Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
X-Powered-By
ETag
Link
CF-RAY
X-XSS-Protection
Expect-CT
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
CF-Cache-Status
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-AspNet-Version
X-Xss-Protection
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
Alt-Svc
X-Check
X-Request-ID
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
X-Cache-Status
CF-Ray
X-Permitted-Cross-Domain-Policies
X-AspNetMvc-Version
X-DNS-Prefetch-Control
X-Template
X-Language
Status
X-Iinfo
Content-Encoding
Timing-Allow-Origin
X-Buckets
X-FRAME-OPTIONS
X-Content-Security-Policy
X-CDN
Upgrade
Xkey
X-Turbo-Charged-By
X-Kinja-Server-Push
Keep-Alive
Access-Control-Expose-Headers
X-Backend
X-Cache-Group
X-Pass-Why
X-AH-Environment
P3p
Access-Control-Max-Age
X-Drupal-Dynamic-Cache
X-Age
X-Ua-Compatible
X-Pingback
X-Server
X-Via
X-Proxy-Cache
Grace
X-Amz-Request-Id
X-Amz-Id-2
X-Hacker
WPE-Backend
X-Robots-Tag
X-Varnish-Cache
X-Server-Powered-By
X-Nginx-Cache-Status
X-Page-Speed
X-UA-Device
EagleId
Request-Context
X-Envoy-Upstream-Service-Time
Cf-Railgun
X-Amz-Version-Id
X-LiteSpeed-Cache
X-WebKit-CSP
X-Swift-CacheTime
X-Swift-SaveTime
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-OneAgent-JS-Injection
X-Device
Ali-Swift-Global-Savetime
Allow
Server-Timing
X-Ac
X-CST
X-Rq
X-Node
X-Host
Feature-Policy
Content-Location
X-Type
X-Cnection
X-Response-Time
X-Server-Id
Report-To
X-Backend-Server
X-Cloud-Trace-Context
X-Application-Context
Surrogate-Control
EagleEye-TraceId
X-Iejgwucgyu
X-ORACLE-DMS-ECID
X-Url
X-Readtime
X-Origin-Cache
Request-Id
X-Rack-Cache
X-Country
X-FTR-Request-ID
X-Clacks-Overhead
X-Cache-Lookup
X-Country-Code
Rating
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
NEL
X-Instart-Request-ID
X-Ruxit-JS-Agent
X-Vhost
Pinterest-Generated-By
X-Dns-Prefetch-Control
X-Mod-Pagespeed
X-DynaTrace
X-Upstream-Env
X-Origin-Upstream-Status
X-DataDome
X-Px
Edge-Control
X-Goog-Hash
Verso
X-Server-Name
X-ESI
Accept-CH
X-Dispatcher
X-HW
MS-Author-Via
X-VARITI-CCR
X-GitHub-Request-Id
X-DataStream-Cache-Status
AR-CACHE
AR-ATIME
PB-PID
X-Mobile-Rewrite
Arc-Version
PB-RID
AR-PoweredBy
X-MS-InvokeApp
X-GoogleNews-Bot
X-Exp-Id
X-Cdn-Fetch
X-Exp-Variant
X-ORACLE-DMS-RID
X-Kinja-Server
X-Kinja
X-Kinja-Revision
X-Use-Magma
X-Kinja-Build
Charset
X-Cached
X-Version
Content-MD5
X-Powered-By-Plesk
X-Recruiting
Public-Key-Pins
X-Server-ID
Service-Worker-Allowed
Accept-CH-Lifetime
AR-Request-ID
X-D2id
X-Navigation-Version
X-Abt-Application-Version
Ar-Sid
RTSS
X-PC
X-TtlSet
X-Vname
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Ser
X-Varnish-TTL
X-Trace
X-Forwarded-Proto
X-Amz-Server-Side-Encryption
X-Vcap-Request-Id
