Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Pragma
X-Powered-By
CF-RAY
Link
X-XSS-Protection
ETag
Expect-CT
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-Cache-Hits
X-Amz-Cf-Pop
X-UA-Compatible
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
CF-Cache-Status
X-Request-Id
X-Timer
Access-Control-Allow-Headers
X-FRAME-OPTIONS
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
Alt-Svc
X-Check
X-Cacheable
X-Generator
Content-Security-Policy-Report-Only
X-Xss-Protection
X-Cache-Status
X-Permitted-Cross-Domain-Policies
X-AspNetMvc-Version
X-Ua-Compatible
Status
Timing-Allow-Origin
X-Template
X-Language
Content-Encoding
X-DNS-Prefetch-Control
X-Iinfo
X-Content-Security-Policy
X-Request-ID
Upgrade
X-Buckets
Xkey
X-Kinja-Server-Push
X-CDN
P3p
X-Turbo-Charged-By
Access-Control-Expose-Headers
X-Via
Keep-Alive
Access-Control-Max-Age
X-AH-Environment
X-Pass-Why
X-Drupal-Dynamic-Cache
CF-Ray
X-Cache-Group
X-Age
X-Backend
X-Server
X-Amz-Id-2
X-Amz-Request-Id
X-Robots-Tag
X-Page-Speed
X-Pingback
X-Envoy-Upstream-Service-Time
X-Hacker
X-Varnish-Cache
X-Server-Powered-By
EagleId
X-Nginx-Cache-Status
X-Proxy-Cache
Grace
X-UA-Device
Request-Context
WPE-Backend
Cf-Railgun
X-Swift-SaveTime
X-Swift-CacheTime
X-Amz-Version-Id
Ali-Swift-Global-Savetime
X-LiteSpeed-Cache
X-Device
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Server-Id
X-OneAgent-JS-Injection
X-WebKit-CSP
X-Node
X-Ac
Feature-Policy
X-Rq
Content-Location
X-Host
EagleEye-TraceId
X-Cnection
Server-Timing
Allow
Report-To
X-Backend-Server
X-Cache-Lookup
X-Response-Time
X-Application-Context
Request-Id
X-Dns-Prefetch-Control
Surrogate-Control
X-Readtime
X-Cloud-Trace-Context
X-ORACLE-DMS-ECID
X-Origin-Cache
Pinterest-Generated-By
X-CST
NEL
X-FTR-Request-ID
X-Ruxit-JS-Agent
X-Rack-Cache
X-Vhost
X-HW
X-Clacks-Overhead
X-Country
X-Country-Code
X-DynaTrace
Rating
X-Instart-Request-ID
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Goog-Hash
X-Mod-Pagespeed
X-Url
X-Dispatcher
X-Origin-Upstream-Status
X-Cdn
X-DataDome
Edge-Control
X-VARITI-CCR
Accept-CH
X-Px
X-Vname
X-TtlSet
X-PC
Service-Worker-Allowed
X-MS-InvokeApp
Verso
X-Server-Name
X-DataStream-Cache-Status
X-GoogleNews-Bot
X-Exp-Variant
X-Varnish-TTL
X-Kinja
X-Cdn-Fetch
X-Exp-Id
X-Kinja-Build
X-Use-Magma
X-Kinja-Server
X-Kinja-Revision
X-Powered-By-Plesk
AR-PoweredBy
AR-ATIME
AR-CACHE
X-GitHub-Request-Id
X-Recruiting
X-Vcap-Request-Id
MS-Author-Via
X-ORACLE-DMS-RID
X-ESI
Public-Key-Pins
SPRequestGuid
X-Amz-Server-Side-Encryption
AR-Request-ID
X-D2id
Content-MD5
X-Version
PB-PID
Arc-Version
PB-RID
X-Mobile-Rewrite
X-Cached
RTSS
X-Abt-Application-Version
Nginx-Cache
X-DynaTrace-JS-Agent
DynaTrace
Ar-Sid
X-Pinterest-Rid
Pinterest-Version
