Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
Last-Modified
Accept-Ranges
Pragma
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
Expect-CT
Via
X-XSS-Protection
X-Cache
Age
Access-Control-Allow-Origin
Content-Security-Policy
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Served-By
X-Amz-Cf-Id
X-Varnish
Referrer-Policy
X-Xss-Protection
X-Timer
CF-Cache-Status
X-FRAME-OPTIONS
Access-Control-Allow-Headers
X-AspNet-Version
X-Request-Id
Access-Control-Allow-Methods
X-Runtime
X-Download-Options
Access-Control-Allow-Credentials
X-Drupal-Cache
X-Cacheable
X-Request-ID
Alt-Svc
X-Generator
Content-Security-Policy-Report-Only
X-Check
X-AspNetMvc-Version
Status
X-Adblock-Key
X-Cache-Status
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Iinfo
X-Permitted-Cross-Domain-Policies
X-Template
X-Language
Content-Encoding
X-Content-Security-Policy
X-Turbo-Charged-By
X-CDN
X-Type
X-Buckets
Keep-Alive
Xkey
X-AH-Environment
P3p
X-Cache-Group
X-Backend
Access-Control-Max-Age
WPE-Backend
X-Pass-Why
X-Age
CF-Ray
X-POWERED-BY
Upgrade
X-Server
EagleId
Access-Control-Expose-Headers
X-Via
X-Nginx-Cache-Status
X-Server-Powered-By
X-Drupal-Dynamic-Cache
X-Pingback
X-Varnish-Cache
X-Amz-Request-Id
X-Amz-Id-2
Grace
X-Hacker
X-UA-Device
X-Swift-CacheTime
X-Swift-SaveTime
X-Robots-Tag
Ali-Swift-Global-Savetime
Cf-Railgun
X-LiteSpeed-Cache
X-Proxy-Cache
X-Envoy-Upstream-Service-Time
X-Ua-Compatible
X-Page-Speed
Request-Context
Content-Location
X-Device
X-Ac
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Cnection
X-Node
X-Amz-Version-Id
X-Host
X-Cache-Lookup
Surrogate-Control
X-WebKit-CSP
X-Server-Id
X-Backend-Server
X-Rq
X-Rack-Cache
X-Response-Time
X-Readtime
X-Application-Context
EagleEye-TraceId
X-CST
Server-Timing
Pinterest-Generated-By
X-Url
X-Cloud-Trace-Context
X-OneAgent-JS-Injection
Request-Id
Report-To
X-Instart-Request-ID
X-TTL
X-Country
X-Px
X-ORACLE-DMS-ECID
X-Clacks-Overhead
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Feature-Policy
Edge-Control
Rating
X-Country-Code
Allow
X-DynaTrace-JS-Agent
X-Dns-Prefetch-Control
X-Powered-CMS
X-Vname
X-PC
X-TtlSet
Charset
X-FTR-Request-ID
X-Server-Name
X-Origin-Cache
X-DataDome
X-ESI
NEL
X-MS-InvokeApp
X-DynaTrace
X-Cached
X-Goog-Hash
X-Recruiting
X-Vhost
X-Varnish-TTL
X-GitHub-Request-Id
X-VARITI-CCR
RTSS
X-F-Cache
X-Version
Content-MD5
X-Cdn-Fetch
X-Kinja-Server
X-Kinja-Revision
X-ORACLE-DMS-RID
X-GoogleNews-Bot
X-Exp-Id
X-Exp-Variant
X-Kinja
X-Kinja-Build
X-Geo-Segment
X-Powered-By-Plesk
Public-Key-Pins
Accept-CH
PB-PID
PB-RID
Arc-Version
X-Mobile-Rewrite
X-D2id
X-Mod-Pagespeed
Verso
X-Pinterest-Rid
X-Upstream-Env
Pinterest-Version
X-Client-IP
MS-Author-Via
X-Abt-Application-Version
