Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
Last-Modified
Accept-Ranges
Pragma
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
Expect-CT
Via
X-Cache
X-XSS-Protection
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Xss-Protection
X-Served-By
X-Amz-Cf-Id
X-Varnish
Referrer-Policy
X-Timer
CF-Cache-Status
Access-Control-Allow-Headers
X-AspNet-Version
Access-Control-Allow-Methods
X-Request-Id
X-Runtime
X-Download-Options
Access-Control-Allow-Credentials
X-FRAME-OPTIONS
X-Drupal-Cache
X-Request-ID
X-Cacheable
Alt-Svc
X-Generator
Content-Security-Policy-Report-Only
X-Check
X-Adblock-Key
X-AspNetMvc-Version
Status
X-Cache-Status
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Template
X-Permitted-Cross-Domain-Policies
X-Language
X-Iinfo
Content-Encoding
X-Content-Security-Policy
X-Turbo-Charged-By
X-CDN
X-Buckets
X-Type
Keep-Alive
Xkey
X-AH-Environment
X-Cache-Group
P3p
WPE-Backend
X-Pass-Why
X-Backend
Access-Control-Max-Age
X-Age
CF-Ray
Upgrade
X-POWERED-BY
X-Server
Access-Control-Expose-Headers
EagleId
X-Via
X-Nginx-Cache-Status
X-Server-Powered-By
X-Drupal-Dynamic-Cache
X-Pingback
X-Varnish-Cache
X-Amz-Id-2
X-Amz-Request-Id
X-Hacker
Grace
X-UA-Device
X-Swift-CacheTime
X-Swift-SaveTime
X-Robots-Tag
Ali-Swift-Global-Savetime
Cf-Railgun
X-LiteSpeed-Cache
X-Proxy-Cache
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Ua-Compatible
Request-Context
Content-Location
X-Device
X-Ac
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Cnection
X-Amz-Version-Id
X-Host
Surrogate-Control
X-Cache-Lookup
X-Node
X-Server-Id
X-Backend-Server
X-Rq
X-Response-Time
X-Rack-Cache
X-WebKit-CSP
X-Readtime
X-Application-Context
EagleEye-TraceId
X-OneAgent-JS-Injection
Server-Timing
X-Cloud-Trace-Context
X-Url
Report-To
Pinterest-Generated-By
Request-Id
X-CST
X-Instart-Request-ID
X-TTL
X-Country
X-ORACLE-DMS-ECID
X-Px
X-Clacks-Overhead
Feature-Policy
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Edge-Control
X-Country-Code
Rating
X-Dns-Prefetch-Control
Allow
NEL
X-Powered-CMS
X-Vname
X-TtlSet
X-PC
X-FTR-Request-ID
X-DataDome
X-Origin-Cache
Charset
X-Server-Name
X-ESI
X-Cached
X-DynaTrace-JS-Agent
X-MS-InvokeApp
X-DynaTrace
X-Vhost
X-Goog-Hash
X-GitHub-Request-Id
X-Recruiting
X-VARITI-CCR
X-Varnish-TTL
RTSS
X-F-Cache
X-Version
X-Exp-Id
X-Kinja-Build
X-Kinja-Revision
X-Kinja-Server
X-Kinja
X-GoogleNews-Bot
X-Cdn-Fetch
X-Exp-Variant
X-Geo-Segment
X-Powered-By-Plesk
Content-MD5
Accept-CH
X-D2id
Arc-Version
PB-RID
X-Mobile-Rewrite
PB-PID
Public-Key-Pins
X-Mod-Pagespeed
MS-Author-Via
Verso
X-Client-IP
X-Abt-Application-Version
X-Dispatcher
Pinterest-Version
X-Pinterest-Rid
X-Upstream-Env
SPRequestGuid
X-Ruxit-JS-Agent
