Threat Level: green Handler on Duty: Russ McRee

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
X-Powered-By
Link
ETag
CF-RAY
X-XSS-Protection
Expect-CT
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
CF-Cache-Status
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-Xss-Protection
X-Drupal-Cache
X-Adblock-Key
Alt-Svc
X-Check
X-Cacheable
Content-Security-Policy-Report-Only
X-Cache-Status
X-Generator
X-Request-ID
CF-Ray
X-DNS-Prefetch-Control
X-Permitted-Cross-Domain-Policies
X-AspNetMvc-Version
X-Template
X-Language
Status
X-Iinfo
Content-Encoding
Timing-Allow-Origin
X-FRAME-OPTIONS
X-Content-Security-Policy
X-Buckets
Upgrade
Xkey
X-Turbo-Charged-By
X-Kinja-Server-Push
X-CDN
Keep-Alive
Access-Control-Expose-Headers
X-Backend
Access-Control-Max-Age
X-Cache-Group
X-Pass-Why
X-AH-Environment
X-Drupal-Dynamic-Cache
X-Age
X-Ua-Compatible
X-Pingback
X-Server
X-Via
X-Proxy-Cache
X-Amz-Id-2
X-Amz-Request-Id
Grace
X-Hacker
X-Varnish-Cache
X-Page-Speed
X-Robots-Tag
X-Server-Powered-By
X-Nginx-Cache-Status
WPE-Backend
X-UA-Device
EagleId
Request-Context
X-Envoy-Upstream-Service-Time
P3p
Cf-Railgun
X-Amz-Version-Id
X-LiteSpeed-Cache
X-Swift-CacheTime
X-Swift-SaveTime
X-WebKit-CSP
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-OneAgent-JS-Injection
X-Device
Ali-Swift-Global-Savetime
Server-Timing
Allow
X-Ac
X-Rq
X-Node
X-Host
Content-Location
Feature-Policy
X-Server-Id
X-CST
X-Cnection
X-Response-Time
Report-To
X-Backend-Server
X-Cloud-Trace-Context
X-Application-Context
Surrogate-Control
EagleEye-TraceId
X-ORACLE-DMS-ECID
X-Iejgwucgyu
X-Url
X-Origin-Cache
X-Readtime
Request-Id
X-Rack-Cache
X-Type
X-FTR-Request-ID
X-Country
X-Cache-Lookup
X-Clacks-Overhead
X-Country-Code
Rating
NEL
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Instart-Request-ID
X-Ruxit-JS-Agent
X-Vhost
X-DynaTrace
Pinterest-Generated-By
X-Mod-Pagespeed
X-Origin-Upstream-Status
X-DataDome
Edge-Control
X-Px
X-Goog-Hash
X-Upstream-Env
Verso
X-Server-Name
X-HW
Accept-CH
X-Dispatcher
X-ORACLE-DMS-RID
X-Cdn
MS-Author-Via
X-ESI
X-VARITI-CCR
AR-PoweredBy
AR-CACHE
AR-ATIME
X-Mobile-Rewrite
PB-RID
Arc-Version
PB-PID
X-MS-InvokeApp
X-GitHub-Request-Id
X-Kinja-Revision
X-Kinja-Server
X-Exp-Variant
X-Exp-Id
X-Cdn-Fetch
X-GoogleNews-Bot
X-Use-Magma
X-DataStream-Cache-Status
X-Kinja
X-Kinja-Build
X-Cached
X-Version
X-Powered-By-Plesk
Content-MD5
Public-Key-Pins
Charset
X-TTL
X-Recruiting
Service-Worker-Allowed
AR-Request-ID
RTSS
Accept-CH-Lifetime
Ar-Sid
X-Abt-Application-Version
X-D2id
X-Navigation-Version
X-Server-ID
X-Vname
X-TtlSet
X-PC
X-Amz-Server-Side-Encryption
X-Ser
X-SRCache-Store-Status
X-Varnish-TTL
X-SRCache-Fetch-Status
X-Vcap-Request-Id
X-Forwarded-Proto
X-Trace
X-Client-IP
SPRequestGuid
