Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
Last-Modified
Accept-Ranges
Pragma
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
X-XSS-Protection
Expect-CT
Via
X-Cache
Age
Access-Control-Allow-Origin
Content-Security-Policy
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Served-By
X-Amz-Cf-Id
X-Varnish
Referrer-Policy
X-Timer
X-Xss-Protection
CF-Cache-Status
X-FRAME-OPTIONS
X-Request-Id
Access-Control-Allow-Headers
X-AspNet-Version
Access-Control-Allow-Methods
X-Runtime
X-Download-Options
Access-Control-Allow-Credentials
X-Drupal-Cache
X-Cacheable
Alt-Svc
X-Generator
Content-Security-Policy-Report-Only
X-Request-ID
X-Check
X-AspNetMvc-Version
Status
X-Cache-Status
X-Adblock-Key
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Iinfo
X-Permitted-Cross-Domain-Policies
X-Template
Content-Encoding
X-Language
X-Content-Security-Policy
X-Turbo-Charged-By
X-CDN
X-Type
X-Buckets
Keep-Alive
Xkey
X-AH-Environment
X-Backend
X-Cache-Group
WPE-Backend
Access-Control-Max-Age
X-Pass-Why
X-Age
CF-Ray
X-POWERED-BY
X-Server
Upgrade
EagleId
Access-Control-Expose-Headers
X-Via
X-Nginx-Cache-Status
X-Server-Powered-By
X-Drupal-Dynamic-Cache
X-Pingback
X-Varnish-Cache
Grace
X-Hacker
X-Amz-Request-Id
X-Amz-Id-2
X-Swift-CacheTime
X-Swift-SaveTime
X-UA-Device
X-Robots-Tag
Ali-Swift-Global-Savetime
P3p
Cf-Railgun
X-LiteSpeed-Cache
X-Proxy-Cache
X-Envoy-Upstream-Service-Time
X-Ua-Compatible
X-Page-Speed
Request-Context
Content-Location
X-Device
X-Ac
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Node
X-Cnection
X-Host
X-Server-Id
X-Amz-Version-Id
X-Cache-Lookup
Surrogate-Control
X-WebKit-CSP
X-Backend-Server
X-Rack-Cache
X-Rq
X-Response-Time
X-Application-Context
X-Readtime
X-CST
EagleEye-TraceId
Server-Timing
X-Url
Pinterest-Generated-By
X-Cloud-Trace-Context
X-TTL
X-OneAgent-JS-Injection
Request-Id
X-Instart-Request-ID
Report-To
X-Country
X-Px
X-ORACLE-DMS-ECID
X-Clacks-Overhead
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Feature-Policy
Edge-Control
Rating
X-Country-Code
Allow
X-Dns-Prefetch-Control
X-DynaTrace-JS-Agent
X-DataDome
Charset
X-ESI
X-Powered-CMS
X-TtlSet
X-Vname
X-PC
X-Server-Name
X-FTR-Request-ID
X-Origin-Cache
X-DynaTrace
NEL
X-MS-InvokeApp
X-Goog-Hash
X-Recruiting
X-Cached
X-Varnish-TTL
X-Vhost
X-ORACLE-DMS-RID
X-VARITI-CCR
X-GitHub-Request-Id
RTSS
Content-MD5
X-Version
X-F-Cache
X-GoogleNews-Bot
X-Geo-Segment
X-Exp-Id
X-Cdn-Fetch
X-Kinja
X-Exp-Variant
X-Kinja-Revision
X-Kinja-Build
X-Kinja-Server
X-Powered-By-Plesk
Public-Key-Pins
Accept-CH
PB-PID
PB-RID
X-Mobile-Rewrite
Arc-Version
X-Mod-Pagespeed
X-Upstream-Env
Pinterest-Version
X-Pinterest-Rid
X-D2id
Verso
X-Client-IP
SPRequestGuid
MS-Author-Via
X-Abt-Application-Version
