Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
Last-Modified
Accept-Ranges
Pragma
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
Expect-CT
Via
X-XSS-Protection
X-Cache
Age
Access-Control-Allow-Origin
Content-Security-Policy
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Served-By
X-Amz-Cf-Id
X-Varnish
Referrer-Policy
X-Xss-Protection
X-Timer
CF-Cache-Status
X-FRAME-OPTIONS
Access-Control-Allow-Headers
X-AspNet-Version
X-Request-Id
Access-Control-Allow-Methods
X-Runtime
X-Download-Options
Access-Control-Allow-Credentials
X-Drupal-Cache
X-Cacheable
Alt-Svc
X-Request-ID
X-Generator
Content-Security-Policy-Report-Only
X-Check
X-AspNetMvc-Version
Status
X-Adblock-Key
X-Cache-Status
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Iinfo
X-Permitted-Cross-Domain-Policies
X-Template
X-Language
Content-Encoding
X-Content-Security-Policy
X-Turbo-Charged-By
X-CDN
X-Type
X-Buckets
Keep-Alive
Xkey
X-AH-Environment
X-Backend
WPE-Backend
X-Pass-Why
Access-Control-Max-Age
X-Age
X-Cache-Group
Upgrade
CF-Ray
X-Server
X-POWERED-BY
EagleId
Access-Control-Expose-Headers
X-Via
X-Nginx-Cache-Status
X-Server-Powered-By
X-Drupal-Dynamic-Cache
X-Pingback
X-Varnish-Cache
X-Amz-Request-Id
X-Amz-Id-2
Grace
X-Hacker
X-Swift-CacheTime
X-Swift-SaveTime
X-UA-Device
X-Robots-Tag
Ali-Swift-Global-Savetime
Cf-Railgun
P3p
X-LiteSpeed-Cache
X-Proxy-Cache
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Ua-Compatible
Request-Context
Content-Location
X-Device
X-Ac
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Cnection
X-Node
X-Amz-Version-Id
X-Host
X-Server-Id
X-Cache-Lookup
Surrogate-Control
X-WebKit-CSP
X-Backend-Server
X-Rq
X-Rack-Cache
X-Response-Time
X-Readtime
X-Application-Context
EagleEye-TraceId
X-CST
Server-Timing
Pinterest-Generated-By
X-Cloud-Trace-Context
X-Url
X-TTL
X-OneAgent-JS-Injection
Request-Id
Report-To
X-Instart-Request-ID
X-Country
X-Px
X-ORACLE-DMS-ECID
X-Clacks-Overhead
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Feature-Policy
Edge-Control
Rating
X-Country-Code
Allow
X-DynaTrace-JS-Agent
X-ESI
X-DataDome
X-Powered-CMS
X-TtlSet
X-PC
X-Vname
Charset
X-Server-Name
X-Dns-Prefetch-Control
X-FTR-Request-ID
X-Origin-Cache
X-DynaTrace
NEL
X-MS-InvokeApp
X-Cached
X-Goog-Hash
X-Recruiting
X-Vhost
X-Varnish-TTL
X-GitHub-Request-Id
X-VARITI-CCR
X-ORACLE-DMS-RID
RTSS
Content-MD5
X-Version
X-F-Cache
X-Exp-Variant
X-Exp-Id
X-Cdn-Fetch
X-Kinja-Revision
X-Kinja-Server
X-Kinja-Build
X-Kinja
X-Geo-Segment
X-GoogleNews-Bot
X-Powered-By-Plesk
Public-Key-Pins
Accept-CH
PB-RID
PB-PID
X-Mobile-Rewrite
Arc-Version
X-D2id
X-Mod-Pagespeed
X-Pinterest-Rid
Pinterest-Version
X-Upstream-Env
Verso
MS-Author-Via
X-Client-IP
X-Abt-Application-Version
