Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
Last-Modified
Accept-Ranges
Pragma
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
Expect-CT
Via
X-XSS-Protection
X-Cache
Age
Access-Control-Allow-Origin
Content-Security-Policy
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Served-By
X-Amz-Cf-Id
X-Varnish
Referrer-Policy
X-Xss-Protection
X-Timer
CF-Cache-Status
X-FRAME-OPTIONS
Access-Control-Allow-Headers
X-AspNet-Version
Access-Control-Allow-Methods
X-Request-Id
X-Runtime
X-Download-Options
Access-Control-Allow-Credentials
X-Drupal-Cache
X-Request-ID
X-Cacheable
Alt-Svc
X-Generator
Content-Security-Policy-Report-Only
X-Check
X-AspNetMvc-Version
X-Adblock-Key
Status
X-Cache-Status
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Template
X-Permitted-Cross-Domain-Policies
X-Language
X-Iinfo
Content-Encoding
X-Content-Security-Policy
X-Turbo-Charged-By
X-CDN
X-Buckets
X-Type
Keep-Alive
Xkey
X-AH-Environment
X-Cache-Group
WPE-Backend
X-Pass-Why
X-Backend
Access-Control-Max-Age
X-Age
CF-Ray
X-POWERED-BY
Upgrade
X-Server
Access-Control-Expose-Headers
EagleId
X-Via
X-Nginx-Cache-Status
X-Server-Powered-By
X-Drupal-Dynamic-Cache
X-Pingback
X-Varnish-Cache
X-Amz-Request-Id
X-Amz-Id-2
X-Hacker
Grace
X-UA-Device
X-Swift-SaveTime
X-Swift-CacheTime
X-Robots-Tag
Ali-Swift-Global-Savetime
P3p
Cf-Railgun
X-LiteSpeed-Cache
X-Proxy-Cache
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Ua-Compatible
Request-Context
Content-Location
X-Device
X-Ac
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Cnection
X-Amz-Version-Id
X-Host
X-Server-Id
X-Node
X-Cache-Lookup
Surrogate-Control
X-Backend-Server
X-Rq
X-Response-Time
X-Rack-Cache
X-WebKit-CSP
X-Readtime
X-Application-Context
EagleEye-TraceId
X-OneAgent-JS-Injection
Server-Timing
X-Cloud-Trace-Context
Pinterest-Generated-By
X-CST
Report-To
X-Url
Request-Id
X-Instart-Request-ID
X-TTL
X-Country
X-ORACLE-DMS-ECID
X-Px
X-Clacks-Overhead
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Feature-Policy
Edge-Control
X-Country-Code
Rating
Allow
X-Dns-Prefetch-Control
X-DataDome
X-ESI
X-Powered-CMS
X-TtlSet
X-PC
X-Vname
NEL
X-FTR-Request-ID
Charset
X-Server-Name
X-DynaTrace-JS-Agent
X-Origin-Cache
X-DynaTrace
X-MS-InvokeApp
X-Cached
X-Goog-Hash
X-Vhost
X-GitHub-Request-Id
X-Recruiting
X-VARITI-CCR
X-Varnish-TTL
RTSS
X-Version
X-F-Cache
Content-MD5
X-GoogleNews-Bot
X-Exp-Variant
X-Exp-Id
X-Kinja-Revision
X-Geo-Segment
X-Kinja
X-Cdn-Fetch
X-Kinja-Build
X-Kinja-Server
X-Powered-By-Plesk
Accept-CH
Public-Key-Pins
PB-RID
PB-PID
X-Mobile-Rewrite
X-D2id
Arc-Version
X-Mod-Pagespeed
MS-Author-Via
Verso
X-Client-IP
Pinterest-Version
X-Pinterest-Rid
X-Abt-Application-Version
X-Upstream-Env
X-Dispatcher
