Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
Last-Modified
Accept-Ranges
Pragma
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
Expect-CT
Via
X-XSS-Protection
X-Cache
Age
Access-Control-Allow-Origin
Content-Security-Policy
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Served-By
X-Amz-Cf-Id
X-Varnish
Referrer-Policy
X-Xss-Protection
X-Timer
CF-Cache-Status
X-FRAME-OPTIONS
X-Request-Id
Access-Control-Allow-Headers
X-AspNet-Version
Access-Control-Allow-Methods
X-Runtime
X-Download-Options
Access-Control-Allow-Credentials
X-Drupal-Cache
X-Cacheable
Alt-Svc
X-Generator
Content-Security-Policy-Report-Only
X-Request-ID
X-Check
X-AspNetMvc-Version
Status
X-Cache-Status
X-Adblock-Key
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Iinfo
X-Permitted-Cross-Domain-Policies
X-Template
Content-Encoding
X-Language
X-Content-Security-Policy
X-Turbo-Charged-By
X-CDN
X-Type
X-Buckets
Keep-Alive
Xkey
X-AH-Environment
X-Backend
X-Cache-Group
Access-Control-Max-Age
WPE-Backend
X-Pass-Why
X-Age
CF-Ray
X-POWERED-BY
X-Server
Upgrade
EagleId
Access-Control-Expose-Headers
X-Via
X-Nginx-Cache-Status
X-Server-Powered-By
X-Drupal-Dynamic-Cache
X-Pingback
X-Varnish-Cache
Grace
X-Hacker
X-Amz-Request-Id
X-Amz-Id-2
X-Swift-CacheTime
X-Swift-SaveTime
X-UA-Device
X-Robots-Tag
Ali-Swift-Global-Savetime
P3p
Cf-Railgun
X-LiteSpeed-Cache
X-Proxy-Cache
X-Envoy-Upstream-Service-Time
X-Ua-Compatible
X-Page-Speed
Request-Context
Content-Location
X-Device
X-Ac
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Node
X-Cnection
X-Host
X-Amz-Version-Id
X-Cache-Lookup
Surrogate-Control
X-Server-Id
X-WebKit-CSP
X-Backend-Server
X-Rack-Cache
X-Rq
X-Response-Time
X-Application-Context
X-Readtime
X-CST
EagleEye-TraceId
Server-Timing
Pinterest-Generated-By
X-Cloud-Trace-Context
X-Url
X-TTL
X-OneAgent-JS-Injection
Request-Id
X-Instart-Request-ID
Report-To
X-Px
X-Country
X-ORACLE-DMS-ECID
X-Clacks-Overhead
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Feature-Policy
Edge-Control
Rating
X-Country-Code
Allow
X-DynaTrace-JS-Agent
X-Dns-Prefetch-Control
X-DataDome
Charset
X-ESI
X-Powered-CMS
X-Vname
X-TtlSet
X-PC
X-Server-Name
X-FTR-Request-ID
X-Origin-Cache
X-DynaTrace
NEL
X-MS-InvokeApp
X-ORACLE-DMS-RID
X-Goog-Hash
X-Cached
X-Recruiting
X-Vhost
X-VARITI-CCR
X-GitHub-Request-Id
X-Varnish-TTL
RTSS
Content-MD5
X-Version
X-F-Cache
X-Exp-Id
X-Kinja-Build
X-Kinja-Revision
X-Kinja-Server
X-Kinja
X-GoogleNews-Bot
X-Cdn-Fetch
X-Exp-Variant
X-Geo-Segment
X-Powered-By-Plesk
Public-Key-Pins
Accept-CH
PB-RID
PB-PID
X-Mobile-Rewrite
Arc-Version
X-Mod-Pagespeed
Pinterest-Version
X-Upstream-Env
X-Pinterest-Rid
X-D2id
Verso
X-Client-IP
MS-Author-Via
SPRequestGuid
X-Abt-Application-Version
