Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
Last-Modified
Accept-Ranges
Pragma
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
Expect-CT
Via
X-XSS-Protection
X-Cache
Age
Access-Control-Allow-Origin
Content-Security-Policy
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Served-By
X-Amz-Cf-Id
X-Varnish
Referrer-Policy
X-Xss-Protection
X-Timer
CF-Cache-Status
X-FRAME-OPTIONS
Access-Control-Allow-Headers
X-AspNet-Version
X-Request-Id
Access-Control-Allow-Methods
X-Runtime
X-Download-Options
Access-Control-Allow-Credentials
X-Drupal-Cache
X-Cacheable
X-Request-ID
Alt-Svc
X-Generator
Content-Security-Policy-Report-Only
X-Check
X-AspNetMvc-Version
Status
X-Cache-Status
X-Adblock-Key
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Iinfo
X-Permitted-Cross-Domain-Policies
X-Template
Content-Encoding
X-Language
X-Content-Security-Policy
X-Turbo-Charged-By
X-CDN
X-Type
X-Buckets
Keep-Alive
Xkey
X-AH-Environment
X-Cache-Group
X-Backend
Access-Control-Max-Age
WPE-Backend
X-Pass-Why
X-Age
CF-Ray
X-POWERED-BY
Upgrade
X-Server
EagleId
Access-Control-Expose-Headers
X-Via
X-Nginx-Cache-Status
X-Server-Powered-By
X-Drupal-Dynamic-Cache
X-Pingback
X-Varnish-Cache
Grace
X-Amz-Id-2
X-Amz-Request-Id
X-Hacker
X-Swift-CacheTime
X-Swift-SaveTime
X-UA-Device
X-Robots-Tag
Ali-Swift-Global-Savetime
P3p
Cf-Railgun
X-LiteSpeed-Cache
X-Proxy-Cache
X-Envoy-Upstream-Service-Time
X-Ua-Compatible
X-Page-Speed
Request-Context
Content-Location
X-Device
X-Ac
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Cnection
X-Node
X-Amz-Version-Id
X-Host
X-Cache-Lookup
Surrogate-Control
X-Server-Id
X-WebKit-CSP
X-Backend-Server
X-Rq
X-Rack-Cache
X-Response-Time
X-Application-Context
X-Readtime
EagleEye-TraceId
X-CST
Server-Timing
X-Url
Pinterest-Generated-By
X-Cloud-Trace-Context
X-TTL
X-OneAgent-JS-Injection
Request-Id
X-Instart-Request-ID
Report-To
X-Country
X-Px
X-ORACLE-DMS-ECID
X-Clacks-Overhead
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Feature-Policy
Edge-Control
Rating
X-Country-Code
Allow
X-DynaTrace-JS-Agent
X-Dns-Prefetch-Control
X-DataDome
X-ESI
Charset
X-Powered-CMS
X-TtlSet
X-PC
X-Vname
X-Server-Name
X-FTR-Request-ID
X-Origin-Cache
X-DynaTrace
NEL
X-MS-InvokeApp
X-Cached
X-Goog-Hash
X-Recruiting
X-Varnish-TTL
X-Vhost
X-GitHub-Request-Id
X-VARITI-CCR
RTSS
Content-MD5
X-F-Cache
X-Version
X-ORACLE-DMS-RID
X-Geo-Segment
X-Exp-Variant
X-Exp-Id
X-Cdn-Fetch
X-Kinja
X-GoogleNews-Bot
X-Kinja-Revision
X-Kinja-Server
X-Kinja-Build
X-Powered-By-Plesk
Public-Key-Pins
Accept-CH
PB-RID
PB-PID
X-Mobile-Rewrite
Arc-Version
X-D2id
X-Mod-Pagespeed
X-Pinterest-Rid
X-Upstream-Env
Pinterest-Version
Verso
X-Client-IP
MS-Author-Via
SPRequestGuid
