Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
Last-Modified
Accept-Ranges
Pragma
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
Expect-CT
Via
X-XSS-Protection
X-Cache
Age
Access-Control-Allow-Origin
Content-Security-Policy
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Served-By
X-Amz-Cf-Id
X-Varnish
Referrer-Policy
X-Xss-Protection
X-Timer
CF-Cache-Status
X-FRAME-OPTIONS
Access-Control-Allow-Headers
X-AspNet-Version
X-Request-Id
Access-Control-Allow-Methods
X-Runtime
X-Download-Options
Access-Control-Allow-Credentials
X-Drupal-Cache
X-Cacheable
Alt-Svc
X-Request-ID
X-Generator
Content-Security-Policy-Report-Only
X-Check
X-AspNetMvc-Version
Status
X-Adblock-Key
X-Cache-Status
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Iinfo
X-Permitted-Cross-Domain-Policies
X-Template
X-Language
Content-Encoding
X-Content-Security-Policy
X-Turbo-Charged-By
X-CDN
X-Type
X-Buckets
Keep-Alive
Xkey
X-AH-Environment
X-Cache-Group
X-Backend
WPE-Backend
Access-Control-Max-Age
X-Pass-Why
X-Age
Upgrade
CF-Ray
X-Server
X-POWERED-BY
EagleId
Access-Control-Expose-Headers
X-Via
X-Nginx-Cache-Status
X-Server-Powered-By
X-Drupal-Dynamic-Cache
X-Pingback
X-Varnish-Cache
X-Amz-Request-Id
X-Amz-Id-2
Grace
X-Hacker
X-Swift-CacheTime
X-Swift-SaveTime
X-UA-Device
X-Robots-Tag
Ali-Swift-Global-Savetime
Cf-Railgun
P3p
X-LiteSpeed-Cache
X-Proxy-Cache
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Ua-Compatible
Request-Context
Content-Location
X-Device
X-Ac
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Cnection
X-Node
X-Amz-Version-Id
X-Host
X-Server-Id
X-Cache-Lookup
Surrogate-Control
X-WebKit-CSP
X-Backend-Server
X-Rq
X-Rack-Cache
X-Response-Time
X-Readtime
X-Application-Context
EagleEye-TraceId
X-CST
Server-Timing
X-Url
Pinterest-Generated-By
X-Cloud-Trace-Context
X-TTL
X-OneAgent-JS-Injection
Request-Id
Report-To
X-Instart-Request-ID
X-Dns-Prefetch-Control
X-Px
X-ORACLE-DMS-ECID
X-Country
X-Clacks-Overhead
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Feature-Policy
Edge-Control
Rating
X-Country-Code
Allow
X-DynaTrace-JS-Agent
X-DataDome
X-Powered-CMS
Charset
X-Vname
X-TtlSet
X-PC
X-FTR-Request-ID
X-ESI
X-Origin-Cache
X-DynaTrace
NEL
X-Server-Name
X-MS-InvokeApp
X-Cached
X-Goog-Hash
X-Recruiting
X-Vhost
X-Varnish-TTL
X-GitHub-Request-Id
X-VARITI-CCR
X-ORACLE-DMS-RID
RTSS
Content-MD5
X-F-Cache
X-Version
X-Kinja-Revision
X-Kinja-Server
X-Kinja-Build
X-GoogleNews-Bot
X-Exp-Id
X-Cdn-Fetch
X-Geo-Segment
X-Exp-Variant
X-Kinja
X-Powered-By-Plesk
Public-Key-Pins
Accept-CH
PB-RID
PB-PID
Arc-Version
X-Mobile-Rewrite
X-D2id
X-Mod-Pagespeed
X-Pinterest-Rid
Pinterest-Version
X-Upstream-Env
Verso
MS-Author-Via
X-Client-IP
X-Abt-Application-Version
