Threat Level: green Handler on Duty: Renato Marinho

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
X-Powered-By
Link
ETag
CF-RAY
X-XSS-Protection
Expect-CT
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
CF-Cache-Status
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Xss-Protection
X-Request-Id
X-AspNet-Version
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Request-ID
Alt-Svc
X-Check
X-Cacheable
Content-Security-Policy-Report-Only
X-Cache-Status
X-Generator
CF-Ray
X-Permitted-Cross-Domain-Policies
X-AspNetMvc-Version
X-DNS-Prefetch-Control
X-Template
X-Language
Status
X-Iinfo
Content-Encoding
Timing-Allow-Origin
X-FRAME-OPTIONS
X-Buckets
X-Content-Security-Policy
X-CDN
Upgrade
Xkey
X-Turbo-Charged-By
X-Kinja-Server-Push
Keep-Alive
Access-Control-Expose-Headers
P3p
X-Backend
X-Cache-Group
X-Pass-Why
X-AH-Environment
Access-Control-Max-Age
X-Drupal-Dynamic-Cache
X-Age
X-Ua-Compatible
X-Pingback
X-Server
X-Via
X-Proxy-Cache
Grace
X-Amz-Id-2
X-Amz-Request-Id
X-Hacker
X-Robots-Tag
X-Varnish-Cache
X-Server-Powered-By
X-Nginx-Cache-Status
WPE-Backend
X-Page-Speed
X-UA-Device
EagleId
Request-Context
X-Envoy-Upstream-Service-Time
Cf-Railgun
X-Amz-Version-Id
X-LiteSpeed-Cache
X-WebKit-CSP
X-Swift-CacheTime
X-Swift-SaveTime
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-OneAgent-JS-Injection
X-Device
Ali-Swift-Global-Savetime
Allow
Server-Timing
X-Ac
X-Rq
X-Node
X-CST
X-Host
Content-Location
Feature-Policy
X-Server-Id
X-Cnection
X-Response-Time
X-Type
Report-To
X-Backend-Server
X-Cloud-Trace-Context
X-Application-Context
Surrogate-Control
EagleEye-TraceId
X-Iejgwucgyu
X-ORACLE-DMS-ECID
X-Url
X-Readtime
X-Origin-Cache
Request-Id
X-Rack-Cache
X-Country
X-FTR-Request-ID
X-Clacks-Overhead
X-Country-Code
X-Cache-Lookup
Rating
NEL
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Instart-Request-ID
X-Vhost
X-Ruxit-JS-Agent
X-Dns-Prefetch-Control
X-DynaTrace
Pinterest-Generated-By
X-Mod-Pagespeed
X-Upstream-Env
X-Origin-Upstream-Status
X-Px
X-DataDome
Edge-Control
X-Goog-Hash
Verso
X-Server-Name
Accept-CH
X-HW
X-Dispatcher
X-ORACLE-DMS-RID
X-ESI
MS-Author-Via
X-DataStream-Cache-Status
X-VARITI-CCR
X-GitHub-Request-Id
AR-CACHE
AR-ATIME
AR-PoweredBy
PB-RID
Arc-Version
X-Mobile-Rewrite
X-MS-InvokeApp
PB-PID
X-Kinja-Server
X-Use-Magma
X-Exp-Variant
X-Kinja-Build
X-GoogleNews-Bot
X-Kinja
X-Cdn-Fetch
X-Exp-Id
X-Kinja-Revision
X-Cached
X-Version
Charset
Content-MD5
X-Powered-By-Plesk
Public-Key-Pins
X-Recruiting
Service-Worker-Allowed
AR-Request-ID
Accept-CH-Lifetime
RTSS
X-Navigation-Version
X-D2id
X-Abt-Application-Version
X-TTL
X-Vname
X-PC
X-TtlSet
X-Server-ID
X-Ser
X-SRCache-Store-Status
X-SRCache-Fetch-Status
Ar-Sid
X-Varnish-TTL
X-Trace
