Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
Last-Modified
Accept-Ranges
Pragma
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
Expect-CT
Via
X-XSS-Protection
X-Cache
Age
Access-Control-Allow-Origin
Content-Security-Policy
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Served-By
X-Amz-Cf-Id
X-Varnish
Referrer-Policy
X-Xss-Protection
X-Timer
CF-Cache-Status
X-FRAME-OPTIONS
Access-Control-Allow-Headers
X-AspNet-Version
X-Request-Id
Access-Control-Allow-Methods
X-Runtime
X-Download-Options
Access-Control-Allow-Credentials
X-Drupal-Cache
X-Cacheable
Alt-Svc
X-Request-ID
X-Generator
Content-Security-Policy-Report-Only
X-Check
X-AspNetMvc-Version
Status
X-Cache-Status
X-Adblock-Key
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Iinfo
X-Permitted-Cross-Domain-Policies
X-Template
Content-Encoding
X-Language
X-Content-Security-Policy
X-Turbo-Charged-By
X-CDN
X-Type
X-Buckets
Keep-Alive
Xkey
X-AH-Environment
X-Cache-Group
X-Backend
WPE-Backend
Access-Control-Max-Age
X-Pass-Why
X-Age
CF-Ray
X-Server
Upgrade
X-POWERED-BY
EagleId
Access-Control-Expose-Headers
X-Via
X-Nginx-Cache-Status
X-Server-Powered-By
X-Drupal-Dynamic-Cache
X-Pingback
X-Varnish-Cache
Grace
X-Hacker
X-Amz-Request-Id
X-Amz-Id-2
X-Swift-SaveTime
X-Swift-CacheTime
X-UA-Device
X-Robots-Tag
Ali-Swift-Global-Savetime
Cf-Railgun
P3p
X-LiteSpeed-Cache
X-Proxy-Cache
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Ua-Compatible
Request-Context
Content-Location
X-Device
X-Ac
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Cnection
X-Node
X-Amz-Version-Id
X-Host
X-Cache-Lookup
Surrogate-Control
X-WebKit-CSP
X-Server-Id
X-Backend-Server
X-Rq
X-Rack-Cache
X-Response-Time
X-Application-Context
X-Readtime
X-CST
EagleEye-TraceId
Server-Timing
X-Url
Pinterest-Generated-By
X-Cloud-Trace-Context
Request-Id
X-Instart-Request-ID
Report-To
X-TTL
X-OneAgent-JS-Injection
X-Px
X-Country
X-Clacks-Overhead
X-ORACLE-DMS-ECID
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Feature-Policy
Edge-Control
Rating
X-Country-Code
Allow
X-DynaTrace-JS-Agent
X-ESI
Charset
X-Powered-CMS
X-TtlSet
X-Server-Name
X-Vname
X-PC
X-Dns-Prefetch-Control
X-FTR-Request-ID
X-DataDome
X-Origin-Cache
X-DynaTrace
NEL
X-MS-InvokeApp
X-Goog-Hash
X-Cached
X-Recruiting
X-Varnish-TTL
X-Vhost
X-VARITI-CCR
X-GitHub-Request-Id
RTSS
X-ORACLE-DMS-RID
Content-MD5
X-F-Cache
X-Version
X-Exp-Variant
X-Exp-Id
X-Cdn-Fetch
X-Geo-Segment
X-Kinja-Server
X-Kinja-Revision
X-Kinja-Build
X-Kinja
X-GoogleNews-Bot
X-Powered-By-Plesk
Public-Key-Pins
Accept-CH
PB-PID
PB-RID
Arc-Version
X-Mobile-Rewrite
X-D2id
X-Mod-Pagespeed
X-Pinterest-Rid
X-Upstream-Env
Pinterest-Version
Verso
X-Client-IP
MS-Author-Via
X-Abt-Application-Version
