Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
X-Powered-By
Link
ETag
CF-RAY
X-XSS-Protection
Expect-CT
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
CF-Cache-Status
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Xss-Protection
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-FRAME-OPTIONS
CF-Ray
X-Drupal-Cache
X-Adblock-Key
Alt-Svc
X-Check
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
X-Cache-Status
X-Request-ID
X-Permitted-Cross-Domain-Policies
X-AspNetMvc-Version
X-DNS-Prefetch-Control
X-Template
X-Language
Status
X-Iinfo
Content-Encoding
Timing-Allow-Origin
X-Buckets
X-Content-Security-Policy
X-CDN
Upgrade
Xkey
X-Turbo-Charged-By
X-Kinja-Server-Push
P3p
Keep-Alive
Access-Control-Expose-Headers
X-Backend
X-Cache-Group
X-Pass-Why
X-AH-Environment
Access-Control-Max-Age
X-Age
X-Drupal-Dynamic-Cache
X-Ua-Compatible
X-Pingback
X-Server
X-Proxy-Cache
X-Via
X-Amz-Id-2
X-Amz-Request-Id
Grace
X-Hacker
WPE-Backend
X-Robots-Tag
X-Varnish-Cache
X-Server-Powered-By
X-Nginx-Cache-Status
X-Page-Speed
X-UA-Device
EagleId
Request-Context
X-Envoy-Upstream-Service-Time
Cf-Railgun
X-Amz-Version-Id
X-LiteSpeed-Cache
X-Swift-CacheTime
X-Swift-SaveTime
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-OneAgent-JS-Injection
X-WebKit-CSP
X-Device
Ali-Swift-Global-Savetime
Allow
Server-Timing
X-CST
X-Ac
X-Rq
X-Node
X-Type
X-Host
Feature-Policy
Content-Location
X-Server-Id
X-Cnection
X-Response-Time
Report-To
X-Backend-Server
X-Application-Context
Surrogate-Control
EagleEye-TraceId
X-Cloud-Trace-Context
X-Iejgwucgyu
X-ORACLE-DMS-ECID
X-Readtime
X-Origin-Cache
Request-Id
X-Rack-Cache
X-Url
X-Country
X-Dns-Prefetch-Control
X-FTR-Request-ID
X-Cache-Lookup
X-Clacks-Overhead
X-Country-Code
Rating
NEL
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Instart-Request-ID
Pinterest-Generated-By
X-Upstream-Env
X-Mod-Pagespeed
X-Ruxit-JS-Agent
X-Vhost
X-DynaTrace
X-Origin-Upstream-Status
X-Px
X-DataDome
Edge-Control
X-Goog-Hash
Verso
X-Server-Name
X-ESI
Accept-CH
X-Dispatcher
X-HW
X-GitHub-Request-Id
MS-Author-Via
X-VARITI-CCR
Charset
PB-PID
Arc-Version
PB-RID
X-Mobile-Rewrite
X-MS-InvokeApp
X-Exp-Variant
X-Exp-Id
X-Kinja
X-Use-Magma
X-Cdn-Fetch
X-Kinja-Server
AR-CACHE
X-GoogleNews-Bot
X-Kinja-Build
AR-ATIME
X-ORACLE-DMS-RID
X-Kinja-Revision
X-DataStream-Cache-Status
AR-PoweredBy
X-Version
X-Cached
Content-MD5
X-Powered-By-Plesk
X-Recruiting
Public-Key-Pins
Service-Worker-Allowed
Accept-CH-Lifetime
X-D2id
AR-Request-ID
X-Navigation-Version
X-Abt-Application-Version
RTSS
X-PC
X-TtlSet
X-Vname
Ar-Sid
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Ser
X-TTL
X-Trace
X-Server-ID
X-Varnish-TTL
X-Forwarded-Proto
X-Client-IP
SPRequestGuid
X-Vcap-Request-Id