SPRequestGuid
X-Dispatcher
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-N
X-CF-Powered-By
X-SharePointHealthScore
X-Amz-Rid
X-Navigation-Version
Accept-CH-Lifetime
Nginx-Cache
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-Dw-Request-Base-Id
AR-ATIME
X-Fastly-Request-ID
AR-PoweredBy
X-Trace
X-T
DynaTrace
AR-CACHE
Paypal-Debug-Id
X-Upstream
X-Varnish-Age
X-Hits
X-Forwarded-Proto
X-Grace
Arr-Disable-Session-Affinity
TCN
X-DIS-Request-ID
X-Origin-Upstream-Status
X-Ruxit-JS-Agent
X-Id
X-Amz-Meta-S3cmd-Attrs
X-Pad
SPRequestDuration
SPIisLatency
X-Shield-Request-Id
X-Content-Options
X-Content-Digest
X-Cdn
Realpath
X-NF-Request-ID
X-Kinsta-Cache
X-FastCGI-Cache
X-Cache-Hit
X-IPLB-Instance
Access-Control-Request-Method
X-Mrf-Section-Lastmod
Mrf-Cache-Status
MRF-Tech
X-Mrf-Item-Lastmod
X-Logged-In
X-Acc-Meta-Resource-Type
X-B
X-HW
AR-SID
Permitted-Cross-Domain-Policies
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-HeyJason
X-Server-ID
X-Do-Not-Hack
X-Goog-Metageneration
X-Goog-Generation
X-Vcap-Request-Id
X-SS-Set-Cookie
X-Debug
S
Service-Worker-Allowed
X-Ser
X-MSEdge-Ref
X-Wix-Server-Artifact-Id
X-XRDS-Location
X-Cache-Key
Server-Name
Tracecode
X-FTR-Backend
X-Country-Code-Real
X-FTR-Balancer
X-PressLabs-Stats
X-FTR-Realm
X-FTR-DC
X-FTR-Cache-Status
X-FTR-Backend-Server
X-Frontend
AMP-Access-Control-Allow-Source-Origin
X-NewRelic-App-Data
X-FTR-Expires
X-Oneagent-Js-Injection
Rt-Fastcgi-Cache
Fastcgi-Cache
Surrogate-Key
X-Oracle-Dms-Rid
Fastly-Restarts
Alternate-Protocol
Eomportal-Instance
X-Forwarded-For
X-GUploader-UploadID
X-Cache-Rule
Cleartype
Cache-Status
X-Analytics
Backend-Timing
X-Accel-Buffering
Host
X-HS-Content-Id
X-HS-Hub-Id
X-RateLimit-Remaining
TP-Cache
TP-L2-Cache
X-Revision
X-Rid
X-Whom
Public-Key-Pins-Report-Only
FilterID
X-FTR-Cache-Host
X-VCache
X-XRDS-LOCATION
X-Srv
X-Debug-Info
X-User-Agent
X-Akam-SW-Version
ServerID
X-AOL-HN
X-TA-CDN-Provider
X-Varnish-Backend
X-NWS-LOG-UUID
X-Cache-2
Front-End-Https
X-Mobile
Accept-Charset
X-Via-JSL
X-Content-Powered-By
X-Request-Processing-Time
X-Webkit-CSP
X-Request-Received
X-Zen-Fury
X-Kinja-Server-Push
X-WPE-Loopback-Upstream-Addr
X-Cached-By
Viewport
X-Node-Name
X-Ttl
X-App-Environment
X-LB-Cache
X-B3-Traceid
X-Correlation-Id
X-Magnolia-Registration
X-Cluster
Host-Header
X-Tumblr-User
X-Tumblr-Pixel-0
X-Page-Id
X-Tumblr-Pixel
X-Varnish-Hostname
X-Cache-Control
Liferay-Portal
X-Device-Type
X-TT
X-Request-Guid
X-Framework
X-Handled-By
X-Content-Security-Policy-Report-Only
X-Platform-Server
X-B3-Sampled
X-B-Cache
X-Signature
X-Akamai-Edgescape
Upgrade-Insecure-Requests
X-FB-Debug
X-BCube-Filmed-By
DC
X-Instance
Cache-Tag
X-Cache-Server
X-Hostname
X-Origin-Server
Server-Node
