Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
X-Powered-By
Link
ETag
CF-RAY
X-XSS-Protection
Expect-CT
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-Cache-Hits
X-UA-Compatible
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
CF-Cache-Status
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Xss-Protection
X-AspNet-Version
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
Alt-Svc
X-Check
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
X-Cache-Status
CF-Ray
X-Request-ID
X-Permitted-Cross-Domain-Policies
X-AspNetMvc-Version
X-DNS-Prefetch-Control
X-Template
X-Language
Status
X-Iinfo
Content-Encoding
X-FRAME-OPTIONS
Timing-Allow-Origin
X-Buckets
X-Content-Security-Policy
X-CDN
Upgrade
Xkey
X-Turbo-Charged-By
X-Kinja-Server-Push
X-Ua-Compatible
Keep-Alive
Access-Control-Expose-Headers
P3p
X-Backend
X-Cache-Group
X-Pass-Why
X-AH-Environment
Access-Control-Max-Age
X-Drupal-Dynamic-Cache
X-Age
X-Pingback
X-Server
X-Proxy-Cache
X-Via
X-Amz-Request-Id
X-Amz-Id-2
Grace
X-Hacker
X-Robots-Tag
X-Server-Powered-By
X-Nginx-Cache-Status
WPE-Backend
X-Varnish-Cache
X-Page-Speed
X-UA-Device
EagleId
Request-Context
X-Envoy-Upstream-Service-Time
Cf-Railgun
X-Amz-Version-Id
X-LiteSpeed-Cache
X-WebKit-CSP
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Swift-SaveTime
X-Swift-CacheTime
X-OneAgent-JS-Injection
X-Device
Ali-Swift-Global-Savetime
Allow
Server-Timing
X-CST
X-Ac
X-Rq
X-Node
X-Host
Feature-Policy
Content-Location
X-Type
X-Server-Id
X-Cnection
X-Response-Time
Report-To
X-Backend-Server
X-Application-Context
Surrogate-Control
X-Cloud-Trace-Context
EagleEye-TraceId
X-Iejgwucgyu
X-ORACLE-DMS-ECID
X-Readtime
X-Origin-Cache
Request-Id
X-Rack-Cache
X-Url
X-FTR-Request-ID
X-Country
X-Clacks-Overhead
X-Cache-Lookup
X-Country-Code
Rating
NEL
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Instart-Request-ID
X-Dns-Prefetch-Control
X-Ruxit-JS-Agent
Pinterest-Generated-By
X-Vhost
X-Mod-Pagespeed
X-Upstream-Env
X-DynaTrace
X-Origin-Upstream-Status
X-Px
X-DataDome
Edge-Control
X-Goog-Hash
Verso
X-Server-Name
Accept-CH
X-Dispatcher
X-HW
X-ORACLE-DMS-RID
X-ESI
MS-Author-Via
X-GitHub-Request-Id
X-VARITI-CCR
X-DataStream-Cache-Status
Arc-Version
PB-PID
PB-RID
X-Mobile-Rewrite
X-MS-InvokeApp
AR-ATIME
Charset
AR-PoweredBy
AR-CACHE
X-Kinja
X-Kinja-Server
X-Cdn-Fetch
X-Use-Magma
X-Exp-Variant
X-Kinja-Build
X-GoogleNews-Bot
X-Exp-Id
X-Kinja-Revision
X-Cached
X-Version
Content-MD5
X-Powered-By-Plesk
X-Recruiting
Public-Key-Pins
Service-Worker-Allowed
Accept-CH-Lifetime
AR-Request-ID
X-Abt-Application-Version
X-D2id
RTSS
X-Navigation-Version
Ar-Sid
X-TtlSet
X-Vname
X-PC
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Ser
X-Server-ID
X-Varnish-TTL
X-Trace