X-Amz-Server-Side-Encryption
X-DynaTrace-JS-Agent
X-Country-Code-Real
X-FTR-Realm
X-FTR-DC
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-Backend
X-FTR-Cache-Status
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-Goog-Generation
X-SharePointHealthScore
Nginx-Cache
X-Amz-Rid
X-FTR-Expires
X-Fastly-Request-ID
X-VCache
S
X-Amz-Meta-S3cmd-Attrs
Arr-Disable-Session-Affinity
X-Shield-Request-Id
X-Oracle-Dms-Rid
X-Debug
TCN
X-Hits
X-Dw-Request-Base-Id
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-XRDS-Location
X-TEC-API-ROOT
Pinterest-Version
X-Id
X-Upstream-Proxy
SPRequestDuration
X-Ttl
SPIisLatency
X-Pinterest-Rid
DynaTrace
X-Akam-SW-Version
Access-Control-Request-Method
X-T
Front-End-Https
X-FTR-Cache-Host
X-Goog-Storage-Class
X-B3-TraceId
X-Powered-CMS
X-SERVER
X-NF-Request-ID
X-Acc-Meta-Resource-Type
Realpath
Tracecode
X-Amzn-Trace-Id
X-MSEdge-Ref
Fastcgi-Cache
X-N
Paypal-Debug-Id
X-Varnish-Age
X-Litespeed-Cache
X-Aspnet-Version
X-Forwarded-For
X-Content-Type
Alternate-Protocol
X-Upstream
Mrf-Cache-Status
X-B3-TraceId-Primal
MRF-Tech
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
X-RateLimit-Remaining
X-PressLabs-Stats
X-Sol
X-Middleton-Display
Display
X-Frontend
X-HS-Content-Id
X-Logged-In
X-HS-Hub-Id
X-Content-Digest
Fusion-Component-Id
Fusion-Content-Id
Fusion-Template-Id
Fusion-Source
Fusion-Content-Source
X-Middleton-Response
AMP-Access-Control-Allow-Source-Origin
Response
X-Srv
X-Hostname
X-Accel-Buffering
X-Fastcgi-Cache
X-Pad
X-Kinsta-Cache
X-Cache-Key
X-Accel-Expires
Server-Name
MicrosoftSharePointTeamServices
X-Content-Options
Host
X-User-Agent
X-Analytics
Backend-Timing
X-Correlation-Id
Refresh
X-B3-Traceid
X-DataStream-Origin-MEX-Latency
X-LB-Cache
X-Debug-Info
X-Revision
X-DIS-Request-ID
X-DataStream-MidMile-RTT
X-Az
X-Activity-Id
X-Rid
X-AppVersion
X-IPLB-Instance
X-B
X-Amzn-RequestId
X-Amz-Apigw-Id
Accept-Charset
FilterID
X-Cache-Hit
ServerID
X-Cache-2
X-CF-Powered-By
Powered-By-ChinaCache
Surrogate-Key
X-Grace
X-B3-Sampled
X-FastCGI-Cache
X-Page-Id
X-Ruxit-Js-Agent
X-Whom
Server-Info
X-PHP-Backend
TP-Cache
TP-L2-Cache
Host-Header
X-Request-Processing-Time
MS-CV
X-Request-Received
X-Varnish-Backend
X-Content-Security-Policy-Report-Only
X-Amz-Replication-Status
X-TT
VIX-Pulpo-Upstream-Status
Source
X-Akamai-Edgescape
VIX-Pulpo-Node
X-Framework
X-Cluster
X-Cache-Action
X-UA-Device-Type
X-Origin-Server
X-Mobile
X-Tumblr-Pixel
X-Platform-Server
X-Tumblr-Pixel-0
X-F-Cache
X-Tumblr-User
X-Cached-By
X-App-Environment
X-Webkit-CSP
X-FW-Static
X-FW-Type
X-Instance
Access-Control-Allow-Method
X-Kong-Upstream-Latency
X-FW-Serve
X-FW-Server
Cache-Status
X-Varnish-Grace
X-Kong-Proxy-Latency
X-Content-Powered-By
X-Drupal-Cache-Tags
X-FW-Hash
