Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
Last-Modified
Accept-Ranges
Pragma
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
Expect-CT
Via
X-Cache
X-XSS-Protection
Age
Access-Control-Allow-Origin
Content-Security-Policy
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Xss-Protection
X-Served-By
X-Amz-Cf-Id
X-Varnish
Referrer-Policy
X-Timer
CF-Cache-Status
X-FRAME-OPTIONS
Access-Control-Allow-Headers
X-AspNet-Version
X-Request-Id
Access-Control-Allow-Methods
X-Runtime
X-Download-Options
Access-Control-Allow-Credentials
X-Drupal-Cache
X-Cacheable
X-Request-ID
Alt-Svc
X-Generator
Content-Security-Policy-Report-Only
X-Check
X-AspNetMvc-Version
Status
X-Cache-Status
X-Adblock-Key
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Iinfo
X-Permitted-Cross-Domain-Policies
X-Template
Content-Encoding
X-Language
X-Content-Security-Policy
X-Turbo-Charged-By
X-CDN
X-Type
X-Buckets
Keep-Alive
Xkey
X-AH-Environment
X-Cache-Group
X-Backend
Access-Control-Max-Age
WPE-Backend
X-Pass-Why
X-Age
CF-Ray
X-POWERED-BY
X-Server
Upgrade
EagleId
Access-Control-Expose-Headers
X-Via
X-Nginx-Cache-Status
X-Server-Powered-By
X-Drupal-Dynamic-Cache
X-Pingback
X-Varnish-Cache
Grace
X-Hacker
X-Amz-Request-Id
X-Amz-Id-2
X-Swift-SaveTime
X-Swift-CacheTime
X-UA-Device
X-Robots-Tag
Ali-Swift-Global-Savetime
P3p
Cf-Railgun
X-LiteSpeed-Cache
X-Proxy-Cache
X-Envoy-Upstream-Service-Time
X-Ua-Compatible
X-Page-Speed
Request-Context
Content-Location
X-Device
X-Ac
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Cnection
X-Node
X-Amz-Version-Id
X-Host
X-Cache-Lookup
Surrogate-Control
X-WebKit-CSP
X-Server-Id
X-Backend-Server
X-Rq
X-Rack-Cache
X-Response-Time
X-Application-Context
X-Readtime
EagleEye-TraceId
X-CST
Server-Timing
Pinterest-Generated-By
X-Cloud-Trace-Context
X-TTL
X-Url
X-OneAgent-JS-Injection
Request-Id
X-Instart-Request-ID
Report-To
X-Country
X-Px
X-ORACLE-DMS-ECID
X-Clacks-Overhead
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Feature-Policy
Edge-Control
Rating
X-Country-Code
Allow
X-DynaTrace-JS-Agent
X-Dns-Prefetch-Control
X-DataDome
X-ESI
Charset
X-Powered-CMS
X-PC
X-TtlSet
X-Vname
X-Server-Name
X-FTR-Request-ID
X-DynaTrace
X-Origin-Cache
NEL
X-MS-InvokeApp
X-Cached
X-Goog-Hash
X-Recruiting
X-ORACLE-DMS-RID
X-Vhost
X-GitHub-Request-Id
X-VARITI-CCR
RTSS
X-Varnish-TTL
Content-MD5
X-Version
X-F-Cache
X-Cdn-Fetch
X-GoogleNews-Bot
X-Kinja
X-Kinja-Build
X-Kinja-Server
X-Geo-Segment
X-Exp-Id
X-Exp-Variant
X-Kinja-Revision
X-Powered-By-Plesk
Public-Key-Pins
Accept-CH
PB-PID
PB-RID
X-Mobile-Rewrite
Arc-Version
X-Mod-Pagespeed
X-D2id
X-Pinterest-Rid
X-Upstream-Env
Pinterest-Version
Verso
X-Client-IP
MS-Author-Via
SPRequestGuid
X-Abt-Application-Version
