Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
Last-Modified
Accept-Ranges
Pragma
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
Expect-CT
Via
X-Cache
X-XSS-Protection
Age
Access-Control-Allow-Origin
Content-Security-Policy
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Xss-Protection
X-Served-By
X-Amz-Cf-Id
X-Varnish
Referrer-Policy
X-Timer
CF-Cache-Status
X-FRAME-OPTIONS
Access-Control-Allow-Headers
X-AspNet-Version
X-Request-Id
Access-Control-Allow-Methods
X-Runtime
X-Download-Options
Access-Control-Allow-Credentials
X-Drupal-Cache
X-Cacheable
X-Request-ID
Alt-Svc
X-Generator
Content-Security-Policy-Report-Only
X-Check
X-AspNetMvc-Version
X-Adblock-Key
Status
X-Cache-Status
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Template
X-Permitted-Cross-Domain-Policies
X-Language
X-Iinfo
Content-Encoding
X-Content-Security-Policy
X-Turbo-Charged-By
X-CDN
X-Buckets
X-Type
Keep-Alive
Xkey
X-AH-Environment
X-Cache-Group
P3p
WPE-Backend
X-Pass-Why
X-Backend
Access-Control-Max-Age
X-Age
CF-Ray
X-POWERED-BY
Upgrade
X-Server
Access-Control-Expose-Headers
EagleId
X-Via
X-Nginx-Cache-Status
X-Server-Powered-By
X-Drupal-Dynamic-Cache
X-Pingback
X-Varnish-Cache
X-Amz-Id-2
X-Amz-Request-Id
X-Hacker
Grace
X-UA-Device
X-Swift-CacheTime
X-Swift-SaveTime
X-Robots-Tag
Ali-Swift-Global-Savetime
Cf-Railgun
X-Proxy-Cache
X-Envoy-Upstream-Service-Time
X-LiteSpeed-Cache
X-Page-Speed
X-Ua-Compatible
Request-Context
Content-Location
X-Device
X-Ac
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Cnection
X-Amz-Version-Id
X-Host
X-Server-Id
X-Node
Surrogate-Control
X-Cache-Lookup
X-Backend-Server
X-Rq
X-Response-Time
X-Rack-Cache
X-WebKit-CSP
X-Readtime
X-Application-Context
EagleEye-TraceId
X-OneAgent-JS-Injection
Server-Timing
X-Cloud-Trace-Context
X-Url
Pinterest-Generated-By
X-CST
Report-To
Request-Id
X-TTL
X-Instart-Request-ID
X-Country
X-Px
X-ORACLE-DMS-ECID
X-Clacks-Overhead
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Feature-Policy
Edge-Control
X-Country-Code
Rating
Allow
X-Dns-Prefetch-Control
X-DataDome
X-Powered-CMS
X-TtlSet
X-PC
X-Vname
NEL
X-FTR-Request-ID
Charset
X-Origin-Cache
X-DynaTrace-JS-Agent
X-ESI
X-DynaTrace
X-Server-Name
X-MS-InvokeApp
X-Cached
X-Goog-Hash
X-Vhost
X-GitHub-Request-Id
X-Recruiting
X-VARITI-CCR
X-Varnish-TTL
RTSS
X-Version
X-F-Cache
Content-MD5
X-Kinja-Build
X-Kinja-Revision
X-Kinja-Server
X-Kinja
X-Geo-Segment
X-Cdn-Fetch
X-Exp-Id
X-Exp-Variant
X-GoogleNews-Bot
X-Powered-By-Plesk
Accept-CH
Public-Key-Pins
PB-RID
X-Mobile-Rewrite
Arc-Version
X-D2id
PB-PID
X-Mod-Pagespeed
MS-Author-Via
Verso
X-Client-IP
Pinterest-Version
X-Upstream-Env
X-Pinterest-Rid
X-Abt-Application-Version
X-Dispatcher
