Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Pragma
X-Powered-By
CF-RAY
Link
X-XSS-Protection
ETag
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-Cache-Hits
X-Amz-Cf-Pop
X-UA-Compatible
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
CF-Cache-Status
X-Request-Id
X-Timer
Access-Control-Allow-Headers
X-FRAME-OPTIONS
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
Alt-Svc
X-Check
X-Cacheable
X-Generator
Content-Security-Policy-Report-Only
X-Xss-Protection
X-Cache-Status
X-Permitted-Cross-Domain-Policies
X-AspNetMvc-Version
X-Ua-Compatible
Status
P3p
Timing-Allow-Origin
X-Template
Content-Encoding
X-Language
X-Content-Security-Policy
X-Iinfo
X-DNS-Prefetch-Control
X-Request-ID
Upgrade
X-Buckets
Xkey
X-CDN
X-Kinja-Server-Push
X-Turbo-Charged-By
X-Via
Access-Control-Expose-Headers
Keep-Alive
Access-Control-Max-Age
X-AH-Environment
X-Pass-Why
X-Drupal-Dynamic-Cache
CF-Ray
X-Cache-Group
X-Age
X-Backend
X-Server
X-Amz-Request-Id
X-Amz-Id-2
X-Robots-Tag
X-Page-Speed
X-Pingback
X-Envoy-Upstream-Service-Time
X-Hacker
X-Server-Powered-By
X-Varnish-Cache
X-Nginx-Cache-Status
EagleId
X-Proxy-Cache
Grace
X-UA-Device
Request-Context
Cf-Railgun
WPE-Backend
X-Swift-CacheTime
X-Swift-SaveTime
X-Amz-Version-Id
Ali-Swift-Global-Savetime
X-LiteSpeed-Cache
X-Device
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-WebKit-CSP
X-OneAgent-JS-Injection
X-Server-Id
Feature-Policy
X-Node
X-Ac
Content-Location
X-Rq
X-Dns-Prefetch-Control
X-Host
EagleEye-TraceId
X-Cnection
Allow
Server-Timing
X-Backend-Server
Report-To
X-Response-Time
X-Cache-Lookup
X-Application-Context
Request-Id
Surrogate-Control
X-Origin-Cache
X-Readtime
X-Cloud-Trace-Context
X-ORACLE-DMS-ECID
Pinterest-Generated-By
X-CST
NEL
X-Rack-Cache
X-FTR-Request-ID
X-Vhost
X-Ruxit-JS-Agent
X-HW
X-Clacks-Overhead
X-Country
X-Country-Code
X-DynaTrace
Rating
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Instart-Request-ID
X-Goog-Hash
X-Url
X-Dispatcher
X-Mod-Pagespeed
X-Origin-Upstream-Status
X-DataDome
Edge-Control
X-Px
X-VARITI-CCR
Accept-CH
X-TtlSet
X-PC
X-Vname
Service-Worker-Allowed
X-MS-InvokeApp
Verso
X-Server-Name
X-Varnish-TTL
X-Kinja-Revision
X-Kinja-Build
X-Exp-Id
X-Cdn-Fetch
X-Kinja-Server
X-Exp-Variant
X-GoogleNews-Bot
X-Kinja
X-DataStream-Cache-Status
X-Use-Magma
X-Powered-By-Plesk
X-Recruiting
AR-CACHE
AR-ATIME
AR-PoweredBy
X-Vcap-Request-Id
SPRequestGuid
X-GitHub-Request-Id
X-ESI
X-D2id
MS-Author-Via
X-ORACLE-DMS-RID
X-Amz-Server-Side-Encryption
AR-Request-ID
Content-MD5
Public-Key-Pins
X-Version
X-Abt-Application-Version
X-Cached
RTSS
Arc-Version
PB-RID
X-Mobile-Rewrite
PB-PID
Nginx-Cache
X-SharePointHealthScore
X-DynaTrace-JS-Agent
X-Sol
Response
X-Middleton-Display
X-Middleton-Response
