Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
Last-Modified
Accept-Ranges
Pragma
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
Expect-CT
Via
X-XSS-Protection
X-Cache
Age
Access-Control-Allow-Origin
Content-Security-Policy
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Served-By
X-Amz-Cf-Id
X-Varnish
Referrer-Policy
X-Xss-Protection
X-Timer
CF-Cache-Status
X-FRAME-OPTIONS
Access-Control-Allow-Headers
X-AspNet-Version
X-Request-Id
Access-Control-Allow-Methods
X-Runtime
X-Download-Options
Access-Control-Allow-Credentials
X-Drupal-Cache
X-Cacheable
Alt-Svc
X-Request-ID
X-Generator
Content-Security-Policy-Report-Only
X-Check
X-AspNetMvc-Version
Status
X-Cache-Status
X-Adblock-Key
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Iinfo
X-Permitted-Cross-Domain-Policies
X-Template
Content-Encoding
X-Language
X-Content-Security-Policy
X-Turbo-Charged-By
X-CDN
X-Type
X-Buckets
Keep-Alive
Xkey
X-AH-Environment
X-Cache-Group
X-Backend
WPE-Backend
Access-Control-Max-Age
X-Pass-Why
X-Age
X-Server
CF-Ray
Upgrade
X-POWERED-BY
EagleId
Access-Control-Expose-Headers
X-Via
X-Nginx-Cache-Status
X-Server-Powered-By
X-Drupal-Dynamic-Cache
X-Pingback
X-Varnish-Cache
Grace
X-Hacker
X-Amz-Request-Id
X-Amz-Id-2
X-Swift-SaveTime
X-Swift-CacheTime
X-UA-Device
X-Robots-Tag
Ali-Swift-Global-Savetime
Cf-Railgun
P3p
X-LiteSpeed-Cache
X-Proxy-Cache
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Ua-Compatible
Request-Context
Content-Location
X-Device
X-Ac
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Cnection
X-Node
X-Amz-Version-Id
X-Host
X-Cache-Lookup
Surrogate-Control
X-WebKit-CSP
X-Server-Id
X-Backend-Server
X-Rack-Cache
X-Rq
X-Response-Time
X-Application-Context
X-Readtime
EagleEye-TraceId
X-CST
Server-Timing
X-Url
Pinterest-Generated-By
X-Cloud-Trace-Context
Request-Id
X-Instart-Request-ID
Report-To
X-TTL
X-OneAgent-JS-Injection
X-Px
X-Country
X-Clacks-Overhead
X-ORACLE-DMS-ECID
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Feature-Policy
Edge-Control
Rating
X-Country-Code
Allow
X-DynaTrace-JS-Agent
X-ESI
Charset
X-Powered-CMS
X-Server-Name
X-Vname
X-TtlSet
X-PC
X-Dns-Prefetch-Control
X-FTR-Request-ID
X-DataDome
X-Origin-Cache
X-DynaTrace
NEL
X-MS-InvokeApp
X-Cached
X-Goog-Hash
X-Recruiting
X-Varnish-TTL
X-Vhost
X-VARITI-CCR
X-GitHub-Request-Id
RTSS
X-ORACLE-DMS-RID
Content-MD5
X-F-Cache
X-Version
X-Kinja-Build
X-Kinja-Server
X-Kinja
X-GoogleNews-Bot
X-Exp-Id
X-Cdn-Fetch
X-Geo-Segment
X-Exp-Variant
X-Kinja-Revision
X-Powered-By-Plesk
Public-Key-Pins
Accept-CH
PB-RID
PB-PID
Arc-Version
X-Mobile-Rewrite
X-Mod-Pagespeed
X-D2id
X-Pinterest-Rid
Pinterest-Version
X-Upstream-Env
Verso
X-Client-IP
MS-Author-Via
X-Abt-Application-Version
