Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
Last-Modified
Accept-Ranges
Pragma
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
Expect-CT
Via
X-XSS-Protection
X-Cache
Age
Access-Control-Allow-Origin
Content-Security-Policy
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Served-By
X-Amz-Cf-Id
X-Varnish
Referrer-Policy
X-Xss-Protection
X-Timer
CF-Cache-Status
X-FRAME-OPTIONS
Access-Control-Allow-Headers
X-AspNet-Version
X-Request-Id
Access-Control-Allow-Methods
X-Runtime
X-Download-Options
Access-Control-Allow-Credentials
X-Drupal-Cache
X-Cacheable
X-Request-ID
Alt-Svc
X-Generator
Content-Security-Policy-Report-Only
X-Check
X-AspNetMvc-Version
X-Adblock-Key
Status
X-Cache-Status
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Permitted-Cross-Domain-Policies
X-Template
X-Iinfo
X-Language
Content-Encoding
X-Content-Security-Policy
X-Turbo-Charged-By
X-CDN
X-Buckets
X-Type
Keep-Alive
Xkey
X-AH-Environment
X-Cache-Group
X-Backend
WPE-Backend
X-Pass-Why
Access-Control-Max-Age
X-Age
CF-Ray
X-POWERED-BY
Upgrade
X-Server
Access-Control-Expose-Headers
EagleId
X-Via
X-Nginx-Cache-Status
X-Server-Powered-By
X-Drupal-Dynamic-Cache
X-Pingback
X-Varnish-Cache
X-Amz-Id-2
X-Amz-Request-Id
X-Hacker
Grace
X-UA-Device
X-Swift-SaveTime
X-Swift-CacheTime
X-Robots-Tag
Ali-Swift-Global-Savetime
P3p
Cf-Railgun
X-LiteSpeed-Cache
X-Proxy-Cache
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Ua-Compatible
Request-Context
Content-Location
X-Device
X-Ac
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Cnection
X-Amz-Version-Id
X-Host
X-Node
X-Server-Id
X-Cache-Lookup
Surrogate-Control
X-Backend-Server
X-Rq
X-Response-Time
X-Rack-Cache
X-WebKit-CSP
X-Readtime
X-Application-Context
EagleEye-TraceId
X-OneAgent-JS-Injection
Server-Timing
X-CST
X-Url
X-Cloud-Trace-Context
Pinterest-Generated-By
Report-To
Request-Id
X-Instart-Request-ID
X-TTL
X-Country
X-ORACLE-DMS-ECID
X-Px
X-Clacks-Overhead
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Feature-Policy
Edge-Control
X-Country-Code
Rating
Allow
X-Dns-Prefetch-Control
X-DataDome
X-DynaTrace-JS-Agent
X-ESI
X-Powered-CMS
X-PC
X-Vname
X-TtlSet
X-FTR-Request-ID
Charset
X-Server-Name
NEL
X-Origin-Cache
X-DynaTrace
X-MS-InvokeApp
X-Cached
X-Goog-Hash
X-Vhost
X-Recruiting
X-GitHub-Request-Id
X-VARITI-CCR
X-Varnish-TTL
RTSS
X-Version
Content-MD5
X-F-Cache
X-Cdn-Fetch
X-Kinja
X-Kinja-Revision
X-GoogleNews-Bot
X-Exp-Variant
X-Geo-Segment
X-Kinja-Server
X-Exp-Id
X-Kinja-Build
X-Powered-By-Plesk
Accept-CH
Public-Key-Pins
PB-RID
PB-PID
X-Mobile-Rewrite
Arc-Version
X-D2id
X-Mod-Pagespeed
MS-Author-Via
Verso
X-Client-IP
Pinterest-Version
X-Upstream-Env
X-Pinterest-Rid
X-Abt-Application-Version
SPRequestGuid
