Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
Last-Modified
Accept-Ranges
Pragma
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
Expect-CT
Via
X-Cache
X-XSS-Protection
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Xss-Protection
X-Served-By
X-Amz-Cf-Id
X-Varnish
Referrer-Policy
X-Timer
CF-Cache-Status
Access-Control-Allow-Headers
X-AspNet-Version
Access-Control-Allow-Methods
X-Request-Id
X-Runtime
X-Download-Options
Access-Control-Allow-Credentials
X-FRAME-OPTIONS
X-Request-ID
X-Drupal-Cache
X-Cacheable
Alt-Svc
X-Generator
Content-Security-Policy-Report-Only
X-Check
X-Adblock-Key
X-AspNetMvc-Version
Status
X-Cache-Status
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Permitted-Cross-Domain-Policies
X-Template
X-Language
X-Iinfo
Content-Encoding
X-Content-Security-Policy
X-Turbo-Charged-By
X-CDN
X-Buckets
X-Type
Keep-Alive
Xkey
X-AH-Environment
X-Cache-Group
P3p
WPE-Backend
X-Pass-Why
X-Backend
Access-Control-Max-Age
X-Age
CF-Ray
Upgrade
X-POWERED-BY
X-Server
Access-Control-Expose-Headers
EagleId
X-Via
X-Nginx-Cache-Status
X-Server-Powered-By
X-Drupal-Dynamic-Cache
X-Pingback
X-Varnish-Cache
X-Amz-Request-Id
X-Amz-Id-2
X-Hacker
Grace
X-UA-Device
X-Swift-SaveTime
X-Swift-CacheTime
X-Robots-Tag
Ali-Swift-Global-Savetime
Cf-Railgun
X-LiteSpeed-Cache
X-Proxy-Cache
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Ua-Compatible
Request-Context
Content-Location
X-Device
X-Ac
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Cnection
X-Amz-Version-Id
X-Host
X-Server-Id
Surrogate-Control
X-Cache-Lookup
X-Node
X-Backend-Server
X-Rq
X-Response-Time
X-Rack-Cache
X-Readtime
X-Application-Context
X-WebKit-CSP
EagleEye-TraceId
X-OneAgent-JS-Injection
Server-Timing
X-Cloud-Trace-Context
X-Url
Pinterest-Generated-By
Report-To
Request-Id
X-CST
X-Instart-Request-ID
X-TTL
X-Country
X-ORACLE-DMS-ECID
X-Px
X-Clacks-Overhead
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Feature-Policy
Edge-Control
X-Country-Code
Rating
X-Dns-Prefetch-Control
X-DataDome
Allow
X-ESI
X-Powered-CMS
X-Vname
X-PC
X-TtlSet
NEL
X-FTR-Request-ID
X-Origin-Cache
X-Server-Name
Charset
X-DynaTrace
X-Cached
X-DynaTrace-JS-Agent
X-MS-InvokeApp
X-Vhost
X-Goog-Hash
X-GitHub-Request-Id
X-Recruiting
X-VARITI-CCR
X-Varnish-TTL
RTSS
X-Version
Content-MD5
X-Powered-By-Plesk
X-Geo-Segment
X-Exp-Variant
X-Exp-Id
X-Cdn-Fetch
X-Kinja
X-GoogleNews-Bot
X-Kinja-Server
X-Kinja-Revision
X-Kinja-Build
X-F-Cache
Accept-CH
X-D2id
Public-Key-Pins
Arc-Version
PB-RID
PB-PID
X-Mobile-Rewrite
X-Mod-Pagespeed
MS-Author-Via
X-Client-IP
Verso
X-Dispatcher
X-Pinterest-Rid
X-Upstream-Env
Pinterest-Version
SPRequestGuid
X-Abt-Application-Version
