Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
Last-Modified
Accept-Ranges
Pragma
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
Expect-CT
Via
X-XSS-Protection
X-Cache
Age
Access-Control-Allow-Origin
Content-Security-Policy
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Served-By
X-Amz-Cf-Id
X-Varnish
Referrer-Policy
X-Xss-Protection
X-Timer
CF-Cache-Status
X-FRAME-OPTIONS
Access-Control-Allow-Headers
X-AspNet-Version
Access-Control-Allow-Methods
X-Request-Id
X-Runtime
X-Download-Options
Access-Control-Allow-Credentials
X-Drupal-Cache
X-Request-ID
X-Cacheable
Alt-Svc
X-Generator
Content-Security-Policy-Report-Only
X-Check
X-AspNetMvc-Version
X-Adblock-Key
Status
X-Cache-Status
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Permitted-Cross-Domain-Policies
X-Template
X-Iinfo
X-Language
Content-Encoding
X-Content-Security-Policy
X-Turbo-Charged-By
X-CDN
X-Buckets
X-Type
Keep-Alive
Xkey
X-AH-Environment
X-Cache-Group
WPE-Backend
X-Pass-Why
X-Backend
Access-Control-Max-Age
X-Age
Upgrade
CF-Ray
X-Server
X-POWERED-BY
Access-Control-Expose-Headers
EagleId
X-Via
X-Nginx-Cache-Status
X-Server-Powered-By
X-Drupal-Dynamic-Cache
X-Pingback
X-Varnish-Cache
X-Amz-Id-2
X-Amz-Request-Id
X-Hacker
Grace
X-UA-Device
X-Swift-CacheTime
X-Swift-SaveTime
X-Robots-Tag
Ali-Swift-Global-Savetime
P3p
Cf-Railgun
X-LiteSpeed-Cache
X-Proxy-Cache
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Ua-Compatible
Request-Context
X-Device
Content-Location
X-Ac
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Cnection
X-Amz-Version-Id
X-Host
X-Server-Id
X-Node
X-Cache-Lookup
Surrogate-Control
X-Backend-Server
X-Rq
X-WebKit-CSP
X-Response-Time
X-Rack-Cache
X-Readtime
X-Application-Context
EagleEye-TraceId
X-OneAgent-JS-Injection
Server-Timing
X-CST
X-Cloud-Trace-Context
X-Url
Pinterest-Generated-By
Report-To
Request-Id
X-TTL
X-Instart-Request-ID
X-Country
X-ORACLE-DMS-ECID
X-Px
X-Clacks-Overhead
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Feature-Policy
Edge-Control
X-Country-Code
Rating
Allow
X-ESI
X-DataDome
X-Powered-CMS
X-Vname
X-PC
X-TtlSet
X-Dns-Prefetch-Control
X-Server-Name
X-FTR-Request-ID
NEL
Charset
X-DynaTrace-JS-Agent
X-Origin-Cache
X-DynaTrace
X-MS-InvokeApp
X-Cached
X-Goog-Hash
X-Vhost
X-GitHub-Request-Id
X-Recruiting
X-VARITI-CCR
X-Varnish-TTL
RTSS
X-F-Cache
X-Version
Content-MD5
X-Kinja
X-Kinja-Server
X-GoogleNews-Bot
X-Kinja-Revision
X-Kinja-Build
X-Exp-Variant
X-Geo-Segment
X-Cdn-Fetch
X-Exp-Id
X-Powered-By-Plesk
Accept-CH
Public-Key-Pins
PB-RID
PB-PID
Arc-Version
X-Mobile-Rewrite
X-D2id
X-Mod-Pagespeed
MS-Author-Via
Verso
X-Client-IP
Pinterest-Version
X-Upstream-Env
X-Pinterest-Rid
X-Abt-Application-Version
SPRequestGuid
