Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
Last-Modified
Accept-Ranges
Pragma
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
Expect-CT
Via
X-XSS-Protection
X-Cache
Age
Access-Control-Allow-Origin
Content-Security-Policy
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Served-By
X-Amz-Cf-Id
X-Varnish
Referrer-Policy
X-Xss-Protection
X-Timer
CF-Cache-Status
X-FRAME-OPTIONS
Access-Control-Allow-Headers
X-AspNet-Version
X-Request-Id
Access-Control-Allow-Methods
X-Runtime
X-Download-Options
Access-Control-Allow-Credentials
X-Drupal-Cache
X-Cacheable
Alt-Svc
X-Request-ID
X-Generator
Content-Security-Policy-Report-Only
X-Check
X-AspNetMvc-Version
Status
X-Cache-Status
X-Adblock-Key
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Iinfo
X-Permitted-Cross-Domain-Policies
X-Template
Content-Encoding
X-Language
X-Content-Security-Policy
X-Turbo-Charged-By
X-CDN
X-Type
X-Buckets
Keep-Alive
Xkey
X-AH-Environment
X-Cache-Group
X-Backend
Access-Control-Max-Age
WPE-Backend
X-Pass-Why
X-Age
X-Server
CF-Ray
Upgrade
X-POWERED-BY
EagleId
Access-Control-Expose-Headers
X-Via
X-Nginx-Cache-Status
X-Server-Powered-By
X-Drupal-Dynamic-Cache
X-Pingback
X-Varnish-Cache
Grace
X-Hacker
X-Amz-Request-Id
X-Amz-Id-2
X-Swift-CacheTime
X-Swift-SaveTime
X-UA-Device
X-Robots-Tag
Ali-Swift-Global-Savetime
Cf-Railgun
P3p
X-LiteSpeed-Cache
X-Proxy-Cache
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Ua-Compatible
Request-Context
Content-Location
X-Device
X-Ac
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Cnection
X-Node
X-Amz-Version-Id
X-Host
X-Cache-Lookup
Surrogate-Control
X-Server-Id
X-WebKit-CSP
X-Backend-Server
X-Rack-Cache
X-Rq
X-Response-Time
X-Application-Context
X-Readtime
EagleEye-TraceId
X-CST
Server-Timing
X-Url
Pinterest-Generated-By
X-Cloud-Trace-Context
Request-Id
X-Instart-Request-ID
Report-To
X-TTL
X-OneAgent-JS-Injection
X-Px
X-Country
X-ORACLE-DMS-ECID
X-Clacks-Overhead
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Feature-Policy
Edge-Control
Rating
X-Country-Code
Allow
X-DynaTrace-JS-Agent
X-ESI
X-DataDome
Charset
X-Powered-CMS
X-TtlSet
X-PC
X-Vname
X-Server-Name
X-Dns-Prefetch-Control
X-FTR-Request-ID
X-Origin-Cache
X-DynaTrace
NEL
X-MS-InvokeApp
X-Cached
X-Goog-Hash
X-Recruiting
X-ORACLE-DMS-RID
X-Varnish-TTL
X-Vhost
X-VARITI-CCR
X-GitHub-Request-Id
RTSS
Content-MD5
X-Version
X-F-Cache
X-Cdn-Fetch
X-Exp-Id
X-Geo-Segment
X-Kinja-Server
X-Kinja-Revision
X-Kinja
X-GoogleNews-Bot
X-Exp-Variant
X-Kinja-Build
X-Powered-By-Plesk
Public-Key-Pins
Accept-CH
PB-RID
PB-PID
X-Mobile-Rewrite
Arc-Version
X-Mod-Pagespeed
X-D2id
X-Pinterest-Rid
Pinterest-Version
X-Upstream-Env
Verso
X-Client-IP
MS-Author-Via
X-Abt-Application-Version
