSharePointTeamServices
X-AOL-HN
X-Activity-Id
X-Cache-2
TP-Cache
TP-L2-Cache
X-Az
X-AppVersion
X-Wix-Server-Artifact-Id
Public-Key-Pins-Report-Only
X-Whom
X-Ser
X-FTR-Cache-Host
X-Middleton-Response
X-Proxied
AR-SID
X-Rid
X-SS-Set-Cookie
Response
X-Revision
ServerID
X-Contextid
X-Content-Powered-By
X-Cache-Control
X-Srv
X-Debug
X-Magnolia-Registration
X-Debug-Info
AMP-Access-Control-Allow-Source-Origin
X-Cached-By
Powered-By-ChinaCache
Refresh
X-B3-Traceid
X-Oracle-Dms-Rid
X-Oracle-Dms-Ecid
X-XRDS-LOCATION
X-Cache-Server
X-Cache-Key
X-Mobile
X-Instance
X-Akam-SW-Version
X-Daa-Tunnel
HitType
Server-Info
HitInfo
X-Webkit-Csp
X-WPE-Loopback-Upstream-Addr
X-Page-Id
Accept-Charset
X-Cache-Age
X-Framework
X-Generated-By
X-Content-Security-Policy-Report-Only
Cache-Tag
X-App-Server
X-LB-Cache
X-Request-Guid
X-Signature
X-PHP-Backend
X-TT
X-B-Cache
X-FB-Debug
X-App-Environment
X-NewRelic-App-Data
X-Varnish-Hostname
X-Geo-Country
Retry-After
X-BCube-Filmed-By
Host-Header
X-RateLimit-Remaining
X-Origin-Server
X-Tumblr-Pixel-0
Server-Node
Source
X-Tumblr-User
X-Handled-By
X-Tumblr-Pixel
X-Device-Type
X-Hyper-Cache
X-Cache-Operation
X-Ruxit-Js-Agent
X-Varnish-Grace
X-ATG-Version
X-APP-VERSION
Upgrade-Insecure-Requests
DC
X-Amzn-Trace-Id
X-Accel-Expires
X-Platform-Server
X-Drupal-Cache-Tags
X-WA-Info
X-Newrelic-App-Data
X-HOST
X-GUploader-UploadID
X-Varnish-Server
X-TT-TIMESTAMP
X-Akamai-Edgescape
X-Cache-Action
X-Correlation-ID
MS-CV
X-PC-AppVer
X-URL
X-PC-Key
X-PC-Hit
NGB
Webserver
X-B3-Sampled
X-Locale
X-GeoIP
X-WebKit-CSP-Report-Only
X-Accel-Buffering
X-Cacheable-TTL
Filters
X-Node-Name
Actual-Object-TTL
X-Cluster
X-S
X-Wix-Petri-Ex
X-Source
X-Jobs
X-Seen-By
ServedBy
X-Wix-Request-Id
Liferay-Portal
X-RTag
X-Edge-Location
X-Tumblr-Pixel-2
X-RequestSource
X-Port
X-FW-Serve
X-FW-Static
Fastly-Restarts
X-FW-Server
X-FW-Type
X-FW-Hash
X-Tumblr-Pixel-1
X-PC-Date
AsisCache
X-PC-Host
S-Cnection
Served-By
X-Varnish-Hits
X-CLOUD-TRACE-CONTEXT
Ar-Sid
Pagespeed
X-Cache-Config
X-Distil-CS
Datacenter
X-UA
X-Amz-Meta-S3cmd-Attrs
X-Vg-Webcache
X-Cache-TTL-Remaining
X-Amz-Replication-Status
GEO-INFO
X-Region
Ohc-File-Size
X-Ocache
Cache
X-TA-CDN-Provider
Content-Script-Type
Cartoon
Content-Style-Type
X-Guploader-Uploadid
X-Drupal-Cache-Contexts
Country
X-Dynatrace-Js-Agent
X-Edge-Cache-Key
X-Sucuri-ID
X-Cache-Remote
X-UA-Device-Type
X-Edge-Cache
X-GZip