Display
Pinterest-Version
Ar-Sid
X-Pinterest-Rid
X-Upstream-Proxy
X-Navigation-Version
DynaTrace
X-Amz-Rid
Charset
X-Ttl
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-XRDS-Location
Realpath
ServerID
X-Akam-SW-Version
X-Powered-CMS
X-Oracle-Dms-Rid
X-Client-IP
X-Forwarded-Proto
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-FTR-Backend
X-FTR-Realm
X-FTR-DC
X-FTR-Cache-Status
X-FTR-Balancer
X-FTR-Backend-Server
X-Country-Code-Real
X-B3-TraceId
Fusion-Content-Id
Fusion-Component-Id
Fusion-Content-Source
Fusion-Source
Fusion-Template-Id
X-FTR-Expires
TCN
X-Shield-Request-Id
X-Trace
X-VCache
X-Goog-Storage-Class
X-Amz-Meta-S3cmd-Attrs
X-Cdn
X-Ser
X-Debug
X-Dw-Request-Base-Id
SPRequestDuration
SPIisLatency
X-Id
X-RateLimit-Remaining
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
Alternate-Protocol
X-Fastly-Request-ID
X-FTR-Cache-Host
X-TTL
Paypal-Debug-Id
X-Varnish-Age
X-Shard
S
X-Upstream
X-Hits
Fastcgi-Cache
X-Acc-Meta-Resource-Type
X-T
X-MSEdge-Ref
Host
X-Litespeed-Cache
X-Server-ID
X-Ezoic-Cdn
X-NF-Request-ID
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
X-B3-TraceId-Primal
Mrf-Cache-Status
MRF-Tech
MicrosoftSharePointTeamServices
X-Logged-In
Front-End-Https
X-Content-Digest
X-Frontend
Access-Control-Request-Method
Arr-Disable-Session-Affinity
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
X-N
X-DIS-Request-ID
X-HS-Hub-Id
X-HS-Content-Id
Server-Name
X-Amzn-Trace-Id
X-Fastcgi-Cache
X-Kinsta-Cache
X-Webkit-Csp
Accept-CH-Lifetime
X-IPLB-Instance
X-Pad
X-Forwarded-For
X-B3-Sampled
X-Srv
Tracecode
X-Grace
X-Content-Type
X-Microsite
X-Request-Handler-Origin-Region
FilterID
X-Accel-Expires
Pagespeed
TP-L2-Cache
X-AOL-HN
X-Debug-Info
X-Rid
TP-Cache
Surrogate-Key
X-Type
X-LB-Cache
Edge-Cache-Tag
X-Node-Name
X-Request-Received
X-Request-Processing-Time
X-Via-JSL
X-Analytics
Backend-Timing
AMP-Access-Control-Allow-Source-Origin
X-Hostname
X-Page-Id
X-RateLimit-Limit
Accept-Charset
X-Iejgwucgyu
X-Revision
X-Whom
X-Content-Options
Healthy
X-Varnish-Backend
X-Cache-Rule
X-GUploader-UploadID
X-FastCGI-Cache
X-User-Agent
X-Content-Powered-By
X-Cache-2
X-Content-Security-Policy-Report-Only
X-Cache-Age
Host-Header
X-Amz-Replication-Status
X-Mobile
X-TT
X-NWS-LOG-UUID
X-Framework
X-Cached-By
X-Varnish-Hostname
X-Correlation-Id
X-Cache-Control
X-PHP-Backend
X-FB-Debug
Powered
X-Tumblr-Pixel-0
X-Cluster
VIX-Pulpo-Node
X-Tumblr-User
X-Tumblr-Pixel
VIX-Pulpo-Upstream-Status
Source
X-Request-Guid
X-App-Environment
Upgrade-Insecure-Requests
X-BCube-Filmed-By
X-Varnish-Grace
X-Instance
X-Akamai-Edgescape
Cache-Status
Accept-Ch-Lifetime
Fastly-Restarts
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Cache-Hit
Cleartype
X-Activity-Id
