Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
X-Powered-By
Link
ETag
CF-RAY
X-XSS-Protection
Expect-CT
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
CF-Cache-Status
X-Timer
Access-Control-Allow-Headers
X-Request-Id
Access-Control-Allow-Methods
X-AspNet-Version
X-Xss-Protection
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
Alt-Svc
X-Check
X-Cacheable
X-Request-ID
Content-Security-Policy-Report-Only
X-Generator
X-Cache-Status
CF-Ray
X-Permitted-Cross-Domain-Policies
X-AspNetMvc-Version
X-DNS-Prefetch-Control
X-Template
X-Language
Status
X-Iinfo
Content-Encoding
Timing-Allow-Origin
X-Buckets
X-FRAME-OPTIONS
X-Content-Security-Policy
X-CDN
Upgrade
Xkey
X-Turbo-Charged-By
X-Kinja-Server-Push
Keep-Alive
Access-Control-Expose-Headers
X-Backend
X-Cache-Group
X-Pass-Why
X-AH-Environment
P3p
Access-Control-Max-Age
X-Drupal-Dynamic-Cache
X-Age
X-Ua-Compatible
X-Pingback
X-Server
X-Via
X-Proxy-Cache
Grace
X-Amz-Id-2
X-Amz-Request-Id
X-Hacker
WPE-Backend
X-Robots-Tag
X-Nginx-Cache-Status
X-Server-Powered-By
X-Varnish-Cache
X-Page-Speed
X-UA-Device
EagleId
Request-Context
X-Envoy-Upstream-Service-Time
Cf-Railgun
X-Amz-Version-Id
X-LiteSpeed-Cache
X-WebKit-CSP
X-Swift-CacheTime
X-Swift-SaveTime
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-OneAgent-JS-Injection
X-Device
Ali-Swift-Global-Savetime
Allow
Server-Timing
X-Ac
X-CST
X-Rq
X-Node
X-Host
Feature-Policy
Content-Location
X-Type
X-Cnection
X-Response-Time
X-Server-Id
Report-To
X-Backend-Server
X-Application-Context
X-Cloud-Trace-Context
Surrogate-Control
EagleEye-TraceId
X-Iejgwucgyu
X-ORACLE-DMS-ECID
X-Url
X-Readtime
X-Origin-Cache
Request-Id
X-Rack-Cache
X-Country
X-FTR-Request-ID
X-Clacks-Overhead
X-Cache-Lookup
X-Country-Code
NEL
Rating
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Instart-Request-ID
X-Ruxit-JS-Agent
X-Vhost
Pinterest-Generated-By
X-Dns-Prefetch-Control
X-Mod-Pagespeed
X-DynaTrace
X-Upstream-Env
X-Origin-Upstream-Status
X-DataDome
X-Px
Edge-Control
X-Goog-Hash
Verso
X-Server-Name
X-ESI
Accept-CH
X-Dispatcher
X-ORACLE-DMS-RID
X-HW
MS-Author-Via
X-VARITI-CCR
X-GitHub-Request-Id
X-DataStream-Cache-Status
X-Mobile-Rewrite
AR-CACHE
PB-RID
Arc-Version
PB-PID
AR-PoweredBy
AR-ATIME
X-MS-InvokeApp
X-GoogleNews-Bot
X-Kinja
X-Exp-Variant
X-Kinja-Build
X-Kinja-Revision
X-Use-Magma
X-Cdn-Fetch
X-Kinja-Server
X-Exp-Id
Charset
X-Cached
X-Version
Content-MD5
X-Powered-By-Plesk
X-Recruiting
Public-Key-Pins
X-Server-ID
Service-Worker-Allowed
Accept-CH-Lifetime
AR-Request-ID
X-D2id
X-Navigation-Version
RTSS
Ar-Sid
X-Abt-Application-Version
X-Vname
X-TtlSet
X-PC
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Ser
X-TTL
X-Trace
X-Forwarded-Proto
X-Varnish-TTL
