Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
Last-Modified
Accept-Ranges
Pragma
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
Expect-CT
Via
X-XSS-Protection
X-Cache
Age
Access-Control-Allow-Origin
Content-Security-Policy
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Served-By
X-Amz-Cf-Id
X-Varnish
Referrer-Policy
X-Xss-Protection
X-Timer
CF-Cache-Status
X-FRAME-OPTIONS
Access-Control-Allow-Headers
X-AspNet-Version
X-Request-Id
Access-Control-Allow-Methods
X-Runtime
X-Download-Options
Access-Control-Allow-Credentials
X-Drupal-Cache
X-Cacheable
X-Request-ID
Alt-Svc
X-Generator
Content-Security-Policy-Report-Only
X-Check
X-AspNetMvc-Version
Status
X-Cache-Status
X-Adblock-Key
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Iinfo
X-Permitted-Cross-Domain-Policies
X-Template
Content-Encoding
X-Language
X-Content-Security-Policy
X-Turbo-Charged-By
X-CDN
X-Type
X-Buckets
Keep-Alive
Xkey
X-AH-Environment
X-Cache-Group
X-Backend
Access-Control-Max-Age
WPE-Backend
X-Pass-Why
X-Age
CF-Ray
X-POWERED-BY
Upgrade
X-Server
EagleId
Access-Control-Expose-Headers
X-Via
X-Nginx-Cache-Status
X-Server-Powered-By
X-Drupal-Dynamic-Cache
X-Pingback
X-Varnish-Cache
Grace
X-Amz-Request-Id
X-Amz-Id-2
X-Hacker
X-Swift-CacheTime
X-Swift-SaveTime
X-UA-Device
X-Robots-Tag
Ali-Swift-Global-Savetime
P3p
Cf-Railgun
X-LiteSpeed-Cache
X-Proxy-Cache
X-Envoy-Upstream-Service-Time
X-Ua-Compatible
X-Page-Speed
Request-Context
Content-Location
X-Device
X-Ac
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Cnection
X-Node
X-Amz-Version-Id
X-Host
X-Cache-Lookup
Surrogate-Control
X-Server-Id
X-WebKit-CSP
X-Backend-Server
X-Rq
X-Rack-Cache
X-Response-Time
X-Application-Context
X-Readtime
EagleEye-TraceId
X-CST
Server-Timing
X-Url
Pinterest-Generated-By
X-Cloud-Trace-Context
X-TTL
X-OneAgent-JS-Injection
Request-Id
Report-To
X-Instart-Request-ID
X-Country
X-Px
X-ORACLE-DMS-ECID
X-Clacks-Overhead
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Feature-Policy
Edge-Control
Rating
X-Country-Code
Allow
X-DynaTrace-JS-Agent
X-Dns-Prefetch-Control
Charset
X-Powered-CMS
X-PC
X-Vname
X-TtlSet
X-Server-Name
X-FTR-Request-ID
X-DataDome
X-Origin-Cache
X-ESI
X-DynaTrace
NEL
X-MS-InvokeApp
X-Cached
X-Goog-Hash
X-Recruiting
X-Vhost
X-Varnish-TTL
X-ORACLE-DMS-RID
X-VARITI-CCR
X-GitHub-Request-Id
RTSS
Content-MD5
X-Version
X-F-Cache
X-Exp-Variant
X-Kinja-Build
X-Exp-Id
X-Kinja
X-Cdn-Fetch
X-Kinja-Revision
X-Kinja-Server
X-Geo-Segment
X-GoogleNews-Bot
X-Powered-By-Plesk
Accept-CH
Public-Key-Pins
PB-PID
PB-RID
Arc-Version
X-Mobile-Rewrite
X-D2id
X-Mod-Pagespeed
Pinterest-Version
X-Pinterest-Rid
X-Upstream-Env
Verso
MS-Author-Via
X-Client-IP
X-Abt-Application-Version
