Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
Last-Modified
Accept-Ranges
Pragma
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
Expect-CT
Via
X-XSS-Protection
X-Cache
Age
Access-Control-Allow-Origin
Content-Security-Policy
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Served-By
X-Amz-Cf-Id
X-Varnish
Referrer-Policy
X-Xss-Protection
X-Timer
CF-Cache-Status
X-FRAME-OPTIONS
Access-Control-Allow-Headers
X-AspNet-Version
X-Request-Id
Access-Control-Allow-Methods
X-Runtime
X-Download-Options
Access-Control-Allow-Credentials
X-Drupal-Cache
X-Cacheable
Alt-Svc
X-Request-ID
X-Generator
Content-Security-Policy-Report-Only
X-Check
X-AspNetMvc-Version
X-Adblock-Key
Status
X-Cache-Status
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Permitted-Cross-Domain-Policies
X-Template
X-Iinfo
X-Language
Content-Encoding
X-Content-Security-Policy
X-Turbo-Charged-By
X-CDN
X-Buckets
X-Type
Keep-Alive
Xkey
X-AH-Environment
X-Cache-Group
WPE-Backend
X-Pass-Why
X-Backend
Access-Control-Max-Age
X-Age
Upgrade
CF-Ray
X-Server
X-POWERED-BY
Access-Control-Expose-Headers
EagleId
X-Via
X-Nginx-Cache-Status
X-Server-Powered-By
X-Drupal-Dynamic-Cache
X-Pingback
X-Varnish-Cache
X-Amz-Id-2
X-Amz-Request-Id
X-Hacker
Grace
X-UA-Device
X-Swift-CacheTime
X-Swift-SaveTime
X-Robots-Tag
Ali-Swift-Global-Savetime
P3p
Cf-Railgun
X-LiteSpeed-Cache
X-Proxy-Cache
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Ua-Compatible
Request-Context
X-Device
Content-Location
X-Ac
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Cnection
X-Amz-Version-Id
X-Host
X-Server-Id
X-Node
X-Cache-Lookup
Surrogate-Control
X-Backend-Server
X-Rq
X-WebKit-CSP
X-Response-Time
X-Rack-Cache
X-Readtime
X-Application-Context
EagleEye-TraceId
X-OneAgent-JS-Injection
Server-Timing
X-Cloud-Trace-Context
X-CST
Pinterest-Generated-By
X-Url
Report-To
X-TTL
Request-Id
X-Instart-Request-ID
X-ORACLE-DMS-ECID
X-Px
X-Country
X-Clacks-Overhead
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Feature-Policy
Edge-Control
X-Country-Code
Rating
Allow
X-DataDome
X-Powered-CMS
X-TtlSet
X-Vname
X-PC
X-Dns-Prefetch-Control
NEL
X-FTR-Request-ID
Charset
X-Server-Name
X-DynaTrace-JS-Agent
X-Origin-Cache
X-ESI
X-DynaTrace
X-MS-InvokeApp
X-Cached
X-Goog-Hash
X-Vhost
X-GitHub-Request-Id
X-Recruiting
X-VARITI-CCR
X-Varnish-TTL
RTSS
X-Version
X-F-Cache
Content-MD5
X-Cdn-Fetch
X-Exp-Variant
X-Exp-Id
X-GoogleNews-Bot
X-Kinja-Server
X-Kinja-Revision
X-Kinja-Build
X-Geo-Segment
X-Kinja
X-Powered-By-Plesk
Accept-CH
Public-Key-Pins
PB-RID
PB-PID
Arc-Version
X-Mobile-Rewrite
X-D2id
X-Mod-Pagespeed
MS-Author-Via
Verso
X-Client-IP
X-ORACLE-DMS-RID
X-Pinterest-Rid
Pinterest-Version
X-Upstream-Env
