Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Pragma
Accept-Ranges
Last-Modified
Strict-Transport-Security
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
X-XSS-Protection
Expect-CT
Via
X-Cache
Age
Access-Control-Allow-Origin
Content-Security-Policy
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Served-By
X-Varnish
X-Amz-Cf-Id
Referrer-Policy
X-Request-Id
X-Timer
X-AspNet-Version
CF-Cache-Status
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Runtime
Access-Control-Allow-Credentials
X-Download-Options
X-Drupal-Cache
X-Cacheable
Alt-Svc
X-Generator
Content-Security-Policy-Report-Only
X-Xss-Protection
X-AspNetMvc-Version
Status
X-Check
Timing-Allow-Origin
X-Cache-Status
X-Adblock-Key
X-Iinfo
X-DNS-Prefetch-Control
X-Permitted-Cross-Domain-Policies
X-Content-Security-Policy
X-Request-ID
X-Template
X-CDN
Content-Encoding
X-Language
X-Turbo-Charged-By
Keep-Alive
X-Buckets
X-Type
X-Via
EagleId
Xkey
X-AH-Environment
X-Backend
WPE-Backend
X-Age
X-Pass-Why
Access-Control-Max-Age
X-Server
X-Swift-CacheTime
X-Swift-SaveTime
X-Cache-Group
Ali-Swift-Global-Savetime
X-Varnish-Cache
X-Pingback
Upgrade
X-Nginx-Cache-Status
X-Server-Powered-By
X-Drupal-Dynamic-Cache
Grace
Access-Control-Expose-Headers
X-Hacker
X-UA-Device
P3p
Cf-Railgun
X-Amz-Request-Id
X-Amz-Id-2
X-Robots-Tag
X-LiteSpeed-Cache
X-Ua-Compatible
X-Proxy-Cache
X-Envoy-Upstream-Service-Time
X-Page-Speed
Request-Context
X-CST
X-Node
X-Device
X-Cache-Lookup
X-Ac
Content-Location
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Cnection
X-Host
X-Amz-Version-Id
Surrogate-Control
X-WebKit-CSP
X-Backend-Server
X-Rack-Cache
X-Response-Time
X-Rq
X-Px
X-Readtime
Allow
X-Application-Context
X-Server-Id
Pinterest-Generated-By
X-Instart-Request-ID
X-Clacks-Overhead
EagleEye-TraceId
X-Url
Request-Id
X-OneAgent-JS-Injection
Server-Timing
X-Country
X-HeyJason
X-Do-Not-Hack
Permitted-Cross-Domain-Policies
X-Cloud-Trace-Context
Report-To
Rating
X-Dns-Prefetch-Control
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-TTL
X-Country-Code
Edge-Control
Charset
X-Server-ID
X-ESI
X-Varnish-TTL
X-Powered-CMS
X-Vname
X-PC
X-TtlSet
X-Server-Name
X-FTR-Request-ID
X-CF-Powered-By
X-MS-InvokeApp
X-Cached
X-DynaTrace-JS-Agent
Feature-Policy
X-Goog-Hash
NEL
X-DataDome
X-Vhost
X-Recruiting
Public-Key-Pins
X-Origin-Cache
X-Exp-Variant
X-Cdn-Fetch
X-Geo-Segment
X-VARITI-CCR
X-Exp-Id
X-Kinja-Server
X-GoogleNews-Bot
X-Kinja-Revision
X-Kinja-Build
X-Kinja
X-F-Cache
X-Powered-By-Plesk
X-DynaTrace
X-Mod-Pagespeed
X-T
X-Version
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-D2id
X-Pinterest-Rid
X-Upstream-Env
Pinterest-Version
Verso
X-Client-IP
X-Abt-Application-Version
X-SRCache-Store-Status
X-SRCache-Fetch-Status
