Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
Last-Modified
Accept-Ranges
Pragma
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
Expect-CT
Via
X-Cache
X-XSS-Protection
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Served-By
X-Amz-Cf-Id
X-Xss-Protection
X-Varnish
Referrer-Policy
X-Timer
CF-Cache-Status
X-FRAME-OPTIONS
Access-Control-Allow-Headers
X-AspNet-Version
Access-Control-Allow-Methods
X-Request-Id
X-Runtime
X-Download-Options
Access-Control-Allow-Credentials
X-Drupal-Cache
X-Request-ID
X-Cacheable
Alt-Svc
X-Generator
Content-Security-Policy-Report-Only
X-Check
X-Adblock-Key
X-AspNetMvc-Version
Status
X-Cache-Status
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Permitted-Cross-Domain-Policies
X-Template
X-Language
X-Iinfo
Content-Encoding
X-Content-Security-Policy
X-Turbo-Charged-By
X-CDN
X-Buckets
X-Type
Keep-Alive
Xkey
X-AH-Environment
X-Cache-Group
WPE-Backend
X-Pass-Why
X-Backend
Access-Control-Max-Age
X-Age
Upgrade
CF-Ray
X-Server
X-POWERED-BY
Access-Control-Expose-Headers
EagleId
X-Via
X-Nginx-Cache-Status
X-Server-Powered-By
X-Drupal-Dynamic-Cache
X-Pingback
X-Varnish-Cache
X-Amz-Id-2
X-Amz-Request-Id
X-Hacker
Grace
X-UA-Device
X-Swift-CacheTime
X-Swift-SaveTime
X-Robots-Tag
Ali-Swift-Global-Savetime
P3p
Cf-Railgun
X-LiteSpeed-Cache
X-Proxy-Cache
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Ua-Compatible
Request-Context
X-Device
Content-Location
X-Ac
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Amz-Version-Id
X-Cnection
X-Host
X-Server-Id
Surrogate-Control
X-Node
X-Cache-Lookup
X-Backend-Server
X-Rq
X-WebKit-CSP
X-Response-Time
X-Rack-Cache
X-Readtime
X-Application-Context
EagleEye-TraceId
X-OneAgent-JS-Injection
Server-Timing
X-Cloud-Trace-Context
X-Url
Pinterest-Generated-By
X-CST
Report-To
Request-Id
X-Instart-Request-ID
X-TTL
X-Country
X-ORACLE-DMS-ECID
X-Px
X-Clacks-Overhead
X-EdgeConnect-Origin-MEX-Latency
Feature-Policy
X-EdgeConnect-MidMile-RTT
Edge-Control
X-Country-Code
Rating
Allow
X-ESI
X-DataDome
NEL
X-TtlSet
X-Vname
X-PC
X-Powered-CMS
X-Dns-Prefetch-Control
X-Server-Name
X-FTR-Request-ID
Charset
X-Origin-Cache
X-DynaTrace
X-DynaTrace-JS-Agent
X-MS-InvokeApp
X-Cached
X-Vhost
X-Goog-Hash
X-GitHub-Request-Id
X-Recruiting
X-VARITI-CCR
X-Varnish-TTL
RTSS
X-F-Cache
X-Version
X-Kinja
X-Powered-By-Plesk
X-Kinja-Build
X-Kinja-Server
X-Geo-Segment
X-Cdn-Fetch
Content-MD5
X-GoogleNews-Bot
X-Kinja-Revision
X-Exp-Id
X-Exp-Variant
Accept-CH
Public-Key-Pins
X-D2id
X-Mobile-Rewrite
Arc-Version
PB-RID
PB-PID
X-Mod-Pagespeed
MS-Author-Via
Verso
X-Client-IP
X-Abt-Application-Version
X-Dispatcher
X-Pinterest-Rid
X-Upstream-Env
Pinterest-Version
SPRequestGuid
