Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
Last-Modified
Accept-Ranges
Pragma
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
Expect-CT
Via
X-XSS-Protection
X-Cache
Age
Access-Control-Allow-Origin
Content-Security-Policy
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Served-By
X-Amz-Cf-Id
X-Varnish
Referrer-Policy
X-Xss-Protection
X-Timer
CF-Cache-Status
X-FRAME-OPTIONS
Access-Control-Allow-Headers
X-AspNet-Version
X-Request-Id
Access-Control-Allow-Methods
X-Runtime
X-Download-Options
Access-Control-Allow-Credentials
X-Drupal-Cache
X-Cacheable
Alt-Svc
X-Request-ID
X-Generator
Content-Security-Policy-Report-Only
X-Check
X-AspNetMvc-Version
Status
X-Adblock-Key
X-Cache-Status
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Permitted-Cross-Domain-Policies
X-Iinfo
X-Template
X-Language
Content-Encoding
X-Content-Security-Policy
X-Turbo-Charged-By
X-CDN
X-Type
X-Buckets
Keep-Alive
Xkey
X-AH-Environment
X-Cache-Group
X-Backend
WPE-Backend
X-Pass-Why
Access-Control-Max-Age
X-Age
Upgrade
CF-Ray
X-Server
X-POWERED-BY
EagleId
Access-Control-Expose-Headers
X-Via
X-Nginx-Cache-Status
X-Server-Powered-By
X-Drupal-Dynamic-Cache
X-Pingback
X-Varnish-Cache
X-Amz-Request-Id
X-Amz-Id-2
X-Hacker
Grace
X-UA-Device
X-Swift-SaveTime
X-Swift-CacheTime
X-Robots-Tag
Ali-Swift-Global-Savetime
P3p
Cf-Railgun
X-LiteSpeed-Cache
X-Proxy-Cache
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Ua-Compatible
Request-Context
X-Device
Content-Location
X-Ac
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Cnection
X-Amz-Version-Id
X-Node
X-Host
X-Server-Id
X-Cache-Lookup
Surrogate-Control
X-WebKit-CSP
X-Backend-Server
X-Rq
X-Rack-Cache
X-Response-Time
X-Readtime
X-Application-Context
EagleEye-TraceId
Server-Timing
X-CST
X-OneAgent-JS-Injection
X-Cloud-Trace-Context
Pinterest-Generated-By
X-Url
X-TTL
Request-Id
Report-To
X-Instart-Request-ID
X-ORACLE-DMS-ECID
X-Px
X-Country
X-Clacks-Overhead
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Feature-Policy
Edge-Control
X-Country-Code
Rating
Allow
X-DynaTrace-JS-Agent
X-DataDome
X-Powered-CMS
X-PC
X-Vname
X-TtlSet
X-Dns-Prefetch-Control
Charset
X-FTR-Request-ID
X-Origin-Cache
X-ESI
X-DynaTrace
NEL
X-Server-Name
X-MS-InvokeApp
X-Cached
X-Goog-Hash
X-Vhost
X-Recruiting
X-Varnish-TTL
X-GitHub-Request-Id
X-VARITI-CCR
RTSS
Content-MD5
X-F-Cache
X-Version
X-Exp-Variant
X-Geo-Segment
X-Kinja
X-GoogleNews-Bot
X-Exp-Id
X-Cdn-Fetch
X-Kinja-Server
X-Kinja-Build
X-Kinja-Revision
X-Powered-By-Plesk
X-ORACLE-DMS-RID
Accept-CH
Public-Key-Pins
PB-PID
PB-RID
X-Mobile-Rewrite
Arc-Version
X-D2id
X-Mod-Pagespeed
Verso
MS-Author-Via
Pinterest-Version
X-Pinterest-Rid
X-Client-IP
X-Upstream-Env
X-Abt-Application-Version
