Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
X-Powered-By
ETag
Link
CF-RAY
X-XSS-Protection
Expect-CT
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
CF-Cache-Status
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Xss-Protection
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-FRAME-OPTIONS
X-Drupal-Cache
X-Adblock-Key
Alt-Svc
X-Check
X-Cacheable
X-Generator
Content-Security-Policy-Report-Only
X-Cache-Status
CF-Ray
X-Request-ID
X-AspNetMvc-Version
X-Permitted-Cross-Domain-Policies
X-DNS-Prefetch-Control
X-Template
X-Language
Status
X-Iinfo
Content-Encoding
Timing-Allow-Origin
X-Buckets
X-Content-Security-Policy
Upgrade
X-CDN
Xkey
X-Turbo-Charged-By
X-Kinja-Server-Push
Keep-Alive
Access-Control-Expose-Headers
X-Backend
X-Cache-Group
X-Pass-Why
X-AH-Environment
P3p
X-Age
Access-Control-Max-Age
X-Drupal-Dynamic-Cache
X-Ua-Compatible
X-Pingback
X-Server
X-Proxy-Cache
X-Via
Grace
X-Amz-Id-2
X-Amz-Request-Id
X-Hacker
WPE-Backend
X-Robots-Tag
X-Server-Powered-By
X-Nginx-Cache-Status
X-Varnish-Cache
X-Page-Speed
X-UA-Device
EagleId
Request-Context
X-Envoy-Upstream-Service-Time
Cf-Railgun
X-Amz-Version-Id
X-LiteSpeed-Cache
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Swift-CacheTime
X-Swift-SaveTime
X-OneAgent-JS-Injection
X-WebKit-CSP
X-Device
Allow
Ali-Swift-Global-Savetime
Server-Timing
X-Type
X-CST
X-Ac
X-Node
X-Rq
X-Host
X-Server-Id
Feature-Policy
Content-Location
X-Response-Time
X-Cnection
Report-To
X-Backend-Server
X-Application-Context
Surrogate-Control
EagleEye-TraceId
X-Iejgwucgyu
X-Cloud-Trace-Context
X-ORACLE-DMS-ECID
X-Readtime
X-Origin-Cache
X-Rack-Cache
Request-Id
X-Url
X-Country
X-FTR-Request-ID
X-Cache-Lookup
X-Clacks-Overhead
X-Country-Code
NEL
Rating
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Instart-Request-ID
X-Upstream-Env
X-Ruxit-JS-Agent
X-Mod-Pagespeed
X-Dns-Prefetch-Control
Pinterest-Generated-By
X-Vhost
X-DynaTrace
X-Px
X-Origin-Upstream-Status
X-DataDome
Edge-Control
X-Goog-Hash
Verso
X-Server-Name
X-ESI
Accept-CH
X-Dispatcher
X-HW
X-GitHub-Request-Id
Charset
X-VARITI-CCR
Arc-Version
X-Mobile-Rewrite
PB-PID
MS-Author-Via
PB-RID
X-MS-InvokeApp
AR-CACHE
AR-ATIME
X-Version
AR-PoweredBy
X-GoogleNews-Bot
X-Exp-Variant
X-Kinja
X-Kinja-Build
X-Kinja-Server
X-Kinja-Revision
X-Exp-Id
X-ORACLE-DMS-RID
X-Cdn-Fetch
X-Cached
X-Use-Magma
X-DataStream-Cache-Status
Content-MD5
X-Recruiting
X-Powered-By-Plesk
Public-Key-Pins
X-D2id
Service-Worker-Allowed
Accept-CH-Lifetime
X-Vname
X-PC
X-TtlSet
AR-Request-ID
X-Navigation-Version
X-Abt-Application-Version
RTSS
Ar-Sid
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Ser
X-TTL
X-Trace
X-Varnish-TTL
SPRequestGuid
X-Forwarded-Proto
X-Client-IP
X-Vcap-Request-Id
X-DynaTrace-JS-Agent
