Threat Level: green Handler on Duty: Renato Marinho

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
X-Powered-By
Link
ETag
CF-RAY
X-XSS-Protection
Expect-CT
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
CF-Cache-Status
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-Xss-Protection
X-AspNet-Version
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
Alt-Svc
X-Check
X-Cacheable
X-Request-ID
Content-Security-Policy-Report-Only
X-Generator
X-Cache-Status
CF-Ray
X-Permitted-Cross-Domain-Policies
X-AspNetMvc-Version
X-DNS-Prefetch-Control
X-Template
X-Language
Status
X-Iinfo
Content-Encoding
X-FRAME-OPTIONS
Timing-Allow-Origin
X-Buckets
X-Content-Security-Policy
X-CDN
Upgrade
Xkey
X-Turbo-Charged-By
X-Kinja-Server-Push
Keep-Alive
Access-Control-Expose-Headers
P3p
X-Backend
X-Cache-Group
X-Pass-Why
X-AH-Environment
Access-Control-Max-Age
X-Drupal-Dynamic-Cache
X-Age
X-Ua-Compatible
X-Pingback
X-Server
X-Via
X-Proxy-Cache
X-Amz-Id-2
X-Amz-Request-Id
Grace
X-Hacker
X-Varnish-Cache
X-Robots-Tag
WPE-Backend
X-Server-Powered-By
X-Nginx-Cache-Status
X-Page-Speed
X-UA-Device
EagleId
Request-Context
X-Envoy-Upstream-Service-Time
Cf-Railgun
X-Amz-Version-Id
X-LiteSpeed-Cache
X-WebKit-CSP
X-Swift-CacheTime
X-Swift-SaveTime
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-OneAgent-JS-Injection
X-Device
Ali-Swift-Global-Savetime
Allow
Server-Timing
X-Ac
X-Rq
X-Node
X-CST
X-Host
Content-Location
Feature-Policy
X-Cnection
X-Response-Time
X-Server-Id
X-Type
Report-To
X-Backend-Server
X-Cloud-Trace-Context
X-Application-Context
Surrogate-Control
EagleEye-TraceId
X-Iejgwucgyu
X-ORACLE-DMS-ECID
X-Url
X-Origin-Cache
Request-Id
X-Readtime
X-Rack-Cache
X-Country
X-FTR-Request-ID
X-Clacks-Overhead
X-Cache-Lookup
X-Country-Code
Rating
NEL
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Instart-Request-ID
X-Vhost
X-Ruxit-JS-Agent
X-DynaTrace
Pinterest-Generated-By
X-Mod-Pagespeed
X-Upstream-Env
X-Origin-Upstream-Status
X-Px
X-DataDome
Edge-Control
X-Goog-Hash
Verso
Accept-CH
X-Dispatcher
X-HW
X-Server-Name
X-ORACLE-DMS-RID
X-ESI
MS-Author-Via
X-DataStream-Cache-Status
X-VARITI-CCR
AR-ATIME
AR-PoweredBy
AR-CACHE
PB-RID
X-Mobile-Rewrite
PB-PID
Arc-Version
X-GitHub-Request-Id
X-MS-InvokeApp
X-GoogleNews-Bot
X-Exp-Variant
X-Exp-Id
X-Cdn-Fetch
X-Kinja-Build
X-Kinja
X-Kinja-Revision
X-Kinja-Server
X-Use-Magma
X-Cached
X-Version
Charset
Content-MD5
X-Dns-Prefetch-Control
X-Powered-By-Plesk
X-Server-ID
Public-Key-Pins
X-Recruiting
Service-Worker-Allowed
AR-Request-ID
Accept-CH-Lifetime
RTSS
X-D2id
X-Abt-Application-Version
X-Navigation-Version
X-TTL
X-TtlSet
X-PC
X-Vname
X-Ser
X-SRCache-Fetch-Status
X-SRCache-Store-Status
Ar-Sid
X-Varnish-TTL
X-Trace
X-Amz-Server-Side-Encryption
