Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
X-Powered-By
Link
ETag
CF-RAY
X-XSS-Protection
Expect-CT
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
CF-Cache-Status
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Xss-Protection
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-FRAME-OPTIONS
CF-Ray
X-Drupal-Cache
X-Adblock-Key
Alt-Svc
X-Check
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
X-Cache-Status
X-Request-ID
X-Permitted-Cross-Domain-Policies
X-AspNetMvc-Version
X-DNS-Prefetch-Control
X-Template
X-Language
Status
X-Iinfo
Content-Encoding
Timing-Allow-Origin
X-Buckets
X-Content-Security-Policy
X-CDN
Upgrade
Xkey
X-Turbo-Charged-By
X-Kinja-Server-Push
Keep-Alive
Access-Control-Expose-Headers
X-Backend
X-Pass-Why
X-Cache-Group
P3p
X-AH-Environment
Access-Control-Max-Age
X-Age
X-Drupal-Dynamic-Cache
X-Ua-Compatible
X-Pingback
X-Server
X-Proxy-Cache
X-Via
Grace
X-Amz-Id-2
X-Amz-Request-Id
X-Hacker
WPE-Backend
X-Robots-Tag
X-Varnish-Cache
X-Server-Powered-By
X-Nginx-Cache-Status
X-Page-Speed
X-UA-Device
EagleId
Request-Context
X-Envoy-Upstream-Service-Time
Cf-Railgun
X-Amz-Version-Id
X-LiteSpeed-Cache
X-WebKit-CSP
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Swift-SaveTime
X-Swift-CacheTime
X-Device
Ali-Swift-Global-Savetime
Allow
X-OneAgent-JS-Injection
Server-Timing
X-CST
X-Ac
X-Rq
X-Node
X-Type
X-Host
Feature-Policy
Content-Location
X-Cnection
X-Response-Time
X-Server-Id
Report-To
X-Backend-Server
X-Application-Context
Surrogate-Control
EagleEye-TraceId
X-Cloud-Trace-Context
X-Iejgwucgyu
X-ORACLE-DMS-ECID
X-Readtime
X-Origin-Cache
Request-Id
X-Rack-Cache
X-Url
X-Country
X-FTR-Request-ID
X-Clacks-Overhead
X-Cache-Lookup
X-Country-Code
Rating
NEL
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Instart-Request-ID
Pinterest-Generated-By
X-Upstream-Env
X-Mod-Pagespeed
X-Dns-Prefetch-Control
X-Ruxit-JS-Agent
X-Vhost
X-DynaTrace
X-Origin-Upstream-Status
X-Px
X-DataDome
Edge-Control
X-Goog-Hash
Verso
X-Server-Name
X-ESI
Accept-CH
X-Dispatcher
X-HW
MS-Author-Via
X-GitHub-Request-Id
X-VARITI-CCR
Arc-Version
Charset
PB-RID
PB-PID
X-Mobile-Rewrite
X-MS-InvokeApp
AR-ATIME
AR-CACHE
AR-PoweredBy
X-Cdn-Fetch
X-DataStream-Cache-Status
X-Kinja-Build
X-Kinja-Revision
X-Kinja-Server
X-Use-Magma
X-GoogleNews-Bot
X-Kinja
X-Exp-Id
X-ORACLE-DMS-RID
X-Exp-Variant
X-Version
X-Cached
Content-MD5
X-Powered-By-Plesk
X-Recruiting
Public-Key-Pins
X-Server-ID
Service-Worker-Allowed
Accept-CH-Lifetime
X-D2id
AR-Request-ID
X-Navigation-Version
X-Vname
X-TtlSet
X-PC
RTSS
X-Abt-Application-Version
Ar-Sid
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Ser
X-TTL
X-Trace
X-Varnish-TTL
X-Forwarded-Proto
SPRequestGuid
X-Client-IP
