Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
Last-Modified
Accept-Ranges
Pragma
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
Expect-CT
Via
X-Cache
X-XSS-Protection
Age
Access-Control-Allow-Origin
Content-Security-Policy
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Xss-Protection
X-Served-By
X-Amz-Cf-Id
X-Varnish
Referrer-Policy
X-Timer
CF-Cache-Status
X-FRAME-OPTIONS
Access-Control-Allow-Headers
X-AspNet-Version
X-Request-Id
Access-Control-Allow-Methods
X-Runtime
X-Download-Options
Access-Control-Allow-Credentials
X-Drupal-Cache
X-Cacheable
X-Request-ID
Alt-Svc
X-Generator
Content-Security-Policy-Report-Only
X-Check
X-AspNetMvc-Version
Status
X-Adblock-Key
X-Cache-Status
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Permitted-Cross-Domain-Policies
X-Iinfo
X-Template
X-Language
Content-Encoding
X-Content-Security-Policy
X-Turbo-Charged-By
X-CDN
X-Type
X-Buckets
Keep-Alive
Xkey
X-AH-Environment
X-Cache-Group
X-Backend
WPE-Backend
X-Pass-Why
Access-Control-Max-Age
X-Age
CF-Ray
X-POWERED-BY
Upgrade
X-Server
Access-Control-Expose-Headers
EagleId
X-Via
X-Nginx-Cache-Status
X-Server-Powered-By
X-Drupal-Dynamic-Cache
X-Pingback
X-Varnish-Cache
X-Amz-Request-Id
X-Amz-Id-2
X-Hacker
Grace
X-UA-Device
X-Swift-CacheTime
X-Swift-SaveTime
X-Robots-Tag
Ali-Swift-Global-Savetime
P3p
Cf-Railgun
X-LiteSpeed-Cache
X-Proxy-Cache
X-Envoy-Upstream-Service-Time
X-Ua-Compatible
X-Page-Speed
Request-Context
Content-Location
X-Device
X-Ac
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Cnection
X-Node
X-Amz-Version-Id
X-Host
X-Cache-Lookup
Surrogate-Control
X-WebKit-CSP
X-Server-Id
X-Backend-Server
X-Rq
X-Rack-Cache
X-Response-Time
X-Readtime
X-Application-Context
EagleEye-TraceId
X-CST
Server-Timing
Pinterest-Generated-By
X-Url
X-Cloud-Trace-Context
X-OneAgent-JS-Injection
X-TTL
Request-Id
Report-To
X-Instart-Request-ID
X-Country
X-ORACLE-DMS-ECID
X-Px
X-Clacks-Overhead
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Feature-Policy
Edge-Control
Rating
X-Country-Code
Allow
X-DynaTrace-JS-Agent
X-Dns-Prefetch-Control
X-Powered-CMS
X-PC
X-Vname
X-TtlSet
Charset
X-FTR-Request-ID
X-Server-Name
X-Origin-Cache
X-DataDome
NEL
X-ESI
X-DynaTrace
X-MS-InvokeApp
X-Cached
X-Goog-Hash
X-Vhost
X-Recruiting
X-Varnish-TTL
X-GitHub-Request-Id
X-VARITI-CCR
RTSS
Content-MD5
X-Version
X-F-Cache
X-ORACLE-DMS-RID
X-Geo-Segment
X-Exp-Variant
X-GoogleNews-Bot
X-Exp-Id
X-Cdn-Fetch
X-Kinja-Revision
X-Kinja
X-Kinja-Server
X-Kinja-Build
X-Powered-By-Plesk
Accept-CH
PB-RID
PB-PID
Public-Key-Pins
X-Mobile-Rewrite
Arc-Version
X-D2id
X-Mod-Pagespeed
Pinterest-Version
MS-Author-Via
X-Pinterest-Rid
Verso
X-Upstream-Env
X-Client-IP
X-Abt-Application-Version
