Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
Last-Modified
Accept-Ranges
Pragma
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
Expect-CT
Via
X-XSS-Protection
X-Cache
Age
Access-Control-Allow-Origin
Content-Security-Policy
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Served-By
X-Amz-Cf-Id
X-Varnish
Referrer-Policy
X-Xss-Protection
X-Timer
CF-Cache-Status
X-FRAME-OPTIONS
Access-Control-Allow-Headers
X-AspNet-Version
Access-Control-Allow-Methods
X-Request-Id
X-Runtime
X-Download-Options
Access-Control-Allow-Credentials
X-Drupal-Cache
X-Request-ID
X-Cacheable
Alt-Svc
X-Generator
Content-Security-Policy-Report-Only
X-Check
X-AspNetMvc-Version
X-Adblock-Key
Status
X-Cache-Status
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Permitted-Cross-Domain-Policies
X-Template
X-Language
X-Iinfo
Content-Encoding
X-Content-Security-Policy
X-Turbo-Charged-By
X-CDN
X-Buckets
X-Type
Keep-Alive
Xkey
X-AH-Environment
X-Cache-Group
WPE-Backend
X-Pass-Why
X-Backend
Access-Control-Max-Age
X-Age
CF-Ray
X-POWERED-BY
Upgrade
X-Server
Access-Control-Expose-Headers
EagleId
X-Via
X-Nginx-Cache-Status
X-Server-Powered-By
X-Drupal-Dynamic-Cache
X-Pingback
X-Varnish-Cache
X-Amz-Id-2
X-Amz-Request-Id
X-Hacker
Grace
X-UA-Device
X-Swift-SaveTime
X-Swift-CacheTime
X-Robots-Tag
Ali-Swift-Global-Savetime
P3p
Cf-Railgun
X-LiteSpeed-Cache
X-Proxy-Cache
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Ua-Compatible
Request-Context
Content-Location
X-Device
X-Ac
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Cnection
X-Amz-Version-Id
X-Host
X-Server-Id
X-Node
X-Cache-Lookup
Surrogate-Control
X-Backend-Server
X-Rq
X-Response-Time
X-Rack-Cache
X-Readtime
X-Application-Context
X-WebKit-CSP
EagleEye-TraceId
X-OneAgent-JS-Injection
Server-Timing
X-Cloud-Trace-Context
X-Url
Pinterest-Generated-By
X-CST
Report-To
Request-Id
X-TTL
X-Instart-Request-ID
X-Country
X-ORACLE-DMS-ECID
X-Px
X-Clacks-Overhead
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Feature-Policy
Edge-Control
X-Country-Code
Rating
Allow
X-Dns-Prefetch-Control
X-DataDome
X-ESI
X-Powered-CMS
X-Vname
X-TtlSet
X-PC
NEL
X-FTR-Request-ID
Charset
X-Server-Name
X-DynaTrace-JS-Agent
X-Origin-Cache
X-DynaTrace
X-MS-InvokeApp
X-Cached
X-Vhost
X-Goog-Hash
X-GitHub-Request-Id
X-Recruiting
X-VARITI-CCR
X-Varnish-TTL
RTSS
X-Version
X-F-Cache
Content-MD5
X-Cdn-Fetch
X-Exp-Variant
X-Exp-Id
X-Kinja
X-Geo-Segment
X-GoogleNews-Bot
X-Kinja-Build
X-Kinja-Revision
X-Kinja-Server
X-Powered-By-Plesk
Accept-CH
Public-Key-Pins
PB-RID
X-Mobile-Rewrite
PB-PID
X-D2id
Arc-Version
X-Mod-Pagespeed
MS-Author-Via
Verso
X-Client-IP
X-Upstream-Env
X-Abt-Application-Version
Pinterest-Version
X-Pinterest-Rid
X-Dispatcher