X-CF-Powered-By
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Dispatcher
X-N
X-SharePointHealthScore
X-Amz-Rid
AR-PoweredBy
AR-ATIME
X-Navigation-Version
Accept-CH-Lifetime
Nginx-Cache
AR-CACHE
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Dw-Request-Base-Id
DynaTrace
X-T
X-Fastly-Request-ID
X-Trace
Paypal-Debug-Id
X-Upstream
X-Grace
X-Varnish-Age
X-Hits
Arr-Disable-Session-Affinity
TCN
X-Forwarded-Proto
X-DIS-Request-ID
X-Amz-Meta-S3cmd-Attrs
X-Id
X-HeyJason
Permitted-Cross-Domain-Policies
X-Do-Not-Hack
X-Origin-Upstream-Status
AR-SID
SPIisLatency
X-Shield-Request-Id
X-Pad
SPRequestDuration
X-FastCGI-Cache
X-Content-Options
X-Ruxit-JS-Agent
X-Content-Digest
X-Server-ID
X-Cache-Hit
Realpath
X-NF-Request-ID
X-IPLB-Instance
X-Kinsta-Cache
X-Logged-In
Access-Control-Request-Method
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
Mrf-Cache-Status
X-Acc-Meta-Resource-Type
MRF-Tech
X-B
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Storage-Class
X-HW
X-SS-Set-Cookie
X-Vcap-Request-Id
X-Debug
X-XRDS-Location
S
X-Ser
Service-Worker-Allowed
X-MSEdge-Ref
Server-Name
X-Wix-Server-Artifact-Id
X-Frontend
X-PressLabs-Stats
X-FTR-Balancer
X-FTR-Cache-Status
X-FTR-Backend
X-FTR-Realm
X-FTR-DC
X-FTR-Backend-Server
X-Country-Code-Real
X-Cache-Key
Tracecode
AMP-Access-Control-Allow-Source-Origin
X-Oneagent-Js-Injection
X-FTR-Expires
Rt-Fastcgi-Cache
X-NewRelic-App-Data
Fastcgi-Cache
Surrogate-Key
X-Forwarded-For
Eomportal-Instance
X-GUploader-UploadID
Alternate-Protocol
Cleartype
X-Cache-Rule
Cache-Status
Fastly-Restarts
X-Analytics
Backend-Timing
X-HS-Hub-Id
Host
X-HS-Content-Id
TP-Cache
X-Revision
TP-L2-Cache
X-Rid
X-NWS-LOG-UUID
X-User-Agent
X-VCache
Public-Key-Pins-Report-Only
FilterID
X-Whom
X-Srv
X-FTR-Cache-Host
X-Debug-Info
X-RateLimit-Remaining
X-Akam-SW-Version
X-AOL-HN
X-Accel-Buffering
X-Varnish-Backend
X-Cache-2
X-XRDS-LOCATION
X-Webkit-CSP
X-Via-JSL
ServerID
X-Content-Powered-By
X-Cdn
X-TA-CDN-Provider
Accept-Charset
X-Request-Processing-Time
X-Kinja-Server-Push
X-Request-Received
Front-End-Https
X-Mobile
X-Ttl
X-Zen-Fury
X-Oracle-Dms-Rid
Viewport
X-WPE-Loopback-Upstream-Addr
X-Cached-By
X-Node-Name
X-App-Environment
Liferay-Portal
X-LB-Cache
X-Magnolia-Registration
X-Cluster
X-Tumblr-User
X-Varnish-Hostname
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Content-Security-Policy-Report-Only
X-Page-Id
Host-Header
X-Correlation-Id
X-Handled-By
X-Request-Guid
X-TT
X-Framework
X-Device-Type
X-B3-Sampled
X-Cache-Control
X-Akamai-Edgescape
Upgrade-Insecure-Requests
X-Signature
X-Platform-Server
X-Instance
X-FB-Debug
X-BCube-Filmed-By
X-B-Cache
DC
Cache-Tag
X-Cache-Server
X-Hostname
X-B3-Traceid
Server-Node
