Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
Last-Modified
Accept-Ranges
Pragma
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
Expect-CT
Via
X-XSS-Protection
X-Cache
Age
Access-Control-Allow-Origin
Content-Security-Policy
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Served-By
X-Amz-Cf-Id
X-Varnish
Referrer-Policy
X-Xss-Protection
X-Timer
CF-Cache-Status
X-FRAME-OPTIONS
Access-Control-Allow-Headers
X-AspNet-Version
X-Request-Id
Access-Control-Allow-Methods
X-Runtime
X-Download-Options
Access-Control-Allow-Credentials
X-Drupal-Cache
X-Cacheable
Alt-Svc
X-Request-ID
X-Generator
Content-Security-Policy-Report-Only
X-Check
X-AspNetMvc-Version
Status
X-Adblock-Key
X-Cache-Status
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Permitted-Cross-Domain-Policies
X-Template
X-Iinfo
X-Language
Content-Encoding
X-Content-Security-Policy
X-Turbo-Charged-By
X-CDN
X-Type
X-Buckets
Keep-Alive
Xkey
X-AH-Environment
X-Cache-Group
X-Backend
WPE-Backend
X-Pass-Why
Access-Control-Max-Age
X-Age
Upgrade
CF-Ray
X-Server
X-POWERED-BY
EagleId
Access-Control-Expose-Headers
X-Via
X-Nginx-Cache-Status
X-Server-Powered-By
X-Drupal-Dynamic-Cache
X-Pingback
X-Varnish-Cache
X-Amz-Request-Id
X-Amz-Id-2
X-Hacker
Grace
X-UA-Device
X-Swift-CacheTime
X-Swift-SaveTime
X-Robots-Tag
Ali-Swift-Global-Savetime
P3p
Cf-Railgun
X-Proxy-Cache
X-Envoy-Upstream-Service-Time
X-LiteSpeed-Cache
X-Page-Speed
X-Ua-Compatible
Request-Context
Content-Location
X-Device
X-Ac
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Cnection
X-Amz-Version-Id
X-Node
X-Host
X-Server-Id
X-Cache-Lookup
Surrogate-Control
X-WebKit-CSP
X-Backend-Server
X-Rq
X-Rack-Cache
X-Response-Time
X-Readtime
X-Application-Context
EagleEye-TraceId
Server-Timing
X-CST
X-Url
X-OneAgent-JS-Injection
X-Cloud-Trace-Context
Pinterest-Generated-By
Report-To
Request-Id
X-Instart-Request-ID
X-TTL
X-Country
X-ORACLE-DMS-ECID
X-Px
X-Clacks-Overhead
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Feature-Policy
Edge-Control
Rating
X-Country-Code
Allow
X-ESI
X-DynaTrace-JS-Agent
X-DataDome
X-Powered-CMS
X-TtlSet
X-PC
X-Vname
X-Dns-Prefetch-Control
Charset
X-Server-Name
X-FTR-Request-ID
X-Origin-Cache
X-DynaTrace
NEL
X-MS-InvokeApp
X-Cached
X-Goog-Hash
X-Vhost
X-Recruiting
X-Varnish-TTL
X-GitHub-Request-Id
X-VARITI-CCR
RTSS
X-Version
Content-MD5
X-F-Cache
X-Exp-Id
X-Cdn-Fetch
X-Exp-Variant
X-Kinja-Revision
X-Kinja-Server
X-Geo-Segment
X-Kinja
X-GoogleNews-Bot
X-Kinja-Build
X-Powered-By-Plesk
X-ORACLE-DMS-RID
Public-Key-Pins
Accept-CH
PB-PID
PB-RID
Arc-Version
X-Mobile-Rewrite
X-D2id
X-Mod-Pagespeed
MS-Author-Via
Verso
Pinterest-Version
X-Upstream-Env
X-Client-IP
X-Pinterest-Rid
X-Abt-Application-Version
SPRequestGuid
