Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
Last-Modified
Accept-Ranges
Pragma
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
X-XSS-Protection
Expect-CT
Via
X-Cache
Age
Access-Control-Allow-Origin
Content-Security-Policy
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Served-By
X-Amz-Cf-Id
X-Varnish
Referrer-Policy
X-Timer
X-Xss-Protection
CF-Cache-Status
X-FRAME-OPTIONS
X-Request-Id
Access-Control-Allow-Headers
X-AspNet-Version
Access-Control-Allow-Methods
X-Runtime
X-Download-Options
Access-Control-Allow-Credentials
X-Drupal-Cache
X-Cacheable
Alt-Svc
X-Generator
Content-Security-Policy-Report-Only
X-Request-ID
X-Check
X-AspNetMvc-Version
Status
X-Cache-Status
X-Adblock-Key
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Iinfo
X-Permitted-Cross-Domain-Policies
X-Template
Content-Encoding
X-Language
X-Content-Security-Policy
X-Turbo-Charged-By
X-CDN
X-Type
X-Buckets
Keep-Alive
Xkey
X-AH-Environment
X-Backend
X-Cache-Group
Access-Control-Max-Age
WPE-Backend
X-Pass-Why
X-Age
CF-Ray
X-POWERED-BY
X-Server
Upgrade
EagleId
Access-Control-Expose-Headers
X-Via
X-Nginx-Cache-Status
X-Server-Powered-By
X-Drupal-Dynamic-Cache
X-Pingback
X-Varnish-Cache
Grace
X-Hacker
X-Amz-Request-Id
X-Amz-Id-2
X-Swift-CacheTime
X-Swift-SaveTime
X-UA-Device
X-Robots-Tag
Ali-Swift-Global-Savetime
P3p
Cf-Railgun
X-LiteSpeed-Cache
X-Proxy-Cache
X-Envoy-Upstream-Service-Time
X-Ua-Compatible
X-Page-Speed
Request-Context
Content-Location
X-Device
X-Ac
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Node
X-Cnection
X-Host
X-Server-Id
X-Amz-Version-Id
X-Cache-Lookup
Surrogate-Control
X-WebKit-CSP
X-Backend-Server
X-Rack-Cache
X-Rq
X-Response-Time
X-Application-Context
X-Readtime
X-CST
EagleEye-TraceId
Server-Timing
Pinterest-Generated-By
X-Cloud-Trace-Context
X-Url
X-OneAgent-JS-Injection
Request-Id
X-Instart-Request-ID
Report-To
X-TTL
X-Px
X-Country
X-ORACLE-DMS-ECID
X-Clacks-Overhead
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Feature-Policy
Rating
Edge-Control
X-Country-Code
Allow
X-DynaTrace-JS-Agent
X-Dns-Prefetch-Control
X-DataDome
Charset
X-ESI
X-Powered-CMS
X-Vname
X-TtlSet
X-PC
X-Server-Name
X-FTR-Request-ID
X-Origin-Cache
X-DynaTrace
NEL
X-MS-InvokeApp
X-ORACLE-DMS-RID
X-Goog-Hash
X-Cached
X-Recruiting
X-Varnish-TTL
X-Vhost
X-VARITI-CCR
X-GitHub-Request-Id
RTSS
Content-MD5
X-Version
X-F-Cache
X-Exp-Id
X-Kinja-Build
X-Kinja-Revision
X-Kinja-Server
X-Kinja
X-GoogleNews-Bot
X-Cdn-Fetch
X-Exp-Variant
X-Geo-Segment
X-Powered-By-Plesk
Public-Key-Pins
Accept-CH
PB-RID
PB-PID
X-Mobile-Rewrite
Arc-Version
X-Mod-Pagespeed
Pinterest-Version
X-Upstream-Env
X-Pinterest-Rid
X-D2id
Verso
X-Client-IP
SPRequestGuid
MS-Author-Via
