Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Pragma
X-Powered-By
CF-RAY
Link
X-XSS-Protection
ETag
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-UA-Compatible
Referrer-Policy
X-Served-By
X-Varnish
X-Request-Id
CF-Cache-Status
X-Timer
X-FRAME-OPTIONS
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
Alt-Svc
X-Check
X-Cacheable
X-Xss-Protection
X-Generator
Content-Security-Policy-Report-Only
X-Cache-Status
X-Permitted-Cross-Domain-Policies
X-Ua-Compatible
X-AspNetMvc-Version
P3p
Status
Timing-Allow-Origin
X-Template
Content-Encoding
X-Language
X-DNS-Prefetch-Control
X-Content-Security-Policy
X-Iinfo
Upgrade
X-Buckets
Xkey
X-CDN
X-Request-ID
X-Kinja-Server-Push
X-Turbo-Charged-By
X-Via
Access-Control-Expose-Headers
Keep-Alive
Access-Control-Max-Age
X-AH-Environment
CF-Ray
X-Pass-Why
X-Drupal-Dynamic-Cache
X-Cache-Group
X-Age
X-Backend
X-Server
X-Amz-Request-Id
X-Amz-Id-2
X-Robots-Tag
X-Page-Speed
X-Envoy-Upstream-Service-Time
X-Pingback
X-Hacker
X-Server-Powered-By
X-Varnish-Cache
X-Nginx-Cache-Status
EagleId
X-Proxy-Cache
Grace
X-UA-Device
Request-Context
Cf-Railgun
WPE-Backend
X-Amz-Version-Id
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-WebKit-CSP
X-LiteSpeed-Cache
X-Device
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-OneAgent-JS-Injection
X-Server-Id
Feature-Policy
X-Ac
X-Node
Content-Location
X-Rq
X-Host
EagleEye-TraceId
X-Cnection
Allow
Server-Timing
X-Backend-Server
Report-To
X-Response-Time
X-Cache-Lookup
X-Dns-Prefetch-Control
X-Application-Context
Request-Id
Surrogate-Control
X-Origin-Cache
X-Readtime
X-ORACLE-DMS-ECID
X-Cloud-Trace-Context
Pinterest-Generated-By
X-CST
NEL
X-Rack-Cache
X-Ruxit-JS-Agent
X-FTR-Request-ID
X-Vhost
X-HW
X-Clacks-Overhead
X-Country-Code
X-Country
X-DynaTrace
Rating
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Instart-Request-ID
X-Goog-Hash
X-Dispatcher
X-Origin-Upstream-Status
X-Mod-Pagespeed
X-Url
X-DataDome
Edge-Control
X-Px
X-VARITI-CCR
Accept-CH
X-TtlSet
X-PC
X-Vname
Service-Worker-Allowed
X-MS-InvokeApp
Verso
X-Server-Name
X-DataStream-Cache-Status
X-Varnish-TTL
X-Exp-Variant
X-Kinja
X-Kinja-Build
X-GoogleNews-Bot
X-Cdn-Fetch
X-Use-Magma
X-Kinja-Revision
X-Kinja-Server
X-Exp-Id
X-Powered-By-Plesk
X-Recruiting
AR-CACHE
AR-ATIME
AR-PoweredBy
SPRequestGuid
X-Vcap-Request-Id
X-GitHub-Request-Id
MS-Author-Via
X-D2id
X-ESI
X-Amz-Server-Side-Encryption
AR-Request-ID
Content-MD5
Public-Key-Pins
X-Version
X-ORACLE-DMS-RID
X-Abt-Application-Version
X-Cached
RTSS
PB-RID
X-Mobile-Rewrite
PB-PID
Arc-Version
X-SharePointHealthScore
Nginx-Cache
X-Middleton-Response
Display
Response
X-Middleton-Display
X-Sol
X-DynaTrace-JS-Agent
Pinterest-Version
X-Upstream-Proxy
X-Pinterest-Rid
