Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
Last-Modified
Accept-Ranges
Pragma
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
Expect-CT
Via
X-Cache
X-XSS-Protection
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Xss-Protection
X-Served-By
X-Amz-Cf-Id
X-Varnish
Referrer-Policy
X-Timer
CF-Cache-Status
Access-Control-Allow-Headers
X-AspNet-Version
Access-Control-Allow-Methods
X-Request-Id
X-Runtime
X-Download-Options
Access-Control-Allow-Credentials
X-FRAME-OPTIONS
X-Drupal-Cache
X-Request-ID
X-Cacheable
Alt-Svc
X-Generator
Content-Security-Policy-Report-Only
X-Check
X-Adblock-Key
X-AspNetMvc-Version
Status
X-Cache-Status
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Template
X-Permitted-Cross-Domain-Policies
X-Language
X-Iinfo
Content-Encoding
X-Content-Security-Policy
X-Turbo-Charged-By
X-CDN
X-Buckets
X-Type
Keep-Alive
Xkey
X-AH-Environment
X-Cache-Group
WPE-Backend
X-Pass-Why
X-Backend
P3p
Access-Control-Max-Age
X-Age
CF-Ray
Upgrade
X-POWERED-BY
X-Server
Access-Control-Expose-Headers
EagleId
X-Via
X-Nginx-Cache-Status
X-Server-Powered-By
X-Drupal-Dynamic-Cache
X-Pingback
X-Varnish-Cache
X-Amz-Request-Id
X-Amz-Id-2
X-Hacker
Grace
X-UA-Device
X-Swift-SaveTime
X-Swift-CacheTime
X-Robots-Tag
Ali-Swift-Global-Savetime
Cf-Railgun
X-LiteSpeed-Cache
X-Proxy-Cache
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Ua-Compatible
Request-Context
Content-Location
X-Device
X-Ac
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Cnection
X-Amz-Version-Id
X-Host
Surrogate-Control
X-Cache-Lookup
X-Node
X-Server-Id
X-Backend-Server
X-Rq
X-Response-Time
X-Rack-Cache
X-WebKit-CSP
X-Readtime
X-Application-Context
EagleEye-TraceId
X-OneAgent-JS-Injection
Server-Timing
X-Cloud-Trace-Context
Report-To
Pinterest-Generated-By
Request-Id
X-Url
X-CST
X-TTL
X-Instart-Request-ID
X-Country
X-ORACLE-DMS-ECID
X-Px
X-Clacks-Overhead
Feature-Policy
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Edge-Control
X-Country-Code
Rating
X-Dns-Prefetch-Control
Allow
X-ESI
NEL
X-Powered-CMS
X-DataDome
X-TtlSet
X-Vname
X-FTR-Request-ID
X-PC
X-Server-Name
X-Origin-Cache
Charset
X-DynaTrace
X-Cached
X-MS-InvokeApp
X-DynaTrace-JS-Agent
X-Vhost
X-Goog-Hash
X-GitHub-Request-Id
X-Recruiting
X-VARITI-CCR
RTSS
X-Varnish-TTL
X-F-Cache
X-Version
X-Kinja
X-Kinja-Build
X-Exp-Id
X-Kinja-Server
X-Kinja-Revision
X-Cdn-Fetch
X-Exp-Variant
X-GoogleNews-Bot
X-Geo-Segment
Content-MD5
X-Powered-By-Plesk
Public-Key-Pins
PB-PID
X-Mobile-Rewrite
Arc-Version
PB-RID
X-Mod-Pagespeed
Accept-CH
MS-Author-Via
X-D2id
Verso
X-Client-IP
X-Abt-Application-Version
X-Dispatcher
Pinterest-Version
X-Upstream-Env
X-Pinterest-Rid
SPRequestGuid