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-SharePointHealthScore
X-N
X-Amz-Rid
Nginx-Cache
Accept-CH-Lifetime
X-Navigation-Version
X-ORACLE-DMS-RID
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-Dw-Request-Base-Id
X-TEC-API-ROOT
X-Trace
X-Fastly-Request-ID
X-CF-Powered-By
X-Forwarded-Proto
Paypal-Debug-Id
X-Server-ID
X-Origin-Upstream-Status
X-DIS-Request-ID
SPRequestDuration
SPIisLatency
X-Upstream
X-T
X-Hits
X-Varnish-Age
Arr-Disable-Session-Affinity
X-Amz-Meta-S3cmd-Attrs
TCN
X-Id
X-Grace
X-Oracle-Dms-Rid
DynaTrace
X-Shield-Request-Id
X-Pad
AR-PoweredBy
AR-ATIME
X-Content-Options
AR-CACHE
Realpath
X-Content-Digest
X-NF-Request-ID
X-HW
Access-Control-Request-Method
Mrf-Cache-Status
MRF-Tech
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
X-Kinsta-Cache
X-IPLB-Instance
X-Acc-Meta-Resource-Type
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-XRDS-Location
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Goog-Metageneration
X-Cache-Hit
X-Debug
X-Vcap-Request-Id
X-B
X-Logged-In
X-Wix-Server-Artifact-Id
X-FastCGI-Cache
X-SS-Set-Cookie
Service-Worker-Allowed
X-Ser
Tracecode
S
X-MSEdge-Ref
Fastly-Restarts
X-NewRelic-App-Data
Server-Name
X-PressLabs-Stats
X-FTR-Backend-Server
X-FTR-Backend
X-Country-Code-Real
X-FTR-Balancer
X-FTR-Cache-Status
X-FTR-Realm
X-Frontend
X-FTR-DC
X-Cache-Key
X-FTR-Expires
X-Accel-Buffering
AMP-Access-Control-Allow-Source-Origin
Surrogate-Key
Rt-Fastcgi-Cache
X-Forwarded-For
Fastcgi-Cache
X-Analytics
Backend-Timing
Alternate-Protocol
X-HS-Hub-Id
X-HS-Content-Id
X-Iejgwucgyu
Host
X-Cache-Rule
Eomportal-Instance
FilterID
X-Revision
AR-SID
X-Rid
TP-Cache
X-Srv
TP-L2-Cache
Front-End-Https
X-FTR-Cache-Host
Cache-Status
Public-Key-Pins-Report-Only
X-Ttl
X-Debug-Info
X-User-Agent
Cleartype
X-Whom
X-Akam-SW-Version
X-Mobile
ServerID
Accept-Charset
X-AOL-HN
X-Webkit-CSP
X-Varnish-Backend
X-Cdn
X-Cache-2
X-GUploader-UploadID
X-RateLimit-Remaining
X-Request-Received
X-Request-Processing-Time
X-Zen-Fury
X-Oneagent-Js-Injection
X-Content-Powered-By
X-Cached-By
X-XRDS-LOCATION
X-Via-JSL
X-WPE-Loopback-Upstream-Addr
X-NWS-LOG-UUID
X-TA-CDN-Provider
X-VCache
X-App-Environment
X-Do-Not-Hack
Permitted-Cross-Domain-Policies
X-HeyJason
X-LB-Cache
Host-Header
X-Magnolia-Registration
X-Cache-Control
X-Sol
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Page-Id
X-Middleton-Display
X-Cluster
X-Varnish-Hostname
X-Tumblr-User
Display
X-Request-Guid
X-Node-Name
X-Device-Type
X-TT
X-Akamai-Edgescape
X-Framework
X-Signature
X-Handled-By
Upgrade-Insecure-Requests
X-B-Cache
X-Content-Security-Policy-Report-Only
X-FB-Debug
X-B3-Sampled
X-Correlation-Id
X-Platform-Server
Viewport
X-Instance
Cache-Tag
DC
Liferay-Portal
X-BCube-Filmed-By
