Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Pragma
X-Powered-By
CF-RAY
Link
X-XSS-Protection
ETag
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-UA-Compatible
Referrer-Policy
X-Served-By
X-Varnish
CF-Cache-Status
X-Request-Id
X-Timer
X-FRAME-OPTIONS
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
Alt-Svc
X-Check
X-Cacheable
X-Xss-Protection
X-Generator
Content-Security-Policy-Report-Only
X-Cache-Status
X-Permitted-Cross-Domain-Policies
X-Ua-Compatible
X-AspNetMvc-Version
P3p
Status
Timing-Allow-Origin
X-Template
Content-Encoding
X-Language
X-DNS-Prefetch-Control
X-Request-ID
X-Content-Security-Policy
X-Iinfo
Upgrade
X-Buckets
Xkey
X-CDN
X-Kinja-Server-Push
X-Turbo-Charged-By
X-Via
Access-Control-Expose-Headers
Keep-Alive
Access-Control-Max-Age
X-AH-Environment
CF-Ray
X-Pass-Why
X-Drupal-Dynamic-Cache
X-Cache-Group
X-Age
X-Backend
X-Server
X-Amz-Id-2
X-Amz-Request-Id
X-Robots-Tag
X-Page-Speed
X-Pingback
X-Envoy-Upstream-Service-Time
X-Hacker
X-Server-Powered-By
X-Varnish-Cache
X-Nginx-Cache-Status
EagleId
X-Proxy-Cache
Grace
X-UA-Device
Request-Context
WPE-Backend
Cf-Railgun
X-Swift-CacheTime
X-Swift-SaveTime
X-Amz-Version-Id
Ali-Swift-Global-Savetime
X-LiteSpeed-Cache
X-WebKit-CSP
X-Device
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-OneAgent-JS-Injection
X-Server-Id
Feature-Policy
X-Node
X-Ac
Content-Location
X-Rq
X-Host
EagleEye-TraceId
X-Cnection
Allow
Server-Timing
X-Backend-Server
Report-To
X-Response-Time
X-Cache-Lookup
X-Dns-Prefetch-Control
X-Application-Context
Request-Id
Surrogate-Control
X-Origin-Cache
X-Readtime
X-ORACLE-DMS-ECID
X-Cloud-Trace-Context
Pinterest-Generated-By
X-CST
NEL
X-Rack-Cache
X-Ruxit-JS-Agent
X-FTR-Request-ID
X-Vhost
X-HW
X-Clacks-Overhead
X-Country
X-Country-Code
X-DynaTrace
Rating
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Instart-Request-ID
X-Goog-Hash
X-Mod-Pagespeed
X-Dispatcher
X-Url
X-Origin-Upstream-Status
X-DataDome
Edge-Control
X-VARITI-CCR
X-Px
Accept-CH
X-Vname
X-PC
X-TtlSet
Service-Worker-Allowed
X-MS-InvokeApp
Verso
X-Server-Name
X-DataStream-Cache-Status
X-Varnish-TTL
X-Exp-Variant
X-Cdn-Fetch
X-Exp-Id
X-GoogleNews-Bot
X-Kinja
X-Kinja-Server
X-Use-Magma
X-Kinja-Revision
X-Kinja-Build
X-Powered-By-Plesk
AR-ATIME
X-Recruiting
AR-CACHE
AR-PoweredBy
X-Vcap-Request-Id
X-GitHub-Request-Id
SPRequestGuid
MS-Author-Via
X-D2id
X-ESI
X-Amz-Server-Side-Encryption
Public-Key-Pins
AR-Request-ID
Content-MD5
X-ORACLE-DMS-RID
X-Version
X-Abt-Application-Version
X-Cached
RTSS
Arc-Version
PB-PID
PB-RID
X-Mobile-Rewrite
Nginx-Cache
X-DynaTrace-JS-Agent
X-SharePointHealthScore
X-Middleton-Response
X-Sol
Display
Response
X-Middleton-Display
X-Upstream-Proxy
X-Pinterest-Rid
