Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
Last-Modified
Accept-Ranges
Pragma
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
Expect-CT
Via
X-XSS-Protection
X-Cache
Age
Access-Control-Allow-Origin
Content-Security-Policy
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Served-By
X-Amz-Cf-Id
X-Varnish
Referrer-Policy
X-Xss-Protection
X-Timer
CF-Cache-Status
X-FRAME-OPTIONS
Access-Control-Allow-Headers
X-AspNet-Version
X-Request-Id
Access-Control-Allow-Methods
X-Runtime
X-Download-Options
Access-Control-Allow-Credentials
X-Drupal-Cache
X-Cacheable
Alt-Svc
X-Request-ID
X-Generator
Content-Security-Policy-Report-Only
X-Check
X-AspNetMvc-Version
Status
X-Cache-Status
X-Adblock-Key
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Iinfo
X-Permitted-Cross-Domain-Policies
X-Template
Content-Encoding
X-Language
X-Content-Security-Policy
X-Turbo-Charged-By
X-CDN
X-Type
X-Buckets
Keep-Alive
Xkey
X-AH-Environment
X-Backend
X-Cache-Group
WPE-Backend
Access-Control-Max-Age
X-Pass-Why
X-Age
X-Server
CF-Ray
Upgrade
X-POWERED-BY
EagleId
Access-Control-Expose-Headers
X-Via
X-Nginx-Cache-Status
X-Server-Powered-By
X-Drupal-Dynamic-Cache
X-Pingback
X-Varnish-Cache
Grace
X-Hacker
X-Amz-Id-2
X-Amz-Request-Id
X-Swift-SaveTime
X-Swift-CacheTime
X-UA-Device
X-Robots-Tag
Ali-Swift-Global-Savetime
Cf-Railgun
P3p
X-Proxy-Cache
X-Envoy-Upstream-Service-Time
X-LiteSpeed-Cache
X-Page-Speed
X-Ua-Compatible
Request-Context
Content-Location
X-Device
X-Ac
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Cnection
X-Node
X-Amz-Version-Id
X-Host
X-Cache-Lookup
Surrogate-Control
X-Server-Id
X-WebKit-CSP
X-Backend-Server
X-Rq
X-Rack-Cache
X-Response-Time
X-Application-Context
X-Readtime
EagleEye-TraceId
X-CST
Server-Timing
Pinterest-Generated-By
X-Cloud-Trace-Context
X-Url
X-TTL
Request-Id
X-Instart-Request-ID
Report-To
X-OneAgent-JS-Injection
X-Px
X-Country
X-Clacks-Overhead
X-ORACLE-DMS-ECID
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Feature-Policy
Edge-Control
Rating
X-Country-Code
Allow
X-DynaTrace-JS-Agent
X-DataDome
Charset
X-Powered-CMS
X-PC
X-TtlSet
X-Vname
X-Dns-Prefetch-Control
X-FTR-Request-ID
X-ESI
X-Origin-Cache
X-DynaTrace
NEL
X-Server-Name
X-MS-InvokeApp
X-Cached
X-Goog-Hash
X-Recruiting
X-Varnish-TTL
X-Vhost
X-VARITI-CCR
X-GitHub-Request-Id
RTSS
X-ORACLE-DMS-RID
Content-MD5
X-F-Cache
X-Version
X-Cdn-Fetch
X-Kinja
X-Geo-Segment
X-Kinja-Build
X-Kinja-Revision
X-Kinja-Server
X-Exp-Variant
X-GoogleNews-Bot
X-Exp-Id
X-Powered-By-Plesk
Public-Key-Pins
Accept-CH
PB-RID
PB-PID
X-Mobile-Rewrite
Arc-Version
X-Mod-Pagespeed
X-D2id
X-Upstream-Env
Pinterest-Version
X-Pinterest-Rid
Verso
X-Client-IP
MS-Author-Via
X-Abt-Application-Version
