Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
Last-Modified
Accept-Ranges
Pragma
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
Expect-CT
Via
X-Cache
X-XSS-Protection
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Xss-Protection
X-Served-By
X-Amz-Cf-Id
X-Varnish
Referrer-Policy
X-Timer
CF-Cache-Status
Access-Control-Allow-Headers
X-AspNet-Version
Access-Control-Allow-Methods
X-Request-Id
X-Runtime
X-Download-Options
Access-Control-Allow-Credentials
X-FRAME-OPTIONS
X-Drupal-Cache
X-Request-ID
X-Cacheable
Alt-Svc
X-Generator
Content-Security-Policy-Report-Only
X-Check
X-Adblock-Key
X-AspNetMvc-Version
Status
X-Cache-Status
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Permitted-Cross-Domain-Policies
X-Template
X-Language
X-Iinfo
Content-Encoding
X-Content-Security-Policy
X-Turbo-Charged-By
X-CDN
X-Buckets
X-Type
Keep-Alive
Xkey
X-AH-Environment
X-Cache-Group
WPE-Backend
X-Pass-Why
X-Backend
Access-Control-Max-Age
X-Age
CF-Ray
Upgrade
X-POWERED-BY
X-Server
Access-Control-Expose-Headers
EagleId
X-Via
X-Nginx-Cache-Status
X-Server-Powered-By
X-Drupal-Dynamic-Cache
X-Pingback
X-Varnish-Cache
X-Amz-Request-Id
X-Amz-Id-2
X-Hacker
Grace
X-UA-Device
X-Swift-SaveTime
X-Swift-CacheTime
X-Robots-Tag
Ali-Swift-Global-Savetime
P3p
Cf-Railgun
X-LiteSpeed-Cache
X-Proxy-Cache
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Ua-Compatible
Request-Context
Content-Location
X-Device
X-Ac
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Amz-Version-Id
X-Cnection
X-Host
Surrogate-Control
X-Cache-Lookup
X-Node
X-Server-Id
X-Backend-Server
X-Rq
X-Response-Time
X-Rack-Cache
X-WebKit-CSP
X-Readtime
X-Application-Context
EagleEye-TraceId
X-OneAgent-JS-Injection
Server-Timing
X-Cloud-Trace-Context
X-Url
Report-To
Pinterest-Generated-By
Request-Id
X-CST
X-TTL
X-Instart-Request-ID
X-Country
X-ORACLE-DMS-ECID
X-Px
X-Clacks-Overhead
X-EdgeConnect-Origin-MEX-Latency
Feature-Policy
X-EdgeConnect-MidMile-RTT
Edge-Control
X-Country-Code
Rating
X-Dns-Prefetch-Control
Allow
NEL
X-Powered-CMS
X-Vname
X-TtlSet
X-PC
X-FTR-Request-ID
X-DataDome
X-Origin-Cache
X-Server-Name
Charset
X-ESI
X-DynaTrace
X-Cached
X-DynaTrace-JS-Agent
X-MS-InvokeApp
X-Vhost
X-Goog-Hash
X-GitHub-Request-Id
X-Recruiting
X-VARITI-CCR
RTSS
X-Varnish-TTL
X-F-Cache
X-Version
Content-MD5
X-Cdn-Fetch
X-Kinja
X-Kinja-Server
X-Exp-Id
X-Kinja-Build
X-Kinja-Revision
X-Geo-Segment
X-GoogleNews-Bot
X-Exp-Variant
X-Powered-By-Plesk
Accept-CH
X-D2id
PB-PID
X-Mobile-Rewrite
PB-RID
Arc-Version
Public-Key-Pins
X-Mod-Pagespeed
MS-Author-Via
Verso
X-Client-IP
X-Dispatcher
X-Abt-Application-Version
Pinterest-Version
X-Pinterest-Rid
X-Upstream-Env
SPRequestGuid
X-Ruxit-JS-Agent
