Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
Last-Modified
Accept-Ranges
Pragma
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
Expect-CT
Via
X-XSS-Protection
X-Cache
Age
Access-Control-Allow-Origin
Content-Security-Policy
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Served-By
X-Amz-Cf-Id
X-Varnish
Referrer-Policy
X-Xss-Protection
X-Timer
CF-Cache-Status
X-FRAME-OPTIONS
Access-Control-Allow-Headers
X-AspNet-Version
X-Request-Id
Access-Control-Allow-Methods
X-Runtime
X-Download-Options
Access-Control-Allow-Credentials
X-Drupal-Cache
X-Cacheable
Alt-Svc
X-Request-ID
X-Generator
Content-Security-Policy-Report-Only
X-Check
X-AspNetMvc-Version
Status
X-Adblock-Key
X-Cache-Status
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Iinfo
X-Permitted-Cross-Domain-Policies
X-Template
X-Language
Content-Encoding
X-Content-Security-Policy
X-Turbo-Charged-By
X-CDN
X-Type
X-Buckets
Keep-Alive
Xkey
X-AH-Environment
X-Backend
WPE-Backend
Access-Control-Max-Age
X-Pass-Why
X-Age
X-Cache-Group
CF-Ray
Upgrade
X-Server
X-POWERED-BY
EagleId
Access-Control-Expose-Headers
X-Via
X-Nginx-Cache-Status
X-Server-Powered-By
X-Drupal-Dynamic-Cache
X-Pingback
X-Varnish-Cache
X-Amz-Request-Id
X-Amz-Id-2
Grace
X-Hacker
X-Swift-CacheTime
X-Swift-SaveTime
X-UA-Device
X-Robots-Tag
Ali-Swift-Global-Savetime
Cf-Railgun
P3p
X-LiteSpeed-Cache
X-Proxy-Cache
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Ua-Compatible
Request-Context
Content-Location
X-Device
X-Ac
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Cnection
X-Node
X-Amz-Version-Id
X-Host
X-Server-Id
X-Cache-Lookup
Surrogate-Control
X-WebKit-CSP
X-Backend-Server
X-Rq
X-Rack-Cache
X-Response-Time
X-Readtime
X-Application-Context
EagleEye-TraceId
X-CST
Server-Timing
Pinterest-Generated-By
X-Cloud-Trace-Context
X-Url
X-TTL
X-OneAgent-JS-Injection
Request-Id
Report-To
X-Instart-Request-ID
X-Country
X-Px
X-ORACLE-DMS-ECID
X-Clacks-Overhead
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Feature-Policy
Edge-Control
Rating
X-Country-Code
Allow
X-DynaTrace-JS-Agent
X-ESI
X-DataDome
X-Powered-CMS
X-TtlSet
X-PC
X-Vname
Charset
X-Server-Name
X-Dns-Prefetch-Control
X-FTR-Request-ID
X-Origin-Cache
X-DynaTrace
NEL
X-MS-InvokeApp
X-Cached
X-Goog-Hash
X-Recruiting
X-Vhost
X-Varnish-TTL
X-VARITI-CCR
X-GitHub-Request-Id
X-ORACLE-DMS-RID
RTSS
Content-MD5
X-Version
X-F-Cache
X-Exp-Variant
X-Exp-Id
X-Cdn-Fetch
X-Kinja-Revision
X-Geo-Segment
X-Kinja-Server
X-Kinja-Build
X-GoogleNews-Bot
X-Kinja
X-Powered-By-Plesk
Accept-CH
PB-RID
PB-PID
Public-Key-Pins
Arc-Version
X-Mobile-Rewrite
X-D2id
X-Mod-Pagespeed
Pinterest-Version
X-Upstream-Env
X-Pinterest-Rid
Verso
MS-Author-Via
X-Client-IP
X-Abt-Application-Version
