Threat Level: green Handler on Duty: Russ McRee

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
X-Powered-By
Link
ETag
CF-RAY
X-XSS-Protection
Expect-CT
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
CF-Cache-Status
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-AspNet-Version
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-Xss-Protection
X-Drupal-Cache
X-Adblock-Key
X-Request-ID
Alt-Svc
X-Check
X-Cacheable
Content-Security-Policy-Report-Only
X-Cache-Status
X-Generator
CF-Ray
X-DNS-Prefetch-Control
X-Permitted-Cross-Domain-Policies
X-AspNetMvc-Version
X-Template
X-Language
Status
X-Iinfo
Content-Encoding
Timing-Allow-Origin
X-FRAME-OPTIONS
X-Buckets
X-Content-Security-Policy
Upgrade
Xkey
X-CDN
X-Turbo-Charged-By
X-Kinja-Server-Push
Keep-Alive
Access-Control-Expose-Headers
X-Backend
X-Cache-Group
X-Pass-Why
Access-Control-Max-Age
X-AH-Environment
X-Drupal-Dynamic-Cache
X-Age
X-Ua-Compatible
X-Pingback
X-Server
X-Via
X-Proxy-Cache
Grace
X-Amz-Request-Id
X-Amz-Id-2
X-Hacker
X-Varnish-Cache
X-Robots-Tag
X-Page-Speed
X-Server-Powered-By
X-Nginx-Cache-Status
WPE-Backend
X-UA-Device
EagleId
Request-Context
X-Envoy-Upstream-Service-Time
P3p
Cf-Railgun
X-Amz-Version-Id
X-LiteSpeed-Cache
X-Swift-CacheTime
X-Swift-SaveTime
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-WebKit-CSP
X-OneAgent-JS-Injection
X-Device
Ali-Swift-Global-Savetime
Server-Timing
Allow
X-Ac
X-Rq
X-Node
X-Host
Content-Location
X-CST
Feature-Policy
X-Server-Id
X-Cnection
X-Response-Time
Report-To
X-Backend-Server
X-Cloud-Trace-Context
X-Application-Context
Surrogate-Control
EagleEye-TraceId
X-Type
X-Iejgwucgyu
X-ORACLE-DMS-ECID
X-Url
X-Readtime
Request-Id
X-Origin-Cache
X-Rack-Cache
X-Country
X-FTR-Request-ID
X-Clacks-Overhead
X-Cache-Lookup
X-Country-Code
Rating
NEL
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Instart-Request-ID
X-Ruxit-JS-Agent
X-Vhost
X-DynaTrace
Pinterest-Generated-By
X-Mod-Pagespeed
X-Origin-Upstream-Status
X-DataDome
X-Px
Edge-Control
X-Upstream-Env
X-Goog-Hash
Verso
X-Server-Name
Accept-CH
X-HW
X-Dispatcher
X-ORACLE-DMS-RID
MS-Author-Via
X-ESI
AR-PoweredBy
X-VARITI-CCR
AR-ATIME
AR-CACHE
X-MS-InvokeApp
X-GitHub-Request-Id
X-Mobile-Rewrite
PB-RID
PB-PID
Arc-Version
X-DataStream-Cache-Status
X-Kinja-Build
X-Kinja-Revision
X-Kinja
X-GoogleNews-Bot
X-Cdn-Fetch
X-Exp-Id
X-Exp-Variant
X-Kinja-Server
X-Use-Magma
X-Cached
X-Version
Charset
Content-MD5
X-Powered-By-Plesk
Public-Key-Pins
X-TTL
X-Recruiting
Service-Worker-Allowed
AR-Request-ID
Accept-CH-Lifetime
RTSS
Ar-Sid
X-Abt-Application-Version
X-D2id
X-Navigation-Version
X-Vname
X-TtlSet
X-PC
X-Server-ID
X-Ser
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Varnish-TTL
X-Amz-Server-Side-Encryption
X-Trace