Pinterest-Version
Ar-Sid
X-Navigation-Version
DynaTrace
Charset
X-Amz-Rid
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Oracle-Dms-Rid
Realpath
X-XRDS-Location
ServerID
X-Ttl
X-Akam-SW-Version
X-Powered-CMS
X-Client-IP
X-Forwarded-Proto
X-FTR-Cache-Status
X-FTR-DC
X-VCache
X-FTR-Realm
X-FTR-Balancer
X-FTR-Backend
X-Country-Code-Real
X-FTR-Backend-Server
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-FTR-Expires
X-Cdn
X-B3-TraceId
X-Trace
Fusion-Content-Source
Fusion-Component-Id
Fusion-Template-Id
X-Shield-Request-Id
Fusion-Content-Id
Fusion-Source
TCN
X-Goog-Storage-Class
X-Amz-Meta-S3cmd-Attrs
X-Ser
X-Debug
SPRequestDuration
SPIisLatency
X-Dw-Request-Base-Id
X-Id
X-TTL
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
Alternate-Protocol
X-RateLimit-Remaining
X-Fastly-Request-ID
X-FTR-Cache-Host
Paypal-Debug-Id
X-Varnish-Age
S
X-Shard
X-Upstream
X-Hits
Fastcgi-Cache
X-Server-ID
X-Litespeed-Cache
X-Acc-Meta-Resource-Type
X-T
X-MSEdge-Ref
Host
X-Ezoic-Cdn
X-NF-Request-ID
Mrf-Cache-Status
MRF-Tech
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
X-B3-TraceId-Primal
MicrosoftSharePointTeamServices
X-Logged-In
Front-End-Https
X-Content-Digest
X-Frontend
Access-Control-Request-Method
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
Arr-Disable-Session-Affinity
X-HS-Hub-Id
X-HS-Content-Id
X-DIS-Request-ID
Server-Name
X-N
X-Amzn-Trace-Id
Accept-CH-Lifetime
X-Fastcgi-Cache
X-Kinsta-Cache
X-IPLB-Instance
X-Pad
X-Forwarded-For
X-Srv
X-B3-Sampled
Tracecode
X-Content-Type
X-Request-Handler-Origin-Region
X-Microsite
FilterID
X-Grace
X-Accel-Expires
X-Rid
Surrogate-Key
Edge-Cache-Tag
AMP-Access-Control-Allow-Source-Origin
TP-L2-Cache
X-Debug-Info
X-AOL-HN
X-LB-Cache
X-Type
TP-Cache
X-Node-Name
X-Request-Processing-Time
X-Request-Received
Pagespeed
X-Via-JSL
X-Analytics
Backend-Timing
X-Hostname
X-Iejgwucgyu
X-Page-Id
Accept-Charset
X-RateLimit-Limit
X-Revision
X-Whom
X-Webkit-Csp
X-GUploader-UploadID
X-FastCGI-Cache
X-Content-Options
Healthy
X-Varnish-Backend
X-User-Agent
X-Cache-2
X-Cache-Rule
X-Content-Powered-By
X-Cache-Age
X-Content-Security-Policy-Report-Only
X-Amz-Replication-Status
X-Mobile
Host-Header
X-Framework
X-TT
X-PHP-Backend
X-FB-Debug
X-Cache-Control
Powered
X-Varnish-Hostname
X-NWS-LOG-UUID
X-Correlation-Id
X-Cached-By
X-App-Environment
X-Tumblr-Pixel-0
Upgrade-Insecure-Requests
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Tumblr-Pixel
X-Cluster
X-Request-Guid
X-Tumblr-User
Source
X-Instance
X-Varnish-Grace
X-BCube-Filmed-By
X-Akamai-Edgescape
Cache-Status
Fastly-Restarts
X-B3-Traceid
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Cache-Hit
X-Az
Cleartype
X-Activity-Id
X-AppVersion
Accept-Ch-Lifetime