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-SharePointHealthScore
X-N
X-Amz-Rid
Nginx-Cache
X-ORACLE-DMS-RID
X-Navigation-Version
Accept-CH-Lifetime
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Dw-Request-Base-Id
X-Trace
X-CF-Powered-By
X-Fastly-Request-ID
X-Forwarded-Proto
Paypal-Debug-Id
X-Server-ID
X-DIS-Request-ID
X-Origin-Upstream-Status
SPIisLatency
SPRequestDuration
X-T
X-Upstream
X-Varnish-Age
X-Hits
DynaTrace
Arr-Disable-Session-Affinity
X-Amz-Meta-S3cmd-Attrs
TCN
X-Id
X-Grace
X-Oracle-Dms-Rid
X-Shield-Request-Id
X-Pad
X-Content-Options
AR-ATIME
AR-PoweredBy
AR-CACHE
Realpath
X-Content-Digest
X-NF-Request-ID
X-HW
Access-Control-Request-Method
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
Mrf-Cache-Status
MRF-Tech
X-Kinsta-Cache
X-Acc-Meta-Resource-Type
X-XRDS-Location
X-IPLB-Instance
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Vcap-Request-Id
X-Cache-Hit
X-Debug
X-B
X-Logged-In
X-Wix-Server-Artifact-Id
X-FastCGI-Cache
X-SS-Set-Cookie
Service-Worker-Allowed
X-Ser
Tracecode
S
X-MSEdge-Ref
Fastly-Restarts
Server-Name
X-NewRelic-App-Data
X-PressLabs-Stats
X-FTR-Backend
X-FTR-Realm
X-FTR-Cache-Status
X-Country-Code-Real
X-Frontend
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-DC
X-FTR-Expires
X-Cache-Key
X-Accel-Buffering
AMP-Access-Control-Allow-Source-Origin
Rt-Fastcgi-Cache
Surrogate-Key
X-Forwarded-For
Fastcgi-Cache
X-Analytics
Backend-Timing
X-Iejgwucgyu
X-HS-Hub-Id
X-HS-Content-Id
Alternate-Protocol
X-Cache-Rule
Eomportal-Instance
Host
FilterID
X-Revision
Front-End-Https
X-Srv
TP-L2-Cache
AR-SID
Cleartype
X-Rid
TP-Cache
Public-Key-Pins-Report-Only
X-FTR-Cache-Host
Cache-Status
X-Debug-Info
X-User-Agent
X-Whom
X-Akam-SW-Version
ServerID
X-Mobile
Accept-Charset
X-AOL-HN
X-Webkit-CSP
X-Varnish-Backend
X-Cdn
X-Cache-2
X-GUploader-UploadID
X-RateLimit-Remaining
X-Request-Received
X-Request-Processing-Time
X-Oneagent-Js-Injection
X-Zen-Fury
X-Cached-By
X-Ttl
X-XRDS-LOCATION
X-Via-JSL
X-WPE-Loopback-Upstream-Addr
X-Content-Powered-By
X-NWS-LOG-UUID
X-TA-CDN-Provider
X-App-Environment
X-Do-Not-Hack
Permitted-Cross-Domain-Policies
X-VCache
X-HeyJason
X-LB-Cache
Display
X-Middleton-Display
X-Sol
X-Varnish-Hostname
X-Cluster
X-Tumblr-User
X-Cache-Control
X-Tumblr-Pixel
X-Page-Id
X-Tumblr-Pixel-0
Host-Header
X-Magnolia-Registration
X-Akamai-Edgescape
X-Framework
X-Node-Name
X-Device-Type
X-Request-Guid
X-TT
Viewport
X-Correlation-Id
X-B3-Sampled
X-B-Cache
X-Content-Security-Policy-Report-Only
X-Platform-Server
X-Signature
X-Handled-By
X-FB-Debug
Cache-Tag
DC
Upgrade-Insecure-Requests
X-Instance
X-BCube-Filmed-By
Liferay-Portal
X-Amzn-Trace-Id
X-Cache-Server
MicrosoftSharePointTeamServices
X-Hostname
