Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
Last-Modified
Accept-Ranges
Pragma
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
Expect-CT
Via
X-XSS-Protection
X-Cache
Age
Access-Control-Allow-Origin
Content-Security-Policy
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Served-By
X-Amz-Cf-Id
X-Varnish
Referrer-Policy
X-Xss-Protection
X-Timer
CF-Cache-Status
X-FRAME-OPTIONS
Access-Control-Allow-Headers
X-AspNet-Version
X-Request-Id
Access-Control-Allow-Methods
X-Runtime
X-Download-Options
Access-Control-Allow-Credentials
X-Drupal-Cache
X-Cacheable
Alt-Svc
X-Request-ID
X-Generator
Content-Security-Policy-Report-Only
X-Check
X-AspNetMvc-Version
X-Adblock-Key
Status
X-Cache-Status
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Permitted-Cross-Domain-Policies
X-Template
X-Iinfo
X-Language
Content-Encoding
X-Content-Security-Policy
X-Turbo-Charged-By
X-CDN
X-Buckets
X-Type
Keep-Alive
Xkey
X-AH-Environment
X-Cache-Group
WPE-Backend
X-Pass-Why
X-Backend
Access-Control-Max-Age
X-Age
Upgrade
CF-Ray
X-Server
X-POWERED-BY
Access-Control-Expose-Headers
EagleId
X-Via
X-Nginx-Cache-Status
X-Server-Powered-By
X-Drupal-Dynamic-Cache
X-Pingback
X-Varnish-Cache
X-Amz-Request-Id
X-Amz-Id-2
X-Hacker
Grace
X-UA-Device
X-Swift-SaveTime
X-Swift-CacheTime
X-Robots-Tag
Ali-Swift-Global-Savetime
P3p
Cf-Railgun
X-LiteSpeed-Cache
X-Proxy-Cache
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Ua-Compatible
Request-Context
Content-Location
X-Device
X-Ac
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Cnection
X-Amz-Version-Id
X-Host
X-Server-Id
X-Node
X-Cache-Lookup
Surrogate-Control
X-Backend-Server
X-Rq
X-WebKit-CSP
X-Rack-Cache
X-Response-Time
X-Readtime
X-Application-Context
EagleEye-TraceId
X-OneAgent-JS-Injection
Server-Timing
X-CST
X-Cloud-Trace-Context
Pinterest-Generated-By
X-Url
Report-To
X-TTL
Request-Id
X-Instart-Request-ID
X-ORACLE-DMS-ECID
X-Px
X-Country
X-Clacks-Overhead
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Feature-Policy
Edge-Control
X-Country-Code
Rating
Allow
X-DataDome
X-Powered-CMS
X-Vname
X-TtlSet
X-PC
X-Dns-Prefetch-Control
X-Server-Name
X-FTR-Request-ID
NEL
Charset
X-DynaTrace-JS-Agent
X-Origin-Cache
X-ESI
X-DynaTrace
X-MS-InvokeApp
X-Cached
X-Goog-Hash
X-Vhost
X-GitHub-Request-Id
X-Recruiting
X-Varnish-TTL
X-VARITI-CCR
RTSS
X-F-Cache
X-Version
Content-MD5
X-Kinja-Revision
X-Geo-Segment
X-Kinja-Build
X-GoogleNews-Bot
X-Exp-Id
X-Cdn-Fetch
X-Exp-Variant
X-Kinja
X-Kinja-Server
X-Powered-By-Plesk
Accept-CH
Public-Key-Pins
PB-RID
PB-PID
X-Mobile-Rewrite
Arc-Version
X-D2id
X-Mod-Pagespeed
MS-Author-Via
Verso
X-Client-IP
Pinterest-Version
X-Upstream-Env
X-Pinterest-Rid
X-ORACLE-DMS-RID
X-Abt-Application-Version
