Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
Last-Modified
Accept-Ranges
Pragma
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
Expect-CT
Via
X-Cache
X-XSS-Protection
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Served-By
X-Amz-Cf-Id
X-Xss-Protection
X-Varnish
Referrer-Policy
X-Timer
CF-Cache-Status
X-FRAME-OPTIONS
Access-Control-Allow-Headers
X-AspNet-Version
Access-Control-Allow-Methods
X-Request-Id
X-Runtime
X-Download-Options
Access-Control-Allow-Credentials
X-Drupal-Cache
X-Request-ID
X-Cacheable
Alt-Svc
X-Generator
Content-Security-Policy-Report-Only
X-Check
X-AspNetMvc-Version
X-Adblock-Key
Status
X-Cache-Status
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Template
X-Permitted-Cross-Domain-Policies
X-Language
X-Iinfo
Content-Encoding
X-Content-Security-Policy
X-Turbo-Charged-By
X-CDN
X-Buckets
X-Type
Keep-Alive
Xkey
X-AH-Environment
X-Cache-Group
WPE-Backend
X-Pass-Why
X-Backend
Access-Control-Max-Age
X-Age
Upgrade
CF-Ray
X-Server
X-POWERED-BY
Access-Control-Expose-Headers
EagleId
X-Via
X-Nginx-Cache-Status
X-Server-Powered-By
X-Drupal-Dynamic-Cache
X-Pingback
X-Varnish-Cache
X-Amz-Request-Id
X-Amz-Id-2
X-Hacker
Grace
X-UA-Device
X-Swift-SaveTime
X-Swift-CacheTime
X-Robots-Tag
Ali-Swift-Global-Savetime
P3p
Cf-Railgun
X-Proxy-Cache
X-Envoy-Upstream-Service-Time
X-LiteSpeed-Cache
X-Page-Speed
X-Ua-Compatible
Request-Context
Content-Location
X-Device
X-Ac
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Cnection
X-Amz-Version-Id
X-Server-Id
X-Host
Surrogate-Control
X-Node
X-Cache-Lookup
X-Backend-Server
X-Rq
X-WebKit-CSP
X-Response-Time
X-Rack-Cache
X-Readtime
X-Application-Context
EagleEye-TraceId
X-OneAgent-JS-Injection
Server-Timing
X-Cloud-Trace-Context
X-Url
Pinterest-Generated-By
X-CST
Report-To
Request-Id
X-Instart-Request-ID
X-TTL
X-Country
X-ORACLE-DMS-ECID
X-Px
X-Clacks-Overhead
X-EdgeConnect-Origin-MEX-Latency
Feature-Policy
X-EdgeConnect-MidMile-RTT
Edge-Control
X-Country-Code
Rating
Allow
X-ESI
X-DataDome
NEL
X-Powered-CMS
X-Vname
X-PC
X-TtlSet
X-Dns-Prefetch-Control
X-FTR-Request-ID
X-Server-Name
Charset
X-Origin-Cache
X-DynaTrace
X-DynaTrace-JS-Agent
X-Cached
X-MS-InvokeApp
X-Vhost
X-Goog-Hash
X-GitHub-Request-Id
X-VARITI-CCR
X-Recruiting
X-Varnish-TTL
RTSS
X-F-Cache
X-Version
Content-MD5
X-Kinja
X-GoogleNews-Bot
X-Kinja-Revision
X-Exp-Id
X-Exp-Variant
X-Cdn-Fetch
X-Kinja-Server
X-Geo-Segment
X-Kinja-Build
X-Powered-By-Plesk
Accept-CH
Public-Key-Pins
PB-RID
Arc-Version
PB-PID
X-Mobile-Rewrite
X-D2id
X-Mod-Pagespeed
MS-Author-Via
Verso
X-Client-IP
X-Abt-Application-Version
X-Dispatcher
Pinterest-Version
X-Upstream-Env
X-Pinterest-Rid
SPRequestGuid
X-Ruxit-JS-Agent