X-TT-TIMESTAMP
MicrosoftSharePointTeamServices
X-Sol
X-Middleton-Display
X-Amzn-Trace-Id
Display
X-Accel-Expires
X-APP-VERSION
Retry-After
Source
X-WA-Info
X-Servedby
X-Contextid
X-Fastcgi-Cache
X-Varnish-Server
Server-Info
HitInfo
HitType
X-Distil-CS
X-Iejgwucgyu
X-Cache-Action
X-Cache-Operation
X-Esi
Content-Style-Type
Content-Script-Type
X-Wix-Request-Id
X-Seen-By
X-GeoIP
X-Amz-Replication-Status
Webserver
X-RequestSource
X-Port
User-Agent
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-S
X-Edge-Location
X-WebKit-CSP-Report-Only
Actual-Object-TTL
GEO-INFO
X-Locale
X-Jobs
X-Status
X-Response-Served-From
X-UUID
AsisCache
X-Generated-By
X-Edge-Cache
X-FW-Hash
X-FW-Static
X-FW-Type
X-Edge-Cache-Key
X-FW-Server
X-FW-Serve
X-Region
X-TX-ID
SRV
Healthy
X-Adobe-Content
ServedBy
X-Drupal-Cache-Tags
X-Adobe-Loc
X-Varnish-Hits
X-Geo-Country
X-Hyper-Cache
X-ATG-Version
Refresh
X-Yottaa-Metrics
X-Daa-Tunnel
X-Newrelic-App-Data
X-Yottaa-Optimizations
X-DataStream-Cache-Status
X-Middleton-Response
Response
X-Cache-NE
X-Cache-TTL-Remaining
X-Varnish-Grace
IBM-Web2-Location
S-Cnection
Payment
Filters
X-CDN-Forward
X-Cache-Age
X-Amz-Server-Side-Encryption
X-Content-Type
NGB
X-AppVersion
X-Activity-Id
X-Az
Datacenter
X-Pc-Appver
X-Proxied
X-Pc-Key
X-Pc-Hit
X-UA
X-Vg-Webcache
Country
X-Cache-Remote
X-Cache-TTL
X-Cacheable-TTL
Served-By
X-App-Server
X-HS-Cache-Config
Edge-Cache-Tag
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Mode
X-Varnish-IP
X-Sucuri-ID
X-Akamai-Transformed
X-Detected-As
Load-Balancing
X-Is-Bot
Meta-Geo
Machine
X-Cache-Var
X-Cache-Var-Map
X-ProcessESI
X-RN-RSRV
X-Unique-ID
Pagespeed
X-Rendered-As
X-RemovedCookies
X-HS-Combine-CSS
X-Proxy
X-Rocket-Nginx-Bypass
X-FC-Vary-Parameters
X-Rule
TWC-GeoIP-Country
TWC-Device-Class
Webcakes-App-Version
X-OCL
TWC-Locale-Group
Mn-Server-Ip
Webcakes-Region
X-Origin
User-Cache-Control
TWC-GeoIP-LatLong
Webcakes-App-Name
X-Human
X-Tb
X-Varnish-Cache-Hits
X-Varnish-Cacheable
X-ServerID
X-Hosted-By
X-ProxyCache-Status
X-ProxyCache-Key
Property-Id
X-PCL
X-Grey
X-Origin-Hint
X-Cache-Category-Id
X-BYPASS-REASON
DB-Nickname
TWC-Connection-Speed
Access-Control-Allow-Method
TWC-Privacy
Cache-Name
X-Amz-Meta-Surrogate-Control
Backend
AR-Request-ID
X-BB-IP
X-Access
Powered-By-ChinaCache
X-EIG-Tracking-Id
X-Format
ServerName
S-Rt
Azure-SiteName
Azure-RegionName
Azure-SlotName
Azure-Version
Now
L5d-Success-Class
X-Generated
X-Hit
X-Site-Version
X-Section
X-TNCMS
X-Upgrade-Enabled
X-Zipkin-Id
X-Routing-Service
X-OVcl-Cache
X-Loop
X-JoinUs
X-NodeID
X-Original-Request
X-OVcl
Azure-InstanceId
X-CDN-Cache
X-Www-Served-By
Cache-Key
X-Agile-Age
X-Proxy-Build
X-Timing-Wait
X-Agile
X-TWH-CORRELATION-ID
X-Agile-Id
