Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
Last-Modified
Accept-Ranges
Pragma
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
Expect-CT
Via
X-XSS-Protection
X-Cache
Age
Access-Control-Allow-Origin
Content-Security-Policy
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Served-By
X-Amz-Cf-Id
X-Varnish
Referrer-Policy
X-Xss-Protection
X-Timer
CF-Cache-Status
X-FRAME-OPTIONS
Access-Control-Allow-Headers
X-AspNet-Version
X-Request-Id
Access-Control-Allow-Methods
X-Runtime
X-Download-Options
Access-Control-Allow-Credentials
X-Drupal-Cache
X-Cacheable
X-Request-ID
Alt-Svc
X-Generator
Content-Security-Policy-Report-Only
X-Check
X-AspNetMvc-Version
X-Adblock-Key
Status
X-Cache-Status
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Permitted-Cross-Domain-Policies
X-Template
X-Language
X-Iinfo
Content-Encoding
X-Content-Security-Policy
X-Turbo-Charged-By
X-CDN
X-Buckets
X-Type
Keep-Alive
Xkey
X-AH-Environment
X-Cache-Group
WPE-Backend
X-Pass-Why
X-Backend
Access-Control-Max-Age
X-Age
CF-Ray
X-POWERED-BY
Upgrade
X-Server
Access-Control-Expose-Headers
EagleId
X-Via
X-Nginx-Cache-Status
X-Server-Powered-By
X-Drupal-Dynamic-Cache
X-Pingback
X-Varnish-Cache
X-Amz-Id-2
X-Amz-Request-Id
X-Hacker
Grace
X-UA-Device
X-Swift-SaveTime
X-Swift-CacheTime
X-Robots-Tag
Ali-Swift-Global-Savetime
P3p
Cf-Railgun
X-LiteSpeed-Cache
X-Proxy-Cache
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Ua-Compatible
Request-Context
Content-Location
X-Device
X-Ac
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Cnection
X-Amz-Version-Id
X-Host
X-Server-Id
X-Node
X-Cache-Lookup
Surrogate-Control
X-Backend-Server
X-Rq
X-Response-Time
X-Rack-Cache
X-Readtime
X-Application-Context
X-WebKit-CSP
EagleEye-TraceId
X-OneAgent-JS-Injection
Server-Timing
X-Cloud-Trace-Context
X-Url
Pinterest-Generated-By
X-CST
Report-To
Request-Id
X-Instart-Request-ID
X-TTL
X-Country
X-ORACLE-DMS-ECID
X-Px
X-Clacks-Overhead
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Feature-Policy
Edge-Control
X-Country-Code
Rating
Allow
X-Dns-Prefetch-Control
X-DataDome
X-ESI
X-Powered-CMS
X-Vname
X-TtlSet
X-PC
NEL
X-FTR-Request-ID
Charset
X-Server-Name
X-DynaTrace-JS-Agent
X-Origin-Cache
X-DynaTrace
X-MS-InvokeApp
X-Cached
X-Vhost
X-Goog-Hash
X-GitHub-Request-Id
X-Recruiting
X-VARITI-CCR
X-Varnish-TTL
RTSS
X-Version
X-F-Cache
Content-MD5
X-Cdn-Fetch
X-Exp-Variant
X-Exp-Id
X-Kinja
X-Geo-Segment
X-GoogleNews-Bot
X-Kinja-Build
X-Kinja-Revision
X-Kinja-Server
X-Powered-By-Plesk
Accept-CH
Public-Key-Pins
PB-RID
X-Mobile-Rewrite
PB-PID
X-D2id
Arc-Version
X-Mod-Pagespeed
MS-Author-Via
Verso
X-Client-IP
X-Upstream-Env
X-Abt-Application-Version
Pinterest-Version
X-Pinterest-Rid
