Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Pragma
X-Powered-By
CF-RAY
Link
ETag
X-XSS-Protection
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-UA-Compatible
Referrer-Policy
X-Served-By
X-FRAME-OPTIONS
X-Varnish
CF-Cache-Status
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-Xss-Protection
X-Drupal-Cache
X-Adblock-Key
Alt-Svc
X-Check
X-Cacheable
X-Generator
Content-Security-Policy-Report-Only
X-Cache-Status
X-Permitted-Cross-Domain-Policies
X-Ua-Compatible
X-AspNetMvc-Version
Status
Timing-Allow-Origin
X-Template
Content-Encoding
X-Language
X-Request-ID
X-Content-Security-Policy
X-Iinfo
X-DNS-Prefetch-Control
Upgrade
X-Buckets
Xkey
X-CDN
P3p
X-Kinja-Server-Push
X-Turbo-Charged-By
X-Via
Keep-Alive
Access-Control-Expose-Headers
Access-Control-Max-Age
CF-Ray
X-AH-Environment
X-Pass-Why
X-Drupal-Dynamic-Cache
X-Cache-Group
X-Age
X-Backend
X-Server
X-Amz-Id-2
X-Amz-Request-Id
X-Robots-Tag
X-Page-Speed
X-Envoy-Upstream-Service-Time
X-Pingback
X-Hacker
X-Server-Powered-By
X-Varnish-Cache
X-Nginx-Cache-Status
EagleId
X-Proxy-Cache
Grace
X-UA-Device
Request-Context
WPE-Backend
Cf-Railgun
X-Swift-CacheTime
X-Swift-SaveTime
X-Amz-Version-Id
Ali-Swift-Global-Savetime
X-WebKit-CSP
X-Device
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-LiteSpeed-Cache
X-Server-Id
X-OneAgent-JS-Injection
Feature-Policy
X-Node
X-Ac
X-Dns-Prefetch-Control
X-Rq
Content-Location
X-Host
EagleEye-TraceId
X-Cnection
Allow
Server-Timing
Report-To
X-Backend-Server
X-Response-Time
X-Cache-Lookup
X-Application-Context
Request-Id
Surrogate-Control
X-Readtime
X-Origin-Cache
X-ORACLE-DMS-ECID
X-Cloud-Trace-Context
Pinterest-Generated-By
X-CST
NEL
X-Ruxit-JS-Agent
X-Rack-Cache
X-FTR-Request-ID
X-Vhost
X-HW
X-Clacks-Overhead
X-Country
X-DynaTrace
X-Country-Code
Rating
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Instart-Request-ID
X-Goog-Hash
X-Dispatcher
X-Mod-Pagespeed
X-Url
X-Origin-Upstream-Status
X-DataDome
Edge-Control
X-VARITI-CCR
X-Px
Accept-CH
X-Vname
X-PC
X-TtlSet
Service-Worker-Allowed
X-MS-InvokeApp
Verso
X-Server-Name
X-DataStream-Cache-Status
X-Exp-Variant
X-Kinja-Build
X-Kinja-Revision
X-Kinja-Server
X-Kinja
X-Use-Magma
X-Varnish-TTL
X-Exp-Id
X-Cdn-Fetch
X-GoogleNews-Bot
X-Powered-By-Plesk
X-ESI
AR-CACHE
AR-PoweredBy
AR-ATIME
X-Recruiting
X-Vcap-Request-Id
X-GitHub-Request-Id
SPRequestGuid
MS-Author-Via
X-D2id
X-Amz-Server-Side-Encryption
AR-Request-ID
Public-Key-Pins
X-ORACLE-DMS-RID
X-Version
Content-MD5
X-Abt-Application-Version
X-Cached
RTSS
Arc-Version
PB-PID
PB-RID
X-Mobile-Rewrite
Nginx-Cache
DynaTrace
X-SharePointHealthScore
X-Middleton-Response
X-Sol
X-Middleton-Display
Response
Display
X-Ttl
X-Pinterest-Rid
