Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Pragma
X-Powered-By
CF-RAY
Link
X-XSS-Protection
ETag
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-UA-Compatible
Referrer-Policy
X-Served-By
X-Varnish
CF-Cache-Status
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-FRAME-OPTIONS
X-Drupal-Cache
X-Adblock-Key
Alt-Svc
X-Check
X-Cacheable
X-Generator
Content-Security-Policy-Report-Only
X-Xss-Protection
X-Cache-Status
X-Permitted-Cross-Domain-Policies
X-AspNetMvc-Version
X-Ua-Compatible
Status
P3p
Timing-Allow-Origin
X-Template
Content-Encoding
X-DNS-Prefetch-Control
X-Language
X-Content-Security-Policy
X-Iinfo
X-Request-ID
X-CDN
Upgrade
X-Buckets
Xkey
X-Kinja-Server-Push
X-Turbo-Charged-By
X-Via
Keep-Alive
Access-Control-Expose-Headers
Access-Control-Max-Age
X-AH-Environment
X-Pass-Why
X-Drupal-Dynamic-Cache
CF-Ray
X-Age
X-Cache-Group
X-Backend
X-Server
X-Amz-Id-2
X-Amz-Request-Id
X-Robots-Tag
X-Page-Speed
X-Envoy-Upstream-Service-Time
X-Pingback
X-Hacker
X-Varnish-Cache
X-Server-Powered-By
X-Nginx-Cache-Status
EagleId
X-Proxy-Cache
Grace
X-UA-Device
Request-Context
Cf-Railgun
X-Amz-Version-Id
X-Swift-SaveTime
X-Swift-CacheTime
WPE-Backend
Ali-Swift-Global-Savetime
X-WebKit-CSP
X-LiteSpeed-Cache
X-Device
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Server-Id
X-OneAgent-JS-Injection
Feature-Policy
X-Ac
X-Node
Content-Location
X-Rq
X-Host
EagleEye-TraceId
X-Cnection
X-Backend-Server
Server-Timing
Allow
Report-To
X-Response-Time
X-Cache-Lookup
X-Application-Context
Request-Id
X-Dns-Prefetch-Control
Surrogate-Control
X-Origin-Cache
X-Readtime
Pinterest-Generated-By
X-Cloud-Trace-Context
X-ORACLE-DMS-ECID
X-CST
NEL
X-Ruxit-JS-Agent
X-Rack-Cache
X-FTR-Request-ID
X-Vhost
X-HW
X-Country
X-Clacks-Overhead
X-Country-Code
X-DynaTrace
Rating
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Goog-Hash
X-Instart-Request-ID
X-Origin-Upstream-Status
X-Url
X-Dispatcher
X-Mod-Pagespeed
X-DataDome
Edge-Control
X-Px
X-VARITI-CCR
X-Vname
X-TtlSet
X-PC
Service-Worker-Allowed
X-MS-InvokeApp
Accept-CH
Verso
X-Varnish-TTL
X-DataStream-Cache-Status
X-Powered-By-Plesk
X-Exp-Variant
X-Cdn-Fetch
X-Kinja
X-GoogleNews-Bot
X-Kinja-Build
X-Exp-Id
X-Use-Magma
X-Kinja-Server
X-Kinja-Revision
X-Server-Name
X-Recruiting
SPRequestGuid
X-Vcap-Request-Id
AR-PoweredBy
AR-ATIME
AR-CACHE
X-ESI
X-D2id
X-GitHub-Request-Id
X-Amz-Server-Side-Encryption
Content-MD5
AR-Request-ID
MS-Author-Via
X-ORACLE-DMS-RID
X-Abt-Application-Version
Public-Key-Pins
X-Version
X-SharePointHealthScore
X-Cached
Ar-Sid
Response
X-Sol
X-Middleton-Response
X-Middleton-Display
Display
X-DynaTrace-JS-Agent
RTSS
Nginx-Cache
X-Mobile-Rewrite
PB-PID
X-Navigation-Version
Arc-Version
PB-RID