X-Vcap-Request-Id
X-Amz-Server-Side-Encryption
X-DynaTrace-JS-Agent
X-FTR-Realm
X-Country-Code-Real
X-FTR-Balancer
X-FTR-DC
X-FTR-Backend-Server
X-FTR-Cache-Status
X-FTR-Backend
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-SharePointHealthScore
X-FTR-Expires
X-Amz-Rid
X-Fastly-Request-ID
Nginx-Cache
S
X-Amz-Meta-S3cmd-Attrs
Arr-Disable-Session-Affinity
X-Debug
X-Oracle-Dms-Rid
X-Shield-Request-Id
TCN
X-VCache
X-Dw-Request-Base-Id
X-Hits
X-XRDS-Location
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Upstream-Proxy
X-Pinterest-Rid
Pinterest-Version
SPRequestDuration
X-Ttl
SPIisLatency
X-Id
X-Akam-SW-Version
DynaTrace
Access-Control-Request-Method
X-T
X-FTR-Cache-Host
X-Goog-Storage-Class
X-B3-TraceId
Front-End-Https
X-Powered-CMS
X-SERVER
X-NF-Request-ID
X-Acc-Meta-Resource-Type
Realpath
Tracecode
X-Amzn-Trace-Id
X-MSEdge-Ref
Fastcgi-Cache
X-N
Paypal-Debug-Id
X-Aspnet-Version
X-Varnish-Age
X-Forwarded-For
X-Content-Type
Alternate-Protocol
X-Upstream
X-B3-TraceId-Primal
Mrf-Cache-Status
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
MRF-Tech
X-RateLimit-Remaining
X-Sol
Display
X-Middleton-Display
X-Frontend
X-PressLabs-Stats
X-Logged-In
X-Content-Digest
X-HS-Content-Id
X-HS-Hub-Id
Fusion-Template-Id
Fusion-Component-Id
Fusion-Source
Fusion-Content-Id
Fusion-Content-Source
Response
X-Middleton-Response
AMP-Access-Control-Allow-Source-Origin
X-Srv
X-Accel-Buffering
X-Litespeed-Cache
X-Hostname
X-Fastcgi-Cache
X-Kinsta-Cache
X-Pad
X-Cache-Key
Server-Name
MicrosoftSharePointTeamServices
X-Accel-Expires
X-User-Agent
X-Content-Options
Host
X-Analytics
Backend-Timing
Refresh
X-Correlation-Id
X-LB-Cache
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
X-DIS-Request-ID
X-B3-Traceid
X-Revision
X-Az
X-AppVersion
X-IPLB-Instance
X-Activity-Id
X-B
X-Debug-Info
X-Amz-Apigw-Id
Accept-Charset
X-Rid
X-Amzn-RequestId
FilterID
X-Cache-Hit
X-Cache-2
ServerID
X-B3-Sampled
Powered-By-ChinaCache
X-Grace
X-CF-Powered-By
Surrogate-Key
X-FastCGI-Cache
X-Page-Id
X-Ruxit-Js-Agent
X-Whom
Server-Info
X-PHP-Backend
X-Request-Received
Host-Header
MS-CV
X-Request-Processing-Time
TP-Cache
TP-L2-Cache
X-Content-Security-Policy-Report-Only
X-Varnish-Backend
X-Amz-Replication-Status
Source
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Akamai-Edgescape
X-TT
X-Framework
X-UA-Device-Type
X-Cluster
X-Origin-Server
X-Cache-Action
X-Tumblr-Pixel-0
X-Tumblr-User
X-Tumblr-Pixel
X-F-Cache
X-Cached-By
X-Mobile
X-Webkit-CSP
X-App-Environment
X-Varnish-Grace
Cache-Status
X-FW-Serve
X-FW-Server
X-FW-Hash
X-Kong-Upstream-Latency
X-FW-Type
X-Instance
X-Drupal-Cache-Tags
X-Kong-Proxy-Latency
X-FW-Static
X-Content-Powered-By
Access-Control-Allow-Method
X-Request-Guid
X-Platform-Server