SPRequestGuid
X-ORACLE-DMS-RID
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-SharePointHealthScore
X-N
X-Ruxit-JS-Agent
X-Amz-Rid
Nginx-Cache
X-CF-Powered-By
X-Navigation-Version
Accept-CH-Lifetime
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Dw-Request-Base-Id
X-Trace
X-Fastly-Request-ID
Paypal-Debug-Id
X-Forwarded-Proto
X-DIS-Request-ID
X-T
X-Origin-Upstream-Status
X-Hits
X-Upstream
DynaTrace
X-Varnish-Age
SPRequestDuration
SPIisLatency
Arr-Disable-Session-Affinity
X-Amz-Meta-S3cmd-Attrs
TCN
AR-PoweredBy
X-Id
AR-ATIME
X-Shield-Request-Id
X-Grace
X-Pad
AR-CACHE
X-Content-Options
X-Content-Digest
Realpath
X-NF-Request-ID
X-Oracle-Dms-Rid
X-Server-ID
X-HW
Access-Control-Request-Method
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
X-Kinsta-Cache
MRF-Tech
Mrf-Cache-Status
X-IPLB-Instance
X-Acc-Meta-Resource-Type
X-Cache-Hit
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-B
X-Vcap-Request-Id
X-Logged-In
X-Debug
X-SS-Set-Cookie
X-Wix-Server-Artifact-Id
X-NewRelic-App-Data
X-XRDS-Location
X-FastCGI-Cache
X-Ser
Service-Worker-Allowed
Tracecode
S
X-MSEdge-Ref
Server-Name
X-PressLabs-Stats
X-Country-Code-Real
X-FTR-Balancer
X-FTR-Backend
X-Frontend
X-FTR-Backend-Server
X-FTR-Cache-Status
X-FTR-DC
X-FTR-Realm
AMP-Access-Control-Allow-Source-Origin
Fastly-Restarts
X-Cache-Key
X-FTR-Expires
Rt-Fastcgi-Cache
X-Accel-Buffering
Surrogate-Key
X-Forwarded-For
Fastcgi-Cache
AR-SID
Alternate-Protocol
Eomportal-Instance
X-Cache-Rule
X-Analytics
Backend-Timing
X-HS-Hub-Id
X-HS-Content-Id
Host
TP-Cache
TP-L2-Cache
Cleartype
FilterID
Cache-Status
X-Ttl
X-Srv
X-Revision
X-Rid
Public-Key-Pins-Report-Only
X-FTR-Cache-Host
X-Whom
X-Debug-Info
X-User-Agent
Front-End-Https
X-Akam-SW-Version
Permitted-Cross-Domain-Policies
X-Do-Not-Hack
X-HeyJason
ServerID
X-Mobile
X-XRDS-LOCATION
X-AOL-HN
X-Varnish-Backend
Accept-Charset
X-Webkit-CSP
X-RateLimit-Remaining
X-Cdn
X-TA-CDN-Provider
X-Cache-2
X-Iejgwucgyu
X-Kinja-Server-Push
X-Via-JSL
X-Request-Received
X-Request-Processing-Time
X-VCache
X-GUploader-UploadID
X-Zen-Fury
X-Content-Powered-By
X-NWS-LOG-UUID
X-Oneagent-Js-Injection
X-Cached-By
X-Correlation-Id
X-WPE-Loopback-Upstream-Addr
X-App-Environment
X-LB-Cache
Viewport
X-Varnish-Hostname
X-Cache-Control
X-Cluster
X-Node-Name
X-Tumblr-Pixel
Host-Header
X-Magnolia-Registration
X-Tumblr-Pixel-0
X-Page-Id
X-Tumblr-User
X-Akamai-Edgescape
X-Device-Type
X-Framework
X-Handled-By
X-Request-Guid
X-TT
X-BCube-Filmed-By
X-Platform-Server
X-FB-Debug
X-Signature
Upgrade-Insecure-Requests
X-B-Cache
X-B3-Sampled
X-Content-Security-Policy-Report-Only
X-Instance
Liferay-Portal
Cache-Tag
DC
X-Fastcgi-Cache
X-Sol
Display
X-Middleton-Display
X-Cache-Server
