Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Pragma
X-Powered-By
CF-RAY
Link
X-XSS-Protection
ETag
Expect-CT
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-Cache-Hits
X-Amz-Cf-Pop
X-UA-Compatible
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
CF-Cache-Status
X-Request-Id
X-Timer
Access-Control-Allow-Headers
X-FRAME-OPTIONS
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
Alt-Svc
X-Check
X-Cacheable
X-Generator
Content-Security-Policy-Report-Only
X-Xss-Protection
X-Cache-Status
X-Permitted-Cross-Domain-Policies
X-AspNetMvc-Version
X-Ua-Compatible
Status
Timing-Allow-Origin
X-Template
X-Language
Content-Encoding
X-DNS-Prefetch-Control
X-Iinfo
X-Content-Security-Policy
X-Request-ID
Upgrade
X-Buckets
Xkey
X-Kinja-Server-Push
X-CDN
P3p
X-Turbo-Charged-By
Access-Control-Expose-Headers
X-Via
Keep-Alive
Access-Control-Max-Age
X-AH-Environment
X-Pass-Why
X-Drupal-Dynamic-Cache
CF-Ray
X-Cache-Group
X-Age
X-Backend
X-Server
X-Amz-Id-2
X-Amz-Request-Id
X-Robots-Tag
X-Page-Speed
X-Pingback
X-Envoy-Upstream-Service-Time
X-Hacker
X-Varnish-Cache
X-Server-Powered-By
EagleId
X-Nginx-Cache-Status
X-Proxy-Cache
Grace
X-UA-Device
Request-Context
WPE-Backend
Cf-Railgun
X-Swift-SaveTime
X-Swift-CacheTime
X-Amz-Version-Id
Ali-Swift-Global-Savetime
X-Server-Id
X-LiteSpeed-Cache
X-Device
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-OneAgent-JS-Injection
X-WebKit-CSP
X-Node
X-Ac
Feature-Policy
X-Rq
Content-Location
X-Host
EagleEye-TraceId
X-Cnection
Server-Timing
Allow
Report-To
X-Backend-Server
X-Response-Time
X-Cache-Lookup
X-Application-Context
Request-Id
X-Dns-Prefetch-Control
Surrogate-Control
X-Readtime
X-ORACLE-DMS-ECID
X-Cloud-Trace-Context
X-Origin-Cache
Pinterest-Generated-By
X-CST
NEL
X-Ruxit-JS-Agent
X-Rack-Cache
X-FTR-Request-ID
X-Vhost
X-HW
X-Clacks-Overhead
X-Country
X-DynaTrace
X-Country-Code
Rating
X-Instart-Request-ID
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Goog-Hash
X-Mod-Pagespeed
X-Url
X-Dispatcher
X-Origin-Upstream-Status
X-Cdn
X-DataDome
Edge-Control
Accept-CH
X-VARITI-CCR
X-Px
X-Vname
X-PC
X-TtlSet
Service-Worker-Allowed
X-MS-InvokeApp
Verso
X-Server-Name
X-DataStream-Cache-Status
X-Kinja-Server
X-Kinja
X-Kinja-Build
X-Exp-Variant
X-GoogleNews-Bot
X-Exp-Id
X-Cdn-Fetch
X-Use-Magma
X-Varnish-TTL
X-Kinja-Revision
X-Powered-By-Plesk
AR-CACHE
AR-ATIME
AR-PoweredBy
X-GitHub-Request-Id
X-Recruiting
X-Vcap-Request-Id
MS-Author-Via
X-ORACLE-DMS-RID
X-ESI
Public-Key-Pins
SPRequestGuid
X-Amz-Server-Side-Encryption
X-D2id
AR-Request-ID
Content-MD5
Arc-Version
X-Mobile-Rewrite
PB-PID
PB-RID
X-Cached
X-Version
RTSS
X-Abt-Application-Version
Nginx-Cache
X-DynaTrace-JS-Agent
DynaTrace
Ar-Sid
X-Pinterest-Rid
Pinterest-Version
