Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
X-Powered-By
Link
ETag
CF-RAY
X-XSS-Protection
Expect-CT
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
X-Xss-Protection
CF-Cache-Status
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-AspNet-Version
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
Alt-Svc
X-Check
X-Cacheable
X-Request-ID
Content-Security-Policy-Report-Only
X-Generator
X-Cache-Status
CF-Ray
X-Permitted-Cross-Domain-Policies
X-AspNetMvc-Version
X-DNS-Prefetch-Control
X-Template
X-Language
Status
X-Iinfo
Content-Encoding
X-FRAME-OPTIONS
Timing-Allow-Origin
X-Buckets
X-Content-Security-Policy
X-CDN
Upgrade
Xkey
X-Turbo-Charged-By
X-Kinja-Server-Push
Keep-Alive
Access-Control-Expose-Headers
P3p
X-Backend
X-Cache-Group
X-Pass-Why
X-AH-Environment
Access-Control-Max-Age
X-Drupal-Dynamic-Cache
X-Age
X-Ua-Compatible
X-Pingback
X-Server
X-Proxy-Cache
X-Via
Grace
X-Amz-Id-2
X-Amz-Request-Id
X-Hacker
X-Robots-Tag
X-Nginx-Cache-Status
X-Server-Powered-By
X-Varnish-Cache
WPE-Backend
X-Page-Speed
X-UA-Device
EagleId
Request-Context
X-Envoy-Upstream-Service-Time
Cf-Railgun
X-Amz-Version-Id
X-LiteSpeed-Cache
X-WebKit-CSP
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Swift-SaveTime
X-Swift-CacheTime
X-OneAgent-JS-Injection
X-Device
Ali-Swift-Global-Savetime
Allow
Server-Timing
X-CST
X-Ac
X-Rq
X-Node
X-Host
Feature-Policy
Content-Location
X-Type
X-Server-Id
X-Cnection
X-Response-Time
Report-To
X-Backend-Server
X-Application-Context
Surrogate-Control
X-Cloud-Trace-Context
EagleEye-TraceId
X-Iejgwucgyu
X-ORACLE-DMS-ECID
X-Url
X-Readtime
X-Origin-Cache
Request-Id
X-Rack-Cache
X-Dns-Prefetch-Control
X-Country
X-FTR-Request-ID
X-Clacks-Overhead
X-Cache-Lookup
X-Country-Code
Rating
NEL
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Instart-Request-ID
X-Ruxit-JS-Agent
Pinterest-Generated-By
X-Vhost
X-Mod-Pagespeed
X-Upstream-Env
X-DynaTrace
X-Origin-Upstream-Status
X-Px
X-DataDome
Edge-Control
X-Goog-Hash
Verso
X-Server-Name
Accept-CH
X-Dispatcher
X-HW
X-ORACLE-DMS-RID
X-ESI
MS-Author-Via
X-VARITI-CCR
X-GitHub-Request-Id
X-DataStream-Cache-Status
X-MS-InvokeApp
AR-CACHE
AR-PoweredBy
AR-ATIME
Arc-Version
Charset
PB-PID
X-Mobile-Rewrite
PB-RID
X-Cdn-Fetch
X-Kinja-Revision
X-Kinja-Server
X-GoogleNews-Bot
X-Exp-Variant
X-Kinja
X-Use-Magma
X-Exp-Id
X-Kinja-Build
X-Cached
X-Version
Content-MD5
X-Powered-By-Plesk
X-Recruiting
Public-Key-Pins
Service-Worker-Allowed
Accept-CH-Lifetime
AR-Request-ID
X-D2id
X-Navigation-Version
X-Abt-Application-Version
RTSS
X-Vname
X-TtlSet
X-PC
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Ser
X-Server-ID
Ar-Sid
X-Varnish-TTL
X-Trace
X-TTL
X-Forwarded-Proto
X-Amz-Server-Side-Encryption
