Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
X-Powered-By
Link
ETag
CF-RAY
X-XSS-Protection
Expect-CT
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
CF-Cache-Status
X-Timer
Access-Control-Allow-Headers
X-Request-Id
Access-Control-Allow-Methods
X-AspNet-Version
X-Xss-Protection
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
Alt-Svc
X-Check
X-Cacheable
X-Request-ID
Content-Security-Policy-Report-Only
X-Generator
X-Cache-Status
CF-Ray
X-Permitted-Cross-Domain-Policies
X-AspNetMvc-Version
X-DNS-Prefetch-Control
X-Template
X-Language
Status
X-Iinfo
Content-Encoding
Timing-Allow-Origin
X-Buckets
X-FRAME-OPTIONS
X-Content-Security-Policy
X-CDN
Upgrade
Xkey
X-Turbo-Charged-By
X-Kinja-Server-Push
Keep-Alive
Access-Control-Expose-Headers
X-Backend
X-Cache-Group
X-Pass-Why
X-AH-Environment
P3p
Access-Control-Max-Age
X-Drupal-Dynamic-Cache
X-Age
X-Ua-Compatible
X-Pingback
X-Server
X-Via
X-Proxy-Cache
Grace
X-Amz-Id-2
X-Amz-Request-Id
X-Hacker
WPE-Backend
X-Robots-Tag
X-Nginx-Cache-Status
X-Server-Powered-By
X-Varnish-Cache
X-Page-Speed
X-UA-Device
EagleId
Request-Context
X-Envoy-Upstream-Service-Time
Cf-Railgun
X-Amz-Version-Id
X-LiteSpeed-Cache
X-WebKit-CSP
X-Swift-CacheTime
X-Swift-SaveTime
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-OneAgent-JS-Injection
X-Device
Ali-Swift-Global-Savetime
Allow
Server-Timing
X-Ac
X-CST
X-Rq
X-Node
X-Host
Feature-Policy
Content-Location
X-Type
X-Cnection
X-Response-Time
X-Server-Id
Report-To
X-Backend-Server
X-Application-Context
X-Cloud-Trace-Context
Surrogate-Control
EagleEye-TraceId
X-Iejgwucgyu
X-ORACLE-DMS-ECID
X-Url
X-Origin-Cache
X-Readtime
Request-Id
X-Rack-Cache
X-Country
X-FTR-Request-ID
X-Clacks-Overhead
X-Country-Code
X-Cache-Lookup
Rating
NEL
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Instart-Request-ID
X-Ruxit-JS-Agent
X-Vhost
Pinterest-Generated-By
X-Dns-Prefetch-Control
X-Mod-Pagespeed
X-DynaTrace
X-Upstream-Env
X-Origin-Upstream-Status
X-DataDome
X-Px
Edge-Control
X-Goog-Hash
Verso
X-Server-Name
X-ESI
Accept-CH
X-ORACLE-DMS-RID
X-Dispatcher
X-HW
MS-Author-Via
X-VARITI-CCR
X-GitHub-Request-Id
X-DataStream-Cache-Status
PB-PID
Arc-Version
AR-CACHE
AR-ATIME
PB-RID
X-Mobile-Rewrite
AR-PoweredBy
X-MS-InvokeApp
X-Cdn-Fetch
X-Kinja-Server
X-Use-Magma
X-GoogleNews-Bot
X-Kinja-Revision
X-Exp-Variant
X-Kinja-Build
X-Exp-Id
X-Kinja
Charset
X-Cached
X-Version
Content-MD5
X-Powered-By-Plesk
X-Recruiting
Public-Key-Pins
X-Server-ID
Service-Worker-Allowed
Accept-CH-Lifetime
AR-Request-ID
X-D2id
X-Navigation-Version
RTSS
Ar-Sid
X-Abt-Application-Version
X-PC
X-TtlSet
X-Vname
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Ser
X-TTL
X-Trace
X-Forwarded-Proto
X-Varnish-TTL
X-Vcap-Request-Id