X-Origin-Server
X-TT-TIMESTAMP
MicrosoftSharePointTeamServices
Source
Retry-After
X-Amzn-Trace-Id
X-Servedby
X-Contextid
X-Accel-Expires
X-WA-Info
X-Varnish-Server
Display
X-Middleton-Display
X-Sol
HitInfo
X-Cache-Action
HitType
Server-Info
X-Distil-CS
X-Cache-Operation
X-Fastcgi-Cache
X-Port
Content-Style-Type
Content-Script-Type
X-APP-VERSION
X-GeoIP
X-Amz-Replication-Status
X-Wix-Request-Id
X-Seen-By
Webserver
GEO-INFO
X-Edge-Location
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-Daa-Tunnel
X-S
X-WebKit-CSP-Report-Only
X-RequestSource
X-Generated-By
AsisCache
X-Jobs
User-Agent
X-Geo-Country
Healthy
X-Locale
Actual-Object-TTL
X-Status
X-FW-Serve
X-FW-Hash
X-FW-Server
X-Varnish-Hits
X-Edge-Cache-Key
X-Response-Served-From
X-Edge-Cache
ServedBy
X-FW-Static
X-Region
X-FW-Type
X-UUID
X-TX-ID
X-Adobe-Loc
X-Adobe-Content
X-Drupal-Cache-Tags
X-Hyper-Cache
X-Newrelic-App-Data
SRV
X-DataStream-Cache-Status
Refresh
X-Varnish-Grace
X-Yottaa-Metrics
X-Yottaa-Optimizations
S-Cnection
X-ATG-Version
X-Esi
Filters
X-Amz-Server-Side-Encryption
IBM-Web2-Location
X-Cache-TTL-Remaining
X-Cache-NE
X-Middleton-Response
X-URL
NGB
Response
X-Cache-Age
X-Content-Type
Payment
Datacenter
X-Activity-Id
X-Proxied
X-AppVersion
X-Az
X-Pc-Key
X-Pc-Appver
X-Ruxit-Js-Agent
X-Pc-Hit
X-Cache-Remote
X-CDN-Forward
X-App-Server
Cache
X-Cacheable-TTL
X-Cache-TTL
X-Unique-ID
X-Kong-Proxy-Latency
X-Vg-Webcache
X-Kong-Upstream-Latency
Country
AR-Request-ID
X-HS-Cache-Config
Edge-Cache-Tag
X-Akamai-Transformed
Served-By
X-Mode
X-UA
X-Sucuri-ID
X-Iejgwucgyu
X-ProcessESI
X-Rendered-As
X-RemovedCookies
X-Cache-Var-Map
X-RN-RSRV
X-Detected-As
Load-Balancing
X-Cache-Var
Meta-Geo
Machine
X-Varnish-IP
X-Is-Bot
X-Proxy
X-FC-Vary-Parameters
X-Rocket-Nginx-Bypass
Backend
Access-Control-Allow-Method
TWC-Connection-Speed
Webcakes-App-Name
X-Grey
X-EIG-Tracking-Id
X-ProxyCache-Status
X-Hosted-By
X-ProxyCache-Key
Webcakes-App-Version
Webcakes-Region
X-Varnish-Cacheable
X-Tb
X-Rule
X-ServerID
X-Amz-Meta-Surrogate-Control
X-BB-IP
X-Human
User-Cache-Control
TWC-GeoIP-LatLong
TWC-Locale-Group
TWC-GeoIP-Country
TWC-Device-Class
Mn-Server-Ip
Property-Id
X-BYPASS-REASON
X-Origin
X-Cache-Category-Id
TWC-Privacy
X-OCL
X-PCL
X-Origin-Hint
Cache-Name
DB-Nickname
X-Real-IP
ServerName
Now
S-Rt
X-Section
X-ApacheServer
X-Access
X-TNCMS
L5d-Success-Class
Azure-SiteName
Azure-RegionName
Azure-InstanceId
Azure-SlotName
Azure-Version
X-Upgrade-Enabled
Cache-Key
X-Routing-Service
X-Cache-Config
X-NodeID
X-Loop
X-L-Path
X-PERF
X-Original-Request
X-OVcl-Cache
X-OVcl
X-JoinUs
X-Correlation-ID
X-Environment-Context
X-Debug-Cache
X-CDN-Cache
X-Pubstack
X-Format
X-Hit
X-Generated
X-Varnish-Cache-Hits
X-Site-Version
X-Zipkin-Id
