Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
Last-Modified
Accept-Ranges
Pragma
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
Expect-CT
Via
X-XSS-Protection
X-Cache
Age
Access-Control-Allow-Origin
Content-Security-Policy
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Served-By
X-Amz-Cf-Id
X-Varnish
Referrer-Policy
X-Xss-Protection
X-Timer
CF-Cache-Status
X-FRAME-OPTIONS
Access-Control-Allow-Headers
X-AspNet-Version
Access-Control-Allow-Methods
X-Request-Id
X-Runtime
X-Download-Options
Access-Control-Allow-Credentials
X-Drupal-Cache
X-Request-ID
X-Cacheable
Alt-Svc
X-Generator
Content-Security-Policy-Report-Only
X-Check
X-AspNetMvc-Version
X-Adblock-Key
Status
X-Cache-Status
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Template
X-Permitted-Cross-Domain-Policies
X-Iinfo
X-Language
Content-Encoding
X-Content-Security-Policy
X-Turbo-Charged-By
X-CDN
X-Buckets
X-Type
Keep-Alive
Xkey
X-AH-Environment
X-Cache-Group
WPE-Backend
X-Pass-Why
X-Backend
Access-Control-Max-Age
X-Age
Upgrade
CF-Ray
X-Server
X-POWERED-BY
Access-Control-Expose-Headers
EagleId
X-Via
X-Nginx-Cache-Status
X-Server-Powered-By
X-Drupal-Dynamic-Cache
X-Pingback
X-Varnish-Cache
X-Amz-Id-2
X-Amz-Request-Id
X-Hacker
Grace
X-UA-Device
X-Swift-SaveTime
X-Swift-CacheTime
X-Robots-Tag
Ali-Swift-Global-Savetime
P3p
Cf-Railgun
X-LiteSpeed-Cache
X-Proxy-Cache
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Ua-Compatible
Request-Context
X-Device
Content-Location
X-Ac
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Cnection
X-Amz-Version-Id
X-Cache-Lookup
Surrogate-Control
X-Host
X-Node
X-Server-Id
X-Backend-Server
X-Rq
X-WebKit-CSP
X-Response-Time
X-Rack-Cache
X-Readtime
X-Application-Context
EagleEye-TraceId
X-OneAgent-JS-Injection
Server-Timing
X-CST
X-Cloud-Trace-Context
X-Url
Pinterest-Generated-By
Report-To
Request-Id
X-TTL
X-Instart-Request-ID
X-Country
X-ORACLE-DMS-ECID
X-Px
X-Clacks-Overhead
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Feature-Policy
Edge-Control
X-Country-Code
Rating
Allow
X-ESI
X-DataDome
X-PC
X-Vname
X-TtlSet
X-Powered-CMS
X-Dns-Prefetch-Control
X-FTR-Request-ID
X-Server-Name
NEL
X-Origin-Cache
X-DynaTrace-JS-Agent
Charset
X-DynaTrace
X-MS-InvokeApp
X-Cached
X-Vhost
X-Goog-Hash
X-GitHub-Request-Id
X-Varnish-TTL
X-VARITI-CCR
X-Recruiting
RTSS
X-Version
X-F-Cache
Content-MD5
X-Cdn-Fetch
X-Kinja
X-Exp-Id
X-Exp-Variant
X-Kinja-Revision
X-GoogleNews-Bot
X-Geo-Segment
X-Kinja-Build
X-Kinja-Server
X-Powered-By-Plesk
Accept-CH
PB-PID
Public-Key-Pins
PB-RID
Arc-Version
X-Mobile-Rewrite
X-D2id
X-Mod-Pagespeed
MS-Author-Via
X-Client-IP
Verso
X-Pinterest-Rid
Pinterest-Version
X-Upstream-Env
X-Abt-Application-Version
X-Dispatcher
