Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
X-Powered-By
Link
ETag
CF-RAY
X-XSS-Protection
Expect-CT
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
CF-Cache-Status
X-Timer
Access-Control-Allow-Headers
X-Request-Id
Access-Control-Allow-Methods
X-AspNet-Version
X-Xss-Protection
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-FRAME-OPTIONS
X-Drupal-Cache
X-Adblock-Key
Alt-Svc
X-Check
X-Cacheable
X-Request-ID
Content-Security-Policy-Report-Only
X-Generator
X-Cache-Status
CF-Ray
X-Permitted-Cross-Domain-Policies
X-AspNetMvc-Version
X-DNS-Prefetch-Control
X-Template
X-Language
Status
X-Iinfo
Content-Encoding
Timing-Allow-Origin
X-Buckets
X-Content-Security-Policy
X-CDN
Upgrade
Xkey
X-Turbo-Charged-By
X-Kinja-Server-Push
Keep-Alive
Access-Control-Expose-Headers
X-Backend
X-Cache-Group
X-Pass-Why
X-AH-Environment
P3p
Access-Control-Max-Age
X-Drupal-Dynamic-Cache
X-Age
X-Ua-Compatible
X-Pingback
X-Server
X-Via
X-Proxy-Cache
Grace
X-Amz-Id-2
X-Amz-Request-Id
X-Hacker
WPE-Backend
X-Robots-Tag
X-Varnish-Cache
X-Server-Powered-By
X-Nginx-Cache-Status
X-Page-Speed
X-UA-Device
EagleId
Request-Context
X-Envoy-Upstream-Service-Time
Cf-Railgun
X-Amz-Version-Id
X-LiteSpeed-Cache
X-Swift-CacheTime
X-Swift-SaveTime
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-WebKit-CSP
X-OneAgent-JS-Injection
X-Device
Ali-Swift-Global-Savetime
Allow
Server-Timing
X-Ac
X-CST
X-Rq
X-Node
X-Host
Feature-Policy
Content-Location
X-Type
X-Cnection
X-Response-Time
X-Server-Id
Report-To
X-Backend-Server
X-Cloud-Trace-Context
X-Application-Context
Surrogate-Control
EagleEye-TraceId
X-Iejgwucgyu
X-ORACLE-DMS-ECID
X-Url
X-Origin-Cache
X-Readtime
Request-Id
X-Rack-Cache
X-Country
X-FTR-Request-ID
X-Clacks-Overhead
X-Cache-Lookup
X-Country-Code
NEL
Rating
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Instart-Request-ID
X-Ruxit-JS-Agent
X-Vhost
Pinterest-Generated-By
X-Dns-Prefetch-Control
X-Mod-Pagespeed
X-DynaTrace
X-Upstream-Env
X-Origin-Upstream-Status
X-DataDome
X-Px
Edge-Control
X-Goog-Hash
Verso
X-Server-Name
X-ESI
Accept-CH
X-Dispatcher
X-HW
MS-Author-Via
X-VARITI-CCR
X-GitHub-Request-Id
X-DataStream-Cache-Status
AR-PoweredBy
AR-ATIME
X-Mobile-Rewrite
PB-RID
AR-CACHE
Arc-Version
PB-PID
X-MS-InvokeApp
X-Exp-Variant
X-Kinja
X-Use-Magma
X-Kinja-Build
X-Kinja-Revision
X-GoogleNews-Bot
X-Exp-Id
X-Kinja-Server
X-ORACLE-DMS-RID
X-Cdn-Fetch
Charset
X-Version
X-Cached
Content-MD5
X-Powered-By-Plesk
X-Recruiting
Public-Key-Pins
X-Server-ID
Service-Worker-Allowed
Accept-CH-Lifetime
AR-Request-ID
X-D2id
X-Navigation-Version
X-Abt-Application-Version
RTSS
Ar-Sid
X-Vname
X-TtlSet
X-PC
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Ser
X-TTL
X-Trace
X-Forwarded-Proto
