Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
X-Powered-By
ETag
Link
CF-RAY
X-XSS-Protection
Expect-CT
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
CF-Cache-Status
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-AspNet-Version
X-Xss-Protection
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
Alt-Svc
X-Check
X-Request-ID
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
X-Cache-Status
CF-Ray
X-Permitted-Cross-Domain-Policies
X-AspNetMvc-Version
X-DNS-Prefetch-Control
X-Template
X-Language
Status
X-Iinfo
Content-Encoding
Timing-Allow-Origin
X-Buckets
X-FRAME-OPTIONS
X-Content-Security-Policy
X-CDN
Upgrade
Xkey
X-Turbo-Charged-By
X-Kinja-Server-Push
Keep-Alive
Access-Control-Expose-Headers
X-Backend
X-Cache-Group
X-Pass-Why
X-AH-Environment
P3p
Access-Control-Max-Age
X-Drupal-Dynamic-Cache
X-Age
X-Ua-Compatible
X-Pingback
X-Server
X-Via
X-Proxy-Cache
Grace
X-Amz-Id-2
X-Amz-Request-Id
X-Hacker
WPE-Backend
X-Robots-Tag
X-Varnish-Cache
X-Nginx-Cache-Status
X-Server-Powered-By
X-Page-Speed
X-UA-Device
EagleId
Request-Context
X-Envoy-Upstream-Service-Time
Cf-Railgun
X-Amz-Version-Id
X-LiteSpeed-Cache
X-WebKit-CSP
X-Swift-CacheTime
X-Swift-SaveTime
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Device
Ali-Swift-Global-Savetime
X-OneAgent-JS-Injection
Allow
Server-Timing
X-Ac
X-CST
X-Rq
X-Node
X-Host
Feature-Policy
Content-Location
X-Type
X-Cnection
X-Response-Time
Report-To
X-Server-Id
X-Backend-Server
X-Application-Context
X-Cloud-Trace-Context
Surrogate-Control
EagleEye-TraceId
X-Iejgwucgyu
X-ORACLE-DMS-ECID
X-Url
X-Origin-Cache
X-Readtime
Request-Id
X-Rack-Cache
X-Country
X-FTR-Request-ID
X-Clacks-Overhead
X-Country-Code
X-Cache-Lookup
Rating
NEL
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Instart-Request-ID
X-Vhost
Pinterest-Generated-By
X-Dns-Prefetch-Control
X-Mod-Pagespeed
X-Ruxit-JS-Agent
X-DynaTrace
X-Upstream-Env
X-Origin-Upstream-Status
X-Px
X-DataDome
Edge-Control
X-Goog-Hash
Verso
X-Server-Name
Accept-CH
X-ESI
X-Dispatcher
X-HW
X-Server-ID
MS-Author-Via
X-VARITI-CCR
X-GitHub-Request-Id
X-DataStream-Cache-Status
Arc-Version
PB-PID
X-Mobile-Rewrite
PB-RID
AR-ATIME
AR-PoweredBy
AR-CACHE
X-MS-InvokeApp
X-Kinja
X-ORACLE-DMS-RID
X-Kinja-Build
X-GoogleNews-Bot
X-Exp-Variant
X-Cdn-Fetch
X-Exp-Id
X-Kinja-Revision
X-Kinja-Server
X-Use-Magma
Charset
X-Cached
X-Version
Content-MD5
X-Powered-By-Plesk
X-Recruiting
Public-Key-Pins
Service-Worker-Allowed
Accept-CH-Lifetime
AR-Request-ID
X-D2id
X-Navigation-Version
Ar-Sid
RTSS
X-Abt-Application-Version
X-Vname
X-PC
X-TtlSet
X-SRCache-Fetch-Status
X-Ser
X-SRCache-Store-Status
X-TTL
X-Trace
X-Forwarded-Proto
X-Varnish-TTL
X-Amz-Server-Side-Encryption