SPRequestGuid
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-SharePointHealthScore
X-N
X-Ruxit-JS-Agent
X-ORACLE-DMS-RID
X-Amz-Rid
Nginx-Cache
X-CF-Powered-By
X-Navigation-Version
Accept-CH-Lifetime
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-Dw-Request-Base-Id
X-Trace
X-Fastly-Request-ID
Paypal-Debug-Id
X-Forwarded-Proto
X-T
X-DIS-Request-ID
X-Origin-Upstream-Status
X-Hits
X-Varnish-Age
DynaTrace
X-Upstream
SPIisLatency
SPRequestDuration
Arr-Disable-Session-Affinity
X-Amz-Meta-S3cmd-Attrs
TCN
X-Id
AR-PoweredBy
AR-ATIME
X-Oracle-Dms-Rid
X-Grace
X-Shield-Request-Id
X-Pad
AR-CACHE
X-Content-Options
X-Content-Digest
Realpath
X-NF-Request-ID
X-Server-ID
X-HW
Access-Control-Request-Method
MRF-Tech
X-Kinsta-Cache
Mrf-Cache-Status
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
X-IPLB-Instance
X-Acc-Meta-Resource-Type
X-Cache-Hit
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Logged-In
X-B
X-Vcap-Request-Id
X-Debug
X-SS-Set-Cookie
X-Wix-Server-Artifact-Id
X-XRDS-Location
X-NewRelic-App-Data
X-FastCGI-Cache
X-Ser
Service-Worker-Allowed
S
Tracecode
X-MSEdge-Ref
Server-Name
X-PressLabs-Stats
X-FTR-Backend
X-Frontend
X-Country-Code-Real
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-Realm
X-FTR-DC
X-FTR-Cache-Status
AMP-Access-Control-Allow-Source-Origin
Fastly-Restarts
X-Cache-Key
X-FTR-Expires
Rt-Fastcgi-Cache
X-Accel-Buffering
X-Forwarded-For
Surrogate-Key
Fastcgi-Cache
AR-SID
Alternate-Protocol
Eomportal-Instance
Backend-Timing
X-Cache-Rule
X-Analytics
X-HS-Content-Id
X-HS-Hub-Id
Host
TP-Cache
TP-L2-Cache
Cleartype
X-Rid
X-Revision
Cache-Status
X-Srv
FilterID
Public-Key-Pins-Report-Only
X-FTR-Cache-Host
X-User-Agent
X-Debug-Info
X-Whom
Front-End-Https
X-Akam-SW-Version
X-HeyJason
Permitted-Cross-Domain-Policies
X-Do-Not-Hack
ServerID
X-Mobile
X-Webkit-Csp
X-XRDS-LOCATION
X-AOL-HN
Accept-Charset
X-Varnish-Backend
X-Webkit-CSP
X-RateLimit-Remaining
X-TA-CDN-Provider
X-Cdn
X-Cache-2
X-Iejgwucgyu
X-Kinja-Server-Push
X-Via-JSL
X-Request-Processing-Time
X-VCache
X-GUploader-UploadID
X-Request-Received
X-Zen-Fury
X-Content-Powered-By
X-NWS-LOG-UUID
X-Oneagent-Js-Injection
X-Cached-By
X-Ttl
X-Correlation-Id
X-WPE-Loopback-Upstream-Addr
X-App-Environment
X-LB-Cache
Viewport
X-Cluster
Host-Header
X-Node-Name
X-Tumblr-Pixel
X-Cache-Control
X-Page-Id
X-Varnish-Hostname
X-Tumblr-Pixel-0
X-Magnolia-Registration
X-Tumblr-User
X-Handled-By
X-Device-Type
X-Request-Guid
X-TT
X-Akamai-Edgescape
X-Framework
X-BCube-Filmed-By
X-B-Cache
X-Platform-Server
X-Content-Security-Policy-Report-Only
X-FB-Debug
Upgrade-Insecure-Requests
X-Signature
X-B3-Sampled
X-Instance
Liferay-Portal
Cache-Tag
DC
X-Fastcgi-Cache
X-Sol
Display
X-Middleton-Display
