Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
Last-Modified
Accept-Ranges
Pragma
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
Expect-CT
Via
X-Cache
X-XSS-Protection
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Served-By
X-Amz-Cf-Id
X-Xss-Protection
X-Varnish
Referrer-Policy
X-Timer
CF-Cache-Status
X-FRAME-OPTIONS
Access-Control-Allow-Headers
X-AspNet-Version
Access-Control-Allow-Methods
X-Request-Id
X-Runtime
X-Download-Options
Access-Control-Allow-Credentials
X-Drupal-Cache
X-Request-ID
X-Cacheable
Alt-Svc
X-Generator
Content-Security-Policy-Report-Only
X-Check
X-AspNetMvc-Version
X-Adblock-Key
Status
X-Cache-Status
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Permitted-Cross-Domain-Policies
X-Template
X-Iinfo
X-Language
Content-Encoding
X-Content-Security-Policy
X-Turbo-Charged-By
X-CDN
X-Buckets
X-Type
Keep-Alive
Xkey
X-AH-Environment
X-Cache-Group
WPE-Backend
X-Pass-Why
X-Backend
Access-Control-Max-Age
X-Age
Upgrade
CF-Ray
X-Server
X-POWERED-BY
Access-Control-Expose-Headers
EagleId
X-Via
X-Nginx-Cache-Status
X-Server-Powered-By
X-Drupal-Dynamic-Cache
X-Pingback
X-Varnish-Cache
X-Amz-Id-2
X-Amz-Request-Id
X-Hacker
Grace
X-UA-Device
X-Swift-CacheTime
X-Swift-SaveTime
X-Robots-Tag
Ali-Swift-Global-Savetime
P3p
Cf-Railgun
X-LiteSpeed-Cache
X-Proxy-Cache
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Ua-Compatible
Request-Context
Content-Location
X-Device
X-Ac
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Cnection
X-Amz-Version-Id
X-Host
X-Server-Id
Surrogate-Control
X-Node
X-Cache-Lookup
X-Backend-Server
X-Rq
X-WebKit-CSP
X-Response-Time
X-Rack-Cache
X-Readtime
X-Application-Context
EagleEye-TraceId
X-OneAgent-JS-Injection
Server-Timing
X-Cloud-Trace-Context
Pinterest-Generated-By
X-CST
Report-To
X-Url
Request-Id
X-TTL
X-Instart-Request-ID
X-ORACLE-DMS-ECID
X-Country
X-Px
X-Clacks-Overhead
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Feature-Policy
Edge-Control
X-Country-Code
Rating
Allow
X-DataDome
X-Powered-CMS
NEL
X-Vname
X-PC
X-TtlSet
X-Dns-Prefetch-Control
X-FTR-Request-ID
X-Server-Name
X-Origin-Cache
X-ESI
Charset
X-DynaTrace
X-DynaTrace-JS-Agent
X-Cached
X-MS-InvokeApp
X-Vhost
X-Goog-Hash
X-GitHub-Request-Id
X-Recruiting
X-VARITI-CCR
X-Varnish-TTL
RTSS
X-F-Cache
X-Version
Content-MD5
X-Cdn-Fetch
X-GoogleNews-Bot
X-Exp-Variant
X-Exp-Id
X-Geo-Segment
X-Kinja-Revision
X-Kinja-Server
X-Kinja
X-Kinja-Build
X-Powered-By-Plesk
Accept-CH
Public-Key-Pins
Arc-Version
PB-RID
X-Mobile-Rewrite
PB-PID
X-D2id
X-Mod-Pagespeed
MS-Author-Via
Verso
X-Client-IP
X-Abt-Application-Version
X-Dispatcher
Pinterest-Version
X-Pinterest-Rid
X-Upstream-Env
SPRequestGuid
X-Ruxit-JS-Agent
