Threat Level: green Handler on Duty: Renato Marinho

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
X-Powered-By
Link
ETag
CF-RAY
X-XSS-Protection
Expect-CT
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
CF-Cache-Status
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-AspNet-Version
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-Xss-Protection
X-Drupal-Cache
X-Adblock-Key
Alt-Svc
X-Check
X-Cacheable
X-Request-ID
Content-Security-Policy-Report-Only
X-Cache-Status
X-Generator
CF-Ray
X-Permitted-Cross-Domain-Policies
X-AspNetMvc-Version
X-DNS-Prefetch-Control
X-Template
X-Language
Status
X-Iinfo
Content-Encoding
Timing-Allow-Origin
X-FRAME-OPTIONS
X-Buckets
X-Content-Security-Policy
X-CDN
Upgrade
Xkey
X-Turbo-Charged-By
X-Kinja-Server-Push
Keep-Alive
Access-Control-Expose-Headers
X-Backend
P3p
X-Cache-Group
X-Pass-Why
X-AH-Environment
Access-Control-Max-Age
X-Drupal-Dynamic-Cache
X-Age
X-Ua-Compatible
X-Pingback
X-Server
X-Via
X-Proxy-Cache
Grace
X-Amz-Id-2
X-Amz-Request-Id
X-Hacker
X-Robots-Tag
X-Varnish-Cache
X-Nginx-Cache-Status
WPE-Backend
X-Server-Powered-By
X-Page-Speed
X-UA-Device
EagleId
Request-Context
X-Envoy-Upstream-Service-Time
Cf-Railgun
X-Amz-Version-Id
X-WebKit-CSP
X-LiteSpeed-Cache
X-Swift-CacheTime
X-Swift-SaveTime
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-OneAgent-JS-Injection
X-Device
Ali-Swift-Global-Savetime
Allow
Server-Timing
X-Ac
X-Rq
X-Node
X-CST
X-Host
Content-Location
Feature-Policy
X-Server-Id
X-Cnection
X-Response-Time
X-Type
Report-To
X-Backend-Server
X-Cloud-Trace-Context
X-Application-Context
Surrogate-Control
EagleEye-TraceId
X-Iejgwucgyu
X-ORACLE-DMS-ECID
X-Url
X-Readtime
X-Origin-Cache
Request-Id
X-Rack-Cache
X-Country
X-FTR-Request-ID
X-Clacks-Overhead
X-Country-Code
X-Cache-Lookup
Rating
NEL
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Instart-Request-ID
X-Vhost
X-Ruxit-JS-Agent
X-DynaTrace
Pinterest-Generated-By
X-Mod-Pagespeed
X-Upstream-Env
X-Origin-Upstream-Status
X-Px
X-DataDome
Edge-Control
X-Goog-Hash
Verso
X-Server-Name
Accept-CH
X-ESI
X-HW
X-Dispatcher
X-ORACLE-DMS-RID
MS-Author-Via
X-DataStream-Cache-Status
X-VARITI-CCR
AR-ATIME
AR-PoweredBy
AR-CACHE
X-GitHub-Request-Id
PB-PID
X-Mobile-Rewrite
Arc-Version
PB-RID
X-MS-InvokeApp
X-Exp-Variant
X-Cdn-Fetch
X-Exp-Id
X-Kinja-Server
X-GoogleNews-Bot
X-Use-Magma
X-Kinja
X-Kinja-Revision
X-Kinja-Build
X-Cached
X-Version
Charset
Content-MD5
X-Dns-Prefetch-Control
X-Powered-By-Plesk
Public-Key-Pins
X-Recruiting
Service-Worker-Allowed
Accept-CH-Lifetime
AR-Request-ID
X-Navigation-Version
X-D2id
Ar-Sid
X-Abt-Application-Version
RTSS
X-PC
X-Vname
X-TtlSet
X-Ser
X-Server-ID
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Varnish-TTL
X-Trace
