Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
Last-Modified
Accept-Ranges
Pragma
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
Expect-CT
Via
X-Cache
X-XSS-Protection
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Xss-Protection
X-Served-By
X-Amz-Cf-Id
X-Varnish
Referrer-Policy
X-Timer
CF-Cache-Status
Access-Control-Allow-Headers
X-AspNet-Version
Access-Control-Allow-Methods
X-Request-Id
X-Runtime
X-Download-Options
Access-Control-Allow-Credentials
X-FRAME-OPTIONS
X-Request-ID
X-Drupal-Cache
X-Cacheable
Alt-Svc
X-Generator
Content-Security-Policy-Report-Only
X-Check
X-Adblock-Key
X-AspNetMvc-Version
Status
X-Cache-Status
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Permitted-Cross-Domain-Policies
X-Template
X-Language
X-Iinfo
Content-Encoding
X-Content-Security-Policy
X-Turbo-Charged-By
X-CDN
X-Buckets
X-Type
Keep-Alive
Xkey
X-AH-Environment
X-Cache-Group
WPE-Backend
X-Pass-Why
X-Backend
Access-Control-Max-Age
X-Age
CF-Ray
Upgrade
X-POWERED-BY
X-Server
Access-Control-Expose-Headers
EagleId
X-Via
X-Nginx-Cache-Status
X-Server-Powered-By
X-Drupal-Dynamic-Cache
X-Pingback
X-Varnish-Cache
X-Amz-Request-Id
X-Amz-Id-2
X-Hacker
Grace
X-UA-Device
X-Swift-CacheTime
X-Swift-SaveTime
X-Robots-Tag
Ali-Swift-Global-Savetime
P3p
Cf-Railgun
X-LiteSpeed-Cache
X-Proxy-Cache
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Ua-Compatible
Request-Context
Content-Location
X-Device
X-Ac
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Amz-Version-Id
X-Cnection
X-Host
X-Server-Id
Surrogate-Control
X-Cache-Lookup
X-Node
X-Backend-Server
X-Rq
X-Response-Time
X-Rack-Cache
X-Readtime
X-Application-Context
X-WebKit-CSP
EagleEye-TraceId
X-OneAgent-JS-Injection
Server-Timing
X-Cloud-Trace-Context
X-Url
Report-To
Pinterest-Generated-By
Request-Id
X-CST
X-TTL
X-Instart-Request-ID
X-Country
X-ORACLE-DMS-ECID
X-Px
X-Clacks-Overhead
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Feature-Policy
Edge-Control
X-Country-Code
Rating
X-Dns-Prefetch-Control
X-DataDome
Allow
X-ESI
NEL
X-Powered-CMS
X-Vname
X-TtlSet
X-PC
X-Origin-Cache
X-FTR-Request-ID
X-Server-Name
Charset
X-DynaTrace
X-Cached
X-DynaTrace-JS-Agent
X-MS-InvokeApp
X-Vhost
X-Goog-Hash
X-GitHub-Request-Id
X-Recruiting
X-VARITI-CCR
X-Varnish-TTL
RTSS
X-Version
Content-MD5
X-Kinja-Build
X-Kinja-Revision
X-Kinja-Server
X-Kinja
X-GoogleNews-Bot
X-Exp-Id
X-Exp-Variant
X-Geo-Segment
X-Cdn-Fetch
X-Powered-By-Plesk
X-F-Cache
Accept-CH
X-D2id
Public-Key-Pins
Arc-Version
PB-PID
PB-RID
X-Mobile-Rewrite
X-Mod-Pagespeed
MS-Author-Via
Verso
X-Client-IP
X-Dispatcher
X-Abt-Application-Version
X-Upstream-Env
X-Pinterest-Rid
Pinterest-Version
SPRequestGuid
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Ruxit-JS-Agent