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Ruxit-JS-Agent
X-SharePointHealthScore
X-N
X-Amz-Rid
Nginx-Cache
X-Navigation-Version
Accept-CH-Lifetime
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Dw-Request-Base-Id
X-Trace
X-Fastly-Request-ID
X-CF-Powered-By
X-Oracle-Dms-Rid
X-Forwarded-Proto
X-ORACLE-DMS-RID
Paypal-Debug-Id
X-DIS-Request-ID
X-Origin-Upstream-Status
SPRequestDuration
SPIisLatency
X-T
X-Hits
X-Grace
X-Varnish-Age
X-Upstream
DynaTrace
Arr-Disable-Session-Affinity
X-Amz-Meta-S3cmd-Attrs
TCN
X-Id
X-Shield-Request-Id
X-Pad
X-Content-Options
AR-PoweredBy
AR-ATIME
AR-CACHE
Realpath
X-Content-Digest
X-NF-Request-ID
X-HW
X-Server-ID
Access-Control-Request-Method
MRF-Tech
X-Mrf-Item-Lastmod
X-Kinsta-Cache
X-Mrf-Section-Lastmod
Mrf-Cache-Status
X-Acc-Meta-Resource-Type
X-IPLB-Instance
X-XRDS-Location
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Debug
X-Vcap-Request-Id
X-B
X-Cache-Hit
X-Logged-In
X-Wix-Server-Artifact-Id
X-SS-Set-Cookie
X-NewRelic-App-Data
Service-Worker-Allowed
Tracecode
X-Ser
X-FastCGI-Cache
S
X-MSEdge-Ref
Server-Name
Fastly-Restarts
X-PressLabs-Stats
X-Frontend
X-FTR-DC
X-FTR-Cache-Status
X-FTR-Balancer
X-FTR-Backend-Server
X-Country-Code-Real
X-FTR-Backend
X-FTR-Realm
X-Accel-Buffering
X-FTR-Expires
Surrogate-Key
Rt-Fastcgi-Cache
X-Cache-Key
X-Forwarded-For
AMP-Access-Control-Allow-Source-Origin
Fastcgi-Cache
Backend-Timing
X-Analytics
X-HS-Content-Id
Alternate-Protocol
X-HS-Hub-Id
X-Iejgwucgyu
Eomportal-Instance
X-Cache-Rule
FilterID
Host
X-Revision
Cleartype
X-Rid
X-Srv
TP-Cache
TP-L2-Cache
Cache-Status
Public-Key-Pins-Report-Only
X-Ttl
X-FTR-Cache-Host
Front-End-Https
X-Debug-Info
X-User-Agent
X-Whom
X-Akam-SW-Version
ServerID
X-Mobile
AR-SID
X-Webkit-Csp
Accept-Charset
X-AOL-HN
X-Webkit-CSP
X-Varnish-Backend
X-Cdn
X-Cache-2
X-RateLimit-Remaining
X-Request-Received
X-Request-Processing-Time
X-Zen-Fury
X-Oneagent-Js-Injection
X-Cached-By
X-Content-Powered-By
X-XRDS-LOCATION
X-Via-JSL
X-Correlation-Id
X-TA-CDN-Provider
X-WPE-Loopback-Upstream-Addr
X-NWS-LOG-UUID
X-App-Environment
X-HeyJason
Permitted-Cross-Domain-Policies
X-GUploader-UploadID
X-Do-Not-Hack
X-LB-Cache
X-Middleton-Display
Display
X-Sol
X-Varnish-Hostname
X-Page-Id
X-Tumblr-Pixel-0
Host-Header
X-Magnolia-Registration
X-Tumblr-Pixel
X-Tumblr-User
X-Cache-Control
Viewport
X-Framework
X-Akamai-Edgescape
X-Cluster
X-TT
X-Node-Name
X-Request-Guid
X-B3-Sampled
X-FB-Debug
X-Content-Security-Policy-Report-Only
Upgrade-Insecure-Requests
X-Instance
X-Handled-By
X-B-Cache
X-Platform-Server
X-Device-Type
X-Signature
X-VCache
DC
X-Fastcgi-Cache
Cache-Tag
Liferay-Portal
X-BCube-Filmed-By
X-Amzn-Trace-Id
X-Cache-Server
MicrosoftSharePointTeamServices
