Threat Level: green Handler on Duty: Renato Marinho

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
X-Powered-By
Link
ETag
CF-RAY
X-XSS-Protection
Expect-CT
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
CF-Cache-Status
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-AspNet-Version
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-Xss-Protection
X-Drupal-Cache
X-Adblock-Key
X-Request-ID
Alt-Svc
X-Check
X-Cacheable
Content-Security-Policy-Report-Only
X-Cache-Status
X-Generator
CF-Ray
X-Permitted-Cross-Domain-Policies
X-AspNetMvc-Version
X-DNS-Prefetch-Control
X-Template
X-Language
Status
X-Iinfo
Content-Encoding
Timing-Allow-Origin
X-FRAME-OPTIONS
X-Buckets
X-Content-Security-Policy
Upgrade
X-CDN
Xkey
X-Turbo-Charged-By
X-Kinja-Server-Push
Keep-Alive
Access-Control-Expose-Headers
P3p
X-Backend
X-Cache-Group
X-Pass-Why
X-AH-Environment
Access-Control-Max-Age
X-Drupal-Dynamic-Cache
X-Age
X-Ua-Compatible
X-Pingback
X-Server
X-Via
X-Proxy-Cache
X-Amz-Request-Id
X-Amz-Id-2
Grace
X-Hacker
X-Robots-Tag
X-Server-Powered-By
X-Nginx-Cache-Status
X-Varnish-Cache
WPE-Backend
X-Page-Speed
X-UA-Device
EagleId
Request-Context
X-Envoy-Upstream-Service-Time
Cf-Railgun
X-Amz-Version-Id
X-LiteSpeed-Cache
X-WebKit-CSP
X-Swift-CacheTime
X-Swift-SaveTime
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-OneAgent-JS-Injection
X-Device
Ali-Swift-Global-Savetime
Allow
Server-Timing
X-Ac
X-Rq
X-Node
X-CST
X-Host
Content-Location
Feature-Policy
X-Server-Id
X-Cnection
X-Response-Time
X-Type
Report-To
X-Backend-Server
X-Cloud-Trace-Context
X-Application-Context
Surrogate-Control
EagleEye-TraceId
X-Iejgwucgyu
X-ORACLE-DMS-ECID
X-Url
X-Origin-Cache
Request-Id
X-Readtime
X-Rack-Cache
X-FTR-Request-ID
X-Country
X-Clacks-Overhead
X-Country-Code
X-Cache-Lookup
Rating
NEL
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Instart-Request-ID
X-Vhost
X-Ruxit-JS-Agent
X-DynaTrace
Pinterest-Generated-By
X-Mod-Pagespeed
X-Origin-Upstream-Status
X-Upstream-Env
X-DataDome
X-Px
Edge-Control
X-Goog-Hash
Verso
X-Server-Name
Accept-CH
X-Dispatcher
X-HW
X-ORACLE-DMS-RID
X-ESI
MS-Author-Via
X-DataStream-Cache-Status
X-VARITI-CCR
X-GitHub-Request-Id
AR-ATIME
X-Mobile-Rewrite
AR-CACHE
PB-RID
Arc-Version
AR-PoweredBy
PB-PID
X-MS-InvokeApp
X-Exp-Id
X-Exp-Variant
X-Cdn-Fetch
X-Kinja-Revision
X-Kinja-Server
X-GoogleNews-Bot
X-Use-Magma
X-Kinja-Build
X-Kinja
X-Version
X-Cached
Charset
Content-MD5
X-Dns-Prefetch-Control
X-Powered-By-Plesk
Public-Key-Pins
X-Recruiting
Service-Worker-Allowed
AR-Request-ID
Accept-CH-Lifetime
RTSS
X-Abt-Application-Version
X-D2id
Ar-Sid
X-Navigation-Version
X-TTL
X-Vname
X-TtlSet
X-PC
X-Server-ID
X-Ser
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Varnish-TTL