X-DynaTrace-JS-Agent
Nginx-Cache
X-FTR-DC
X-FTR-Backend
X-FTR-Balancer
X-FTR-Cache-Status
X-FTR-Realm
X-Country-Code-Real
X-FTR-Backend-Server
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Goog-Metageneration
X-FTR-Expires
X-Goog-Stored-Content-Encoding
X-Amz-Rid
X-Amz-Meta-S3cmd-Attrs
S
X-VCache
X-SharePointHealthScore
X-Fastly-Request-ID
DynaTrace
X-XRDS-Location
X-Debug
TCN
X-Hits
Arr-Disable-Session-Affinity
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Dw-Request-Base-Id
X-TEC-API-ORIGIN
X-Shield-Request-Id
SPRequestDuration
X-Upstream-Proxy
X-Pinterest-Rid
X-Akam-SW-Version
SPIisLatency
Pinterest-Version
X-Oracle-Dms-Rid
Access-Control-Request-Method
X-Powered-CMS
X-T
X-FTR-Cache-Host
X-SERVER
X-Goog-Storage-Class
X-B3-TraceId
X-Id
X-Aspnet-Version
Front-End-Https
X-Acc-Meta-Resource-Type
X-NF-Request-ID
Realpath
X-Amzn-Trace-Id
Tracecode
X-MSEdge-Ref
Fastcgi-Cache
X-Varnish-Age
X-N
X-Content-Type
X-Dns-Prefetch-Control
Paypal-Debug-Id
X-Ttl
X-Upstream
X-Forwarded-For
Alternate-Protocol
MRF-Tech
X-B3-TraceId-Primal
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
Mrf-Cache-Status
X-RateLimit-Remaining
X-Frontend
X-Logged-In
X-PressLabs-Stats
X-Content-Digest
X-HS-Hub-Id
X-HS-Content-Id
Fusion-Content-Id
Fusion-Content-Source
Fusion-Source
Fusion-Template-Id
Fusion-Component-Id
X-Litespeed-Cache
X-Cache-Key
X-Middleton-Display
Display
X-Sol
Response
X-Middleton-Response
X-Srv
X-Hostname
X-Fastcgi-Cache
AMP-Access-Control-Allow-Source-Origin
X-Accel-Expires
X-Pad
X-Webkit-CSP
Host
MicrosoftSharePointTeamServices
Server-Name
X-B3-Traceid
X-DataStream-Origin-MEX-Latency
X-Kinsta-Cache
X-DataStream-MidMile-RTT
X-Correlation-Id
X-Analytics
Backend-Timing
X-Content-Options
X-User-Agent
X-Revision
X-LB-Cache
X-Debug-Info
X-IPLB-Instance
X-Rid
X-Cache-2
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Cache-Hit
X-B3-Sampled
X-AppVersion
X-Az
Surrogate-Key
Accept-Charset
X-Activity-Id
FilterID
X-Grace
Refresh
ServerID
X-Accel-Buffering
X-B
Powered-By-ChinaCache
X-CF-Powered-By
X-DIS-Request-ID
X-Page-Id
X-Whom
X-Request-Processing-Time
X-Request-Received
Server-Info
TP-Cache
TP-L2-Cache
X-FastCGI-Cache
Host-Header
MS-CV
X-PHP-Backend
X-Ruxit-Js-Agent
X-Content-Security-Policy-Report-Only
Cache-Status
X-Cached-By
X-Amz-Replication-Status
Source
X-Cache-Action
X-TT
X-Origin-Server
X-Kong-Proxy-Latency
VIX-Pulpo-Node
X-Varnish-Backend
X-App-Environment
X-Akamai-Edgescape
VIX-Pulpo-Upstream-Status
X-Kong-Upstream-Latency
X-F-Cache
X-Tumblr-Pixel
X-Platform-Server
X-Tumblr-Pixel-0
X-Framework
X-Tumblr-User
X-Cluster
X-Mobile
Access-Control-Allow-Method
X-GUploader-UploadID
X-Content-Powered-By
X-FW-Static
X-UA-Device-Type
X-Request-Guid
X-FW-Server
X-FW-Type
X-Instance
X-FW-Hash
