Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
Last-Modified
Accept-Ranges
Pragma
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
Expect-CT
Via
X-Cache
X-XSS-Protection
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Served-By
X-Amz-Cf-Id
X-Xss-Protection
X-Varnish
Referrer-Policy
X-Timer
CF-Cache-Status
X-FRAME-OPTIONS
Access-Control-Allow-Headers
X-AspNet-Version
Access-Control-Allow-Methods
X-Request-Id
X-Runtime
X-Download-Options
Access-Control-Allow-Credentials
X-Drupal-Cache
X-Request-ID
X-Cacheable
Alt-Svc
X-Generator
Content-Security-Policy-Report-Only
X-Check
X-AspNetMvc-Version
X-Adblock-Key
Status
X-Cache-Status
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Template
X-Permitted-Cross-Domain-Policies
X-Language
X-Iinfo
Content-Encoding
X-Content-Security-Policy
X-Turbo-Charged-By
X-CDN
X-Buckets
X-Type
Keep-Alive
Xkey
X-AH-Environment
X-Cache-Group
WPE-Backend
X-Pass-Why
X-Backend
Access-Control-Max-Age
X-Age
Upgrade
CF-Ray
X-Server
X-POWERED-BY
Access-Control-Expose-Headers
EagleId
X-Via
X-Nginx-Cache-Status
X-Server-Powered-By
X-Drupal-Dynamic-Cache
X-Pingback
X-Varnish-Cache
X-Amz-Id-2
X-Amz-Request-Id
X-Hacker
Grace
X-UA-Device
X-Swift-SaveTime
X-Swift-CacheTime
X-Robots-Tag
Ali-Swift-Global-Savetime
P3p
Cf-Railgun
X-LiteSpeed-Cache
X-Proxy-Cache
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Ua-Compatible
Request-Context
Content-Location
X-Device
X-Ac
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Cnection
X-Amz-Version-Id
X-Host
X-Server-Id
Surrogate-Control
X-Cache-Lookup
X-Node
X-Backend-Server
X-Rq
X-WebKit-CSP
X-Response-Time
X-Rack-Cache
X-Application-Context
X-Readtime
EagleEye-TraceId
X-OneAgent-JS-Injection
Server-Timing
X-Cloud-Trace-Context
X-Url
Pinterest-Generated-By
X-CST
Report-To
Request-Id
X-TTL
X-Instart-Request-ID
X-Country
X-ORACLE-DMS-ECID
X-Px
X-Clacks-Overhead
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Feature-Policy
Edge-Control
X-Country-Code
Rating
Allow
X-DataDome
X-ESI
X-Powered-CMS
NEL
X-TtlSet
X-Vname
X-PC
X-Dns-Prefetch-Control
X-Server-Name
X-Origin-Cache
X-FTR-Request-ID
Charset
X-DynaTrace
X-MS-InvokeApp
X-Cached
X-DynaTrace-JS-Agent
X-Goog-Hash
X-Vhost
X-GitHub-Request-Id
X-Recruiting
X-VARITI-CCR
X-Varnish-TTL
RTSS
X-F-Cache
X-Version
X-Kinja
X-Kinja-Revision
X-GoogleNews-Bot
X-Exp-Id
X-Geo-Segment
X-Exp-Variant
X-Kinja-Build
X-Kinja-Server
X-Cdn-Fetch
Content-MD5
X-Powered-By-Plesk
Accept-CH
Public-Key-Pins
X-Mobile-Rewrite
X-D2id
PB-RID
PB-PID
Arc-Version
X-Mod-Pagespeed
MS-Author-Via
Verso
X-Upstream-Env
Pinterest-Version
X-Pinterest-Rid
X-Abt-Application-Version
X-Client-IP
X-Dispatcher
SPRequestGuid
