Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Pragma
X-Powered-By
CF-RAY
Link
X-XSS-Protection
ETag
Expect-CT
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-Cache-Hits
X-Amz-Cf-Pop
X-UA-Compatible
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
CF-Cache-Status
X-Request-Id
X-Timer
Access-Control-Allow-Headers
X-FRAME-OPTIONS
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
Alt-Svc
X-Check
X-Cacheable
X-Generator
Content-Security-Policy-Report-Only
X-Xss-Protection
X-Cache-Status
X-Permitted-Cross-Domain-Policies
X-AspNetMvc-Version
X-Ua-Compatible
Status
Timing-Allow-Origin
X-Template
Content-Encoding
X-Language
X-DNS-Prefetch-Control
X-Iinfo
X-Content-Security-Policy
X-Request-ID
Upgrade
X-Buckets
Xkey
X-Kinja-Server-Push
X-CDN
P3p
X-Turbo-Charged-By
Access-Control-Expose-Headers
X-Via
Keep-Alive
Access-Control-Max-Age
X-AH-Environment
X-Pass-Why
CF-Ray
X-Drupal-Dynamic-Cache
X-Cache-Group
X-Age
X-Backend
X-Server
X-Amz-Id-2
X-Amz-Request-Id
X-Robots-Tag
X-Page-Speed
X-Pingback
X-Envoy-Upstream-Service-Time
X-Hacker
X-Varnish-Cache
X-Server-Powered-By
EagleId
X-Nginx-Cache-Status
X-Proxy-Cache
Grace
X-UA-Device
Request-Context
WPE-Backend
Cf-Railgun
X-Swift-CacheTime
X-Swift-SaveTime
X-Amz-Version-Id
Ali-Swift-Global-Savetime
X-Server-Id
X-LiteSpeed-Cache
X-Device
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-OneAgent-JS-Injection
X-WebKit-CSP
X-Node
X-Ac
Feature-Policy
X-Rq
Content-Location
X-Host
X-Cnection
EagleEye-TraceId
Server-Timing
Allow
X-Backend-Server
Report-To
X-Response-Time
X-Cache-Lookup
X-Application-Context
Request-Id
X-Dns-Prefetch-Control
Surrogate-Control
X-Readtime
X-ORACLE-DMS-ECID
X-Origin-Cache
X-Cloud-Trace-Context
Pinterest-Generated-By
X-CST
X-FTR-Request-ID
NEL
X-Rack-Cache
X-Ruxit-JS-Agent
X-Vhost
X-HW
X-Clacks-Overhead
X-Country
X-Country-Code
X-DynaTrace
Rating
X-Instart-Request-ID
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Goog-Hash
X-Mod-Pagespeed
X-Url
X-Dispatcher
X-Origin-Upstream-Status
X-Cdn
X-DataDome
Edge-Control
X-VARITI-CCR
Accept-CH
X-Px
X-TtlSet
X-PC
X-Vname
Service-Worker-Allowed
X-MS-InvokeApp
Verso
X-Server-Name
X-DataStream-Cache-Status
X-Exp-Variant
X-Exp-Id
X-GoogleNews-Bot
X-Kinja
X-Kinja-Revision
X-Kinja-Build
X-Cdn-Fetch
X-Varnish-TTL
X-Use-Magma
X-Kinja-Server
X-Powered-By-Plesk
AR-ATIME
AR-CACHE
AR-PoweredBy
X-GitHub-Request-Id
X-Recruiting
X-Vcap-Request-Id
X-ORACLE-DMS-RID
MS-Author-Via
X-ESI
Public-Key-Pins
SPRequestGuid
X-D2id
X-Amz-Server-Side-Encryption
AR-Request-ID
X-Version
Arc-Version
PB-PID
X-Mobile-Rewrite
PB-RID
Content-MD5
RTSS
X-Cached
X-Abt-Application-Version
X-DynaTrace-JS-Agent
Nginx-Cache
DynaTrace
Ar-Sid
X-Pinterest-Rid
X-Upstream-Proxy