X-TTL
X-Forwarded-Proto
X-Vcap-Request-Id
X-Amz-Server-Side-Encryption
X-Client-IP
SPRequestGuid
X-DynaTrace-JS-Agent
Nginx-Cache
X-FTR-DC
X-FTR-Realm
X-FTR-Cache-Status
X-Country-Code-Real
X-FTR-Backend
X-FTR-Backend-Server
X-FTR-Balancer
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-Goog-Generation
X-VCache
X-Amz-Rid
X-SharePointHealthScore
X-FTR-Expires
X-Fastly-Request-ID
S
X-Amz-Meta-S3cmd-Attrs
X-Debug
X-XRDS-Location
Arr-Disable-Session-Affinity
TCN
X-Shield-Request-Id
X-Ttl
X-Dw-Request-Base-Id
X-TEC-API-VERSION
X-Hits
X-TEC-API-ORIGIN
X-TEC-API-ROOT
SPRequestDuration
SPIisLatency
DynaTrace
Pinterest-Version
X-Id
X-Upstream-Proxy
X-Pinterest-Rid
X-Oracle-Dms-Rid
X-Akam-SW-Version
Access-Control-Request-Method
X-SERVER
X-T
X-FTR-Cache-Host
X-Goog-Storage-Class
Front-End-Https
X-Powered-CMS
X-B3-TraceId
X-Aspnet-Version
X-NF-Request-ID
X-Acc-Meta-Resource-Type
X-Amzn-Trace-Id
X-MSEdge-Ref
Realpath
Fastcgi-Cache
Tracecode
X-N
X-Varnish-Age
Paypal-Debug-Id
X-Content-Type
X-Forwarded-For
Alternate-Protocol
X-Upstream
X-RateLimit-Remaining
Mrf-Cache-Status
MRF-Tech
X-B3-TraceId-Primal
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
Display
X-Middleton-Display
X-Sol
X-Logged-In
X-PressLabs-Stats
X-Frontend
X-HS-Content-Id
X-HS-Hub-Id
X-Content-Digest
Response
X-Middleton-Response
Fusion-Component-Id
Fusion-Content-Id
Fusion-Content-Source
Fusion-Source
Fusion-Template-Id
X-Litespeed-Cache
AMP-Access-Control-Allow-Source-Origin
X-Hostname
X-Accel-Buffering
X-Cache-Key
X-Srv
X-Pad
X-Accel-Expires
X-Kinsta-Cache
MicrosoftSharePointTeamServices
Server-Name
X-B3-Traceid
Host
X-FastCGI-Cache
X-User-Agent
X-Content-Options
Backend-Timing
X-Analytics
X-Correlation-Id
Refresh
X-Debug-Info
X-LB-Cache
X-Fastcgi-Cache
X-DataStream-Origin-MEX-Latency
X-Revision
X-Rid
X-Amz-Apigw-Id
X-Amzn-RequestId
X-DataStream-MidMile-RTT
X-DIS-Request-ID
X-IPLB-Instance
X-B
Accept-Charset
FilterID
X-Az
X-AppVersion
X-Activity-Id
X-Cache-2
X-Cache-Hit
X-B3-Sampled
ServerID
Surrogate-Key
X-CF-Powered-By
Powered-By-ChinaCache
X-Grace
X-Page-Id
X-Whom
X-PHP-Backend
Server-Info
TP-Cache
TP-L2-Cache
X-Webkit-CSP
Host-Header
X-Request-Processing-Time
X-Request-Received
X-Content-Security-Policy-Report-Only
X-Ruxit-Js-Agent
X-Amz-Replication-Status
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-TT
X-Varnish-Backend
MS-CV
Source
X-Akamai-Edgescape
X-Kong-Upstream-Latency
X-Cache-Action
X-Origin-Server
X-App-Environment
X-Framework
X-Kong-Proxy-Latency
X-Cluster
X-Content-Powered-By
Cache-Status
X-Tumblr-Pixel
X-Tumblr-User
X-Mobile
X-Tumblr-Pixel-0
X-Platform-Server
Access-Control-Allow-Method
X-GUploader-UploadID
X-Cached-By
X-FW-Serve
X-FW-Server
X-FW-Hash
X-FW-Static
X-F-Cache