Access-Control-Allow-Method
X-Drupal-Cache-Tags
Retry-After
Server-Info
X-Jobs
X-Platform-Server
X-Zen-Fury
PageSpeed
X-Cache-Remote
X-Cache-TTL
X-Cache-Key
X-ATG-Version
X-FW-Static
X-FW-Hash
X-FW-Server
X-Esi
X-FW-Type
X-Oneagent-Js-Injection
X-FW-Serve
X-Cache-Action
X-CF-Powered-By
X-Forwarded-Host
Actual-Object-TTL
Cache-Tags
X-Geo-Country
X-Real-IP
X-Webkit-CSP
Server-Node
X-Cache-Operation
Payment
X-WebKit-CSP-Report-Only
X-Response-Served-From
X-URL
X-Adobe-Loc
X-Adobe-Content
X-F-Cache
X-ProcessESI
X-RemovedCookies
Cache
X-Tumblr-Pixel-2
X-TX-ID
X-Yottaa-Metrics
X-Varnish-Hits
X-Tumblr-Pixel-1
X-TT-TIMESTAMP
X-Storage
X-Yottaa-Optimizations
X-Content-Age
Eomportal-Instance
X-VG-WebCache
X-UA-Device-Type
X-Cacheable-TTL
X-Handled-By
X-RequestSource
X-GeoIP
Cache-Tv-Group
X-Cache-NE
X-B
Filters
MS-CV
DC
Refresh
X-Redis-Cache
Cache-Tag
X-TA-CDN-Provider
X-Daa-Tunnel
X-PressLabs-Stats
From-Origin
Frame-Options
X-Git-Hash
X-Accel-Buffering
X-Kong-Upstream-Latency
X-Guploader-Uploadid
X-Kong-Proxy-Latency
Viewport
X-Host-Name
X-Origin-Server
X-Vcache
Webserver
X-WA-Info
X-UUID
X-Rendered-As
X-App-Server
Datacenter
Xserver
X-Contextid
X-FW-Dynamic
X-Magnolia-Registration
X-Mode
X-Varnish-Server
X-Cache-TTL-Remaining
Country
X-Locale
X-FB-TRIP-ID
X-Cache-Enabled
GEO-INFO
X-Path-Route
X-Cache-Var
X-Trace-Id
Machine
X-Signature
X-Proxied
X-Www-Served-By
X-Zipkin-Id
X-XRDS-LOCATION
Meta-Geo
X-Cache-Var-Map
X-ES-SERVER
X-B-Cache
X-From
Load-Balancing
X-Routing-Service
X-RN-RSRV
X-Rule
X-Hl-Ver
ServedBy
X-NCache
NGX
Cache-Key
X-Rocket-Nginx-Bypass
X-Web-Node
X-BYPASS-REASON
X-Region
X-Cache-Config
X-Upstream-CT
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Ua
X-Upstream-HT
X-Viewer-Country
X-ProxyCache-Key
X-ServerID
X-Backend-Name
X-ProxyCache-Status
X-Proto
X-PCL
L5d-Success-Class
Vix-Hermes-Req-Id
X-Detected-As
X-Debug-Cache
X-Cache-Host
X-EIG-Tracking-Id
X-Environment-Context
X-Hosted-By
X-FC-Vary-Parameters
X-Is-Bot
X-JoinUs
Origin-Edge-Control
Origin-Cache-Control
Now
X-OCL
Uber-Trace-Id
X-L-Path
X-Labrador-Cache-Channel
Mn-Server-Ip
X-R9-Blue-Green-Version
X-Human
X-Upgrade-Enabled
X-VG-TLSProxy
X-Varnish-Cache-Hits
X-LJ-Flow-ID
X-Vgn-Hpd-Reason
X-Loop
X-Akamai-Request-ID
X-Site-Version
X-Origin-Response-Time
X-EdgeConnect-Cache-Status
X-VWS-Id
X-Varnish-IP
X-Cache-Category-Id
X-MP-GENERATED-AT
X-AWS-Id
X-CCM
X-S
X-Device-Type
X-Tumblr-Pixel-3
X-Via-Fastly
X-Generated
X-RCS-CacheZone
X-NGENIX-Cache
X-Grey
X-Hit
X-TNCMS
X-Pubstack
Selected-FE
X-VCT
X-Cache-Backend
Mail-Subject
X-Access
We-Hiring
X-Xfnlog-Site
Nel
Release
X-Section
DB-Nickname
DSUID
Cteonnt-Length
X-Proxy-Build
X-Timing-Wait
OT-Force-Account-Verify
X-APP-VERSION