X-Amz-Server-Side-Encryption
X-SharePointHealthScore
X-Goog-Generation
X-FTR-Realm
X-FTR-DC
X-Goog-Stored-Content-Length
X-Country-Code-Real
X-Goog-Stored-Content-Encoding
X-FTR-Backend
X-Goog-Metageneration
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-Cache-Status
X-Fastly-Request-ID
X-Amz-Rid
X-FTR-Expires
S
X-VCache
Nginx-Cache
Arr-Disable-Session-Affinity
X-Amz-Meta-S3cmd-Attrs
X-Shield-Request-Id
X-Server-ID
X-Debug
X-Oracle-Dms-Rid
TCN
Pinterest-Version
X-Upstream-Proxy
X-Pinterest-Rid
X-Id
X-Dw-Request-Base-Id
X-Hits
X-TEC-API-ROOT
X-XRDS-Location
X-TEC-API-ORIGIN
X-TEC-API-VERSION
SPRequestDuration
SPIisLatency
X-Ttl
X-Akam-SW-Version
Front-End-Https
X-B3-TraceId
DynaTrace
Access-Control-Request-Method
X-Goog-Storage-Class
X-FTR-Cache-Host
X-T
X-Powered-CMS
X-SERVER
Realpath
X-NF-Request-ID
X-Acc-Meta-Resource-Type
Paypal-Debug-Id
Tracecode
X-MSEdge-Ref
X-Litespeed-Cache
X-Amzn-Trace-Id
X-Varnish-Age
X-Aspnet-Version
Fastcgi-Cache
X-Forwarded-For
X-N
X-Content-Type
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
Alternate-Protocol
Mrf-Cache-Status
MRF-Tech
X-B3-TraceId-Primal
X-Upstream
X-RateLimit-Remaining
X-Accel-Buffering
X-Frontend
X-PressLabs-Stats
X-HS-Hub-Id
Fusion-Content-Id
Fusion-Component-Id
X-HS-Content-Id
Fusion-Content-Source
X-Logged-In
Fusion-Source
Fusion-Template-Id
X-Content-Digest
X-Sol
X-Middleton-Display
Display
X-Srv
X-Middleton-Response
Response
X-Hostname
AMP-Access-Control-Allow-Source-Origin
X-Kinsta-Cache
X-Pad
X-Cache-Key
Server-Name
MicrosoftSharePointTeamServices
X-Accel-Expires
X-Fastcgi-Cache
X-Content-Options
X-User-Agent
Host
Refresh
Backend-Timing
X-Analytics
X-DIS-Request-ID
X-Correlation-Id
X-LB-Cache
X-IPLB-Instance
X-Rid
X-Debug-Info
X-Revision
X-B3-Traceid
X-Grace
X-FastCGI-Cache
X-Activity-Id
X-AppVersion
X-Az
X-Amz-Apigw-Id
FilterID
Accept-Charset
X-B
X-Amzn-RequestId
X-CF-Powered-By
ServerID
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
X-Cache-Hit
X-B3-Sampled
X-Cdn
Powered-By-ChinaCache
X-Cache-2
Surrogate-Key
X-Page-Id
X-Whom
Server-Info
X-PHP-Backend
TP-Cache
TP-L2-Cache
X-Varnish-Backend
X-Request-Received
MS-CV
X-Content-Security-Policy-Report-Only
Host-Header
X-Request-Processing-Time
Source
VIX-Pulpo-Node
X-Akamai-Edgescape
X-F-Cache
X-Amz-Replication-Status
X-TT
X-Origin-Server
VIX-Pulpo-Upstream-Status
X-Cache-Action
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Framework
X-Tumblr-User
X-Cluster
X-Mobile
X-Platform-Server
X-Instance
X-UA-Device-Type
X-Webkit-CSP
X-App-Environment
X-FW-Hash
X-FW-Server
X-FW-Serve
X-FW-Static
X-FW-Type
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Drupal-Cache-Tags
X-Varnish-Grace
X-Content-Powered-By
X-RateLimit-Limit
X-Ruxit-Js-Agent
