Threat Level: green Handler on Duty: Russ McRee

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
X-Powered-By
Link
ETag
CF-RAY
X-XSS-Protection
Expect-CT
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
CF-Cache-Status
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-Xss-Protection
X-FRAME-OPTIONS
X-Drupal-Cache
X-Adblock-Key
Alt-Svc
X-Check
X-Cacheable
Content-Security-Policy-Report-Only
X-Cache-Status
X-Generator
X-Request-ID
CF-Ray
X-DNS-Prefetch-Control
X-Permitted-Cross-Domain-Policies
X-AspNetMvc-Version
X-Template
X-Language
Status
X-Iinfo
Content-Encoding
Timing-Allow-Origin
X-Content-Security-Policy
X-Buckets
Upgrade
Xkey
X-Turbo-Charged-By
X-Kinja-Server-Push
X-CDN
Keep-Alive
Access-Control-Expose-Headers
X-Backend
X-Cache-Group
Access-Control-Max-Age
X-Pass-Why
X-AH-Environment
X-Drupal-Dynamic-Cache
X-Age
X-Ua-Compatible
X-Pingback
X-Server
X-Via
X-Proxy-Cache
Grace
X-Amz-Id-2
X-Amz-Request-Id
X-Hacker
X-Varnish-Cache
X-Page-Speed
X-Server-Powered-By
X-Robots-Tag
X-Nginx-Cache-Status
WPE-Backend
X-UA-Device
EagleId
Request-Context
X-Envoy-Upstream-Service-Time
P3p
Cf-Railgun
X-Amz-Version-Id
X-Swift-CacheTime
X-Swift-SaveTime
X-LiteSpeed-Cache
X-WebKit-CSP
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-OneAgent-JS-Injection
X-Device
Ali-Swift-Global-Savetime
Server-Timing
Allow
X-Ac
X-Rq
X-Node
X-Host
Content-Location
Feature-Policy
X-Server-Id
X-CST
X-Cnection
X-Response-Time
Report-To
X-Backend-Server
X-Cloud-Trace-Context
EagleEye-TraceId
Surrogate-Control
X-Application-Context
X-ORACLE-DMS-ECID
X-Iejgwucgyu
X-Url
X-Readtime
X-Origin-Cache
Request-Id
X-Rack-Cache
X-Type
X-FTR-Request-ID
X-Country
X-Cache-Lookup
X-Clacks-Overhead
X-Country-Code
Rating
NEL
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Instart-Request-ID
X-Ruxit-JS-Agent
X-Vhost
X-DynaTrace
Pinterest-Generated-By
X-Mod-Pagespeed
X-Origin-Upstream-Status
X-DataDome
Edge-Control
X-Px
X-Goog-Hash
X-Upstream-Env
X-Server-Name
Verso
X-HW
Accept-CH
X-Dispatcher
X-ORACLE-DMS-RID
MS-Author-Via
X-Cdn
X-ESI
AR-PoweredBy
AR-CACHE
AR-ATIME
X-VARITI-CCR
Arc-Version
PB-RID
PB-PID
X-Mobile-Rewrite
X-MS-InvokeApp
X-GitHub-Request-Id
X-Exp-Variant
X-Kinja
X-Kinja-Server
X-Kinja-Revision
X-DataStream-Cache-Status
X-Use-Magma
X-GoogleNews-Bot
X-Cdn-Fetch
X-Exp-Id
X-Kinja-Build
X-Cached
X-Version
X-Powered-By-Plesk
Content-MD5
Public-Key-Pins
Charset
X-TTL
X-Recruiting
Service-Worker-Allowed
AR-Request-ID
Accept-CH-Lifetime
RTSS
Ar-Sid
X-Abt-Application-Version
X-Navigation-Version
X-D2id
X-Server-ID
X-PC
X-Vname
X-TtlSet
X-Amz-Server-Side-Encryption
X-Ser
X-Varnish-TTL
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Vcap-Request-Id
X-Trace
X-Forwarded-Proto
X-Client-IP
SPRequestGuid
