Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
Last-Modified
Accept-Ranges
Pragma
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
Expect-CT
Via
X-XSS-Protection
X-Cache
Age
Access-Control-Allow-Origin
Content-Security-Policy
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Served-By
X-Amz-Cf-Id
X-Varnish
Referrer-Policy
X-Xss-Protection
X-Timer
CF-Cache-Status
X-FRAME-OPTIONS
Access-Control-Allow-Headers
X-AspNet-Version
X-Request-Id
Access-Control-Allow-Methods
X-Runtime
X-Download-Options
Access-Control-Allow-Credentials
X-Drupal-Cache
X-Cacheable
Alt-Svc
X-Request-ID
X-Generator
Content-Security-Policy-Report-Only
X-Check
X-AspNetMvc-Version
Status
X-Adblock-Key
X-Cache-Status
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Permitted-Cross-Domain-Policies
X-Template
X-Iinfo
X-Language
Content-Encoding
X-Content-Security-Policy
X-Turbo-Charged-By
X-CDN
X-Type
X-Buckets
Keep-Alive
Xkey
X-AH-Environment
X-Cache-Group
X-Backend
WPE-Backend
X-Pass-Why
Access-Control-Max-Age
X-Age
Upgrade
CF-Ray
X-Server
X-POWERED-BY
EagleId
Access-Control-Expose-Headers
X-Via
X-Nginx-Cache-Status
X-Server-Powered-By
X-Drupal-Dynamic-Cache
X-Pingback
X-Varnish-Cache
X-Amz-Request-Id
X-Amz-Id-2
X-Hacker
Grace
X-UA-Device
X-Swift-CacheTime
X-Swift-SaveTime
X-Robots-Tag
Ali-Swift-Global-Savetime
P3p
Cf-Railgun
X-LiteSpeed-Cache
X-Proxy-Cache
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Ua-Compatible
Request-Context
Content-Location
X-Device
X-Ac
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Cnection
X-Amz-Version-Id
X-Node
X-Host
X-Server-Id
X-Cache-Lookup
Surrogate-Control
X-WebKit-CSP
X-Backend-Server
X-Rq
X-Rack-Cache
X-Response-Time
X-Readtime
X-Application-Context
EagleEye-TraceId
Server-Timing
X-CST
X-Url
X-OneAgent-JS-Injection
X-Cloud-Trace-Context
Pinterest-Generated-By
Request-Id
Report-To
X-Instart-Request-ID
X-TTL
X-Country
X-ORACLE-DMS-ECID
X-Px
X-Clacks-Overhead
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Feature-Policy
Edge-Control
X-Country-Code
Rating
Allow
X-ESI
X-DataDome
X-DynaTrace-JS-Agent
X-Powered-CMS
X-PC
X-Vname
X-TtlSet
X-Dns-Prefetch-Control
Charset
X-Server-Name
X-FTR-Request-ID
X-Origin-Cache
X-DynaTrace
NEL
X-MS-InvokeApp
X-Cached
X-Goog-Hash
X-Vhost
X-Recruiting
X-Varnish-TTL
X-GitHub-Request-Id
X-VARITI-CCR
RTSS
X-Version
Content-MD5
X-F-Cache
X-Kinja-Build
X-Exp-Id
X-Kinja-Server
X-Exp-Variant
X-Kinja
X-Geo-Segment
X-Cdn-Fetch
X-Kinja-Revision
X-GoogleNews-Bot
X-Powered-By-Plesk
X-ORACLE-DMS-RID
Public-Key-Pins
Accept-CH
PB-RID
PB-PID
X-Mobile-Rewrite
Arc-Version
X-D2id
X-Mod-Pagespeed
MS-Author-Via
Verso
X-Pinterest-Rid
X-Client-IP
X-Upstream-Env
Pinterest-Version
X-Abt-Application-Version
SPRequestGuid