SPRequestGuid
X-Dispatcher
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-N
X-CF-Powered-By
X-SharePointHealthScore
X-Amz-Rid
Accept-CH-Lifetime
X-Navigation-Version
Nginx-Cache
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Dw-Request-Base-Id
AR-ATIME
AR-PoweredBy
X-Fastly-Request-ID
X-Trace
DynaTrace
X-T
AR-CACHE
Paypal-Debug-Id
X-Upstream
X-Hits
X-Varnish-Age
X-Forwarded-Proto
X-Grace
X-DIS-Request-ID
Arr-Disable-Session-Affinity
TCN
X-Origin-Upstream-Status
X-Ruxit-JS-Agent
X-Id
X-Amz-Meta-S3cmd-Attrs
SPIisLatency
SPRequestDuration
X-Pad
X-Shield-Request-Id
X-Content-Options
X-Content-Digest
Realpath
X-NF-Request-ID
X-Kinsta-Cache
X-FastCGI-Cache
X-Cache-Hit
Access-Control-Request-Method
X-IPLB-Instance
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
MRF-Tech
Mrf-Cache-Status
X-Logged-In
X-Acc-Meta-Resource-Type
X-B
AR-SID
X-HW
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
Permitted-Cross-Domain-Policies
X-HeyJason
X-Goog-Metageneration
X-Server-ID
X-Do-Not-Hack
X-Goog-Generation
X-Goog-Storage-Class
X-Vcap-Request-Id
X-SS-Set-Cookie
X-Debug
S
Service-Worker-Allowed
X-Ser
X-Wix-Server-Artifact-Id
X-MSEdge-Ref
X-XRDS-Location
Tracecode
Server-Name
X-Cache-Key
X-PressLabs-Stats
X-Country-Code-Real
X-Frontend
X-FTR-DC
X-FTR-Realm
X-FTR-Backend
X-FTR-Cache-Status
X-FTR-Balancer
X-FTR-Backend-Server
X-NewRelic-App-Data
AMP-Access-Control-Allow-Source-Origin
X-FTR-Expires
X-Oneagent-Js-Injection
Rt-Fastcgi-Cache
X-Webkit-CSP
Surrogate-Key
X-Forwarded-For
Fastcgi-Cache
Fastly-Restarts
X-Oracle-Dms-Rid
Eomportal-Instance
Alternate-Protocol
X-GUploader-UploadID
X-Cache-Rule
Cache-Status
Cleartype
X-Analytics
Backend-Timing
X-Srv
Host
X-Accel-Buffering
X-HS-Hub-Id
X-RateLimit-Remaining
TP-Cache
TP-L2-Cache
X-HS-Content-Id
X-Rid
X-Revision
Public-Key-Pins-Report-Only
X-Whom
X-FTR-Cache-Host
X-XRDS-LOCATION
X-VCache
X-User-Agent
X-Debug-Info
FilterID
X-Akam-SW-Version
X-TA-CDN-Provider
ServerID
X-AOL-HN
X-Varnish-Backend
X-NWS-LOG-UUID
X-Cache-2
Front-End-Https
X-Mobile
X-Via-JSL
Accept-Charset
X-Content-Powered-By
X-Request-Received
X-Request-Processing-Time
X-Cdn
X-Zen-Fury
X-WPE-Loopback-Upstream-Addr
X-Kinja-Server-Push
X-Cached-By
Viewport
X-Node-Name
X-App-Environment
X-Ttl
X-LB-Cache
X-Correlation-Id
X-B3-Traceid
X-Tumblr-Pixel-0
X-Page-Id
X-Tumblr-Pixel
X-Cluster
X-Tumblr-User
Host-Header
X-Varnish-Hostname
X-Magnolia-Registration
Liferay-Portal
X-Akamai-Edgescape
X-Device-Type
X-Framework
X-Request-Guid
X-Cache-Control
X-Handled-By
X-TT
X-Signature
X-Platform-Server
X-FB-Debug
X-B3-Sampled
X-BCube-Filmed-By
X-Content-Security-Policy-Report-Only
Upgrade-Insecure-Requests
X-B-Cache
X-Instance
DC
Cache-Tag
X-Cache-Server
