Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
X-Powered-By
Link
ETag
CF-RAY
X-XSS-Protection
Expect-CT
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
X-Xss-Protection
CF-Cache-Status
X-Timer
Access-Control-Allow-Headers
X-Request-Id
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-FRAME-OPTIONS
X-Drupal-Cache
X-Adblock-Key
Alt-Svc
X-Check
X-Cacheable
X-Request-ID
Content-Security-Policy-Report-Only
X-Generator
X-Cache-Status
CF-Ray
X-Permitted-Cross-Domain-Policies
X-AspNetMvc-Version
X-DNS-Prefetch-Control
X-Template
X-Language
Status
X-Iinfo
Content-Encoding
Timing-Allow-Origin
X-Buckets
X-Content-Security-Policy
X-CDN
Upgrade
Xkey
X-Turbo-Charged-By
X-Kinja-Server-Push
Keep-Alive
Access-Control-Expose-Headers
X-Backend
X-Pass-Why
X-Cache-Group
X-AH-Environment
P3p
Access-Control-Max-Age
X-Age
X-Drupal-Dynamic-Cache
X-Ua-Compatible
X-Pingback
X-Server
X-Proxy-Cache
X-Via
Grace
X-Amz-Request-Id
X-Amz-Id-2
X-Hacker
WPE-Backend
X-Robots-Tag
X-Nginx-Cache-Status
X-Server-Powered-By
X-Varnish-Cache
X-Page-Speed
X-UA-Device
EagleId
Request-Context
X-Envoy-Upstream-Service-Time
Cf-Railgun
X-Amz-Version-Id
X-LiteSpeed-Cache
X-WebKit-CSP
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Swift-SaveTime
X-Swift-CacheTime
X-OneAgent-JS-Injection
X-Device
Ali-Swift-Global-Savetime
Allow
Server-Timing
X-CST
X-Ac
X-Rq
X-Node
X-Type
X-Host
Feature-Policy
Content-Location
X-Server-Id
X-Response-Time
X-Cnection
Report-To
X-Backend-Server
X-Application-Context
Surrogate-Control
EagleEye-TraceId
X-Cloud-Trace-Context
X-Iejgwucgyu
X-ORACLE-DMS-ECID
X-Readtime
X-Origin-Cache
Request-Id
X-Rack-Cache
X-Url
X-Country
X-FTR-Request-ID
X-Cache-Lookup
X-Clacks-Overhead
X-Country-Code
Rating
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
NEL
X-Instart-Request-ID
Pinterest-Generated-By
X-Upstream-Env
X-Mod-Pagespeed
X-Dns-Prefetch-Control
X-Ruxit-JS-Agent
X-Vhost
X-DynaTrace
X-Origin-Upstream-Status
X-Px
X-DataDome
Edge-Control
X-Goog-Hash
Verso
X-Server-Name
X-ESI
Accept-CH
X-Dispatcher
X-HW
X-GitHub-Request-Id
MS-Author-Via
X-VARITI-CCR
PB-PID
Arc-Version
X-Mobile-Rewrite
Charset
PB-RID
X-MS-InvokeApp
AR-CACHE
AR-ATIME
AR-PoweredBy
X-Kinja-Server
X-Use-Magma
X-Kinja-Revision
X-DataStream-Cache-Status
X-Cdn-Fetch
X-Exp-Variant
X-ORACLE-DMS-RID
X-Kinja-Build
X-Kinja
X-Exp-Id
X-GoogleNews-Bot
X-Version
X-Cached
Content-MD5
X-Powered-By-Plesk
X-Recruiting
Public-Key-Pins
Service-Worker-Allowed
Accept-CH-Lifetime
AR-Request-ID
X-D2id
X-Navigation-Version
X-Abt-Application-Version
RTSS
Ar-Sid
X-Vname
X-TtlSet
X-PC
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Ser
X-Varnish-TTL
X-Trace
X-Server-ID
X-Forwarded-Proto
X-Client-IP
SPRequestGuid
X-Vcap-Request-Id
