Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Pragma
X-Powered-By
CF-RAY
Link
X-XSS-Protection
ETag
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-UA-Compatible
Referrer-Policy
X-Served-By
X-Varnish
X-Request-Id
CF-Cache-Status
X-Timer
X-FRAME-OPTIONS
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
Alt-Svc
X-Check
X-Cacheable
X-Xss-Protection
X-Generator
Content-Security-Policy-Report-Only
X-Cache-Status
X-Permitted-Cross-Domain-Policies
X-Ua-Compatible
X-AspNetMvc-Version
P3p
Status
Timing-Allow-Origin
X-Template
Content-Encoding
X-Language
X-DNS-Prefetch-Control
X-Content-Security-Policy
X-Iinfo
Upgrade
X-Buckets
Xkey
X-CDN
X-Request-ID
X-Kinja-Server-Push
X-Turbo-Charged-By
X-Via
Access-Control-Expose-Headers
Keep-Alive
Access-Control-Max-Age
X-AH-Environment
CF-Ray
X-Pass-Why
X-Drupal-Dynamic-Cache
X-Cache-Group
X-Age
X-Backend
X-Server
X-Amz-Id-2
X-Amz-Request-Id
X-Robots-Tag
X-Page-Speed
X-Envoy-Upstream-Service-Time
X-Pingback
X-Hacker
X-Server-Powered-By
X-Varnish-Cache
X-Nginx-Cache-Status
EagleId
X-Proxy-Cache
Grace
X-UA-Device
Request-Context
Cf-Railgun
WPE-Backend
X-Swift-CacheTime
X-Amz-Version-Id
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-WebKit-CSP
X-LiteSpeed-Cache
X-Device
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-OneAgent-JS-Injection
X-Server-Id
Feature-Policy
X-Ac
X-Node
Content-Location
X-Rq
X-Host
EagleEye-TraceId
X-Cnection
Allow
Server-Timing
X-Backend-Server
Report-To
X-Response-Time
X-Cache-Lookup
X-Dns-Prefetch-Control
X-Application-Context
Request-Id
Surrogate-Control
X-Origin-Cache
X-Readtime
X-ORACLE-DMS-ECID
Pinterest-Generated-By
X-Cloud-Trace-Context
X-CST
X-Rack-Cache
X-Ruxit-JS-Agent
X-FTR-Request-ID
X-Vhost
NEL
X-HW
X-Clacks-Overhead
X-Country
X-Country-Code
X-DynaTrace
Rating
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Instart-Request-ID
X-Goog-Hash
X-Origin-Upstream-Status
X-Mod-Pagespeed
X-Dispatcher
X-Url
X-DataDome
Edge-Control
X-Px
X-VARITI-CCR
X-PC
X-Vname
X-TtlSet
Service-Worker-Allowed
X-MS-InvokeApp
Accept-CH
Verso
X-Server-Name
X-DataStream-Cache-Status
X-Varnish-TTL
X-Kinja-Revision
X-Exp-Variant
X-Kinja-Build
X-Cdn-Fetch
X-Exp-Id
X-GoogleNews-Bot
X-Kinja
X-Kinja-Server
X-Use-Magma
X-Powered-By-Plesk
X-ESI
X-Recruiting
AR-ATIME
AR-PoweredBy
AR-CACHE
SPRequestGuid
X-Vcap-Request-Id
X-GitHub-Request-Id
MS-Author-Via
X-D2id
X-Amz-Server-Side-Encryption
AR-Request-ID
Content-MD5
Public-Key-Pins
X-Version
X-ORACLE-DMS-RID
X-Abt-Application-Version
X-Cached
RTSS
PB-PID
X-Mobile-Rewrite
Arc-Version
PB-RID
X-SharePointHealthScore
Nginx-Cache
X-Middleton-Response
X-Middleton-Display
Display
X-DynaTrace-JS-Agent
X-Sol
Response
X-Ttl
Pinterest-Version
