Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
Last-Modified
Accept-Ranges
Pragma
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
Expect-CT
Via
X-XSS-Protection
X-Cache
Age
Access-Control-Allow-Origin
Content-Security-Policy
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Served-By
X-Amz-Cf-Id
X-Varnish
Referrer-Policy
X-Xss-Protection
X-Timer
CF-Cache-Status
X-FRAME-OPTIONS
Access-Control-Allow-Headers
X-AspNet-Version
X-Request-Id
Access-Control-Allow-Methods
X-Runtime
X-Download-Options
Access-Control-Allow-Credentials
X-Drupal-Cache
X-Cacheable
X-Request-ID
Alt-Svc
X-Generator
Content-Security-Policy-Report-Only
X-Check
X-AspNetMvc-Version
Status
X-Adblock-Key
X-Cache-Status
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Iinfo
X-Permitted-Cross-Domain-Policies
X-Template
X-Language
Content-Encoding
X-Content-Security-Policy
X-Turbo-Charged-By
X-CDN
X-Type
X-Buckets
Keep-Alive
Xkey
X-AH-Environment
X-Cache-Group
X-Backend
WPE-Backend
X-Pass-Why
Access-Control-Max-Age
X-Age
CF-Ray
X-POWERED-BY
Upgrade
X-Server
EagleId
Access-Control-Expose-Headers
X-Via
X-Nginx-Cache-Status
X-Server-Powered-By
X-Drupal-Dynamic-Cache
X-Pingback
X-Varnish-Cache
X-Amz-Request-Id
X-Amz-Id-2
X-Hacker
Grace
X-UA-Device
X-Swift-CacheTime
X-Swift-SaveTime
X-Robots-Tag
Ali-Swift-Global-Savetime
P3p
Cf-Railgun
X-LiteSpeed-Cache
X-Proxy-Cache
X-Envoy-Upstream-Service-Time
X-Ua-Compatible
X-Page-Speed
Request-Context
Content-Location
X-Device
X-Ac
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Cnection
X-Amz-Version-Id
X-Node
X-Host
X-Cache-Lookup
X-Server-Id
Surrogate-Control
X-WebKit-CSP
X-Backend-Server
X-Rq
X-Rack-Cache
X-Response-Time
X-Readtime
X-Application-Context
EagleEye-TraceId
Server-Timing
X-CST
X-Cloud-Trace-Context
Pinterest-Generated-By
X-OneAgent-JS-Injection
X-Url
Request-Id
Report-To
X-Instart-Request-ID
X-TTL
X-Country
X-ORACLE-DMS-ECID
X-Px
X-Clacks-Overhead
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Feature-Policy
Edge-Control
Rating
X-Country-Code
Allow
X-DynaTrace-JS-Agent
X-Dns-Prefetch-Control
X-DataDome
X-ESI
X-Powered-CMS
X-Vname
X-TtlSet
X-PC
Charset
X-FTR-Request-ID
X-Server-Name
X-Origin-Cache
X-DynaTrace
NEL
X-MS-InvokeApp
X-Cached
X-Goog-Hash
X-Vhost
X-Recruiting
X-GitHub-Request-Id
X-Varnish-TTL
X-VARITI-CCR
RTSS
Content-MD5
X-F-Cache
X-ORACLE-DMS-RID
X-Version
X-Kinja-Revision
X-Cdn-Fetch
X-Geo-Segment
X-GoogleNews-Bot
X-Kinja-Build
X-Exp-Variant
X-Kinja-Server
X-Exp-Id
X-Kinja
X-Powered-By-Plesk
Accept-CH
PB-RID
Public-Key-Pins
PB-PID
X-Mobile-Rewrite
Arc-Version
X-D2id
X-Mod-Pagespeed
X-Pinterest-Rid
Pinterest-Version
X-Upstream-Env
Verso
X-Client-IP
MS-Author-Via
X-Abt-Application-Version
SPRequestGuid