X-SharePointHealthScore
X-N
X-Amz-Rid
Nginx-Cache
X-Navigation-Version
Accept-CH-Lifetime
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Dw-Request-Base-Id
X-Trace
X-Fastly-Request-ID
X-CF-Powered-By
X-Oracle-Dms-Rid
X-Forwarded-Proto
X-ORACLE-DMS-RID
Paypal-Debug-Id
X-Origin-Upstream-Status
X-DIS-Request-ID
SPIisLatency
SPRequestDuration
X-Hits
X-T
X-Varnish-Age
X-Upstream
DynaTrace
Arr-Disable-Session-Affinity
X-Amz-Meta-S3cmd-Attrs
TCN
X-Id
X-Shield-Request-Id
X-Grace
X-Pad
AR-ATIME
AR-PoweredBy
X-Content-Options
AR-CACHE
Realpath
X-Content-Digest
X-NF-Request-ID
X-HW
X-Server-ID
Access-Control-Request-Method
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
MRF-Tech
Mrf-Cache-Status
X-Kinsta-Cache
X-Acc-Meta-Resource-Type
X-XRDS-Location
X-IPLB-Instance
X-Goog-Generation
X-Goog-Storage-Class
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Vcap-Request-Id
X-Debug
X-Cache-Hit
X-B
X-Logged-In
X-Wix-Server-Artifact-Id
X-SS-Set-Cookie
X-NewRelic-App-Data
Service-Worker-Allowed
Tracecode
X-Ser
X-FastCGI-Cache
S
X-MSEdge-Ref
Fastly-Restarts
Server-Name
X-PressLabs-Stats
X-Frontend
X-FTR-Balancer
X-Country-Code-Real
X-FTR-Backend
X-FTR-Realm
X-FTR-Backend-Server
X-FTR-DC
X-FTR-Cache-Status
X-Accel-Buffering
X-FTR-Expires
Rt-Fastcgi-Cache
Surrogate-Key
X-Cache-Key
X-Forwarded-For
Fastcgi-Cache
AMP-Access-Control-Allow-Source-Origin
X-Analytics
Backend-Timing
X-Iejgwucgyu
Alternate-Protocol
X-HS-Content-Id
X-HS-Hub-Id
Eomportal-Instance
X-Cache-Rule
Host
FilterID
X-Revision
X-Rid
Cleartype
TP-L2-Cache
TP-Cache
X-Srv
Front-End-Https
Public-Key-Pins-Report-Only
Cache-Status
X-FTR-Cache-Host
X-User-Agent
X-Debug-Info
X-Akam-SW-Version
X-Whom
X-Mobile
ServerID
AR-SID
X-Webkit-Csp
Accept-Charset
X-AOL-HN
X-Webkit-CSP
X-Varnish-Backend
X-Cdn
X-Cache-2
X-RateLimit-Remaining
X-Request-Received
X-Request-Processing-Time
X-Oneagent-Js-Injection
X-Zen-Fury
X-Ttl
X-Content-Powered-By
X-Cached-By
X-XRDS-LOCATION
X-Via-JSL
X-Correlation-Id
X-NWS-LOG-UUID
X-TA-CDN-Provider
X-WPE-Loopback-Upstream-Addr
X-VCache
X-App-Environment
X-GUploader-UploadID
X-Do-Not-Hack
X-HeyJason
Permitted-Cross-Domain-Policies
X-Middleton-Display
X-LB-Cache
X-Sol
Display
Host-Header
X-Page-Id
X-Magnolia-Registration
X-Cache-Control
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Tumblr-User
X-Varnish-Hostname
X-Framework
Viewport
X-Device-Type
X-Akamai-Edgescape
X-Cluster
X-TT
X-Request-Guid
X-Node-Name
Upgrade-Insecure-Requests
X-Content-Security-Policy-Report-Only
X-B-Cache
X-FB-Debug
X-Handled-By
X-Signature
X-Platform-Server
X-B3-Sampled
X-Instance
Cache-Tag
DC
Liferay-Portal
X-Fastcgi-Cache
X-BCube-Filmed-By
X-Amzn-Trace-Id
