Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
Last-Modified
Accept-Ranges
Pragma
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
Expect-CT
Via
X-XSS-Protection
X-Cache
Age
Access-Control-Allow-Origin
Content-Security-Policy
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Served-By
X-Amz-Cf-Id
X-Varnish
Referrer-Policy
X-Xss-Protection
X-Timer
CF-Cache-Status
X-FRAME-OPTIONS
Access-Control-Allow-Headers
X-AspNet-Version
X-Request-Id
Access-Control-Allow-Methods
X-Runtime
X-Download-Options
Access-Control-Allow-Credentials
X-Drupal-Cache
X-Cacheable
X-Request-ID
Alt-Svc
X-Generator
Content-Security-Policy-Report-Only
X-Check
X-AspNetMvc-Version
X-Adblock-Key
Status
X-Cache-Status
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Permitted-Cross-Domain-Policies
X-Template
X-Iinfo
X-Language
Content-Encoding
X-Content-Security-Policy
X-Turbo-Charged-By
X-CDN
X-Buckets
X-Type
Keep-Alive
Xkey
X-AH-Environment
X-Cache-Group
X-Backend
WPE-Backend
X-Pass-Why
Access-Control-Max-Age
X-Age
CF-Ray
X-POWERED-BY
Upgrade
X-Server
Access-Control-Expose-Headers
EagleId
X-Via
X-Nginx-Cache-Status
X-Server-Powered-By
X-Drupal-Dynamic-Cache
X-Pingback
X-Varnish-Cache
X-Amz-Id-2
X-Amz-Request-Id
X-Hacker
Grace
X-UA-Device
X-Swift-SaveTime
X-Swift-CacheTime
X-Robots-Tag
Ali-Swift-Global-Savetime
P3p
Cf-Railgun
X-LiteSpeed-Cache
X-Proxy-Cache
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Ua-Compatible
Request-Context
Content-Location
X-Device
X-Ac
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Cnection
X-Amz-Version-Id
X-Host
X-Node
X-Cache-Lookup
Surrogate-Control
X-Server-Id
X-Backend-Server
X-WebKit-CSP
X-Rq
X-Response-Time
X-Rack-Cache
X-Readtime
X-Application-Context
EagleEye-TraceId
X-OneAgent-JS-Injection
Server-Timing
X-CST
X-Cloud-Trace-Context
Pinterest-Generated-By
X-Url
Report-To
Request-Id
X-TTL
X-Instart-Request-ID
X-Country
X-ORACLE-DMS-ECID
X-Px
X-Clacks-Overhead
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Feature-Policy
Edge-Control
X-Country-Code
Rating
Allow
X-Dns-Prefetch-Control
X-DataDome
X-DynaTrace-JS-Agent
X-ESI
X-Powered-CMS
X-TtlSet
X-Vname
X-PC
X-FTR-Request-ID
Charset
X-Server-Name
NEL
X-Origin-Cache
X-DynaTrace
X-MS-InvokeApp
X-Cached
X-Goog-Hash
X-Vhost
X-Recruiting
X-GitHub-Request-Id
X-VARITI-CCR
RTSS
Content-MD5
X-Varnish-TTL
X-F-Cache
X-Version
X-Geo-Segment
X-Exp-Variant
X-Cdn-Fetch
X-GoogleNews-Bot
X-Kinja-Server
X-Exp-Id
X-Kinja-Revision
X-Kinja-Build
X-Kinja
X-Powered-By-Plesk
Accept-CH
Public-Key-Pins
PB-PID
PB-RID
X-Mobile-Rewrite
Arc-Version
X-D2id
X-ORACLE-DMS-RID
X-Mod-Pagespeed
MS-Author-Via
Verso
X-Client-IP
Pinterest-Version
X-Upstream-Env
X-Pinterest-Rid
X-Abt-Application-Version