X-Abt-Application-Version
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-CF-Powered-By
X-Dispatcher
X-N
X-SharePointHealthScore
X-Amz-Rid
X-Navigation-Version
Accept-CH-Lifetime
Nginx-Cache
AR-PoweredBy
X-TEC-API-ORIGIN
X-TEC-API-VERSION
AR-ATIME
X-TEC-API-ROOT
X-Fastly-Request-ID
X-Trace
X-Dw-Request-Base-Id
DynaTrace
AR-CACHE
X-T
Paypal-Debug-Id
X-Upstream
X-Hits
X-Varnish-Age
Arr-Disable-Session-Affinity
X-Grace
X-Forwarded-Proto
TCN
X-DIS-Request-ID
X-Origin-Upstream-Status
X-Amz-Meta-S3cmd-Attrs
X-Id
X-Ruxit-JS-Agent
X-Pad
SPIisLatency
SPRequestDuration
X-Shield-Request-Id
X-Content-Options
X-Content-Digest
X-NF-Request-ID
Realpath
X-HeyJason
X-Server-ID
X-Do-Not-Hack
Permitted-Cross-Domain-Policies
X-Kinsta-Cache
X-IPLB-Instance
Access-Control-Request-Method
X-Cache-Hit
X-Logged-In
X-Acc-Meta-Resource-Type
Mrf-Cache-Status
X-FastCGI-Cache
X-Mrf-Section-Lastmod
MRF-Tech
X-Mrf-Item-Lastmod
X-B
AR-SID
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-HW
X-Vcap-Request-Id
X-SS-Set-Cookie
X-Debug
X-XRDS-Location
S
X-Ser
Service-Worker-Allowed
X-MSEdge-Ref
X-NewRelic-App-Data
X-Wix-Server-Artifact-Id
Server-Name
X-PressLabs-Stats
X-Frontend
Tracecode
X-FTR-Realm
X-FTR-DC
X-FTR-Backend-Server
X-FTR-Cache-Status
X-Country-Code-Real
X-FTR-Balancer
X-FTR-Backend
X-Oneagent-Js-Injection
X-Cache-Key
X-FTR-Expires
X-Oracle-Dms-Rid
Rt-Fastcgi-Cache
AMP-Access-Control-Allow-Source-Origin
Fastcgi-Cache
Surrogate-Key
X-Forwarded-For
Eomportal-Instance
Fastly-Restarts
Alternate-Protocol
X-Cache-Rule
Cleartype
X-GUploader-UploadID
Cache-Status
X-Analytics
Backend-Timing
X-Srv
Host
X-Revision
TP-Cache
TP-L2-Cache
X-HS-Hub-Id
X-HS-Content-Id
X-Rid
X-Accel-Buffering
X-RateLimit-Remaining
X-Whom
X-TA-CDN-Provider
Public-Key-Pins-Report-Only
X-User-Agent
X-FTR-Cache-Host
FilterID
X-Akam-SW-Version
X-Debug-Info
X-NWS-LOG-UUID
X-AOL-HN
ServerID
X-VCache
X-Cache-2
X-Varnish-Backend
X-XRDS-LOCATION
X-Webkit-CSP
X-Via-JSL
Front-End-Https
Accept-Charset
X-Cdn
X-Content-Powered-By
X-Mobile
X-Kinja-Server-Push
X-Request-Received
X-Request-Processing-Time
X-Zen-Fury
X-WPE-Loopback-Upstream-Addr
X-Ttl
X-Cached-By
Viewport
X-Correlation-Id
X-Node-Name
X-App-Environment
X-Magnolia-Registration
X-LB-Cache
X-Content-Security-Policy-Report-Only
X-Tumblr-User
X-Page-Id
X-Cluster
X-Varnish-Hostname
Host-Header
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-B3-Sampled
X-Framework
X-Device-Type
X-Cache-Control
X-Akamai-Edgescape
X-Handled-By
Liferay-Portal
X-TT
X-Request-Guid
X-Signature
X-B-Cache
X-BCube-Filmed-By
X-FB-Debug
X-Instance
Upgrade-Insecure-Requests
DC
X-Platform-Server
Cache-Tag
X-Cache-Server
X-Hostname
X-B3-Traceid
Server-Node