SPRequestGuid
X-CF-Powered-By
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Dispatcher
X-N
X-SharePointHealthScore
X-Amz-Rid
AR-ATIME
AR-PoweredBy
X-Navigation-Version
Accept-CH-Lifetime
Nginx-Cache
AR-CACHE
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Dw-Request-Base-Id
X-T
DynaTrace
X-Trace
X-Fastly-Request-ID
Paypal-Debug-Id
X-Grace
X-Upstream
X-Varnish-Age
X-Hits
Arr-Disable-Session-Affinity
TCN
X-Forwarded-Proto
X-Origin-Upstream-Status
X-DIS-Request-ID
X-Id
X-Pad
X-Amz-Meta-S3cmd-Attrs
SPIisLatency
SPRequestDuration
X-Shield-Request-Id
X-FastCGI-Cache
X-HeyJason
X-Do-Not-Hack
Permitted-Cross-Domain-Policies
X-Ruxit-JS-Agent
AR-SID
X-Content-Options
X-Content-Digest
Realpath
X-NF-Request-ID
X-Cache-Hit
X-Kinsta-Cache
X-IPLB-Instance
Access-Control-Request-Method
Mrf-Cache-Status
X-Acc-Meta-Resource-Type
MRF-Tech
X-Logged-In
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
X-B
X-Server-ID
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-HW
X-Vcap-Request-Id
X-SS-Set-Cookie
X-Oneagent-Js-Injection
X-Debug
S
Service-Worker-Allowed
X-MSEdge-Ref
X-Ser
X-XRDS-Location
X-Wix-Server-Artifact-Id
Server-Name
X-PressLabs-Stats
X-Frontend
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-Backend
X-Cache-Key
X-Country-Code-Real
X-FTR-Cache-Status
X-FTR-Realm
X-FTR-DC
Tracecode
AMP-Access-Control-Allow-Source-Origin
X-NewRelic-App-Data
X-FTR-Expires
Rt-Fastcgi-Cache
Fastcgi-Cache
Surrogate-Key
X-GUploader-UploadID
X-Oracle-Dms-Rid
X-Forwarded-For
Eomportal-Instance
Fastly-Restarts
Alternate-Protocol
Cleartype
X-Cache-Rule
Cache-Status
X-Analytics
Backend-Timing
X-HS-Content-Id
X-Srv
X-HS-Hub-Id
Host
TP-L2-Cache
TP-Cache
X-VCache
X-Revision
X-Rid
X-Whom
X-User-Agent
Public-Key-Pins-Report-Only
X-XRDS-LOCATION
X-Accel-Buffering
X-FTR-Cache-Host
FilterID
X-Debug-Info
X-Akam-SW-Version
X-NWS-LOG-UUID
ServerID
X-AOL-HN
X-TA-CDN-Provider
X-RateLimit-Remaining
X-Varnish-Backend
X-Cache-2
X-Via-JSL
Accept-Charset
X-Content-Powered-By
X-Mobile
Front-End-Https
X-Request-Processing-Time
X-Request-Received
X-Webkit-CSP
X-Zen-Fury
X-Cdn
X-Kinja-Server-Push
Viewport
X-Cached-By
X-Ttl
X-WPE-Loopback-Upstream-Addr
X-B3-Traceid
X-App-Environment
X-Node-Name
X-LB-Cache
X-Magnolia-Registration
X-Correlation-Id
Liferay-Portal
X-Content-Security-Policy-Report-Only
X-Page-Id
X-Cluster
Host-Header
X-Tumblr-User
X-Varnish-Hostname
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Framework
X-Device-Type
X-B3-Sampled
X-Akamai-Edgescape
X-Request-Guid
X-Cache-Control
Upgrade-Insecure-Requests
X-BCube-Filmed-By
X-B-Cache
X-Handled-By
X-Signature
X-TT
X-Platform-Server
X-Instance
X-FB-Debug
DC
Cache-Tag
X-Cache-Server
X-Hostname
Server-Node
X-Origin-Server
