Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
Last-Modified
Accept-Ranges
Pragma
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
Expect-CT
Via
X-XSS-Protection
X-Cache
Age
Access-Control-Allow-Origin
Content-Security-Policy
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Served-By
X-Amz-Cf-Id
X-Varnish
Referrer-Policy
X-Xss-Protection
X-Timer
CF-Cache-Status
X-FRAME-OPTIONS
Access-Control-Allow-Headers
X-AspNet-Version
X-Request-Id
Access-Control-Allow-Methods
X-Runtime
X-Download-Options
Access-Control-Allow-Credentials
X-Drupal-Cache
X-Cacheable
Alt-Svc
X-Request-ID
X-Generator
Content-Security-Policy-Report-Only
X-Check
X-AspNetMvc-Version
X-Adblock-Key
Status
X-Cache-Status
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Permitted-Cross-Domain-Policies
X-Template
X-Iinfo
X-Language
Content-Encoding
X-Content-Security-Policy
X-Turbo-Charged-By
X-CDN
X-Buckets
X-Type
Keep-Alive
Xkey
X-AH-Environment
X-Cache-Group
WPE-Backend
X-Pass-Why
X-Backend
Access-Control-Max-Age
X-Age
Upgrade
CF-Ray
X-Server
X-POWERED-BY
Access-Control-Expose-Headers
EagleId
X-Via
X-Nginx-Cache-Status
X-Server-Powered-By
X-Drupal-Dynamic-Cache
X-Pingback
X-Varnish-Cache
X-Amz-Id-2
X-Amz-Request-Id
X-Hacker
Grace
X-UA-Device
X-Swift-SaveTime
X-Swift-CacheTime
X-Robots-Tag
Ali-Swift-Global-Savetime
P3p
Cf-Railgun
X-LiteSpeed-Cache
X-Proxy-Cache
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Ua-Compatible
Request-Context
X-Device
Content-Location
X-Ac
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Cnection
X-Amz-Version-Id
X-Host
X-Server-Id
X-Node
Surrogate-Control
X-Cache-Lookup
X-Backend-Server
X-Rq
X-WebKit-CSP
X-Response-Time
X-Rack-Cache
X-Readtime
X-Application-Context
EagleEye-TraceId
X-OneAgent-JS-Injection
Server-Timing
X-CST
X-Cloud-Trace-Context
X-Url
Pinterest-Generated-By
Report-To
Request-Id
X-Instart-Request-ID
X-TTL
X-Country
X-ORACLE-DMS-ECID
X-Px
X-Clacks-Overhead
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Feature-Policy
Edge-Control
X-Country-Code
Rating
Allow
X-ESI
X-DataDome
X-Powered-CMS
X-TtlSet
X-PC
X-Vname
X-Dns-Prefetch-Control
X-Server-Name
NEL
X-DynaTrace-JS-Agent
X-FTR-Request-ID
Charset
X-Origin-Cache
X-DynaTrace
X-MS-InvokeApp
X-Cached
X-Goog-Hash
X-Vhost
X-GitHub-Request-Id
X-Recruiting
X-VARITI-CCR
X-Varnish-TTL
RTSS
X-F-Cache
X-Version
Content-MD5
X-Exp-Id
X-Cdn-Fetch
X-Geo-Segment
X-Kinja-Server
X-Kinja-Revision
X-Kinja-Build
X-Kinja
X-Exp-Variant
X-GoogleNews-Bot
X-Powered-By-Plesk
Accept-CH
Public-Key-Pins
PB-RID
PB-PID
Arc-Version
X-D2id
X-Mobile-Rewrite
X-Mod-Pagespeed
MS-Author-Via
Verso
X-Client-IP
Pinterest-Version
X-Pinterest-Rid
X-Upstream-Env
X-Abt-Application-Version
X-ORACLE-DMS-RID