X-RateLimit-Limit
X-FW-Type
X-Instance
X-Request-Guid
X-Drupal-Cache-Tags
X-UA-Device-Type
X-Ezoic-Cdn
X-Varnish-Grace
X-Shard
X-SS-Set-Cookie
X-Geo-Country
X-Handled-By
X-FB-Debug
X-Zen-Fury
X-Magnolia-Registration
X-Cache-TTL
X-Forwarded-Host
PageSpeed
Edge-Cache-Tag
From-Origin
X-ATG-Version
CACHE
X-Node-Name
X-App-Server
X-Cache-Age
DC
X-Varnish-Server
X-Varnish-Hostname
Cleartype
Cache-Tags
X-AOL-HN
X-BCube-Filmed-By
X-Cache-Control
Payment
X-Region
X-Wix-Server-Artifact-Id
X-RequestSource
X-WebKit-CSP-Report-Only
Filters
X-Response-Served-From
X-Generated-By
X-Adobe-Content
Upgrade-Insecure-Requests
X-Adobe-Loc
X-TX-ID
X-Redis-Cache
X-TT-TIMESTAMP
X-Storage
X-GeoIP
X-VG-WebCache
NGB
Healthy
Webserver
Cache-Tv-Group
X-UUID
Ms-Operation-Id
Retry-After
Server-Node
X-B-Cache
Country
X-Drupal-Cache-Contexts
X-Jobs
X-Signature
Actual-Object-TTL
X-FW-Dynamic
X-RTag
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-Varnish-Hits
X-XRDS-LOCATION
X-Content-Age
X-Cacheable-TTL
GEO-INFO
X-Locale
ServedBy
X-Cache-Rule
Liferay-Portal
X-Seen-By
Fastly-Restarts
X-Contextid
X-Esi
X-Via-JSL
Powered
Frame-Options
X-Rendered-As
X-Oneagent-Js-Injection
HitType
X-Cache-TTL-Remaining
X-Varnish-IP
X-TA-CDN-Provider
X-BACKEND-TTL
S-Cnection
X-Yottaa-Metrics
X-Yottaa-Optimizations
Viewport
X-Real-IP
X-WA-Info
X-Guploader-Uploadid
Content-Script-Type
X-GRACE
Content-Style-Type
X-Cache-Server
X-Upgrade-Enabled
Eomportal-Instance
X-RemovedCookies
X-ProcessESI
Datacenter
ViewerVersion
X-Wix-Request-Id
X-Mode
X-Cache-NE
X-Cache-Config
NtCoent-Length
X-Akamai-Transformed
Machine
Load-Balancing
X-Endurance-Cache-Level
Cache-Hits
Cache-Key
Mn-Server-Ip
X-Varnish-Cache-Hits
Meta-Geo
X-S
X-Proto
X-Path-Route
X-Routing-Service
X-Cache-Var-Map
X-Zipkin-Id
X-Detected-As
X-RN-RSRV
X-Proxied
X-Device-Type
X-Cache-Var
X-ES-SERVER
X-Is-Bot
X-From
X-Hl-Ver
TWC-Device-Class
TWC-Connection-Speed
Access-Control-Request-Headers
TWC-GeoIP-LatLong
X-Environment-Context
TWC-Locale-Group
Property-Id
Webcakes-App-Name
OT-Force-Account-Verify
X-Hosted-By
X-FC-Vary-Parameters
L5d-Success-Class
X-L-Path
X-Cdn
X-Origin-Hint
X-LJ-Flow-ID
TWC-GeoIP-Country
TWC-Privacy
X-Cache-Enabled
X-Viewer-Country
X-AWS-Id
X-Backend-Name
Vix-Hermes-Req-Id
X-Section
X-Access
X-VWS-Id
Webcakes-App-Version
X-VG-TLSProxy
Webcakes-Region
X-Birta-Served
X-Labrador-Cache-Channel
X-FW-Version
Azure-Version
X-Birta-Cache-Post
Decoy-Debug-Key
X-Akamai-Request-ID
DB-Nickname
Decoy-Debug-Status
We-Hiring
X-Loop
X-Debug-Cache
X-TNCMS
X-Via-CDN
X-Proxy
X-Time-Microsecs
X-Status
X-EIG-Tracking-Id
X-ServerID
S-Rt
Azure-SlotName
X-Tb
X-Origin-Response-Time
Mail-Subject
Now
Origin-Cache-Control
X-Web-Node
Origin-Edge-Control
X-Format
