Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Pragma
X-Powered-By
CF-RAY
Link
X-XSS-Protection
ETag
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-UA-Compatible
Referrer-Policy
X-Served-By
X-Varnish
X-Request-Id
CF-Cache-Status
X-Timer
X-FRAME-OPTIONS
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
Alt-Svc
X-Check
X-Cacheable
X-Xss-Protection
X-Generator
Content-Security-Policy-Report-Only
X-Cache-Status
X-Permitted-Cross-Domain-Policies
X-Ua-Compatible
X-AspNetMvc-Version
P3p
Status
Timing-Allow-Origin
X-Template
Content-Encoding
X-Language
X-DNS-Prefetch-Control
X-Content-Security-Policy
X-Iinfo
X-CDN
Upgrade
X-Buckets
Xkey
X-Request-ID
X-Kinja-Server-Push
X-Turbo-Charged-By
X-Via
Access-Control-Expose-Headers
Keep-Alive
Access-Control-Max-Age
X-AH-Environment
CF-Ray
X-Pass-Why
X-Drupal-Dynamic-Cache
X-Cache-Group
X-Age
X-Backend
X-Server
X-Amz-Id-2
X-Amz-Request-Id
X-Robots-Tag
X-Page-Speed
X-Envoy-Upstream-Service-Time
X-Pingback
X-Hacker
X-Server-Powered-By
X-Varnish-Cache
X-Nginx-Cache-Status
EagleId
X-Proxy-Cache
Grace
X-UA-Device
Request-Context
Cf-Railgun
WPE-Backend
X-Swift-CacheTime
X-Swift-SaveTime
X-Amz-Version-Id
Ali-Swift-Global-Savetime
X-WebKit-CSP
X-LiteSpeed-Cache
X-Device
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-OneAgent-JS-Injection
X-Server-Id
Feature-Policy
X-Ac
X-Node
Content-Location
X-Rq
X-Host
EagleEye-TraceId
X-Cnection
Allow
Server-Timing
X-Backend-Server
Report-To
X-Response-Time
X-Cache-Lookup
X-Dns-Prefetch-Control
Request-Id
X-Application-Context
Surrogate-Control
X-Origin-Cache
X-Readtime
X-ORACLE-DMS-ECID
X-Cloud-Trace-Context
Pinterest-Generated-By
X-CST
X-Rack-Cache
X-Ruxit-JS-Agent
X-FTR-Request-ID
X-Vhost
NEL
X-HW
X-Clacks-Overhead
X-Country
X-Country-Code
X-DynaTrace
Rating
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Instart-Request-ID
X-Goog-Hash
X-Mod-Pagespeed
X-Origin-Upstream-Status
X-Dispatcher
X-Url
X-DataDome
Edge-Control
X-Px
X-VARITI-CCR
X-PC
X-Vname
X-TtlSet
Service-Worker-Allowed
X-MS-InvokeApp
Accept-CH
Verso
X-Server-Name
X-DataStream-Cache-Status
X-Varnish-TTL
X-Kinja-Revision
X-Exp-Variant
X-Kinja-Build
X-Cdn-Fetch
X-Exp-Id
X-GoogleNews-Bot
X-Kinja
X-Kinja-Server
X-Use-Magma
X-Powered-By-Plesk
X-ESI
X-Recruiting
AR-CACHE
AR-PoweredBy
AR-ATIME
SPRequestGuid
X-Vcap-Request-Id
X-GitHub-Request-Id
X-D2id
MS-Author-Via
AR-Request-ID
Content-MD5
X-Amz-Server-Side-Encryption
Public-Key-Pins
X-Version
X-ORACLE-DMS-RID
X-Abt-Application-Version
X-Cached
RTSS
PB-RID
Arc-Version
X-Mobile-Rewrite
PB-PID
X-SharePointHealthScore
Nginx-Cache
X-DynaTrace-JS-Agent
Display
Response
X-Middleton-Display
X-Sol
X-Middleton-Response
Pinterest-Version
X-Upstream-Proxy