X-Amz-Server-Side-Encryption
X-Client-IP
SPRequestGuid
X-DynaTrace-JS-Agent
Nginx-Cache
X-FTR-Backend-Server
X-FTR-Realm
X-Country-Code-Real
X-FTR-DC
X-FTR-Cache-Status
X-FTR-Balancer
X-FTR-Backend
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Generation
X-VCache
X-FTR-Expires
X-Amz-Rid
X-SharePointHealthScore
X-Fastly-Request-ID
S
X-XRDS-Location
X-Amz-Meta-S3cmd-Attrs
X-Debug
Arr-Disable-Session-Affinity
X-Shield-Request-Id
TCN
X-TEC-API-ORIGIN
X-Hits
X-Dw-Request-Base-Id
X-TEC-API-ROOT
X-TEC-API-VERSION
DynaTrace
X-Ttl
X-Upstream-Proxy
X-Pinterest-Rid
SPRequestDuration
SPIisLatency
Pinterest-Version
X-Akam-SW-Version
X-T
Access-Control-Request-Method
X-B3-TraceId
X-FTR-Cache-Host
X-Goog-Storage-Class
X-Oracle-Dms-Rid
Front-End-Https
X-Id
X-Powered-CMS
X-NF-Request-ID
X-SERVER
X-Acc-Meta-Resource-Type
Tracecode
X-Amzn-Trace-Id
Realpath
X-MSEdge-Ref
Fastcgi-Cache
X-Aspnet-Version
X-N
Paypal-Debug-Id
X-Varnish-Age
X-Forwarded-For
X-Content-Type
X-Upstream
Alternate-Protocol
X-Mrf-Section-Lastmod
Mrf-Cache-Status
MRF-Tech
X-B3-TraceId-Primal
X-Mrf-Item-Lastmod
X-RateLimit-Remaining
Display
X-Sol
X-Middleton-Display
X-Logged-In
X-Frontend
Response
X-PressLabs-Stats
X-Middleton-Response
X-HS-Hub-Id
X-HS-Content-Id
Fusion-Content-Source
X-Content-Digest
Fusion-Template-Id
Fusion-Source
Fusion-Component-Id
Fusion-Content-Id
AMP-Access-Control-Allow-Source-Origin
X-Hostname
X-Litespeed-Cache
X-Fastcgi-Cache
X-Srv
X-Accel-Buffering
X-Pad
X-Accel-Expires
X-Kinsta-Cache
Server-Name
MicrosoftSharePointTeamServices
Host
X-Cache-Key
X-Content-Options
X-User-Agent
X-Analytics
Backend-Timing
X-Correlation-Id
X-B3-Traceid
Refresh
X-Revision
X-LB-Cache
X-Debug-Info
X-Az
X-Amz-Apigw-Id
X-Activity-Id
X-Amzn-RequestId
X-AppVersion
X-Rid
Accept-Charset
FilterID
X-IPLB-Instance
X-B
X-DIS-Request-ID
X-DataStream-MidMile-RTT
X-B3-Sampled
X-Cache-2
X-Cache-Hit
X-DataStream-Origin-MEX-Latency
Powered-By-ChinaCache
X-CF-Powered-By
Surrogate-Key
X-Grace
ServerID
X-FastCGI-Cache
X-Page-Id
X-Whom
Server-Info
X-PHP-Backend
TP-L2-Cache
TP-Cache
MS-CV
X-Request-Received
X-Request-Processing-Time
Host-Header
X-Content-Security-Policy-Report-Only
X-Origin-Server
X-Akamai-Edgescape
VIX-Pulpo-Node
X-Cached-By
X-Varnish-Backend
X-Amz-Replication-Status
VIX-Pulpo-Upstream-Status
Source
X-TT
Cache-Status
X-UA-Device-Type
X-Framework
X-Kong-Upstream-Latency
X-Cluster
X-Cache-Action
X-App-Environment
X-Kong-Proxy-Latency
X-Platform-Server
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Tumblr-User
X-Mobile
X-Webkit-CSP
X-Content-Powered-By
Access-Control-Allow-Method
X-Request-Guid
X-FW-Type
X-Shard
X-FW-Static
X-Ezoic-Cdn
X-FW-Server
X-Drupal-Cache-Tags
X-FW-Hash
X-FW-Serve