X-DynaTrace-JS-Agent
X-Amz-Server-Side-Encryption
X-TTL
X-Country-Code-Real
X-FTR-DC
X-FTR-Cache-Status
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-Backend
X-FTR-Realm
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-SharePointHealthScore
Nginx-Cache
X-FTR-Expires
X-Amz-Rid
X-VCache
X-Fastly-Request-ID
X-Ttl
S
X-Amz-Meta-S3cmd-Attrs
Arr-Disable-Session-Affinity
X-Oracle-Dms-Rid
X-Debug
X-Shield-Request-Id
TCN
X-Hits
X-Dw-Request-Base-Id
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-XRDS-Location
Pinterest-Version
X-Upstream-Proxy
X-Id
SPIisLatency
X-Pinterest-Rid
SPRequestDuration
DynaTrace
X-Akam-SW-Version
Access-Control-Request-Method
X-T
Front-End-Https
X-FTR-Cache-Host
X-Goog-Storage-Class
X-Powered-CMS
X-SERVER
X-NF-Request-ID
X-Acc-Meta-Resource-Type
Realpath
Tracecode
X-Amzn-Trace-Id
X-MSEdge-Ref
X-N
Fastcgi-Cache
X-B3-TraceId
X-Aspnet-Version
Paypal-Debug-Id
X-Varnish-Age
X-Forwarded-For
X-Content-Type
Alternate-Protocol
X-Upstream
MRF-Tech
Mrf-Cache-Status
X-B3-TraceId-Primal
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
X-RateLimit-Remaining
X-Middleton-Display
X-PressLabs-Stats
Display
X-Frontend
X-Sol
X-HS-Content-Id
X-HS-Hub-Id
X-Logged-In
X-Content-Digest
Fusion-Content-Id
Fusion-Content-Source
Fusion-Source
Fusion-Component-Id
Fusion-Template-Id
Response
AMP-Access-Control-Allow-Source-Origin
X-Middleton-Response
X-Srv
X-Accel-Buffering
X-Hostname
X-Litespeed-Cache
X-Fastcgi-Cache
X-B3-Traceid
X-Pad
X-Kinsta-Cache
X-Cache-Key
X-Accel-Expires
Server-Name
MicrosoftSharePointTeamServices
X-User-Agent
Host
X-Content-Options
Backend-Timing
X-Analytics
Refresh
X-Correlation-Id
X-DataStream-Origin-MEX-Latency
X-Revision
X-Debug-Info
X-DIS-Request-ID
X-LB-Cache
X-DataStream-MidMile-RTT
X-Rid
X-Az
X-Activity-Id
X-AppVersion
X-IPLB-Instance
Accept-Charset
X-Amzn-RequestId
FilterID
X-Amz-Apigw-Id
X-B
X-Cache-Hit
X-Cache-2
X-B3-Sampled
ServerID
X-CF-Powered-By
Powered-By-ChinaCache
X-Grace
Surrogate-Key
X-FastCGI-Cache
X-Page-Id
X-Ruxit-Js-Agent
X-Whom
Server-Info
X-PHP-Backend
TP-L2-Cache
TP-Cache
X-Request-Received
MS-CV
X-Request-Processing-Time
Host-Header
X-Varnish-Backend
X-Content-Security-Policy-Report-Only
X-Amz-Replication-Status
VIX-Pulpo-Node
X-Akamai-Edgescape
VIX-Pulpo-Upstream-Status
X-TT
X-Origin-Server
Source
X-Cache-Action
X-UA-Device-Type
X-Framework
X-Cluster
X-App-Environment
X-Kong-Proxy-Latency
X-Tumblr-User
X-Kong-Upstream-Latency
X-Platform-Server
Cache-Status
X-Mobile
X-F-Cache
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Cached-By
X-Webkit-CSP
X-FW-Serve
X-Instance
Access-Control-Allow-Method
X-Content-Powered-By
X-FW-Type
X-FW-Hash
X-Drupal-Cache-Tags
X-FW-Server
X-FW-Static