OT-Force-Account-Verify
X-Pubstack
X-App-Name
X-AWS-Id
X-PERF
X-Cache-Config
Access-Control-Request-Headers
Selected-FE
X-Environment-Context
X-VWS-Id
X-IP
X-LJ-Flow-ID
X-L-Path
X-Viewer-Country
X-Via-Fastly
X-Ruxit-Js-Agent
X-ApacheServer
X-NGENIX-Cache
X-Debug-Cache
X-SplitTest
X-Origin-CC
X-Ocache
X-Drupal-Cache-Contexts
HostName
X-CCM
X-Correlation-ID
Cache
X-Backend-Name
X-Mrs-Cache-Hits
X-Mshield-Cache-Status
X-Source
X-Nginx-Cache
X-Mrs-Cache
X-HOST
X-RateLimit-Limit
X-Upstream-CT
Fastcgi-X-Cache
Fastcgi-X-Cache-Version
X-Mrs-Age
X-Upstream-HT
X-Xfnlog-Site
Fastcgi-Useragent
X-URL
X-Akamai-Request-ID
X-Real-IP
From-Origin
X-Pc-Host
X-Pc-Date
X-Storage
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Vgn-Hpd-Reason
X-Forwarded-Host
X-Litespeed-Cache
Fastly-SSL
X-SERVER-NAME
X-NCache
X-Time-Microsecs
X-M-Log
X-NC
X-Internal-Host
X-M-Reqid
X-Qnm-Cache
X-Feature
NtCoent-Length
LB
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-Ms-Lease-Status
X-Ms-Request-Id
X-Ms-Blob-Type
X-Ms-Version
X-Birta-Cache-Post
X-Release
X-Birta-Served
X-Distributor
X-Microcachable
X-Labrador-Cache-Channel
X-VG-TLSProxy
XServer
X-EdgeConnect-Cache-Status
X-UA-Device-Type
Pagetype
X-Webkit-Csp
X-Twitter-Response-Tags
X-B3-Spanid
X-Transaction
X-Connection-Hash
X-Cache-Backend
Time
X-Powered-By-ANYU
Frame-Options
WZWS-RAY
ViewerVersion
BehaviorPad-Version
X-WebServer
X-Server-Time
X-Via-CDN
X-Via-Edge
AKAMAI
X-Rojux
Arc-Country
X-S-Cookie
X-ScT
X-Rewrite-Enabled
Ajk
X-Server-By
X-Via-SSL
Mobile-Detection-Method
X-Cache-Bucket
X-BB-ID
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-D
X-CUA
X-B-Cookie
X-ARC
X-No-Session
X-Accel-Expires-Debug
X-Logtrace-Id
X-Application
X-Irp-Debug
X-Date
X-IN-WAF
X-From
X-SRCache-Key
X-G
X-Generated-In
X-Generation-Time
X-DPWN-IS-SECURE
X-Died
X-IN-APIGATEWAY
X-IN-SSL-APIGATEWAY
X-SIPLIST1
X-Destination
X-Developer
X-A-Wwc
X-A-Dgt
X-UE-Client-Country
NGX
X-Region-Sid
X-Redis-Cache
X-PAYTM-SRV-ID
Meta-Geo-Continent
MD5-Digest
Fly-Cache
Ec-Rule-Version
Fly-Request-Id
X-Request-UUID
IsBot
Rendered-Blocks
Server-Int
X-A
Www
X-A-Ccd
X-A-Dam
X-A-Dcw
X-Trv-Group
X-NU-AKA-ACS-Version
V-Age
T-Server
Viewtype
X-Org
VivaBuild
X-VG-WebServer
Cache-Prefix
X-C
Cneonction
Xc-Version
X-Instance-Name
X-FireWall-Port
X-NWS-UUID-VERIFY
X-PHP-Backend
MIME-Version
X-GZip
X-Request-Time
X-Cluster-Node
X-Sucuri-Cache
X-Web-Node
X-Layer
HA-Urlpath
X-Hnp-Log
X-Hl-Ver
NodeID
HA-Servedtime
X-CGP
Magicmarker
Ha-Gx-Prefs
HA-Geocity
HA-Cloudapp
GMS-Ver
X-Varnish-Action
HA-Geocountry
HA-Geolat
HA-Host
Origin-Cache-Control
HA-Georegion
HA-Geolon
HA-Ipaddr
Release
X-CS
X-Amz-Meta-Cache-Control
X-Dispatcher-Server
Web-Mar-Node
X-Crawler
X-Block-Status
X-Store