SPRequestGuid
X-Dispatcher
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-N
X-SharePointHealthScore
X-CF-Powered-By
X-Amz-Rid
Nginx-Cache
X-Ruxit-JS-Agent
Accept-CH-Lifetime
X-Navigation-Version
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-Dw-Request-Base-Id
X-Fastly-Request-ID
X-Trace
X-Server-ID
Paypal-Debug-Id
X-T
X-Forwarded-Proto
DynaTrace
X-DIS-Request-ID
X-Upstream
X-Varnish-Age
X-Grace
AR-PoweredBy
AR-ATIME
X-Hits
X-Origin-Upstream-Status
Arr-Disable-Session-Affinity
TCN
X-Amz-Meta-S3cmd-Attrs
SPIisLatency
SPRequestDuration
AR-CACHE
X-Id
X-Pad
X-Shield-Request-Id
X-Content-Options
X-Content-Digest
Realpath
X-NF-Request-ID
Access-Control-Request-Method
X-Kinsta-Cache
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
Mrf-Cache-Status
MRF-Tech
X-IPLB-Instance
X-HW
X-Cache-Hit
X-Acc-Meta-Resource-Type
X-Logged-In
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Goog-Generation
X-Goog-Metageneration
X-B
X-Vcap-Request-Id
X-Debug
X-SS-Set-Cookie
X-FastCGI-Cache
X-XRDS-Location
X-Oracle-Dms-Rid
X-Wix-Server-Artifact-Id
X-Ser
Service-Worker-Allowed
S
Tracecode
X-MSEdge-Ref
X-Cache-Key
AR-SID
Server-Name
X-PressLabs-Stats
X-Country-Code-Real
X-FTR-Backend
X-FTR-Realm
X-Frontend
X-FTR-DC
X-FTR-Cache-Status
X-FTR-Balancer
X-FTR-Backend-Server
AMP-Access-Control-Allow-Source-Origin
X-NewRelic-App-Data
X-FTR-Expires
Fastly-Restarts
X-Do-Not-Hack
Permitted-Cross-Domain-Policies
X-HeyJason
Rt-Fastcgi-Cache
X-Forwarded-For
Surrogate-Key
Fastcgi-Cache
X-Accel-Buffering
Alternate-Protocol
Eomportal-Instance
X-Cache-Rule
X-Analytics
Backend-Timing
Cleartype
Cache-Status
X-HS-Content-Id
X-HS-Hub-Id
Host
TP-Cache
TP-L2-Cache
X-Revision
X-Rid
X-TA-CDN-Provider
FilterID
Public-Key-Pins-Report-Only
X-Whom
X-FTR-Cache-Host
X-User-Agent
X-Debug-Info
X-GUploader-UploadID
X-RateLimit-Remaining
X-Akam-SW-Version
X-Srv
Front-End-Https
X-AOL-HN
X-XRDS-LOCATION
X-Varnish-Backend
X-Mobile
X-Webkit-CSP
Accept-Charset
X-VCache
ServerID
X-Cache-2
X-Cdn
X-NWS-LOG-UUID
X-Kinja-Server-Push
X-Via-JSL
X-Content-Powered-By
X-Request-Processing-Time
X-Request-Received
X-Zen-Fury
X-Oneagent-Js-Injection
X-Ttl
X-Cached-By
X-WPE-Loopback-Upstream-Addr
Viewport
X-App-Environment
X-LB-Cache
X-Node-Name
Host-Header
X-Varnish-Hostname
X-Page-Id
X-Tumblr-User
X-Tumblr-Pixel-0
X-Magnolia-Registration
X-Cluster
X-Tumblr-Pixel
X-Handled-By
X-Akamai-Edgescape
X-Device-Type
X-Framework
X-Cache-Control
X-TT
X-Iejgwucgyu
X-Request-Guid
X-BCube-Filmed-By
X-Content-Security-Policy-Report-Only
X-B3-Sampled
Liferay-Portal
X-Signature
X-B-Cache
X-Correlation-Id
X-Platform-Server
Upgrade-Insecure-Requests
X-FB-Debug
Cache-Tag
X-Instance
DC
X-Fastcgi-Cache
X-Cache-Server
