Threat Level: green Handler on Duty: Russ McRee

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
X-Powered-By
Link
ETag
CF-RAY
X-XSS-Protection
Expect-CT
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
CF-Cache-Status
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-AspNet-Version
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-Xss-Protection
X-Drupal-Cache
X-Adblock-Key
Alt-Svc
X-Check
X-Cacheable
X-Request-ID
Content-Security-Policy-Report-Only
X-Cache-Status
X-Generator
CF-Ray
X-DNS-Prefetch-Control
X-Permitted-Cross-Domain-Policies
X-AspNetMvc-Version
X-Template
X-Language
Status
X-Iinfo
Content-Encoding
Timing-Allow-Origin
X-FRAME-OPTIONS
X-Buckets
X-Content-Security-Policy
Upgrade
Xkey
X-CDN
X-Turbo-Charged-By
X-Kinja-Server-Push
Keep-Alive
Access-Control-Expose-Headers
X-Backend
X-Cache-Group
X-Pass-Why
Access-Control-Max-Age
X-AH-Environment
X-Drupal-Dynamic-Cache
X-Age
X-Ua-Compatible
X-Pingback
X-Server
X-Via
X-Proxy-Cache
Grace
X-Amz-Request-Id
X-Amz-Id-2
X-Hacker
X-Varnish-Cache
X-Robots-Tag
X-Server-Powered-By
X-Page-Speed
X-Nginx-Cache-Status
WPE-Backend
X-UA-Device
EagleId
Request-Context
X-Envoy-Upstream-Service-Time
P3p
Cf-Railgun
X-Amz-Version-Id
X-LiteSpeed-Cache
X-Swift-CacheTime
X-Swift-SaveTime
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-WebKit-CSP
X-OneAgent-JS-Injection
X-Device
Ali-Swift-Global-Savetime
Server-Timing
Allow
X-Ac
X-Rq
X-Node
X-Host
Content-Location
X-CST
Feature-Policy
X-Server-Id
X-Cnection
X-Response-Time
Report-To
X-Backend-Server
X-Cloud-Trace-Context
X-Application-Context
Surrogate-Control
EagleEye-TraceId
X-Type
X-Iejgwucgyu
X-ORACLE-DMS-ECID
X-Url
X-Readtime
X-Origin-Cache
Request-Id
X-Rack-Cache
X-Country
X-FTR-Request-ID
X-Clacks-Overhead
X-Country-Code
X-Cache-Lookup
Rating
NEL
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Instart-Request-ID
X-Ruxit-JS-Agent
X-Vhost
X-DynaTrace
Pinterest-Generated-By
X-Mod-Pagespeed
X-Origin-Upstream-Status
X-Px
X-DataDome
Edge-Control
X-Upstream-Env
X-Goog-Hash
Verso
X-Server-Name
Accept-CH
X-HW
X-ESI
X-Dispatcher
X-ORACLE-DMS-RID
MS-Author-Via
X-VARITI-CCR
AR-PoweredBy
AR-CACHE
AR-ATIME
X-GitHub-Request-Id
X-MS-InvokeApp
PB-PID
Arc-Version
X-Mobile-Rewrite
PB-RID
X-DataStream-Cache-Status
X-GoogleNews-Bot
X-Exp-Variant
X-Cdn-Fetch
X-Kinja
X-Exp-Id
X-Kinja-Revision
X-Kinja-Server
X-Kinja-Build
X-Use-Magma
X-Cached
X-Version
Charset
Content-MD5
X-Powered-By-Plesk
Public-Key-Pins
X-TTL
X-Recruiting
Service-Worker-Allowed
AR-Request-ID
Accept-CH-Lifetime
RTSS
Ar-Sid
X-Abt-Application-Version
X-D2id
X-Navigation-Version
X-PC
X-Vname
X-TtlSet
X-Server-ID
X-Ser
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Varnish-TTL
X-Amz-Server-Side-Encryption