Cache-Status
X-Handled-By
X-Request-Guid
X-Cached-By
Access-Control-Allow-Method
X-Geo-Country
X-SS-Set-Cookie
X-Zen-Fury
CACHE
X-Magnolia-Registration
X-Ezoic-Cdn
X-Shard
X-FB-Debug
X-Cache-TTL
X-ATG-Version
X-Forwarded-Host
Edge-Cache-Tag
X-Wix-Server-Artifact-Id
From-Origin
X-App-Server
PageSpeed
X-GUploader-UploadID
DC
X-Cache-Age
X-Varnish-Server
X-Node-Name
Cleartype
X-Varnish-Hostname
X-AOL-HN
Cache-Tags
X-XRDS-LOCATION
X-BCube-Filmed-By
Payment
X-Cache-Control
X-Generated-By
X-Region
X-Signature
X-B-Cache
X-WebKit-CSP-Report-Only
X-Response-Served-From
Filters
X-RequestSource
Healthy
Upgrade-Insecure-Requests
X-Adobe-Loc
X-GeoIP
X-TX-ID
X-Adobe-Content
X-UUID
X-FW-Dynamic
Webserver
X-Seen-By
X-RTag
X-Tumblr-Pixel-1
X-VG-WebCache
X-TT-TIMESTAMP
X-Tumblr-Pixel-2
Server-Node
Cache-Tv-Group
GEO-INFO
Ms-Operation-Id
NGB
Retry-After
X-Redis-Cache
X-Jobs
X-Drupal-Cache-Contexts
Country
X-Storage
Actual-Object-TTL
X-Content-Age
X-Via-JSL
X-Varnish-Hits
ServedBy
X-Cacheable-TTL
X-Locale
Liferay-Portal
X-Cache-Rule
X-Contextid
X-Guploader-Uploadid
X-Rendered-As
Fastly-Restarts
HitType
Powered
X-Cache-TTL-Remaining
Frame-Options
X-Oneagent-Js-Injection
X-BACKEND-TTL
X-Varnish-IP
X-Real-IP
Viewport
S-Cnection
ViewerVersion
X-Wix-Request-Id
X-WA-Info
Content-Script-Type
Content-Style-Type
X-Yottaa-Metrics
X-Cache-Server
X-Yottaa-Optimizations
X-NewRelic-App-Data
X-Upgrade-Enabled
NtCoent-Length
Datacenter
X-Cache-Config
X-Mode
Eomportal-Instance
X-TA-CDN-Provider
X-Esi
X-RemovedCookies
X-ProcessESI
X-Varnish-Cache-Hits
X-Detected-As
Cache-Key
Machine
X-Endurance-Cache-Level
Meta-Geo
X-Path-Route
X-Akamai-Transformed
X-Proto
X-Proxied
X-Cache-Var-Map
X-Cache-Var
X-ES-SERVER
Load-Balancing
X-Zipkin-Id
X-Device-Type
X-Hl-Ver
X-Routing-Service
X-Is-Bot
Cache-Hits
X-RN-RSRV
X-VWS-Id
Vix-Hermes-Req-Id
X-Cache-Enabled
TWC-Privacy
Webcakes-App-Name
X-Backend-Name
X-Environment-Context
X-L-Path
Property-Id
X-Access
Webcakes-Region
X-AWS-Id
Webcakes-App-Version
OT-Force-Account-Verify
TWC-GeoIP-LatLong
X-Cache-NE
TWC-GeoIP-Country
X-Proxy
TWC-Connection-Speed
X-LJ-Flow-ID
X-Format
X-Section
X-Origin-Hint
Access-Control-Request-Headers
TWC-Device-Class
X-Hosted-By
X-VG-TLSProxy
X-FW-Version
TWC-Locale-Group
L5d-Success-Class
Xserver
X-Status
X-S
X-Labrador-Cache-Channel
X-Loop
Mail-Subject
Azure-RegionName
X-Origin-Response-Time
Azure-InstanceId
X-EIG-Tracking-Id
We-Hiring
X-Time
X-Akamai-Request-ID
X-Birta-Cache-Post
X-ServerID
X-Birta-Served
X-FC-Vary-Parameters
X-Time-Microsecs
S-Rt
Mn-Server-Ip
X-From
X-Tb
X-Viewer-Country
X-TNCMS
Azure-SiteName
Azure-SlotName
Azure-Version
Now
Origin-Edge-Control
Selected-FE
Origin-Cache-Control
X-NCache
X-Web-Node
Decoy-Debug-Key
Decoy-Debug-Status
