Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
X-Powered-By
Link
ETag
CF-RAY
X-XSS-Protection
Expect-CT
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
CF-Cache-Status
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Xss-Protection
X-AspNet-Version
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-FRAME-OPTIONS
X-Drupal-Cache
X-Adblock-Key
Alt-Svc
X-Check
X-Cacheable
X-Generator
Content-Security-Policy-Report-Only
X-Cache-Status
CF-Ray
X-Request-ID
X-AspNetMvc-Version
X-Permitted-Cross-Domain-Policies
X-DNS-Prefetch-Control
X-Template
X-Language
Status
X-Iinfo
Content-Encoding
Timing-Allow-Origin
X-Buckets
X-Content-Security-Policy
Upgrade
X-CDN
Xkey
X-Turbo-Charged-By
X-Kinja-Server-Push
Keep-Alive
Access-Control-Expose-Headers
P3p
X-Backend
X-Cache-Group
X-Pass-Why
X-AH-Environment
Access-Control-Max-Age
X-Age
X-Drupal-Dynamic-Cache
X-Ua-Compatible
X-Pingback
X-Server
X-Proxy-Cache
X-Via
X-Amz-Id-2
X-Amz-Request-Id
Grace
X-Hacker
X-Robots-Tag
WPE-Backend
X-Nginx-Cache-Status
X-Server-Powered-By
X-Varnish-Cache
X-Page-Speed
X-UA-Device
EagleId
Request-Context
X-Envoy-Upstream-Service-Time
Cf-Railgun
X-Amz-Version-Id
X-LiteSpeed-Cache
X-WebKit-CSP
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Swift-CacheTime
X-Swift-SaveTime
X-OneAgent-JS-Injection
X-Device
Allow
Ali-Swift-Global-Savetime
Server-Timing
X-CST
X-Ac
X-Type
X-Rq
X-Node
X-Host
X-Server-Id
Feature-Policy
Content-Location
X-Response-Time
X-Cnection
Report-To
X-Backend-Server
X-Application-Context
Surrogate-Control
EagleEye-TraceId
X-Iejgwucgyu
X-Cloud-Trace-Context
X-ORACLE-DMS-ECID
X-Origin-Cache
X-Readtime
X-Rack-Cache
Request-Id
X-Url
X-Dns-Prefetch-Control
X-FTR-Request-ID
X-Country
X-Cache-Lookup
X-Clacks-Overhead
X-Country-Code
Rating
NEL
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Instart-Request-ID
X-Upstream-Env
X-Ruxit-JS-Agent
Pinterest-Generated-By
X-Mod-Pagespeed
X-Vhost
X-DynaTrace
X-Origin-Upstream-Status
X-Px
X-DataDome
Edge-Control
X-Goog-Hash
Verso
X-Server-Name
Accept-CH
X-Dispatcher
X-ESI
X-HW
X-ORACLE-DMS-RID
X-GitHub-Request-Id
MS-Author-Via
X-VARITI-CCR
Charset
PB-PID
X-Mobile-Rewrite
PB-RID
Arc-Version
X-MS-InvokeApp
X-DataStream-Cache-Status
X-Kinja-Build
X-Kinja-Revision
X-Kinja
X-GoogleNews-Bot
X-Exp-Variant
X-Cdn-Fetch
X-Exp-Id
X-Kinja-Server
X-Use-Magma
X-Version
AR-PoweredBy
AR-CACHE
X-Cached
AR-ATIME
Content-MD5
X-Recruiting
X-Powered-By-Plesk
Public-Key-Pins
Service-Worker-Allowed
Accept-CH-Lifetime
X-D2id
X-Abt-Application-Version
AR-Request-ID
X-PC
X-TtlSet
X-Navigation-Version
X-Vname
RTSS
X-TTL
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Ser
X-Varnish-TTL
Ar-Sid
X-Trace
X-Forwarded-Proto
X-Client-IP
SPRequestGuid