SPRequestGuid
X-CF-Powered-By
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Dispatcher
X-N
X-SharePointHealthScore
X-Amz-Rid
AR-ATIME
AR-PoweredBy
Accept-CH-Lifetime
X-Navigation-Version
Nginx-Cache
AR-CACHE
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-Dw-Request-Base-Id
DynaTrace
X-T
X-Trace
X-Fastly-Request-ID
Paypal-Debug-Id
X-Grace
X-Upstream
X-Varnish-Age
X-Hits
Arr-Disable-Session-Affinity
TCN
X-Forwarded-Proto
X-DIS-Request-ID
X-Origin-Upstream-Status
X-Id
X-Amz-Meta-S3cmd-Attrs
X-Pad
SPIisLatency
SPRequestDuration
X-Shield-Request-Id
X-Do-Not-Hack
Permitted-Cross-Domain-Policies
X-Ruxit-JS-Agent
X-HeyJason
X-FastCGI-Cache
AR-SID
X-Content-Options
X-Content-Digest
Realpath
X-NF-Request-ID
X-Cache-Hit
X-IPLB-Instance
X-Kinsta-Cache
Access-Control-Request-Method
Mrf-Cache-Status
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
X-Logged-In
X-Acc-Meta-Resource-Type
MRF-Tech
X-B
X-Goog-Generation
X-Server-ID
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Goog-Metageneration
X-HW
X-Vcap-Request-Id
X-SS-Set-Cookie
X-Oneagent-Js-Injection
X-Debug
S
X-NewRelic-App-Data
Service-Worker-Allowed
X-MSEdge-Ref
X-Ser
X-Wix-Server-Artifact-Id
Server-Name
X-Frontend
X-PressLabs-Stats
X-Country-Code-Real
Tracecode
X-FTR-Backend
X-FTR-Backend-Server
X-FTR-Realm
X-FTR-DC
X-FTR-Cache-Status
X-Cache-Key
X-FTR-Balancer
AMP-Access-Control-Allow-Source-Origin
X-FTR-Expires
X-XRDS-Location
Rt-Fastcgi-Cache
Fastcgi-Cache
Surrogate-Key
X-GUploader-UploadID
X-Forwarded-For
Eomportal-Instance
X-XRDS-LOCATION
Fastly-Restarts
Alternate-Protocol
Cleartype
X-Cache-Rule
Cache-Status
X-Analytics
Backend-Timing
X-Srv
Host
X-HS-Content-Id
X-HS-Hub-Id
TP-L2-Cache
X-Revision
X-VCache
TP-Cache
X-Rid
X-RateLimit-Remaining
X-Whom
Public-Key-Pins-Report-Only
FilterID
X-Accel-Buffering
X-Ttl
X-User-Agent
X-FTR-Cache-Host
X-Debug-Info
X-Akam-SW-Version
X-NWS-LOG-UUID
X-Oracle-Dms-Rid
ServerID
X-AOL-HN
X-TA-CDN-Provider
X-Varnish-Backend
X-Cache-2
X-Via-JSL
X-Content-Powered-By
Accept-Charset
Front-End-Https
X-Mobile
X-Request-Received
X-Request-Processing-Time
X-Webkit-CSP
X-Zen-Fury
X-Cdn
X-Kinja-Server-Push
X-Correlation-Id
Viewport
X-Cached-By
X-WPE-Loopback-Upstream-Addr
X-Node-Name
X-B3-Traceid
X-Magnolia-Registration
X-App-Environment
X-LB-Cache
Liferay-Portal
X-Content-Security-Policy-Report-Only
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Tumblr-User
X-Varnish-Hostname
X-Page-Id
X-Cluster
X-Request-Guid
X-Device-Type
X-Akamai-Edgescape
X-Framework
Host-Header
X-B3-Sampled
X-Handled-By
X-Cache-Control
X-TT
X-Instance
Upgrade-Insecure-Requests
X-BCube-Filmed-By
X-FB-Debug
X-Signature
X-B-Cache
X-Platform-Server
DC
Cache-Tag
X-Cache-Server
X-Hostname
