Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
Last-Modified
Accept-Ranges
Pragma
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
Expect-CT
Via
X-XSS-Protection
X-Cache
Age
Access-Control-Allow-Origin
Content-Security-Policy
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Served-By
X-Amz-Cf-Id
X-Varnish
Referrer-Policy
X-Xss-Protection
X-Timer
CF-Cache-Status
X-FRAME-OPTIONS
Access-Control-Allow-Headers
X-AspNet-Version
Access-Control-Allow-Methods
X-Request-Id
X-Runtime
X-Download-Options
Access-Control-Allow-Credentials
X-Drupal-Cache
X-Request-ID
X-Cacheable
Alt-Svc
X-Generator
Content-Security-Policy-Report-Only
X-Check
X-AspNetMvc-Version
X-Adblock-Key
Status
X-Cache-Status
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Permitted-Cross-Domain-Policies
X-Template
X-Language
X-Iinfo
Content-Encoding
X-Content-Security-Policy
X-Turbo-Charged-By
X-CDN
X-Buckets
X-Type
Keep-Alive
Xkey
X-AH-Environment
X-Cache-Group
WPE-Backend
X-Pass-Why
X-Backend
Access-Control-Max-Age
X-Age
CF-Ray
X-POWERED-BY
Upgrade
X-Server
Access-Control-Expose-Headers
EagleId
X-Via
X-Nginx-Cache-Status
X-Server-Powered-By
X-Drupal-Dynamic-Cache
X-Pingback
X-Varnish-Cache
X-Amz-Request-Id
X-Amz-Id-2
X-Hacker
Grace
X-UA-Device
X-Swift-CacheTime
X-Swift-SaveTime
X-Robots-Tag
Ali-Swift-Global-Savetime
P3p
Cf-Railgun
X-LiteSpeed-Cache
X-Proxy-Cache
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Ua-Compatible
Request-Context
Content-Location
X-Device
X-Ac
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Cnection
X-Amz-Version-Id
X-Host
X-Server-Id
X-Node
X-Cache-Lookup
Surrogate-Control
X-Backend-Server
X-Rq
X-Response-Time
X-Rack-Cache
X-Readtime
X-Application-Context
X-WebKit-CSP
EagleEye-TraceId
X-OneAgent-JS-Injection
Server-Timing
X-Cloud-Trace-Context
X-Url
Pinterest-Generated-By
X-CST
Report-To
Request-Id
X-TTL
X-Instart-Request-ID
X-Country
X-ORACLE-DMS-ECID
X-Px
X-Clacks-Overhead
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Feature-Policy
Edge-Control
X-Country-Code
Rating
Allow
X-Dns-Prefetch-Control
X-DataDome
X-ESI
X-Powered-CMS
X-PC
X-Vname
X-TtlSet
NEL
X-FTR-Request-ID
Charset
X-Server-Name
X-DynaTrace-JS-Agent
X-Origin-Cache
X-DynaTrace
X-MS-InvokeApp
X-Cached
X-Vhost
X-Goog-Hash
X-GitHub-Request-Id
X-Recruiting
X-VARITI-CCR
X-Varnish-TTL
RTSS
X-F-Cache
X-Version
Content-MD5
X-Cdn-Fetch
X-Kinja
X-Kinja-Build
X-Exp-Id
X-Kinja-Server
X-GoogleNews-Bot
X-Kinja-Revision
X-Geo-Segment
X-Exp-Variant
X-Powered-By-Plesk
Accept-CH
Public-Key-Pins
X-D2id
X-Mobile-Rewrite
PB-PID
Arc-Version
PB-RID
X-Mod-Pagespeed
MS-Author-Via
Verso
X-Client-IP
Pinterest-Version
X-Upstream-Env
X-Abt-Application-Version
X-Pinterest-Rid
X-Dispatcher
