Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
Last-Modified
Accept-Ranges
Pragma
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
Expect-CT
Via
X-Cache
X-XSS-Protection
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Served-By
X-Amz-Cf-Id
X-Xss-Protection
X-Varnish
Referrer-Policy
X-Timer
CF-Cache-Status
X-FRAME-OPTIONS
Access-Control-Allow-Headers
X-AspNet-Version
Access-Control-Allow-Methods
X-Request-Id
X-Runtime
X-Download-Options
Access-Control-Allow-Credentials
X-Drupal-Cache
X-Request-ID
X-Cacheable
Alt-Svc
X-Generator
Content-Security-Policy-Report-Only
X-Check
X-AspNetMvc-Version
X-Adblock-Key
Status
X-Cache-Status
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Template
X-Permitted-Cross-Domain-Policies
X-Language
X-Iinfo
Content-Encoding
X-Content-Security-Policy
X-Turbo-Charged-By
X-CDN
X-Buckets
X-Type
Keep-Alive
Xkey
X-AH-Environment
X-Cache-Group
WPE-Backend
X-Pass-Why
X-Backend
Access-Control-Max-Age
X-Age
P3p
Upgrade
CF-Ray
X-Server
X-POWERED-BY
Access-Control-Expose-Headers
EagleId
X-Via
X-Nginx-Cache-Status
X-Server-Powered-By
X-Drupal-Dynamic-Cache
X-Pingback
X-Varnish-Cache
X-Amz-Request-Id
X-Amz-Id-2
X-Hacker
Grace
X-UA-Device
X-Swift-CacheTime
X-Swift-SaveTime
X-Robots-Tag
Ali-Swift-Global-Savetime
Cf-Railgun
X-Proxy-Cache
X-Envoy-Upstream-Service-Time
X-LiteSpeed-Cache
X-Page-Speed
X-Ua-Compatible
Request-Context
Content-Location
X-Device
X-Ac
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Cnection
X-Amz-Version-Id
X-Server-Id
X-Host
X-Node
Surrogate-Control
X-Cache-Lookup
X-Backend-Server
X-Rq
X-WebKit-CSP
X-Response-Time
X-Rack-Cache
X-Readtime
X-Application-Context
EagleEye-TraceId
X-OneAgent-JS-Injection
Server-Timing
X-Cloud-Trace-Context
X-Url
Pinterest-Generated-By
X-CST
Report-To
Request-Id
X-Instart-Request-ID
X-TTL
X-Country
X-ORACLE-DMS-ECID
X-Px
X-Clacks-Overhead
Feature-Policy
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Edge-Control
X-Country-Code
Rating
Allow
X-DataDome
X-ESI
NEL
X-Powered-CMS
X-Vname
X-TtlSet
X-PC
X-Dns-Prefetch-Control
X-FTR-Request-ID
X-Server-Name
X-Origin-Cache
Charset
X-DynaTrace
X-DynaTrace-JS-Agent
X-Cached
X-MS-InvokeApp
X-Vhost
X-Goog-Hash
X-GitHub-Request-Id
X-Recruiting
X-VARITI-CCR
X-Varnish-TTL
RTSS
X-F-Cache
X-Version
Content-MD5
X-Geo-Segment
X-GoogleNews-Bot
X-Kinja
X-Exp-Variant
X-Exp-Id
X-Cdn-Fetch
X-Kinja-Server
X-Kinja-Build
X-Kinja-Revision
X-Powered-By-Plesk
Accept-CH
Public-Key-Pins
X-Mobile-Rewrite
Arc-Version
PB-RID
X-D2id
PB-PID
X-Mod-Pagespeed
MS-Author-Via
Verso
X-Client-IP
X-Abt-Application-Version
X-Dispatcher
X-Pinterest-Rid
X-Upstream-Env
Pinterest-Version
SPRequestGuid
X-Ruxit-JS-Agent
