Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Pragma
X-Powered-By
CF-RAY
Link
X-XSS-Protection
ETag
Expect-CT
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-Cache-Hits
X-Amz-Cf-Pop
X-UA-Compatible
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
CF-Cache-Status
X-Timer
X-Request-Id
Access-Control-Allow-Headers
X-FRAME-OPTIONS
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
Alt-Svc
X-Check
X-Cacheable
X-Generator
Content-Security-Policy-Report-Only
X-Xss-Protection
X-Cache-Status
X-Permitted-Cross-Domain-Policies
X-AspNetMvc-Version
X-Ua-Compatible
X-Request-ID
Status
Timing-Allow-Origin
X-Template
X-DNS-Prefetch-Control
Content-Encoding
X-Language
X-Content-Security-Policy
X-Iinfo
Upgrade
X-Buckets
Xkey
X-CDN
X-Kinja-Server-Push
P3p
X-Turbo-Charged-By
X-Via
Access-Control-Expose-Headers
Keep-Alive
Access-Control-Max-Age
X-AH-Environment
X-Pass-Why
X-Drupal-Dynamic-Cache
CF-Ray
X-Cache-Group
X-Age
X-Backend
X-Server
X-Amz-Id-2
X-Amz-Request-Id
X-Robots-Tag
X-Page-Speed
X-Pingback
X-Envoy-Upstream-Service-Time
X-Hacker
X-Server-Powered-By
X-Varnish-Cache
EagleId
X-Nginx-Cache-Status
X-Proxy-Cache
Grace
X-UA-Device
Request-Context
WPE-Backend
Cf-Railgun
X-Swift-SaveTime
X-Swift-CacheTime
X-Amz-Version-Id
Ali-Swift-Global-Savetime
X-LiteSpeed-Cache
X-Device
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Server-Id
X-WebKit-CSP
X-OneAgent-JS-Injection
X-Node
Feature-Policy
X-Ac
X-Rq
Content-Location
X-Host
EagleEye-TraceId
X-Cnection
Allow
Server-Timing
Report-To
X-Backend-Server
X-Response-Time
X-Cache-Lookup
X-Application-Context
Request-Id
X-Dns-Prefetch-Control
Surrogate-Control
X-Readtime
X-Origin-Cache
X-ORACLE-DMS-ECID
X-Cloud-Trace-Context
Pinterest-Generated-By
X-CST
NEL
X-Rack-Cache
X-FTR-Request-ID
X-Vhost
X-Ruxit-JS-Agent
X-HW
X-Clacks-Overhead
X-Country
X-DynaTrace
X-Country-Code
Rating
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Instart-Request-ID
X-Goog-Hash
X-Mod-Pagespeed
X-Url
X-Dispatcher
X-Origin-Upstream-Status
X-DataDome
Accept-CH
Edge-Control
X-VARITI-CCR
X-Px
X-TtlSet
X-PC
X-Vname
Service-Worker-Allowed
X-MS-InvokeApp
Verso
X-Server-Name
X-Cdn
X-DataStream-Cache-Status
X-Kinja-Build
X-Kinja-Server
X-Varnish-TTL
X-Cdn-Fetch
X-Exp-Id
X-Kinja
X-Use-Magma
X-GoogleNews-Bot
X-Kinja-Revision
X-Exp-Variant
X-Powered-By-Plesk
AR-PoweredBy
AR-CACHE
AR-ATIME
X-Recruiting
X-GitHub-Request-Id
X-Vcap-Request-Id
X-ORACLE-DMS-RID
MS-Author-Via
SPRequestGuid
X-ESI
X-D2id
X-Amz-Server-Side-Encryption
AR-Request-ID
Public-Key-Pins
Content-MD5
X-Version
X-Abt-Application-Version
RTSS
X-Cached
PB-PID
PB-RID
X-Mobile-Rewrite
Arc-Version
Nginx-Cache
DynaTrace
X-DynaTrace-JS-Agent
Ar-Sid
Pinterest-Version
X-Pinterest-Rid