X-Abt-Application-Version
X-CF-Powered-By
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Dispatcher
X-N
X-SharePointHealthScore
X-Amz-Rid
AR-ATIME
AR-PoweredBy
Accept-CH-Lifetime
X-Navigation-Version
AR-CACHE
Nginx-Cache
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-T
DynaTrace
X-Dw-Request-Base-Id
X-Fastly-Request-ID
X-Trace
Paypal-Debug-Id
X-Upstream
X-Grace
X-Hits
X-Varnish-Age
Arr-Disable-Session-Affinity
X-Forwarded-Proto
TCN
X-DIS-Request-ID
X-Amz-Meta-S3cmd-Attrs
X-FastCGI-Cache
X-Id
X-Origin-Upstream-Status
Permitted-Cross-Domain-Policies
X-HeyJason
X-Do-Not-Hack
X-Shield-Request-Id
X-Pad
SPIisLatency
SPRequestDuration
AR-SID
X-Content-Options
X-Ruxit-JS-Agent
X-Content-Digest
X-Cache-Hit
X-NF-Request-ID
Realpath
X-IPLB-Instance
X-Kinsta-Cache
X-Logged-In
X-Acc-Meta-Resource-Type
MRF-Tech
Mrf-Cache-Status
X-Mrf-Item-Lastmod
Access-Control-Request-Method
X-Mrf-Section-Lastmod
X-B
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Storage-Class
X-SS-Set-Cookie
X-HW
X-Vcap-Request-Id
X-Debug
X-XRDS-Location
S
X-Ser
Service-Worker-Allowed
X-MSEdge-Ref
X-NewRelic-App-Data
Server-Name
X-Frontend
X-Wix-Server-Artifact-Id
X-PressLabs-Stats
X-FTR-Cache-Status
X-FTR-Backend
X-FTR-DC
X-FTR-Balancer
X-FTR-Backend-Server
X-Country-Code-Real
X-FTR-Realm
Tracecode
X-Server-ID
AMP-Access-Control-Allow-Source-Origin
X-Oneagent-Js-Injection
X-FTR-Expires
Rt-Fastcgi-Cache
X-Cache-Key
Fastcgi-Cache
Surrogate-Key
Eomportal-Instance
X-Forwarded-For
Alternate-Protocol
Cleartype
X-Cache-Rule
Cache-Status
X-GUploader-UploadID
Fastly-Restarts
X-Ttl
X-Srv
Backend-Timing
X-Analytics
Host
X-HS-Hub-Id
X-HS-Content-Id
TP-Cache
TP-L2-Cache
X-Revision
X-User-Agent
X-VCache
X-NWS-LOG-UUID
X-Rid
X-Whom
FilterID
Public-Key-Pins-Report-Only
X-Debug-Info
X-FTR-Cache-Host
X-RateLimit-Remaining
X-Akam-SW-Version
X-AOL-HN
ServerID
X-Accel-Buffering
X-Varnish-Backend
X-Cache-2
X-XRDS-LOCATION
X-Webkit-CSP
X-Via-JSL
X-Content-Powered-By
X-Cdn
X-TA-CDN-Provider
Accept-Charset
X-Request-Processing-Time
Front-End-Https
X-Request-Received
X-Kinja-Server-Push
X-Mobile
X-Oracle-Dms-Rid
X-Zen-Fury
Viewport
X-Correlation-Id
X-WPE-Loopback-Upstream-Addr
X-Cached-By
X-Node-Name
X-App-Environment
X-Magnolia-Registration
Liferay-Portal
X-LB-Cache
X-Page-Id
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Varnish-Hostname
X-Tumblr-User
X-Content-Security-Policy-Report-Only
X-Cluster
Host-Header
X-TT
X-Framework
X-B3-Sampled
X-Akamai-Edgescape
X-Cache-Control
X-Device-Type
X-Handled-By
X-Request-Guid
Upgrade-Insecure-Requests
X-Signature
X-Platform-Server
X-Instance
X-FB-Debug
X-BCube-Filmed-By
X-B-Cache
DC
Cache-Tag
X-Cache-Server
X-Hostname
X-B3-Traceid
Server-Node
X-Origin-Server