X-Varnish-TTL
X-Vcap-Request-Id
X-Amz-Server-Side-Encryption
X-Client-IP
SPRequestGuid
Nginx-Cache
X-DynaTrace-JS-Agent
X-FTR-Realm
X-FTR-DC
X-FTR-Backend
X-FTR-Cache-Status
X-FTR-Balancer
X-FTR-Backend-Server
X-Country-Code-Real
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-VCache
X-FTR-Expires
X-Amz-Rid
X-SharePointHealthScore
X-Fastly-Request-ID
S
X-Amz-Meta-S3cmd-Attrs
X-Debug
Arr-Disable-Session-Affinity
X-Oracle-Dms-Rid
TCN
X-Shield-Request-Id
X-Hits
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-Dw-Request-Base-Id
X-TEC-API-ROOT
X-XRDS-Location
DynaTrace
X-Upstream-Proxy
X-Ttl
SPRequestDuration
X-Pinterest-Rid
Pinterest-Version
SPIisLatency
X-Akam-SW-Version
Access-Control-Request-Method
X-T
X-B3-TraceId
X-Goog-Storage-Class
X-FTR-Cache-Host
X-Id
X-Powered-CMS
Front-End-Https
X-NF-Request-ID
X-SERVER
X-Acc-Meta-Resource-Type
Tracecode
X-Amzn-Trace-Id
X-MSEdge-Ref
Realpath
Fastcgi-Cache
X-Litespeed-Cache
X-Aspnet-Version
Paypal-Debug-Id
X-Varnish-Age
X-N
X-Forwarded-For
X-Content-Type
X-Upstream
Alternate-Protocol
Mrf-Cache-Status
X-Mrf-Item-Lastmod
MRF-Tech
X-B3-TraceId-Primal
X-Mrf-Section-Lastmod
X-Sol
Display
X-Middleton-Display
X-Frontend
X-Logged-In
X-RateLimit-Remaining
Response
X-Middleton-Response
X-PressLabs-Stats
X-HS-Hub-Id
X-HS-Content-Id
Fusion-Content-Source
Fusion-Component-Id
Fusion-Content-Id
Fusion-Source
X-Content-Digest
Fusion-Template-Id
AMP-Access-Control-Allow-Source-Origin
X-Hostname
X-Fastcgi-Cache
X-Srv
X-Accel-Buffering
X-Pad
X-Cache-Key
X-Accel-Expires
X-Kinsta-Cache
Server-Name
MicrosoftSharePointTeamServices
Host
X-Content-Options
X-User-Agent
X-Analytics
Backend-Timing
X-Correlation-Id
X-Debug-Info
X-Revision
X-LB-Cache
X-B3-Traceid
Refresh
X-AppVersion
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Rid
X-Az
X-Activity-Id
FilterID
Accept-Charset
X-IPLB-Instance
X-B
X-DIS-Request-ID
X-Cache-2
X-DataStream-Origin-MEX-Latency
X-Cache-Hit
X-DataStream-MidMile-RTT
X-CF-Powered-By
X-B3-Sampled
Powered-By-ChinaCache
Surrogate-Key
X-Grace
ServerID
X-FastCGI-Cache
X-Page-Id
X-Whom
Server-Info
X-PHP-Backend
TP-Cache
TP-L2-Cache
X-Request-Received
X-Request-Processing-Time
Host-Header
MS-CV
X-Content-Security-Policy-Report-Only
X-Amz-Replication-Status
X-Cached-By
VIX-Pulpo-Upstream-Status
Source
X-TT
VIX-Pulpo-Node
X-Varnish-Backend
X-Akamai-Edgescape
X-UA-Device-Type
X-Cluster
X-Cache-Action
X-Framework
X-App-Environment
X-Origin-Server
Cache-Status
Access-Control-Allow-Method
X-Mobile
X-Kong-Upstream-Latency
X-Webkit-CSP
X-Content-Powered-By
X-Tumblr-Pixel-0
X-Tumblr-User
X-Kong-Proxy-Latency
X-Tumblr-Pixel
X-Platform-Server
X-FW-Type
X-Drupal-Cache-Tags
X-Ezoic-Cdn
X-Shard
X-Varnish-Grace
X-FW-Static
X-F-Cache
