Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
Last-Modified
Accept-Ranges
Pragma
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
Expect-CT
Via
X-XSS-Protection
X-Cache
Age
Access-Control-Allow-Origin
Content-Security-Policy
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Served-By
X-Amz-Cf-Id
X-Varnish
Referrer-Policy
X-Xss-Protection
X-Timer
CF-Cache-Status
X-FRAME-OPTIONS
Access-Control-Allow-Headers
X-AspNet-Version
X-Request-Id
Access-Control-Allow-Methods
X-Runtime
X-Download-Options
Access-Control-Allow-Credentials
X-Drupal-Cache
X-Cacheable
X-Request-ID
Alt-Svc
X-Generator
Content-Security-Policy-Report-Only
X-Check
X-AspNetMvc-Version
Status
X-Cache-Status
X-Adblock-Key
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Iinfo
X-Permitted-Cross-Domain-Policies
X-Template
Content-Encoding
X-Language
X-Content-Security-Policy
X-Turbo-Charged-By
X-CDN
X-Type
X-Buckets
Keep-Alive
Xkey
X-AH-Environment
X-Cache-Group
X-Backend
Access-Control-Max-Age
WPE-Backend
X-Pass-Why
X-Age
CF-Ray
X-POWERED-BY
Upgrade
X-Server
EagleId
Access-Control-Expose-Headers
X-Via
X-Nginx-Cache-Status
X-Server-Powered-By
X-Drupal-Dynamic-Cache
X-Pingback
X-Varnish-Cache
X-Amz-Id-2
X-Amz-Request-Id
Grace
X-Hacker
X-Swift-CacheTime
X-Swift-SaveTime
X-UA-Device
X-Robots-Tag
Ali-Swift-Global-Savetime
P3p
Cf-Railgun
X-LiteSpeed-Cache
X-Proxy-Cache
X-Envoy-Upstream-Service-Time
X-Ua-Compatible
X-Page-Speed
Request-Context
Content-Location
X-Device
X-Ac
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Cnection
X-Node
X-Amz-Version-Id
X-Host
X-Cache-Lookup
Surrogate-Control
X-Server-Id
X-WebKit-CSP
X-Backend-Server
X-Rq
X-Rack-Cache
X-Response-Time
X-Application-Context
X-Readtime
EagleEye-TraceId
X-CST
Server-Timing
X-Url
Pinterest-Generated-By
X-Cloud-Trace-Context
X-TTL
X-OneAgent-JS-Injection
Request-Id
X-Instart-Request-ID
Report-To
X-Country
X-Px
X-ORACLE-DMS-ECID
X-Clacks-Overhead
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Feature-Policy
Edge-Control
Rating
X-Country-Code
Allow
X-Dns-Prefetch-Control
X-DynaTrace-JS-Agent
X-DataDome
X-ESI
Charset
X-Powered-CMS
X-PC
X-TtlSet
X-Vname
X-Server-Name
X-FTR-Request-ID
X-Origin-Cache
X-DynaTrace
NEL
X-MS-InvokeApp
X-Cached
X-Goog-Hash
X-Recruiting
X-Vhost
X-Varnish-TTL
X-GitHub-Request-Id
X-VARITI-CCR
RTSS
Content-MD5
X-F-Cache
X-Version
X-ORACLE-DMS-RID
X-Kinja-Build
X-GoogleNews-Bot
X-Kinja
X-Exp-Variant
X-Kinja-Revision
X-Cdn-Fetch
X-Exp-Id
X-Geo-Segment
X-Kinja-Server
X-Powered-By-Plesk
Public-Key-Pins
Accept-CH
PB-RID
PB-PID
Arc-Version
X-Mobile-Rewrite
X-Mod-Pagespeed
X-D2id
Pinterest-Version
X-Upstream-Env
X-Pinterest-Rid
Verso
MS-Author-Via
X-Client-IP
SPRequestGuid