X-HS-Combine-CSS
X-Viewer-Country
X-IP
X-LJ-Flow-ID
Selected-FE
X-Timing-Wait
X-Www-Served-By
X-Agile
X-Agile-Id
X-Backend-Name
X-Proxy-Build
X-CCM
X-AWS-Id
X-App-Name
X-VWS-Id
X-Ocache
X-Agile-Age
X-SplitTest
X-TWH-CORRELATION-ID
X-Via-Fastly
Access-Control-Request-Headers
X-NGENIX-Cache
X-Origin-CC
X-Drupal-Cache-Contexts
OT-Force-Account-Verify
X-Source
X-RateLimit-Limit
X-Nginx-Cache
X-Xfnlog-Site
X-Upstream-HT
X-Upstream-CT
X-Storage
X-Akamai-Request-ID
X-Pc-Host
X-Pc-Date
X-Mshield-Cache-Status
X-Mrs-Cache-Hits
X-Mrs-Age
X-Mrs-Cache
Fastcgi-Useragent
Fastcgi-X-Cache
Fastcgi-X-Cache-Version
HostName
X-Vgn-Hpd-Reason
X-NC
X-Litespeed-Cache
Powered-By-ChinaCache
From-Origin
X-Time-Microsecs
X-Forwarded-Host
X-Amz-Apigw-Id
X-Amzn-RequestId
Fastly-SSL
X-Feature
X-NCache
X-Internal-Host
X-Qnm-Cache
X-Distributor
X-Release
XServer
X-Microcachable
X-M-Reqid
X-M-Log
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-UA-Device-Type
Pagespeed
X-Birta-Cache-Post
X-Birta-Served
X-Ms-Lease-Status
LB
X-Ms-Version
Pagetype
X-Ms-Blob-Type
X-Ms-Request-Id
X-Labrador-Cache-Channel
NtCoent-Length
X-Cache-Backend
X-PHP-Backend
X-VG-TLSProxy
X-Webkit-Csp
X-App-Version
X-EdgeConnect-Cache-Status
MIME-Version
X-Transaction
X-Connection-Hash
X-Twitter-Response-Tags
Time
Frame-Options
X-B3-Spanid
X-C
X-SERVER-NAME
AKAMAI
X-Org
X-Sucuri-Cache
Ajk
X-NU-AKA-ACS-Version
X-IN-SSL-APIGATEWAY
X-Accel-Expires-Debug
X-A-Wwc
X-Application
X-ARC
X-B-Cookie
X-A-Dgt
X-A-Dcw
Www
X-From
X-A
X-A-Ccd
X-A-Dam
X-BB-ID
X-Cache-Bucket
X-D
X-CUA
X-Date
X-Destination
X-Developer
X-CS
X-Died
X-DPWN-IS-SECURE
X-Dispatcher-Server
X-CF-Lambda-Fn
X-CF-Lambda-Version
VivaBuild
Viewtype
X-Irp-Debug
Fly-Request-Id
X-IN-WAF
Host-ID
Cneonction
Fly-Cache
X-Logtrace-Id
BehaviorPad-Version
Cache-Prefix
X-No-Session
Ec-Rule-Version
X-IN-APIGATEWAY
IsBot
X-G
X-Generated-In
Server-Int
T-Server
V-Age
X-Generation-Time
Rendered-Blocks
MD5-Digest
Meta-Geo-Continent
Mobile-Detection-Method
NGX
Arc-Country
X-PAYTM-SRV-ID
X-Server-Time
X-WebServer
X-Rewrite-Enabled
X-Request-UUID
X-SIPLIST1
X-Region-Sid
X-Trv-Group
X-Rojux
X-S-Cookie
X-Via-CDN
X-VG-WebServer
X-ScT
X-Via-Edge
X-Server-By
X-Via-SSL
X-Instance-Name
X-Redis-Cache
X-UE-Client-Country
X-V
X-SRCache-Key
X-Web-Node
Xc-Version
WZWS-RAY
X-NWS-UUID-VERIFY
X-Powered-By-ANYU
PageSpeed
X-HOST
X-FireWall-Port
SN
HA-Geocountry
Release
X-VCT
GMS-Ver
HA-Cloudapp
HA-Geocity
X-GeoIP-City
X-Store
X-Layer
X-Key
HA-Geolat
X-S-Maxage
X-Varnish-Action
X-Gen-Mode
Ha-Gx-Prefs
X-RateLimit-Limit-Second
X-Fastly-Cache
X-Hnp-Log
Magicmarker
Web-Mar-Node
X-Hash
Origin-Cache-Control
NodeID
Origin-Edge-Control
X-F5-Cache
X-GZip
HA-Ipaddr
HA-Host
X-Hl-Ver
HA-Georegion