X-FW-Serve
X-FW-Hash
X-Request-Guid
X-FW-Server
X-Instance
X-Ruxit-Js-Agent
X-SS-Set-Cookie
X-Zen-Fury
X-Geo-Country
X-FB-Debug
X-Handled-By
X-GUploader-UploadID
X-RateLimit-Limit
X-Magnolia-Registration
X-Cache-TTL
X-Forwarded-Host
Edge-Cache-Tag
X-ATG-Version
From-Origin
X-Node-Name
PageSpeed
X-Cache-Age
CACHE
X-App-Server
X-Varnish-Hostname
X-Varnish-Server
DC
Cleartype
Cache-Tags
X-BCube-Filmed-By
X-AOL-HN
X-XRDS-LOCATION
X-Cache-Control
Payment
Healthy
Upgrade-Insecure-Requests
X-Region
Filters
X-RequestSource
X-Response-Served-From
X-WebKit-CSP-Report-Only
X-Generated-By
X-Adobe-Content
X-TX-ID
X-Adobe-Loc
X-GeoIP
X-Redis-Cache
Server-Node
X-RTag
X-TT-TIMESTAMP
X-VG-WebCache
Country
X-Storage
Cache-Tv-Group
NGB
Ms-Operation-Id
Webserver
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-Drupal-Cache-Contexts
X-B-Cache
X-Signature
X-Jobs
Actual-Object-TTL
X-FW-Dynamic
X-Wix-Server-Artifact-Id
Retry-After
X-UUID
Fastly-Restarts
X-Cacheable-TTL
X-Locale
X-Content-Age
GEO-INFO
X-Cache-Rule
X-Varnish-Hits
ServedBy
X-Seen-By
Liferay-Portal
X-Contextid
Powered
X-Via-JSL
Frame-Options
HitType
X-Rendered-As
X-TA-CDN-Provider
X-Cache-TTL-Remaining
X-Oneagent-Js-Injection
X-Varnish-IP
X-Guploader-Uploadid
X-BACKEND-TTL
X-Real-IP
X-Yottaa-Optimizations
X-Yottaa-Metrics
Viewport
S-Cnection
X-WA-Info
X-Cache-Server
X-RemovedCookies
Content-Script-Type
Content-Style-Type
X-Upgrade-Enabled
Eomportal-Instance
X-ProcessESI
X-GRACE
X-Cache-NE
NtCoent-Length
Datacenter
Xserver
X-Dynatrace-Js-Agent
X-Esi
X-Cache-Config
X-Akamai-Transformed
X-Is-Bot
ViewerVersion
Cache-Hits
Cache-Key
X-RN-RSRV
X-Proto
X-Path-Route
X-From
X-Cache-Var
Meta-Geo
X-Varnish-Cache-Hits
Mn-Server-Ip
Machine
X-Cache-Var-Map
X-ES-SERVER
X-Device-Type
X-Mode
Load-Balancing
X-Hl-Ver
X-Detected-As
X-Wix-Request-Id
X-Time
X-S
X-Origin-Hint
TWC-Connection-Speed
L5d-Success-Class
X-Section
X-Environment-Context
Webcakes-App-Name
Mail-Subject
X-Endurance-Cache-Level
We-Hiring
Access-Control-Request-Headers
X-Hosted-By
TWC-Locale-Group
TWC-GeoIP-LatLong
TWC-Privacy
Vix-Hermes-Req-Id
X-LJ-Flow-ID
X-L-Path
TWC-GeoIP-Country
X-AWS-Id
Webcakes-App-Version
X-FC-Vary-Parameters
X-VWS-Id
X-Viewer-Country
X-VG-TLSProxy
Webcakes-Region
TWC-Device-Class
X-Cache-Enabled
X-Access
OT-Force-Account-Verify
Property-Id
Azure-InstanceId
Azure-RegionName
X-Birta-Served
X-NewRelic-App-Data
X-Time-Microsecs
X-Labrador-Cache-Channel
Azure-SiteName
Azure-SlotName
X-Backend-Name
DB-Nickname
X-Birta-Cache-Post
X-Akamai-Request-ID
Azure-Version
X-Loop
X-Tb
X-EIG-Tracking-Id
X-Debug-Cache
X-Web-Node
Origin-Cache-Control
X-Origin-Response-Time
X-FW-Version
X-Proxy
Origin-Edge-Control
X-TNCMS
X-Via-CDN
X-Status
X-Format
X-ServerID