SPRequestGuid
X-SRCache-Fetch-Status
X-CF-Powered-By
X-SRCache-Store-Status
X-Dispatcher
X-N
X-SharePointHealthScore
X-Amz-Rid
Accept-CH-Lifetime
X-Navigation-Version
Nginx-Cache
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
AR-PoweredBy
AR-ATIME
X-Trace
X-Dw-Request-Base-Id
X-Fastly-Request-ID
DynaTrace
X-T
AR-CACHE
Paypal-Debug-Id
X-Server-ID
X-Varnish-Age
X-Upstream
X-Hits
Arr-Disable-Session-Affinity
TCN
X-Forwarded-Proto
X-DIS-Request-ID
X-Origin-Upstream-Status
X-Amz-Meta-S3cmd-Attrs
X-Id
X-Ruxit-JS-Agent
X-Pad
SPRequestDuration
X-Grace
SPIisLatency
X-Shield-Request-Id
X-Content-Options
X-FastCGI-Cache
X-Content-Digest
X-NF-Request-ID
Realpath
AR-SID
X-Do-Not-Hack
X-HeyJason
Permitted-Cross-Domain-Policies
X-Cache-Hit
X-Kinsta-Cache
Access-Control-Request-Method
X-IPLB-Instance
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
MRF-Tech
Mrf-Cache-Status
X-Acc-Meta-Resource-Type
X-Logged-In
X-B
X-HW
X-Goog-Storage-Class
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Vcap-Request-Id
X-SS-Set-Cookie
X-Debug
X-XRDS-Location
S
X-Ser
Service-Worker-Allowed
X-MSEdge-Ref
X-Wix-Server-Artifact-Id
Server-Name
X-PressLabs-Stats
X-Cache-Key
X-Frontend
Tracecode
X-FTR-DC
X-FTR-Cache-Status
X-FTR-Realm
X-Country-Code-Real
X-FTR-Backend
X-FTR-Backend-Server
X-FTR-Balancer
X-Oneagent-Js-Injection
AMP-Access-Control-Allow-Source-Origin
X-Webkit-CSP
X-NewRelic-App-Data
X-FTR-Expires
Rt-Fastcgi-Cache
Fastcgi-Cache
Surrogate-Key
X-Forwarded-For
X-GUploader-UploadID
Eomportal-Instance
Fastly-Restarts
Alternate-Protocol
Cleartype
X-Cache-Rule
Cache-Status
Backend-Timing
X-Analytics
X-Srv
Host
TP-L2-Cache
X-HS-Hub-Id
X-Revision
X-Oracle-Dms-Rid
X-HS-Content-Id
TP-Cache
X-Rid
X-Accel-Buffering
X-Whom
X-User-Agent
Public-Key-Pins-Report-Only
X-RateLimit-Remaining
X-TA-CDN-Provider
X-FTR-Cache-Host
FilterID
X-VCache
X-Debug-Info
X-Akam-SW-Version
X-NWS-LOG-UUID
X-AOL-HN
ServerID
X-XRDS-LOCATION
X-Cache-2
X-Varnish-Backend
X-Via-JSL
Front-End-Https
X-Cdn
Accept-Charset
X-Mobile
X-Content-Powered-By
X-Kinja-Server-Push
X-Request-Received
X-Request-Processing-Time
X-Zen-Fury
X-Cached-By
Viewport
X-WPE-Loopback-Upstream-Addr
X-Node-Name
X-App-Environment
X-LB-Cache
X-Magnolia-Registration
X-B3-Traceid
X-Content-Security-Policy-Report-Only
Host-Header
X-Page-Id
X-Tumblr-User
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Cluster
X-Varnish-Hostname
X-TT
X-Akamai-Edgescape
X-Request-Guid
X-Handled-By
Liferay-Portal
X-Framework
X-B3-Sampled
X-Cache-Control
X-Device-Type
X-B-Cache
X-BCube-Filmed-By
X-Correlation-Id
X-Signature
X-FB-Debug
X-Platform-Server
X-Instance
Cache-Tag
DC
Upgrade-Insecure-Requests
X-Cache-Server
X-Hostname
Server-Node
X-Origin-Server