X-SRCache-Fetch-Status
X-CF-Powered-By
X-SRCache-Store-Status
X-Dispatcher
X-N
X-SharePointHealthScore
X-Amz-Rid
X-Navigation-Version
Accept-CH-Lifetime
Nginx-Cache
X-TEC-API-VERSION
X-TEC-API-ROOT
AR-ATIME
X-TEC-API-ORIGIN
AR-PoweredBy
X-Trace
X-Fastly-Request-ID
X-Dw-Request-Base-Id
AR-CACHE
X-T
DynaTrace
Paypal-Debug-Id
X-Server-ID
X-Upstream
X-Varnish-Age
X-Hits
Arr-Disable-Session-Affinity
X-Forwarded-Proto
TCN
X-DIS-Request-ID
X-Origin-Upstream-Status
X-Id
X-Amz-Meta-S3cmd-Attrs
X-Grace
SPIisLatency
X-Ruxit-JS-Agent
SPRequestDuration
X-Pad
X-Shield-Request-Id
X-Content-Options
X-Content-Digest
X-NF-Request-ID
AR-SID
Realpath
Permitted-Cross-Domain-Policies
X-HeyJason
X-Do-Not-Hack
X-IPLB-Instance
X-Kinsta-Cache
X-Cache-Hit
X-Logged-In
Mrf-Cache-Status
MRF-Tech
X-Mrf-Section-Lastmod
X-Acc-Meta-Resource-Type
Access-Control-Request-Method
X-Mrf-Item-Lastmod
X-FastCGI-Cache
X-B
X-HW
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Vcap-Request-Id
X-SS-Set-Cookie
X-Debug
X-XRDS-Location
S
X-Ser
Service-Worker-Allowed
X-MSEdge-Ref
X-Wix-Server-Artifact-Id
X-Frontend
X-PressLabs-Stats
Server-Name
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-Cache-Status
X-Cache-Key
X-FTR-Realm
X-Country-Code-Real
X-FTR-Backend
X-FTR-DC
Tracecode
X-Oneagent-Js-Injection
AMP-Access-Control-Allow-Source-Origin
X-NewRelic-App-Data
X-FTR-Expires
Rt-Fastcgi-Cache
Fastcgi-Cache
X-Forwarded-For
Surrogate-Key
X-GUploader-UploadID
Eomportal-Instance
Fastly-Restarts
Alternate-Protocol
X-Cache-Rule
Cleartype
Cache-Status
Backend-Timing
X-Analytics
Host
X-HS-Content-Id
TP-L2-Cache
TP-Cache
X-Revision
X-HS-Hub-Id
X-Oracle-Dms-Rid
X-Accel-Buffering
Public-Key-Pins-Report-Only
X-Whom
X-Rid
X-TA-CDN-Provider
X-User-Agent
X-VCache
X-FTR-Cache-Host
FilterID
X-RateLimit-Remaining
X-Srv
X-Debug-Info
X-Akam-SW-Version
X-NWS-LOG-UUID
X-AOL-HN
X-Varnish-Backend
X-Cache-2
X-XRDS-LOCATION
X-Webkit-CSP
X-Via-JSL
ServerID
Front-End-Https
X-Cdn
Accept-Charset
X-Mobile
X-Content-Powered-By
X-Kinja-Server-Push
X-Request-Received
X-Request-Processing-Time
X-Zen-Fury
X-Cached-By
Viewport
X-WPE-Loopback-Upstream-Addr
X-Node-Name
X-App-Environment
X-LB-Cache
X-Magnolia-Registration
Host-Header
X-Content-Security-Policy-Report-Only
X-Page-Id
X-Cluster
X-Tumblr-Pixel-0
X-Tumblr-User
Liferay-Portal
X-Varnish-Hostname
X-Tumblr-Pixel
X-Request-Guid
X-Device-Type
X-Framework
X-Handled-By
X-B3-Sampled
X-TT
X-Cache-Control
X-B-Cache
X-Platform-Server
X-Instance
X-BCube-Filmed-By
X-FB-Debug
X-Signature
X-Akamai-Edgescape
X-Correlation-Id
Upgrade-Insecure-Requests
Cache-Tag
DC
X-Cache-Server
X-Hostname
X-B3-Traceid
X-Origin-Server
Server-Node
MicrosoftSharePointTeamServices