Decoy-Debug-Status
X-CCM
Decoy-Debug-Key
Decoy-Debug-TTL
S-Rt
Now
Selected-FE
X-OCL
X-Via-Fastly
X-Varnish-Cacheable
X-Tumblr-Pixel-3
X-Trace-Id
X-Xfnlog-Site
X-Zipkin-Id
X-BYPASS-REASON
X-FB-TRIP-ID
NGX
X-Human
X-Timing-Wait
X-PCL
X-JoinUs
X-IP
X-Proxied
X-Proxy-Build
X-Routing-Service
Cache-Tag
X-ProxyCache-Status
X-ProxyCache-Key
X-Cache-Category-Id
X-Cache-Operation
X-Site-Version
X-NCache
X-Www-Served-By
X-Grey
X-Cdn
X-Generated
X-MP-GENERATED-AT
X-Rocket-Nginx-Bypass
Uber-Trace-Id
X-Vgn-Hpd-Reason
Served-By
X-CDN-Cache
X-VC-Cache
X-Internal-Host
X-NWS-LOG-UUID
X-R9-Blue-Green-Version
X-Sucuri-ID
X-RCS-CacheZone
X-Rule
X-EdgeConnect-Cache-Status
LB
X-UA
X-Origin-Host
X-Cache-Remote
AsisCache
X-Newrelic-App-Data
X-Cluster-Node
Release
X-UnsetCookies
Pagespeed
Rt-Fastcgi-Cache
User-Agent
X-TIME
X-App-Name
Nel
X-ApacheServer
X-PERF
X-B3-Spanid
X-Agile-Age
X-Nginx-Cache
X-Agile
X-APP-VERSION
X-Source
Hostname
X-Agile-Id
X-Varnish-Ttl
X-Datadome
X-Ua
Cache-Name
X-Request-Time
X-Edge-Location
X-App-Version
X-Ocache
X-Sucuri-Cache
X-Pubstack
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Hit
X-OVcl-Cache
X-Origin
X-OVcl
X-Origin-TTL
X-VCT
X-Cdn-Forward
X-Origin-CC
Warning
X-Edge-IP
X-Protected-By
X-ElasticPress-Search
X-Twitter-Response-Tags
Arc-Country
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-Developer
BehaviorPad-Version
Ajk
X-Debug-Cache-Fetch
X-Date
Cache-Prefix
Xc-Version
X-D
X-S-Cookie
X-Connection-Hash
X-Debug-Cookies
X-Debug-Cache-Store
X-Debug-Cache-Expiry
X-Destination
X-Rewrite-Enabled
X-Application
X-Aed
Server-Cache-Control
Request-Time
Request-EU
X-ARC
Rendered-Blocks
Request-Country
X-Accel-Expires-Debug
Server-Surrogate-Control
X-A-Dcw
UCS
X-A-Dam
Thinkindot-Control
Thinkindot-CacheControl-Type
X-A-Wwc
X-A-Dgt
Thinkindot-CacheControl
X-B-Cookie
X-BB-ID
X-Cache-Expires
X-A-Ccd
X-Cache-ASPX
Fly-Request-Id
Fly-Cache
Cross-Origin-Window-Policy
Ec-Rule-Version
X-Cache-Grace
MD5-Digest
Meta-Geo-Continent
X-Up
On-Server
X-Varnish-Authentication
Node
X-Var-Ttl
X-VG-WebServer
N-Cache
Www
X-Rojux
X-Debug-Log
X-SRCache-Key
X-Platform
X-ScT
X-IN-WAF
X-Request-UUID
X-A
X-G
X-CACHE-KEY
X-Processor
X-Logtrace-Id
X-Region-Sid
X-Instart-Isnd
X-Server-Group
X-Matched-Rule
X-Generated-In
X-PAYTM-SRV-ID
X-Gannett-Site-Version
X-Transaction
X-Mobile-URL
X-NX-Host
X-Trv-Group
X-IN-APIGATEWAY
X-DPWN-IS-SECURE
X-NU-AKA-ACS-Version
X-Secret
X-Thinkindot-L3
X-Hp-Webp
X-Developers
X-NodeID
X-External-Request-Id
X-Cache-Backend
Magicmarker
X-Hash
Pagetype
Kp-EeAlive
Lfy
X-Policy
X-Li-Fabric
Memcached
X-Block-Status
X-Request-URI
X-LAGOON
X-Key
X-Geo-Header
X-Varnish-Url
X-Irp-Debug
Origin
X-Amzn-Remapped-Connection
X-Reboot
X-RateLimit-Remaining-Second
SRV