Server-Node
X-Origin-Server
X-Webkit-Csp
X-Fastcgi-Cache
X-TT-TIMESTAMP
X-Accel-Expires
X-B3-Traceid
X-WA-Info
X-Varnish-Server
Source
X-Esi
Retry-After
X-Distil-CS
X-Contextid
X-Servedby
X-Seen-By
X-Edge-Location
X-Wix-Request-Id
HitInfo
Server-Info
HitType
X-Cache-Action
X-Amz-Replication-Status
Content-Style-Type
Content-Script-Type
X-GeoIP
SRV
Webserver
X-Tumblr-Pixel-2
X-RequestSource
X-Tumblr-Pixel-1
X-S
X-Cache-Operation
X-ATG-Version
X-WebKit-CSP-Report-Only
X-Jobs
Actual-Object-TTL
User-Agent
GEO-INFO
X-Generated-By
X-Middleton-Response
Response
X-Status
X-Locale
AsisCache
X-Region
X-Edge-Cache-Key
X-Response-Served-From
X-Cache-NE
X-Edge-Cache
X-TX-ID
X-FW-Type
X-FW-Serve
Refresh
X-FW-Server
X-Adobe-Loc
ServedBy
X-Adobe-Content
X-FW-Static
X-UUID
X-FW-Hash
X-Varnish-Hits
X-Drupal-Cache-Tags
X-Yottaa-Optimizations
X-Newrelic-App-Data
X-Yottaa-Metrics
Healthy
X-Port
Payment
X-Geo-Country
X-Cache-TTL-Remaining
X-Hyper-Cache
X-DataStream-Cache-Status
S-Cnection
X-APP-VERSION
X-Content-Type
IBM-Web2-Location
Edge-Cache-Tag
Datacenter
X-HS-Cache-Config
Country
HostName
X-Varnish-Grace
X-Amz-Server-Side-Encryption
X-Cache-Age
Powered-By-ChinaCache
Served-By
X-HS-Combine-CSS
Filters
X-Daa-Tunnel
NGB
X-Pc-Appver
X-Pc-Hit
X-Az
X-Activity-Id
X-Pc-Key
X-AppVersion
X-Varnish-IP
X-Sucuri-ID
X-Cache-Remote
X-Cacheable-TTL
X-App-Server
X-Vg-Webcache
X-Mrs-Cache-Hits
X-Mshield-Cache-Status
X-Akamai-Transformed
X-Mrs-Cache
X-Mrs-Age
X-Mode
X-UA
X-Kinja-Server-Push
X-Cache-TTL
X-Rule
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-RemovedCookies
Meta-Geo
Machine
Load-Balancing
X-ProcessESI
X-Detected-As
X-Cache-Var-Map
X-Is-Bot
X-Rendered-As
X-RN-RSRV
X-Cache-Var
X-BYPASS-REASON
X-ProxyCache-Status
X-Rocket-Nginx-Bypass
X-FC-Vary-Parameters
X-Proxy
X-ProxyCache-Key
TWC-Privacy
OT-Force-Account-Verify
Property-Id
X-OCL
X-Origin
X-Grey
X-Varnish-Cacheable
Mn-Server-Ip
DB-Nickname
Cache-Name
X-PCL
X-Tb
Access-Control-Allow-Method
Backend
X-Hosted-By
X-Origin-Hint
Webcakes-App-Name
Webcakes-Region
TWC-Device-Class
TWC-GeoIP-Country
X-Amz-Meta-Surrogate-Control
Webcakes-App-Version
TWC-GeoIP-LatLong
X-Cache-Category-Id
User-Cache-Control
TWC-Locale-Group
X-ServerID
TWC-Connection-Speed
Azure-Version
X-Original-Request
Azure-SlotName
X-Proxied
Azure-InstanceId
X-JoinUs
Azure-RegionName
X-Varnish-Cache-Hits
X-Human
X-Loop
L5d-Success-Class
ServerName
X-Routing-Service
X-Hit
X-Section
X-Generated
X-Site-Version
X-Format
X-CDN-Cache
X-TNCMS
X-BB-IP
X-EIG-Tracking-Id
Now
X-Zipkin-Id
X-Upstream-HT
X-Upgrade-Enabled
X-Upstream-CT
X-Access
Azure-SiteName
X-App-Version
X-Correlation-ID
Fastcgi-X-Cache-Version
X-SplitTest
X-Cache-Config
Fastcgi-X-Cache