Pinterest-Version
X-SharePointHealthScore
X-Navigation-Version
X-Middleton-Response
X-Sol
X-Middleton-Display
Display
Response
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
Realpath
X-Amz-Rid
Charset
X-B3-TraceId
X-Powered-CMS
X-VCache
X-Akam-SW-Version
X-Oracle-Dms-Rid
X-Forwarded-Proto
X-Client-IP
X-FTR-Realm
X-FTR-Backend
X-FTR-Backend-Server
X-FTR-Balancer
X-Country-Code-Real
ServerID
X-FTR-Cache-Status
X-FTR-DC
X-XRDS-Location
X-FTR-Expires
X-Ttl
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Shield-Request-Id
X-Amz-Meta-S3cmd-Attrs
X-Ser
X-Goog-Storage-Class
TCN
X-Trace
X-TTL
X-Debug
Fusion-Template-Id
Fusion-Content-Source
Fusion-Source
Fusion-Component-Id
Fusion-Content-Id
X-Id
SPRequestDuration
X-Dw-Request-Base-Id
SPIisLatency
X-Fastly-Request-ID
X-FTR-Cache-Host
X-TEC-API-ORIGIN
Alternate-Protocol
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Hits
S
Paypal-Debug-Id
Fastcgi-Cache
X-Varnish-Age
X-Upstream
X-T
X-Acc-Meta-Resource-Type
X-MSEdge-Ref
Host
X-Shard
X-RateLimit-Remaining
X-Litespeed-Cache
Accept-CH-Lifetime
X-NF-Request-ID
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
X-Ezoic-Cdn
Access-Control-Request-Method
MicrosoftSharePointTeamServices
Front-End-Https
X-Logged-In
X-Content-Digest
Arr-Disable-Session-Affinity
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
X-Frontend
X-Fastcgi-Cache
X-HS-Hub-Id
X-HS-Content-Id
X-N
X-Amzn-Trace-Id
Server-Name
X-Webkit-CSP
X-DIS-Request-ID
X-Iejgwucgyu
X-Kinsta-Cache
X-Pad
Tracecode
X-IPLB-Instance
X-Forwarded-For
X-Srv
X-B3-Sampled
X-Content-Type
X-Request-Handler-Origin-Region
X-Microsite
FilterID
X-Accel-Expires
AMP-Access-Control-Allow-Source-Origin
X-LB-Cache
Surrogate-Key
X-Type
X-Request-Received
X-Request-Processing-Time
X-Rid
X-Debug-Info
X-AOL-HN
TP-L2-Cache
TP-Cache
X-Node-Name
Backend-Timing
X-Analytics
X-Grace
Edge-Cache-Tag
X-Hostname
X-Via-JSL
Pagespeed
X-Server-ID
Accept-Charset
X-Page-Id
X-Revision
X-Whom
X-Content-Options
X-User-Agent
X-Cache-2
X-Varnish-Backend
X-Webkit-Csp
X-GUploader-UploadID
X-Content-Powered-By
Healthy
X-Cache-Age
X-Amz-Replication-Status
Host-Header
X-TT
X-Mobile
X-Content-Security-Policy-Report-Only
X-Framework
X-Cache-Rule
X-FB-Debug
X-Varnish-Hostname
X-PHP-Backend
X-NWS-LOG-UUID
X-Tumblr-User
X-Request-Guid
X-App-Environment
Source
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Cache-Control
X-Cluster
Powered
Cache-Status
VIX-Pulpo-Upstream-Status
X-Varnish-Grace
VIX-Pulpo-Node
X-Correlation-Id
X-Akamai-Edgescape
Upgrade-Insecure-Requests
X-Cached-By
X-Instance
Fastly-Restarts
X-BCube-Filmed-By
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Cache-Hit
X-RateLimit-Limit
X-AppVersion
X-Az
X-Activity-Id
X-FastCGI-Cache