MicrosoftSharePointTeamServices
X-TT-TIMESTAMP
X-Ttl
Source
X-Amzn-Trace-Id
Display
X-Middleton-Display
X-Sol
Retry-After
X-Accel-Expires
X-Contextid
X-Servedby
X-WA-Info
X-Varnish-Server
X-Cache-Action
HitType
Server-Info
HitInfo
X-Esi
X-Distil-CS
X-Cache-Operation
X-Fastcgi-Cache
X-APP-VERSION
X-Seen-By
Content-Script-Type
X-Wix-Request-Id
Content-Style-Type
X-Port
Webserver
X-GeoIP
X-Tumblr-Pixel-1
GEO-INFO
X-S
X-RequestSource
X-Tumblr-Pixel-2
X-WebKit-CSP-Report-Only
User-Agent
X-Generated-By
X-Locale
X-Jobs
X-Edge-Location
X-Amz-Replication-Status
Healthy
X-Status
Actual-Object-TTL
X-Edge-Cache
AsisCache
X-Edge-Cache-Key
X-Region
X-Varnish-Hits
X-Response-Served-From
X-UUID
X-Adobe-Loc
X-Adobe-Content
ServedBy
X-TX-ID
X-FW-Static
X-Geo-Country
X-FW-Hash
X-FW-Serve
SRV
X-Newrelic-App-Data
X-Drupal-Cache-Tags
X-FW-Type
X-FW-Server
X-Hyper-Cache
Refresh
X-Daa-Tunnel
X-DataStream-Cache-Status
X-ATG-Version
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Iejgwucgyu
X-Cache-NE
Response
X-Cache-TTL-Remaining
X-Varnish-Grace
X-Middleton-Response
Filters
IBM-Web2-Location
S-Cnection
X-Amz-Server-Side-Encryption
Payment
X-Cache-Age
NGB
X-Content-Type
X-AppVersion
Datacenter
X-Az
X-Activity-Id
X-Pc-Hit
X-Pc-Key
X-Pc-Appver
X-Proxied
X-CDN-Forward
X-Cache-Remote
X-Cache-TTL
X-Cacheable-TTL
X-Vg-Webcache
X-App-Server
Country
X-Kong-Proxy-Latency
Edge-Cache-Tag
X-Kong-Upstream-Latency
Served-By
X-HS-Cache-Config
Cache
X-Unique-ID
X-Sucuri-ID
X-UA
X-Mode
X-ProcessESI
X-HS-Combine-CSS
X-Is-Bot
Load-Balancing
X-Cache-Var-Map
X-Cache-Var
X-RemovedCookies
X-Varnish-IP
X-Detected-As
X-Rendered-As
X-RN-RSRV
X-Akamai-Transformed
Machine
Meta-Geo
X-Rocket-Nginx-Bypass
X-Ruxit-Js-Agent
X-FC-Vary-Parameters
X-Rule
X-Proxy
AR-Request-ID
TWC-Locale-Group
TWC-Privacy
TWC-GeoIP-LatLong
User-Cache-Control
Mn-Server-Ip
Backend
X-ProxyCache-Status
Access-Control-Allow-Method
X-Varnish-Cache-Hits
Cache-Name
DB-Nickname
TWC-Device-Class
TWC-Connection-Speed
Property-Id
X-Human
TWC-GeoIP-Country
Webcakes-App-Name
X-ServerID
X-ProxyCache-Key
X-BYPASS-REASON
X-PCL
X-Hosted-By
X-Varnish-Cacheable
X-Grey
X-Tb
X-Cache-Category-Id
Webcakes-Region
X-OCL
X-Amz-Meta-Surrogate-Control
X-BB-IP
X-Origin
X-Origin-Hint
Webcakes-App-Version
X-EIG-Tracking-Id
X-Hit
X-Routing-Service
X-Section
Azure-InstanceId
X-Debug-Cache
X-Environment-Context
X-CDN-Cache
Azure-RegionName
Azure-SiteName
Azure-SlotName
X-Upgrade-Enabled
ServerName
X-Original-Request
X-Generated
X-Access
X-NodeID
X-Loop
X-JoinUs
S-Rt
X-Zipkin-Id
X-Site-Version
X-Format
X-TNCMS
X-L-Path
X-Viewer-Country
Now
L5d-Success-Class
Azure-Version
X-Real-IP
X-Correlation-ID
X-IP
X-LJ-Flow-ID
X-Ocache
X-Cache-Config
