Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
Last-Modified
Accept-Ranges
Pragma
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
Expect-CT
Via
X-XSS-Protection
X-Cache
Age
Access-Control-Allow-Origin
Content-Security-Policy
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Served-By
X-Amz-Cf-Id
X-Varnish
Referrer-Policy
X-Xss-Protection
X-Timer
CF-Cache-Status
X-FRAME-OPTIONS
Access-Control-Allow-Headers
X-AspNet-Version
X-Request-Id
Access-Control-Allow-Methods
X-Runtime
X-Download-Options
Access-Control-Allow-Credentials
X-Drupal-Cache
X-Cacheable
Alt-Svc
X-Request-ID
X-Generator
Content-Security-Policy-Report-Only
X-Check
X-AspNetMvc-Version
Status
X-Adblock-Key
X-Cache-Status
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Permitted-Cross-Domain-Policies
X-Iinfo
X-Template
X-Language
Content-Encoding
X-Content-Security-Policy
X-Turbo-Charged-By
X-CDN
X-Type
X-Buckets
Keep-Alive
Xkey
X-AH-Environment
X-Cache-Group
X-Backend
WPE-Backend
X-Pass-Why
Access-Control-Max-Age
X-Age
Upgrade
CF-Ray
X-Server
X-POWERED-BY
EagleId
Access-Control-Expose-Headers
X-Via
X-Nginx-Cache-Status
X-Server-Powered-By
X-Drupal-Dynamic-Cache
X-Pingback
X-Varnish-Cache
X-Amz-Request-Id
X-Amz-Id-2
X-Hacker
Grace
X-UA-Device
X-Swift-CacheTime
X-Swift-SaveTime
X-Robots-Tag
Ali-Swift-Global-Savetime
P3p
Cf-Railgun
X-LiteSpeed-Cache
X-Proxy-Cache
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Ua-Compatible
Request-Context
Content-Location
X-Device
X-Ac
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Cnection
X-Amz-Version-Id
X-Node
X-Server-Id
X-Host
X-Cache-Lookup
Surrogate-Control
X-WebKit-CSP
X-Backend-Server
X-Rq
X-Rack-Cache
X-Response-Time
X-Readtime
X-Application-Context
EagleEye-TraceId
Server-Timing
X-CST
X-OneAgent-JS-Injection
X-Url
X-Cloud-Trace-Context
Pinterest-Generated-By
X-TTL
Report-To
Request-Id
X-Instart-Request-ID
X-Country
X-ORACLE-DMS-ECID
X-Px
X-Clacks-Overhead
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Feature-Policy
Edge-Control
Rating
X-Country-Code
Allow
X-DynaTrace-JS-Agent
X-DataDome
X-Powered-CMS
X-TtlSet
X-Vname
X-PC
X-Dns-Prefetch-Control
Charset
X-FTR-Request-ID
X-ESI
X-DynaTrace
X-Origin-Cache
NEL
X-Server-Name
X-MS-InvokeApp
X-Cached
X-Goog-Hash
X-Vhost
X-Recruiting
X-Varnish-TTL
X-GitHub-Request-Id
X-VARITI-CCR
RTSS
Content-MD5
X-F-Cache
X-Version
X-Exp-Variant
X-Exp-Id
X-Cdn-Fetch
X-Geo-Segment
X-GoogleNews-Bot
X-Kinja-Revision
X-Kinja-Build
X-Kinja-Server
X-Kinja
X-Powered-By-Plesk
X-ORACLE-DMS-RID
Public-Key-Pins
Accept-CH
PB-RID
PB-PID
Arc-Version
X-D2id
X-Mobile-Rewrite
X-Mod-Pagespeed
MS-Author-Via
Verso
X-Upstream-Env
X-Pinterest-Rid
Pinterest-Version
X-Client-IP
X-Abt-Application-Version
