Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
Last-Modified
Accept-Ranges
Pragma
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
Expect-CT
Via
X-XSS-Protection
X-Cache
Age
Access-Control-Allow-Origin
Content-Security-Policy
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Served-By
X-Amz-Cf-Id
X-Varnish
Referrer-Policy
X-Xss-Protection
X-Timer
CF-Cache-Status
X-FRAME-OPTIONS
Access-Control-Allow-Headers
X-AspNet-Version
X-Request-Id
Access-Control-Allow-Methods
X-Runtime
X-Download-Options
Access-Control-Allow-Credentials
X-Drupal-Cache
X-Cacheable
X-Request-ID
Alt-Svc
X-Generator
Content-Security-Policy-Report-Only
X-Check
X-AspNetMvc-Version
X-Adblock-Key
Status
X-Cache-Status
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Permitted-Cross-Domain-Policies
X-Template
X-Language
X-Iinfo
Content-Encoding
X-Content-Security-Policy
X-Turbo-Charged-By
X-CDN
X-Buckets
X-Type
Keep-Alive
Xkey
X-AH-Environment
X-Cache-Group
WPE-Backend
X-Pass-Why
X-Backend
Access-Control-Max-Age
X-Age
CF-Ray
X-POWERED-BY
Upgrade
X-Server
Access-Control-Expose-Headers
EagleId
X-Via
X-Nginx-Cache-Status
X-Server-Powered-By
X-Drupal-Dynamic-Cache
X-Pingback
X-Varnish-Cache
X-Amz-Id-2
X-Amz-Request-Id
X-Hacker
Grace
X-UA-Device
X-Swift-SaveTime
X-Swift-CacheTime
X-Robots-Tag
Ali-Swift-Global-Savetime
P3p
Cf-Railgun
X-LiteSpeed-Cache
X-Proxy-Cache
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Ua-Compatible
Request-Context
Content-Location
X-Device
X-Ac
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Cnection
X-Amz-Version-Id
X-Host
X-Server-Id
X-Node
X-Cache-Lookup
Surrogate-Control
X-Backend-Server
X-Rq
X-Response-Time
X-Rack-Cache
X-Readtime
X-Application-Context
X-WebKit-CSP
EagleEye-TraceId
X-OneAgent-JS-Injection
Server-Timing
X-Cloud-Trace-Context
X-Url
Pinterest-Generated-By
X-CST
Report-To
Request-Id
X-Instart-Request-ID
X-TTL
X-Country
X-ORACLE-DMS-ECID
X-Px
X-Clacks-Overhead
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Feature-Policy
Edge-Control
X-Country-Code
Rating
Allow
X-Dns-Prefetch-Control
X-DataDome
X-ESI
X-Powered-CMS
X-Vname
X-TtlSet
X-PC
NEL
X-FTR-Request-ID
Charset
X-Server-Name
X-DynaTrace-JS-Agent
X-Origin-Cache
X-DynaTrace
X-MS-InvokeApp
X-Cached
X-Vhost
X-Goog-Hash
X-GitHub-Request-Id
X-Recruiting
X-VARITI-CCR
X-Varnish-TTL
RTSS
X-Version
X-F-Cache
Content-MD5
X-Cdn-Fetch
X-Exp-Variant
X-Exp-Id
X-Kinja
X-Geo-Segment
X-GoogleNews-Bot
X-Kinja-Build
X-Kinja-Revision
X-Kinja-Server
X-Powered-By-Plesk
Accept-CH
Public-Key-Pins
PB-RID
X-Mobile-Rewrite
PB-PID
X-D2id
Arc-Version
X-Mod-Pagespeed
MS-Author-Via
Verso
X-Client-IP
X-Upstream-Env
X-Abt-Application-Version
Pinterest-Version
X-Pinterest-Rid