SPRequestGuid
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-SharePointHealthScore
X-N
X-ORACLE-DMS-RID
X-Ruxit-JS-Agent
X-Amz-Rid
X-CF-Powered-By
Nginx-Cache
Accept-CH-Lifetime
X-Navigation-Version
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-Dw-Request-Base-Id
X-Trace
X-Fastly-Request-ID
Paypal-Debug-Id
X-Forwarded-Proto
X-DIS-Request-ID
X-T
X-Origin-Upstream-Status
X-Upstream
DynaTrace
X-Varnish-Age
X-Hits
X-Grace
Arr-Disable-Session-Affinity
SPIisLatency
SPRequestDuration
X-Amz-Meta-S3cmd-Attrs
TCN
AR-ATIME
AR-PoweredBy
X-Id
X-Oracle-Dms-Rid
X-Pad
X-Shield-Request-Id
AR-CACHE
X-Content-Options
X-Content-Digest
Realpath
X-NF-Request-ID
X-Server-ID
Access-Control-Request-Method
Mrf-Cache-Status
MRF-Tech
X-HW
X-Kinsta-Cache
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
X-IPLB-Instance
X-Acc-Meta-Resource-Type
X-Cache-Hit
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Goog-Metageneration
X-B
X-Vcap-Request-Id
X-Logged-In
X-Debug
X-FastCGI-Cache
X-SS-Set-Cookie
X-Wix-Server-Artifact-Id
X-XRDS-Location
X-Ser
Service-Worker-Allowed
S
Tracecode
X-MSEdge-Ref
X-Cache-Key
Server-Name
X-PressLabs-Stats
X-FTR-Realm
X-Frontend
X-Country-Code-Real
X-FTR-Backend
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-Cache-Status
X-FTR-DC
X-NewRelic-App-Data
Fastly-Restarts
AMP-Access-Control-Allow-Source-Origin
X-FTR-Expires
X-Accel-Buffering
Rt-Fastcgi-Cache
AR-SID
Surrogate-Key
Fastcgi-Cache
X-Forwarded-For
Alternate-Protocol
Eomportal-Instance
X-Analytics
Backend-Timing
X-Cache-Rule
X-HS-Hub-Id
X-HS-Content-Id
Host
TP-Cache
Cleartype
TP-L2-Cache
X-Revision
X-Rid
FilterID
Cache-Status
X-Srv
Public-Key-Pins-Report-Only
X-FTR-Cache-Host
X-Debug-Info
X-User-Agent
X-Whom
Front-End-Https
X-HeyJason
Permitted-Cross-Domain-Policies
X-Do-Not-Hack
X-Akam-SW-Version
ServerID
X-Mobile
X-XRDS-LOCATION
X-AOL-HN
X-Varnish-Backend
Accept-Charset
X-Webkit-CSP
X-GUploader-UploadID
X-RateLimit-Remaining
X-Cdn
X-TA-CDN-Provider
X-Cache-2
X-Iejgwucgyu
X-Kinja-Server-Push
X-Via-JSL
X-Request-Processing-Time
X-VCache
X-Request-Received
X-Zen-Fury
X-NWS-LOG-UUID
X-Oneagent-Js-Injection
X-Content-Powered-By
X-Ttl
X-Cached-By
X-WPE-Loopback-Upstream-Addr
X-App-Environment
X-LB-Cache
Viewport
X-Page-Id
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Varnish-Hostname
X-Tumblr-User
X-Magnolia-Registration
X-Cache-Control
Host-Header
X-Node-Name
X-Cluster
X-Request-Guid
X-Framework
X-Device-Type
X-Handled-By
X-Akamai-Edgescape
X-Platform-Server
X-TT
X-Signature
X-FB-Debug
X-Correlation-Id
X-Content-Security-Policy-Report-Only
X-BCube-Filmed-By
X-B-Cache
Upgrade-Insecure-Requests
X-B3-Sampled
X-Instance
Liferay-Portal
Cache-Tag
DC
X-Sol