X-Dispatcher
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-N
X-CF-Powered-By
X-SharePointHealthScore
X-Amz-Rid
Nginx-Cache
Accept-CH-Lifetime
X-Navigation-Version
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Dw-Request-Base-Id
X-Ruxit-JS-Agent
X-Fastly-Request-ID
X-Trace
Paypal-Debug-Id
X-T
DynaTrace
AR-ATIME
AR-PoweredBy
X-Forwarded-Proto
X-Grace
X-Upstream
X-Origin-Upstream-Status
AR-CACHE
X-Varnish-Age
X-Hits
X-DIS-Request-ID
TCN
Arr-Disable-Session-Affinity
X-Amz-Meta-S3cmd-Attrs
SPIisLatency
X-Id
SPRequestDuration
X-Pad
X-Shield-Request-Id
X-Content-Options
X-Content-Digest
Realpath
X-NF-Request-ID
Access-Control-Request-Method
X-Kinsta-Cache
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
X-FastCGI-Cache
MRF-Tech
X-IPLB-Instance
Mrf-Cache-Status
X-Cache-Hit
X-Acc-Meta-Resource-Type
X-HW
X-Logged-In
X-B
X-Goog-Stored-Content-Encoding
X-Server-ID
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Vcap-Request-Id
X-SS-Set-Cookie
X-Debug
X-NewRelic-App-Data
AR-SID
X-Wix-Server-Artifact-Id
S
X-Ser
Service-Worker-Allowed
X-Oracle-Dms-Rid
X-MSEdge-Ref
X-XRDS-Location
X-Do-Not-Hack
X-Cache-Key
Permitted-Cross-Domain-Policies
X-HeyJason
Tracecode
Server-Name
X-PressLabs-Stats
X-FTR-Backend
X-FTR-Cache-Status
X-Country-Code-Real
X-FTR-Backend-Server
X-FTR-DC
X-FTR-Balancer
X-FTR-Realm
X-Frontend
AMP-Access-Control-Allow-Source-Origin
X-FTR-Expires
Fastly-Restarts
Rt-Fastcgi-Cache
X-Forwarded-For
Surrogate-Key
Fastcgi-Cache
Alternate-Protocol
X-Accel-Buffering
Eomportal-Instance
X-Cache-Rule
Backend-Timing
Cache-Status
Cleartype
X-Analytics
X-Srv
Host
X-HS-Content-Id
X-HS-Hub-Id
TP-Cache
TP-L2-Cache
X-Revision
X-Rid
Public-Key-Pins-Report-Only
X-GUploader-UploadID
X-Whom
X-XRDS-LOCATION
X-FTR-Cache-Host
FilterID
X-Debug-Info
X-User-Agent
X-Oneagent-Js-Injection
X-RateLimit-Remaining
X-Akam-SW-Version
X-Ttl
ServerID
X-TA-CDN-Provider
X-AOL-HN
Front-End-Https
X-Varnish-Backend
X-VCache
X-Cache-2
X-Mobile
Accept-Charset
X-Via-JSL
X-NWS-LOG-UUID
X-Webkit-CSP
X-Content-Powered-By
X-Request-Processing-Time
X-Request-Received
X-Zen-Fury
X-Cdn
X-Kinja-Server-Push
X-Correlation-Id
X-Cached-By
X-WPE-Loopback-Upstream-Addr
Viewport
X-App-Environment
X-Node-Name
X-LB-Cache
X-Cluster
X-Varnish-Hostname
X-Tumblr-User
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Magnolia-Registration
X-Page-Id
Host-Header
X-Request-Guid
X-TT
X-Framework
X-Akamai-Edgescape
X-Device-Type
X-Cache-Control
X-Handled-By
X-Platform-Server
Liferay-Portal
X-Signature
X-FB-Debug
X-B-Cache
Upgrade-Insecure-Requests
X-BCube-Filmed-By
X-B3-Sampled
X-Content-Security-Policy-Report-Only
DC
X-Instance
Cache-Tag
X-B3-Traceid
X-Iejgwucgyu
X-Cache-Server
Display
X-Hostname
X-Middleton-Display
