Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
Last-Modified
Accept-Ranges
Pragma
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
Expect-CT
Via
X-XSS-Protection
X-Cache
Age
Access-Control-Allow-Origin
Content-Security-Policy
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Served-By
X-Amz-Cf-Id
X-Varnish
Referrer-Policy
X-Xss-Protection
X-Timer
CF-Cache-Status
X-FRAME-OPTIONS
Access-Control-Allow-Headers
X-AspNet-Version
X-Request-Id
Access-Control-Allow-Methods
X-Runtime
X-Download-Options
Access-Control-Allow-Credentials
X-Drupal-Cache
X-Cacheable
Alt-Svc
X-Request-ID
X-Generator
Content-Security-Policy-Report-Only
X-Check
X-AspNetMvc-Version
X-Adblock-Key
Status
X-Cache-Status
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Permitted-Cross-Domain-Policies
X-Template
X-Iinfo
X-Language
Content-Encoding
X-Content-Security-Policy
X-Turbo-Charged-By
X-CDN
X-Buckets
X-Type
Keep-Alive
Xkey
X-AH-Environment
X-Cache-Group
WPE-Backend
X-Pass-Why
X-Backend
Access-Control-Max-Age
X-Age
Upgrade
CF-Ray
X-Server
X-POWERED-BY
Access-Control-Expose-Headers
EagleId
X-Via
X-Nginx-Cache-Status
X-Server-Powered-By
X-Drupal-Dynamic-Cache
X-Pingback
X-Varnish-Cache
X-Amz-Request-Id
X-Amz-Id-2
X-Hacker
Grace
X-UA-Device
X-Swift-CacheTime
X-Swift-SaveTime
X-Robots-Tag
Ali-Swift-Global-Savetime
P3p
Cf-Railgun
X-Proxy-Cache
X-Envoy-Upstream-Service-Time
X-LiteSpeed-Cache
X-Page-Speed
X-Ua-Compatible
Request-Context
X-Device
Content-Location
X-Ac
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Cnection
X-Amz-Version-Id
X-Host
X-Server-Id
X-Node
X-Cache-Lookup
Surrogate-Control
X-Backend-Server
X-Rq
X-WebKit-CSP
X-Response-Time
X-Rack-Cache
X-Readtime
X-Application-Context
EagleEye-TraceId
X-OneAgent-JS-Injection
Server-Timing
X-CST
X-Cloud-Trace-Context
X-Url
Pinterest-Generated-By
Report-To
Request-Id
X-Instart-Request-ID
X-TTL
X-Country
X-ORACLE-DMS-ECID
X-Px
X-Clacks-Overhead
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Feature-Policy
Edge-Control
X-Country-Code
Rating
Allow
X-DataDome
X-ESI
X-Powered-CMS
X-PC
X-TtlSet
X-Vname
X-Dns-Prefetch-Control
NEL
X-FTR-Request-ID
X-Server-Name
Charset
X-DynaTrace-JS-Agent
X-Origin-Cache
X-DynaTrace
X-MS-InvokeApp
X-Cached
X-Goog-Hash
X-Vhost
X-GitHub-Request-Id
X-Recruiting
X-VARITI-CCR
X-Varnish-TTL
RTSS
X-F-Cache
X-Version
Content-MD5
X-Geo-Segment
X-Exp-Id
X-GoogleNews-Bot
X-Exp-Variant
X-Kinja-Revision
X-Kinja-Server
X-Kinja
X-Cdn-Fetch
X-Kinja-Build
X-Powered-By-Plesk
Accept-CH
Public-Key-Pins
PB-PID
PB-RID
X-Mobile-Rewrite
Arc-Version
X-D2id
X-Mod-Pagespeed
MS-Author-Via
Verso
X-Client-IP
X-Upstream-Env
X-Pinterest-Rid
Pinterest-Version
X-ORACLE-DMS-RID
X-Abt-Application-Version
SPRequestGuid
