Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
X-Powered-By
Link
ETag
CF-RAY
X-XSS-Protection
Expect-CT
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
CF-Cache-Status
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Xss-Protection
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-FRAME-OPTIONS
X-Drupal-Cache
X-Adblock-Key
Alt-Svc
X-Check
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
X-Cache-Status
CF-Ray
X-Request-ID
X-Permitted-Cross-Domain-Policies
X-AspNetMvc-Version
X-DNS-Prefetch-Control
X-Template
X-Language
Status
X-Iinfo
Content-Encoding
Timing-Allow-Origin
X-Buckets
X-Content-Security-Policy
X-CDN
Upgrade
Xkey
X-Turbo-Charged-By
X-Kinja-Server-Push
Keep-Alive
Access-Control-Expose-Headers
X-Backend
X-Pass-Why
X-Cache-Group
X-AH-Environment
P3p
Access-Control-Max-Age
X-Age
X-Drupal-Dynamic-Cache
X-Ua-Compatible
X-Pingback
X-Server
X-Proxy-Cache
X-Via
Grace
X-Amz-Id-2
X-Amz-Request-Id
X-Hacker
WPE-Backend
X-Robots-Tag
X-Nginx-Cache-Status
X-Server-Powered-By
X-Varnish-Cache
X-Page-Speed
X-UA-Device
EagleId
Request-Context
X-Envoy-Upstream-Service-Time
Cf-Railgun
X-Amz-Version-Id
X-LiteSpeed-Cache
X-WebKit-CSP
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Swift-SaveTime
X-Swift-CacheTime
X-OneAgent-JS-Injection
X-Device
Ali-Swift-Global-Savetime
Allow
Server-Timing
X-CST
X-Ac
X-Rq
X-Node
X-Type
X-Host
Feature-Policy
Content-Location
X-Server-Id
X-Response-Time
X-Cnection
Report-To
X-Backend-Server
X-Application-Context
Surrogate-Control
EagleEye-TraceId
X-Cloud-Trace-Context
X-Iejgwucgyu
X-ORACLE-DMS-ECID
X-Readtime
X-Origin-Cache
Request-Id
X-Rack-Cache
X-Url
X-Country
X-FTR-Request-ID
X-Clacks-Overhead
X-Cache-Lookup
X-Country-Code
NEL
Rating
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Instart-Request-ID
X-Ruxit-JS-Agent
Pinterest-Generated-By
X-Upstream-Env
X-Mod-Pagespeed
X-Dns-Prefetch-Control
X-Vhost
X-DynaTrace
X-Origin-Upstream-Status
X-Px
X-DataDome
Edge-Control
X-Goog-Hash
X-Server-Name
Verso
X-ESI
Accept-CH
X-ORACLE-DMS-RID
X-Dispatcher
X-HW
MS-Author-Via
X-GitHub-Request-Id
X-VARITI-CCR
PB-PID
Arc-Version
X-Mobile-Rewrite
PB-RID
Charset
X-MS-InvokeApp
AR-CACHE
AR-ATIME
AR-PoweredBy
X-Kinja
X-Use-Magma
X-Kinja-Revision
X-Kinja-Server
X-Exp-Variant
X-Cdn-Fetch
X-GoogleNews-Bot
X-Exp-Id
X-Kinja-Build
X-DataStream-Cache-Status
X-Cached
X-Version
Content-MD5
X-Powered-By-Plesk
X-Recruiting
Public-Key-Pins
Service-Worker-Allowed
Accept-CH-Lifetime
AR-Request-ID
X-D2id
X-Navigation-Version
X-Abt-Application-Version
RTSS
Ar-Sid
X-Vname
X-TtlSet
X-PC
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Ser
X-TTL
X-Trace
X-Server-ID
X-Varnish-TTL
X-Forwarded-Proto
SPRequestGuid
X-Client-IP
X-Vcap-Request-Id