SPRequestGuid
X-Dispatcher
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-N
X-CF-Powered-By
X-SharePointHealthScore
X-Amz-Rid
Nginx-Cache
X-Navigation-Version
Accept-CH-Lifetime
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Dw-Request-Base-Id
X-Fastly-Request-ID
X-Trace
AR-PoweredBy
AR-ATIME
X-Server-ID
Paypal-Debug-Id
X-T
X-Ruxit-JS-Agent
AR-CACHE
X-Upstream
X-Varnish-Age
X-Hits
X-Forwarded-Proto
DynaTrace
Arr-Disable-Session-Affinity
X-Origin-Upstream-Status
X-DIS-Request-ID
TCN
X-Amz-Meta-S3cmd-Attrs
X-Id
SPRequestDuration
SPIisLatency
X-Pad
X-Grace
X-Shield-Request-Id
X-Content-Options
X-Content-Digest
Realpath
X-NF-Request-ID
X-Kinsta-Cache
X-IPLB-Instance
Access-Control-Request-Method
X-Cache-Hit
Mrf-Cache-Status
X-Mrf-Item-Lastmod
MRF-Tech
X-Mrf-Section-Lastmod
X-Logged-In
X-Acc-Meta-Resource-Type
X-FastCGI-Cache
X-B
X-HW
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Storage-Class
X-Vcap-Request-Id
X-SS-Set-Cookie
AR-SID
X-Debug
X-HeyJason
X-Do-Not-Hack
Permitted-Cross-Domain-Policies
X-XRDS-Location
S
X-Ser
Service-Worker-Allowed
X-Wix-Server-Artifact-Id
X-MSEdge-Ref
Tracecode
X-Cache-Key
Server-Name
X-PressLabs-Stats
X-FTR-Cache-Status
X-FTR-DC
X-FTR-Backend
X-Country-Code-Real
X-Frontend
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-Realm
AMP-Access-Control-Allow-Source-Origin
X-NewRelic-App-Data
X-FTR-Expires
X-Oracle-Dms-Rid
Rt-Fastcgi-Cache
Fastly-Restarts
X-Forwarded-For
Fastcgi-Cache
Surrogate-Key
Alternate-Protocol
Eomportal-Instance
X-Cache-Rule
X-GUploader-UploadID
Backend-Timing
Cache-Status
X-Accel-Buffering
X-Analytics
Cleartype
X-Oneagent-Js-Injection
X-Srv
Host
TP-Cache
X-RateLimit-Remaining
TP-L2-Cache
X-HS-Hub-Id
X-HS-Content-Id
X-Revision
X-Rid
X-TA-CDN-Provider
Public-Key-Pins-Report-Only
X-Whom
X-Ttl
FilterID
X-FTR-Cache-Host
X-Debug-Info
X-User-Agent
X-VCache
X-Akam-SW-Version
ServerID
X-AOL-HN
X-Varnish-Backend
X-XRDS-LOCATION
X-Cache-2
X-NWS-LOG-UUID
Front-End-Https
X-Webkit-CSP
X-Mobile
Accept-Charset
X-Cdn
X-Kinja-Server-Push
X-Via-JSL
X-Content-Powered-By
X-Request-Processing-Time
X-Request-Received
X-WPE-Loopback-Upstream-Addr
X-Zen-Fury
X-Cached-By
Viewport
X-Node-Name
X-App-Environment
X-LB-Cache
X-Cluster
X-Page-Id
X-Tumblr-Pixel-0
X-Varnish-Hostname
Host-Header
X-B3-Traceid
X-Magnolia-Registration
X-Tumblr-Pixel
X-Tumblr-User
X-Framework
X-Handled-By
X-Device-Type
X-TT
X-Akamai-Edgescape
X-Request-Guid
X-Cache-Control
Liferay-Portal
X-Signature
X-Platform-Server
X-BCube-Filmed-By
X-Correlation-Id
Upgrade-Insecure-Requests
X-B-Cache
X-B3-Sampled
X-FB-Debug
X-Content-Security-Policy-Report-Only
Cache-Tag
X-Instance
DC
X-Cache-Server
X-Hostname
MicrosoftSharePointTeamServices
