Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
Last-Modified
Accept-Ranges
Pragma
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
X-XSS-Protection
Expect-CT
Via
X-Cache
Age
Access-Control-Allow-Origin
Content-Security-Policy
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Served-By
X-Amz-Cf-Id
X-Varnish
Referrer-Policy
X-Timer
X-Xss-Protection
CF-Cache-Status
X-FRAME-OPTIONS
X-Request-Id
Access-Control-Allow-Headers
X-AspNet-Version
Access-Control-Allow-Methods
X-Runtime
X-Download-Options
Access-Control-Allow-Credentials
X-Drupal-Cache
X-Cacheable
Alt-Svc
X-Generator
Content-Security-Policy-Report-Only
X-Request-ID
X-Check
X-AspNetMvc-Version
Status
X-Cache-Status
X-Adblock-Key
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Iinfo
X-Permitted-Cross-Domain-Policies
X-Template
Content-Encoding
X-Language
X-Content-Security-Policy
X-Turbo-Charged-By
X-CDN
X-Type
X-Buckets
Keep-Alive
Xkey
X-AH-Environment
X-Backend
X-Cache-Group
WPE-Backend
Access-Control-Max-Age
X-Pass-Why
P3p
X-Age
CF-Ray
X-POWERED-BY
X-Server
Upgrade
EagleId
Access-Control-Expose-Headers
X-Via
X-Nginx-Cache-Status
X-Server-Powered-By
X-Pingback
X-Drupal-Dynamic-Cache
X-Varnish-Cache
Grace
X-Hacker
X-Swift-SaveTime
X-Swift-CacheTime
X-Amz-Id-2
X-Amz-Request-Id
X-UA-Device
X-Robots-Tag
Ali-Swift-Global-Savetime
Cf-Railgun
X-LiteSpeed-Cache
X-Proxy-Cache
X-Envoy-Upstream-Service-Time
X-Ua-Compatible
X-Page-Speed
Request-Context
Content-Location
X-Device
X-Ac
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Node
X-Cnection
X-Host
X-Amz-Version-Id
X-Cache-Lookup
Surrogate-Control
X-Server-Id
X-WebKit-CSP
X-Backend-Server
X-Rack-Cache
X-Rq
X-Response-Time
X-Application-Context
X-Readtime
X-CST
EagleEye-TraceId
Server-Timing
X-Url
Pinterest-Generated-By
X-Cloud-Trace-Context
X-TTL
X-OneAgent-JS-Injection
Request-Id
X-Instart-Request-ID
Report-To
X-Px
X-Country
X-ORACLE-DMS-ECID
X-Clacks-Overhead
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Feature-Policy
Edge-Control
Rating
X-Country-Code
Allow
X-Dns-Prefetch-Control
X-DynaTrace-JS-Agent
Charset
X-DataDome
X-ESI
X-Powered-CMS
X-TtlSet
X-PC
X-Vname
X-Server-Name
X-FTR-Request-ID
X-Origin-Cache
X-DynaTrace
NEL
X-MS-InvokeApp
X-Goog-Hash
X-Recruiting
X-Cached
X-Varnish-TTL
X-ORACLE-DMS-RID
X-Vhost
X-VARITI-CCR
X-GitHub-Request-Id
RTSS
Content-MD5
X-F-Cache
X-Version
X-Geo-Segment
X-Exp-Variant
X-Exp-Id
X-Cdn-Fetch
X-GoogleNews-Bot
X-Kinja
X-Kinja-Server
X-Kinja-Revision
X-Kinja-Build
X-Powered-By-Plesk
Public-Key-Pins
PB-PID
PB-RID
Accept-CH
Arc-Version
X-Mobile-Rewrite
X-Mod-Pagespeed
X-Pinterest-Rid
Pinterest-Version
X-Upstream-Env
X-D2id
Verso
MS-Author-Via
SPRequestGuid
X-Client-IP
X-Abt-Application-Version