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-ORACLE-DMS-RID
X-SharePointHealthScore
X-N
Nginx-Cache
X-Amz-Rid
Accept-CH-Lifetime
X-Navigation-Version
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Dw-Request-Base-Id
X-CF-Powered-By
X-Trace
X-Fastly-Request-ID
X-Forwarded-Proto
Paypal-Debug-Id
X-DIS-Request-ID
X-Origin-Upstream-Status
X-T
X-Varnish-Age
X-Grace
DynaTrace
X-Hits
X-Upstream
SPRequestDuration
SPIisLatency
Arr-Disable-Session-Affinity
X-Amz-Meta-S3cmd-Attrs
TCN
X-Id
X-Shield-Request-Id
AR-PoweredBy
AR-ATIME
X-Pad
AR-CACHE
X-Content-Options
X-Oracle-Dms-Rid
X-Content-Digest
Realpath
X-NF-Request-ID
X-HW
Access-Control-Request-Method
MRF-Tech
Mrf-Cache-Status
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
X-Kinsta-Cache
X-IPLB-Instance
X-Acc-Meta-Resource-Type
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Generation
X-Server-ID
X-FastCGI-Cache
X-Cache-Hit
X-Goog-Stored-Content-Length
X-B
X-Vcap-Request-Id
X-Debug
X-Logged-In
X-Wix-Server-Artifact-Id
X-XRDS-Location
X-NewRelic-App-Data
X-SS-Set-Cookie
X-Ser
Service-Worker-Allowed
Tracecode
S
X-MSEdge-Ref
Server-Name
Fastly-Restarts
X-PressLabs-Stats
X-Frontend
X-FTR-Realm
X-Country-Code-Real
X-FTR-Cache-Status
X-FTR-Balancer
X-FTR-Backend
X-FTR-Backend-Server
X-FTR-DC
X-Cache-Key
X-FTR-Expires
X-Accel-Buffering
AMP-Access-Control-Allow-Source-Origin
Rt-Fastcgi-Cache
Surrogate-Key
X-Forwarded-For
Fastcgi-Cache
AR-SID
Backend-Timing
X-Analytics
X-Cache-Rule
Eomportal-Instance
Alternate-Protocol
X-HS-Content-Id
X-HS-Hub-Id
Host
FilterID
X-Revision
Cleartype
X-Srv
X-Rid
TP-Cache
Cache-Status
TP-L2-Cache
Front-End-Https
X-FTR-Cache-Host
Public-Key-Pins-Report-Only
X-User-Agent
X-Debug-Info
X-Iejgwucgyu
X-Whom
X-Akam-SW-Version
X-Ttl
ServerID
X-Mobile
Accept-Charset
X-AOL-HN
X-Do-Not-Hack
X-Varnish-Backend
Permitted-Cross-Domain-Policies
X-HeyJason
X-XRDS-LOCATION
X-Cache-2
X-GUploader-UploadID
X-Webkit-CSP
X-RateLimit-Remaining
X-Cdn
X-TA-CDN-Provider
X-Request-Processing-Time
X-Zen-Fury
X-Request-Received
X-Via-JSL
X-Correlation-Id
X-Kinja-Server-Push
X-Content-Powered-By
X-Cached-By
X-WPE-Loopback-Upstream-Addr
X-NWS-LOG-UUID
X-VCache
X-Oneagent-Js-Injection
X-App-Environment
X-LB-Cache
X-Page-Id
X-Tumblr-User
X-Magnolia-Registration
X-Node-Name
X-Cache-Control
X-Cluster
Host-Header
X-Varnish-Hostname
X-Tumblr-Pixel-0
Viewport
X-Tumblr-Pixel
X-Framework
X-Device-Type
X-Request-Guid
X-Akamai-Edgescape
X-TT
Display
X-B-Cache
Upgrade-Insecure-Requests
X-B3-Sampled
X-Content-Security-Policy-Report-Only
X-Signature
X-Handled-By
X-Sol
X-Middleton-Display
X-FB-Debug
X-Platform-Server
X-Instance
Cache-Tag
DC
Liferay-Portal
X-BCube-Filmed-By
X-Amzn-Trace-Id
X-Cache-Server