X-Amzn-Trace-Id
X-Cache-Server
X-Hostname
MicrosoftSharePointTeamServices
X-Origin-Server
Server-Node
X-TT-TIMESTAMP
X-Accel-Expires
X-Varnish-Server
Source
Retry-After
X-WA-Info
X-B3-Traceid
X-Distil-CS
X-Contextid
X-Servedby
Server-Info
HitType
HitInfo
X-Wix-Request-Id
X-Seen-By
X-Cache-Action
Content-Script-Type
Content-Style-Type
X-Edge-Location
X-Cache-Operation
X-Amz-Replication-Status
X-GeoIP
Webserver
X-S
X-RequestSource
User-Agent
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
SRV
X-WebKit-CSP-Report-Only
Actual-Object-TTL
X-Jobs
X-Locale
X-Status
GEO-INFO
X-Generated-By
X-FW-Server
X-FW-Hash
X-FW-Static
AsisCache
X-Edge-Cache
X-Edge-Cache-Key
X-FW-Serve
X-FW-Type
X-Region
X-Response-Served-From
X-ATG-Version
X-Varnish-Hits
X-UUID
ServedBy
X-Drupal-Cache-Tags
X-TX-ID
X-Adobe-Loc
X-Adobe-Content
Refresh
X-Cache-NE
Healthy
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Port
X-Middleton-Response
Response
X-APP-VERSION
X-Geo-Country
X-Hyper-Cache
X-Esi
X-DataStream-Cache-Status
X-Cache-TTL-Remaining
Payment
S-Cnection
X-Cache-Age
X-Content-Type
IBM-Web2-Location
X-Newrelic-App-Data
X-Varnish-Grace
X-Amz-Server-Side-Encryption
Datacenter
Filters
Edge-Cache-Tag
X-Daa-Tunnel
X-HS-Cache-Config
Country
NGB
X-Cache-Remote
X-AppVersion
Served-By
X-Az
X-Activity-Id
HostName
X-Pc-Appver
X-Pc-Hit
X-Pc-Key
X-Cache-TTL
X-HS-Combine-CSS
X-Sucuri-ID
X-Cacheable-TTL
X-Varnish-IP
Powered-By-ChinaCache
X-App-Server
X-Vg-Webcache
X-Mrs-Age
X-Mrs-Cache-Hits
X-UA
X-Mrs-Cache
X-Akamai-Transformed
X-Mshield-Cache-Status
X-Mode
X-Is-Bot
X-ProcessESI
X-RN-RSRV
X-Rendered-As
X-Kong-Upstream-Latency
X-RemovedCookies
X-Proxied
Machine
X-Rule
X-Cache-Var
X-Cache-Var-Map
Meta-Geo
Load-Balancing
X-Kong-Proxy-Latency
X-Detected-As
X-Proxy
X-Rocket-Nginx-Bypass
X-CDN-Forward
X-FC-Vary-Parameters
TWC-Device-Class
TWC-GeoIP-Country
X-Varnish-Cache-Hits
X-Hosted-By
TWC-Connection-Speed
Access-Control-Allow-Method
Backend
OT-Force-Account-Verify
Property-Id
DB-Nickname
Cache-Name
Mn-Server-Ip
X-Grey
X-Human
X-Origin
User-Cache-Control
Webcakes-App-Name
TWC-Privacy
X-BYPASS-REASON
X-ProxyCache-Key
X-Tb
X-ServerID
X-Cache-Category-Id
X-Amz-Meta-Surrogate-Control
Webcakes-Region
Webcakes-App-Version
X-ProxyCache-Status
X-Varnish-Cacheable
TWC-Locale-Group
TWC-GeoIP-LatLong
X-Origin-Hint
X-OCL
X-PCL
X-Access
Azure-SlotName
X-Section
X-Loop
X-Format
Azure-SiteName
X-JoinUs
X-BB-IP
X-Routing-Service
Azure-InstanceId
Azure-RegionName
X-NodeID
X-CDN-Cache
L5d-Success-Class
X-EIG-Tracking-Id
X-Debug-Cache
X-Generated
X-Original-Request
X-OVcl
X-Zipkin-Id
Now
X-Upgrade-Enabled
S-Rt
X-Site-Version
X-TNCMS
ServerName
X-Hit
X-OVcl-Cache
Azure-Version
X-AWS-Id