X-Dispatcher
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-N
X-CF-Powered-By
X-SharePointHealthScore
X-Amz-Rid
Nginx-Cache
X-Navigation-Version
Accept-CH-Lifetime
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Dw-Request-Base-Id
X-Ruxit-JS-Agent
X-Fastly-Request-ID
X-Trace
Paypal-Debug-Id
DynaTrace
AR-PoweredBy
X-T
AR-ATIME
X-Forwarded-Proto
X-Varnish-Age
X-Hits
AR-CACHE
X-Grace
X-Origin-Upstream-Status
X-Upstream
X-DIS-Request-ID
Arr-Disable-Session-Affinity
TCN
X-Amz-Meta-S3cmd-Attrs
SPIisLatency
SPRequestDuration
X-Id
X-Pad
X-Shield-Request-Id
X-Content-Options
X-Content-Digest
Realpath
X-NF-Request-ID
Access-Control-Request-Method
X-Kinsta-Cache
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
Mrf-Cache-Status
X-FastCGI-Cache
X-IPLB-Instance
MRF-Tech
X-Cache-Hit
X-HW
X-Acc-Meta-Resource-Type
X-Logged-In
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Goog-Generation
X-Goog-Metageneration
X-Server-ID
X-B
X-Vcap-Request-Id
X-SS-Set-Cookie
X-Debug
X-NewRelic-App-Data
AR-SID
X-Wix-Server-Artifact-Id
S
X-Ser
Service-Worker-Allowed
X-MSEdge-Ref
X-Oracle-Dms-Rid
Tracecode
X-Do-Not-Hack
X-Cache-Key
X-HeyJason
Permitted-Cross-Domain-Policies
Server-Name
X-PressLabs-Stats
X-Country-Code-Real
X-Frontend
X-FTR-Cache-Status
X-FTR-Backend
X-FTR-Realm
X-FTR-DC
X-FTR-Balancer
X-FTR-Backend-Server
AMP-Access-Control-Allow-Source-Origin
X-FTR-Expires
X-XRDS-Location
Fastly-Restarts
Rt-Fastcgi-Cache
X-Forwarded-For
Surrogate-Key
Fastcgi-Cache
X-XRDS-LOCATION
X-Accel-Buffering
Alternate-Protocol
X-Cache-Rule
Eomportal-Instance
X-Analytics
Cleartype
Cache-Status
Backend-Timing
X-Srv
Host
TP-L2-Cache
X-HS-Hub-Id
TP-Cache
X-HS-Content-Id
X-Revision
X-Rid
X-GUploader-UploadID
Public-Key-Pins-Report-Only
X-Whom
X-FTR-Cache-Host
FilterID
X-Debug-Info
X-User-Agent
X-Oneagent-Js-Injection
X-Akam-SW-Version
X-RateLimit-Remaining
X-Ttl
ServerID
X-TA-CDN-Provider
Front-End-Https
X-AOL-HN
X-Varnish-Backend
X-VCache
X-Mobile
Accept-Charset
X-Cache-2
X-Via-JSL
X-NWS-LOG-UUID
X-Webkit-CSP
X-Request-Received
X-Content-Powered-By
X-Request-Processing-Time
X-Cdn
X-Zen-Fury
X-Kinja-Server-Push
X-Correlation-Id
X-Cached-By
X-WPE-Loopback-Upstream-Addr
Viewport
X-App-Environment
X-Node-Name
X-LB-Cache
X-Page-Id
X-Cluster
X-Magnolia-Registration
Host-Header
X-Varnish-Hostname
X-Tumblr-User
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Device-Type
X-Cache-Control
X-Akamai-Edgescape
Liferay-Portal
X-Framework
X-Request-Guid
X-TT
X-Handled-By
Upgrade-Insecure-Requests
X-Signature
X-B-Cache
X-B3-Sampled
X-Content-Security-Policy-Report-Only
X-FB-Debug
X-Platform-Server
X-BCube-Filmed-By
DC
X-Instance
Cache-Tag
X-B3-Traceid
X-Iejgwucgyu
X-Cache-Server