SPRequestGuid
X-Dispatcher
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-N
X-CF-Powered-By
X-SharePointHealthScore
X-Amz-Rid
Accept-CH-Lifetime
X-Navigation-Version
Nginx-Cache
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-Dw-Request-Base-Id
AR-PoweredBy
AR-ATIME
X-Fastly-Request-ID
X-Trace
DynaTrace
X-T
AR-CACHE
Paypal-Debug-Id
X-Upstream
X-Hits
X-Varnish-Age
X-Forwarded-Proto
X-Grace
X-DIS-Request-ID
Arr-Disable-Session-Affinity
TCN
X-Origin-Upstream-Status
X-Ruxit-JS-Agent
X-Amz-Meta-S3cmd-Attrs
X-Id
SPIisLatency
SPRequestDuration
X-Pad
X-Shield-Request-Id
X-Content-Options
X-Content-Digest
Realpath
X-NF-Request-ID
X-Kinsta-Cache
X-FastCGI-Cache
X-IPLB-Instance
X-Cache-Hit
Access-Control-Request-Method
X-Mrf-Item-Lastmod
MRF-Tech
X-Mrf-Section-Lastmod
Mrf-Cache-Status
X-Acc-Meta-Resource-Type
X-Logged-In
AR-SID
X-B
X-HW
X-Goog-Metageneration
X-Goog-Storage-Class
X-Do-Not-Hack
Permitted-Cross-Domain-Policies
X-Server-ID
X-HeyJason
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Vcap-Request-Id
X-SS-Set-Cookie
X-Debug
S
Service-Worker-Allowed
X-Ser
X-MSEdge-Ref
X-Wix-Server-Artifact-Id
X-XRDS-Location
Tracecode
Server-Name
X-PressLabs-Stats
X-Cache-Key
X-Frontend
X-Country-Code-Real
X-FTR-Backend
X-FTR-Realm
X-FTR-DC
X-FTR-Backend-Server
X-FTR-Cache-Status
X-FTR-Balancer
AMP-Access-Control-Allow-Source-Origin
X-NewRelic-App-Data
X-FTR-Expires
X-Oneagent-Js-Injection
Rt-Fastcgi-Cache
X-Webkit-CSP
Surrogate-Key
X-Forwarded-For
Fastcgi-Cache
Fastly-Restarts
X-Oracle-Dms-Rid
Eomportal-Instance
Alternate-Protocol
X-GUploader-UploadID
X-Cache-Rule
Cleartype
Cache-Status
X-Analytics
Backend-Timing
X-Srv
Host
X-Accel-Buffering
X-RateLimit-Remaining
X-HS-Hub-Id
TP-Cache
TP-L2-Cache
X-HS-Content-Id
X-Revision
X-Rid
Public-Key-Pins-Report-Only
X-Whom
FilterID
X-FTR-Cache-Host
X-XRDS-LOCATION
X-VCache
X-User-Agent
X-Debug-Info
X-Akam-SW-Version
ServerID
X-AOL-HN
X-TA-CDN-Provider
X-Varnish-Backend
X-NWS-LOG-UUID
X-Cache-2
Front-End-Https
X-Mobile
Accept-Charset
X-Via-JSL
X-Content-Powered-By
X-Request-Received
X-Request-Processing-Time
X-Cdn
X-Zen-Fury
X-WPE-Loopback-Upstream-Addr
X-Kinja-Server-Push
X-Cached-By
Viewport
X-Node-Name
X-App-Environment
X-Ttl
X-LB-Cache
X-Correlation-Id
X-B3-Traceid
X-Tumblr-Pixel-0
X-Page-Id
X-Tumblr-Pixel
X-Cluster
X-Tumblr-User
Host-Header
X-Varnish-Hostname
X-Magnolia-Registration
Liferay-Portal
X-Akamai-Edgescape
X-Device-Type
X-Framework
X-Request-Guid
X-Cache-Control
X-Handled-By
X-TT
X-Signature
X-Platform-Server
X-FB-Debug
X-B3-Sampled
X-BCube-Filmed-By
X-Content-Security-Policy-Report-Only
Upgrade-Insecure-Requests
X-B-Cache
X-Instance
DC
Cache-Tag
X-Cache-Server
X-Hostname