X-Dispatcher
SPRequestGuid
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-N
X-SharePointHealthScore
X-CF-Powered-By
X-Ruxit-JS-Agent
X-Amz-Rid
Nginx-Cache
Accept-CH-Lifetime
X-Navigation-Version
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Dw-Request-Base-Id
X-Fastly-Request-ID
X-Trace
Paypal-Debug-Id
X-Forwarded-Proto
X-T
DynaTrace
X-Varnish-Age
X-DIS-Request-ID
X-Upstream
X-Hits
X-Origin-Upstream-Status
X-Grace
AR-PoweredBy
AR-ATIME
Arr-Disable-Session-Affinity
TCN
X-Amz-Meta-S3cmd-Attrs
SPRequestDuration
SPIisLatency
X-Id
AR-CACHE
X-Shield-Request-Id
X-Pad
X-Content-Options
X-Content-Digest
Realpath
X-Cdn
X-NF-Request-ID
Access-Control-Request-Method
Mrf-Cache-Status
MRF-Tech
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
X-Kinsta-Cache
X-HW
X-IPLB-Instance
X-Acc-Meta-Resource-Type
X-FastCGI-Cache
X-Cache-Hit
X-Server-ID
X-B
X-Goog-Generation
X-Goog-Storage-Class
X-Oracle-Dms-Rid
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Logged-In
X-Vcap-Request-Id
X-Debug
X-SS-Set-Cookie
X-Wix-Server-Artifact-Id
Service-Worker-Allowed
X-Ser
Tracecode
X-MSEdge-Ref
X-XRDS-Location
S
X-Cache-Key
Server-Name
X-PressLabs-Stats
X-NewRelic-App-Data
X-FTR-Backend
X-Frontend
X-Country-Code-Real
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-Realm
X-FTR-DC
X-FTR-Cache-Status
AMP-Access-Control-Allow-Source-Origin
AR-SID
Fastly-Restarts
X-FTR-Expires
Rt-Fastcgi-Cache
X-Forwarded-For
Surrogate-Key
X-Accel-Buffering
Fastcgi-Cache
X-HeyJason
X-Do-Not-Hack
Permitted-Cross-Domain-Policies
X-Cache-Rule
Alternate-Protocol
X-Analytics
Eomportal-Instance
Backend-Timing
Cleartype
TP-L2-Cache
Host
X-HS-Content-Id
TP-Cache
X-HS-Hub-Id
Cache-Status
X-Srv
FilterID
Public-Key-Pins-Report-Only
X-Revision
X-Rid
X-XRDS-LOCATION
X-FTR-Cache-Host
X-User-Agent
X-Whom
X-Debug-Info
ServerID
X-Akam-SW-Version
Front-End-Https
X-TA-CDN-Provider
X-GUploader-UploadID
X-AOL-HN
X-Varnish-Backend
X-Mobile
Accept-Charset
X-RateLimit-Remaining
X-Cache-2
X-Via-JSL
X-Webkit-CSP
X-VCache
X-NWS-LOG-UUID
X-Request-Received
X-Request-Processing-Time
X-Iejgwucgyu
X-Zen-Fury
X-Content-Powered-By
X-Kinja-Server-Push
X-Cached-By
X-WPE-Loopback-Upstream-Addr
X-Oneagent-Js-Injection
Viewport
X-App-Environment
X-Ttl
X-Node-Name
X-Correlation-Id
X-Varnish-Hostname
X-LB-Cache
Host-Header
X-Page-Id
X-Magnolia-Registration
X-Cluster
X-Tumblr-Pixel-0
X-TT
X-Request-Guid
X-Tumblr-Pixel
X-Tumblr-User
X-Cache-Control
X-Akamai-Edgescape
X-Handled-By
X-Content-Security-Policy-Report-Only
X-BCube-Filmed-By
X-Device-Type
X-Platform-Server
X-B3-Sampled
X-FB-Debug
Upgrade-Insecure-Requests
X-B-Cache
X-Framework
X-Signature
Liferay-Portal
Cache-Tag
DC
X-Instance
X-Sol
Display