Display
X-Middleton-Display
X-Sol
X-Hostname
X-Amzn-Trace-Id
X-Origin-Server
MicrosoftSharePointTeamServices
Server-Node
X-B3-Traceid
X-TT-TIMESTAMP
X-Accel-Expires
Retry-After
Source
X-WA-Info
X-Varnish-Server
X-Servedby
X-Contextid
X-Distil-CS
Server-Info
HitInfo
HitType
X-Cache-Action
X-Cache-Operation
X-Seen-By
X-Wix-Request-Id
Content-Script-Type
Content-Style-Type
Webserver
User-Agent
X-Amz-Replication-Status
X-GeoIP
X-Tumblr-Pixel-1
X-Edge-Location
X-Tumblr-Pixel-2
X-RequestSource
X-S
Actual-Object-TTL
SRV
X-Locale
GEO-INFO
X-Status
X-WebKit-CSP-Report-Only
X-Jobs
X-FW-Hash
X-Region
X-Edge-Cache-Key
X-APP-VERSION
AsisCache
X-FW-Server
X-Response-Served-From
X-FW-Static
X-UUID
X-Edge-Cache
X-Newrelic-App-Data
X-FW-Type
X-FW-Serve
X-Varnish-Hits
ServedBy
X-TX-ID
X-Generated-By
X-Port
X-Adobe-Content
X-Adobe-Loc
X-Drupal-Cache-Tags
Healthy
Refresh
X-ATG-Version
X-Cache-NE
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Hyper-Cache
X-Geo-Country
X-Middleton-Response
Response
X-Esi
X-DataStream-Cache-Status
X-Cache-TTL-Remaining
Payment
S-Cnection
X-URL
IBM-Web2-Location
X-Varnish-Grace
X-Daa-Tunnel
X-Content-Type
Filters
X-Amz-Server-Side-Encryption
X-Cache-Age
Datacenter
NGB
X-Webkit-Csp
X-Activity-Id
X-Az
X-AppVersion
Country
X-HS-Cache-Config
Edge-Cache-Tag
X-Cache-Remote
X-Pc-Appver
X-Pc-Hit
X-Pc-Key
X-Cache-TTL
Served-By
X-Vg-Webcache
X-Cacheable-TTL
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Varnish-IP
X-Proxied
X-App-Server
X-HS-Combine-CSS
X-CDN-Forward
X-Sucuri-ID
HostName
X-Akamai-Transformed
X-UA
X-Mode
X-Mrs-Cache-Hits
X-Mrs-Cache
Powered-By-ChinaCache
X-Rule
Load-Balancing
Machine
Meta-Geo
X-ProcessESI
X-Mrs-Age
X-RemovedCookies
X-Is-Bot
X-Cache-Var
X-Mshield-Cache-Status
X-Detected-As
X-RN-RSRV
X-Cache-Var-Map
X-Rendered-As
X-FC-Vary-Parameters
X-Rocket-Nginx-Bypass
X-Proxy
TWC-Privacy
User-Cache-Control
X-ServerID
TWC-Locale-Group
TWC-Connection-Speed
OT-Force-Account-Verify
TWC-Device-Class
TWC-GeoIP-Country
Property-Id
TWC-GeoIP-LatLong
Mn-Server-Ip
X-PCL
X-Hosted-By
X-Human
Backend
X-Varnish-Cache-Hits
X-Grey
X-ProxyCache-Status
X-Cache-Category-Id
Access-Control-Allow-Method
X-ProxyCache-Key
X-Amz-Meta-Surrogate-Control
X-Origin
X-OCL
X-Origin-Hint
Webcakes-App-Version
Webcakes-App-Name
Webcakes-Region
X-BYPASS-REASON
Cache-Name
DB-Nickname
X-Tb
X-Varnish-Cacheable
Azure-InstanceId
Azure-SlotName
Azure-Version
Now
L5d-Success-Class
Azure-RegionName
X-TNCMS
X-Generated
X-Access
X-Hit
X-JoinUs
X-Format
X-EIG-Tracking-Id
X-BB-IP
X-CDN-Cache
X-Debug-Cache
X-Loop
X-NodeID
X-Site-Version
X-Section
X-Routing-Service
ServerName
X-Upgrade-Enabled
X-Zipkin-Id
X-Original-Request
X-OVcl
X-OVcl-Cache
S-Rt
