Threat Level: green Handler on Duty: Renato Marinho

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
X-Powered-By
Link
ETag
CF-RAY
X-XSS-Protection
Expect-CT
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
CF-Cache-Status
X-Timer
Access-Control-Allow-Headers
X-Request-Id
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-Xss-Protection
X-Drupal-Cache
X-Adblock-Key
Alt-Svc
X-Check
X-Cacheable
X-Request-ID
Content-Security-Policy-Report-Only
X-Cache-Status
X-Generator
CF-Ray
X-Permitted-Cross-Domain-Policies
X-DNS-Prefetch-Control
X-AspNetMvc-Version
X-Template
X-Language
Status
X-Iinfo
Content-Encoding
Timing-Allow-Origin
X-FRAME-OPTIONS
X-Buckets
X-Content-Security-Policy
Upgrade
X-CDN
Xkey
X-Turbo-Charged-By
X-Kinja-Server-Push
Keep-Alive
Access-Control-Expose-Headers
X-Backend
X-Cache-Group
X-Pass-Why
Access-Control-Max-Age
X-AH-Environment
P3p
X-Drupal-Dynamic-Cache
X-Age
X-Ua-Compatible
X-Pingback
X-Server
X-Via
X-Proxy-Cache
X-Amz-Id-2
X-Amz-Request-Id
Grace
X-Hacker
WPE-Backend
X-Robots-Tag
X-Varnish-Cache
X-Server-Powered-By
X-Nginx-Cache-Status
X-Page-Speed
EagleId
X-UA-Device
Request-Context
X-Envoy-Upstream-Service-Time
Cf-Railgun
X-Amz-Version-Id
X-WebKit-CSP
X-LiteSpeed-Cache
X-Swift-SaveTime
X-Swift-CacheTime
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-OneAgent-JS-Injection
X-Device
Ali-Swift-Global-Savetime
Allow
Server-Timing
X-Ac
X-Rq
X-Node
X-CST
X-Host
Content-Location
Feature-Policy
X-Cnection
X-Response-Time
X-Server-Id
Report-To
X-Type
X-Backend-Server
X-Cloud-Trace-Context
X-Application-Context
Surrogate-Control
EagleEye-TraceId
X-Iejgwucgyu
X-ORACLE-DMS-ECID
X-Url
X-Origin-Cache
Request-Id
X-Readtime
X-Rack-Cache
X-Country
X-FTR-Request-ID
X-Cache-Lookup
X-Clacks-Overhead
X-Country-Code
Rating
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
NEL
X-Instart-Request-ID
X-Vhost
X-Ruxit-JS-Agent
X-DynaTrace
Pinterest-Generated-By
X-Mod-Pagespeed
X-Origin-Upstream-Status
X-Px
X-DataDome
Edge-Control
X-Upstream-Env
X-Goog-Hash
Verso
X-Server-Name
Accept-CH
X-ESI
X-HW
X-Dispatcher
MS-Author-Via
X-VARITI-CCR
X-GitHub-Request-Id
AR-CACHE
AR-ATIME
PB-RID
AR-PoweredBy
PB-PID
X-Mobile-Rewrite
Arc-Version
X-DataStream-Cache-Status
X-ORACLE-DMS-RID
X-MS-InvokeApp
X-Kinja-Revision
X-Kinja-Server
X-Use-Magma
X-Kinja-Build
X-GoogleNews-Bot
X-Cdn-Fetch
X-Kinja
X-Exp-Id
X-Exp-Variant
X-Version
Charset
X-Cached
Content-MD5
X-Powered-By-Plesk
Public-Key-Pins
X-Server-ID
X-Recruiting
X-Dns-Prefetch-Control
Service-Worker-Allowed
Accept-CH-Lifetime
AR-Request-ID
RTSS
X-Abt-Application-Version
X-D2id
X-Navigation-Version
Ar-Sid
X-PC
X-TtlSet
X-Vname
X-Ser
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-TTL
X-Varnish-TTL
X-Amz-Server-Side-Encryption