X-Ratelimit-Reset
X-Drupal-Cache-Contexts
Cache-Name
X-BACKEND-TTL
X-Tb
X-Mobile-URL
X-Hp-Webp
Powered-By-ChinaCache
X-Nginx-Cache
HitType
SRV
X-B3-Spanid
Rt-Fastcgi-Cache
X-NewRelic-App-Data
X-Seen-By
X-RTag
X-Cache-Grace
X-UnsetCookies
X-Source
Ms-Operation-Id
Served-By
X-Generated-By
S-Cnection
X-Format
X-Proxy
Fastcgi-Useragent
X-Time
X-Presslabs-Stats
X-Cluster-Node
X-GRACE
X-Birta-Served
X-Birta-Cache-Post
Hostname
X-Cache-Server
X-OVcl
X-OVcl-Cache
X-Time-Microsecs
X-ApacheServer
X-PERF
Azure-SiteName
Azure-InstanceId
X-Akamai-Transformed
Azure-RegionName
X-IP
Azure-SlotName
Azure-Version
X-Geo
X-Origin-Hint
X-Via-CDN
Property-Id
TWC-GeoIP-LatLong
TWC-Locale-Group
TWC-Device-Class
TWC-Connection-Speed
Access-Control-Request-Headers
TWC-Privacy
TWC-GeoIP-Country
X-FW-Version
Webcakes-Region
Webcakes-App-Version
Webcakes-App-Name
X-Microcachable
S-Rt
X-B3-Parentspanid
X-Origin
X-ShopId
X-Sorting-Hat-PodId
X-Shopify-Stage
X-Sorting-Hat-ShopId
X-Endurance-Cache-Level
Decoy-Debug-TTL
Decoy-Debug-Key
Decoy-Debug-Status
X-ShardId
X-App-Version
X-Alternate-Cache-Key
X-Cdn-Forward
Origin
X-Status
X-Request-Time
Proxy-Connection
X-Origin-TTL
Ec-Rule-Version
WZWS-RAY
X-Origin-CC
X-Ruxit-Js-Agent
IBM-Web2-Location
Thinkindot-Control
Thinkindot-CacheControl-Type
X-A-Ccd
X-A-Dgt
X-A-Dcw
X-A-Wwc
X-Accel-Expires-Debug
X-Application
X-Aed
X-A-Dam
Thinkindot-CacheControl
VivaBuild
Viewtype
Web-Mar-Node
Www
X-A
User-Cache-Control
Node
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
Cache-Prefix
Content-Script-Type
Cache-Cookie-Set-From
BehaviorPad-Version
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Arc-Country
AsisCache
Content-Style-Type
Cross-Origin-Window-Policy
NGB
X-ARC
Rendered-Blocks
Rt-Proxy-Cache
Meta-Geo-Continent
MD5-Digest
Fly-Cache
Fly-Request-Id
IsBot
Server-Int
X-Core-Mission
X-S-Cookie
X-Rojux
X-ScT
X-Served-From
X-ServiceProvider
X-Server-Time
X-Rewrite-Enabled
X-Request-UUID
X-PAYTM-SRV-ID
X-Org
X-Phone
X-Processor
X-Region-Sid
X-SIPLIST1
X-Sn-Servicetimems
X-Via-NSCOPI
X-VG-WebServer
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
Xc-Version
X-Worker
X-Twitter-Response-Tags
X-Trv-Group
X-SS-Set-Cookie
X-SRCache-Key
X-Swa-Ws
X-Thinkindot-L3
X-Transaction
X-NU-AKA-ACS-Version
X-No-Session
Apple-News-Services-Host
X-Cluster-Name
X-Core-Value
X-D
X-Destination
X-Date
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-Block-Status
X-BBXSRF
X-Cache-Bucket
X-Cache-Info
X-Cdn-Origin
X-Developer
X-DPWN-IS-SECURE
X-Instart-Info
X-IN-WAF
X-Irp-Debug
X-Matched-Rule
X-ND-Cache
X-IN-APIGATEWAY
X-Hnp-Log
X-Fastly-Cache
X-External-Request-Id
X-G
X-Gen-Mode
X-Geo-Header
X-B-Cookie
X-Connection-Hash
Apple-News-Services-Handled
Fastcgi-X-Cache-Version
