Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
Last-Modified
Accept-Ranges
Pragma
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
Expect-CT
Via
X-Cache
X-XSS-Protection
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Xss-Protection
X-Served-By
X-Amz-Cf-Id
X-Varnish
Referrer-Policy
X-Timer
CF-Cache-Status
Access-Control-Allow-Headers
X-AspNet-Version
Access-Control-Allow-Methods
X-Request-Id
X-Runtime
X-Download-Options
Access-Control-Allow-Credentials
X-FRAME-OPTIONS
X-Drupal-Cache
X-Request-ID
X-Cacheable
Alt-Svc
X-Generator
Content-Security-Policy-Report-Only
X-Check
X-Adblock-Key
X-AspNetMvc-Version
Status
X-Cache-Status
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Permitted-Cross-Domain-Policies
X-Template
X-Language
X-Iinfo
Content-Encoding
X-Content-Security-Policy
X-Turbo-Charged-By
X-CDN
X-Buckets
X-Type
Keep-Alive
Xkey
X-AH-Environment
X-Cache-Group
WPE-Backend
X-Pass-Why
X-Backend
Access-Control-Max-Age
X-Age
CF-Ray
Upgrade
X-POWERED-BY
X-Server
Access-Control-Expose-Headers
EagleId
X-Via
X-Nginx-Cache-Status
X-Server-Powered-By
X-Drupal-Dynamic-Cache
X-Pingback
X-Varnish-Cache
X-Amz-Id-2
X-Amz-Request-Id
X-Hacker
Grace
X-UA-Device
X-Swift-CacheTime
X-Swift-SaveTime
X-Robots-Tag
Ali-Swift-Global-Savetime
P3p
Cf-Railgun
X-LiteSpeed-Cache
X-Proxy-Cache
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Ua-Compatible
Request-Context
Content-Location
X-Device
X-Ac
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Amz-Version-Id
X-Cnection
X-Host
X-Server-Id
Surrogate-Control
X-Cache-Lookup
X-Node
X-Backend-Server
X-Rq
X-Response-Time
X-Rack-Cache
X-Readtime
X-Application-Context
X-WebKit-CSP
EagleEye-TraceId
X-OneAgent-JS-Injection
Server-Timing
X-Cloud-Trace-Context
X-Url
Report-To
Pinterest-Generated-By
Request-Id
X-CST
X-Instart-Request-ID
X-TTL
X-Country
X-ORACLE-DMS-ECID
X-Px
X-Clacks-Overhead
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Feature-Policy
Edge-Control
X-Country-Code
Rating
X-Dns-Prefetch-Control
X-DataDome
Allow
X-ESI
NEL
X-Powered-CMS
X-PC
X-Vname
X-TtlSet
X-FTR-Request-ID
X-Origin-Cache
X-Server-Name
Charset
X-DynaTrace
X-Cached
X-DynaTrace-JS-Agent
X-MS-InvokeApp
X-Vhost
X-Goog-Hash
X-GitHub-Request-Id
X-Recruiting
X-VARITI-CCR
RTSS
X-Varnish-TTL
X-F-Cache
X-Version
X-GoogleNews-Bot
X-Geo-Segment
X-Exp-Variant
X-Cdn-Fetch
X-Exp-Id
X-Kinja
X-Kinja-Build
Content-MD5
X-Kinja-Server
X-Kinja-Revision
X-Powered-By-Plesk
Accept-CH
X-D2id
X-Mobile-Rewrite
PB-RID
Arc-Version
Public-Key-Pins
PB-PID
X-Mod-Pagespeed
MS-Author-Via
Verso
X-Client-IP
X-Dispatcher
X-Abt-Application-Version
X-Upstream-Env
X-Pinterest-Rid
Pinterest-Version
SPRequestGuid