X-Dispatcher
SPRequestGuid
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-SharePointHealthScore
X-N
X-Ruxit-JS-Agent
X-ORACLE-DMS-RID
X-Amz-Rid
Nginx-Cache
X-CF-Powered-By
X-Navigation-Version
Accept-CH-Lifetime
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-Dw-Request-Base-Id
X-Trace
X-Fastly-Request-ID
Paypal-Debug-Id
X-Forwarded-Proto
X-DIS-Request-ID
X-T
X-Origin-Upstream-Status
X-Upstream
X-Varnish-Age
DynaTrace
X-Hits
X-Grace
SPIisLatency
SPRequestDuration
Arr-Disable-Session-Affinity
X-Amz-Meta-S3cmd-Attrs
TCN
X-Id
AR-PoweredBy
AR-ATIME
X-Oracle-Dms-Rid
X-Pad
X-Shield-Request-Id
AR-CACHE
X-Content-Options
X-Content-Digest
Realpath
X-NF-Request-ID
X-Server-ID
X-HW
Access-Control-Request-Method
MRF-Tech
X-Kinsta-Cache
Mrf-Cache-Status
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
X-IPLB-Instance
X-Acc-Meta-Resource-Type
X-Cache-Hit
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Logged-In
X-B
X-Vcap-Request-Id
X-Debug
X-SS-Set-Cookie
X-Wix-Server-Artifact-Id
X-XRDS-Location
X-NewRelic-App-Data
X-Ser
X-FastCGI-Cache
Service-Worker-Allowed
S
Tracecode
X-MSEdge-Ref
Server-Name
X-PressLabs-Stats
X-FTR-Backend
X-Frontend
X-Country-Code-Real
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-Realm
X-FTR-DC
X-FTR-Cache-Status
Fastly-Restarts
X-Cache-Key
X-FTR-Expires
AMP-Access-Control-Allow-Source-Origin
Rt-Fastcgi-Cache
X-Accel-Buffering
X-Forwarded-For
Surrogate-Key
Fastcgi-Cache
AR-SID
Alternate-Protocol
X-Cache-Rule
X-Analytics
Backend-Timing
Eomportal-Instance
X-HS-Hub-Id
X-HS-Content-Id
Host
Cleartype
TP-L2-Cache
TP-Cache
FilterID
X-Srv
X-Revision
X-Rid
X-Ttl
Cache-Status
Public-Key-Pins-Report-Only
X-FTR-Cache-Host
X-Debug-Info
X-User-Agent
X-Whom
Front-End-Https
X-Akam-SW-Version
Permitted-Cross-Domain-Policies
X-HeyJason
X-Do-Not-Hack
ServerID
X-Mobile
X-Webkit-Csp
X-XRDS-LOCATION
X-AOL-HN
Accept-Charset
X-Varnish-Backend
X-Webkit-CSP
X-RateLimit-Remaining
X-Cdn
X-TA-CDN-Provider
X-Cache-2
X-Iejgwucgyu
X-Kinja-Server-Push
X-Via-JSL
X-Request-Processing-Time
X-GUploader-UploadID
X-Request-Received
X-Zen-Fury
X-Content-Powered-By
X-NWS-LOG-UUID
X-Oneagent-Js-Injection
X-Cached-By
X-Correlation-Id
X-WPE-Loopback-Upstream-Addr
X-VCache
X-App-Environment
Viewport
X-LB-Cache
X-Tumblr-Pixel
X-Page-Id
X-Varnish-Hostname
X-Tumblr-User
X-Tumblr-Pixel-0
X-Node-Name
X-Cache-Control
Host-Header
X-Magnolia-Registration
X-Cluster
X-Device-Type
X-Request-Guid
X-TT
X-Framework
X-Handled-By
X-Akamai-Edgescape
X-B-Cache
X-Content-Security-Policy-Report-Only
X-FB-Debug
X-Signature
X-Platform-Server
X-B3-Sampled
X-BCube-Filmed-By
Upgrade-Insecure-Requests
Cache-Tag
X-Instance
Liferay-Portal
DC
X-Fastcgi-Cache