X-Amzn-Trace-Id
X-Hostname
MicrosoftSharePointTeamServices
X-Origin-Server
Server-Node
X-Webkit-Csp
X-TT-TIMESTAMP
X-Accel-Expires
Retry-After
X-Varnish-Server
Source
X-WA-Info
X-B3-Traceid
X-Distil-CS
X-Servedby
X-Contextid
HitType
HitInfo
Server-Info
X-Wix-Request-Id
X-Seen-By
X-Cache-Action
X-Edge-Location
Content-Script-Type
Content-Style-Type
X-Cache-Operation
X-GeoIP
X-Amz-Replication-Status
Webserver
User-Agent
X-Tumblr-Pixel-1
X-RequestSource
X-Tumblr-Pixel-2
SRV
X-S
Actual-Object-TTL
GEO-INFO
X-Locale
X-Status
X-WebKit-CSP-Report-Only
X-Jobs
X-Generated-By
AsisCache
X-FW-Type
X-Region
X-Response-Served-From
X-FW-Static
X-FW-Server
X-FW-Hash
X-FW-Serve
X-Edge-Cache-Key
X-Edge-Cache
X-Adobe-Loc
X-Adobe-Content
X-Drupal-Cache-Tags
X-TX-ID
X-Varnish-Hits
X-UUID
ServedBy
X-ATG-Version
Refresh
X-Cache-NE
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Middleton-Response
Healthy
X-Port
Response
X-APP-VERSION
X-Geo-Country
X-Hyper-Cache
X-DataStream-Cache-Status
X-Esi
Payment
X-Cache-TTL-Remaining
X-URL
S-Cnection
X-Cache-Age
X-Content-Type
IBM-Web2-Location
X-Newrelic-App-Data
Datacenter
X-Amz-Server-Side-Encryption
X-Varnish-Grace
X-Daa-Tunnel
X-HS-Cache-Config
Edge-Cache-Tag
Filters
Country
NGB
X-AppVersion
X-Az
X-Activity-Id
X-Cache-Remote
Served-By
X-Pc-Appver
HostName
X-Pc-Key
X-Pc-Hit
X-Cacheable-TTL
X-HS-Combine-CSS
Powered-By-ChinaCache
X-Cache-TTL
X-Sucuri-ID
X-Varnish-IP
X-App-Server
Pagespeed
X-Vg-Webcache
X-Mrs-Cache
X-Mrs-Age
X-Mode
X-Mrs-Cache-Hits
X-Akamai-Transformed
X-UA
X-Mshield-Cache-Status
X-Kong-Proxy-Latency
X-ProcessESI
X-Rule
X-Kong-Upstream-Latency
X-RemovedCookies
X-Is-Bot
X-Detected-As
Meta-Geo
X-Cache-Var
X-RN-RSRV
X-Proxied
Load-Balancing
X-Rendered-As
Machine
X-Cache-Var-Map
X-Rocket-Nginx-Bypass
X-Proxy
X-FC-Vary-Parameters
X-CDN-Forward
DB-Nickname
Cache-Name
OT-Force-Account-Verify
Webcakes-App-Version
Property-Id
X-Amz-Meta-Surrogate-Control
X-Varnish-Cache-Hits
TWC-GeoIP-Country
TWC-Privacy
TWC-GeoIP-LatLong
TWC-Locale-Group
Webcakes-Region
TWC-Device-Class
Webcakes-App-Name
Access-Control-Allow-Method
User-Cache-Control
X-Cache-Category-Id
TWC-Connection-Speed
Backend
X-Origin-Hint
X-BYPASS-REASON
X-ProxyCache-Status
X-ProxyCache-Key
X-Grey
X-Hosted-By
X-Human
X-Varnish-Cacheable
X-ServerID
X-Origin
Mn-Server-Ip
X-Tb
X-PCL
X-OCL
ServerName
X-NodeID
X-EIG-Tracking-Id
X-JoinUs
X-Loop
X-Zipkin-Id
Azure-RegionName
X-Site-Version
Now
L5d-Success-Class
Azure-Version
Azure-SlotName
Azure-InstanceId
X-Access
Azure-SiteName
S-Rt
X-Routing-Service
X-Original-Request
X-Generated
X-BB-IP
X-Section
X-TNCMS
X-Hit
X-Debug-Cache
X-CDN-Cache
X-OVcl
X-Upgrade-Enabled
X-OVcl-Cache
X-Format
X-Upstream-HT