Arc-Version
X-Mobile-Rewrite
PB-RID
X-Dispatcher
PB-PID
Content-MD5
SPRequestGuid
X-SharePointHealthScore
RTSS
X-N
X-Amz-Rid
X-Forwarded-Proto
X-Cdn
AR-ATIME
AR-PoweredBy
X-GitHub-Request-Id
X-Hits
AR-CACHE
X-Navigation-Version
X-Dw-Request-Base-Id
Nginx-Cache
X-B
Realpath
Paypal-Debug-Id
X-Ruxit-JS-Agent
X-Pad
X-Upstream
X-Grace
X-Content-Digest
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Content-Options
X-Shield-Request-Id
X-Id
X-Varnish-Age
SPIisLatency
SPRequestDuration
Arr-Disable-Session-Affinity
X-Kinsta-Cache
X-Ttl
MS-Author-Via
X-Cache-Hit
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Generation
X-Goog-Stored-Content-Length
X-NWS-LOG-UUID
TCN
Access-Control-Request-Method
X-Acc-Meta-Resource-Type
X-Oneagent-Js-Injection
X-Logged-In
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
MRF-Tech
Mrf-Cache-Status
S
DynaTrace
X-Trace
X-Vcap-Request-Id
X-Origin-Upstream-Status
X-XRDS-Location
X-HW
X-Zen-Fury
X-MSEdge-Ref
X-DIS-Request-ID
Cleartype
X-VCache
Front-End-Https
X-Frontend
Eomportal-Instance
X-HS-Content-Id
X-Via-JSL
X-HS-Hub-Id
Surrogate-Key
X-Cache-Rule
X-FTR-Backend
X-Country-Code-Real
X-FTR-DC
X-FTR-Expires
X-FTR-Cache-Status
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-Realm
X-PressLabs-Stats
X-Fastly-Request-ID
X-NF-Request-ID
X-User-Agent
Service-Worker-Allowed
Cache-Status
X-Forwarded-For
X-Fastcgi-Cache
X-Request-Processing-Time
X-Request-Received
Tracecode
X-IPLB-Instance
Server-Name
X-Hostname
Alternate-Protocol
Fastcgi-Cache
X-Varnish-Backend
X-Analytics
Backend-Timing
Host
X-SS-Set-Cookie
Display
X-Sol
FilterID
Rt-Fastcgi-Cache
X-Middleton-Display
Viewport
X-AOL-HN
TP-Cache
X-FastCGI-Cache
X-Wix-Server-Artifact-Id
X-Cache-2
Public-Key-Pins-Report-Only
X-Whom
TP-L2-Cache
X-Ser
X-FTR-Cache-Host
X-Proxied
X-Rid
X-Revision
X-AppVersion
Response
X-Activity-Id
X-Middleton-Response
AR-SID
X-Az
X-Srv
X-Content-Powered-By
ServerID
MicrosoftSharePointTeamServices
X-Contextid
X-Debug
X-Debug-Info
X-Cache-Control
X-Magnolia-Registration
AMP-Access-Control-Allow-Source-Origin
X-Cached-By
Refresh
X-Cache-Server
X-Mobile
X-Akam-SW-Version
Powered-By-ChinaCache
X-Daa-Tunnel
X-Oracle-Dms-Rid
X-Oracle-Dms-Ecid
X-Instance
X-XRDS-LOCATION
X-Cache-Key
X-B3-Traceid
HitInfo
Server-Info
HitType
X-WPE-Loopback-Upstream-Addr
X-Page-Id
Accept-Charset
X-FB-Debug
X-Cache-Age
X-Generated-By
X-Framework
X-App-Server
X-Newrelic-App-Data
X-Varnish-Hostname
X-LB-Cache
X-Geo-Country
X-Signature
X-Request-Guid
X-TT
Cache-Tag
X-BCube-Filmed-By
Retry-After
X-Content-Security-Policy-Report-Only
X-App-Environment
X-PHP-Backend
X-B-Cache
X-Webkit-Csp
X-Tumblr-User
X-Cache-Operation
Host-Header
X-Handled-By
Source
Server-Node
X-Tumblr-Pixel-0
X-Origin-Server