X-Middleton-Display
Display
X-Cache-Server
X-Amzn-Trace-Id
X-Hostname
MicrosoftSharePointTeamServices
X-Origin-Server
Server-Node
X-B3-Traceid
X-Webkit-Csp
X-TT-TIMESTAMP
X-Fastcgi-Cache
X-Accel-Expires
Retry-After
X-WA-Info
Source
X-Varnish-Server
X-Esi
X-Distil-CS
X-Servedby
X-Contextid
HitType
Server-Info
HitInfo
X-Wix-Request-Id
X-Seen-By
X-Cache-Action
Content-Style-Type
X-Cache-Operation
Content-Script-Type
X-Edge-Location
X-Amz-Replication-Status
X-GeoIP
User-Agent
Webserver
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-Litespeed-Cache
X-S
SRV
X-RequestSource
X-Status
X-Jobs
GEO-INFO
Actual-Object-TTL
X-WebKit-CSP-Report-Only
X-APP-VERSION
X-Locale
X-FW-Static
X-FW-Hash
AsisCache
X-Generated-By
X-Edge-Cache
X-Edge-Cache-Key
X-FW-Type
X-FW-Serve
X-FW-Server
X-Response-Served-From
X-Region
X-Adobe-Content
X-Drupal-Cache-Tags
X-Newrelic-App-Data
ServedBy
X-Varnish-Hits
X-Adobe-Loc
X-UUID
X-TX-ID
X-Cache-NE
Refresh
Response
Healthy
X-Yottaa-Optimizations
X-Middleton-Response
X-Port
X-Yottaa-Metrics
X-Geo-Country
X-Hyper-Cache
X-DataStream-Cache-Status
X-ATG-Version
Payment
X-Cache-TTL-Remaining
S-Cnection
IBM-Web2-Location
X-Content-Type
Datacenter
X-Amz-Server-Side-Encryption
X-Varnish-Grace
X-Cache-Age
X-Daa-Tunnel
X-HS-Cache-Config
Edge-Cache-Tag
Filters
Country
NGB
X-Az
X-Activity-Id
X-AppVersion
X-Cache-Remote
Served-By
X-Pc-Hit
X-Pc-Key
HostName
X-Pc-Appver
X-Cache-TTL
X-Cacheable-TTL
X-Varnish-IP
Powered-By-ChinaCache
X-Sucuri-ID
X-HS-Combine-CSS
X-CDN-Forward
Pagespeed
X-App-Server
X-Vg-Webcache
X-Akamai-Transformed
X-UA
X-Mode
X-Mrs-Cache
X-Mshield-Cache-Status
X-Mrs-Cache-Hits
X-Is-Bot
X-Cache-Var
X-Mrs-Age
Meta-Geo
X-Kong-Proxy-Latency
X-ProcessESI
Machine
X-Kong-Upstream-Latency
Load-Balancing
X-Rendered-As
X-Proxied
X-Detected-As
X-RemovedCookies
X-Cache-Var-Map
X-RN-RSRV
X-Rule
X-FC-Vary-Parameters
X-Proxy
X-Rocket-Nginx-Bypass
OT-Force-Account-Verify
Webcakes-Region
Property-Id
X-Origin-Hint
X-Varnish-Cache-Hits
TWC-GeoIP-LatLong
X-Varnish-Cacheable
TWC-GeoIP-Country
TWC-Device-Class
Mn-Server-Ip
X-OCL
X-Origin
TWC-Locale-Group
TWC-Connection-Speed
X-Hosted-By
X-Grey
X-Amz-Meta-Surrogate-Control
User-Cache-Control
X-BYPASS-REASON
TWC-Privacy
Cache-Name
X-ServerID
X-ProxyCache-Key
DB-Nickname
X-ProxyCache-Status
Backend
Webcakes-App-Version
Access-Control-Allow-Method
X-Human
X-Cache-Category-Id
X-PCL
Webcakes-App-Name
X-Tb
Azure-SlotName
Azure-InstanceId
L5d-Success-Class
Azure-RegionName
X-Format
Azure-SiteName
X-Zipkin-Id
X-Loop
X-Access
X-Generated
X-Routing-Service
X-Debug-Cache
X-CDN-Cache
X-NodeID
X-JoinUs
X-BB-IP
X-Original-Request
X-OVcl
X-TNCMS
X-Hit
S-Rt
X-Upgrade-Enabled
X-Site-Version
X-EIG-Tracking-Id