X-Upstream-Proxy
X-SharePointHealthScore
X-Navigation-Version
Display
Response
X-Middleton-Display
X-Middleton-Response
X-Sol
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Metageneration
Realpath
X-XRDS-Location
X-Amz-Rid
X-B3-TraceId
Charset
X-VCache
X-Akam-SW-Version
X-Powered-CMS
X-Client-IP
X-Forwarded-Proto
X-Oracle-Dms-Rid
X-FTR-Backend
X-FTR-Balancer
X-FTR-Cache-Status
X-FTR-DC
X-FTR-Backend-Server
X-FTR-Realm
ServerID
X-Country-Code-Real
X-FTR-Expires
X-Ttl
X-SRCache-Fetch-Status
X-SRCache-Store-Status
TCN
X-Shield-Request-Id
X-Ser
X-Trace
X-Amz-Meta-S3cmd-Attrs
X-TTL
X-Goog-Storage-Class
X-Debug
Fusion-Component-Id
Fusion-Content-Id
Fusion-Content-Source
Fusion-Template-Id
Fusion-Source
X-Id
SPIisLatency
X-Dw-Request-Base-Id
SPRequestDuration
X-Fastly-Request-ID
X-FTR-Cache-Host
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
Alternate-Protocol
X-RateLimit-Remaining
S
X-Hits
Paypal-Debug-Id
Fastcgi-Cache
X-Varnish-Age
X-T
X-Upstream
X-Acc-Meta-Resource-Type
X-MSEdge-Ref
X-Shard
Host
X-Litespeed-Cache
X-NF-Request-ID
X-Mrf-Item-Lastmod
Mrf-Cache-Status
X-B3-TraceId-Primal
MRF-Tech
X-Mrf-Section-Lastmod
X-Ezoic-Cdn
Access-Control-Request-Method
Accept-CH-Lifetime
MicrosoftSharePointTeamServices
X-Logged-In
Front-End-Https
X-Content-Digest
Arr-Disable-Session-Affinity
X-Fastcgi-Cache
X-Frontend
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
X-HS-Hub-Id
X-HS-Content-Id
X-N
X-Amzn-Trace-Id
Server-Name
X-Server-ID
X-Webkit-CSP
X-DIS-Request-ID
X-Iejgwucgyu
X-Kinsta-Cache
X-Pad
X-IPLB-Instance
Tracecode
X-Forwarded-For
X-Srv
X-B3-Sampled
X-Content-Type
X-Request-Handler-Origin-Region
X-Microsite
FilterID
X-Accel-Expires
AMP-Access-Control-Allow-Source-Origin
Surrogate-Key
X-Type
X-Rid
TP-Cache
TP-L2-Cache
X-LB-Cache
X-Debug-Info
X-Node-Name
X-Request-Received
X-Request-Processing-Time
X-AOL-HN
X-Analytics
Backend-Timing
Edge-Cache-Tag
X-Hostname
X-Via-JSL
Pagespeed
X-Grace
Accept-Charset
X-Page-Id
X-GUploader-UploadID
X-Revision
X-Whom
X-Content-Options
X-User-Agent
X-Cache-2
X-Varnish-Backend
X-Webkit-Csp
Healthy
X-Content-Powered-By
X-RateLimit-Limit
X-Cache-Rule
X-Cache-Age
X-NWS-LOG-UUID
X-TT
X-Amz-Replication-Status
X-Framework
Host-Header
X-Mobile
X-Content-Security-Policy-Report-Only
Powered
X-PHP-Backend
X-Cache-Control
X-FB-Debug
X-Varnish-Hostname
X-Cluster
Cache-Status
X-Correlation-Id
X-Request-Guid
X-App-Environment
X-Tumblr-Pixel
X-Tumblr-Pixel-0
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
Source
Upgrade-Insecure-Requests
X-Tumblr-User
X-Akamai-Edgescape
X-Cached-By
X-Instance
X-BCube-Filmed-By
X-Varnish-Grace
Fastly-Restarts
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Cache-Hit
X-AppVersion
X-Az
X-Activity-Id