SPRequestGuid
X-CF-Powered-By
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Dispatcher
X-N
X-SharePointHealthScore
X-Amz-Rid
AR-ATIME
AR-PoweredBy
Accept-CH-Lifetime
X-Navigation-Version
Nginx-Cache
AR-CACHE
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-Dw-Request-Base-Id
DynaTrace
X-T
X-Trace
X-Fastly-Request-ID
Paypal-Debug-Id
X-Varnish-Age
X-Upstream
X-Hits
X-Grace
Arr-Disable-Session-Affinity
TCN
X-Forwarded-Proto
X-DIS-Request-ID
X-Origin-Upstream-Status
X-Id
X-Server-ID
X-Amz-Meta-S3cmd-Attrs
X-Pad
X-Shield-Request-Id
SPIisLatency
SPRequestDuration
X-FastCGI-Cache
Permitted-Cross-Domain-Policies
X-Do-Not-Hack
X-HeyJason
X-Ruxit-JS-Agent
AR-SID
X-Content-Options
X-Content-Digest
X-NF-Request-ID
X-Cache-Hit
X-IPLB-Instance
X-Kinsta-Cache
Access-Control-Request-Method
X-Logged-In
X-Mrf-Section-Lastmod
X-B
X-Mrf-Item-Lastmod
MRF-Tech
Mrf-Cache-Status
X-Acc-Meta-Resource-Type
Realpath
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-HW
X-SS-Set-Cookie
X-Vcap-Request-Id
X-Oneagent-Js-Injection
X-Debug
S
Service-Worker-Allowed
X-Ser
X-MSEdge-Ref
X-XRDS-Location
X-Wix-Server-Artifact-Id
Server-Name
X-Frontend
X-PressLabs-Stats
X-Cache-Key
X-FTR-Cache-Status
X-FTR-Balancer
Tracecode
X-FTR-DC
X-FTR-Backend-Server
X-Country-Code-Real
X-FTR-Backend
X-FTR-Realm
X-NewRelic-App-Data
AMP-Access-Control-Allow-Source-Origin
X-FTR-Expires
Rt-Fastcgi-Cache
Fastcgi-Cache
X-GUploader-UploadID
Surrogate-Key
X-Forwarded-For
X-Oracle-Dms-Rid
Eomportal-Instance
Fastly-Restarts
Alternate-Protocol
X-Cache-Rule
Cleartype
Cache-Status
Backend-Timing
X-Analytics
X-HS-Hub-Id
Host
X-Srv
X-HS-Content-Id
TP-Cache
TP-L2-Cache
X-VCache
X-Revision
X-Rid
X-Whom
X-User-Agent
Public-Key-Pins-Report-Only
X-XRDS-LOCATION
X-FTR-Cache-Host
X-Ttl
X-Accel-Buffering
FilterID
X-Debug-Info
X-RateLimit-Remaining
X-Akam-SW-Version
X-NWS-LOG-UUID
ServerID
X-AOL-HN
X-TA-CDN-Provider
X-Varnish-Backend
X-Cache-2
X-Via-JSL
X-Content-Powered-By
Accept-Charset
Front-End-Https
X-Request-Received
X-Request-Processing-Time
X-Mobile
X-Webkit-CSP
X-Zen-Fury
X-Cdn
X-Kinja-Server-Push
X-Cached-By
Viewport
X-WPE-Loopback-Upstream-Addr
X-B3-Traceid
X-App-Environment
X-Magnolia-Registration
Liferay-Portal
X-Correlation-Id
X-Node-Name
X-LB-Cache
X-Tumblr-User
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Cluster
X-Page-Id
X-Content-Security-Policy-Report-Only
Host-Header
X-Varnish-Hostname
X-Akamai-Edgescape
X-Cache-Control
X-Request-Guid
X-B3-Sampled
X-Framework
X-Instance
X-BCube-Filmed-By
X-Handled-By
X-B-Cache
Upgrade-Insecure-Requests
X-TT
X-Signature
X-Platform-Server
X-FB-Debug
X-Device-Type
DC
Cache-Tag
X-Hostname
X-Cache-Server
Server-Node
X-Origin-Server
X-TT-TIMESTAMP