X-Vcap-Request-Id
X-Forwarded-Proto
X-Client-IP
SPRequestGuid
X-DynaTrace-JS-Agent
Nginx-Cache
X-FTR-Cache-Status
X-FTR-Balancer
X-FTR-Backend
X-FTR-Backend-Server
X-FTR-Realm
X-FTR-DC
X-Country-Code-Real
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Goog-Metageneration
X-FTR-Expires
X-VCache
X-Amz-Rid
S
X-SharePointHealthScore
X-Amz-Meta-S3cmd-Attrs
X-Fastly-Request-ID
X-Debug
X-XRDS-Location
TCN
Arr-Disable-Session-Affinity
X-Shield-Request-Id
X-Hits
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
DynaTrace
X-Dw-Request-Base-Id
X-Pinterest-Rid
X-Upstream-Proxy
Pinterest-Version
X-Oracle-Dms-Rid
SPIisLatency
SPRequestDuration
X-Akam-SW-Version
Access-Control-Request-Method
X-FTR-Cache-Host
X-SERVER
X-Goog-Storage-Class
X-T
X-Powered-CMS
X-Id
X-Ttl
Front-End-Https
X-Aspnet-Version
X-NF-Request-ID
X-Acc-Meta-Resource-Type
Fastcgi-Cache
Tracecode
X-Amzn-Trace-Id
X-MSEdge-Ref
X-N
X-Varnish-Age
Paypal-Debug-Id
X-Forwarded-For
X-B3-TraceId
Realpath
X-Content-Type
X-Upstream
Alternate-Protocol
Mrf-Cache-Status
MRF-Tech
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
X-B3-TraceId-Primal
X-RateLimit-Remaining
X-Middleton-Display
Display
X-Sol
X-Frontend
X-PressLabs-Stats
X-Logged-In
X-HS-Content-Id
X-HS-Hub-Id
X-Middleton-Response
Fusion-Content-Source
Response
Fusion-Source
Fusion-Template-Id
X-Content-Digest
Fusion-Content-Id
Fusion-Component-Id
X-Litespeed-Cache
AMP-Access-Control-Allow-Source-Origin
X-Hostname
X-B3-Traceid
X-Cache-Key
X-Srv
X-Pad
X-Accel-Expires
X-Fastcgi-Cache
X-Accel-Buffering
X-Kinsta-Cache
MicrosoftSharePointTeamServices
Server-Name
Host
Backend-Timing
X-User-Agent
X-Content-Options
X-Analytics
X-Correlation-Id
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
X-Debug-Info
X-LB-Cache
X-Rid
X-Amzn-RequestId
Refresh
X-Amz-Apigw-Id
X-Revision
X-IPLB-Instance
X-Az
X-Activity-Id
X-AppVersion
Accept-Charset
X-B3-Sampled
X-B
X-Cache-Hit
FilterID
X-Cache-2
X-Grace
X-DIS-Request-ID
Surrogate-Key
Powered-By-ChinaCache
X-FastCGI-Cache
X-CF-Powered-By
ServerID
X-Page-Id
X-Whom
Server-Info
TP-Cache
TP-L2-Cache
X-PHP-Backend
Host-Header
X-Request-Received
X-Request-Processing-Time
X-Webkit-CSP
MS-CV
X-Content-Security-Policy-Report-Only
X-Ruxit-Js-Agent
X-Origin-Server
X-Amz-Replication-Status
X-Varnish-Backend
X-Kong-Upstream-Latency
VIX-Pulpo-Node
Source
X-Kong-Proxy-Latency
VIX-Pulpo-Upstream-Status
X-Akamai-Edgescape
X-Cached-By
X-TT
X-App-Environment
X-UA-Device-Type
X-Cache-Action
X-Cluster
X-Platform-Server
X-Tumblr-User
Cache-Status
X-Tumblr-Pixel
Access-Control-Allow-Method
X-Tumblr-Pixel-0
X-GUploader-UploadID
X-FW-Static
X-FW-Hash
X-FW-Serve
X-Request-Guid
X-FW-Server
X-Content-Powered-By
X-Varnish-Grace
X-Framework
X-FW-Type
