Threat Level: green Handler on Duty: Renato Marinho

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
X-Powered-By
Link
ETag
CF-RAY
X-XSS-Protection
Expect-CT
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-Cache-Hits
X-UA-Compatible
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
CF-Cache-Status
X-Timer
Access-Control-Allow-Headers
X-Request-Id
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-Xss-Protection
X-Drupal-Cache
X-Adblock-Key
Alt-Svc
X-Check
X-Cacheable
X-Request-ID
Content-Security-Policy-Report-Only
X-Cache-Status
X-Generator
CF-Ray
X-Permitted-Cross-Domain-Policies
X-DNS-Prefetch-Control
X-AspNetMvc-Version
X-Template
X-Language
Status
X-Iinfo
Content-Encoding
Timing-Allow-Origin
X-Buckets
X-FRAME-OPTIONS
X-Content-Security-Policy
Upgrade
X-CDN
Xkey
X-Turbo-Charged-By
X-Kinja-Server-Push
X-Ua-Compatible
Keep-Alive
Access-Control-Expose-Headers
X-Backend
X-Cache-Group
X-Pass-Why
Access-Control-Max-Age
X-AH-Environment
P3p
X-Drupal-Dynamic-Cache
X-Age
X-Pingback
X-Server
X-Via
X-Proxy-Cache
Grace
X-Amz-Id-2
X-Amz-Request-Id
X-Hacker
WPE-Backend
X-Varnish-Cache
X-Robots-Tag
X-Server-Powered-By
X-Nginx-Cache-Status
X-Page-Speed
EagleId
X-UA-Device
Request-Context
X-Envoy-Upstream-Service-Time
Cf-Railgun
X-Amz-Version-Id
X-LiteSpeed-Cache
X-WebKit-CSP
X-Swift-SaveTime
X-Swift-CacheTime
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-OneAgent-JS-Injection
X-Device
Ali-Swift-Global-Savetime
Allow
Server-Timing
X-Ac
X-Rq
X-Node
X-Host
X-CST
Content-Location
Feature-Policy
X-Cnection
X-Response-Time
X-Server-Id
Report-To
X-Type
X-Backend-Server
X-Cloud-Trace-Context
X-Application-Context
EagleEye-TraceId
Surrogate-Control
X-Iejgwucgyu
X-ORACLE-DMS-ECID
X-Url
X-Readtime
X-Origin-Cache
Request-Id
X-Rack-Cache
X-Country
X-FTR-Request-ID
X-Clacks-Overhead
X-Cache-Lookup
X-Country-Code
Rating
NEL
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Instart-Request-ID
X-Vhost
X-DynaTrace
X-Ruxit-JS-Agent
Pinterest-Generated-By
X-Mod-Pagespeed
X-Origin-Upstream-Status
X-DataDome
X-Px
X-Upstream-Env
Edge-Control
X-Goog-Hash
Verso
X-Server-Name
X-ESI
Accept-CH
X-HW
X-Dispatcher
MS-Author-Via
X-VARITI-CCR
AR-ATIME
AR-CACHE
AR-PoweredBy
X-GitHub-Request-Id
X-DataStream-Cache-Status
Arc-Version
PB-RID
PB-PID
X-Mobile-Rewrite
X-MS-InvokeApp
X-ORACLE-DMS-RID
X-Kinja
X-Kinja-Build
X-Exp-Variant
X-Exp-Id
X-Kinja-Revision
X-Kinja-Server
X-GoogleNews-Bot
X-Cdn-Fetch
X-Use-Magma
X-Cached
Charset
X-Version
Content-MD5
X-Powered-By-Plesk
Public-Key-Pins
X-Server-ID
X-Recruiting
X-Dns-Prefetch-Control
Service-Worker-Allowed
AR-Request-ID
X-TTL
Accept-CH-Lifetime
RTSS
Ar-Sid
X-Abt-Application-Version
X-D2id
X-Navigation-Version
X-Vname
X-PC
X-TtlSet
X-Ser
