Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
X-Powered-By
Link
ETag
CF-RAY
X-XSS-Protection
Expect-CT
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
CF-Cache-Status
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Xss-Protection
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-FRAME-OPTIONS
X-Drupal-Cache
X-Adblock-Key
Alt-Svc
X-Check
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
X-Cache-Status
CF-Ray
X-Request-ID
X-Permitted-Cross-Domain-Policies
X-AspNetMvc-Version
X-DNS-Prefetch-Control
X-Template
X-Language
Status
X-Iinfo
Content-Encoding
Timing-Allow-Origin
X-Buckets
X-Content-Security-Policy
X-CDN
Upgrade
Xkey
X-Turbo-Charged-By
X-Kinja-Server-Push
Keep-Alive
Access-Control-Expose-Headers
X-Backend
X-Pass-Why
X-Cache-Group
X-AH-Environment
P3p
Access-Control-Max-Age
X-Age
X-Drupal-Dynamic-Cache
X-Ua-Compatible
X-Pingback
X-Server
X-Proxy-Cache
X-Via
X-Amz-Id-2
Grace
X-Amz-Request-Id
X-Hacker
WPE-Backend
X-Robots-Tag
X-Server-Powered-By
X-Nginx-Cache-Status
X-Varnish-Cache
X-Page-Speed
X-UA-Device
EagleId
Request-Context
X-Envoy-Upstream-Service-Time
Cf-Railgun
X-Amz-Version-Id
X-LiteSpeed-Cache
X-WebKit-CSP
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Swift-SaveTime
X-Swift-CacheTime
X-OneAgent-JS-Injection
X-Device
Ali-Swift-Global-Savetime
Allow
Server-Timing
X-CST
X-Ac
X-Node
X-Rq
X-Type
X-Host
Feature-Policy
Content-Location
X-Server-Id
X-Response-Time
X-Cnection
Report-To
X-Backend-Server
X-Application-Context
Surrogate-Control
EagleEye-TraceId
X-Cloud-Trace-Context
X-Iejgwucgyu
X-ORACLE-DMS-ECID
X-Readtime
X-Origin-Cache
Request-Id
X-Rack-Cache
X-Url
X-Country
X-FTR-Request-ID
X-Cache-Lookup
X-Clacks-Overhead
X-Country-Code
NEL
Rating
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Instart-Request-ID
Pinterest-Generated-By
X-Mod-Pagespeed
X-Upstream-Env
X-Dns-Prefetch-Control
X-Ruxit-JS-Agent
X-Vhost
X-DynaTrace
X-Origin-Upstream-Status
X-Px
X-DataDome
Edge-Control
X-Goog-Hash
X-Server-Name
Verso
X-ESI
Accept-CH
X-Dispatcher
X-HW
X-GitHub-Request-Id
MS-Author-Via
X-VARITI-CCR
PB-RID
X-Mobile-Rewrite
PB-PID
Arc-Version
Charset
X-MS-InvokeApp
AR-ATIME
AR-CACHE
AR-PoweredBy
X-Kinja-Build
X-Exp-Variant
X-Kinja
X-Cdn-Fetch
X-Exp-Id
X-GoogleNews-Bot
X-Kinja-Revision
X-ORACLE-DMS-RID
X-DataStream-Cache-Status
X-Use-Magma
X-Kinja-Server
X-Version
X-Cached
Content-MD5
X-Powered-By-Plesk
X-Recruiting
Public-Key-Pins
Service-Worker-Allowed
Accept-CH-Lifetime
AR-Request-ID
X-D2id
X-Navigation-Version
X-Abt-Application-Version
RTSS
X-Vname
X-PC
X-TtlSet
Ar-Sid
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Ser
X-TTL
X-Trace
X-Server-ID
X-Varnish-TTL
SPRequestGuid
X-Forwarded-Proto
X-Vcap-Request-Id