X-Vcap-Request-Id
X-Trace
X-Forwarded-Proto
X-Client-IP
SPRequestGuid
X-DynaTrace-JS-Agent
Nginx-Cache
X-FTR-Backend
X-FTR-Backend-Server
X-FTR-Realm
X-FTR-DC
X-FTR-Cache-Status
X-Country-Code-Real
X-FTR-Balancer
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-FTR-Expires
X-VCache
X-Amz-Rid
S
X-Fastly-Request-ID
X-SharePointHealthScore
X-Amz-Meta-S3cmd-Attrs
X-Oracle-Dms-Rid
X-Debug
TCN
Arr-Disable-Session-Affinity
X-Shield-Request-Id
X-Dw-Request-Base-Id
X-Hits
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-XRDS-Location
DynaTrace
X-Upstream-Proxy
X-Pinterest-Rid
Pinterest-Version
X-Ttl
SPIisLatency
SPRequestDuration
X-Akam-SW-Version
Access-Control-Request-Method
X-T
X-FTR-Cache-Host
X-Goog-Storage-Class
X-Powered-CMS
Front-End-Https
X-SERVER
X-Acc-Meta-Resource-Type
X-NF-Request-ID
X-Id
Realpath
X-Amzn-Trace-Id
X-MSEdge-Ref
Tracecode
X-Aspnet-Version
X-B3-TraceId
X-Litespeed-Cache
X-N
X-Varnish-Age
Paypal-Debug-Id
Fastcgi-Cache
X-Content-Type
X-Forwarded-For
X-Upstream
Alternate-Protocol
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
Mrf-Cache-Status
MRF-Tech
X-B3-TraceId-Primal
X-Logged-In
X-Frontend
X-PressLabs-Stats
X-HS-Hub-Id
X-HS-Content-Id
X-RateLimit-Remaining
X-Fastcgi-Cache
Display
X-Sol
X-Content-Digest
X-Middleton-Display
Fusion-Source
Fusion-Template-Id
Fusion-Component-Id
Fusion-Content-Id
Fusion-Content-Source
Response
X-Middleton-Response
X-Hostname
AMP-Access-Control-Allow-Source-Origin
X-Srv
X-Pad
X-Accel-Expires
X-B3-Traceid
X-Cache-Key
X-Kinsta-Cache
MicrosoftSharePointTeamServices
X-Accel-Buffering
Host
Server-Name
X-Content-Options
X-Analytics
Backend-Timing
X-Correlation-Id
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
X-User-Agent
X-Revision
X-Debug-Info
X-LB-Cache
X-AppVersion
X-Amzn-RequestId
X-Az
X-Amz-Apigw-Id
X-Activity-Id
X-IPLB-Instance
FilterID
Accept-Charset
X-Rid
X-Cdn
Refresh
X-Cache-Hit
X-B3-Sampled
Surrogate-Key
X-Cache-2
Powered-By-ChinaCache
X-DIS-Request-ID
X-B
X-Grace
X-CF-Powered-By
ServerID
X-Ruxit-Js-Agent
X-Page-Id
X-Whom
Server-Info
TP-Cache
X-PHP-Backend
TP-L2-Cache
X-Request-Processing-Time
MS-CV
X-Request-Received
X-FastCGI-Cache
Host-Header
X-Cached-By
X-Content-Security-Policy-Report-Only
X-Varnish-Backend
X-TT
Source
X-Amz-Replication-Status
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
Cache-Status
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-UA-Device-Type
X-App-Environment
X-Cluster
X-Akamai-Edgescape
X-Origin-Server
X-Framework
X-Cache-Action
X-Content-Powered-By
Access-Control-Allow-Method
X-Mobile
X-Webkit-CSP
X-Platform-Server
X-Drupal-Cache-Tags
X-F-Cache
X-Tumblr-Pixel-0
X-Tumblr-User
X-Tumblr-Pixel
X-Varnish-Grace
X-Request-Guid
X-FW-Hash
X-FW-Static
X-FW-Serve
