Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
Last-Modified
Accept-Ranges
Pragma
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
Expect-CT
Via
X-XSS-Protection
X-Cache
Age
Access-Control-Allow-Origin
Content-Security-Policy
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Served-By
X-Amz-Cf-Id
X-Varnish
Referrer-Policy
X-Xss-Protection
X-Timer
CF-Cache-Status
X-FRAME-OPTIONS
Access-Control-Allow-Headers
X-AspNet-Version
Access-Control-Allow-Methods
X-Request-Id
X-Runtime
X-Download-Options
Access-Control-Allow-Credentials
X-Drupal-Cache
X-Request-ID
X-Cacheable
Alt-Svc
X-Generator
Content-Security-Policy-Report-Only
X-Check
X-AspNetMvc-Version
Status
X-Adblock-Key
X-Cache-Status
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Permitted-Cross-Domain-Policies
X-Template
X-Iinfo
X-Language
Content-Encoding
X-Content-Security-Policy
X-Turbo-Charged-By
X-CDN
X-Type
X-Buckets
Keep-Alive
Xkey
X-AH-Environment
X-Cache-Group
X-Backend
WPE-Backend
X-Pass-Why
Access-Control-Max-Age
X-Age
P3p
Upgrade
CF-Ray
X-Server
X-POWERED-BY
EagleId
Access-Control-Expose-Headers
X-Via
X-Nginx-Cache-Status
X-Server-Powered-By
X-Drupal-Dynamic-Cache
X-Pingback
X-Varnish-Cache
X-Amz-Request-Id
X-Amz-Id-2
X-Hacker
Grace
X-UA-Device
X-Swift-CacheTime
X-Swift-SaveTime
X-Robots-Tag
Ali-Swift-Global-Savetime
Cf-Railgun
X-LiteSpeed-Cache
X-Proxy-Cache
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Ua-Compatible
Request-Context
X-Device
Content-Location
X-Ac
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Cnection
X-Amz-Version-Id
X-Node
X-Host
X-Server-Id
X-Cache-Lookup
Surrogate-Control
X-WebKit-CSP
X-Backend-Server
X-Rq
X-Rack-Cache
X-Response-Time
X-Readtime
X-Application-Context
EagleEye-TraceId
X-CST
Server-Timing
X-Url
X-OneAgent-JS-Injection
X-Cloud-Trace-Context
Pinterest-Generated-By
Report-To
Request-Id
X-Instart-Request-ID
X-TTL
X-Country
X-ORACLE-DMS-ECID
X-Px
X-Clacks-Overhead
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Feature-Policy
Edge-Control
X-Country-Code
Rating
Allow
X-DataDome
X-ESI
X-DynaTrace-JS-Agent
X-PC
X-TtlSet
X-Vname
X-Dns-Prefetch-Control
X-Powered-CMS
Charset
X-FTR-Request-ID
X-Server-Name
X-Origin-Cache
X-DynaTrace
NEL
X-MS-InvokeApp
X-Cached
X-Goog-Hash
X-Vhost
X-Recruiting
X-GitHub-Request-Id
X-VARITI-CCR
X-Varnish-TTL
RTSS
Content-MD5
X-F-Cache
X-Version
X-Kinja-Build
X-Kinja-Revision
X-Kinja-Server
X-Kinja
X-Cdn-Fetch
X-GoogleNews-Bot
X-Exp-Variant
X-Exp-Id
X-Geo-Segment
X-Powered-By-Plesk
Accept-CH
Public-Key-Pins
PB-RID
PB-PID
X-Mobile-Rewrite
Arc-Version
X-D2id
X-Mod-Pagespeed
MS-Author-Via
X-Client-IP
X-Pinterest-Rid
Pinterest-Version
Verso
X-Upstream-Env
X-ORACLE-DMS-RID
X-Abt-Application-Version