X-Origin-Server
Server-Node
MicrosoftSharePointTeamServices
X-TT-TIMESTAMP
Source
X-Amzn-Trace-Id
X-Sol
Display
X-Middleton-Display
X-Accel-Expires
Retry-After
X-WA-Info
X-Servedby
X-Contextid
X-APP-VERSION
X-Varnish-Server
HitType
HitInfo
Server-Info
X-Cache-Action
X-Distil-CS
X-Cache-Operation
X-Wix-Request-Id
X-Seen-By
X-Port
Content-Script-Type
Content-Style-Type
X-GeoIP
Webserver
X-Edge-Location
X-Generated-By
X-RequestSource
X-Amz-Replication-Status
X-Tumblr-Pixel-1
X-Fastcgi-Cache
X-WebKit-CSP-Report-Only
GEO-INFO
X-S
X-Tumblr-Pixel-2
X-Status
Actual-Object-TTL
User-Agent
X-Jobs
X-Locale
Healthy
X-FW-Server
X-FW-Serve
X-FW-Hash
X-Geo-Country
X-Edge-Cache
X-FW-Static
X-UUID
X-Response-Served-From
X-Varnish-Hits
X-Region
X-Edge-Cache-Key
X-FW-Type
AsisCache
ServedBy
X-TX-ID
X-Adobe-Content
X-Adobe-Loc
X-Drupal-Cache-Tags
X-Hyper-Cache
SRV
X-Daa-Tunnel
Refresh
X-ATG-Version
X-DataStream-Cache-Status
X-Cache-Age
X-Yottaa-Metrics
X-Yottaa-Optimizations
Response
X-Middleton-Response
X-Varnish-Grace
X-Cache-TTL-Remaining
Filters
IBM-Web2-Location
X-Iejgwucgyu
X-Cache-NE
X-Amz-Server-Side-Encryption
X-Esi
NGB
S-Cnection
X-CDN-Forward
X-Content-Type
Payment
X-Activity-Id
X-Az
X-AppVersion
X-Proxied
Datacenter
X-Pc-Hit
X-Pc-Appver
X-Pc-Key
X-Cache-Remote
X-UA
X-Newrelic-App-Data
X-Cacheable-TTL
X-Ruxit-Js-Agent
X-Cache-TTL
X-App-Server
X-Vg-Webcache
Country
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
Served-By
AR-Request-ID
Edge-Cache-Tag
X-HS-Cache-Config
X-Unique-ID
X-Mode
X-Sucuri-ID
X-Akamai-Transformed
X-ProcessESI
X-Cache-Var-Map
X-Is-Bot
X-Varnish-IP
X-Cache-Var
X-Detected-As
X-RN-RSRV
X-Rendered-As
Machine
Load-Balancing
Meta-Geo
X-RemovedCookies
X-Rocket-Nginx-Bypass
X-Real-IP
X-Proxy
X-FC-Vary-Parameters
Cache
TWC-Privacy
X-Rule
X-Varnish-Cacheable
X-Human
X-Hosted-By
X-BYPASS-REASON
X-EIG-Tracking-Id
X-Tb
X-ServerID
X-Origin
X-OCL
X-Origin-Hint
X-PCL
X-ProxyCache-Status
X-ProxyCache-Key
X-BB-IP
X-Amz-Meta-Surrogate-Control
TWC-Connection-Speed
TWC-Device-Class
Property-Id
Mn-Server-Ip
Backend
DB-Nickname
TWC-GeoIP-Country
TWC-GeoIP-LatLong
Webcakes-App-Version
Webcakes-Region
Webcakes-App-Name
User-Cache-Control
TWC-Locale-Group
Access-Control-Allow-Method
Cache-Name
S-Rt
Now
X-NodeID
X-Original-Request
ServerName
X-Loop
X-Varnish-Cache-Hits
X-Upgrade-Enabled
X-TNCMS
X-Site-Version
X-Section
Azure-SiteName
Azure-SlotName
Azure-Version
X-OVcl-Cache
Azure-RegionName
Azure-InstanceId
X-Routing-Service
X-OVcl
L5d-Success-Class
X-JoinUs
X-L-Path
X-Format
X-Cache-Category-Id
X-Generated
X-Grey
X-Hit
X-Environment-Context
X-Zipkin-Id
X-HS-Combine-CSS
X-Viewer-Country
X-Debug-Cache
X-Access
X-CDN-Cache
X-PERF
X-Cache-Config
X-AWS-Id
X-Ocache
X-Agile