X-Vcap-Request-Id
X-Forwarded-Proto
X-Client-IP
SPRequestGuid
X-DynaTrace-JS-Agent
Nginx-Cache
X-FTR-DC
X-FTR-Backend
X-FTR-Balancer
X-FTR-Cache-Status
X-FTR-Realm
X-Country-Code-Real
X-FTR-Backend-Server
X-Cdn
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Goog-Metageneration
X-FTR-Expires
X-Amz-Rid
S
X-VCache
X-SharePointHealthScore
X-Amz-Meta-S3cmd-Attrs
X-Fastly-Request-ID
X-XRDS-Location
X-Debug
TCN
Arr-Disable-Session-Affinity
DynaTrace
X-Hits
X-Shield-Request-Id
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Dw-Request-Base-Id
X-TEC-API-VERSION
SPRequestDuration
SPIisLatency
X-Upstream-Proxy
X-Pinterest-Rid
Pinterest-Version
X-Akam-SW-Version
X-Oracle-Dms-Rid
Access-Control-Request-Method
X-FTR-Cache-Host
X-Powered-CMS
X-SERVER
X-T
X-Goog-Storage-Class
X-B3-TraceId
Front-End-Https
X-Aspnet-Version
X-NF-Request-ID
X-Acc-Meta-Resource-Type
Realpath
Tracecode
X-MSEdge-Ref
X-Amzn-Trace-Id
X-Id
X-N
Fastcgi-Cache
X-Dns-Prefetch-Control
X-Varnish-Age
X-Content-Type
Paypal-Debug-Id
X-Forwarded-For
X-Ttl
X-Upstream
MRF-Tech
Alternate-Protocol
Mrf-Cache-Status
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
X-B3-TraceId-Primal
X-Fastcgi-Cache
X-RateLimit-Remaining
X-Frontend
X-Logged-In
X-PressLabs-Stats
X-HS-Content-Id
X-HS-Hub-Id
X-Content-Digest
Fusion-Template-Id
Fusion-Content-Id
Fusion-Content-Source
Fusion-Source
Fusion-Component-Id
Display
X-Sol
X-Middleton-Display
X-Litespeed-Cache
AMP-Access-Control-Allow-Source-Origin
X-Hostname
Response
X-Middleton-Response
X-Cache-Key
X-Webkit-CSP
X-Srv
X-Accel-Expires
X-Pad
MicrosoftSharePointTeamServices
Host
X-Kinsta-Cache
Server-Name
X-B3-Traceid
Backend-Timing
X-DataStream-MidMile-RTT
X-Analytics
X-DataStream-Origin-MEX-Latency
X-Correlation-Id
X-Content-Options
X-Accel-Buffering
X-User-Agent
X-Revision
X-Debug-Info
X-LB-Cache
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Az
X-Rid
X-Activity-Id
X-AppVersion
FilterID
X-B3-Sampled
Accept-Charset
Refresh
X-Cache-Hit
X-IPLB-Instance
X-Cache-2
Surrogate-Key
X-B
Powered-By-ChinaCache
X-DIS-Request-ID
X-CF-Powered-By
X-Grace
ServerID
X-Page-Id
X-Whom
Server-Info
TP-L2-Cache
TP-Cache
Host-Header
MS-CV
X-Request-Processing-Time
X-Request-Received
X-PHP-Backend
X-Ruxit-Js-Agent
X-Amz-Replication-Status
X-Content-Security-Policy-Report-Only
X-TT
X-App-Environment
X-Origin-Server
Cache-Status
X-Varnish-Backend
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
Source
X-Cached-By
X-Kong-Proxy-Latency
X-Framework
X-Platform-Server
X-UA-Device-Type
X-Cache-Action
X-Akamai-Edgescape
X-Cluster
X-Kong-Upstream-Latency
X-Mobile
X-F-Cache
X-GUploader-UploadID
X-Content-Powered-By
Access-Control-Allow-Method
X-Varnish-Grace
X-Tumblr-User
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Drupal-Cache-Tags