X-Middleton-Display
X-Sol
X-Hostname
Display
X-Origin-Server
Server-Node
X-Amzn-Trace-Id
MicrosoftSharePointTeamServices
X-TT-TIMESTAMP
X-Accel-Expires
Source
Retry-After
X-WA-Info
X-Varnish-Server
X-Fastcgi-Cache
X-Servedby
X-Contextid
Server-Info
HitType
HitInfo
X-Distil-CS
X-APP-VERSION
X-Cache-Action
X-Cache-Operation
X-Seen-By
X-Wix-Request-Id
Content-Style-Type
Content-Script-Type
X-GeoIP
X-Amz-Replication-Status
Webserver
User-Agent
X-RequestSource
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
Actual-Object-TTL
X-WebKit-CSP-Report-Only
X-Edge-Location
X-Jobs
X-Locale
GEO-INFO
X-Status
X-Edge-Cache-Key
X-FW-Hash
X-FW-Static
X-FW-Server
X-Port
X-UUID
X-Edge-Cache
X-Region
X-FW-Serve
X-FW-Type
X-Response-Served-From
X-S
AsisCache
SRV
X-Drupal-Cache-Tags
X-Varnish-Hits
X-TX-ID
ServedBy
X-Adobe-Content
X-Generated-By
X-Adobe-Loc
Healthy
X-ATG-Version
Refresh
X-Hyper-Cache
X-Geo-Country
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Middleton-Response
Response
X-Cache-NE
X-DataStream-Cache-Status
X-Cache-Age
X-Cache-TTL-Remaining
Payment
X-Daa-Tunnel
S-Cnection
X-Esi
X-Varnish-Grace
IBM-Web2-Location
X-Amz-Server-Side-Encryption
X-Content-Type
Filters
Datacenter
NGB
X-Activity-Id
X-AppVersion
X-Az
X-CDN-Forward
X-Cache-Remote
X-Newrelic-App-Data
X-Pc-Key
X-Pc-Hit
X-Pc-Appver
Country
X-UA
X-Webkit-Csp
Edge-Cache-Tag
X-Proxied
X-HS-Cache-Config
Served-By
X-Cache-TTL
X-Cacheable-TTL
X-Vg-Webcache
X-App-Server
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Sucuri-ID
X-Varnish-IP
X-Mode
X-Akamai-Transformed
X-HS-Combine-CSS
X-ProcessESI
X-Rendered-As
X-RemovedCookies
Load-Balancing
Machine
Meta-Geo
X-Rule
X-RN-RSRV
X-Cache-Var
Pagespeed
X-Cache-Var-Map
X-Is-Bot
X-Detected-As
X-Proxy
X-Rocket-Nginx-Bypass
X-FC-Vary-Parameters
Powered-By-ChinaCache
TWC-GeoIP-Country
TWC-Device-Class
TWC-Locale-Group
Cache-Name
TWC-Connection-Speed
TWC-GeoIP-LatLong
X-Human
Backend
X-Grey
X-Mrs-Cache
X-Mrs-Cache-Hits
X-Mshield-Cache-Status
Mn-Server-Ip
X-Mrs-Age
X-ProxyCache-Key
X-ProxyCache-Status
Property-Id
X-Amz-Meta-Surrogate-Control
X-Hosted-By
TWC-Privacy
X-Origin-Hint
X-Origin
Webcakes-Region
X-OCL
X-Varnish-Cacheable
Access-Control-Allow-Method
X-Varnish-Cache-Hits
X-PCL
X-Cache-Category-Id
X-BYPASS-REASON
Webcakes-App-Version
X-Tb
X-ServerID
Webcakes-App-Name
User-Cache-Control
Azure-InstanceId
Azure-SlotName
Azure-SiteName
X-BB-IP
X-CDN-Cache
X-EIG-Tracking-Id
X-Debug-Cache
DB-Nickname
L5d-Success-Class
Azure-RegionName
ServerName
X-Loop
X-Upgrade-Enabled
X-JoinUs
X-NodeID
X-Zipkin-Id
X-OVcl-Cache
OT-Force-Account-Verify
X-Original-Request
X-TNCMS
X-Site-Version
S-Rt
X-Generated
X-Format
X-Hit
X-OVcl
X-Section
X-Routing-Service
X-Access
Now
Azure-Version
