Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
X-Powered-By
Link
ETag
CF-RAY
X-XSS-Protection
Expect-CT
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
CF-Cache-Status
X-Timer
Access-Control-Allow-Headers
X-Request-Id
Access-Control-Allow-Methods
X-AspNet-Version
X-Xss-Protection
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
Alt-Svc
X-Check
X-Cacheable
X-Request-ID
Content-Security-Policy-Report-Only
X-Generator
X-Cache-Status
CF-Ray
X-Permitted-Cross-Domain-Policies
X-AspNetMvc-Version
X-DNS-Prefetch-Control
X-Template
X-Language
Status
X-Iinfo
Content-Encoding
Timing-Allow-Origin
X-Buckets
X-FRAME-OPTIONS
X-Content-Security-Policy
X-CDN
Upgrade
Xkey
X-Turbo-Charged-By
X-Kinja-Server-Push
Keep-Alive
Access-Control-Expose-Headers
X-Backend
X-Cache-Group
X-Pass-Why
X-AH-Environment
P3p
Access-Control-Max-Age
X-Drupal-Dynamic-Cache
X-Age
X-Ua-Compatible
X-Pingback
X-Server
X-Via
X-Proxy-Cache
X-Amz-Id-2
X-Amz-Request-Id
Grace
X-Hacker
WPE-Backend
X-Robots-Tag
X-Varnish-Cache
X-Server-Powered-By
X-Nginx-Cache-Status
X-Page-Speed
X-UA-Device
EagleId
Request-Context
X-Envoy-Upstream-Service-Time
Cf-Railgun
X-Amz-Version-Id
X-WebKit-CSP
X-LiteSpeed-Cache
X-Swift-CacheTime
X-Swift-SaveTime
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-OneAgent-JS-Injection
X-Device
Ali-Swift-Global-Savetime
Allow
Server-Timing
X-Ac
X-CST
X-Rq
X-Node
X-Host
Feature-Policy
Content-Location
X-Type
X-Cnection
X-Response-Time
X-Server-Id
Report-To
X-Backend-Server
X-Cloud-Trace-Context
X-Application-Context
Surrogate-Control
EagleEye-TraceId
X-Iejgwucgyu
X-ORACLE-DMS-ECID
X-Url
X-Origin-Cache
X-Readtime
Request-Id
X-Rack-Cache
X-Country
X-FTR-Request-ID
X-Clacks-Overhead
X-Cache-Lookup
X-Country-Code
Rating
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
NEL
X-Instart-Request-ID
X-Ruxit-JS-Agent
X-Vhost
Pinterest-Generated-By
X-Dns-Prefetch-Control
X-Mod-Pagespeed
X-DynaTrace
X-Upstream-Env
X-Origin-Upstream-Status
X-Px
X-DataDome
Edge-Control
X-Goog-Hash
X-Server-Name
Verso
X-ESI
Accept-CH
X-Dispatcher
X-HW
MS-Author-Via
X-GitHub-Request-Id
X-VARITI-CCR
PB-RID
Arc-Version
PB-PID
X-Mobile-Rewrite
X-DataStream-Cache-Status
X-MS-InvokeApp
AR-CACHE
X-Kinja-Revision
X-Use-Magma
X-Exp-Id
X-Kinja-Server
X-Kinja-Build
X-Kinja
AR-PoweredBy
X-Exp-Variant
X-GoogleNews-Bot
AR-ATIME
X-Cdn-Fetch
X-ORACLE-DMS-RID
Charset
X-Version
X-Cached
Content-MD5
X-Powered-By-Plesk
X-Recruiting
Public-Key-Pins
X-Server-ID
Service-Worker-Allowed
Accept-CH-Lifetime
X-D2id
AR-Request-ID
X-Navigation-Version
X-Abt-Application-Version
RTSS
Ar-Sid
X-Vname
X-TtlSet
X-PC
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Ser
X-Varnish-TTL
X-Trace
X-Forwarded-Proto
X-Vcap-Request-Id