X-Client-IP
SPRequestGuid
X-TTL
X-DynaTrace-JS-Agent
Nginx-Cache
X-FTR-Backend
X-FTR-Cache-Status
X-FTR-Backend-Server
X-Country-Code-Real
X-FTR-DC
X-FTR-Realm
X-FTR-Balancer
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Goog-Stored-Content-Length
X-VCache
X-FTR-Expires
X-Amz-Rid
X-SharePointHealthScore
X-Ttl
X-Fastly-Request-ID
S
X-Amz-Meta-S3cmd-Attrs
X-Debug
Arr-Disable-Session-Affinity
X-Oracle-Dms-Rid
X-Shield-Request-Id
TCN
X-Hits
X-Dw-Request-Base-Id
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-XRDS-Location
DynaTrace
SPIisLatency
SPRequestDuration
Pinterest-Version
X-Pinterest-Rid
X-Upstream-Proxy
Access-Control-Request-Method
X-T
X-Akam-SW-Version
X-Goog-Storage-Class
X-FTR-Cache-Host
X-Powered-CMS
Front-End-Https
X-Id
X-NF-Request-ID
X-SERVER
X-Acc-Meta-Resource-Type
X-Amzn-Trace-Id
Tracecode
Realpath
X-MSEdge-Ref
Fastcgi-Cache
X-B3-TraceId
X-Aspnet-Version
Paypal-Debug-Id
X-N
X-Varnish-Age
X-Forwarded-For
X-Content-Type
X-Upstream
Alternate-Protocol
Mrf-Cache-Status
MRF-Tech
X-Mrf-Section-Lastmod
X-B3-TraceId-Primal
X-Mrf-Item-Lastmod
X-RateLimit-Remaining
X-Sol
X-Middleton-Display
Display
X-Frontend
X-Logged-In
X-PressLabs-Stats
Response
X-Middleton-Response
X-HS-Hub-Id
X-HS-Content-Id
X-Content-Digest
Fusion-Content-Id
Fusion-Content-Source
Fusion-Template-Id
Fusion-Component-Id
Fusion-Source
AMP-Access-Control-Allow-Source-Origin
X-Hostname
X-Litespeed-Cache
X-Fastcgi-Cache
X-Srv
X-B3-Traceid
X-Accel-Buffering
X-Pad
X-Accel-Expires
X-Cache-Key
X-Kinsta-Cache
Server-Name
MicrosoftSharePointTeamServices
Host
X-Content-Options
X-User-Agent
Backend-Timing
X-Analytics
X-Correlation-Id
Refresh
X-Revision
X-Debug-Info
X-LB-Cache
X-AppVersion
X-Amzn-RequestId
X-Az
X-Activity-Id
X-Amz-Apigw-Id
X-Rid
X-IPLB-Instance
Accept-Charset
X-B
FilterID
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
X-DIS-Request-ID
X-Cache-Hit
X-B3-Sampled
X-Cache-2
Powered-By-ChinaCache
X-CF-Powered-By
Surrogate-Key
X-Grace
ServerID
X-FastCGI-Cache
X-Page-Id
X-Whom
Server-Info
X-PHP-Backend
TP-Cache
TP-L2-Cache
Host-Header
MS-CV
X-Request-Received
X-Request-Processing-Time
X-Content-Security-Policy-Report-Only
X-Amz-Replication-Status
X-Origin-Server
X-Akamai-Edgescape
X-Cached-By
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
Source
X-Varnish-Backend
X-TT
X-Cache-Action
X-UA-Device-Type
X-App-Environment
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Framework
X-Cluster
Cache-Status
X-Mobile
X-Platform-Server
X-Tumblr-User
X-Content-Powered-By
Access-Control-Allow-Method
X-Webkit-CSP
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Ezoic-Cdn
X-Varnish-Grace
X-Shard
X-F-Cache
X-Drupal-Cache-Tags
X-FW-Server
X-FW-Static
X-FW-Type
X-FW-Hash
