Threat Level: green Handler on Duty: Russ McRee

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
X-Powered-By
Link
ETag
CF-RAY
X-XSS-Protection
Expect-CT
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
CF-Cache-Status
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-AspNet-Version
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-Xss-Protection
X-FRAME-OPTIONS
X-Drupal-Cache
X-Adblock-Key
Alt-Svc
X-Check
X-Cacheable
X-Request-ID
Content-Security-Policy-Report-Only
X-Cache-Status
X-Generator
CF-Ray
X-DNS-Prefetch-Control
X-Permitted-Cross-Domain-Policies
X-AspNetMvc-Version
X-Template
X-Language
Status
X-Iinfo
Content-Encoding
Timing-Allow-Origin
X-Buckets
X-Content-Security-Policy
Upgrade
Xkey
X-CDN
X-Turbo-Charged-By
X-Kinja-Server-Push
Keep-Alive
Access-Control-Expose-Headers
X-Backend
X-Cache-Group
X-Pass-Why
Access-Control-Max-Age
X-AH-Environment
X-Drupal-Dynamic-Cache
X-Age
X-Ua-Compatible
X-Pingback
X-Server
X-Via
X-Proxy-Cache
Grace
X-Amz-Id-2
X-Amz-Request-Id
X-Hacker
X-Varnish-Cache
X-Robots-Tag
X-Server-Powered-By
X-Page-Speed
X-Nginx-Cache-Status
WPE-Backend
X-UA-Device
EagleId
Request-Context
X-Envoy-Upstream-Service-Time
P3p
Cf-Railgun
X-Amz-Version-Id
X-LiteSpeed-Cache
X-WebKit-CSP
X-Swift-CacheTime
X-Swift-SaveTime
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-OneAgent-JS-Injection
X-Device
Ali-Swift-Global-Savetime
Server-Timing
Allow
X-Ac
X-Rq
X-Node
X-Host
Content-Location
X-CST
Feature-Policy
X-Cnection
X-Response-Time
X-Server-Id
Report-To
X-Backend-Server
X-Cloud-Trace-Context
EagleEye-TraceId
X-Application-Context
Surrogate-Control
X-Type
X-Iejgwucgyu
X-ORACLE-DMS-ECID
X-Url
X-Readtime
X-Origin-Cache
Request-Id
X-Rack-Cache
X-FTR-Request-ID
X-Country
X-Clacks-Overhead
X-Country-Code
X-Cache-Lookup
Rating
NEL
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Instart-Request-ID
X-Ruxit-JS-Agent
X-Vhost
X-DynaTrace
Pinterest-Generated-By
X-Mod-Pagespeed
X-Origin-Upstream-Status
X-DataDome
X-Px
Edge-Control
X-Upstream-Env
X-Goog-Hash
Verso
X-Server-Name
X-HW
Accept-CH
X-Dispatcher
X-ORACLE-DMS-RID
MS-Author-Via
X-ESI
AR-PoweredBy
AR-CACHE
AR-ATIME
X-VARITI-CCR
X-GitHub-Request-Id
Arc-Version
X-Mobile-Rewrite
X-MS-InvokeApp
PB-RID
PB-PID
X-DataStream-Cache-Status
X-Server-ID
X-GoogleNews-Bot
X-Exp-Variant
X-Exp-Id
X-Cdn-Fetch
X-Kinja-Build
X-Kinja
X-Use-Magma
X-Kinja-Revision
X-Kinja-Server
X-Cached
X-Version
Charset
Content-MD5
X-Powered-By-Plesk
Public-Key-Pins
X-TTL
X-Recruiting
Service-Worker-Allowed
AR-Request-ID
Accept-CH-Lifetime
RTSS
Ar-Sid
X-Abt-Application-Version
X-Navigation-Version
X-D2id
X-PC
X-TtlSet
X-Vname
X-Ser
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Varnish-TTL
X-Amz-Server-Side-Encryption
X-Trace