X-Amz-Server-Side-Encryption
X-Vcap-Request-Id
X-Forwarded-Proto
X-Client-IP
SPRequestGuid
X-DynaTrace-JS-Agent
Nginx-Cache
X-FTR-Realm
X-Country-Code-Real
X-FTR-Balancer
X-FTR-DC
X-FTR-Cache-Status
X-FTR-Backend-Server
X-FTR-Backend
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-FTR-Expires
X-VCache
X-Amz-Rid
X-SharePointHealthScore
S
X-Fastly-Request-ID
X-Amz-Meta-S3cmd-Attrs
X-Debug
X-XRDS-Location
Arr-Disable-Session-Affinity
TCN
X-Shield-Request-Id
X-TEC-API-ORIGIN
X-Dw-Request-Base-Id
X-Hits
X-TEC-API-ROOT
X-TEC-API-VERSION
DynaTrace
SPIisLatency
SPRequestDuration
Pinterest-Version
X-Oracle-Dms-Rid
X-Pinterest-Rid
X-Upstream-Proxy
X-Akam-SW-Version
Access-Control-Request-Method
X-T
X-SERVER
X-FTR-Cache-Host
X-Goog-Storage-Class
X-Powered-CMS
Front-End-Https
X-Id
X-Ttl
X-B3-TraceId
X-Aspnet-Version
X-NF-Request-ID
X-Acc-Meta-Resource-Type
Fastcgi-Cache
X-Amzn-Trace-Id
Tracecode
Realpath
X-MSEdge-Ref
X-N
X-Varnish-Age
Paypal-Debug-Id
X-Content-Type
X-Forwarded-For
X-Upstream
Alternate-Protocol
X-Mrf-Section-Lastmod
X-B3-TraceId-Primal
X-Mrf-Item-Lastmod
MRF-Tech
Mrf-Cache-Status
X-RateLimit-Remaining
X-Middleton-Display
X-Sol
X-Frontend
X-Logged-In
Display
X-PressLabs-Stats
X-HS-Content-Id
X-HS-Hub-Id
Response
X-Middleton-Response
Fusion-Component-Id
Fusion-Template-Id
X-Content-Digest
Fusion-Source
Fusion-Content-Source
Fusion-Content-Id
X-Litespeed-Cache
AMP-Access-Control-Allow-Source-Origin
X-Hostname
X-Cache-Key
X-Pad
X-Accel-Expires
X-Fastcgi-Cache
X-Accel-Buffering
X-Srv
X-Kinsta-Cache
MicrosoftSharePointTeamServices
Server-Name
X-B3-Traceid
Host
X-Content-Options
X-User-Agent
Backend-Timing
X-Analytics
X-Correlation-Id
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
X-Debug-Info
X-Revision
X-LB-Cache
X-Az
Refresh
X-Activity-Id
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Rid
X-AppVersion
X-IPLB-Instance
Accept-Charset
FilterID
X-Cache-Hit
X-Cache-2
X-B3-Sampled
X-B
X-Grace
X-DIS-Request-ID
Surrogate-Key
Powered-By-ChinaCache
X-FastCGI-Cache
X-CF-Powered-By
ServerID
X-Page-Id
X-Whom
Server-Info
TP-L2-Cache
TP-Cache
X-PHP-Backend
X-Webkit-CSP
MS-CV
X-Request-Received
X-Request-Processing-Time
Host-Header
X-Content-Security-Policy-Report-Only
X-Ruxit-Js-Agent
X-Amz-Replication-Status
X-Kong-Proxy-Latency
X-Varnish-Backend
X-TT
X-Origin-Server
X-Kong-Upstream-Latency
VIX-Pulpo-Upstream-Status
X-Akamai-Edgescape
Source
VIX-Pulpo-Node
X-Cached-By
X-Framework
X-UA-Device-Type
Cache-Status
X-App-Environment
X-Cache-Action
X-Cluster
X-Content-Powered-By
X-Tumblr-Pixel
X-Tumblr-User
X-GUploader-UploadID
Access-Control-Allow-Method
X-Mobile
X-Platform-Server
X-Tumblr-Pixel-0
X-FW-Type
X-FW-Static
X-FW-Server
X-FW-Serve
X-F-Cache
X-FW-Hash
X-Varnish-Grace