X-Amz-Server-Side-Encryption
X-Client-IP
X-DynaTrace-JS-Agent
X-FTR-DC
X-FTR-Realm
X-FTR-Balancer
X-Country-Code-Real
X-Goog-Stored-Content-Encoding
X-FTR-Backend
X-FTR-Backend-Server
X-Goog-Metageneration
X-FTR-Cache-Status
X-Goog-Stored-Content-Length
X-Goog-Generation
X-SharePointHealthScore
Nginx-Cache
X-Amz-Rid
X-FTR-Expires
X-Fastly-Request-ID
X-VCache
S
X-Amz-Meta-S3cmd-Attrs
X-Shield-Request-Id
Arr-Disable-Session-Affinity
X-Oracle-Dms-Rid
X-Debug
TCN
X-Dw-Request-Base-Id
X-Hits
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-XRDS-Location
X-Upstream-Proxy
SPRequestDuration
Pinterest-Version
X-Ttl
X-Pinterest-Rid
SPIisLatency
X-Id
X-Akam-SW-Version
DynaTrace
Access-Control-Request-Method
X-T
Front-End-Https
X-Goog-Storage-Class
X-B3-TraceId
X-FTR-Cache-Host
X-Powered-CMS
X-SERVER
X-NF-Request-ID
X-Acc-Meta-Resource-Type
Realpath
Tracecode
X-Amzn-Trace-Id
X-MSEdge-Ref
Fastcgi-Cache
X-N
Paypal-Debug-Id
X-Aspnet-Version
X-Varnish-Age
X-Forwarded-For
X-Content-Type
Alternate-Protocol
X-Upstream
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
X-RateLimit-Remaining
X-Frontend
Display
X-Sol
X-Middleton-Display
X-HS-Hub-Id
X-HS-Content-Id
X-Logged-In
X-Content-Digest
X-PressLabs-Stats
Fusion-Content-Source
Fusion-Component-Id
Fusion-Template-Id
Fusion-Source
Fusion-Content-Id
AMP-Access-Control-Allow-Source-Origin
X-Middleton-Response
Response
X-Srv
X-Accel-Buffering
X-Hostname
X-Litespeed-Cache
X-Fastcgi-Cache
X-Kinsta-Cache
X-Pad
X-Cache-Key
X-Accel-Expires
Server-Name
MicrosoftSharePointTeamServices
X-User-Agent
Host
X-Content-Options
X-Analytics
Backend-Timing
Refresh
X-Correlation-Id
X-DIS-Request-ID
X-LB-Cache
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
X-B3-Traceid
X-Revision
X-Debug-Info
X-Activity-Id
X-AppVersion
X-Rid
X-Az
X-IPLB-Instance
Accept-Charset
X-B
X-Amz-Apigw-Id
X-Amzn-RequestId
FilterID
X-Cache-Hit
X-B3-Sampled
ServerID
X-Cache-2
X-CF-Powered-By
Powered-By-ChinaCache
Surrogate-Key
X-Grace
X-FastCGI-Cache
X-Page-Id
X-Whom
X-Ruxit-Js-Agent
Server-Info
X-PHP-Backend
TP-Cache
TP-L2-Cache
MS-CV
X-Request-Processing-Time
X-Request-Received
Host-Header
X-Varnish-Backend
X-Content-Security-Policy-Report-Only
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Amz-Replication-Status
Source
X-TT
X-Akamai-Edgescape
X-Framework
X-Origin-Server
X-Cluster
X-UA-Device-Type
X-Cache-Action
X-Webkit-CSP
X-Kong-Proxy-Latency
X-F-Cache
X-Platform-Server
X-App-Environment
X-Tumblr-Pixel-0
X-Tumblr-User
X-Mobile
X-Tumblr-Pixel
X-Kong-Upstream-Latency
Access-Control-Allow-Method
X-Content-Powered-By
X-Cached-By
X-Varnish-Grace
X-Instance
X-FW-Server
X-FW-Hash
X-FW-Static
X-FW-Type
X-Request-Guid
X-FW-Serve
X-Drupal-Cache-Tags
Cache-Status