X-Vcap-Request-Id
X-Forwarded-Proto
X-Client-IP
SPRequestGuid
X-DynaTrace-JS-Agent
Nginx-Cache
X-FTR-Balancer
X-FTR-Realm
X-FTR-DC
X-FTR-Cache-Status
X-Country-Code-Real
X-FTR-Backend-Server
X-FTR-Backend
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-Cdn
X-FTR-Expires
X-Amz-Rid
X-VCache
X-Fastly-Request-ID
X-SharePointHealthScore
X-Amz-Meta-S3cmd-Attrs
S
X-Debug
X-XRDS-Location
TCN
DynaTrace
Arr-Disable-Session-Affinity
X-Hits
X-Shield-Request-Id
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Dw-Request-Base-Id
SPIisLatency
X-Upstream-Proxy
SPRequestDuration
X-Pinterest-Rid
Pinterest-Version
X-Oracle-Dms-Rid
X-Akam-SW-Version
Access-Control-Request-Method
X-SERVER
X-FTR-Cache-Host
X-T
X-Powered-CMS
X-Goog-Storage-Class
X-B3-TraceId
Front-End-Https
X-Aspnet-Version
X-Acc-Meta-Resource-Type
X-NF-Request-ID
Realpath
Tracecode
X-MSEdge-Ref
X-Amzn-Trace-Id
X-Id
X-N
Fastcgi-Cache
X-Dns-Prefetch-Control
X-Varnish-Age
X-Content-Type
Paypal-Debug-Id
X-Ttl
X-Upstream
X-Forwarded-For
MRF-Tech
Alternate-Protocol
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
X-B3-TraceId-Primal
Mrf-Cache-Status
X-RateLimit-Remaining
X-Frontend
X-Logged-In
X-PressLabs-Stats
X-Content-Digest
Fusion-Template-Id
Fusion-Component-Id
Fusion-Content-Source
X-HS-Content-Id
X-HS-Hub-Id
Fusion-Source
Fusion-Content-Id
X-Sol
X-Middleton-Display
X-Litespeed-Cache
Display
AMP-Access-Control-Allow-Source-Origin
X-Hostname
X-Fastcgi-Cache
X-Middleton-Response
Response
X-Cache-Key
X-Accel-Expires
X-Srv
X-Pad
MicrosoftSharePointTeamServices
X-Kinsta-Cache
Host
Server-Name
X-B3-Traceid
X-Content-Options
X-DataStream-MidMile-RTT
X-Accel-Buffering
X-Analytics
X-Correlation-Id
Backend-Timing
X-DataStream-Origin-MEX-Latency
X-User-Agent
X-Revision
X-LB-Cache
X-Debug-Info
X-AppVersion
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Activity-Id
X-Az
FilterID
Accept-Charset
X-Cache-2
X-B3-Sampled
X-IPLB-Instance
X-Rid
Refresh
X-Cache-Hit
Surrogate-Key
X-Grace
Powered-By-ChinaCache
X-B
X-DIS-Request-ID
X-CF-Powered-By
ServerID
X-Page-Id
X-Whom
Server-Info
X-FastCGI-Cache
TP-Cache
TP-L2-Cache
Host-Header
MS-CV
X-PHP-Backend
X-Request-Received
X-Request-Processing-Time
X-Webkit-CSP
X-Amz-Replication-Status
X-Content-Security-Policy-Report-Only
X-Ruxit-Js-Agent
X-Varnish-Backend
Cache-Status
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Cached-By
X-Kong-Upstream-Latency
X-App-Environment
X-TT
X-Kong-Proxy-Latency
X-Origin-Server
X-Akamai-Edgescape
X-Cache-Action
X-UA-Device-Type
X-Cluster
Source
X-Platform-Server
X-Varnish-Grace
X-Framework
X-Content-Powered-By
X-GUploader-UploadID
X-FW-Serve
X-FW-Server
X-FW-Hash
X-Drupal-Cache-Tags
X-F-Cache
X-FW-Static
X-FW-Type
X-Tumblr-User