X-FastCGI-Cache
Access-Control-Allow-Method
Server-Info
X-Drupal-Cache-Tags
Cleartype
X-Platform-Server
Retry-After
X-Cache-Key
X-Zen-Fury
X-Jobs
PageSpeed
X-Cache-Remote
X-Cache-TTL
X-ATG-Version
Cache-Tags
X-FW-Hash
X-FW-Type
X-CF-Powered-By
X-FW-Static
X-FW-Server
X-FW-Serve
X-TA-CDN-Provider
X-Cache-Action
X-Forwarded-Host
Actual-Object-TTL
X-Esi
X-F-Cache
X-Geo-Country
Server-Node
X-B3-Traceid
X-Oneagent-Js-Injection
MS-CV
X-Real-IP
X-Response-Served-From
Payment
Cache
X-Cache-Operation
X-ProcessESI
X-WebKit-CSP-Report-Only
X-RemovedCookies
X-Adobe-Content
X-UA-Device-Type
X-Adobe-Loc
X-TT-TIMESTAMP
X-TX-ID
X-Varnish-Hits
X-Storage
X-Tumblr-Pixel-2
X-Content-Age
X-Tumblr-Pixel-1
Eomportal-Instance
X-GeoIP
X-Yottaa-Metrics
X-VG-WebCache
Accept-Ch-Lifetime
X-Yottaa-Optimizations
X-Handled-By
X-B
X-Cacheable-TTL
Filters
X-Cache-NE
Cache-Tv-Group
X-RequestSource
X-URL
X-PressLabs-Stats
DC
Refresh
X-Redis-Cache
X-Daa-Tunnel
From-Origin
Cache-Tag
Frame-Options
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Origin-Server
X-Host-Name
X-WA-Info
Viewport
X-Git-Hash
X-UUID
Webserver
X-Accel-Buffering
X-Guploader-Uploadid
X-Rendered-As
X-App-Server
Datacenter
Xserver
X-FW-Dynamic
X-Magnolia-Registration
X-Varnish-Server
Country
X-Locale
X-Contextid
X-Mode
X-Cache-TTL-Remaining
X-FB-TRIP-ID
X-Signature
X-B-Cache
X-Cache-Enabled
X-Region
X-Ua
GEO-INFO
X-From
X-Hl-Ver
X-Rule
X-ES-SERVER
X-Routing-Service
X-Www-Served-By
X-Zipkin-Id
X-RN-RSRV
X-Proxied
Load-Balancing
Machine
Meta-Geo
X-Path-Route
X-Cache-Var
X-Trace-Id
X-Cache-Var-Map
ServedBy
X-ServerID
X-Backend-Name
NGX
X-BYPASS-REASON
X-Cache-Config
X-Detected-As
X-ProxyCache-Status
Cache-Key
X-ProxyCache-Key
X-Rocket-Nginx-Bypass
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Web-Node
X-NCache
X-Upstream-CT
X-Upstream-HT
X-Is-Bot
X-Viewer-Country
X-Upgrade-Enabled
X-FC-Vary-Parameters
Uber-Trace-Id
X-L-Path
X-Human
X-OCL
L5d-Success-Class
X-Environment-Context
X-Labrador-Cache-Channel
X-Hosted-By
X-Via-Fastly
Mn-Server-Ip
Now
Vix-Hermes-Req-Id
X-EIG-Tracking-Id
X-PCL
X-JoinUs
X-Debug-Cache
X-VG-TLSProxy
Origin-Cache-Control
X-Proto
Origin-Edge-Control
X-Tumblr-Pixel-3
X-R9-Blue-Green-Version
X-Vcache
X-MP-GENERATED-AT
X-AWS-Id
X-Akamai-Request-ID
X-Varnish-IP
X-Varnish-Cache-Hits
X-Cache-Category-Id
X-Origin-Response-Time
X-CCM
X-RCS-CacheZone
X-S
X-TNCMS
X-Grey
X-Generated
X-LJ-Flow-ID
X-Site-Version
X-XRDS-LOCATION
X-Hit
X-Device-Type
X-VWS-Id
X-Loop
X-Section
Mail-Subject
X-Timing-Wait
Cteonnt-Length
Selected-FE
Release
X-Vgn-Hpd-Reason
X-Cache-Host
X-Proxy-Build
We-Hiring
X-Drupal-Cache-Contexts
X-VCT
X-Xfnlog-Site
X-Access
DB-Nickname
DSUID
X-Pubstack
X-GRACE
OT-Force-Account-Verify
X-NGENIX-Cache
X-Cache-Backend