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-ORACLE-DMS-RID
X-SharePointHealthScore
X-N
Nginx-Cache
X-Amz-Rid
Accept-CH-Lifetime
X-Navigation-Version
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Dw-Request-Base-Id
X-CF-Powered-By
X-Trace
X-Fastly-Request-ID
X-Forwarded-Proto
Paypal-Debug-Id
X-DIS-Request-ID
X-T
X-Origin-Upstream-Status
X-Upstream
X-Hits
DynaTrace
SPIisLatency
X-Grace
X-Varnish-Age
SPRequestDuration
Arr-Disable-Session-Affinity
X-Amz-Meta-S3cmd-Attrs
TCN
X-Id
AR-ATIME
X-Shield-Request-Id
AR-PoweredBy
X-Pad
AR-CACHE
X-Content-Options
X-Oracle-Dms-Rid
X-Content-Digest
Realpath
X-NF-Request-ID
X-HW
Access-Control-Request-Method
Mrf-Cache-Status
MRF-Tech
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
X-Kinsta-Cache
X-IPLB-Instance
X-Acc-Meta-Resource-Type
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-FastCGI-Cache
X-Goog-Metageneration
X-Goog-Storage-Class
X-Server-ID
X-Cache-Hit
X-Vcap-Request-Id
X-Debug
X-B
X-Logged-In
X-Wix-Server-Artifact-Id
X-XRDS-Location
X-NewRelic-App-Data
X-SS-Set-Cookie
X-Ser
Service-Worker-Allowed
Tracecode
S
X-MSEdge-Ref
X-PressLabs-Stats
Fastly-Restarts
Server-Name
X-FTR-Cache-Status
X-FTR-Backend
X-Country-Code-Real
X-Frontend
X-FTR-DC
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-Realm
X-Cache-Key
X-FTR-Expires
X-Accel-Buffering
AMP-Access-Control-Allow-Source-Origin
Rt-Fastcgi-Cache
X-Forwarded-For
Surrogate-Key
Fastcgi-Cache
AR-SID
X-Cache-Rule
X-Analytics
Backend-Timing
Eomportal-Instance
X-HS-Content-Id
X-HS-Hub-Id
Alternate-Protocol
Host
FilterID
X-Srv
Cleartype
X-Revision
TP-Cache
TP-L2-Cache
Cache-Status
X-Rid
X-FTR-Cache-Host
Front-End-Https
X-Debug-Info
X-User-Agent
Public-Key-Pins-Report-Only
X-Iejgwucgyu
X-Akam-SW-Version
X-Ttl
X-Whom
ServerID
X-Mobile
Accept-Charset
Permitted-Cross-Domain-Policies
X-Varnish-Backend
X-Do-Not-Hack
X-HeyJason
X-AOL-HN
X-XRDS-LOCATION
X-GUploader-UploadID
X-Webkit-CSP
X-Cache-2
X-RateLimit-Remaining
X-Cdn
X-TA-CDN-Provider
X-Request-Received
X-Request-Processing-Time
X-Zen-Fury
X-Kinja-Server-Push
X-Correlation-Id
X-Via-JSL
X-Cached-By
X-Content-Powered-By
X-NWS-LOG-UUID
X-WPE-Loopback-Upstream-Addr
X-VCache
X-Oneagent-Js-Injection
X-App-Environment
X-LB-Cache
X-Page-Id
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Tumblr-User
X-Node-Name
Viewport
Host-Header
X-Cache-Control
X-Cluster
X-Magnolia-Registration
X-Device-Type
X-Framework
X-TT
X-Varnish-Hostname
X-Akamai-Edgescape
X-Request-Guid
X-Middleton-Display
X-B3-Sampled
X-B-Cache
X-Sol
X-Content-Security-Policy-Report-Only
X-FB-Debug
X-Signature
X-Platform-Server
Display
Upgrade-Insecure-Requests
X-Handled-By
Cache-Tag
X-Instance
Liferay-Portal
DC
X-BCube-Filmed-By
X-Amzn-Trace-Id
