Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
Last-Modified
Accept-Ranges
Pragma
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
Expect-CT
Via
X-Cache
X-XSS-Protection
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Xss-Protection
X-Served-By
X-Amz-Cf-Id
X-Varnish
Referrer-Policy
X-Timer
CF-Cache-Status
Access-Control-Allow-Headers
X-AspNet-Version
Access-Control-Allow-Methods
X-Request-Id
X-Runtime
X-Download-Options
Access-Control-Allow-Credentials
X-FRAME-OPTIONS
X-Drupal-Cache
X-Request-ID
X-Cacheable
Alt-Svc
X-Generator
Content-Security-Policy-Report-Only
X-Check
X-Adblock-Key
X-AspNetMvc-Version
Status
X-Cache-Status
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Template
X-Permitted-Cross-Domain-Policies
X-Language
X-Iinfo
Content-Encoding
X-Content-Security-Policy
X-Turbo-Charged-By
X-CDN
X-Buckets
X-Type
Keep-Alive
Xkey
X-AH-Environment
X-Cache-Group
WPE-Backend
X-Pass-Why
X-Backend
Access-Control-Max-Age
X-Age
CF-Ray
Upgrade
X-POWERED-BY
X-Server
Access-Control-Expose-Headers
EagleId
X-Via
X-Nginx-Cache-Status
X-Server-Powered-By
X-Drupal-Dynamic-Cache
X-Pingback
X-Varnish-Cache
X-Amz-Id-2
X-Amz-Request-Id
X-Hacker
Grace
X-UA-Device
X-Swift-CacheTime
X-Swift-SaveTime
X-Robots-Tag
Ali-Swift-Global-Savetime
P3p
Cf-Railgun
X-LiteSpeed-Cache
X-Proxy-Cache
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Ua-Compatible
Request-Context
Content-Location
X-Device
X-Ac
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Amz-Version-Id
X-Cnection
X-Host
Surrogate-Control
X-Cache-Lookup
X-Node
X-Server-Id
X-Backend-Server
X-Rq
X-Response-Time
X-Rack-Cache
X-WebKit-CSP
X-Readtime
X-Application-Context
EagleEye-TraceId
X-OneAgent-JS-Injection
Server-Timing
X-Cloud-Trace-Context
Report-To
Pinterest-Generated-By
X-Url
Request-Id
X-CST
X-TTL
X-Instart-Request-ID
X-Country
X-ORACLE-DMS-ECID
X-Px
X-Clacks-Overhead
X-EdgeConnect-Origin-MEX-Latency
Feature-Policy
X-EdgeConnect-MidMile-RTT
Edge-Control
X-Country-Code
Rating
X-Dns-Prefetch-Control
X-DataDome
Allow
X-ESI
NEL
X-Powered-CMS
X-TtlSet
X-Vname
X-PC
X-FTR-Request-ID
X-Origin-Cache
Charset
X-Server-Name
X-DynaTrace
X-Cached
X-DynaTrace-JS-Agent
X-MS-InvokeApp
X-Vhost
X-Goog-Hash
X-GitHub-Request-Id
X-Recruiting
X-VARITI-CCR
RTSS
X-F-Cache
X-Version
X-Exp-Variant
X-Kinja-Server
X-Exp-Id
X-Varnish-TTL
X-Kinja-Revision
X-Geo-Segment
X-Kinja
X-Cdn-Fetch
X-Kinja-Build
X-GoogleNews-Bot
Content-MD5
X-Powered-By-Plesk
Accept-CH
X-D2id
Arc-Version
Public-Key-Pins
PB-RID
PB-PID
X-Mobile-Rewrite
X-Mod-Pagespeed
MS-Author-Via
Verso
X-Client-IP
X-Abt-Application-Version
X-Dispatcher
X-Upstream-Env
X-Pinterest-Rid
Pinterest-Version
SPRequestGuid
X-Ruxit-JS-Agent