X-Info
Fastly-SSL
X-ElasticPress-Search
X-Webstats-RespID
X-Wikidot-Backend
X-Debug-Log
X-Debug-Cookies
X-Distil-CS
X-Gannett-Site-Version
X-VC-Cache
X-Fetched-On
X-Via-Edge
X-Distributor
X-Via-SSL
X-Wikidot-Static-Cache
Version
X-Varnish-Action
X-App-Name
X-Amz-Meta-Cache-Control
V-Age
True-Client-Country-4JS
UCS
X-Bip
X-C
GEO-REGION-INFO
X-Cdn-Srv
X-Cache-Id
X-Cache-FS-Status
X-Cache-Debug
X-Varnish-Cacheable
X-Generation-Time
X-Qloud-Router
X-Rebelmouse-Cache-Control
X-Protected-By
X-Server-IP
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Rebelmouse-Surrogate-Control
X-Reboot
X-Secret
X-S-Maxage
X-Request-URI
X-Reqid
X-Release
X-Planisys-CDN-Cache
X-PHP-Host
X-Key
X-Level-Front-Cache
X-Instart-Isnd
X-Thanos
ServerName
X-Hash
X-Nginx-Cache-Key
X-NX-Host
X-Owner
X-Page-Type
X-Origin-Expires
X-Origin-Date
X-UA
X-Generated-On
X-Cache-Expires
Gh-Request-Id
On-Server
Fastly-SIE
Esi-Enabled
Resin-Trace
Request-Time
RNT-Time
RNT-Machine
Memcached
Pramga
Fastly-SWR
Request-EU
Backend
Server-Host
CDCHOST
Request-Country
AKAMAI
Country-Code
X-Nc
X-FireWall-Port
X-AssetVersion
Backend-Name
X-Eu-Site
X-Epic-Correlation-Id
X-Device-Os
X-WebServer
Cache-Hits
X-CGP
ProcessTime
X-Cms-Context
Platform
X-CDN-Cache
X-Crawler
X-Developers
X-GeoIP-City
Fastly-Soc-X-Request-Id
FNAC-ModuleRouting
X-Location
X-SN
X-Skip-Cache
Adler-Geo
X-Refresh
Content-Disposition
X-LI-UUID
X-Li-Pop
Heartbleed
X-Variation
HTTPS
HA-Ipaddr
X-GeoIP-Country-Code
X-Li-Fabric
X-TH-Server
Ha-Gx-Prefs
Is-Eu
X-Dispatcher-Server
Wxu-Next-Commit
X-Agile
X-Agile-Age
X-Agile-Id
X-Backend-State
Epwk-Cache
Wxu-Next-Hostname
X-Auto-Login
Wxu-Next-Region
SD-X-WS
REQUESTUUID
X-CACHE-GROUP
X-TIME
X-HS-Cache-Config
Server-ID
X-LAGOON
X-Var-Ttl
X-WPE-Loopback-Upstream-Addr
X-HS-Combine-CSS
X-Sf
Who
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
Group
Mime-Version
X-Load-Cache
X-FPC
X-LI-Proto
Memory
X-NC
Time
X-Dc
X-IPS-LoggedIn
X-Policy
X-Real-Ip
X-Servername
X-AIR-PT
X-Internal-Host
NtCoent-Length
Cache-Provider
Mobile-Detection-Method
Amp-Access-Control-Allow-Source-Origin
X-Micro-Cache
Cdn
CF-IPCountry
X-Wix-Request-Id
X-CLOUD-TRACE-CONTEXT
X-GEO
X-Parent-Response-Time
SS
X-DC
Akamai-GRN
Countrycode
X-We-Are-Hiring
X-Gdpr
X-Clientip
X-CACHE-KEY
X-ZONE
Fastcgi-X-Cache
X-Tb-Optimization-Total-Bytes-Saved
X-Edge-Location
X-Be
X-CDN-Forward
AR-SID
X-Datadome
X-NWS-UUID-VERIFY
X-Cache-URL
GW-Server
X-Apm-Inst-Hash
X-RateLimit-Remaining-Second
X-Logtrace-Id
X-Apm-Svc-Key
X-Apm-App-Name
X-RateLimit-Limit-Second
Ajk
RequestId
X-Servedbyhost
X-Unique-ID
X-Varnish-Beresp-Ttl
HostName
A
X-Ratelimit-Remaining
GeoIp-Country-Code
Geoip-Latitude
X-SD-PageType
X-APP
X-Dynatrace-Js-Agent
