Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
Last-Modified
Accept-Ranges
Pragma
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
Expect-CT
Via
X-XSS-Protection
X-Cache
Age
Access-Control-Allow-Origin
Content-Security-Policy
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Served-By
X-Amz-Cf-Id
X-Varnish
Referrer-Policy
X-Xss-Protection
X-Timer
CF-Cache-Status
X-FRAME-OPTIONS
Access-Control-Allow-Headers
X-AspNet-Version
Access-Control-Allow-Methods
X-Request-Id
X-Runtime
X-Download-Options
Access-Control-Allow-Credentials
X-Drupal-Cache
X-Request-ID
X-Cacheable
Alt-Svc
X-Generator
Content-Security-Policy-Report-Only
X-Check
X-AspNetMvc-Version
Status
X-Cache-Status
X-Adblock-Key
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Iinfo
X-Permitted-Cross-Domain-Policies
X-Template
Content-Encoding
X-Language
X-Content-Security-Policy
X-Turbo-Charged-By
X-CDN
X-Type
X-Buckets
Keep-Alive
Xkey
X-AH-Environment
X-Cache-Group
X-Backend
WPE-Backend
Access-Control-Max-Age
X-Pass-Why
X-Age
CF-Ray
X-POWERED-BY
X-Server
Upgrade
EagleId
Access-Control-Expose-Headers
X-Via
X-Nginx-Cache-Status
X-Server-Powered-By
X-Drupal-Dynamic-Cache
X-Pingback
X-Varnish-Cache
X-Amz-Id-2
X-Amz-Request-Id
Grace
X-Hacker
X-Swift-CacheTime
X-Swift-SaveTime
X-UA-Device
X-Robots-Tag
Ali-Swift-Global-Savetime
P3p
Cf-Railgun
X-LiteSpeed-Cache
X-Proxy-Cache
X-Envoy-Upstream-Service-Time
X-Ua-Compatible
X-Page-Speed
Request-Context
Content-Location
X-Device
X-Ac
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Cnection
X-Node
X-Amz-Version-Id
X-Host
X-Cache-Lookup
Surrogate-Control
X-Server-Id
X-WebKit-CSP
X-Backend-Server
X-Rq
X-Rack-Cache
X-Response-Time
X-Application-Context
X-Readtime
EagleEye-TraceId
X-CST
Server-Timing
X-Url
Pinterest-Generated-By
X-Cloud-Trace-Context
X-TTL
X-OneAgent-JS-Injection
Request-Id
Report-To
X-Instart-Request-ID
X-Country
X-Px
X-ORACLE-DMS-ECID
X-Clacks-Overhead
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Feature-Policy
Edge-Control
Rating
X-Country-Code
Allow
X-DynaTrace-JS-Agent
X-Dns-Prefetch-Control
X-DataDome
X-ESI
Charset
X-Powered-CMS
X-Vname
X-TtlSet
X-PC
X-Server-Name
X-FTR-Request-ID
X-Origin-Cache
X-DynaTrace
NEL
X-MS-InvokeApp
X-Cached
X-Goog-Hash
X-Recruiting
X-Vhost
X-Varnish-TTL
X-GitHub-Request-Id
X-VARITI-CCR
RTSS
Content-MD5
X-Version
X-F-Cache
X-ORACLE-DMS-RID
X-GoogleNews-Bot
X-Exp-Id
X-Exp-Variant
X-Cdn-Fetch
X-Geo-Segment
X-Kinja-Build
X-Kinja-Server
X-Kinja-Revision
X-Kinja
X-Powered-By-Plesk
Public-Key-Pins
Accept-CH
PB-PID
PB-RID
Arc-Version
X-Mobile-Rewrite
X-D2id
X-Mod-Pagespeed
X-Upstream-Env
Pinterest-Version
X-Pinterest-Rid
Verso
MS-Author-Via
X-Client-IP
SPRequestGuid
X-Abt-Application-Version