X-Handled-By
X-Geo-Country
X-Zen-Fury
X-SS-Set-Cookie
X-Magnolia-Registration
X-Ezoic-Cdn
X-FB-Debug
X-Shard
X-RateLimit-Limit
X-Cache-TTL
X-Forwarded-Host
Edge-Cache-Tag
X-ATG-Version
CACHE
From-Origin
X-GUploader-UploadID
X-App-Server
PageSpeed
X-Cache-Age
X-Node-Name
X-Varnish-Server
DC
X-Varnish-Hostname
Cleartype
Cache-Tags
X-Wix-Server-Artifact-Id
X-AOL-HN
X-XRDS-LOCATION
X-BCube-Filmed-By
X-Cache-Control
Payment
X-Region
X-Generated-By
X-WebKit-CSP-Report-Only
X-RequestSource
X-Response-Served-From
Filters
Upgrade-Insecure-Requests
X-GeoIP
X-Adobe-Loc
Healthy
X-TX-ID
X-Adobe-Content
X-RTag
Webserver
X-UUID
Cache-Tv-Group
X-VG-WebCache
X-Signature
Ms-Operation-Id
NGB
X-B-Cache
Country
X-Storage
Retry-After
Server-Node
X-Redis-Cache
X-Jobs
X-FW-Dynamic
X-Tumblr-Pixel-1
X-TT-TIMESTAMP
X-Tumblr-Pixel-2
X-Varnish-Hits
Actual-Object-TTL
X-Cacheable-TTL
X-Drupal-Cache-Contexts
GEO-INFO
X-Locale
X-Content-Age
ServedBy
X-Seen-By
X-Cache-Rule
Liferay-Portal
X-Via-JSL
Fastly-Restarts
X-Contextid
X-Guploader-Uploadid
Powered
X-Rendered-As
Frame-Options
HitType
X-Cache-TTL-Remaining
X-Varnish-IP
X-BACKEND-TTL
X-Oneagent-Js-Injection
X-Real-IP
S-Cnection
X-TA-CDN-Provider
Viewport
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-WA-Info
Content-Script-Type
Content-Style-Type
X-Upgrade-Enabled
X-Cache-Server
ViewerVersion
X-Wix-Request-Id
Datacenter
X-ProcessESI
X-RemovedCookies
Eomportal-Instance
X-Dynatrace-Js-Agent
X-Mode
X-GRACE
X-Cache-Config
X-NewRelic-App-Data
X-Esi
Xserver
X-Varnish-Cache-Hits
X-Cache-NE
NtCoent-Length
X-Is-Bot
X-Akamai-Transformed
X-Hl-Ver
X-Device-Type
X-Detected-As
X-ES-SERVER
X-Cache-Var-Map
Load-Balancing
X-Cache-Var
X-Routing-Service
Machine
Meta-Geo
X-Zipkin-Id
X-Path-Route
X-RN-RSRV
Cache-Key
X-Proto
Cache-Hits
X-Proxied
X-AWS-Id
Vix-Hermes-Req-Id
OT-Force-Account-Verify
X-Backend-Name
Mail-Subject
We-Hiring
X-L-Path
X-Viewer-Country
X-VWS-Id
X-From
X-VG-TLSProxy
X-LJ-Flow-ID
X-Environment-Context
X-Hosted-By
X-Cache-Enabled
L5d-Success-Class
X-S
X-Time
X-Time-Microsecs
X-Status
Now
X-TNCMS
X-Endurance-Cache-Level
X-ServerID
X-FW-Version
X-Section
Webcakes-App-Version
X-Origin-Hint
Access-Control-Request-Headers
X-Proxy
X-Loop
DB-Nickname
X-Labrador-Cache-Channel
Property-Id
X-EIG-Tracking-Id
TWC-Connection-Speed
X-Birta-Cache-Post
X-Access
TWC-Device-Class
TWC-GeoIP-Country
TWC-Locale-Group
TWC-GeoIP-LatLong
TWC-Privacy
X-FC-Vary-Parameters
Webcakes-App-Name
Mn-Server-Ip
Webcakes-Region
S-Rt
X-Birta-Served
Azure-Version
X-NCache
X-Akamai-Request-ID
X-JoinUs
Azure-SlotName
X-CCM
X-Format
Selected-FE
X-IP
X-BYPASS-REASON
X-Origin-Response-Time
Decoy-Debug-TTL
Decoy-Debug-Status
Azure-SiteName
X-Xfnlog-Site