X-Middleton-Display
X-Cache-Server
X-Amzn-Trace-Id
X-Hostname
X-B3-Traceid
X-Origin-Server
MicrosoftSharePointTeamServices
Server-Node
X-TT-TIMESTAMP
X-Accel-Expires
X-Webkit-Csp
Retry-After
X-Varnish-Server
X-Fastcgi-Cache
Source
X-WA-Info
X-Contextid
X-Servedby
X-Distil-CS
Server-Info
HitType
HitInfo
X-Wix-Request-Id
X-Cache-Action
X-Esi
X-Seen-By
X-Cache-Operation
Content-Script-Type
Content-Style-Type
X-Edge-Location
User-Agent
X-GeoIP
X-Amz-Replication-Status
X-RequestSource
X-S
X-APP-VERSION
Webserver
X-WebKit-CSP-Report-Only
Actual-Object-TTL
X-Locale
SRV
X-Jobs
X-Tumblr-Pixel-1
GEO-INFO
X-Status
X-Tumblr-Pixel-2
X-FW-Serve
X-Generated-By
X-Edge-Cache-Key
X-FW-Server
X-Edge-Cache
AsisCache
X-FW-Hash
X-FW-Static
X-ATG-Version
X-Response-Served-From
X-FW-Type
X-Region
X-TX-ID
X-Adobe-Loc
X-Adobe-Content
ServedBy
X-Varnish-Hits
X-UUID
X-Drupal-Cache-Tags
Response
X-Middleton-Response
X-Port
Refresh
Healthy
X-Yottaa-Metrics
X-Cache-NE
X-Yottaa-Optimizations
X-Newrelic-App-Data
X-Hyper-Cache
X-Geo-Country
X-DataStream-Cache-Status
X-Cache-TTL-Remaining
Payment
S-Cnection
IBM-Web2-Location
X-Cache-Age
X-Content-Type
X-Varnish-Grace
X-Amz-Server-Side-Encryption
X-URL
X-Daa-Tunnel
Filters
X-Activity-Id
X-AppVersion
X-Az
Country
NGB
X-UA
Edge-Cache-Tag
Datacenter
X-HS-Cache-Config
X-Cache-Remote
X-Pc-Hit
Served-By
X-Pc-Appver
X-Pc-Key
X-Cache-TTL
X-Cacheable-TTL
X-CDN-Forward
X-Varnish-IP
X-Sucuri-ID
X-Proxied
X-App-Server
HostName
X-HS-Combine-CSS
X-Vg-Webcache
Powered-By-ChinaCache
X-Akamai-Transformed
X-Mode
Machine
X-Is-Bot
X-Rendered-As
X-Rule
Meta-Geo
Load-Balancing
X-Mrs-Cache-Hits
X-RemovedCookies
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Mshield-Cache-Status
X-Mrs-Cache
X-Mrs-Age
X-RN-RSRV
X-Cache-Var-Map
X-Cache-Var
X-ProcessESI
X-Detected-As
Pagespeed
X-FC-Vary-Parameters
X-Cache-Category-Id
X-Proxy
X-Hosted-By
TWC-GeoIP-Country
TWC-Device-Class
TWC-Connection-Speed
Mn-Server-Ip
Webcakes-App-Version
X-Rocket-Nginx-Bypass
Webcakes-Region
X-Tb
OT-Force-Account-Verify
Property-Id
X-Grey
X-Human
X-Varnish-Cacheable
Cache-Name
TWC-Privacy
DB-Nickname
User-Cache-Control
Webcakes-App-Name
X-PCL
Backend
X-Amz-Meta-Surrogate-Control
X-Origin
X-Origin-Hint
TWC-GeoIP-LatLong
X-Varnish-Cache-Hits
X-OCL
TWC-Locale-Group
Access-Control-Allow-Method
X-BYPASS-REASON
Azure-SiteName
Azure-InstanceId
Azure-SlotName
Azure-RegionName
X-Hit
X-Loop
X-Site-Version
X-TNCMS
X-Upgrade-Enabled
X-Zipkin-Id
X-ProxyCache-Key
X-ServerID
X-Debug-Cache
X-Section
X-Access
X-OVcl-Cache
X-OVcl
X-JoinUs
X-Format
ServerName
S-Rt
X-Routing-Service
X-NodeID
X-ProxyCache-Status
X-CDN-Cache
X-Original-Request
X-Generated
Azure-Version
X-NGENIX-Cache
X-LJ-Flow-ID
Now
X-L-Path