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-CF-Powered-By
X-Dispatcher
X-N
X-SharePointHealthScore
X-Amz-Rid
Accept-CH-Lifetime
X-Navigation-Version
Nginx-Cache
X-TEC-API-ORIGIN
AR-ATIME
X-TEC-API-VERSION
AR-PoweredBy
X-TEC-API-ROOT
X-Dw-Request-Base-Id
X-Trace
X-Fastly-Request-ID
DynaTrace
AR-CACHE
X-T
Paypal-Debug-Id
X-Varnish-Age
X-Hits
X-Upstream
Arr-Disable-Session-Affinity
X-Forwarded-Proto
TCN
X-DIS-Request-ID
X-Origin-Upstream-Status
X-Id
X-Amz-Meta-S3cmd-Attrs
X-Ruxit-JS-Agent
X-Pad
SPRequestDuration
X-Grace
SPIisLatency
X-Shield-Request-Id
X-Content-Options
X-Content-Digest
Realpath
X-NF-Request-ID
X-HeyJason
X-Do-Not-Hack
Permitted-Cross-Domain-Policies
X-Server-ID
X-IPLB-Instance
X-Kinsta-Cache
X-Cache-Hit
Access-Control-Request-Method
MRF-Tech
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
X-Acc-Meta-Resource-Type
X-Logged-In
Mrf-Cache-Status
X-FastCGI-Cache
X-B
AR-SID
X-Goog-Metageneration
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-HW
X-Goog-Stored-Content-Length
X-Vcap-Request-Id
X-SS-Set-Cookie
X-Debug
X-XRDS-Location
S
X-Ser
Service-Worker-Allowed
X-MSEdge-Ref
X-NewRelic-App-Data
X-Wix-Server-Artifact-Id
Server-Name
X-PressLabs-Stats
X-Frontend
X-Country-Code-Real
X-FTR-Realm
X-FTR-Backend
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-Cache-Status
X-FTR-DC
Tracecode
X-Oneagent-Js-Injection
AMP-Access-Control-Allow-Source-Origin
X-Cache-Key
X-FTR-Expires
X-Oracle-Dms-Rid
Rt-Fastcgi-Cache
Fastcgi-Cache
Surrogate-Key
X-Forwarded-For
Eomportal-Instance
Fastly-Restarts
Alternate-Protocol
X-Cache-Rule
Cleartype
X-GUploader-UploadID
Cache-Status
Backend-Timing
X-Analytics
X-Srv
Host
TP-Cache
X-HS-Hub-Id
TP-L2-Cache
X-HS-Content-Id
X-Revision
X-Rid
X-Accel-Buffering
X-Whom
Public-Key-Pins-Report-Only
X-TA-CDN-Provider
X-VCache
X-User-Agent
X-RateLimit-Remaining
X-FTR-Cache-Host
FilterID
X-Debug-Info
X-Akam-SW-Version
X-NWS-LOG-UUID
ServerID
X-AOL-HN
X-XRDS-LOCATION
X-Cache-2
X-Varnish-Backend
X-Webkit-CSP
X-Via-JSL
X-Cdn
Front-End-Https
Accept-Charset
X-Content-Powered-By
X-Mobile
X-Kinja-Server-Push
X-Request-Received
X-Request-Processing-Time
X-Zen-Fury
X-WPE-Loopback-Upstream-Addr
X-Cached-By
Viewport
X-Correlation-Id
X-Node-Name
X-App-Environment
X-LB-Cache
X-Magnolia-Registration
X-Cluster
Host-Header
X-Varnish-Hostname
X-Tumblr-User
X-Tumblr-Pixel
X-Content-Security-Policy-Report-Only
X-Tumblr-Pixel-0
X-Page-Id
Liferay-Portal
X-Akamai-Edgescape
X-Cache-Control
X-Framework
X-Request-Guid
X-TT
X-B3-Sampled
X-Device-Type
X-Instance
X-Platform-Server
X-Signature
X-BCube-Filmed-By
X-Handled-By
X-B-Cache
Upgrade-Insecure-Requests
X-FB-Debug
DC
Cache-Tag
X-Cache-Server
X-Hostname
X-B3-Traceid
