Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
X-Powered-By
Link
ETag
CF-RAY
X-XSS-Protection
Expect-CT
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
CF-Cache-Status
X-Timer
Access-Control-Allow-Headers
X-Request-Id
Access-Control-Allow-Methods
X-AspNet-Version
X-Xss-Protection
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
Alt-Svc
X-Check
X-Cacheable
X-Request-ID
Content-Security-Policy-Report-Only
X-Generator
X-Cache-Status
CF-Ray
X-Permitted-Cross-Domain-Policies
X-AspNetMvc-Version
X-DNS-Prefetch-Control
X-Template
X-Language
Status
X-Iinfo
Content-Encoding
Timing-Allow-Origin
X-Buckets
X-FRAME-OPTIONS
X-Content-Security-Policy
X-CDN
Upgrade
Xkey
X-Turbo-Charged-By
X-Kinja-Server-Push
Keep-Alive
Access-Control-Expose-Headers
X-Backend
X-Cache-Group
X-Pass-Why
X-AH-Environment
P3p
Access-Control-Max-Age
X-Drupal-Dynamic-Cache
X-Age
X-Ua-Compatible
X-Pingback
X-Server
X-Via
X-Proxy-Cache
X-Amz-Id-2
X-Amz-Request-Id
Grace
X-Hacker
WPE-Backend
X-Robots-Tag
X-Varnish-Cache
X-Server-Powered-By
X-Nginx-Cache-Status
X-Page-Speed
X-UA-Device
EagleId
Request-Context
X-Envoy-Upstream-Service-Time
Cf-Railgun
X-Amz-Version-Id
X-LiteSpeed-Cache
X-WebKit-CSP
X-Swift-CacheTime
X-Swift-SaveTime
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-OneAgent-JS-Injection
X-Device
Ali-Swift-Global-Savetime
Allow
Server-Timing
X-Ac
X-CST
X-Rq
X-Node
X-Host
Feature-Policy
Content-Location
X-Type
X-Cnection
X-Response-Time
X-Server-Id
Report-To
X-Backend-Server
X-Application-Context
X-Cloud-Trace-Context
Surrogate-Control
EagleEye-TraceId
X-Iejgwucgyu
X-ORACLE-DMS-ECID
X-Url
X-Origin-Cache
X-Readtime
Request-Id
X-Rack-Cache
X-Country
X-FTR-Request-ID
X-Clacks-Overhead
X-Country-Code
X-Cache-Lookup
NEL
Rating
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Instart-Request-ID
X-Ruxit-JS-Agent
X-Vhost
Pinterest-Generated-By
X-Dns-Prefetch-Control
X-Mod-Pagespeed
X-DynaTrace
X-Upstream-Env
X-Origin-Upstream-Status
X-DataDome
X-Px
Edge-Control
X-Goog-Hash
Verso
X-Server-Name
X-ESI
Accept-CH
X-Dispatcher
X-HW
MS-Author-Via
X-VARITI-CCR
X-GitHub-Request-Id
X-DataStream-Cache-Status
AR-ATIME
PB-PID
Arc-Version
X-Mobile-Rewrite
AR-PoweredBy
AR-CACHE
PB-RID
X-MS-InvokeApp
X-Cdn-Fetch
X-Kinja-Server
X-Kinja-Revision
X-Kinja
X-Use-Magma
X-ORACLE-DMS-RID
X-Kinja-Build
X-Exp-Id
X-Exp-Variant
X-GoogleNews-Bot
Charset
X-Cached
X-Version
Content-MD5
X-Powered-By-Plesk
X-Recruiting
Public-Key-Pins
X-Server-ID
Service-Worker-Allowed
Accept-CH-Lifetime
AR-Request-ID
X-D2id
X-Navigation-Version
X-Abt-Application-Version
Ar-Sid
RTSS
X-TtlSet
X-Vname
X-PC
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Ser
X-TTL
X-Trace
X-Varnish-TTL
X-Vcap-Request-Id
X-Amz-Server-Side-Encryption