X-DynaTrace-JS-Agent
Nginx-Cache
X-FTR-Balancer
X-FTR-Cache-Status
X-FTR-DC
X-FTR-Backend-Server
X-FTR-Realm
X-Country-Code-Real
X-FTR-Backend
X-FTR-Expires
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Amz-Rid
X-Amz-Meta-S3cmd-Attrs
X-VCache
X-Fastly-Request-ID
X-SharePointHealthScore
DynaTrace
S
X-Debug
X-XRDS-Location
TCN
X-Hits
Arr-Disable-Session-Affinity
X-Dw-Request-Base-Id
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-Shield-Request-Id
X-Upstream-Proxy
X-Pinterest-Rid
Pinterest-Version
SPRequestDuration
X-Akam-SW-Version
SPIisLatency
X-Oracle-Dms-Rid
Access-Control-Request-Method
X-T
X-Powered-CMS
X-FTR-Cache-Host
X-SERVER
X-Goog-Storage-Class
X-B3-TraceId
X-Id
X-Litespeed-Cache
X-Aspnet-Version
X-Acc-Meta-Resource-Type
Front-End-Https
Realpath
X-NF-Request-ID
Tracecode
X-MSEdge-Ref
X-Amzn-Trace-Id
Fastcgi-Cache
X-Varnish-Age
X-Content-Type
X-N
X-Dns-Prefetch-Control
Paypal-Debug-Id
X-Ttl
X-Upstream
X-Forwarded-For
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
Alternate-Protocol
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
X-RateLimit-Remaining
X-Frontend
X-PressLabs-Stats
X-Logged-In
X-Content-Digest
X-HS-Content-Id
X-HS-Hub-Id
Fusion-Content-Id
Fusion-Content-Source
Fusion-Component-Id
Fusion-Template-Id
Fusion-Source
Display
X-Cache-Key
X-Sol
X-Middleton-Display
X-Middleton-Response
X-Hostname
Response
X-Srv
X-Fastcgi-Cache
AMP-Access-Control-Allow-Source-Origin
X-Accel-Expires
X-Webkit-CSP
X-Pad
MicrosoftSharePointTeamServices
Host
X-B3-Traceid
Server-Name
X-DataStream-MidMile-RTT
X-Kinsta-Cache
X-DataStream-Origin-MEX-Latency
Backend-Timing
X-Analytics
X-Correlation-Id
X-Content-Options
X-Revision
X-Debug-Info
X-LB-Cache
X-User-Agent
X-Cache-2
X-IPLB-Instance
X-Az
X-AppVersion
X-B3-Sampled
X-Cache-Hit
X-Rid
X-Activity-Id
X-Amz-Apigw-Id
X-Amzn-RequestId
Accept-Charset
Surrogate-Key
FilterID
X-Grace
Refresh
ServerID
X-Accel-Buffering
X-B
Powered-By-ChinaCache
X-CF-Powered-By
X-DIS-Request-ID
X-Page-Id
X-Whom
X-Request-Processing-Time
X-Request-Received
Server-Info
TP-L2-Cache
TP-Cache
X-FastCGI-Cache
Host-Header
MS-CV
X-PHP-Backend
X-Ruxit-Js-Agent
X-Varnish-Backend
X-Cached-By
Cache-Status
X-Content-Security-Policy-Report-Only
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Origin-Server
X-TT
X-Cache-Action
X-Akamai-Edgescape
X-Amz-Replication-Status
X-App-Environment
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Platform-Server
Source
X-UA-Device-Type
X-Cluster
X-Content-Powered-By
X-F-Cache
X-GUploader-UploadID
X-Tumblr-Pixel
X-Varnish-Grace
X-Framework
X-Tumblr-User
X-Tumblr-Pixel-0
X-Drupal-Cache-Tags
Access-Control-Allow-Method
X-FW-Type
X-Request-Guid
X-Mobile
X-Instance
X-FW-Static
X-FW-Serve
X-FW-Hash
X-FW-Server