SPRequestGuid
X-Dispatcher
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-N
X-SharePointHealthScore
X-CF-Powered-By
X-Amz-Rid
Nginx-Cache
Accept-CH-Lifetime
X-Navigation-Version
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Dw-Request-Base-Id
X-Ruxit-JS-Agent
X-Fastly-Request-ID
X-Trace
Paypal-Debug-Id
X-T
DynaTrace
AR-ATIME
AR-PoweredBy
X-Forwarded-Proto
X-Grace
X-Varnish-Age
X-Origin-Upstream-Status
X-Upstream
AR-CACHE
X-Hits
X-DIS-Request-ID
TCN
Arr-Disable-Session-Affinity
X-Amz-Meta-S3cmd-Attrs
SPRequestDuration
SPIisLatency
X-Pad
X-Id
X-Shield-Request-Id
X-Content-Options
X-Content-Digest
Realpath
X-NF-Request-ID
X-Cdn
Mrf-Cache-Status
MRF-Tech
Access-Control-Request-Method
X-Mrf-Section-Lastmod
X-Kinsta-Cache
X-IPLB-Instance
X-Mrf-Item-Lastmod
X-Cache-Hit
X-Acc-Meta-Resource-Type
X-HW
X-B
X-Logged-In
X-Oracle-Dms-Rid
X-Server-ID
X-Vcap-Request-Id
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-SS-Set-Cookie
X-FastCGI-Cache
X-NewRelic-App-Data
X-Debug
X-Wix-Server-Artifact-Id
Service-Worker-Allowed
X-Ser
S
X-Cache-Key
X-HeyJason
X-MSEdge-Ref
AR-SID
Permitted-Cross-Domain-Policies
X-Do-Not-Hack
Tracecode
Server-Name
X-PressLabs-Stats
X-Frontend
X-FTR-Realm
X-Country-Code-Real
X-FTR-Balancer
X-FTR-Backend
X-FTR-Backend-Server
X-FTR-DC
X-FTR-Cache-Status
AMP-Access-Control-Allow-Source-Origin
X-FTR-Expires
X-XRDS-Location
Fastly-Restarts
Rt-Fastcgi-Cache
X-Forwarded-For
Fastcgi-Cache
Surrogate-Key
X-XRDS-LOCATION
Alternate-Protocol
X-Accel-Buffering
X-Cache-Rule
Eomportal-Instance
Cache-Status
Cleartype
Backend-Timing
X-Analytics
X-Srv
X-HS-Hub-Id
X-HS-Content-Id
Host
TP-Cache
TP-L2-Cache
X-Rid
Public-Key-Pins-Report-Only
X-Revision
X-FTR-Cache-Host
FilterID
X-Whom
X-Debug-Info
X-Oneagent-Js-Injection
X-User-Agent
X-Akam-SW-Version
ServerID
X-RateLimit-Remaining
X-TA-CDN-Provider
Front-End-Https
X-GUploader-UploadID
X-Varnish-Backend
X-Ttl
X-AOL-HN
X-Cache-2
X-Mobile
Accept-Charset
X-Via-JSL
X-NWS-LOG-UUID
X-VCache
X-Webkit-CSP
X-Request-Processing-Time
X-Content-Powered-By
X-Request-Received
X-Zen-Fury
X-Kinja-Server-Push
X-Cached-By
X-Correlation-Id
X-WPE-Loopback-Upstream-Addr
Viewport
X-Node-Name
X-App-Environment
X-LB-Cache
Host-Header
X-Page-Id
X-Cluster
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Tumblr-User
X-Varnish-Hostname
X-Magnolia-Registration
X-Handled-By
X-Device-Type
X-Cache-Control
X-Signature
X-Akamai-Edgescape
X-BCube-Filmed-By
X-Content-Security-Policy-Report-Only
X-FB-Debug
Liferay-Portal
X-B3-Sampled
X-B-Cache
X-Request-Guid
X-Platform-Server
X-Framework
X-TT
X-Instance
DC
Cache-Tag
Upgrade-Insecure-Requests
X-Iejgwucgyu
X-B3-Traceid
X-Cache-Server
X-Hostname
X-Fastcgi-Cache