X-AWS-Id
X-App-Name
X-Cache-Config
X-Environment-Context
X-RateLimit-Limit
X-ApacheServer
X-Agile-Id
Selected-FE
X-Unique-ID
X-Agile
X-Agile-Age
X-IP
X-L-Path
X-Via-Fastly
X-Timing-Wait
X-Viewer-Country
X-VWS-Id
X-Www-Served-By
X-SplitTest
X-Pubstack
X-LJ-Flow-ID
X-NGENIX-Cache
X-PERF
X-Proxy-Build
Fastcgi-X-Cache-Version
X-TWH-CORRELATION-ID
Access-Control-Request-Headers
Fastcgi-Useragent
Fastcgi-X-Cache
Cache-Key
X-Origin-CC
X-CCM
HostName
X-Drupal-Cache-Contexts
X-Ocache
X-Upstream-HT
X-Source
X-Upstream-CT
X-HOST
X-Nginx-Cache
X-Backend-Name
X-Xfnlog-Site
AR-Request-ID
X-URL
From-Origin
X-Akamai-Request-ID
X-Amz-Apigw-Id
X-Amzn-RequestId
Cache
X-Real-IP
X-Pc-Host
X-Pc-Date
X-Storage
X-Vgn-Hpd-Reason
X-Correlation-ID
X-Forwarded-Host
X-Litespeed-Cache
X-Ruxit-Js-Agent
Fastly-SSL
LB
NtCoent-Length
X-Ms-Version
X-Time-Microsecs
X-M-Reqid
X-Qnm-Cache
X-NCache
X-Feature
X-M-Log
X-Ms-Blob-Type
X-Ms-Request-Id
X-Ms-Lease-Status
X-Internal-Host
X-Birta-Cache-Post
X-Varnish-Beresp-Grace
X-Birta-Served
X-Varnish-Beresp-Status
X-Labrador-Cache-Channel
X-VG-TLSProxy
X-Release
X-Distributor
X-NC
X-Microcachable
X-EdgeConnect-Cache-Status
ViewerVersion
X-UA-Device-Type
X-B3-Spanid
Time
X-App-Version
XServer
WZWS-RAY
Pagetype
X-Connection-Hash
X-Powered-By-ANYU
CACHE
X-Twitter-Response-Tags
X-Cluster-Node
X-Cache-Backend
X-Transaction
X-Accel-Expires-Debug
Cache-Prefix
X-Cache-Enabled
X-IN-WAF
X-IN-APIGATEWAY
Frame-Options
X-NU-AKA-ACS-Version
X-B-Cookie
X-ARC
X-Application
X-From
X-PAYTM-SRV-ID
Ajk
AKAMAI
BehaviorPad-Version
Cneonction
Ec-Rule-Version
X-A-Ccd
X-A-Dam
X-Sucuri-Cache
Fly-Cache
X-BB-ID
X-A
X-IN-SSL-APIGATEWAY
Www
X-G
X-A-Dcw
X-Org
X-A-Dgt
X-A-Wwc
Fly-Request-Id
X-Request-Time
X-Cache-Bucket
X-Redis-Cache
X-Region-Sid
X-Request-UUID
X-Generated-In
T-Server
X-Date
Mobile-Detection-Method
X-Trv-Group
X-Destination
NGX
X-D
X-CUA
Xc-Version
Viewtype
V-Age
IsBot
MD5-Digest
X-UE-Client-Country
X-Developer
X-Via-Edge
X-Via-CDN
X-Generation-Time
X-Via-SSL
Rendered-Blocks
X-DPWN-IS-SECURE
X-VG-WebServer
Server-Int
X-WebServer
X-Died
X-Dispatcher-Server
X-Logtrace-Id
X-SRCache-Key
Meta-Geo-Continent
X-CF-Lambda-Fn
Arc-Country
X-Server-Time
X-Rojux
X-Server-By
X-ScT
VivaBuild
X-S-Cookie
X-Rewrite-Enabled
X-CF-Lambda-Version
X-SIPLIST1
X-Irp-Debug
X-No-Session
X-SERVER-NAME
X-C
X-FireWall-Port
X-Layer
Powered
X-Owner
X-Origin-TTL
HA-Geocity
HA-Geolon
Country-Code
Backend-Name
Release
GMS-Ver
HA-Geocountry
HA-Cloudapp
X-Key
HA-Servedtime
HA-Ipaddr
HA-Urlpath
HA-Geolat
Magicmarker
Web-Mar-Node
NodeID
HA-Host
Origin-Edge-Control
Server-Host
Origin-Cache-Control
X-Node-Id
Ha-Gx-Prefs
SN
HA-Georegion
X-Hl-Ver
REQUESTUUID
X-F5-Cache
X-Instance-Name
X-CS
X-External-Request-Id