X-Cache-Server
MicrosoftSharePointTeamServices
X-Hostname
Server-Node
X-Origin-Server
X-TT-TIMESTAMP
X-Accel-Expires
Retry-After
X-Varnish-Server
X-WA-Info
Source
X-Distil-CS
X-Contextid
X-Servedby
X-Seen-By
X-Wix-Request-Id
X-Edge-Location
HitInfo
HitType
X-B3-Traceid
Server-Info
X-Amz-Replication-Status
X-Cache-Action
Content-Style-Type
Content-Script-Type
X-GeoIP
SRV
X-S
X-RequestSource
X-Cache-Operation
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
Webserver
X-Middleton-Response
X-Locale
Response
GEO-INFO
X-Jobs
X-ATG-Version
Actual-Object-TTL
X-Generated-By
X-Status
User-Agent
X-WebKit-CSP-Report-Only
X-FW-Type
X-FW-Static
X-FW-Hash
AsisCache
X-Drupal-Cache-Tags
X-FW-Serve
X-FW-Server
X-Region
X-Cache-NE
X-Response-Served-From
X-Adobe-Loc
X-Edge-Cache
ServedBy
X-UUID
X-Varnish-Hits
Refresh
X-Edge-Cache-Key
X-TX-ID
X-Adobe-Content
X-Yottaa-Metrics
X-Yottaa-Optimizations
Healthy
X-Port
X-Esi
Payment
X-Geo-Country
X-Hyper-Cache
X-Cache-TTL-Remaining
X-DataStream-Cache-Status
X-Cache-Age
X-APP-VERSION
S-Cnection
X-Content-Type
X-Newrelic-App-Data
IBM-Web2-Location
Edge-Cache-Tag
Datacenter
X-HS-Cache-Config
Country
X-Varnish-Grace
HostName
X-Amz-Server-Side-Encryption
X-HS-Combine-CSS
Served-By
Filters
Powered-By-ChinaCache
X-Daa-Tunnel
X-Az
X-AppVersion
NGB
X-Activity-Id
X-Pc-Key
X-Pc-Appver
X-Varnish-IP
X-Sucuri-ID
X-Pc-Hit
X-Cache-Remote
X-Cacheable-TTL
X-App-Server
X-Cache-TTL
X-Vg-Webcache
X-Akamai-Transformed
X-Mrs-Cache-Hits
X-Kinja-Server-Push
X-UA
X-Mode
X-Mshield-Cache-Status
X-Mrs-Cache
X-Mrs-Age
X-RN-RSRV
Meta-Geo
X-Kong-Upstream-Latency
X-Rendered-As
X-Cache-Var-Map
X-RemovedCookies
X-Rule
X-Detected-As
X-Cache-Var
Load-Balancing
X-Is-Bot
Machine
X-Kong-Proxy-Latency
X-ProcessESI
X-ProxyCache-Key
X-Proxy
X-BYPASS-REASON
X-ProxyCache-Status
X-Rocket-Nginx-Bypass
Webcakes-App-Version
Property-Id
TWC-Connection-Speed
TWC-Device-Class
Access-Control-Allow-Method
TWC-Privacy
X-Grey
TWC-Locale-Group
Cache-Name
OT-Force-Account-Verify
TWC-GeoIP-LatLong
TWC-GeoIP-Country
Webcakes-App-Name
DB-Nickname
X-Origin
X-OCL
X-FC-Vary-Parameters
X-Origin-Hint
X-PCL
X-Varnish-Cache-Hits
Mn-Server-Ip
X-Varnish-Cacheable
X-Amz-Meta-Surrogate-Control
X-Tb
X-ServerID
X-Cache-Category-Id
Webcakes-Region
Backend
X-Proxied
Azure-Version
X-OVcl-Cache
X-Hosted-By
X-Routing-Service
X-Site-Version
X-Section
X-OVcl
X-Original-Request
Azure-InstanceId
X-JoinUs
Azure-RegionName
X-Loop
Azure-SlotName
Azure-SiteName
X-Hit
X-Generated
L5d-Success-Class
X-Zipkin-Id
Now
X-App-Version
X-CDN-Cache
X-EIG-Tracking-Id
User-Cache-Control
X-Access
X-TNCMS
X-Format
X-BB-IP
X-Upgrade-Enabled
X-Upstream-HT
X-Upstream-CT
X-Human
X-App-Name
X-Agile
ServerName