X-Origin-Server
MicrosoftSharePointTeamServices
X-TT-TIMESTAMP
X-Fastcgi-Cache
Source
X-Amzn-Trace-Id
Display
X-Sol
X-Middleton-Display
Retry-After
X-Accel-Expires
X-Servedby
X-Contextid
X-WA-Info
X-Varnish-Server
HitInfo
Server-Info
HitType
X-Cache-Action
X-Distil-CS
X-Cache-Operation
X-APP-VERSION
Content-Script-Type
X-Wix-Request-Id
X-Seen-By
Content-Style-Type
X-GeoIP
Webserver
X-Port
User-Agent
X-WebKit-CSP-Report-Only
X-Tumblr-Pixel-2
GEO-INFO
X-S
X-Tumblr-Pixel-1
X-RequestSource
X-Amz-Replication-Status
X-Edge-Location
Actual-Object-TTL
X-Jobs
X-Locale
X-Status
X-FW-Serve
X-FW-Hash
X-FW-Static
X-FW-Server
X-UUID
X-Region
X-Response-Served-From
AsisCache
X-FW-Type
X-Generated-By
X-Edge-Cache-Key
X-Edge-Cache
Healthy
X-Adobe-Loc
X-TX-ID
X-Drupal-Cache-Tags
X-Adobe-Content
X-Varnish-Hits
ServedBy
SRV
X-Geo-Country
X-Hyper-Cache
X-Daa-Tunnel
Refresh
X-ATG-Version
X-DataStream-Cache-Status
X-Iejgwucgyu
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Cache-Age
X-Esi
X-Cache-NE
X-Varnish-Grace
X-Middleton-Response
Response
X-Cache-TTL-Remaining
IBM-Web2-Location
Filters
X-Amz-Server-Side-Encryption
S-Cnection
X-Content-Type
NGB
Payment
X-Newrelic-App-Data
Datacenter
X-AppVersion
X-Az
X-Activity-Id
X-Pc-Key
X-Pc-Appver
X-Pc-Hit
X-Webkit-Csp
X-Cache-Remote
X-Proxied
X-CDN-Forward
X-Vg-Webcache
X-Cacheable-TTL
X-Cache-TTL
Country
X-App-Server
X-HS-Cache-Config
Edge-Cache-Tag
X-Kong-Proxy-Latency
Served-By
X-Kong-Upstream-Latency
Cache
X-Unique-ID
X-Sucuri-ID
X-Mode
X-UA
X-Varnish-IP
X-Akamai-Transformed
Machine
Load-Balancing
X-Cache-Var-Map
X-HS-Combine-CSS
X-Is-Bot
Meta-Geo
X-ProcessESI
X-RN-RSRV
X-Rendered-As
X-RemovedCookies
X-Detected-As
X-Cache-Var
X-Proxy
X-Rule
X-Rocket-Nginx-Bypass
AR-Request-ID
X-Ruxit-Js-Agent
X-FC-Vary-Parameters
TWC-Locale-Group
Webcakes-App-Version
TWC-Privacy
Webcakes-App-Name
User-Cache-Control
Mn-Server-Ip
Cache-Name
Backend
Access-Control-Allow-Method
X-Varnish-Cache-Hits
DB-Nickname
Property-Id
TWC-GeoIP-Country
X-ServerID
TWC-Device-Class
TWC-Connection-Speed
TWC-GeoIP-LatLong
X-Tb
Webcakes-Region
X-Origin
X-Origin-Hint
X-BYPASS-REASON
X-Human
X-Hosted-By
X-EIG-Tracking-Id
X-Cache-Category-Id
X-Grey
X-ProxyCache-Status
X-BB-IP
X-OCL
X-Varnish-Cacheable
X-ProxyCache-Key
X-PCL
X-Amz-Meta-Surrogate-Control
Azure-SlotName
X-Format
X-Generated
X-Upgrade-Enabled
X-Hit
Azure-SiteName
X-CDN-Cache
X-Environment-Context
X-Site-Version
X-TNCMS
Azure-InstanceId
Azure-RegionName
X-Viewer-Country
X-Debug-Cache
X-Zipkin-Id
ServerName
X-Access
X-Routing-Service
X-Section
X-OVcl-Cache
X-Original-Request
S-Rt
Now
X-JoinUs
X-OVcl
X-L-Path
X-Loop
X-NodeID
L5d-Success-Class
Azure-Version
X-NGENIX-Cache
X-Agile
