Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
X-Powered-By
ETag
Link
CF-RAY
X-XSS-Protection
Expect-CT
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
CF-Cache-Status
X-Timer
Access-Control-Allow-Headers
X-Request-Id
Access-Control-Allow-Methods
X-AspNet-Version
X-Xss-Protection
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-FRAME-OPTIONS
X-Drupal-Cache
X-Adblock-Key
Alt-Svc
X-Check
X-Cacheable
X-Request-ID
Content-Security-Policy-Report-Only
X-Generator
X-Cache-Status
CF-Ray
X-AspNetMvc-Version
X-Permitted-Cross-Domain-Policies
X-DNS-Prefetch-Control
X-Template
X-Language
Status
X-Iinfo
Content-Encoding
Timing-Allow-Origin
X-Buckets
X-Content-Security-Policy
Upgrade
X-CDN
Xkey
X-Turbo-Charged-By
X-Kinja-Server-Push
Keep-Alive
Access-Control-Expose-Headers
X-Backend
X-Cache-Group
X-Pass-Why
X-AH-Environment
P3p
X-Age
Access-Control-Max-Age
X-Drupal-Dynamic-Cache
X-Ua-Compatible
X-Pingback
X-Server
X-Proxy-Cache
X-Via
Grace
X-Amz-Request-Id
X-Amz-Id-2
X-Hacker
WPE-Backend
X-Robots-Tag
X-Server-Powered-By
X-Nginx-Cache-Status
X-Varnish-Cache
X-Page-Speed
X-UA-Device
EagleId
Request-Context
X-Envoy-Upstream-Service-Time
Cf-Railgun
X-Amz-Version-Id
X-LiteSpeed-Cache
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Swift-SaveTime
X-Swift-CacheTime
X-OneAgent-JS-Injection
X-WebKit-CSP
X-Device
Allow
Ali-Swift-Global-Savetime
Server-Timing
X-Type
X-CST
X-Ac
X-Node
X-Rq
X-Server-Id
X-Host
Feature-Policy
Content-Location
X-Response-Time
X-Cnection
Report-To
X-Backend-Server
X-Application-Context
Surrogate-Control
EagleEye-TraceId
X-Iejgwucgyu
X-Cloud-Trace-Context
X-ORACLE-DMS-ECID
X-Readtime
X-Origin-Cache
X-Rack-Cache
Request-Id
X-Url
X-Country
X-FTR-Request-ID
X-Cache-Lookup
X-Clacks-Overhead
X-Country-Code
NEL
Rating
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Instart-Request-ID
X-Upstream-Env
X-Ruxit-JS-Agent
X-Mod-Pagespeed
X-Dns-Prefetch-Control
Pinterest-Generated-By
X-Vhost
X-DynaTrace
X-Px
X-Origin-Upstream-Status
X-DataDome
Edge-Control
X-Goog-Hash
X-Server-Name
Verso
X-ESI
Accept-CH
X-Dispatcher
X-HW
Charset
X-GitHub-Request-Id
X-VARITI-CCR
Arc-Version
PB-PID
X-Mobile-Rewrite
PB-RID
MS-Author-Via
X-MS-InvokeApp
X-Exp-Id
X-GoogleNews-Bot
X-Kinja-Build
X-Cdn-Fetch
X-Kinja-Revision
X-Use-Magma
X-Kinja
X-Exp-Variant
X-Kinja-Server
X-Version
X-Cached
AR-CACHE
AR-PoweredBy
X-DataStream-Cache-Status
AR-ATIME
X-Powered-By-Plesk
X-Recruiting
Content-MD5
Public-Key-Pins
X-ORACLE-DMS-RID
Service-Worker-Allowed
Accept-CH-Lifetime
X-D2id
X-PC
X-TtlSet
X-Vname
X-Navigation-Version
AR-Request-ID
X-Abt-Application-Version
RTSS
Ar-Sid
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-TTL
X-Ser
X-Trace
X-Varnish-TTL
SPRequestGuid
X-Forwarded-Proto