X-CF-Powered-By
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-N
X-Dispatcher
X-SharePointHealthScore
X-Amz-Rid
AR-ATIME
AR-PoweredBy
Accept-CH-Lifetime
X-Navigation-Version
AR-CACHE
Nginx-Cache
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
DynaTrace
X-T
X-Fastly-Request-ID
X-Dw-Request-Base-Id
Paypal-Debug-Id
X-Trace
X-Grace
X-Hits
X-Upstream
X-Varnish-Age
Arr-Disable-Session-Affinity
TCN
X-Forwarded-Proto
X-Amz-Meta-S3cmd-Attrs
X-DIS-Request-ID
X-Origin-Upstream-Status
X-HeyJason
X-Do-Not-Hack
Permitted-Cross-Domain-Policies
X-FastCGI-Cache
X-Id
X-Pad
SPIisLatency
X-Shield-Request-Id
SPRequestDuration
AR-SID
X-Content-Options
X-Content-Digest
X-Ruxit-JS-Agent
Realpath
X-IPLB-Instance
X-NF-Request-ID
X-Cache-Hit
X-Logged-In
X-Kinsta-Cache
MRF-Tech
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
Mrf-Cache-Status
Access-Control-Request-Method
X-Acc-Meta-Resource-Type
X-Server-ID
X-B
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Storage-Class
X-HW
X-SS-Set-Cookie
X-Vcap-Request-Id
X-Debug
S
X-Ser
X-MSEdge-Ref
Service-Worker-Allowed
Server-Name
X-NewRelic-App-Data
X-Frontend
X-FTR-Realm
Tracecode
X-FTR-DC
X-FTR-Balancer
X-Country-Code-Real
X-FTR-Backend-Server
X-FTR-Backend
X-FTR-Cache-Status
X-XRDS-Location
X-PressLabs-Stats
X-Cache-Key
X-Wix-Server-Artifact-Id
X-Oneagent-Js-Injection
AMP-Access-Control-Allow-Source-Origin
X-FTR-Expires
Rt-Fastcgi-Cache
Fastcgi-Cache
Eomportal-Instance
X-Forwarded-For
Surrogate-Key
Alternate-Protocol
Cleartype
X-GUploader-UploadID
X-Cache-Rule
Fastly-Restarts
Cache-Status
X-Srv
Backend-Timing
X-Analytics
X-XRDS-LOCATION
X-HS-Content-Id
X-HS-Hub-Id
Host
X-Revision
X-Oracle-Dms-Rid
X-User-Agent
X-NWS-LOG-UUID
X-VCache
X-Rid
TP-L2-Cache
TP-Cache
FilterID
Public-Key-Pins-Report-Only
X-FTR-Cache-Host
X-Whom
X-Debug-Info
X-Akam-SW-Version
X-AOL-HN
X-Cache-2
X-Varnish-Backend
ServerID
X-Accel-Buffering
X-Webkit-CSP
X-RateLimit-Remaining
X-Via-JSL
X-Content-Powered-By
X-Cdn
X-TA-CDN-Provider
Accept-Charset
X-Request-Received
X-Request-Processing-Time
X-Kinja-Server-Push
X-Mobile
Front-End-Https
X-Zen-Fury
X-Ttl
Viewport
X-Cached-By
X-Correlation-Id
X-WPE-Loopback-Upstream-Addr
X-Node-Name
X-App-Environment
Liferay-Portal
X-Magnolia-Registration
X-LB-Cache
X-Tumblr-Pixel
X-Cluster
X-Varnish-Hostname
X-Content-Security-Policy-Report-Only
X-Tumblr-User
X-Tumblr-Pixel-0
X-Page-Id
Host-Header
X-B3-Sampled
X-Akamai-Edgescape
X-TT
X-Request-Guid
X-Framework
X-Device-Type
X-Handled-By
Upgrade-Insecure-Requests
X-Signature
X-Cache-Control
X-B-Cache
X-Instance
Cache-Tag
X-FB-Debug
DC
X-Platform-Server
X-Cache-Server
X-BCube-Filmed-By
X-B3-Traceid
Server-Node
X-Hostname
X-Origin-Server