SPRequestGuid
X-Dispatcher
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-N
X-CF-Powered-By
X-SharePointHealthScore
X-Amz-Rid
Nginx-Cache
Accept-CH-Lifetime
X-Navigation-Version
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Dw-Request-Base-Id
X-Fastly-Request-ID
X-Ruxit-JS-Agent
X-Trace
Paypal-Debug-Id
DynaTrace
X-T
AR-ATIME
AR-PoweredBy
X-Forwarded-Proto
X-Varnish-Age
X-Grace
X-Hits
X-DIS-Request-ID
X-Upstream
AR-CACHE
X-Origin-Upstream-Status
Arr-Disable-Session-Affinity
TCN
X-Amz-Meta-S3cmd-Attrs
X-Id
SPIisLatency
SPRequestDuration
X-Pad
X-Shield-Request-Id
X-Content-Options
X-Content-Digest
Realpath
X-NF-Request-ID
Access-Control-Request-Method
X-Kinsta-Cache
MRF-Tech
X-Mrf-Section-Lastmod
Mrf-Cache-Status
X-FastCGI-Cache
X-Mrf-Item-Lastmod
X-IPLB-Instance
X-Cache-Hit
X-HW
X-Acc-Meta-Resource-Type
X-B
X-Server-ID
X-Logged-In
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-Vcap-Request-Id
X-SS-Set-Cookie
X-Debug
X-Wix-Server-Artifact-Id
AR-SID
S
Service-Worker-Allowed
X-Ser
X-MSEdge-Ref
X-Oracle-Dms-Rid
X-Cache-Key
X-XRDS-Location
Permitted-Cross-Domain-Policies
Tracecode
X-HeyJason
X-Do-Not-Hack
X-NewRelic-App-Data
Server-Name
X-FTR-Realm
X-FTR-Balancer
X-FTR-Backend
X-FTR-Backend-Server
X-Country-Code-Real
X-FTR-DC
X-FTR-Cache-Status
X-Frontend
X-PressLabs-Stats
AMP-Access-Control-Allow-Source-Origin
X-FTR-Expires
Fastly-Restarts
Rt-Fastcgi-Cache
Fastcgi-Cache
Surrogate-Key
X-Forwarded-For
X-Accel-Buffering
Alternate-Protocol
Eomportal-Instance
X-Cache-Rule
Backend-Timing
X-Analytics
Cleartype
Cache-Status
X-HS-Hub-Id
X-HS-Content-Id
TP-Cache
Host
TP-L2-Cache
X-Rid
X-Revision
FilterID
X-GUploader-UploadID
Public-Key-Pins-Report-Only
X-Whom
X-FTR-Cache-Host
X-XRDS-LOCATION
X-Debug-Info
X-Oneagent-Js-Injection
X-Srv
X-User-Agent
X-RateLimit-Remaining
X-Akam-SW-Version
ServerID
X-TA-CDN-Provider
X-AOL-HN
Front-End-Https
X-Varnish-Backend
X-VCache
X-Mobile
X-Cache-2
Accept-Charset
X-NWS-LOG-UUID
X-Via-JSL
X-Webkit-CSP
X-Request-Processing-Time
X-Content-Powered-By
X-Request-Received
X-Cdn
X-Zen-Fury
X-Kinja-Server-Push
X-Cached-By
X-WPE-Loopback-Upstream-Addr
Viewport
X-Node-Name
X-Ttl
X-Correlation-Id
X-Varnish-Hostname
X-App-Environment
X-LB-Cache
X-Cluster
X-Page-Id
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Tumblr-User
Host-Header
X-Magnolia-Registration
Liferay-Portal
X-Handled-By
X-Request-Guid
X-TT
X-Cache-Control
X-Framework
X-FB-Debug
X-Content-Security-Policy-Report-Only
X-Device-Type
X-Akamai-Edgescape
Upgrade-Insecure-Requests
X-Platform-Server
X-BCube-Filmed-By
X-B-Cache
X-B3-Sampled
X-Signature
X-Instance
DC
X-B3-Traceid
Cache-Tag
X-Iejgwucgyu
X-Cache-Server
X-Sol
X-Middleton-Display
Display