X-FW-Serve
X-Request-Guid
X-Ruxit-Js-Agent
X-Instance
X-Zen-Fury
X-SS-Set-Cookie
X-Handled-By
X-FB-Debug
X-RateLimit-Limit
X-Geo-Country
X-GUploader-UploadID
X-Magnolia-Registration
X-Cache-TTL
X-Forwarded-Host
Edge-Cache-Tag
From-Origin
X-ATG-Version
PageSpeed
X-Node-Name
X-Cache-Age
CACHE
X-App-Server
X-Varnish-Hostname
X-Varnish-Server
DC
Cleartype
Cache-Tags
X-AOL-HN
X-BCube-Filmed-By
X-XRDS-LOCATION
X-Cache-Control
Payment
Upgrade-Insecure-Requests
X-Region
Healthy
X-RequestSource
X-Response-Served-From
Filters
X-Generated-By
X-WebKit-CSP-Report-Only
X-Adobe-Content
X-TX-ID
X-Adobe-Loc
X-GeoIP
Cache-Tv-Group
X-TT-TIMESTAMP
NGB
Server-Node
X-VG-WebCache
Webserver
X-Redis-Cache
X-Storage
Country
Ms-Operation-Id
X-RTag
X-Drupal-Cache-Contexts
X-B-Cache
X-Jobs
X-Tumblr-Pixel-1
Actual-Object-TTL
X-Signature
X-Tumblr-Pixel-2
Retry-After
X-UUID
X-FW-Dynamic
X-Wix-Server-Artifact-Id
X-Content-Age
Fastly-Restarts
X-Cache-Rule
X-Locale
X-Cacheable-TTL
X-Varnish-Hits
GEO-INFO
ServedBy
X-Seen-By
Liferay-Portal
X-Contextid
Powered
X-Via-JSL
Frame-Options
X-TA-CDN-Provider
HitType
X-Rendered-As
X-Cache-TTL-Remaining
X-Varnish-IP
X-Oneagent-Js-Injection
X-BACKEND-TTL
X-Guploader-Uploadid
X-Real-IP
X-Yottaa-Optimizations
X-Yottaa-Metrics
Viewport
S-Cnection
X-WA-Info
X-Cache-Server
X-ProcessESI
X-Upgrade-Enabled
X-RemovedCookies
Content-Script-Type
Eomportal-Instance
Content-Style-Type
Datacenter
X-GRACE
NtCoent-Length
X-Mode
Xserver
X-Cache-NE
X-Cache-Config
Nel
X-Esi
Cache-Key
X-Path-Route
X-Routing-Service
Mn-Server-Ip
ViewerVersion
X-Detected-As
X-Device-Type
X-Varnish-Cache-Hits
X-Is-Bot
X-RN-RSRV
X-Wix-Request-Id
Load-Balancing
X-Proxied
X-Time
Machine
Meta-Geo
Cache-Hits
X-Proto
X-Akamai-Transformed
X-S
X-Cache-Var
X-Zipkin-Id
X-Hl-Ver
X-ES-SERVER
X-Cache-Var-Map
X-Endurance-Cache-Level
X-VG-TLSProxy
L5d-Success-Class
X-Hosted-By
X-AWS-Id
X-L-Path
X-Viewer-Country
Access-Control-Request-Headers
X-Origin-Hint
X-From
X-VWS-Id
X-Access
X-Cache-Enabled
X-LJ-Flow-ID
Webcakes-Region
TWC-Device-Class
TWC-GeoIP-Country
TWC-GeoIP-LatLong
X-Section
OT-Force-Account-Verify
X-Environment-Context
TWC-Connection-Speed
Property-Id
TWC-Locale-Group
TWC-Privacy
We-Hiring
Webcakes-App-Name
Webcakes-App-Version
Mail-Subject
X-NewRelic-App-Data
X-FC-Vary-Parameters
Vix-Hermes-Req-Id
Azure-InstanceId
X-Labrador-Cache-Channel
Origin-Edge-Control
X-Debug-Cache
X-Akamai-Request-ID
X-Backend-Name
X-Birta-Cache-Post
X-Birta-Served
S-Rt
Origin-Cache-Control
Azure-SiteName
Azure-SlotName
Azure-Version
DB-Nickname
Azure-RegionName
X-FW-Version
X-Tb
X-Status
X-Format
X-Proxy
X-Via-CDN
X-ServerID
X-TNCMS
X-Time-Microsecs
X-EIG-Tracking-Id
X-Loop
X-Origin-Response-Time
X-Web-Node