SPRequestGuid
X-Dispatcher
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-N
X-CF-Powered-By
X-SharePointHealthScore
X-Amz-Rid
Accept-CH-Lifetime
Nginx-Cache
X-Navigation-Version
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Dw-Request-Base-Id
X-Fastly-Request-ID
X-Trace
Paypal-Debug-Id
AR-PoweredBy
AR-ATIME
X-Server-ID
DynaTrace
X-T
X-Ruxit-JS-Agent
AR-CACHE
X-Varnish-Age
X-Upstream
X-Forwarded-Proto
X-Hits
X-DIS-Request-ID
Arr-Disable-Session-Affinity
TCN
X-Origin-Upstream-Status
X-Amz-Meta-S3cmd-Attrs
SPIisLatency
SPRequestDuration
X-Id
X-Pad
X-Grace
X-Shield-Request-Id
X-Content-Options
X-Content-Digest
Realpath
X-NF-Request-ID
X-Kinsta-Cache
Access-Control-Request-Method
Mrf-Cache-Status
X-Cache-Hit
MRF-Tech
X-IPLB-Instance
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
X-Acc-Meta-Resource-Type
X-Logged-In
X-HW
X-FastCGI-Cache
X-B
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Metageneration
X-Vcap-Request-Id
X-SS-Set-Cookie
X-Debug
AR-SID
X-XRDS-Location
Permitted-Cross-Domain-Policies
X-HeyJason
X-Do-Not-Hack
S
X-Ser
X-Wix-Server-Artifact-Id
Service-Worker-Allowed
X-MSEdge-Ref
X-Cache-Key
Tracecode
Server-Name
X-PressLabs-Stats
X-FTR-DC
X-FTR-Cache-Status
X-FTR-Realm
X-FTR-Balancer
X-FTR-Backend-Server
X-Country-Code-Real
X-Frontend
X-FTR-Backend
AMP-Access-Control-Allow-Source-Origin
X-NewRelic-App-Data
X-Oracle-Dms-Rid
X-FTR-Expires
Rt-Fastcgi-Cache
Fastly-Restarts
Surrogate-Key
Fastcgi-Cache
X-Forwarded-For
Alternate-Protocol
Eomportal-Instance
X-Cache-Rule
Cleartype
X-GUploader-UploadID
X-Accel-Buffering
Cache-Status
Backend-Timing
X-Analytics
X-Oneagent-Js-Injection
Host
X-Srv
TP-Cache
TP-L2-Cache
X-HS-Content-Id
X-HS-Hub-Id
X-RateLimit-Remaining
X-Rid
X-Revision
X-Whom
Public-Key-Pins-Report-Only
X-TA-CDN-Provider
X-FTR-Cache-Host
FilterID
X-Debug-Info
X-User-Agent
X-VCache
X-Akam-SW-Version
ServerID
X-AOL-HN
X-Varnish-Backend
X-XRDS-LOCATION
X-Cache-2
X-NWS-LOG-UUID
Front-End-Https
X-Webkit-CSP
Accept-Charset
X-Mobile
X-Cdn
X-Via-JSL
X-Kinja-Server-Push
X-Content-Powered-By
X-Request-Processing-Time
X-Request-Received
X-Zen-Fury
X-WPE-Loopback-Upstream-Addr
X-Ttl
X-Cached-By
Viewport
X-App-Environment
X-Node-Name
X-LB-Cache
Host-Header
X-Page-Id
X-Tumblr-Pixel
X-B3-Traceid
X-Magnolia-Registration
X-Cluster
X-Tumblr-User
X-Varnish-Hostname
X-Tumblr-Pixel-0
X-Cache-Control
X-Framework
X-TT
X-Akamai-Edgescape
X-Device-Type
X-Request-Guid
X-Handled-By
X-Signature
Liferay-Portal
X-Platform-Server
X-FB-Debug
X-B-Cache
X-BCube-Filmed-By
X-Correlation-Id
X-Content-Security-Policy-Report-Only
X-B3-Sampled
Cache-Tag
X-Instance
DC
Upgrade-Insecure-Requests
X-Cache-Server
X-Hostname
X-Origin-Server
Server-Node