X-Origin-Server
Server-Node
X-Amzn-Trace-Id
X-TT-TIMESTAMP
X-Sol
X-Middleton-Display
Display
X-Fastcgi-Cache
Source
Retry-After
X-WA-Info
X-Accel-Expires
X-Varnish-Server
X-Iejgwucgyu
X-Contextid
X-Servedby
Server-Info
HitInfo
X-Distil-CS
HitType
X-Esi
X-Cache-Action
X-Cache-Operation
X-APP-VERSION
X-Seen-By
X-Wix-Request-Id
Webserver
X-GeoIP
X-Amz-Replication-Status
User-Agent
X-Tumblr-Pixel-1
X-S
X-RequestSource
Content-Style-Type
X-Tumblr-Pixel-2
Content-Script-Type
GEO-INFO
X-Locale
X-Jobs
X-Status
X-Edge-Location
Actual-Object-TTL
X-Port
X-WebKit-CSP-Report-Only
X-FW-Server
X-FW-Static
X-Edge-Cache
X-FW-Hash
X-FW-Type
X-Edge-Cache-Key
SRV
AsisCache
X-FW-Serve
X-UUID
X-Response-Served-From
X-Region
X-TX-ID
X-Drupal-Cache-Tags
X-Adobe-Content
X-Generated-By
ServedBy
X-Adobe-Loc
Healthy
X-Newrelic-App-Data
X-Varnish-Hits
X-Geo-Country
X-Hyper-Cache
X-Yottaa-Metrics
Refresh
X-Yottaa-Optimizations
X-Cache-NE
X-ATG-Version
X-Daa-Tunnel
X-Middleton-Response
Response
X-Cache-TTL-Remaining
X-DataStream-Cache-Status
S-Cnection
X-Varnish-Grace
Payment
IBM-Web2-Location
Filters
X-Amz-Server-Side-Encryption
X-Content-Type
X-Cache-Age
NGB
Datacenter
X-Az
X-Activity-Id
X-AppVersion
X-Vg-Webcache
X-Cache-Remote
X-CDN-Forward
X-Pc-Hit
Country
X-Pc-Appver
X-Pc-Key
Edge-Cache-Tag
X-Proxied
Served-By
X-HS-Cache-Config
X-Cacheable-TTL
X-Kong-Upstream-Latency
X-App-Server
X-Kong-Proxy-Latency
X-Cache-TTL
X-HS-Combine-CSS
X-Sucuri-ID
X-Mode
X-Varnish-IP
X-UA
X-Akamai-Transformed
X-Is-Bot
X-RN-RSRV
X-Cache-Var-Map
X-Rule
Machine
X-Rendered-As
X-Cache-Var
Meta-Geo
X-Detected-As
Load-Balancing
X-Unique-ID
X-RateLimit-Limit
X-FC-Vary-Parameters
Cache
X-Rocket-Nginx-Bypass
X-Proxy
TWC-GeoIP-Country
TWC-GeoIP-LatLong
TWC-Locale-Group
TWC-Privacy
Backend
X-PCL
TWC-Device-Class
X-BYPASS-REASON
TWC-Connection-Speed
Powered-By-ChinaCache
Property-Id
X-Grey
Access-Control-Allow-Method
Mn-Server-Ip
X-Cache-Category-Id
X-Human
HostName
User-Cache-Control
X-Amz-Meta-Surrogate-Control
Webcakes-Region
X-OCL
Webcakes-App-Version
X-Origin
X-Hosted-By
X-ProxyCache-Status
X-Tb
X-ServerID
Webcakes-App-Name
Cache-Name
DB-Nickname
X-Origin-Hint
X-Varnish-Cacheable
X-ProxyCache-Key
X-Varnish-Cache-Hits
Azure-SlotName
L5d-Success-Class
Azure-RegionName
X-Format
Azure-InstanceId
Azure-SiteName
Now
X-CDN-Cache
X-Routing-Service
X-EIG-Tracking-Id
X-Section
X-NodeID
X-Loop
X-OVcl
X-Debug-Cache
X-RemovedCookies
X-JoinUs
X-Access
X-ProcessESI
X-Site-Version
X-Hit
X-Generated
X-OVcl-Cache
ServerName
OT-Force-Account-Verify
X-Zipkin-Id
X-TNCMS
X-BB-IP
X-Upgrade-Enabled
S-Rt
Azure-Version
X-Correlation-ID
Fastcgi-X-Cache-Version
X-NGENIX-Cache
X-Mshield-Cache-Status
Fastcgi-X-Cache