X-SS-Set-Cookie
X-Zen-Fury
X-Magnolia-Registration
X-Shard
X-Geo-Country
X-Ezoic-Cdn
X-Handled-By
X-RateLimit-Limit
X-FB-Debug
X-Cache-TTL
X-Forwarded-Host
X-ATG-Version
Edge-Cache-Tag
CACHE
From-Origin
X-Oneagent-Js-Injection
X-App-Server
X-GUploader-UploadID
X-Cache-Age
X-Node-Name
DC
X-Varnish-Server
X-Varnish-Hostname
Cleartype
X-Wix-Server-Artifact-Id
PageSpeed
Cache-Tags
X-AOL-HN
X-XRDS-LOCATION
X-BCube-Filmed-By
X-Cache-Control
Payment
X-Region
X-Response-Served-From
Upgrade-Insecure-Requests
X-RequestSource
X-WebKit-CSP-Report-Only
Filters
X-Generated-By
X-Adobe-Content
X-TX-ID
Healthy
X-Adobe-Loc
X-GeoIP
NGB
X-Signature
Ms-Operation-Id
X-UUID
X-TT-TIMESTAMP
X-B-Cache
Country
X-RTag
Cache-Tv-Group
Retry-After
X-Tumblr-Pixel-1
X-Redis-Cache
Webserver
X-Jobs
X-Tumblr-Pixel-2
X-FW-Dynamic
Server-Node
X-Content-Age
Actual-Object-TTL
GEO-INFO
X-VG-WebCache
X-Storage
X-Varnish-Hits
X-Drupal-Cache-Contexts
X-Locale
X-Seen-By
X-Cacheable-TTL
ServedBy
Liferay-Portal
Fastly-Restarts
X-Cache-Rule
X-Via-JSL
X-Contextid
X-Guploader-Uploadid
X-Rendered-As
Powered
Frame-Options
HitType
X-Cache-TTL-Remaining
X-Varnish-IP
X-BACKEND-TTL
X-Real-IP
X-TA-CDN-Provider
Viewport
S-Cnection
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-WA-Info
Content-Style-Type
Content-Script-Type
X-Cache-Server
X-Upgrade-Enabled
X-Wix-Request-Id
ViewerVersion
Datacenter
X-ProcessESI
X-RemovedCookies
X-Time
Eomportal-Instance
X-Cache-Config
X-Dynatrace-Js-Agent
X-Mode
Xserver
X-GRACE
X-Esi
X-NewRelic-App-Data
NtCoent-Length
X-Cache-NE
X-Detected-As
Cache-Hits
Machine
X-Endurance-Cache-Level
X-Device-Type
X-Akamai-Transformed
X-Varnish-Cache-Hits
X-Zipkin-Id
X-RN-RSRV
X-Cache-Var
X-Is-Bot
X-Hl-Ver
X-ES-SERVER
Meta-Geo
X-Path-Route
X-Proxied
X-Cache-Var-Map
X-Proto
X-Routing-Service
Load-Balancing
TWC-GeoIP-LatLong
TWC-GeoIP-Country
TWC-Locale-Group
TWC-Privacy
We-Hiring
Vix-Hermes-Req-Id
TWC-Device-Class
TWC-Connection-Speed
L5d-Success-Class
Cache-Key
Mail-Subject
OT-Force-Account-Verify
Property-Id
Webcakes-App-Name
Webcakes-App-Version
X-Viewer-Country
X-Origin-Hint
X-VWS-Id
Mn-Server-Ip
X-From
X-LJ-Flow-ID
X-L-Path
X-AWS-Id
Webcakes-Region
X-Backend-Name
X-Cache-Enabled
X-Hosted-By
Access-Control-Request-Headers
X-Environment-Context
X-S
X-Access
X-Akamai-Request-ID
X-Birta-Cache-Post
Now
X-Birta-Served
DB-Nickname
Azure-RegionName
Azure-SiteName
Azure-SlotName
Azure-Version
X-EIG-Tracking-Id
X-FW-Version
X-Tb
X-TNCMS
X-VG-TLSProxy
X-FC-Vary-Parameters
X-Status
X-ServerID
X-Origin-Response-Time
X-Proxy
X-Section
Azure-InstanceId
X-Loop
X-Varnish-Cacheable
X-ProxyCache-Status
X-Labrador-Cache-Channel
X-Via-Fastly
X-Timing-Wait
X-Proxy-Build
S-Rt
X-NCache
X-IP
X-JoinUs
