Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Pragma
X-Powered-By
CF-RAY
Link
X-XSS-Protection
ETag
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-Cache-Hits
X-Amz-Cf-Pop
X-UA-Compatible
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
CF-Cache-Status
X-Request-Id
X-Timer
X-FRAME-OPTIONS
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
Alt-Svc
X-Check
X-Cacheable
X-Generator
Content-Security-Policy-Report-Only
X-Xss-Protection
X-Cache-Status
X-Permitted-Cross-Domain-Policies
X-AspNetMvc-Version
X-Ua-Compatible
Status
P3p
Timing-Allow-Origin
X-Template
Content-Encoding
X-DNS-Prefetch-Control
X-Language
X-Content-Security-Policy
X-Iinfo
X-Request-ID
Upgrade
X-Buckets
X-CDN
Xkey
X-Kinja-Server-Push
X-Turbo-Charged-By
X-Via
Keep-Alive
Access-Control-Expose-Headers
Access-Control-Max-Age
X-AH-Environment
X-Pass-Why
X-Drupal-Dynamic-Cache
CF-Ray
X-Cache-Group
X-Age
X-Backend
X-Server
X-Amz-Id-2
X-Amz-Request-Id
X-Robots-Tag
X-Page-Speed
X-Envoy-Upstream-Service-Time
X-Pingback
X-Hacker
X-Varnish-Cache
X-Server-Powered-By
X-Nginx-Cache-Status
EagleId
X-Proxy-Cache
Grace
X-UA-Device
Request-Context
Cf-Railgun
WPE-Backend
X-Amz-Version-Id
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-WebKit-CSP
X-Device
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-LiteSpeed-Cache
X-OneAgent-JS-Injection
Feature-Policy
X-Ac
X-Node
X-Server-Id
Content-Location
X-Rq
X-Host
X-Cnection
EagleEye-TraceId
Allow
X-Backend-Server
Server-Timing
Report-To
X-Cache-Lookup
X-Response-Time
X-Application-Context
Request-Id
X-Dns-Prefetch-Control
Surrogate-Control
X-Origin-Cache
X-Readtime
X-Cloud-Trace-Context
Pinterest-Generated-By
X-ORACLE-DMS-ECID
X-CST
NEL
X-Ruxit-JS-Agent
X-Rack-Cache
X-FTR-Request-ID
X-Vhost
X-HW
X-Country
X-Clacks-Overhead
X-Country-Code
X-DynaTrace
Rating
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Goog-Hash
X-Instart-Request-ID
X-Origin-Upstream-Status
X-Url
X-Dispatcher
X-Mod-Pagespeed
X-DataDome
Edge-Control
X-Px
X-VARITI-CCR
X-PC
X-TtlSet
X-Vname
Service-Worker-Allowed
X-MS-InvokeApp
Accept-CH
Verso
X-Server-Name
X-DataStream-Cache-Status
X-Varnish-TTL
X-Kinja-Build
X-Use-Magma
X-GoogleNews-Bot
X-Kinja-Revision
X-Powered-By-Plesk
X-Kinja-Server
X-Exp-Id
X-Kinja
X-Exp-Variant
X-Cdn-Fetch
X-Recruiting
SPRequestGuid
AR-ATIME
AR-CACHE
AR-PoweredBy
X-Vcap-Request-Id
X-GitHub-Request-Id
X-ESI
X-D2id
MS-Author-Via
X-Amz-Server-Side-Encryption
X-ORACLE-DMS-RID
AR-Request-ID
Content-MD5
Public-Key-Pins
X-Abt-Application-Version
X-Version
X-Cached
RTSS
X-SharePointHealthScore
PB-PID
X-Mobile-Rewrite
PB-RID
Arc-Version
Nginx-Cache
Display
X-Middleton-Response
Response
X-Sol
X-Middleton-Display
X-DynaTrace-JS-Agent
