Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
X-Powered-By
ETag
Link
CF-RAY
X-XSS-Protection
Expect-CT
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
CF-Cache-Status
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Xss-Protection
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-FRAME-OPTIONS
X-Drupal-Cache
X-Adblock-Key
Alt-Svc
X-Check
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
X-Cache-Status
CF-Ray
X-Request-ID
X-AspNetMvc-Version
X-Permitted-Cross-Domain-Policies
X-DNS-Prefetch-Control
X-Template
X-Language
X-Iinfo
Status
Content-Encoding
Timing-Allow-Origin
X-Buckets
X-Content-Security-Policy
Upgrade
X-CDN
Xkey
X-Turbo-Charged-By
X-Kinja-Server-Push
Keep-Alive
Access-Control-Expose-Headers
X-Backend
X-Cache-Group
X-Pass-Why
X-AH-Environment
P3p
X-Age
Access-Control-Max-Age
X-Drupal-Dynamic-Cache
X-Ua-Compatible
X-Pingback
X-Server
X-Proxy-Cache
X-Via
Grace
X-Amz-Request-Id
X-Amz-Id-2
X-Hacker
WPE-Backend
X-Robots-Tag
X-Server-Powered-By
X-Nginx-Cache-Status
X-Varnish-Cache
X-Page-Speed
X-UA-Device
EagleId
Request-Context
X-Envoy-Upstream-Service-Time
Cf-Railgun
X-Amz-Version-Id
X-LiteSpeed-Cache
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Swift-SaveTime
X-Swift-CacheTime
X-WebKit-CSP
X-Device
Allow
X-OneAgent-JS-Injection
Ali-Swift-Global-Savetime
Server-Timing
X-Type
X-CST
X-Ac
X-Node
X-Rq
X-Host
Feature-Policy
Content-Location
X-Server-Id
X-Response-Time
X-Cnection
Report-To
X-Backend-Server
X-Application-Context
X-Iejgwucgyu
Surrogate-Control
EagleEye-TraceId
X-Cloud-Trace-Context
X-ORACLE-DMS-ECID
X-Readtime
X-Origin-Cache
X-Rack-Cache
Request-Id
X-Url
X-Country
X-FTR-Request-ID
X-Cache-Lookup
X-Clacks-Overhead
X-Country-Code
NEL
Rating
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Upstream-Env
X-Instart-Request-ID
X-Mod-Pagespeed
X-Dns-Prefetch-Control
X-Ruxit-JS-Agent
Pinterest-Generated-By
X-Vhost
X-DynaTrace
X-Px
X-Origin-Upstream-Status
X-DataDome
Edge-Control
X-Goog-Hash
X-Server-Name
Verso
X-ESI
Accept-CH
X-Dispatcher
X-HW
Charset
X-GitHub-Request-Id
X-VARITI-CCR
PB-PID
X-Mobile-Rewrite
PB-RID
Arc-Version
MS-Author-Via
X-MS-InvokeApp
X-DataStream-Cache-Status
X-Version
AR-CACHE
AR-PoweredBy
AR-ATIME
X-Cached
X-Kinja-Server
X-Kinja-Build
X-Kinja-Revision
X-Use-Magma
X-Cdn-Fetch
X-Kinja
X-Exp-Id
X-GoogleNews-Bot
X-Exp-Variant
Content-MD5
X-Recruiting
X-Powered-By-Plesk
X-ORACLE-DMS-RID
Public-Key-Pins
Service-Worker-Allowed
Accept-CH-Lifetime
X-D2id
X-TtlSet
X-Vname
X-PC
X-Navigation-Version
AR-Request-ID
X-TTL
RTSS
Ar-Sid
X-Abt-Application-Version
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Ser
X-Trace
X-Server-ID
X-Forwarded-Proto
SPRequestGuid
X-Client-IP
X-Vcap-Request-Id