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Ruxit-JS-Agent
X-ORACLE-DMS-RID
X-SharePointHealthScore
X-N
Nginx-Cache
X-Amz-Rid
X-Navigation-Version
Accept-CH-Lifetime
X-Dw-Request-Base-Id
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-CF-Powered-By
X-Trace
X-Fastly-Request-ID
Paypal-Debug-Id
X-Forwarded-Proto
X-DIS-Request-ID
X-T
X-Origin-Upstream-Status
X-Upstream
X-Varnish-Age
X-Hits
DynaTrace
SPRequestDuration
SPIisLatency
X-Grace
Arr-Disable-Session-Affinity
X-Amz-Meta-S3cmd-Attrs
TCN
X-Id
AR-ATIME
AR-PoweredBy
X-Shield-Request-Id
X-Pad
AR-CACHE
X-Content-Options
X-Oracle-Dms-Rid
X-Content-Digest
Realpath
X-NF-Request-ID
X-HW
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
MRF-Tech
Mrf-Cache-Status
Access-Control-Request-Method
X-Kinsta-Cache
X-IPLB-Instance
X-Acc-Meta-Resource-Type
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Server-ID
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-Goog-Generation
X-FastCGI-Cache
X-B
X-Cache-Hit
X-Vcap-Request-Id
X-Logged-In
X-Debug
X-SS-Set-Cookie
X-Wix-Server-Artifact-Id
X-NewRelic-App-Data
X-Ser
Service-Worker-Allowed
Tracecode
S
X-XRDS-Location
X-MSEdge-Ref
X-PressLabs-Stats
Fastly-Restarts
Server-Name
X-Frontend
X-Country-Code-Real
X-FTR-Backend
X-FTR-DC
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-Realm
X-FTR-Cache-Status
X-Cache-Key
X-FTR-Expires
AMP-Access-Control-Allow-Source-Origin
X-Accel-Buffering
Rt-Fastcgi-Cache
Surrogate-Key
X-Forwarded-For
Fastcgi-Cache
AR-SID
X-Analytics
Backend-Timing
X-Cache-Rule
Eomportal-Instance
Alternate-Protocol
Host
X-HS-Content-Id
X-HS-Hub-Id
FilterID
X-Revision
X-Srv
Cleartype
X-Rid
TP-L2-Cache
TP-Cache
Public-Key-Pins-Report-Only
Cache-Status
X-XRDS-LOCATION
Front-End-Https
X-FTR-Cache-Host
X-Debug-Info
X-User-Agent
X-Whom
X-Akam-SW-Version
X-Iejgwucgyu
ServerID
X-Mobile
X-Ttl
Accept-Charset
X-Varnish-Backend
X-Do-Not-Hack
X-AOL-HN
Permitted-Cross-Domain-Policies
X-HeyJason
X-GUploader-UploadID
X-Webkit-CSP
X-Cache-2
X-RateLimit-Remaining
X-TA-CDN-Provider
X-Cdn
X-Request-Processing-Time
X-Zen-Fury
X-Request-Received
X-Kinja-Server-Push
X-Via-JSL
X-Correlation-Id
X-Cached-By
X-Content-Powered-By
X-WPE-Loopback-Upstream-Addr
X-VCache
X-NWS-LOG-UUID
X-Oneagent-Js-Injection
X-App-Environment
X-LB-Cache
X-Node-Name
Viewport
X-Cluster
X-Page-Id
X-Tumblr-Pixel-0
X-Magnolia-Registration
X-Tumblr-User
X-Varnish-Hostname
X-Tumblr-Pixel
X-Framework
X-Device-Type
X-Request-Guid
X-Cache-Control
Host-Header
X-Akamai-Edgescape
X-TT
X-Handled-By
X-B3-Sampled
X-B-Cache
X-Signature
X-FB-Debug
X-Platform-Server
Upgrade-Insecure-Requests
X-Content-Security-Policy-Report-Only
Liferay-Portal
X-Instance
DC
Cache-Tag
X-BCube-Filmed-By
X-Sol
X-Middleton-Display
Display