X-FB-TRIP-ID
X-IP
Now
X-Varnish-Cacheable
X-Timing-Wait
NGX
X-Xfnlog-Site
X-Tumblr-Pixel-3
Selected-FE
X-Human
X-Trace-Id
X-Cache-Operation
X-Proxy-Build
X-JoinUs
Cache-Tag
X-PCL
X-BYPASS-REASON
X-CCM
X-OCL
Decoy-Debug-Status
Decoy-Debug-Key
X-ProxyCache-Key
X-Via-Fastly
X-ProxyCache-Status
Decoy-Debug-TTL
X-NCache
X-Www-Served-By
X-Cache-Category-Id
X-Generated
X-Grey
X-Site-Version
X-Cdn
X-MP-GENERATED-AT
X-Rocket-Nginx-Bypass
Uber-Trace-Id
X-Vgn-Hpd-Reason
Served-By
X-CDN-Cache
X-NWS-LOG-UUID
X-Internal-Host
X-VC-Cache
X-Sucuri-ID
X-R9-Blue-Green-Version
X-Dynatrace-Js-Agent
X-RCS-CacheZone
X-UA
X-EdgeConnect-Cache-Status
X-Rule
LB
X-Origin-Host
AsisCache
X-Cache-Remote
X-Newrelic-App-Data
X-Cluster-Node
X-UnsetCookies
Release
Pagespeed
Rt-Fastcgi-Cache
User-Agent
X-TIME
X-App-Name
X-ApacheServer
X-PERF
X-B3-Spanid
X-Nginx-Cache
X-Source
X-Agile-Age
Hostname
X-Agile-Id
X-Agile
X-APP-VERSION
X-Datadome
X-Ua
Cache-Name
X-Request-Time
X-Edge-Location
X-App-Version
X-Ocache
X-Sucuri-Cache
X-Pubstack
X-OVcl
X-Origin
X-Hit
X-OVcl-Cache
X-Goog-Meta-Goog-Reserved-File-Mtime
X-VCT
X-Origin-TTL
X-Edge-IP
Warning
X-Origin-CC
X-Protected-By
X-ElasticPress-Search
Server-Cache-Control
X-Varnish-Authentication
N-Cache
Node
On-Server
Request-Country
Request-Time
Meta-Geo-Continent
Request-EU
Rendered-Blocks
X-Var-Ttl
Origin
BehaviorPad-Version
Arc-Country
X-Gannett-Site-Version
Ajk
Xc-Version
X-Hp-Webp
Cache-Prefix
Cross-Origin-Window-Policy
X-Region-Sid
X-Generated-In
X-VG-WebServer
Fly-Request-Id
Fly-Cache
MD5-Digest
UCS
X-Connection-Hash
X-Thinkindot-L3
X-D
X-Date
X-Transaction
X-CF-Lambda-Version
X-Cache-Grace
X-Trv-Group
X-CF-Lambda-Fn
X-Debug-Cache-Expiry
X-Debug-Cache-Fetch
X-Developers
X-DPWN-IS-SECURE
X-External-Request-Id
X-Developer
X-Destination
X-Debug-Cache-Store
X-Debug-Cookies
X-Debug-Log
X-Cache-Expires
X-Cache-ASPX
Www
X-A
X-A-Ccd
X-A-Dam
X-Request-UUID
Thinkindot-Control
X-G
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
X-A-Dcw
X-A-Dgt
X-ARC
X-B-Cookie
X-BB-ID
X-Application
X-Twitter-Response-Tags
X-A-Wwc
X-Accel-Expires-Debug
X-Aed
Server-Surrogate-Control
Ec-Rule-Version
X-ScT
X-Rojux
X-NX-Host
X-Processor
X-CACHE-KEY
X-NU-AKA-ACS-Version
X-NodeID
X-Logtrace-Id
X-Secret
X-S-Cookie
X-Mobile-URL
X-Platform
X-SRCache-Key
X-Rewrite-Enabled
X-PAYTM-SRV-ID
X-Server-Group
X-IN-WAF
X-Instart-Isnd
X-IN-APIGATEWAY
X-Matched-Rule
X-Cdn-Forward
X-Cache-Backend
X-C
RNT-Machine
X-Cms-Context
X-PHP-Host
X-SIPLIST1
X-Sedo-Request-Id
X-CGP
X-RateLimit-Remaining-Second
X-Refresh
RNT-Time
Proxy-Connection
Pagetype
X-No-Session
X-Location
X-Li-Fabric
X-SN
X-Crawler
Pramga
X-Core-Value
Server-Host
X-Block-Status
X-TT-LOGID
Server-Int
X-Up
X-ServiceProvider
Web-Mar-Node