X-Middleton-Display
X-Sol
Display
X-Amzn-Trace-Id
X-Cache-Server
MicrosoftSharePointTeamServices
X-Hostname
X-Origin-Server
Server-Node
X-TT-TIMESTAMP
X-Accel-Expires
X-Varnish-Server
Source
X-WA-Info
Retry-After
X-B3-Traceid
X-Contextid
X-Servedby
X-Distil-CS
Server-Info
HitInfo
HitType
X-Seen-By
X-Wix-Request-Id
X-Cache-Action
Content-Style-Type
X-Edge-Location
X-Cache-Operation
Content-Script-Type
X-GeoIP
Webserver
X-Amz-Replication-Status
X-Tumblr-Pixel-2
User-Agent
X-S
X-Tumblr-Pixel-1
SRV
X-RequestSource
X-Status
GEO-INFO
Actual-Object-TTL
X-Jobs
X-WebKit-CSP-Report-Only
X-Locale
X-FW-Static
X-Edge-Cache-Key
AsisCache
X-Edge-Cache
X-FW-Hash
X-FW-Serve
X-FW-Server
X-FW-Type
X-Region
X-Response-Served-From
X-UUID
X-Drupal-Cache-Tags
ServedBy
X-Adobe-Loc
X-Generated-By
X-Varnish-Hits
X-TX-ID
X-ATG-Version
X-Adobe-Content
Refresh
X-Cache-NE
Healthy
X-Yottaa-Optimizations
X-Port
X-Yottaa-Metrics
Response
X-Middleton-Response
X-APP-VERSION
X-Geo-Country
X-Hyper-Cache
X-DataStream-Cache-Status
X-Esi
Payment
X-Cache-TTL-Remaining
X-Cache-Age
S-Cnection
IBM-Web2-Location
X-Content-Type
X-Newrelic-App-Data
X-Varnish-Grace
X-Amz-Server-Side-Encryption
Datacenter
Edge-Cache-Tag
X-HS-Cache-Config
Filters
X-Daa-Tunnel
Country
NGB
X-Cache-Remote
X-Activity-Id
Served-By
X-Az
X-AppVersion
X-Pc-Hit
X-Pc-Appver
X-Pc-Key
HostName
X-HS-Combine-CSS
X-Cacheable-TTL
X-Varnish-IP
X-Sucuri-ID
Powered-By-ChinaCache
X-Cache-TTL
X-App-Server
X-Vg-Webcache
X-Mode
X-Mshield-Cache-Status
X-Mrs-Cache-Hits
X-Mrs-Cache
X-Mrs-Age
X-Akamai-Transformed
X-UA
X-RemovedCookies
Meta-Geo
X-Cache-Var
Machine
X-ProcessESI
X-Rule
Load-Balancing
X-RN-RSRV
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Rendered-As
X-Is-Bot
X-Proxied
X-Detected-As
X-Cache-Var-Map
X-CDN-Forward
X-Rocket-Nginx-Bypass
X-FC-Vary-Parameters
X-Proxy
Cache-Name
Webcakes-App-Name
X-Human
X-Hosted-By
TWC-GeoIP-Country
X-Varnish-Cache-Hits
Property-Id
TWC-Connection-Speed
X-Cache-Category-Id
Mn-Server-Ip
Backend
X-ServerID
Webcakes-App-Version
Webcakes-Region
Access-Control-Allow-Method
X-Grey
DB-Nickname
OT-Force-Account-Verify
TWC-Device-Class
TWC-Locale-Group
X-Amz-Meta-Surrogate-Control
X-ProxyCache-Key
X-BYPASS-REASON
TWC-Privacy
X-Origin
User-Cache-Control
X-OCL
X-Varnish-Cacheable
X-PCL
X-ProxyCache-Status
TWC-GeoIP-LatLong
X-Origin-Hint
X-Tb
L5d-Success-Class
Azure-SiteName
Azure-InstanceId
X-Access
X-Upgrade-Enabled
Azure-RegionName
X-EIG-Tracking-Id
Azure-SlotName
X-OVcl-Cache
X-Zipkin-Id
Now
X-CDN-Cache
X-Section
S-Rt
X-NodeID
ServerName
X-TNCMS
X-Loop
X-Format
X-Generated
X-Site-Version
X-JoinUs
X-Original-Request
X-Debug-Cache
X-Hit
X-BB-IP
X-Routing-Service
X-OVcl
Azure-Version
X-AWS-Id
