Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
Last-Modified
Accept-Ranges
Pragma
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
Expect-CT
Via
X-XSS-Protection
X-Cache
Age
Access-Control-Allow-Origin
Content-Security-Policy
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Served-By
X-Amz-Cf-Id
X-Varnish
Referrer-Policy
X-Xss-Protection
X-Timer
CF-Cache-Status
X-FRAME-OPTIONS
Access-Control-Allow-Headers
X-AspNet-Version
Access-Control-Allow-Methods
X-Request-Id
X-Runtime
X-Download-Options
Access-Control-Allow-Credentials
X-Drupal-Cache
X-Request-ID
X-Cacheable
Alt-Svc
X-Generator
Content-Security-Policy-Report-Only
X-Check
X-AspNetMvc-Version
Status
X-Adblock-Key
X-Cache-Status
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Template
X-Iinfo
X-Permitted-Cross-Domain-Policies
X-Language
Content-Encoding
X-Content-Security-Policy
X-Turbo-Charged-By
X-CDN
X-Type
X-Buckets
Keep-Alive
Xkey
X-AH-Environment
X-Cache-Group
X-Backend
WPE-Backend
X-Pass-Why
Access-Control-Max-Age
X-Age
Upgrade
CF-Ray
X-Server
X-POWERED-BY
EagleId
Access-Control-Expose-Headers
X-Via
X-Nginx-Cache-Status
X-Server-Powered-By
X-Drupal-Dynamic-Cache
X-Pingback
X-Varnish-Cache
X-Amz-Id-2
X-Amz-Request-Id
X-Hacker
Grace
X-UA-Device
X-Swift-CacheTime
X-Swift-SaveTime
X-Robots-Tag
Ali-Swift-Global-Savetime
P3p
Cf-Railgun
X-LiteSpeed-Cache
X-Proxy-Cache
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Ua-Compatible
Request-Context
Content-Location
X-Device
X-Ac
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Cnection
X-Amz-Version-Id
X-Cache-Lookup
Surrogate-Control
X-Node
X-Host
X-Server-Id
X-WebKit-CSP
X-Backend-Server
X-Rq
X-Rack-Cache
X-Response-Time
X-Readtime
X-Application-Context
EagleEye-TraceId
Server-Timing
X-CST
X-Url
X-Cloud-Trace-Context
X-OneAgent-JS-Injection
Pinterest-Generated-By
X-TTL
Request-Id
Report-To
X-Instart-Request-ID
X-Country
X-ORACLE-DMS-ECID
X-Px
X-Clacks-Overhead
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Feature-Policy
Edge-Control
Rating
X-Country-Code
Allow
X-ESI
X-DynaTrace-JS-Agent
X-DataDome
X-TtlSet
X-PC
X-Vname
X-Powered-CMS
X-Dns-Prefetch-Control
X-FTR-Request-ID
X-Server-Name
X-Origin-Cache
Charset
X-DynaTrace
NEL
X-MS-InvokeApp
X-Cached
X-Goog-Hash
X-Vhost
X-Recruiting
X-Varnish-TTL
X-VARITI-CCR
X-GitHub-Request-Id
RTSS
X-F-Cache
X-Version
Content-MD5
X-GoogleNews-Bot
X-Cdn-Fetch
X-Exp-Variant
X-Exp-Id
X-Kinja
X-Geo-Segment
X-Kinja-Server
X-Kinja-Build
X-Kinja-Revision
X-Powered-By-Plesk
Accept-CH
PB-RID
Public-Key-Pins
PB-PID
Arc-Version
X-Mobile-Rewrite
X-D2id
X-Mod-Pagespeed
MS-Author-Via
Pinterest-Version
X-Upstream-Env
Verso
X-Pinterest-Rid
X-Client-IP
X-ORACLE-DMS-RID
X-Abt-Application-Version