X-Amzn-Trace-Id
X-Cache-Server
MicrosoftSharePointTeamServices
X-Hostname
X-Origin-Server
Server-Node
X-TT-TIMESTAMP
X-Webkit-Csp
X-Accel-Expires
X-B3-Traceid
Retry-After
Source
X-Fastcgi-Cache
X-WA-Info
X-Varnish-Server
X-Distil-CS
X-Servedby
X-Contextid
HitType
HitInfo
Server-Info
X-Seen-By
X-Wix-Request-Id
X-Cache-Action
X-Edge-Location
Content-Script-Type
Content-Style-Type
X-Amz-Replication-Status
X-Cache-Operation
X-GeoIP
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
Webserver
X-RequestSource
X-ATG-Version
X-S
SRV
X-Status
X-Locale
X-Jobs
X-WebKit-CSP-Report-Only
GEO-INFO
User-Agent
Actual-Object-TTL
X-Generated-By
X-Region
X-Edge-Cache
X-Edge-Cache-Key
AsisCache
X-FW-Hash
X-FW-Serve
X-FW-Static
X-FW-Type
X-FW-Server
X-Response-Served-From
X-Adobe-Content
X-UUID
X-Drupal-Cache-Tags
ServedBy
X-Adobe-Loc
X-Middleton-Response
X-Varnish-Hits
Refresh
Response
X-Cache-NE
X-TX-ID
X-APP-VERSION
X-Port
Healthy
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Hyper-Cache
X-Geo-Country
Payment
X-DataStream-Cache-Status
X-Cache-Age
X-Cache-TTL-Remaining
S-Cnection
X-Esi
IBM-Web2-Location
Datacenter
X-Content-Type
X-Varnish-Grace
X-Amz-Server-Side-Encryption
Edge-Cache-Tag
X-HS-Cache-Config
Filters
X-Newrelic-App-Data
Country
X-UA
Served-By
X-Az
NGB
X-Daa-Tunnel
X-AppVersion
Powered-By-ChinaCache
X-Activity-Id
X-Pc-Appver
X-Pc-Key
X-Pc-Hit
X-HS-Combine-CSS
X-Cache-Remote
X-Sucuri-ID
X-App-Server
X-Cacheable-TTL
X-Varnish-IP
HostName
X-Cache-TTL
X-Vg-Webcache
X-Mrs-Cache-Hits
X-Mrs-Age
X-Mshield-Cache-Status
X-Mrs-Cache
X-Mode
X-Akamai-Transformed
X-Rendered-As
X-RemovedCookies
X-Is-Bot
X-RN-RSRV
X-Rule
Load-Balancing
X-CDN-Forward
X-Detected-As
X-ProcessESI
Meta-Geo
X-Proxied
Machine
X-Cache-Var-Map
X-Cache-Var
X-Kong-Upstream-Latency
X-Rocket-Nginx-Bypass
X-Proxy
X-Kong-Proxy-Latency
X-FC-Vary-Parameters
TWC-Locale-Group
X-Tb
X-Varnish-Cacheable
Cache-Name
Mn-Server-Ip
OT-Force-Account-Verify
TWC-GeoIP-Country
X-ServerID
TWC-Connection-Speed
Property-Id
TWC-GeoIP-LatLong
TWC-Device-Class
Webcakes-App-Version
X-Hosted-By
X-Amz-Meta-Surrogate-Control
X-Varnish-Cache-Hits
DB-Nickname
X-Origin
X-Origin-Hint
User-Cache-Control
Webcakes-App-Name
Webcakes-Region
Access-Control-Allow-Method
TWC-Privacy
Backend
X-Routing-Service
X-EIG-Tracking-Id
X-Hit
Azure-InstanceId
X-Section
X-CDN-Cache
X-Site-Version
X-Format
X-PCL
X-OCL
X-Grey
X-Generated
X-Original-Request
X-OVcl-Cache
X-OVcl
X-Loop
X-TNCMS
X-ProxyCache-Status
Azure-SlotName
X-ProxyCache-Key
Pagespeed
Azure-SiteName
Azure-RegionName
X-Access
X-BYPASS-REASON
X-Zipkin-Id
X-Upgrade-Enabled
ServerName
X-Human
X-Cache-Category-Id
X-JoinUs
Azure-Version
X-BB-IP
Fastcgi-Useragent
Cache-Key