X-F-Cache
X-Drupal-Cache-Tags
X-RateLimit-Limit
X-Shard
X-Ezoic-Cdn
X-Mobile
X-Instance
X-Zen-Fury
X-SS-Set-Cookie
X-FB-Debug
X-Geo-Country
X-Handled-By
X-Forwarded-Host
X-Magnolia-Registration
Edge-Cache-Tag
PageSpeed
From-Origin
X-Cache-TTL
X-ATG-Version
X-Node-Name
X-Cache-Age
X-Varnish-Hostname
X-App-Server
X-Varnish-Server
DC
Cache-Tags
Cleartype
X-BCube-Filmed-By
X-AOL-HN
CACHE
X-Cache-Control
Payment
Upgrade-Insecure-Requests
Healthy
X-Region
Filters
X-Response-Served-From
X-WebKit-CSP-Report-Only
X-RequestSource
X-Generated-By
X-Adobe-Loc
X-TX-ID
X-GeoIP
X-Adobe-Content
Country
Server-Node
X-UUID
X-VG-WebCache
X-Redis-Cache
X-TT-TIMESTAMP
Webserver
X-Storage
Cache-Tv-Group
X-RTag
Retry-After
Actual-Object-TTL
X-Jobs
X-FW-Dynamic
X-Cache-Rule
X-Tumblr-Pixel-2
Fastly-Restarts
X-B-Cache
X-Tumblr-Pixel-1
X-Drupal-Cache-Contexts
Ms-Operation-Id
X-Signature
X-Locale
X-XRDS-LOCATION
X-Content-Age
NGB
X-Cacheable-TTL
X-Varnish-Hits
GEO-INFO
ServedBy
Liferay-Portal
X-Wix-Server-Artifact-Id
X-Esi
X-TA-CDN-Provider
X-Seen-By
X-Contextid
Powered
Frame-Options
X-Oneagent-Js-Injection
X-Rendered-As
HitType
X-Via-JSL
X-Cache-TTL-Remaining
X-Varnish-IP
X-Real-IP
X-BACKEND-TTL
X-WA-Info
X-Yottaa-Metrics
X-Yottaa-Optimizations
S-Cnection
Viewport
X-Guploader-Uploadid
X-Upgrade-Enabled
Eomportal-Instance
X-RemovedCookies
X-ProcessESI
Content-Style-Type
X-Cache-Server
X-Cache-NE
Content-Script-Type
NtCoent-Length
X-Mode
Xserver
X-Time
Datacenter
X-Akamai-Transformed
X-Cache-Config
X-Proxied
X-S
X-Varnish-Cache-Hits
X-Is-Bot
Machine
Load-Balancing
X-RN-RSRV
Mn-Server-Ip
X-Detected-As
Meta-Geo
X-Cache-Var-Map
X-ES-SERVER
X-Routing-Service
X-Cache-Var
X-Proto
Cache-Key
X-From
Cache-Hits
X-Zipkin-Id
X-Hl-Ver
X-Path-Route
X-Device-Type
Access-Control-Request-Headers
TWC-Connection-Speed
L5d-Success-Class
TWC-GeoIP-LatLong
Vix-Hermes-Req-Id
TWC-Locale-Group
TWC-Privacy
Property-Id
TWC-Device-Class
Mail-Subject
X-AWS-Id
TWC-GeoIP-Country
X-Access
Webcakes-App-Name
Webcakes-App-Version
X-Endurance-Cache-Level
We-Hiring
Webcakes-Region
X-Section
X-FC-Vary-Parameters
X-Hosted-By
X-Viewer-Country
X-VG-TLSProxy
X-Environment-Context
X-Origin-Hint
X-Cache-Enabled
X-Tb
X-LJ-Flow-ID
X-VWS-Id
X-L-Path
X-Cdn
OT-Force-Account-Verify
Azure-InstanceId
Azure-RegionName
Azure-SiteName
Origin-Edge-Control
X-Web-Node
X-Cache-Operation
Azure-SlotName
ViewerVersion
X-FW-Version
DB-Nickname
S-Rt
X-Loop
X-Labrador-Cache-Channel
X-Format
X-Wix-Request-Id
Azure-Version
Origin-Cache-Control
NGX
X-EIG-Tracking-Id
X-Time-Microsecs
X-Backend-Name
X-Akamai-Request-ID
X-Proxy
X-TNCMS
X-Origin-Response-Time
X-ServerID
X-FB-TRIP-ID
X-Debug-Cache
X-BYPASS-REASON
X-IP
X-Via-Fastly
X-CCM
X-JoinUs
X-Status
Selected-FE