X-Amz-Server-Side-Encryption
X-Client-IP
SPRequestGuid
X-TTL
X-DynaTrace-JS-Agent
Nginx-Cache
X-FTR-Backend
X-Country-Code-Real
X-FTR-Backend-Server
X-FTR-DC
X-FTR-Cache-Status
X-FTR-Realm
X-FTR-Balancer
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-VCache
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-FTR-Expires
X-Amz-Rid
X-Fastly-Request-ID
X-SharePointHealthScore
X-Ttl
S
X-Amz-Meta-S3cmd-Attrs
X-Debug
X-Oracle-Dms-Rid
Arr-Disable-Session-Affinity
TCN
X-Shield-Request-Id
X-Dw-Request-Base-Id
X-Hits
X-TEC-API-VERSION
X-TEC-API-ROOT
X-XRDS-Location
X-TEC-API-ORIGIN
X-Pinterest-Rid
DynaTrace
X-Upstream-Proxy
Pinterest-Version
SPRequestDuration
SPIisLatency
X-Akam-SW-Version
X-T
Access-Control-Request-Method
X-FTR-Cache-Host
X-Goog-Storage-Class
Front-End-Https
X-Id
X-Powered-CMS
X-SERVER
X-Acc-Meta-Resource-Type
X-NF-Request-ID
X-Amzn-Trace-Id
Realpath
X-MSEdge-Ref
Tracecode
X-B3-TraceId
Fastcgi-Cache
X-Litespeed-Cache
X-Aspnet-Version
Paypal-Debug-Id
X-N
X-Varnish-Age
X-Forwarded-For
X-Content-Type
Alternate-Protocol
X-Upstream
X-B3-TraceId-Primal
Mrf-Cache-Status
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
MRF-Tech
X-Sol
X-Middleton-Display
Display
X-Frontend
X-RateLimit-Remaining
X-Logged-In
X-PressLabs-Stats
Response
X-Middleton-Response
X-HS-Hub-Id
X-HS-Content-Id
X-Content-Digest
Fusion-Template-Id
Fusion-Component-Id
Fusion-Content-Source
Fusion-Source
Fusion-Content-Id
AMP-Access-Control-Allow-Source-Origin
X-Hostname
X-Srv
X-Fastcgi-Cache
X-Accel-Buffering
X-Pad
X-B3-Traceid
X-Cache-Key
X-Accel-Expires
X-Kinsta-Cache
Server-Name
MicrosoftSharePointTeamServices
Host
X-Content-Options
X-Analytics
X-User-Agent
Backend-Timing
X-Correlation-Id
X-Revision
X-LB-Cache
X-Debug-Info
Refresh
X-AppVersion
X-Amzn-RequestId
X-Activity-Id
X-Rid
X-Amz-Apigw-Id
X-Az
X-B
X-IPLB-Instance
Accept-Charset
FilterID
X-DIS-Request-ID
X-Cache-Hit
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
X-B3-Sampled
Powered-By-ChinaCache
X-Cache-2
X-CF-Powered-By
Surrogate-Key
X-Grace
ServerID
X-FastCGI-Cache
X-Page-Id
X-Whom
X-PHP-Backend
Server-Info
TP-L2-Cache
TP-Cache
MS-CV
X-Request-Processing-Time
X-Request-Received
Host-Header
X-Content-Security-Policy-Report-Only
VIX-Pulpo-Node
Source
X-Varnish-Backend
X-Amz-Replication-Status
X-Akamai-Edgescape
X-Cached-By
VIX-Pulpo-Upstream-Status
X-TT
X-Origin-Server
X-Cache-Action
X-App-Environment
X-Cluster
X-UA-Device-Type
X-Framework
X-Kong-Proxy-Latency
X-Tumblr-Pixel
X-Kong-Upstream-Latency
X-Tumblr-Pixel-0
X-Content-Powered-By
X-Webkit-CSP
Cache-Status
X-Tumblr-User
X-Mobile
X-Platform-Server
Access-Control-Allow-Method
X-Ezoic-Cdn
X-Varnish-Grace
X-F-Cache
X-Shard
X-Drupal-Cache-Tags
X-Request-Guid
X-Instance