X-Sol
X-Origin-Server
X-Amzn-Trace-Id
Server-Node
MicrosoftSharePointTeamServices
X-TT-TIMESTAMP
X-Accel-Expires
Retry-After
Source
X-WA-Info
X-Varnish-Server
X-Fastcgi-Cache
X-Servedby
X-Contextid
HitInfo
HitType
Server-Info
X-Distil-CS
X-APP-VERSION
X-Cache-Action
X-Cache-Operation
X-Seen-By
X-Wix-Request-Id
Content-Style-Type
Content-Script-Type
User-Agent
Webserver
X-GeoIP
X-Amz-Replication-Status
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-S
X-RequestSource
X-Edge-Location
X-WebKit-CSP-Report-Only
X-Jobs
X-Status
X-Locale
GEO-INFO
Actual-Object-TTL
X-FW-Server
X-FW-Static
SRV
X-FW-Type
X-Port
X-FW-Serve
X-Edge-Cache
X-Edge-Cache-Key
X-FW-Hash
X-Region
X-Response-Served-From
AsisCache
X-Litespeed-Cache
X-UUID
X-Varnish-Hits
ServedBy
X-Adobe-Loc
X-Generated-By
X-Adobe-Content
X-Drupal-Cache-Tags
X-TX-ID
X-ATG-Version
Healthy
Refresh
X-Geo-Country
X-Hyper-Cache
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Middleton-Response
Response
X-Cache-NE
X-DataStream-Cache-Status
X-Cache-Age
X-Cache-TTL-Remaining
X-Daa-Tunnel
Payment
X-Varnish-Grace
IBM-Web2-Location
X-Esi
S-Cnection
Filters
X-Amz-Server-Side-Encryption
X-Content-Type
Datacenter
NGB
X-AppVersion
X-Az
X-Activity-Id
X-CDN-Forward
X-Cache-Remote
X-Newrelic-App-Data
X-Pc-Key
X-Pc-Appver
X-Pc-Hit
Country
X-UA
X-Webkit-Csp
X-Proxied
X-HS-Cache-Config
Edge-Cache-Tag
X-Cacheable-TTL
X-Cache-TTL
Served-By
X-Vg-Webcache
X-App-Server
X-Kong-Upstream-Latency
X-Varnish-IP
X-Kong-Proxy-Latency
X-Sucuri-ID
X-Mode
X-Akamai-Transformed
X-HS-Combine-CSS
X-ProcessESI
X-Is-Bot
Pagespeed
X-Rendered-As
X-RN-RSRV
X-Detected-As
X-Rule
X-RemovedCookies
Machine
Load-Balancing
X-Cache-Var-Map
X-Cache-Var
Meta-Geo
X-Rocket-Nginx-Bypass
Powered-By-ChinaCache
X-Proxy
X-FC-Vary-Parameters
TWC-Privacy
Backend
Cache-Name
TWC-GeoIP-LatLong
DB-Nickname
TWC-Locale-Group
TWC-GeoIP-Country
X-Mrs-Cache
X-Mrs-Age
Property-Id
X-Varnish-Cache-Hits
Access-Control-Allow-Method
X-Mrs-Cache-Hits
X-Mshield-Cache-Status
TWC-Device-Class
TWC-Connection-Speed
Mn-Server-Ip
Webcakes-Region
X-Origin-Hint
X-Human
User-Cache-Control
X-Origin
X-ServerID
X-ProxyCache-Status
X-PCL
X-Cache-Category-Id
X-BYPASS-REASON
X-Grey
X-Hosted-By
X-Tb
X-Amz-Meta-Surrogate-Control
X-OCL
X-ProxyCache-Key
Webcakes-App-Name
X-Varnish-Cacheable
Webcakes-App-Version
Azure-SlotName
Azure-SiteName
X-Zipkin-Id
S-Rt
X-BB-IP
X-Hit
ServerName
X-OVcl-Cache
X-Debug-Cache
X-Generated
X-CDN-Cache
Azure-InstanceId
Azure-RegionName
X-OVcl
L5d-Success-Class
X-NodeID
X-Routing-Service
OT-Force-Account-Verify
X-EIG-Tracking-Id
X-Upgrade-Enabled
X-Section
Now
X-Loop
X-JoinUs
X-Format
X-TNCMS
X-Original-Request
X-Access
X-Site-Version
Azure-Version
X-Via-Fastly