X-SharePointHealthScore
X-Upstream-Proxy
X-Navigation-Version
X-Middleton-Response
Display
Response
X-Sol
X-Middleton-Display
X-Amz-Rid
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
Realpath
Charset
X-XRDS-Location
X-B3-TraceId
X-VCache
X-Akam-SW-Version
ServerID
X-Powered-CMS
X-Oracle-Dms-Rid
X-Client-IP
X-Forwarded-Proto
X-Ttl
X-FTR-DC
X-FTR-Realm
X-FTR-Balancer
X-FTR-Backend
X-FTR-Backend-Server
X-Country-Code-Real
X-FTR-Cache-Status
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-FTR-Expires
X-Shield-Request-Id
TCN
Fusion-Content-Id
Fusion-Content-Source
Fusion-Component-Id
X-Trace
Fusion-Template-Id
Fusion-Source
X-Goog-Storage-Class
X-Amz-Meta-S3cmd-Attrs
X-Ser
X-TTL
X-Debug
X-Id
SPIisLatency
SPRequestDuration
X-Dw-Request-Base-Id
X-Fastly-Request-ID
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
Alternate-Protocol
X-FTR-Cache-Host
X-RateLimit-Remaining
Paypal-Debug-Id
S
X-Varnish-Age
X-Hits
X-Upstream
Fastcgi-Cache
X-Acc-Meta-Resource-Type
X-T
X-MSEdge-Ref
X-Shard
Host
X-Litespeed-Cache
X-NF-Request-ID
X-B3-TraceId-Primal
X-Mrf-Item-Lastmod
MRF-Tech
Mrf-Cache-Status
X-Mrf-Section-Lastmod
X-Ezoic-Cdn
MicrosoftSharePointTeamServices
X-Logged-In
Access-Control-Request-Method
Front-End-Https
X-Frontend
X-Content-Digest
X-Fastcgi-Cache
X-DataStream-Origin-MEX-Latency
Arr-Disable-Session-Affinity
X-DataStream-MidMile-RTT
X-HS-Content-Id
X-HS-Hub-Id
X-N
Accept-CH-Lifetime
Server-Name
X-Amzn-Trace-Id
X-DIS-Request-ID
X-Server-ID
X-Kinsta-Cache
X-Pad
X-IPLB-Instance
Tracecode
X-Srv
X-B3-Sampled
X-Forwarded-For
X-Content-Type
X-Microsite
X-Request-Handler-Origin-Region
FilterID
X-Accel-Expires
X-Type
TP-Cache
X-Debug-Info
X-Iejgwucgyu
X-Rid
TP-L2-Cache
X-Request-Received
Surrogate-Key
X-Request-Processing-Time
X-AOL-HN
X-LB-Cache
Edge-Cache-Tag
X-Node-Name
X-Analytics
Backend-Timing
AMP-Access-Control-Allow-Source-Origin
X-Hostname
X-Via-JSL
Pagespeed
X-Grace
X-Page-Id
Accept-Charset
X-Revision
X-Whom
X-Webkit-CSP
X-Content-Options
X-RateLimit-Limit
X-Webkit-Csp
X-User-Agent
Healthy
X-Varnish-Backend
X-Cache-2
X-GUploader-UploadID
X-Cache-Rule
X-Content-Powered-By
X-Cache-Age
X-Mobile
X-TT
X-Amz-Replication-Status
X-Framework
X-Content-Security-Policy-Report-Only
X-PHP-Backend
X-Varnish-Hostname
X-NWS-LOG-UUID
X-Cache-Control
X-FB-Debug
Powered
X-Correlation-Id
VIX-Pulpo-Upstream-Status
X-Tumblr-User
X-App-Environment
Host-Header
VIX-Pulpo-Node
Upgrade-Insecure-Requests
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Cached-By
X-Akamai-Edgescape
Cache-Status
Source
X-Cluster
X-BCube-Filmed-By
X-Instance
X-Request-Guid
X-Varnish-Grace
Fastly-Restarts
X-Amz-Apigw-Id
X-Amzn-RequestId
X-FastCGI-Cache
X-AppVersion
X-Activity-Id
X-Az
X-Cache-Hit