MicrosoftSharePointTeamServices
Source
X-Amzn-Trace-Id
Display
X-Sol
Retry-After
X-Middleton-Display
X-Accel-Expires
X-APP-VERSION
X-Servedby
X-WA-Info
X-Contextid
X-Varnish-Server
Server-Info
HitType
HitInfo
X-Cache-Action
X-Distil-CS
X-Cache-Operation
X-Wix-Request-Id
Content-Style-Type
Content-Script-Type
X-Seen-By
X-Port
Webserver
X-GeoIP
X-Edge-Location
X-RequestSource
GEO-INFO
X-Generated-By
X-Tumblr-Pixel-2
X-Fastcgi-Cache
X-WebKit-CSP-Report-Only
X-Amz-Replication-Status
X-Tumblr-Pixel-1
Healthy
X-S
X-Jobs
Actual-Object-TTL
User-Agent
X-Status
X-Edge-Cache
X-Geo-Country
AsisCache
X-Edge-Cache-Key
X-FW-Type
X-FW-Static
X-Response-Served-From
X-UUID
X-Varnish-Hits
X-FW-Server
X-Region
X-FW-Serve
X-FW-Hash
X-Adobe-Content
X-TX-ID
X-Drupal-Cache-Tags
X-Adobe-Loc
X-Locale
X-Hyper-Cache
SRV
ServedBy
X-Daa-Tunnel
Refresh
X-DataStream-Cache-Status
X-Newrelic-App-Data
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Middleton-Response
X-Varnish-Grace
Response
X-Cache-TTL-Remaining
Filters
X-Cache-NE
IBM-Web2-Location
X-Amz-Server-Side-Encryption
X-Cache-Age
X-ATG-Version
NGB
X-Esi
S-Cnection
X-Iejgwucgyu
X-Content-Type
Payment
X-Az
X-Activity-Id
X-AppVersion
Datacenter
X-Proxied
X-CDN-Forward
X-Pc-Key
X-Pc-Hit
X-Pc-Appver
X-Cache-Remote
X-App-Server
X-Ruxit-Js-Agent
X-Vg-Webcache
X-Cacheable-TTL
X-Cache-TTL
Cache
X-Kong-Upstream-Latency
Country
Served-By
X-Kong-Proxy-Latency
AR-Request-ID
X-UA
X-Unique-ID
Edge-Cache-Tag
X-HS-Cache-Config
X-Sucuri-ID
X-Akamai-Transformed
X-Mode
X-Varnish-IP
X-Cache-Var-Map
X-ProcessESI
X-RemovedCookies
X-Is-Bot
X-Cache-Var
X-Detected-As
Load-Balancing
X-RN-RSRV
Meta-Geo
X-Rendered-As
Machine
X-FC-Vary-Parameters
X-Proxy
X-Rocket-Nginx-Bypass
X-Real-IP
Mn-Server-Ip
Webcakes-App-Name
X-Cache-Category-Id
User-Cache-Control
TWC-Locale-Group
TWC-Privacy
Property-Id
X-BYPASS-REASON
X-BB-IP
X-Hosted-By
Webcakes-Region
X-Amz-Meta-Surrogate-Control
X-Varnish-Cache-Hits
X-Varnish-Cacheable
X-Origin-Hint
X-Origin
Webcakes-App-Version
X-EIG-Tracking-Id
X-Tb
TWC-GeoIP-Country
X-OCL
X-ServerID
TWC-Device-Class
TWC-Connection-Speed
X-ProxyCache-Status
X-PCL
Cache-Name
Access-Control-Allow-Method
X-ProxyCache-Key
X-Grey
DB-Nickname
TWC-GeoIP-LatLong
X-Rule
Azure-InstanceId
L5d-Success-Class
X-Access
Azure-RegionName
Now
S-Rt
ServerName
Azure-SlotName
Backend
X-Routing-Service
Azure-SiteName
Azure-Version
X-OVcl
X-Section
X-Format
X-OVcl-Cache
X-JoinUs
X-Generated
X-Human
X-Upgrade-Enabled
X-Zipkin-Id
X-Hit
X-Viewer-Country
X-TNCMS
X-Loop
X-Environment-Context
X-L-Path
X-HS-Combine-CSS
X-CDN-Cache
X-Debug-Cache
X-NGENIX-Cache
X-SplitTest
X-Via-Fastly
X-IP
X-LJ-Flow-ID
X-Timing-Wait
X-NodeID
X-Pubstack
X-AWS-Id
X-Cache-Config
