Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
X-Powered-By
Link
ETag
CF-RAY
X-XSS-Protection
Expect-CT
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
CF-Cache-Status
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Xss-Protection
X-AspNet-Version
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-FRAME-OPTIONS
X-Drupal-Cache
X-Adblock-Key
Alt-Svc
X-Check
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
X-Cache-Status
CF-Ray
X-Request-ID
X-Permitted-Cross-Domain-Policies
X-AspNetMvc-Version
X-DNS-Prefetch-Control
X-Template
X-Language
Status
X-Iinfo
Content-Encoding
Timing-Allow-Origin
X-Buckets
X-Content-Security-Policy
X-CDN
Upgrade
Xkey
X-Turbo-Charged-By
X-Kinja-Server-Push
Keep-Alive
Access-Control-Expose-Headers
P3p
X-Backend
X-Cache-Group
X-Pass-Why
X-AH-Environment
Access-Control-Max-Age
X-Drupal-Dynamic-Cache
X-Age
X-Ua-Compatible
X-Pingback
X-Server
X-Proxy-Cache
X-Via
Grace
X-Amz-Id-2
X-Amz-Request-Id
X-Hacker
X-Robots-Tag
X-Nginx-Cache-Status
X-Server-Powered-By
X-Varnish-Cache
WPE-Backend
X-Page-Speed
X-UA-Device
EagleId
Request-Context
X-Envoy-Upstream-Service-Time
Cf-Railgun
X-Amz-Version-Id
X-LiteSpeed-Cache
X-WebKit-CSP
X-Swift-CacheTime
X-Swift-SaveTime
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-OneAgent-JS-Injection
X-Device
Ali-Swift-Global-Savetime
Allow
Server-Timing
X-CST
X-Ac
X-Rq
X-Node
X-Host
Feature-Policy
Content-Location
X-Type
X-Server-Id
X-Cnection
X-Response-Time
Report-To
X-Backend-Server
X-Application-Context
Surrogate-Control
X-Cloud-Trace-Context
EagleEye-TraceId
X-Iejgwucgyu
X-ORACLE-DMS-ECID
X-Url
X-Readtime
X-Origin-Cache
X-Rack-Cache
Request-Id
X-Country
X-FTR-Request-ID
X-Clacks-Overhead
X-Cache-Lookup
X-Country-Code
Rating
NEL
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Instart-Request-ID
X-Dns-Prefetch-Control
X-Ruxit-JS-Agent
Pinterest-Generated-By
X-Vhost
X-Mod-Pagespeed
X-Upstream-Env
X-DynaTrace
X-Origin-Upstream-Status
X-Px
X-DataDome
Edge-Control
X-Goog-Hash
Verso
X-Server-Name
Accept-CH
X-Dispatcher
X-HW
X-ORACLE-DMS-RID
X-ESI
MS-Author-Via
X-GitHub-Request-Id
X-VARITI-CCR
X-DataStream-Cache-Status
PB-PID
PB-RID
X-Mobile-Rewrite
Arc-Version
X-MS-InvokeApp
AR-ATIME
AR-CACHE
AR-PoweredBy
Charset
X-Exp-Variant
X-GoogleNews-Bot
X-Kinja
X-Use-Magma
X-Cdn-Fetch
X-Kinja-Revision
X-Exp-Id
X-Kinja-Build
X-Kinja-Server
X-Cached
X-Version
Content-MD5
X-Powered-By-Plesk
X-Recruiting
Public-Key-Pins
Service-Worker-Allowed
Accept-CH-Lifetime
AR-Request-ID
X-D2id
X-Navigation-Version
X-Abt-Application-Version
RTSS
X-PC
X-TtlSet
X-Vname
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Ser
X-Server-ID
Ar-Sid
X-Varnish-TTL
X-Trace
X-TTL
X-Forwarded-Proto
X-Vcap-Request-Id