Decoy-Debug-TTL
X-Via-Fastly
X-Varnish-Cacheable
X-Proxy-Build
X-Timing-Wait
X-Trace-Id
X-JoinUs
X-IP
DB-Nickname
Served-By
X-Www-Served-By
Cache-Tag
X-Origin-Host
X-Internal-Host
X-Human
X-PCL
X-ProxyCache-Key
X-ProxyCache-Status
X-OCL
X-Via-CDN
X-Tumblr-Pixel-3
X-BYPASS-REASON
X-MP-GENERATED-AT
X-Debug-Cache
Uber-Trace-Id
X-Site-Version
NGX
X-Generated
X-GRACE
X-Cache-Operation
X-FB-TRIP-ID
X-Cache-Category-Id
X-Grey
X-Xfnlog-Site
X-CCM
X-CDN-Cache
AsisCache
User-Agent
X-Rocket-Nginx-Bypass
X-Vgn-Hpd-Reason
X-EdgeConnect-Cache-Status
LB
X-UA
X-VC-Cache
X-Dynatrace-Js-Agent
X-Rule
X-R9-Blue-Green-Version
X-NWS-LOG-UUID
X-Sucuri-ID
X-Cluster-Node
Rt-Fastcgi-Cache
X-Newrelic-App-Data
Hostname
X-App-Name
X-Cache-Remote
X-UnsetCookies
X-RCS-CacheZone
X-B3-Spanid
Release
X-PERF
X-ApacheServer
X-TIME
Nel
X-Agile
X-Agile-Id
X-Agile-Age
X-Nginx-Cache
Pagespeed
X-Source
Cache-Name
X-APP-VERSION
X-Varnish-Ttl
X-Datadome
X-Edge-Location
X-Ua
X-Edge-IP
X-App-Version
X-Pubstack
X-Request-Time
X-CACHE-KEY
X-Protected-By
X-Ocache
Warning
X-Varnish-Beresp-Grace
X-Cdn-Forward
X-Varnish-Beresp-Status
X-Origin
X-Hit
X-Goog-Meta-Goog-Reserved-File-Mtime
X-OVcl
Fastcgi-Useragent
X-OVcl-Cache
Thinkindot-Control
UCS
X-A-Ccd
Www
X-A
X-A-Dam
X-A-Wwc
X-Origin-TTL
X-ScT
X-Origin-CC
X-A-Dgt
X-S-Cookie
X-Platform
X-PAYTM-SRV-ID
X-A-Dcw
X-Processor
Request-EU
MD5-Digest
Fly-Request-Id
Meta-Geo-Continent
N-Cache
Node
Fly-Cache
Ec-Rule-Version
Arc-Country
BehaviorPad-Version
Cache-Prefix
Cross-Origin-Window-Policy
On-Server
Origin
X-Region-Sid
Server-Surrogate-Control
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
Server-Cache-Control
Request-Time
X-Request-UUID
Rendered-Blocks
Request-Country
Xc-Version
X-Rojux
X-Varnish-Authentication
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-Matched-Rule
X-Debug-Cookies
X-Server-Group
X-Debug-Cache-Expiry
X-Date
X-Core-Value
X-Rewrite-Enabled
X-Mobile-URL
X-D
X-Debug-Log
X-Secret
X-Generated-In
X-Hp-Webp
X-Gannett-Site-Version
X-Developer
X-Developers
X-Destination
X-IN-APIGATEWAY
X-Logtrace-Id
Ajk
X-Instart-Isnd
X-IN-WAF
X-Connection-Hash
X-Nginx-Cache-Key
X-External-Request-Id
X-G
X-BB-ID
X-Var-Ttl
X-Cache-ASPX
X-B-Cookie
X-NX-Host
X-VCT
X-Aed
X-Application
X-ARC
X-Cache-Expires
X-Cache-Grace
X-CF-Lambda-Fn
X-NU-AKA-ACS-Version
X-CF-Lambda-Version
X-NodeID
X-SRCache-Key
X-Thinkindot-L3
X-Up
X-Twitter-Response-Tags
X-Trv-Group
X-Transaction
X-VG-WebServer
X-Accel-Expires-Debug
X-ElasticPress-Search
SRV
X-Sucuri-Cache
X-Cache-Backend
Section-Io-Cache
X-Cache-Host
X-Cache-Id
X-Cache-Info
X-CGP
X-Cache-Miss-From
X-CUA
X-Distributor
X-DPWN-IS-SECURE
X-Distil-CS
X-Dispatcher-Server
X-Cache-FS-Status
X-Crawler
X-Sedo-Request-Id
X-SIPLIST1
X-Skip-Cache
X-SN