Pinterest-Version
X-Pinterest-Rid
X-Upstream-Proxy
X-Navigation-Version
Ar-Sid
DynaTrace
Charset
X-Amz-Rid
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Goog-Metageneration
ServerID
X-XRDS-Location
Realpath
X-Akam-SW-Version
X-Powered-CMS
X-Oracle-Dms-Rid
X-Client-IP
X-SRCache-Fetch-Status
Fusion-Component-Id
Fusion-Template-Id
Fusion-Content-Id
X-SRCache-Store-Status
Fusion-Content-Source
Fusion-Source
X-Ttl
X-Forwarded-Proto
X-Trace
X-FTR-Cache-Status
X-FTR-DC
X-FTR-Realm
X-FTR-Balancer
X-FTR-Backend
X-FTR-Backend-Server
X-Country-Code-Real
TCN
X-Shield-Request-Id
X-VCache
X-FTR-Expires
X-Litespeed-Cache
X-Goog-Storage-Class
X-RateLimit-Remaining
X-B3-TraceId
X-Amz-Meta-S3cmd-Attrs
X-Ser
X-Dw-Request-Base-Id
SPRequestDuration
SPIisLatency
X-Server-ID
X-Debug
X-TTL
X-Cdn
X-Id
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
Alternate-Protocol
X-Fastly-Request-ID
X-FTR-Cache-Host
X-Shard
X-Varnish-Age
X-Upstream
Paypal-Debug-Id
S
Fastcgi-Cache
X-MSEdge-Ref
X-Hits
X-T
X-Acc-Meta-Resource-Type
Host
X-Ezoic-Cdn
MRF-Tech
Mrf-Cache-Status
X-B3-TraceId-Primal
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
MicrosoftSharePointTeamServices
X-NF-Request-ID
Front-End-Https
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
X-Logged-In
X-Content-Digest
X-Frontend
Access-Control-Request-Method
Arr-Disable-Session-Affinity
X-DIS-Request-ID
X-HS-Hub-Id
X-HS-Content-Id
X-N
Server-Name
X-Amzn-Trace-Id
Pagespeed
X-Kinsta-Cache
X-Forwarded-For
X-IPLB-Instance
X-B3-Sampled
X-Pad
X-Srv
X-Content-Type
Edge-Cache-Tag
X-Request-Handler-Origin-Region
X-Microsite
Accept-CH-Lifetime
FilterID
AMP-Access-Control-Allow-Source-Origin
X-Accel-Expires
Tracecode
X-AOL-HN
X-Type
X-Rid
X-LB-Cache
Surrogate-Key
X-Debug-Info
TP-Cache
TP-L2-Cache
X-FastCGI-Cache
X-Fastcgi-Cache
X-Request-Received
X-Request-Processing-Time
X-Node-Name
X-Grace
X-Via-JSL
Backend-Timing
X-Analytics
X-RateLimit-Limit
X-Hostname
X-Page-Id
X-GUploader-UploadID
Accept-Ch-Lifetime
Accept-Charset
Healthy
X-Revision
X-Whom
X-Content-Options
X-Cache-Rule
X-NWS-LOG-UUID
X-Webkit-Csp
X-Varnish-Backend
X-Cache-2
X-B3-Traceid
X-Cache-Age
Host-Header
X-Content-Powered-By
X-User-Agent
X-Amz-Replication-Status
X-TT
X-Cached-By
X-Content-Security-Policy-Report-Only
X-FB-Debug
X-Correlation-Id
X-Varnish-Hostname
X-Cache-Control
X-Framework
Source
VIX-Pulpo-Node
X-Cluster
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Tumblr-User
X-App-Environment
X-Request-Guid
Powered
X-PHP-Backend
VIX-Pulpo-Upstream-Status
X-Varnish-Grace
X-Akamai-Edgescape
X-BCube-Filmed-By
X-Mobile
X-Instance
Upgrade-Insecure-Requests
Cache-Status
Fastly-Restarts
X-Iejgwucgyu
X-Amzn-RequestId
X-Cache-Hit
X-Amz-Apigw-Id
Cleartype