X-Hostname
X-Origin-Server
Server-Node
X-Amzn-Trace-Id
MicrosoftSharePointTeamServices
X-TT-TIMESTAMP
X-Accel-Expires
Retry-After
X-WA-Info
Source
X-Fastcgi-Cache
X-Varnish-Server
X-Contextid
X-Servedby
HitInfo
X-Distil-CS
Server-Info
HitType
X-APP-VERSION
X-Cache-Action
X-Esi
X-Cache-Operation
X-Wix-Request-Id
X-Seen-By
Content-Script-Type
Content-Style-Type
User-Agent
Webserver
X-Amz-Replication-Status
X-Edge-Location
X-S
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-GeoIP
Actual-Object-TTL
X-Locale
X-WebKit-CSP-Report-Only
X-Status
X-FW-Hash
X-Region
X-FW-Serve
X-FW-Server
X-Port
X-Jobs
SRV
X-FW-Type
X-FW-Static
X-Response-Served-From
X-UUID
GEO-INFO
AsisCache
X-RequestSource
X-TX-ID
X-Varnish-Hits
X-Edge-Cache-Key
X-Edge-Cache
ServedBy
X-Adobe-Content
X-Drupal-Cache-Tags
X-Adobe-Loc
X-Generated-By
Healthy
X-ATG-Version
Refresh
Response
X-Newrelic-App-Data
X-Middleton-Response
X-Hyper-Cache
X-Geo-Country
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Cache-NE
X-DataStream-Cache-Status
X-Cache-TTL-Remaining
X-Daa-Tunnel
Payment
IBM-Web2-Location
X-Varnish-Grace
S-Cnection
X-Cache-Age
X-Amz-Server-Side-Encryption
X-Content-Type
Filters
Datacenter
X-Az
NGB
X-Activity-Id
X-AppVersion
X-CDN-Forward
X-Cache-Remote
X-Pc-Key
X-Pc-Hit
Country
X-Pc-Appver
X-HS-Cache-Config
X-Webkit-Csp
Edge-Cache-Tag
X-Cacheable-TTL
X-Cache-TTL
X-Proxied
X-Vg-Webcache
Served-By
X-App-Server
X-Sucuri-ID
X-Varnish-IP
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-UA
X-Mode
X-HS-Combine-CSS
X-Akamai-Transformed
Pagespeed
X-ProcessESI
X-Cache-Var-Map
Load-Balancing
X-RN-RSRV
Machine
Meta-Geo
X-Detected-As
X-Rendered-As
X-Rule
X-Is-Bot
X-RemovedCookies
X-Cache-Var
Powered-By-ChinaCache
X-Proxy
X-FC-Vary-Parameters
HostName
X-Rocket-Nginx-Bypass
X-Origin
X-Human
X-Varnish-Cache-Hits
X-Hosted-By
X-OCL
X-PCL
X-Mshield-Cache-Status
DB-Nickname
Cache-Name
Access-Control-Allow-Method
Backend
X-Mrs-Cache
X-Mrs-Cache-Hits
X-Mrs-Age
X-Grey
X-ProxyCache-Key
User-Cache-Control
X-Varnish-Cacheable
X-ServerID
X-Tb
X-BYPASS-REASON
X-Cache-Category-Id
X-ProxyCache-Status
X-Amz-Meta-Surrogate-Control
X-Section
X-NodeID
L5d-Success-Class
X-Access
Webcakes-Region
X-Site-Version
Webcakes-App-Name
X-Loop
X-CDN-Cache
Azure-SiteName
Azure-RegionName
X-JoinUs
Azure-SlotName
X-Routing-Service
X-BB-IP
Azure-InstanceId
TWC-Privacy
TWC-Device-Class
X-Hit
TWC-Connection-Speed
ServerName
Webcakes-App-Version
TWC-GeoIP-Country
TWC-Locale-Group
TWC-GeoIP-LatLong
X-Generated
S-Rt
Property-Id
X-Original-Request
X-Origin-Hint
X-Upgrade-Enabled
X-TNCMS
Mn-Server-Ip
Now
X-Zipkin-Id
X-OVcl-Cache
X-OVcl
X-Format
Azure-Version
Fastcgi-X-Cache
Fastcgi-X-Cache-Version
OT-Force-Account-Verify