X-Dispatcher
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-N
X-CF-Powered-By
X-SharePointHealthScore
X-Amz-Rid
Accept-CH-Lifetime
X-Navigation-Version
Nginx-Cache
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Dw-Request-Base-Id
X-Fastly-Request-ID
X-Trace
AR-ATIME
AR-PoweredBy
DynaTrace
Paypal-Debug-Id
X-T
X-Ruxit-JS-Agent
AR-CACHE
X-Upstream
X-Varnish-Age
X-Forwarded-Proto
X-Hits
X-Origin-Upstream-Status
X-DIS-Request-ID
TCN
Arr-Disable-Session-Affinity
X-Amz-Meta-S3cmd-Attrs
SPIisLatency
X-Id
SPRequestDuration
X-Pad
X-Grace
X-Shield-Request-Id
X-Content-Options
X-Content-Digest
Realpath
X-NF-Request-ID
X-Server-ID
X-Kinsta-Cache
Access-Control-Request-Method
X-IPLB-Instance
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
MRF-Tech
Mrf-Cache-Status
X-Cache-Hit
X-Logged-In
X-Acc-Meta-Resource-Type
X-HW
X-B
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Goog-Metageneration
X-Vcap-Request-Id
X-SS-Set-Cookie
X-Debug
X-FastCGI-Cache
X-XRDS-Location
Permitted-Cross-Domain-Policies
X-Do-Not-Hack
AR-SID
X-HeyJason
S
X-Ser
X-NewRelic-App-Data
X-Wix-Server-Artifact-Id
Service-Worker-Allowed
X-MSEdge-Ref
Tracecode
Server-Name
X-PressLabs-Stats
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-DC
X-FTR-Realm
X-FTR-Cache-Status
X-Country-Code-Real
X-FTR-Backend
X-Frontend
AMP-Access-Control-Allow-Source-Origin
X-Cache-Key
X-Oracle-Dms-Rid
X-FTR-Expires
Rt-Fastcgi-Cache
Fastly-Restarts
X-Forwarded-For
Fastcgi-Cache
Surrogate-Key
Alternate-Protocol
Eomportal-Instance
X-Cache-Rule
Cleartype
Backend-Timing
X-Accel-Buffering
X-Analytics
Cache-Status
X-Oneagent-Js-Injection
Host
X-Srv
TP-L2-Cache
X-RateLimit-Remaining
TP-Cache
X-HS-Content-Id
X-HS-Hub-Id
X-Ttl
X-Rid
X-Revision
Public-Key-Pins-Report-Only
X-TA-CDN-Provider
X-Whom
FilterID
X-FTR-Cache-Host
X-GUploader-UploadID
X-User-Agent
X-Debug-Info
X-VCache
X-Akam-SW-Version
ServerID
X-AOL-HN
X-Varnish-Backend
X-XRDS-LOCATION
X-Cache-2
X-NWS-LOG-UUID
Front-End-Https
X-Webkit-CSP
Accept-Charset
X-Mobile
X-Cdn
X-Via-JSL
X-Kinja-Server-Push
X-Content-Powered-By
X-Request-Received
X-Request-Processing-Time
X-Zen-Fury
X-Cached-By
X-WPE-Loopback-Upstream-Addr
X-Correlation-Id
Viewport
X-Node-Name
X-App-Environment
X-LB-Cache
X-Page-Id
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Magnolia-Registration
X-Tumblr-User
X-Varnish-Hostname
Host-Header
X-Cluster
X-Akamai-Edgescape
X-TT
X-Framework
X-Cache-Control
X-Request-Guid
X-Device-Type
X-Handled-By
X-Platform-Server
X-Signature
Upgrade-Insecure-Requests
X-FB-Debug
X-Content-Security-Policy-Report-Only
Liferay-Portal
X-BCube-Filmed-By
X-B-Cache
X-B3-Sampled
X-Instance
DC
Cache-Tag
X-Fastcgi-Cache
X-B3-Traceid
X-Cache-Server
X-Hostname