X-TT-TIMESTAMP
MicrosoftSharePointTeamServices
Source
Retry-After
X-Amzn-Trace-Id
X-Servedby
X-Contextid
X-Accel-Expires
X-WA-Info
X-Middleton-Display
X-Varnish-Server
X-Sol
Display
HitInfo
Server-Info
HitType
X-Cache-Action
X-Distil-CS
X-Cache-Operation
X-Port
Content-Style-Type
X-APP-VERSION
Content-Script-Type
Webserver
X-Seen-By
X-Wix-Request-Id
X-GeoIP
X-Amz-Replication-Status
X-Generated-By
X-WebKit-CSP-Report-Only
AsisCache
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-RequestSource
X-Daa-Tunnel
X-Edge-Location
GEO-INFO
X-S
User-Agent
X-Status
Actual-Object-TTL
X-Geo-Country
X-Locale
Healthy
X-Jobs
X-TX-ID
X-FW-Type
ServedBy
X-Edge-Cache-Key
X-Varnish-Hits
X-UUID
X-Edge-Cache
X-Region
X-FW-Serve
X-Response-Served-From
X-FW-Server
X-FW-Static
X-FW-Hash
X-Adobe-Loc
X-Adobe-Content
X-Drupal-Cache-Tags
X-Hyper-Cache
SRV
X-DataStream-Cache-Status
X-Fastcgi-Cache
Refresh
X-Yottaa-Optimizations
X-Cache-Age
X-Yottaa-Metrics
X-Varnish-Grace
S-Cnection
X-Esi
Filters
X-ATG-Version
X-Amz-Server-Side-Encryption
IBM-Web2-Location
X-Cache-TTL-Remaining
X-Middleton-Response
NGB
X-Cache-NE
X-URL
Response
X-Content-Type
Payment
X-AppVersion
X-Proxied
X-Newrelic-App-Data
X-Activity-Id
Datacenter
X-Az
X-Ruxit-Js-Agent
X-Pc-Key
X-Pc-Appver
X-Pc-Hit
X-Cache-Remote
X-CDN-Forward
X-App-Server
X-Cacheable-TTL
X-Cache-TTL
X-Unique-ID
X-Kong-Proxy-Latency
X-Vg-Webcache
X-Kong-Upstream-Latency
AR-Request-ID
Country
Edge-Cache-Tag
X-HS-Cache-Config
X-Akamai-Transformed
Served-By
Cache
X-Sucuri-ID
X-Mode
X-UA
X-Iejgwucgyu
X-RN-RSRV
X-RemovedCookies
X-Cache-Var-Map
X-Detected-As
X-Rendered-As
X-Cache-Var
Meta-Geo
Machine
X-Varnish-IP
X-Is-Bot
Load-Balancing
X-ProcessESI
X-FC-Vary-Parameters
X-Proxy
X-Rocket-Nginx-Bypass
Access-Control-Allow-Method
TWC-Connection-Speed
X-ProxyCache-Status
X-EIG-Tracking-Id
X-ProxyCache-Key
X-Grey
X-Human
X-Hosted-By
Webcakes-App-Version
Webcakes-Region
X-Tb
X-ServerID
X-Varnish-Cacheable
X-BB-IP
X-Amz-Meta-Surrogate-Control
X-Rule
Webcakes-App-Name
TWC-Privacy
TWC-GeoIP-Country
TWC-GeoIP-LatLong
TWC-Device-Class
Property-Id
DB-Nickname
Mn-Server-Ip
TWC-Locale-Group
X-BYPASS-REASON
X-OCL
X-Cache-Category-Id
X-PCL
X-Origin-Hint
X-Origin
Backend
Cache-Name
X-Real-IP
X-Access
User-Cache-Control
X-ApacheServer
X-Cache-Config
X-Environment-Context
X-Debug-Cache
X-CDN-Cache
ServerName
S-Rt
Azure-SlotName
Azure-SiteName
Azure-RegionName
Azure-Version
Cache-Key
Now
L5d-Success-Class
X-Format
X-Generated
X-Site-Version
X-Routing-Service
X-Pubstack
X-TNCMS
X-Upgrade-Enabled
X-Zipkin-Id
X-Viewer-Country
X-Varnish-Cache-Hits
X-PERF
X-OVcl-Cache
X-L-Path
X-JoinUs
X-Hit
X-Loop
X-NodeID
X-OVcl
X-Original-Request
Azure-InstanceId
X-Section