Access-Control-Allow-Method
Cleartype
PageSpeed
Server-Info
X-Drupal-Cache-Tags
Retry-After
X-Jobs
X-Platform-Server
X-Zen-Fury
Accept-Ch-Lifetime
X-Cache-TTL
X-Cache-Remote
X-ATG-Version
X-FW-Type
X-FW-Static
X-FW-Serve
X-FW-Hash
X-FW-Server
X-Cache-Key
X-Cache-Action
X-Forwarded-Host
X-CF-Powered-By
Cache-Tags
X-Esi
Actual-Object-TTL
X-Oneagent-Js-Injection
Server-Node
X-Geo-Country
X-B3-Traceid
X-F-Cache
X-Response-Served-From
X-TA-CDN-Provider
X-Cache-Operation
X-WebKit-CSP-Report-Only
Payment
X-Adobe-Content
X-RemovedCookies
X-ProcessESI
X-Adobe-Loc
MS-CV
Cache
X-TT-TIMESTAMP
X-Varnish-Hits
X-TX-ID
X-Content-Age
X-UA-Device-Type
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-Storage
Eomportal-Instance
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Handled-By
X-VG-WebCache
Cache-Tv-Group
Filters
X-B
X-URL
X-RequestSource
X-Real-IP
X-Cache-NE
X-Cacheable-TTL
X-GeoIP
DC
X-PressLabs-Stats
Refresh
X-Guploader-Uploadid
X-Redis-Cache
X-Daa-Tunnel
Cache-Tag
From-Origin
Frame-Options
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Host-Name
Viewport
X-Origin-Server
X-Accel-Buffering
X-Git-Hash
X-WA-Info
X-UUID
Webserver
X-App-Server
X-Rendered-As
Datacenter
X-Magnolia-Registration
Xserver
X-Mode
Country
X-FW-Dynamic
X-Contextid
X-Varnish-Server
X-FB-TRIP-ID
X-Locale
X-Cache-TTL-Remaining
X-Cache-Enabled
X-B-Cache
X-Signature
X-Ua
X-Www-Served-By
X-Trace-Id
X-Region
X-ES-SERVER
X-Zipkin-Id
X-Cache-Var-Map
X-Rule
X-RN-RSRV
GEO-INFO
Load-Balancing
Machine
X-Cache-Var
X-Path-Route
X-Routing-Service
X-Proxied
X-Hl-Ver
Meta-Geo
X-From
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Cache-Config
X-BYPASS-REASON
X-ProxyCache-Status
NGX
X-Web-Node
X-Rocket-Nginx-Bypass
ServedBy
X-Viewer-Country
Cache-Key
X-ProxyCache-Key
X-ServerID
X-Upstream-HT
X-Upstream-CT
X-Backend-Name
X-NCache
X-Human
Mn-Server-Ip
X-Debug-Cache
X-Environment-Context
X-Is-Bot
L5d-Success-Class
Now
X-EIG-Tracking-Id
X-L-Path
X-EdgeConnect-Cache-Status
X-R9-Blue-Green-Version
X-Vgn-Hpd-Reason
X-Detected-As
X-OCL
X-PCL
X-JoinUs
Vix-Hermes-Req-Id
X-Labrador-Cache-Channel
X-Upgrade-Enabled
X-Via-Fastly
Uber-Trace-Id
Origin-Cache-Control
X-Cache-Category-Id
X-Cache-Host
Origin-Edge-Control
X-Akamai-Request-ID
X-CCM
X-AWS-Id
X-NGENIX-Cache
X-RCS-CacheZone
X-Device-Type
X-VG-TLSProxy
X-S
X-XRDS-LOCATION
X-Vcache
X-Tumblr-Pixel-3
X-Varnish-IP
X-VWS-Id
X-Varnish-Cache-Hits
X-Site-Version
X-Grey
X-Generated
X-Hit
X-FC-Vary-Parameters
X-Hosted-By
X-LJ-Flow-ID
X-Proto
X-Origin-Response-Time
X-MP-GENERATED-AT
X-TNCMS
X-Timing-Wait
X-Section
X-Access
X-VCT
X-Loop
X-Proxy-Build
We-Hiring
Selected-FE
X-Xfnlog-Site
Release
Mail-Subject
DB-Nickname
DSUID
X-GRACE
Cteonnt-Length
X-Pubstack
X-Drupal-Cache-Contexts