SPRequestGuid
X-Dispatcher
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-N
X-CF-Powered-By
X-SharePointHealthScore
X-Amz-Rid
Nginx-Cache
Accept-CH-Lifetime
X-Navigation-Version
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Dw-Request-Base-Id
X-Ruxit-JS-Agent
X-Fastly-Request-ID
X-Trace
Paypal-Debug-Id
AR-PoweredBy
AR-ATIME
DynaTrace
X-T
X-Forwarded-Proto
X-Grace
X-Origin-Upstream-Status
X-Varnish-Age
X-Hits
AR-CACHE
X-Upstream
X-DIS-Request-ID
TCN
X-Server-ID
Arr-Disable-Session-Affinity
SPIisLatency
SPRequestDuration
X-Id
X-Amz-Meta-S3cmd-Attrs
X-Pad
X-Shield-Request-Id
X-Content-Options
X-Content-Digest
Realpath
X-NF-Request-ID
X-Kinsta-Cache
Access-Control-Request-Method
X-IPLB-Instance
MRF-Tech
X-Cache-Hit
X-Mrf-Item-Lastmod
Mrf-Cache-Status
X-Mrf-Section-Lastmod
X-HW
X-Logged-In
X-Oracle-Dms-Rid
X-Acc-Meta-Resource-Type
X-B
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Vcap-Request-Id
X-SS-Set-Cookie
X-FastCGI-Cache
X-Debug
X-NewRelic-App-Data
S
X-Wix-Server-Artifact-Id
X-Ser
Service-Worker-Allowed
X-Do-Not-Hack
X-HeyJason
X-MSEdge-Ref
AR-SID
X-Cache-Key
Permitted-Cross-Domain-Policies
Tracecode
Server-Name
X-PressLabs-Stats
X-FTR-Balancer
X-FTR-DC
X-FTR-Cache-Status
X-Country-Code-Real
X-FTR-Realm
X-FTR-Backend-Server
X-FTR-Backend
X-Frontend
AMP-Access-Control-Allow-Source-Origin
X-FTR-Expires
X-XRDS-Location
Rt-Fastcgi-Cache
Fastly-Restarts
Surrogate-Key
X-Forwarded-For
Fastcgi-Cache
X-XRDS-LOCATION
Alternate-Protocol
X-Cache-Rule
X-Accel-Buffering
Eomportal-Instance
Cache-Status
X-Analytics
Backend-Timing
Cleartype
X-Srv
Host
TP-L2-Cache
TP-Cache
X-HS-Content-Id
X-HS-Hub-Id
X-Rid
Public-Key-Pins-Report-Only
X-Revision
X-GUploader-UploadID
X-Whom
X-FTR-Cache-Host
FilterID
X-Oneagent-Js-Injection
X-User-Agent
X-Debug-Info
X-RateLimit-Remaining
X-Akam-SW-Version
ServerID
X-TA-CDN-Provider
X-AOL-HN
X-Varnish-Backend
Front-End-Https
X-Mobile
X-Cache-2
X-VCache
Accept-Charset
X-NWS-LOG-UUID
X-Via-JSL
X-Webkit-CSP
X-Request-Processing-Time
X-Content-Powered-By
X-Request-Received
X-Cdn
X-Zen-Fury
X-Kinja-Server-Push
X-Correlation-Id
X-Cached-By
X-WPE-Loopback-Upstream-Addr
Viewport
X-Ttl
X-Node-Name
X-App-Environment
X-LB-Cache
X-Varnish-Hostname
X-Tumblr-User
X-Cluster
X-Page-Id
X-Tumblr-Pixel-0
Host-Header
X-Tumblr-Pixel
X-Magnolia-Registration
X-Device-Type
X-Framework
X-Request-Guid
X-TT
X-Handled-By
X-Akamai-Edgescape
X-Cache-Control
X-Signature
Liferay-Portal
X-Platform-Server
X-FB-Debug
X-B-Cache
Upgrade-Insecure-Requests
X-BCube-Filmed-By
DC
Cache-Tag
X-B3-Sampled
X-Instance
X-Content-Security-Policy-Report-Only
X-B3-Traceid
X-Iejgwucgyu
X-Cache-Server
X-Hostname
X-Origin-Server
X-Fastcgi-Cache
Display
X-Sol