X-Client-IP
X-Vcap-Request-Id
X-DynaTrace-JS-Agent
X-Oracle-Dms-Rid
X-Amz-Server-Side-Encryption
X-SharePointHealthScore
X-FTR-Realm
X-Country-Code-Real
X-FTR-DC
X-FTR-Cache-Status
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-Backend
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Amz-Rid
X-FTR-Expires
X-Fastly-Request-ID
X-VCache
X-Amz-Meta-S3cmd-Attrs
Nginx-Cache
S
X-XRDS-Location
Arr-Disable-Session-Affinity
X-Shield-Request-Id
TCN
X-Server-ID
X-Debug
X-Pinterest-Rid
X-Upstream-Proxy
X-Id
Pinterest-Version
X-Hits
X-Dw-Request-Base-Id
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Ttl
SPIisLatency
SPRequestDuration
X-Akam-SW-Version
Front-End-Https
Access-Control-Request-Method
X-Goog-Storage-Class
DynaTrace
X-FTR-Cache-Host
X-T
X-Powered-CMS
X-SERVER
X-NF-Request-ID
Realpath
X-Acc-Meta-Resource-Type
Paypal-Debug-Id
Tracecode
X-MSEdge-Ref
X-Amzn-Trace-Id
X-B3-TraceId
X-Litespeed-Cache
X-Varnish-Age
Fastcgi-Cache
X-Aspnet-Version
X-Forwarded-For
X-N
X-Content-Type
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
Alternate-Protocol
MRF-Tech
Mrf-Cache-Status
X-B3-TraceId-Primal
X-Upstream
X-RateLimit-Remaining
X-Frontend
X-Accel-Buffering
X-PressLabs-Stats
Fusion-Component-Id
Fusion-Source
X-Logged-In
X-HS-Hub-Id
X-HS-Content-Id
Fusion-Content-Id
Fusion-Template-Id
Fusion-Content-Source
X-Content-Digest
X-Sol
X-Middleton-Display
Display
X-Srv
Response
X-Middleton-Response
X-Hostname
AMP-Access-Control-Allow-Source-Origin
X-Kinsta-Cache
X-B3-Traceid
X-Cache-Key
X-Pad
Server-Name
X-Accel-Expires
MicrosoftSharePointTeamServices
X-Fastcgi-Cache
X-Content-Options
X-User-Agent
Host
Refresh
X-DIS-Request-ID
X-Analytics
Backend-Timing
X-Grace
X-Correlation-Id
X-Revision
X-Rid
X-IPLB-Instance
X-LB-Cache
X-Activity-Id
X-Az
X-Debug-Info
X-AppVersion
FilterID
X-FastCGI-Cache
X-CF-Powered-By
X-Amz-Apigw-Id
X-Amzn-RequestId
X-B
ServerID
X-Cache-Hit
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
Accept-Charset
X-Cdn
X-B3-Sampled
Powered-By-ChinaCache
X-Cache-2
Surrogate-Key
X-Page-Id
X-Whom
Server-Info
X-PHP-Backend
X-Varnish-Backend
X-Request-Processing-Time
X-Request-Received
MS-CV
TP-L2-Cache
Host-Header
X-Content-Security-Policy-Report-Only
TP-Cache
VIX-Pulpo-Node
X-Amz-Replication-Status
X-F-Cache
X-Origin-Server
X-TT
X-Akamai-Edgescape
Source
VIX-Pulpo-Upstream-Status
X-Framework
X-Tumblr-User
X-UA-Device-Type
X-Cache-Action
X-Cluster
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Instance
X-FW-Server
X-Mobile
X-App-Environment
X-FW-Hash
X-FW-Serve
X-Webkit-CSP
X-FW-Static
X-FW-Type
X-Platform-Server
X-Content-Powered-By
X-Varnish-Grace
X-Kong-Proxy-Latency
X-Drupal-Cache-Tags
X-Kong-Upstream-Latency
X-Ruxit-Js-Agent
Access-Control-Allow-Method