X-Crawler
X-Core-Value
X-Hash
X-S-Maxage
X-Fastly-Cache
X-Amz-Meta-Cache-Control
X-GZip
X-Store
X-Varnish-Action
X-VCT
X-GeoIP-City
X-VServer
X-UnsetCookies
X-We-Are-Hiring
X-Eu-Site
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-Web-Node
X-Gen-Mode
X-CGP
X-RateLimit-Remaining-Second
X-Cache-CFC
X-RateLimit-Limit-Second
X-Policy
X-Phone
X-Platform
X-Hnp-Log
X-Block-Status
X-Sorting-Hat-ShopId
X-Shopify-Stage
X-Webstats-RespID
X-Sorting-Hat-PodId
X-Alternate-Cache-Key
X-ShardId
X-ShopId
X-NWS-UUID-VERIFY
X-Backend-State
X-Backend-Host
X-Epic-Correlation-Id
Request-EU
X-Developers
Section-Io-Cache
X-Backend-Url
X-Debug-Log
X-Backend-TTL
X-Location
X-Actual-URL
Thinkindot-Control
X-Fetched-On
X-Cache-Expires
X-Cdn-Srv
X-Cache-URL
X-Cache-Srv
X-GeoIP-Country-Code
Request-Country
X-Clientip
X-Core-Mission
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
X-FW-Version
Uber-Trace-Id
X-HTML-Minification-Powered-By
X-Croise-Owner
X-Debug-Cookies
X-Gannett-Site-Version
X-RCS-CacheZone
X-Passed-To-PostProcessResponse
Proxy-Connection
X-Reboot
X-Response-By
X-Request-URI
X-Passed-To-BeforeDispatch
Apple-News-Services-Handled
CDCHOST
X-Passed-To
X-Dc
Apple-News-Services-Request-Url
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
X-Returned-From
X-Returned-From-BeforeDispatch
X-TT-LOGID
X-Thinkindot-L3
X-Tumblr-Pixel-3
X-Up
MIME-Version
X-Var-Ttl
X-Swa-Ws
X-Stale
X-Returned-From-DLL
X-V
X-Returned-From-PostProcessResponse
X-Secret
X-Sf
X-Server-IP
Countrycode
X-Passed-To-DLL
Kp-EeAlive
Heartbleed
MI-API
Odigeo-Trace-Id
MI-Cache-Age
X-Nginx-Cache-Key
MI-Cache
X-NX-Host
Origin
Pragrma
X-MI-In-Market
X-MSEdge-Flight
X-MSEdge-Features
Esi-Enabled
X-Matched-Rule
Ar-Sid
X-Real-Ip
Xserver
Server-ID
X-Content-Age
X-ServiceProvider
X-Sn-Servicetimems
X-Trace-Id
X-Device-Os
X-Variation
X-ElasticPress-Search
X-Worker
Resin-Trace
RNT-Machine
X-Servername
X-PHP-Backend
RNT-Time
Platform
On-Server
X-Fstrz
Adler-Geo
X-Endurance-Cache-Level
X-Ckpd-Fst-Backend
Fastly-Backend-Name
Cache-Tags
Content-Disposition
Decoy-Debug-Status
Decoy-Debug-TTL
HTTPS
Host-ID
X-Cdn-Origin
Decoy-Debug-Key
Warning
True-Client-Country-4JS
X-Cache-Host
Is-Eu
ProcessTime
X-Ezoic-Cdn
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
X-TIME
Cache-Cookie-Set-Lfrom
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
Fastly-SIE
X-Skip-Cache
Fastly-SWR
X-Alicdn-Da-Ups-Status
X-Guploader-Uploadid
X-Varnish-Beresp-Ttl
X-Newrelic-Synthetics
X-Pf-Uncompressing
RequestId
Sid
PFcat
Request-Time
X-CACHE-AGE
X-Proto
X-Req
PageSpeed
X-B3-TraceId
X-Ua
X-Surge-Debug
Cteonnt-Length
X-Nc
X-Refresh
We-Hiring
CF-IPCountry
X-Csrf-Token
Mail-Subject
X-Aed
X-Pjax-Url
X-GEO
X-CSRF-Token
CDN
X-Servedbyhost