X-Varnish-TTL
X-Oracle-Dms-Rid
X-Amz-Server-Side-Encryption
X-DynaTrace-JS-Agent
X-SharePointHealthScore
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-DC
X-FTR-Backend
X-FTR-Cache-Status
X-FTR-Realm
X-Amz-Rid
X-Country-Code-Real
X-Fastly-Request-ID
X-FTR-Expires
S
Arr-Disable-Session-Affinity
X-Amz-Meta-S3cmd-Attrs
X-Shield-Request-Id
Nginx-Cache
X-Debug
Pinterest-Version
X-Upstream-Proxy
X-Pinterest-Rid
X-Id
TCN
X-Dw-Request-Base-Id
X-VCache
X-Hits
X-XRDS-Location
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
SPIisLatency
SPRequestDuration
DynaTrace
X-Akam-SW-Version
X-B3-TraceId
Front-End-Https
Access-Control-Request-Method
X-Goog-Storage-Class
X-T
X-FTR-Cache-Host
X-Powered-CMS
X-SERVER
Realpath
X-NF-Request-ID
X-Acc-Meta-Resource-Type
Paypal-Debug-Id
Tracecode
X-Ttl
X-MSEdge-Ref
X-Amzn-Trace-Id
X-Varnish-Age
X-Aspnet-Version
Fastcgi-Cache
X-Forwarded-For
X-N
X-Content-Type
X-Mrf-Section-Lastmod
Mrf-Cache-Status
X-B3-TraceId-Primal
X-Mrf-Item-Lastmod
Alternate-Protocol
MRF-Tech
X-Upstream
X-RateLimit-Remaining
X-Accel-Buffering
Fusion-Source
Fusion-Component-Id
Fusion-Content-Id
Fusion-Content-Source
Fusion-Template-Id
X-Frontend
X-PressLabs-Stats
X-Logged-In
X-Content-Digest
X-HS-Content-Id
X-HS-Hub-Id
X-Sol
X-Middleton-Display
Display
X-Srv
X-Middleton-Response
Response
AMP-Access-Control-Allow-Source-Origin
X-Litespeed-Cache
X-Fastcgi-Cache
X-Kinsta-Cache
X-Hostname
X-Cache-Key
X-Pad
Server-Name
MicrosoftSharePointTeamServices
X-Accel-Expires
X-User-Agent
X-Content-Options
Refresh
Backend-Timing
X-DIS-Request-ID
Host
X-Analytics
X-Grace
X-Correlation-Id
X-IPLB-Instance
X-LB-Cache
X-B3-Traceid
X-AppVersion
X-Activity-Id
X-Rid
X-Revision
X-Az
X-B
Accept-Charset
X-Amz-Apigw-Id
FilterID
X-Amzn-RequestId
X-Debug-Info
ServerID
X-Cache-Hit
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
X-CF-Powered-By
X-Cdn
X-B3-Sampled
Powered-By-ChinaCache
X-Cache-2
Surrogate-Key
X-Page-Id
X-FastCGI-Cache
X-Whom
X-Ruxit-Js-Agent
Server-Info
X-PHP-Backend
X-Varnish-Backend
X-Request-Received
X-Request-Processing-Time
MS-CV
TP-L2-Cache
Host-Header
TP-Cache
X-Content-Security-Policy-Report-Only
X-F-Cache
X-Amz-Replication-Status
X-Akamai-Edgescape
Source
X-TT
X-Cache-Action
X-Cluster
X-Tumblr-User
X-Framework
X-Tumblr-Pixel-0
X-Tumblr-Pixel
VIX-Pulpo-Upstream-Status
X-Origin-Server
X-UA-Device-Type
VIX-Pulpo-Node
X-App-Environment
X-Webkit-CSP
X-FW-Hash
X-FW-Static
X-Mobile
X-FW-Server
X-FW-Type
X-FW-Serve
Cache-Status
X-Content-Powered-By
X-Varnish-Grace
X-Instance
X-Request-Guid
X-Drupal-Cache-Tags
X-Cached-By
X-Kong-Proxy-Latency
X-Platform-Server
X-Handled-By
Access-Control-Allow-Method
X-Kong-Upstream-Latency
X-Zen-Fury
X-RateLimit-Limit