X-Trace
X-Amz-Server-Side-Encryption
X-Vcap-Request-Id
X-Forwarded-Proto
X-Client-IP
SPRequestGuid
X-DynaTrace-JS-Agent
Nginx-Cache
X-Country-Code-Real
X-FTR-Backend-Server
X-FTR-Cache-Status
X-FTR-DC
X-FTR-Realm
X-FTR-Backend
X-FTR-Balancer
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-FTR-Expires
X-VCache
X-Amz-Rid
X-SharePointHealthScore
S
X-Fastly-Request-ID
X-Amz-Meta-S3cmd-Attrs
X-Debug
X-XRDS-Location
TCN
Arr-Disable-Session-Affinity
X-Shield-Request-Id
X-Dw-Request-Base-Id
X-Hits
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
DynaTrace
SPRequestDuration
SPIisLatency
X-Oracle-Dms-Rid
X-Upstream-Proxy
Pinterest-Version
X-Pinterest-Rid
X-Akam-SW-Version
Access-Control-Request-Method
X-T
X-SERVER
X-FTR-Cache-Host
X-Goog-Storage-Class
X-Powered-CMS
X-Id
Front-End-Https
X-Ttl
X-B3-TraceId
X-Aspnet-Version
X-NF-Request-ID
X-Acc-Meta-Resource-Type
Fastcgi-Cache
X-Amzn-Trace-Id
X-MSEdge-Ref
Tracecode
Realpath
X-N
X-Varnish-Age
Paypal-Debug-Id
X-Content-Type
X-Forwarded-For
X-Upstream
Alternate-Protocol
MRF-Tech
Mrf-Cache-Status
X-Mrf-Section-Lastmod
X-B3-TraceId-Primal
X-Mrf-Item-Lastmod
X-RateLimit-Remaining
X-Middleton-Display
X-Sol
X-Frontend
X-Logged-In
Display
X-PressLabs-Stats
Fusion-Content-Id
X-Middleton-Response
Fusion-Component-Id
Response
Fusion-Template-Id
X-HS-Hub-Id
X-HS-Content-Id
X-Content-Digest
Fusion-Content-Source
Fusion-Source
X-Litespeed-Cache
AMP-Access-Control-Allow-Source-Origin
X-Hostname
X-Cache-Key
X-Accel-Expires
X-Pad
X-Fastcgi-Cache
X-Accel-Buffering
X-Kinsta-Cache
X-Srv
MicrosoftSharePointTeamServices
Server-Name
Host
X-B3-Traceid
X-Analytics
Backend-Timing
X-Content-Options
X-Correlation-Id
X-User-Agent
X-Cdn
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
X-LB-Cache
X-Debug-Info
X-Revision
X-Rid
X-Amzn-RequestId
Refresh
X-Amz-Apigw-Id
Accept-Charset
X-Activity-Id
FilterID
X-Az
X-AppVersion
X-IPLB-Instance
X-B3-Sampled
X-Cache-Hit
X-B
X-Cache-2
X-Grace
X-DIS-Request-ID
Powered-By-ChinaCache
Surrogate-Key
X-CF-Powered-By
X-FastCGI-Cache
ServerID
X-Page-Id
X-Whom
Server-Info
X-PHP-Backend
TP-Cache
TP-L2-Cache
Host-Header
X-Request-Processing-Time
X-Webkit-CSP
X-Request-Received
MS-CV
X-Content-Security-Policy-Report-Only
X-Ruxit-Js-Agent
X-Amz-Replication-Status
X-TT
X-Kong-Proxy-Latency
Source
VIX-Pulpo-Upstream-Status
X-Kong-Upstream-Latency
VIX-Pulpo-Node
X-Cached-By
X-Origin-Server
X-Akamai-Edgescape
X-Cluster
X-Framework
X-Cache-Action
X-App-Environment
Cache-Status
X-Varnish-Backend
X-Content-Powered-By
X-Platform-Server
X-GUploader-UploadID
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Tumblr-User
Access-Control-Allow-Method
X-Mobile
X-FW-Hash
X-Request-Guid
X-F-Cache
X-FW-Server
X-FW-Type