X-Forwarded-Proto
SPRequestGuid
X-Client-IP
X-DynaTrace-JS-Agent
X-FTR-DC
X-FTR-Balancer
X-FTR-Cache-Status
X-Country-Code-Real
X-FTR-Backend-Server
X-FTR-Backend
X-Goog-Stored-Content-Length
X-FTR-Realm
X-Goog-Stored-Content-Encoding
Nginx-Cache
X-Goog-Metageneration
X-Goog-Generation
X-VCache
X-Amz-Rid
X-FTR-Expires
X-SharePointHealthScore
X-Fastly-Request-ID
S
X-Amz-Meta-S3cmd-Attrs
X-Debug
X-Oracle-Dms-Rid
X-Shield-Request-Id
TCN
Arr-Disable-Session-Affinity
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Dw-Request-Base-Id
X-TEC-API-ORIGIN
X-Hits
X-XRDS-Location
DynaTrace
Pinterest-Version
X-Ttl
X-Upstream-Proxy
SPIisLatency
SPRequestDuration
X-Pinterest-Rid
X-Akam-SW-Version
X-T
Access-Control-Request-Method
X-B3-TraceId
X-Goog-Storage-Class
X-FTR-Cache-Host
X-Powered-CMS
Front-End-Https
X-Id
X-NF-Request-ID
X-SERVER
X-Acc-Meta-Resource-Type
X-Amzn-Trace-Id
Tracecode
Realpath
Fastcgi-Cache
X-MSEdge-Ref
X-Aspnet-Version
X-N
Paypal-Debug-Id
X-Varnish-Age
X-Forwarded-For
X-Content-Type
Alternate-Protocol
X-Upstream
Mrf-Cache-Status
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
MRF-Tech
X-B3-TraceId-Primal
X-Sol
Display
X-Middleton-Display
X-RateLimit-Remaining
X-Frontend
X-Logged-In
Response
X-HS-Hub-Id
X-HS-Content-Id
X-Middleton-Response
Fusion-Component-Id
Fusion-Source
X-Content-Digest
X-PressLabs-Stats
Fusion-Content-Source
Fusion-Template-Id
Fusion-Content-Id
AMP-Access-Control-Allow-Source-Origin
X-Hostname
X-Litespeed-Cache
X-Fastcgi-Cache
X-Srv
X-Accel-Buffering
X-Pad
X-Cache-Key
X-Accel-Expires
X-Kinsta-Cache
Server-Name
MicrosoftSharePointTeamServices
Host
X-Content-Options
X-User-Agent
Backend-Timing
X-Analytics
X-Correlation-Id
X-Revision
X-B3-Traceid
Refresh
X-Debug-Info
X-LB-Cache
X-AppVersion
X-Rid
X-Az
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Activity-Id
Accept-Charset
X-B
X-IPLB-Instance
FilterID
X-DIS-Request-ID
X-DataStream-MidMile-RTT
X-Cache-2
X-B3-Sampled
X-Cache-Hit
X-DataStream-Origin-MEX-Latency
X-CF-Powered-By
Powered-By-ChinaCache
Surrogate-Key
X-Grace
ServerID
X-FastCGI-Cache
X-Page-Id
X-Whom
Server-Info
X-PHP-Backend
TP-L2-Cache
TP-Cache
Host-Header
X-Request-Processing-Time
X-Request-Received
MS-CV
X-Content-Security-Policy-Report-Only
X-Varnish-Backend
Source
X-TT
X-Akamai-Edgescape
X-Amz-Replication-Status
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Kong-Proxy-Latency
X-App-Environment
X-UA-Device-Type
X-Origin-Server
X-Framework
X-Cache-Action
X-Kong-Upstream-Latency
X-Cluster
X-Cached-By
X-Webkit-CSP
X-Tumblr-Pixel
X-Platform-Server
X-Tumblr-User
X-Content-Powered-By
X-Mobile
Access-Control-Allow-Method
X-Tumblr-Pixel-0
Cache-Status
X-Varnish-Grace
X-F-Cache
X-Request-Guid
X-FW-Server