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Ruxit-JS-Agent
X-SharePointHealthScore
X-N
X-Amz-Rid
Nginx-Cache
Accept-CH-Lifetime
X-Navigation-Version
X-TEC-API-ORIGIN
X-Dw-Request-Base-Id
X-TEC-API-VERSION
X-TEC-API-ROOT
X-ORACLE-DMS-RID
X-CF-Powered-By
X-Trace
X-Fastly-Request-ID
X-Forwarded-Proto
Paypal-Debug-Id
X-T
X-Origin-Upstream-Status
X-DIS-Request-ID
X-Oracle-Dms-Rid
X-Grace
X-Hits
X-Upstream
X-Varnish-Age
SPRequestDuration
DynaTrace
SPIisLatency
Arr-Disable-Session-Affinity
X-Amz-Meta-S3cmd-Attrs
TCN
AR-PoweredBy
X-Id
AR-ATIME
X-Shield-Request-Id
X-Pad
AR-CACHE
X-Content-Options
X-Content-Digest
Realpath
X-NF-Request-ID
X-HW
Access-Control-Request-Method
X-Mrf-Section-Lastmod
MRF-Tech
Mrf-Cache-Status
X-Mrf-Item-Lastmod
X-Kinsta-Cache
X-IPLB-Instance
X-Goog-Metageneration
X-Server-ID
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Acc-Meta-Resource-Type
X-B
X-Cache-Hit
X-FastCGI-Cache
X-Vcap-Request-Id
X-Logged-In
X-Debug
X-NewRelic-App-Data
X-SS-Set-Cookie
X-Wix-Server-Artifact-Id
X-Ser
Service-Worker-Allowed
Tracecode
S
X-XRDS-Location
X-MSEdge-Ref
Server-Name
Fastly-Restarts
X-Country-Code-Real
X-FTR-Backend-Server
X-FTR-Backend
X-FTR-Balancer
X-FTR-Cache-Status
X-FTR-DC
X-FTR-Realm
X-Frontend
X-PressLabs-Stats
X-Cache-Key
X-FTR-Expires
AMP-Access-Control-Allow-Source-Origin
X-Accel-Buffering
Rt-Fastcgi-Cache
X-Forwarded-For
Surrogate-Key
Fastcgi-Cache
Eomportal-Instance
Alternate-Protocol
X-HS-Content-Id
AR-SID
X-Cache-Rule
X-HS-Hub-Id
Host
Cleartype
X-Srv
FilterID
X-Revision
X-Rid
X-Analytics
Backend-Timing
Cache-Status
Front-End-Https
TP-L2-Cache
X-XRDS-LOCATION
X-User-Agent
TP-Cache
X-FTR-Cache-Host
Public-Key-Pins-Report-Only
X-Iejgwucgyu
X-Debug-Info
X-Akam-SW-Version
X-Whom
X-Mobile
ServerID
Accept-Charset
X-HeyJason
X-Do-Not-Hack
X-Varnish-Backend
Permitted-Cross-Domain-Policies
X-AOL-HN
X-Cache-2
X-Webkit-CSP
X-Cdn
X-TA-CDN-Provider
X-Request-Processing-Time
X-Request-Received
X-Zen-Fury
X-Kinja-Server-Push
X-Via-JSL
X-Correlation-Id
X-Content-Powered-By
X-Cached-By
X-NWS-LOG-UUID
X-WPE-Loopback-Upstream-Addr
X-GUploader-UploadID
X-RateLimit-Remaining
X-Oneagent-Js-Injection
X-Ttl
X-App-Environment
X-LB-Cache
X-Tumblr-Pixel-0
X-Tumblr-User
X-Cluster
Host-Header
X-Magnolia-Registration
Viewport
X-Tumblr-Pixel
X-Varnish-Hostname
X-Page-Id
X-Device-Type
X-TT
X-Request-Guid
X-Framework
X-Akamai-Edgescape
X-VCache
X-Cache-Control
X-Node-Name
X-Middleton-Display
X-Signature
X-Content-Security-Policy-Report-Only
X-Sol
X-B-Cache
Display
Upgrade-Insecure-Requests
X-Handled-By
Liferay-Portal
Cache-Tag
DC
X-FB-Debug
X-B3-Sampled
X-Instance
X-Platform-Server
X-BCube-Filmed-By
X-Amzn-Trace-Id
X-Cache-Server
MicrosoftSharePointTeamServices