Fastcgi-Useragent
Cache-Key
X-TWH-CORRELATION-ID
X-Agile
X-Pubstack
X-Proxy-Build
X-LJ-Flow-ID
X-L-Path
X-IP
X-NodeID
Selected-FE
X-Agile-Id
X-PERF
S-Rt
X-Agile-Age
X-Timing-Wait
X-Viewer-Country
X-Via-Fastly
X-Debug-Cache
X-VWS-Id
X-App-Name
X-Environment-Context
X-AWS-Id
From-Origin
X-Drupal-Cache-Contexts
X-Source
X-Www-Served-By
Access-Control-Request-Headers
X-ApacheServer
X-HOST
X-Ocache
X-Origin-CC
X-CCM
X-URL
X-NGENIX-Cache
Cache
X-OVcl
X-CDN-Forward
X-Amzn-RequestId
Pagespeed
X-OVcl-Cache
X-Amz-Apigw-Id
X-Xfnlog-Site
LB
X-Nginx-Cache
X-Backend-Name
X-Unique-ID
X-Feature
X-Forwarded-Host
ViewerVersion
Fastly-SSL
X-RateLimit-Limit
X-Litespeed-Cache
X-Akamai-Request-ID
NtCoent-Length
X-Vgn-Hpd-Reason
X-Ms-Lease-Status
X-Ms-Blob-Type
X-Ms-Request-Id
X-Ms-Version
X-Storage
X-Pc-Host
X-Pc-Date
X-Birta-Served
X-M-Reqid
X-Qnm-Cache
X-M-Log
X-Birta-Cache-Post
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-Labrador-Cache-Channel
X-VG-TLSProxy
Ar-Sid
X-Cluster-Node
X-Time-Microsecs
X-Guploader-Uploadid
Xserver
X-Internal-Host
X-Real-IP
X-Ruxit-Js-Agent
X-NCache
X-Real-Ip
X-Release
X-Microcachable
Time
X-Distributor
X-EdgeConnect-Cache-Status
AR-Request-ID
X-B3-TraceId
CACHE
PageSpeed
X-B3-Spanid
X-Varnish-Beresp-Ttl
X-Request-Time
X-Cache-Enabled
ProcessTime
X-Sucuri-Cache
X-Powered-By-ANYU
X-Dynatrace-Js-Agent
WZWS-RAY
X-SERVER-NAME
IsBot
Ec-Rule-Version
X-Destination
X-Date
Xc-Version
X-Developer
X-WebServer
X-Died
X-Dispatcher-Server
X-DPWN-IS-SECURE
Fly-Cache
Fly-Request-Id
X-PAYTM-SRV-ID
X-IN-SSL-APIGATEWAY
AKAMAI
X-Org
X-Irp-Debug
Ajk
X-NU-AKA-ACS-Version
X-Logtrace-Id
X-No-Session
X-Web-Node
X-IN-WAF
X-D
X-Generation-Time
X-Generated-In
X-G
Cache-Prefix
X-IN-APIGATEWAY
Arc-Country
BehaviorPad-Version
X-From
X-CF-Lambda-Version
Www
X-Application
X-A
X-Trv-Group
X-Transaction
X-ScT
X-ARC
X-Rojux
X-Twitter-Response-Tags
X-S-Cookie
VivaBuild
X-A-Ccd
X-A-Dam
X-SRCache-Key
X-A-Wwc
X-Store
X-Accel-Expires-Debug
X-SIPLIST1
X-Server-Time
X-Server-By
X-A-Dcw
X-Newrelic-Synthetics
X-A-Dgt
MD5-Digest
X-UE-Client-Country
X-VG-WebServer
X-Redis-Cache
X-Region-Sid
NGX
Mobile-Detection-Method
X-CUA
Meta-Geo-Continent
X-Via-SSL
X-Via-Edge
X-Via-CDN
X-Connection-Hash
Viewtype
X-BB-ID
V-Age
X-B-Cookie
X-Rewrite-Enabled
T-Server
Server-Int
X-Request-UUID
X-CF-Lambda-Fn
Rendered-Blocks
X-Cache-Bucket
X-Sorting-Hat-ShopId
X-Cache-Backend
X-Sorting-Hat-PodId
X-Shopify-Stage
X-Alternate-Cache-Key
X-Endurance-Cache-Level
X-ShardId
X-ShopId
X-NC
X-FireWall-Port
X-We-Are-Hiring
HA-Urlpath
X-Policy
Magicmarker
HA-Ipaddr
X-VServer
X-RateLimit-Limit-Second
HA-Georegion
HA-Geocity
HA-Cloudapp
GMS-Ver
X-Wikidot-Backend
HA-Geocountry
HA-Geolat