X-Geo-Country
X-Magnolia-Registration
CACHE
X-Ezoic-Cdn
X-Shard
X-FB-Debug
X-SS-Set-Cookie
X-Cache-TTL
X-ATG-Version
X-Forwarded-Host
Edge-Cache-Tag
X-Wix-Server-Artifact-Id
From-Origin
X-App-Server
X-Cache-Age
DC
X-Oneagent-Js-Injection
Cleartype
X-Varnish-Server
X-Node-Name
X-Varnish-Hostname
PageSpeed
X-GUploader-UploadID
Cache-Tags
X-AOL-HN
X-XRDS-LOCATION
X-BCube-Filmed-By
X-Region
X-Cache-Control
Payment
X-Generated-By
X-B-Cache
X-Response-Served-From
X-Signature
X-RequestSource
X-WebKit-CSP-Report-Only
Filters
X-Adobe-Loc
X-GeoIP
X-Adobe-Content
X-TX-ID
Healthy
X-RTag
X-Seen-By
Upgrade-Insecure-Requests
Ms-Operation-Id
NGB
X-FW-Dynamic
Country
X-Tumblr-Pixel-1
X-Guploader-Uploadid
X-Tumblr-Pixel-2
X-UUID
Cache-Tv-Group
X-Redis-Cache
X-TT-TIMESTAMP
GEO-INFO
Webserver
Retry-After
X-Jobs
Server-Node
Actual-Object-TTL
X-VG-WebCache
X-Varnish-Hits
X-Content-Age
ServedBy
Liferay-Portal
X-Cacheable-TTL
X-Locale
X-Via-JSL
X-Drupal-Cache-Contexts
X-Storage
X-Cache-Rule
X-Contextid
X-Rendered-As
HitType
X-Varnish-IP
X-Cache-TTL-Remaining
Frame-Options
Powered
Fastly-Restarts
X-BACKEND-TTL
Viewport
ViewerVersion
X-Wix-Request-Id
X-WA-Info
Content-Script-Type
Content-Style-Type
S-Cnection
X-NewRelic-App-Data
X-Cache-Server
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Real-IP
NtCoent-Length
X-Upgrade-Enabled
Datacenter
X-RemovedCookies
X-Mode
X-Dynatrace-Js-Agent
X-TA-CDN-Provider
X-Cache-Config
Xserver
X-ProcessESI
Eomportal-Instance
X-Esi
X-Endurance-Cache-Level
X-Akamai-Transformed
X-Varnish-Cache-Hits
Machine
X-Proto
X-Is-Bot
X-Proxied
X-RN-RSRV
X-Zipkin-Id
X-Routing-Service
X-Hl-Ver
X-ES-SERVER
Meta-Geo
Load-Balancing
X-Cache-Var
X-Cache-Var-Map
X-Device-Type
X-Detected-As
Cache-Hits
X-Path-Route
Webcakes-App-Version
Webcakes-App-Name
We-Hiring
TWC-Privacy
Webcakes-Region
Access-Control-Request-Headers
X-Environment-Context
X-Cache-Enabled
X-Backend-Name
TWC-Locale-Group
TWC-GeoIP-LatLong
Mail-Subject
Cache-Key
X-Cache-NE
OT-Force-Account-Verify
Property-Id
TWC-GeoIP-Country
TWC-Device-Class
TWC-Connection-Speed
X-S
X-AWS-Id
X-LJ-Flow-ID
X-VWS-Id
X-Origin-Hint
X-Proxy
X-Status
X-L-Path
X-Viewer-Country
X-Hosted-By
X-FW-Version
L5d-Success-Class
X-Time
DB-Nickname
Mn-Server-Ip
Azure-SlotName
Azure-InstanceId
Azure-RegionName
Azure-SiteName
Azure-Version
X-From
X-TNCMS
X-Loop
X-Access
X-Format
X-EIG-Tracking-Id
Vix-Hermes-Req-Id
X-Section
X-Via-Fastly
X-VG-TLSProxy
X-FC-Vary-Parameters
X-ServerID
Now
X-Tb
X-CCM
X-BYPASS-REASON
X-Debug-Cache
X-JoinUs
X-Labrador-Cache-Channel
X-Birta-Served
X-Birta-Cache-Post
Origin-Edge-Control
S-Rt
Selected-FE
X-Akamai-Request-ID
X-NCache
X-Origin-Response-Time
X-Xfnlog-Site
Decoy-Debug-Key
Decoy-Debug-Status