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Request-Guid
Access-Control-Allow-Method
X-Mobile
X-Instance
X-FB-Debug
X-Geo-Country
X-SS-Set-Cookie
X-RateLimit-Limit
X-Zen-Fury
X-Shard
X-Handled-By
X-Ezoic-Cdn
X-Forwarded-Host
X-Cache-TTL
X-Magnolia-Registration
Edge-Cache-Tag
From-Origin
PageSpeed
X-Node-Name
X-ATG-Version
X-Cache-Age
X-Varnish-Hostname
X-Varnish-Server
X-App-Server
Cache-Tags
DC
X-BCube-Filmed-By
Cleartype
X-AOL-HN
X-Cache-Control
CACHE
Upgrade-Insecure-Requests
Healthy
Payment
Fastly-Restarts
X-WebKit-CSP-Report-Only
X-Cache-Rule
X-Generated-By
X-Region
Filters
X-RequestSource
X-Response-Served-From
X-TX-ID
Server-Node
X-Adobe-Loc
X-Adobe-Content
NGB
X-VG-WebCache
X-UUID
X-Storage
X-Redis-Cache
X-RTag
X-GeoIP
X-TT-TIMESTAMP
Ms-Operation-Id
Country
Cache-Tv-Group
X-Signature
Retry-After
X-B-Cache
X-Drupal-Cache-Contexts
X-Jobs
Actual-Object-TTL
Webserver
X-TA-CDN-Provider
X-FW-Dynamic
X-Cacheable-TTL
X-Locale
X-Tumblr-Pixel-1
X-Content-Age
X-Tumblr-Pixel-2
X-XRDS-LOCATION
X-Varnish-Hits
GEO-INFO
ServedBy
Powered
Liferay-Portal
X-Esi
X-Contextid
Frame-Options
X-Oneagent-Js-Injection
HitType
X-Seen-By
X-Rendered-As
X-Cache-TTL-Remaining
X-Varnish-IP
X-Wix-Server-Artifact-Id
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-WA-Info
X-Via-JSL
X-BACKEND-TTL
S-Cnection
Viewport
X-Real-IP
X-Guploader-Uploadid
X-Upgrade-Enabled
X-RemovedCookies
X-ProcessESI
Eomportal-Instance
X-Cache-NE
X-Mode
NtCoent-Length
X-Cache-Server
Content-Style-Type
Content-Script-Type
X-Akamai-Transformed
Datacenter
Cache-Key
X-Zipkin-Id
OT-Force-Account-Verify
X-Detected-As
Mn-Server-Ip
X-Routing-Service
X-RN-RSRV
X-Cache-Var-Map
X-Varnish-Cache-Hits
Meta-Geo
X-Cache-Enabled
X-From
Cache-Hits
X-Is-Bot
Machine
X-Proxied
X-Cache-Var
X-ES-SERVER
X-Cache-Operation
X-Path-Route
Load-Balancing
X-S
X-Cache-Config
X-AWS-Id
Webcakes-Region
Webcakes-App-Version
Webcakes-App-Name
Access-Control-Request-Headers
X-FB-TRIP-ID
X-Environment-Context
X-Device-Type
Vix-Hermes-Req-Id
TWC-Locale-Group
TWC-Connection-Speed
Property-Id
NGX
TWC-Device-Class
TWC-GeoIP-Country
X-FC-Vary-Parameters
TWC-GeoIP-LatLong
TWC-Privacy
X-Time
X-Origin-Hint
X-LJ-Flow-ID
X-VWS-Id
X-VG-TLSProxy
X-Proto
X-Tb
X-Viewer-Country
X-L-Path
X-Hl-Ver
X-Hosted-By
Origin-Cache-Control
S-Rt
Origin-Edge-Control
L5d-Success-Class
Azure-RegionName
Azure-InstanceId
Azure-SiteName
Azure-SlotName
Mail-Subject
Azure-Version
X-Web-Node
X-Proxy
X-Birta-Served
X-Birta-Cache-Post
X-Debug-Cache
X-Labrador-Cache-Channel
X-Format
X-EIG-Tracking-Id
X-Loop
X-Access
X-Section
X-Time-Microsecs
X-FW-Version
We-Hiring
X-Origin-Response-Time
X-TNCMS
X-Akamai-Request-ID
Xserver
X-Endurance-Cache-Level
X-Varnish-Cacheable
X-Trace-Id
X-Vgn-Hpd-Reason
X-Via-CDN
X-Via-Fastly