X-EdgeConnect-Cache-Status
Nel
X-Tb
HitType
X-APP-VERSION
Cache-Name
X-Nginx-Cache
Ms-Operation-Id
X-RTag
Powered-By-ChinaCache
SRV
X-Mobile-URL
X-BACKEND-TTL
X-Hp-Webp
X-Generated-By
X-UnsetCookies
X-Source
Served-By
Rt-Fastcgi-Cache
X-Format
X-Seen-By
X-Cache-Grace
X-Ratelimit-Reset
X-NewRelic-App-Data
X-Time
X-Proxy
S-Cnection
X-Cache-Server
X-Birta-Cache-Post
X-Birta-Served
X-B3-Spanid
X-Cluster-Node
X-OVcl
X-Presslabs-Stats
X-OVcl-Cache
X-Time-Microsecs
X-Akamai-Transformed
X-Via-CDN
X-IP
Fastcgi-Useragent
Azure-SiteName
Azure-SlotName
Azure-Version
Azure-RegionName
Azure-InstanceId
X-Geo
Webcakes-App-Name
TWC-GeoIP-LatLong
X-FW-Version
TWC-Locale-Group
Property-Id
TWC-Device-Class
X-App-Version
X-Origin-Hint
TWC-Connection-Speed
Webcakes-App-Version
Webcakes-Region
Access-Control-Request-Headers
TWC-GeoIP-Country
X-PERF
X-ApacheServer
TWC-Privacy
S-Rt
Hostname
X-SS-Set-Cookie
X-Origin
X-B3-Parentspanid
X-Request-Time
Decoy-Debug-Key
Decoy-Debug-Status
X-Origin-CC
NGB
Decoy-Debug-TTL
X-ShopId
X-Alternate-Cache-Key
X-Endurance-Cache-Level
X-AssetVersion
X-ShardId
X-Shopify-Stage
X-Origin-TTL
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-Cdn-Forward
Origin
Proxy-Connection
User-Cache-Control
Ec-Rule-Version
Thinkindot-CacheControl
Web-Mar-Node
Apple-News-Services-Parsed-Url
VivaBuild
Thinkindot-CacheControl-Type
Www
Apple-News-Services-Request-Url
Thinkindot-Control
Viewtype
X-A-Dam
X-Aed
X-Application
X-ARC
X-Accel-Expires-Debug
X-A-Wwc
X-A-Ccd
X-A-Dcw
X-A-Dgt
X-A
Rt-Proxy-Cache
Content-Style-Type
Content-Script-Type
Cache-Prefix
Cache-Cookie-Set-Lfrom
Cross-Origin-Window-Policy
MD5-Digest
Fly-Request-Id
Fly-Cache
IsBot
X-B-Cookie
Cache-Cookie-Set-Idcheck
Rendered-Blocks
Arc-Country
FNAC-ModuleRouting
Node
AsisCache
Cache-Cookie-Set-From
BehaviorPad-Version
Meta-Geo-Continent
Server-Int
X-Cdn-Origin
X-ServiceProvider
X-Server-Time
X-SIPLIST1
X-Sn-Servicetimems
X-SRCache-Key
X-Served-From
X-ScT
X-Request-UUID
X-Region-Sid
X-Rewrite-Enabled
X-Rojux
X-S-Cookie
X-Swa-Ws
X-Thinkindot-L3
X-Vtex-Processado-Em
X-Via-SSL
X-Vtex-Remote-Cache
X-Worker
Xc-Version
X-Via-NSCOPI
X-Via-Edge
X-Trv-Group
X-Transaction
X-Twitter-Response-Tags
X-VC-Cache
X-VG-WebServer
X-Processor
X-Phone
X-Core-Value
X-Core-Mission
X-D
X-Date
X-Developer
X-Connection-Hash
X-CF-Lambda-Version
X-Cache-Bucket
X-Block-Status
X-Cache-Info
Apple-News-Services-Host
X-CF-Lambda-Fn
X-DPWN-IS-SECURE
X-External-Request-Id
X-ND-Cache
X-Matched-Rule
X-NU-AKA-ACS-Version
X-Org
X-PAYTM-SRV-ID
X-Irp-Debug
X-Instart-Info
X-Gen-Mode
X-G
X-Hnp-Log
X-IN-APIGATEWAY
X-IN-WAF
X-BBXSRF
X-Destination
Apple-News-Services-Handled
IBM-Web2-Location
Cache-Hits
Version
AKAMAI
X-WPE-Loopback-Upstream-Addr