X-Pinterest-Rid
Ar-Sid
X-Navigation-Version
DynaTrace
X-Amz-Rid
Realpath
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Oracle-Dms-Rid
Charset
X-Goog-Metageneration
X-Goog-Stored-Content-Length
ServerID
X-Ttl
X-Akam-SW-Version
X-Powered-CMS
X-Client-IP
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Forwarded-Proto
X-XRDS-Location
X-FTR-Realm
X-FTR-DC
X-FTR-Backend-Server
X-FTR-Balancer
X-Country-Code-Real
X-FTR-Backend
X-FTR-Cache-Status
Fusion-Template-Id
Fusion-Content-Source
Fusion-Content-Id
Fusion-Source
Fusion-Component-Id
X-Trace
X-FTR-Expires
TCN
X-B3-TraceId
X-Shield-Request-Id
X-VCache
X-Goog-Storage-Class
X-Ser
X-Debug
X-Amz-Meta-S3cmd-Attrs
SPIisLatency
SPRequestDuration
X-Dw-Request-Base-Id
X-RateLimit-Remaining
X-Id
Alternate-Protocol
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TTL
X-Fastly-Request-ID
X-FTR-Cache-Host
Paypal-Debug-Id
X-Shard
X-Varnish-Age
X-Upstream
S
X-Litespeed-Cache
X-Server-ID
Fastcgi-Cache
X-Hits
X-T
X-MSEdge-Ref
X-Acc-Meta-Resource-Type
Host
X-Ezoic-Cdn
X-NF-Request-ID
MicrosoftSharePointTeamServices
X-Mrf-Item-Lastmod
X-B3-TraceId-Primal
X-Mrf-Section-Lastmod
MRF-Tech
Mrf-Cache-Status
X-Logged-In
X-Content-Digest
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
Front-End-Https
X-Frontend
Access-Control-Request-Method
Arr-Disable-Session-Affinity
X-DIS-Request-ID
X-HS-Hub-Id
X-N
X-HS-Content-Id
Server-Name
X-Amzn-Trace-Id
X-Kinsta-Cache
X-IPLB-Instance
X-Grace
X-Forwarded-For
X-Pad
X-B3-Sampled
X-Srv
Accept-CH-Lifetime
Pagespeed
X-Request-Handler-Origin-Region
Tracecode
X-Content-Type
X-Microsite
X-Cdn
X-Fastcgi-Cache
Edge-Cache-Tag
FilterID
X-AOL-HN
X-Accel-Expires
TP-L2-Cache
AMP-Access-Control-Allow-Source-Origin
X-LB-Cache
X-Type
Surrogate-Key
X-Rid
TP-Cache
X-Debug-Info
X-Node-Name
X-Request-Received
X-Request-Processing-Time
X-Via-JSL
X-Analytics
Backend-Timing
X-Hostname
X-FastCGI-Cache
X-Page-Id
Accept-Charset
X-Webkit-Csp
X-GUploader-UploadID
X-Revision
X-Whom
X-RateLimit-Limit
X-Content-Options
Healthy
X-Varnish-Backend
X-Cache-Rule
X-Cache-2
X-Content-Powered-By
X-NWS-LOG-UUID
X-Cache-Age
Host-Header
Accept-Ch-Lifetime
X-Framework
X-User-Agent
X-Mobile
X-Content-Security-Policy-Report-Only
X-TT
X-Amz-Replication-Status
X-PHP-Backend
X-Varnish-Hostname
X-Cached-By
Powered
X-FB-Debug
X-Cache-Control
X-Tumblr-Pixel-0
X-Tumblr-Pixel
Source
X-Correlation-Id
X-Request-Guid
X-Cluster
Upgrade-Insecure-Requests
X-App-Environment
X-Tumblr-User
X-BCube-Filmed-By
X-Instance
X-Varnish-Grace
X-Akamai-Edgescape
VIX-Pulpo-Node
X-Iejgwucgyu
VIX-Pulpo-Upstream-Status
Cache-Status
X-B3-Traceid
Fastly-Restarts
Cleartype
X-Cache-Hit
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Activity-Id
