Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
Last-Modified
Accept-Ranges
Pragma
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
Expect-CT
Via
X-XSS-Protection
X-Cache
Age
Access-Control-Allow-Origin
Content-Security-Policy
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Served-By
X-Amz-Cf-Id
X-Varnish
Referrer-Policy
X-Xss-Protection
X-Timer
CF-Cache-Status
X-FRAME-OPTIONS
Access-Control-Allow-Headers
X-AspNet-Version
X-Request-Id
Access-Control-Allow-Methods
X-Runtime
X-Download-Options
Access-Control-Allow-Credentials
X-Drupal-Cache
X-Cacheable
Alt-Svc
X-Request-ID
X-Generator
Content-Security-Policy-Report-Only
X-Check
X-AspNetMvc-Version
Status
X-Cache-Status
X-Adblock-Key
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Iinfo
X-Permitted-Cross-Domain-Policies
X-Template
Content-Encoding
X-Language
X-Content-Security-Policy
X-Turbo-Charged-By
X-CDN
X-Type
X-Buckets
Keep-Alive
Xkey
X-AH-Environment
X-Cache-Group
X-Backend
Access-Control-Max-Age
WPE-Backend
X-Pass-Why
X-Age
X-Server
CF-Ray
Upgrade
X-POWERED-BY
EagleId
Access-Control-Expose-Headers
X-Via
X-Nginx-Cache-Status
X-Server-Powered-By
X-Drupal-Dynamic-Cache
X-Pingback
X-Varnish-Cache
Grace
X-Hacker
X-Amz-Request-Id
X-Amz-Id-2
X-Swift-CacheTime
X-Swift-SaveTime
X-UA-Device
X-Robots-Tag
Ali-Swift-Global-Savetime
Cf-Railgun
P3p
X-LiteSpeed-Cache
X-Proxy-Cache
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Ua-Compatible
Request-Context
Content-Location
X-Device
X-Ac
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Cnection
X-Node
X-Amz-Version-Id
X-Host
X-Cache-Lookup
Surrogate-Control
X-Server-Id
X-WebKit-CSP
X-Backend-Server
X-Rq
X-Rack-Cache
X-Response-Time
X-Application-Context
X-Readtime
EagleEye-TraceId
X-CST
Server-Timing
X-Url
Pinterest-Generated-By
X-Cloud-Trace-Context
X-TTL
Request-Id
X-Instart-Request-ID
Report-To
X-OneAgent-JS-Injection
X-Px
X-Country
X-Clacks-Overhead
X-ORACLE-DMS-ECID
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Feature-Policy
Edge-Control
Rating
X-Country-Code
Allow
X-DynaTrace-JS-Agent
X-DataDome
Charset
X-Powered-CMS
X-PC
X-TtlSet
X-Vname
X-Dns-Prefetch-Control
X-FTR-Request-ID
X-ESI
X-Origin-Cache
X-DynaTrace
NEL
X-Server-Name
X-MS-InvokeApp
X-Cached
X-Goog-Hash
X-Recruiting
X-Varnish-TTL
X-Vhost
X-VARITI-CCR
X-GitHub-Request-Id
RTSS
Content-MD5
X-ORACLE-DMS-RID
X-Version
X-F-Cache
X-Cdn-Fetch
X-Kinja
X-Geo-Segment
X-Kinja-Build
X-Kinja-Revision
X-Kinja-Server
X-Exp-Variant
X-GoogleNews-Bot
X-Exp-Id
X-Powered-By-Plesk
Public-Key-Pins
Accept-CH
PB-RID
PB-PID
X-Mobile-Rewrite
Arc-Version
X-Mod-Pagespeed
X-D2id
X-Upstream-Env
Pinterest-Version
X-Pinterest-Rid
Verso
X-Client-IP
MS-Author-Via
X-Abt-Application-Version
