Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
Last-Modified
Accept-Ranges
Pragma
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
Expect-CT
Via
X-Cache
X-XSS-Protection
Age
Access-Control-Allow-Origin
Content-Security-Policy
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Xss-Protection
X-Served-By
X-Amz-Cf-Id
X-Varnish
Referrer-Policy
X-Timer
CF-Cache-Status
X-FRAME-OPTIONS
Access-Control-Allow-Headers
X-AspNet-Version
X-Request-Id
Access-Control-Allow-Methods
X-Runtime
X-Download-Options
Access-Control-Allow-Credentials
X-Drupal-Cache
X-Cacheable
X-Request-ID
Alt-Svc
X-Generator
Content-Security-Policy-Report-Only
X-Check
X-AspNetMvc-Version
Status
X-Cache-Status
X-Adblock-Key
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Iinfo
X-Permitted-Cross-Domain-Policies
X-Template
Content-Encoding
X-Language
X-Content-Security-Policy
X-Turbo-Charged-By
X-CDN
X-Type
X-Buckets
Keep-Alive
Xkey
X-AH-Environment
X-Cache-Group
X-Backend
Access-Control-Max-Age
WPE-Backend
X-Pass-Why
X-Age
CF-Ray
X-POWERED-BY
Upgrade
X-Server
EagleId
Access-Control-Expose-Headers
X-Via
X-Nginx-Cache-Status
X-Server-Powered-By
X-Drupal-Dynamic-Cache
X-Pingback
X-Varnish-Cache
X-Amz-Request-Id
X-Amz-Id-2
X-Hacker
Grace
X-Swift-CacheTime
X-Swift-SaveTime
X-UA-Device
X-Robots-Tag
Ali-Swift-Global-Savetime
P3p
Cf-Railgun
X-LiteSpeed-Cache
X-Proxy-Cache
X-Envoy-Upstream-Service-Time
X-Ua-Compatible
X-Page-Speed
Request-Context
Content-Location
X-Device
X-Ac
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Cnection
X-Node
X-Amz-Version-Id
X-Host
X-Cache-Lookup
Surrogate-Control
X-Server-Id
X-WebKit-CSP
X-Backend-Server
X-Rq
X-Rack-Cache
X-Response-Time
X-Application-Context
X-Readtime
EagleEye-TraceId
X-CST
Server-Timing
X-Url
Pinterest-Generated-By
X-Cloud-Trace-Context
X-TTL
X-OneAgent-JS-Injection
Request-Id
X-Instart-Request-ID
Report-To
X-Country
X-Px
X-ORACLE-DMS-ECID
X-Clacks-Overhead
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Feature-Policy
Edge-Control
Rating
X-Country-Code
Allow
X-Dns-Prefetch-Control
X-DynaTrace-JS-Agent
X-DataDome
X-ESI
Charset
X-Powered-CMS
X-PC
X-TtlSet
X-Vname
X-Server-Name
X-FTR-Request-ID
X-Origin-Cache
X-DynaTrace
NEL
X-MS-InvokeApp
X-Cached
X-Goog-Hash
X-Recruiting
X-Vhost
X-Varnish-TTL
X-GitHub-Request-Id
X-VARITI-CCR
RTSS
Content-MD5
X-F-Cache
X-Version
X-ORACLE-DMS-RID
X-Kinja-Revision
X-Kinja
X-Kinja-Build
X-Kinja-Server
X-Exp-Id
X-Exp-Variant
X-Cdn-Fetch
X-Geo-Segment
X-GoogleNews-Bot
X-Powered-By-Plesk
Public-Key-Pins
Accept-CH
PB-PID
PB-RID
X-Mobile-Rewrite
Arc-Version
X-D2id
X-Mod-Pagespeed
X-Pinterest-Rid
X-Upstream-Env
Pinterest-Version
Verso
MS-Author-Via
X-Client-IP
SPRequestGuid
X-Abt-Application-Version