X-Cache-Server
MicrosoftSharePointTeamServices
X-Hostname
Server-Node
X-Origin-Server
X-TT-TIMESTAMP
X-Webkit-Csp
X-Accel-Expires
X-B3-Traceid
Source
X-Fastcgi-Cache
X-Varnish-Server
Retry-After
X-WA-Info
X-Contextid
X-Servedby
X-Distil-CS
X-Seen-By
X-Wix-Request-Id
HitType
HitInfo
Server-Info
X-Cache-Action
X-Edge-Location
Content-Style-Type
X-Amz-Replication-Status
Content-Script-Type
X-Cache-Operation
X-GeoIP
Webserver
SRV
X-RequestSource
X-Tumblr-Pixel-1
X-ATG-Version
X-Tumblr-Pixel-2
X-Generated-By
X-Locale
User-Agent
X-Jobs
X-Status
X-WebKit-CSP-Report-Only
Actual-Object-TTL
X-Edge-Cache
X-Region
X-FW-Type
X-FW-Static
X-S
AsisCache
X-Response-Served-From
X-FW-Hash
X-Edge-Cache-Key
X-FW-Serve
GEO-INFO
X-FW-Server
X-Middleton-Response
Response
X-Adobe-Loc
ServedBy
X-TX-ID
X-Drupal-Cache-Tags
X-Adobe-Content
X-UUID
Refresh
X-Cache-NE
X-Varnish-Hits
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Litespeed-Cache
X-APP-VERSION
X-Port
Healthy
X-Hyper-Cache
Payment
X-DataStream-Cache-Status
X-Geo-Country
X-Cache-Age
X-Cache-TTL-Remaining
S-Cnection
X-Esi
IBM-Web2-Location
X-Content-Type
Datacenter
X-Amz-Server-Side-Encryption
X-Varnish-Grace
Country
Edge-Cache-Tag
X-HS-Cache-Config
X-Daa-Tunnel
Filters
X-Newrelic-App-Data
Served-By
X-UA
X-Activity-Id
Powered-By-ChinaCache
X-AppVersion
NGB
X-Az
X-Pc-Key
X-Pc-Appver
X-Pc-Hit
X-HS-Combine-CSS
X-Cache-Remote
X-Sucuri-ID
X-Cacheable-TTL
X-Varnish-IP
X-App-Server
HostName
X-Vg-Webcache
X-Cache-TTL
X-Mrs-Cache-Hits
X-Mshield-Cache-Status
X-Mrs-Cache
X-Mrs-Age
X-Mode
Machine
X-Proxied
X-RN-RSRV
X-Rendered-As
X-Rule
X-Detected-As
X-Cache-Var
X-Cache-Var-Map
X-Akamai-Transformed
X-RemovedCookies
Load-Balancing
X-Is-Bot
X-CDN-Forward
X-ProcessESI
Meta-Geo
X-Kong-Proxy-Latency
Pagespeed
X-FC-Vary-Parameters
X-Rocket-Nginx-Bypass
X-Proxy
X-Kong-Upstream-Latency
Webcakes-App-Name
X-ServerID
X-Tb
X-PCL
TWC-Device-Class
TWC-Connection-Speed
X-Varnish-Cacheable
X-Cache-Category-Id
TWC-Locale-Group
TWC-GeoIP-LatLong
TWC-GeoIP-Country
X-Amz-Meta-Surrogate-Control
X-Grey
Property-Id
Webcakes-App-Version
X-Hosted-By
Webcakes-Region
Access-Control-Allow-Method
X-OCL
User-Cache-Control
OT-Force-Account-Verify
Mn-Server-Ip
X-Origin-Hint
TWC-Privacy
X-Varnish-Cache-Hits
Backend
L5d-Success-Class
DB-Nickname
X-TNCMS
Now
X-OVcl-Cache
X-Site-Version
Cache-Name
Azure-Version
Azure-InstanceId
X-Upgrade-Enabled
Azure-RegionName
Azure-SiteName
Azure-SlotName
ServerName
X-Routing-Service
X-JoinUs
X-Human
X-Loop
X-Origin
X-OVcl
X-Original-Request
X-Hit
X-Generated
X-BB-IP
X-Access
X-CDN-Cache
X-EIG-Tracking-Id
X-Format
X-Zipkin-Id
X-Section
X-ProxyCache-Key
X-BYPASS-REASON
X-ProxyCache-Status
X-Timing-Wait
X-LJ-Flow-ID