X-RateLimit-Limit
X-Cached-By
X-Handled-By
X-Request-Guid
Cache-Status
X-Zen-Fury
X-SS-Set-Cookie
CACHE
X-Magnolia-Registration
X-Geo-Country
X-Shard
X-Ezoic-Cdn
X-FB-Debug
X-Cache-TTL
X-ATG-Version
X-Forwarded-Host
Edge-Cache-Tag
From-Origin
X-Wix-Server-Artifact-Id
X-App-Server
X-GUploader-UploadID
PageSpeed
DC
X-Cache-Age
X-Varnish-Server
Cleartype
X-Node-Name
X-Varnish-Hostname
X-AOL-HN
Cache-Tags
X-BCube-Filmed-By
X-Cache-Control
Payment
X-Generated-By
X-Region
X-B-Cache
X-RequestSource
Filters
X-WebKit-CSP-Report-Only
X-Signature
X-Response-Served-From
X-GeoIP
Upgrade-Insecure-Requests
X-TX-ID
Healthy
X-TT-TIMESTAMP
Ms-Operation-Id
X-FW-Dynamic
X-UUID
NGB
Webserver
X-Adobe-Loc
X-Adobe-Content
Cache-Tv-Group
Country
X-Tumblr-Pixel-2
X-VG-WebCache
Server-Node
X-Tumblr-Pixel-1
X-Seen-By
X-RTag
X-Drupal-Cache-Contexts
X-Jobs
X-Redis-Cache
Retry-After
GEO-INFO
X-Via-JSL
X-Cacheable-TTL
ServedBy
X-Storage
X-Content-Age
X-Locale
Actual-Object-TTL
X-Varnish-Hits
Liferay-Portal
X-Cache-Rule
X-Contextid
X-XRDS-LOCATION
X-Guploader-Uploadid
X-Rendered-As
Fastly-Restarts
HitType
Frame-Options
Powered
X-Cache-TTL-Remaining
X-Varnish-IP
X-BACKEND-TTL
X-Oneagent-Js-Injection
X-Real-IP
S-Cnection
Viewport
X-WA-Info
ViewerVersion
X-Wix-Request-Id
Content-Style-Type
Content-Script-Type
X-Yottaa-Optimizations
X-NewRelic-App-Data
X-Cache-Server
X-Yottaa-Metrics
X-Upgrade-Enabled
Datacenter
NtCoent-Length
X-Cache-Config
X-RemovedCookies
X-ProcessESI
Eomportal-Instance
X-Mode
X-TA-CDN-Provider
X-Esi
X-Endurance-Cache-Level
X-Varnish-Cache-Hits
X-Akamai-Transformed
Cache-Key
X-Cache-Var-Map
X-Cache-Var
X-Zipkin-Id
Cache-Hits
Machine
X-Is-Bot
Meta-Geo
X-Hl-Ver
X-ES-SERVER
X-Detected-As
X-Path-Route
X-RN-RSRV
X-Proxied
X-Device-Type
X-Proto
X-Routing-Service
Load-Balancing
Access-Control-Request-Headers
TWC-Connection-Speed
X-Backend-Name
X-AWS-Id
X-Cache-Enabled
Xserver
X-Format
OT-Force-Account-Verify
Property-Id
TWC-Device-Class
X-Access
TWC-Privacy
TWC-Locale-Group
TWC-GeoIP-LatLong
Vix-Hermes-Req-Id
We-Hiring
Webcakes-Region
Webcakes-App-Version
Webcakes-App-Name
TWC-GeoIP-Country
X-FW-Version
X-Hosted-By
X-Proxy
X-S
X-VG-TLSProxy
X-VWS-Id
X-Viewer-Country
X-Origin-Hint
X-Section
Mail-Subject
L5d-Success-Class
X-LJ-Flow-ID
X-Status
Now
Azure-InstanceId
Azure-RegionName
Azure-SiteName
Azure-SlotName
DB-Nickname
S-Rt
Azure-Version
X-Birta-Served
X-Time-Microsecs
X-Tb
X-TNCMS
X-Via-Fastly
X-From
Mn-Server-Ip
X-Loop
X-Labrador-Cache-Channel
X-EIG-Tracking-Id
X-Birta-Cache-Post
X-Environment-Context
X-FC-Vary-Parameters
X-L-Path
X-Akamai-Request-ID
X-Origin-Response-Time
X-Time
X-Web-Node
Selected-FE
X-Xfnlog-Site
Decoy-Debug-Status
X-Cache-NE
X-Timing-Wait
Decoy-Debug-Key
Cache-Tag
X-JoinUs