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-ORACLE-DMS-RID
X-SharePointHealthScore
X-N
X-Amz-Rid
Nginx-Cache
X-Navigation-Version
Accept-CH-Lifetime
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-CF-Powered-By
X-Dw-Request-Base-Id
X-Trace
X-Fastly-Request-ID
X-Forwarded-Proto
Paypal-Debug-Id
X-Origin-Upstream-Status
X-T
X-DIS-Request-ID
X-Hits
X-Upstream
DynaTrace
X-Grace
X-Varnish-Age
SPIisLatency
Arr-Disable-Session-Affinity
SPRequestDuration
TCN
X-Amz-Meta-S3cmd-Attrs
X-Id
AR-PoweredBy
AR-ATIME
X-Shield-Request-Id
X-Pad
AR-CACHE
X-Content-Options
X-Oracle-Dms-Rid
X-Content-Digest
Realpath
X-Cdn
X-NF-Request-ID
X-HW
Access-Control-Request-Method
X-Mrf-Section-Lastmod
Mrf-Cache-Status
MRF-Tech
X-Mrf-Item-Lastmod
X-Kinsta-Cache
X-IPLB-Instance
X-Acc-Meta-Resource-Type
X-Server-ID
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Storage-Class
X-Cache-Hit
X-Goog-Stored-Content-Encoding
X-FastCGI-Cache
X-B
X-Vcap-Request-Id
X-Logged-In
X-Debug
X-Wix-Server-Artifact-Id
X-XRDS-Location
X-SS-Set-Cookie
Service-Worker-Allowed
X-Ser
Tracecode
X-NewRelic-App-Data
X-MSEdge-Ref
S
Server-Name
Fastly-Restarts
X-PressLabs-Stats
X-FTR-Cache-Status
X-FTR-DC
X-FTR-Balancer
X-FTR-Backend
X-Country-Code-Real
X-Frontend
X-FTR-Backend-Server
X-FTR-Realm
X-Cache-Key
X-FTR-Expires
X-Accel-Buffering
AMP-Access-Control-Allow-Source-Origin
Rt-Fastcgi-Cache
X-Forwarded-For
Surrogate-Key
Fastcgi-Cache
AR-SID
Backend-Timing
X-Analytics
X-Cache-Rule
Alternate-Protocol
Eomportal-Instance
X-HS-Content-Id
Host
X-HS-Hub-Id
FilterID
Cleartype
X-Srv
X-Revision
TP-L2-Cache
Cache-Status
TP-Cache
X-Rid
X-FTR-Cache-Host
Public-Key-Pins-Report-Only
Front-End-Https
X-Debug-Info
X-User-Agent
X-Iejgwucgyu
X-Whom
ServerID
X-Akam-SW-Version
X-Mobile
Accept-Charset
X-Do-Not-Hack
X-AOL-HN
X-HeyJason
X-Varnish-Backend
Permitted-Cross-Domain-Policies
X-XRDS-LOCATION
X-Cache-2
X-Webkit-CSP
X-GUploader-UploadID
X-RateLimit-Remaining
X-TA-CDN-Provider
X-Request-Processing-Time
X-Zen-Fury
X-Request-Received
X-Kinja-Server-Push
X-Via-JSL
X-Cached-By
X-Content-Powered-By
X-NWS-LOG-UUID
X-WPE-Loopback-Upstream-Addr
X-VCache
X-Oneagent-Js-Injection
X-Ttl
X-App-Environment
X-Correlation-Id
Viewport
X-Page-Id
X-LB-Cache
X-Magnolia-Registration
Host-Header
X-Cache-Control
X-Varnish-Hostname
X-Node-Name
X-Cluster
Display
X-TT
X-Tumblr-User
X-Akamai-Edgescape
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Sol
X-Request-Guid
X-Middleton-Display
Upgrade-Insecure-Requests
X-Handled-By
X-Framework
X-Content-Security-Policy-Report-Only
X-Device-Type
X-B-Cache
X-B3-Sampled
X-FB-Debug
X-Signature
X-Platform-Server
DC
X-Instance
Cache-Tag
X-BCube-Filmed-By
Liferay-Portal
X-Amzn-Trace-Id