Ha-Gx-Prefs
X-RateLimit-Remaining-Second
HA-Geolon
HA-Host
X-VCT
SN
X-Block-Status
Server-Host
REQUESTUUID
X-UnsetCookies
X-S-Maxage
X-Amz-Meta-Cache-Control
Web-Mar-Node
X-UA-Device-Type
X-Cache-CFC
Release
X-Crawler
NodeID
X-Wikidot-Static-Cache
Origin-Cache-Control
Origin-Edge-Control
Pragrma
X-Varnish-Action
X-CGP
X-CS
HA-Servedtime
X-Key
X-Hnp-Log
X-Hash
X-GeoIP-City
X-Gen-Mode
Backend-Name
X-Owner
X-Layer
X-Origin-TTL
X-Node-Id
Frame-Options
Country-Code
X-Hl-Ver
X-F5-Cache
X-Phone
X-Fastly-Cache
X-Platform
X-External-Request-Id
X-Eu-Site
X-Amz-Cf-Pop
X-ElasticPress-Search
X-Webstats-RespID
X-Nc
X-CACHE-AGE
X-Thinkindot-L3
X-Variation
X-Var-Ttl
X-Returned-From-BeforeDispatch
X-C
X-Backend-Url
X-Location
X-Swa-Ws
X-Returned-From-DLL
X-Stale
X-Backend-Host
X-MSEdge-Flight
X-MSEdge-Features
X-Secret
X-Tumblr-Pixel-3
X-Nginx-Cache-Key
X-Server-IP
X-MI-In-Market
X-TT-LOGID
X-Backend-State
X-Returned-From-PostProcessResponse
X-Up
X-Matched-Rule
X-Backend-TTL
X-Clientip
X-Debug-Log
X-Passed-To-PostProcessResponse
X-Debug-Cookies
X-GeoIP-Country-Code
X-HTML-Minification-Powered-By
X-RCS-CacheZone
X-Actual-URL
X-Gannett-Site-Version
X-Epic-Correlation-Id
X-Device-Os
X-Developers
Kp-EeAlive
Resin-Trace
X-Fetched-On
X-Passed-To-DLL
X-Croise-Owner
X-Response-By
X-Instance-Name
X-NX-Host
X-Returned-From
X-Cache-Srv
X-Cache-URL
X-Request-URI
X-Sf
X-Passed-To-BeforeDispatch
X-Reboot
X-Passed-To
X-Core-Value
X-Core-Mission
X-Cache-Expires
Section-Io-Cache
Platform
Origin
Proxy-Connection
Countrycode
Heartbleed
Request-Country
Odigeo-Trace-Id
MI-Cache-Age
Esi-Enabled
Is-Eu
X-Ezoic-Cdn
MI-API
MI-Cache
CDCHOST
Request-EU
Adler-Geo
Thinkindot-CacheControl
Apple-News-Services-Handled
Thinkindot-CacheControl-Type
Thinkindot-Control
Apple-News-Services-Host
Uber-Trace-Id
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Cache-Cookie-Set-Lfrom
Cneonction
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
Pagetype
X-SERVER
X-Ua
RNT-Machine
X-Trace-Id
X-NWS-UUID-VERIFY
Decoy-Debug-Status
X-Sn-Servicetimems
X-ServiceProvider
Content-Disposition
Decoy-Debug-Key
Cache-Tags
X-FW-Version
Decoy-Debug-TTL
Fastly-Backend-Name
X-Cdn-Origin
X-Ckpd-Fst-Backend
On-Server
X-Content-Age
X-Cache-Host
X-Worker
X-Surge-Debug
X-Fstrz
True-Client-Country-4JS
Powered
Server-ID
RNT-Time
X-Csrf-Token
X-Dc
X-V
X-GZip
HTTPS
X-Alicdn-Da-Ups-Status
Warning
X-Skip-Cache
X-Rebelmouse-Cache-Control
Fastly-SIE
X-Servername
X-Cdn-Srv
Fastly-SWR
X-Rebelmouse-Surrogate-Control
MIME-Version
X-Aed
Host-ID
X-Edge-IP
X-TIME
X-Req
X-Proto
Pramga
RequestId
X-Pf-Uncompressing
X-GEO
X-Datadome
TSSecure
Request-Time
PFcat
Mail-Subject
X-Cdn-Forward
XServer
We-Hiring
Sid
X-Ms-Lease-State