X-Vcap-Request-Id
X-Client-IP
SPRequestGuid
X-FTR-Backend-Server
X-Country-Code-Real
Nginx-Cache
X-FTR-Backend
X-DynaTrace-JS-Agent
X-FTR-Balancer
X-FTR-DC
X-FTR-Realm
X-FTR-Cache-Status
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-FTR-Expires
X-Amz-Rid
X-SharePointHealthScore
X-Fastly-Request-ID
S
X-Amz-Meta-S3cmd-Attrs
X-Debug
X-Oracle-Dms-Rid
Arr-Disable-Session-Affinity
X-Shield-Request-Id
X-VCache
TCN
X-Dw-Request-Base-Id
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Hits
X-XRDS-Location
DynaTrace
SPIisLatency
Pinterest-Version
X-Pinterest-Rid
X-Upstream-Proxy
SPRequestDuration
X-Ttl
X-Akam-SW-Version
X-T
Access-Control-Request-Method
X-B3-TraceId
X-Goog-Storage-Class
X-FTR-Cache-Host
Front-End-Https
X-Powered-CMS
X-Id
X-SERVER
X-NF-Request-ID
X-Acc-Meta-Resource-Type
X-Amzn-Trace-Id
Tracecode
Realpath
Fastcgi-Cache
X-MSEdge-Ref
X-Aspnet-Version
Paypal-Debug-Id
X-N
X-Varnish-Age
X-Forwarded-For
X-Content-Type
Alternate-Protocol
X-Upstream
X-Mrf-Section-Lastmod
X-B3-TraceId-Primal
X-Mrf-Item-Lastmod
MRF-Tech
Mrf-Cache-Status
X-Middleton-Display
X-Sol
Display
X-Logged-In
X-RateLimit-Remaining
Response
X-Frontend
X-Middleton-Response
X-PressLabs-Stats
X-Content-Digest
X-HS-Hub-Id
Fusion-Template-Id
Fusion-Content-Source
Fusion-Component-Id
Fusion-Content-Id
Fusion-Source
X-HS-Content-Id
X-Litespeed-Cache
AMP-Access-Control-Allow-Source-Origin
X-Srv
X-Hostname
X-Fastcgi-Cache
X-Accel-Buffering
X-Pad
X-Cache-Key
X-Kinsta-Cache
X-Accel-Expires
Server-Name
MicrosoftSharePointTeamServices
Host
X-Content-Options
X-User-Agent
X-Analytics
Backend-Timing
X-Correlation-Id
Refresh
X-B3-Traceid
X-LB-Cache
X-Revision
X-Amz-Apigw-Id
X-Az
X-Amzn-RequestId
X-AppVersion
X-Activity-Id
FilterID
Accept-Charset
X-B
X-Debug-Info
X-IPLB-Instance
X-Rid
X-DIS-Request-ID
X-DataStream-MidMile-RTT
X-B3-Sampled
X-DataStream-Origin-MEX-Latency
X-Cache-Hit
X-Cache-2
Powered-By-ChinaCache
X-CF-Powered-By
Surrogate-Key
X-Grace
ServerID
X-FastCGI-Cache
X-Ruxit-Js-Agent
X-Page-Id
X-Whom
Server-Info
X-PHP-Backend
TP-L2-Cache
X-Request-Received
MS-CV
X-Request-Processing-Time
TP-Cache
Host-Header
X-Content-Security-Policy-Report-Only
X-Cached-By
X-Akamai-Edgescape
VIX-Pulpo-Node
X-Varnish-Backend
X-Amz-Replication-Status
X-TT
VIX-Pulpo-Upstream-Status
Source
X-Cluster
X-Cache-Action
X-App-Environment
X-Framework
Cache-Status
X-Origin-Server
X-UA-Device-Type
Access-Control-Allow-Method
X-Webkit-CSP
X-Mobile
X-Tumblr-Pixel-0
X-Kong-Proxy-Latency
X-Tumblr-Pixel
X-Tumblr-User
X-Content-Powered-By
X-Kong-Upstream-Latency
X-FW-Hash
X-Shard
X-Request-Guid
X-Varnish-Grace
X-FW-Serve
X-FW-Server
X-FW-Type
X-FW-Static
X-F-Cache
X-Ezoic-Cdn
X-Drupal-Cache-Tags
X-Instance
