Threat Level: green Handler on Duty: Russ McRee

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
X-Powered-By
Link
ETag
CF-RAY
X-XSS-Protection
Expect-CT
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
CF-Cache-Status
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-AspNet-Version
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-Xss-Protection
X-Drupal-Cache
X-Adblock-Key
Alt-Svc
X-Check
X-Cacheable
X-Request-ID
Content-Security-Policy-Report-Only
X-Cache-Status
X-Generator
CF-Ray
X-DNS-Prefetch-Control
X-Permitted-Cross-Domain-Policies
X-AspNetMvc-Version
X-Template
X-Language
Status
X-Iinfo
Content-Encoding
Timing-Allow-Origin
X-FRAME-OPTIONS
X-Content-Security-Policy
X-Buckets
Upgrade
Xkey
X-CDN
X-Turbo-Charged-By
X-Kinja-Server-Push
Keep-Alive
Access-Control-Expose-Headers
X-Backend
X-Cache-Group
X-Pass-Why
Access-Control-Max-Age
X-AH-Environment
X-Drupal-Dynamic-Cache
X-Age
X-Ua-Compatible
X-Pingback
X-Server
X-Via
X-Proxy-Cache
X-Amz-Id-2
X-Amz-Request-Id
Grace
X-Hacker
X-Varnish-Cache
X-Robots-Tag
X-Server-Powered-By
X-Page-Speed
X-Nginx-Cache-Status
WPE-Backend
X-UA-Device
EagleId
Request-Context
X-Envoy-Upstream-Service-Time
P3p
Cf-Railgun
X-Amz-Version-Id
X-LiteSpeed-Cache
X-WebKit-CSP
X-Swift-CacheTime
X-Swift-SaveTime
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-OneAgent-JS-Injection
X-Device
Ali-Swift-Global-Savetime
Server-Timing
Allow
X-Ac
X-Rq
X-Node
X-Host
Content-Location
X-CST
Feature-Policy
X-Server-Id
X-Cnection
X-Response-Time
Report-To
X-Backend-Server
X-Cloud-Trace-Context
X-Application-Context
Surrogate-Control
EagleEye-TraceId
X-Type
X-Iejgwucgyu
X-ORACLE-DMS-ECID
X-Readtime
Request-Id
X-Origin-Cache
X-Rack-Cache
X-Url
X-FTR-Request-ID
X-Country
X-Clacks-Overhead
X-Cache-Lookup
X-Country-Code
Rating
NEL
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Instart-Request-ID
X-Ruxit-JS-Agent
X-Vhost
X-DynaTrace
Pinterest-Generated-By
X-Mod-Pagespeed
X-Origin-Upstream-Status
X-DataDome
X-Px
Edge-Control
X-Upstream-Env
X-Goog-Hash
Verso
X-Server-Name
X-HW
Accept-CH
X-Dispatcher
X-ORACLE-DMS-RID
MS-Author-Via
X-ESI
X-VARITI-CCR
AR-ATIME
AR-PoweredBy
AR-CACHE
X-GitHub-Request-Id
X-MS-InvokeApp
Arc-Version
X-Mobile-Rewrite
PB-PID
PB-RID
X-DataStream-Cache-Status
X-Cdn-Fetch
X-Exp-Id
X-Exp-Variant
X-GoogleNews-Bot
X-Kinja
X-Kinja-Build
X-Kinja-Server
X-Use-Magma
X-Kinja-Revision
X-Cached
X-Version
Charset
Content-MD5
X-Powered-By-Plesk
Public-Key-Pins
X-TTL
X-Recruiting
Service-Worker-Allowed
AR-Request-ID
Accept-CH-Lifetime
RTSS
Ar-Sid
X-Abt-Application-Version
X-Navigation-Version
X-D2id
X-Server-ID
X-PC
X-Vname
X-TtlSet
X-Ser
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Amz-Server-Side-Encryption