X-TT-TIMESTAMP
X-Ttl
Source
X-Amzn-Trace-Id
Retry-After
X-Sol
X-Middleton-Display
X-Fastcgi-Cache
Display
X-Accel-Expires
X-Servedby
X-Contextid
X-WA-Info
X-Varnish-Server
HitInfo
Server-Info
HitType
X-Distil-CS
X-Cache-Action
X-Cache-Operation
X-APP-VERSION
Content-Script-Type
Content-Style-Type
X-Wix-Request-Id
X-Seen-By
Webserver
X-Port
X-Amz-Replication-Status
User-Agent
X-GeoIP
X-S
GEO-INFO
X-RequestSource
X-WebKit-CSP-Report-Only
X-Jobs
Actual-Object-TTL
Healthy
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-Generated-By
X-Locale
X-Status
X-Edge-Location
X-Response-Served-From
X-FW-Server
X-Edge-Cache
X-Varnish-Hits
X-UUID
X-FW-Type
X-Edge-Cache-Key
X-FW-Hash
X-FW-Serve
X-FW-Static
AsisCache
X-Adobe-Loc
SRV
X-Drupal-Cache-Tags
X-Geo-Country
ServedBy
X-Region
X-TX-ID
X-Adobe-Content
X-Newrelic-App-Data
X-Hyper-Cache
X-Daa-Tunnel
Refresh
X-ATG-Version
X-DataStream-Cache-Status
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Iejgwucgyu
X-Esi
X-Cache-NE
X-Middleton-Response
X-Cache-TTL-Remaining
X-Varnish-Grace
Response
Filters
IBM-Web2-Location
X-URL
S-Cnection
X-Amz-Server-Side-Encryption
Payment
NGB
X-Cache-Age
X-Content-Type
X-Az
X-Activity-Id
Datacenter
X-AppVersion
X-Pc-Hit
X-Pc-Key
X-Pc-Appver
X-Cache-Remote
X-Proxied
X-CDN-Forward
X-Vg-Webcache
X-Cacheable-TTL
Country
X-App-Server
X-Cache-TTL
X-Kong-Proxy-Latency
Served-By
X-HS-Cache-Config
X-Kong-Upstream-Latency
Edge-Cache-Tag
X-Unique-ID
Cache
X-Sucuri-ID
X-Mode
X-UA
X-Akamai-Transformed
X-Varnish-IP
X-Cache-Var
X-RemovedCookies
X-Is-Bot
X-ProcessESI
Load-Balancing
X-Detected-As
X-Rendered-As
X-HS-Combine-CSS
X-Cache-Var-Map
Machine
X-RN-RSRV
Meta-Geo
X-FC-Vary-Parameters
X-Rocket-Nginx-Bypass
AR-Request-ID
X-Rule
X-Ruxit-Js-Agent
X-Proxy
Webcakes-Region
X-PCL
X-Amz-Meta-Surrogate-Control
X-BYPASS-REASON
X-Origin-Hint
X-EIG-Tracking-Id
X-ProxyCache-Key
Webcakes-App-Version
X-ProxyCache-Status
X-Cache-Category-Id
X-OCL
TWC-GeoIP-LatLong
TWC-Locale-Group
X-BB-IP
X-Human
TWC-GeoIP-Country
TWC-Device-Class
Mn-Server-Ip
Property-Id
TWC-Connection-Speed
X-Hosted-By
Access-Control-Allow-Method
X-Tb
X-ServerID
Webcakes-App-Name
X-Varnish-Cacheable
X-Grey
X-Varnish-Cache-Hits
TWC-Privacy
User-Cache-Control
X-Origin
Backend
ServerName
S-Rt
X-Real-IP
X-Debug-Cache
X-Format
X-Environment-Context
Now
L5d-Success-Class
Azure-SiteName
Azure-RegionName
Azure-SlotName
Azure-Version
DB-Nickname
Cache-Name
X-Generated
X-Hit
X-Site-Version
X-Routing-Service
X-TNCMS
X-Upgrade-Enabled
X-Zipkin-Id
X-Viewer-Country
X-OVcl-Cache
X-OVcl
X-JoinUs
X-Correlation-ID
X-L-Path
X-Loop
X-Original-Request
Azure-InstanceId
X-NodeID
X-LJ-Flow-ID
X-Access
X-Agile
X-NGENIX-Cache
Selected-FE
X-Proxy-Build