X-Request-Guid
X-Drupal-Cache-Tags
X-Instance
X-Shard
X-RateLimit-Limit
X-Ezoic-Cdn
X-SS-Set-Cookie
X-FB-Debug
X-Zen-Fury
X-Geo-Country
X-Handled-By
X-Magnolia-Registration
X-Forwarded-Host
Edge-Cache-Tag
PageSpeed
From-Origin
X-Cache-TTL
X-Node-Name
X-ATG-Version
X-Cache-Age
X-Varnish-Hostname
X-App-Server
CACHE
X-Varnish-Server
DC
Cleartype
Cache-Tags
X-BCube-Filmed-By
X-AOL-HN
X-Cache-Control
Payment
X-Region
Healthy
Upgrade-Insecure-Requests
X-Response-Served-From
Filters
X-WebKit-CSP-Report-Only
X-Generated-By
X-Adobe-Content
X-TX-ID
X-Adobe-Loc
Ms-Operation-Id
Server-Node
NGB
Country
Webserver
X-RequestSource
X-GeoIP
X-Redis-Cache
X-VG-WebCache
Cache-Tv-Group
X-UUID
X-TT-TIMESTAMP
X-Storage
X-RTag
Fastly-Restarts
X-B-Cache
Retry-After
X-FW-Dynamic
X-Signature
X-Cache-Rule
Actual-Object-TTL
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-Drupal-Cache-Contexts
X-XRDS-LOCATION
X-Locale
X-Content-Age
X-Jobs
X-Cacheable-TTL
GEO-INFO
X-Varnish-Hits
ServedBy
Liferay-Portal
X-Esi
X-Wix-Server-Artifact-Id
Powered
X-Contextid
X-TA-CDN-Provider
X-Seen-By
Frame-Options
X-Oneagent-Js-Injection
HitType
X-Rendered-As
X-Via-JSL
X-Cache-TTL-Remaining
X-Varnish-IP
X-BACKEND-TTL
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-WA-Info
S-Cnection
X-Real-IP
Viewport
X-Guploader-Uploadid
X-Cache-Server
X-Upgrade-Enabled
Eomportal-Instance
X-RemovedCookies
X-ProcessESI
Content-Style-Type
NtCoent-Length
Content-Script-Type
X-Cache-NE
X-Mode
Datacenter
X-Cache-Config
X-Akamai-Transformed
X-Proto
X-Path-Route
X-Varnish-Cache-Hits
Cache-Hits
Cache-Key
X-Cache-Var
X-Hl-Ver
X-Detected-As
X-Cache-Var-Map
X-Device-Type
X-Zipkin-Id
X-ES-SERVER
X-Proxied
X-RN-RSRV
X-Routing-Service
X-Is-Bot
Mn-Server-Ip
Meta-Geo
X-From
X-S
Machine
Load-Balancing
Vix-Hermes-Req-Id
Mail-Subject
X-L-Path
X-Environment-Context
X-VG-TLSProxy
X-AWS-Id
OT-Force-Account-Verify
X-Endurance-Cache-Level
X-Section
X-Hosted-By
L5d-Success-Class
We-Hiring
X-VWS-Id
X-Cdn
X-Cache-Enabled
X-Access
X-Tb
X-FC-Vary-Parameters
X-LJ-Flow-ID
X-Viewer-Country
Access-Control-Request-Headers
Origin-Cache-Control
Origin-Edge-Control
Webcakes-Region
DB-Nickname
TWC-GeoIP-Country
TWC-Device-Class
Webcakes-App-Version
S-Rt
X-Cache-Operation
Azure-RegionName
Azure-InstanceId
TWC-GeoIP-LatLong
TWC-Privacy
Azure-SiteName
Azure-SlotName
TWC-Locale-Group
Azure-Version
X-Via-CDN
TWC-Connection-Speed
Webcakes-App-Name
Xserver
X-Akamai-Request-ID
X-Wix-Request-Id
X-Origin-Response-Time
X-Time
X-Loop
NGX
X-Time-Microsecs
X-Proxy
X-FW-Version
X-ServerID
X-Labrador-Cache-Channel
Property-Id
X-Format
X-Web-Node
X-TNCMS
X-EIG-Tracking-Id
X-Backend-Name
X-Birta-Cache-Post
X-Origin-Hint
X-Birta-Served
ViewerVersion
X-Debug-Cache
X-Status