Ar-Sid
DynaTrace
X-Navigation-Version
Charset
X-Amz-Rid
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Oracle-Dms-Rid
Realpath
ServerID
X-XRDS-Location
X-Ttl
X-Akam-SW-Version
X-Powered-CMS
X-Client-IP
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Forwarded-Proto
X-FTR-Realm
X-FTR-DC
Fusion-Component-Id
Fusion-Content-Id
Fusion-Content-Source
Fusion-Source
X-FTR-Backend
X-FTR-Backend-Server
X-FTR-Cache-Status
X-FTR-Balancer
X-Country-Code-Real
Fusion-Template-Id
X-Trace
X-Shield-Request-Id
X-FTR-Expires
TCN
X-B3-TraceId
X-VCache
X-Goog-Storage-Class
X-Amz-Meta-S3cmd-Attrs
X-Cdn
X-Ser
X-RateLimit-Remaining
X-Debug
SPRequestDuration
SPIisLatency
X-Dw-Request-Base-Id
X-Id
Alternate-Protocol
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TTL
X-Fastly-Request-ID
X-FTR-Cache-Host
Paypal-Debug-Id
X-Shard
X-Varnish-Age
X-Upstream
X-Server-ID
X-Litespeed-Cache
S
X-Hits
Fastcgi-Cache
X-T
X-MSEdge-Ref
X-Acc-Meta-Resource-Type
Host
X-Ezoic-Cdn
MicrosoftSharePointTeamServices
X-Mrf-Item-Lastmod
Mrf-Cache-Status
X-B3-TraceId-Primal
MRF-Tech
X-Mrf-Section-Lastmod
X-NF-Request-ID
X-Logged-In
Front-End-Https
X-DataStream-MidMile-RTT
X-Content-Digest
X-DataStream-Origin-MEX-Latency
X-Frontend
Access-Control-Request-Method
Arr-Disable-Session-Affinity
X-DIS-Request-ID
X-N
Server-Name
X-HS-Content-Id
X-HS-Hub-Id
X-Amzn-Trace-Id
X-Kinsta-Cache
X-Grace
X-IPLB-Instance
X-B3-Sampled
X-Pad
Accept-CH-Lifetime
X-Srv
Pagespeed
Tracecode
X-Microsite
X-Fastcgi-Cache
X-Request-Handler-Origin-Region
X-Content-Type
X-Forwarded-For
FilterID
X-Accel-Expires
Edge-Cache-Tag
AMP-Access-Control-Allow-Source-Origin
X-AOL-HN
X-Rid
Surrogate-Key
X-Type
X-Debug-Info
X-LB-Cache
TP-Cache
TP-L2-Cache
X-Node-Name
X-Request-Processing-Time
X-Request-Received
X-Via-JSL
Backend-Timing
X-Analytics
X-FastCGI-Cache
X-Hostname
X-RateLimit-Limit
X-Page-Id
Accept-Charset
X-Webkit-Csp
X-GUploader-UploadID
X-Revision
X-Whom
X-Content-Options
Healthy
X-Cache-Rule
X-NWS-LOG-UUID
X-Varnish-Backend
X-Content-Powered-By
X-Cache-2
X-Content-Security-Policy-Report-Only
Host-Header
X-User-Agent
X-Cache-Age
X-Framework
X-Amz-Replication-Status
X-TT
Accept-Ch-Lifetime
X-Varnish-Hostname
Powered
X-Mobile
X-PHP-Backend
X-Cached-By
X-Cache-Control
X-FB-Debug
VIX-Pulpo-Upstream-Status
X-Correlation-Id
Source
X-Tumblr-Pixel-0
X-Cluster
VIX-Pulpo-Node
Upgrade-Insecure-Requests
X-Request-Guid
X-Tumblr-Pixel
X-Tumblr-User
X-App-Environment
X-Akamai-Edgescape
X-BCube-Filmed-By
X-Instance
X-Iejgwucgyu
X-Varnish-Grace
Cache-Status
X-B3-Traceid
Fastly-Restarts
Cleartype
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Cache-Hit
Access-Control-Allow-Method
X-Activity-Id
X-Az
X-AppVersion
X-Jobs
Server-Info