X-RateLimit-Limit-Second
True-Client-Country-4JS
X-Hnp-Log
X-Rebelmouse-Cache-Control
Web-Mar-Node
X-Rebelmouse-Surrogate-Control
User-Cache-Control
Server-Int
X-Proxy-Upstream
X-SN
X-Info
X-SIPLIST1
Proxy-Connection
X-Amzn-Remapped-Date
IsBot
Server-Host
X-Refresh
X-Proxy-Cache-Status
Pramga
X-LI-Proto
X-ServiceProvider
X-Origin-Expires
X-Servername
X-Webstats-RespID
X-TT-LOGID
X-CGP
X-Page-Type
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Apple-News-Services-Handled
AKAMAI
X-Cms-Context
X-No-Session
X-Distributor
X-Distil-CS
X-Dispatcher-Server
X-Device-Os
X-Epic-Correlation-Id
X-Eu-Site
X-Origin-Date
X-F5-Cache
X-Core-Value
X-Crawler
Apple-News-Services-Request-Url
X-Sf
X-LI-UUID
X-Via-SSL
Fastly-SWR
X-Location
Fastly-Soc-X-Request-Id
X-Via-Edge
Ha-Gx-Prefs
X-Li-Pop
X-Cache-Debug
Heartbleed
HA-Ipaddr
Fastly-SIE
Fastly-Backend-Name
X-Swa-Ws
CDCHOST
X-Gen-Mode
Backend
X-Cache-Info
X-Cache-Id
X-PHP-Host
X-Cache-Host
Country-Code
Content-Disposition
X-C
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-FireWall-Port
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-Gateway-Cache-Key
Adler-Geo
Cache-Cookie-Set-Lfrom
X-Planisys-CDN-Cache
Fastly-SSL
X-ShopId
X-ShardId
X-Cache-Miss-From
X-Generated-On
X-Real-Ip
X-Sedo-Request-Id
X-Nginx-Cache-Key
X-MSEdge-Flight
X-S-Maxage
X-MSEdge-Features
X-Ah-Environment
X-Node-Id
X-Level-Front-Cache
X-GeoIP-City
X-Cache-FS-Status
X-Server-IP
X-GeoIP-Country-Code
X-Thanos
X-Core-Mission
X-Planisys-CDN-TTL
X-Amz-Meta-Cache-Control
X-Alternate-Cache-Key
X-User
RNT-Time
RNT-Machine
X-Amzn-Remapped-Content-Length
SD-X-WS
X-Sorting-Hat-PodId
X-TrackingId
X-Gateway-Cache-Status
X-Variation
X-Sorting-Hat-ShopId
X-Fetched-On
X-Qloud-Router
X-Skip-Cache
X-Bip
X-Shopify-Stage
X-WPE-Loopback-Upstream-Addr
Is-Eu
X-Cache-Bucket
HTTPS
X-BBXSRF
Platform
X-Fastly-Cache
X-Gateway-Skip-Cache
X-Backend-Host
X-Backend-State
X-Backend-Url
X-Planisys-CDN-Rules
X-Cdn-Srv
X-Server-Time
X-Micro-Cache
X-Owner
X-Auto-Login
DSUID
Section-Io-Cache
X-Nc
X-GZip
Server-ID
X-RateLimit-Reset
ServerName
Powered-By
X-CUA
Cteonnt-Length
FNAC-ModuleRouting
Fastcgi-Useragent
X-Varnish-Beresp-Ttl
X-Org
X-Dc
Pragrma
X-Load-Cache
X-Returned-From-BeforeDispatch
X-Server-By
X-Svr
X-Stale
X-Actual-URL
Gh-Request-Id
X-Passed-To
X-Returned-From
X-Parent-Response-Time
X-Aicache-OS
X-Passed-To-BeforeDispatch
REQUESTUUID
Viewtype
X-Returned-From-DLL
VivaBuild
X-Returned-From-PostProcessResponse
X-Passed-To-DLL
X-Original-Request
X-Passed-To-PostProcessResponse
X-Pjax-Url
X-VServer
X-Croise-Owner
Host-ID
X-FPC
X-Sn-Servicetimems
V-Age
X-Cdn-Origin
X-Apm-App-Name
X-Apm-Svc-Key
X-HS-Cache-Config
X-Apm-Inst-Hash
X-CDN-Forward
MIME-Version
X-Unique-ID
X-ND-Cache
