Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Pragma
X-Powered-By
CF-RAY
Link
ETag
X-XSS-Protection
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-UA-Compatible
Referrer-Policy
X-Served-By
X-Varnish
CF-Cache-Status
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-FRAME-OPTIONS
X-Drupal-Cache
X-Adblock-Key
Alt-Svc
X-Check
X-Cacheable
X-Xss-Protection
X-Generator
Content-Security-Policy-Report-Only
X-Cache-Status
X-Permitted-Cross-Domain-Policies
X-Ua-Compatible
X-AspNetMvc-Version
P3p
Status
Timing-Allow-Origin
Content-Encoding
X-Template
X-Language
X-Request-ID
X-Content-Security-Policy
X-Iinfo
X-DNS-Prefetch-Control
X-CDN
Upgrade
X-Buckets
Xkey
X-Kinja-Server-Push
X-Turbo-Charged-By
X-Via
Keep-Alive
Access-Control-Expose-Headers
Access-Control-Max-Age
CF-Ray
X-AH-Environment
X-Pass-Why
X-Drupal-Dynamic-Cache
X-Age
X-Cache-Group
X-Backend
X-Server
X-Amz-Request-Id
X-Amz-Id-2
X-Robots-Tag
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Pingback
X-Hacker
X-Server-Powered-By
X-Varnish-Cache
X-Nginx-Cache-Status
EagleId
X-Proxy-Cache
Grace
X-UA-Device
Request-Context
Cf-Railgun
X-Amz-Version-Id
X-Swift-SaveTime
X-Swift-CacheTime
WPE-Backend
Ali-Swift-Global-Savetime
X-WebKit-CSP
X-LiteSpeed-Cache
X-Device
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Server-Id
X-OneAgent-JS-Injection
Feature-Policy
X-Ac
X-Node
Content-Location
X-Dns-Prefetch-Control
X-Rq
EagleEye-TraceId
X-Host
X-Cnection
X-Backend-Server
Server-Timing
Allow
Report-To
X-Response-Time
X-Cache-Lookup
X-Application-Context
Request-Id
Surrogate-Control
X-Origin-Cache
Pinterest-Generated-By
X-Readtime
X-ORACLE-DMS-ECID
X-Cloud-Trace-Context
X-CST
NEL
X-Ruxit-JS-Agent
X-Rack-Cache
X-HW
X-FTR-Request-ID
X-Vhost
X-Clacks-Overhead
X-Country
X-Country-Code
X-DynaTrace
Rating
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Goog-Hash
X-Instart-Request-ID
X-Origin-Upstream-Status
X-Dispatcher
X-Url
X-Mod-Pagespeed
X-Px
Edge-Control
X-DataDome
X-VARITI-CCR
X-Vname
X-PC
X-TtlSet
Service-Worker-Allowed
X-MS-InvokeApp
Accept-CH
Verso
X-Server-Name
X-DataStream-Cache-Status
X-Varnish-TTL
X-Powered-By-Plesk
X-GoogleNews-Bot
X-Kinja-Build
X-Kinja
X-Exp-Variant
X-Cdn-Fetch
X-Exp-Id
X-Kinja-Revision
SPRequestGuid
X-Use-Magma
X-Kinja-Server
X-ESI
X-Recruiting
X-Vcap-Request-Id
AR-ATIME
AR-PoweredBy
AR-CACHE
X-D2id
X-GitHub-Request-Id
X-Amz-Server-Side-Encryption
Content-MD5
MS-Author-Via
AR-Request-ID
Ar-Sid
X-Abt-Application-Version
X-SharePointHealthScore
X-Version
Public-Key-Pins
Display
X-Middleton-Response
Response
X-Middleton-Display
X-Sol
X-Oracle-Dms-Rid
X-Cached
RTSS
Nginx-Cache
Pinterest-Version
X-Pinterest-Rid
X-Upstream-Proxy
DynaTrace
X-Navigation-Version
PB-PID