X-B3-Traceid
X-AppVersion
X-Az
Access-Control-Allow-Method
X-Drupal-Cache-Tags
Server-Info
X-Jobs
Retry-After
X-Zen-Fury
X-Cache-Remote
X-Cache-Key
X-Cache-TTL
X-Platform-Server
PageSpeed
X-ATG-Version
X-FW-Hash
X-CF-Powered-By
X-FW-Type
X-FW-Static
X-FW-Server
X-FW-Serve
Actual-Object-TTL
X-Cache-Action
X-Forwarded-Host
X-Real-IP
X-Oneagent-Js-Injection
X-Esi
X-Geo-Country
Cache-Tags
Cache
Server-Node
X-Cache-Operation
Payment
X-WebKit-CSP-Report-Only
X-Response-Served-From
X-Adobe-Loc
X-F-Cache
X-ProcessESI
X-Adobe-Content
X-RemovedCookies
X-TX-ID
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Varnish-Hits
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-TT-TIMESTAMP
X-Content-Age
X-Storage
Eomportal-Instance
X-Cacheable-TTL
X-Webkit-CSP
X-UA-Device-Type
X-VG-WebCache
X-Handled-By
Filters
X-URL
Cache-Tv-Group
X-GeoIP
X-RequestSource
X-B
X-Cache-NE
X-Vcache
MS-CV
DC
X-Guploader-Uploadid
Refresh
X-PressLabs-Stats
X-Daa-Tunnel
X-Redis-Cache
Cache-Tag
From-Origin
X-Git-Hash
Frame-Options
X-Kong-Proxy-Latency
X-TA-CDN-Provider
X-Kong-Upstream-Latency
X-Accel-Buffering
Viewport
X-Host-Name
X-Origin-Server
Webserver
X-WA-Info
X-UUID
X-App-Server
X-Rendered-As
Datacenter
Xserver
X-Contextid
X-Mode
X-Magnolia-Registration
X-Cache-TTL-Remaining
X-FW-Dynamic
Country
X-FB-TRIP-ID
X-Varnish-Server
X-Locale
X-Cache-Enabled
X-Ua
X-Hl-Ver
X-Cache-Var-Map
X-ES-SERVER
X-Signature
GEO-INFO
X-Cache-Var
X-From
X-Routing-Service
X-Proxied
X-Trace-Id
X-RN-RSRV
X-Www-Served-By
X-Zipkin-Id
Load-Balancing
Meta-Geo
Machine
X-B-Cache
X-Rule
X-Path-Route
X-Upstream-HT
X-Upstream-CT
X-Viewer-Country
NGX
X-ServerID
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Web-Node
Cache-Key
ServedBy
X-BYPASS-REASON
X-ProxyCache-Key
X-ProxyCache-Status
X-Region
X-Rocket-Nginx-Bypass
X-NCache
X-Cache-Config
X-Backend-Name
X-Debug-Cache
Origin-Cache-Control
X-Hosted-By
L5d-Success-Class
X-Proto
Now
X-Human
X-Environment-Context
Mn-Server-Ip
X-FC-Vary-Parameters
X-Labrador-Cache-Channel
X-Cache-Host
X-OCL
Uber-Trace-Id
X-PCL
Vix-Hermes-Req-Id
X-Upgrade-Enabled
X-R9-Blue-Green-Version
X-JoinUs
X-L-Path
Origin-Edge-Control
X-EIG-Tracking-Id
X-VG-TLSProxy
X-CCM
X-Device-Type
X-Akamai-Request-ID
X-Vgn-Hpd-Reason
X-AWS-Id
X-Detected-As
X-Cache-Category-Id
X-EdgeConnect-Cache-Status
X-Site-Version
X-Via-Fastly
X-Generated
X-Ratelimit-Reset
X-Pubstack
X-NGENIX-Cache
X-VWS-Id
X-XRDS-LOCATION
X-TNCMS
X-Tumblr-Pixel-3
X-S
X-RCS-CacheZone
X-LJ-Flow-ID
X-Loop
X-Is-Bot
X-Grey
X-Hit
Cteonnt-Length
X-MP-GENERATED-AT
X-Varnish-Cache-Hits
X-Varnish-IP
X-Origin-Response-Time
X-VCT
X-Timing-Wait
X-Access
X-Section
X-Proxy-Build
We-Hiring
X-Xfnlog-Site
Selected-FE
X-Cache-Backend
Release
DB-Nickname
Mail-Subject
