Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
Last-Modified
Accept-Ranges
Pragma
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
Expect-CT
Via
X-XSS-Protection
X-Cache
Age
Access-Control-Allow-Origin
Content-Security-Policy
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Served-By
X-Amz-Cf-Id
X-Varnish
Referrer-Policy
X-Xss-Protection
X-Timer
CF-Cache-Status
X-FRAME-OPTIONS
Access-Control-Allow-Headers
X-AspNet-Version
X-Request-Id
Access-Control-Allow-Methods
X-Runtime
X-Download-Options
Access-Control-Allow-Credentials
X-Drupal-Cache
X-Cacheable
Alt-Svc
X-Request-ID
X-Generator
Content-Security-Policy-Report-Only
X-Check
X-AspNetMvc-Version
Status
X-Cache-Status
X-Adblock-Key
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Iinfo
X-Permitted-Cross-Domain-Policies
X-Template
Content-Encoding
X-Language
X-Content-Security-Policy
X-Turbo-Charged-By
X-CDN
X-Type
X-Buckets
Keep-Alive
Xkey
X-AH-Environment
X-Backend
Access-Control-Max-Age
WPE-Backend
X-Pass-Why
X-Age
X-Cache-Group
X-Server
CF-Ray
Upgrade
X-POWERED-BY
EagleId
Access-Control-Expose-Headers
X-Via
X-Nginx-Cache-Status
X-Server-Powered-By
X-Drupal-Dynamic-Cache
X-Pingback
X-Varnish-Cache
Grace
X-Hacker
X-Amz-Request-Id
X-Amz-Id-2
X-Swift-CacheTime
X-Swift-SaveTime
X-UA-Device
X-Robots-Tag
Ali-Swift-Global-Savetime
Cf-Railgun
P3p
X-LiteSpeed-Cache
X-Proxy-Cache
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Ua-Compatible
Request-Context
Content-Location
X-Device
X-Ac
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Cnection
X-Node
X-Amz-Version-Id
X-Host
X-Cache-Lookup
Surrogate-Control
X-Server-Id
X-WebKit-CSP
X-Backend-Server
X-Rq
X-Rack-Cache
X-Response-Time
X-Application-Context
X-Readtime
EagleEye-TraceId
X-CST
Server-Timing
Pinterest-Generated-By
X-Cloud-Trace-Context
X-Url
X-TTL
Request-Id
X-Instart-Request-ID
Report-To
X-Px
X-Country
X-ORACLE-DMS-ECID
X-OneAgent-JS-Injection
X-Clacks-Overhead
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Feature-Policy
Edge-Control
Rating
X-Country-Code
Allow
X-DynaTrace-JS-Agent
X-ESI
X-DataDome
Charset
X-Powered-CMS
X-Server-Name
X-Vname
X-TtlSet
X-PC
X-Dns-Prefetch-Control
X-FTR-Request-ID
X-Origin-Cache
X-DynaTrace
NEL
X-MS-InvokeApp
X-Cached
X-Goog-Hash
X-Recruiting
X-Varnish-TTL
X-Vhost
X-VARITI-CCR
X-GitHub-Request-Id
RTSS
X-ORACLE-DMS-RID
Content-MD5
X-Version
X-F-Cache
X-GoogleNews-Bot
X-Kinja
X-Geo-Segment
X-Exp-Id
X-Cdn-Fetch
X-Kinja-Build
X-Exp-Variant
X-Kinja-Revision
X-Kinja-Server
X-Powered-By-Plesk
Accept-CH
Public-Key-Pins
PB-RID
PB-PID
X-Mobile-Rewrite
Arc-Version
X-Mod-Pagespeed
X-D2id
X-Pinterest-Rid
X-Upstream-Env
Pinterest-Version
Verso
X-Client-IP
MS-Author-Via
X-Abt-Application-Version