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-CF-Powered-By
X-Dispatcher
X-N
X-SharePointHealthScore
X-Amz-Rid
Accept-CH-Lifetime
X-Navigation-Version
Nginx-Cache
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
AR-ATIME
AR-PoweredBy
X-Dw-Request-Base-Id
X-Fastly-Request-ID
X-Trace
AR-CACHE
X-T
DynaTrace
Paypal-Debug-Id
X-Varnish-Age
X-Upstream
X-Hits
Arr-Disable-Session-Affinity
X-Grace
X-Forwarded-Proto
TCN
X-DIS-Request-ID
X-Origin-Upstream-Status
X-Id
X-Amz-Meta-S3cmd-Attrs
X-Ruxit-JS-Agent
X-Pad
SPIisLatency
SPRequestDuration
X-Shield-Request-Id
X-Content-Options
X-FastCGI-Cache
X-Content-Digest
X-NF-Request-ID
Realpath
AR-SID
X-Do-Not-Hack
Permitted-Cross-Domain-Policies
X-Server-ID
X-HeyJason
X-IPLB-Instance
X-Cache-Hit
X-Kinsta-Cache
Access-Control-Request-Method
X-Logged-In
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
X-Acc-Meta-Resource-Type
Mrf-Cache-Status
MRF-Tech
X-B
X-Goog-Stored-Content-Length
X-Goog-Generation
X-HW
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Vcap-Request-Id
X-SS-Set-Cookie
X-Debug
S
X-Ser
Service-Worker-Allowed
X-MSEdge-Ref
X-NewRelic-App-Data
X-Wix-Server-Artifact-Id
Server-Name
X-Frontend
X-Cache-Key
Tracecode
X-PressLabs-Stats
X-FTR-Realm
X-FTR-DC
X-FTR-Balancer
X-Country-Code-Real
X-FTR-Backend
X-FTR-Cache-Status
X-FTR-Backend-Server
X-XRDS-Location
X-Oneagent-Js-Injection
AMP-Access-Control-Allow-Source-Origin
X-FTR-Expires
X-Oracle-Dms-Rid
Rt-Fastcgi-Cache
Fastcgi-Cache
X-Forwarded-For
Surrogate-Key
Eomportal-Instance
Fastly-Restarts
Alternate-Protocol
Cleartype
X-Cache-Rule
X-GUploader-UploadID
Cache-Status
X-XRDS-LOCATION
Backend-Timing
X-Analytics
X-Srv
Host
TP-Cache
X-Revision
X-HS-Hub-Id
TP-L2-Cache
X-HS-Content-Id
X-Accel-Buffering
X-Rid
X-TA-CDN-Provider
Public-Key-Pins-Report-Only
X-Whom
X-User-Agent
FilterID
X-FTR-Cache-Host
X-Debug-Info
X-Akam-SW-Version
X-NWS-LOG-UUID
X-AOL-HN
ServerID
X-VCache
X-Varnish-Backend
X-RateLimit-Remaining
X-Cache-2
X-Webkit-CSP
X-Via-JSL
Front-End-Https
Accept-Charset
X-Cdn
X-Mobile
X-Content-Powered-By
X-Kinja-Server-Push
X-Request-Processing-Time
X-Request-Received
X-Zen-Fury
X-WPE-Loopback-Upstream-Addr
X-Cached-By
Viewport
X-Correlation-Id
X-Node-Name
X-App-Environment
X-LB-Cache
X-Magnolia-Registration
X-Content-Security-Policy-Report-Only
X-Tumblr-Pixel-0
X-Cluster
X-Varnish-Hostname
Host-Header
X-Tumblr-Pixel
X-Tumblr-User
X-Page-Id
X-B3-Traceid
X-Cache-Control
X-TT
X-Request-Guid
X-Device-Type
Liferay-Portal
X-Handled-By
X-Framework
X-Akamai-Edgescape
X-B3-Sampled
X-B-Cache
X-BCube-Filmed-By
X-Signature
X-Instance
Upgrade-Insecure-Requests
X-Platform-Server
X-FB-Debug
Cache-Tag
DC
X-Cache-Server
X-Hostname
X-Origin-Server
