Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
Last-Modified
Accept-Ranges
Pragma
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
Expect-CT
Via
X-XSS-Protection
X-Cache
Age
Access-Control-Allow-Origin
Content-Security-Policy
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Served-By
X-Amz-Cf-Id
X-Varnish
Referrer-Policy
X-Xss-Protection
X-Timer
CF-Cache-Status
X-FRAME-OPTIONS
Access-Control-Allow-Headers
X-AspNet-Version
Access-Control-Allow-Methods
X-Request-Id
X-Runtime
X-Download-Options
Access-Control-Allow-Credentials
X-Drupal-Cache
X-Request-ID
X-Cacheable
Alt-Svc
X-Generator
Content-Security-Policy-Report-Only
X-Check
X-AspNetMvc-Version
X-Adblock-Key
Status
X-Cache-Status
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Template
X-Permitted-Cross-Domain-Policies
X-Language
X-Iinfo
Content-Encoding
X-Content-Security-Policy
X-Turbo-Charged-By
X-CDN
X-Buckets
X-Type
Keep-Alive
Xkey
X-AH-Environment
X-Cache-Group
WPE-Backend
X-Pass-Why
X-Backend
Access-Control-Max-Age
X-Age
CF-Ray
X-POWERED-BY
Upgrade
X-Server
Access-Control-Expose-Headers
EagleId
X-Via
X-Nginx-Cache-Status
X-Server-Powered-By
X-Drupal-Dynamic-Cache
X-Pingback
X-Varnish-Cache
X-Amz-Id-2
X-Amz-Request-Id
X-Hacker
Grace
X-UA-Device
X-Swift-SaveTime
X-Swift-CacheTime
X-Robots-Tag
Ali-Swift-Global-Savetime
P3p
Cf-Railgun
X-LiteSpeed-Cache
X-Proxy-Cache
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Ua-Compatible
Request-Context
Content-Location
X-Device
X-Ac
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Cnection
X-Amz-Version-Id
X-Host
X-Server-Id
X-Node
X-Cache-Lookup
Surrogate-Control
X-Backend-Server
X-Rq
X-Response-Time
X-Rack-Cache
X-Readtime
X-Application-Context
X-WebKit-CSP
EagleEye-TraceId
X-OneAgent-JS-Injection
Server-Timing
X-Cloud-Trace-Context
X-Url
Pinterest-Generated-By
X-CST
Report-To
Request-Id
X-TTL
X-Instart-Request-ID
X-Country
X-ORACLE-DMS-ECID
X-Px
X-Clacks-Overhead
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Feature-Policy
Edge-Control
X-Country-Code
Rating
Allow
X-Dns-Prefetch-Control
X-DataDome
X-ESI
X-Powered-CMS
NEL
X-PC
X-Vname
X-TtlSet
Charset
X-FTR-Request-ID
X-Origin-Cache
X-Server-Name
X-DynaTrace-JS-Agent
X-DynaTrace
X-MS-InvokeApp
X-Cached
X-Goog-Hash
X-Vhost
X-GitHub-Request-Id
X-Recruiting
X-VARITI-CCR
X-Varnish-TTL
RTSS
X-F-Cache
Content-MD5
X-Version
X-Cdn-Fetch
X-Exp-Id
X-Geo-Segment
X-Powered-By-Plesk
X-Kinja-Server
X-Kinja-Revision
X-Kinja-Build
X-GoogleNews-Bot
X-Kinja
X-Exp-Variant
Accept-CH
PB-PID
X-D2id
PB-RID
Public-Key-Pins
X-Mobile-Rewrite
Arc-Version
X-Mod-Pagespeed
MS-Author-Via
Verso
X-Client-IP
X-Pinterest-Rid
Pinterest-Version
X-Abt-Application-Version
X-Upstream-Env
SPRequestGuid