X-Vcap-Request-Id
X-Trace
X-Forwarded-Proto
X-Client-IP
SPRequestGuid
X-DynaTrace-JS-Agent
Nginx-Cache
X-FTR-Backend
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-Realm
X-FTR-Cache-Status
X-FTR-DC
X-Country-Code-Real
X-Cdn
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-FTR-Expires
X-Amz-Rid
X-VCache
S
X-SharePointHealthScore
X-Amz-Meta-S3cmd-Attrs
X-Fastly-Request-ID
X-XRDS-Location
X-Debug
TCN
DynaTrace
Arr-Disable-Session-Affinity
X-Hits
X-Shield-Request-Id
X-Dw-Request-Base-Id
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
SPIisLatency
SPRequestDuration
X-Upstream-Proxy
Pinterest-Version
X-Pinterest-Rid
X-Oracle-Dms-Rid
X-Akam-SW-Version
Access-Control-Request-Method
X-T
X-SERVER
X-FTR-Cache-Host
X-Powered-CMS
X-Goog-Storage-Class
X-B3-TraceId
Front-End-Https
X-Aspnet-Version
X-NF-Request-ID
X-Acc-Meta-Resource-Type
Realpath
Tracecode
X-MSEdge-Ref
X-Amzn-Trace-Id
X-Id
X-N
Fastcgi-Cache
X-Dns-Prefetch-Control
X-Varnish-Age
Paypal-Debug-Id
X-Content-Type
X-Forwarded-For
X-Ttl
X-Upstream
X-Mrf-Section-Lastmod
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
Alternate-Protocol
X-Mrf-Item-Lastmod
X-Fastcgi-Cache
X-RateLimit-Remaining
X-Frontend
X-Logged-In
X-PressLabs-Stats
X-Content-Digest
X-HS-Hub-Id
X-HS-Content-Id
Fusion-Content-Id
Fusion-Template-Id
Fusion-Source
Fusion-Content-Source
Fusion-Component-Id
X-Sol
Display
X-Middleton-Display
X-Litespeed-Cache
X-Middleton-Response
AMP-Access-Control-Allow-Source-Origin
Response
X-Hostname
X-Cache-Key
X-Accel-Expires
X-Srv
X-Webkit-CSP
X-Pad
MicrosoftSharePointTeamServices
X-Kinsta-Cache
Host
X-B3-Traceid
Server-Name
Backend-Timing
X-Analytics
X-DataStream-Origin-MEX-Latency
X-Correlation-Id
X-DataStream-MidMile-RTT
X-Content-Options
X-Accel-Buffering
X-User-Agent
X-Revision
X-Debug-Info
X-LB-Cache
X-Az
X-Rid
X-Amzn-RequestId
X-AppVersion
X-Amz-Apigw-Id
X-Activity-Id
X-B3-Sampled
FilterID
X-Cache-Hit
Accept-Charset
X-IPLB-Instance
Refresh
X-Cache-2
Surrogate-Key
X-B
Powered-By-ChinaCache
X-DIS-Request-ID
X-CF-Powered-By
ServerID
X-Grace
X-Page-Id
X-Whom
Server-Info
TP-L2-Cache
TP-Cache
Host-Header
X-Request-Received
MS-CV
X-PHP-Backend
X-Request-Processing-Time
X-Content-Security-Policy-Report-Only
X-Ruxit-Js-Agent
X-TT
X-Origin-Server
X-Kong-Proxy-Latency
Cache-Status
VIX-Pulpo-Node
X-Amz-Replication-Status
X-App-Environment
VIX-Pulpo-Upstream-Status
X-Varnish-Backend
X-Kong-Upstream-Latency
Source
X-Cached-By
X-Akamai-Edgescape
X-Framework
X-Platform-Server
X-Cache-Action
X-UA-Device-Type
X-Cluster
Access-Control-Allow-Method
X-GUploader-UploadID
X-Content-Powered-By
X-F-Cache
X-Mobile
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Varnish-Grace
X-Tumblr-User
X-FW-Server