Selected-FE
X-Agile-Age
X-Agile-Id
X-Cache-Config
X-ApacheServer
X-AWS-Id
X-LJ-Flow-ID
X-VWS-Id
X-TWH-CORRELATION-ID
X-Timing-Wait
X-Www-Served-By
X-Debug-Cache
X-Viewer-Country
X-Via-Fastly
X-HOST
X-SplitTest
S-Rt
X-L-Path
X-IP
X-NGENIX-Cache
X-NodeID
X-Pubstack
X-PERF
X-Environment-Context
X-Proxy-Build
X-Drupal-Cache-Contexts
Fastcgi-Useragent
Fastcgi-X-Cache
X-Source
Fastcgi-X-Cache-Version
Cache-Key
From-Origin
Access-Control-Request-Headers
X-URL
X-Origin-CC
X-Ocache
X-CCM
X-Amzn-RequestId
X-Amz-Apigw-Id
X-CDN-Forward
Pagespeed
Cache
X-Xfnlog-Site
LB
X-Nginx-Cache
X-Feature
X-Backend-Name
X-Unique-ID
X-Forwarded-Host
X-Correlation-ID
Ar-Sid
X-RateLimit-Limit
ViewerVersion
X-Litespeed-Cache
Fastly-SSL
NtCoent-Length
X-Akamai-Request-ID
X-Guploader-Uploadid
X-Pc-Host
X-Pc-Date
X-Ms-Request-Id
X-Ms-Version
X-Ms-Blob-Type
X-Ms-Lease-Status
X-Storage
X-Vgn-Hpd-Reason
X-M-Reqid
X-Qnm-Cache
X-M-Log
X-Birta-Cache-Post
X-Birta-Served
X-Varnish-Beresp-Status
X-Real-Ip
X-Varnish-Beresp-Grace
X-Labrador-Cache-Channel
X-Cluster-Node
X-VG-TLSProxy
X-B3-TraceId
X-NCache
X-Time-Microsecs
Xserver
X-Internal-Host
X-Ruxit-Js-Agent
X-Release
X-Distributor
X-Microcachable
Time
X-EdgeConnect-Cache-Status
AR-Request-ID
PageSpeed
CACHE
X-Powered-By-ANYU
WZWS-RAY
X-B3-Spanid
ProcessTime
X-Cache-Enabled
X-Sucuri-Cache
X-Request-Time
X-Real-IP
X-SERVER-NAME
X-Dynatrace-Js-Agent
X-Nc
X-BB-ID
X-CF-Lambda-Version
X-Cache-Bucket
X-CF-Lambda-Fn
X-B-Cookie
X-Irp-Debug
X-Developer
X-Died
X-Region-Sid
X-Date
X-Redis-Cache
X-Dispatcher-Server
X-CUA
X-D
X-Connection-Hash
X-A-Wwc
REQUESTUUID
Rendered-Blocks
Server-Int
T-Server
Viewtype
V-Age
Ec-Rule-Version
NGX
MD5-Digest
IsBot
Fly-Request-Id
Fly-Cache
Mobile-Detection-Method
Meta-Geo-Continent
Cache-Prefix
VivaBuild
Ajk
AKAMAI
X-Request-UUID
X-Accel-Expires-Debug
X-Application
X-Web-Node
X-A-Dgt
X-A-Dcw
BehaviorPad-Version
Www
X-A
Arc-Country
X-A-Dam
X-A-Ccd
X-ARC
X-Destination
X-Generation-Time
X-VG-WebServer
X-IN-APIGATEWAY
X-IN-SSL-APIGATEWAY
X-No-Session
X-Generated-In
X-S-Cookie
X-WebServer
X-Via-SSL
X-Via-Edge
X-UE-Client-Country
X-Twitter-Response-Tags
X-Store
X-Server-Time
X-SRCache-Key
X-SIPLIST1
X-Server-By
X-Transaction
X-Logtrace-Id
X-IN-WAF
X-ScT
X-Trv-Group
X-Rojux
X-Via-CDN
X-PAYTM-SRV-ID
X-Rewrite-Enabled
X-From
X-NU-AKA-ACS-Version
X-Org
X-DPWN-IS-SECURE
X-G
Xc-Version
X-Cache-Backend
X-Endurance-Cache-Level
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-Alternate-Cache-Key
X-Varnish-Beresp-Ttl
X-FireWall-Port
X-ShardId
X-ShopId
X-Shopify-Stage
Origin-Edge-Control
NodeID
Origin-Cache-Control
X-Key
SN
X-Wikidot-Static-Cache
X-Layer
Release
Pragrma
Magicmarker
HA-Host
Ha-Gx-Prefs
HA-Georegion
HA-Geolon