X-Cache-Enabled
X-Cache-CFC
X-Core-Value
X-Eu-Site
X-External-Request-Id
X-Node-Id
Pragrma
X-UnsetCookies
X-S-Maxage
X-GeoIP-City
X-Gen-Mode
SN
X-F5-Cache
X-Fastly-Cache
Origin-Edge-Control
X-Key
X-Phone
X-Wikidot-Backend
X-VCT
X-Owner
X-We-Are-Hiring
X-Platform
X-RateLimit-Remaining-Second
X-VServer
X-RateLimit-Limit-Second
Country-Code
Backend-Name
X-Wikidot-Static-Cache
X-Origin-TTL
CACHE
X-V
X-Webstats-RespID
X-App-Version
X-Server-IP
X-Cache-URL
X-Tumblr-Pixel-3
Uber-Trace-Id
X-Secret
X-Cache-Srv
X-Stale
X-Epic-Correlation-Id
X-TT-LOGID
X-Clientip
X-RCS-CacheZone
X-ShardId
X-ShopId
X-Fetched-On
Server-Host
X-Alternate-Cache-Key
X-Cdn-Srv
Thinkindot-Control
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
X-Returned-From-DLL
Powered
X-Request-URI
X-Croise-Owner
X-Reboot
X-Debug-Cookies
X-Backend-Host
X-Backend-State
X-Cache-Expires
X-Backend-Url
X-Backend-TTL
X-Actual-URL
X-Swa-Ws
X-Returned-From-BeforeDispatch
X-Thinkindot-L3
X-Returned-From-PostProcessResponse
X-Core-Mission
X-Developers
Section-Io-Cache
X-Returned-From
X-Debug-Log
X-Response-By
X-FW-Version
Kp-EeAlive
X-Passed-To-PostProcessResponse
X-Var-Ttl
X-Matched-Rule
X-HTML-Minification-Powered-By
X-Policy
MI-Cache
X-MI-In-Market
MI-API
X-Sf
Is-Eu
X-Location
X-Passed-To-BeforeDispatch
X-Passed-To
REQUESTUUID
Countrycode
CDCHOST
X-Passed-To-DLL
X-Variation
Host-ID
Heartbleed
MI-Cache-Age
Apple-News-Services-Request-Url
Request-Country
X-GeoIP-Country-Code
X-Sorting-Hat-ShopId
Proxy-Connection
Request-EU
X-Sorting-Hat-PodId
X-MSEdge-Flight
X-Nginx-Cache-Key
X-Gannett-Site-Version
X-Shopify-Stage
X-Hash
Platform
Odigeo-Trace-Id
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
X-MSEdge-Features
X-Up
Esi-Enabled
Adler-Geo
Origin
Apple-News-Services-Handled
X-NX-Host
X-Real-Ip
X-CACHE-AGE
X-Device-Os
X-ElasticPress-Search
X-Fstrz
X-Ckpd-Fst-Backend
X-Sn-Servicetimems
X-Servername
X-Varnish-Beresp-Ttl
X-Content-Age
X-ServiceProvider
X-Trace-Id
RNT-Time
HTTPS
RNT-Machine
X-Alicdn-Da-Ups-Status
Sid
ProcessTime
Server-ID
X-Worker
X-COUNTRY
True-Client-Country-4JS
Fastly-Backend-Name
Content-Disposition
X-Cache-Host
X-Cdn-Origin
Cache-Tags
Decoy-Debug-Key
On-Server
Decoy-Debug-TTL
Resin-Trace
Decoy-Debug-Status
PFcat
Request-Time
X-Skip-Cache
X-Ezoic-Cdn
X-Rebelmouse-Surrogate-Control
Fastly-SIE
X-Rebelmouse-Cache-Control
Fastly-SWR
Xserver
Warning
X-TIME
X-Dc
X-Pf-Uncompressing
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
X-Endurance-Cache-Level
Cache-Cookie-Set-Lfrom
RequestId
Cteonnt-Length
X-Csrf-Token
Ar-Sid
X-Ua
CF-IPCountry
X-Proto
X-Newrelic-Synthetics
We-Hiring
X-Req
Mail-Subject
X-Refresh
X-Surge-Debug
X-Oss-Request-Id
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-Oss-Server-Time