SPRequestGuid
X-Dispatcher
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-N
X-SharePointHealthScore
X-Ruxit-JS-Agent
X-CF-Powered-By
X-Amz-Rid
Nginx-Cache
Accept-CH-Lifetime
X-Navigation-Version
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-Dw-Request-Base-Id
X-Fastly-Request-ID
X-Trace
Paypal-Debug-Id
X-T
X-Forwarded-Proto
DynaTrace
X-DIS-Request-ID
X-Hits
X-Varnish-Age
X-Upstream
X-Grace
X-Origin-Upstream-Status
AR-PoweredBy
AR-ATIME
SPRequestDuration
SPIisLatency
X-Amz-Meta-S3cmd-Attrs
Arr-Disable-Session-Affinity
TCN
AR-CACHE
X-Id
X-Pad
X-Shield-Request-Id
X-Content-Options
X-Content-Digest
X-NF-Request-ID
Realpath
X-Mrf-Item-Lastmod
MRF-Tech
X-Mrf-Section-Lastmod
X-HW
Mrf-Cache-Status
X-Kinsta-Cache
Access-Control-Request-Method
X-FastCGI-Cache
X-IPLB-Instance
X-Acc-Meta-Resource-Type
X-Cache-Hit
X-Goog-Stored-Content-Length
X-Server-ID
X-Goog-Generation
X-B
X-Oracle-Dms-Rid
X-Goog-Metageneration
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Logged-In
X-Vcap-Request-Id
X-Debug
X-SS-Set-Cookie
X-NewRelic-App-Data
X-Wix-Server-Artifact-Id
X-Ser
S
Service-Worker-Allowed
Tracecode
X-MSEdge-Ref
X-Cache-Key
X-PressLabs-Stats
Server-Name
X-Frontend
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-Cache-Status
X-FTR-DC
X-FTR-Realm
X-FTR-Backend
X-Country-Code-Real
AMP-Access-Control-Allow-Source-Origin
Fastly-Restarts
AR-SID
X-XRDS-Location
X-FTR-Expires
Rt-Fastcgi-Cache
Surrogate-Key
X-Forwarded-For
Fastcgi-Cache
X-Accel-Buffering
X-HeyJason
X-Do-Not-Hack
Permitted-Cross-Domain-Policies
X-XRDS-LOCATION
Eomportal-Instance
X-Cache-Rule
Backend-Timing
X-Analytics
Alternate-Protocol
Host
X-HS-Hub-Id
Cleartype
X-HS-Content-Id
TP-L2-Cache
TP-Cache
X-Srv
FilterID
Cache-Status
X-Revision
X-Rid
Public-Key-Pins-Report-Only
X-Whom
X-FTR-Cache-Host
X-Debug-Info
X-User-Agent
X-Akam-SW-Version
Front-End-Https
ServerID
X-Ttl
X-TA-CDN-Provider
X-GUploader-UploadID
X-Mobile
X-AOL-HN
X-Varnish-Backend
Accept-Charset
X-RateLimit-Remaining
X-Cache-2
X-Via-JSL
X-Webkit-CSP
X-VCache
X-Cdn
X-Request-Processing-Time
X-NWS-LOG-UUID
X-Request-Received
X-Iejgwucgyu
X-Content-Powered-By
X-Zen-Fury
X-Correlation-Id
X-Kinja-Server-Push
X-Cached-By
X-WPE-Loopback-Upstream-Addr
X-Oneagent-Js-Injection
X-App-Environment
Viewport
X-Node-Name
X-LB-Cache
X-Tumblr-Pixel
X-Tumblr-User
X-Page-Id
X-Varnish-Hostname
X-Cluster
X-Magnolia-Registration
X-Tumblr-Pixel-0
X-Framework
Liferay-Portal
X-Handled-By
X-Request-Guid
X-Akamai-Edgescape
X-Device-Type
X-TT
Host-Header
X-Signature
X-Platform-Server
X-Content-Security-Policy-Report-Only
X-Cache-Control
X-B-Cache
X-B3-Sampled
X-BCube-Filmed-By
X-FB-Debug
Upgrade-Insecure-Requests
X-Instance
DC
Cache-Tag