X-Cache-Backend
OT-Force-Account-Verify
Nel
X-APP-VERSION
X-Tb
Cache-Name
HitType
X-BACKEND-TTL
X-Ratelimit-Reset
X-Hp-Webp
X-Nginx-Cache
X-Mobile-URL
SRV
X-NewRelic-App-Data
X-RTag
X-Ruxit-Js-Agent
Ms-Operation-Id
Rt-Fastcgi-Cache
X-UnsetCookies
Powered-By-ChinaCache
X-Source
X-Generated-By
X-Cache-Grace
X-Format
S-Cnection
X-Seen-By
X-Time
Served-By
X-Proxy
X-B3-Spanid
X-Birta-Cache-Post
X-Birta-Served
X-Cluster-Node
X-Cache-Server
Fastcgi-Useragent
X-Presslabs-Stats
Hostname
X-OVcl-Cache
X-Geo
X-OVcl
X-Time-Microsecs
Azure-SlotName
X-ApacheServer
Azure-Version
Azure-InstanceId
Azure-SiteName
Azure-RegionName
X-PERF
X-Origin-Hint
X-Via-CDN
TWC-GeoIP-Country
TWC-GeoIP-LatLong
TWC-Device-Class
TWC-Connection-Speed
Property-Id
TWC-Locale-Group
TWC-Privacy
Webcakes-Region
Webcakes-App-Version
Webcakes-App-Name
Access-Control-Request-Headers
X-App-Version
X-Origin
X-IP
X-B3-Parentspanid
X-Akamai-Transformed
X-FW-Version
Decoy-Debug-TTL
X-Alternate-Cache-Key
X-Request-Time
X-SS-Set-Cookie
S-Rt
X-Cdn-Forward
X-ShardId
Decoy-Debug-Status
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-Shopify-Stage
X-ShopId
Origin
X-Endurance-Cache-Level
Decoy-Debug-Key
X-Status
X-Microcachable
X-Origin-TTL
X-Origin-CC
Proxy-Connection
Ec-Rule-Version
NGB
Content-Script-Type
X-Cluster-Name
X-DPWN-IS-SECURE
X-IN-WAF
X-IN-APIGATEWAY
X-Instart-Info
X-Processor
Fly-Request-Id
Www
Cross-Origin-Window-Policy
X-A
X-A-Ccd
Content-Style-Type
X-Developer
X-PAYTM-SRV-ID
X-Gen-Mode
X-Phone
Node
Cache-Prefix
X-Application
X-A-Dcw
X-ARC
X-Matched-Rule
Apple-News-Services-Request-Url
MD5-Digest
X-Hnp-Log
Apple-News-Services-Parsed-Url
X-A-Wwc
X-A-Dgt
Apple-News-Services-Handled
Apple-News-Services-Host
IsBot
X-A-Dam
Arc-Country
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
Meta-Geo-Continent
IBM-Web2-Location
X-Destination
Cache-Cookie-Set-From
BehaviorPad-Version
X-NU-AKA-ACS-Version
AsisCache
X-Accel-Expires-Debug
X-Org
X-Irp-Debug
X-Aed
X-ServiceProvider
X-Cache-Bucket
X-Twitter-Response-Tags
X-Fastly-Cache
X-VC-Cache
Server-Int
X-VG-WebServer
X-Trv-Group
X-Transaction
X-Swa-Ws
X-SRCache-Key
Rendered-Blocks
X-Core-Mission
X-Thinkindot-L3
X-Connection-Hash
X-Via-NSCOPI
X-External-Request-Id
User-Cache-Control
X-Cache-Info
X-Cdn-Origin
Viewtype
X-CF-Lambda-Version
X-CF-Lambda-Fn
Xc-Version
X-Worker
X-Vtex-Remote-Cache
X-Vtex-Processado-Em
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
Web-Mar-Node
Thinkindot-Control
X-Sn-Servicetimems
X-Block-Status
X-G
X-Rojux
X-S-Cookie
X-ScT
X-Request-UUID
X-Region-Sid
X-B-Cookie
X-Date
VivaBuild
X-D
X-Served-From
X-Rewrite-Enabled
Fly-Cache
X-Core-Value
X-SIPLIST1
X-Server-Time
X-BBXSRF
Rt-Proxy-Cache
X-Info
WZWS-RAY
X-ElasticPress-Search
UCS