X-HS-Combine-CSS
X-Agile-Age
X-Agile-Id
X-Agile
X-SplitTest
X-Timing-Wait
X-AWS-Id
Selected-FE
X-Backend-Name
X-NGENIX-Cache
X-Ocache
X-LJ-Flow-ID
X-IP
X-CCM
X-Proxy-Build
X-TWH-CORRELATION-ID
X-App-Name
X-Via-Fastly
X-VWS-Id
X-Www-Served-By
Access-Control-Request-Headers
X-Drupal-Cache-Contexts
OT-Force-Account-Verify
X-Origin-CC
X-Source
X-RateLimit-Limit
X-Xfnlog-Site
X-Nginx-Cache
X-Akamai-Request-ID
X-Upstream-HT
X-Storage
X-Upstream-CT
X-Mrs-Cache-Hits
X-Mshield-Cache-Status
X-Pc-Host
X-Mrs-Cache
X-Pc-Date
X-Mrs-Age
HostName
Fastcgi-X-Cache
Fastcgi-Useragent
Fastcgi-X-Cache-Version
X-Correlation-ID
X-Vgn-Hpd-Reason
X-Litespeed-Cache
Powered-By-ChinaCache
Pagespeed
From-Origin
X-Time-Microsecs
X-Forwarded-Host
X-Amz-Apigw-Id
X-Amzn-RequestId
Fastly-SSL
X-Feature
X-NC
X-NCache
X-Internal-Host
X-Varnish-Beresp-Status
XServer
X-Qnm-Cache
X-Distributor
X-Release
X-Varnish-Beresp-Grace
X-M-Reqid
X-M-Log
X-Microcachable
X-UA-Device-Type
X-Birta-Cache-Post
X-Birta-Served
X-Labrador-Cache-Channel
X-Ms-Request-Id
Pagetype
LB
X-Ms-Version
X-Ms-Lease-Status
X-Ms-Blob-Type
NtCoent-Length
X-PHP-Backend
X-VG-TLSProxy
X-Cache-Backend
X-Webkit-Csp
X-App-Version
X-EdgeConnect-Cache-Status
X-Connection-Hash
X-Transaction
X-Twitter-Response-Tags
X-B3-Spanid
Time
Frame-Options
MIME-Version
X-SERVER-NAME
X-C
X-Org
Cneonction
X-B-Cookie
X-PAYTM-SRV-ID
X-Accel-Expires-Debug
X-IN-SSL-APIGATEWAY
X-IN-APIGATEWAY
Host-ID
T-Server
Fly-Request-Id
Fly-Cache
Ec-Rule-Version
X-Irp-Debug
X-IN-WAF
IsBot
MD5-Digest
X-From
X-Generated-In
X-G
Rendered-Blocks
X-Generation-Time
NGX
Meta-Geo-Continent
Server-Int
Mobile-Detection-Method
V-Age
Viewtype
X-A-Wwc
X-A-Dgt
X-A-Dcw
Ajk
X-DPWN-IS-SECURE
X-Sucuri-Cache
X-No-Session
X-ARC
X-Application
AKAMAI
X-A-Dam
Www
X-Logtrace-Id
VivaBuild
Cache-Prefix
BehaviorPad-Version
X-A-Ccd
X-A
Arc-Country
X-NU-AKA-ACS-Version
X-Web-Node
X-Server-Time
X-Instance-Name
X-CF-Lambda-Version
X-GZip
X-CS
X-CUA
X-Region-Sid
X-Request-UUID
X-Cache-Bucket
X-Died
X-CF-Lambda-Fn
X-WebServer
X-Via-CDN
X-Server-By
X-VG-WebServer
X-SIPLIST1
X-ScT
X-Via-Edge
X-Rewrite-Enabled
X-Rojux
X-S-Cookie
X-Via-SSL
X-Redis-Cache
X-SRCache-Key
X-Destination
X-Trv-Group
X-V
X-Date
X-D
X-BB-ID
X-Developer
X-UE-Client-Country
X-Dispatcher-Server
Xc-Version
WZWS-RAY
X-Powered-By-ANYU
X-NWS-UUID-VERIFY
X-HOST
X-FireWall-Port
HA-Geolat
HA-Geolon
Pragrma
HA-Georegion
Release
X-Key
X-Varnish-Action
X-Fastly-Cache
X-Core-Value
X-Var-Ttl
HA-Geocity
HA-Cloudapp
GMS-Ver
HA-Geocountry
HA-Ipaddr
SN
NodeID
Server-Host
Magicmarker
X-GeoIP-City
X-Store
X-CGP
X-Crawler
X-Hash
HA-Servedtime
HA-Host
X-UnsetCookies
HA-Urlpath
Origin-Edge-Control
Origin-Cache-Control
X-Hl-Ver
Ha-Gx-Prefs