X-Tumblr-Pixel
X-Varnish-Grace
X-Device-Type
X-Hyper-Cache
X-RateLimit-Remaining
X-URL
Upgrade-Insecure-Requests
X-Webkit-CSP
X-Accel-Expires
DC
X-Ruxit-Js-Agent
X-Platform-Server
X-GUploader-UploadID
X-Amzn-Trace-Id
X-WA-Info
X-ATG-Version
X-APP-VERSION
X-Drupal-Cache-Tags
X-Akamai-Edgescape
X-TT-TIMESTAMP
X-Correlation-ID
X-NewRelic-App-Data
X-CACHE-GROUP
X-Varnish-Server
X-HOST
X-Cache-Action
Liferay-Portal
Ar-Sid
Webserver
X-Cluster
NGB
X-Port
X-Edge-Location
Fastly-Restarts
X-S
X-Cacheable-TTL
X-Jobs
X-Source
X-Locale
X-B3-Sampled
X-Node-Name
X-Accel-Buffering
X-Amz-Meta-S3cmd-Attrs
X-GeoIP
MS-CV
X-WebKit-CSP-Report-Only
X-Wix-Request-Id
X-Wix-Petri-Ex
ServedBy
Actual-Object-TTL
X-Seen-By
X-Tumblr-Pixel-2
X-FW-Serve
X-FW-Static
X-FW-Server
X-FW-Hash
AsisCache
X-Varnish-Hits
X-FW-Type
X-RequestSource
X-Tumblr-Pixel-1
Filters
Served-By
X-RTag
S-Cnection
X-PC-AppVer
X-Distil-CS
X-PC-Hit
X-PC-Key
X-Cache-TTL-Remaining
GEO-INFO
X-Region
X-Amz-Replication-Status
X-Cache-Config
Pagespeed
HostName
X-PC-Date
X-PC-Host
X-Vg-Webcache
Datacenter
Cache
X-UA
Ohc-File-Size
Country
Content-Style-Type
Content-Script-Type
X-Edge-Cache
X-Cache-Remote
X-Edge-Cache-Key
X-Ocache
X-Drupal-Cache-Contexts
X-UA-Device-Type
X-TA-CDN-Provider
AR-Request-ID
X-Sucuri-ID
X-Guploader-Uploadid
X-UUID
X-Adobe-Content
X-Adobe-Loc
X-Internal-Host
X-Dynatrace-Js-Agent
X-Microcachable
X-RateLimit-Limit
X-Correlation-Id
X-GZip
X-Real-IP
X-DataStream-Cache-Status
X-Unique-ID
X-Status
X-Varnish-IP
X-Esi
X-Akamai-Transformed
X-Cache-Ttl
X-Amz-Server-Side-Encryption
X-Proxy
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Generated
X-JoinUs
Machine
Load-Balancing
Access-Control-Allow-Method
X-Akamai-Request-ID
X-Path-Route
Meta-Geo
X-IP
X-Is-Bot
X-Rendered-As
X-RN-RSRV
X-Detected-As
X-Agile
X-Agile-Age
X-Agile-Id
X-App-Name
X-BYPASS-REASON
Healthy
Selected-FE
Mn-Server-Ip
User-Cache-Control
X-Cache-Category-Id
X-OVcl
X-Mode
X-ServedBy
X-Backend-Name
Xserver
LB
X-TX-ID
X-OVcl-Cache
IBM-Web2-Location
X-Origin
X-Web-Node
X-ProxyCache-Key
X-Proxy-Build
X-TNCMS
User-Agent
X-ProxyCache-Status
X-CLOUD-TRACE-CONTEXT
X-Timing-Wait
X-ServerID
X-Grey
X-Loop
X-Hosted-By
Payment
X-Time-Microsecs
X-Tb
X-FC-Vary-Parameters
X-NodeID
S-Rt
X-Varnish-Cache-Hits
X-Upgrade-Enabled
X-Debug-Cache
X-Instance-Name
Backend
X-Varnish-Cacheable
X-BB-IP
X-Human
Cache-Name
Accept-CH
Cartoon
X-Ezoic-Cdn
Azure-SlotName
Cache-Key
Azure-SiteName
Azure-InstanceId
X-RemovedCookies
X-ProcessESI
Azure-RegionName
X-Original-Request
X-ApacheServer
SRV
ServerName
X-CDN-Cache
X-Distributor
X-Site-Version
X-NCache
X-EIG-Tracking-Id
X-PERF
Azure-Version
Now
L5d-Success-Class
X-Content-Type
X-PCL
X-Vgn-Hpd-Reason
X-Viewer-Country
DB-Nickname