X-AppVersion
Access-Control-Allow-Method
X-Az
Server-Info
X-Jobs
X-Drupal-Cache-Tags
Retry-After
X-Zen-Fury
X-Platform-Server
X-Cache-TTL
X-Cache-Remote
X-Cache-Key
X-ATG-Version
X-Oneagent-Js-Injection
X-CF-Powered-By
X-FW-Serve
Actual-Object-TTL
X-FW-Hash
X-FW-Type
X-FW-Server
X-FW-Static
X-Cache-Action
PageSpeed
X-Forwarded-Host
X-Geo-Country
X-Cache-Operation
X-Real-IP
Payment
X-URL
X-Response-Served-From
Server-Node
X-Adobe-Content
X-ProcessESI
X-WebKit-CSP-Report-Only
X-Adobe-Loc
X-RemovedCookies
Cache-Tags
X-Content-Age
Filters
Eomportal-Instance
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Varnish-Hits
X-TX-ID
X-Vcache
X-Storage
X-F-Cache
X-UA-Device-Type
X-Handled-By
X-Cacheable-TTL
X-VG-WebCache
X-TT-TIMESTAMP
X-GeoIP
X-B
X-Cache-NE
Cache-Tv-Group
X-RequestSource
X-Daa-Tunnel
Refresh
Cache
DC
Cache-Tag
MS-CV
X-Redis-Cache
X-Git-Hash
X-Esi
X-Accel-Buffering
From-Origin
Nel
X-Guploader-Uploadid
Frame-Options
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
Viewport
X-Host-Name
X-PressLabs-Stats
Webserver
X-Origin-Server
X-UUID
X-XRDS-LOCATION
X-App-Server
Datacenter
X-WA-Info
X-Rendered-As
X-TA-CDN-Provider
X-Contextid
Xserver
X-Mode
X-Magnolia-Registration
X-Cache-TTL-Remaining
X-FB-TRIP-ID
X-FW-Dynamic
X-Cache-Enabled
Country
X-Varnish-Server
X-Locale
X-Routing-Service
X-Www-Served-By
X-Zipkin-Id
X-NGENIX-Cache
X-RN-RSRV
X-Rule
X-Upstream-HT
X-Trace-Id
Meta-Geo
Machine
Load-Balancing
X-Proxied
X-Upstream-CT
X-ES-SERVER
GEO-INFO
X-Cache-Var-Map
X-From
X-Path-Route
X-Cache-Var
X-Hl-Ver
X-ProxyCache-Status
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Rocket-Nginx-Bypass
NGX
X-Backend-Name
X-NCache
X-APP-VERSION
X-BYPASS-REASON
X-ServerID
X-Signature
X-B-Cache
Cache-Key
X-ProxyCache-Key
X-Web-Node
X-FC-Vary-Parameters
X-Debug-Cache
L5d-Success-Class
Origin-Cache-Control
Now
Mn-Server-Ip
Origin-Edge-Control
ServedBy
X-EIG-Tracking-Id
X-Cache-Host
X-Cache-Config
Uber-Trace-Id
X-Environment-Context
X-Upgrade-Enabled
X-VG-TLSProxy
X-Labrador-Cache-Channel
X-OCL
X-Hosted-By
X-R9-Blue-Green-Version
X-Region
X-L-Path
X-PCL
X-Proto
X-JoinUs
X-Human
X-Viewer-Country
X-S
X-TNCMS
X-Cache-Category-Id
X-Vgn-Hpd-Reason
Vix-Hermes-Req-Id
X-Varnish-IP
X-Via-Fastly
X-Cache-Backend
X-Pubstack
X-Site-Version
X-Akamai-Request-ID
X-EdgeConnect-Cache-Status
X-Tumblr-Pixel-3
X-AWS-Id
X-CCM
X-LJ-Flow-ID
X-Loop
Cteonnt-Length
X-Generated
X-Is-Bot
X-Hit
X-Grey
X-Origin-Response-Time
X-MP-GENERATED-AT
X-Device-Type
X-Detected-As
X-RCS-CacheZone
X-VWS-Id
X-Varnish-Cache-Hits
X-Section
Mail-Subject
X-Xfnlog-Site
X-Timing-Wait
We-Hiring
X-Access
X-Proxy-Build
Selected-FE
Release
DB-Nickname
X-VCT
DSUID
OT-Force-Account-Verify
X-BACKEND-TTL