X-CF-Powered-By
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Dispatcher
X-N
X-SharePointHealthScore
X-Amz-Rid
AR-ATIME
AR-PoweredBy
Accept-CH-Lifetime
X-Navigation-Version
AR-CACHE
Nginx-Cache
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
DynaTrace
X-T
X-Dw-Request-Base-Id
X-Fastly-Request-ID
X-Trace
Paypal-Debug-Id
X-Upstream
X-Grace
X-Varnish-Age
X-Hits
Arr-Disable-Session-Affinity
TCN
X-Forwarded-Proto
X-Amz-Meta-S3cmd-Attrs
X-DIS-Request-ID
X-Origin-Upstream-Status
X-FastCGI-Cache
X-Id
Permitted-Cross-Domain-Policies
X-HeyJason
X-Do-Not-Hack
X-Pad
X-Shield-Request-Id
SPRequestDuration
SPIisLatency
AR-SID
X-Content-Options
X-Ruxit-JS-Agent
X-Content-Digest
X-NF-Request-ID
X-Cache-Hit
Realpath
X-IPLB-Instance
X-Kinsta-Cache
X-Logged-In
Mrf-Cache-Status
X-Acc-Meta-Resource-Type
X-Mrf-Item-Lastmod
Access-Control-Request-Method
MRF-Tech
X-Mrf-Section-Lastmod
X-B
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Generation
X-SS-Set-Cookie
X-HW
X-Vcap-Request-Id
X-Debug
S
X-Ser
X-MSEdge-Ref
Service-Worker-Allowed
X-NewRelic-App-Data
Server-Name
X-Frontend
X-PressLabs-Stats
X-Wix-Server-Artifact-Id
X-FTR-Backend
X-FTR-Backend-Server
X-FTR-Realm
X-FTR-DC
X-FTR-Balancer
X-FTR-Cache-Status
X-Country-Code-Real
X-Cache-Key
Tracecode
X-XRDS-Location
X-Server-ID
AMP-Access-Control-Allow-Source-Origin
X-Oneagent-Js-Injection
X-FTR-Expires
Rt-Fastcgi-Cache
Fastcgi-Cache
X-Forwarded-For
Surrogate-Key
Eomportal-Instance
Alternate-Protocol
Cleartype
X-Cache-Rule
X-GUploader-UploadID
Cache-Status
Fastly-Restarts
Backend-Timing
X-Analytics
X-Srv
X-XRDS-LOCATION
Host
X-HS-Hub-Id
X-HS-Content-Id
X-Oracle-Dms-Rid
TP-Cache
X-Revision
TP-L2-Cache
X-NWS-LOG-UUID
X-User-Agent
X-Rid
X-VCache
Public-Key-Pins-Report-Only
FilterID
X-Whom
X-FTR-Cache-Host
X-Debug-Info
X-Akam-SW-Version
X-AOL-HN
X-Accel-Buffering
ServerID
X-Cache-2
X-Varnish-Backend
X-Webkit-CSP
X-Via-JSL
X-RateLimit-Remaining
X-Content-Powered-By
X-Cdn
X-TA-CDN-Provider
Accept-Charset
X-Kinja-Server-Push
Front-End-Https
X-Request-Processing-Time
X-Request-Received
X-Mobile
X-Ttl
X-Zen-Fury
Viewport
X-Cached-By
X-Correlation-Id
X-WPE-Loopback-Upstream-Addr
X-Node-Name
X-App-Environment
X-Magnolia-Registration
X-LB-Cache
Liferay-Portal
X-Page-Id
X-Varnish-Hostname
Host-Header
X-Content-Security-Policy-Report-Only
X-Tumblr-Pixel
X-Cluster
X-Tumblr-Pixel-0
X-Tumblr-User
X-Request-Guid
X-TT
X-Akamai-Edgescape
X-Cache-Control
X-Device-Type
X-Framework
X-Handled-By
X-BCube-Filmed-By
X-Instance
Upgrade-Insecure-Requests
X-Signature
X-FB-Debug
X-Platform-Server
X-B-Cache
X-B3-Sampled
Cache-Tag
DC
X-Hostname
X-Cache-Server
X-B3-Traceid
Server-Node
X-Origin-Server
X-TT-TIMESTAMP
MicrosoftSharePointTeamServices