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-SharePointHealthScore
X-N
X-Amz-Rid
Nginx-Cache
X-ORACLE-DMS-RID
Accept-CH-Lifetime
X-Navigation-Version
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-Dw-Request-Base-Id
X-Trace
X-Fastly-Request-ID
X-CF-Powered-By
X-Forwarded-Proto
Paypal-Debug-Id
X-Server-ID
X-DIS-Request-ID
X-Origin-Upstream-Status
SPRequestDuration
SPIisLatency
X-Hits
X-Upstream
X-T
X-Varnish-Age
DynaTrace
Arr-Disable-Session-Affinity
TCN
X-Amz-Meta-S3cmd-Attrs
X-Id
X-Grace
X-Oracle-Dms-Rid
X-Shield-Request-Id
X-Pad
X-Content-Options
AR-ATIME
AR-PoweredBy
AR-CACHE
Realpath
X-Content-Digest
X-NF-Request-ID
X-HW
Access-Control-Request-Method
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
Mrf-Cache-Status
MRF-Tech
X-Kinsta-Cache
X-XRDS-Location
X-IPLB-Instance
X-Acc-Meta-Resource-Type
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-Goog-Generation
X-Vcap-Request-Id
X-Debug
X-Cache-Hit
X-B
X-Logged-In
X-Wix-Server-Artifact-Id
X-SS-Set-Cookie
Service-Worker-Allowed
X-Ser
Tracecode
X-FastCGI-Cache
S
X-MSEdge-Ref
Fastly-Restarts
Server-Name
X-NewRelic-App-Data
X-PressLabs-Stats
X-FTR-Balancer
X-FTR-Cache-Status
X-FTR-Realm
X-FTR-DC
X-FTR-Backend-Server
X-Country-Code-Real
X-FTR-Backend
X-Frontend
X-FTR-Expires
X-Accel-Buffering
X-Cache-Key
AMP-Access-Control-Allow-Source-Origin
Rt-Fastcgi-Cache
Surrogate-Key
X-Forwarded-For
Fastcgi-Cache
Backend-Timing
X-Analytics
X-Iejgwucgyu
Alternate-Protocol
X-HS-Content-Id
X-HS-Hub-Id
Host
X-Cache-Rule
Eomportal-Instance
FilterID
X-Revision
AR-SID
TP-Cache
Cleartype
Front-End-Https
TP-L2-Cache
X-Rid
X-FTR-Cache-Host
Public-Key-Pins-Report-Only
Cache-Status
X-User-Agent
X-Debug-Info
X-Akam-SW-Version
X-Whom
X-Mobile
X-Srv
Accept-Charset
X-Webkit-CSP
X-AOL-HN
X-Varnish-Backend
ServerID
X-Cdn
X-Cache-2
X-RateLimit-Remaining
X-GUploader-UploadID
X-Request-Received
X-Request-Processing-Time
X-Zen-Fury
X-Oneagent-Js-Injection
X-Ttl
X-Content-Powered-By
X-XRDS-LOCATION
X-Cached-By
X-Via-JSL
X-WPE-Loopback-Upstream-Addr
X-NWS-LOG-UUID
X-TA-CDN-Provider
X-VCache
X-Do-Not-Hack
X-HeyJason
Permitted-Cross-Domain-Policies
X-App-Environment
X-LB-Cache
Display
X-Sol
X-Middleton-Display
X-Tumblr-Pixel
X-Varnish-Hostname
X-Tumblr-User
X-Page-Id
X-Cluster
Host-Header
X-Cache-Control
X-Magnolia-Registration
X-Tumblr-Pixel-0
Viewport
X-Request-Guid
X-TT
X-Device-Type
X-Node-Name
X-Akamai-Edgescape
X-Framework
X-Handled-By
X-Platform-Server
X-Content-Security-Policy-Report-Only
X-B3-Sampled
Upgrade-Insecure-Requests
X-B-Cache
X-Signature
X-FB-Debug
X-Correlation-Id
X-Instance
Cache-Tag
DC
X-BCube-Filmed-By
Liferay-Portal
X-Fastcgi-Cache
X-Amzn-Trace-Id
X-Cache-Server
MicrosoftSharePointTeamServices
X-Hostname