X-NCache
X-Debug-Cache
X-CCM
Decoy-Debug-TTL
X-Proxy-Build
X-ServerID
X-Trace-Id
X-IP
X-ProxyCache-Key
X-Human
X-Www-Served-By
Served-By
X-MP-GENERATED-AT
X-ProxyCache-Status
X-BYPASS-REASON
X-PCL
X-Internal-Host
X-Varnish-Cacheable
X-Tumblr-Pixel-3
Origin-Cache-Control
Origin-Edge-Control
X-OCL
X-Origin-Host
X-Via-CDN
X-Site-Version
X-Cache-Operation
X-GRACE
X-Grey
X-Cache-Category-Id
X-Generated
X-FB-TRIP-ID
Uber-Trace-Id
NGX
X-Rocket-Nginx-Bypass
X-Vgn-Hpd-Reason
AsisCache
User-Agent
LB
X-EdgeConnect-Cache-Status
X-VC-Cache
X-CDN-Cache
X-Dynatrace-Js-Agent
X-UA
X-NWS-LOG-UUID
X-R9-Blue-Green-Version
X-Rule
X-Sucuri-ID
Rt-Fastcgi-Cache
X-Cluster-Node
X-Newrelic-App-Data
Hostname
X-App-Name
X-RCS-CacheZone
Release
X-UnsetCookies
X-B3-Spanid
X-Cache-Remote
X-PERF
X-ApacheServer
X-TIME
Nel
X-Agile
X-Agile-Age
X-Agile-Id
X-Source
Pagespeed
X-APP-VERSION
X-Varnish-Ttl
Cache-Name
X-Edge-Location
X-Datadome
X-Ua
X-Nginx-Cache
X-Edge-IP
X-App-Version
X-Pubstack
X-CACHE-KEY
X-Request-Time
X-Ocache
X-Protected-By
Warning
X-OVcl
X-Origin
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Varnish-Beresp-Status
X-OVcl-Cache
X-Cdn-Forward
Fastcgi-Useragent
X-Varnish-Beresp-Grace
X-Hit
Www
X-A
Server-Surrogate-Control
MD5-Digest
Thinkindot-CacheControl
X-Destination
Thinkindot-Control
Thinkindot-CacheControl-Type
X-Developer
X-Developers
UCS
N-Cache
X-ElasticPress-Search
X-External-Request-Id
Origin
X-G
Request-EU
Request-Country
X-Gannett-Site-Version
X-DPWN-IS-SECURE
Meta-Geo-Continent
Server-Cache-Control
X-A-Ccd
Node
On-Server
Request-Time
Rendered-Blocks
X-Debug-Cache-Fetch
X-Core-Value
X-BB-ID
X-Cache-ASPX
Cross-Origin-Window-Policy
Ajk
X-Date
X-D
X-Connection-Hash
X-Cache-Expires
BehaviorPad-Version
Cache-Prefix
X-CF-Lambda-Fn
Arc-Country
X-Cache-Grace
X-CF-Lambda-Version
Ec-Rule-Version
X-B-Cookie
X-Generated-In
X-A-Dgt
X-A-Dcw
X-Debug-Cache-Store
X-Debug-Cookies
X-A-Dam
X-A-Wwc
Fly-Request-Id
X-Application
X-ARC
X-Aed
X-Debug-Cache-Expiry
Fly-Cache
X-Accel-Expires-Debug
X-Debug-Log
X-Matched-Rule
X-PAYTM-SRV-ID
X-Twitter-Response-Tags
X-Platform
X-Trv-Group
X-Transaction
X-Up
X-Var-Ttl
X-NodeID
X-NU-AKA-ACS-Version
X-NX-Host
X-Origin-CC
X-Processor
X-Thinkindot-L3
X-Rojux
X-Rewrite-Enabled
X-Request-UUID
X-Region-Sid
X-S-Cookie
X-ScT
X-SRCache-Key
X-Server-Group
X-Secret
SRV
X-Varnish-Authentication
X-Origin-TTL
X-Mobile-URL
X-IN-APIGATEWAY
X-IN-WAF
X-Logtrace-Id
Xc-Version
X-Instart-Isnd
X-VCT
X-Hp-Webp
X-Nginx-Cache-Key
X-VG-WebServer
Section-Io-Cache
X-Cache-Backend
X-Sucuri-Cache
X-Proxy-Upstream
True-Client-Country-4JS
X-Proxy-Cache-Status
X-Sedo-Request-Id
X-ServiceProvider
X-Sf
X-Info
Server-Int
X-Epic-Correlation-Id
X-Eu-Site
RNT-Time
X-Refresh
X-Request-URI
X-Reboot