X-AppVersion
Access-Control-Allow-Method
X-Az
X-Activity-Id
X-Jobs
Server-Info
X-Zen-Fury
X-Drupal-Cache-Tags
Retry-After
X-Cache-TTL
X-Cache-Remote
X-Platform-Server
X-ATG-Version
X-CF-Powered-By
Actual-Object-TTL
X-FW-Type
X-FW-Static
X-FW-Server
X-FW-Hash
X-FW-Serve
X-Cache-Key
X-Cache-Action
X-Forwarded-Host
X-Real-IP
X-Cache-Operation
X-Oneagent-Js-Injection
X-Geo-Country
X-Esi
X-Response-Served-From
Payment
X-WebKit-CSP-Report-Only
X-Adobe-Loc
X-Adobe-Content
Server-Node
Cache-Tags
PageSpeed
X-ProcessESI
X-Content-Age
Filters
Eomportal-Instance
X-Storage
X-Tumblr-Pixel-1
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-TX-ID
X-Tumblr-Pixel-2
X-TT-TIMESTAMP
X-RemovedCookies
X-F-Cache
X-VG-WebCache
X-UA-Device-Type
X-Varnish-Hits
Cache-Tv-Group
X-URL
X-Cacheable-TTL
X-Daa-Tunnel
X-Handled-By
X-GeoIP
X-Cache-NE
Cache
X-B
X-RequestSource
X-Vcache
Refresh
DC
Cache-Tag
X-PressLabs-Stats
MS-CV
X-Git-Hash
X-Accel-Buffering
From-Origin
X-Redis-Cache
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
Frame-Options
Viewport
X-Host-Name
Webserver
X-Guploader-Uploadid
X-App-Server
Datacenter
X-Origin-Server
X-UUID
X-Rendered-As
X-WA-Info
Xserver
X-Contextid
X-Cache-TTL-Remaining
X-FB-TRIP-ID
X-TA-CDN-Provider
X-Magnolia-Registration
X-Cache-Enabled
X-FW-Dynamic
X-Mode
Country
X-Varnish-Server
X-Ratelimit-Reset
X-Locale
X-Ua
X-From
X-ES-SERVER
X-RN-RSRV
X-Cache-Var-Map
X-Path-Route
Load-Balancing
GEO-INFO
X-Upstream-CT
Meta-Geo
X-Cache-Var
Machine
X-Rule
X-Upstream-HT
X-Hl-Ver
X-NCache
X-Zipkin-Id
Cache-Key
X-ProxyCache-Key
X-ServerID
X-Goog-Meta-Goog-Reserved-File-Mtime
ServedBy
NGX
X-ProxyCache-Status
X-Web-Node
X-Backend-Name
X-Cache-Config
X-Routing-Service
X-B-Cache
X-Signature
X-BYPASS-REASON
X-Rocket-Nginx-Bypass
X-Proxied
Vix-Hermes-Req-Id
X-FC-Vary-Parameters
X-EIG-Tracking-Id
X-Hit
X-Cache-Host
X-Debug-Cache
L5d-Success-Class
Uber-Trace-Id
Origin-Cache-Control
Now
Origin-Edge-Control
X-Environment-Context
Mn-Server-Ip
X-Pubstack
X-OCL
X-Upgrade-Enabled
X-Region
X-Hosted-By
X-Proto
X-Viewer-Country
X-VG-TLSProxy
X-R9-Blue-Green-Version
X-PCL
X-JoinUs
X-L-Path
X-Human
Cteonnt-Length
X-Labrador-Cache-Channel
X-Akamai-Request-ID
X-VWS-Id
X-Grey
X-EdgeConnect-Cache-Status
X-Vgn-Hpd-Reason
X-AWS-Id
X-Www-Served-By
X-TNCMS
X-S
X-Trace-Id
X-Tumblr-Pixel-3
X-LJ-Flow-ID
X-Cache-Backend
X-Varnish-Cache-Hits
X-Via-Fastly
X-Loop
X-Device-Type
X-CCM
X-Cache-Category-Id
X-RCS-CacheZone
X-Varnish-IP
X-XRDS-LOCATION
X-Generated
X-Origin-Response-Time
X-MP-GENERATED-AT
X-Timing-Wait
X-Section
Selected-FE
X-Access
X-Is-Bot
We-Hiring
X-VCT
X-Detected-As
X-Proxy-Build
X-Xfnlog-Site
Release
DB-Nickname
DSUID
Mail-Subject
X-APP-VERSION
Powered-By-ChinaCache