X-Origin-Server
Server-Node
MicrosoftSharePointTeamServices
X-TT-TIMESTAMP
X-Amzn-Trace-Id
Display
X-Middleton-Display
X-Sol
Source
X-Accel-Expires
Retry-After
X-APP-VERSION
X-WA-Info
X-Varnish-Server
X-Servedby
X-Fastcgi-Cache
X-Contextid
HitInfo
HitType
Server-Info
X-Distil-CS
X-Cache-Action
X-Iejgwucgyu
X-Cache-Operation
Content-Style-Type
X-Wix-Request-Id
Content-Script-Type
X-Seen-By
X-Amz-Replication-Status
X-GeoIP
Webserver
X-Tumblr-Pixel-1
X-RequestSource
X-S
User-Agent
X-Port
X-Tumblr-Pixel-2
GEO-INFO
X-Jobs
Actual-Object-TTL
X-Status
X-WebKit-CSP-Report-Only
X-Edge-Location
X-Locale
X-FW-Static
X-FW-Server
X-Response-Served-From
X-FW-Type
X-FW-Serve
AsisCache
X-Edge-Cache-Key
X-Edge-Cache
X-UUID
X-Region
X-FW-Hash
X-Generated-By
SRV
ServedBy
X-Adobe-Loc
X-Drupal-Cache-Tags
X-TX-ID
X-Adobe-Content
Healthy
X-Varnish-Hits
X-Geo-Country
X-Hyper-Cache
Refresh
X-ATG-Version
X-Newrelic-App-Data
X-Yottaa-Metrics
X-Daa-Tunnel
X-Yottaa-Optimizations
X-DataStream-Cache-Status
X-Cache-NE
Response
X-Middleton-Response
X-Cache-TTL-Remaining
X-Varnish-Grace
IBM-Web2-Location
Payment
S-Cnection
X-Esi
Filters
X-CDN-Forward
X-Amz-Server-Side-Encryption
X-Cache-Age
NGB
X-URL
X-Content-Type
X-Activity-Id
X-AppVersion
X-Az
X-Pc-Key
X-Proxied
X-Pc-Hit
X-Pc-Appver
X-UA
X-Vg-Webcache
Datacenter
Country
X-Cacheable-TTL
X-Cache-Remote
X-Cache-TTL
X-App-Server
Served-By
Edge-Cache-Tag
X-HS-Cache-Config
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Varnish-IP
X-Mode
X-Sucuri-ID
X-Akamai-Transformed
X-Cache-Var-Map
X-Unique-ID
X-Rendered-As
X-Detected-As
X-Is-Bot
X-RN-RSRV
Machine
Meta-Geo
X-Cache-Var
X-RemovedCookies
X-ProcessESI
X-HS-Combine-CSS
Load-Balancing
X-FC-Vary-Parameters
X-Proxy
X-Rocket-Nginx-Bypass
X-Rule
Pagespeed
Mn-Server-Ip
X-Cache-Category-Id
Webcakes-App-Version
Webcakes-App-Name
User-Cache-Control
X-Grey
X-Varnish-Cacheable
X-Amz-Meta-Surrogate-Control
Webcakes-Region
X-BYPASS-REASON
Property-Id
X-OCL
Access-Control-Allow-Method
X-Hosted-By
Cache-Name
X-Origin
X-Origin-Hint
X-ProxyCache-Status
X-PCL
X-Varnish-Cache-Hits
TWC-Device-Class
TWC-GeoIP-Country
X-ProxyCache-Key
X-Human
X-ServerID
TWC-Connection-Speed
TWC-Privacy
TWC-GeoIP-LatLong
DB-Nickname
TWC-Locale-Group
X-Tb
Backend
AR-Request-ID
X-BB-IP
X-Access
X-CDN-Cache
ServerName
X-Debug-Cache
Powered-By-ChinaCache
S-Rt
Azure-SiteName
Azure-RegionName
Azure-SlotName
Azure-Version
Now
L5d-Success-Class
X-EIG-Tracking-Id
X-Generated
X-Routing-Service
X-OVcl-Cache
X-Section
X-Site-Version
X-Zipkin-Id
X-TNCMS
X-OVcl
X-Original-Request
X-Hit
Azure-InstanceId
X-JoinUs
X-Loop
X-NodeID
X-Format
X-Upgrade-Enabled
X-Pubstack
X-Proxy-Build
X-Agile
X-Agile-Age
X-Timing-Wait
X-TWH-CORRELATION-ID