Server-Node
MicrosoftSharePointTeamServices
X-TT-TIMESTAMP
X-Ttl
X-Amzn-Trace-Id
Source
X-Middleton-Display
Retry-After
X-Sol
Display
X-Accel-Expires
X-WA-Info
X-Contextid
X-Servedby
X-Varnish-Server
X-APP-VERSION
HitType
X-Cache-Action
HitInfo
Server-Info
X-Distil-CS
X-Cache-Operation
X-Fastcgi-Cache
X-Seen-By
Content-Script-Type
X-Wix-Request-Id
Content-Style-Type
Webserver
X-Port
X-GeoIP
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-RequestSource
X-S
X-Amz-Replication-Status
User-Agent
X-WebKit-CSP-Report-Only
GEO-INFO
X-Status
X-Locale
X-Edge-Location
Actual-Object-TTL
X-Generated-By
X-FW-Static
X-FW-Server
X-FW-Type
X-UUID
Healthy
X-FW-Serve
X-FW-Hash
X-Region
X-Response-Served-From
X-Jobs
AsisCache
SRV
X-Geo-Country
X-Adobe-Content
X-Varnish-Hits
ServedBy
X-Edge-Cache-Key
X-Adobe-Loc
X-Drupal-Cache-Tags
X-Edge-Cache
X-TX-ID
X-Hyper-Cache
Refresh
X-Daa-Tunnel
X-ATG-Version
X-DataStream-Cache-Status
X-Yottaa-Optimizations
X-Iejgwucgyu
X-Yottaa-Metrics
X-Cache-Age
X-Esi
X-Cache-NE
X-Middleton-Response
X-Varnish-Grace
Response
X-Cache-TTL-Remaining
Filters
IBM-Web2-Location
S-Cnection
X-Amz-Server-Side-Encryption
Payment
X-Content-Type
NGB
X-Newrelic-App-Data
X-Activity-Id
X-Az
Datacenter
X-AppVersion
X-Pc-Key
X-Pc-Hit
X-Pc-Appver
X-CDN-Forward
X-Proxied
X-Cache-Remote
X-Cacheable-TTL
X-Cache-TTL
X-UA
X-App-Server
Country
Edge-Cache-Tag
X-HS-Cache-Config
X-Kong-Upstream-Latency
Served-By
X-Kong-Proxy-Latency
X-Sucuri-ID
X-Vg-Webcache
X-Mode
X-Varnish-IP
X-Akamai-Transformed
X-Detected-As
X-ProcessESI
X-Cache-Var-Map
X-Cache-Var
Machine
X-Is-Bot
X-HS-Combine-CSS
X-RN-RSRV
Load-Balancing
X-RemovedCookies
X-Rendered-As
Meta-Geo
X-Rule
X-Proxy
X-Ruxit-Js-Agent
X-Rocket-Nginx-Bypass
X-Unique-ID
X-FC-Vary-Parameters
Mn-Server-Ip
TWC-Locale-Group
TWC-Privacy
X-EIG-Tracking-Id
TWC-GeoIP-LatLong
TWC-GeoIP-Country
X-Hosted-By
X-Grey
X-Cache-Category-Id
X-BYPASS-REASON
Webcakes-App-Name
User-Cache-Control
Webcakes-App-Version
Webcakes-Region
X-BB-IP
X-Amz-Meta-Surrogate-Control
TWC-Device-Class
X-Human
X-Origin-Hint
X-Origin
X-PCL
DB-Nickname
Access-Control-Allow-Method
Cache-Name
X-ProxyCache-Key
Property-Id
X-Tb
X-Varnish-Cacheable
X-ServerID
X-OCL
X-ProxyCache-Status
TWC-Connection-Speed
X-Varnish-Cache-Hits
Backend
X-Loop
Azure-Version
X-Format
L5d-Success-Class
X-JoinUs
Azure-SlotName
Azure-SiteName
X-Section
X-Zipkin-Id
X-Routing-Service
Azure-InstanceId
Azure-RegionName
Now
S-Rt
X-CDN-Cache
X-Original-Request
X-Debug-Cache
X-Generated
X-Environment-Context
X-OVcl
X-Access
AR-Request-ID
ServerName
X-Hit
Cache
X-OVcl-Cache
X-Site-Version
X-L-Path
X-Upgrade-Enabled
X-TNCMS
X-NodeID
X-Viewer-Country
X-PERF
OT-Force-Account-Verify
X-IP
X-Proxy-Build