X-Instance
X-FW-Server
X-FW-Type
X-SS-Set-Cookie
X-FB-Debug
X-Zen-Fury
X-Geo-Country
X-Ezoic-Cdn
X-Shard
X-GUploader-UploadID
X-Handled-By
X-Cache-TTL
X-Magnolia-Registration
X-RateLimit-Limit
X-Forwarded-Host
From-Origin
Edge-Cache-Tag
X-Node-Name
X-ATG-Version
PageSpeed
X-Cache-Age
X-Varnish-Hostname
X-App-Server
DC
Cache-Tags
X-Varnish-Server
Cleartype
X-BCube-Filmed-By
X-AOL-HN
CACHE
X-XRDS-LOCATION
X-Cache-Control
Payment
Healthy
Upgrade-Insecure-Requests
X-Region
X-Response-Served-From
X-WebKit-CSP-Report-Only
X-Generated-By
X-RequestSource
Filters
Fastly-Restarts
X-GeoIP
X-Redis-Cache
X-TT-TIMESTAMP
X-VG-WebCache
X-TX-ID
X-Storage
X-RTag
X-Adobe-Content
NGB
Cache-Tv-Group
Webserver
Ms-Operation-Id
Server-Node
X-Adobe-Loc
X-UUID
X-Cache-Rule
Actual-Object-TTL
Country
X-Signature
X-Drupal-Cache-Contexts
Retry-After
X-B-Cache
X-Cacheable-TTL
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-Jobs
X-Locale
X-FW-Dynamic
X-Varnish-Hits
X-Content-Age
GEO-INFO
ServedBy
X-TA-CDN-Provider
Powered
Liferay-Portal
X-Contextid
Frame-Options
X-Seen-By
X-Wix-Server-Artifact-Id
X-Rendered-As
HitType
X-Oneagent-Js-Injection
X-Via-JSL
X-Cache-TTL-Remaining
X-Varnish-IP
X-Guploader-Uploadid
X-WA-Info
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Real-IP
X-BACKEND-TTL
Viewport
S-Cnection
Eomportal-Instance
X-ProcessESI
X-RemovedCookies
X-Upgrade-Enabled
X-Cache-NE
NtCoent-Length
X-Cache-Server
Xserver
Content-Style-Type
Content-Script-Type
Datacenter
X-GRACE
X-Esi
X-Cache-Config
X-Akamai-Transformed
Nel
OT-Force-Account-Verify
X-Path-Route
X-Mode
X-Device-Type
X-Detected-As
X-Varnish-Cache-Hits
X-Cache-Var-Map
X-Cache-Var
X-ES-SERVER
X-Is-Bot
Meta-Geo
X-Time
X-S
Machine
Load-Balancing
X-Proto
X-RN-RSRV
Cache-Hits
X-Hl-Ver
Cache-Key
TWC-GeoIP-LatLong
TWC-Locale-Group
Property-Id
X-Tb
TWC-GeoIP-Country
L5d-Success-Class
We-Hiring
X-From
TWC-Device-Class
Mn-Server-Ip
X-Origin-Hint
X-L-Path
Vix-Hermes-Req-Id
Mail-Subject
Webcakes-Region
Access-Control-Request-Headers
X-Viewer-Country
X-VG-TLSProxy
Webcakes-App-Version
X-FC-Vary-Parameters
Webcakes-App-Name
TWC-Privacy
X-Environment-Context
X-Hosted-By
TWC-Connection-Speed
X-Birta-Cache-Post
X-Akamai-Request-ID
Origin-Edge-Control
Origin-Cache-Control
X-Access
X-AWS-Id
X-Backend-Name
X-Birta-Served
X-Debug-Cache
X-Web-Node
X-Cache-Operation
X-Endurance-Cache-Level
X-Time-Microsecs
X-Labrador-Cache-Channel
X-Origin-Response-Time
X-Section
X-Cache-Enabled
X-Proxy
X-VWS-Id
X-FW-Version
X-LJ-Flow-ID
X-Format
X-FB-TRIP-ID
X-TNCMS
X-Loop
DB-Nickname
X-ProxyCache-Key
X-ProxyCache-Status
X-Routing-Service
X-Proxy-Build
NGX
X-Zipkin-Id
X-PCL
S-Rt
Selected-FE
X-NCache
X-JoinUs
X-IP
X-Xfnlog-Site
X-Proxied
Now
X-Human
Azure-Version
X-ServerID