Decoy-Debug-TTL
X-Varnish-Cacheable
X-Trace-Id
X-ProxyCache-Key
X-ProxyCache-Status
X-Time-Microsecs
X-Timing-Wait
Origin-Cache-Control
X-Proxy-Build
Served-By
X-IP
X-Web-Node
X-Www-Served-By
X-Tumblr-Pixel-3
X-Via-CDN
X-Origin-Host
X-Generated
X-MP-GENERATED-AT
X-Grey
X-Internal-Host
X-PCL
X-Site-Version
X-GRACE
X-Cache-Category-Id
X-OCL
X-Human
Uber-Trace-Id
NGX
X-FB-TRIP-ID
X-Cache-Operation
X-CDN-Cache
Cache-Tag
X-Vgn-Hpd-Reason
X-Rocket-Nginx-Bypass
User-Agent
AsisCache
LB
X-EdgeConnect-Cache-Status
X-VC-Cache
X-UA
X-Rule
X-Varnish-Ttl
X-Sucuri-ID
X-R9-Blue-Green-Version
Rt-Fastcgi-Cache
X-Cluster-Node
X-Newrelic-App-Data
Hostname
Pagespeed
X-NWS-LOG-UUID
X-Cache-Remote
X-RCS-CacheZone
X-UnsetCookies
Release
X-B3-Spanid
X-ApacheServer
X-PERF
X-App-Name
X-TIME
Nel
X-Agile-Age
X-Agile
X-Agile-Id
X-App-Version
Cache-Name
X-Nginx-Cache
X-Source
X-Ua
X-Edge-Location
X-Datadome
X-Edge-IP
X-Pubstack
X-APP-VERSION
X-Request-Time
X-Cdn-Forward
X-CACHE-KEY
X-Protected-By
X-Ocache
Warning
X-OVcl
X-Varnish-Beresp-Status
X-OVcl-Cache
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Real-Ip
Fastcgi-Useragent
X-Hit
X-Varnish-Beresp-Grace
X-D
X-Generated-In
Fly-Cache
X-Var-Ttl
X-Date
Ec-Rule-Version
X-Trv-Group
X-Transaction
X-Twitter-Response-Tags
On-Server
X-DPWN-IS-SECURE
X-SRCache-Key
N-Cache
BehaviorPad-Version
Node
X-CF-Lambda-Version
Meta-Geo-Continent
X-Origin
X-Developer
X-Destination
X-Developers
MD5-Digest
X-CF-Lambda-Fn
Ajk
Cache-Prefix
X-Debug-Log
X-G
X-Rojux
X-Thinkindot-L3
Origin
Cross-Origin-Window-Policy
X-ElasticPress-Search
X-Core-Value
X-Connection-Hash
X-ScT
X-External-Request-Id
X-S-Cookie
Arc-Country
X-Debug-Cookies
X-Rewrite-Enabled
X-Accel-Expires-Debug
X-NodeID
X-A-Dam
X-A-Ccd
Xc-Version
Thinkindot-CacheControl
X-A
Server-Surrogate-Control
X-Instart-Isnd
X-A-Dcw
Server-Cache-Control
X-Cache-ASPX
X-Origin-CC
X-NU-AKA-ACS-Version
Thinkindot-CacheControl-Type
Www
X-Logtrace-Id
SRV
X-BB-ID
X-B-Cookie
X-Application
X-ARC
X-Server-Group
X-Request-UUID
X-Nginx-Cache-Key
Thinkindot-Control
X-Processor
UCS
X-Mobile-URL
X-VG-WebServer
X-NX-Host
Rendered-Blocks
X-PAYTM-SRV-ID
Request-Time
X-Origin-TTL
X-Cache-Grace
Request-Country
X-Matched-Rule
X-IN-APIGATEWAY
X-IN-WAF
X-Hp-Webp
Request-EU
X-A-Wwc
X-Region-Sid
Fly-Request-Id
X-Cache-Expires
X-VCT
X-Aed
X-A-Dgt
X-Varnish-Authentication
X-Cache-Backend
Section-Io-Cache
X-Sucuri-Cache
X-Cms-Context
Pramga
X-Cache-Id
IsBot
Proxy-Connection
X-CUA
X-Crawler
X-SIPLIST1
Heartbleed
X-Cache-Info
Magicmarker
X-Cache-Host
X-Cache-FS-Status
Server-Int
X-Sf
Server-Host
X-Cache-Debug
RNT-Machine
X-Cache-Miss-From
X-C
True-Client-Country-4JS
Lfy
X-Secret
RNT-Time
Memcached
X-ServiceProvider
Kp-EeAlive