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Ruxit-JS-Agent
X-SharePointHealthScore
Nginx-Cache
X-Amz-Rid
X-N
X-ORACLE-DMS-RID
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Trace
X-Dw-Request-Base-Id
Accept-CH-Lifetime
X-Navigation-Version
X-CF-Powered-By
X-Fastly-Request-ID
Paypal-Debug-Id
X-Forwarded-Proto
X-Server-ID
X-DIS-Request-ID
SPRequestDuration
SPIisLatency
X-Origin-Upstream-Status
X-T
X-Hits
X-Upstream
X-Varnish-Age
Arr-Disable-Session-Affinity
DynaTrace
TCN
X-Amz-Meta-S3cmd-Attrs
X-Id
X-Oracle-Dms-Rid
X-Grace
X-Shield-Request-Id
X-Pad
X-Content-Options
X-Cdn
AR-ATIME
AR-PoweredBy
Realpath
AR-CACHE
X-Content-Digest
X-NF-Request-ID
X-HW
Access-Control-Request-Method
X-Mrf-Item-Lastmod
Mrf-Cache-Status
X-Kinsta-Cache
X-Mrf-Section-Lastmod
MRF-Tech
X-XRDS-Location
X-Acc-Meta-Resource-Type
X-IPLB-Instance
X-Goog-Generation
X-Goog-Storage-Class
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Debug
X-Cache-Hit
X-Vcap-Request-Id
X-B
X-Logged-In
X-Wix-Server-Artifact-Id
X-SS-Set-Cookie
Service-Worker-Allowed
X-Ser
Tracecode
X-FastCGI-Cache
S
Fastly-Restarts
Server-Name
X-NewRelic-App-Data
X-MSEdge-Ref
X-PressLabs-Stats
X-Frontend
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-DC
X-FTR-Realm
X-FTR-Backend
X-FTR-Cache-Status
X-Country-Code-Real
X-Accel-Buffering
X-FTR-Expires
X-Cache-Key
AMP-Access-Control-Allow-Source-Origin
Rt-Fastcgi-Cache
Surrogate-Key
X-Forwarded-For
Fastcgi-Cache
Backend-Timing
X-Analytics
Alternate-Protocol
X-HS-Content-Id
X-HS-Hub-Id
X-Iejgwucgyu
X-Cache-Rule
Host
FilterID
Eomportal-Instance
X-Revision
Cleartype
X-Rid
TP-L2-Cache
TP-Cache
Front-End-Https
X-Srv
Cache-Status
AR-SID
X-FTR-Cache-Host
X-User-Agent
Public-Key-Pins-Report-Only
X-Debug-Info
X-Whom
X-Akam-SW-Version
ServerID
X-Mobile
Accept-Charset
X-AOL-HN
X-Webkit-CSP
X-Varnish-Backend
X-Cache-2
X-GUploader-UploadID
X-Request-Processing-Time
X-RateLimit-Remaining
X-Request-Received
X-Zen-Fury
X-Oneagent-Js-Injection
X-Ttl
X-XRDS-LOCATION
X-Cached-By
X-Via-JSL
X-Content-Powered-By
X-WPE-Loopback-Upstream-Addr
X-TA-CDN-Provider
X-NWS-LOG-UUID
X-App-Environment
X-HeyJason
Permitted-Cross-Domain-Policies
X-VCache
X-Do-Not-Hack
X-LB-Cache
X-Varnish-Hostname
X-Tumblr-User
X-Tumblr-Pixel
X-Tumblr-Pixel-0
Host-Header
X-Cache-Control
X-Cluster
X-Page-Id
Display
X-Middleton-Display
X-Sol
X-Request-Guid
X-Node-Name
X-TT
X-Framework
X-Magnolia-Registration
Viewport
X-Device-Type
X-B-Cache
X-Handled-By
X-Correlation-Id
X-Akamai-Edgescape
X-Signature
X-Platform-Server
X-Instance
X-FB-Debug
X-Content-Security-Policy-Report-Only
Upgrade-Insecure-Requests
DC
X-B3-Sampled
Cache-Tag
X-BCube-Filmed-By
Liferay-Portal
X-Fastcgi-Cache
X-Amzn-Trace-Id
X-Cache-Server