MicrosoftSharePointTeamServices
X-Amzn-Trace-Id
X-TT-TIMESTAMP
X-Middleton-Display
X-Sol
Display
X-Fastcgi-Cache
X-Accel-Expires
Source
X-WA-Info
Retry-After
X-Iejgwucgyu
X-Varnish-Server
X-Contextid
X-Servedby
X-Esi
X-Distil-CS
HitInfo
Server-Info
HitType
X-Cache-Action
X-Cache-Operation
X-APP-VERSION
Content-Style-Type
Content-Script-Type
X-Seen-By
X-Wix-Request-Id
User-Agent
X-GeoIP
Webserver
X-Amz-Replication-Status
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-S
X-RequestSource
GEO-INFO
X-Port
X-Jobs
X-WebKit-CSP-Report-Only
X-Edge-Location
X-Status
Actual-Object-TTL
X-Locale
AsisCache
SRV
X-FW-Hash
X-FW-Type
X-FW-Static
X-Region
X-Response-Served-From
X-UUID
X-FW-Serve
X-FW-Server
X-Edge-Cache-Key
X-Edge-Cache
X-TX-ID
X-Adobe-Content
X-Drupal-Cache-Tags
X-Generated-By
X-Adobe-Loc
ServedBy
Healthy
X-Varnish-Hits
X-Newrelic-App-Data
X-Geo-Country
X-Hyper-Cache
Refresh
X-Yottaa-Metrics
X-ATG-Version
X-Yottaa-Optimizations
X-Cache-NE
X-DataStream-Cache-Status
X-Daa-Tunnel
Response
X-Middleton-Response
X-Cache-TTL-Remaining
IBM-Web2-Location
Payment
X-Varnish-Grace
S-Cnection
Filters
X-Content-Type
X-Amz-Server-Side-Encryption
NGB
X-Cache-Age
Datacenter
X-Az
X-AppVersion
X-Activity-Id
X-CDN-Forward
X-Vg-Webcache
X-Pc-Key
X-Pc-Hit
X-Pc-Appver
X-Cache-Remote
Country
Edge-Cache-Tag
X-Cacheable-TTL
X-Proxied
X-HS-Cache-Config
Served-By
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-App-Server
X-Cache-TTL
X-HS-Combine-CSS
X-Mode
X-Sucuri-ID
X-UA
X-Varnish-IP
X-RN-RSRV
X-Cache-Var
X-Akamai-Transformed
X-Cache-Var-Map
X-Rule
X-Rendered-As
Load-Balancing
X-ProcessESI
Machine
X-Detected-As
Meta-Geo
X-RemovedCookies
X-Is-Bot
X-FC-Vary-Parameters
Cache
X-Unique-ID
X-RateLimit-Limit
X-Rocket-Nginx-Bypass
X-Proxy
TWC-GeoIP-LatLong
TWC-GeoIP-Country
TWC-Locale-Group
X-Tb
TWC-Privacy
X-PCL
Powered-By-ChinaCache
User-Cache-Control
HostName
X-ProxyCache-Status
DB-Nickname
Property-Id
Mn-Server-Ip
Cache-Name
Backend
TWC-Device-Class
TWC-Connection-Speed
Webcakes-App-Name
X-ServerID
X-OCL
X-Cache-Category-Id
X-Hosted-By
Webcakes-Region
X-BYPASS-REASON
X-Amz-Meta-Surrogate-Control
X-Varnish-Cache-Hits
X-Grey
X-Varnish-Cacheable
X-Origin-Hint
X-Human
X-Origin
Access-Control-Allow-Method
X-ProxyCache-Key
Webcakes-App-Version
X-CDN-Cache
L5d-Success-Class
X-TNCMS
Azure-SlotName
Azure-InstanceId
Azure-SiteName
Azure-RegionName
X-Zipkin-Id
OT-Force-Account-Verify
X-BB-IP
X-Section
X-EIG-Tracking-Id
X-Original-Request
X-Routing-Service
X-NodeID
X-Format
X-Loop
X-Access
X-OVcl
X-JoinUs
X-Debug-Cache
S-Rt
Now
X-Upgrade-Enabled
ServerName
X-Hit
X-Site-Version
X-Generated
X-OVcl-Cache
Azure-Version
X-Mrs-Cache
X-Mrs-Age
X-Mrs-Cache-Hits
X-Mshield-Cache-Status