X-Correlation-Id
X-UUID
X-RateLimit-Limit
X-Internal-Host
X-ServedBy
X-Adobe-Content
X-Adobe-Loc
X-Esi
X-Microcachable
HostName
X-Real-IP
AR-Request-ID
X-Varnish-IP
X-Status
X-Akamai-Transformed
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Unique-ID
X-Proxy
X-Cache-Ttl
Load-Balancing
Access-Control-Allow-Method
Meta-Geo
Machine
X-Rendered-As
X-Is-Bot
X-DataStream-Cache-Status
X-IP
X-Detected-As
X-Path-Route
X-Generated
X-JoinUs
User-Agent
X-App-Name
X-RN-RSRV
X-Akamai-Request-ID
X-TNCMS
X-Amz-Server-Side-Encryption
X-OVcl
X-Agile-Age
X-Agile-Id
X-Grey
X-Timing-Wait
X-Loop
X-Mode
X-OVcl-Cache
Mn-Server-Ip
X-Web-Node
User-Cache-Control
X-Agile
X-Backend-Name
Selected-FE
X-Ezoic-Cdn
X-Cache-Category-Id
X-Proxy-Build
X-Varnish-Cacheable
Payment
X-Debug-Cache
X-BB-IP
X-FC-Vary-Parameters
X-Human
X-Instance-Name
ServerName
S-Rt
X-Tb
X-Time-Microsecs
Backend
Healthy
IBM-Web2-Location
X-Varnish-Cache-Hits
X-Upgrade-Enabled
X-ServerID
X-ProxyCache-Key
X-Origin
X-ProxyCache-Status
X-BYPASS-REASON
Azure-RegionName
Azure-InstanceId
SRV
X-Site-Version
LB
X-ProcessESI
Azure-SlotName
DB-Nickname
Cache-Name
L5d-Success-Class
Cache-Key
X-RemovedCookies
X-PERF
Azure-Version
X-ApacheServer
Azure-SiteName
X-CDN-Cache
X-NCache
X-NodeID
X-OCL
X-Viewer-Country
Now
X-Original-Request
X-Hosted-By
X-CDN-Forward
X-EIG-Tracking-Id
X-Content-Type
X-Distributor
X-TX-ID
X-PCL
Xserver
TWC-GeoIP-LatLong
X-Www-Served-By
TWC-Device-Class
TWC-Locale-Group
TWC-Connection-Speed
TWC-GeoIP-Country
X-AWS-Id
X-CCM
X-LJ-Flow-ID
X-Origin-Hint
X-Time
Property-Id
X-Access
Webcakes-App-Name
Webcakes-App-Version
Webcakes-Region
TWC-Privacy
X-Vgn-Hpd-Reason
X-Via-Fastly
X-Zipkin-Id
Dont-Set-Cookie
X-TWH-CORRELATION-ID
X-Xfnlog-Site
X-SplitTest
X-VWS-Id
X-Routing-Service
X-Section
X-Pubstack
X-Format
X-Amz-Meta-Surrogate-Control
X-Origin-CC
X-MP-GENERATED-AT
X-Rocket-Nginx-Bypass
X-Storage
X-Litespeed-Cache
X-HS-Cache-Config
Cache-Hits
Edge-Cache-Tag
X-Webstats-RespID
Countrycode
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Generation-Time
X-NGENIX-Cache
X-Proto
Access-Control-Request-Headers
X-B3-Spanid
X-Cache-HT
X-Geo
X-Newrelic-Synthetics
X-Optimization
X-Sucuri-Cache
X-Labrador-Cache-Channel
Apicache-Store
X-Nc
Apicache-Version
Accept-CH
X-Cache-NE
X-Cache-Backend
WZWS-RAY
X-Dc
X-Meta-Tbi-Cache-Vertical
X-SERVER-NAME
X-Birta-Served
X-L-Path
X-Environment-Context