Fastcgi-Useragent
Cache-Key
X-Proxy-Build
X-Agile
X-Mrs-Cache-Hits
X-Mrs-Cache
X-ApacheServer
X-IP
X-Agile-Id
Selected-FE
X-App-Name
X-Timing-Wait
X-Original-Request
X-Mrs-Age
X-Agile-Age
X-PERF
X-HOST
X-Viewer-Country
Access-Control-Request-Headers
X-Cache-Config
X-Environment-Context
X-Pubstack
X-L-Path
X-TWH-CORRELATION-ID
X-URL
X-Ocache
X-Origin-CC
X-Drupal-Cache-Contexts
X-CCM
X-Via-Fastly
X-Backend-Name
X-Upstream-HT
X-Upstream-CT
Pagespeed
X-Nginx-Cache
X-VWS-Id
X-SplitTest
X-Www-Served-By
AR-Request-ID
X-Xfnlog-Site
X-Source
X-LJ-Flow-ID
X-AWS-Id
X-Real-IP
X-Akamai-Request-ID
From-Origin
X-Storage
X-Amzn-RequestId
X-Litespeed-Cache
X-Ruxit-Js-Agent
X-Amz-Apigw-Id
X-Vgn-Hpd-Reason
X-Forwarded-Host
X-Pc-Host
X-Pc-Date
Fastly-SSL
X-Feature
LB
NtCoent-Length
X-NCache
X-Time-Microsecs
X-Qnm-Cache
X-M-Reqid
X-Ms-Version
X-Ms-Blob-Type
X-Internal-Host
X-Ms-Lease-Status
X-Ms-Request-Id
X-Varnish-Beresp-Grace
X-M-Log
X-Varnish-Beresp-Status
X-Birta-Cache-Post
X-NC
X-Birta-Served
X-Release
X-Labrador-Cache-Channel
X-Distributor
X-VG-TLSProxy
X-Microcachable
X-Webkit-Csp
X-UA-Device-Type
X-EdgeConnect-Cache-Status
X-App-Version
Pagetype
Time
X-B3-Spanid
ViewerVersion
X-Twitter-Response-Tags
X-Transaction
X-Cache-Backend
X-Connection-Hash
X-Powered-By-ANYU
WZWS-RAY
X-SERVER-NAME
X-Cluster-Node
XServer
NGX
T-Server
AKAMAI
Cache-Prefix
BehaviorPad-Version
Server-Int
Arc-Country
Rendered-Blocks
X-Date
Ec-Rule-Version
Fly-Cache
Fly-Request-Id
IsBot
MD5-Digest
Ajk
Mobile-Detection-Method
Meta-Geo-Continent
X-D
Www
X-ARC
X-Application
X-CUA
X-B-Cookie
X-BB-ID
Cneonction
X-CF-Lambda-Fn
X-Cache-Bucket
X-Accel-Expires-Debug
X-A-Wwc
X-CF-Lambda-Version
VivaBuild
Viewtype
X-A
X-A-Ccd
X-A-Dgt
X-A-Dcw
X-A-Dam
V-Age
X-G
X-Rewrite-Enabled
X-Destination
X-Rojux
X-S-Cookie
X-ScT
X-Region-Sid
X-Redis-Cache
X-No-Session
X-NU-AKA-ACS-Version
X-Org
X-PAYTM-SRV-ID
X-Server-By
Frame-Options
X-Via-Edge
X-Via-CDN
X-Via-SSL
X-WebServer
Xc-Version
X-VG-WebServer
X-UE-Client-Country
X-Server-Time
X-SIPLIST1
X-SRCache-Key
X-Trv-Group
X-Logtrace-Id
X-Request-UUID
X-DPWN-IS-SECURE
X-Developer
X-Generated-In
X-Generation-Time
X-IN-SSL-APIGATEWAY
X-Died
X-From
X-Irp-Debug
X-IN-WAF
X-IN-APIGATEWAY
X-Dispatcher-Server
X-C
X-Request-Time
X-NWS-UUID-VERIFY
X-FireWall-Port
X-Sucuri-Cache
X-VServer
Pragrma
X-VCT
Server-Host
X-External-Request-Id
X-Eu-Site
Origin-Edge-Control
Release
NodeID
Magicmarker
HA-Georegion
X-Wikidot-Static-Cache
HA-Geolon
HA-Geolat
HA-Geocity
HA-Geocountry
Ha-Gx-Prefs
HA-Host
X-Varnish-Action
X-Web-Node
HA-Urlpath
X-Wikidot-Backend
HA-Ipaddr
HA-Servedtime
X-We-Are-Hiring
HA-Cloudapp
X-Core-Value
X-Block-Status
X-Phone
X-Platform
X-RateLimit-Limit-Second
