Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
X-Powered-By
ETag
Link
CF-RAY
X-XSS-Protection
Expect-CT
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
X-Xss-Protection
CF-Cache-Status
X-Timer
Access-Control-Allow-Headers
X-Request-Id
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-FRAME-OPTIONS
X-Drupal-Cache
X-Adblock-Key
Alt-Svc
X-Check
X-Cacheable
X-Request-ID
X-Generator
Content-Security-Policy-Report-Only
X-Cache-Status
CF-Ray
X-AspNetMvc-Version
X-Permitted-Cross-Domain-Policies
X-DNS-Prefetch-Control
X-Template
X-Language
X-Iinfo
Status
Content-Encoding
Timing-Allow-Origin
X-Buckets
X-Content-Security-Policy
Upgrade
Xkey
X-CDN
X-Turbo-Charged-By
X-Kinja-Server-Push
P3p
Keep-Alive
Access-Control-Expose-Headers
X-Backend
X-Pass-Why
X-Cache-Group
X-AH-Environment
X-Age
Access-Control-Max-Age
X-Drupal-Dynamic-Cache
X-Ua-Compatible
X-Pingback
X-Server
X-Proxy-Cache
X-Via
Grace
X-Amz-Id-2
X-Amz-Request-Id
X-Hacker
WPE-Backend
X-Robots-Tag
X-Server-Powered-By
X-Nginx-Cache-Status
X-Varnish-Cache
X-Page-Speed
X-UA-Device
EagleId
Request-Context
X-Envoy-Upstream-Service-Time
Cf-Railgun
X-Amz-Version-Id
X-LiteSpeed-Cache
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Swift-SaveTime
X-Swift-CacheTime
X-WebKit-CSP
X-OneAgent-JS-Injection
X-Device
Allow
Ali-Swift-Global-Savetime
Server-Timing
X-Type
X-CST
X-Ac
X-Node
X-Rq
X-Server-Id
X-Host
Feature-Policy
Content-Location
X-Response-Time
X-Cnection
Report-To
X-Backend-Server
X-Application-Context
Surrogate-Control
X-Iejgwucgyu
EagleEye-TraceId
X-ORACLE-DMS-ECID
X-Cloud-Trace-Context
X-Readtime
X-Origin-Cache
X-Rack-Cache
Request-Id
X-Url
X-Country
X-FTR-Request-ID
X-Cache-Lookup
X-Clacks-Overhead
X-Country-Code
Rating
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
NEL
X-Instart-Request-ID
X-Upstream-Env
X-Ruxit-JS-Agent
X-Mod-Pagespeed
X-Dns-Prefetch-Control
Pinterest-Generated-By
X-Vhost
X-DynaTrace
X-Px
X-Origin-Upstream-Status
X-DataDome
Edge-Control
X-Goog-Hash
Verso
X-Server-Name
X-ESI
Accept-CH
X-Dispatcher
X-HW
Charset
X-VARITI-CCR
X-GitHub-Request-Id
PB-PID
PB-RID
X-Mobile-Rewrite
Arc-Version
MS-Author-Via
X-MS-InvokeApp
X-Kinja
X-Exp-Id
X-Kinja-Revision
X-Use-Magma
X-Kinja-Build
X-GoogleNews-Bot
X-Cdn-Fetch
X-Exp-Variant
X-Kinja-Server
X-Cached
AR-ATIME
AR-CACHE
X-Version
AR-PoweredBy
X-DataStream-Cache-Status
Content-MD5
X-Recruiting
X-Powered-By-Plesk
X-ORACLE-DMS-RID
Public-Key-Pins
Service-Worker-Allowed
Accept-CH-Lifetime
X-D2id
X-PC
X-TtlSet
X-Vname
AR-Request-ID
X-Navigation-Version
X-Abt-Application-Version
RTSS
Ar-Sid
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Ser
X-TTL
X-Trace
X-Varnish-TTL
X-Forwarded-Proto
SPRequestGuid
X-Client-IP
X-Vcap-Request-Id
X-DynaTrace-JS-Agent