X-Sol
X-Origin-Server
Display
X-Middleton-Display
X-Amzn-Trace-Id
MicrosoftSharePointTeamServices
Server-Node
X-TT-TIMESTAMP
Retry-After
Source
X-Accel-Expires
X-Varnish-Server
X-WA-Info
X-Servedby
X-Contextid
X-Distil-CS
Server-Info
HitInfo
HitType
X-APP-VERSION
X-Cache-Operation
X-Cache-Action
X-Wix-Request-Id
X-Seen-By
Content-Script-Type
X-Amz-Replication-Status
Content-Style-Type
User-Agent
Webserver
X-GeoIP
X-Tumblr-Pixel-1
X-S
X-Tumblr-Pixel-2
X-RequestSource
GEO-INFO
Actual-Object-TTL
X-Edge-Location
X-WebKit-CSP-Report-Only
X-Locale
X-Jobs
X-Port
X-Response-Served-From
AsisCache
X-Generated-By
X-Region
X-Status
SRV
X-FW-Static
X-Varnish-Hits
X-FW-Hash
X-Edge-Cache
X-FW-Type
X-FW-Serve
X-Edge-Cache-Key
X-FW-Server
X-UUID
X-TX-ID
X-ATG-Version
ServedBy
X-Drupal-Cache-Tags
Healthy
Refresh
X-Hyper-Cache
X-Geo-Country
X-Yottaa-Metrics
X-Adobe-Loc
X-Yottaa-Optimizations
X-Adobe-Content
X-Middleton-Response
Response
X-Cache-NE
X-DataStream-Cache-Status
X-Cache-Age
X-Daa-Tunnel
X-Cache-TTL-Remaining
S-Cnection
Payment
X-Varnish-Grace
X-Esi
IBM-Web2-Location
X-Amz-Server-Side-Encryption
Filters
X-Content-Type
Datacenter
X-Az
X-Activity-Id
NGB
X-AppVersion
X-Newrelic-App-Data
X-UA
X-Cache-Remote
X-Pc-Appver
X-Pc-Key
X-Pc-Hit
X-Webkit-Csp
Country
X-Cacheable-TTL
Edge-Cache-Tag
X-Cache-TTL
Served-By
X-Proxied
X-HS-Cache-Config
X-CDN-Forward
X-App-Server
X-Vg-Webcache
X-Varnish-IP
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Sucuri-ID
X-Mode
X-HS-Combine-CSS
X-Is-Bot
Meta-Geo
X-ProcessESI
Machine
X-RN-RSRV
X-Akamai-Transformed
X-Rule
X-Detected-As
X-Rendered-As
X-RemovedCookies
X-Cache-Var-Map
X-Cache-Var
X-Rocket-Nginx-Bypass
HostName
Pagespeed
Powered-By-ChinaCache
X-FC-Vary-Parameters
X-Proxy
X-Mshield-Cache-Status
X-Mrs-Cache-Hits
X-Mrs-Cache
X-Mrs-Age
TWC-Connection-Speed
X-Varnish-Cacheable
X-ProxyCache-Status
X-Cache-Category-Id
X-BYPASS-REASON
X-Amz-Meta-Surrogate-Control
X-ProxyCache-Key
X-PCL
X-Hosted-By
X-Grey
X-Human
X-OCL
X-Origin-Hint
Webcakes-Region
Webcakes-App-Version
Property-Id
TWC-Device-Class
DB-Nickname
Cache-Name
Access-Control-Allow-Method
TWC-GeoIP-Country
TWC-GeoIP-LatLong
Webcakes-App-Name
User-Cache-Control
TWC-Privacy
TWC-Locale-Group
X-Varnish-Cache-Hits
Backend
X-Origin
X-Original-Request
L5d-Success-Class
Load-Balancing
X-NodeID
X-OVcl
X-Routing-Service
X-Tb
X-Site-Version
X-ServerID
X-Section
Mn-Server-Ip
X-Loop
X-Access
X-BB-IP
X-Debug-Cache
X-CDN-Cache
X-EIG-Tracking-Id
X-Format
Now
X-JoinUs
S-Rt
X-Generated
X-TNCMS
X-OVcl-Cache
X-Zipkin-Id
OT-Force-Account-Verify
X-Upgrade-Enabled
Azure-Version
X-Cache-Config
Azure-SlotName
Azure-RegionName
ServerName
Azure-InstanceId
Azure-SiteName
X-Www-Served-By