Selected-FE
X-Human
X-Xfnlog-Site
X-IP
X-ProxyCache-Status
X-BYPASS-REASON
X-JoinUs
X-CCM
X-NCache
X-Varnish-Cacheable
X-Trace-Id
X-OCL
X-PCL
X-Via-Fastly
X-ProxyCache-Key
X-Timing-Wait
X-Proxy-Build
X-Tumblr-Pixel-3
Decoy-Debug-TTL
X-GRACE
Decoy-Debug-Key
Now
Cache-Tag
Decoy-Debug-Status
X-Site-Version
X-Generated
X-Cache-Category-Id
X-Grey
X-MP-GENERATED-AT
X-Rocket-Nginx-Bypass
X-Vgn-Hpd-Reason
X-Www-Served-By
X-FB-TRIP-ID
Uber-Trace-Id
X-Newrelic-App-Data
X-VC-Cache
X-Dynatrace-Js-Agent
X-RCS-CacheZone
X-Internal-Host
X-NWS-LOG-UUID
X-EdgeConnect-Cache-Status
X-R9-Blue-Green-Version
Served-By
X-CDN-Cache
X-Rule
X-Origin-Host
LB
X-NewRelic-App-Data
X-Cache-Remote
X-UA
X-Sucuri-ID
AsisCache
X-UnsetCookies
Release
X-Cluster-Node
X-TIME
Rt-Fastcgi-Cache
Nel
User-Agent
X-App-Name
X-PERF
X-APP-VERSION
X-ApacheServer
X-Datadome
X-B3-Spanid
X-Agile-Id
X-Source
X-Nginx-Cache
X-Agile-Age
X-Agile
Pagespeed
X-Ua
X-Request-Time
Cache-Name
X-Ocache
Hostname
X-Edge-Location
X-Hit
X-Origin
X-OVcl-Cache
X-Goog-Meta-Goog-Reserved-File-Mtime
X-OVcl
X-Sucuri-Cache
X-Origin-CC
X-VCT
X-Origin-TTL
X-Pubstack
Warning
X-App-Version
X-Edge-IP
X-ElasticPress-Search
X-A-Dam
X-A-Ccd
BehaviorPad-Version
Ajk
X-Aed
X-Application
Arc-Country
X-Accel-Expires-Debug
X-A-Dgt
X-A-Wwc
Cache-Prefix
X-A-Dcw
Server-Cache-Control
Node
On-Server
Origin
X-ARC
Cross-Origin-Window-Policy
N-Cache
Fly-Cache
Fly-Request-Id
MD5-Digest
Meta-Geo-Continent
Rendered-Blocks
Request-Country
Thinkindot-CacheControl-Type
Thinkindot-Control
UCS
Www
Thinkindot-CacheControl
Server-Surrogate-Control
Request-EU
Request-Time
Ec-Rule-Version
X-A
X-Destination
X-Request-UUID
X-Region-Sid
X-Rewrite-Enabled
X-Rojux
X-S-Cookie
X-Processor
X-Platform
X-NodeID
X-Mobile-URL
X-NU-AKA-ACS-Version
X-NX-Host
X-PAYTM-SRV-ID
X-ScT
X-Secret
X-Var-Ttl
X-Up
X-Varnish-Authentication
X-VG-WebServer
Xc-Version
X-Twitter-Response-Tags
X-Trv-Group
X-Server-Group
X-SRCache-Key
X-Thinkindot-L3
X-Transaction
X-Matched-Rule
X-Logtrace-Id
X-Date
X-D
X-Debug-Cache-Expiry
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-Core-Value
X-Connection-Hash
X-Cache-ASPX
X-BB-ID
X-Cache-Expires
X-Cache-Grace
X-CF-Lambda-Version
X-Debug-Cookies
X-Debug-Log
X-Hp-Webp
X-Generated-In
X-IN-APIGATEWAY
X-IN-WAF
X-Instart-Isnd
X-Gannett-Site-Version
X-G
X-Developer
X-Developers
X-DPWN-IS-SECURE
X-External-Request-Id
X-B-Cookie
X-CF-Lambda-Fn
X-Protected-By
X-Varnish-Beresp-Grace
X-Cache-Backend
X-Varnish-Beresp-Status
X-Varnish-Ttl
X-Gen-Mode
X-Distil-CS
X-Eu-Site
X-Epic-Correlation-Id
X-Geo-Header
X-Distributor
X-Info
X-LAGOON
X-Li-Fabric
X-Li-Pop
X-Key
X-Irp-Debug
X-Hnp-Log
X-Dispatcher-Server
X-Hash
X-Cms-Context
X-Amzn-Remapped-Connection
X-Amzn-Remapped-Date