X-DynaTrace-JS-Agent
X-Amz-Server-Side-Encryption
X-Country-Code-Real
X-FTR-DC
X-FTR-Cache-Status
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-Backend
X-FTR-Realm
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-SharePointHealthScore
X-FTR-Expires
X-Amz-Rid
Nginx-Cache
X-VCache
X-Fastly-Request-ID
S
X-Amz-Meta-S3cmd-Attrs
X-XRDS-Location
Arr-Disable-Session-Affinity
X-Debug
X-Shield-Request-Id
TCN
X-Hits
X-Dw-Request-Base-Id
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Upstream-Proxy
Pinterest-Version
X-Ttl
X-Id
X-Pinterest-Rid
SPIisLatency
SPRequestDuration
X-Akam-SW-Version
DynaTrace
Access-Control-Request-Method
X-T
X-Goog-Storage-Class
Front-End-Https
X-FTR-Cache-Host
X-B3-TraceId
X-Oracle-Dms-Rid
X-Powered-CMS
X-SERVER
X-NF-Request-ID
X-Acc-Meta-Resource-Type
Realpath
Tracecode
X-Amzn-Trace-Id
X-MSEdge-Ref
Fastcgi-Cache
X-N
X-Varnish-Age
Paypal-Debug-Id
X-Aspnet-Version
X-Forwarded-For
X-Content-Type
Alternate-Protocol
X-Upstream
MRF-Tech
X-Mrf-Section-Lastmod
X-B3-TraceId-Primal
X-Mrf-Item-Lastmod
Mrf-Cache-Status
X-RateLimit-Remaining
X-PressLabs-Stats
X-Middleton-Display
Display
X-Frontend
X-Sol
X-Logged-In
X-HS-Hub-Id
X-HS-Content-Id
X-Content-Digest
Fusion-Content-Id
Fusion-Template-Id
Fusion-Source
Fusion-Content-Source
Fusion-Component-Id
Response
AMP-Access-Control-Allow-Source-Origin
X-Middleton-Response
X-Srv
X-Hostname
X-Accel-Buffering
X-Litespeed-Cache
X-Fastcgi-Cache
X-Pad
X-Kinsta-Cache
X-Accel-Expires
Server-Name
MicrosoftSharePointTeamServices
X-Cache-Key
X-User-Agent
Host
X-Content-Options
X-Analytics
Backend-Timing
X-Correlation-Id
Refresh
X-DIS-Request-ID
X-DataStream-MidMile-RTT
X-B3-Traceid
X-Revision
X-DataStream-Origin-MEX-Latency
X-LB-Cache
X-Debug-Info
X-Rid
X-Activity-Id
X-IPLB-Instance
X-AppVersion
X-Az
X-Amzn-RequestId
Accept-Charset
X-B
FilterID
X-Amz-Apigw-Id
X-Cache-Hit
X-B3-Sampled
ServerID
X-Cache-2
Powered-By-ChinaCache
X-CF-Powered-By
Surrogate-Key
X-Page-Id
X-FastCGI-Cache
X-Whom
X-Grace
Server-Info
TP-L2-Cache
TP-Cache
X-PHP-Backend
X-Request-Received
Host-Header
X-Request-Processing-Time
MS-CV
X-Varnish-Backend
X-Content-Security-Policy-Report-Only
X-Origin-Server
X-Amz-Replication-Status
X-Akamai-Edgescape
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
Source
X-TT
X-UA-Device-Type
X-Framework
X-Cluster
X-Cache-Action
X-Tumblr-User
X-Tumblr-Pixel-0
X-Mobile
X-Platform-Server
X-F-Cache
X-Tumblr-Pixel
X-Webkit-CSP
X-Kong-Proxy-Latency
X-Cached-By
X-Kong-Upstream-Latency
X-App-Environment
X-FW-Server
X-FW-Static
X-Drupal-Cache-Tags
X-FW-Type
X-FW-Hash
X-FW-Serve
X-Instance
Access-Control-Allow-Method
Cache-Status
X-Content-Powered-By
X-Varnish-Grace
X-Ruxit-Js-Agent