X-FB-Debug
X-RateLimit-Limit
X-Zen-Fury
PageSpeed
X-SS-Set-Cookie
X-Forwarded-Host
X-Geo-Country
X-Ezoic-Cdn
X-Shard
X-Cache-TTL
X-Handled-By
X-Magnolia-Registration
Edge-Cache-Tag
X-Node-Name
From-Origin
X-Varnish-Hostname
X-ATG-Version
X-Cache-Age
Cache-Tags
X-TA-CDN-Provider
X-Varnish-Server
X-BCube-Filmed-By
X-App-Server
DC
X-AOL-HN
X-Cache-Control
Cleartype
Fastly-Restarts
Healthy
Upgrade-Insecure-Requests
X-Cache-Rule
Payment
Filters
Server-Node
X-RequestSource
X-Region
X-Response-Served-From
X-WebKit-CSP-Report-Only
X-Adobe-Content
X-Adobe-Loc
Country
X-Generated-By
X-TX-ID
Actual-Object-TTL
X-GeoIP
X-Redis-Cache
X-RTag
Ms-Operation-Id
X-UUID
X-VG-WebCache
X-Storage
X-TT-TIMESTAMP
X-B-Cache
NGB
X-Signature
X-Tumblr-Pixel-1
X-FW-Dynamic
Cache-Tv-Group
X-Drupal-Cache-Contexts
Retry-After
Webserver
X-Tumblr-Pixel-2
X-Jobs
X-Varnish-Hits
X-XRDS-LOCATION
X-Locale
X-Content-Age
X-Cacheable-TTL
Powered
GEO-INFO
CACHE
ServedBy
X-Esi
Frame-Options
Liferay-Portal
X-Contextid
X-Oneagent-Js-Injection
HitType
X-Rendered-As
X-Seen-By
X-WA-Info
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Varnish-IP
X-Cache-TTL-Remaining
X-Cache-NE
X-Via-JSL
X-Guploader-Uploadid
X-ProcessESI
X-RemovedCookies
S-Cnection
Eomportal-Instance
Viewport
X-Real-IP
X-Upgrade-Enabled
X-BACKEND-TTL
X-Cache-Server
X-Mode
X-Cache-Operation
NtCoent-Length
X-Newrelic-App-Data
X-Varnish-Cache-Hits
X-Wix-Server-Artifact-Id
X-Path-Route
X-Detected-As
X-Zipkin-Id
X-Cache-Enabled
X-Cache-Var
Content-Script-Type
Content-Style-Type
OT-Force-Account-Verify
Cache-Hits
Mn-Server-Ip
X-Routing-Service
Load-Balancing
Cache-Key
X-Proxied
X-Cache-Var-Map
X-Is-Bot
X-ES-SERVER
Meta-Geo
X-From
X-RN-RSRV
Machine
X-S
Datacenter
X-Time
NGX
X-Viewer-Country
X-VWS-Id
X-Cache-Config
X-Device-Type
X-FC-Vary-Parameters
X-Akamai-Transformed
X-Hosted-By
X-Hl-Ver
X-AWS-Id
X-FB-TRIP-ID
Webcakes-App-Version
TWC-GeoIP-Country
TWC-GeoIP-LatLong
TWC-Device-Class
TWC-Connection-Speed
Property-Id
TWC-Locale-Group
Access-Control-Request-Headers
X-L-Path
Webcakes-App-Name
Vix-Hermes-Req-Id
TWC-Privacy
Webcakes-Region
X-Environment-Context
X-Origin-Hint
X-VG-TLSProxy
X-Proto
X-LJ-Flow-ID
X-Tb
X-Section
Azure-InstanceId
Azure-RegionName
Azure-SiteName
X-RCS-CacheZone
Origin-Cache-Control
X-Rocket-Nginx-Bypass
X-Proxy
We-Hiring
Azure-SlotName
Mail-Subject
S-Rt
L5d-Success-Class
X-Tumblr-Pixel-3
X-TNCMS
DB-Nickname
Azure-Version
X-Access
X-Time-Microsecs
Origin-Edge-Control
X-Akamai-Request-ID
X-MP-GENERATED-AT
X-NCache
X-Origin-Response-Time
X-Format
X-FW-Version
Xserver
X-Labrador-Cache-Channel
X-Loop
X-Debug-Cache
X-EIG-Tracking-Id
X-Birta-Cache-Post
X-Backend-Name
X-Web-Node
X-Birta-Served
X-Human
X-ServerID
X-IP
X-Via-CDN
Now
X-PCL
X-Proxy-Build