X-LJ-Flow-ID
X-Agile
X-TWH-CORRELATION-ID
X-Agile-Age
X-Ocache
X-Via-Fastly
X-VWS-Id
X-Cache-Config
X-AWS-Id
X-Agile-Id
X-Www-Served-By
X-ApacheServer
Cache-Key
Selected-FE
Access-Control-Request-Headers
X-SplitTest
X-Pubstack
X-HOST
X-NGENIX-Cache
X-Timing-Wait
X-CCM
X-Drupal-Cache-Contexts
X-Origin-CC
X-Backend-Name
X-URL
HostName
Fastcgi-X-Cache-Version
X-Mrs-Age
X-Mrs-Cache
Fastcgi-Useragent
X-App-Name
X-Mrs-Cache-Hits
Fastcgi-X-Cache
X-Xfnlog-Site
X-Mshield-Cache-Status
X-Upstream-HT
X-Nginx-Cache
X-Upstream-CT
X-Source
Powered-By-ChinaCache
X-Real-IP
X-Akamai-Request-ID
X-Pc-Host
X-Pc-Date
X-RateLimit-Limit
X-Correlation-ID
X-Storage
From-Origin
X-Vgn-Hpd-Reason
X-Litespeed-Cache
Pagespeed
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Forwarded-Host
Fastly-SSL
X-Feature
X-NCache
X-Time-Microsecs
X-Internal-Host
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
LB
X-NC
X-Distributor
X-M-Log
X-Qnm-Cache
X-Release
X-Ms-Request-Id
X-Ms-Version
X-Ms-Lease-Status
NtCoent-Length
X-Ms-Blob-Type
X-M-Reqid
X-Labrador-Cache-Channel
X-Birta-Cache-Post
X-Microcachable
X-UA-Device-Type
X-Birta-Served
X-VG-TLSProxy
X-EdgeConnect-Cache-Status
X-Webkit-Csp
XServer
X-Cache-Backend
Pagetype
X-B3-Spanid
X-Transaction
X-Twitter-Response-Tags
X-Connection-Hash
Time
X-SERVER-NAME
X-PHP-Backend
Frame-Options
X-Sucuri-Cache
X-Developer
X-Died
X-CS
Arc-Country
T-Server
BehaviorPad-Version
Cache-Prefix
V-Age
Viewtype
Ajk
AKAMAI
VivaBuild
Server-Int
Rendered-Blocks
IsBot
Fly-Cache
Fly-Request-Id
Ec-Rule-Version
MD5-Digest
NGX
Mobile-Detection-Method
Meta-Geo-Continent
Www
X-A
X-CF-Lambda-Fn
X-Cache-Bucket
X-BB-ID
X-B-Cookie
X-CF-Lambda-Version
X-CUA
X-Date
X-D
Cneonction
WZWS-RAY
X-Powered-By-ANYU
X-A-Dcw
X-A-Dam
X-A-Ccd
X-A-Dgt
X-A-Wwc
X-ARC
X-Application
X-Accel-Expires-Debug
X-Destination
X-Generation-Time
X-Rewrite-Enabled
X-Request-UUID
X-Rojux
X-S-Cookie
X-ScT
X-Region-Sid
X-PAYTM-SRV-ID
X-Logtrace-Id
X-No-Session
X-NU-AKA-ACS-Version
X-Org
X-Server-By
X-Server-Time
X-Via-Edge
X-Via-SSL
X-WebServer
Xc-Version
X-Via-CDN
X-VG-WebServer
X-SIPLIST1
X-SRCache-Key
X-Trv-Group
X-UE-Client-Country
X-Irp-Debug
X-Redis-Cache
X-Generated-In
X-Dispatcher-Server
X-C
X-G
X-From
X-IN-APIGATEWAY
X-DPWN-IS-SECURE
X-IN-WAF
X-IN-SSL-APIGATEWAY
X-Instance-Name
X-FireWall-Port
ViewerVersion
X-Web-Node
X-GZip
X-NWS-UUID-VERIFY
X-App-Version
X-Fastly-Cache
X-VCT
Origin-Edge-Control
Release
Pragrma
X-External-Request-Id
SN
X-F5-Cache
HA-Georegion
HA-Geolat
HA-Geolon
X-VServer
Host-ID
X-Wikidot-Static-Cache
HA-Urlpath
HA-Servedtime
HA-Ipaddr
Ha-Gx-Prefs
Magicmarker
X-Wikidot-Backend
X-Eu-Site
NodeID
HA-Host
X-We-Are-Hiring
X-Varnish-Action
Origin-Cache-Control
X-Gen-Mode