X-FW-Serve
X-FW-Static
X-UA-Device-Type
X-Varnish-Grace
X-Shard
X-Instance
X-Ezoic-Cdn
X-RateLimit-Limit
X-Drupal-Cache-Tags
X-FB-Debug
X-SS-Set-Cookie
X-Handled-By
X-Zen-Fury
X-Geo-Country
X-Forwarded-Host
X-Magnolia-Registration
X-Cache-TTL
Edge-Cache-Tag
PageSpeed
From-Origin
X-Node-Name
X-ATG-Version
X-Cache-Age
X-App-Server
X-Varnish-Hostname
CACHE
X-Varnish-Server
DC
Cleartype
Cache-Tags
X-BCube-Filmed-By
X-AOL-HN
X-Cache-Control
Payment
X-Region
Filters
X-WebKit-CSP-Report-Only
X-RequestSource
X-Response-Served-From
Upgrade-Insecure-Requests
X-Generated-By
X-Adobe-Content
X-TX-ID
Healthy
X-Adobe-Loc
X-Redis-Cache
X-TT-TIMESTAMP
X-GeoIP
X-VG-WebCache
Cache-Tv-Group
Server-Node
X-UUID
NGB
Webserver
X-Storage
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-FW-Dynamic
Ms-Operation-Id
Country
Actual-Object-TTL
Retry-After
X-B-Cache
X-RTag
X-Jobs
X-Signature
X-Cache-Rule
Fastly-Restarts
X-Locale
X-Drupal-Cache-Contexts
X-XRDS-LOCATION
X-Content-Age
X-Cacheable-TTL
X-Varnish-Hits
GEO-INFO
ServedBy
Liferay-Portal
X-Esi
X-Wix-Server-Artifact-Id
Powered
X-Contextid
X-Seen-By
X-TA-CDN-Provider
Frame-Options
X-Oneagent-Js-Injection
X-Rendered-As
HitType
X-Via-JSL
X-Cache-TTL-Remaining
X-Varnish-IP
X-BACKEND-TTL
X-Yottaa-Optimizations
X-WA-Info
X-Yottaa-Metrics
S-Cnection
Viewport
X-Real-IP
X-Guploader-Uploadid
Eomportal-Instance
X-Cache-Server
X-Upgrade-Enabled
X-ProcessESI
X-RemovedCookies
X-Cache-NE
Content-Style-Type
Content-Script-Type
NtCoent-Length
X-Mode
Datacenter
X-Akamai-Transformed
X-Cache-Config
X-Cache-Var
X-Device-Type
X-Routing-Service
X-Cache-Var-Map
X-Detected-As
X-ES-SERVER
X-Proxied
Mn-Server-Ip
X-Hl-Ver
X-S
Meta-Geo
Machine
X-Is-Bot
Load-Balancing
X-RN-RSRV
X-Zipkin-Id
X-Path-Route
Cache-Hits
X-Proto
Cache-Key
X-From
Webcakes-App-Version
Webcakes-Region
X-Section
X-Endurance-Cache-Level
X-LJ-Flow-ID
X-L-Path
X-Environment-Context
X-Viewer-Country
OT-Force-Account-Verify
L5d-Success-Class
X-VWS-Id
X-AWS-Id
Webcakes-App-Name
TWC-Device-Class
X-FC-Vary-Parameters
TWC-GeoIP-Country
TWC-Locale-Group
TWC-GeoIP-LatLong
Access-Control-Request-Headers
X-Cache-Enabled
X-Access
TWC-Privacy
X-VG-TLSProxy
Vix-Hermes-Req-Id
TWC-Connection-Speed
X-Tb
X-Varnish-Cache-Hits
X-Origin-Hint
X-Hosted-By
Property-Id
Azure-RegionName
Mail-Subject
S-Rt
Origin-Cache-Control
Origin-Edge-Control
DB-Nickname
Azure-Version
We-Hiring
Azure-InstanceId
Azure-SiteName
Azure-SlotName
X-Cache-Operation
X-Proxy
X-TNCMS
X-Labrador-Cache-Channel
X-FB-TRIP-ID
ViewerVersion
X-Akamai-Request-ID
X-Format
X-Time
X-Origin-Response-Time
X-FW-Version
NGX
X-Time-Microsecs
X-Wix-Request-Id
X-Backend-Name
X-Birta-Cache-Post
X-Loop
X-Birta-Served
X-Web-Node
X-EIG-Tracking-Id
X-Via-CDN
