Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
X-Powered-By
ETag
Link
CF-RAY
X-XSS-Protection
Expect-CT
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
CF-Cache-Status
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-Xss-Protection
X-AspNet-Version
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-FRAME-OPTIONS
X-Drupal-Cache
X-Adblock-Key
Alt-Svc
X-Check
X-Cacheable
X-Request-ID
Content-Security-Policy-Report-Only
X-Generator
X-Cache-Status
CF-Ray
X-AspNetMvc-Version
X-Permitted-Cross-Domain-Policies
X-DNS-Prefetch-Control
X-Template
X-Language
Status
X-Iinfo
Content-Encoding
Timing-Allow-Origin
X-Buckets
X-Content-Security-Policy
X-CDN
Upgrade
Xkey
X-Turbo-Charged-By
X-Kinja-Server-Push
Keep-Alive
Access-Control-Expose-Headers
P3p
X-Backend
X-Cache-Group
X-Pass-Why
X-AH-Environment
Access-Control-Max-Age
X-Age
X-Drupal-Dynamic-Cache
X-Ua-Compatible
X-Pingback
X-Server
X-Proxy-Cache
X-Via
Grace
X-Amz-Request-Id
X-Amz-Id-2
X-Hacker
X-Robots-Tag
WPE-Backend
X-Nginx-Cache-Status
X-Server-Powered-By
X-Varnish-Cache
X-Page-Speed
X-UA-Device
EagleId
Request-Context
X-Envoy-Upstream-Service-Time
Cf-Railgun
X-Amz-Version-Id
X-LiteSpeed-Cache
X-WebKit-CSP
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Swift-CacheTime
X-Swift-SaveTime
X-OneAgent-JS-Injection
X-Device
Allow
Ali-Swift-Global-Savetime
Server-Timing
X-CST
X-Ac
X-Type
X-Node
X-Rq
X-Host
X-Server-Id
Feature-Policy
Content-Location
X-Response-Time
X-Cnection
Report-To
X-Backend-Server
X-Application-Context
Surrogate-Control
EagleEye-TraceId
X-Cloud-Trace-Context
X-Iejgwucgyu
X-ORACLE-DMS-ECID
X-Readtime
X-Origin-Cache
X-Rack-Cache
Request-Id
X-Url
X-Country
X-FTR-Request-ID
X-Cache-Lookup
X-Clacks-Overhead
X-Country-Code
Rating
NEL
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Instart-Request-ID
X-Upstream-Env
X-Dns-Prefetch-Control
X-Ruxit-JS-Agent
Pinterest-Generated-By
X-Mod-Pagespeed
X-Vhost
X-DynaTrace
X-Origin-Upstream-Status
X-Px
X-DataDome
Edge-Control
X-Goog-Hash
Verso
X-Server-Name
Accept-CH
X-ESI
X-Dispatcher
X-HW
X-GitHub-Request-Id
Charset
X-Mobile-Rewrite
PB-RID
X-VARITI-CCR
PB-PID
Arc-Version
MS-Author-Via
X-DataStream-Cache-Status
X-MS-InvokeApp
X-Kinja-Build
X-Kinja
X-Exp-Id
X-Exp-Variant
X-Kinja-Server
X-Cdn-Fetch
X-Use-Magma
X-Kinja-Revision
X-GoogleNews-Bot
X-Cached
AR-PoweredBy
AR-ATIME
AR-CACHE
X-Version
X-Powered-By-Plesk
Content-MD5
X-ORACLE-DMS-RID
X-Recruiting
Public-Key-Pins
Service-Worker-Allowed
Accept-CH-Lifetime
X-D2id
X-Navigation-Version
AR-Request-ID
X-Abt-Application-Version
X-PC
X-TtlSet
X-Vname
RTSS
Ar-Sid
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Ser
X-Varnish-TTL
X-Trace
X-TTL
SPRequestGuid
X-Client-IP
X-Forwarded-Proto