Request-Country
Gh-Request-Id
X-Distributor
True-Client-Country-4JS
X-GeoIP-City
Pramga
V-Age
Request-EU
REQUESTUUID
X-Hash
RNT-Machine
Server-Host
X-Gannett-Site-Version
ServerName
X-Generated-On
RNT-Time
Request-Time
X-Fetched-On
X-Rebelmouse-Surrogate-Control
X-Server-IP
X-Secret
X-Bip
X-Thanos
X-Cache-Debug
X-S-Maxage
Version
X-Rebelmouse-Cache-Control
X-Qloud-Router
X-Release
X-Reqid
X-Request-URI
X-Varnish-Cacheable
X-Via-Edge
X-Cache-Id
X-Cache-FS-Status
X-Geo-Header
X-No-Session
X-Cdn-Srv
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-Via-SSL
X-Cache-Expires
X-Nc
X-Webstats-RespID
X-Protected-By
X-Planisys-CDN-TTL
Backend
CDCHOST
AKAMAI
X-Key
X-Debug-Log
Country-Code
X-Instart-Isnd
X-Distil-CS
X-Amz-Meta-Cache-Control
Fastly-SIE
Esi-Enabled
X-Level-Front-Cache
X-Debug-Cookies
X-Page-Type
X-Owner
X-PHP-Host
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Origin-Expires
X-Origin-Date
X-App-Name
X-ND-Cache
X-Nginx-Cache-Key
X-NX-Host
Fastly-SWR
X-AssetVersion
X-FireWall-Port
Cache-Hits
X-Auto-Login
Resin-Trace
X-Reboot
GEO-REGION-INFO
X-Varnish-Action
Adler-Geo
X-CGP
X-Eu-Site
X-Refresh
X-Crawler
X-UA
X-Generation-Time
X-Variation
X-WPE-Loopback-Upstream-Addr
X-Cms-Context
X-C
X-Skip-Cache
X-SN
X-WebServer
Content-Disposition
Memcached
X-GeoIP-Country-Code
Is-Eu
HTTPS
On-Server
Platform
ProcessTime
Wxu-Next-Commit
Wxu-Next-Hostname
Wxu-Next-Region
X-Epic-Correlation-Id
Heartbleed
Fastly-Soc-X-Request-Id
X-Dispatcher-Server
X-Device-Os
Fastly-SSL
FNAC-ModuleRouting
HA-Ipaddr
X-Developers
Ha-Gx-Prefs
Fastcgi-X-Cache-Version
Epwk-Cache
X-Li-Pop
X-Li-Fabric
X-LAGOON
X-LI-UUID
X-Location
X-TH-Server
X-Sf
X-Var-Ttl
X-Backend-State
X-Agile
Server-ID
Backend-Name
SD-X-WS
X-Agile-Age
X-Agile-Id
X-TIME
X-CACHE-GROUP
X-HS-Cache-Config
X-Real-Ip
X-Dc
Who
X-HS-Combine-CSS
X-CDN-Cache
Amp-Access-Control-Allow-Source-Origin
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-IPS-LoggedIn
X-Load-Cache
X-Policy
Group
X-FPC
Time
Mime-Version
Memory
X-LI-Proto
X-NC
X-Internal-Host
X-Servername
X-Micro-Cache
X-AIR-PT
NtCoent-Length
Cdn
Cache-Provider
Mobile-Detection-Method
X-CACHE-KEY
CF-IPCountry
X-Wix-Request-Id
SS
X-Be
X-Gdpr
X-CLOUD-TRACE-CONTEXT
X-ZONE
X-DC
X-Parent-Response-Time
Akamai-GRN
X-Clientip
X-Tb-Optimization-Total-Bytes-Saved
Countrycode
X-We-Are-Hiring
X-NWS-UUID-VERIFY
X-Edge-Location
X-GEO
X-Datadome
X-CDN-Forward
AR-SID
HostName
X-RateLimit-Remaining-Second
X-Servedbyhost
X-Apm-Svc-Key
X-Cache-URL
X-RateLimit-Limit-Second
Ajk
Fastcgi-X-Cache
RequestId
X-Apm-App-Name
GW-Server
X-Logtrace-Id
X-Apm-Inst-Hash
X-Unique-ID
MIME-Version
X-APP
X-Varnish-Beresp-Ttl
A
X-Ratelimit-Remaining
Cf-Ipcountry
CF-Cached-On
X-Zone
Geoip-Latitude
Geoip-City
X-UPSTREAM-Address