X-Varnish-TTL
X-Vcap-Request-Id
X-Trace
X-Forwarded-Proto
X-Client-IP
SPRequestGuid
X-DynaTrace-JS-Agent
Nginx-Cache
X-FTR-Cache-Status
X-FTR-Balancer
X-Country-Code-Real
X-FTR-DC
X-FTR-Backend-Server
X-FTR-Backend
X-FTR-Realm
X-Cdn
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-FTR-Expires
X-Amz-Rid
S
X-VCache
X-SharePointHealthScore
X-Amz-Meta-S3cmd-Attrs
X-Fastly-Request-ID
X-XRDS-Location
X-Debug
TCN
DynaTrace
Arr-Disable-Session-Affinity
X-Hits
X-Dw-Request-Base-Id
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-Shield-Request-Id
SPIisLatency
SPRequestDuration
Pinterest-Version
X-Upstream-Proxy
X-Pinterest-Rid
X-Oracle-Dms-Rid
X-Akam-SW-Version
Access-Control-Request-Method
X-T
X-FTR-Cache-Host
X-Powered-CMS
X-SERVER
X-Goog-Storage-Class
X-B3-TraceId
Front-End-Https
X-Aspnet-Version
X-NF-Request-ID
X-Acc-Meta-Resource-Type
Realpath
X-Amzn-Trace-Id
X-MSEdge-Ref
Tracecode
X-Id
X-N
Fastcgi-Cache
X-Dns-Prefetch-Control
X-Varnish-Age
Paypal-Debug-Id
X-Content-Type
X-Ttl
X-Upstream
X-Forwarded-For
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
Alternate-Protocol
Mrf-Cache-Status
MRF-Tech
X-B3-TraceId-Primal
X-RateLimit-Remaining
X-Frontend
X-Logged-In
X-PressLabs-Stats
X-Content-Digest
Fusion-Template-Id
Fusion-Component-Id
Fusion-Content-Source
Fusion-Content-Id
X-HS-Hub-Id
Fusion-Source
X-HS-Content-Id
X-Sol
X-Litespeed-Cache
X-Middleton-Display
Display
X-Middleton-Response
Response
X-Fastcgi-Cache
AMP-Access-Control-Allow-Source-Origin
X-Hostname
X-Cache-Key
X-Accel-Expires
X-Pad
X-Srv
MicrosoftSharePointTeamServices
Host
X-Kinsta-Cache
Server-Name
X-B3-Traceid
X-Accel-Buffering
X-Content-Options
X-Analytics
X-DataStream-Origin-MEX-Latency
X-Correlation-Id
X-DataStream-MidMile-RTT
Backend-Timing
X-User-Agent
X-Debug-Info
X-LB-Cache
X-Revision
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Rid
X-Activity-Id
FilterID
Refresh
Accept-Charset
X-AppVersion
X-Cache-Hit
X-B3-Sampled
X-Az
X-Cache-2
X-IPLB-Instance
Surrogate-Key
X-Grace
Powered-By-ChinaCache
X-B
X-DIS-Request-ID
X-CF-Powered-By
ServerID
X-Page-Id
X-Whom
Server-Info
X-FastCGI-Cache
TP-Cache
TP-L2-Cache
Host-Header
X-PHP-Backend
X-Request-Received
X-Request-Processing-Time
X-Webkit-CSP
MS-CV
X-Ruxit-Js-Agent
X-Content-Security-Policy-Report-Only
X-Amz-Replication-Status
VIX-Pulpo-Upstream-Status
Cache-Status
X-Kong-Upstream-Latency
Source
VIX-Pulpo-Node
X-Kong-Proxy-Latency
X-TT
X-Cached-By
X-App-Environment
X-Cluster
X-Akamai-Edgescape
X-Framework
X-Cache-Action
X-Platform-Server
X-Origin-Server
X-Varnish-Backend
X-Tumblr-Pixel-0
X-Tumblr-User
X-Mobile
X-F-Cache
Access-Control-Allow-Method
X-Tumblr-Pixel
X-GUploader-UploadID
X-Content-Powered-By
X-FW-Serve
X-FW-Hash
X-FW-Server