X-Abt-Application-Version
X-Dispatcher
SPRequestGuid
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-N
X-SharePointHealthScore
X-CF-Powered-By
X-Ruxit-JS-Agent
X-Amz-Rid
Nginx-Cache
Accept-CH-Lifetime
X-Navigation-Version
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Dw-Request-Base-Id
X-Fastly-Request-ID
X-Trace
Paypal-Debug-Id
X-Forwarded-Proto
X-T
DynaTrace
X-DIS-Request-ID
X-Hits
X-Upstream
X-Grace
X-Varnish-Age
X-Origin-Upstream-Status
AR-PoweredBy
AR-ATIME
Arr-Disable-Session-Affinity
SPIisLatency
SPRequestDuration
X-Amz-Meta-S3cmd-Attrs
TCN
X-Id
AR-CACHE
X-Pad
X-Shield-Request-Id
X-Content-Options
X-Content-Digest
X-Cdn
Realpath
X-NF-Request-ID
Access-Control-Request-Method
Mrf-Cache-Status
MRF-Tech
X-HW
X-Kinsta-Cache
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
X-FastCGI-Cache
X-Acc-Meta-Resource-Type
X-IPLB-Instance
X-Cache-Hit
X-Goog-Metageneration
X-Server-ID
X-Oracle-Dms-Rid
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Goog-Storage-Class
X-B
X-Goog-Stored-Content-Encoding
X-Logged-In
X-Vcap-Request-Id
X-Debug
X-SS-Set-Cookie
X-Wix-Server-Artifact-Id
X-Ser
Service-Worker-Allowed
S
X-XRDS-Location
X-Cache-Key
X-MSEdge-Ref
Tracecode
Server-Name
X-NewRelic-App-Data
X-PressLabs-Stats
X-FTR-Balancer
X-Frontend
X-FTR-Backend-Server
X-Country-Code-Real
X-FTR-Backend
X-FTR-Cache-Status
X-FTR-Realm
X-FTR-DC
AMP-Access-Control-Allow-Source-Origin
AR-SID
Fastly-Restarts
X-FTR-Expires
Rt-Fastcgi-Cache
X-Accel-Buffering
Surrogate-Key
Fastcgi-Cache
X-HeyJason
Permitted-Cross-Domain-Policies
X-Do-Not-Hack
X-Forwarded-For
X-Cache-Rule
Eomportal-Instance
Alternate-Protocol
Backend-Timing
X-Analytics
X-HS-Content-Id
X-HS-Hub-Id
Cleartype
Host
Cache-Status
TP-Cache
TP-L2-Cache
X-Rid
FilterID
X-Revision
Public-Key-Pins-Report-Only
X-XRDS-LOCATION
X-FTR-Cache-Host
X-Whom
X-User-Agent
X-Debug-Info
X-Srv
X-Akam-SW-Version
Front-End-Https
ServerID
X-TA-CDN-Provider
X-AOL-HN
X-GUploader-UploadID
X-Mobile
X-Varnish-Backend
Accept-Charset
X-RateLimit-Remaining
X-Cache-2
X-Via-JSL
X-Webkit-CSP
X-VCache
X-NWS-LOG-UUID
X-Request-Processing-Time
X-Iejgwucgyu
X-Request-Received
X-Content-Powered-By
X-Zen-Fury
X-Kinja-Server-Push
X-Cached-By
X-WPE-Loopback-Upstream-Addr
X-Oneagent-Js-Injection
X-App-Environment
Viewport
X-Ttl
X-Node-Name
X-Correlation-Id
X-LB-Cache
Host-Header
X-Tumblr-User
X-Magnolia-Registration
X-Cluster
X-Varnish-Hostname
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Page-Id
X-TT
X-Handled-By
X-Request-Guid
X-Device-Type
X-Cache-Control
X-Akamai-Edgescape
X-Framework
Liferay-Portal
Upgrade-Insecure-Requests
X-Content-Security-Policy-Report-Only
X-BCube-Filmed-By
X-FB-Debug
X-Platform-Server
X-Signature