X-Environment-Context
X-Proxy-Build
X-Cache-Config
X-Timing-Wait
X-PERF
X-Upstream-CT
X-Pubstack
Selected-FE
X-L-Path
X-LJ-Flow-ID
X-Via-Fastly
X-ApacheServer
X-IP
X-Agile-Age
X-Agile-Id
X-Viewer-Country
X-App-Name
X-Www-Served-By
X-TWH-CORRELATION-ID
X-SplitTest
X-AWS-Id
X-NGENIX-Cache
X-VWS-Id
X-Agile
Cache-Key
Fastcgi-Useragent
X-HOST
Fastcgi-X-Cache
Access-Control-Request-Headers
Fastcgi-X-Cache-Version
X-CCM
X-Drupal-Cache-Contexts
X-Origin-CC
X-Ocache
X-Source
From-Origin
X-Xfnlog-Site
X-Nginx-Cache
X-Amzn-RequestId
X-Backend-Name
X-RateLimit-Limit
X-Amz-Apigw-Id
Cache
X-Unique-ID
X-App-Version
LB
X-Correlation-ID
X-Akamai-Request-ID
X-Forwarded-Host
X-Litespeed-Cache
Fastly-SSL
X-Storage
X-Vgn-Hpd-Reason
X-Pc-Date
X-Pc-Host
X-Feature
X-Ms-Lease-Status
X-Ms-Blob-Type
X-Ms-Request-Id
ViewerVersion
NtCoent-Length
X-Ms-Version
X-Birta-Cache-Post
X-Real-IP
X-Birta-Served
X-M-Log
X-M-Reqid
X-Varnish-Beresp-Status
X-Qnm-Cache
X-Varnish-Beresp-Grace
Ar-Sid
AR-Request-ID
X-Labrador-Cache-Channel
X-Time-Microsecs
X-VG-TLSProxy
X-NCache
X-Internal-Host
X-Guploader-Uploadid
X-Distributor
X-Cluster-Node
X-Ruxit-Js-Agent
X-Release
X-Microcachable
X-EdgeConnect-Cache-Status
Xserver
Time
X-B3-TraceId
CACHE
X-Powered-By-ANYU
WZWS-RAY
X-B3-Spanid
X-Real-Ip
X-Request-Time
X-SERVER-NAME
X-Cache-Enabled
X-Sucuri-Cache
X-B-Cookie
X-Redis-Cache
X-Dispatcher-Server
X-Region-Sid
X-Request-UUID
X-Cache-Bucket
X-ARC
REQUESTUUID
Ajk
X-BB-ID
X-PAYTM-SRV-ID
X-From
X-Application
X-VG-WebServer
X-Via-CDN
AKAMAI
X-Generation-Time
MD5-Digest
Meta-Geo-Continent
V-Age
X-Logtrace-Id
IsBot
VivaBuild
Viewtype
X-IN-APIGATEWAY
Mobile-Detection-Method
Rendered-Blocks
X-Irp-Debug
X-IN-WAF
Server-Int
X-IN-SSL-APIGATEWAY
NGX
T-Server
Www
X-No-Session
X-A-Wwc
X-A-Dgt
X-A-Dcw
X-Accel-Expires-Debug
X-G
BehaviorPad-Version
Cache-Prefix
X-Org
Ec-Rule-Version
Fly-Cache
Fly-Request-Id
X-NU-AKA-ACS-Version
X-A
X-A-Dam
X-A-Ccd
Arc-Country
X-Generated-In
X-UE-Client-Country
X-DPWN-IS-SECURE
X-Twitter-Response-Tags
X-Date
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-ScT
X-Server-By
Xc-Version
X-D
X-Trv-Group
X-Died
X-SRCache-Key
X-Store
X-CUA
X-Transaction
X-Connection-Hash
X-WebServer
X-SIPLIST1
X-S-Cookie
X-Server-Time
ProcessTime
X-Rewrite-Enabled
X-Destination
X-Via-SSL
X-Via-Edge
X-Developer
X-Rojux
X-Cache-Backend
X-Varnish-Beresp-Ttl
X-FireWall-Port
Ha-Gx-Prefs
X-NC
Magicmarker
NodeID
X-UnsetCookies
X-Varnish-Action
HA-Host
Cneonction
X-Origin-TTL
HA-Ipaddr
Country-Code
HA-Urlpath
X-CS
X-Hl-Ver
X-Web-Node
HA-Geocountry
HA-Geocity
HA-Cloudapp
X-Hnp-Log
HA-Geolat
X-Owner
HA-Geolon
X-Hash
GMS-Ver
Frame-Options
HA-Georegion
X-Node-Id
HA-Servedtime
X-VServer
X-We-Are-Hiring