SPRequestGuid
X-CF-Powered-By
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Dispatcher
X-N
X-SharePointHealthScore
X-Amz-Rid
AR-ATIME
AR-PoweredBy
X-Navigation-Version
Accept-CH-Lifetime
Nginx-Cache
AR-CACHE
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Dw-Request-Base-Id
X-T
X-Fastly-Request-ID
X-Trace
DynaTrace
Paypal-Debug-Id
X-Grace
X-Upstream
X-Varnish-Age
X-Hits
Arr-Disable-Session-Affinity
TCN
X-Forwarded-Proto
X-Origin-Upstream-Status
X-DIS-Request-ID
X-Id
X-Pad
X-Amz-Meta-S3cmd-Attrs
SPIisLatency
SPRequestDuration
X-Shield-Request-Id
X-FastCGI-Cache
X-Do-Not-Hack
X-HeyJason
X-Ruxit-JS-Agent
Permitted-Cross-Domain-Policies
X-Content-Options
AR-SID
X-Content-Digest
Realpath
X-NF-Request-ID
X-Cache-Hit
X-Kinsta-Cache
X-IPLB-Instance
Access-Control-Request-Method
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
X-Acc-Meta-Resource-Type
MRF-Tech
Mrf-Cache-Status
X-Logged-In
X-B
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Server-ID
X-Goog-Stored-Content-Length
X-HW
X-SS-Set-Cookie
X-Vcap-Request-Id
X-Oneagent-Js-Injection
X-Debug
S
Service-Worker-Allowed
X-MSEdge-Ref
X-Ser
X-XRDS-Location
X-Wix-Server-Artifact-Id
Server-Name
X-PressLabs-Stats
X-Frontend
X-FTR-Cache-Status
X-FTR-Balancer
X-Country-Code-Real
X-FTR-Realm
X-FTR-DC
X-Cache-Key
X-FTR-Backend
Tracecode
X-FTR-Backend-Server
X-NewRelic-App-Data
AMP-Access-Control-Allow-Source-Origin
X-FTR-Expires
Rt-Fastcgi-Cache
Fastcgi-Cache
Surrogate-Key
X-GUploader-UploadID
X-Oracle-Dms-Rid
Eomportal-Instance
Alternate-Protocol
Fastly-Restarts
X-Forwarded-For
X-Cache-Rule
Cleartype
Cache-Status
Backend-Timing
X-Analytics
Host
X-HS-Hub-Id
X-HS-Content-Id
TP-L2-Cache
TP-Cache
X-Revision
X-VCache
X-Rid
X-User-Agent
X-Whom
Public-Key-Pins-Report-Only
X-RateLimit-Remaining
FilterID
X-XRDS-LOCATION
X-FTR-Cache-Host
X-Accel-Buffering
X-Srv
X-Debug-Info
X-Akam-SW-Version
X-NWS-LOG-UUID
ServerID
X-AOL-HN
X-TA-CDN-Provider
X-Cache-2
X-Varnish-Backend
X-Via-JSL
Accept-Charset
X-Content-Powered-By
Front-End-Https
X-Mobile
X-Request-Processing-Time
X-Request-Received
X-Webkit-CSP
X-Zen-Fury
X-Cdn
X-Kinja-Server-Push
Viewport
X-Cached-By
X-Ttl
X-WPE-Loopback-Upstream-Addr
X-Node-Name
X-B3-Traceid
X-App-Environment
X-Magnolia-Registration
X-LB-Cache
X-Correlation-Id
Liferay-Portal
X-Cluster
X-Content-Security-Policy-Report-Only
X-Page-Id
X-Varnish-Hostname
Host-Header
X-Request-Guid
X-B3-Sampled
X-Cache-Control
X-Device-Type
X-Handled-By
X-Framework
X-TT
X-Tumblr-User
X-Tumblr-Pixel-0
X-Akamai-Edgescape
X-Tumblr-Pixel
Upgrade-Insecure-Requests
X-BCube-Filmed-By
X-FB-Debug
X-Platform-Server
X-Instance
DC
X-B-Cache
X-Signature
Cache-Tag
X-Cache-Server
X-Hostname
Server-Node
X-Origin-Server