X-Request-Guid
X-Handled-By
X-Geo-Country
X-SS-Set-Cookie
X-Zen-Fury
X-Shard
X-Magnolia-Registration
X-Ezoic-Cdn
X-FB-Debug
X-RateLimit-Limit
X-Cache-TTL
X-Forwarded-Host
Edge-Cache-Tag
CACHE
X-ATG-Version
From-Origin
PageSpeed
X-GUploader-UploadID
X-App-Server
X-Cache-Age
X-Node-Name
DC
X-Varnish-Server
X-Varnish-Hostname
Cleartype
X-Wix-Server-Artifact-Id
Cache-Tags
X-AOL-HN
X-XRDS-LOCATION
X-BCube-Filmed-By
X-Cache-Control
Payment
X-Region
Filters
Upgrade-Insecure-Requests
X-RequestSource
X-Generated-By
Healthy
X-Response-Served-From
X-WebKit-CSP-Report-Only
X-Adobe-Loc
X-GeoIP
X-Adobe-Content
X-Signature
Ms-Operation-Id
X-B-Cache
Webserver
X-TT-TIMESTAMP
X-TX-ID
X-VG-WebCache
NGB
X-RTag
Country
Cache-Tv-Group
X-UUID
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
Retry-After
X-FW-Dynamic
X-Redis-Cache
X-Jobs
X-Storage
X-Drupal-Cache-Contexts
Server-Node
GEO-INFO
Actual-Object-TTL
X-Varnish-Hits
X-Content-Age
X-Cacheable-TTL
X-Locale
ServedBy
X-Seen-By
Liferay-Portal
X-Cache-Rule
Fastly-Restarts
X-Via-JSL
X-Contextid
X-Guploader-Uploadid
X-Rendered-As
Powered
HitType
Frame-Options
X-Cache-TTL-Remaining
X-Varnish-IP
X-Oneagent-Js-Injection
X-BACKEND-TTL
X-Real-IP
X-TA-CDN-Provider
S-Cnection
Viewport
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-WA-Info
Content-Style-Type
Content-Script-Type
X-Cache-Server
X-Upgrade-Enabled
X-Wix-Request-Id
ViewerVersion
X-RemovedCookies
X-ProcessESI
Datacenter
Eomportal-Instance
X-Dynatrace-Js-Agent
X-GRACE
X-Cache-Config
Xserver
X-Esi
X-Cache-NE
X-Varnish-Cache-Hits
X-NewRelic-App-Data
NtCoent-Length
X-Detected-As
X-Cache-Var-Map
X-Mode
X-Device-Type
X-Akamai-Transformed
X-ES-SERVER
Cache-Key
X-Cache-Var
X-Endurance-Cache-Level
X-Hl-Ver
Load-Balancing
Cache-Hits
X-Path-Route
X-Is-Bot
X-Proto
Machine
Meta-Geo
X-RN-RSRV
X-LJ-Flow-ID
X-VG-TLSProxy
X-Section
X-Hosted-By
X-Origin-Hint
X-L-Path
X-Cache-Enabled
TWC-GeoIP-Country
TWC-GeoIP-LatLong
TWC-Locale-Group
TWC-Privacy
TWC-Device-Class
TWC-Connection-Speed
Access-Control-Request-Headers
Mail-Subject
OT-Force-Account-Verify
Property-Id
Vix-Hermes-Req-Id
We-Hiring
X-Backend-Name
X-Environment-Context
X-From
X-VWS-Id
X-AWS-Id
X-Access
Webcakes-App-Name
Webcakes-App-Version
Webcakes-Region
X-Viewer-Country
L5d-Success-Class
X-Time
X-S
X-Birta-Served
X-Akamai-Request-ID
X-Birta-Cache-Post
Now
Azure-Version
Azure-RegionName
Azure-SiteName
Azure-SlotName
X-EIG-Tracking-Id
DB-Nickname
X-Format
X-Time-Microsecs
X-Tb
X-TNCMS
Mn-Server-Ip
X-FC-Vary-Parameters
X-Status
X-ServerID
X-FW-Version
X-Labrador-Cache-Channel
X-Origin-Response-Time
X-Proxy
Azure-InstanceId
X-Loop
X-ProxyCache-Status
X-ProxyCache-Key
X-Routing-Service
Cache-Tag
X-Timing-Wait
X-Proxy-Build
X-NCache