X-Dispatcher
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-SharePointHealthScore
X-N
X-Ruxit-JS-Agent
X-ORACLE-DMS-RID
X-Amz-Rid
Nginx-Cache
X-CF-Powered-By
Accept-CH-Lifetime
X-Navigation-Version
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Dw-Request-Base-Id
X-Trace
X-Fastly-Request-ID
Paypal-Debug-Id
X-Forwarded-Proto
X-T
X-DIS-Request-ID
X-Origin-Upstream-Status
DynaTrace
X-Upstream
X-Varnish-Age
X-Hits
SPRequestDuration
SPIisLatency
Arr-Disable-Session-Affinity
X-Amz-Meta-S3cmd-Attrs
TCN
AR-ATIME
X-Id
AR-PoweredBy
X-Pad
X-Grace
X-Shield-Request-Id
X-Oracle-Dms-Rid
AR-CACHE
X-Content-Options
X-Content-Digest
Realpath
X-NF-Request-ID
X-Server-ID
Access-Control-Request-Method
X-HW
X-Kinsta-Cache
X-Mrf-Section-Lastmod
Mrf-Cache-Status
MRF-Tech
X-Mrf-Item-Lastmod
X-IPLB-Instance
X-Acc-Meta-Resource-Type
X-Cache-Hit
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Logged-In
X-B
X-Debug
X-Vcap-Request-Id
X-SS-Set-Cookie
X-Wix-Server-Artifact-Id
X-NewRelic-App-Data
X-Ser
X-FastCGI-Cache
X-XRDS-Location
Service-Worker-Allowed
S
Tracecode
X-MSEdge-Ref
Server-Name
X-PressLabs-Stats
X-Frontend
X-FTR-Balancer
X-FTR-Cache-Status
X-FTR-Backend-Server
X-FTR-DC
X-FTR-Backend
X-Country-Code-Real
X-FTR-Realm
AMP-Access-Control-Allow-Source-Origin
Fastly-Restarts
X-Cache-Key
X-FTR-Expires
Rt-Fastcgi-Cache
X-Accel-Buffering
Surrogate-Key
X-Forwarded-For
Fastcgi-Cache
AR-SID
X-Cache-Rule
X-Analytics
Alternate-Protocol
Eomportal-Instance
Backend-Timing
X-HS-Hub-Id
X-HS-Content-Id
Host
TP-L2-Cache
TP-Cache
Cleartype
Cache-Status
X-Revision
X-Srv
X-Rid
FilterID
Public-Key-Pins-Report-Only
X-Whom
X-FTR-Cache-Host
X-Debug-Info
X-User-Agent
Front-End-Https
Permitted-Cross-Domain-Policies
X-Do-Not-Hack
X-HeyJason
X-Akam-SW-Version
ServerID
X-XRDS-LOCATION
X-Webkit-Csp
X-AOL-HN
X-Mobile
Accept-Charset
X-Varnish-Backend
X-Webkit-CSP
X-RateLimit-Remaining
X-TA-CDN-Provider
X-Cdn
X-Cache-2
X-Iejgwucgyu
X-Kinja-Server-Push
X-Via-JSL
X-Request-Processing-Time
X-GUploader-UploadID
X-Request-Received
X-VCache
X-Content-Powered-By
X-NWS-LOG-UUID
X-Oneagent-Js-Injection
X-Zen-Fury
X-Ttl
X-Cached-By
X-Correlation-Id
X-WPE-Loopback-Upstream-Addr
Viewport
X-App-Environment
X-Node-Name
X-Cluster
X-Tumblr-User
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-LB-Cache
X-Varnish-Hostname
X-Magnolia-Registration
X-Cache-Control
X-Framework
Host-Header
X-Akamai-Edgescape
X-Device-Type
X-TT
X-Handled-By
X-FB-Debug
X-Signature
Upgrade-Insecure-Requests
X-BCube-Filmed-By
X-B3-Sampled
X-B-Cache
X-Content-Security-Policy-Report-Only
X-Platform-Server
DC
Cache-Tag
X-Page-Id
Liferay-Portal
X-Request-Guid
X-Instance
X-Fastcgi-Cache
X-Middleton-Display
Display