X-Drupal-Cache-Tags
X-Zen-Fury
Retry-After
X-Cache-TTL
X-Platform-Server
X-Cache-Remote
X-Cache-Key
X-ATG-Version
X-CF-Powered-By
X-Oneagent-Js-Injection
Actual-Object-TTL
X-FW-Type
X-FW-Server
X-FW-Hash
X-Esi
X-FW-Static
X-FW-Serve
X-Cache-Action
X-Forwarded-Host
PageSpeed
X-Cache-Operation
Cache-Tags
X-Geo-Country
Payment
X-WebKit-CSP-Report-Only
X-URL
Server-Node
X-Response-Served-From
X-Adobe-Content
X-ProcessESI
X-RemovedCookies
X-Adobe-Loc
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-Storage
X-TT-TIMESTAMP
X-TX-ID
X-Varnish-Hits
X-Vcache
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Content-Age
Filters
X-F-Cache
Eomportal-Instance
X-VG-WebCache
X-Cacheable-TTL
X-Handled-By
X-RequestSource
X-B
Cache-Tv-Group
X-Cache-NE
X-UA-Device-Type
X-GeoIP
X-Real-IP
X-Daa-Tunnel
DC
Refresh
Cache
MS-CV
Cache-Tag
X-Redis-Cache
X-Git-Hash
X-Accel-Buffering
From-Origin
Frame-Options
X-Guploader-Uploadid
Viewport
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Host-Name
Webserver
X-PressLabs-Stats
X-App-Server
X-Origin-Server
X-UUID
Datacenter
X-Rendered-As
X-WA-Info
X-TA-CDN-Provider
X-Contextid
X-Magnolia-Registration
X-Mode
X-Cache-TTL-Remaining
X-FB-TRIP-ID
X-FW-Dynamic
X-Cache-Enabled
Country
X-Varnish-Server
X-Locale
Xserver
X-XRDS-LOCATION
X-Routing-Service
X-Rule
X-RN-RSRV
X-Cache-Var
X-ES-SERVER
X-Zipkin-Id
X-Upstream-HT
GEO-INFO
X-Path-Route
Machine
Load-Balancing
X-Www-Served-By
Meta-Geo
X-Upstream-CT
X-Trace-Id
X-From
X-Cache-Var-Map
X-Hl-Ver
X-Proxied
X-BYPASS-REASON
X-ProxyCache-Key
X-Goog-Meta-Goog-Reserved-File-Mtime
X-ProxyCache-Status
Cache-Key
X-Backend-Name
X-B-Cache
X-Viewer-Country
NGX
X-NCache
X-Web-Node
X-ServerID
X-Cache-Config
X-Rocket-Nginx-Bypass
X-APP-VERSION
ServedBy
X-Signature
X-Environment-Context
X-EIG-Tracking-Id
X-PCL
X-Human
Mn-Server-Ip
Now
Origin-Cache-Control
X-OCL
X-Hosted-By
X-Pubstack
X-FC-Vary-Parameters
X-L-Path
X-VG-TLSProxy
Uber-Trace-Id
X-JoinUs
X-R9-Blue-Green-Version
X-Labrador-Cache-Channel
L5d-Success-Class
X-Region
Origin-Edge-Control
X-Cache-Host
Vix-Hermes-Req-Id
X-Debug-Cache
X-Upgrade-Enabled
X-Proto
X-Vgn-Hpd-Reason
X-RCS-CacheZone
X-EdgeConnect-Cache-Status
X-S
X-Varnish-IP
X-Device-Type
X-Detected-As
X-CCM
X-LJ-Flow-ID
X-Loop
X-NGENIX-Cache
X-Is-Bot
X-Grey
X-Site-Version
X-Generated
X-VWS-Id
X-MP-GENERATED-AT
X-Tumblr-Pixel-3
X-Hit
X-TNCMS
X-Via-Fastly
X-Origin-Response-Time
X-Cache-Category-Id
X-Akamai-Request-ID
X-Cache-Backend
X-AWS-Id
X-Varnish-Cache-Hits
Cteonnt-Length
Release
DSUID
X-VCT
X-Timing-Wait
DB-Nickname
X-Access
X-Xfnlog-Site
X-Section
X-Proxy-Build
Selected-FE
Nel
Mail-Subject
We-Hiring
X-Ua
X-Ratelimit-Reset
X-BACKEND-TTL
OT-Force-Account-Verify
X-Hp-Webp