X-Dispatcher
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-N
X-SharePointHealthScore
X-CF-Powered-By
X-Ruxit-JS-Agent
X-Amz-Rid
Nginx-Cache
Accept-CH-Lifetime
X-Navigation-Version
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-Dw-Request-Base-Id
X-Trace
X-Fastly-Request-ID
Paypal-Debug-Id
X-Forwarded-Proto
X-T
X-DIS-Request-ID
DynaTrace
X-Upstream
X-Grace
X-Varnish-Age
X-Hits
X-Origin-Upstream-Status
AR-ATIME
AR-PoweredBy
Arr-Disable-Session-Affinity
SPRequestDuration
SPIisLatency
X-Amz-Meta-S3cmd-Attrs
TCN
X-Id
AR-CACHE
X-Shield-Request-Id
X-Pad
X-Content-Options
X-Content-Digest
Realpath
X-NF-Request-ID
Access-Control-Request-Method
Mrf-Cache-Status
X-HW
MRF-Tech
X-Kinsta-Cache
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
X-IPLB-Instance
X-FastCGI-Cache
X-Acc-Meta-Resource-Type
X-Cache-Hit
X-B
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Storage-Class
X-Server-ID
X-Goog-Generation
X-Oracle-Dms-Rid
X-Logged-In
X-Vcap-Request-Id
X-Debug
X-SS-Set-Cookie
X-Wix-Server-Artifact-Id
X-NewRelic-App-Data
X-Ser
Service-Worker-Allowed
S
Tracecode
X-XRDS-Location
X-Cache-Key
X-MSEdge-Ref
Server-Name
X-PressLabs-Stats
X-Country-Code-Real
X-FTR-Backend-Server
X-FTR-Balancer
X-Frontend
X-FTR-DC
X-FTR-Backend
X-FTR-Cache-Status
X-FTR-Realm
AMP-Access-Control-Allow-Source-Origin
Fastly-Restarts
AR-SID
X-FTR-Expires
Rt-Fastcgi-Cache
Surrogate-Key
X-Forwarded-For
X-Accel-Buffering
Fastcgi-Cache
Permitted-Cross-Domain-Policies
X-Do-Not-Hack
X-HeyJason
Eomportal-Instance
Alternate-Protocol
X-Cache-Rule
Backend-Timing
X-Analytics
X-HS-Hub-Id
X-HS-Content-Id
Host
Cleartype
X-Srv
TP-L2-Cache
TP-Cache
Cache-Status
X-Rid
X-Revision
FilterID
Public-Key-Pins-Report-Only
X-XRDS-LOCATION
X-FTR-Cache-Host
X-Debug-Info
X-Whom
X-User-Agent
X-Akam-SW-Version
Front-End-Https
X-Ttl
ServerID
X-TA-CDN-Provider
X-AOL-HN
X-GUploader-UploadID
X-Mobile
X-Varnish-Backend
Accept-Charset
X-RateLimit-Remaining
X-Cache-2
X-Via-JSL
X-Webkit-CSP
X-NWS-LOG-UUID
X-Iejgwucgyu
X-VCache
X-Request-Processing-Time
X-Request-Received
X-Cdn
X-Zen-Fury
X-Content-Powered-By
X-Correlation-Id
X-Kinja-Server-Push
X-Cached-By
X-WPE-Loopback-Upstream-Addr
X-Oneagent-Js-Injection
X-App-Environment
Viewport
X-Node-Name
X-LB-Cache
X-Tumblr-Pixel
Host-Header
X-Varnish-Hostname
X-Magnolia-Registration
X-Tumblr-Pixel-0
X-Cluster
X-Tumblr-User
X-Page-Id
X-Cache-Control
X-Handled-By
X-Request-Guid
X-Framework
X-TT
X-Akamai-Edgescape
X-Device-Type
Liferay-Portal
X-B3-Sampled
X-FB-Debug
X-Platform-Server
X-Signature
X-Content-Security-Policy-Report-Only
X-BCube-Filmed-By
Upgrade-Insecure-Requests
X-B-Cache
DC
X-Instance
Cache-Tag
Display
X-Sol
X-Middleton-Display
X-Cache-Server