X-Rebelmouse-Surrogate-Control
Proxy-Connection
X-RateLimit-Remaining-Second
RNT-Machine
X-F5-Cache
X-Qloud-Router
X-SIPLIST1
X-RateLimit-Limit-Second
X-Hash
Server-Host
X-Irp-Debug
X-Rebelmouse-Cache-Control
X-Origin-Expires
X-Cache-Miss-From
X-Cache-Info
X-Geo-Header
X-Cache-Id
X-CGP
X-Cms-Context
X-Webstats-RespID
X-Node-Id
X-Crawler
Pramga
X-Origin-Date
X-Page-Type
X-TT-LOGID
X-Distil-CS
X-Dispatcher-Server
X-No-Session
X-Swa-Ws
X-SN
X-Device-Os
X-Policy
X-Location
X-Cache-Debug
X-C
X-PHP-Host
X-LAGOON
X-Skip-Cache
Lfy
Fastly-Soc-X-Request-Id
Fastly-SIE
Apple-News-Services-Host
Apple-News-Services-Handled
AKAMAI
HA-Ipaddr
Ha-Gx-Prefs
Fastly-SWR
Fastly-Backend-Name
Apple-News-Services-Parsed-Url
Country-Code
Content-Disposition
CDCHOST
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
Apple-News-Services-Request-Url
Backend
Cache-Cookie-Set-From
IsBot
Heartbleed
Kp-EeAlive
Magicmarker
Memcached
X-Real-Ip
X-GZip
X-ShopId
X-Shopify-Stage
X-Core-Mission
X-CUA
Adler-Geo
X-Sorting-Hat-PodId
X-ShardId
X-Sorting-Hat-ShopId
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-Cache-Host
X-Servername
X-Varnish-Url
X-Variation
X-Thanos
X-WPE-Loopback-Upstream-Addr
X-Cdn-Srv
X-User
X-Distributor
X-Fetched-On
X-MSEdge-Features
X-Ah-Environment
X-LI-UUID
X-LI-Proto
X-MSEdge-Flight
X-Dc
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-Li-Pop
X-Li-Fabric
X-Server-IP
X-Generated-On
X-Gen-Mode
X-GeoIP-City
X-GeoIP-Country-Code
X-Cache-FS-Status
X-Level-Front-Cache
X-Hnp-Log
X-Fastly-Cache
X-Key
X-Amzn-Remapped-Connection
X-Amzn-Remapped-Content-Length
X-Amzn-Remapped-Date
X-Auto-Login
Fastly-SSL
Web-Mar-Node
X-Alternate-Cache-Key
User-Cache-Control
HTTPS
Is-Eu
Platform
Pagetype
X-BBXSRF
X-Block-Status
X-Bip
X-Backend-Host
Powered-By
X-Backend-State
X-Backend-Url
Pragrma
X-Micro-Cache
X-Amz-Meta-Cache-Control
X-Via-SSL
X-Cache-Bucket
X-Varnish-Beresp-Ttl
X-Server-Time
X-TrackingId
X-Gateway-Cache-Key
X-Gateway-Cache-Status
X-S-Maxage
X-Via-Edge
SD-X-WS
X-Gateway-Skip-Cache
X-FireWall-Port
X-Original-Request
X-Actual-URL
X-Server-By
X-Stale
X-Returned-From-PostProcessResponse
X-Svr
X-RateLimit-Reset
X-Nc
X-Returned-From-DLL
X-Returned-From-BeforeDispatch
X-Passed-To-BeforeDispatch
X-Passed-To-DLL
X-Passed-To-PostProcessResponse
X-Returned-From
X-Owner
X-Passed-To
X-Unique-ID
X-VServer
X-Croise-Owner
X-HS-Cache-Config
Server-ID
Host-ID
X-CDN-Forward
Cteonnt-Length
X-Microcachable
Viewtype
VivaBuild
X-Edge-Server
X-Aicache-OS
Cdn-Host
X-Pjax-Url
DSUID
FNAC-ModuleRouting
ServerName
Cdn-Request-Time
REQUESTUUID
X-Org
X-NC
X-Load-Cache
X-Parent-Response-Time
Gh-Request-Id
Mime-Version
X-V
X-Oss-Hash-Crc64ecma
X-Oss-Request-Id
X-Oss-Object-Type
X-FPC
SID
X-Oss-Storage-Class
X-Oss-Server-Time