X-Birta-Cache-Post
X-Transaction
X-Twitter-Response-Tags
X-Connection-Hash
PageSpeed
X-Tumblr-Pixel-3
X-Oss-Object-Type
X-Oss-Server-Time
X-Oss-Storage-Class
Fastly-SSL
X-Oss-Hash-Crc64ecma
X-Webkit-CSP
X-Oss-Request-Id
X-Servedby
X-Real-Ip
Ec-Rule-Version
From-Origin
X-CACHE-GROUP
NnCoection
X-Hit
Ws
X-M-Log
X-Qnm-Cache
X-M-Reqid
NODE
X-EdgeConnect-Cache-Status
X-Rule
X-Varnish-Beresp-Status
X-Alicdn-Da-Ups-Status
Cteonnt-Length
X-Varnish-Beresp-Grace
X-SERVER
X-Upstream-CT
Ms-Operation-Id
X-Upstream-HT
X-Cache-Enabled
Meta-Geo-Continent
X-Developer
MI-Cache
X-Region-Sid
MD5-Digest
X-BBXSRF
X-Planisys-CDN-Rules
X-B-Cookie
X-Planisys-CDN-TTL
MI-Cache-Age
X-Destination
X-Rewrite-Enabled
X-Rojux
X-S-Cookie
X-ScT
X-D
X-A-Dam
X-ARC
X-Application
X-Response-By
X-BB-ID
X-Planisys-CDN-Cache
X-MI-In-Market
Fly-Cache
Fly-Request-Id
Cache-Prefix
X-Matched-Rule
Cneonction
Country-Code
X-Hl-Ver
Fastly-Soc-X-Request-Id
X-NU-AKA-ACS-Version
X-Org
X-Fetched-On
X-Died
Host-ID
X-PAYTM-SRV-ID
X-From
X-G
BehaviorPad-Version
X-Generated-In
GMS-Ver
X-Server-By
X-Date
X-We-Are-Hiring
X-Thinkindot-L3
SN
X-Trv-Group
X-A-Dcw
X-SVT-ORM-VERSION
Server-Host
X-VG-WebServer
X-SVT-ORM-RULES
V-Age
X-TT-LOGID
Thinkindot-CacheControl-Type
X-Via-CDN
Thinkindot-Control
Thinkindot-CacheControl
X-A-Dgt
X-UE-Client-Country
T-Server
X-Via-Edge
X-A-Wwc
X-SRCache-Key
X-A
Viewtype
Xc-Version
Rendered-Blocks
X-A-Ccd
X-Server-Time
X-Accel-Expires-Debug
X-Wix-Route-ID
Www
X-CF-Lambda-Fn
Resin-Trace
Warning
VivaBuild
X-CF-Lambda-Version
X-V
X-HS-Combine-CSS
X-C
ProcessTime
X-IN-APIGATEWAY
X-Gen-Mode
X-IN-SSL-APIGATEWAY
X-Hnp-Log
Web-Mar-Node
X-GeoIP-Country-Code
X-Hash
X-GeoIP-City
X-Backend-State
Request-EU
X-Clientip
Origin-Edge-Control
Origin-Cache-Control
X-CS
Request-Country
X-Cache-Bucket
X-IN-WAF
X-Crawler
Release
X-Block-Status
NGX
IsBot
Httpd-Identifier
X-Edge-IP
X-Env
Proxy-Connection
X-Backend-Host
Server-ID
Kp-EeAlive
Server-Int
Uber-Trace-Id
Apple-News-Services-Parsed-Url
X-Nf-Srv-Version
Decoy-Debug-TTL
X-Req
X-Release
X-P-T
X-RCS-CacheZone
X-ServiceProvider
X-Sf
X-Dispatcher-Server
X-S-Maxage
X-Worker
X-WebServer
X-SIPLIST1
XServer
Ajk
X-Server-IP
X-Origin-Date
Apple-News-Services-Request-Url
X-Backend-Url
Apple-News-Services-Host
X-Node-Id
X-Logtrace-Id
Decoy-Debug-Status
Decoy-Debug-Key
X-Info
Apple-News-Services-Handled
X-No-Session
X-Origin-Expires
X-CCM-LastModified