SPRequestGuid
X-Dispatcher
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-N
X-CF-Powered-By
X-SharePointHealthScore
X-Amz-Rid
Nginx-Cache
Accept-CH-Lifetime
X-Navigation-Version
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Dw-Request-Base-Id
X-Ruxit-JS-Agent
X-Fastly-Request-ID
X-Trace
Paypal-Debug-Id
DynaTrace
AR-PoweredBy
X-T
AR-ATIME
X-Forwarded-Proto
X-Grace
X-Origin-Upstream-Status
X-Hits
X-Upstream
AR-CACHE
X-Varnish-Age
X-DIS-Request-ID
Arr-Disable-Session-Affinity
TCN
X-Amz-Meta-S3cmd-Attrs
SPIisLatency
SPRequestDuration
X-Id
X-Pad
X-Shield-Request-Id
X-Content-Options
X-Content-Digest
Realpath
X-Cdn
X-NF-Request-ID
X-Kinsta-Cache
Access-Control-Request-Method
MRF-Tech
Mrf-Cache-Status
X-IPLB-Instance
X-FastCGI-Cache
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
X-Cache-Hit
X-Acc-Meta-Resource-Type
X-HW
X-B
X-Logged-In
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-Server-ID
X-Goog-Generation
X-Vcap-Request-Id
X-SS-Set-Cookie
X-Debug
AR-SID
X-Wix-Server-Artifact-Id
S
Service-Worker-Allowed
X-Ser
X-Oracle-Dms-Rid
X-XRDS-Location
X-MSEdge-Ref
Permitted-Cross-Domain-Policies
X-Do-Not-Hack
X-HeyJason
X-Cache-Key
Server-Name
Tracecode
X-NewRelic-App-Data
X-PressLabs-Stats
X-FTR-Balancer
X-Country-Code-Real
X-FTR-Realm
X-FTR-DC
X-Frontend
X-FTR-Backend-Server
X-FTR-Cache-Status
X-FTR-Backend
AMP-Access-Control-Allow-Source-Origin
X-FTR-Expires
Rt-Fastcgi-Cache
Fastly-Restarts
Surrogate-Key
Fastcgi-Cache
X-Accel-Buffering
X-Forwarded-For
Alternate-Protocol
Eomportal-Instance
X-Cache-Rule
Cleartype
Backend-Timing
X-Analytics
Cache-Status
X-HS-Hub-Id
X-HS-Content-Id
Host
TP-L2-Cache
TP-Cache
X-Rid
Public-Key-Pins-Report-Only
X-Revision
X-GUploader-UploadID
X-Whom
FilterID
X-XRDS-LOCATION
X-FTR-Cache-Host
X-Oneagent-Js-Injection
X-User-Agent
X-Debug-Info
X-Srv
X-RateLimit-Remaining
X-Akam-SW-Version
ServerID
X-TA-CDN-Provider
Front-End-Https
X-AOL-HN
X-Varnish-Backend
X-VCache
X-Cache-2
X-Mobile
Accept-Charset
X-NWS-LOG-UUID
X-Via-JSL
X-Webkit-CSP
X-Request-Received
X-Request-Processing-Time
X-Content-Powered-By
X-Zen-Fury
X-Kinja-Server-Push
X-Cached-By
X-WPE-Loopback-Upstream-Addr
Viewport
X-Ttl
X-App-Environment
X-Node-Name
X-LB-Cache
X-Correlation-Id
Host-Header
X-Magnolia-Registration
X-Cluster
X-Varnish-Hostname
X-Page-Id
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Tumblr-User
Liferay-Portal
X-Akamai-Edgescape
X-Request-Guid
X-Cache-Control
X-TT
X-Handled-By
X-Framework
X-Device-Type
X-Platform-Server
X-Signature
Upgrade-Insecure-Requests
X-BCube-Filmed-By
X-Content-Security-Policy-Report-Only
X-FB-Debug
X-B-Cache
X-B3-Sampled
DC
X-Instance
Cache-Tag
X-B3-Traceid
X-Iejgwucgyu
X-Cache-Server
Display