SPRequestGuid
X-Vcap-Request-Id
X-Client-IP
X-DynaTrace-JS-Agent
Nginx-Cache
X-FTR-Balancer
X-FTR-Cache-Status
X-FTR-DC
X-FTR-Backend-Server
X-FTR-Backend
X-FTR-Realm
X-Country-Code-Real
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Amz-Rid
X-SharePointHealthScore
X-FTR-Expires
X-VCache
X-Fastly-Request-ID
S
X-Amz-Meta-S3cmd-Attrs
Arr-Disable-Session-Affinity
X-XRDS-Location
X-Debug
X-Shield-Request-Id
TCN
X-Ttl
X-Dw-Request-Base-Id
X-Hits
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
SPIisLatency
SPRequestDuration
DynaTrace
X-Upstream-Proxy
Pinterest-Version
X-Pinterest-Rid
X-Id
X-Oracle-Dms-Rid
X-Akam-SW-Version
Access-Control-Request-Method
X-T
X-SERVER
X-FTR-Cache-Host
X-Goog-Storage-Class
Front-End-Https
X-Powered-CMS
X-B3-TraceId
X-Aspnet-Version
X-NF-Request-ID
X-Acc-Meta-Resource-Type
X-Amzn-Trace-Id
Tracecode
X-MSEdge-Ref
Realpath
Fastcgi-Cache
X-N
X-Varnish-Age
Paypal-Debug-Id
X-Content-Type
X-Forwarded-For
Alternate-Protocol
X-Upstream
X-B3-TraceId-Primal
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
MRF-Tech
Mrf-Cache-Status
X-RateLimit-Remaining
X-Middleton-Display
Display
X-Sol
X-PressLabs-Stats
X-Logged-In
X-Frontend
X-HS-Content-Id
X-HS-Hub-Id
Response
X-Middleton-Response
X-Content-Digest
Fusion-Content-Id
Fusion-Content-Source
Fusion-Template-Id
Fusion-Source
Fusion-Component-Id
AMP-Access-Control-Allow-Source-Origin
X-Litespeed-Cache
X-Hostname
X-Accel-Buffering
X-Cache-Key
X-Srv
X-Pad
X-Accel-Expires
X-Kinsta-Cache
Server-Name
MicrosoftSharePointTeamServices
X-B3-Traceid
X-FastCGI-Cache
X-User-Agent
X-Content-Options
Host
X-Analytics
Backend-Timing
X-Correlation-Id
X-Debug-Info
X-Revision
Refresh
X-Fastcgi-Cache
X-Amzn-RequestId
X-Activity-Id
X-LB-Cache
X-DataStream-Origin-MEX-Latency
X-IPLB-Instance
X-Az
X-Amz-Apigw-Id
X-AppVersion
X-Rid
X-DIS-Request-ID
X-DataStream-MidMile-RTT
Accept-Charset
X-B
FilterID
X-Cache-2
X-B3-Sampled
X-Cache-Hit
ServerID
Powered-By-ChinaCache
X-CF-Powered-By
Surrogate-Key
X-Grace
X-Page-Id
X-Whom
X-PHP-Backend
Server-Info
TP-Cache
TP-L2-Cache
X-Webkit-CSP
X-Request-Processing-Time
Host-Header
MS-CV
X-Request-Received
X-Ruxit-Js-Agent
X-Content-Security-Policy-Report-Only
X-Varnish-Backend
VIX-Pulpo-Node
X-Amz-Replication-Status
X-TT
X-Akamai-Edgescape
VIX-Pulpo-Upstream-Status
X-Origin-Server
Source
X-Cache-Action
X-Cluster
X-Framework
X-Kong-Upstream-Latency
X-UA-Device-Type
X-Kong-Proxy-Latency
X-Tumblr-User
X-Content-Powered-By
X-Tumblr-Pixel-0
X-Tumblr-Pixel
Access-Control-Allow-Method
X-Mobile
X-GUploader-UploadID
X-Platform-Server
Cache-Status
X-Cached-By
X-F-Cache
X-App-Environment
X-Request-Guid
X-FW-Type
X-Drupal-Cache-Tags
X-Instance
X-FW-Serve
X-FW-Hash
X-FW-Static