X-Middleton-Display
X-Sol
Display
X-Cache-Server
X-Hostname
X-Amzn-Trace-Id
X-Origin-Server
MicrosoftSharePointTeamServices
X-B3-Traceid
Server-Node
X-TT-TIMESTAMP
X-Accel-Expires
X-Webkit-Csp
Source
X-WA-Info
Retry-After
X-Varnish-Server
X-Fastcgi-Cache
X-Contextid
X-Servedby
X-Distil-CS
HitType
Server-Info
HitInfo
X-Cache-Action
X-Seen-By
X-Wix-Request-Id
X-Cache-Operation
Content-Script-Type
Content-Style-Type
X-GeoIP
User-Agent
X-Amz-Replication-Status
Webserver
X-APP-VERSION
X-Edge-Location
X-S
X-Tumblr-Pixel-1
X-RequestSource
X-Tumblr-Pixel-2
GEO-INFO
X-Jobs
Actual-Object-TTL
X-Locale
X-Status
X-WebKit-CSP-Report-Only
SRV
X-Response-Served-From
X-Region
X-Generated-By
X-FW-Server
X-Edge-Cache
X-FW-Serve
AsisCache
X-ATG-Version
X-FW-Hash
X-FW-Type
X-FW-Static
X-Edge-Cache-Key
ServedBy
X-Adobe-Loc
X-Varnish-Hits
X-UUID
X-Adobe-Content
X-Drupal-Cache-Tags
Refresh
Response
X-Middleton-Response
X-TX-ID
X-Port
Healthy
X-Cache-NE
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Hyper-Cache
X-Geo-Country
X-DataStream-Cache-Status
X-Cache-TTL-Remaining
X-Cache-Age
Payment
S-Cnection
X-Esi
IBM-Web2-Location
X-Varnish-Grace
X-Content-Type
X-Amz-Server-Side-Encryption
Datacenter
Filters
X-Activity-Id
X-Az
X-Daa-Tunnel
X-AppVersion
X-Newrelic-App-Data
NGB
Edge-Cache-Tag
X-HS-Cache-Config
Country
X-Cache-Remote
X-UA
Served-By
X-Pc-Hit
X-Pc-Key
X-Pc-Appver
X-Cache-TTL
X-Cacheable-TTL
X-CDN-Forward
Powered-By-ChinaCache
X-Sucuri-ID
X-App-Server
X-Proxied
X-HS-Combine-CSS
X-Vg-Webcache
X-Varnish-IP
X-Akamai-Transformed
X-Mode
Machine
Meta-Geo
X-Rule
X-Kong-Proxy-Latency
X-Mrs-Cache-Hits
X-Kong-Upstream-Latency
Load-Balancing
X-RN-RSRV
X-Rendered-As
X-RemovedCookies
X-Cache-Var
X-Cache-Var-Map
X-Mrs-Cache
X-Detected-As
X-Mrs-Age
X-ProcessESI
X-Is-Bot
X-Mshield-Cache-Status
X-Proxy
HostName
Pagespeed
X-FC-Vary-Parameters
X-Rocket-Nginx-Bypass
Access-Control-Allow-Method
TWC-Locale-Group
TWC-Privacy
Webcakes-App-Name
X-Varnish-Cacheable
TWC-GeoIP-LatLong
TWC-GeoIP-Country
OT-Force-Account-Verify
Property-Id
TWC-Connection-Speed
TWC-Device-Class
X-Tb
X-ServerID
X-Origin
Cache-Name
X-Human
X-Hosted-By
X-Origin-Hint
X-Amz-Meta-Surrogate-Control
Mn-Server-Ip
DB-Nickname
Webcakes-App-Version
Webcakes-Region
X-Varnish-Cache-Hits
Backend
X-Format
X-EIG-Tracking-Id
X-CDN-Cache
X-Cache-Category-Id
X-Generated
X-Grey
X-NodeID
X-Loop
X-JoinUs
X-BYPASS-REASON
X-BB-IP
Azure-Version
User-Cache-Control
ServerName
S-Rt
Azure-SlotName
Azure-SiteName
X-Access
Azure-InstanceId
Azure-RegionName
X-OCL
X-Hit
X-Original-Request
X-Routing-Service
X-ProxyCache-Status
X-Site-Version
X-TNCMS
X-Zipkin-Id
X-Upgrade-Enabled
X-ProxyCache-Key
X-Section
X-OVcl-Cache
X-OVcl
X-PCL
X-TWH-CORRELATION-ID