X-Sol
X-Cache-Server
X-Amzn-Trace-Id
X-Hostname
MicrosoftSharePointTeamServices
X-Origin-Server
Server-Node
X-TT-TIMESTAMP
X-Accel-Expires
X-Varnish-Server
Source
X-WA-Info
Retry-After
X-B3-Traceid
X-Distil-CS
X-Servedby
X-Contextid
HitInfo
X-Seen-By
HitType
X-Wix-Request-Id
Server-Info
X-Cache-Action
X-Cache-Operation
Content-Script-Type
Content-Style-Type
X-GeoIP
Webserver
X-Amz-Replication-Status
X-RequestSource
User-Agent
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-Edge-Location
SRV
GEO-INFO
X-Jobs
X-Status
X-S
X-WebKit-CSP-Report-Only
X-Edge-Cache-Key
X-FW-Hash
Actual-Object-TTL
AsisCache
X-FW-Serve
X-Generated-By
X-Edge-Cache
X-FW-Server
X-Response-Served-From
X-FW-Type
X-Locale
X-FW-Static
X-TX-ID
X-Varnish-Hits
X-UUID
X-Adobe-Content
X-Drupal-Cache-Tags
X-Adobe-Loc
X-Region
X-ATG-Version
X-Cache-NE
Refresh
ServedBy
X-Yottaa-Optimizations
X-Port
Healthy
X-Yottaa-Metrics
X-Middleton-Response
Response
X-APP-VERSION
X-DataStream-Cache-Status
X-Esi
X-Geo-Country
X-Hyper-Cache
Payment
X-Cache-TTL-Remaining
S-Cnection
X-Cache-Age
IBM-Web2-Location
X-Newrelic-App-Data
X-Content-Type
X-Amz-Server-Side-Encryption
Datacenter
Edge-Cache-Tag
X-HS-Cache-Config
Filters
X-Daa-Tunnel
Country
NGB
X-Varnish-Grace
Served-By
X-Cache-Remote
X-AppVersion
X-Activity-Id
X-Az
HostName
X-Pc-Appver
X-Pc-Key
X-Pc-Hit
X-HS-Combine-CSS
X-Cache-TTL
Powered-By-ChinaCache
X-Varnish-IP
X-Sucuri-ID
X-App-Server
X-Cacheable-TTL
X-Vg-Webcache
X-Akamai-Transformed
X-UA
X-Mrs-Cache-Hits
X-Mshield-Cache-Status
X-Mrs-Age
X-Mrs-Cache
X-Mode
X-RemovedCookies
X-Proxied
X-Rendered-As
X-Cache-Var-Map
X-Cache-Var
X-Kong-Proxy-Latency
Load-Balancing
X-Rule
Machine
Meta-Geo
X-ProcessESI
X-Kong-Upstream-Latency
X-Detected-As
X-Is-Bot
X-RN-RSRV
X-CDN-Forward
X-Proxy
X-FC-Vary-Parameters
X-Rocket-Nginx-Bypass
X-PCL
TWC-Locale-Group
Webcakes-App-Name
OT-Force-Account-Verify
X-Amz-Meta-Surrogate-Control
TWC-Privacy
Webcakes-App-Version
Webcakes-Region
X-ProxyCache-Status
X-ServerID
TWC-GeoIP-LatLong
TWC-GeoIP-Country
Mn-Server-Ip
X-Hosted-By
X-Varnish-Cacheable
Property-Id
TWC-Connection-Speed
X-Grey
Access-Control-Allow-Method
X-OCL
TWC-Device-Class
X-Tb
X-Origin-Hint
X-Human
DB-Nickname
X-ProxyCache-Key
Cache-Name
X-Origin
X-BYPASS-REASON
X-Cache-Category-Id
Backend
ServerName
Now
User-Cache-Control
X-Access
X-Debug-Cache
L5d-Success-Class
Azure-Version
Azure-InstanceId
Azure-RegionName
Azure-SiteName
Azure-SlotName
X-EIG-Tracking-Id
X-Format
X-Section
X-Site-Version
X-Upgrade-Enabled
X-Zipkin-Id
X-Routing-Service
X-OVcl-Cache
X-Generated
X-Hit
X-JoinUs
X-NodeID
X-Varnish-Cache-Hits
X-OVcl
X-L-Path
X-Environment-Context
X-LJ-Flow-ID
X-Loop
X-NGENIX-Cache
X-Cache-Config