X-OCL
X-Routing-Service
TWC-Connection-Speed
X-Access
X-Xfnlog-Site
Property-Id
TWC-Device-Class
TWC-GeoIP-Country
Webcakes-Region
Webcakes-App-Name
TWC-Privacy
TWC-Locale-Group
TWC-GeoIP-LatLong
X-Time
X-SplitTest
X-CCM
X-Origin-Hint
Dont-Set-Cookie
X-Www-Served-By
Webcakes-App-Version
X-Zipkin-Id
X-VWS-Id
X-LJ-Flow-ID
X-AWS-Id
X-Via-Fastly
X-TWH-CORRELATION-ID
X-Section
X-Amz-Meta-Surrogate-Control
X-Format
X-Pubstack
X-Origin-CC
X-CDN-Forward
X-NGENIX-Cache
X-Rocket-Nginx-Bypass
X-MP-GENERATED-AT
X-Storage
Access-Control-Request-Headers
Edge-Cache-Tag
X-HS-Cache-Config
X-Webstats-RespID
Countrycode
X-Amz-Apigw-Id
X-Cache-HT
X-Servedby
X-Generation-Time
X-Proto
X-Optimization
X-Amzn-RequestId
X-Labrador-Cache-Channel
X-Environment-Context
X-Sucuri-Cache
X-L-Path
X-Cache-Backend
Apicache-Version
WZWS-RAY
Apicache-Store
X-Newrelic-Synthetics
X-B3-Spanid
Cache-Hits
X-Nc
X-Twitter-Response-Tags
X-Transaction
X-Cache-NE
X-Connection-Hash
X-Oss-Request-Id
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Oss-Server-Time
X-Oss-Storage-Class
X-Geo
X-Meta-Tbi-Cache-Vertical
X-Birta-Served
X-Birta-Cache-Post
PageSpeed
X-Ah-Environment
X-Tumblr-Pixel-3
X-SERVER-NAME
X-M-Reqid
Fastly-SSL
X-M-Log
Cteonnt-Length
X-Qnm-Cache
From-Origin
X-Hit
X-Dc
Ms-Operation-Id
NnCoection
X-EdgeConnect-Cache-Status
Ec-Rule-Version
X-Real-Ip
Ws
NODE
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-Upstream-HT
X-Upstream-CT
X-Rule
X-Alicdn-Da-Ups-Status
X-Release
X-V
X-Cache-Enabled
Resin-Trace
X-Wix-Route-ID
X-We-Are-Hiring
X-Via-CDN
BehaviorPad-Version
Thinkindot-Control
Thinkindot-CacheControl
T-Server
SN
X-Via-Edge
Server-Host
MI-Cache-Age
Fly-Cache
MD5-Digest
Host-ID
Fly-Request-Id
V-Age
GMS-Ver
Meta-Geo-Continent
Fastly-Soc-X-Request-Id
Cache-Prefix
Rendered-Blocks
MI-Cache
Cneonction
Country-Code
Xc-Version
X-A-Dcw
X-Rojux
X-Dispatcher-Server
X-Fetched-On
X-From
X-G
X-Died
X-Developer
X-D
X-CF-Lambda-Version
X-Date
X-Destination
X-S-Cookie
X-Generated-In
X-Hash
X-Planisys-CDN-Cache
X-PAYTM-SRV-ID
X-Planisys-CDN-Rules
X-Response-By
X-Planisys-CDN-TTL
X-Rewrite-Enabled
X-Org
X-Hl-Ver
X-Matched-Rule
X-MI-In-Market
X-NU-AKA-ACS-Version
X-CF-Lambda-Fn
X-BB-ID
X-A-Dam
X-TT-LOGID
X-Trv-Group
X-Thinkindot-L3
X-SVT-ORM-VERSION
X-A-Ccd
X-A
X-VG-WebServer
VivaBuild
X-UE-Client-Country
Warning
Www
X-SVT-ORM-RULES
X-SRCache-Key
X-ARC
X-Application
X-ScT
X-B-Cookie
X-S-Maxage
X-Accel-Expires-Debug
X-Server-By
X-Server-Time
X-Region-Sid
X-A-Dgt
X-A-Wwc
Viewtype
Thinkindot-CacheControl-Type
X-App-Version
ProcessTime
X-SERVER
X-HS-Combine-CSS
X-Origin-TTL
PFcat
Platform
X-Node-Id
X-Logtrace-Id
Release
Proxy-Connection
X-P-T
Pragrma
Origin-Cache-Control
Is-Eu
X-Server-IP
X-ServiceProvider
X-SIPLIST1