X-Platform-Server
X-Zen-Fury
X-SS-Set-Cookie
X-FB-Debug
X-Geo-Country
X-Handled-By
X-GUploader-UploadID
X-RateLimit-Limit
X-Magnolia-Registration
X-Forwarded-Host
X-Cache-TTL
Edge-Cache-Tag
X-ATG-Version
X-Oneagent-Js-Injection
From-Origin
X-Node-Name
X-Cache-Age
X-App-Server
X-Varnish-Hostname
CACHE
DC
Cleartype
X-Varnish-Server
Cache-Tags
PageSpeed
X-AOL-HN
X-BCube-Filmed-By
X-XRDS-LOCATION
X-Cache-Control
Healthy
Upgrade-Insecure-Requests
Payment
X-Region
X-Response-Served-From
X-RequestSource
X-WebKit-CSP-Report-Only
Filters
X-Generated-By
X-GeoIP
X-Adobe-Loc
X-Adobe-Content
X-TX-ID
X-TT-TIMESTAMP
X-RTag
X-Redis-Cache
Ms-Operation-Id
NGB
Country
X-UUID
X-Tumblr-Pixel-2
X-Wix-Server-Artifact-Id
Cache-Tv-Group
Actual-Object-TTL
X-Signature
X-VG-WebCache
X-B-Cache
X-Tumblr-Pixel-1
Retry-After
Server-Node
X-Jobs
X-FW-Dynamic
Webserver
X-Storage
X-Content-Age
X-Locale
X-Drupal-Cache-Contexts
Fastly-Restarts
GEO-INFO
X-Cacheable-TTL
X-Varnish-Hits
ServedBy
X-Cache-Rule
X-Seen-By
Liferay-Portal
X-Contextid
Powered
X-Via-JSL
Frame-Options
HitType
X-Rendered-As
X-TA-CDN-Provider
X-Cache-TTL-Remaining
X-Varnish-IP
X-Guploader-Uploadid
X-BACKEND-TTL
X-Real-IP
X-Yottaa-Metrics
Viewport
X-Yottaa-Optimizations
X-WA-Info
S-Cnection
X-Cache-Server
Content-Style-Type
X-RemovedCookies
Eomportal-Instance
X-Time
Content-Script-Type
X-ProcessESI
X-Upgrade-Enabled
X-GRACE
Xserver
NtCoent-Length
X-Mode
X-Cache-NE
Datacenter
X-Esi
X-Dynatrace-Js-Agent
X-Cache-Config
X-Akamai-Transformed
X-Proto
X-Zipkin-Id
X-Path-Route
X-Proxied
X-Cache-Var-Map
ViewerVersion
X-Detected-As
X-Wix-Request-Id
X-ES-SERVER
X-From
X-Hl-Ver
X-Cache-Var
X-NewRelic-App-Data
X-Is-Bot
Cache-Hits
Meta-Geo
X-S
Load-Balancing
Mn-Server-Ip
X-Routing-Service
X-RN-RSRV
Machine
X-Device-Type
Mail-Subject
X-Hosted-By
TWC-GeoIP-Country
TWC-Device-Class
Webcakes-App-Version
OT-Force-Account-Verify
X-Endurance-Cache-Level
Property-Id
Webcakes-Region
X-Environment-Context
X-AWS-Id
X-Varnish-Cache-Hits
X-FC-Vary-Parameters
TWC-Connection-Speed
Access-Control-Request-Headers
Vix-Hermes-Req-Id
TWC-GeoIP-LatLong
L5d-Success-Class
Webcakes-App-Name
X-Origin-Hint
Cache-Key
X-LJ-Flow-ID
X-Cache-Enabled
We-Hiring
TWC-Privacy
TWC-Locale-Group
X-Viewer-Country
X-VWS-Id
X-L-Path
Origin-Edge-Control
X-Birta-Cache-Post
X-Access
X-Backend-Name
Azure-Version
Azure-RegionName
Azure-InstanceId
DB-Nickname
Azure-SiteName
Azure-SlotName
Origin-Cache-Control
X-Birta-Served
X-Debug-Cache
X-Akamai-Request-ID
X-ServerID
X-EIG-Tracking-Id
X-Proxy
X-Origin-Response-Time
X-Status
X-TNCMS
X-Tb
X-Web-Node
X-Via-CDN
X-VG-TLSProxy
X-Loop
X-Section
X-FW-Version
X-Trace-Id
X-Tumblr-Pixel-3
X-BYPASS-REASON
X-Timing-Wait
X-CCM