X-App-Name
X-Agile
X-Agile-Age
X-Agile-Id
X-ApacheServer
X-AWS-Id
X-PERF
X-Via-Fastly
X-VWS-Id
X-Www-Served-By
OT-Force-Account-Verify
X-HOST
X-TWH-CORRELATION-ID
X-Proxy-Build
X-Pubstack
X-SplitTest
X-Timing-Wait
Selected-FE
X-RateLimit-Limit
Cache-Key
Access-Control-Request-Headers
X-Backend-Name
X-Drupal-Cache-Contexts
X-NGENIX-Cache
X-Origin-CC
X-URL
X-CCM
X-OVcl-Cache
X-OVcl
HostName
X-Mrs-Cache
X-Nginx-Cache
X-Mrs-Cache-Hits
Fastcgi-X-Cache-Version
Fastcgi-Useragent
X-Mrs-Age
X-Source
X-Xfnlog-Site
X-Mshield-Cache-Status
Fastcgi-X-Cache
X-Upstream-CT
X-Upstream-HT
Powered-By-ChinaCache
X-Pc-Host
X-Pc-Date
X-Akamai-Request-ID
X-Storage
X-Vgn-Hpd-Reason
From-Origin
X-Litespeed-Cache
Pagespeed
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Forwarded-Host
Fastly-SSL
X-Feature
X-NC
X-Time-Microsecs
X-Internal-Host
LB
X-Varnish-Beresp-Grace
X-M-Reqid
X-Qnm-Cache
X-M-Log
X-NCache
X-Varnish-Beresp-Status
X-Release
X-Ms-Request-Id
X-Distributor
X-Ms-Lease-Status
X-Ms-Version
X-Ms-Blob-Type
X-Microcachable
NtCoent-Length
X-UA-Device-Type
X-Birta-Served
X-Labrador-Cache-Channel
X-Birta-Cache-Post
Pagetype
X-VG-TLSProxy
X-Webkit-Csp
X-App-Version
X-EdgeConnect-Cache-Status
XServer
X-Cache-Backend
X-B3-Spanid
X-Transaction
X-Twitter-Response-Tags
X-Connection-Hash
Time
X-SERVER-NAME
MIME-Version
Frame-Options
X-PHP-Backend
X-Sucuri-Cache
X-G
AKAMAI
X-Irp-Debug
Ajk
X-Logtrace-Id
X-IN-WAF
X-Generation-Time
X-IN-APIGATEWAY
X-IN-SSL-APIGATEWAY
X-Generated-In
X-Request-UUID
X-Rojux
X-Rewrite-Enabled
Fly-Request-Id
X-D
X-Date
X-A-Dcw
X-CUA
X-CS
X-A-Dam
X-A-Ccd
VivaBuild
X-Destination
Www
X-A
X-A-Dgt
X-A-Wwc
X-Org
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-NU-AKA-ACS-Version
X-Cache-Bucket
X-BB-ID
X-Accel-Expires-Debug
X-Application
X-ARC
X-B-Cookie
Viewtype
X-PAYTM-SRV-ID
Ec-Rule-Version
Fly-Cache
X-Dispatcher-Server
Host-ID
X-Redis-Cache
X-DPWN-IS-SECURE
X-From
BehaviorPad-Version
Cache-Prefix
X-No-Session
IsBot
MD5-Digest
Server-Int
X-Developer
T-Server
V-Age
Cneonction
Rendered-Blocks
X-Died
Meta-Geo-Continent
Mobile-Detection-Method
NGX
Arc-Country
X-Region-Sid
X-SRCache-Key
X-Trv-Group
Xc-Version
X-SIPLIST1
X-Server-Time
X-Via-SSL
X-Via-Edge
X-C
X-S-Cookie
X-VG-WebServer
X-Via-CDN
X-UE-Client-Country
X-Server-By
X-WebServer
X-ScT
X-Powered-By-ANYU
X-FireWall-Port
X-NWS-UUID-VERIFY
X-Web-Node
WZWS-RAY
X-Instance-Name
ViewerVersion
GMS-Ver
X-RateLimit-Remaining-Second
HA-Cloudapp
HA-Geocity
X-Wikidot-Backend
HA-Geocountry
X-F5-Cache
Origin-Cache-Control
X-Owner
X-Cache-CFC
X-Block-Status
X-Cache-Enabled
Origin-Edge-Control
HA-Geolat
X-Origin-TTL
Ha-Gx-Prefs
X-S-Maxage
X-Gen-Mode
X-Amz-Meta-Cache-Control
NodeID
Magicmarker
X-Hnp-Log
X-Platform