X-Upstream-Proxy
X-SharePointHealthScore
X-Navigation-Version
X-Middleton-Display
X-Middleton-Response
X-Sol
Response
Display
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
Realpath
X-XRDS-Location
X-Amz-Rid
X-B3-TraceId
Charset
X-Akam-SW-Version
X-VCache
X-Powered-CMS
X-Forwarded-Proto
X-Oracle-Dms-Rid
X-Client-IP
ServerID
X-FTR-Balancer
X-Country-Code-Real
X-FTR-Backend-Server
X-FTR-Backend
X-FTR-Realm
X-FTR-Cache-Status
X-FTR-DC
X-Ttl
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-FTR-Expires
TCN
X-Shield-Request-Id
X-Amz-Meta-S3cmd-Attrs
X-Ser
X-TTL
X-Goog-Storage-Class
X-Trace
X-Debug
Fusion-Content-Source
Fusion-Source
Fusion-Component-Id
Fusion-Template-Id
Fusion-Content-Id
X-Id
SPRequestDuration
SPIisLatency
X-Fastly-Request-ID
X-Dw-Request-Base-Id
X-FTR-Cache-Host
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
Alternate-Protocol
X-RateLimit-Remaining
S
Paypal-Debug-Id
X-Hits
Fastcgi-Cache
X-Varnish-Age
X-Upstream
X-T
X-Acc-Meta-Resource-Type
X-MSEdge-Ref
X-Shard
Host
X-Litespeed-Cache
X-NF-Request-ID
Mrf-Cache-Status
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
X-B3-TraceId-Primal
MRF-Tech
X-Ezoic-Cdn
Access-Control-Request-Method
MicrosoftSharePointTeamServices
Accept-CH-Lifetime
Front-End-Https
X-Logged-In
X-Content-Digest
Arr-Disable-Session-Affinity
X-Frontend
X-Fastcgi-Cache
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
X-HS-Content-Id
X-HS-Hub-Id
X-N
X-Amzn-Trace-Id
Server-Name
X-Webkit-CSP
X-DIS-Request-ID
X-Iejgwucgyu
X-Pad
X-Kinsta-Cache
X-IPLB-Instance
Tracecode
X-Forwarded-For
X-Srv
X-Content-Type
X-B3-Sampled
X-Request-Handler-Origin-Region
X-Microsite
X-Accel-Expires
FilterID
AMP-Access-Control-Allow-Source-Origin
Surrogate-Key
X-Debug-Info
X-LB-Cache
X-Rid
TP-L2-Cache
TP-Cache
X-Type
X-Request-Processing-Time
X-Request-Received
X-AOL-HN
X-Node-Name
X-Analytics
Backend-Timing
Edge-Cache-Tag
X-Hostname
X-Via-JSL
Pagespeed
X-Server-ID
X-Grace
Accept-Charset
X-Page-Id
X-Revision
X-Whom
X-Content-Options
X-Cache-2
X-User-Agent
X-GUploader-UploadID
X-Webkit-Csp
Healthy
X-Varnish-Backend
X-Content-Powered-By
X-Cache-Rule
X-Cache-Age
X-RateLimit-Limit
X-Framework
X-Mobile
X-Amz-Replication-Status
X-Content-Security-Policy-Report-Only
X-TT
X-NWS-LOG-UUID
X-Varnish-Hostname
X-FB-Debug
X-Cache-Control
Host-Header
Powered
X-PHP-Backend
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
Upgrade-Insecure-Requests
X-App-Environment
X-Tumblr-Pixel-0
X-Request-Guid
X-Tumblr-Pixel
X-Cluster
X-Tumblr-User
Cache-Status
Source
X-Cached-By
X-Instance
X-BCube-Filmed-By
X-Akamai-Edgescape
Fastly-Restarts
X-Varnish-Grace
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Correlation-Id
X-Cache-Hit
X-AppVersion
X-Az