X-Labrador-Cache-Channel
S-Rt
Selected-FE
NGX
X-FB-TRIP-ID
X-Format
X-Xfnlog-Site
Now
X-Via-Fastly
X-Varnish-Cacheable
X-Time-Microsecs
X-IP
X-Proxy-Build
Decoy-Debug-TTL
Decoy-Debug-Status
Decoy-Debug-Key
X-PCL
X-ProxyCache-Key
X-JoinUs
X-OCL
Cache-Tag
X-ProxyCache-Status
X-Www-Served-By
X-NCache
X-Generated
X-Human
X-Cdn
X-Site-Version
X-Cache-Category-Id
X-MP-GENERATED-AT
X-Grey
Uber-Trace-Id
X-Rocket-Nginx-Bypass
X-Vgn-Hpd-Reason
X-CDN-Cache
Served-By
X-Internal-Host
X-VC-Cache
Pagespeed
X-Cache-Operation
X-R9-Blue-Green-Version
X-Sucuri-ID
X-NWS-LOG-UUID
LB
X-EdgeConnect-Cache-Status
X-Rule
X-Cache-Remote
X-Origin-Host
X-RCS-CacheZone
X-UA
AsisCache
X-Newrelic-App-Data
X-UnsetCookies
Release
X-Cluster-Node
Rt-Fastcgi-Cache
User-Agent
X-App-Name
Nel
X-PERF
X-ApacheServer
X-B3-Spanid
X-App-Version
X-Agile
Hostname
X-Agile-Age
X-Agile-Id
X-Varnish-Ttl
X-TIME
X-Nginx-Cache
X-Source
X-Datadome
X-Ua
Cache-Name
X-Request-Time
X-Edge-Location
X-Ocache
X-APP-VERSION
X-Sucuri-Cache
X-Pubstack
X-Goog-Meta-Goog-Reserved-File-Mtime
X-OVcl
X-OVcl-Cache
X-Hit
X-Cdn-Forward
X-Edge-IP
X-Origin-TTL
X-VCT
X-Origin-CC
X-Origin
Warning
X-ElasticPress-Search
X-Protected-By
Origin
Rendered-Blocks
X-Matched-Rule
X-Mobile-URL
Request-EU
Server-Surrogate-Control
On-Server
X-Var-Ttl
Server-Cache-Control
Request-Time
X-Logtrace-Id
Thinkindot-CacheControl
Request-Country
X-Region-Sid
Cache-Prefix
Cross-Origin-Window-Policy
BehaviorPad-Version
X-NU-AKA-ACS-Version
Ajk
Arc-Country
Ec-Rule-Version
Fly-Cache
N-Cache
Node
X-PAYTM-SRV-ID
X-NodeID
Fly-Request-Id
MD5-Digest
X-Varnish-Authentication
Www
X-Trv-Group
X-G
X-Thinkindot-L3
X-Connection-Hash
X-CF-Lambda-Version
X-Generated-In
X-Cache-Grace
X-CF-Lambda-Fn
X-Hp-Webp
X-External-Request-Id
X-Core-Value
X-Destination
X-Processor
X-Developer
X-Developers
X-Debug-Log
X-Debug-Cookies
X-Transaction
X-D
X-Date
X-Cache-Expires
X-Cache-ASPX
X-A-Dam
X-A-Dcw
X-A-Dgt
X-A-Wwc
X-A-Ccd
X-A
Thinkindot-Control
UCS
X-DPWN-IS-SECURE
X-Accel-Expires-Debug
X-Aed
X-ARC
X-B-Cookie
X-BB-ID
X-Twitter-Response-Tags
X-IN-APIGATEWAY
X-IN-WAF
X-Instart-Isnd
X-Application
X-NX-Host
Thinkindot-CacheControl-Type
Meta-Geo-Continent
X-ScT
X-Rojux
X-S-Cookie
X-Server-Group
Xc-Version
X-Request-UUID
X-CACHE-KEY
X-Rewrite-Enabled
X-SRCache-Key
X-Cache-Backend
User-Cache-Control
X-Geo-Header
True-Client-Country-4JS
X-Hnp-Log
X-Hash
X-Refresh
X-ServiceProvider
X-Sf
X-Gen-Mode
SRV
Web-Mar-Node
X-RateLimit-Remaining-Second
X-Key
X-Irp-Debug
X-Swa-Ws
X-LAGOON
Proxy-Connection
X-Info
Pagetype
Server-Host
Pramga
X-RateLimit-Limit-Second
X-Gannett-Site-Version
RNT-Time
Server-Int
X-Rebelmouse-Surrogate-Control
X-Crawler
X-Distil-CS
X-Distributor
X-Cms-Context
X-Eu-Site