X-FW-Type
X-Request-Guid
X-FW-Static
X-FW-Server
X-FW-Serve
X-FW-Hash
X-FB-Debug
X-Instance
X-FastCGI-Cache
X-RateLimit-Limit
X-Zen-Fury
X-Geo-Country
X-SS-Set-Cookie
X-Forwarded-Host
X-Handled-By
X-Shard
X-Ezoic-Cdn
X-Magnolia-Registration
X-Cache-TTL
Edge-Cache-Tag
From-Origin
PageSpeed
X-Node-Name
X-ATG-Version
X-Varnish-Hostname
X-Cache-Age
X-App-Server
X-Varnish-Server
Cache-Tags
DC
X-BCube-Filmed-By
Cleartype
X-AOL-HN
X-Cache-Control
Healthy
Upgrade-Insecure-Requests
Payment
Filters
X-RequestSource
X-Generated-By
X-Region
X-Cache-Rule
Fastly-Restarts
X-Response-Served-From
X-WebKit-CSP-Report-Only
Server-Node
X-TX-ID
X-Adobe-Loc
X-Adobe-Content
Ms-Operation-Id
X-B-Cache
X-TT-TIMESTAMP
CACHE
X-Signature
X-UUID
X-Storage
Country
Cache-Tv-Group
X-VG-WebCache
X-Redis-Cache
NGB
X-RTag
Webserver
X-GeoIP
Actual-Object-TTL
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-TA-CDN-Provider
X-Drupal-Cache-Contexts
X-Jobs
X-FW-Dynamic
Retry-After
X-Cacheable-TTL
X-Locale
X-Content-Age
X-XRDS-LOCATION
X-Varnish-Hits
GEO-INFO
ServedBy
Powered
Liferay-Portal
X-Esi
Frame-Options
X-Contextid
X-Oneagent-Js-Injection
X-Seen-By
HitType
X-Rendered-As
X-Cache-TTL-Remaining
X-Varnish-IP
X-WA-Info
X-Real-IP
X-Wix-Server-Artifact-Id
X-Via-JSL
X-Yottaa-Optimizations
X-Yottaa-Metrics
S-Cnection
X-Guploader-Uploadid
Viewport
X-Cache-NE
X-ProcessESI
X-RemovedCookies
X-Upgrade-Enabled
Eomportal-Instance
X-BACKEND-TTL
X-Time
X-GRACE
X-Cache-Server
X-Mode
Content-Style-Type
Content-Script-Type
Xserver
NtCoent-Length
Datacenter
Cache-Hits
X-Proxied
X-RN-RSRV
X-Routing-Service
X-Detected-As
X-Proto
X-Path-Route
X-Hl-Ver
X-From
X-ES-SERVER
X-Is-Bot
X-Zipkin-Id
X-Varnish-Cache-Hits
Load-Balancing
Cache-Key
X-Cache-Operation
Mn-Server-Ip
Meta-Geo
X-Device-Type
X-Akamai-Transformed
X-Cache-Var-Map
X-Cache-Var
X-Cache-Enabled
OT-Force-Account-Verify
Machine
X-S
X-Cache-Config
X-FC-Vary-Parameters
Property-Id
Webcakes-Region
X-Hosted-By
TWC-Privacy
X-L-Path
X-FB-TRIP-ID
TWC-Locale-Group
TWC-GeoIP-Country
X-AWS-Id
TWC-Device-Class
TWC-Connection-Speed
X-LJ-Flow-ID
X-Environment-Context
X-Origin-Hint
X-VG-TLSProxy
We-Hiring
X-Viewer-Country
X-VWS-Id
Access-Control-Request-Headers
Vix-Hermes-Req-Id
Webcakes-App-Name
X-Tb
Mail-Subject
TWC-GeoIP-LatLong
X-Proxy
L5d-Success-Class
Webcakes-App-Version
NGX
Origin-Cache-Control
Azure-SiteName
Azure-RegionName
Azure-SlotName
Azure-Version
Origin-Edge-Control
S-Rt
X-Debug-Cache
X-ServerID
X-Section
X-Origin-Response-Time
X-Time-Microsecs
X-TNCMS
X-Backend-Name
X-Web-Node
X-Loop
X-Labrador-Cache-Channel
X-Birta-Served
X-Birta-Cache-Post
X-Akamai-Request-ID
Azure-InstanceId
X-Newrelic-App-Data
X-FW-Version
X-Format
X-Access
X-EIG-Tracking-Id