X-RateLimit-Limit
X-Request-Guid
X-Handled-By
X-Geo-Country
X-SS-Set-Cookie
X-Zen-Fury
X-Magnolia-Registration
X-Ezoic-Cdn
X-Shard
X-FB-Debug
X-Cache-TTL
X-Forwarded-Host
Edge-Cache-Tag
X-ATG-Version
From-Origin
X-App-Server
X-GUploader-UploadID
X-Cache-Age
X-Node-Name
CACHE
DC
X-Varnish-Server
X-Varnish-Hostname
Cleartype
X-Wix-Server-Artifact-Id
Cache-Tags
PageSpeed
X-AOL-HN
X-BCube-Filmed-By
X-Cache-Control
Payment
X-Region
X-Response-Served-From
X-RequestSource
Upgrade-Insecure-Requests
X-Generated-By
X-WebKit-CSP-Report-Only
Filters
X-Adobe-Loc
X-Adobe-Content
X-GeoIP
Healthy
X-TX-ID
X-RTag
X-VG-WebCache
NGB
X-TT-TIMESTAMP
Country
Webserver
X-UUID
X-Signature
X-B-Cache
Cache-Tv-Group
Ms-Operation-Id
X-Drupal-Cache-Contexts
X-Storage
Server-Node
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-FW-Dynamic
X-Jobs
X-Redis-Cache
Retry-After
X-Varnish-Hits
X-Cacheable-TTL
GEO-INFO
Actual-Object-TTL
X-Content-Age
X-Locale
X-Seen-By
ServedBy
Liferay-Portal
X-Cache-Rule
X-XRDS-LOCATION
X-Via-JSL
Fastly-Restarts
X-Contextid
X-Guploader-Uploadid
X-Rendered-As
Powered
Frame-Options
HitType
X-Cache-TTL-Remaining
X-Varnish-IP
X-BACKEND-TTL
X-Oneagent-Js-Injection
X-Real-IP
X-GRACE
S-Cnection
Viewport
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-WA-Info
Content-Style-Type
Content-Script-Type
X-Cache-Server
X-Upgrade-Enabled
X-Wix-Request-Id
ViewerVersion
Datacenter
X-Time
Eomportal-Instance
X-ProcessESI
X-RemovedCookies
X-TA-CDN-Provider
Xserver
X-Mode
X-Cache-Config
X-NewRelic-App-Data
X-Esi
X-Cache-NE
NtCoent-Length
X-Varnish-Cache-Hits
X-Path-Route
X-Proxied
X-Routing-Service
X-RN-RSRV
X-Device-Type
X-Hl-Ver
X-Is-Bot
X-ES-SERVER
X-Cache-Var
Cache-Hits
X-Detected-As
Machine
X-Akamai-Transformed
Load-Balancing
Meta-Geo
X-Proto
X-Endurance-Cache-Level
X-Cache-Var-Map
X-Zipkin-Id
Cache-Key
OT-Force-Account-Verify
X-Backend-Name
X-L-Path
We-Hiring
X-Hosted-By
X-Cache-Enabled
Vix-Hermes-Req-Id
X-Environment-Context
Webcakes-App-Name
X-Access
X-AWS-Id
Webcakes-Region
Webcakes-App-Version
X-From
X-Section
X-Origin-Hint
TWC-GeoIP-Country
TWC-GeoIP-LatLong
TWC-Device-Class
TWC-Connection-Speed
Mail-Subject
Property-Id
Mn-Server-Ip
TWC-Locale-Group
X-Viewer-Country
X-VG-TLSProxy
X-LJ-Flow-ID
TWC-Privacy
X-VWS-Id
Access-Control-Request-Headers
L5d-Success-Class
X-S
Now
S-Rt
X-Birta-Cache-Post
X-Birta-Served
X-Akamai-Request-ID
DB-Nickname
Azure-RegionName
Azure-SiteName
Azure-SlotName
Azure-Version
X-EIG-Tracking-Id
X-TNCMS
X-Status
X-Origin-Response-Time
X-ServerID
X-Proxy
X-Tb
X-Loop
X-Format
X-FW-Version
X-Time-Microsecs
X-Labrador-Cache-Channel
Azure-InstanceId
X-FC-Vary-Parameters
X-IP
X-CCM
X-Via-CDN
X-Web-Node
X-Debug-Cache
X-Via-Fastly
X-Timing-Wait
Selected-FE
