Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
Last-Modified
Accept-Ranges
Pragma
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
Expect-CT
Via
X-XSS-Protection
X-Cache
Age
Access-Control-Allow-Origin
Content-Security-Policy
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Served-By
X-Amz-Cf-Id
X-Varnish
Referrer-Policy
X-Xss-Protection
X-Timer
CF-Cache-Status
X-FRAME-OPTIONS
Access-Control-Allow-Headers
X-AspNet-Version
X-Request-Id
Access-Control-Allow-Methods
X-Runtime
X-Download-Options
Access-Control-Allow-Credentials
X-Drupal-Cache
X-Cacheable
X-Request-ID
Alt-Svc
X-Generator
Content-Security-Policy-Report-Only
X-Check
X-AspNetMvc-Version
Status
X-Cache-Status
X-Adblock-Key
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Iinfo
X-Permitted-Cross-Domain-Policies
X-Template
X-Language
Content-Encoding
X-Content-Security-Policy
X-Turbo-Charged-By
X-CDN
X-Type
X-Buckets
Keep-Alive
Xkey
X-AH-Environment
X-Cache-Group
X-Backend
WPE-Backend
X-Pass-Why
Access-Control-Max-Age
X-Age
CF-Ray
X-POWERED-BY
X-Server
Upgrade
EagleId
Access-Control-Expose-Headers
X-Via
X-Nginx-Cache-Status
X-Server-Powered-By
X-Drupal-Dynamic-Cache
X-Pingback
X-Varnish-Cache
Grace
X-Hacker
X-Amz-Request-Id
X-Amz-Id-2
X-Swift-SaveTime
X-Swift-CacheTime
X-UA-Device
X-Robots-Tag
Ali-Swift-Global-Savetime
P3p
Cf-Railgun
X-LiteSpeed-Cache
X-Proxy-Cache
X-Envoy-Upstream-Service-Time
X-Ua-Compatible
X-Page-Speed
Request-Context
Content-Location
X-Device
X-Ac
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Cnection
X-Node
X-Amz-Version-Id
X-Host
X-Cache-Lookup
Surrogate-Control
X-Server-Id
X-WebKit-CSP
X-Backend-Server
X-Rq
X-Rack-Cache
X-Response-Time
X-Application-Context
X-Readtime
EagleEye-TraceId
X-CST
Server-Timing
X-Url
Pinterest-Generated-By
X-Cloud-Trace-Context
X-TTL
X-OneAgent-JS-Injection
Request-Id
X-Instart-Request-ID
Report-To
X-Country
X-Px
X-ORACLE-DMS-ECID
X-Clacks-Overhead
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Feature-Policy
Edge-Control
Rating
X-Country-Code
Allow
X-Dns-Prefetch-Control
X-DynaTrace-JS-Agent
X-DataDome
X-ESI
Charset
X-Powered-CMS
X-PC
X-TtlSet
X-Vname
X-Server-Name
X-FTR-Request-ID
X-Origin-Cache
X-DynaTrace
NEL
X-MS-InvokeApp
X-Goog-Hash
X-Cached
X-Recruiting
X-Varnish-TTL
X-Vhost
X-GitHub-Request-Id
X-VARITI-CCR
RTSS
Content-MD5
X-F-Cache
X-Version
X-ORACLE-DMS-RID
X-Exp-Variant
X-Kinja-Server
X-Cdn-Fetch
X-Exp-Id
X-Kinja-Revision
X-Kinja-Build
X-GoogleNews-Bot
X-Geo-Segment
X-Kinja
X-Powered-By-Plesk
Public-Key-Pins
PB-PID
PB-RID
Accept-CH
X-Mobile-Rewrite
Arc-Version
X-Mod-Pagespeed
X-D2id
Pinterest-Version
X-Pinterest-Rid
X-Upstream-Env
Verso
MS-Author-Via
SPRequestGuid
X-Client-IP
