Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
X-Powered-By
ETag
Link
CF-RAY
X-XSS-Protection
Expect-CT
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
X-Xss-Protection
CF-Cache-Status
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
Alt-Svc
X-Check
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
X-Cache-Status
CF-Ray
X-Request-ID
X-Permitted-Cross-Domain-Policies
X-AspNetMvc-Version
X-DNS-Prefetch-Control
X-Template
X-Language
Status
X-Iinfo
Content-Encoding
X-FRAME-OPTIONS
Timing-Allow-Origin
X-Buckets
X-Content-Security-Policy
Upgrade
X-CDN
Xkey
X-Turbo-Charged-By
X-Kinja-Server-Push
Keep-Alive
Access-Control-Expose-Headers
P3p
X-Backend
X-Cache-Group
X-Pass-Why
X-AH-Environment
Access-Control-Max-Age
X-Drupal-Dynamic-Cache
X-Age
X-Ua-Compatible
X-Pingback
X-Server
X-Proxy-Cache
X-Via
Grace
X-Amz-Id-2
X-Amz-Request-Id
X-Hacker
X-Robots-Tag
X-Server-Powered-By
X-Nginx-Cache-Status
X-Varnish-Cache
WPE-Backend
X-Page-Speed
X-UA-Device
EagleId
Request-Context
X-Envoy-Upstream-Service-Time
Cf-Railgun
X-Amz-Version-Id
X-LiteSpeed-Cache
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Swift-SaveTime
X-Swift-CacheTime
X-OneAgent-JS-Injection
X-WebKit-CSP
X-Device
Ali-Swift-Global-Savetime
Allow
Server-Timing
X-CST
X-Ac
X-Node
X-Rq
X-Host
Feature-Policy
Content-Location
X-Type
X-Server-Id
X-Cnection
X-Response-Time
Report-To
X-Backend-Server
X-Application-Context
Surrogate-Control
X-Cloud-Trace-Context
EagleEye-TraceId
X-Iejgwucgyu
X-ORACLE-DMS-ECID
X-Url
X-Readtime
X-Rack-Cache
Request-Id
X-Origin-Cache
X-Country
X-FTR-Request-ID
X-Clacks-Overhead
X-Cache-Lookup
X-Country-Code
Rating
NEL
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Instart-Request-ID
X-Dns-Prefetch-Control
Pinterest-Generated-By
X-Ruxit-JS-Agent
X-Vhost
X-Mod-Pagespeed
X-Upstream-Env
X-DynaTrace
X-Origin-Upstream-Status
X-Px
X-DataDome
Edge-Control
X-Goog-Hash
Verso
X-Server-Name
Accept-CH
X-Dispatcher
X-HW
X-ORACLE-DMS-RID
X-ESI
MS-Author-Via
X-GitHub-Request-Id
X-VARITI-CCR
X-DataStream-Cache-Status
X-Mobile-Rewrite
PB-PID
PB-RID
X-MS-InvokeApp
Arc-Version
Charset
AR-CACHE
AR-ATIME
AR-PoweredBy
X-Kinja-Revision
X-Kinja-Server
X-Kinja-Build
X-GoogleNews-Bot
X-Cached
X-Cdn-Fetch
X-Exp-Id
X-Exp-Variant
X-Kinja
X-Use-Magma
X-Version
Content-MD5
X-Powered-By-Plesk
X-Recruiting
Public-Key-Pins
Service-Worker-Allowed
AR-Request-ID
X-Abt-Application-Version
RTSS
Ar-Sid
Accept-CH-Lifetime
X-D2id
X-PC
X-Navigation-Version
X-Vname
X-TtlSet
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Server-ID
X-Ser
X-Varnish-TTL
X-Trace
X-Forwarded-Proto
X-TTL
X-Amz-Server-Side-Encryption
X-Client-IP
X-Vcap-Request-Id
SPRequestGuid