X-Oracle-Dms-Rid
X-Amz-Server-Side-Encryption
X-FTR-Backend-Server
X-FTR-Backend
X-Country-Code-Real
X-FTR-Balancer
X-FTR-DC
X-FTR-Realm
X-FTR-Cache-Status
X-SharePointHealthScore
X-Goog-Stored-Content-Encoding
X-FTR-Expires
X-Amz-Rid
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-Fastly-Request-ID
S
Arr-Disable-Session-Affinity
Nginx-Cache
X-Amz-Meta-S3cmd-Attrs
X-Debug
X-Shield-Request-Id
TCN
X-Server-ID
Pinterest-Version
X-Pinterest-Rid
X-Upstream-Proxy
X-Cdn
X-Id
X-VCache
X-Dw-Request-Base-Id
X-Hits
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-XRDS-Location
X-Ttl
SPRequestDuration
SPIisLatency
X-Akam-SW-Version
Front-End-Https
Access-Control-Request-Method
DynaTrace
X-FTR-Cache-Host
X-T
X-Goog-Storage-Class
X-Powered-CMS
X-SERVER
Realpath
X-NF-Request-ID
X-Acc-Meta-Resource-Type
Paypal-Debug-Id
Tracecode
X-MSEdge-Ref
X-Amzn-Trace-Id
X-B3-TraceId
X-Varnish-Age
X-Aspnet-Version
Fastcgi-Cache
X-Forwarded-For
X-N
X-Content-Type
Alternate-Protocol
X-B3-TraceId-Primal
MRF-Tech
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
Mrf-Cache-Status
X-Upstream
X-RateLimit-Remaining
X-Frontend
X-Accel-Buffering
X-PressLabs-Stats
X-Logged-In
X-HS-Hub-Id
Fusion-Template-Id
Fusion-Component-Id
Fusion-Content-Id
Fusion-Content-Source
Fusion-Source
X-HS-Content-Id
X-Content-Digest
X-Middleton-Display
Display
X-Sol
X-Srv
X-Middleton-Response
Response
X-Hostname
AMP-Access-Control-Allow-Source-Origin
X-Fastcgi-Cache
X-Litespeed-Cache
X-Kinsta-Cache
X-B3-Traceid
X-Pad
X-Cache-Key
Server-Name
X-Accel-Expires
MicrosoftSharePointTeamServices
X-Content-Options
X-User-Agent
Refresh
Backend-Timing
X-Analytics
Host
X-Grace
X-Correlation-Id
X-DIS-Request-ID
X-Debug-Info
X-LB-Cache
X-Rid
X-Revision
X-IPLB-Instance
X-AppVersion
X-Activity-Id
X-Az
FilterID
Accept-Charset
X-Amz-Apigw-Id
X-B
X-Amzn-RequestId
X-CF-Powered-By
ServerID
X-DataStream-MidMile-RTT
X-Cache-Hit
X-DataStream-Origin-MEX-Latency
Powered-By-ChinaCache
X-B3-Sampled
X-Cache-2
Surrogate-Key
X-Page-Id
X-FastCGI-Cache
X-Whom
Server-Info
X-PHP-Backend
TP-L2-Cache
TP-Cache
X-Varnish-Backend
MS-CV
Host-Header
X-Request-Processing-Time
X-Content-Security-Policy-Report-Only
X-Request-Received
X-Amz-Replication-Status
X-Akamai-Edgescape
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-F-Cache
X-Origin-Server
X-UA-Device-Type
X-Tumblr-User
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Cluster
X-TT
X-Mobile
X-App-Environment
X-Cache-Action
X-Webkit-CSP
Source
X-FW-Hash
X-Platform-Server
X-FW-Type
X-FW-Serve
X-Instance
X-FW-Static
X-FW-Server
X-Framework
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Drupal-Cache-Tags
X-Content-Powered-By
Cache-Status
X-RateLimit-Limit
X-Varnish-Grace
X-Cached-By
