Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
X-Powered-By
Link
ETag
CF-RAY
X-XSS-Protection
Expect-CT
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
CF-Cache-Status
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Xss-Protection
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-FRAME-OPTIONS
X-Drupal-Cache
X-Adblock-Key
Alt-Svc
X-Check
X-Cacheable
X-Generator
Content-Security-Policy-Report-Only
X-Cache-Status
CF-Ray
X-Request-ID
X-Permitted-Cross-Domain-Policies
X-AspNetMvc-Version
X-DNS-Prefetch-Control
X-Template
X-Language
Status
X-Iinfo
Content-Encoding
Timing-Allow-Origin
X-Buckets
X-Content-Security-Policy
X-CDN
Upgrade
Xkey
X-Turbo-Charged-By
X-Kinja-Server-Push
Keep-Alive
Access-Control-Expose-Headers
X-Backend
X-Pass-Why
X-Cache-Group
X-AH-Environment
P3p
Access-Control-Max-Age
X-Age
X-Drupal-Dynamic-Cache
X-Ua-Compatible
X-Pingback
X-Server
X-Proxy-Cache
X-Via
Grace
X-Amz-Request-Id
X-Amz-Id-2
X-Hacker
X-Robots-Tag
WPE-Backend
X-Nginx-Cache-Status
X-Server-Powered-By
X-Varnish-Cache
X-Page-Speed
X-UA-Device
EagleId
Request-Context
X-Envoy-Upstream-Service-Time
Cf-Railgun
X-Amz-Version-Id
X-LiteSpeed-Cache
X-WebKit-CSP
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Swift-SaveTime
X-Swift-CacheTime
X-OneAgent-JS-Injection
X-Device
Ali-Swift-Global-Savetime
Allow
Server-Timing
X-CST
X-Ac
X-Rq
X-Node
X-Type
X-Host
Feature-Policy
Content-Location
X-Server-Id
X-Cnection
X-Response-Time
Report-To
X-Backend-Server
X-Application-Context
Surrogate-Control
EagleEye-TraceId
X-Cloud-Trace-Context
X-Iejgwucgyu
X-ORACLE-DMS-ECID
X-Readtime
X-Origin-Cache
Request-Id
X-Rack-Cache
X-Url
X-Country
X-FTR-Request-ID
X-Cache-Lookup
X-Clacks-Overhead
X-Country-Code
NEL
Rating
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Instart-Request-ID
X-Ruxit-JS-Agent
Pinterest-Generated-By
X-Upstream-Env
X-Mod-Pagespeed
X-Dns-Prefetch-Control
X-Vhost
X-DynaTrace
X-Origin-Upstream-Status
X-Px
X-DataDome
Edge-Control
X-Goog-Hash
Verso
X-Server-Name
X-ESI
Accept-CH
X-ORACLE-DMS-RID
X-Dispatcher
X-HW
MS-Author-Via
X-GitHub-Request-Id
X-VARITI-CCR
PB-PID
Arc-Version
X-Mobile-Rewrite
Charset
PB-RID
AR-CACHE
X-MS-InvokeApp
AR-ATIME
AR-PoweredBy
X-DataStream-Cache-Status
X-Kinja
X-Use-Magma
X-Kinja-Revision
X-Cdn-Fetch
X-Kinja-Server
X-Exp-Variant
X-GoogleNews-Bot
X-Exp-Id
X-Kinja-Build
X-Cached
X-Version
Content-MD5
X-Powered-By-Plesk
X-Recruiting
Public-Key-Pins
Service-Worker-Allowed
Accept-CH-Lifetime
AR-Request-ID
X-D2id
X-Navigation-Version
X-Abt-Application-Version
RTSS
Ar-Sid
X-Vname
X-TtlSet
X-PC
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Ser
X-Varnish-TTL
X-TTL
X-Trace
X-Server-ID
X-Forwarded-Proto
X-Vcap-Request-Id
SPRequestGuid