Server-Node
X-Origin-Server
MicrosoftSharePointTeamServices
X-TT-TIMESTAMP
X-Ttl
X-Fastcgi-Cache
Source
X-Amzn-Trace-Id
X-Sol
X-Middleton-Display
Display
Retry-After
X-Accel-Expires
X-Contextid
X-Servedby
X-WA-Info
X-Varnish-Server
Server-Info
HitType
X-Cache-Action
HitInfo
X-Distil-CS
X-Cache-Operation
X-APP-VERSION
Content-Script-Type
X-Seen-By
X-Wix-Request-Id
Content-Style-Type
Webserver
X-Port
X-GeoIP
X-S
User-Agent
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-WebKit-CSP-Report-Only
X-RequestSource
GEO-INFO
X-Amz-Replication-Status
X-Locale
X-Status
X-Jobs
X-Generated-By
X-Edge-Location
X-Edge-Cache-Key
X-Edge-Cache
X-UUID
X-FW-Hash
AsisCache
X-FW-Type
X-FW-Serve
X-Response-Served-From
Actual-Object-TTL
X-FW-Server
Healthy
X-FW-Static
X-Drupal-Cache-Tags
X-Adobe-Content
X-Varnish-Hits
SRV
X-Adobe-Loc
X-Geo-Country
X-Region
X-TX-ID
X-Hyper-Cache
ServedBy
Refresh
X-Daa-Tunnel
X-ATG-Version
X-DataStream-Cache-Status
X-Iejgwucgyu
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Cache-Age
X-Esi
X-Cache-NE
X-Middleton-Response
X-Cache-TTL-Remaining
Response
X-Varnish-Grace
Filters
IBM-Web2-Location
X-Amz-Server-Side-Encryption
S-Cnection
NGB
Payment
X-Content-Type
X-Newrelic-App-Data
Datacenter
X-AppVersion
X-Activity-Id
X-Az
X-Pc-Hit
X-Pc-Key
X-Pc-Appver
X-Webkit-Csp
X-CDN-Forward
X-Cache-Remote
X-Proxied
X-Vg-Webcache
X-Cache-TTL
X-Cacheable-TTL
X-App-Server
Country
Edge-Cache-Tag
X-HS-Cache-Config
Served-By
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Unique-ID
X-Sucuri-ID
X-Mode
X-UA
X-Varnish-IP
X-Akamai-Transformed
X-RemovedCookies
X-ProcessESI
Machine
Meta-Geo
X-Rendered-As
X-Detected-As
X-RN-RSRV
X-HS-Combine-CSS
X-Is-Bot
X-Cache-Var
X-Cache-Var-Map
Load-Balancing
X-Ruxit-Js-Agent
X-Proxy
X-Rocket-Nginx-Bypass
X-FC-Vary-Parameters
X-Rule
AR-Request-ID
X-Grey
X-Hosted-By
X-Origin-Hint
X-OCL
X-Origin
X-PCL
X-Human
X-ServerID
TWC-Locale-Group
TWC-GeoIP-LatLong
TWC-Privacy
User-Cache-Control
Webcakes-App-Name
TWC-GeoIP-Country
DB-Nickname
Mn-Server-Ip
Property-Id
TWC-Connection-Speed
TWC-Device-Class
Webcakes-App-Version
Cache-Name
Access-Control-Allow-Method
X-Tb
X-Varnish-Cache-Hits
X-ProxyCache-Status
X-ProxyCache-Key
X-Varnish-Cacheable
X-Cache-Category-Id
Webcakes-Region
X-Amz-Meta-Surrogate-Control
X-BB-IP
X-BYPASS-REASON
X-EIG-Tracking-Id
Backend
X-Section
Now
X-Viewer-Country
X-Routing-Service
S-Rt
X-OVcl-Cache
X-Zipkin-Id
ServerName
X-Site-Version
Azure-InstanceId
X-TNCMS
L5d-Success-Class
X-Upgrade-Enabled
Azure-Version
Azure-SlotName
Azure-RegionName
Azure-SiteName
X-Access
X-OVcl
X-Environment-Context
X-Loop
X-Debug-Cache
X-Format
X-Generated
X-JoinUs
X-Hit
X-L-Path
X-CDN-Cache
X-NodeID
Cache
X-LJ-Flow-ID