X-Varnish-Grace
X-Request-Guid
X-RateLimit-Limit
X-Geo-Country
X-SS-Set-Cookie
X-Handled-By
X-Zen-Fury
X-Shard
X-Magnolia-Registration
X-Ezoic-Cdn
X-FB-Debug
X-Cache-TTL
X-Forwarded-Host
X-ATG-Version
Edge-Cache-Tag
CACHE
From-Origin
PageSpeed
X-App-Server
X-GUploader-UploadID
X-Cache-Age
X-Node-Name
DC
X-Varnish-Server
X-Varnish-Hostname
Cleartype
X-Wix-Server-Artifact-Id
Cache-Tags
X-AOL-HN
X-BCube-Filmed-By
X-XRDS-LOCATION
X-Cache-Control
Payment
X-Region
X-WebKit-CSP-Report-Only
X-Generated-By
Filters
Upgrade-Insecure-Requests
X-Response-Served-From
X-RequestSource
Healthy
X-GeoIP
X-Adobe-Loc
X-TX-ID
X-Adobe-Content
X-Signature
Ms-Operation-Id
Cache-Tv-Group
Webserver
X-TT-TIMESTAMP
X-RTag
X-VG-WebCache
X-UUID
X-B-Cache
NGB
Country
X-FW-Dynamic
X-Jobs
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-Storage
X-Redis-Cache
X-Drupal-Cache-Contexts
Retry-After
Server-Node
X-Cacheable-TTL
X-Content-Age
X-Varnish-Hits
GEO-INFO
Actual-Object-TTL
X-Locale
ServedBy
X-Seen-By
X-Cache-Rule
Liferay-Portal
X-Via-JSL
Fastly-Restarts
X-Contextid
X-Guploader-Uploadid
X-Rendered-As
Powered
Frame-Options
HitType
X-Cache-TTL-Remaining
X-Varnish-IP
X-Oneagent-Js-Injection
X-BACKEND-TTL
X-Real-IP
Viewport
X-TA-CDN-Provider
S-Cnection
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-WA-Info
Content-Style-Type
Content-Script-Type
X-Upgrade-Enabled
X-Cache-Server
ViewerVersion
X-Wix-Request-Id
Datacenter
X-ProcessESI
Eomportal-Instance
X-RemovedCookies
X-Mode
X-GRACE
Xserver
X-Cache-Config
X-NewRelic-App-Data
X-Esi
Nel
NtCoent-Length
X-Cache-NE
X-Varnish-Cache-Hits
X-ES-SERVER
X-Proxied
X-Path-Route
Machine
X-Cache-Var
X-RN-RSRV
X-Hl-Ver
X-Proto
Meta-Geo
X-Cache-Var-Map
X-Detected-As
Cache-Key
X-Zipkin-Id
X-Device-Type
Load-Balancing
X-Endurance-Cache-Level
X-Akamai-Transformed
X-Routing-Service
X-Is-Bot
Cache-Hits
TWC-GeoIP-LatLong
X-Viewer-Country
X-Section
TWC-Device-Class
X-VG-TLSProxy
X-Origin-Hint
OT-Force-Account-Verify
TWC-Connection-Speed
Property-Id
Access-Control-Request-Headers
We-Hiring
Mn-Server-Ip
Webcakes-App-Name
TWC-GeoIP-Country
X-From
TWC-Privacy
X-LJ-Flow-ID
X-Environment-Context
Vix-Hermes-Req-Id
X-Hosted-By
Webcakes-App-Version
X-Backend-Name
X-Cache-Enabled
X-VWS-Id
X-L-Path
X-AWS-Id
TWC-Locale-Group
Webcakes-Region
X-Access
Mail-Subject
L5d-Success-Class
X-S
X-Time
Azure-Version
X-Loop
Azure-SlotName
Azure-RegionName
X-Origin-Response-Time
Azure-InstanceId
X-Labrador-Cache-Channel
Azure-SiteName
X-FW-Version
Now
X-Birta-Cache-Post
X-Akamai-Request-ID
X-Birta-Served
X-EIG-Tracking-Id
S-Rt
X-Format
DB-Nickname
X-Proxy
X-Time-Microsecs
X-TNCMS
X-FC-Vary-Parameters
X-Status
X-Tb
X-ServerID
X-BYPASS-REASON
Decoy-Debug-TTL
X-CCM
Origin-Edge-Control