X-Abt-Application-Version
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Dispatcher
X-N
X-CF-Powered-By
X-SharePointHealthScore
X-Amz-Rid
Accept-CH-Lifetime
X-Navigation-Version
Nginx-Cache
AR-ATIME
AR-PoweredBy
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Fastly-Request-ID
X-Trace
X-Dw-Request-Base-Id
AR-CACHE
X-T
DynaTrace
Paypal-Debug-Id
X-Hits
X-Varnish-Age
X-Grace
X-Upstream
Arr-Disable-Session-Affinity
X-Forwarded-Proto
TCN
X-DIS-Request-ID
X-Origin-Upstream-Status
X-Amz-Meta-S3cmd-Attrs
X-Id
SPRequestDuration
X-Ruxit-JS-Agent
SPIisLatency
X-Pad
X-Shield-Request-Id
X-Content-Options
X-FastCGI-Cache
X-Content-Digest
Realpath
X-NF-Request-ID
X-Server-ID
Permitted-Cross-Domain-Policies
X-HeyJason
X-Do-Not-Hack
X-Kinsta-Cache
X-IPLB-Instance
Access-Control-Request-Method
Mrf-Cache-Status
MRF-Tech
X-Mrf-Item-Lastmod
X-Cache-Hit
X-Logged-In
X-Mrf-Section-Lastmod
X-Acc-Meta-Resource-Type
AR-SID
X-B
X-HW
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Vcap-Request-Id
X-SS-Set-Cookie
X-Debug
S
X-Ser
Service-Worker-Allowed
X-MSEdge-Ref
X-NewRelic-App-Data
Server-Name
X-Wix-Server-Artifact-Id
Tracecode
X-Cache-Key
X-Frontend
X-FTR-Backend-Server
X-XRDS-Location
X-FTR-Balancer
X-FTR-Cache-Status
X-Oneagent-Js-Injection
X-FTR-Realm
X-FTR-DC
X-FTR-Backend
X-Country-Code-Real
X-PressLabs-Stats
AMP-Access-Control-Allow-Source-Origin
X-Oracle-Dms-Rid
X-FTR-Expires
Rt-Fastcgi-Cache
Fastcgi-Cache
X-Forwarded-For
Surrogate-Key
Eomportal-Instance
Fastly-Restarts
Alternate-Protocol
Cleartype
X-Cache-Rule
X-GUploader-UploadID
Backend-Timing
X-Analytics
X-XRDS-LOCATION
X-Srv
Cache-Status
X-Revision
Host
X-HS-Content-Id
X-HS-Hub-Id
X-User-Agent
X-TA-CDN-Provider
TP-Cache
TP-L2-Cache
X-Rid
X-Whom
FilterID
Public-Key-Pins-Report-Only
X-FTR-Cache-Host
X-Accel-Buffering
X-NWS-LOG-UUID
X-Akam-SW-Version
X-Debug-Info
X-AOL-HN
X-VCache
ServerID
X-Varnish-Backend
X-RateLimit-Remaining
X-Cache-2
X-Webkit-CSP
Accept-Charset
X-Cdn
X-Via-JSL
X-Content-Powered-By
X-Mobile
Front-End-Https
X-Kinja-Server-Push
X-Request-Processing-Time
X-Request-Received
X-Zen-Fury
X-WPE-Loopback-Upstream-Addr
X-Cached-By
Viewport
X-Correlation-Id
X-Node-Name
X-App-Environment
X-LB-Cache
X-Magnolia-Registration
Host-Header
X-Cluster
X-Page-Id
X-Content-Security-Policy-Report-Only
X-Tumblr-User
X-Varnish-Hostname
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Device-Type
Liferay-Portal
X-TT
X-Framework
X-Akamai-Edgescape
X-Request-Guid
X-B-Cache
Upgrade-Insecure-Requests
X-Handled-By
X-Cache-Control
X-Signature
X-Instance
X-FB-Debug
Cache-Tag
DC
X-B3-Sampled
X-BCube-Filmed-By
X-Platform-Server
X-Cache-Server
X-B3-Traceid
Server-Node
MicrosoftSharePointTeamServices