X-Amzn-Trace-Id
X-Cache-Server
MicrosoftSharePointTeamServices
X-Webkit-Csp
X-Hostname
Server-Node
X-Origin-Server
X-Fastcgi-Cache
X-TT-TIMESTAMP
X-Accel-Expires
Source
X-B3-Traceid
X-WA-Info
Retry-After
X-Varnish-Server
X-Esi
X-Distil-CS
X-Seen-By
X-Servedby
X-Contextid
X-Wix-Request-Id
X-Edge-Location
HitInfo
Server-Info
HitType
X-Cache-Action
X-GeoIP
X-Amz-Replication-Status
SRV
Content-Style-Type
X-S
X-Tumblr-Pixel-1
Content-Script-Type
X-RequestSource
Webserver
X-Tumblr-Pixel-2
X-Cache-Operation
X-Status
X-Jobs
Response
Actual-Object-TTL
X-WebKit-CSP-Report-Only
User-Agent
X-Generated-By
GEO-INFO
X-Locale
X-Middleton-Response
X-Response-Served-From
X-FW-Static
X-Edge-Cache
X-Edge-Cache-Key
X-ATG-Version
X-Drupal-Cache-Tags
X-FW-Type
X-FW-Server
X-FW-Serve
AsisCache
X-Cache-NE
X-Region
X-FW-Hash
X-Adobe-Content
ServedBy
X-UUID
X-Varnish-Hits
X-TX-ID
X-Adobe-Loc
Refresh
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Newrelic-App-Data
Healthy
X-Port
Payment
X-Hyper-Cache
X-Geo-Country
X-Cache-TTL-Remaining
S-Cnection
X-APP-VERSION
X-Content-Type
X-DataStream-Cache-Status
IBM-Web2-Location
Datacenter
Edge-Cache-Tag
X-HS-Cache-Config
Country
X-Amz-Server-Side-Encryption
X-Varnish-Grace
HostName
X-Cache-Age
Filters
X-HS-Combine-CSS
Powered-By-ChinaCache
Served-By
X-Daa-Tunnel
NGB
X-AppVersion
X-Sucuri-ID
X-Activity-Id
X-Az
X-Cacheable-TTL
X-Cache-Remote
X-Pc-Appver
X-Pc-Key
X-Pc-Hit
X-Varnish-IP
X-Vg-Webcache
X-App-Server
X-Akamai-Transformed
X-Mode
X-UA
X-Mrs-Age
X-Mrs-Cache-Hits
X-Mshield-Cache-Status
X-Kinja-Server-Push
X-Mrs-Cache
X-Rule
X-Kong-Upstream-Latency
X-Is-Bot
X-Rendered-As
X-Cache-TTL
X-Detected-As
X-RN-RSRV
Machine
Meta-Geo
X-Cache-Var
X-Cache-Var-Map
Load-Balancing
X-Kong-Proxy-Latency
X-FC-Vary-Parameters
X-ProxyCache-Status
X-Proxy
X-ProxyCache-Key
X-BYPASS-REASON
X-Rocket-Nginx-Bypass
OT-Force-Account-Verify
TWC-Privacy
X-OCL
X-Origin
X-Origin-Hint
Mn-Server-Ip
X-PCL
X-Varnish-Cacheable
X-Tb
X-Varnish-Cache-Hits
X-ServerID
Access-Control-Allow-Method
Backend
DB-Nickname
Cache-Name
X-Hosted-By
Property-Id
Webcakes-Region
TWC-Locale-Group
X-Cache-Category-Id
TWC-GeoIP-LatLong
TWC-Device-Class
Webcakes-App-Name
Webcakes-App-Version
TWC-GeoIP-Country
User-Cache-Control
X-Amz-Meta-Surrogate-Control
X-Grey
TWC-Connection-Speed
X-Access
Azure-Version
Azure-SlotName
Azure-InstanceId
X-Section
X-Routing-Service
X-Site-Version
X-Upgrade-Enabled
Azure-SiteName
X-TNCMS
X-RemovedCookies
X-BB-IP
X-OVcl-Cache
X-Generated
X-Format
ServerName
X-OVcl
X-JoinUs
X-Loop
X-Hit
X-ProcessESI
X-EIG-Tracking-Id
X-Zipkin-Id
X-Human
X-Upstream-HT
L5d-Success-Class
Now
X-Proxied
X-CDN-Cache
X-Upstream-CT
Azure-RegionName
X-Correlation-ID