X-OVcl-Cache
X-Section
Now
Azure-Version
X-Correlation-ID
X-Pubstack
X-Proxy-Build
X-PERF
X-Agile-Id
X-SplitTest
Fastcgi-X-Cache
Fastcgi-X-Cache-Version
X-ApacheServer
X-NGENIX-Cache
X-LJ-Flow-ID
X-Cache-Config
X-AWS-Id
X-App-Name
X-Environment-Context
X-IP
X-L-Path
Selected-FE
ServerName
Fastcgi-Useragent
X-Timing-Wait
X-HOST
X-Upstream-HT
X-Agile-Age
X-Agile
Access-Control-Request-Headers
X-VWS-Id
X-Via-Fastly
Cache-Key
X-Viewer-Country
X-Upstream-CT
X-Drupal-Cache-Contexts
X-CCM
X-TWH-CORRELATION-ID
X-Ocache
X-Www-Served-By
X-URL
X-Origin-CC
From-Origin
X-Xfnlog-Site
X-Nginx-Cache
X-Source
X-Backend-Name
X-Amzn-RequestId
X-Amz-Apigw-Id
Cache
X-Unique-ID
LB
X-Akamai-Request-ID
X-Forwarded-Host
Fastly-SSL
X-SERVER-NAME
X-RateLimit-Limit
X-Storage
X-Vgn-Hpd-Reason
X-Feature
X-Pc-Date
X-Pc-Host
X-App-Version
X-Ms-Lease-Status
ViewerVersion
X-Ms-Blob-Type
X-Ms-Request-Id
X-Ms-Version
X-Birta-Cache-Post
X-Birta-Served
NtCoent-Length
X-M-Log
X-Qnm-Cache
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-M-Reqid
AR-Request-ID
X-Labrador-Cache-Channel
X-Time-Microsecs
X-NCache
X-VG-TLSProxy
X-Internal-Host
X-Distributor
X-Real-Ip
X-Ruxit-Js-Agent
X-Real-IP
X-Release
X-Cluster-Node
X-Microcachable
X-EdgeConnect-Cache-Status
Time
Xserver
Ar-Sid
CACHE
X-Powered-By-ANYU
WZWS-RAY
X-B3-Spanid
X-NC
X-Sucuri-Cache
X-Cache-Enabled
X-Guploader-Uploadid
X-Request-Time
X-Developer
X-Rewrite-Enabled
X-Generated-In
X-Rojux
X-IN-WAF
X-Destination
X-Region-Sid
X-Irp-Debug
X-IN-SSL-APIGATEWAY
X-Died
X-Logtrace-Id
X-Dispatcher-Server
X-Generation-Time
X-From
X-Date
X-Request-UUID
X-IN-APIGATEWAY
X-G
X-DPWN-IS-SECURE
X-CUA
V-Age
Viewtype
X-B-Cookie
X-ARC
T-Server
Server-Int
Rendered-Blocks
X-S-Cookie
REQUESTUUID
VivaBuild
X-Org
X-A-Dgt
X-Application
X-NU-AKA-ACS-Version
X-Accel-Expires-Debug
X-A-Dcw
X-A-Dam
Www
X-A
X-A-Ccd
NGX
X-BB-ID
X-D
X-A-Wwc
X-Connection-Hash
X-CF-Lambda-Version
Ec-Rule-Version
Cache-Prefix
AKAMAI
Arc-Country
BehaviorPad-Version
Fly-Cache
Fly-Request-Id
Mobile-Detection-Method
X-No-Session
X-Cache-Bucket
X-CF-Lambda-Fn
Meta-Geo-Continent
IsBot
X-PAYTM-SRV-ID
MD5-Digest
Ajk
X-Redis-Cache
X-Via-SSL
X-Via-Edge
X-SRCache-Key
X-WebServer
Xc-Version
X-Via-CDN
X-Cache-Backend
X-Twitter-Response-Tags
X-Trv-Group
X-UE-Client-Country
X-Transaction
X-VG-WebServer
X-SIPLIST1
X-Store
ProcessTime
Cneonction
X-ScT
X-Server-Time
X-Server-By
X-FireWall-Port
X-Varnish-Beresp-Ttl
X-F5-Cache
Origin-Edge-Control
Powered
Frame-Options
X-RateLimit-Limit-Second
X-Policy
Origin-Cache-Control
Pragrma
Magicmarker
X-Owner
Web-Mar-Node
X-Origin-TTL
X-RateLimit-Remaining-Second
SN
Server-Host
X-UnsetCookies
X-Platform
GMS-Ver
HA-Servedtime
HA-Ipaddr
HA-Host
HA-Urlpath