Fastcgi-Useragent
X-EIG-Tracking-Id
X-VWS-Id
Cache-Key
X-Environment-Context
X-Debug-Cache
X-Cache-Config
X-Agile-Age
X-Agile
X-Unique-ID
X-Agile-Id
X-ApacheServer
X-AWS-Id
X-App-Name
X-Viewer-Country
X-Www-Served-By
X-NGENIX-Cache
X-TWH-CORRELATION-ID
X-Via-Fastly
X-PERF
X-LJ-Flow-ID
X-IP
X-SplitTest
X-Pubstack
X-L-Path
X-Proxy-Build
X-Timing-Wait
X-Origin-CC
X-Ocache
X-Drupal-Cache-Contexts
Selected-FE
X-CCM
X-Source
X-Correlation-ID
X-Upstream-CT
X-Upstream-HT
X-HOST
X-Xfnlog-Site
X-Nginx-Cache
X-Backend-Name
Access-Control-Request-Headers
AR-Request-ID
X-URL
X-RateLimit-Limit
From-Origin
X-Akamai-Request-ID
X-Amz-Apigw-Id
X-Amzn-RequestId
Cache
X-Pc-Host
X-Pc-Date
X-Storage
X-Forwarded-Host
X-Vgn-Hpd-Reason
Fastly-SSL
X-Ruxit-Js-Agent
X-Litespeed-Cache
LB
X-Real-IP
X-SERVER-NAME
NtCoent-Length
X-M-Log
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-M-Reqid
X-Ms-Blob-Type
X-NCache
X-Qnm-Cache
X-Feature
X-Ms-Request-Id
X-Ms-Version
X-Ms-Lease-Status
X-Time-Microsecs
X-Birta-Served
X-Birta-Cache-Post
X-Internal-Host
X-Labrador-Cache-Channel
X-VG-TLSProxy
X-Release
X-Distributor
X-NC
X-Microcachable
X-EdgeConnect-Cache-Status
ViewerVersion
X-App-Version
Time
X-UA-Device-Type
X-B3-Spanid
X-Cluster-Node
X-Cache-Backend
X-Transaction
X-Powered-By-ANYU
X-Twitter-Response-Tags
WZWS-RAY
CACHE
X-Connection-Hash
Pagetype
X-Destination
VivaBuild
X-BB-ID
Www
Viewtype
X-CF-Lambda-Version
X-Cache-Bucket
X-Died
T-Server
X-Developer
Cneonction
AKAMAI
X-B-Cookie
X-CF-Lambda-Fn
X-A
Server-Int
X-A-Dcw
X-A-Dam
X-ARC
X-Application
Rendered-Blocks
X-Sucuri-Cache
X-D
X-Request-Time
X-A-Dgt
Ajk
X-DPWN-IS-SECURE
X-A-Ccd
X-Date
X-A-Wwc
X-Accel-Expires-Debug
X-IN-SSL-APIGATEWAY
X-Region-Sid
X-Redis-Cache
X-Request-UUID
X-Rewrite-Enabled
X-Rojux
X-Via-Edge
X-Via-SSL
X-PAYTM-SRV-ID
Fly-Cache
X-Real-Ip
IsBot
X-S-Cookie
X-Via-CDN
Ec-Rule-Version
X-Trv-Group
X-UE-Client-Country
X-VG-WebServer
X-SRCache-Key
X-SIPLIST1
X-ScT
X-Server-By
Frame-Options
X-Server-Time
Meta-Geo-Continent
MD5-Digest
Cache-Prefix
BehaviorPad-Version
X-IN-APIGATEWAY
V-Age
X-Irp-Debug
X-Generation-Time
X-Generated-In
Xc-Version
X-From
X-G
Arc-Country
Fly-Request-Id
X-IN-WAF
Mobile-Detection-Method
X-Org
NGX
X-No-Session
X-NU-AKA-ACS-Version
X-Logtrace-Id
X-FireWall-Port
XServer
X-C
X-Cache-Enabled
HA-Georegion
HA-Cloudapp
HA-Geocity
HA-Geolat
HA-Geolon
HA-Geocountry
HA-Urlpath
Origin-Cache-Control
NodeID
Origin-Edge-Control
Powered
Pragrma
Magicmarker
SN
HA-Host
HA-Ipaddr
HA-Servedtime
Release
Ha-Gx-Prefs
X-Gen-Mode
X-RateLimit-Remaining-Second
X-S-Maxage
X-Store
X-RateLimit-Limit-Second
X-Policy
X-Owner
X-Phone
X-Platform
X-Varnish-Action
X-VCT
X-Wikidot-Backend
X-Wikidot-Static-Cache
REQUESTUUID