MicrosoftSharePointTeamServices
X-TT-TIMESTAMP
Source
X-Amzn-Trace-Id
Retry-After
X-Contextid
X-Servedby
X-WA-Info
X-Accel-Expires
Display
X-Sol
X-Middleton-Display
HitInfo
Server-Info
X-Cache-Action
HitType
X-Varnish-Server
X-Distil-CS
X-Cache-Operation
Content-Script-Type
X-APP-VERSION
Content-Style-Type
X-Amz-Replication-Status
X-GeoIP
Webserver
AsisCache
X-Generated-By
X-Port
X-Daa-Tunnel
X-Tumblr-Pixel-2
X-S
X-WebKit-CSP-Report-Only
X-Tumblr-Pixel-1
X-Edge-Location
X-Seen-By
Healthy
X-Locale
X-Jobs
X-Status
GEO-INFO
Actual-Object-TTL
User-Agent
X-Wix-Request-Id
X-Edge-Cache
X-Response-Served-From
X-TX-ID
X-Varnish-Hits
X-RequestSource
X-Region
X-Geo-Country
ServedBy
X-Edge-Cache-Key
X-Hyper-Cache
X-FW-Serve
X-Adobe-Content
X-Adobe-Loc
X-FW-Type
X-FW-Static
X-FW-Hash
X-UUID
X-FW-Server
X-Drupal-Cache-Tags
SRV
X-DataStream-Cache-Status
Refresh
X-Fastcgi-Cache
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Varnish-Grace
X-Cache-Age
S-Cnection
X-ATG-Version
X-Esi
Filters
X-Cache-TTL-Remaining
X-Amz-Server-Side-Encryption
IBM-Web2-Location
X-Cache-NE
NGB
X-Middleton-Response
Response
X-Content-Type
X-Az
X-Activity-Id
X-AppVersion
X-Proxied
X-Newrelic-App-Data
Payment
Datacenter
X-Pc-Key
X-Pc-Hit
X-Ruxit-Js-Agent
X-Pc-Appver
X-CDN-Forward
X-App-Server
X-Cache-Remote
X-Cacheable-TTL
X-Cache-TTL
X-Kong-Upstream-Latency
X-UA
X-Kong-Proxy-Latency
Country
AR-Request-ID
X-Unique-ID
X-HS-Cache-Config
Edge-Cache-Tag
Cache
X-Sucuri-ID
Served-By
X-Akamai-Transformed
X-Mode
X-Vg-Webcache
X-Iejgwucgyu
Load-Balancing
Machine
X-Cache-Var
X-Detected-As
X-Cache-Var-Map
X-Varnish-IP
Meta-Geo
X-Is-Bot
X-ProcessESI
X-RemovedCookies
X-Rendered-As
X-RN-RSRV
X-Rocket-Nginx-Bypass
X-Proxy
X-FC-Vary-Parameters
X-EIG-Tracking-Id
X-ProxyCache-Status
X-BYPASS-REASON
Backend
X-Rule
Cache-Name
DB-Nickname
X-ServerID
User-Cache-Control
X-ProxyCache-Key
X-BB-IP
X-Hosted-By
X-Viewer-Country
X-Hit
X-Site-Version
X-Amz-Meta-Surrogate-Control
X-ApacheServer
X-Original-Request
X-Routing-Service
X-Tb
X-OVcl
X-Varnish-Cacheable
X-OCL
X-OVcl-Cache
X-TNCMS
Mn-Server-Ip
X-Loop
Now
ServerName
X-Zipkin-Id
X-CDN-Cache
X-L-Path
X-Cache-Category-Id
X-Environment-Context
Access-Control-Allow-Method
X-Pubstack
X-JoinUs
X-Human
X-Cache-Config
X-Grey
X-Origin
X-Generated
X-PERF
X-PCL
Cache-Key
Access-Control-Request-Headers
Azure-RegionName
L5d-Success-Class
Azure-SiteName
Azure-InstanceId
Azure-SlotName
X-Via-Fastly
Azure-Version
X-Agile
X-NodeID
X-Backend-Name
X-NGENIX-Cache
X-CCM
X-Proxy-Build
X-Debug-Cache
X-Agile-Id
X-Agile-Age
X-TWH-CORRELATION-ID
X-Upgrade-Enabled
X-Timing-Wait
S-Rt
X-Ocache
Selected-FE
X-Varnish-Cache-Hits
X-Www-Served-By
X-HS-Combine-CSS
X-LJ-Flow-ID
TWC-GeoIP-Country