X-App-Name
X-ApacheServer
X-Agile-Age
X-Agile-Id
X-Original-Request
X-Ocache
X-Agile
X-Www-Served-By
Selected-FE
X-Proxy-Build
X-PERF
X-VWS-Id
Cache-Key
Access-Control-Request-Headers
X-CCM
X-Backend-Name
OT-Force-Account-Verify
X-RateLimit-Limit
X-Drupal-Cache-Contexts
X-TWH-CORRELATION-ID
X-Origin-CC
X-Correlation-ID
X-Site-Version
X-HOST
X-Nginx-Cache
X-Source
X-Xfnlog-Site
X-Pc-Date
X-Pc-Host
X-Upstream-HT
X-URL
X-Upstream-CT
Pagespeed
HostName
X-Akamai-Request-ID
Powered-By-ChinaCache
Fastcgi-X-Cache
Fastcgi-Useragent
Fastcgi-X-Cache-Version
X-Mrs-Cache-Hits
X-Mrs-Cache
X-Mrs-Age
X-Storage
X-Mshield-Cache-Status
X-Vgn-Hpd-Reason
From-Origin
X-NC
X-Forwarded-Host
X-Litespeed-Cache
X-Amzn-RequestId
X-Amz-Apigw-Id
Fastly-SSL
X-NCache
X-Time-Microsecs
X-Internal-Host
X-M-Log
X-M-Reqid
X-Qnm-Cache
X-Feature
X-Distributor
X-Release
X-Microcachable
X-UA-Device-Type
XServer
X-Labrador-Cache-Channel
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-Ms-Request-Id
X-Ms-Lease-Status
X-Ms-Blob-Type
Pagetype
X-Birta-Served
NtCoent-Length
X-Birta-Cache-Post
X-Ms-Version
LB
X-VG-TLSProxy
X-Cache-Backend
X-B3-Spanid
X-EdgeConnect-Cache-Status
X-PHP-Backend
X-Webkit-Csp
X-Connection-Hash
X-Twitter-Response-Tags
X-Transaction
Frame-Options
Time
MIME-Version
X-C
X-Sucuri-Cache
X-Via-SSL
X-Web-Node
Server-Int
X-Developer
NGX
X-Org
X-Died
X-DPWN-IS-SECURE
Cneonction
Mobile-Detection-Method
X-PAYTM-SRV-ID
Rendered-Blocks
Xc-Version
X-WebServer
X-From
BehaviorPad-Version
Cache-Prefix
Fly-Request-Id
Arc-Country
X-Generation-Time
Fly-Cache
X-Irp-Debug
Ec-Rule-Version
X-IN-APIGATEWAY
X-IN-SSL-APIGATEWAY
X-IN-WAF
X-Generated-In
AKAMAI
X-Via-Edge
IsBot
MD5-Digest
Meta-Geo-Continent
Host-ID
X-G
Ajk
X-Logtrace-Id
X-Powered-By-ANYU
WZWS-RAY
X-NU-AKA-ACS-Version
X-Dispatcher-Server
X-A-Dcw
X-A-Dam
X-A-Dgt
X-Rewrite-Enabled
X-Rojux
X-UE-Client-Country
X-SIPLIST1
X-D
Www
X-A
X-A-Ccd
X-S-Cookie
X-A-Wwc
X-ARC
X-Trv-Group
X-B-Cookie
X-Server-Time
X-Application
X-BB-ID
X-Accel-Expires-Debug
X-ScT
X-CS
X-Server-By
X-Instance-Name
X-CUA
X-Date
VivaBuild
X-Redis-Cache
X-CF-Lambda-Fn
Viewtype
X-VG-WebServer
V-Age
X-CF-Lambda-Version
X-Via-CDN
X-Destination
X-Region-Sid
X-Cache-Bucket
X-Request-UUID
X-SRCache-Key
T-Server
X-GZip
X-SERVER-NAME
X-FireWall-Port
HA-Cloudapp
HA-Geocountry
X-Hl-Ver
HA-Geocity
X-CGP
X-Core-Value
X-GeoIP-City
HA-Geolat
X-Cache-CFC
X-Hash
X-Cache-Enabled
X-Gen-Mode
X-Block-Status
GMS-Ver
Magicmarker
X-Eu-Site
X-External-Request-Id
Origin-Edge-Control
Origin-Cache-Control
Web-Mar-Node
X-Debug-Cookies
Server-Host
X-Debug-Log
X-Hnp-Log
Pragrma
X-F5-Cache
X-Fastly-Cache
HA-Ipaddr
HA-Host
Ha-Gx-Prefs
HA-Georegion
HA-Servedtime
HA-Urlpath
NodeID
SN
X-Crawler