Origin-Cache-Control
Origin-Edge-Control
X-Web-Node
X-Via-CDN
Cache-Tag
X-Debug-Cache
X-Via-Fastly
Decoy-Debug-Key
X-ProxyCache-Status
X-ProxyCache-Key
Azure-InstanceId
Azure-RegionName
X-Tb
X-Proxy-Build
X-Timing-Wait
X-Trace-Id
X-Tumblr-Pixel-3
X-PCL
X-Www-Served-By
NGX
X-FB-TRIP-ID
X-MP-GENERATED-AT
X-Grey
X-Human
X-Varnish-Cacheable
X-Cdn
X-OCL
X-Cache-Category-Id
X-Internal-Host
X-Generated
X-Site-Version
X-Cache-Operation
Served-By
Uber-Trace-Id
X-Rocket-Nginx-Bypass
X-CDN-Cache
X-Vgn-Hpd-Reason
X-Origin-Host
X-VC-Cache
X-R9-Blue-Green-Version
X-UA
X-EdgeConnect-Cache-Status
AsisCache
X-Rule
X-Sucuri-ID
X-NWS-LOG-UUID
User-Agent
X-RCS-CacheZone
X-Newrelic-App-Data
LB
X-Cluster-Node
Rt-Fastcgi-Cache
X-UnsetCookies
Release
X-Cache-Remote
X-App-Name
X-PERF
X-TIME
X-ApacheServer
Hostname
Pagespeed
Nel
X-B3-Spanid
X-Agile-Age
X-Agile
X-Agile-Id
X-Nginx-Cache
X-Varnish-Ttl
X-APP-VERSION
X-Datadome
X-Ua
Cache-Name
X-Source
X-Edge-Location
X-Request-Time
X-Edge-IP
X-App-Version
X-Pubstack
X-Ocache
X-Cdn-Forward
Warning
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Sucuri-Cache
X-OVcl-Cache
X-OVcl
X-CACHE-KEY
X-Protected-By
X-Origin
X-Varnish-Beresp-Grace
X-ElasticPress-Search
X-Varnish-Beresp-Status
X-Hit
X-DPWN-IS-SECURE
X-Origin-TTL
X-SRCache-Key
X-PAYTM-SRV-ID
Meta-Geo-Continent
Ec-Rule-Version
X-NodeID
Server-Cache-Control
X-NU-AKA-ACS-Version
X-NX-Host
X-Origin-CC
Server-Surrogate-Control
X-Trv-Group
X-Thinkindot-L3
X-Processor
X-IN-WAF
X-D
Thinkindot-Control
X-Platform
Thinkindot-CacheControl
X-Var-Ttl
X-CF-Lambda-Fn
Thinkindot-CacheControl-Type
Cross-Origin-Window-Policy
N-Cache
Request-Country
Request-EU
Request-Time
X-External-Request-Id
Rendered-Blocks
Arc-Country
Cache-Prefix
Origin
BehaviorPad-Version
On-Server
Ajk
X-Instart-Isnd
X-Secret
X-ScT
X-Mobile-URL
Node
X-Core-Value
X-Up
X-Gannett-Site-Version
X-Logtrace-Id
X-Matched-Rule
X-Twitter-Response-Tags
X-G
X-IN-APIGATEWAY
Xc-Version
X-Debug-Cache-Fetch
X-Debug-Cache-Expiry
X-Application
X-Debug-Cache-Store
X-Debug-Cookies
X-Server-Group
X-Destination
X-Aed
X-Debug-Log
X-Region-Sid
X-VG-WebServer
X-Date
X-Generated-In
X-Varnish-Authentication
X-B-Cookie
X-VCT
X-Rojux
X-ARC
X-Request-UUID
X-Rewrite-Enabled
X-Cache-ASPX
X-Accel-Expires-Debug
X-Developer
Www
X-S-Cookie
X-A-Wwc
Fly-Cache
MD5-Digest
X-Transaction
X-CF-Lambda-Version
X-Cache-Grace
UCS
X-Cache-Expires
Fly-Request-Id
X-BB-ID
X-A-Dcw
X-A-Dgt
X-A-Ccd
X-A-Dam
X-Connection-Hash
X-A
X-Hp-Webp
X-Cache-Backend
SRV
IsBot
Lfy
Magicmarker
Memcached
Kp-EeAlive
X-Distributor
X-Cache-Id
X-Developers
X-Device-Os
True-Client-Country-4JS
X-Cache-Debug
X-Geo-Header
X-Cache-Miss-From
X-Cache-Info
X-Cms-Context
X-CGP
X-Dispatcher-Server
X-Cache-Host