SPRequestGuid
X-CF-Powered-By
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Dispatcher
X-N
X-SharePointHealthScore
X-Amz-Rid
AR-ATIME
AR-PoweredBy
Accept-CH-Lifetime
X-Navigation-Version
Nginx-Cache
AR-CACHE
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-Dw-Request-Base-Id
X-Trace
X-Fastly-Request-ID
X-T
DynaTrace
Paypal-Debug-Id
X-Hits
X-Upstream
X-Grace
X-Varnish-Age
Arr-Disable-Session-Affinity
X-Server-ID
TCN
X-Forwarded-Proto
X-DIS-Request-ID
X-Origin-Upstream-Status
X-Id
X-Amz-Meta-S3cmd-Attrs
X-Pad
SPIisLatency
SPRequestDuration
X-Shield-Request-Id
Permitted-Cross-Domain-Policies
X-Ruxit-JS-Agent
X-Do-Not-Hack
X-FastCGI-Cache
X-HeyJason
X-Content-Options
AR-SID
X-Content-Digest
Realpath
X-NF-Request-ID
X-Cache-Hit
X-Kinsta-Cache
X-IPLB-Instance
Access-Control-Request-Method
X-Logged-In
X-Acc-Meta-Resource-Type
MRF-Tech
Mrf-Cache-Status
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
X-B
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Metageneration
X-Goog-Generation
X-HW
X-Vcap-Request-Id
X-SS-Set-Cookie
X-Oneagent-Js-Injection
X-Debug
S
Service-Worker-Allowed
X-Ser
X-MSEdge-Ref
X-XRDS-Location
X-Wix-Server-Artifact-Id
Server-Name
X-Frontend
X-PressLabs-Stats
X-Cache-Key
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-Cache-Status
X-FTR-DC
X-FTR-Realm
X-FTR-Backend
X-Country-Code-Real
Tracecode
AMP-Access-Control-Allow-Source-Origin
X-NewRelic-App-Data
X-FTR-Expires
Rt-Fastcgi-Cache
Fastcgi-Cache
Surrogate-Key
X-GUploader-UploadID
X-Forwarded-For
X-Oracle-Dms-Rid
Eomportal-Instance
Alternate-Protocol
Fastly-Restarts
Cleartype
X-Cache-Rule
Cache-Status
X-Analytics
Backend-Timing
X-Srv
X-HS-Hub-Id
Host
X-HS-Content-Id
TP-L2-Cache
X-Revision
X-VCache
TP-Cache
X-Rid
Public-Key-Pins-Report-Only
X-Whom
X-Ttl
X-User-Agent
X-RateLimit-Remaining
X-Accel-Buffering
X-FTR-Cache-Host
X-XRDS-LOCATION
FilterID
X-Debug-Info
X-Akam-SW-Version
X-NWS-LOG-UUID
X-AOL-HN
ServerID
X-TA-CDN-Provider
X-Varnish-Backend
X-Cache-2
X-Via-JSL
Accept-Charset
X-Content-Powered-By
Front-End-Https
X-Mobile
X-Request-Received
X-Request-Processing-Time
X-Webkit-CSP
X-Zen-Fury
X-Cdn
X-Kinja-Server-Push
X-Cached-By
Viewport
X-WPE-Loopback-Upstream-Addr
X-Node-Name
X-B3-Traceid
X-App-Environment
X-LB-Cache
Liferay-Portal
X-Magnolia-Registration
X-Correlation-Id
X-Varnish-Hostname
X-Tumblr-User
X-Tumblr-Pixel-0
Host-Header
X-Content-Security-Policy-Report-Only
X-Cluster
X-Page-Id
X-Tumblr-Pixel
X-Akamai-Edgescape
X-Framework
X-Handled-By
X-Request-Guid
X-TT
X-Cache-Control
X-Device-Type
X-B3-Sampled
X-Instance
X-Platform-Server
X-Signature
X-BCube-Filmed-By
Upgrade-Insecure-Requests
X-B-Cache
X-FB-Debug
Cache-Tag
DC
X-Cache-Server
X-Hostname
X-Origin-Server