Server-Node
X-Hostname
X-TT-TIMESTAMP
X-Origin-Server
X-Webkit-Csp
X-Accel-Expires
Source
Retry-After
X-Fastcgi-Cache
X-WA-Info
X-Varnish-Server
X-Servedby
X-Contextid
X-Distil-CS
X-B3-Traceid
HitInfo
Server-Info
HitType
X-Seen-By
X-Cache-Action
X-Wix-Request-Id
Content-Script-Type
Content-Style-Type
X-Edge-Location
X-GeoIP
X-Amz-Replication-Status
X-Cache-Operation
X-S
SRV
X-ATG-Version
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-Generated-By
X-WebKit-CSP-Report-Only
X-Jobs
X-Status
X-Locale
User-Agent
Webserver
Actual-Object-TTL
Response
X-Middleton-Response
GEO-INFO
X-Edge-Cache
X-Region
AsisCache
X-Response-Served-From
X-RequestSource
X-Edge-Cache-Key
Refresh
X-UUID
X-Drupal-Cache-Tags
X-Adobe-Content
ServedBy
X-FW-Hash
X-FW-Serve
X-FW-Type
X-FW-Static
X-FW-Server
X-TX-ID
X-Adobe-Loc
X-Varnish-Hits
X-Cache-NE
X-Yottaa-Metrics
X-Yottaa-Optimizations
Healthy
X-Port
X-Hyper-Cache
X-Geo-Country
X-Cache-TTL-Remaining
X-DataStream-Cache-Status
X-Cache-Age
X-APP-VERSION
Payment
X-Esi
S-Cnection
IBM-Web2-Location
X-Content-Type
Datacenter
X-Amz-Server-Side-Encryption
X-Varnish-Grace
Country
Edge-Cache-Tag
X-Daa-Tunnel
Filters
X-Newrelic-App-Data
X-HS-Cache-Config
X-UA
NGB
X-Az
HostName
X-Activity-Id
X-AppVersion
Powered-By-ChinaCache
Served-By
X-Pc-Hit
X-Pc-Key
X-Pc-Appver
X-Sucuri-ID
X-Varnish-IP
X-Cache-Remote
X-Cacheable-TTL
X-App-Server
X-HS-Combine-CSS
X-Cache-TTL
X-Mrs-Cache
X-Mshield-Cache-Status
X-Mrs-Age
X-Mrs-Cache-Hits
X-Akamai-Transformed
X-Rule
X-Detected-As
X-Cache-Var-Map
X-ProcessESI
Meta-Geo
Load-Balancing
Machine
X-Is-Bot
X-RemovedCookies
X-Cache-Var
X-Rendered-As
X-RN-RSRV
X-Rocket-Nginx-Bypass
X-FC-Vary-Parameters
X-Proxy
X-Vg-Webcache
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
User-Cache-Control
X-Mode
DB-Nickname
X-Hosted-By
X-Cache-Category-Id
X-BYPASS-REASON
Cache-Name
X-ServerID
X-ProxyCache-Key
Access-Control-Allow-Method
X-ProxyCache-Status
X-Grey
Backend
X-CDN-Cache
X-EIG-Tracking-Id
X-Generated
X-Hit
X-BB-IP
ServerName
X-Varnish-Cache-Hits
Mn-Server-Ip
Now
OT-Force-Account-Verify
X-JoinUs
X-Loop
X-PCL
X-Tb
X-TNCMS
X-Varnish-Cacheable
X-OVcl-Cache
X-OVcl
X-OCL
X-Origin
X-Original-Request
X-Proxied
X-Site-Version
X-Agile
Selected-FE
X-Agile-Age
X-Agile-Id
X-Cache-Config
X-ApacheServer
L5d-Success-Class
Azure-Version
Azure-InstanceId
Access-Control-Request-Headers
Azure-RegionName
Azure-SiteName
Azure-SlotName
X-Environment-Context
X-Human
X-Upgrade-Enabled
X-TWH-CORRELATION-ID
X-Viewer-Country
X-Www-Served-By
X-Upstream-HT
X-Upstream-CT
X-Timing-Wait
X-Pubstack
X-L-Path
X-IP
X-NGENIX-Cache
X-PERF
X-Proxy-Build
X-Source
X-Via-Fastly
X-CDN-Forward
X-AWS-Id
X-App-Name
TWC-Connection-Speed