X-App-Name
X-Cache-Config
X-Pubstack
X-Upstream-HT
X-ApacheServer
X-PERF
Selected-FE
X-TWH-CORRELATION-ID
X-Agile
X-Agile-Age
X-Upstream-CT
X-HOST
X-NGENIX-Cache
X-VWS-Id
X-Viewer-Country
X-Via-Fastly
X-LJ-Flow-ID
X-L-Path
X-Proxy-Build
X-Environment-Context
X-IP
X-Www-Served-By
X-Timing-Wait
X-Agile-Id
Fastcgi-Useragent
X-SplitTest
Cache-Key
Access-Control-Request-Headers
Fastcgi-X-Cache
Fastcgi-X-Cache-Version
X-URL
X-CCM
X-Drupal-Cache-Contexts
X-Origin-CC
X-Ocache
X-Source
From-Origin
Pagespeed
X-Xfnlog-Site
X-Nginx-Cache
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Backend-Name
X-RateLimit-Limit
Cache
X-Unique-ID
LB
X-App-Version
X-Correlation-ID
X-Litespeed-Cache
X-Forwarded-Host
X-Akamai-Request-ID
Fastly-SSL
X-Storage
X-Vgn-Hpd-Reason
X-Pc-Host
X-Pc-Date
X-Feature
NtCoent-Length
X-Ms-Blob-Type
X-Ms-Request-Id
X-Ms-Version
ViewerVersion
X-Ms-Lease-Status
X-M-Log
X-Qnm-Cache
X-M-Reqid
X-Birta-Served
X-Birta-Cache-Post
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-Labrador-Cache-Channel
AR-Request-ID
Ar-Sid
X-NCache
X-VG-TLSProxy
X-Time-Microsecs
X-Internal-Host
X-Guploader-Uploadid
X-Cluster-Node
X-Ruxit-Js-Agent
X-Real-IP
X-Real-Ip
X-Release
X-Distributor
X-Microcachable
Time
Xserver
X-EdgeConnect-Cache-Status
X-B3-TraceId
CACHE
X-B3-Spanid
X-Powered-By-ANYU
WZWS-RAY
X-Sucuri-Cache
X-Request-Time
X-Cache-Enabled
X-SERVER-NAME
V-Age
Viewtype
Www
T-Server
Meta-Geo-Continent
Cache-Prefix
Ec-Rule-Version
Fly-Cache
BehaviorPad-Version
Arc-Country
Ajk
AKAMAI
Fly-Request-Id
IsBot
Rendered-Blocks
REQUESTUUID
NGX
Mobile-Detection-Method
MD5-Digest
X-A
Server-Int
X-CF-Lambda-Fn
X-Rewrite-Enabled
X-Request-UUID
X-Rojux
X-S-Cookie
X-Server-By
X-ScT
X-Region-Sid
X-Redis-Cache
X-No-Session
X-Logtrace-Id
X-NU-AKA-ACS-Version
X-Org
X-PAYTM-SRV-ID
X-Server-Time
X-SIPLIST1
X-Via-Edge
X-Via-CDN
X-Via-SSL
X-WebServer
Xc-Version
X-VG-WebServer
X-UE-Client-Country
X-Store
X-SRCache-Key
X-Transaction
X-Trv-Group
X-Twitter-Response-Tags
X-Irp-Debug
X-IN-WAF
X-BB-ID
X-B-Cookie
X-Cache-Bucket
X-CF-Lambda-Version
X-Connection-Hash
X-ARC
X-Application
X-A-Dcw
X-A-Dam
X-A-Dgt
X-A-Wwc
X-Accel-Expires-Debug
X-CUA
X-D
X-Generated-In
X-G
X-Generation-Time
X-IN-APIGATEWAY
X-IN-SSL-APIGATEWAY
X-From
X-DPWN-IS-SECURE
X-Destination
X-Date
X-Developer
X-Died
X-Dispatcher-Server
X-A-Ccd
VivaBuild
ProcessTime
X-Cache-Backend
X-Varnish-Beresp-Ttl
X-FireWall-Port
HA-Geolon
HA-Geolat
HA-Geocity
HA-Cloudapp
HA-Georegion
Ha-Gx-Prefs
HA-Servedtime
HA-Ipaddr
HA-Host
X-VCT
GMS-Ver
X-Web-Node
Cneonction
X-External-Request-Id
X-F5-Cache
Frame-Options
X-We-Are-Hiring
X-Eu-Site
Web-Mar-Node
X-VServer
HA-Urlpath
X-Varnish-Action
X-Cache-CFC
X-Amz-Cf-Pop
Release
Pragrma