X-Site-Version
X-NGENIX-Cache
X-Hp-Webp
X-Mobile-URL
OT-Force-Account-Verify
Nel
Cache-Name
Rt-Fastcgi-Cache
X-NewRelic-App-Data
X-BACKEND-TTL
X-B3-Spanid
X-Drupal-Cache-Contexts
X-Nginx-Cache
HitType
S-Cnection
Served-By
X-Tb
X-GRACE
X-Seen-By
X-Source
X-Cache-Grace
Fastcgi-Useragent
X-Webkit-CSP
SRV
X-Generated-By
X-UnsetCookies
X-RTag
Hostname
Ms-Operation-Id
X-Cluster-Node
X-Format
X-Time
X-Birta-Cache-Post
X-Birta-Served
X-Proxy
X-Presslabs-Stats
X-Cache-Server
X-Microcachable
X-Akamai-Transformed
X-OVcl-Cache
X-ApacheServer
X-PERF
X-OVcl
X-Status
X-Geo
X-Time-Microsecs
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-Endurance-Cache-Level
Azure-SlotName
X-Shopify-Stage
X-ShopId
Azure-Version
Decoy-Debug-Key
Azure-SiteName
Azure-InstanceId
X-ShardId
X-Alternate-Cache-Key
Azure-RegionName
Decoy-Debug-TTL
X-IP
Decoy-Debug-Status
TWC-GeoIP-LatLong
X-FW-Version
TWC-GeoIP-Country
TWC-Locale-Group
TWC-Device-Class
Property-Id
Fastcgi-X-Cache-Version
X-Cdn-Forward
TWC-Connection-Speed
Webcakes-App-Name
X-Via-CDN
TWC-Privacy
Webcakes-App-Version
Access-Control-Request-Headers
X-Origin-Hint
Webcakes-Region
X-Origin
IBM-Web2-Location
S-Rt
X-B3-Parentspanid
NGB
Origin
X-Origin-CC
X-Origin-TTL
X-Info
Ec-Rule-Version
Proxy-Connection
Fastly-SSL
X-Request-Time
X-Sn-Servicetimems
Meta-Geo-Continent
MD5-Digest
Apple-News-Services-Host
X-NU-AKA-ACS-Version
Rendered-Blocks
X-SRCache-Key
Apple-News-Services-Handled
X-Org
X-Phone
Apple-News-Services-Parsed-Url
Cache-Prefix
Node
X-PAYTM-SRV-ID
AsisCache
Cross-Origin-Window-Policy
X-Twitter-Response-Tags
BehaviorPad-Version
Content-Style-Type
Cache-Cookie-Set-Lfrom
Content-Script-Type
Cache-Cookie-Set-From
Fly-Cache
Fly-Request-Id
Apple-News-Services-Request-Url
X-Thinkindot-L3
IsBot
Arc-Country
X-Transaction
GEO-REGION-INFO
X-Trv-Group
X-SS-Set-Cookie
X-A-Ccd
X-S-Cookie
X-Core-Value
X-D
X-Matched-Rule
X-Date
X-Processor
X-Core-Mission
X-Connection-Hash
X-CF-Lambda-Fn
X-Cdn-Origin
X-CF-Lambda-Version
X-Cluster-Name
X-ScT
X-Rojux
X-Rewrite-Enabled
X-Region-Sid
X-Fastly-Cache
X-IN-WAF
X-G
X-Hnp-Log
X-IN-APIGATEWAY
X-Instart-Info
X-External-Request-Id
X-Destination
X-Request-UUID
X-Developer
X-DPWN-IS-SECURE
X-Irp-Debug
X-Cache-Info
X-Cache-Bucket
Www
Web-Mar-Node
X-A
X-Gen-Mode
X-A-Dcw
X-A-Dam
VivaBuild
Viewtype
Thinkindot-CacheControl
Server-Int
Thinkindot-CacheControl-Type
Thinkindot-Control
User-Cache-Control
X-A-Dgt
X-A-Wwc
X-BBXSRF
X-B-Cookie
X-VG-WebServer
X-ND-Cache
X-Block-Status
X-ARC
X-Application
X-Accel-Expires-Debug
X-SIPLIST1
X-Aed
X-ServiceProvider
X-Server-Time
Rt-Proxy-Cache
Cache-Cookie-Set-Idcheck
X-Via-NSCOPI
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
X-Worker
X-App-Version
Xc-Version