X-Middleton-Display
MicrosoftSharePointTeamServices
X-Amzn-Trace-Id
Server-Node
X-TT-TIMESTAMP
X-Accel-Expires
Retry-After
X-WA-Info
Source
X-Varnish-Server
X-Contextid
X-Servedby
X-APP-VERSION
HitType
Server-Info
HitInfo
X-Distil-CS
X-Cache-Operation
X-Cache-Action
X-Seen-By
Content-Style-Type
X-Wix-Request-Id
Content-Script-Type
X-Amz-Replication-Status
X-GeoIP
User-Agent
Webserver
X-Tumblr-Pixel-1
X-S
X-Tumblr-Pixel-2
X-RequestSource
X-Edge-Location
X-Status
X-Jobs
Actual-Object-TTL
X-Locale
X-Port
GEO-INFO
X-FW-Server
X-Region
X-UUID
SRV
X-Response-Served-From
X-WebKit-CSP-Report-Only
X-FW-Type
X-Edge-Cache-Key
X-FW-Hash
X-FW-Serve
X-FW-Static
X-Edge-Cache
X-Adobe-Content
X-Drupal-Cache-Tags
X-Adobe-Loc
X-TX-ID
X-Varnish-Hits
ServedBy
AsisCache
X-Generated-By
Healthy
X-ATG-Version
Refresh
X-Geo-Country
X-Hyper-Cache
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Middleton-Response
Response
X-Cache-NE
X-DataStream-Cache-Status
X-Daa-Tunnel
X-HOST
X-Cache-TTL-Remaining
X-Cache-Age
Payment
IBM-Web2-Location
X-Varnish-Grace
X-Esi
S-Cnection
X-Content-Type
Filters
Datacenter
X-Activity-Id
X-Az
NGB
X-AppVersion
X-Amz-Server-Side-Encryption
X-CDN-Forward
X-Newrelic-App-Data
X-Cache-Remote
Country
X-Pc-Hit
X-UA
X-Pc-Appver
X-Pc-Key
X-Webkit-Csp
X-Proxied
X-Cacheable-TTL
Served-By
Edge-Cache-Tag
X-Cache-TTL
X-HS-Cache-Config
X-Vg-Webcache
X-Varnish-IP
X-Kong-Proxy-Latency
X-App-Server
X-Kong-Upstream-Latency
X-Mode
X-Akamai-Transformed
X-HS-Combine-CSS
X-Sucuri-ID
X-Cache-Var
X-Rendered-As
Load-Balancing
X-Rule
X-ProcessESI
Meta-Geo
X-Detected-As
X-RN-RSRV
X-Cache-Var-Map
X-Is-Bot
X-RemovedCookies
Machine
X-Proxy
Pagespeed
X-FC-Vary-Parameters
X-Rocket-Nginx-Bypass
HostName
User-Cache-Control
X-Origin-Hint
X-ProxyCache-Status
X-ProxyCache-Key
X-PCL
Webcakes-App-Name
Webcakes-Region
Webcakes-App-Version
TWC-Device-Class
X-Varnish-Cacheable
X-OCL
X-Tb
TWC-Connection-Speed
Property-Id
Access-Control-Allow-Method
X-Hosted-By
DB-Nickname
X-Human
Mn-Server-Ip
X-Grey
X-Varnish-Cache-Hits
TWC-GeoIP-Country
TWC-GeoIP-LatLong
X-Amz-Meta-Surrogate-Control
TWC-Locale-Group
X-BYPASS-REASON
Cache-Name
X-Origin
X-ServerID
X-Cache-Category-Id
TWC-Privacy
Backend
X-Hit
X-Generated
X-Format
Powered-By-ChinaCache
ServerName
X-Loop
X-OVcl-Cache
X-OVcl
X-Original-Request
X-NodeID
Azure-InstanceId
Azure-RegionName
L5d-Success-Class
Now
X-Access
S-Rt
X-CDN-Cache
X-Debug-Cache
Azure-SiteName
Azure-SlotName
Azure-Version
X-Routing-Service
X-JoinUs
X-Mshield-Cache-Status
X-Upgrade-Enabled
X-Mrs-Cache-Hits
X-Mrs-Age
OT-Force-Account-Verify
X-Zipkin-Id
X-TNCMS
X-Mrs-Cache
X-Site-Version
X-Section
X-SplitTest
Cache-Key
X-EIG-Tracking-Id
X-Www-Served-By
X-App-Name