X-BB-IP
Selected-FE
S-Rt
X-ApacheServer
X-App-Name
X-AWS-Id
X-Original-Request
X-PERF
X-Www-Served-By
X-VWS-Id
X-Upstream-HT
X-Upstream-CT
X-HOST
X-Viewer-Country
X-Via-Fastly
X-SplitTest
X-Proxy-Build
X-Timing-Wait
X-TNCMS
X-TWH-CORRELATION-ID
Fastcgi-X-Cache-Version
X-CDN-Cache
Fastcgi-Useragent
Access-Control-Request-Headers
Cache-Key
Fastcgi-X-Cache
X-Origin-CC
X-Source
X-Agile
X-Pubstack
X-Agile-Id
X-Drupal-Cache-Contexts
X-Ocache
X-CCM
X-Agile-Age
X-URL
From-Origin
Pagespeed
X-Xfnlog-Site
X-IP
X-Nginx-Cache
X-RateLimit-Limit
X-Backend-Name
X-Amzn-RequestId
X-Unique-ID
X-Amz-Apigw-Id
Cache
LB
X-App-Version
X-Correlation-ID
X-Akamai-Request-ID
X-Forwarded-Host
X-Litespeed-Cache
X-Storage
Fastly-SSL
X-Vgn-Hpd-Reason
X-Feature
X-Pc-Date
X-Pc-Host
X-Ms-Lease-Status
X-Ms-Request-Id
ViewerVersion
NtCoent-Length
X-Ms-Version
X-Ms-Blob-Type
X-Qnm-Cache
X-Birta-Cache-Post
X-Birta-Served
X-M-Reqid
X-M-Log
Ar-Sid
X-Varnish-Beresp-Status
AR-Request-ID
X-Varnish-Beresp-Grace
X-Labrador-Cache-Channel
X-NCache
X-VG-TLSProxy
X-Time-Microsecs
X-Internal-Host
X-Guploader-Uploadid
X-Cluster-Node
X-Release
X-Real-IP
X-Ruxit-Js-Agent
X-Distributor
X-Real-Ip
X-Microcachable
Xserver
X-EdgeConnect-Cache-Status
Time
X-B3-TraceId
CACHE
X-B3-Spanid
WZWS-RAY
X-Powered-By-ANYU
X-SERVER-NAME
X-Cache-Enabled
X-Request-Time
X-Sucuri-Cache
ProcessTime
Meta-Geo-Continent
Fly-Request-Id
X-A-Ccd
X-A
MD5-Digest
X-A-Dam
VivaBuild
Viewtype
V-Age
X-Destination
T-Server
Ec-Rule-Version
Fly-Cache
Www
X-D
IsBot
X-Date
X-Connection-Hash
Ajk
REQUESTUUID
X-B-Cookie
X-ARC
AKAMAI
Cache-Prefix
Arc-Country
X-BB-ID
Rendered-Blocks
BehaviorPad-Version
X-Application
X-CF-Lambda-Fn
X-A-Wwc
Server-Int
X-A-Dgt
X-A-Dcw
X-Accel-Expires-Debug
X-Cache-Bucket
X-CF-Lambda-Version
NGX
Mobile-Detection-Method
X-CUA
X-From
X-IN-APIGATEWAY
X-IN-SSL-APIGATEWAY
X-IN-WAF
X-Irp-Debug
X-Rewrite-Enabled
X-ScT
X-UE-Client-Country
X-Server-Time
X-WebServer
X-Server-By
X-S-Cookie
X-Logtrace-Id
X-Trv-Group
X-Org
X-Twitter-Response-Tags
X-Via-CDN
X-NU-AKA-ACS-Version
X-Via-Edge
X-Via-SSL
X-No-Session
X-PAYTM-SRV-ID
X-Developer
X-VG-WebServer
X-Rojux
X-Store
X-SRCache-Key
X-Request-UUID
Xc-Version
X-Died
X-Dispatcher-Server
X-DPWN-IS-SECURE
X-Region-Sid
X-Redis-Cache
X-SIPLIST1
X-Generation-Time
X-G
X-Generated-In
X-Transaction
X-FireWall-Port
Pragrma
Origin-Cache-Control
Release
X-Varnish-Action
Origin-Edge-Control
X-UnsetCookies
X-S-Maxage
HA-Geolat
HA-Geolon
HA-Geocountry
HA-Geocity
HA-Cloudapp
HA-Georegion
Ha-Gx-Prefs
HA-Urlpath
Magicmarker
HA-Servedtime
HA-Ipaddr
HA-Host
NodeID
X-Owner
X-Wikidot-Backend
X-CGP
GMS-Ver
X-GeoIP-City
X-Hash
X-Cache-CFC
X-Gen-Mode
X-Fastly-Cache
X-Wikidot-Static-Cache
X-Eu-Site