X-Amz-Server-Side-Encryption
SPRequestGuid
X-Client-IP
X-DynaTrace-JS-Agent
Nginx-Cache
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-Cache-Status
X-FTR-DC
X-FTR-Realm
X-FTR-Backend
X-Country-Code-Real
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Stored-Content-Length
X-SharePointHealthScore
X-FTR-Expires
X-Amz-Rid
X-VCache
X-Fastly-Request-ID
S
X-Amz-Meta-S3cmd-Attrs
X-Debug
Arr-Disable-Session-Affinity
X-XRDS-Location
TCN
X-Shield-Request-Id
X-Ttl
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Hits
X-Dw-Request-Base-Id
SPIisLatency
SPRequestDuration
DynaTrace
X-Pinterest-Rid
Pinterest-Version
X-Upstream-Proxy
X-Id
X-Oracle-Dms-Rid
X-Akam-SW-Version
Access-Control-Request-Method
X-T
X-SERVER
X-FTR-Cache-Host
X-Goog-Storage-Class
Front-End-Https
X-Powered-CMS
X-B3-TraceId
X-Aspnet-Version
X-NF-Request-ID
X-Acc-Meta-Resource-Type
X-Amzn-Trace-Id
Tracecode
X-MSEdge-Ref
Fastcgi-Cache
Realpath
X-N
X-Varnish-Age
Paypal-Debug-Id
X-Content-Type
X-Forwarded-For
Alternate-Protocol
X-Upstream
X-B3-TraceId-Primal
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
MRF-Tech
Mrf-Cache-Status
X-RateLimit-Remaining
X-Middleton-Display
Display
X-Sol
X-PressLabs-Stats
X-Logged-In
X-Frontend
X-HS-Content-Id
X-HS-Hub-Id
Response
X-Middleton-Response
X-Content-Digest
Fusion-Content-Id
Fusion-Content-Source
Fusion-Template-Id
Fusion-Source
Fusion-Component-Id
AMP-Access-Control-Allow-Source-Origin
X-Litespeed-Cache
X-Hostname
X-Accel-Buffering
X-Cache-Key
X-Srv
X-Pad
X-Accel-Expires
X-Kinsta-Cache
MicrosoftSharePointTeamServices
Server-Name
X-B3-Traceid
Host
X-FastCGI-Cache
X-User-Agent
X-Content-Options
X-Analytics
Backend-Timing
X-Correlation-Id
Refresh
X-LB-Cache
X-Revision
X-Debug-Info
X-Fastcgi-Cache
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
X-Rid
X-Amzn-RequestId
X-Az
X-Amz-Apigw-Id
X-AppVersion
X-Activity-Id
X-DIS-Request-ID
X-IPLB-Instance
Accept-Charset
X-B
FilterID
X-Cache-2
X-Cache-Hit
X-B3-Sampled
ServerID
X-CF-Powered-By
Surrogate-Key
Powered-By-ChinaCache
X-Grace
X-Page-Id
X-Whom
Server-Info
X-PHP-Backend
TP-Cache
TP-L2-Cache
X-Webkit-CSP
X-Request-Processing-Time
X-Request-Received
MS-CV
Host-Header
X-Varnish-Backend
X-Content-Security-Policy-Report-Only
X-Ruxit-Js-Agent
Source
X-TT
X-Amz-Replication-Status
X-Akamai-Edgescape
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Origin-Server
X-App-Environment
X-UA-Device-Type
X-Kong-Upstream-Latency
X-Cluster
X-Kong-Proxy-Latency
X-Cache-Action
Access-Control-Allow-Method
X-Framework
Cache-Status
X-GUploader-UploadID
X-Content-Powered-By
X-Tumblr-User
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Mobile
X-Platform-Server
X-Cached-By
X-FW-Static
X-Varnish-Grace
X-F-Cache