X-Vcap-Request-Id
X-Amz-Server-Side-Encryption
X-DynaTrace-JS-Agent
X-FTR-Cache-Status
X-FTR-DC
X-FTR-Realm
X-FTR-Balancer
X-Country-Code-Real
X-FTR-Backend
X-FTR-Backend-Server
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-SharePointHealthScore
X-Server-ID
X-FTR-Expires
X-Amz-Rid
X-Fastly-Request-ID
Nginx-Cache
X-VCache
S
X-Amz-Meta-S3cmd-Attrs
Arr-Disable-Session-Affinity
X-Debug
X-XRDS-Location
TCN
X-Shield-Request-Id
X-Id
Pinterest-Version
X-Pinterest-Rid
X-Upstream-Proxy
X-Dw-Request-Base-Id
X-Hits
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-Oracle-Dms-Rid
SPIisLatency
SPRequestDuration
DynaTrace
X-Akam-SW-Version
Access-Control-Request-Method
X-SERVER
X-Goog-Storage-Class
Front-End-Https
X-FTR-Cache-Host
X-T
X-Ttl
X-B3-TraceId
X-Powered-CMS
X-Aspnet-Version
X-NF-Request-ID
X-Acc-Meta-Resource-Type
Realpath
Paypal-Debug-Id
X-Amzn-Trace-Id
X-MSEdge-Ref
Tracecode
X-Varnish-Age
Fastcgi-Cache
X-N
X-Content-Type
X-Forwarded-For
X-B3-TraceId-Primal
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
Alternate-Protocol
MRF-Tech
Mrf-Cache-Status
X-RateLimit-Remaining
X-Upstream
X-Frontend
Fusion-Content-Source
X-Sol
Fusion-Template-Id
Fusion-Source
Fusion-Content-Id
Fusion-Component-Id
X-Middleton-Display
X-PressLabs-Stats
X-Logged-In
Display
X-Content-Digest
X-HS-Hub-Id
X-HS-Content-Id
AMP-Access-Control-Allow-Source-Origin
X-Accel-Buffering
X-Litespeed-Cache
Response
X-Middleton-Response
X-Hostname
X-Cache-Key
X-Srv
X-Kinsta-Cache
X-Accel-Expires
X-Pad
Server-Name
MicrosoftSharePointTeamServices
X-B3-Traceid
X-FastCGI-Cache
X-Content-Options
X-User-Agent
Host
Backend-Timing
Refresh
X-Analytics
X-Correlation-Id
X-DIS-Request-ID
X-Debug-Info
X-IPLB-Instance
X-LB-Cache
X-Rid
X-Fastcgi-Cache
X-Cdn
X-Revision
X-AppVersion
X-Activity-Id
X-Az
X-B
X-Amzn-RequestId
FilterID
X-Amz-Apigw-Id
Accept-Charset
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
X-Grace
ServerID
X-Cache-Hit
X-Cache-2
X-B3-Sampled
X-CF-Powered-By
Powered-By-ChinaCache
Surrogate-Key
X-Page-Id
X-Whom
Server-Info
X-PHP-Backend
X-Webkit-CSP
TP-L2-Cache
TP-Cache
X-Ruxit-Js-Agent
Host-Header
X-Request-Received
X-Content-Security-Policy-Report-Only
X-Request-Processing-Time
Source
VIX-Pulpo-Node
X-Amz-Replication-Status
VIX-Pulpo-Upstream-Status
X-TT
X-Varnish-Backend
X-Cluster
X-Cache-Action
X-Origin-Server
MS-CV
X-Tumblr-User
X-Framework
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Akamai-Edgescape
X-F-Cache
X-Instance
X-FW-Type
X-FW-Static
X-Kong-Proxy-Latency
X-App-Environment
X-Platform-Server
X-Mobile
X-RateLimit-Limit
X-FW-Serve
X-FW-Server
X-FW-Hash
X-Kong-Upstream-Latency
Cache-Status
Access-Control-Allow-Method
X-Content-Powered-By
X-Cached-By
X-Varnish-Grace