Web-Mar-Node
X-Wikidot-Backend
X-RateLimit-Remaining-Second
X-Block-Status
Pragrma
X-S-Maxage
X-Alternate-Cache-Key
X-ShardId
X-Sorting-Hat-PodId
X-GeoIP-City
X-ShopId
X-Amz-Cf-Pop
Release
Server-Host
X-Fastly-Cache
X-F5-Cache
X-External-Request-Id
Pagetype
X-Gen-Mode
X-UA-Device-Type
X-Cache-CFC
X-Eu-Site
X-Sorting-Hat-ShopId
X-Shopify-Stage
Origin-Edge-Control
X-Wikidot-Static-Cache
X-RateLimit-Limit-Second
Origin-Cache-Control
Backend-Name
X-Amz-Meta-Cache-Control
X-Crawler
X-Key
X-Layer
X-VCT
X-CGP
X-Platform
X-Policy
SN
X-Phone
X-Nc
X-Endurance-Cache-Level
X-C
X-Newrelic-Synthetics
X-Webstats-RespID
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
Thinkindot-Control
Section-Io-Cache
X-Developers
X-Actual-URL
X-Epic-Correlation-Id
X-FW-Version
X-Cdn-Srv
X-Clientip
X-Fetched-On
X-Cache-Expires
X-Cache-Srv
X-Gannett-Site-Version
X-Cache-URL
X-Backend-Url
X-Backend-TTL
X-GeoIP-Country-Code
X-Debug-Cookies
X-HTML-Minification-Powered-By
X-Debug-Log
X-Croise-Owner
X-Core-Value
X-Backend-State
X-Backend-Host
X-Core-Mission
Uber-Trace-Id
X-Passed-To-BeforeDispatch
X-RCS-CacheZone
X-Passed-To-PostProcessResponse
X-Reboot
X-Request-URI
X-Returned-From
X-Response-By
X-Passed-To-DLL
Adler-Geo
CDCHOST
X-Passed-To
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Apple-News-Services-Handled
Apple-News-Services-Host
X-Returned-From-BeforeDispatch
X-Returned-From-DLL
X-Up
X-Tumblr-Pixel-3
X-Var-Ttl
X-Variation
X-Dc
X-GZip
X-TT-LOGID
X-Thinkindot-L3
X-Secret
X-Returned-From-PostProcessResponse
X-Server-IP
X-Sf
X-Swa-Ws
X-Stale
Countrycode
X-ElasticPress-Search
MI-Cache
MI-Cache-Age
MI-API
X-Instance-Name
X-Matched-Rule
Kp-EeAlive
Request-EU
X-Location
Powered
Platform
Odigeo-Trace-Id
Proxy-Connection
Request-Country
Origin
Is-Eu
X-MSEdge-Features
X-MSEdge-Flight
X-Nginx-Cache-Key
Esi-Enabled
Heartbleed
X-NX-Host
X-MI-In-Market
X-Ua
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
X-Trace-Id
Resin-Trace
X-Device-Os
X-NWS-UUID-VERIFY
X-Worker
RNT-Time
X-Ezoic-Cdn
Cache-Cookie-Set-From
X-Fstrz
Server-ID
X-ServiceProvider
RNT-Machine
HTTPS
On-Server
Fastly-Backend-Name
Cache-Tags
Content-Disposition
Decoy-Debug-Status
Decoy-Debug-TTL
X-Cdn-Origin
X-Cache-Host
X-V
X-Content-Age
X-Sn-Servicetimems
True-Client-Country-4JS
X-Ckpd-Fst-Backend
X-Servername
Decoy-Debug-Key
X-Surge-Debug
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Skip-Cache
X-Alicdn-Da-Ups-Status
Host-ID
X-TIME
Fastly-SWR
X-CACHE-AGE
Fastly-SIE
Warning
XServer
X-Csrf-Token
PageSpeed
RequestId
MIME-Version
X-GEO
Sid
Request-Time
PFcat
X-Pf-Uncompressing
X-Req
X-Aed
X-Proto
Cteonnt-Length
X-PHP-Backend
Mail-Subject
We-Hiring
X-Refresh
X-Edge-IP
Pramga
X-Dynatrace-Js-Agent
TSSecure