RNT-Machine
X-Eu-Site
Proxy-Connection
Pramga
X-Crawler
RNT-Time
Server-Int
Server-Host
X-Epic-Correlation-Id
X-F5-Cache
X-Node-Id
Heartbleed
X-PHP-Host
X-Proxy-Cache-Status
X-Proxy-Upstream
X-RateLimit-Limit-Second
X-Qloud-Router
X-Page-Type
X-Origin-Expires
X-Nginx-Cache-Key
X-Location
X-No-Session
X-SN
X-Origin-Date
X-RateLimit-Remaining-Second
X-Rebelmouse-Cache-Control
X-Servername
X-TT-LOGID
X-ServiceProvider
X-Sf
X-SIPLIST1
X-Swa-Ws
X-Sedo-Request-Id
X-Varnish-Url
X-Webstats-RespID
X-Rebelmouse-Surrogate-Control
X-Reboot
X-Refresh
X-Request-URI
X-LI-UUID
X-Policy
Ha-Gx-Prefs
X-Hash
Content-Disposition
X-Irp-Debug
X-LAGOON
Fastly-SWR
AKAMAI
Fastly-Backend-Name
Fastly-SIE
X-Info
Country-Code
Cache-Cookie-Set-Lfrom
HA-Ipaddr
Cache-Cookie-Set-From
Backend
Cache-Cookie-Set-Idcheck
X-Li-Fabric
X-LI-Proto
X-Li-Pop
X-User
X-Variation
X-Sorting-Hat-PodId
X-Core-Mission
X-S-Maxage
X-Server-IP
X-Gateway-Skip-Cache
X-Sorting-Hat-ShopId
X-Shopify-Stage
X-ShopId
X-Generated-On
X-Skip-Cache
X-Thanos
X-GeoIP-Country-Code
X-GeoIP-City
X-ShardId
X-Amzn-Remapped-Connection
X-Fastly-Cache
X-Fetched-On
X-Via-SSL
X-Gateway-Cache-Key
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Level-Front-Cache
X-Planisys-CDN-Cache
X-Distil-CS
X-Cdn-Srv
X-Via-Edge
Web-Mar-Node
User-Cache-Control
Pagetype
X-Amzn-Remapped-Date
X-Block-Status
X-Key
X-Hnp-Log
X-Gen-Mode
X-Gateway-Cache-Status
X-Alternate-Cache-Key
Fastly-Soc-X-Request-Id
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Fastly-SSL
HTTPS
Platform
Is-Eu
Apple-News-Services-Host
Apple-News-Services-Handled
X-Ah-Environment
X-Varnish-Beresp-Ttl
Fastcgi-Useragent
X-WPE-Loopback-Upstream-Addr
Adler-Geo
X-Real-Ip
SD-X-WS
CDCHOST
X-Backend-State
X-Backend-Host
X-Backend-Url
Section-Io-Cache
X-BBXSRF
X-Amz-Meta-Cache-Control
X-Auto-Login
X-C
X-Cache-FS-Status
X-Amzn-Remapped-Content-Length
X-Bip
X-FireWall-Port
X-GZip
X-Micro-Cache
X-CUA
X-MSEdge-Flight
X-Owner
X-Wikidot-Backend
X-Server-Time
X-Wikidot-Static-Cache
X-Nc
X-TrackingId
X-MSEdge-Features
X-Cache-Bucket
Powered-By
X-Dc
Pragrma
Server-ID
X-RateLimit-Reset
Cteonnt-Length
DSUID
X-Returned-From
X-Server-By
X-Org
X-Passed-To-PostProcessResponse
X-Passed-To
X-Passed-To-BeforeDispatch
X-Passed-To-DLL
ServerName
X-Actual-URL
X-Svr
X-Returned-From-BeforeDispatch
X-Returned-From-DLL
FNAC-ModuleRouting
X-Stale
X-Original-Request
X-Returned-From-PostProcessResponse
X-Load-Cache
X-Aicache-OS
REQUESTUUID
X-Pjax-Url
Gh-Request-Id
VivaBuild
Host-ID
X-Croise-Owner
X-HS-Cache-Config
X-Unique-ID
X-VServer
Viewtype
X-Edge-Server
X-CDN-Forward
X-Microcachable
Cdn-Request-Time
Cdn-Host
Mime-Version
X-Cdn-Origin
X-Apm-App-Name
X-Apm-Inst-Hash
X-Parent-Response-Time
X-Sn-Servicetimems