X-TT-TIMESTAMP
MicrosoftSharePointTeamServices
Source
X-Amzn-Trace-Id
X-Sol
X-Middleton-Display
Retry-After
Display
X-Accel-Expires
X-Contextid
X-Servedby
X-WA-Info
X-APP-VERSION
X-Varnish-Server
HitInfo
X-Cache-Action
HitType
Server-Info
X-Distil-CS
X-Cache-Operation
X-Esi
X-Seen-By
X-Port
X-Wix-Request-Id
Content-Style-Type
Content-Script-Type
X-GeoIP
Webserver
X-Tumblr-Pixel-1
X-Generated-By
X-WebKit-CSP-Report-Only
X-Fastcgi-Cache
GEO-INFO
X-Tumblr-Pixel-2
X-RequestSource
X-Amz-Replication-Status
X-Edge-Location
X-S
Actual-Object-TTL
User-Agent
X-Jobs
Healthy
X-Status
X-Locale
X-FW-Hash
X-FW-Static
X-FW-Server
X-Edge-Cache-Key
X-FW-Serve
X-FW-Type
X-Geo-Country
AsisCache
X-UUID
X-Region
X-Response-Served-From
X-Edge-Cache
X-Varnish-Hits
X-Adobe-Content
X-TX-ID
X-Adobe-Loc
ServedBy
X-Drupal-Cache-Tags
X-Hyper-Cache
SRV
X-Daa-Tunnel
Refresh
X-DataStream-Cache-Status
X-Newrelic-App-Data
X-ATG-Version
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Varnish-Grace
X-Middleton-Response
Response
X-Cache-TTL-Remaining
IBM-Web2-Location
X-Cache-NE
X-Iejgwucgyu
Filters
X-Cache-Age
X-Amz-Server-Side-Encryption
S-Cnection
X-CDN-Forward
NGB
X-Content-Type
Payment
X-AppVersion
X-Az
X-Activity-Id
Datacenter
X-Proxied
X-Pc-Key
X-Pc-Hit
X-Pc-Appver
X-Cache-Remote
X-Ruxit-Js-Agent
X-Cache-TTL
X-App-Server
X-Cacheable-TTL
X-Vg-Webcache
Country
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
Served-By
Cache
X-HS-Cache-Config
X-UA
X-Unique-ID
AR-Request-ID
Edge-Cache-Tag
X-Sucuri-ID
X-Mode
X-Akamai-Transformed
X-Varnish-IP
X-Detected-As
X-RemovedCookies
Meta-Geo
X-RN-RSRV
X-Rendered-As
Machine
X-ProcessESI
X-Cache-Var-Map
Load-Balancing
X-Is-Bot
X-Cache-Var
X-Proxy
X-FC-Vary-Parameters
X-Rocket-Nginx-Bypass
Webcakes-App-Version
X-Amz-Meta-Surrogate-Control
Webcakes-Region
X-BYPASS-REASON
X-PCL
X-Hosted-By
Webcakes-App-Name
X-BB-IP
TWC-GeoIP-LatLong
Access-Control-Allow-Method
X-Varnish-Cache-Hits
Mn-Server-Ip
Backend
X-Rule
DB-Nickname
Cache-Name
Property-Id
TWC-Connection-Speed
X-ProxyCache-Key
TWC-Privacy
TWC-Locale-Group
TWC-GeoIP-Country
X-ProxyCache-Status
TWC-Device-Class
User-Cache-Control
X-Cache-Category-Id
X-Origin
X-Tb
X-Grey
X-Origin-Hint
X-Varnish-Cacheable
X-ServerID
X-OCL
X-EIG-Tracking-Id
X-Human
X-JoinUs
ServerName
X-Hit
X-OVcl
X-Debug-Cache
X-OVcl-Cache
X-L-Path
X-Original-Request
S-Rt
X-Loop
Azure-InstanceId
Azure-SlotName
Azure-RegionName
X-NodeID
X-Generated
X-Zipkin-Id
Now
Azure-Version
Azure-SiteName
X-Viewer-Country
X-Environment-Context
X-TNCMS
X-HS-Combine-CSS
X-Format
X-Site-Version
X-Section
L5d-Success-Class
X-Routing-Service
X-CDN-Cache
X-Upgrade-Enabled
X-Access
X-NGENIX-Cache
X-PERF
X-IP
X-Ocache
X-Cache-Config