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Ruxit-JS-Agent
X-SharePointHealthScore
X-N
X-Amz-Rid
Nginx-Cache
X-Navigation-Version
Accept-CH-Lifetime
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Dw-Request-Base-Id
X-Trace
X-Fastly-Request-ID
X-CF-Powered-By
X-Forwarded-Proto
X-Oracle-Dms-Rid
X-ORACLE-DMS-RID
Paypal-Debug-Id
X-Origin-Upstream-Status
X-DIS-Request-ID
SPRequestDuration
SPIisLatency
X-Hits
X-Grace
X-T
X-Upstream
X-Varnish-Age
DynaTrace
Arr-Disable-Session-Affinity
TCN
X-Amz-Meta-S3cmd-Attrs
X-Id
X-Shield-Request-Id
X-Pad
AR-PoweredBy
X-Content-Options
AR-ATIME
AR-CACHE
Realpath
X-Content-Digest
X-HW
X-NF-Request-ID
X-Server-ID
Access-Control-Request-Method
Mrf-Cache-Status
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
MRF-Tech
X-Kinsta-Cache
X-XRDS-Location
X-Acc-Meta-Resource-Type
X-IPLB-Instance
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Metageneration
X-Goog-Generation
X-Cache-Hit
X-Debug
X-Vcap-Request-Id
X-B
X-Logged-In
X-Wix-Server-Artifact-Id
X-SS-Set-Cookie
X-NewRelic-App-Data
X-Ser
Service-Worker-Allowed
Tracecode
X-FastCGI-Cache
S
X-MSEdge-Ref
Fastly-Restarts
Server-Name
X-PressLabs-Stats
X-FTR-Realm
X-FTR-DC
X-FTR-Backend-Server
X-Country-Code-Real
X-FTR-Backend
X-FTR-Balancer
X-FTR-Cache-Status
X-Frontend
X-Accel-Buffering
X-FTR-Expires
Rt-Fastcgi-Cache
Surrogate-Key
X-Cache-Key
X-Forwarded-For
Fastcgi-Cache
AMP-Access-Control-Allow-Source-Origin
Backend-Timing
X-Analytics
Alternate-Protocol
X-Iejgwucgyu
X-HS-Content-Id
X-HS-Hub-Id
Eomportal-Instance
X-Cache-Rule
Host
FilterID
X-Ttl
X-Revision
Cleartype
Front-End-Https
TP-Cache
TP-L2-Cache
X-Srv
X-Rid
X-FTR-Cache-Host
Public-Key-Pins-Report-Only
Cache-Status
X-User-Agent
X-Debug-Info
X-Akam-SW-Version
X-Whom
ServerID
X-Mobile
X-Webkit-Csp
AR-SID
Accept-Charset
X-Webkit-CSP
X-AOL-HN
X-Varnish-Backend
X-Cdn
X-Cache-2
X-RateLimit-Remaining
X-Request-Received
X-Request-Processing-Time
X-Zen-Fury
X-Oneagent-Js-Injection
X-Content-Powered-By
X-Cached-By
X-XRDS-LOCATION
X-Correlation-Id
X-Via-JSL
X-WPE-Loopback-Upstream-Addr
X-TA-CDN-Provider
X-NWS-LOG-UUID
X-HeyJason
X-Do-Not-Hack
Permitted-Cross-Domain-Policies
X-App-Environment
X-GUploader-UploadID
X-LB-Cache
X-Sol
X-Middleton-Display
Display
X-Cache-Control
X-Cluster
X-Page-Id
X-Tumblr-User
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Magnolia-Registration
Host-Header
X-Varnish-Hostname
X-Request-Guid
X-Framework
X-TT
X-Device-Type
Viewport
X-Akamai-Edgescape
X-Node-Name
X-Content-Security-Policy-Report-Only
X-FB-Debug
X-B3-Sampled
X-Signature
Upgrade-Insecure-Requests
X-Platform-Server
X-Handled-By
X-B-Cache
DC
X-VCache
Cache-Tag
X-Instance
X-Fastcgi-Cache
Liferay-Portal
X-BCube-Filmed-By