X-Www-Served-By
X-PERF
X-Agile-Age
X-Agile-Id
OT-Force-Account-Verify
X-Cache-Config
X-CDN-Cache
X-IP
X-AWS-Id
X-ApacheServer
X-App-Name
X-Pubstack
X-Ocache
X-Via-Fastly
X-HOST
X-Section
X-Timing-Wait
Access-Control-Request-Headers
X-SplitTest
Cache-Key
X-TWH-CORRELATION-ID
X-VWS-Id
X-Origin-CC
X-Backend-Name
X-RateLimit-Limit
X-CCM
X-Drupal-Cache-Contexts
HostName
X-Upstream-HT
X-Upstream-CT
X-Source
Fastcgi-X-Cache-Version
X-Mrs-Cache
Fastcgi-Useragent
X-Xfnlog-Site
X-Mrs-Cache-Hits
X-Mshield-Cache-Status
X-Nginx-Cache
X-Mrs-Age
Fastcgi-X-Cache
X-Pc-Date
X-Pc-Host
Powered-By-ChinaCache
X-Akamai-Request-ID
X-Storage
From-Origin
X-Vgn-Hpd-Reason
X-Litespeed-Cache
Pagespeed
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Forwarded-Host
Fastly-SSL
X-Feature
X-NC
X-Time-Microsecs
X-NCache
X-Internal-Host
X-Varnish-Beresp-Status
LB
X-Qnm-Cache
X-M-Reqid
X-M-Log
X-Varnish-Beresp-Grace
X-Release
NtCoent-Length
X-Ms-Version
X-Ms-Lease-Status
X-Ms-Request-Id
X-Distributor
X-Ms-Blob-Type
X-Microcachable
X-Birta-Served
X-Labrador-Cache-Channel
X-UA-Device-Type
X-Birta-Cache-Post
X-VG-TLSProxy
Pagetype
X-App-Version
XServer
X-Webkit-Csp
X-EdgeConnect-Cache-Status
X-Cache-Backend
X-Transaction
X-Twitter-Response-Tags
X-Connection-Hash
Time
X-Sucuri-Cache
Frame-Options
X-SERVER-NAME
MIME-Version
X-PHP-Backend
X-B3-Spanid
X-Logtrace-Id
Mobile-Detection-Method
Cache-Prefix
BehaviorPad-Version
Fly-Request-Id
Cneonction
NGX
X-IN-WAF
Ec-Rule-Version
X-Irp-Debug
X-IN-APIGATEWAY
Arc-Country
Rendered-Blocks
Fly-Cache
AKAMAI
X-Powered-By-ANYU
X-NU-AKA-ACS-Version
WZWS-RAY
X-No-Session
MD5-Digest
X-PAYTM-SRV-ID
Meta-Geo-Continent
IsBot
Ajk
X-G
X-Org
X-Generation-Time
X-Generated-In
X-From
X-Request-UUID
X-SIPLIST1
X-A-Ccd
X-CF-Lambda-Version
X-A-Dam
X-Cache-Bucket
X-A-Dcw
X-Via-SSL
Www
X-Server-Time
X-ScT
X-WebServer
X-Developer
X-Server-By
X-Destination
X-C
X-SRCache-Key
X-Via-Edge
X-D
X-BB-ID
X-ARC
X-UE-Client-Country
X-Date
X-B-Cookie
X-Application
X-CUA
X-A-Wwc
X-A-Dgt
X-Accel-Expires-Debug
X-Via-CDN
X-VG-WebServer
X-Trv-Group
X-S-Cookie
X-A
V-Age
X-IN-SSL-APIGATEWAY
X-Rewrite-Enabled
Viewtype
X-Died
X-Dispatcher-Server
X-DPWN-IS-SECURE
X-Region-Sid
T-Server
Xc-Version
X-CF-Lambda-Fn
X-Redis-Cache
Server-Int
X-Rojux
X-CS
VivaBuild
ViewerVersion
X-NWS-UUID-VERIFY
X-FireWall-Port
X-Web-Node
HA-Geocountry
X-Hl-Ver
X-Eu-Site
HA-Geolat
Ha-Gx-Prefs
HA-Georegion
HA-Geolon
X-Core-Value
HA-Geocity
GMS-Ver
X-CGP
X-External-Request-Id
X-Hnp-Log
HA-Cloudapp
X-Block-Status
X-Hash
Server-Host
X-Amz-Meta-Cache-Control
X-Crawler
X-Debug-Log
X-Cache-CFC
X-Fastly-Cache
NodeID
X-Cache-Enabled
Web-Mar-Node
Pragrma
Origin-Cache-Control
Release
X-Gen-Mode
X-F5-Cache
HA-Urlpath