X-Amz-Server-Side-Encryption
X-Vcap-Request-Id
X-Client-IP
SPRequestGuid
X-DynaTrace-JS-Agent
Nginx-Cache
X-FTR-Backend-Server
X-FTR-Backend
X-FTR-Balancer
X-Country-Code-Real
X-FTR-DC
X-FTR-Cache-Status
X-FTR-Realm
X-Goog-Metageneration
X-VCache
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-FTR-Expires
X-SharePointHealthScore
X-Amz-Rid
X-Fastly-Request-ID
S
X-Amz-Meta-S3cmd-Attrs
X-XRDS-Location
X-Debug
Arr-Disable-Session-Affinity
X-Shield-Request-Id
TCN
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Hits
X-Dw-Request-Base-Id
DynaTrace
X-Upstream-Proxy
X-Ttl
Pinterest-Version
SPRequestDuration
SPIisLatency
X-Pinterest-Rid
X-Akam-SW-Version
Access-Control-Request-Method
X-T
X-B3-TraceId
X-Goog-Storage-Class
X-FTR-Cache-Host
X-Id
X-Oracle-Dms-Rid
Front-End-Https
X-Powered-CMS
X-NF-Request-ID
X-SERVER
X-Acc-Meta-Resource-Type
Realpath
X-Amzn-Trace-Id
X-MSEdge-Ref
Fastcgi-Cache
Tracecode
X-Aspnet-Version
X-N
Paypal-Debug-Id
X-Varnish-Age
X-Forwarded-For
X-Content-Type
X-Upstream
Alternate-Protocol
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
X-RateLimit-Remaining
Display
X-Middleton-Display
X-Sol
X-Frontend
X-PressLabs-Stats
X-Logged-In
X-HS-Hub-Id
X-HS-Content-Id
X-Middleton-Response
Fusion-Component-Id
Fusion-Content-Id
Fusion-Content-Source
Fusion-Source
X-Content-Digest
Response
Fusion-Template-Id
AMP-Access-Control-Allow-Source-Origin
X-Hostname
X-Litespeed-Cache
X-Fastcgi-Cache
X-Srv
X-Accel-Buffering
X-Pad
X-Accel-Expires
X-Kinsta-Cache
Server-Name
MicrosoftSharePointTeamServices
Host
X-Cache-Key
X-User-Agent
X-Content-Options
Backend-Timing
X-Analytics
X-Correlation-Id
X-Debug-Info
X-LB-Cache
X-Revision
Refresh
X-B3-Traceid
X-Activity-Id
X-AppVersion
X-Az
X-Rid
Accept-Charset
X-IPLB-Instance
X-Amz-Apigw-Id
X-B
X-Amzn-RequestId
FilterID
X-DIS-Request-ID
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
X-B3-Sampled
X-Cache-2
X-Cache-Hit
Powered-By-ChinaCache
X-CF-Powered-By
Surrogate-Key
X-Grace
ServerID
X-FastCGI-Cache
X-Whom
X-Page-Id
Server-Info
TP-L2-Cache
TP-Cache
X-PHP-Backend
X-Request-Received
X-Request-Processing-Time
MS-CV
Host-Header
X-Content-Security-Policy-Report-Only
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Origin-Server
X-Varnish-Backend
X-Akamai-Edgescape
X-Amz-Replication-Status
X-TT
X-Kong-Upstream-Latency
Cache-Status
X-Cached-By
X-Cluster
X-Framework
Source
X-Cache-Action
X-Kong-Proxy-Latency
X-UA-Device-Type
Access-Control-Allow-Method
X-Platform-Server
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Mobile
X-App-Environment
X-Tumblr-User
X-Webkit-CSP
X-FW-Type
X-FW-Serve
X-F-Cache
X-FW-Static
X-FW-Hash
X-Drupal-Cache-Tags
X-Content-Powered-By
X-Ezoic-Cdn
X-FW-Server
X-Shard
X-Ruxit-Js-Agent