Fastcgi-X-Cache-Version
X-BB-IP
Fastcgi-X-Cache
Fastcgi-Useragent
X-AWS-Id
X-Agile-Id
X-VWS-Id
X-RateLimit-Limit
X-IP
Selected-FE
X-LJ-Flow-ID
X-NGENIX-Cache
X-Timing-Wait
X-TWH-CORRELATION-ID
X-Agile
Access-Control-Request-Headers
X-Agile-Age
X-Proxy-Build
X-Via-Fastly
X-ApacheServer
X-PERF
X-Drupal-Cache-Contexts
X-Viewer-Country
X-Origin-CC
X-L-Path
X-Cache-Config
X-Environment-Context
X-Pubstack
X-CCM
X-Upstream-HT
X-Ocache
X-Upstream-CT
X-Backend-Name
X-Source
X-Xfnlog-Site
X-Nginx-Cache
X-URL
X-Unique-ID
AR-Request-ID
From-Origin
Cache
X-Akamai-Request-ID
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Real-IP
X-Pc-Date
X-Pc-Host
X-Correlation-ID
X-Vgn-Hpd-Reason
X-Storage
X-Ruxit-Js-Agent
X-Litespeed-Cache
X-Forwarded-Host
LB
Fastly-SSL
NtCoent-Length
X-M-Reqid
X-M-Log
X-NCache
X-Ms-Version
X-Ms-Lease-Status
X-Time-Microsecs
X-Ms-Request-Id
X-Ms-Blob-Type
X-Feature
X-Qnm-Cache
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-Internal-Host
X-Birta-Served
X-Birta-Cache-Post
X-Labrador-Cache-Channel
X-Distributor
X-VG-TLSProxy
X-Release
X-Microcachable
X-EdgeConnect-Cache-Status
ViewerVersion
X-NC
X-App-Version
X-UA-Device-Type
X-B3-Spanid
Time
X-Transaction
WZWS-RAY
X-Cluster-Node
X-Twitter-Response-Tags
X-Powered-By-ANYU
Ar-Sid
X-Connection-Hash
CACHE
X-WebServer
Arc-Country
X-Logtrace-Id
BehaviorPad-Version
X-Region-Sid
X-Dispatcher-Server
X-Via-Edge
X-Via-SSL
Cache-Prefix
X-PAYTM-SRV-ID
X-Died
Rendered-Blocks
X-CUA
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-B-Cookie
X-ARC
X-NU-AKA-ACS-Version
Ajk
X-BB-ID
V-Age
X-Org
X-Cache-Bucket
X-No-Session
AKAMAI
X-Date
Server-Int
Xc-Version
X-Destination
X-D
X-Via-CDN
Cneonction
T-Server
X-Application
X-Developer
X-A-Wwc
X-Server-Time
X-A
X-Server-By
Ec-Rule-Version
X-SIPLIST1
X-SRCache-Key
MD5-Digest
X-Cache-Backend
X-Irp-Debug
Frame-Options
X-IN-WAF
IsBot
X-Rojux
X-Rewrite-Enabled
X-IN-APIGATEWAY
X-Request-UUID
X-S-Cookie
VivaBuild
X-IN-SSL-APIGATEWAY
Www
X-Redis-Cache
X-ScT
X-VG-WebServer
X-A-Ccd
X-From
X-Cache-Enabled
X-A-Dam
X-G
X-A-Dcw
X-A-Dgt
Viewtype
X-DPWN-IS-SECURE
X-Accel-Expires-Debug
X-Request-Time
Fly-Cache
NGX
Mobile-Detection-Method
X-Trv-Group
Fly-Request-Id
Meta-Geo-Continent
X-UE-Client-Country
X-Generated-In
X-Generation-Time
X-C
X-FireWall-Port
XServer
X-SERVER-NAME
Pagetype
X-NWS-UUID-VERIFY
HA-Georegion
NodeID
Origin-Cache-Control
Origin-Edge-Control
HA-Ipaddr
Magicmarker
HA-Servedtime
HA-Urlpath
Powered
Pragrma
SN
HA-Geolat
HA-Geolon
Ha-Gx-Prefs
Release
HA-Host
HA-Geocountry
X-We-Are-Hiring
X-Hl-Ver
X-Hnp-Log
X-S-Maxage
X-Hash
X-GeoIP-City
X-Gen-Mode
X-Store
HA-Geocity
X-Key
X-RateLimit-Remaining-Second
X-Phone
X-Owner
X-Node-Id
X-Platform
X-Layer