X-Cache-Info
X-Rebelmouse-Surrogate-Control
X-Servername
X-Page-Type
X-Cache-Debug
X-Cache-Host
X-Cache-Id
X-F5-Cache
X-Amzn-Remapped-Date
User-Cache-Control
X-Cache-Miss-From
X-Li-Pop
SRV
X-Origin-Expires
X-Origin-Date
X-LI-Proto
X-Nginx-Cache-Key
X-Sf
True-Client-Country-4JS
X-Rebelmouse-Cache-Control
X-LI-UUID
X-Amzn-Remapped-Connection
Memcached
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Apple-News-Services-Handled
AKAMAI
X-Key
Apple-News-Services-Request-Url
Backend
CDCHOST
X-Distil-CS
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-From
X-LAGOON
X-Qloud-Router
X-Irp-Debug
X-Eu-Site
X-Epic-Correlation-Id
X-Swa-Ws
X-RateLimit-Limit-Second
X-Request-URI
X-Reboot
X-Proxy-Upstream
X-Hash
X-Proxy-Cache-Status
X-Webstats-RespID
X-Hnp-Log
X-Info
X-Geo-Header
Cache-Cookie-Set-Idcheck
X-Dispatcher-Server
X-Varnish-Url
X-Policy
IsBot
Ha-Gx-Prefs
Magicmarker
Kp-EeAlive
HA-Ipaddr
Lfy
Heartbleed
X-Via-Edge
X-Via-SSL
X-Gen-Mode
Country-Code
Content-Disposition
X-Device-Os
Fastly-Backend-Name
Fastly-SWR
Fastly-Soc-X-Request-Id
Fastly-SIE
X-Varnish-Beresp-Grace
X-Varnish-Ttl
X-FireWall-Port
X-Varnish-Beresp-Status
X-BBXSRF
X-Node-Id
X-Bip
X-TrackingId
X-Distributor
X-MSEdge-Flight
X-Core-Mission
X-Cache-FS-Status
X-Cache-Bucket
X-Ah-Environment
X-MSEdge-Features
SD-X-WS
X-Variation
X-Sorting-Hat-ShopId
X-Level-Front-Cache
X-Planisys-CDN-TTL
X-Sorting-Hat-PodId
Platform
X-Real-Ip
X-Backend-Url
X-Gateway-Skip-Cache
X-S-Maxage
Is-Eu
Adler-Geo
X-GeoIP-Country-Code
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-GeoIP-City
X-Generated-On
HTTPS
Fastly-SSL
X-WPE-Loopback-Upstream-Addr
X-Skip-Cache
X-Gateway-Cache-Status
X-Alternate-Cache-Key
X-Planisys-CDN-Rules
X-Thanos
X-Amz-Meta-Cache-Control
X-Server-IP
X-Backend-State
X-Backend-Host
X-Amzn-Remapped-Content-Length
X-User
X-Fetched-On
X-Planisys-CDN-Cache
X-Shopify-Stage
X-Gateway-Cache-Key
X-ShardId
X-ShopId
DSUID
X-Micro-Cache
X-Auto-Login
X-Fastly-Cache
X-Cdn-Srv
X-Server-Time
X-Owner
X-Nc
X-GZip
Section-Io-Cache
FNAC-ModuleRouting
Cteonnt-Length
Powered-By
Server-ID
ServerName
X-CUA
X-RateLimit-Reset
X-Varnish-Beresp-Ttl
Fastcgi-Useragent
Pragrma
X-Org
X-Dc
X-Load-Cache
X-Svr
X-Parent-Response-Time
X-Returned-From
X-Returned-From-BeforeDispatch
X-Returned-From-DLL
Gh-Request-Id
X-Returned-From-PostProcessResponse
X-CDN-Forward
X-Passed-To
REQUESTUUID
X-Server-By
Viewtype
VivaBuild
X-Actual-URL
X-Stale
X-Pjax-Url
X-Original-Request
X-Aicache-OS
X-Passed-To-PostProcessResponse
X-Passed-To-BeforeDispatch
X-Passed-To-DLL
X-Apm-App-Name
X-Apm-Inst-Hash
X-Cdn-Origin
X-Sn-Servicetimems
X-Apm-Svc-Key
V-Age
X-FPC
Host-ID
X-VServer
X-Croise-Owner
X-HS-Cache-Config
MIME-Version
X-Unique-ID
Cdn-Host
