Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
X-Powered-By
Link
ETag
CF-RAY
X-XSS-Protection
Expect-CT
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
CF-Cache-Status
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-Xss-Protection
X-AspNet-Version
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-FRAME-OPTIONS
X-Drupal-Cache
X-Adblock-Key
Alt-Svc
X-Check
X-Cacheable
X-Request-ID
X-Generator
Content-Security-Policy-Report-Only
X-Cache-Status
CF-Ray
X-AspNetMvc-Version
X-Permitted-Cross-Domain-Policies
X-DNS-Prefetch-Control
X-Template
X-Language
Status
X-Iinfo
Content-Encoding
Timing-Allow-Origin
X-Buckets
X-Content-Security-Policy
Upgrade
X-CDN
Xkey
X-Turbo-Charged-By
X-Kinja-Server-Push
Keep-Alive
Access-Control-Expose-Headers
P3p
X-Backend
X-Cache-Group
X-Pass-Why
X-AH-Environment
Access-Control-Max-Age
X-Age
X-Drupal-Dynamic-Cache
X-Ua-Compatible
X-Pingback
X-Server
X-Proxy-Cache
X-Via
X-Amz-Id-2
X-Amz-Request-Id
Grace
X-Hacker
X-Robots-Tag
WPE-Backend
X-Nginx-Cache-Status
X-Server-Powered-By
X-Varnish-Cache
X-Page-Speed
X-UA-Device
EagleId
Request-Context
X-Envoy-Upstream-Service-Time
Cf-Railgun
X-Amz-Version-Id
X-LiteSpeed-Cache
X-WebKit-CSP
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Swift-CacheTime
X-Swift-SaveTime
X-OneAgent-JS-Injection
X-Device
Allow
Ali-Swift-Global-Savetime
Server-Timing
X-CST
X-Ac
X-Type
X-Rq
X-Node
X-Host
X-Server-Id
Feature-Policy
Content-Location
X-Response-Time
X-Cnection
Report-To
X-Backend-Server
X-Application-Context
Surrogate-Control
EagleEye-TraceId
X-Iejgwucgyu
X-Cloud-Trace-Context
X-ORACLE-DMS-ECID
X-Origin-Cache
X-Readtime
X-Rack-Cache
Request-Id
X-Url
X-FTR-Request-ID
X-Country
X-Cache-Lookup
X-Clacks-Overhead
X-Country-Code
Rating
NEL
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Instart-Request-ID
X-Upstream-Env
X-Dns-Prefetch-Control
X-Ruxit-JS-Agent
Pinterest-Generated-By
X-Mod-Pagespeed
X-Vhost
X-DynaTrace
X-Origin-Upstream-Status
X-Px
X-DataDome
Edge-Control
X-Goog-Hash
Verso
X-Server-Name
Accept-CH
X-Dispatcher
X-ESI
X-HW
X-ORACLE-DMS-RID
X-GitHub-Request-Id
MS-Author-Via
X-VARITI-CCR
Charset
PB-PID
X-Mobile-Rewrite
PB-RID
Arc-Version
X-MS-InvokeApp
X-DataStream-Cache-Status
X-Kinja-Build
X-Kinja-Revision
X-Kinja
X-GoogleNews-Bot
X-Exp-Variant
X-Cdn-Fetch
X-Exp-Id
X-Kinja-Server
X-Use-Magma
AR-PoweredBy
AR-CACHE
X-Version
AR-ATIME
X-Cached
Content-MD5
X-Powered-By-Plesk
X-Recruiting
Public-Key-Pins
Service-Worker-Allowed
Accept-CH-Lifetime
AR-Request-ID
X-D2id
X-Abt-Application-Version
RTSS
X-Vname
X-TtlSet
X-Navigation-Version
X-PC
Ar-Sid
X-TTL
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Ser
X-Varnish-TTL
X-Trace
X-Forwarded-Proto
SPRequestGuid
X-Client-IP