X-Client-IP
X-DynaTrace-JS-Agent
X-Amz-Server-Side-Encryption
X-Country-Code-Real
X-FTR-DC
X-FTR-Cache-Status
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-Backend
X-FTR-Realm
X-SharePointHealthScore
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Fastly-Request-ID
X-VCache
X-FTR-Expires
X-Amz-Rid
Nginx-Cache
S
X-Amz-Meta-S3cmd-Attrs
X-XRDS-Location
Arr-Disable-Session-Affinity
X-Shield-Request-Id
X-Debug
TCN
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Dw-Request-Base-Id
X-Hits
SPIisLatency
X-Upstream-Proxy
X-Id
Pinterest-Version
X-Pinterest-Rid
SPRequestDuration
X-Ttl
X-Akam-SW-Version
DynaTrace
Access-Control-Request-Method
X-T
Front-End-Https
X-B3-TraceId
X-FTR-Cache-Host
X-Goog-Storage-Class
X-Oracle-Dms-Rid
X-Powered-CMS
X-NF-Request-ID
X-SERVER
X-Acc-Meta-Resource-Type
Realpath
X-MSEdge-Ref
Tracecode
X-Amzn-Trace-Id
Fastcgi-Cache
X-Varnish-Age
X-Aspnet-Version
X-N
Paypal-Debug-Id
X-Forwarded-For
X-Content-Type
X-Upstream
Alternate-Protocol
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
X-RateLimit-Remaining
X-Frontend
X-PressLabs-Stats
X-HS-Content-Id
X-HS-Hub-Id
X-Logged-In
X-Content-Digest
X-Sol
X-Middleton-Display
Display
Fusion-Content-Id
Fusion-Template-Id
Fusion-Source
Fusion-Content-Source
Fusion-Component-Id
AMP-Access-Control-Allow-Source-Origin
X-Middleton-Response
Response
X-Srv
X-Accel-Buffering
X-Hostname
X-Litespeed-Cache
X-Fastcgi-Cache
X-Pad
X-Kinsta-Cache
X-Accel-Expires
Server-Name
MicrosoftSharePointTeamServices
X-Content-Options
X-User-Agent
Host
X-Cache-Key
X-Analytics
Backend-Timing
Refresh
X-Correlation-Id
X-B3-Traceid
X-Debug-Info
X-DataStream-MidMile-RTT
X-LB-Cache
X-DataStream-Origin-MEX-Latency
X-DIS-Request-ID
X-Revision
X-Az
X-AppVersion
X-Rid
X-IPLB-Instance
X-Activity-Id
Accept-Charset
X-B
X-Amz-Apigw-Id
FilterID
X-Amzn-RequestId
X-Cache-Hit
ServerID
X-B3-Sampled
X-Cache-2
X-CF-Powered-By
Powered-By-ChinaCache
Surrogate-Key
X-FastCGI-Cache
X-Whom
X-Grace
X-Page-Id
Server-Info
TP-L2-Cache
TP-Cache
X-Request-Processing-Time
X-PHP-Backend
X-Request-Received
MS-CV
X-Varnish-Backend
X-Content-Security-Policy-Report-Only
X-Origin-Server
X-Amz-Replication-Status
Host-Header
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Akamai-Edgescape
X-TT
X-Framework
X-UA-Device-Type
Source
X-Cluster
X-Cache-Action
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-F-Cache
X-Mobile
X-Platform-Server
X-Tumblr-User
X-Webkit-CSP
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-FW-Static
X-Instance
X-FW-Type
X-FW-Hash
X-App-Environment
X-Cached-By
X-FW-Server
X-Drupal-Cache-Tags
Access-Control-Allow-Method
Cache-Status
X-FW-Serve
X-Ruxit-Js-Agent
X-RateLimit-Limit
X-Content-Powered-By
X-Varnish-Grace