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Amz-Server-Side-Encryption
X-Vcap-Request-Id
X-Trace
X-Varnish-TTL
X-Forwarded-Proto
SPRequestGuid
X-Client-IP
Nginx-Cache
X-FTR-Balancer
X-FTR-Realm
X-Goog-Stored-Content-Length
X-FTR-DC
X-FTR-Cache-Status
X-Country-Code-Real
X-FTR-Backend
X-Goog-Stored-Content-Encoding
X-FTR-Backend-Server
X-Goog-Metageneration
X-DynaTrace-JS-Agent
X-Goog-Generation
X-FTR-Expires
X-VCache
X-Amz-Rid
X-Fastly-Request-ID
X-SharePointHealthScore
S
X-Amz-Meta-S3cmd-Attrs
X-Debug
X-Oracle-Dms-Rid
TCN
Arr-Disable-Session-Affinity
X-Shield-Request-Id
X-Hits
X-Dw-Request-Base-Id
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
DynaTrace
X-XRDS-Location
X-Upstream-Proxy
SPRequestDuration
SPIisLatency
X-Pinterest-Rid
Pinterest-Version
X-Akam-SW-Version
Access-Control-Request-Method
X-T
X-B3-TraceId
X-Goog-Storage-Class
X-Powered-CMS
X-FTR-Cache-Host
Front-End-Https
X-SERVER
X-NF-Request-ID
X-Acc-Meta-Resource-Type
Tracecode
Realpath
X-Amzn-Trace-Id
X-MSEdge-Ref
X-Id
X-Ttl
X-Aspnet-Version
X-N
Fastcgi-Cache
X-Varnish-Age
Paypal-Debug-Id
X-Forwarded-For
X-Content-Type
X-Upstream
X-Mrf-Section-Lastmod
Mrf-Cache-Status
X-Mrf-Item-Lastmod
MRF-Tech
Alternate-Protocol
X-B3-TraceId-Primal
X-Frontend
X-Logged-In
X-RateLimit-Remaining
X-HS-Content-Id
X-Fastcgi-Cache
X-HS-Hub-Id
Fusion-Content-Source
Fusion-Content-Id
Fusion-Component-Id
Display
Fusion-Template-Id
Fusion-Source
X-Content-Digest
X-Sol
X-Middleton-Display
X-PressLabs-Stats
AMP-Access-Control-Allow-Source-Origin
Response
X-Middleton-Response
X-Hostname
X-Litespeed-Cache
X-Srv
X-Pad
X-Accel-Expires
X-Cache-Key
X-Kinsta-Cache
MicrosoftSharePointTeamServices
X-Accel-Buffering
Server-Name
Host
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
Backend-Timing
X-Analytics
X-Content-Options
X-User-Agent
X-Correlation-Id
X-B3-Traceid
X-Revision
X-Debug-Info
X-LB-Cache
X-AppVersion
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Az
X-Activity-Id
FilterID
Refresh
X-Cdn
X-Rid
X-IPLB-Instance
Accept-Charset
X-Cache-2
X-B3-Sampled
X-Cache-Hit
Surrogate-Key
Powered-By-ChinaCache
X-DIS-Request-ID
X-B
X-Grace
X-CF-Powered-By
X-Ruxit-Js-Agent
ServerID
X-Page-Id
X-Whom
Server-Info
TP-Cache
TP-L2-Cache
X-PHP-Backend
MS-CV
Host-Header
X-Request-Processing-Time
X-Request-Received
X-FastCGI-Cache
X-Cached-By
X-Content-Security-Policy-Report-Only
X-Varnish-Backend
X-Kong-Proxy-Latency
VIX-Pulpo-Upstream-Status
X-TT
VIX-Pulpo-Node
X-Kong-Upstream-Latency
X-Amz-Replication-Status
Source
X-Akamai-Edgescape
X-Framework
X-Origin-Server
X-Cache-Action
X-UA-Device-Type
X-Cluster
X-App-Environment
X-Webkit-CSP
X-Mobile
Access-Control-Allow-Method
X-Platform-Server
X-Content-Powered-By
Cache-Status
X-Tumblr-Pixel-0
X-Drupal-Cache-Tags
X-F-Cache
X-Request-Guid