X-Amz-Server-Side-Encryption
X-TTL
X-Vcap-Request-Id
X-Forwarded-Proto
X-Client-IP
SPRequestGuid
X-DynaTrace-JS-Agent
Nginx-Cache
X-Country-Code-Real
X-FTR-DC
X-FTR-Cache-Status
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-Backend
X-FTR-Realm
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-FTR-Expires
X-VCache
X-Amz-Rid
X-SharePointHealthScore
S
X-Fastly-Request-ID
X-Amz-Meta-S3cmd-Attrs
X-Debug
X-XRDS-Location
Arr-Disable-Session-Affinity
TCN
X-Shield-Request-Id
X-Ttl
X-TEC-API-ROOT
X-Dw-Request-Base-Id
X-Hits
X-TEC-API-VERSION
X-TEC-API-ORIGIN
DynaTrace
SPIisLatency
SPRequestDuration
X-Upstream-Proxy
Pinterest-Version
X-Oracle-Dms-Rid
X-Pinterest-Rid
X-Akam-SW-Version
Access-Control-Request-Method
X-T
X-FTR-Cache-Host
X-SERVER
X-Goog-Storage-Class
X-Powered-CMS
X-Id
Front-End-Https
X-Litespeed-Cache
X-B3-TraceId
X-Aspnet-Version
X-NF-Request-ID
X-Acc-Meta-Resource-Type
Fastcgi-Cache
Tracecode
X-Amzn-Trace-Id
X-MSEdge-Ref
Realpath
X-N
X-Varnish-Age
Paypal-Debug-Id
X-Forwarded-For
X-Content-Type
X-Upstream
Alternate-Protocol
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
X-B3-TraceId-Primal
Mrf-Cache-Status
MRF-Tech
X-RateLimit-Remaining
X-Middleton-Display
X-Frontend
X-Logged-In
X-Sol
Display
X-PressLabs-Stats
X-HS-Content-Id
X-HS-Hub-Id
Fusion-Component-Id
Fusion-Content-Source
X-Middleton-Response
X-Content-Digest
Response
Fusion-Source
Fusion-Content-Id
Fusion-Template-Id
AMP-Access-Control-Allow-Source-Origin
X-Hostname
X-Cache-Key
X-Srv
X-Pad
X-Accel-Expires
X-Fastcgi-Cache
X-Accel-Buffering
X-Kinsta-Cache
MicrosoftSharePointTeamServices
Server-Name
X-B3-Traceid
Host
X-Analytics
Backend-Timing
X-Content-Options
X-User-Agent
X-Correlation-Id
X-Revision
X-Debug-Info
X-LB-Cache
X-Amzn-RequestId
Refresh
X-Activity-Id
X-Az
X-DataStream-Origin-MEX-Latency
X-AppVersion
X-DataStream-MidMile-RTT
X-Rid
X-Amz-Apigw-Id
Accept-Charset
FilterID
X-IPLB-Instance
X-Cache-2
X-B
X-Grace
X-B3-Sampled
X-Cache-Hit
X-DIS-Request-ID
Powered-By-ChinaCache
Surrogate-Key
X-CF-Powered-By
X-FastCGI-Cache
ServerID
X-Page-Id
X-Whom
Server-Info
TP-L2-Cache
TP-Cache
X-PHP-Backend
MS-CV
X-Request-Received
X-Webkit-CSP
Host-Header
X-Request-Processing-Time
X-Content-Security-Policy-Report-Only
X-Ruxit-Js-Agent
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Akamai-Edgescape
X-Kong-Proxy-Latency
X-Varnish-Backend
X-Origin-Server
X-Amz-Replication-Status
X-Cached-By
X-TT
Source
X-Kong-Upstream-Latency
Cache-Status
X-Cluster
X-Cache-Action
X-Framework
X-UA-Device-Type
X-App-Environment
Access-Control-Allow-Method
X-GUploader-UploadID
X-Tumblr-Pixel
X-Tumblr-User
X-Tumblr-Pixel-0
X-Platform-Server
X-Mobile
X-Content-Powered-By
X-FW-Hash
X-F-Cache
X-Varnish-Grace
X-FW-Serve
X-FW-Type