X-Correlation-ID
X-L-Path
X-Agile
X-LJ-Flow-ID
Fastcgi-X-Cache-Version
X-Agile-Age
X-SplitTest
Fastcgi-X-Cache
X-Agile-Id
X-Cache-Config
X-Proxy-Build
X-Environment-Context
X-PERF
X-Pubstack
X-IP
X-ApacheServer
X-App-Name
X-AWS-Id
Fastcgi-Useragent
Selected-FE
X-VWS-Id
X-Www-Served-By
X-HOST
X-Viewer-Country
Access-Control-Request-Headers
X-Via-Fastly
Cache-Key
X-TWH-CORRELATION-ID
X-Timing-Wait
X-Ocache
X-Drupal-Cache-Contexts
X-URL
X-CCM
X-Origin-CC
X-NGENIX-Cache
X-Upstream-HT
X-Backend-Name
X-Upstream-CT
Pagespeed
X-Xfnlog-Site
AR-Request-ID
X-Nginx-Cache
X-Source
X-Real-IP
From-Origin
X-Akamai-Request-ID
X-Ruxit-Js-Agent
X-Amzn-RequestId
X-Litespeed-Cache
X-Storage
X-Amz-Apigw-Id
X-Vgn-Hpd-Reason
X-Pc-Date
X-Pc-Host
X-Forwarded-Host
Fastly-SSL
LB
X-Feature
X-Time-Microsecs
X-NCache
X-Ms-Lease-Status
X-Ms-Request-Id
X-Varnish-Beresp-Grace
X-Ms-Blob-Type
X-Varnish-Beresp-Status
X-Ms-Version
X-M-Reqid
X-M-Log
X-Internal-Host
NtCoent-Length
X-Qnm-Cache
X-NC
X-Birta-Served
X-Birta-Cache-Post
X-Distributor
X-Release
X-Labrador-Cache-Channel
X-VG-TLSProxy
X-Microcachable
X-App-Version
X-UA-Device-Type
X-EdgeConnect-Cache-Status
X-Webkit-Csp
Pagetype
X-B3-Spanid
ViewerVersion
Time
X-Cache-Backend
X-Transaction
X-Twitter-Response-Tags
X-Connection-Hash
X-Cluster-Node
X-SERVER-NAME
XServer
Cneonction
X-Powered-By-ANYU
X-No-Session
WZWS-RAY
X-Logtrace-Id
X-NU-AKA-ACS-Version
Fly-Cache
X-A-Ccd
X-A
X-A-Dam
X-A-Dcw
X-A-Dgt
X-Destination
Www
V-Age
Viewtype
VivaBuild
X-Developer
X-A-Wwc
X-Accel-Expires-Debug
X-D
X-CUA
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Cache-Bucket
X-Date
X-Application
X-ARC
X-B-Cookie
X-BB-ID
T-Server
X-Died
X-IN-APIGATEWAY
X-IN-SSL-APIGATEWAY
Ec-Rule-Version
Fly-Request-Id
X-Generation-Time
X-IN-WAF
X-Irp-Debug
AKAMAI
Arc-Country
BehaviorPad-Version
Cache-Prefix
X-Generated-In
X-G
Rendered-Blocks
X-DPWN-IS-SECURE
X-Dispatcher-Server
Server-Int
X-From
NGX
IsBot
MD5-Digest
Meta-Geo-Continent
Mobile-Detection-Method
Ajk
X-Org
X-Request-UUID
X-SIPLIST1
X-UE-Client-Country
X-Redis-Cache
Frame-Options
X-SRCache-Key
X-PAYTM-SRV-ID
X-ScT
X-Rewrite-Enabled
X-Rojux
X-WebServer
X-Via-SSL
X-S-Cookie
X-Trv-Group
X-Region-Sid
X-Server-Time
X-Server-By
Xc-Version
X-Via-CDN
X-Via-Edge
X-VG-WebServer
X-Sucuri-Cache
X-FireWall-Port
X-Request-Time
X-C
X-NWS-UUID-VERIFY
X-Varnish-Action
Country-Code
HA-Geocity
HA-Geocountry
HA-Cloudapp
Web-Mar-Node
X-Hl-Ver
HA-Geolat
X-Hnp-Log
X-Hash
X-UnsetCookies
X-GeoIP-City
GMS-Ver
HA-Host
Origin-Edge-Control
Origin-Cache-Control
Server-Host
NodeID
X-Eu-Site
X-External-Request-Id
Release
X-F5-Cache
X-Fastly-Cache
Powered
X-Store
SN
HA-Ipaddr
X-GZip
Ha-Gx-Prefs
HA-Georegion
HA-Servedtime