SPRequestGuid
X-CF-Powered-By
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Dispatcher
X-N
X-SharePointHealthScore
X-Amz-Rid
AR-PoweredBy
AR-ATIME
X-Navigation-Version
Accept-CH-Lifetime
Nginx-Cache
AR-CACHE
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Dw-Request-Base-Id
DynaTrace
X-T
X-Trace
X-Fastly-Request-ID
Paypal-Debug-Id
X-Grace
X-Upstream
X-Varnish-Age
X-Hits
Arr-Disable-Session-Affinity
TCN
X-Forwarded-Proto
X-DIS-Request-ID
X-Origin-Upstream-Status
X-Id
X-Amz-Meta-S3cmd-Attrs
X-Pad
X-Shield-Request-Id
SPRequestDuration
SPIisLatency
X-Oneagent-Js-Injection
Permitted-Cross-Domain-Policies
X-FastCGI-Cache
X-Do-Not-Hack
X-HeyJason
X-Ruxit-JS-Agent
AR-SID
X-Content-Options
X-Content-Digest
Realpath
X-NF-Request-ID
X-Cache-Hit
X-IPLB-Instance
Access-Control-Request-Method
X-Kinsta-Cache
MRF-Tech
Mrf-Cache-Status
X-Mrf-Section-Lastmod
X-Logged-In
X-Acc-Meta-Resource-Type
X-Mrf-Item-Lastmod
X-B
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Server-ID
X-Goog-Storage-Class
X-HW
X-SS-Set-Cookie
X-Vcap-Request-Id
X-Debug
S
Service-Worker-Allowed
X-Ser
X-MSEdge-Ref
X-XRDS-Location
X-Wix-Server-Artifact-Id
Server-Name
X-Frontend
X-PressLabs-Stats
X-Cache-Key
Tracecode
X-FTR-DC
X-FTR-Cache-Status
X-FTR-Realm
X-FTR-Backend-Server
X-Country-Code-Real
X-FTR-Backend
X-FTR-Balancer
X-NewRelic-App-Data
AMP-Access-Control-Allow-Source-Origin
X-FTR-Expires
Rt-Fastcgi-Cache
Fastcgi-Cache
X-Forwarded-For
X-Webkit-CSP
Surrogate-Key
X-GUploader-UploadID
X-Oracle-Dms-Rid
Eomportal-Instance
Alternate-Protocol
Fastly-Restarts
X-Cache-Rule
Cleartype
Cache-Status
Backend-Timing
X-Analytics
X-HS-Hub-Id
X-Srv
Host
X-HS-Content-Id
TP-L2-Cache
X-VCache
TP-Cache
X-Revision
X-Rid
X-Whom
X-RateLimit-Remaining
Public-Key-Pins-Report-Only
X-User-Agent
X-XRDS-LOCATION
X-Accel-Buffering
X-FTR-Cache-Host
FilterID
X-Debug-Info
X-Akam-SW-Version
X-NWS-LOG-UUID
X-AOL-HN
X-TA-CDN-Provider
ServerID
X-Cache-2
X-Varnish-Backend
X-Via-JSL
X-Content-Powered-By
Front-End-Https
Accept-Charset
X-Mobile
X-Request-Received
X-Request-Processing-Time
X-Zen-Fury
X-Cdn
X-Kinja-Server-Push
X-Cached-By
Viewport
X-Ttl
X-WPE-Loopback-Upstream-Addr
X-Node-Name
X-B3-Traceid
X-Magnolia-Registration
X-App-Environment
X-Correlation-Id
Liferay-Portal
X-Content-Security-Policy-Report-Only
X-Page-Id
X-LB-Cache
X-Tumblr-Pixel
X-Cluster
X-Tumblr-Pixel-0
X-Varnish-Hostname
X-Tumblr-User
Host-Header
X-Handled-By
X-Akamai-Edgescape
X-Framework
X-TT
X-Cache-Control
X-Request-Guid
X-Device-Type
X-B3-Sampled
X-Signature
X-FB-Debug
X-B-Cache
X-Platform-Server
Upgrade-Insecure-Requests
X-Instance
X-BCube-Filmed-By
Cache-Tag
DC
X-Cache-Server
X-Hostname
Server-Node
X-Origin-Server
X-TT-TIMESTAMP