Decoy-Debug-TTL
X-Time
Xserver
Azure-SiteName
Azure-InstanceId
Azure-RegionName
X-Proxy-Build
X-Human
X-OCL
X-FB-TRIP-ID
X-ProxyCache-Key
X-CCM
Cache-Tag
X-Timing-Wait
Selected-FE
X-Trace-Id
X-Via-Fastly
X-BYPASS-REASON
X-IP
X-JoinUs
X-Xfnlog-Site
NGX
X-NCache
X-ProxyCache-Status
X-Tumblr-Pixel-3
X-PCL
X-Varnish-Cacheable
X-Www-Served-By
X-Cache-Category-Id
X-Generated
X-Site-Version
X-MP-GENERATED-AT
X-Internal-Host
X-Newrelic-App-Data
X-Grey
X-Cache-Operation
X-Vgn-Hpd-Reason
X-Rocket-Nginx-Bypass
Served-By
Uber-Trace-Id
X-Dynatrace-Js-Agent
X-UA
X-NewRelic-App-Data
X-VC-Cache
X-Origin-Host
X-R9-Blue-Green-Version
X-Sucuri-ID
X-EdgeConnect-Cache-Status
X-NWS-LOG-UUID
X-CDN-Cache
LB
X-RCS-CacheZone
X-Rule
AsisCache
X-Cache-Remote
User-Agent
X-Cluster-Node
Rt-Fastcgi-Cache
X-UnsetCookies
X-TIME
Nel
X-App-Name
Release
X-ApacheServer
X-PERF
X-B3-Spanid
X-APP-VERSION
Pagespeed
X-Agile-Id
X-Agile
X-Agile-Age
X-Datadome
X-Nginx-Cache
X-Source
Hostname
Cache-Name
X-Request-Time
X-Ua
X-Edge-Location
X-Sucuri-Cache
X-Ocache
X-Pubstack
X-Edge-IP
X-Goog-Meta-Goog-Reserved-File-Mtime
X-OVcl
X-Origin
X-Hit
X-OVcl-Cache
X-App-Version
Warning
X-ElasticPress-Search
X-Protected-By
X-Debug-Log
X-Developer
X-Destination
X-Logtrace-Id
Arc-Country
BehaviorPad-Version
X-Matched-Rule
Cache-Prefix
X-Application
X-Debug-Cache-Expiry
X-Date
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-B-Cookie
X-Mobile-URL
X-ARC
X-Debug-Cookies
X-Connection-Hash
X-Generated-In
X-CF-Lambda-Version
X-Gannett-Site-Version
X-CF-Lambda-Fn
X-Hp-Webp
Fly-Request-Id
X-Cache-Expires
Fly-Cache
X-BB-ID
X-G
X-Cache-Grace
Ajk
X-Core-Value
X-DPWN-IS-SECURE
Cross-Origin-Window-Policy
X-External-Request-Id
Ec-Rule-Version
X-Developers
X-Accel-Expires-Debug
X-Rojux
X-Rewrite-Enabled
X-S-Cookie
X-ScT
X-Var-Ttl
X-Request-UUID
X-A
X-A-Dam
Origin
X-A-Ccd
X-Region-Sid
Thinkindot-Control
X-Secret
Www
Request-Time
Request-EU
X-Thinkindot-L3
X-Transaction
X-Trv-Group
X-SRCache-Key
Request-Country
X-Up
X-Server-Group
X-Twitter-Response-Tags
UCS
Rendered-Blocks
On-Server
Thinkindot-CacheControl-Type
X-Platform
X-Origin-CC
Meta-Geo-Continent
X-NX-Host
Xc-Version
MD5-Digest
X-Origin-TTL
X-PAYTM-SRV-ID
X-D
X-NU-AKA-ACS-Version
X-Processor
X-A-Dgt
X-A-Dcw
X-VG-WebServer
Node
N-Cache
Thinkindot-CacheControl
X-A-Wwc
X-NodeID
X-Aed
X-Cache-Backend
X-Varnish-Ttl
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
True-Client-Country-4JS
SRV
X-Crawler
Server-Surrogate-Control
X-Cache-Miss-From
X-Cache-ASPX
X-Cache-Host
X-C
X-Block-Status
X-Amzn-Remapped-Connection
X-Cache-Id
X-Cache-Info
User-Cache-Control
Web-Mar-Node
X-CGP
X-Amzn-Remapped-Date
X-Cms-Context
X-Node-Id
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Reboot
X-Refresh