Access-Control-Allow-Method
X-Handled-By
X-Ruxit-Js-Agent
X-Request-Guid
X-Zen-Fury
X-Geo-Country
X-SS-Set-Cookie
X-Magnolia-Registration
CACHE
X-FB-Debug
X-Ezoic-Cdn
X-Shard
X-Cache-TTL
X-ATG-Version
X-Forwarded-Host
Edge-Cache-Tag
From-Origin
X-Wix-Server-Artifact-Id
X-App-Server
X-Cache-Age
DC
X-Varnish-Server
Cleartype
X-Node-Name
X-Varnish-Hostname
PageSpeed
X-GUploader-UploadID
X-AOL-HN
Cache-Tags
X-XRDS-LOCATION
X-BCube-Filmed-By
X-Cache-Control
Payment
X-Signature
X-Generated-By
X-RequestSource
X-B-Cache
X-Response-Served-From
X-Region
Filters
X-WebKit-CSP-Report-Only
Upgrade-Insecure-Requests
Healthy
X-GeoIP
X-TX-ID
X-FW-Dynamic
X-Adobe-Loc
X-Adobe-Content
X-VG-WebCache
X-RTag
X-UUID
NGB
Ms-Operation-Id
GEO-INFO
X-TT-TIMESTAMP
X-Tumblr-Pixel-1
Country
Cache-Tv-Group
X-Tumblr-Pixel-2
Webserver
Server-Node
X-Seen-By
Retry-After
X-Drupal-Cache-Contexts
X-Redis-Cache
X-Jobs
X-Guploader-Uploadid
X-Via-JSL
X-Storage
X-Cacheable-TTL
X-Content-Age
X-Varnish-Hits
Actual-Object-TTL
ServedBy
X-Locale
Liferay-Portal
X-Cache-Rule
X-Contextid
X-Rendered-As
Fastly-Restarts
HitType
Frame-Options
Powered
X-Cache-TTL-Remaining
X-Varnish-IP
X-Oneagent-Js-Injection
X-BACKEND-TTL
Viewport
S-Cnection
ViewerVersion
X-WA-Info
X-Wix-Request-Id
Content-Style-Type
Content-Script-Type
X-Cache-Server
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-NewRelic-App-Data
X-Real-IP
X-Upgrade-Enabled
NtCoent-Length
Datacenter
X-Cache-Config
X-ProcessESI
Xserver
X-TA-CDN-Provider
Eomportal-Instance
X-RemovedCookies
X-Mode
X-Esi
Nel
X-Endurance-Cache-Level
X-Varnish-Cache-Hits
X-Cache-Var
X-Path-Route
X-Proxied
X-Cache-Var-Map
Meta-Geo
X-RN-RSRV
X-Proto
X-Device-Type
Machine
Load-Balancing
X-Akamai-Transformed
X-Routing-Service
X-ES-SERVER
X-Detected-As
X-Zipkin-Id
X-Is-Bot
X-Cache-NE
Property-Id
X-Hosted-By
X-Origin-Hint
X-Hl-Ver
Cache-Key
TWC-GeoIP-Country
L5d-Success-Class
Cache-Hits
X-Format
Mail-Subject
TWC-Connection-Speed
Access-Control-Request-Headers
TWC-Device-Class
OT-Force-Account-Verify
X-FW-Version
X-LJ-Flow-ID
TWC-Locale-Group
Webcakes-App-Version
Webcakes-Region
We-Hiring
X-Cache-Enabled
X-Access
X-VWS-Id
X-Viewer-Country
X-Status
X-VG-TLSProxy
X-S
Vix-Hermes-Req-Id
Webcakes-App-Name
X-Proxy
TWC-GeoIP-LatLong
X-AWS-Id
X-Backend-Name
X-Section
TWC-Privacy
X-EIG-Tracking-Id
X-Time
S-Rt
X-Birta-Cache-Post
DB-Nickname
Now
X-FC-Vary-Parameters
Azure-InstanceId
Azure-Version
X-From
X-Akamai-Request-ID
Azure-SlotName
Azure-SiteName
Azure-RegionName
X-Environment-Context
Mn-Server-Ip
X-Via-Fastly
X-Labrador-Cache-Channel
X-L-Path
X-Time-Microsecs
X-Loop
X-ServerID
X-Origin-Response-Time
X-Birta-Served
X-TNCMS
X-Tb
X-BYPASS-REASON
X-ProxyCache-Key
X-NCache
X-ProxyCache-Status
X-Proxy-Build