X-Cache-Server
MicrosoftSharePointTeamServices
X-Hostname
Server-Node
X-Origin-Server
X-TT-TIMESTAMP
X-Webkit-Csp
X-Accel-Expires
X-B3-Traceid
X-Fastcgi-Cache
Retry-After
X-Varnish-Server
Source
X-WA-Info
X-Contextid
X-Servedby
X-Distil-CS
HitType
HitInfo
Server-Info
X-Seen-By
X-Wix-Request-Id
X-Esi
X-Cache-Action
Content-Script-Type
X-Edge-Location
X-Amz-Replication-Status
Content-Style-Type
X-Cache-Operation
X-GeoIP
X-ATG-Version
X-RequestSource
X-S
SRV
X-Tumblr-Pixel-2
X-WebKit-CSP-Report-Only
X-Generated-By
X-Tumblr-Pixel-1
User-Agent
Actual-Object-TTL
X-Locale
GEO-INFO
X-Status
X-Jobs
Webserver
X-Middleton-Response
Response
X-FW-Serve
X-Edge-Cache-Key
AsisCache
X-Edge-Cache
X-FW-Server
X-FW-Hash
X-Response-Served-From
X-FW-Type
X-Region
X-FW-Static
X-UUID
X-TX-ID
X-Adobe-Loc
X-Adobe-Content
X-Varnish-Hits
X-Drupal-Cache-Tags
ServedBy
X-Cache-NE
Refresh
X-Yottaa-Optimizations
X-Yottaa-Metrics
Healthy
X-Port
X-APP-VERSION
X-Newrelic-App-Data
X-Geo-Country
X-Hyper-Cache
Payment
X-DataStream-Cache-Status
X-Cache-TTL-Remaining
S-Cnection
X-Content-Type
IBM-Web2-Location
X-Cache-Age
X-URL
X-Amz-Server-Side-Encryption
X-Varnish-Grace
Country
X-Daa-Tunnel
Filters
Edge-Cache-Tag
X-HS-Cache-Config
Datacenter
X-UA
Served-By
X-Az
X-AppVersion
X-Activity-Id
HostName
NGB
X-Pc-Key
X-Pc-Hit
X-Pc-Appver
Powered-By-ChinaCache
X-Varnish-IP
X-Sucuri-ID
X-Cache-Remote
X-Cacheable-TTL
X-App-Server
X-HS-Combine-CSS
X-Vg-Webcache
X-Mrs-Cache-Hits
X-Mrs-Cache
X-Mrs-Age
X-Mshield-Cache-Status
X-Akamai-Transformed
X-Cache-TTL
X-Mode
X-ProcessESI
X-Is-Bot
X-Rendered-As
X-RemovedCookies
X-CDN-Forward
X-Proxied
X-Rule
X-Cache-Var-Map
Machine
X-Detected-As
Load-Balancing
X-Cache-Var
Meta-Geo
X-RN-RSRV
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-FC-Vary-Parameters
OT-Force-Account-Verify
TWC-Connection-Speed
Mn-Server-Ip
Property-Id
DB-Nickname
Backend
X-Varnish-Cache-Hits
Cache-Name
X-Hosted-By
X-Origin
Webcakes-App-Version
Webcakes-App-Name
X-Tb
User-Cache-Control
Webcakes-Region
X-Proxy
X-PCL
X-Rocket-Nginx-Bypass
X-Cache-Category-Id
X-Amz-Meta-Surrogate-Control
TWC-Privacy
X-Grey
X-OCL
X-Varnish-Cacheable
TWC-GeoIP-LatLong
TWC-GeoIP-Country
TWC-Locale-Group
TWC-Device-Class
X-Origin-Hint
X-ProxyCache-Key
X-ProxyCache-Status
X-CDN-Cache
Azure-Version
X-TNCMS
Azure-SiteName
X-Zipkin-Id
Access-Control-Allow-Method
Azure-InstanceId
Azure-RegionName
X-BYPASS-REASON
X-Upgrade-Enabled
X-OVcl
X-Hit
X-Routing-Service
X-Original-Request
ServerName
X-Loop
X-Human
X-Generated
X-Format
X-Section
X-ServerID
X-OVcl-Cache
X-JoinUs
X-Access
X-Site-Version
Azure-SlotName
X-BB-IP
X-AWS-Id
X-Cache-Config
X-Debug-Cache
X-Environment-Context
X-EIG-Tracking-Id