Source
X-Amzn-Trace-Id
Retry-After
X-Servedby
X-Accel-Expires
X-WA-Info
X-Contextid
X-Sol
X-Varnish-Server
Display
X-Middleton-Display
Server-Info
X-Cache-Action
HitInfo
HitType
X-Distil-CS
X-Cache-Operation
X-Port
Content-Script-Type
X-APP-VERSION
Content-Style-Type
Webserver
X-GeoIP
X-Amz-Replication-Status
X-Wix-Request-Id
X-Seen-By
X-Tumblr-Pixel-1
X-S
GEO-INFO
X-Edge-Location
X-Generated-By
AsisCache
X-Tumblr-Pixel-2
X-WebKit-CSP-Report-Only
X-RequestSource
X-Daa-Tunnel
User-Agent
X-Geo-Country
Actual-Object-TTL
X-Jobs
X-Locale
X-Status
Healthy
X-TX-ID
X-Region
X-Edge-Cache-Key
ServedBy
X-Edge-Cache
X-UUID
X-FW-Hash
X-FW-Type
X-FW-Server
X-Response-Served-From
X-FW-Serve
X-Varnish-Hits
X-FW-Static
X-Hyper-Cache
X-Adobe-Loc
X-Adobe-Content
X-Drupal-Cache-Tags
SRV
X-DataStream-Cache-Status
Refresh
X-Fastcgi-Cache
X-Cache-Age
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Varnish-Grace
S-Cnection
Filters
X-Esi
X-ATG-Version
X-Cache-TTL-Remaining
IBM-Web2-Location
X-Amz-Server-Side-Encryption
Response
X-Cache-NE
X-Middleton-Response
NGB
Payment
X-Content-Type
X-Az
X-Activity-Id
Datacenter
X-Newrelic-App-Data
X-AppVersion
X-Pc-Hit
X-Pc-Appver
X-Ruxit-Js-Agent
X-Pc-Key
X-CDN-Forward
X-Cache-Remote
X-Proxied
X-App-Server
X-Cacheable-TTL
X-UA
X-Cache-TTL
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
AR-Request-ID
Country
Edge-Cache-Tag
X-HS-Cache-Config
X-Unique-ID
Served-By
Cache
X-Vg-Webcache
X-Akamai-Transformed
X-Sucuri-ID
X-Detected-As
X-Cache-Var
X-Cache-Var-Map
X-Is-Bot
X-RN-RSRV
X-Varnish-IP
X-Rendered-As
X-Iejgwucgyu
X-RemovedCookies
Machine
Meta-Geo
Load-Balancing
X-ProcessESI
X-Rocket-Nginx-Bypass
X-Mode
X-Proxy
X-FC-Vary-Parameters
X-PCL
X-ServerID
X-ProxyCache-Status
X-Tb
X-Origin
X-ProxyCache-Key
X-Origin-Hint
X-Human
Backend
TWC-GeoIP-LatLong
TWC-Locale-Group
TWC-Privacy
User-Cache-Control
TWC-GeoIP-Country
TWC-Device-Class
DB-Nickname
Mn-Server-Ip
Property-Id
TWC-Connection-Speed
Webcakes-App-Name
Webcakes-App-Version
X-Hosted-By
Access-Control-Allow-Method
X-Rule
X-OCL
X-Grey
X-EIG-Tracking-Id
Webcakes-Region
X-BB-IP
X-BYPASS-REASON
X-Cache-Category-Id
X-Varnish-Cacheable
Cache-Name
X-Access
X-Upgrade-Enabled
X-Varnish-Cache-Hits
Azure-InstanceId
X-Amz-Meta-Surrogate-Control
X-ApacheServer
X-PERF
X-OVcl-Cache
X-OVcl
Azure-RegionName
Azure-SiteName
L5d-Success-Class
X-NodeID
X-Viewer-Country
Now
X-Section
ServerName
Azure-SlotName
Azure-Version
Cache-Key
X-Pubstack
X-Original-Request
X-Format
X-Generated
X-JoinUs
X-Cache-Config
X-Environment-Context
X-Debug-Cache
X-TNCMS
X-CDN-Cache
X-Site-Version
X-Hit
X-Loop
X-L-Path
X-HS-Combine-CSS
X-Timing-Wait
X-VWS-Id
Selected-FE
X-Www-Served-By
X-Ocache
X-SplitTest