X-Hostname
X-Origin-Server
Server-Node
X-TT-TIMESTAMP
X-Accel-Expires
Retry-After
X-Varnish-Server
Source
X-WA-Info
X-Distil-CS
X-Contextid
X-Servedby
X-Edge-Location
X-Seen-By
X-Wix-Request-Id
X-B3-Traceid
HitType
Server-Info
HitInfo
Content-Style-Type
X-Amz-Replication-Status
X-Cache-Action
Content-Script-Type
X-GeoIP
SRV
X-Tumblr-Pixel-2
Webserver
X-Cache-Operation
X-Tumblr-Pixel-1
X-RequestSource
X-S
X-Status
User-Agent
X-Jobs
X-ATG-Version
X-Generated-By
X-Locale
Actual-Object-TTL
Response
X-WebKit-CSP-Report-Only
GEO-INFO
X-Middleton-Response
X-Region
X-Drupal-Cache-Tags
AsisCache
X-Cache-NE
X-Response-Served-From
X-FW-Type
X-FW-Static
X-FW-Server
X-FW-Hash
X-FW-Serve
X-Adobe-Content
X-UUID
Refresh
X-Adobe-Loc
X-Edge-Cache-Key
ServedBy
X-Edge-Cache
X-Varnish-Hits
X-Yottaa-Optimizations
X-TX-ID
X-Yottaa-Metrics
Healthy
X-Port
X-Esi
Payment
X-Hyper-Cache
X-Geo-Country
X-DataStream-Cache-Status
X-Cache-TTL-Remaining
S-Cnection
X-APP-VERSION
X-Content-Type
X-Cache-Age
X-Newrelic-App-Data
X-HS-Cache-Config
IBM-Web2-Location
Edge-Cache-Tag
Datacenter
HostName
Country
X-Amz-Server-Side-Encryption
X-Varnish-Grace
Filters
X-HS-Combine-CSS
Served-By
Powered-By-ChinaCache
X-Daa-Tunnel
X-Az
X-Activity-Id
X-AppVersion
NGB
X-Pc-Key
X-Pc-Hit
X-Sucuri-ID
X-Pc-Appver
X-Varnish-IP
X-Cache-Remote
X-Cacheable-TTL
X-Cache-TTL
X-App-Server
X-Vg-Webcache
X-Akamai-Transformed
X-Kinja-Server-Push
X-Mshield-Cache-Status
X-Mrs-Cache
X-Mrs-Age
X-Mrs-Cache-Hits
X-UA
X-Mode
X-Cache-Var-Map
X-Is-Bot
Load-Balancing
X-RemovedCookies
X-Kong-Upstream-Latency
X-ProcessESI
X-Kong-Proxy-Latency
X-RN-RSRV
X-Rendered-As
Machine
X-Detected-As
Meta-Geo
X-Rule
X-Cache-Var
X-BYPASS-REASON
X-Proxy
X-ProxyCache-Key
X-ProxyCache-Status
X-Rocket-Nginx-Bypass
Property-Id
X-FC-Vary-Parameters
X-Varnish-Cacheable
X-Cache-Category-Id
X-Amz-Meta-Surrogate-Control
Webcakes-Region
X-Tb
X-ServerID
X-Origin
X-OCL
X-Origin-Hint
X-Grey
X-PCL
Webcakes-App-Version
Webcakes-App-Name
Mn-Server-Ip
OT-Force-Account-Verify
DB-Nickname
Cache-Name
Access-Control-Allow-Method
TWC-Connection-Speed
TWC-Device-Class
TWC-Privacy
TWC-Locale-Group
TWC-GeoIP-LatLong
TWC-GeoIP-Country
X-Varnish-Cache-Hits
Backend
X-CDN-Cache
X-Section
X-Site-Version
X-Routing-Service
X-EIG-Tracking-Id
User-Cache-Control
Azure-SiteName
Azure-RegionName
X-BB-IP
X-Access
X-App-Version
X-Upgrade-Enabled
X-Proxied
Azure-InstanceId
X-Upstream-CT
X-Generated
X-Format
X-OVcl
X-Original-Request
X-OVcl-Cache
X-Zipkin-Id
L5d-Success-Class
X-Hit
Now
X-Human
X-Hosted-By
Azure-SlotName
X-JoinUs
X-Upstream-HT
Azure-Version
X-VWS-Id
X-TWH-CORRELATION-ID
X-Www-Served-By
S-Rt
ServerName
X-App-Name
X-LJ-Flow-ID
X-L-Path