Fastcgi-X-Cache
Fastcgi-X-Cache-Version
X-NGENIX-Cache
Fastcgi-Useragent
X-LJ-Flow-ID
Access-Control-Request-Headers
X-L-Path
Selected-FE
X-Proxy-Build
X-Agile-Id
X-Agile-Age
X-SplitTest
X-AWS-Id
X-Timing-Wait
X-Agile
X-Via-Fastly
X-Hit
X-IP
X-Pubstack
X-VWS-Id
X-Viewer-Country
X-Environment-Context
X-CCM
X-ApacheServer
X-RateLimit-Limit
X-Ocache
X-Origin-CC
Cache-Key
X-PERF
X-Drupal-Cache-Contexts
X-HOST
X-TWH-CORRELATION-ID
X-Upstream-CT
X-Backend-Name
X-Xfnlog-Site
X-Source
X-Upstream-HT
X-Nginx-Cache
X-App-Name
X-URL
X-Unique-ID
From-Origin
AR-Request-ID
X-Amzn-RequestId
Cache
X-Amz-Apigw-Id
X-Pc-Host
X-Pc-Date
X-Akamai-Request-ID
X-Storage
X-Vgn-Hpd-Reason
X-Correlation-ID
X-Forwarded-Host
X-Litespeed-Cache
X-Ruxit-Js-Agent
X-Real-IP
LB
Fastly-SSL
NtCoent-Length
X-Time-Microsecs
X-Ms-Blob-Type
X-Feature
X-Ms-Lease-Status
X-Ms-Request-Id
X-Ms-Version
X-NCache
X-Birta-Served
X-Birta-Cache-Post
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-Internal-Host
X-Labrador-Cache-Channel
X-M-Log
X-Release
X-M-Reqid
X-Qnm-Cache
X-VG-TLSProxy
X-Microcachable
X-Distributor
X-EdgeConnect-Cache-Status
ViewerVersion
X-UA-Device-Type
Time
X-App-Version
X-NC
X-B3-Spanid
X-Transaction
X-Cluster-Node
X-Twitter-Response-Tags
WZWS-RAY
X-Powered-By-ANYU
X-Connection-Hash
CACHE
X-Cache-Backend
MD5-Digest
Ec-Rule-Version
X-D
X-CUA
Meta-Geo-Continent
Xc-Version
X-CF-Lambda-Version
Mobile-Detection-Method
Cneonction
X-Destination
X-Via-CDN
X-VG-WebServer
X-Developer
Fly-Request-Id
X-Via-Edge
X-Via-SSL
X-CF-Lambda-Fn
X-IN-SSL-APIGATEWAY
Fly-Cache
X-Date
X-Cache-Bucket
X-Request-Time
X-A-Dgt
X-A-Wwc
Viewtype
X-Cache-Enabled
VivaBuild
X-A-Dam
X-A-Dcw
X-A
X-Accel-Expires-Debug
X-Application
BehaviorPad-Version
X-B-Cookie
X-BB-ID
Cache-Prefix
Arc-Country
X-ARC
V-Age
AKAMAI
Rendered-Blocks
X-A-Ccd
X-WebServer
X-Request-UUID
X-G
X-Region-Sid
X-Irp-Debug
X-Rojux
X-DPWN-IS-SECURE
X-IN-WAF
X-Redis-Cache
Frame-Options
X-Org
X-NU-AKA-ACS-Version
X-Generation-Time
Ar-Sid
X-PAYTM-SRV-ID
X-Generated-In
X-No-Session
X-S-Cookie
X-Rewrite-Enabled
X-Died
X-Trv-Group
X-Dispatcher-Server
X-Real-Ip
X-UE-Client-Country
X-Server-Time
X-Server-By
X-ScT
X-IN-APIGATEWAY
X-SERVER-NAME
X-NWS-UUID-VERIFY
Pagetype
Xserver
X-C
XServer
X-Sucuri-Cache
X-FireWall-Port
X-Logtrace-Id
Powered
HA-Geocountry
Release
SN
HA-Cloudapp
X-Hash
Server-Int
HA-Geocity
Pragrma
HA-Geolon
HA-Servedtime
HA-Urlpath
HA-Ipaddr
HA-Host
Ha-Gx-Prefs
HA-Georegion
IsBot
T-Server
Origin-Cache-Control
Origin-Edge-Control
HA-Geolat
NGX
X-Key
X-Layer
X-Hnp-Log
X-RateLimit-Limit-Second
X-CGP
X-Crawler
X-CS
X-Eu-Site
X-Wikidot-Backend
X-External-Request-Id
X-Wikidot-Static-Cache
X-S-Maxage
X-SIPLIST1
X-VCT
X-Varnish-Action