X-Upstream-Proxy
X-Pinterest-Rid
X-Navigation-Version
Ar-Sid
DynaTrace
Charset
X-Amz-Rid
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
Realpath
X-Oracle-Dms-Rid
ServerID
X-Akam-SW-Version
X-Powered-CMS
X-Client-IP
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Forwarded-Proto
X-XRDS-Location
X-FTR-Cache-Status
X-FTR-Backend-Server
X-FTR-Balancer
Fusion-Component-Id
Fusion-Content-Id
X-Country-Code-Real
X-FTR-Realm
Fusion-Content-Source
X-FTR-DC
Fusion-Source
X-FTR-Backend
Fusion-Template-Id
X-Trace
X-FTR-Expires
X-Shield-Request-Id
X-B3-TraceId
TCN
X-VCache
X-Goog-Storage-Class
X-Cdn
X-Amz-Meta-S3cmd-Attrs
X-Ser
X-Dw-Request-Base-Id
SPIisLatency
SPRequestDuration
X-RateLimit-Remaining
X-Debug
X-Id
Alternate-Protocol
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Fastly-Request-ID
X-FTR-Cache-Host
Paypal-Debug-Id
X-Shard
X-Varnish-Age
X-Upstream
S
X-Server-ID
X-Litespeed-Cache
Fastcgi-Cache
X-Acc-Meta-Resource-Type
X-Hits
X-TTL
X-T
X-MSEdge-Ref
Host
X-Ezoic-Cdn
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
MRF-Tech
MicrosoftSharePointTeamServices
Mrf-Cache-Status
X-NF-Request-ID
X-B3-TraceId-Primal
Front-End-Https
X-Logged-In
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
X-Content-Digest
X-Frontend
Access-Control-Request-Method
Arr-Disable-Session-Affinity
X-DIS-Request-ID
X-N
X-HS-Hub-Id
X-HS-Content-Id
Server-Name
X-Amzn-Trace-Id
X-Fastcgi-Cache
X-Kinsta-Cache
X-IPLB-Instance
X-Grace
X-Forwarded-For
X-Pad
X-B3-Sampled
Accept-CH-Lifetime
X-Srv
Pagespeed
X-Request-Handler-Origin-Region
X-Microsite
Tracecode
X-Content-Type
FilterID
Edge-Cache-Tag
X-Accel-Expires
X-AOL-HN
AMP-Access-Control-Allow-Source-Origin
X-LB-Cache
TP-L2-Cache
Surrogate-Key
TP-Cache
X-Rid
X-Debug-Info
X-Type
X-Node-Name
X-Request-Processing-Time
X-Request-Received
X-Via-JSL
Backend-Timing
X-Analytics
X-Hostname
X-Page-Id
Accept-Charset
X-Webkit-Csp
X-GUploader-UploadID
X-Whom
X-Revision
X-FastCGI-Cache
X-RateLimit-Limit
Healthy
X-Content-Options
X-Cache-Rule
X-Varnish-Backend
X-Cache-2
X-NWS-LOG-UUID
X-Content-Powered-By
X-Content-Security-Policy-Report-Only
Host-Header
X-Cache-Age
Accept-Ch-Lifetime
X-User-Agent
X-TT
X-Framework
X-Amz-Replication-Status
X-Mobile
X-Cache-Control
X-Cached-By
X-FB-Debug
X-Varnish-Hostname
Powered
X-PHP-Backend
Source
X-Tumblr-User
X-App-Environment
X-Correlation-Id
X-Tumblr-Pixel
X-Request-Guid
X-Tumblr-Pixel-0
Upgrade-Insecure-Requests
X-Cluster
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Akamai-Edgescape
X-BCube-Filmed-By
X-Instance
X-Varnish-Grace
Cache-Status
X-Iejgwucgyu
Fastly-Restarts
X-B3-Traceid
Cleartype
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Cache-Hit
X-AppVersion
X-Activity-Id
X-Az