IsBot
MI-API
X-IN-WAF
Odigeo-Trace-Id
NGX
Origin-Edge-Control
X-IN-APIGATEWAY
X-Cache-Host
X-Amz-Meta-Cache-Control
X-Cache-URL
X-Clientip
X-Backend-Host
X-Backend-State
X-Cache-Bucket
X-Backend-Url
X-Cache-CFC
X-Core-Mission
X-Crawler
X-GeoIP-Country-Code
Server-Int
X-Ver
X-GeoIP-City
Uber-Trace-Id
X-CS
X-Edge-IP
X-Edge-Server
X-IN-SSL-APIGATEWAY
X-Req
X-Info
X-Hnp-Log
X-Origin-Date
X-Origin-Expires
X-RCS-CacheZone
X-Gen-Mode
Cdn-Host
X-Alternate-Cache-Key
Web-Mar-Node
X-Block-Status
X-DPWN-IS-SECURE
X-Env
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
X-Sorting-Hat-PodId
X-Shopify-Stage
X-Sorting-Hat-ShopId
X-WebServer
X-Worker
X-ShopId
X-ShardId
Apple-News-Services-Handled
Apple-News-Services-Host
Ajk
Adler-Geo
X-Sf
Server-ID
Cdn-Request-Time
Request-EU
Request-Country
Kp-EeAlive
Httpd-Identifier
X-Varnish-Beresp-Ttl
X-ElasticPress-Search
X-Core-Value
Fastly-Backend-Name
X-Request-URI
X-Returned-From-PostProcessResponse
X-Debug-Log
X-Debug-Cookies
X-CGP
X-Developers
X-Server-Group
X-Cdn-Srv
X-Up
X-UnsetCookies
X-VServer
X-Varnish-HitMiss
X-Cache-ASPX
X-Wikidot-Backend
X-Cache-Control-Set-By
X-Cache-Expires
X-Wikidot-Static-Cache
X-Returned-From-DLL
X-Swa-Ws
X-Cache-Srv
X-Trace-Id
CDCHOST
X-Eu-Site
XServer
X-Content-Age
X-NX-Host
X-Device-Os
X-Rebelmouse-Cache-Control
X-Platform
X-Phone
X-Passed-To
X-Passed-To-BeforeDispatch
RNT-Time
True-Client-Country-4JS
RNT-Machine
X-VG-TLSProxy
X-No-Session
X-Fastly-Cache
X-FireWall-Port
X-F5-Cache
X-Passed-To-DLL
X-Returned-From-BeforeDispatch
X-Returned-From
X-HCF
X-Rebelmouse-Surrogate-Control
X-Fstrz
X-Reboot
X-C
X-Epic-Correlation-Id
X-Passed-To-PostProcessResponse
Decoy-Debug-TTL
Ohc-Response-Time
On-Server
HA-Geocountry
Who
Time
Fastly-SIE
Origin
Backend-Name
Request-Time
HA-Geolon
Content-Disposition
HA-Ipaddr
Cache-Tags
Decoy-Debug-Key
HA-Geocity
Fastly-SWR
Decoy-Debug-Status
HA-Host
HA-Cloudapp
HA-Urlpath
HA-Georegion
X-Backend-TTL
X-Actual-URL
HA-Geolat
X-BBXSRF
Ha-Gx-Prefs
HA-Servedtime
Dnion-Transfer-Encoding
X-Ms-Request-Id
X-Ms-Version
X-Nginx-Cache
X-Croise-Owner
X-Ms-Lease-Status
X-Ms-Blob-Type
X-Stale
Powered-By
X-Micro-Cache
X-Var-Ttl
X-Location
X-Ckpd-Fst-Backend
X-GoCache-CacheStatus
X-Forwarded-Host
X-Skip-Cache
AKAMAI
HTTPS
X-Sn-Servicetimems
X-Cdn-Origin
X-Refresh
Esi-Enabled
Heartbleed
NtCoent-Length
X-B3-TraceId
RequestId
X-Redis-Cache
X-CCM-LastModified
X-Cache-Time
X-Cdn-Forward
X-Servername
X-Pjax-Url
X-MSEdge-Flight
X-From-Cache
X-Via-SSL
X-Cache-FS-Status
X-User
X-MSEdge-Features
Mime-Version
X-WR-MODIFICATION
X-Nf-Srv-Version
Cdn
X-Pf-Uncompressing
X-Atg-Version
WWW-Authenticate
Is-Session-Tracking
X-Csrf-Token
X-Powered-By-ANYU
X-Request-Time
Get-Access-Time
X-TIME
X-CSRF-Token
X-GRACE