X-Mobile-Rewrite
PB-RID
Arc-Version
Charset
X-Amz-Rid
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Generation
X-DynaTrace-JS-Agent
X-Goog-Metageneration
X-ORACLE-DMS-RID
Realpath
ServerID
Fusion-Template-Id
Fusion-Content-Id
Fusion-Component-Id
Fusion-Source
Fusion-Content-Source
X-XRDS-Location
X-Ttl
X-Akam-SW-Version
X-Powered-CMS
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Client-IP
X-Trace
X-Forwarded-Proto
TCN
X-Shield-Request-Id
X-RateLimit-Remaining
X-FTR-Realm
X-FTR-DC
X-FTR-Cache-Status
X-FTR-Backend
X-FTR-Backend-Server
X-Country-Code-Real
X-FTR-Balancer
X-FTR-Expires
X-Goog-Storage-Class
X-VCache
X-Amz-Meta-S3cmd-Attrs
SPRequestDuration
X-Dw-Request-Base-Id
SPIisLatency
X-B3-TraceId
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Debug
X-TEC-API-VERSION
X-Ser
Alternate-Protocol
X-Id
X-Shard
X-TTL
Paypal-Debug-Id
X-Fastly-Request-ID
X-FTR-Cache-Host
X-Upstream
X-Varnish-Age
S
X-Litespeed-Cache
Fastcgi-Cache
X-MSEdge-Ref
X-T
X-Hits
X-Acc-Meta-Resource-Type
Host
X-Ezoic-Cdn
MicrosoftSharePointTeamServices
X-B3-TraceId-Primal
X-Mrf-Item-Lastmod
MRF-Tech
Mrf-Cache-Status
X-Mrf-Section-Lastmod
X-NF-Request-ID
X-DIS-Request-ID
X-Content-Digest
Front-End-Https
X-Frontend
X-Logged-In
X-DataStream-MidMile-RTT
Access-Control-Request-Method
X-DataStream-Origin-MEX-Latency
Pagespeed
X-Server-ID
Server-Name
Arr-Disable-Session-Affinity
X-HS-Content-Id
X-N
X-HS-Hub-Id
X-Amzn-Trace-Id
X-B3-Sampled
X-Kinsta-Cache
X-IPLB-Instance
X-Forwarded-For
X-Srv
X-Pad
X-Microsite
X-Request-Handler-Origin-Region
X-Fastcgi-Cache
X-Cdn
Edge-Cache-Tag
FilterID
X-Content-Type
Accept-CH-Lifetime
X-Accel-Expires
X-LB-Cache
X-Rid
X-Type
X-Debug-Info
X-AOL-HN
Surrogate-Key
AMP-Access-Control-Allow-Source-Origin
TP-Cache
X-RateLimit-Limit
X-Request-Processing-Time
TP-L2-Cache
X-Request-Received
X-Node-Name
Tracecode
X-FastCGI-Cache
X-Via-JSL
Backend-Timing
X-Grace
X-Analytics
X-Hostname
Accept-Ch-Lifetime
X-Page-Id
X-GUploader-UploadID
X-Webkit-Csp
Healthy
X-B3-Traceid
X-Cache-Rule
X-Revision
Accept-Charset
X-Whom
X-Varnish-Backend
X-Content-Options
X-Cache-2
Host-Header
X-Cache-Age
X-Content-Security-Policy-Report-Only
X-NWS-LOG-UUID
X-Amz-Replication-Status
X-Content-Powered-By
X-Framework
X-Cached-By
X-Cache-Control
X-User-Agent
X-PHP-Backend
X-FB-Debug
VIX-Pulpo-Upstream-Status
X-Varnish-Hostname
X-Request-Guid
VIX-Pulpo-Node
Powered
X-Cluster
Source
X-Mobile
X-TT
X-Varnish-Grace
X-Tumblr-Pixel-0
X-Akamai-Edgescape
X-Correlation-Id
X-Instance
X-Tumblr-Pixel
X-Tumblr-User
X-BCube-Filmed-By
X-App-Environment
Upgrade-Insecure-Requests
Cache-Status
Fastly-Restarts
Cleartype
Server-Info
X-Cache-TTL
X-Jobs
X-Zen-Fury
X-Cache-Hit
X-Amz-Apigw-Id