X-App-Name
X-ApacheServer
S-Rt
Now
Selected-FE
X-Agile
X-Agile-Id
X-Agile-Age
X-IP
X-L-Path
X-Via-Fastly
X-TWH-CORRELATION-ID
X-Viewer-Country
X-VWS-Id
X-Upstream-CT
X-Www-Served-By
X-Timing-Wait
X-SplitTest
X-NGENIX-Cache
X-LJ-Flow-ID
X-NodeID
X-PERF
X-Pubstack
X-Proxy-Build
L5d-Success-Class
X-Upstream-HT
Fastcgi-X-Cache-Version
Fastcgi-Useragent
Fastcgi-X-Cache
Cache-Key
X-Source
Access-Control-Request-Headers
X-CCM
X-Drupal-Cache-Contexts
X-Ocache
X-Origin-CC
From-Origin
X-Correlation-ID
X-Xfnlog-Site
X-Amz-Apigw-Id
X-HOST
X-Nginx-Cache
X-Amzn-RequestId
X-Unique-ID
Pagespeed
LB
X-Backend-Name
Cache
X-Forwarded-Host
Fastly-SSL
X-App-Version
X-Akamai-Request-ID
X-Storage
NtCoent-Length
ViewerVersion
X-Litespeed-Cache
X-RateLimit-Limit
X-Pc-Date
X-Ms-Blob-Type
X-Pc-Host
X-Ms-Lease-Status
X-Ms-Request-Id
X-Ms-Version
X-Birta-Cache-Post
X-Birta-Served
X-Vgn-Hpd-Reason
X-Qnm-Cache
X-Feature
X-M-Reqid
X-M-Log
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-Labrador-Cache-Channel
X-VG-TLSProxy
AR-Request-ID
X-Time-Microsecs
X-NCache
X-Real-Ip
Ar-Sid
X-Internal-Host
X-Cluster-Node
CACHE
X-Release
X-Distributor
X-Microcachable
X-Guploader-Uploadid
Time
PageSpeed
X-Real-IP
X-EdgeConnect-Cache-Status
X-Ruxit-Js-Agent
Xserver
WZWS-RAY
X-Powered-By-ANYU
X-B3-Spanid
X-B3-TraceId
X-Cache-Enabled
X-Request-Time
X-Sucuri-Cache
X-DPWN-IS-SECURE
AKAMAI
Ec-Rule-Version
X-Org
X-UE-Client-Country
IsBot
X-NU-AKA-ACS-Version
X-No-Session
X-A-Wwc
Mobile-Detection-Method
X-Died
X-A-Dam
X-A-Dcw
X-Twitter-Response-Tags
X-A-Dgt
Xc-Version
X-Dispatcher-Server
X-Accel-Expires-Debug
X-Varnish-Beresp-Ttl
NGX
X-G
X-Application
X-BB-ID
X-Web-Node
X-Generation-Time
X-Logtrace-Id
X-Server-Time
Meta-Geo-Continent
BehaviorPad-Version
MD5-Digest
X-B-Cookie
Arc-Country
X-Generated-In
Cache-Prefix
X-From
X-ARC
X-Cache-Backend
X-Via-Edge
X-Via-SSL
X-Cache-Bucket
X-Via-CDN
X-Store
V-Age
X-Request-UUID
X-Trv-Group
X-Transaction
X-Region-Sid
Ajk
Server-Int
X-SIPLIST1
X-CF-Lambda-Version
X-Newrelic-Synthetics
X-SRCache-Key
X-CF-Lambda-Fn
X-S-Cookie
X-Rojux
X-Rewrite-Enabled
X-VG-WebServer
X-Connection-Hash
T-Server
X-ScT
VivaBuild
Viewtype
X-A
Fly-Request-Id
X-Destination
X-Date
X-WebServer
X-PAYTM-SRV-ID
X-Server-By
X-Developer
Fly-Cache
Rendered-Blocks
X-A-Ccd
X-D
X-NC
Www
X-CUA
REQUESTUUID
X-Redis-Cache
X-ShopId
X-Dynatrace-Js-Agent
X-Sorting-Hat-ShopId
X-ShardId
X-Sorting-Hat-PodId
X-Shopify-Stage
X-SERVER-NAME
X-FireWall-Port
X-Alternate-Cache-Key
X-F5-Cache
X-GeoIP-City
X-Fastly-Cache
Magicmarker
X-Crawler
X-CS
X-Gen-Mode
GMS-Ver
X-Cache-CFC
Frame-Options
X-External-Request-Id
X-Block-Status
Backend-Name
Origin-Cache-Control
X-Phone
X-Wikidot-Backend