X-FW-Static
X-FW-Type
X-Request-Guid
X-Drupal-Cache-Tags
X-Varnish-Grace
X-FB-Debug
X-UA-Device-Type
X-Instance
X-Geo-Country
X-RateLimit-Limit
X-Zen-Fury
X-SS-Set-Cookie
X-Handled-By
X-Shard
X-Ezoic-Cdn
X-Forwarded-Host
X-Cache-TTL
X-Magnolia-Registration
Edge-Cache-Tag
From-Origin
X-Node-Name
PageSpeed
X-ATG-Version
X-Cache-Age
X-Varnish-Hostname
Cache-Tags
X-App-Server
X-Varnish-Server
DC
Cleartype
X-BCube-Filmed-By
X-AOL-HN
X-Cache-Control
CACHE
Payment
Healthy
Upgrade-Insecure-Requests
Filters
X-WebKit-CSP-Report-Only
X-RequestSource
X-Cache-Rule
X-Generated-By
Fastly-Restarts
X-Response-Served-From
X-Region
X-TX-ID
Server-Node
X-Adobe-Content
X-Adobe-Loc
X-B-Cache
Webserver
X-Signature
Cache-Tv-Group
NGB
X-Storage
X-UUID
X-VG-WebCache
X-TT-TIMESTAMP
X-Redis-Cache
X-Tumblr-Pixel-2
Retry-After
X-Tumblr-Pixel-1
X-Jobs
X-GeoIP
Actual-Object-TTL
X-RTag
Country
Ms-Operation-Id
X-FW-Dynamic
X-Drupal-Cache-Contexts
X-TA-CDN-Provider
X-XRDS-LOCATION
X-Content-Age
X-Locale
X-Cacheable-TTL
X-Varnish-Hits
GEO-INFO
ServedBy
Powered
Liferay-Portal
X-Esi
X-Contextid
Frame-Options
X-Oneagent-Js-Injection
X-Seen-By
HitType
X-Rendered-As
X-Cache-TTL-Remaining
X-WA-Info
X-Varnish-IP
X-Yottaa-Metrics
X-Wix-Server-Artifact-Id
X-Yottaa-Optimizations
X-Via-JSL
S-Cnection
X-Guploader-Uploadid
X-Real-IP
Viewport
X-BACKEND-TTL
X-Upgrade-Enabled
X-Cache-NE
X-RemovedCookies
Eomportal-Instance
X-ProcessESI
X-Mode
X-Cache-Server
Content-Script-Type
Content-Style-Type
X-Akamai-Transformed
NtCoent-Length
Datacenter
X-Cache-Var-Map
X-Is-Bot
X-Hl-Ver
X-From
X-ES-SERVER
X-Path-Route
X-Proto
X-Zipkin-Id
X-Routing-Service
X-RN-RSRV
X-Proxied
X-Device-Type
X-Detected-As
Cache-Key
Cache-Hits
OT-Force-Account-Verify
X-Cache-Operation
Machine
Meta-Geo
X-Cache-Var
X-Cache-Enabled
Mn-Server-Ip
X-Varnish-Cache-Hits
Load-Balancing
X-S
X-Cache-Config
Webcakes-App-Name
X-Origin-Hint
Webcakes-App-Version
Vix-Hermes-Req-Id
X-Tb
TWC-Privacy
X-LJ-Flow-ID
X-Proxy
X-Hosted-By
X-AWS-Id
Webcakes-Region
Access-Control-Request-Headers
X-Environment-Context
X-FB-TRIP-ID
L5d-Success-Class
X-FC-Vary-Parameters
X-L-Path
X-Time
X-VWS-Id
X-Viewer-Country
TWC-Device-Class
NGX
TWC-Connection-Speed
X-VG-TLSProxy
TWC-GeoIP-Country
TWC-GeoIP-LatLong
Property-Id
TWC-Locale-Group
Origin-Cache-Control
X-EIG-Tracking-Id
X-Backend-Name
X-Debug-Cache
X-Format
X-Access
X-Birta-Served
X-Birta-Cache-Post
Azure-RegionName
X-Endurance-Cache-Level
X-Akamai-Request-ID
Azure-SiteName
Origin-Edge-Control
Azure-Version
We-Hiring
Azure-InstanceId
Mail-Subject
X-Section
X-Time-Microsecs
X-ServerID
Xserver
X-Origin-Response-Time
S-Rt
Azure-SlotName
X-TNCMS
X-Labrador-Cache-Channel
X-Loop
X-Web-Node
X-FW-Version
Selected-FE
X-IP
DB-Nickname