X-Vcap-Request-Id
X-Amz-Server-Side-Encryption
X-DynaTrace-JS-Agent
X-FTR-Realm
X-FTR-Backend-Server
X-FTR-Backend
X-FTR-DC
X-FTR-Cache-Status
X-FTR-Balancer
X-Country-Code-Real
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-SharePointHealthScore
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-FTR-Expires
X-Amz-Rid
X-Server-ID
X-Fastly-Request-ID
Nginx-Cache
S
X-VCache
X-Amz-Meta-S3cmd-Attrs
Arr-Disable-Session-Affinity
X-Debug
TCN
X-XRDS-Location
X-Shield-Request-Id
Pinterest-Version
X-Pinterest-Rid
X-Upstream-Proxy
X-Id
X-Dw-Request-Base-Id
X-Hits
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
SPIisLatency
SPRequestDuration
X-Oracle-Dms-Rid
DynaTrace
X-Akam-SW-Version
X-SERVER
Access-Control-Request-Method
X-Goog-Storage-Class
Front-End-Https
X-FTR-Cache-Host
X-T
X-Ttl
X-B3-TraceId
X-Powered-CMS
X-Aspnet-Version
X-NF-Request-ID
X-Acc-Meta-Resource-Type
Realpath
Paypal-Debug-Id
X-Amzn-Trace-Id
X-MSEdge-Ref
Tracecode
X-Varnish-Age
Fastcgi-Cache
X-N
X-Content-Type
X-Forwarded-For
X-B3-TraceId-Primal
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
Alternate-Protocol
MRF-Tech
Mrf-Cache-Status
X-RateLimit-Remaining
X-Upstream
X-Frontend
Fusion-Content-Source
X-Sol
Fusion-Template-Id
Fusion-Source
Fusion-Content-Id
Fusion-Component-Id
X-Middleton-Display
X-PressLabs-Stats
X-Logged-In
Display
X-Content-Digest
X-HS-Hub-Id
X-HS-Content-Id
AMP-Access-Control-Allow-Source-Origin
X-Accel-Buffering
X-Litespeed-Cache
Response
X-Middleton-Response
X-Hostname
X-Cache-Key
X-Srv
X-Kinsta-Cache
X-Accel-Expires
X-Pad
Server-Name
MicrosoftSharePointTeamServices
X-B3-Traceid
X-FastCGI-Cache
X-Content-Options
X-User-Agent
Host
Backend-Timing
Refresh
X-Analytics
X-Correlation-Id
X-DIS-Request-ID
X-Debug-Info
X-IPLB-Instance
X-LB-Cache
X-Rid
X-Fastcgi-Cache
X-Cdn
X-Revision
X-AppVersion
X-Activity-Id
X-Az
X-B
X-Amzn-RequestId
FilterID
X-Amz-Apigw-Id
Accept-Charset
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
X-Grace
ServerID
X-Cache-Hit
X-Cache-2
X-B3-Sampled
X-CF-Powered-By
Powered-By-ChinaCache
Surrogate-Key
X-Page-Id
X-Whom
Server-Info
X-PHP-Backend
TP-Cache
TP-L2-Cache
X-Webkit-CSP
X-Request-Processing-Time
X-Content-Security-Policy-Report-Only
X-Ruxit-Js-Agent
Host-Header
X-Request-Received
Source
VIX-Pulpo-Node
X-Amz-Replication-Status
VIX-Pulpo-Upstream-Status
X-TT
X-Varnish-Backend
X-Cluster
X-Cache-Action
X-Origin-Server
MS-CV
X-Tumblr-User
X-Framework
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Akamai-Edgescape
X-F-Cache
X-Instance
X-FW-Type
X-FW-Static
X-Kong-Proxy-Latency
X-App-Environment
X-Platform-Server
X-Mobile
X-RateLimit-Limit
X-FW-Serve
X-FW-Server
X-FW-Hash
X-Kong-Upstream-Latency
Cache-Status
Access-Control-Allow-Method