X-Endurance-Cache-Level
X-Timing-Wait
X-CCM
X-ProxyCache-Status
X-Trace-Id
X-Varnish-Cacheable
X-Via-CDN
X-Vgn-Hpd-Reason
X-ProxyCache-Key
X-Proxy-Build
X-JoinUs
X-IP
X-BYPASS-REASON
X-Human
X-OCL
Cache-Tag
X-PCL
X-Via-Fastly
Selected-FE
DB-Nickname
X-Tumblr-Pixel-3
Now
X-Xfnlog-Site
X-RCS-CacheZone
X-Rocket-Nginx-Bypass
X-NCache
X-Generated
Decoy-Debug-TTL
Decoy-Debug-Key
X-Grey
Decoy-Debug-Status
Uber-Trace-Id
X-Site-Version
X-Www-Served-By
X-Status
X-Cache-Category-Id
X-MP-GENERATED-AT
X-NWS-LOG-UUID
Served-By
X-R9-Blue-Green-Version
X-VC-Cache
X-Dynatrace-Js-Agent
X-Wix-Request-Id
ViewerVersion
X-Internal-Host
X-Rule
X-Cache-Remote
X-EdgeConnect-Cache-Status
X-CDN-Cache
LB
X-UA
AsisCache
Release
X-UnsetCookies
X-Origin-Host
X-Sucuri-ID
Nel
X-Cluster-Node
Rt-Fastcgi-Cache
X-App-Name
X-PERF
X-ApacheServer
X-NewRelic-App-Data
X-TIME
X-Datadome
X-Ua
X-Source
X-Nginx-Cache
User-Agent
X-Request-Time
X-Agile
X-Agile-Age
X-Agile-Id
X-B3-Spanid
X-App-Version
X-APP-VERSION
Cache-Name
Pagespeed
X-Origin
X-Hit
X-OVcl-Cache
X-OVcl
X-Goog-Meta-Goog-Reserved-File-Mtime
X-VCT
X-Edge-Location
Warning
X-Pubstack
X-Origin-CC
X-Origin-TTL
UCS
X-Instart-Isnd
Thinkindot-Control
X-External-Request-Id
X-Generated-In
X-Gannett-Site-Version
Thinkindot-CacheControl-Type
X-A
X-A-Wwc
X-A-Dam
X-A-Dgt
X-G
X-F5-Cache
X-A-Ccd
X-Accel-Expires-Debug
X-A-Dcw
Request-Country
Fly-Request-Id
Fly-Cache
Lfy
MD5-Digest
Memcached
Ec-Rule-Version
Cross-Origin-Window-Policy
Ajk
Arc-Country
BehaviorPad-Version
Cache-Prefix
Meta-Geo-Continent
Node
Request-EU
Request-Time
Server-Cache-Control
Server-Surrogate-Control
X-IN-WAF
X-IN-APIGATEWAY
On-Server
Origin
Rendered-Blocks
X-Aed
Thinkindot-CacheControl
X-NodeID
X-CF-Lambda-Fn
X-S-Cookie
X-CF-Lambda-Version
X-Trv-Group
X-Transaction
X-Twitter-Response-Tags
X-Cache-Info
X-Rojux
X-Cache-Expires
X-Cache-Grace
X-Hp-Webp
X-ScT
X-Secret
X-SRCache-Key
X-Thinkindot-L3
X-Server-Group
X-D
X-Date
X-Core-Value
X-Debug-Cache-Expiry
X-Debug-Cookies
X-Connection-Hash
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-Debug-Log
X-Rewrite-Enabled
X-NU-AKA-ACS-Version
X-Developer
X-Destination
X-VG-WebServer
X-ARC
X-DPWN-IS-SECURE
X-Webstats-RespID
X-Logtrace-Id
X-Application
X-Matched-Rule
X-Mobile-URL
X-B-Cookie
X-BB-ID
X-Up
X-Region-Sid
X-Cache-ASPX
X-Request-UUID
X-Processor
X-Platform
X-NX-Host
X-Varnish-Authentication
X-PAYTM-SRV-ID
X-Var-Ttl
Xc-Version
Www
X-Ocache
X-Edge-IP
X-Sucuri-Cache
Hostname
X-Cdn-Forward
X-Varnish-Ttl
DSUID
X-Protected-By
X-Cache-Backend
X-ElasticPress-Search
User-Cache-Control
SRV
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
Pramga
X-SIPLIST1
Proxy-Connection
X-Distil-CS
X-Distributor
X-Hnp-Log
X-Block-Status
X-CGP
X-SN
X-Info
N-Cache
X-Key
X-LAGOON
X-Irp-Debug