X-RateLimit-Limit
X-FW-Server
X-Varnish-Grace
X-Shard
X-Ezoic-Cdn
X-Handled-By
X-Zen-Fury
X-SS-Set-Cookie
X-Geo-Country
X-FB-Debug
X-Magnolia-Registration
X-Forwarded-Host
PageSpeed
Edge-Cache-Tag
From-Origin
CACHE
X-Cache-TTL
X-ATG-Version
X-Node-Name
X-App-Server
X-Cache-Age
X-Varnish-Hostname
X-Varnish-Server
DC
Cleartype
Cache-Tags
X-AOL-HN
X-BCube-Filmed-By
X-Cache-Control
Payment
X-Region
X-Wix-Server-Artifact-Id
Filters
Healthy
X-Generated-By
Upgrade-Insecure-Requests
X-Response-Served-From
X-WebKit-CSP-Report-Only
X-TX-ID
X-Adobe-Loc
X-Adobe-Content
Country
NGB
Ms-Operation-Id
Webserver
Cache-Tv-Group
X-VG-WebCache
X-RequestSource
X-RTag
X-Redis-Cache
X-TT-TIMESTAMP
X-Storage
X-UUID
X-GeoIP
Retry-After
Actual-Object-TTL
X-Drupal-Cache-Contexts
X-Tumblr-Pixel-1
X-Signature
X-FW-Dynamic
X-Tumblr-Pixel-2
X-B-Cache
Server-Node
X-Varnish-Hits
X-Locale
X-XRDS-LOCATION
X-Cacheable-TTL
X-Jobs
X-Content-Age
GEO-INFO
ServedBy
X-Cache-Rule
X-Seen-By
Liferay-Portal
Fastly-Restarts
X-Esi
X-Contextid
X-Via-JSL
Powered
Frame-Options
X-Rendered-As
X-Oneagent-Js-Injection
HitType
X-Cache-TTL-Remaining
X-Varnish-IP
X-TA-CDN-Provider
X-BACKEND-TTL
S-Cnection
X-Yottaa-Optimizations
Viewport
X-Real-IP
X-Yottaa-Metrics
X-WA-Info
X-Guploader-Uploadid
Content-Script-Type
X-GRACE
Content-Style-Type
X-Cache-Server
X-Upgrade-Enabled
Eomportal-Instance
X-RemovedCookies
X-ProcessESI
ViewerVersion
X-Wix-Request-Id
X-Mode
Datacenter
X-Cache-Config
NtCoent-Length
X-Cache-NE
X-Varnish-Cache-Hits
X-Akamai-Transformed
Mn-Server-Ip
X-Path-Route
X-From
X-Is-Bot
Cache-Key
X-Hl-Ver
Cache-Hits
X-ES-SERVER
X-Zipkin-Id
Machine
X-Endurance-Cache-Level
X-S
X-RN-RSRV
Load-Balancing
X-Routing-Service
X-Cache-Var-Map
X-Cache-Var
X-Proto
X-Proxied
Meta-Geo
X-Detected-As
X-Device-Type
X-Hosted-By
Mail-Subject
X-VG-TLSProxy
X-Cache-Enabled
X-Backend-Name
OT-Force-Account-Verify
X-AWS-Id
X-L-Path
We-Hiring
Access-Control-Request-Headers
X-Cdn
X-Section
L5d-Success-Class
X-FC-Vary-Parameters
X-LJ-Flow-ID
X-Environment-Context
X-VWS-Id
X-Viewer-Country
Vix-Hermes-Req-Id
X-Access
Decoy-Debug-Status
Property-Id
Azure-Version
DB-Nickname
Now
Origin-Cache-Control
Decoy-Debug-Key
Origin-Edge-Control
Webcakes-Region
X-Web-Node
Azure-SlotName
X-Proxy
X-EIG-Tracking-Id
X-TNCMS
X-Via-CDN
X-Tb
X-Origin-Response-Time
X-FW-Version
X-Format
X-Labrador-Cache-Channel
X-Loop
X-Origin-Hint
X-Time-Microsecs
X-Debug-Cache
TWC-Locale-Group
TWC-Privacy
TWC-GeoIP-LatLong
TWC-GeoIP-Country
TWC-Connection-Speed
TWC-Device-Class
Webcakes-App-Name
Webcakes-App-Version
X-Birta-Served
X-Status
X-Birta-Cache-Post
X-ServerID
X-Akamai-Request-ID
S-Rt
Decoy-Debug-TTL
Azure-SiteName
X-Time
Xserver
Azure-RegionName
Azure-InstanceId