Backend-Name
X-Nc
X-ElasticPress-Search
WZWS-RAY
X-Varnish-Cacheable
X-Ruxit-Js-Agent
On-Server
X-Secret
X-Cache-Expires
X-Origin-Date
X-Cache-FS-Status
X-Cache-Id
X-Cdn-Srv
X-Generation-Time
X-S-Maxage
X-Swa-Ws
X-Origin-Expires
Memcached
X-Qloud-Router
Request-Country
RNT-Machine
Epwk-Cache
X-NX-Host
ServerName
X-Server-IP
V-Age
UCS
True-Client-Country-4JS
X-App-Name
X-Via-Edge
RNT-Time
Resin-Trace
Request-Time
X-Cache-Debug
X-Served-From
Server-Host
X-C
Request-EU
X-Debug-Cookies
X-Key
X-PHP-Host
X-Via-SSL
X-Release
X-Reqid
CDCHOST
X-Request-URI
X-Fetched-On
X-Gannett-Site-Version
X-Varnish-Action
X-VC-Cache
X-Page-Type
X-Rebelmouse-Cache-Control
X-Geo-Header
X-Reboot
X-Rebelmouse-Surrogate-Control
X-Nginx-Cache-Key
X-Webstats-RespID
X-No-Session
Fastly-SWR
X-Wikidot-Static-Cache
X-Debug-Log
X-Amz-Meta-Cache-Control
Gh-Request-Id
X-Distributor
X-Distil-CS
Esi-Enabled
X-Hash
X-Wikidot-Backend
Country-Code
Fastly-SIE
X-FireWall-Port
Version
X-Agile
X-Agile-Id
X-Agile-Age
X-Protected-By
X-Planisys-CDN-TTL
X-HS-Combine-CSS
X-CGP
X-Developers
X-Location
X-Crawler
X-Device-Os
X-Dispatcher-Server
X-Eu-Site
X-Epic-Correlation-Id
X-UA
X-Cms-Context
X-HS-Cache-Config
X-Backend-State
HTTPS
X-GeoIP-City
X-CDN-Cache
X-Bip
X-Auto-Login
Wxu-Next-Hostname
X-TH-Server
X-SN
SD-X-WS
Is-Eu
X-Skip-Cache
X-WebServer
Content-Disposition
X-Instart-Isnd
Fastly-Soc-X-Request-Id
Platform
Ha-Gx-Prefs
Heartbleed
X-Li-Fabric
Pramga
X-Planisys-CDN-Cache
ProcessTime
X-Planisys-CDN-Rules
X-Li-Pop
X-LI-UUID
Adler-Geo
Wxu-Next-Region
X-GeoIP-Country-Code
X-Variation
X-Level-Front-Cache
X-Generated-On
Wxu-Next-Commit
X-Thanos
Backend
X-Owner
HA-Ipaddr
AKAMAI
Who
X-LAGOON
REQUESTUUID
Server-ID
Group
X-AssetVersion
X-CACHE-GROUP
X-TIME
X-Refresh
X-SVT-ORM-RULES
Mime-Version
X-IPS-LoggedIn
X-SVT-ORM-VERSION
FNAC-ModuleRouting
X-WPE-Loopback-Upstream-Addr
Cache-Hits
Memory
Time
X-Load-Cache
X-Var-Ttl
X-LI-Proto
X-AIR-PT
X-Sf
X-NC
Mobile-Detection-Method
X-FPC
X-Dc
X-Servername
X-Edge-Location
X-DC
X-Wix-Request-Id
X-Real-Ip
Akamai-GRN
X-GEO
X-Policy
SS
X-Internal-Host
X-CACHE-KEY
X-NWS-UUID-VERIFY
Countrycode
X-We-Are-Hiring
NtCoent-Length
X-Clientip
Cache-Provider
Amp-Access-Control-Allow-Source-Origin
Cdn
X-CLOUD-TRACE-CONTEXT
CF-IPCountry
X-Micro-Cache
X-Parent-Response-Time
X-Unique-ID
GW-Server
X-ZONE
Fastcgi-X-Cache
X-Be
X-Gdpr
X-Datadome
X-Varnish-Beresp-Ttl
AR-SID
X-CDN-Forward
X-Servedbyhost
RequestId
A
X-Tb-Optimization-Total-Bytes-Saved
X-Cache-URL
X-SD-PageType
Ohc-File-Size
CF-Cached-On
Ohc-Cache-HIT
X-Response-By
X-Logtrace-Id
X-Apm-Svc-Key
X-Apm-App-Name
Ajk
X-Apm-Inst-Hash
Accept-Ch
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Ratelimit-Remaining
Cf-Ipcountry