X-UA-Device-Type
X-Request-Guid
X-Handled-By
X-SS-Set-Cookie
X-Drupal-Cache-Tags
X-Geo-Country
X-Magnolia-Registration
X-Shard
CACHE
X-Zen-Fury
X-FB-Debug
X-Ezoic-Cdn
PageSpeed
Edge-Cache-Tag
X-GUploader-UploadID
X-Forwarded-Host
X-ATG-Version
From-Origin
X-Cache-TTL
X-App-Server
DC
X-Cache-Age
X-Varnish-Server
X-Wix-Server-Artifact-Id
X-Node-Name
Cleartype
X-Varnish-Hostname
X-AOL-HN
Cache-Tags
X-BCube-Filmed-By
Payment
X-Cache-Control
X-Region
X-WebKit-CSP-Report-Only
X-Response-Served-From
Filters
X-RequestSource
X-Generated-By
X-Signature
X-Adobe-Loc
X-TX-ID
X-Adobe-Content
X-B-Cache
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
NGB
Webserver
X-UUID
Upgrade-Insecure-Requests
X-VG-WebCache
X-TT-TIMESTAMP
X-GeoIP
Cache-Tv-Group
X-FW-Dynamic
Server-Node
GEO-INFO
Ms-Operation-Id
X-Jobs
Country
Healthy
Retry-After
X-Storage
X-Seen-By
X-Redis-Cache
X-RTag
X-Drupal-Cache-Contexts
Actual-Object-TTL
X-Varnish-Hits
ServedBy
X-Content-Age
X-XRDS-LOCATION
X-Cacheable-TTL
X-Locale
Liferay-Portal
X-Cache-Rule
X-Via-JSL
X-Contextid
X-Esi
Fastly-Restarts
X-Rendered-As
X-Oneagent-Js-Injection
Powered
X-Cache-TTL-Remaining
X-Guploader-Uploadid
Frame-Options
HitType
X-Varnish-IP
X-BACKEND-TTL
S-Cnection
X-Real-IP
Viewport
Content-Script-Type
X-Wix-Request-Id
X-Yottaa-Metrics
Content-Style-Type
ViewerVersion
X-Yottaa-Optimizations
X-WA-Info
X-Cache-Server
X-Upgrade-Enabled
X-TA-CDN-Provider
NtCoent-Length
Datacenter
X-RemovedCookies
X-Cache-Config
Eomportal-Instance
X-Mode
X-ProcessESI
X-Endurance-Cache-Level
X-RN-RSRV
Load-Balancing
Meta-Geo
X-Cache-Var
Cache-Key
Cache-Hits
X-Akamai-Transformed
X-Varnish-Cache-Hits
X-Cache-NE
X-Cache-Var-Map
X-Detected-As
X-Proto
X-Proxied
X-Routing-Service
X-Path-Route
X-Is-Bot
X-Device-Type
X-ES-SERVER
X-Hl-Ver
X-Zipkin-Id
Machine
Access-Control-Request-Headers
TWC-Device-Class
TWC-Connection-Speed
TWC-GeoIP-LatLong
TWC-Locale-Group
Webcakes-App-Name
Vix-Hermes-Req-Id
TWC-Privacy
X-Section
Property-Id
Mn-Server-Ip
X-Viewer-Country
X-VG-TLSProxy
L5d-Success-Class
X-Origin-Hint
OT-Force-Account-Verify
X-From
Webcakes-App-Version
TWC-GeoIP-Country
X-Format
X-L-Path
X-FW-Version
Webcakes-Region
X-S
X-Hosted-By
X-Proxy
X-Environment-Context
X-Cache-Enabled
X-Backend-Name
X-Access
X-TNCMS
DB-Nickname
X-Labrador-Cache-Channel
Azure-InstanceId
X-Origin-Response-Time
X-NewRelic-App-Data
Azure-SiteName
X-Loop
Azure-SlotName
Azure-Version
Azure-RegionName
Now
X-Birta-Served
X-Birta-Cache-Post
X-Akamai-Request-ID
We-Hiring
X-EIG-Tracking-Id
X-ServerID
Mail-Subject
X-Tb
X-Status
S-Rt
X-GRACE
X-Time-Microsecs
Decoy-Debug-Status
Xserver
X-Via-Fastly
Decoy-Debug-TTL
X-FC-Vary-Parameters
Decoy-Debug-Key
X-Time
X-ProxyCache-Key
X-Proxy-Build