X-Agile-Age
X-RateLimit-Limit
X-SplitTest
X-TWH-CORRELATION-ID
X-Timing-Wait
X-Agile-Id
X-ApacheServer
X-Proxy-Build
X-PERF
X-Ocache
X-Pubstack
X-App-Name
X-AWS-Id
X-LJ-Flow-ID
Selected-FE
X-HOST
X-Www-Served-By
X-IP
Access-Control-Request-Headers
X-VWS-Id
OT-Force-Account-Verify
Cache-Key
X-Via-Fastly
X-Backend-Name
X-Origin-CC
X-Cache-Config
X-Drupal-Cache-Contexts
X-CCM
X-URL
HostName
Fastcgi-X-Cache-Version
X-Xfnlog-Site
X-Upstream-HT
Fastcgi-Useragent
Fastcgi-X-Cache
X-Mrs-Age
X-Mrs-Cache-Hits
X-Mshield-Cache-Status
X-Source
X-Mrs-Cache
X-Nginx-Cache
X-Upstream-CT
Powered-By-ChinaCache
X-Real-IP
X-Akamai-Request-ID
X-Pc-Date
X-Pc-Host
X-Storage
X-Correlation-ID
X-Litespeed-Cache
From-Origin
X-Vgn-Hpd-Reason
Pagespeed
X-Forwarded-Host
Fastly-SSL
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Feature
X-NCache
X-Time-Microsecs
X-M-Reqid
X-Qnm-Cache
X-M-Log
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
LB
X-Internal-Host
X-Distributor
NtCoent-Length
X-Ms-Blob-Type
X-Ms-Lease-Status
X-Ms-Version
X-Ms-Request-Id
X-Release
X-NC
X-Labrador-Cache-Channel
X-Microcachable
X-UA-Device-Type
X-Birta-Served
X-Birta-Cache-Post
X-VG-TLSProxy
X-EdgeConnect-Cache-Status
X-App-Version
XServer
X-Cache-Backend
X-B3-Spanid
Pagetype
X-Connection-Hash
X-Transaction
X-Twitter-Response-Tags
Time
Frame-Options
X-PHP-Backend
X-Sucuri-Cache
X-SERVER-NAME
Viewtype
X-BB-ID
Server-Int
X-B-Cookie
X-PAYTM-SRV-ID
X-Cache-Bucket
X-CF-Lambda-Fn
T-Server
V-Age
VivaBuild
X-Org
X-A
X-Server-By
X-A-Dgt
X-A-Wwc
X-Accel-Expires-Debug
X-Application
X-A-Dcw
X-A-Dam
Cneonction
X-ARC
X-A-Ccd
X-CF-Lambda-Version
X-ScT
Www
X-Rojux
Ajk
X-Died
X-Request-UUID
Ec-Rule-Version
WZWS-RAY
X-Powered-By-ANYU
AKAMAI
X-Dispatcher-Server
Cache-Prefix
Arc-Country
X-Region-Sid
X-Redis-Cache
X-DPWN-IS-SECURE
X-NU-AKA-ACS-Version
X-Developer
Fly-Cache
NGX
Mobile-Detection-Method
X-CUA
X-Rewrite-Enabled
X-CS
BehaviorPad-Version
Meta-Geo-Continent
MD5-Digest
X-Destination
Fly-Request-Id
X-Date
X-D
IsBot
Rendered-Blocks
X-S-Cookie
X-IN-APIGATEWAY
X-VG-WebServer
X-IN-SSL-APIGATEWAY
X-Generated-In
X-Via-CDN
X-C
X-From
X-No-Session
X-G
X-Generation-Time
Xc-Version
X-Trv-Group
X-IN-WAF
X-SRCache-Key
X-WebServer
X-Irp-Debug
X-Via-SSL
X-Logtrace-Id
X-Via-Edge
X-UE-Client-Country
X-Server-Time
X-SIPLIST1
X-Web-Node
X-FireWall-Port
X-Instance-Name
X-GZip
X-NWS-UUID-VERIFY
ViewerVersion
X-RateLimit-Limit-Second
X-VServer
X-Platform
X-We-Are-Hiring
Magicmarker
X-Debug-Cookies
Ha-Gx-Prefs
HA-Geocountry
HA-Geolat
HA-Geocity
HA-Cloudapp
GMS-Ver
HA-Geolon
HA-Georegion
HA-Servedtime
HA-Ipaddr
HA-Host
X-Gen-Mode
Host-ID
Pragrma
X-Hnp-Log
X-Amz-Meta-Cache-Control
X-Hl-Ver
X-Hash
X-GeoIP-City
Web-Mar-Node