X-Dispatcher
SPRequestGuid
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-SharePointHealthScore
X-N
X-Ruxit-JS-Agent
X-ORACLE-DMS-RID
X-Amz-Rid
Nginx-Cache
X-CF-Powered-By
X-Navigation-Version
Accept-CH-Lifetime
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-Dw-Request-Base-Id
X-Trace
X-Fastly-Request-ID
Paypal-Debug-Id
X-Forwarded-Proto
X-DIS-Request-ID
X-T
X-Origin-Upstream-Status
X-Upstream
X-Varnish-Age
DynaTrace
X-Hits
X-Grace
SPIisLatency
SPRequestDuration
Arr-Disable-Session-Affinity
X-Amz-Meta-S3cmd-Attrs
TCN
X-Id
AR-PoweredBy
AR-ATIME
X-Oracle-Dms-Rid
X-Pad
X-Shield-Request-Id
AR-CACHE
X-Content-Options
X-Content-Digest
Realpath
X-NF-Request-ID
X-Server-ID
X-HW
Access-Control-Request-Method
MRF-Tech
X-Kinsta-Cache
Mrf-Cache-Status
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
X-IPLB-Instance
X-Acc-Meta-Resource-Type
X-Cache-Hit
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Logged-In
X-B
X-Vcap-Request-Id
X-Debug
X-SS-Set-Cookie
X-Wix-Server-Artifact-Id
X-XRDS-Location
X-NewRelic-App-Data
X-Ser
X-FastCGI-Cache
Service-Worker-Allowed
S
Tracecode
X-MSEdge-Ref
Server-Name
X-PressLabs-Stats
X-FTR-Backend
X-Frontend
X-Country-Code-Real
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-Realm
X-FTR-DC
X-FTR-Cache-Status
Fastly-Restarts
X-Cache-Key
X-FTR-Expires
AMP-Access-Control-Allow-Source-Origin
Rt-Fastcgi-Cache
X-Accel-Buffering
X-Forwarded-For
Surrogate-Key
Fastcgi-Cache
AR-SID
Alternate-Protocol
X-Cache-Rule
X-Analytics
Backend-Timing
Eomportal-Instance
X-HS-Hub-Id
X-HS-Content-Id
Host
Cleartype
TP-L2-Cache
TP-Cache
FilterID
X-Srv
X-Revision
X-Rid
X-Ttl
Cache-Status
Public-Key-Pins-Report-Only
X-FTR-Cache-Host
X-Debug-Info
X-User-Agent
X-Whom
Front-End-Https
X-Akam-SW-Version
Permitted-Cross-Domain-Policies
X-HeyJason
X-Do-Not-Hack
ServerID
X-Mobile
X-Webkit-Csp
X-XRDS-LOCATION
X-AOL-HN
Accept-Charset
X-Varnish-Backend
X-Webkit-CSP
X-RateLimit-Remaining
X-Cdn
X-TA-CDN-Provider
X-Cache-2
X-Iejgwucgyu
X-Kinja-Server-Push
X-Via-JSL
X-Request-Processing-Time
X-GUploader-UploadID
X-Request-Received
X-Zen-Fury
X-Content-Powered-By
X-NWS-LOG-UUID
X-Oneagent-Js-Injection
X-Cached-By
X-Correlation-Id
X-WPE-Loopback-Upstream-Addr
X-VCache
X-App-Environment
Viewport
X-LB-Cache
X-Tumblr-Pixel
X-Page-Id
X-Varnish-Hostname
X-Tumblr-User
X-Tumblr-Pixel-0
X-Node-Name
X-Cache-Control
Host-Header
X-Magnolia-Registration
X-Cluster
X-Device-Type
X-Request-Guid
X-TT
X-Framework
X-Handled-By
X-Akamai-Edgescape
X-B-Cache
X-Content-Security-Policy-Report-Only
X-FB-Debug
X-Signature
X-Platform-Server
X-B3-Sampled
X-BCube-Filmed-By
Upgrade-Insecure-Requests
Cache-Tag
X-Instance
Liferay-Portal
DC
X-Fastcgi-Cache
X-Middleton-Display