X-Vcap-Request-Id
X-Amz-Server-Side-Encryption
X-DynaTrace-JS-Agent
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-Cache-Status
X-FTR-DC
X-FTR-Backend
X-FTR-Realm
X-Country-Code-Real
X-SharePointHealthScore
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Goog-Metageneration
X-Server-ID
X-Amz-Rid
X-FTR-Expires
X-Oracle-Dms-Rid
X-Fastly-Request-ID
Nginx-Cache
X-VCache
X-Amz-Meta-S3cmd-Attrs
S
Arr-Disable-Session-Affinity
X-XRDS-Location
X-Shield-Request-Id
TCN
X-Debug
X-Ttl
X-Upstream-Proxy
X-Pinterest-Rid
X-Id
Pinterest-Version
X-Hits
X-Dw-Request-Base-Id
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
SPRequestDuration
SPIisLatency
X-Akam-SW-Version
DynaTrace
Access-Control-Request-Method
Front-End-Https
X-SERVER
X-FTR-Cache-Host
X-Goog-Storage-Class
X-T
X-Litespeed-Cache
X-Powered-CMS
X-Aspnet-Version
X-NF-Request-ID
X-Acc-Meta-Resource-Type
Realpath
Paypal-Debug-Id
Tracecode
X-MSEdge-Ref
X-Amzn-Trace-Id
Fastcgi-Cache
X-Varnish-Age
X-Forwarded-For
X-N
X-B3-TraceId
X-Content-Type
Alternate-Protocol
X-Upstream
X-Mrf-Item-Lastmod
X-B3-TraceId-Primal
MRF-Tech
X-Mrf-Section-Lastmod
Mrf-Cache-Status
X-RateLimit-Remaining
X-PressLabs-Stats
X-Frontend
X-Middleton-Display
X-Sol
Fusion-Source
X-Logged-In
Fusion-Content-Id
Fusion-Template-Id
Fusion-Content-Source
Fusion-Component-Id
X-HS-Hub-Id
Display
X-HS-Content-Id
X-Content-Digest
X-Accel-Buffering
AMP-Access-Control-Allow-Source-Origin
Response
X-Middleton-Response
X-Srv
X-Hostname
X-B3-Traceid
X-Cache-Key
X-Kinsta-Cache
X-Pad
X-Accel-Expires
Server-Name
MicrosoftSharePointTeamServices
X-Content-Options
X-User-Agent
Host
X-FastCGI-Cache
Refresh
Backend-Timing
X-Analytics
X-Correlation-Id
X-DIS-Request-ID
X-LB-Cache
X-Rid
X-Revision
X-IPLB-Instance
X-Fastcgi-Cache
X-Az
X-Debug-Info
X-AppVersion
X-Activity-Id
X-Grace
FilterID
X-Amzn-RequestId
X-Amz-Apigw-Id
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
X-B
ServerID
X-Cache-Hit
Accept-Charset
X-Cache-2
X-B3-Sampled
X-CF-Powered-By
Powered-By-ChinaCache
Surrogate-Key
X-Page-Id
X-Whom
Server-Info
X-PHP-Backend
X-Webkit-CSP
X-Content-Security-Policy-Report-Only
X-Ruxit-Js-Agent
X-Request-Processing-Time
Host-Header
X-Varnish-Backend
MS-CV
TP-Cache
TP-L2-Cache
X-Request-Received
Source
VIX-Pulpo-Upstream-Status
X-Amz-Replication-Status
X-TT
X-Akamai-Edgescape
X-Origin-Server
VIX-Pulpo-Node
X-UA-Device-Type
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Tumblr-User
X-Cache-Action
X-F-Cache
X-Cluster
X-Framework
X-Kong-Proxy-Latency
X-App-Environment
X-Instance
X-FW-Server
X-Mobile
X-FW-Serve
X-FW-Static
X-Kong-Upstream-Latency
X-FW-Hash
X-FW-Type
X-Content-Powered-By
X-Platform-Server
X-RateLimit-Limit
Access-Control-Allow-Method