X-FW-Server
X-Drupal-Cache-Tags
X-FW-Serve
X-Instance
X-FW-Type
X-FW-Hash
X-Request-Guid
X-RateLimit-Limit
X-Ezoic-Cdn
X-Shard
X-SS-Set-Cookie
X-Zen-Fury
X-Geo-Country
X-Handled-By
X-FB-Debug
X-Magnolia-Registration
X-Forwarded-Host
PageSpeed
Edge-Cache-Tag
From-Origin
CACHE
X-ATG-Version
X-Cache-TTL
X-App-Server
X-Cache-Age
X-Node-Name
X-Varnish-Hostname
X-Varnish-Server
DC
Cleartype
Cache-Tags
X-AOL-HN
X-BCube-Filmed-By
X-Cache-Control
Payment
X-Wix-Server-Artifact-Id
X-Region
X-WebKit-CSP-Report-Only
X-RequestSource
X-Generated-By
Filters
X-Response-Served-From
Healthy
Upgrade-Insecure-Requests
X-GeoIP
X-Adobe-Content
X-TX-ID
X-Adobe-Loc
Webserver
Ms-Operation-Id
Cache-Tv-Group
X-UUID
Country
NGB
X-VG-WebCache
X-Storage
X-Redis-Cache
X-RTag
X-TT-TIMESTAMP
X-Signature
Retry-After
Actual-Object-TTL
X-Tumblr-Pixel-1
Server-Node
X-Drupal-Cache-Contexts
X-B-Cache
X-FW-Dynamic
X-Tumblr-Pixel-2
X-Jobs
X-XRDS-LOCATION
X-Varnish-Hits
X-Locale
GEO-INFO
X-Content-Age
X-Cacheable-TTL
ServedBy
X-Cache-Rule
Liferay-Portal
X-Seen-By
Fastly-Restarts
X-Esi
X-Contextid
X-Via-JSL
Powered
Frame-Options
X-Rendered-As
X-Oneagent-Js-Injection
HitType
X-Cache-TTL-Remaining
X-Varnish-IP
X-TA-CDN-Provider
X-BACKEND-TTL
S-Cnection
Viewport
X-Real-IP
X-Yottaa-Metrics
X-WA-Info
X-Yottaa-Optimizations
X-Guploader-Uploadid
X-GRACE
Content-Script-Type
Content-Style-Type
X-Upgrade-Enabled
X-Cache-Server
X-ProcessESI
X-RemovedCookies
Eomportal-Instance
ViewerVersion
X-Mode
X-Wix-Request-Id
Datacenter
X-Cache-NE
NtCoent-Length
Xserver
X-Cache-Config
X-Akamai-Transformed
X-Varnish-Cache-Hits
Machine
X-From
X-Hl-Ver
X-Is-Bot
Load-Balancing
Meta-Geo
X-Path-Route
X-Zipkin-Id
X-RN-RSRV
X-ES-SERVER
X-Proto
X-S
Cache-Key
X-Cache-Var-Map
X-Cache-Var
X-Device-Type
Cache-Hits
X-Routing-Service
X-Detected-As
X-Endurance-Cache-Level
Mn-Server-Ip
X-Proxied
X-Section
L5d-Success-Class
TWC-Connection-Speed
Access-Control-Request-Headers
TWC-Device-Class
TWC-GeoIP-LatLong
TWC-Locale-Group
Property-Id
OT-Force-Account-Verify
Mail-Subject
TWC-Privacy
TWC-GeoIP-Country
Webcakes-Region
X-Viewer-Country
X-Cache-Enabled
X-Hosted-By
X-L-Path
X-Environment-Context
X-LJ-Flow-ID
X-VG-TLSProxy
X-Origin-Hint
X-VWS-Id
X-Backend-Name
X-Access
X-FC-Vary-Parameters
Webcakes-App-Version
Vix-Hermes-Req-Id
We-Hiring
X-AWS-Id
X-Cdn
Webcakes-App-Name
X-Origin-Response-Time
X-Tb
Decoy-Debug-Key
X-FW-Version
X-Format
DB-Nickname
Azure-Version
X-Labrador-Cache-Channel
Decoy-Debug-Status
X-Loop
Now
X-Status
X-Debug-Cache
X-Birta-Served
X-Birta-Cache-Post
X-Akamai-Request-ID
X-ServerID
S-Rt
X-Time-Microsecs
X-EIG-Tracking-Id
X-Proxy
X-Via-CDN
Origin-Cache-Control
X-TNCMS
Origin-Edge-Control
X-Web-Node
Decoy-Debug-TTL
Azure-InstanceId