X-Sol
Display
X-Amzn-Trace-Id
X-Cache-Server
MicrosoftSharePointTeamServices
X-Hostname
X-Origin-Server
Server-Node
X-TT-TIMESTAMP
X-Accel-Expires
X-Varnish-Server
Source
X-WA-Info
Retry-After
X-B3-Traceid
X-Contextid
X-Servedby
X-Distil-CS
Server-Info
HitInfo
HitType
X-Seen-By
X-Wix-Request-Id
X-Cache-Action
X-Cache-Operation
Content-Script-Type
Content-Style-Type
X-Edge-Location
X-GeoIP
Webserver
X-Amz-Replication-Status
SRV
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-RequestSource
X-S
User-Agent
GEO-INFO
X-Locale
X-Jobs
X-WebKit-CSP-Report-Only
Actual-Object-TTL
X-Status
X-FW-Serve
X-Response-Served-From
X-FW-Hash
X-Edge-Cache
X-Generated-By
X-FW-Server
X-Edge-Cache-Key
X-FW-Static
AsisCache
X-FW-Type
X-Region
X-ATG-Version
X-Adobe-Content
X-Drupal-Cache-Tags
X-TX-ID
X-Varnish-Hits
X-UUID
X-Adobe-Loc
ServedBy
X-Cache-NE
Refresh
X-Port
Healthy
Response
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Middleton-Response
X-APP-VERSION
X-Geo-Country
X-Hyper-Cache
X-DataStream-Cache-Status
X-Esi
Payment
X-Cache-TTL-Remaining
S-Cnection
X-Cache-Age
IBM-Web2-Location
X-Content-Type
X-Newrelic-App-Data
X-Varnish-Grace
X-Amz-Server-Side-Encryption
Datacenter
Filters
X-Daa-Tunnel
X-HS-Cache-Config
Edge-Cache-Tag
Country
NGB
X-Cache-Remote
X-Az
X-Activity-Id
Served-By
X-AppVersion
HostName
X-Pc-Appver
X-Pc-Key
X-Pc-Hit
X-HS-Combine-CSS
Powered-By-ChinaCache
X-Varnish-IP
X-Sucuri-ID
X-Cacheable-TTL
X-Cache-TTL
X-App-Server
X-Vg-Webcache
X-Akamai-Transformed
X-Mshield-Cache-Status
X-Mrs-Age
X-Mrs-Cache-Hits
X-Mode
X-UA
X-Mrs-Cache
Load-Balancing
Machine
X-ProcessESI
X-Is-Bot
X-RN-RSRV
X-Cache-Var-Map
X-Rendered-As
Meta-Geo
X-Cache-Var
X-Proxied
X-Rule
X-RemovedCookies
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Detected-As
X-FC-Vary-Parameters
X-CDN-Forward
X-Rocket-Nginx-Bypass
X-Proxy
TWC-GeoIP-LatLong
TWC-Connection-Speed
X-Hosted-By
X-Cache-Category-Id
Mn-Server-Ip
TWC-GeoIP-Country
X-Human
TWC-Device-Class
Property-Id
OT-Force-Account-Verify
Cache-Name
X-Varnish-Cacheable
Access-Control-Allow-Method
Webcakes-Region
X-BYPASS-REASON
X-Amz-Meta-Surrogate-Control
TWC-Privacy
Webcakes-App-Name
X-ServerID
Webcakes-App-Version
User-Cache-Control
X-ProxyCache-Key
X-ProxyCache-Status
DB-Nickname
X-Origin
X-OCL
TWC-Locale-Group
X-Varnish-Cache-Hits
X-Origin-Hint
X-PCL
Backend
X-Grey
X-Tb
Azure-SlotName
Now
L5d-Success-Class
Azure-SiteName
Azure-RegionName
Azure-InstanceId
X-Loop
X-TNCMS
X-Upgrade-Enabled
X-EIG-Tracking-Id
X-Zipkin-Id
X-Debug-Cache
X-Hit
X-Access
X-Section
X-Site-Version
X-OVcl-Cache
X-OVcl
ServerName
X-BB-IP
S-Rt
X-Format
X-JoinUs
X-NodeID
X-Original-Request
X-CDN-Cache
X-Routing-Service
X-Generated