X-Upstream-Proxy
X-Pinterest-Rid
Pinterest-Version
DynaTrace
Charset
X-Amz-Rid
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Goog-Stored-Content-Length
ServerID
Realpath
X-XRDS-Location
Fusion-Component-Id
Fusion-Template-Id
Fusion-Content-Id
Fusion-Content-Source
Fusion-Source
X-Akam-SW-Version
X-Oracle-Dms-Rid
X-Powered-CMS
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Client-IP
X-Forwarded-Proto
X-TTL
X-Trace
TCN
X-Shield-Request-Id
X-FTR-Backend
X-Country-Code-Real
X-FTR-DC
X-FTR-Backend-Server
X-FTR-Realm
X-FTR-Cache-Status
X-FTR-Balancer
X-RateLimit-Remaining
X-FTR-Expires
X-Goog-Storage-Class
X-B3-TraceId
X-VCache
X-Amz-Meta-S3cmd-Attrs
X-Dw-Request-Base-Id
X-Ttl
SPRequestDuration
SPIisLatency
X-Debug
X-Ser
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
Alternate-Protocol
X-Id
X-Shard
X-Fastly-Request-ID
Paypal-Debug-Id
X-FTR-Cache-Host
X-Varnish-Age
X-Upstream
S
Fastcgi-Cache
X-MSEdge-Ref
X-T
X-Hits
X-Acc-Meta-Resource-Type
X-Litespeed-Cache
Host
X-Ezoic-Cdn
MicrosoftSharePointTeamServices
Mrf-Cache-Status
X-Mrf-Item-Lastmod
MRF-Tech
X-B3-TraceId-Primal
X-Mrf-Section-Lastmod
X-NF-Request-ID
X-DIS-Request-ID
Access-Control-Request-Method
Front-End-Https
X-Content-Digest
X-Logged-In
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
X-Frontend
Arr-Disable-Session-Affinity
Server-Name
X-HS-Hub-Id
X-HS-Content-Id
X-N
Pagespeed
X-Server-ID
X-Amzn-Trace-Id
X-Kinsta-Cache
X-Forwarded-For
X-B3-Sampled
X-IPLB-Instance
X-Fastcgi-Cache
X-Srv
X-Pad
X-Content-Type
X-Request-Handler-Origin-Region
X-Microsite
Edge-Cache-Tag
FilterID
X-Accel-Expires
X-AOL-HN
X-Type
TP-Cache
TP-L2-Cache
X-Debug-Info
X-Rid
X-LB-Cache
Surrogate-Key
X-Request-Received
X-Node-Name
X-Request-Processing-Time
Tracecode
X-Cdn
X-RateLimit-Limit
Accept-Ch-Lifetime
AMP-Access-Control-Allow-Source-Origin
X-Via-JSL
X-Analytics
Backend-Timing
Accept-CH-Lifetime
X-Grace
X-Hostname
X-FastCGI-Cache
X-Page-Id
Healthy
Accept-Charset
X-Cache-Rule
X-Revision
X-Content-Options
X-Whom
X-GUploader-UploadID
X-Varnish-Backend
X-Webkit-Csp
Host-Header
X-Cache-2
X-NWS-LOG-UUID
X-B3-Traceid
X-Cached-By
X-Cache-Age
X-Content-Powered-By
X-Content-Security-Policy-Report-Only
X-Amz-Replication-Status
X-User-Agent
X-PHP-Backend
X-FB-Debug
X-Varnish-Hostname
X-Framework
X-Correlation-Id
X-Cache-Control
X-TT
VIX-Pulpo-Node
Powered
Source
X-Mobile
VIX-Pulpo-Upstream-Status
X-Request-Guid
X-Cluster
X-Tumblr-Pixel
X-Tumblr-User
X-Instance
X-BCube-Filmed-By
X-Akamai-Edgescape
X-Varnish-Grace
X-Tumblr-Pixel-0
X-App-Environment
Cache-Status
Upgrade-Insecure-Requests
Fastly-Restarts
Server-Info
Cleartype
X-Cache-Hit
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Jobs
X-Zen-Fury