X-BYPASS-REASON
Selected-FE
X-CCM
X-IP
X-JoinUs
X-Trace-Id
X-Varnish-Cacheable
Origin-Edge-Control
Origin-Cache-Control
X-Debug-Cache
X-Via-CDN
X-Web-Node
Decoy-Debug-TTL
Decoy-Debug-Status
X-Via-Fastly
X-Xfnlog-Site
X-Zipkin-Id
Decoy-Debug-Key
S-Rt
X-Proxied
X-Tumblr-Pixel-3
X-Www-Served-By
X-Cdn
X-FB-TRIP-ID
NGX
X-Internal-Host
X-Human
X-Cache-Category-Id
X-OCL
X-MP-GENERATED-AT
X-Grey
X-PCL
X-Cache-Operation
Uber-Trace-Id
Served-By
X-Site-Version
X-Generated
X-Rocket-Nginx-Bypass
X-Vgn-Hpd-Reason
X-CDN-Cache
X-Origin-Host
X-VC-Cache
X-UA
X-R9-Blue-Green-Version
X-EdgeConnect-Cache-Status
X-NWS-LOG-UUID
AsisCache
LB
X-Sucuri-ID
X-Rule
User-Agent
X-Newrelic-App-Data
X-RCS-CacheZone
X-Cluster-Node
Rt-Fastcgi-Cache
X-Cache-Remote
Release
X-UnsetCookies
Hostname
X-ApacheServer
X-TIME
X-PERF
Nel
X-B3-Spanid
X-App-Name
Pagespeed
X-Agile
X-Agile-Age
X-Agile-Id
X-Nginx-Cache
X-APP-VERSION
X-Source
X-Varnish-Ttl
X-Datadome
X-Ua
Cache-Name
X-Edge-Location
X-Request-Time
X-App-Version
X-Edge-IP
X-Pubstack
X-Ocache
X-Cdn-Forward
Warning
X-Protected-By
X-CACHE-KEY
X-Hit
X-Origin
X-OVcl-Cache
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Sucuri-Cache
X-OVcl
X-Varnish-Beresp-Grace
X-ElasticPress-Search
X-VCT
X-Varnish-Beresp-Status
X-S-Cookie
X-A-Dgt
X-Aed
X-ScT
X-Accel-Expires-Debug
X-A-Wwc
Thinkindot-CacheControl
Meta-Geo-Continent
MD5-Digest
N-Cache
Node
On-Server
Fly-Request-Id
Fly-Cache
BehaviorPad-Version
Arc-Country
Cache-Prefix
Cross-Origin-Window-Policy
Ec-Rule-Version
Rendered-Blocks
Request-Country
Www
UCS
X-A
X-A-Ccd
X-A-Dam
Thinkindot-Control
Thinkindot-CacheControl-Type
Request-EU
Request-Time
Server-Cache-Control
Server-Surrogate-Control
X-A-Dcw
X-Processor
X-Developer
X-NX-Host
X-Developers
X-DPWN-IS-SECURE
X-Thinkindot-L3
X-Destination
X-Debug-Log
X-Debug-Cache-Store
X-Server-Group
X-Origin-CC
X-Transaction
X-Debug-Cookies
X-SRCache-Key
X-External-Request-Id
X-Matched-Rule
X-Logtrace-Id
X-Mobile-URL
X-NU-AKA-ACS-Version
X-NodeID
X-Instart-Isnd
X-IN-WAF
X-Gannett-Site-Version
X-G
X-Generated-In
X-Hp-Webp
X-IN-APIGATEWAY
X-Debug-Cache-Fetch
X-Trv-Group
X-Cache-ASPX
X-Region-Sid
X-Cache-Expires
X-Cache-Grace
X-Secret
X-BB-ID
X-B-Cookie
X-VG-WebServer
X-Rojux
X-Rewrite-Enabled
X-Request-UUID
X-Application
X-Varnish-Authentication
X-Var-Ttl
X-Origin-TTL
X-D
X-Date
Ajk
X-Debug-Cache-Expiry
X-Connection-Hash
X-Twitter-Response-Tags
X-Platform
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-PAYTM-SRV-ID
X-Up
Xc-Version
X-ARC
X-Cache-Backend
SRV
X-CGP
X-C
X-Li-Fabric
X-Swa-Ws
X-Cache-Debug
X-Proxy-Cache-Status
X-Cache-Info
X-Cache-Id
X-Cache-Host
X-Li-Pop
X-SN
X-LI-UUID
X-Webstats-RespID
Server-Int
Server-Host
Proxy-Connection
True-Client-Country-4JS
X-Varnish-Url