SPRequestGuid
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-ORACLE-DMS-RID
X-N
X-SharePointHealthScore
X-CF-Powered-By
X-Ruxit-JS-Agent
X-Amz-Rid
Nginx-Cache
Accept-CH-Lifetime
X-Navigation-Version
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-Dw-Request-Base-Id
X-Trace
X-Fastly-Request-ID
Paypal-Debug-Id
X-Forwarded-Proto
X-T
X-DIS-Request-ID
X-Hits
X-Grace
X-Varnish-Age
DynaTrace
X-Upstream
AR-ATIME
X-Origin-Upstream-Status
AR-PoweredBy
X-Server-ID
Arr-Disable-Session-Affinity
SPRequestDuration
SPIisLatency
TCN
X-Id
AR-CACHE
X-Amz-Meta-S3cmd-Attrs
X-Pad
X-Shield-Request-Id
X-Content-Options
X-Oracle-Dms-Rid
X-Content-Digest
Realpath
X-NF-Request-ID
Access-Control-Request-Method
X-Kinsta-Cache
X-HW
Mrf-Cache-Status
X-Mrf-Item-Lastmod
MRF-Tech
X-Mrf-Section-Lastmod
X-IPLB-Instance
X-Cache-Hit
X-Acc-Meta-Resource-Type
X-B
X-Logged-In
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Vcap-Request-Id
X-Debug
X-SS-Set-Cookie
X-FastCGI-Cache
X-Wix-Server-Artifact-Id
X-NewRelic-App-Data
X-Ser
S
Service-Worker-Allowed
Tracecode
X-Cache-Key
X-MSEdge-Ref
Server-Name
X-PressLabs-Stats
X-FTR-DC
X-FTR-Realm
X-FTR-Cache-Status
X-FTR-Backend-Server
X-Country-Code-Real
X-FTR-Balancer
X-FTR-Backend
X-Frontend
AMP-Access-Control-Allow-Source-Origin
Fastly-Restarts
X-FTR-Expires
X-XRDS-Location
Rt-Fastcgi-Cache
AR-SID
Surrogate-Key
X-Forwarded-For
Fastcgi-Cache
X-Accel-Buffering
X-XRDS-LOCATION
X-HeyJason
X-Do-Not-Hack
Permitted-Cross-Domain-Policies
X-Cache-Rule
Alternate-Protocol
Backend-Timing
X-Analytics
Eomportal-Instance
X-HS-Hub-Id
X-HS-Content-Id
Cleartype
Host
X-Srv
TP-L2-Cache
TP-Cache
Cache-Status
X-Rid
FilterID
Public-Key-Pins-Report-Only
X-Revision
X-FTR-Cache-Host
X-Whom
X-Debug-Info
X-User-Agent
Front-End-Https
ServerID
X-Akam-SW-Version
X-TA-CDN-Provider
X-AOL-HN
X-Mobile
X-GUploader-UploadID
X-Varnish-Backend
X-RateLimit-Remaining
Accept-Charset
X-Cache-2
X-Via-JSL
X-Webkit-CSP
X-Request-Processing-Time
X-VCache
X-Iejgwucgyu
X-NWS-LOG-UUID
X-Cdn
X-Request-Received
X-Content-Powered-By
X-Zen-Fury
X-Kinja-Server-Push
X-Correlation-Id
X-Cached-By
X-WPE-Loopback-Upstream-Addr
X-Oneagent-Js-Injection
X-App-Environment
X-Ttl
Viewport
X-Node-Name
X-LB-Cache
X-Varnish-Hostname
Host-Header
X-Tumblr-User
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Page-Id
X-Cluster
Liferay-Portal
X-Framework
X-Request-Guid
X-Device-Type
X-TT
X-Cache-Control
X-Akamai-Edgescape
X-Magnolia-Registration
X-Handled-By
X-BCube-Filmed-By
Upgrade-Insecure-Requests
X-B-Cache
X-Signature
X-Platform-Server
X-FB-Debug
Cache-Tag
DC
X-B3-Sampled
X-Instance
X-Content-Security-Policy-Report-Only
Display
X-Sol
X-Middleton-Display
X-Cache-Server
X-Amzn-Trace-Id