X-ProxyCache-Key
X-Trace-Id
Selected-FE
X-CCM
X-Xfnlog-Site
X-Time-Microsecs
Origin-Cache-Control
X-Via-CDN
Origin-Edge-Control
X-Debug-Cache
X-BYPASS-REASON
Decoy-Debug-TTL
X-Web-Node
Decoy-Debug-Status
Decoy-Debug-Key
X-Format
X-Tumblr-Pixel-3
NGX
Cache-Tag
X-Cdn
X-Internal-Host
X-Www-Served-By
X-FB-TRIP-ID
X-Grey
X-Cache-Category-Id
X-Site-Version
X-OCL
X-MP-GENERATED-AT
X-Generated
Served-By
X-Human
Uber-Trace-Id
X-PCL
X-CDN-Cache
X-Vgn-Hpd-Reason
X-Rocket-Nginx-Bypass
X-Origin-Host
X-VC-Cache
X-Cache-Operation
X-R9-Blue-Green-Version
X-EdgeConnect-Cache-Status
AsisCache
LB
X-Rule
X-Sucuri-ID
Pagespeed
X-UA
X-NWS-LOG-UUID
User-Agent
X-Newrelic-App-Data
X-RCS-CacheZone
X-Cluster-Node
X-Cache-Remote
Rt-Fastcgi-Cache
Release
X-UnsetCookies
X-App-Name
X-PERF
X-ApacheServer
Hostname
Nel
X-B3-Spanid
X-Agile
X-Agile-Id
X-Agile-Age
X-Nginx-Cache
X-TIME
X-App-Version
X-Varnish-Ttl
X-Datadome
X-Ua
Cache-Name
X-Source
X-Edge-Location
X-Request-Time
X-APP-VERSION
X-Edge-IP
X-Pubstack
X-Ocache
X-Cdn-Forward
X-Goog-Meta-Goog-Reserved-File-Mtime
Warning
X-Sucuri-Cache
X-Hit
X-CACHE-KEY
X-Protected-By
X-OVcl-Cache
X-OVcl
X-Origin
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
MD5-Digest
Fly-Request-Id
Fly-Cache
Cross-Origin-Window-Policy
Meta-Geo-Continent
BehaviorPad-Version
Arc-Country
Cache-Prefix
Ec-Rule-Version
Rendered-Blocks
Thinkindot-CacheControl
Server-Surrogate-Control
X-A-Ccd
Thinkindot-CacheControl-Type
Thinkindot-Control
X-A
Www
UCS
Server-Cache-Control
Request-Time
Origin
On-Server
Node
Request-Country
X-A-Wwc
X-A-Dam
Request-EU
X-A-Dgt
N-Cache
X-Cache-ASPX
X-Thinkindot-L3
X-Transaction
X-Date
X-Debug-Cookies
X-Debug-Log
X-Trv-Group
X-Twitter-Response-Tags
X-Matched-Rule
X-D
X-Var-Ttl
X-Logtrace-Id
X-Instart-Isnd
X-SRCache-Key
X-Destination
X-G
X-External-Request-Id
X-IN-APIGATEWAY
X-Hp-Webp
X-Rojux
X-IN-WAF
X-DPWN-IS-SECURE
X-Developer
X-Server-Group
X-Developers
X-ScT
X-S-Cookie
X-Core-Value
X-Connection-Hash
X-Origin-TTL
X-PAYTM-SRV-ID
X-ARC
X-B-Cookie
X-Origin-CC
X-Processor
X-Region-Sid
X-Accel-Expires-Debug
X-Rewrite-Enabled
X-Aed
X-Application
X-Request-UUID
X-BB-ID
X-Generated-In
X-NodeID
X-CF-Lambda-Fn
X-CF-Lambda-Version
Ajk
X-Mobile-URL
X-Varnish-Authentication
X-VCT
X-NU-AKA-ACS-Version
X-NX-Host
X-Cache-Expires
X-Cache-Grace
X-VG-WebServer
Xc-Version
X-A-Dcw
X-ElasticPress-Search
SRV
X-Cache-Backend
RNT-Time
RNT-Machine
X-Eu-Site
X-Distributor
Server-Int
X-Distil-CS
Server-Host
X-F5-Cache
X-Dispatcher-Server
X-Sedo-Request-Id
X-Refresh
X-Reboot
X-Info
X-Rebelmouse-Surrogate-Control
X-Request-URI
X-Hash
Proxy-Connection
Pramga
X-Secret
X-Gannett-Site-Version
X-Device-Os
X-ServiceProvider
X-Cache-Miss-From
X-Swa-Ws
X-SIPLIST1
X-CGP