X-Varnish-Grace
X-F-Cache
X-Instance
X-Ruxit-Js-Agent
X-Geo-Country
X-Zen-Fury
X-SS-Set-Cookie
X-RateLimit-Limit
X-FB-Debug
X-Handled-By
X-GUploader-UploadID
X-Magnolia-Registration
X-Cache-TTL
X-Forwarded-Host
Edge-Cache-Tag
X-ATG-Version
From-Origin
X-Node-Name
X-Cache-Age
X-App-Server
X-Varnish-Hostname
DC
X-Varnish-Server
Cleartype
Cache-Tags
PageSpeed
X-AOL-HN
X-BCube-Filmed-By
CACHE
X-Cache-Control
Payment
Healthy
Upgrade-Insecure-Requests
X-Region
X-WebKit-CSP-Report-Only
X-Response-Served-From
X-Generated-By
X-RequestSource
Filters
X-TX-ID
X-GeoIP
X-Adobe-Content
X-Adobe-Loc
X-RTag
X-Storage
X-TT-TIMESTAMP
Country
Cache-Tv-Group
Ms-Operation-Id
X-VG-WebCache
Webserver
NGB
X-Redis-Cache
X-UUID
Retry-After
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-Drupal-Cache-Contexts
X-FW-Dynamic
X-Jobs
X-Wix-Server-Artifact-Id
X-Signature
X-B-Cache
Server-Node
Actual-Object-TTL
X-Content-Age
Fastly-Restarts
X-Cacheable-TTL
X-Locale
X-Cache-Rule
GEO-INFO
X-Varnish-Hits
ServedBy
X-Seen-By
X-XRDS-LOCATION
Liferay-Portal
X-Contextid
Powered
X-Via-JSL
Frame-Options
X-TA-CDN-Provider
X-Rendered-As
HitType
X-Cache-TTL-Remaining
X-Varnish-IP
X-Oneagent-Js-Injection
X-Guploader-Uploadid
X-BACKEND-TTL
X-Real-IP
X-Yottaa-Optimizations
X-Yottaa-Metrics
Viewport
S-Cnection
X-WA-Info
X-Cache-Server
Content-Script-Type
Content-Style-Type
X-ProcessESI
X-Upgrade-Enabled
Eomportal-Instance
X-RemovedCookies
X-Time
Xserver
X-Mode
NtCoent-Length
X-Cache-NE
Datacenter
X-GRACE
X-Esi
X-Cache-Config
X-Akamai-Transformed
X-Hl-Ver
X-Zipkin-Id
X-Is-Bot
X-Path-Route
X-From
X-RN-RSRV
X-Proto
X-Routing-Service
X-Detected-As
Meta-Geo
Machine
Load-Balancing
Cache-Key
Mn-Server-Ip
X-Cache-Var
X-Device-Type
Cache-Hits
X-Cache-Var-Map
X-Varnish-Cache-Hits
X-ES-SERVER
X-Proxied
X-NewRelic-App-Data
X-S
ViewerVersion
X-Wix-Request-Id
Access-Control-Request-Headers
L5d-Success-Class
TWC-Locale-Group
TWC-Privacy
We-Hiring
Vix-Hermes-Req-Id
Mail-Subject
TWC-GeoIP-LatLong
TWC-Connection-Speed
Property-Id
TWC-Device-Class
Webcakes-App-Name
TWC-GeoIP-Country
OT-Force-Account-Verify
X-Access
X-LJ-Flow-ID
X-L-Path
X-Origin-Hint
X-Section
X-Viewer-Country
X-VG-TLSProxy
X-Hosted-By
X-FC-Vary-Parameters
X-Endurance-Cache-Level
Webcakes-Region
X-AWS-Id
X-Cache-Enabled
X-Environment-Context
Webcakes-App-Version
X-VWS-Id
Azure-RegionName
Azure-SiteName
Azure-SlotName
Azure-InstanceId
X-Time-Microsecs
X-EIG-Tracking-Id
X-Status
Azure-Version
Origin-Edge-Control
Origin-Cache-Control
X-TNCMS
X-Backend-Name
X-Loop
DB-Nickname
X-FW-Version
X-Format
S-Rt
X-Origin-Response-Time
X-Akamai-Request-ID
X-Birta-Cache-Post
X-Proxy
X-Birta-Served
X-Tb
X-Debug-Cache
X-Via-CDN
X-ServerID
X-Web-Node
X-Labrador-Cache-Channel