X-Ruxit-Js-Agent
X-FW-Static
X-Shard
X-FW-Type
X-FW-Hash
X-FW-Serve
X-Drupal-Cache-Tags
X-Instance
X-Ezoic-Cdn
X-Zen-Fury
X-Handled-By
X-FB-Debug
X-SS-Set-Cookie
X-GUploader-UploadID
X-Geo-Country
X-Magnolia-Registration
X-RateLimit-Limit
X-Cache-TTL
X-Forwarded-Host
Edge-Cache-Tag
X-ATG-Version
From-Origin
X-Node-Name
PageSpeed
X-Cache-Age
X-App-Server
CACHE
X-Varnish-Hostname
X-Varnish-Server
DC
Cleartype
Cache-Tags
X-AOL-HN
X-BCube-Filmed-By
X-XRDS-LOCATION
X-Cache-Control
Payment
X-Region
Filters
Healthy
X-WebKit-CSP-Report-Only
X-Response-Served-From
X-Generated-By
Upgrade-Insecure-Requests
X-TX-ID
X-GeoIP
X-Adobe-Loc
X-Adobe-Content
X-Storage
Ms-Operation-Id
Country
Cache-Tv-Group
X-UUID
X-RTag
X-Redis-Cache
X-VG-WebCache
Webserver
X-RequestSource
NGB
Retry-After
X-Tumblr-Pixel-1
X-TT-TIMESTAMP
X-Tumblr-Pixel-2
X-FW-Dynamic
X-Jobs
X-Wix-Server-Artifact-Id
X-Signature
X-B-Cache
Actual-Object-TTL
Server-Node
X-Cacheable-TTL
X-Locale
X-Drupal-Cache-Contexts
X-Cache-Rule
GEO-INFO
X-Varnish-Hits
X-Content-Age
Fastly-Restarts
ServedBy
X-Seen-By
Liferay-Portal
X-Contextid
Powered
X-Via-JSL
Frame-Options
X-TA-CDN-Provider
HitType
X-Rendered-As
X-Cache-TTL-Remaining
X-Oneagent-Js-Injection
X-Varnish-IP
X-BACKEND-TTL
X-Guploader-Uploadid
X-Real-IP
X-Yottaa-Metrics
X-Yottaa-Optimizations
Viewport
S-Cnection
X-WA-Info
X-Cache-Server
Content-Script-Type
Eomportal-Instance
Content-Style-Type
X-Upgrade-Enabled
X-RemovedCookies
X-ProcessESI
Datacenter
X-Cache-NE
X-Dynatrace-Js-Agent
NtCoent-Length
X-Mode
X-GRACE
X-Cache-Config
Xserver
X-Esi
X-Akamai-Transformed
Cache-Hits
Cache-Key
Load-Balancing
Meta-Geo
Machine
X-NewRelic-App-Data
X-Cache-Var-Map
X-Wix-Request-Id
X-Path-Route
ViewerVersion
X-Proto
X-Proxied
X-Zipkin-Id
X-Routing-Service
X-RN-RSRV
X-S
X-Is-Bot
X-Device-Type
X-Detected-As
X-Cache-Var
X-ES-SERVER
X-From
X-Time
X-Hl-Ver
X-Varnish-Cache-Hits
Vix-Hermes-Req-Id
X-Hosted-By
X-FC-Vary-Parameters
X-L-Path
X-LJ-Flow-ID
X-Viewer-Country
X-VG-TLSProxy
X-Environment-Context
X-Cache-Enabled
Mn-Server-Ip
Mail-Subject
OT-Force-Account-Verify
We-Hiring
X-AWS-Id
L5d-Success-Class
X-VWS-Id
X-Birta-Served
X-Birta-Cache-Post
X-Debug-Cache
X-EIG-Tracking-Id
X-Loop
X-FW-Version
X-Backend-Name
Access-Control-Request-Headers
Origin-Cache-Control
DB-Nickname
Origin-Edge-Control
S-Rt
X-Access
X-Proxy
X-Labrador-Cache-Channel
X-TNCMS
X-Status
X-Time-Microsecs
X-Via-CDN
X-ServerID
X-Web-Node
X-Section
Decoy-Debug-TTL
X-FB-TRIP-ID
X-Tumblr-Pixel-3
X-Trace-Id
X-Akamai-Request-ID
NGX
Now
Selected-FE
X-Via-Fastly
X-Tb
X-Timing-Wait
X-OCL
Decoy-Debug-Status
X-Origin-Response-Time
X-Proxy-Build
X-ProxyCache-Key
X-JoinUs
X-IP
X-CCM
X-ProxyCache-Status
X-Format
X-Human
X-BYPASS-REASON