Origin-Cache-Control
X-Via-CDN
Selected-FE
X-Web-Node
Decoy-Debug-Status
X-Debug-Cache
X-IP
X-Trace-Id
X-Timing-Wait
X-Proxy-Build
X-ProxyCache-Key
X-Varnish-Cacheable
X-Via-Fastly
X-Xfnlog-Site
X-ProxyCache-Status
X-JoinUs
Decoy-Debug-Key
X-NCache
Cache-Tag
X-Human
X-OCL
X-PCL
X-Www-Served-By
X-Cache-Category-Id
X-Grey
X-Internal-Host
X-MP-GENERATED-AT
X-Tumblr-Pixel-3
X-Cdn
NGX
X-FB-TRIP-ID
X-Cache-Operation
Served-By
Uber-Trace-Id
X-Generated
X-Site-Version
X-Rocket-Nginx-Bypass
X-Vgn-Hpd-Reason
X-CDN-Cache
X-Origin-Host
X-VC-Cache
X-Dynatrace-Js-Agent
X-R9-Blue-Green-Version
X-NWS-LOG-UUID
X-UA
AsisCache
LB
X-EdgeConnect-Cache-Status
X-Rule
X-Sucuri-ID
X-Newrelic-App-Data
User-Agent
X-RCS-CacheZone
X-Cluster-Node
Rt-Fastcgi-Cache
X-Cache-Remote
Release
X-UnsetCookies
X-App-Name
X-ApacheServer
Hostname
X-TIME
X-PERF
Pagespeed
X-B3-Spanid
X-Agile-Age
X-Agile
X-Agile-Id
X-Nginx-Cache
X-APP-VERSION
X-Source
X-Datadome
Cache-Name
X-Ua
X-Edge-Location
X-Request-Time
X-App-Version
X-Edge-IP
X-Pubstack
X-Ocache
X-OVcl-Cache
X-Hit
X-Sucuri-Cache
X-CACHE-KEY
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Origin
X-Protected-By
Warning
X-OVcl
X-VCT
X-ElasticPress-Search
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-A
Thinkindot-Control
Www
X-NU-AKA-ACS-Version
X-A-Ccd
UCS
X-Matched-Rule
X-A-Wwc
X-Accel-Expires-Debug
X-Aed
X-A-Dgt
X-Logtrace-Id
X-A-Dam
X-A-Dcw
X-NodeID
X-Mobile-URL
Request-Time
Fly-Request-Id
MD5-Digest
Meta-Geo-Continent
N-Cache
Fly-Cache
Ec-Rule-Version
BehaviorPad-Version
Cache-Prefix
Cross-Origin-Window-Policy
Node
On-Server
X-Processor
Server-Cache-Control
Server-Surrogate-Control
Thinkindot-CacheControl
Xc-Version
Request-EU
Origin
Rendered-Blocks
Request-Country
Thinkindot-CacheControl-Type
X-Destination
X-Gannett-Site-Version
X-PAYTM-SRV-ID
X-ScT
X-S-Cookie
X-Connection-Hash
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-Hp-Webp
X-Generated-In
X-Secret
X-Origin-TTL
X-Core-Value
X-Debug-Cache-Store
X-Debug-Cache-Expiry
X-Platform
X-Rewrite-Enabled
X-Debug-Cache-Fetch
X-DPWN-IS-SECURE
Arc-Country
X-Date
X-D
X-Rojux
X-G
X-External-Request-Id
X-Debug-Cookies
X-Server-Group
X-Varnish-Authentication
X-Developer
X-Var-Ttl
X-Up
X-Application
X-Debug-Log
X-IN-APIGATEWAY
X-Instart-Isnd
X-NX-Host
X-IN-WAF
X-Request-UUID
X-Twitter-Response-Tags
X-Trv-Group
X-Cache-ASPX
X-Thinkindot-L3
X-Cache-Expires
X-Cache-Grace
X-SRCache-Key
X-BB-ID
X-Developers
X-Transaction
X-ARC
X-Origin-CC
X-Region-Sid
X-VG-WebServer
X-B-Cookie
X-Cdn-Forward
Ajk
X-Cache-Backend
SRV
X-Geo-Header
Server-Host
Server-Int
RNT-Time
X-Request-URI
True-Client-Country-4JS
X-Webstats-RespID
RNT-Machine
X-Refresh
X-Reboot
X-Qloud-Router
Pramga
X-Info
X-Irp-Debug
X-LAGOON
