Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
Last-Modified
Accept-Ranges
Pragma
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
Expect-CT
Via
X-XSS-Protection
X-Cache
Age
Access-Control-Allow-Origin
Content-Security-Policy
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Served-By
X-Amz-Cf-Id
X-Varnish
Referrer-Policy
X-Xss-Protection
X-Timer
CF-Cache-Status
X-FRAME-OPTIONS
Access-Control-Allow-Headers
X-AspNet-Version
X-Request-Id
Access-Control-Allow-Methods
X-Runtime
X-Download-Options
Access-Control-Allow-Credentials
X-Drupal-Cache
X-Cacheable
Alt-Svc
X-Request-ID
X-Generator
Content-Security-Policy-Report-Only
X-Check
X-AspNetMvc-Version
Status
X-Adblock-Key
X-Cache-Status
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Iinfo
X-Permitted-Cross-Domain-Policies
X-Template
X-Language
Content-Encoding
X-Content-Security-Policy
X-Turbo-Charged-By
X-CDN
X-Type
X-Buckets
Keep-Alive
Xkey
X-AH-Environment
X-Cache-Group
X-Backend
WPE-Backend
Access-Control-Max-Age
X-Pass-Why
X-Age
CF-Ray
Upgrade
X-Server
X-POWERED-BY
EagleId
Access-Control-Expose-Headers
X-Via
X-Nginx-Cache-Status
X-Server-Powered-By
X-Drupal-Dynamic-Cache
X-Pingback
X-Varnish-Cache
X-Amz-Request-Id
X-Amz-Id-2
X-Hacker
Grace
X-Swift-SaveTime
X-Swift-CacheTime
X-UA-Device
X-Robots-Tag
Ali-Swift-Global-Savetime
Cf-Railgun
P3p
X-LiteSpeed-Cache
X-Proxy-Cache
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Ua-Compatible
Request-Context
Content-Location
X-Device
X-Ac
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Cnection
X-Node
X-Amz-Version-Id
X-Host
X-Cache-Lookup
X-Server-Id
Surrogate-Control
X-WebKit-CSP
X-Backend-Server
X-Rq
X-Rack-Cache
X-Response-Time
X-Readtime
X-Application-Context
EagleEye-TraceId
X-CST
Server-Timing
Pinterest-Generated-By
X-Cloud-Trace-Context
X-Url
X-TTL
X-OneAgent-JS-Injection
Request-Id
Report-To
X-Instart-Request-ID
X-Px
X-ORACLE-DMS-ECID
X-Country
X-Clacks-Overhead
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Feature-Policy
Edge-Control
Rating
X-Country-Code
Allow
X-DynaTrace-JS-Agent
X-DataDome
X-Powered-CMS
X-PC
X-Vname
X-TtlSet
Charset
X-Dns-Prefetch-Control
X-FTR-Request-ID
X-ESI
X-Origin-Cache
X-DynaTrace
NEL
X-Server-Name
X-MS-InvokeApp
X-Cached
X-Goog-Hash
X-Vhost
X-Recruiting
X-Varnish-TTL
X-GitHub-Request-Id
X-VARITI-CCR
X-ORACLE-DMS-RID
RTSS
Content-MD5
X-Version
X-F-Cache
X-Cdn-Fetch
X-Exp-Id
X-Exp-Variant
X-Geo-Segment
X-Kinja-Build
X-Kinja-Server
X-Kinja
X-GoogleNews-Bot
X-Kinja-Revision
X-Powered-By-Plesk
Public-Key-Pins
Accept-CH
PB-RID
PB-PID
X-Mobile-Rewrite
Arc-Version
X-D2id
X-Mod-Pagespeed
X-Pinterest-Rid
X-Upstream-Env
Pinterest-Version
Verso
X-Client-IP
MS-Author-Via
X-Abt-Application-Version