Now
X-Timing-Wait
X-Proxy-Build
X-Trace-Id
Cache-Tag
Selected-FE
X-Tumblr-Pixel-3
X-ProxyCache-Status
X-CCM
X-ProxyCache-Key
Decoy-Debug-Key
X-IP
X-Xfnlog-Site
X-Human
X-OCL
NGX
X-JoinUs
X-FB-TRIP-ID
X-BYPASS-REASON
X-Via-Fastly
Decoy-Debug-TTL
Decoy-Debug-Status
X-PCL
X-Varnish-Cacheable
X-Generated
X-Cdn
X-Site-Version
X-MP-GENERATED-AT
X-Www-Served-By
X-Cache-Category-Id
X-NCache
X-Grey
X-Cache-Operation
X-Vgn-Hpd-Reason
Uber-Trace-Id
X-Rocket-Nginx-Bypass
Served-By
X-CDN-Cache
X-Internal-Host
Pagespeed
X-VC-Cache
X-R9-Blue-Green-Version
X-Sucuri-ID
X-NWS-LOG-UUID
X-Dynatrace-Js-Agent
X-Rule
X-EdgeConnect-Cache-Status
X-RCS-CacheZone
LB
X-Origin-Host
X-Cache-Remote
AsisCache
X-Newrelic-App-Data
X-UnsetCookies
Release
X-Cluster-Node
X-UA
Rt-Fastcgi-Cache
User-Agent
X-App-Name
X-PERF
X-ApacheServer
Nel
X-Ua
X-B3-Spanid
Hostname
X-Source
X-Agile-Age
X-App-Version
X-Nginx-Cache
X-Agile
X-Agile-Id
X-Varnish-Ttl
X-TIME
X-Datadome
X-CACHE-KEY
X-Request-Time
Cache-Name
X-Edge-Location
X-APP-VERSION
X-Ocache
X-Sucuri-Cache
X-Pubstack
X-OVcl-Cache
X-Origin
X-Goog-Meta-Goog-Reserved-File-Mtime
X-OVcl
X-Hit
X-Origin-TTL
Warning
X-VCT
X-Cdn-Forward
X-ElasticPress-Search
X-Origin-CC
X-Edge-IP
X-Protected-By
Ec-Rule-Version
X-Varnish-Authentication
Thinkindot-CacheControl-Type
Cross-Origin-Window-Policy
X-Hp-Webp
X-Debug-Cache-Expiry
Node
N-Cache
X-Instart-Isnd
Thinkindot-CacheControl
Meta-Geo-Continent
X-IN-APIGATEWAY
X-IN-WAF
Fly-Request-Id
MD5-Digest
On-Server
Thinkindot-Control
X-VG-WebServer
X-External-Request-Id
Fly-Cache
X-DPWN-IS-SECURE
X-Var-Ttl
X-Destination
X-G
Request-Time
Request-EU
Server-Surrogate-Control
X-Debug-Cookies
Server-Cache-Control
X-Debug-Log
Xc-Version
X-Gannett-Site-Version
X-Debug-Cache-Store
Ajk
X-Generated-In
Cache-Prefix
Origin
X-Thinkindot-L3
BehaviorPad-Version
X-Developers
Request-Country
Rendered-Blocks
X-Developer
Arc-Country
X-Debug-Cache-Fetch
X-A-Wwc
X-CF-Lambda-Version
X-Region-Sid
X-BB-ID
X-CF-Lambda-Fn
X-Trv-Group
X-Transaction
X-Platform
X-SRCache-Key
X-Mobile-URL
X-Processor
X-Application
X-ARC
X-Server-Group
X-Request-UUID
X-S-Cookie
X-Cache-Expires
X-NX-Host
X-Rojux
X-Cache-Grace
X-NU-AKA-ACS-Version
X-NodeID
X-Cache-ASPX
X-Rewrite-Enabled
X-Secret
X-ScT
X-Connection-Hash
X-B-Cookie
X-A
X-A-Ccd
X-A-Dam
X-A-Dgt
Www
X-Up
X-PAYTM-SRV-ID
UCS
X-Date
X-D
X-Accel-Expires-Debug
X-A-Dcw
X-Logtrace-Id
X-Matched-Rule
X-Aed
X-Core-Value
X-Twitter-Response-Tags
X-Cache-Backend
X-Cache-Host
Kp-EeAlive
IsBot
Web-Mar-Node
RNT-Time
X-Cache-Debug
X-Distributor
User-Cache-Control
RNT-Machine
Magicmarker
X-Cache-Info
True-Client-Country-4JS
Memcached
X-Amzn-Remapped-Date
Lfy
X-Dispatcher-Server
Proxy-Connection
Pramga
X-TT-LOGID