X-Hostname
X-Origin-Server
X-Ttl
X-TT-TIMESTAMP
Source
X-Amzn-Trace-Id
X-Sol
X-Middleton-Display
Retry-After
Display
X-Contextid
X-Servedby
X-Accel-Expires
X-WA-Info
X-Varnish-Server
Server-Info
HitType
HitInfo
X-Cache-Action
X-Distil-CS
X-Fastcgi-Cache
X-Cache-Operation
X-APP-VERSION
Content-Script-Type
Content-Style-Type
X-GeoIP
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-Amz-Replication-Status
X-Seen-By
Webserver
User-Agent
X-Wix-Request-Id
X-S
X-WebKit-CSP-Report-Only
X-Locale
X-Jobs
GEO-INFO
X-Generated-By
X-Status
Actual-Object-TTL
X-Edge-Cache-Key
X-Region
X-Edge-Location
X-Response-Served-From
X-Port
Healthy
X-RequestSource
AsisCache
X-Edge-Cache
X-FW-Hash
X-Adobe-Loc
X-UUID
X-FW-Static
X-FW-Type
X-TX-ID
X-Varnish-Hits
X-FW-Serve
SRV
X-Adobe-Content
ServedBy
X-FW-Server
X-Hyper-Cache
X-Geo-Country
X-Drupal-Cache-Tags
Refresh
X-Daa-Tunnel
X-Yottaa-Metrics
X-DataStream-Cache-Status
X-Yottaa-Optimizations
X-ATG-Version
X-Iejgwucgyu
X-Cache-Age
X-Esi
X-Cache-NE
X-Cache-TTL-Remaining
X-Middleton-Response
X-Varnish-Grace
Response
Filters
IBM-Web2-Location
X-Amz-Server-Side-Encryption
S-Cnection
X-Content-Type
NGB
Payment
X-Newrelic-App-Data
Datacenter
X-Activity-Id
X-AppVersion
X-Az
X-Pc-Key
X-Pc-Appver
X-Pc-Hit
X-CDN-Forward
X-Cache-Remote
X-Cacheable-TTL
X-Cache-TTL
X-Proxied
X-App-Server
Country
X-UA
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-HS-Cache-Config
Edge-Cache-Tag
Served-By
X-Sucuri-ID
X-Vg-Webcache
X-Varnish-IP
X-Akamai-Transformed
X-RN-RSRV
Machine
X-Rendered-As
X-RemovedCookies
X-Is-Bot
X-ProcessESI
X-Detected-As
Meta-Geo
X-Cache-Var-Map
Load-Balancing
X-Cache-Var
X-Rule
X-Rocket-Nginx-Bypass
AR-Request-ID
X-FC-Vary-Parameters
X-Proxy
X-Ruxit-Js-Agent
X-Unique-ID
X-HS-Combine-CSS
X-Mode
X-BYPASS-REASON
X-Hosted-By
Backend
X-BB-IP
X-EIG-Tracking-Id
User-Cache-Control
X-ServerID
X-ProxyCache-Status
DB-Nickname
X-ProxyCache-Key
Cache-Name
X-Original-Request
Cache
X-Origin
X-OCL
X-OVcl
X-OVcl-Cache
X-Varnish-Cache-Hits
X-TNCMS
X-Tb
X-Site-Version
Access-Control-Allow-Method
X-Loop
Now
X-Grey
X-Generated
ServerName
X-Hit
X-Human
X-L-Path
X-JoinUs
Mn-Server-Ip
X-Varnish-Cacheable
X-PCL
X-Environment-Context
X-Viewer-Country
X-Cache-Category-Id
X-CDN-Cache
X-NodeID
X-NGENIX-Cache
Access-Control-Request-Headers
X-Agile-Age
X-PERF
Azure-InstanceId
X-ApacheServer
X-Www-Served-By
Azure-SiteName
X-Cache-Config
X-Debug-Cache
Selected-FE
L5d-Success-Class
Azure-Version
X-Proxy-Build
Azure-SlotName
Azure-RegionName
X-Ocache
X-Upgrade-Enabled
X-Pubstack
X-Agile
X-TWH-CORRELATION-ID
X-Timing-Wait
X-Agile-Id
X-Via-Fastly
X-HOST
X-LJ-Flow-ID
X-VWS-Id
X-Backend-Name
OT-Force-Account-Verify
Cache-Key
Webcakes-App-Name