X-Drupal-Cache-Tags
X-Varnish-Grace
X-Request-Guid
X-Handled-By
X-Cached-By
Cache-Status
X-SS-Set-Cookie
X-Zen-Fury
X-Geo-Country
X-Magnolia-Registration
X-Ezoic-Cdn
X-Shard
CACHE
X-FB-Debug
X-Cache-TTL
X-Forwarded-Host
X-GUploader-UploadID
PageSpeed
Edge-Cache-Tag
X-ATG-Version
From-Origin
X-App-Server
DC
X-Cache-Age
X-Varnish-Server
X-Wix-Server-Artifact-Id
X-Node-Name
Cleartype
X-Varnish-Hostname
Cache-Tags
X-AOL-HN
X-BCube-Filmed-By
Payment
X-Cache-Control
X-Region
X-Generated-By
X-WebKit-CSP-Report-Only
Filters
X-Response-Served-From
X-RequestSource
X-Signature
X-TX-ID
Upgrade-Insecure-Requests
Healthy
X-GeoIP
X-B-Cache
Cache-Tv-Group
Country
X-Tumblr-Pixel-2
X-Adobe-Content
X-TT-TIMESTAMP
X-Adobe-Loc
X-VG-WebCache
X-Tumblr-Pixel-1
X-UUID
NGB
Webserver
Ms-Operation-Id
X-RTag
X-FW-Dynamic
X-Storage
X-Drupal-Cache-Contexts
X-Redis-Cache
X-Jobs
Retry-After
GEO-INFO
X-Seen-By
Server-Node
X-Cacheable-TTL
X-Content-Age
ServedBy
X-XRDS-LOCATION
X-Varnish-Hits
X-Locale
Actual-Object-TTL
X-Cache-Rule
Liferay-Portal
X-Via-JSL
X-Contextid
Fastly-Restarts
X-Rendered-As
X-Oneagent-Js-Injection
Powered
Frame-Options
X-Real-IP
X-Cache-TTL-Remaining
X-Guploader-Uploadid
HitType
X-Varnish-IP
X-BACKEND-TTL
S-Cnection
Viewport
Content-Script-Type
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-WA-Info
ViewerVersion
X-Wix-Request-Id
Content-Style-Type
X-Cache-Server
X-TA-CDN-Provider
X-Upgrade-Enabled
NtCoent-Length
X-Esi
Datacenter
X-RemovedCookies
X-ProcessESI
X-Mode
Eomportal-Instance
X-Cache-Config
X-NewRelic-App-Data
X-Varnish-Cache-Hits
X-Endurance-Cache-Level
X-Proxied
X-Proto
X-Akamai-Transformed
X-Routing-Service
X-Zipkin-Id
X-Path-Route
X-RN-RSRV
X-Device-Type
X-Cache-Var
Meta-Geo
Cache-Hits
Machine
X-Cache-Var-Map
X-Detected-As
X-Hl-Ver
X-ES-SERVER
Cache-Key
X-Is-Bot
Load-Balancing
Vix-Hermes-Req-Id
TWC-Privacy
TWC-Locale-Group
We-Hiring
Webcakes-App-Version
X-Access
Webcakes-Region
TWC-GeoIP-LatLong
TWC-GeoIP-Country
Mail-Subject
L5d-Success-Class
OT-Force-Account-Verify
Property-Id
TWC-Device-Class
TWC-Connection-Speed
X-AWS-Id
X-Backend-Name
X-Viewer-Country
X-VG-TLSProxy
X-VWS-Id
X-Cdn
X-From
Mn-Server-Ip
X-Section
X-Proxy
X-Format
X-Cache-Enabled
X-FW-Version
X-Hosted-By
X-Origin-Hint
X-LJ-Flow-ID
Access-Control-Request-Headers
Webcakes-App-Name
X-S
Azure-SlotName
Azure-Version
Azure-SiteName
X-Status
Azure-RegionName
Now
Azure-InstanceId
X-Via-Fastly
X-Origin-Response-Time
S-Rt
X-GRACE
X-TNCMS
X-Time-Microsecs
X-Labrador-Cache-Channel
X-Tb
DB-Nickname
X-Akamai-Request-ID
Xserver
X-Environment-Context
Decoy-Debug-TTL
X-Cache-NE
X-FC-Vary-Parameters
X-EIG-Tracking-Id
X-Birta-Served
Decoy-Debug-Status
X-Loop
X-Birta-Cache-Post
Decoy-Debug-Key
X-L-Path
X-JoinUs