X-Abt-Application-Version
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Dispatcher
X-CF-Powered-By
X-N
X-SharePointHealthScore
X-Amz-Rid
X-Navigation-Version
Accept-CH-Lifetime
Nginx-Cache
AR-PoweredBy
AR-ATIME
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-Dw-Request-Base-Id
X-Fastly-Request-ID
X-Trace
AR-CACHE
X-T
DynaTrace
Paypal-Debug-Id
X-Varnish-Age
X-Upstream
X-Hits
Arr-Disable-Session-Affinity
X-Grace
X-Forwarded-Proto
TCN
X-DIS-Request-ID
X-Origin-Upstream-Status
X-Id
X-Amz-Meta-S3cmd-Attrs
X-Ruxit-JS-Agent
X-Pad
SPRequestDuration
SPIisLatency
X-Shield-Request-Id
X-Content-Options
X-FastCGI-Cache
X-Content-Digest
X-NF-Request-ID
Realpath
X-HeyJason
X-Do-Not-Hack
X-Server-ID
Permitted-Cross-Domain-Policies
X-Cache-Hit
X-IPLB-Instance
X-Kinsta-Cache
Access-Control-Request-Method
X-Mrf-Item-Lastmod
Mrf-Cache-Status
X-Logged-In
MRF-Tech
X-Mrf-Section-Lastmod
X-Acc-Meta-Resource-Type
AR-SID
X-B
X-HW
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Vcap-Request-Id
X-SS-Set-Cookie
X-Debug
S
X-Ser
Service-Worker-Allowed
X-MSEdge-Ref
X-NewRelic-App-Data
X-Wix-Server-Artifact-Id
Server-Name
X-PressLabs-Stats
X-Frontend
Tracecode
X-Cache-Key
X-FTR-Realm
X-FTR-Cache-Status
X-FTR-Backend
X-FTR-Balancer
X-FTR-DC
X-Country-Code-Real
X-FTR-Backend-Server
X-Oneagent-Js-Injection
X-XRDS-Location
AMP-Access-Control-Allow-Source-Origin
X-FTR-Expires
X-Oracle-Dms-Rid
Rt-Fastcgi-Cache
Fastcgi-Cache
Surrogate-Key
X-Forwarded-For
Eomportal-Instance
Fastly-Restarts
Alternate-Protocol
X-Cache-Rule
Cleartype
X-GUploader-UploadID
Cache-Status
Backend-Timing
X-Analytics
X-XRDS-LOCATION
X-Srv
Host
X-Revision
X-HS-Hub-Id
TP-L2-Cache
TP-Cache
X-HS-Content-Id
X-Accel-Buffering
X-Rid
X-Whom
X-User-Agent
X-TA-CDN-Provider
Public-Key-Pins-Report-Only
X-FTR-Cache-Host
FilterID
X-Debug-Info
X-Akam-SW-Version
X-NWS-LOG-UUID
ServerID
X-AOL-HN
X-VCache
X-RateLimit-Remaining
X-Varnish-Backend
X-Cache-2
X-Webkit-CSP
X-Via-JSL
Accept-Charset
Front-End-Https
X-Cdn
X-Mobile
X-Content-Powered-By
X-Kinja-Server-Push
X-Request-Received
X-Request-Processing-Time
X-Zen-Fury
X-WPE-Loopback-Upstream-Addr
X-Cached-By
Viewport
X-Correlation-Id
X-Node-Name
X-App-Environment
X-Magnolia-Registration
X-LB-Cache
X-Tumblr-User
X-Tumblr-Pixel-0
X-Page-Id
X-Varnish-Hostname
X-Content-Security-Policy-Report-Only
Host-Header
X-Cluster
X-Tumblr-Pixel
X-Request-Guid
X-TT
X-Akamai-Edgescape
Liferay-Portal
X-Device-Type
X-Cache-Control
X-Framework
X-Handled-By
X-B3-Sampled
Upgrade-Insecure-Requests
X-Signature
X-Platform-Server
X-Instance
X-FB-Debug
X-B-Cache
X-BCube-Filmed-By
Cache-Tag
DC
X-Cache-Server
X-B3-Traceid
X-Hostname
X-Origin-Server
Server-Node
MicrosoftSharePointTeamServices