X-Pjax-Url
CF-IPCountry
X-Cdn-Forward
X-Ms-Lease-State
X-Varnish-Ttl
X-Planisys-CDN-Cache
X-Page-Type
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Hello
X-Flog
X-ABtesting
Cdn
X-Servedbyhost
WP-Super-Cache
X-GRACE
X-Server-W
X-Ratelimit-Limit
X-Atg-Version
X-CLOUD-TRACE-CONTEXT
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Oss-Request-Id
X-Time
X-Oss-Server-Time
Mime-Version
X-COUNTRY
X-Varnish-Url
X-Oss-Storage-Class
X-Geo
X-Auto-Login
Lfy
Dnion-Transfer-Encoding
CDN
X-CSRF-Token
X-Cache-ASPX
GeoIp-Country-Code
Geoip-Latitude
X-DC
X-Oracle-Dms-Ecid
X-Unique-Id
X-Aicache-OS
FSS-Proxy
FSS-Cache
X-DataStream-Origin-MEX-Latency
X-GoCache-CacheStatus
X-DataStream-MidMile-RTT
X-Varnish-Beresp-TTL
A
X-Akamai-Request-ID2
X-WA
X-Datadome
X-Sentry-ID
Rt-Proxy-Cache
PageType
NnCoection
MS-CV
X-EC-Security-Audit
X-Via-NSCOPI
X-Origin-Date
X-Origin-Expires
NODE
X-CACHE-KEY
X-Cache-Control-Set-By
X-Varnish-HitMiss
X-MP-GENERATED-AT
Node
X-HCF
X-Thanos
Memcached
X-Cache-Id
X-Bip
X-Wa
X-Served-From
X-Check-Cacheable
X-Be
X-Cache-Info
SD-X-WS
Hostname
X-Use-Magma
WWW-Authenticate
X-Request-Start
X-APP
X-UPSTREAM-Address
X-Server-Group
X-Proxy-Server
GeoIP-Latitude
GeoIP-Country-Code
X-Nananana
X-NODE
X-SRV
X-Ratelimit-Remaining
GeoIP-City
Memory
Geoip-City
X-Fastly-Cache-Hits
X-Wix-Route-ID
GW-Server
X-PAGE-TYPE
PICS-Label
UCS
X-Cookie
X-Varnish-URL
X-User
X-ServedByHost
X-GDPR
X-From-Cache
Processtime
X-Gen-Id
X-WR-MODIFICATION
Cache-Hits
X-RTag
DataCenter
X-Load-Cache
Cdn-Host
X-HS-Status
X-Gdpr
Cdn-Request-Time
X-Edge-Server
X-FORWARDED-FOR
X-Fastly-Backend-Reqs
Cf-Ipcountry
Ms-Operation-Id
Accept-Language
Pics-Label
X-Vcache
COMMERCE-SERVER-SOFTWARE
X-Swift-Error
X-Goog-Meta-Goog-Reserved-File-Mtime
X-PJAX-URL
Dont-Set-Cookie
X-Urbn-Context-Path
X-Cache-Ttl
X-Urbn-Site-Id
X-LI-Proto
X-LI-UUID
X-Li-Pop
X-Li-Fabric
X-BBXSRF
X-B3-SpanId
X-Cache-Debug
Locale
X-Path-Route
X-VG-WebCache
X-RateLimit-Reset
X-Info
Get-Access-Time
X-Optimization
X-Cache-HT
X-CDN-Pop-IP
X-PF-Uncompressing
X-CDN-Pop
Is-Session-Tracking
V-Cache
X-Dw-Trace-Id
Lb
X-Env
X-Fe
Group
Amp-Access-Control-Allow-Source-Origin
X-ID
X-Bug-Bounty
Requestid
NX-Cache
X-Content-Encoded-By
URI
X-Qloud-Router
Fastly-Soc-X-Request-Id
Who
SS
X-GZIP
Serverid
X-NGINX-Cache
CDN-Cache
X-P-T
X-CacheKey
CDN-Node
CDN-Cache-Hit
X-Cache-FS-Status
Xet-Cookie
X-Varnish-Info
X-Ver
AGE-Hash
X-Grace-Duration
X-RequestId
X-Route-Name
X-Serial
SID
Ohc-File-Size
X-App
X-SN
Ohc-Response-Time
X-Shard
X-ServerName
X-Akamai-SSL-Client-Sid
X-Ibm-Trace
X-VC
Ws
N-Cache
X-SB
X-Akamai-ERPolicy
X-Litespeed-Cache-Control
Https
X-Is-Crawler
X-Akamai-ERRuleID
X-Flags
X-Meta-Tbi-Cache-Vertical
X-Providence-Cookie