X-FW-Static
X-FW-Serve
X-FW-Hash
X-FW-Type
X-FW-Server
X-Ruxit-Js-Agent
X-SS-Set-Cookie
X-Zen-Fury
X-Geo-Country
X-Handled-By
X-FB-Debug
X-GUploader-UploadID
X-Magnolia-Registration
X-RateLimit-Limit
X-Cache-TTL
X-Forwarded-Host
Edge-Cache-Tag
From-Origin
X-ATG-Version
X-Node-Name
PageSpeed
X-Cache-Age
X-App-Server
CACHE
X-Varnish-Hostname
DC
X-Varnish-Server
Cleartype
Cache-Tags
X-BCube-Filmed-By
X-AOL-HN
X-XRDS-LOCATION
X-Cache-Control
Healthy
Payment
X-Region
X-RequestSource
X-WebKit-CSP-Report-Only
X-Generated-By
Filters
Upgrade-Insecure-Requests
X-Response-Served-From
X-GeoIP
X-Adobe-Loc
X-Adobe-Content
X-TT-TIMESTAMP
X-Storage
X-Redis-Cache
X-RTag
Webserver
Ms-Operation-Id
NGB
Cache-Tv-Group
X-TX-ID
X-VG-WebCache
Country
X-Wix-Server-Artifact-Id
X-UUID
X-Signature
Actual-Object-TTL
X-Drupal-Cache-Contexts
Retry-After
X-B-Cache
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
Server-Node
X-Cacheable-TTL
X-Locale
Fastly-Restarts
X-FW-Dynamic
X-Jobs
GEO-INFO
X-Cache-Rule
X-Varnish-Hits
X-Content-Age
ServedBy
X-Seen-By
X-Contextid
Powered
Liferay-Portal
X-Via-JSL
Frame-Options
X-TA-CDN-Provider
X-Rendered-As
HitType
X-Varnish-IP
X-Oneagent-Js-Injection
X-Cache-TTL-Remaining
X-BACKEND-TTL
X-Guploader-Uploadid
X-Real-IP
X-Yottaa-Optimizations
X-Yottaa-Metrics
S-Cnection
Viewport
X-WA-Info
X-Cache-Server
X-Upgrade-Enabled
Content-Script-Type
X-ProcessESI
X-RemovedCookies
Eomportal-Instance
Content-Style-Type
Datacenter
X-GRACE
Xserver
X-Cache-NE
NtCoent-Length
X-Esi
X-Cache-Config
Nel
X-Akamai-Transformed
X-Time
Meta-Geo
Cache-Hits
X-Hl-Ver
Machine
X-ES-SERVER
ViewerVersion
X-S
X-Is-Bot
X-Device-Type
Load-Balancing
Cache-Key
X-Cache-Var
X-Detected-As
X-RN-RSRV
X-Varnish-Cache-Hits
X-Cache-Var-Map
X-Proto
X-Path-Route
X-Mode
X-Wix-Request-Id
L5d-Success-Class
X-Endurance-Cache-Level
X-From
X-Cache-Enabled
X-Viewer-Country
X-Environment-Context
Mail-Subject
Mn-Server-Ip
X-FC-Vary-Parameters
X-VG-TLSProxy
TWC-Locale-Group
TWC-Device-Class
TWC-Connection-Speed
X-Hosted-By
Access-Control-Request-Headers
X-Section
Vix-Hermes-Req-Id
TWC-GeoIP-Country
We-Hiring
Webcakes-App-Name
X-Origin-Hint
X-Access
OT-Force-Account-Verify
TWC-GeoIP-LatLong
X-L-Path
Webcakes-Region
TWC-Privacy
Property-Id
Webcakes-App-Version
X-Backend-Name
X-AWS-Id
X-Birta-Cache-Post
Origin-Edge-Control
DB-Nickname
X-Akamai-Request-ID
Origin-Cache-Control
X-FW-Version
X-Loop
X-NewRelic-App-Data
X-Time-Microsecs
X-Via-CDN
X-Origin-Response-Time
X-TNCMS
X-Birta-Served
X-Proxy
X-Labrador-Cache-Channel
X-LJ-Flow-ID
X-Debug-Cache
X-Tb
X-Format
X-VWS-Id
X-Web-Node
S-Rt
Selected-FE
X-Timing-Wait
X-FB-TRIP-ID
X-Varnish-Cacheable
X-Xfnlog-Site
X-Zipkin-Id
X-Via-Fastly
X-Tumblr-Pixel-3
X-Proxy-Build
X-Human
X-IP