X-Amzn-Trace-Id
X-Cache-Server
MicrosoftSharePointTeamServices
X-Hostname
X-Origin-Server
Server-Node
X-TT-TIMESTAMP
X-Accel-Expires
X-WA-Info
Retry-After
Source
X-Varnish-Server
X-Contextid
X-Servedby
X-Distil-CS
X-Wix-Request-Id
X-Edge-Location
X-Seen-By
X-B3-Traceid
HitInfo
HitType
Server-Info
X-Cache-Action
X-Amz-Replication-Status
Content-Script-Type
Content-Style-Type
SRV
X-GeoIP
X-Tumblr-Pixel-1
Webserver
X-S
X-Tumblr-Pixel-2
X-Cache-Operation
X-RequestSource
GEO-INFO
X-Jobs
X-Locale
X-Middleton-Response
User-Agent
X-WebKit-CSP-Report-Only
X-ATG-Version
Response
Actual-Object-TTL
X-Status
X-FW-Serve
X-FW-Hash
X-Response-Served-From
X-Region
X-FW-Server
X-FW-Type
X-Edge-Cache
X-FW-Static
X-Generated-By
X-Edge-Cache-Key
X-Drupal-Cache-Tags
AsisCache
X-Cache-NE
X-UUID
Refresh
X-Adobe-Loc
X-Varnish-Hits
X-Adobe-Content
ServedBy
X-TX-ID
X-Yottaa-Optimizations
X-Yottaa-Metrics
Healthy
X-Port
X-Esi
Payment
X-Geo-Country
X-Hyper-Cache
X-DataStream-Cache-Status
X-Cache-TTL-Remaining
S-Cnection
X-APP-VERSION
X-Cache-Age
X-Content-Type
X-Newrelic-App-Data
IBM-Web2-Location
Edge-Cache-Tag
X-HS-Cache-Config
Datacenter
HostName
X-Amz-Server-Side-Encryption
X-Varnish-Grace
Country
Filters
X-HS-Combine-CSS
Powered-By-ChinaCache
Served-By
X-Daa-Tunnel
X-Activity-Id
NGB
X-Az
X-AppVersion
X-Pc-Appver
X-Sucuri-ID
X-Pc-Key
X-Varnish-IP
X-Pc-Hit
X-Cacheable-TTL
X-Cache-Remote
X-Vg-Webcache
X-App-Server
X-Cache-TTL
X-Akamai-Transformed
X-UA
X-Mrs-Cache-Hits
X-Mode
X-Kinja-Server-Push
X-Mshield-Cache-Status
X-Mrs-Age
X-Mrs-Cache
X-Kong-Proxy-Latency
X-ProcessESI
X-RemovedCookies
X-RN-RSRV
X-Rendered-As
X-Detected-As
X-Cache-Var-Map
X-Rule
X-Is-Bot
Meta-Geo
X-Kong-Upstream-Latency
X-Cache-Var
Machine
Load-Balancing
X-Rocket-Nginx-Bypass
X-BYPASS-REASON
X-FC-Vary-Parameters
X-Proxy
X-ProxyCache-Key
X-ProxyCache-Status
TWC-Connection-Speed
X-Grey
X-Varnish-Cacheable
X-Cache-Category-Id
X-Amz-Meta-Surrogate-Control
Webcakes-Region
X-Tb
X-ServerID
X-Origin
X-OCL
X-Origin-Hint
X-Hosted-By
X-PCL
Webcakes-App-Version
Webcakes-App-Name
Mn-Server-Ip
OT-Force-Account-Verify
DB-Nickname
Cache-Name
Access-Control-Allow-Method
Property-Id
TWC-Device-Class
TWC-Privacy
TWC-Locale-Group
TWC-GeoIP-LatLong
TWC-GeoIP-Country
X-Varnish-Cache-Hits
Backend
X-Routing-Service
Now
X-Access
X-Loop
Azure-InstanceId
X-CDN-Cache
X-Format
X-BB-IP
X-Hit
X-Section
X-Upstream-HT
X-Human
X-JoinUs
X-Site-Version
X-Generated
Azure-RegionName
X-Zipkin-Id
X-TNCMS
Azure-Version
X-Proxied
X-EIG-Tracking-Id
X-Upstream-CT
X-Upgrade-Enabled
X-App-Version
X-OVcl-Cache
Azure-SlotName
Azure-SiteName
L5d-Success-Class
User-Cache-Control
X-OVcl
X-Original-Request
Fastcgi-X-Cache
Fastcgi-X-Cache-Version