X-FW-Hash
X-Drupal-Cache-Tags
X-FW-Static
X-FW-Serve
X-FW-Type
X-Request-Guid
X-FB-Debug
X-Instance
X-SS-Set-Cookie
X-RateLimit-Limit
X-Zen-Fury
X-FastCGI-Cache
X-Geo-Country
X-Shard
X-Handled-By
X-Forwarded-Host
X-Ezoic-Cdn
X-Magnolia-Registration
X-Cache-TTL
Edge-Cache-Tag
From-Origin
X-Node-Name
PageSpeed
X-ATG-Version
X-Varnish-Hostname
X-Cache-Age
X-App-Server
X-Varnish-Server
Cache-Tags
DC
Cleartype
X-BCube-Filmed-By
X-AOL-HN
X-Cache-Control
Healthy
Upgrade-Insecure-Requests
Payment
X-WebKit-CSP-Report-Only
Filters
Fastly-Restarts
X-Region
X-Response-Served-From
X-Generated-By
X-RequestSource
X-Cache-Rule
X-TX-ID
Server-Node
X-Adobe-Content
X-Adobe-Loc
X-Signature
CACHE
Ms-Operation-Id
X-UUID
X-VG-WebCache
X-Storage
X-B-Cache
X-TT-TIMESTAMP
Country
NGB
Webserver
X-Redis-Cache
X-GeoIP
X-RTag
Actual-Object-TTL
X-Drupal-Cache-Contexts
X-Tumblr-Pixel-2
X-FW-Dynamic
X-Tumblr-Pixel-1
X-Jobs
X-TA-CDN-Provider
X-Content-Age
X-XRDS-LOCATION
Cache-Tv-Group
X-Cacheable-TTL
Retry-After
X-Locale
X-Varnish-Hits
GEO-INFO
ServedBy
Powered
Liferay-Portal
Frame-Options
X-Contextid
X-Oneagent-Js-Injection
X-Seen-By
HitType
X-Rendered-As
X-Cache-TTL-Remaining
X-WA-Info
X-Real-IP
X-Varnish-IP
X-Wix-Server-Artifact-Id
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Via-JSL
S-Cnection
Viewport
X-Guploader-Uploadid
Eomportal-Instance
X-RemovedCookies
X-ProcessESI
X-Cache-NE
X-Upgrade-Enabled
X-Esi
X-Time
X-GRACE
X-BACKEND-TTL
X-Cache-Server
X-Mode
Xserver
Content-Style-Type
Content-Script-Type
NtCoent-Length
Datacenter
Cache-Hits
X-Zipkin-Id
X-Cache-Var-Map
X-Cache-Var
X-Proto
X-Detected-As
X-Akamai-Transformed
X-Proxied
X-RN-RSRV
X-Routing-Service
X-Varnish-Cache-Hits
X-Path-Route
X-Is-Bot
X-From
Load-Balancing
Cache-Key
X-Device-Type
Mn-Server-Ip
X-ES-SERVER
X-Cache-Enabled
Meta-Geo
X-Cache-Operation
X-Hl-Ver
OT-Force-Account-Verify
Machine
X-S
X-Cache-Config
X-FC-Vary-Parameters
Property-Id
Webcakes-Region
X-Hosted-By
TWC-Privacy
X-L-Path
X-FB-TRIP-ID
TWC-Locale-Group
TWC-GeoIP-Country
X-AWS-Id
TWC-Device-Class
TWC-Connection-Speed
X-LJ-Flow-ID
X-Environment-Context
X-Origin-Hint
X-VG-TLSProxy
We-Hiring
X-Viewer-Country
X-VWS-Id
Access-Control-Request-Headers
Vix-Hermes-Req-Id
Webcakes-App-Name
X-Tb
Mail-Subject
TWC-GeoIP-LatLong
X-Proxy
L5d-Success-Class
Webcakes-App-Version
NGX
Origin-Cache-Control
Azure-SiteName
Azure-RegionName
Azure-SlotName
Azure-Version
Origin-Edge-Control
S-Rt
X-Debug-Cache
X-ServerID
X-Section
X-Origin-Response-Time
X-Time-Microsecs
X-TNCMS
X-Backend-Name
X-Web-Node
X-Loop
X-Labrador-Cache-Channel
X-Birta-Served
X-Birta-Cache-Post
X-Akamai-Request-ID
Azure-InstanceId
X-Newrelic-App-Data
X-FW-Version
X-Format
X-Access
X-EIG-Tracking-Id
X-Endurance-Cache-Level