X-Amzn-Trace-Id
X-Hostname
X-Origin-Server
MicrosoftSharePointTeamServices
X-B3-Traceid
Server-Node
X-TT-TIMESTAMP
X-Accel-Expires
X-Webkit-Csp
Source
Retry-After
X-WA-Info
X-Fastcgi-Cache
X-Varnish-Server
X-Contextid
X-Servedby
X-Distil-CS
HitInfo
Server-Info
HitType
X-Wix-Request-Id
X-Seen-By
X-Cache-Action
X-Cache-Operation
Content-Style-Type
Content-Script-Type
X-APP-VERSION
Webserver
X-Amz-Replication-Status
User-Agent
X-GeoIP
X-Edge-Location
X-RequestSource
X-S
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
SRV
GEO-INFO
X-Locale
Actual-Object-TTL
X-Jobs
X-WebKit-CSP-Report-Only
X-Status
X-Edge-Cache
X-Response-Served-From
AsisCache
X-Edge-Cache-Key
X-FW-Hash
X-FW-Type
X-ATG-Version
X-FW-Static
X-FW-Server
X-FW-Serve
X-Region
X-Generated-By
X-TX-ID
X-Litespeed-Cache
X-Adobe-Loc
ServedBy
Response
X-Drupal-Cache-Tags
X-Adobe-Content
X-Middleton-Response
X-Varnish-Hits
X-UUID
X-Port
Refresh
Healthy
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Cache-NE
X-Geo-Country
X-Hyper-Cache
X-DataStream-Cache-Status
X-Cache-Age
X-Cache-TTL-Remaining
Payment
S-Cnection
X-Esi
IBM-Web2-Location
X-Varnish-Grace
X-Content-Type
X-Amz-Server-Side-Encryption
X-Daa-Tunnel
Datacenter
Filters
X-Activity-Id
X-Az
X-AppVersion
X-HS-Cache-Config
Country
X-Newrelic-App-Data
Edge-Cache-Tag
NGB
X-UA
X-Cache-Remote
X-Pc-Appver
X-Pc-Hit
X-Pc-Key
Served-By
X-Cache-TTL
X-Cacheable-TTL
X-Varnish-IP
X-Sucuri-ID
X-CDN-Forward
X-App-Server
X-Proxied
Powered-By-ChinaCache
X-HS-Combine-CSS
X-Vg-Webcache
Pagespeed
X-Akamai-Transformed
X-Mode
X-RN-RSRV
X-Rule
X-Is-Bot
X-Kong-Proxy-Latency
X-Mrs-Age
X-Rendered-As
X-Cache-Var
X-Detected-As
X-Kong-Upstream-Latency
X-Mshield-Cache-Status
X-Mrs-Cache
X-Mrs-Cache-Hits
X-RemovedCookies
X-ProcessESI
X-Cache-Var-Map
Load-Balancing
Machine
Meta-Geo
X-FC-Vary-Parameters
X-Proxy
X-Rocket-Nginx-Bypass
HostName
Webcakes-App-Version
TWC-GeoIP-Country
TWC-Device-Class
X-ProxyCache-Status
X-ProxyCache-Key
X-BYPASS-REASON
X-Cache-Category-Id
TWC-Locale-Group
TWC-Connection-Speed
Property-Id
TWC-Privacy
Mn-Server-Ip
OT-Force-Account-Verify
X-Grey
Access-Control-Allow-Method
Webcakes-Region
User-Cache-Control
Cache-Name
TWC-GeoIP-LatLong
X-PCL
X-Hosted-By
X-Origin-Hint
X-Varnish-Cacheable
X-Varnish-Cache-Hits
X-Tb
X-ServerID
DB-Nickname
X-OCL
X-Origin
X-Human
Webcakes-App-Name
X-Amz-Meta-Surrogate-Control
Backend
X-Site-Version
X-Section
X-NodeID
X-Loop
Now
X-Hit
X-OVcl
X-JoinUs
X-Routing-Service
L5d-Success-Class
Azure-SlotName
Azure-Version
X-OVcl-Cache
Azure-SiteName
Azure-RegionName
X-Original-Request
Azure-InstanceId
S-Rt
X-TNCMS
X-Upgrade-Enabled
X-Debug-Cache
X-Access
X-CDN-Cache
X-BB-IP
X-EIG-Tracking-Id
X-Zipkin-Id
ServerName
X-Generated