MIME-Version
X-Zone
Geoip-City
PICS-Label
Cf-Ipcountry
CF-Cached-On
Ohc-File-Size
Ohc-Cache-HIT
SN
X-Response-By
X-VCL-Version
X-UPSTREAM-Address
X-Vcl-Version
WebServer
X-SERVER-NAME
X-Varnish-Beresp-Status
X-NodeID
X-Varnish-Beresp-Grace
Liferay-Portal
X-LiteSpeed-Cache-Control
X-Aicache-OS
X-ECACHE
X-Amzn-Remapped-Date
X-Amzn-Remapped-Connection
X-Varnish-Beresp-TTL
X-Fastly-Country-Code
X-HS-Status
X-Server-Group
X-Web-Server
CDN
X-Newrelic-App-Data
X-Lb-Id
X-Fstrz
Odigeo-Trace-Id
Proxy-Firewall
X-Pf-Uncompressing
LB
X-Hyper-Cache
X-Cache-Ttl
GeoIP-City
X-Newrelic-Synthetics
GeoIP-Latitude
GeoIP-Country-Code
X-Pjax-Url
XServer
Get-Access-Time
X-Request-Start
Is-Session-Tracking
X-Ratelimit-Limit
X-FORWARDED-FOR
Requestid
Section-Io-Cache
X-Up
X-Fastly-Backend-Reqs
X-ServedByHost
X-B3-SpanId
X-RequestId
X-SRV
X-Check-Cacheable
X-COUNTRY
X-CSRF-TOKEN
X-Dispatch
X-Amzn-Remapped-Content-Length
X-Server-W
X-Method
Accept-Ch
X-MServer
X-Wa
X-MSEdge-Features
X-Oss-Request-Id
X-Oss-Server-Time
X-Backend-Host
X-Backend-Url
X-PF-Uncompressing
X-Contensis-Viewer-Groups
X-Oss-Hash-Crc64ecma
X-MSEdge-Flight
X-WA
X-Oss-Storage-Class
X-Cache-ASPX
X-Backend-TTL
Cdn-Request-Time
Cdn-Host
X-Oss-Object-Type
X-Varnish-Authentication
Server-Surrogate-Control
X-Edge-Server
Server-Cache-Control
PFcat
X-Dynatrace
X-Nananana
X-Akamai-Request-ID2
X-Correlation-ID
X-F5-Cache
X-Gateway-Cache-Key
X-Gateway-Cache-Status
Accept-Language
X-User
X-Gateway-Skip-Cache
X-Debug-Cache-Store
X-CS
X-LB-ID
X-Debug-Cache-Fetch
X-VServer
X-Debug-Cache-Expiry
X-LiteSpeed-Tag
Host-ID
Lb
Sid
X-Generated-In
X-WR-MODIFICATION
X-Sedo-Request-Id
TTL
X-Urbn-Context-Path
178proxuri
X-Cache-Miss-From
189phosttRef
352pxline
355prline
409pxxline
286prxHost
X-Urbn-Site-Id
Correlation-Id
219prxHost
225prxHost
188prxHost
X-EC-Lua
Pagetype
Powered-By
Locale
X-Got-Non-Ke-Cookie
X-Compress-Hint
X-PJAX-URL
Pragrma
Xxline
Dynatrace
X-ABtesting
X-Azure-Ref-OriginShield
X-Request-Url
X-Flog
X-Exp-Se
CACHE
X-CUA
X-NGINX-Cache
X-Hello
X-Svr
X-BC
X-ServerName
X-HTML-Minification-Powered-By
X-Erf-Bev-Bev
Cneonction
X-Dw-Trace-Id
X-Erf-Bev-Bev-Is-Generated
X-Azure-Ref
X-Powered-By-Defense
Lfy
X-Swift-Error
Dnion-Transfer-Encoding
X-Fpc
X-Requestid
Warning
X-Fastly-Cache-Hits
X-Platform
X-Html-Edge-Cache
X-HTML-Edge-Cache
X-Li-Proto
X-Cache-Tag
W
L
Https
Ttl
URI
X-Clara-WADP
Kp-EeAlive
WP-Super-Cache
X-Unique-Id
User-Agent
X-WADP-Cache
X-CSRF-Token
X-Bc
X-Edge
X-Akamai-SSL-Client-Sid
X-Mid
X-MID
X-BE
RequestUuid
X-MCACHE
Ohc-Response-Time
Pics-Label
FSS-Proxy
Server-Id
FSS-Cache
X-Bug-Bounty
X-TrackingId
X-From-Cache
X-Cache-Detail
V-Cache
X-Gen-Id
X-App
X-GDPR
X-Sucuri-ID
X-Sucuri-Cache
X-Alicdn-Da-Ups-Status