X-Varnish-Grace
X-Tumblr-Pixel
X-Tumblr-User
X-FW-Type
X-FW-Server
X-Instance
X-FW-Serve
X-FW-Hash
X-FW-Static
X-Zen-Fury
X-FB-Debug
X-Ezoic-Cdn
X-Shard
X-SS-Set-Cookie
X-Geo-Country
X-Handled-By
X-GUploader-UploadID
X-Cache-TTL
X-Forwarded-Host
X-Magnolia-Registration
X-RateLimit-Limit
Edge-Cache-Tag
X-Node-Name
From-Origin
X-ATG-Version
X-Cache-Age
PageSpeed
X-Varnish-Hostname
X-App-Server
X-Varnish-Server
DC
Cleartype
Cache-Tags
X-BCube-Filmed-By
CACHE
X-AOL-HN
X-Cache-Control
X-XRDS-LOCATION
Payment
Upgrade-Insecure-Requests
Healthy
X-Generated-By
X-WebKit-CSP-Report-Only
X-Region
Filters
X-Response-Served-From
X-Adobe-Content
X-Adobe-Loc
X-TX-ID
Fastly-Restarts
Server-Node
Ms-Operation-Id
X-Cache-Rule
X-VG-WebCache
X-UUID
X-RequestSource
X-Redis-Cache
Cache-Tv-Group
X-Storage
X-RTag
X-GeoIP
Webserver
Country
NGB
X-Drupal-Cache-Contexts
Actual-Object-TTL
X-Signature
X-FW-Dynamic
X-Jobs
X-B-Cache
X-TT-TIMESTAMP
Retry-After
X-Locale
X-Cacheable-TTL
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-Varnish-Hits
X-Content-Age
GEO-INFO
X-TA-CDN-Provider
ServedBy
Powered
Liferay-Portal
X-Contextid
X-Seen-By
Frame-Options
X-Wix-Server-Artifact-Id
HitType
X-Rendered-As
X-Oneagent-Js-Injection
X-Via-JSL
X-Cache-TTL-Remaining
X-Varnish-IP
X-Guploader-Uploadid
X-WA-Info
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Real-IP
X-BACKEND-TTL
S-Cnection
Viewport
X-ProcessESI
X-RemovedCookies
Eomportal-Instance
X-Cache-NE
X-Upgrade-Enabled
NtCoent-Length
X-Cache-Server
Content-Style-Type
Content-Script-Type
X-Mode
Datacenter
X-Esi
X-GRACE
X-Dynatrace-Js-Agent
Xserver
X-Cache-Config
X-Akamai-Transformed
X-Detected-As
X-Cache-Var-Map
X-Device-Type
X-Cache-Var
X-ES-SERVER
X-Hl-Ver
X-From
X-Varnish-Cache-Hits
OT-Force-Account-Verify
X-Zipkin-Id
X-Proto
Load-Balancing
Machine
Meta-Geo
X-Path-Route
X-Proxied
Cache-Hits
X-Is-Bot
X-S
X-RN-RSRV
X-Time
X-Routing-Service
Cache-Key
Vix-Hermes-Req-Id
X-AWS-Id
X-Hosted-By
Mail-Subject
X-FC-Vary-Parameters
X-Tb
X-Cache-Operation
L5d-Success-Class
Mn-Server-Ip
X-Environment-Context
We-Hiring
X-VG-TLSProxy
X-LJ-Flow-ID
X-L-Path
X-Cache-Enabled
X-VWS-Id
X-Viewer-Country
X-Debug-Cache
Origin-Cache-Control
X-Loop
X-EIG-Tracking-Id
X-Labrador-Cache-Channel
X-Birta-Cache-Post
X-Birta-Served
Access-Control-Request-Headers
NGX
X-ServerID
X-Web-Node
X-TNCMS
Origin-Edge-Control
X-FW-Version
S-Rt
X-Proxy
X-Backend-Name
X-Time-Microsecs
X-FB-TRIP-ID
Now
DB-Nickname
X-Access
X-Akamai-Request-ID
Azure-SiteName
Azure-Version
Azure-RegionName
Selected-FE
Azure-SlotName
Azure-InstanceId
X-Varnish-Cacheable
X-BYPASS-REASON
X-ProxyCache-Key
X-Proxy-Build
X-Origin-Response-Time
X-ProxyCache-Status
X-Section
X-Via-Fastly
X-Via-CDN
X-Trace-Id
X-Timing-Wait
X-OCL
X-PCL
X-Human