X-Activity-Id
X-FastCGI-Cache
Access-Control-Allow-Method
Cleartype
Server-Info
X-Drupal-Cache-Tags
X-Platform-Server
X-Zen-Fury
Retry-After
X-Cache-Key
X-Jobs
X-Cache-Remote
X-Cache-TTL
PageSpeed
X-ATG-Version
X-FW-Type
X-FW-Static
X-FW-Serve
Cache-Tags
X-FW-Hash
X-FW-Server
X-TA-CDN-Provider
X-Cache-Action
X-CF-Powered-By
X-Forwarded-Host
X-F-Cache
Server-Node
Actual-Object-TTL
X-Esi
X-Geo-Country
X-B3-Traceid
MS-CV
X-Oneagent-Js-Injection
X-Response-Served-From
Payment
X-Adobe-Loc
X-WebKit-CSP-Report-Only
X-ProcessESI
X-Adobe-Content
X-RemovedCookies
X-UA-Device-Type
X-Cache-Operation
X-Varnish-Hits
X-TT-TIMESTAMP
X-TX-ID
X-Storage
X-Content-Age
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-VG-WebCache
X-B
X-GeoIP
Accept-Ch-Lifetime
X-Yottaa-Optimizations
Eomportal-Instance
X-Handled-By
X-Yottaa-Metrics
Filters
X-URL
X-Cacheable-TTL
Cache-Tv-Group
X-RequestSource
X-Cache-NE
X-PressLabs-Stats
X-Real-IP
DC
Cache
Refresh
X-Guploader-Uploadid
X-Redis-Cache
From-Origin
Cache-Tag
X-Daa-Tunnel
Frame-Options
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Origin-Server
X-WA-Info
X-Host-Name
X-UUID
Viewport
X-Git-Hash
Webserver
X-Accel-Buffering
X-Rendered-As
X-App-Server
Datacenter
X-FW-Dynamic
Xserver
X-Magnolia-Registration
X-Varnish-Server
Country
X-Contextid
X-Locale
X-Mode
X-B-Cache
X-Cache-TTL-Remaining
X-Signature
X-FB-TRIP-ID
X-Cache-Enabled
X-Region
GEO-INFO
X-Ua
X-Hl-Ver
X-ES-SERVER
X-Cache-Var
X-Cache-Var-Map
X-From
X-Proxied
Meta-Geo
Load-Balancing
X-RN-RSRV
X-Routing-Service
X-Trace-Id
X-Www-Served-By
X-Zipkin-Id
Machine
X-Rule
X-Path-Route
X-NCache
X-Upgrade-Enabled
X-BYPASS-REASON
Cache-Key
X-Upstream-HT
ServedBy
NGX
X-Cache-Config
X-Web-Node
X-Rocket-Nginx-Bypass
X-ProxyCache-Key
X-Backend-Name
X-ServerID
X-Viewer-Country
X-ProxyCache-Status
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Upstream-CT
L5d-Success-Class
Origin-Edge-Control
Vix-Hermes-Req-Id
X-Detected-As
X-Debug-Cache
X-Labrador-Cache-Channel
X-EIG-Tracking-Id
Mn-Server-Ip
X-Environment-Context
X-FC-Vary-Parameters
X-Is-Bot
X-OCL
X-Hosted-By
Uber-Trace-Id
X-VG-TLSProxy
X-JoinUs
X-PCL
X-L-Path
Origin-Cache-Control
X-Human
X-Proto
Now
X-Via-Fastly
X-Cache-Category-Id
X-CCM
X-Akamai-Request-ID
X-AWS-Id
X-R9-Blue-Green-Version
X-Varnish-IP
X-Varnish-Cache-Hits
X-Vcache
X-Device-Type
X-Site-Version
X-VWS-Id
X-TNCMS
X-XRDS-LOCATION
X-RCS-CacheZone
X-S
X-Grey
X-Generated
X-Hit
X-Tumblr-Pixel-3
X-LJ-Flow-ID
X-Loop
X-Origin-Response-Time
X-MP-GENERATED-AT
Mail-Subject
X-Vgn-Hpd-Reason
X-VCT
X-Xfnlog-Site
X-Section
X-Proxy-Build
X-Access
We-Hiring
Selected-FE
X-Timing-Wait
X-Cache-Host
Release
X-Drupal-Cache-Contexts
DSUID
DB-Nickname
X-GRACE
Cteonnt-Length
X-Pubstack
OT-Force-Account-Verify