X-Via-Fastly
X-Timing-Wait
X-CCM
X-Xfnlog-Site
X-JoinUs
X-Trace-Id
X-OCL
Selected-FE
X-NWS-LOG-UUID
X-Endurance-Cache-Level
Cache-Tag
X-Vgn-Hpd-Reason
X-Generated
X-BYPASS-REASON
X-Internal-Host
X-Grey
X-Varnish-Cacheable
X-Www-Served-By
X-Cache-Category-Id
X-Site-Version
X-ProxyCache-Status
X-ProxyCache-Key
Uber-Trace-Id
Decoy-Debug-Key
X-Status
Decoy-Debug-Status
X-R9-Blue-Green-Version
Decoy-Debug-TTL
X-GRACE
Served-By
X-UA
X-Dynatrace-Js-Agent
X-VC-Cache
LB
X-Cache-Remote
X-Rule
X-UnsetCookies
X-EdgeConnect-Cache-Status
Release
X-Wix-Request-Id
ViewerVersion
X-CDN-Cache
AsisCache
X-TIME
Nel
X-Origin-Host
X-Cluster-Node
Rt-Fastcgi-Cache
X-Sucuri-ID
X-APP-VERSION
X-App-Name
X-B3-Spanid
X-ApacheServer
X-Datadome
X-PERF
X-Source
X-Nginx-Cache
X-Request-Time
X-Agile
X-Agile-Id
X-Agile-Age
X-Ua
X-Hit
X-NewRelic-App-Data
X-OVcl-Cache
X-OVcl
X-Origin
User-Agent
Cache-Name
X-Goog-Meta-Goog-Reserved-File-Mtime
X-VCT
X-Edge-Location
X-App-Version
DSUID
SRV
Warning
X-WPE-Loopback-Upstream-Addr
X-Origin-TTL
X-Origin-CC
X-ElasticPress-Search
X-A-Dgt
X-A
Thinkindot-Control
Www
X-A-Dcw
X-A-Ccd
X-A-Wwc
Ajk
Ec-Rule-Version
On-Server
Node
Meta-Geo-Continent
Memcached
Origin
X-A-Dam
Request-Time
Request-EU
Request-Country
Rendered-Blocks
MD5-Digest
Lfy
Thinkindot-CacheControl-Type
Cross-Origin-Window-Policy
Cache-Prefix
BehaviorPad-Version
Thinkindot-CacheControl
Server-Surrogate-Control
Fly-Request-Id
Fly-Cache
Server-Cache-Control
Arc-Country
X-CF-Lambda-Fn
X-Request-UUID
X-Region-Sid
X-Rewrite-Enabled
X-Rojux
X-ScT
X-S-Cookie
X-Refresh
X-Pubstack
X-NU-AKA-ACS-Version
X-NodeID
X-PAYTM-SRV-ID
X-Platform
X-Processor
X-Secret
X-Sedo-Request-Id
X-Varnish-Authentication
X-Var-Ttl
X-VG-WebServer
X-Webstats-RespID
Xc-Version
X-Up
X-Twitter-Response-Tags
X-SRCache-Key
X-Server-Group
X-Thinkindot-L3
X-Transaction
X-Trv-Group
X-Mobile-URL
X-Matched-Rule
X-Cache-Info
X-Cache-Grace
X-Cache-Miss-From
X-CF-Lambda-Version
X-Connection-Hash
X-Cache-Expires
X-Cache-ASPX
X-Application
X-Aed
X-ARC
X-B-Cookie
X-BB-ID
X-Core-Value
X-D
X-Generated-In
X-Gannett-Site-Version
X-Hp-Webp
X-Instart-Isnd
X-Logtrace-Id
X-G
X-F5-Cache
X-Destination
X-Date
X-Developer
X-DPWN-IS-SECURE
X-External-Request-Id
X-Accel-Expires-Debug
UCS
Hostname
X-Ocache
X-Edge-IP
User-Cache-Control
Cache
X-Varnish-Ttl
X-Cache-Backend
X-Policy
X-Protected-By
X-Ah-Environment
X-Amzn-Remapped-Connection
X-Block-Status
X-Cache-Bucket
X-Cache-Debug
X-Page-Type
X-C
X-PHP-Host
X-Amzn-Remapped-Date
X-Qloud-Router
RNT-Time
Server-Host
Server-Int
RNT-Machine
X-Servername
Proxy-Connection
X-Sf
ServerName
X-Request-URI
X-RateLimit-Limit-Second
X-Cache-Host
X-Hash
X-RateLimit-Remaining-Second
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
Web-Mar-Node