Azure-SiteName
X-Correlation-ID
X-Viewer-Country
X-AWS-Id
X-Via-Fastly
X-Cache-Config
X-HOST
X-App-Name
X-VWS-Id
X-Www-Served-By
X-Agile
X-Agile-Age
X-Agile-Id
X-TWH-CORRELATION-ID
X-Environment-Context
X-NGENIX-Cache
X-PERF
X-Proxy-Build
X-Pubstack
X-LJ-Flow-ID
X-L-Path
X-Timing-Wait
X-RateLimit-Limit
X-SplitTest
X-IP
Selected-FE
X-ApacheServer
Fastcgi-X-Cache
Cache-Key
Access-Control-Request-Headers
Fastcgi-X-Cache-Version
Fastcgi-Useragent
X-Unique-ID
X-Drupal-Cache-Contexts
X-Origin-CC
X-Ocache
X-Upstream-CT
X-CCM
X-Upstream-HT
Pagespeed
Cache
X-Source
X-Xfnlog-Site
X-Nginx-Cache
X-Backend-Name
From-Origin
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Akamai-Request-ID
X-Litespeed-Cache
X-Real-IP
X-Forwarded-Host
X-Storage
AR-Request-ID
LB
X-Vgn-Hpd-Reason
X-Pc-Host
Fastly-SSL
X-Pc-Date
X-Feature
NtCoent-Length
X-App-Version
X-Ms-Version
X-Ms-Lease-Status
X-Ms-Request-Id
X-Ms-Blob-Type
X-M-Reqid
X-M-Log
X-Varnish-Beresp-Grace
X-Birta-Cache-Post
X-Time-Microsecs
X-Varnish-Beresp-Status
X-NCache
X-Qnm-Cache
X-Birta-Served
X-Labrador-Cache-Channel
X-Internal-Host
X-VG-TLSProxy
X-Release
ViewerVersion
X-Distributor
X-Ruxit-Js-Agent
X-NC
X-Microcachable
X-EdgeConnect-Cache-Status
X-Cluster-Node
Time
WZWS-RAY
X-UA-Device-Type
X-Powered-By-ANYU
X-SERVER-NAME
X-Transaction
Pagetype
X-Twitter-Response-Tags
X-Connection-Hash
Xserver
X-Cache-Backend
Ec-Rule-Version
REQUESTUUID
Cache-Prefix
Server-Int
Arc-Country
BehaviorPad-Version
AKAMAI
X-Sucuri-Cache
NGX
X-Cache-Enabled
Fly-Request-Id
IsBot
Meta-Geo-Continent
Fly-Cache
Ajk
MD5-Digest
X-Request-Time
Mobile-Detection-Method
Rendered-Blocks
X-Application
X-Redis-Cache
X-PAYTM-SRV-ID
X-Region-Sid
X-Request-UUID
X-Rojux
X-Rewrite-Enabled
X-Org
X-NU-AKA-ACS-Version
X-IN-WAF
X-IN-SSL-APIGATEWAY
X-Irp-Debug
X-Logtrace-Id
X-No-Session
X-S-Cookie
X-ScT
X-Via-Edge
X-Via-CDN
X-Via-SSL
X-WebServer
Xc-Version
X-VG-WebServer
X-UE-Client-Country
X-Server-Time
X-Server-By
X-SIPLIST1
X-SRCache-Key
X-Trv-Group
X-IN-APIGATEWAY
X-Generation-Time
X-A-Wwc
X-A-Dgt
X-Accel-Expires-Debug
X-ARC
X-BB-ID
X-B-Cookie
X-A-Dcw
X-A-Dam
VivaBuild
Viewtype
Www
X-A
X-A-Ccd
X-Cache-Bucket
X-CF-Lambda-Fn
X-DPWN-IS-SECURE
X-Dispatcher-Server
X-From
X-G
X-Generated-In
X-Died
X-Developer
X-CUA
X-CF-Lambda-Version
X-D
X-Date
X-Destination
T-Server
V-Age
Cneonction
X-B3-Spanid
X-FireWall-Port
Frame-Options
Web-Mar-Node
X-Wikidot-Static-Cache
SN
Server-Host
Release
Pragrma
X-Wikidot-Backend
X-Amz-Meta-Cache-Control
CACHE
X-Block-Status
X-VServer
X-We-Are-Hiring
Country-Code
X-Web-Node
Powered
Origin-Cache-Control
HA-Geolat
HA-Geocountry
HA-Geocity
HA-Geolon
HA-Georegion
HA-Host
Ha-Gx-Prefs
HA-Cloudapp
HA-Servedtime
X-Cache-CFC