WZWS-RAY
X-Ruxit-Js-Agent
X-Varnish-Cacheable
X-Microcachable
X-ElasticPress-Search
X-Level-Front-Cache
X-Key
X-No-Session
X-NX-Host
X-Nginx-Cache-Key
Server-Host
ServerName
RNT-Machine
X-Bip
Request-EU
Request-Country
X-Origin-Date
REQUESTUUID
X-Origin-Expires
True-Client-Country-4JS
X-Owner
RNT-Time
X-Hash
X-App-Name
X-Cms-Context
X-Debug-Cookies
X-Debug-Log
X-Cdn-Srv
X-Cache-Id
X-Cache-Debug
X-Cache-Expires
X-Cache-FS-Status
X-Amz-Meta-Cache-Control
X-Distil-CS
X-GeoIP-City
Pramga
X-Instart-Isnd
V-Age
X-Geo-Header
X-Generated-On
X-Distributor
X-Fetched-On
X-Gannett-Site-Version
UCS
Request-Time
Fastly-Soc-X-Request-Id
Fastly-SIE
X-Status
Esi-Enabled
Fastly-SSL
X-Page-Type
X-Secret
X-Server-IP
X-Sf
X-Thanos
Country-Code
X-Wikidot-Static-Cache
Backend
X-Cluster-Name
X-Fastly-Cache
X-Wikidot-Backend
X-Webstats-RespID
X-Var-Ttl
Content-Disposition
CDCHOST
X-S-Maxage
Fastly-SWR
X-Qloud-Router
Memcached
X-Rebelmouse-Cache-Control
Gh-Request-Id
X-Reboot
X-Protected-By
X-Planisys-CDN-TTL
X-PHP-Host
On-Server
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Info
X-Rebelmouse-Surrogate-Control
X-Request-URI
X-Release
X-Reqid
X-FireWall-Port
X-Skip-Cache
X-SN
X-GeoIP-Country-Code
X-CGP
Heartbleed
X-C
X-Eu-Site
X-Li-Fabric
X-Li-Pop
X-WebServer
X-Crawler
X-Device-Os
X-Dispatcher-Server
X-Location
X-TH-Server
X-Developers
X-Generation-Time
X-Refresh
X-LI-UUID
X-Variation
X-Epic-Correlation-Id
X-UA
Wxu-Next-Hostname
Wxu-Next-Commit
Resin-Trace
ProcessTime
Adler-Geo
Wxu-Next-Region
X-Agile
X-Agile-Age
X-Agile-Id
Backend-Name
Platform
SD-X-WS
HTTPS
Ha-Gx-Prefs
HA-Ipaddr
X-Backend-State
Is-Eu
X-Auto-Login
Fastcgi-X-Cache-Version
X-Nc
GEO-REGION-INFO
X-LAGOON
X-Varnish-Action
Server-ID
X-TIME
X-CACHE-GROUP
Epwk-Cache
X-CDN-Cache
X-Policy
X-Load-Cache
Memory
X-HS-Combine-CSS
X-NC
X-LI-Proto
X-FPC
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
Time
X-IPS-LoggedIn
Who
X-HS-Cache-Config
X-Servername
X-Dc
X-Micro-Cache
X-Internal-Host
CF-IPCountry
X-Real-Ip
Group
NtCoent-Length
Mime-Version
Cdn
X-DC
X-AIR-PT
X-Gdpr
Amp-Access-Control-Allow-Source-Origin
X-Parent-Response-Time
Cache-Provider
X-Be
X-ZONE
X-CLOUD-TRACE-CONTEXT
Mobile-Detection-Method
X-Wix-Request-Id
HostName
X-CACHE-KEY
SS
X-NWS-UUID-VERIFY
X-Logtrace-Id
X-We-Are-Hiring
Countrycode
X-Tb-Optimization-Total-Bytes-Saved
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-GEO
X-Apm-Svc-Key
X-Apm-Inst-Hash
X-Apm-App-Name
Ajk
X-Clientip
Akamai-GRN
AR-SID
X-CDN-Forward
X-Datadome
X-Servedbyhost
MIME-Version
X-Edge-Location
X-Cache-URL
GW-Server
Fastcgi-X-Cache
X-UPSTREAM-Address
X-APP
RequestId
X-Varnish-Beresp-Ttl
X-Unique-ID
X-Ratelimit-Remaining
Geoip-City
X-Zone
PICS-Label
GeoIp-Country-Code
Geoip-Latitude