X-Dispatcher
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-ORACLE-DMS-RID
X-SharePointHealthScore
X-N
X-Ruxit-JS-Agent
X-CF-Powered-By
X-Amz-Rid
Nginx-Cache
Accept-CH-Lifetime
X-Navigation-Version
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Dw-Request-Base-Id
X-Trace
X-Fastly-Request-ID
Paypal-Debug-Id
X-Forwarded-Proto
X-T
DynaTrace
X-DIS-Request-ID
X-Varnish-Age
X-Grace
X-Hits
X-Upstream
X-Origin-Upstream-Status
AR-ATIME
AR-PoweredBy
SPRequestDuration
SPIisLatency
Arr-Disable-Session-Affinity
X-Amz-Meta-S3cmd-Attrs
TCN
X-Id
AR-CACHE
X-Pad
X-Shield-Request-Id
X-Content-Options
X-Oracle-Dms-Rid
X-Content-Digest
Realpath
X-NF-Request-ID
X-HW
MRF-Tech
X-Mrf-Item-Lastmod
X-Kinsta-Cache
Mrf-Cache-Status
Access-Control-Request-Method
X-Mrf-Section-Lastmod
X-IPLB-Instance
X-Acc-Meta-Resource-Type
X-FastCGI-Cache
X-Cache-Hit
X-Goog-Metageneration
X-B
X-Server-ID
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Vcap-Request-Id
X-Logged-In
X-Debug
X-SS-Set-Cookie
X-NewRelic-App-Data
X-Wix-Server-Artifact-Id
X-Ser
Service-Worker-Allowed
S
Tracecode
X-Cache-Key
X-MSEdge-Ref
Server-Name
X-PressLabs-Stats
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-Backend
X-Country-Code-Real
X-Frontend
X-FTR-Realm
X-FTR-Cache-Status
X-FTR-DC
AMP-Access-Control-Allow-Source-Origin
Fastly-Restarts
AR-SID
X-FTR-Expires
X-XRDS-Location
Rt-Fastcgi-Cache
Surrogate-Key
X-Forwarded-For
X-Accel-Buffering
Fastcgi-Cache
Permitted-Cross-Domain-Policies
X-Do-Not-Hack
X-HeyJason
X-XRDS-LOCATION
Eomportal-Instance
X-Cache-Rule
Alternate-Protocol
X-Analytics
Backend-Timing
X-HS-Hub-Id
X-HS-Content-Id
Host
Cleartype
Cache-Status
X-Srv
X-Rid
TP-Cache
FilterID
TP-L2-Cache
Public-Key-Pins-Report-Only
X-Revision
X-FTR-Cache-Host
X-Debug-Info
X-Whom
X-User-Agent
Front-End-Https
X-Akam-SW-Version
ServerID
X-TA-CDN-Provider
X-Mobile
X-AOL-HN
X-Varnish-Backend
Accept-Charset
X-Cache-2
X-Via-JSL
X-GUploader-UploadID
X-Webkit-CSP
X-Iejgwucgyu
X-Request-Processing-Time
X-Cdn
X-Request-Received
X-RateLimit-Remaining
X-NWS-LOG-UUID
X-Zen-Fury
X-Content-Powered-By
X-Correlation-Id
X-Kinja-Server-Push
X-Cached-By
X-VCache
X-WPE-Loopback-Upstream-Addr
X-Oneagent-Js-Injection
Viewport
X-App-Environment
X-Ttl
X-Node-Name
X-LB-Cache
X-Tumblr-Pixel-0
Host-Header
X-Magnolia-Registration
X-Cluster
X-Tumblr-Pixel
X-Tumblr-User
X-Page-Id
Liferay-Portal
X-Handled-By
X-Framework
X-Akamai-Edgescape
X-Cache-Control
X-Device-Type
X-Varnish-Hostname
X-TT
X-FB-Debug
X-Content-Security-Policy-Report-Only
X-BCube-Filmed-By
X-Signature
X-B-Cache
X-B3-Sampled
X-Platform-Server
X-Request-Guid
Display
X-Instance
DC
X-Sol
X-Middleton-Display
Cache-Tag
Upgrade-Insecure-Requests
X-Cache-Server