X-Cache-Info
X-Cache-Id
X-PHP-Host
X-C
X-Cache-Debug
X-Cache-Host
X-Cms-Context
X-Sf
X-Debug-Cache-Store
True-Client-Country-4JS
X-Varnish-Url
X-Irp-Debug
X-Debug-Cache-Fetch
X-Debug-Cache-Expiry
X-TT-LOGID
X-Crawler
X-Up
X-Webstats-RespID
X-Geo-Header
Fastly-Backend-Name
Memcached
X-Origin-Expires
X-Nginx-Cache-Key
X-Policy
Fastly-SIE
X-RateLimit-Limit-Second
Fastly-SWR
X-Qloud-Router
Fastly-Soc-X-Request-Id
Country-Code
Content-Disposition
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
X-Origin-Date
X-Proxy-Cache-Status
Cache-Cookie-Set-Lfrom
X-Proxy-Upstream
X-No-Session
X-Node-Id
CDCHOST
Backend
X-RateLimit-Remaining-Second
IsBot
X-Rebelmouse-Cache-Control
X-Location
Kp-EeAlive
Lfy
X-Page-Type
Magicmarker
Heartbleed
X-Li-Fabric
HA-Ipaddr
X-Li-Pop
AKAMAI
X-Platform
X-LI-Proto
Ha-Gx-Prefs
X-LI-UUID
X-Shopify-Stage
X-Sorting-Hat-PodId
X-Planisys-CDN-TTL
X-Cdn-Srv
X-Cache-FS-Status
X-SN
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-MSEdge-Features
X-S-Maxage
X-Level-Front-Cache
X-Generated-On
X-Bip
X-LAGOON
X-GeoIP-City
X-Fetched-On
X-Fastly-Cache
X-Core-Mission
X-ShardId
X-MSEdge-Flight
Section-Io-Cache
X-Epic-Correlation-Id
X-Servername
X-ShopId
X-BBXSRF
X-Variation
X-Real-Ip
X-Gen-Mode
X-Wikidot-Backend
X-Hnp-Log
X-Key
X-WPE-Loopback-Upstream-Addr
X-Via-SSL
X-User
X-Wikidot-Static-Cache
Pagetype
Web-Mar-Node
X-Amzn-Remapped-Connection
X-Amzn-Remapped-Date
Platform
User-Cache-Control
X-Block-Status
SD-X-WS
X-Sorting-Hat-ShopId
Is-Eu
X-Via-Edge
Apple-News-Services-Request-Url
X-Amzn-Remapped-Content-Length
Fastcgi-Useragent
X-Ah-Environment
X-Auto-Login
Apple-News-Services-Handled
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
X-Amz-Meta-Cache-Control
X-Varnish-Beresp-Ttl
Adler-Geo
HTTPS
X-Backend-State
X-Thanos
X-Alternate-Cache-Key
Fastly-SSL
X-GZip
X-FireWall-Port
X-Owner
X-Cache-Bucket
X-TrackingId
Powered-By
X-Micro-Cache
X-GeoIP-Country-Code
X-Gateway-Cache-Status
X-Gateway-Cache-Key
X-Gateway-Skip-Cache
X-Backend-Url
X-Backend-Host
X-Skip-Cache
X-CUA
X-Server-IP
X-Server-Time
X-Nc
X-Dc
Pragrma
X-RateLimit-Reset
Server-ID
Cteonnt-Length
DSUID
X-Org
X-Actual-URL
X-Svr
X-Stale
X-Passed-To
ServerName
X-Passed-To-DLL
X-Passed-To-BeforeDispatch
X-Passed-To-PostProcessResponse
X-Original-Request
FNAC-ModuleRouting
X-Returned-From-BeforeDispatch
X-Returned-From-PostProcessResponse
X-Returned-From-DLL
X-Server-By
X-Returned-From
X-Load-Cache
X-Aicache-OS
X-HS-Cache-Config
X-Unique-ID
X-VServer
Viewtype
REQUESTUUID
X-Pjax-Url
Host-ID
X-Croise-Owner
Gh-Request-Id
VivaBuild
X-CDN-Forward
X-Microcachable
Cdn-Request-Time
Cdn-Host
X-Edge-Server
Mime-Version
X-Cdn-Origin
V-Age
X-NC
X-Parent-Response-Time
X-Apm-App-Name
X-Apm-Inst-Hash
X-FPC