X-CGP
X-Dispatcher-Server
X-Device-Os
X-Debug-Cache-Store
X-Secret
X-Debug-Cache-Fetch
X-Debug-Cache-Expiry
X-Sedo-Request-Id
X-F5-Cache
X-TT-LOGID
X-Block-Status
X-C
X-Rebelmouse-Cache-Control
X-Amzn-Remapped-Date
X-Amzn-Remapped-Connection
X-Reboot
X-Cache-Debug
X-Cache-Info
X-Cache-Miss-From
X-Cache-Id
X-Cache-Host
X-SIPLIST1
X-Up
RNT-Machine
X-Origin-Date
X-No-Session
X-Qloud-Router
X-PHP-Host
Cache-Cookie-Set-Idcheck
X-Via-SSL
Backend
X-Webstats-RespID
X-Via-Edge
Cache-Cookie-Set-Lfrom
Fastly-SWR
Content-Disposition
Fastly-SIE
Fastly-Backend-Name
X-Page-Type
X-Li-Fabric
Cache-Cookie-Set-From
X-Nginx-Cache-Key
AKAMAI
Country-Code
Fastly-Soc-X-Request-Id
X-Platform
X-Origin-Expires
Memcached
X-LI-UUID
X-VG-WebServer
Lfy
X-LI-Proto
CDCHOST
X-Varnish-Url
X-Li-Pop
X-Request-URI
Kp-EeAlive
Magicmarker
IsBot
Heartbleed
HA-Ipaddr
Ha-Gx-Prefs
X-Location
X-Policy
X-Proxy-Upstream
X-Proxy-Cache-Status
X-Varnish-Beresp-Status
X-FireWall-Port
X-Varnish-Beresp-Grace
X-Sorting-Hat-PodId
X-Cache-Bucket
X-Bip
X-Cache-FS-Status
X-Core-Mission
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Wikidot-Backend
X-Sorting-Hat-ShopId
X-Wikidot-Static-Cache
X-Planisys-CDN-Cache
X-Ah-Environment
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Apple-News-Services-Handled
Adler-Geo
X-Epic-Correlation-Id
Apple-News-Services-Request-Url
X-Alternate-Cache-Key
X-GeoIP-Country-Code
X-ShopId
X-Shopify-Stage
X-MSEdge-Features
X-ShardId
Fastly-SSL
X-GeoIP-City
X-S-Maxage
X-Thanos
X-Level-Front-Cache
Platform
X-Variation
Is-Eu
HTTPS
X-WPE-Loopback-Upstream-Addr
SD-X-WS
X-User
X-Real-Ip
X-MSEdge-Flight
X-BBXSRF
X-Amzn-Remapped-Content-Length
X-Servername
X-Fetched-On
X-Amz-Meta-Cache-Control
X-Backend-State
X-Generated-On
X-SN
X-Node-Id
X-Fastly-Cache
X-TrackingId
X-Owner
X-Gateway-Skip-Cache
X-Gateway-Cache-Status
X-Gateway-Cache-Key
X-Server-IP
DSUID
X-Auto-Login
X-Server-Time
X-Cdn-Srv
X-Backend-Host
X-Backend-Url
X-Skip-Cache
X-Micro-Cache
Section-Io-Cache
X-GZip
X-RateLimit-Reset
Powered-By
Server-ID
FNAC-ModuleRouting
X-CUA
X-Nc
ServerName
X-Varnish-Beresp-Ttl
Fastcgi-Useragent
Cteonnt-Length
X-Org
X-Dc
Pragrma
X-Load-Cache
X-Svr
X-Server-By
Gh-Request-Id
X-Returned-From-PostProcessResponse
X-Returned-From-BeforeDispatch
X-Returned-From
X-Passed-To-PostProcessResponse
X-Original-Request
X-Passed-To
X-Returned-From-DLL
X-Passed-To-BeforeDispatch
X-Passed-To-DLL
X-Stale
REQUESTUUID
X-Pjax-Url
X-Aicache-OS
X-Parent-Response-Time
VivaBuild
Viewtype
X-Actual-URL
X-Cdn-Origin
X-CDN-Forward
X-Apm-Svc-Key
Host-ID
X-VServer
X-HS-Cache-Config
V-Age
X-FPC
X-Croise-Owner
X-Apm-Inst-Hash
X-Apm-App-Name
X-Sn-Servicetimems
MIME-Version
X-Unique-ID
X-Geo
X-ND-Cache
Cdn-Host