X-Mobile-URL
X-B3-Spanid
Cache-Name
Powered-By-ChinaCache
X-Drupal-Cache-Contexts
Rt-Fastcgi-Cache
X-NewRelic-App-Data
HitType
X-Tb
X-Webkit-CSP
X-Nginx-Cache
X-Seen-By
SRV
X-Cache-Grace
Served-By
X-Source
X-Presslabs-Stats
S-Cnection
Fastcgi-Useragent
X-Generated-By
X-UnsetCookies
Ms-Operation-Id
X-RTag
X-Format
Hostname
X-Birta-Served
X-Birta-Cache-Post
X-Cluster-Node
X-Proxy
X-Cache-Server
X-PERF
X-Microcachable
X-ApacheServer
X-Time
X-OVcl-Cache
X-OVcl
X-Time-Microsecs
X-Akamai-Transformed
Azure-InstanceId
Azure-RegionName
X-IP
Azure-Version
Azure-SlotName
Azure-SiteName
X-Via-CDN
X-Endurance-Cache-Level
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-Shopify-Stage
X-ShopId
Decoy-Debug-Key
Decoy-Debug-Status
X-ShardId
X-Alternate-Cache-Key
Decoy-Debug-TTL
X-Origin-Hint
Property-Id
TWC-GeoIP-Country
TWC-GeoIP-LatLong
TWC-Locale-Group
TWC-Device-Class
TWC-Connection-Speed
X-GRACE
X-Status
Access-Control-Request-Headers
TWC-Privacy
X-Geo
Webcakes-Region
X-FW-Version
Webcakes-App-Version
Webcakes-App-Name
Fastcgi-X-Cache-Version
X-B3-Parentspanid
S-Rt
X-Origin
X-UA
Origin
IBM-Web2-Location
X-Origin-TTL
X-Origin-CC
Ec-Rule-Version
WZWS-RAY
Proxy-Connection
X-Ruxit-Js-Agent
X-Request-Time
X-A-Dam
X-A-Dcw
X-A-Dgt
X-A-Wwc
Apple-News-Services-Parsed-Url
X-A-Ccd
VivaBuild
Web-Mar-Node
Www
X-A
X-Accel-Expires-Debug
Apple-News-Services-Host
X-BBXSRF
AsisCache
Arc-Country
X-Block-Status
X-B-Cookie
BehaviorPad-Version
X-Aed
Cache-Cookie-Set-From
X-Application
X-ARC
Viewtype
User-Cache-Control
Content-Script-Type
Cache-Prefix
X-Cache-Bucket
Meta-Geo-Continent
MD5-Digest
IsBot
Cross-Origin-Window-Policy
Fly-Cache
Fly-Request-Id
GEO-REGION-INFO
Cache-Cookie-Set-Lfrom
NGB
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
Cache-Cookie-Set-Idcheck
Thinkindot-Control
Server-Int
Rt-Proxy-Cache
Node
Apple-News-Services-Request-Url
Rendered-Blocks
Content-Style-Type
X-D
X-ServiceProvider
X-Server-Time
X-SIPLIST1
X-Sn-Servicetimems
X-SRCache-Key
X-Served-From
X-ScT
X-Request-UUID
X-Region-Sid
X-Rewrite-Enabled
X-Rojux
X-S-Cookie
X-SS-Set-Cookie
X-Swa-Ws
X-Vtex-Processado-Em
X-Via-NSCOPI
X-Vtex-Remote-Cache
X-Worker
Xc-Version
X-VG-WebServer
X-Varnish-Action
X-Thinkindot-L3
X-Transaction
X-Trv-Group
X-Twitter-Response-Tags
X-Processor
X-Phone
X-Destination
X-Date
X-Developer
X-DPWN-IS-SECURE
X-External-Request-Id
Apple-News-Services-Handled
X-Core-Value
X-CF-Lambda-Fn
X-Cdn-Origin
X-CF-Lambda-Version
X-Cluster-Name
X-Connection-Hash
X-Fastly-Cache
X-G
X-No-Session
X-ND-Cache
X-NU-AKA-ACS-Version
X-Org
X-PAYTM-SRV-ID
X-Matched-Rule
X-Irp-Debug
X-Gen-Mode
X-Geo-Header
X-Hnp-Log
X-Instart-Info
X-Cache-Info
X-Core-Mission
X-Info
Fastly-SSL
X-TIME
X-ElasticPress-Search