Frame-Options
UCS
X-Owner
X-Key
CF-IPCountry
WP-Super-Cache
X-Response-Served-From
X-Varnish-Url
GW-Server
Dynatrace
X-NC
X-Kong-Proxy-Latency
X-Ua
X-Kong-Upstream-Latency
X-Litespeed-Cache
X-Page-Type
X-COUNTRY
NodeID
X-CUA
PICS-Label
X-Cache-Handler
X-External-Request-Id
Mail-Subject
We-Hiring
MIME-Version
X-NWS-UUID-VERIFY
PageType
X-GDPR
Rt-Proxy-Cache
X-Varnish-Id
X-DC
X-LiteSpeed-Cache-Control
Section-Io-Cache
X-Cache-Id
Geoip-Latitude
GeoIp-Country-Code
Geoip-City
X-Cache-TTL
X-Bip
X-Varnish-Beresp-TTL
Memcached
X-Thanos
X-Aicache-OS
X-Varnish-Ttl
FastCGI-Cache
Memory
Version
X-Be
X-Hail-Hydra
X-Dynatrace
X-Via-NSCOPI
Magicmarker
X-Datadome
X-Servedbyhost
X-Varnish-Action
X-Cluster-Node
If-Modified-Since
X-ServedByHost
CACHE
X-Fastly-Backend-Reqs
X-Nananana
X-DataStream-MidMile-RTT
Sta2Tusw
X-DataStream-Origin-MEX-Latency
X-Pc-Hit
X-Request-UUID
X-Auto-Login
X-Pc-Appver
X-TId
X-Pc-Key
X-Load-Cache
X-Pc-Host
Pagetype
X-Pc-Date
X-Frame-Option
X-UPSTREAM-Address
X-GEO
X-CACHE-KEY
GeoIP-Country-Code
GeoIP-City
X-Tid
GeoIP-Latitude
X-Variation
X-StackifyID
CDN
Processtime
X-Server-W
X-Ibm-Trace
X-Irp-Debug
X-Wa
Node
X-BE
COMMERCE-SERVER-SOFTWARE
X-Sentry-ID
Sid
X-Ig-Deployment-Stage
Pics-Label
X-Gdpr
Arc-Country
X-EC-Security-Audit
X-Shard
X-Proxy-Server
RATING
X-PAGE-TYPE
X-HTML-Minification-Powered-By
V-Cache
Group
X-Varnish-URL
X-Layer
X-FORWARDED-FOR
URI
X-Bug-Bounty
Pramga
X-FW-Version
X-ADI-VCache
X-Shield-Cache-Expires
X-Haproxy-Ip
X-Nginx-Cache-Key
Srv
X-SRV
DataCenter
X-Haproxy-Hostname
X-Surge-Debug
X-Public
Cf-Ipcountry
X-Cache-Debug
X-GZIP
Cache-Provider
Cache-Cookie-Set-Lfrom
X-RateLimit-Limit-Second
X-Endurance-Cache-Level
X-RateLimit-Remaining-Second
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
X-Fastly-Cache-Hits
X-Ratelimit-Remaining
X-ND-Cache
Accept-CH-Lifetime
X-NGINX-Cache
X-PF-Uncompressing
X-PJAX-URL
X-Gen-Id
X-ID
X-Ratelimit-Limit
Accept-Ch
X-RequestId
X-Ms-Lease-State
X-Feature
X-Sorting-Hat-FeatureSet
X-Sorting-Hat-PrivacyLevel
X-Sorting-Hat-PodId-Cached
X-B3-SpanId
X-Akamai-ERPolicy
OT-Force-Account-Verify
X-Akamai-Request-ID2
X-Gannett-Site-Version
X-Secret
X-APP
REQUESTUUID
X-CacheKey
X-Dw-Trace-Id
X-Litespeed-Cache-Control
X-Sorting-Hat-Section
X-Akamai-ERRuleID
Fastcgi-Useragent
GEO-REGION-INFO
N-Cache
X-Sorting-Hat-ShopId-Cached
X-Vcache
Xet-Cookie
Serverid
Requestid
X-Distil-Cs
X-SB
X-CDN-Pop-IP
Powered
X-Varnish-Info
X-CDN-Pop
Fastcgi-X-Cache
Fastcgi-X-Cache-Version
X-VC
X-RAMCache
X-Cache-Var
X-Cache-Var-Map
X-SD-PageType
SD-X-WS
Hostname
Https
X-Grace-Duration
X-Cookie
X-Request-Start
X-Amzn-Remapped-Connection
X-Varnish-ID
X-Fe
X-ServerName
X-Amzn-Remapped-Date
X-Front
X-Unique-Id
X-VG-WebCache
X-Policy
X-HS-Status