X-Upstream-Proxy
Pinterest-Version
Ar-Sid
X-Navigation-Version
X-DynaTrace-JS-Agent
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-Goog-Generation
X-Amz-Rid
Charset
X-Oracle-Dms-Rid
Realpath
X-VCache
X-XRDS-Location
ServerID
X-Akam-SW-Version
X-Powered-CMS
X-Client-IP
X-Forwarded-Proto
X-FTR-Balancer
X-FTR-Cache-Status
X-Country-Code-Real
X-FTR-Backend
X-FTR-DC
X-FTR-Realm
X-FTR-Backend-Server
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-FTR-Expires
X-Cdn
X-B3-TraceId
X-Trace
X-Shield-Request-Id
X-Litespeed-Cache
Fusion-Component-Id
Fusion-Content-Id
TCN
Fusion-Source
Fusion-Template-Id
Fusion-Content-Source
X-Amz-Meta-S3cmd-Attrs
X-Goog-Storage-Class
X-Ser
X-Debug
SPIisLatency
X-Dw-Request-Base-Id
SPRequestDuration
X-Id
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Fastly-Request-ID
X-FTR-Cache-Host
X-RateLimit-Remaining
Alternate-Protocol
Paypal-Debug-Id
X-Upstream
X-Shard
X-Varnish-Age
S
X-TTL
X-Hits
X-Acc-Meta-Resource-Type
X-T
Fastcgi-Cache
X-MSEdge-Ref
Host
X-Ezoic-Cdn
X-NF-Request-ID
X-B3-TraceId-Primal
MicrosoftSharePointTeamServices
X-Mrf-Item-Lastmod
MRF-Tech
Mrf-Cache-Status
X-Mrf-Section-Lastmod
X-Content-Digest
Front-End-Https
X-Logged-In
X-Frontend
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
Arr-Disable-Session-Affinity
Access-Control-Request-Method
X-HS-Hub-Id
X-HS-Content-Id
X-Server-ID
X-DIS-Request-ID
X-N
Server-Name
X-Amzn-Trace-Id
Accept-CH-Lifetime
X-Fastcgi-Cache
X-IPLB-Instance
X-Kinsta-Cache
X-Pad
X-B3-Sampled
X-Forwarded-For
X-Srv
Tracecode
X-Request-Handler-Origin-Region
X-Microsite
X-Content-Type
FilterID
X-Accel-Expires
TP-Cache
Edge-Cache-Tag
Surrogate-Key
X-LB-Cache
X-Grace
X-AOL-HN
TP-L2-Cache
X-Rid
AMP-Access-Control-Allow-Source-Origin
X-Debug-Info
X-Node-Name
X-Type
X-Request-Processing-Time
X-Request-Received
Pagespeed
X-Analytics
X-Via-JSL
Backend-Timing
X-Hostname
X-Iejgwucgyu
X-Page-Id
Accept-Charset
X-Webkit-Csp
X-Revision
X-GUploader-UploadID
X-Content-Options
X-RateLimit-Limit
X-Whom
X-FastCGI-Cache
Healthy
X-Varnish-Backend
X-Cache-Rule
X-User-Agent
X-Cache-Age
X-Content-Security-Policy-Report-Only
X-Cache-2
X-Content-Powered-By
X-Framework
X-Mobile
Host-Header
X-Amz-Replication-Status
X-TT
X-PHP-Backend
X-FB-Debug
Powered
X-NWS-LOG-UUID
X-Cache-Control
X-Cached-By
X-Cluster
VIX-Pulpo-Node
X-Tumblr-Pixel-0
VIX-Pulpo-Upstream-Status
X-Tumblr-User
X-Varnish-Hostname
X-Tumblr-Pixel
X-Request-Guid
Source
X-App-Environment
X-Varnish-Grace
X-BCube-Filmed-By
X-Correlation-Id
X-Akamai-Edgescape
Upgrade-Insecure-Requests
X-Instance
Cache-Status
Fastly-Restarts
X-Amz-Apigw-Id
X-Amzn-RequestId
X-B3-Traceid
X-AppVersion
X-Activity-Id
X-Cache-Hit
X-Az
Cleartype