X-Xfnlog-Site
X-Via-Fastly
X-Via-CDN
Now
X-NCache
X-Rocket-Nginx-Bypass
X-Tumblr-Pixel-3
X-RCS-CacheZone
X-Varnish-Cacheable
X-Trace-Id
X-OCL
X-JoinUs
X-Human
X-CCM
X-PCL
X-Proxy-Build
X-Timing-Wait
X-ProxyCache-Status
X-ProxyCache-Key
X-BYPASS-REASON
X-Vgn-Hpd-Reason
Cache-Tag
Decoy-Debug-Status
Uber-Trace-Id
Decoy-Debug-Key
X-Www-Served-By
X-Site-Version
X-Status
X-Grey
Decoy-Debug-TTL
X-Generated
X-GRACE
X-Cache-Category-Id
X-NWS-LOG-UUID
X-Newrelic-App-Data
X-MP-GENERATED-AT
X-R9-Blue-Green-Version
Served-By
X-VC-Cache
X-Dynatrace-Js-Agent
ViewerVersion
X-Wix-Request-Id
X-UA
X-Internal-Host
X-Rule
X-Cache-Remote
LB
X-CDN-Cache
X-EdgeConnect-Cache-Status
X-UnsetCookies
AsisCache
Release
X-Origin-Host
X-TIME
X-Sucuri-ID
Nel
X-Cluster-Node
X-NewRelic-App-Data
Rt-Fastcgi-Cache
X-App-Name
X-APP-VERSION
X-B3-Spanid
X-PERF
X-ApacheServer
X-Datadome
User-Agent
X-Source
X-Nginx-Cache
X-Agile
X-Request-Time
X-Agile-Age
X-Agile-Id
X-Ua
Cache-Name
Pagespeed
X-Origin
X-Hit
X-Goog-Meta-Goog-Reserved-File-Mtime
X-OVcl-Cache
X-OVcl
X-App-Version
Warning
X-VCT
X-Origin-CC
X-Pubstack
X-Edge-Location
X-Origin-TTL
X-S-Cookie
X-Platform
X-Ocache
Meta-Geo-Continent
X-A-Wwc
Node
Memcached
MD5-Digest
X-Cache-Expires
Request-Time
X-CF-Lambda-Fn
X-A-Dgt
X-Cache-Info
X-NX-Host
X-Accel-Expires-Debug
X-Core-Value
X-Application
Thinkindot-CacheControl-Type
X-ARC
X-B-Cookie
X-Debug-Cache-Fetch
X-Debug-Cache-Expiry
X-D
X-Mobile-URL
X-ScT
X-Aed
Thinkindot-CacheControl
X-Secret
X-Server-Group
X-Sucuri-Cache
X-A-Dcw
Fly-Request-Id
Arc-Country
Rendered-Blocks
X-Connection-Hash
UCS
Thinkindot-Control
BehaviorPad-Version
Cache-Prefix
X-Cache-Grace
Origin
Fly-Cache
Ec-Rule-Version
Www
Cross-Origin-Window-Policy
Ajk
Request-Country
X-Request-UUID
X-Processor
X-Rewrite-Enabled
X-CF-Lambda-Version
X-Rojux
X-A-Dam
X-PAYTM-SRV-ID
X-NodeID
X-A
Request-EU
X-Region-Sid
X-NU-AKA-ACS-Version
X-A-Ccd
On-Server
X-Date
X-Twitter-Response-Tags
X-Var-Ttl
X-Generated-In
Hostname
X-Hp-Webp
X-Trv-Group
X-Destination
X-Developer
X-Transaction
X-Gannett-Site-Version
X-G
X-Matched-Rule
X-Webstats-RespID
X-DPWN-IS-SECURE
Xc-Version
X-External-Request-Id
X-VG-WebServer
X-Logtrace-Id
X-F5-Cache
X-BB-ID
X-Up
X-Debug-Cookies
X-Thinkindot-L3
X-Debug-Cache-Store
X-SRCache-Key
X-Debug-Log
SRV
X-ElasticPress-Search
X-Varnish-Ttl
DSUID
X-Protected-By
X-Varnish-Beresp-Status
User-Cache-Control
X-Varnish-Beresp-Grace
X-Cache-Backend
Proxy-Connection
X-Origin-Expires
Pramga
X-Varnish-Authentication
RNT-Time
X-Sedo-Request-Id
Server-Host
Server-Cache-Control
X-Gen-Mode
RNT-Machine
X-PHP-Host
Server-Int
X-Cache-Id
Pagetype
X-Refresh
X-Page-Type
X-ServiceProvider
X-Cache-Host
N-Cache
X-Servername
X-Device-Os
X-LAGOON
X-Cache-ASPX
X-C