X-Edge-Server
Cdn-Request-Time
Cdn-Host
Rt-Proxy-Cache
X-NC
X-Geo
X-Exp-Se
X-Microcachable
Mime-Version
X-CSRF-TOKEN
X-Ua-Device
X-Gdpr
X-Served-From
Cache
Memory
PICS-Label
X-Oss-Hash-Crc64ecma
SID
Time
X-Oss-Request-Id
X-Oss-Object-Type
X-B3-Parentspanid
X-Oss-Storage-Class
X-Oss-Server-Time
ProcessTime
X-V
X-Servedbyhost
X-Wa
HostName
X-Webkit-Csp
Wxu-Next-Commit
X-Req
X-Git-Hash
X-Tb-Optimization-Total-Bytes-Saved
X-DC
X-From-Cache
Cf-Ipcountry
Resin-Trace
Wxu-Next-Region
X-Newrelic-Synthetics
Wxu-Next-Hostname
Odigeo-Trace-Id
X-Optimization
X-Cache-HT
AR-SID
Cdn
X-Lb-Id
CF-IPCountry
X-HTML-Minification-Powered-By
X-Varnish-Beresp-TTL
X-Release
X-Fstrz
X-Response-By
Public-Key-Pins-Report-Only
X-TH-Server
X-WebServer
X-Ratelimit-Remaining
X-Atg-Version
X-Host-Name
X-Fastly-Backend-Reqs
X-Phone
Proxy-Firewall
Processtime
GMS-Ver
XServer
X-Ratelimit-Limit
X-GEO
X-ID
X-APP
CF-Cached-On
X-Vcl-Version
X-Instart-Info
Fastcgi-X-Cache-Version
X-WR-MODIFICATION
X-Daa-Tunnel
X-LB-ID
WZWS-RAY
Backend-Name
X-Upstream-HT
X-Upstream-CT
X-CACHE-AGE
X-CLOUD-TRACE-CONTEXT
X-Nananana
X-Worker
X-Amz-Meta-Surrogate-Control
X-Zone
X-Check-Cacheable
219prxHost
286prxHost
225prxHost
189phosttRef
352pxline
188prxHost
X-Server-W
409pxxline
X-NGINX-Cache
355prline
Xxline
178proxuri
Mobile-Detection-Method
X-Clientip
X-Vcache
GW-Server
Countrycode
X-WA
X-UE-Client-Country
X-We-Are-Hiring
X-B3-SpanId
X-CSRF-Token
X-IPS-LoggedIn
X-ServedByHost
X-URL
X-Hyper-Cache
X-Fastly-Country-Code
Pics-Label
SS
Version
X-Ratelimit-Reset
X-HS-Status
Lb
Ohc-File-Size
SN
GeoIp-Country-Code
Geoip-Latitude
X-Backend-TTL
DataCenter
Geoip-City
X-PF-Uncompressing
X-HS-Combine-CSS
FSS-Proxy
FSS-Cache
X-SERVER-NAME
Esi-Enabled
X-SRV
X-GZIP
X-Dynatrace
X-Request-Start
X-VCL-Version
X-Render-Time
X-UPSTREAM-Address
URI
X-BE
X-Contensis-Viewer-Groups
X-AssetVersion
Serverid
X-Akamai-Request-ID2
X-GDPR
GeoIP-Latitude
X-CS
X-Via-Ucdn
X-Fpc
X-Be
Accept-Language
Ohc-Cache-HIT
X-LiteSpeed-Cache-Control
WP-Super-Cache
GeoIP-Country-Code
GeoIP-City
X-Unique-Id
X-Vtex-Remote-Cache
X-RequestId
X-NWS-UUID-VERIFY
X-Vtex-Processado-Em
CDN
X-PJAX-URL
X-ZONE
X-Gen-Id
X-UCC
X-FORWARDED-FOR
X-HostName
Amp-Access-Control-Allow-Source-Origin
Dynatrace
X-Flog
RequestUuid
Who
X-ABtesting
Locale
X-Fastly-Cache-Hits
X-Html-Edge-Cache
X-Hello
X-Reqid
X-Varnish-Action
X-Pf-Uncompressing
X-Urbn-Context-Path
Cneonction
X-Urbn-Site-Id
X-Via-NSCOPI
X-Cache-Ttl
X-Cdn-Cache
A
Server-Id
X-LiteSpeed-Tag
X-Request-Url
X-Store
Accept-Ch
X-Cache-URL
X-Akamai-SSL-Client-Sid
X-NGENIX-Cache
X-Dw-Trace-Id
Get-Access-Time
X-Cdn-Request-ID
Ohc-Response-Time
X-Serial
X-HTML-Edge-Cache
Is-Session-Tracking
Frontcache
X-ServerName
NnCoection
X-Port
X-EC-Lua