X-Instance
X-Zen-Fury
X-Varnish-Grace
X-SS-Set-Cookie
X-Geo-Country
X-RateLimit-Limit
X-Handled-By
X-Request-Guid
X-FB-Debug
X-GUploader-UploadID
X-Magnolia-Registration
X-Cache-TTL
X-Forwarded-Host
Edge-Cache-Tag
From-Origin
X-ATG-Version
X-Node-Name
X-Cache-Age
X-App-Server
X-Varnish-Hostname
DC
X-Varnish-Server
Cleartype
Cache-Tags
PageSpeed
CACHE
X-BCube-Filmed-By
X-AOL-HN
X-Cache-Control
Payment
Healthy
X-Region
Upgrade-Insecure-Requests
Filters
X-WebKit-CSP-Report-Only
X-Response-Served-From
X-RequestSource
X-Generated-By
X-TX-ID
X-GeoIP
X-Adobe-Content
X-Adobe-Loc
X-Storage
X-UUID
Cache-Tv-Group
X-TT-TIMESTAMP
X-RTag
Webserver
NGB
Ms-Operation-Id
Country
X-VG-WebCache
X-Tumblr-Pixel-2
X-Signature
Server-Node
X-Tumblr-Pixel-1
X-B-Cache
X-Redis-Cache
X-Wix-Server-Artifact-Id
X-FW-Dynamic
X-Jobs
X-Drupal-Cache-Contexts
Actual-Object-TTL
Retry-After
X-Content-Age
X-Cacheable-TTL
Fastly-Restarts
X-Cache-Rule
X-Varnish-Hits
GEO-INFO
X-Locale
ServedBy
X-Seen-By
X-XRDS-LOCATION
Liferay-Portal
X-Contextid
Powered
X-Via-JSL
Frame-Options
X-TA-CDN-Provider
X-Rendered-As
HitType
X-Cache-TTL-Remaining
X-Oneagent-Js-Injection
X-Varnish-IP
X-BACKEND-TTL
X-Guploader-Uploadid
X-Real-IP
X-Yottaa-Optimizations
X-Yottaa-Metrics
S-Cnection
Viewport
X-WA-Info
X-Cache-Server
X-ProcessESI
Content-Script-Type
X-Upgrade-Enabled
X-Time
Eomportal-Instance
X-RemovedCookies
Content-Style-Type
NtCoent-Length
Datacenter
X-GRACE
X-Mode
X-Cache-NE
Xserver
X-Cache-Config
X-Esi
X-Akamai-Transformed
Meta-Geo
Machine
Load-Balancing
Cache-Key
Mn-Server-Ip
X-Cache-Var
X-ES-SERVER
X-Device-Type
X-Cache-Var-Map
Cache-Hits
X-Varnish-Cache-Hits
X-Hl-Ver
X-Is-Bot
X-Path-Route
X-Proto
X-Routing-Service
X-Zipkin-Id
X-RN-RSRV
X-From
ViewerVersion
X-Proxied
X-Detected-As
X-Wix-Request-Id
X-NewRelic-App-Data
Access-Control-Request-Headers
X-AWS-Id
TWC-Device-Class
TWC-Connection-Speed
X-Endurance-Cache-Level
X-Environment-Context
Property-Id
X-Cache-Enabled
X-Access
Webcakes-Region
TWC-Privacy
TWC-Locale-Group
TWC-GeoIP-LatLong
Vix-Hermes-Req-Id
We-Hiring
Webcakes-App-Version
Webcakes-App-Name
OT-Force-Account-Verify
Mail-Subject
X-VWS-Id
X-Section
X-VG-TLSProxy
X-Viewer-Country
X-S
X-Origin-Hint
X-Hosted-By
TWC-GeoIP-Country
X-LJ-Flow-ID
X-L-Path
L5d-Success-Class
Azure-InstanceId
Azure-RegionName
Azure-SiteName
DB-Nickname
Azure-SlotName
Azure-Version
X-Backend-Name
X-Proxy
X-Origin-Response-Time
X-Status
X-Time-Microsecs
X-Tb
X-TNCMS
X-Loop
X-Labrador-Cache-Channel
X-Birta-Served
X-Birta-Cache-Post
X-EIG-Tracking-Id
X-FC-Vary-Parameters
X-FW-Version
X-Format
X-Akamai-Request-ID
X-ServerID
Origin-Cache-Control
Origin-Edge-Control
X-ProxyCache-Status
X-BYPASS-REASON
X-Timing-Wait