X-Policy
X-Wikidot-Static-Cache
Release
ProcessTime
X-Hash
Pragrma
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
SN
X-VCT
X-S-Maxage
Server-Host
X-VServer
Web-Mar-Node
X-We-Are-Hiring
X-Node-Id
X-Origin-TTL
X-Irp-Debug
X-Layer
X-IN-WAF
X-IN-SSL-APIGATEWAY
X-Hnp-Log
X-IN-APIGATEWAY
NodeID
X-Varnish-Action
X-UnsetCookies
X-Amz-Meta-Cache-Control
Origin-Edge-Control
X-Endurance-Cache-Level
X-C
X-ElasticPress-Search
X-Webstats-RespID
X-Cache-Expires
X-Backend-Host
X-Cache-Srv
X-Backend-State
Thinkindot-CacheControl-Type
X-Cache-URL
X-Backend-TTL
X-Backend-Url
X-Actual-URL
Uber-Trace-Id
Thinkindot-Control
X-Key
X-Tumblr-Pixel-3
X-TT-LOGID
X-Platform
X-RCS-CacheZone
X-Passed-To-PostProcessResponse
X-Passed-To-DLL
X-Owner
Thinkindot-CacheControl
X-Passed-To
X-Passed-To-BeforeDispatch
X-Reboot
X-Variation
X-Returned-From-BeforeDispatch
X-Stale
X-Returned-From-DLL
X-Returned-From-PostProcessResponse
X-Returned-From
X-Swa-Ws
X-Secret
X-Request-URI
X-Thinkindot-L3
X-Response-By
X-Var-Ttl
X-Up
X-Eu-Site
X-Fetched-On
X-FW-Version
X-Gannett-Site-Version
X-Epic-Correlation-Id
X-Developers
X-Clientip
X-Core-Mission
X-Core-Value
X-Croise-Owner
X-GeoIP-Country-Code
X-Hl-Ver
X-Server-IP
X-MSEdge-Features
X-MSEdge-Flight
X-Nginx-Cache-Key
X-MI-In-Market
X-Matched-Rule
X-HTML-Minification-Powered-By
X-Instance-Name
X-Location
X-Sf
X-CGP
Request-Country
HA-Ipaddr
HA-Servedtime
Ha-Gx-Prefs
HA-Georegion
HA-Geolat
HA-Geolon
HA-Urlpath
Heartbleed
Kp-EeAlive
MI-API
X-UA-Device-Type
Is-Eu
Pagetype
HA-Geocountry
HA-Geocity
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Apple-News-Services-Host
Apple-News-Services-Handled
Cneonction
Adler-Geo
CDCHOST
X-GZip
X-Ezoic-Cdn
HA-Cloudapp
Esi-Enabled
Countrycode
Country-Code
MI-Cache
HA-Host
Platform
Proxy-Connection
MI-Cache-Age
Request-EU
Section-Io-Cache
Origin
Odigeo-Trace-Id
X-Amz-Cf-Pop
X-Nc
X-CACHE-AGE
X-Device-Os
Decoy-Debug-TTL
X-ServiceProvider
X-Debug-Cookies
Fastly-Backend-Name
Decoy-Debug-Status
X-NX-Host
Server-ID
Resin-Trace
RNT-Time
Cache-Tags
X-V
X-Fstrz
Cache-Cookie-Set-Lfrom
True-Client-Country-4JS
Content-Disposition
RNT-Machine
Decoy-Debug-Key
X-Debug-Log
X-Cdn-Origin
X-Dc
X-Ckpd-Fst-Backend
X-Cache-Host
X-Trace-Id
X-NWS-UUID-VERIFY
On-Server
HTTPS
Powered
X-TIME
Cache-Cookie-Set-From
X-Worker
X-Content-Age
Cache-Cookie-Set-Idcheck
X-Sn-Servicetimems
XServer
X-COUNTRY
X-Alicdn-Da-Ups-Status
X-Surge-Debug
X-Rebelmouse-Cache-Control
Warning
X-Rebelmouse-Surrogate-Control
X-Cdn-Srv
Fastly-SIE
X-Skip-Cache
Fastly-SWR
X-Servername
X-Csrf-Token
RequestId
Host-ID
MIME-Version
X-Ratelimit-Limit
X-Pf-Uncompressing
X-Ua
X-Req
X-Aed
X-GEO
Pramga
Sid
X-Proto
PFcat
X-Edge-IP
Request-Time
Cteonnt-Length