MicrosoftSharePointTeamServices
X-Hostname
X-Origin-Server
Server-Node
X-TT-TIMESTAMP
X-Accel-Expires
X-Webkit-Csp
X-B3-Traceid
Retry-After
Source
X-Fastcgi-Cache
X-Varnish-Server
X-WA-Info
X-Contextid
X-Distil-CS
X-Servedby
X-Seen-By
X-Wix-Request-Id
HitInfo
Server-Info
HitType
X-Cache-Action
X-Edge-Location
X-Amz-Replication-Status
Content-Script-Type
X-Cache-Operation
Content-Style-Type
X-GeoIP
X-S
X-RequestSource
X-Tumblr-Pixel-2
X-ATG-Version
SRV
Webserver
X-Tumblr-Pixel-1
Actual-Object-TTL
X-Status
X-Locale
X-Jobs
X-WebKit-CSP-Report-Only
User-Agent
X-Generated-By
GEO-INFO
X-FW-Static
X-Middleton-Response
X-Response-Served-From
X-FW-Server
Response
X-Region
X-FW-Type
X-FW-Serve
AsisCache
X-Edge-Cache-Key
X-Edge-Cache
X-FW-Hash
X-TX-ID
X-UUID
X-Varnish-Hits
ServedBy
X-Adobe-Loc
X-Drupal-Cache-Tags
X-Adobe-Content
Refresh
X-Cache-NE
X-Litespeed-Cache
X-APP-VERSION
X-Yottaa-Optimizations
X-Yottaa-Metrics
Healthy
X-Port
X-Hyper-Cache
X-Geo-Country
Payment
X-DataStream-Cache-Status
X-Cache-Age
X-Cache-TTL-Remaining
X-Esi
S-Cnection
IBM-Web2-Location
X-Content-Type
Datacenter
X-Varnish-Grace
X-Amz-Server-Side-Encryption
Edge-Cache-Tag
Country
X-Daa-Tunnel
X-HS-Cache-Config
X-Newrelic-App-Data
Filters
Served-By
X-UA
X-AppVersion
Powered-By-ChinaCache
NGB
X-Az
X-Activity-Id
X-Pc-Key
X-Pc-Appver
X-Pc-Hit
X-Varnish-IP
X-Cache-Remote
X-Sucuri-ID
X-HS-Combine-CSS
X-App-Server
X-Cacheable-TTL
X-Vg-Webcache
HostName
X-Cache-TTL
X-Mrs-Age
X-Mrs-Cache-Hits
X-Mshield-Cache-Status
X-Mrs-Cache
X-Akamai-Transformed
X-Mode
X-Proxied
X-Rendered-As
X-Cache-Var
X-Detected-As
X-Cache-Var-Map
Machine
X-Is-Bot
Load-Balancing
Meta-Geo
X-Rule
X-ProcessESI
X-CDN-Forward
X-RN-RSRV
X-RemovedCookies
X-FC-Vary-Parameters
X-Kong-Upstream-Latency
X-Rocket-Nginx-Bypass
Pagespeed
X-Kong-Proxy-Latency
X-Proxy
X-ProxyCache-Status
X-Grey
Property-Id
X-Cache-Category-Id
X-Hosted-By
X-ServerID
TWC-Locale-Group
TWC-GeoIP-LatLong
TWC-Privacy
Access-Control-Allow-Method
X-Varnish-Cache-Hits
X-PCL
TWC-GeoIP-Country
DB-Nickname
Cache-Name
TWC-Connection-Speed
TWC-Device-Class
X-Origin-Hint
OT-Force-Account-Verify
User-Cache-Control
X-OCL
Webcakes-App-Name
Webcakes-App-Version
Webcakes-Region
X-ProxyCache-Key
X-Origin
Mn-Server-Ip
X-Tb
X-Varnish-Cacheable
X-BYPASS-REASON
X-Amz-Meta-Surrogate-Control
Backend
X-BB-IP
X-Access
X-CDN-Cache
X-EIG-Tracking-Id
X-Format
ServerName
Now
Azure-SiteName
Azure-RegionName
Azure-SlotName
Azure-Version
L5d-Success-Class
X-Generated
X-Hit
X-Site-Version
X-Section
X-TNCMS
X-Upgrade-Enabled
X-Zipkin-Id
X-Routing-Service
X-OVcl-Cache
X-Human
X-JoinUs
X-Original-Request
X-OVcl
Azure-InstanceId
X-Loop
X-Agile
X-Timing-Wait
X-Agile-Age
X-Agile-Id