Selected-FE
Cache-Key
S-Rt
X-Environment-Context
X-Timing-Wait
X-IP
X-Pubstack
X-Debug-Cache
Fastcgi-X-Cache
X-Viewer-Country
X-App-Name
X-ApacheServer
X-Cache-Config
X-TWH-CORRELATION-ID
X-Agile-Id
Fastcgi-X-Cache-Version
Fastcgi-Useragent
X-App-Version
X-Proxy-Build
Access-Control-Request-Headers
From-Origin
X-PERF
X-Agile
X-Original-Request
X-NodeID
X-Source
X-HOST
X-L-Path
X-Drupal-Cache-Contexts
X-NGENIX-Cache
X-Agile-Age
X-Via-Fastly
X-Ocache
X-CCM
X-Origin-CC
X-URL
X-CDN-Forward
X-Amz-Apigw-Id
X-Amzn-RequestId
Pagespeed
Cache
X-SplitTest
X-VWS-Id
LB
X-Nginx-Cache
X-LJ-Flow-ID
X-AWS-Id
X-Www-Served-By
X-Xfnlog-Site
X-Unique-ID
X-Backend-Name
X-Feature
X-Forwarded-Host
NtCoent-Length
X-Litespeed-Cache
X-RateLimit-Limit
Fastly-SSL
ViewerVersion
X-Akamai-Request-ID
X-Ms-Lease-Status
X-Ms-Version
X-Storage
X-Ms-Request-Id
X-Ms-Blob-Type
X-Vgn-Hpd-Reason
X-Birta-Cache-Post
X-Birta-Served
X-M-Log
X-M-Reqid
X-Qnm-Cache
X-Varnish-Beresp-Grace
X-Pc-Host
X-Pc-Date
X-Varnish-Beresp-Status
Ar-Sid
X-Labrador-Cache-Channel
X-VG-TLSProxy
X-Cluster-Node
Xserver
X-Guploader-Uploadid
X-Time-Microsecs
X-NCache
X-Internal-Host
X-Ruxit-Js-Agent
X-Real-Ip
X-Real-IP
X-Microcachable
Time
X-Distributor
X-Release
AR-Request-ID
X-EdgeConnect-Cache-Status
CACHE
X-B3-TraceId
X-B3-Spanid
PageSpeed
WZWS-RAY
X-Powered-By-ANYU
X-Request-Time
X-Cache-Enabled
X-Sucuri-Cache
X-Varnish-Beresp-Ttl
ProcessTime
X-SERVER-NAME
X-Dynatrace-Js-Agent
X-Via-Edge
X-Via-CDN
X-VG-WebServer
Rendered-Blocks
X-Via-SSL
Server-Int
V-Age
T-Server
X-WebServer
X-Connection-Hash
X-CUA
X-D
X-Trv-Group
X-Transaction
X-Store
X-Dispatcher-Server
X-Twitter-Response-Tags
BehaviorPad-Version
X-Date
X-Destination
X-Developer
X-UE-Client-Country
X-CF-Lambda-Version
X-CF-Lambda-Fn
AKAMAI
Ajk
X-A-Wwc
X-Accel-Expires-Debug
X-A-Dgt
X-A-Dcw
X-A
Arc-Country
X-A-Ccd
X-A-Dam
Www
X-Web-Node
Viewtype
X-Cache-Bucket
Cache-Prefix
Xc-Version
VivaBuild
X-BB-ID
X-Application
X-ARC
X-B-Cookie
X-DPWN-IS-SECURE
X-Died
MD5-Digest
Fly-Cache
Fly-Request-Id
IsBot
X-SRCache-Key
X-Generated-In
X-Redis-Cache
X-G
Meta-Geo-Continent
X-IN-APIGATEWAY
X-IN-SSL-APIGATEWAY
X-No-Session
X-Logtrace-Id
X-Irp-Debug
X-NU-AKA-ACS-Version
X-Org
X-Newrelic-Synthetics
X-PAYTM-SRV-ID
X-IN-WAF
X-Region-Sid
X-Generation-Time
X-Rewrite-Enabled
X-Server-By
X-Server-Time
X-Rojux
X-ScT
Ec-Rule-Version
X-S-Cookie
NGX
Mobile-Detection-Method
X-Request-UUID
X-SIPLIST1
X-From
X-Sorting-Hat-ShopId
X-Cache-Backend
X-FireWall-Port
X-Sorting-Hat-PodId
X-ShardId
X-Shopify-Stage
X-Endurance-Cache-Level
X-Alternate-Cache-Key
X-NC
X-ShopId
HA-Geolat
NodeID
Ha-Gx-Prefs
HA-Georegion
HA-Geolon
Release
Magicmarker
SN
Server-Host
REQUESTUUID
Origin-Edge-Control