MicrosoftSharePointTeamServices
X-Hostname
Server-Node
X-Origin-Server
X-Webkit-Csp
X-TT-TIMESTAMP
X-Accel-Expires
Source
X-Varnish-Server
X-WA-Info
Retry-After
X-Servedby
X-Distil-CS
X-Contextid
X-Edge-Location
X-Wix-Request-Id
X-Seen-By
HitInfo
HitType
Server-Info
X-B3-Traceid
X-Cache-Action
X-Amz-Replication-Status
Content-Style-Type
X-S
Webserver
Content-Script-Type
X-Tumblr-Pixel-2
X-Cache-Operation
X-GeoIP
X-RequestSource
X-Tumblr-Pixel-1
SRV
X-Status
User-Agent
GEO-INFO
X-ATG-Version
X-Jobs
X-Locale
Actual-Object-TTL
X-Generated-By
AsisCache
X-Response-Served-From
X-Middleton-Response
X-Cache-NE
X-WebKit-CSP-Report-Only
Response
X-FW-Serve
ServedBy
X-FW-Hash
X-TX-ID
X-Drupal-Cache-Tags
X-Edge-Cache
X-Region
X-UUID
X-FW-Static
X-FW-Type
X-Varnish-Hits
X-FW-Server
Refresh
X-Adobe-Content
X-Edge-Cache-Key
X-Adobe-Loc
X-Newrelic-App-Data
X-Yottaa-Optimizations
X-Yottaa-Metrics
Healthy
X-Port
Payment
X-Esi
X-Geo-Country
X-Hyper-Cache
X-Cache-TTL-Remaining
X-DataStream-Cache-Status
X-URL
X-APP-VERSION
S-Cnection
X-Content-Type
IBM-Web2-Location
Edge-Cache-Tag
Datacenter
X-HS-Cache-Config
X-Varnish-Grace
HostName
Country
X-Amz-Server-Side-Encryption
X-Cache-Age
Powered-By-ChinaCache
Filters
X-HS-Combine-CSS
Served-By
X-Daa-Tunnel
NGB
X-Pc-Hit
X-Varnish-IP
X-Pc-Key
X-Sucuri-ID
X-Pc-Appver
X-Cacheable-TTL
X-Cache-Remote
X-App-Server
X-Vg-Webcache
X-Activity-Id
X-AppVersion
X-Az
X-UA
X-Mshield-Cache-Status
X-Akamai-Transformed
X-Mrs-Cache
X-Mrs-Age
X-Kinja-Server-Push
X-Mrs-Cache-Hits
X-Mode
X-Rendered-As
X-Detected-As
Meta-Geo
X-Is-Bot
X-Rule
X-RN-RSRV
Machine
Load-Balancing
X-Cache-Var
X-Cache-TTL
X-Cache-Var-Map
X-RemovedCookies
X-ProxyCache-Status
X-Rocket-Nginx-Bypass
X-BYPASS-REASON
X-Proxy
X-ProcessESI
X-FC-Vary-Parameters
X-ProxyCache-Key
Backend
Cache-Name
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
Access-Control-Allow-Method
DB-Nickname
X-Grey
X-Hosted-By
X-Tb
X-ServerID
X-Amz-Meta-Surrogate-Control
Mn-Server-Ip
X-Varnish-Cacheable
X-PCL
X-Origin-Hint
X-Origin
X-OCL
Webcakes-Region
X-Cache-Category-Id
TWC-GeoIP-Country
Webcakes-App-Version
TWC-Device-Class
TWC-Connection-Speed
OT-Force-Account-Verify
Property-Id
TWC-Locale-Group
TWC-GeoIP-LatLong
Webcakes-App-Name
TWC-Privacy
User-Cache-Control
L5d-Success-Class
Azure-InstanceId
Azure-RegionName
X-Varnish-Cache-Hits
Azure-SiteName
X-Site-Version
X-Zipkin-Id
X-TNCMS
X-Routing-Service
X-Human
X-Generated
X-Format
X-EIG-Tracking-Id
X-BB-IP
X-Hit
X-JoinUs
X-Proxied
Azure-Version
X-Original-Request
X-Loop
Now
Azure-SlotName
X-App-Version
X-Correlation-ID
X-CDN-Cache
X-Cache-Config
X-AWS-Id
X-Environment-Context
X-Viewer-Country
X-L-Path
X-IP
X-App-Name
X-ApacheServer