V-Age
X-Apm-Svc-Key
Memory
X-Apm-App-Name
X-Sn-Servicetimems
X-Apm-Inst-Hash
X-Ua-Device
X-Gdpr
X-Cdn-Origin
X-CSRF-TOKEN
MIME-Version
Time
X-From-Cache
ProcessTime
X-Exp-Se
Rt-Proxy-Cache
X-ND-Cache
PICS-Label
X-Req
X-Geo
X-Servedbyhost
X-Served-From
Odigeo-Trace-Id
X-URL
X-HTML-Minification-Powered-By
X-Wa
X-Tb-Optimization-Total-Bytes-Saved
Resin-Trace
Public-Key-Pins-Report-Only
X-B3-Parentspanid
CF-IPCountry
X-Lb-Id
X-Fstrz
X-GEO
X-Optimization
X-Git-Hash
AR-SID
Cf-Ipcountry
X-Cache-HT
X-Newrelic-Synthetics
X-Response-By
Wxu-Next-Hostname
Wxu-Next-Commit
Wxu-Next-Region
Cdn
Cache
HostName
XServer
Fastcgi-X-Cache-Version
X-Webkit-Csp
GMS-Ver
X-DC
X-Varnish-Beresp-TTL
X-Atg-Version
Proxy-Firewall
X-Release
Processtime
X-WR-MODIFICATION
X-Fastly-Backend-Reqs
WZWS-RAY
X-Amz-Meta-Surrogate-Control
X-APP
X-TH-Server
X-Daa-Tunnel
X-WebServer
X-Ratelimit-Remaining
X-UE-Client-Country
X-Ratelimit-Limit
X-Phone
Countrycode
GW-Server
Mobile-Detection-Method
X-Vcl-Version
X-Clientip
X-LB-ID
X-We-Are-Hiring
X-CACHE-AGE
X-CLOUD-TRACE-CONTEXT
CF-Cached-On
X-Nananana
X-NGINX-Cache
SS
X-Hyper-Cache
X-Instart-Info
Ohc-File-Size
X-Host-Name
X-WA
X-HS-Status
Backend-Name
X-Fastly-Country-Code
X-Vcache
X-Check-Cacheable
Pics-Label
X-Worker
X-Upstream-CT
X-Zone
X-Ratelimit-Reset
X-PF-Uncompressing
X-Upstream-HT
FSS-Cache
FSS-Proxy
X-HS-Combine-CSS
Lb
X-Backend-TTL
X-ServedByHost
Geoip-Latitude
X-CSRF-Token
GeoIp-Country-Code
X-Server-W
Amp-Access-Control-Allow-Source-Origin
X-Be
DataCenter
225prxHost
189phosttRef
219prxHost
188prxHost
178proxuri
Geoip-City
286prxHost
352pxline
Xxline
X-IPS-LoggedIn
409pxxline
355prline
SN
URI
X-VHOST
Ohc-Cache-HIT
X-SERVER-NAME
X-Fpc
X-Dynatrace
X-GZIP
X-UCC
WP-Super-Cache
X-Render-Time
X-BE
Esi-Enabled
X-UPSTREAM-Address
X-Gen-Id
Version
X-Request-Start
X-B3-SpanId
Who
X-VCL-Version
X-Varnish-Action
CDN
X-CS
X-LiteSpeed-Cache-Control
X-NGENIX-Cache
X-Unique-Id
X-ID
X-Cache-URL
X-Html-Edge-Cache
X-Contensis-Viewer-Groups
X-AssetVersion
X-PJAX-URL
X-Cdn-Cache
X-HostName
Dynatrace
X-FORWARDED-FOR
GeoIP-Country-Code
X-GDPR
X-Via-Ucdn
GeoIP-Latitude
X-Pf-Uncompressing
GeoIP-City
RequestUuid
X-SRV
X-Fastly-Cache-Hits
Cneonction
Server-Id
X-ZONE
Serverid
X-Cache-Ttl
X-Servedby
X-NWS-UUID-VERIFY
X-Store
X-Akamai-Request-ID2
X-Via-NSCOPI
A
RequestId
Accept-Language
X-Request-Url
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
X-LiteSpeed-Tag
X-ServerName
Accept-Ch
X-Pc-Hit
X-Pc-Appver
X-Akamai-SSL-Client-Sid
X-Pc-Key
X-Requestid
X-RequestId
X-ABtesting
X-Flog
X-Hello
X-Reqid
Ohc-Response-Time
Is-Session-Tracking
X-Generation-Time
Get-Access-Time
X-Port
X-HTML-Edge-Cache
X-Dw-Trace-Id
X-Cdn-Request-ID
IBM-Web2-Location
X-Serial
Frontcache
NnCoection
X-EC-Lua