Server-Node
X-TT-TIMESTAMP
MicrosoftSharePointTeamServices
Source
X-Amzn-Trace-Id
Retry-After
Display
X-Sol
X-Middleton-Display
X-Accel-Expires
X-WA-Info
X-Contextid
X-APP-VERSION
X-Servedby
X-Varnish-Server
HitInfo
HitType
X-Cache-Action
Server-Info
X-Distil-CS
X-Cache-Operation
X-Seen-By
X-Wix-Request-Id
X-Port
Content-Script-Type
Content-Style-Type
X-GeoIP
Webserver
X-RequestSource
X-S
X-Tumblr-Pixel-2
X-WebKit-CSP-Report-Only
X-Generated-By
X-Tumblr-Pixel-1
X-Fastcgi-Cache
X-Edge-Location
GEO-INFO
X-Amz-Replication-Status
Actual-Object-TTL
User-Agent
Healthy
X-Locale
X-Jobs
X-Status
X-Geo-Country
X-Varnish-Hits
X-UUID
AsisCache
X-FW-Static
X-Edge-Cache
X-Edge-Cache-Key
X-FW-Hash
X-FW-Serve
X-FW-Server
X-Response-Served-From
X-FW-Type
X-Region
ServedBy
X-Adobe-Content
X-TX-ID
X-Adobe-Loc
X-Drupal-Cache-Tags
X-Hyper-Cache
SRV
X-Daa-Tunnel
Refresh
X-DataStream-Cache-Status
X-Newrelic-App-Data
X-Yottaa-Metrics
X-Yottaa-Optimizations
Response
X-Middleton-Response
X-Varnish-Grace
X-Cache-TTL-Remaining
Filters
IBM-Web2-Location
X-Iejgwucgyu
X-Cache-NE
X-Amz-Server-Side-Encryption
X-Cache-Age
X-ATG-Version
NGB
X-Esi
S-Cnection
Payment
X-Content-Type
X-AppVersion
X-Activity-Id
X-Az
Datacenter
X-Proxied
X-CDN-Forward
X-Pc-Hit
X-Pc-Appver
X-Pc-Key
X-Cache-Remote
X-Ruxit-Js-Agent
X-App-Server
X-Cache-TTL
X-Cacheable-TTL
X-Vg-Webcache
Cache
Country
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
Served-By
Edge-Cache-Tag
AR-Request-ID
X-UA
X-HS-Cache-Config
X-Unique-ID
X-Sucuri-ID
X-Akamai-Transformed
X-Mode
X-Varnish-IP
X-RemovedCookies
Meta-Geo
Load-Balancing
X-RN-RSRV
X-ProcessESI
X-Rendered-As
X-Detected-As
Machine
X-Cache-Var
X-Is-Bot
X-Cache-Var-Map
X-Real-IP
X-FC-Vary-Parameters
X-Rocket-Nginx-Bypass
X-Proxy
X-Grey
X-Origin-Hint
X-Origin
X-OCL
X-Varnish-Cache-Hits
X-Human
X-Hosted-By
X-PCL
X-Tb
User-Cache-Control
TWC-Privacy
Webcakes-App-Name
Webcakes-App-Version
DB-Nickname
TWC-Locale-Group
TWC-GeoIP-LatLong
TWC-Connection-Speed
Mn-Server-Ip
TWC-Device-Class
TWC-GeoIP-Country
Webcakes-Region
X-Amz-Meta-Surrogate-Control
X-ServerID
Property-Id
Cache-Name
X-ProxyCache-Status
X-ProxyCache-Key
X-Varnish-Cacheable
X-Rule
X-BB-IP
X-BYPASS-REASON
X-Cache-Category-Id
X-EIG-Tracking-Id
Access-Control-Allow-Method
Backend
X-Routing-Service
X-Environment-Context
L5d-Success-Class
X-OVcl-Cache
Now
X-Site-Version
Azure-Version
Azure-InstanceId
X-TNCMS
Azure-RegionName
Azure-SiteName
Azure-SlotName
X-OVcl
X-Original-Request
X-CDN-Cache
X-Hit
X-Generated
X-Debug-Cache
X-Format
X-JoinUs
X-L-Path
ServerName
S-Rt
X-NodeID
X-Access
X-Loop
X-Upgrade-Enabled
X-Section
X-Viewer-Country
X-Zipkin-Id
X-HS-Combine-CSS
X-Cache-Config
X-Ocache
Selected-FE
X-Via-Fastly