X-Dispatcher
X-ORACLE-DMS-RID
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-N
X-SharePointHealthScore
X-CF-Powered-By
X-Amz-Rid
Nginx-Cache
X-Navigation-Version
X-Ruxit-JS-Agent
Accept-CH-Lifetime
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-Dw-Request-Base-Id
X-Fastly-Request-ID
X-Trace
Paypal-Debug-Id
X-T
DynaTrace
X-Forwarded-Proto
X-Varnish-Age
AR-PoweredBy
X-DIS-Request-ID
AR-ATIME
X-Upstream
X-Hits
X-Grace
X-Origin-Upstream-Status
TCN
Arr-Disable-Session-Affinity
X-Amz-Meta-S3cmd-Attrs
SPIisLatency
SPRequestDuration
AR-CACHE
X-Id
X-Pad
X-Shield-Request-Id
X-Content-Options
X-Content-Digest
Realpath
X-NF-Request-ID
X-Oracle-Dms-Rid
X-Server-ID
Access-Control-Request-Method
X-Kinsta-Cache
Mrf-Cache-Status
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
MRF-Tech
X-IPLB-Instance
X-HW
X-Cache-Hit
X-Acc-Meta-Resource-Type
X-Logged-In
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-Goog-Generation
X-B
X-Goog-Metageneration
X-Vcap-Request-Id
X-Debug
X-SS-Set-Cookie
X-FastCGI-Cache
X-XRDS-Location
X-Wix-Server-Artifact-Id
X-NewRelic-App-Data
X-Ser
Service-Worker-Allowed
S
Tracecode
X-MSEdge-Ref
Server-Name
X-PressLabs-Stats
X-Country-Code-Real
X-FTR-Realm
X-Frontend
X-FTR-Balancer
X-FTR-Cache-Status
X-FTR-Backend
X-FTR-Backend-Server
X-FTR-DC
AR-SID
X-Cache-Key
X-FTR-Expires
Fastly-Restarts
X-HeyJason
Rt-Fastcgi-Cache
Permitted-Cross-Domain-Policies
X-Do-Not-Hack
AMP-Access-Control-Allow-Source-Origin
X-Forwarded-For
Surrogate-Key
Fastcgi-Cache
X-Accel-Buffering
Alternate-Protocol
Eomportal-Instance
X-Cache-Rule
X-Analytics
Backend-Timing
Cleartype
X-HS-Content-Id
Cache-Status
Host
X-HS-Hub-Id
X-Srv
TP-Cache
TP-L2-Cache
X-Revision
X-Ttl
X-Rid
FilterID
Public-Key-Pins-Report-Only
X-TA-CDN-Provider
X-FTR-Cache-Host
X-Whom
X-User-Agent
X-Debug-Info
X-Akam-SW-Version
X-RateLimit-Remaining
ServerID
Front-End-Https
X-AOL-HN
X-XRDS-LOCATION
X-Varnish-Backend
X-Mobile
X-GUploader-UploadID
X-Webkit-CSP
Accept-Charset
X-Cache-2
X-Cdn
X-Kinja-Server-Push
X-NWS-LOG-UUID
X-Via-JSL
X-Content-Powered-By
X-Request-Processing-Time
X-Request-Received
X-VCache
X-Zen-Fury
X-Oneagent-Js-Injection
X-Cached-By
X-Correlation-Id
X-WPE-Loopback-Upstream-Addr
Viewport
X-App-Environment
X-LB-Cache
X-Node-Name
X-Varnish-Hostname
X-Tumblr-User
X-Tumblr-Pixel
X-Tumblr-Pixel-0
Host-Header
X-Cluster
X-Page-Id
X-Magnolia-Registration
X-Handled-By
X-TT
X-Device-Type
X-Iejgwucgyu
X-Framework
X-Request-Guid
X-Cache-Control
X-Akamai-Edgescape
Liferay-Portal
Upgrade-Insecure-Requests
X-Platform-Server
X-B-Cache
X-FB-Debug
X-BCube-Filmed-By
X-B3-Sampled
X-Signature
X-Content-Security-Policy-Report-Only
X-Instance
DC
Cache-Tag
X-Fastcgi-Cache
X-Cache-Server