X-Amz-Meta-Cache-Control
HA-Geolon
Backend-Name
X-Phone
X-We-Are-Hiring
X-VServer
X-Wikidot-Static-Cache
X-Origin-TTL
X-No-Session
X-Node-Id
X-NX-Host
X-Platform
X-RateLimit-Limit-Second
X-Var-Ttl
X-UnsetCookies
X-S-Maxage
X-Varnish-Action
X-VCT
X-RateLimit-Remaining-Second
X-V
X-Request-Time
X-Wikidot-Backend
X-Store
Country-Code
X-Key
X-NWS-UUID-VERIFY
X-App-Version
X-Webstats-RespID
ViewerVersion
X-Response-By
X-Developers
Apple-News-Services-Request-Url
X-Variation
Esi-Enabled
Apple-News-Services-Parsed-Url
X-Up
X-Request-URI
X-GeoIP-Country-Code
Thinkindot-Control
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
X-ShopId
X-RCS-CacheZone
X-Reboot
Uber-Trace-Id
CDCHOST
X-Secret
X-Clientip
X-Cache-Host
X-Cache-Expires
X-Core-Mission
X-Cache-Srv
X-Cache-URL
X-Thinkindot-L3
X-Cdn-Srv
X-Cdn-Origin
X-Sn-Servicetimems
X-Sf
X-Server-IP
X-Tumblr-Pixel-3
Section-Io-Cache
X-TT-LOGID
X-Backend-Host
X-Backend-Url
X-Backend-TTL
X-Backend-State
Countrycode
X-Layer
MI-API
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-Fetched-On
MI-Cache
MI-Cache-Age
X-Owner
Adler-Geo
Odigeo-Trace-Id
X-Nginx-Cache-Key
Kp-EeAlive
X-Matched-Rule
X-Alternate-Cache-Key
X-Shopify-Stage
X-ShardId
X-MI-In-Market
X-FW-Version
X-MSEdge-Flight
X-MSEdge-Features
Is-Eu
Origin
X-Location
X-Epic-Correlation-Id
Platform
Proxy-Connection
Request-EU
Request-Country
X-HTML-Minification-Powered-By
Release
Apple-News-Services-Handled
Apple-News-Services-Host
X-Gannett-Site-Version
PFcat
X-CACHE-AGE
X-Swa-Ws
X-Stale
X-ElasticPress-Search
X-Trace-Id
X-Ckpd-Fst-Backend
X-Fstrz
X-Content-Age
X-Worker
X-Passed-To-BeforeDispatch
X-Device-Os
Powered
X-Returned-From-PostProcessResponse
X-Returned-From-DLL
X-Returned-From
X-Returned-From-BeforeDispatch
X-Croise-Owner
X-Policy
X-Passed-To
X-Servername
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-Passed-To-DLL
X-Passed-To-PostProcessResponse
X-ServiceProvider
X-Actual-URL
Decoy-Debug-Key
Decoy-Debug-Status
Content-Disposition
Cache-Tags
RNT-Machine
Resin-Trace
Request-Time
Decoy-Debug-TTL
Fastly-SWR
Heartbleed
Fastly-SIE
On-Server
Fastly-Backend-Name
RNT-Time
Server-ID
X-Alicdn-Da-Ups-Status
True-Client-Country-4JS
Sid
X-Varnish-Beresp-Ttl
X-Ezoic-Cdn
X-Cluster-Node
X-Ua
ProcessTime
HTTPS
REQUESTUUID
X-Oracle-Dms-Ecid
X-Skip-Cache
X-Dc
Xserver
X-Pf-Uncompressing
Cteonnt-Length
PageSpeed
X-Csrf-Token
Warning
X-Oss-Request-Id
X-Oss-Object-Type
RequestId
CF-IPCountry
X-Proto
X-Oss-Server-Time
X-Oss-Hash-Crc64ecma
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
X-Oss-Storage-Class
Cache-Cookie-Set-From
X-Endurance-Cache-Level
WP-Super-Cache
Mail-Subject
X-Planisys-CDN-Cache
We-Hiring
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Servedbyhost