X-IP
X-Timing-Wait
X-Web-Node
X-Time
X-ServerID
Cache-Tag
X-Via-CDN
X-CCM
X-NCache
X-Proxy-Build
Selected-FE
X-Debug-Cache
X-Trace-Id
X-Tumblr-Pixel-3
X-Xfnlog-Site
X-Www-Served-By
Origin-Cache-Control
X-BYPASS-REASON
Origin-Edge-Control
Served-By
X-FB-TRIP-ID
X-Human
X-OCL
X-Internal-Host
X-ProxyCache-Status
X-ProxyCache-Key
X-PCL
X-MP-GENERATED-AT
X-Origin-Host
X-Varnish-Cacheable
NGX
X-Generated
X-Site-Version
X-Cache-Category-Id
X-Grey
X-Cache-Operation
Uber-Trace-Id
X-Dynatrace-Js-Agent
X-Vgn-Hpd-Reason
X-UA
X-Rocket-Nginx-Bypass
AsisCache
X-VC-Cache
X-EdgeConnect-Cache-Status
X-Newrelic-App-Data
LB
User-Agent
X-R9-Blue-Green-Version
X-CDN-Cache
X-Rule
X-Sucuri-ID
X-NWS-LOG-UUID
X-Cluster-Node
X-RCS-CacheZone
Rt-Fastcgi-Cache
Hostname
X-TIME
X-B3-Spanid
Release
Nel
X-UnsetCookies
X-App-Name
X-ApacheServer
X-Cache-Remote
X-PERF
X-Agile
X-Agile-Age
X-APP-VERSION
X-Agile-Id
X-Datadome
X-Source
Cache-Name
Pagespeed
X-Nginx-Cache
X-Edge-Location
X-Ua
X-Edge-IP
X-Request-Time
X-Pubstack
X-Ocache
X-App-Version
X-Protected-By
Warning
X-Sucuri-Cache
X-OVcl-Cache
X-Varnish-Beresp-Status
X-OVcl
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Varnish-Beresp-Grace
X-Hit
X-Origin
Thinkindot-Control
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
Cache-Prefix
Server-Surrogate-Control
Www
UCS
Request-Country
Rendered-Blocks
Origin
On-Server
BehaviorPad-Version
Node
Request-Time
Request-EU
Server-Cache-Control
N-Cache
Fly-Cache
Fly-Request-Id
X-Aed
Ec-Rule-Version
X-Application
X-B-Cookie
X-ARC
X-Accel-Expires-Debug
X-A-Wwc
X-BB-ID
X-A-Dam
Cross-Origin-Window-Policy
X-A-Dcw
Meta-Geo-Continent
MD5-Digest
X-A-Dgt
X-A
X-Debug-Cache-Fetch
X-Region-Sid
X-Processor
X-Request-UUID
X-Rewrite-Enabled
X-S-Cookie
X-Rojux
X-Platform
X-PAYTM-SRV-ID
X-NU-AKA-ACS-Version
X-NodeID
X-NX-Host
X-Origin-CC
X-Origin-TTL
X-ScT
X-Secret
X-Varnish-Authentication
X-Var-Ttl
X-VCT
X-VG-WebServer
Xc-Version
X-Up
X-Twitter-Response-Tags
X-SRCache-Key
X-Server-Group
X-Thinkindot-L3
X-Transaction
X-Trv-Group
X-Nginx-Cache-Key
X-Mobile-URL
X-Debug-Cache-Expiry
X-Date
Arc-Country
X-Debug-Cache-Store
X-Debug-Log
X-Debug-Cookies
X-D
X-Core-Value
X-Cache-Grace
X-Cache-Expires
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Connection-Hash
X-Destination
X-Developer
X-IN-WAF
X-IN-APIGATEWAY
X-Instart-Isnd
X-Logtrace-Id
X-Matched-Rule
X-Hp-Webp
X-Generated-In
X-DPWN-IS-SECURE
X-Developers
X-External-Request-Id
X-G
X-Gannett-Site-Version
X-Cache-ASPX
X-A-Ccd
X-ElasticPress-Search
Ajk
X-Cache-Backend
X-Varnish-Ttl
X-Cdn-Forward
SRV
X-Webstats-RespID
X-F5-Cache
X-Eu-Site
X-Epic-Correlation-Id
X-Sedo-Request-Id
Server-Int
True-Client-Country-4JS
X-Request-URI
Pramga
X-Reboot