X-Cms-Context
X-Epic-Correlation-Id
X-CGP
Server-Int
SRV
X-Block-Status
X-Crawler
X-Cache-Miss-From
Server-Host
Pagetype
X-Amzn-Remapped-Connection
X-C
X-Device-Os
X-Distil-CS
X-Key
X-Location
X-LI-UUID
X-LI-Proto
X-RateLimit-Limit-Second
X-Cache-Id
X-Qloud-Router
X-Sf
X-Rebelmouse-Cache-Control
X-RateLimit-Remaining-Second
X-Swa-Ws
X-Hnp-Log
X-Hash
X-Info
X-LAGOON
X-Li-Pop
X-Li-Fabric
X-ServiceProvider
X-Proxy-Upstream
X-Node-Id
X-Sedo-Request-Id
X-No-Session
X-SN
X-Origin-Date
X-Page-Type
X-Origin-Expires
X-Request-URI
X-Nginx-Cache-Key
X-Rebelmouse-Surrogate-Control
X-Proxy-Cache-Status
X-Servername
X-Reboot
X-Policy
X-PHP-Host
X-Refresh
X-SIPLIST1
X-Irp-Debug
X-F5-Cache
Content-Disposition
Country-Code
X-Via-SSL
CDCHOST
Cache-Cookie-Set-Lfrom
Apple-News-Services-Request-Url
Backend
Cache-Cookie-Set-From
Fastly-Backend-Name
Fastly-SIE
Ha-Gx-Prefs
HA-Ipaddr
Heartbleed
X-Varnish-Url
X-Eu-Site
Fastly-Soc-X-Request-Id
Fastly-SWR
X-Via-Edge
Apple-News-Services-Parsed-Url
Cache-Cookie-Set-Idcheck
Apple-News-Services-Host
X-Gen-Mode
X-Geo-Header
AKAMAI
X-Webstats-RespID
Apple-News-Services-Handled
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-FireWall-Port
X-Generated-On
X-GeoIP-Country-Code
X-Gateway-Cache-Status
X-S-Maxage
X-Server-IP
X-MSEdge-Flight
X-TrackingId
X-Gateway-Skip-Cache
X-Planisys-CDN-Rules
X-Fetched-On
X-Thanos
X-Core-Mission
X-GeoIP-City
X-ShardId
X-Fastly-Cache
X-ShopId
X-Planisys-CDN-Cache
X-Level-Front-Cache
X-Planisys-CDN-TTL
X-Gateway-Cache-Key
X-MSEdge-Features
X-Wikidot-Static-Cache
X-Variation
X-Sorting-Hat-ShopId
Platform
X-Shopify-Stage
X-Sorting-Hat-PodId
X-Wikidot-Backend
X-Ah-Environment
Is-Eu
X-Skip-Cache
Adler-Geo
X-Cache-FS-Status
Fastly-SSL
HTTPS
X-User
SD-X-WS
X-Backend-State
X-Amzn-Remapped-Content-Length
X-Backend-Url
X-BBXSRF
X-Cache-Bucket
X-Bip
X-Amz-Meta-Cache-Control
X-Backend-Host
X-Real-Ip
X-WPE-Loopback-Upstream-Addr
X-Alternate-Cache-Key
X-Cdn-Srv
X-Owner
DSUID
X-Auto-Login
X-Server-Time
X-Micro-Cache
Section-Io-Cache
X-GZip
X-Nc
Powered-By
Cteonnt-Length
Server-ID
ServerName
X-RateLimit-Reset
FNAC-ModuleRouting
X-CUA
Fastcgi-Useragent
X-Varnish-Beresp-Ttl
X-Org
X-Dc
Pragrma
X-Load-Cache
X-Returned-From-BeforeDispatch
Gh-Request-Id
X-Returned-From-DLL
X-Returned-From
X-Passed-To-BeforeDispatch
X-Pjax-Url
X-Parent-Response-Time
X-Original-Request
X-Stale
REQUESTUUID
X-Returned-From-PostProcessResponse
Viewtype
X-Passed-To-DLL
VivaBuild
X-Aicache-OS
X-Actual-URL
X-Server-By
X-Passed-To
X-Svr
X-Passed-To-PostProcessResponse
Cache
V-Age
X-Apm-Inst-Hash
X-Sn-Servicetimems
X-Cdn-Origin
Host-ID
X-Apm-App-Name
X-Apm-Svc-Key
X-CDN-Forward
X-HS-Cache-Config
X-VServer
X-Croise-Owner
MIME-Version
X-Unique-ID
X-Edge-Server