X-Req
X-Refresh
CDN
X-TIME
X-Real-Ip
X-Newrelic-Synthetics
X-Atg-Version
X-Surge-Debug
CACHE
X-GEO
X-B3-TraceId
X-Pjax-Url
X-Datadome
Hostname
X-Cache-ASPX
Ar-Sid
X-Aed
Dnion-Transfer-Encoding
X-GoCache-CacheStatus
X-CSRF-Token
X-Time
X-Nc
X-Varnish-Ttl
X-Varnish-Beresp-TTL
X-Edge-IP
X-CLOUD-TRACE-CONTEXT
X-DC
NODE
GeoIp-Country-Code
X-COUNTRY
X-Server-W
Geoip-Latitude
TSSecure
Pramga
X-Geo
X-Guploader-Uploadid
NnCoection
X-Origin-Date
X-Ms-Lease-State
X-Origin-Expires
X-Page-Type
X-DataStream-Origin-MEX-Latency
X-Aicache-OS
X-DataStream-MidMile-RTT
X-Varnish-HitMiss
X-Cache-Control-Set-By
X-HCF
X-ABtesting
X-Hello
X-Flog
MS-CV
X-Cdn-Forward
X-Varnish-Url
SD-X-WS
A
X-WA
X-Auto-Login
Lfy
X-Server-Group
X-Akamai-Request-ID2
WWW-Authenticate
X-GRACE
X-Amz-Cf-Pop
Cdn
X-UPSTREAM-Address
Processtime
Geoip-City
FSS-Cache
FSS-Proxy
X-Ratelimit-Limit
X-Varnish-URL
X-Wix-Route-ID
X-Wa
Mime-Version
Node
PICS-Label
X-Sentry-ID
X-Via-NSCOPI
X-From-Cache
Lb
X-PAGE-TYPE
Rt-Proxy-Cache
X-Use-Magma
X-Check-Cacheable
GeoIP-Country-Code
Cdn-Request-Time
Cdn-Host
X-EC-Security-Audit
X-Cache-Id
GeoIP-Latitude
X-Edge-Server
X-APP
X-Gdpr
X-Unique-Id
X-Nananana
X-RTag
Ms-Operation-Id
X-NODE
Dont-Set-Cookie
X-Cache-Info
Memcached
GeoIP-City
X-Gen-Id
PageType
X-SRV
X-Cookie
X-Served-From
COMMERCE-SERVER-SOFTWARE
X-CACHE-KEY
X-Thanos
X-Bip
X-WR-MODIFICATION
X-GDPR
X-Optimization
X-Fastly-Cache-Hits
X-Env
X-Proxy-Server
X-Be
X-MP-GENERATED-AT
X-Fastly-Backend-Reqs
X-Cache-HT
Is-Session-Tracking
Get-Access-Time
X-Load-Cache
X-Dynatrace-Js-Agent
DataCenter
X-Request-Start
X-FORWARDED-FOR
Who
X-HS-Status
X-Swift-Error
Memory
X-Cache-FS-Status
UCS
Pics-Label
X-PJAX-URL
X-Ver
X-Ibm-Trace
X-Cache-Ttl
X-B3-SpanId
GW-Server
Group
X-Meta-Tbi-Cache-Vertical
V-Cache
X-RateLimit-Reset
X-ServedByHost
X-Fe
X-User
Ws
Cache-Hits
X-CDN-Pop-IP
X-CDN-Pop
X-Wix-Petri-Ex
Cf-Ipcountry
URI
X-Dw-Trace-Id
Httpd-Identifier
X-Shard
Amp-Access-Control-Allow-Source-Origin
X-ID
Powered-By
Xet-Cookie
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Bug-Bounty
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
Requestid
AGE-Hash
X-PF-Uncompressing
NX-Cache
X-SB
X-GZIP
X-VC
Serverid
Accept-Language
X-NGINX-Cache
Ohc-File-Size
X-Ratelimit-Remaining
N-Cache
X-Varnish-Info
Version
CDN-Node
CDN-Cache-Hit
X-Li-Fabric
X-Li-Pop
X-LI-UUID
X-LI-Proto
X-StackifyID
CDN-Cache
X-CacheKey
X-Urbn-Site-Id
X-Content-Encoded-By
Locale
X-Cache-Debug
X-Urbn-Context-Path
X-BBXSRF
X-Path-Route
X-BE
X-Flags
X-Is-Crawler
X-Providence-Cookie
X-Litespeed-Cache-Control
X-RequestId
X-Cache-Handler
X-Route-Name
X-ServerName
X-Grace-Duration
X-P-T
Https
X-Akamai-ERRuleID
X-Akamai-ERPolicy
X-LiteSpeed-Cache-Control