Now
X-EIG-Tracking-Id
X-BYPASS-REASON
X-CCM
X-JoinUs
X-OCL
X-Routing-Service
X-ServerID
X-ProxyCache-Status
X-ProxyCache-Key
X-PCL
X-Proxied
X-Status
X-Trace-Id
Azure-Version
Azure-SlotName
Azure-RegionName
Azure-InstanceId
Decoy-Debug-Key
Azure-SiteName
Decoy-Debug-TTL
Decoy-Debug-Status
Cache-Tag
X-Cache-Operation
X-NCache
X-Www-Served-By
X-Grey
X-Generated
X-MP-GENERATED-AT
X-Cache-Category-Id
NGX
X-Cdn
X-Site-Version
X-Vgn-Hpd-Reason
X-Rocket-Nginx-Bypass
Uber-Trace-Id
Served-By
X-CDN-Cache
X-Internal-Host
X-VC-Cache
X-Sucuri-ID
X-NWS-LOG-UUID
X-Dynatrace-Js-Agent
X-EdgeConnect-Cache-Status
X-RCS-CacheZone
X-R9-Blue-Green-Version
X-UA
X-Rule
LB
X-Origin-Host
X-Cache-Remote
AsisCache
X-Newrelic-App-Data
Release
X-UnsetCookies
X-Cluster-Node
Rt-Fastcgi-Cache
Pagespeed
User-Agent
X-TIME
X-PERF
X-ApacheServer
X-App-Name
X-B3-Spanid
X-APP-VERSION
X-Agile
X-Source
X-Agile-Id
X-Agile-Age
X-Nginx-Cache
Hostname
X-Ua
X-Datadome
X-Request-Time
Cache-Name
X-App-Version
X-Ocache
X-Edge-Location
X-Sucuri-Cache
X-Pubstack
X-Origin
X-Hit
X-OVcl
X-Goog-Meta-Goog-Reserved-File-Mtime
X-OVcl-Cache
X-Origin-CC
X-VCT
X-Origin-TTL
X-Edge-IP
X-ElasticPress-Search
X-Protected-By
X-IN-APIGATEWAY
X-IN-WAF
X-A-Ccd
X-Generated-In
X-A
X-Aed
MD5-Digest
X-Region-Sid
Meta-Geo-Continent
Fly-Cache
X-A-Dgt
X-A-Dcw
X-A-Dam
Fly-Request-Id
X-A-Wwc
X-Instart-Isnd
X-VG-WebServer
X-Accel-Expires-Debug
X-Hp-Webp
X-Gannett-Site-Version
Arc-Country
Cross-Origin-Window-Policy
Ec-Rule-Version
X-G
Server-Surrogate-Control
BehaviorPad-Version
Server-Cache-Control
Rendered-Blocks
Cache-Prefix
Request-EU
X-Varnish-Authentication
Request-Time
Thinkindot-CacheControl
On-Server
X-Var-Ttl
Request-Country
X-Thinkindot-L3
N-Cache
X-Request-UUID
Xc-Version
UCS
X-Rewrite-Enabled
Ajk
Thinkindot-CacheControl-Type
Thinkindot-Control
Node
Www
X-Cache-Expires
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-Debug-Cookies
X-Debug-Log
X-Secret
X-SRCache-Key
X-Debug-Cache-Expiry
X-CACHE-KEY
X-Transaction
X-Server-Group
X-D
X-Logtrace-Id
X-Matched-Rule
X-Destination
X-ScT
Warning
X-DPWN-IS-SECURE
X-Trv-Group
X-S-Cookie
X-External-Request-Id
X-NodeID
X-NU-AKA-ACS-Version
X-Developer
X-PAYTM-SRV-ID
X-Developers
X-Mobile-URL
X-NX-Host
X-Connection-Hash
X-Date
X-Cache-Grace
X-Processor
X-Twitter-Response-Tags
X-CF-Lambda-Fn
X-Up
X-BB-ID
X-Application
X-ARC
X-Rojux
X-B-Cookie
X-CF-Lambda-Version
X-Cache-ASPX
X-Platform
X-Cdn-Forward
X-Cache-Backend
X-Distributor
X-Crawler
X-Refresh
X-Varnish-Url
X-Core-Value
Origin
X-Rebelmouse-Surrogate-Control
X-Reboot
X-Amzn-Remapped-Date
Lfy
X-Cms-Context
Memcached
X-Gen-Mode
Pagetype
X-Epic-Correlation-Id
X-Eu-Site
X-Amzn-Remapped-Connection
Pramga
X-Cache-Id
X-Cache-Host
Web-Mar-Node