X-ElasticPress-Search
X-F5-Cache
X-VServer
X-Cache-Expires
X-Wikidot-Static-Cache
X-Cache-Control-Set-By
X-Fastly-Cache
X-Cache-Srv
X-Wikidot-Backend
X-Cache-URL
X-UnsetCookies
X-Cdn-Origin
X-Up
X-Varnish-HitMiss
Adler-Geo
X-Ver
X-VG-TLSProxy
Cdn-Request-Time
X-Cache-Host
X-Cache-CFC
X-Edge-Server
X-Origin-TTL
X-DPWN-IS-SECURE
X-Forwarded-Host
X-Cache-ASPX
X-Amz-Meta-Cache-Control
Is-Eu
X-Trace-Id
MI-API
Odigeo-Trace-Id
Pragrma
Platform
Cdn-Host
X-HCF
X-Debug-Cookies
X-Debug-Log
X-Request-URI
X-Returned-From
X-Returned-From-BeforeDispatch
X-Returned-From-PostProcessResponse
X-Returned-From-DLL
X-Passed-To-BeforeDispatch
X-Passed-To-DLL
X-Passed-To-PostProcessResponse
X-Platform
X-Device-Os
X-Developers
X-Rebelmouse-Cache-Control
X-Reboot
X-Rebelmouse-Surrogate-Control
X-Passed-To
X-Server-Group
X-Sn-Servicetimems
X-Fstrz
X-CGP
X-Sorting-Hat-PodId
X-Cdn-Srv
X-Phone
X-Sorting-Hat-ShopId
X-Shopify-Stage
X-Content-Age
X-Epic-Correlation-Id
X-Core-Mission
X-NX-Host
X-Eu-Site
X-ShopId
X-ShardId
X-Swa-Ws
X-Core-Value
HA-Servedtime
HA-Urlpath
HA-Ipaddr
HA-Host
Ha-Gx-Prefs
Time
Heartbleed
On-Server
Fastly-SWR
Ohc-Response-Time
X-App-Version
HTTPS
HA-Georegion
HA-Geolon
CDCHOST
Cache-Tags
Content-Disposition
Fastly-Backend-Name
Fastly-SIE
Backend-Name
HA-Cloudapp
HA-Geolat
HA-Geocountry
AKAMAI
HA-Geocity
PFcat
Origin
X-Alternate-Cache-Key
True-Client-Country-4JS
Who
RNT-Machine
RNT-Time
Request-Time
X-Backend-TTL
Powered-By
X-Actual-URL
X-Ms-Blob-Type
X-Ms-Version
X-Ms-Request-Id
X-Ms-Lease-Status
X-GoCache-CacheStatus
X-FireWall-Port
X-Location
X-Cache-Time
X-Nginx-Cache
Esi-Enabled
X-Stale
X-Skip-Cache
X-Ckpd-Fst-Backend
X-User
X-Refresh
X-Var-Ttl
RequestId
Dnion-Transfer-Encoding
X-Varnish-Beresp-Ttl
NtCoent-Length
X-Croise-Owner
Mime-Version
X-Redis-Cache
X-Micro-Cache
X-From-Cache
Cdn
X-Pjax-Url
X-Servername
X-B3-TraceId
X-WR-MODIFICATION
X-Cdn-Forward
UCS
X-Pf-Uncompressing
X-Via-SSL
X-MSEdge-Features
X-MSEdge-Flight
GW-Server
X-Cache-FS-Status
X-TIME
X-GRACE
X-CSRF-Token
WP-Super-Cache
Dynatrace
X-COUNTRY
X-Request-Time
X-Csrf-Token
CF-IPCountry
Is-Session-Tracking
Get-Access-Time
X-Varnish-Url
WWW-Authenticate
X-Powered-By-ANYU
X-Cache-Handler
X-Atg-Version
X-Key
X-Varnish-Id
PICS-Label
Rt-Proxy-Cache
X-Owner
X-NC
X-NWS-UUID-VERIFY
Frame-Options
X-Varnish-Beresp-TTL
X-Kong-Upstream-Latency
X-GDPR
X-CUA
X-Aicache-OS
X-Kong-Proxy-Latency