X-Sedo-Request-Id
RNT-Machine
X-Cache-Bucket
X-Refresh
Pagetype
X-Crawler
X-Developers
X-Ah-Environment
True-Client-Country-4JS
Web-Mar-Node
X-Swa-Ws
X-Device-Os
X-Eu-Site
X-Amzn-Remapped-Date
X-Gen-Mode
X-TT-LOGID
Server-Host
X-Amzn-Remapped-Connection
X-Hash
X-Epic-Correlation-Id
Server-Int
X-Sf
X-Cache-Miss-From
RNT-Time
X-Cache-Debug
Cache-Cookie-Set-Lfrom
CDCHOST
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
X-Proxy-Upstream
X-Proxy-Cache-Status
X-Policy
X-Dispatcher-Server
X-Page-Type
Country-Code
X-PHP-Host
Backend
Apple-News-Services-Request-Url
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-Reboot
X-Request-URI
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Apple-News-Services-Handled
X-Qloud-Router
X-Origin-Expires
X-Cache-Id
Heartbleed
X-LI-UUID
HA-Ipaddr
Ha-Gx-Prefs
X-Origin-Date
X-LI-Proto
X-Li-Pop
X-Li-Fabric
Magicmarker
Kp-EeAlive
IsBot
X-Servername
X-ServiceProvider
X-Varnish-Url
X-Cache-Host
Fastly-SIE
Fastly-Backend-Name
X-Nginx-Cache-Key
Fastly-SWR
Cteonnt-Length
X-FireWall-Port
X-Variation
X-User
X-TrackingId
X-WPE-Loopback-Upstream-Addr
X-Core-Mission
X-Cms-Context
X-ShopId
X-Level-Front-Cache
X-ShardId
X-Shopify-Stage
X-Skip-Cache
X-MSEdge-Features
X-MSEdge-Flight
X-S-Maxage
X-Server-IP
X-No-Session
X-Sorting-Hat-PodId
X-GeoIP-Country-Code
X-Gateway-Cache-Status
X-Gateway-Cache-Key
X-Fetched-On
X-Fastly-Cache
X-Gateway-Skip-Cache
X-Sorting-Hat-ShopId
X-GeoIP-City
X-Geo-Header
X-Generated-On
X-Thanos
X-C
X-Wikidot-Static-Cache
HTTPS
Fastly-SSL
X-Backend-State
X-Cdn-Srv
Is-Eu
FNAC-ModuleRouting
X-Alternate-Cache-Key
SD-X-WS
X-Amz-Meta-Cache-Control
X-Wikidot-Backend
X-Amzn-Remapped-Content-Length
X-Micro-Cache
Fastly-Soc-X-Request-Id
X-Cache-FS-Status
AKAMAI
X-Via-Edge
Adler-Geo
X-Via-SSL
Content-Disposition
ServerName
X-BBXSRF
Platform
X-Bip
X-Location
X-GZip
X-Backend-Url
X-Backend-Host
Cache
X-Owner
X-RateLimit-Reset
X-Server-Time
X-Node-Id
X-Planisys-CDN-TTL
X-Auto-Login
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
MIME-Version
X-Real-Ip
Server-ID
Gh-Request-Id
X-NC
X-Varnish-Beresp-Ttl
V-Age
Powered-By
X-Apm-App-Name
X-Apm-Svc-Key
X-Cdn-Origin
X-Sn-Servicetimems
X-Apm-Inst-Hash
X-FPC
X-Org
X-CUA
Section-Io-Cache
X-CACHE-KEY
Rt-Proxy-Cache
X-CDN-Forward
VivaBuild
X-Pjax-Url
X-Geo
Viewtype
X-ND-Cache
X-Exp-Se
REQUESTUUID
HostName
Pragrma
X-Load-Cache
X-Passed-To-PostProcessResponse
X-Passed-To-DLL
X-Passed-To
X-Returned-From-PostProcessResponse
X-Passed-To-BeforeDispatch
X-Returned-From
X-Served-From
X-Returned-From-BeforeDispatch
X-Aicache-OS
X-Original-Request
X-Returned-From-DLL
X-Stale
X-Actual-URL
X-Server-By
X-Gdpr
X-Svr
X-Parent-Response-Time
X-Croise-Owner
X-HS-Cache-Config
X-B3-Parentspanid
X-VServer
X-DC
X-CSRF-TOKEN