HA-Urlpath
HA-Host
HA-Ipaddr
HA-Servedtime
Origin-Cache-Control
X-VServer
X-RateLimit-Limit-Second
X-Policy
X-Hl-Ver
X-Hash
X-RateLimit-Remaining-Second
X-Fastly-Cache
X-Gen-Mode
X-Platform
X-Phone
X-Node-Id
X-Layer
X-Origin-TTL
X-Owner
HA-Geocountry
X-Hnp-Log
X-F5-Cache
X-S-Maxage
X-Wikidot-Backend
X-CGP
X-Wikidot-Static-Cache
X-Cache-CFC
X-Block-Status
X-External-Request-Id
X-Crawler
X-We-Are-Hiring
X-UnsetCookies
X-Eu-Site
X-Varnish-Action
X-VCT
X-Key
X-CS
X-Amz-Meta-Cache-Control
Web-Mar-Node
Backend-Name
Frame-Options
Country-Code
HA-Geocity
X-UA-Device-Type
GMS-Ver
HA-Cloudapp
X-Webstats-RespID
X-Nc
X-ElasticPress-Search
X-CACHE-AGE
X-Amz-Cf-Pop
Adler-Geo
X-MI-In-Market
X-Actual-URL
X-Location
X-Instance-Name
X-MSEdge-Features
X-Matched-Rule
Apple-News-Services-Request-Url
X-Nginx-Cache-Key
X-NX-Host
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-From
X-MSEdge-Flight
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
X-Backend-Host
Apple-News-Services-Handled
X-Backend-TTL
X-Device-Os
X-Cache-URL
X-Cache-Srv
Cneonction
X-Developers
X-Debug-Log
X-Core-Mission
X-Clientip
X-Croise-Owner
X-Debug-Cookies
X-Epic-Correlation-Id
X-Fetched-On
X-GeoIP-Country-Code
X-HTML-Minification-Powered-By
X-Backend-Url
X-Passed-To
X-C
X-GeoIP-City
X-Cache-Expires
X-FW-Version
X-Gannett-Site-Version
X-Backend-State
Thinkindot-CacheControl-Type
MI-Cache
MI-API
Esi-Enabled
X-Swa-Ws
MI-Cache-Age
X-Stale
Origin
X-Secret
Odigeo-Trace-Id
X-Server-IP
X-Thinkindot-L3
X-TT-LOGID
Kp-EeAlive
Resin-Trace
X-RCS-CacheZone
X-Sf
X-Variation
Heartbleed
X-Tumblr-Pixel-3
Is-Eu
X-Up
X-Var-Ttl
X-Passed-To-BeforeDispatch
Countrycode
X-Passed-To-PostProcessResponse
X-Reboot
Section-Io-Cache
X-Request-URI
X-Passed-To-DLL
CDCHOST
Uber-Trace-Id
Thinkindot-Control
X-Core-Value
Thinkindot-CacheControl
X-Returned-From-PostProcessResponse
X-Ezoic-Cdn
Pragrma
X-Returned-From-DLL
Platform
X-Response-By
Proxy-Connection
X-Returned-From
Request-EU
Request-Country
X-Returned-From-BeforeDispatch
X-GZip
Pagetype
X-Ua
Decoy-Debug-Status
X-Content-Age
X-Ckpd-Fst-Backend
X-Fstrz
Decoy-Debug-Key
X-Cache-Host
X-Worker
True-Client-Country-4JS
Server-ID
Fastly-Backend-Name
On-Server
RNT-Machine
RNT-Time
X-ServiceProvider
X-NWS-UUID-VERIFY
Cache-Tags
X-Surge-Debug
Powered
X-Sn-Servicetimems
Decoy-Debug-TTL
X-Trace-Id
Content-Disposition
X-Cdn-Origin
X-Csrf-Token
X-Dc
X-V
Warning
HTTPS
X-Skip-Cache
Fastly-SIE
X-Rebelmouse-Cache-Control
Fastly-SWR
X-Cdn-Srv
X-Alicdn-Da-Ups-Status
X-Servername
X-Rebelmouse-Surrogate-Control
X-Aed
Host-ID
MIME-Version
X-Edge-IP
X-TIME
RequestId
X-Proto
X-Req
X-Pf-Uncompressing
Pramga
X-GEO
Sid
TSSecure
Mail-Subject
Request-Time
We-Hiring
XServer
PFcat
X-Cdn-Forward