HA-Servedtime
HA-Ipaddr
HA-Host
Host-ID
X-GeoIP-City
Magicmarker
X-Debug-Cookies
Origin-Edge-Control
SN
X-Platform
X-Owner
X-Phone
X-RateLimit-Remaining-Second
X-Cluster-Node
X-Origin-TTL
X-Node-Id
X-NX-Host
X-S-Maxage
X-Store
X-We-Are-Hiring
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-VServer
X-VCT
X-Var-Ttl
X-Varnish-Action
X-Request-Time
X-RateLimit-Limit-Second
X-Layer
Backend-Name
X-Key
Country-Code
X-Webstats-RespID
X-Instance-Name
X-CACHE-AGE
X-V
X-GZip
X-Varnish-Beresp-Ttl
X-Cdn-Srv
X-Server-IP
X-Secret
X-Sf
X-Cdn-Origin
X-MI-In-Market
X-Returned-From-PostProcessResponse
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
X-Returned-From
Thinkindot-Control
X-Returned-From-BeforeDispatch
X-Sn-Servicetimems
X-Returned-From-DLL
Uber-Trace-Id
Powered
X-Swa-Ws
X-Clientip
X-Variation
X-Matched-Rule
X-Backend-TTL
Countrycode
X-HTML-Minification-Powered-By
X-Cache-Host
X-Croise-Owner
X-Cache-Expires
X-Backend-State
X-Up
X-Actual-URL
X-Response-By
X-GeoIP-Country-Code
X-Thinkindot-L3
X-Trace-Id
X-UnsetCookies
X-Cache-URL
X-TT-LOGID
X-Stale
X-Reboot
MI-Cache
MI-API
Apple-News-Services-Host
Apple-News-Services-Handled
MI-Cache-Age
Apple-News-Services-Parsed-Url
X-Passed-To
X-Gannett-Site-Version
Odigeo-Trace-Id
Apple-News-Services-Request-Url
X-Nginx-Cache-Key
Kp-EeAlive
X-Shopify-Stage
Heartbleed
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-ShopId
X-ShardId
X-Alternate-Cache-Key
Adler-Geo
Is-Eu
Origin
X-Passed-To-BeforeDispatch
CDCHOST
X-Fetched-On
X-Cache-Srv
Request-EU
X-RCS-CacheZone
Esi-Enabled
X-MSEdge-Flight
X-Epic-Correlation-Id
X-Policy
Section-Io-Cache
Request-Country
REQUESTUUID
X-FW-Version
PFcat
X-Passed-To-DLL
Platform
X-Core-Mission
X-MSEdge-Features
X-Request-URI
Proxy-Connection
X-Passed-To-PostProcessResponse
X-Ua
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-Content-Age
X-Fstrz
X-Location
X-Device-Os
X-Developers
X-Tumblr-Pixel-3
X-ServiceProvider
X-Servername
X-Worker
Server-ID
RNT-Machine
Resin-Trace
RNT-Time
Decoy-Debug-Key
X-Varnish-Ttl
Fastly-SWR
Request-Time
Cache-Tags
Fastly-SIE
X-Ckpd-Fst-Backend
Fastly-Backend-Name
On-Server
Decoy-Debug-Status
Decoy-Debug-TTL
Sid
Content-Disposition
X-Backend-Host
True-Client-Country-4JS
PageSpeed
ProcessTime
X-Alicdn-Da-Ups-Status
X-Backend-Url
Xserver
X-ElasticPress-Search
X-Ezoic-Cdn
HTTPS
X-Skip-Cache
X-Csrf-Token
Warning
X-Dc
X-Pf-Uncompressing
X-Endurance-Cache-Level
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
Cache-Cookie-Set-Lfrom
X-B3-TraceId
Cteonnt-Length
CF-IPCountry
RequestId
X-Proto
X-Req
WP-Super-Cache
X-Oss-Server-Time
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Oss-Storage-Class
X-Oss-Request-Id
X-Real-Ip
X-Servedbyhost