X-SS-Set-Cookie
X-Request-Guid
X-Handled-By
X-Geo-Country
X-Zen-Fury
X-Magnolia-Registration
X-Ezoic-Cdn
X-Shard
X-FB-Debug
X-Cache-TTL
X-Forwarded-Host
Edge-Cache-Tag
From-Origin
X-ATG-Version
X-App-Server
X-GUploader-UploadID
X-Cache-Age
CACHE
X-Node-Name
DC
X-Varnish-Server
Cleartype
X-Varnish-Hostname
PageSpeed
X-Wix-Server-Artifact-Id
Cache-Tags
X-AOL-HN
X-BCube-Filmed-By
Payment
X-Cache-Control
X-Region
X-Response-Served-From
X-WebKit-CSP-Report-Only
Upgrade-Insecure-Requests
Filters
X-Generated-By
X-RequestSource
X-TX-ID
X-GeoIP
X-Adobe-Loc
Healthy
X-Adobe-Content
X-RTag
X-TT-TIMESTAMP
Cache-Tv-Group
Webserver
X-UUID
Country
Ms-Operation-Id
NGB
X-VG-WebCache
X-Signature
X-B-Cache
X-Drupal-Cache-Contexts
X-FW-Dynamic
Server-Node
X-Tumblr-Pixel-2
X-Storage
X-Tumblr-Pixel-1
X-Jobs
Retry-After
GEO-INFO
X-Redis-Cache
X-Content-Age
X-Varnish-Hits
Actual-Object-TTL
X-Seen-By
X-Cacheable-TTL
ServedBy
X-Cache-Rule
Liferay-Portal
X-Locale
X-XRDS-LOCATION
X-Via-JSL
Fastly-Restarts
X-Contextid
X-Guploader-Uploadid
Powered
X-Rendered-As
HitType
Frame-Options
X-Cache-TTL-Remaining
X-Varnish-IP
X-Oneagent-Js-Injection
X-BACKEND-TTL
X-Real-IP
X-GRACE
S-Cnection
Viewport
X-Yottaa-Optimizations
X-Yottaa-Metrics
Content-Style-Type
Content-Script-Type
X-WA-Info
X-Upgrade-Enabled
X-Cache-Server
X-Wix-Request-Id
ViewerVersion
X-Time
Eomportal-Instance
Datacenter
X-RemovedCookies
X-ProcessESI
X-Mode
Xserver
X-NewRelic-App-Data
X-Cache-Config
X-TA-CDN-Provider
X-Esi
X-Varnish-Cache-Hits
NtCoent-Length
X-Cache-NE
X-Path-Route
X-Proto
X-Proxied
X-ES-SERVER
X-Cache-Var
X-Akamai-Transformed
Machine
Meta-Geo
X-Hl-Ver
Cache-Hits
X-RN-RSRV
Cache-Key
Load-Balancing
X-Device-Type
X-Zipkin-Id
X-Endurance-Cache-Level
X-Cache-Var-Map
X-Routing-Service
X-Is-Bot
X-Detected-As
OT-Force-Account-Verify
We-Hiring
X-Backend-Name
X-Environment-Context
X-Hosted-By
X-Cache-Enabled
Vix-Hermes-Req-Id
X-L-Path
Webcakes-App-Name
X-Access
X-AWS-Id
Webcakes-Region
Webcakes-App-Version
X-From
Mn-Server-Ip
X-Section
TWC-GeoIP-Country
TWC-GeoIP-LatLong
TWC-Device-Class
TWC-Connection-Speed
Mail-Subject
Property-Id
TWC-Locale-Group
X-VWS-Id
X-VG-TLSProxy
X-Origin-Hint
X-Viewer-Country
X-LJ-Flow-ID
TWC-Privacy
Access-Control-Request-Headers
L5d-Success-Class
Azure-SlotName
Azure-Version
X-ServerID
DB-Nickname
X-Akamai-Request-ID
Azure-RegionName
X-Tb
X-Status
Azure-InstanceId
X-Proxy
X-Origin-Response-Time
X-Format
X-EIG-Tracking-Id
X-Birta-Served
X-Birta-Cache-Post
X-FW-Version
Now
X-S
X-Loop
X-Labrador-Cache-Channel
X-Time-Microsecs
Azure-SiteName
X-TNCMS
X-FC-Vary-Parameters
X-Timing-Wait
Decoy-Debug-TTL
X-JoinUs
Cache-Tag
S-Rt
X-BYPASS-REASON
Selected-FE
X-CCM
X-Proxy-Build
X-NCache