X-Geo-Header
X-Origin-Expires
X-Sedo-Request-Id
X-Origin-Date
X-Platform
X-Irp-Debug
X-Varnish-Url
X-Reboot
X-Hash
X-PHP-Host
X-Request-URI
X-Page-Type
Fastly-Soc-X-Request-Id
X-Webstats-RespID
X-Policy
X-RateLimit-Limit-Second
X-Qloud-Router
X-LI-Proto
X-Li-Pop
X-RateLimit-Remaining-Second
X-LI-UUID
X-Li-Fabric
X-No-Session
X-Node-Id
X-Proxy-Cache-Status
X-Proxy-Upstream
X-Location
X-Up
X-Refresh
Backend
Cache-Cookie-Set-Idcheck
X-Device-Os
AKAMAI
X-Distil-CS
X-Dispatcher-Server
Cache-Cookie-Set-Lfrom
CDCHOST
Fastly-Backend-Name
X-Debug-Cache-Expiry
X-Debug-Cache-Fetch
Country-Code
X-Debug-Cache-Store
X-Distributor
Cache-Cookie-Set-From
X-F5-Cache
X-Gannett-Site-Version
X-Swa-Ws
X-GZip
X-Planisys-CDN-Rules
X-LAGOON
X-Rebelmouse-Cache-Control
X-Fetched-On
X-Level-Front-Cache
X-S-Maxage
X-Hnp-Log
X-Amzn-Remapped-Date
X-Amzn-Remapped-Connection
X-GeoIP-City
X-Gen-Mode
X-Core-Mission
X-Auto-Login
X-Key
X-Eu-Site
X-Block-Status
X-Epic-Correlation-Id
X-Cdn-Srv
X-Planisys-CDN-TTL
X-Rebelmouse-Surrogate-Control
X-Generated-On
X-Planisys-CDN-Cache
X-BBXSRF
X-Info
X-MSEdge-Features
X-MSEdge-Flight
X-Bip
X-CGP
X-Thanos
X-Wikidot-Backend
X-Skip-Cache
X-SN
Fastly-SWR
Fastly-SSL
X-Shopify-Stage
Ha-Gx-Prefs
X-ShardId
X-ShopId
HTTPS
HA-Ipaddr
Fastly-SIE
X-Sorting-Hat-PodId
Apple-News-Services-Handled
X-Sorting-Hat-ShopId
X-Amz-Meta-Cache-Control
X-TT-LOGID
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Content-Disposition
X-Ah-Environment
X-Dc
Apple-News-Services-Request-Url
Pagetype
X-Wikidot-Static-Cache
SD-X-WS
X-Alternate-Cache-Key
User-Cache-Control
Web-Mar-Node
Powered-By
X-FireWall-Port
X-WPE-Loopback-Upstream-Addr
X-Varnish-Beresp-Ttl
X-Variation
X-Via-SSL
Adler-Geo
X-GeoIP-Country-Code
X-Fastly-Cache
X-Gateway-Cache-Status
X-Gateway-Cache-Key
X-Gateway-Skip-Cache
X-TrackingId
Platform
X-User
X-Amzn-Remapped-Content-Length
X-Backend-Host
X-Via-Edge
X-Cache-Bucket
X-Owner
X-Server-Time
Is-Eu
X-Servername
Pragrma
X-Micro-Cache
X-Nc
X-Server-IP
X-Backend-Url
X-Backend-State
X-RateLimit-Reset
X-Passed-To-PostProcessResponse
X-Passed-To-BeforeDispatch
X-Returned-From
X-Returned-From-DLL
X-Returned-From-BeforeDispatch
X-Passed-To
X-Original-Request
X-Passed-To-DLL
X-Returned-From-PostProcessResponse
X-Svr
X-Stale
X-Actual-URL
X-Server-By
Server-ID
X-Unique-ID
X-HS-Cache-Config
Host-ID
X-VServer
X-Croise-Owner
X-Microcachable
Cdn-Request-Time
VivaBuild
FNAC-ModuleRouting
X-Org
DSUID
X-Edge-Server
Viewtype
REQUESTUUID
X-Pjax-Url
ServerName
Cdn-Host
Cteonnt-Length
Mime-Version
X-Load-Cache
X-CDN-Forward
Gh-Request-Id
X-Aicache-OS
X-Parent-Response-Time
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-NC
X-Oss-Request-Id
X-Oss-Server-Time
SID
X-V