HA-Servedtime
Pragrma
X-UnsetCookies
X-Var-Ttl
HA-Urlpath
HA-Geolon
X-Eu-Site
X-Request-URI
X-Origin-TTL
X-CGP
X-Wikidot-Static-Cache
X-Node-Id
X-Wikidot-Backend
X-Owner
X-Core-Value
X-Phone
X-Platform
X-RateLimit-Remaining-Second
X-Debug-Log
X-Crawler
X-Debug-Cookies
X-We-Are-Hiring
X-NX-Host
X-Block-Status
X-VServer
Country-Code
X-Amz-Meta-Cache-Control
X-External-Request-Id
Server-Host
X-Cache-CFC
Backend-Name
X-Cache-Enabled
X-Webstats-RespID
X-CACHE-AGE
X-Request-Time
Thinkindot-CacheControl-Type
X-Varnish-Beresp-Ttl
X-Croise-Owner
Thinkindot-Control
X-Backend-State
True-Client-Country-4JS
Thinkindot-CacheControl
X-Swa-Ws
X-Cache-Host
X-Variation
X-Stale
X-FW-Version
X-Backend-Host
Uber-Trace-Id
X-Cache-Srv
X-Thinkindot-L3
X-Actual-URL
X-Fetched-On
X-Epic-Correlation-Id
X-Up
X-Tumblr-Pixel-3
X-ElasticPress-Search
X-Cdn-Srv
X-Cache-URL
X-TT-LOGID
X-Cdn-Origin
X-Core-Mission
X-Trace-Id
X-Clientip
X-Cache-Expires
X-Backend-Url
X-Backend-TTL
MI-Cache
CDCHOST
X-Nginx-Cache-Key
Cache-Tags
Apple-News-Services-Request-Url
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
X-MSEdge-Flight
Section-Io-Cache
Decoy-Debug-Status
Decoy-Debug-TTL
Decoy-Debug-Key
Countrycode
X-MI-In-Market
Apple-News-Services-Handled
X-Returned-From-PostProcessResponse
X-Passed-To-DLL
X-Reboot
X-Passed-To-PostProcessResponse
X-RCS-CacheZone
X-Developers
X-Passed-To-BeforeDispatch
X-Passed-To
Adler-Geo
X-Returned-From-DLL
X-Returned-From-BeforeDispatch
X-Returned-From
X-Response-By
Esi-Enabled
X-MSEdge-Features
Origin
Request-EU
Request-Time
On-Server
Odigeo-Trace-Id
Request-Country
X-Sn-Servicetimems
PFcat
X-GeoIP-Country-Code
Proxy-Connection
X-Matched-Rule
Platform
MI-Cache-Age
X-Server-IP
Heartbleed
X-Secret
X-Location
X-Gannett-Site-Version
Is-Eu
Kp-EeAlive
MI-API
X-ServiceProvider
X-HTML-Minification-Powered-By
X-Sf
X-Cluster-Node
X-Ua
X-ShopId
X-Shopify-Stage
X-Sorting-Hat-PodId
X-Varnish-Ttl
X-ShardId
X-Sorting-Hat-ShopId
X-Alternate-Cache-Key
X-Rebelmouse-Cache-Control
X-Skip-Cache
X-Servername
X-Policy
REQUESTUUID
X-Rebelmouse-Surrogate-Control
X-Worker
X-Fstrz
Powered
X-Device-Os
Sid
X-Content-Age
Resin-Trace
RNT-Machine
RNT-Time
ViewerVersion
HTTPS
Fastly-SIE
Fastly-Backend-Name
Content-Disposition
Fastly-SWR
Server-ID
X-Alicdn-Da-Ups-Status
X-Ckpd-Fst-Backend
X-Ezoic-Cdn
ProcessTime
Cteonnt-Length
X-Csrf-Token
X-Refresh
Xserver
RequestId
X-Oss-Storage-Class
X-Oss-Server-Time
X-Oss-Hash-Crc64ecma
X-B3-TraceId
X-Oss-Object-Type
X-Oss-Request-Id
X-Pf-Uncompressing
WP-Super-Cache
X-Newrelic-Synthetics
X-Dc
Warning
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-Servedbyhost
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
X-Proto
CF-IPCountry