Access-Control-Allow-Method
X-Activity-Id
X-Drupal-Cache-Tags
X-AppVersion
X-Az
X-Cache-TTL
Retry-After
X-Vcache
X-Platform-Server
Actual-Object-TTL
X-Cache-Remote
X-ATG-Version
X-FW-Type
X-FW-Static
X-FW-Serve
X-FW-Hash
X-FW-Server
X-Cache-Key
X-CF-Powered-By
X-Iejgwucgyu
Cache
X-Cache-Action
X-Forwarded-Host
X-Oneagent-Js-Injection
X-Cache-Operation
X-Esi
X-Geo-Country
X-WebKit-CSP-Report-Only
X-Response-Served-From
Payment
X-F-Cache
X-Adobe-Loc
X-Adobe-Content
X-RemovedCookies
X-ProcessESI
Server-Node
X-Tumblr-Pixel-1
X-TX-ID
X-TT-TIMESTAMP
X-Tumblr-Pixel-2
X-Storage
X-Content-Age
Eomportal-Instance
X-Yottaa-Metrics
X-UA-Device-Type
X-Yottaa-Optimizations
X-VG-WebCache
Filters
Cache-Tags
Cache-Tv-Group
X-Varnish-Hits
X-Cache-NE
X-Cacheable-TTL
X-B
X-URL
X-Handled-By
X-GeoIP
Refresh
X-RequestSource
DC
X-Guploader-Uploadid
X-Daa-Tunnel
X-Accel-Buffering
X-Real-IP
PageSpeed
Cache-Tag
X-Git-Hash
X-PressLabs-Stats
X-Redis-Cache
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
Webserver
From-Origin
Frame-Options
Viewport
X-App-Server
MS-CV
X-Host-Name
Datacenter
X-Rendered-As
X-UUID
X-Origin-Server
X-WA-Info
X-Contextid
X-Ratelimit-Reset
X-Cache-TTL-Remaining
Xserver
X-Magnolia-Registration
X-TA-CDN-Provider
X-FB-TRIP-ID
X-Cache-Enabled
X-Mode
X-FW-Dynamic
Country
X-Varnish-Server
X-Locale
X-Path-Route
X-Hl-Ver
X-Upstream-CT
X-Proxied
Machine
Meta-Geo
Load-Balancing
X-Zipkin-Id
X-ES-SERVER
X-Upstream-HT
X-Rule
X-Cache-Var-Map
X-Cache-Var
X-RN-RSRV
X-Ua
X-B-Cache
X-Routing-Service
X-Signature
X-From
Cache-Key
NGX
GEO-INFO
X-ProxyCache-Key
X-Viewer-Country
X-ProxyCache-Status
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Web-Node
X-ServerID
X-NCache
X-Rocket-Nginx-Bypass
X-Backend-Name
X-BYPASS-REASON
X-Cache-Config
L5d-Success-Class
X-PCL
X-VG-TLSProxy
X-Human
X-OCL
X-Region
X-JoinUs
X-Labrador-Cache-Channel
X-L-Path
Now
X-Debug-Cache
X-Environment-Context
X-Cache-Host
Vix-Hermes-Req-Id
Uber-Trace-Id
X-FC-Vary-Parameters
X-Cache-Backend
X-Hosted-By
Mn-Server-Ip
ServedBy
Origin-Cache-Control
X-Proto
X-Pubstack
Origin-Edge-Control
X-EdgeConnect-Cache-Status
X-Hit
X-GRACE
X-MP-GENERATED-AT
X-Loop
X-Origin-Response-Time
X-RCS-CacheZone
X-TNCMS
X-Site-Version
X-S
X-XRDS-LOCATION
X-LJ-Flow-ID
X-Grey
X-Cache-Category-Id
X-AWS-Id
X-Akamai-Request-ID
X-CCM
X-EIG-Tracking-Id
X-Trace-Id
X-Generated
Cteonnt-Length
Powered-By-ChinaCache
X-R9-Blue-Green-Version
X-Varnish-Cache-Hits
X-Varnish-IP
X-VWS-Id
X-Upgrade-Enabled
X-Via-Fastly
X-Tumblr-Pixel-3
X-Hp-Webp
X-Mobile-URL
DSUID
X-Xfnlog-Site
Mail-Subject
X-Www-Served-By
X-Vgn-Hpd-Reason
DB-Nickname
X-Device-Type
X-VCT
X-APP-VERSION
We-Hiring
X-Section
X-Access
X-Detected-As
Release
Selected-FE
X-Timing-Wait