Azure-Version
X-AWS-Id
X-App-Name
X-Cache-Config
X-Pubstack
X-Upstream-HT
X-ApacheServer
X-PERF
Selected-FE
X-TWH-CORRELATION-ID
X-Agile
X-Agile-Age
X-Upstream-CT
X-HOST
X-NGENIX-Cache
X-VWS-Id
X-Viewer-Country
X-Via-Fastly
X-LJ-Flow-ID
X-L-Path
X-Proxy-Build
X-Environment-Context
X-IP
X-Www-Served-By
X-Timing-Wait
X-Agile-Id
Cache-Key
Fastcgi-X-Cache-Version
Fastcgi-X-Cache
X-SplitTest
Access-Control-Request-Headers
Fastcgi-Useragent
X-CCM
X-Drupal-Cache-Contexts
X-Origin-CC
X-URL
X-Source
X-Ocache
From-Origin
Pagespeed
X-Nginx-Cache
X-Xfnlog-Site
X-Backend-Name
X-Amz-Apigw-Id
X-Amzn-RequestId
X-RateLimit-Limit
X-Unique-ID
Cache
X-App-Version
LB
X-Correlation-ID
X-Akamai-Request-ID
X-Litespeed-Cache
X-Forwarded-Host
Fastly-SSL
X-Storage
X-Vgn-Hpd-Reason
X-Pc-Date
X-Feature
X-Pc-Host
X-Ms-Blob-Type
X-Ms-Version
X-Ms-Lease-Status
ViewerVersion
X-Ms-Request-Id
NtCoent-Length
X-Qnm-Cache
X-M-Log
X-M-Reqid
X-Birta-Served
X-Varnish-Beresp-Grace
X-Birta-Cache-Post
X-Varnish-Beresp-Status
Ar-Sid
X-Labrador-Cache-Channel
AR-Request-ID
X-Time-Microsecs
X-NCache
X-VG-TLSProxy
X-Internal-Host
X-Guploader-Uploadid
X-Cluster-Node
X-Ruxit-Js-Agent
X-Real-IP
X-Real-Ip
X-Distributor
X-Release
X-Microcachable
Time
Xserver
X-EdgeConnect-Cache-Status
X-B3-TraceId
CACHE
X-Powered-By-ANYU
WZWS-RAY
X-B3-Spanid
X-Request-Time
X-Sucuri-Cache
X-Cache-Enabled
X-SERVER-NAME
V-Age
T-Server
Viewtype
Www
Meta-Geo-Continent
Cache-Prefix
Ec-Rule-Version
Fly-Cache
BehaviorPad-Version
Arc-Country
Ajk
AKAMAI
Fly-Request-Id
IsBot
Rendered-Blocks
REQUESTUUID
NGX
Mobile-Detection-Method
MD5-Digest
X-A
Server-Int
X-CF-Lambda-Fn
X-Rewrite-Enabled
X-Request-UUID
X-Rojux
X-S-Cookie
X-Server-By
X-ScT
X-Region-Sid
X-Redis-Cache
X-No-Session
X-Logtrace-Id
X-NU-AKA-ACS-Version
X-Org
X-PAYTM-SRV-ID
X-Server-Time
X-SIPLIST1
X-Via-Edge
X-Via-CDN
X-Via-SSL
X-WebServer
Xc-Version
X-VG-WebServer
X-UE-Client-Country
X-Store
X-SRCache-Key
X-Transaction
X-Trv-Group
X-Twitter-Response-Tags
X-Irp-Debug
X-IN-WAF
X-BB-ID
X-B-Cookie
X-Cache-Bucket
X-CF-Lambda-Version
X-Connection-Hash
X-ARC
X-Application
X-A-Dcw
X-A-Dam
X-A-Dgt
X-A-Wwc
X-Accel-Expires-Debug
X-CUA
X-D
X-Generated-In
X-G
X-Generation-Time
X-IN-APIGATEWAY
X-IN-SSL-APIGATEWAY
X-From
X-DPWN-IS-SECURE
X-Destination
X-Date
X-Developer
X-Died
X-Dispatcher-Server
X-A-Ccd
VivaBuild
ProcessTime
X-Cache-Backend
X-FireWall-Port
X-Varnish-Beresp-Ttl
NodeID
X-Policy
X-RateLimit-Remaining-Second
GMS-Ver
X-Platform
Origin-Edge-Control
Release
Pragrma
X-Phone
Origin-Cache-Control
Magicmarker
HA-Geolon
HA-Georegion
HA-Geolat
HA-Geocountry
HA-Geocity
Ha-Gx-Prefs
HA-Host
X-Amz-Cf-Pop
HA-Urlpath
HA-Servedtime
HA-Ipaddr
HA-Cloudapp
X-Origin-TTL
X-Fastly-Cache