Access-Control-Allow-Method
X-Jobs
Server-Info
Retry-After
X-Drupal-Cache-Tags
X-Zen-Fury
X-Cache-TTL
X-Platform-Server
X-Cache-Key
X-Cache-Remote
X-ATG-Version
X-CF-Powered-By
X-Oneagent-Js-Injection
X-FW-Type
X-FW-Server
X-FW-Serve
X-FW-Hash
Actual-Object-TTL
X-FW-Static
X-Cache-Action
X-Forwarded-Host
PageSpeed
X-Geo-Country
X-Cache-Operation
Cache-Tags
X-Response-Served-From
Server-Node
X-WebKit-CSP-Report-Only
Cache
Payment
X-URL
X-Adobe-Loc
X-Adobe-Content
X-ProcessESI
X-RemovedCookies
X-Yottaa-Metrics
X-Varnish-Hits
Filters
Eomportal-Instance
X-Yottaa-Optimizations
X-Vcache
X-TT-TIMESTAMP
X-Content-Age
X-TX-ID
X-F-Cache
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-Storage
X-Handled-By
X-VG-WebCache
X-UA-Device-Type
X-Cacheable-TTL
X-GeoIP
X-RequestSource
Cache-Tv-Group
X-Cache-NE
X-B
X-Real-IP
X-Daa-Tunnel
DC
Refresh
X-Redis-Cache
Cache-Tag
MS-CV
X-Git-Hash
X-Accel-Buffering
X-Esi
From-Origin
Nel
Frame-Options
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
Viewport
X-Guploader-Uploadid
X-Host-Name
Webserver
X-PressLabs-Stats
X-App-Server
X-UUID
X-XRDS-LOCATION
X-Origin-Server
X-WA-Info
X-Rendered-As
Datacenter
X-TA-CDN-Provider
X-Contextid
Xserver
X-Magnolia-Registration
X-Cache-TTL-Remaining
X-Mode
X-FW-Dynamic
X-FB-TRIP-ID
X-Cache-Enabled
Country
X-Varnish-Server
X-Locale
X-Routing-Service
Machine
X-RN-RSRV
Load-Balancing
X-NGENIX-Cache
X-Cache-Var-Map
X-Www-Served-By
X-Rule
X-Hl-Ver
GEO-INFO
X-Zipkin-Id
X-From
X-Proxied
Meta-Geo
X-Path-Route
X-Upstream-HT
X-ES-SERVER
X-Trace-Id
X-Cache-Var
X-Upstream-CT
X-Backend-Name
X-BYPASS-REASON
X-Rocket-Nginx-Bypass
X-Cache-Config
X-Goog-Meta-Goog-Reserved-File-Mtime
X-NCache
NGX
X-Signature
ServedBy
X-ProxyCache-Status
X-ServerID
X-B-Cache
X-ProxyCache-Key
X-Web-Node
Cache-Key
X-Viewer-Country
X-APP-VERSION
X-PCL
X-Proto
Now
Mn-Server-Ip
X-VG-TLSProxy
L5d-Success-Class
Origin-Cache-Control
X-EIG-Tracking-Id
X-R9-Blue-Green-Version
X-Environment-Context
Vix-Hermes-Req-Id
X-FC-Vary-Parameters
X-Hosted-By
Uber-Trace-Id
X-L-Path
X-Pubstack
X-Debug-Cache
X-Region
X-JoinUs
X-Labrador-Cache-Channel
X-Upgrade-Enabled
Origin-Edge-Control
X-Human
X-Cache-Host
X-OCL
X-CCM
X-Cache-Backend
X-AWS-Id
X-Akamai-Request-ID
X-Cache-Category-Id
X-Vgn-Hpd-Reason
X-RCS-CacheZone
X-Tumblr-Pixel-3
X-TNCMS
X-Detected-As
X-EdgeConnect-Cache-Status
X-Site-Version
X-Varnish-Cache-Hits
X-Varnish-IP
X-Via-Fastly
X-VWS-Id
X-Origin-Response-Time
X-S
X-Grey
X-Hit
X-Loop
X-Is-Bot
X-LJ-Flow-ID
X-Generated
X-Device-Type
Cteonnt-Length
X-MP-GENERATED-AT
X-Xfnlog-Site
X-VCT
Mail-Subject
DB-Nickname
X-Section
We-Hiring
X-Access
Selected-FE
Release
X-Proxy-Build
X-Timing-Wait
DSUID
OT-Force-Account-Verify
X-BACKEND-TTL
X-Ua