X-FW-Static
X-FW-Server
X-Drupal-Cache-Tags
X-Request-Guid
X-Shard
X-RateLimit-Limit
X-Instance
X-Ezoic-Cdn
X-FB-Debug
X-SS-Set-Cookie
X-Zen-Fury
X-Handled-By
X-Geo-Country
X-Forwarded-Host
X-Magnolia-Registration
X-Cache-TTL
Edge-Cache-Tag
PageSpeed
From-Origin
X-ATG-Version
X-Node-Name
X-Cache-Age
X-Varnish-Hostname
X-App-Server
CACHE
DC
X-Varnish-Server
Cache-Tags
Cleartype
X-BCube-Filmed-By
X-AOL-HN
X-Cache-Control
Payment
X-Region
Upgrade-Insecure-Requests
Healthy
X-WebKit-CSP-Report-Only
X-Response-Served-From
Filters
X-RequestSource
X-Generated-By
X-TX-ID
X-GeoIP
X-Adobe-Loc
X-Adobe-Content
Server-Node
Ms-Operation-Id
X-Storage
Cache-Tv-Group
X-TT-TIMESTAMP
Country
X-VG-WebCache
X-UUID
X-RTag
Webserver
NGB
X-Redis-Cache
Retry-After
X-B-Cache
X-Cache-Rule
Actual-Object-TTL
X-FW-Dynamic
X-Drupal-Cache-Contexts
X-Jobs
Fastly-Restarts
X-Signature
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-Locale
X-XRDS-LOCATION
X-Content-Age
X-Cacheable-TTL
X-Varnish-Hits
GEO-INFO
ServedBy
Liferay-Portal
X-Wix-Server-Artifact-Id
X-Seen-By
X-Contextid
Powered
X-TA-CDN-Provider
Frame-Options
X-Oneagent-Js-Injection
HitType
X-Rendered-As
X-Via-JSL
X-Cache-TTL-Remaining
X-Varnish-IP
X-Real-IP
X-BACKEND-TTL
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-WA-Info
S-Cnection
Viewport
X-Guploader-Uploadid
Eomportal-Instance
X-ProcessESI
X-RemovedCookies
X-Esi
X-Upgrade-Enabled
X-Cache-Server
Content-Script-Type
Content-Style-Type
X-Cache-NE
X-Mode
NtCoent-Length
Datacenter
X-Cache-Config
X-Akamai-Transformed
X-Varnish-Cache-Hits
Meta-Geo
X-Detected-As
X-Device-Type
X-Is-Bot
X-ES-SERVER
X-Cache-Var-Map
X-Path-Route
X-Proxied
X-Cache-Var
X-RN-RSRV
X-Routing-Service
X-Hl-Ver
X-Zipkin-Id
Cache-Key
X-Proto
Load-Balancing
Machine
X-From
Mn-Server-Ip
X-S
Cache-Hits
X-Section
TWC-Privacy
X-AWS-Id
TWC-Locale-Group
X-Access
Webcakes-Region
X-Tb
Webcakes-App-Version
We-Hiring
X-Endurance-Cache-Level
Vix-Hermes-Req-Id
Webcakes-App-Name
X-Origin-Hint
OT-Force-Account-Verify
X-Environment-Context
X-L-Path
TWC-Connection-Speed
X-FC-Vary-Parameters
X-Hosted-By
Property-Id
Mail-Subject
X-Cache-Enabled
X-Viewer-Country
TWC-GeoIP-Country
X-VG-TLSProxy
X-LJ-Flow-ID
TWC-Device-Class
Access-Control-Request-Headers
X-VWS-Id
TWC-GeoIP-LatLong
L5d-Success-Class
X-Cdn
Origin-Cache-Control
Origin-Edge-Control
X-Wix-Request-Id
S-Rt
X-TNCMS
DB-Nickname
Azure-SiteName
Azure-RegionName
Azure-SlotName
Azure-Version
X-Via-CDN
X-ServerID
ViewerVersion
X-Labrador-Cache-Channel
X-Loop
X-EIG-Tracking-Id
X-Format
X-FW-Version
X-Debug-Cache
X-Birta-Served
X-Origin-Response-Time
X-Time
X-Akamai-Request-ID
X-Backend-Name
X-Birta-Cache-Post
Azure-InstanceId
X-Time-Microsecs
X-Cache-Operation
X-Proxy
Xserver
NGX