S-Rt
X-Via-Fastly
Access-Control-Request-Headers
X-NGENIX-Cache
X-TWH-CORRELATION-ID
X-CCM
X-App-Name
X-AWS-Id
X-Backend-Name
X-LJ-Flow-ID
X-Agile-Age
X-Agile-Id
X-Agile
X-Proxy-Build
X-IP
X-URL
X-Drupal-Cache-Contexts
X-Origin-CC
OT-Force-Account-Verify
X-Source
X-Routing-Service
X-Zipkin-Id
X-Real-IP
X-Xfnlog-Site
X-Nginx-Cache
X-Storage
X-Pc-Date
X-Pc-Host
X-Upstream-CT
X-Akamai-Request-ID
X-Upstream-HT
X-Mrs-Cache-Hits
X-Mrs-Cache
X-Mrs-Age
X-Mshield-Cache-Status
Fastcgi-X-Cache-Version
Fastcgi-Useragent
HostName
Fastcgi-X-Cache
X-Vgn-Hpd-Reason
X-Correlation-ID
X-Litespeed-Cache
Powered-By-ChinaCache
From-Origin
X-RateLimit-Limit
X-Time-Microsecs
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Forwarded-Host
Fastly-SSL
X-Feature
X-NC
X-NCache
X-Internal-Host
X-Distributor
X-Varnish-Beresp-Grace
X-M-Log
X-M-Reqid
X-Release
X-Varnish-Beresp-Status
XServer
X-Qnm-Cache
X-Microcachable
X-UA-Device-Type
Pagespeed
X-Birta-Served
X-Birta-Cache-Post
LB
X-Ms-Version
X-Ms-Request-Id
X-Ms-Lease-Status
X-Ms-Blob-Type
X-Labrador-Cache-Channel
NtCoent-Length
X-PHP-Backend
X-Cache-Backend
X-App-Version
X-VG-TLSProxy
X-Webkit-Csp
Pagetype
X-EdgeConnect-Cache-Status
X-Transaction
X-Connection-Hash
X-Twitter-Response-Tags
X-B3-Spanid
Frame-Options
Time
X-SERVER-NAME
X-C
MIME-Version
Ajk
AKAMAI
NGX
T-Server
Arc-Country
X-Sucuri-Cache
Rendered-Blocks
Fly-Request-Id
Host-ID
IsBot
Meta-Geo-Continent
MD5-Digest
Mobile-Detection-Method
Cache-Prefix
Ec-Rule-Version
Fly-Cache
BehaviorPad-Version
X-B-Cookie
X-PAYTM-SRV-ID
X-Org
X-Redis-Cache
X-Region-Sid
X-Rewrite-Enabled
X-Request-UUID
X-NU-AKA-ACS-Version
X-No-Session
X-IN-SSL-APIGATEWAY
X-IN-APIGATEWAY
X-IN-WAF
X-Irp-Debug
X-Logtrace-Id
X-Rojux
X-S-Cookie
X-Via-CDN
X-VG-WebServer
X-Via-Edge
X-Via-SSL
Xc-Version
X-WebServer
X-UE-Client-Country
X-Trv-Group
X-Server-By
X-ScT
X-Server-Time
X-SIPLIST1
X-SRCache-Key
X-Generation-Time
X-Generated-In
X-A-Wwc
X-A-Dgt
X-Accel-Expires-Debug
X-Application
X-BB-ID
X-ARC
X-A-Dcw
X-A-Dam
VivaBuild
Viewtype
Www
X-A
X-A-Ccd
X-Cache-Bucket
X-CF-Lambda-Fn
X-Dispatcher-Server
X-Died
X-DPWN-IS-SECURE
X-From
X-G
X-Developer
X-Destination
X-CS
X-CF-Lambda-Version
X-CUA
X-D
X-Date
V-Age
Server-Int
Cneonction
X-Web-Node
X-GZip
X-Instance-Name
X-Powered-By-ANYU
PageSpeed
WZWS-RAY
X-HOST
X-NWS-UUID-VERIFY
X-FireWall-Port
X-Amz-Meta-Cache-Control
X-Debug-Cookies
X-Debug-Log
Web-Mar-Node
X-Block-Status
X-Crawler
X-Cache-CFC
X-Core-Value
X-CGP
X-Cache-Enabled
Pragrma
HA-Urlpath
X-V
HA-Servedtime
HA-Ipaddr
HA-Host
Magicmarker
NodeID
Release
Server-Host
X-Eu-Site
Origin-Edge-Control
Origin-Cache-Control
SN
X-Fastly-Cache
X-Store
X-UnsetCookies
X-S-Maxage
X-Request-URI