X-ServerID
Xserver
X-JoinUs
X-Via-Fastly
X-Xfnlog-Site
X-IP
Selected-FE
X-NCache
X-OCL
X-Proxy-Build
X-Debug-Cache
X-Status
X-CCM
X-ProxyCache-Status
X-BYPASS-REASON
X-Tumblr-Pixel-3
X-Timing-Wait
X-Varnish-Cacheable
X-PCL
X-Trace-Id
X-ProxyCache-Key
X-Human
Decoy-Debug-Status
X-GRACE
Decoy-Debug-TTL
Now
Cache-Tag
Decoy-Debug-Key
X-Cache-Category-Id
X-Generated
X-Grey
X-MP-GENERATED-AT
X-Site-Version
X-Vgn-Hpd-Reason
X-Www-Served-By
X-Rocket-Nginx-Bypass
Uber-Trace-Id
X-VC-Cache
X-Dynatrace-Js-Agent
X-Newrelic-App-Data
Served-By
X-RCS-CacheZone
X-NWS-LOG-UUID
X-Internal-Host
X-EdgeConnect-Cache-Status
X-UA
X-R9-Blue-Green-Version
X-CDN-Cache
X-Rule
X-NewRelic-App-Data
LB
X-Cache-Remote
X-Origin-Host
X-Sucuri-ID
AsisCache
X-UnsetCookies
X-TIME
X-Cluster-Node
Rt-Fastcgi-Cache
Nel
Release
X-App-Name
User-Agent
X-ApacheServer
X-APP-VERSION
X-PERF
X-Datadome
X-B3-Spanid
X-Source
X-Agile-Age
X-Agile
X-Nginx-Cache
X-Agile-Id
Pagespeed
X-Request-Time
Cache-Name
X-Ua
X-Ocache
Hostname
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Hit
X-Origin
X-OVcl
X-OVcl-Cache
X-Sucuri-Cache
Warning
X-Pubstack
X-Edge-Location
X-App-Version
X-Origin-TTL
X-Origin-CC
X-ElasticPress-Search
Www
X-A-Dam
X-A-Wwc
X-A-Dcw
X-Accel-Expires-Debug
X-A-Dgt
X-A-Ccd
X-A
Node
Ec-Rule-Version
Fly-Cache
Fly-Request-Id
MD5-Digest
Cross-Origin-Window-Policy
Cache-Prefix
Ajk
Arc-Country
BehaviorPad-Version
Meta-Geo-Continent
N-Cache
Request-Time
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
Thinkindot-Control
Request-EU
Request-Country
On-Server
Origin
Rendered-Blocks
UCS
X-Debug-Log
X-Region-Sid
X-Processor
X-Request-UUID
X-Rewrite-Enabled
X-Rojux
X-Platform
X-PAYTM-SRV-ID
X-Mobile-URL
X-NodeID
X-NU-AKA-ACS-Version
X-NX-Host
X-S-Cookie
X-ScT
X-Up
X-Twitter-Response-Tags
X-Var-Ttl
X-VG-WebServer
Xc-Version
X-Trv-Group
X-Transaction
X-Secret
X-Server-Group
X-SRCache-Key
X-Thinkindot-L3
X-Matched-Rule
X-Logtrace-Id
X-Connection-Hash
X-CF-Lambda-Version
X-Core-Value
X-D
X-Date
X-CF-Lambda-Fn
X-Cache-Grace
X-Application
X-ARC
X-B-Cookie
X-BB-ID
X-Debug-Cache-Expiry
X-Debug-Cache-Fetch
X-G
X-External-Request-Id
X-Gannett-Site-Version
X-Generated-In
X-Hp-Webp
X-DPWN-IS-SECURE
X-Developers
X-Debug-Cache-Store
X-Debug-Cookies
X-Destination
X-Developer
X-Aed
X-Cache-Expires
X-Protected-By
X-Varnish-Beresp-Grace
X-VCT
X-Varnish-Beresp-Status
X-Varnish-Ttl
X-Edge-IP
X-Cache-Backend
X-WPE-Loopback-Upstream-Addr
X-Location
X-Real-Ip
X-LI-UUID
True-Client-Country-4JS
X-Ah-Environment
SRV
Web-Mar-Node
X-No-Session
User-Cache-Control
X-Nginx-Cache-Key
Server-Int
Proxy-Connection
RNT-Machine
Pramga
X-Proxy-Cache-Status
X-Qloud-Router
X-Proxy-Upstream
RNT-Time
X-PHP-Host
X-LI-Proto
Server-Surrogate-Control