True-Client-Country-4JS
SRV
X-TT-LOGID
X-Rebelmouse-Cache-Control
X-Cache-Info
Server-Host
Kp-EeAlive
X-Dispatcher-Server
Proxy-Connection
X-CGP
X-Device-Os
X-Block-Status
X-Cache-Debug
User-Cache-Control
X-C
X-Distil-CS
X-Webstats-RespID
X-Hnp-Log
X-ServiceProvider
X-Policy
X-Request-URI
X-Sf
X-Servername
AKAMAI
X-SN
Apple-News-Services-Request-Url
X-Li-Fabric
Apple-News-Services-Host
Apple-News-Services-Handled
X-F5-Cache
X-RateLimit-Remaining-Second
X-Proxy-Cache-Status
X-LAGOON
X-RateLimit-Limit-Second
X-Proxy-Upstream
X-Li-Pop
X-Key
X-Irp-Debug
X-Location
X-LI-UUID
X-Info
X-LI-Proto
Backend
Apple-News-Services-Parsed-Url
Fastly-Backend-Name
Fastly-Soc-X-Request-Id
X-Geo-Header
Country-Code
X-Origin-Expires
Content-Disposition
X-Origin-Date
Fastly-SWR
X-No-Session
Heartbleed
HA-Ipaddr
Ha-Gx-Prefs
X-Via-SSL
X-Via-Edge
X-Page-Type
Fastly-SIE
CDCHOST
X-PHP-Host
X-Swa-Ws
X-Hash
X-Varnish-Ttl
X-FireWall-Port
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-Cache-Bucket
X-BBXSRF
X-ShopId
X-ShardId
X-Shopify-Stage
X-S-Maxage
X-Real-Ip
X-Nginx-Cache-Key
X-Bip
X-Sorting-Hat-PodId
X-Cache-Miss-From
X-Planisys-CDN-Rules
X-Ah-Environment
X-Server-IP
X-Planisys-CDN-Cache
X-Sedo-Request-Id
X-Fastly-Cache
X-Cache-FS-Status
X-Planisys-CDN-TTL
X-Node-Id
X-Sorting-Hat-ShopId
X-Alternate-Cache-Key
Cache-Cookie-Set-From
SD-X-WS
RNT-Time
Server-Int
X-Variation
X-Generated-On
Adler-Geo
X-Backend-Url
RNT-Machine
X-Gateway-Cache-Key
X-GeoIP-City
X-Gateway-Cache-Status
X-Gateway-Skip-Cache
X-GeoIP-Country-Code
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
Platform
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-User
X-Amz-Meta-Cache-Control
Is-Eu
X-Skip-Cache
X-Amzn-Remapped-Content-Length
X-Backend-State
X-Backend-Host
X-Level-Front-Cache
X-Fetched-On
X-Qloud-Router
Magicmarker
X-WPE-Loopback-Upstream-Addr
X-TrackingId
HTTPS
IsBot
X-SIPLIST1
X-Thanos
X-MSEdge-Features
X-Owner
Fastly-SSL
X-Core-Mission
DSUID
X-Auto-Login
X-Micro-Cache
X-Cdn-Srv
X-MSEdge-Flight
X-Server-Time
X-GZip
Section-Io-Cache
X-Nc
FNAC-ModuleRouting
Cteonnt-Length
Powered-By
Server-ID
ServerName
X-CUA
X-RateLimit-Reset
X-Varnish-Beresp-Ttl
Fastcgi-Useragent
X-Dc
Pragrma
X-Org
X-Load-Cache
X-Returned-From
X-Passed-To-BeforeDispatch
X-Parent-Response-Time
X-Original-Request
X-Returned-From-DLL
X-Returned-From-PostProcessResponse
X-Passed-To
Gh-Request-Id
X-Returned-From-BeforeDispatch
X-Stale
REQUESTUUID
X-Server-By
Viewtype
VivaBuild
X-Actual-URL
X-CDN-Forward
X-Svr
X-Pjax-Url
X-Passed-To-DLL
X-Aicache-OS
X-Passed-To-PostProcessResponse
X-Cdn-Origin
X-Sn-Servicetimems
X-Apm-Inst-Hash
X-HS-Cache-Config
Host-ID
X-Croise-Owner
X-VServer
X-Apm-Svc-Key
V-Age
X-FPC
X-Apm-App-Name
X-Unique-ID
MIME-Version