Access-Control-Allow-Method
Accept-Ch-Lifetime
X-Drupal-Cache-Tags
X-Jobs
Retry-After
X-Zen-Fury
Server-Info
PageSpeed
X-Platform-Server
X-Cache-TTL
X-Cache-Remote
X-Cache-Key
X-ATG-Version
X-FW-Server
X-FW-Serve
X-FW-Type
X-FW-Static
X-Oneagent-Js-Injection
X-FW-Hash
X-CF-Powered-By
X-Cache-Action
X-Forwarded-Host
Actual-Object-TTL
Cache-Tags
X-Geo-Country
X-Webkit-CSP
X-Real-IP
Server-Node
X-Cache-Operation
X-WebKit-CSP-Report-Only
X-Response-Served-From
Payment
X-URL
X-F-Cache
X-RemovedCookies
X-Tumblr-Pixel-1
X-ProcessESI
X-Content-Age
X-Adobe-Content
X-Adobe-Loc
X-Tumblr-Pixel-2
X-TT-TIMESTAMP
X-Handled-By
X-Yottaa-Optimizations
X-Cacheable-TTL
Eomportal-Instance
X-VG-WebCache
X-Yottaa-Metrics
X-Varnish-Hits
MS-CV
X-Cache-NE
Filters
X-Storage
X-RequestSource
X-GeoIP
Cache-Tv-Group
X-TX-ID
X-UA-Device-Type
DC
X-B
Refresh
X-Redis-Cache
Cache
X-Daa-Tunnel
X-TA-CDN-Provider
Cache-Tag
X-Esi
From-Origin
X-Git-Hash
Frame-Options
X-Kong-Upstream-Latency
X-Guploader-Uploadid
X-Kong-Proxy-Latency
X-Accel-Buffering
Viewport
X-Host-Name
X-Origin-Server
X-PressLabs-Stats
X-WA-Info
X-UUID
Webserver
X-App-Server
Datacenter
X-Rendered-As
X-Contextid
X-FW-Dynamic
X-Magnolia-Registration
X-Mode
X-Varnish-Server
X-FB-TRIP-ID
X-Cache-TTL-Remaining
X-Locale
Country
Xserver
X-Cache-Enabled
Load-Balancing
X-Signature
X-Rule
X-Hl-Ver
X-Cache-Var
Machine
X-Proxied
X-Vcache
X-Zipkin-Id
X-Www-Served-By
X-Cache-Var-Map
GEO-INFO
Meta-Geo
X-Trace-Id
X-XRDS-LOCATION
X-RN-RSRV
X-Path-Route
X-Routing-Service
X-B-Cache
X-ES-SERVER
X-From
X-Cache-Config
X-Upstream-CT
X-Upstream-HT
X-Backend-Name
X-NCache
NGX
X-Web-Node
X-Region
X-Goog-Meta-Goog-Reserved-File-Mtime
ServedBy
Vix-Hermes-Req-Id
X-EIG-Tracking-Id
X-Detected-As
X-Hosted-By
X-Vgn-Hpd-Reason
X-FC-Vary-Parameters
X-Is-Bot
X-JoinUs
X-R9-Blue-Green-Version
X-APP-VERSION
X-Human
Origin-Edge-Control
X-Upgrade-Enabled
X-Proto
X-Rocket-Nginx-Bypass
Cache-Key
Uber-Trace-Id
X-VG-TLSProxy
L5d-Success-Class
Origin-Cache-Control
X-Cache-Host
X-Viewer-Country
X-ServerID
Mn-Server-Ip
X-CCM
X-Environment-Context
X-Debug-Cache
Now
X-Akamai-Request-ID
X-AWS-Id
X-Device-Type
X-Loop
X-Via-Fastly
X-Pubstack
X-EdgeConnect-Cache-Status
X-VWS-Id
X-Varnish-IP
X-Varnish-Cache-Hits
X-Site-Version
X-TNCMS
X-Tumblr-Pixel-3
X-PCL
X-Generated
X-OCL
X-MP-GENERATED-AT
X-LJ-Flow-ID
X-Origin-Response-Time
X-L-Path
X-Labrador-Cache-Channel
X-Hit
X-Section
DSUID
X-Timing-Wait
Release
Selected-FE
X-Cache-Backend
Cteonnt-Length
X-Grey
Nel
X-ProxyCache-Status
X-Cache-Category-Id
X-ProxyCache-Key
X-Proxy-Build
X-BYPASS-REASON
X-RCS-CacheZone
X-Access
X-VCT
We-Hiring
DB-Nickname
Mail-Subject
X-S
X-NGENIX-Cache
OT-Force-Account-Verify
X-Ua
X-BACKEND-TTL