HA-Urlpath
Magicmarker
X-Gen-Mode
MIME-Version
HA-Geolon
X-Key
X-Block-Status
X-Wikidot-Backend
X-Cache-CFC
X-Web-Node
X-RateLimit-Remaining-Second
X-We-Are-Hiring
X-Policy
X-Wikidot-Static-Cache
X-Cache-Enabled
X-Origin-TTL
X-Crawler
X-CS
X-Node-Id
X-Core-Value
X-Owner
X-VServer
X-RateLimit-Limit-Second
X-VCT
X-Instance-Name
X-Platform
X-Layer
X-Phone
X-CGP
Backend-Name
X-Amz-Meta-Cache-Control
X-S-Maxage
X-Webstats-RespID
Xserver
X-CACHE-AGE
Request-EU
X-Cache-URL
X-TT-LOGID
X-Epic-Correlation-Id
Section-Io-Cache
X-Core-Mission
X-Cdn-Srv
REQUESTUUID
X-Clientip
X-Cache-Srv
X-Tumblr-Pixel-3
X-Debug-Log
X-Debug-Cookies
X-Developers
X-Actual-URL
X-Up
Request-Country
X-Variation
X-Var-Ttl
X-Varnish-Beresp-Ttl
X-Backend-Host
Thinkindot-Control
Thinkindot-CacheControl-Type
X-Croise-Owner
Uber-Trace-Id
X-Cache-Expires
X-Backend-State
X-Backend-TTL
X-Backend-Url
Thinkindot-CacheControl
Is-Eu
X-Shopify-Stage
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-ShopId
X-ShardId
X-MSEdge-Features
X-Alternate-Cache-Key
X-MI-In-Market
X-Matched-Rule
Apple-News-Services-Request-Url
X-Secret
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Adler-Geo
Apple-News-Services-Handled
X-MSEdge-Flight
X-Nginx-Cache-Key
X-V
X-Passed-To
X-RCS-CacheZone
X-Passed-To-BeforeDispatch
ProcessTime
X-Passed-To-PostProcessResponse
X-Passed-To-DLL
X-Reboot
X-NX-Host
X-Returned-From-DLL
X-Returned-From-PostProcessResponse
X-Returned-From-BeforeDispatch
X-Returned-From
X-Request-URI
X-Response-By
X-Thinkindot-L3
X-Location
MI-Cache-Age
X-Stale
MI-Cache
MI-API
X-FW-Version
Odigeo-Trace-Id
Origin
Pragrma
Proxy-Connection
Platform
X-Fetched-On
X-Swa-Ws
CDCHOST
Kp-EeAlive
X-HTML-Minification-Powered-By
X-GeoIP-Country-Code
X-PHP-Backend
Esi-Enabled
X-Sf
X-Server-IP
Countrycode
Host-ID
X-Gannett-Site-Version
Heartbleed
X-Ua
X-ElasticPress-Search
X-Servername
X-Trace-Id
X-ServiceProvider
X-Sn-Servicetimems
X-Worker
X-Device-Os
X-Content-Age
X-Fstrz
Resin-Trace
RNT-Machine
On-Server
RNT-Time
Server-ID
Sid
Fastly-Backend-Name
Decoy-Debug-TTL
Cache-Tags
Content-Disposition
Decoy-Debug-Key
Decoy-Debug-Status
True-Client-Country-4JS
X-Ckpd-Fst-Backend
X-Cache-Host
X-Alicdn-Da-Ups-Status
X-Cdn-Origin
X-SERVER
X-Endurance-Cache-Level
HTTPS
CACHE
PFcat
Fastly-SIE
X-Ezoic-Cdn
X-Real-Ip
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
Fastly-SWR
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
X-Skip-Cache
Cache-Cookie-Set-From
Request-Time
X-Csrf-Token
Warning
Ar-Sid
X-Dc
X-Pf-Uncompressing
PageSpeed
X-Newrelic-Synthetics
Cteonnt-Length
X-Surge-Debug
X-Proto
CF-IPCountry
X-Req
RequestId
X-TIME
X-Refresh
We-Hiring
Mail-Subject
X-Datadome
X-Guploader-Uploadid
X-Nc
CDN
X-Aed