X-PERF
X-Agile-Id
Fastcgi-Useragent
Fastcgi-X-Cache
Fastcgi-X-Cache-Version
X-IP
X-Environment-Context
X-App-Name
X-ApacheServer
X-Agile
X-Agile-Age
X-AWS-Id
X-BB-IP
Selected-FE
X-EIG-Tracking-Id
X-Cache-Config
X-Proxy-Build
L5d-Success-Class
X-Viewer-Country
Access-Control-Request-Headers
X-VWS-Id
X-Pubstack
X-Via-Fastly
X-Www-Served-By
X-TWH-CORRELATION-ID
X-SplitTest
X-Timing-Wait
Cache-Key
X-Source
X-Drupal-Cache-Contexts
X-CCM
X-Upstream-HT
X-Origin-CC
X-Upstream-CT
X-Ocache
X-Correlation-ID
From-Origin
X-Xfnlog-Site
X-HOST
X-Nginx-Cache
X-Unique-ID
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Backend-Name
X-Akamai-Request-ID
LB
X-Forwarded-Host
X-RateLimit-Limit
AR-Request-ID
X-Storage
Fastly-SSL
Cache
X-Litespeed-Cache
X-Pc-Date
X-Pc-Host
NtCoent-Length
X-Vgn-Hpd-Reason
X-Ms-Version
X-Ms-Request-Id
X-Ms-Lease-Status
X-Ms-Blob-Type
X-Feature
X-Birta-Served
X-Birta-Cache-Post
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-Labrador-Cache-Channel
X-Qnm-Cache
X-M-Log
X-Time-Microsecs
X-App-Version
ViewerVersion
X-NCache
X-M-Reqid
X-Internal-Host
X-Real-IP
X-VG-TLSProxy
X-Release
CACHE
X-Distributor
X-Microcachable
Time
X-Ruxit-Js-Agent
X-Real-Ip
X-EdgeConnect-Cache-Status
X-Cluster-Node
X-NC
X-B3-Spanid
X-Powered-By-ANYU
WZWS-RAY
Ar-Sid
X-Twitter-Response-Tags
X-Sucuri-Cache
X-Cache-Enabled
X-Cache-Backend
X-Transaction
X-Request-Time
X-Connection-Hash
X-Accel-Expires-Debug
X-Destination
Ec-Rule-Version
X-Date
X-Developer
X-Logtrace-Id
X-CF-Lambda-Version
Meta-Geo-Continent
Xc-Version
X-Died
X-D
Mobile-Detection-Method
X-A-Dgt
X-No-Session
X-WebServer
Fly-Cache
Cneonction
X-CUA
X-CF-Lambda-Fn
X-A-Wwc
X-Dispatcher-Server
X-Server-Time
X-IN-SSL-APIGATEWAY
Ajk
AKAMAI
X-Application
Fly-Request-Id
X-BB-ID
X-Generation-Time
X-Generated-In
MD5-Digest
X-IN-APIGATEWAY
X-IN-WAF
X-G
X-ARC
X-B-Cookie
X-Cache-Bucket
X-DPWN-IS-SECURE
X-From
Cache-Prefix
IsBot
Arc-Country
BehaviorPad-Version
X-Org
X-NU-AKA-ACS-Version
Rendered-Blocks
Viewtype
V-Age
X-Trv-Group
X-UE-Client-Country
VivaBuild
X-A
Www
X-Redis-Cache
X-Region-Sid
REQUESTUUID
X-Rewrite-Enabled
T-Server
X-Server-By
X-UA-Device-Type
Server-Int
X-SIPLIST1
X-ScT
X-Rojux
X-S-Cookie
X-SRCache-Key
X-PAYTM-SRV-ID
X-Request-UUID
X-A-Dcw
X-A-Dam
X-VG-WebServer
X-Via-CDN
X-Via-SSL
X-Via-Edge
X-A-Ccd
NGX
X-SERVER-NAME
X-Guploader-Uploadid
X-FireWall-Port
Frame-Options
Pagetype
Xserver
X-External-Request-Id
X-Node-Id
X-Phone
X-F5-Cache
X-Layer
X-Wikidot-Static-Cache
Backend-Name
X-Store
XServer
X-Fastly-Cache
X-Wikidot-Backend
SN
X-Block-Status
X-C
X-Origin-TTL
X-Cache-CFC
GMS-Ver
X-We-Are-Hiring
X-CS
X-Gen-Mode
X-VServer
X-Web-Node
X-Crawler
X-S-Maxage
Origin-Edge-Control
X-Shopify-Stage