X-Middleton-Display
X-Sol
X-Hostname
X-Origin-Server
Server-Node
MicrosoftSharePointTeamServices
X-Amzn-Trace-Id
X-TT-TIMESTAMP
X-Accel-Expires
Source
Retry-After
X-WA-Info
X-Varnish-Server
X-Fastcgi-Cache
X-Contextid
X-Servedby
HitType
X-Distil-CS
Server-Info
X-APP-VERSION
HitInfo
X-Cache-Action
X-Cache-Operation
X-Esi
X-Seen-By
X-Wix-Request-Id
Content-Style-Type
Content-Script-Type
User-Agent
Webserver
X-Amz-Replication-Status
X-S
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-RequestSource
X-WebKit-CSP-Report-Only
Actual-Object-TTL
X-Jobs
X-Locale
X-Status
GEO-INFO
X-Edge-Location
X-GeoIP
AsisCache
X-Edge-Cache-Key
X-FW-Server
X-FW-Hash
X-UUID
X-FW-Static
SRV
X-FW-Type
X-Response-Served-From
X-Port
X-Region
X-Edge-Cache
X-FW-Serve
X-TX-ID
X-Generated-By
ServedBy
X-Varnish-Hits
X-Adobe-Content
X-Adobe-Loc
X-Drupal-Cache-Tags
X-ATG-Version
Healthy
Refresh
X-Newrelic-App-Data
Response
X-Middleton-Response
X-Geo-Country
X-Hyper-Cache
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Cache-NE
X-DataStream-Cache-Status
X-Cache-TTL-Remaining
Payment
X-Daa-Tunnel
S-Cnection
IBM-Web2-Location
X-Varnish-Grace
X-Cache-Age
X-Content-Type
Filters
X-Amz-Server-Side-Encryption
X-URL
NGB
X-AppVersion
X-Activity-Id
X-Az
X-CDN-Forward
X-Cache-Remote
Datacenter
Country
X-Pc-Appver
X-Pc-Hit
X-Pc-Key
X-HS-Cache-Config
Edge-Cache-Tag
X-Webkit-Csp
X-UA
X-Proxied
X-Cache-TTL
X-Cacheable-TTL
Served-By
X-Vg-Webcache
X-App-Server
X-Varnish-IP
X-Sucuri-ID
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-HS-Combine-CSS
X-Mode
X-Akamai-Transformed
Pagespeed
Meta-Geo
X-Rendered-As
X-ProcessESI
X-Cache-Var-Map
Load-Balancing
Machine
X-Rule
X-RN-RSRV
X-Detected-As
X-Is-Bot
X-RemovedCookies
X-Cache-Var
Powered-By-ChinaCache
X-Proxy
X-FC-Vary-Parameters
HostName
X-Rocket-Nginx-Bypass
X-Mrs-Cache-Hits
TWC-Connection-Speed
X-Mshield-Cache-Status
User-Cache-Control
X-Varnish-Cache-Hits
TWC-Device-Class
X-Mrs-Cache
X-Mrs-Age
Webcakes-App-Name
TWC-Locale-Group
TWC-GeoIP-LatLong
TWC-GeoIP-Country
X-Cache-Category-Id
TWC-Privacy
Mn-Server-Ip
Access-Control-Allow-Method
X-OCL
X-Origin
X-Origin-Hint
Webcakes-App-Version
X-Human
X-Hosted-By
X-ProxyCache-Status
X-BYPASS-REASON
X-Grey
Cache-Name
Backend
X-PCL
X-ProxyCache-Key
X-Tb
X-ServerID
Webcakes-Region
X-Varnish-Cacheable
Property-Id
X-Amz-Meta-Surrogate-Control
DB-Nickname
Azure-InstanceId
Azure-RegionName
L5d-Success-Class
Now
Azure-SiteName
Azure-Version
X-TNCMS
X-BB-IP
X-JoinUs
X-Loop
X-NodeID
X-Hit
X-Generated
X-CDN-Cache
X-Debug-Cache
X-EIG-Tracking-Id
X-Format
X-Original-Request
X-OVcl
X-Site-Version
X-Section
X-Routing-Service
ServerName
X-Upgrade-Enabled
X-Access
X-OVcl-Cache
OT-Force-Account-Verify