SPRequestGuid
X-Dispatcher
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-N
X-CF-Powered-By
X-SharePointHealthScore
X-Amz-Rid
X-Navigation-Version
Accept-CH-Lifetime
Nginx-Cache
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Dw-Request-Base-Id
AR-ATIME
AR-PoweredBy
X-Fastly-Request-ID
X-Trace
X-T
AR-CACHE
DynaTrace
Paypal-Debug-Id
X-Hits
X-Varnish-Age
X-Upstream
X-Forwarded-Proto
X-Grace
Arr-Disable-Session-Affinity
X-DIS-Request-ID
TCN
X-Origin-Upstream-Status
X-Ruxit-JS-Agent
X-Amz-Meta-S3cmd-Attrs
X-Id
SPRequestDuration
SPIisLatency
X-Pad
X-Shield-Request-Id
X-Content-Options
X-Content-Digest
X-Cdn
Realpath
X-NF-Request-ID
X-Kinsta-Cache
X-FastCGI-Cache
X-Cache-Hit
Access-Control-Request-Method
X-IPLB-Instance
X-Mrf-Section-Lastmod
MRF-Tech
X-Mrf-Item-Lastmod
Mrf-Cache-Status
X-Logged-In
X-Acc-Meta-Resource-Type
X-B
AR-SID
X-HW
Permitted-Cross-Domain-Policies
X-HeyJason
X-Do-Not-Hack
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Server-ID
X-Goog-Storage-Class
X-Goog-Metageneration
X-Vcap-Request-Id
X-SS-Set-Cookie
X-Debug
S
Service-Worker-Allowed
X-Ser
X-MSEdge-Ref
X-Wix-Server-Artifact-Id
X-XRDS-Location
Server-Name
X-Cache-Key
X-PressLabs-Stats
X-FTR-Cache-Status
X-FTR-Realm
Tracecode
X-FTR-DC
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-Backend
X-Frontend
X-Country-Code-Real
AMP-Access-Control-Allow-Source-Origin
X-NewRelic-App-Data
X-FTR-Expires
X-Oneagent-Js-Injection
Rt-Fastcgi-Cache
Fastcgi-Cache
Surrogate-Key
X-Oracle-Dms-Rid
Fastly-Restarts
Eomportal-Instance
Alternate-Protocol
X-Forwarded-For
X-Cache-Rule
X-GUploader-UploadID
Cleartype
Cache-Status
Backend-Timing
X-Analytics
Host
X-Accel-Buffering
X-HS-Content-Id
X-RateLimit-Remaining
X-HS-Hub-Id
TP-Cache
TP-L2-Cache
X-Rid
X-Whom
Public-Key-Pins-Report-Only
X-Revision
FilterID
X-VCache
X-FTR-Cache-Host
X-XRDS-LOCATION
X-Srv
X-User-Agent
X-Debug-Info
X-Akam-SW-Version
ServerID
X-AOL-HN
X-TA-CDN-Provider
X-Varnish-Backend
X-NWS-LOG-UUID
X-Cache-2
Front-End-Https
X-Mobile
Accept-Charset
X-Via-JSL
X-Content-Powered-By
X-Request-Processing-Time
X-Webkit-CSP
X-Request-Received
X-Zen-Fury
X-Kinja-Server-Push
X-WPE-Loopback-Upstream-Addr
X-Cached-By
Viewport
X-Node-Name
X-Ttl
X-App-Environment
X-B3-Traceid
X-LB-Cache
X-Correlation-Id
X-Varnish-Hostname
X-Cluster
X-Tumblr-Pixel
Host-Header
X-Tumblr-Pixel-0
X-Magnolia-Registration
X-Tumblr-User
X-Page-Id
X-Device-Type
Liferay-Portal
X-Handled-By
X-Cache-Control
X-Framework
X-Akamai-Edgescape
X-TT
X-Request-Guid
X-Signature
X-FB-Debug
Upgrade-Insecure-Requests
X-Content-Security-Policy-Report-Only
X-BCube-Filmed-By
X-B-Cache
X-Platform-Server
X-B3-Sampled
X-Instance
DC
Cache-Tag
X-Cache-Server
X-Hostname