X-Request-URI
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Policy
X-PHP-Host
X-Proxy-Cache-Status
X-Proxy-Upstream
X-Qloud-Router
X-Sedo-Request-Id
X-Servername
X-VCT
X-Varnish-Url
X-Via-Edge
X-Via-SSL
X-Webstats-RespID
X-Varnish-Authentication
X-TT-LOGID
X-Sf
X-ServiceProvider
X-SIPLIST1
X-SN
X-Swa-Ws
X-Page-Type
X-Origin-Expires
X-Hash
X-Geo-Header
X-Hnp-Log
X-IN-APIGATEWAY
X-IN-WAF
X-Gen-Mode
X-F5-Cache
X-Distil-CS
X-Dispatcher-Server
X-Distributor
X-Epic-Correlation-Id
X-Eu-Site
X-Info
X-Instart-Isnd
X-Nginx-Cache-Key
X-Location
X-No-Session
Server-Int
X-Origin-Date
X-LI-UUID
X-LI-Proto
X-Key
X-Irp-Debug
X-LAGOON
X-Li-Fabric
X-Li-Pop
X-Device-Os
X-Cache-Debug
Fastly-Soc-X-Request-Id
Fastly-SIE
Fastly-Backend-Name
Country-Code
X-Ah-Environment
Fastly-SWR
Magicmarker
IsBot
Heartbleed
HA-Ipaddr
Content-Disposition
CDCHOST
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Apple-News-Services-Handled
AKAMAI
Apple-News-Services-Request-Url
Backend
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
Memcached
Ha-Gx-Prefs
X-Real-Ip
Server-Host
Pramga
Proxy-Connection
Pagetype
Server-Cache-Control
X-Cdn-Forward
RNT-Machine
RNT-Time
X-FireWall-Port
X-Server-IP
X-Variation
X-Shopify-Stage
X-Skip-Cache
X-Planisys-CDN-Cache
X-Level-Front-Cache
X-ShardId
X-User
X-Core-Mission
SD-X-WS
X-Fastly-Cache
X-Gateway-Skip-Cache
X-Gateway-Cache-Status
X-Fetched-On
X-Gateway-Cache-Key
X-Generated-On
X-GeoIP-City
Adler-Geo
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-GeoIP-Country-Code
X-Cdn-Srv
X-ShopId
X-Auto-Login
X-Sorting-Hat-ShopId
Is-Eu
X-Backend-Host
HTTPS
X-Backend-State
Kp-EeAlive
Lfy
X-Alternate-Cache-Key
X-Planisys-CDN-Rules
X-Amz-Meta-Cache-Control
X-Planisys-CDN-TTL
X-Amzn-Remapped-Content-Length
X-BBXSRF
X-Backend-Url
X-TrackingId
X-Cache-FS-Status
X-Cache-Bucket
X-MSEdge-Flight
X-MSEdge-Features
Fastly-SSL
Platform
X-Sorting-Hat-PodId
X-S-Maxage
X-Bip
X-Thanos
X-CACHE-KEY
Section-Io-Cache
X-Varnish-Beresp-Ttl
X-GZip
X-WPE-Loopback-Upstream-Addr
X-Owner
X-Micro-Cache
X-RateLimit-Reset
X-Server-Time
X-CUA
Powered-By
Fastcgi-Useragent
Cteonnt-Length
Server-ID
ServerName
Pragrma
FNAC-ModuleRouting
X-CDN-Forward
DSUID
X-Returned-From-BeforeDispatch
X-Passed-To-BeforeDispatch
X-Passed-To
X-Returned-From-PostProcessResponse
X-Returned-From-DLL
X-Org
X-Server-By
X-Original-Request
X-Passed-To-DLL
X-Stale
X-Returned-From
X-Passed-To-PostProcessResponse
X-Actual-URL
X-Svr
Gh-Request-Id
X-Load-Cache
X-Nc
X-Dc
X-NC
VivaBuild
Host-ID
REQUESTUUID
Viewtype
X-Aicache-OS
X-Parent-Response-Time
X-HS-Cache-Config
X-VServer
X-Croise-Owner
X-Unique-ID
MIME-Version
Cdn-Request-Time
X-Edge-Server
X-Pjax-Url
X-Apm-Inst-Hash
X-FPC
X-Cdn-Origin
V-Age
X-Sn-Servicetimems