Fastcgi-X-Cache
Now
X-App-Name
X-ApacheServer
X-Agile-Id
X-Agile
X-AWS-Id
X-Cache-Config
L5d-Success-Class
X-Environment-Context
S-Rt
Selected-FE
Fastcgi-X-Cache-Version
X-L-Path
Access-Control-Request-Headers
X-Pubstack
X-Proxy-Build
X-PERF
X-Upstream-CT
X-SplitTest
X-TWH-CORRELATION-ID
X-Timing-Wait
X-Www-Served-By
X-VWS-Id
X-Upstream-HT
X-Agile-Age
X-NGENIX-Cache
X-LJ-Flow-ID
X-Source
X-NodeID
X-IP
X-Viewer-Country
X-Via-Fastly
X-Debug-Cache
From-Origin
X-Origin-CC
X-Drupal-Cache-Contexts
X-Ocache
X-Amzn-RequestId
X-Nginx-Cache
X-HOST
X-Amz-Apigw-Id
X-URL
X-CCM
X-Backend-Name
X-Unique-ID
LB
X-Xfnlog-Site
X-RateLimit-Limit
X-Forwarded-Host
Cache
X-Akamai-Request-ID
Fastly-SSL
X-App-Version
X-Correlation-ID
X-Storage
X-Litespeed-Cache
X-Vgn-Hpd-Reason
NtCoent-Length
ViewerVersion
X-Pc-Host
X-Pc-Date
X-Birta-Cache-Post
X-Birta-Served
X-M-Log
X-M-Reqid
X-Qnm-Cache
X-Ms-Blob-Type
X-Varnish-Beresp-Status
X-Ms-Version
X-Ms-Request-Id
X-Ms-Lease-Status
X-Varnish-Beresp-Grace
X-Feature
X-VG-TLSProxy
AR-Request-ID
X-Labrador-Cache-Channel
X-NCache
X-Time-Microsecs
X-Real-IP
CACHE
X-Internal-Host
Ar-Sid
X-Cluster-Node
X-Microcachable
X-Guploader-Uploadid
X-Release
X-Distributor
Time
X-EdgeConnect-Cache-Status
X-Real-Ip
X-Ruxit-Js-Agent
Xserver
X-B3-Spanid
WZWS-RAY
X-Powered-By-ANYU
X-B3-TraceId
X-Sucuri-Cache
X-Request-Time
X-Cache-Enabled
Cache-Prefix
X-No-Session
X-Org
Ec-Rule-Version
X-NU-AKA-ACS-Version
X-PAYTM-SRV-ID
X-Redis-Cache
Fly-Cache
X-Region-Sid
X-Web-Node
AKAMAI
Ajk
BehaviorPad-Version
NGX
X-ARC
X-B-Cookie
X-BB-ID
X-Cache-Bucket
X-Application
X-G
X-A-Dcw
X-A-Dgt
X-A-Wwc
X-Accel-Expires-Debug
X-From
X-CF-Lambda-Fn
X-Developer
X-Died
X-Dispatcher-Server
X-DPWN-IS-SECURE
X-Destination
X-Date
X-CF-Lambda-Version
X-Connection-Hash
X-CUA
X-D
X-A-Dam
X-A-Ccd
X-Irp-Debug
Rendered-Blocks
X-IN-WAF
X-IN-SSL-APIGATEWAY
X-Request-UUID
Mobile-Detection-Method
X-Logtrace-Id
IsBot
MD5-Digest
Meta-Geo-Continent
REQUESTUUID
X-IN-APIGATEWAY
X-Generation-Time
X-Generated-In
Www
X-A
VivaBuild
Viewtype
Server-Int
T-Server
V-Age
Fly-Request-Id
Arc-Country
X-Rojux
X-S-Cookie
X-Transaction
X-Server-By
X-Via-CDN
X-Varnish-Beresp-Ttl
X-SIPLIST1
X-Twitter-Response-Tags
X-UE-Client-Country
X-Server-Time
X-ScT
X-Rewrite-Enabled
X-Trv-Group
X-Cache-Backend
X-Via-SSL
X-VG-WebServer
X-Via-Edge
X-SRCache-Key
X-Store
Xc-Version
X-FireWall-Port
X-SERVER-NAME
X-NC
X-Dynatrace-Js-Agent
X-Newrelic-Synthetics
X-S-Maxage
Frame-Options
X-Origin-TTL
X-Wikidot-Static-Cache
NodeID
Country-Code
X-Amz-Meta-Cache-Control
X-Key
X-Wikidot-Backend
X-Node-Id
HA-Geocountry
HA-Urlpath
HA-Servedtime
HA-Ipaddr
X-Varnish-Action
X-WebServer
Magicmarker
Web-Mar-Node
X-Gen-Mode
HA-Host
Ha-Gx-Prefs