X-VServer
X-RateLimit-Limit-Second
HA-Host
Web-Mar-Node
HA-Georegion
HA-Ipaddr
HA-Servedtime
X-We-Are-Hiring
HA-Urlpath
HA-Geolon
Country-Code
X-Debug-Log
X-Request-Time
X-Hash
X-Debug-Cookies
X-Hl-Ver
X-Crawler
X-UnsetCookies
X-Cluster-Node
X-Var-Ttl
Server-Host
X-Eu-Site
X-External-Request-Id
X-GeoIP-City
X-Node-Id
X-Phone
SN
X-Core-Value
X-Fastly-Cache
X-Wikidot-Static-Cache
X-Store
Release
X-Varnish-Action
X-Layer
X-VCT
X-Key
X-NX-Host
Backend-Name
X-CGP
X-Webstats-RespID
X-GZip
X-V
X-CACHE-AGE
X-Passed-To-PostProcessResponse
X-Passed-To-DLL
Thinkindot-CacheControl
Thinkindot-Control
Uber-Trace-Id
X-HTML-Minification-Powered-By
Thinkindot-CacheControl-Type
X-Variation
X-Passed-To
X-Passed-To-BeforeDispatch
X-Backend-State
X-Croise-Owner
X-Varnish-Beresp-Ttl
X-Core-Mission
X-Clientip
X-Cdn-Srv
Powered
X-MI-In-Market
X-Policy
X-Epic-Correlation-Id
X-GeoIP-Country-Code
X-MSEdge-Features
X-Developers
X-Cdn-Origin
X-Cache-URL
X-Backend-Host
X-Backend-TTL
X-Actual-URL
X-Nginx-Cache-Key
X-Gannett-Site-Version
X-Backend-Url
X-Fetched-On
X-Cache-Srv
X-Cache-Host
X-Cache-Expires
X-Up
X-MSEdge-Flight
Platform
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
X-Stale
Apple-News-Services-Host
Apple-News-Services-Handled
Adler-Geo
X-Sn-Servicetimems
X-Swa-Ws
CDCHOST
X-RCS-CacheZone
Heartbleed
X-Trace-Id
Esi-Enabled
X-Reboot
X-Thinkindot-L3
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-Server-IP
X-Returned-From-BeforeDispatch
X-Returned-From-DLL
X-Returned-From-PostProcessResponse
X-Secret
X-Location
X-Returned-From
X-Response-By
X-ShopId
X-Shopify-Stage
X-ShardId
X-Alternate-Cache-Key
X-Sf
X-Request-URI
X-TT-LOGID
Countrycode
MI-Cache-Age
Odigeo-Trace-Id
MI-Cache
MI-API
Kp-EeAlive
Origin
X-Matched-Rule
Request-EU
Section-Io-Cache
Request-Country
Proxy-Connection
Pragrma
X-Tumblr-Pixel-3
PFcat
Is-Eu
X-Ua
X-Servername
X-ElasticPress-Search
True-Client-Country-4JS
X-ServiceProvider
X-Rebelmouse-Cache-Control
Content-Disposition
PageSpeed
X-Device-Os
Request-Time
Resin-Trace
X-SERVER
Sid
ProcessTime
X-FW-Version
X-Fstrz
RNT-Machine
RNT-Time
REQUESTUUID
Server-ID
X-Rebelmouse-Surrogate-Control
X-Worker
X-Ckpd-Fst-Backend
Fastly-SWR
Decoy-Debug-TTL
Decoy-Debug-Status
Decoy-Debug-Key
Cache-Tags
X-Alicdn-Da-Ups-Status
X-Content-Age
Fastly-Backend-Name
Fastly-SIE
On-Server
Xserver
X-Ezoic-Cdn
X-Skip-Cache
HTTPS
X-Csrf-Token
X-Dc
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-From
X-Endurance-Cache-Level
X-Pf-Uncompressing
Cteonnt-Length
Warning
RequestId
X-Req
X-Proto
CF-IPCountry
WP-Super-Cache
X-Oss-Hash-Crc64ecma
X-Real-Ip
X-Oss-Server-Time
X-Oss-Storage-Class
X-Oss-Request-Id
X-Oss-Object-Type
X-Servedbyhost
X-Refresh
X-Planisys-CDN-TTL