X-Ratelimit-Reset
X-Ua
X-Mobile-URL
X-B3-Spanid
Cache-Name
X-Hp-Webp
Powered-By-ChinaCache
Rt-Fastcgi-Cache
X-NewRelic-App-Data
X-Drupal-Cache-Contexts
X-Nginx-Cache
X-Webkit-CSP
X-Tb
HitType
SRV
X-Seen-By
S-Cnection
Served-By
X-Source
X-Presslabs-Stats
X-Cache-Grace
Fastcgi-Useragent
X-UnsetCookies
X-Generated-By
X-RTag
Ms-Operation-Id
X-Format
X-Cluster-Node
X-Birta-Cache-Post
X-Proxy
X-Birta-Served
Hostname
X-Cache-Server
X-OVcl
X-Microcachable
X-OVcl-Cache
X-Time
X-Time-Microsecs
X-Akamai-Transformed
Azure-Version
Azure-InstanceId
Azure-SiteName
Azure-RegionName
X-IP
Azure-SlotName
X-PERF
X-ApacheServer
X-Sorting-Hat-ShopId
X-ShopId
X-Sorting-Hat-PodId
Decoy-Debug-Key
X-Shopify-Stage
X-ShardId
Webcakes-App-Name
X-Alternate-Cache-Key
TWC-Device-Class
Decoy-Debug-Status
Property-Id
X-Origin-Hint
X-GRACE
TWC-Privacy
Access-Control-Request-Headers
TWC-Locale-Group
TWC-GeoIP-LatLong
TWC-GeoIP-Country
TWC-Connection-Speed
Decoy-Debug-TTL
X-FW-Version
Webcakes-App-Version
X-Status
X-Geo
X-Endurance-Cache-Level
Webcakes-Region
X-Via-CDN
Fastcgi-X-Cache-Version
X-B3-Parentspanid
S-Rt
X-UA
X-Origin
IBM-Web2-Location
Origin
Proxy-Connection
X-Origin-CC
X-Origin-TTL
X-Ruxit-Js-Agent
X-Nc
Ec-Rule-Version
WZWS-RAY
X-Request-Time
BehaviorPad-Version
X-A-Dam
GEO-REGION-INFO
Content-Script-Type
X-A
X-A-Ccd
Cache-Prefix
Cache-Cookie-Set-From
Apple-News-Services-Parsed-Url
IsBot
Content-Style-Type
Cross-Origin-Window-Policy
Fly-Cache
X-A-Dcw
X-A-Dgt
Fly-Request-Id
Cache-Cookie-Set-Idcheck
NGB
Thinkindot-CacheControl-Type
X-A-Wwc
Apple-News-Services-Request-Url
Thinkindot-CacheControl
Arc-Country
Rendered-Blocks
Rt-Proxy-Cache
Server-Int
Node
AsisCache
Cache-Cookie-Set-Lfrom
Meta-Geo-Continent
MD5-Digest
Web-Mar-Node
VivaBuild
Thinkindot-Control
User-Cache-Control
Viewtype
Www
X-Gen-Mode
X-Rojux
X-Rewrite-Enabled
X-S-Cookie
X-ScT
X-Server-Time
X-Served-From
X-Request-UUID
X-Region-Sid
X-NU-AKA-ACS-Version
X-No-Session
X-Org
X-PAYTM-SRV-ID
X-Processor
X-Phone
X-SIPLIST1
X-Sn-Servicetimems
X-Via-NSCOPI
X-VG-WebServer
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
Xc-Version
X-Worker
X-Varnish-Action
X-Twitter-Response-Tags
X-SS-Set-Cookie
X-SRCache-Key
X-Swa-Ws
X-Thinkindot-L3
X-Trv-Group
X-Transaction
X-ND-Cache
X-Matched-Rule
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-Cluster-Name
X-Connection-Hash
X-Core-Value
X-Core-Mission
X-Cdn-Origin
X-Cache-Info
X-Application
X-Aed
X-ARC
X-BBXSRF
X-Cache-Bucket
X-Block-Status
X-D
X-Date
X-Hnp-Log
X-Geo-Header
X-IN-APIGATEWAY
X-IN-WAF
X-Irp-Debug
X-Instart-Info
Apple-News-Services-Host
X-G
X-Developer
X-Destination
X-DPWN-IS-SECURE
X-External-Request-Id
X-Fastly-Cache
X-Accel-Expires-Debug
X-B-Cookie
X-Info