X-IP
X-URL
TWC-GeoIP-LatLong
Property-Id
TWC-Locale-Group
TWC-Privacy
X-Origin-CC
X-Origin-Hint
X-CCM
TWC-Connection-Speed
X-Amz-Meta-Surrogate-Control
Webcakes-Region
X-App-Name
Webcakes-App-Version
TWC-GeoIP-Country
TWC-Device-Class
X-SplitTest
X-AWS-Id
X-Routing-Service
X-Zipkin-Id
X-Format
X-Section
HostName
X-Access
S-Rt
X-Mrs-Age
X-Mrs-Cache
X-Mrs-Cache-Hits
X-Source
X-Upstream-CT
X-Upstream-HT
X-Mshield-Cache-Status
Powered-By-ChinaCache
X-Drupal-Cache-Contexts
X-Nginx-Cache
Fastcgi-Useragent
X-Xfnlog-Site
X-Real-IP
X-Pc-Host
X-Pc-Date
X-RateLimit-Limit
Fastcgi-X-Cache-Version
Fastcgi-X-Cache
X-Correlation-ID
X-Akamai-Request-ID
X-Storage
X-Vgn-Hpd-Reason
X-Litespeed-Cache
From-Origin
Pagespeed
X-Amzn-RequestId
X-Amz-Apigw-Id
Fastly-SSL
X-Forwarded-Host
X-Feature
X-NCache
X-Time-Microsecs
X-Internal-Host
X-M-Reqid
X-M-Log
X-Qnm-Cache
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
NtCoent-Length
X-Ms-Blob-Type
X-Ms-Lease-Status
X-Ms-Request-Id
X-NC
X-Distributor
X-Ms-Version
X-Release
X-UA-Device-Type
X-Birta-Cache-Post
X-Microcachable
X-Birta-Served
X-Labrador-Cache-Channel
LB
XServer
X-Webkit-Csp
X-EdgeConnect-Cache-Status
X-VG-TLSProxy
X-App-Version
X-Cache-Backend
X-B3-Spanid
Pagetype
X-Connection-Hash
Time
X-Twitter-Response-Tags
X-Transaction
X-SERVER-NAME
Frame-Options
X-Sucuri-Cache
X-PHP-Backend
X-IN-SSL-APIGATEWAY
X-From
Ajk
AKAMAI
X-DPWN-IS-SECURE
X-G
X-Irp-Debug
Arc-Country
X-Generation-Time
WZWS-RAY
Cneonction
X-Powered-By-ANYU
X-IN-APIGATEWAY
X-Dispatcher-Server
X-Logtrace-Id
X-Generated-In
X-Destination
Meta-Geo-Continent
X-A-Ccd
X-A
MD5-Digest
X-A-Dam
X-A-Dgt
IsBot
X-A-Dcw
Www
Mobile-Detection-Method
T-Server
Rendered-Blocks
Server-Int
V-Age
Viewtype
NGX
VivaBuild
X-A-Wwc
X-Accel-Expires-Debug
X-CUA
X-CS
Ec-Rule-Version
X-D
X-Date
Cache-Prefix
X-Died
X-Developer
X-CF-Lambda-Version
Fly-Cache
X-B-Cookie
X-ARC
X-Application
X-BB-ID
X-Cache-Bucket
Fly-Request-Id
X-CF-Lambda-Fn
BehaviorPad-Version
X-IN-WAF
X-Via-CDN
X-VG-WebServer
X-ScT
X-Via-Edge
X-Rewrite-Enabled
X-Server-By
X-S-Cookie
X-NU-AKA-ACS-Version
X-Redis-Cache
X-Trv-Group
X-PAYTM-SRV-ID
X-UE-Client-Country
X-SIPLIST1
X-Server-Time
X-Org
X-Rojux
X-Via-SSL
X-SRCache-Key
X-Request-UUID
X-No-Session
X-WebServer
Xc-Version
X-Region-Sid
X-Instance-Name
X-GZip
X-NWS-UUID-VERIFY
X-Web-Node
NodeID
X-Fastly-Cache
X-External-Request-Id
Web-Mar-Node
X-Block-Status
X-Core-Value
X-Cache-Enabled
Magicmarker
X-Origin-TTL
X-Store
MIME-Version
Country-Code
X-Owner
X-Cache-CFC
Server-Host
X-Crawler
X-Debug-Cookies
X-Debug-Log
X-Var-Ttl
Pragrma
X-Layer
X-We-Are-Hiring
X-Node-Id
X-Key
X-RateLimit-Remaining-Second
Release
SN
X-RateLimit-Limit-Second
X-C
X-Phone