Display
X-Sol
X-Middleton-Display
X-Hostname
MicrosoftSharePointTeamServices
X-Origin-Server
X-Amzn-Trace-Id
Server-Node
X-Webkit-Csp
X-B3-Traceid
X-TT-TIMESTAMP
X-Accel-Expires
Source
X-WA-Info
Retry-After
X-Varnish-Server
X-Contextid
X-Servedby
X-Distil-CS
HitInfo
HitType
Server-Info
X-Cache-Action
X-Wix-Request-Id
X-Cache-Operation
X-Seen-By
Content-Script-Type
Content-Style-Type
Webserver
User-Agent
X-Amz-Replication-Status
X-GeoIP
X-Edge-Location
X-RequestSource
X-S
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
GEO-INFO
X-WebKit-CSP-Report-Only
X-Jobs
X-Status
X-Locale
SRV
Actual-Object-TTL
AsisCache
X-FW-Serve
X-APP-VERSION
X-FW-Type
X-Region
X-Response-Served-From
X-UUID
X-FW-Static
X-FW-Server
X-Edge-Cache-Key
X-FW-Hash
X-Edge-Cache
X-Varnish-Hits
X-TX-ID
X-Adobe-Loc
X-Adobe-Content
X-Drupal-Cache-Tags
ServedBy
X-Generated-By
X-Port
Healthy
X-ATG-Version
Refresh
X-Yottaa-Metrics
X-Cache-NE
X-Yottaa-Optimizations
X-Geo-Country
X-Hyper-Cache
Response
X-Middleton-Response
X-Esi
X-DataStream-Cache-Status
X-Cache-TTL-Remaining
X-Cache-Age
Payment
S-Cnection
IBM-Web2-Location
X-Content-Type
X-Varnish-Grace
X-Daa-Tunnel
X-Newrelic-App-Data
Filters
X-Amz-Server-Side-Encryption
Datacenter
NGB
X-AppVersion
X-Az
X-Activity-Id
X-HS-Cache-Config
Country
X-Cache-Remote
Edge-Cache-Tag
X-Pc-Appver
X-Pc-Key
X-Pc-Hit
Served-By
X-Cache-TTL
X-Cacheable-TTL
X-Vg-Webcache
X-CDN-Forward
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-App-Server
X-Sucuri-ID
X-HS-Combine-CSS
X-Proxied
X-Varnish-IP
HostName
X-UA
X-Akamai-Transformed
X-Mode
X-Rule
X-RN-RSRV
X-Detected-As
X-Is-Bot
X-Rendered-As
Meta-Geo
X-Cache-Var-Map
X-Cache-Var
Machine
Load-Balancing
X-Mshield-Cache-Status
X-ProcessESI
X-Mrs-Cache
Powered-By-ChinaCache
X-Mrs-Cache-Hits
X-Mrs-Age
X-RemovedCookies
X-Proxy
X-Rocket-Nginx-Bypass
X-FC-Vary-Parameters
TWC-GeoIP-Country
Cache-Name
TWC-GeoIP-LatLong
DB-Nickname
TWC-Connection-Speed
Mn-Server-Ip
Property-Id
OT-Force-Account-Verify
X-ServerID
TWC-Locale-Group
X-Varnish-Cache-Hits
Backend
Access-Control-Allow-Method
TWC-Device-Class
X-Human
X-ProxyCache-Status
Webcakes-App-Version
X-BYPASS-REASON
X-Cache-Category-Id
X-Varnish-Cacheable
X-Origin
X-OCL
X-PCL
X-ProxyCache-Key
Webcakes-Region
X-Grey
X-Amz-Meta-Surrogate-Control
X-Hosted-By
TWC-Privacy
User-Cache-Control
X-Origin-Hint
Webcakes-App-Name
X-Tb
X-Zipkin-Id
L5d-Success-Class
Azure-SlotName
Azure-InstanceId
X-Upgrade-Enabled
X-TNCMS
Azure-RegionName
X-BB-IP
X-Site-Version
Azure-SiteName
X-Access
X-OVcl
X-Routing-Service
X-JoinUs
X-Loop
ServerName
X-EIG-Tracking-Id
X-Format
X-Generated
S-Rt
X-NodeID
X-Hit
Now
X-Original-Request
X-CDN-Cache
X-Debug-Cache
X-Section
X-OVcl-Cache
Azure-Version