MicrosoftSharePointTeamServices
Source
X-Amzn-Trace-Id
X-Sol
Display
Retry-After
X-Middleton-Display
X-Accel-Expires
X-APP-VERSION
X-Contextid
X-Servedby
X-WA-Info
X-Varnish-Server
HitInfo
HitType
Server-Info
X-Cache-Action
X-Distil-CS
X-Cache-Operation
X-Seen-By
X-Port
Content-Style-Type
X-Wix-Request-Id
Content-Script-Type
Webserver
X-GeoIP
X-Amz-Replication-Status
X-Fastcgi-Cache
X-RequestSource
X-S
X-Tumblr-Pixel-1
X-Generated-By
X-Tumblr-Pixel-2
X-Edge-Location
X-WebKit-CSP-Report-Only
GEO-INFO
Healthy
Actual-Object-TTL
X-Locale
X-Status
X-Jobs
User-Agent
X-FW-Type
AsisCache
X-FW-Serve
X-FW-Hash
X-FW-Static
X-Edge-Cache
X-Edge-Cache-Key
X-FW-Server
X-Response-Served-From
X-Geo-Country
X-Region
X-Varnish-Hits
X-UUID
X-Adobe-Content
X-TX-ID
X-Drupal-Cache-Tags
X-Adobe-Loc
ServedBy
X-Hyper-Cache
SRV
Refresh
X-Daa-Tunnel
X-DataStream-Cache-Status
X-ATG-Version
X-Newrelic-App-Data
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Varnish-Grace
Response
X-Middleton-Response
X-Cache-TTL-Remaining
X-Cache-NE
X-Iejgwucgyu
Filters
IBM-Web2-Location
X-Amz-Server-Side-Encryption
X-Cache-Age
NGB
X-Esi
S-Cnection
X-CDN-Forward
X-Content-Type
Payment
X-Activity-Id
X-URL
X-Az
X-AppVersion
X-Proxied
X-Pc-Key
X-Pc-Hit
X-Pc-Appver
X-Cache-Remote
X-UA
X-App-Server
Datacenter
X-Cacheable-TTL
X-Ruxit-Js-Agent
X-Cache-TTL
X-Vg-Webcache
Country
Served-By
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
AR-Request-ID
Edge-Cache-Tag
X-HS-Cache-Config
X-Unique-ID
X-Sucuri-ID
X-Mode
X-Akamai-Transformed
X-Varnish-IP
X-Detected-As
X-Cache-Var-Map
X-RemovedCookies
Machine
X-RN-RSRV
X-Cache-Var
Meta-Geo
X-Is-Bot
X-Rendered-As
X-ProcessESI
Load-Balancing
X-Rocket-Nginx-Bypass
Cache
X-Real-IP
X-Proxy
X-FC-Vary-Parameters
X-OCL
X-PCL
X-Origin-Hint
X-Origin
X-Varnish-Cache-Hits
Access-Control-Allow-Method
X-ProxyCache-Status
X-ProxyCache-Key
X-Human
TWC-Privacy
TWC-Locale-Group
User-Cache-Control
Webcakes-App-Name
DB-Nickname
TWC-GeoIP-LatLong
TWC-GeoIP-Country
Mn-Server-Ip
Property-Id
TWC-Connection-Speed
TWC-Device-Class
Webcakes-App-Version
Webcakes-Region
Cache-Name
X-Hosted-By
X-Rule
X-Varnish-Cacheable
X-Tb
X-Grey
X-EIG-Tracking-Id
X-Amz-Meta-Surrogate-Control
X-BB-IP
X-BYPASS-REASON
X-Cache-Category-Id
X-ServerID
Backend
X-Environment-Context
X-Section
L5d-Success-Class
X-OVcl-Cache
X-OVcl
X-Site-Version
Azure-Version
Azure-InstanceId
X-TNCMS
Azure-RegionName
Azure-SiteName
Azure-SlotName
Now
X-Original-Request
X-CDN-Cache
X-Hit
X-Generated
X-Debug-Cache
X-Format
X-JoinUs
X-L-Path
ServerName
S-Rt
X-NodeID
X-Access
X-Loop
X-Upgrade-Enabled
X-Routing-Service
X-Zipkin-Id
X-HS-Combine-CSS
X-Viewer-Country
Cache-Key
X-App-Name
X-AWS-Id
X-ApacheServer
X-Agile-Age
X-Ocache