GMS-Ver
X-Amz-Meta-Cache-Control
X-Cluster-Node
X-UnsetCookies
X-GeoIP-City
Host-ID
X-Gen-Mode
Origin-Cache-Control
Origin-Edge-Control
X-Varnish-Action
X-Hnp-Log
X-S-Maxage
X-VCT
X-Hl-Ver
X-Hash
X-NX-Host
X-Request-Time
X-FireWall-Port
ViewerVersion
X-Webstats-RespID
X-Actual-URL
X-Returned-From-PostProcessResponse
X-RCS-CacheZone
Uber-Trace-Id
Thinkindot-Control
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
X-Reboot
X-Passed-To-PostProcessResponse
X-Returned-From-BeforeDispatch
X-Returned-From
X-Response-By
X-Request-URI
X-Returned-From-DLL
X-Passed-To-DLL
X-Variation
X-HTML-Minification-Powered-By
X-Platform
X-Tumblr-Pixel-3
X-FW-Version
X-Trace-Id
X-Fetched-On
REQUESTUUID
X-VServer
X-MI-In-Market
X-Nginx-Cache-Key
X-Policy
X-Matched-Rule
X-Location
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-F5-Cache
X-Eu-Site
X-Cdn-Srv
X-Sf
X-CGP
X-Cdn-Origin
X-Cache-Srv
X-Cache-Expires
X-Cache-Host
X-Core-Mission
X-Sn-Servicetimems
X-Passed-To
X-Swa-Ws
X-Thinkindot-L3
X-Passed-To-BeforeDispatch
Powered
X-Croise-Owner
X-Stale
X-Backend-TTL
Request-Country
HA-Georegion
Ha-Gx-Prefs
HA-Geolon
HA-Geolat
HA-Geocountry
HA-Host
HA-Ipaddr
Is-Eu
Kp-EeAlive
Heartbleed
HA-Urlpath
HA-Servedtime
HA-Geocity
HA-Cloudapp
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Shopify-Stage
X-ShopId
X-Alternate-Cache-Key
Adler-Geo
Apple-News-Services-Handled
Backend-Name
Esi-Enabled
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
MI-API
X-ShardId
Proxy-Connection
Request-EU
MI-Cache
Odigeo-Trace-Id
Platform
MI-Cache-Age
X-V
PageSpeed
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Developers
CDCHOST
Content-Disposition
Decoy-Debug-Key
Fastly-Backend-Name
X-Clientip
Decoy-Debug-TTL
HTTPS
X-Device-Os
Countrycode
X-Epic-Correlation-Id
X-MSEdge-Flight
X-Gannett-Site-Version
X-GeoIP-Country-Code
X-MSEdge-Features
ProcessTime
Section-Io-Cache
X-Fstrz
X-Ckpd-Fst-Backend
X-Up
Request-Time
Server-ID
X-ElasticPress-Search
Decoy-Debug-Status
X-ServiceProvider
X-Server-IP
PFcat
True-Client-Country-4JS
On-Server
X-Backend-Url
X-Alicdn-Da-Ups-Status
X-TT-LOGID
X-Backend-Host
X-Backend-State
X-Secret
Origin
X-Cache-URL
Fastly-SIE
Resin-Trace
X-Dc
Fastly-SWR
X-Varnish-Beresp-Ttl
Sid
RNT-Time
X-Skip-Cache
X-Content-Age
RNT-Machine
X-Real-Ip
X-Worker
X-Ezoic-Cdn
Xserver
X-Servername
Cache-Tags
X-CACHE-AGE
CACHE
X-B3-TraceId
Cache-Cookie-Set-From
Warning
Ar-Sid
X-Ua
Cache-Cookie-Set-Lfrom
X-Endurance-Cache-Level
RequestId
Cache-Cookie-Set-Idcheck
Cteonnt-Length
X-TIME
X-Pf-Uncompressing
X-Req
X-Proto
X-Csrf-Token
X-Oss-Object-Type
X-Oss-Server-Time
WP-Super-Cache
X-Oss-Hash-Crc64ecma
X-Oss-Storage-Class
X-Newrelic-Synthetics
X-Oss-Request-Id
X-GEO