X-VWS-Id
X-Viewer-Country
X-Via-Fastly
Selected-FE
X-Agile-Id
X-PERF
X-Environment-Context
X-LJ-Flow-ID
X-L-Path
X-IP
X-NGENIX-Cache
X-Cache-Config
X-ApacheServer
X-App-Name
X-AWS-Id
X-Ruxit-Js-Agent
X-Www-Served-By
X-SplitTest
OT-Force-Account-Verify
Cache-Key
Access-Control-Request-Headers
X-Drupal-Cache-Contexts
X-CCM
X-Ocache
HostName
X-Origin-CC
X-Backend-Name
Cache
X-Real-IP
X-Correlation-ID
X-Xfnlog-Site
X-HOST
X-Mrs-Cache-Hits
Fastcgi-Useragent
Fastcgi-X-Cache
X-RateLimit-Limit
X-Mshield-Cache-Status
Fastcgi-X-Cache-Version
X-Mrs-Cache
X-Upstream-HT
X-Mrs-Age
X-Upstream-CT
X-Source
X-Nginx-Cache
X-Akamai-Request-ID
X-Pc-Date
From-Origin
X-Pc-Host
X-Storage
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Vgn-Hpd-Reason
X-Litespeed-Cache
X-Forwarded-Host
Fastly-SSL
X-Time-Microsecs
X-NCache
X-M-Reqid
X-M-Log
LB
X-Qnm-Cache
X-NC
X-Feature
X-Internal-Host
X-Ms-Lease-Status
X-Ms-Blob-Type
NtCoent-Length
X-Varnish-Beresp-Status
X-Ms-Request-Id
X-Ms-Version
X-Varnish-Beresp-Grace
X-Distributor
X-Birta-Cache-Post
X-Release
X-Birta-Served
X-UA-Device-Type
X-Labrador-Cache-Channel
X-Microcachable
X-VG-TLSProxy
XServer
X-EdgeConnect-Cache-Status
Pagetype
X-Webkit-Csp
X-Twitter-Response-Tags
X-Cache-Backend
X-B3-Spanid
Time
X-CACHE-GROUP
X-Connection-Hash
X-Transaction
X-Powered-By-ANYU
Frame-Options
WZWS-RAY
ViewerVersion
X-From
X-DPWN-IS-SECURE
X-Dispatcher-Server
X-SIPLIST1
V-Age
X-Server-Time
X-Region-Sid
Cache-Prefix
Ec-Rule-Version
X-Destination
X-VG-WebServer
X-Via-CDN
VivaBuild
X-Server-By
BehaviorPad-Version
X-Developer
X-Died
X-G
X-IN-SSL-APIGATEWAY
X-IN-APIGATEWAY
X-No-Session
X-IN-WAF
X-Irp-Debug
X-UE-Client-Country
X-Trv-Group
X-Redis-Cache
Cneonction
X-Generation-Time
X-Generated-In
X-A-Ccd
Arc-Country
X-Org
AKAMAI
X-NU-AKA-ACS-Version
Ajk
X-SRCache-Key
Fly-Cache
X-Application
X-Accel-Expires-Debug
X-A-Wwc
X-ARC
X-Via-Edge
X-BB-ID
Rendered-Blocks
X-B-Cookie
Xc-Version
X-Via-SSL
T-Server
X-A-Dam
X-Request-UUID
X-A
X-C
X-A-Dgt
Server-Int
X-A-Dcw
Viewtype
X-Rewrite-Enabled
X-D
X-WebServer
X-S-Cookie
X-ScT
X-Date
Www
Fly-Request-Id
X-Logtrace-Id
X-Cache-Bucket
X-Rojux
X-CF-Lambda-Fn
Mobile-Detection-Method
X-PAYTM-SRV-ID
NGX
Meta-Geo-Continent
MD5-Digest
IsBot
X-CUA
X-CF-Lambda-Version
X-Instance-Name
X-Sucuri-Cache
X-Request-Time
X-Cluster-Node
X-FireWall-Port
X-SERVER-NAME
X-NWS-UUID-VERIFY
MIME-Version
X-Web-Node
X-PHP-Backend
X-GZip
HA-Servedtime
HA-Urlpath
X-Crawler
HA-Ipaddr
X-Core-Value
X-CGP
X-CS
HA-Geolon
HA-Cloudapp
GMS-Ver
X-S-Maxage
HA-Geocity
HA-Geolat
Ha-Gx-Prefs
HA-Georegion
HA-Host
NodeID
X-Wikidot-Static-Cache
Server-Host
X-Amz-Meta-Cache-Control
X-RateLimit-Remaining-Second
SN
X-VServer
Web-Mar-Node
X-Wikidot-Backend