X-Timing-Wait
X-JoinUs
X-Proxy-Build
Selected-FE
X-ServerID
X-PCL
X-OCL
X-IP
X-Xfnlog-Site
X-RCS-CacheZone
X-Backend-Name
X-CCM
X-Tumblr-Pixel-3
DB-Nickname
X-Human
Cache-Tag
X-Rocket-Nginx-Bypass
X-NCache
X-Generated
X-Grey
Uber-Trace-Id
X-ProxyCache-Key
X-Cache-Category-Id
X-Status
X-ProxyCache-Status
X-Www-Served-By
Decoy-Debug-Status
Decoy-Debug-Key
Now
X-GRACE
Decoy-Debug-TTL
X-BYPASS-REASON
X-Site-Version
X-NWS-LOG-UUID
X-Newrelic-App-Data
X-MP-GENERATED-AT
X-Dynatrace-Js-Agent
Served-By
X-UA
X-R9-Blue-Green-Version
X-VC-Cache
X-Internal-Host
X-Wix-Request-Id
ViewerVersion
X-Rule
X-Cache-Remote
LB
X-CDN-Cache
X-EdgeConnect-Cache-Status
Release
X-UnsetCookies
AsisCache
X-Origin-Host
X-Sucuri-ID
X-TIME
X-NewRelic-App-Data
Nel
X-Cluster-Node
Rt-Fastcgi-Cache
X-App-Name
X-APP-VERSION
X-PERF
X-B3-Spanid
X-ApacheServer
X-Datadome
X-Source
User-Agent
X-Nginx-Cache
X-Agile-Age
X-Request-Time
X-Agile
X-Agile-Id
Pagespeed
Cache-Name
X-Ua
X-OVcl
X-Origin
X-Hit
X-OVcl-Cache
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Edge-Location
X-VCT
Warning
X-App-Version
X-Origin-CC
X-Pubstack
X-Origin-TTL
X-Cache-Grace
X-Mobile-URL
X-B-Cookie
X-Server-Group
X-Secret
X-CF-Lambda-Fn
X-D
Lfy
Fly-Cache
X-Date
Fly-Request-Id
X-Application
X-ScT
X-S-Cookie
Memcached
X-Platform
X-Processor
MD5-Digest
X-PAYTM-SRV-ID
Node
X-Core-Value
X-Cache-Info
X-Ocache
Meta-Geo-Continent
Rendered-Blocks
X-A-Dam
X-A-Ccd
Cache-Prefix
X-Region-Sid
X-A-Dcw
Server-Surrogate-Control
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
X-A
Www
BehaviorPad-Version
UCS
Thinkindot-Control
Arc-Country
X-Connection-Hash
X-NodeID
Ajk
X-NU-AKA-ACS-Version
Server-Cache-Control
X-Cache-ASPX
X-CF-Lambda-Version
X-Cache-Expires
Ec-Rule-Version
X-Accel-Expires-Debug
X-Aed
On-Server
X-BB-ID
Origin
X-Rojux
Cross-Origin-Window-Policy
X-A-Dgt
Request-EU
Request-Time
Request-Country
X-Request-UUID
X-A-Wwc
X-Rewrite-Enabled
X-Sucuri-Cache
X-Destination
X-Trv-Group
X-Var-Ttl
X-Varnish-Authentication
X-Generated-In
X-SRCache-Key
X-Up
X-Thinkindot-L3
X-Developer
X-ARC
X-Twitter-Response-Tags
X-Edge-IP
X-Instart-Isnd
Hostname
X-Webstats-RespID
X-DPWN-IS-SECURE
X-Matched-Rule
X-External-Request-Id
Xc-Version
X-F5-Cache
X-Logtrace-Id
X-VG-WebServer
X-Gannett-Site-Version
X-G
X-Hp-Webp
X-Transaction
X-Varnish-Ttl
X-Protected-By
SRV
User-Cache-Control
X-ElasticPress-Search
X-Cache-Backend
X-Varnish-Beresp-Status
DSUID
X-Varnish-Beresp-Grace
Web-Mar-Node
N-Cache
X-PHP-Host
X-Cache-Miss-From
X-Hnp-Log
Pagetype
X-Hash
X-Page-Type
X-Real-Ip
X-IN-APIGATEWAY
X-LI-Proto
Kp-EeAlive
IsBot
X-LI-UUID
X-Li-Pop
X-Amzn-Remapped-Connection
Magicmarker
X-Cache-Debug
X-Nginx-Cache-Key
X-Origin-Expires
Server-Host
X-Sedo-Request-Id
X-Refresh
RNT-Time
X-Policy