X-Cache-Key
Access-Control-Allow-Method
Server-Info
Cleartype
X-Platform-Server
Retry-After
X-Drupal-Cache-Tags
X-Zen-Fury
X-Jobs
PageSpeed
X-Cache-Remote
X-Cache-TTL
X-ATG-Version
Cache-Tags
X-FW-Server
X-FW-Serve
X-FW-Static
X-FW-Type
X-FW-Hash
X-Cache-Action
X-TA-CDN-Provider
X-Forwarded-Host
X-CF-Powered-By
X-Esi
Actual-Object-TTL
X-F-Cache
MS-CV
X-B3-Traceid
X-Oneagent-Js-Injection
Server-Node
X-Real-IP
X-Geo-Country
X-Response-Served-From
Payment
X-UA-Device-Type
X-WebKit-CSP-Report-Only
X-Adobe-Loc
X-ProcessESI
X-Adobe-Content
X-RemovedCookies
X-Varnish-Hits
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-TX-ID
X-Content-Age
Cache
X-Cache-Operation
X-GeoIP
X-TT-TIMESTAMP
X-B
Eomportal-Instance
X-RequestSource
X-Handled-By
X-Yottaa-Metrics
X-URL
X-Cache-NE
X-Yottaa-Optimizations
X-Storage
X-Cacheable-TTL
Filters
X-VG-WebCache
DC
Cache-Tv-Group
Refresh
X-Redis-Cache
X-PressLabs-Stats
X-Guploader-Uploadid
X-Daa-Tunnel
Cache-Tag
From-Origin
Frame-Options
X-Kong-Proxy-Latency
X-Host-Name
X-Kong-Upstream-Latency
X-Origin-Server
X-WA-Info
Accept-Ch-Lifetime
X-UUID
X-Git-Hash
Viewport
X-Accel-Buffering
Webserver
X-Rendered-As
X-App-Server
Datacenter
X-XRDS-LOCATION
X-Magnolia-Registration
Xserver
X-FW-Dynamic
X-Locale
X-Varnish-Server
X-Contextid
Country
X-Mode
X-Cache-TTL-Remaining
X-Signature
X-FB-TRIP-ID
X-B-Cache
X-Cache-Enabled
X-Region
X-Trace-Id
X-Hl-Ver
X-Cache-Var
X-Path-Route
X-Www-Served-By
X-Routing-Service
GEO-INFO
X-RN-RSRV
Load-Balancing
Machine
X-Rule
X-From
X-ES-SERVER
X-Cache-Var-Map
X-Proxied
X-Zipkin-Id
Meta-Geo
NGX
X-ProxyCache-Key
X-Rocket-Nginx-Bypass
X-BYPASS-REASON
X-Cache-Config
X-ServerID
X-Backend-Name
ServedBy
X-ProxyCache-Status
X-Web-Node
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Upstream-HT
X-NCache
X-Is-Bot
X-Viewer-Country
X-Upstream-CT
X-Detected-As
X-Hosted-By
X-L-Path
X-Via-Fastly
Origin-Edge-Control
X-Proto
Mn-Server-Ip
Cache-Key
X-FC-Vary-Parameters
X-Upgrade-Enabled
X-JoinUs
Origin-Cache-Control
X-Debug-Cache
Uber-Trace-Id
X-EIG-Tracking-Id
Now
X-Environment-Context
Vix-Hermes-Req-Id
X-Vcache
X-Loop
X-R9-Blue-Green-Version
X-PCL
X-Generated
X-VG-TLSProxy
X-OCL
X-Varnish-IP
X-TNCMS
X-AWS-Id
X-Tumblr-Pixel-3
X-Device-Type
X-VWS-Id
X-Labrador-Cache-Channel
L5d-Success-Class
X-CCM
X-LJ-Flow-ID
X-Human
X-S
X-Site-Version
DB-Nickname
Release
X-Proxy-Build
Selected-FE
DSUID
X-Vgn-Hpd-Reason
X-Varnish-Cache-Hits
X-Cache-Host
X-Timing-Wait
X-Drupal-Cache-Contexts
X-Grey
X-Origin-Response-Time
X-Cache-Category-Id
X-Hit
We-Hiring
X-Xfnlog-Site
X-Ua
X-Akamai-Request-ID
Mail-Subject
X-MP-GENERATED-AT
X-RCS-CacheZone
X-Pubstack
OT-Force-Account-Verify
X-VCT
X-Section
X-Access
X-EdgeConnect-Cache-Status
Cteonnt-Length