X-FW-Serve
X-Varnish-Grace
X-Drupal-Cache-Tags
X-FB-Debug
X-Zen-Fury
X-SS-Set-Cookie
PageSpeed
X-RateLimit-Limit
X-Forwarded-Host
X-Geo-Country
X-Ezoic-Cdn
X-Shard
X-Cache-TTL
Edge-Cache-Tag
X-Handled-By
X-Magnolia-Registration
X-Node-Name
From-Origin
X-Varnish-Hostname
X-ATG-Version
X-Cache-Age
Cache-Tags
X-TA-CDN-Provider
X-App-Server
X-Varnish-Server
X-BCube-Filmed-By
DC
X-AOL-HN
Cleartype
X-Cache-Control
Fastly-Restarts
Healthy
X-Cache-Rule
Upgrade-Insecure-Requests
Payment
Server-Node
X-RequestSource
X-Response-Served-From
X-Region
X-WebKit-CSP-Report-Only
Filters
X-Adobe-Content
X-B-Cache
Country
X-TX-ID
X-Signature
X-Adobe-Loc
X-Generated-By
X-Redis-Cache
Webserver
Actual-Object-TTL
X-GeoIP
X-VG-WebCache
X-UUID
X-Tumblr-Pixel-1
X-Storage
X-TT-TIMESTAMP
NGB
X-Tumblr-Pixel-2
X-RTag
Retry-After
X-Drupal-Cache-Contexts
Ms-Operation-Id
X-FW-Dynamic
Cache-Tv-Group
X-Jobs
X-Locale
X-Cacheable-TTL
X-Varnish-Hits
X-XRDS-LOCATION
X-Content-Age
Powered
GEO-INFO
CACHE
ServedBy
X-Esi
Frame-Options
Liferay-Portal
X-Contextid
X-Oneagent-Js-Injection
HitType
X-WA-Info
X-Rendered-As
X-Seen-By
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Varnish-IP
X-Cache-TTL-Remaining
X-Via-JSL
X-Cache-NE
S-Cnection
X-ProcessESI
X-Guploader-Uploadid
Eomportal-Instance
X-RemovedCookies
Viewport
X-Real-IP
X-Upgrade-Enabled
X-BACKEND-TTL
X-Cache-Server
X-Mode
X-Cache-Operation
X-Wix-Server-Artifact-Id
X-Newrelic-App-Data
X-Varnish-Cache-Hits
NtCoent-Length
X-Hl-Ver
X-Device-Type
X-From
X-ES-SERVER
X-Is-Bot
X-Proxied
X-Zipkin-Id
X-Routing-Service
X-RN-RSRV
X-Proto
X-Path-Route
X-Cache-Var-Map
Cache-Key
Cache-Hits
OT-Force-Account-Verify
Content-Style-Type
Machine
Meta-Geo
Content-Script-Type
X-Cache-Var
X-Cache-Enabled
Mn-Server-Ip
X-Detected-As
Load-Balancing
Datacenter
X-S
X-Time
TWC-Connection-Speed
X-Hosted-By
TWC-Device-Class
X-Tb
X-FB-TRIP-ID
TWC-GeoIP-Country
X-Akamai-Transformed
X-Environment-Context
X-Cache-Config
X-L-Path
X-LJ-Flow-ID
X-Origin-Hint
X-Proxy
Property-Id
TWC-GeoIP-LatLong
X-AWS-Id
NGX
L5d-Success-Class
Access-Control-Request-Headers
Webcakes-App-Name
X-VWS-Id
Webcakes-Region
X-FC-Vary-Parameters
X-Backend-Name
X-Viewer-Country
Webcakes-App-Version
TWC-Locale-Group
X-VG-TLSProxy
TWC-Privacy
Vix-Hermes-Req-Id
X-Labrador-Cache-Channel
DB-Nickname
X-Format
X-NCache
X-MP-GENERATED-AT
X-FW-Version
X-Loop
Azure-Version
Azure-InstanceId
Azure-SlotName
Azure-RegionName
X-EIG-Tracking-Id
Azure-SiteName
Mail-Subject
X-Section
X-Web-Node
We-Hiring
X-Tumblr-Pixel-3
X-TNCMS
X-Access
X-Rocket-Nginx-Bypass
X-Akamai-Request-ID
X-Birta-Cache-Post
X-Birta-Served
Xserver
X-Time-Microsecs
Now
X-Debug-Cache
X-Origin-Response-Time
S-Rt
X-RCS-CacheZone
Origin-Cache-Control
X-ServerID
Origin-Edge-Control