Azure-SlotName
Azure-RegionName
Azure-SiteName
X-Time
Cache-Tag
X-JoinUs
X-PCL
X-FB-TRIP-ID
X-ProxyCache-Status
Selected-FE
X-Human
X-CCM
X-BYPASS-REASON
X-OCL
X-Timing-Wait
X-Proxy-Build
X-ProxyCache-Key
X-IP
X-Tumblr-Pixel-3
NGX
X-Varnish-Cacheable
X-Via-Fastly
X-NCache
X-Xfnlog-Site
X-Trace-Id
X-Cache-Category-Id
X-Grey
X-MP-GENERATED-AT
X-Cache-Operation
X-Internal-Host
X-Site-Version
X-Generated
X-Newrelic-App-Data
X-Rocket-Nginx-Bypass
X-Vgn-Hpd-Reason
X-Www-Served-By
Served-By
Uber-Trace-Id
X-Dynatrace-Js-Agent
X-Origin-Host
X-VC-Cache
X-NewRelic-App-Data
X-R9-Blue-Green-Version
X-EdgeConnect-Cache-Status
X-Sucuri-ID
X-CDN-Cache
LB
X-NWS-LOG-UUID
X-Rule
X-RCS-CacheZone
AsisCache
X-UA
X-Cache-Remote
X-Cluster-Node
User-Agent
Release
X-TIME
Nel
X-UnsetCookies
Rt-Fastcgi-Cache
X-App-Name
X-B3-Spanid
X-ApacheServer
X-PERF
X-APP-VERSION
X-Agile-Id
X-Agile-Age
X-Agile
X-Datadome
Pagespeed
X-Ua
X-Nginx-Cache
X-Source
Hostname
X-Edge-Location
X-Request-Time
Cache-Name
X-Ocache
X-Edge-IP
X-Sucuri-Cache
X-Pubstack
X-OVcl
X-Goog-Meta-Goog-Reserved-File-Mtime
X-OVcl-Cache
X-Origin
X-App-Version
Warning
X-Hit
X-Protected-By
X-VCT
X-ElasticPress-Search
Fly-Cache
X-Aed
Fly-Request-Id
X-Accel-Expires-Debug
Ec-Rule-Version
Cache-Prefix
BehaviorPad-Version
Arc-Country
Cross-Origin-Window-Policy
X-B-Cookie
X-Application
X-ARC
MD5-Digest
N-Cache
X-A
X-A-Ccd
X-BB-ID
Server-Cache-Control
Server-Surrogate-Control
Www
Thinkindot-CacheControl-Type
Thinkindot-Control
Thinkindot-CacheControl
UCS
X-A-Dam
Request-Time
Rendered-Blocks
Origin
On-Server
Node
X-A-Wwc
Request-Country
X-A-Dcw
X-A-Dgt
Request-EU
Meta-Geo-Continent
X-Debug-Log
X-Region-Sid
X-Processor
X-Request-UUID
X-Rewrite-Enabled
X-Rojux
X-Platform
X-PAYTM-SRV-ID
X-NU-AKA-ACS-Version
X-NodeID
X-NX-Host
X-Origin-CC
X-Origin-TTL
X-S-Cookie
X-ScT
X-Var-Ttl
X-Up
X-Varnish-Authentication
X-VG-WebServer
Xc-Version
X-Twitter-Response-Tags
X-Trv-Group
X-Server-Group
X-Secret
X-SRCache-Key
X-Thinkindot-L3
X-Transaction
X-Mobile-URL
X-Matched-Rule
X-Debug-Cache-Fetch
X-Debug-Cache-Expiry
X-Debug-Cache-Store
X-Debug-Cookies
Ajk
X-Date
X-D
X-CF-Lambda-Fn
X-Cache-Grace
X-CF-Lambda-Version
X-Connection-Hash
X-Core-Value
X-Destination
X-Developer
X-IN-APIGATEWAY
X-Hp-Webp
X-IN-WAF
X-Instart-Isnd
X-Logtrace-Id
X-Generated-In
X-Gannett-Site-Version
X-Developers
X-DPWN-IS-SECURE
X-External-Request-Id
X-G
X-Cache-Expires
X-Cache-ASPX
X-Varnish-Beresp-Grace
X-Varnish-Ttl
X-Cache-Backend
X-Varnish-Beresp-Status
X-Device-Os
X-Eu-Site
X-Epic-Correlation-Id
X-Distributor
X-F5-Cache
X-Dispatcher-Server
X-Distil-CS
X-Hnp-Log
X-LAGOON
X-Li-Fabric
X-Key
X-Irp-Debug
X-Geo-Header
X-Info
X-Gen-Mode
X-CGP
X-Amzn-Remapped-Date
X-Ah-Environment