DSUID
OT-Force-Account-Verify
Powered-By-ChinaCache
Nel
X-Drupal-Cache-Contexts
X-Hp-Webp
Cache-Name
X-Mobile-URL
X-APP-VERSION
X-BACKEND-TTL
X-Tb
HitType
X-Nginx-Cache
Rt-Fastcgi-Cache
X-Seen-By
X-Ruxit-Js-Agent
X-Source
S-Cnection
X-Cache-Grace
SRV
Served-By
Ms-Operation-Id
X-UnsetCookies
X-RTag
X-B3-Spanid
X-Generated-By
X-NewRelic-App-Data
X-Format
X-Time
Fastcgi-Useragent
X-Birta-Cache-Post
X-Proxy
X-Cluster-Node
X-Birta-Served
Hostname
X-GRACE
X-Presslabs-Stats
X-Cache-Server
X-OVcl
X-OVcl-Cache
X-Geo
X-ApacheServer
X-PERF
X-Akamai-Transformed
X-Time-Microsecs
X-App-Version
X-IP
Azure-RegionName
Azure-InstanceId
Azure-SiteName
Azure-SlotName
Azure-Version
TWC-Device-Class
TWC-Connection-Speed
X-Microcachable
Property-Id
X-Origin-Hint
Webcakes-Region
Webcakes-App-Version
TWC-Privacy
TWC-Locale-Group
X-Via-CDN
TWC-GeoIP-Country
Webcakes-App-Name
TWC-GeoIP-LatLong
X-FW-Version
Access-Control-Request-Headers
X-Shopify-Stage
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
Decoy-Debug-Status
X-B3-Parentspanid
Decoy-Debug-TTL
Decoy-Debug-Key
X-ShardId
X-Cdn-Forward
S-Rt
X-Origin
X-Status
X-Endurance-Cache-Level
X-ShopId
X-Alternate-Cache-Key
IBM-Web2-Location
Origin
X-Request-Time
X-Origin-TTL
X-Origin-CC
Proxy-Connection
Ec-Rule-Version
Fastcgi-X-Cache-Version
X-Thinkindot-L3
Arc-Country
Xc-Version
Www
Viewtype
User-Cache-Control
X-A
VivaBuild
Web-Mar-Node
X-Transaction
Apple-News-Services-Parsed-Url
X-A-Dgt
Apple-News-Services-Host
Apple-News-Services-Request-Url
X-A-Dcw
X-SS-Set-Cookie
Thinkindot-Control
X-A-Dam
X-A-Ccd
Thinkindot-CacheControl
Rendered-Blocks
Fly-Cache
Cross-Origin-Window-Policy
Content-Style-Type
Node
NGB
IsBot
MD5-Digest
Meta-Geo-Continent
X-Worker
Content-Script-Type
Rt-Proxy-Cache
Server-Int
AsisCache
Fly-Request-Id
BehaviorPad-Version
Cache-Cookie-Set-From
Cache-Prefix
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
Thinkindot-CacheControl-Type
X-Vtex-Remote-Cache
X-VG-WebServer
X-Vtex-Processado-Em
X-IN-WAF
X-Instart-Info
X-Server-Time
X-Irp-Debug
X-ServiceProvider
X-SIPLIST1
X-Twitter-Response-Tags
X-Geo-Header
X-Hnp-Log
X-IN-APIGATEWAY
Apple-News-Services-Handled
X-Served-From
X-Matched-Rule
X-S-Cookie
X-Processor
X-Region-Sid
X-Rojux
X-Request-UUID
X-Rewrite-Enabled
X-Phone
X-ScT
X-No-Session
X-ND-Cache
X-NU-AKA-ACS-Version
X-Org
X-PAYTM-SRV-ID
X-Gen-Mode
X-G
X-Cache-Bucket
X-Block-Status
X-Cache-Info
X-Cdn-Origin
X-SRCache-Key
X-CF-Lambda-Fn
X-BBXSRF
X-ARC
X-Via-NSCOPI
X-Accel-Expires-Debug
X-Trv-Group
X-Aed
X-Application
X-CF-Lambda-Version
X-Swa-Ws
X-DPWN-IS-SECURE
X-Developer
X-External-Request-Id
X-Fastly-Cache
X-Sn-Servicetimems
X-Destination
X-Date
X-Connection-Hash
X-Cluster-Name
X-Core-Mission
X-Core-Value
X-D