X-Fastcgi-Cache
X-Hostname
X-Origin-Server
MicrosoftSharePointTeamServices
X-B3-Traceid
Server-Node
X-TT-TIMESTAMP
X-Accel-Expires
X-Webkit-Csp
Retry-After
X-WA-Info
X-Varnish-Server
Source
X-Contextid
X-Servedby
X-Distil-CS
HitInfo
HitType
Server-Info
X-Wix-Request-Id
X-Seen-By
X-Cache-Operation
X-Cache-Action
Content-Style-Type
Content-Script-Type
User-Agent
Webserver
X-GeoIP
X-APP-VERSION
X-Edge-Location
X-Tumblr-Pixel-1
X-Amz-Replication-Status
X-RequestSource
X-Tumblr-Pixel-2
X-S
X-Jobs
SRV
X-Locale
X-Status
Actual-Object-TTL
X-FW-Static
X-FW-Type
X-FW-Server
X-WebKit-CSP-Report-Only
X-FW-Hash
X-Edge-Cache-Key
X-Edge-Cache
GEO-INFO
X-Region
X-FW-Serve
X-Response-Served-From
X-Adobe-Content
X-UUID
X-TX-ID
X-Adobe-Loc
X-Varnish-Hits
X-Drupal-Cache-Tags
X-Middleton-Response
Response
ServedBy
AsisCache
X-ATG-Version
X-Generated-By
X-Port
Healthy
Refresh
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Cache-NE
X-Hyper-Cache
X-Geo-Country
X-HOST
X-Cache-TTL-Remaining
X-DataStream-Cache-Status
Payment
X-Cache-Age
X-Esi
IBM-Web2-Location
X-Content-Type
X-Varnish-Grace
Datacenter
S-Cnection
Filters
X-Activity-Id
X-AppVersion
X-Daa-Tunnel
X-Az
X-Amz-Server-Side-Encryption
NGB
Edge-Cache-Tag
X-Newrelic-App-Data
X-HS-Cache-Config
Country
X-Cache-Remote
X-UA
Served-By
X-Cache-TTL
X-Pc-Key
X-Pc-Appver
X-Pc-Hit
X-Cacheable-TTL
X-CDN-Forward
X-Varnish-IP
X-Proxied
X-HS-Combine-CSS
HostName
X-Sucuri-ID
X-App-Server
X-Vg-Webcache
X-Akamai-Transformed
Powered-By-ChinaCache
X-Mode
X-Rendered-As
X-RN-RSRV
X-ProcessESI
X-Is-Bot
X-Kong-Upstream-Latency
X-Rule
X-RemovedCookies
Pagespeed
X-Detected-As
X-Cache-Var
X-Kong-Proxy-Latency
X-Cache-Var-Map
Load-Balancing
Machine
Meta-Geo
X-Mrs-Cache
X-Mrs-Cache-Hits
X-Mrs-Age
X-Rocket-Nginx-Bypass
X-Proxy
X-FC-Vary-Parameters
X-Mshield-Cache-Status
Cache-Name
X-Origin-Hint
X-Origin
TWC-Locale-Group
X-PCL
X-ProxyCache-Key
Webcakes-Region
TWC-GeoIP-LatLong
X-Hosted-By
X-Cache-Category-Id
TWC-GeoIP-Country
X-Human
X-BYPASS-REASON
X-OCL
X-Amz-Meta-Surrogate-Control
X-ProxyCache-Status
TWC-Device-Class
Mn-Server-Ip
OT-Force-Account-Verify
User-Cache-Control
DB-Nickname
Access-Control-Allow-Method
X-Varnish-Cacheable
TWC-Privacy
Webcakes-App-Name
X-Grey
TWC-Connection-Speed
Webcakes-App-Version
X-ServerID
Property-Id
X-Tb
X-Varnish-Cache-Hits
Backend
X-NodeID
L5d-Success-Class
X-Site-Version
X-Loop
Now
Azure-SlotName
X-TNCMS
X-Section
X-Routing-Service
Azure-InstanceId
Azure-RegionName
Azure-SiteName
Azure-Version
X-OVcl-Cache
X-Original-Request
X-OVcl
X-Upgrade-Enabled
X-JoinUs
X-Zipkin-Id
X-Format
X-Hit
X-Debug-Cache
X-Access
X-Generated
X-CDN-Cache
S-Rt
ServerName
X-Agile-Age
X-BB-IP
X-App-Name
X-AWS-Id