X-EdgeConnect-Cache-Status
X-Cache-Backend
X-NGENIX-Cache
Nel
X-Tb
HitType
X-APP-VERSION
X-BACKEND-TTL
X-RTag
Cache-Name
Ms-Operation-Id
X-Nginx-Cache
Powered-By-ChinaCache
SRV
X-UnsetCookies
X-Mobile-URL
X-Hp-Webp
X-Generated-By
X-Source
Served-By
Rt-Fastcgi-Cache
X-Seen-By
X-Format
X-Ratelimit-Reset
X-Cache-Grace
X-NewRelic-App-Data
X-Time
X-Proxy
S-Cnection
X-Cache-Server
X-B3-Spanid
X-Birta-Cache-Post
X-Birta-Served
X-Cluster-Node
X-OVcl
X-Presslabs-Stats
X-OVcl-Cache
X-Via-CDN
X-Time-Microsecs
Fastcgi-Useragent
X-Akamai-Transformed
X-Geo
Azure-SlotName
Azure-SiteName
Azure-InstanceId
Azure-Version
Azure-RegionName
Webcakes-App-Version
Webcakes-Region
TWC-Locale-Group
Webcakes-App-Name
TWC-Privacy
Access-Control-Request-Headers
X-App-Version
TWC-GeoIP-LatLong
TWC-GeoIP-Country
X-FW-Version
Property-Id
X-ApacheServer
X-PERF
X-Origin-Hint
TWC-Device-Class
TWC-Connection-Speed
X-SS-Set-Cookie
X-Origin
X-IP
Hostname
X-B3-Parentspanid
S-Rt
X-Request-Time
X-Alternate-Cache-Key
Decoy-Debug-Status
X-Origin-TTL
X-Origin-CC
X-Endurance-Cache-Level
Decoy-Debug-TTL
X-Cdn-Forward
X-AssetVersion
NGB
X-Sorting-Hat-ShopId
Decoy-Debug-Key
X-ShardId
X-Sorting-Hat-PodId
X-ShopId
X-Shopify-Stage
Ec-Rule-Version
Proxy-Connection
Origin
User-Cache-Control
X-A-Dam
X-A-Dcw
X-A-Dgt
X-Accel-Expires-Debug
X-A-Wwc
X-A-Ccd
X-A
AKAMAI
Apple-News-Services-Handled
VivaBuild
Web-Mar-Node
Www
X-Irp-Debug
X-Matched-Rule
X-Twitter-Response-Tags
X-Thinkindot-L3
Node
X-Vtex-Remote-Cache
X-G
X-ND-Cache
X-VG-WebServer
Xc-Version
X-Trv-Group
IBM-Web2-Location
Apple-News-Services-Host
X-VC-Cache
Cache-Hits
X-Worker
X-Aed
Apple-News-Services-Parsed-Url
Fly-Request-Id
FNAC-ModuleRouting
Fly-Cache
Server-Int
X-Instart-Info
Thinkindot-CacheControl
X-IN-WAF
X-IN-APIGATEWAY
Rendered-Blocks
Meta-Geo-Continent
MD5-Digest
IsBot
X-Hnp-Log
Rt-Proxy-Cache
Thinkindot-CacheControl-Type
Thinkindot-Control
BehaviorPad-Version
Cache-Cookie-Set-From
Viewtype
AsisCache
Apple-News-Services-Request-Url
Arc-Country
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
X-Gen-Mode
Cross-Origin-Window-Policy
Content-Style-Type
Content-Script-Type
Cache-Prefix
X-NU-AKA-ACS-Version
X-Transaction
X-Swa-Ws
X-Via-SSL
X-Connection-Hash
X-Via-NSCOPI
X-DPWN-IS-SECURE
Version
X-CF-Lambda-Version
X-Cdn-Origin
X-Vtex-Processado-Em
X-ServiceProvider
X-Processor
X-CF-Lambda-Fn
X-Core-Mission
X-Core-Value
X-ScT
X-Destination
X-Rojux
X-Developer
X-S-Cookie
X-Rewrite-Enabled
X-Request-UUID
X-D
X-Served-From
X-Region-Sid
X-Via-Edge
X-Date
X-Cache-Info
X-Server-Time
X-Sn-Servicetimems
X-PAYTM-SRV-ID
X-Phone
X-SRCache-Key
X-External-Request-Id
X-Org
X-Application
X-ARC
X-BBXSRF
X-B-Cookie
X-Cache-Bucket
X-SIPLIST1
X-Block-Status