X-LJ-Flow-ID
X-IP
X-Proxy-Build
Selected-FE
X-Agile-Age
X-RateLimit-Limit
X-ApacheServer
X-Agile-Id
X-NGENIX-Cache
X-App-Name
X-Pubstack
X-Via-Fastly
X-TWH-CORRELATION-ID
X-Timing-Wait
X-SplitTest
X-VWS-Id
X-Www-Served-By
Cache-Key
Access-Control-Request-Headers
X-Backend-Name
X-Drupal-Cache-Contexts
X-Origin-CC
X-CCM
OT-Force-Account-Verify
X-Xfnlog-Site
X-HOST
X-Source
X-Nginx-Cache
X-Pc-Host
Pagespeed
X-URL
X-Upstream-HT
X-Upstream-CT
X-Pc-Date
Powered-By-ChinaCache
X-Akamai-Request-ID
Fastcgi-Useragent
X-Mrs-Age
Fastcgi-X-Cache-Version
X-Mrs-Cache-Hits
X-Mrs-Cache
X-Mshield-Cache-Status
Fastcgi-X-Cache
X-Storage
X-Vgn-Hpd-Reason
HostName
From-Origin
X-Correlation-ID
X-Litespeed-Cache
X-Forwarded-Host
X-NC
X-Amzn-RequestId
X-Amz-Apigw-Id
Fastly-SSL
X-Time-Microsecs
X-NCache
X-Internal-Host
XServer
X-Qnm-Cache
X-M-Reqid
X-M-Log
X-Feature
X-Release
X-Distributor
X-Microcachable
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-Birta-Served
LB
X-Labrador-Cache-Channel
X-Birta-Cache-Post
X-Ms-Request-Id
X-Ms-Blob-Type
X-Ms-Lease-Status
X-Ms-Version
Pagetype
NtCoent-Length
X-UA-Device-Type
X-VG-TLSProxy
X-Cache-Backend
X-B3-Spanid
X-EdgeConnect-Cache-Status
X-Webkit-Csp
X-PHP-Backend
X-Transaction
X-Twitter-Response-Tags
X-Connection-Hash
Time
MIME-Version
Frame-Options
X-Sucuri-Cache
X-C
X-Request-UUID
X-SIPLIST1
Fly-Request-Id
X-Server-By
X-S-Cookie
Host-ID
X-SRCache-Key
X-Rewrite-Enabled
X-Rojux
X-ScT
X-Server-Time
X-Via-Edge
Ajk
AKAMAI
Arc-Country
X-Powered-By-ANYU
WZWS-RAY
Xc-Version
X-Via-SSL
BehaviorPad-Version
Cache-Prefix
X-UE-Client-Country
Fly-Cache
X-VG-WebServer
Ec-Rule-Version
X-Region-Sid
X-Via-CDN
X-Trv-Group
X-No-Session
X-Destination
X-Date
X-D
X-CUA
X-Developer
X-Died
X-From
X-A-Ccd
X-DPWN-IS-SECURE
X-Dispatcher-Server
X-CS
X-A-Dam
X-BB-ID
X-B-Cookie
X-ARC
X-Application
X-A-Wwc
X-Cache-Bucket
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-A-Dcw
X-A-Dgt
X-A
X-G
X-Logtrace-Id
Meta-Geo-Continent
Mobile-Detection-Method
NGX
MD5-Digest
X-Accel-Expires-Debug
X-PAYTM-SRV-ID
X-Org
X-NU-AKA-ACS-Version
IsBot
X-Irp-Debug
X-IN-WAF
X-Generation-Time
VivaBuild
Www
X-Generated-In
Viewtype
V-Age
X-IN-SSL-APIGATEWAY
Rendered-Blocks
T-Server
X-IN-APIGATEWAY
X-Redis-Cache
Server-Int
Cneonction
X-Instance-Name
X-Web-Node
X-GZip
X-SERVER-NAME
X-FireWall-Port
Web-Mar-Node
SN
X-Amz-Meta-Cache-Control
X-Block-Status
X-Crawler
X-Debug-Cookies
X-Core-Value
X-CGP
X-Cache-CFC
Server-Host
Pragrma
HA-Ipaddr
HA-Servedtime
HA-Host
Ha-Gx-Prefs
HA-Geolon
HA-Georegion
HA-Urlpath
X-V
Origin-Edge-Control
X-Debug-Log
Origin-Cache-Control
NodeID
Magicmarker
Release
X-External-Request-Id
X-Store
X-UnsetCookies
X-S-Maxage
X-RateLimit-Remaining-Second
X-Platform