X-SIPLIST1
X-No-Session
X-Epic-Correlation-Id
X-Nginx-Cache-Key
X-Amzn-Remapped-Connection
X-Distributor
X-SN
X-Amzn-Remapped-Date
X-Block-Status
X-Eu-Site
X-Distil-CS
X-Varnish-Url
X-Edge-IP
X-Sf
X-Cache-Debug
X-Origin-Date
X-Swa-Ws
True-Client-Country-4JS
X-Cache-Bucket
Web-Mar-Node
X-Cache-Miss-From
X-Dispatcher-Server
Server-Surrogate-Control
X-Geo-Header
X-LI-UUID
Backend
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
Magicmarker
X-Rebelmouse-Cache-Control
CDCHOST
X-Hnp-Log
Cache-Cookie-Set-Lfrom
Apple-News-Services-Handled
X-LI-Proto
X-Ah-Environment
X-Info
X-Instart-Isnd
X-Irp-Debug
X-Real-Ip
X-IN-WAF
X-Key
X-Li-Pop
X-Reboot
X-Li-Fabric
X-IN-APIGATEWAY
X-Request-URI
X-RateLimit-Remaining-Second
X-Rebelmouse-Surrogate-Control
X-Proxy-Cache-Status
Ha-Gx-Prefs
X-Proxy-Upstream
X-Hash
X-CGP
HA-Ipaddr
Heartbleed
Lfy
IsBot
X-Developers
X-Policy
Fastly-SIE
Fastly-SWR
X-Crawler
X-TT-LOGID
X-RateLimit-Limit-Second
Country-Code
Fastly-Backend-Name
X-Qloud-Router
Cteonnt-Length
X-FireWall-Port
X-Bip
X-GeoIP-City
X-Generated-On
X-Fetched-On
X-Fastly-Cache
X-BBXSRF
X-Gateway-Skip-Cache
X-Gateway-Cache-Key
X-Gateway-Cache-Status
X-MSEdge-Features
X-Cms-Context
X-Core-Mission
X-Cache-FS-Status
X-GeoIP-Country-Code
X-Shopify-Stage
X-Thanos
X-TrackingId
X-User
X-Variation
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-ShopId
X-Level-Front-Cache
X-Skip-Cache
X-Backend-State
X-Via-SSL
X-Micro-Cache
FNAC-ModuleRouting
X-WPE-Loopback-Upstream-Addr
X-Cdn-Forward
X-Location
X-Cdn-Srv
X-Wikidot-Backend
X-Wikidot-Static-Cache
ServerName
X-ShardId
X-Via-Edge
Is-Eu
HTTPS
X-Amz-Meta-Cache-Control
Kp-EeAlive
X-Alternate-Cache-Key
SD-X-WS
Platform
Fastly-SSL
X-Amzn-Remapped-Content-Length
X-MSEdge-Flight
Fastly-Soc-X-Request-Id
X-S-Maxage
Adler-Geo
Content-Disposition
AKAMAI
X-Server-IP
X-GZip
X-Backend-Url
X-Planisys-CDN-Cache
X-Server-Time
X-Node-Id
X-Backend-Host
X-Auto-Login
X-Planisys-CDN-TTL
X-Owner
X-Planisys-CDN-Rules
X-RateLimit-Reset
MIME-Version
Gh-Request-Id
X-Varnish-Beresp-Ttl
Server-ID
X-NC
X-CDN-Forward
X-Apm-Inst-Hash
X-Cdn-Origin
X-Apm-App-Name
X-Apm-Svc-Key
X-Sn-Servicetimems
X-Org
X-FPC
V-Age
X-CUA
Powered-By
X-CACHE-KEY
Section-Io-Cache
Cache
X-ND-Cache
X-Geo
Rt-Proxy-Cache
REQUESTUUID
X-Exp-Se
VivaBuild
HostName
Pragrma
Viewtype
X-Load-Cache
X-Returned-From-DLL
X-Original-Request
X-Returned-From-BeforeDispatch
X-Returned-From-PostProcessResponse
X-Returned-From
X-Passed-To-DLL
X-Passed-To-PostProcessResponse
X-Passed-To-BeforeDispatch
X-Passed-To
X-Served-From
X-Pjax-Url
X-Server-By
X-Gdpr
X-Stale
X-Actual-URL
X-Svr
X-Aicache-OS
X-Parent-Response-Time
X-HS-Cache-Config
X-Nc
X-VServer
Host-ID
X-DC
X-CSRF-TOKEN
X-Dc
X-Croise-Owner
X-B3-Parentspanid