X-LJ-Flow-ID
X-AWS-Id
X-Agile-Age
X-Pubstack
X-Agile
X-Proxy-Build
X-TWH-CORRELATION-ID
X-VWS-Id
X-Agile-Id
X-ApacheServer
X-Via-Fastly
X-Timing-Wait
X-Www-Served-By
X-App-Name
Selected-FE
X-SplitTest
Cache-Key
Access-Control-Request-Headers
X-Backend-Name
X-CCM
X-Drupal-Cache-Contexts
OT-Force-Account-Verify
X-Origin-CC
X-Correlation-ID
X-Source
X-Real-IP
X-HOST
X-Xfnlog-Site
X-Nginx-Cache
X-URL
X-Pc-Host
X-Pc-Date
Pagespeed
X-Upstream-CT
X-Upstream-HT
X-Akamai-Request-ID
HostName
X-Mrs-Cache
X-Mrs-Cache-Hits
X-Mrs-Age
Fastcgi-X-Cache
X-RateLimit-Limit
Fastcgi-Useragent
Fastcgi-X-Cache-Version
X-Mshield-Cache-Status
Powered-By-ChinaCache
X-Storage
X-Vgn-Hpd-Reason
From-Origin
X-NC
X-Forwarded-Host
X-Litespeed-Cache
X-Amz-Apigw-Id
X-Amzn-RequestId
Fastly-SSL
X-SERVER-NAME
X-NCache
X-Time-Microsecs
X-Internal-Host
X-M-Reqid
X-M-Log
X-Qnm-Cache
X-Feature
X-Microcachable
X-Varnish-Beresp-Status
X-Distributor
X-Varnish-Beresp-Grace
X-UA-Device-Type
LB
X-Labrador-Cache-Channel
X-Birta-Served
XServer
X-Birta-Cache-Post
X-Release
X-Ms-Blob-Type
Pagetype
X-Ms-Lease-Status
NtCoent-Length
X-Ms-Request-Id
X-Ms-Version
X-VG-TLSProxy
X-Cache-Backend
X-B3-Spanid
X-EdgeConnect-Cache-Status
X-PHP-Backend
X-Twitter-Response-Tags
X-Transaction
X-Webkit-Csp
X-Connection-Hash
MIME-Version
Frame-Options
Time
X-C
X-Sucuri-Cache
V-Age
Server-Int
X-Application
X-Server-Time
T-Server
X-Instance-Name
X-Redis-Cache
X-Region-Sid
X-GZip
Cneonction
X-SIPLIST1
X-ARC
VivaBuild
Www
X-Via-CDN
X-SRCache-Key
Fly-Request-Id
X-From
X-VG-WebServer
Viewtype
X-ScT
Fly-Cache
X-CUA
X-D
AKAMAI
Ajk
X-CS
X-CF-Lambda-Version
X-Trv-Group
Cache-Prefix
BehaviorPad-Version
Arc-Country
X-Date
X-CF-Lambda-Fn
X-UE-Client-Country
X-Powered-By-ANYU
WZWS-RAY
X-S-Cookie
X-Dispatcher-Server
X-Server-By
X-Destination
X-Developer
Ec-Rule-Version
X-Died
X-DPWN-IS-SECURE
X-PAYTM-SRV-ID
X-No-Session
X-NU-AKA-ACS-Version
X-IN-WAF
X-Generated-In
X-Generation-Time
X-Cache-Bucket
X-Rewrite-Enabled
X-Logtrace-Id
X-WebServer
Rendered-Blocks
Host-ID
Xc-Version
X-BB-ID
X-IN-APIGATEWAY
NGX
X-A-Wwc
X-IN-SSL-APIGATEWAY
X-Accel-Expires-Debug
Mobile-Detection-Method
X-A-Dgt
IsBot
MD5-Digest
Meta-Geo-Continent
X-B-Cookie
X-A-Dcw
X-Rojux
X-A-Dam
X-A-Ccd
X-Irp-Debug
X-Org
X-G
X-Via-Edge
X-Via-SSL
X-A
X-Web-Node
X-Request-UUID
X-FireWall-Port
Server-Host
Magicmarker
Ha-Gx-Prefs
Web-Mar-Node
Country-Code
X-Block-Status
Origin-Edge-Control
X-CGP
HA-Host
Pragrma
HA-Ipaddr
HA-Georegion
SN
HA-Geocountry
HA-Geolat
GMS-Ver
X-Cache-CFC
HA-Geocity
HA-Cloudapp
Origin-Cache-Control
X-Cache-Enabled
Release
NodeID
X-Core-Value
HA-Servedtime
HA-Urlpath
X-Amz-Meta-Cache-Control
X-Store
HA-Geolon
X-VCT
X-Origin-TTL
X-V
X-VServer
X-We-Are-Hiring