X-Tumblr-Pixel-3
X-NCache
X-PCL
X-OCL
X-Xfnlog-Site
X-Varnish-Cacheable
X-Proxy-Build
X-Timing-Wait
X-ProxyCache-Status
X-Birta-Served
X-Birta-Cache-Post
X-ProxyCache-Key
X-Via-CDN
Decoy-Debug-TTL
Decoy-Debug-Key
X-GRACE
Cache-Tag
Decoy-Debug-Status
Now
X-Grey
X-Rocket-Nginx-Bypass
X-Site-Version
X-Human
X-Generated
X-Cache-Category-Id
X-MP-GENERATED-AT
X-Vgn-Hpd-Reason
X-Www-Served-By
Uber-Trace-Id
X-Trace-Id
X-Dynatrace-Js-Agent
X-RCS-CacheZone
X-Newrelic-App-Data
X-VC-Cache
Served-By
X-NWS-LOG-UUID
X-EdgeConnect-Cache-Status
X-Internal-Host
X-R9-Blue-Green-Version
X-CDN-Cache
X-Rule
X-Cache-Remote
X-Origin-Host
X-NewRelic-App-Data
X-Sucuri-ID
LB
X-UA
AsisCache
Release
X-UnsetCookies
Nel
X-Cluster-Node
Rt-Fastcgi-Cache
X-App-Name
User-Agent
X-APP-VERSION
X-PERF
X-ApacheServer
X-TIME
X-Ua
X-Datadome
X-B3-Spanid
X-Nginx-Cache
X-Agile-Age
X-Source
Pagespeed
X-Agile-Id
X-Agile
X-Request-Time
X-Ocache
Cache-Name
X-Edge-Location
Hostname
X-OVcl
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Origin
X-OVcl-Cache
X-Hit
X-Origin-TTL
X-VCT
X-App-Version
X-Pubstack
X-Sucuri-Cache
Warning
X-Origin-CC
X-Edge-IP
X-ElasticPress-Search
X-ARC
X-A-Dam
Cache-Prefix
Cross-Origin-Window-Policy
X-Aed
X-A-Ccd
X-Accel-Expires-Debug
Arc-Country
BehaviorPad-Version
X-A-Wwc
X-A-Dgt
X-Application
Ajk
X-A-Dcw
Server-Surrogate-Control
On-Server
Origin
Fly-Cache
Ec-Rule-Version
Node
N-Cache
Fly-Request-Id
MD5-Digest
Meta-Geo-Continent
Rendered-Blocks
Request-Country
Thinkindot-Control
UCS
Www
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
Request-EU
Request-Time
Server-Cache-Control
X-A
X-Developer
X-Request-UUID
X-Region-Sid
X-Rewrite-Enabled
X-Rojux
X-S-Cookie
X-Processor
X-Platform
X-NodeID
X-Mobile-URL
X-NU-AKA-ACS-Version
X-NX-Host
X-PAYTM-SRV-ID
X-ScT
X-Secret
X-Var-Ttl
X-Up
X-Varnish-Authentication
X-VG-WebServer
Xc-Version
X-Twitter-Response-Tags
X-Trv-Group
X-Server-Group
X-SRCache-Key
X-Thinkindot-L3
X-Transaction
X-Matched-Rule
X-Logtrace-Id
X-Date
X-D
X-Debug-Cache-Expiry
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-Core-Value
X-Connection-Hash
X-Cache-ASPX
X-BB-ID
X-Cache-Grace
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Debug-Cookies
X-Debug-Log
X-Hp-Webp
X-Generated-In
X-IN-APIGATEWAY
X-IN-WAF
X-Instart-Isnd
X-Gannett-Site-Version
X-G
X-Destination
X-Developers
X-DPWN-IS-SECURE
X-External-Request-Id
X-B-Cookie
X-Cache-Expires
X-Protected-By
X-Cache-Backend
X-Varnish-Ttl
X-CGP
X-Policy
X-Proxy-Cache-Status
X-Gen-Mode
X-PHP-Host
RNT-Machine
X-Proxy-Upstream
X-Amzn-Remapped-Date
RNT-Time
X-RateLimit-Limit-Second
X-Refresh
X-Request-URI
X-Epic-Correlation-Id
X-Sedo-Request-Id
X-Reboot
Pagetype
X-Page-Type
X-RateLimit-Remaining-Second