X-TT-TIMESTAMP
X-Ttl
X-Amzn-Trace-Id
Source
Display
X-Middleton-Display
X-Sol
Retry-After
X-Accel-Expires
X-Servedby
X-WA-Info
X-Contextid
X-Varnish-Server
HitType
HitInfo
Server-Info
X-Cache-Action
X-Distil-CS
X-Cache-Operation
X-Fastcgi-Cache
X-APP-VERSION
Content-Script-Type
Content-Style-Type
X-Wix-Request-Id
X-Seen-By
X-Port
X-GeoIP
Webserver
GEO-INFO
X-WebKit-CSP-Report-Only
X-Amz-Replication-Status
User-Agent
X-S
X-Tumblr-Pixel-1
X-RequestSource
X-Tumblr-Pixel-2
X-Generated-By
X-Edge-Location
X-Status
X-Jobs
Actual-Object-TTL
X-Locale
AsisCache
Healthy
X-Edge-Cache-Key
X-FW-Server
X-FW-Static
X-FW-Type
X-Region
X-FW-Serve
X-UUID
X-Response-Served-From
X-FW-Hash
X-Edge-Cache
SRV
X-Geo-Country
X-Drupal-Cache-Tags
X-TX-ID
X-Adobe-Loc
X-Adobe-Content
ServedBy
X-Varnish-Hits
X-Hyper-Cache
X-Daa-Tunnel
Refresh
X-Yottaa-Optimizations
X-ATG-Version
X-Yottaa-Metrics
X-DataStream-Cache-Status
X-Iejgwucgyu
X-Cache-Age
X-Cache-NE
X-Esi
X-Cache-TTL-Remaining
X-Varnish-Grace
X-Middleton-Response
Response
Filters
IBM-Web2-Location
X-Amz-Server-Side-Encryption
S-Cnection
NGB
X-Content-Type
Payment
X-Newrelic-App-Data
X-AppVersion
X-Az
Datacenter
X-Activity-Id
X-Pc-Key
X-Pc-Hit
X-Pc-Appver
X-Proxied
X-CDN-Forward
X-Cache-Remote
X-UA
X-Cache-TTL
X-Cacheable-TTL
X-App-Server
Country
X-HS-Cache-Config
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
Served-By
Edge-Cache-Tag
X-Sucuri-ID
X-Vg-Webcache
X-Mode
X-Akamai-Transformed
X-Varnish-IP
X-Cache-Var
X-Detected-As
Machine
X-Cache-Var-Map
X-ProcessESI
X-Is-Bot
Meta-Geo
X-RemovedCookies
X-RN-RSRV
X-HS-Combine-CSS
X-Rendered-As
Load-Balancing
X-Rule
X-Rocket-Nginx-Bypass
X-Ruxit-Js-Agent
X-Proxy
X-Unique-ID
X-FC-Vary-Parameters
AR-Request-ID
X-Hosted-By
X-PCL
Webcakes-App-Name
X-Origin-Hint
Mn-Server-Ip
X-Origin
Property-Id
X-BB-IP
Webcakes-Region
X-Amz-Meta-Surrogate-Control
Webcakes-App-Version
X-BYPASS-REASON
X-ProxyCache-Key
X-Varnish-Cache-Hits
X-Human
Cache-Name
DB-Nickname
X-OCL
Access-Control-Allow-Method
X-Varnish-Cacheable
X-Tb
X-ServerID
TWC-Device-Class
TWC-GeoIP-Country
User-Cache-Control
X-EIG-Tracking-Id
X-Grey
TWC-Privacy
TWC-Connection-Speed
X-ProxyCache-Status
TWC-GeoIP-LatLong
TWC-Locale-Group
X-Cache-Category-Id
Backend
X-Access
Cache
X-CDN-Cache
X-Debug-Cache
X-Format
X-Environment-Context
ServerName
S-Rt
Azure-SiteName
Azure-RegionName
Azure-SlotName
Azure-Version
Now
L5d-Success-Class
X-Generated
X-Hit
X-Site-Version
X-Section
X-TNCMS
X-Upgrade-Enabled
X-Zipkin-Id
X-Viewer-Country
X-Routing-Service
X-OVcl-Cache
X-L-Path
X-JoinUs
X-Loop
X-NodeID
X-OVcl
Azure-InstanceId
X-Original-Request
X-NGENIX-Cache
X-LJ-Flow-ID
X-Ocache
X-PERF
X-Pubstack
X-Agile
X-IP
X-Cache-Config