X-Owner
X-Varnish-Action
X-External-Request-Id
X-F5-Cache
X-Fastly-Cache
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-Hl-Ver
X-Hnp-Log
X-Key
X-Layer
X-Node-Id
X-Hash
X-Gen-Mode
X-GeoIP-City
X-NX-Host
X-Eu-Site
X-S-Maxage
X-RateLimit-Limit-Second
X-Platform
X-Request-Time
X-Debug-Log
X-Debug-Cookies
X-Crawler
Backend-Name
X-Phone
X-RateLimit-Remaining-Second
X-Var-Ttl
X-UnsetCookies
X-App-Version
X-NWS-UUID-VERIFY
X-Webstats-RespID
ViewerVersion
X-MSEdge-Features
X-Passed-To-BeforeDispatch
Uber-Trace-Id
X-Returned-From
X-Reboot
X-MI-In-Market
X-Actual-URL
X-Nginx-Cache-Key
X-Request-URI
X-Sf
X-Passed-To-PostProcessResponse
X-Passed-To
X-RCS-CacheZone
X-Response-By
X-Passed-To-DLL
X-Matched-Rule
X-MSEdge-Flight
X-Backend-Url
X-Server-IP
X-Cache-Host
X-Cache-Expires
X-Secret
X-Epic-Correlation-Id
X-Cache-Srv
X-Developers
X-Croise-Owner
X-Clientip
X-Cdn-Srv
X-Cdn-Origin
X-Cache-URL
X-Fetched-On
Thinkindot-Control
X-Backend-Host
X-Backend-State
X-HTML-Minification-Powered-By
X-Returned-From-DLL
X-Returned-From-BeforeDispatch
X-Returned-From-PostProcessResponse
X-Backend-TTL
X-FW-Version
X-Gannett-Site-Version
X-GeoIP-Country-Code
X-Core-Mission
X-Location
X-Swa-Ws
X-Trace-Id
Countrycode
X-TT-LOGID
CDCHOST
Apple-News-Services-Request-Url
Esi-Enabled
X-Thinkindot-L3
Kp-EeAlive
MI-API
X-Stale
Is-Eu
Heartbleed
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
X-Alternate-Cache-Key
X-ShardId
Thinkindot-CacheControl-Type
X-Cluster-Node
X-Variation
X-ShopId
X-Shopify-Stage
Adler-Geo
Apple-News-Services-Handled
X-Tumblr-Pixel-3
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
MI-Cache
X-Up
Platform
Thinkindot-CacheControl
MI-Cache-Age
Section-Io-Cache
Proxy-Connection
Request-EU
Request-Country
PFcat
X-Sn-Servicetimems
Origin
Odigeo-Trace-Id
X-CACHE-AGE
RNT-Time
X-Servername
X-Device-Os
X-Policy
X-ServiceProvider
Server-ID
REQUESTUUID
Powered
X-Varnish-Beresp-Ttl
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
True-Client-Country-4JS
Resin-Trace
X-ElasticPress-Search
Sid
X-Worker
X-Fstrz
RNT-Machine
Decoy-Debug-Status
HTTPS
On-Server
Decoy-Debug-TTL
Fastly-Backend-Name
Fastly-SWR
Fastly-SIE
X-Alicdn-Da-Ups-Status
Content-Disposition
Decoy-Debug-Key
Cache-Tags
Request-Time
X-Ckpd-Fst-Backend
X-Content-Age
X-Ua
X-Ezoic-Cdn
X-Skip-Cache
ProcessTime
Xserver
X-Oracle-Dms-Ecid
X-Dc
Cteonnt-Length
RequestId
X-Pf-Uncompressing
X-Real-Ip
X-TIME
PageSpeed
X-Csrf-Token
Warning
Cache-Cookie-Set-Idcheck
CF-IPCountry
Cache-Cookie-Set-From
X-Proto
X-Oss-Server-Time
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Oss-Storage-Class
Cache-Cookie-Set-Lfrom
X-Endurance-Cache-Level
X-Oss-Request-Id
WP-Super-Cache
CDN
We-Hiring
X-Planisys-CDN-TTL