Fastcgi-Useragent
Cdn-Host
Cdn-Request-Time
X-Edge-Server
Memory
PICS-Label
Time
X-Unique-ID
X-Git-Hash
X-Servedbyhost
Wxu-Next-Commit
Wxu-Next-Region
Wxu-Next-Hostname
X-Wa
X-Microcachable
CF-IPCountry
X-Oss-Hash-Crc64ecma
SID
Resin-Trace
X-Oss-Object-Type
X-Oss-Request-Id
X-Oss-Server-Time
X-Oss-Storage-Class
X-URL
ProcessTime
X-Tb-Optimization-Total-Bytes-Saved
Mime-Version
X-Optimization
X-Cache-HT
AR-SID
X-Newrelic-Synthetics
X-ID
X-V
X-From-Cache
X-Release
X-Req
X-Host-Name
X-WebServer
Odigeo-Trace-Id
X-Lb-Id
XServer
Cf-Ipcountry
X-Varnish-Beresp-TTL
Cdn
X-HTML-Minification-Powered-By
X-TH-Server
X-Phone
X-Daa-Tunnel
X-Atg-Version
X-Instart-Info
X-APP
Proxy-Firewall
X-Fstrz
CF-Cached-On
X-Upstream-HT
X-Upstream-CT
Backend-Name
Processtime
X-WR-MODIFICATION
X-Fastly-Backend-Reqs
X-Response-By
X-LB-ID
X-Ratelimit-Remaining
X-Vcl-Version
X-Worker
X-Ratelimit-Limit
Public-Key-Pins-Report-Only
GMS-Ver
X-Check-Cacheable
X-CACHE-AGE
X-CLOUD-TRACE-CONTEXT
355prline
X-B3-SpanId
189phosttRef
178proxuri
X-Server-W
WZWS-RAY
Xxline
219prxHost
188prxHost
352pxline
225prxHost
286prxHost
409pxxline
X-Zone
X-IPS-LoggedIn
X-Nananana
X-Backend-TTL
X-Vcache
X-NGINX-Cache
Fastcgi-X-Cache-Version
X-GEO
X-SRV
Version
X-COUNTRY
X-WA
X-Amz-Meta-Surrogate-Control
X-Ratelimit-Reset
X-HS-Status
Lb
X-VCL-Version
Mobile-Detection-Method
GW-Server
Countrycode
SN
X-We-Are-Hiring
Esi-Enabled
X-UE-Client-Country
X-UPSTREAM-Address
GeoIp-Country-Code
X-ServedByHost
X-Clientip
X-CSRF-Token
Geoip-Latitude
X-Hyper-Cache
Pics-Label
DataCenter
SS
WP-Super-Cache
Geoip-City
X-AssetVersion
X-Fastly-Country-Code
X-FORWARDED-FOR
X-SERVER-NAME
X-Akamai-Request-ID2
Ohc-File-Size
X-Dynatrace
X-Via-Ucdn
X-Contensis-Viewer-Groups
X-BE
GeoIP-Latitude
Accept-Language
X-Request-Start
GeoIP-Country-Code
GeoIP-City
X-Render-Time
X-GZIP
Serverid
X-Vtex-Processado-Em
URI
X-Vtex-Remote-Cache
X-PJAX-URL
X-LiteSpeed-Cache-Control
X-HS-Combine-CSS
X-GDPR
FSS-Cache
X-PF-Uncompressing
X-CS
X-NWS-UUID-VERIFY
FSS-Proxy
X-ZONE
X-Be
CDN
X-Unique-Id
X-Urbn-Site-Id
X-Via-NSCOPI
X-Urbn-Context-Path
Locale
X-RequestId
X-Cdn-Cache
X-Gen-Id
X-Reqid
X-HostName
Dynatrace
Amp-Access-Control-Allow-Source-Origin
FastCGI-Cache
X-Fpc
X-Flog
X-ABtesting
X-Hello
X-Fastly-Cache-Hits
Ohc-Cache-HIT
X-Microsite
RequestUuid
X-Pf-Uncompressing
Cneonction
X-Request-Handler-Origin-Region
X-Cache-Ttl
Accept-Ch
X-Request-Url
X-UCC
X-Generation-Time
IBM-Web2-Location
Dnion-Transfer-Encoding
X-Html-Edge-Cache
X-LiteSpeed-Tag
A
X-Store
Server-Id
X-Akamai-SSL-Client-Sid
X-Test
Who
X-HTML-Edge-Cache
NnCoection
Frontcache
X-Dw-Trace-Id
X-Varnish-Action
X-Serial
Ohc-Response-Time
X-Cdn-Request-ID
X-ServerName
Is-Session-Tracking
X-Port
Get-Access-Time
X-EC-Lua