X-LJ-Flow-ID
X-SplitTest
X-Timing-Wait
X-Www-Served-By
Now
L5d-Success-Class
X-NGENIX-Cache
Selected-FE
X-L-Path
X-VWS-Id
X-Agile-Age
X-Cache-Config
X-Pubstack
X-Debug-Cache
X-PERF
X-Environment-Context
Fastcgi-X-Cache-Version
X-AWS-Id
X-Proxy-Build
X-Agile-Id
X-ApacheServer
X-App-Name
X-Agile
X-IP
Fastcgi-Useragent
Cache-Key
Fastcgi-X-Cache
X-Viewer-Country
X-Via-Fastly
X-Origin-CC
Access-Control-Request-Headers
X-Drupal-Cache-Contexts
X-Ocache
X-Source
X-Upstream-CT
X-Upstream-HT
From-Origin
X-Nginx-Cache
X-HOST
X-RateLimit-Limit
X-URL
X-Backend-Name
X-CCM
X-Unique-ID
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Xfnlog-Site
X-Akamai-Request-ID
X-Forwarded-Host
LB
AR-Request-ID
X-Correlation-ID
X-Storage
Fastly-SSL
X-Pc-Host
X-Pc-Date
X-Litespeed-Cache
Cache
X-Vgn-Hpd-Reason
X-Real-IP
X-Ms-Request-Id
X-M-Reqid
X-Varnish-Beresp-Status
X-Qnm-Cache
X-M-Log
X-Feature
X-Ms-Lease-Status
X-Varnish-Beresp-Grace
X-Birta-Cache-Post
X-Ms-Version
NtCoent-Length
X-Ms-Blob-Type
X-Birta-Served
X-Time-Microsecs
X-NCache
X-App-Version
X-Labrador-Cache-Channel
ViewerVersion
X-Internal-Host
X-VG-TLSProxy
CACHE
X-Release
X-Distributor
X-Microcachable
Time
X-Ruxit-Js-Agent
X-Cluster-Node
X-EdgeConnect-Cache-Status
X-B3-Spanid
X-NC
X-Powered-By-ANYU
WZWS-RAY
Ar-Sid
X-Transaction
X-Twitter-Response-Tags
X-Sucuri-Cache
X-Connection-Hash
X-Cache-Backend
X-Logtrace-Id
Mobile-Detection-Method
X-IN-APIGATEWAY
Ec-Rule-Version
X-IN-WAF
Ajk
AKAMAI
X-BB-ID
Cache-Prefix
Arc-Country
X-Generation-Time
BehaviorPad-Version
X-IN-SSL-APIGATEWAY
Xc-Version
MD5-Digest
IsBot
X-DPWN-IS-SECURE
X-No-Session
X-PAYTM-SRV-ID
Cneonction
X-Org
X-NU-AKA-ACS-Version
X-Request-Time
X-From
X-Cache-Bucket
Fly-Cache
Fly-Request-Id
X-Cache-Enabled
X-G
Meta-Geo-Continent
X-Generated-In
X-Region-Sid
X-UE-Client-Country
X-Rojux
X-CF-Lambda-Version
Rendered-Blocks
X-Trv-Group
VivaBuild
X-CF-Lambda-Fn
X-Rewrite-Enabled
X-A-Dam
X-Real-Ip
X-A-Ccd
X-A
X-UA-Device-Type
Viewtype
V-Age
Server-Int
X-D
X-Server-Time
X-CUA
X-SRCache-Key
X-SIPLIST1
X-Server-By
REQUESTUUID
X-S-Cookie
T-Server
X-Destination
X-Date
X-ScT
X-Irp-Debug
Www
X-B-Cookie
X-A-Wwc
X-Accel-Expires-Debug
X-Via-CDN
X-Redis-Cache
X-Via-SSL
X-Via-Edge
X-Request-UUID
X-A-Dgt
X-Developer
X-Application
X-Dispatcher-Server
X-ARC
X-Died
X-VG-WebServer
NGX
X-A-Dcw
X-SERVER-NAME
X-Guploader-Uploadid
Frame-Options
Pagetype
X-FireWall-Port
Xserver
X-CS
Server-Host
GMS-Ver
X-Crawler
Country-Code
X-Hash
SN
NodeID
HA-Cloudapp
X-GeoIP-City
X-Hl-Ver
X-Amz-Meta-Cache-Control
HA-Servedtime
X-Eu-Site
HA-Ipaddr
Release
HA-Urlpath
X-Fastly-Cache
Powered
X-External-Request-Id
X-F5-Cache
Pragrma
HA-Host
Magicmarker
HA-Geolon
X-Cache-CFC
HA-Geolat
HA-Geocountry