X-ProxyCache-Key
Decoy-Debug-Key
X-Varnish-Cacheable
X-Trace-Id
Decoy-Debug-Status
X-ProxyCache-Status
X-Via-Fastly
X-Xfnlog-Site
X-Www-Served-By
X-Cache-Category-Id
X-FB-TRIP-ID
NGX
X-Web-Node
X-Internal-Host
Origin-Edge-Control
Origin-Cache-Control
X-MP-GENERATED-AT
X-Debug-Cache
X-Tumblr-Pixel-3
X-Cdn
X-Via-CDN
X-Grey
X-Cache-Operation
Served-By
X-PCL
X-OCL
Uber-Trace-Id
X-Human
X-Rocket-Nginx-Bypass
X-Vgn-Hpd-Reason
X-IP
X-CDN-Cache
X-Site-Version
X-Generated
X-Origin-Host
X-VC-Cache
X-R9-Blue-Green-Version
X-EdgeConnect-Cache-Status
X-Dynatrace-Js-Agent
LB
AsisCache
X-NWS-LOG-UUID
X-Rule
X-Sucuri-ID
X-RCS-CacheZone
User-Agent
Pagespeed
X-Newrelic-App-Data
X-Cluster-Node
X-UA
Rt-Fastcgi-Cache
X-UnsetCookies
Release
X-Cache-Remote
X-App-Name
Hostname
X-ApacheServer
X-PERF
X-B3-Spanid
Nel
X-Ua
X-Nginx-Cache
X-Source
X-App-Version
X-Agile
X-Agile-Id
X-Agile-Age
X-CACHE-KEY
X-TIME
Cache-Name
X-Datadome
X-Request-Time
X-Edge-Location
X-Edge-IP
X-APP-VERSION
X-Ocache
X-Pubstack
X-Cdn-Forward
X-Origin
X-OVcl
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Hit
Warning
X-Protected-By
X-OVcl-Cache
X-Varnish-Beresp-Grace
X-Sucuri-Cache
X-Varnish-Beresp-Status
X-Cache-Expires
X-A
X-CF-Lambda-Version
X-IN-WAF
X-Cache-Grace
Cache-Prefix
Thinkindot-CacheControl
Server-Surrogate-Control
X-DPWN-IS-SECURE
Request-Time
X-A-Ccd
Server-Cache-Control
X-Destination
BehaviorPad-Version
Arc-Country
Thinkindot-Control
X-Instart-Isnd
X-Logtrace-Id
X-Developer
X-Debug-Log
UCS
Ajk
X-Cache-ASPX
Www
X-CF-Lambda-Fn
Thinkindot-CacheControl-Type
X-Mobile-URL
X-Matched-Rule
X-Developers
X-Core-Value
X-A-Wwc
MD5-Digest
Meta-Geo-Continent
Origin
X-Debug-Cache-Expiry
X-A-Dgt
X-D
X-Date
X-Accel-Expires-Debug
On-Server
X-Gannett-Site-Version
X-G
N-Cache
X-Aed
X-Debug-Cache-Store
X-Debug-Cookies
X-Debug-Cache-Fetch
X-External-Request-Id
X-Generated-In
X-B-Cookie
X-ARC
X-Hp-Webp
X-IN-APIGATEWAY
Request-EU
X-BB-ID
Node
Request-Country
Rendered-Blocks
X-Application
Fly-Cache
Fly-Request-Id
X-A-Dcw
X-A-Dam
Cross-Origin-Window-Policy
Ec-Rule-Version
X-Connection-Hash
X-PAYTM-SRV-ID
X-Origin-TTL
X-S-Cookie
X-SRCache-Key
X-Rojux
X-Origin-CC
X-Twitter-Response-Tags
X-Processor
X-Region-Sid
X-Secret
X-ScT
X-Up
X-Server-Group
X-NX-Host
X-Varnish-Authentication
X-Thinkindot-L3
X-NodeID
X-Request-UUID
X-Platform
Xc-Version
X-Rewrite-Enabled
X-VG-WebServer
X-VCT
X-ElasticPress-Search
X-Trv-Group
X-NU-AKA-ACS-Version
X-Transaction
X-Var-Ttl
X-Cache-Backend
SRV
X-RateLimit-Remaining-Second
Memcached
X-RateLimit-Limit-Second
Pramga
Magicmarker
X-Rebelmouse-Cache-Control
X-Eu-Site
X-Nginx-Cache-Key
X-Reboot
X-Crawler
X-F5-Cache
X-Rebelmouse-Surrogate-Control
X-Request-URI
X-Refresh
X-Distributor
X-ServiceProvider