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-RateLimit-Remaining-Second
X-Refresh
X-Hash
X-Distil-CS
RNT-Time
RNT-Machine
X-Geo-Header
Server-Host
Section-Io-Cache
X-SN
X-Page-Type
X-SIPLIST1
X-Ah-Environment
X-Cache-Miss-From
X-C
X-Cache-Id
X-Skip-Cache
X-Cache-Debug
X-Cache-Info
X-CGP
X-Cms-Context
Fastcgi-Useragent
X-TT-LOGID
X-RateLimit-Limit-Second
X-Device-Os
X-Servername
X-Swa-Ws
X-Sf
X-Crawler
X-ServiceProvider
X-Dispatcher-Server
Proxy-Connection
Ha-Gx-Prefs
X-Policy
X-PHP-Host
HA-Ipaddr
Heartbleed
Country-Code
X-Location
X-Proxy-Cache-Status
X-Info
X-No-Session
Fastly-Backend-Name
X-Origin-Date
Content-Disposition
Fastly-SIE
Fastly-Soc-X-Request-Id
X-Node-Id
Fastly-SWR
X-Origin-Expires
IsBot
CDCHOST
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
AKAMAI
Apple-News-Services-Host
X-Proxy-Upstream
X-Qloud-Router
X-Irp-Debug
X-LAGOON
Cache-Cookie-Set-From
Backend
Lfy
Kp-EeAlive
Apple-News-Services-Handled
Magicmarker
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
Memcached
X-GZip
X-CACHE-KEY
X-Cdn-Srv
X-ShardId
X-ShopId
X-Shopify-Stage
X-Core-Mission
X-Planisys-CDN-TTL
X-GeoIP-City
X-LI-Proto
X-Generated-On
X-GeoIP-Country-Code
X-Li-Pop
X-Cache-Host
X-Level-Front-Cache
X-Li-Fabric
X-Fetched-On
X-LI-UUID
X-Planisys-CDN-Rules
X-Server-IP
X-Planisys-CDN-Cache
X-MSEdge-Flight
X-Distributor
X-Fastly-Cache
X-MSEdge-Features
X-CUA
X-BBXSRF
X-Wikidot-Static-Cache
HTTPS
Pagetype
User-Cache-Control
X-Wikidot-Backend
X-Via-SSL
X-User
X-Variation
X-Varnish-Url
Web-Mar-Node
X-Amzn-Remapped-Connection
X-Gen-Mode
X-Hnp-Log
X-Key
X-Via-Edge
X-Block-Status
Platform
Is-Eu
X-Amzn-Remapped-Date
Powered-By
X-Thanos
Fastly-SSL
X-Sorting-Hat-PodId
X-Backend-State
X-Auto-Login
X-Alternate-Cache-Key
X-Amzn-Remapped-Content-Length
X-Sorting-Hat-ShopId
X-Backend-Url
X-Backend-Host
X-Cache-FS-Status
X-Varnish-Beresp-Ttl
Adler-Geo
X-Bip
X-WPE-Loopback-Upstream-Addr
X-Dc
SD-X-WS
X-Gateway-Cache-Status
X-Gateway-Skip-Cache
X-TrackingId
Pragrma
X-Cache-Bucket
X-Amz-Meta-Cache-Control
X-Gateway-Cache-Key
X-Micro-Cache
X-Server-Time
X-S-Maxage
X-RateLimit-Reset
X-Real-Ip
X-FireWall-Port
X-Original-Request
X-Returned-From-PostProcessResponse
X-Passed-To-PostProcessResponse
X-Passed-To-DLL
X-Owner
X-Actual-URL
X-Returned-From-BeforeDispatch
X-Passed-To-BeforeDispatch
X-Svr
X-Returned-From-DLL
X-Passed-To
X-Stale
X-Returned-From
X-Server-By
X-CDN-Forward
X-Org
FNAC-ModuleRouting
Host-ID
ServerName
DSUID
Server-ID
X-Nc
X-Croise-Owner
X-Unique-ID
X-VServer
X-HS-Cache-Config
X-NC
X-Load-Cache
Cteonnt-Length
Cdn-Host
Viewtype
X-Aicache-OS
Cdn-Request-Time
X-Microcachable
VivaBuild
X-Edge-Server
REQUESTUUID
Gh-Request-Id
X-Pjax-Url
X-Parent-Response-Time
X-FPC
X-Sn-Servicetimems
X-Cdn-Origin