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Var-Ttl
X-Varnish-Action
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-We-Are-Hiring
X-VServer
X-VCT
X-Platform
X-Phone
X-GeoIP-City
X-Hash
X-Gen-Mode
Ha-Gx-Prefs
X-F5-Cache
X-Hl-Ver
X-Key
X-Origin-TTL
X-Owner
X-NX-Host
X-Node-Id
X-Layer
X-External-Request-Id
X-Hnp-Log
Country-Code
Backend-Name
HA-Georegion
HA-Cloudapp
GMS-Ver
HA-Geolon
HA-Geolat
HA-Geocountry
HA-Geocity
X-Request-Time
X-Webstats-RespID
Cache-Tags
X-ElasticPress-Search
CDCHOST
X-Developers
X-Epic-Correlation-Id
X-Fetched-On
Apple-News-Services-Parsed-Url
X-GeoIP-Country-Code
Apple-News-Services-Request-Url
X-Croise-Owner
X-FW-Version
X-Gannett-Site-Version
Apple-News-Services-Host
X-Cache-URL
X-Backend-TTL
X-Backend-Url
X-Backend-State
X-Backend-Host
X-Actual-URL
Decoy-Debug-Key
Countrycode
X-Cache-Expires
X-Cdn-Srv
X-Clientip
X-Cdn-Origin
Apple-News-Services-Handled
X-Cache-Host
X-Cache-Srv
X-Core-Mission
X-MSEdge-Flight
X-Sf
X-Sn-Servicetimems
X-ServiceProvider
X-Server-IP
X-Returned-From-PostProcessResponse
X-Secret
X-Stale
X-Swa-Ws
X-Up
X-Variation
X-Tumblr-Pixel-3
X-TT-LOGID
X-Thinkindot-L3
X-Trace-Id
X-Returned-From-DLL
X-Returned-From-BeforeDispatch
Decoy-Debug-Status
X-Nginx-Cache-Key
X-MSEdge-Features
X-MI-In-Market
X-Location
X-Matched-Rule
Adler-Geo
X-Passed-To
X-Response-By
X-Returned-From
X-Reboot
X-RCS-CacheZone
X-Passed-To-BeforeDispatch
X-Passed-To-PostProcessResponse
X-HTML-Minification-Powered-By
X-Passed-To-DLL
Proxy-Connection
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
Kp-EeAlive
Platform
On-Server
MI-API
Decoy-Debug-TTL
Odigeo-Trace-Id
Esi-Enabled
MI-Cache
Is-Eu
Request-Country
Uber-Trace-Id
Section-Io-Cache
True-Client-Country-4JS
MI-Cache-Age
Thinkindot-Control
Heartbleed
PFcat
Request-EU
Request-Time
X-ShopId
X-Alternate-Cache-Key
X-Sorting-Hat-PodId
X-Cluster-Node
X-ShardId
X-Sorting-Hat-ShopId
X-Shopify-Stage
X-Fstrz
Server-ID
Fastly-SIE
Resin-Trace
Fastly-Backend-Name
Fastly-SWR
X-Device-Os
ViewerVersion
X-Rebelmouse-Cache-Control
Content-Disposition
X-Servername
HTTPS
X-Policy
X-Skip-Cache
REQUESTUUID
Origin
X-Worker
X-Content-Age
Powered
X-Rebelmouse-Surrogate-Control
X-Alicdn-Da-Ups-Status
X-Ckpd-Fst-Backend
X-Varnish-Beresp-Ttl
X-Dc
X-Ezoic-Cdn
RNT-Time
X-Real-Ip
Sid
ProcessTime
RNT-Machine
Cteonnt-Length
X-CACHE-AGE
RequestId
X-Oss-Hash-Crc64ecma
X-Refresh
X-Pf-Uncompressing
X-Oss-Storage-Class
X-Oss-Request-Id
X-Oss-Object-Type
Xserver
X-Oss-Server-Time
X-B3-TraceId
X-Ua
WP-Super-Cache
X-GEO
Warning
Cache-Cookie-Set-Lfrom
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
Cache-Cookie-Set-Idcheck
X-TIME
Cache-Cookie-Set-From
X-Csrf-Token
X-Planisys-CDN-Cache
X-Proto
X-Newrelic-Synthetics
X-Endurance-Cache-Level