X-Key
X-Layer
X-Cache-Enabled
X-Origin-TTL
X-Owner
X-Cache-CFC
X-Block-Status
MIME-Version
SN
Origin-Edge-Control
X-Crawler
Origin-Cache-Control
X-Wikidot-Static-Cache
NodeID
X-Core-Value
X-RateLimit-Remaining-Second
X-Phone
Server-Host
X-CGP
X-NX-Host
Release
X-Wikidot-Backend
HA-Urlpath
X-Cluster-Node
X-Eu-Site
X-S-Maxage
X-Node-Id
X-UnsetCookies
X-Request-Time
X-Var-Ttl
Backend-Name
Country-Code
X-Varnish-Action
X-Debug-Log
X-Store
X-External-Request-Id
X-F5-Cache
X-VCT
X-Fastly-Cache
X-Webstats-RespID
X-V
REQUESTUUID
X-MSEdge-Flight
X-Returned-From-PostProcessResponse
X-Passed-To-DLL
X-Passed-To-PostProcessResponse
X-Thinkindot-L3
X-Cdn-Srv
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
X-Policy
X-Returned-From-DLL
Thinkindot-Control
X-Passed-To-BeforeDispatch
X-Trace-Id
X-Epic-Correlation-Id
X-Cdn-Origin
Uber-Trace-Id
X-GeoIP-Country-Code
X-Actual-URL
X-Sf
X-Backend-Url
X-Backend-TTL
X-Backend-State
X-Passed-To
X-Location
X-Cache-Host
X-Cache-Expires
X-Secret
X-Backend-Host
X-Fetched-On
X-MI-In-Market
X-HTML-Minification-Powered-By
X-Swa-Ws
X-Stale
Powered
X-Cache-Srv
X-Sn-Servicetimems
X-Cache-URL
X-MSEdge-Features
X-Tumblr-Pixel-3
Apple-News-Services-Handled
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
MI-API
MI-Cache
X-TT-LOGID
X-Matched-Rule
X-Up
MI-Cache-Age
Kp-EeAlive
X-Nginx-Cache-Key
Countrycode
Esi-Enabled
X-Developers
X-Gannett-Site-Version
X-Reboot
X-Server-IP
X-FW-Version
CDCHOST
Heartbleed
X-Request-URI
Odigeo-Trace-Id
Request-EU
X-Sorting-Hat-ShopId
X-Response-By
X-Clientip
X-RCS-CacheZone
X-Returned-From-BeforeDispatch
Section-Io-Cache
X-Returned-From
X-Alternate-Cache-Key
Request-Country
X-Sorting-Hat-PodId
Proxy-Connection
X-Croise-Owner
X-Shopify-Stage
X-ShopId
X-Core-Mission
Origin
X-ShardId
X-Ua
X-Device-Os
X-ElasticPress-Search
X-Content-Age
X-Ckpd-Fst-Backend
X-Fstrz
Adler-Geo
Fastly-Backend-Name
Decoy-Debug-TTL
PageSpeed
Is-Eu
X-Worker
Decoy-Debug-Status
Decoy-Debug-Key
ProcessTime
X-ServiceProvider
X-Alicdn-Da-Ups-Status
Cache-Tags
X-Variation
On-Server
HTTPS
PFcat
X-Dc
RNT-Machine
RNT-Time
True-Client-Country-4JS
Server-ID
Request-Time
Resin-Trace
Platform
Xserver
X-Varnish-Beresp-Ttl
Sid
X-Skip-Cache
X-Servername
X-CACHE-AGE
X-Ezoic-Cdn
Fastly-SIE
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
Content-Disposition
Fastly-SWR
X-B3-TraceId
X-Real-Ip
X-Csrf-Token
X-Endurance-Cache-Level
Cache-Cookie-Set-Idcheck
RequestId
Ar-Sid
Warning
Cache-Cookie-Set-From
Cache-Cookie-Set-Lfrom
X-TIME
Cteonnt-Length
X-Pf-Uncompressing
X-Req
X-Proto
X-Newrelic-Synthetics
X-GEO
X-Oss-Request-Id
X-Oss-Storage-Class
WP-Super-Cache
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-Oss-Server-Time