X-Ratelimit-Reset
X-B3-Spanid
Cache-Name
X-Mobile-URL
X-Hp-Webp
Powered-By-ChinaCache
X-Drupal-Cache-Contexts
X-NewRelic-App-Data
Rt-Fastcgi-Cache
X-Nginx-Cache
X-Tb
HitType
X-Webkit-CSP
X-Seen-By
SRV
S-Cnection
X-Cache-Grace
X-Presslabs-Stats
X-Source
Fastcgi-Useragent
Served-By
X-Generated-By
X-UnsetCookies
X-RTag
Ms-Operation-Id
X-Format
X-Cluster-Node
X-Birta-Cache-Post
X-Birta-Served
X-Proxy
Hostname
X-Cache-Server
X-Geo
X-Time
X-ApacheServer
X-CLOUD-TRACE-CONTEXT
X-PERF
X-OVcl
X-Microcachable
X-OVcl-Cache
X-Akamai-Transformed
X-Time-Microsecs
Azure-SlotName
X-IP
Azure-Version
Azure-InstanceId
Azure-RegionName
Azure-SiteName
X-ShardId
TWC-GeoIP-LatLong
Webcakes-App-Version
X-ShopId
TWC-GeoIP-Country
Access-Control-Request-Headers
Webcakes-Region
X-Shopify-Stage
Webcakes-App-Name
TWC-Privacy
X-GRACE
X-Via-CDN
Decoy-Debug-Status
Decoy-Debug-Key
TWC-Locale-Group
Decoy-Debug-TTL
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-Alternate-Cache-Key
X-Origin-Hint
X-Endurance-Cache-Level
X-Status
X-FW-Version
Property-Id
TWC-Connection-Speed
TWC-Device-Class
Fastcgi-X-Cache-Version
S-Rt
X-UA
X-Origin
X-B3-Parentspanid
IBM-Web2-Location
Origin
X-Origin-CC
X-Origin-TTL
X-Ruxit-Js-Agent
X-Nc
Ec-Rule-Version
Proxy-Connection
X-Request-Time
WZWS-RAY
X-Core-Value
X-No-Session
X-NU-AKA-ACS-Version
X-BBXSRF
Thinkindot-CacheControl
X-External-Request-Id
Thinkindot-Control
Thinkindot-CacheControl-Type
X-Org
X-ND-Cache
X-Fastly-Cache
IsBot
MD5-Digest
BehaviorPad-Version
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
AsisCache
Arc-Country
NGB
Fly-Request-Id
Apple-News-Services-Request-Url
Fly-Cache
Cache-Cookie-Set-Lfrom
X-Developer
Content-Style-Type
Cross-Origin-Window-Policy
Content-Script-Type
X-Geo-Header
Cache-Prefix
Node
Rendered-Blocks
GEO-REGION-INFO
X-Gen-Mode
X-Date
Rt-Proxy-Cache
X-Irp-Debug
Fastly-SSL
X-Destination
X-Matched-Rule
Server-Int
X-D
X-Instart-Info
X-IN-WAF
Apple-News-Services-Parsed-Url
X-G
Meta-Geo-Continent
Apple-News-Services-Host
Apple-News-Services-Handled
X-IN-APIGATEWAY
X-Hnp-Log
X-Info
X-A
X-Accel-Expires-Debug
X-Swa-Ws
X-PAYTM-SRV-ID
X-Application
X-CF-Lambda-Fn
X-Aed
X-SS-Set-Cookie
X-SRCache-Key
X-Block-Status
X-SIPLIST1
X-CF-Lambda-Version
X-ARC
X-Sn-Servicetimems
X-Thinkindot-L3
X-Transaction
X-Cache-Info
X-VG-WebServer
X-Via-NSCOPI
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
X-Cache-Bucket
X-Cdn-Origin
X-Twitter-Response-Tags
X-Trv-Group
Xc-Version
X-Worker
X-Varnish-Action
X-ServiceProvider
X-A-Wwc
X-B-Cookie
X-Connection-Hash
X-Server-Time
X-Region-Sid
X-Cluster-Name
Web-Mar-Node
VivaBuild
X-Core-Mission
X-Phone
User-Cache-Control
X-Processor
Viewtype
X-DPWN-IS-SECURE
Www
X-A-Ccd
X-A-Dam
X-A-Dcw