X-Xfnlog-Site
X-Drupal-Cache-Contexts
Cache-Name
X-Hp-Webp
X-Mobile-URL
X-Tb
X-B3-Spanid
HitType
SRV
X-Ratelimit-Reset
Rt-Fastcgi-Cache
Powered-By-ChinaCache
X-NewRelic-App-Data
X-Presslabs-Stats
X-Source
X-RTag
X-Seen-By
X-Cache-Grace
Ms-Operation-Id
X-UnsetCookies
X-Nginx-Cache
X-Generated-By
Served-By
S-Cnection
X-Format
X-Proxy
Fastcgi-Useragent
X-Birta-Cache-Post
X-GRACE
X-Birta-Served
X-Cluster-Node
X-Cache-Server
Hostname
X-OVcl
X-OVcl-Cache
X-PERF
X-ApacheServer
X-Time
X-IP
Azure-Version
Azure-SlotName
Azure-InstanceId
Azure-RegionName
X-Geo
Azure-SiteName
TWC-GeoIP-Country
Webcakes-Region
X-Origin-Hint
TWC-Privacy
X-Time-Microsecs
Webcakes-App-Name
TWC-Locale-Group
Webcakes-App-Version
TWC-GeoIP-LatLong
TWC-Device-Class
X-Via-CDN
Property-Id
X-FW-Version
Access-Control-Request-Headers
X-Akamai-Transformed
TWC-Connection-Speed
X-Microcachable
X-B3-Parentspanid
S-Rt
Origin
Decoy-Debug-Key
Decoy-Debug-Status
X-Sorting-Hat-ShopId
Decoy-Debug-TTL
X-Alternate-Cache-Key
X-Endurance-Cache-Level
X-ShardId
X-ShopId
X-Shopify-Stage
X-Sorting-Hat-PodId
X-Origin
X-UA
X-Status
Ec-Rule-Version
IBM-Web2-Location
WZWS-RAY
X-Origin-TTL
X-Ruxit-Js-Agent
X-Origin-CC
Rendered-Blocks
X-Irp-Debug
X-Instart-Info
X-Cluster-Name
X-Geo-Header
X-Core-Mission
X-Connection-Hash
X-IN-APIGATEWAY
X-IN-WAF
Thinkindot-CacheControl
X-Matched-Rule
X-Cdn-Origin
X-Cache-Info
X-NU-AKA-ACS-Version
Server-Int
Rt-Proxy-Cache
X-CF-Lambda-Fn
X-Via-NSCOPI
X-VG-WebServer
Node
X-Vtex-Processado-Em
X-CF-Lambda-Version
X-Vtex-Remote-Cache
Meta-Geo-Continent
X-Date
Cross-Origin-Window-Policy
Content-Style-Type
Content-Script-Type
X-D
X-Fastly-Cache
X-External-Request-Id
IsBot
X-Developer
X-DPWN-IS-SECURE
Fly-Request-Id
Fly-Cache
X-Destination
Cache-Prefix
Cache-Cookie-Set-Lfrom
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Apple-News-Services-Handled
X-G
X-Org
X-Core-Value
Apple-News-Services-Request-Url
Arc-Country
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
BehaviorPad-Version
MD5-Digest
AsisCache
NGB
X-No-Session
Www
X-A-Wwc
X-Processor
X-Swa-Ws
X-Served-From
VivaBuild
X-SS-Set-Cookie
X-Transaction
Viewtype
X-Accel-Expires-Debug
X-Aed
X-Cache-Bucket
X-A-Dam
X-Region-Sid
X-A-Dcw
X-A-Dgt
X-A-Ccd
X-BBXSRF
X-TIME
Thinkindot-CacheControl-Type
X-A
Xc-Version
X-B-Cookie
X-SIPLIST1
X-ScT
X-Sn-Servicetimems
X-Thinkindot-L3
X-Request-Time
X-Application
X-S-Cookie
X-VC-Cache
Thinkindot-Control
X-Twitter-Response-Tags
X-Trv-Group
X-SRCache-Key
X-PAYTM-SRV-ID
X-Phone
X-ARC
X-Server-Time
X-ServiceProvider
X-Rojux
X-Rewrite-Enabled
X-Request-UUID
X-Worker
X-Info
X-App-Version
Proxy-Connection
Fastly-SSL
Fastcgi-X-Cache-Version
X-ElasticPress-Search
Gh-Request-Id