X-Ah-Environment
Web-Mar-Node
True-Client-Country-4JS
User-Cache-Control
X-Block-Status
X-C
X-CGP
X-LI-Proto
X-Cache-Miss-From
X-Cache-Id
X-Cache-Debug
X-Cache-Host
X-Device-Os
X-LI-UUID
X-Sf
X-SIPLIST1
X-SN
X-ServiceProvider
X-Servername
X-Request-URI
X-Sedo-Request-Id
X-Swa-Ws
X-TT-LOGID
Memcached
X-Cache-Info
X-F5-Cache
Lfy
X-Via-SSL
X-Varnish-Url
X-Via-Edge
X-Refresh
X-Reboot
X-Origin-Date
X-Page-Type
X-Real-Ip
X-No-Session
X-Nginx-Cache-Key
X-Location
X-WPE-Loopback-Upstream-Addr
X-PHP-Host
X-Policy
X-RateLimit-Remaining-Second
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-RateLimit-Limit-Second
X-Qloud-Router
X-Proxy-Cache-Status
X-Proxy-Upstream
SRV
X-Origin-Expires
Fastly-SWR
Pramga
Proxy-Connection
Cache-Cookie-Set-From
Apple-News-Services-Handled
RNT-Time
Fastly-SIE
Fastly-Soc-X-Request-Id
Magicmarker
Kp-EeAlive
Heartbleed
IsBot
Apple-News-Services-Parsed-Url
HA-Ipaddr
Ha-Gx-Prefs
Apple-News-Services-Request-Url
Apple-News-Services-Host
Fastly-Backend-Name
RNT-Machine
Server-Int
CDCHOST
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
Server-Host
Content-Disposition
Backend
Pagetype
Country-Code
AKAMAI
X-Cdn-Forward
X-FireWall-Port
X-Fastly-Cache
X-Cache-Bucket
Adler-Geo
X-Fetched-On
X-Gateway-Cache-Key
X-Gateway-Cache-Status
Is-Eu
X-GeoIP-City
X-GeoIP-Country-Code
X-Wikidot-Static-Cache
X-Gateway-Skip-Cache
X-Wikidot-Backend
X-Node-Id
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Thanos
X-Planisys-CDN-TTL
X-Skip-Cache
X-S-Maxage
X-Shopify-Stage
X-ShopId
X-ShardId
X-Server-IP
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-MSEdge-Flight
X-MSEdge-Features
X-Micro-Cache
X-Level-Front-Cache
X-Variation
X-Webstats-RespID
Fastly-SSL
X-TrackingId
X-User
HTTPS
X-Generated-On
X-Backend-Url
X-Amz-Meta-Cache-Control
X-Alternate-Cache-Key
X-Core-Mission
SD-X-WS
X-Cache-FS-Status
X-Amzn-Remapped-Content-Length
X-BBXSRF
X-Backend-State
X-Bip
DSUID
X-Backend-Host
X-Crawler
Platform
X-GZip
X-Auto-Login
X-Server-Time
FNAC-ModuleRouting
X-Owner
Cteonnt-Length
X-RateLimit-Reset
ServerName
X-Cdn-Srv
X-CACHE-KEY
Powered-By
X-CUA
Section-Io-Cache
X-Varnish-Beresp-Ttl
Server-ID
X-CDN-Forward
X-Org
MIME-Version
Pragrma
Gh-Request-Id
X-NC
X-Original-Request
VivaBuild
X-Returned-From-PostProcessResponse
X-Passed-To-DLL
X-Nc
X-Actual-URL
X-Returned-From
X-Stale
Viewtype
X-Aicache-OS
X-Returned-From-BeforeDispatch
X-Passed-To-BeforeDispatch
X-Passed-To
X-Svr
X-Passed-To-PostProcessResponse
X-Returned-From-DLL
REQUESTUUID
Fastcgi-Useragent
X-Load-Cache
V-Age
X-Apm-App-Name
AR-SID
X-Parent-Response-Time
X-FPC
X-Apm-Inst-Hash
X-Sn-Servicetimems
X-Server-By
X-Cdn-Origin
X-Apm-Svc-Key
Host-ID
X-Exp-Se
X-HS-Cache-Config
X-ND-Cache
X-VServer
X-Croise-Owner
X-Dc