Apple-News-Services-Handled
Fastly-SSL
X-TIME
X-Cdn-Forward
X-Rebelmouse-Surrogate-Control
X-Reboot
V-Age
X-Planisys-CDN-Cache
X-Rebelmouse-Cache-Control
X-Planisys-CDN-TTL
UCS
X-Qloud-Router
X-Planisys-CDN-Rules
X-Release
X-ServiceProvider
Server-Host
RNT-Time
RNT-Machine
Resin-Trace
X-Server-IP
ServerName
X-PHP-Host
X-Reqid
X-S-Maxage
X-Secret
X-Debug-Cookies
X-Owner
X-Hash
X-Cdn-Srv
X-Cache-Id
X-Cache-FS-Status
X-Cache-Expires
X-Generation-Time
X-Gannett-Site-Version
X-Debug-Log
X-Distil-CS
X-Distributor
X-Fetched-On
X-Cache-Debug
X-C
X-NX-Host
X-Origin-Date
X-Origin-Expires
Request-Time
X-App-Version
X-Nginx-Cache-Key
X-Bip
X-Instart-Isnd
X-Key
X-App-Name
X-Amz-Meta-Cache-Control
True-Client-Country-4JS
CDCHOST
X-Generated-On
X-Via-SSL
Esi-Enabled
Backend-Name
X-VC-Cache
X-Protected-By
X-Via-Edge
Country-Code
Epwk-Cache
X-Wikidot-Backend
Fastly-SWR
Fastly-SIE
X-Webstats-RespID
Request-EU
Gh-Request-Id
X-Wikidot-Static-Cache
X-Varnish-Cacheable
X-Level-Front-Cache
X-Thanos
Backend
Pramga
AKAMAI
Request-Country
Memcached
Version
X-ElasticPress-Search
X-FireWall-Port
X-Device-Os
X-Auto-Login
X-Li-Pop
X-Li-Fabric
X-LI-UUID
HTTPS
X-GeoIP-Country-Code
X-Location
X-GeoIP-City
X-Developers
X-Backend-State
X-Crawler
REQUESTUUID
X-Eu-Site
X-HS-Combine-CSS
X-HS-Cache-Config
Content-Disposition
X-CDN-Cache
X-CGP
X-Dispatcher-Server
Adler-Geo
X-Epic-Correlation-Id
X-Cms-Context
X-WebServer
Wxu-Next-Commit
Wxu-Next-Hostname
Wxu-Next-Region
X-SN
Is-Eu
Who
X-Variation
On-Server
X-TH-Server
Fastly-Soc-X-Request-Id
X-Request-URI
Platform
X-Agile-Id
X-Page-Type
ProcessTime
X-Skip-Cache
Heartbleed
X-Agile-Age
HA-Ipaddr
Ha-Gx-Prefs
X-Agile
SD-X-WS
X-AssetVersion
X-CACHE-GROUP
X-SVT-ORM-RULES
X-LAGOON
FNAC-ModuleRouting
X-Refresh
Server-ID
X-SVT-ORM-VERSION
X-Dc
Cache-Hits
Group
X-Sf
Mime-Version
X-Var-Ttl
X-IPS-LoggedIn
X-Load-Cache
X-WPE-Loopback-Upstream-Addr
Time
X-FPC
Memory
X-LI-Proto
X-AIR-PT
X-Real-Ip
Mobile-Detection-Method
X-Servername
X-Policy
X-GEO
X-NC
X-Wix-Request-Id
Cache-Provider
SS
Akamai-GRN
NtCoent-Length
Amp-Access-Control-Allow-Source-Origin
CF-IPCountry
X-Internal-Host
Cdn
Countrycode
X-Clientip
X-Edge-Location
X-We-Are-Hiring
X-Micro-Cache
X-CLOUD-TRACE-CONTEXT
X-CDN-Forward
X-NWS-UUID-VERIFY
X-Parent-Response-Time
X-CACHE-KEY
X-DC
X-ZONE
Fastcgi-X-Cache
X-Be
X-Gdpr
GW-Server
AR-SID
X-Datadome
X-Unique-ID
RequestId
X-Tb-Optimization-Total-Bytes-Saved
A
X-Cache-URL
X-Varnish-Beresp-Ttl
X-Apm-Svc-Key
X-Logtrace-Id
X-SD-PageType
X-Apm-Inst-Hash
X-Apm-App-Name
HostName
X-RateLimit-Limit-Second
Accept-Ch
Geoip-Latitude
GeoIp-Country-Code
CF-Cached-On
Ajk
X-RateLimit-Remaining-Second
X-Servedbyhost
Geoip-City
Ohc-Cache-HIT
Ohc-File-Size
X-Ratelimit-Remaining