X-Served-From
X-A-Dgt
X-S-Cookie
X-ScT
X-Request-UUID
X-Rojux
X-Rewrite-Enabled
X-ElasticPress-Search
X-Cdn-Forward
X-TIME
X-C
X-Cache-FS-Status
X-Cache-Expires
X-App-Name
On-Server
Memcached
X-Distil-CS
X-Cache-Debug
X-Distributor
X-Bip
RNT-Machine
Server-Host
X-Debug-Cookies
RNT-Time
ServerName
V-Age
True-Client-Country-4JS
UCS
Resin-Trace
X-Debug-Log
Request-Country
X-Cache-Id
X-Amz-Meta-Cache-Control
X-Cdn-Srv
Request-Time
Request-EU
Pramga
X-Origin-Date
X-Reboot
X-Rebelmouse-Surrogate-Control
X-Release
X-Reqid
X-S-Maxage
X-Request-URI
X-Rebelmouse-Cache-Control
X-Qloud-Router
X-Owner
X-Origin-Expires
X-Page-Type
X-PHP-Host
X-Planisys-CDN-TTL
X-Planisys-CDN-Cache
X-Secret
X-Server-IP
X-Wikidot-Static-Cache
X-Wikidot-Backend
Epwk-Cache
X-Generated-On
X-Protected-By
X-Level-Front-Cache
X-Webstats-RespID
X-Via-SSL
X-App-Version
X-Thanos
X-Varnish-Cacheable
X-VC-Cache
X-Via-Edge
X-NX-Host
X-Planisys-CDN-Rules
AKAMAI
X-Hash
Fastly-SWR
X-Generation-Time
Backend
CDCHOST
Country-Code
X-Nginx-Cache-Key
Fastly-SIE
Esi-Enabled
X-Gannett-Site-Version
Backend-Name
Gh-Request-Id
X-Fetched-On
X-Key
X-Instart-Isnd
X-FireWall-Port
Version
X-Developers
HTTPS
X-CDN-Cache
X-Device-Os
X-Eu-Site
X-WebServer
REQUESTUUID
X-Dispatcher-Server
X-Skip-Cache
X-Li-Pop
X-Li-Fabric
X-HS-Combine-CSS
X-Epic-Correlation-Id
X-LI-UUID
X-Crawler
X-Location
X-Refresh
X-Cms-Context
X-TH-Server
X-GeoIP-City
X-SN
X-GeoIP-Country-Code
X-HS-Cache-Config
X-CGP
X-Variation
X-Auto-Login
Wxu-Next-Commit
Who
SD-X-WS
Wxu-Next-Hostname
Wxu-Next-Region
X-Agile-Age
X-Agile
ProcessTime
Platform
Fastly-Soc-X-Request-Id
Adler-Geo
Ha-Gx-Prefs
HA-Ipaddr
Is-Eu
Heartbleed
X-Agile-Id
Content-Disposition
X-Backend-State
X-Real-Ip
X-CACHE-GROUP
X-AssetVersion
X-LAGOON
X-Dc
X-SVT-ORM-RULES
FNAC-ModuleRouting
X-SVT-ORM-VERSION
Server-ID
Group
Cache-Hits
X-Sf
Mime-Version
X-Var-Ttl
X-IPS-LoggedIn
X-WPE-Loopback-Upstream-Addr
X-Load-Cache
X-FPC
X-AIR-PT
Time
Memory
X-LI-Proto
X-Policy
Mobile-Detection-Method
X-Servername
X-NC
X-Wix-Request-Id
NtCoent-Length
Akamai-GRN
Cache-Provider
SS
Amp-Access-Control-Allow-Source-Origin
X-Internal-Host
Cdn
CF-IPCountry
X-Micro-Cache
X-Edge-Location
X-We-Are-Hiring
X-GEO
Countrycode
X-Clientip
X-CDN-Forward
X-NWS-UUID-VERIFY
X-Parent-Response-Time
X-CACHE-KEY
X-ZONE
X-DC
GW-Server
Fastcgi-X-Cache
X-Gdpr
X-Be
X-Unique-ID
AR-SID
X-Datadome
X-Tb-Optimization-Total-Bytes-Saved
RequestId
A
X-Cache-URL
X-Varnish-Beresp-Ttl
Geoip-City
X-Logtrace-Id
GeoIp-Country-Code
X-SD-PageType
CF-Cached-On
HostName
Geoip-Latitude
X-RateLimit-Limit-Second
X-Apm-Inst-Hash
X-Apm-Svc-Key
Ajk
X-Apm-App-Name
Accept-Ch
X-RateLimit-Remaining-Second
X-Servedbyhost
Ohc-File-Size
Ohc-Cache-HIT
X-Ratelimit-Remaining