X-Origin-Date
X-LI-Proto
X-Epic-Correlation-Id
X-Li-Pop
X-LI-UUID
X-Distributor
X-Dispatcher-Server
X-Distil-CS
X-Li-Fabric
X-LAGOON
X-Hnp-Log
X-Geo-Header
X-Gen-Mode
X-IN-APIGATEWAY
X-Info
X-IN-WAF
X-Device-Os
X-Developers
X-No-Session
X-Crawler
X-NX-Host
X-Cdn-Srv
X-Origin-Expires
Pramga
X-Nginx-Cache-Key
X-Micro-Cache
X-Debug-Log
X-Location
X-Debug-Cookies
X-Debug-Cache-Store
X-Debug-Cache-Expiry
X-Debug-Cache-Fetch
X-Cache-Id
True-Client-Country-4JS
X-Swa-Ws
X-Reboot
CDCHOST
X-ServiceProvider
Cache-Cookie-Set-Lfrom
FNAC-ModuleRouting
Fastly-SIE
IsBot
X-TT-LOGID
X-Real-Ip
Fastly-SWR
Kp-EeAlive
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
X-SIPLIST1
Apple-News-Services-Handled
X-Sucuri-Cache
Apple-News-Services-Host
Pagetype
Backend
Apple-News-Services-Parsed-Url
X-SN
Apple-News-Services-Request-Url
X-Varnish-Beresp-Status
Pagespeed
X-Varnish-Beresp-Grace
Cteonnt-Length
X-FireWall-Port
X-S-Maxage
X-MSEdge-Features
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-Skip-Cache
SD-X-WS
X-Server-IP
X-MSEdge-Flight
Content-Disposition
Fastly-Backend-Name
N-Cache
X-CGP
X-Amzn-Remapped-Content-Length
X-Core-Mission
X-Variation
Country-Code
X-ShardId
X-Gateway-Cache-Status
X-Gateway-Cache-Key
X-Shopify-Stage
X-Gateway-Skip-Cache
X-Generated-On
X-GeoIP-Country-Code
X-GeoIP-City
X-Irp-Debug
X-Key
Platform
X-Eu-Site
AKAMAI
X-Fastly-Cache
Adler-Geo
X-Level-Front-Cache
X-Fetched-On
Fastly-Soc-X-Request-Id
X-Cms-Context
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
HA-Ipaddr
X-Auto-Login
X-Planisys-CDN-Cache
X-Backend-Url
X-Backend-State
Fastly-SSL
Heartbleed
X-TrackingId
X-User
X-Proxy-Upstream
Magicmarker
X-Proxy-Cache-Status
Is-Eu
X-Amz-Meta-Cache-Control
X-Alternate-Cache-Key
HTTPS
Ha-Gx-Prefs
X-Backend-Host
X-Via-SSL
X-Via-Edge
X-Wikidot-Backend
X-ShopId
X-Cache-FS-Status
X-Thanos
X-Bip
X-Wikidot-Static-Cache
X-BBXSRF
X-Varnish-Url
X-Cdn-Forward
X-GZip
X-NC
X-RateLimit-Reset
X-Owner
Gh-Request-Id
X-Server-Time
MIME-Version
X-Apm-App-Name
X-Apm-Inst-Hash
X-Apm-Svc-Key
X-Sn-Servicetimems
X-Node-Id
X-Cdn-Origin
V-Age
Server-ID
X-CDN-Forward
X-Varnish-Beresp-Ttl
X-Exp-Se
X-Org
Rt-Proxy-Cache
X-Geo
REQUESTUUID
X-ND-Cache
X-FPC
X-CUA
Viewtype
VivaBuild
X-Gdpr
Powered-By
HostName
X-Served-From
X-Load-Cache
X-Aicache-OS
Pragrma
X-Pjax-Url
X-B3-Parentspanid
Section-Io-Cache
X-Parent-Response-Time
X-Passed-To-BeforeDispatch
X-Passed-To
X-Original-Request
X-Passed-To-DLL
X-Passed-To-PostProcessResponse
X-Returned-From-BeforeDispatch
X-Dc
X-Stale
X-Svr
X-Server-By
X-Returned-From-PostProcessResponse
X-Returned-From
X-DC
X-Returned-From-DLL
X-Actual-URL
X-CSRF-TOKEN
Wxu-Next-Hostname
Memory
Time
X-VServer
Wxu-Next-Commit
X-Git-Hash
Host-ID
PICS-Label
X-HS-Cache-Config
Wxu-Next-Region