X-Varnish-Cacheable
Cache-Tag
Decoy-Debug-TTL
X-Trace-Id
X-JoinUs
X-Proxy-Build
X-BYPASS-REASON
X-ProxyCache-Key
Decoy-Debug-Status
X-ProxyCache-Status
X-Xfnlog-Site
X-NCache
Origin-Edge-Control
Decoy-Debug-Key
Origin-Cache-Control
X-Cdn
X-Cache-Category-Id
X-Www-Served-By
X-PCL
X-Human
NGX
X-FB-TRIP-ID
X-MP-GENERATED-AT
X-Internal-Host
X-Tumblr-Pixel-3
X-Grey
X-OCL
Uber-Trace-Id
X-Cache-Operation
X-Generated
Served-By
X-Site-Version
X-Rocket-Nginx-Bypass
X-Vgn-Hpd-Reason
X-CDN-Cache
X-Origin-Host
X-VC-Cache
X-R9-Blue-Green-Version
LB
X-EdgeConnect-Cache-Status
AsisCache
X-Dynatrace-Js-Agent
X-NWS-LOG-UUID
X-Sucuri-ID
X-Rule
Pagespeed
X-Newrelic-App-Data
User-Agent
X-RCS-CacheZone
X-Cluster-Node
X-UA
Rt-Fastcgi-Cache
X-Cache-Remote
X-UnsetCookies
Release
X-App-Name
X-ApacheServer
Hostname
X-PERF
X-B3-Spanid
X-Ua
Nel
X-Agile-Id
X-Agile-Age
X-Agile
X-Nginx-Cache
X-Varnish-Ttl
X-TIME
X-App-Version
X-Source
X-CACHE-KEY
X-Datadome
Cache-Name
X-Edge-Location
X-Request-Time
X-Edge-IP
X-APP-VERSION
X-Pubstack
X-Ocache
X-Cdn-Forward
X-Hit
X-OVcl
Warning
X-OVcl-Cache
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Protected-By
X-Sucuri-Cache
X-Origin
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
On-Server
Origin
Rendered-Blocks
X-Hp-Webp
Node
X-IN-APIGATEWAY
N-Cache
Request-Country
Request-EU
X-Gannett-Site-Version
X-G
Thinkindot-CacheControl
Server-Surrogate-Control
Server-Cache-Control
Request-Time
X-Generated-In
Meta-Geo-Continent
X-IN-WAF
X-Matched-Rule
Ajk
Arc-Country
X-Mobile-URL
X-NodeID
X-NX-Host
X-NU-AKA-ACS-Version
BehaviorPad-Version
Cache-Prefix
Fly-Request-Id
X-Instart-Isnd
MD5-Digest
Fly-Cache
X-S-Cookie
X-Logtrace-Id
Cross-Origin-Window-Policy
Thinkindot-CacheControl-Type
Thinkindot-Control
X-Cache-ASPX
X-Cache-Expires
X-Debug-Cache-Store
X-Debug-Cookies
X-Debug-Log
X-BB-ID
X-Destination
X-Cache-Grace
X-Debug-Cache-Fetch
X-Connection-Hash
X-D
X-Core-Value
X-Date
X-CF-Lambda-Version
X-Debug-Cache-Expiry
X-CF-Lambda-Fn
X-Developer
X-Developers
X-A-Ccd
X-A-Dam
X-A-Dcw
X-A
Www
UCS
X-External-Request-Id
X-A-Dgt
X-A-Wwc
X-ARC
X-B-Cookie
X-Application
X-DPWN-IS-SECURE
X-Accel-Expires-Debug
X-Aed
X-Origin-CC
Ec-Rule-Version
X-ElasticPress-Search
X-Trv-Group
X-Twitter-Response-Tags
X-Transaction
X-Thinkindot-L3
X-Request-UUID
X-Region-Sid
X-Platform
X-Up
X-VG-WebServer
Xc-Version
X-VCT
X-Processor
X-Var-Ttl
X-Varnish-Authentication
X-Rewrite-Enabled
X-SRCache-Key
X-PAYTM-SRV-ID
X-Secret
X-ScT
X-Rojux
X-Server-Group
X-Origin-TTL
X-Cache-Backend
SRV
X-Rebelmouse-Cache-Control
Server-Int
Server-Host
X-Sedo-Request-Id
X-CGP
RNT-Time
X-Rebelmouse-Surrogate-Control
X-RateLimit-Remaining-Second
Pramga
X-Origin-Date
X-Webstats-RespID
X-Crawler