X-Origin-Server
Server-Node
MicrosoftSharePointTeamServices
X-Amzn-Trace-Id
X-TT-TIMESTAMP
X-Sol
Display
X-Middleton-Display
Retry-After
X-Accel-Expires
Source
X-WA-Info
X-Varnish-Server
X-Iejgwucgyu
X-Contextid
X-Servedby
X-Distil-CS
Server-Info
HitType
HitInfo
X-Cache-Action
X-Cache-Operation
X-APP-VERSION
X-Seen-By
Content-Script-Type
Content-Style-Type
X-Wix-Request-Id
User-Agent
X-GeoIP
Webserver
X-Amz-Replication-Status
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-RequestSource
X-S
X-Locale
X-Jobs
X-Port
Actual-Object-TTL
X-Edge-Location
GEO-INFO
X-WebKit-CSP-Report-Only
X-Status
X-UUID
X-FW-Serve
X-Edge-Cache-Key
X-Edge-Cache
SRV
X-FW-Hash
X-FW-Server
X-Region
X-FW-Type
X-FW-Static
X-Response-Served-From
AsisCache
X-Adobe-Loc
X-Drupal-Cache-Tags
X-Adobe-Content
ServedBy
Healthy
X-Generated-By
X-TX-ID
X-Varnish-Hits
X-Hyper-Cache
X-Geo-Country
Refresh
X-Yottaa-Optimizations
X-ATG-Version
X-Yottaa-Metrics
X-DataStream-Cache-Status
X-Cache-NE
X-Daa-Tunnel
Response
X-Esi
X-Middleton-Response
X-Cache-TTL-Remaining
X-Cache-Age
S-Cnection
IBM-Web2-Location
Payment
X-Varnish-Grace
X-URL
Filters
X-Content-Type
X-Amz-Server-Side-Encryption
X-Newrelic-App-Data
NGB
Datacenter
X-Activity-Id
X-Az
X-AppVersion
X-CDN-Forward
X-Cache-Remote
X-Pc-Hit
X-Vg-Webcache
X-Pc-Appver
X-Pc-Key
Country
X-Cacheable-TTL
X-Cache-TTL
X-Proxied
X-HS-Cache-Config
Edge-Cache-Tag
Served-By
X-App-Server
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
Pagespeed
X-HS-Combine-CSS
X-Varnish-IP
X-Mode
X-Sucuri-ID
X-UA
X-Akamai-Transformed
Meta-Geo
Load-Balancing
X-RN-RSRV
Machine
X-Cache-Var
X-ProcessESI
X-Is-Bot
X-Cache-Var-Map
X-RemovedCookies
X-Rendered-As
X-Rule
X-Detected-As
X-FC-Vary-Parameters
X-Proxy
X-Unique-ID
X-Rocket-Nginx-Bypass
X-RateLimit-Limit
TWC-Connection-Speed
Backend
X-Tb
TWC-Device-Class
Cache-Name
TWC-Locale-Group
TWC-GeoIP-Country
X-Amz-Meta-Surrogate-Control
X-Varnish-Cacheable
X-Origin
X-Cache-Category-Id
X-BYPASS-REASON
X-PCL
Access-Control-Allow-Method
TWC-GeoIP-LatLong
DB-Nickname
X-ProxyCache-Status
X-ServerID
X-ProxyCache-Key
X-Varnish-Cache-Hits
Webcakes-App-Name
X-OCL
Powered-By-ChinaCache
X-Hosted-By
TWC-Privacy
Webcakes-App-Version
Mn-Server-Ip
HostName
X-Grey
X-Origin-Hint
Webcakes-Region
Property-Id
X-Access
X-Upgrade-Enabled
Azure-RegionName
Azure-InstanceId
ServerName
User-Cache-Control
X-NodeID
X-BB-IP
X-JoinUs
S-Rt
X-OVcl-Cache
X-Routing-Service
X-Format
X-Section
Now
X-OVcl
X-Human
OT-Force-Account-Verify
X-Zipkin-Id
L5d-Success-Class
X-Mshield-Cache-Status
X-EIG-Tracking-Id
X-Loop
Azure-SiteName
X-Mrs-Age
X-Mrs-Cache
X-Mrs-Cache-Hits
X-TNCMS
Azure-SlotName
Azure-Version
X-Original-Request
X-Debug-Cache
X-CDN-Cache
Selected-FE