X-Cache-Backend
X-NGENIX-Cache
Nel
HitType
X-APP-VERSION
X-BACKEND-TTL
X-RTag
Ms-Operation-Id
Cache-Name
X-Tb
X-Nginx-Cache
SRV
Powered-By-ChinaCache
X-Hp-Webp
X-Mobile-URL
X-Generated-By
X-UnsetCookies
Served-By
Rt-Fastcgi-Cache
X-Seen-By
X-Source
X-GRACE
X-Cache-Grace
X-Ratelimit-Reset
X-NewRelic-App-Data
X-Format
X-Proxy
X-Cache-Server
X-Birta-Served
X-B3-Spanid
X-Birta-Cache-Post
S-Cnection
X-Geo
X-Cluster-Node
X-OVcl
X-Presslabs-Stats
X-OVcl-Cache
X-Time
X-Via-CDN
X-IP
Azure-SiteName
Azure-SlotName
Fastcgi-Useragent
Azure-Version
Azure-RegionName
X-Akamai-Transformed
Azure-InstanceId
Property-Id
X-Origin-Hint
X-ApacheServer
X-PERF
TWC-Connection-Speed
Webcakes-Region
TWC-Locale-Group
Webcakes-App-Version
Webcakes-App-Name
Access-Control-Request-Headers
X-App-Version
X-Time-Microsecs
X-FW-Version
TWC-GeoIP-LatLong
TWC-Device-Class
TWC-GeoIP-Country
TWC-Privacy
Hostname
X-B3-Parentspanid
S-Rt
X-Origin
X-SS-Set-Cookie
Decoy-Debug-Status
Decoy-Debug-Key
Decoy-Debug-TTL
X-Origin-TTL
X-Sorting-Hat-ShopId
X-Origin-CC
X-Shopify-Stage
X-AssetVersion
X-Alternate-Cache-Key
X-ShopId
NGB
X-Cdn-Forward
X-Sorting-Hat-PodId
X-ShardId
X-Request-Time
Origin
User-Cache-Control
X-Endurance-Cache-Level
Ec-Rule-Version
Proxy-Connection
Arc-Country
X-A
X-A-Ccd
Www
Web-Mar-Node
Viewtype
Fly-Cache
VivaBuild
X-A-Dam
X-A-Dcw
X-Application
X-ARC
X-B-Cookie
X-Aed
X-Accel-Expires-Debug
X-A-Dgt
X-A-Wwc
Fly-Request-Id
Thinkindot-Control
Thinkindot-CacheControl-Type
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
X-BBXSRF
Cache-Cookie-Set-Lfrom
Cache-Prefix
Content-Style-Type
MD5-Digest
Content-Script-Type
Meta-Geo-Continent
IsBot
FNAC-ModuleRouting
AsisCache
Thinkindot-CacheControl
Server-Int
Rt-Proxy-Cache
BehaviorPad-Version
Node
Rendered-Blocks
Cross-Origin-Window-Policy
X-Cdn-Origin
X-ServiceProvider
X-Server-Time
X-SIPLIST1
X-Sn-Servicetimems
X-SRCache-Key
X-Served-From
X-ScT
X-Request-UUID
X-Region-Sid
X-Rewrite-Enabled
X-Rojux
X-S-Cookie
X-Swa-Ws
X-Thinkindot-L3
X-Vtex-Processado-Em
X-Via-SSL
X-Vtex-Remote-Cache
X-Worker
Xc-Version
X-Via-NSCOPI
X-Via-Edge
X-Trv-Group
X-Transaction
X-Twitter-Response-Tags
X-VC-Cache
X-VG-WebServer
X-Processor
X-Phone
X-D
X-Core-Value
X-Date
X-Destination
X-DPWN-IS-SECURE
X-Core-Mission
X-Connection-Hash
X-Cache-Info
X-Cache-Bucket
AKAMAI
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-External-Request-Id
X-G
X-ND-Cache
X-Matched-Rule
X-NU-AKA-ACS-Version
X-Org
X-PAYTM-SRV-ID
X-Irp-Debug
X-Instart-Info
X-Gen-Mode
X-Hnp-Log
X-IN-APIGATEWAY
X-IN-WAF
X-Block-Status
X-Developer
IBM-Web2-Location
Version
Cache-Hits
X-UA
X-WPE-Loopback-Upstream-Addr
X-Microcachable
X-Ruxit-Js-Agent
X-ElasticPress-Search
WZWS-RAY
RNT-Machine
Apple-News-Services-Host