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-Eu-Site
Server-Host
X-LI-UUID
X-Location
User-Cache-Control
X-Irp-Debug
Web-Mar-Node
X-LI-Proto
X-Key
X-LAGOON
X-Li-Fabric
X-Li-Pop
X-Info
True-Client-Country-4JS
X-Geo-Header
X-Origin-Date
Server-Int
X-Origin-Expires
SRV
X-Nginx-Cache-Key
X-Hnp-Log
X-Hash
X-Amzn-Remapped-Connection
X-Servername
X-Sf
CDCHOST
Memcached
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
Lfy
X-Cache-Id
X-Via-SSL
Country-Code
Content-Disposition
X-Cache-Host
Cache-Cookie-Set-From
X-Cache-Miss-From
AKAMAI
X-F5-Cache
X-Cms-Context
X-Webstats-RespID
Apple-News-Services-Handled
Apple-News-Services-Host
Backend
X-Cache-Info
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
X-Via-Edge
X-Varnish-Url
X-Dispatcher-Server
X-SIPLIST1
X-Block-Status
HA-Ipaddr
X-Distil-CS
IsBot
X-Ah-Environment
X-Distributor
Magicmarker
Kp-EeAlive
Ha-Gx-Prefs
X-SN
Fastly-SWR
Fastly-Soc-X-Request-Id
Fastly-SIE
Fastly-Backend-Name
X-Crawler
X-TT-LOGID
X-C
X-Device-Os
X-Cache-Debug
X-ServiceProvider
X-Cdn-Forward
X-Varnish-Beresp-Grace
X-FireWall-Port
X-Varnish-Beresp-Status
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Skip-Cache
X-ShopId
X-ShardId
X-Swa-Ws
X-Shopify-Stage
X-User
X-Wikidot-Static-Cache
X-Cache-Bucket
X-Wikidot-Backend
X-Variation
X-S-Maxage
X-Core-Mission
X-Fastly-Cache
X-Fetched-On
X-GeoIP-Country-Code
X-GeoIP-City
X-MSEdge-Flight
X-MSEdge-Features
X-Micro-Cache
X-WPE-Loopback-Upstream-Addr
X-No-Session
X-Planisys-CDN-Cache
X-Gateway-Cache-Status
X-Gateway-Cache-Key
X-Gateway-Skip-Cache
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Qloud-Router
X-Node-Id
Platform
X-Backend-State
X-Amz-Meta-Cache-Control
X-Amzn-Remapped-Content-Length
Pramga
Proxy-Connection
X-Alternate-Cache-Key
SD-X-WS
DSUID
Is-Eu
Heartbleed
Adler-Geo
X-Backend-Host
X-Backend-Url
Fastly-SSL
X-Cache-FS-Status
X-GZip
X-Generated-On
X-Auto-Login
X-RateLimit-Reset
X-Server-IP
X-Cdn-Srv
FNAC-ModuleRouting
X-TrackingId
X-Thanos
X-Server-Time
Cteonnt-Length
X-Level-Front-Cache
HTTPS
X-Bip
X-BBXSRF
X-CACHE-KEY
X-Real-Ip
X-CUA
ServerName
Powered-By
Server-ID
X-Owner
Section-Io-Cache
X-CDN-Forward
X-Org
X-Varnish-Beresp-Ttl
MIME-Version
Gh-Request-Id
Pragrma
X-NC
X-Passed-To-DLL
X-Passed-To-BeforeDispatch
Fastcgi-Useragent
Viewtype
X-Passed-To-PostProcessResponse
VivaBuild
X-Passed-To
X-Returned-From
X-Stale
X-Returned-From-BeforeDispatch
X-Svr
X-Returned-From-DLL
X-Original-Request
X-Returned-From-PostProcessResponse
X-Apm-Svc-Key
AR-SID
X-Parent-Response-Time
X-Sn-Servicetimems
V-Age
X-Apm-App-Name
X-Aicache-OS
X-Apm-Inst-Hash
X-Cdn-Origin
X-Load-Cache
X-Server-By
X-FPC
X-Nc
X-Actual-URL
REQUESTUUID
Cache
Host-ID
X-Pjax-Url
X-Dc
X-VServer
X-Exp-Se
X-HS-Cache-Config
X-ND-Cache
X-Croise-Owner