HA-Georegion
Origin-Cache-Control
Origin-Edge-Control
X-CGP
Ha-Gx-Prefs
HA-Geocity
X-Platform
X-Node-Id
X-C
X-Varnish-Action
X-We-Are-Hiring
X-WebServer
X-Web-Node
X-Owner
X-UnsetCookies
X-Key
X-S-Maxage
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Phone
X-Wikidot-Backend
X-Origin-TTL
Backend-Name
X-Layer
X-Wikidot-Static-Cache
X-Store
X-Instance-Name
X-Alternate-Cache-Key
X-Webstats-RespID
XServer
X-Ezoic-Cdn
X-ShopId
X-ShardId
X-Shopify-Stage
X-Varnish-Beresp-Ttl
X-Sorting-Hat-ShopId
X-GZip
X-Sorting-Hat-PodId
X-Swa-Ws
X-Core-Mission
Thinkindot-Control
X-Core-Value
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
X-Actual-URL
Uber-Trace-Id
X-Debug-Cookies
X-Debug-Log
X-Secret
X-Server-IP
Section-Io-Cache
X-Croise-Owner
X-Stale
X-TT-LOGID
X-Backend-Host
X-Block-Status
X-Var-Ttl
X-Variation
X-Backend-Url
X-VServer
X-VCT
X-Backend-TTL
X-Cdn-Srv
X-Up
X-Clientip
X-Thinkindot-L3
X-Cache-Srv
X-Backend-State
X-Tumblr-Pixel-3
X-Cache-URL
X-Dc
Web-Mar-Node
X-Cache-Expires
X-Returned-From-DLL
X-MSEdge-Flight
X-FW-Version
X-Gannett-Site-Version
X-MSEdge-Features
X-MI-In-Market
X-Nginx-Cache-Key
X-Fetched-On
X-Passed-To-BeforeDispatch
X-Passed-To-DLL
Heartbleed
X-Passed-To
X-NX-Host
X-Gen-Mode
X-Matched-Rule
Countrycode
X-Hnp-Log
Apple-News-Services-Parsed-Url
X-HTML-Minification-Powered-By
Apple-News-Services-Request-Url
Apple-News-Services-Host
Apple-News-Services-Handled
X-ElasticPress-Search
Adler-Geo
X-Location
X-GeoIP-Country-Code
X-Returned-From-PostProcessResponse
X-Passed-To-PostProcessResponse
X-Reboot
Origin
X-Returned-From
X-Returned-From-BeforeDispatch
Is-Eu
X-Response-By
Odigeo-Trace-Id
MI-Cache-Age
MI-Cache
X-Epic-Correlation-Id
ProcessTime
Proxy-Connection
Platform
MI-API
X-Policy
X-Developers
X-V
X-B3-TraceId
X-NWS-UUID-VERIFY
X-Servername
X-Cdn-Origin
X-Cache-Host
X-Trace-Id
X-RCS-CacheZone
X-Request-URI
X-Sf
X-Sn-Servicetimems
X-ServiceProvider
Request-EU
Decoy-Debug-Status
On-Server
Request-Country
Decoy-Debug-TTL
Kp-EeAlive
Cache-Tags
Content-Disposition
CDCHOST
HTTPS
Decoy-Debug-Key
Resin-Trace
Esi-Enabled
X-Newrelic-Synthetics
X-Endurance-Cache-Level
X-TIME
PageSpeed
X-Rebelmouse-Surrogate-Control
X-Worker
X-Rebelmouse-Cache-Control
Cache-Cookie-Set-From
Fastly-SIE
Host-ID
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
Fastly-Backend-Name
MIME-Version
RNT-Time
Warning
Server-ID
True-Client-Country-4JS
RNT-Machine
X-Ckpd-Fst-Backend
X-Fstrz
X-Content-Age
Fastly-SWR
X-Skip-Cache
X-Device-Os
X-Nc
X-Surge-Debug
X-Alicdn-Da-Ups-Status
RequestId
X-CACHE-AGE
X-Pf-Uncompressing
Cteonnt-Length
X-PHP-Backend
X-Ua
Request-Time
Sid
PFcat
X-Proto
X-Req
X-Aed
X-Csrf-Token
X-Refresh
Mail-Subject
We-Hiring
X-Amz-Cf-Pop
X-GEO