X-Format
X-Agile-Id
X-Agile-Age
Selected-FE
X-ApacheServer
Fastcgi-Useragent
X-AWS-Id
X-App-Name
Fastcgi-X-Cache-Version
X-L-Path
X-Environment-Context
X-NGENIX-Cache
X-IP
X-LJ-Flow-ID
X-Agile
Fastcgi-X-Cache
Cache-Key
X-Cache-Config
X-TWH-CORRELATION-ID
X-Via-Fastly
X-Viewer-Country
X-Www-Served-By
X-VWS-Id
X-SplitTest
X-Timing-Wait
X-PERF
X-Pubstack
X-Proxy-Build
Access-Control-Request-Headers
X-Source
X-Upstream-CT
X-Upstream-HT
X-CCM
X-Drupal-Cache-Contexts
X-Origin-CC
X-Ocache
X-RateLimit-Limit
X-Xfnlog-Site
X-HOST
From-Origin
X-Nginx-Cache
X-Backend-Name
X-Unique-ID
X-URL
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Akamai-Request-ID
X-Forwarded-Host
LB
X-Storage
AR-Request-ID
Fastly-SSL
X-Correlation-ID
X-Vgn-Hpd-Reason
X-Pc-Date
X-Pc-Host
Cache
X-Real-IP
X-Ms-Lease-Status
X-Ms-Version
X-Ms-Blob-Type
X-Ms-Request-Id
NtCoent-Length
X-Birta-Served
X-Qnm-Cache
X-Feature
X-M-Log
X-Birta-Cache-Post
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-M-Reqid
ViewerVersion
X-NCache
X-Time-Microsecs
X-Labrador-Cache-Channel
X-App-Version
X-VG-TLSProxy
X-Internal-Host
CACHE
X-Distributor
X-Release
X-Microcachable
X-Ruxit-Js-Agent
X-EdgeConnect-Cache-Status
X-Cluster-Node
Time
X-NC
X-B3-Spanid
X-Powered-By-ANYU
WZWS-RAY
Ar-Sid
X-Transaction
X-Cache-Backend
X-Request-Time
X-Connection-Hash
X-Cache-Enabled
X-Sucuri-Cache
X-Twitter-Response-Tags
X-IN-SSL-APIGATEWAY
X-IN-WAF
X-PAYTM-SRV-ID
X-IN-APIGATEWAY
Ec-Rule-Version
Xc-Version
Fly-Request-Id
Fly-Cache
X-Org
X-Generation-Time
BehaviorPad-Version
X-No-Session
Cache-Prefix
X-Logtrace-Id
X-Irp-Debug
AKAMAI
X-NU-AKA-ACS-Version
Arc-Country
Cneonction
X-A-Ccd
X-A-Dam
X-A-Dcw
X-A
X-CUA
X-Date
X-D
Www
X-A-Dgt
X-A-Wwc
X-Cache-Bucket
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-BB-ID
X-B-Cookie
X-Accel-Expires-Debug
X-Application
X-ARC
VivaBuild
Viewtype
Mobile-Detection-Method
NGX
Rendered-Blocks
Meta-Geo-Continent
MD5-Digest
X-G
X-From
IsBot
X-DPWN-IS-SECURE
REQUESTUUID
T-Server
X-Destination
V-Age
X-Developer
Server-Int
X-Dispatcher-Server
X-Died
X-Generated-In
Ajk
X-VG-WebServer
X-ScT
X-S-Cookie
X-Server-Time
X-UA-Device-Type
X-Via-SSL
X-Via-Edge
X-Via-CDN
X-SIPLIST1
X-Region-Sid
X-UE-Client-Country
X-Real-Ip
X-Rewrite-Enabled
X-Trv-Group
X-Rojux
X-SRCache-Key
X-Request-UUID
X-WebServer
X-Redis-Cache
X-Server-By
Pagetype
X-FireWall-Port
X-SERVER-NAME
Xserver
X-Guploader-Uploadid
Frame-Options
HA-Geolat
HA-Geocountry
HA-Geolon
HA-Host
HA-Geocity
HA-Georegion
Ha-Gx-Prefs
X-Gen-Mode
Web-Mar-Node
X-Hash
X-Hnp-Log
X-RateLimit-Limit-Second
X-GeoIP-City
GMS-Ver
XServer
HA-Ipaddr
HA-Cloudapp
X-Phone
X-Eu-Site
X-External-Request-Id
Origin-Edge-Control
Origin-Cache-Control
Powered
Pragrma
X-Platform