X-Is-Bot
X-Proxy-Build
X-NewRelic-App-Data
OT-Force-Account-Verify
Nel
Cache-Name
HitType
Fastcgi-Useragent
X-B3-Spanid
Rt-Fastcgi-Cache
X-NGENIX-Cache
S-Cnection
X-Seen-By
X-Nginx-Cache
X-Cache-Grace
X-Source
X-Tb
X-Drupal-Cache-Contexts
Served-By
X-Webkit-CSP
X-BACKEND-TTL
SRV
X-Birta-Served
X-Generated-By
X-Birta-Cache-Post
Hostname
X-Cluster-Node
X-Format
X-UnsetCookies
X-RTag
X-Microcachable
X-Proxy
Ms-Operation-Id
X-Time
X-Presslabs-Stats
X-Cache-Server
X-Status
X-PERF
X-ApacheServer
Fastcgi-X-Cache-Version
Decoy-Debug-TTL
Decoy-Debug-Key
X-Endurance-Cache-Level
X-OVcl
X-OVcl-Cache
Decoy-Debug-Status
X-SS-Set-Cookie
X-ShardId
X-Time-Microsecs
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Akamai-Transformed
X-ShopId
X-Alternate-Cache-Key
X-Shopify-Stage
Azure-SlotName
Azure-SiteName
Azure-InstanceId
X-Geo
Azure-RegionName
Azure-Version
X-IP
IBM-Web2-Location
X-Via-CDN
X-FW-Version
Access-Control-Request-Headers
X-B3-Parentspanid
NGB
Origin
X-Info
Fastly-SSL
X-Cdn-Forward
X-Origin-CC
X-Origin-TTL
X-Origin
S-Rt
TWC-Connection-Speed
Ec-Rule-Version
Property-Id
TWC-GeoIP-Country
TWC-Locale-Group
TWC-Device-Class
TWC-GeoIP-LatLong
TWC-Privacy
Webcakes-Region
Webcakes-App-Version
Webcakes-App-Name
X-Origin-Hint
X-App-Version
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
Content-Script-Type
Content-Style-Type
Cross-Origin-Window-Policy
X-Gen-Mode
Cache-Prefix
X-IN-APIGATEWAY
X-Hnp-Log
X-IN-WAF
X-Irp-Debug
Backend-Name
Apple-News-Services-Handled
Apple-News-Services-Host
AsisCache
Arc-Country
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
BehaviorPad-Version
MD5-Digest
X-A-Wwc
X-Accel-Expires-Debug
X-Aed
X-Core-Value
X-A-Dgt
X-A-Dcw
X-D
X-A
X-A-Ccd
X-A-Dam
X-Core-Mission
X-Connection-Hash
X-Block-Status
X-Cdn-Origin
X-Cache-Bucket
X-Cache-Info
X-CF-Lambda-Fn
X-B-Cookie
X-Cluster-Name
X-CF-Lambda-Version
X-Application
X-ARC
X-Date
Www
X-DPWN-IS-SECURE
Meta-Geo-Continent
Node
Rendered-Blocks
IsBot
X-External-Request-Id
Fly-Request-Id
GEO-REGION-INFO
X-G
X-Fastly-Cache
Rt-Proxy-Cache
X-Developer
User-Cache-Control
Viewtype
VivaBuild
Web-Mar-Node
Thinkindot-Control
Thinkindot-CacheControl-Type
Server-Int
X-Destination
Thinkindot-CacheControl
Fly-Cache
X-Instart-Info
X-ScT
Xc-Version
X-S-Cookie
X-VG-WebServer
X-Processor
X-Trv-Group
X-Vtex-Remote-Cache
X-Rojux
X-Rewrite-Enabled
X-Vtex-Processado-Em
X-Region-Sid
X-Via-NSCOPI
X-Phone
X-PAYTM-SRV-ID
X-Request-UUID
X-Request-Time
X-Sn-Servicetimems
X-Twitter-Response-Tags
X-ServiceProvider
X-Transaction
X-Thinkindot-L3
X-SIPLIST1
X-SRCache-Key
X-Matched-Rule
X-ND-Cache
X-Org
X-NU-AKA-ACS-Version
X-Server-Time
X-Worker
X-Nc
X-Varnish-Cacheable
X-Real-Ip
X-ElasticPress-Search
Proxy-Connection