X-SplitTest
X-Via-Fastly
X-Viewer-Country
S-Rt
X-Upstream-CT
Selected-FE
X-Www-Served-By
X-VWS-Id
X-ApacheServer
X-App-Name
X-NGENIX-Cache
X-NodeID
X-IP
X-L-Path
X-LJ-Flow-ID
X-Environment-Context
X-Debug-Cache
X-Cache-Config
X-AWS-Id
X-Pubstack
X-Proxy-Build
X-PERF
X-Upstream-HT
X-TWH-CORRELATION-ID
Fastcgi-Useragent
Cache-Key
Fastcgi-X-Cache-Version
Fastcgi-X-Cache
X-Source
Access-Control-Request-Headers
X-Drupal-Cache-Contexts
From-Origin
X-Ocache
X-CCM
X-Origin-CC
X-Xfnlog-Site
X-Nginx-Cache
X-HOST
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Unique-ID
X-URL
X-Backend-Name
LB
X-RateLimit-Limit
X-Forwarded-Host
Cache
X-App-Version
Fastly-SSL
X-Akamai-Request-ID
X-Correlation-ID
ViewerVersion
X-Storage
NtCoent-Length
X-Vgn-Hpd-Reason
X-Ms-Request-Id
X-Pc-Date
X-Pc-Host
X-Ms-Blob-Type
X-Ms-Version
X-Ms-Lease-Status
X-Birta-Cache-Post
X-Qnm-Cache
X-M-Log
X-M-Reqid
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-Birta-Served
X-Feature
AR-Request-ID
X-VG-TLSProxy
X-Labrador-Cache-Channel
X-Time-Microsecs
X-NCache
X-Real-IP
X-Internal-Host
CACHE
Ar-Sid
X-Cluster-Node
X-Release
X-Microcachable
X-Distributor
X-Guploader-Uploadid
Time
X-EdgeConnect-Cache-Status
X-Ruxit-Js-Agent
X-Real-Ip
WZWS-RAY
X-Powered-By-ANYU
Xserver
X-B3-Spanid
X-Sucuri-Cache
X-Request-Time
X-B3-TraceId
X-Cache-Enabled
X-S-Cookie
X-D
X-Rojux
X-Rewrite-Enabled
X-CUA
X-Via-SSL
X-UE-Client-Country
Cache-Prefix
V-Age
X-Request-UUID
X-Date
X-DPWN-IS-SECURE
X-Region-Sid
T-Server
X-Redis-Cache
X-Dispatcher-Server
X-B-Cookie
X-Destination
X-Developer
X-Died
X-Connection-Hash
X-Twitter-Response-Tags
Arc-Country
X-Cache-Bucket
Viewtype
X-Store
X-A
Www
X-IN-SSL-APIGATEWAY
X-BB-ID
X-Via-CDN
X-SRCache-Key
X-SIPLIST1
X-Trv-Group
X-CF-Lambda-Version
BehaviorPad-Version
IsBot
X-CF-Lambda-Fn
X-Server-Time
X-Server-By
X-ScT
X-IN-APIGATEWAY
X-ARC
X-Cache-Backend
X-A-Dgt
X-Web-Node
X-A-Dcw
Rendered-Blocks
X-Generation-Time
X-NC
X-Generated-In
Ec-Rule-Version
X-A-Dam
X-No-Session
X-Transaction
X-Varnish-Beresp-Ttl
AKAMAI
X-WebServer
Ajk
X-VG-WebServer
X-Irp-Debug
X-Logtrace-Id
X-A-Ccd
Fly-Request-Id
X-NU-AKA-ACS-Version
MD5-Digest
X-Application
Meta-Geo-Continent
REQUESTUUID
Xc-Version
X-IN-WAF
X-Via-Edge
Fly-Cache
Server-Int
X-PAYTM-SRV-ID
X-Newrelic-Synthetics
X-Accel-Expires-Debug
X-Org
X-A-Wwc
Mobile-Detection-Method
NGX
VivaBuild
X-G
X-From
X-Shopify-Stage
X-Sorting-Hat-ShopId
X-ShopId
X-Sorting-Hat-PodId
X-FireWall-Port
X-SERVER-NAME
X-Dynatrace-Js-Agent
X-ShardId
X-Alternate-Cache-Key
Pragrma
Origin-Edge-Control
Origin-Cache-Control
Ha-Gx-Prefs
HA-Host
NodeID
HA-Ipaddr
Magicmarker
Web-Mar-Node
HA-Urlpath
SN
HA-Servedtime
HA-Georegion
HA-Geolon
Release
X-Hnp-Log