X-Web-Node
X-FB-TRIP-ID
X-BYPASS-REASON
X-CCM
X-NCache
X-Status
X-Tumblr-Pixel-3
X-Proxy-Build
X-ProxyCache-Status
X-PCL
X-OCL
Now
Cache-Tag
Selected-FE
X-Timing-Wait
Decoy-Debug-Key
Decoy-Debug-Status
X-Xfnlog-Site
X-Via-Fastly
X-Human
X-IP
Decoy-Debug-TTL
X-GRACE
X-ProxyCache-Key
X-JoinUs
X-Trace-Id
X-Varnish-Cacheable
X-Grey
X-Generated
X-Rocket-Nginx-Bypass
X-Cache-Category-Id
X-MP-GENERATED-AT
X-Vgn-Hpd-Reason
X-Site-Version
X-Www-Served-By
Uber-Trace-Id
X-UA
X-VC-Cache
X-RCS-CacheZone
X-CDN-Cache
Served-By
X-Dynatrace-Js-Agent
X-NWS-LOG-UUID
X-R9-Blue-Green-Version
X-NewRelic-App-Data
X-Internal-Host
X-EdgeConnect-Cache-Status
X-Newrelic-App-Data
X-Rule
X-Cache-Remote
X-Origin-Host
LB
X-Sucuri-ID
AsisCache
Release
X-UnsetCookies
X-TIME
X-Cluster-Node
Nel
Rt-Fastcgi-Cache
X-App-Name
User-Agent
X-ApacheServer
X-PERF
X-APP-VERSION
X-B3-Spanid
X-Datadome
X-Nginx-Cache
X-Source
Pagespeed
X-Agile
X-Agile-Age
X-Agile-Id
Hostname
X-Request-Time
Cache-Name
X-Ua
X-Ocache
X-Edge-Location
X-OVcl-Cache
X-Hit
X-Goog-Meta-Goog-Reserved-File-Mtime
X-OVcl
X-Origin
X-App-Version
X-Origin-TTL
X-Origin-CC
Warning
X-VCT
X-Sucuri-Cache
X-Pubstack
X-Edge-IP
X-ElasticPress-Search
Thinkindot-Control
Thinkindot-CacheControl-Type
X-A
X-Varnish-Authentication
Www
UCS
X-Up
Thinkindot-CacheControl
X-A-Wwc
X-Twitter-Response-Tags
X-Accel-Expires-Debug
X-A-Dgt
X-A-Dcw
X-Trv-Group
X-A-Ccd
X-A-Dam
X-Var-Ttl
Rendered-Blocks
Ec-Rule-Version
Fly-Cache
Fly-Request-Id
MD5-Digest
Cross-Origin-Window-Policy
Cache-Prefix
Ajk
Arc-Country
BehaviorPad-Version
N-Cache
Node
Request-Time
Server-Cache-Control
Xc-Version
X-VG-WebServer
Request-EU
Request-Country
On-Server
Origin
X-Transaction
Server-Surrogate-Control
X-Secret
X-Date
X-D
X-IN-WAF
X-IN-APIGATEWAY
X-Debug-Cache-Expiry
X-Core-Value
X-Instart-Isnd
X-Connection-Hash
X-Mobile-URL
X-Matched-Rule
X-Logtrace-Id
X-Debug-Cache-Fetch
X-Hp-Webp
X-DPWN-IS-SECURE
X-Developers
X-Developer
X-Destination
X-Debug-Cookies
X-External-Request-Id
X-Generated-In
X-Gannett-Site-Version
X-G
X-Debug-Cache-Store
X-NodeID
X-NU-AKA-ACS-Version
X-B-Cookie
X-ScT
X-BB-ID
X-S-Cookie
X-Cache-ASPX
X-Debug-Log
X-ARC
X-Thinkindot-L3
X-SRCache-Key
X-Application
X-Server-Group
X-Cache-Expires
X-Rojux
X-Platform
X-PAYTM-SRV-ID
X-CF-Lambda-Version
X-NX-Host
X-Processor
X-Region-Sid
X-Rewrite-Enabled
X-Request-UUID
X-Cache-Grace
X-CF-Lambda-Fn
X-Aed
Meta-Geo-Continent
X-Protected-By
X-Cache-Backend
X-Varnish-Ttl
Server-Int
X-Proxy-Upstream
Server-Host
X-TT-LOGID
X-Proxy-Cache-Status
SRV
True-Client-Country-4JS
X-Irp-Debug
X-Crawler
X-Policy
X-Info
RNT-Time
Proxy-Connection
X-F5-Cache
Pramga
X-LI-Proto
X-Refresh
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
RNT-Machine
X-Qloud-Router