X-Block-Status
X-Amzn-Remapped-Connection
Web-Mar-Node
True-Client-Country-4JS
User-Cache-Control
X-C
X-Cache-Debug
X-Li-Pop
X-Cms-Context
X-Cache-Miss-From
X-Cache-Info
X-Cache-Host
X-Cache-Id
X-Crawler
X-LI-Proto
X-Sedo-Request-Id
X-Servername
X-ServiceProvider
X-Request-URI
X-Refresh
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-Reboot
X-Sf
X-SIPLIST1
X-Via-Edge
X-Via-SSL
X-Webstats-RespID
X-Varnish-Url
X-TT-LOGID
X-SN
X-Swa-Ws
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Node-Id
AKAMAI
X-Origin-Date
X-No-Session
X-Nginx-Cache-Key
X-LI-UUID
X-Location
X-Origin-Expires
X-Real-Ip
X-Proxy-Cache-Status
X-Proxy-Upstream
X-Qloud-Router
X-Policy
X-PHP-Host
X-Page-Type
X-Cdn-Forward
SRV
X-Hash
Backend
RNT-Time
Ha-Gx-Prefs
Fastly-SWR
Server-Host
Content-Disposition
RNT-Machine
CDCHOST
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
Pramga
Cache-Cookie-Set-From
HA-Ipaddr
Heartbleed
Country-Code
Pagetype
Apple-News-Services-Request-Url
Server-Int
Fastly-Backend-Name
Memcached
Fastly-Soc-X-Request-Id
Magicmarker
Lfy
Kp-EeAlive
Apple-News-Services-Handled
Fastly-SIE
Apple-News-Services-Host
IsBot
Apple-News-Services-Parsed-Url
X-FireWall-Port
Fastly-SSL
X-Gateway-Skip-Cache
X-Gateway-Cache-Status
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
Proxy-Connection
X-Cdn-Srv
X-MSEdge-Features
X-S-Maxage
X-Fastly-Cache
X-Fetched-On
X-Cache-FS-Status
X-Core-Mission
X-MSEdge-Flight
Platform
X-Gateway-Cache-Key
HTTPS
X-GeoIP-City
X-GeoIP-Country-Code
X-Thanos
X-Alternate-Cache-Key
X-Amzn-Remapped-Content-Length
X-Amz-Meta-Cache-Control
SD-X-WS
Adler-Geo
X-Wikidot-Static-Cache
X-Level-Front-Cache
X-Wikidot-Backend
X-Variation
X-User
Is-Eu
X-Generated-On
X-Skip-Cache
X-Planisys-CDN-TTL
X-Bip
X-Shopify-Stage
X-Cache-Bucket
X-Sorting-Hat-PodId
X-ShardId
X-Sorting-Hat-ShopId
X-Auto-Login
X-Backend-Host
X-Backend-State
X-Backend-Url
X-ShopId
X-WPE-Loopback-Upstream-Addr
X-Varnish-Beresp-Ttl
X-GZip
X-CACHE-KEY
Section-Io-Cache
X-RateLimit-Reset
Powered-By
X-Server-Time
X-TrackingId
X-Micro-Cache
X-CUA
X-BBXSRF
X-Server-IP
X-Owner
Fastcgi-Useragent
DSUID
Cteonnt-Length
Server-ID
FNAC-ModuleRouting
Pragrma
X-CDN-Forward
X-Returned-From-DLL
X-Returned-From-BeforeDispatch
Gh-Request-Id
ServerName
X-Passed-To-PostProcessResponse
X-Stale
X-Org
X-Returned-From
X-Server-By
X-Passed-To
X-Passed-To-BeforeDispatch
X-Passed-To-DLL
X-Returned-From-PostProcessResponse
X-Svr
X-Original-Request
X-Actual-URL
X-Load-Cache
X-Nc
X-Dc
X-NC
Host-ID
AR-SID
VivaBuild
X-Parent-Response-Time
X-Croise-Owner
X-VServer
X-Aicache-OS
X-HS-Cache-Config
Viewtype
REQUESTUUID
X-Unique-ID
MIME-Version
X-Apm-Svc-Key
X-Edge-Server
X-Cdn-Origin
X-Pjax-Url
V-Age
X-Sn-Servicetimems
X-FPC
Cdn-Host