X-Agile-Id
X-Agile-Age
X-ApacheServer
X-App-Name
Selected-FE
X-AWS-Id
Cache-Key
X-Proxy-Build
OT-Force-Account-Verify
X-Via-Fastly
X-VWS-Id
X-Www-Served-By
X-TWH-CORRELATION-ID
Access-Control-Request-Headers
X-SplitTest
X-HOST
X-Timing-Wait
X-CCM
X-URL
X-Backend-Name
X-Origin-CC
X-Drupal-Cache-Contexts
HostName
Fastcgi-X-Cache
Fastcgi-X-Cache-Version
X-Upstream-CT
Fastcgi-Useragent
X-Upstream-HT
X-Nginx-Cache
X-Mrs-Age
X-Mrs-Cache
X-Mrs-Cache-Hits
X-Source
X-Xfnlog-Site
X-Mshield-Cache-Status
Powered-By-ChinaCache
X-Real-IP
X-Pc-Date
X-Akamai-Request-ID
X-Pc-Host
X-RateLimit-Limit
X-Storage
X-Correlation-ID
X-Litespeed-Cache
From-Origin
X-Vgn-Hpd-Reason
Pagespeed
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Forwarded-Host
Fastly-SSL
X-Feature
X-NCache
X-Time-Microsecs
X-Internal-Host
X-M-Reqid
X-Qnm-Cache
LB
X-Varnish-Beresp-Grace
X-M-Log
X-Varnish-Beresp-Status
X-Distributor
X-Release
X-Ms-Version
X-Ms-Blob-Type
X-NC
NtCoent-Length
X-Ms-Request-Id
X-Ms-Lease-Status
X-Birta-Served
X-Microcachable
X-UA-Device-Type
X-Birta-Cache-Post
X-Labrador-Cache-Channel
X-VG-TLSProxy
X-App-Version
X-EdgeConnect-Cache-Status
XServer
X-Webkit-Csp
X-Cache-Backend
X-B3-Spanid
Pagetype
X-Transaction
X-Connection-Hash
Time
X-Twitter-Response-Tags
X-PHP-Backend
X-Sucuri-Cache
Frame-Options
X-SERVER-NAME
X-S-Cookie
Xc-Version
V-Age
X-Dispatcher-Server
X-SRCache-Key
X-A-Dgt
X-Destination
VivaBuild
X-CS
X-CUA
Cneonction
Www
X-CF-Lambda-Version
Ajk
AKAMAI
X-CF-Lambda-Fn
X-D
X-Date
X-Server-By
X-Died
X-ScT
X-Server-Time
X-SIPLIST1
Viewtype
Arc-Country
X-Developer
X-A-Dcw
X-From
X-Via-CDN
X-Via-Edge
Fly-Request-Id
X-IN-SSL-APIGATEWAY
X-IN-WAF
X-IN-APIGATEWAY
NGX
X-BB-ID
X-Trv-Group
WZWS-RAY
X-Powered-By-ANYU
X-Via-SSL
X-Irp-Debug
X-C
X-No-Session
X-VG-WebServer
Ec-Rule-Version
MD5-Digest
X-NU-AKA-ACS-Version
X-Org
IsBot
Meta-Geo-Continent
Mobile-Detection-Method
Fly-Cache
X-B-Cookie
X-Logtrace-Id
X-A
X-ARC
X-Region-Sid
X-Generated-In
X-PAYTM-SRV-ID
X-UE-Client-Country
X-Rojux
Server-Int
X-Cache-Bucket
X-Rewrite-Enabled
X-G
X-Request-UUID
Rendered-Blocks
Cache-Prefix
X-DPWN-IS-SECURE
X-A-Ccd
X-Application
BehaviorPad-Version
X-Accel-Expires-Debug
X-WebServer
X-Generation-Time
X-Redis-Cache
X-A-Dam
X-A-Wwc
T-Server
X-Web-Node
X-Instance-Name
X-GZip
X-FireWall-Port
X-NWS-UUID-VERIFY
ViewerVersion
Release
HA-Ipaddr
HA-Servedtime
HA-Host
Ha-Gx-Prefs
HA-Geolon
HA-Georegion
HA-Urlpath
Host-ID
Pragrma
SN
Origin-Edge-Control
Origin-Cache-Control
Magicmarker
NodeID
Web-Mar-Node
X-External-Request-Id
X-Node-Id
X-NX-Host
X-Origin-TTL
X-VCT
X-Layer
X-VServer
X-Hnp-Log
X-Key
X-Varnish-Action
X-Var-Ttl
X-RateLimit-Remaining-Second
X-Store
X-S-Maxage