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Key
User-Cache-Control
X-Location
X-Li-Fabric
X-Amzn-Remapped-Date
X-Amzn-Remapped-Connection
X-Cache-Host
X-Cache-Debug
X-LI-UUID
X-Ah-Environment
X-Block-Status
X-C
X-Li-Pop
X-Cache-Id
X-Cache-Miss-From
X-Page-Type
X-Cms-Context
Web-Mar-Node
X-WPE-Loopback-Upstream-Addr
X-PHP-Host
X-Origin-Expires
X-Origin-Date
X-LAGOON
X-Nginx-Cache-Key
X-No-Session
X-CGP
X-Request-URI
X-Reboot
Content-Disposition
Country-Code
X-SN
X-Gen-Mode
CDCHOST
X-SIPLIST1
X-Via-Edge
X-Geo-Header
Fastly-Soc-X-Request-Id
Pagetype
Fastly-Backend-Name
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
Apple-News-Services-Host
Apple-News-Services-Handled
AKAMAI
Memcached
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Cache-Cookie-Set-From
X-Cache-Info
Backend
X-Swa-Ws
Fastly-SWR
Fastly-SIE
X-Sedo-Request-Id
X-Distributor
X-Hash
X-Via-SSL
X-Device-Os
X-Distil-CS
Kp-EeAlive
IsBot
X-Dispatcher-Server
Heartbleed
HA-Ipaddr
X-Sf
X-Epic-Correlation-Id
X-Webstats-RespID
X-Eu-Site
X-ServiceProvider
X-Servername
X-Hnp-Log
Magicmarker
Lfy
Ha-Gx-Prefs
X-Cdn-Forward
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-FireWall-Port
X-GeoIP-City
X-Gateway-Cache-Status
X-Bip
X-Generated-On
X-Core-Mission
X-Fastly-Cache
X-Gateway-Skip-Cache
X-Cache-FS-Status
X-GeoIP-Country-Code
X-Level-Front-Cache
X-Fetched-On
X-Planisys-CDN-Cache
X-S-Maxage
X-Cache-Bucket
X-Varnish-Url
Is-Eu
X-Wikidot-Backend
X-TrackingId
DSUID
X-BBXSRF
Platform
HTTPS
X-Server-IP
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Thanos
Adler-Geo
X-Skip-Cache
X-Shopify-Stage
X-ShardId
X-ShopId
Fastly-SSL
X-Wikidot-Static-Cache
SD-X-WS
X-Micro-Cache
X-Amz-Meta-Cache-Control
X-Alternate-Cache-Key
X-MSEdge-Features
X-Amzn-Remapped-Content-Length
X-User
X-Backend-Url
X-Backend-State
X-Backend-Host
X-Node-Id
X-MSEdge-Flight
X-Planisys-CDN-Rules
X-Variation
X-Planisys-CDN-TTL
X-Gateway-Cache-Key
X-GZip
X-Auto-Login
X-Cdn-Srv
ServerName
X-Owner
Cteonnt-Length
X-RateLimit-Reset
FNAC-ModuleRouting
X-Server-Time
X-CACHE-KEY
X-Real-Ip
Section-Io-Cache
X-CUA
Powered-By
X-CDN-Forward
MIME-Version
Gh-Request-Id
Server-ID
X-Org
Pragrma
X-Varnish-Beresp-Ttl
X-Dc
X-NC
Viewtype
X-Pjax-Url
X-Passed-To-BeforeDispatch
V-Age
X-Original-Request
X-Passed-To
X-Apm-App-Name
X-Passed-To-DLL
VivaBuild
REQUESTUUID
X-Server-By
X-Cdn-Origin
X-Sn-Servicetimems
X-Stale
X-Svr
X-Nc
X-Returned-From-PostProcessResponse
X-Apm-Svc-Key
X-Actual-URL
X-Returned-From
X-Returned-From-BeforeDispatch
X-Returned-From-DLL
X-Apm-Inst-Hash
X-Passed-To-PostProcessResponse
X-Load-Cache
X-Parent-Response-Time
X-FPC
Fastcgi-Useragent
X-Aicache-OS
Host-ID
X-HS-Cache-Config
X-Exp-Se
Rt-Proxy-Cache
X-VServer
X-ND-Cache
X-Croise-Owner
X-Geo
X-Unique-ID