X-IP
X-Loop
X-NGENIX-Cache
X-Proxy-Build
X-PERF
X-NodeID
X-Environment-Context
X-SplitTest
X-Agile
X-HOST
X-Timing-Wait
X-Agile-Age
X-Agile-Id
X-AWS-Id
Fastcgi-X-Cache-Version
X-ApacheServer
X-TNCMS
Selected-FE
X-Debug-Cache
Fastcgi-X-Cache
X-Viewer-Country
Access-Control-Request-Headers
X-Drupal-Cache-Contexts
X-Source
Fastcgi-Useragent
X-Via-Fastly
Cache-Key
From-Origin
X-URL
X-Origin-CC
X-Pubstack
X-Ocache
X-Cache-Config
X-CCM
Pagespeed
X-CDN-Forward
Cache
X-Xfnlog-Site
X-Nginx-Cache
X-Amzn-RequestId
X-Amz-Apigw-Id
LB
X-Backend-Name
X-Unique-ID
X-Feature
X-Forwarded-Host
X-Correlation-ID
X-RateLimit-Limit
ViewerVersion
Ar-Sid
Fastly-SSL
NtCoent-Length
X-Litespeed-Cache
X-Akamai-Request-ID
X-Guploader-Uploadid
X-Pc-Host
X-Pc-Date
X-Storage
X-Ms-Version
X-Ms-Blob-Type
X-Ms-Lease-Status
X-Vgn-Hpd-Reason
X-Ms-Request-Id
X-Qnm-Cache
X-M-Reqid
X-M-Log
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-Birta-Served
X-Birta-Cache-Post
X-Real-Ip
X-Labrador-Cache-Channel
X-Cluster-Node
X-B3-TraceId
X-VG-TLSProxy
Xserver
X-Time-Microsecs
X-NCache
X-Ruxit-Js-Agent
Time
X-Release
X-Internal-Host
X-Distributor
X-Microcachable
X-EdgeConnect-Cache-Status
AR-Request-ID
PageSpeed
CACHE
X-Powered-By-ANYU
X-B3-Spanid
WZWS-RAY
X-Request-Time
X-Cache-Enabled
X-Real-IP
X-Sucuri-Cache
ProcessTime
X-SERVER-NAME
X-Dynatrace-Js-Agent
X-Nc
X-BB-ID
Xc-Version
X-Cache-Bucket
X-CF-Lambda-Fn
X-B-Cookie
X-ARC
X-A-Wwc
X-A-Dgt
X-Accel-Expires-Debug
X-Web-Node
X-Application
X-WebServer
X-CF-Lambda-Version
X-Date
X-Destination
X-Developer
X-UE-Client-Country
X-D
X-CUA
X-Connection-Hash
X-Via-Edge
X-Via-CDN
X-VG-WebServer
Ajk
AKAMAI
NGX
Ec-Rule-Version
Rendered-Blocks
REQUESTUUID
Server-Int
Mobile-Detection-Method
Meta-Geo-Continent
IsBot
Fly-Request-Id
Fly-Cache
MD5-Digest
T-Server
V-Age
X-A
X-A-Ccd
X-A-Dam
X-A-Dcw
Arc-Country
Www
Cache-Prefix
Viewtype
VivaBuild
BehaviorPad-Version
X-Twitter-Response-Tags
X-Via-SSL
X-Region-Sid
X-Died
X-G
X-PAYTM-SRV-ID
X-From
X-Request-UUID
X-S-Cookie
X-Rojux
X-Rewrite-Enabled
X-Org
X-NU-AKA-ACS-Version
X-IN-WAF
X-IN-SSL-APIGATEWAY
X-IN-APIGATEWAY
X-Generation-Time
X-Generated-In
X-No-Session
X-Logtrace-Id
X-Irp-Debug
X-ScT
X-Redis-Cache
X-SIPLIST1
X-Transaction
X-Server-By
X-Store
X-SRCache-Key
X-Dispatcher-Server
X-DPWN-IS-SECURE
X-Trv-Group
X-Server-Time
X-Cache-Backend
X-ShardId
X-ShopId
X-FireWall-Port
X-Alternate-Cache-Key
X-Varnish-Beresp-Ttl
X-Shopify-Stage
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Endurance-Cache-Level
Origin-Edge-Control
Pragrma
HA-Georegion
X-External-Request-Id
X-Key
HA-Geolon
Origin-Cache-Control
X-UnsetCookies
Release
X-Hash
Magicmarker
X-Hnp-Log
HA-Urlpath
HA-Servedtime
HA-Ipaddr