HA-Cloudapp
GMS-Ver
X-UnsetCookies
HA-Geocity
X-Owner
HA-Georegion
HA-Geolon
HA-Geolat
X-GeoIP-City
X-Cache-CFC
Release
X-Alternate-Cache-Key
X-RateLimit-Limit-Second
X-ShardId
X-ShopId
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-Shopify-Stage
X-Eu-Site
X-RateLimit-Remaining-Second
ProcessTime
X-Hnp-Log
Server-Host
X-CS
X-Crawler
X-We-Are-Hiring
X-Hl-Ver
X-Platform
SN
Origin-Cache-Control
X-F5-Cache
X-Fastly-Cache
X-External-Request-Id
X-Hash
Origin-Edge-Control
Pragrma
X-Phone
X-Block-Status
X-Layer
X-CGP
Backend-Name
X-Webstats-RespID
X-C
X-Amz-Cf-Pop
X-Dc
X-ElasticPress-Search
Uber-Trace-Id
Thinkindot-Control
X-GeoIP-Country-Code
X-VCT
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
X-FW-Version
PageSpeed
X-Core-Mission
X-Clientip
X-Thinkindot-L3
X-Cache-Srv
X-Cache-URL
X-Core-Value
X-Croise-Owner
X-Stale
X-Developers
X-Debug-Log
X-Debug-Cookies
X-Swa-Ws
X-Fetched-On
X-Cache-Expires
X-Actual-URL
X-Tumblr-Pixel-3
X-GZip
X-Up
X-Gannett-Site-Version
X-Var-Ttl
Section-Io-Cache
X-TT-LOGID
X-Backend-Url
Pagetype
X-Backend-TTL
X-Backend-State
X-Backend-Host
X-Variation
MI-Cache-Age
Apple-News-Services-Request-Url
X-HTML-Minification-Powered-By
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Apple-News-Services-Handled
Countrycode
X-NX-Host
X-MSEdge-Features
X-MSEdge-Flight
X-Nginx-Cache-Key
X-Secret
X-Passed-To
Adler-Geo
X-Epic-Correlation-Id
X-Reboot
X-Returned-From-BeforeDispatch
Cneonction
X-Returned-From
X-Returned-From-DLL
X-Returned-From-PostProcessResponse
X-Passed-To-BeforeDispatch
X-Passed-To-DLL
X-Passed-To-PostProcessResponse
X-Policy
X-MI-In-Market
CDCHOST
Origin
X-Response-By
MI-Cache
MI-API
X-Instance-Name
Platform
X-UA-Device-Type
X-VServer
Proxy-Connection
X-Server-IP
Odigeo-Trace-Id
Is-Eu
Heartbleed
X-Matched-Rule
X-Location
X-Endurance-Cache-Level
X-Nc
X-Ezoic-Cdn
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
Content-Disposition
X-RCS-CacheZone
Powered
X-Request-URI
X-Sn-Servicetimems
Request-EU
Request-Country
HTTPS
Resin-Trace
Esi-Enabled
X-Sf
X-V
Cache-Cookie-Set-From
X-Trace-Id
X-TIME
Cache-Tags
Decoy-Debug-Key
Kp-EeAlive
Decoy-Debug-Status
X-ServiceProvider
On-Server
X-Cdn-Origin
Decoy-Debug-TTL
X-Cache-Host
X-Skip-Cache
X-Worker
X-Device-Os
X-Surge-Debug
X-Rebelmouse-Cache-Control
X-Servername
X-Rebelmouse-Surrogate-Control
X-Fstrz
RNT-Machine
XServer
Fastly-SIE
X-Alicdn-Da-Ups-Status
Server-ID
Fastly-SWR
Warning
RNT-Time
X-Content-Age
Fastly-Backend-Name
True-Client-Country-4JS
X-Ckpd-Fst-Backend
X-Cdn-Srv
X-NWS-UUID-VERIFY
X-CACHE-AGE
Host-ID
RequestId
MIME-Version
X-Aed
X-Pf-Uncompressing
X-Req
X-Proto
X-Ua
X-GEO
X-Edge-IP
X-Csrf-Token
Mail-Subject
PFcat
Pramga
We-Hiring
Request-Time
Sid