X-Origin-Server
Server-Node
MicrosoftSharePointTeamServices
X-TT-TIMESTAMP
X-Amzn-Trace-Id
X-Middleton-Display
X-Sol
Display
Retry-After
X-Accel-Expires
Source
X-APP-VERSION
X-WA-Info
X-Servedby
X-Fastcgi-Cache
X-Varnish-Server
X-Contextid
HitType
HitInfo
Server-Info
X-Distil-CS
X-Cache-Action
X-Iejgwucgyu
X-Cache-Operation
X-Esi
Content-Script-Type
Content-Style-Type
X-Seen-By
X-Wix-Request-Id
Webserver
X-Amz-Replication-Status
X-RequestSource
X-Tumblr-Pixel-2
X-Port
User-Agent
X-S
X-Tumblr-Pixel-1
X-Jobs
GEO-INFO
X-Edge-Location
X-WebKit-CSP-Report-Only
X-Locale
X-GeoIP
Actual-Object-TTL
X-Status
AsisCache
X-Generated-By
X-FW-Hash
X-FW-Server
X-FW-Serve
X-Edge-Cache-Key
X-FW-Static
X-FW-Type
X-UUID
X-Region
X-Edge-Cache
X-Response-Served-From
X-TX-ID
X-Adobe-Content
X-Adobe-Loc
X-Drupal-Cache-Tags
SRV
ServedBy
X-Varnish-Hits
X-Geo-Country
Healthy
X-Hyper-Cache
Refresh
X-ATG-Version
X-Newrelic-App-Data
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Daa-Tunnel
Response
X-DataStream-Cache-Status
X-Middleton-Response
X-Cache-NE
X-Cache-TTL-Remaining
X-Varnish-Grace
IBM-Web2-Location
Payment
S-Cnection
Filters
X-CDN-Forward
X-Amz-Server-Side-Encryption
X-Cache-Age
X-URL
X-Content-Type
NGB
X-AppVersion
X-Az
X-Activity-Id
X-Proxied
X-Pc-Key
X-Pc-Hit
X-Pc-Appver
Datacenter
X-Vg-Webcache
X-Cacheable-TTL
X-Cache-TTL
X-UA
Country
X-Cache-Remote
X-App-Server
Served-By
X-HS-Cache-Config
Edge-Cache-Tag
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Sucuri-ID
X-Mode
X-Varnish-IP
X-Akamai-Transformed
Meta-Geo
X-RN-RSRV
X-Is-Bot
Machine
X-Rendered-As
Load-Balancing
X-Cache-Var
X-Detected-As
X-Unique-ID
X-HS-Combine-CSS
X-Cache-Var-Map
X-ProcessESI
Pagespeed
X-RemovedCookies
X-Proxy
X-Rocket-Nginx-Bypass
X-FC-Vary-Parameters
X-Rule
X-Varnish-Cacheable
Access-Control-Allow-Method
TWC-Connection-Speed
Backend
Property-Id
Webcakes-Region
Mn-Server-Ip
X-Cache-Category-Id
X-Varnish-Cache-Hits
Cache-Name
DB-Nickname
X-ProxyCache-Key
X-ProxyCache-Status
X-Origin-Hint
X-Origin
Webcakes-App-Version
X-Human
X-BYPASS-REASON
AR-Request-ID
X-Tb
TWC-GeoIP-Country
TWC-Device-Class
X-Grey
X-PCL
X-Amz-Meta-Surrogate-Control
TWC-GeoIP-LatLong
X-ServerID
Webcakes-App-Name
X-OCL
User-Cache-Control
TWC-Locale-Group
TWC-Privacy
X-Hosted-By
S-Rt
X-Access
X-Loop
X-NodeID
L5d-Success-Class
ServerName
X-Site-Version
X-JoinUs
X-TNCMS
X-Original-Request
Powered-By-ChinaCache
X-Zipkin-Id
Azure-SiteName
X-Routing-Service
Azure-InstanceId
X-Generated
X-OVcl-Cache
Azure-RegionName
X-OVcl
Azure-SlotName
X-Format
X-Hit
Now
X-Section
X-CDN-Cache
X-Debug-Cache
Azure-Version
X-BB-IP
X-EIG-Tracking-Id
X-Upgrade-Enabled
Selected-FE
X-Pubstack
X-Via-Fastly
X-Viewer-Country
X-VWS-Id