X-Policy
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Platform
X-Phone
X-Origin-TTL
X-Owner
X-S-Maxage
X-UnsetCookies
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-We-Are-Hiring
X-VServer
X-Varnish-Action
X-VCT
X-Node-Id
X-Layer
X-CS
X-Eu-Site
X-External-Request-Id
X-Crawler
X-CGP
X-Block-Status
X-Cache-CFC
X-F5-Cache
X-Fastly-Cache
HA-Geolat
X-Key
X-Hl-Ver
X-Hash
X-Gen-Mode
X-GeoIP-City
X-Amz-Meta-Cache-Control
Server-Host
Country-Code
X-Dc
Frame-Options
ProcessTime
Backend-Name
HA-Geocountry
HA-Cloudapp
GMS-Ver
HA-Geocity
X-Endurance-Cache-Level
X-C
X-Amz-Cf-Pop
X-Webstats-RespID
X-ElasticPress-Search
X-Fetched-On
X-Instance-Name
X-FW-Version
X-Epic-Correlation-Id
X-Gannett-Site-Version
X-HTML-Minification-Powered-By
PageSpeed
X-GZip
X-UA-Device-Type
X-GeoIP-Country-Code
X-Core-Value
X-Backend-Url
X-Cache-Expires
X-Backend-TTL
X-Backend-State
X-Actual-URL
X-Backend-Host
X-Cache-Srv
X-Cache-URL
X-Debug-Log
Cneonction
X-Debug-Cookies
X-Location
X-Clientip
X-Core-Mission
X-Developers
X-MSEdge-Flight
X-Request-URI
X-Response-By
X-Swa-Ws
X-Reboot
X-Thinkindot-L3
X-RCS-CacheZone
X-Returned-From
X-Returned-From-BeforeDispatch
X-Server-IP
X-Sf
X-Secret
X-Stale
X-Returned-From-DLL
X-Returned-From-PostProcessResponse
Pagetype
X-TT-LOGID
X-Variation
X-NX-Host
X-Nginx-Cache-Key
Adler-Geo
X-MI-In-Market
X-MSEdge-Features
X-Var-Ttl
X-Up
X-Passed-To-DLL
X-Passed-To-PostProcessResponse
X-Passed-To-BeforeDispatch
X-Passed-To
X-Tumblr-Pixel-3
X-Matched-Rule
X-Croise-Owner
Uber-Trace-Id
MI-API
MI-Cache
Apple-News-Services-Parsed-Url
Section-Io-Cache
Origin
CDCHOST
Thinkindot-CacheControl-Type
Thinkindot-Control
Thinkindot-CacheControl
Platform
Apple-News-Services-Request-Url
Request-EU
Heartbleed
Request-Country
Kp-EeAlive
Apple-News-Services-Handled
MI-Cache-Age
Apple-News-Services-Host
Countrycode
Odigeo-Trace-Id
Proxy-Connection
Is-Eu
Esi-Enabled
X-Ezoic-Cdn
X-Nc
X-NWS-UUID-VERIFY
Powered
True-Client-Country-4JS
X-V
X-Fstrz
Server-ID
Cache-Cookie-Set-From
HTTPS
Decoy-Debug-Key
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
Decoy-Debug-Status
On-Server
X-Sn-Servicetimems
X-Content-Age
X-ServiceProvider
RNT-Machine
X-TIME
Content-Disposition
Fastly-Backend-Name
Resin-Trace
RNT-Time
X-Cache-Host
X-Trace-Id
X-Worker
X-Ckpd-Fst-Backend
Cache-Tags
X-Cdn-Origin
Decoy-Debug-TTL
X-Device-Os
XServer
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
Fastly-SWR
Fastly-SIE
X-Skip-Cache
Warning
X-Servername
X-Alicdn-Da-Ups-Status
X-Cdn-Srv
X-Surge-Debug
MIME-Version
X-CACHE-AGE
Host-ID
RequestId
X-Csrf-Token
X-Aed
X-Req
X-Pf-Uncompressing
X-Ua
X-Proto
X-Edge-IP
X-GEO
Request-Time
PFcat
Sid
We-Hiring
Mail-Subject
Pramga
Cteonnt-Length