X-Pubstack
X-VWS-Id
X-Agile-Id
X-Debug-Cache
X-Viewer-Country
X-Agile-Age
X-Agile
X-Via-Fastly
X-ApacheServer
ServerName
Fastcgi-Useragent
X-AWS-Id
X-App-Name
S-Rt
Selected-FE
X-Cache-Config
X-Source
X-HOST
X-NodeID
X-NGENIX-Cache
X-LJ-Flow-ID
X-Timing-Wait
X-Www-Served-By
X-Proxy-Build
X-TWH-CORRELATION-ID
X-PERF
X-SplitTest
X-L-Path
X-IP
From-Origin
X-Drupal-Cache-Contexts
X-Environment-Context
Cache-Key
Access-Control-Request-Headers
X-URL
X-Origin-CC
X-Ocache
X-CCM
X-Amzn-RequestId
X-Amz-Apigw-Id
Pagespeed
X-Feature
X-CDN-Forward
Cache
LB
X-Nginx-Cache
X-Xfnlog-Site
X-Backend-Name
X-Unique-ID
X-Forwarded-Host
X-Correlation-ID
X-Litespeed-Cache
NtCoent-Length
Ar-Sid
ViewerVersion
Fastly-SSL
X-RateLimit-Limit
X-Akamai-Request-ID
X-Guploader-Uploadid
X-Pc-Host
X-Pc-Date
X-Ms-Version
X-Vgn-Hpd-Reason
X-Storage
X-Ms-Request-Id
X-Ms-Blob-Type
X-Ms-Lease-Status
X-Birta-Served
X-M-Reqid
X-Qnm-Cache
X-M-Log
X-Birta-Cache-Post
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-Real-Ip
X-Labrador-Cache-Channel
X-VG-TLSProxy
X-B3-TraceId
X-Cluster-Node
X-Time-Microsecs
Xserver
X-NCache
X-Internal-Host
X-Ruxit-Js-Agent
X-Microcachable
X-Release
X-Distributor
Time
X-EdgeConnect-Cache-Status
AR-Request-ID
PageSpeed
CACHE
X-Powered-By-ANYU
WZWS-RAY
X-B3-Spanid
X-Real-IP
ProcessTime
X-Sucuri-Cache
X-Cache-Enabled
X-Request-Time
X-Dynatrace-Js-Agent
X-Nc
X-SERVER-NAME
Www
V-Age
Cache-Prefix
Ec-Rule-Version
Fly-Cache
BehaviorPad-Version
Arc-Country
X-Web-Node
Ajk
AKAMAI
Fly-Request-Id
IsBot
REQUESTUUID
T-Server
Viewtype
Rendered-Blocks
NGX
MD5-Digest
Meta-Geo-Continent
Mobile-Detection-Method
VivaBuild
X-B-Cookie
X-Rewrite-Enabled
X-Request-UUID
X-Rojux
X-S-Cookie
X-Server-By
X-ScT
X-Region-Sid
X-Redis-Cache
X-No-Session
X-Logtrace-Id
X-NU-AKA-ACS-Version
X-Org
X-PAYTM-SRV-ID
X-Server-Time
X-SIPLIST1
X-Via-Edge
X-Via-CDN
X-Via-SSL
X-WebServer
Xc-Version
X-VG-WebServer
X-UE-Client-Country
X-Store
X-SRCache-Key
X-Transaction
X-Trv-Group
X-Twitter-Response-Tags
X-Irp-Debug
X-IN-WAF
X-BB-ID
X-ARC
X-Cache-Bucket
X-CF-Lambda-Fn
X-Connection-Hash
X-CF-Lambda-Version
X-Application
X-Accel-Expires-Debug
X-A-Dam
X-A-Ccd
X-A-Dcw
X-A-Dgt
X-A-Wwc
X-CUA
X-D
X-Generated-In
X-G
X-Generation-Time
X-IN-APIGATEWAY
X-IN-SSL-APIGATEWAY
X-From
X-DPWN-IS-SECURE
X-Destination
X-Date
X-Developer
X-Died
X-Dispatcher-Server
X-A
Server-Int
X-Cache-Backend
X-FireWall-Port
X-Alternate-Cache-Key
X-Varnish-Beresp-Ttl
X-ShardId
X-ShopId
X-Endurance-Cache-Level
X-Sorting-Hat-PodId
X-Shopify-Stage
X-Sorting-Hat-ShopId
X-Owner
HA-Urlpath
X-Origin-TTL
Magicmarker
X-Layer
HA-Servedtime
X-Key
X-Node-Id
HA-Georegion
HA-Geocountry
HA-Geocity
HA-Cloudapp
GMS-Ver
HA-Geolat
HA-Geolon