X-Origin-Server
X-Webkit-Csp
Server-Node
X-TT-TIMESTAMP
X-Accel-Expires
X-Varnish-Server
X-WA-Info
Retry-After
Source
X-Servedby
X-Contextid
X-Distil-CS
X-Wix-Request-Id
X-Seen-By
X-Edge-Location
Server-Info
HitInfo
HitType
X-B3-Traceid
X-Amz-Replication-Status
Content-Style-Type
Content-Script-Type
X-Cache-Action
X-GeoIP
SRV
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-RequestSource
Webserver
X-S
X-Cache-Operation
Response
X-Locale
X-Jobs
X-Status
X-Middleton-Response
X-Generated-By
X-ATG-Version
User-Agent
Actual-Object-TTL
X-WebKit-CSP-Report-Only
GEO-INFO
X-Drupal-Cache-Tags
X-Response-Served-From
X-Cache-NE
X-Region
X-FW-Serve
X-Edge-Cache
X-Edge-Cache-Key
X-FW-Hash
X-FW-Server
X-FW-Static
AsisCache
X-FW-Type
X-Adobe-Content
ServedBy
X-Varnish-Hits
X-UUID
X-Adobe-Loc
Refresh
X-TX-ID
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Newrelic-App-Data
Healthy
X-Port
Payment
X-Esi
X-Hyper-Cache
X-Geo-Country
X-Cache-TTL-Remaining
X-DataStream-Cache-Status
X-URL
S-Cnection
X-APP-VERSION
X-Content-Type
IBM-Web2-Location
Edge-Cache-Tag
Datacenter
X-HS-Cache-Config
HostName
X-Varnish-Grace
X-Amz-Server-Side-Encryption
Country
X-Cache-Age
Powered-By-ChinaCache
Filters
Served-By
X-HS-Combine-CSS
X-Daa-Tunnel
X-Az
NGB
X-Activity-Id
X-AppVersion
X-Sucuri-ID
X-Pc-Appver
X-Pc-Hit
X-Pc-Key
X-Varnish-IP
X-Cacheable-TTL
X-Cache-Remote
X-Vg-Webcache
X-App-Server
X-Cache-TTL
X-Akamai-Transformed
X-UA
X-Mshield-Cache-Status
X-Mrs-Age
X-Mrs-Cache-Hits
X-Mrs-Cache
X-Kinja-Server-Push
X-Mode
X-Rule
X-Kong-Proxy-Latency
X-ProcessESI
X-Kong-Upstream-Latency
X-RN-RSRV
X-Cache-Var
X-Detected-As
Load-Balancing
X-Cache-Var-Map
Meta-Geo
X-Is-Bot
X-RemovedCookies
X-Rendered-As
Machine
X-ProxyCache-Status
X-Proxy
X-Rocket-Nginx-Bypass
X-BYPASS-REASON
X-FC-Vary-Parameters
X-ProxyCache-Key
X-Cache-Category-Id
X-OCL
Mn-Server-Ip
TWC-Connection-Speed
Property-Id
TWC-Device-Class
X-Origin-Hint
X-ServerID
TWC-GeoIP-Country
TWC-GeoIP-LatLong
TWC-Locale-Group
Webcakes-App-Version
Cache-Name
Webcakes-App-Name
X-Hosted-By
X-Varnish-Cache-Hits
Access-Control-Allow-Method
X-Origin
X-Varnish-Cacheable
OT-Force-Account-Verify
User-Cache-Control
DB-Nickname
X-Tb
Backend
X-Amz-Meta-Surrogate-Control
X-PCL
TWC-Privacy
Webcakes-Region
X-Grey
Azure-InstanceId
Azure-Version
Azure-RegionName
Azure-SlotName
X-JoinUs
X-Zipkin-Id
L5d-Success-Class
Now
X-Proxied
X-Upstream-HT
X-Upstream-CT
X-Routing-Service
X-Site-Version
X-TNCMS
X-Upgrade-Enabled
X-OVcl-Cache
X-OVcl
X-Format
X-EIG-Tracking-Id
X-CDN-Cache
X-BB-IP
X-Generated
X-Hit
X-Original-Request
X-Loop
X-Section
X-Human
X-Access
Azure-SiteName
X-Correlation-ID
X-App-Version
X-Cache-Config
X-Environment-Context
X-IP
X-L-Path