X-Geo-Header
X-Block-Status
Server-Int
X-C
RNT-Machine
X-Info
Pramga
True-Client-Country-4JS
X-Origin-Date
Proxy-Connection
X-NX-Host
X-Gen-Mode
X-No-Session
X-IN-WAF
X-Cache-Bucket
Fastly-SIE
X-Reboot
X-LAGOON
X-Developers
X-Request-URI
X-TT-LOGID
X-Device-Os
Apple-News-Services-Handled
X-Varnish-Url
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
X-Ah-Environment
X-Debug-Log
X-Debug-Cache-Store
X-SN
X-Debug-Cache-Expiry
X-SIPLIST1
X-Sf
X-ServiceProvider
X-Swa-Ws
X-Crawler
X-Debug-Cookies
X-Servername
Heartbleed
Backend
X-Li-Fabric
Fastly-Backend-Name
X-Qloud-Router
X-Distil-CS
X-Distributor
Fastly-SWR
X-Cache-Host
X-Cache-Id
X-Debug-Cache-Fetch
X-Epic-Correlation-Id
Cache-Cookie-Set-From
X-Dispatcher-Server
X-RateLimit-Limit-Second
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-RateLimit-Remaining-Second
Cache-Cookie-Set-Lfrom
CDCHOST
X-Amzn-Remapped-Date
Cache-Cookie-Set-Idcheck
X-FireWall-Port
Cteonnt-Length
X-Backend-State
X-Key
X-BBXSRF
X-Irp-Debug
X-Eu-Site
X-Cache-FS-Status
X-Fastly-Cache
X-CGP
X-MSEdge-Features
X-Core-Mission
X-Cms-Context
X-Fetched-On
X-Gateway-Cache-Key
X-GeoIP-City
X-GeoIP-Country-Code
X-Generated-On
X-Gateway-Skip-Cache
X-Gateway-Cache-Status
X-Bip
X-Skip-Cache
X-Sorting-Hat-ShopId
X-Thanos
X-TrackingId
X-User
X-Sorting-Hat-PodId
X-Level-Front-Cache
X-Server-IP
X-ShardId
X-ShopId
X-Shopify-Stage
X-MSEdge-Flight
X-Via-Edge
X-Micro-Cache
FNAC-ModuleRouting
X-WPE-Loopback-Upstream-Addr
X-Cdn-Forward
X-Location
X-Cdn-Srv
X-Via-SSL
X-Wikidot-Backend
X-Wikidot-Static-Cache
ServerName
X-S-Maxage
X-Variation
HTTPS
HA-Ipaddr
Ha-Gx-Prefs
X-Amz-Meta-Cache-Control
Is-Eu
X-Alternate-Cache-Key
Adler-Geo
SD-X-WS
X-Proxy-Cache-Status
Platform
X-Amzn-Remapped-Content-Length
AKAMAI
Content-Disposition
Country-Code
X-Proxy-Upstream
Fastly-SSL
Fastly-Soc-X-Request-Id
X-GZip
X-Node-Id
X-Planisys-CDN-Cache
X-RateLimit-Reset
X-Server-Time
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Backend-Url
X-Owner
X-Backend-Host
X-Auto-Login
MIME-Version
Gh-Request-Id
Server-ID
X-Varnish-Beresp-Ttl
X-NC
X-CDN-Forward
X-Apm-Inst-Hash
X-Cdn-Origin
X-Apm-Svc-Key
X-Apm-App-Name
X-Sn-Servicetimems
X-FPC
Powered-By
V-Age
X-Org
X-CUA
Section-Io-Cache
X-CACHE-KEY
Cache
X-ND-Cache
X-Geo
Rt-Proxy-Cache
REQUESTUUID
X-Exp-Se
Viewtype
VivaBuild
Pragrma
HostName
X-Load-Cache
X-Passed-To-BeforeDispatch
X-Passed-To-DLL
X-Returned-From-PostProcessResponse
X-Gdpr
X-Original-Request
X-Passed-To-PostProcessResponse
X-Pjax-Url
X-Server-By
X-Returned-From
X-Stale
X-Svr
X-Returned-From-DLL
X-Returned-From-BeforeDispatch
X-Passed-To
X-Actual-URL
X-Served-From
X-Aicache-OS
X-Parent-Response-Time
X-VServer
X-DC
X-Croise-Owner
X-HS-Cache-Config
X-Dc
X-Nc
Host-ID
X-B3-Parentspanid
X-CSRF-TOKEN