X-PERF
X-TWH-CORRELATION-ID
Selected-FE
X-Viewer-Country
X-VWS-Id
Fastcgi-X-Cache
Fastcgi-X-Cache-Version
X-AWS-Id
X-Timing-Wait
X-Cache-Config
X-Agile-Age
X-Agile-Id
X-ApacheServer
X-App-Name
X-Agile
X-Pubstack
X-SplitTest
X-Unique-ID
X-Proxy-Build
Fastcgi-Useragent
X-Www-Served-By
X-LJ-Flow-ID
X-Environment-Context
X-RateLimit-Limit
X-NGENIX-Cache
Access-Control-Request-Headers
X-IP
Cache-Key
X-L-Path
X-Ocache
X-Origin-CC
HostName
X-CCM
X-Drupal-Cache-Contexts
X-Source
X-Upstream-HT
X-Upstream-CT
X-Backend-Name
X-Nginx-Cache
X-Xfnlog-Site
X-HOST
X-URL
AR-Request-ID
From-Origin
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Akamai-Request-ID
Cache
X-Real-IP
X-Pc-Host
X-Pc-Date
X-Storage
X-Forwarded-Host
X-Vgn-Hpd-Reason
X-Correlation-ID
Fastly-SSL
X-Ruxit-Js-Agent
LB
NtCoent-Length
X-Ms-Blob-Type
X-Time-Microsecs
X-Ms-Lease-Status
X-Ms-Request-Id
X-Ms-Version
X-Feature
X-NCache
X-Qnm-Cache
X-M-Reqid
X-M-Log
X-Birta-Served
X-Varnish-Beresp-Status
X-Birta-Cache-Post
X-Internal-Host
X-Varnish-Beresp-Grace
X-Labrador-Cache-Channel
X-VG-TLSProxy
X-Distributor
X-Release
X-NC
X-Microcachable
ViewerVersion
X-EdgeConnect-Cache-Status
Time
X-App-Version
X-UA-Device-Type
X-B3-Spanid
XServer
X-Powered-By-ANYU
WZWS-RAY
X-Twitter-Response-Tags
X-Cluster-Node
X-Transaction
X-Cache-Backend
X-Connection-Hash
CACHE
Pagetype
Xc-Version
X-No-Session
X-CF-Lambda-Version
X-Date
X-Sucuri-Cache
VivaBuild
Ajk
X-Destination
X-Logtrace-Id
X-Request-Time
X-Cache-Enabled
X-WebServer
X-A
X-A-Dam
X-A-Ccd
X-A-Dcw
X-A-Dgt
X-PAYTM-SRV-ID
Cneonction
X-VG-WebServer
X-Org
AKAMAI
X-Via-SSL
X-Via-Edge
X-Via-CDN
X-NU-AKA-ACS-Version
V-Age
IsBot
X-Dispatcher-Server
X-Died
X-G
X-Generated-In
Server-Int
X-From
MD5-Digest
NGX
Rendered-Blocks
Mobile-Detection-Method
X-DPWN-IS-SECURE
Meta-Geo-Continent
X-Generation-Time
Fly-Request-Id
BehaviorPad-Version
Cache-Prefix
Arc-Country
X-Developer
Frame-Options
X-Irp-Debug
X-IN-WAF
T-Server
Fly-Cache
Ec-Rule-Version
X-IN-APIGATEWAY
X-IN-SSL-APIGATEWAY
Viewtype
Www
X-S-Cookie
X-Rojux
X-Redis-Cache
X-ARC
X-Trv-Group
X-BB-ID
X-ScT
X-SIPLIST1
X-Region-Sid
X-D
X-B-Cookie
X-Cache-Bucket
X-Application
X-SRCache-Key
X-Rewrite-Enabled
X-Request-UUID
X-CUA
X-Server-Time
X-Accel-Expires-Debug
X-Server-By
X-CF-Lambda-Fn
X-A-Wwc
X-UE-Client-Country
X-FireWall-Port
X-C
X-SERVER-NAME
X-F5-Cache
Release
Origin-Edge-Control
Origin-Cache-Control
X-GeoIP-City
X-Fastly-Cache
X-Hl-Ver
Country-Code
X-External-Request-Id
Pragrma
Powered
X-Hnp-Log
X-Hash
X-Instance-Name
X-CS
SN
X-Gen-Mode
HA-Urlpath
HA-Servedtime
HA-Ipaddr
X-S-Maxage
Server-Host
Magicmarker
X-Block-Status
X-Eu-Site
NodeID
HA-Host
HA-Geocity
HA-Cloudapp
GMS-Ver
HA-Geocountry
HA-Geolat
Ha-Gx-Prefs
HA-Georegion