X-SIPLIST1
X-TT-LOGID
X-Location
X-Rebelmouse-Surrogate-Control
X-LI-Proto
X-Cms-Context
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Proxy-Upstream
X-F5-Cache
X-Eu-Site
X-Request-URI
X-Refresh
X-Rebelmouse-Cache-Control
X-Reboot
X-Hash
X-Geo-Header
X-Epic-Correlation-Id
X-Info
X-Irp-Debug
X-Sf
X-LAGOON
X-Crawler
X-Core-Value
X-ServiceProvider
X-Servername
X-Distributor
X-Distil-CS
X-Dispatcher-Server
X-Device-Os
Pramga
X-Policy
X-Origin-Date
Ha-Gx-Prefs
X-Origin-Expires
AKAMAI
Fastly-SWR
HA-Ipaddr
IsBot
Memcached
X-Node-Id
Magicmarker
Lfy
Kp-EeAlive
Fastly-Soc-X-Request-Id
Fastly-SIE
Apple-News-Services-Request-Url
Backend
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Apple-News-Services-Handled
CDCHOST
X-Page-Type
Fastly-Backend-Name
X-PHP-Host
Country-Code
Content-Disposition
X-No-Session
Heartbleed
Origin
X-ShardId
RNT-Machine
X-ShopId
X-Nginx-Cache-Key
X-Amzn-Remapped-Connection
X-Server-IP
X-WPE-Loopback-Upstream-Addr
RNT-Time
X-Amzn-Remapped-Date
SD-X-WS
X-Skip-Cache
X-Cdn-Srv
X-Sorting-Hat-PodId
X-Key
X-MSEdge-Features
X-Sedo-Request-Id
X-Core-Mission
X-Shopify-Stage
Fastly-SSL
X-Block-Status
X-Hnp-Log
X-Gateway-Skip-Cache
X-Gateway-Cache-Status
Adler-Geo
X-Generated-On
Platform
X-GeoIP-Country-Code
X-GeoIP-City
X-Gateway-Cache-Key
Cache-Cookie-Set-From
X-Fastly-Cache
Cache-Cookie-Set-Lfrom
X-S-Maxage
X-Fetched-On
X-Real-Ip
X-Qloud-Router
Cache-Cookie-Set-Idcheck
X-Cache-Miss-From
Web-Mar-Node
X-Wikidot-Backend
X-User
X-Planisys-CDN-TTL
Is-Eu
Section-Io-Cache
X-Backend-Host
X-Variation
X-Auto-Login
X-Planisys-CDN-Cache
X-MSEdge-Flight
X-Amz-Meta-Cache-Control
X-Alternate-Cache-Key
X-Wikidot-Static-Cache
X-Amzn-Remapped-Content-Length
X-Thanos
X-Ah-Environment
Pagetype
X-Backend-State
X-Sorting-Hat-ShopId
X-Backend-Url
X-Cache-FS-Status
X-Via-Edge
X-Via-SSL
User-Cache-Control
X-Varnish-Beresp-Ttl
X-Gen-Mode
X-Planisys-CDN-Rules
X-Level-Front-Cache
HTTPS
Fastcgi-Useragent
X-Bip
X-BBXSRF
X-GZip
X-FireWall-Port
Powered-By
X-Micro-Cache
X-Owner
X-TrackingId
X-Cache-Bucket
X-Server-Time
X-Nc
X-CUA
X-Dc
Pragrma
Server-ID
X-RateLimit-Reset
Cteonnt-Length
DSUID
X-Org
X-Passed-To
X-Passed-To-BeforeDispatch
X-Passed-To-PostProcessResponse
X-Original-Request
X-Stale
X-Server-By
ServerName
X-Actual-URL
X-Svr
FNAC-ModuleRouting
X-Returned-From-PostProcessResponse
X-Returned-From
X-Returned-From-BeforeDispatch
X-Returned-From-DLL
X-Passed-To-DLL
X-Load-Cache
X-HS-Cache-Config
X-Unique-ID
REQUESTUUID
Host-ID
X-Pjax-Url
Gh-Request-Id
Viewtype
X-VServer
X-Croise-Owner
VivaBuild
X-Aicache-OS
X-Edge-Server
Cdn-Host
X-Microcachable
X-CDN-Forward
Cdn-Request-Time
Mime-Version
X-Apm-Svc-Key
X-Sn-Servicetimems
X-Cdn-Origin
X-NC
X-Parent-Response-Time
X-Apm-Inst-Hash