X-B3-Sampled
X-B-Cache
X-Instance
Cache-Tag
DC
X-Middleton-Display
Display
X-Sol
X-Cache-Server
X-Amzn-Trace-Id
X-Hostname
MicrosoftSharePointTeamServices
X-B3-Traceid
X-Origin-Server
Server-Node
X-TT-TIMESTAMP
X-Accel-Expires
X-Webkit-Csp
Source
Retry-After
X-WA-Info
X-Fastcgi-Cache
X-Varnish-Server
X-Contextid
X-Servedby
X-Distil-CS
Server-Info
HitType
HitInfo
X-Wix-Request-Id
X-Esi
X-Seen-By
X-Cache-Action
X-Cache-Operation
Content-Style-Type
Content-Script-Type
X-APP-VERSION
User-Agent
X-Edge-Location
X-Amz-Replication-Status
Webserver
X-S
X-RequestSource
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-Locale
X-Jobs
X-WebKit-CSP-Report-Only
Actual-Object-TTL
X-Status
GEO-INFO
SRV
X-GeoIP
X-FW-Server
X-ATG-Version
AsisCache
X-FW-Serve
X-FW-Hash
X-FW-Static
X-Response-Served-From
X-Generated-By
X-Edge-Cache
X-Region
X-Edge-Cache-Key
X-FW-Type
X-Adobe-Loc
X-Adobe-Content
ServedBy
X-TX-ID
X-Drupal-Cache-Tags
X-UUID
X-Varnish-Hits
Response
X-Port
X-Middleton-Response
Refresh
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Cache-NE
Healthy
X-Newrelic-App-Data
X-Hyper-Cache
X-Geo-Country
X-DataStream-Cache-Status
X-Cache-TTL-Remaining
Payment
S-Cnection
IBM-Web2-Location
X-Cache-Age
X-Content-Type
X-Varnish-Grace
X-URL
X-Daa-Tunnel
X-Amz-Server-Side-Encryption
Filters
Country
X-HS-Cache-Config
Edge-Cache-Tag
NGB
X-AppVersion
X-Az
X-Activity-Id
Datacenter
X-Cache-Remote
X-UA
X-Pc-Key
Served-By
X-Pc-Hit
X-Pc-Appver
X-Cache-TTL
X-Cacheable-TTL
X-Sucuri-ID
X-Varnish-IP
X-CDN-Forward
X-App-Server
X-Proxied
HostName
X-HS-Combine-CSS
Powered-By-ChinaCache
X-Vg-Webcache
X-Mode
X-Akamai-Transformed
X-Rule
Pagespeed
X-Mrs-Cache-Hits
Machine
Load-Balancing
X-Rendered-As
X-RemovedCookies
Meta-Geo
X-RN-RSRV
X-Kong-Upstream-Latency
X-Mrs-Age
X-Mrs-Cache
X-Mshield-Cache-Status
X-Kong-Proxy-Latency
X-ProcessESI
X-Cache-Var
X-Cache-Var-Map
X-Detected-As
X-Is-Bot
X-Proxy
X-Rocket-Nginx-Bypass
X-FC-Vary-Parameters
X-Cache-Category-Id
Access-Control-Allow-Method
X-Grey
X-Origin-Hint
X-Hosted-By
TWC-Device-Class
X-Varnish-Cache-Hits
X-Human
X-ProxyCache-Status
X-Amz-Meta-Surrogate-Control
X-BYPASS-REASON
DB-Nickname
Cache-Name
Mn-Server-Ip
TWC-GeoIP-Country
X-ProxyCache-Key
Property-Id
OT-Force-Account-Verify
Backend
TWC-Connection-Speed
Webcakes-App-Version
X-OCL
Webcakes-Region
X-Varnish-Cacheable
Webcakes-App-Name
X-PCL
TWC-GeoIP-LatLong
User-Cache-Control
X-Tb
X-ServerID
X-Origin
TWC-Locale-Group
TWC-Privacy
X-OVcl
X-CDN-Cache
L5d-Success-Class
X-Original-Request
Azure-InstanceId
X-Debug-Cache
Azure-SiteName
Azure-SlotName
X-OVcl-Cache
Azure-RegionName
X-NodeID
X-Zipkin-Id
ServerName
S-Rt
X-Generated
X-Site-Version
X-Hit
X-Section
X-Routing-Service