X-Origin-Expires
X-Page-Type
Server-Cache-Control
X-Origin-Date
X-Li-Fabric
X-Distributor
X-Cache-Host
X-Epic-Correlation-Id
X-Eu-Site
X-Cache-ASPX
X-Cache-Debug
X-Cache-Id
X-Cache-Miss-From
X-Cms-Context
X-Crawler
X-CGP
X-Device-Os
X-Distil-CS
X-C
X-Block-Status
X-Instart-Isnd
X-Info
X-Irp-Debug
X-Key
X-RateLimit-Limit-Second
X-LAGOON
X-IN-WAF
X-IN-APIGATEWAY
X-Geo-Header
X-Gen-Mode
X-Amzn-Remapped-Date
X-Hnp-Log
X-Amzn-Remapped-Connection
X-Li-Pop
X-Policy
CDCHOST
X-TT-LOGID
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
Content-Disposition
Country-Code
Fastly-Soc-X-Request-Id
Fastly-SWR
Fastly-SIE
Fastly-Backend-Name
Pagetype
X-Varnish-Authentication
Backend
Memcached
X-Via-SSL
X-Cache-Info
X-F5-Cache
X-Webstats-RespID
X-Via-Edge
AKAMAI
Apple-News-Services-Request-Url
X-Varnish-Url
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Apple-News-Services-Handled
X-SN
X-Swa-Ws
X-ServiceProvider
X-Refresh
X-Sf
X-Servername
IsBot
X-Sedo-Request-Id
Magicmarker
X-Request-URI
HA-Ipaddr
Heartbleed
Ha-Gx-Prefs
X-RateLimit-Remaining-Second
X-SIPLIST1
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Reboot
X-FireWall-Port
X-Cdn-Forward
X-Gateway-Cache-Key
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-Fetched-On
X-Fastly-Cache
X-Core-Mission
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-Gateway-Cache-Status
X-Dispatcher-Server
Lfy
X-Cache-Bucket
X-Planisys-CDN-TTL
X-GeoIP-Country-Code
X-ShopId
X-ShardId
X-Sorting-Hat-ShopId
X-Thanos
X-MSEdge-Features
X-MSEdge-Flight
X-Skip-Cache
X-Shopify-Stage
X-Sorting-Hat-PodId
X-Level-Front-Cache
X-TrackingId
X-GeoIP-City
X-Generated-On
X-S-Maxage
X-Node-Id
X-Hash
X-User
X-Variation
X-Server-IP
X-Gateway-Skip-Cache
X-Micro-Cache
X-Backend-Url
X-Backend-State
HTTPS
X-BBXSRF
Fastly-SSL
Adler-Geo
X-Bip
X-Amzn-Remapped-Content-Length
Is-Eu
SD-X-WS
Server-Host
Platform
X-Alternate-Cache-Key
Kp-EeAlive
X-Amz-Meta-Cache-Control
X-Cache-FS-Status
X-Backend-Host
X-GZip
X-Owner
X-Server-Time
X-Auto-Login
Cteonnt-Length
FNAC-ModuleRouting
X-RateLimit-Reset
ServerName
X-Cdn-Srv
DSUID
X-CACHE-KEY
Powered-By
X-CUA
Server-ID
X-Varnish-Beresp-Ttl
Section-Io-Cache
X-CDN-Forward
Pragrma
X-Org
Gh-Request-Id
MIME-Version
X-NC
X-Returned-From
X-Returned-From-BeforeDispatch
X-Returned-From-DLL
Viewtype
X-Passed-To-BeforeDispatch
X-Passed-To
X-Original-Request
X-Returned-From-PostProcessResponse
VivaBuild
X-Nc
X-Passed-To-PostProcessResponse
X-Passed-To-DLL
REQUESTUUID
X-Load-Cache
Fastcgi-Useragent
X-Apm-App-Name
X-Apm-Inst-Hash
V-Age
X-Stale
X-Parent-Response-Time
X-Svr
X-Actual-URL
X-Apm-Svc-Key
X-FPC
X-Sn-Servicetimems
X-Aicache-OS
X-Cdn-Origin
X-Server-By
X-Pjax-Url
X-VServer
Rt-Proxy-Cache
X-ND-Cache
Host-ID
X-Exp-Se
X-Geo
X-Dc