X-ProxyCache-Status
X-ProxyCache-Key
X-BYPASS-REASON
X-Timing-Wait
X-PCL
X-OCL
X-JoinUs
Selected-FE
X-Trace-Id
X-IP
X-Proxy-Build
X-Varnish-Cacheable
X-NCache
NGX
X-CCM
X-Human
X-Xfnlog-Site
X-Tumblr-Pixel-3
X-Via-Fastly
Cache-Tag
X-Cache-Category-Id
X-Grey
X-Generated
X-Internal-Host
X-Newrelic-App-Data
X-Cache-Operation
X-MP-GENERATED-AT
X-Www-Served-By
X-Site-Version
X-Rocket-Nginx-Bypass
X-Vgn-Hpd-Reason
Uber-Trace-Id
X-FB-TRIP-ID
X-Dynatrace-Js-Agent
X-VC-Cache
X-NewRelic-App-Data
X-Origin-Host
Served-By
X-R9-Blue-Green-Version
X-Sucuri-ID
X-EdgeConnect-Cache-Status
X-NWS-LOG-UUID
X-CDN-Cache
LB
X-RCS-CacheZone
X-Rule
AsisCache
X-UA
X-Cache-Remote
User-Agent
X-Cluster-Node
Release
Rt-Fastcgi-Cache
X-TIME
X-UnsetCookies
Nel
X-App-Name
X-B3-Spanid
X-PERF
X-ApacheServer
X-APP-VERSION
X-Agile
Pagespeed
X-Agile-Age
X-Datadome
X-Agile-Id
X-Nginx-Cache
X-Source
X-Ua
Hostname
Cache-Name
X-Edge-Location
X-Request-Time
X-Ocache
X-Edge-IP
X-Sucuri-Cache
X-Pubstack
X-Goog-Meta-Goog-Reserved-File-Mtime
X-OVcl-Cache
X-Origin
X-OVcl
X-Hit
X-App-Version
Warning
X-VCT
X-Protected-By
X-ElasticPress-Search
X-Application
Www
X-Accel-Expires-Debug
X-ARC
X-A-Dam
X-Aed
X-VG-WebServer
X-A-Dgt
X-A-Dcw
X-A-Wwc
X-A-Ccd
Xc-Version
X-A
Request-Country
Fly-Request-Id
MD5-Digest
Meta-Geo-Continent
N-Cache
Fly-Cache
Ec-Rule-Version
Arc-Country
BehaviorPad-Version
Cache-Prefix
Cross-Origin-Window-Policy
Node
On-Server
Server-Surrogate-Control
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
Thinkindot-Control
Server-Cache-Control
Request-Time
Origin
Rendered-Blocks
X-Varnish-Authentication
Request-EU
UCS
X-Connection-Hash
X-Processor
X-G
X-Gannett-Site-Version
X-Platform
X-PAYTM-SRV-ID
X-External-Request-Id
X-DPWN-IS-SECURE
X-Destination
X-Request-UUID
X-Region-Sid
X-Developer
X-Developers
X-Generated-In
X-Hp-Webp
X-NodeID
X-Mobile-URL
X-NU-AKA-ACS-Version
X-NX-Host
X-Origin-CC
X-Matched-Rule
X-Logtrace-Id
X-Origin-TTL
X-IN-APIGATEWAY
X-IN-WAF
X-Instart-Isnd
X-Debug-Log
Ajk
X-CF-Lambda-Fn
X-Cache-Grace
X-CF-Lambda-Version
X-Thinkindot-L3
X-SRCache-Key
X-Transaction
X-Cache-Expires
X-Up
X-Twitter-Response-Tags
X-BB-ID
X-Trv-Group
X-Server-Group
X-Secret
X-Debug-Cache-Fetch
X-Rojux
X-Rewrite-Enabled
X-Debug-Cache-Store
X-Debug-Cookies
X-Debug-Cache-Expiry
X-S-Cookie
X-Core-Value
X-D
X-ScT
X-Date
X-B-Cookie
X-Cache-ASPX
X-Varnish-Ttl
X-Cache-Backend
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-Hash
X-Hnp-Log
Server-Int
SRV
True-Client-Country-4JS
Web-Mar-Node
X-Gen-Mode
User-Cache-Control
X-Sf
X-Geo-Header
X-ServiceProvider
Proxy-Connection
X-LAGOON
Pramga
X-Li-Fabric
X-Li-Pop
X-Key
X-CGP
X-Servername
RNT-Time
RNT-Machine
X-Info
Server-Host
X-SN
X-C