X-Content-Powered-By
X-Cached-By
X-Varnish-Grace
X-UA-Device-Type
X-Request-Guid
X-Handled-By
X-SS-Set-Cookie
X-Drupal-Cache-Tags
X-Geo-Country
X-Zen-Fury
X-Magnolia-Registration
X-Shard
CACHE
X-FB-Debug
X-Ezoic-Cdn
X-Cache-TTL
PageSpeed
X-Forwarded-Host
Edge-Cache-Tag
X-GUploader-UploadID
X-ATG-Version
From-Origin
X-App-Server
DC
X-Cache-Age
X-Varnish-Server
X-Wix-Server-Artifact-Id
X-Node-Name
Cleartype
X-Varnish-Hostname
X-AOL-HN
Cache-Tags
X-BCube-Filmed-By
Payment
X-Cache-Control
X-Region
X-WebKit-CSP-Report-Only
X-Response-Served-From
Filters
X-RequestSource
X-Generated-By
X-Signature
X-Adobe-Loc
X-TX-ID
X-Adobe-Content
X-B-Cache
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
NGB
Webserver
X-UUID
Upgrade-Insecure-Requests
X-VG-WebCache
X-TT-TIMESTAMP
X-GeoIP
Cache-Tv-Group
X-FW-Dynamic
Server-Node
GEO-INFO
Ms-Operation-Id
X-Jobs
Country
Healthy
Retry-After
X-Storage
X-Seen-By
X-Redis-Cache
X-RTag
X-Drupal-Cache-Contexts
Actual-Object-TTL
X-Varnish-Hits
ServedBy
X-Content-Age
X-XRDS-LOCATION
X-Cacheable-TTL
Liferay-Portal
X-Locale
X-Cache-Rule
X-Via-JSL
X-Contextid
X-Esi
Fastly-Restarts
X-Rendered-As
X-Oneagent-Js-Injection
Frame-Options
Powered
HitType
X-Cache-TTL-Remaining
X-Varnish-IP
X-Guploader-Uploadid
X-BACKEND-TTL
S-Cnection
Viewport
X-Real-IP
X-Yottaa-Metrics
Content-Script-Type
X-Yottaa-Optimizations
X-WA-Info
ViewerVersion
Content-Style-Type
X-Wix-Request-Id
X-Cache-Server
X-Upgrade-Enabled
X-TA-CDN-Provider
NtCoent-Length
Datacenter
X-RemovedCookies
X-Cache-Config
Eomportal-Instance
X-Mode
X-ProcessESI
X-Endurance-Cache-Level
X-RN-RSRV
Load-Balancing
Meta-Geo
X-Cache-Var
Cache-Key
Cache-Hits
X-Akamai-Transformed
X-Varnish-Cache-Hits
X-Cache-NE
X-Cache-Var-Map
X-Detected-As
X-Proto
X-Proxied
X-Routing-Service
X-Path-Route
X-Is-Bot
X-Device-Type
X-ES-SERVER
X-Hl-Ver
X-Zipkin-Id
Machine
Access-Control-Request-Headers
TWC-GeoIP-Country
TWC-Device-Class
TWC-Connection-Speed
TWC-Locale-Group
TWC-Privacy
Webcakes-App-Version
Webcakes-App-Name
Vix-Hermes-Req-Id
X-Section
Property-Id
X-VWS-Id
X-Viewer-Country
X-VG-TLSProxy
L5d-Success-Class
X-Origin-Hint
OT-Force-Account-Verify
X-From
Mn-Server-Ip
Webcakes-Region
TWC-GeoIP-LatLong
X-Environment-Context
X-Proxy
X-Access
X-Hosted-By
X-LJ-Flow-ID
X-Format
X-FW-Version
X-Cache-Enabled
X-L-Path
X-S
X-AWS-Id
X-Backend-Name
X-NewRelic-App-Data
DB-Nickname
X-TNCMS
Azure-Version
Azure-RegionName
Azure-InstanceId
Azure-SiteName
X-Origin-Response-Time
X-Labrador-Cache-Channel
Azure-SlotName
X-Loop
Now
X-Birta-Served
X-Birta-Cache-Post
We-Hiring
X-Akamai-Request-ID
X-EIG-Tracking-Id
X-ServerID
Mail-Subject
X-Tb
X-Status
S-Rt
X-GRACE
X-Time-Microsecs
X-FC-Vary-Parameters
Decoy-Debug-Key
Xserver
X-Via-Fastly
Decoy-Debug-Status