X-HS-Cache-Config
X-Croise-Owner
X-Edge-Server
HostName
X-Ua-Device
X-Unique-ID
Cdn-Request-Time
X-CSRF-TOKEN
X-Gdpr
Cdn-Host
X-Served-From
Cache
X-Microcachable
PICS-Label
X-B3-Parentspanid
X-DC
X-Oss-Storage-Class
X-Oss-Server-Time
X-Wa
X-Oss-Object-Type
Memory
Time
X-Oss-Hash-Crc64ecma
X-Servedbyhost
X-Oss-Request-Id
SID
Wxu-Next-Region
Wxu-Next-Hostname
Wxu-Next-Commit
Mime-Version
X-Git-Hash
Resin-Trace
X-V
ProcessTime
X-Newrelic-Synthetics
CF-IPCountry
X-Req
X-From-Cache
X-Tb-Optimization-Total-Bytes-Saved
X-Cache-HT
X-Optimization
AR-SID
Odigeo-Trace-Id
Cf-Ipcountry
X-Lb-Id
XServer
X-Release
X-HTML-Minification-Powered-By
X-Varnish-Beresp-TTL
X-WebServer
X-Fstrz
Cdn
X-Atg-Version
X-Host-Name
X-TH-Server
X-Phone
Proxy-Firewall
X-Response-By
CF-Cached-On
X-ID
Public-Key-Pins-Report-Only
X-APP
Processtime
X-LB-ID
X-Instart-Info
GMS-Ver
X-WR-MODIFICATION
X-Daa-Tunnel
X-Ratelimit-Remaining
Backend-Name
X-Upstream-CT
X-Upstream-HT
X-Ratelimit-Limit
WZWS-RAY
X-Vcl-Version
X-Fastly-Backend-Reqs
X-CACHE-AGE
Fastcgi-X-Cache-Version
X-GEO
X-CLOUD-TRACE-CONTEXT
X-Nananana
X-Worker
X-Zone
X-Check-Cacheable
X-NGINX-Cache
189phosttRef
409pxxline
352pxline
286prxHost
355prline
219prxHost
X-Server-W
Xxline
X-Vcache
188prxHost
X-Amz-Meta-Surrogate-Control
178proxuri
225prxHost
X-COUNTRY
X-B3-SpanId
X-WA
X-UE-Client-Country
GW-Server
Mobile-Detection-Method
X-Clientip
X-IPS-LoggedIn
X-URL
X-Ratelimit-Reset
Countrycode
X-HS-Status
X-We-Are-Hiring
X-SRV
Lb
Version
X-Hyper-Cache
X-Fastly-Country-Code
X-Backend-TTL
SN
X-CSRF-Token
Pics-Label
X-ServedByHost
Geoip-Latitude
SS
DataCenter
Ohc-File-Size
GeoIp-Country-Code
Geoip-City
X-VCL-Version
Esi-Enabled
X-FORWARDED-FOR
X-SERVER-NAME
X-Dynatrace
X-GZIP
X-HS-Combine-CSS
FSS-Proxy
X-Request-Start
URI
X-PF-Uncompressing
X-AssetVersion
X-Render-Time
FSS-Cache
X-UPSTREAM-Address
X-BE
Serverid
X-Akamai-Request-ID2
X-Contensis-Viewer-Groups
WP-Super-Cache
X-CS
X-GDPR
GeoIP-Latitude
X-LiteSpeed-Cache-Control
X-Via-Ucdn
CDN
X-Be
GeoIP-City
X-PJAX-URL
GeoIP-Country-Code
Accept-Language
X-Unique-Id
X-Vtex-Remote-Cache
X-NWS-UUID-VERIFY
X-Vtex-Processado-Em
X-ZONE
X-Cdn-Cache
X-Fpc
Ohc-Cache-HIT
X-Gen-Id
Amp-Access-Control-Allow-Source-Origin
X-HostName
Dynatrace
X-ABtesting
X-Via-NSCOPI
X-RequestId
X-Fastly-Cache-Hits
X-UCC
X-Html-Edge-Cache
Locale
X-Urbn-Site-Id
X-Hello
X-Flog
X-Pf-Uncompressing
Cneonction
X-Reqid
X-Urbn-Context-Path
RequestUuid
X-Cache-Ttl
Who
X-LiteSpeed-Tag
Server-Id
X-Store
X-Request-Url
X-Varnish-Action
A
Accept-Ch
X-Akamai-SSL-Client-Sid
IBM-Web2-Location
X-Cache-URL
Ohc-Response-Time
Is-Session-Tracking
Get-Access-Time
X-Port
X-Serial
Frontcache
X-ServerName
NnCoection
X-Cdn-Request-ID
X-HTML-Edge-Cache
X-EC-Lua