X-CCM
Selected-FE
X-BYPASS-REASON
X-IP
X-Via-CDN
X-PCL
X-Endurance-Cache-Level
X-Proxy-Build
X-ProxyCache-Key
X-Timing-Wait
X-Trace-Id
X-ProxyCache-Status
X-NWS-LOG-UUID
X-OCL
X-Vgn-Hpd-Reason
Cache-Tag
X-JoinUs
X-Xfnlog-Site
X-Human
X-Via-Fastly
X-Varnish-Cacheable
X-Cache-Category-Id
Uber-Trace-Id
X-Www-Served-By
X-Site-Version
X-Grey
X-Internal-Host
X-Generated
X-Status
Decoy-Debug-Key
Decoy-Debug-Status
X-R9-Blue-Green-Version
Decoy-Debug-TTL
X-VC-Cache
X-Dynatrace-Js-Agent
Served-By
X-UA
X-GRACE
LB
X-Cache-Remote
X-Rule
X-UnsetCookies
Release
X-EdgeConnect-Cache-Status
ViewerVersion
X-Wix-Request-Id
X-CDN-Cache
AsisCache
X-TIME
Nel
X-Cluster-Node
X-Origin-Host
X-Sucuri-ID
Rt-Fastcgi-Cache
X-APP-VERSION
X-App-Name
X-Datadome
X-PERF
X-B3-Spanid
X-ApacheServer
X-Source
X-Request-Time
X-Nginx-Cache
X-Agile-Id
X-Agile-Age
X-Agile
X-Hit
User-Agent
X-OVcl
X-OVcl-Cache
X-Origin
X-Ua
X-Goog-Meta-Goog-Reserved-File-Mtime
Cache-Name
X-NewRelic-App-Data
X-VCT
X-App-Version
DSUID
SRV
Warning
X-Origin-TTL
X-WPE-Loopback-Upstream-Addr
X-Edge-Location
X-Origin-CC
X-ElasticPress-Search
X-Rojux
Meta-Geo-Continent
X-Cache-ASPX
X-Cache-Expires
X-Cache-Grace
X-Request-UUID
X-Rewrite-Enabled
X-Server-Group
Cross-Origin-Window-Policy
X-Secret
X-BB-ID
Ec-Rule-Version
X-S-Cookie
X-Sedo-Request-Id
X-Hp-Webp
X-ScT
X-Ocache
Www
X-Matched-Rule
X-A
Ajk
X-A-Dam
X-A-Ccd
UCS
Arc-Country
Thinkindot-Control
Thinkindot-CacheControl-Type
X-Logtrace-Id
BehaviorPad-Version
Thinkindot-CacheControl
X-Platform
X-A-Dcw
X-PAYTM-SRV-ID
Server-Surrogate-Control
X-Application
X-ARC
X-Region-Sid
X-Refresh
X-Aed
Server-Cache-Control
X-A-Dgt
X-Processor
X-A-Wwc
X-Accel-Expires-Debug
X-Pubstack
X-B-Cookie
X-Mobile-URL
X-External-Request-Id
X-Up
X-Webstats-RespID
MD5-Digest
X-F5-Cache
Xc-Version
X-NX-Host
X-Twitter-Response-Tags
Hostname
X-Thinkindot-L3
X-DPWN-IS-SECURE
Origin
X-Instart-Isnd
X-Gannett-Site-Version
Node
X-NodeID
X-Generated-In
X-Var-Ttl
X-SRCache-Key
X-VG-WebServer
On-Server
X-Varnish-Authentication
X-G
Request-Country
Rendered-Blocks
Memcached
Cache-Prefix
Fly-Cache
X-Connection-Hash
X-Core-Value
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-Cache-Info
X-Trv-Group
X-Cache-Miss-From
X-NU-AKA-ACS-Version
X-Transaction
Request-EU
Fly-Request-Id
Request-Time
X-Debug-Cookies
X-Debug-Log
X-Developer
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-D
X-Destination
X-Date
X-Debug-Cache-Expiry
X-Varnish-Ttl
X-Cache-Backend
Cache
User-Cache-Control
X-Micro-Cache
X-Nginx-Cache-Key
Server-Host
RNT-Machine
RNT-Time
Server-Int
Proxy-Connection
ServerName
Pagetype
Pramga
X-No-Session
X-Cache-Debug
X-Distributor
X-Key
X-Epic-Correlation-Id
X-Distil-CS
X-Dispatcher-Server
X-Developers
X-Device-Os
X-Eu-Site
X-Irp-Debug