X-Proxy-Build
X-SplitTest
X-Debug-Cache
X-Upstream-HT
X-Cache-Config
Fastcgi-X-Cache-Version
X-Pubstack
X-Agile-Id
X-Agile-Age
X-Agile
X-NodeID
X-NGENIX-Cache
X-ApacheServer
S-Rt
Selected-FE
X-AWS-Id
X-App-Name
Fastcgi-Useragent
Fastcgi-X-Cache
X-PERF
X-Upstream-CT
X-IP
X-Via-Fastly
X-Viewer-Country
X-Www-Served-By
X-VWS-Id
Access-Control-Request-Headers
X-Source
X-TWH-CORRELATION-ID
X-L-Path
X-Environment-Context
Cache-Key
From-Origin
X-Drupal-Cache-Contexts
X-CCM
X-Ocache
X-Origin-CC
X-Nginx-Cache
X-HOST
X-Amz-Apigw-Id
X-Xfnlog-Site
X-Amzn-RequestId
X-Unique-ID
X-URL
X-Backend-Name
LB
X-RateLimit-Limit
X-Forwarded-Host
Cache
Fastly-SSL
X-Akamai-Request-ID
X-App-Version
X-Correlation-ID
X-Storage
ViewerVersion
NtCoent-Length
X-Vgn-Hpd-Reason
X-Pc-Date
X-Pc-Host
X-Ms-Blob-Type
X-Varnish-Beresp-Grace
X-M-Log
X-Ms-Lease-Status
X-Ms-Request-Id
X-Varnish-Beresp-Status
X-Ms-Version
X-M-Reqid
X-Qnm-Cache
X-Birta-Cache-Post
X-Birta-Served
X-Feature
X-VG-TLSProxy
AR-Request-ID
X-NCache
X-Time-Microsecs
X-Real-IP
X-Labrador-Cache-Channel
CACHE
X-Internal-Host
Ar-Sid
X-Cluster-Node
X-Microcachable
X-Release
X-Distributor
X-Guploader-Uploadid
Time
X-EdgeConnect-Cache-Status
X-Real-Ip
X-Ruxit-Js-Agent
WZWS-RAY
X-Powered-By-ANYU
X-B3-Spanid
Xserver
X-Request-Time
X-Cache-Enabled
X-B3-TraceId
X-Sucuri-Cache
X-PAYTM-SRV-ID
X-Org
X-Web-Node
X-Logtrace-Id
X-A
Www
X-A-Ccd
X-A-Dam
X-A-Dcw
X-Destination
X-Developer
X-Died
T-Server
V-Age
Viewtype
VivaBuild
X-A-Dgt
X-A-Wwc
X-Cache-Bucket
X-BB-ID
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Connection-Hash
X-B-Cookie
X-ARC
X-Accel-Expires-Debug
X-Date
X-D
X-Application
X-DPWN-IS-SECURE
Server-Int
X-Irp-Debug
Ec-Rule-Version
X-IN-WAF
Fly-Cache
Fly-Request-Id
Cache-Prefix
BehaviorPad-Version
X-No-Session
Ajk
AKAMAI
Arc-Country
X-IN-SSL-APIGATEWAY
X-IN-APIGATEWAY
X-G
NGX
X-From
Rendered-Blocks
REQUESTUUID
Mobile-Detection-Method
Meta-Geo-Continent
X-Generation-Time
IsBot
X-Generated-In
MD5-Digest
X-NU-AKA-ACS-Version
X-Redis-Cache
X-Via-Edge
X-Via-CDN
X-Server-Time
X-Via-SSL
X-UE-Client-Country
X-Rewrite-Enabled
X-VG-WebServer
X-ScT
X-S-Cookie
X-Server-By
X-Rojux
X-NC
X-Twitter-Response-Tags
X-Region-Sid
X-WebServer
X-SIPLIST1
X-SRCache-Key
X-Store
X-Varnish-Beresp-Ttl
X-Cache-Backend
X-Request-UUID
X-Trv-Group
X-Newrelic-Synthetics
X-Transaction
Xc-Version
X-Sorting-Hat-PodId
X-Shopify-Stage
X-ShopId
X-Dynatrace-Js-Agent
X-Sorting-Hat-ShopId
X-SERVER-NAME
X-Alternate-Cache-Key
X-ShardId
HA-Servedtime
HA-Ipaddr
Ha-Gx-Prefs
HA-Urlpath
HA-Host
X-GeoIP-City
X-Block-Status
Magicmarker
HA-Georegion
X-CUA
HA-Geolon
X-Hl-Ver
X-Crawler
GMS-Ver
X-CGP
HA-Cloudapp
HA-Geocity
HA-Geolat
HA-Geocountry
X-CS
X-Amz-Meta-Cache-Control