X-Pubstack
X-NGENIX-Cache
X-Agile
X-Www-Served-By
X-Agile-Id
X-VWS-Id
X-PERF
X-TWH-CORRELATION-ID
X-Cache-Config
X-IP
X-Via-Fastly
X-LJ-Flow-ID
Access-Control-Request-Headers
X-SplitTest
X-Origin-CC
X-Drupal-Cache-Contexts
X-CCM
OT-Force-Account-Verify
X-Backend-Name
X-Correlation-ID
Selected-FE
X-HOST
X-Source
X-Xfnlog-Site
X-Proxy-Build
X-Timing-Wait
X-Pc-Date
X-Upstream-HT
X-Upstream-CT
Pagespeed
X-Pc-Host
Powered-By-ChinaCache
HostName
X-Akamai-Request-ID
Fastcgi-X-Cache
X-Mrs-Age
X-Mshield-Cache-Status
X-Mrs-Cache
X-Mrs-Cache-Hits
Fastcgi-Useragent
X-Nginx-Cache
Fastcgi-X-Cache-Version
X-RateLimit-Limit
X-Storage
X-Vgn-Hpd-Reason
From-Origin
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Forwarded-Host
X-Litespeed-Cache
X-NC
Fastly-SSL
X-Time-Microsecs
X-NCache
XServer
X-Internal-Host
X-M-Reqid
X-Qnm-Cache
X-Feature
X-M-Log
X-Release
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-Microcachable
X-Distributor
X-Birta-Served
X-Birta-Cache-Post
X-Labrador-Cache-Channel
LB
X-Ms-Blob-Type
X-Ms-Request-Id
X-Ms-Lease-Status
X-Ms-Version
X-UA-Device-Type
NtCoent-Length
Pagetype
X-VG-TLSProxy
X-Cache-Backend
X-EdgeConnect-Cache-Status
X-B3-Spanid
X-Transaction
X-PHP-Backend
X-Webkit-Csp
X-Twitter-Response-Tags
X-Connection-Hash
MIME-Version
Frame-Options
Time
X-Sucuri-Cache
X-C
X-Org
Cneonction
X-IN-WAF
X-IN-SSL-APIGATEWAY
X-ARC
X-WebServer
X-Died
X-CACHE-GROUP
X-Via-SSL
X-Via-Edge
Ec-Rule-Version
X-PAYTM-SRV-ID
X-IN-APIGATEWAY
X-Application
X-Date
X-B-Cookie
X-D
X-A-Wwc
Meta-Geo-Continent
X-Developer
X-Destination
MD5-Digest
X-Logtrace-Id
VivaBuild
Viewtype
V-Age
BehaviorPad-Version
Cache-Prefix
AKAMAI
Ajk
Www
T-Server
X-Via-CDN
X-A-Dgt
X-NU-AKA-ACS-Version
X-Accel-Expires-Debug
X-Irp-Debug
X-A-Dcw
X-No-Session
WZWS-RAY
X-Powered-By-ANYU
X-A
X-A-Ccd
X-A-Dam
Xc-Version
X-VG-WebServer
X-SIPLIST1
X-Dispatcher-Server
Host-ID
X-Server-Time
Rendered-Blocks
X-SRCache-Key
X-Web-Node
X-Region-Sid
X-From
X-Request-UUID
X-CF-Lambda-Fn
X-Server-By
X-S-Cookie
X-GZip
X-Rojux
X-Rewrite-Enabled
X-DPWN-IS-SECURE
IsBot
X-CF-Lambda-Version
X-ScT
X-G
X-Instance-Name
X-CS
X-Redis-Cache
X-Trv-Group
X-BB-ID
X-Generation-Time
Server-Int
NGX
X-UE-Client-Country
X-Generated-In
Fly-Request-Id
Mobile-Detection-Method
X-Cache-Bucket
Arc-Country
X-CUA
Fly-Cache
X-FireWall-Port
X-SERVER-NAME
Backend-Name
SN
X-Gen-Mode
X-GeoIP-City
X-Hl-Ver
X-Hash
X-Hnp-Log
Server-Host
HA-Servedtime
HA-Geocountry
HA-Host
Country-Code
Ha-Gx-Prefs
HA-Geolon
HA-Georegion
HA-Geocity
HA-Cloudapp
HA-Geolat
HA-Urlpath
X-Layer
HA-Ipaddr
X-Key
GMS-Ver
X-Owner
X-Block-Status
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Cache-CFC
NodeID
X-UnsetCookies
X-Varnish-Action
X-Eu-Site
X-Var-Ttl
X-Store