X-Timing-Wait
X-CCM
X-ProxyCache-Status
X-Trace-Id
X-Varnish-Cacheable
X-Via-CDN
X-Vgn-Hpd-Reason
X-ProxyCache-Key
X-Proxy-Build
X-JoinUs
X-IP
X-BYPASS-REASON
X-Human
X-OCL
Cache-Tag
X-PCL
X-Via-Fastly
Selected-FE
DB-Nickname
X-Tumblr-Pixel-3
Now
X-Xfnlog-Site
X-RCS-CacheZone
X-Rocket-Nginx-Bypass
X-NCache
X-Generated
Decoy-Debug-TTL
Decoy-Debug-Key
X-Grey
Decoy-Debug-Status
Uber-Trace-Id
X-Site-Version
X-Www-Served-By
X-Status
X-Cache-Category-Id
X-MP-GENERATED-AT
X-NWS-LOG-UUID
Served-By
X-R9-Blue-Green-Version
X-VC-Cache
X-Dynatrace-Js-Agent
X-Wix-Request-Id
ViewerVersion
X-Internal-Host
X-Rule
X-Cache-Remote
X-EdgeConnect-Cache-Status
X-CDN-Cache
LB
X-UA
AsisCache
Release
X-UnsetCookies
X-Origin-Host
X-Sucuri-ID
Nel
X-Cluster-Node
Rt-Fastcgi-Cache
X-App-Name
X-PERF
X-ApacheServer
X-NewRelic-App-Data
X-TIME
X-Datadome
X-Ua
X-Source
X-Nginx-Cache
User-Agent
X-Request-Time
X-Agile
X-Agile-Age
X-Agile-Id
X-B3-Spanid
X-App-Version
X-APP-VERSION
Cache-Name
Pagespeed
X-Origin
X-Hit
X-OVcl-Cache
X-OVcl
X-Goog-Meta-Goog-Reserved-File-Mtime
X-VCT
X-Edge-Location
Warning
X-Pubstack
X-Origin-CC
X-Origin-TTL
UCS
X-Instart-Isnd
Thinkindot-Control
X-External-Request-Id
X-Generated-In
X-Gannett-Site-Version
Thinkindot-CacheControl-Type
X-A
X-A-Wwc
X-A-Dam
X-A-Dgt
X-G
X-F5-Cache
X-A-Ccd
X-Accel-Expires-Debug
X-A-Dcw
Request-Country
Fly-Request-Id
Fly-Cache
Lfy
MD5-Digest
Memcached
Ec-Rule-Version
Cross-Origin-Window-Policy
Ajk
Arc-Country
BehaviorPad-Version
Cache-Prefix
Meta-Geo-Continent
Node
Request-EU
Request-Time
Server-Cache-Control
Server-Surrogate-Control
X-IN-WAF
X-IN-APIGATEWAY
On-Server
Origin
Rendered-Blocks
X-Aed
Thinkindot-CacheControl
X-NodeID
X-CF-Lambda-Fn
X-S-Cookie
X-CF-Lambda-Version
X-Trv-Group
X-Transaction
X-Twitter-Response-Tags
X-Cache-Info
X-Rojux
X-Cache-Expires
X-Cache-Grace
X-Hp-Webp
X-ScT
X-Secret
X-SRCache-Key
X-Thinkindot-L3
X-Server-Group
X-D
X-Date
X-Core-Value
X-Debug-Cache-Expiry
X-Debug-Cookies
X-Connection-Hash
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-Debug-Log
X-Rewrite-Enabled
X-NU-AKA-ACS-Version
X-Developer
X-Destination
X-VG-WebServer
X-ARC
X-DPWN-IS-SECURE
X-Webstats-RespID
X-Logtrace-Id
X-Application
X-Matched-Rule
X-Mobile-URL
X-B-Cookie
X-BB-ID
X-Up
X-Region-Sid
X-Cache-ASPX
X-Request-UUID
X-Processor
X-Platform
X-NX-Host
X-Varnish-Authentication
X-PAYTM-SRV-ID
X-Var-Ttl
Xc-Version
Www
X-Sucuri-Cache
Hostname
X-Ocache
X-Edge-IP
X-Cache-Backend
X-Protected-By
X-Varnish-Ttl
X-Varnish-Beresp-Grace
X-Cdn-Forward
X-Varnish-Beresp-Status
DSUID
SRV
X-ElasticPress-Search
User-Cache-Control
X-Epic-Correlation-Id
X-Crawler
X-Varnish-Url
X-CGP
X-Eu-Site
X-Device-Os
X-Cache-Id
X-Distil-CS
X-Distributor
X-Dispatcher-Server