X-App-Name
X-Cache-Config
X-Pubstack
X-Upstream-HT
X-ApacheServer
X-PERF
Selected-FE
X-TWH-CORRELATION-ID
X-Agile
X-Agile-Age
X-Upstream-CT
X-HOST
X-NGENIX-Cache
X-VWS-Id
X-Viewer-Country
X-Via-Fastly
X-LJ-Flow-ID
X-L-Path
X-Proxy-Build
X-Environment-Context
X-IP
X-Www-Served-By
X-Timing-Wait
X-Agile-Id
Cache-Key
Fastcgi-X-Cache-Version
Fastcgi-X-Cache
X-SplitTest
Access-Control-Request-Headers
Fastcgi-Useragent
X-CCM
X-Drupal-Cache-Contexts
X-Origin-CC
X-URL
X-Source
X-Ocache
From-Origin
Pagespeed
X-Nginx-Cache
X-Xfnlog-Site
X-Backend-Name
X-Amz-Apigw-Id
X-Amzn-RequestId
X-RateLimit-Limit
X-Unique-ID
Cache
X-App-Version
LB
X-Correlation-ID
X-Akamai-Request-ID
X-Litespeed-Cache
X-Forwarded-Host
Fastly-SSL
X-Storage
X-Vgn-Hpd-Reason
X-Pc-Date
X-Feature
X-Pc-Host
X-Ms-Blob-Type
X-Ms-Version
X-Ms-Lease-Status
ViewerVersion
X-Ms-Request-Id
NtCoent-Length
X-Qnm-Cache
X-M-Log
X-M-Reqid
X-Birta-Served
X-Varnish-Beresp-Grace
X-Birta-Cache-Post
X-Varnish-Beresp-Status
Ar-Sid
X-Labrador-Cache-Channel
AR-Request-ID
X-Time-Microsecs
X-NCache
X-VG-TLSProxy
X-Internal-Host
X-Guploader-Uploadid
X-Cluster-Node
X-Ruxit-Js-Agent
X-Real-IP
X-Real-Ip
X-Distributor
X-Release
X-Microcachable
Time
Xserver
X-EdgeConnect-Cache-Status
X-B3-TraceId
CACHE
X-Powered-By-ANYU
WZWS-RAY
X-B3-Spanid
X-Request-Time
X-Sucuri-Cache
X-Cache-Enabled
X-SERVER-NAME
V-Age
T-Server
Viewtype
Www
Meta-Geo-Continent
Cache-Prefix
Ec-Rule-Version
Fly-Cache
BehaviorPad-Version
Arc-Country
Ajk
AKAMAI
Fly-Request-Id
IsBot
Rendered-Blocks
REQUESTUUID
NGX
Mobile-Detection-Method
MD5-Digest
X-A
Server-Int
X-CF-Lambda-Fn
X-Rewrite-Enabled
X-Request-UUID
X-Rojux
X-S-Cookie
X-Server-By
X-ScT
X-Region-Sid
X-Redis-Cache
X-No-Session
X-Logtrace-Id
X-NU-AKA-ACS-Version
X-Org
X-PAYTM-SRV-ID
X-Server-Time
X-SIPLIST1
X-Via-Edge
X-Via-CDN
X-Via-SSL
X-WebServer
Xc-Version
X-VG-WebServer
X-UE-Client-Country
X-Store
X-SRCache-Key
X-Transaction
X-Trv-Group
X-Twitter-Response-Tags
X-Irp-Debug
X-IN-WAF
X-BB-ID
X-B-Cookie
X-Cache-Bucket
X-CF-Lambda-Version
X-Connection-Hash
X-ARC
X-Application
X-A-Dcw
X-A-Dam
X-A-Dgt
X-A-Wwc
X-Accel-Expires-Debug
X-CUA
X-D
X-Generated-In
X-G
X-Generation-Time
X-IN-APIGATEWAY
X-IN-SSL-APIGATEWAY
X-From
X-DPWN-IS-SECURE
X-Destination
X-Date
X-Developer
X-Died
X-Dispatcher-Server
X-A-Ccd
VivaBuild
ProcessTime
X-Cache-Backend
X-FireWall-Port
X-Varnish-Beresp-Ttl
NodeID
X-Policy
X-RateLimit-Remaining-Second
GMS-Ver
X-Platform
Origin-Edge-Control
Release
Pragrma
X-Phone
Origin-Cache-Control
Magicmarker
HA-Geolon
HA-Georegion
HA-Geolat
HA-Geocountry
HA-Geocity
Ha-Gx-Prefs
HA-Host
X-Amz-Cf-Pop
HA-Urlpath
HA-Servedtime
HA-Ipaddr
HA-Cloudapp
X-Origin-TTL
X-Fastly-Cache