V-Age
X-FPC
X-Apm-Svc-Key
X-NC
X-Geo
X-Oss-Hash-Crc64ecma
MIME-Version
X-Oss-Server-Time
X-ND-Cache
X-Gdpr
X-Exp-Se
X-CSRF-TOKEN
SID
X-Oss-Storage-Class
X-Ua-Device
X-Oss-Request-Id
X-Oss-Object-Type
Rt-Proxy-Cache
X-V
X-Served-From
Memory
Time
PICS-Label
ProcessTime
X-From-Cache
X-Req
X-Servedbyhost
X-Wa
X-URL
X-B3-Parentspanid
Odigeo-Trace-Id
Cache
Cf-Ipcountry
X-Tb-Optimization-Total-Bytes-Saved
HostName
Wxu-Next-Commit
Wxu-Next-Hostname
Wxu-Next-Region
X-HTML-Minification-Powered-By
Resin-Trace
X-Cache-HT
Cdn
X-Optimization
AR-SID
X-DC
X-Git-Hash
CF-IPCountry
X-Lb-Id
X-Fstrz
X-Newrelic-Synthetics
Public-Key-Pins-Report-Only
X-Response-By
X-GEO
GMS-Ver
X-Release
X-Ratelimit-Remaining
X-Varnish-Beresp-TTL
Fastcgi-X-Cache-Version
X-Atg-Version
XServer
X-WebServer
X-TH-Server
Proxy-Firewall
X-Ratelimit-Limit
X-LB-ID
WZWS-RAY
X-WR-MODIFICATION
X-Fastly-Backend-Reqs
X-Phone
Processtime
X-Vcl-Version
X-Daa-Tunnel
X-Host-Name
X-Instart-Info
X-Amz-Meta-Surrogate-Control
X-APP
X-Check-Cacheable
X-CLOUD-TRACE-CONTEXT
X-CACHE-AGE
X-Clientip
Backend-Name
GW-Server
Countrycode
X-We-Are-Hiring
CF-Cached-On
Mobile-Detection-Method
X-UE-Client-Country
X-Zone
X-Upstream-HT
X-Upstream-CT
X-Hyper-Cache
X-Worker
SS
X-NGINX-Cache
X-HS-Status
X-WA
X-Vcache
Ohc-File-Size
178proxuri
X-Ratelimit-Reset
X-CSRF-Token
189phosttRef
X-ID
X-ServedByHost
Pics-Label
SN
219prxHost
188prxHost
225prxHost
Xxline
X-Nananana
X-Server-W
409pxxline
X-Fastly-Country-Code
352pxline
286prxHost
355prline
Lb
X-PF-Uncompressing
GeoIp-Country-Code
FSS-Proxy
X-Backend-TTL
FSS-Cache
X-HS-Combine-CSS
Geoip-Latitude
X-IPS-LoggedIn
DataCenter
X-B3-SpanId
Version
X-SERVER-NAME
X-UPSTREAM-Address
Geoip-City
X-VHOST
X-GZIP
X-Dynatrace
Esi-Enabled
X-Request-Start
X-Render-Time
X-Be
Ohc-Cache-HIT
X-BE
URI
X-Fpc
X-Gen-Id
X-UCC
X-CS
X-Contensis-Viewer-Groups
X-AssetVersion
WP-Super-Cache
X-LiteSpeed-Cache-Control
X-VCL-Version
X-Unique-Id
Who
X-Akamai-Request-ID2
X-Varnish-Action
GeoIP-Country-Code
GeoIP-City
GeoIP-Latitude
X-Via-Ucdn
CDN
X-GDPR
X-PJAX-URL
X-HostName
Dynatrace
Amp-Access-Control-Allow-Source-Origin
X-FORWARDED-FOR
X-Html-Edge-Cache
X-Cache-URL
Accept-Language
X-Pf-Uncompressing
X-RequestId
X-SRV
X-Fastly-Cache-Hits
Cneonction
X-NGENIX-Cache
RequestUuid
X-Vtex-Remote-Cache
X-Vtex-Processado-Em
X-Cdn-Cache
X-Cache-Ttl
Serverid
X-ZONE
X-Urbn-Context-Path
X-Reqid
X-Urbn-Site-Id
X-Flog
Locale
X-ABtesting
X-Via-NSCOPI
X-LiteSpeed-Tag
X-Hello
Accept-Ch
X-Store
X-Request-Url
A
X-NWS-UUID-VERIFY
Server-Id
X-Akamai-SSL-Client-Sid
X-HTML-Edge-Cache
Ohc-Response-Time
Frontcache
Is-Session-Tracking
X-Serial
X-Port
X-EC-Lua
NnCoection
X-Dw-Trace-Id
X-Cdn-Request-ID
X-ServerName
RequestId
Get-Access-Time