X-RateLimit-Limit-Second
X-Var-Ttl
X-Varnish-Action
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-WebServer
X-We-Are-Hiring
X-VCT
X-Phone
X-Owner
X-Gen-Mode
X-GeoIP-City
X-Fastly-Cache
X-F5-Cache
HA-Geolat
X-Hash
X-Hl-Ver
X-NX-Host
X-Origin-TTL
X-Node-Id
X-Layer
X-Key
X-Eu-Site
X-Hnp-Log
Country-Code
HA-Geocountry
GMS-Ver
Backend-Name
HA-Geocity
HA-Cloudapp
X-App-Version
X-Request-Time
X-Webstats-RespID
X-NWS-UUID-VERIFY
ViewerVersion
Apple-News-Services-Request-Url
X-FW-Version
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
X-Fetched-On
Apple-News-Services-Handled
X-HTML-Minification-Powered-By
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
Adler-Geo
X-Epic-Correlation-Id
X-GeoIP-Country-Code
X-Gannett-Site-Version
X-Clientip
X-Cache-Enabled
X-Cache-Expires
X-Cache-Host
X-Backend-Url
X-Backend-TTL
X-Backend-Host
X-Backend-State
X-Cache-Srv
X-Cache-URL
X-Core-Mission
X-Croise-Owner
X-Shopify-Stage
CDCHOST
X-Cdn-Origin
X-Cdn-Srv
X-Developers
X-MSEdge-Features
X-Sn-Servicetimems
X-Stale
X-Swa-Ws
X-Sf
X-Server-IP
X-Returned-From-PostProcessResponse
X-Secret
X-Thinkindot-L3
X-Trace-Id
X-VServer
X-Cluster-Node
X-Variation
X-Up
X-TT-LOGID
X-Tumblr-Pixel-3
X-Returned-From-DLL
X-Returned-From-BeforeDispatch
X-Nginx-Cache-Key
X-ShopId
X-ShardId
X-MSEdge-Flight
X-Actual-URL
X-Matched-Rule
X-MI-In-Market
X-Alternate-Cache-Key
X-Passed-To-BeforeDispatch
X-Response-By
X-Returned-From
X-Reboot
X-RCS-CacheZone
X-Passed-To-DLL
X-Passed-To-PostProcessResponse
X-Location
X-Passed-To
MI-Cache-Age
PFcat
Request-EU
Thinkindot-CacheControl
Kp-EeAlive
Odigeo-Trace-Id
Countrycode
Uber-Trace-Id
Thinkindot-Control
MI-API
MI-Cache
Thinkindot-CacheControl-Type
Section-Io-Cache
Is-Eu
Request-Country
Proxy-Connection
Platform
Esi-Enabled
Origin
Heartbleed
X-Dc
REQUESTUUID
Server-ID
X-Device-Os
Resin-Trace
X-Request-URI
Decoy-Debug-Status
Fastly-SIE
X-Fstrz
On-Server
X-Servername
X-Worker
RNT-Time
Decoy-Debug-Key
Fastly-Backend-Name
X-Rebelmouse-Surrogate-Control
Sid
X-Policy
X-ElasticPress-Search
RNT-Machine
Powered
Cache-Tags
Content-Disposition
HTTPS
Request-Time
Fastly-SWR
Decoy-Debug-TTL
X-Ckpd-Fst-Backend
X-Alicdn-Da-Ups-Status
X-Rebelmouse-Cache-Control
True-Client-Country-4JS
X-ServiceProvider
X-Content-Age
X-Ezoic-Cdn
X-Skip-Cache
X-Varnish-Beresp-Ttl
Cteonnt-Length
ProcessTime
X-Pf-Uncompressing
X-CACHE-AGE
RequestId
CACHE
X-TIME
PageSpeed
Warning
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
X-Proto
Cache-Cookie-Set-From
X-Ua
X-Oss-Object-Type
X-Endurance-Cache-Level
X-Oss-Storage-Class
X-Oss-Server-Time
X-Oss-Hash-Crc64ecma
X-Oss-Request-Id
CF-IPCountry
CDN
Xserver
X-Newrelic-Synthetics
WP-Super-Cache
X-Planisys-CDN-Rules
X-Csrf-Token
X-Req