Pramga
X-Dynatrace-Js-Agent
CF-IPCountry
X-Edge-IP
X-Pjax-Url
TSSecure
X-Planisys-CDN-TTL
WP-Super-Cache
X-CSRF-Token
X-Planisys-CDN-Cache
X-Ms-Lease-State
X-Planisys-CDN-Rules
X-Varnish-Ttl
X-Oss-Storage-Class
X-Geo
X-Oss-Server-Time
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Oss-Request-Id
X-Flog
X-ABtesting
GeoIp-Country-Code
X-Server-W
X-Servedbyhost
X-Hello
Geoip-Latitude
X-Ratelimit-Limit
X-Atg-Version
X-CLOUD-TRACE-CONTEXT
X-Page-Type
Dnion-Transfer-Encoding
X-Cdn-Forward
X-COUNTRY
X-Cache-ASPX
CDN
X-Time
Cdn
Lfy
X-GoCache-CacheStatus
X-Varnish-Url
X-Auto-Login
X-Varnish-Beresp-TTL
X-Oracle-Dms-Ecid
X-DC
Mime-Version
FSS-Proxy
FSS-Cache
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
X-Unique-Id
X-WA
MS-CV
X-Akamai-Request-ID2
Hostname
A
X-Aicache-OS
NnCoection
X-Origin-Date
X-Origin-Expires
NODE
X-Datadome
X-Via-NSCOPI
X-GRACE
Rt-Proxy-Cache
PageType
X-Cache-Control-Set-By
X-EC-Security-Audit
X-Sentry-ID
X-Varnish-HitMiss
X-HCF
X-Check-Cacheable
Node
SD-X-WS
X-Cache-Id
Memcached
X-Thanos
X-Bip
X-MP-GENERATED-AT
WWW-Authenticate
X-APP
X-Wa
X-Be
X-UPSTREAM-Address
X-Cache-Info
X-Served-From
X-Server-Group
X-Use-Magma
Geoip-City
X-Request-Start
X-PAGE-TYPE
X-Varnish-URL
X-NODE
X-Proxy-Server
GeoIP-City
X-Ratelimit-Remaining
X-Wix-Route-ID
X-SRV
GeoIP-Country-Code
Memory
GeoIP-Latitude
PICS-Label
Processtime
X-Nananana
GW-Server
X-CACHE-KEY
Ms-Operation-Id
X-RTag
UCS
X-Cookie
X-From-Cache
X-Fastly-Cache-Hits
X-GDPR
X-ServedByHost
Cdn-Host
X-Edge-Server
X-Gen-Id
X-User
X-Gdpr
Cdn-Request-Time
DataCenter
X-WR-MODIFICATION
X-Load-Cache
Cache-Hits
X-FORWARDED-FOR
X-HS-Status
X-Fastly-Backend-Reqs
COMMERCE-SERVER-SOFTWARE
X-PJAX-URL
Dont-Set-Cookie
Pics-Label
Cf-Ipcountry
X-Goog-Meta-Goog-Reserved-File-Mtime
Accept-Language
X-Swift-Error
X-Vcache
Lb
X-LI-Proto
X-Li-Pop
X-Env
X-LI-UUID
Get-Access-Time
X-Urbn-Site-Id
X-Urbn-Context-Path
X-B3-SpanId
X-RateLimit-Reset
X-Cache-Debug
Locale
Group
X-Cache-HT
X-Li-Fabric
X-Optimization
Is-Session-Tracking
X-Cache-Ttl
X-BBXSRF
V-Cache
X-Path-Route
X-Info
X-Dw-Trace-Id
Who
X-CDN-Pop
X-CDN-Pop-IP
X-Fe
X-VG-WebCache
Amp-Access-Control-Allow-Source-Origin
X-ID
X-Bug-Bounty
NX-Cache
X-Cache-FS-Status
URI
Xet-Cookie
AGE-Hash
Fastly-Soc-X-Request-Id
Requestid
X-Content-Encoded-By
X-GZIP
X-PF-Uncompressing
X-Ver
X-Qloud-Router
SS
Serverid
X-NGINX-Cache
Ws
X-Meta-Tbi-Cache-Vertical
X-VC
CDN-Node
X-Akamai-SSL-Client-Sid
X-P-T
X-Ibm-Trace
X-SB
N-Cache
CDN-Cache
X-CacheKey
X-Varnish-Info
CDN-Cache-Hit
X-SN
SID
X-Serial
X-Shard
X-ServerName
X-Route-Name
X-Grace-Duration
Https
X-Akamai-ERRuleID
X-Providence-Cookie
X-Is-Crawler
X-Akamai-ERPolicy
X-Litespeed-Cache-Control
Httpd-Identifier
X-Flags
X-RequestId