X-External-Request-Id
X-Node-Id
X-Cache-Enabled
X-Cache-CFC
X-Wikidot-Static-Cache
X-Amz-Meta-Cache-Control
X-VServer
X-We-Are-Hiring
X-NX-Host
X-Request-URI
X-Phone
X-Platform
X-Debug-Cookies
X-RateLimit-Remaining-Second
X-Debug-Log
X-Origin-TTL
X-Owner
X-S-Maxage
X-Wikidot-Backend
X-VCT
X-F5-Cache
X-RateLimit-Limit-Second
X-Layer
Backend-Name
Country-Code
X-Eu-Site
X-Webstats-RespID
X-Request-Time
X-Cache-URL
Request-EU
X-Backend-Url
X-Backend-Host
X-Backend-State
Section-Io-Cache
X-FW-Version
X-Cache-Srv
Request-Time
X-Gannett-Site-Version
Uber-Trace-Id
X-Core-Mission
X-Block-Status
X-Backend-TTL
X-Croise-Owner
X-Cache-Expires
X-Developers
Thinkindot-CacheControl-Type
X-ElasticPress-Search
X-Cache-Host
X-Actual-URL
Thinkindot-CacheControl
Web-Mar-Node
X-Cdn-Origin
X-Fetched-On
X-Epic-Correlation-Id
X-Cdn-Srv
Thinkindot-Control
True-Client-Country-4JS
X-Clientip
X-Passed-To-BeforeDispatch
X-MSEdge-Flight
X-MSEdge-Features
X-Nginx-Cache-Key
X-Thinkindot-L3
X-Passed-To-DLL
X-Passed-To
Request-Country
X-Trace-Id
Adler-Geo
Apple-News-Services-Handled
X-Variation
X-Up
X-TT-LOGID
X-Tumblr-Pixel-3
X-Passed-To-PostProcessResponse
X-RCS-CacheZone
X-Sn-Servicetimems
X-Returned-From-PostProcessResponse
X-Secret
X-Server-IP
X-ServiceProvider
X-Sf
X-Returned-From-DLL
X-Returned-From-BeforeDispatch
X-Stale
X-Swa-Ws
X-Reboot
X-Response-By
X-Returned-From
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
MI-Cache-Age
Odigeo-Trace-Id
MI-Cache
MI-API
X-GeoIP-Country-Code
Kp-EeAlive
On-Server
Origin
X-Gen-Mode
Proxy-Connection
Platform
PFcat
X-Varnish-Beresp-Ttl
Is-Eu
Heartbleed
X-Matched-Rule
X-Location
X-MI-In-Market
CDCHOST
Apple-News-Services-Request-Url
Cache-Tags
Countrycode
Decoy-Debug-Key
X-HTML-Minification-Powered-By
X-Hnp-Log
Esi-Enabled
Decoy-Debug-TTL
Decoy-Debug-Status
X-Ua
X-Alternate-Cache-Key
X-ShardId
X-Shopify-Stage
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Cluster-Node
X-ShopId
X-Fstrz
Powered
X-Policy
REQUESTUUID
X-Worker
X-Skip-Cache
X-Servername
X-Rebelmouse-Surrogate-Control
X-Device-Os
X-Rebelmouse-Cache-Control
Sid
HTTPS
Fastly-SWR
Resin-Trace
RNT-Machine
RNT-Time
Fastly-SIE
X-Alicdn-Da-Ups-Status
X-Content-Age
X-Ckpd-Fst-Backend
ViewerVersion
Content-Disposition
Fastly-Backend-Name
Server-ID
X-Dc
Cteonnt-Length
ProcessTime
X-CACHE-AGE
X-Ezoic-Cdn
PageSpeed
X-Csrf-Token
Xserver
X-Oss-Hash-Crc64ecma
X-Oss-Storage-Class
X-Oss-Server-Time
X-Oss-Request-Id
X-Oss-Object-Type
X-B3-TraceId
X-Refresh
RequestId
Warning
X-Newrelic-Synthetics
WP-Super-Cache
X-GEO
X-TIME
X-Planisys-CDN-TTL
X-Proto
X-Servedbyhost
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
X-Pf-Uncompressing
Cache-Cookie-Set-Lfrom