X-TT-TIMESTAMP
MicrosoftSharePointTeamServices
Source
X-Amzn-Trace-Id
Display
X-Sol
X-Middleton-Display
Retry-After
X-Accel-Expires
X-Contextid
X-APP-VERSION
X-WA-Info
X-Servedby
X-Varnish-Server
HitType
Server-Info
HitInfo
X-Cache-Action
X-Distil-CS
X-Cache-Operation
X-Esi
X-Seen-By
Content-Script-Type
Content-Style-Type
X-Wix-Request-Id
X-Port
X-GeoIP
Webserver
X-RequestSource
X-Tumblr-Pixel-2
X-Generated-By
X-WebKit-CSP-Report-Only
X-Fastcgi-Cache
X-Edge-Location
GEO-INFO
X-S
X-Tumblr-Pixel-1
X-Amz-Replication-Status
X-Status
User-Agent
Actual-Object-TTL
Healthy
X-Jobs
X-Locale
X-Varnish-Hits
X-UUID
X-Edge-Cache
X-FW-Hash
X-FW-Serve
X-FW-Server
X-Edge-Cache-Key
X-Geo-Country
X-Response-Served-From
X-Region
X-FW-Type
AsisCache
X-FW-Static
X-Drupal-Cache-Tags
X-Adobe-Content
X-Adobe-Loc
X-TX-ID
SRV
ServedBy
X-Hyper-Cache
X-Litespeed-Cache
X-Daa-Tunnel
Refresh
X-Newrelic-App-Data
X-DataStream-Cache-Status
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Varnish-Grace
Response
X-Middleton-Response
X-Cache-TTL-Remaining
X-Cache-NE
Filters
IBM-Web2-Location
X-Cache-Age
X-Amz-Server-Side-Encryption
NGB
S-Cnection
X-CDN-Forward
X-Iejgwucgyu
X-ATG-Version
Payment
X-Content-Type
X-Activity-Id
X-AppVersion
X-Az
X-URL
X-Proxied
Datacenter
X-Pc-Key
X-Pc-Hit
X-Pc-Appver
X-Cache-Remote
X-Cacheable-TTL
X-Ruxit-Js-Agent
X-Cache-TTL
X-App-Server
X-Vg-Webcache
Country
Cache
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
Served-By
AR-Request-ID
X-HS-Cache-Config
X-Unique-ID
Edge-Cache-Tag
X-UA
X-Sucuri-ID
X-Akamai-Transformed
X-Mode
X-Varnish-IP
X-RN-RSRV
Load-Balancing
X-ProcessESI
Machine
X-Cache-Var
X-RemovedCookies
Meta-Geo
X-Rendered-As
X-Detected-As
X-Cache-Var-Map
X-Is-Bot
X-Proxy
X-FC-Vary-Parameters
X-Rocket-Nginx-Bypass
X-Amz-Meta-Surrogate-Control
X-Varnish-Cache-Hits
X-ServerID
Access-Control-Allow-Method
X-BB-IP
X-Varnish-Cacheable
X-Cache-Category-Id
X-BYPASS-REASON
Mn-Server-Ip
X-Rule
Webcakes-Region
X-Hosted-By
TWC-GeoIP-Country
TWC-Device-Class
TWC-Connection-Speed
X-Human
TWC-GeoIP-LatLong
TWC-Locale-Group
Webcakes-App-Name
Webcakes-App-Version
User-Cache-Control
Property-Id
TWC-Privacy
Backend
X-ProxyCache-Status
X-Origin
Cache-Name
X-ProxyCache-Key
DB-Nickname
X-PCL
X-Grey
X-OCL
X-Origin-Hint
X-Tb
X-EIG-Tracking-Id
X-OVcl-Cache
X-Zipkin-Id
L5d-Success-Class
X-Upgrade-Enabled
X-Generated
X-Routing-Service
X-L-Path
X-NodeID
X-Section
ServerName
S-Rt
X-Site-Version
X-Hit
X-CDN-Cache
X-OVcl
Azure-Version
X-Access
X-Format
X-TNCMS
X-Loop
Azure-SiteName
X-Environment-Context
Azure-SlotName
Azure-RegionName
Azure-InstanceId
X-Viewer-Country
Now
X-JoinUs
X-Debug-Cache
X-HS-Combine-CSS
X-Www-Served-By
X-Original-Request
X-Via-Fastly