X-RateLimit-Limit-Second
X-Platform
X-Owner
X-UnsetCookies
X-Phone
X-We-Are-Hiring
X-Hl-Ver
X-Crawler
X-Debug-Cookies
X-Debug-Log
X-Core-Value
X-CGP
X-Block-Status
X-Cache-CFC
X-Cache-Enabled
X-Wikidot-Static-Cache
X-Wikidot-Backend
HA-Geolat
X-GeoIP-City
X-Hash
X-Gen-Mode
X-Fastly-Cache
X-Eu-Site
X-F5-Cache
X-Amz-Meta-Cache-Control
Server-Host
X-Request-Time
Backend-Name
X-Cluster-Node
Country-Code
HA-Geocountry
HA-Geocity
HA-Cloudapp
GMS-Ver
MIME-Version
X-V
X-Webstats-RespID
X-Cache-URL
X-Cdn-Origin
X-Clientip
X-Cdn-Srv
X-Up
X-Tumblr-Pixel-3
X-Trace-Id
X-Thinkindot-L3
X-TT-LOGID
X-Croise-Owner
X-Cache-Srv
X-Core-Mission
X-Backend-TTL
X-ShopId
X-Actual-URL
X-Shopify-Stage
X-Sorting-Hat-PodId
Adler-Geo
X-Sorting-Hat-ShopId
X-ShardId
X-Alternate-Cache-Key
X-Backend-Url
X-Cache-Host
X-Swa-Ws
X-Backend-State
X-Backend-Host
X-Variation
X-Sn-Servicetimems
X-MI-In-Market
X-MSEdge-Features
X-Request-URI
X-Matched-Rule
X-Location
X-Response-By
X-MSEdge-Flight
X-Nginx-Cache-Key
X-Passed-To-DLL
X-Passed-To-PostProcessResponse
X-Passed-To-BeforeDispatch
X-Passed-To
X-Reboot
X-RCS-CacheZone
X-Returned-From
X-Returned-From-BeforeDispatch
X-Fetched-On
X-FW-Version
X-Sf
X-Epic-Correlation-Id
X-Developers
Apple-News-Services-Handled
X-Gannett-Site-Version
X-Server-IP
X-Returned-From-PostProcessResponse
X-Returned-From-DLL
X-HTML-Minification-Powered-By
X-GeoIP-Country-Code
X-Secret
X-Stale
X-Cache-Expires
MI-Cache-Age
CDCHOST
Request-Country
MI-API
Thinkindot-CacheControl
Esi-Enabled
Countrycode
REQUESTUUID
Proxy-Connection
Request-EU
Platform
Origin
Odigeo-Trace-Id
Section-Io-Cache
Thinkindot-CacheControl-Type
MI-Cache
X-Policy
Apple-News-Services-Host
Thinkindot-Control
Apple-News-Services-Parsed-Url
Is-Eu
Uber-Trace-Id
Kp-EeAlive
Heartbleed
Powered
Apple-News-Services-Request-Url
X-Servername
Content-Disposition
X-Rebelmouse-Cache-Control
Fastly-SWR
ProcessTime
X-Device-Os
X-Fstrz
PFcat
X-ServiceProvider
X-Rebelmouse-Surrogate-Control
Decoy-Debug-TTL
Fastly-SIE
Fastly-Backend-Name
Decoy-Debug-Status
Decoy-Debug-Key
On-Server
HTTPS
PageSpeed
X-Dc
X-ElasticPress-Search
X-Worker
RNT-Machine
X-Content-Age
Cache-Tags
RNT-Time
Server-ID
X-Alicdn-Da-Ups-Status
Resin-Trace
X-Ckpd-Fst-Backend
Request-Time
True-Client-Country-4JS
X-Varnish-Beresp-Ttl
Xserver
X-Skip-Cache
X-Real-Ip
X-Ezoic-Cdn
X-CACHE-AGE
Sid
CACHE
X-B3-TraceId
Warning
Ar-Sid
X-Ua
Cache-Cookie-Set-From
Cache-Cookie-Set-Lfrom
RequestId
X-Pf-Uncompressing
Cache-Cookie-Set-Idcheck
X-Endurance-Cache-Level
X-TIME
Cteonnt-Length
X-Csrf-Token
X-Proto
X-Req
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
WP-Super-Cache
X-Oss-Request-Id
X-Oss-Server-Time
X-Newrelic-Synthetics
X-Oss-Storage-Class
X-GEO