X-AWS-Id
X-App-Name
ServerName
Selected-FE
X-Agile
X-Agile-Age
X-ApacheServer
X-Agile-Id
X-LJ-Flow-ID
X-NodeID
X-HOST
X-Www-Served-By
X-Debug-Cache
X-Via-Fastly
X-Viewer-Country
X-VWS-Id
X-TWH-CORRELATION-ID
X-PERF
S-Rt
X-Proxy-Build
X-Pubstack
X-Timing-Wait
X-NGENIX-Cache
X-SplitTest
Fastcgi-Useragent
Fastcgi-X-Cache-Version
X-Drupal-Cache-Contexts
Cache-Key
Access-Control-Request-Headers
X-Source
Fastcgi-X-Cache
From-Origin
X-CCM
X-Origin-CC
X-Ocache
X-CDN-Forward
X-Amzn-RequestId
X-Amz-Apigw-Id
Cache
Pagespeed
X-Xfnlog-Site
X-Nginx-Cache
LB
X-Unique-ID
X-Backend-Name
X-Feature
X-Forwarded-Host
Fastly-SSL
X-Litespeed-Cache
NtCoent-Length
ViewerVersion
X-RateLimit-Limit
X-Akamai-Request-ID
X-Storage
X-Vgn-Hpd-Reason
X-Ms-Blob-Type
X-Pc-Host
X-Ms-Version
X-Ms-Request-Id
X-Ms-Lease-Status
X-Pc-Date
X-M-Log
X-M-Reqid
X-Qnm-Cache
X-Birta-Served
X-Birta-Cache-Post
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
Ar-Sid
X-Labrador-Cache-Channel
X-VG-TLSProxy
X-B3-TraceId
X-Cluster-Node
X-NCache
X-Time-Microsecs
X-Guploader-Uploadid
Xserver
X-Internal-Host
X-Ruxit-Js-Agent
X-Real-Ip
X-Real-IP
X-Release
X-Microcachable
Time
X-Distributor
AR-Request-ID
X-EdgeConnect-Cache-Status
PageSpeed
CACHE
X-Powered-By-ANYU
WZWS-RAY
X-Varnish-Beresp-Ttl
X-Cache-Enabled
X-Request-Time
X-Sucuri-Cache
ProcessTime
X-Dynatrace-Js-Agent
X-SERVER-NAME
X-B3-Spanid
X-Application
Ajk
Viewtype
AKAMAI
X-From
X-A-Dgt
Arc-Country
X-A-Dcw
BehaviorPad-Version
Xc-Version
X-A-Wwc
V-Age
T-Server
X-Accel-Expires-Debug
X-A-Ccd
X-BB-ID
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-Date
Www
X-Connection-Hash
VivaBuild
X-CUA
X-D
Cache-Prefix
X-Cache-Bucket
X-Web-Node
X-DPWN-IS-SECURE
X-B-Cookie
X-Dispatcher-Server
X-Died
X-Destination
X-Developer
X-A
X-ARC
X-IN-SSL-APIGATEWAY
MD5-Digest
X-G
IsBot
X-Redis-Cache
X-Region-Sid
Meta-Geo-Continent
Mobile-Detection-Method
X-Via-Edge
X-Org
X-Via-CDN
X-VG-WebServer
X-Request-UUID
X-Rewrite-Enabled
X-Trv-Group
X-Twitter-Response-Tags
X-SIPLIST1
X-SRCache-Key
X-Store
X-UE-Client-Country
X-Server-Time
X-Rojux
X-S-Cookie
X-ScT
X-Server-By
X-NU-AKA-ACS-Version
X-PAYTM-SRV-ID
X-Generation-Time
REQUESTUUID
X-IN-WAF
Rendered-Blocks
X-WebServer
X-A-Dam
Ec-Rule-Version
X-IN-APIGATEWAY
Fly-Request-Id
Server-Int
X-Logtrace-Id
X-Via-SSL
X-No-Session
X-Irp-Debug
Fly-Cache
NGX
X-Generated-In
X-Transaction
X-FireWall-Port
X-Cache-Backend
X-Newrelic-Synthetics
X-Sorting-Hat-ShopId
X-NC
X-Alternate-Cache-Key
X-Sorting-Hat-PodId
X-ShardId
X-Shopify-Stage
X-ShopId
X-Endurance-Cache-Level
Web-Mar-Node
HA-Urlpath
Origin-Cache-Control
NodeID
Magicmarker
SN
Pragrma
HA-Servedtime
HA-Ipaddr
HA-Host
Ha-Gx-Prefs
HA-Georegion
Origin-Edge-Control
Release