PICS-Label
X-Response-By
X-Dynatrace-Js-Agent
X-Zone
Cf-Ipcountry
X-UPSTREAM-Address
SN
X-Ratelimit-Limit
X-Vcl-Version
X-APP
Liferay-Portal
X-Varnish-Beresp-Status
MIME-Version
X-Varnish-Beresp-Grace
X-ECACHE
X-Web-Server
WebServer
X-SERVER-NAME
X-VCL-Version
X-LiteSpeed-Cache-Control
Proxy-Firewall
X-NodeID
X-Varnish-Beresp-TTL
X-Newrelic-Synthetics
X-Fastly-Country-Code
X-Fstrz
CDN
Odigeo-Trace-Id
X-Aicache-OS
X-Hyper-Cache
X-Pf-Uncompressing
X-HS-Status
X-Lb-Id
X-Request-Start
X-Amzn-Remapped-Date
X-Amzn-Remapped-Connection
X-Server-Group
X-Cache-Ttl
LB
GeoIP-Latitude
X-ServedByHost
Section-Io-Cache
XServer
GeoIP-Country-Code
Get-Access-Time
Is-Session-Tracking
GeoIP-City
X-FORWARDED-FOR
X-Newrelic-App-Data
X-Pjax-Url
X-Fastly-Backend-Reqs
X-Method
X-MServer
X-Dispatch
X-SRV
Cdn-Host
X-Edge-Server
PFcat
Cdn-Request-Time
X-Up
Requestid
X-COUNTRY
X-RequestId
X-Check-Cacheable
X-PF-Uncompressing
X-B3-SpanId
X-VServer
X-Amzn-Remapped-Content-Length
X-CS
X-WA
X-Server-W
X-CSRF-TOKEN
X-Nananana
X-Dynatrace
X-Correlation-ID
X-MSEdge-Features
Server-Cache-Control
X-Contensis-Viewer-Groups
X-Wa
X-Cache-ASPX
X-Backend-Host
Server-Surrogate-Control
X-Backend-Url
X-MSEdge-Flight
X-Varnish-Authentication
X-Oss-Request-Id
X-Oss-Server-Time
X-Oss-Storage-Class
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
Host-ID
X-Gateway-Cache-Status
X-Gateway-Skip-Cache
X-Debug-Cache-Expiry
X-Gateway-Cache-Key
X-Debug-Cache-Fetch
X-Backend-TTL
X-Debug-Cache-Store
X-F5-Cache
X-Erf-Bev-Bev
X-LiteSpeed-Tag
X-User
Powered-By
X-LB-ID
Sid
Lb
X-Akamai-Request-ID2
X-Erf-Bev-Bev-Is-Generated
X-Compress-Hint
Pragrma
Accept-Language
X-WR-MODIFICATION
X-CUA
Correlation-Id
X-HTML-Minification-Powered-By
TTL
X-Azure-Ref
X-Azure-Ref-OriginShield
X-EC-Lua
X-Powered-By-Defense
X-PJAX-URL
X-Generated-In
X-Got-Non-Ke-Cookie
Dynatrace
X-ServerName
225prxHost
219prxHost
X-Request-Url
352pxline
X-Cache-Miss-From
355prline
286prxHost
X-Sedo-Request-Id
X-Svr
X-Urbn-Site-Id
X-Urbn-Context-Path
X-NGINX-Cache
CACHE
X-BC
409pxxline
Xxline
178proxuri
188prxHost
189phosttRef
Locale
Pagetype
X-Dw-Trace-Id
Cneonction
X-RateLimit-Reset
X-Edge
X-Li-Proto
X-Fastly-Cache-Hits
X-Hello
X-Exp-Se
X-Bc
X-Flog
X-Swift-Error
X-Clara-WADP
X-ABtesting
X-Requestid
W
L
X-Html-Edge-Cache
X-HTML-Edge-Cache
X-WADP-Cache
X-Fpc
Warning
X-CSRF-Token
Ttl
User-Agent
URI
X-MID
X-Platform
WP-Super-Cache
Https
Dnion-Transfer-Encoding
X-Unique-Id
Lfy
X-Cache-Tag
X-Akamai-SSL-Client-Sid
X-Sucuri-Cache
X-Mid
X-MCACHE
X-BE
X-Request-URL
X-Via-Ucdn
N-Cache
Magicmarker
X-Sucuri-ID
RequestUuid
FSS-Cache
Kp-EeAlive
Server-Id
X-App
V-Cache
X-Alicdn-Da-Ups-Status
X-Gen-Id
Ohc-Response-Time
FSS-Proxy
X-GDPR
X-Cache-Detail