Server-Host
REQUESTUUID
RNT-Time
X-Debug-Cookies
X-Qloud-Router
X-Debug-Log
X-NX-Host
Request-EU
Pramga
X-Bip
X-Reqid
X-Planisys-CDN-Cache
X-Release
Apple-News-Services-Handled
Request-Country
Request-Time
ServerName
X-Cms-Context
X-Page-Type
X-Owner
X-Thanos
X-Cdn-Srv
X-Cache-FS-Status
X-Cache-Id
X-PHP-Host
V-Age
UCS
X-Rebelmouse-Surrogate-Control
On-Server
X-Reboot
X-Origin-Expires
X-Rebelmouse-Cache-Control
True-Client-Country-4JS
X-Cache-Debug
X-Origin-Date
X-Request-URI
X-Sf
X-Hash
Country-Code
X-Webstats-RespID
Esi-Enabled
X-GeoIP-City
Fastly-SSL
Fastly-Soc-X-Request-Id
Fastly-SIE
X-Planisys-CDN-Rules
Content-Disposition
X-Key
Backend
X-Level-Front-Cache
X-Instart-Isnd
X-Status
CDCHOST
X-Planisys-CDN-TTL
X-Nc
Fastly-SWR
X-Geo-Header
X-Nginx-Cache-Key
X-Fetched-On
X-Var-Ttl
Apple-News-Services-Parsed-Url
Memcached
X-Distributor
X-Cache-Expires
X-No-Session
X-Fastly-Cache
X-Info
X-S-Maxage
X-Wikidot-Backend
X-Generated-On
X-Protected-By
X-Amz-Meta-Cache-Control
X-Wikidot-Static-Cache
Gh-Request-Id
X-Cluster-Name
Apple-News-Services-Request-Url
X-Varnish-Cacheable
X-FireWall-Port
X-Auto-Login
X-C
X-Dispatcher-Server
X-WebServer
X-Generation-Time
X-Location
X-LI-UUID
X-Li-Fabric
Heartbleed
X-Gannett-Site-Version
X-Developers
X-Device-Os
X-App-Name
X-Distil-CS
X-Crawler
X-Agile-Age
X-Agile
X-Secret
X-Li-Pop
X-Variation
Backend-Name
Wxu-Next-Region
Resin-Trace
X-TH-Server
ProcessTime
Platform
X-Agile-Id
Wxu-Next-Hostname
X-Refresh
X-TIME
Adler-Geo
Wxu-Next-Commit
HTTPS
SD-X-WS
X-Server-IP
Is-Eu
Fastcgi-X-Cache-Version
Server-ID
X-Skip-Cache
HA-Ipaddr
Ha-Gx-Prefs
X-Eu-Site
X-Epic-Correlation-Id
X-GeoIP-Country-Code
X-SN
GEO-REGION-INFO
X-CGP
X-Backend-State
X-Varnish-Action
X-CACHE-GROUP
X-Dc
X-CDN-Cache
X-LAGOON
Epwk-Cache
X-Policy
X-Load-Cache
X-SVT-ORM-RULES
X-FPC
X-IPS-LoggedIn
X-SVT-ORM-VERSION
Time
Who
Memory
X-LI-Proto
X-Micro-Cache
NtCoent-Length
X-HS-Cache-Config
X-Internal-Host
X-HS-Combine-CSS
Group
X-Real-Ip
X-Servername
X-NC
Cdn
X-Gdpr
Cache-Provider
X-Parent-Response-Time
X-AIR-PT
Mime-Version
Amp-Access-Control-Allow-Source-Origin
X-Be
CF-IPCountry
X-Ratelimit-Remaining
X-ZONE
Mobile-Detection-Method
X-CLOUD-TRACE-CONTEXT
HostName
X-Wix-Request-Id
X-DC
X-NWS-UUID-VERIFY
SS
X-Apm-App-Name
X-Apm-Inst-Hash
X-Apm-Svc-Key
Ajk
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Logtrace-Id
X-We-Are-Hiring
Akamai-GRN
Countrycode
X-Clientip
AR-SID
X-CDN-Forward
X-Tb-Optimization-Total-Bytes-Saved
RequestId
MIME-Version
X-Cache-URL
Fastcgi-X-Cache
X-Edge-Location
GW-Server
X-GEO
X-Servedbyhost
X-UPSTREAM-Address
X-CACHE-KEY
X-APP
Geoip-Latitude
GeoIp-Country-Code
Geoip-City
Cf-Ipcountry
X-Varnish-Beresp-Ttl
X-NodeID
X-Dynatrace-Js-Agent
LB