X-PCL
Azure-SlotName
Cache-Tag
Azure-SiteName
Azure-RegionName
X-Endurance-Cache-Level
Azure-InstanceId
Azure-Version
Decoy-Debug-Key
Webcakes-App-Name
Webcakes-App-Version
X-Varnish-Cacheable
TWC-Privacy
TWC-GeoIP-LatLong
TWC-Locale-Group
Webcakes-Region
X-Cdn
X-Grey
X-MP-GENERATED-AT
X-Generated
X-Site-Version
X-Origin-Hint
X-Cache-Category-Id
TWC-GeoIP-Country
X-Cache-Operation
X-Www-Served-By
TWC-Device-Class
X-NCache
Property-Id
X-Xfnlog-Site
TWC-Connection-Speed
X-Vgn-Hpd-Reason
X-Rocket-Nginx-Bypass
Uber-Trace-Id
Served-By
X-CDN-Cache
X-VC-Cache
X-Internal-Host
X-Sucuri-ID
X-R9-Blue-Green-Version
X-NWS-LOG-UUID
X-EdgeConnect-Cache-Status
X-Rule
X-RCS-CacheZone
X-UA
X-Origin-Host
X-Cache-Remote
AsisCache
LB
X-Newrelic-App-Data
X-Cluster-Node
Release
X-UnsetCookies
Pagespeed
Rt-Fastcgi-Cache
User-Agent
X-App-Name
X-TIME
Nel
X-ApacheServer
X-PERF
X-B3-Spanid
Hostname
X-Agile
X-Agile-Age
X-Agile-Id
X-Nginx-Cache
X-Varnish-Ttl
X-Source
X-APP-VERSION
X-Ua
X-Datadome
X-Request-Time
Cache-Name
X-Edge-Location
X-App-Version
X-Ocache
X-Sucuri-Cache
X-OVcl
X-Pubstack
X-Goog-Meta-Goog-Reserved-File-Mtime
X-OVcl-Cache
X-Origin
Warning
X-Hit
X-Origin-CC
X-Cdn-Forward
X-Edge-IP
X-Origin-TTL
X-ElasticPress-Search
X-VCT
X-Protected-By
X-B-Cookie
X-Region-Sid
X-Thinkindot-L3
Origin
X-Varnish-Authentication
X-Accel-Expires-Debug
X-Request-UUID
X-A-Wwc
Fly-Cache
X-Logtrace-Id
Fly-Request-Id
On-Server
X-Instart-Isnd
Meta-Geo-Continent
X-Mobile-URL
X-ARC
X-VG-WebServer
N-Cache
Node
Rendered-Blocks
X-Matched-Rule
X-Application
X-Aed
Request-EU
Xc-Version
Thinkindot-CacheControl-Type
Arc-Country
Thinkindot-CacheControl
BehaviorPad-Version
Thinkindot-Control
X-IN-APIGATEWAY
X-Var-Ttl
Www
Ajk
UCS
X-IN-WAF
X-A
X-A-Ccd
X-A-Dam
X-A-Dcw
X-A-Dgt
Ec-Rule-Version
Cross-Origin-Window-Policy
Server-Surrogate-Control
Cache-Prefix
Server-Cache-Control
Request-Time
Request-Country
X-NX-Host
X-Twitter-Response-Tags
MD5-Digest
X-CF-Lambda-Fn
X-External-Request-Id
X-Debug-Cookies
X-Secret
X-CACHE-KEY
X-Debug-Log
X-Transaction
X-D
X-S-Cookie
X-Debug-Cache-Store
X-Debug-Cache-Expiry
X-Processor
X-Trv-Group
X-Connection-Hash
X-Debug-Cache-Fetch
X-BB-ID
X-SRCache-Key
X-CF-Lambda-Version
X-Core-Value
X-Server-Group
X-G
X-Developer
X-Platform
X-Date
X-DPWN-IS-SECURE
X-Rojux
X-Up
X-Rewrite-Enabled
X-Cache-ASPX
X-Generated-In
X-Cache-Expires
X-Gannett-Site-Version
X-NodeID
X-NU-AKA-ACS-Version
X-PAYTM-SRV-ID
X-ScT
X-Cache-Grace
X-Destination
X-Hp-Webp
X-Cache-Backend
RNT-Machine
X-Distributor
X-Info
RNT-Time
Pagetype
X-Developers
X-Device-Os
Memcached
X-Refresh
X-Varnish-Url
Proxy-Connection
Pramga
X-Dispatcher-Server
X-Eu-Site
X-Rebelmouse-Cache-Control
X-Cache-Id
X-Cache-Info
X-Rebelmouse-Surrogate-Control