True-Client-Country-4JS
X-Servername
X-Sf
X-TT-LOGID
X-Swa-Ws
X-SN
X-SIPLIST1
X-Sedo-Request-Id
X-Device-Os
RNT-Time
RNT-Machine
X-Epic-Correlation-Id
Lfy
Server-Host
X-Dispatcher-Server
Server-Int
X-Distil-CS
Proxy-Connection
HA-Ipaddr
AKAMAI
Apple-News-Services-Handled
X-Page-Type
X-Info
X-Cache-Id
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
X-PHP-Host
Backend
X-Cache-Host
Apple-News-Services-Request-Url
X-LAGOON
X-Origin-Expires
X-Location
X-Node-Id
X-No-Session
X-Cache-Miss-From
X-LI-UUID
X-LI-Proto
X-Origin-Date
X-Cache-Info
X-Li-Fabric
X-Li-Pop
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
X-CGP
X-Geo-Header
X-C
X-Proxy-Upstream
X-Proxy-Cache-Status
X-Cms-Context
Ha-Gx-Prefs
IsBot
X-Varnish-Url
X-Qloud-Router
Heartbleed
Fastly-SWR
X-Hash
X-Cache-Debug
CDCHOST
X-Webstats-RespID
Cache-Cookie-Set-Lfrom
Content-Disposition
Country-Code
Fastly-Soc-X-Request-Id
Fastly-SIE
Fastly-Backend-Name
X-Policy
Kp-EeAlive
X-Varnish-Ttl
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-GeoIP-Country-Code
X-GeoIP-City
X-Gateway-Skip-Cache
X-Generated-On
X-Planisys-CDN-Cache
X-Wikidot-Backend
X-MSEdge-Features
X-MSEdge-Flight
X-Level-Front-Cache
X-Irp-Debug
X-Wikidot-Static-Cache
X-Cdn-Srv
X-Gateway-Cache-Status
X-Core-Mission
X-ShopId
X-ShardId
X-Shopify-Stage
X-Skip-Cache
X-Sorting-Hat-PodId
X-Thanos
X-Server-IP
X-S-Maxage
X-Variation
X-Gateway-Cache-Key
X-Fetched-On
X-Fastly-Cache
X-User
X-Sorting-Hat-ShopId
X-Backend-Host
X-Varnish-Beresp-Ttl
X-Alternate-Cache-Key
X-Amz-Meta-Cache-Control
X-Amzn-Remapped-Content-Length
Is-Eu
X-Ah-Environment
X-WPE-Loopback-Upstream-Addr
Platform
Adler-Geo
Section-Io-Cache
Fastly-SSL
HTTPS
Fastcgi-Useragent
X-Bip
X-Cache-FS-Status
X-Backend-Url
X-BBXSRF
X-Auto-Login
X-Backend-State
X-Real-Ip
X-GZip
X-Key
X-Hnp-Log
X-Via-SSL
X-Via-Edge
Pagetype
User-Cache-Control
X-Nc
X-Server-Time
Web-Mar-Node
X-Owner
X-Block-Status
X-Amzn-Remapped-Date
X-Amzn-Remapped-Connection
X-Gen-Mode
X-Micro-Cache
X-CUA
SD-X-WS
Powered-By
X-FireWall-Port
X-Dc
Cteonnt-Length
X-Cache-Bucket
Server-ID
X-TrackingId
Pragrma
X-RateLimit-Reset
DSUID
X-Returned-From-DLL
X-Actual-URL
X-Returned-From-BeforeDispatch
FNAC-ModuleRouting
X-Stale
X-Passed-To-DLL
ServerName
X-Returned-From
X-Org
X-Passed-To
X-Server-By
X-Passed-To-BeforeDispatch
X-Original-Request
X-Svr
X-Returned-From-PostProcessResponse
X-Passed-To-PostProcessResponse
X-Load-Cache
X-Pjax-Url
VivaBuild
X-Unique-ID
REQUESTUUID
Viewtype
X-VServer
Host-ID
X-Croise-Owner
Gh-Request-Id
X-HS-Cache-Config
X-Aicache-OS
X-CDN-Forward
X-Microcachable
Cdn-Request-Time
X-Edge-Server
Cdn-Host
Mime-Version
X-Parent-Response-Time
X-Cdn-Origin
X-Apm-Svc-Key
X-CSRF-TOKEN
V-Age
X-Apm-App-Name