X-RateLimit-Limit-Second
X-Policy
X-UnsetCookies
X-Varnish-Action
X-Crawler
REQUESTUUID
X-Wikidot-Static-Cache
X-Core-Value
X-CGP
X-Amz-Meta-Cache-Control
X-Block-Status
X-Cache-CFC
X-Wikidot-Backend
X-Web-Node
X-External-Request-Id
X-F5-Cache
X-Fastly-Cache
X-VCT
X-Eu-Site
X-Origin-TTL
X-VServer
Web-Mar-Node
Server-Host
Backend-Name
X-GZip
Xserver
X-Instance-Name
Country-Code
HA-Cloudapp
GMS-Ver
X-Webstats-RespID
X-Sucuri-Cache
X-ShardId
X-ShopId
X-Shopify-Stage
X-RCS-CacheZone
X-Gannett-Site-Version
X-Actual-URL
X-Sorting-Hat-PodId
X-Alternate-Cache-Key
X-GeoIP-Country-Code
X-Developers
Thinkindot-Control
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
Adler-Geo
X-HTML-Minification-Powered-By
X-FW-Version
X-Stale
X-Swa-Ws
X-Thinkindot-L3
X-Sorting-Hat-ShopId
X-Backend-Host
X-Core-Mission
X-Returned-From-PostProcessResponse
X-Clientip
X-Response-By
X-Cdn-Srv
X-Croise-Owner
X-CS
X-Returned-From
X-Returned-From-BeforeDispatch
X-Returned-From-DLL
ProcessTime
X-Cache-URL
X-Cache-Srv
X-Backend-Url
X-Backend-TTL
X-Backend-State
Apple-News-Services-Handled
X-Reboot
X-Server-IP
X-Epic-Correlation-Id
X-Secret
X-Cache-Expires
X-Fetched-On
X-Sf
Uber-Trace-Id
Countrycode
MI-Cache-Age
Apple-News-Services-Host
MI-API
Odigeo-Trace-Id
Origin
X-MSEdge-Features
X-MSEdge-Flight
X-Nginx-Cache-Key
X-Passed-To-PostProcessResponse
Kp-EeAlive
X-Variation
X-Passed-To-BeforeDispatch
X-Passed-To
X-Passed-To-DLL
Heartbleed
Esi-Enabled
X-Up
Is-Eu
Platform
MI-Cache
X-Matched-Rule
Request-EU
X-Location
Apple-News-Services-Request-Url
Section-Io-Cache
X-Tumblr-Pixel-3
Request-Country
Apple-News-Services-Parsed-Url
CDCHOST
X-TT-LOGID
Proxy-Connection
X-MI-In-Market
X-Real-Ip
X-Dc
Host-ID
X-Content-Age
X-Var-Ttl
X-V
X-Ckpd-Fst-Backend
Fastly-Backend-Name
X-Debug-Cookies
X-Debug-Log
HTTPS
X-PHP-Backend
X-NX-Host
Server-ID
X-Device-Os
RNT-Machine
X-Servername
Decoy-Debug-Key
X-Fstrz
Content-Disposition
X-Endurance-Cache-Level
Decoy-Debug-Status
X-Worker
X-Request-URI
RNT-Time
Resin-Trace
Warning
Decoy-Debug-TTL
MIME-Version
Cache-Cookie-Set-From
X-ElasticPress-Search
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
X-ServiceProvider
X-Sn-Servicetimems
X-Alicdn-Da-Ups-Status
X-TIME
X-Trace-Id
True-Client-Country-4JS
On-Server
Cache-Tags
X-Cache-Host
X-Ezoic-Cdn
X-Cdn-Origin
X-Nc
X-Newrelic-Synthetics
X-Varnish-Beresp-Ttl
X-Guploader-Uploadid
X-Skip-Cache
Request-Time
Fastly-SWR
RequestId
X-Pf-Uncompressing
PFcat
X-Rebelmouse-Cache-Control
X-CACHE-AGE
Fastly-SIE
X-Rebelmouse-Surrogate-Control
Sid
Cteonnt-Length
X-B3-TraceId
PageSpeed
X-Surge-Debug
X-Proto
X-Ua
X-Req
CF-IPCountry
We-Hiring
X-Refresh
X-Csrf-Token
Mail-Subject
X-Pjax-Url
X-Aed
X-GEO
X-Oss-Storage-Class
X-Oss-Request-Id