X-SplitTest
X-Proxy-Build
X-PERF
X-NGENIX-Cache
X-RateLimit-Limit
X-App-Name
X-AWS-Id
X-LJ-Flow-ID
X-ApacheServer
X-Agile-Id
X-Agile
X-Agile-Age
X-IP
X-Pubstack
Cache-Key
Access-Control-Request-Headers
X-VWS-Id
X-Www-Served-By
X-TWH-CORRELATION-ID
X-Timing-Wait
X-Backend-Name
X-CCM
OT-Force-Account-Verify
X-Origin-CC
X-Drupal-Cache-Contexts
X-Source
X-Correlation-ID
X-HOST
X-Xfnlog-Site
X-Nginx-Cache
X-Pc-Date
Pagespeed
X-Pc-Host
X-Upstream-CT
X-URL
X-Upstream-HT
X-Akamai-Request-ID
Powered-By-ChinaCache
HostName
X-Mrs-Cache
X-Mrs-Age
X-Mshield-Cache-Status
Fastcgi-X-Cache-Version
Fastcgi-Useragent
X-Mrs-Cache-Hits
Fastcgi-X-Cache
X-Storage
X-Vgn-Hpd-Reason
From-Origin
X-NC
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Litespeed-Cache
X-Forwarded-Host
Fastly-SSL
X-Time-Microsecs
X-NCache
X-Internal-Host
X-M-Log
X-Feature
X-Qnm-Cache
X-M-Reqid
X-Microcachable
X-Varnish-Beresp-Status
X-Release
X-Varnish-Beresp-Grace
X-Distributor
X-UA-Device-Type
X-Birta-Served
X-Birta-Cache-Post
X-Labrador-Cache-Channel
LB
XServer
NtCoent-Length
X-Ms-Version
X-Ms-Blob-Type
X-Ms-Lease-Status
Pagetype
X-Ms-Request-Id
X-VG-TLSProxy
X-Cache-Backend
X-EdgeConnect-Cache-Status
X-B3-Spanid
X-Webkit-Csp
X-Transaction
X-Twitter-Response-Tags
X-PHP-Backend
X-Connection-Hash
MIME-Version
Frame-Options
Time
X-Sucuri-Cache
X-C
X-Accel-Expires-Debug
X-Powered-By-ANYU
WZWS-RAY
X-A-Ccd
X-A
X-NU-AKA-ACS-Version
Www
X-Date
X-D
X-A-Dam
X-Destination
X-Application
X-No-Session
X-A-Wwc
X-CUA
X-A-Dgt
X-ARC
X-WebServer
X-A-Dcw
X-Org
Cneonction
AKAMAI
X-Died
X-G
IsBot
Host-ID
Server-Int
X-Generation-Time
X-Generated-In
X-Dispatcher-Server
X-DPWN-IS-SECURE
X-From
Rendered-Blocks
NGX
Mobile-Detection-Method
MD5-Digest
Meta-Geo-Continent
Fly-Request-Id
Fly-Cache
X-Developer
V-Age
Arc-Country
Viewtype
X-B-Cookie
VivaBuild
Ajk
BehaviorPad-Version
Cache-Prefix
Ec-Rule-Version
T-Server
X-IN-APIGATEWAY
X-IN-SSL-APIGATEWAY
X-Irp-Debug
X-IN-WAF
X-Logtrace-Id
Xc-Version
X-ScT
X-CF-Lambda-Fn
X-Region-Sid
X-UE-Client-Country
X-S-Cookie
X-Instance-Name
X-CF-Lambda-Version
X-BB-ID
X-CS
X-SIPLIST1
X-Redis-Cache
X-Server-Time
X-Request-UUID
X-Server-By
X-Cache-Bucket
X-SRCache-Key
X-Rojux
X-Trv-Group
X-Via-SSL
X-VG-WebServer
X-PAYTM-SRV-ID
X-Via-Edge
X-Web-Node
X-Via-CDN
X-GZip
X-Rewrite-Enabled
X-FireWall-Port
X-SERVER-NAME
X-Core-Value
X-GeoIP-City
Release
Origin-Edge-Control
GMS-Ver
X-Gen-Mode
SN
X-Hnp-Log
X-Fastly-Cache
HA-Cloudapp
X-Hl-Ver
X-F5-Cache
X-Hash
Country-Code
HA-Geolon
X-S-Maxage
NodeID
HA-Urlpath
Server-Host
Magicmarker
X-CGP
X-External-Request-Id
Origin-Cache-Control
HA-Servedtime
X-Eu-Site
HA-Geolat
HA-Geocountry
HA-Georegion
Ha-Gx-Prefs
HA-Ipaddr
HA-Host
HA-Geocity
X-Key
X-UnsetCookies