X-Agile
X-Agile-Id
Fastcgi-X-Cache-Version
Selected-FE
X-IP
X-LJ-Flow-ID
X-NGENIX-Cache
Fastcgi-X-Cache
X-EIG-Tracking-Id
Fastcgi-Useragent
Cache-Key
X-TWH-CORRELATION-ID
X-Timing-Wait
Access-Control-Request-Headers
X-VWS-Id
X-Www-Served-By
X-SplitTest
X-Via-Fastly
X-Proxy-Build
X-Origin-CC
X-Pubstack
X-Upstream-HT
X-Upstream-CT
X-Drupal-Cache-Contexts
X-ApacheServer
X-L-Path
X-CCM
X-Environment-Context
X-PERF
X-Cache-Config
X-Viewer-Country
X-Ocache
X-Source
X-Xfnlog-Site
X-RateLimit-Limit
X-Nginx-Cache
From-Origin
X-Backend-Name
X-URL
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Unique-ID
X-Akamai-Request-ID
LB
X-Forwarded-Host
X-Correlation-ID
AR-Request-ID
X-Litespeed-Cache
Cache
X-Vgn-Hpd-Reason
Fastly-SSL
X-Storage
X-Pc-Date
X-Real-IP
X-Pc-Host
X-Ms-Request-Id
X-Ms-Lease-Status
X-Ms-Version
X-Ms-Blob-Type
NtCoent-Length
X-M-Log
X-Feature
X-M-Reqid
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-Qnm-Cache
X-App-Version
X-Time-Microsecs
X-Birta-Served
X-Birta-Cache-Post
X-NCache
ViewerVersion
X-VG-TLSProxy
X-Labrador-Cache-Channel
X-Internal-Host
Ar-Sid
X-Distributor
X-Release
CACHE
X-Microcachable
X-EdgeConnect-Cache-Status
X-Cluster-Node
X-Ruxit-Js-Agent
Time
WZWS-RAY
X-Powered-By-ANYU
X-B3-Spanid
Xserver
X-Twitter-Response-Tags
X-Connection-Hash
X-Cache-Enabled
X-Request-Time
X-Transaction
Cneonction
X-Via-SSL
X-Developer
X-Via-Edge
X-Destination
REQUESTUUID
X-IN-APIGATEWAY
X-PAYTM-SRV-ID
X-DPWN-IS-SECURE
NGX
Xc-Version
X-Dispatcher-Server
Meta-Geo-Continent
X-WebServer
X-Died
Mobile-Detection-Method
X-No-Session
Arc-Country
Ec-Rule-Version
AKAMAI
Ajk
BehaviorPad-Version
Cache-Prefix
X-IN-SSL-APIGATEWAY
X-IN-WAF
X-Irp-Debug
X-Generation-Time
X-Generated-In
X-NU-AKA-ACS-Version
X-Org
IsBot
X-From
X-G
Fly-Cache
Fly-Request-Id
X-Logtrace-Id
MD5-Digest
Rendered-Blocks
X-A-Wwc
X-A-Dgt
X-Accel-Expires-Debug
X-Application
X-ARC
X-UA-Device-Type
X-A-Dcw
X-A-Ccd
X-A
X-Real-Ip
X-UE-Client-Country
X-A-Dam
X-SRCache-Key
X-SIPLIST1
X-CF-Lambda-Version
X-Rojux
X-S-Cookie
X-ScT
X-CF-Lambda-Fn
X-Rewrite-Enabled
X-Server-By
X-B-Cookie
X-BB-ID
X-Server-Time
X-Cache-Bucket
Www
X-Trv-Group
V-Age
X-Redis-Cache
X-Region-Sid
X-CUA
T-Server
X-NC
X-Via-CDN
X-VG-WebServer
Server-Int
X-Date
Viewtype
X-D
VivaBuild
X-Request-UUID
Frame-Options
X-Guploader-Uploadid
X-FireWall-Port
X-Cache-Backend
X-SERVER-NAME
Web-Mar-Node
X-Cache-CFC
Release
X-Gen-Mode
Powered
X-GeoIP-City
Pragrma
X-CGP
X-Eu-Site
X-Hnp-Log
X-Crawler
Server-Host
X-External-Request-Id
X-Hl-Ver
X-Block-Status
Country-Code
X-Hash
GMS-Ver
HA-Host
Origin-Cache-Control
X-Fastly-Cache
HA-Ipaddr
HA-Servedtime
HA-Urlpath
NodeID
X-Amz-Meta-Cache-Control
Ha-Gx-Prefs
HA-Georegion
HA-Cloudapp