NodeID
X-S-Maxage
X-Fastly-Cache
Ha-Gx-Prefs
HA-Georegion
HA-Cloudapp
X-Phone
X-Varnish-Action
HA-Geocity
HA-Geocountry
HA-Geolon
HA-Geolat
X-Layer
X-VCT
X-CS
X-Eu-Site
X-Wikidot-Backend
X-Crawler
X-Web-Node
X-We-Are-Hiring
X-CGP
X-Wikidot-Static-Cache
X-Sorting-Hat-ShopId
X-Amz-Cf-Pop
X-Alternate-Cache-Key
X-ShardId
X-ShopId
X-Sorting-Hat-PodId
X-Shopify-Stage
X-Key
Pagetype
X-Amz-Meta-Cache-Control
X-UA-Device-Type
X-Hl-Ver
X-Gen-Mode
X-GeoIP-City
X-Hnp-Log
Country-Code
Backend-Name
X-VServer
X-Cache-CFC
X-Hash
X-Node-Id
X-External-Request-Id
X-Block-Status
X-Endurance-Cache-Level
X-C
X-B3-TraceId
X-CACHE-AGE
X-Webstats-RespID
X-Nginx-Cache-Key
X-Cache-Expires
X-Stale
Apple-News-Services-Handled
X-Reboot
X-MSEdge-Flight
Adler-Geo
X-ElasticPress-Search
X-Cdn-Srv
X-Cache-URL
X-Cache-Srv
Apple-News-Services-Host
Apple-News-Services-Request-Url
X-Actual-URL
X-Thinkindot-L3
CDCHOST
X-RCS-CacheZone
X-NX-Host
X-Swa-Ws
Kp-EeAlive
X-Clientip
X-Backend-Url
X-Backend-TTL
X-Backend-State
Apple-News-Services-Parsed-Url
X-Core-Value
X-Gannett-Site-Version
X-Matched-Rule
X-FW-Version
X-Fetched-On
X-Returned-From-DLL
X-GeoIP-Country-Code
X-Location
X-Instance-Name
X-HTML-Minification-Powered-By
X-Secret
X-Returned-From-PostProcessResponse
X-Returned-From-BeforeDispatch
X-Sf
X-Response-By
X-Debug-Cookies
X-Request-URI
X-Croise-Owner
Countrycode
X-Debug-Log
X-Developers
X-Epic-Correlation-Id
X-MI-In-Market
X-MSEdge-Features
X-Returned-From
X-Core-Mission
X-Backend-Host
Odigeo-Trace-Id
Esi-Enabled
Origin
Heartbleed
X-Up
Thinkindot-Control
Thinkindot-CacheControl-Type
Release
Section-Io-Cache
X-Passed-To-BeforeDispatch
X-TT-LOGID
Request-EU
Request-Country
Platform
X-GZip
Is-Eu
X-Passed-To-DLL
Uber-Trace-Id
Thinkindot-CacheControl
X-Passed-To-PostProcessResponse
MI-Cache-Age
MI-Cache
X-Variation
MI-API
X-Tumblr-Pixel-3
X-Var-Ttl
X-Passed-To
X-Ua
X-Ezoic-Cdn
X-Worker
HTTPS
X-V
Cache-Cookie-Set-Lfrom
X-Fstrz
X-Oracle-Dms-Ecid
Proxy-Connection
X-Server-IP
X-Newrelic-Synthetics
Cache-Cookie-Set-Idcheck
Resin-Trace
X-Device-Os
X-Trace-Id
X-Servername
Cache-Cookie-Set-From
On-Server
X-ServiceProvider
X-Sn-Servicetimems
True-Client-Country-4JS
Fastly-Backend-Name
X-Cache-Host
RNT-Time
X-NWS-UUID-VERIFY
Decoy-Debug-TTL
Content-Disposition
Decoy-Debug-Status
Cache-Tags
X-Cdn-Origin
Server-ID
X-Content-Age
Decoy-Debug-Key
RNT-Machine
X-Ckpd-Fst-Backend
X-Nc
X-Rebelmouse-Surrogate-Control
X-Alicdn-Da-Ups-Status
X-Rebelmouse-Cache-Control
X-Surge-Debug
X-Skip-Cache
X-Dc
MIME-Version
Fastly-SIE
Warning
Fastly-SWR
Host-ID
XServer
X-Csrf-Token
X-Pf-Uncompressing
PageSpeed
Cteonnt-Length
X-TIME
X-Aed
X-Req
RequestId
Sid
X-Proto
Request-Time
PFcat
X-Refresh
Pramga
We-Hiring