X-V
X-Node-Id
Pragrma
X-Phone
X-Store
X-RateLimit-Limit-Second
X-Request-Time
X-Platform
X-Var-Ttl
X-Wikidot-Static-Cache
X-Amz-Meta-Cache-Control
X-VServer
X-Wikidot-Backend
X-Owner
X-Origin-TTL
X-NX-Host
X-Varnish-Action
X-VCT
X-Debug-Cookies
X-Block-Status
Backend-Name
X-Layer
X-Crawler
X-Cache-Enabled
X-We-Are-Hiring
X-Cache-CFC
Web-Mar-Node
X-RateLimit-Remaining-Second
X-Debug-Log
X-App-Version
X-Webstats-RespID
ViewerVersion
X-NWS-UUID-VERIFY
Request-EU
X-Cache-URL
Thinkindot-Control
X-Core-Mission
X-Cache-Srv
Thinkindot-CacheControl-Type
Proxy-Connection
X-Developers
Thinkindot-CacheControl
X-Clientip
Request-Country
Uber-Trace-Id
X-Backend-Url
X-Backend-TTL
X-Cache-Host
X-Croise-Owner
X-Cdn-Srv
Section-Io-Cache
X-Cdn-Origin
X-Epic-Correlation-Id
X-Actual-URL
X-Cache-Expires
X-Backend-State
X-Backend-Host
X-Location
X-Passed-To-DLL
X-Passed-To-BeforeDispatch
X-Passed-To-PostProcessResponse
X-Variation
X-Tumblr-Pixel-3
X-Up
X-Passed-To
X-Cluster-Node
X-Matched-Rule
X-Alternate-Cache-Key
X-MI-In-Market
Platform
X-Nginx-Cache-Key
X-MSEdge-Flight
X-TT-LOGID
X-Trace-Id
X-Secret
X-Server-IP
X-Response-By
X-Returned-From
X-Returned-From-DLL
X-Returned-From-PostProcessResponse
X-Request-URI
X-Sf
X-Swa-Ws
X-Thinkindot-L3
X-RCS-CacheZone
X-Stale
X-Reboot
X-Sn-Servicetimems
X-ShardId
X-MSEdge-Features
X-GeoIP-Country-Code
X-ShopId
Esi-Enabled
X-HTML-Minification-Powered-By
Countrycode
Heartbleed
X-Gannett-Site-Version
Kp-EeAlive
MI-Cache
MI-Cache-Age
X-FW-Version
Is-Eu
MI-API
CDCHOST
Adler-Geo
Apple-News-Services-Handled
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-Shopify-Stage
X-Returned-From-BeforeDispatch
PFcat
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Origin
X-Fetched-On
Apple-News-Services-Host
Odigeo-Trace-Id
X-CACHE-AGE
X-Servername
X-Device-Os
X-Worker
Powered
X-Policy
X-Content-Age
X-Rebelmouse-Cache-Control
X-ElasticPress-Search
X-Fstrz
X-Rebelmouse-Surrogate-Control
X-ServiceProvider
Sid
RNT-Machine
Cache-Tags
Server-ID
True-Client-Country-4JS
Resin-Trace
Fastly-Backend-Name
On-Server
X-Ckpd-Fst-Backend
Request-Time
Content-Disposition
RNT-Time
Decoy-Debug-Status
Fastly-SIE
Decoy-Debug-TTL
Decoy-Debug-Key
X-Alicdn-Da-Ups-Status
Fastly-SWR
X-Varnish-Beresp-Ttl
X-Ezoic-Cdn
X-Ua
X-Oracle-Dms-Ecid
X-Skip-Cache
HTTPS
REQUESTUUID
ProcessTime
X-Dc
Xserver
X-Pf-Uncompressing
Cteonnt-Length
Warning
X-Csrf-Token
PageSpeed
CF-IPCountry
RequestId
X-Oss-Hash-Crc64ecma
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
X-Oss-Object-Type
X-Oss-Request-Id
X-Proto
X-Endurance-Cache-Level
X-Oss-Storage-Class
X-Oss-Server-Time
WP-Super-Cache
CDN
X-Planisys-CDN-Cache
X-Req
Mail-Subject
X-Servedbyhost
X-TIME