X-Debug-Cache
X-Trace-Id
Origin-Edge-Control
Origin-Cache-Control
X-IP
X-CCM
Decoy-Debug-TTL
X-Timing-Wait
X-JoinUs
Selected-FE
X-Varnish-Cacheable
Decoy-Debug-Status
X-Xfnlog-Site
Cache-Tag
Decoy-Debug-Key
X-Cache-Category-Id
X-OCL
X-PCL
X-Origin-Host
X-Tumblr-Pixel-3
X-Www-Served-By
X-Web-Node
X-MP-GENERATED-AT
Served-By
X-Grey
X-Internal-Host
X-Human
X-Via-CDN
X-GRACE
X-FB-TRIP-ID
X-Cache-Operation
X-Site-Version
X-Generated
Uber-Trace-Id
X-CDN-Cache
NGX
AsisCache
X-Vgn-Hpd-Reason
User-Agent
X-Rocket-Nginx-Bypass
X-EdgeConnect-Cache-Status
LB
X-VC-Cache
X-Dynatrace-Js-Agent
X-UA
X-Rule
X-R9-Blue-Green-Version
X-NWS-LOG-UUID
X-Sucuri-ID
X-Cluster-Node
Rt-Fastcgi-Cache
X-Newrelic-App-Data
Pagespeed
X-Cache-Remote
X-RCS-CacheZone
X-App-Name
X-B3-Spanid
X-ApacheServer
X-UnsetCookies
X-PERF
Release
X-TIME
Hostname
X-Agile-Id
X-Agile
X-Agile-Age
X-Source
X-Nginx-Cache
Cache-Name
X-APP-VERSION
X-Varnish-Ttl
X-Ua
X-Datadome
X-Edge-Location
X-Edge-IP
X-App-Version
X-Request-Time
X-Pubstack
X-CACHE-KEY
X-Protected-By
X-Ocache
X-Real-Ip
X-OVcl
X-Cdn-Forward
Fastcgi-Useragent
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-OVcl-Cache
X-Origin
X-Hit
X-D
X-CF-Lambda-Version
X-Connection-Hash
X-Date
X-Core-Value
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Debug-Cache-Store
X-Developer
X-Trv-Group
X-ElasticPress-Search
X-Twitter-Response-Tags
Request-Country
X-Up
Rendered-Blocks
X-Destination
X-Transaction
Ajk
X-Debug-Cache-Fetch
On-Server
Request-EU
X-Debug-Log
X-Debug-Cookies
X-Debug-Cache-Expiry
X-CF-Lambda-Fn
X-Accel-Expires-Debug
UCS
X-A-Wwc
X-Aed
X-Application
Server-Surrogate-Control
X-ARC
Fly-Cache
X-Server-Group
X-A-Ccd
Www
X-A-Dam
X-A-Dcw
Fly-Request-Id
X-A-Dgt
Ec-Rule-Version
Cross-Origin-Window-Policy
Arc-Country
BehaviorPad-Version
Server-Cache-Control
Meta-Geo-Continent
N-Cache
X-A
Node
X-Developers
X-Cache-Grace
X-B-Cookie
X-SRCache-Key
MD5-Digest
X-BB-ID
Cache-Prefix
X-Cache-ASPX
Request-Time
X-Var-Ttl
X-Nginx-Cache-Key
X-VCT
X-VG-WebServer
X-NodeID
X-Mobile-URL
X-Instart-Isnd
X-Rewrite-Enabled
X-IN-APIGATEWAY
X-IN-WAF
X-NU-AKA-ACS-Version
X-NX-Host
Warning
Xc-Version
X-Request-UUID
X-Region-Sid
X-Processor
X-Platform
X-Origin-CC
X-Origin-TTL
X-PAYTM-SRV-ID
X-Hp-Webp
X-Logtrace-Id
X-Generated-In
X-ScT
X-Varnish-Authentication
X-S-Cookie
X-Rojux
X-G
X-External-Request-Id
X-DPWN-IS-SECURE
X-Cache-Backend
Section-Io-Cache
X-Sucuri-Cache
X-Proxy-Upstream
X-Qloud-Router
True-Client-Country-4JS
X-Proxy-Cache-Status
X-Policy
X-PHP-Host
Thinkindot-Control
X-Distributor
X-Distil-CS
X-Origin-Expires
X-ServiceProvider
X-Sf
X-Rebelmouse-Cache-Control
X-Request-URI
X-Rebelmouse-Surrogate-Control
X-Reboot
X-Device-Os
X-Refresh
RNT-Machine
X-Dispatcher-Server