X-Cache-Enabled
X-Hnp-Log
X-Origin-TTL
X-Owner
X-Block-Status
X-Phone
X-NX-Host
X-Node-Id
X-Layer
X-Key
X-Crawler
X-Core-Value
X-CGP
X-Platform
X-RateLimit-Limit-Second
HA-Geocountry
X-GeoIP-City
X-Store
Web-Mar-Node
X-UnsetCookies
X-Hash
X-S-Maxage
X-Debug-Cookies
X-RateLimit-Remaining-Second
X-Debug-Log
X-Amz-Meta-Cache-Control
X-Hl-Ver
X-Var-Ttl
Server-Host
Country-Code
Backend-Name
MIME-Version
X-Request-Time
X-Cluster-Node
HA-Geocity
GMS-Ver
HA-Cloudapp
X-Webstats-RespID
X-V
X-Cache-Srv
X-Cdn-Origin
X-Cache-URL
X-Up
X-Tumblr-Pixel-3
X-Croise-Owner
X-Clientip
X-Variation
X-TT-LOGID
X-Trace-Id
X-Cdn-Srv
X-Backend-Url
X-ShopId
X-ShardId
X-Shopify-Stage
X-Sorting-Hat-PodId
Adler-Geo
X-Sorting-Hat-ShopId
X-Actual-URL
X-Alternate-Cache-Key
X-Thinkindot-L3
X-Cache-CFC
X-Backend-TTL
X-Backend-State
X-Backend-Host
X-Cache-Host
X-Developers
X-MI-In-Market
X-MSEdge-Features
X-Response-By
X-Matched-Rule
X-Returned-From
X-Location
X-MSEdge-Flight
X-Request-URI
X-Passed-To-DLL
X-Passed-To-PostProcessResponse
X-Passed-To-BeforeDispatch
X-Passed-To
X-Reboot
X-RCS-CacheZone
X-Returned-From-BeforeDispatch
X-Returned-From-DLL
X-Epic-Correlation-Id
X-Fetched-On
X-Sf
X-Sn-Servicetimems
X-Stale
Powered
X-FW-Version
X-Server-IP
X-HTML-Minification-Powered-By
X-Returned-From-PostProcessResponse
X-GeoIP-Country-Code
X-Secret
X-Gannett-Site-Version
X-Swa-Ws
X-Cache-Expires
CDCHOST
MI-Cache
MI-Cache-Age
Proxy-Connection
Esi-Enabled
Thinkindot-CacheControl
Kp-EeAlive
Section-Io-Cache
REQUESTUUID
Request-Country
Platform
Request-EU
Origin
Countrycode
Odigeo-Trace-Id
Thinkindot-CacheControl-Type
MI-API
Thinkindot-Control
X-Policy
Apple-News-Services-Host
Heartbleed
Apple-News-Services-Handled
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Uber-Trace-Id
Is-Eu
X-Worker
X-Rebelmouse-Cache-Control
X-ServiceProvider
X-ElasticPress-Search
Fastly-SWR
ProcessTime
Fastly-Backend-Name
X-Device-Os
X-Servername
PFcat
On-Server
X-Dc
Decoy-Debug-Key
PageSpeed
Fastly-SIE
Decoy-Debug-Status
Decoy-Debug-TTL
X-Fstrz
X-Rebelmouse-Surrogate-Control
HTTPS
X-Nginx-Cache-Key
Content-Disposition
X-Content-Age
True-Client-Country-4JS
X-Ckpd-Fst-Backend
Resin-Trace
X-Alicdn-Da-Ups-Status
Request-Time
RNT-Machine
X-Core-Mission
Server-ID
RNT-Time
Cache-Tags
X-Varnish-Beresp-Ttl
Xserver
X-Real-Ip
X-CACHE-AGE
X-Ezoic-Cdn
CACHE
X-Skip-Cache
Sid
X-Ua
Warning
Cache-Cookie-Set-Lfrom
X-Pf-Uncompressing
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
RequestId
X-Endurance-Cache-Level
X-TIME
Cteonnt-Length
X-Csrf-Token
X-Proto
X-Req
X-Oss-Request-Id
X-Oss-Hash-Crc64ecma
WP-Super-Cache
X-Oss-Object-Type
X-Oss-Server-Time
X-Oss-Storage-Class
X-GEO
X-Refresh
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