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
We-Hiring
X-Refresh
X-Real-Ip
X-Newrelic-Synthetics
X-Pjax-Url
X-Datadome
X-Surge-Debug
X-Atg-Version
X-GEO
CACHE
Hostname
X-Cache-ASPX
X-B3-TraceId
Ar-Sid
Dnion-Transfer-Encoding
X-Time
X-GoCache-CacheStatus
X-Aed
X-CSRF-Token
X-Varnish-Ttl
X-Nc
X-Varnish-Beresp-TTL
Pramga
X-Edge-IP
X-DC
NODE
X-CLOUD-TRACE-CONTEXT
GeoIp-Country-Code
X-Geo
X-COUNTRY
Geoip-Latitude
X-Server-W
TSSecure
X-Guploader-Uploadid
NnCoection
X-Origin-Date
X-Origin-Expires
X-Page-Type
X-Ms-Lease-State
X-Hello
X-ABtesting
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
X-Cache-Control-Set-By
X-Aicache-OS
X-Flog
X-HCF
X-Varnish-HitMiss
X-Cdn-Forward
MS-CV
SD-X-WS
X-WA
A
X-Varnish-Url
Lfy
X-Server-Group
X-Auto-Login
WWW-Authenticate
X-GRACE
X-Amz-Cf-Pop
X-Akamai-Request-ID2
Cdn
FSS-Cache
Processtime
X-UPSTREAM-Address
Geoip-City
FSS-Proxy
X-Ratelimit-Limit
X-Varnish-URL
Node
X-Wix-Route-ID
X-Wa
Mime-Version
PICS-Label
Rt-Proxy-Cache
X-Sentry-ID
Lb
X-PAGE-TYPE
X-Via-NSCOPI
X-From-Cache
X-Use-Magma
X-APP
GeoIP-Country-Code
GeoIP-Latitude
X-Unique-Id
X-Check-Cacheable
X-EC-Security-Audit
Cdn-Host
X-Gdpr
Cdn-Request-Time
X-Edge-Server
X-Cache-Id
X-RTag
X-NODE
X-Nananana
Ms-Operation-Id
Dont-Set-Cookie
PageType
X-Cache-Info
GeoIP-City
X-Gen-Id
X-Thanos
Memcached
X-Served-From
X-SRV
X-Bip
X-CACHE-KEY
COMMERCE-SERVER-SOFTWARE
X-Cookie
X-WR-MODIFICATION
X-Env
X-Fastly-Cache-Hits
Get-Access-Time
X-MP-GENERATED-AT
X-GDPR
X-Cache-HT
X-Request-Start
X-Be
X-Fastly-Backend-Reqs
X-Proxy-Server
Is-Session-Tracking
X-Optimization
X-Load-Cache
DataCenter
X-Dynatrace-Js-Agent
X-HS-Status
Who
X-FORWARDED-FOR
X-Ver
GW-Server
X-Swift-Error
X-Cache-FS-Status
Pics-Label
X-PJAX-URL
Memory
UCS
X-RateLimit-Reset
X-Ibm-Trace
X-B3-SpanId
Ws
V-Cache
X-Cache-Ttl
X-Meta-Tbi-Cache-Vertical
Group
X-User
X-ServedByHost
X-Fe
X-Wix-Petri-Ex
Cache-Hits
Httpd-Identifier
Cf-Ipcountry
X-Shard
X-Dw-Trace-Id
URI
Requestid
X-CDN-Pop
X-CDN-Pop-IP
Amp-Access-Control-Allow-Source-Origin
X-ID
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
Powered-By
NX-Cache
X-Goog-Meta-Goog-Reserved-File-Mtime
X-VC
X-GZIP
AGE-Hash
X-Bug-Bounty
X-SB
X-PF-Uncompressing
Xet-Cookie
Serverid
X-NGINX-Cache
Accept-Language
X-LI-Proto
X-LI-UUID
X-Urbn-Context-Path
X-Urbn-Site-Id
X-Content-Encoded-By
Locale
X-BBXSRF
X-Cache-Debug
X-Li-Fabric
X-Li-Pop
Https
CDN-Node
N-Cache
X-CacheKey
CDN-Cache-Hit
Version
X-Ratelimit-Remaining
X-Varnish-Info
CDN-Cache
X-StackifyID
Ohc-File-Size
X-Path-Route
X-RequestId
X-BE
RequestUuid
X-Cache-Handler
X-Litespeed-Cache-Control
X-Is-Crawler
X-LiteSpeed-Cache-Control
X-Akamai-ERRuleID
X-Grace-Duration
X-Akamai-ERPolicy
X-ServerName
X-P-T
X-Providence-Cookie
X-Route-Name
X-Flags