Origin-Edge-Control
X-F5-Cache
HA-Geocity
HA-Geocountry
HA-Geolon
Magicmarker
HA-Geolat
SN
X-Key
X-Phone
X-Platform
X-Wikidot-Static-Cache
ProcessTime
X-Owner
X-Node-Id
X-Store
X-Origin-TTL
X-Wikidot-Backend
X-We-Are-Hiring
X-RateLimit-Remaining-Second
X-UnsetCookies
X-S-Maxage
X-Varnish-Action
X-VCT
X-VServer
X-Policy
X-RateLimit-Limit-Second
X-Sucuri-Cache
X-Web-Node
X-C
Backend-Name
X-Layer
X-Instance-Name
X-Sorting-Hat-ShopId
X-Varnish-Beresp-Ttl
X-Webstats-RespID
X-GZip
X-Alternate-Cache-Key
X-ShardId
X-Shopify-Stage
X-ShopId
X-Sorting-Hat-PodId
Uber-Trace-Id
X-Variation
X-Reboot
X-CS
X-Cache-Expires
X-Up
Thinkindot-Control
Countrycode
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
X-Dc
X-RCS-CacheZone
X-Response-By
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
Section-Io-Cache
X-Secret
X-Returned-From-BeforeDispatch
X-Backend-State
X-Backend-Host
Pagetype
X-Core-Mission
X-Backend-TTL
X-Backend-Url
X-Server-IP
X-Clientip
X-Sf
X-Returned-From-DLL
X-Actual-URL
X-Ezoic-Cdn
X-Core-Value
X-Returned-From
X-Tumblr-Pixel-3
X-TT-LOGID
X-Stale
X-Swa-Ws
X-Thinkindot-L3
X-Croise-Owner
X-Developers
X-Cdn-Srv
X-Gannett-Site-Version
Kp-EeAlive
X-Matched-Rule
X-Passed-To
MI-API
X-Passed-To-BeforeDispatch
MI-Cache-Age
MI-Cache
Is-Eu
X-Cache-URL
X-MSEdge-Flight
X-MI-In-Market
X-MSEdge-Features
X-Nginx-Cache-Key
CDCHOST
X-FW-Version
X-Fetched-On
Heartbleed
X-GeoIP-Country-Code
X-Epic-Correlation-Id
Esi-Enabled
X-HTML-Minification-Powered-By
Proxy-Connection
Request-Country
Request-EU
Apple-News-Services-Host
Apple-News-Services-Handled
X-Returned-From-PostProcessResponse
X-Passed-To-DLL
Adler-Geo
Origin
X-Passed-To-PostProcessResponse
Odigeo-Trace-Id
X-Location
Platform
X-Cache-Srv
X-Endurance-Cache-Level
X-NWS-UUID-VERIFY
X-ElasticPress-Search
X-Nc
X-B3-TraceId
X-Ckpd-Fst-Backend
X-Debug-Log
X-Worker
X-NX-Host
X-Fstrz
X-Device-Os
X-Debug-Cookies
X-Servername
X-Var-Ttl
X-Request-URI
X-Content-Age
RNT-Time
HTTPS
XServer
RNT-Machine
Content-Disposition
Decoy-Debug-Key
Fastly-Backend-Name
Decoy-Debug-TTL
Decoy-Debug-Status
Server-ID
Resin-Trace
X-Newrelic-Synthetics
PageSpeed
X-V
X-TIME
X-Cdn-Origin
Cache-Tags
Cache-Cookie-Set-From
X-Cache-Host
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
Host-ID
On-Server
True-Client-Country-4JS
X-Sn-Servicetimems
X-Trace-Id
X-ServiceProvider
Warning
Fastly-SIE
X-Surge-Debug
X-Alicdn-Da-Ups-Status
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-Pf-Uncompressing
Fastly-SWR
X-CACHE-AGE
X-Skip-Cache
MIME-Version
RequestId
X-PHP-Backend
Cteonnt-Length
X-Ua
PFcat
X-Proto
X-Req
Request-Time
Sid
Mail-Subject
X-Aed
X-Refresh
We-Hiring
X-Csrf-Token
X-GEO
X-Edge-IP
X-Dynatrace-Js-Agent
CF-IPCountry
Pramga