Rt-Proxy-Cache
X-Geo
X-Pjax-Url
X-Ua-Device
HostName
X-Edge-Server
Cdn-Request-Time
X-Gdpr
X-Served-From
X-CSRF-TOKEN
X-Unique-ID
Cdn-Host
Cache
PICS-Label
X-Microcachable
X-B3-Parentspanid
X-DC
SID
Time
Memory
X-Oss-Storage-Class
X-Oss-Hash-Crc64ecma
X-Servedbyhost
X-Oss-Object-Type
X-Oss-Request-Id
X-Oss-Server-Time
X-Wa
ProcessTime
X-Git-Hash
Resin-Trace
Mime-Version
X-Newrelic-Synthetics
X-V
X-Tb-Optimization-Total-Bytes-Saved
Wxu-Next-Region
X-From-Cache
CF-IPCountry
X-Req
Wxu-Next-Commit
Wxu-Next-Hostname
X-Optimization
X-Cache-HT
Odigeo-Trace-Id
Cf-Ipcountry
X-Release
X-HTML-Minification-Powered-By
X-Lb-Id
XServer
X-Varnish-Beresp-TTL
X-Fstrz
X-TH-Server
Cdn
X-WebServer
X-Atg-Version
X-Host-Name
X-Phone
Proxy-Firewall
X-Response-By
CF-Cached-On
Public-Key-Pins-Report-Only
X-ID
X-Instart-Info
X-APP
X-LB-ID
GMS-Ver
X-WR-MODIFICATION
Processtime
X-Ratelimit-Remaining
X-Daa-Tunnel
Backend-Name
X-Ratelimit-Limit
X-Fastly-Backend-Reqs
X-Vcl-Version
WZWS-RAY
X-Upstream-HT
X-Upstream-CT
X-CACHE-AGE
X-GEO
X-CLOUD-TRACE-CONTEXT
Fastcgi-X-Cache-Version
X-Worker
X-Zone
X-Check-Cacheable
219prxHost
X-SRV
189phosttRef
188prxHost
X-NGINX-Cache
X-Nananana
X-Vcache
178proxuri
225prxHost
409pxxline
X-Amz-Meta-Surrogate-Control
Xxline
X-Server-W
355prline
352pxline
286prxHost
X-B3-SpanId
X-UE-Client-Country
Countrycode
X-Clientip
X-WA
X-HS-Status
X-URL
X-We-Are-Hiring
X-Ratelimit-Reset
GW-Server
X-IPS-LoggedIn
Mobile-Detection-Method
Version
Lb
Pics-Label
SN
X-Fastly-Country-Code
X-Hyper-Cache
X-Backend-TTL
SS
X-CSRF-Token
X-ServedByHost
DataCenter
Ohc-File-Size
Esi-Enabled
X-VCL-Version
X-SERVER-NAME
X-FORWARDED-FOR
GeoIp-Country-Code
Geoip-Latitude
X-GZIP
X-Dynatrace
X-HS-Combine-CSS
URI
FSS-Proxy
X-PF-Uncompressing
FSS-Cache
X-BE
Geoip-City
X-Request-Start
X-Render-Time
X-AssetVersion
X-Contensis-Viewer-Groups
GeoIP-Country-Code
GeoIP-Latitude
X-UPSTREAM-Address
GeoIP-City
Serverid
X-Akamai-Request-ID2
X-Via-Ucdn
X-GDPR
X-LiteSpeed-Cache-Control
X-Cache-Ttl
X-CS
Accept-Language
CDN
X-Be
WP-Super-Cache
X-PJAX-URL
X-Unique-Id
X-Vtex-Remote-Cache
X-Vtex-Processado-Em
X-ZONE
X-RequestId
Ohc-Cache-HIT
X-NWS-UUID-VERIFY
X-Fpc
X-Gen-Id
X-Cdn-Cache
X-HostName
Amp-Access-Control-Allow-Source-Origin
Dynatrace
RequestUuid
X-UCC
X-Urbn-Site-Id
X-Pf-Uncompressing
X-Via-NSCOPI
X-Fastly-Cache-Hits
X-Flog
Locale
Cneonction
X-ABtesting
X-Hello
X-Urbn-Context-Path
X-Html-Edge-Cache
X-Reqid
Accept-Ch
X-LiteSpeed-Tag
X-Request-Url
X-Varnish-Action
Server-Id
A
X-Store
Who
X-Akamai-SSL-Client-Sid
X-HTML-Edge-Cache
Frontcache
Get-Access-Time
X-Port
IBM-Web2-Location
Dnion-Transfer-Encoding
Is-Session-Tracking
X-EC-Lua
NnCoection
X-Cdn-Request-ID
X-Cache-URL
X-ServerName
X-Serial
Ohc-Response-Time