SN
X-GeoIP-City
Ha-Gx-Prefs
HA-Host
X-Hl-Ver
NodeID
X-VCT
X-Fastly-Cache
X-Block-Status
X-VServer
HA-Geolat
X-Amz-Meta-Cache-Control
X-F5-Cache
X-Wikidot-Static-Cache
X-CGP
X-Wikidot-Backend
X-S-Maxage
X-Cache-CFC
X-Eu-Site
X-RateLimit-Remaining-Second
X-CS
X-Origin-TTL
Web-Mar-Node
X-Varnish-Action
X-Gen-Mode
X-Owner
X-Phone
X-RateLimit-Limit-Second
X-Policy
X-Crawler
X-Platform
X-Layer
Server-Host
Country-Code
X-UA-Device-Type
Frame-Options
GMS-Ver
HA-Geocountry
HA-Cloudapp
HA-Geocity
X-Newrelic-Synthetics
X-Amz-Cf-Pop
X-ElasticPress-Search
X-Webstats-RespID
X-Ezoic-Cdn
X-Dc
X-Clientip
X-Core-Value
X-Core-Mission
X-Stale
X-Debug-Cookies
X-TT-LOGID
X-Swa-Ws
X-Thinkindot-L3
X-Croise-Owner
X-Up
X-Backend-TTL
X-Backend-Url
X-Backend-State
X-Backend-Host
Resin-Trace
Kp-EeAlive
X-C
X-Passed-To-PostProcessResponse
X-Cache-Srv
X-Cache-URL
X-Debug-Log
X-Var-Ttl
X-Cache-Expires
X-Tumblr-Pixel-3
Cneonction
X-MI-In-Market
X-MSEdge-Features
X-Matched-Rule
X-Reboot
X-Instance-Name
X-Location
X-MSEdge-Flight
X-Nginx-Cache-Key
X-Passed-To-BeforeDispatch
X-Passed-To-DLL
X-Passed-To
X-NX-Host
X-Node-Id
X-Request-URI
X-Response-By
X-Secret
X-Fetched-On
X-Server-IP
X-Epic-Correlation-Id
X-Device-Os
X-Actual-URL
X-FW-Version
X-Gannett-Site-Version
X-Returned-From-BeforeDispatch
X-Returned-From
X-Returned-From-DLL
X-GeoIP-Country-Code
X-Returned-From-PostProcessResponse
X-Developers
X-We-Are-Hiring
X-RCS-CacheZone
X-Sf
Section-Io-Cache
CDCHOST
Thinkindot-CacheControl
Thinkindot-Control
Thinkindot-CacheControl-Type
Request-EU
Request-Country
MI-Cache-Age
MI-Cache
Heartbleed
Esi-Enabled
Odigeo-Trace-Id
Proxy-Connection
Origin
Cache-Cookie-Set-Lfrom
Countrycode
Cache-Cookie-Set-Idcheck
Apple-News-Services-Parsed-Url
Cache-Cookie-Set-From
Apple-News-Services-Request-Url
Apple-News-Services-Handled
Backend-Name
Apple-News-Services-Host
X-NC
X-Ua
X-GZip
RNT-Time
X-Sn-Servicetimems
Server-ID
MI-API
Adler-Geo
Decoy-Debug-TTL
Decoy-Debug-Key
Platform
Powered
X-ServiceProvider
X-HTML-Minification-Powered-By
X-Surge-Debug
Decoy-Debug-Status
RNT-Machine
X-Worker
X-Cdn-Origin
Uber-Trace-Id
X-Content-Age
X-Cache-Host
X-Ckpd-Fst-Backend
X-NWS-UUID-VERIFY
True-Client-Country-4JS
X-Variation
Is-Eu
X-Trace-Id
X-Fstrz
HTTPS
Cache-Tags
X-Csrf-Token
X-V
X-TIME
X-CACHE-AGE
Pagetype
X-Alicdn-Da-Ups-Status
On-Server
Warning
X-Skip-Cache
Fastly-Backend-Name
X-Cdn-Srv
Content-Disposition
X-GEO
X-Rebelmouse-Surrogate-Control
Fastly-SIE
RequestId
X-Aed
Host-ID
Fastly-SWR
X-Servername
X-Rebelmouse-Cache-Control
X-Edge-IP
X-Req
Pramga
X-Proto
MIME-Version
X-Pf-Uncompressing
Sid
Request-Time
X-Cdn-Forward
PFcat
TSSecure
We-Hiring
XServer
Mail-Subject
X-Refresh