X-Tumblr-Pixel-3
X-Trace-Id
X-ProxyCache-Key
X-Proxy-Build
X-CCM
Cache-Tag
X-Debug-Cache
X-JoinUs
S-Rt
Selected-FE
X-Varnish-Cacheable
Now
X-Via-CDN
Decoy-Debug-Key
X-FB-TRIP-ID
X-Xfnlog-Site
Decoy-Debug-Status
Decoy-Debug-TTL
X-Via-Fastly
X-Web-Node
NGX
X-Human
X-Cache-Operation
X-Cache-Category-Id
X-MP-GENERATED-AT
X-Grey
X-OCL
X-NCache
X-Cdn
X-Www-Served-By
X-PCL
X-Rocket-Nginx-Bypass
X-Vgn-Hpd-Reason
X-Site-Version
X-Generated
Uber-Trace-Id
X-CDN-Cache
X-IP
Served-By
X-VC-Cache
X-Internal-Host
X-NWS-LOG-UUID
X-Sucuri-ID
X-R9-Blue-Green-Version
X-Dynatrace-Js-Agent
LB
Pagespeed
X-RCS-CacheZone
X-EdgeConnect-Cache-Status
X-Origin-Host
X-Rule
AsisCache
X-Cache-Remote
X-Newrelic-App-Data
Release
X-Cluster-Node
X-UA
X-UnsetCookies
Rt-Fastcgi-Cache
User-Agent
X-App-Name
Nel
X-Ua
X-ApacheServer
X-PERF
X-B3-Spanid
X-Source
Hostname
X-Nginx-Cache
X-TIME
X-App-Version
X-Datadome
X-Agile-Id
X-Agile
X-Agile-Age
X-Varnish-Ttl
Cache-Name
X-CACHE-KEY
X-Request-Time
X-Edge-Location
X-Ocache
X-APP-VERSION
X-Sucuri-Cache
X-Origin
X-Pubstack
X-Goog-Meta-Goog-Reserved-File-Mtime
X-OVcl
X-OVcl-Cache
X-Hit
X-Origin-TTL
X-Edge-IP
X-Cdn-Forward
Warning
X-Origin-CC
X-VCT
X-ElasticPress-Search
X-Protected-By
X-A-Dam
X-Debug-Cache-Store
X-Debug-Cookies
X-A-Ccd
X-Connection-Hash
X-CF-Lambda-Fn
Request-EU
X-Debug-Log
X-CF-Lambda-Version
X-Core-Value
X-Debug-Cache-Expiry
X-D
X-Date
Ajk
X-Debug-Cache-Fetch
X-A
X-Twitter-Response-Tags
Xc-Version
Rendered-Blocks
MD5-Digest
Server-Surrogate-Control
Meta-Geo-Continent
X-Cache-ASPX
X-Cache-Expires
X-A-Wwc
X-Up
X-Cache-Grace
X-Destination
N-Cache
X-ARC
X-Accel-Expires-Debug
X-BB-ID
Server-Cache-Control
X-Aed
X-Trv-Group
Origin
Node
X-Var-Ttl
On-Server
X-Varnish-Authentication
Request-Time
Cache-Prefix
X-B-Cookie
X-S-Cookie
X-Transaction
Request-Country
BehaviorPad-Version
UCS
X-A-Dgt
Arc-Country
Thinkindot-Control
Thinkindot-CacheControl-Type
Fly-Request-Id
X-VG-WebServer
X-Rojux
Thinkindot-CacheControl
Fly-Cache
Cross-Origin-Window-Policy
Ec-Rule-Version
X-Application
X-A-Dcw
X-External-Request-Id
X-Gannett-Site-Version
X-Generated-In
X-Developer
X-G
X-NodeID
X-Platform
X-Rewrite-Enabled
X-NX-Host
Www
X-PAYTM-SRV-ID
X-Logtrace-Id
X-Matched-Rule
X-Region-Sid
X-Mobile-URL
X-Hp-Webp
X-NU-AKA-ACS-Version
X-SRCache-Key
X-Request-UUID
X-Processor
X-IN-APIGATEWAY
X-DPWN-IS-SECURE
X-Secret
X-Thinkindot-L3
X-Server-Group
X-IN-WAF
X-Instart-Isnd
X-ScT
X-Developers
X-Cache-Backend
X-Qloud-Router
X-Rebelmouse-Cache-Control
Magicmarker
X-Proxy-Upstream
Lfy
X-Nginx-Cache-Key
X-Cache-Debug
X-No-Session
Pramga
X-RateLimit-Remaining-Second
Memcached
X-Origin-Expires
X-Page-Type
X-C
X-SN
X-RateLimit-Limit-Second
Server-Host
X-Proxy-Cache-Status