HA-Ipaddr
HA-Servedtime
X-External-Request-Id
X-F5-Cache
X-Eu-Site
HA-Urlpath
X-Fastly-Cache
X-CS
X-RateLimit-Remaining-Second
X-VServer
X-Phone
X-Amz-Meta-Cache-Control
X-Origin-TTL
X-Block-Status
X-We-Are-Hiring
X-S-Maxage
X-Gen-Mode
X-Wikidot-Backend
X-Cache-CFC
X-Crawler
X-RateLimit-Limit-Second
X-GeoIP-City
Web-Mar-Node
X-Varnish-Action
X-Policy
X-UnsetCookies
X-Platform
X-CGP
X-VCT
X-Hash
X-Hl-Ver
X-Hnp-Log
HA-Geolat
X-Owner
Server-Host
X-UA-Device-Type
Frame-Options
HA-Geocountry
GMS-Ver
Backend-Name
HA-Geocity
HA-Cloudapp
Country-Code
X-Dc
X-Webstats-RespID
X-Amz-Cf-Pop
X-Newrelic-Synthetics
X-Ezoic-Cdn
X-ElasticPress-Search
X-Returned-From-DLL
X-Returned-From-BeforeDispatch
X-Returned-From
X-Cache-Expires
X-C
X-Response-By
X-Request-URI
X-Backend-State
X-MI-In-Market
Adler-Geo
Apple-News-Services-Handled
Apple-News-Services-Host
X-FW-Version
Apple-News-Services-Parsed-Url
X-Actual-URL
X-Secret
X-Backend-TTL
X-Backend-Url
X-Cache-Srv
X-Backend-Host
Resin-Trace
X-Returned-From-PostProcessResponse
X-Clientip
X-Epic-Correlation-Id
Cneonction
X-Passed-To
X-Device-Os
X-Developers
X-RCS-CacheZone
X-NX-Host
X-Nginx-Cache-Key
X-Fetched-On
X-Sf
X-Node-Id
X-Passed-To-BeforeDispatch
X-Passed-To-DLL
X-Core-Value
X-Core-Mission
X-Reboot
X-MSEdge-Features
X-Croise-Owner
X-Gannett-Site-Version
X-Debug-Log
X-Debug-Cookies
X-Passed-To-PostProcessResponse
X-MSEdge-Flight
X-Cache-URL
Apple-News-Services-Request-Url
Countrycode
X-Tumblr-Pixel-3
Proxy-Connection
Request-Country
Request-EU
Odigeo-Trace-Id
X-Stale
X-Swa-Ws
Kp-EeAlive
X-TT-LOGID
X-Instance-Name
Origin
Esi-Enabled
MI-Cache-Age
MI-Cache
Platform
X-Thinkindot-L3
Is-Eu
Section-Io-Cache
X-Variation
X-Matched-Rule
X-Var-Ttl
CDCHOST
Cache-Cookie-Set-Lfrom
X-GeoIP-Country-Code
Cache-Cookie-Set-From
X-Server-IP
Cache-Cookie-Set-Idcheck
Uber-Trace-Id
Heartbleed
X-Location
Thinkindot-CacheControl-Type
Thinkindot-Control
Thinkindot-CacheControl
X-Up
X-GZip
X-Ua
X-NC
X-NWS-UUID-VERIFY
MI-API
HTTPS
X-HTML-Minification-Powered-By
X-Content-Age
X-Fstrz
Decoy-Debug-Key
X-Sn-Servicetimems
Content-Disposition
RNT-Time
X-Worker
RNT-Machine
Cache-Tags
X-Surge-Debug
X-ServiceProvider
X-Ckpd-Fst-Backend
X-Cache-Host
Decoy-Debug-Status
Decoy-Debug-TTL
True-Client-Country-4JS
X-Trace-Id
Server-ID
Powered
X-Cdn-Origin
X-Csrf-Token
X-V
X-TIME
X-Alicdn-Da-Ups-Status
X-Skip-Cache
Fastly-Backend-Name
On-Server
Fastly-SIE
Fastly-SWR
X-CACHE-AGE
Warning
X-Rebelmouse-Cache-Control
Pagetype
X-Rebelmouse-Surrogate-Control
X-Cdn-Srv
X-GEO
X-Servername
X-Aed
Host-ID
RequestId
X-Edge-IP
X-Proto
Pramga
X-Req
MIME-Version
X-Cdn-Forward
X-Pf-Uncompressing
XServer
TSSecure
We-Hiring
Mail-Subject
PFcat
Request-Time
Sid