Access-Control-Allow-Method
X-Amzn-RequestId
X-Vcache
X-Drupal-Cache-Tags
X-AppVersion
X-Az
X-Activity-Id
X-Cache-Key
Retry-After
Actual-Object-TTL
X-Oneagent-Js-Injection
X-Cache-Remote
X-Platform-Server
X-ATG-Version
X-FW-Type
X-FW-Static
X-FW-Server
X-FW-Hash
X-FW-Serve
X-Cache-Action
X-CF-Powered-By
X-Cache-Operation
X-Forwarded-Host
X-URL
X-Response-Served-From
X-WebKit-CSP-Report-Only
Payment
X-Content-Age
X-Storage
X-TT-TIMESTAMP
X-Tumblr-Pixel-2
Server-Node
X-Adobe-Content
X-Geo-Country
X-Tumblr-Pixel-1
X-Adobe-Loc
Eomportal-Instance
X-VG-WebCache
X-TX-ID
X-ProcessESI
X-F-Cache
X-RemovedCookies
X-Real-IP
X-Yottaa-Metrics
Filters
X-Handled-By
X-Yottaa-Optimizations
Cache-Tv-Group
X-UA-Device-Type
X-Varnish-Hits
X-GeoIP
Cache
X-Cacheable-TTL
Cache-Tags
DC
X-Cache-NE
X-RequestSource
X-Accel-Buffering
Refresh
X-Daa-Tunnel
Webserver
X-B
X-Git-Hash
Cache-Tag
X-Redis-Cache
X-Iejgwucgyu
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Esi
X-Guploader-Uploadid
X-TA-CDN-Provider
From-Origin
Viewport
PageSpeed
Frame-Options
X-App-Server
X-Host-Name
MS-CV
X-PressLabs-Stats
X-Rendered-As
Datacenter
X-UUID
X-Contextid
X-Origin-Server
X-Cache-TTL-Remaining
X-WA-Info
X-Magnolia-Registration
X-Ratelimit-Reset
X-Cache-Enabled
X-FB-TRIP-ID
X-Mode
X-FW-Dynamic
Xserver
X-Varnish-Server
Country
X-Locale
X-Zipkin-Id
X-Path-Route
X-RN-RSRV
X-ES-SERVER
Load-Balancing
X-Cache-Var
X-Upstream-CT
X-Routing-Service
X-Rule
X-Upstream-HT
X-Cache-Var-Map
X-Hl-Ver
X-XRDS-LOCATION
Meta-Geo
X-Proxied
Machine
X-From
Cache-Key
X-Signature
X-B-Cache
GEO-INFO
NGX
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Backend-Name
X-NCache
X-Cache-Config
X-Cache-Backend
X-Web-Node
X-Hit
Mn-Server-Ip
Uber-Trace-Id
Vix-Hermes-Req-Id
L5d-Success-Class
X-Human
X-Pubstack
X-Rocket-Nginx-Bypass
X-Region
X-FC-Vary-Parameters
X-ServerID
X-Hosted-By
X-Viewer-Country
ServedBy
X-Proto
X-APP-VERSION
X-VG-TLSProxy
X-EdgeConnect-Cache-Status
X-JoinUs
X-OCL
Now
X-Labrador-Cache-Channel
X-Loop
X-LJ-Flow-ID
X-PCL
X-MP-GENERATED-AT
X-L-Path
X-Site-Version
X-Varnish-IP
X-VWS-Id
X-Cache-Host
X-Debug-Cache
X-EIG-Tracking-Id
X-Environment-Context
X-Tumblr-Pixel-3
X-Origin-Response-Time
X-R9-Blue-Green-Version
X-Varnish-Cache-Hits
Origin-Edge-Control
X-TNCMS
X-Trace-Id
X-AWS-Id
X-Akamai-Request-ID
X-Generated
Origin-Cache-Control
X-Hp-Webp
X-Mobile-URL
Cteonnt-Length
X-Upgrade-Enabled
X-VCT
X-Www-Served-By
DSUID
Nel
X-Section
X-NewRelic-App-Data
X-ProxyCache-Status
X-ProxyCache-Key
X-BYPASS-REASON
X-RCS-CacheZone
X-Device-Type
X-Access
X-Via-Fastly
X-Vgn-Hpd-Reason
Selected-FE
Release
X-Proxy-Build
X-Detected-As
X-Is-Bot
We-Hiring
X-Timing-Wait
Fastcgi-Useragent
Mail-Subject
X-B3-Spanid
DB-Nickname
X-Cache-Category-Id