Host-ID
X-Nc
X-Dc
Fastcgi-Useragent
Cdn-Request-Time
X-Edge-Server
Cdn-Host
Memory
Time
X-Unique-ID
Wxu-Next-Region
Wxu-Next-Hostname
Wxu-Next-Commit
X-Git-Hash
X-Servedbyhost
X-Wa
PICS-Label
X-Microcachable
CF-IPCountry
Resin-Trace
X-Oss-Server-Time
X-Oss-Request-Id
X-Oss-Object-Type
SID
ProcessTime
X-Oss-Storage-Class
X-Oss-Hash-Crc64ecma
X-Tb-Optimization-Total-Bytes-Saved
X-V
X-Newrelic-Synthetics
Mime-Version
X-ID
X-Optimization
X-Cache-HT
AR-SID
X-From-Cache
X-Req
X-Release
X-Host-Name
Odigeo-Trace-Id
X-TH-Server
X-WebServer
Cdn
X-Lb-Id
X-Varnish-Beresp-TTL
Cf-Ipcountry
X-Phone
X-HTML-Minification-Powered-By
X-Atg-Version
X-Daa-Tunnel
Proxy-Firewall
XServer
X-Instart-Info
X-APP
X-Fstrz
CF-Cached-On
X-Upstream-HT
X-Upstream-CT
Backend-Name
X-Response-By
X-WR-MODIFICATION
Processtime
X-Fastly-Backend-Reqs
X-B3-SpanId
X-LB-ID
X-Ratelimit-Remaining
X-Worker
Public-Key-Pins-Report-Only
X-Backend-TTL
X-Ratelimit-Limit
X-Vcl-Version
GMS-Ver
X-CACHE-AGE
X-CLOUD-TRACE-CONTEXT
355prline
409pxxline
Xxline
X-Server-W
352pxline
189phosttRef
X-Nananana
178proxuri
188prxHost
219prxHost
286prxHost
225prxHost
WZWS-RAY
X-Check-Cacheable
X-Zone
X-GEO
X-IPS-LoggedIn
Fastcgi-X-Cache-Version
X-Vcache
X-NGINX-Cache
Version
X-Ratelimit-Reset
X-Amz-Meta-Surrogate-Control
Pics-Label
X-HS-Status
X-WA
X-URL
Lb
X-UPSTREAM-Address
X-ServedByHost
SN
X-CSRF-Token
X-Clientip
Esi-Enabled
X-Hyper-Cache
X-UE-Client-Country
GW-Server
X-We-Are-Hiring
X-VCL-Version
Countrycode
Mobile-Detection-Method
DataCenter
X-Akamai-Request-ID2
X-Contensis-Viewer-Groups
Geoip-Latitude
X-SERVER-NAME
X-Fastly-Country-Code
X-AssetVersion
GeoIP-Latitude
GeoIP-Country-Code
GeoIP-City
GeoIp-Country-Code
SS
X-SRV
Ohc-File-Size
X-Dynatrace
Accept-Language
X-BE
X-Render-Time
X-Via-Ucdn
Geoip-City
X-Request-Start
Serverid
WP-Super-Cache
X-GZIP
FSS-Proxy
FSS-Cache
X-LiteSpeed-Cache-Control
X-CS
X-HS-Combine-CSS
X-NWS-UUID-VERIFY
URI
X-RequestId
X-GDPR
X-PF-Uncompressing
X-ZONE
X-Vtex-Processado-Em
X-Be
X-Vtex-Remote-Cache
X-Unique-Id
X-Urbn-Site-Id
X-Gen-Id
X-Cdn-Cache
X-Urbn-Context-Path
X-PJAX-URL
X-Via-NSCOPI
X-Reqid
CDN
Locale
X-FORWARDED-FOR
X-HostName
Dynatrace
Amp-Access-Control-Allow-Source-Origin
FastCGI-Cache
X-Pf-Uncompressing
Ohc-Cache-HIT
X-Microsite
X-ABtesting
Cneonction
X-Hello
X-Flog
X-Fastly-Cache-Hits
X-Fpc
X-Request-Handler-Origin-Region
RequestUuid
X-Cache-Ttl
Server-Id
Dnion-Transfer-Encoding
X-LiteSpeed-Tag
X-Request-Url
X-Store
A
Accept-Ch
X-Html-Edge-Cache
IBM-Web2-Location
X-UCC
X-Akamai-SSL-Client-Sid
Get-Access-Time
X-Test
X-Port
Requestid
X-Dw-Trace-Id
X-Generation-Time
Is-Session-Tracking
X-Varnish-Action
Ohc-Response-Time
Who
X-ServerName
X-EC-Lua
X-HTML-Edge-Cache
Frontcache
NnCoection
X-Serial
X-Cdn-Request-ID