X-Swa-Ws
SRV
X-Li-Fabric
True-Client-Country-4JS
X-Info
X-Policy
X-LAGOON
X-SIPLIST1
X-Li-Pop
Server-Int
RNT-Machine
X-TT-LOGID
X-PHP-Host
RNT-Time
X-Location
X-LI-Proto
Kp-EeAlive
X-LI-UUID
Proxy-Connection
X-Varnish-Url
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Apple-News-Services-Handled
AKAMAI
Apple-News-Services-Request-Url
X-Node-Id
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
Backend
X-CGP
X-Cms-Context
X-Distributor
X-Distil-CS
X-Dispatcher-Server
X-Device-Os
X-Crawler
X-Sedo-Request-Id
X-F5-Cache
X-Eu-Site
X-Epic-Correlation-Id
X-Webstats-RespID
CDCHOST
X-Request-URI
X-Origin-Date
X-ServiceProvider
X-Hash
X-Geo-Header
Ha-Gx-Prefs
HA-Ipaddr
X-Sf
X-Rebelmouse-Surrogate-Control
X-Cache-Host
Heartbleed
X-Servername
Fastly-SWR
X-Cache-Info
Country-Code
Content-Disposition
X-Cache-Miss-From
X-Refresh
X-Reboot
X-Cache-Id
Fastly-Soc-X-Request-Id
Fastly-SIE
Fastly-Backend-Name
IsBot
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-Via-Edge
X-GeoIP-Country-Code
X-ShopId
X-ShardId
Web-Mar-Node
X-Planisys-CDN-Cache
HTTPS
X-GeoIP-City
X-S-Maxage
X-Planisys-CDN-Rules
Is-Eu
X-Cache-FS-Status
Adler-Geo
X-Via-SSL
X-Level-Front-Cache
X-Key
X-Ah-Environment
X-MSEdge-Flight
X-MSEdge-Features
X-Server-IP
X-Wikidot-Static-Cache
X-Hnp-Log
X-Irp-Debug
X-Core-Mission
X-Wikidot-Backend
X-Planisys-CDN-TTL
X-Variation
X-Alternate-Cache-Key
X-Fetched-On
X-Amz-Meta-Cache-Control
X-Shopify-Stage
X-Block-Status
X-Skip-Cache
X-Gateway-Skip-Cache
X-Gateway-Cache-Status
X-Gateway-Cache-Key
User-Cache-Control
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-Amzn-Remapped-Content-Length
X-Amzn-Remapped-Connection
X-User
X-Backend-Url
X-BBXSRF
Pagetype
X-Bip
X-Amzn-Remapped-Date
X-Generated-On
X-Thanos
X-Backend-Host
X-Fastly-Cache
Platform
X-Gen-Mode
X-Real-Ip
X-FireWall-Port
DSUID
X-Cdn-Srv
X-Cache-Bucket
Fastly-SSL
X-Backend-State
X-Auto-Login
SD-X-WS
X-WPE-Loopback-Upstream-Addr
X-TrackingId
X-Owner
X-Micro-Cache
X-Server-Time
Section-Io-Cache
X-GZip
X-Nc
X-RateLimit-Reset
ServerName
Server-ID
Cteonnt-Length
X-CUA
FNAC-ModuleRouting
Powered-By
Fastcgi-Useragent
X-Varnish-Beresp-Ttl
X-Org
X-Dc
Pragrma
X-Load-Cache
X-Aicache-OS
X-Actual-URL
Gh-Request-Id
VivaBuild
REQUESTUUID
X-Pjax-Url
X-Passed-To-BeforeDispatch
X-Passed-To
X-Passed-To-DLL
X-Original-Request
X-Stale
X-Passed-To-PostProcessResponse
X-Server-By
X-Returned-From-BeforeDispatch
X-Returned-From
X-Parent-Response-Time
X-Returned-From-DLL
Viewtype
X-Returned-From-PostProcessResponse
X-Svr
Cache
Host-ID
X-Croise-Owner
X-Sn-Servicetimems
X-CDN-Forward
V-Age
X-Cdn-Origin
X-VServer
X-Apm-Inst-Hash
X-Apm-App-Name
X-HS-Cache-Config
X-Apm-Svc-Key
X-Unique-ID
MIME-Version
X-ND-Cache
X-Geo
X-NC