X-Varnish-Cacheable
X-Cdn-Forward
X-Cache-Id
Epwk-Cache
X-Generated-On
ServerName
X-Protected-By
X-Level-Front-Cache
RNT-Time
Server-Host
Resin-Trace
X-PHP-Host
Pramga
X-Debug-Log
X-Planisys-CDN-Cache
X-Page-Type
Request-Country
X-Origin-Expires
X-Owner
Request-EU
RNT-Machine
X-NX-Host
X-IN-APIGATEWAY
X-IN-WAF
X-Instart-Isnd
X-Key
X-Hash
X-Fetched-On
X-Generation-Time
X-Gannett-Site-Version
X-Amz-Meta-Cache-Control
X-Distributor
X-Distil-CS
X-Nginx-Cache-Key
X-App-Version
X-Planisys-CDN-Rules
True-Client-Country-4JS
UCS
X-App-Name
V-Age
AKAMAI
X-Origin-Date
On-Server
X-Server-IP
Country-Code
CDCHOST
X-Webstats-RespID
Esi-Enabled
Backend-Name
Fastly-SWR
Fastly-SIE
X-C
X-Cdn-Srv
X-Via-Edge
X-Cache-FS-Status
X-VC-Cache
X-Cache-Expires
X-Via-SSL
X-Cache-Debug
X-Thanos
Backend
X-Secret
X-Bip
X-Rebelmouse-Surrogate-Control
Memcached
X-Request-URI
X-Reboot
X-Debug-Cookies
X-Release
X-Qloud-Router
X-Rebelmouse-Cache-Control
X-S-Maxage
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-Planisys-CDN-TTL
Gh-Request-Id
X-Nc
Version
X-FireWall-Port
X-Agile-Id
X-CDN-Cache
X-Backend-State
X-Cms-Context
X-CGP
X-Developers
X-Agile-Age
X-Crawler
X-Device-Os
X-Epic-Correlation-Id
X-Auto-Login
X-Dispatcher-Server
X-Eu-Site
SD-X-WS
Ha-Gx-Prefs
Fastly-Soc-X-Request-Id
HA-Ipaddr
Heartbleed
X-Reqid
Is-Eu
Content-Disposition
X-Skip-Cache
X-Variation
Adler-Geo
X-TH-Server
X-WebServer
X-SN
Platform
Request-Time
Wxu-Next-Region
Wxu-Next-Hostname
X-GeoIP-Country-Code
X-GeoIP-City
HTTPS
Wxu-Next-Commit
X-Li-Fabric
X-Location
REQUESTUUID
X-LI-UUID
X-Li-Pop
Who
X-Agile
X-Real-Ip
X-CACHE-GROUP
X-AssetVersion
ProcessTime
X-HS-Combine-CSS
X-Dc
FNAC-ModuleRouting
X-Refresh
X-HS-Cache-Config
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
Server-ID
X-LAGOON
Cache-Hits
Group
Mime-Version
X-Var-Ttl
X-Sf
X-NC
X-WPE-Loopback-Upstream-Addr
X-Load-Cache
Memory
X-LI-Proto
X-IPS-LoggedIn
X-FPC
Time
X-AIR-PT
Mobile-Detection-Method
X-GEO
X-Policy
X-Servername
X-Wix-Request-Id
Akamai-GRN
SS
NtCoent-Length
Amp-Access-Control-Allow-Source-Origin
Cache-Provider
X-Edge-Location
X-Internal-Host
CF-IPCountry
X-CLOUD-TRACE-CONTEXT
Countrycode
X-We-Are-Hiring
X-Clientip
X-Micro-Cache
X-NWS-UUID-VERIFY
Cdn
X-CDN-Forward
X-Parent-Response-Time
X-ZONE
X-CACHE-KEY
X-DC
X-Be
Fastcgi-X-Cache
X-Gdpr
GW-Server
X-Datadome
AR-SID
X-Unique-ID
X-Tb-Optimization-Total-Bytes-Saved
X-COUNTRY
A
X-Cache-URL
RequestId
X-Varnish-Beresp-Ttl
X-Servedbyhost
X-SD-PageType
X-Logtrace-Id
Geoip-City
Geoip-Latitude
GeoIp-Country-Code
X-Apm-Inst-Hash
X-Apm-Svc-Key
Ajk
X-RateLimit-Remaining-Second
X-Apm-App-Name
X-RateLimit-Limit-Second
CF-Cached-On
Ohc-Cache-HIT
X-Ratelimit-Remaining
Ohc-File-Size
PICS-Label
X-Response-By