X-Store
X-SRCache-Key
X-We-Are-Hiring
X-VServer
X-F5-Cache
REQUESTUUID
X-Owner
GMS-Ver
X-Origin-TTL
Www
X-Node-Id
Web-Mar-Node
X-Platform
X-Policy
X-From
X-Block-Status
X-Gen-Mode
X-RateLimit-Remaining-Second
X-UnsetCookies
X-Amz-Meta-Cache-Control
X-GeoIP-City
Server-Host
X-GZip
X-Instance-Name
Ajk
Backend-Name
Country-Code
X-Alternate-Cache-Key
X-Webstats-RespID
X-ShardId
X-Sorting-Hat-PodId
X-Shopify-Stage
X-Sorting-Hat-ShopId
X-ShopId
ProcessTime
X-Debug-Cookies
X-Debug-Log
X-Developers
X-Core-Value
X-Fastly-Cache
X-Epic-Correlation-Id
X-V
X-Cache-Srv
X-Backend-TTL
X-Backend-State
X-Backend-Host
X-Actual-URL
X-Backend-Url
X-Cache-CFC
X-Cdn-Srv
X-Cache-URL
X-Fetched-On
X-Clientip
X-GeoIP-Country-Code
X-Returned-From-PostProcessResponse
X-Dc
X-Returned-From-DLL
X-Returned-From-BeforeDispatch
X-Response-By
X-Returned-From
X-Server-IP
X-Sf
X-Variation
X-Web-Node
X-Var-Ttl
X-Tumblr-Pixel-3
X-Stale
X-Request-URI
X-Reboot
X-Guploader-Uploadid
X-Location
X-HTML-Minification-Powered-By
X-Hl-Ver
Uber-Trace-Id
X-MI-In-Market
X-NX-Host
X-Phone
X-RCS-CacheZone
X-Passed-To-DLL
X-Passed-To-BeforeDispatch
X-Passed-To
X-FW-Version
X-Passed-To-PostProcessResponse
Is-Eu
Platform
Apple-News-Services-Handled
Apple-News-Services-Host
Kp-EeAlive
Apple-News-Services-Parsed-Url
Proxy-Connection
Esi-Enabled
Magicmarker
Apple-News-Services-Request-Url
MI-API
Adler-Geo
Request-EU
Heartbleed
CDCHOST
Odigeo-Trace-Id
NodeID
MI-Cache
Countrycode
MI-Cache-Age
Request-Country
X-Ckpd-Fst-Backend
X-Core-Mission
X-Cdn-Origin
X-Content-Age
X-Nginx-Cache-Key
X-ElasticPress-Search
X-Gannett-Site-Version
On-Server
Cache-Tags
Origin
X-Device-Os
X-Matched-Rule
Content-Disposition
X-Cache-Host
X-MSEdge-Flight
X-MSEdge-Features
X-Croise-Owner
X-Cache-Expires
X-Swa-Ws
Thinkindot-CacheControl
Server-ID
X-Sn-Servicetimems
X-ServiceProvider
Fastly-Backend-Name
X-Thinkindot-L3
X-Trace-Id
Thinkindot-CacheControl-Type
True-Client-Country-4JS
X-Worker
X-Up
X-TT-LOGID
X-Endurance-Cache-Level
X-Servername
Section-Io-Cache
Decoy-Debug-Key
Decoy-Debug-Status
Host-ID
X-PHP-Backend
HTTPS
RNT-Machine
Thinkindot-Control
RNT-Time
X-Secret
Decoy-Debug-TTL
MIME-Version
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-Fstrz
Fastly-SWR
X-TIME
X-Ezoic-Cdn
Fastly-SIE
X-Skip-Cache
Warning
Resin-Trace
X-Alicdn-Da-Ups-Status
X-Varnish-Beresp-Ttl
X-Nc
X-Pf-Uncompressing
Cache-Cookie-Set-From
X-Newrelic-Synthetics
Cache-Cookie-Set-Idcheck
RequestId
PFcat
Request-Time
Sid
X-CACHE-AGE
Cache-Cookie-Set-Lfrom
Cteonnt-Length
X-B3-TraceId
PageSpeed
X-Ua
X-Proto
X-Surge-Debug
X-Req
X-Refresh
X-Csrf-Token
We-Hiring
Mail-Subject
X-Pjax-Url
CF-IPCountry
X-Aed
X-GEO
WP-Super-Cache