X-Cache-CFC
X-Block-Status
PageSpeed
X-Amz-Meta-Cache-Control
X-F5-Cache
X-External-Request-Id
X-Crawler
X-CS
X-CGP
X-Eu-Site
X-Gen-Mode
X-GeoIP-City
X-Node-Id
SN
X-UA-Device-Type
Server-Host
X-Layer
Web-Mar-Node
X-Hash
X-Hl-Ver
X-Hnp-Log
X-Key
X-Owner
X-RateLimit-Limit-Second
X-NC
X-Wikidot-Static-Cache
X-Sorting-Hat-PodId
Country-Code
X-ShopId
X-Shopify-Stage
X-Wikidot-Backend
X-Web-Node
X-Varnish-Action
Frame-Options
X-VCT
X-VServer
X-UnsetCookies
Backend-Name
X-ShardId
X-Sorting-Hat-ShopId
X-S-Maxage
Cneonction
X-Alternate-Cache-Key
X-Nc
X-Webstats-RespID
X-Endurance-Cache-Level
X-C
X-MI-In-Market
X-Matched-Rule
X-ElasticPress-Search
X-Instance-Name
X-We-Are-Hiring
X-Location
X-MSEdge-Features
Adler-Geo
X-Clientip
X-Croise-Owner
X-Core-Mission
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
X-MSEdge-Flight
Uber-Trace-Id
X-Nginx-Cache-Key
Thinkindot-Control
X-Newrelic-Synthetics
X-HTML-Minification-Powered-By
X-Backend-Host
X-Cache-Srv
X-FW-Version
X-Backend-State
X-Backend-TTL
X-Fetched-On
X-Epic-Correlation-Id
X-Backend-Url
X-Cache-URL
X-Developers
X-Debug-Log
X-Debug-Cookies
X-GZip
X-GeoIP-Country-Code
X-Dc
X-Gannett-Site-Version
X-Actual-URL
X-Cache-Expires
X-NX-Host
X-Request-URI
Is-Eu
X-Response-By
Heartbleed
X-Reboot
Kp-EeAlive
MI-Cache-Age
MI-Cache
X-Variation
X-RCS-CacheZone
Countrycode
X-Thinkindot-L3
X-Returned-From
X-Returned-From-BeforeDispatch
X-Returned-From-DLL
X-Returned-From-PostProcessResponse
X-Secret
X-Server-IP
X-Swa-Ws
X-Stale
X-Sf
Esi-Enabled
X-Core-Value
MI-API
Request-Country
Request-EU
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
X-Var-Ttl
X-Passed-To-PostProcessResponse
X-Passed-To-DLL
Apple-News-Services-Handled
Section-Io-Cache
Apple-News-Services-Host
X-Passed-To
X-Passed-To-BeforeDispatch
Powered
Proxy-Connection
X-Tumblr-Pixel-3
Odigeo-Trace-Id
CDCHOST
X-TT-LOGID
X-Up
Origin
Platform
Pagetype
X-Ua
Cache-Cookie-Set-Idcheck
X-Worker
Resin-Trace
X-Device-Os
Cache-Cookie-Set-From
X-Trace-Id
X-Sn-Servicetimems
X-Fstrz
X-ServiceProvider
Cache-Cookie-Set-Lfrom
X-NWS-UUID-VERIFY
X-Ezoic-Cdn
X-Cache-Host
X-V
Decoy-Debug-TTL
Decoy-Debug-Status
Decoy-Debug-Key
HTTPS
On-Server
True-Client-Country-4JS
Server-ID
RNT-Time
RNT-Machine
Content-Disposition
Fastly-Backend-Name
X-Cdn-Srv
X-Ckpd-Fst-Backend
X-Content-Age
Cache-Tags
X-Cdn-Origin
X-Alicdn-Da-Ups-Status
X-Rebelmouse-Surrogate-Control
X-CACHE-AGE
Warning
X-TIME
X-Rebelmouse-Cache-Control
Host-ID
X-Skip-Cache
X-Servername
Fastly-SIE
Fastly-SWR
X-Surge-Debug
XServer
X-Csrf-Token
RequestId
X-GEO
MIME-Version
Sid
X-Req
PFcat
X-Pf-Uncompressing
Request-Time
X-Proto
X-Aed
Cteonnt-Length
X-Refresh
Pramga
X-Dynatrace-Js-Agent
Mail-Subject
X-PHP-Backend