X-Block-Status
X-Amz-Meta-Cache-Control
SN
X-S-Maxage
Server-Host
X-UnsetCookies
Origin-Edge-Control
X-NC
X-Fastly-Cache
Magicmarker
X-CS
X-Crawler
Origin-Cache-Control
X-CGP
NodeID
PageSpeed
HA-Geocountry
X-Sorting-Hat-ShopId
X-Key
X-Platform
X-Origin-TTL
X-Hnp-Log
X-ShopId
X-Node-Id
X-Alternate-Cache-Key
X-ShardId
X-Shopify-Stage
X-Sorting-Hat-PodId
X-Owner
X-Layer
X-Hl-Ver
Backend-Name
X-GeoIP-City
Country-Code
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-UA-Device-Type
X-Wikidot-Backend
X-Policy
X-Hash
X-Phone
X-Wikidot-Static-Cache
X-Gen-Mode
X-Endurance-Cache-Level
X-C
X-Newrelic-Synthetics
X-Webstats-RespID
X-Nc
X-Cache-Expires
X-Returned-From-PostProcessResponse
X-Returned-From-DLL
X-Returned-From-BeforeDispatch
X-Passed-To-PostProcessResponse
X-Server-IP
X-Actual-URL
X-Sf
X-Stale
X-Passed-To-BeforeDispatch
X-Passed-To
X-Returned-From
X-Backend-TTL
X-Backend-State
X-Backend-Host
X-Secret
X-Backend-Url
X-Core-Mission
X-Developers
X-RCS-CacheZone
X-Reboot
X-Debug-Log
X-Location
X-Debug-Cookies
X-Instance-Name
X-HTML-Minification-Powered-By
X-Gannett-Site-Version
X-FW-Version
X-Epic-Correlation-Id
X-GeoIP-Country-Code
X-Swa-Ws
X-GZip
X-Matched-Rule
X-Request-URI
X-Nginx-Cache-Key
X-Cache-URL
X-NX-Host
X-Cache-Srv
X-Clientip
X-Fetched-On
X-MSEdge-Features
X-MI-In-Market
X-Croise-Owner
X-MSEdge-Flight
X-Core-Value
X-Response-By
Uber-Trace-Id
Section-Io-Cache
X-Tumblr-Pixel-3
Heartbleed
CDCHOST
X-TT-LOGID
Esi-Enabled
X-Thinkindot-L3
Kp-EeAlive
Countrycode
Powered
Platform
Origin
Proxy-Connection
Request-Country
Odigeo-Trace-Id
Request-EU
X-Dc
Thinkindot-CacheControl
Adler-Geo
X-Passed-To-DLL
Thinkindot-CacheControl-Type
MI-Cache-Age
MI-Cache
MI-API
X-ElasticPress-Search
X-Up
X-Var-Ttl
Apple-News-Services-Parsed-Url
Thinkindot-Control
Apple-News-Services-Request-Url
X-Variation
Is-Eu
Apple-News-Services-Host
Apple-News-Services-Handled
Pagetype
X-Ua
Fastly-Backend-Name
Content-Disposition
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
X-Device-Os
Resin-Trace
X-NWS-UUID-VERIFY
Cache-Cookie-Set-From
X-Ezoic-Cdn
Decoy-Debug-Status
Decoy-Debug-TTL
Decoy-Debug-Key
X-Worker
Cache-Tags
X-Fstrz
HTTPS
X-Sn-Servicetimems
X-Cdn-Origin
X-V
X-Cdn-Srv
X-Cache-Host
X-ServiceProvider
Server-ID
True-Client-Country-4JS
RNT-Time
RNT-Machine
X-Ckpd-Fst-Backend
On-Server
X-Content-Age
X-Trace-Id
X-Skip-Cache
X-Surge-Debug
X-Servername
X-Alicdn-Da-Ups-Status
X-TIME
X-CACHE-AGE
Host-ID
X-Rebelmouse-Cache-Control
Fastly-SIE
Fastly-SWR
Warning
X-Rebelmouse-Surrogate-Control
X-Csrf-Token
XServer
RequestId
MIME-Version
X-GEO
X-Aed
X-Pf-Uncompressing
Sid
Request-Time
X-Proto
PFcat
X-Req
Cteonnt-Length
X-Edge-IP
Pramga
Mail-Subject
We-Hiring
X-Refresh