Mail-Subject
CF-IPCountry
X-Surge-Debug
X-Planisys-CDN-Cache
X-Planisys-CDN-TTL
X-Refresh
We-Hiring
X-Planisys-CDN-Rules
X-Guploader-Uploadid
X-Nc
X-Servedbyhost
X-Pjax-Url
CDN
X-Cache-ASPX
Dnion-Transfer-Encoding
X-Aed
X-Varnish-Ttl
X-CSRF-Token
X-GoCache-CacheStatus
Pramga
X-Varnish-Beresp-TTL
X-CLOUD-TRACE-CONTEXT
Hostname
X-Atg-Version
X-Time
X-Edge-IP
TSSecure
GeoIp-Country-Code
Geoip-Latitude
X-COUNTRY
X-Ms-Lease-State
X-Server-W
X-Page-Type
NODE
X-DC
X-Oracle-Dms-Ecid
NnCoection
X-DataStream-Origin-MEX-Latency
X-Geo
X-Hello
X-DataStream-MidMile-RTT
X-Flog
X-Origin-Expires
X-ABtesting
X-Origin-Date
X-Ratelimit-Limit
X-Cdn-Forward
X-Amz-Cf-Pop
Cdn
X-Cache-Control-Set-By
X-HCF
A
X-Aicache-OS
X-Varnish-Url
X-Varnish-HitMiss
X-WA
SD-X-WS
Lfy
X-Auto-Login
X-Datadome
X-GRACE
X-Dynatrace-Js-Agent
MS-CV
Mime-Version
FSS-Proxy
FSS-Cache
X-Akamai-Request-ID2
X-Server-Group
WWW-Authenticate
Geoip-City
X-Unique-Id
Node
Processtime
X-Sentry-ID
PICS-Label
X-Varnish-URL
Rt-Proxy-Cache
X-Wix-Route-ID
X-Wa
X-UPSTREAM-Address
X-Via-NSCOPI
PageType
X-Use-Magma
X-From-Cache
X-APP
X-PAGE-TYPE
X-Cache-Id
X-Check-Cacheable
X-EC-Security-Audit
X-Nananana
X-NODE
Lb
X-Gdpr
Memcached
GeoIP-Latitude
Cdn-Request-Time
X-Thanos
X-Bip
X-Served-From
X-SRV
GeoIP-Country-Code
X-Edge-Server
X-Cache-Info
GeoIP-City
Cdn-Host
X-Gen-Id
X-CACHE-KEY
Ms-Operation-Id
X-Cookie
Dont-Set-Cookie
X-RTag
X-Be
X-MP-GENERATED-AT
X-GDPR
COMMERCE-SERVER-SOFTWARE
X-Proxy-Server
X-Fastly-Backend-Reqs
X-Request-Start
X-Load-Cache
X-WR-MODIFICATION
DataCenter
X-Fastly-Cache-Hits
Get-Access-Time
X-Cache-HT
X-FORWARDED-FOR
Is-Session-Tracking
X-Env
X-Optimization
Memory
UCS
X-Ratelimit-Remaining
Who
Pics-Label
X-Swift-Error
X-PJAX-URL
X-HS-Status
GW-Server
X-ServedByHost
V-Cache
X-RateLimit-Reset
Cf-Ipcountry
X-B3-SpanId
X-Cache-FS-Status
X-Ver
X-User
Group
X-Cache-Ttl
URI
X-Ibm-Trace
X-Fe
X-CDN-Pop
Ws
Cache-Hits
X-Dw-Trace-Id
X-Meta-Tbi-Cache-Vertical
X-CDN-Pop-IP
Amp-Access-Control-Allow-Source-Origin
X-ID
NX-Cache
X-GZIP
Requestid
X-Goog-Meta-Goog-Reserved-File-Mtime
Xet-Cookie
X-Bug-Bounty
Httpd-Identifier
AGE-Hash
X-VC
X-Vcache
X-Shard
X-PF-Uncompressing
X-SB
Serverid
Accept-Language
X-NGINX-Cache
X-BBXSRF
X-Cache-Debug
Locale
X-VG-WebCache
X-SVT-ORM-RULES
X-Content-Encoded-By
X-Li-Fabric
X-Urbn-Context-Path
X-Urbn-Site-Id
X-LI-UUID
X-LI-Proto
X-Li-Pop
X-SVT-ORM-VERSION
X-Wix-Petri-Ex
CDN-Cache
X-CacheKey
Powered-By
N-Cache
X-Varnish-Info
CDN-Cache-Hit
CDN-Node
X-Info
X-RequestId
Ohc-File-Size
X-Litespeed-Cache-Control
SID
X-Route-Name
X-Is-Crawler
Https
X-Grace-Duration
X-Cache-Handler
X-ServerName
X-Akamai-ERPolicy
X-Flags
X-Akamai-ERRuleID
X-Providence-Cookie
X-StackifyID
Version