X-Zipkin-Id
S-Rt
Azure-SlotName
X-Cache-Config
X-Unique-ID
X-PERF
X-AWS-Id
X-Proxy-Build
Cache-Key
Fastcgi-Useragent
Fastcgi-X-Cache
X-L-Path
X-IP
X-LJ-Flow-ID
X-NGENIX-Cache
Fastcgi-X-Cache-Version
X-Environment-Context
X-Pubstack
X-ApacheServer
X-Www-Served-By
Selected-FE
X-Agile-Id
X-Agile
X-Agile-Age
X-SplitTest
X-VWS-Id
Access-Control-Request-Headers
X-Via-Fastly
X-App-Name
X-Timing-Wait
X-Viewer-Country
X-TWH-CORRELATION-ID
X-Drupal-Cache-Contexts
X-CCM
X-Origin-CC
X-Ocache
X-Upstream-HT
X-Upstream-CT
X-Source
X-Correlation-ID
X-Backend-Name
X-HOST
X-Nginx-Cache
X-Xfnlog-Site
AR-Request-ID
From-Origin
X-RateLimit-Limit
X-Amz-Apigw-Id
X-Akamai-Request-ID
Cache
X-Amzn-RequestId
X-Pc-Date
X-Pc-Host
X-Storage
X-Forwarded-Host
X-Vgn-Hpd-Reason
X-Litespeed-Cache
Fastly-SSL
X-Ruxit-Js-Agent
X-Real-IP
LB
NtCoent-Length
X-SERVER-NAME
X-Ms-Blob-Type
X-Varnish-Beresp-Status
X-Feature
X-Qnm-Cache
X-M-Reqid
X-Ms-Lease-Status
X-Ms-Version
X-M-Log
X-NCache
X-Time-Microsecs
X-Ms-Request-Id
X-Varnish-Beresp-Grace
X-Birta-Served
X-Birta-Cache-Post
X-Internal-Host
X-Labrador-Cache-Channel
X-Release
X-Distributor
X-VG-TLSProxy
X-NC
X-Microcachable
X-EdgeConnect-Cache-Status
ViewerVersion
X-B3-Spanid
X-App-Version
X-UA-Device-Type
Time
XServer
X-Twitter-Response-Tags
X-Cluster-Node
X-Transaction
Pagetype
X-Cache-Backend
X-Connection-Hash
X-Powered-By-ANYU
WZWS-RAY
CACHE
X-Trv-Group
Fly-Request-Id
Rendered-Blocks
NGX
X-UE-Client-Country
Meta-Geo-Continent
X-SRCache-Key
MD5-Digest
IsBot
Mobile-Detection-Method
X-WebServer
AKAMAI
Xc-Version
Server-Int
Ajk
X-Cache-Enabled
X-Sucuri-Cache
X-Request-Time
Arc-Country
BehaviorPad-Version
Cache-Prefix
Ec-Rule-Version
X-VG-WebServer
X-Via-CDN
X-Via-SSL
X-Via-Edge
Fly-Cache
X-A-Dam
X-No-Session
X-NU-AKA-ACS-Version
X-D
X-Date
X-Logtrace-Id
X-CUA
X-CF-Lambda-Version
X-B-Cookie
X-BB-ID
X-Cache-Bucket
X-CF-Lambda-Fn
X-Destination
X-Developer
X-IN-APIGATEWAY
X-Generation-Time
X-From
X-G
X-IN-SSL-APIGATEWAY
X-IN-WAF
X-Died
X-Dispatcher-Server
X-DPWN-IS-SECURE
X-Irp-Debug
X-ARC
X-Application
X-ScT
X-S-Cookie
X-A
X-A-Ccd
VivaBuild
X-Server-By
X-SIPLIST1
V-Age
Viewtype
X-Server-Time
X-Generated-In
X-A-Dcw
X-Region-Sid
X-Redis-Cache
X-PAYTM-SRV-ID
X-Org
X-Request-UUID
X-Accel-Expires-Debug
X-Rojux
X-A-Dgt
X-A-Wwc
X-Rewrite-Enabled
T-Server
Www
Cneonction
Frame-Options
X-Real-Ip
X-FireWall-Port
X-C
X-Amz-Meta-Cache-Control
Server-Host
Web-Mar-Node
X-Instance-Name
SN
X-GZip
X-Crawler
X-CS
X-Core-Value
X-CGP
X-Block-Status
X-Cache-CFC
Pragrma
Origin-Cache-Control
HA-Georegion
Ha-Gx-Prefs
HA-Geolon
HA-Geolat
HA-Geocountry
HA-Host
HA-Ipaddr
NodeID
Origin-Edge-Control
Magicmarker
HA-Urlpath
HA-Servedtime
Powered
X-External-Request-Id
X-Store