X-DynaTrace-JS-Agent
Nginx-Cache
X-Country-Code-Real
X-FTR-Cache-Status
X-FTR-Balancer
X-FTR-Backend
X-FTR-Realm
X-FTR-Backend-Server
X-FTR-DC
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Generation
X-FTR-Expires
X-Amz-Rid
X-SharePointHealthScore
X-VCache
S
X-Amz-Meta-S3cmd-Attrs
X-Fastly-Request-ID
X-Debug
Arr-Disable-Session-Affinity
TCN
X-XRDS-Location
X-Shield-Request-Id
X-Ttl
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Hits
X-Dw-Request-Base-Id
SPRequestDuration
SPIisLatency
X-Oracle-Dms-Rid
Pinterest-Version
X-Id
X-Upstream-Proxy
X-Pinterest-Rid
DynaTrace
X-Akam-SW-Version
Access-Control-Request-Method
X-SERVER
X-Goog-Storage-Class
X-FTR-Cache-Host
X-T
Front-End-Https
X-Powered-CMS
X-Aspnet-Version
X-NF-Request-ID
X-B3-TraceId
X-Acc-Meta-Resource-Type
Tracecode
Realpath
X-Amzn-Trace-Id
Fastcgi-Cache
X-MSEdge-Ref
X-Varnish-Age
X-Forwarded-For
X-N
Paypal-Debug-Id
X-Content-Type
X-Upstream
Alternate-Protocol
MRF-Tech
X-B3-TraceId-Primal
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
Mrf-Cache-Status
X-RateLimit-Remaining
X-Sol
X-Middleton-Display
Display
X-Frontend
X-HS-Hub-Id
X-PressLabs-Stats
X-Logged-In
X-HS-Content-Id
X-Middleton-Response
Response
Fusion-Source
Fusion-Content-Source
Fusion-Content-Id
Fusion-Component-Id
Fusion-Template-Id
AMP-Access-Control-Allow-Source-Origin
X-Content-Digest
X-Litespeed-Cache
X-Srv
X-Hostname
X-Accel-Buffering
X-Cache-Key
X-Pad
X-Accel-Expires
X-Fastcgi-Cache
X-Kinsta-Cache
X-Webkit-CSP
MicrosoftSharePointTeamServices
Server-Name
X-B3-Traceid
X-User-Agent
Host
X-Content-Options
X-Analytics
Backend-Timing
X-Correlation-Id
X-LB-Cache
X-Revision
X-Debug-Info
X-Rid
Refresh
X-IPLB-Instance
Accept-Charset
X-Amz-Apigw-Id
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
X-DIS-Request-ID
FilterID
X-Amzn-RequestId
X-Cache-2
X-B
X-Cache-Hit
X-Activity-Id
X-AppVersion
X-Cdn
X-Az
X-B3-Sampled
ServerID
Surrogate-Key
X-CF-Powered-By
Powered-By-ChinaCache
X-FastCGI-Cache
X-Grace
X-Page-Id
X-Whom
Server-Info
X-PHP-Backend
TP-L2-Cache
TP-Cache
Host-Header
X-Request-Received
X-Request-Processing-Time
X-Content-Security-Policy-Report-Only
X-Ruxit-Js-Agent
VIX-Pulpo-Node
X-Varnish-Backend
X-Akamai-Edgescape
X-TT
Source
VIX-Pulpo-Upstream-Status
MS-CV
X-Origin-Server
X-Kong-Proxy-Latency
X-Cache-Action
X-Framework
X-App-Environment
X-UA-Device-Type
X-Kong-Upstream-Latency
X-Cluster
Access-Control-Allow-Method
X-Tumblr-Pixel
X-Tumblr-User
X-Tumblr-Pixel-0
Cache-Status
X-Amz-Replication-Status
X-GUploader-UploadID
X-Platform-Server
X-Cached-By
X-F-Cache
X-Content-Powered-By
X-RateLimit-Limit
X-Drupal-Cache-Tags
X-Instance
X-Varnish-Grace
X-Mobile
X-Request-Guid
X-FW-Static
X-Ezoic-Cdn