SPRequestGuid
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-SharePointHealthScore
X-N
X-Ruxit-JS-Agent
X-Amz-Rid
X-ORACLE-DMS-RID
Nginx-Cache
X-CF-Powered-By
X-Navigation-Version
Accept-CH-Lifetime
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-Dw-Request-Base-Id
X-Trace
X-Fastly-Request-ID
Paypal-Debug-Id
X-Forwarded-Proto
X-T
X-DIS-Request-ID
X-Origin-Upstream-Status
DynaTrace
X-Hits
X-Varnish-Age
X-Upstream
SPIisLatency
SPRequestDuration
Arr-Disable-Session-Affinity
X-Amz-Meta-S3cmd-Attrs
TCN
AR-PoweredBy
X-Id
AR-ATIME
X-Oracle-Dms-Rid
X-Grace
X-Shield-Request-Id
X-Pad
AR-CACHE
X-Content-Options
X-Content-Digest
Realpath
X-NF-Request-ID
X-Server-ID
X-HW
Access-Control-Request-Method
MRF-Tech
Mrf-Cache-Status
X-Kinsta-Cache
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
X-IPLB-Instance
X-Acc-Meta-Resource-Type
X-Cache-Hit
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-B
X-Vcap-Request-Id
X-Logged-In
X-Debug
X-SS-Set-Cookie
X-Wix-Server-Artifact-Id
X-XRDS-Location
X-NewRelic-App-Data
X-Ser
X-FastCGI-Cache
Service-Worker-Allowed
Tracecode
S
X-MSEdge-Ref
Server-Name
X-PressLabs-Stats
X-FTR-Balancer
X-FTR-Cache-Status
X-FTR-DC
X-FTR-Realm
X-FTR-Backend-Server
X-FTR-Backend
X-Frontend
X-Country-Code-Real
AMP-Access-Control-Allow-Source-Origin
Fastly-Restarts
X-Cache-Key
X-FTR-Expires
Rt-Fastcgi-Cache
X-Accel-Buffering
X-Forwarded-For
Surrogate-Key
Fastcgi-Cache
AR-SID
Alternate-Protocol
Backend-Timing
X-Cache-Rule
Eomportal-Instance
X-Analytics
X-HS-Content-Id
X-HS-Hub-Id
Host
Cleartype
TP-L2-Cache
TP-Cache
X-Rid
X-Srv
Cache-Status
FilterID
X-Revision
Public-Key-Pins-Report-Only
X-FTR-Cache-Host
X-User-Agent
X-Debug-Info
X-Whom
Front-End-Https
X-Akam-SW-Version
X-Do-Not-Hack
X-HeyJason
Permitted-Cross-Domain-Policies
ServerID
X-Webkit-Csp
X-Mobile
X-XRDS-LOCATION
X-AOL-HN
Accept-Charset
X-Varnish-Backend
X-Webkit-CSP
X-RateLimit-Remaining
X-TA-CDN-Provider
X-Cdn
X-Iejgwucgyu
X-Cache-2
X-Kinja-Server-Push
X-Via-JSL
X-GUploader-UploadID
X-Request-Processing-Time
X-Request-Received
X-VCache
X-Content-Powered-By
X-Zen-Fury
X-NWS-LOG-UUID
X-Oneagent-Js-Injection
X-Ttl
X-Cached-By
X-Correlation-Id
X-WPE-Loopback-Upstream-Addr
X-App-Environment
Viewport
X-LB-Cache
X-Tumblr-User
X-Magnolia-Registration
X-Varnish-Hostname
X-Tumblr-Pixel
X-Cluster
X-Node-Name
X-Page-Id
Host-Header
X-Tumblr-Pixel-0
X-Cache-Control
X-Device-Type
X-Framework
X-Handled-By
X-Request-Guid
X-Akamai-Edgescape
X-TT
X-B-Cache
X-B3-Sampled
Upgrade-Insecure-Requests
X-Platform-Server
X-FB-Debug
X-BCube-Filmed-By
X-Signature
X-Content-Security-Policy-Report-Only
X-Instance
DC
Cache-Tag
Liferay-Portal
X-Fastcgi-Cache
X-Middleton-Display
X-Sol
Display