HA-Host
Ha-Gx-Prefs
NodeID
X-Amz-Meta-Cache-Control
X-Hash
X-CS
SN
Server-Host
X-Eu-Site
X-Crawler
X-CGP
X-Block-Status
X-Cache-CFC
Web-Mar-Node
X-F5-Cache
X-Fastly-Cache
X-Hl-Ver
Origin-Edge-Control
Origin-Cache-Control
X-Phone
X-GeoIP-City
Release
X-Gen-Mode
Pragrma
X-Hnp-Log
HA-Ipaddr
Backend-Name
X-S-Maxage
X-Wikidot-Backend
X-External-Request-Id
X-Platform
X-VServer
X-UnsetCookies
Country-Code
X-Wikidot-Static-Cache
X-VCT
X-Policy
X-Varnish-Action
Frame-Options
X-RateLimit-Limit-Second
X-UA-Device-Type
X-RateLimit-Remaining-Second
X-ElasticPress-Search
X-Webstats-RespID
X-Amz-Cf-Pop
X-Dc
X-Ezoic-Cdn
X-Newrelic-Synthetics
X-Device-Os
X-Developers
X-Debug-Cookies
X-Epic-Correlation-Id
X-Croise-Owner
X-We-Are-Hiring
X-Debug-Log
Resin-Trace
X-Sf
X-C
X-Backend-Url
X-Backend-TTL
X-Backend-Host
X-Backend-State
X-RCS-CacheZone
X-Cache-Expires
Kp-EeAlive
X-Core-Mission
X-Clientip
X-Fetched-On
X-Cache-Srv
X-Cache-URL
X-Core-Value
X-GeoIP-Country-Code
X-Returned-From-DLL
X-Passed-To
X-NX-Host
X-Returned-From-PostProcessResponse
X-MSEdge-Flight
X-Nginx-Cache-Key
X-Passed-To-BeforeDispatch
X-Returned-From-BeforeDispatch
X-Passed-To-DLL
X-Passed-To-PostProcessResponse
X-Reboot
X-Request-URI
X-Returned-From
X-Response-By
X-Secret
X-MI-In-Market
X-Tumblr-Pixel-3
X-TT-LOGID
X-Up
X-Var-Ttl
X-Gannett-Site-Version
X-Variation
X-Thinkindot-L3
X-HTML-Minification-Powered-By
X-Location
X-Matched-Rule
X-Server-IP
X-Stale
X-Instance-Name
X-Swa-Ws
X-FW-Version
X-MSEdge-Features
Platform
Proxy-Connection
Origin
Odigeo-Trace-Id
MI-Cache-Age
Request-Country
Request-EU
Thinkindot-CacheControl-Type
Thinkindot-Control
Thinkindot-CacheControl
Section-Io-Cache
Cneonction
MI-Cache
Is-Eu
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Apple-News-Services-Host
Apple-News-Services-Handled
Adler-Geo
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
Heartbleed
Esi-Enabled
Countrycode
Cache-Cookie-Set-Lfrom
Uber-Trace-Id
CDCHOST
X-Actual-URL
X-Ua
X-GZip
X-NC
X-Trace-Id
Powered
RNT-Machine
X-Cache-Host
RNT-Time
Fastly-Backend-Name
X-NWS-UUID-VERIFY
X-Sn-Servicetimems
MI-API
Decoy-Debug-TTL
HTTPS
Decoy-Debug-Status
Decoy-Debug-Key
On-Server
X-ServiceProvider
Content-Disposition
Server-ID
Cache-Tags
X-Content-Age
True-Client-Country-4JS
X-Surge-Debug
X-Worker
X-Cdn-Origin
X-Fstrz
X-Ckpd-Fst-Backend
X-TIME
X-V
X-Csrf-Token
X-Alicdn-Da-Ups-Status
X-Cdn-Srv
Fastly-SWR
X-Skip-Cache
X-Rebelmouse-Cache-Control
Warning
Pagetype
X-Rebelmouse-Surrogate-Control
X-CACHE-AGE
Fastly-SIE
X-GEO
X-Servername
Host-ID
X-Aed
RequestId
X-Edge-IP
X-Proto
X-Req
Pramga
MIME-Version
X-Cdn-Forward
XServer
Request-Time
Mail-Subject
TSSecure
X-Pf-Uncompressing
We-Hiring
PFcat
Sid
X-Pjax-Url