Mail-Subject
X-PHP-Backend
X-Dynatrace-Js-Agent
X-Edge-IP
X-Atg-Version
X-GEO
X-Ratelimit-Limit
CF-IPCountry
TSSecure
X-Ms-Lease-State
X-Pjax-Url
X-Varnish-Ttl
X-Geo
X-Time
WP-Super-Cache
X-Server-W
X-Planisys-CDN-TTL
X-Hello
X-Planisys-CDN-Cache
X-Servedbyhost
X-Planisys-CDN-Rules
X-Page-Type
X-ABtesting
X-Flog
X-CLOUD-TRACE-CONTEXT
X-DC
X-Oss-Hash-Crc64ecma
X-Oss-Server-Time
CDN
X-Varnish-Url
X-Oss-Request-Id
X-COUNTRY
X-Oss-Storage-Class
X-Oss-Object-Type
X-Cdn-Forward
Cdn
X-CSRF-Token
Dnion-Transfer-Encoding
Geoip-Latitude
X-Cache-ASPX
X-Auto-Login
Lfy
GeoIp-Country-Code
Mime-Version
X-GoCache-CacheStatus
X-Unique-Id
X-DataStream-Origin-MEX-Latency
FSS-Cache
X-DataStream-MidMile-RTT
FSS-Proxy
X-Aicache-OS
X-Varnish-Beresp-TTL
A
X-Akamai-Request-ID2
X-GRACE
MS-CV
Rt-Proxy-Cache
X-WA
X-Datadome
X-Sentry-ID
NnCoection
PageType
X-Origin-Expires
X-Origin-Date
X-Via-NSCOPI
X-EC-Security-Audit
NODE
X-HCF
Memcached
X-Cache-Control-Set-By
X-Served-From
X-Thanos
X-Cache-Id
X-Wa
X-Varnish-HitMiss
Node
X-Bip
X-MP-GENERATED-AT
X-Check-Cacheable
X-Cache-Info
Hostname
SD-X-WS
X-Use-Magma
X-UPSTREAM-Address
GeoIP-Country-Code
X-Be
X-Proxy-Server
X-Server-Group
WWW-Authenticate
X-Request-Start
X-APP
GeoIP-Latitude
X-Nananana
X-FORWARDED-FOR
X-NODE
Memory
X-SRV
GeoIP-City
X-Ratelimit-Remaining
Geoip-City
UCS
GW-Server
X-Fastly-Cache-Hits
X-Cookie
X-Wix-Route-ID
PICS-Label
X-Varnish-URL
X-CACHE-KEY
X-PAGE-TYPE
X-User
X-Gen-Id
X-From-Cache
Processtime
X-ServedByHost
X-GDPR
X-RTag
X-Load-Cache
Ms-Operation-Id
X-WR-MODIFICATION
DataCenter
Cache-Hits
Cdn-Request-Time
X-HS-Status
X-PJAX-URL
Cdn-Host
X-Edge-Server
X-Fastly-Backend-Reqs
X-Gdpr
Accept-Language
Pics-Label
COMMERCE-SERVER-SOFTWARE
X-Goog-Meta-Goog-Reserved-File-Mtime
Cf-Ipcountry
X-Vcache
X-Swift-Error
X-LI-Proto
X-BBXSRF
X-Cache-Debug
X-Cache-Ttl
X-LI-UUID
X-Urbn-Site-Id
Locale
X-Urbn-Context-Path
X-Li-Pop
X-B3-SpanId
X-Li-Fabric
Dont-Set-Cookie
X-Path-Route
Group
X-Cache-HT
X-VG-WebCache
X-Dw-Trace-Id
X-Env
Lb
X-RateLimit-Reset
X-Fe
V-Cache
Is-Session-Tracking
X-Optimization
X-CDN-Pop-IP
X-CDN-Pop
X-Info
Get-Access-Time
Amp-Access-Control-Allow-Source-Origin
X-ID
X-Content-Encoded-By
NX-Cache
Who
URI
SS
X-Qloud-Router
X-PF-Uncompressing
X-Bug-Bounty
Fastly-Soc-X-Request-Id
Requestid
X-GZIP
X-NGINX-Cache
Serverid
CDN-Cache
X-Akamai-SSL-Client-Sid
X-P-T
X-Ver
CDN-Cache-Hit
X-CacheKey
X-Cache-FS-Status
AGE-Hash
CDN-Node
X-Varnish-Info
Xet-Cookie
SID
X-SN
X-BE
X-Serial
X-Akamai-ERPolicy
X-SB
X-Flags
X-Is-Crawler
X-Litespeed-Cache-Control
X-Shard
X-VC
X-RequestId
X-Providence-Cookie
X-Route-Name
X-Grace-Duration
N-Cache
Ws
Https
X-Akamai-ERRuleID
X-ServerName
X-Ibm-Trace
X-Meta-Tbi-Cache-Vertical