X-Cache-Enabled
X-Core-Value
Pragrma
X-S-Maxage
X-CGP
Release
X-Crawler
Origin-Cache-Control
Origin-Edge-Control
X-VCT
X-V
X-Debug-Cookies
X-Platform
X-NX-Host
X-Request-Time
X-Debug-Log
X-External-Request-Id
X-F5-Cache
Web-Mar-Node
X-Origin-TTL
X-Fastly-Cache
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-Phone
X-VServer
Magicmarker
X-Amz-Meta-Cache-Control
X-We-Are-Hiring
X-App-Version
X-Webstats-RespID
X-NWS-UUID-VERIFY
ViewerVersion
Request-EU
Request-Country
Proxy-Connection
X-Epic-Correlation-Id
X-Actual-URL
X-Cache-Host
X-Croise-Owner
X-Cache-Expires
X-Cache-Srv
X-Cache-URL
X-Core-Mission
X-Cdn-Srv
X-Cdn-Origin
X-Backend-Url
X-Backend-TTL
Thinkindot-Control
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
Uber-Trace-Id
X-Developers
X-Backend-State
X-Backend-Host
Section-Io-Cache
X-Matched-Rule
X-Passed-To-DLL
X-Passed-To-BeforeDispatch
X-Passed-To-PostProcessResponse
X-Variation
X-Tumblr-Pixel-3
X-Up
X-Passed-To
X-Cluster-Node
X-MI-In-Market
X-Alternate-Cache-Key
X-MSEdge-Features
Platform
X-Node-Id
X-Nginx-Cache-Key
X-TT-LOGID
X-Trace-Id
X-Returned-From
X-Sf
X-Server-IP
X-Secret
X-Returned-From-DLL
X-Returned-From-BeforeDispatch
X-Response-By
X-Sn-Servicetimems
X-Swa-Ws
X-Thinkindot-L3
X-Reboot
X-Stale
X-Request-URI
X-ShardId
X-MSEdge-Flight
X-Gannett-Site-Version
Is-Eu
Kp-EeAlive
Heartbleed
X-ShopId
X-HTML-Minification-Powered-By
Esi-Enabled
X-FW-Version
MI-API
PFcat
X-Fetched-On
Origin
Odigeo-Trace-Id
MI-Cache
MI-Cache-Age
X-Location
X-GeoIP-Country-Code
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Adler-Geo
Apple-News-Services-Handled
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Returned-From-PostProcessResponse
CDCHOST
X-Shopify-Stage
Apple-News-Services-Request-Url
X-CACHE-AGE
X-Fstrz
X-ServiceProvider
X-Servername
X-ElasticPress-Search
X-RCS-CacheZone
X-Worker
X-Device-Os
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-Policy
X-Content-Age
Powered
REQUESTUUID
Sid
On-Server
HTTPS
Fastly-SIE
Request-Time
Resin-Trace
RNT-Time
RNT-Machine
Fastly-Backend-Name
Decoy-Debug-TTL
Cache-Tags
X-Varnish-Beresp-Ttl
Content-Disposition
Countrycode
Decoy-Debug-Status
Decoy-Debug-Key
X-Clientip
Fastly-SWR
True-Client-Country-4JS
X-Ckpd-Fst-Backend
Server-ID
X-Alicdn-Da-Ups-Status
X-Ezoic-Cdn
X-Skip-Cache
X-Dc
X-Pf-Uncompressing
CACHE
Cteonnt-Length
X-TIME
RequestId
ProcessTime
X-Csrf-Token
Warning
PageSpeed
Cache-Cookie-Set-Lfrom
CF-IPCountry
Cache-Cookie-Set-Idcheck
X-Ua
X-Oss-Server-Time
X-Oss-Storage-Class
X-Oss-Object-Type
X-Oss-Request-Id
X-Endurance-Cache-Level
Cache-Cookie-Set-From
X-Oss-Hash-Crc64ecma
X-Proto
Xserver
CDN
X-Newrelic-Synthetics
WP-Super-Cache
X-Refresh
X-Req
X-Planisys-CDN-Cache
X-Servedbyhost