X-Amzn-Trace-Id
X-Hostname
X-B3-Traceid
X-Origin-Server
MicrosoftSharePointTeamServices
Server-Node
X-TT-TIMESTAMP
X-Accel-Expires
X-Webkit-Csp
X-WA-Info
Retry-After
Source
X-Fastcgi-Cache
X-Varnish-Server
X-Servedby
X-Contextid
X-Distil-CS
HitType
HitInfo
Server-Info
X-Cache-Action
X-Wix-Request-Id
X-Seen-By
X-Cache-Operation
Content-Script-Type
Content-Style-Type
Webserver
X-Amz-Replication-Status
X-GeoIP
X-Edge-Location
X-APP-VERSION
User-Agent
X-RequestSource
X-S
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-Status
GEO-INFO
SRV
X-WebKit-CSP-Report-Only
Actual-Object-TTL
X-Jobs
X-Locale
X-ATG-Version
X-FW-Static
X-FW-Type
X-FW-Server
X-FW-Serve
X-Response-Served-From
X-FW-Hash
X-Edge-Cache-Key
X-Edge-Cache
AsisCache
X-Region
X-TX-ID
ServedBy
X-Adobe-Content
Response
X-UUID
X-Varnish-Hits
X-Generated-By
X-Adobe-Loc
X-Middleton-Response
X-Port
Refresh
X-Drupal-Cache-Tags
Healthy
X-Yottaa-Metrics
X-Cache-NE
X-Yottaa-Optimizations
X-Geo-Country
X-Hyper-Cache
X-Cache-Age
X-DataStream-Cache-Status
X-Cache-TTL-Remaining
Payment
S-Cnection
X-Esi
IBM-Web2-Location
X-Content-Type
X-Varnish-Grace
X-Amz-Server-Side-Encryption
Datacenter
Filters
X-Az
X-Daa-Tunnel
X-AppVersion
X-Activity-Id
Country
X-HS-Cache-Config
NGB
X-Newrelic-App-Data
Edge-Cache-Tag
X-Cache-Remote
X-UA
X-Pc-Key
X-Pc-Hit
X-Pc-Appver
Served-By
X-Cache-TTL
X-Cacheable-TTL
X-Varnish-IP
X-Sucuri-ID
X-App-Server
X-HS-Combine-CSS
Powered-By-ChinaCache
X-Proxied
HostName
X-Mode
X-Akamai-Transformed
X-Cache-Var
X-Rule
X-Cache-Var-Map
X-Mrs-Age
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Mrs-Cache
X-Mrs-Cache-Hits
X-Mshield-Cache-Status
X-Rendered-As
X-CDN-Forward
X-ProcessESI
X-Is-Bot
X-RemovedCookies
Machine
X-RN-RSRV
X-Detected-As
Load-Balancing
Meta-Geo
X-Proxy
X-Rocket-Nginx-Bypass
X-FC-Vary-Parameters
X-Vg-Webcache
Cache-Name
Webcakes-Region
TWC-Connection-Speed
X-Amz-Meta-Surrogate-Control
X-BYPASS-REASON
X-Cache-Category-Id
Property-Id
TWC-Device-Class
TWC-GeoIP-Country
TWC-Privacy
TWC-Locale-Group
User-Cache-Control
Webcakes-App-Name
Webcakes-App-Version
TWC-GeoIP-LatLong
X-Varnish-Cacheable
X-Tb
X-OCL
X-Origin
X-Human
DB-Nickname
Access-Control-Allow-Method
X-Hosted-By
X-Grey
X-Origin-Hint
X-ProxyCache-Key
X-ProxyCache-Status
OT-Force-Account-Verify
Mn-Server-Ip
X-PCL
X-Varnish-Cache-Hits
Backend
X-Upgrade-Enabled
X-NodeID
X-Hit
X-Generated
L5d-Success-Class
S-Rt
Now
X-TNCMS
X-Loop
X-ServerID
X-Section
X-Routing-Service
X-JoinUs
ServerName
X-Format
X-Original-Request
X-OVcl-Cache
X-OVcl
X-BB-IP
X-Site-Version
X-Access
X-Zipkin-Id
X-EIG-Tracking-Id
X-CDN-Cache
X-Debug-Cache
Fastcgi-X-Cache-Version
Fastcgi-X-Cache
Cache-Key
Fastcgi-Useragent
X-IP
X-ApacheServer
X-Agile-Id
X-App-Name