X-Developers
X-TT-LOGID
X-Ah-Environment
True-Client-Country-4JS
Web-Mar-Node
X-Cache-Miss-From
Server-Int
Server-Host
X-Amzn-Remapped-Connection
X-Amzn-Remapped-Date
X-Cache-Debug
X-Cache-Bucket
X-Block-Status
X-Swa-Ws
X-Cache-Host
X-Hash
X-PHP-Host
X-Policy
X-Proxy-Cache-Status
X-Page-Type
X-Origin-Expires
X-No-Session
X-Origin-Date
X-Proxy-Upstream
X-Qloud-Router
X-Reboot
X-Request-URI
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Nginx-Cache-Key
X-Servername
X-SIPLIST1
X-Info
X-Irp-Debug
X-SN
X-Hnp-Log
X-Geo-Header
RNT-Time
X-Key
X-LAGOON
X-LI-UUID
X-ServiceProvider
X-LI-Proto
X-Li-Pop
X-Sf
X-Li-Fabric
X-Gen-Mode
X-C
HA-Ipaddr
RNT-Machine
Fastly-SWR
Fastly-SIE
IsBot
Kp-EeAlive
X-Refresh
X-Sedo-Request-Id
N-Cache
Magicmarker
Fastly-Backend-Name
Country-Code
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Apple-News-Services-Handled
Backend
Cache-Cookie-Set-From
CDCHOST
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
Pagetype
Ha-Gx-Prefs
Proxy-Connection
Pramga
X-FireWall-Port
Cteonnt-Length
X-WPE-Loopback-Upstream-Addr
X-Sorting-Hat-ShopId
X-Gateway-Cache-Status
X-GeoIP-City
X-GeoIP-Country-Code
X-Gateway-Cache-Key
X-Generated-On
X-Fastly-Cache
Is-Eu
X-TrackingId
X-User
HTTPS
Heartbleed
X-Sorting-Hat-PodId
X-Thanos
X-Fetched-On
Fastly-Soc-X-Request-Id
X-Micro-Cache
X-S-Maxage
X-Cdn-Srv
X-Location
SD-X-WS
Adler-Geo
AKAMAI
X-Server-IP
X-MSEdge-Flight
X-ShopId
X-Shopify-Stage
X-Skip-Cache
X-ShardId
X-Level-Front-Cache
X-MSEdge-Features
Content-Disposition
Fastly-SSL
X-Gateway-Skip-Cache
X-Variation
X-Cms-Context
X-Amzn-Remapped-Content-Length
X-Alternate-Cache-Key
X-Amz-Meta-Cache-Control
X-Wikidot-Static-Cache
X-Via-Edge
X-Wikidot-Backend
X-Cache-FS-Status
X-Via-SSL
Platform
X-Bip
X-Core-Mission
X-BBXSRF
X-Backend-State
FNAC-ModuleRouting
ServerName
X-GZip
X-Backend-Host
X-Backend-Url
Cache
X-Server-Time
X-Planisys-CDN-Rules
X-RateLimit-Reset
X-Owner
X-Planisys-CDN-TTL
X-Node-Id
X-Planisys-CDN-Cache
X-Auto-Login
MIME-Version
X-Real-Ip
Server-ID
X-NC
X-Varnish-Beresp-Ttl
Gh-Request-Id
Powered-By
X-Org
X-Sn-Servicetimems
X-Cdn-Origin
X-FPC
X-Apm-Inst-Hash
X-Apm-App-Name
X-Apm-Svc-Key
X-CUA
V-Age
Section-Io-Cache
X-CACHE-KEY
Viewtype
X-ND-Cache
Rt-Proxy-Cache
HostName
REQUESTUUID
VivaBuild
X-Pjax-Url
X-Exp-Se
X-CDN-Forward
X-Geo
Pragrma
X-Load-Cache
X-Original-Request
X-Passed-To-DLL
X-Gdpr
X-Served-From
X-Actual-URL
X-Returned-From-PostProcessResponse
X-Passed-To-BeforeDispatch
X-Passed-To-PostProcessResponse
X-Passed-To
X-Server-By
X-Stale
X-Returned-From-DLL
X-Returned-From-BeforeDispatch
X-Returned-From
X-Svr
X-Aicache-OS
X-Parent-Response-Time
X-HS-Cache-Config
Host-ID
X-DC
X-Dc
X-B3-Parentspanid
X-Nc
X-Croise-Owner
X-VServer
X-CSRF-TOKEN