X-WebServer
X-Web-Node
X-VServer
X-We-Are-Hiring
X-Origin-TTL
X-Node-Id
X-CUA
X-Dispatcher-Server
X-Eu-Site
X-Core-Value
X-CGP
X-Block-Status
X-Cache-CFC
X-External-Request-Id
X-F5-Cache
X-Hnp-Log
X-Key
X-Layer
X-Hl-Ver
X-GeoIP-City
X-Fastly-Cache
GMS-Ver
X-Amz-Meta-Cache-Control
Web-Mar-Node
Country-Code
X-GZip
X-Instance-Name
Xserver
Backend-Name
X-Alternate-Cache-Key
X-Sorting-Hat-PodId
X-ShardId
X-NWS-UUID-VERIFY
X-Sorting-Hat-ShopId
X-ShopId
X-Shopify-Stage
X-Debug-Cookies
X-Debug-Log
X-V
X-Developers
X-CS
X-Fetched-On
X-GeoIP-Country-Code
X-Hash
X-Gannett-Site-Version
X-FW-Version
X-Croise-Owner
X-Epic-Correlation-Id
X-Core-Mission
X-Backend-TTL
X-Backend-Url
X-Backend-State
X-Backend-Host
X-Actual-URL
X-Cache-Srv
X-Cache-URL
X-Clientip
X-HTML-Minification-Powered-By
ProcessTime
X-Cdn-Srv
X-Crawler
X-Up
X-Returned-From-PostProcessResponse
MIME-Version
X-Returned-From-DLL
X-Returned-From-BeforeDispatch
X-UnsetCookies
X-Returned-From
X-Tumblr-Pixel-3
X-Secret
X-Swa-Ws
X-Thinkindot-L3
X-Stale
X-Sf
X-Server-IP
X-Response-By
X-Request-URI
X-MSEdge-Features
X-MSEdge-Flight
X-MI-In-Market
X-Matched-Rule
X-TT-LOGID
X-Location
X-Nginx-Cache-Key
X-NX-Host
X-RCS-CacheZone
X-Reboot
X-Passed-To-DLL
X-Passed-To-BeforeDispatch
X-Passed-To
X-Variation
X-Passed-To-PostProcessResponse
Proxy-Connection
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Platform
Apple-News-Services-Handled
Adler-Geo
Section-Io-Cache
Request-EU
Request-Country
Apple-News-Services-Request-Url
Origin
Kp-EeAlive
Is-Eu
Heartbleed
Esi-Enabled
MI-API
MI-Cache
Odigeo-Trace-Id
CDCHOST
MI-Cache-Age
Server-Host
Countrycode
Thinkindot-CacheControl-Type
Thinkindot-Control
Thinkindot-CacheControl
Uber-Trace-Id
X-Webstats-RespID
Ar-Sid
X-CACHE-AGE
X-Servername
Decoy-Debug-Key
Resin-Trace
RNT-Machine
X-Varnish-Beresp-Ttl
Decoy-Debug-Status
X-ServiceProvider
Content-Disposition
X-PHP-Backend
Cache-Tags
On-Server
X-ElasticPress-Search
True-Client-Country-4JS
HTTPS
X-Fstrz
Host-ID
RNT-Time
X-Var-Ttl
X-Worker
X-Sn-Servicetimems
X-Ezoic-Cdn
Warning
X-Cache-Host
X-Cdn-Origin
Server-ID
Fastly-Backend-Name
X-Ckpd-Fst-Backend
Decoy-Debug-TTL
X-Trace-Id
X-Cache-Expires
X-Content-Age
X-Endurance-Cache-Level
Cache-Cookie-Set-From
X-Alicdn-Da-Ups-Status
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
X-Rebelmouse-Surrogate-Control
Fastly-SWR
Fastly-SIE
X-Rebelmouse-Cache-Control
X-TIME
X-Ua
X-Dc
X-Skip-Cache
X-Device-Os
X-Newrelic-Synthetics
X-Guploader-Uploadid
Sid
X-Pf-Uncompressing
PFcat
Request-Time
RequestId
X-Csrf-Token
X-Surge-Debug
X-B3-TraceId
X-Req
X-Proto
PageSpeed
X-Nc
Cteonnt-Length
We-Hiring
Mail-Subject
CF-IPCountry
X-Refresh
X-Aed
X-GEO
X-Servedbyhost