X-Origin-Hint
X-Origin-CC
X-Ocache
X-NodeID
X-CCM
Webcakes-App-Name
X-Debug-Cache
X-LJ-Flow-ID
Property-Id
Webcakes-App-Version
Cache-Key
Webcakes-Region
TWC-Locale-Group
TWC-Privacy
X-Amz-Meta-Surrogate-Control
TWC-GeoIP-LatLong
X-VWS-Id
TWC-Device-Class
X-SplitTest
TWC-GeoIP-Country
X-Drupal-Cache-Contexts
From-Origin
X-Access
X-Format
Cache
X-Zipkin-Id
X-Section
X-Routing-Service
S-Rt
Fastcgi-X-Cache-Version
X-Amz-Apigw-Id
X-Amzn-RequestId
X-HOST
Fastcgi-Useragent
X-App-Version
Fastcgi-X-Cache
X-Xfnlog-Site
X-URL
X-Nginx-Cache
Pagespeed
X-Backend-Name
X-Unique-ID
Fastly-SSL
X-Forwarded-Host
X-Akamai-Request-ID
LB
X-Correlation-ID
X-Storage
NtCoent-Length
X-Litespeed-Cache
Ar-Sid
X-Vgn-Hpd-Reason
X-Guploader-Uploadid
X-Pc-Host
X-Dynatrace-Js-Agent
ViewerVersion
X-Ms-Request-Id
X-Pc-Date
X-Ms-Version
X-Ms-Lease-Status
X-RateLimit-Limit
X-Amz-Cf-Pop
X-Ms-Blob-Type
X-Qnm-Cache
X-M-Reqid
X-Birta-Served
X-Varnish-Beresp-Status
X-Birta-Cache-Post
X-Varnish-Beresp-Grace
X-M-Log
X-Feature
AR-Request-ID
X-Time-Microsecs
X-VG-TLSProxy
X-NCache
X-Labrador-Cache-Channel
X-Real-Ip
X-B3-TraceId
X-Internal-Host
X-Cluster-Node
X-Release
X-Microcachable
X-Distributor
Xserver
Time
X-Real-IP
X-EdgeConnect-Cache-Status
X-Ruxit-Js-Agent
WZWS-RAY
X-B3-Spanid
PageSpeed
X-Powered-By-ANYU
CACHE
X-Sucuri-Cache
X-Cache-Enabled
X-Request-Time
X-CF-Lambda-Version
Ajk
X-CUA
AKAMAI
X-Generated-In
X-ScT
X-G
Server-Int
Fly-Request-Id
ProcessTime
Arc-Country
X-Org
Fly-Cache
X-NU-AKA-ACS-Version
X-Generation-Time
X-CF-Lambda-Fn
X-DPWN-IS-SECURE
X-Store
X-Dispatcher-Server
X-Died
X-IN-SSL-APIGATEWAY
X-IN-WAF
X-Irp-Debug
Cache-Prefix
X-Web-Node
Ec-Rule-Version
X-Date
X-D
X-Logtrace-Id
X-Server-By
X-Developer
X-Destination
X-IN-APIGATEWAY
X-No-Session
X-Rojux
X-A-Dcw
X-S-Cookie
NGX
T-Server
X-A-Dam
X-Rewrite-Enabled
X-WebServer
X-Varnish-Beresp-Ttl
X-Accel-Expires-Debug
X-A-Wwc
X-A-Dgt
X-A-Ccd
X-A
X-Via-CDN
V-Age
X-Cache-Backend
REQUESTUUID
X-Via-Edge
X-Via-SSL
X-Region-Sid
X-Trv-Group
Www
X-Redis-Cache
Rendered-Blocks
Meta-Geo-Continent
Mobile-Detection-Method
X-Server-Time
X-ARC
X-From
X-B-Cookie
X-BB-ID
MD5-Digest
Xc-Version
X-SIPLIST1
X-Application
X-SRCache-Key
X-UE-Client-Country
X-PAYTM-SRV-ID
X-Request-UUID
IsBot
X-Cache-Bucket
X-ShardId
X-Shopify-Stage
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-ShopId
X-Alternate-Cache-Key
X-SERVER-NAME
BehaviorPad-Version
X-Crawler
Frame-Options
X-Fastly-Cache
X-Amz-Meta-Cache-Control
GMS-Ver
X-Cache-CFC
Magicmarker
X-Connection-Hash
X-External-Request-Id
X-Block-Status
X-CS
Country-Code
Origin-Cache-Control
Web-Mar-Node
NodeID
SN
Release
Pragrma
Viewtype
VivaBuild
Origin-Edge-Control
X-Key
X-We-Are-Hiring
X-S-Maxage