Fastcgi-Useragent
Time
Cdn-Request-Time
Cdn-Host
X-Edge-Server
Memory
X-Unique-ID
Wxu-Next-Commit
Wxu-Next-Hostname
X-Wa
Wxu-Next-Region
X-Servedbyhost
X-Git-Hash
PICS-Label
X-Microcachable
CF-IPCountry
Resin-Trace
X-Oss-Server-Time
X-Oss-Request-Id
X-Oss-Object-Type
SID
ProcessTime
X-Oss-Storage-Class
X-Oss-Hash-Crc64ecma
X-Tb-Optimization-Total-Bytes-Saved
X-V
X-Newrelic-Synthetics
Mime-Version
X-ID
X-Optimization
X-Cache-HT
AR-SID
X-From-Cache
X-Req
X-Release
X-Host-Name
Odigeo-Trace-Id
X-TH-Server
X-WebServer
Cdn
X-Lb-Id
X-Varnish-Beresp-TTL
Cf-Ipcountry
X-Phone
X-HTML-Minification-Powered-By
X-Atg-Version
X-Daa-Tunnel
Proxy-Firewall
XServer
X-Instart-Info
X-APP
X-Fstrz
CF-Cached-On
X-Upstream-HT
X-Upstream-CT
Backend-Name
X-Response-By
X-WR-MODIFICATION
Processtime
X-Fastly-Backend-Reqs
X-B3-SpanId
X-LB-ID
X-Ratelimit-Remaining
X-Worker
Public-Key-Pins-Report-Only
X-Backend-TTL
X-Ratelimit-Limit
X-Vcl-Version
GMS-Ver
X-CACHE-AGE
X-CLOUD-TRACE-CONTEXT
355prline
409pxxline
Xxline
X-Server-W
352pxline
189phosttRef
X-Nananana
178proxuri
188prxHost
219prxHost
286prxHost
225prxHost
WZWS-RAY
X-Check-Cacheable
X-Zone
X-GEO
X-IPS-LoggedIn
Fastcgi-X-Cache-Version
X-Vcache
X-NGINX-Cache
Version
X-Ratelimit-Reset
X-Amz-Meta-Surrogate-Control
Pics-Label
X-HS-Status
X-WA
X-URL
Lb
X-UPSTREAM-Address
X-ServedByHost
SN
X-CSRF-Token
X-Clientip
Esi-Enabled
X-Hyper-Cache
X-UE-Client-Country
GW-Server
X-We-Are-Hiring
X-VCL-Version
Countrycode
Mobile-Detection-Method
DataCenter
X-Akamai-Request-ID2
X-Contensis-Viewer-Groups
Geoip-Latitude
X-SERVER-NAME
X-Fastly-Country-Code
X-AssetVersion
GeoIP-Latitude
GeoIP-Country-Code
GeoIP-City
GeoIp-Country-Code
SS
X-SRV
Ohc-File-Size
X-Dynatrace
Accept-Language
X-BE
X-Render-Time
X-Via-Ucdn
Geoip-City
X-Request-Start
Serverid
WP-Super-Cache
X-GZIP
FSS-Proxy
FSS-Cache
X-LiteSpeed-Cache-Control
X-CS
X-HS-Combine-CSS
X-NWS-UUID-VERIFY
URI
X-RequestId
X-GDPR
X-PF-Uncompressing
X-ZONE
X-Vtex-Processado-Em
X-Be
X-Vtex-Remote-Cache
X-Unique-Id
X-Urbn-Site-Id
X-Gen-Id
X-Cdn-Cache
X-Urbn-Context-Path
X-PJAX-URL
X-Via-NSCOPI
X-Reqid
CDN
Locale
X-FORWARDED-FOR
X-HostName
Dynatrace
Amp-Access-Control-Allow-Source-Origin
FastCGI-Cache
X-Pf-Uncompressing
Ohc-Cache-HIT
X-Microsite
X-ABtesting
Cneonction
X-Hello
X-Flog
X-Fastly-Cache-Hits
X-Fpc
X-Request-Handler-Origin-Region
RequestUuid
X-Cache-Ttl
Server-Id
Dnion-Transfer-Encoding
X-LiteSpeed-Tag
X-Request-Url
X-Store
A
Accept-Ch
X-Html-Edge-Cache
IBM-Web2-Location
X-Generation-Time
X-UCC
X-Akamai-SSL-Client-Sid
Get-Access-Time
X-Test
Requestid
X-Dw-Trace-Id
X-Port
Is-Session-Tracking
X-Varnish-Action
Ohc-Response-Time
Who
X-ServerName
X-EC-Lua
X-HTML-Edge-Cache
Frontcache
NnCoection
X-Serial
X-Cdn-Request-ID