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Oss-Hash-Crc64ecma
X-Pjax-Url
X-Planisys-CDN-Cache
CDN
X-Oss-Request-Id
WP-Super-Cache
X-Oss-Storage-Class
X-Oss-Object-Type
X-Oss-Server-Time
Pramga
X-Edge-IP
TSSecure
X-CSRF-Token
X-Varnish-Ttl
X-Geo
X-Varnish-Beresp-TTL
X-Ms-Lease-State
X-Cache-ASPX
Dnion-Transfer-Encoding
X-Atg-Version
X-DC
X-Ratelimit-Limit
X-CLOUD-TRACE-CONTEXT
X-ABtesting
X-Flog
Geoip-Latitude
X-Time
X-Amz-Cf-Pop
GeoIp-Country-Code
X-Hello
X-COUNTRY
X-Server-W
X-Page-Type
X-GoCache-CacheStatus
X-Varnish-Url
X-Oracle-Dms-Ecid
Cdn
X-Aicache-OS
Hostname
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
X-Auto-Login
Lfy
NODE
NnCoection
X-Cdn-Forward
MS-CV
Mime-Version
FSS-Cache
FSS-Proxy
X-Origin-Date
X-Origin-Expires
A
X-WA
X-Dynatrace-Js-Agent
X-GRACE
X-Unique-Id
X-HCF
X-Datadome
X-Cache-Control-Set-By
X-Varnish-HitMiss
X-Akamai-Request-ID2
SD-X-WS
X-Sentry-ID
X-Via-NSCOPI
Rt-Proxy-Cache
PageType
X-SRV
Node
X-Wa
X-EC-Security-Audit
X-Server-Group
X-APP
WWW-Authenticate
X-Served-From
Memcached
X-Thanos
X-Cache-Id
Geoip-City
X-Bip
X-UPSTREAM-Address
X-Use-Magma
X-MP-GENERATED-AT
X-Check-Cacheable
X-Wix-Route-ID
X-Varnish-URL
X-Cache-Info
X-PAGE-TYPE
Processtime
PICS-Label
X-NODE
X-FORWARDED-FOR
GeoIP-City
GeoIP-Latitude
X-Be
X-Proxy-Server
X-Request-Start
GeoIP-Country-Code
X-From-Cache
Ms-Operation-Id
X-RTag
X-Nananana
Cdn-Host
X-Gen-Id
X-Gdpr
X-Edge-Server
X-CACHE-KEY
Memory
X-Cookie
Cdn-Request-Time
GW-Server
X-GDPR
UCS
Lb
X-Fastly-Backend-Reqs
Dont-Set-Cookie
DataCenter
X-Load-Cache
X-WR-MODIFICATION
X-Fastly-Cache-Hits
X-ServedByHost
X-HS-Status
X-PJAX-URL
X-User
COMMERCE-SERVER-SOFTWARE
Pics-Label
Cache-Hits
X-Cache-HT
Is-Session-Tracking
X-Swift-Error
Get-Access-Time
X-Env
X-Optimization
X-Ratelimit-Remaining
Group
X-Goog-Meta-Goog-Reserved-File-Mtime
Who
X-B3-SpanId
V-Cache
X-Cache-Ttl
X-RateLimit-Reset
Cf-Ipcountry
X-Fe
X-LI-UUID
X-Cache-Debug
X-Ver
X-Li-Pop
Accept-Language
X-Li-Fabric
X-LI-Proto
X-BBXSRF
X-CDN-Pop-IP
X-CDN-Pop
X-Dw-Trace-Id
X-Cache-FS-Status
X-ID
Amp-Access-Control-Allow-Source-Origin
X-Path-Route
Ws
NX-Cache
X-Content-Encoded-By
Locale
X-Ibm-Trace
X-Meta-Tbi-Cache-Vertical
X-Vcache
X-SB
URI
X-Info
X-GZIP
AGE-Hash
X-Bug-Bounty
X-PF-Uncompressing
Xet-Cookie
X-VC
Requestid
X-Urbn-Context-Path
X-Urbn-Site-Id
X-NGINX-Cache
Serverid
N-Cache
Fastly-Soc-X-Request-Id
X-CacheKey
X-Qloud-Router
CDN-Cache
X-Varnish-Info
Httpd-Identifier
X-Shard
CDN-Node
CDN-Cache-Hit
X-VG-WebCache
X-P-T
SID
SS
X-Serial
X-SVT-ORM-RULES
X-Route-Name
X-ServerName
X-Providence-Cookie
X-Is-Crawler
X-RequestId
X-Flags
X-Cache-Handler
X-Akamai-ERPolicy
X-SVT-ORM-VERSION
X-Litespeed-Cache-Control
X-Grace-Duration
Https
X-Akamai-ERRuleID
Powered-By