ServerName
Selected-FE
X-Access
X-Agile
X-Agile-Id
X-Agile-Age
X-NodeID
X-PERF
X-Upstream-HT
X-Upstream-CT
X-VWS-Id
X-Www-Served-By
X-Debug-Cache
X-HOST
X-Upgrade-Enabled
X-TWH-CORRELATION-ID
X-Proxy-Build
S-Rt
X-Pubstack
X-Section
X-Timing-Wait
X-SplitTest
X-Via-Fastly
X-LJ-Flow-ID
Fastcgi-Useragent
Fastcgi-X-Cache
Cache-Key
Access-Control-Request-Headers
From-Origin
X-Drupal-Cache-Contexts
Fastcgi-X-Cache-Version
X-Source
X-CCM
X-NGENIX-Cache
X-Origin-CC
X-Ocache
X-Amz-Apigw-Id
Cache
X-Amzn-RequestId
X-CDN-Forward
X-OVcl
X-OVcl-Cache
Pagespeed
LB
X-Nginx-Cache
X-Xfnlog-Site
X-Backend-Name
X-Unique-ID
X-Feature
Fastly-SSL
X-Litespeed-Cache
ViewerVersion
X-Forwarded-Host
X-RateLimit-Limit
NtCoent-Length
X-Akamai-Request-ID
X-Pc-Date
X-Ms-Blob-Type
X-Storage
X-Ms-Lease-Status
X-Ms-Version
X-Pc-Host
X-Ms-Request-Id
X-M-Reqid
X-Qnm-Cache
X-Birta-Cache-Post
X-Birta-Served
X-M-Log
X-Varnish-Beresp-Status
X-Vgn-Hpd-Reason
X-Varnish-Beresp-Grace
X-VG-TLSProxy
X-Labrador-Cache-Channel
Ar-Sid
X-Cluster-Node
Xserver
X-Guploader-Uploadid
X-B3-TraceId
X-Internal-Host
X-Time-Microsecs
X-NCache
X-Real-Ip
X-Real-IP
X-Ruxit-Js-Agent
Time
X-Release
X-Distributor
X-EdgeConnect-Cache-Status
AR-Request-ID
X-Microcachable
CACHE
PageSpeed
X-Sucuri-Cache
X-Request-Time
X-Cache-Enabled
X-Varnish-Beresp-Ttl
ProcessTime
X-B3-Spanid
X-SERVER-NAME
X-Dynatrace-Js-Agent
WZWS-RAY
X-Powered-By-ANYU
X-PAYTM-SRV-ID
X-From
Meta-Geo-Continent
Rendered-Blocks
Server-Int
X-G
X-Generation-Time
Xc-Version
Mobile-Detection-Method
X-Generated-In
NGX
T-Server
X-IN-APIGATEWAY
X-Org
X-Logtrace-Id
X-Irp-Debug
X-NU-AKA-ACS-Version
X-Rewrite-Enabled
X-Web-Node
Ajk
Arc-Country
BehaviorPad-Version
X-IN-WAF
Fly-Cache
Fly-Request-Id
IsBot
X-DPWN-IS-SECURE
Ec-Rule-Version
X-IN-SSL-APIGATEWAY
Cache-Prefix
MD5-Digest
X-Via-CDN
X-Developer
X-ARC
X-B-Cookie
X-BB-ID
X-S-Cookie
X-SIPLIST1
X-Application
X-Died
X-SRCache-Key
X-Request-UUID
X-Destination
X-Server-Time
X-CF-Lambda-Version
X-Server-By
X-D
X-CUA
X-CF-Lambda-Fn
X-Redis-Cache
X-ScT
X-Date
X-Cache-Bucket
X-Store
X-Rojux
Www
X-A
X-Connection-Hash
X-VG-WebServer
X-Dispatcher-Server
X-Via-Edge
V-Age
Viewtype
X-Via-SSL
X-UE-Client-Country
X-Twitter-Response-Tags
X-A-Dgt
X-Transaction
X-A-Wwc
X-Accel-Expires-Debug
X-A-Dcw
X-Region-Sid
X-A-Ccd
X-Trv-Group
X-A-Dam
X-WebServer
VivaBuild
X-Newrelic-Synthetics
X-Alternate-Cache-Key
X-NC
X-Endurance-Cache-Level
X-Sorting-Hat-ShopId
X-Cache-Backend
X-FireWall-Port
X-Shopify-Stage
X-ShopId
X-Sorting-Hat-PodId
X-ShardId
X-Hnp-Log
X-Hl-Ver
X-Policy
HA-Cloudapp
GMS-Ver
NodeID
X-Hash
REQUESTUUID
X-GeoIP-City
X-Gen-Mode
X-UnsetCookies
HA-Geocity
X-No-Session
X-Amz-Meta-Cache-Control
Frame-Options