X-A-Wwc
X-B-Cookie
X-Info
Fastly-SSL
WZWS-RAY
X-Nc
X-ElasticPress-Search
X-Nginx-Cache-Key
AKAMAI
Server-Host
RNT-Time
X-Key
X-Instart-Isnd
X-Level-Front-Cache
ServerName
Resin-Trace
X-Origin-Expires
X-Owner
Pramga
X-Page-Type
Request-Country
Request-Time
X-Hash
X-NX-Host
X-Origin-Date
RNT-Machine
True-Client-Country-4JS
X-Cache-FS-Status
X-Cache-Id
X-Amz-Meta-Cache-Control
X-Cdn-Srv
X-Cache-Expires
X-Cache-Debug
X-App-Name
X-Bip
X-C
X-Debug-Cookies
X-Debug-Log
X-Generation-Time
V-Age
UCS
X-Generated-On
X-Gannett-Site-Version
X-Distil-CS
X-Distributor
X-Fetched-On
X-PHP-Host
Request-EU
X-Wikidot-Backend
X-Webstats-RespID
Fastly-SWR
X-Server-IP
X-Secret
Backend
X-S-Maxage
X-Via-Edge
X-Planisys-CDN-Cache
Fastly-SIE
X-Varnish-Cacheable
CDCHOST
X-VC-Cache
Country-Code
X-Via-SSL
Esi-Enabled
X-Thanos
X-Wikidot-Static-Cache
Gh-Request-Id
Memcached
X-Qloud-Router
GEO-REGION-INFO
X-Protected-By
X-Planisys-CDN-TTL
On-Server
X-Planisys-CDN-Rules
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Varnish-Action
X-Release
X-Reqid
X-Request-URI
X-Reboot
Backend-Name
X-FireWall-Port
X-Crawler
X-Cms-Context
X-CGP
X-WebServer
X-Backend-State
X-CDN-Cache
Epwk-Cache
Version
X-TH-Server
X-Li-Pop
X-Li-Fabric
X-Skip-Cache
X-LI-UUID
X-Location
X-Auto-Login
X-Refresh
X-GeoIP-Country-Code
X-SN
X-Dispatcher-Server
X-Device-Os
X-Epic-Correlation-Id
X-Eu-Site
X-GeoIP-City
X-Variation
X-Developers
X-UA
REQUESTUUID
ProcessTime
Platform
X-Agile-Age
SD-X-WS
Wxu-Next-Commit
X-Agile
Wxu-Next-Region
X-Agile-Id
Wxu-Next-Hostname
HTTPS
Is-Eu
Content-Disposition
Adler-Geo
Fastly-Soc-X-Request-Id
Ha-Gx-Prefs
HA-Ipaddr
Heartbleed
X-AssetVersion
X-HS-Combine-CSS
Server-ID
X-HS-Cache-Config
Who
Cache-Hits
X-LAGOON
FNAC-ModuleRouting
X-CACHE-GROUP
X-TIME
X-WPE-Loopback-Upstream-Addr
X-Sf
X-Var-Ttl
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Dc
Amp-Access-Control-Allow-Source-Origin
Group
X-Load-Cache
X-FPC
Mime-Version
X-IPS-LoggedIn
Memory
X-LI-Proto
Time
X-Policy
X-AIR-PT
X-NC
X-Real-Ip
Mobile-Detection-Method
X-Servername
X-Internal-Host
X-Parent-Response-Time
X-Wix-Request-Id
Cdn
SS
NtCoent-Length
Akamai-GRN
Cache-Provider
X-Micro-Cache
CF-IPCountry
X-GEO
X-Clientip
X-Edge-Location
X-DC
Countrycode
X-CLOUD-TRACE-CONTEXT
X-We-Are-Hiring
X-Tb-Optimization-Total-Bytes-Saved
X-Gdpr
X-Be
X-NWS-UUID-VERIFY
X-ZONE
X-CACHE-KEY
GW-Server
Fastcgi-X-Cache
AR-SID
X-CDN-Forward
X-Datadome
X-Unique-ID
X-Cache-URL
X-Varnish-Beresp-Ttl
RequestId
A
X-Logtrace-Id
X-RateLimit-Limit-Second
Ajk
X-Apm-Svc-Key
X-Servedbyhost
X-Apm-App-Name
X-Apm-Inst-Hash
X-RateLimit-Remaining-Second
HostName
X-Zone
Geoip-Latitude
Geoip-City
CF-Cached-On
X-SD-PageType
GeoIp-Country-Code
Cf-Ipcountry
Ohc-Cache-HIT
Ohc-File-Size