X-ApacheServer
X-RateLimit-Limit
X-HOST
X-Original-Request
X-Agile
X-TWH-CORRELATION-ID
X-Timing-Wait
X-Agile-Age
X-IP
X-Ocache
Selected-FE
X-AWS-Id
X-Agile-Id
X-Cache-Config
X-PERF
X-Proxy-Build
X-NGENIX-Cache
X-App-Name
X-SplitTest
Access-Control-Request-Headers
X-Www-Served-By
X-VWS-Id
OT-Force-Account-Verify
X-Via-Fastly
Cache-Key
X-URL
X-Drupal-Cache-Contexts
X-CCM
X-Origin-CC
X-Pubstack
X-Backend-Name
HostName
Fastcgi-X-Cache
X-Upstream-HT
Fastcgi-X-Cache-Version
Fastcgi-Useragent
X-Mshield-Cache-Status
X-Source
X-Mrs-Cache
X-Mrs-Age
X-Nginx-Cache
X-Mrs-Cache-Hits
X-Upstream-CT
X-Xfnlog-Site
Powered-By-ChinaCache
X-Real-IP
X-Akamai-Request-ID
X-Pc-Host
X-Pc-Date
X-Storage
X-Correlation-ID
X-Litespeed-Cache
From-Origin
X-Vgn-Hpd-Reason
Pagespeed
X-Forwarded-Host
X-Amzn-RequestId
X-Amz-Apigw-Id
Fastly-SSL
X-Feature
X-NCache
X-Time-Microsecs
X-Internal-Host
X-M-Log
X-Qnm-Cache
X-M-Reqid
LB
NtCoent-Length
X-NC
X-Ms-Lease-Status
X-Ms-Blob-Type
X-Ms-Version
X-Ms-Request-Id
X-Release
X-Distributor
X-Microcachable
X-Birta-Cache-Post
X-Labrador-Cache-Channel
X-Birta-Served
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-UA-Device-Type
X-VG-TLSProxy
X-EdgeConnect-Cache-Status
XServer
X-App-Version
X-Cache-Backend
X-B3-Spanid
Pagetype
Time
X-Transaction
X-Twitter-Response-Tags
X-Connection-Hash
X-PHP-Backend
X-SERVER-NAME
Frame-Options
X-Sucuri-Cache
X-PAYTM-SRV-ID
X-Date
X-D
X-Via-Edge
X-Via-SSL
Www
X-Irp-Debug
Rendered-Blocks
X-G
X-A
X-UE-Client-Country
X-CUA
Ajk
AKAMAI
X-VG-WebServer
X-Cache-Bucket
X-Via-CDN
X-IN-APIGATEWAY
X-Developer
Viewtype
X-No-Session
VivaBuild
Fly-Request-Id
V-Age
X-Powered-By-ANYU
WZWS-RAY
X-Destination
X-Generation-Time
X-Generated-In
X-WebServer
X-A-Ccd
X-Logtrace-Id
Server-Int
T-Server
X-Org
Xc-Version
X-NU-AKA-ACS-Version
Ec-Rule-Version
Cneonction
X-Trv-Group
X-Server-Time
X-Request-UUID
NGX
X-Server-By
Mobile-Detection-Method
X-Region-Sid
X-ARC
X-B-Cookie
X-A-Dam
X-Redis-Cache
X-Dispatcher-Server
X-ScT
X-Rojux
X-Rewrite-Enabled
X-CF-Lambda-Fn
X-IN-WAF
X-S-Cookie
X-From
X-DPWN-IS-SECURE
X-BB-ID
X-C
X-Application
X-CF-Lambda-Version
X-Died
Arc-Country
Cache-Prefix
X-A-Wwc
X-A-Dgt
Fly-Cache
X-A-Dcw
IsBot
MD5-Digest
X-IN-SSL-APIGATEWAY
X-SIPLIST1
X-CS
BehaviorPad-Version
X-Accel-Expires-Debug
Meta-Geo-Continent
X-SRCache-Key
X-NWS-UUID-VERIFY
ViewerVersion
X-FireWall-Port
X-Web-Node
X-Instance-Name
X-GZip
Country-Code
X-Hash
X-Hnp-Log
X-Cache-CFC
X-Hl-Ver
X-Eu-Site
HA-Urlpath
Magicmarker
Pragrma
Release
Host-ID
X-Core-Value
X-External-Request-Id
Origin-Edge-Control
X-Fastly-Cache
NodeID
X-F5-Cache
HA-Servedtime
HA-Ipaddr
HA-Geocity
HA-Cloudapp
GMS-Ver
X-Gen-Mode
HA-Geocountry
HA-Geolat
HA-Host
Ha-Gx-Prefs
HA-Georegion