X-Exp-Se
X-Edge-Server
Rt-Proxy-Cache
Cdn-Request-Time
X-NC
X-Microcachable
X-Gdpr
X-CSRF-TOKEN
Mime-Version
X-Ua-Device
X-Served-From
Cache
SID
X-Oss-Request-Id
Memory
ProcessTime
X-Oss-Storage-Class
X-Oss-Server-Time
X-Oss-Object-Type
Time
X-Oss-Hash-Crc64ecma
X-B3-Parentspanid
PICS-Label
X-Servedbyhost
X-Wa
X-V
HostName
X-Req
X-Git-Hash
X-Tb-Optimization-Total-Bytes-Saved
Cf-Ipcountry
Wxu-Next-Region
Wxu-Next-Hostname
X-Newrelic-Synthetics
Wxu-Next-Commit
Resin-Trace
X-DC
X-From-Cache
Odigeo-Trace-Id
AR-SID
X-Cache-HT
X-Optimization
X-HTML-Minification-Powered-By
X-Lb-Id
CF-IPCountry
Cdn
X-Varnish-Beresp-TTL
X-Fstrz
X-Release
X-Vcache
X-TH-Server
X-Response-By
X-WebServer
Public-Key-Pins-Report-Only
X-Ratelimit-Remaining
X-Host-Name
X-Atg-Version
XServer
GMS-Ver
Proxy-Firewall
X-Phone
X-Fastly-Backend-Reqs
X-GEO
X-ID
X-Vcl-Version
X-Instart-Info
X-APP
Processtime
Fastcgi-X-Cache-Version
X-WR-MODIFICATION
X-Ratelimit-Limit
X-LB-ID
X-Daa-Tunnel
Backend-Name
WZWS-RAY
X-Upstream-CT
X-Upstream-HT
CF-Cached-On
X-CACHE-AGE
X-CLOUD-TRACE-CONTEXT
X-Worker
X-Nananana
X-Amz-Meta-Surrogate-Control
X-Check-Cacheable
X-Zone
Xxline
X-NGINX-Cache
286prxHost
188prxHost
178proxuri
X-WA
189phosttRef
219prxHost
355prline
352pxline
225prxHost
409pxxline
X-Server-W
Countrycode
X-UE-Client-Country
X-Clientip
GW-Server
Mobile-Detection-Method
X-We-Are-Hiring
X-B3-SpanId
X-IPS-LoggedIn
Version
Pics-Label
SS
X-Ratelimit-Reset
X-URL
X-HS-Status
X-Fastly-Country-Code
X-Hyper-Cache
X-ServedByHost
Lb
Ohc-File-Size
X-Backend-TTL
Geoip-Latitude
GeoIp-Country-Code
X-CSRF-Token
SN
DataCenter
Geoip-City
Esi-Enabled
FSS-Cache
Amp-Access-Control-Allow-Source-Origin
FSS-Proxy
X-SERVER-NAME
X-PF-Uncompressing
X-HS-Combine-CSS
X-Dynatrace
X-SRV
X-GZIP
X-VCL-Version
X-Render-Time
X-BE
X-UPSTREAM-Address
X-HostName
X-Request-Start
X-Contensis-Viewer-Groups
X-AssetVersion
URI
Serverid
X-Akamai-Request-ID2
X-GDPR
GeoIP-Latitude
X-Fpc
X-LiteSpeed-Cache-Control
X-Via-Ucdn
X-CS
Accept-Language
X-Be
GeoIP-Country-Code
WP-Super-Cache
Ohc-Cache-HIT
GeoIP-City
X-Unique-Id
X-Vtex-Remote-Cache
X-RequestId
X-Vtex-Processado-Em
X-NWS-UUID-VERIFY
X-PJAX-URL
X-ZONE
CDN
X-Gen-Id
X-UCC
X-FORWARDED-FOR
Dynatrace
Locale
X-ABtesting
X-Via-NSCOPI
X-Flog
X-Fastly-Cache-Hits
Who
X-Html-Edge-Cache
X-Varnish-Action
RequestUuid
X-Urbn-Context-Path
X-Pf-Uncompressing
X-Reqid
Cneonction
X-Urbn-Site-Id
X-Hello
X-Cache-Ttl
X-Cdn-Cache
A
X-LiteSpeed-Tag
Server-Id
X-Cache-URL
X-Store
Accept-Ch
X-Request-Url
X-NGENIX-Cache
X-Akamai-SSL-Client-Sid
X-Dw-Trace-Id
X-Port
X-Cdn-Request-ID
Ohc-Response-Time
X-Serial
Frontcache
Is-Session-Tracking
Get-Access-Time
X-ServerName
NnCoection
X-HTML-Edge-Cache
X-EC-Lua