X-Access
X-Format
X-EIG-Tracking-Id
X-Loop
Now
X-Upgrade-Enabled
X-TNCMS
X-JoinUs
X-BB-IP
Azure-Version
Fastcgi-Useragent
Fastcgi-X-Cache
X-NGENIX-Cache
Selected-FE
X-ApacheServer
Cache-Key
Fastcgi-X-Cache-Version
X-LJ-Flow-ID
X-App-Name
X-AWS-Id
X-Environment-Context
X-IP
X-L-Path
X-PERF
X-Proxy-Build
X-VWS-Id
X-Viewer-Country
X-Www-Served-By
X-Agile-Age
X-Agile
X-Agile-Id
X-Via-Fastly
X-SplitTest
X-Pubstack
X-Timing-Wait
Access-Control-Request-Headers
X-TWH-CORRELATION-ID
X-Cache-Config
X-Ocache
X-Upstream-CT
X-Upstream-HT
X-Source
X-Origin-CC
X-Drupal-Cache-Contexts
X-CCM
X-Correlation-ID
X-Nginx-Cache
X-Xfnlog-Site
From-Origin
X-HOST
X-Unique-ID
X-Backend-Name
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Akamai-Request-ID
LB
X-Forwarded-Host
X-RateLimit-Limit
AR-Request-ID
Fastly-SSL
X-Storage
X-Litespeed-Cache
X-Vgn-Hpd-Reason
X-Pc-Host
Cache
X-Pc-Date
NtCoent-Length
X-Ms-Request-Id
X-Ms-Version
X-Ms-Blob-Type
X-Ms-Lease-Status
X-Birta-Cache-Post
X-Birta-Served
X-Varnish-Beresp-Status
X-Qnm-Cache
X-Feature
X-M-Reqid
X-Varnish-Beresp-Grace
X-M-Log
X-NCache
X-Labrador-Cache-Channel
X-App-Version
X-Time-Microsecs
ViewerVersion
X-Real-IP
X-VG-TLSProxy
X-Internal-Host
CACHE
X-Release
X-Distributor
X-Microcachable
X-EdgeConnect-Cache-Status
X-Cluster-Node
X-Ruxit-Js-Agent
Time
X-Real-Ip
X-B3-Spanid
X-NC
WZWS-RAY
X-Powered-By-ANYU
Ar-Sid
X-Cache-Enabled
X-Connection-Hash
X-Request-Time
X-Sucuri-Cache
X-Transaction
X-Cache-Backend
X-Twitter-Response-Tags
Arc-Country
X-Org
VivaBuild
AKAMAI
Ajk
V-Age
X-From
Xc-Version
BehaviorPad-Version
X-WebServer
Viewtype
Cache-Prefix
X-Logtrace-Id
Ec-Rule-Version
X-Died
X-Developer
X-Destination
X-Irp-Debug
X-IN-WAF
X-IN-APIGATEWAY
X-IN-SSL-APIGATEWAY
X-DPWN-IS-SECURE
Fly-Cache
Fly-Request-Id
X-Generation-Time
X-Generated-In
X-No-Session
Cneonction
X-Dispatcher-Server
Www
X-Date
X-D
X-CUA
X-NU-AKA-ACS-Version
IsBot
X-A-Dam
X-BB-ID
Server-Int
X-ScT
X-A-Dcw
X-Server-By
X-S-Cookie
X-Rojux
X-Via-CDN
NGX
X-VG-WebServer
T-Server
X-Rewrite-Enabled
Rendered-Blocks
X-Server-Time
X-SRCache-Key
X-UA-Device-Type
X-Application
REQUESTUUID
X-Trv-Group
X-Accel-Expires-Debug
X-SIPLIST1
X-ARC
X-B-Cookie
X-UE-Client-Country
X-A-Dgt
X-A-Wwc
X-Via-Edge
X-Cache-Bucket
X-A-Ccd
X-Region-Sid
X-G
X-Redis-Cache
X-Via-SSL
X-PAYTM-SRV-ID
X-CF-Lambda-Fn
X-Request-UUID
X-CF-Lambda-Version
MD5-Digest
Meta-Geo-Continent
X-A
Mobile-Detection-Method
X-FireWall-Port
X-SERVER-NAME
X-Guploader-Uploadid
Pagetype
Xserver
Frame-Options
Magicmarker
X-Fastly-Cache
HA-Servedtime
HA-Urlpath
X-Amz-Meta-Cache-Control
X-Crawler
X-CGP
HA-Ipaddr
X-External-Request-Id
X-Eu-Site
Web-Mar-Node
X-F5-Cache
Country-Code
Ha-Gx-Prefs
X-Cache-CFC
X-CS