X-ShopId
X-Sorting-Hat-PodId
Origin-Cache-Control
Web-Mar-Node
Powered
X-ShardId
Pragrma
X-RateLimit-Remaining-Second
X-UnsetCookies
X-Irp-Debug
X-RateLimit-Limit-Second
X-Alternate-Cache-Key
X-Sorting-Hat-ShopId
Server-Host
X-Hash
X-VCT
Magicmarker
Release
X-GeoIP-City
X-Amz-Meta-Cache-Control
NodeID
X-Hnp-Log
X-Varnish-Action
X-Policy
X-Instance-Name
X-GZip
X-Varnish-Beresp-Ttl
X-Webstats-RespID
X-Actual-URL
X-Cache-Expires
Thinkindot-CacheControl
X-Backend-Host
Uber-Trace-Id
Thinkindot-CacheControl-Type
X-Backend-State
X-Backend-TTL
X-Cache-Srv
X-Backend-Url
X-Key
X-Up
X-Reboot
X-Request-URI
X-Response-By
X-RCS-CacheZone
X-Var-Ttl
X-Passed-To-DLL
X-Variation
X-Passed-To-PostProcessResponse
X-Platform
X-Returned-From
X-Tumblr-Pixel-3
X-Stale
X-Secret
X-Server-IP
X-Sf
X-Swa-Ws
X-Returned-From-PostProcessResponse
X-Returned-From-BeforeDispatch
X-TT-LOGID
X-Returned-From-DLL
X-Thinkindot-L3
X-Passed-To-BeforeDispatch
X-Passed-To
X-Developers
X-Epic-Correlation-Id
X-Eu-Site
X-Fetched-On
X-Croise-Owner
X-Core-Value
X-Cdn-Srv
X-CGP
X-Clientip
X-Core-Mission
X-FW-Version
X-Gannett-Site-Version
X-MSEdge-Features
X-MSEdge-Flight
X-Nginx-Cache-Key
X-Owner
X-MI-In-Market
X-Matched-Rule
X-GeoIP-Country-Code
X-Hl-Ver
X-HTML-Minification-Powered-By
X-Location
X-Cache-URL
Thinkindot-Control
MI-API
HA-Cloudapp
HA-Geocity
Kp-EeAlive
MI-Cache
MI-Cache-Age
Countrycode
Odigeo-Trace-Id
Esi-Enabled
HA-Geocountry
Is-Eu
HA-Servedtime
Ha-Gx-Prefs
HA-Ipaddr
HA-Urlpath
Heartbleed
HA-Geolat
HA-Geolon
HA-Georegion
Origin
Country-Code
X-ElasticPress-Search
Request-EU
HA-Host
ProcessTime
X-Amz-Cf-Pop
Section-Io-Cache
X-Ezoic-Cdn
Request-Country
Adler-Geo
Apple-News-Services-Request-Url
CDCHOST
Proxy-Connection
Apple-News-Services-Parsed-Url
Apple-News-Services-Handled
Platform
Apple-News-Services-Host
X-Endurance-Cache-Level
X-NWS-UUID-VERIFY
X-V
X-B3-TraceId
X-CACHE-AGE
Decoy-Debug-Status
X-Device-Os
Decoy-Debug-Key
Decoy-Debug-TTL
X-Servername
X-ServiceProvider
X-Debug-Cookies
X-Debug-Log
On-Server
RNT-Time
Cache-Tags
X-NX-Host
X-Fstrz
Resin-Trace
Content-Disposition
Server-ID
RNT-Machine
True-Client-Country-4JS
Fastly-Backend-Name
X-Ckpd-Fst-Backend
X-Newrelic-Synthetics
HTTPS
X-Cdn-Origin
X-Cache-Host
X-Content-Age
X-Worker
X-Trace-Id
X-Sn-Servicetimems
PageSpeed
X-COUNTRY
MIME-Version
X-TIME
X-Dc
Cache-Cookie-Set-From
Fastly-SIE
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
Host-ID
Warning
Fastly-SWR
X-Skip-Cache
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Nc
X-Surge-Debug
X-Alicdn-Da-Ups-Status
X-Pf-Uncompressing
RequestId
Cteonnt-Length
X-PHP-Backend
X-Csrf-Token
X-Req
X-Ua
PFcat
Sid
Request-Time
X-Proto
Mail-Subject
X-Refresh
We-Hiring
X-Aed
X-GEO