X-Pjax-Url
X-Refresh
X-Ratelimit-Limit
X-Ms-Lease-State
Cteonnt-Length
Cdn
X-Flog
X-Hello
X-Page-Type
X-ABtesting
Mime-Version
X-Varnish-Ttl
X-PHP-Backend
WP-Super-Cache
CF-IPCountry
X-GRACE
X-Varnish-Url
X-CLOUD-TRACE-CONTEXT
X-Atg-Version
X-Planisys-CDN-Cache
X-Server-W
X-Time
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Servedbyhost
X-COUNTRY
X-Auto-Login
X-Geo
FSS-Cache
FSS-Proxy
PageType
X-Oss-Object-Type
X-Oss-Request-Id
X-DC
X-Oss-Hash-Crc64ecma
X-Oss-Server-Time
X-Oracle-Dms-Ecid
X-Oss-Storage-Class
CDN
Lfy
X-DataStream-MidMile-RTT
X-CACHE-KEY
Dnion-Transfer-Encoding
X-Unique-Id
Geoip-Latitude
GeoIp-Country-Code
X-Aicache-OS
X-Cache-ASPX
X-DataStream-Origin-MEX-Latency
X-Varnish-Beresp-TTL
X-CSRF-Token
X-GoCache-CacheStatus
Rt-Proxy-Cache
X-Akamai-Request-ID2
X-Sentry-ID
X-WA
X-Datadome
A
X-EC-Security-Audit
X-MP-GENERATED-AT
X-Thanos
Memcached
MS-CV
X-Cache-Id
X-Bip
X-Via-NSCOPI
X-Served-From
X-Ratelimit-Remaining
NnCoection
X-Check-Cacheable
X-Cache-Info
X-Wa
Node
X-Origin-Expires
X-Origin-Date
X-Be
GeoIP-Country-Code
X-Request-Start
GeoIP-Latitude
X-Proxy-Server
NODE
X-HCF
X-Varnish-HitMiss
X-Cache-Control-Set-By
X-APP
Memory
SD-X-WS
X-NODE
Amp-Access-Control-Allow-Source-Origin
X-Nananana
X-SRV
X-Fastly-Cache-Hits
GeoIP-City
WWW-Authenticate
GW-Server
UCS
X-UPSTREAM-Address
X-Server-Group
Hostname
Cache-Hits
X-Vcache
X-ServedByHost
Geoip-City
X-Cookie
X-User
X-Gen-Id
Cf-Ipcountry
Accept-Language
X-GDPR
X-Wix-Route-ID
X-PAGE-TYPE
PICS-Label
X-From-Cache
X-Varnish-URL
X-Load-Cache
X-WR-MODIFICATION
DataCenter
X-Goog-Meta-Goog-Reserved-File-Mtime
X-RTag
X-FORWARDED-FOR
X-Fastly-Backend-Reqs
X-HS-Status
Processtime
Cdn-Host
Locale
Cdn-Request-Time
Ms-Operation-Id
X-Gdpr
X-PJAX-URL
X-Path-Route
X-Cache-Debug
X-Use-Magma
X-LI-Proto
X-LI-UUID
X-Urbn-Context-Path
X-Swift-Error
X-Urbn-Site-Id
X-Li-Fabric
X-Li-Pop
X-BBXSRF
Pics-Label
COMMERCE-SERVER-SOFTWARE
X-Edge-Server
X-Info
X-PF-Uncompressing
X-B3-SpanId
X-Cache-Ttl
Fastly-Soc-X-Request-Id
X-Fe
X-VG-WebCache
X-Qloud-Router
X-CDN-Pop-IP
Dont-Set-Cookie
SS
X-CDN-Pop
X-Dw-Trace-Id
X-ID
X-P-T
Is-Session-Tracking
Get-Access-Time
X-Content-Encoded-By
NX-Cache
Group
X-GZIP
X-Optimization
X-Cache-HT
X-ServerName
X-Bug-Bounty
X-Env
Requestid
X-RateLimit-Reset
V-Cache
Serverid
X-NGINX-Cache
URI
X-SN
CDN-Cache
X-CacheKey
CDN-Cache-Hit
Lb
CDN-Node
X-Varnish-Info
Who
Xet-Cookie
X-Akamai-SSL-Client-Sid
X-Shard
X-Serial
X-Ver
X-CSRF-TOKEN
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Protected-By
Powered-By
SID
AGE-Hash
X-Cache-FS-Status
X-Route-Name
X-Providence-Cookie
X-Is-Crawler
X-Akamai-ERPolicy
X-Litespeed-Cache-Control
X-RequestId
X-Grace-Duration
Https
X-Akamai-ERRuleID
X-Flags