X-CSRF-Token
X-Oss-Server-Time
WP-Super-Cache
X-Oss-Object-Type
X-Planisys-CDN-Rules
X-Oss-Hash-Crc64ecma
X-Planisys-CDN-TTL
Pramga
X-Planisys-CDN-Cache
X-Varnish-Beresp-TTL
X-Edge-IP
X-Servedbyhost
TSSecure
CDN
X-NODE
X-Varnish-Ttl
X-Amz-Cf-Pop
X-Ms-Lease-State
X-Cache-ASPX
X-Geo
Geoip-Latitude
GeoIp-Country-Code
Dnion-Transfer-Encoding
X-CLOUD-TRACE-CONTEXT
X-Atg-Version
X-Hello
Cdn
X-Time
X-COUNTRY
X-Flog
X-ABtesting
X-GoCache-CacheStatus
X-Server-W
X-Aicache-OS
X-Page-Type
X-Oracle-Dms-Ecid
Mime-Version
X-DC
X-Varnish-Url
X-DataStream-MidMile-RTT
X-Unique-Id
Lfy
X-WA
Hostname
X-DataStream-Origin-MEX-Latency
X-Auto-Login
X-Cdn-Forward
NnCoection
X-Ratelimit-Limit
MS-CV
NODE
X-Origin-Date
A
FSS-Proxy
FSS-Cache
X-Origin-Expires
X-Akamai-Request-ID2
X-Dynatrace-Js-Agent
X-Datadome
X-Varnish-HitMiss
X-GRACE
X-HCF
X-Cache-Control-Set-By
PageType
SD-X-WS
Rt-Proxy-Cache
X-Sentry-ID
X-Via-NSCOPI
X-EC-Security-Audit
X-Check-Cacheable
WWW-Authenticate
Node
X-Server-Group
X-APP
X-Thanos
Geoip-City
Memcached
X-PAGE-TYPE
X-Served-From
X-Bip
X-Wa
X-UPSTREAM-Address
X-MP-GENERATED-AT
X-Use-Magma
X-Be
X-Cache-Id
X-Wix-Route-ID
Processtime
X-Varnish-URL
PICS-Label
GeoIP-City
X-From-Cache
GeoIP-Country-Code
X-Proxy-Server
X-Cache-Info
X-SRV
X-Request-Start
GeoIP-Latitude
X-Nananana
X-RTag
Ms-Operation-Id
Cdn-Host
Memory
X-Cookie
X-Edge-Server
X-CACHE-KEY
Cdn-Request-Time
X-Gdpr
X-Gen-Id
X-ServedByHost
X-HS-Status
UCS
X-GDPR
X-Fastly-Backend-Reqs
Lb
GW-Server
Dont-Set-Cookie
X-Load-Cache
DataCenter
X-WR-MODIFICATION
COMMERCE-SERVER-SOFTWARE
X-FORWARDED-FOR
X-User
X-Fastly-Cache-Hits
Is-Session-Tracking
X-Swift-Error
Pics-Label
X-Cache-HT
X-PJAX-URL
Get-Access-Time
X-Env
X-Ratelimit-Remaining
X-Optimization
Cache-Hits
Accept-Language
X-RateLimit-Reset
X-B3-SpanId
X-Cache-Ttl
Who
V-Cache
Group
X-Goog-Meta-Goog-Reserved-File-Mtime
Cf-Ipcountry
X-Cache-FS-Status
X-Li-Pop
X-LI-Proto
Locale
X-Li-Fabric
X-Cache-Debug
X-Content-Encoded-By
X-Fe
X-LI-UUID
X-CDN-Pop-IP
X-Ver
X-CDN-Pop
X-Urbn-Site-Id
X-Dw-Trace-Id
X-Urbn-Context-Path
X-BBXSRF
X-ID
Amp-Access-Control-Allow-Source-Origin
Ws
X-Bug-Bounty
NX-Cache
AGE-Hash
X-Ibm-Trace
X-Path-Route
X-PF-Uncompressing
X-Info
X-GZIP
X-VC
Xet-Cookie
X-Vcache
URI
X-SB
Requestid
X-Meta-Tbi-Cache-Vertical
Serverid
X-NGINX-Cache
Httpd-Identifier
SS
X-CacheKey
X-Qloud-Router
X-Serial
N-Cache
X-VG-WebCache
X-Shard
CDN-Cache
Fastly-Soc-X-Request-Id
X-Varnish-Info
CDN-Node
CDN-Cache-Hit
SID
X-ServerName
X-Flags
X-Is-Crawler
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-RequestId
X-Litespeed-Cache-Control
X-Providence-Cookie
X-Route-Name
Https
X-Grace-Duration
X-Akamai-ERRuleID
X-Akamai-ERPolicy
X-Cache-Handler
Powered-By