X-Amzn-Trace-Id
X-Cache-Server
MicrosoftSharePointTeamServices
X-Hostname
X-Origin-Server
Server-Node
X-TT-TIMESTAMP
X-Accel-Expires
Retry-After
X-Varnish-Server
X-WA-Info
Source
X-B3-Traceid
X-Distil-CS
X-Contextid
X-Servedby
Server-Info
HitInfo
HitType
X-Wix-Request-Id
X-Seen-By
X-Cache-Action
X-Cache-Operation
X-Edge-Location
Content-Script-Type
Content-Style-Type
Webserver
X-GeoIP
X-Amz-Replication-Status
User-Agent
X-Tumblr-Pixel-2
X-S
X-RequestSource
X-Tumblr-Pixel-1
SRV
GEO-INFO
X-Locale
X-Status
Actual-Object-TTL
X-Jobs
X-WebKit-CSP-Report-Only
X-FW-Static
X-Response-Served-From
X-FW-Type
X-FW-Serve
X-Edge-Cache
X-Region
AsisCache
X-FW-Server
X-Edge-Cache-Key
X-FW-Hash
X-Generated-By
X-TX-ID
X-UUID
X-Varnish-Hits
X-Adobe-Loc
X-Drupal-Cache-Tags
ServedBy
X-ATG-Version
X-Adobe-Content
X-Cache-NE
Refresh
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Port
Response
X-Middleton-Response
Healthy
X-APP-VERSION
X-Hyper-Cache
X-Geo-Country
X-Esi
X-DataStream-Cache-Status
Payment
X-Cache-TTL-Remaining
X-Cache-Age
S-Cnection
IBM-Web2-Location
X-Content-Type
X-Newrelic-App-Data
Datacenter
X-Amz-Server-Side-Encryption
X-Varnish-Grace
X-Daa-Tunnel
X-HS-Cache-Config
Edge-Cache-Tag
Filters
Country
NGB
X-Cache-Remote
Served-By
X-Az
X-Activity-Id
X-AppVersion
HostName
X-Pc-Appver
X-Pc-Hit
X-Pc-Key
X-Sucuri-ID
Powered-By-ChinaCache
X-Cacheable-TTL
X-Varnish-IP
X-Cache-TTL
X-HS-Combine-CSS
X-App-Server
X-Vg-Webcache
X-Mrs-Cache-Hits
X-Mrs-Cache
X-Mrs-Age
X-Mode
X-Mshield-Cache-Status
X-UA
X-Akamai-Transformed
X-Kong-Upstream-Latency
X-Rendered-As
X-Cache-Var
X-ProcessESI
X-RN-RSRV
Load-Balancing
X-Rule
Meta-Geo
X-Cache-Var-Map
X-RemovedCookies
X-Detected-As
Machine
X-Is-Bot
X-Proxied
X-Kong-Proxy-Latency
X-Proxy
X-FC-Vary-Parameters
X-Rocket-Nginx-Bypass
X-CDN-Forward
X-Grey
X-PCL
X-Origin-Hint
TWC-Locale-Group
TWC-GeoIP-LatLong
TWC-Device-Class
TWC-GeoIP-Country
X-BYPASS-REASON
X-OCL
X-Origin
TWC-Privacy
X-Cache-Category-Id
X-ServerID
X-Varnish-Cacheable
X-Tb
TWC-Connection-Speed
Property-Id
X-ProxyCache-Status
X-Hosted-By
DB-Nickname
Cache-Name
Access-Control-Allow-Method
X-Human
User-Cache-Control
X-ProxyCache-Key
Webcakes-App-Version
Webcakes-App-Name
Webcakes-Region
OT-Force-Account-Verify
X-Amz-Meta-Surrogate-Control
Mn-Server-Ip
X-Varnish-Cache-Hits
Backend
Azure-SlotName
Azure-Version
X-JoinUs
L5d-Success-Class
Azure-SiteName
Azure-RegionName
X-OVcl
X-Original-Request
X-NodeID
X-Loop
X-Hit
X-Generated
S-Rt
ServerName
X-BB-IP
X-Access
X-CDN-Cache
X-Debug-Cache
X-Format
Now
X-EIG-Tracking-Id
X-OVcl-Cache
Azure-InstanceId
X-TNCMS
X-Site-Version
X-Zipkin-Id
X-Routing-Service
X-Section
X-Upgrade-Enabled
X-Environment-Context
X-Www-Served-By