X-Cache-Id
X-RateLimit-Limit-Second
X-F5-Cache
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-RateLimit-Remaining-Second
X-Hash
X-Eu-Site
X-SIPLIST1
X-CGP
X-Cms-Context
X-Crawler
X-C
X-Cache-Debug
X-Cache-Host
X-Cache-Info
X-Cache-Miss-From
X-SN
X-Swa-Ws
X-Sf
X-TT-LOGID
X-Distributor
X-Epic-Correlation-Id
X-Proxy-Upstream
X-Distil-CS
X-Dispatcher-Server
X-ServiceProvider
X-Servername
X-Sedo-Request-Id
X-Device-Os
X-Varnish-Url
Proxy-Connection
X-Origin-Expires
Country-Code
Content-Disposition
AKAMAI
X-Origin-Date
Fastly-Backend-Name
X-Node-Id
Fastly-SWR
Fastly-Soc-X-Request-Id
Fastly-SIE
CDCHOST
X-PHP-Host
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Apple-News-Services-Handled
Backend
X-Page-Type
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
X-No-Session
X-Policy
Heartbleed
HA-Ipaddr
Memcached
Magicmarker
IsBot
Lfy
Kp-EeAlive
X-Location
X-Proxy-Cache-Status
X-Nginx-Cache-Key
Ha-Gx-Prefs
X-Li-Pop
X-LI-Proto
X-Li-Fabric
X-LI-UUID
X-Varnish-Ttl
Fastcgi-Useragent
X-ShardId
X-WPE-Loopback-Upstream-Addr
X-Skip-Cache
X-Shopify-Stage
X-Cdn-Srv
X-ShopId
X-Core-Mission
X-Server-IP
X-Fastly-Cache
X-Real-Ip
X-Level-Front-Cache
X-Fetched-On
Section-Io-Cache
X-Gateway-Cache-Status
X-Gateway-Cache-Key
X-S-Maxage
X-Generated-On
X-Planisys-CDN-Rules
X-MSEdge-Features
X-Gateway-Skip-Cache
X-GeoIP-Country-Code
X-GeoIP-City
X-Planisys-CDN-TTL
X-MSEdge-Flight
X-Planisys-CDN-Cache
X-Bip
X-User
X-Variation
X-Gen-Mode
X-Hnp-Log
X-Key
X-Alternate-Cache-Key
User-Cache-Control
X-Via-Edge
Platform
X-Block-Status
X-Wikidot-Static-Cache
Web-Mar-Node
Pagetype
X-Wikidot-Backend
SD-X-WS
X-Amzn-Remapped-Date
X-Amzn-Remapped-Connection
X-Amz-Meta-Cache-Control
X-Via-SSL
X-Backend-Url
X-Backend-State
X-Thanos
Fastly-SSL
X-BBXSRF
X-Sorting-Hat-ShopId
X-Cache-FS-Status
X-Sorting-Hat-PodId
X-Varnish-Beresp-Ttl
Adler-Geo
X-Auto-Login
X-Backend-Host
X-Amzn-Remapped-Content-Length
X-Ah-Environment
Is-Eu
HTTPS
X-FireWall-Port
X-GZip
X-Nc
X-Micro-Cache
X-Server-Time
X-TrackingId
X-Owner
X-CUA
X-Cache-Bucket
Powered-By
X-Dc
Pragrma
X-RateLimit-Reset
Server-ID
Cteonnt-Length
DSUID
X-Org
FNAC-ModuleRouting
ServerName
X-Passed-To-DLL
X-Svr
X-Original-Request
X-Passed-To
X-Passed-To-PostProcessResponse
X-Stale
X-Actual-URL
X-Passed-To-BeforeDispatch
X-Server-By
X-Returned-From-BeforeDispatch
X-Returned-From-DLL
X-Returned-From
X-Returned-From-PostProcessResponse
X-Load-Cache
X-CDN-Forward
Host-ID
X-Pjax-Url
X-VServer
X-Croise-Owner
X-Unique-ID
REQUESTUUID
X-Aicache-OS
X-HS-Cache-Config
Viewtype
VivaBuild
Gh-Request-Id
X-Edge-Server
Cdn-Host
Cdn-Request-Time
X-Microcachable
Mime-Version
X-Sn-Servicetimems
X-Apm-Svc-Key
X-FPC
X-Parent-Response-Time
X-NC
X-Apm-App-Name
V-Age