X-Hostname
X-Origin-Server
Server-Node
MicrosoftSharePointTeamServices
X-TT-TIMESTAMP
X-Amzn-Trace-Id
Display
X-Middleton-Display
X-Sol
Source
X-Accel-Expires
Retry-After
X-APP-VERSION
X-Varnish-Server
X-Fastcgi-Cache
X-Contextid
X-Servedby
X-WA-Info
Server-Info
HitInfo
HitType
X-Distil-CS
X-Cache-Action
X-Iejgwucgyu
X-Cache-Operation
X-Wix-Request-Id
Content-Script-Type
Content-Style-Type
X-Seen-By
Webserver
X-Amz-Replication-Status
X-GeoIP
User-Agent
X-Port
X-Tumblr-Pixel-1
X-RequestSource
X-S
X-Tumblr-Pixel-2
X-WebKit-CSP-Report-Only
GEO-INFO
X-Jobs
X-Locale
X-Status
X-Edge-Location
Actual-Object-TTL
X-Generated-By
X-Region
X-UUID
X-FW-Serve
X-FW-Server
X-FW-Static
X-FW-Type
X-FW-Hash
X-Edge-Cache-Key
X-Response-Served-From
X-Edge-Cache
AsisCache
SRV
ServedBy
X-Drupal-Cache-Tags
X-Adobe-Content
X-Adobe-Loc
X-TX-ID
Healthy
X-Varnish-Hits
X-Geo-Country
X-Hyper-Cache
X-ATG-Version
Refresh
X-Yottaa-Metrics
X-Daa-Tunnel
X-Yottaa-Optimizations
X-DataStream-Cache-Status
X-Newrelic-App-Data
X-Cache-NE
Response
X-Middleton-Response
X-Cache-TTL-Remaining
X-Varnish-Grace
IBM-Web2-Location
Payment
S-Cnection
X-Esi
Filters
X-CDN-Forward
X-Amz-Server-Side-Encryption
X-Cache-Age
NGB
X-URL
X-Content-Type
X-Activity-Id
X-AppVersion
X-Az
X-Pc-Key
X-Proxied
X-Pc-Hit
X-Pc-Appver
X-UA
X-Vg-Webcache
Datacenter
Country
X-Cacheable-TTL
X-Cache-Remote
X-Cache-TTL
X-App-Server
Served-By
Edge-Cache-Tag
X-HS-Cache-Config
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Varnish-IP
X-Mode
X-Sucuri-ID
X-Akamai-Transformed
X-Cache-Var-Map
X-Rendered-As
X-Detected-As
X-Is-Bot
X-RN-RSRV
Machine
Meta-Geo
X-Cache-Var
X-RemovedCookies
X-ProcessESI
Load-Balancing
X-HS-Combine-CSS
X-Unique-ID
X-FC-Vary-Parameters
X-Proxy
X-Rocket-Nginx-Bypass
X-Rule
Pagespeed
Mn-Server-Ip
X-Cache-Category-Id
Webcakes-App-Version
Webcakes-App-Name
User-Cache-Control
X-Grey
X-Varnish-Cacheable
X-Amz-Meta-Surrogate-Control
Webcakes-Region
X-BYPASS-REASON
Property-Id
X-OCL
Access-Control-Allow-Method
X-Hosted-By
Cache-Name
X-Origin
X-Origin-Hint
X-ProxyCache-Status
X-PCL
X-Varnish-Cache-Hits
TWC-Device-Class
TWC-GeoIP-Country
X-ProxyCache-Key
X-Human
X-ServerID
TWC-Connection-Speed
TWC-Privacy
TWC-GeoIP-LatLong
DB-Nickname
TWC-Locale-Group
X-Tb
Backend
AR-Request-ID
X-BB-IP
X-Access
X-CDN-Cache
ServerName
X-Debug-Cache
Powered-By-ChinaCache
S-Rt
Azure-SiteName
Azure-RegionName
Azure-SlotName
Azure-Version
Now
L5d-Success-Class
X-EIG-Tracking-Id
X-Generated
X-Routing-Service
X-OVcl-Cache
X-Section
X-Site-Version
X-Zipkin-Id
X-TNCMS
X-OVcl
X-Original-Request
X-Hit
Azure-InstanceId
X-JoinUs
X-Loop
X-NodeID
X-Format
X-Upgrade-Enabled
X-SplitTest
X-Agile
X-Agile-Age
X-Agile-Id
X-L-Path
X-Via-Fastly