X-Wikidot-Backend
X-Eu-Site
X-External-Request-Id
X-VCT
X-F5-Cache
X-Hnp-Log
Server-Host
X-Varnish-Action
X-Dispatcher-Server
SN
X-Fastly-Cache
X-Dc
Origin-Edge-Control
Origin-Cache-Control
NodeID
X-Gen-Mode
X-We-Are-Hiring
X-VServer
X-UnsetCookies
Release
Web-Mar-Node
X-Wikidot-Static-Cache
X-Hash
X-Platform
Backend-Name
Country-Code
ProcessTime
X-Phone
X-Owner
X-Origin-TTL
X-Node-Id
X-Layer
X-Policy
X-Key
Frame-Options
X-Amz-Cf-Pop
X-Webstats-RespID
X-FireWall-Port
X-ElasticPress-Search
X-Endurance-Cache-Level
X-C
X-Passed-To-PostProcessResponse
X-S-Maxage
X-Returned-From-BeforeDispatch
X-Returned-From-PostProcessResponse
X-Returned-From-DLL
X-Developers
X-Passed-To-DLL
X-Passed-To-BeforeDispatch
X-UA-Device-Type
X-Clientip
X-Var-Ttl
X-Secret
Thinkindot-CacheControl
X-Debug-Log
Thinkindot-Control
Thinkindot-CacheControl-Type
Uber-Trace-Id
X-Core-Mission
X-RCS-CacheZone
X-Backend-Url
X-Backend-TTL
X-Backend-State
X-Request-URI
X-Cache-CFC
X-Croise-Owner
X-Cache-Expires
X-Reboot
X-Backend-Host
X-RateLimit-Remaining-Second
X-Cache-URL
X-Response-By
Cneonction
X-Debug-Cookies
X-Cache-Srv
X-Epic-Correlation-Id
X-RateLimit-Limit-Second
X-Core-Value
X-Actual-URL
X-Returned-From
X-Passed-To
Pagetype
CDCHOST
X-GeoIP-Country-Code
X-MSEdge-Flight
Kp-EeAlive
X-Nginx-Cache-Key
MI-Cache
MI-API
X-Swa-Ws
X-Sf
Heartbleed
X-MSEdge-Features
X-Instance-Name
X-Stale
X-HTML-Minification-Powered-By
X-Thinkindot-L3
Esi-Enabled
X-Location
X-MI-In-Market
X-Matched-Rule
Countrycode
MI-Cache-Age
X-TT-LOGID
X-NX-Host
X-GZip
X-Up
X-FW-Version
Pragrma
Proxy-Connection
X-Fetched-On
Request-EU
Request-Country
X-Server-IP
PageSpeed
Apple-News-Services-Handled
Odigeo-Trace-Id
Apple-News-Services-Parsed-Url
X-Tumblr-Pixel-3
Apple-News-Services-Request-Url
X-Gannett-Site-Version
Origin
Apple-News-Services-Host
Section-Io-Cache
X-Ezoic-Cdn
X-Nc
X-Content-Age
Resin-Trace
X-Sn-Servicetimems
X-Variation
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-From
X-Worker
Cache-Cookie-Set-Idcheck
X-Trace-Id
X-Fstrz
X-ServiceProvider
X-Device-Os
RNT-Time
Decoy-Debug-TTL
Fastly-Backend-Name
Decoy-Debug-Status
True-Client-Country-4JS
Decoy-Debug-Key
Server-ID
X-NWS-UUID-VERIFY
Platform
Is-Eu
Powered
HTTPS
RNT-Machine
On-Server
Content-Disposition
X-Ckpd-Fst-Backend
Cache-Tags
X-Cache-Host
X-TIME
X-Cdn-Origin
Adler-Geo
X-V
XServer
X-Surge-Debug
Fastly-SWR
Fastly-SIE
X-Rebelmouse-Cache-Control
X-Servername
X-Skip-Cache
Warning
X-Rebelmouse-Surrogate-Control
X-Alicdn-Da-Ups-Status
X-Cdn-Srv
X-CACHE-AGE
MIME-Version
RequestId
Host-ID
X-Pf-Uncompressing
X-Ua
X-Req
X-Proto
X-Csrf-Token
X-Aed
X-GEO
X-Edge-IP
We-Hiring
PFcat
Sid
Mail-Subject
Pramga
Request-Time
Cteonnt-Length
X-Refresh