Decoy-Debug-TTL
X-Proxy-Build
X-Time
X-IP
Cache-Tag
X-Via-CDN
X-ProxyCache-Status
Selected-FE
X-Web-Node
X-ProxyCache-Key
Origin-Cache-Control
X-Trace-Id
X-JoinUs
X-CCM
X-BYPASS-REASON
Origin-Edge-Control
X-NCache
X-Tumblr-Pixel-3
X-Timing-Wait
X-Xfnlog-Site
X-Varnish-Cacheable
X-Cache-Category-Id
NGX
X-FB-TRIP-ID
X-Internal-Host
X-PCL
X-Origin-Host
X-Grey
X-Www-Served-By
X-Debug-Cache
X-MP-GENERATED-AT
X-Human
Served-By
X-OCL
X-Generated
X-Cache-Operation
X-Newrelic-App-Data
X-Site-Version
Uber-Trace-Id
X-Rocket-Nginx-Bypass
X-Vgn-Hpd-Reason
X-Dynatrace-Js-Agent
X-UA
X-VC-Cache
AsisCache
X-EdgeConnect-Cache-Status
X-R9-Blue-Green-Version
User-Agent
X-CDN-Cache
LB
X-NWS-LOG-UUID
X-Rule
X-Sucuri-ID
X-RCS-CacheZone
X-Cluster-Node
Rt-Fastcgi-Cache
X-TIME
X-B3-Spanid
X-Cache-Remote
X-UnsetCookies
Nel
X-App-Name
X-PERF
X-ApacheServer
Release
Hostname
X-Agile-Age
X-Agile
X-APP-VERSION
X-Agile-Id
X-Datadome
X-Source
X-Nginx-Cache
Cache-Name
Pagespeed
X-Request-Time
X-Ua
X-Edge-Location
X-Pubstack
X-Ocache
X-Edge-IP
X-App-Version
X-Protected-By
Warning
X-Varnish-Beresp-Status
X-Origin
X-Varnish-Beresp-Grace
X-OVcl-Cache
X-Hit
X-Goog-Meta-Goog-Reserved-File-Mtime
X-OVcl
X-Sucuri-Cache
Thinkindot-Control
X-Trv-Group
Thinkindot-CacheControl
Request-Time
UCS
X-Twitter-Response-Tags
Thinkindot-CacheControl-Type
X-Transaction
X-SRCache-Key
X-A-Dgt
X-A-Wwc
X-A-Dcw
X-A-Ccd
X-A
Request-EU
X-Thinkindot-L3
Www
Origin
Cache-Prefix
Cross-Origin-Window-Policy
Ec-Rule-Version
Fly-Cache
BehaviorPad-Version
Arc-Country
Xc-Version
Ajk
X-VG-WebServer
Fly-Request-Id
MD5-Digest
On-Server
X-Server-Group
Rendered-Blocks
Request-Country
Node
X-Var-Ttl
Meta-Geo-Continent
N-Cache
X-VCT
X-Up
X-S-Cookie
X-Developer
X-Destination
X-Debug-Log
X-Debug-Cookies
X-Developers
X-DPWN-IS-SECURE
X-Application
X-ARC
X-G
X-External-Request-Id
X-Debug-Cache-Store
X-B-Cookie
X-Core-Value
X-Connection-Hash
X-Cache-Grace
X-CF-Lambda-Version
X-Cache-Expires
X-D
X-BB-ID
X-Debug-Cache-Fetch
X-Debug-Cache-Expiry
X-Date
X-Aed
X-Gannett-Site-Version
X-Processor
X-Platform
X-PAYTM-SRV-ID
X-Origin-TTL
X-Region-Sid
X-Request-UUID
X-ScT
X-CF-Lambda-Fn
X-Rojux
X-Rewrite-Enabled
X-Origin-CC
X-NX-Host
X-Matched-Rule
X-Logtrace-Id
X-Hp-Webp
X-Generated-In
X-Accel-Expires-Debug
X-Mobile-URL
X-NU-AKA-ACS-Version
X-NodeID
X-Nginx-Cache-Key
X-Secret
X-A-Dam
X-ElasticPress-Search
X-Cdn-Forward
SRV
X-Varnish-Ttl
X-Cache-Backend
X-Origin-Expires
Server-Int
X-Origin-Date
Server-Cache-Control
RNT-Time
Server-Surrogate-Control
Section-Io-Cache
X-ServiceProvider
X-C
X-Sf
X-Cache-ASPX
RNT-Machine
X-SIPLIST1
X-Distil-CS
Pramga
X-Distributor
X-Proxy-Cache-Status
X-Epic-Correlation-Id
Proxy-Connection
X-Device-Os
X-Skip-Cache
X-SN