X-Via-CDN
X-Tumblr-Pixel-3
Cache-Tag
X-IP
Origin-Edge-Control
X-Web-Node
X-JoinUs
X-Timing-Wait
X-CCM
X-ProxyCache-Status
X-BYPASS-REASON
X-Varnish-Cacheable
X-Xfnlog-Site
Origin-Cache-Control
Selected-FE
X-Trace-Id
X-NCache
NGX
X-FB-TRIP-ID
X-Cache-Category-Id
X-OCL
X-VWS-Id
X-Human
X-Www-Served-By
X-Debug-Cache
X-LJ-Flow-ID
X-MP-GENERATED-AT
Served-By
X-PCL
X-Grey
X-Internal-Host
X-AWS-Id
X-Origin-Host
X-Cache-Operation
X-Generated
X-Newrelic-App-Data
Uber-Trace-Id
X-Site-Version
X-Rocket-Nginx-Bypass
X-Dynatrace-Js-Agent
X-Vgn-Hpd-Reason
X-UA
X-EdgeConnect-Cache-Status
AsisCache
X-VC-Cache
LB
User-Agent
X-CDN-Cache
X-R9-Blue-Green-Version
X-Rule
X-Sucuri-ID
X-NWS-LOG-UUID
X-RCS-CacheZone
X-Cluster-Node
Rt-Fastcgi-Cache
X-TIME
X-UnsetCookies
X-Cache-Remote
X-B3-Spanid
Nel
X-App-Name
X-PERF
X-ApacheServer
Release
Hostname
X-Agile-Age
X-Agile
X-Agile-Id
X-APP-VERSION
X-Datadome
X-Source
X-Nginx-Cache
Cache-Name
Pagespeed
X-Ua
X-Request-Time
X-Pubstack
X-Edge-Location
X-Ocache
X-Edge-IP
X-App-Version
X-Protected-By
Warning
X-Varnish-Beresp-Status
X-Origin
X-Varnish-Beresp-Grace
X-OVcl-Cache
X-Hit
X-Goog-Meta-Goog-Reserved-File-Mtime
X-OVcl
X-Sucuri-Cache
Thinkindot-Control
X-Trv-Group
Thinkindot-CacheControl
Request-Time
UCS
X-Twitter-Response-Tags
Thinkindot-CacheControl-Type
X-Transaction
X-SRCache-Key
X-A-Dgt
X-A-Wwc
X-A-Dcw
X-A-Ccd
X-A
Request-EU
X-Thinkindot-L3
Www
Origin
Cache-Prefix
Cross-Origin-Window-Policy
Ec-Rule-Version
Fly-Cache
BehaviorPad-Version
Arc-Country
Xc-Version
Ajk
X-VG-WebServer
Fly-Request-Id
MD5-Digest
On-Server
X-Server-Group
Rendered-Blocks
Request-Country
Node
X-Var-Ttl
Meta-Geo-Continent
N-Cache
X-VCT
X-Up
X-S-Cookie
X-Developer
X-Destination
X-Debug-Log
X-Debug-Cookies
X-Developers
X-DPWN-IS-SECURE
X-Application
X-ARC
X-G
X-External-Request-Id
X-Debug-Cache-Store
X-B-Cookie
X-Core-Value
X-Connection-Hash
X-Cache-Grace
X-CF-Lambda-Version
X-Cache-Expires
X-D
X-BB-ID
X-Debug-Cache-Fetch
X-Debug-Cache-Expiry
X-Date
X-Aed
X-Gannett-Site-Version
X-Processor
X-Platform
X-PAYTM-SRV-ID
X-Origin-TTL
X-Region-Sid
X-Request-UUID
X-ScT
X-CF-Lambda-Fn
X-Rojux
X-Rewrite-Enabled
X-Origin-CC
X-NX-Host
X-Matched-Rule
X-Logtrace-Id
X-Hp-Webp
X-Generated-In
X-Accel-Expires-Debug
X-Mobile-URL
X-NU-AKA-ACS-Version
X-NodeID
X-Nginx-Cache-Key
X-Secret
X-A-Dam
X-ElasticPress-Search
X-Cdn-Forward
SRV
X-Varnish-Ttl
X-Cache-Backend
X-Origin-Expires
Server-Int
X-Origin-Date
Server-Cache-Control
RNT-Time
Server-Surrogate-Control
Section-Io-Cache
X-ServiceProvider
X-C
X-Sf
X-Cache-ASPX
RNT-Machine
X-SIPLIST1
X-Distil-CS
Pramga
X-Distributor
X-Proxy-Cache-Status
X-Epic-Correlation-Id
Proxy-Connection
X-Device-Os
X-Skip-Cache
X-SN
X-Node-Id
X-Cache-Debug