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-Planisys-CDN-TTL
X-CSRF-Token
X-Oss-Storage-Class
X-Oss-Server-Time
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-Oss-Request-Id
Pramga
X-Varnish-Beresp-TTL
X-Servedbyhost
X-Edge-IP
TSSecure
X-Varnish-Ttl
CDN
X-Cache-ASPX
X-Ms-Lease-State
GeoIp-Country-Code
Geoip-Latitude
X-Geo
X-Amz-Cf-Pop
Dnion-Transfer-Encoding
X-Atg-Version
X-CLOUD-TRACE-CONTEXT
X-Flog
X-ABtesting
X-COUNTRY
X-Time
X-GoCache-CacheStatus
X-Hello
Cdn
X-Server-W
X-Varnish-Url
X-Page-Type
X-Aicache-OS
Mime-Version
X-DC
X-Oracle-Dms-Ecid
X-DataStream-MidMile-RTT
Lfy
X-Auto-Login
Hostname
X-DataStream-Origin-MEX-Latency
X-WA
NODE
NnCoection
MS-CV
X-Unique-Id
X-Cdn-Forward
X-Ratelimit-Limit
FSS-Cache
X-Origin-Expires
FSS-Proxy
A
X-Origin-Date
X-Akamai-Request-ID2
X-Dynatrace-Js-Agent
X-GRACE
X-Cache-Control-Set-By
X-Datadome
X-Varnish-HitMiss
X-HCF
PageType
X-Sentry-ID
X-Via-NSCOPI
Rt-Proxy-Cache
SD-X-WS
X-Server-Group
X-Check-Cacheable
X-APP
WWW-Authenticate
X-EC-Security-Audit
Node
Geoip-City
X-Bip
X-Served-From
X-Thanos
Memcached
X-UPSTREAM-Address
X-Wa
X-Cache-Id
X-MP-GENERATED-AT
X-Use-Magma
X-Be
X-Wix-Route-ID
X-Cache-Info
PICS-Label
X-Varnish-URL
Processtime
X-PAGE-TYPE
X-NODE
GeoIP-Country-Code
GeoIP-Latitude
X-From-Cache
X-Request-Start
GeoIP-City
X-SRV
X-RTag
Ms-Operation-Id
X-Nananana
X-Edge-Server
X-CACHE-KEY
Cdn-Request-Time
Cdn-Host
X-Gdpr
Memory
X-Proxy-Server
X-Cookie
X-Gen-Id
UCS
X-HS-Status
Lb
X-GDPR
X-ServedByHost
X-Fastly-Backend-Reqs
GW-Server
Dont-Set-Cookie
X-WR-MODIFICATION
X-Load-Cache
DataCenter
X-FORWARDED-FOR
X-User
COMMERCE-SERVER-SOFTWARE
X-Fastly-Cache-Hits
Pics-Label
X-PJAX-URL
X-Env
X-Cache-HT
X-Ratelimit-Remaining
X-Optimization
X-Swift-Error
X-Vcache
Is-Session-Tracking
Cache-Hits
Get-Access-Time
Accept-Language
X-B3-SpanId
Who
X-RateLimit-Reset
X-Cache-Ttl
V-Cache
Group
Cf-Ipcountry
X-Cache-Debug
X-BBXSRF
X-LI-Proto
X-Content-Encoded-By
Locale
X-Goog-Meta-Goog-Reserved-File-Mtime
X-LI-UUID
X-Urbn-Context-Path
X-Li-Pop
X-Urbn-Site-Id
X-Li-Fabric
X-Ver
X-Fe
X-Dw-Trace-Id
X-Cache-FS-Status
X-CDN-Pop-IP
X-CDN-Pop
Amp-Access-Control-Allow-Source-Origin
X-ID
X-SB
URI
X-VC
NX-Cache
X-Path-Route
AGE-Hash
Xet-Cookie
Ws
X-Bug-Bounty
Requestid
X-Ibm-Trace
X-Meta-Tbi-Cache-Vertical
X-Info
X-GZIP
X-PF-Uncompressing
Serverid
X-NGINX-Cache
X-Serial
Httpd-Identifier
X-Qloud-Router
Fastly-Soc-X-Request-Id
X-VG-WebCache
X-Shard
SS
N-Cache
CDN-Cache-Hit
CDN-Node
X-Varnish-Info
CDN-Cache
X-CacheKey
X-Route-Name
X-Providence-Cookie
Https
SID
X-ServerName
X-Akamai-ERRuleID
X-Is-Crawler
X-Akamai-ERPolicy
Powered-By
X-RequestId
X-SVT-ORM-RULES
X-Litespeed-Cache-Control
X-Cache-Handler
X-Flags
X-SVT-ORM-VERSION
X-Grace-Duration