Cdn-Request-Time
X-ND-Cache
X-NC
X-Exp-Se
Rt-Proxy-Cache
X-Edge-Server
X-Geo
X-Microcachable
X-Served-From
X-Gdpr
X-CSRF-TOKEN
Mime-Version
X-Ua-Device
Cache
Time
SID
Memory
X-Oss-Server-Time
X-Oss-Hash-Crc64ecma
X-B3-Parentspanid
PICS-Label
X-Oss-Object-Type
X-Oss-Request-Id
X-Oss-Storage-Class
ProcessTime
X-V
X-Wa
HostName
X-Servedbyhost
X-Req
X-Git-Hash
X-DC
Resin-Trace
Cf-Ipcountry
Wxu-Next-Hostname
Wxu-Next-Region
X-From-Cache
X-Tb-Optimization-Total-Bytes-Saved
Wxu-Next-Commit
X-Newrelic-Synthetics
Odigeo-Trace-Id
X-Cache-HT
X-Optimization
AR-SID
X-Lb-Id
X-HTML-Minification-Powered-By
CF-IPCountry
Cdn
X-Varnish-Beresp-TTL
X-Release
X-Fstrz
X-TH-Server
Public-Key-Pins-Report-Only
X-Response-By
X-WebServer
X-Atg-Version
X-Host-Name
GMS-Ver
Proxy-Firewall
X-Fastly-Backend-Reqs
X-Phone
XServer
Processtime
X-GEO
X-ID
CF-Cached-On
X-APP
X-Vcl-Version
X-Instart-Info
Fastcgi-X-Cache-Version
X-WR-MODIFICATION
X-Daa-Tunnel
X-LB-ID
X-Ratelimit-Remaining
X-Upstream-HT
Backend-Name
WZWS-RAY
X-Upstream-CT
X-Ratelimit-Limit
X-CLOUD-TRACE-CONTEXT
X-CACHE-AGE
X-Nananana
X-Worker
X-Amz-Meta-Surrogate-Control
X-Check-Cacheable
X-Zone
409pxxline
188prxHost
X-NGINX-Cache
X-Clientip
X-Server-W
178proxuri
Xxline
219prxHost
X-We-Are-Hiring
355prline
X-Vcache
286prxHost
189phosttRef
225prxHost
Mobile-Detection-Method
GW-Server
Countrycode
X-WA
352pxline
X-UE-Client-Country
X-B3-SpanId
X-Fastly-Country-Code
X-IPS-LoggedIn
X-Ratelimit-Reset
X-URL
X-HS-Status
X-CSRF-Token
X-Hyper-Cache
X-ServedByHost
Pics-Label
SS
Version
Lb
Ohc-File-Size
Geoip-Latitude
GeoIp-Country-Code
SN
X-Backend-TTL
DataCenter
Esi-Enabled
X-HS-Combine-CSS
FSS-Proxy
X-PF-Uncompressing
Geoip-City
FSS-Cache
X-SERVER-NAME
X-SRV
X-GZIP
X-Dynatrace
X-Render-Time
X-Request-Start
X-VCL-Version
X-UPSTREAM-Address
URI
X-BE
X-Contensis-Viewer-Groups
X-AssetVersion
Serverid
X-Akamai-Request-ID2
Ohc-Cache-HIT
GeoIP-Latitude
X-CS
X-Via-Ucdn
X-Fpc
X-Be
Accept-Language
X-GDPR
X-LiteSpeed-Cache-Control
GeoIP-Country-Code
WP-Super-Cache
GeoIP-City
X-Unique-Id
X-Vtex-Remote-Cache
X-RequestId
X-NWS-UUID-VERIFY
X-Vtex-Processado-Em
X-PJAX-URL
X-Gen-Id
CDN
X-UCC
X-ZONE
X-FORWARDED-FOR
X-HostName
Amp-Access-Control-Allow-Source-Origin
Dynatrace
Locale
X-ABtesting
RequestUuid
X-Html-Edge-Cache
Who
X-Fastly-Cache-Hits
X-Via-NSCOPI
X-Flog
X-Hello
Cneonction
X-Urbn-Context-Path
X-Pf-Uncompressing
X-Urbn-Site-Id
X-Reqid
X-Varnish-Action
X-Cdn-Cache
X-Cache-Ttl
Accept-Ch
X-LiteSpeed-Tag
X-Store
X-Cache-URL
Server-Id
A
X-Request-Url
X-Akamai-SSL-Client-Sid
X-NGENIX-Cache
Ohc-Response-Time
X-Cdn-Request-ID
X-Serial
X-HTML-Edge-Cache
Is-Session-Tracking
Get-Access-Time
NnCoection
X-ServerName
X-Port
Frontcache
X-Dw-Trace-Id
X-EC-Lua