X-CCM
X-Grey
X-S
OT-Force-Account-Verify
Cache-Name
X-Xfnlog-Site
X-Ua
S-Cnection
Powered-By-ChinaCache
X-GRACE
Rt-Fastcgi-Cache
HitType
X-NGENIX-Cache
X-Source
X-Cache-Grace
X-Seen-By
X-Webkit-CSP
SRV
Served-By
X-Presslabs-Stats
X-Tb
X-Birta-Served
X-Birta-Cache-Post
X-Nginx-Cache
X-Drupal-Cache-Contexts
X-BACKEND-TTL
Hostname
X-Generated-By
X-Cluster-Node
X-Microcachable
X-Format
X-UnsetCookies
X-Proxy
X-RTag
Ms-Operation-Id
X-Status
X-Cache-Server
Fastcgi-X-Cache-Version
X-ApacheServer
X-PERF
X-SS-Set-Cookie
Decoy-Debug-TTL
Decoy-Debug-Key
Decoy-Debug-Status
X-OVcl
X-Endurance-Cache-Level
X-OVcl-Cache
X-Sorting-Hat-ShopId
X-Time-Microsecs
X-Sorting-Hat-PodId
X-ShardId
X-ShopId
X-Alternate-Cache-Key
IBM-Web2-Location
X-Shopify-Stage
X-Time
Azure-InstanceId
Azure-RegionName
X-IP
Azure-SiteName
Azure-SlotName
X-B3-Parentspanid
Azure-Version
X-Origin-CC
X-Via-CDN
X-FW-Version
Fastly-SSL
X-Origin-TTL
X-Akamai-Transformed
X-UA
X-Info
NGB
Origin
Access-Control-Request-Headers
WZWS-RAY
Ec-Rule-Version
S-Rt
X-Ruxit-Js-Agent
X-Sn-Servicetimems
X-SIPLIST1
Cache-Prefix
X-SRCache-Key
X-ServiceProvider
Content-Script-Type
Content-Style-Type
Fly-Cache
GEO-REGION-INFO
HTTPS
X-Thinkindot-L3
Fly-Request-Id
X-Server-Time
MD5-Digest
Meta-Geo-Continent
IsBot
Cross-Origin-Window-Policy
BehaviorPad-Version
Apple-News-Services-Handled
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
X-Via-NSCOPI
X-Vtex-Processado-Em
Xc-Version
X-Worker
X-Vtex-Remote-Cache
Apple-News-Services-Request-Url
Arc-Country
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
X-Trv-Group
X-Twitter-Response-Tags
X-VG-WebServer
AsisCache
Node
Cache-Cookie-Set-From
X-Transaction
X-S-Cookie
X-G
X-IN-APIGATEWAY
X-Fastly-Cache
X-B-Cookie
X-External-Request-Id
X-ARC
X-IN-WAF
X-Irp-Debug
X-Accel-Expires-Debug
X-Instart-Info
X-Aed
X-Application
X-Cache-Bucket
X-Cache-Info
X-Cluster-Name
X-CF-Lambda-Version
X-Connection-Hash
X-Core-Mission
X-Core-Value
X-Date
X-Destination
X-DPWN-IS-SECURE
X-Developer
X-Cdn-Origin
X-CF-Lambda-Fn
X-A-Wwc
X-Matched-Rule
Thinkindot-CacheControl-Type
X-Rewrite-Enabled
X-Request-UUID
Thinkindot-Control
Viewtype
Thinkindot-CacheControl
Server-Int
Rendered-Blocks
Rt-Proxy-Cache
X-D
X-Rojux
VivaBuild
Www
X-NU-AKA-ACS-Version
X-Org
X-A-Dcw
X-A-Dgt
X-ND-Cache
X-PAYTM-SRV-ID
X-A-Ccd
X-Region-Sid
X-Processor
X-A
X-Phone
X-ScT
X-A-Dam
TWC-GeoIP-LatLong
TWC-GeoIP-Country
TWC-Device-Class
TWC-Connection-Speed
TWC-Locale-Group
TWC-Privacy
X-Origin-Hint
Webcakes-App-Version
Webcakes-App-Name
Property-Id
Webcakes-Region
X-Cdn-Forward
X-TIME
X-Origin
X-Geo
Proxy-Connection
X-Varnish-Cacheable
Backend-Name
X-ElasticPress-Search
X-Cache-Debug
X-Cdn-Srv
X-Wikidot-Static-Cache