X-Apm-Svc-Key
V-Age
X-Apm-Inst-Hash
X-Apm-App-Name
X-Gdpr
X-Oss-Request-Id
MIME-Version
X-Ua-Device
X-Oss-Storage-Class
SID
Mime-Version
X-Oss-Hash-Crc64ecma
X-Oss-Server-Time
X-Oss-Object-Type
X-V
X-Exp-Se
Memory
PICS-Label
X-CSRF-TOKEN
Time
X-ND-Cache
X-Geo
Rt-Proxy-Cache
X-Req
X-Served-From
X-From-Cache
X-Servedbyhost
ProcessTime
X-URL
X-Wa
Odigeo-Trace-Id
CF-IPCountry
X-Tb-Optimization-Total-Bytes-Saved
X-HTML-Minification-Powered-By
X-B3-Parentspanid
X-Cache-HT
AR-SID
X-Optimization
Wxu-Next-Commit
X-Lb-Id
Wxu-Next-Hostname
Wxu-Next-Region
X-Fstrz
Resin-Trace
X-Newrelic-Synthetics
Cf-Ipcountry
Public-Key-Pins-Report-Only
X-Git-Hash
Cache
X-Response-By
HostName
XServer
X-DC
X-GEO
Cdn
GMS-Ver
X-Varnish-Beresp-TTL
X-Atg-Version
Fastcgi-X-Cache-Version
X-Release
Processtime
Proxy-Firewall
X-TH-Server
X-WebServer
X-Fastly-Backend-Reqs
X-WR-MODIFICATION
WZWS-RAY
X-Ratelimit-Remaining
X-Phone
X-Ratelimit-Limit
X-APP
X-LB-ID
X-Vcl-Version
X-Amz-Meta-Surrogate-Control
X-CACHE-AGE
X-CLOUD-TRACE-CONTEXT
X-Daa-Tunnel
X-We-Are-Hiring
X-Clientip
X-NGINX-Cache
Countrycode
CF-Cached-On
X-Instart-Info
GW-Server
X-UE-Client-Country
Mobile-Detection-Method
X-Host-Name
Backend-Name
X-Hyper-Cache
X-HS-Status
X-Nananana
X-Vcache
SS
X-Check-Cacheable
Ohc-File-Size
X-Zone
X-Upstream-CT
X-WA
X-Upstream-HT
X-Worker
X-Ratelimit-Reset
X-Fastly-Country-Code
Lb
Geoip-Latitude
FSS-Proxy
X-ServedByHost
X-Backend-TTL
X-PF-Uncompressing
GeoIp-Country-Code
FSS-Cache
X-CSRF-Token
X-HS-Combine-CSS
Pics-Label
X-Server-W
DataCenter
X-IPS-LoggedIn
SN
X-VHOST
225prxHost
X-SERVER-NAME
286prxHost
Xxline
178proxuri
352pxline
Geoip-City
355prline
219prxHost
188prxHost
409pxxline
189phosttRef
X-GZIP
X-Dynatrace
Esi-Enabled
X-UPSTREAM-Address
Ohc-Cache-HIT
X-Fpc
X-Be
X-Render-Time
Version
URI
X-Request-Start
X-BE
X-B3-SpanId
X-CS
X-VCL-Version
WP-Super-Cache
X-UCC
X-LiteSpeed-Cache-Control
CDN
X-Gen-Id
X-Unique-Id
X-ID
X-Contensis-Viewer-Groups
Who
X-Varnish-Action
X-AssetVersion
X-PJAX-URL
X-Cdn-Cache
Amp-Access-Control-Allow-Source-Origin
X-FORWARDED-FOR
Dynatrace
X-HostName
X-NGENIX-Cache
X-Cache-URL
GeoIP-Country-Code
X-SRV
GeoIP-City
X-Pf-Uncompressing
Server-Id
Cneonction
X-Html-Edge-Cache
X-Fastly-Cache-Hits
X-GDPR
RequestUuid
GeoIP-Latitude
X-Via-Ucdn
X-ZONE
Serverid
X-Cache-Ttl
X-Via-NSCOPI
X-LiteSpeed-Tag
X-Akamai-Request-ID2
X-Vtex-Remote-Cache
X-Vtex-Processado-Em
Accept-Language
Accept-Ch
X-Store
A
X-Request-Url
X-NWS-UUID-VERIFY
X-Akamai-SSL-Client-Sid
X-Serial
Ohc-Response-Time
X-RequestId
X-Flog
X-Requestid
X-Reqid
X-Hello
Frontcache
X-ABtesting
Get-Access-Time
X-Cdn-Request-ID
X-ServerName
NnCoection
RequestId
X-HTML-Edge-Cache
X-Port
X-EC-Lua
X-Dw-Trace-Id
Is-Session-Tracking