X-We-Are-Hiring
X-RateLimit-Limit-Second
X-Platform
X-Cache-CFC
X-Cache-Enabled
X-Phone
Origin-Cache-Control
Origin-Edge-Control
Release
Pragrma
X-Block-Status
Magicmarker
HA-Geocountry
X-Key
X-Gen-Mode
Backend-Name
X-Owner
X-VCT
X-Layer
X-Store
X-Node-Id
X-Hnp-Log
X-Varnish-Action
X-Hl-Ver
X-Hash
X-GeoIP-City
X-Fastly-Cache
X-Origin-TTL
Country-Code
X-UnsetCookies
X-External-Request-Id
X-Eu-Site
X-F5-Cache
X-Webstats-RespID
CACHE
X-V
X-App-Version
X-Swa-Ws
X-Backend-TTL
X-MI-In-Market
X-Var-Ttl
X-Returned-From-PostProcessResponse
X-Request-URI
X-Matched-Rule
X-TT-LOGID
X-Location
X-Backend-Url
X-Backend-State
X-Variation
X-Thinkindot-L3
X-RCS-CacheZone
X-Returned-From
X-Reboot
X-Returned-From-BeforeDispatch
X-Returned-From-DLL
X-Response-By
X-Nginx-Cache-Key
X-MSEdge-Flight
X-MSEdge-Features
X-Actual-URL
X-Backend-Host
X-Cache-URL
X-Tumblr-Pixel-3
REQUESTUUID
X-Fetched-On
X-FW-Version
X-Stale
X-Up
X-Debug-Cookies
X-Epic-Correlation-Id
X-Developers
X-Server-IP
X-Sf
X-Secret
X-Debug-Log
X-Gannett-Site-Version
X-Croise-Owner
X-Passed-To
X-Cdn-Srv
X-Passed-To-PostProcessResponse
X-GeoIP-Country-Code
X-Cache-Expires
X-Cache-Srv
X-Passed-To-DLL
Powered
X-Clientip
X-Core-Mission
X-NX-Host
X-Policy
X-Passed-To-BeforeDispatch
X-HTML-Minification-Powered-By
Section-Io-Cache
CDCHOST
Origin
Countrycode
Platform
Request-Country
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Request-EU
Odigeo-Trace-Id
MI-Cache-Age
Heartbleed
Host-ID
Is-Eu
Kp-EeAlive
Esi-Enabled
MI-Cache
MI-API
Apple-News-Services-Host
Proxy-Connection
Thinkindot-CacheControl
X-ShardId
Apple-News-Services-Handled
X-Alternate-Cache-Key
Thinkindot-Control
Thinkindot-CacheControl-Type
Uber-Trace-Id
X-ShopId
X-Sorting-Hat-ShopId
X-Shopify-Stage
Adler-Geo
X-Sorting-Hat-PodId
X-CACHE-AGE
X-ServiceProvider
X-Device-Os
X-Servername
X-Trace-Id
X-Sn-Servicetimems
Fastly-Backend-Name
X-ElasticPress-Search
X-Fstrz
Cache-Tags
HTTPS
X-Varnish-Beresp-Ttl
X-Worker
Decoy-Debug-Status
Decoy-Debug-Key
Decoy-Debug-TTL
Content-Disposition
Resin-Trace
On-Server
X-Cache-Host
RNT-Machine
X-Alicdn-Da-Ups-Status
True-Client-Country-4JS
Sid
RNT-Time
X-Cdn-Origin
Server-ID
X-Content-Age
X-Ckpd-Fst-Backend
ProcessTime
Request-Time
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
PFcat
X-Skip-Cache
X-Ezoic-Cdn
Fastly-SWR
Fastly-SIE
X-Endurance-Cache-Level
X-TIME
X-Dc
Warning
Xserver
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-From
RequestId
X-Pf-Uncompressing
X-Real-Ip
Cache-Cookie-Set-Idcheck
X-Csrf-Token
Cteonnt-Length
X-Proto
X-Ua
Ar-Sid
CF-IPCountry
X-Newrelic-Synthetics
X-Req
We-Hiring
X-Surge-Debug
X-Refresh
Mail-Subject
X-Oss-Server-Time
X-Oss-Request-Id
X-Oss-Object-Type