X-Geo-Header
X-Hash
X-Hnp-Log
X-Gen-Mode
X-IN-APIGATEWAY
X-Info
X-IN-WAF
X-LAGOON
X-Crawler
X-Amzn-Remapped-Connection
X-Amzn-Remapped-Date
X-Li-Pop
X-LI-Proto
X-LI-UUID
X-Location
Web-Mar-Node
X-Block-Status
X-C
X-CGP
X-Li-Fabric
X-Cdn-Srv
X-Cache-Id
X-Cache-Bucket
X-Cache-Host
True-Client-Country-4JS
Country-Code
Apple-News-Services-Request-Url
Backend
X-Ah-Environment
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
X-ServiceProvider
X-Rebelmouse-Surrogate-Control
X-Reboot
CDCHOST
Cache-Cookie-Set-Lfrom
Apple-News-Services-Handled
X-SN
FNAC-ModuleRouting
X-Qloud-Router
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Rebelmouse-Cache-Control
X-Sucuri-Cache
X-Proxy-Upstream
X-Request-URI
X-Policy
X-Protected-By
X-Proxy-Cache-Status
X-SIPLIST1
X-PHP-Host
HA-Ipaddr
X-Page-Type
Ha-Gx-Prefs
X-Swa-Ws
X-Edge-IP
IsBot
X-Real-Ip
X-Servername
Kp-EeAlive
X-Origin-Date
X-Origin-Expires
Fastly-SIE
X-TT-LOGID
X-Sf
Lfy
Fastly-SWR
Pagespeed
Cteonnt-Length
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-FireWall-Port
X-Sorting-Hat-PodId
X-Skip-Cache
X-Level-Front-Cache
X-Shopify-Stage
X-ShopId
X-Core-Mission
X-Cms-Context
X-Fastly-Cache
X-Gateway-Skip-Cache
X-Gateway-Cache-Status
X-Gateway-Cache-Key
X-Generated-On
X-Thanos
X-TrackingId
X-GeoIP-Country-Code
X-GeoIP-City
X-User
X-Variation
X-Via-SSL
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-Sorting-Hat-ShopId
X-Fetched-On
X-Varnish-Url
X-Via-Edge
X-Amzn-Remapped-Content-Length
X-Bip
Adler-Geo
AKAMAI
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-Planisys-CDN-TTL
X-Alternate-Cache-Key
X-Backend-State
X-Backend-Host
X-ShardId
X-Amz-Meta-Cache-Control
Content-Disposition
Fastly-Backend-Name
Heartbleed
HTTPS
Is-Eu
N-Cache
Platform
X-MSEdge-Flight
SD-X-WS
Fastly-Soc-X-Request-Id
Fastly-SSL
X-MSEdge-Features
X-Backend-Url
X-Auto-Login
Magicmarker
X-S-Maxage
X-Server-IP
X-Cache-FS-Status
X-BBXSRF
X-GZip
X-Cdn-Forward
X-NC
X-Owner
Gh-Request-Id
X-Server-Time
X-RateLimit-Reset
MIME-Version
X-Node-Id
X-Sn-Servicetimems
Server-ID
X-Apm-App-Name
V-Age
X-Apm-Svc-Key
X-Apm-Inst-Hash
X-Cdn-Origin
X-CDN-Forward
X-Varnish-Beresp-Ttl
Rt-Proxy-Cache
X-Org
REQUESTUUID
X-ND-Cache
X-Geo
X-Exp-Se
X-FPC
X-Served-From
Viewtype
HostName
X-CUA
VivaBuild
X-Gdpr
Powered-By
X-Load-Cache
Pragrma
X-B3-Parentspanid
X-Aicache-OS
Section-Io-Cache
X-Pjax-Url
X-Parent-Response-Time
X-Returned-From-BeforeDispatch
X-Returned-From
X-Stale
X-Server-By
X-Returned-From-DLL
X-Returned-From-PostProcessResponse
X-Original-Request
X-Dc
X-Svr
X-Actual-URL
X-Passed-To-PostProcessResponse
X-CSRF-TOKEN
X-Passed-To-DLL
X-Passed-To-BeforeDispatch
X-DC
X-Passed-To
X-Git-Hash
Wxu-Next-Hostname
Host-ID
X-VServer
PICS-Label
Time
Wxu-Next-Region
Wxu-Next-Commit