X-Cache-CFC
X-Block-Status
PageSpeed
X-Amz-Meta-Cache-Control
X-F5-Cache
X-External-Request-Id
X-Crawler
X-CS
X-CGP
X-Eu-Site
X-Gen-Mode
X-GeoIP-City
X-Node-Id
SN
X-UA-Device-Type
Server-Host
X-Layer
Web-Mar-Node
X-Hash
X-Hl-Ver
X-Hnp-Log
X-Key
X-Owner
X-RateLimit-Limit-Second
X-NC
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-Sorting-Hat-PodId
Country-Code
X-ShopId
X-Shopify-Stage
X-Web-Node
X-UnsetCookies
X-Varnish-Action
Frame-Options
X-VCT
X-VServer
Backend-Name
X-We-Are-Hiring
X-ShardId
X-Sorting-Hat-ShopId
X-S-Maxage
X-Alternate-Cache-Key
Cneonction
X-Endurance-Cache-Level
X-Nc
X-Webstats-RespID
X-C
X-Instance-Name
X-MI-In-Market
X-Matched-Rule
X-ElasticPress-Search
X-Location
X-MSEdge-Features
X-MSEdge-Flight
Adler-Geo
X-Clientip
X-Croise-Owner
X-Core-Mission
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
Uber-Trace-Id
X-Nginx-Cache-Key
Thinkindot-Control
X-Newrelic-Synthetics
X-GZip
X-Epic-Correlation-Id
X-FW-Version
X-Cache-Srv
X-Backend-Host
X-Backend-State
X-Fetched-On
X-Backend-Url
X-Backend-TTL
X-Cache-URL
X-Gannett-Site-Version
X-Debug-Log
X-Debug-Cookies
X-HTML-Minification-Powered-By
X-Developers
X-GeoIP-Country-Code
X-Actual-URL
X-Dc
X-Cache-Expires
X-NX-Host
X-Request-URI
Is-Eu
X-Response-By
Heartbleed
X-Reboot
Kp-EeAlive
MI-Cache-Age
MI-Cache
X-Variation
X-RCS-CacheZone
Countrycode
X-Thinkindot-L3
X-Returned-From
X-Returned-From-BeforeDispatch
X-Returned-From-DLL
X-Returned-From-PostProcessResponse
X-Secret
X-Server-IP
X-Swa-Ws
X-Stale
X-Sf
Esi-Enabled
X-Core-Value
MI-API
Request-Country
Request-EU
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
X-Var-Ttl
X-Passed-To-PostProcessResponse
X-Passed-To-DLL
Apple-News-Services-Handled
Section-Io-Cache
Apple-News-Services-Host
X-Passed-To
X-Passed-To-BeforeDispatch
Powered
Proxy-Connection
X-Tumblr-Pixel-3
Odigeo-Trace-Id
CDCHOST
X-TT-LOGID
X-Up
Origin
Platform
Pagetype
X-Ua
Cache-Cookie-Set-Idcheck
X-Worker
Resin-Trace
X-Device-Os
Cache-Cookie-Set-From
X-Trace-Id
X-Sn-Servicetimems
X-Fstrz
X-ServiceProvider
Cache-Cookie-Set-Lfrom
X-NWS-UUID-VERIFY
X-Ezoic-Cdn
X-Cache-Host
X-V
Decoy-Debug-TTL
Decoy-Debug-Status
Decoy-Debug-Key
HTTPS
On-Server
True-Client-Country-4JS
Server-ID
RNT-Time
RNT-Machine
Content-Disposition
Fastly-Backend-Name
X-Cdn-Srv
X-Ckpd-Fst-Backend
X-Content-Age
Cache-Tags
X-Cdn-Origin
X-Alicdn-Da-Ups-Status
X-Rebelmouse-Surrogate-Control
X-CACHE-AGE
Warning
X-TIME
X-Rebelmouse-Cache-Control
Host-ID
X-Skip-Cache
X-Servername
Fastly-SIE
Fastly-SWR
X-Surge-Debug
XServer
X-Csrf-Token
RequestId
X-GEO
MIME-Version
Sid
X-Req
PFcat
X-Pf-Uncompressing
Request-Time
X-Proto
X-Aed
Cteonnt-Length
X-Dynatrace-Js-Agent
X-PHP-Backend
Pramga