X-Debug-Cookies
X-Debug-Log
X-Block-Status
UCS
X-Cdn-Srv
Resin-Trace
REQUESTUUID
Server-Host
True-Client-Country-4JS
ServerName
X-Cache-Expires
X-Distil-CS
User-Cache-Control
Request-Time
X-C
On-Server
Memcached
Pramga
Web-Mar-Node
X-Cache-Debug
Request-EU
Request-Country
X-Bip
X-Generation-Time
X-Varnish-Cacheable
X-Origin-Date
X-Origin-Expires
X-Owner
GEO-REGION-INFO
X-NX-Host
X-App-Name
X-Via-Edge
X-Key
X-Level-Front-Cache
X-Distributor
X-Nginx-Cache-Key
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Thanos
X-Reqid
X-Secret
Version
X-Server-IP
X-Release
X-Reboot
X-Protected-By
X-Planisys-CDN-TTL
X-Qloud-Router
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-Wikidot-Static-Cache
X-ND-Cache
X-Wikidot-Backend
X-Generated-On
X-GeoIP-City
Fastly-SWR
Esi-Enabled
X-Gen-Mode
X-Gannett-Site-Version
X-Fetched-On
Country-Code
Fastly-SIE
Backend
AKAMAI
X-Hnp-Log
X-Hash
X-Via-SSL
X-Instart-Isnd
X-Webstats-RespID
X-Cdn-Forward
X-AssetVersion
Backend-Name
X-Nc
X-S-Maxage
X-Epic-Correlation-Id
X-TH-Server
X-Skip-Cache
X-Developers
X-Request-URI
X-Eu-Site
X-Auto-Login
X-PHP-Host
X-CGP
X-Cache-Id
X-CDN-Cache
X-Location
X-Cache-FS-Status
X-GeoIP-Country-Code
X-Crawler
X-SN
X-Page-Type
X-Varnish-Action
X-Refresh
X-Backend-State
Wxu-Next-Commit
V-Age
HA-Ipaddr
Wxu-Next-Hostname
Ha-Gx-Prefs
Heartbleed
HTTPS
RNT-Machine
ProcessTime
RNT-Time
SD-X-WS
Cache-Hits
X-Agile
Wxu-Next-Region
X-Agile-Id
Content-Disposition
X-Amz-Meta-Cache-Control
FNAC-ModuleRouting
X-Agile-Age
CDCHOST
Fastly-Soc-X-Request-Id
X-CACHE-GROUP
X-FireWall-Port
X-LI-UUID
Adler-Geo
X-Li-Pop
X-Cms-Context
X-Li-Fabric
X-Var-Ttl
X-WPE-Loopback-Upstream-Addr
X-Dispatcher-Server
Is-Eu
X-Sf
Platform
X-Device-Os
X-Variation
X-WebServer
Epwk-Cache
X-HS-Combine-CSS
X-HS-Cache-Config
Who
X-Dc
Server-ID
X-SVT-ORM-VERSION
X-LAGOON
X-SVT-ORM-RULES
Group
X-IPS-LoggedIn
X-FPC
X-Policy
Time
Memory
X-Real-Ip
X-Load-Cache
X-NC
X-LI-Proto
X-Servername
X-AIR-PT
Mime-Version
Mobile-Detection-Method
X-Internal-Host
Cache-Provider
Amp-Access-Control-Allow-Source-Origin
X-Micro-Cache
X-Wix-Request-Id
SS
NtCoent-Length
X-CLOUD-TRACE-CONTEXT
X-Parent-Response-Time
X-GEO
CF-IPCountry
X-CDN-Forward
Akamai-GRN
Cdn
X-Clientip
Countrycode
X-We-Are-Hiring
X-Be
X-Gdpr
X-ZONE
X-CACHE-KEY
X-Edge-Location
X-Dynatrace-Js-Agent
X-Tb-Optimization-Total-Bytes-Saved
X-DC
X-Datadome
AR-SID
X-NWS-UUID-VERIFY
RequestId
GW-Server
X-Cache-URL
Fastcgi-X-Cache
X-Logtrace-Id
X-RateLimit-Remaining-Second
X-Apm-Svc-Key
X-Apm-Inst-Hash
X-Unique-ID
X-RateLimit-Limit-Second
Ajk
X-Apm-App-Name
HostName
X-Varnish-Beresp-Ttl
A
X-Servedbyhost
Geoip-City
Geoip-Latitude
GeoIp-Country-Code
X-Ratelimit-Remaining
PICS-Label
X-APP