X-Ocache
X-Cache-Config
X-Pubstack
X-Timing-Wait
X-Proxy-Build
X-LJ-Flow-ID
X-PERF
X-SplitTest
X-IP
X-AWS-Id
X-Agile
X-VWS-Id
X-NGENIX-Cache
X-Agile-Age
X-Agile-Id
X-App-Name
X-ApacheServer
Selected-FE
Cache-Key
Access-Control-Request-Headers
X-Origin-CC
X-Drupal-Cache-Contexts
X-Backend-Name
X-TWH-CORRELATION-ID
X-CCM
OT-Force-Account-Verify
X-Correlation-ID
X-Real-IP
X-Source
X-Xfnlog-Site
X-Nginx-Cache
X-HOST
X-Pc-Host
Pagespeed
X-Upstream-HT
X-Pc-Date
X-Upstream-CT
X-Akamai-Request-ID
HostName
Powered-By-ChinaCache
X-Mshield-Cache-Status
X-Mrs-Cache-Hits
X-Mrs-Cache
X-Mrs-Age
Fastcgi-Useragent
X-RateLimit-Limit
Fastcgi-X-Cache
Fastcgi-X-Cache-Version
X-Storage
X-Vgn-Hpd-Reason
From-Origin
X-Forwarded-Host
X-Amz-Apigw-Id
X-NC
X-Amzn-RequestId
Fastly-SSL
X-SERVER-NAME
X-NCache
X-Time-Microsecs
X-Internal-Host
X-M-Log
X-M-Reqid
X-Feature
X-Qnm-Cache
X-Distributor
X-Release
X-Microcachable
X-UA-Device-Type
X-Birta-Served
XServer
LB
X-Labrador-Cache-Channel
X-Birta-Cache-Post
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
NtCoent-Length
Pagetype
X-Ms-Version
X-Ms-Request-Id
X-Ms-Blob-Type
X-Ms-Lease-Status
X-VG-TLSProxy
X-Cache-Backend
X-B3-Spanid
X-EdgeConnect-Cache-Status
X-Connection-Hash
X-Transaction
X-Webkit-Csp
X-PHP-Backend
X-Twitter-Response-Tags
MIME-Version
Frame-Options
Time
X-Sucuri-Cache
X-C
X-CUA
X-D
X-UE-Client-Country
X-Dispatcher-Server
X-Died
WZWS-RAY
X-CS
X-Developer
X-Org
X-Date
X-DPWN-IS-SECURE
X-Destination
X-Powered-By-ANYU
X-Cache-Bucket
Mobile-Detection-Method
NGX
X-A-Dam
X-SRCache-Key
X-A-Dcw
X-A-Dgt
MD5-Digest
Meta-Geo-Continent
X-A-Wwc
X-A-Ccd
X-A
T-Server
Server-Int
X-SIPLIST1
Rendered-Blocks
V-Age
Www
VivaBuild
Viewtype
X-Accel-Expires-Debug
IsBot
Cache-Prefix
X-Trv-Group
X-Server-By
X-Server-Time
BehaviorPad-Version
Arc-Country
AKAMAI
X-CF-Lambda-Version
X-CF-Lambda-Fn
Ec-Rule-Version
X-VG-WebServer
Host-ID
X-ARC
X-Application
X-B-Cookie
X-Region-Sid
X-BB-ID
Fly-Cache
Fly-Request-Id
Ajk
Cneonction
X-Request-UUID
X-ScT
X-Rojux
X-Rewrite-Enabled
X-From
X-Logtrace-Id
X-Irp-Debug
X-G
X-IN-APIGATEWAY
X-Instance-Name
X-IN-WAF
X-WebServer
X-GZip
X-PAYTM-SRV-ID
X-Generated-In
X-Via-CDN
X-No-Session
X-Generation-Time
X-NU-AKA-ACS-Version
X-Redis-Cache
X-IN-SSL-APIGATEWAY
Xc-Version
X-S-Cookie
X-Via-SSL
X-Web-Node
X-Via-Edge
X-FireWall-Port
HA-Geolon
HA-Geocountry
HA-Geolat
X-Hnp-Log
X-Phone
X-Hash
X-Cache-CFC
X-Block-Status
X-Hl-Ver
HA-Cloudapp
GMS-Ver
HA-Georegion
HA-Geocity
X-Store
Origin-Edge-Control
Origin-Cache-Control
X-Origin-TTL
NodeID
Web-Mar-Node
Pragrma
X-NX-Host
SN
X-Node-Id
X-Owner
X-Layer
HA-Servedtime
HA-Ipaddr
HA-Host
HA-Urlpath
Country-Code
X-Key
Magicmarker
X-Amz-Meta-Cache-Control
Ha-Gx-Prefs