Mail-Subject
X-Edge-IP
X-Refresh
We-Hiring
TSSecure
X-Pjax-Url
X-Ms-Lease-State
CF-IPCountry
X-Cdn-Forward
X-Varnish-Ttl
X-Planisys-CDN-Cache
WP-Super-Cache
X-Planisys-CDN-Rules
X-Hello
X-Server-W
X-Page-Type
Cdn
X-ABtesting
X-Planisys-CDN-TTL
X-Flog
X-Atg-Version
X-Ratelimit-Limit
X-CLOUD-TRACE-CONTEXT
X-Oss-Storage-Class
X-Time
X-Oss-Server-Time
X-Oss-Request-Id
Mime-Version
X-COUNTRY
X-Oss-Object-Type
X-Varnish-Url
X-Servedbyhost
X-Oss-Hash-Crc64ecma
X-Geo
Dnion-Transfer-Encoding
X-Cache-ASPX
CDN
X-CSRF-Token
Geoip-Latitude
X-Auto-Login
GeoIp-Country-Code
X-DC
X-Oracle-Dms-Ecid
X-GoCache-CacheStatus
Lfy
X-DataStream-MidMile-RTT
FSS-Cache
FSS-Proxy
X-Unique-Id
X-Aicache-OS
X-DataStream-Origin-MEX-Latency
X-Varnish-Beresp-TTL
X-WA
A
PageType
X-Akamai-Request-ID2
X-Sentry-ID
X-GRACE
X-Datadome
Rt-Proxy-Cache
MS-CV
NnCoection
X-Via-NSCOPI
X-Origin-Expires
X-Origin-Date
X-EC-Security-Audit
NODE
X-HCF
X-Bip
X-Thanos
Node
X-Varnish-HitMiss
X-MP-GENERATED-AT
X-CACHE-KEY
X-Cache-Control-Set-By
X-Cache-Id
Memcached
X-Served-From
X-Check-Cacheable
Hostname
X-Cache-Info
X-Be
SD-X-WS
X-Wa
X-APP
X-Use-Magma
WWW-Authenticate
GeoIP-Country-Code
X-Request-Start
X-Server-Group
GeoIP-Latitude
X-UPSTREAM-Address
X-Proxy-Server
X-Nananana
X-NODE
Memory
Geoip-City
GeoIP-City
X-SRV
X-Ratelimit-Remaining
X-Fastly-Cache-Hits
X-Wix-Route-ID
X-ServedByHost
X-Cookie
PICS-Label
X-PAGE-TYPE
X-Vcache
GW-Server
X-Varnish-URL
UCS
X-From-Cache
X-Gen-Id
X-GDPR
Processtime
X-User
X-Load-Cache
X-RTag
DataCenter
X-WR-MODIFICATION
Cache-Hits
X-Fastly-Backend-Reqs
X-Gdpr
X-HS-Status
Amp-Access-Control-Allow-Source-Origin
X-Edge-Server
Cdn-Request-Time
X-FORWARDED-FOR
Cdn-Host
Cf-Ipcountry
Ms-Operation-Id
Accept-Language
Pics-Label
X-PJAX-URL
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Swift-Error
COMMERCE-SERVER-SOFTWARE
X-BBXSRF
Locale
Dont-Set-Cookie
X-Cache-Debug
X-Cache-Ttl
X-Li-Fabric
X-Urbn-Site-Id
X-B3-SpanId
X-LI-UUID
X-Urbn-Context-Path
X-Li-Pop
X-LI-Proto
X-Path-Route
Get-Access-Time
Is-Session-Tracking
X-Env
X-VG-WebCache
X-Info
X-Cache-HT
Lb
X-Optimization
V-Cache
X-RateLimit-Reset
Group
X-CDN-Pop
X-Fe
X-CDN-Pop-IP
X-Dw-Trace-Id
X-PF-Uncompressing
X-ID
NX-Cache
Fastly-Soc-X-Request-Id
X-Content-Encoded-By
URI
Who
SS
Requestid
X-GZIP
X-Qloud-Router
X-Bug-Bounty
X-NGINX-Cache
Serverid
X-CacheKey
X-Cache-FS-Status
X-Ver
X-Varnish-Info
CDN-Cache
AGE-Hash
CDN-Node
X-P-T
CDN-Cache-Hit
X-ServerName
Xet-Cookie
X-SN
X-Serial
SID
X-Akamai-SSL-Client-Sid
X-Litespeed-Cache-Control
X-Ibm-Trace
X-Akamai-ERPolicy
X-SB
X-Akamai-ERRuleID
X-VC
Https
X-Grace-Duration
X-RequestId
N-Cache
Ws
X-Flags
X-Is-Crawler
X-Meta-Tbi-Cache-Vertical
X-Route-Name
X-Providence-Cookie
X-Shard