Origin-Edge-Control
NodeID
Magicmarker
GMS-Ver
HA-Urlpath
X-Store
Backend-Name
X-Hnp-Log
X-Key
X-Layer
X-Hl-Ver
X-Hash
X-Gen-Mode
X-GeoIP-City
X-Node-Id
X-Origin-TTL
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-S-Maxage
X-Policy
X-Platform
X-Owner
X-Phone
X-VCT
X-UnsetCookies
X-C
ProcessTime
X-CS
X-Crawler
X-Core-Value
X-Varnish-Action
X-Eu-Site
X-F5-Cache
X-Fastly-Cache
HA-Ipaddr
X-External-Request-Id
X-CGP
X-CACHE-AGE
X-B3-TraceId
Ar-Sid
X-NWS-UUID-VERIFY
X-Real-Ip
X-Instance-Name
X-Sorting-Hat-ShopId
X-ShopId
X-ShardId
X-Shopify-Stage
X-Sorting-Hat-PodId
X-Alternate-Cache-Key
X-Webstats-RespID
Apple-News-Services-Host
X-Croise-Owner
X-Passed-To-BeforeDispatch
Apple-News-Services-Parsed-Url
Countrycode
X-Epic-Correlation-Id
X-Gannett-Site-Version
X-Core-Mission
X-Passed-To-PostProcessResponse
Thinkindot-Control
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
Apple-News-Services-Handled
Uber-Trace-Id
X-Tumblr-Pixel-3
X-Passed-To
X-Passed-To-DLL
X-Swa-Ws
X-Cache-Expires
X-MI-In-Market
X-MSEdge-Features
X-MSEdge-Flight
Apple-News-Services-Request-Url
X-Location
X-Varnish-Beresp-Ttl
X-Cache-URL
X-Cache-Srv
X-Matched-Rule
X-Nginx-Cache-Key
X-Backend-Url
X-Clientip
X-NX-Host
X-Actual-URL
Adler-Geo
X-Thinkindot-L3
CDCHOST
X-Backend-TTL
X-Backend-State
X-Backend-Host
X-Stale
X-RCS-CacheZone
X-Var-Ttl
X-HTML-Minification-Powered-By
MI-Cache-Age
X-Developers
X-Returned-From-PostProcessResponse
Origin
X-Cdn-Srv
Odigeo-Trace-Id
MI-Cache
MI-API
Is-Eu
X-Variation
X-Server-IP
X-Sf
Kp-EeAlive
X-FW-Version
Heartbleed
X-Secret
X-Returned-From-BeforeDispatch
X-Returned-From-DLL
X-Fetched-On
X-Reboot
X-Request-URI
X-Returned-From
X-Debug-Cookies
XServer
Esi-Enabled
Section-Io-Cache
X-GeoIP-Country-Code
Request-Country
Request-EU
Platform
Proxy-Connection
X-Up
X-TT-LOGID
X-Response-By
X-Debug-Log
X-Ua
X-Endurance-Cache-Level
PageSpeed
X-V
MIME-Version
X-GZip
X-ElasticPress-Search
X-Content-Age
X-Device-Os
X-Ckpd-Fst-Backend
Decoy-Debug-TTL
On-Server
X-Fstrz
Fastly-Backend-Name
X-Varnish-Ttl
Resin-Trace
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
Host-ID
X-ServiceProvider
HTTPS
Cache-Cookie-Set-Lfrom
X-Sn-Servicetimems
RNT-Machine
RNT-Time
Warning
X-Servername
Cache-Tags
X-Trace-Id
X-Cache-Host
Content-Disposition
Decoy-Debug-Key
Server-ID
True-Client-Country-4JS
X-Worker
Decoy-Debug-Status
X-Cdn-Origin
X-Ezoic-Cdn
X-Guploader-Uploadid
Fastly-SWR
X-Newrelic-Synthetics
X-Skip-Cache
Fastly-SIE
X-Rebelmouse-Surrogate-Control
X-Alicdn-Da-Ups-Status
X-Rebelmouse-Cache-Control
X-Csrf-Token
X-PHP-Backend
X-Dc
Request-Time
RequestId
Sid
PFcat
X-Surge-Debug
X-Pf-Uncompressing
X-Nc
X-Proto
X-Req
X-TIME
Cteonnt-Length
CF-IPCountry
X-Refresh
Mail-Subject