HA-Geolon
X-GZip
X-Key
X-Core-Value
X-Node-Id
X-Web-Node
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-CGP
REQUESTUUID
X-Varnish-Action
X-We-Are-Hiring
X-RateLimit-Limit-Second
X-Platform
X-VCT
X-Phone
X-Policy
X-Owner
X-VServer
X-Origin-TTL
X-UnsetCookies
X-Crawler
X-RateLimit-Remaining-Second
X-Cache-CFC
Backend-Name
X-Store
X-Amz-Meta-Cache-Control
Web-Mar-Node
X-Layer
X-ShopId
X-ShardId
X-Alternate-Cache-Key
X-Webstats-RespID
X-Shopify-Stage
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-NWS-UUID-VERIFY
Request-Country
Request-EU
X-Cache-Srv
Thinkindot-Control
X-Cache-URL
Thinkindot-CacheControl
X-Cdn-Srv
X-Clientip
Thinkindot-CacheControl-Type
X-Backend-TTL
X-Core-Mission
X-Debug-Log
Section-Io-Cache
Proxy-Connection
X-Developers
X-Debug-Cookies
X-Backend-State
X-Cache-Expires
X-Croise-Owner
Uber-Trace-Id
X-Backend-Url
X-Actual-URL
X-Backend-Host
X-Epic-Correlation-Id
X-NX-Host
X-Request-URI
X-Reboot
X-Response-By
X-Returned-From
X-Returned-From-DLL
X-Returned-From-BeforeDispatch
X-RCS-CacheZone
X-V
X-Passed-To
X-Nginx-Cache-Key
Platform
X-Passed-To-DLL
X-Passed-To-PostProcessResponse
X-Returned-From-PostProcessResponse
X-Secret
X-Up
MIME-Version
X-Var-Ttl
X-Variation
X-Dc
X-Tumblr-Pixel-3
X-TT-LOGID
X-Sf
X-Server-IP
X-Stale
X-Swa-Ws
X-Thinkindot-L3
X-MSEdge-Flight
X-Passed-To-BeforeDispatch
X-Fetched-On
X-FW-Version
X-MSEdge-Features
X-Gannett-Site-Version
Heartbleed
Odigeo-Trace-Id
Is-Eu
MI-API
MI-Cache
Kp-EeAlive
MI-Cache-Age
X-GeoIP-Country-Code
Esi-Enabled
Adler-Geo
Apple-News-Services-Handled
X-Location
X-Matched-Rule
X-MI-In-Market
Origin
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
X-HTML-Minification-Powered-By
Countrycode
CDCHOST
Apple-News-Services-Request-Url
Ar-Sid
X-Real-Ip
Xserver
X-Worker
X-ElasticPress-Search
X-Device-Os
X-Servername
X-Ckpd-Fst-Backend
X-ServiceProvider
X-Sn-Servicetimems
X-Trace-Id
X-Fstrz
X-Content-Age
Resin-Trace
Host-ID
Fastly-Backend-Name
HTTPS
On-Server
RNT-Machine
X-Endurance-Cache-Level
Decoy-Debug-Status
Decoy-Debug-Key
ProcessTime
X-Cdn-Origin
X-PHP-Backend
Cache-Tags
Content-Disposition
Warning
RNT-Time
Decoy-Debug-TTL
True-Client-Country-4JS
X-Cache-Host
Server-ID
X-Ezoic-Cdn
Fastly-SIE
X-Rebelmouse-Cache-Control
Fastly-SWR
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-From
X-TIME
Cache-Cookie-Set-Idcheck
X-Skip-Cache
X-Alicdn-Da-Ups-Status
X-Rebelmouse-Surrogate-Control
X-Varnish-Beresp-Ttl
X-Guploader-Uploadid
X-Newrelic-Synthetics
RequestId
PFcat
X-Pf-Uncompressing
Sid
Request-Time
X-CACHE-AGE
X-Csrf-Token
X-Surge-Debug
X-Proto
X-Ua
X-B3-TraceId
PageSpeed
X-Req
X-Nc
Cteonnt-Length
CF-IPCountry
We-Hiring
X-Refresh
Mail-Subject
X-Aed
X-Pjax-Url
X-GEO
X-Planisys-CDN-TTL
X-Servedbyhost