Fastcgi-Useragent
Cdn-Request-Time
Time
X-Edge-Server
Memory
Cdn-Host
PICS-Label
X-Unique-ID
X-Servedbyhost
Wxu-Next-Hostname
X-Wa
Wxu-Next-Region
Wxu-Next-Commit
X-Git-Hash
CF-IPCountry
X-Microcachable
SID
Resin-Trace
X-Oss-Storage-Class
X-Oss-Server-Time
X-Oss-Hash-Crc64ecma
X-Oss-Request-Id
X-Oss-Object-Type
X-Tb-Optimization-Total-Bytes-Saved
ProcessTime
X-Newrelic-Synthetics
Mime-Version
X-Optimization
X-Cache-HT
X-ID
AR-SID
X-V
X-Req
X-Release
X-From-Cache
X-Host-Name
X-WebServer
XServer
X-Lb-Id
X-TH-Server
Odigeo-Trace-Id
X-Varnish-Beresp-TTL
Cf-Ipcountry
X-Phone
Cdn
X-HTML-Minification-Powered-By
X-Daa-Tunnel
X-Atg-Version
X-Fstrz
Processtime
X-Instart-Info
X-APP
Proxy-Firewall
X-Upstream-CT
X-Upstream-HT
CF-Cached-On
X-Response-By
X-Fastly-Backend-Reqs
Backend-Name
X-WR-MODIFICATION
X-LB-ID
X-Ratelimit-Remaining
Public-Key-Pins-Report-Only
X-Ratelimit-Limit
X-Vcl-Version
GMS-Ver
X-Worker
X-Check-Cacheable
X-CACHE-AGE
X-CLOUD-TRACE-CONTEXT
286prxHost
225prxHost
X-B3-SpanId
352pxline
409pxxline
355prline
219prxHost
188prxHost
178proxuri
189phosttRef
Xxline
X-Server-W
WZWS-RAY
X-Zone
X-Backend-TTL
X-GEO
Fastcgi-X-Cache-Version
X-NGINX-Cache
X-Nananana
X-Vcache
X-IPS-LoggedIn
Version
X-HS-Status
X-URL
X-Amz-Meta-Surrogate-Control
X-COUNTRY
X-WA
X-Ratelimit-Reset
Lb
X-UPSTREAM-Address
X-CSRF-Token
SN
X-UE-Client-Country
Esi-Enabled
X-VCL-Version
Mobile-Detection-Method
Pics-Label
X-Clientip
X-We-Are-Hiring
X-ServedByHost
GW-Server
GeoIp-Country-Code
Geoip-Latitude
X-Hyper-Cache
Countrycode
DataCenter
WP-Super-Cache
X-Akamai-Request-ID2
X-SERVER-NAME
Geoip-City
X-AssetVersion
X-Fastly-Country-Code
X-FORWARDED-FOR
X-Contensis-Viewer-Groups
SS
X-Dynatrace
Ohc-File-Size
X-SRV
Accept-Language
X-Render-Time
GeoIP-City
X-Request-Start
GeoIP-Country-Code
X-BE
GeoIP-Latitude
X-Via-Ucdn
Serverid
X-GZIP
FSS-Cache
X-Vtex-Remote-Cache
X-HS-Combine-CSS
X-Vtex-Processado-Em
URI
X-CS
X-Be
X-ZONE
X-LiteSpeed-Cache-Control
CDN
X-PF-Uncompressing
X-PJAX-URL
X-GDPR
X-NWS-UUID-VERIFY
FSS-Proxy
X-Unique-Id
Locale
X-Gen-Id
X-Cdn-Cache
X-RequestId
X-Via-NSCOPI
X-Urbn-Site-Id
X-Urbn-Context-Path
FastCGI-Cache
Dynatrace
X-HostName
Amp-Access-Control-Allow-Source-Origin
X-Hello
X-Fpc
X-Flog
X-Reqid
X-ABtesting
X-Fastly-Cache-Hits
Ohc-Cache-HIT
X-Microsite
RequestUuid
X-Pf-Uncompressing
Cneonction
X-Request-Handler-Origin-Region
X-Cache-Ttl
X-Request-Url
Accept-Ch
X-UCC
X-Generation-Time
IBM-Web2-Location
Dnion-Transfer-Encoding
X-Html-Edge-Cache
X-LiteSpeed-Tag
A
X-Store
Server-Id
X-Akamai-SSL-Client-Sid
X-Requestid
Who
X-HTML-Edge-Cache
NnCoection
Frontcache
X-Dw-Trace-Id
X-Varnish-Action
X-Serial
Ohc-Response-Time
X-Cdn-Request-ID
X-ServerName
Is-Session-Tracking
X-Port
Get-Access-Time
X-EC-Lua