X-Cache-Debug
X-Block-Status
X-Swa-Ws
X-Varnish-Url
X-Var-Ttl
X-Cache-Host
X-Cms-Context
X-TT-LOGID
X-Cache-Miss-From
X-Cache-Info
X-Cache-Id
X-Device-Os
X-Via-Edge
X-Amzn-Remapped-Connection
X-Amzn-Remapped-Date
X-Via-SSL
X-F5-Cache
X-LI-Proto
X-Ah-Environment
X-Eu-Site
X-Dispatcher-Server
X-Distil-CS
X-Distributor
X-Epic-Correlation-Id
X-SIPLIST1
X-Irp-Debug
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
Pagetype
X-Reboot
X-Policy
Cache-Cookie-Set-From
X-PHP-Host
Backend
Ha-Gx-Prefs
X-Sedo-Request-Id
X-Refresh
CDCHOST
X-Rebelmouse-Surrogate-Control
X-Proxy-Upstream
Fastly-Backend-Name
X-Qloud-Router
X-RateLimit-Limit-Second
Content-Disposition
X-RateLimit-Remaining-Second
Fastly-SIE
X-Rebelmouse-Cache-Control
Fastly-SWR
X-Proxy-Cache-Status
Fastly-Soc-X-Request-Id
Country-Code
HA-Ipaddr
X-Node-Id
X-No-Session
Apple-News-Services-Parsed-Url
X-Real-Ip
Memcached
X-Nginx-Cache-Key
Apple-News-Services-Host
X-LI-UUID
X-Location
AKAMAI
Apple-News-Services-Handled
X-Origin-Date
Magicmarker
X-Request-URI
X-Cdn-Forward
X-Page-Type
Heartbleed
X-Origin-Expires
Lfy
Apple-News-Services-Request-Url
Kp-EeAlive
IsBot
X-FireWall-Port
X-TrackingId
X-Thanos
X-Crawler
X-Core-Mission
X-Planisys-CDN-Rules
X-GeoIP-Country-Code
X-GeoIP-City
X-Generated-On
X-ShardId
Adler-Geo
X-Server-IP
X-Level-Front-Cache
X-MSEdge-Features
X-MSEdge-Flight
X-Gateway-Skip-Cache
X-Gateway-Cache-Status
X-Fetched-On
X-Skip-Cache
X-Fastly-Cache
X-Sorting-Hat-PodId
X-Planisys-CDN-TTL
X-Shopify-Stage
X-Gateway-Cache-Key
X-ShopId
X-Planisys-CDN-Cache
X-Sorting-Hat-ShopId
X-Cdn-Srv
X-Backend-State
X-Backend-Host
X-Backend-Url
X-Webstats-RespID
X-Bip
Platform
X-Auto-Login
X-Amzn-Remapped-Content-Length
X-Wikidot-Static-Cache
X-Wikidot-Backend
SD-X-WS
X-Alternate-Cache-Key
X-Amz-Meta-Cache-Control
Is-Eu
X-BBXSRF
X-Cache-FS-Status
X-User
X-Variation
Fastly-SSL
HTTPS
X-S-Maxage
X-Cache-Bucket
Section-Io-Cache
X-CACHE-KEY
X-WPE-Loopback-Upstream-Addr
X-Varnish-Beresp-Ttl
X-GZip
X-RateLimit-Reset
X-Micro-Cache
X-Server-Time
X-Owner
X-CUA
Powered-By
Fastcgi-Useragent
DSUID
FNAC-ModuleRouting
Server-ID
Pragrma
Cteonnt-Length
ServerName
X-CDN-Forward
X-Returned-From-BeforeDispatch
Gh-Request-Id
X-Svr
X-Returned-From-DLL
X-Stale
X-Returned-From
X-Org
X-Passed-To-DLL
X-Passed-To-PostProcessResponse
X-Passed-To-BeforeDispatch
X-Passed-To
X-Original-Request
X-Actual-URL
X-Server-By
X-Returned-From-PostProcessResponse
X-Nc
X-NC
X-Load-Cache
X-Dc
X-Croise-Owner
X-Aicache-OS
X-VServer
Host-ID
Viewtype
VivaBuild
X-HS-Cache-Config
AR-SID
X-Parent-Response-Time
REQUESTUUID
MIME-Version
X-Unique-ID
X-Cdn-Origin
Cdn-Request-Time
Cdn-Host
X-Pjax-Url
X-Apm-Svc-Key
X-Edge-Server
X-FPC
X-Sn-Servicetimems
V-Age