X-Reboot
X-Gen-Mode
X-Cache-Host
X-Amzn-Remapped-Date
X-Block-Status
X-Amzn-Remapped-Connection
X-Cache-Debug
X-Geo-Header
X-Cache-Miss-From
Web-Mar-Node
X-Hnp-Log
X-Cms-Context
SRV
X-Crawler
Server-Int
X-Epic-Correlation-Id
True-Client-Country-4JS
X-RateLimit-Remaining-Second
X-CGP
User-Cache-Control
X-TT-LOGID
Server-Host
X-LI-UUID
X-Li-Pop
X-Webstats-RespID
X-LI-Proto
X-Request-URI
X-SIPLIST1
AKAMAI
X-No-Session
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-From
Backend
X-Sedo-Request-Id
X-Origin-Expires
X-Location
Magicmarker
X-Origin-Date
X-Proxy-Upstream
X-Hash
X-Nginx-Cache-Key
X-Proxy-Cache-Status
X-Sf
X-Servername
X-Policy
X-ServiceProvider
X-SN
X-Qloud-Router
X-Li-Fabric
X-Page-Type
X-Via-SSL
Fastly-SIE
IsBot
Kp-EeAlive
X-Key
X-PHP-Host
X-Swa-Ws
Fastly-SWR
Heartbleed
Fastly-Backend-Name
Lfy
X-RateLimit-Limit-Second
Ha-Gx-Prefs
HA-Ipaddr
X-Irp-Debug
Content-Disposition
X-LAGOON
Country-Code
X-Via-Edge
X-FireWall-Port
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-GeoIP-Country-Code
X-WPE-Loopback-Upstream-Addr
X-Cache-FS-Status
X-Node-Id
X-Core-Mission
X-ShopId
X-Real-Ip
X-ShardId
X-GeoIP-City
X-Server-IP
X-F5-Cache
X-S-Maxage
X-Planisys-CDN-Rules
X-Fastly-Cache
X-Gateway-Cache-Key
X-Fetched-On
X-Planisys-CDN-Cache
X-Planisys-CDN-TTL
X-Distil-CS
X-Sorting-Hat-PodId
X-TrackingId
X-Sorting-Hat-ShopId
X-Gateway-Skip-Cache
X-Shopify-Stage
X-Gateway-Cache-Status
X-Generated-On
X-Backend-Url
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
X-Amz-Meta-Cache-Control
X-User
X-Variation
X-Alternate-Cache-Key
Apple-News-Services-Host
X-Ah-Environment
X-Cache-Bucket
X-Thanos
Adler-Geo
Apple-News-Services-Handled
X-Amzn-Remapped-Content-Length
CDCHOST
Is-Eu
X-Skip-Cache
X-BBXSRF
X-Bip
X-C
X-Backend-State
X-Backend-Host
SD-X-WS
X-Level-Front-Cache
Fastly-SSL
Fastly-Soc-X-Request-Id
HTTPS
Platform
X-Owner
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-Micro-Cache
X-Auto-Login
X-MSEdge-Features
X-Server-Time
DSUID
X-Cdn-Srv
X-MSEdge-Flight
X-GZip
X-Nc
Section-Io-Cache
Server-ID
Powered-By
Cteonnt-Length
FNAC-ModuleRouting
ServerName
X-CUA
X-RateLimit-Reset
X-Varnish-Beresp-Ttl
Fastcgi-Useragent
Pragrma
X-Dc
X-Org
X-Load-Cache
X-Original-Request
X-Passed-To-DLL
X-Passed-To
X-Passed-To-PostProcessResponse
X-Pjax-Url
X-Passed-To-BeforeDispatch
X-Returned-From-DLL
X-Returned-From
REQUESTUUID
X-Aicache-OS
Gh-Request-Id
X-Returned-From-PostProcessResponse
X-Returned-From-BeforeDispatch
X-Stale
X-Svr
X-Server-By
X-Actual-URL
VivaBuild
Viewtype
V-Age
X-CDN-Forward
X-Sn-Servicetimems
X-Cdn-Origin
X-Apm-Svc-Key
X-Apm-Inst-Hash
X-Apm-App-Name
X-Parent-Response-Time
X-VServer
Host-ID
X-HS-Cache-Config
X-Croise-Owner
X-FPC
X-Unique-ID
MIME-Version