Cdn-Host
Rt-Proxy-Cache
X-CSRF-TOKEN
X-Exp-Se
X-FPC
X-Edge-Server
Cdn-Request-Time
X-Microcachable
X-Served-From
X-Ua-Device
Mime-Version
X-Oss-Storage-Class
ProcessTime
SID
X-Servedbyhost
X-B3-Parentspanid
X-Gdpr
X-Oss-Server-Time
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-Oss-Request-Id
X-Wa
PICS-Label
Memory
X-V
HostName
Time
X-Tb-Optimization-Total-Bytes-Saved
X-Req
X-From-Cache
Wxu-Next-Region
Cf-Ipcountry
Resin-Trace
X-Newrelic-Synthetics
Wxu-Next-Hostname
Wxu-Next-Commit
X-DC
X-Git-Hash
Odigeo-Trace-Id
X-Cache-HT
X-Optimization
AR-SID
CF-IPCountry
X-HTML-Minification-Powered-By
Cdn
X-Varnish-Beresp-TTL
X-Release
X-Lb-Id
X-Fstrz
X-Response-By
X-WebServer
X-TH-Server
Public-Key-Pins-Report-Only
X-Atg-Version
X-Phone
XServer
X-Host-Name
X-Fastly-Backend-Reqs
X-LB-ID
GMS-Ver
Proxy-Firewall
X-GEO
X-ID
Processtime
X-Instart-Info
CF-Cached-On
X-Vcl-Version
Fastcgi-X-Cache-Version
X-WR-MODIFICATION
X-Daa-Tunnel
X-Ratelimit-Remaining
X-Upstream-HT
X-APP
X-Upstream-CT
WZWS-RAY
Backend-Name
X-Ratelimit-Limit
X-CLOUD-TRACE-CONTEXT
X-CACHE-AGE
X-Nananana
X-Worker
X-Amz-Meta-Surrogate-Control
X-Zone
X-Check-Cacheable
X-UE-Client-Country
X-NGINX-Cache
X-Server-W
X-Clientip
Countrycode
X-We-Are-Hiring
X-Vcache
Mobile-Detection-Method
GW-Server
Pics-Label
X-B3-SpanId
X-URL
SS
188prxHost
189phosttRef
Xxline
X-Ratelimit-Reset
286prxHost
355prline
X-WA
409pxxline
352pxline
X-Fastly-Country-Code
X-HS-Status
219prxHost
225prxHost
178proxuri
Version
X-Hyper-Cache
Ohc-File-Size
Lb
X-Backend-TTL
X-CSRF-Token
SN
X-IPS-LoggedIn
X-ServedByHost
DataCenter
FSS-Cache
FSS-Proxy
X-PF-Uncompressing
GeoIp-Country-Code
Geoip-Latitude
X-HS-Combine-CSS
Esi-Enabled
X-SERVER-NAME
X-GZIP
X-SRV
X-Dynatrace
X-Render-Time
X-Request-Start
Geoip-City
X-VCL-Version
X-UPSTREAM-Address
GeoIP-Latitude
X-AssetVersion
X-Contensis-Viewer-Groups
X-BE
GeoIP-Country-Code
X-Fpc
URI
X-GDPR
GeoIP-City
Serverid
X-Akamai-Request-ID2
X-Via-Ucdn
X-Be
X-LiteSpeed-Cache-Control
WP-Super-Cache
X-CS
Ohc-Cache-HIT
Accept-Language
X-Unique-Id
X-Vtex-Remote-Cache
X-Vtex-Processado-Em
X-NWS-UUID-VERIFY
X-RequestId
X-PJAX-URL
X-Gen-Id
CDN
X-UCC
X-ZONE
X-FORWARDED-FOR
X-HostName
Amp-Access-Control-Allow-Source-Origin
Dynatrace
Locale
X-ABtesting
RequestUuid
Who
X-Html-Edge-Cache
X-Fastly-Cache-Hits
X-Via-NSCOPI
X-Flog
X-Hello
X-Pf-Uncompressing
Cneonction
X-Urbn-Site-Id
X-Urbn-Context-Path
X-Varnish-Action
X-Cdn-Cache
X-Cache-Ttl
Accept-Ch
X-Reqid
X-LiteSpeed-Tag
X-Store
A
X-Cache-URL
Server-Id
X-Request-Url
X-Akamai-SSL-Client-Sid
X-NGENIX-Cache
Ohc-Response-Time
X-Cdn-Request-ID
X-Serial
X-HTML-Edge-Cache
Is-Session-Tracking
Get-Access-Time
NnCoection
X-ServerName
X-Port
Frontcache
X-Dw-Trace-Id
X-EC-Lua