HA-Georegion
X-Layer
X-Key
X-S-Maxage
X-CS
Web-Mar-Node
X-UA-Device-Type
Magicmarker
HA-Urlpath
HA-Servedtime
HA-Geolon
HA-Geolat
X-Node-Id
Ha-Gx-Prefs
HA-Ipaddr
HA-Host
HA-Geocountry
Country-Code
AKAMAI
SN
X-Phone
X-Varnish-Action
Backend-Name
Pragrma
X-Origin-TTL
X-Crawler
X-Owner
X-External-Request-Id
X-CGP
Release
X-Eu-Site
X-Platform
X-Wikidot-Backend
Origin-Edge-Control
X-VServer
Origin-Cache-Control
X-VCT
X-Wikidot-Static-Cache
X-We-Are-Hiring
X-Block-Status
X-Fastly-Cache
X-F5-Cache
X-Cache-CFC
X-Nc
X-Amz-Cf-Pop
X-CACHE-AGE
X-Webstats-RespID
X-ElasticPress-Search
X-Nginx-Cache-Key
X-MSEdge-Flight
X-NX-Host
Uber-Trace-Id
Server-Host
Section-Io-Cache
X-Actual-URL
X-Debug-Log
X-Cache-URL
X-Cache-Srv
X-Device-Os
X-Debug-Cookies
X-Clientip
X-Croise-Owner
X-Core-Value
X-Core-Mission
X-Epic-Correlation-Id
X-Cache-Expires
X-HTML-Minification-Powered-By
X-Instance-Name
X-Location
X-GeoIP-Country-Code
X-Gannett-Site-Version
X-Backend-Url
X-Backend-State
X-Backend-Host
X-MSEdge-Features
Cneonction
X-Var-Ttl
X-Variation
Countrycode
CDCHOST
X-Up
Esi-Enabled
X-Stale
X-Swa-Ws
X-TT-LOGID
X-Passed-To
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
Resin-Trace
Adler-Geo
X-RCS-CacheZone
X-Sf
Apple-News-Services-Handled
Apple-News-Services-Host
Cache-Cookie-Set-From
Kp-EeAlive
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
X-Server-IP
X-Tumblr-Pixel-3
Platform
Origin
Odigeo-Trace-Id
X-RateLimit-Remaining-Second
X-Passed-To-PostProcessResponse
Proxy-Connection
X-Passed-To-BeforeDispatch
Request-EU
Request-Country
X-Passed-To-DLL
X-Request-URI
X-RateLimit-Limit-Second
X-Returned-From
X-Returned-From-BeforeDispatch
Is-Eu
X-Returned-From-DLL
X-Response-By
X-Secret
X-Returned-From-PostProcessResponse
X-Ezoic-Cdn
X-Ua
Pagetype
True-Client-Country-4JS
Server-ID
RNT-Time
X-Content-Age
X-Worker
X-Fstrz
X-Ckpd-Fst-Backend
X-Trace-Id
Fastly-Backend-Name
X-FW-Version
X-Reboot
X-Fetched-On
X-Matched-Rule
RNT-Machine
X-Thinkindot-L3
X-NWS-UUID-VERIFY
X-Developers
X-MI-In-Market
MI-Cache-Age
X-Backend-TTL
X-Cache-Host
X-C
Heartbleed
MI-Cache
MI-API
On-Server
Thinkindot-Control
Cache-Tags
Thinkindot-CacheControl-Type
Powered
Thinkindot-CacheControl
X-Dc
X-Csrf-Token
X-V
X-GZip
X-Rebelmouse-Surrogate-Control
X-ServiceProvider
Decoy-Debug-Status
Decoy-Debug-TTL
Decoy-Debug-Key
Content-Disposition
X-Surge-Debug
Fastly-SIE
Fastly-SWR
X-Servername
X-Skip-Cache
X-Sn-Servicetimems
Warning
HTTPS
X-Rebelmouse-Cache-Control
X-Cdn-Srv
X-Cdn-Origin
X-Alicdn-Da-Ups-Status
Host-ID
X-Aed
MIME-Version
X-TIME
X-Edge-IP
X-Req
Pramga
X-Proto
X-Pf-Uncompressing
RequestId
X-GEO
We-Hiring
Request-Time
Sid
PFcat
X-Datadome
X-Cdn-Forward
Mail-Subject
TSSecure
XServer