WP-Super-Cache
X-Oss-Storage-Class
X-Oss-Hash-Crc64ecma
X-Servedbyhost
CDN
PageSpeed
X-Pjax-Url
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-Guploader-Uploadid
X-Nc
X-B3-TraceId
X-Aed
X-GEO
Pramga
X-Cache-ASPX
Dnion-Transfer-Encoding
X-Geo
X-CSRF-Token
X-Varnish-Ttl
X-Varnish-Beresp-TTL
GeoIp-Country-Code
X-Edge-IP
X-GoCache-CacheStatus
Geoip-Latitude
TSSecure
X-DC
Hostname
X-Atg-Version
X-CLOUD-TRACE-CONTEXT
X-Ms-Lease-State
X-Time
X-Server-W
X-COUNTRY
X-DataStream-MidMile-RTT
X-Page-Type
X-DataStream-Origin-MEX-Latency
X-ABtesting
X-Flog
X-Hello
NODE
X-Amz-Cf-Pop
NnCoection
X-Oracle-Dms-Ecid
X-Aicache-OS
X-Origin-Expires
X-Origin-Date
MS-CV
X-Ratelimit-Limit
X-HCF
A
X-Auto-Login
X-WA
Cdn
X-Varnish-HitMiss
Lfy
X-Varnish-Url
X-Cache-Control-Set-By
X-Akamai-Request-ID2
SD-X-WS
X-Datadome
FSS-Cache
FSS-Proxy
X-GRACE
X-Cdn-Forward
Mime-Version
X-Server-Group
WWW-Authenticate
Processtime
Rt-Proxy-Cache
Geoip-City
X-Varnish-URL
X-Wa
X-Unique-Id
X-Sentry-ID
Node
X-Check-Cacheable
X-PAGE-TYPE
X-UPSTREAM-Address
X-EC-Security-Audit
PICS-Label
X-Wix-Route-ID
X-Via-NSCOPI
X-Use-Magma
PageType
Memcached
X-From-Cache
X-Thanos
X-APP
X-Served-From
X-Bip
X-Cache-Id
X-NODE
X-Nananana
X-RTag
X-Edge-Server
GeoIP-Country-Code
X-Cache-Info
X-Be
X-SRV
GeoIP-City
GeoIP-Latitude
Ms-Operation-Id
X-Gdpr
Lb
Cdn-Host
X-MP-GENERATED-AT
Cdn-Request-Time
DataCenter
X-Gen-Id
X-Request-Start
Dont-Set-Cookie
X-Proxy-Server
X-Cookie
X-CACHE-KEY
X-GDPR
X-Fastly-Cache-Hits
COMMERCE-SERVER-SOFTWARE
X-Fastly-Backend-Reqs
Memory
X-Dynatrace-Js-Agent
X-Load-Cache
X-WR-MODIFICATION
X-Cache-HT
GW-Server
UCS
Is-Session-Tracking
X-Optimization
Get-Access-Time
X-Env
X-FORWARDED-FOR
X-PJAX-URL
Pics-Label
Who
X-User
X-Swift-Error
X-HS-Status
X-ServedByHost
X-Ver
X-B3-SpanId
Group
X-Cache-FS-Status
V-Cache
X-Cache-Ttl
X-RateLimit-Reset
Cache-Hits
X-Meta-Tbi-Cache-Vertical
Ws
X-NGINX-Cache
URI
X-Ibm-Trace
Accept-Language
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Fe
Cf-Ipcountry
X-Dw-Trace-Id
X-CDN-Pop-IP
X-CDN-Pop
Amp-Access-Control-Allow-Source-Origin
X-ID
X-Bug-Bounty
X-Urbn-Context-Path
X-Li-Pop
NX-Cache
X-Li-Fabric
X-LI-Proto
X-LI-UUID
Xet-Cookie
X-Urbn-Site-Id
X-Shard
X-SB
Locale
AGE-Hash
X-GZIP
X-VC
X-Cache-Debug
X-BBXSRF
Httpd-Identifier
Requestid
X-Content-Encoded-By
X-PF-Uncompressing
Serverid
X-CacheKey
X-Info
N-Cache
X-Wix-Petri-Ex
X-Ratelimit-Remaining
Powered-By
CDN-Node
CDN-Cache-Hit
X-Varnish-Info
X-SVT-ORM-RULES
CDN-Cache
X-SVT-ORM-VERSION
X-Serial
Https
X-Is-Crawler
X-Providence-Cookie
X-Flags
Ohc-File-Size
X-RequestId
X-Litespeed-Cache-Control
X-Route-Name
X-ServerName
X-Grace-Duration
X-StackifyID
X-Akamai-ERRuleID
X-Akamai-ERPolicy
X-Cache-Handler
Version