X-Node-Id
X-Cache-Debug
X-Servername
X-Cache-FS-Status
X-RateLimit-Remaining-Second
X-Cache-Miss-From
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-Reboot
X-RateLimit-Limit-Second
X-Cache-Info
X-Policy
X-Qloud-Router
X-Cache-Host
X-Cache-Id
X-Refresh
X-Ah-Environment
X-Sedo-Request-Id
X-Page-Type
X-Swa-Ws
True-Client-Country-4JS
X-Crawler
X-IN-APIGATEWAY
X-Request-URI
X-CGP
X-PHP-Host
X-Cms-Context
X-Proxy-Upstream
X-No-Session
X-Geo-Header
Content-Disposition
CDCHOST
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
Country-Code
X-Li-Fabric
Fastly-SWR
Fastly-Soc-X-Request-Id
Fastly-SIE
X-Eu-Site
Cache-Cookie-Set-From
Backend
X-Irp-Debug
X-Instart-Isnd
X-Info
X-IN-WAF
X-LAGOON
AKAMAI
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Apple-News-Services-Handled
X-Li-Pop
Fastly-Backend-Name
X-Location
IsBot
X-LI-Proto
X-Varnish-Url
Magicmarker
X-Varnish-Authentication
Fastcgi-Useragent
X-TT-LOGID
X-F5-Cache
Memcached
Heartbleed
X-LI-UUID
X-Real-Ip
HA-Ipaddr
X-Webstats-RespID
Ha-Gx-Prefs
X-CACHE-KEY
X-GZip
X-CUA
X-Fastly-Cache
X-Dispatcher-Server
X-MSEdge-Flight
X-MSEdge-Features
X-Gateway-Cache-Status
X-Hash
X-GeoIP-Country-Code
X-Planisys-CDN-Cache
X-GeoIP-City
X-Level-Front-Cache
X-Generated-On
X-Gateway-Cache-Key
X-Planisys-CDN-Rules
X-Core-Mission
X-Gateway-Skip-Cache
X-Planisys-CDN-TTL
X-Cdn-Srv
X-Fetched-On
X-S-Maxage
X-Bip
Powered-By
Platform
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
SD-X-WS
X-ShardId
X-ShopId
X-Shopify-Stage
Server-Host
User-Cache-Control
Fastly-SSL
Kp-EeAlive
Is-Eu
HTTPS
X-Wikidot-Backend
Lfy
X-Variation
X-Thanos
X-User
Pagetype
X-Wikidot-Static-Cache
Web-Mar-Node
X-Amz-Meta-Cache-Control
X-Alternate-Cache-Key
X-Varnish-Beresp-Ttl
X-Via-SSL
X-Amzn-Remapped-Content-Length
X-Auto-Login
X-BBXSRF
X-Backend-Url
X-Backend-State
X-Backend-Host
X-Amzn-Remapped-Connection
X-Via-Edge
X-Amzn-Remapped-Date
X-Gen-Mode
X-Hnp-Log
X-Key
Adler-Geo
X-Server-IP
X-Block-Status
X-FireWall-Port
X-WPE-Loopback-Upstream-Addr
X-TrackingId
X-Cache-Bucket
Pragrma
X-Micro-Cache
X-RateLimit-Reset
X-Server-Time
X-Owner
X-Returned-From
X-Returned-From-BeforeDispatch
X-Passed-To-PostProcessResponse
X-Returned-From-DLL
X-Returned-From-PostProcessResponse
X-Passed-To-BeforeDispatch
X-Svr
X-Stale
X-Passed-To
X-Server-By
X-Passed-To-DLL
X-Original-Request
X-Actual-URL
X-Dc
Server-ID
X-CDN-Forward
ServerName
X-Org
X-Croise-Owner
X-Unique-ID
FNAC-ModuleRouting
X-HS-Cache-Config
Host-ID
X-Nc
X-VServer
Cteonnt-Length
X-Load-Cache
X-NC
Cdn-Request-Time
Cdn-Host
Viewtype
X-Microcachable
Gh-Request-Id
VivaBuild
REQUESTUUID
X-Aicache-OS
X-Edge-Server
DSUID
X-Parent-Response-Time
X-Pjax-Url
X-FPC
X-Apm-Inst-Hash
X-CSRF-TOKEN
X-Cdn-Origin
X-Apm-Svc-Key
V-Age