X-Ms-Lease-State
X-Pjax-Url
X-Ratelimit-Limit
Cdn
Cteonnt-Length
X-Hello
X-Flog
X-ABtesting
X-Page-Type
X-PHP-Backend
Mime-Version
X-Varnish-Ttl
WP-Super-Cache
CF-IPCountry
X-Varnish-Url
X-CLOUD-TRACE-CONTEXT
X-Atg-Version
X-COUNTRY
X-Time
X-Auto-Login
X-Servedbyhost
X-Server-W
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Planisys-CDN-Cache
X-Geo
FSS-Cache
FSS-Proxy
X-Oss-Storage-Class
X-Oracle-Dms-Ecid
X-Oss-Server-Time
X-DC
X-Oss-Hash-Crc64ecma
PageType
X-Oss-Request-Id
X-Oss-Object-Type
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
CDN
Lfy
X-Aicache-OS
X-Unique-Id
GeoIp-Country-Code
Geoip-Latitude
Dnion-Transfer-Encoding
X-Cache-ASPX
X-CSRF-Token
X-CACHE-KEY
X-Varnish-Beresp-TTL
Rt-Proxy-Cache
X-Sentry-ID
X-GoCache-CacheStatus
X-Akamai-Request-ID2
A
X-EC-Security-Audit
X-WA
X-GRACE
X-Datadome
X-MP-GENERATED-AT
X-Bip
Memcached
X-Cache-Id
MS-CV
X-Via-NSCOPI
X-Served-From
X-Thanos
NnCoection
X-Ratelimit-Remaining
X-Check-Cacheable
X-Origin-Expires
X-Be
Node
X-Cache-Info
X-Origin-Date
NODE
GeoIP-Latitude
GeoIP-Country-Code
X-Request-Start
X-Wa
X-Cache-Control-Set-By
X-Varnish-HitMiss
X-Proxy-Server
X-HCF
X-Vcache
X-APP
SD-X-WS
Memory
X-Nananana
X-NODE
Amp-Access-Control-Allow-Source-Origin
X-Server-Group
WWW-Authenticate
X-Fastly-Cache-Hits
UCS
GeoIP-City
X-UPSTREAM-Address
GW-Server
X-SRV
Hostname
Geoip-City
X-Cookie
X-User
X-ServedByHost
X-PAGE-TYPE
Cf-Ipcountry
PICS-Label
X-Gen-Id
X-From-Cache
X-Varnish-URL
X-Wix-Route-ID
X-GDPR
Accept-Language
X-WR-MODIFICATION
X-Load-Cache
DataCenter
Cache-Hits
X-Goog-Meta-Goog-Reserved-File-Mtime
X-RTag
X-FORWARDED-FOR
X-Fastly-Backend-Reqs
X-HS-Status
Processtime
X-Cache-Debug
X-BBXSRF
X-Path-Route
X-LI-UUID
X-Li-Pop
X-Gdpr
X-Li-Fabric
X-Swift-Error
X-LI-Proto
Ms-Operation-Id
X-Edge-Server
X-Use-Magma
COMMERCE-SERVER-SOFTWARE
Cdn-Host
Pics-Label
X-PJAX-URL
Cdn-Request-Time
Locale
X-Urbn-Context-Path
X-Cache-Ttl
X-B3-SpanId
X-Urbn-Site-Id
X-PF-Uncompressing
X-VG-WebCache
X-Fe
X-Info
X-CDN-Pop
Fastly-Soc-X-Request-Id
SS
X-Dw-Trace-Id
X-Qloud-Router
X-CDN-Pop-IP
Dont-Set-Cookie
X-ID
Requestid
X-Content-Encoded-By
Get-Access-Time
X-Env
X-P-T
NX-Cache
X-RateLimit-Reset
X-GZIP
X-Cache-HT
X-Bug-Bounty
X-Optimization
V-Cache
X-ServerName
Group
Is-Session-Tracking
X-NGINX-Cache
Serverid
X-SN
Lb
X-CacheKey
CDN-Cache-Hit
URI
CDN-Cache
Xet-Cookie
X-Varnish-Info
CDN-Node
Who
X-Serial
SID
X-CSRF-TOKEN
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Protected-By
Powered-By
X-Litespeed-Cache-Control
X-Akamai-SSL-Client-Sid
AGE-Hash
Https
X-Akamai-ERRuleID
X-Grace-Duration
X-Cache-FS-Status
X-Shard
X-Akamai-ERPolicy
X-Ver
X-Flags
X-Is-Crawler
X-Providence-Cookie
X-Route-Name
X-RequestId