X-Refresh
X-Surge-Debug
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
We-Hiring
Mail-Subject
CF-IPCountry
X-Guploader-Uploadid
CACHE
X-Nc
X-Pjax-Url
X-Servedbyhost
CDN
X-Aed
Dnion-Transfer-Encoding
X-Cache-ASPX
X-Varnish-Ttl
X-GoCache-CacheStatus
Pramga
X-Varnish-Beresp-TTL
X-Atg-Version
X-CLOUD-TRACE-CONTEXT
Hostname
X-COUNTRY
TSSecure
X-Edge-IP
X-Time
X-CSRF-Token
NODE
X-Ms-Lease-State
X-Page-Type
Geoip-Latitude
X-Server-W
GeoIp-Country-Code
X-DC
X-Oracle-Dms-Ecid
NnCoection
X-Flog
X-Geo
X-Origin-Expires
X-Origin-Date
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
X-Hello
X-ABtesting
X-Cdn-Forward
X-WA
A
Cdn
X-Varnish-HitMiss
X-HCF
X-Cache-Control-Set-By
X-Varnish-Url
X-Aicache-OS
X-Auto-Login
X-GRACE
Lfy
X-Datadome
X-Amz-Cf-Pop
MS-CV
SD-X-WS
Mime-Version
FSS-Proxy
WWW-Authenticate
FSS-Cache
X-Akamai-Request-ID2
X-Server-Group
X-Ratelimit-Limit
Geoip-City
Node
X-CACHE-KEY
Processtime
X-Wix-Route-ID
X-Wa
PICS-Label
Rt-Proxy-Cache
X-Varnish-URL
X-UPSTREAM-Address
X-Sentry-ID
X-Via-NSCOPI
PageType
X-Use-Magma
X-Unique-Id
X-PAGE-TYPE
X-APP
X-Cache-Id
X-From-Cache
GeoIP-Latitude
GeoIP-Country-Code
X-Check-Cacheable
X-EC-Security-Audit
X-NODE
X-Nananana
X-Thanos
Memcached
X-Cache-Info
X-SRV
GeoIP-City
X-Edge-Server
X-Gdpr
X-Served-From
Cdn-Host
Cdn-Request-Time
Lb
X-Bip
X-Be
Ms-Operation-Id
X-Cookie
Dont-Set-Cookie
X-RTag
X-Gen-Id
X-MP-GENERATED-AT
X-Request-Start
X-GDPR
X-Proxy-Server
COMMERCE-SERVER-SOFTWARE
X-Fastly-Backend-Reqs
X-Dynatrace-Js-Agent
X-Load-Cache
X-WR-MODIFICATION
DataCenter
Amp-Access-Control-Allow-Source-Origin
X-Optimization
X-HS-Status
X-Fastly-Cache-Hits
X-FORWARDED-FOR
X-Env
Memory
Get-Access-Time
X-Cache-HT
Is-Session-Tracking
Pics-Label
X-Swift-Error
GW-Server
Who
UCS
X-PJAX-URL
X-User
X-Cache-FS-Status
X-B3-SpanId
Cf-Ipcountry
X-RateLimit-Reset
V-Cache
Group
X-ServedByHost
X-Cache-Ttl
X-Ver
X-Fe
X-Meta-Tbi-Cache-Vertical
Cache-Hits
X-Ibm-Trace
URI
X-Dw-Trace-Id
X-PF-Uncompressing
X-CDN-Pop-IP
X-CDN-Pop
Ws
X-ID
AGE-Hash
X-Shard
Requestid
X-SB
X-VC
X-Goog-Meta-Goog-Reserved-File-Mtime
X-GZIP
X-Vcache
NX-Cache
Xet-Cookie
X-Bug-Bounty
Httpd-Identifier
Serverid
X-NGINX-Cache
Accept-Language
X-Varnish-Info
X-Urbn-Site-Id
Powered-By
X-Ratelimit-Remaining
N-Cache
X-LI-Proto
X-Urbn-Context-Path
X-Wix-Petri-Ex
X-LI-UUID
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-CacheKey
X-Li-Pop
X-Cache-Debug
X-BBXSRF
X-ServerName
X-Content-Encoded-By
X-Li-Fabric
CDN-Cache
CDN-Cache-Hit
CDN-Node
Locale
X-Cache-Handler
X-RequestId
X-Litespeed-Cache-Control
X-StackifyID
Ohc-File-Size
Version
X-Flags
X-Is-Crawler
X-Akamai-ERRuleID
Https
X-Akamai-ERPolicy
X-Route-Name
X-Providence-Cookie
X-Grace-Duration