X-Ms-Lease-State
X-Ratelimit-Limit
X-Refresh
Cdn
Cteonnt-Length
X-ABtesting
X-Page-Type
X-Hello
X-Flog
X-Varnish-Ttl
WP-Super-Cache
X-PHP-Backend
Mime-Version
CF-IPCountry
X-Varnish-Url
X-Atg-Version
X-CLOUD-TRACE-CONTEXT
X-Time
X-Auto-Login
X-COUNTRY
X-Server-W
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Planisys-CDN-Cache
X-Geo
FSS-Cache
FSS-Proxy
X-Servedbyhost
X-Oss-Hash-Crc64ecma
X-Oracle-Dms-Ecid
X-Oss-Storage-Class
X-Oss-Server-Time
PageType
X-DC
X-Oss-Request-Id
X-Oss-Object-Type
X-CACHE-KEY
Dnion-Transfer-Encoding
X-Unique-Id
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
Geoip-Latitude
CDN
X-Aicache-OS
Lfy
GeoIp-Country-Code
X-Cache-ASPX
X-CSRF-Token
X-Varnish-Beresp-TTL
X-GoCache-CacheStatus
X-Akamai-Request-ID2
X-WA
X-Sentry-ID
Rt-Proxy-Cache
X-Datadome
A
X-EC-Security-Audit
X-GRACE
X-MP-GENERATED-AT
X-Served-From
X-Thanos
MS-CV
X-Via-NSCOPI
X-Cache-Id
Memcached
X-Bip
NnCoection
X-Check-Cacheable
X-Ratelimit-Remaining
Node
X-Be
X-Cache-Info
X-Origin-Expires
X-Origin-Date
NODE
X-Request-Start
X-Vcache
GeoIP-Latitude
X-Varnish-HitMiss
X-Proxy-Server
X-Cache-Control-Set-By
X-Wa
X-HCF
GeoIP-Country-Code
Memory
SD-X-WS
Amp-Access-Control-Allow-Source-Origin
X-APP
X-Nananana
X-NODE
UCS
WWW-Authenticate
X-UPSTREAM-Address
X-SRV
X-Server-Group
X-Fastly-Cache-Hits
GeoIP-City
GW-Server
Hostname
X-ServedByHost
X-User
Geoip-City
X-Cookie
Cache-Hits
X-PAGE-TYPE
X-Gen-Id
PICS-Label
Accept-Language
Cf-Ipcountry
X-GDPR
X-Wix-Route-ID
X-Varnish-URL
X-From-Cache
DataCenter
X-Load-Cache
X-WR-MODIFICATION
X-FORWARDED-FOR
X-RTag
X-Fastly-Backend-Reqs
X-HS-Status
X-Goog-Meta-Goog-Reserved-File-Mtime
Processtime
X-Swift-Error
X-Path-Route
X-Gdpr
Ms-Operation-Id
X-BBXSRF
X-Cache-Debug
X-Urbn-Site-Id
X-Li-Fabric
Pics-Label
X-PJAX-URL
Locale
X-Urbn-Context-Path
X-Use-Magma
X-LI-UUID
X-LI-Proto
COMMERCE-SERVER-SOFTWARE
Cdn-Host
X-Edge-Server
Cdn-Request-Time
X-Li-Pop
X-B3-SpanId
X-PF-Uncompressing
X-Cache-Ttl
X-Info
X-CDN-Pop
X-Dw-Trace-Id
Dont-Set-Cookie
X-VG-WebCache
X-CDN-Pop-IP
Fastly-Soc-X-Request-Id
SS
X-Fe
X-Qloud-Router
X-ID
X-GZIP
V-Cache
Is-Session-Tracking
X-Cache-HT
NX-Cache
X-RateLimit-Reset
X-Optimization
X-Env
Requestid
Group
X-Content-Encoded-By
X-Bug-Bounty
X-ServerName
Get-Access-Time
X-P-T
X-NGINX-Cache
Serverid
X-SN
X-CacheKey
X-Varnish-Info
CDN-Cache
CDN-Cache-Hit
Lb
Who
URI
CDN-Node
Xet-Cookie
X-Serial
X-Shard
X-CSRF-TOKEN
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Protected-By
Powered-By
X-Cache-FS-Status
X-RequestId
X-Akamai-SSL-Client-Sid
X-Litespeed-Cache-Control
X-Akamai-ERPolicy
X-Akamai-ERRuleID
Https
X-Grace-Duration
X-Route-Name
X-Providence-Cookie
X-Ver
AGE-Hash
X-Flags
X-Is-Crawler
SID