PICS-Label
A
X-Zone
X-Newrelic-App-Data
X-Unique-ID
CF-Cached-On
X-Server-Group
X-VCL-Version
X-Varnish-Beresp-TTL
X-Vcl-Version
X-Amzn-Remapped-Date
X-Amzn-Remapped-Connection
X-SD-PageType
Ohc-Cache-HIT
X-Ratelimit-Limit
Liferay-Portal
Ohc-File-Size
SN
X-Response-By
WebServer
X-SERVER-NAME
X-B3-SpanId
X-Pf-Uncompressing
X-Datadome
X-Fastly-Country-Code
X-Pjax-Url
CDN
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-LiteSpeed-Cache-Control
X-Up
X-Cache-Ttl
X-Lb-Id
X-Fastly-Backend-Reqs
X-HS-Status
X-Newrelic-Synthetics
X-RequestId
X-Aicache-OS
GeoIP-City
GeoIP-Latitude
GeoIP-Country-Code
X-Web-Server
X-Fstrz
X-Hyper-Cache
X-ServedByHost
Odigeo-Trace-Id
Get-Access-Time
Is-Session-Tracking
Proxy-Firewall
XServer
X-Amzn-Remapped-Content-Length
X-Server-W
X-CSRF-TOKEN
X-Check-Cacheable
X-FORWARDED-FOR
X-Akamai-Request-ID2
X-MSEdge-Features
X-Wa
X-Cache-ASPX
X-Backend-Host
X-Request-Start
X-ECACHE
Requestid
Server-Cache-Control
X-MSEdge-Flight
Server-Surrogate-Control
X-Backend-Url
X-Contensis-Viewer-Groups
X-Varnish-Authentication
Accept-Language
X-SRV
X-Oss-Server-Time
X-Oss-Storage-Class
X-Oss-Request-Id
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
Section-Io-Cache
X-F5-Cache
X-COUNTRY
X-Debug-Cache-Expiry
X-Debug-Cache-Fetch
X-Gateway-Cache-Key
X-Debug-Cache-Store
X-User
X-Backend-TTL
X-Gateway-Skip-Cache
X-LB-ID
X-Gateway-Cache-Status
X-Nananana
X-Generated-In
X-Dispatch
X-WA
X-Method
X-Correlation-ID
X-Urbn-Site-Id
219prxHost
X-Urbn-Context-Path
Locale
PFcat
X-MServer
Pagetype
286prxHost
352pxline
189phosttRef
X-Sedo-Request-Id
355prline
178proxuri
Xxline
409pxxline
188prxHost
225prxHost
X-Cache-Miss-From
X-WR-MODIFICATION
Cdn-Request-Time
Cdn-Host
X-Flog
X-Exp-Se
X-Hello
X-VServer
X-PF-Uncompressing
X-CS
Sid
X-Edge-Server
X-ABtesting
X-EC-Lua
Lfy
X-Platform
X-Got-Non-Ke-Cookie
Host-ID
Correlation-Id
Dnion-Transfer-Encoding
X-PJAX-URL
Warning
X-LiteSpeed-Tag
X-Compress-Hint
TTL
X-Dw-Trace-Id
X-NGINX-Cache
Powered-By
Lb
X-Svr
CACHE
X-ServerName
Kp-EeAlive
X-HTML-Minification-Powered-By
Pragrma
X-Unique-Id
X-Fpc
X-CUA
X-Azure-Ref-OriginShield
X-Azure-Ref
X-Html-Edge-Cache
X-BC
Pics-Label
X-Li-Proto
X-Swift-Error
X-Cdn-Cache
X-Requestid
X-HTML-Edge-Cache
X-Fastly-Cache-Hits
X-TrackingId
X-WADP-Cache
X-Bug-Bounty
X-Bc
X-Powered-By-Defense
Https
X-Proxy-Upstream
WP-Super-Cache
X-TT-LOGID
X-Clara-WADP
X-CSRF-Token
X-Proxy-Cache-Status
X-BB-ID
Ttl
Cneonction
X-Request-Url
X-Test
X-Akamai-SSL-Client-Sid
Fastly-Backend-Name
X-Varnish-Url
X-Alicdn-Da-Ups-Status
Server-Id
X-Sucuri-ID
X-Cache-Detail
X-ECache
X-Sucuri-Cache
Ohc-Response-Time
Magicmarker
X-Gen-Id
X-Cache-Tag
X-GDPR
V-Cache
FSS-Cache
X-From-Cache
X-Edge-IP
FSS-Proxy
X-App
URI
N-Cache
X-Via-Ucdn