Selected-FE
X-SplitTest
X-Pubstack
X-Proxy-Build
X-Timing-Wait
X-TWH-CORRELATION-ID
X-VWS-Id
X-Viewer-Country
X-Via-Fastly
X-L-Path
X-PERF
X-Agile
X-NGENIX-Cache
X-IP
X-LJ-Flow-ID
X-Cache-Config
X-AWS-Id
X-App-Name
X-Agile-Age
X-Agile-Id
X-ApacheServer
X-Www-Served-By
X-HOST
Fastcgi-Useragent
X-Environment-Context
X-RateLimit-Limit
Cache-Key
Fastcgi-X-Cache
Access-Control-Request-Headers
Fastcgi-X-Cache-Version
X-URL
X-Drupal-Cache-Contexts
X-Origin-CC
X-Upstream-HT
X-Ocache
X-Upstream-CT
X-CCM
X-Unique-ID
Cache
X-Source
Pagespeed
X-Xfnlog-Site
X-Nginx-Cache
X-Backend-Name
From-Origin
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Correlation-ID
X-Akamai-Request-ID
X-Litespeed-Cache
X-Forwarded-Host
X-Storage
LB
AR-Request-ID
X-Pc-Host
X-Pc-Date
X-Vgn-Hpd-Reason
Fastly-SSL
X-Feature
X-App-Version
X-Ms-Blob-Type
X-Ms-Lease-Status
X-Real-IP
NtCoent-Length
X-Ms-Version
X-Ms-Request-Id
X-M-Reqid
X-Time-Microsecs
X-Qnm-Cache
X-M-Log
X-Birta-Served
X-Birta-Cache-Post
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-NCache
X-Labrador-Cache-Channel
X-Internal-Host
X-VG-TLSProxy
X-Release
ViewerVersion
X-Distributor
X-Ruxit-Js-Agent
X-Microcachable
X-EdgeConnect-Cache-Status
X-Cluster-Node
Time
Ar-Sid
X-B3-Spanid
X-NC
X-UA-Device-Type
WZWS-RAY
X-Powered-By-ANYU
X-Real-Ip
X-Twitter-Response-Tags
X-Transaction
X-SERVER-NAME
Xserver
X-Guploader-Uploadid
X-Cache-Backend
X-Connection-Hash
IsBot
X-Rojux
X-Rewrite-Enabled
Fly-Request-Id
Xc-Version
X-ScT
X-S-Cookie
X-Request-UUID
X-Region-Sid
X-Via-Edge
MD5-Digest
X-Via-SSL
X-Via-CDN
X-Org
X-Redis-Cache
X-PAYTM-SRV-ID
Fly-Cache
X-Server-By
Meta-Geo-Continent
AKAMAI
X-WebServer
Ajk
X-SIPLIST1
X-Server-Time
X-Cache-Enabled
Arc-Country
X-Request-Time
X-VG-WebServer
Ec-Rule-Version
X-SRCache-Key
Cache-Prefix
X-UE-Client-Country
BehaviorPad-Version
X-Sucuri-Cache
X-Trv-Group
NGX
X-DPWN-IS-SECURE
X-Dispatcher-Server
X-Application
X-ARC
X-Accel-Expires-Debug
X-From
X-A-Dgt
X-A-Wwc
X-G
X-Died
X-Developer
X-Date
X-CF-Lambda-Version
X-CUA
X-CF-Lambda-Fn
X-Cache-Bucket
X-B-Cookie
X-Destination
X-BB-ID
X-A-Dcw
X-A-Dam
X-D
Rendered-Blocks
REQUESTUUID
Server-Int
X-IN-WAF
Mobile-Detection-Method
X-No-Session
X-Logtrace-Id
X-Irp-Debug
T-Server
Viewtype
X-A-Ccd
X-Generation-Time
X-Generated-In
X-A
X-IN-APIGATEWAY
VivaBuild
Www
X-IN-SSL-APIGATEWAY
X-NU-AKA-ACS-Version
V-Age
Cneonction
X-FireWall-Port
Frame-Options
X-Amz-Meta-Cache-Control
Web-Mar-Node
SN
Release
Server-Host
CACHE
X-Cache-CFC
X-Crawler
X-CS
X-Core-Value
X-CGP
Pragrma
X-Block-Status
Powered
Ha-Gx-Prefs
HA-Host
HA-Georegion
HA-Geolon
HA-Geocountry
HA-Geolat
HA-Ipaddr
HA-Servedtime
Origin-Cache-Control
Origin-Edge-Control
NodeID
Magicmarker
HA-Urlpath