X-Www-Served-By
X-TWH-CORRELATION-ID
X-Timing-Wait
X-LJ-Flow-ID
X-L-Path
X-SplitTest
X-IP
X-PERF
OT-Force-Account-Verify
X-App-Name
X-ApacheServer
X-Agile-Id
X-Agile-Age
X-AWS-Id
X-Proxy-Build
X-NGENIX-Cache
X-Environment-Context
X-Cache-Config
X-Agile
Cache-Key
Access-Control-Request-Headers
X-Ruxit-Js-Agent
HostName
X-Drupal-Cache-Contexts
X-Origin-CC
X-CCM
X-Ocache
X-Correlation-ID
Cache
X-Backend-Name
X-Mrs-Age
X-Upstream-CT
X-RateLimit-Limit
X-Mrs-Cache
X-Upstream-HT
X-Mrs-Cache-Hits
Fastcgi-X-Cache-Version
X-Mshield-Cache-Status
Fastcgi-X-Cache
X-Xfnlog-Site
X-Nginx-Cache
X-HOST
X-Source
Fastcgi-Useragent
X-Akamai-Request-ID
X-Real-IP
X-Pc-Date
X-Pc-Host
X-Storage
From-Origin
X-Vgn-Hpd-Reason
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Forwarded-Host
X-Litespeed-Cache
Fastly-SSL
X-Time-Microsecs
X-NCache
X-SERVER-NAME
X-Internal-Host
X-Qnm-Cache
X-Feature
X-M-Log
X-M-Reqid
LB
X-NC
X-Varnish-Beresp-Status
X-Ms-Request-Id
X-Varnish-Beresp-Grace
NtCoent-Length
X-Ms-Blob-Type
X-Ms-Lease-Status
X-Ms-Version
X-Birta-Cache-Post
X-Distributor
X-Release
X-Birta-Served
X-Microcachable
X-Labrador-Cache-Channel
X-VG-TLSProxy
XServer
X-EdgeConnect-Cache-Status
X-UA-Device-Type
Pagetype
X-Webkit-Csp
Time
X-Transaction
X-Twitter-Response-Tags
X-Cache-Backend
X-B3-Spanid
X-Connection-Hash
ViewerVersion
X-Powered-By-ANYU
WZWS-RAY
Frame-Options
Viewtype
V-Age
Server-Int
T-Server
Xc-Version
Cache-Prefix
VivaBuild
Ec-Rule-Version
BehaviorPad-Version
Arc-Country
Ajk
AKAMAI
Fly-Cache
Fly-Request-Id
Mobile-Detection-Method
NGX
Meta-Geo-Continent
MD5-Digest
IsBot
Rendered-Blocks
X-CF-Lambda-Fn
X-NU-AKA-ACS-Version
X-No-Session
X-Org
X-PAYTM-SRV-ID
X-Redis-Cache
X-Logtrace-Id
X-Irp-Debug
X-Via-CDN
X-Generation-Time
X-IN-APIGATEWAY
X-IN-SSL-APIGATEWAY
X-IN-WAF
X-Region-Sid
X-Request-UUID
X-SRCache-Key
X-SIPLIST1
X-Trv-Group
X-UE-Client-Country
X-VG-WebServer
X-Server-Time
X-Server-By
X-Rewrite-Enabled
X-Rojux
X-S-Cookie
X-ScT
X-Generated-In
X-Via-Edge
X-ARC
X-Application
X-B-Cookie
X-BB-ID
X-Cache-Bucket
X-Accel-Expires-Debug
X-A-Dgt
X-A
X-A-Ccd
X-A-Dam
X-A-Dcw
X-WebServer
X-CF-Lambda-Version
X-Dispatcher-Server
X-Died
X-DPWN-IS-SECURE
X-From
X-G
X-Developer
X-Destination
X-Via-SSL
X-CUA
X-D
X-Date
Www
X-A-Wwc
X-C
Cneonction
X-NWS-UUID-VERIFY
X-Sucuri-Cache
X-FireWall-Port
X-Web-Node
X-Request-Time
X-Instance-Name
MIME-Version
X-GZip
X-Cluster-Node
X-PHP-Backend
Pragrma
Server-Host
X-Block-Status
X-Cache-Enabled
X-CGP
X-Cache-CFC
X-Amz-Meta-Cache-Control
Web-Mar-Node
SN
NodeID
HA-Georegion
Ha-Gx-Prefs
HA-Geolon
HA-Geolat
HA-Geocity
HA-Geocountry
HA-Host
HA-Ipaddr
X-Core-Value
Origin-Cache-Control
Magicmarker
HA-Urlpath
HA-Servedtime
Origin-Edge-Control