X-Www-Served-By
X-VWS-Id
X-Viewer-Country
X-ApacheServer
X-App-Name
X-Environment-Context
X-NGENIX-Cache
X-IP
X-Ruxit-Js-Agent
X-PERF
X-AWS-Id
X-Pubstack
X-Cache-Config
OT-Force-Account-Verify
X-TWH-CORRELATION-ID
Access-Control-Request-Headers
Cache-Key
X-LJ-Flow-ID
X-Ocache
X-Drupal-Cache-Contexts
X-Origin-CC
HostName
X-CCM
Cache
X-Backend-Name
X-Correlation-ID
X-Real-IP
X-Mrs-Cache
X-Mrs-Cache-Hits
X-RateLimit-Limit
X-Upstream-CT
X-Timing-Wait
X-Upstream-HT
X-Source
X-Mshield-Cache-Status
X-HOST
Fastcgi-Useragent
X-Mrs-Age
Selected-FE
Fastcgi-X-Cache
X-Proxy-Build
Fastcgi-X-Cache-Version
X-Xfnlog-Site
X-Nginx-Cache
X-Akamai-Request-ID
X-Pc-Host
X-Storage
From-Origin
X-Pc-Date
X-Amz-Apigw-Id
X-Vgn-Hpd-Reason
X-Amzn-RequestId
X-Litespeed-Cache
X-Forwarded-Host
Fastly-SSL
X-Time-Microsecs
X-NCache
X-Feature
X-NC
X-M-Reqid
LB
X-M-Log
X-Internal-Host
X-Qnm-Cache
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-Ms-Lease-Status
X-Ms-Request-Id
X-Ms-Version
X-Ms-Blob-Type
NtCoent-Length
X-Release
X-Birta-Cache-Post
X-Distributor
X-Birta-Served
X-Labrador-Cache-Channel
X-Microcachable
X-UA-Device-Type
XServer
X-VG-TLSProxy
X-EdgeConnect-Cache-Status
Pagetype
X-Webkit-Csp
X-Transaction
Time
X-Twitter-Response-Tags
X-B3-Spanid
X-Connection-Hash
X-Cache-Backend
X-CACHE-GROUP
ViewerVersion
Frame-Options
X-Powered-By-ANYU
WZWS-RAY
X-Server-Time
X-Application
AKAMAI
X-ARC
Ajk
X-Generated-In
X-Accel-Expires-Debug
BehaviorPad-Version
X-ScT
Cache-Prefix
X-Via-CDN
X-VG-WebServer
X-Server-By
X-Generation-Time
Arc-Country
X-G
X-Redis-Cache
Rendered-Blocks
X-Irp-Debug
X-IN-WAF
X-UE-Client-Country
X-Cache-Bucket
X-Logtrace-Id
X-CF-Lambda-Fn
X-BB-ID
X-No-Session
Cneonction
X-B-Cookie
X-From
X-SRCache-Key
X-Org
X-IN-APIGATEWAY
X-NU-AKA-ACS-Version
X-IN-SSL-APIGATEWAY
X-SIPLIST1
V-Age
Www
X-Date
Xc-Version
X-Request-UUID
Fly-Request-Id
Fly-Cache
X-Developer
X-Destination
X-A
X-D
VivaBuild
IsBot
X-Region-Sid
X-CF-Lambda-Version
Viewtype
MD5-Digest
X-CUA
Meta-Geo-Continent
X-WebServer
X-Trv-Group
X-C
X-Rewrite-Enabled
X-A-Wwc
X-Via-Edge
X-A-Dgt
X-DPWN-IS-SECURE
Mobile-Detection-Method
X-S-Cookie
X-Rojux
NGX
X-A-Ccd
X-Dispatcher-Server
X-A-Dam
X-Died
T-Server
X-Via-SSL
Server-Int
Ec-Rule-Version
X-A-Dcw
X-PAYTM-SRV-ID
X-Request-Time
X-Sucuri-Cache
X-Cluster-Node
X-PHP-Backend
X-SERVER-NAME
MIME-Version
X-FireWall-Port
X-NWS-UUID-VERIFY
X-Web-Node
X-Instance-Name
X-GZip
Web-Mar-Node
X-Eu-Site
X-Wikidot-Static-Cache
X-VServer
GMS-Ver
SN
X-RateLimit-Remaining-Second
HA-Cloudapp
X-Phone
X-Platform
X-RateLimit-Limit-Second
Server-Host
Country-Code
HA-Geocountry
X-Crawler
X-We-Are-Hiring
X-CS
X-Core-Value
X-Wikidot-Backend
Magicmarker
X-CGP
HA-Urlpath
HA-Servedtime
HA-Geolon