X-Apm-App-Name
X-Apm-Inst-Hash
X-Microcachable
X-Gdpr
X-CSRF-TOKEN
X-Geo
X-Ua-Device
Rt-Proxy-Cache
X-ND-Cache
X-Exp-Se
X-Served-From
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Oss-Storage-Class
SID
PICS-Label
X-Oss-Request-Id
X-Oss-Server-Time
Mime-Version
HostName
ProcessTime
X-V
X-Wa
X-Servedbyhost
Memory
Time
X-B3-Parentspanid
Cache
X-DC
X-Req
X-From-Cache
CF-IPCountry
Odigeo-Trace-Id
Resin-Trace
X-Tb-Optimization-Total-Bytes-Saved
X-Git-Hash
X-Cache-HT
X-Optimization
X-Newrelic-Synthetics
Wxu-Next-Commit
Wxu-Next-Region
Wxu-Next-Hostname
X-HTML-Minification-Powered-By
Cf-Ipcountry
X-Lb-Id
XServer
X-Fstrz
Public-Key-Pins-Report-Only
X-Response-By
Cdn
X-Release
X-Varnish-Beresp-TTL
X-Atg-Version
GMS-Ver
X-TH-Server
X-WebServer
Proxy-Firewall
X-GEO
X-WR-MODIFICATION
Fastcgi-X-Cache-Version
X-Fastly-Backend-Reqs
Processtime
X-Phone
X-LB-ID
X-Ratelimit-Remaining
X-Host-Name
X-APP
WZWS-RAY
X-Ratelimit-Limit
X-Vcl-Version
CF-Cached-On
X-Instart-Info
X-Daa-Tunnel
X-CLOUD-TRACE-CONTEXT
X-CACHE-AGE
X-Amz-Meta-Surrogate-Control
Backend-Name
X-Upstream-CT
X-Check-Cacheable
X-Upstream-HT
Countrycode
X-NGINX-Cache
Mobile-Detection-Method
X-Worker
X-We-Are-Hiring
GW-Server
X-Clientip
X-Vcache
X-UE-Client-Country
X-ID
X-HS-Status
SN
Xxline
225prxHost
286prxHost
352pxline
409pxxline
X-Zone
355prline
SS
X-Nananana
219prxHost
X-Server-W
X-Hyper-Cache
X-URL
X-WA
178proxuri
X-Ratelimit-Reset
X-Fastly-Country-Code
188prxHost
189phosttRef
Ohc-File-Size
Lb
X-Backend-TTL
X-ServedByHost
X-CSRF-Token
X-IPS-LoggedIn
Pics-Label
Version
DataCenter
X-B3-SpanId
X-UPSTREAM-Address
FSS-Proxy
X-FORWARDED-FOR
Geoip-Latitude
GeoIp-Country-Code
X-PF-Uncompressing
X-SERVER-NAME
FSS-Cache
X-HS-Combine-CSS
X-GZIP
X-SRV
X-Dynatrace
URI
X-Render-Time
X-Request-Start
Geoip-City
X-VCL-Version
X-BE
Esi-Enabled
X-CS
GeoIP-Latitude
GeoIP-Country-Code
X-Cache-Ttl
Ohc-Cache-HIT
GeoIP-City
X-Be
X-Contensis-Viewer-Groups
X-Fpc
WP-Super-Cache
CDN
X-LiteSpeed-Cache-Control
X-AssetVersion
X-PJAX-URL
X-Unique-Id
X-Cdn-Cache
X-Via-Ucdn
X-UCC
X-Gen-Id
X-ZONE
X-Akamai-Request-ID2
X-GDPR
Accept-Language
X-HostName
Amp-Access-Control-Allow-Source-Origin
Dynatrace
X-Vtex-Processado-Em
X-RequestId
X-Vtex-Remote-Cache
X-NWS-UUID-VERIFY
Cneonction
RequestUuid
X-Fastly-Cache-Hits
Who
X-Varnish-Action
X-Pf-Uncompressing
X-Html-Edge-Cache
Serverid
X-LiteSpeed-Tag
X-ABtesting
X-Cache-URL
Locale
X-Flog
X-Urbn-Context-Path
Server-Id
A
Accept-Ch
X-Reqid
X-Urbn-Site-Id
X-Hello
X-Store
X-Request-Url
X-Via-NSCOPI
X-Akamai-SSL-Client-Sid
X-NGENIX-Cache
Is-Session-Tracking
X-Cdn-Request-ID
X-Serial
X-Dw-Trace-Id
Frontcache
Ohc-Response-Time
X-HTML-Edge-Cache
X-Port
Get-Access-Time
X-ServerName
NnCoection
X-EC-Lua