X-PHP-Backend
TSSecure
X-Pjax-Url
X-Ratelimit-Limit
CF-IPCountry
X-ABtesting
X-Flog
WP-Super-Cache
X-Ms-Lease-State
X-Server-W
X-Hello
X-Cdn-Forward
X-Geo
X-Varnish-Ttl
X-Planisys-CDN-Cache
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
Cdn
X-Servedbyhost
X-Page-Type
X-Atg-Version
CDN
X-CLOUD-TRACE-CONTEXT
X-Time
GeoIp-Country-Code
X-Oss-Request-Id
Mime-Version
X-Auto-Login
Geoip-Latitude
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-Oss-Server-Time
X-Oss-Storage-Class
X-COUNTRY
X-Varnish-Url
Dnion-Transfer-Encoding
X-CSRF-Token
FSS-Cache
X-Cache-ASPX
FSS-Proxy
X-DC
X-Oracle-Dms-Ecid
X-WA
X-Unique-Id
Lfy
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
X-GoCache-CacheStatus
X-Aicache-OS
X-Akamai-Request-ID2
X-Varnish-Beresp-TTL
PageType
A
X-Sentry-ID
Rt-Proxy-Cache
MS-CV
X-GRACE
X-EC-Security-Audit
X-Datadome
NnCoection
X-MP-GENERATED-AT
X-Origin-Expires
Hostname
X-Bip
Memcached
X-Via-NSCOPI
X-Origin-Date
X-Thanos
X-Served-From
X-Ratelimit-Remaining
X-Check-Cacheable
NODE
X-Varnish-HitMiss
X-Cache-Id
X-HCF
X-Cache-Info
X-Cache-Control-Set-By
Node
X-Be
X-APP
X-CACHE-KEY
SD-X-WS
X-Proxy-Server
X-Request-Start
X-Wa
X-Use-Magma
X-Nananana
GeoIP-Latitude
GeoIP-Country-Code
Memory
X-Server-Group
X-UPSTREAM-Address
WWW-Authenticate
X-NODE
GeoIP-City
Geoip-City
X-SRV
X-Fastly-Cache-Hits
X-Varnish-URL
UCS
GW-Server
PICS-Label
X-ServedByHost
X-Vcache
Cache-Hits
X-Cookie
X-Wix-Route-ID
Processtime
X-PAGE-TYPE
X-User
X-WR-MODIFICATION
X-RTag
X-From-Cache
X-Gen-Id
X-GDPR
Accept-Language
X-Load-Cache
DataCenter
X-Gdpr
Cf-Ipcountry
Cdn-Request-Time
X-Edge-Server
X-Goog-Meta-Goog-Reserved-File-Mtime
X-HS-Status
X-FORWARDED-FOR
Amp-Access-Control-Allow-Source-Origin
X-Fastly-Backend-Reqs
Cdn-Host
Ms-Operation-Id
X-BBXSRF
X-Cache-Debug
Locale
X-Path-Route
X-Swift-Error
X-Li-Fabric
X-Li-Pop
X-Urbn-Site-Id
X-Urbn-Context-Path
X-LI-UUID
X-LI-Proto
COMMERCE-SERVER-SOFTWARE
X-PJAX-URL
Pics-Label
X-B3-SpanId
X-Info
X-Cache-Ttl
Dont-Set-Cookie
V-Cache
X-Cache-HT
X-Env
Is-Session-Tracking
X-Optimization
Get-Access-Time
X-CDN-Pop-IP
X-CDN-Pop
SS
X-Qloud-Router
Fastly-Soc-X-Request-Id
Lb
X-Dw-Trace-Id
X-RateLimit-Reset
Group
X-VG-WebCache
X-PF-Uncompressing
X-Fe
X-ID
NX-Cache
URI
X-Bug-Bounty
X-GZIP
X-P-T
Requestid
X-Content-Encoded-By
Who
Serverid
X-NGINX-Cache
X-Cache-FS-Status
CDN-Cache
X-CacheKey
CDN-Node
X-Ver
CDN-Cache-Hit
Xet-Cookie
AGE-Hash
X-SN
X-Varnish-Info
X-ServerName
X-SB
X-CSRF-TOKEN
X-Is-Crawler
X-Grace-Duration
X-Providence-Cookie
X-Serial
SID
X-Akamai-SSL-Client-Sid
X-Shard
N-Cache
X-VC
Https
X-Route-Name
X-Ibm-Trace
X-Meta-Tbi-Cache-Vertical
Ws
X-Litespeed-Cache-Control
X-RequestId
X-Akamai-ERPolicy
X-Akamai-ERRuleID
X-Flags