X-Zone
Liferay-Portal
PICS-Label
X-Web-Server
X-ECACHE
X-VCL-Version
X-Varnish-Beresp-Status
Geoip-City
GeoIp-Country-Code
SN
X-Dynatrace-Js-Agent
Geoip-Latitude
X-Varnish-Beresp-Grace
HostName
X-UPSTREAM-Address
X-APP
X-Hyper-Cache
MIME-Version
Proxy-Firewall
X-Vcl-Version
WebServer
X-Fstrz
X-SERVER-NAME
X-LiteSpeed-Cache-Control
GeoIP-Country-Code
CDN
GeoIP-City
X-Fastly-Country-Code
Odigeo-Trace-Id
X-NodeID
X-Request-Start
X-Varnish-Beresp-TTL
X-HS-Status
GeoIP-Latitude
X-Newrelic-Synthetics
X-Server-Group
X-Amzn-Remapped-Date
X-Lb-Id
X-Cache-Ttl
X-Aicache-OS
Section-Io-Cache
X-Amzn-Remapped-Connection
X-Pf-Uncompressing
X-MServer
Is-Session-Tracking
X-Dispatch
Get-Access-Time
XServer
X-FORWARDED-FOR
X-Newrelic-App-Data
X-Ratelimit-Limit
LB
Requestid
X-B3-SpanId
Cdn-Request-Time
PFcat
X-Edge-Server
Cdn-Host
X-Method
X-ServedByHost
X-Fastly-Backend-Reqs
X-Pjax-Url
X-SRV
X-Up
X-RequestId
X-PF-Uncompressing
X-CS
X-VServer
X-COUNTRY
X-Check-Cacheable
X-Server-W
X-Amzn-Remapped-Content-Length
X-WA
Host-ID
X-Erf-Bev-Bev
X-CSRF-TOKEN
X-Erf-Bev-Bev-Is-Generated
X-Nananana
X-Dynatrace
X-Backend-TTL
X-Correlation-ID
X-Oss-Hash-Crc64ecma
Server-Surrogate-Control
CACHE
X-Oss-Storage-Class
X-MSEdge-Flight
X-Cache-ASPX
X-Backend-Host
X-Contensis-Viewer-Groups
X-Oss-Object-Type
X-MSEdge-Features
X-Backend-Url
X-Varnish-Authentication
X-Wa
Powered-By
Pragrma
Lb
Server-Cache-Control
X-Oss-Server-Time
X-Oss-Request-Id
X-Powered-By-Defense
X-Debug-Cache-Fetch
X-Gateway-Cache-Status
X-Akamai-Request-ID2
X-Debug-Cache-Expiry
X-F5-Cache
X-User
X-Gateway-Skip-Cache
X-Compress-Hint
X-Gateway-Cache-Key
Sid
X-Azure-Ref
X-Azure-Ref-OriginShield
X-HTML-Minification-Powered-By
X-Debug-Cache-Store
X-CUA
X-LiteSpeed-Tag
X-LB-ID
Accept-Language
X-WR-MODIFICATION
TTL
Correlation-Id
X-Got-Non-Ke-Cookie
X-Generated-In
X-EC-Lua
X-PJAX-URL
Dynatrace
X-NGINX-Cache
X-Bc
X-Fpc
Locale
Xxline
286prxHost
355prline
352pxline
URI
X-Urbn-Context-Path
X-BC
219prxHost
X-Clara-WADP
X-WADP-Cache
W
189phosttRef
188prxHost
Pagetype
178proxuri
X-Edge
X-Svr
X-Sedo-Request-Id
X-ServerName
X-Dw-Trace-Id
Cneonction
225prxHost
X-Urbn-Site-Id
X-Cache-Miss-From
409pxxline
X-Request-Url
X-Exp-Se
L
X-HTML-Edge-Cache
X-Fastly-Cache-Hits
X-Swift-Error
X-Li-Proto
X-Requestid
X-Flog
X-ABtesting
X-Html-Edge-Cache
X-MID
X-Hello
Https
X-Edge-IP
X-Unique-Id
User-Agent
X-Varnish-Url
X-Via-Ucdn
X-CSRF-Token
X-Platform
Warning
Ttl
Dnion-Transfer-Encoding
Lfy
X-Cache-Tag
WP-Super-Cache
X-BE
X-Akamai-SSL-Client-Sid
Srv
X-Mid
Magicmarker
N-Cache
RequestUuid
X-MCACHE
FSS-Cache
X-Cache-Detail
V-Cache
Server-Id
FSS-Proxy
Kp-EeAlive
X-Sucuri-Cache
X-Sucuri-ID
X-Alicdn-Da-Ups-Status
X-App
X-Gen-Id
X-GDPR
Ohc-Response-Time