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Surge-Debug
We-Hiring
CDN
Mail-Subject
X-Datadome
CACHE
X-Newrelic-Synthetics
X-TIME
X-B3-TraceId
X-Pjax-Url
Ar-Sid
X-GEO
X-Aed
X-Cache-ASPX
X-Time
Dnion-Transfer-Encoding
X-Nc
X-Varnish-Ttl
X-GoCache-CacheStatus
Pramga
Hostname
X-DC
X-Atg-Version
X-GRACE
X-CLOUD-TRACE-CONTEXT
X-CSRF-Token
X-Edge-IP
TSSecure
X-COUNTRY
X-Geo
X-Guploader-Uploadid
X-Varnish-Beresp-TTL
X-Ms-Lease-State
X-Server-W
X-Page-Type
GeoIp-Country-Code
NODE
Geoip-Latitude
X-Oracle-Dms-Ecid
NnCoection
X-Origin-Date
X-Hello
X-ABtesting
X-Origin-Expires
X-Flog
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
X-Cdn-Forward
X-Varnish-HitMiss
A
X-HCF
X-Aicache-OS
X-Varnish-Url
X-Cache-Control-Set-By
Lfy
SD-X-WS
MS-CV
X-WA
X-Amz-Cf-Pop
X-Auto-Login
Cdn
FSS-Cache
FSS-Proxy
X-Akamai-Request-ID2
WWW-Authenticate
X-Server-Group
X-Ratelimit-Limit
Geoip-City
Mime-Version
X-UPSTREAM-Address
Node
X-Wa
Processtime
X-Sentry-ID
X-Varnish-URL
X-Wix-Route-ID
X-Via-NSCOPI
Rt-Proxy-Cache
PICS-Label
X-Use-Magma
X-Cache-Id
X-Check-Cacheable
X-Unique-Id
X-APP
X-EC-Security-Audit
X-PAGE-TYPE
X-From-Cache
GeoIP-Country-Code
GeoIP-Latitude
X-NODE
X-Nananana
X-Gdpr
X-Cache-Info
X-SRV
Memcached
X-Bip
GeoIP-City
PageType
Cdn-Host
X-Thanos
Lb
X-Edge-Server
Cdn-Request-Time
X-Served-From
Dont-Set-Cookie
X-CACHE-KEY
Ms-Operation-Id
X-Gen-Id
X-RTag
X-Cookie
X-Request-Start
X-Be
X-GDPR
X-Proxy-Server
X-MP-GENERATED-AT
X-Fastly-Backend-Reqs
COMMERCE-SERVER-SOFTWARE
X-Load-Cache
DataCenter
X-Dynatrace-Js-Agent
X-WR-MODIFICATION
X-HS-Status
X-Cache-HT
X-FORWARDED-FOR
X-Optimization
X-Env
X-Fastly-Cache-Hits
Get-Access-Time
Is-Session-Tracking
Pics-Label
X-PJAX-URL
Who
Memory
X-Swift-Error
GW-Server
UCS
X-User
Group
V-Cache
X-RateLimit-Reset
X-Cache-FS-Status
X-B3-SpanId
X-Cache-Ttl
X-Ver
X-ServedByHost
URI
X-Meta-Tbi-Cache-Vertical
X-Fe
Requestid
Cache-Hits
Cf-Ipcountry
X-Ibm-Trace
X-CDN-Pop-IP
Ws
X-CDN-Pop
X-Dw-Trace-Id
X-ID
Amp-Access-Control-Allow-Source-Origin
X-Bug-Bounty
AGE-Hash
X-VC
Xet-Cookie
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Shard
X-PF-Uncompressing
X-SB
NX-Cache
Httpd-Identifier
X-GZIP
Accept-Language
Serverid
X-NGINX-Cache
X-CacheKey
Locale
X-LI-UUID
X-Urbn-Context-Path
X-Urbn-Site-Id
X-LI-Proto
X-Li-Pop
X-BBXSRF
X-Content-Encoded-By
X-Li-Fabric
X-Ratelimit-Remaining
CDN-Cache
X-Wix-Petri-Ex
CDN-Cache-Hit
N-Cache
X-Varnish-Info
Https
X-SVT-ORM-RULES
CDN-Node
Powered-By
X-SVT-ORM-VERSION
X-Providence-Cookie
X-Is-Crawler
X-StackifyID
X-BE
RequestUuid
X-Route-Name
X-Flags
X-Akamai-ERRuleID
X-Cache-Handler
Version
X-Litespeed-Cache-Control
Ohc-File-Size
X-RequestId
X-ServerName
X-Akamai-ERPolicy
X-Grace-Duration
X-Cache-Debug