X-Dynatrace-Js-Agent
Pramga
CF-IPCountry
X-Edge-IP
X-Ratelimit-Limit
X-Pjax-Url
TSSecure
X-Planisys-CDN-TTL
X-Planisys-CDN-Cache
X-Servedbyhost
X-Planisys-CDN-Rules
WP-Super-Cache
X-Ms-Lease-State
X-Oss-Storage-Class
X-Oss-Hash-Crc64ecma
X-Geo
X-Oss-Server-Time
X-Oss-Request-Id
X-Varnish-Ttl
X-Oss-Object-Type
X-Flog
X-Hello
X-ABtesting
X-Server-W
Geoip-Latitude
GeoIp-Country-Code
X-Page-Type
CDN
X-Atg-Version
X-CSRF-Token
X-DC
X-CLOUD-TRACE-CONTEXT
X-Cdn-Forward
X-Varnish-Url
X-Cache-ASPX
X-Time
Dnion-Transfer-Encoding
Cdn
Lfy
X-GoCache-CacheStatus
X-Varnish-Beresp-TTL
X-Auto-Login
Mime-Version
X-Oracle-Dms-Ecid
FSS-Cache
X-Unique-Id
X-DataStream-MidMile-RTT
X-Aicache-OS
X-DataStream-Origin-MEX-Latency
FSS-Proxy
X-Akamai-Request-ID2
MS-CV
X-WA
A
NnCoection
X-Origin-Date
X-Datadome
Rt-Proxy-Cache
X-Origin-Expires
NODE
X-GRACE
Hostname
PageType
X-Varnish-HitMiss
X-Via-NSCOPI
X-Cache-Control-Set-By
X-EC-Security-Audit
X-HCF
X-Sentry-ID
X-Check-Cacheable
SD-X-WS
X-Thanos
Node
X-Cache-Id
Memcached
X-Served-From
X-Bip
X-MP-GENERATED-AT
X-Wa
X-UPSTREAM-Address
X-Be
X-APP
WWW-Authenticate
X-Cache-Info
X-Server-Group
X-Use-Magma
Geoip-City
X-Proxy-Server
X-Request-Start
X-Nananana
X-NODE
Memory
X-Wix-Route-ID
X-SRV
X-PAGE-TYPE
PICS-Label
X-Ratelimit-Remaining
GeoIP-Latitude
GeoIP-City
GeoIP-Country-Code
X-Varnish-URL
DataCenter
Processtime
X-Fastly-Cache-Hits
X-CACHE-KEY
GW-Server
UCS
X-Cookie
Ms-Operation-Id
X-From-Cache
X-RTag
X-GDPR
X-Gen-Id
X-Edge-Server
Cdn-Host
X-User
X-ServedByHost
X-Gdpr
Cdn-Request-Time
X-WR-MODIFICATION
X-Load-Cache
Cache-Hits
X-PJAX-URL
X-FORWARDED-FOR
X-Fastly-Backend-Reqs
X-HS-Status
COMMERCE-SERVER-SOFTWARE
Cf-Ipcountry
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Vcache
Accept-Language
Pics-Label
Lb
Dont-Set-Cookie
X-Swift-Error
X-Urbn-Context-Path
X-Env
V-Cache
Locale
X-Cache-HT
X-Urbn-Site-Id
Is-Session-Tracking
X-Cache-Ttl
X-RateLimit-Reset
X-Optimization
Group
X-LI-UUID
X-Li-Fabric
X-Cache-Debug
X-Li-Pop
X-LI-Proto
Get-Access-Time
X-BBXSRF
X-B3-SpanId
X-Path-Route
X-Dw-Trace-Id
X-Info
X-VG-WebCache
X-CDN-Pop
Who
X-CDN-Pop-IP
X-Fe
X-ID
Amp-Access-Control-Allow-Source-Origin
X-Qloud-Router
AGE-Hash
X-Content-Encoded-By
NX-Cache
Fastly-Soc-X-Request-Id
SS
X-GZIP
URI
X-Cache-FS-Status
X-PF-Uncompressing
X-Bug-Bounty
Xet-Cookie
X-Ver
Requestid
X-NGINX-Cache
Serverid
X-P-T
CDN-Cache-Hit
CDN-Cache
X-CacheKey
X-Akamai-SSL-Client-Sid
X-Meta-Tbi-Cache-Vertical
X-VC
Ws
N-Cache
CDN-Node
X-Varnish-Info
X-Ibm-Trace
X-SB
SID
Httpd-Identifier
X-Serial
X-SN
X-Grace-Duration
X-Akamai-ERRuleID
Https
X-Akamai-ERPolicy
X-Litespeed-Cache-Control
X-Is-Crawler
X-Flags
X-Providence-Cookie
X-Shard
X-Route-Name
X-RequestId
X-ServerName