X-Exp-Se
X-ND-Cache
X-Geo
Cdn-Host
Cdn-Request-Time
Rt-Proxy-Cache
X-CSRF-TOKEN
X-FPC
X-NC
X-Microcachable
X-Served-From
X-Ua-Device
Mime-Version
X-Servedbyhost
SID
X-Oss-Storage-Class
X-Wa
X-B3-Parentspanid
X-Gdpr
X-Oss-Hash-Crc64ecma
ProcessTime
X-Oss-Server-Time
X-Oss-Request-Id
X-Oss-Object-Type
PICS-Label
HostName
Time
X-V
Memory
X-Req
Wxu-Next-Commit
Resin-Trace
X-Newrelic-Synthetics
Wxu-Next-Region
Cf-Ipcountry
X-From-Cache
X-Tb-Optimization-Total-Bytes-Saved
Wxu-Next-Hostname
X-DC
X-Git-Hash
Odigeo-Trace-Id
X-Cache-HT
X-Optimization
AR-SID
CF-IPCountry
Cdn
X-HTML-Minification-Powered-By
X-Varnish-Beresp-TTL
X-Release
X-Lb-Id
X-Fstrz
X-TH-Server
Public-Key-Pins-Report-Only
X-WebServer
X-Response-By
X-Atg-Version
X-Host-Name
XServer
X-LB-ID
GMS-Ver
Proxy-Firewall
X-Phone
X-Fastly-Backend-Reqs
X-GEO
X-ID
X-Instart-Info
X-Vcl-Version
Processtime
CF-Cached-On
X-APP
Fastcgi-X-Cache-Version
X-WR-MODIFICATION
X-Ratelimit-Remaining
X-Daa-Tunnel
WZWS-RAY
X-Upstream-HT
Backend-Name
X-Upstream-CT
X-Ratelimit-Limit
X-CLOUD-TRACE-CONTEXT
X-CACHE-AGE
X-Nananana
X-Amz-Meta-Surrogate-Control
X-Worker
X-Check-Cacheable
X-Zone
X-NGINX-Cache
Xxline
286prxHost
188prxHost
178proxuri
X-Vcache
189phosttRef
219prxHost
355prline
352pxline
225prxHost
409pxxline
X-Server-W
X-Clientip
GW-Server
X-UE-Client-Country
Pics-Label
X-We-Are-Hiring
Countrycode
Mobile-Detection-Method
X-B3-SpanId
X-IPS-LoggedIn
X-Ratelimit-Reset
X-WA
X-URL
X-Hyper-Cache
X-Fastly-Country-Code
Version
SS
X-HS-Status
Ohc-File-Size
Lb
X-Backend-TTL
X-CSRF-Token
SN
X-ServedByHost
DataCenter
X-SERVER-NAME
FSS-Proxy
FSS-Cache
X-PF-Uncompressing
X-HS-Combine-CSS
Esi-Enabled
GeoIp-Country-Code
Geoip-Latitude
X-SRV
X-GZIP
X-Dynatrace
X-Contensis-Viewer-Groups
X-AssetVersion
X-Request-Start
X-Fpc
X-VCL-Version
X-Render-Time
Geoip-City
GeoIP-Latitude
X-GDPR
X-BE
URI
GeoIP-Country-Code
X-UPSTREAM-Address
GeoIP-City
Serverid
X-Akamai-Request-ID2
WP-Super-Cache
X-CS
X-Be
Accept-Language
Ohc-Cache-HIT
X-LiteSpeed-Cache-Control
X-Via-Ucdn
X-Unique-Id
X-NWS-UUID-VERIFY
X-Vtex-Processado-Em
X-RequestId
X-Vtex-Remote-Cache
X-PJAX-URL
X-Gen-Id
CDN
X-UCC
X-ZONE
X-FORWARDED-FOR
X-HostName
Amp-Access-Control-Allow-Source-Origin
Dynatrace
Locale
X-ABtesting
RequestUuid
X-Html-Edge-Cache
Who
X-Fastly-Cache-Hits
X-Via-NSCOPI
X-Flog
X-Hello
Cneonction
X-Urbn-Context-Path
X-Pf-Uncompressing
X-Urbn-Site-Id
X-Reqid
X-Varnish-Action
X-Cdn-Cache
X-Cache-Ttl
Accept-Ch
X-LiteSpeed-Tag
X-Store
X-Cache-URL
Server-Id
A
X-Request-Url
X-Akamai-SSL-Client-Sid
X-NGENIX-Cache
Ohc-Response-Time
X-Cdn-Request-ID
X-Serial
X-HTML-Edge-Cache
Is-Session-Tracking
Get-Access-Time
NnCoection
X-ServerName
X-Port
Frontcache
X-Dw-Trace-Id
X-EC-Lua