X-Oss-Storage-Class
Time
X-From-Cache
X-FPC
X-Sn-Servicetimems
V-Age
X-CSRF-TOKEN
X-Cdn-Origin
Memory
ProcessTime
X-Ua-Device
X-Apm-App-Name
X-Apm-Inst-Hash
X-Gdpr
X-Geo
Rt-Proxy-Cache
X-ND-Cache
X-Req
X-Apm-Svc-Key
X-Exp-Se
MIME-Version
PICS-Label
X-Servedbyhost
Odigeo-Trace-Id
X-Served-From
X-Tb-Optimization-Total-Bytes-Saved
X-URL
X-HTML-Minification-Powered-By
X-Wa
Cf-Ipcountry
X-Fstrz
X-B3-Parentspanid
Public-Key-Pins-Report-Only
X-Lb-Id
X-Optimization
X-GEO
X-Cache-HT
Cdn
X-Git-Hash
AR-SID
X-Newrelic-Synthetics
Wxu-Next-Hostname
CF-IPCountry
Wxu-Next-Region
Wxu-Next-Commit
Resin-Trace
X-Response-By
Fastcgi-X-Cache-Version
Cache
X-Webkit-Csp
GMS-Ver
HostName
X-Varnish-Beresp-TTL
X-DC
X-Vcache
X-Atg-Version
X-Ratelimit-Remaining
XServer
X-WR-MODIFICATION
Proxy-Firewall
X-Release
X-Vcl-Version
X-Amz-Meta-Surrogate-Control
X-TH-Server
X-Fastly-Backend-Reqs
WZWS-RAY
X-Ratelimit-Limit
X-APP
Processtime
X-WebServer
X-UE-Client-Country
X-Daa-Tunnel
Countrycode
X-LB-ID
X-Clientip
X-Phone
Mobile-Detection-Method
X-We-Are-Hiring
GW-Server
X-CLOUD-TRACE-CONTEXT
X-CACHE-AGE
X-Instart-Info
CF-Cached-On
SS
X-Hyper-Cache
X-WA
X-Zone
X-Host-Name
Ohc-File-Size
Backend-Name
X-HS-Status
X-Nananana
X-Fastly-Country-Code
X-NGINX-Cache
X-Check-Cacheable
X-Ratelimit-Reset
X-PF-Uncompressing
FSS-Cache
X-HS-Combine-CSS
FSS-Proxy
Pics-Label
X-Upstream-HT
X-Upstream-CT
Lb
X-CSRF-Token
X-Server-W
219prxHost
225prxHost
286prxHost
355prline
352pxline
X-ServedByHost
189phosttRef
X-Worker
Xxline
Geoip-Latitude
GeoIp-Country-Code
178proxuri
188prxHost
X-Backend-TTL
409pxxline
Amp-Access-Control-Allow-Source-Origin
DataCenter
X-Be
Ohc-Cache-HIT
X-Fpc
SN
X-SERVER-NAME
X-VHOST
Geoip-City
URI
X-IPS-LoggedIn
X-GZIP
X-Dynatrace
X-UPSTREAM-Address
Esi-Enabled
X-Render-Time
X-BE
Version
X-UCC
X-Request-Start
WP-Super-Cache
X-Gen-Id
X-LiteSpeed-Cache-Control
X-HostName
X-B3-SpanId
X-Varnish-Action
Who
X-CS
X-ID
X-NGENIX-Cache
X-Unique-Id
X-AssetVersion
X-Html-Edge-Cache
CDN
X-PJAX-URL
X-Cache-URL
X-VCL-Version
X-Contensis-Viewer-Groups
Dynatrace
X-FORWARDED-FOR
X-SRV
RequestUuid
GeoIP-City
GeoIP-Latitude
X-GDPR
X-Fastly-Cache-Hits
X-LiteSpeed-Tag
X-Via-Ucdn
GeoIP-Country-Code
X-Pf-Uncompressing
Cneonction
Serverid
X-Cache-Ttl
X-Cdn-Cache
X-Request-Url
A
X-NWS-UUID-VERIFY
RequestId
Accept-Language
X-Store
Server-Id
X-Akamai-Request-ID2
X-Vtex-Processado-Em
X-RequestId
X-Servedby
X-Vtex-Remote-Cache
X-Via-NSCOPI
Accept-Ch
X-ServerName
X-Pc-Appver
X-Pc-Key
X-Pc-Hit
X-Akamai-SSL-Client-Sid
X-Reqid
X-EC-Lua
Ohc-Response-Time
X-Port
Get-Access-Time
X-Dw-Trace-Id
IBM-Web2-Location
X-Generation-Time
Is-Session-Tracking
X-Serial
NnCoection
X-Cdn-Request-ID
X-HTML-Edge-Cache
Frontcache
X-ZONE