X-Datadome
X-Refresh
X-Pjax-Url
X-Ms-Lease-State
X-Ratelimit-Limit
Cteonnt-Length
CF-IPCountry
X-Time
X-ABtesting
X-Flog
X-Hello
X-Page-Type
WP-Super-Cache
X-Geo
X-PHP-Backend
X-Varnish-Ttl
X-Varnish-Url
Cdn
X-Server-W
X-CLOUD-TRACE-CONTEXT
X-GRACE
X-DC
X-Atg-Version
X-Auto-Login
X-COUNTRY
Mime-Version
X-Planisys-CDN-Cache
X-Servedbyhost
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
CDN
FSS-Cache
FSS-Proxy
X-Oss-Hash-Crc64ecma
X-Oss-Server-Time
X-Oss-Request-Id
X-Oss-Object-Type
X-Oss-Storage-Class
X-Oracle-Dms-Ecid
X-DataStream-Origin-MEX-Latency
Lfy
Dnion-Transfer-Encoding
X-Aicache-OS
GeoIp-Country-Code
Geoip-Latitude
X-Cache-ASPX
X-Unique-Id
X-DataStream-MidMile-RTT
X-CSRF-Token
X-GoCache-CacheStatus
PageType
X-Sentry-ID
Rt-Proxy-Cache
X-Akamai-Request-ID2
A
X-WA
X-Varnish-Beresp-TTL
X-EC-Security-Audit
X-MP-GENERATED-AT
X-Served-From
X-Cache-Id
X-Bip
Memcached
X-Thanos
X-Via-NSCOPI
X-Ratelimit-Remaining
MS-CV
NnCoection
X-Check-Cacheable
Node
X-Cache-Info
X-CACHE-KEY
X-Origin-Expires
X-Origin-Date
X-Wa
X-Cache-Control-Set-By
X-APP
X-HCF
GeoIP-Country-Code
GeoIP-Latitude
X-Varnish-HitMiss
NODE
X-Request-Start
X-Proxy-Server
X-Be
SD-X-WS
Memory
X-Nananana
X-NODE
GeoIP-City
GW-Server
UCS
X-Fastly-Cache-Hits
WWW-Authenticate
X-SRV
X-UPSTREAM-Address
X-Server-Group
Hostname
X-ServedByHost
Cache-Hits
Geoip-City
X-User
X-Vcache
X-Cookie
X-PAGE-TYPE
X-Varnish-URL
PICS-Label
X-Wix-Route-ID
X-Gen-Id
Accept-Language
X-GDPR
X-From-Cache
X-Load-Cache
X-WR-MODIFICATION
DataCenter
X-HS-Status
X-Goog-Meta-Goog-Reserved-File-Mtime
Cf-Ipcountry
X-FORWARDED-FOR
X-RTag
Amp-Access-Control-Allow-Source-Origin
X-Fastly-Backend-Reqs
X-Dynatrace
Processtime
X-Cache-Debug
X-Cache-Ttl
X-PJAX-URL
X-BBXSRF
Locale
X-Gdpr
X-Urbn-Context-Path
X-LI-Proto
X-Urbn-Site-Id
Cdn-Host
Pics-Label
COMMERCE-SERVER-SOFTWARE
X-Path-Route
X-Li-Fabric
X-Li-Pop
X-Edge-Server
Cdn-Request-Time
X-LI-UUID
X-Swift-Error
X-Use-Magma
X-Info
X-B3-SpanId
Ms-Operation-Id
X-VG-WebCache
Dont-Set-Cookie
X-Qloud-Router
X-CDN-Pop
X-PF-Uncompressing
X-CDN-Pop-IP
Fastly-Soc-X-Request-Id
Dynatrace
SS
X-Fe
X-Dw-Trace-Id
Requestid
X-ID
X-Cache-HT
X-Bug-Bounty
X-RateLimit-Reset
X-Content-Encoded-By
Get-Access-Time
X-Optimization
NX-Cache
X-P-T
X-Env
Is-Session-Tracking
X-GZIP
V-Cache
Group
X-NGINX-Cache
Serverid
X-SN
CDN-Cache-Hit
X-Varnish-Info
CDN-Cache
Who
URI
Lb
CDN-Node
X-CacheKey
Https
Xet-Cookie
X-ServerName
X-Akamai-SSL-Client-Sid
X-Shard
X-Serial
X-Grace-Duration
Powered-By
X-Protected-By
X-BE
RequestUuid
X-CSRF-TOKEN
AGE-Hash
X-RequestId
X-Flags
X-Is-Crawler
X-Providence-Cookie
X-Akamai-ERPolicy
X-Litespeed-Cache-Control
X-Route-Name
X-Ver
X-Cache-FS-Status
X-Akamai-ERRuleID
SID