X-Refresh
TSSecure
We-Hiring
Mail-Subject
X-PHP-Backend
X-Ms-Lease-State
X-Pjax-Url
CF-IPCountry
WP-Super-Cache
X-Page-Type
X-Cdn-Forward
X-Server-W
X-Hello
X-ABtesting
X-Flog
X-Varnish-Ttl
X-Geo
X-Varnish-Url
X-Servedbyhost
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
Cdn
X-Atg-Version
X-CLOUD-TRACE-CONTEXT
X-DC
CDN
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
Geoip-Latitude
GeoIp-Country-Code
Mime-Version
X-Auto-Login
X-Oss-Storage-Class
X-Time
X-Oss-Server-Time
X-Oss-Request-Id
Dnion-Transfer-Encoding
FSS-Proxy
X-Cache-ASPX
X-CSRF-Token
FSS-Cache
X-Oracle-Dms-Ecid
X-Aicache-OS
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
Lfy
X-Unique-Id
X-Akamai-Request-ID2
X-GoCache-CacheStatus
X-Varnish-Beresp-TTL
Rt-Proxy-Cache
A
PageType
X-WA
MS-CV
X-Sentry-ID
X-EC-Security-Audit
X-Datadome
X-GRACE
NnCoection
X-MP-GENERATED-AT
X-Served-From
X-Thanos
X-Bip
X-Via-NSCOPI
X-Cache-Id
X-Origin-Expires
Memcached
X-Origin-Date
NODE
X-Ratelimit-Remaining
X-Check-Cacheable
X-Wa
X-Varnish-HitMiss
X-HCF
X-Cache-Info
X-APP
X-Cache-Control-Set-By
X-CACHE-KEY
Node
X-Be
X-Request-Start
X-Proxy-Server
SD-X-WS
Hostname
X-Nananana
X-Use-Magma
WWW-Authenticate
Memory
X-Server-Group
GeoIP-Latitude
X-UPSTREAM-Address
GeoIP-Country-Code
X-NODE
X-SRV
UCS
X-Fastly-Cache-Hits
Geoip-City
GeoIP-City
GW-Server
DataCenter
X-ServedByHost
X-User
X-Varnish-URL
Cache-Hits
X-Vcache
X-Cookie
PICS-Label
X-PAGE-TYPE
X-Wix-Route-ID
X-WR-MODIFICATION
X-RTag
X-Gen-Id
X-From-Cache
Accept-Language
Processtime
X-GDPR
X-Load-Cache
Amp-Access-Control-Allow-Source-Origin
Cf-Ipcountry
Cdn-Request-Time
X-FORWARDED-FOR
X-Edge-Server
X-Gdpr
X-HS-Status
X-Goog-Meta-Goog-Reserved-File-Mtime
X-PJAX-URL
X-Fastly-Backend-Reqs
Cdn-Host
Ms-Operation-Id
X-Li-Pop
X-Swift-Error
X-Urbn-Context-Path
X-LI-Proto
COMMERCE-SERVER-SOFTWARE
X-Urbn-Site-Id
X-Cache-Ttl
Pics-Label
X-LI-UUID
X-Cache-Debug
Locale
X-BBXSRF
X-Li-Fabric
X-Path-Route
X-B3-SpanId
Dont-Set-Cookie
X-Info
Is-Session-Tracking
Lb
X-Env
X-Cache-HT
Group
SS
Get-Access-Time
X-Qloud-Router
X-Fe
V-Cache
X-CDN-Pop-IP
X-CDN-Pop
X-Dw-Trace-Id
X-RateLimit-Reset
X-PF-Uncompressing
Fastly-Soc-X-Request-Id
X-Optimization
X-VG-WebCache
X-ID
X-Content-Encoded-By
NX-Cache
URI
X-Bug-Bounty
X-GZIP
Who
Requestid
Serverid
X-NGINX-Cache
CDN-Cache-Hit
CDN-Node
CDN-Cache
AGE-Hash
Xet-Cookie
X-CacheKey
X-SN
X-Ver
X-P-T
X-ServerName
X-Varnish-Info
X-Cache-FS-Status
Ws
N-Cache
SID
X-CSRF-TOKEN
X-Akamai-SSL-Client-Sid
X-Serial
X-Ibm-Trace
X-Shard
X-Akamai-ERPolicy
X-Route-Name
X-Akamai-ERRuleID
Https
X-Grace-Duration
X-Providence-Cookie
X-Is-Crawler
X-VC
X-SB
X-RequestId
X-Litespeed-Cache-Control
X-Flags
X-Meta-Tbi-Cache-Vertical