X-Exp-Se
X-NC
X-Geo
Rt-Proxy-Cache
X-ND-Cache
Cdn-Host
X-Edge-Server
Cdn-Request-Time
X-Microcachable
X-Served-From
X-Gdpr
X-Ua-Device
X-CSRF-TOKEN
Mime-Version
Cache
SID
Time
X-Oss-Server-Time
X-Oss-Hash-Crc64ecma
Memory
X-B3-Parentspanid
X-Oss-Object-Type
PICS-Label
X-Oss-Storage-Class
X-Oss-Request-Id
X-V
X-Servedbyhost
ProcessTime
X-Wa
HostName
X-Req
Resin-Trace
Cf-Ipcountry
X-Git-Hash
X-From-Cache
X-DC
X-Newrelic-Synthetics
Wxu-Next-Region
Wxu-Next-Hostname
X-Tb-Optimization-Total-Bytes-Saved
Wxu-Next-Commit
Odigeo-Trace-Id
X-Cache-HT
X-Optimization
AR-SID
X-Lb-Id
CF-IPCountry
X-HTML-Minification-Powered-By
Cdn
X-Varnish-Beresp-TTL
X-Fstrz
X-Release
X-Ratelimit-Remaining
X-Response-By
Public-Key-Pins-Report-Only
X-WebServer
X-TH-Server
X-Atg-Version
X-Host-Name
XServer
X-Phone
Proxy-Firewall
GMS-Ver
X-Fastly-Backend-Reqs
X-GEO
X-ID
X-Ratelimit-Limit
X-Vcl-Version
X-Instart-Info
CF-Cached-On
X-APP
Processtime
Fastcgi-X-Cache-Version
X-LB-ID
X-WR-MODIFICATION
X-Daa-Tunnel
WZWS-RAY
Backend-Name
X-Upstream-HT
X-Upstream-CT
X-CLOUD-TRACE-CONTEXT
X-CACHE-AGE
X-Nananana
X-Worker
X-Amz-Meta-Surrogate-Control
X-Check-Cacheable
X-Zone
189phosttRef
225prxHost
219prxHost
188prxHost
286prxHost
355prline
X-Server-W
409pxxline
X-WA
X-NGINX-Cache
Xxline
352pxline
178proxuri
X-Vcache
X-UE-Client-Country
GW-Server
Mobile-Detection-Method
Countrycode
X-Clientip
X-We-Are-Hiring
X-B3-SpanId
Version
Pics-Label
X-CSRF-Token
X-Hyper-Cache
X-URL
X-ServedByHost
X-Fastly-Country-Code
X-IPS-LoggedIn
SS
X-Ratelimit-Reset
X-HS-Status
Ohc-File-Size
Lb
SN
X-Backend-TTL
Geoip-Latitude
GeoIp-Country-Code
DataCenter
Geoip-City
X-HS-Combine-CSS
X-PF-Uncompressing
FSS-Proxy
Esi-Enabled
X-SERVER-NAME
FSS-Cache
X-Dynatrace
X-GZIP
X-SRV
X-Request-Start
X-VCL-Version
X-Render-Time
X-UPSTREAM-Address
URI
X-BE
X-Contensis-Viewer-Groups
X-AssetVersion
Serverid
X-Akamai-Request-ID2
X-GDPR
Ohc-Cache-HIT
X-Via-Ucdn
X-Be
X-Fpc
Accept-Language
X-CS
GeoIP-Latitude
GeoIP-Country-Code
WP-Super-Cache
X-LiteSpeed-Cache-Control
GeoIP-City
X-Unique-Id
X-Vtex-Remote-Cache
X-RequestId
X-Vtex-Processado-Em
CDN
X-ZONE
X-UCC
X-PJAX-URL
X-Gen-Id
X-HostName
Amp-Access-Control-Allow-Source-Origin
X-FORWARDED-FOR
Dynatrace
Locale
X-ABtesting
X-Flog
RequestUuid
X-Fastly-Cache-Hits
X-NWS-UUID-VERIFY
X-Via-NSCOPI
X-Html-Edge-Cache
X-Varnish-Action
X-Hello
X-Urbn-Context-Path
X-Pf-Uncompressing
X-Reqid
Cneonction
X-Urbn-Site-Id
Who
X-Cdn-Cache
X-Cache-Ttl
A
X-LiteSpeed-Tag
Server-Id
X-Cache-URL
X-Store
Accept-Ch
X-Request-Url
X-NGENIX-Cache
X-Akamai-SSL-Client-Sid
X-Dw-Trace-Id
Get-Access-Time
X-Cdn-Request-ID
Ohc-Response-Time
X-Serial
X-HTML-Edge-Cache
Is-Session-Tracking
Frontcache
X-ServerName
NnCoection
X-Port
X-EC-Lua