X-Planisys-CDN-Cache
We-Hiring
Mail-Subject
X-Refresh
X-Servedbyhost
X-Planisys-CDN-TTL
Hostname
X-Real-Ip
X-Surge-Debug
X-Pjax-Url
X-GEO
X-B3-TraceId
X-Cache-ASPX
X-CSRF-Token
Ar-Sid
X-Varnish-Beresp-TTL
X-Aed
X-GoCache-CacheStatus
Dnion-Transfer-Encoding
X-Varnish-Ttl
X-Nc
X-Edge-IP
GeoIp-Country-Code
Pramga
Geoip-Latitude
NODE
X-CLOUD-TRACE-CONTEXT
X-Atg-Version
X-Server-W
X-Geo
TSSecure
X-COUNTRY
X-Time
X-Guploader-Uploadid
NnCoection
X-Ms-Lease-State
X-Origin-Expires
X-Origin-Date
X-DC
X-Oracle-Dms-Ecid
X-Varnish-HitMiss
X-WA
X-DataStream-MidMile-RTT
X-Hello
X-Flog
X-ABtesting
X-Page-Type
X-HCF
X-DataStream-Origin-MEX-Latency
X-Cache-Control-Set-By
X-Aicache-OS
MS-CV
A
SD-X-WS
Processtime
X-GRACE
X-Datadome
X-Server-Group
X-Akamai-Request-ID2
X-Varnish-Url
WWW-Authenticate
Lfy
X-Auto-Login
X-Amz-Cf-Pop
X-Cdn-Forward
Cdn
X-Varnish-URL
X-UPSTREAM-Address
FSS-Cache
FSS-Proxy
Geoip-City
X-Ratelimit-Limit
PICS-Label
X-PAGE-TYPE
X-Wix-Route-ID
Node
Mime-Version
Rt-Proxy-Cache
Lb
X-Via-NSCOPI
X-Wa
X-Sentry-ID
X-From-Cache
X-Use-Magma
X-Edge-Server
X-APP
X-Cache-Id
X-Gdpr
X-Unique-Id
X-EC-Security-Audit
Cdn-Host
X-Check-Cacheable
Cdn-Request-Time
X-RTag
X-NODE
Dont-Set-Cookie
Ms-Operation-Id
X-Nananana
GeoIP-Latitude
X-SRV
X-Gen-Id
GeoIP-Country-Code
GeoIP-City
Memcached
X-Cache-Info
X-Thanos
X-Served-From
PageType
X-Bip
X-CACHE-KEY
COMMERCE-SERVER-SOFTWARE
X-Cookie
X-Be
X-WR-MODIFICATION
X-GDPR
X-Fastly-Cache-Hits
X-Proxy-Server
X-Request-Start
X-MP-GENERATED-AT
X-Optimization
X-Cache-HT
X-Env
X-Fastly-Backend-Reqs
Get-Access-Time
Is-Session-Tracking
X-Dynatrace-Js-Agent
DataCenter
X-Load-Cache
Who
X-FORWARDED-FOR
X-HS-Status
UCS
Pics-Label
X-Swift-Error
Memory
GW-Server
X-Ver
X-Cache-FS-Status
X-PJAX-URL
X-User
X-B3-SpanId
V-Cache
X-Fe
Ws
X-RateLimit-Reset
X-Cache-Ttl
X-Meta-Tbi-Cache-Vertical
X-ServedByHost
X-Ibm-Trace
Group
X-Wix-Petri-Ex
X-Shard
Cache-Hits
URI
X-CDN-Pop
X-Dw-Trace-Id
Cf-Ipcountry
X-CDN-Pop-IP
Httpd-Identifier
Xet-Cookie
X-ID
Amp-Access-Control-Allow-Source-Origin
X-Goog-Meta-Goog-Reserved-File-Mtime
Requestid
AGE-Hash
Powered-By
NX-Cache
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Bug-Bounty
X-PF-Uncompressing
X-VC
X-SB
X-GZIP
X-NGINX-Cache
Serverid
X-StackifyID
X-Ratelimit-Remaining
X-Varnish-Info
X-Cache-Debug
X-CacheKey
X-LI-Proto
CDN-Cache
N-Cache
X-LI-UUID
Ohc-File-Size
X-Urbn-Site-Id
X-Urbn-Context-Path
CDN-Cache-Hit
CDN-Node
Locale
Version
Accept-Language
X-BBXSRF
X-Content-Encoded-By
X-Li-Pop
X-Li-Fabric
X-Path-Route
X-Akamai-ERPolicy
X-Litespeed-Cache-Control
X-Cache-Handler
X-RequestId
X-LiteSpeed-Cache-Control
X-P-T
X-Flags
X-Is-Crawler
X-Akamai-ERRuleID
Https
X-ServerName
X-Route-Name
X-Providence-Cookie
X-Grace-Duration