X-Planisys-CDN-Cache
X-Surge-Debug
We-Hiring
X-Planisys-CDN-Rules
X-Refresh
X-Planisys-CDN-TTL
Mail-Subject
X-TIME
X-Newrelic-Synthetics
CACHE
X-Pjax-Url
Ar-Sid
CDN
X-GEO
X-Aed
X-Cache-ASPX
Dnion-Transfer-Encoding
X-Time
X-Nc
Pramga
X-GoCache-CacheStatus
X-GRACE
Hostname
X-CLOUD-TRACE-CONTEXT
X-Atg-Version
X-DC
X-Edge-IP
X-CSRF-Token
X-Geo
X-COUNTRY
TSSecure
X-Varnish-Beresp-TTL
X-Guploader-Uploadid
X-Ms-Lease-State
X-Server-W
GeoIp-Country-Code
NODE
Geoip-Latitude
X-Page-Type
X-Oracle-Dms-Ecid
NnCoection
X-DataStream-MidMile-RTT
X-Origin-Date
X-Origin-Expires
X-Flog
X-ABtesting
X-Hello
X-DataStream-Origin-MEX-Latency
X-Cdn-Forward
X-Cache-Control-Set-By
X-Varnish-Url
X-HCF
X-Aicache-OS
A
X-Varnish-HitMiss
Cdn
X-WA
MS-CV
SD-X-WS
Lfy
X-Auto-Login
X-Datadome
X-Amz-Cf-Pop
WWW-Authenticate
FSS-Proxy
X-Server-Group
X-Akamai-Request-ID2
FSS-Cache
X-Ratelimit-Limit
X-Wa
Geoip-City
Mime-Version
Node
Processtime
X-SRV
X-Wix-Route-ID
X-Varnish-URL
X-Sentry-ID
X-Via-NSCOPI
PICS-Label
Rt-Proxy-Cache
X-UPSTREAM-Address
X-Use-Magma
X-From-Cache
X-Check-Cacheable
X-PAGE-TYPE
X-Cache-Id
X-APP
GeoIP-Country-Code
X-EC-Security-Audit
X-Unique-Id
GeoIP-Latitude
X-Nananana
X-NODE
X-Edge-Server
X-Served-From
GeoIP-City
Memcached
Cdn-Request-Time
Cdn-Host
PageType
X-Thanos
X-Cache-Info
X-Bip
X-Gdpr
Lb
Ms-Operation-Id
Dont-Set-Cookie
X-CACHE-KEY
X-Cookie
X-Gen-Id
X-RTag
X-Be
X-Request-Start
X-Proxy-Server
X-Fastly-Backend-Reqs
COMMERCE-SERVER-SOFTWARE
X-GDPR
X-Load-Cache
DataCenter
X-Dynatrace-Js-Agent
X-WR-MODIFICATION
X-Cache-HT
X-Fastly-Cache-Hits
Is-Session-Tracking
X-FORWARDED-FOR
X-MP-GENERATED-AT
X-Optimization
Get-Access-Time
X-HS-Status
X-Env
X-B3-SpanId
UCS
Memory
Pics-Label
Who
X-Swift-Error
X-PJAX-URL
GW-Server
X-User
V-Cache
X-ServedByHost
Serverid
X-Cache-Ttl
X-RateLimit-Reset
X-Cache-FS-Status
Group
X-Ver
URI
X-GZIP
Cf-Ipcountry
X-Fe
Ws
Cache-Hits
X-CDN-Pop
X-Meta-Tbi-Cache-Vertical
X-Dw-Trace-Id
X-CDN-Pop-IP
X-Ibm-Trace
Amp-Access-Control-Allow-Source-Origin
X-ID
X-VC
AGE-Hash
Requestid
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Bug-Bounty
X-SB
X-Shard
Httpd-Identifier
NX-Cache
X-PF-Uncompressing
Xet-Cookie
Accept-Language
X-NGINX-Cache
X-Wix-Petri-Ex
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
Powered-By
X-Varnish-Info
N-Cache
X-CacheKey
X-Urbn-Context-Path
X-Urbn-Site-Id
CDN-Cache
CDN-Node
CDN-Cache-Hit
X-LI-UUID
X-LI-Proto
X-BBXSRF
Locale
X-Cache-Debug
X-Content-Encoded-By
X-Li-Pop
X-Li-Fabric
X-Ratelimit-Remaining
Version
X-Providence-Cookie
X-Route-Name
X-Is-Crawler
X-Flags
X-Litespeed-Cache-Control
X-RequestId
X-ServerName
X-Akamai-ERPolicy
X-Cache-Handler
Ohc-File-Size
X-Grace-Duration
Https
X-Akamai-ERRuleID
X-StackifyID