X-Sn-Servicetimems
X-Apm-Inst-Hash
X-NC
X-Ua-Device
Cache
MIME-Version
Time
X-Oss-Request-Id
X-ND-Cache
SID
X-Exp-Se
X-Geo
Rt-Proxy-Cache
Memory
X-Oss-Hash-Crc64ecma
X-FPC
X-Oss-Object-Type
X-Oss-Server-Time
X-Oss-Storage-Class
ProcessTime
X-V
X-Wa
X-Gdpr
X-Served-From
X-Servedbyhost
X-From-Cache
X-Req
PICS-Label
X-B3-Parentspanid
X-URL
Odigeo-Trace-Id
Cf-Ipcountry
Wxu-Next-Region
X-Tb-Optimization-Total-Bytes-Saved
HostName
Wxu-Next-Hostname
Wxu-Next-Commit
X-HTML-Minification-Powered-By
Resin-Trace
AR-SID
X-DC
X-Optimization
X-Cache-HT
X-Git-Hash
Cdn
X-Fstrz
CF-IPCountry
X-Newrelic-Synthetics
Public-Key-Pins-Report-Only
X-Response-By
X-Lb-Id
X-GEO
X-Release
GMS-Ver
X-Varnish-Beresp-TTL
X-Atg-Version
Fastcgi-X-Cache-Version
X-WebServer
Proxy-Firewall
X-TH-Server
XServer
X-LB-ID
X-Fastly-Backend-Reqs
Processtime
X-WR-MODIFICATION
X-Vcl-Version
X-Phone
WZWS-RAY
X-Ratelimit-Remaining
X-Daa-Tunnel
X-Ratelimit-Limit
X-APP
X-Host-Name
X-Instart-Info
X-Amz-Meta-Surrogate-Control
X-CACHE-AGE
X-CLOUD-TRACE-CONTEXT
X-Check-Cacheable
GW-Server
Backend-Name
X-Clientip
X-We-Are-Hiring
Countrycode
CF-Cached-On
Mobile-Detection-Method
X-UE-Client-Country
X-Upstream-HT
X-Upstream-CT
X-Zone
X-Hyper-Cache
X-HS-Status
X-Worker
Pics-Label
X-NGINX-Cache
SS
X-Vcache
Ohc-File-Size
X-Ratelimit-Reset
SN
X-Nananana
X-WA
X-Fastly-Country-Code
X-ID
X-Server-W
Lb
FSS-Cache
Xxline
409pxxline
355prline
X-HS-Combine-CSS
225prxHost
178proxuri
X-CSRF-Token
X-ServedByHost
188prxHost
189phosttRef
286prxHost
219prxHost
FSS-Proxy
352pxline
X-PF-Uncompressing
X-Backend-TTL
DataCenter
X-B3-SpanId
Version
X-UPSTREAM-Address
X-IPS-LoggedIn
X-VHOST
GeoIp-Country-Code
X-SERVER-NAME
Geoip-Latitude
X-Fpc
X-GZIP
X-Dynatrace
X-Request-Start
Geoip-City
X-Be
X-Render-Time
Ohc-Cache-HIT
URI
Esi-Enabled
X-BE
X-CS
GeoIP-Country-Code
GeoIP-City
GeoIP-Latitude
X-AssetVersion
X-Contensis-Viewer-Groups
X-UCC
X-GDPR
WP-Super-Cache
X-Gen-Id
X-LiteSpeed-Cache-Control
X-VCL-Version
X-Unique-Id
X-Via-Ucdn
CDN
X-Varnish-Action
X-PJAX-URL
X-Akamai-Request-ID2
Who
Amp-Access-Control-Allow-Source-Origin
X-HostName
X-FORWARDED-FOR
Dynatrace
RequestUuid
X-Fastly-Cache-Hits
X-NGENIX-Cache
X-RequestId
X-Cache-URL
X-Vtex-Remote-Cache
X-Vtex-Processado-Em
X-Pf-Uncompressing
X-SRV
Accept-Language
Cneonction
X-Html-Edge-Cache
X-Cache-Ttl
X-ZONE
Serverid
X-Cdn-Cache
Locale
Accept-Ch
X-LiteSpeed-Tag
X-Via-NSCOPI
X-ABtesting
Server-Id
A
X-Urbn-Context-Path
X-Urbn-Site-Id
X-Store
X-Hello
X-Request-Url
X-Flog
X-NWS-UUID-VERIFY
X-Akamai-SSL-Client-Sid
X-Dw-Trace-Id
X-Reqid
Is-Session-Tracking
X-Serial
RequestId
Frontcache
X-HTML-Edge-Cache
Ohc-Response-Time
X-Cdn-Request-ID
X-Port
X-ServerName
NnCoection
Get-Access-Time
X-EC-Lua