HA-Geolon
X-GeoIP-City
X-Node-Id
X-Phone
X-VCT
X-Crawler
X-Varnish-Action
X-Cache-Enabled
X-Owner
X-Wikidot-Backend
X-We-Are-Hiring
X-Key
X-Var-Ttl
X-Platform
X-RateLimit-Remaining-Second
X-Amz-Meta-Cache-Control
X-S-Maxage
X-Block-Status
X-CGP
X-RateLimit-Limit-Second
X-UnsetCookies
X-Store
MIME-Version
X-Origin-TTL
X-VServer
X-Layer
SN
Backend-Name
Server-Host
X-Request-Time
X-Wikidot-Static-Cache
X-Debug-Log
Web-Mar-Node
X-NX-Host
X-Cluster-Node
X-Debug-Cookies
Origin-Cache-Control
X-V
X-Webstats-RespID
Platform
Section-Io-Cache
X-Backend-Url
X-Croise-Owner
X-Backend-TTL
X-Backend-State
X-Backend-Host
Proxy-Connection
Request-EU
Request-Country
Uber-Trace-Id
Thinkindot-Control
Thinkindot-CacheControl-Type
X-Epic-Correlation-Id
Thinkindot-CacheControl
X-Developers
Apple-News-Services-Request-Url
X-Core-Mission
X-Cache-Expires
X-Cache-Host
X-Variation
X-Tumblr-Pixel-3
X-Up
X-Clientip
Powered
X-MSEdge-Flight
X-MSEdge-Features
REQUESTUUID
X-Nginx-Cache-Key
X-Policy
X-TT-LOGID
X-Trace-Id
X-Server-IP
X-Request-URI
X-Secret
X-Response-By
X-Cdn-Srv
X-Cache-URL
X-Sf
X-Reboot
X-Swa-Ws
X-Thinkindot-L3
X-Sn-Servicetimems
X-RCS-CacheZone
X-Cache-Srv
Origin
X-MI-In-Market
X-Gannett-Site-Version
Is-Eu
Heartbleed
X-GeoIP-Country-Code
X-HTML-Minification-Powered-By
Esi-Enabled
X-FW-Version
Kp-EeAlive
Odigeo-Trace-Id
X-Fetched-On
MI-Cache-Age
MI-Cache
MI-API
X-Alternate-Cache-Key
Countrycode
X-Sorting-Hat-ShopId
X-Matched-Rule
X-Sorting-Hat-PodId
X-Shopify-Stage
X-ShardId
X-ShopId
Adler-Geo
Apple-News-Services-Handled
X-Cdn-Origin
X-Location
CDCHOST
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
X-Ua
X-Content-Age
X-Passed-To-PostProcessResponse
X-Returned-From-DLL
X-Returned-From-BeforeDispatch
X-Returned-From
X-Returned-From-PostProcessResponse
X-ServiceProvider
X-Worker
X-Stale
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Fstrz
X-ElasticPress-Search
X-Passed-To
X-Passed-To-BeforeDispatch
X-Ckpd-Fst-Backend
X-Passed-To-DLL
X-Device-Os
Server-ID
On-Server
Fastly-SWR
Fastly-SIE
PFcat
Request-Time
RNT-Machine
Resin-Trace
PageSpeed
Fastly-Backend-Name
Cache-Tags
ProcessTime
X-Dc
Content-Disposition
Decoy-Debug-Key
Decoy-Debug-TTL
Decoy-Debug-Status
RNT-Time
HTTPS
True-Client-Country-4JS
X-Alicdn-Da-Ups-Status
Sid
X-Actual-URL
X-Varnish-Beresp-Ttl
Xserver
X-CACHE-AGE
X-Real-Ip
X-Ezoic-Cdn
CACHE
X-Servername
X-Skip-Cache
X-B3-TraceId
X-Csrf-Token
RequestId
Warning
Cache-Cookie-Set-From
Cache-Cookie-Set-Lfrom
X-Endurance-Cache-Level
Ar-Sid
Cache-Cookie-Set-Idcheck
X-TIME
Cteonnt-Length
X-Pf-Uncompressing
X-Req
X-Proto
X-GEO
WP-Super-Cache
X-Oss-Request-Id
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-Newrelic-Synthetics
X-Oss-Server-Time