X-AWS-Id
X-Cache-Config
X-Agile-Age
X-Agile
X-L-Path
X-LJ-Flow-ID
Azure-SlotName
Selected-FE
X-Environment-Context
X-NGENIX-Cache
Azure-Version
X-VWS-Id
X-Www-Served-By
X-Viewer-Country
X-Via-Fastly
X-SplitTest
Azure-SiteName
X-Pubstack
X-Proxy-Build
Azure-InstanceId
X-Timing-Wait
X-PERF
Azure-RegionName
Access-Control-Request-Headers
X-CCM
X-Upstream-CT
X-Upstream-HT
X-TWH-CORRELATION-ID
X-Origin-CC
X-Ocache
X-Source
X-Drupal-Cache-Contexts
X-HOST
X-Xfnlog-Site
X-Nginx-Cache
From-Origin
X-URL
X-Backend-Name
X-Amz-Apigw-Id
X-Amzn-RequestId
Pagespeed
X-Akamai-Request-ID
X-Unique-ID
X-Forwarded-Host
X-RateLimit-Limit
LB
X-Storage
AR-Request-ID
X-Correlation-ID
Fastly-SSL
X-Pc-Host
X-Litespeed-Cache
Cache
X-Pc-Date
X-Vgn-Hpd-Reason
X-Ms-Version
X-Ms-Lease-Status
X-Ms-Request-Id
X-Ms-Blob-Type
NtCoent-Length
X-Birta-Served
X-Varnish-Beresp-Grace
X-Birta-Cache-Post
X-M-Log
X-Feature
X-Qnm-Cache
X-Varnish-Beresp-Status
X-M-Reqid
X-App-Version
X-Time-Microsecs
ViewerVersion
X-Labrador-Cache-Channel
X-NCache
X-VG-TLSProxy
X-Real-IP
X-Internal-Host
X-Distributor
X-Release
CACHE
X-Guploader-Uploadid
X-Microcachable
Time
X-Ruxit-Js-Agent
X-Cluster-Node
X-Real-Ip
X-EdgeConnect-Cache-Status
X-B3-Spanid
Xserver
WZWS-RAY
X-Powered-By-ANYU
PageSpeed
Ar-Sid
X-Twitter-Response-Tags
X-Transaction
X-Sucuri-Cache
X-Cache-Backend
X-Request-Time
X-Connection-Hash
X-Cache-Enabled
X-IN-SSL-APIGATEWAY
X-IN-WAF
X-Irp-Debug
X-IN-APIGATEWAY
Ec-Rule-Version
Fly-Cache
X-PAYTM-SRV-ID
X-Logtrace-Id
X-No-Session
X-NU-AKA-ACS-Version
BehaviorPad-Version
Fly-Request-Id
X-Org
Cache-Prefix
AKAMAI
Arc-Country
REQUESTUUID
X-A-Dcw
X-A-Dgt
X-A-Wwc
X-A-Dam
X-A-Ccd
Www
X-D
X-A
X-Accel-Expires-Debug
X-CUA
X-Cache-Bucket
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-BB-ID
X-B-Cookie
X-Application
X-ARC
X-Date
VivaBuild
Mobile-Detection-Method
NGX
Rendered-Blocks
Meta-Geo-Continent
MD5-Digest
X-Generated-In
X-G
X-From
Xc-Version
X-DPWN-IS-SECURE
V-Age
X-Destination
Viewtype
X-Developer
T-Server
X-Dispatcher-Server
X-Died
X-Generation-Time
Ajk
X-Via-SSL
X-Server-By
X-S-Cookie
X-Server-Time
X-Request-UUID
X-Via-Edge
X-UA-Device-Type
X-WebServer
X-Rojux
X-SRCache-Key
X-Trv-Group
X-Region-Sid
X-NC
X-Rewrite-Enabled
X-ScT
X-Redis-Cache
X-VG-WebServer
X-UE-Client-Country
Cneonction
X-Via-CDN
X-SERVER-NAME
Frame-Options
X-FireWall-Port
HA-Geocountry
HA-Cloudapp
HA-Geocity
GMS-Ver
X-Gen-Mode
X-Hnp-Log
X-Varnish-Action
X-Key
X-SIPLIST1
HA-Geolat
X-Hash
X-Hl-Ver
X-GeoIP-City
HA-Ipaddr
Origin-Edge-Control
X-F5-Cache
Origin-Cache-Control
X-Fastly-Cache
NodeID
X-External-Request-Id
Powered
X-Eu-Site
X-UnsetCookies
Release
Pragrma
Server-Host
Server-Int
X-Layer
HA-Host
Ha-Gx-Prefs
HA-Georegion