X-Transaction
X-Owner
X-Origin-TTL
X-VCT
X-Node-Id
X-RateLimit-Remaining-Second
X-Varnish-Action
Server-Host
X-Policy
X-Phone
X-RateLimit-Limit-Second
X-Twitter-Response-Tags
X-UnsetCookies
X-Newrelic-Synthetics
X-VG-WebServer
X-Dc
X-Hl-Ver
X-Hash
X-GeoIP-City
X-Gen-Mode
X-Layer
X-Hnp-Log
X-Nc
X-FireWall-Port
X-Webstats-RespID
X-ElasticPress-Search
X-Endurance-Cache-Level
X-Returned-From-DLL
Uber-Trace-Id
X-Returned-From-PostProcessResponse
X-Stale
Thinkindot-Control
X-Swa-Ws
X-Wikidot-Backend
X-VServer
X-Tumblr-Pixel-3
X-Reboot
X-Returned-From
Thinkindot-CacheControl-Type
X-Thinkindot-L3
X-Request-URI
X-RCS-CacheZone
X-Returned-From-BeforeDispatch
X-TT-LOGID
X-Response-By
Thinkindot-CacheControl
X-Actual-URL
X-Passed-To-DLL
X-Nginx-Cache-Key
X-MI-In-Market
X-Matched-Rule
X-NX-Host
X-Croise-Owner
X-Core-Mission
X-Core-Value
X-Debug-Cookies
X-Debug-Log
X-F5-Cache
X-Fetched-On
X-Eu-Site
X-HTML-Minification-Powered-By
X-Location
X-Instance-Name
X-Var-Ttl
X-CGP
X-Backend-TTL
X-Backend-Url
X-Backend-Host
X-Wikidot-Static-Cache
X-Passed-To-PostProcessResponse
X-Sf
X-FW-Version
X-Variation
X-Passed-To-BeforeDispatch
X-Passed-To
X-Cache-URL
X-Cache-Srv
X-Server-IP
X-Cache-Expires
X-Platform
Proxy-Connection
MI-Cache-Age
MI-Cache
MI-API
Odigeo-Trace-Id
HA-Geolon
HA-Ipaddr
Adler-Geo
HA-Georegion
Kp-EeAlive
Heartbleed
HA-Urlpath
HA-Servedtime
Backend-Name
HA-Host
Ha-Gx-Prefs
Is-Eu
X-UA-Device-Type
HA-Geolat
HA-Geocity
Request-Country
Request-EU
X-NC
HA-Cloudapp
X-GZip
Cneonction
Esi-Enabled
HA-Geocountry
Platform
X-Ezoic-Cdn
X-C
Fastly-Backend-Name
X-Device-Os
Cache-Cookie-Set-Idcheck
Content-Disposition
Decoy-Debug-Status
Decoy-Debug-Key
X-Developers
Countrycode
X-Epic-Correlation-Id
Decoy-Debug-TTL
Apple-News-Services-Host
X-Trace-Id
X-MSEdge-Flight
X-MSEdge-Features
X-Sn-Servicetimems
X-ServiceProvider
Server-ID
X-Secret
X-TIME
X-Up
X-GeoIP-Country-Code
Apple-News-Services-Parsed-Url
X-Fstrz
Apple-News-Services-Request-Url
Resin-Trace
X-Gannett-Site-Version
X-Worker
Apple-News-Services-Handled
Cache-Cookie-Set-From
CDCHOST
Cache-Cookie-Set-Lfrom
X-Backend-State
X-Ckpd-Fst-Backend
X-Cdn-Origin
Origin
X-Cache-Host
X-Clientip
True-Client-Country-4JS
HTTPS
Powered
On-Server
Section-Io-Cache
Pagetype
Cache-Tags
RNT-Machine
X-Rebelmouse-Cache-Control
X-Skip-Cache
X-V
X-Rebelmouse-Surrogate-Control
RNT-Time
X-NWS-UUID-VERIFY
X-Cdn-Srv
X-Surge-Debug
Warning
X-Content-Age
Fastly-SIE
Fastly-SWR
X-GEO
X-CACHE-AGE
X-Servername
RequestId
Host-ID
X-Alicdn-Da-Ups-Status
XServer
X-Proto
X-Ua
X-Req
X-Aed
MIME-Version
X-Edge-IP
X-Ratelimit-Limit
Pramga
Request-Time
X-Refresh
X-Csrf-Token
We-Hiring
Mail-Subject
X-Pf-Uncompressing
PFcat
Sid
Cteonnt-Length