X-Apm-Inst-Hash
X-Cdn-Origin
X-Exp-Se
X-CSRF-TOKEN
X-Gdpr
Rt-Proxy-Cache
X-ND-Cache
X-Geo
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Ua-Device
SID
X-Oss-Request-Id
MIME-Version
X-Oss-Storage-Class
X-Oss-Server-Time
X-V
Time
X-Served-From
PICS-Label
Memory
ProcessTime
X-From-Cache
X-Servedbyhost
X-Wa
X-Req
X-URL
X-B3-Parentspanid
Odigeo-Trace-Id
X-Tb-Optimization-Total-Bytes-Saved
Cache
Cf-Ipcountry
Wxu-Next-Hostname
Resin-Trace
Wxu-Next-Commit
X-HTML-Minification-Powered-By
X-Newrelic-Synthetics
HostName
Wxu-Next-Region
X-DC
Cdn
X-Git-Hash
AR-SID
X-Cache-HT
X-Optimization
CF-IPCountry
X-Lb-Id
X-Fstrz
Public-Key-Pins-Report-Only
X-Response-By
X-GEO
X-Release
GMS-Ver
Fastcgi-X-Cache-Version
X-Atg-Version
X-Varnish-Beresp-TTL
XServer
X-WebServer
X-TH-Server
Processtime
Proxy-Firewall
X-Fastly-Backend-Reqs
WZWS-RAY
X-Vcl-Version
X-LB-ID
X-Daa-Tunnel
X-Phone
X-WR-MODIFICATION
X-Host-Name
X-Ratelimit-Remaining
X-Ratelimit-Limit
X-Instart-Info
X-Amz-Meta-Surrogate-Control
X-APP
X-CLOUD-TRACE-CONTEXT
X-Check-Cacheable
X-CACHE-AGE
X-We-Are-Hiring
Backend-Name
X-UE-Client-Country
Mobile-Detection-Method
X-Clientip
Countrycode
CF-Cached-On
GW-Server
X-Upstream-CT
X-Upstream-HT
X-Zone
X-Hyper-Cache
X-WA
X-HS-Status
SS
X-Worker
X-NGINX-Cache
X-Vcache
Ohc-File-Size
355prline
178proxuri
Xxline
409pxxline
225prxHost
188prxHost
189phosttRef
SN
219prxHost
286prxHost
X-Server-W
352pxline
X-ID
X-Fastly-Country-Code
X-CSRF-Token
X-ServedByHost
X-Ratelimit-Reset
X-Nananana
Pics-Label
Lb
X-HS-Combine-CSS
FSS-Proxy
Geoip-Latitude
FSS-Cache
X-IPS-LoggedIn
GeoIp-Country-Code
X-PF-Uncompressing
X-Backend-TTL
X-B3-SpanId
DataCenter
Version
Geoip-City
X-VHOST
X-SERVER-NAME
X-UPSTREAM-Address
X-GZIP
X-Dynatrace
X-Render-Time
X-Fpc
X-Request-Start
Esi-Enabled
URI
Ohc-Cache-HIT
X-BE
X-Be
X-Contensis-Viewer-Groups
X-AssetVersion
X-Gen-Id
X-CS
X-LiteSpeed-Cache-Control
X-UCC
X-VCL-Version
WP-Super-Cache
X-Unique-Id
X-Via-Ucdn
GeoIP-Country-Code
X-GDPR
GeoIP-City
X-PJAX-URL
X-Akamai-Request-ID2
GeoIP-Latitude
CDN
Who
X-Varnish-Action
Amp-Access-Control-Allow-Source-Origin
X-FORWARDED-FOR
Dynatrace
X-HostName
X-Vtex-Remote-Cache
X-Html-Edge-Cache
X-Cache-URL
X-Fastly-Cache-Hits
Cneonction
X-NWS-UUID-VERIFY
RequestUuid
X-Vtex-Processado-Em
X-SRV
Accept-Language
X-NGENIX-Cache
X-Pf-Uncompressing
X-RequestId
X-Cache-Ttl
X-Cdn-Cache
Serverid
X-ZONE
X-Reqid
X-Urbn-Context-Path
X-Urbn-Site-Id
X-Via-NSCOPI
Locale
X-ABtesting
X-LiteSpeed-Tag
X-Flog
X-Hello
Server-Id
X-Request-Url
Accept-Ch
A
X-Store
X-Akamai-SSL-Client-Sid
Get-Access-Time
Is-Session-Tracking
X-Dw-Trace-Id
RequestId
X-Port
X-Serial
X-EC-Lua
NnCoection
X-Cdn-Request-ID
X-HTML-Edge-Cache
X-ServerName
Frontcache
Ohc-Response-Time