X-Gdpr
SID
Mime-Version
X-Sn-Servicetimems
X-Ua-Device
X-Apm-App-Name
MIME-Version
X-Oss-Object-Type
X-Oss-Request-Id
X-Oss-Storage-Class
X-Oss-Server-Time
X-Oss-Hash-Crc64ecma
X-V
Time
PICS-Label
Memory
Rt-Proxy-Cache
X-ND-Cache
X-Geo
X-Exp-Se
X-Req
X-Servedbyhost
X-From-Cache
X-Wa
X-Served-From
X-URL
ProcessTime
Odigeo-Trace-Id
X-Tb-Optimization-Total-Bytes-Saved
X-B3-Parentspanid
HostName
CF-IPCountry
X-HTML-Minification-Powered-By
X-Cache-HT
X-Optimization
X-DC
AR-SID
X-Newrelic-Synthetics
Wxu-Next-Hostname
X-Fstrz
Wxu-Next-Commit
Wxu-Next-Region
Resin-Trace
X-Git-Hash
Public-Key-Pins-Report-Only
Cf-Ipcountry
X-Lb-Id
XServer
X-Response-By
Cache
Cdn
X-GEO
GMS-Ver
X-Varnish-Beresp-TTL
X-Atg-Version
Fastcgi-X-Cache-Version
X-Release
Proxy-Firewall
WZWS-RAY
X-WebServer
Processtime
X-Fastly-Backend-Reqs
X-LB-ID
X-WR-MODIFICATION
X-Ratelimit-Remaining
X-Ratelimit-Limit
X-Phone
X-Amz-Meta-Surrogate-Control
X-Vcl-Version
X-TH-Server
X-APP
X-CACHE-AGE
X-Daa-Tunnel
X-CLOUD-TRACE-CONTEXT
GW-Server
X-We-Are-Hiring
CF-Cached-On
X-Clientip
X-Instart-Info
Mobile-Detection-Method
Countrycode
X-UE-Client-Country
X-Check-Cacheable
X-Host-Name
X-Hyper-Cache
Backend-Name
X-Nananana
X-HS-Status
SS
X-Vcache
X-NGINX-Cache
Ohc-File-Size
X-COUNTRY
X-Upstream-HT
X-WA
X-Ratelimit-Reset
X-Upstream-CT
X-Worker
X-Zone
X-Fastly-Country-Code
Lb
X-CSRF-Token
X-ServedByHost
409pxxline
FSS-Cache
X-HS-Combine-CSS
Xxline
X-PF-Uncompressing
X-Server-W
FSS-Proxy
225prxHost
X-Backend-TTL
355prline
189phosttRef
Pics-Label
286prxHost
219prxHost
178proxuri
188prxHost
Geoip-Latitude
352pxline
DataCenter
X-IPS-LoggedIn
GeoIp-Country-Code
X-VHOST
Geoip-City
SN
X-FORWARDED-FOR
X-SERVER-NAME
X-GZIP
X-Dynatrace
Ohc-Cache-HIT
X-Render-Time
Esi-Enabled
X-Fpc
URI
Version
X-BE
X-Be
X-UPSTREAM-Address
X-Request-Start
X-B3-SpanId
X-SRV
X-LiteSpeed-Cache-Control
X-CS
X-Gen-Id
CDN
WP-Super-Cache
X-VCL-Version
X-UCC
X-PJAX-URL
X-ID
X-Unique-Id
X-Cdn-Cache
X-Varnish-Action
Who
X-AssetVersion
Dynatrace
Amp-Access-Control-Allow-Source-Origin
X-HostName
X-GDPR
X-Contensis-Viewer-Groups
X-NGENIX-Cache
X-Cache-URL
X-Pf-Uncompressing
GeoIP-Latitude
X-Html-Edge-Cache
X-Via-Ucdn
GeoIP-City
Cneonction
GeoIP-Country-Code
RequestUuid
X-Fastly-Cache-Hits
X-Cache-Ttl
Serverid
X-ZONE
X-Via-NSCOPI
X-Store
X-Vtex-Remote-Cache
X-Vtex-Processado-Em
X-LiteSpeed-Tag
X-Akamai-Request-ID2
Accept-Language
Server-Id
X-Request-Url
A
Accept-Ch
X-NWS-UUID-VERIFY
X-Akamai-SSL-Client-Sid
Locale
X-Dw-Trace-Id
X-RequestId
X-ABtesting
X-Urbn-Context-Path
X-Urbn-Site-Id
X-Reqid
X-Hello
X-Flog
RequestId
Is-Session-Tracking
X-HTML-Edge-Cache
X-ServerName
NnCoection
X-Cdn-Request-ID
Frontcache
X-Serial
Get-Access-Time
Ohc-Response-Time
X-EC-Lua
X-Port