X-Policy
Release
X-F5-Cache
NodeID
X-UnsetCookies
Country-Code
HA-Urlpath
Magicmarker
SN
X-Fastly-Cache
X-CGP
Server-Host
HA-Servedtime
X-Hl-Ver
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-Shopify-Stage
X-ShopId
X-Node-Id
X-RateLimit-Remaining-Second
X-Store
X-C
X-Block-Status
X-ShardId
X-Alternate-Cache-Key
X-Web-Node
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-We-Are-Hiring
X-Crawler
X-Cache-CFC
X-Origin-TTL
X-VServer
X-S-Maxage
X-Owner
X-VCT
Backend-Name
X-Layer
X-Key
X-Amz-Meta-Cache-Control
X-Varnish-Action
X-CS
X-Instance-Name
X-Ezoic-Cdn
X-Webstats-RespID
X-GZip
X-Varnish-Beresp-Ttl
X-Dc
X-Epic-Correlation-Id
X-Server-IP
X-Core-Mission
X-Core-Value
X-Sf
X-TT-LOGID
X-Debug-Log
X-Croise-Owner
X-Backend-Url
X-Cache-Expires
X-Cdn-Srv
X-Clientip
X-Backend-State
X-Tumblr-Pixel-3
Section-Io-Cache
X-Secret
Thinkindot-CacheControl
X-Thinkindot-L3
X-Cache-Srv
Thinkindot-CacheControl-Type
Thinkindot-Control
X-Backend-Host
X-Actual-URL
X-Cache-URL
Uber-Trace-Id
X-Stale
X-Backend-TTL
X-Debug-Cookies
X-Developers
X-Swa-Ws
Heartbleed
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Apple-News-Services-Handled
X-Matched-Rule
Adler-Geo
Apple-News-Services-Request-Url
CDCHOST
X-Var-Ttl
Countrycode
Request-EU
X-Location
X-MI-In-Market
X-ElasticPress-Search
X-Passed-To-BeforeDispatch
X-Passed-To
X-Passed-To-DLL
X-Passed-To-PostProcessResponse
ProcessTime
X-RCS-CacheZone
X-Reboot
X-MSEdge-Features
X-MSEdge-Flight
X-Nginx-Cache-Key
X-NX-Host
X-HTML-Minification-Powered-By
X-Variation
X-Returned-From-PostProcessResponse
MI-API
X-Request-URI
X-Fetched-On
Kp-EeAlive
MI-Cache
MI-Cache-Age
Proxy-Connection
Request-Country
Platform
Origin
Odigeo-Trace-Id
X-Returned-From-BeforeDispatch
X-Returned-From-DLL
X-Response-By
Is-Eu
X-Up
X-Returned-From
Esi-Enabled
X-GeoIP-Country-Code
X-FW-Version
X-Gannett-Site-Version
X-NWS-UUID-VERIFY
X-V
X-Amz-Cf-Pop
X-Endurance-Cache-Level
X-B3-TraceId
X-Sn-Servicetimems
X-Ckpd-Fst-Backend
X-ServiceProvider
X-Trace-Id
X-Fstrz
X-Servername
X-Worker
X-Content-Age
X-Device-Os
RNT-Machine
Decoy-Debug-TTL
Server-ID
True-Client-Country-4JS
On-Server
RNT-Time
Resin-Trace
HTTPS
X-Newrelic-Synthetics
Fastly-Backend-Name
Decoy-Debug-Key
Decoy-Debug-Status
Cache-Tags
Content-Disposition
X-Cache-Host
X-Cdn-Origin
X-TIME
PageSpeed
MIME-Version
Host-ID
X-Rebelmouse-Cache-Control
Warning
Fastly-SIE
X-Rebelmouse-Surrogate-Control
X-Skip-Cache
Fastly-SWR
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
X-Nc
X-Alicdn-Da-Ups-Status
X-Surge-Debug
X-Pf-Uncompressing
X-CACHE-AGE
RequestId
X-PHP-Backend
Cteonnt-Length
X-Csrf-Token
PFcat
Sid
X-Ua
X-Proto
Request-Time
X-Req
We-Hiring
Mail-Subject
X-Refresh
X-Aed
X-GEO
X-Dynatrace-Js-Agent