X-Nc
X-ElasticPress-Search
X-WPE-Loopback-Upstream-Addr
X-Microcachable
X-Varnish-Cacheable
WZWS-RAY
X-Ruxit-Js-Agent
RNT-Time
X-Cache-FS-Status
RNT-Machine
X-Generated-On
V-Age
Server-Host
REQUESTUUID
Request-Time
Pramga
X-Cluster-Name
On-Server
X-Fetched-On
X-App-Name
Request-EU
Request-Country
X-Debug-Log
X-Cms-Context
X-Distributor
X-Fastly-Cache
X-Cache-Expires
X-Cdn-Srv
X-Cache-Debug
UCS
True-Client-Country-4JS
X-Cache-Id
X-Wikidot-Static-Cache
X-Distil-CS
X-Debug-Cookies
X-Bip
X-Wikidot-Backend
X-Amz-Meta-Cache-Control
ServerName
X-Gannett-Site-Version
Fastly-SWR
X-Status
X-Origin-Date
X-Origin-Expires
X-Owner
X-PHP-Host
X-Page-Type
X-NX-Host
X-No-Session
X-Level-Front-Cache
X-Key
X-Geo-Header
X-Thanos
X-Nginx-Cache-Key
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Release
X-Reboot
X-Reqid
X-Request-URI
X-S-Maxage
X-Secret
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Sf
X-Planisys-CDN-TTL
X-Protected-By
X-Server-IP
X-Qloud-Router
Backend
X-Info
Esi-Enabled
Fastly-SIE
Memcached
X-Var-Ttl
X-Hash
X-Instart-Isnd
Country-Code
X-Webstats-RespID
Content-Disposition
Fastly-Soc-X-Request-Id
Gh-Request-Id
CDCHOST
X-GeoIP-City
Fastly-SSL
X-FireWall-Port
X-SN
HA-Ipaddr
X-Epic-Correlation-Id
X-C
X-Skip-Cache
HTTPS
X-CGP
X-Device-Os
X-Dispatcher-Server
Platform
X-UA
X-Generation-Time
ProcessTime
X-Refresh
Resin-Trace
X-Eu-Site
X-GeoIP-Country-Code
X-Crawler
Is-Eu
Ha-Gx-Prefs
Backend-Name
Wxu-Next-Region
X-Li-Pop
Wxu-Next-Hostname
X-WebServer
X-Variation
X-Li-Fabric
X-LI-UUID
X-Location
X-TH-Server
X-Developers
Wxu-Next-Commit
X-Auto-Login
Heartbleed
Adler-Geo
Fastcgi-X-Cache-Version
X-Varnish-Action
X-Backend-State
Server-ID
GEO-REGION-INFO
X-Agile-Id
X-LAGOON
X-Agile-Age
SD-X-WS
X-Agile
X-CACHE-GROUP
X-TIME
Epwk-Cache
X-Real-Ip
X-Dc
X-CDN-Cache
X-Policy
X-Load-Cache
X-IPS-LoggedIn
X-LI-Proto
X-SVT-ORM-RULES
X-HS-Cache-Config
Time
X-HS-Combine-CSS
X-SVT-ORM-VERSION
Who
Memory
X-Servername
X-Internal-Host
NtCoent-Length
X-Micro-Cache
X-FPC
Group
X-NC
Mime-Version
Cdn
X-Gdpr
X-AIR-PT
CF-IPCountry
Cache-Provider
X-Be
Amp-Access-Control-Allow-Source-Origin
X-Parent-Response-Time
X-CLOUD-TRACE-CONTEXT
Mobile-Detection-Method
X-ZONE
X-Wix-Request-Id
HostName
SS
X-CACHE-KEY
X-DC
X-NWS-UUID-VERIFY
X-Apm-App-Name
X-Logtrace-Id
X-Apm-Inst-Hash
Countrycode
X-Clientip
X-GEO
X-Apm-Svc-Key
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
Akamai-GRN
Ajk
X-We-Are-Hiring
X-Tb-Optimization-Total-Bytes-Saved
X-CDN-Forward
AR-SID
X-Servedbyhost
X-Edge-Location
Fastcgi-X-Cache
GW-Server
RequestId
X-Cache-URL
MIME-Version
X-UPSTREAM-Address
Cf-Ipcountry
X-APP
X-Varnish-Beresp-Ttl
X-Ratelimit-Remaining
X-Unique-ID
Geoip-Latitude
GeoIp-Country-Code
A
Geoip-City
X-NodeID