WZWS-RAY
X-Ruxit-Js-Agent
X-Reboot
Server-Host
X-Via-SSL
Request-Time
On-Server
X-Rebelmouse-Surrogate-Control
Request-Country
Resin-Trace
Memcached
RNT-Machine
RNT-Time
Request-EU
X-Debug-Cookies
X-Cdn-Srv
X-App-Name
X-Served-From
X-Secret
X-BBXSRF
X-C
X-Cache-Id
X-Cache-FS-Status
X-Cache-Debug
X-Amz-Meta-Cache-Control
X-VC-Cache
X-Reqid
True-Client-Country-4JS
X-Debug-Log
V-Age
X-Request-URI
X-Via-Edge
X-S-Maxage
Gh-Request-Id
ServerName
X-Distributor
X-PHP-Host
X-Swa-Ws
X-Generation-Time
X-Geo-Header
Backend
X-Protected-By
Country-Code
HTTPS
CDCHOST
X-Hash
X-Page-Type
X-NX-Host
X-No-Session
X-Nginx-Cache-Key
X-Origin-Date
X-Level-Front-Cache
X-Instart-Isnd
X-Key
X-Origin-Expires
Esi-Enabled
X-Generated-On
X-Wikidot-Static-Cache
X-Rebelmouse-Cache-Control
X-Wikidot-Backend
X-Gannett-Site-Version
Fastly-SIE
X-Fetched-On
Fastly-SWR
X-FireWall-Port
X-IPS-LoggedIn
X-CDN-Cache
X-Cms-Context
X-UA
X-Variation
X-Varnish-Action
X-Agile
X-Agile-Age
X-CGP
X-Agile-Id
X-TH-Server
X-Owner
HA-Ipaddr
X-Li-Fabric
X-Cache-Expires
X-Location
X-Thanos
X-LI-UUID
X-Webstats-RespID
Version
X-Auto-Login
X-Server-IP
X-Backend-State
Is-Eu
X-Eu-Site
X-Bip
X-Epic-Correlation-Id
X-HS-Cache-Config
X-SN
Pramga
Platform
X-Planisys-CDN-TTL
X-HS-Combine-CSS
X-Planisys-CDN-Rules
X-Developers
SD-X-WS
REQUESTUUID
Epwk-Cache
Fastly-Soc-X-Request-Id
ProcessTime
Content-Disposition
X-Qloud-Router
X-Release
X-Dispatcher-Server
X-WebServer
Adler-Geo
X-GeoIP-City
X-GeoIP-Country-Code
X-Skip-Cache
X-Li-Pop
X-Planisys-CDN-Cache
Ha-Gx-Prefs
UCS
AKAMAI
Group
X-Distil-CS
X-Crawler
X-Device-Os
X-Refresh
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-LAGOON
Wxu-Next-Commit
Wxu-Next-Region
Heartbleed
Who
Wxu-Next-Hostname
Mime-Version
Server-ID
X-TIME
X-Edge-Location
X-CACHE-GROUP
Amp-Access-Control-Allow-Source-Origin
X-AIR-PT
X-Dc
X-AssetVersion
Time
FNAC-ModuleRouting
X-LI-Proto
X-NC
Memory
X-GEO
Mobile-Detection-Method
X-Load-Cache
X-Wix-Request-Id
Akamai-GRN
X-Sf
X-Var-Ttl
X-FPC
Cache-Hits
Accept-Ch
SS
X-WPE-Loopback-Upstream-Addr
X-We-Are-Hiring
X-CACHE-KEY
X-Clientip
Countrycode
X-Servername
X-Parent-Response-Time
X-Policy
X-Internal-Host
NtCoent-Length
Cache-Provider
CF-IPCountry
Cdn
X-Unique-ID
X-DC
X-CLOUD-TRACE-CONTEXT
X-CDN-Forward
GW-Server
X-Micro-Cache
X-NWS-UUID-VERIFY
Fastcgi-X-Cache
A
X-Datadome
X-Varnish-Beresp-Ttl
X-Gdpr
X-SERVER-NAME
X-SD-PageType
RequestId
X-ZONE
X-Be
X-Servedbyhost
X-Tb-Optimization-Total-Bytes-Saved
Ohc-File-Size
Ohc-Cache-HIT
X-Response-By
X-ECACHE
X-Web-Server
Liferay-Portal
X-Zone
Cf-Ipcountry
Geoip-Latitude
GeoIp-Country-Code
Geoip-City
X-Cache-URL
X-Hyper-Cache
X-Ratelimit-Remaining
Ajk
X-Apm-Inst-Hash
X-Varnish-Beresp-Grace
X-Apm-Svc-Key