SN
HA-Cloudapp
HA-Geocity
HA-Geolat
HA-Geocountry
NodeID
Origin-Cache-Control
Origin-Edge-Control
HA-Geolon
Pragrma
Server-Host
Powered
HA-Georegion
X-Block-Status
GMS-Ver
HA-Host
ProcessTime
X-Platform
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-S-Maxage
X-Phone
X-Owner
X-Layer
X-Node-Id
X-Origin-TTL
XServer
X-C
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-Store
X-Web-Node
X-We-Are-Hiring
X-UnsetCookies
X-Varnish-Action
X-VServer
X-Key
X-Policy
X-Alternate-Cache-Key
X-Shopify-Stage
X-Hash
X-ShardId
X-ShopId
X-Hl-Ver
X-Sorting-Hat-PodId
Backend-Name
X-Hnp-Log
X-Sorting-Hat-ShopId
X-Gen-Mode
X-Instance-Name
X-GZip
X-Varnish-Beresp-Ttl
X-Webstats-RespID
X-Server-IP
X-Backend-Host
X-Epic-Correlation-Id
X-Sf
X-Backend-State
X-Secret
X-FW-Version
X-HTML-Minification-Powered-By
X-Backend-Url
X-Stale
X-Backend-TTL
X-Fetched-On
X-VCT
X-Tumblr-Pixel-3
X-Variation
X-Up
X-TT-LOGID
X-Actual-URL
X-GeoIP-City
X-Swa-Ws
X-Thinkindot-L3
X-GeoIP-Country-Code
X-Var-Ttl
X-Cache-Expires
X-Passed-To-BeforeDispatch
X-Passed-To
X-Passed-To-DLL
X-Croise-Owner
X-Core-Value
X-Passed-To-PostProcessResponse
X-NX-Host
X-Nginx-Cache-Key
X-Location
X-Debug-Log
X-Matched-Rule
X-MI-In-Market
X-MSEdge-Flight
X-MSEdge-Features
X-Core-Mission
X-Clientip
X-Response-By
X-Cache-Srv
X-Returned-From
X-Debug-Cookies
X-Returned-From-DLL
X-Returned-From-BeforeDispatch
X-Request-URI
X-Cache-URL
X-Gannett-Site-Version
X-Developers
X-RCS-CacheZone
X-Reboot
X-Cdn-Srv
X-Returned-From-PostProcessResponse
Uber-Trace-Id
Heartbleed
Request-EU
X-Ezoic-Cdn
Esi-Enabled
Odigeo-Trace-Id
Countrycode
Request-Country
Release
MI-API
MI-Cache
Is-Eu
Platform
Proxy-Connection
MI-Cache-Age
CDCHOST
Apple-News-Services-Handled
Thinkindot-Control
Adler-Geo
X-Amz-Cf-Pop
X-ElasticPress-Search
Origin
Apple-News-Services-Host
Section-Io-Cache
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
X-Endurance-Cache-Level
X-CACHE-AGE
X-V
X-B3-TraceId
X-NWS-UUID-VERIFY
Content-Disposition
Resin-Trace
X-Sn-Servicetimems
RNT-Machine
X-Fstrz
RNT-Time
X-ServiceProvider
Decoy-Debug-Key
X-Worker
X-Servername
X-Device-Os
Fastly-Backend-Name
Decoy-Debug-Status
Decoy-Debug-TTL
HTTPS
X-Cdn-Origin
True-Client-Country-4JS
On-Server
X-Newrelic-Synthetics
X-Cache-Host
X-COUNTRY
X-Trace-Id
X-Content-Age
Cache-Tags
Server-ID
Kp-EeAlive
X-Ckpd-Fst-Backend
PageSpeed
X-TIME
X-Dc
MIME-Version
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
Warning
Host-ID
Cache-Cookie-Set-From
X-Skip-Cache
Fastly-SIE
Fastly-SWR
X-Nc
RequestId
X-Surge-Debug
X-Alicdn-Da-Ups-Status
X-Pf-Uncompressing
X-PHP-Backend
Cteonnt-Length
X-Csrf-Token
PFcat
Sid
Request-Time
X-Proto
X-Ua
X-Req
X-Aed
X-Refresh
We-Hiring
Mail-Subject