X-Policy
X-Owner
X-Origin-TTL
X-Node-Id
X-Layer
X-Cache-Enabled
X-Cache-CFC
X-CGP
X-RateLimit-Remaining-Second
X-Crawler
X-Key
Web-Mar-Node
X-Store
X-Fastly-Cache
X-UnsetCookies
X-F5-Cache
X-Gen-Mode
X-Hash
X-Hnp-Log
X-Amz-Meta-Cache-Control
X-CS
X-Hl-Ver
X-S-Maxage
SN
Origin-Cache-Control
GMS-Ver
MIME-Version
Backend-Name
Country-Code
X-GZip
X-Instance-Name
Xserver
X-Webstats-RespID
X-CACHE-AGE
X-Developers
X-Debug-Log
X-Debug-Cookies
X-V
X-Gannett-Site-Version
X-GeoIP-City
X-HTML-Minification-Powered-By
X-Croise-Owner
X-FW-Version
X-Fetched-On
X-Epic-Correlation-Id
X-Clientip
X-Actual-URL
X-Backend-Host
X-Backend-State
X-Alternate-Cache-Key
X-ShardId
X-Shopify-Stage
X-ShopId
X-Backend-TTL
X-Backend-Url
ProcessTime
X-Location
X-Cdn-Srv
X-Cache-URL
X-Cache-Expires
X-Cache-Srv
X-Core-Mission
X-MSEdge-Features
X-Sf
X-Varnish-Beresp-Ttl
X-Stale
X-Server-IP
X-Secret
X-Returned-From-DLL
X-Returned-From-PostProcessResponse
X-Swa-Ws
X-Thinkindot-L3
X-Variation
REQUESTUUID
X-Var-Ttl
X-Up
X-TT-LOGID
X-Tumblr-Pixel-3
X-Returned-From-BeforeDispatch
X-Returned-From
X-NX-Host
X-PHP-Backend
X-Nginx-Cache-Key
X-MSEdge-Flight
X-MI-In-Market
X-Sorting-Hat-PodId
X-Passed-To
X-Passed-To-BeforeDispatch
X-Request-URI
X-Response-By
X-Reboot
X-RCS-CacheZone
X-Passed-To-DLL
X-Passed-To-PostProcessResponse
X-Matched-Rule
X-GeoIP-Country-Code
Is-Eu
Kp-EeAlive
Apple-News-Services-Request-Url
Countrycode
Apple-News-Services-Host
Apple-News-Services-Handled
Heartbleed
Host-ID
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
Section-Io-Cache
MI-API
CDCHOST
Request-EU
Request-Country
Proxy-Connection
Powered
Platform
MI-Cache
MI-Cache-Age
Odigeo-Trace-Id
Origin
Thinkindot-Control
Apple-News-Services-Parsed-Url
Esi-Enabled
Uber-Trace-Id
Adler-Geo
X-Sorting-Hat-ShopId
X-Ua
X-Trace-Id
X-Device-Os
Server-ID
Decoy-Debug-Key
X-Alicdn-Da-Ups-Status
Content-Disposition
X-Fstrz
X-Worker
On-Server
Resin-Trace
RNT-Machine
Decoy-Debug-Status
X-ElasticPress-Search
RNT-Time
X-Cdn-Origin
X-Cache-Host
True-Client-Country-4JS
X-Servername
Decoy-Debug-TTL
X-ServiceProvider
Cache-Tags
X-Content-Age
Sid
X-Ckpd-Fst-Backend
Fastly-Backend-Name
X-Sn-Servicetimems
X-Endurance-Cache-Level
X-Ezoic-Cdn
Request-Time
Cache-Cookie-Set-Lfrom
CACHE
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
PFcat
X-Real-Ip
X-Rebelmouse-Surrogate-Control
Fastly-SWR
Fastly-SIE
X-Rebelmouse-Cache-Control
X-Skip-Cache
HTTPS
X-Csrf-Token
Warning
Ar-Sid
X-Dc
X-Pf-Uncompressing
PageSpeed
Cteonnt-Length
X-Newrelic-Synthetics
X-Surge-Debug
X-Req
X-Proto
CF-IPCountry
RequestId
X-Refresh
X-TIME
Mail-Subject
X-Datadome
We-Hiring
X-Guploader-Uploadid
X-Nc
X-Servedbyhost
CDN
X-Pjax-Url
WP-Super-Cache
X-Planisys-CDN-Cache