X-Refresh
X-Ratelimit-Limit
X-Pjax-Url
X-Ms-Lease-State
Cteonnt-Length
X-ABtesting
WP-Super-Cache
CF-IPCountry
X-Page-Type
X-Hello
X-Flog
X-Geo
X-Time
X-Varnish-Ttl
X-PHP-Backend
Cdn
X-GRACE
X-Server-W
X-Varnish-Url
X-DC
X-Atg-Version
X-CLOUD-TRACE-CONTEXT
X-Servedbyhost
Mime-Version
X-Planisys-CDN-Rules
X-Auto-Login
X-Planisys-CDN-TTL
X-COUNTRY
X-Planisys-CDN-Cache
CDN
FSS-Proxy
FSS-Cache
X-Oss-Storage-Class
X-Oss-Server-Time
X-Oss-Object-Type
X-Oss-Request-Id
X-Oss-Hash-Crc64ecma
X-Oracle-Dms-Ecid
X-Cache-ASPX
X-Aicache-OS
GeoIp-Country-Code
Dnion-Transfer-Encoding
Geoip-Latitude
X-DataStream-Origin-MEX-Latency
X-Unique-Id
X-DataStream-MidMile-RTT
Lfy
X-CSRF-Token
X-GoCache-CacheStatus
X-Akamai-Request-ID2
X-Sentry-ID
PageType
Rt-Proxy-Cache
X-EC-Security-Audit
A
X-Varnish-Beresp-TTL
X-WA
X-Cache-Id
Memcached
X-Via-NSCOPI
X-MP-GENERATED-AT
X-Bip
X-Thanos
X-Served-From
X-Ratelimit-Remaining
X-Check-Cacheable
NnCoection
X-Origin-Expires
X-Wa
X-Origin-Date
X-Cache-Info
Node
X-CACHE-KEY
MS-CV
X-Cache-Control-Set-By
X-HCF
X-Request-Start
X-Proxy-Server
X-Be
GeoIP-Country-Code
GeoIP-Latitude
NODE
X-APP
X-Varnish-HitMiss
SD-X-WS
Memory
X-Nananana
X-NODE
X-UPSTREAM-Address
X-SRV
GW-Server
UCS
X-Server-Group
GeoIP-City
X-Fastly-Cache-Hits
WWW-Authenticate
Hostname
Geoip-City
X-ServedByHost
Cache-Hits
X-Cookie
X-Vcache
X-User
X-Gen-Id
Accept-Language
X-Varnish-URL
PICS-Label
X-GDPR
X-PAGE-TYPE
X-Wix-Route-ID
X-From-Cache
X-Load-Cache
X-WR-MODIFICATION
DataCenter
X-Goog-Meta-Goog-Reserved-File-Mtime
Amp-Access-Control-Allow-Source-Origin
X-HS-Status
X-FORWARDED-FOR
Cf-Ipcountry
X-Fastly-Backend-Reqs
Processtime
X-Li-Pop
X-Cache-Ttl
X-BBXSRF
X-RTag
COMMERCE-SERVER-SOFTWARE
Locale
X-Gdpr
X-Li-Fabric
X-Swift-Error
X-Urbn-Site-Id
X-PJAX-URL
X-Use-Magma
X-Path-Route
X-LI-Proto
X-Urbn-Context-Path
Cdn-Request-Time
X-Edge-Server
Pics-Label
Cdn-Host
X-LI-UUID
Ms-Operation-Id
X-Info
X-B3-SpanId
X-Cache-Debug
Requestid
Dont-Set-Cookie
X-CDN-Pop
X-Dw-Trace-Id
SS
X-Qloud-Router
X-CDN-Pop-IP
X-PF-Uncompressing
X-VG-WebCache
X-Fe
X-ID
NX-Cache
X-P-T
X-Cache-HT
Fastly-Soc-X-Request-Id
X-Content-Encoded-By
V-Cache
X-RateLimit-Reset
X-GZIP
Is-Session-Tracking
Group
X-Optimization
Get-Access-Time
X-Bug-Bounty
X-Env
X-NGINX-Cache
Serverid
CDN-Cache-Hit
CDN-Node
URI
X-ServerName
X-SN
CDN-Cache
Lb
Who
X-Varnish-Info
X-CacheKey
Xet-Cookie
Https
AGE-Hash
X-Serial
X-BE
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Protected-By
Powered-By
X-CSRF-TOKEN
X-Akamai-SSL-Client-Sid
X-Is-Crawler
X-Akamai-ERRuleID
X-Akamai-ERPolicy
X-Cache-FS-Status
X-Grace-Duration
X-RequestId
X-Shard
X-Route-Name
X-Litespeed-Cache-Control
X-Ver
X-Flags
X-Providence-Cookie
SID