MIME-Version
X-Zone
X-SD-PageType
Ohc-File-Size
Ohc-Cache-HIT
Cf-Ipcountry
X-UPSTREAM-Address
X-LiteSpeed-Cache-Control
X-SERVER-NAME
X-Varnish-Beresp-Grace
CF-Cached-On
X-HS-Status
X-Response-By
X-Varnish-Beresp-Status
WebServer
SN
X-NodeID
X-VCL-Version
X-Vcl-Version
Liferay-Portal
X-Varnish-Beresp-TTL
LB
CDN
X-Server-Group
X-Amzn-Remapped-Connection
X-Fastly-Country-Code
X-ECACHE
X-Amzn-Remapped-Date
X-Pf-Uncompressing
X-Newrelic-App-Data
X-Web-Server
X-Lb-Id
X-Aicache-OS
X-Cache-Ttl
X-Hyper-Cache
X-Fstrz
X-Newrelic-Synthetics
Odigeo-Trace-Id
Proxy-Firewall
XServer
GeoIP-Latitude
GeoIP-Country-Code
GeoIP-City
Get-Access-Time
Is-Session-Tracking
X-Pjax-Url
X-FORWARDED-FOR
X-Ratelimit-Limit
X-Fastly-Backend-Reqs
X-Up
X-B3-SpanId
X-Request-Start
Section-Io-Cache
X-ServedByHost
X-RequestId
X-SRV
X-Check-Cacheable
Requestid
X-CSRF-TOKEN
X-Dispatch
X-COUNTRY
X-Method
X-Amzn-Remapped-Content-Length
X-Server-W
Accept-Ch
X-MServer
Cdn-Request-Time
X-Oss-Server-Time
X-Oss-Object-Type
X-Edge-Server
X-Cache-ASPX
X-Wa
PFcat
X-Oss-Storage-Class
Server-Cache-Control
X-Oss-Request-Id
X-WA
Server-Surrogate-Control
X-MSEdge-Features
X-Oss-Hash-Crc64ecma
X-Backend-Url
X-MSEdge-Flight
Cdn-Host
X-Contensis-Viewer-Groups
X-Varnish-Authentication
X-Backend-Host
X-Akamai-Request-ID2
X-Nananana
X-Correlation-ID
X-PF-Uncompressing
X-CS
X-LiteSpeed-Tag
X-Gateway-Cache-Key
X-Debug-Cache-Expiry
X-Debug-Cache-Fetch
X-F5-Cache
X-LB-ID
X-Debug-Cache-Store
X-User
X-VServer
Accept-Language
X-Gateway-Skip-Cache
X-Gateway-Cache-Status
CACHE
X-Backend-TTL
X-Generated-In
Host-ID
Sid
X-WR-MODIFICATION
X-EC-Lua
219prxHost
X-Compress-Hint
409pxxline
225prxHost
X-NGINX-Cache
X-Sedo-Request-Id
352pxline
355prline
189phosttRef
286prxHost
178proxuri
Pagetype
Pragrma
X-Urbn-Context-Path
X-Urbn-Site-Id
X-PJAX-URL
Locale
X-Cache-Miss-From
Lb
188prxHost
Powered-By
TTL
Xxline
Correlation-Id
X-Got-Non-Ke-Cookie
X-Hello
X-Azure-Ref
X-Azure-Ref-OriginShield
X-Svr
X-HTML-Minification-Powered-By
X-CUA
X-BC
X-ServerName
X-Dw-Trace-Id
X-Exp-Se
X-Erf-Bev-Bev
X-Flog
Cneonction
X-Erf-Bev-Bev-Is-Generated
X-ABtesting
Dnion-Transfer-Encoding
X-RateLimit-Reset
URI
Warning
X-Powered-By-Defense
X-Platform
X-Fpc
Lfy
X-Requestid
X-Fastly-Cache-Hits
X-Li-Proto
X-Request-Url
X-HTML-Edge-Cache
X-Swift-Error
X-Html-Edge-Cache
L
X-Cache-Tag
X-CSRF-Token
Https
WP-Super-Cache
X-Unique-Id
User-Agent
Kp-EeAlive
Ttl
X-Edge
X-Bc
W
X-Akamai-SSL-Client-Sid
X-Clara-WADP
X-Request-URL
X-MCACHE
X-Mid
X-MID
Ohc-Response-Time
X-WADP-Cache
X-Gen-Id
Server-Id
X-GDPR
X-From-Cache
X-Sucuri-ID
V-Cache
X-Sucuri-Cache
X-Cache-Detail
FSS-Proxy
Pics-Label
X-Alicdn-Da-Ups-Status
X-App
X-TrackingId
FSS-Cache
X-Bug-Bounty