X-Debug-Log
X-Gannett-Site-Version
X-Fetched-On
X-C
X-Debug-Cookies
X-App-Version
X-App-Name
Request-Time
Resin-Trace
Request-EU
Request-Country
On-Server
Server-Host
ServerName
X-BBXSRF
X-Gen-Mode
Web-Mar-Node
User-Cache-Control
X-Block-Status
X-Geo-Header
X-Protected-By
X-Rebelmouse-Cache-Control
X-Via-Edge
X-Origin-Expires
X-Origin-Date
X-Rebelmouse-Surrogate-Control
X-Reboot
X-Served-From
X-Swa-Ws
X-Reqid
X-VC-Cache
X-NX-Host
X-Via-SSL
X-Hnp-Log
X-Hash
X-Secret
X-Generation-Time
X-Instart-Isnd
X-Level-Front-Cache
X-No-Session
X-Nginx-Cache-Key
X-Wikidot-Backend
Memcached
X-Generated-On
X-Key
Country-Code
Gh-Request-Id
Esi-Enabled
Fastly-SIE
Fastly-SWR
X-IPS-LoggedIn
Backend
X-Nc
X-Request-Time
Group
X-Varnish-Action
Content-Disposition
Epwk-Cache
X-Developers
X-GEO
X-Distributor
X-CGP
X-Eu-Site
X-Webstats-RespID
X-Bip
X-Backend-State
X-Auto-Login
X-Amz-Meta-Cache-Control
X-Qloud-Router
X-Cache-Expires
Pramga
Fastly-Soc-X-Request-Id
X-Cache-Id
X-Cache-FS-Status
CDCHOST
X-GeoIP-Country-Code
X-S-Maxage
X-Request-URI
X-Release
X-TH-Server
X-Server-IP
X-SVT-ORM-RULES
X-SN
X-Skip-Cache
X-Planisys-CDN-TTL
X-Thanos
X-HS-Combine-CSS
X-HS-Cache-Config
X-SVT-ORM-VERSION
X-Location
AKAMAI
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-Page-Type
X-GeoIP-City
X-PHP-Host
ProcessTime
V-Age
HA-Ipaddr
Ha-Gx-Prefs
RNT-Machine
RNT-Time
REQUESTUUID
UCS
True-Client-Country-4JS
Version
X-Real-Ip
X-FireWall-Port
X-CACHE-GROUP
X-Edge-Location
Wxu-Next-Commit
X-Owner
X-Cms-Context
X-AIR-PT
Who
SD-X-WS
X-Distil-CS
X-Epic-Correlation-Id
X-Li-Pop
X-Li-Fabric
X-Dispatcher-Server
X-LI-UUID
Adler-Geo
Wxu-Next-Hostname
X-LAGOON
X-Crawler
X-CDN-Cache
X-Agile-Id
Is-Eu
Platform
Wxu-Next-Region
X-Agile-Age
Heartbleed
X-Variation
X-WebServer
X-Agile
Mime-Version
X-Dc
X-Device-Os
Mobile-Detection-Method
X-Refresh
X-NC
Server-ID
Akamai-GRN
X-AssetVersion
X-Wix-Request-Id
Memory
X-FPC
Accept-Ch
Time
FNAC-ModuleRouting
SS
X-Load-Cache
X-LI-Proto
X-Var-Ttl
X-We-Are-Hiring
X-Clientip
Countrycode
X-Servername
X-Sf
Cache-Hits
X-Parent-Response-Time
Amp-Access-Control-Allow-Source-Origin
Cache-Provider
CF-IPCountry
X-Unique-ID
NtCoent-Length
X-CDN-Forward
X-WPE-Loopback-Upstream-Addr
X-Policy
X-CLOUD-TRACE-CONTEXT
X-Internal-Host
Cdn
X-DC
GW-Server
X-Dynatrace-Js-Agent
X-CACHE-KEY
X-Micro-Cache
Fastcgi-X-Cache
A
X-NWS-UUID-VERIFY
X-Datadome
RequestId
X-Varnish-Beresp-Ttl
X-ZONE
X-Be
Ohc-Cache-HIT
Ohc-File-Size
X-SD-PageType
X-Gdpr
X-ECACHE
X-Tb-Optimization-Total-Bytes-Saved
GeoIp-Country-Code
X-Servedbyhost
Geoip-City
Geoip-Latitude
X-Web-Server
X-Response-By
X-Ratelimit-Remaining
X-Hyper-Cache
X-Zone
Liferay-Portal
X-Cache-URL
Cf-Ipcountry
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