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Apm-App-Name
SN
X-Logtrace-Id
X-Dynatrace-Js-Agent
X-Varnish-Beresp-Status
HostName
CF-Cached-On
PICS-Label
Proxy-Firewall
X-APP
X-Vcl-Version
X-Fstrz
X-VCL-Version
X-Pf-Uncompressing
X-UPSTREAM-Address
Odigeo-Trace-Id
X-Request-Start
X-LiteSpeed-Cache-Control
Section-Io-Cache
X-Aicache-OS
MIME-Version
AR-SID
X-Varnish-Beresp-TTL
X-MServer
X-Fastly-Country-Code
CDN
GeoIP-City
GeoIP-Country-Code
X-Newrelic-Synthetics
GeoIP-Latitude
X-Cache-Ttl
X-HS-Status
X-Lb-Id
X-NodeID
X-Dispatch
WebServer
X-Amzn-Remapped-Connection
XServer
Get-Access-Time
X-Method
Cdn-Host
X-Edge-Server
PFcat
Cdn-Request-Time
X-Server-Group
Is-Session-Tracking
X-Amzn-Remapped-Date
X-Ratelimit-Limit
X-FORWARDED-FOR
X-Nananana
X-B3-SpanId
X-Erf-Bev-Bev
X-CS
X-ServedByHost
LB
X-Pjax-Url
Requestid
X-Erf-Bev-Bev-Is-Generated
X-VServer
X-SRV
X-COUNTRY
X-Backend-TTL
X-Fastly-Backend-Reqs
X-Newrelic-App-Data
X-Check-Cacheable
Pragrma
X-WA
X-PF-Uncompressing
X-Powered-By-Defense
X-RequestId
X-Up
Host-ID
X-Correlation-ID
X-Dynatrace
X-Azure-Ref
X-Compress-Hint
X-Azure-Ref-OriginShield
X-CSRF-TOKEN
Lb
X-Amzn-Remapped-Content-Length
X-HTML-Minification-Powered-By
X-Server-W
Powered-By
X-CUA
Server-Cache-Control
X-LiteSpeed-Tag
Server-Surrogate-Control
X-MSEdge-Flight
X-Oss-Hash-Crc64ecma
X-Backend-Host
X-Contensis-Viewer-Groups
X-Varnish-Authentication
Sid
X-MSEdge-Features
X-Backend-Url
X-Oss-Request-Id
X-Oss-Server-Time
X-Oss-Storage-Class
X-Oss-Object-Type
X-Cache-ASPX
X-Wa
X-Edge
X-WR-MODIFICATION
X-EC-Lua
X-WADP-Cache
TTL
X-LB-ID
X-Clara-WADP
X-User
Correlation-Id
X-Bc
X-Gateway-Skip-Cache
X-PJAX-URL
X-Gateway-Cache-Status
W
X-ServerName
X-F5-Cache
X-Debug-Cache-Store
X-Debug-Cache-Expiry
X-Debug-Cache-Fetch
X-Gateway-Cache-Key
X-Akamai-Request-ID2
Dynatrace
X-Dw-Trace-Id
Cneonction
X-Got-Non-Ke-Cookie
X-BC
Accept-Language
CACHE
X-Fpc
X-Generated-In
X-NGINX-Cache
X-Request-Url
X-Svr
L
User-Agent
X-MID
X-Html-Edge-Cache
X-Cache-Miss-From
189phosttRef
Xxline
Locale
Pagetype
409pxxline
355prline
URI
X-Varnish-Url
X-Urbn-Site-Id
N-Cache
X-Edge-IP
Magicmarker
352pxline
286prxHost
X-Swift-Error
188prxHost
178proxuri
X-Fastly-Cache-Hits
X-Li-Proto
X-Urbn-Context-Path
X-Requestid
X-Sedo-Request-Id
225prxHost
X-Via-Ucdn
219prxHost
X-HTML-Edge-Cache
X-MCACHE
X-TT-LOGID
X-Proxy-Upstream
X-Proxy-Cache-Status
X-BE
X-Mid
WP-Super-Cache
X-Flog
X-CSRF-Token
Ttl
X-ABtesting
X-Exp-Se
Warning
X-Unique-Id
X-Cache-Tag
X-Hello
X-Akamai-SSL-Client-Sid
Srv
Https
RequestUuid
X-Platform
Dnion-Transfer-Encoding
Lfy
Ohc-Response-Time
X-Alicdn-Da-Ups-Status
X-Sucuri-ID
X-GDPR
X-Gen-Id
X-Sucuri-Cache
V-Cache
FSS-Proxy
X-App
Server-Id
X-Cache-Detail
FSS-Cache