X-External-Request-Id
X-RateLimit-Remaining-Second
X-S-Maxage
X-RateLimit-Limit-Second
X-Platform
X-Phone
X-Store
X-UnsetCookies
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-We-Are-Hiring
X-VServer
X-Varnish-Action
X-Owner
X-Origin-TTL
X-F5-Cache
X-Fastly-Cache
HA-Cloudapp
X-Eu-Site
X-CS
X-Gen-Mode
X-Hash
X-Node-Id
X-Layer
X-Key
X-Hl-Ver
X-Crawler
X-Hnp-Log
Backend-Name
GMS-Ver
Country-Code
CACHE
X-Webstats-RespID
X-App-Version
X-V
X-Stale
X-Sf
X-Developers
X-Debug-Log
X-Server-IP
X-Debug-Cookies
X-Swa-Ws
X-Thinkindot-L3
X-TT-LOGID
X-Epic-Correlation-Id
Apple-News-Services-Host
X-Tumblr-Pixel-3
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
X-Secret
Apple-News-Services-Parsed-Url
Uber-Trace-Id
Thinkindot-Control
Apple-News-Services-Request-Url
X-Croise-Owner
CDCHOST
X-Core-Mission
X-Response-By
X-Returned-From
X-Cache-Expires
X-Request-URI
X-Cdn-Srv
X-Cache-URL
X-Cache-Srv
X-Clientip
X-Returned-From-BeforeDispatch
X-Returned-From-DLL
X-Reboot
X-ShopId
X-Actual-URL
Section-Io-Cache
X-Backend-Host
X-Backend-State
X-Returned-From-PostProcessResponse
X-Backend-Url
X-Backend-TTL
X-RCS-CacheZone
Apple-News-Services-Handled
X-Nginx-Cache-Key
X-ShardId
Powered
X-Policy
Is-Eu
X-NX-Host
X-GeoIP-Country-Code
X-Passed-To-PostProcessResponse
MI-Cache-Age
MI-Cache
MI-API
X-MSEdge-Flight
X-HTML-Minification-Powered-By
X-Matched-Rule
REQUESTUUID
X-Sorting-Hat-PodId
X-Shopify-Stage
X-Location
X-Sorting-Hat-ShopId
X-MI-In-Market
Host-ID
Heartbleed
Esi-Enabled
X-MSEdge-Features
Adler-Geo
X-GeoIP-City
Release
Proxy-Connection
Odigeo-Trace-Id
X-Var-Ttl
X-Up
Request-Country
X-Fetched-On
X-Passed-To-DLL
X-Passed-To-BeforeDispatch
Request-EU
Platform
Countrycode
X-Variation
Origin
X-Alternate-Cache-Key
X-VCT
X-Passed-To
X-Gannett-Site-Version
X-FW-Version
X-CACHE-AGE
X-Real-Ip
Cache-Tags
ProcessTime
X-Device-Os
X-Ckpd-Fst-Backend
X-Content-Age
X-Fstrz
X-ElasticPress-Search
X-Varnish-Beresp-Ttl
X-Alicdn-Da-Ups-Status
X-Sn-Servicetimems
Sid
X-ServiceProvider
X-Servername
Content-Disposition
True-Client-Country-4JS
Decoy-Debug-Status
X-Trace-Id
On-Server
Decoy-Debug-TTL
X-COUNTRY
X-Worker
X-Cache-Host
RNT-Machine
X-Cdn-Origin
Resin-Trace
RNT-Time
Fastly-Backend-Name
Server-ID
Decoy-Debug-Key
Kp-EeAlive
HTTPS
PFcat
X-Skip-Cache
Fastly-SIE
Fastly-SWR
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Ezoic-Cdn
Request-Time
Xserver
Warning
X-TIME
X-Endurance-Cache-Level
X-Dc
Cache-Cookie-Set-Idcheck
RequestId
Cache-Cookie-Set-From
Cache-Cookie-Set-Lfrom
X-Pf-Uncompressing
X-Csrf-Token
Cteonnt-Length
X-Ua
CF-IPCountry
X-Proto
Ar-Sid
X-Newrelic-Synthetics
X-Surge-Debug
Mail-Subject
X-Refresh
We-Hiring
X-Req
X-Oss-Server-Time
X-Oss-Hash-Crc64ecma
X-Oss-Request-Id