X-Refresh
X-Planisys-CDN-Rules
X-Servedbyhost
X-Planisys-CDN-Cache
Mail-Subject
X-Req
X-Newrelic-Synthetics
X-Surge-Debug
X-GEO
CACHE
Hostname
X-Pjax-Url
X-Cache-ASPX
X-B3-TraceId
Ar-Sid
Dnion-Transfer-Encoding
X-GoCache-CacheStatus
X-Aed
X-Varnish-Ttl
X-Nc
X-CSRF-Token
Pramga
X-Varnish-Beresp-TTL
X-Edge-IP
NODE
X-Atg-Version
X-CLOUD-TRACE-CONTEXT
X-DC
X-COUNTRY
X-Geo
X-Time
GeoIp-Country-Code
TSSecure
X-Server-W
Geoip-Latitude
NnCoection
X-Guploader-Uploadid
X-Origin-Date
X-Ms-Lease-State
X-Page-Type
X-Origin-Expires
X-Hello
X-Varnish-HitMiss
X-DataStream-Origin-MEX-Latency
X-ABtesting
X-Flog
X-DataStream-MidMile-RTT
X-Aicache-OS
X-Cache-Control-Set-By
X-HCF
MS-CV
X-Ratelimit-Limit
X-WA
SD-X-WS
X-Varnish-Url
A
X-Akamai-Request-ID2
WWW-Authenticate
X-GRACE
Lfy
X-Server-Group
X-Datadome
X-Amz-Cf-Pop
X-Auto-Login
X-Cdn-Forward
Cdn
Geoip-City
FSS-Cache
FSS-Proxy
Processtime
X-UPSTREAM-Address
Mime-Version
X-Varnish-URL
Node
X-SRV
X-Wix-Route-ID
PICS-Label
X-Wa
X-From-Cache
X-Sentry-ID
Lb
X-Via-NSCOPI
X-PAGE-TYPE
Rt-Proxy-Cache
X-Use-Magma
GeoIP-Country-Code
X-Gdpr
X-Unique-Id
X-Cache-Id
X-Edge-Server
GeoIP-Latitude
Cdn-Host
Cdn-Request-Time
X-EC-Security-Audit
X-Check-Cacheable
X-APP
X-FORWARDED-FOR
X-NODE
X-RTag
X-Nananana
Dont-Set-Cookie
Ms-Operation-Id
X-Bip
X-Cache-Info
GeoIP-City
X-Served-From
X-Gen-Id
PageType
Memcached
X-Thanos
COMMERCE-SERVER-SOFTWARE
X-Cookie
X-CACHE-KEY
X-WR-MODIFICATION
X-Env
X-Cache-HT
X-Be
X-GDPR
X-Fastly-Cache-Hits
X-Proxy-Server
X-MP-GENERATED-AT
X-Request-Start
X-Fastly-Backend-Reqs
Get-Access-Time
X-Optimization
Is-Session-Tracking
X-Dynatrace-Js-Agent
DataCenter
X-Load-Cache
X-PJAX-URL
X-HS-Status
Who
X-Swift-Error
Pics-Label
X-Cache-FS-Status
GW-Server
X-Ver
Memory
X-Fe
Group
X-Cache-Ttl
X-B3-SpanId
V-Cache
X-Ibm-Trace
X-RateLimit-Reset
X-User
X-Meta-Tbi-Cache-Vertical
Ws
UCS
X-ServedByHost
X-CDN-Pop-IP
URI
X-Shard
Httpd-Identifier
X-CDN-Pop
X-Wix-Petri-Ex
Cache-Hits
X-Dw-Trace-Id
Cf-Ipcountry
X-ID
Amp-Access-Control-Allow-Source-Origin
X-SVT-ORM-RULES
Requestid
X-SVT-ORM-VERSION
Powered-By
X-Goog-Meta-Goog-Reserved-File-Mtime
NX-Cache
X-PF-Uncompressing
X-Bug-Bounty
Xet-Cookie
AGE-Hash
X-SB
X-VC
X-GZIP
Serverid
Accept-Language
X-NGINX-Cache
Locale
Version
X-StackifyID
X-BBXSRF
Ohc-File-Size
X-Cache-Debug
X-Urbn-Context-Path
X-Urbn-Site-Id
X-LI-UUID
X-LI-Proto
X-Li-Fabric
X-Li-Pop
X-CacheKey
N-Cache
CDN-Node
X-Varnish-Info
X-Ratelimit-Remaining
CDN-Cache
CDN-Cache-Hit
X-Path-Route
X-Route-Name
X-Providence-Cookie
X-ServerName
X-Akamai-ERPolicy
X-Content-Encoded-By
Https
X-BE
X-Akamai-ERRuleID
X-P-T
X-Cache-Handler
X-Grace-Duration
X-Litespeed-Cache-Control
X-LiteSpeed-Cache-Control
X-Flags
X-RequestId
X-Is-Crawler