X-Dynatrace-Js-Agent
X-Zone
HostName
Cf-Ipcountry
X-VCL-Version
X-UPSTREAM-Address
SN
X-APP
X-ECACHE
X-Web-Server
X-Varnish-Beresp-Grace
MIME-Version
X-FORWARDED-FOR
X-Varnish-Beresp-Status
Liferay-Portal
CDN
X-Vcl-Version
WebServer
X-SERVER-NAME
X-Hyper-Cache
X-LiteSpeed-Cache-Control
X-Fastly-Country-Code
Proxy-Firewall
X-Varnish-Beresp-TTL
X-Pf-Uncompressing
X-NodeID
X-HS-Status
X-Fstrz
XServer
Odigeo-Trace-Id
X-Server-Group
X-Lb-Id
X-Request-Start
X-Amzn-Remapped-Date
X-Amzn-Remapped-Connection
X-Aicache-OS
X-Newrelic-Synthetics
X-Cache-Ttl
LB
Is-Session-Tracking
Get-Access-Time
Section-Io-Cache
GeoIP-City
GeoIP-Latitude
GeoIP-Country-Code
X-Newrelic-App-Data
X-Ratelimit-Limit
X-Method
X-Dispatch
X-MServer
X-Pjax-Url
X-Fastly-Backend-Reqs
X-ServedByHost
X-SRV
PFcat
X-Up
Cdn-Request-Time
X-RequestId
X-Edge-Server
Requestid
Cdn-Host
Accept-Ch
X-Check-Cacheable
X-CS
X-VServer
X-CSRF-TOKEN
X-B3-SpanId
X-PF-Uncompressing
X-Amzn-Remapped-Content-Length
X-WA
X-Server-W
X-Dynatrace
X-Nananana
X-Correlation-ID
Host-ID
X-Wa
X-MSEdge-Features
X-Oss-Server-Time
X-Oss-Storage-Class
CACHE
X-Oss-Request-Id
X-Oss-Object-Type
X-MSEdge-Flight
X-Oss-Hash-Crc64ecma
X-Contensis-Viewer-Groups
X-Cache-ASPX
X-Varnish-Authentication
Server-Cache-Control
X-Backend-Host
Server-Surrogate-Control
X-Backend-Url
X-Gateway-Cache-Status
X-Gateway-Skip-Cache
X-F5-Cache
Pragrma
Powered-By
X-Gateway-Cache-Key
X-Debug-Cache-Expiry
Sid
X-Backend-TTL
Lb
X-Compress-Hint
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-Akamai-Request-ID2
X-LB-ID
X-Erf-Bev-Bev
X-User
X-Erf-Bev-Bev-Is-Generated
X-LiteSpeed-Tag
Accept-Language
X-WR-MODIFICATION
X-EC-Lua
X-HTML-Minification-Powered-By
Correlation-Id
TTL
X-Azure-Ref-OriginShield
X-Generated-In
X-Azure-Ref
X-PJAX-URL
X-Powered-By-Defense
X-Got-Non-Ke-Cookie
X-CUA
Dynatrace
X-Urbn-Context-Path
X-Dw-Trace-Id
Locale
189phosttRef
188prxHost
178proxuri
X-Request-Url
219prxHost
225prxHost
Pagetype
X-Urbn-Site-Id
355prline
X-ServerName
X-Cache-Miss-From
X-BC
X-NGINX-Cache
X-Sedo-Request-Id
409pxxline
Cneonction
286prxHost
X-Svr
352pxline
Xxline
X-Clara-WADP
L
X-Fpc
X-Edge
X-Bc
X-WADP-Cache
X-Li-Proto
X-Html-Edge-Cache
X-ABtesting
X-Fastly-Cache-Hits
W
X-Requestid
X-Exp-Se
X-Hello
X-RateLimit-Reset
X-Flog
X-HTML-Edge-Cache
X-Swift-Error
Ttl
Https
Lfy
X-MID
WP-Super-Cache
URI
Dnion-Transfer-Encoding
User-Agent
Warning
X-Cache-Tag
X-Unique-Id
X-Platform
X-CSRF-Token
X-Akamai-SSL-Client-Sid
X-Varnish-Url
X-Via-Ucdn
Magicmarker
RequestUuid
X-BE
X-Edge-IP
N-Cache
X-Mid
X-Request-URL
X-MCACHE
X-Cache-Detail
V-Cache
X-Sucuri-Cache
Server-Id
FSS-Proxy
FSS-Cache
X-Sucuri-ID
Kp-EeAlive
X-Alicdn-Da-Ups-Status
X-App
X-Gen-Id
X-GDPR
Ohc-Response-Time