Fastcgi-X-Cache
X-VWS-Id
X-Proxy-Build
X-HOST
X-Viewer-Country
X-Via-Fastly
X-Upstream-CT
X-ApacheServer
X-Agile
X-Agile-Age
X-Agile-Id
X-App-Name
X-AWS-Id
Fastcgi-Useragent
X-Cache-Config
X-Upstream-HT
Selected-FE
Fastcgi-X-Cache-Version
X-Timing-Wait
X-NGENIX-Cache
X-PERF
Access-Control-Request-Headers
X-Pubstack
X-IP
X-LJ-Flow-ID
Cache-Key
X-L-Path
X-TWH-CORRELATION-ID
X-SplitTest
X-CCM
X-Origin-CC
X-Ocache
X-Source
X-URL
X-Drupal-Cache-Contexts
From-Origin
Pagespeed
X-Xfnlog-Site
X-Nginx-Cache
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Backend-Name
X-RateLimit-Limit
X-Unique-ID
Cache
LB
X-App-Version
X-Correlation-ID
X-Litespeed-Cache
X-Akamai-Request-ID
X-Forwarded-Host
Fastly-SSL
X-Storage
X-Vgn-Hpd-Reason
X-Pc-Date
X-Pc-Host
X-Feature
ViewerVersion
NtCoent-Length
X-Ms-Version
X-Ms-Request-Id
X-Ms-Lease-Status
X-Ms-Blob-Type
X-Varnish-Beresp-Grace
X-Qnm-Cache
X-Varnish-Beresp-Status
X-M-Reqid
X-Birta-Served
X-M-Log
X-Birta-Cache-Post
Ar-Sid
X-Labrador-Cache-Channel
AR-Request-ID
X-Time-Microsecs
X-NCache
X-VG-TLSProxy
X-Internal-Host
X-Guploader-Uploadid
X-Real-IP
X-Ruxit-Js-Agent
X-Release
X-Cluster-Node
X-Real-Ip
X-Distributor
X-Microcachable
Time
X-EdgeConnect-Cache-Status
Xserver
CACHE
X-B3-TraceId
X-B3-Spanid
X-Powered-By-ANYU
WZWS-RAY
X-Request-Time
X-Sucuri-Cache
X-Cache-Enabled
X-SERVER-NAME
X-Logtrace-Id
Fly-Cache
X-IN-WAF
X-Irp-Debug
Ec-Rule-Version
Cache-Prefix
X-Org
AKAMAI
Ajk
X-SRCache-Key
Fly-Request-Id
Arc-Country
BehaviorPad-Version
X-NU-AKA-ACS-Version
X-PAYTM-SRV-ID
X-Generated-In
X-Accel-Expires-Debug
X-Developer
X-Destination
X-Application
X-A-Wwc
X-A-Dgt
X-A-Ccd
X-A-Dam
X-A-Dcw
X-ARC
X-B-Cookie
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Connection-Hash
X-CUA
X-D
X-BB-ID
X-Cache-Bucket
X-Date
X-A
Www
Mobile-Detection-Method
NGX
X-G
Rendered-Blocks
Meta-Geo-Continent
MD5-Digest
X-IN-APIGATEWAY
IsBot
X-Generation-Time
REQUESTUUID
X-From
X-DPWN-IS-SECURE
X-Dispatcher-Server
X-Died
VivaBuild
Viewtype
Server-Int
T-Server
V-Age
X-IN-SSL-APIGATEWAY
X-No-Session
X-Server-Time
X-Via-SSL
X-Via-CDN
X-VG-WebServer
X-Twitter-Response-Tags
X-UE-Client-Country
X-Server-By
Xc-Version
X-Rewrite-Enabled
X-Rojux
X-S-Cookie
X-WebServer
X-ScT
X-Trv-Group
X-Via-Edge
X-Transaction
X-SIPLIST1
X-Redis-Cache
X-Cache-Backend
X-Store
X-Region-Sid
ProcessTime
X-Request-UUID
X-Varnish-Beresp-Ttl
X-FireWall-Port
HA-Ipaddr
HA-Host
Ha-Gx-Prefs
HA-Georegion
HA-Servedtime
HA-Urlpath
Frame-Options
X-CS
X-Hash
HA-Geolon
HA-Geolat
X-Crawler
X-Hl-Ver
X-S-Maxage
GMS-Ver
Magicmarker
HA-Cloudapp
HA-Geocountry
X-CGP
HA-Geocity
X-Hnp-Log
X-VServer
X-VCT
SN
X-F5-Cache
Server-Host
X-External-Request-Id
X-Eu-Site
X-UnsetCookies
Web-Mar-Node
PageSpeed