X-Servername
X-Cache-FS-Status
X-RateLimit-Remaining-Second
X-Cache-Miss-From
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-Reboot
X-RateLimit-Limit-Second
X-Cache-Info
X-Policy
X-Qloud-Router
X-Cache-Host
X-Cache-Id
X-Refresh
X-Ah-Environment
X-Sedo-Request-Id
X-Page-Type
X-Swa-Ws
True-Client-Country-4JS
X-Crawler
X-IN-APIGATEWAY
X-Request-URI
X-CGP
X-PHP-Host
X-Cms-Context
X-Proxy-Upstream
X-No-Session
X-Geo-Header
Content-Disposition
CDCHOST
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
Country-Code
X-Li-Fabric
Fastly-SWR
Fastly-Soc-X-Request-Id
Fastly-SIE
X-Eu-Site
Cache-Cookie-Set-From
Backend
X-Irp-Debug
X-Instart-Isnd
X-Info
X-IN-WAF
X-LAGOON
AKAMAI
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Apple-News-Services-Handled
X-Li-Pop
Fastly-Backend-Name
X-Location
IsBot
X-LI-Proto
X-Varnish-Url
Magicmarker
X-Varnish-Authentication
Fastcgi-Useragent
X-TT-LOGID
X-F5-Cache
Memcached
Heartbleed
X-LI-UUID
X-Real-Ip
HA-Ipaddr
X-Webstats-RespID
Ha-Gx-Prefs
X-CACHE-KEY
X-GZip
X-CUA
X-Fastly-Cache
X-Dispatcher-Server
X-MSEdge-Flight
X-MSEdge-Features
X-Gateway-Cache-Status
X-Hash
X-GeoIP-Country-Code
X-Planisys-CDN-Cache
X-GeoIP-City
X-Level-Front-Cache
X-Generated-On
X-Gateway-Cache-Key
X-Planisys-CDN-Rules
X-Core-Mission
X-Gateway-Skip-Cache
X-Planisys-CDN-TTL
X-Cdn-Srv
X-Fetched-On
X-S-Maxage
X-Bip
Powered-By
Platform
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
SD-X-WS
X-ShardId
X-ShopId
X-Shopify-Stage
Server-Host
User-Cache-Control
Fastly-SSL
Kp-EeAlive
Is-Eu
HTTPS
X-Wikidot-Backend
Lfy
X-Variation
X-Thanos
X-User
Pagetype
X-Wikidot-Static-Cache
Web-Mar-Node
X-Amz-Meta-Cache-Control
X-Alternate-Cache-Key
X-Varnish-Beresp-Ttl
X-Via-SSL
X-Amzn-Remapped-Content-Length
X-Auto-Login
X-BBXSRF
X-Backend-Url
X-Backend-State
X-Backend-Host
X-Amzn-Remapped-Connection
X-Via-Edge
X-Amzn-Remapped-Date
X-Gen-Mode
X-Hnp-Log
X-Key
Adler-Geo
X-Server-IP
X-Block-Status
X-FireWall-Port
X-WPE-Loopback-Upstream-Addr
X-TrackingId
X-Cache-Bucket
Pragrma
X-Micro-Cache
X-RateLimit-Reset
X-Server-Time
X-Owner
X-Returned-From
X-Returned-From-BeforeDispatch
X-Passed-To-PostProcessResponse
X-Returned-From-DLL
X-Returned-From-PostProcessResponse
X-Passed-To-BeforeDispatch
X-Svr
X-Stale
X-Passed-To
X-Server-By
X-Passed-To-DLL
X-Original-Request
X-Actual-URL
X-Dc
Server-ID
X-CDN-Forward
ServerName
X-Org
X-Croise-Owner
X-Unique-ID
FNAC-ModuleRouting
X-HS-Cache-Config
Host-ID
X-Nc
X-VServer
Cteonnt-Length
X-Load-Cache
X-NC
Cdn-Request-Time
Cdn-Host
Viewtype
X-Microcachable
Gh-Request-Id
VivaBuild
REQUESTUUID
X-Aicache-OS
X-Edge-Server
DSUID
X-Parent-Response-Time
AR-SID
X-Pjax-Url
X-FPC
X-Apm-Inst-Hash
X-CSRF-TOKEN
X-Cdn-Origin
X-Apm-Svc-Key
X-Ua-Device