HA-Servedtime
HA-Urlpath
SN
Magicmarker
IsBot
Web-Mar-Node
HA-Geolon
Country-Code
X-ShardId
X-Alternate-Cache-Key
X-VServer
X-We-Are-Hiring
X-ShopId
X-Shopify-Stage
X-Cache-CFC
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-Web-Node
X-Store
X-Origin-TTL
X-RateLimit-Remaining-Second
X-Crawler
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-Owner
ProcessTime
X-RateLimit-Limit-Second
X-S-Maxage
X-Node-Id
X-C
X-Amz-Meta-Cache-Control
Backend-Name
X-Policy
X-CS
X-CGP
X-VCT
X-Block-Status
X-Platform
X-GZip
X-Webstats-RespID
X-Varnish-Beresp-Ttl
X-Dc
X-Instance-Name
X-Ezoic-Cdn
X-Tumblr-Pixel-3
X-Core-Mission
X-Developers
X-Returned-From-PostProcessResponse
X-Cache-URL
X-Cdn-Srv
Section-Io-Cache
X-Core-Value
X-Cache-Srv
X-Debug-Log
X-Backend-State
X-Backend-TTL
X-Backend-Url
X-Secret
X-Backend-Host
X-Server-IP
X-Epic-Correlation-Id
X-Actual-URL
Pagetype
X-Debug-Cookies
X-Croise-Owner
Thinkindot-Control
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
X-TT-LOGID
Uber-Trace-Id
X-Thinkindot-L3
X-Sf
X-Stale
X-Swa-Ws
X-Cache-Expires
X-Gannett-Site-Version
Apple-News-Services-Request-Url
X-Matched-Rule
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Apple-News-Services-Handled
CDCHOST
X-Location
Esi-Enabled
X-Variation
X-HTML-Minification-Powered-By
Request-EU
X-MI-In-Market
Adler-Geo
X-Passed-To-BeforeDispatch
X-Passed-To-DLL
X-Passed-To-PostProcessResponse
X-Clientip
X-Passed-To
X-RCS-CacheZone
X-ElasticPress-Search
X-Nginx-Cache-Key
X-NX-Host
X-Reboot
X-Request-URI
Countrycode
MI-Cache
MI-Cache-Age
X-GeoIP-Country-Code
X-Up
X-Returned-From-BeforeDispatch
X-Fetched-On
X-Returned-From-DLL
Proxy-Connection
Request-Country
Platform
Origin
Odigeo-Trace-Id
X-Returned-From
MI-API
Kp-EeAlive
X-FW-Version
X-Var-Ttl
X-Phone
Heartbleed
X-Response-By
Is-Eu
X-NWS-UUID-VERIFY
X-B3-TraceId
X-V
X-Endurance-Cache-Level
X-Nc
X-Content-Age
X-Worker
X-ServiceProvider
X-Trace-Id
X-Fstrz
X-MSEdge-Features
X-MSEdge-Flight
X-Device-Os
X-Servername
X-Sn-Servicetimems
Resin-Trace
HTTPS
X-Newrelic-Synthetics
Fastly-Backend-Name
True-Client-Country-4JS
On-Server
RNT-Machine
Server-ID
X-Ckpd-Fst-Backend
Decoy-Debug-TTL
X-Cache-Host
Cache-Tags
X-Cdn-Origin
XServer
Content-Disposition
Decoy-Debug-Status
Decoy-Debug-Key
RNT-Time
X-TIME
Fastly-SWR
X-Rebelmouse-Cache-Control
Warning
Fastly-SIE
X-Skip-Cache
Cache-Cookie-Set-Lfrom
Host-ID
X-Rebelmouse-Surrogate-Control
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
X-Alicdn-Da-Ups-Status
RequestId
X-CACHE-AGE
X-Surge-Debug
MIME-Version
X-Pf-Uncompressing
X-PHP-Backend
X-GEO
Cteonnt-Length
X-Ua
Request-Time
X-Req
X-Proto
PFcat
Sid
X-Csrf-Token
X-Aed
X-Refresh
We-Hiring
Mail-Subject
X-Edge-IP
X-Dynatrace-Js-Agent