X-Varnish-Action
X-Fastly-Cache
X-Wikidot-Backend
NodeID
X-Amz-Meta-Cache-Control
X-Cache-CFC
X-We-Are-Hiring
X-Gen-Mode
Origin-Cache-Control
Release
Pragrma
X-Block-Status
Origin-Edge-Control
X-Web-Node
X-GeoIP-City
X-Shopify-Stage
X-ShopId
X-ShardId
X-Sorting-Hat-ShopId
X-Owner
X-Node-Id
X-Origin-TTL
X-Alternate-Cache-Key
X-Amz-Cf-Pop
X-Policy
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
Cneonction
X-Platform
X-UA-Device-Type
X-Phone
Backend-Name
X-Sorting-Hat-PodId
X-Layer
X-NC
Country-Code
X-Wikidot-Static-Cache
X-Key
X-Webstats-RespID
X-Nc
X-Newrelic-Synthetics
X-Endurance-Cache-Level
X-C
Uber-Trace-Id
X-Tumblr-Pixel-3
X-Returned-From
X-TT-LOGID
X-Actual-URL
X-Response-By
Thinkindot-Control
Countrycode
X-Developers
X-Sf
X-Passed-To-PostProcessResponse
X-Passed-To-DLL
X-Variation
X-Up
X-Epic-Correlation-Id
X-GZip
X-Var-Ttl
X-Location
Esi-Enabled
X-Swa-Ws
X-Croise-Owner
X-Cache-URL
X-Core-Mission
X-RCS-CacheZone
X-Core-Value
X-Stale
X-Clientip
X-Cache-Srv
X-Thinkindot-L3
X-Backend-TTL
X-Backend-State
X-Backend-Host
Thinkindot-CacheControl-Type
X-Backend-Url
X-HTML-Minification-Powered-By
X-Cache-Expires
X-Debug-Cookies
X-Debug-Log
X-Request-URI
X-Returned-From-BeforeDispatch
Adler-Geo
X-Server-IP
MI-Cache-Age
MI-Cache
X-Returned-From-PostProcessResponse
Odigeo-Trace-Id
Thinkindot-CacheControl
X-NX-Host
X-ElasticPress-Search
Origin
MI-API
X-Returned-From-DLL
Is-Eu
X-GeoIP-Country-Code
Apple-News-Services-Request-Url
Heartbleed
X-Reboot
Apple-News-Services-Parsed-Url
Apple-News-Services-Handled
X-Secret
Apple-News-Services-Host
Kp-EeAlive
Platform
X-Gannett-Site-Version
X-Fetched-On
X-MSEdge-Flight
X-Passed-To
X-Dc
X-FW-Version
Section-Io-Cache
X-Instance-Name
X-Passed-To-BeforeDispatch
X-Matched-Rule
X-MI-In-Market
X-MSEdge-Features
Request-Country
Request-EU
Powered
CDCHOST
Proxy-Connection
X-Nginx-Cache-Key
X-Ua
Pagetype
X-Worker
Cache-Cookie-Set-Lfrom
X-ServiceProvider
X-Sn-Servicetimems
X-Trace-Id
Resin-Trace
X-Fstrz
X-Device-Os
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
Server-ID
RNT-Time
Content-Disposition
Cache-Tags
True-Client-Country-4JS
RNT-Machine
Decoy-Debug-Key
On-Server
Fastly-Backend-Name
Decoy-Debug-TTL
Decoy-Debug-Status
HTTPS
X-V
X-Cache-Host
X-Cdn-Origin
X-Cdn-Srv
X-Ckpd-Fst-Backend
X-NWS-UUID-VERIFY
X-Ezoic-Cdn
X-Content-Age
X-Servername
Fastly-SIE
X-Skip-Cache
Host-ID
Fastly-SWR
X-Surge-Debug
X-Rebelmouse-Surrogate-Control
Warning
X-Alicdn-Da-Ups-Status
X-CACHE-AGE
X-TIME
X-Rebelmouse-Cache-Control
X-Csrf-Token
XServer
RequestId
X-GEO
MIME-Version
PFcat
Request-Time
Sid
X-Proto
X-Req
X-Pf-Uncompressing
X-Aed
Cteonnt-Length
X-Dynatrace-Js-Agent
Pramga
Mail-Subject
X-PHP-Backend
X-Refresh
X-Edge-IP