X-External-Request-Id
X-CS
X-F5-Cache
X-Crawler
X-Hl-Ver
X-Block-Status
X-Policy
X-Platform
X-RateLimit-Limit-Second
Web-Mar-Node
X-VCT
X-RateLimit-Remaining-Second
X-Phone
X-Origin-TTL
X-Hnp-Log
X-We-Are-Hiring
X-VServer
X-Layer
X-Amz-Meta-Cache-Control
X-Node-Id
SN
Server-Host
X-ShopId
X-Varnish-Beresp-Ttl
X-NC
X-Shopify-Stage
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
Country-Code
X-ShardId
X-UA-Device-Type
X-Amz-Cf-Pop
X-Cache-Backend
Frame-Options
Cneonction
X-Alternate-Cache-Key
Backend-Name
X-Webstats-RespID
X-Endurance-Cache-Level
PageSpeed
X-Nc
X-C
X-Newrelic-Synthetics
X-Matched-Rule
X-MSEdge-Flight
X-Request-URI
Thinkindot-Control
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
X-RCS-CacheZone
X-ElasticPress-Search
X-MSEdge-Features
X-Nginx-Cache-Key
X-NX-Host
X-MI-In-Market
X-Backend-TTL
X-Developers
X-Cache-URL
X-Cache-Srv
X-Epic-Correlation-Id
X-Debug-Log
X-Debug-Cookies
X-Core-Value
X-Clientip
X-Croise-Owner
X-Fetched-On
X-Cache-Expires
X-Core-Mission
X-HTML-Minification-Powered-By
X-Backend-Host
X-Instance-Name
X-Backend-Url
X-GZip
X-FW-Version
X-Gannett-Site-Version
X-GeoIP-Country-Code
X-Key
Adler-Geo
Heartbleed
X-Variation
Odigeo-Trace-Id
X-Swa-Ws
Origin
Apple-News-Services-Request-Url
Powered
Platform
Countrycode
CDCHOST
X-Thinkindot-L3
X-Tumblr-Pixel-3
Kp-EeAlive
X-Up
Is-Eu
X-TT-LOGID
MI-API
X-Var-Ttl
MI-Cache-Age
MI-Cache
Apple-News-Services-Parsed-Url
Proxy-Connection
Esi-Enabled
X-Web-Node
Section-Io-Cache
X-Secret
X-Server-IP
X-Sf
Request-EU
Apple-News-Services-Host
Apple-News-Services-Handled
Request-Country
X-Dc
X-Ua
Pagetype
Cache-Cookie-Set-Lfrom
X-Device-Os
Resin-Trace
X-V
X-Worker
X-NWS-UUID-VERIFY
X-Fstrz
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
X-Location
X-Reboot
X-ServiceProvider
X-Returned-From-PostProcessResponse
X-Response-By
X-Returned-From-DLL
X-Returned-From
X-Passed-To-DLL
X-Passed-To-BeforeDispatch
X-Returned-From-BeforeDispatch
X-Stale
X-Ezoic-Cdn
X-Sn-Servicetimems
X-Passed-To
X-Trace-Id
X-Passed-To-PostProcessResponse
On-Server
X-Cache-Host
X-Backend-State
X-Content-Age
Content-Disposition
RNT-Machine
RNT-Time
X-Actual-URL
Uber-Trace-Id
True-Client-Country-4JS
Server-ID
X-Cdn-Origin
Cache-Tags
Decoy-Debug-TTL
X-Cdn-Srv
X-Ckpd-Fst-Backend
Decoy-Debug-Status
Fastly-Backend-Name
Decoy-Debug-Key
HTTPS
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Surge-Debug
X-Alicdn-Da-Ups-Status
Fastly-SWR
X-CACHE-AGE
Fastly-SIE
X-Servername
X-TIME
Host-ID
Warning
X-Skip-Cache
XServer
X-Csrf-Token
RequestId
MIME-Version
PFcat
Request-Time
X-Pf-Uncompressing
Sid
X-GEO
X-Aed
X-Req
Cteonnt-Length
We-Hiring
Pramga
Mail-Subject
X-Refresh
X-Proto
X-Dynatrace-Js-Agent
X-PHP-Backend