HA-Geolat
X-External-Request-Id
HA-Georegion
Ha-Gx-Prefs
HA-Ipaddr
HA-Host
HA-Geocity
X-F5-Cache
X-Origin-TTL
X-Node-Id
X-Store
X-Hnp-Log
X-Hl-Ver
X-Cache-Enabled
Origin-Edge-Control
X-Varnish-Action
Release
X-Cache-CFC
X-Block-Status
Origin-Cache-Control
X-UnsetCookies
X-Layer
Pragrma
X-Key
X-GeoIP-City
X-Hash
Backend-Name
X-Owner
NodeID
X-S-Maxage
X-Gen-Mode
X-VCT
X-Fastly-Cache
X-Amz-Meta-Cache-Control
X-App-Version
CACHE
X-Webstats-RespID
X-V
X-Backend-Url
X-Backend-TTL
X-Backend-State
X-Backend-Host
X-Cdn-Srv
X-Cache-URL
X-Cache-Expires
X-Actual-URL
X-Cache-Srv
X-HTML-Minification-Powered-By
X-Secret
X-Returned-From-PostProcessResponse
X-Returned-From-DLL
REQUESTUUID
X-Server-IP
X-Passed-To
X-Stale
X-Up
X-Sf
X-Policy
X-Passed-To-BeforeDispatch
X-Response-By
X-RCS-CacheZone
X-Reboot
X-Request-URI
X-Returned-From
X-Returned-From-BeforeDispatch
Powered
X-Passed-To-DLL
X-Passed-To-PostProcessResponse
X-NX-Host
X-Variation
X-Fetched-On
X-FW-Version
X-Gannett-Site-Version
X-GeoIP-Country-Code
X-Epic-Correlation-Id
X-Developers
X-Croise-Owner
X-Debug-Cookies
X-Debug-Log
X-Tumblr-Pixel-3
X-Location
X-Swa-Ws
X-MSEdge-Flight
X-Nginx-Cache-Key
X-Var-Ttl
X-Thinkindot-L3
X-MSEdge-Features
X-Matched-Rule
X-TT-LOGID
X-MI-In-Market
X-Core-Mission
Section-Io-Cache
Is-Eu
Platform
CDCHOST
Request-Country
Request-EU
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Origin
Odigeo-Trace-Id
Kp-EeAlive
Heartbleed
Host-ID
Esi-Enabled
MI-API
MI-Cache-Age
MI-Cache
Apple-News-Services-Host
Proxy-Connection
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
Apple-News-Services-Handled
X-Alternate-Cache-Key
Thinkindot-Control
X-ShardId
Uber-Trace-Id
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-ShopId
X-Shopify-Stage
Adler-Geo
X-CACHE-AGE
X-Sn-Servicetimems
X-Device-Os
X-ServiceProvider
X-Servername
X-Trace-Id
Fastly-Backend-Name
HTTPS
X-ElasticPress-Search
X-Varnish-Beresp-Ttl
X-Fstrz
Cache-Tags
X-Worker
Countrycode
Decoy-Debug-Status
Decoy-Debug-Key
Decoy-Debug-TTL
Content-Disposition
X-Alicdn-Da-Ups-Status
Resin-Trace
On-Server
X-Cache-Host
RNT-Machine
RNT-Time
True-Client-Country-4JS
Sid
X-Content-Age
X-Cdn-Origin
Server-ID
X-Clientip
X-Ckpd-Fst-Backend
PFcat
Request-Time
ProcessTime
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Skip-Cache
Fastly-SWR
X-Ezoic-Cdn
Fastly-SIE
X-Dc
X-TIME
Xserver
X-Endurance-Cache-Level
Warning
X-Real-Ip
Cache-Cookie-Set-From
RequestId
Cache-Cookie-Set-Lfrom
X-Pf-Uncompressing
Cache-Cookie-Set-Idcheck
X-Csrf-Token
Cteonnt-Length
Ar-Sid
X-Ua
CF-IPCountry
X-Proto
X-Newrelic-Synthetics
Mail-Subject
X-Surge-Debug
X-Req
We-Hiring
X-Refresh
X-Oss-Server-Time
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-Oss-Request-Id