X-Eu-Site
X-F5-Cache
X-UnsetCookies
X-Varnish-Action
X-S-Maxage
X-RateLimit-Remaining-Second
X-Policy
X-RateLimit-Limit-Second
X-VCT
X-VServer
X-Wikidot-Static-Cache
X-Store
X-Wikidot-Backend
X-Web-Node
X-We-Are-Hiring
X-Platform
X-Phone
X-GeoIP-City
X-Hash
X-Gen-Mode
X-C
HA-Geocity
X-Fastly-Cache
X-Hl-Ver
X-Key
X-Origin-TTL
X-Owner
Pagetype
X-Node-Id
X-Layer
X-External-Request-Id
X-Hnp-Log
HA-Cloudapp
Backend-Name
Country-Code
ProcessTime
GMS-Ver
X-Sorting-Hat-ShopId
X-Webstats-RespID
X-Sorting-Hat-PodId
X-Instance-Name
X-ShardId
X-Shopify-Stage
X-ShopId
X-Alternate-Cache-Key
X-GZip
X-NWS-UUID-VERIFY
X-B3-TraceId
Apple-News-Services-Handled
X-FW-Version
X-Gannett-Site-Version
Apple-News-Services-Host
X-Developers
X-Fetched-On
Apple-News-Services-Request-Url
X-Epic-Correlation-Id
Apple-News-Services-Parsed-Url
X-Debug-Log
X-Backend-Url
X-Cache-Expires
X-Cache-Srv
X-Actual-URL
X-Backend-TTL
X-Backend-Host
X-Backend-State
X-Cache-URL
X-Cdn-Srv
X-GeoIP-Country-Code
X-Debug-Cookies
X-Croise-Owner
CDCHOST
X-Clientip
X-Core-Mission
XServer
X-MSEdge-Features
X-Server-IP
X-Sf
X-Secret
X-Returned-From-PostProcessResponse
X-Returned-From-BeforeDispatch
X-Returned-From-DLL
X-Stale
X-Swa-Ws
X-Var-Ttl
X-Variation
X-Up
X-Tumblr-Pixel-3
X-Thinkindot-L3
X-TT-LOGID
X-Returned-From
X-Response-By
X-MSEdge-Flight
X-Nginx-Cache-Key
X-MI-In-Market
X-Matched-Rule
X-HTML-Minification-Powered-By
X-Location
X-NX-Host
X-Passed-To
X-Varnish-Beresp-Ttl
X-Request-URI
X-Reboot
X-RCS-CacheZone
X-Passed-To-BeforeDispatch
X-Passed-To-DLL
Adler-Geo
X-Passed-To-PostProcessResponse
Request-EU
MI-Cache
MI-Cache-Age
MI-API
Uber-Trace-Id
Section-Io-Cache
Thinkindot-CacheControl
Kp-EeAlive
Heartbleed
Request-Country
Platform
Thinkindot-Control
Thinkindot-CacheControl-Type
Origin
Esi-Enabled
Odigeo-Trace-Id
Countrycode
Proxy-Connection
Is-Eu
X-Ua
X-Endurance-Cache-Level
X-V
PageSpeed
X-Dc
Decoy-Debug-TTL
Fastly-Backend-Name
HTTPS
RNT-Machine
On-Server
Decoy-Debug-Status
X-Device-Os
X-ElasticPress-Search
Decoy-Debug-Key
X-Fstrz
X-Ezoic-Cdn
RNT-Time
Resin-Trace
Server-ID
X-Cdn-Origin
Cache-Cookie-Set-Lfrom
Content-Disposition
X-Trace-Id
X-Sn-Servicetimems
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
X-Cache-Host
X-ServiceProvider
Host-ID
Cache-Tags
X-Worker
X-Content-Age
X-Ckpd-Fst-Backend
True-Client-Country-4JS
X-Nc
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Alicdn-Da-Ups-Status
MIME-Version
Fastly-SWR
X-Skip-Cache
Fastly-SIE
X-Servername
X-Newrelic-Synthetics
X-CACHE-AGE
Warning
X-PHP-Backend
X-TIME
X-Csrf-Token
X-Surge-Debug
PFcat
RequestId
Request-Time
Sid
Cteonnt-Length
X-Pf-Uncompressing
X-Proto
X-Req
X-GEO
Mail-Subject
We-Hiring
X-Aed
X-Refresh
X-Pjax-Url