Rt-Proxy-Cache
X-Geo
X-Unique-ID
HostName
X-Gdpr
Cdn-Host
Cdn-Request-Time
X-Edge-Server
X-Ua-Device
X-CSRF-TOKEN
X-Microcachable
X-Served-From
PICS-Label
X-DC
X-B3-Parentspanid
X-Servedbyhost
Time
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
SID
X-Oss-Request-Id
X-Oss-Server-Time
X-Wa
X-Oss-Storage-Class
Memory
ProcessTime
Wxu-Next-Hostname
Wxu-Next-Region
Resin-Trace
Mime-Version
Wxu-Next-Commit
X-Git-Hash
X-V
X-Newrelic-Synthetics
X-From-Cache
X-Tb-Optimization-Total-Bytes-Saved
X-Req
CF-IPCountry
X-Optimization
X-Cache-HT
Odigeo-Trace-Id
Cf-Ipcountry
X-Release
X-Lb-Id
X-HTML-Minification-Powered-By
X-Varnish-Beresp-TTL
X-TH-Server
X-WebServer
X-Fstrz
Cdn
X-Atg-Version
X-Host-Name
X-Phone
X-Response-By
XServer
Proxy-Firewall
CF-Cached-On
Public-Key-Pins-Report-Only
X-ID
X-LB-ID
X-Instart-Info
X-SERVER-NAME
GMS-Ver
X-APP
Processtime
X-WR-MODIFICATION
X-Ratelimit-Remaining
X-Daa-Tunnel
X-Vcl-Version
X-Ratelimit-Limit
X-Upstream-HT
X-Fastly-Backend-Reqs
WZWS-RAY
X-Upstream-CT
Backend-Name
X-CACHE-AGE
X-GEO
X-CLOUD-TRACE-CONTEXT
Fastcgi-X-Cache-Version
X-Worker
X-Check-Cacheable
X-Zone
225prxHost
219prxHost
286prxHost
189phosttRef
Xxline
X-Server-W
X-Amz-Meta-Surrogate-Control
178proxuri
X-Nananana
X-NGINX-Cache
188prxHost
355prline
409pxxline
X-Vcache
352pxline
X-B3-SpanId
GW-Server
Mobile-Detection-Method
X-URL
X-Ratelimit-Reset
X-Clientip
X-IPS-LoggedIn
X-HS-Status
Countrycode
X-UE-Client-Country
X-WA
X-We-Are-Hiring
Version
Lb
SN
X-ServedByHost
Pics-Label
X-Backend-TTL
SS
X-Fastly-Country-Code
X-Hyper-Cache
X-CSRF-Token
Ohc-File-Size
DataCenter
GeoIp-Country-Code
X-VCL-Version
Esi-Enabled
Geoip-Latitude
X-Dynatrace
X-SRV
WP-Super-Cache
X-GZIP
X-Render-Time
X-Request-Start
URI
GeoIP-Country-Code
GeoIP-City
GeoIP-Latitude
X-AssetVersion
X-Contensis-Viewer-Groups
X-UPSTREAM-Address
X-PF-Uncompressing
Geoip-City
X-BE
FSS-Cache
FSS-Proxy
X-HS-Combine-CSS
Serverid
X-Akamai-Request-ID2
X-Be
X-CS
Accept-Language
X-GDPR
X-LiteSpeed-Cache-Control
X-Via-Ucdn
X-Cache-Ttl
X-Unique-Id
X-Vtex-Remote-Cache
X-Cdn-Cache
X-ZONE
X-Vtex-Processado-Em
Ohc-Cache-HIT
X-RequestId
X-NWS-UUID-VERIFY
X-Gen-Id
CDN
X-Fpc
X-PJAX-URL
X-FORWARDED-FOR
Amp-Access-Control-Allow-Source-Origin
Dynatrace
X-HostName
X-ABtesting
Locale
X-Urbn-Site-Id
X-Hello
X-UCC
X-Flog
X-Fastly-Cache-Hits
X-Via-NSCOPI
RequestUuid
X-Pf-Uncompressing
X-Urbn-Context-Path
X-Reqid
X-Html-Edge-Cache
Cneonction
X-LiteSpeed-Tag
Accept-Ch
A
X-Request-Url
Server-Id
X-Store
Who
X-Varnish-Action
X-Akamai-SSL-Client-Sid
Dnion-Transfer-Encoding
IBM-Web2-Location
X-Cache-URL
Ohc-Response-Time
Is-Session-Tracking
Get-Access-Time
X-Port
X-Serial
Frontcache
X-ServerName
NnCoection
X-Cdn-Request-ID
X-HTML-Edge-Cache
X-EC-Lua