Proxy-Connection
X-RateLimit-Limit-Second
X-Cms-Context
X-Varnish-Url
X-Servername
RNT-Machine
X-F5-Cache
X-Refresh
X-SN
X-Dispatcher-Server
X-Distil-CS
X-Device-Os
X-SIPLIST1
X-Cache-Debug
X-C
X-Request-URI
X-Sf
X-Distributor
X-Epic-Correlation-Id
X-Cache-Info
X-Cache-Miss-From
X-TT-LOGID
X-ServiceProvider
X-Cache-Id
X-Cache-Host
X-Eu-Site
X-Reboot
X-Hash
X-Swa-Ws
True-Client-Country-4JS
X-Geo-Header
X-Location
Country-Code
CDCHOST
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
X-LI-UUID
Fastly-Backend-Name
Fastly-SWR
X-LI-Proto
Fastly-Soc-X-Request-Id
Fastly-SIE
Cache-Cookie-Set-From
Backend
X-No-Session
X-Nginx-Cache-Key
X-Node-Id
X-Page-Type
X-Origin-Expires
AKAMAI
Apple-News-Services-Handled
X-PHP-Host
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
X-Policy
Content-Disposition
X-Info
X-Irp-Debug
X-Proxy-Cache-Status
X-Proxy-Upstream
IsBot
Kp-EeAlive
Memcached
Magicmarker
Lfy
HA-Ipaddr
Heartbleed
X-LAGOON
Ha-Gx-Prefs
X-Li-Fabric
X-Qloud-Router
X-Li-Pop
User-Cache-Control
X-Wikidot-Static-Cache
X-Generated-On
X-MSEdge-Features
X-MSEdge-Flight
Web-Mar-Node
X-S-Maxage
X-Via-Edge
X-GeoIP-City
X-Server-IP
X-Amzn-Remapped-Date
X-Block-Status
X-GeoIP-Country-Code
X-Key
X-Hnp-Log
X-Gen-Mode
X-Amzn-Remapped-Connection
X-Skip-Cache
Pagetype
X-Thanos
X-Wikidot-Backend
X-Gateway-Cache-Status
X-Gateway-Cache-Key
X-Level-Front-Cache
X-Fetched-On
X-Variation
X-Fastly-Cache
X-Planisys-CDN-TTL
X-Sorting-Hat-ShopId
X-Via-SSL
X-Shopify-Stage
X-ShopId
X-User
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Sorting-Hat-PodId
X-Gateway-Skip-Cache
X-ShardId
X-Backend-Host
Section-Io-Cache
HTTPS
X-Alternate-Cache-Key
X-Amz-Meta-Cache-Control
Adler-Geo
Is-Eu
Fastly-SSL
Platform
SD-X-WS
X-Ah-Environment
X-Varnish-Beresp-Ttl
X-Amzn-Remapped-Content-Length
X-Real-Ip
X-Auto-Login
X-Cache-FS-Status
X-Cdn-Srv
X-WPE-Loopback-Upstream-Addr
X-Core-Mission
X-Bip
Fastcgi-Useragent
X-Backend-State
X-BBXSRF
X-Backend-Url
X-GZip
X-FireWall-Port
X-TrackingId
X-Cache-Bucket
Powered-By
X-CUA
X-Nc
X-Owner
X-Micro-Cache
X-Server-Time
X-Dc
X-RateLimit-Reset
Pragrma
Cteonnt-Length
Server-ID
DSUID
X-Original-Request
FNAC-ModuleRouting
X-Passed-To
X-Org
X-Returned-From-BeforeDispatch
X-Server-By
X-Stale
X-Svr
X-Returned-From-PostProcessResponse
X-Returned-From-DLL
X-Passed-To-DLL
X-Passed-To-PostProcessResponse
X-Returned-From
X-Passed-To-BeforeDispatch
ServerName
X-Actual-URL
X-Load-Cache
REQUESTUUID
X-Pjax-Url
Gh-Request-Id
X-HS-Cache-Config
VivaBuild
X-Aicache-OS
X-Croise-Owner
Viewtype
X-VServer
X-Unique-ID
Host-ID
X-Microcachable
X-CDN-Forward
Cdn-Host
Cdn-Request-Time
X-Edge-Server
Mime-Version
X-Apm-App-Name
X-CSRF-TOKEN
X-Cdn-Origin
X-NC
X-Apm-Svc-Key
X-Apm-Inst-Hash