X-Apm-Svc-Key
X-Sn-Servicetimems
X-Gdpr
X-Exp-Se
X-ND-Cache
Rt-Proxy-Cache
X-CSRF-TOKEN
X-Geo
X-Oss-Hash-Crc64ecma
SID
MIME-Version
X-Ua-Device
X-Oss-Request-Id
X-Oss-Object-Type
X-Oss-Storage-Class
X-Oss-Server-Time
X-V
ProcessTime
X-Served-From
Time
Memory
X-Servedbyhost
PICS-Label
X-Req
X-Wa
X-From-Cache
X-B3-Parentspanid
X-URL
Cache
Odigeo-Trace-Id
Cf-Ipcountry
Resin-Trace
X-HTML-Minification-Powered-By
X-Tb-Optimization-Total-Bytes-Saved
Wxu-Next-Region
Wxu-Next-Hostname
Wxu-Next-Commit
HostName
AR-SID
X-DC
Cdn
X-Optimization
X-Git-Hash
X-Cache-HT
X-Newrelic-Synthetics
CF-IPCountry
X-Lb-Id
X-Fstrz
Public-Key-Pins-Report-Only
X-Response-By
X-Vcache
X-GEO
X-Release
GMS-Ver
X-Ratelimit-Remaining
Fastcgi-X-Cache-Version
X-Atg-Version
X-Varnish-Beresp-TTL
X-WebServer
X-TH-Server
Proxy-Firewall
XServer
X-Fastly-Backend-Reqs
WZWS-RAY
X-Ratelimit-Limit
X-WR-MODIFICATION
Processtime
X-Phone
X-LB-ID
X-Vcl-Version
X-Daa-Tunnel
X-Host-Name
X-Amz-Meta-Surrogate-Control
X-APP
X-CACHE-AGE
X-CLOUD-TRACE-CONTEXT
X-Check-Cacheable
Mobile-Detection-Method
GW-Server
X-We-Are-Hiring
Countrycode
X-Clientip
CF-Cached-On
X-UE-Client-Country
Backend-Name
X-Instart-Info
X-Upstream-HT
X-Zone
X-Upstream-CT
X-HS-Status
SS
X-Worker
X-Hyper-Cache
X-WA
X-NGINX-Cache
Ohc-File-Size
Xxline
225prxHost
352pxline
219prxHost
355prline
409pxxline
188prxHost
X-Ratelimit-Reset
X-ServedByHost
178proxuri
SN
X-Server-W
189phosttRef
286prxHost
X-Fastly-Country-Code
X-Nananana
X-ID
Pics-Label
Lb
X-PF-Uncompressing
GeoIp-Country-Code
Geoip-Latitude
FSS-Proxy
FSS-Cache
X-CSRF-Token
X-IPS-LoggedIn
X-Backend-TTL
X-HS-Combine-CSS
Version
X-B3-SpanId
DataCenter
X-SERVER-NAME
Geoip-City
X-VHOST
X-UPSTREAM-Address
X-Dynatrace
X-GZIP
URI
Ohc-Cache-HIT
X-HostName
Esi-Enabled
X-Be
X-BE
X-Request-Start
X-Fpc
X-Render-Time
X-Contensis-Viewer-Groups
X-VCL-Version
X-CS
X-UCC
X-Gen-Id
X-LiteSpeed-Cache-Control
WP-Super-Cache
X-AssetVersion
X-Unique-Id
GeoIP-City
GeoIP-Latitude
X-GDPR
X-PJAX-URL
GeoIP-Country-Code
X-Via-Ucdn
X-Varnish-Action
X-Akamai-Request-ID2
CDN
Who
Amp-Access-Control-Allow-Source-Origin
X-FORWARDED-FOR
Dynatrace
RequestUuid
Cneonction
X-NGENIX-Cache
X-Fastly-Cache-Hits
X-Html-Edge-Cache
Accept-Language
X-SRV
X-Vtex-Remote-Cache
X-Cache-URL
X-RequestId
X-Pf-Uncompressing
X-Vtex-Processado-Em
X-Cdn-Cache
Serverid
X-ZONE
X-Cache-Ttl
X-Via-NSCOPI
X-Urbn-Site-Id
X-Urbn-Context-Path
X-Hello
X-ABtesting
X-LiteSpeed-Tag
X-Flog
Locale
X-Reqid
Server-Id
X-NWS-UUID-VERIFY
X-Request-Url
X-Store
Accept-Ch
A
X-Akamai-SSL-Client-Sid
X-Dw-Trace-Id
Is-Session-Tracking
Ohc-Response-Time
Get-Access-Time
X-Port
RequestId
X-EC-Lua
NnCoection
X-Cdn-Request-ID
X-HTML-Edge-Cache
X-ServerName
Frontcache
X-Serial