Proxy-Connection
Server-Host
Server-Int
X-Proxy-Cache-Status
X-Epic-Correlation-Id
X-Webstats-RespID
X-ServiceProvider
X-Cache-Debug
X-Geo-Header
X-No-Session
X-Node-Id
X-RateLimit-Remaining-Second
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-RateLimit-Limit-Second
X-Qloud-Router
X-PHP-Host
X-Policy
X-Proxy-Upstream
X-Origin-Expires
X-Origin-Date
X-Location
X-LI-UUID
X-Refresh
X-Info
X-Hash
Pramga
X-F5-Cache
X-Reboot
X-Irp-Debug
X-LI-Proto
X-Li-Pop
X-Li-Fabric
X-LAGOON
X-Eu-Site
X-C
Cache-Cookie-Set-Lfrom
CDCHOST
X-Swa-Ws
HA-Ipaddr
Ha-Gx-Prefs
Fastly-SIE
Content-Disposition
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
Apple-News-Services-Request-Url
Backend
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Heartbleed
Country-Code
Fastly-Soc-X-Request-Id
X-TT-LOGID
Lfy
Apple-News-Services-Handled
Magicmarker
Memcached
AKAMAI
Fastly-SWR
IsBot
X-GZip
X-Real-Ip
X-Cms-Context
X-GeoIP-Country-Code
X-BBXSRF
X-Block-Status
X-MSEdge-Features
Adler-Geo
Kp-EeAlive
Is-Eu
X-Thanos
X-Cdn-Srv
HTTPS
X-Wikidot-Backend
X-Level-Front-Cache
X-Gateway-Cache-Status
X-Gateway-Cache-Key
X-Servername
Fastly-SSL
X-Gateway-Skip-Cache
X-Hnp-Log
X-GeoIP-City
X-Generated-On
X-Gen-Mode
X-Fetched-On
X-Fastly-Cache
Platform
X-S-Maxage
X-User
X-Varnish-Url
X-Key
Fastly-Backend-Name
X-Device-Os
X-Request-URI
X-Core-Mission
X-Bip
X-Sf
SD-X-WS
True-Client-Country-4JS
X-Backend-Url
Web-Mar-Node
X-Page-Type
RNT-Time
RNT-Machine
Pagetype
Powered-By
X-Wikidot-Static-Cache
X-Planisys-CDN-TTL
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Server-IP
User-Cache-Control
X-MSEdge-Flight
X-Amzn-Remapped-Date
X-Auto-Login
X-Ah-Environment
X-Backend-Host
X-Amz-Meta-Cache-Control
X-Backend-State
X-Variation
X-Amzn-Remapped-Content-Length
X-Amzn-Remapped-Connection
X-WPE-Loopback-Upstream-Addr
X-Dc
X-FireWall-Port
X-Varnish-Beresp-Ttl
X-Shopify-Stage
X-TrackingId
X-Via-Edge
Pragrma
X-Via-SSL
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-ShardId
X-Cache-Bucket
X-ShopId
X-Owner
X-Micro-Cache
X-Alternate-Cache-Key
X-Server-Time
X-Returned-From-BeforeDispatch
X-Returned-From-PostProcessResponse
X-Returned-From-DLL
X-Original-Request
X-Returned-From
X-RateLimit-Reset
X-Server-By
X-Passed-To-BeforeDispatch
X-Passed-To-DLL
X-Passed-To-PostProcessResponse
X-Nc
X-Svr
X-Stale
X-Actual-URL
X-Passed-To
X-Unique-ID
X-VServer
Server-ID
X-HS-Cache-Config
X-Croise-Owner
Host-ID
X-CDN-Forward
X-Microcachable
Cteonnt-Length
Cdn-Host
Cdn-Request-Time
X-Edge-Server
VivaBuild
Viewtype
DSUID
REQUESTUUID
X-Pjax-Url
FNAC-ModuleRouting
X-Aicache-OS
X-Org
ServerName
X-Load-Cache
X-NC
Gh-Request-Id
X-Parent-Response-Time
Mime-Version
X-Oss-Object-Type
X-V
X-Oss-Hash-Crc64ecma
X-Oss-Server-Time
X-Oss-Request-Id
X-FPC