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-Real-Ip
X-Endurance-Cache-Level
CACHE
CDN
CF-IPCountry
Mail-Subject
We-Hiring
X-Req
X-Guploader-Uploadid
X-Cache-ASPX
X-Surge-Debug
X-Pjax-Url
Hostname
Ar-Sid
Dnion-Transfer-Encoding
X-GoCache-CacheStatus
X-Varnish-Ttl
X-Nc
X-Aed
X-CLOUD-TRACE-CONTEXT
NODE
X-Atg-Version
X-COUNTRY
X-Time
X-CSRF-Token
Pramga
X-Edge-IP
NnCoection
X-Varnish-Beresp-TTL
TSSecure
X-Page-Type
X-Ms-Lease-State
X-Server-W
X-Origin-Date
X-Origin-Expires
Geoip-Latitude
GeoIp-Country-Code
X-DC
X-Oracle-Dms-Ecid
X-Varnish-HitMiss
X-Cache-Control-Set-By
X-HCF
X-Cdn-Forward
X-DataStream-MidMile-RTT
X-Aicache-OS
X-DataStream-Origin-MEX-Latency
X-Varnish-Url
X-Hello
X-Flog
X-ABtesting
SD-X-WS
A
X-WA
X-Geo
X-GRACE
WWW-Authenticate
X-Datadome
X-Amz-Cf-Pop
X-Server-Group
MS-CV
Cdn
Lfy
Processtime
X-Auto-Login
Geoip-City
X-Akamai-Request-ID2
X-Ratelimit-Limit
FSS-Cache
Node
Mime-Version
X-UPSTREAM-Address
FSS-Proxy
X-Varnish-URL
PICS-Label
X-Wa
X-Wix-Route-ID
X-CACHE-KEY
X-From-Cache
Lb
X-Use-Magma
X-Via-NSCOPI
X-Gdpr
X-Edge-Server
X-APP
Rt-Proxy-Cache
X-Sentry-ID
Cdn-Host
Cdn-Request-Time
GeoIP-Latitude
GeoIP-Country-Code
X-PAGE-TYPE
X-EC-Security-Audit
Dont-Set-Cookie
X-Nananana
X-Check-Cacheable
X-SRV
X-Gen-Id
PageType
X-Cache-Id
GeoIP-City
X-RTag
Ms-Operation-Id
X-Cookie
X-Unique-Id
X-Bip
X-Thanos
X-Served-From
COMMERCE-SERVER-SOFTWARE
X-Cache-Info
Memcached
X-WR-MODIFICATION
X-Proxy-Server
X-Cache-HT
X-Env
X-Be
Get-Access-Time
X-Optimization
X-Fastly-Backend-Reqs
Is-Session-Tracking
X-GDPR
X-Dynatrace-Js-Agent
X-Load-Cache
DataCenter
Memory
X-FORWARDED-FOR
Who
X-MP-GENERATED-AT
X-Request-Start
X-Fastly-Cache-Hits
Pics-Label
X-HS-Status
X-Cache-FS-Status
X-PJAX-URL
X-Swift-Error
X-Ver
X-Fe
V-Cache
Group
X-Ibm-Trace
X-B3-SpanId
UCS
GW-Server
X-Meta-Tbi-Cache-Vertical
X-Cache-Ttl
Cf-Ipcountry
X-RateLimit-Reset
Ws
X-ServedByHost
Httpd-Identifier
X-Wix-Petri-Ex
URI
X-Dw-Trace-Id
X-Shard
X-CDN-Pop
X-User
X-CDN-Pop-IP
X-PF-Uncompressing
Amp-Access-Control-Allow-Source-Origin
X-ID
Requestid
NX-Cache
Cache-Hits
Xet-Cookie
Powered-By
X-SB
X-GZIP
AGE-Hash
X-VC
X-SVT-ORM-VERSION
X-Bug-Bounty
X-SVT-ORM-RULES
Serverid
X-NGINX-Cache
Version
N-Cache
X-CacheKey
X-Varnish-Info
CDN-Cache
X-Ratelimit-Remaining
Ohc-File-Size
X-Goog-Meta-Goog-Reserved-File-Mtime
CDN-Node
CDN-Cache-Hit
X-StackifyID
X-Path-Route
X-BBXSRF
Accept-Language
Locale
X-Urbn-Site-Id
X-Cache-Debug
X-Content-Encoded-By
X-LI-Proto
X-Li-Pop
X-Li-Fabric
X-Urbn-Context-Path
X-LI-UUID
X-RequestId
X-Litespeed-Cache-Control
X-Flags
X-Cache-Handler
X-LiteSpeed-Cache-Control
X-P-T
X-Is-Crawler
X-Providence-Cookie
X-Akamai-ERRuleID
Https
X-Akamai-ERPolicy
X-ServerName
X-Route-Name
X-Grace-Duration