X-Site-Version
X-NGENIX-Cache
X-SplitTest
X-Generated
X-VWS-Id
X-Pubstack
X-Proxy-Build
X-IP
X-Hit
X-Timing-Wait
X-Www-Served-By
X-PERF
X-Environment-Context
X-Viewer-Country
X-ApacheServer
X-Agile-Id
X-Agile-Age
X-Agile
X-App-Name
X-AWS-Id
X-Via-Fastly
X-L-Path
X-LJ-Flow-ID
X-Cache-Config
X-TWH-CORRELATION-ID
Cache-Key
Fastcgi-Useragent
Access-Control-Request-Headers
Fastcgi-X-Cache
X-HOST
Fastcgi-X-Cache-Version
X-Origin-CC
X-Ocache
X-CCM
X-Drupal-Cache-Contexts
X-Upstream-HT
X-Backend-Name
X-Upstream-CT
X-Xfnlog-Site
X-Nginx-Cache
X-Source
AR-Request-ID
Cache
X-Real-IP
X-Akamai-Request-ID
From-Origin
X-Correlation-ID
X-Litespeed-Cache
X-Ruxit-Js-Agent
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Storage
X-Pc-Date
X-Pc-Host
X-Vgn-Hpd-Reason
X-Forwarded-Host
Fastly-SSL
X-Feature
LB
X-NCache
NtCoent-Length
X-Time-Microsecs
X-M-Reqid
X-M-Log
X-Ms-Version
X-Qnm-Cache
X-Ms-Request-Id
X-Ms-Lease-Status
X-Ms-Blob-Type
X-Internal-Host
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-Birta-Served
X-Birta-Cache-Post
X-Labrador-Cache-Channel
X-Release
X-Distributor
X-VG-TLSProxy
X-Microcachable
X-UA-Device-Type
X-App-Version
X-EdgeConnect-Cache-Status
X-NC
X-Webkit-Csp
Pagetype
ViewerVersion
X-B3-Spanid
Time
X-Cache-Backend
X-Twitter-Response-Tags
X-Connection-Hash
X-Transaction
XServer
X-Cluster-Node
X-Powered-By-ANYU
WZWS-RAY
X-SERVER-NAME
IsBot
Viewtype
V-Age
MD5-Digest
VivaBuild
X-A
Cache-Prefix
Www
T-Server
Arc-Country
Meta-Geo-Continent
Server-Int
Fly-Cache
Rendered-Blocks
Fly-Request-Id
Ajk
NGX
Mobile-Detection-Method
BehaviorPad-Version
AKAMAI
Ec-Rule-Version
X-CF-Lambda-Version
X-Request-UUID
X-Region-Sid
X-Rewrite-Enabled
X-Rojux
X-S-Cookie
X-PAYTM-SRV-ID
X-Org
X-Irp-Debug
X-Logtrace-Id
X-No-Session
X-NU-AKA-ACS-Version
X-ScT
X-Server-By
X-Via-Edge
X-Via-CDN
X-Via-SSL
X-WebServer
Xc-Version
X-VG-WebServer
X-UE-Client-Country
X-Server-Time
X-SIPLIST1
X-SRCache-Key
X-Trv-Group
X-IN-WAF
X-IN-SSL-APIGATEWAY
X-B-Cookie
X-ARC
X-BB-ID
X-CF-Lambda-Fn
X-CUA
Frame-Options
X-Accel-Expires-Debug
X-A-Dam
X-A-Dcw
X-A-Dgt
X-A-Wwc
X-D
X-Date
X-G
X-Generated-In
X-Generation-Time
X-IN-APIGATEWAY
X-From
X-DPWN-IS-SECURE
X-Destination
X-Developer
X-Died
X-Dispatcher-Server
X-A-Ccd
X-Application
Cneonction
X-NWS-UUID-VERIFY
X-Sucuri-Cache
X-C
X-Cache-Enabled
X-Request-Time
X-FireWall-Port
CACHE
HA-Urlpath
HA-Servedtime
X-Origin-TTL
HA-Ipaddr
X-Hash
Magicmarker
X-GeoIP-City
X-Node-Id
X-Hl-Ver
HA-Host
HA-Geolat
HA-Geocountry
HA-Cloudapp
HA-Geolon
HA-Georegion
Ha-Gx-Prefs
X-Layer
X-Key
GMS-Ver
X-External-Request-Id
X-CGP
X-Core-Value
X-Crawler
Release
Server-Host
X-Cache-CFC
X-Amz-Meta-Cache-Control
SN
X-Cache-Bucket
X-CS
Pragrma
X-Eu-Site
NodeID
X-Owner