X-Oss-Hash-Crc64ecma
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Oss-Object-Type
X-Oss-Server-Time
X-Oss-Request-Id
X-Aed
X-B3-TraceId
X-Oss-Storage-Class
Pramga
X-Time
X-GEO
X-Geo
X-Varnish-Ttl
X-Cache-ASPX
X-Edge-IP
TSSecure
Dnion-Transfer-Encoding
X-DC
X-Atg-Version
X-GRACE
X-CLOUD-TRACE-CONTEXT
X-CSRF-Token
X-COUNTRY
X-GoCache-CacheStatus
X-Ms-Lease-State
X-Varnish-Beresp-TTL
X-Server-W
GeoIp-Country-Code
X-ABtesting
X-DataStream-MidMile-RTT
X-Flog
X-DataStream-Origin-MEX-Latency
X-Hello
X-Page-Type
Geoip-Latitude
X-Amz-Cf-Pop
X-Oracle-Dms-Ecid
Hostname
X-Aicache-OS
X-Varnish-Url
X-Cdn-Forward
NnCoection
NODE
Cdn
Lfy
X-Origin-Expires
X-Origin-Date
X-Auto-Login
A
X-Cache-Control-Set-By
X-WA
X-HCF
FSS-Cache
MS-CV
X-Varnish-HitMiss
FSS-Proxy
X-Akamai-Request-ID2
Mime-Version
SD-X-WS
X-Ratelimit-Limit
X-Via-NSCOPI
X-Wa
Node
X-Unique-Id
WWW-Authenticate
Rt-Proxy-Cache
X-Sentry-ID
X-Server-Group
X-UPSTREAM-Address
X-Check-Cacheable
Geoip-City
X-EC-Security-Audit
X-Use-Magma
PageType
X-Varnish-URL
X-Served-From
X-Wix-Route-ID
X-APP
X-Bip
GeoIP-Country-Code
GeoIP-Latitude
Processtime
X-Cache-Id
Memcached
X-PAGE-TYPE
PICS-Label
X-Thanos
X-NODE
GeoIP-City
X-From-Cache
X-SRV
X-Cache-Info
X-MP-GENERATED-AT
X-Nananana
X-Cookie
Cdn-Host
X-Edge-Server
X-Be
X-Request-Start
X-CACHE-KEY
X-Gdpr
X-Gen-Id
Cdn-Request-Time
X-Proxy-Server
Ms-Operation-Id
X-RTag
X-Fastly-Backend-Reqs
X-Fastly-Cache-Hits
Memory
X-GDPR
Lb
X-Load-Cache
Dont-Set-Cookie
X-WR-MODIFICATION
DataCenter
X-Dynatrace-Js-Agent
X-FORWARDED-FOR
UCS
X-Dynatrace
COMMERCE-SERVER-SOFTWARE
GW-Server
Is-Session-Tracking
X-Env
X-User
X-Optimization
Pics-Label
X-Cache-Ttl
X-Swift-Error
X-HS-Status
Get-Access-Time
X-ServedByHost
X-Cache-HT
X-PJAX-URL
Cache-Hits
Who
Group
X-B3-SpanId
V-Cache
X-RateLimit-Reset
X-Cache-FS-Status
Accept-Language
X-CDN-Pop
Requestid
Cf-Ipcountry
X-Ver
X-Fe
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Dw-Trace-Id
X-CDN-Pop-IP
X-ID
Amp-Access-Control-Allow-Source-Origin
Dynatrace
X-Cache-Debug
X-VC
X-Urbn-Context-Path
AGE-Hash
NX-Cache
X-Content-Encoded-By
Ws
X-Ibm-Trace
X-Meta-Tbi-Cache-Vertical
X-SB
X-BBXSRF
X-Urbn-Site-Id
X-LI-Proto
X-GZIP
Xet-Cookie
X-Li-Pop
X-LI-UUID
X-PF-Uncompressing
Locale
X-Li-Fabric
URI
X-Bug-Bounty
X-NGINX-Cache
Serverid
X-Ratelimit-Remaining
Httpd-Identifier
X-Info
X-Shard
N-Cache
CDN-Cache-Hit
CDN-Cache
X-CacheKey
CDN-Node
Https
X-Varnish-Info
X-Serial
X-Qloud-Router
X-RequestId
X-Litespeed-Cache-Control
RequestUuid
SS
X-BE
X-Flags
X-Route-Name
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Cache-Handler
Powered-By
X-Grace-Duration
X-Akamai-ERRuleID
X-Providence-Cookie
X-ServerName
X-Akamai-ERPolicy
X-Is-Crawler