X-Servedbyhost
We-Hiring
X-Req
CACHE
Mail-Subject
CDN
CF-IPCountry
X-Guploader-Uploadid
Hostname
X-Pjax-Url
X-Cache-ASPX
X-Surge-Debug
Ar-Sid
X-GoCache-CacheStatus
Dnion-Transfer-Encoding
X-Varnish-Ttl
X-CSRF-Token
X-Nc
X-Varnish-Beresp-TTL
X-Aed
X-CLOUD-TRACE-CONTEXT
NODE
X-Atg-Version
X-COUNTRY
X-Time
GeoIp-Country-Code
X-Edge-IP
Geoip-Latitude
Pramga
NnCoection
X-Origin-Date
X-Page-Type
TSSecure
X-Server-W
X-Origin-Expires
X-Ms-Lease-State
X-DC
X-Oracle-Dms-Ecid
X-Cache-Control-Set-By
X-Varnish-HitMiss
X-HCF
X-Ratelimit-Limit
X-Cdn-Forward
X-ABtesting
X-WA
SD-X-WS
X-Hello
A
X-Flog
X-Aicache-OS
X-DataStream-Origin-MEX-Latency
X-Varnish-Url
X-DataStream-MidMile-RTT
X-Dynatrace-Js-Agent
X-Server-Group
X-Amz-Cf-Pop
WWW-Authenticate
X-GRACE
MS-CV
X-Datadome
X-Geo
Cdn
Geoip-City
Lfy
Processtime
X-Auto-Login
X-Akamai-Request-ID2
X-UPSTREAM-Address
PICS-Label
FSS-Proxy
Mime-Version
X-Wix-Route-ID
X-Varnish-URL
Node
FSS-Cache
X-Wa
Lb
X-From-Cache
X-Use-Magma
PageType
X-Gdpr
X-Via-NSCOPI
X-APP
X-Edge-Server
X-Sentry-ID
X-PAGE-TYPE
Rt-Proxy-Cache
Cdn-Request-Time
X-Unique-Id
Cdn-Host
X-EC-Security-Audit
X-Nananana
Dont-Set-Cookie
X-Check-Cacheable
GeoIP-Latitude
X-Gen-Id
GeoIP-City
X-Cache-Id
X-SRV
GeoIP-Country-Code
X-RTag
Ms-Operation-Id
X-Served-From
Memcached
X-Cache-Info
X-Thanos
X-CACHE-KEY
X-Bip
X-Cookie
COMMERCE-SERVER-SOFTWARE
X-WR-MODIFICATION
X-GDPR
Get-Access-Time
X-Cache-HT
Is-Session-Tracking
X-Env
X-Be
X-Optimization
X-Proxy-Server
X-Fastly-Backend-Reqs
X-Load-Cache
DataCenter
Who
X-FORWARDED-FOR
X-Fastly-Cache-Hits
X-Request-Start
X-MP-GENERATED-AT
X-Swift-Error
Memory
X-Cache-FS-Status
X-Ver
X-PJAX-URL
X-HS-Status
X-Ratelimit-Remaining
Pics-Label
Cf-Ipcountry
X-Fe
X-Ibm-Trace
GW-Server
UCS
X-B3-SpanId
Ws
Group
X-Cache-Ttl
X-ServedByHost
V-Cache
X-Meta-Tbi-Cache-Vertical
X-RateLimit-Reset
Httpd-Identifier
X-Wix-Petri-Ex
X-User
X-Shard
X-CDN-Pop-IP
X-Dw-Trace-Id
URI
X-CDN-Pop
Amp-Access-Control-Allow-Source-Origin
X-ID
Requestid
X-GZIP
AGE-Hash
Powered-By
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
Cache-Hits
X-SB
X-VC
X-PF-Uncompressing
NX-Cache
X-Bug-Bounty
Xet-Cookie
X-NGINX-Cache
Serverid
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Varnish-Info
X-CacheKey
CDN-Cache
Ohc-File-Size
X-VG-WebCache
N-Cache
X-StackifyID
Version
CDN-Node
CDN-Cache-Hit
X-Path-Route
X-LI-UUID
Accept-Language
X-Urbn-Context-Path
X-LI-Proto
X-Urbn-Site-Id
Locale
X-Li-Fabric
X-Content-Encoded-By
X-Li-Pop
X-BBXSRF
SID
X-Cache-Debug
X-Cache-Handler
X-ServerName
X-Route-Name
X-Akamai-ERPolicy
X-Akamai-ERRuleID
Https
X-Providence-Cookie
X-Is-Crawler
X-RequestId
X-Grace-Duration
X-Litespeed-Cache-Control
X-LiteSpeed-Cache-Control
X-Flags
X-P-T