X-F5-Cache
X-GZip
Origin-Cache-Control
Powered
X-Instance-Name
Origin-Edge-Control
X-Fastly-Cache
HA-Geocity
X-Web-Node
X-We-Are-Hiring
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Policy
Backend-Name
X-VServer
X-UnsetCookies
X-Store
X-Varnish-Action
X-S-Maxage
X-VCT
X-Platform
X-Redis-Cache
X-Wikidot-Static-Cache
Country-Code
X-Wikidot-Backend
REQUESTUUID
X-Phone
X-Webstats-RespID
Ar-Sid
Xserver
X-Var-Ttl
X-Variation
X-Croise-Owner
X-Actual-URL
X-Tumblr-Pixel-3
X-Developers
X-Debug-Log
X-Debug-Cookies
X-Up
X-Backend-Host
X-TT-LOGID
X-Backend-State
X-Backend-TTL
X-Backend-Url
X-PHP-Backend
X-Cache-Expires
X-Cache-Srv
X-Clientip
X-Block-Status
X-Cdn-Srv
X-Cache-URL
X-Core-Mission
X-Server-IP
Web-Mar-Node
X-Passed-To-PostProcessResponse
X-Passed-To-DLL
X-RCS-CacheZone
X-Reboot
X-Response-By
X-Request-URI
X-Location
X-Matched-Rule
X-Passed-To-BeforeDispatch
X-NX-Host
X-Nginx-Cache-Key
X-MSEdge-Flight
X-MI-In-Market
X-MSEdge-Features
X-Varnish-Beresp-Ttl
X-HTML-Minification-Powered-By
X-Passed-To
X-Secret
X-Fetched-On
X-Sf
X-Stale
X-Swa-Ws
X-Epic-Correlation-Id
X-FW-Version
X-Gannett-Site-Version
X-Returned-From-BeforeDispatch
X-Returned-From
X-GeoIP-Country-Code
X-Returned-From-DLL
X-Gen-Mode
X-Returned-From-PostProcessResponse
X-Thinkindot-L3
X-Hnp-Log
MI-API
MI-Cache
X-V
Kp-EeAlive
Host-ID
Is-Eu
MI-Cache-Age
Odigeo-Trace-Id
Request-Country
Request-EU
Proxy-Connection
Platform
Origin
Heartbleed
Esi-Enabled
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Shopify-Stage
X-ShopId
X-Alternate-Cache-Key
X-ShardId
Adler-Geo
ProcessTime
CDCHOST
Countrycode
Apple-News-Services-Request-Url
Apple-News-Services-Host
Apple-News-Services-Handled
Section-Io-Cache
Apple-News-Services-Parsed-Url
Uber-Trace-Id
Thinkindot-CacheControl
Thinkindot-Control
Thinkindot-CacheControl-Type
X-Ua
MIME-Version
X-Worker
On-Server
X-Servername
X-Device-Os
Sid
X-ElasticPress-Search
True-Client-Country-4JS
Content-Disposition
Decoy-Debug-TTL
Decoy-Debug-Status
X-Alicdn-Da-Ups-Status
Fastly-Backend-Name
X-ServiceProvider
HTTPS
Cache-Tags
Decoy-Debug-Key
X-Fstrz
RNT-Time
X-Ckpd-Fst-Backend
Server-ID
X-Sn-Servicetimems
X-Content-Age
Resin-Trace
X-Cache-Host
RNT-Machine
X-Trace-Id
X-Dc
X-Cdn-Origin
X-Guploader-Uploadid
X-Endurance-Cache-Level
Warning
Cache-Cookie-Set-From
Fastly-SWR
Fastly-SIE
Cache-Cookie-Set-Idcheck
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-CACHE-AGE
X-Ezoic-Cdn
Request-Time
X-Real-Ip
X-Skip-Cache
Cache-Cookie-Set-Lfrom
PFcat
X-Csrf-Token
RequestId
X-TIME
X-B3-TraceId
X-Newrelic-Synthetics
Cteonnt-Length
X-Nc
X-Pf-Uncompressing
X-Proto
X-Surge-Debug
X-Req
We-Hiring
CF-IPCountry
Mail-Subject
X-Refresh
X-GEO
X-Pjax-Url
X-Oss-Object-Type
X-Oss-Request-Id