X-Cache-Enabled
X-Wikidot-Backend
X-Debug-Cookies
X-Var-Ttl
X-Debug-Log
X-Wikidot-Static-Cache
X-UnsetCookies
X-Request-Time
X-Platform
X-RateLimit-Limit-Second
X-We-Are-Hiring
X-RateLimit-Remaining-Second
X-Varnish-Action
X-Eu-Site
X-VCT
Server-Host
X-External-Request-Id
X-F5-Cache
X-VServer
X-V
X-Fastly-Cache
X-Crawler
X-S-Maxage
X-Gen-Mode
Backend-Name
X-Core-Value
X-CGP
X-GeoIP-City
ViewerVersion
X-App-Version
X-Webstats-RespID
X-NWS-UUID-VERIFY
X-Cache-Srv
X-Nginx-Cache-Key
X-MSEdge-Flight
X-GeoIP-Country-Code
X-RCS-CacheZone
X-MSEdge-Features
X-Secret
X-Epic-Correlation-Id
X-Cache-Host
X-Cache-Expires
X-Response-By
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
X-Reboot
X-Cache-URL
Uber-Trace-Id
Thinkindot-Control
X-Sf
X-Developers
X-Fetched-On
X-Server-IP
X-HTML-Minification-Powered-By
X-Gannett-Site-Version
X-Clientip
X-Croise-Owner
X-FW-Version
X-Core-Mission
X-Backend-Host
X-Backend-State
X-Location
X-Cdn-Origin
X-Matched-Rule
X-Backend-Url
X-Cdn-Srv
X-Request-URI
X-Backend-TTL
X-MI-In-Market
X-Swa-Ws
X-TT-LOGID
X-Trace-Id
CDCHOST
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Countrycode
Esi-Enabled
MI-API
Kp-EeAlive
Is-Eu
X-Thinkindot-L3
Apple-News-Services-Handled
Adler-Geo
X-Alternate-Cache-Key
X-Up
X-Variation
Section-Io-Cache
X-ShardId
X-ShopId
X-Tumblr-Pixel-3
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-Shopify-Stage
MI-Cache
Apple-News-Services-Host
X-Sn-Servicetimems
Platform
MI-Cache-Age
Release
PFcat
Origin
Request-EU
Proxy-Connection
Odigeo-Trace-Id
Request-Country
X-CACHE-AGE
X-Cluster-Node
X-Returned-From
X-Content-Age
RNT-Machine
RNT-Time
Request-Time
True-Client-Country-4JS
Sid
X-Returned-From-DLL
Powered
X-Fstrz
X-Policy
REQUESTUUID
X-Returned-From-PostProcessResponse
X-Worker
X-Passed-To
X-ElasticPress-Search
Server-ID
X-Passed-To-PostProcessResponse
X-Passed-To-DLL
X-Passed-To-BeforeDispatch
X-Device-Os
Resin-Trace
X-Returned-From-BeforeDispatch
HTTPS
Decoy-Debug-TTL
Decoy-Debug-Status
Heartbleed
Fastly-Backend-Name
X-Ckpd-Fst-Backend
X-Rebelmouse-Cache-Control
Fastly-SWR
Fastly-SIE
Decoy-Debug-Key
X-Servername
X-Rebelmouse-Surrogate-Control
On-Server
X-Actual-URL
Cache-Tags
X-Alicdn-Da-Ups-Status
Content-Disposition
X-ServiceProvider
X-Stale
X-Varnish-Beresp-Ttl
X-Ua
X-Ezoic-Cdn
X-Oracle-Dms-Ecid
ProcessTime
X-Skip-Cache
X-Dc
Xserver
Cteonnt-Length
X-Real-Ip
X-Pf-Uncompressing
Warning
X-Csrf-Token
PageSpeed
Cache-Cookie-Set-From
RequestId
X-Oss-Hash-Crc64ecma
Cache-Cookie-Set-Idcheck
X-Oss-Server-Time
X-Endurance-Cache-Level
Cache-Cookie-Set-Lfrom
X-Oss-Storage-Class
CF-IPCountry
X-Oss-Request-Id
X-Proto
X-Oss-Object-Type
WP-Super-Cache
CDN
X-Planisys-CDN-TTL
X-TIME
X-Refresh