X-Pjax-Url
X-Ratelimit-Limit
X-Refresh
Cteonnt-Length
X-Flog
CF-IPCountry
X-Hello
X-Page-Type
WP-Super-Cache
X-Time
X-ABtesting
X-Varnish-Ttl
X-PHP-Backend
X-Geo
X-Server-W
X-Varnish-Url
Cdn
X-GRACE
X-CLOUD-TRACE-CONTEXT
X-Atg-Version
X-DC
X-Auto-Login
X-Planisys-CDN-Rules
Mime-Version
X-Planisys-CDN-Cache
X-COUNTRY
X-Servedbyhost
X-Planisys-CDN-TTL
CDN
FSS-Cache
FSS-Proxy
X-Oss-Server-Time
X-Oss-Storage-Class
X-Oss-Request-Id
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Oracle-Dms-Ecid
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
X-Aicache-OS
Lfy
Dnion-Transfer-Encoding
X-Cache-ASPX
GeoIp-Country-Code
Geoip-Latitude
X-Unique-Id
X-CSRF-Token
X-GoCache-CacheStatus
X-Sentry-ID
Rt-Proxy-Cache
X-Akamai-Request-ID2
PageType
X-WA
X-Varnish-Beresp-TTL
X-EC-Security-Audit
A
X-MP-GENERATED-AT
X-Thanos
Memcached
X-Cache-Id
X-Served-From
X-Via-NSCOPI
X-Bip
X-Ratelimit-Remaining
X-Check-Cacheable
NnCoection
MS-CV
Node
X-Origin-Expires
X-Origin-Date
X-Wa
X-Cache-Info
X-CACHE-KEY
X-Proxy-Server
GeoIP-Latitude
GeoIP-Country-Code
X-Be
X-Cache-Control-Set-By
X-APP
X-Varnish-HitMiss
X-HCF
NODE
X-Request-Start
SD-X-WS
Memory
X-NODE
X-Nananana
X-Server-Group
GW-Server
X-Fastly-Cache-Hits
UCS
WWW-Authenticate
X-UPSTREAM-Address
X-SRV
GeoIP-City
Hostname
X-Vcache
X-ServedByHost
Cache-Hits
X-User
Geoip-City
X-Cookie
X-PAGE-TYPE
Accept-Language
X-Gen-Id
X-GDPR
X-Wix-Route-ID
PICS-Label
X-Varnish-URL
X-From-Cache
X-WR-MODIFICATION
DataCenter
X-Load-Cache
Cf-Ipcountry
Amp-Access-Control-Allow-Source-Origin
X-Goog-Meta-Goog-Reserved-File-Mtime
X-FORWARDED-FOR
X-HS-Status
X-RTag
X-Fastly-Backend-Reqs
Processtime
Locale
X-Swift-Error
X-Urbn-Site-Id
X-BBXSRF
X-Edge-Server
X-Use-Magma
X-Cache-Ttl
X-LI-UUID
X-Urbn-Context-Path
Cdn-Request-Time
Cdn-Host
X-Gdpr
X-Path-Route
X-PJAX-URL
COMMERCE-SERVER-SOFTWARE
X-Li-Fabric
Pics-Label
X-Li-Pop
X-LI-Proto
Ms-Operation-Id
X-Info
X-B3-SpanId
X-Cache-Debug
Requestid
Fastly-Soc-X-Request-Id
Dont-Set-Cookie
SS
X-Qloud-Router
X-VG-WebCache
X-Dw-Trace-Id
X-PF-Uncompressing
X-CDN-Pop-IP
X-CDN-Pop
X-Fe
X-ID
Group
Get-Access-Time
Is-Session-Tracking
X-Cache-HT
V-Cache
NX-Cache
X-P-T
X-Optimization
X-Bug-Bounty
X-Content-Encoded-By
X-RateLimit-Reset
X-GZIP
X-Env
Serverid
X-NGINX-Cache
X-SN
Who
URI
X-CacheKey
Lb
CDN-Node
CDN-Cache
CDN-Cache-Hit
X-Varnish-Info
X-ServerName
Https
Xet-Cookie
X-Serial
X-Akamai-SSL-Client-Sid
AGE-Hash
X-CSRF-TOKEN
Powered-By
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Protected-By
X-BE
RequestUuid
X-Ver
X-Route-Name
X-Providence-Cookie
X-Akamai-ERPolicy
X-Akamai-ERRuleID
X-Grace-Duration
X-Is-Crawler
X-Flags
SID
X-RequestId
X-Shard
X-Litespeed-Cache-Control
X-Cache-FS-Status