X-Parent-Response-Time
V-Age
X-Sn-Servicetimems
X-Oss-Storage-Class
X-Exp-Se
X-Oss-Hash-Crc64ecma
MIME-Version
Cache
X-Ua-Device
Memory
Time
X-FPC
X-Oss-Object-Type
SID
Rt-Proxy-Cache
X-ND-Cache
X-Geo
X-Oss-Request-Id
X-Oss-Server-Time
ProcessTime
X-V
X-Wa
X-Gdpr
X-Served-From
X-Servedbyhost
PICS-Label
X-From-Cache
X-Req
X-URL
X-B3-Parentspanid
Odigeo-Trace-Id
Cf-Ipcountry
HostName
Wxu-Next-Region
Resin-Trace
Wxu-Next-Hostname
X-Tb-Optimization-Total-Bytes-Saved
Wxu-Next-Commit
X-HTML-Minification-Powered-By
X-Git-Hash
AR-SID
X-Optimization
X-Cache-HT
Cdn
X-DC
X-Newrelic-Synthetics
CF-IPCountry
X-Fstrz
Public-Key-Pins-Report-Only
X-Response-By
X-Lb-Id
X-GEO
X-Release
GMS-Ver
X-Varnish-Beresp-TTL
X-Atg-Version
Fastcgi-X-Cache-Version
Proxy-Firewall
X-LB-ID
X-TH-Server
X-WebServer
XServer
X-Vcl-Version
X-Phone
X-Fastly-Backend-Reqs
Processtime
WZWS-RAY
X-WR-MODIFICATION
X-Host-Name
X-Ratelimit-Remaining
X-Daa-Tunnel
X-Ratelimit-Limit
X-APP
X-Amz-Meta-Surrogate-Control
X-Instart-Info
X-CLOUD-TRACE-CONTEXT
X-Check-Cacheable
X-CACHE-AGE
Mobile-Detection-Method
X-We-Are-Hiring
GW-Server
CF-Cached-On
Countrycode
Backend-Name
X-Clientip
X-UE-Client-Country
X-Upstream-CT
X-Zone
X-Upstream-HT
X-Worker
X-Vcache
X-NGINX-Cache
Pics-Label
X-Hyper-Cache
SS
X-HS-Status
Ohc-File-Size
X-Nananana
352pxline
X-WA
219prxHost
188prxHost
178proxuri
189phosttRef
SN
225prxHost
286prxHost
355prline
X-Fastly-Country-Code
Xxline
409pxxline
X-ID
X-Server-W
X-Ratelimit-Reset
Lb
X-Backend-TTL
FSS-Cache
FSS-Proxy
X-PF-Uncompressing
X-ServedByHost
X-HS-Combine-CSS
X-CSRF-Token
X-IPS-LoggedIn
X-B3-SpanId
DataCenter
Version
Geoip-Latitude
X-Fpc
X-VHOST
GeoIp-Country-Code
X-UPSTREAM-Address
X-SERVER-NAME
X-Dynatrace
X-GZIP
X-Be
X-Render-Time
Geoip-City
Ohc-Cache-HIT
X-BE
Esi-Enabled
X-Request-Start
URI
WP-Super-Cache
X-UCC
X-GDPR
X-Contensis-Viewer-Groups
X-AssetVersion
GeoIP-Country-Code
GeoIP-City
X-LiteSpeed-Cache-Control
X-Gen-Id
GeoIP-Latitude
X-VCL-Version
X-CS
X-Unique-Id
X-Via-Ucdn
X-PJAX-URL
CDN
X-Varnish-Action
X-Akamai-Request-ID2
Who
X-FORWARDED-FOR
Dynatrace
X-HostName
Amp-Access-Control-Allow-Source-Origin
X-RequestId
Accept-Language
X-Fastly-Cache-Hits
X-Html-Edge-Cache
X-NGENIX-Cache
X-Vtex-Remote-Cache
Cneonction
RequestUuid
X-Vtex-Processado-Em
X-Pf-Uncompressing
X-Cache-URL
X-SRV
X-Cdn-Cache
Serverid
X-ZONE
X-Cache-Ttl
Accept-Ch
X-LiteSpeed-Tag
X-Store
Locale
X-Urbn-Context-Path
X-Reqid
X-Urbn-Site-Id
Server-Id
A
X-Hello
X-Request-Url
X-NWS-UUID-VERIFY
X-Via-NSCOPI
X-ABtesting
X-Flog
X-Akamai-SSL-Client-Sid
X-Dw-Trace-Id
Ohc-Response-Time
Is-Session-Tracking
X-Serial
X-HTML-Edge-Cache
RequestId
Get-Access-Time
X-Port
X-ServerName
NnCoection
Frontcache
X-Cdn-Request-ID
X-EC-Lua