X-Origin-Hint
X-IP
X-Origin-CC
TWC-Device-Class
X-App-Name
Property-Id
TWC-Connection-Speed
X-AWS-Id
X-URL
TWC-GeoIP-LatLong
Webcakes-Region
Webcakes-App-Name
Webcakes-App-Version
X-VWS-Id
X-SplitTest
TWC-Privacy
TWC-Locale-Group
X-Access
OT-Force-Account-Verify
X-Format
X-Source
X-Section
X-Real-IP
X-Drupal-Cache-Contexts
X-Storage
X-Xfnlog-Site
X-Upstream-CT
X-Upstream-HT
X-Pc-Date
X-Nginx-Cache
X-Pc-Host
X-Mrs-Age
X-Mrs-Cache
X-Mshield-Cache-Status
X-Mrs-Cache-Hits
Fastcgi-Useragent
HostName
X-Akamai-Request-ID
X-Correlation-ID
X-Vgn-Hpd-Reason
Powered-By-ChinaCache
X-Litespeed-Cache
Fastcgi-X-Cache-Version
X-RateLimit-Limit
Fastcgi-X-Cache
From-Origin
X-Time-Microsecs
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Feature
X-Forwarded-Host
X-NC
X-NCache
Fastly-SSL
X-Internal-Host
X-Distributor
X-Varnish-Beresp-Status
XServer
X-Release
X-Qnm-Cache
X-Microcachable
X-M-Reqid
X-M-Log
X-Varnish-Beresp-Grace
X-UA-Device-Type
X-Birta-Cache-Post
X-Birta-Served
Pagespeed
X-Ms-Blob-Type
X-Ms-Request-Id
X-Ms-Version
X-Ms-Lease-Status
NtCoent-Length
X-Labrador-Cache-Channel
X-PHP-Backend
X-Webkit-Csp
X-Cache-Backend
Pagetype
X-App-Version
X-EdgeConnect-Cache-Status
X-VG-TLSProxy
LB
X-Transaction
X-Connection-Hash
X-Twitter-Response-Tags
X-B3-Spanid
Time
Frame-Options
X-SERVER-NAME
MIME-Version
X-Server-Time
X-CUA
BehaviorPad-Version
X-PAYTM-SRV-ID
AKAMAI
Arc-Country
X-SRCache-Key
X-Web-Node
X-Cache-Bucket
Fly-Cache
X-BB-ID
X-D
X-Irp-Debug
Ajk
X-A-Dam
X-Application
X-Date
X-Request-UUID
X-ARC
X-CF-Lambda-Version
X-S-Cookie
X-Rewrite-Enabled
X-Sucuri-Cache
X-Rojux
X-A-Wwc
X-B-Cookie
Ec-Rule-Version
X-A-Dcw
X-Accel-Expires-Debug
X-A-Ccd
X-CS
Cneonction
X-ScT
X-A-Dgt
Cache-Prefix
X-CF-Lambda-Fn
X-Server-By
X-IN-WAF
Mobile-Detection-Method
T-Server
X-Instance-Name
X-GZip
Host-ID
V-Age
Xc-Version
VivaBuild
X-Org
Fly-Request-Id
NGX
X-NU-AKA-ACS-Version
Rendered-Blocks
X-SIPLIST1
X-Trv-Group
X-No-Session
X-Generated-In
MD5-Digest
X-G
IsBot
Server-Int
Meta-Geo-Continent
X-From
X-Generation-Time
X-IN-APIGATEWAY
Viewtype
X-IN-SSL-APIGATEWAY
Www
X-Dispatcher-Server
X-VG-WebServer
X-Via-CDN
X-Developer
X-Redis-Cache
X-V
X-Region-Sid
X-A
X-Destination
X-Logtrace-Id
X-Died
X-Via-Edge
X-WebServer
X-Via-SSL
X-DPWN-IS-SECURE
X-UE-Client-Country
X-C
X-HOST
PageSpeed
X-NWS-UUID-VERIFY
WZWS-RAY
X-Powered-By-ANYU
Pragrma
X-Block-Status
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
Magicmarker
Release
SN
Origin-Edge-Control
Web-Mar-Node
Server-Host
Origin-Cache-Control
GMS-Ver
X-Amz-Meta-Cache-Control
X-Phone
NodeID
X-Request-URI
Country-Code
X-Debug-Cookies
X-Gen-Mode
X-Var-Ttl
X-Debug-Log
X-Varnish-Action
X-NX-Host
X-S-Maxage
X-Crawler
X-UnsetCookies
X-VCT