X-Oss-Server-Time
X-Oss-Hash-Crc64ecma
WP-Super-Cache
X-Planisys-CDN-Cache
X-Oss-Storage-Class
X-Servedbyhost
X-Aed
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
Pramga
X-Varnish-Ttl
X-GRACE
PageSpeed
CDN
Dnion-Transfer-Encoding
X-Cache-ASPX
X-Edge-IP
TSSecure
X-CLOUD-TRACE-CONTEXT
X-Atg-Version
X-GoCache-CacheStatus
X-COUNTRY
X-CSRF-Token
X-Ms-Lease-State
X-Time
X-Geo
X-Varnish-Beresp-TTL
X-Hello
X-Server-W
X-Flog
X-Page-Type
X-ABtesting
Geoip-Latitude
X-Amz-Cf-Pop
GeoIp-Country-Code
Cdn
X-DC
X-Oracle-Dms-Ecid
X-DataStream-MidMile-RTT
X-Aicache-OS
X-Varnish-Url
X-DataStream-Origin-MEX-Latency
Hostname
X-Cdn-Forward
NODE
NnCoection
X-Origin-Date
X-Origin-Expires
Lfy
X-Auto-Login
A
Mime-Version
FSS-Proxy
FSS-Cache
X-Cache-Control-Set-By
X-HCF
X-Varnish-HitMiss
MS-CV
X-Datadome
X-WA
X-Akamai-Request-ID2
SD-X-WS
X-Ratelimit-Limit
X-Via-NSCOPI
X-CACHE-KEY
Rt-Proxy-Cache
WWW-Authenticate
Node
X-Unique-Id
X-Wa
X-Server-Group
X-Sentry-ID
X-UPSTREAM-Address
X-EC-Security-Audit
Geoip-City
X-Check-Cacheable
X-Use-Magma
PageType
X-Bip
X-Wix-Route-ID
Processtime
PICS-Label
X-PAGE-TYPE
X-Thanos
Memcached
GeoIP-Latitude
X-Cache-Id
X-Served-From
X-APP
GeoIP-Country-Code
X-Varnish-URL
X-NODE
GeoIP-City
X-From-Cache
X-SRV
X-Be
X-MP-GENERATED-AT
X-Cache-Info
X-Nananana
X-Edge-Server
X-Request-Start
X-Proxy-Server
X-Cookie
Cdn-Request-Time
X-Gen-Id
X-Gdpr
Cdn-Host
X-RTag
Ms-Operation-Id
Memory
X-GDPR
X-Fastly-Backend-Reqs
Lb
X-Dynatrace-Js-Agent
X-Load-Cache
DataCenter
Dont-Set-Cookie
X-WR-MODIFICATION
UCS
GW-Server
X-Fastly-Cache-Hits
COMMERCE-SERVER-SOFTWARE
X-FORWARDED-FOR
X-PJAX-URL
X-Cache-HT
Get-Access-Time
Pics-Label
Is-Session-Tracking
X-Env
X-User
X-HS-Status
X-ServedByHost
X-Optimization
X-Swift-Error
X-RateLimit-Reset
Group
V-Cache
Cache-Hits
Who
X-Cache-Ttl
X-B3-SpanId
Cf-Ipcountry
X-CDN-Pop-IP
X-Cache-FS-Status
X-Ver
X-Dw-Trace-Id
Accept-Language
X-Fe
X-Goog-Meta-Goog-Reserved-File-Mtime
X-PF-Uncompressing
X-CDN-Pop
X-ID
Amp-Access-Control-Allow-Source-Origin
X-VC
Xet-Cookie
X-SB
URI
Ws
X-LI-UUID
X-Urbn-Context-Path
Requestid
X-Urbn-Site-Id
X-Li-Pop
X-Li-Fabric
NX-Cache
Locale
X-BBXSRF
X-Cache-Debug
X-Content-Encoded-By
X-GZIP
AGE-Hash
X-Bug-Bounty
X-Meta-Tbi-Cache-Vertical
X-LI-Proto
X-Ibm-Trace
X-NGINX-Cache
Serverid
CDN-Cache
X-CacheKey
N-Cache
X-Shard
X-Ratelimit-Remaining
CDN-Cache-Hit
X-Info
Httpd-Identifier
CDN-Node
X-Varnish-Info
X-Path-Route
X-Cache-Handler
Powered-By
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
Fastly-Soc-X-Request-Id
SS
X-Serial
X-Qloud-Router
X-App
X-RequestId
X-Litespeed-Cache-Control
X-Akamai-ERPolicy
X-Akamai-ERRuleID
Https
X-ServerName
X-Route-Name
X-Flags
X-Is-Crawler
X-Providence-Cookie
X-Grace-Duration