X-UnsetCookies
X-S-Maxage
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Varnish-Action
X-VServer
X-Wikidot-Static-Cache
REQUESTUUID
X-Wikidot-Backend
X-Web-Node
X-We-Are-Hiring
X-Policy
X-Platform
X-Hash
X-Hl-Ver
X-Gen-Mode
X-Fastly-Cache
HA-Geocity
X-Hnp-Log
X-Key
X-Owner
X-Phone
X-Origin-TTL
X-Node-Id
X-Layer
X-Eu-Site
X-F5-Cache
Backend-Name
Country-Code
HA-Cloudapp
GMS-Ver
X-Sorting-Hat-PodId
X-NWS-UUID-VERIFY
X-Shopify-Stage
X-Sorting-Hat-ShopId
X-Webstats-RespID
X-ShopId
X-ShardId
X-Alternate-Cache-Key
X-Debug-Cookies
X-Developers
X-Tumblr-Pixel-3
X-Debug-Log
X-Swa-Ws
Apple-News-Services-Handled
X-TT-LOGID
Apple-News-Services-Parsed-Url
X-Epic-Correlation-Id
X-Thinkindot-L3
Apple-News-Services-Host
Apple-News-Services-Request-Url
X-Cache-Srv
CDCHOST
X-Cache-Expires
X-Backend-Url
X-Backend-TTL
X-Backend-Host
X-Backend-State
X-VCT
X-Variation
X-Core-Mission
X-Up
X-Clientip
X-Cache-URL
X-Var-Ttl
X-Fetched-On
X-Croise-Owner
X-Sf
X-Returned-From-BeforeDispatch
X-Returned-From
X-Returned-From-DLL
MIME-Version
X-NX-Host
X-Returned-From-PostProcessResponse
X-Response-By
X-Passed-To
X-Reboot
X-Request-URI
X-RCS-CacheZone
X-Passed-To-PostProcessResponse
X-Passed-To-BeforeDispatch
X-Passed-To-DLL
X-Nginx-Cache-Key
X-MSEdge-Flight
X-Actual-URL
Adler-Geo
X-GeoIP-Country-Code
X-GeoIP-City
X-FW-Version
X-Gannett-Site-Version
X-HTML-Minification-Powered-By
X-Server-IP
X-MI-In-Market
X-MSEdge-Features
X-Matched-Rule
X-Location
X-Secret
ProcessTime
X-Stale
X-Cdn-Srv
Request-EU
Request-Country
Proxy-Connection
Section-Io-Cache
Countrycode
Thinkindot-Control
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
Platform
X-V
MI-API
Is-Eu
Heartbleed
MI-Cache
MI-Cache-Age
Esi-Enabled
Origin
Odigeo-Trace-Id
Uber-Trace-Id
Release
Ar-Sid
X-CACHE-AGE
Xserver
Decoy-Debug-Key
X-Device-Os
Decoy-Debug-TTL
X-ServiceProvider
X-Servername
Decoy-Debug-Status
Server-ID
X-Trace-Id
X-Sn-Servicetimems
X-Worker
X-Fstrz
Resin-Trace
RNT-Machine
X-PHP-Backend
X-ElasticPress-Search
RNT-Time
X-Endurance-Cache-Level
Content-Disposition
X-Ezoic-Cdn
HTTPS
Kp-EeAlive
X-Cdn-Origin
X-COUNTRY
True-Client-Country-4JS
Cache-Tags
X-Ckpd-Fst-Backend
Host-ID
Warning
Fastly-Backend-Name
X-Cache-Host
X-Varnish-Beresp-Ttl
X-Content-Age
On-Server
X-Skip-Cache
Fastly-SIE
X-Alicdn-Da-Ups-Status
Fastly-SWR
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-TIME
Cache-Cookie-Set-Lfrom
X-Dc
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
X-Newrelic-Synthetics
X-Guploader-Uploadid
PFcat
Sid
X-Pf-Uncompressing
Request-Time
RequestId
X-Csrf-Token
X-Ua
X-B3-TraceId
X-Proto
X-Req
X-Surge-Debug
PageSpeed
X-Nc
Cteonnt-Length
We-Hiring
CF-IPCountry
Mail-Subject
X-Refresh
X-Aed
X-GEO