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
Mail-Subject
We-Hiring
X-Real-Ip
X-Surge-Debug
X-Pjax-Url
X-GEO
X-Cache-ASPX
Hostname
X-B3-TraceId
Ar-Sid
X-Aed
Dnion-Transfer-Encoding
X-GoCache-CacheStatus
X-Varnish-Ttl
X-CSRF-Token
X-Nc
Pramga
X-Edge-IP
X-Varnish-Beresp-TTL
GeoIp-Country-Code
Geoip-Latitude
X-CLOUD-TRACE-CONTEXT
X-DC
X-Atg-Version
NODE
X-Geo
X-Server-W
X-Time
X-COUNTRY
TSSecure
NnCoection
X-Guploader-Uploadid
X-Origin-Expires
X-Page-Type
X-Ms-Lease-State
X-Origin-Date
X-Oracle-Dms-Ecid
X-DataStream-Origin-MEX-Latency
X-HCF
X-Flog
X-Varnish-HitMiss
X-Hello
X-DataStream-MidMile-RTT
X-ABtesting
X-Cache-Control-Set-By
X-Aicache-OS
X-Ratelimit-Limit
MS-CV
A
X-WA
SD-X-WS
X-Server-Group
X-Auto-Login
Lfy
X-Akamai-Request-ID2
X-Datadome
X-Amz-Cf-Pop
X-GRACE
WWW-Authenticate
X-Varnish-Url
Processtime
Cdn
X-Cdn-Forward
FSS-Proxy
FSS-Cache
X-UPSTREAM-Address
Geoip-City
X-Varnish-URL
X-Wix-Route-ID
Node
Mime-Version
PICS-Label
X-Wa
X-Via-NSCOPI
Rt-Proxy-Cache
X-PAGE-TYPE
X-Sentry-ID
Lb
X-From-Cache
X-Use-Magma
Cdn-Request-Time
X-Cache-Id
X-APP
Cdn-Host
X-Edge-Server
X-EC-Security-Audit
X-Gdpr
X-Check-Cacheable
X-Unique-Id
Dont-Set-Cookie
X-NODE
Ms-Operation-Id
X-Nananana
X-RTag
GeoIP-Latitude
Memcached
X-Thanos
X-Served-From
X-Bip
PageType
X-Gen-Id
GeoIP-Country-Code
GeoIP-City
X-SRV
X-Cache-Info
DataCenter
COMMERCE-SERVER-SOFTWARE
X-CACHE-KEY
X-Cookie
X-Be
X-WR-MODIFICATION
X-Env
X-Fastly-Cache-Hits
X-GDPR
X-Optimization
Is-Session-Tracking
X-Proxy-Server
X-Cache-HT
X-Fastly-Backend-Reqs
X-MP-GENERATED-AT
X-Request-Start
Get-Access-Time
X-Dynatrace-Js-Agent
X-Load-Cache
X-FORWARDED-FOR
X-HS-Status
Who
X-Swift-Error
X-Cache-FS-Status
UCS
X-Ver
GW-Server
Memory
X-PJAX-URL
Pics-Label
X-User
Ws
X-Fe
X-Ibm-Trace
X-B3-SpanId
X-RateLimit-Reset
Group
X-Cache-Ttl
X-ServedByHost
V-Cache
X-Meta-Tbi-Cache-Vertical
Cache-Hits
X-Wix-Petri-Ex
URI
Cf-Ipcountry
Httpd-Identifier
X-NGINX-Cache
X-CDN-Pop
X-CDN-Pop-IP
X-Dw-Trace-Id
X-Shard
Amp-Access-Control-Allow-Source-Origin
X-ID
Xet-Cookie
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
AGE-Hash
X-SB
X-VC
X-Bug-Bounty
NX-Cache
Powered-By
X-Goog-Meta-Goog-Reserved-File-Mtime
Requestid
X-GZIP
X-PF-Uncompressing
Serverid
X-LI-UUID
X-Ratelimit-Remaining
X-Urbn-Context-Path
X-Urbn-Site-Id
X-LI-Proto
X-StackifyID
Locale
Accept-Language
X-BBXSRF
X-Content-Encoded-By
X-Li-Fabric
X-Li-Pop
CDN-Cache-Hit
CDN-Node
Ohc-File-Size
X-CacheKey
Version
CDN-Cache
X-Varnish-Info
N-Cache
X-Path-Route
X-ServerName
X-Route-Name
X-Providence-Cookie
X-Is-Crawler
X-Litespeed-Cache-Control
X-Flags
X-Cache-Debug
X-Akamai-ERPolicy
X-Grace-Duration
X-LiteSpeed-Cache-Control
X-P-T
Https
X-Akamai-ERRuleID
X-Cache-Handler
X-RequestId