X-Format
Cache-Tag
X-IP
X-CCM
X-NCache
X-JoinUs
X-Xfnlog-Site
X-Rocket-Nginx-Bypass
X-Vgn-Hpd-Reason
X-Tumblr-Pixel-3
TWC-GeoIP-LatLong
X-Www-Served-By
TWC-Locale-Group
TWC-GeoIP-Country
TWC-Device-Class
TWC-Privacy
Webcakes-App-Name
X-Grey
X-Generated
X-Cache-Category-Id
X-Origin-Hint
Webcakes-Region
X-Status
X-Site-Version
Webcakes-App-Version
TWC-Connection-Speed
Decoy-Debug-TTL
X-Endurance-Cache-Level
Decoy-Debug-Key
Property-Id
Decoy-Debug-Status
X-MP-GENERATED-AT
X-NWS-LOG-UUID
Uber-Trace-Id
X-Wix-Request-Id
ViewerVersion
X-RCS-CacheZone
Served-By
X-CDN-Cache
X-Internal-Host
X-EdgeConnect-Cache-Status
X-R9-Blue-Green-Version
X-VC-Cache
X-Newrelic-App-Data
X-Rule
X-UA
X-NewRelic-App-Data
X-Cache-Remote
X-UnsetCookies
LB
AsisCache
X-Origin-Host
Release
X-Sucuri-ID
X-Cluster-Node
Rt-Fastcgi-Cache
X-TIME
Nel
X-App-Name
Pagespeed
X-ApacheServer
X-PERF
User-Agent
X-Source
X-Nginx-Cache
X-Agile
X-Varnish-Ttl
X-Agile-Age
X-APP-VERSION
X-Agile-Id
X-B3-Spanid
X-Datadome
X-Ua
X-Request-Time
Hostname
Cache-Name
X-App-Version
X-Origin
X-Goog-Meta-Goog-Reserved-File-Mtime
X-OVcl-Cache
X-Hit
X-OVcl
X-Edge-Location
X-VCT
X-Pubstack
Warning
X-Origin-CC
X-Origin-TTL
X-Cdn-Forward
X-Edge-IP
BehaviorPad-Version
X-IN-WAF
Cache-Prefix
X-IN-APIGATEWAY
X-PAYTM-SRV-ID
X-NX-Host
X-Hp-Webp
Arc-Country
X-Ocache
X-Instart-Isnd
X-Mobile-URL
X-Cache-ASPX
X-Matched-Rule
X-Logtrace-Id
X-Sucuri-Cache
X-Core-Value
X-NodeID
X-Connection-Hash
Ajk
X-NU-AKA-ACS-Version
X-A-Dcw
X-Developer
X-Destination
Server-Cache-Control
X-A-Ccd
Request-Time
Rendered-Blocks
Request-Country
Request-EU
X-Debug-Log
Server-Surrogate-Control
UCS
X-Debug-Cache-Fetch
X-Debug-Cache-Expiry
Thinkindot-Control
Thinkindot-CacheControl-Type
X-Debug-Cookies
X-Debug-Cache-Store
Thinkindot-CacheControl
X-A-Dam
Origin
X-Accel-Expires-Debug
X-A-Wwc
X-A-Dgt
Fly-Request-Id
Fly-Cache
Cross-Origin-Window-Policy
Ec-Rule-Version
X-Generated-In
X-Gannett-Site-Version
X-G
Node
X-DPWN-IS-SECURE
On-Server
Meta-Geo-Continent
MD5-Digest
X-A
X-External-Request-Id
X-Aed
X-D
X-Secret
X-Twitter-Response-Tags
X-Trv-Group
X-Up
X-SRCache-Key
X-Var-Ttl
X-B-Cookie
X-Transaction
X-ScT
X-S-Cookie
X-Request-UUID
X-Rewrite-Enabled
X-Protected-By
X-Server-Group
X-Region-Sid
X-Thinkindot-L3
X-Rojux
X-CF-Lambda-Fn
X-Cache-Expires
X-Cache-Grace
X-Processor
X-Platform
Www
X-ARC
Xc-Version
X-Date
X-Application
X-VG-WebServer
X-Varnish-Authentication
X-BB-ID
X-CF-Lambda-Version
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-ElasticPress-Search
User-Cache-Control
X-Cache-Backend
X-Epic-Correlation-Id
X-Cache-Info
IsBot
X-Swa-Ws
Heartbleed
HA-Ipaddr
Kp-EeAlive
Magicmarker
X-Eu-Site
X-Block-Status
N-Cache
Pramga
Server-Int
Server-Host
X-Cache-Host
RNT-Time
SRV
X-Varnish-Url
Lfy