X-Edge-IP
X-Pjax-Url
TSSecure
X-Cdn-Forward
X-Ms-Lease-State
CF-IPCountry
X-Varnish-Ttl
X-Page-Type
X-Server-W
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Servedbyhost
X-GRACE
Cdn
X-Planisys-CDN-Cache
WP-Super-Cache
X-Ratelimit-Limit
X-CLOUD-TRACE-CONTEXT
X-Atg-Version
X-COUNTRY
X-Oss-Hash-Crc64ecma
X-ABtesting
X-Flog
X-Oss-Storage-Class
X-Oss-Server-Time
X-Oss-Request-Id
X-Varnish-Url
X-Hello
X-Oss-Object-Type
X-Time
Mime-Version
X-Geo
X-Cache-ASPX
Geoip-Latitude
X-CSRF-Token
CDN
X-Auto-Login
GeoIp-Country-Code
Dnion-Transfer-Encoding
X-Oracle-Dms-Ecid
X-DC
X-GoCache-CacheStatus
Lfy
FSS-Cache
X-Unique-Id
X-Aicache-OS
X-DataStream-MidMile-RTT
FSS-Proxy
X-DataStream-Origin-MEX-Latency
X-Varnish-Beresp-TTL
A
X-Akamai-Request-ID2
PageType
X-WA
X-Datadome
X-Sentry-ID
Rt-Proxy-Cache
MS-CV
NnCoection
X-Origin-Date
X-Via-NSCOPI
X-Origin-Expires
NODE
X-Served-From
X-Thanos
X-CACHE-KEY
X-Varnish-HitMiss
X-MP-GENERATED-AT
X-HCF
X-Wa
X-Cache-Id
X-EC-Security-Audit
X-Bip
Node
X-Cache-Control-Set-By
X-Check-Cacheable
X-Cache-Info
X-Be
Hostname
SD-X-WS
Memcached
X-Use-Magma
X-Server-Group
X-Request-Start
X-APP
GeoIP-Country-Code
GeoIP-Latitude
X-UPSTREAM-Address
WWW-Authenticate
X-Proxy-Server
X-NODE
X-Nananana
GeoIP-City
X-Ratelimit-Remaining
X-SRV
Geoip-City
X-Fastly-Cache-Hits
X-Wix-Route-ID
GW-Server
X-Cookie
X-PAGE-TYPE
UCS
PICS-Label
X-Varnish-URL
Memory
X-From-Cache
X-GDPR
X-ServedByHost
X-User
Processtime
X-Gen-Id
X-RTag
X-Load-Cache
DataCenter
Cache-Hits
X-WR-MODIFICATION
X-Gdpr
X-FORWARDED-FOR
X-HS-Status
Cdn-Request-Time
Cf-Ipcountry
Cdn-Host
X-Fastly-Backend-Reqs
X-Edge-Server
Accept-Language
Ms-Operation-Id
Pics-Label
X-Goog-Meta-Goog-Reserved-File-Mtime
X-PJAX-URL
X-Swift-Error
COMMERCE-SERVER-SOFTWARE
X-Vcache
Dont-Set-Cookie
X-Cache-Debug
X-B3-SpanId
X-Cache-Ttl
Locale
X-BBXSRF
X-Urbn-Site-Id
X-Urbn-Context-Path
X-Path-Route
X-Cache-HT
X-CDN-Pop-IP
X-Dw-Trace-Id
X-Env
X-Optimization
X-VG-WebCache
V-Cache
Is-Session-Tracking
Lb
X-Info
X-PF-Uncompressing
X-LI-UUID
X-Fe
X-LI-Proto
X-Li-Pop
X-Li-Fabric
Group
X-RateLimit-Reset
Get-Access-Time
X-CDN-Pop
X-ID
Amp-Access-Control-Allow-Source-Origin
NX-Cache
X-Content-Encoded-By
X-Qloud-Router
Fastly-Soc-X-Request-Id
Who
URI
X-Bug-Bounty
Requestid
X-GZIP
Serverid
X-NGINX-Cache
CDN-Cache
X-Cache-FS-Status
X-Ver
CDN-Node
X-CacheKey
AGE-Hash
SS
CDN-Cache-Hit
Xet-Cookie
X-P-T
X-Varnish-Info
X-Shard
X-Litespeed-Cache-Control
X-SN
Ohc-File-Size
X-Serial
X-Akamai-SSL-Client-Sid
SID
X-RequestId
Ohc-Response-Time
X-Route-Name
X-SB
Https
X-Meta-Tbi-Cache-Vertical
Ws
N-Cache
X-Grace-Duration
X-VC
X-Ibm-Trace
X-Providence-Cookie
X-Is-Crawler
X-ServerName
X-Akamai-ERPolicy
X-Akamai-ERRuleID
X-Flags