X-Pjax-Url
TSSecure
X-Ms-Lease-State
X-Planisys-CDN-TTL
X-CSRF-Token
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
WP-Super-Cache
X-Varnish-Ttl
X-Oss-Request-Id
X-Oss-Server-Time
X-Oss-Storage-Class
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-NODE
X-Amz-Cf-Pop
X-ABtesting
X-Servedbyhost
X-Geo
Geoip-Latitude
GeoIp-Country-Code
X-Flog
X-Hello
X-Server-W
Cdn
X-Atg-Version
X-Ratelimit-Limit
X-CLOUD-TRACE-CONTEXT
X-Cache-ASPX
X-Cdn-Forward
X-COUNTRY
X-Unique-Id
Mime-Version
CDN
Dnion-Transfer-Encoding
X-Page-Type
X-Time
X-GoCache-CacheStatus
X-Auto-Login
X-Varnish-Url
Lfy
X-Varnish-Beresp-TTL
X-DC
X-Oracle-Dms-Ecid
X-WA
X-DataStream-Origin-MEX-Latency
FSS-Cache
X-DataStream-MidMile-RTT
FSS-Proxy
X-Akamai-Request-ID2
MS-CV
PageType
A
X-Aicache-OS
NnCoection
X-Origin-Date
X-Via-NSCOPI
Rt-Proxy-Cache
X-Datadome
X-Origin-Expires
NODE
X-Sentry-ID
X-GRACE
Hostname
X-Varnish-HitMiss
X-HCF
X-Cache-Control-Set-By
X-EC-Security-Audit
X-Check-Cacheable
SD-X-WS
X-Served-From
Node
Memcached
X-Bip
X-Thanos
X-MP-GENERATED-AT
X-Wa
X-Cache-Id
X-Be
X-APP
WWW-Authenticate
X-UPSTREAM-Address
X-Server-Group
X-Use-Magma
X-PAGE-TYPE
X-Proxy-Server
X-Request-Start
Geoip-City
X-Cache-Info
PICS-Label
X-SRV
X-Wix-Route-ID
GeoIP-Country-Code
Memory
GeoIP-City
X-Ratelimit-Remaining
GeoIP-Latitude
X-Varnish-URL
X-Nananana
Processtime
X-CACHE-KEY
Ms-Operation-Id
X-Fastly-Cache-Hits
UCS
X-Cookie
GW-Server
X-RTag
X-ServedByHost
X-From-Cache
X-Gen-Id
Cdn-Request-Time
X-Edge-Server
X-GDPR
Cdn-Host
X-Gdpr
X-User
DataCenter
X-WR-MODIFICATION
X-Load-Cache
Cache-Hits
X-FORWARDED-FOR
X-Fastly-Backend-Reqs
COMMERCE-SERVER-SOFTWARE
X-HS-Status
Lb
Cf-Ipcountry
Pics-Label
Dont-Set-Cookie
X-PJAX-URL
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Swift-Error
Accept-Language
X-Vcache
X-Li-Fabric
X-BBXSRF
X-Optimization
Locale
X-Cache-Debug
Is-Session-Tracking
X-LI-Proto
Get-Access-Time
X-Urbn-Site-Id
Group
X-Cache-HT
X-Cache-Ttl
X-RateLimit-Reset
X-Urbn-Context-Path
X-B3-SpanId
X-Li-Pop
X-LI-UUID
X-Env
V-Cache
X-Path-Route
Who
X-Info
X-Dw-Trace-Id
X-CDN-Pop
X-Fe
X-CDN-Pop-IP
X-VG-WebCache
Amp-Access-Control-Allow-Source-Origin
X-ID
NX-Cache
X-Bug-Bounty
X-Cache-FS-Status
SS
URI
X-Qloud-Router
Xet-Cookie
Fastly-Soc-X-Request-Id
X-PF-Uncompressing
Requestid
X-GZIP
X-Content-Encoded-By
X-Ver
AGE-Hash
X-NGINX-Cache
Serverid
X-Varnish-Info
CDN-Node
CDN-Cache-Hit
N-Cache
CDN-Cache
X-CacheKey
X-SB
X-P-T
X-VC
X-Ibm-Trace
Ws
X-Akamai-SSL-Client-Sid
X-Meta-Tbi-Cache-Vertical
X-Litespeed-Cache-Control
X-SN
X-RequestId
SID
X-Shard
X-Serial
X-Flags
Https
X-Grace-Duration
Httpd-Identifier
X-Akamai-ERRuleID
X-Akamai-ERPolicy
X-Providence-Cookie
X-Route-Name
X-ServerName
X-Is-Crawler