X-Edge-IP
Pramga
X-Pjax-Url
CF-IPCountry
TSSecure
X-Servedbyhost
WP-Super-Cache
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Ms-Lease-State
X-Planisys-CDN-Cache
X-Oss-Server-Time
X-Oss-Request-Id
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-Oss-Storage-Class
X-Geo
X-Varnish-Ttl
GeoIp-Country-Code
Geoip-Latitude
X-Page-Type
X-Server-W
CDN
X-Flog
X-ABtesting
X-Hello
X-Ratelimit-Limit
X-CSRF-Token
X-CLOUD-TRACE-CONTEXT
X-Atg-Version
Dnion-Transfer-Encoding
X-Cdn-Forward
X-COUNTRY
X-Time
X-Cache-ASPX
Cdn
X-GoCache-CacheStatus
X-Auto-Login
Lfy
X-Varnish-Url
X-Varnish-Beresp-TTL
X-DC
X-Oracle-Dms-Ecid
Mime-Version
X-DataStream-Origin-MEX-Latency
X-Unique-Id
FSS-Proxy
X-DataStream-MidMile-RTT
FSS-Cache
X-Aicache-OS
X-WA
Hostname
X-Akamai-Request-ID2
MS-CV
A
NnCoection
Rt-Proxy-Cache
X-Sentry-ID
NODE
X-Via-NSCOPI
X-GRACE
X-Datadome
X-Origin-Expires
X-Origin-Date
PageType
X-Varnish-HitMiss
X-HCF
X-Cache-Control-Set-By
X-EC-Security-Audit
X-Check-Cacheable
X-Bip
X-MP-GENERATED-AT
Memcached
X-Thanos
Node
X-Cache-Id
X-Served-From
SD-X-WS
X-UPSTREAM-Address
X-Cache-Info
X-APP
X-Be
WWW-Authenticate
X-Wa
X-Server-Group
X-Use-Magma
Geoip-City
X-Proxy-Server
X-Request-Start
X-Varnish-URL
X-NODE
X-Nananana
Processtime
X-SRV
PICS-Label
X-Wix-Route-ID
GeoIP-City
Memory
X-Ratelimit-Remaining
X-PAGE-TYPE
GeoIP-Country-Code
GeoIP-Latitude
Ms-Operation-Id
X-Fastly-Cache-Hits
X-CACHE-KEY
X-RTag
UCS
GW-Server
X-From-Cache
X-Cookie
X-Edge-Server
Cdn-Request-Time
Cdn-Host
X-User
X-GDPR
X-Gen-Id
X-Gdpr
X-ServedByHost
X-WR-MODIFICATION
DataCenter
X-Load-Cache
Cache-Hits
X-FORWARDED-FOR
X-Fastly-Backend-Reqs
COMMERCE-SERVER-SOFTWARE
X-HS-Status
X-Goog-Meta-Goog-Reserved-File-Mtime
Accept-Language
Cf-Ipcountry
Dont-Set-Cookie
X-PJAX-URL
Lb
X-Swift-Error
X-Vcache
Pics-Label
X-Cache-Debug
X-BBXSRF
Locale
X-Urbn-Context-Path
X-Li-Fabric
X-LI-UUID
X-Li-Pop
X-Cache-HT
X-Urbn-Site-Id
X-Env
Is-Session-Tracking
X-LI-Proto
V-Cache
X-Optimization
X-RateLimit-Reset
Group
X-B3-SpanId
Get-Access-Time
X-Cache-Ttl
X-Path-Route
X-VG-WebCache
X-Dw-Trace-Id
Who
X-CDN-Pop-IP
X-Fe
X-CDN-Pop
X-Info
Amp-Access-Control-Allow-Source-Origin
X-ID
AGE-Hash
Fastly-Soc-X-Request-Id
NX-Cache
X-Ver
SS
X-Qloud-Router
Xet-Cookie
X-Cache-FS-Status
URI
X-GZIP
X-Content-Encoded-By
X-PF-Uncompressing
X-Bug-Bounty
Requestid
Serverid
X-NGINX-Cache
X-SB
X-Meta-Tbi-Cache-Vertical
N-Cache
CDN-Cache
CDN-Cache-Hit
CDN-Node
Ws
X-Ibm-Trace
X-Akamai-SSL-Client-Sid
X-VC
X-CacheKey
X-Varnish-Info
X-P-T
X-Serial
SID
X-SN
X-RequestId
X-Flags
X-Is-Crawler
X-Litespeed-Cache-Control
X-Shard
Httpd-Identifier
X-Providence-Cookie
X-Route-Name
Https
X-Akamai-ERRuleID
X-Akamai-ERPolicy
X-ServerName
X-Grace-Duration