X-Ratelimit-Remaining
X-Response-By
X-Dynatrace-Js-Agent
SN
MIME-Version
X-APP
PICS-Label
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-Vcl-Version
X-VCL-Version
X-UPSTREAM-Address
Liferay-Portal
X-Web-Server
X-ECACHE
X-NodeID
X-SERVER-NAME
WebServer
X-Aicache-OS
X-LiteSpeed-Cache-Control
X-Server-Group
X-Varnish-Beresp-TTL
LB
X-HS-Status
CDN
Odigeo-Trace-Id
Proxy-Firewall
X-Amzn-Remapped-Date
X-Fstrz
X-Hyper-Cache
X-Pf-Uncompressing
X-Fastly-Country-Code
X-Amzn-Remapped-Connection
X-Newrelic-App-Data
GeoIP-Latitude
X-Lb-Id
GeoIP-Country-Code
X-Cache-Ttl
X-B3-SpanId
GeoIP-City
X-Request-Start
X-Newrelic-Synthetics
Is-Session-Tracking
Get-Access-Time
X-Pjax-Url
X-ServedByHost
XServer
Section-Io-Cache
X-Ratelimit-Limit
X-FORWARDED-FOR
Requestid
X-Up
X-MServer
X-RequestId
X-Dispatch
X-Method
X-Fastly-Backend-Reqs
X-Check-Cacheable
X-SRV
X-COUNTRY
X-Server-W
X-CSRF-TOKEN
PFcat
Cdn-Host
Cdn-Request-Time
X-Amzn-Remapped-Content-Length
X-Edge-Server
Accept-Ch
X-WA
X-Oss-Storage-Class
X-Wa
Server-Cache-Control
X-Cache-ASPX
X-Backend-TTL
X-Backend-Url
X-Backend-Host
X-VServer
X-PF-Uncompressing
X-Oss-Request-Id
X-Oss-Server-Time
Server-Surrogate-Control
X-Varnish-Authentication
X-MSEdge-Features
X-Contensis-Viewer-Groups
X-Oss-Object-Type
X-MSEdge-Flight
X-Oss-Hash-Crc64ecma
X-CS
X-Dynatrace
X-Akamai-Request-ID2
X-Nananana
X-Correlation-ID
Host-ID
X-User
X-Gateway-Cache-Key
X-Debug-Cache-Expiry
X-Gateway-Skip-Cache
Accept-Language
X-LB-ID
X-Debug-Cache-Fetch
X-F5-Cache
X-Gateway-Cache-Status
X-Debug-Cache-Store
X-LiteSpeed-Tag
Sid
X-Generated-In
X-Erf-Bev-Bev
Pragrma
X-Erf-Bev-Bev-Is-Generated
Powered-By
Lb
X-Compress-Hint
X-WR-MODIFICATION
Locale
X-ServerName
X-Cache-Miss-From
X-Azure-Ref-OriginShield
X-Request-Url
X-CUA
Correlation-Id
TTL
Pagetype
X-EC-Lua
X-Sedo-Request-Id
189phosttRef
355prline
Xxline
188prxHost
219prxHost
225prxHost
286prxHost
X-PJAX-URL
352pxline
178proxuri
X-HTML-Minification-Powered-By
X-Azure-Ref
X-Got-Non-Ke-Cookie
X-Powered-By-Defense
409pxxline
X-Urbn-Site-Id
X-Urbn-Context-Path
Dynatrace
X-Hello
X-Dw-Trace-Id
Cneonction
X-Exp-Se
X-ABtesting
X-Flog
CACHE
X-NGINX-Cache
X-BC
X-Svr
X-Bc
X-Fpc
X-Html-Edge-Cache
X-Li-Proto
L
W
Warning
X-Edge
X-Requestid
User-Agent
X-WADP-Cache
Lfy
X-HTML-Edge-Cache
X-Clara-WADP
X-Fastly-Cache-Hits
X-Platform
X-Swift-Error
Dnion-Transfer-Encoding
URI
X-Cache-Tag
Https
X-MID
Ttl
Kp-EeAlive
X-Unique-Id
X-CSRF-Token
WP-Super-Cache
X-Akamai-SSL-Client-Sid
Srv
X-MCACHE
FSS-Cache
FSS-Proxy
X-TrackingId
X-Mid
X-BE
X-Via-Ucdn
N-Cache
Magicmarker
Ohc-Response-Time
RequestUuid
X-Bug-Bounty
X-Alicdn-Da-Ups-Status
X-From-Cache
X-GDPR
X-Gen-Id
X-Sucuri-ID
X-Sucuri-Cache
Server-Id
Pics-Label
X-Cache-Detail
V-Cache
X-App