X-Apm-Svc-Key
X-Apm-App-Name
Cdn-Host
X-Microcachable
Rt-Proxy-Cache
X-ND-Cache
X-Ua-Device
X-Exp-Se
X-Geo
X-CSRF-TOKEN
X-Gdpr
SID
X-Served-From
PICS-Label
X-Oss-Server-Time
X-Oss-Object-Type
X-Oss-Request-Id
X-Oss-Storage-Class
X-Oss-Hash-Crc64ecma
Mime-Version
X-V
HostName
Time
X-Wa
Memory
X-Servedbyhost
X-B3-Parentspanid
X-From-Cache
X-DC
Cache
ProcessTime
X-Req
X-URL
CF-IPCountry
Resin-Trace
X-Tb-Optimization-Total-Bytes-Saved
Odigeo-Trace-Id
Wxu-Next-Hostname
Wxu-Next-Commit
Wxu-Next-Region
X-Git-Hash
X-Optimization
X-Cache-HT
X-Newrelic-Synthetics
AR-SID
X-HTML-Minification-Powered-By
Cf-Ipcountry
X-Fstrz
XServer
X-Lb-Id
X-Release
Cdn
Public-Key-Pins-Report-Only
X-Response-By
X-Atg-Version
X-Varnish-Beresp-TTL
X-WebServer
Proxy-Firewall
GMS-Ver
X-GEO
X-LB-ID
Fastcgi-X-Cache-Version
X-Phone
Processtime
X-WR-MODIFICATION
X-Fastly-Backend-Reqs
X-TH-Server
X-Host-Name
X-Ratelimit-Remaining
X-APP
X-Ratelimit-Limit
X-Instart-Info
WZWS-RAY
X-Vcl-Version
CF-Cached-On
X-Daa-Tunnel
X-CACHE-AGE
X-CLOUD-TRACE-CONTEXT
X-Amz-Meta-Surrogate-Control
Backend-Name
X-Check-Cacheable
X-Upstream-CT
X-Upstream-HT
X-We-Are-Hiring
X-NGINX-Cache
X-Worker
X-Vcache
GW-Server
X-UE-Client-Country
Mobile-Detection-Method
X-Clientip
Countrycode
X-COUNTRY
X-Zone
Xxline
X-Fastly-Country-Code
X-Ratelimit-Reset
SS
X-Server-W
X-HS-Status
X-WA
X-Nananana
286prxHost
X-Hyper-Cache
188prxHost
178proxuri
352pxline
355prline
SN
219prxHost
225prxHost
X-ID
409pxxline
189phosttRef
Ohc-File-Size
Lb
Pics-Label
X-CSRF-Token
GeoIp-Country-Code
X-Backend-TTL
Geoip-Latitude
X-ServedByHost
X-IPS-LoggedIn
DataCenter
X-B3-SpanId
Version
Geoip-City
X-UPSTREAM-Address
FSS-Proxy
FSS-Cache
X-HS-Combine-CSS
X-PF-Uncompressing
X-SERVER-NAME
X-FORWARDED-FOR
X-GZIP
X-Dynatrace
X-VCL-Version
X-Request-Start
Esi-Enabled
X-Render-Time
X-BE
URI
X-SRV
X-Be
X-Fpc
X-CS
X-LiteSpeed-Cache-Control
WP-Super-Cache
X-PJAX-URL
Ohc-Cache-HIT
X-AssetVersion
CDN
X-Unique-Id
X-Cdn-Cache
X-Contensis-Viewer-Groups
GeoIP-Country-Code
X-ZONE
X-Gen-Id
X-Via-Ucdn
GeoIP-City
X-Akamai-Request-ID2
GeoIP-Latitude
X-UCC
X-GDPR
Amp-Access-Control-Allow-Source-Origin
X-HostName
Dynatrace
X-NWS-UUID-VERIFY
Accept-Language
X-Vtex-Processado-Em
X-Varnish-Action
Who
X-Fastly-Cache-Hits
Cneonction
X-Html-Edge-Cache
X-Pf-Uncompressing
RequestUuid
X-Vtex-Remote-Cache
X-Cache-Ttl
Serverid
A
X-Urbn-Context-Path
Server-Id
X-Via-NSCOPI
X-Reqid
X-Hello
X-Flog
Locale
X-Request-Url
Accept-Ch
X-LiteSpeed-Tag
X-RequestId
X-Store
X-Urbn-Site-Id
X-ABtesting
X-Cache-URL
X-Akamai-SSL-Client-Sid
X-NGENIX-Cache
Get-Access-Time
X-Port
Is-Session-Tracking
Ohc-Response-Time
X-Dw-Trace-Id
Frontcache
X-HTML-Edge-Cache
X-ServerName
NnCoection
X-Cdn-Request-ID
X-Serial
X-EC-Lua