X-Gen-Mode
X-Origin-TTL
X-Owner
X-Phone
X-Node-Id
X-Layer
X-VServer
X-Key
X-Platform
X-Policy
X-UnsetCookies
X-S-Maxage
X-Varnish-Action
X-VCT
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-We-Are-Hiring
HA-Geolon
X-CS
X-Eu-Site
X-F5-Cache
X-Crawler
X-CGP
X-Block-Status
X-Cache-CFC
X-Fastly-Cache
X-External-Request-Id
X-Hl-Ver
X-Hnp-Log
X-Hash
X-GeoIP-City
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-Amz-Meta-Cache-Control
Server-Host
Backend-Name
X-UA-Device-Type
HA-Geolat
Country-Code
GMS-Ver
Frame-Options
HA-Geocity
HA-Cloudapp
HA-Geocountry
X-Nc
X-CACHE-AGE
X-Amz-Cf-Pop
X-Webstats-RespID
X-ElasticPress-Search
X-C
X-Gannett-Site-Version
X-Fetched-On
Cneonction
X-FW-Version
X-Backend-Url
X-Instance-Name
X-Location
X-Backend-TTL
X-HTML-Minification-Powered-By
X-GeoIP-Country-Code
X-Epic-Correlation-Id
X-Device-Os
X-Core-Value
X-Croise-Owner
X-Core-Mission
X-Clientip
X-Cache-URL
X-Matched-Rule
X-Cache-Expires
X-Debug-Log
X-Developers
X-Debug-Cookies
X-Backend-State
X-Backend-Host
X-Cache-Srv
X-NX-Host
X-Thinkindot-L3
X-TT-LOGID
X-Swa-Ws
X-Stale
X-Secret
X-Server-IP
X-Tumblr-Pixel-3
X-Up
X-RCS-CacheZone
X-Sf
Resin-Trace
Kp-EeAlive
X-Var-Ttl
X-Variation
X-Returned-From-PostProcessResponse
X-Returned-From-DLL
X-Passed-To-BeforeDispatch
X-Passed-To-DLL
Adler-Geo
X-Nginx-Cache-Key
X-MSEdge-Features
X-MSEdge-Flight
X-Passed-To-PostProcessResponse
X-Reboot
X-Returned-From
X-Returned-From-BeforeDispatch
X-Response-By
X-Ezoic-Cdn
X-Request-URI
X-MI-In-Market
X-Passed-To
Thinkindot-Control
Uber-Trace-Id
Proxy-Connection
Cache-Cookie-Set-Lfrom
Thinkindot-CacheControl-Type
MI-Cache
Is-Eu
Platform
Odigeo-Trace-Id
MI-Cache-Age
CDCHOST
Origin
Esi-Enabled
Thinkindot-CacheControl
Cache-Cookie-Set-Idcheck
Countrycode
X-Actual-URL
Apple-News-Services-Parsed-Url
Heartbleed
Apple-News-Services-Request-Url
Apple-News-Services-Handled
Section-Io-Cache
Cache-Cookie-Set-From
Request-Country
Request-EU
Apple-News-Services-Host
Pagetype
X-Ua
Decoy-Debug-Key
X-NWS-UUID-VERIFY
Content-Disposition
On-Server
Powered
Decoy-Debug-TTL
Decoy-Debug-Status
X-Sn-Servicetimems
Server-ID
X-Cache-Host
X-Cdn-Origin
RNT-Time
RNT-Machine
True-Client-Country-4JS
X-Ckpd-Fst-Backend
X-Worker
X-Surge-Debug
X-Fstrz
X-Content-Age
HTTPS
Fastly-Backend-Name
X-Trace-Id
X-Varnish-Ttl
X-ServiceProvider
Cache-Tags
MI-API
X-Csrf-Token
X-Dc
X-GZip
X-V
Fastly-SIE
X-Skip-Cache
X-Rebelmouse-Cache-Control
X-Servername
Warning
X-Rebelmouse-Surrogate-Control
Fastly-SWR
X-Alicdn-Da-Ups-Status
X-Cdn-Srv
MIME-Version
RequestId
Host-ID
X-Aed
X-Edge-IP
X-TIME
X-Req
Pramga
X-Pf-Uncompressing
X-Proto
X-GEO
TSSecure
PFcat
XServer
Sid
Mail-Subject
X-Cdn-Forward
We-Hiring
Request-Time
X-Ms-Lease-State