WP-Super-Cache
X-Oss-Storage-Class
X-Servedbyhost
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
PageSpeed
CDN
X-Pjax-Url
X-Planisys-CDN-TTL
X-Guploader-Uploadid
X-Nc
X-B3-TraceId
X-Aed
X-GEO
X-Cache-ASPX
Pramga
Dnion-Transfer-Encoding
X-Varnish-Ttl
X-CSRF-Token
X-Geo
GeoIp-Country-Code
X-Edge-IP
Geoip-Latitude
X-GoCache-CacheStatus
TSSecure
X-Varnish-Beresp-TTL
X-DC
X-Atg-Version
Hostname
X-CLOUD-TRACE-CONTEXT
X-Time
X-Server-W
X-Ms-Lease-State
X-COUNTRY
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
X-ABtesting
X-Page-Type
X-Flog
X-Hello
NODE
X-Amz-Cf-Pop
NnCoection
X-Oracle-Dms-Ecid
X-Aicache-OS
X-Origin-Expires
X-Origin-Date
MS-CV
X-Ratelimit-Limit
X-HCF
A
X-Auto-Login
X-WA
Cdn
X-Varnish-HitMiss
Lfy
X-Varnish-Url
X-Cache-Control-Set-By
X-Akamai-Request-ID2
SD-X-WS
X-Datadome
FSS-Cache
FSS-Proxy
X-GRACE
X-Cdn-Forward
Mime-Version
X-Server-Group
WWW-Authenticate
Processtime
X-Via-NSCOPI
Rt-Proxy-Cache
Geoip-City
X-Varnish-URL
X-Wa
X-Unique-Id
X-Sentry-ID
Node
X-Check-Cacheable
X-PAGE-TYPE
X-UPSTREAM-Address
X-EC-Security-Audit
PICS-Label
X-Wix-Route-ID
PageType
X-Use-Magma
X-From-Cache
X-Bip
X-Thanos
Memcached
X-Cache-Id
X-APP
X-Served-From
X-NODE
X-Nananana
X-Edge-Server
X-RTag
GeoIP-Latitude
X-Be
Ms-Operation-Id
X-SRV
GeoIP-City
GeoIP-Country-Code
X-Cache-Info
Lb
X-Gdpr
Cdn-Host
X-MP-GENERATED-AT
Cdn-Request-Time
DataCenter
X-Gen-Id
X-CACHE-KEY
X-Request-Start
X-Proxy-Server
X-Cookie
Dont-Set-Cookie
X-Fastly-Backend-Reqs
X-GDPR
X-Fastly-Cache-Hits
Memory
COMMERCE-SERVER-SOFTWARE
X-Dynatrace-Js-Agent
X-Load-Cache
X-WR-MODIFICATION
GW-Server
X-Cache-HT
UCS
Is-Session-Tracking
X-Optimization
Get-Access-Time
X-Env
X-FORWARDED-FOR
X-PJAX-URL
Pics-Label
Who
X-User
X-Swift-Error
X-HS-Status
X-ServedByHost
X-Ver
X-B3-SpanId
Group
X-Cache-FS-Status
V-Cache
X-Cache-Ttl
X-RateLimit-Reset
Cache-Hits
X-Meta-Tbi-Cache-Vertical
Ws
X-NGINX-Cache
URI
X-Ibm-Trace
Accept-Language
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Fe
Cf-Ipcountry
X-Dw-Trace-Id
X-CDN-Pop-IP
X-CDN-Pop
Amp-Access-Control-Allow-Source-Origin
X-ID
X-Bug-Bounty
X-Urbn-Context-Path
X-Li-Pop
NX-Cache
X-Li-Fabric
X-LI-Proto
X-LI-UUID
Xet-Cookie
X-Urbn-Site-Id
X-Shard
X-SB
Locale
AGE-Hash
X-GZIP
X-VC
X-Cache-Debug
X-BBXSRF
Httpd-Identifier
Requestid
X-Content-Encoded-By
X-PF-Uncompressing
Serverid
X-CacheKey
X-Info
N-Cache
X-Wix-Petri-Ex
X-Ratelimit-Remaining
Powered-By
CDN-Node
CDN-Cache-Hit
X-Varnish-Info
X-SVT-ORM-RULES
CDN-Cache
X-SVT-ORM-VERSION
X-Serial
Https
X-Is-Crawler
X-Providence-Cookie
X-Flags
Ohc-File-Size
X-RequestId
X-Litespeed-Cache-Control
X-Route-Name
X-ServerName
X-Grace-Duration
X-StackifyID
X-Akamai-ERRuleID
X-Akamai-ERPolicy
X-Cache-Handler
Version