X-PHP-Backend
X-Dynatrace-Js-Agent
TSSecure
X-Pjax-Url
CF-IPCountry
X-Ms-Lease-State
X-Cdn-Forward
X-Varnish-Ttl
X-Planisys-CDN-Cache
X-Page-Type
X-ABtesting
X-Flog
X-Hello
X-GRACE
X-Server-W
Cdn
WP-Super-Cache
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Servedbyhost
X-Atg-Version
X-Ratelimit-Limit
X-CLOUD-TRACE-CONTEXT
X-Oss-Server-Time
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-COUNTRY
X-Oss-Storage-Class
Mime-Version
X-Varnish-Url
X-Time
X-Oss-Request-Id
X-Geo
X-CSRF-Token
X-Cache-ASPX
GeoIp-Country-Code
Dnion-Transfer-Encoding
CDN
Geoip-Latitude
X-Auto-Login
X-DC
X-Oracle-Dms-Ecid
FSS-Proxy
FSS-Cache
X-Aicache-OS
X-DataStream-Origin-MEX-Latency
Lfy
X-Unique-Id
X-DataStream-MidMile-RTT
X-GoCache-CacheStatus
X-Varnish-Beresp-TTL
PageType
A
X-Akamai-Request-ID2
X-WA
X-Datadome
X-Sentry-ID
Rt-Proxy-Cache
NnCoection
MS-CV
X-EC-Security-Audit
X-Origin-Expires
X-Origin-Date
X-Via-NSCOPI
NODE
X-Wa
X-HCF
X-Cache-Id
X-Served-From
X-Thanos
Memcached
X-Bip
Node
X-MP-GENERATED-AT
X-Varnish-HitMiss
X-CACHE-KEY
X-Cache-Control-Set-By
X-Check-Cacheable
X-Be
X-APP
X-Cache-Info
SD-X-WS
Hostname
X-Use-Magma
X-Request-Start
X-UPSTREAM-Address
WWW-Authenticate
X-Server-Group
GeoIP-Latitude
GeoIP-Country-Code
X-Proxy-Server
X-NODE
X-Nananana
X-SRV
Geoip-City
X-Ratelimit-Remaining
Memory
GeoIP-City
X-Cookie
UCS
X-PAGE-TYPE
GW-Server
X-Wix-Route-ID
X-Fastly-Cache-Hits
X-Varnish-URL
PICS-Label
X-From-Cache
X-ServedByHost
Processtime
X-User
X-Gen-Id
X-GDPR
X-Load-Cache
X-RTag
Cache-Hits
X-WR-MODIFICATION
DataCenter
X-Fastly-Backend-Reqs
X-Edge-Server
X-HS-Status
Cdn-Host
Cdn-Request-Time
X-FORWARDED-FOR
X-Gdpr
Cf-Ipcountry
Accept-Language
Ms-Operation-Id
COMMERCE-SERVER-SOFTWARE
X-Swift-Error
X-Vcache
Pics-Label
X-Goog-Meta-Goog-Reserved-File-Mtime
X-PJAX-URL
X-Cache-Ttl
X-Cache-Debug
X-Urbn-Context-Path
X-Li-Pop
X-BBXSRF
Dont-Set-Cookie
X-B3-SpanId
X-Urbn-Site-Id
Locale
X-Li-Fabric
X-LI-UUID
X-LI-Proto
X-Path-Route
V-Cache
X-Cache-HT
X-Fe
Is-Session-Tracking
X-Dw-Trace-Id
X-Info
Lb
Group
Get-Access-Time
X-VG-WebCache
X-RateLimit-Reset
X-Env
X-PF-Uncompressing
X-CDN-Pop-IP
X-CDN-Pop
X-Optimization
Amp-Access-Control-Allow-Source-Origin
X-ID
NX-Cache
X-Content-Encoded-By
Fastly-Soc-X-Request-Id
SS
URI
X-Qloud-Router
X-GZIP
X-Bug-Bounty
Who
Requestid
Serverid
X-NGINX-Cache
CDN-Cache
X-CacheKey
AGE-Hash
X-Ver
X-P-T
CDN-Cache-Hit
CDN-Node
X-Varnish-Info
X-ServerName
Xet-Cookie
X-Cache-FS-Status
X-Serial
X-Akamai-SSL-Client-Sid
X-SN
SID
X-Akamai-ERPolicy
N-Cache
X-Flags
X-Is-Crawler
X-VC
X-Litespeed-Cache-Control
X-RequestId
X-Shard
X-Providence-Cookie
X-Route-Name
X-SB
X-Ibm-Trace
X-Grace-Duration
Ws
X-Akamai-ERRuleID
Https
X-Meta-Tbi-Cache-Vertical