X-FPC
V-Age
X-Apm-App-Name
X-Geo
X-ND-Cache
Rt-Proxy-Cache
X-Gdpr
X-Exp-Se
X-CSRF-TOKEN
X-Oss-Object-Type
SID
X-Ua-Device
X-Oss-Storage-Class
X-Oss-Hash-Crc64ecma
MIME-Version
X-Oss-Request-Id
X-Oss-Server-Time
X-V
X-Served-From
PICS-Label
Memory
Time
ProcessTime
X-From-Cache
X-Wa
X-Req
X-Servedbyhost
X-B3-Parentspanid
X-URL
Odigeo-Trace-Id
X-Tb-Optimization-Total-Bytes-Saved
X-Webkit-Csp
Cache
Cf-Ipcountry
X-HTML-Minification-Powered-By
Resin-Trace
HostName
Wxu-Next-Hostname
Wxu-Next-Commit
Wxu-Next-Region
AR-SID
X-Cache-HT
X-DC
X-Optimization
X-Git-Hash
Cdn
X-Newrelic-Synthetics
X-Fstrz
CF-IPCountry
X-Lb-Id
Public-Key-Pins-Report-Only
X-Response-By
X-GEO
X-Release
X-Ratelimit-Remaining
GMS-Ver
Fastcgi-X-Cache-Version
X-Varnish-Beresp-TTL
X-Atg-Version
XServer
X-WebServer
X-TH-Server
Proxy-Firewall
Processtime
X-Ratelimit-Limit
X-Phone
X-WR-MODIFICATION
X-LB-ID
WZWS-RAY
X-Daa-Tunnel
X-Fastly-Backend-Reqs
X-Vcl-Version
X-Host-Name
X-Instart-Info
X-APP
X-Amz-Meta-Surrogate-Control
X-CLOUD-TRACE-CONTEXT
X-CACHE-AGE
X-Check-Cacheable
X-We-Are-Hiring
Backend-Name
GW-Server
Countrycode
CF-Cached-On
Mobile-Detection-Method
X-UE-Client-Country
X-Clientip
X-Zone
X-Upstream-CT
X-Worker
X-WA
X-Vcache
X-Upstream-HT
X-Hyper-Cache
X-NGINX-Cache
SS
X-HS-Status
Ohc-File-Size
X-Server-W
225prxHost
Xxline
219prxHost
X-ID
286prxHost
SN
189phosttRef
352pxline
355prline
409pxxline
188prxHost
Pics-Label
X-Ratelimit-Reset
X-Nananana
X-CSRF-Token
X-ServedByHost
X-Fastly-Country-Code
178proxuri
Lb
X-HS-Combine-CSS
X-Backend-TTL
FSS-Cache
FSS-Proxy
X-PF-Uncompressing
X-IPS-LoggedIn
Geoip-Latitude
GeoIp-Country-Code
X-B3-SpanId
DataCenter
Version
Geoip-City
X-VHOST
X-UPSTREAM-Address
X-SERVER-NAME
X-Dynatrace
X-GZIP
X-Fpc
X-Render-Time
X-Request-Start
URI
Ohc-Cache-HIT
X-Be
X-BE
Esi-Enabled
X-Contensis-Viewer-Groups
X-AssetVersion
X-CS
X-Gen-Id
X-UCC
WP-Super-Cache
X-VCL-Version
X-LiteSpeed-Cache-Control
X-Unique-Id
X-GDPR
X-Varnish-Action
Who
X-PJAX-URL
GeoIP-City
CDN
X-Akamai-Request-ID2
GeoIP-Latitude
GeoIP-Country-Code
X-FORWARDED-FOR
Dynatrace
X-HostName
Amp-Access-Control-Allow-Source-Origin
X-Fastly-Cache-Hits
X-NGENIX-Cache
X-NWS-UUID-VERIFY
X-Vtex-Remote-Cache
X-Vtex-Processado-Em
X-Via-Ucdn
Accept-Language
X-RequestId
X-Html-Edge-Cache
X-Cache-URL
RequestUuid
X-SRV
X-Pf-Uncompressing
Cneonction
X-Cdn-Cache
Serverid
X-ZONE
X-Cache-Ttl
X-Urbn-Context-Path
Accept-Ch
X-Request-Url
X-Urbn-Site-Id
X-LiteSpeed-Tag
X-Hello
X-Via-NSCOPI
A
X-Reqid
X-Store
Locale
X-Flog
Server-Id
X-ABtesting
X-Akamai-SSL-Client-Sid
X-Port
Ohc-Response-Time
X-Cdn-Request-ID
X-Serial
X-HTML-Edge-Cache
Frontcache
Is-Session-Tracking
Get-Access-Time
X-EC-Lua
X-Dw-Trace-Id
X-ServerName
NnCoection
RequestId