X-Oss-Storage-Class
X-Oss-Request-Id
WP-Super-Cache
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Planisys-CDN-Cache
X-Oss-Server-Time
CDN
Pramga
X-Planisys-CDN-Rules
X-Varnish-Beresp-TTL
X-Edge-IP
TSSecure
X-Varnish-Ttl
X-Geo
X-CSRF-Token
X-Ms-Lease-State
Dnion-Transfer-Encoding
X-Amz-Cf-Pop
X-Cache-ASPX
GeoIp-Country-Code
Geoip-Latitude
X-CLOUD-TRACE-CONTEXT
X-Atg-Version
X-COUNTRY
X-Page-Type
X-Hello
X-GoCache-CacheStatus
X-Flog
X-ABtesting
X-Server-W
X-Time
Hostname
X-Oracle-Dms-Ecid
X-DC
Cdn
X-DataStream-Origin-MEX-Latency
X-Auto-Login
X-Aicache-OS
Lfy
X-WA
X-Varnish-Url
X-DataStream-MidMile-RTT
X-Ratelimit-Limit
NnCoection
X-Cdn-Forward
MS-CV
NODE
X-Origin-Date
A
X-Akamai-Request-ID2
FSS-Cache
X-Origin-Expires
FSS-Proxy
Mime-Version
X-Dynatrace-Js-Agent
X-GRACE
X-Unique-Id
X-Cache-Control-Set-By
X-Varnish-HitMiss
X-Datadome
X-HCF
X-Sentry-ID
X-Via-NSCOPI
SD-X-WS
Rt-Proxy-Cache
WWW-Authenticate
X-Server-Group
PageType
Node
X-EC-Security-Audit
X-APP
X-Check-Cacheable
Processtime
X-UPSTREAM-Address
X-Bip
Memcached
Geoip-City
X-Wa
X-Varnish-URL
X-Thanos
X-Served-From
X-Cache-Id
X-Use-Magma
X-MP-GENERATED-AT
X-Be
X-Cache-Info
X-PAGE-TYPE
X-Wix-Route-ID
PICS-Label
X-NODE
GeoIP-Latitude
X-From-Cache
GeoIP-City
GeoIP-Country-Code
X-Request-Start
X-Proxy-Server
X-SRV
X-RTag
Ms-Operation-Id
X-Nananana
Cdn-Host
X-Edge-Server
Cdn-Request-Time
Memory
X-Gdpr
X-CACHE-KEY
X-Gen-Id
X-Cookie
X-Fastly-Backend-Reqs
X-HS-Status
UCS
Lb
GW-Server
X-GDPR
X-WR-MODIFICATION
X-Load-Cache
Dont-Set-Cookie
DataCenter
COMMERCE-SERVER-SOFTWARE
X-ServedByHost
X-FORWARDED-FOR
X-Fastly-Cache-Hits
X-User
Is-Session-Tracking
Cache-Hits
X-Env
X-PJAX-URL
Pics-Label
Get-Access-Time
X-Optimization
X-Ratelimit-Remaining
X-Swift-Error
X-Cache-HT
Accept-Language
Who
X-B3-SpanId
X-Cache-Ttl
X-Goog-Meta-Goog-Reserved-File-Mtime
Cf-Ipcountry
Group
X-RateLimit-Reset
V-Cache
X-Fe
Locale
X-Li-Pop
X-CDN-Pop-IP
X-LI-UUID
X-BBXSRF
X-LI-Proto
X-Urbn-Context-Path
X-Urbn-Site-Id
X-Dw-Trace-Id
X-CDN-Pop
X-Cache-FS-Status
X-Li-Fabric
X-Ver
X-Cache-Debug
X-ID
Amp-Access-Control-Allow-Source-Origin
X-Content-Encoded-By
X-Info
NX-Cache
Ws
AGE-Hash
Requestid
URI
X-Bug-Bounty
X-VC
X-SB
X-Vcache
X-Path-Route
X-Ibm-Trace
X-Meta-Tbi-Cache-Vertical
X-PF-Uncompressing
Xet-Cookie
X-GZIP
X-NGINX-Cache
Serverid
X-Varnish-Info
Httpd-Identifier
X-VG-WebCache
X-Qloud-Router
SS
Fastly-Soc-X-Request-Id
N-Cache
X-Shard
CDN-Node
CDN-Cache
X-CacheKey
CDN-Cache-Hit
X-Grace-Duration
X-Litespeed-Cache-Control
SID
X-Serial
X-Flags
Https
X-RequestId
X-Providence-Cookie
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-ServerName
X-Is-Crawler
X-Akamai-ERPolicy
Powered-By
X-Cache-Handler
X-Akamai-ERRuleID
X-Route-Name