We-Hiring
TSSecure
X-Pjax-Url
CF-IPCountry
X-Cdn-Forward
X-Ms-Lease-State
X-Varnish-Ttl
X-GRACE
X-Servedbyhost
X-Server-W
Cdn
X-Planisys-CDN-Rules
X-Flog
X-Hello
X-ABtesting
X-Page-Type
WP-Super-Cache
X-Planisys-CDN-TTL
X-Planisys-CDN-Cache
X-Atg-Version
X-Ratelimit-Limit
X-CLOUD-TRACE-CONTEXT
X-Oss-Object-Type
X-Varnish-Url
X-Oss-Request-Id
X-Oss-Hash-Crc64ecma
X-Oss-Storage-Class
X-COUNTRY
X-Time
Mime-Version
X-Oss-Server-Time
X-Geo
Dnion-Transfer-Encoding
X-CSRF-Token
Geoip-Latitude
X-Auto-Login
GeoIp-Country-Code
CDN
X-Cache-ASPX
X-DC
X-Oracle-Dms-Ecid
X-DataStream-Origin-MEX-Latency
X-Aicache-OS
FSS-Cache
X-DataStream-MidMile-RTT
X-Unique-Id
Lfy
X-GoCache-CacheStatus
FSS-Proxy
X-Varnish-Beresp-TTL
A
PageType
X-Akamai-Request-ID2
X-Sentry-ID
Rt-Proxy-Cache
X-WA
X-Datadome
NnCoection
MS-CV
X-EC-Security-Audit
X-Origin-Date
X-Via-NSCOPI
X-Origin-Expires
NODE
Node
X-Cache-Id
X-Wa
X-HCF
X-Cache-Control-Set-By
X-Varnish-HitMiss
X-MP-GENERATED-AT
Memcached
X-Bip
X-CACHE-KEY
X-Served-From
X-Thanos
X-Check-Cacheable
SD-X-WS
X-Cache-Info
X-APP
Hostname
X-Be
X-Use-Magma
X-Request-Start
X-Server-Group
X-Proxy-Server
WWW-Authenticate
X-UPSTREAM-Address
GeoIP-Country-Code
GeoIP-Latitude
X-NODE
X-Nananana
GeoIP-City
X-Ratelimit-Remaining
Memory
Geoip-City
X-SRV
X-Varnish-URL
GW-Server
UCS
X-Fastly-Cache-Hits
X-PAGE-TYPE
PICS-Label
X-Wix-Route-ID
X-Cookie
X-Gen-Id
X-User
X-GDPR
Processtime
X-From-Cache
X-ServedByHost
X-Load-Cache
X-WR-MODIFICATION
DataCenter
X-RTag
Cache-Hits
Cf-Ipcountry
X-HS-Status
X-Fastly-Backend-Reqs
X-FORWARDED-FOR
X-Edge-Server
Cdn-Request-Time
Cdn-Host
X-Gdpr
Ms-Operation-Id
Accept-Language
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Vcache
COMMERCE-SERVER-SOFTWARE
Pics-Label
X-PJAX-URL
X-Swift-Error
X-Urbn-Context-Path
X-Urbn-Site-Id
X-LI-Proto
X-Li-Pop
X-LI-UUID
Locale
Dont-Set-Cookie
X-B3-SpanId
X-BBXSRF
X-Cache-Ttl
X-Cache-Debug
X-Li-Fabric
X-Path-Route
X-Fe
X-Info
Group
Get-Access-Time
X-Cache-HT
Is-Session-Tracking
X-Dw-Trace-Id
X-CDN-Pop
X-CDN-Pop-IP
X-VG-WebCache
X-Optimization
X-RateLimit-Reset
V-Cache
X-Env
X-PF-Uncompressing
Lb
Amp-Access-Control-Allow-Source-Origin
X-ID
SS
Fastly-Soc-X-Request-Id
X-Qloud-Router
NX-Cache
X-GZIP
URI
X-Bug-Bounty
Who
X-Content-Encoded-By
Requestid
X-NGINX-Cache
Serverid
X-ServerName
X-Ver
AGE-Hash
X-Cache-FS-Status
X-P-T
CDN-Cache
CDN-Cache-Hit
CDN-Node
Xet-Cookie
X-CacheKey
X-Varnish-Info
X-Providence-Cookie
Ohc-Response-Time
X-SN
Ohc-File-Size
SID
X-Akamai-SSL-Client-Sid
X-Route-Name
X-Serial
X-Akamai-ERRuleID
X-Litespeed-Cache-Control
X-Shard
N-Cache
X-Flags
Https
X-Ibm-Trace
X-RequestId
X-Meta-Tbi-Cache-Vertical
X-Akamai-ERPolicy
Ws
X-Grace-Duration
X-VC
X-Is-Crawler
X-SB