X-Apm-App-Name
X-Apm-Inst-Hash
Cdn-Request-Time
X-Microcachable
X-Geo
X-Exp-Se
Rt-Proxy-Cache
X-Gdpr
X-CSRF-TOKEN
X-Ua-Device
X-ND-Cache
X-Served-From
PICS-Label
X-Oss-Server-Time
X-Oss-Request-Id
X-Oss-Hash-Crc64ecma
SID
X-Oss-Storage-Class
X-Oss-Object-Type
Mime-Version
HostName
ProcessTime
X-V
Time
X-Servedbyhost
X-Wa
Memory
X-B3-Parentspanid
X-DC
X-Req
Cache
X-From-Cache
CF-IPCountry
X-Tb-Optimization-Total-Bytes-Saved
Wxu-Next-Hostname
Resin-Trace
Wxu-Next-Commit
Odigeo-Trace-Id
Wxu-Next-Region
X-Cache-HT
X-Newrelic-Synthetics
X-Optimization
X-Git-Hash
X-HTML-Minification-Powered-By
Cf-Ipcountry
X-Lb-Id
X-Fstrz
X-Release
Cdn
Public-Key-Pins-Report-Only
X-Response-By
X-Atg-Version
X-Varnish-Beresp-TTL
X-WebServer
X-TH-Server
GMS-Ver
XServer
Proxy-Firewall
X-GEO
X-WR-MODIFICATION
Processtime
X-Fastly-Backend-Reqs
X-Phone
Fastcgi-X-Cache-Version
X-LB-ID
X-Host-Name
X-Ratelimit-Remaining
WZWS-RAY
X-Ratelimit-Limit
X-Instart-Info
CF-Cached-On
X-APP
X-Vcl-Version
X-Daa-Tunnel
X-CACHE-AGE
X-CLOUD-TRACE-CONTEXT
X-Amz-Meta-Surrogate-Control
Backend-Name
X-Upstream-CT
X-Upstream-HT
X-Check-Cacheable
GW-Server
X-We-Are-Hiring
Mobile-Detection-Method
X-Nananana
X-NGINX-Cache
Countrycode
X-Worker
X-Clientip
X-UE-Client-Country
X-Vcache
X-WA
X-HS-Status
SN
SS
X-URL
352pxline
286prxHost
Xxline
355prline
409pxxline
188prxHost
X-ID
X-Server-W
225prxHost
X-Zone
189phosttRef
X-Ratelimit-Reset
X-Hyper-Cache
219prxHost
X-Fastly-Country-Code
178proxuri
Ohc-File-Size
Lb
X-CSRF-Token
Pics-Label
X-Backend-TTL
X-ServedByHost
X-IPS-LoggedIn
DataCenter
Version
X-B3-SpanId
X-FORWARDED-FOR
X-UPSTREAM-Address
X-HS-Combine-CSS
FSS-Cache
FSS-Proxy
X-PF-Uncompressing
Geoip-Latitude
GeoIp-Country-Code
X-SERVER-NAME
X-SRV
X-Dynatrace
X-GZIP
URI
X-VCL-Version
Geoip-City
X-Render-Time
X-Request-Start
X-BE
Esi-Enabled
X-CS
X-AssetVersion
X-Contensis-Viewer-Groups
GeoIP-City
GeoIP-Latitude
GeoIP-Country-Code
X-Cache-Ttl
X-LiteSpeed-Cache-Control
WP-Super-Cache
Ohc-Cache-HIT
X-Be
X-Fpc
X-PJAX-URL
CDN
X-Unique-Id
X-UCC
X-Gen-Id
X-Cdn-Cache
X-Akamai-Request-ID2
X-ZONE
X-Via-Ucdn
X-GDPR
Amp-Access-Control-Allow-Source-Origin
X-HostName
Accept-Language
Dynatrace
X-Vtex-Processado-Em
X-RequestId
X-Vtex-Remote-Cache
X-Html-Edge-Cache
Who
X-NWS-UUID-VERIFY
RequestUuid
X-Pf-Uncompressing
X-Fastly-Cache-Hits
Cneonction
X-Varnish-Action
Serverid
Locale
X-Request-Url
A
X-LiteSpeed-Tag
X-ABtesting
X-Reqid
X-Urbn-Context-Path
X-Urbn-Site-Id
Accept-Ch
X-Hello
Server-Id
X-Via-NSCOPI
X-Store
X-Cache-URL
X-Flog
X-NGENIX-Cache
X-Akamai-SSL-Client-Sid
X-ServerName
Get-Access-Time
X-Port
X-Dw-Trace-Id
X-HTML-Edge-Cache
X-Cdn-Request-ID
Is-Session-Tracking
Frontcache
X-Serial
Ohc-Response-Time
NnCoection
X-EC-Lua