X-Refresh
X-Ratelimit-Limit
X-Pjax-Url
Cdn
Cteonnt-Length
X-Hello
X-Page-Type
WP-Super-Cache
CF-IPCountry
X-Flog
X-Time
X-ABtesting
X-PHP-Backend
X-Geo
X-Varnish-Url
X-GRACE
X-Atg-Version
X-CLOUD-TRACE-CONTEXT
X-DC
X-Server-W
X-Servedbyhost
X-COUNTRY
Mime-Version
X-Auto-Login
X-Planisys-CDN-Cache
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
FSS-Cache
FSS-Proxy
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-Oss-Request-Id
X-Oss-Storage-Class
X-Oracle-Dms-Ecid
X-Oss-Server-Time
X-Unique-Id
X-DataStream-MidMile-RTT
Geoip-Latitude
X-DataStream-Origin-MEX-Latency
X-Aicache-OS
X-Cache-ASPX
Dnion-Transfer-Encoding
Lfy
GeoIp-Country-Code
CDN
X-CSRF-Token
PageType
X-GoCache-CacheStatus
X-Sentry-ID
Rt-Proxy-Cache
X-Akamai-Request-ID2
X-WA
X-Varnish-Beresp-TTL
X-Datadome
X-EC-Security-Audit
A
X-MP-GENERATED-AT
X-Served-From
X-Bip
X-Via-NSCOPI
X-Cache-Id
Memcached
X-Thanos
MS-CV
X-Check-Cacheable
X-Ratelimit-Remaining
NnCoection
X-Origin-Date
X-CACHE-KEY
X-Cache-Info
X-SRV
X-Be
X-Origin-Expires
Node
X-Wa
X-Varnish-HitMiss
GeoIP-Latitude
X-Request-Start
X-Proxy-Server
NODE
GeoIP-Country-Code
X-APP
X-Cache-Control-Set-By
X-HCF
Memory
SD-X-WS
X-Nananana
X-NODE
X-UPSTREAM-Address
UCS
GW-Server
X-Fastly-Cache-Hits
X-Server-Group
GeoIP-City
WWW-Authenticate
Hostname
X-ServedByHost
X-Cookie
Geoip-City
Cache-Hits
X-User
X-Vcache
X-Gen-Id
X-Varnish-URL
X-Wix-Route-ID
X-PAGE-TYPE
X-GDPR
PICS-Label
X-From-Cache
Accept-Language
X-Load-Cache
DataCenter
X-WR-MODIFICATION
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Fastly-Backend-Reqs
X-HS-Status
Amp-Access-Control-Allow-Source-Origin
X-FORWARDED-FOR
Cf-Ipcountry
X-RTag
Processtime
Cdn-Request-Time
X-Gdpr
X-Li-Fabric
Ms-Operation-Id
X-LI-Proto
X-B3-SpanId
X-LI-UUID
X-Path-Route
X-Use-Magma
COMMERCE-SERVER-SOFTWARE
X-Urbn-Context-Path
X-Edge-Server
X-PJAX-URL
Locale
Cdn-Host
X-Urbn-Site-Id
X-BBXSRF
X-Li-Pop
X-Swift-Error
X-Cache-Debug
Pics-Label
Serverid
X-Info
X-Cache-Ttl
Fastly-Soc-X-Request-Id
X-CDN-Pop-IP
SS
X-Qloud-Router
X-CDN-Pop
Dont-Set-Cookie
X-GZIP
X-Fe
X-VG-WebCache
X-Dw-Trace-Id
X-PF-Uncompressing
X-ID
X-Optimization
Group
NX-Cache
X-Env
X-Content-Encoded-By
X-P-T
Requestid
X-RateLimit-Reset
X-Bug-Bounty
X-Cache-HT
V-Cache
Is-Session-Tracking
Get-Access-Time
X-NGINX-Cache
X-SN
Who
CDN-Cache
CDN-Cache-Hit
X-Varnish-Info
URI
Lb
CDN-Node
X-CacheKey
X-ServerName
Xet-Cookie
AGE-Hash
X-Akamai-SSL-Client-Sid
X-Grace-Duration
X-Serial
X-CSRF-TOKEN
Powered-By
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Protected-By
X-Cache-FS-Status
X-RequestId
X-Akamai-ERPolicy
X-Flags
X-Is-Crawler
X-Providence-Cookie
X-Akamai-ERRuleID
X-Litespeed-Cache-Control
X-Route-Name
X-Shard
X-Ver
Https
SID