We-Hiring
X-Edge-IP
TSSecure
X-Pjax-Url
X-Cdn-Forward
X-Ms-Lease-State
CF-IPCountry
X-Varnish-Ttl
WP-Super-Cache
X-Page-Type
X-Planisys-CDN-TTL
X-Server-W
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-ABtesting
Cdn
X-Flog
X-Hello
X-CLOUD-TRACE-CONTEXT
X-Ratelimit-Limit
X-Atg-Version
X-Servedbyhost
X-Varnish-Url
X-Oss-Hash-Crc64ecma
X-Oss-Storage-Class
X-Time
X-Oss-Object-Type
X-COUNTRY
X-Oss-Server-Time
Mime-Version
X-Oss-Request-Id
X-Geo
CDN
X-Cache-ASPX
Geoip-Latitude
X-CSRF-Token
Dnion-Transfer-Encoding
X-Auto-Login
GeoIp-Country-Code
X-Oracle-Dms-Ecid
X-DC
FSS-Cache
X-GoCache-CacheStatus
Lfy
FSS-Proxy
X-Aicache-OS
X-DataStream-MidMile-RTT
X-Unique-Id
X-DataStream-Origin-MEX-Latency
X-Varnish-Beresp-TTL
PageType
X-WA
A
X-Akamai-Request-ID2
X-GRACE
Rt-Proxy-Cache
X-Datadome
X-Sentry-ID
NnCoection
MS-CV
X-Origin-Date
X-Origin-Expires
X-Via-NSCOPI
X-EC-Security-Audit
NODE
X-Served-From
X-Thanos
Memcached
Node
X-Cache-Id
X-HCF
X-Varnish-HitMiss
X-CACHE-KEY
X-Bip
X-Cache-Control-Set-By
X-MP-GENERATED-AT
X-Check-Cacheable
Hostname
X-Cache-Info
SD-X-WS
X-Be
X-Wa
X-APP
X-Use-Magma
WWW-Authenticate
X-Request-Start
X-Proxy-Server
GeoIP-Latitude
X-Server-Group
X-UPSTREAM-Address
GeoIP-Country-Code
X-Nananana
X-NODE
Memory
X-SRV
GeoIP-City
Geoip-City
X-Ratelimit-Remaining
UCS
X-PAGE-TYPE
X-Fastly-Cache-Hits
X-Wix-Route-ID
X-Varnish-URL
X-Cookie
X-Vcache
GW-Server
PICS-Label
X-ServedByHost
X-Gen-Id
X-GDPR
X-From-Cache
Processtime
X-User
X-Load-Cache
X-RTag
DataCenter
X-WR-MODIFICATION
Cache-Hits
X-Fastly-Backend-Reqs
X-Gdpr
X-HS-Status
Amp-Access-Control-Allow-Source-Origin
X-Edge-Server
Cdn-Request-Time
X-FORWARDED-FOR
Cdn-Host
Cf-Ipcountry
Ms-Operation-Id
Accept-Language
Pics-Label
X-PJAX-URL
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Swift-Error
COMMERCE-SERVER-SOFTWARE
X-BBXSRF
Locale
Dont-Set-Cookie
X-Cache-Debug
X-Cache-Ttl
X-Li-Fabric
X-Urbn-Site-Id
X-B3-SpanId
X-LI-UUID
X-Urbn-Context-Path
X-Li-Pop
X-LI-Proto
X-Path-Route
Get-Access-Time
Is-Session-Tracking
X-Env
X-VG-WebCache
X-Info
X-Cache-HT
Lb
X-Optimization
V-Cache
X-RateLimit-Reset
Group
X-CDN-Pop
X-Fe
X-CDN-Pop-IP
X-Dw-Trace-Id
X-PF-Uncompressing
X-ID
NX-Cache
Fastly-Soc-X-Request-Id
X-Content-Encoded-By
URI
Who
SS
Requestid
X-GZIP
X-Qloud-Router
X-Bug-Bounty
X-NGINX-Cache
Serverid
X-CacheKey
X-Cache-FS-Status
X-Ver
X-Varnish-Info
CDN-Cache
AGE-Hash
CDN-Node
X-P-T
CDN-Cache-Hit
X-ServerName
Xet-Cookie
X-SN
X-Serial
SID
X-Akamai-SSL-Client-Sid
X-Litespeed-Cache-Control
X-Ibm-Trace
X-Akamai-ERPolicy
X-SB
X-Akamai-ERRuleID
X-VC
Https
X-Grace-Duration
X-RequestId
N-Cache
Ws
X-Flags
X-Is-Crawler
X-Meta-Tbi-Cache-Vertical
X-Route-Name
X-Providence-Cookie
X-Shard