X-Dynatrace-Js-Agent
X-NodeID
X-VCL-Version
A
X-Newrelic-App-Data
CF-Cached-On
Cf-Ipcountry
LB
X-SD-PageType
X-Varnish-Beresp-TTL
X-Amzn-Remapped-Date
X-Amzn-Remapped-Connection
X-Server-Group
Liferay-Portal
Ohc-Cache-HIT
Ohc-File-Size
X-SERVER-NAME
X-Response-By
SN
X-Vcl-Version
WebServer
X-B3-SpanId
X-Pjax-Url
GeoIP-City
X-Fastly-Country-Code
X-HS-Status
CDN
GeoIP-Country-Code
GeoIP-Latitude
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-LiteSpeed-Cache-Control
X-Up
X-Cache-Ttl
X-Aicache-OS
X-Pf-Uncompressing
X-Lb-Id
X-Newrelic-Synthetics
X-RequestId
X-Fastly-Backend-Reqs
X-Web-Server
Get-Access-Time
Is-Session-Tracking
X-Hyper-Cache
X-ECACHE
XServer
Requestid
X-Server-W
Proxy-Firewall
X-Fstrz
Odigeo-Trace-Id
X-CSRF-TOKEN
X-Amzn-Remapped-Content-Length
X-Check-Cacheable
X-Akamai-Request-ID2
X-FORWARDED-FOR
X-Backend-TTL
X-Ratelimit-Limit
X-Varnish-Authentication
Accept-Language
X-Wa
X-Contensis-Viewer-Groups
X-Backend-Host
X-ServedByHost
X-Cache-ASPX
X-Backend-Url
Server-Cache-Control
X-MSEdge-Flight
Server-Surrogate-Control
X-Request-Start
X-MSEdge-Features
X-SRV
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-Oss-Request-Id
X-Oss-Storage-Class
X-Debug-Cache-Expiry
X-COUNTRY
X-Oss-Server-Time
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Gateway-Cache-Status
X-Gateway-Cache-Key
X-Gateway-Skip-Cache
X-User
X-F5-Cache
X-LB-ID
Section-Io-Cache
X-Nananana
X-WA
X-Dispatch
X-Generated-In
X-Method
X-Correlation-ID
Cdn-Request-Time
X-PF-Uncompressing
X-Edge-Server
PFcat
Cdn-Host
188prxHost
X-Urbn-Site-Id
189phosttRef
X-Cache-Miss-From
225prxHost
X-Urbn-Context-Path
Pagetype
X-Sedo-Request-Id
Locale
178proxuri
X-MServer
286prxHost
219prxHost
409pxxline
352pxline
Xxline
355prline
X-WR-MODIFICATION
X-CS
Sid
X-ABtesting
X-Hello
X-Flog
X-Exp-Se
X-VServer
X-Platform
Lfy
Warning
X-EC-Lua
Correlation-Id
X-Got-Non-Ke-Cookie
Dnion-Transfer-Encoding
X-PJAX-URL
TTL
Lb
Host-ID
X-LiteSpeed-Tag
X-Svr
X-ServerName
Powered-By
Pragrma
X-Dw-Trace-Id
X-NGINX-Cache
CACHE
X-Compress-Hint
Kp-EeAlive
X-Li-Proto
X-Html-Edge-Cache
Pics-Label
X-Requestid
X-Bc
X-BC
X-Azure-Ref-OriginShield
X-CUA
X-Azure-Ref
X-HTML-Minification-Powered-By
X-Cdn-Cache
X-Fpc
X-TrackingId
X-Fastly-Cache-Hits
X-HTML-Edge-Cache
X-Swift-Error
Cneonction
WP-Super-Cache
Https
X-Proxy-Upstream
X-Clara-WADP
X-Bug-Bounty
X-BB-ID
X-TT-LOGID
X-Proxy-Cache-Status
X-Powered-By-Defense
X-WADP-Cache
Ttl
X-CSRF-Token
X-Request-Url
X-Test
X-Unique-Id
X-Akamai-SSL-Client-Sid
Ohc-Response-Time
X-Cache-Detail
Server-Id
X-From-Cache
X-App
X-Alicdn-Da-Ups-Status
X-Gen-Id
FSS-Proxy
X-Edge-IP
V-Cache
Fastly-Backend-Name
X-Sucuri-Cache
N-Cache
FSS-Cache
Magicmarker
X-Varnish-Url
X-Via-Ucdn
X-Cache-Tag
X-Sucuri-ID
X-GDPR
URI