X-Pjax-Url
Pramga
X-Ratelimit-Limit
TSSecure
CF-IPCountry
X-Cdn-Forward
X-CSRF-Token
X-Planisys-CDN-Cache
WP-Super-Cache
X-Ms-Lease-State
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Oss-Request-Id
X-Oss-Server-Time
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-Oss-Storage-Class
X-Varnish-Ttl
X-Server-W
GeoIp-Country-Code
X-Servedbyhost
X-Page-Type
X-Amz-Cf-Pop
X-Hello
Geoip-Latitude
X-Flog
X-ABtesting
X-CLOUD-TRACE-CONTEXT
Cdn
X-Atg-Version
Mime-Version
X-Varnish-Url
X-Cache-ASPX
X-COUNTRY
CDN
Dnion-Transfer-Encoding
X-Unique-Id
X-Time
X-Geo
X-Varnish-Beresp-TTL
X-GoCache-CacheStatus
Lfy
X-Auto-Login
X-Oracle-Dms-Ecid
X-DC
FSS-Cache
X-DataStream-Origin-MEX-Latency
FSS-Proxy
X-WA
X-DataStream-MidMile-RTT
X-Akamai-Request-ID2
MS-CV
PageType
A
X-Aicache-OS
NnCoection
X-Via-NSCOPI
X-Sentry-ID
Rt-Proxy-Cache
NODE
X-GRACE
X-Origin-Expires
X-Datadome
X-Origin-Date
Hostname
X-Varnish-HitMiss
X-HCF
X-Ratelimit-Remaining
X-Cache-Control-Set-By
X-EC-Security-Audit
X-Check-Cacheable
X-MP-GENERATED-AT
SD-X-WS
X-Served-From
X-Bip
Memcached
Node
X-Thanos
X-Cache-Id
X-Server-Group
X-Wa
X-APP
X-Cache-Info
X-Be
X-UPSTREAM-Address
WWW-Authenticate
X-Use-Magma
X-Request-Start
Geoip-City
X-NODE
X-Wix-Route-ID
GeoIP-City
X-PAGE-TYPE
PICS-Label
X-Varnish-URL
GeoIP-Country-Code
Memory
X-Proxy-Server
X-SRV
GeoIP-Latitude
Processtime
X-Nananana
X-Cookie
X-Fastly-Cache-Hits
X-ServedByHost
X-Vcache
UCS
X-CACHE-KEY
Ms-Operation-Id
X-RTag
X-From-Cache
GW-Server
X-Gen-Id
X-User
X-GDPR
X-Edge-Server
Cdn-Request-Time
X-Gdpr
Cdn-Host
X-WR-MODIFICATION
DataCenter
X-Load-Cache
COMMERCE-SERVER-SOFTWARE
Cache-Hits
X-FORWARDED-FOR
X-HS-Status
Cf-Ipcountry
X-Fastly-Backend-Reqs
X-Swift-Error
X-Goog-Meta-Goog-Reserved-File-Mtime
Accept-Language
X-PJAX-URL
X-VG-WebCache
Dont-Set-Cookie
Lb
Pics-Label
Locale
X-LI-Proto
X-Env
X-Urbn-Site-Id
X-BBXSRF
X-Cache-HT
X-LI-UUID
X-B3-SpanId
X-Urbn-Context-Path
V-Cache
X-RateLimit-Reset
X-Cache-Debug
Is-Session-Tracking
Get-Access-Time
X-Optimization
Group
X-Li-Pop
X-Cache-Ttl
X-Li-Fabric
X-Path-Route
Who
X-Dw-Trace-Id
X-CDN-Pop
X-CDN-Pop-IP
X-Info
X-Fe
Amp-Access-Control-Allow-Source-Origin
X-ID
Xet-Cookie
NX-Cache
AGE-Hash
X-Cache-FS-Status
SS
X-Qloud-Router
X-Content-Encoded-By
X-PF-Uncompressing
Fastly-Soc-X-Request-Id
X-Ver
Requestid
URI
X-GZIP
X-Bug-Bounty
Serverid
X-NGINX-Cache
N-Cache
X-P-T
X-Ibm-Trace
CDN-Cache
X-VC
CDN-Cache-Hit
CDN-Node
X-SB
Ws
X-Varnish-Info
X-CacheKey
X-Akamai-SSL-Client-Sid
X-Meta-Tbi-Cache-Vertical
SID
X-SN
X-Serial
X-Shard
X-Flags
X-Is-Crawler
X-Litespeed-Cache-Control
X-RequestId
Httpd-Identifier
X-Providence-Cookie
X-Route-Name
Https
X-Akamai-ERRuleID
X-Akamai-ERPolicy
X-ServerName
X-Grace-Duration