Cteonnt-Length
X-PHP-Backend
TSSecure
X-Refresh
X-Pjax-Url
X-Ratelimit-Limit
X-Ms-Lease-State
CF-IPCountry
X-Cdn-Forward
X-Hello
X-Flog
X-ABtesting
X-Server-W
WP-Super-Cache
X-Geo
X-Varnish-Ttl
Cdn
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Page-Type
X-Planisys-CDN-TTL
X-CLOUD-TRACE-CONTEXT
X-Atg-Version
X-CSRF-Token
CDN
Mime-Version
X-Oss-Server-Time
X-Oss-Storage-Class
X-Oss-Hash-Crc64ecma
X-Oss-Request-Id
X-Time
X-Oss-Object-Type
X-Servedbyhost
X-Varnish-Url
X-COUNTRY
GeoIp-Country-Code
Geoip-Latitude
X-Auto-Login
FSS-Proxy
FSS-Cache
Dnion-Transfer-Encoding
X-Cache-ASPX
X-Aicache-OS
X-Oracle-Dms-Ecid
X-DC
X-DataStream-Origin-MEX-Latency
X-WA
Lfy
X-DataStream-MidMile-RTT
X-Unique-Id
X-GoCache-CacheStatus
X-Akamai-Request-ID2
X-Varnish-Beresp-TTL
A
Rt-Proxy-Cache
PageType
MS-CV
X-Sentry-ID
X-Datadome
X-EC-Security-Audit
X-GRACE
NnCoection
X-MP-GENERATED-AT
X-Cache-Id
Memcached
X-Thanos
X-Bip
X-Via-NSCOPI
X-Origin-Date
X-Origin-Expires
Hostname
NODE
X-Ratelimit-Remaining
X-Check-Cacheable
X-Served-From
X-Cache-Info
X-Be
X-Varnish-HitMiss
X-APP
X-CACHE-KEY
Node
X-Cache-Control-Set-By
X-HCF
X-Wa
SD-X-WS
X-Request-Start
X-Use-Magma
X-UPSTREAM-Address
GeoIP-Latitude
GeoIP-Country-Code
Memory
X-Server-Group
X-Proxy-Server
WWW-Authenticate
X-NODE
X-Nananana
X-PAGE-TYPE
X-Fastly-Cache-Hits
Geoip-City
GW-Server
UCS
GeoIP-City
X-SRV
X-Varnish-URL
PICS-Label
X-Vcache
X-Cookie
Cache-Hits
Processtime
X-Wix-Route-ID
X-ServedByHost
X-User
X-WR-MODIFICATION
X-RTag
X-Gen-Id
Accept-Language
X-GDPR
X-From-Cache
DataCenter
X-Load-Cache
X-Goog-Meta-Goog-Reserved-File-Mtime
Cdn-Host
Cdn-Request-Time
X-Edge-Server
Amp-Access-Control-Allow-Source-Origin
X-Gdpr
X-HS-Status
X-FORWARDED-FOR
X-Fastly-Backend-Reqs
Cf-Ipcountry
Ms-Operation-Id
Pics-Label
X-PJAX-URL
X-Li-Pop
X-Urbn-Site-Id
X-Urbn-Context-Path
Locale
COMMERCE-SERVER-SOFTWARE
X-Swift-Error
X-LI-UUID
X-Path-Route
X-LI-Proto
X-Cache-Debug
X-BBXSRF
X-Li-Fabric
Dont-Set-Cookie
X-Info
X-B3-SpanId
X-Cache-Ttl
X-Env
V-Cache
Fastly-Soc-X-Request-Id
X-Cache-HT
X-VG-WebCache
SS
X-Qloud-Router
Is-Session-Tracking
X-PF-Uncompressing
X-RateLimit-Reset
Group
X-CDN-Pop-IP
X-CDN-Pop
X-Dw-Trace-Id
X-Optimization
Get-Access-Time
X-Fe
Lb
X-ID
Requestid
X-Bug-Bounty
X-P-T
X-Content-Encoded-By
NX-Cache
URI
Who
X-GZIP
X-NGINX-Cache
Serverid
CDN-Cache
X-SN
X-CacheKey
CDN-Cache-Hit
CDN-Node
AGE-Hash
X-Cache-FS-Status
X-ServerName
X-Varnish-Info
X-Ver
Xet-Cookie
SID
X-CSRF-TOKEN
X-RequestId
X-Akamai-SSL-Client-Sid
X-Shard
X-Serial
X-Litespeed-Cache-Control
X-Meta-Tbi-Cache-Vertical
X-Ibm-Trace
X-Grace-Duration
Https
X-Akamai-ERPolicy
N-Cache
X-VC
Ws
X-Flags
X-SB
X-Is-Crawler
X-Providence-Cookie
X-Route-Name
X-Akamai-ERRuleID