X-RateLimit-Limit-Second
X-Origin-Date
Thinkindot-CacheControl
Server-Host
Proxy-Connection
RNT-Time
X-RateLimit-Remaining-Second
Thinkindot-CacheControl-Type
X-Node-Id
X-Li-Fabric
X-CGP
X-Li-Pop
X-LI-Proto
X-Cache-Miss-From
X-Sedo-Request-Id
X-LAGOON
X-Irp-Debug
X-Hash
X-CUA
X-Geo-Header
X-Cms-Context
X-Info
X-Secret
X-Cache-Info
X-Cache-Id
X-Gannett-Site-Version
X-C
X-No-Session
X-Crawler
X-Eu-Site
X-F5-Cache
X-Cache-Debug
X-Matched-Rule
X-Cache-Host
X-LI-UUID
X-Location
X-Cache-FS-Status
X-Cache-Expires
X-Epic-Correlation-Id
Pramga
X-SIPLIST1
AKAMAI
X-Thinkindot-L3
X-Varnish-Url
IsBot
Lfy
Fastly-SIE
CDCHOST
X-TT-LOGID
X-SN
Fastly-Soc-X-Request-Id
Fastly-SWR
X-Skip-Cache
Ha-Gx-Prefs
Heartbleed
HA-Ipaddr
Fastly-Backend-Name
Kp-EeAlive
Apple-News-Services-Parsed-Url
Apple-News-Services-Handled
Cache-Cookie-Set-From
Apple-News-Services-Request-Url
Content-Disposition
Origin
Backend
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
Memcached
SRV
Magicmarker
Country-Code
X-Webstats-RespID
Apple-News-Services-Host
X-GZip
X-User
X-Thanos
Powered-By
X-Cdn-Srv
Adler-Geo
X-Swa-Ws
X-Core-Mission
X-Gateway-Cache-Key
X-Planisys-CDN-Cache
X-Page-Type
X-MSEdge-Flight
X-MSEdge-Features
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Wikidot-Backend
X-Dc
X-Ah-Environment
X-Servername
X-Level-Front-Cache
X-Key
X-Gateway-Skip-Cache
X-Gateway-Cache-Status
X-S-Maxage
X-Fetched-On
X-Gen-Mode
X-Generated-On
X-Hnp-Log
X-GeoIP-Country-Code
X-GeoIP-City
X-Fastly-Cache
X-Variation
Platform
X-Amz-Meta-Cache-Control
X-Alternate-Cache-Key
X-ShopId
Is-Eu
X-Sorting-Hat-ShopId
Server-Int
HTTPS
Pagetype
X-Server-IP
X-Sorting-Hat-PodId
Fastly-SSL
X-ShardId
User-Cache-Control
Web-Mar-Node
X-Amzn-Remapped-Connection
X-Wikidot-Static-Cache
X-Backend-Url
X-Backend-State
X-BBXSRF
X-Bip
X-Shopify-Stage
X-Block-Status
X-Auto-Login
X-Backend-Host
SD-X-WS
X-Amzn-Remapped-Content-Length
X-Amzn-Remapped-Date
X-Nc
X-WPE-Loopback-Upstream-Addr
X-FireWall-Port
X-Via-Edge
X-Micro-Cache
X-Via-SSL
X-Varnish-Beresp-Ttl
X-Owner
X-Cache-Bucket
X-Server-Time
X-TrackingId
Pragrma
X-Server-By
X-Svr
X-Returned-From
X-Returned-From-DLL
X-Returned-From-BeforeDispatch
X-Actual-URL
Server-ID
X-Stale
X-Passed-To-BeforeDispatch
X-Passed-To-DLL
X-Passed-To
X-Original-Request
X-Returned-From-PostProcessResponse
X-RateLimit-Reset
X-Passed-To-PostProcessResponse
X-Unique-ID
X-Croise-Owner
Host-ID
X-VServer
X-HS-Cache-Config
Cteonnt-Length
X-Microcachable
X-CDN-Forward
FNAC-ModuleRouting
X-Pjax-Url
VivaBuild
ServerName
Cdn-Request-Time
Cdn-Host
REQUESTUUID
X-Edge-Server
DSUID
X-Org
Mime-Version
Viewtype
X-Load-Cache
Gh-Request-Id
X-Aicache-OS
X-Parent-Response-Time
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
SID
X-NC
X-CLOUD-TRACE-CONTEXT