X-Planisys-CDN-Rules
X-Oss-Storage-Class
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-Planisys-CDN-Cache
X-Planisys-CDN-TTL
WP-Super-Cache
Pramga
X-Oss-Request-Id
X-Oss-Server-Time
X-Varnish-Beresp-TTL
TSSecure
X-Edge-IP
X-Geo
X-Varnish-Ttl
X-Amz-Cf-Pop
GeoIp-Country-Code
X-Cache-ASPX
Geoip-Latitude
X-Ms-Lease-State
Dnion-Transfer-Encoding
X-CLOUD-TRACE-CONTEXT
X-Atg-Version
X-Server-W
X-Time
Hostname
X-GoCache-CacheStatus
X-Flog
X-ABtesting
X-Hello
X-COUNTRY
X-Page-Type
Cdn
X-DC
X-Oracle-Dms-Ecid
X-DataStream-Origin-MEX-Latency
X-Auto-Login
Lfy
X-Aicache-OS
X-Varnish-Url
X-DataStream-MidMile-RTT
X-WA
MS-CV
X-Ratelimit-Limit
NnCoection
X-Cdn-Forward
NODE
A
FSS-Cache
X-Origin-Date
X-Akamai-Request-ID2
Mime-Version
FSS-Proxy
X-Origin-Expires
X-Varnish-HitMiss
X-Unique-Id
X-GRACE
X-Cache-Control-Set-By
X-Datadome
X-Dynatrace-Js-Agent
X-HCF
X-Via-NSCOPI
SD-X-WS
Rt-Proxy-Cache
X-Sentry-ID
X-Server-Group
X-EC-Security-Audit
Node
PageType
WWW-Authenticate
X-APP
X-Check-Cacheable
X-Served-From
Processtime
X-Cache-Id
X-Varnish-URL
X-Wa
Memcached
Geoip-City
X-UPSTREAM-Address
X-Thanos
X-PAGE-TYPE
X-Bip
X-Use-Magma
X-MP-GENERATED-AT
X-Cache-Info
PICS-Label
X-Wix-Route-ID
X-Be
X-NODE
X-Request-Start
X-From-Cache
GeoIP-City
GeoIP-Latitude
X-SRV
GeoIP-Country-Code
X-Proxy-Server
X-RTag
X-Nananana
Ms-Operation-Id
X-Cookie
X-CACHE-KEY
Cdn-Host
Cdn-Request-Time
X-Gen-Id
X-Edge-Server
X-Gdpr
Memory
X-GDPR
GW-Server
X-Fastly-Backend-Reqs
UCS
Lb
X-HS-Status
DataCenter
Dont-Set-Cookie
X-WR-MODIFICATION
X-Load-Cache
X-Fastly-Cache-Hits
X-ServedByHost
COMMERCE-SERVER-SOFTWARE
X-User
X-FORWARDED-FOR
Pics-Label
X-PJAX-URL
Cache-Hits
Get-Access-Time
X-Optimization
Is-Session-Tracking
X-Cache-HT
X-Env
X-Swift-Error
X-Ratelimit-Remaining
Accept-Language
X-Cache-Ttl
X-B3-SpanId
Group
V-Cache
Who
X-RateLimit-Reset
X-Goog-Meta-Goog-Reserved-File-Mtime
Cf-Ipcountry
X-Li-Fabric
X-BBXSRF
X-Fe
X-Ver
X-Cache-Debug
X-Dw-Trace-Id
X-Cache-FS-Status
X-Urbn-Site-Id
X-Li-Pop
X-CDN-Pop-IP
Locale
X-CDN-Pop
X-LI-UUID
X-LI-Proto
X-Urbn-Context-Path
X-ID
Amp-Access-Control-Allow-Source-Origin
NX-Cache
X-Content-Encoded-By
X-Info
Ws
AGE-Hash
Requestid
URI
X-Bug-Bounty
X-VC
X-SB
X-Vcache
X-Path-Route
X-Ibm-Trace
X-Meta-Tbi-Cache-Vertical
X-PF-Uncompressing
Xet-Cookie
X-GZIP
X-NGINX-Cache
Serverid
X-Varnish-Info
Httpd-Identifier
X-VG-WebCache
X-Qloud-Router
SS
Fastly-Soc-X-Request-Id
N-Cache
X-Shard
CDN-Node
CDN-Cache
X-CacheKey
CDN-Cache-Hit
X-Grace-Duration
X-Litespeed-Cache-Control
SID
X-Serial
X-Flags
Https
X-RequestId
X-Providence-Cookie
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-ServerName
X-Is-Crawler
X-Akamai-ERPolicy
Powered-By
X-Cache-Handler
X-Akamai-ERRuleID
X-Route-Name