We-Hiring
CF-IPCountry
X-Surge-Debug
X-Planisys-CDN-TTL
Mail-Subject
X-Guploader-Uploadid
X-Nc
X-Newrelic-Synthetics
X-Servedbyhost
X-B3-TraceId
X-Pjax-Url
Ar-Sid
CDN
X-Cache-ASPX
Dnion-Transfer-Encoding
X-Aed
X-CSRF-Token
X-Varnish-Ttl
X-GoCache-CacheStatus
X-Varnish-Beresp-TTL
Pramga
X-Atg-Version
X-CLOUD-TRACE-CONTEXT
Hostname
TSSecure
X-Time
X-COUNTRY
Geoip-Latitude
GeoIp-Country-Code
X-Edge-IP
X-Server-W
X-Page-Type
X-Ms-Lease-State
NODE
NnCoection
X-DC
X-Oracle-Dms-Ecid
X-DataStream-MidMile-RTT
X-Hello
X-DataStream-Origin-MEX-Latency
X-Origin-Date
X-ABtesting
X-Geo
X-Flog
X-Origin-Expires
X-Ratelimit-Limit
X-Cdn-Forward
Cdn
X-Amz-Cf-Pop
X-Varnish-Url
A
X-Cache-Control-Set-By
X-Varnish-HitMiss
X-Aicache-OS
X-WA
X-HCF
SD-X-WS
Lfy
X-Auto-Login
X-Datadome
X-GRACE
MS-CV
X-Dynatrace-Js-Agent
Mime-Version
FSS-Cache
FSS-Proxy
X-Akamai-Request-ID2
WWW-Authenticate
X-Server-Group
Geoip-City
X-Unique-Id
Node
Processtime
PICS-Label
X-Varnish-URL
X-Via-NSCOPI
X-Wa
Rt-Proxy-Cache
X-UPSTREAM-Address
X-Wix-Route-ID
X-Sentry-ID
PageType
X-Use-Magma
X-From-Cache
X-Cache-Id
X-APP
X-PAGE-TYPE
X-Check-Cacheable
X-EC-Security-Audit
X-Nananana
X-NODE
Cdn-Request-Time
Cdn-Host
Memcached
GeoIP-Latitude
GeoIP-City
X-Gdpr
X-SRV
GeoIP-Country-Code
X-Thanos
X-Bip
X-Edge-Server
X-Cache-Info
Lb
X-Served-From
X-Gen-Id
X-CACHE-KEY
Ms-Operation-Id
X-Cookie
Dont-Set-Cookie
X-RTag
X-Be
X-MP-GENERATED-AT
COMMERCE-SERVER-SOFTWARE
X-GDPR
X-Proxy-Server
X-Fastly-Backend-Reqs
X-Request-Start
X-Load-Cache
X-WR-MODIFICATION
DataCenter
X-Fastly-Cache-Hits
Is-Session-Tracking
X-FORWARDED-FOR
X-Cache-HT
Get-Access-Time
X-Optimization
Memory
X-Env
X-Swift-Error
X-PJAX-URL
Pics-Label
GW-Server
UCS
Who
X-HS-Status
X-Ratelimit-Remaining
X-ServedByHost
Cf-Ipcountry
X-B3-SpanId
X-Cache-FS-Status
X-Cache-Ttl
X-RateLimit-Reset
V-Cache
X-Ver
Group
X-User
X-Ibm-Trace
URI
X-Meta-Tbi-Cache-Vertical
X-CDN-Pop
X-Dw-Trace-Id
X-Fe
Ws
X-CDN-Pop-IP
Cache-Hits
Amp-Access-Control-Allow-Source-Origin
X-ID
NX-Cache
X-GZIP
Requestid
X-Goog-Meta-Goog-Reserved-File-Mtime
Xet-Cookie
X-Bug-Bounty
Httpd-Identifier
AGE-Hash
X-VC
X-Vcache
X-Shard
X-PF-Uncompressing
X-SB
Accept-Language
X-NGINX-Cache
Serverid
Locale
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-BBXSRF
X-VG-WebCache
X-Content-Encoded-By
X-Urbn-Context-Path
X-Urbn-Site-Id
X-LI-UUID
X-LI-Proto
X-Li-Fabric
X-Li-Pop
X-Cache-Debug
X-Wix-Petri-Ex
Powered-By
N-Cache
CDN-Cache-Hit
CDN-Cache
X-CacheKey
CDN-Node
X-Varnish-Info
SID
X-Info
X-Flags
X-Grace-Duration
X-Litespeed-Cache-Control
X-Is-Crawler
Ohc-File-Size
X-Route-Name
Https
X-ServerName
X-Cache-Handler
X-Akamai-ERPolicy
X-Akamai-ERRuleID
Version
X-Providence-Cookie
X-StackifyID
X-RequestId