X-Oss-Storage-Class
X-Planisys-CDN-Cache
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
We-Hiring
X-Surge-Debug
Mail-Subject
CF-IPCountry
X-Refresh
X-Servedbyhost
X-Nc
X-Guploader-Uploadid
X-Pjax-Url
CDN
Dnion-Transfer-Encoding
X-Aed
X-Cache-ASPX
X-Varnish-Ttl
X-GoCache-CacheStatus
Pramga
X-GRACE
X-Varnish-Beresp-TTL
Hostname
X-Atg-Version
X-CLOUD-TRACE-CONTEXT
X-CSRF-Token
X-COUNTRY
TSSecure
X-Time
X-Edge-IP
NODE
X-Ms-Lease-State
X-Server-W
GeoIp-Country-Code
X-Page-Type
Geoip-Latitude
X-Oracle-Dms-Ecid
NnCoection
X-DC
X-Geo
X-Origin-Expires
X-Flog
X-Hello
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
X-ABtesting
X-Origin-Date
X-Cdn-Forward
X-Cache-Control-Set-By
A
X-HCF
X-Aicache-OS
X-Varnish-HitMiss
X-Varnish-Url
Cdn
X-Amz-Cf-Pop
SD-X-WS
MS-CV
Lfy
X-Datadome
X-WA
X-Auto-Login
Mime-Version
WWW-Authenticate
FSS-Proxy
FSS-Cache
X-Server-Group
X-Akamai-Request-ID2
X-Ratelimit-Limit
X-CACHE-KEY
X-Wa
Geoip-City
Node
Processtime
X-Wix-Route-ID
X-Varnish-URL
PICS-Label
X-Sentry-ID
X-UPSTREAM-Address
X-Via-NSCOPI
Rt-Proxy-Cache
PageType
X-Use-Magma
X-From-Cache
X-Check-Cacheable
X-EC-Security-Audit
X-Unique-Id
X-Cache-Id
GeoIP-Country-Code
GeoIP-Latitude
X-PAGE-TYPE
X-APP
X-Nananana
X-NODE
Memcached
X-Cache-Info
X-Thanos
X-Bip
GeoIP-City
X-Served-From
Lb
X-Edge-Server
Cdn-Host
Cdn-Request-Time
X-SRV
X-Gdpr
Ms-Operation-Id
X-Cookie
X-Be
X-RTag
Dont-Set-Cookie
X-Gen-Id
X-MP-GENERATED-AT
X-Proxy-Server
X-GDPR
X-Fastly-Backend-Reqs
COMMERCE-SERVER-SOFTWARE
X-Request-Start
X-WR-MODIFICATION
X-Load-Cache
X-Dynatrace-Js-Agent
DataCenter
X-Cache-HT
Is-Session-Tracking
X-Env
X-Optimization
Memory
X-Fastly-Cache-Hits
Get-Access-Time
X-HS-Status
X-FORWARDED-FOR
Who
UCS
X-PJAX-URL
Pics-Label
X-Swift-Error
GW-Server
X-User
X-Ver
X-Cache-Ttl
X-B3-SpanId
Group
V-Cache
X-RateLimit-Reset
Cf-Ipcountry
X-ServedByHost
X-Cache-FS-Status
X-PF-Uncompressing
X-Meta-Tbi-Cache-Vertical
X-Fe
Ws
URI
Cache-Hits
X-Ibm-Trace
X-Dw-Trace-Id
X-CDN-Pop-IP
X-CDN-Pop
Amp-Access-Control-Allow-Source-Origin
X-ID
X-Shard
NX-Cache
X-Goog-Meta-Goog-Reserved-File-Mtime
X-GZIP
X-SB
X-Bug-Bounty
Xet-Cookie
AGE-Hash
X-VC
Requestid
Httpd-Identifier
Accept-Language
X-NGINX-Cache
Serverid
X-Ratelimit-Remaining
Locale
X-Wix-Petri-Ex
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
N-Cache
X-BBXSRF
X-Cache-Debug
X-Urbn-Context-Path
X-Urbn-Site-Id
X-LI-UUID
X-LI-Proto
X-Li-Fabric
X-Li-Pop
X-Content-Encoded-By
X-CacheKey
CDN-Cache-Hit
CDN-Node
Powered-By
CDN-Cache
X-Varnish-Info
X-Route-Name
Ohc-File-Size
X-ServerName
X-Akamai-ERPolicy
X-Grace-Duration
X-Akamai-ERRuleID
X-Providence-Cookie
X-RequestId
X-StackifyID
Version
X-Cache-Handler
Https
X-Is-Crawler
X-Flags
X-Litespeed-Cache-Control