X-Timing-Wait
Cache-Tag
X-Varnish-Cacheable
X-BYPASS-REASON
X-Trace-Id
X-Via-CDN
X-Via-Fastly
Azure-SiteName
Azure-SlotName
X-CCM
Azure-RegionName
Azure-InstanceId
X-OCL
X-EIG-Tracking-Id
X-Cache-Category-Id
X-Tumblr-Pixel-3
X-Generated
X-Grey
X-Vgn-Hpd-Reason
X-Rocket-Nginx-Bypass
X-Www-Served-By
X-Site-Version
Decoy-Debug-TTL
Decoy-Debug-Status
Decoy-Debug-Key
X-MP-GENERATED-AT
X-NWS-LOG-UUID
ViewerVersion
X-Wix-Request-Id
Uber-Trace-Id
X-RCS-CacheZone
X-Status
X-CDN-Cache
X-VC-Cache
X-EdgeConnect-Cache-Status
Served-By
X-Internal-Host
X-Newrelic-App-Data
X-R9-Blue-Green-Version
X-Cache-Remote
X-UA
X-Rule
X-Dynatrace-Js-Agent
LB
X-NewRelic-App-Data
Release
X-UnsetCookies
AsisCache
X-Origin-Host
X-Sucuri-ID
X-Cluster-Node
Rt-Fastcgi-Cache
X-TIME
X-ApacheServer
X-PERF
Pagespeed
User-Agent
X-App-Name
X-Nginx-Cache
X-Source
X-APP-VERSION
X-Agile-Id
X-Agile
X-Agile-Age
X-Ua
X-Datadome
X-Request-Time
X-B3-Spanid
Cache-Name
Hostname
X-App-Version
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Origin
X-Edge-Location
X-Hit
X-OVcl-Cache
X-OVcl
X-VCT
X-Pubstack
X-Origin-TTL
X-Origin-CC
X-Edge-IP
X-A
Www
X-A-Wwc
X-A-Dcw
X-A-Dgt
X-ARC
X-A-Dam
X-Aed
X-Accel-Expires-Debug
X-Application
UCS
X-A-Ccd
Rendered-Blocks
Ec-Rule-Version
Fly-Cache
Fly-Request-Id
MD5-Digest
Cross-Origin-Window-Policy
Cache-Prefix
X-Sucuri-Cache
Ajk
Arc-Country
BehaviorPad-Version
Meta-Geo-Continent
Node
Server-Cache-Control
Server-Surrogate-Control
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
Request-Time
Request-EU
On-Server
X-B-Cookie
Request-Country
Thinkindot-Control
X-External-Request-Id
X-Request-UUID
X-Region-Sid
X-Rewrite-Enabled
X-Rojux
X-S-Cookie
X-Processor
X-Platform
X-NodeID
X-NU-AKA-ACS-Version
X-NX-Host
X-PAYTM-SRV-ID
X-ScT
X-Secret
X-Var-Ttl
X-Up
X-Varnish-Authentication
X-VG-WebServer
Xc-Version
X-Twitter-Response-Tags
X-Trv-Group
X-Server-Group
X-SRCache-Key
X-Thinkindot-L3
X-Transaction
X-Mobile-URL
X-Matched-Rule
X-Debug-Cache-Expiry
X-Date
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-Debug-Cookies
X-D
X-CF-Lambda-Version
X-Cache-ASPX
X-Cache-Expires
X-Cache-Grace
X-CF-Lambda-Fn
X-Debug-Log
X-Destination
X-IN-APIGATEWAY
X-IN-WAF
X-Instart-Isnd
X-Logtrace-Id
X-Hp-Webp
X-Generated-In
X-Developer
X-DPWN-IS-SECURE
X-G
X-Gannett-Site-Version
X-BB-ID
X-Connection-Hash
Warning
X-Ocache
X-Protected-By
X-Varnish-Beresp-Grace
X-ElasticPress-Search
X-Varnish-Beresp-Status
User-Cache-Control
X-Cache-Backend
SRV
X-WPE-Loopback-Upstream-Addr
X-No-Session
X-LAGOON
X-LI-UUID
X-Li-Pop
X-LI-Proto
X-Origin-Date
Server-Host
X-Li-Fabric
X-Origin-Expires
Origin
X-Cache-Debug
X-Proxy-Cache-Status
X-Proxy-Upstream
X-RateLimit-Limit-Second
X-Policy
X-PHP-Host
Proxy-Connection
Pramga
X-Page-Type