X-Oss-Request-Id
X-Planisys-CDN-TTL
X-B3-TraceId
X-Planisys-CDN-Cache
X-Oss-Hash-Crc64ecma
X-Planisys-CDN-Rules
WP-Super-Cache
X-Pjax-Url
X-Oss-Object-Type
X-Oss-Storage-Class
X-Oss-Server-Time
X-Servedbyhost
X-Time
Pramga
X-Geo
X-Varnish-Ttl
X-GEO
X-Edge-IP
X-GRACE
Dnion-Transfer-Encoding
TSSecure
X-Cache-ASPX
X-CLOUD-TRACE-CONTEXT
X-Atg-Version
X-DC
X-GoCache-CacheStatus
X-Ms-Lease-State
X-CSRF-Token
X-COUNTRY
X-Varnish-Beresp-TTL
X-Page-Type
GeoIp-Country-Code
Geoip-Latitude
X-Amz-Cf-Pop
X-Server-W
X-ABtesting
X-Hello
X-Flog
X-Oracle-Dms-Ecid
Hostname
X-Varnish-Url
X-Aicache-OS
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
NODE
NnCoection
X-Cdn-Forward
A
Lfy
X-Origin-Date
X-Origin-Expires
Cdn
X-Auto-Login
X-WA
X-Varnish-HitMiss
X-Cache-Control-Set-By
MS-CV
FSS-Cache
FSS-Proxy
X-HCF
Mime-Version
X-Akamai-Request-ID2
SD-X-WS
X-Ratelimit-Limit
Rt-Proxy-Cache
Node
X-Unique-Id
X-Via-NSCOPI
WWW-Authenticate
X-Server-Group
X-Sentry-ID
X-Wa
X-UPSTREAM-Address
Geoip-City
X-Check-Cacheable
X-EC-Security-Audit
PageType
X-Use-Magma
X-Varnish-URL
GeoIP-Latitude
X-PAGE-TYPE
GeoIP-Country-Code
X-Served-From
PICS-Label
X-Wix-Route-ID
Processtime
X-Thanos
X-Cache-Id
X-Bip
X-APP
Memcached
X-NODE
X-Cache-Info
X-From-Cache
X-MP-GENERATED-AT
X-SRV
GeoIP-City
X-Nananana
X-Cookie
X-Gen-Id
Cdn-Request-Time
Cdn-Host
X-Request-Start
X-Be
X-CACHE-KEY
X-Edge-Server
X-Proxy-Server
X-Gdpr
X-RTag
Ms-Operation-Id
X-Fastly-Cache-Hits
Lb
X-Fastly-Backend-Reqs
X-GDPR
Memory
X-Load-Cache
DataCenter
X-Dynatrace-Js-Agent
X-WR-MODIFICATION
Dont-Set-Cookie
X-FORWARDED-FOR
GW-Server
COMMERCE-SERVER-SOFTWARE
UCS
X-Optimization
Pics-Label
Is-Session-Tracking
X-PJAX-URL
X-HS-Status
Get-Access-Time
X-User
X-Env
X-Swift-Error
X-ServedByHost
X-Cache-Ttl
X-Cache-HT
V-Cache
X-RateLimit-Reset
X-B3-SpanId
Cache-Hits
Who
Group
X-Cache-FS-Status
Accept-Language
Requestid
X-Fe
X-CDN-Pop-IP
Cf-Ipcountry
X-Ver
X-Dw-Trace-Id
X-CDN-Pop
X-Goog-Meta-Goog-Reserved-File-Mtime
Amp-Access-Control-Allow-Source-Origin
X-ID
Locale
NX-Cache
X-Urbn-Site-Id
X-Content-Encoded-By
X-Li-Fabric
X-Li-Pop
X-LI-UUID
X-Urbn-Context-Path
X-BBXSRF
X-LI-Proto
Ws
X-Bug-Bounty
X-PF-Uncompressing
X-Meta-Tbi-Cache-Vertical
X-SB
X-VC
Xet-Cookie
AGE-Hash
URI
X-Ibm-Trace
X-GZIP
Serverid
X-NGINX-Cache
X-Info
Https
X-Ratelimit-Remaining
X-Shard
Httpd-Identifier
X-Cache-Debug
N-Cache
CDN-Node
X-Varnish-Info
CDN-Cache
CDN-Cache-Hit
X-CacheKey
X-Serial
X-Akamai-ERRuleID
X-Akamai-ERPolicy
X-ServerName
X-Grace-Duration
SS
X-Qloud-Router
X-BE
RequestUuid
X-Providence-Cookie
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Litespeed-Cache-Control
X-Flags
X-Is-Crawler
Powered-By
X-Cache-Handler
X-RequestId
X-Route-Name