X-Cdn-Forward
X-Pjax-Url
X-PHP-Backend
X-Ms-Lease-State
TSSecure
Cdn
X-Hello
X-ABtesting
X-Page-Type
X-Server-W
CF-IPCountry
X-Flog
X-Varnish-Ttl
Mime-Version
WP-Super-Cache
X-Varnish-Url
X-Planisys-CDN-Cache
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-CLOUD-TRACE-CONTEXT
X-Atg-Version
X-COUNTRY
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Auto-Login
X-Oss-Request-Id
X-Servedbyhost
X-Oss-Storage-Class
X-Oss-Server-Time
X-Time
X-Unique-Id
X-Geo
FSS-Proxy
X-CSRF-Token
CDN
X-Cache-ASPX
X-Aicache-OS
GeoIp-Country-Code
Dnion-Transfer-Encoding
Geoip-Latitude
FSS-Cache
X-DC
PageType
X-Oracle-Dms-Ecid
X-DataStream-Origin-MEX-Latency
Lfy
X-WA
X-DataStream-MidMile-RTT
X-Ratelimit-Remaining
X-Akamai-Request-ID2
X-GoCache-CacheStatus
X-Varnish-Beresp-TTL
Rt-Proxy-Cache
A
X-Sentry-ID
MS-CV
X-Datadome
X-EC-Security-Audit
X-GRACE
NnCoection
X-Origin-Expires
X-Thanos
X-Origin-Date
X-Bip
X-Cache-Id
X-MP-GENERATED-AT
Memcached
X-Via-NSCOPI
X-Served-From
X-Check-Cacheable
NODE
Node
X-Varnish-HitMiss
X-CACHE-KEY
X-APP
X-HCF
X-Cache-Info
X-Cache-Control-Set-By
X-Be
Hostname
X-Request-Start
X-Proxy-Server
X-Vcache
SD-X-WS
X-Wa
X-Nananana
X-Use-Magma
X-Server-Group
WWW-Authenticate
X-UPSTREAM-Address
GeoIP-Latitude
GeoIP-Country-Code
Memory
X-NODE
GW-Server
UCS
GeoIP-City
X-ServedByHost
Geoip-City
X-Fastly-Cache-Hits
X-SRV
X-Cookie
X-Varnish-URL
PICS-Label
X-PAGE-TYPE
X-User
Cache-Hits
X-Wix-Route-ID
X-RTag
X-From-Cache
Processtime
Cf-Ipcountry
Accept-Language
X-GDPR
X-Gen-Id
X-WR-MODIFICATION
DataCenter
X-Load-Cache
Cdn-Request-Time
Cdn-Host
X-Gdpr
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Edge-Server
X-Fastly-Backend-Reqs
X-FORWARDED-FOR
X-HS-Status
Amp-Access-Control-Allow-Source-Origin
Ms-Operation-Id
Locale
X-BBXSRF
X-Cache-Debug
X-Swift-Error
X-LI-Proto
Pics-Label
X-Urbn-Site-Id
X-Path-Route
COMMERCE-SERVER-SOFTWARE
X-LI-UUID
X-Urbn-Context-Path
X-Li-Fabric
X-Li-Pop
X-PJAX-URL
X-VG-WebCache
Dont-Set-Cookie
X-B3-SpanId
X-Info
X-Cache-Ttl
X-Optimization
X-RateLimit-Reset
V-Cache
X-CDN-Pop-IP
X-Dw-Trace-Id
SS
X-CDN-Pop
X-Cache-HT
Group
X-Env
Get-Access-Time
Lb
Is-Session-Tracking
X-Fe
X-PF-Uncompressing
X-ID
NX-Cache
Fastly-Soc-X-Request-Id
X-P-T
X-Qloud-Router
Who
X-Bug-Bounty
Requestid
X-Content-Encoded-By
X-GZIP
URI
Serverid
X-NGINX-Cache
X-SN
CDN-Cache
X-Varnish-Info
CDN-Node
X-Cache-FS-Status
X-CacheKey
X-Ver
AGE-Hash
X-ServerName
CDN-Cache-Hit
Xet-Cookie
SID
X-Ibm-Trace
X-Grace-Duration
X-VC
X-Serial
X-SB
X-CSRF-TOKEN
X-Meta-Tbi-Cache-Vertical
X-Akamai-SSL-Client-Sid
X-RequestId
X-Shard
X-Flags
X-Is-Crawler
X-Providence-Cookie
X-Route-Name
X-Akamai-ERPolicy
X-Akamai-ERRuleID
Https
X-Litespeed-Cache-Control
Ws
N-Cache