X-Croise-Owner
CF-IPCountry
X-Nc
X-CACHE-KEY
Cdn-Request-Time
Cdn-Host
X-Wa
X-Edge-Server
X-Servedbyhost
Resin-Trace
X-Unique-ID
X-Oss-Object-Type
X-Oss-Storage-Class
X-Oss-Server-Time
X-Oss-Request-Id
Fastcgi-Useragent
X-Oss-Hash-Crc64ecma
X-Host-Name
X-Release
X-Tb-Optimization-Total-Bytes-Saved
SID
X-Microcachable
X-Cache-HT
ProcessTime
AR-SID
Mime-Version
X-Optimization
X-Newrelic-Synthetics
X-WebServer
X-TH-Server
X-From-Cache
X-Daa-Tunnel
X-Phone
X-V
XServer
X-Req
X-Lb-Id
Cf-Ipcountry
X-Varnish-Beresp-TTL
X-Instart-Info
Odigeo-Trace-Id
Cdn
X-Upstream-CT
X-Upstream-HT
CF-Cached-On
X-Atg-Version
Processtime
Backend-Name
X-HTML-Minification-Powered-By
X-Fastly-Backend-Reqs
Proxy-Firewall
X-APP
X-Fstrz
X-WR-MODIFICATION
X-ID
X-LB-ID
X-Worker
X-Ratelimit-Remaining
225prxHost
219prxHost
188prxHost
178proxuri
352pxline
X-Backend-TTL
X-Ratelimit-Limit
286prxHost
189phosttRef
X-Response-By
Xxline
X-Vcl-Version
409pxxline
X-Server-W
355prline
X-B3-SpanId
X-CLOUD-TRACE-CONTEXT
X-CACHE-AGE
GMS-Ver
X-Check-Cacheable
X-IPS-LoggedIn
X-Nananana
X-Zone
Public-Key-Pins-Report-Only
Version
X-NGINX-Cache
X-Vcache
WZWS-RAY
X-WA
X-Ratelimit-Reset
X-URL
X-VCL-Version
Fastcgi-X-Cache-Version
Esi-Enabled
X-UPSTREAM-Address
X-COUNTRY
X-Akamai-Request-ID2
Geoip-Latitude
SN
Accept-Language
X-AssetVersion
X-Contensis-Viewer-Groups
GeoIp-Country-Code
X-CSRF-Token
GW-Server
X-HS-Status
X-ServedByHost
Pics-Label
X-GEO
X-Hyper-Cache
X-Amz-Meta-Surrogate-Control
DataCenter
GeoIP-City
GeoIP-Latitude
GeoIP-Country-Code
Geoip-City
Lb
Countrycode
Mobile-Detection-Method
X-SERVER-NAME
X-Clientip
X-FORWARDED-FOR
X-Fastly-Country-Code
X-We-Are-Hiring
X-UE-Client-Country
X-Dynatrace
X-ZONE
X-Request-Start
X-Microsite
SS
X-Vtex-Remote-Cache
X-Vtex-Processado-Em
X-Via-Ucdn
X-Request-Handler-Origin-Region
X-BE
X-Render-Time
X-Be
WP-Super-Cache
X-Cdn-Cache
Ohc-File-Size
X-CS
X-RequestId
X-LiteSpeed-Cache-Control
X-Via-NSCOPI
X-GDPR
CDN
Locale
X-PJAX-URL
URI
X-Urbn-Site-Id
X-Urbn-Context-Path
X-NWS-UUID-VERIFY
X-Unique-Id
X-GZIP
FSS-Cache
FSS-Proxy
X-Reqid
X-ABtesting
X-PF-Uncompressing
X-HS-Combine-CSS
X-Gen-Id
X-Flog
X-Hello
Amp-Access-Control-Allow-Source-Origin
FastCGI-Cache
Dynatrace
X-SRV
X-HostName
X-Generation-Time
IBM-Web2-Location
Dnion-Transfer-Encoding
X-Fpc
X-Pf-Uncompressing
Serverid
X-Fastly-Cache-Hits
Cneonction
RequestUuid
X-Cache-Ttl
X-Request-Url
X-Store
Accept-Ch
A
Server-Id
X-LiteSpeed-Tag
Ohc-Cache-HIT
X-Html-Edge-Cache
X-NGENIX-Cache
X-Akamai-SSL-Client-Sid
X-Test
X-Compress-Hint
X-Requestid
X-Bug-Bounty
RequestId
Requestid
X-UCC
X-Dw-Trace-Id
X-HTML-Edge-Cache
X-EC-Lua
X-Cdn-Request-ID
X-ServerName
NnCoection
X-Serial
Ohc-Response-Time
Frontcache
X-Port
Is-Session-Tracking
Get-Access-Time