X-Planisys-CDN-TTL
Cache-Cookie-Set-Lfrom
X-Real-Ip
X-Endurance-Cache-Level
Mail-Subject
CDN
We-Hiring
X-Req
X-GEO
X-Cache-ASPX
X-Pjax-Url
X-Surge-Debug
X-TIME
Hostname
X-GoCache-CacheStatus
Dnion-Transfer-Encoding
X-Time
X-Aed
NODE
X-CLOUD-TRACE-CONTEXT
X-Atg-Version
CACHE
X-DC
X-Edge-IP
X-CSRF-Token
Pramga
X-COUNTRY
X-Nc
X-Varnish-Beresp-TTL
X-Guploader-Uploadid
NnCoection
X-Origin-Date
Geoip-Latitude
GeoIp-Country-Code
X-Origin-Expires
X-Page-Type
TSSecure
X-Ms-Lease-State
Ar-Sid
X-Server-W
X-Oracle-Dms-Ecid
X-HCF
X-Cache-Control-Set-By
X-Varnish-HitMiss
X-Geo
X-Cdn-Forward
X-Varnish-Url
A
X-DataStream-Origin-MEX-Latency
X-Aicache-OS
X-Flog
X-DataStream-MidMile-RTT
X-ABtesting
X-Hello
SD-X-WS
X-Server-Group
X-GRACE
X-WA
MS-CV
X-Amz-Cf-Pop
WWW-Authenticate
X-Datadome
Cdn
Processtime
Geoip-City
Lfy
X-Auto-Login
X-Akamai-Request-ID2
X-Ratelimit-Limit
PICS-Label
FSS-Proxy
X-Wix-Route-ID
Node
X-Varnish-URL
X-SRV
X-UPSTREAM-Address
FSS-Cache
X-Wa
X-From-Cache
Lb
X-APP
X-Use-Magma
Mime-Version
Rt-Proxy-Cache
X-Via-NSCOPI
X-Gdpr
X-EC-Security-Audit
Cdn-Request-Time
X-Edge-Server
X-PAGE-TYPE
Cdn-Host
GeoIP-Latitude
GeoIP-Country-Code
X-Sentry-ID
Dont-Set-Cookie
X-Nananana
GeoIP-City
X-Gen-Id
X-Cache-Id
PageType
X-RTag
Ms-Operation-Id
X-Served-From
X-Bip
X-Unique-Id
X-Thanos
COMMERCE-SERVER-SOFTWARE
Memcached
X-CACHE-KEY
X-Check-Cacheable
X-Cookie
X-Cache-Info
X-WR-MODIFICATION
X-Proxy-Server
Is-Session-Tracking
X-Optimization
X-Cache-HT
X-Env
X-GDPR
X-Fastly-Backend-Reqs
X-Be
Get-Access-Time
DataCenter
X-Load-Cache
X-Dynatrace-Js-Agent
X-Fastly-Cache-Hits
Who
X-FORWARDED-FOR
Memory
X-Request-Start
X-MP-GENERATED-AT
X-B3-SpanId
X-HS-Status
Pics-Label
X-Cache-FS-Status
X-PJAX-URL
X-Ver
X-Swift-Error
Serverid
X-RateLimit-Reset
X-Ibm-Trace
GW-Server
X-Fe
UCS
X-Meta-Tbi-Cache-Vertical
Ws
Group
X-Cache-Ttl
V-Cache
X-GZIP
X-User
X-Wix-Petri-Ex
X-ServedByHost
X-CDN-Pop-IP
X-Shard
Httpd-Identifier
X-Dw-Trace-Id
URI
X-CDN-Pop
Cf-Ipcountry
Amp-Access-Control-Allow-Source-Origin
X-ID
Requestid
Powered-By
AGE-Hash
X-SVT-ORM-RULES
Xet-Cookie
X-SVT-ORM-VERSION
Cache-Hits
X-Bug-Bounty
NX-Cache
X-SB
X-VC
X-PF-Uncompressing
X-NGINX-Cache
X-Ratelimit-Remaining
X-StackifyID
Ohc-File-Size
Version
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Varnish-Info
CDN-Cache
CDN-Node
X-CacheKey
CDN-Cache-Hit
N-Cache
X-Path-Route
X-Cache-Debug
X-BBXSRF
Locale
Accept-Language
X-Content-Encoded-By
X-Li-Pop
X-Urbn-Context-Path
X-Urbn-Site-Id
X-LI-UUID
X-LI-Proto
X-Providence-Cookie
X-Li-Fabric
X-ServerName
X-Akamai-ERRuleID
X-P-T
X-Litespeed-Cache-Control
X-Is-Crawler
Https
X-Akamai-ERPolicy
X-Flags
X-Grace-Duration
X-Cache-Handler
X-RequestId
X-LiteSpeed-Cache-Control
X-Route-Name