True-Client-Country-4JS
Memcached
RNT-Machine
X-TT-LOGID
X-Cache-Miss-From
X-Distributor
Pagetype
X-Dispatcher-Server
X-Device-Os
X-Cache-Id
Proxy-Connection
Ha-Gx-Prefs
X-WPE-Loopback-Upstream-Addr
Fastly-Backend-Name
X-Rebelmouse-Surrogate-Control
X-Reboot
X-Rebelmouse-Cache-Control
X-RateLimit-Remaining-Second
X-LI-UUID
X-Refresh
X-LI-Proto
X-Cache-Debug
Web-Mar-Node
X-Li-Fabric
X-Li-Pop
X-Webstats-RespID
X-RateLimit-Limit-Second
X-Origin-Date
X-PHP-Host
X-Origin-Expires
X-Page-Type
X-Policy
X-Proxy-Cache-Status
X-Qloud-Router
X-Proxy-Upstream
X-Nginx-Cache-Key
X-No-Session
X-Request-URI
X-LAGOON
X-Servername
X-ServiceProvider
X-Crawler
Country-Code
X-Geo-Header
Fastly-SIE
X-Sf
X-SIPLIST1
X-Amzn-Remapped-Date
Fastly-SWR
X-Gen-Mode
X-Amzn-Remapped-Connection
X-Hash
X-CGP
X-Info
X-Irp-Debug
X-Key
Backend
Cache-Cookie-Set-From
X-Hnp-Log
X-Sedo-Request-Id
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
X-SN
X-FireWall-Port
DSUID
X-Cache-FS-Status
X-Core-Mission
X-Micro-Cache
X-Thanos
X-TrackingId
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-Shopify-Stage
X-Skip-Cache
X-User
X-Variation
X-F5-Cache
X-Fastly-Cache
X-Cache-Bucket
X-Via-SSL
X-Via-Edge
X-ShopId
X-ShardId
X-Gateway-Cache-Status
X-Gateway-Skip-Cache
X-Gateway-Cache-Key
X-Fetched-On
X-Distil-CS
X-Generated-On
X-GeoIP-City
X-S-Maxage
X-Server-IP
X-Location
X-Level-Front-Cache
X-GeoIP-Country-Code
X-Developers
X-Cms-Context
Platform
Adler-Geo
AKAMAI
SD-X-WS
Fastly-SSL
X-C
X-CACHE-KEY
Apple-News-Services-Handled
Apple-News-Services-Host
CDCHOST
Content-Disposition
HTTPS
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Is-Eu
X-Real-Ip
X-Ah-Environment
X-Backend-State
X-Amzn-Remapped-Content-Length
X-Amz-Meta-Cache-Control
X-BBXSRF
X-Alternate-Cache-Key
X-Bip
Cteonnt-Length
X-Auto-Login
Fastly-Soc-X-Request-Id
X-Cdn-Srv
X-Backend-Host
X-Backend-Url
FNAC-ModuleRouting
ServerName
X-MSEdge-Features
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Server-Time
X-Wikidot-Static-Cache
X-Owner
X-Wikidot-Backend
X-MSEdge-Flight
X-Node-Id
X-GZip
X-Varnish-Beresp-Ttl
X-RateLimit-Reset
Server-ID
Section-Io-Cache
Gh-Request-Id
Powered-By
X-CUA
X-Org
X-Nc
MIME-Version
REQUESTUUID
Pragrma
VivaBuild
X-Load-Cache
X-FPC
X-Apm-Svc-Key
Viewtype
X-Sn-Servicetimems
X-Pjax-Url
X-Apm-Inst-Hash
X-Apm-App-Name
X-Cdn-Origin
V-Age
Cache
X-NC
X-Dc
X-Passed-To-PostProcessResponse
X-Passed-To-DLL
X-Server-By
X-Passed-To-BeforeDispatch
X-Returned-From
X-Original-Request
X-Returned-From-DLL
X-Returned-From-PostProcessResponse
X-Returned-From-BeforeDispatch
X-Parent-Response-Time
X-Exp-Se
X-CDN-Forward
Rt-Proxy-Cache
X-Geo
X-ND-Cache
X-Actual-URL
X-Aicache-OS
Fastcgi-Useragent
X-Svr
X-Passed-To
X-Stale
Host-ID
X-Served-From
X-Gdpr
X-Croise-Owner
X-VServer