X-FW-Type
X-FW-Hash
X-Shard
X-FW-Serve
X-FW-Server
X-Zen-Fury
X-Handled-By
X-Geo-Country
X-SS-Set-Cookie
X-FB-Debug
X-Magnolia-Registration
PageSpeed
Edge-Cache-Tag
X-Forwarded-Host
X-Cache-TTL
From-Origin
X-ATG-Version
X-App-Server
X-Cache-Age
X-Node-Name
CACHE
X-Varnish-Server
X-Varnish-Hostname
DC
Cache-Tags
Cleartype
X-AOL-HN
X-BCube-Filmed-By
X-Cache-Control
Payment
X-Region
X-Wix-Server-Artifact-Id
X-Response-Served-From
X-RequestSource
X-Generated-By
Upgrade-Insecure-Requests
Healthy
X-WebKit-CSP-Report-Only
X-GeoIP
X-TX-ID
X-Adobe-Content
X-Adobe-Loc
X-VG-WebCache
X-UUID
X-Storage
X-TT-TIMESTAMP
Filters
Webserver
Cache-Tv-Group
Country
X-Jobs
X-B-Cache
X-Tumblr-Pixel-1
X-Signature
X-RTag
X-Tumblr-Pixel-2
X-Drupal-Cache-Contexts
Ms-Operation-Id
Actual-Object-TTL
X-FW-Dynamic
X-Cacheable-TTL
NGB
X-Redis-Cache
GEO-INFO
Retry-After
Server-Node
X-Content-Age
X-XRDS-LOCATION
X-Cache-Rule
ServedBy
X-Varnish-Hits
X-Seen-By
X-Locale
Fastly-Restarts
Liferay-Portal
X-Esi
X-Contextid
X-Via-JSL
Powered
X-Rendered-As
X-Oneagent-Js-Injection
Frame-Options
HitType
X-Cache-TTL-Remaining
X-Real-IP
X-Varnish-IP
X-TA-CDN-Provider
S-Cnection
X-Yottaa-Optimizations
X-BACKEND-TTL
X-Yottaa-Metrics
X-WA-Info
X-Guploader-Uploadid
X-GRACE
Content-Script-Type
Content-Style-Type
Viewport
X-Cache-Server
X-Upgrade-Enabled
ViewerVersion
Datacenter
Eomportal-Instance
X-Mode
X-Wix-Request-Id
NtCoent-Length
X-Cache-NE
X-Cache-Config
X-Time
Xserver
X-Varnish-Cache-Hits
X-Cache-Var-Map
Cache-Key
Cache-Hits
X-RemovedCookies
Machine
X-Akamai-Transformed
X-Detected-As
Mn-Server-Ip
Meta-Geo
Load-Balancing
X-Endurance-Cache-Level
X-ProcessESI
X-Cache-Var
X-Hl-Ver
X-From
X-RN-RSRV
X-Proto
X-S
X-Is-Bot
X-Device-Type
X-Path-Route
X-Routing-Service
X-Proxied
X-ES-SERVER
X-Zipkin-Id
TWC-Connection-Speed
X-Origin-Hint
Access-Control-Request-Headers
TWC-Locale-Group
TWC-GeoIP-LatLong
TWC-GeoIP-Country
L5d-Success-Class
Property-Id
X-VG-TLSProxy
Mail-Subject
X-LJ-Flow-ID
X-Viewer-Country
X-VWS-Id
OT-Force-Account-Verify
X-Section
TWC-Device-Class
X-Environment-Context
X-Access
Webcakes-App-Version
X-AWS-Id
TWC-Privacy
X-FC-Vary-Parameters
X-Backend-Name
X-Cache-Enabled
X-Hosted-By
Webcakes-Region
Vix-Hermes-Req-Id
X-L-Path
We-Hiring
Webcakes-App-Name
Azure-SlotName
X-Birta-Served
X-Via-CDN
Azure-Version
Azure-SiteName
X-TNCMS
X-Debug-Cache
X-EIG-Tracking-Id
DB-Nickname
X-Tb
X-Proxy
X-Origin-Response-Time
Origin-Edge-Control
S-Rt
X-Loop
X-Labrador-Cache-Channel
Origin-Cache-Control
Now
X-Status
X-ServerID
X-Format
X-Akamai-Request-ID
X-Birta-Cache-Post
X-Web-Node
Azure-InstanceId
Azure-RegionName
X-IP
X-OCL
X-PCL
X-Human
X-CCM
Cache-Tag
X-BYPASS-REASON
X-Proxy-Build