X-Dynatrace-Js-Agent
X-Response-By
PICS-Label
Cf-Ipcountry
X-Zone
X-Vcl-Version
X-UPSTREAM-Address
X-APP
SN
X-Ratelimit-Limit
X-Varnish-Beresp-Status
Liferay-Portal
X-ECACHE
X-Varnish-Beresp-Grace
MIME-Version
X-Web-Server
X-SERVER-NAME
WebServer
X-VCL-Version
X-LiteSpeed-Cache-Control
X-Fstrz
X-Varnish-Beresp-TTL
Proxy-Firewall
X-Hyper-Cache
X-Pf-Uncompressing
X-NodeID
X-Newrelic-Synthetics
CDN
X-HS-Status
X-Aicache-OS
X-Fastly-Country-Code
Odigeo-Trace-Id
X-Request-Start
X-Amzn-Remapped-Connection
X-Amzn-Remapped-Date
X-Cache-Ttl
X-Lb-Id
X-Server-Group
LB
GeoIP-Country-Code
XServer
GeoIP-Latitude
GeoIP-City
X-ServedByHost
Get-Access-Time
Is-Session-Tracking
Section-Io-Cache
X-FORWARDED-FOR
X-Newrelic-App-Data
X-Fastly-Backend-Reqs
X-Pjax-Url
X-Method
X-Dispatch
X-MServer
X-SRV
X-COUNTRY
X-Edge-Server
PFcat
Cdn-Host
Cdn-Request-Time
X-Up
Requestid
X-RequestId
X-Check-Cacheable
X-CS
X-CSRF-TOKEN
X-Server-W
X-B3-SpanId
X-WA
X-PF-Uncompressing
X-VServer
X-Amzn-Remapped-Content-Length
X-Nananana
X-Dynatrace
X-Correlation-ID
X-Backend-Url
X-Oss-Request-Id
X-MSEdge-Flight
X-Cache-ASPX
X-Oss-Server-Time
X-Oss-Storage-Class
X-Oss-Object-Type
X-Contensis-Viewer-Groups
X-MSEdge-Features
X-Backend-Host
X-Oss-Hash-Crc64ecma
CACHE
Server-Cache-Control
Host-ID
X-Wa
Server-Surrogate-Control
X-Varnish-Authentication
X-Gateway-Cache-Status
X-Erf-Bev-Bev
X-F5-Cache
X-Debug-Cache-Store
X-Compress-Hint
X-Gateway-Skip-Cache
X-Gateway-Cache-Key
X-User
X-Backend-TTL
X-Akamai-Request-ID2
X-Debug-Cache-Fetch
X-Debug-Cache-Expiry
X-Erf-Bev-Bev-Is-Generated
Powered-By
Sid
Lb
X-LB-ID
Pragrma
X-LiteSpeed-Tag
Accept-Language
X-WR-MODIFICATION
X-EC-Lua
X-Powered-By-Defense
X-HTML-Minification-Powered-By
TTL
X-Generated-In
X-Got-Non-Ke-Cookie
X-Azure-Ref
X-PJAX-URL
X-CUA
X-Azure-Ref-OriginShield
Correlation-Id
Dynatrace
X-Svr
X-Dw-Trace-Id
X-Request-Url
X-BC
X-ServerName
Cneonction
352pxline
X-Urbn-Site-Id
286prxHost
355prline
409pxxline
X-Urbn-Context-Path
225prxHost
Locale
Xxline
188prxHost
189phosttRef
219prxHost
178proxuri
Pagetype
X-Cache-Miss-From
X-Sedo-Request-Id
X-NGINX-Cache
X-WADP-Cache
L
W
X-Edge
X-Clara-WADP
X-ABtesting
X-RateLimit-Reset
X-Bc
X-Hello
X-Li-Proto
X-Fpc
X-Fastly-Cache-Hits
X-Requestid
X-Exp-Se
X-Flog
X-HTML-Edge-Cache
X-Html-Edge-Cache
X-Swift-Error
X-Platform
URI
WP-Super-Cache
Dnion-Transfer-Encoding
X-CSRF-Token
User-Agent
Warning
X-Unique-Id
Https
Lfy
Ttl
X-MID
X-Cache-Tag
X-Akamai-SSL-Client-Sid
X-MCACHE
RequestUuid
X-Request-URL
X-Via-Ucdn
X-PAGE-TYPE
N-Cache
X-BE
Magicmarker
X-Mid
X-Alicdn-Da-Ups-Status
X-GDPR
X-Gen-Id
X-Sucuri-Cache
X-Sucuri-ID
Kp-EeAlive
FSS-Cache
V-Cache
Server-Id
X-Cache-Detail
X-App
FSS-Proxy
Ohc-Response-Time