CF-Cached-On
X-Apm-Svc-Key
X-Apm-Inst-Hash
Ajk
X-Apm-App-Name
X-Logtrace-Id
SN
Proxy-Firewall
X-Fstrz
X-APP
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Pf-Uncompressing
X-VCL-Version
X-UPSTREAM-Address
X-Vcl-Version
PICS-Label
Odigeo-Trace-Id
HostName
X-LiteSpeed-Cache-Control
X-Fastly-Country-Code
X-Request-Start
Section-Io-Cache
X-MServer
XServer
X-Lb-Id
X-Dispatch
X-HS-Status
X-Varnish-Beresp-TTL
X-SERVER-NAME
X-Aicache-OS
MIME-Version
CDN
X-Edge-Server
Is-Session-Tracking
Cdn-Host
X-Method
Cdn-Request-Time
X-Newrelic-Synthetics
X-NodeID
GeoIP-Country-Code
Get-Access-Time
PFcat
GeoIP-City
GeoIP-Latitude
X-Ratelimit-Limit
X-FORWARDED-FOR
X-Amzn-Remapped-Date
X-Pjax-Url
X-Erf-Bev-Bev-Is-Generated
X-VServer
X-Amzn-Remapped-Connection
X-CS
X-ServedByHost
X-Erf-Bev-Bev
X-Server-Group
X-SRV
LB
X-Nananana
X-Cache-Ttl
X-Fastly-Backend-Reqs
Requestid
X-COUNTRY
X-Backend-TTL
WebServer
X-Check-Cacheable
X-PF-Uncompressing
X-WA
Pragrma
Host-ID
X-B3-SpanId
X-Powered-By-Defense
X-Dynatrace
X-Correlation-ID
X-Azure-Ref-OriginShield
X-Azure-Ref
X-HTML-Minification-Powered-By
X-RequestId
Powered-By
X-Newrelic-App-Data
X-Up
CACHE
AR-SID
X-CSRF-TOKEN
Sid
X-LiteSpeed-Tag
Lb
X-Compress-Hint
X-Amzn-Remapped-Content-Length
X-Server-W
X-CUA
X-Edge
X-WR-MODIFICATION
Server-Cache-Control
Correlation-Id
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
TTL
X-MSEdge-Features
Server-Surrogate-Control
X-NGINX-Cache
X-EC-Lua
X-Oss-Request-Id
X-MSEdge-Flight
X-Contensis-Viewer-Groups
X-Backend-Host
X-Oss-Server-Time
X-Wa
X-Varnish-Authentication
X-Backend-Url
W
X-Cache-ASPX
X-Bc
X-Oss-Storage-Class
Dynatrace
X-Clara-WADP
X-Dw-Trace-Id
L
X-User
X-F5-Cache
X-Gateway-Cache-Key
X-WADP-Cache
X-Debug-Cache-Fetch
X-Debug-Cache-Expiry
X-BC
X-Gateway-Cache-Status
X-ServerName
X-Debug-Cache-Store
X-Request-Url
User-Agent
X-Svr
X-Gateway-Skip-Cache
X-LB-ID
X-PJAX-URL
Cneonction
X-Swift-Error
X-Mid
X-Fastly-Cache-Hits
X-Html-Edge-Cache
X-Cache-Tag
X-Via-Ucdn
X-Requestid
X-HTML-Edge-Cache
X-Fpc
URI
X-RateLimit-Reset
X-Varnish-Url
X-Akamai-Request-ID2
X-Generated-In
X-Got-Non-Ke-Cookie
N-Cache
X-Edge-IP
X-Li-Proto
Magicmarker
Accept-Language
352pxline
225prxHost
286prxHost
Xxline
219prxHost
X-Urbn-Context-Path
X-TT-LOGID
178proxuri
188prxHost
189phosttRef
Pagetype
X-Urbn-Site-Id
Locale
X-CSRF-Token
Ttl
X-BE
X-MID
Warning
X-Unique-Id
355prline
X-Cache-Miss-From
X-Sedo-Request-Id
X-MCACHE
WP-Super-Cache
409pxxline
X-Akamai-SSL-Client-Sid
DataCenter
Ohc-Response-Time
X-Proxy-Cache-Status
X-Proxy-Upstream
RequestUuid
X-Cache-Detail
X-Hello
X-Flog
Server-Id
FSS-Proxy
X-ABtesting
FSS-Cache
V-Cache
X-Exp-Se
X-Gen-Id
X-App
X-GDPR
X-Sucuri-ID
X-Sucuri-Cache
X-Alicdn-Da-Ups-Status