X-HS-Cache-Config
X-Ua-Device
HostName
X-Unique-ID
X-CSRF-TOKEN
Cdn-Request-Time
X-Edge-Server
Cdn-Host
X-B3-Parentspanid
Memory
Time
X-Microcachable
PICS-Label
X-DC
Mime-Version
X-Wa
Resin-Trace
X-Servedbyhost
X-Oss-Hash-Crc64ecma
X-Git-Hash
SID
X-Oss-Request-Id
X-Oss-Server-Time
X-Oss-Storage-Class
X-Oss-Object-Type
ProcessTime
Wxu-Next-Region
Wxu-Next-Hostname
Wxu-Next-Commit
X-Newrelic-Synthetics
X-V
X-Req
CF-IPCountry
X-Tb-Optimization-Total-Bytes-Saved
X-From-Cache
Cf-Ipcountry
X-ID
AR-SID
X-Optimization
X-Cache-HT
X-Lb-Id
Cdn
X-Release
Odigeo-Trace-Id
X-Host-Name
X-WebServer
X-TH-Server
X-HTML-Minification-Powered-By
X-Varnish-Beresp-TTL
X-Fstrz
CF-Cached-On
X-Ratelimit-Remaining
X-Phone
X-Atg-Version
X-APP
X-Daa-Tunnel
XServer
Proxy-Firewall
X-Response-By
X-Instart-Info
X-Upstream-CT
Public-Key-Pins-Report-Only
X-Ratelimit-Limit
X-Upstream-HT
GMS-Ver
Processtime
Backend-Name
X-Vcl-Version
X-LB-ID
X-WR-MODIFICATION
X-Check-Cacheable
X-Fastly-Backend-Reqs
WZWS-RAY
X-Worker
X-CACHE-AGE
X-GEO
X-Zone
X-CLOUD-TRACE-CONTEXT
Fastcgi-X-Cache-Version
409pxxline
188prxHost
189phosttRef
Xxline
X-Server-W
225prxHost
286prxHost
352pxline
178proxuri
219prxHost
355prline
X-B3-SpanId
X-Backend-TTL
X-Nananana
X-Amz-Meta-Surrogate-Control
X-IPS-LoggedIn
X-Vcache
X-NGINX-Cache
X-WA
Version
X-Ratelimit-Reset
X-ServedByHost
X-CSRF-Token
X-UE-Client-Country
Countrycode
X-URL
X-HS-Status
GW-Server
Pics-Label
X-We-Are-Hiring
Mobile-Detection-Method
X-Clientip
Lb
WP-Super-Cache
X-Fastly-Country-Code
X-UPSTREAM-Address
SS
SN
Geoip-Latitude
Esi-Enabled
X-Hyper-Cache
GeoIp-Country-Code
DataCenter
Ohc-File-Size
X-VCL-Version
X-Akamai-Request-ID2
X-Contensis-Viewer-Groups
X-SERVER-NAME
X-AssetVersion
Geoip-City
X-SRV
X-Dynatrace
Accept-Language
X-GZIP
X-PF-Uncompressing
URI
GeoIP-City
X-Request-Start
X-Render-Time
GeoIP-Country-Code
GeoIP-Latitude
X-Be
X-Via-Ucdn
FSS-Cache
X-HS-Combine-CSS
FSS-Proxy
X-BE
Serverid
X-NWS-UUID-VERIFY
X-RequestId
X-CS
X-GDPR
X-LiteSpeed-Cache-Control
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
X-Unique-Id
X-Via-NSCOPI
Locale
Ohc-Cache-HIT
X-Urbn-Site-Id
X-Gen-Id
X-Fpc
X-ZONE
X-PJAX-URL
X-Reqid
X-Urbn-Context-Path
CDN
FastCGI-Cache
X-FORWARDED-FOR
X-HostName
Dynatrace
Amp-Access-Control-Allow-Source-Origin
X-Flog
X-Hello
X-ABtesting
X-Html-Edge-Cache
RequestUuid
X-UCC
X-Pf-Uncompressing
Cneonction
X-Fastly-Cache-Hits
X-Cdn-Cache
X-Cache-Ttl
X-Varnish-Action
Accept-Ch
Who
X-Generation-Time
IBM-Web2-Location
Dnion-Transfer-Encoding
X-LiteSpeed-Tag
A
Server-Id
X-Request-Url
X-Store
X-Akamai-SSL-Client-Sid
X-HTML-Edge-Cache
NnCoection
X-Dw-Trace-Id
X-ServerName
Frontcache
X-Serial
Is-Session-Tracking
X-Cdn-Request-ID
Get-Access-Time
X-Port
Ohc-Response-Time
X-Cache-URL
X-EC-Lua