NodeID
X-Ua
PageType
X-Bip
Memcached
X-Thanos
X-Page-Type
X-Hail-Hydra
X-Response-Served-From
Geoip-Latitude
GeoIp-Country-Code
Mail-Subject
Geoip-City
We-Hiring
Memory
MIME-Version
X-Cache-Id
X-Be
X-External-Request-Id
X-Cache-TTL
FastCGI-Cache
X-Cluster-Node
X-Via-NSCOPI
Section-Io-Cache
X-LiteSpeed-Cache-Control
X-Dynatrace
X-DataStream-Origin-MEX-Latency
X-ServedByHost
Version
CACHE
X-Auto-Login
X-DC
X-Servedbyhost
X-DataStream-MidMile-RTT
Sta2Tusw
X-Nananana
X-UPSTREAM-Address
If-Modified-Since
X-Varnish-Action
Magicmarker
X-TId
X-StackifyID
X-CACHE-KEY
X-Tid
X-Frame-Option
X-Fastly-Backend-Reqs
X-Load-Cache
GeoIP-Latitude
Processtime
GeoIP-City
Node
GeoIP-Country-Code
X-BE
X-Request-UUID
Pagetype
X-EC-Security-Audit
COMMERCE-SERVER-SOFTWARE
X-Ig-Deployment-Stage
X-GEO
X-Variation
X-Sentry-ID
CDN
X-Varnish-Ttl
X-ADI-VCache
X-Bug-Bounty
X-Ibm-Trace
X-Wa
RATING
X-Irp-Debug
X-Server-W
X-Proxy-Server
URI
X-Gdpr
X-PAGE-TYPE
Pramga
X-Pc-Appver
X-Pc-Hit
Pics-Label
X-Pc-Key
X-Shard
X-Shield-Cache-Expires
X-Pc-Date
X-Pc-Host
V-Cache
Group
X-Haproxy-Hostname
Sid
X-Varnish-URL
X-Haproxy-Ip
X-FORWARDED-FOR
Arc-Country
X-Public
X-Datadome
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
X-Endurance-Cache-Level
Cache-Provider
Cf-Ipcountry
X-SRV
X-HTML-Minification-Powered-By
Cache-Cookie-Set-Lfrom
X-Cache-Debug
X-ND-Cache
X-Surge-Debug
Srv
X-Layer
X-Fastly-Cache-Hits
X-Ratelimit-Remaining
X-FW-Version
Hostname
OT-Force-Account-Verify
Fastcgi-Useragent
X-RateLimit-Remaining-Second
X-ID
X-Nginx-Cache-Key
X-PF-Uncompressing
GEO-REGION-INFO
X-PJAX-URL
X-Gen-Id
X-RateLimit-Limit-Second
REQUESTUUID
X-Sorting-Hat-ShopId-Cached
X-Sorting-Hat-Section
X-Sorting-Hat-PodId-Cached
X-Sorting-Hat-FeatureSet
Accept-Ch
X-Sorting-Hat-PrivacyLevel
DataCenter
X-GZIP
X-Ratelimit-Limit
X-CacheKey
X-Dw-Trace-Id
X-B3-SpanId
Fastcgi-X-Cache
Fastcgi-X-Cache-Version
X-Litespeed-Cache-Control
Powered
X-APP
X-Feature
X-RequestId
X-Vcache
X-Cache-Var
X-Cache-Var-Map
N-Cache
X-Ms-Lease-State
X-NGINX-Cache
Serverid
X-CDN-Pop
X-SB
X-Front
X-VC
X-Distil-Cs
X-Policy
X-CDN-Pop-IP
X-Varnish-Info
X-RAMCache
Xet-Cookie
X-Gannett-Site-Version
X-Grace-Duration
X-Secret
X-Requestid
X-Served-From
X-Unique-Id
X-Cookie
X-HS-Status
X-Amzn-Remapped-Connection
X-Amzn-Remapped-Date
X-VG-WebCache
X-ServerName
X-Varnish-ID
Requestid
X-Fe
X-Akamai-ERRuleID
X-Akamai-ERPolicy
X-Request-Start