PICS-Label
X-Zone
X-Dynatrace-Js-Agent
X-Newrelic-App-Data
CF-Cached-On
X-Amzn-Remapped-Connection
X-Varnish-Beresp-TTL
X-Server-Group
X-Amzn-Remapped-Date
X-Vcl-Version
LB
X-VCL-Version
Ohc-File-Size
Liferay-Portal
Ohc-Cache-HIT
WebServer
X-SERVER-NAME
SN
X-SD-PageType
X-B3-SpanId
X-HS-Status
X-Response-By
X-Datadome
GeoIP-City
X-Fastly-Country-Code
CDN
GeoIP-Country-Code
X-Pjax-Url
GeoIP-Latitude
X-LiteSpeed-Cache-Control
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-Pf-Uncompressing
X-Cache-Ttl
X-Fastly-Backend-Reqs
X-RequestId
X-Newrelic-Synthetics
X-Up
X-Lb-Id
X-Aicache-OS
X-Web-Server
X-Hyper-Cache
X-CSRF-TOKEN
X-Fstrz
X-ECACHE
XServer
Get-Access-Time
X-Amzn-Remapped-Content-Length
X-Server-W
Odigeo-Trace-Id
Is-Session-Tracking
Proxy-Firewall
X-Check-Cacheable
X-Akamai-Request-ID2
X-Ratelimit-Limit
X-FORWARDED-FOR
X-Varnish-Authentication
X-ServedByHost
X-Request-Start
X-Wa
X-Backend-Host
X-Backend-Url
Accept-Language
X-MSEdge-Features
X-MSEdge-Flight
X-Contensis-Viewer-Groups
Server-Surrogate-Control
X-Cache-ASPX
X-Correlation-ID
Requestid
Server-Cache-Control
X-SRV
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Oss-Storage-Class
X-Oss-Request-Id
X-Oss-Server-Time
X-Debug-Cache-Store
X-User
X-Debug-Cache-Expiry
X-Debug-Cache-Fetch
X-F5-Cache
X-Gateway-Cache-Key
X-Gateway-Cache-Status
X-Gateway-Skip-Cache
X-Backend-TTL
Section-Io-Cache
X-COUNTRY
X-LB-ID
X-Nananana
X-Dispatch
X-Method
X-Generated-In
X-WA
286prxHost
Locale
409pxxline
355prline
225prxHost
352pxline
X-MServer
PFcat
X-Edge-Server
X-PF-Uncompressing
Cdn-Request-Time
Cdn-Host
188prxHost
178proxuri
Pagetype
219prxHost
189phosttRef
Xxline
X-Urbn-Context-Path
X-Cache-Miss-From
X-Sedo-Request-Id
X-Urbn-Site-Id
CACHE
X-WR-MODIFICATION
Sid
X-Flog
X-Hello
X-CS
X-Exp-Se
X-VServer
X-ABtesting
X-Got-Non-Ke-Cookie
TTL
X-EC-Lua
Correlation-Id
Lfy
Warning
X-LiteSpeed-Tag
X-PJAX-URL
X-Platform
Host-ID
Dnion-Transfer-Encoding
Lb
X-Compress-Hint
X-ServerName
Kp-EeAlive
X-NGINX-Cache
X-Fpc
X-Svr
X-Dw-Trace-Id
Pragrma
Powered-By
X-Requestid
X-TrackingId
X-Cdn-Cache
X-Html-Edge-Cache
X-Azure-Ref
X-Azure-Ref-OriginShield
X-Li-Proto
X-Swift-Error
X-Fastly-Cache-Hits
X-BC
Pics-Label
X-HTML-Edge-Cache
X-CUA
X-HTML-Minification-Powered-By
X-Clara-WADP
X-Proxy-Upstream
X-Powered-By-Defense
X-WADP-Cache
X-Test
X-TT-LOGID
X-Bc
X-Unique-Id
X-Request-Url
X-Proxy-Cache-Status
X-Bug-Bounty
Ttl
Https
X-CSRF-Token
WP-Super-Cache
X-BB-ID
Cneonction
X-Akamai-SSL-Client-Sid
Fastly-Backend-Name
X-Sucuri-ID
X-Sucuri-Cache
X-Alicdn-Da-Ups-Status
X-Via-Ucdn
FSS-Proxy
Ohc-Response-Time
Magicmarker
FSS-Cache
X-From-Cache
X-Varnish-Url
V-Cache
X-GDPR
X-Cache-Tag
X-Cache-Detail
N-Cache
URI
X-Edge-IP
Server-Id
X-App
X-Gen-Id