X-GEO
X-Dynatrace-Js-Agent
X-Edge-IP
Pramga
CF-IPCountry
X-Ratelimit-Limit
X-Pjax-Url
TSSecure
X-Planisys-CDN-Cache
WP-Super-Cache
X-Planisys-CDN-Rules
X-Ms-Lease-State
X-Servedbyhost
X-Planisys-CDN-TTL
X-Varnish-Ttl
X-Oss-Request-Id
X-Oss-Server-Time
X-Oss-Object-Type
X-Oss-Storage-Class
X-Geo
X-Oss-Hash-Crc64ecma
X-Page-Type
Geoip-Latitude
GeoIp-Country-Code
X-Server-W
CDN
X-DC
X-Atg-Version
X-CSRF-Token
X-CLOUD-TRACE-CONTEXT
X-Cache-ASPX
X-Cdn-Forward
Dnion-Transfer-Encoding
X-Time
X-Flog
X-Hello
X-Varnish-Url
X-ABtesting
Cdn
X-Varnish-Beresp-TTL
X-GoCache-CacheStatus
X-Auto-Login
X-Oracle-Dms-Ecid
Mime-Version
X-Unique-Id
X-DataStream-Origin-MEX-Latency
X-Aicache-OS
Lfy
FSS-Proxy
X-DataStream-MidMile-RTT
FSS-Cache
X-Akamai-Request-ID2
MS-CV
X-WA
A
NnCoection
NODE
X-Sentry-ID
Rt-Proxy-Cache
X-GRACE
X-Origin-Expires
X-Datadome
X-Origin-Date
PageType
Hostname
X-HCF
X-Cache-Control-Set-By
X-EC-Security-Audit
X-Varnish-HitMiss
X-Via-NSCOPI
X-Check-Cacheable
X-MP-GENERATED-AT
X-Wa
X-Thanos
Node
Memcached
X-Served-From
SD-X-WS
X-Cache-Id
X-Bip
X-SRV
X-Server-Group
X-APP
X-Cache-Info
X-UPSTREAM-Address
WWW-Authenticate
X-Be
X-Use-Magma
X-Proxy-Server
X-Request-Start
Geoip-City
X-Nananana
X-NODE
PICS-Label
X-FORWARDED-FOR
X-PAGE-TYPE
X-Wix-Route-ID
Memory
X-Varnish-URL
GeoIP-Latitude
GeoIP-Country-Code
GeoIP-City
X-Ratelimit-Remaining
Processtime
DataCenter
X-From-Cache
UCS
GW-Server
X-Fastly-Cache-Hits
X-CACHE-KEY
X-Cookie
X-User
X-ServedByHost
X-Gdpr
X-Gen-Id
Ms-Operation-Id
X-GDPR
X-RTag
Cdn-Host
Cdn-Request-Time
X-Edge-Server
X-WR-MODIFICATION
Cache-Hits
X-Load-Cache
X-PJAX-URL
COMMERCE-SERVER-SOFTWARE
X-Fastly-Backend-Reqs
X-HS-Status
Cf-Ipcountry
X-Swift-Error
X-Goog-Meta-Goog-Reserved-File-Mtime
Lb
Accept-Language
Pics-Label
Dont-Set-Cookie
X-Vcache
Locale
X-Cache-Debug
X-BBXSRF
Is-Session-Tracking
V-Cache
Get-Access-Time
X-Env
X-RateLimit-Reset
X-B3-SpanId
X-Optimization
Group
X-Cache-HT
X-LI-UUID
X-LI-Proto
X-Li-Pop
X-Urbn-Context-Path
X-Urbn-Site-Id
X-Li-Fabric
X-Cache-Ttl
X-Path-Route
X-Info
X-Dw-Trace-Id
X-VG-WebCache
X-CDN-Pop
X-CDN-Pop-IP
X-Fe
Who
Amp-Access-Control-Allow-Source-Origin
X-ID
X-Ver
X-Cache-FS-Status
X-Qloud-Router
AGE-Hash
Fastly-Soc-X-Request-Id
SS
URI
X-Content-Encoded-By
Requestid
X-Bug-Bounty
X-PF-Uncompressing
Xet-Cookie
NX-Cache
X-GZIP
Serverid
X-NGINX-Cache
X-Akamai-SSL-Client-Sid
X-P-T
X-SB
X-CacheKey
X-Varnish-Info
CDN-Cache-Hit
X-VC
X-Meta-Tbi-Cache-Vertical
Ws
N-Cache
X-Ibm-Trace
CDN-Node
CDN-Cache
Httpd-Identifier
X-Akamai-ERRuleID
SID
X-Serial
Https
X-SN
X-Grace-Duration
X-Akamai-ERPolicy
X-ServerName
X-Providence-Cookie
X-Is-Crawler
X-Litespeed-Cache-Control
X-Route-Name
X-RequestId
X-Shard
X-Flags