X-Planisys-CDN-Cache
X-Planisys-CDN-TTL
We-Hiring
Mail-Subject
X-Surge-Debug
X-Planisys-CDN-Rules
CF-IPCountry
X-Refresh
X-Guploader-Uploadid
X-Servedbyhost
X-Pjax-Url
X-Nc
CDN
Dnion-Transfer-Encoding
X-Cache-ASPX
X-Aed
X-Varnish-Ttl
X-Varnish-Beresp-TTL
Pramga
X-GoCache-CacheStatus
Hostname
X-Atg-Version
X-CLOUD-TRACE-CONTEXT
TSSecure
X-CSRF-Token
X-Time
X-COUNTRY
X-Edge-IP
X-Ms-Lease-State
NODE
X-Page-Type
X-Server-W
Geoip-Latitude
GeoIp-Country-Code
X-DC
NnCoection
X-Oracle-Dms-Ecid
X-Flog
X-DataStream-Origin-MEX-Latency
X-Origin-Date
X-Origin-Expires
X-ABtesting
X-DataStream-MidMile-RTT
X-Hello
X-Geo
X-Cdn-Forward
X-Cache-Control-Set-By
X-WA
A
X-HCF
Cdn
X-Varnish-HitMiss
X-Ratelimit-Limit
X-Varnish-Url
X-Aicache-OS
MS-CV
X-GRACE
SD-X-WS
X-Amz-Cf-Pop
X-Datadome
X-Auto-Login
Lfy
X-Dynatrace-Js-Agent
X-Akamai-Request-ID2
WWW-Authenticate
Mime-Version
FSS-Cache
FSS-Proxy
X-Server-Group
Node
Geoip-City
X-Unique-Id
Processtime
X-Sentry-ID
PICS-Label
Rt-Proxy-Cache
X-Wa
X-UPSTREAM-Address
X-Varnish-URL
X-Wix-Route-ID
X-Via-NSCOPI
PageType
X-Use-Magma
X-EC-Security-Audit
X-Cache-Id
X-APP
X-PAGE-TYPE
X-From-Cache
X-Check-Cacheable
X-NODE
X-Nananana
Lb
GeoIP-City
Cdn-Request-Time
X-Served-From
X-Gdpr
Cdn-Host
X-Edge-Server
Memcached
X-Thanos
GeoIP-Country-Code
X-Cache-Info
GeoIP-Latitude
X-Bip
X-SRV
Dont-Set-Cookie
X-Cookie
Ms-Operation-Id
X-CACHE-KEY
X-Be
X-Gen-Id
X-RTag
COMMERCE-SERVER-SOFTWARE
X-MP-GENERATED-AT
X-Proxy-Server
X-GDPR
X-Request-Start
X-Fastly-Backend-Reqs
DataCenter
X-Load-Cache
X-WR-MODIFICATION
Get-Access-Time
X-Fastly-Cache-Hits
Memory
X-Env
X-FORWARDED-FOR
X-Cache-HT
Is-Session-Tracking
X-Optimization
Pics-Label
X-PJAX-URL
UCS
X-HS-Status
X-ServedByHost
GW-Server
Who
X-Swift-Error
X-Ratelimit-Remaining
Cf-Ipcountry
X-Ver
X-Cache-FS-Status
Group
X-B3-SpanId
V-Cache
X-Cache-Ttl
X-RateLimit-Reset
X-Fe
Cache-Hits
X-Meta-Tbi-Cache-Vertical
URI
X-CDN-Pop-IP
X-Dw-Trace-Id
Ws
X-Ibm-Trace
X-CDN-Pop
X-User
X-ID
Amp-Access-Control-Allow-Source-Origin
X-Shard
X-Bug-Bounty
X-Vcache
X-SB
AGE-Hash
X-VC
Requestid
NX-Cache
X-Goog-Meta-Goog-Reserved-File-Mtime
Xet-Cookie
X-GZIP
X-PF-Uncompressing
Httpd-Identifier
X-NGINX-Cache
Accept-Language
Serverid
X-Li-Pop
X-Li-Fabric
CDN-Node
X-LI-Proto
X-SVT-ORM-RULES
X-CacheKey
X-Content-Encoded-By
Powered-By
Locale
X-BBXSRF
X-Cache-Debug
X-SVT-ORM-VERSION
X-LI-UUID
CDN-Cache
N-Cache
X-Urbn-Site-Id
CDN-Cache-Hit
X-Urbn-Context-Path
X-Varnish-Info
X-Wix-Petri-Ex
X-VG-WebCache
X-Info
X-ServerName
SID
X-Flags
X-Cache-Handler
X-Route-Name
X-Grace-Duration
X-Litespeed-Cache-Control
X-RequestId
Https
X-StackifyID
X-Providence-Cookie
Ohc-File-Size
X-Is-Crawler
X-Akamai-ERPolicy
X-Akamai-ERRuleID
Version