X-FW-Version
X-ProxyCache-Status
X-Xfnlog-Site
NGX
X-FB-TRIP-ID
X-Tumblr-Pixel-3
X-Trace-Id
Selected-FE
X-Time-Microsecs
X-Timing-Wait
X-ProxyCache-Key
X-JoinUs
X-Cache-Operation
X-Newrelic-App-Data
X-MP-GENERATED-AT
X-Internal-Host
X-Generated
X-Grey
Decoy-Debug-Status
Decoy-Debug-TTL
X-Cache-Category-Id
X-Via-Fastly
X-Varnish-Cacheable
X-NCache
Decoy-Debug-Key
Served-By
Uber-Trace-Id
X-Dynatrace-Js-Agent
X-Rocket-Nginx-Bypass
X-Vgn-Hpd-Reason
X-NewRelic-App-Data
X-Site-Version
X-Www-Served-By
X-Origin-Host
X-VC-Cache
X-Sucuri-ID
X-EdgeConnect-Cache-Status
X-NWS-LOG-UUID
X-R9-Blue-Green-Version
LB
X-Rule
X-CDN-Cache
X-RCS-CacheZone
AsisCache
X-UA
X-Cache-Remote
User-Agent
X-Cluster-Node
X-UnsetCookies
Release
Nel
X-App-Name
Rt-Fastcgi-Cache
X-PERF
X-ApacheServer
X-TIME
X-Datadome
X-Agile-Id
X-Agile
Pagespeed
X-Agile-Age
X-Ua
X-B3-Spanid
X-Source
X-Nginx-Cache
Hostname
Cache-Name
X-APP-VERSION
X-App-Version
X-Request-Time
X-Edge-Location
X-Sucuri-Cache
X-Edge-IP
X-Ocache
X-Pubstack
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Origin
Warning
X-Hit
X-ElasticPress-Search
X-VCT
X-Origin-CC
X-Origin-TTL
X-OVcl
X-OVcl-Cache
X-VG-WebServer
Fly-Request-Id
X-Developer
X-IN-WAF
X-Twitter-Response-Tags
X-Debug-Cache-Store
X-Up
Arc-Country
Fly-Cache
X-Debug-Log
X-Destination
X-NodeID
X-NX-Host
Cache-Prefix
X-NU-AKA-ACS-Version
BehaviorPad-Version
Ec-Rule-Version
Cross-Origin-Window-Policy
X-Debug-Cookies
MD5-Digest
X-Var-Ttl
X-Date
X-A-Dam
X-A-Dcw
X-A-Dgt
X-A-Wwc
X-A-Ccd
X-SRCache-Key
X-G
X-Core-Value
X-External-Request-Id
X-Connection-Hash
X-Accel-Expires-Debug
X-Aed
X-Developers
X-Cache-Expires
X-Cache-Grace
X-CF-Lambda-Fn
X-BB-ID
X-B-Cookie
X-Application
X-ARC
X-DPWN-IS-SECURE
X-A
Www
Node
X-CF-Lambda-Version
X-Hp-Webp
X-Generated-In
N-Cache
X-Trv-Group
Meta-Geo-Continent
X-Debug-Cache-Expiry
X-IN-APIGATEWAY
X-Mobile-URL
X-Transaction
X-Gannett-Site-Version
Request-EU
Request-Time
X-Logtrace-Id
Request-Country
X-D
On-Server
Origin
Rendered-Blocks
X-Debug-Cache-Fetch
Ajk
X-Instart-Isnd
X-Cdn-Forward
X-PAYTM-SRV-ID
X-Region-Sid
X-Platform
X-Rewrite-Enabled
X-Rojux
X-Server-Group
X-Secret
X-ScT
X-S-Cookie
Xc-Version
X-Request-UUID
X-Processor
X-Protected-By
X-Varnish-Beresp-Status
X-Varnish-Ttl
X-Cache-Backend
X-Varnish-Beresp-Grace
Web-Mar-Node
X-LI-Proto
X-LI-UUID
X-Webstats-RespID
UCS
User-Cache-Control
X-SIPLIST1
X-Key
X-Amzn-Remapped-Connection
X-Amzn-Remapped-Date
X-Li-Pop
X-Hnp-Log
X-Location
X-Irp-Debug
Thinkindot-CacheControl
RNT-Machine
RNT-Time
X-Info
X-Matched-Rule
Proxy-Connection
X-Sedo-Request-Id
Server-Cache-Control
Server-Int
X-Swa-Ws
Thinkindot-CacheControl-Type
X-Thinkindot-L3
SRV
Server-Surrogate-Control