X-Gdpr
SID
Mime-Version
V-Age
X-Sn-Servicetimems
X-Apm-App-Name
MIME-Version
X-Oss-Server-Time
X-Oss-Request-Id
X-Oss-Hash-Crc64ecma
X-Oss-Storage-Class
X-Oss-Object-Type
X-V
X-Geo
X-Exp-Se
Rt-Proxy-Cache
X-ND-Cache
PICS-Label
Memory
Time
X-Req
X-From-Cache
X-Served-From
X-Servedbyhost
X-Wa
ProcessTime
X-URL
Odigeo-Trace-Id
CF-IPCountry
X-Tb-Optimization-Total-Bytes-Saved
HostName
X-B3-Parentspanid
X-HTML-Minification-Powered-By
X-Cache-HT
X-Optimization
X-DC
Wxu-Next-Hostname
Wxu-Next-Commit
X-Newrelic-Synthetics
X-Fstrz
Wxu-Next-Region
Resin-Trace
Public-Key-Pins-Report-Only
X-Git-Hash
Cf-Ipcountry
X-Response-By
XServer
X-Lb-Id
Cache
Cdn
X-GEO
GMS-Ver
X-Varnish-Beresp-TTL
X-Atg-Version
Fastcgi-X-Cache-Version
Proxy-Firewall
X-Release
Processtime
WZWS-RAY
X-Fastly-Backend-Reqs
X-LB-ID
X-WebServer
X-WR-MODIFICATION
X-Ratelimit-Remaining
X-Ratelimit-Limit
X-Phone
X-Amz-Meta-Surrogate-Control
X-Vcl-Version
X-TH-Server
X-APP
X-CACHE-AGE
X-Daa-Tunnel
X-CLOUD-TRACE-CONTEXT
GW-Server
X-We-Are-Hiring
CF-Cached-On
X-Clientip
X-Instart-Info
Mobile-Detection-Method
Countrycode
X-UE-Client-Country
X-Check-Cacheable
X-Host-Name
X-Hyper-Cache
Backend-Name
X-Nananana
X-HS-Status
SS
X-Vcache
X-NGINX-Cache
Ohc-File-Size
X-COUNTRY
X-Upstream-HT
X-WA
X-Ratelimit-Reset
X-Upstream-CT
X-Worker
X-Zone
X-Fastly-Country-Code
Lb
X-CSRF-Token
X-ServedByHost
409pxxline
FSS-Cache
X-HS-Combine-CSS
Xxline
X-PF-Uncompressing
X-Server-W
FSS-Proxy
225prxHost
X-Backend-TTL
355prline
189phosttRef
Pics-Label
286prxHost
219prxHost
178proxuri
188prxHost
Geoip-Latitude
352pxline
DataCenter
X-IPS-LoggedIn
GeoIp-Country-Code
X-VHOST
Geoip-City
SN
X-FORWARDED-FOR
X-SERVER-NAME
X-GZIP
X-Dynatrace
URI
Ohc-Cache-HIT
X-Render-Time
Esi-Enabled
Version
X-UPSTREAM-Address
X-Request-Start
X-BE
X-Be
X-Fpc
X-B3-SpanId
X-SRV
WP-Super-Cache
X-LiteSpeed-Cache-Control
X-CS
X-Gen-Id
X-PJAX-URL
CDN
X-VCL-Version
X-UCC
X-Unique-Id
X-ID
X-Cache-Ttl
X-Varnish-Action
X-Cdn-Cache
Who
X-AssetVersion
Dynatrace
Amp-Access-Control-Allow-Source-Origin
X-HostName
X-GDPR
X-Pf-Uncompressing
X-NGENIX-Cache
X-Cache-URL
GeoIP-Latitude
X-Contensis-Viewer-Groups
X-Html-Edge-Cache
GeoIP-City
Cneonction
RequestUuid
X-Via-Ucdn
GeoIP-Country-Code
X-Fastly-Cache-Hits
Serverid
X-ZONE
X-Akamai-Request-ID2
X-Via-NSCOPI
X-Store
X-LiteSpeed-Tag
X-Vtex-Remote-Cache
X-Vtex-Processado-Em
Accept-Language
Server-Id
X-Request-Url
A
Accept-Ch
X-NWS-UUID-VERIFY
X-Akamai-SSL-Client-Sid
Locale
X-Dw-Trace-Id
X-RequestId
X-ABtesting
X-Urbn-Context-Path
X-Urbn-Site-Id
X-Reqid
X-Hello
X-Flog
RequestId
Is-Session-Tracking
X-HTML-Edge-Cache
X-ServerName
NnCoection
X-Cdn-Request-ID
Frontcache
X-Serial
Get-Access-Time
Ohc-Response-Time
X-EC-Lua
X-Port