X-Aed
We-Hiring
X-Pjax-Url
Pramga
WP-Super-Cache
X-Edge-IP
X-GEO
X-Time
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Servedbyhost
TSSecure
X-Planisys-CDN-TTL
X-Oss-Object-Type
X-Oss-Request-Id
X-Oss-Server-Time
X-Oss-Storage-Class
X-Oss-Hash-Crc64ecma
X-Geo
X-Ms-Lease-State
X-Atg-Version
X-DC
X-CLOUD-TRACE-CONTEXT
X-Amz-Cf-Pop
X-ABtesting
X-Hello
X-COUNTRY
CDN
X-Page-Type
X-Cache-ASPX
X-Flog
X-Server-W
Dnion-Transfer-Encoding
X-Cdn-Forward
Cdn
X-CSRF-Token
X-Varnish-Url
X-GoCache-CacheStatus
Geoip-Latitude
GeoIp-Country-Code
X-Varnish-Beresp-TTL
X-Oracle-Dms-Ecid
Lfy
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
X-Auto-Login
X-Ratelimit-Limit
X-Aicache-OS
FSS-Cache
FSS-Proxy
A
Mime-Version
NnCoection
X-Origin-Expires
X-Akamai-Request-ID2
X-Datadome
X-Dynatrace-Js-Agent
NODE
X-WA
X-Unique-Id
X-Origin-Date
X-GRACE
MS-CV
Hostname
X-Via-NSCOPI
X-Varnish-HitMiss
Rt-Proxy-Cache
X-Sentry-ID
X-HCF
X-Cache-Control-Set-By
X-EC-Security-Audit
Node
X-SRV
X-APP
PageType
SD-X-WS
X-Wa
WWW-Authenticate
X-UPSTREAM-Address
X-Cache-Id
X-Bip
X-Served-From
Memcached
X-Thanos
X-Server-Group
X-MP-GENERATED-AT
X-Check-Cacheable
X-Use-Magma
X-Cache-Info
Geoip-City
GeoIP-Country-Code
X-Be
GeoIP-Latitude
X-NODE
GeoIP-City
X-Wix-Route-ID
X-Varnish-URL
X-PAGE-TYPE
X-Request-Start
X-Proxy-Server
PICS-Label
Processtime
X-Nananana
X-From-Cache
Memory
X-Cookie
X-CACHE-KEY
GW-Server
UCS
X-RTag
X-Gen-Id
Cdn-Host
X-GDPR
Cdn-Request-Time
X-Edge-Server
X-Gdpr
Ms-Operation-Id
DataCenter
X-Load-Cache
X-WR-MODIFICATION
X-HS-Status
X-User
X-FORWARDED-FOR
X-Fastly-Backend-Reqs
X-ServedByHost
X-Fastly-Cache-Hits
COMMERCE-SERVER-SOFTWARE
X-B3-SpanId
X-Swift-Error
Cache-Hits
X-PJAX-URL
Lb
Pics-Label
X-Ratelimit-Remaining
Dont-Set-Cookie
Serverid
V-Cache
Get-Access-Time
X-Optimization
Group
X-Env
Is-Session-Tracking
X-RateLimit-Reset
Accept-Language
X-Cache-Ttl
X-Cache-HT
Cf-Ipcountry
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Urbn-Context-Path
X-LI-UUID
X-Urbn-Site-Id
Locale
X-Cache-Debug
X-GZIP
X-Dw-Trace-Id
X-CDN-Pop
X-Li-Pop
Who
X-Li-Fabric
X-BBXSRF
X-LI-Proto
X-Fe
X-CDN-Pop-IP
Amp-Access-Control-Allow-Source-Origin
X-ID
X-Info
NX-Cache
X-Content-Encoded-By
X-Path-Route
X-Vcache
X-Ver
X-PF-Uncompressing
AGE-Hash
URI
X-Cache-FS-Status
X-Bug-Bounty
Xet-Cookie
Requestid
X-NGINX-Cache
X-SB
CDN-Cache-Hit
X-CacheKey
Ws
CDN-Cache
Fastly-Soc-X-Request-Id
CDN-Node
SS
X-Varnish-Info
N-Cache
X-VC
X-Ibm-Trace
X-Qloud-Router
X-Meta-Tbi-Cache-Vertical
X-VG-WebCache
X-P-T
X-Shard
X-RequestId
X-Serial
SID
Httpd-Identifier
X-Flags
X-Akamai-ERPolicy
X-Akamai-ERRuleID
Https
X-ServerName
X-Route-Name
X-Grace-Duration
X-Is-Crawler
X-Providence-Cookie
X-Litespeed-Cache-Control