X-Ah-Environment
Thinkindot-Control
X-Cache-ASPX
X-LAGOON
X-Qloud-Router
X-Device-Os
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Dispatcher-Server
X-Distil-CS
X-Proxy-Cache-Status
X-SN
X-Eu-Site
X-Epic-Correlation-Id
X-Distributor
X-Proxy-Upstream
X-Li-Fabric
X-Crawler
X-Cache-Id
X-Cache-Info
X-Cache-Host
X-Hash
X-C
X-F5-Cache
X-Cache-Miss-From
Pramga
X-Policy
X-Refresh
X-Cms-Context
X-Gen-Mode
X-Request-URI
X-CGP
X-Block-Status
True-Client-Country-4JS
Fastly-Backend-Name
Fastly-SIE
X-Sf
Country-Code
Content-Disposition
Fastly-Soc-X-Request-Id
X-Varnish-Url
Ha-Gx-Prefs
HA-Ipaddr
X-TT-LOGID
X-Nginx-Cache-Key
X-PHP-Host
X-No-Session
X-Node-Id
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
X-Varnish-Authentication
Apple-News-Services-Host
Apple-News-Services-Handled
Backend
X-Page-Type
CDCHOST
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
Heartbleed
Fastly-SWR
Pagetype
X-Via-SSL
X-Origin-Expires
Magicmarker
Memcached
X-Servername
Lfy
X-Via-Edge
IsBot
X-Origin-Date
Kp-EeAlive
X-FireWall-Port
X-Cdn-Srv
X-GeoIP-Country-Code
X-Sorting-Hat-ShopId
X-Fastly-Cache
X-Cache-FS-Status
X-Cache-Debug
AKAMAI
X-ServiceProvider
Server-Host
X-Sorting-Hat-PodId
X-Server-IP
Platform
X-Reboot
X-Skip-Cache
X-TrackingId
X-Core-Mission
X-Cache-Bucket
X-Wikidot-Backend
SD-X-WS
X-Variation
X-ShopId
X-MSEdge-Features
X-Amz-Meta-Cache-Control
X-WPE-Loopback-Upstream-Addr
X-MSEdge-Flight
Adler-Geo
X-Alternate-Cache-Key
Is-Eu
X-Gateway-Skip-Cache
X-Gateway-Cache-Status
X-S-Maxage
X-Gateway-Cache-Key
X-ShardId
X-Shopify-Stage
X-BBXSRF
Fastly-SSL
X-Bip
X-Geo-Header
X-Backend-Url
X-Thanos
X-Wikidot-Static-Cache
X-Auto-Login
X-Backend-Host
X-Backend-State
X-GZip
X-CACHE-KEY
Section-Io-Cache
X-Generated-On
X-Owner
X-Fetched-On
X-GeoIP-City
X-Micro-Cache
X-Level-Front-Cache
X-User
X-CUA
X-Server-Time
HTTPS
X-Amzn-Remapped-Content-Length
X-RateLimit-Reset
X-Planisys-CDN-Rules
Powered-By
X-Planisys-CDN-Cache
X-Planisys-CDN-TTL
Fastcgi-Useragent
X-Real-Ip
DSUID
X-Varnish-Beresp-Ttl
Server-ID
ServerName
FNAC-ModuleRouting
Pragrma
Cteonnt-Length
X-Stale
X-Passed-To
X-Server-By
X-Org
X-Returned-From
X-Passed-To-PostProcessResponse
X-Svr
X-Passed-To-BeforeDispatch
X-Passed-To-DLL
X-Returned-From-BeforeDispatch
X-Returned-From-DLL
X-Actual-URL
Gh-Request-Id
X-Returned-From-PostProcessResponse
X-Original-Request
X-Load-Cache
X-Dc
X-Nc
X-NC
X-Pjax-Url
X-VServer
X-Croise-Owner
X-Aicache-OS
VivaBuild
Host-ID
X-Parent-Response-Time
X-HS-Cache-Config
X-CDN-Forward
Viewtype
MIME-Version
X-Unique-ID
X-FPC
V-Age
X-Edge-Server
Cdn-Host
Cdn-Request-Time
REQUESTUUID
X-Apm-Svc-Key
X-Apm-App-Name
X-Apm-Inst-Hash
X-Microcachable
X-Ua-Device
X-CSRF-TOKEN