X-Cdn-Forward
X-Key
True-Client-Country-4JS
X-Amzn-Remapped-Date
X-Device-Os
X-Dispatcher-Server
X-Amzn-Remapped-Connection
X-Distil-CS
X-Developers
X-Crawler
X-Cache-Id
X-Block-Status
X-CGP
X-Core-Value
X-Distributor
X-Epic-Correlation-Id
X-Hnp-Log
N-Cache
X-Cache-Host
X-Info
X-Hash
X-C
X-Eu-Site
X-Gen-Mode
X-Geo-Header
Web-Mar-Node
X-Irp-Debug
Pagetype
X-RateLimit-Remaining-Second
CDCHOST
X-TT-LOGID
Backend
Country-Code
X-SN
Fastly-SWR
Fastly-SIE
Fastly-Backend-Name
X-Varnish-Url
Apple-News-Services-Request-Url
X-Cache-Info
X-F5-Cache
X-Webstats-RespID
Memcached
Lfy
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Apple-News-Services-Handled
X-Sf
X-Swa-Ws
X-Request-URI
Heartbleed
Ha-Gx-Prefs
X-Refresh
X-Reboot
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
Kp-EeAlive
X-Servername
HA-Ipaddr
X-ServiceProvider
DSUID
X-FireWall-Port
X-Varnish-Ttl
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-ShopId
X-Via-SSL
X-Shopify-Stage
X-Nginx-Cache-Key
X-Micro-Cache
X-Via-Edge
X-Cache-Miss-From
X-CACHE-KEY
X-Cache-FS-Status
X-Fastly-Cache
X-Qloud-Router
X-ShardId
X-Cache-Bucket
X-Level-Front-Cache
X-Cms-Context
X-S-Maxage
X-GeoIP-Country-Code
X-GeoIP-City
X-SIPLIST1
X-TrackingId
X-Sedo-Request-Id
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Thanos
X-User
X-Variation
X-Gateway-Cache-Key
X-Fetched-On
X-Skip-Cache
X-Gateway-Cache-Status
X-Gateway-Skip-Cache
X-Generated-On
X-Location
X-Server-IP
X-Real-Ip
RNT-Machine
Fastly-Soc-X-Request-Id
X-Amzn-Remapped-Content-Length
Cache-Cookie-Set-Lfrom
RNT-Time
SD-X-WS
Cache-Cookie-Set-Idcheck
X-Ah-Environment
X-Amz-Meta-Cache-Control
Magicmarker
Platform
IsBot
Is-Eu
X-Alternate-Cache-Key
HTTPS
Cache-Cookie-Set-From
Content-Disposition
AKAMAI
Server-Int
X-Bip
X-Backend-State
X-BBXSRF
Adler-Geo
Cteonnt-Length
X-MSEdge-Flight
X-Backend-Url
X-Planisys-CDN-TTL
ServerName
X-Owner
X-Node-Id
X-Planisys-CDN-Cache
FNAC-ModuleRouting
X-Planisys-CDN-Rules
X-Cdn-Srv
X-Server-Time
X-Backend-Host
X-Auto-Login
X-Core-Mission
Fastly-SSL
X-MSEdge-Features
X-GZip
X-RateLimit-Reset
Server-ID
X-Varnish-Beresp-Ttl
Powered-By
X-Org
Section-Io-Cache
X-CUA
Gh-Request-Id
X-Nc
REQUESTUUID
X-Cdn-Origin
X-Apm-App-Name
V-Age
X-FPC
X-Apm-Inst-Hash
X-Apm-Svc-Key
X-CDN-Forward
X-Load-Cache
X-Sn-Servicetimems
X-Pjax-Url
Pragrma
Viewtype
VivaBuild
MIME-Version
X-Dc
X-NC
Cache
X-Stale
X-Actual-URL
X-Passed-To-PostProcessResponse
X-Svr
X-Passed-To
X-Passed-To-BeforeDispatch
X-Passed-To-DLL
X-Returned-From
X-Returned-From-BeforeDispatch
X-Geo
X-Server-By
Rt-Proxy-Cache
X-Aicache-OS
X-ND-Cache
X-Returned-From-PostProcessResponse
X-Original-Request
X-Exp-Se
X-Returned-From-DLL
Fastcgi-Useragent
X-Parent-Response-Time
X-VServer
Host-ID
X-Gdpr
X-Croise-Owner
X-HS-Cache-Config