GeoIp-Country-Code
X-Dynatrace-Js-Agent
PICS-Label
Ohc-File-Size
Ohc-Cache-HIT
X-Vcl-Version
X-SD-PageType
SN
X-VCL-Version
X-NodeID
X-LiteSpeed-Cache-Control
Liferay-Portal
X-Server-Group
X-HS-Status
X-Varnish-Beresp-TTL
WebServer
X-Response-By
X-Newrelic-App-Data
X-Amzn-Remapped-Date
X-SERVER-NAME
X-Amzn-Remapped-Connection
X-Varnish-Beresp-Grace
LB
X-Varnish-Beresp-Status
X-B3-SpanId
X-Web-Server
CDN
X-Fastly-Country-Code
X-ECACHE
GeoIP-City
X-Hyper-Cache
GeoIP-Country-Code
GeoIP-Latitude
X-Pf-Uncompressing
X-Lb-Id
Proxy-Firewall
Odigeo-Trace-Id
X-Aicache-OS
X-Pjax-Url
X-Cache-Ttl
X-Fstrz
X-Request-Start
X-Newrelic-Synthetics
Get-Access-Time
Is-Session-Tracking
XServer
X-Up
X-Fastly-Backend-Reqs
X-RequestId
X-Ratelimit-Limit
X-FORWARDED-FOR
X-CSRF-TOKEN
Requestid
X-Amzn-Remapped-Content-Length
X-ServedByHost
X-Server-W
X-Check-Cacheable
X-SRV
X-Oss-Object-Type
X-Oss-Request-Id
X-Wa
Server-Surrogate-Control
X-Oss-Hash-Crc64ecma
X-Oss-Storage-Class
X-MSEdge-Features
X-MSEdge-Flight
Server-Cache-Control
X-Akamai-Request-ID2
X-Oss-Server-Time
X-Contensis-Viewer-Groups
X-Backend-Url
X-Cache-ASPX
Section-Io-Cache
X-Method
X-Dispatch
X-Varnish-Authentication
X-COUNTRY
X-Backend-Host
Accept-Language
X-Backend-TTL
X-MServer
X-Gateway-Cache-Status
X-Debug-Cache-Fetch
X-LB-ID
Cdn-Host
X-WA
X-Gateway-Skip-Cache
X-Debug-Cache-Expiry
PFcat
X-Debug-Cache-Store
Cdn-Request-Time
X-Edge-Server
X-Gateway-Cache-Key
X-F5-Cache
X-User
X-Correlation-ID
X-Nananana
X-PF-Uncompressing
X-LiteSpeed-Tag
X-Generated-In
X-CS
X-WR-MODIFICATION
178proxuri
Xxline
X-Sedo-Request-Id
189phosttRef
Sid
219prxHost
X-Urbn-Site-Id
X-Urbn-Context-Path
X-Compress-Hint
X-Cache-Miss-From
188prxHost
409pxxline
X-VServer
Lb
352pxline
Locale
286prxHost
355prline
225prxHost
Pagetype
Host-ID
X-Got-Non-Ke-Cookie
TTL
Correlation-Id
Powered-By
Pragrma
X-EC-Lua
X-ABtesting
X-Hello
X-Flog
X-Exp-Se
X-PJAX-URL
X-Svr
X-Azure-Ref-OriginShield
X-Fpc
X-Azure-Ref
X-Dw-Trace-Id
X-BC
X-CUA
X-NGINX-Cache
X-Request-Url
X-ServerName
Cneonction
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
Lfy
Dnion-Transfer-Encoding
Warning
CACHE
X-Platform
X-Html-Edge-Cache
X-HTML-Edge-Cache
X-Requestid
X-Li-Proto
Kp-EeAlive
X-Swift-Error
URI
X-Fastly-Cache-Hits
X-Powered-By-Defense
X-HTML-Minification-Powered-By
X-Bc
Https
WP-Super-Cache
X-Cache-Tag
Pics-Label
L
X-TrackingId
X-Bug-Bounty
W
X-Unique-Id
X-CSRF-Token
User-Agent
Ttl
X-Cdn-Cache
X-Akamai-SSL-Client-Sid
X-Clara-WADP
X-WADP-Cache
X-Mid
Ohc-Response-Time
X-Edge
X-MCACHE
X-Alicdn-Da-Ups-Status
X-Proxy-Cache-Status
X-Cache-Detail
X-Proxy-Upstream
Server-Id
FSS-Proxy
X-From-Cache
FSS-Cache
V-Cache
X-Sucuri-Cache
X-GDPR
X-Gen-Id
X-Test
X-TT-LOGID
X-Sucuri-ID
X-BB-ID
X-App