WP-Super-Cache
X-Oss-Storage-Class
X-Oss-Object-Type
X-Planisys-CDN-Cache
PageSpeed
X-Servedbyhost
X-Planisys-CDN-Rules
CDN
X-Planisys-CDN-TTL
X-Guploader-Uploadid
X-Nc
X-B3-TraceId
X-Pjax-Url
X-Aed
X-GEO
X-Cache-ASPX
Dnion-Transfer-Encoding
Pramga
X-Varnish-Ttl
X-Geo
X-CSRF-Token
GeoIp-Country-Code
Geoip-Latitude
X-GoCache-CacheStatus
TSSecure
X-Varnish-Beresp-TTL
X-Edge-IP
Hostname
X-Atg-Version
X-CLOUD-TRACE-CONTEXT
X-DC
X-Ms-Lease-State
X-Server-W
X-Time
X-Page-Type
X-DataStream-Origin-MEX-Latency
X-Amz-Cf-Pop
NODE
X-DataStream-MidMile-RTT
X-Oracle-Dms-Ecid
NnCoection
X-Hello
X-Origin-Date
X-Flog
X-ABtesting
X-Origin-Expires
X-Varnish-Url
X-Aicache-OS
X-Ratelimit-Limit
X-Auto-Login
MS-CV
X-WA
A
X-Cache-Control-Set-By
Cdn
X-Varnish-HitMiss
X-HCF
X-Akamai-Request-ID2
SD-X-WS
X-Datadome
X-GRACE
Lfy
FSS-Cache
FSS-Proxy
Mime-Version
X-Cdn-Forward
X-Server-Group
WWW-Authenticate
X-Unique-Id
Rt-Proxy-Cache
Geoip-City
X-Via-NSCOPI
Node
X-Wa
X-Sentry-ID
X-SRV
Processtime
X-Check-Cacheable
X-Wix-Route-ID
X-PAGE-TYPE
X-UPSTREAM-Address
PICS-Label
X-EC-Security-Audit
X-Varnish-URL
X-Use-Magma
PageType
X-Bip
X-From-Cache
X-Served-From
Memcached
X-Cache-Id
X-Thanos
X-APP
X-NODE
X-Nananana
X-Cache-Info
X-MP-GENERATED-AT
GeoIP-Latitude
X-Gdpr
X-Edge-Server
Cdn-Request-Time
Cdn-Host
Lb
X-Be
GeoIP-City
GeoIP-Country-Code
X-FORWARDED-FOR
DataCenter
X-Request-Start
X-RTag
X-Cookie
Dont-Set-Cookie
Ms-Operation-Id
X-Proxy-Server
X-Gen-Id
X-CACHE-KEY
X-GDPR
X-Fastly-Cache-Hits
Memory
X-Fastly-Backend-Reqs
COMMERCE-SERVER-SOFTWARE
X-Load-Cache
X-Dynatrace-Js-Agent
X-WR-MODIFICATION
X-PJAX-URL
Get-Access-Time
X-Env
GW-Server
Is-Session-Tracking
UCS
X-Optimization
X-Cache-HT
X-Swift-Error
Who
X-User
Pics-Label
X-ServedByHost
X-HS-Status
X-Ver
Group
V-Cache
X-B3-SpanId
X-RateLimit-Reset
X-Cache-Ttl
X-Cache-FS-Status
Cache-Hits
X-Meta-Tbi-Cache-Vertical
URI
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Fe
X-Ibm-Trace
Cf-Ipcountry
Ws
X-CDN-Pop
X-CDN-Pop-IP
X-Dw-Trace-Id
X-ID
Amp-Access-Control-Allow-Source-Origin
Accept-Language
Locale
X-BBXSRF
NX-Cache
Requestid
X-Shard
X-Content-Encoded-By
X-Urbn-Context-Path
X-Bug-Bounty
X-PF-Uncompressing
X-SB
Xet-Cookie
X-Urbn-Site-Id
Httpd-Identifier
X-LI-UUID
X-VC
X-LI-Proto
X-GZIP
X-Cache-Debug
AGE-Hash
X-Li-Fabric
X-Li-Pop
X-NGINX-Cache
Serverid
X-Ratelimit-Remaining
X-Info
N-Cache
X-CacheKey
CDN-Cache-Hit
Powered-By
X-SVT-ORM-VERSION
CDN-Node
X-Wix-Petri-Ex
X-Varnish-Info
CDN-Cache
X-SVT-ORM-RULES
X-Serial
X-Akamai-ERPolicy
Version
X-Flags
Ohc-File-Size
X-Cache-Handler
X-RequestId
X-Litespeed-Cache-Control
X-Is-Crawler
X-Providence-Cookie
X-StackifyID
Https
X-Akamai-ERRuleID
X-ServerName
X-Route-Name
X-Grace-Duration