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-Servedbyhost
Mail-Subject
We-Hiring
X-Req
X-Newrelic-Synthetics
X-Surge-Debug
X-Atg-Version
CACHE
X-GEO
X-Cache-ASPX
X-Pjax-Url
X-B3-TraceId
Hostname
Ar-Sid
X-Aed
Dnion-Transfer-Encoding
X-GoCache-CacheStatus
X-Varnish-Ttl
X-Time
X-Nc
X-CSRF-Token
X-Varnish-Beresp-TTL
X-Edge-IP
X-CLOUD-TRACE-CONTEXT
X-DC
NODE
X-Server-W
GeoIp-Country-Code
Geoip-Latitude
X-Geo
Pramga
TSSecure
X-COUNTRY
NnCoection
X-Guploader-Uploadid
X-Ms-Lease-State
X-Origin-Date
X-Page-Type
X-Origin-Expires
X-DataStream-Origin-MEX-Latency
X-Hello
X-Varnish-HitMiss
X-DataStream-MidMile-RTT
X-Flog
X-ABtesting
X-Aicache-OS
X-HCF
X-Cache-Control-Set-By
MS-CV
X-Ratelimit-Limit
X-WA
SD-X-WS
X-Varnish-Url
A
X-Akamai-Request-ID2
X-Server-Group
WWW-Authenticate
X-GRACE
Lfy
X-Auto-Login
X-Datadome
X-Amz-Cf-Pop
Cdn
X-Cdn-Forward
Processtime
X-UPSTREAM-Address
FSS-Cache
FSS-Proxy
Geoip-City
Mime-Version
Node
X-Varnish-URL
X-Wix-Route-ID
PICS-Label
X-Wa
Rt-Proxy-Cache
X-Via-NSCOPI
X-Sentry-ID
X-PAGE-TYPE
X-From-Cache
Lb
X-Use-Magma
X-APP
Cdn-Request-Time
X-Cache-Id
X-Check-Cacheable
X-Gdpr
X-Unique-Id
X-EC-Security-Audit
GeoIP-Country-Code
X-Edge-Server
Cdn-Host
GeoIP-Latitude
X-NODE
X-RTag
Ms-Operation-Id
X-Nananana
Dont-Set-Cookie
GeoIP-City
X-Cache-Info
X-Gen-Id
Memcached
X-Bip
X-Thanos
X-SRV
X-Served-From
PageType
X-CACHE-KEY
COMMERCE-SERVER-SOFTWARE
X-Cookie
X-WR-MODIFICATION
X-Proxy-Server
X-Optimization
X-GDPR
X-Request-Start
X-Env
X-Cache-HT
Get-Access-Time
X-Fastly-Backend-Reqs
X-MP-GENERATED-AT
X-Fastly-Cache-Hits
X-Be
Is-Session-Tracking
X-Dynatrace-Js-Agent
DataCenter
X-Load-Cache
X-PJAX-URL
X-FORWARDED-FOR
Who
X-HS-Status
UCS
X-Cache-FS-Status
X-Ver
X-Swift-Error
Pics-Label
Memory
X-Ratelimit-Remaining
X-B3-SpanId
X-Cache-Ttl
GW-Server
X-Fe
Ws
X-ServedByHost
X-RateLimit-Reset
X-User
Group
V-Cache
X-Meta-Tbi-Cache-Vertical
X-Ibm-Trace
Cache-Hits
X-Shard
X-Dw-Trace-Id
URI
Httpd-Identifier
Cf-Ipcountry
X-Wix-Petri-Ex
X-CDN-Pop-IP
X-CDN-Pop
X-ID
Amp-Access-Control-Allow-Source-Origin
AGE-Hash
Requestid
NX-Cache
X-Goog-Meta-Goog-Reserved-File-Mtime
X-PF-Uncompressing
Xet-Cookie
X-Bug-Bounty
X-SB
X-VC
X-SVT-ORM-VERSION
X-GZIP
Powered-By
X-SVT-ORM-RULES
X-NGINX-Cache
Accept-Language
Serverid
X-Varnish-Info
Version
N-Cache
X-CacheKey
X-Content-Encoded-By
Ohc-File-Size
X-Cache-Debug
X-Li-Fabric
X-Li-Pop
X-LI-UUID
X-LI-Proto
X-BBXSRF
CDN-Node
X-Urbn-Context-Path
X-Urbn-Site-Id
CDN-Cache
Locale
X-StackifyID
CDN-Cache-Hit
X-Path-Route
X-BE
X-LiteSpeed-Cache-Control
X-Flags
X-Is-Crawler
X-Litespeed-Cache-Control
X-RequestId
X-Cache-Handler
X-Providence-Cookie
X-Route-Name
Https
X-Grace-Duration
X-Akamai-ERRuleID
X-Akamai-ERPolicy
X-ServerName
X-P-T