X-Oss-Storage-Class
WP-Super-Cache
X-Planisys-CDN-TTL
X-Oss-Server-Time
X-Servedbyhost
X-Planisys-CDN-Cache
X-Oss-Hash-Crc64ecma
X-Oss-Request-Id
X-Pjax-Url
X-Planisys-CDN-Rules
CDN
X-Oss-Object-Type
Pramga
TSSecure
X-Edge-IP
X-Varnish-Ttl
X-Geo
X-CSRF-Token
X-Cache-ASPX
X-Varnish-Beresp-TTL
Geoip-Latitude
X-Ms-Lease-State
GeoIp-Country-Code
Dnion-Transfer-Encoding
X-DC
X-Ratelimit-Limit
X-CLOUD-TRACE-CONTEXT
X-Atg-Version
X-GoCache-CacheStatus
X-Amz-Cf-Pop
X-Page-Type
X-Server-W
X-Time
X-Hello
X-Varnish-Url
X-Flog
X-ABtesting
Cdn
X-Oracle-Dms-Ecid
Hostname
X-Aicache-OS
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
X-Auto-Login
NODE
X-Cdn-Forward
NnCoection
MS-CV
Lfy
FSS-Cache
Mime-Version
X-WA
X-Akamai-Request-ID2
X-Origin-Date
X-Origin-Expires
A
FSS-Proxy
X-Varnish-HitMiss
X-HCF
X-Cache-Control-Set-By
X-Dynatrace-Js-Agent
X-Datadome
X-Unique-Id
X-GRACE
X-Via-NSCOPI
X-Sentry-ID
Rt-Proxy-Cache
SD-X-WS
WWW-Authenticate
X-APP
Node
X-Wa
X-EC-Security-Audit
X-Server-Group
PageType
X-SRV
Geoip-City
X-UPSTREAM-Address
X-Cache-Id
X-Bip
X-Served-From
X-Thanos
Memcached
X-Check-Cacheable
X-MP-GENERATED-AT
X-Use-Magma
X-Cache-Info
X-Be
PICS-Label
X-PAGE-TYPE
X-Wix-Route-ID
X-Varnish-URL
Processtime
X-NODE
GeoIP-City
X-Proxy-Server
X-Request-Start
X-From-Cache
X-FORWARDED-FOR
GeoIP-Country-Code
GeoIP-Latitude
X-Nananana
DataCenter
X-Edge-Server
Memory
X-Gdpr
X-CACHE-KEY
X-Gen-Id
Cdn-Host
Cdn-Request-Time
X-Cookie
Ms-Operation-Id
X-RTag
X-Fastly-Backend-Reqs
X-GDPR
Lb
UCS
GW-Server
X-Load-Cache
X-WR-MODIFICATION
Dont-Set-Cookie
X-ServedByHost
COMMERCE-SERVER-SOFTWARE
X-Fastly-Cache-Hits
X-PJAX-URL
X-HS-Status
X-User
X-Optimization
X-Cache-HT
Is-Session-Tracking
Get-Access-Time
X-Swift-Error
Pics-Label
X-Ratelimit-Remaining
X-Env
Cache-Hits
Cf-Ipcountry
Who
X-RateLimit-Reset
Accept-Language
Group
V-Cache
X-Goog-Meta-Goog-Reserved-File-Mtime
X-B3-SpanId
X-Cache-Ttl
X-LI-Proto
Locale
X-Urbn-Context-Path
X-Fe
X-Li-Pop
X-Dw-Trace-Id
X-Cache-Debug
X-Ver
X-Li-Fabric
X-CDN-Pop-IP
X-Urbn-Site-Id
X-LI-UUID
X-CDN-Pop
X-Cache-FS-Status
X-BBXSRF
Amp-Access-Control-Allow-Source-Origin
X-ID
X-Content-Encoded-By
X-Info
NX-Cache
X-Ibm-Trace
AGE-Hash
Requestid
URI
X-Bug-Bounty
X-VC
X-SB
X-Path-Route
Ws
X-Vcache
X-Meta-Tbi-Cache-Vertical
X-PF-Uncompressing
Xet-Cookie
X-GZIP
X-NGINX-Cache
Serverid
X-VG-WebCache
Httpd-Identifier
X-Shard
Fastly-Soc-X-Request-Id
X-Varnish-Info
N-Cache
CDN-Cache-Hit
CDN-Node
CDN-Cache
X-Qloud-Router
X-CacheKey
SS
X-Serial
Https
Powered-By
X-Akamai-ERRuleID
X-Grace-Duration
SID
X-SVT-ORM-RULES
X-Is-Crawler
X-RequestId
X-Litespeed-Cache-Control
X-Flags
X-Providence-Cookie
X-Route-Name
X-Akamai-ERPolicy
X-SVT-ORM-VERSION
X-ServerName
X-Cache-Handler