Cdn-Request-Time
X-Edge-Server
HostName
Cdn-Host
X-CSRF-TOKEN
X-Unique-ID
X-Served-From
X-Ua-Device
X-B3-Parentspanid
X-Microcachable
Memory
Time
PICS-Label
X-DC
Mime-Version
X-Wa
X-Oss-Request-Id
X-Oss-Object-Type
Wxu-Next-Region
Resin-Trace
X-Servedbyhost
X-Oss-Hash-Crc64ecma
Wxu-Next-Hostname
X-Oss-Storage-Class
Wxu-Next-Commit
SID
X-Oss-Server-Time
X-Git-Hash
ProcessTime
X-Newrelic-Synthetics
X-V
CF-IPCountry
X-Tb-Optimization-Total-Bytes-Saved
X-Req
X-From-Cache
X-Optimization
X-ID
X-Cache-HT
AR-SID
Cf-Ipcountry
Odigeo-Trace-Id
X-Lb-Id
X-Release
Cdn
X-Host-Name
X-WebServer
X-TH-Server
X-HTML-Minification-Powered-By
X-Varnish-Beresp-TTL
CF-Cached-On
X-Fstrz
X-Ratelimit-Remaining
X-Atg-Version
XServer
X-APP
X-Daa-Tunnel
Processtime
Proxy-Firewall
X-Instart-Info
X-Phone
X-Response-By
Public-Key-Pins-Report-Only
X-Ratelimit-Limit
GMS-Ver
X-WR-MODIFICATION
X-LB-ID
X-Vcl-Version
Backend-Name
X-Check-Cacheable
X-Upstream-CT
X-Upstream-HT
X-Fastly-Backend-Reqs
X-Worker
WZWS-RAY
X-Zone
X-GEO
Fastcgi-X-Cache-Version
X-CLOUD-TRACE-CONTEXT
X-CACHE-AGE
178proxuri
X-Server-W
Xxline
188prxHost
352pxline
X-B3-SpanId
219prxHost
286prxHost
225prxHost
355prline
189phosttRef
409pxxline
X-Amz-Meta-Surrogate-Control
X-Backend-TTL
X-Vcache
X-WA
X-NGINX-Cache
X-Nananana
Version
X-ServedByHost
X-IPS-LoggedIn
X-CSRF-Token
Countrycode
X-Ratelimit-Reset
X-Clientip
X-UE-Client-Country
X-We-Are-Hiring
GW-Server
Mobile-Detection-Method
Pics-Label
X-HS-Status
X-URL
Lb
SS
Geoip-Latitude
SN
GeoIp-Country-Code
X-Fastly-Country-Code
X-UPSTREAM-Address
X-Hyper-Cache
Ohc-File-Size
WP-Super-Cache
DataCenter
X-Contensis-Viewer-Groups
X-AssetVersion
Esi-Enabled
X-SERVER-NAME
X-VCL-Version
Geoip-City
X-Akamai-Request-ID2
X-Dynatrace
X-GZIP
X-SRV
Accept-Language
X-Request-Start
X-Render-Time
X-PF-Uncompressing
GeoIP-Country-Code
GeoIP-City
FSS-Cache
FSS-Proxy
GeoIP-Latitude
X-HS-Combine-CSS
X-BE
URI
Serverid
X-Via-Ucdn
X-LiteSpeed-Cache-Control
X-GDPR
X-CS
X-Be
X-Vtex-Processado-Em
X-RequestId
X-Vtex-Remote-Cache
X-Unique-Id
X-ZONE
X-Urbn-Site-Id
X-Urbn-Context-Path
X-Gen-Id
Locale
X-Via-NSCOPI
X-Reqid
X-NWS-UUID-VERIFY
X-Fpc
CDN
X-PJAX-URL
Ohc-Cache-HIT
Dynatrace
Amp-Access-Control-Allow-Source-Origin
X-HostName
X-FORWARDED-FOR
FastCGI-Cache
RequestUuid
X-Flog
X-ABtesting
X-Fastly-Cache-Hits
X-Pf-Uncompressing
X-Html-Edge-Cache
X-UCC
Cneonction
X-Hello
X-Cdn-Cache
X-Cache-Ttl
Who
X-LiteSpeed-Tag
X-Store
X-Generation-Time
X-Varnish-Action
Accept-Ch
X-Request-Url
IBM-Web2-Location
A
Server-Id
X-Akamai-SSL-Client-Sid
X-Dw-Trace-Id
Frontcache
Dnion-Transfer-Encoding
X-HTML-Edge-Cache
Is-Session-Tracking
X-Cache-URL
X-Cdn-Request-ID
Ohc-Response-Time
NnCoection
X-ServerName
X-Port
X-Serial
Get-Access-Time
X-EC-Lua