X-FPC
X-Oss-Request-Id
X-Oss-Server-Time
X-V
X-Oss-Storage-Class
V-Age
Memory
X-Ua-Device
X-Apm-App-Name
X-From-Cache
X-CSRF-TOKEN
X-Apm-Inst-Hash
X-Gdpr
X-Cdn-Origin
Time
X-Sn-Servicetimems
X-Apm-Svc-Key
X-ND-Cache
X-Geo
X-Req
Rt-Proxy-Cache
X-Exp-Se
ProcessTime
PICS-Label
MIME-Version
Odigeo-Trace-Id
X-Served-From
X-Servedbyhost
X-URL
X-Wa
X-HTML-Minification-Powered-By
X-Tb-Optimization-Total-Bytes-Saved
X-Fstrz
X-Lb-Id
Public-Key-Pins-Report-Only
CF-IPCountry
HostName
X-B3-Parentspanid
Resin-Trace
Cf-Ipcountry
X-Git-Hash
X-Cache-HT
X-Optimization
Cdn
X-GEO
AR-SID
X-Response-By
Wxu-Next-Region
Wxu-Next-Commit
X-Newrelic-Synthetics
Wxu-Next-Hostname
Fastcgi-X-Cache-Version
X-Varnish-Beresp-TTL
X-DC
GMS-Ver
Cache
X-Webkit-Csp
X-Vcache
X-Atg-Version
X-WR-MODIFICATION
X-Release
XServer
Processtime
Proxy-Firewall
X-Vcl-Version
X-Amz-Meta-Surrogate-Control
X-Fastly-Backend-Reqs
X-APP
X-Daa-Tunnel
WZWS-RAY
X-TH-Server
X-WebServer
X-Ratelimit-Remaining
X-Ratelimit-Limit
X-Clientip
X-UE-Client-Country
Mobile-Detection-Method
Countrycode
X-Phone
GW-Server
X-LB-ID
X-We-Are-Hiring
X-CACHE-AGE
X-Hyper-Cache
CF-Cached-On
X-WA
X-Instart-Info
SS
X-Nananana
X-Zone
Ohc-File-Size
X-Host-Name
Backend-Name
X-HS-Status
X-Fastly-Country-Code
X-NGINX-Cache
X-Check-Cacheable
FSS-Proxy
X-ServedByHost
FSS-Cache
Pics-Label
X-CSRF-Token
X-PF-Uncompressing
X-Ratelimit-Reset
X-HS-Combine-CSS
X-Worker
X-Upstream-CT
X-Upstream-HT
Lb
188prxHost
189phosttRef
219prxHost
Xxline
Geoip-Latitude
X-Server-W
GeoIp-Country-Code
225prxHost
178proxuri
352pxline
355prline
409pxxline
X-Backend-TTL
286prxHost
X-Be
Amp-Access-Control-Allow-Source-Origin
DataCenter
SN
X-SERVER-NAME
URI
X-VHOST
X-Fpc
Geoip-City
X-IPS-LoggedIn
Ohc-Cache-HIT
X-GZIP
X-Dynatrace
X-Render-Time
Esi-Enabled
X-LiteSpeed-Cache-Control
X-Request-Start
X-Gen-Id
X-BE
WP-Super-Cache
X-UCC
X-UPSTREAM-Address
X-B3-SpanId
Version
X-CS
X-Varnish-Action
Who
X-ID
X-Unique-Id
X-NGENIX-Cache
X-Contensis-Viewer-Groups
X-Html-Edge-Cache
X-VCL-Version
X-PJAX-URL
CDN
X-AssetVersion
X-Cache-URL
X-HostName
Dynatrace
X-FORWARDED-FOR
X-Via-Ucdn
X-LiteSpeed-Tag
Cneonction
X-GDPR
GeoIP-Latitude
GeoIP-Country-Code
GeoIP-City
RequestUuid
X-Fastly-Cache-Hits
X-Pf-Uncompressing
X-SRV
Serverid
X-Cache-Ttl
X-Cdn-Cache
X-Vtex-Remote-Cache
A
Server-Id
X-Store
X-ServerName
X-Akamai-Request-ID2
X-NWS-UUID-VERIFY
X-Servedby
Accept-Language
X-Request-Url
X-RequestId
X-Via-NSCOPI
X-Vtex-Processado-Em
RequestId
Accept-Ch
X-Pc-Appver
X-Pc-Hit
X-Pc-Key
X-Akamai-SSL-Client-Sid
X-Reqid
X-EC-Lua
X-Cdn-Request-ID
X-HTML-Edge-Cache
Ohc-Response-Time
X-Serial
X-Generation-Time
Frontcache
Is-Session-Tracking
Get-Access-Time
NnCoection
IBM-Web2-Location
X-Dw-Trace-Id
X-Port
X-ZONE