Pramga
WP-Super-Cache
CF-IPCountry
X-Edge-IP
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
TSSecure
X-Planisys-CDN-Cache
X-Oss-Server-Time
X-Oss-Object-Type
X-Oss-Request-Id
X-Oss-Hash-Crc64ecma
X-Oss-Storage-Class
X-Varnish-Ttl
X-Servedbyhost
X-Ms-Lease-State
X-Atg-Version
X-CLOUD-TRACE-CONTEXT
X-Cdn-Forward
X-Amz-Cf-Pop
X-Time
CDN
X-Flog
X-Hello
X-ABtesting
X-Page-Type
X-COUNTRY
Dnion-Transfer-Encoding
X-Cache-ASPX
X-Server-W
Cdn
X-Geo
X-Varnish-Url
X-Varnish-Beresp-TTL
GeoIp-Country-Code
X-GoCache-CacheStatus
X-CSRF-Token
Geoip-Latitude
X-DC
Mime-Version
X-Oracle-Dms-Ecid
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
X-Auto-Login
Lfy
X-Ratelimit-Limit
X-WA
FSS-Proxy
X-Aicache-OS
FSS-Cache
A
NnCoection
X-GRACE
X-Datadome
X-Dynatrace-Js-Agent
NODE
MS-CV
X-Unique-Id
X-Origin-Expires
X-Origin-Date
X-Akamai-Request-ID2
PageType
Hostname
X-Sentry-ID
X-Varnish-HitMiss
X-Cache-Control-Set-By
X-HCF
X-Via-NSCOPI
Rt-Proxy-Cache
Node
X-EC-Security-Audit
SD-X-WS
X-CACHE-KEY
X-Check-Cacheable
X-Served-From
X-UPSTREAM-Address
Memcached
X-Cache-Id
X-Thanos
WWW-Authenticate
X-APP
X-Wa
X-Server-Group
X-Bip
X-MP-GENERATED-AT
X-Use-Magma
GeoIP-Country-Code
X-Be
GeoIP-Latitude
Geoip-City
X-Cache-Info
X-NODE
X-Request-Start
X-SRV
X-Wix-Route-ID
GeoIP-City
X-PAGE-TYPE
X-Varnish-URL
X-Proxy-Server
PICS-Label
Processtime
X-Nananana
X-Cookie
X-From-Cache
Memory
X-GDPR
X-ServedByHost
Cdn-Host
GW-Server
UCS
X-Gen-Id
X-Fastly-Cache-Hits
Cdn-Request-Time
Ms-Operation-Id
X-RTag
X-Gdpr
X-Edge-Server
Amp-Access-Control-Allow-Source-Origin
DataCenter
X-WR-MODIFICATION
X-Load-Cache
X-HS-Status
X-User
X-FORWARDED-FOR
COMMERCE-SERVER-SOFTWARE
X-Fastly-Backend-Reqs
Cf-Ipcountry
Pics-Label
X-PJAX-URL
X-Swift-Error
X-Vcache
X-Ratelimit-Remaining
Cache-Hits
Dont-Set-Cookie
Lb
X-Optimization
X-Goog-Meta-Goog-Reserved-File-Mtime
Get-Access-Time
X-Cache-HT
X-Cache-Ttl
X-Env
X-RateLimit-Reset
Is-Session-Tracking
V-Cache
X-B3-SpanId
Group
Accept-Language
X-CDN-Pop-IP
Who
X-LI-Proto
X-Urbn-Site-Id
X-Urbn-Context-Path
X-PF-Uncompressing
Locale
X-Fe
X-Li-Pop
X-CDN-Pop
X-Li-Fabric
X-Dw-Trace-Id
X-BBXSRF
X-Cache-Debug
X-LI-UUID
X-ID
NX-Cache
URI
AGE-Hash
X-Bug-Bounty
X-Path-Route
Xet-Cookie
Requestid
X-Ver
X-GZIP
X-Content-Encoded-By
X-Cache-FS-Status
X-Info
X-NGINX-Cache
Serverid
X-CacheKey
X-Ibm-Trace
X-Meta-Tbi-Cache-Vertical
N-Cache
Ws
SS
CDN-Cache
X-VG-WebCache
X-ServerName
Fastly-Soc-X-Request-Id
X-VC
X-Qloud-Router
CDN-Cache-Hit
X-SB
X-Varnish-Info
CDN-Node
SID
X-Serial
X-P-T
X-Akamai-SSL-Client-Sid
X-RequestId
X-Flags
X-Litespeed-Cache-Control
X-Shard
Httpd-Identifier
X-Is-Crawler
X-Providence-Cookie
Https
X-Akamai-ERRuleID
X-Akamai-ERPolicy
X-Route-Name
X-Grace-Duration