X-Node-Id
X-Fastly-Cache
X-External-Request-Id
X-Origin-TTL
X-We-Are-Hiring
X-Owner
X-Core-Value
X-GeoIP-City
X-Key
X-Hash
X-Cache-Enabled
X-Cache-CFC
X-Store
X-Layer
X-Hnp-Log
X-Hl-Ver
X-FireWall-Port
X-Webstats-RespID
Request-Time
X-Platform
X-FW-Version
X-Fetched-On
Request-EU
X-Location
X-Nginx-Cache-Key
Platform
X-MI-In-Market
X-Matched-Rule
Request-Country
X-HTML-Minification-Powered-By
Proxy-Connection
X-Eu-Site
X-Cache-Srv
X-Cdn-Origin
X-Cdn-Srv
X-Actual-URL
X-Passed-To
X-Cache-Host
X-Passed-To-DLL
X-Backend-TTL
X-Cache-Expires
X-Passed-To-BeforeDispatch
X-CGP
X-Core-Mission
True-Client-Country-4JS
Thinkindot-Control
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
Uber-Trace-Id
X-Passed-To-PostProcessResponse
X-Croise-Owner
PFcat
X-ElasticPress-Search
X-F5-Cache
Apple-News-Services-Parsed-Url
HA-Cloudapp
X-Returned-From-PostProcessResponse
X-Reboot
X-Returned-From-DLL
X-Returned-From-BeforeDispatch
HA-Geocity
HA-Geocountry
HA-Georegion
Backend-Name
X-Variation
HA-Geolat
X-Returned-From
Origin
Adler-Geo
Apple-News-Services-Handled
Apple-News-Services-Host
Apple-News-Services-Request-Url
X-Response-By
X-Request-Time
Esi-Enabled
Decoy-Debug-TTL
Decoy-Debug-Status
Decoy-Debug-Key
Ha-Gx-Prefs
HA-Geolon
Kp-EeAlive
X-RCS-CacheZone
X-Swa-Ws
X-Sn-Servicetimems
HA-Host
MI-API
MI-Cache
On-Server
X-Stale
Odigeo-Trace-Id
MI-Cache-Age
X-Thinkindot-L3
X-Sf
X-Trace-Id
HA-Servedtime
HA-Urlpath
Heartbleed
X-VServer
X-ServiceProvider
X-Wikidot-Backend
Is-Eu
HA-Ipaddr
X-Tumblr-Pixel-3
X-Wikidot-Static-Cache
X-Sorting-Hat-ShopId
X-Shopify-Stage
X-ShardId
X-ShopId
X-Sorting-Hat-PodId
X-Cluster-Node
X-Alternate-Cache-Key
X-Epic-Correlation-Id
Powered
X-Policy
REQUESTUUID
HTTPS
Server-ID
X-Up
X-Developers
X-Device-Os
X-Backend-Url
Section-Io-Cache
X-Fstrz
X-GeoIP-Country-Code
X-MSEdge-Flight
X-MSEdge-Features
X-Rebelmouse-Cache-Control
X-Skip-Cache
Resin-Trace
X-TT-LOGID
X-Gannett-Site-Version
RNT-Time
RNT-Machine
X-Server-IP
X-Rebelmouse-Surrogate-Control
Fastly-Backend-Name
Cache-Tags
Fastly-SIE
X-Cache-URL
X-Ckpd-Fst-Backend
Fastly-SWR
Countrycode
X-Alicdn-Da-Ups-Status
X-Backend-Host
X-Backend-State
X-Clientip
CDCHOST
Content-Disposition
X-Secret
X-Varnish-Beresp-Ttl
X-Dc
Cteonnt-Length
X-CACHE-AGE
X-Content-Age
X-Servername
X-Ezoic-Cdn
X-Real-Ip
ViewerVersion
ProcessTime
Sid
X-Worker
X-B3-TraceId
X-Ua
X-Oss-Object-Type
X-Oss-Request-Id
X-Oss-Hash-Crc64ecma
X-Oss-Storage-Class
RequestId
X-Refresh
X-Oss-Server-Time
X-GEO
WP-Super-Cache
Warning
Xserver
X-Newrelic-Synthetics
X-TIME
X-Proto
Cache-Cookie-Set-Lfrom
X-Planisys-CDN-Rules
X-Csrf-Token
X-Planisys-CDN-TTL
Cache-Cookie-Set-Idcheck
X-Planisys-CDN-Cache
Cache-Cookie-Set-From
X-Pf-Uncompressing