X-HS-Cache-Config
Memory
CF-IPCountry
X-Croise-Owner
X-Nc
X-CACHE-KEY
Cdn-Request-Time
X-Servedbyhost
Cdn-Host
X-Wa
X-Edge-Server
X-Oss-Request-Id
X-Oss-Server-Time
X-Oss-Object-Type
Fastcgi-Useragent
Resin-Trace
X-Oss-Storage-Class
X-Oss-Hash-Crc64ecma
X-Unique-ID
X-Host-Name
X-Release
SID
X-Tb-Optimization-Total-Bytes-Saved
X-Microcachable
ProcessTime
X-Cache-HT
X-Newrelic-Synthetics
X-Optimization
Mime-Version
AR-SID
X-From-Cache
X-WebServer
X-Daa-Tunnel
X-TH-Server
X-Req
XServer
X-Lb-Id
X-Phone
X-V
X-Varnish-Beresp-TTL
Cf-Ipcountry
Cdn
X-Instart-Info
X-Upstream-HT
Odigeo-Trace-Id
X-Upstream-CT
CF-Cached-On
X-Atg-Version
X-HTML-Minification-Powered-By
X-APP
Proxy-Firewall
Backend-Name
X-Fastly-Backend-Reqs
X-LB-ID
X-Fstrz
X-WR-MODIFICATION
X-Worker
Processtime
X-ID
X-Ratelimit-Remaining
X-Response-By
409pxxline
189phosttRef
219prxHost
225prxHost
X-Backend-TTL
286prxHost
Xxline
X-Vcl-Version
355prline
X-B3-SpanId
X-Server-W
178proxuri
352pxline
X-Ratelimit-Limit
188prxHost
X-CLOUD-TRACE-CONTEXT
X-CACHE-AGE
X-IPS-LoggedIn
X-Nananana
GMS-Ver
X-Check-Cacheable
X-Zone
Public-Key-Pins-Report-Only
Version
X-Vcache
X-NGINX-Cache
WZWS-RAY
X-VCL-Version
X-URL
X-COUNTRY
X-UPSTREAM-Address
Fastcgi-X-Cache-Version
X-WA
Esi-Enabled
X-Ratelimit-Reset
X-Akamai-Request-ID2
X-GEO
SN
X-Hyper-Cache
Pics-Label
X-HS-Status
GeoIp-Country-Code
Geoip-Latitude
GW-Server
X-Amz-Meta-Surrogate-Control
X-ServedByHost
X-Contensis-Viewer-Groups
X-AssetVersion
X-CSRF-Token
Accept-Language
DataCenter
GeoIP-City
Geoip-City
Lb
X-FORWARDED-FOR
X-Clientip
X-Fastly-Country-Code
X-We-Are-Hiring
X-UE-Client-Country
GeoIP-Latitude
Mobile-Detection-Method
Countrycode
X-SERVER-NAME
GeoIP-Country-Code
X-ZONE
X-Dynatrace
X-Vtex-Processado-Em
X-BE
X-Vtex-Remote-Cache
SS
X-Request-Start
X-Microsite
X-Via-Ucdn
X-Request-Handler-Origin-Region
X-Be
X-Render-Time
WP-Super-Cache
Ohc-File-Size
X-Cdn-Cache
X-RequestId
X-NWS-UUID-VERIFY
X-Urbn-Context-Path
Locale
X-LiteSpeed-Cache-Control
X-PJAX-URL
X-Urbn-Site-Id
X-CS
X-Via-NSCOPI
URI
X-GDPR
CDN
X-Reqid
X-Unique-Id
X-GZIP
FSS-Cache
X-Flog
X-Hello
X-Gen-Id
X-HS-Combine-CSS
FSS-Proxy
X-ABtesting
X-PF-Uncompressing
Amp-Access-Control-Allow-Source-Origin
X-HostName
Dynatrace
X-SRV
FastCGI-Cache
Dnion-Transfer-Encoding
RequestUuid
Serverid
X-Fastly-Cache-Hits
IBM-Web2-Location
X-Pf-Uncompressing
X-Fpc
X-Generation-Time
Cneonction
X-Cache-Ttl
X-LiteSpeed-Tag
X-Html-Edge-Cache
X-Store
X-Test
Ohc-Cache-HIT
Accept-Ch
X-Request-Url
Server-Id
A
X-Akamai-SSL-Client-Sid
X-NGENIX-Cache
X-Compress-Hint
X-Cluster-Name
X-Bug-Bounty
Requestid
X-Dw-Trace-Id
Ohc-Response-Time
Is-Session-Tracking
Get-Access-Time
X-UCC
X-Port
X-Serial
Frontcache
X-ServerName
NnCoection
X-Cdn-Request-ID
X-HTML-Edge-Cache
X-EC-Lua