X-Oss-Storage-Class
WP-Super-Cache
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
PageSpeed
CDN
X-Planisys-CDN-Cache
X-Servedbyhost
X-Nc
X-Guploader-Uploadid
X-Aed
X-Pjax-Url
X-B3-TraceId
X-GEO
X-Cache-ASPX
Pramga
Dnion-Transfer-Encoding
X-Geo
X-CSRF-Token
X-Varnish-Ttl
X-Varnish-Beresp-TTL
X-Edge-IP
Geoip-Latitude
TSSecure
X-GoCache-CacheStatus
Hostname
X-Atg-Version
X-CLOUD-TRACE-CONTEXT
X-DC
X-Time
X-Ms-Lease-State
X-Server-W
GeoIp-Country-Code
X-Hello
X-Page-Type
NODE
X-ABtesting
X-Flog
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
X-Amz-Cf-Pop
X-Oracle-Dms-Ecid
NnCoection
X-Origin-Expires
X-Origin-Date
X-Aicache-OS
X-Varnish-Url
MS-CV
X-Ratelimit-Limit
X-Cache-Control-Set-By
X-Varnish-HitMiss
A
Cdn
X-HCF
Lfy
X-Auto-Login
X-WA
FSS-Proxy
FSS-Cache
SD-X-WS
X-GRACE
X-Datadome
Mime-Version
X-Cdn-Forward
X-Server-Group
WWW-Authenticate
X-Akamai-Request-ID2
Node
Geoip-City
Rt-Proxy-Cache
X-Sentry-ID
X-Wa
X-Check-Cacheable
X-Unique-Id
X-Via-NSCOPI
X-SRV
Processtime
X-Varnish-URL
X-Wix-Route-ID
X-UPSTREAM-Address
X-PAGE-TYPE
X-EC-Security-Audit
PICS-Label
PageType
X-Use-Magma
Memcached
X-APP
X-From-Cache
X-Thanos
X-Cache-Id
X-Bip
X-Served-From
X-Nananana
X-NODE
X-FORWARDED-FOR
X-Edge-Server
GeoIP-Latitude
Lb
X-Cache-Info
X-Gdpr
X-RTag
GeoIP-City
GeoIP-Country-Code
X-Be
Ms-Operation-Id
Cdn-Request-Time
Cdn-Host
X-MP-GENERATED-AT
X-Request-Start
X-CACHE-KEY
X-Cookie
Dont-Set-Cookie
X-Gen-Id
X-Proxy-Server
X-GDPR
Memory
COMMERCE-SERVER-SOFTWARE
X-Fastly-Backend-Reqs
X-Fastly-Cache-Hits
X-Dynatrace-Js-Agent
X-Load-Cache
DataCenter
X-WR-MODIFICATION
Is-Session-Tracking
X-Env
GW-Server
X-PJAX-URL
UCS
Get-Access-Time
X-Cache-HT
X-Optimization
Pics-Label
X-Swift-Error
X-User
Who
X-ServedByHost
X-HS-Status
X-B3-SpanId
X-Ver
Group
V-Cache
X-RateLimit-Reset
X-Cache-Ttl
X-Cache-FS-Status
Cache-Hits
X-Meta-Tbi-Cache-Vertical
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Ibm-Trace
X-Fe
Cf-Ipcountry
Ws
URI
X-Dw-Trace-Id
X-CDN-Pop
X-CDN-Pop-IP
Accept-Language
Amp-Access-Control-Allow-Source-Origin
X-ID
Requestid
Xet-Cookie
X-Shard
X-SB
X-VC
AGE-Hash
NX-Cache
X-GZIP
X-Li-Pop
X-LI-Proto
X-LI-UUID
X-Bug-Bounty
X-Li-Fabric
X-Content-Encoded-By
X-Cache-Debug
X-PF-Uncompressing
Httpd-Identifier
X-BBXSRF
Serverid
X-NGINX-Cache
X-SVT-ORM-VERSION
X-CacheKey
X-Urbn-Site-Id
X-Info
X-SVT-ORM-RULES
X-Urbn-Context-Path
N-Cache
Powered-By
Locale
X-Wix-Petri-Ex
CDN-Node
X-Varnish-Info
CDN-Cache-Hit
X-Ratelimit-Remaining
CDN-Cache
X-Serial
X-Providence-Cookie
X-Is-Crawler
X-Cache-Handler
X-Flags
X-Litespeed-Cache-Control
X-StackifyID
X-RequestId
X-Route-Name
X-ServerName
X-Grace-Duration
Ohc-File-Size
Https
X-Akamai-ERRuleID
X-Akamai-ERPolicy
Version