X-Endurance-Cache-Level
X-Servedbyhost
X-Req
CDN
CF-IPCountry
Mail-Subject
We-Hiring
CACHE
X-Guploader-Uploadid
X-Surge-Debug
X-Cache-ASPX
Hostname
X-Pjax-Url
Ar-Sid
X-GoCache-CacheStatus
Dnion-Transfer-Encoding
X-Varnish-Ttl
X-Aed
X-Varnish-Beresp-TTL
X-Atg-Version
X-CLOUD-TRACE-CONTEXT
NODE
X-Nc
X-Time
Pramga
X-COUNTRY
X-Edge-IP
X-CSRF-Token
NnCoection
X-Server-W
Geoip-Latitude
GeoIp-Country-Code
TSSecure
X-Origin-Date
X-Origin-Expires
X-Ms-Lease-State
X-Page-Type
X-DC
X-Oracle-Dms-Ecid
X-Cache-Control-Set-By
X-HCF
X-Varnish-HitMiss
X-Cdn-Forward
X-WA
X-Ratelimit-Limit
A
X-DataStream-MidMile-RTT
X-Flog
X-Hello
X-DataStream-Origin-MEX-Latency
X-Aicache-OS
X-ABtesting
X-Varnish-Url
SD-X-WS
X-Datadome
WWW-Authenticate
X-GRACE
MS-CV
X-Server-Group
X-Geo
X-Amz-Cf-Pop
X-Dynatrace-Js-Agent
Cdn
Geoip-City
Processtime
Lfy
X-Auto-Login
X-Akamai-Request-ID2
X-UPSTREAM-Address
X-Varnish-URL
X-Wix-Route-ID
FSS-Cache
Node
FSS-Proxy
PICS-Label
Mime-Version
Lb
X-Wa
X-From-Cache
PageType
X-Use-Magma
X-PAGE-TYPE
X-Edge-Server
Cdn-Host
X-Sentry-ID
X-Via-NSCOPI
X-EC-Security-Audit
Cdn-Request-Time
X-APP
X-Gdpr
Rt-Proxy-Cache
X-Unique-Id
Dont-Set-Cookie
X-Nananana
GeoIP-City
X-Check-Cacheable
GeoIP-Latitude
GeoIP-Country-Code
X-Cache-Id
X-SRV
X-Gen-Id
X-RTag
Ms-Operation-Id
X-Cache-Info
X-Thanos
X-Served-From
X-Cookie
X-CACHE-KEY
COMMERCE-SERVER-SOFTWARE
X-Bip
Memcached
X-WR-MODIFICATION
Is-Session-Tracking
X-Proxy-Server
Get-Access-Time
X-Cache-HT
X-Be
X-Optimization
X-Env
X-GDPR
X-Fastly-Backend-Reqs
X-Load-Cache
DataCenter
X-Fastly-Cache-Hits
Who
X-Request-Start
X-FORWARDED-FOR
X-PJAX-URL
Pics-Label
X-Cache-FS-Status
X-Swift-Error
X-Ver
X-MP-GENERATED-AT
Memory
X-Ratelimit-Remaining
X-Meta-Tbi-Cache-Vertical
X-Fe
X-Cache-Ttl
X-Ibm-Trace
Cf-Ipcountry
Ws
Group
V-Cache
X-B3-SpanId
X-HS-Status
X-ServedByHost
X-RateLimit-Reset
GW-Server
UCS
URI
X-Wix-Petri-Ex
X-CDN-Pop-IP
X-Dw-Trace-Id
X-Shard
X-CDN-Pop
Httpd-Identifier
Amp-Access-Control-Allow-Source-Origin
X-ID
X-SVT-ORM-RULES
X-SB
X-VC
AGE-Hash
X-Bug-Bounty
X-PF-Uncompressing
Cache-Hits
X-User
Powered-By
NX-Cache
Xet-Cookie
X-SVT-ORM-VERSION
Requestid
X-GZIP
X-NGINX-Cache
Serverid
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Varnish-Info
X-StackifyID
Ohc-File-Size
CDN-Cache-Hit
Version
CDN-Cache
CDN-Node
N-Cache
X-CacheKey
X-Path-Route
X-Urbn-Site-Id
Locale
Accept-Language
X-VG-WebCache
X-Urbn-Context-Path
X-LI-UUID
X-Content-Encoded-By
X-Li-Pop
X-Cache-Debug
X-LI-Proto
X-Li-Fabric
X-BBXSRF
SID
X-Providence-Cookie
X-Cache-Handler
X-LiteSpeed-Cache-Control
X-Litespeed-Cache-Control
Https
X-Grace-Duration
X-Is-Crawler
X-Flags
X-RequestId
X-P-T
X-Akamai-ERPolicy
X-Akamai-ERRuleID
X-Route-Name
X-ServerName