X-ND-Cache
Cdn-Request-Time
Cdn-Host
Rt-Proxy-Cache
X-Exp-Se
X-NC
X-Edge-Server
X-Geo
X-Microcachable
Mime-Version
X-CSRF-TOKEN
X-Served-From
X-Ua-Device
X-Gdpr
Cache
Memory
SID
X-Oss-Server-Time
X-Oss-Hash-Crc64ecma
Time
X-Oss-Object-Type
X-Oss-Request-Id
PICS-Label
X-Oss-Storage-Class
X-B3-Parentspanid
HostName
X-V
X-Wa
X-Servedbyhost
ProcessTime
X-Req
Resin-Trace
Wxu-Next-Region
X-Git-Hash
Cf-Ipcountry
X-DC
X-Tb-Optimization-Total-Bytes-Saved
Wxu-Next-Hostname
X-From-Cache
Wxu-Next-Commit
X-Newrelic-Synthetics
Odigeo-Trace-Id
X-Optimization
X-Cache-HT
AR-SID
X-Lb-Id
CF-IPCountry
X-HTML-Minification-Powered-By
Cdn
X-Varnish-Beresp-TTL
X-Fstrz
X-Release
X-WebServer
Public-Key-Pins-Report-Only
X-TH-Server
X-Response-By
X-Ratelimit-Remaining
X-Host-Name
X-Atg-Version
XServer
GMS-Ver
Proxy-Firewall
X-Fastly-Backend-Reqs
Processtime
X-GEO
X-ID
X-Ratelimit-Limit
X-Vcl-Version
X-Instart-Info
CF-Cached-On
X-APP
X-Phone
Fastcgi-X-Cache-Version
X-LB-ID
X-WR-MODIFICATION
X-Daa-Tunnel
WZWS-RAY
Backend-Name
X-CLOUD-TRACE-CONTEXT
X-CACHE-AGE
X-Worker
X-Nananana
X-Amz-Meta-Surrogate-Control
X-Zone
X-Upstream-CT
X-Check-Cacheable
X-Upstream-HT
188prxHost
219prxHost
189phosttRef
225prxHost
286prxHost
X-NGINX-Cache
355prline
Xxline
X-Server-W
X-WA
409pxxline
352pxline
178proxuri
Mobile-Detection-Method
X-UE-Client-Country
GW-Server
X-Vcache
Countrycode
X-Clientip
X-We-Are-Hiring
X-B3-SpanId
Version
X-URL
SS
X-CSRF-Token
X-ServedByHost
X-Fastly-Country-Code
Pics-Label
X-Hyper-Cache
X-HS-Status
X-Ratelimit-Reset
Lb
Ohc-File-Size
SN
GeoIp-Country-Code
X-IPS-LoggedIn
Geoip-Latitude
X-Backend-TTL
DataCenter
Geoip-City
X-SERVER-NAME
FSS-Proxy
X-HS-Combine-CSS
FSS-Cache
X-PF-Uncompressing
X-GZIP
X-SRV
X-Dynatrace
X-Request-Start
X-VCL-Version
X-Render-Time
X-UPSTREAM-Address
X-AssetVersion
URI
Esi-Enabled
X-Contensis-Viewer-Groups
X-BE
Serverid
X-Akamai-Request-ID2
Ohc-Cache-HIT
X-GDPR
X-Be
X-Fpc
Accept-Language
X-CS
WP-Super-Cache
GeoIP-Latitude
X-LiteSpeed-Cache-Control
GeoIP-Country-Code
GeoIP-City
X-Unique-Id
X-Vtex-Remote-Cache
X-Via-Ucdn
X-RequestId
X-Vtex-Processado-Em
CDN
X-ZONE
X-UCC
X-PJAX-URL
X-Gen-Id
X-HostName
Amp-Access-Control-Allow-Source-Origin
X-FORWARDED-FOR
Dynatrace
Locale
X-ABtesting
X-Flog
RequestUuid
X-Fastly-Cache-Hits
X-NWS-UUID-VERIFY
X-Via-NSCOPI
X-Html-Edge-Cache
X-Varnish-Action
X-Hello
X-Urbn-Context-Path
X-Pf-Uncompressing
X-Reqid
Cneonction
X-Urbn-Site-Id
Who
X-Cdn-Cache
X-Cache-Ttl
A
X-LiteSpeed-Tag
Server-Id
X-Cache-URL
X-Store
Accept-Ch
X-Request-Url
X-NGENIX-Cache
X-Akamai-SSL-Client-Sid
X-Dw-Trace-Id
Get-Access-Time
X-Cdn-Request-ID
Ohc-Response-Time
X-Serial
X-HTML-Edge-Cache
Is-Session-Tracking
Frontcache
X-ServerName
NnCoection
X-Port
X-EC-Lua