X-Edge-Server
X-Gdpr
X-Ua-Device
Cdn-Host
Cdn-Request-Time
X-Served-From
Cache
X-CSRF-TOKEN
PICS-Label
X-Microcachable
X-B3-Parentspanid
SID
HostName
Time
X-Servedbyhost
X-Oss-Server-Time
X-Oss-Storage-Class
X-Oss-Request-Id
Memory
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Git-Hash
X-Wa
Wxu-Next-Hostname
Wxu-Next-Commit
Wxu-Next-Region
Mime-Version
Resin-Trace
X-DC
ProcessTime
CF-IPCountry
X-Newrelic-Synthetics
X-V
X-Tb-Optimization-Total-Bytes-Saved
X-Req
X-From-Cache
X-Optimization
X-Cache-HT
AR-SID
X-Lb-Id
Odigeo-Trace-Id
Cf-Ipcountry
X-Varnish-Beresp-TTL
XServer
X-Release
X-HTML-Minification-Powered-By
Cdn
X-TH-Server
X-Fstrz
X-WebServer
X-Host-Name
X-Atg-Version
Processtime
X-Phone
X-Response-By
Proxy-Firewall
Public-Key-Pins-Report-Only
CF-Cached-On
X-ID
X-Instart-Info
GMS-Ver
X-WR-MODIFICATION
X-APP
X-Ratelimit-Remaining
X-Ratelimit-Limit
Backend-Name
X-Vcl-Version
X-Fastly-Backend-Reqs
X-Daa-Tunnel
X-Upstream-CT
X-Upstream-HT
X-LB-ID
WZWS-RAY
X-CLOUD-TRACE-CONTEXT
X-CACHE-AGE
X-GEO
Fastcgi-X-Cache-Version
X-Worker
X-Nananana
X-Check-Cacheable
X-Zone
178proxuri
219prxHost
189phosttRef
188prxHost
X-WA
225prxHost
286prxHost
Xxline
409pxxline
355prline
352pxline
X-Server-W
X-Amz-Meta-Surrogate-Control
X-Vcache
X-NGINX-Cache
X-B3-SpanId
Countrycode
Mobile-Detection-Method
GW-Server
X-URL
X-IPS-LoggedIn
X-Ratelimit-Reset
X-Clientip
X-We-Are-Hiring
X-CSRF-Token
X-UE-Client-Country
X-HS-Status
Lb
Version
SS
Pics-Label
SN
X-ServedByHost
GeoIp-Country-Code
Geoip-Latitude
X-Fastly-Country-Code
X-Backend-TTL
X-Hyper-Cache
Ohc-File-Size
DataCenter
Esi-Enabled
X-VCL-Version
X-SERVER-NAME
Geoip-City
X-SRV
X-GZIP
X-Dynatrace
X-Contensis-Viewer-Groups
X-AssetVersion
X-UPSTREAM-Address
X-Request-Start
X-PF-Uncompressing
URI
X-Render-Time
X-HS-Combine-CSS
X-BE
FSS-Proxy
FSS-Cache
Serverid
GeoIP-Country-Code
X-Be
WP-Super-Cache
X-CS
X-GDPR
X-Via-Ucdn
X-LiteSpeed-Cache-Control
X-Akamai-Request-ID2
CDN
GeoIP-Latitude
GeoIP-City
X-Unique-Id
Accept-Language
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
X-ZONE
X-PJAX-URL
Ohc-Cache-HIT
X-Fpc
X-Gen-Id
X-NWS-UUID-VERIFY
X-HostName
Dynatrace
X-FORWARDED-FOR
Amp-Access-Control-Allow-Source-Origin
X-Via-NSCOPI
X-RequestId
RequestUuid
X-Flog
X-Reqid
X-UCC
X-Fastly-Cache-Hits
Cneonction
Server-Id
X-Html-Edge-Cache
X-Hello
X-Pf-Uncompressing
X-ABtesting
X-Cdn-Cache
X-Cache-Ttl
X-Urbn-Context-Path
Locale
X-LiteSpeed-Tag
X-Urbn-Site-Id
X-Request-Url
Who
X-Store
X-Varnish-Action
Accept-Ch
A
X-Akamai-SSL-Client-Sid
Frontcache
X-Serial
IBM-Web2-Location
X-Varnish-URL
X-Requestid
X-Bug-Bounty
Ohc-Response-Time
X-EC-Lua
X-Port
NnCoection
Get-Access-Time
Is-Session-Tracking
X-ServerName
X-Cache-URL
X-Cdn-Request-ID
X-HTML-Edge-Cache