X-Gdpr
Rt-Proxy-Cache
X-Sn-Servicetimems
X-Cdn-Origin
X-ND-Cache
Cache
X-Geo
X-Exp-Se
SID
X-Served-From
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-Oss-Request-Id
X-Oss-Server-Time
X-Oss-Storage-Class
Mime-Version
Time
HostName
X-Wa
X-V
PICS-Label
ProcessTime
X-Servedbyhost
Memory
X-Req
X-From-Cache
X-DC
X-B3-Parentspanid
CF-IPCountry
Wxu-Next-Commit
X-Tb-Optimization-Total-Bytes-Saved
Odigeo-Trace-Id
Wxu-Next-Region
Wxu-Next-Hostname
Resin-Trace
X-Newrelic-Synthetics
X-Git-Hash
AR-SID
X-Cache-HT
X-Optimization
X-HTML-Minification-Powered-By
Cf-Ipcountry
X-Fstrz
Cdn
X-Lb-Id
X-Varnish-Beresp-TTL
X-Release
Public-Key-Pins-Report-Only
X-Response-By
X-Atg-Version
Proxy-Firewall
X-WebServer
X-TH-Server
XServer
GMS-Ver
X-GEO
Processtime
Fastcgi-X-Cache-Version
X-Fastly-Backend-Reqs
X-WR-MODIFICATION
X-LB-ID
X-Ratelimit-Remaining
X-Ratelimit-Limit
X-Instart-Info
X-Phone
X-Vcl-Version
CF-Cached-On
X-Host-Name
X-APP
WZWS-RAY
X-Daa-Tunnel
X-CLOUD-TRACE-CONTEXT
X-CACHE-AGE
X-Amz-Meta-Surrogate-Control
Backend-Name
X-Check-Cacheable
X-Upstream-HT
X-Upstream-CT
X-We-Are-Hiring
X-NGINX-Cache
X-Nananana
Countrycode
GW-Server
X-Clientip
X-Worker
X-UE-Client-Country
Mobile-Detection-Method
X-Vcache
X-WA
X-Ratelimit-Reset
X-Backend-TTL
Xxline
409pxxline
352pxline
188prxHost
178proxuri
X-URL
225prxHost
SN
355prline
X-ID
189phosttRef
219prxHost
286prxHost
X-B3-SpanId
X-HS-Status
SS
X-Fastly-Country-Code
X-Hyper-Cache
X-Zone
Ohc-File-Size
Lb
X-Server-W
X-IPS-LoggedIn
X-ServedByHost
Pics-Label
X-CSRF-Token
Version
DataCenter
FSS-Proxy
X-SERVER-NAME
FSS-Cache
X-PF-Uncompressing
GeoIp-Country-Code
X-HS-Combine-CSS
Geoip-Latitude
X-GZIP
X-Dynatrace
Esi-Enabled
X-Request-Start
X-VCL-Version
X-BE
X-Render-Time
X-UPSTREAM-Address
URI
Geoip-City
GeoIP-Country-Code
GeoIP-Latitude
X-AssetVersion
X-LiteSpeed-Cache-Control
X-Fpc
Ohc-Cache-HIT
X-CS
GeoIP-City
X-Be
WP-Super-Cache
X-Unique-Id
X-PJAX-URL
X-Contensis-Viewer-Groups
X-UCC
X-Akamai-Request-ID2
X-Cdn-Cache
X-GDPR
CDN
X-Via-Ucdn
X-ZONE
X-Gen-Id
Dynatrace
Accept-Language
Amp-Access-Control-Allow-Source-Origin
X-FORWARDED-FOR
X-HostName
X-NWS-UUID-VERIFY
X-Vtex-Processado-Em
X-RequestId
X-Vtex-Remote-Cache
X-SRV
X-Pf-Uncompressing
X-Html-Edge-Cache
Who
X-Varnish-Action
RequestUuid
Cneonction
X-Fastly-Cache-Hits
X-Cache-Ttl
Serverid
X-LiteSpeed-Tag
X-Via-NSCOPI
X-ABtesting
Locale
X-Cache-URL
X-Flog
X-Store
X-Urbn-Context-Path
Server-Id
A
X-Urbn-Site-Id
X-Request-Url
X-Reqid
Accept-Ch
X-Hello
X-Akamai-SSL-Client-Sid
X-NGENIX-Cache
X-Dw-Trace-Id
Get-Access-Time
Ohc-Response-Time
X-Cdn-Request-ID
X-Serial
Frontcache
Is-Session-Tracking
NnCoection
X-Port
X-HTML-Edge-Cache
X-ServerName
X-EC-Lua