TSSecure
X-Pjax-Url
X-PHP-Backend
X-Refresh
X-Ms-Lease-State
X-Ratelimit-Limit
CF-IPCountry
WP-Super-Cache
X-Hello
X-Page-Type
X-Server-W
X-Cdn-Forward
X-Flog
X-ABtesting
X-Varnish-Ttl
X-Geo
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
Cdn
X-Planisys-CDN-TTL
X-Servedbyhost
X-Atg-Version
X-CLOUD-TRACE-CONTEXT
CDN
GeoIp-Country-Code
Geoip-Latitude
X-Oss-Hash-Crc64ecma
X-COUNTRY
X-Oss-Object-Type
X-Time
X-Auto-Login
X-Varnish-Url
X-Oss-Request-Id
Mime-Version
X-Oss-Server-Time
X-Oss-Storage-Class
X-CSRF-Token
FSS-Cache
Dnion-Transfer-Encoding
FSS-Proxy
X-Cache-ASPX
X-DC
X-Oracle-Dms-Ecid
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
X-Aicache-OS
Lfy
X-Unique-Id
X-GoCache-CacheStatus
X-Akamai-Request-ID2
X-WA
X-Varnish-Beresp-TTL
Rt-Proxy-Cache
X-Sentry-ID
A
PageType
MS-CV
X-GRACE
X-Datadome
X-EC-Security-Audit
X-MP-GENERATED-AT
NnCoection
Memcached
X-Served-From
X-Via-NSCOPI
X-Cache-Id
X-Bip
X-Thanos
Hostname
X-Origin-Date
X-Origin-Expires
NODE
X-Check-Cacheable
X-Ratelimit-Remaining
X-Varnish-HitMiss
X-Cache-Control-Set-By
X-Be
Node
X-HCF
X-CACHE-KEY
X-Cache-Info
X-APP
X-Request-Start
SD-X-WS
X-Wa
X-Proxy-Server
X-Nananana
X-Use-Magma
GeoIP-Latitude
Memory
GeoIP-Country-Code
X-UPSTREAM-Address
WWW-Authenticate
X-Server-Group
X-NODE
X-SRV
GW-Server
GeoIP-City
X-Fastly-Cache-Hits
X-Varnish-URL
Geoip-City
UCS
X-ServedByHost
X-User
X-Cookie
Processtime
X-Vcache
PICS-Label
Cache-Hits
X-PAGE-TYPE
X-Wix-Route-ID
X-RTag
X-WR-MODIFICATION
X-Gen-Id
X-From-Cache
Accept-Language
X-GDPR
X-Load-Cache
DataCenter
Amp-Access-Control-Allow-Source-Origin
X-Goog-Meta-Goog-Reserved-File-Mtime
X-FORWARDED-FOR
Cf-Ipcountry
X-HS-Status
X-Gdpr
Cdn-Request-Time
Cdn-Host
X-Fastly-Backend-Reqs
X-Edge-Server
Ms-Operation-Id
X-Swift-Error
X-LI-UUID
X-Path-Route
X-Urbn-Context-Path
X-Urbn-Site-Id
X-PJAX-URL
X-LI-Proto
COMMERCE-SERVER-SOFTWARE
X-Li-Fabric
X-BBXSRF
Pics-Label
X-Li-Pop
Locale
X-Cache-Debug
X-B3-SpanId
X-Info
Dont-Set-Cookie
X-Cache-Ttl
SS
V-Cache
X-Qloud-Router
Fastly-Soc-X-Request-Id
Group
Get-Access-Time
Is-Session-Tracking
X-CDN-Pop
X-VG-WebCache
Lb
X-PF-Uncompressing
X-CDN-Pop-IP
X-Dw-Trace-Id
X-RateLimit-Reset
X-Optimization
X-Fe
X-Cache-HT
X-Env
X-ID
X-Bug-Bounty
Requestid
NX-Cache
X-Content-Encoded-By
X-GZIP
URI
X-P-T
Who
X-NGINX-Cache
Serverid
CDN-Cache
X-CacheKey
X-Cache-FS-Status
X-Varnish-Info
AGE-Hash
Xet-Cookie
X-SN
CDN-Cache-Hit
X-ServerName
CDN-Node
X-Ver
X-CSRF-TOKEN
X-SB
X-VC
X-Akamai-SSL-Client-Sid
X-Serial
SID
X-Litespeed-Cache-Control
X-Route-Name
X-Providence-Cookie
X-Grace-Duration
Https
X-Akamai-ERPolicy
Ws
X-Is-Crawler
X-Flags
X-RequestId
X-Ibm-Trace
X-Shard
X-Akamai-ERRuleID
N-Cache
X-Meta-Tbi-Cache-Vertical