X-Oss-Storage-Class
SID
Memory
Time
X-Sn-Servicetimems
X-Cdn-Origin
X-Gdpr
X-Apm-Svc-Key
X-Apm-Inst-Hash
X-Apm-App-Name
V-Age
X-CSRF-TOKEN
X-Ua-Device
MIME-Version
X-Req
PICS-Label
X-Geo
X-ND-Cache
ProcessTime
X-Servedbyhost
X-From-Cache
Rt-Proxy-Cache
Odigeo-Trace-Id
X-Served-From
X-Exp-Se
X-URL
X-Wa
X-Tb-Optimization-Total-Bytes-Saved
X-HTML-Minification-Powered-By
CF-IPCountry
X-B3-Parentspanid
Resin-Trace
X-Lb-Id
Public-Key-Pins-Report-Only
X-Fstrz
X-GEO
AR-SID
Cf-Ipcountry
X-Optimization
X-Git-Hash
X-Cache-HT
X-Newrelic-Synthetics
Wxu-Next-Region
Wxu-Next-Hostname
X-Response-By
Wxu-Next-Commit
Cdn
X-Varnish-Beresp-TTL
HostName
X-DC
X-Webkit-Csp
Fastcgi-X-Cache-Version
Cache
GMS-Ver
XServer
X-Atg-Version
X-WR-MODIFICATION
Proxy-Firewall
Processtime
X-Release
WZWS-RAY
X-Fastly-Backend-Reqs
X-Amz-Meta-Surrogate-Control
X-Daa-Tunnel
X-APP
X-TH-Server
X-Ratelimit-Remaining
Countrycode
GW-Server
Mobile-Detection-Method
X-WebServer
X-UE-Client-Country
X-Phone
X-Vcl-Version
X-We-Are-Hiring
X-LB-ID
X-Ratelimit-Limit
X-Clientip
X-CLOUD-TRACE-CONTEXT
X-CACHE-AGE
X-WA
X-Instart-Info
SS
CF-Cached-On
X-Nananana
X-Hyper-Cache
Ohc-File-Size
X-Host-Name
Backend-Name
X-HS-Status
X-Vcache
X-Fastly-Country-Code
X-NGINX-Cache
X-Check-Cacheable
X-Worker
X-CSRF-Token
X-Ratelimit-Reset
X-Zone
FSS-Proxy
Pics-Label
X-PF-Uncompressing
FSS-Cache
X-Upstream-CT
X-HS-Combine-CSS
X-Upstream-HT
Lb
219prxHost
225prxHost
352pxline
X-Server-W
409pxxline
355prline
189phosttRef
286prxHost
188prxHost
X-Backend-TTL
X-ServedByHost
Xxline
GeoIp-Country-Code
178proxuri
Geoip-Latitude
DataCenter
Amp-Access-Control-Allow-Source-Origin
X-Be
X-IPS-LoggedIn
Ohc-Cache-HIT
Geoip-City
URI
X-VHOST
SN
X-SERVER-NAME
X-Fpc
X-GZIP
X-Dynatrace
X-UCC
X-Gen-Id
X-LiteSpeed-Cache-Control
X-Render-Time
X-BE
X-Request-Start
WP-Super-Cache
Version
X-UPSTREAM-Address
Esi-Enabled
X-B3-SpanId
Who
X-CS
X-Varnish-Action
X-Unique-Id
X-NGENIX-Cache
X-ID
X-Html-Edge-Cache
X-Contensis-Viewer-Groups
X-VCL-Version
X-PJAX-URL
CDN
X-Cache-URL
X-FORWARDED-FOR
Dynatrace
X-HostName
GeoIP-Country-Code
GeoIP-City
X-Via-Ucdn
RequestUuid
X-LiteSpeed-Tag
X-SRV
X-Fastly-Cache-Hits
Cneonction
X-GDPR
X-AssetVersion
X-Pf-Uncompressing
GeoIP-Latitude
X-ZONE
X-Cdn-Cache
X-Cache-Ttl
Serverid
X-NWS-UUID-VERIFY
X-Vtex-Remote-Cache
X-Vtex-Processado-Em
X-Store
Accept-Language
X-Akamai-Request-ID2
X-Via-NSCOPI
A
X-ServerName
Server-Id
X-Servedby
X-Request-Url
RequestId
Accept-Ch
X-Pc-Hit
X-Akamai-SSL-Client-Sid
X-Pc-Key
X-Pc-Appver
X-Varnish-URL
X-Reqid
X-PAGE-TYPE
X-RequestId
NnCoection
X-Cdn-Request-ID
Ohc-Response-Time
X-Serial
IBM-Web2-Location
Frontcache
Is-Session-Tracking
X-HTML-Edge-Cache
X-Dw-Trace-Id
X-Generation-Time
X-Port
Get-Access-Time
X-EC-Lua