Threat Level: green Handler on Duty: Russ McRee

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
X-Powered-By
Link
ETag
CF-RAY
X-XSS-Protection
Expect-CT
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
CF-Cache-Status
X-Timer
Access-Control-Allow-Headers
X-Request-Id
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-Xss-Protection
X-Drupal-Cache
X-Adblock-Key
Alt-Svc
X-Check
X-Cacheable
Content-Security-Policy-Report-Only
X-Request-ID
X-Cache-Status
X-Generator
CF-Ray
X-DNS-Prefetch-Control
X-Permitted-Cross-Domain-Policies
X-AspNetMvc-Version
X-Template
X-Language
Status
X-Iinfo
Content-Encoding
Timing-Allow-Origin
X-Buckets
X-FRAME-OPTIONS
X-Content-Security-Policy
Upgrade
Xkey
X-CDN
X-Turbo-Charged-By
X-Kinja-Server-Push
Keep-Alive
Access-Control-Expose-Headers
X-Backend
X-Cache-Group
X-Pass-Why
Access-Control-Max-Age
X-AH-Environment
X-Drupal-Dynamic-Cache
X-Age
X-Ua-Compatible
X-Pingback
X-Server
X-Via
X-Proxy-Cache
Grace
X-Amz-Request-Id
X-Amz-Id-2
X-Hacker
X-Varnish-Cache
WPE-Backend
X-Page-Speed
X-Robots-Tag
X-Server-Powered-By
X-Nginx-Cache-Status
X-UA-Device
EagleId
Request-Context
X-Envoy-Upstream-Service-Time
Cf-Railgun
P3p
X-Amz-Version-Id
X-LiteSpeed-Cache
X-Swift-CacheTime
X-Swift-SaveTime
X-WebKit-CSP
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-OneAgent-JS-Injection
X-Device
Ali-Swift-Global-Savetime
Allow
Server-Timing
X-Ac
X-Rq
X-Node
X-Host
Content-Location
X-CST
Feature-Policy
X-Server-Id
X-Cnection
X-Response-Time
Report-To
X-Backend-Server
X-Cloud-Trace-Context
Surrogate-Control
EagleEye-TraceId
X-Application-Context
X-Type
X-Iejgwucgyu
X-ORACLE-DMS-ECID
X-Url
X-Readtime
X-Origin-Cache
Request-Id
X-Rack-Cache
X-Country
X-FTR-Request-ID
X-Cache-Lookup
X-Clacks-Overhead
X-Country-Code
NEL
Rating
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Instart-Request-ID
X-Vhost
X-DynaTrace
X-Ruxit-JS-Agent
X-Mod-Pagespeed
Pinterest-Generated-By
X-Origin-Upstream-Status
X-DataDome
X-Px
Edge-Control
X-Goog-Hash
X-Upstream-Env
X-Server-Name
Verso
X-HW
Accept-CH
X-ESI
X-Dispatcher
MS-Author-Via
X-VARITI-CCR
AR-ATIME
AR-PoweredBy
AR-CACHE
X-GitHub-Request-Id
X-MS-InvokeApp
PB-PID
PB-RID
X-Mobile-Rewrite
Arc-Version
X-ORACLE-DMS-RID
X-Cdn-Fetch
X-GoogleNews-Bot
X-Exp-Variant
X-Exp-Id
X-Kinja-Server
X-Kinja
X-Use-Magma
X-Kinja-Revision
X-Kinja-Build
X-Cached
X-DataStream-Cache-Status
X-Version
X-TTL
Charset
Content-MD5
X-Powered-By-Plesk
Public-Key-Pins
X-Recruiting
Service-Worker-Allowed
AR-Request-ID
Accept-CH-Lifetime
Ar-Sid
RTSS
X-Abt-Application-Version
X-D2id
X-Navigation-Version
X-Vname
X-TtlSet
X-PC
X-Ser
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Amz-Server-Side-Encryption
X-Server-ID
X-Vcap-Request-Id
X-Varnish-TTL
X-Trace
X-Forwarded-Proto
SPRequestGuid
X-Client-IP
Nginx-Cache
X-FTR-Realm
X-FTR-Backend
X-FTR-Cache-Status
X-FTR-DC
X-FTR-Balancer
X-DynaTrace-JS-Agent
X-FTR-Backend-Server
X-Country-Code-Real
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-Goog-Generation
X-FTR-Expires
X-Amz-Rid
X-Fastly-Request-ID
X-SharePointHealthScore
S
X-VCache
X-Amz-Meta-S3cmd-Attrs
X-Cdn
X-Debug
X-Oracle-Dms-Rid
TCN
DynaTrace
X-Hits
X-TEC-API-ORIGIN
X-Shield-Request-Id
X-TEC-API-VERSION
X-Dw-Request-Base-Id
X-TEC-API-ROOT
Arr-Disable-Session-Affinity
X-XRDS-Location
X-Upstream-Proxy
X-Pinterest-Rid
SPIisLatency
SPRequestDuration
Pinterest-Version
X-Akam-SW-Version
X-B3-TraceId
Access-Control-Request-Method
X-Powered-CMS
X-T
X-Goog-Storage-Class
X-FTR-Cache-Host
Front-End-Https
Realpath
X-NF-Request-ID
X-SERVER
X-Acc-Meta-Resource-Type
Tracecode
X-Amzn-Trace-Id
X-Id
X-MSEdge-Ref
X-Aspnet-Version
Fastcgi-Cache
X-N
X-Varnish-Age
Paypal-Debug-Id
X-Content-Type
X-Forwarded-For
X-Dns-Prefetch-Control
X-Upstream
X-Fastcgi-Cache
X-Mrf-Section-Lastmod
Mrf-Cache-Status
MRF-Tech
X-Mrf-Item-Lastmod
X-B3-TraceId-Primal
Alternate-Protocol
X-Ttl
X-Frontend
X-Logged-In
X-Content-Digest
X-HS-Hub-Id
X-HS-Content-Id
Fusion-Component-Id
Fusion-Content-Source
Fusion-Template-Id
Fusion-Content-Id
X-PressLabs-Stats
Fusion-Source
X-RateLimit-Remaining
X-Middleton-Display
Display
X-Sol
AMP-Access-Control-Allow-Source-Origin
Response
X-Middleton-Response
X-Hostname
X-Cache-Key
X-Litespeed-Cache
X-Srv
X-Accel-Expires
X-Pad
X-Webkit-CSP
MicrosoftSharePointTeamServices
Host
X-Kinsta-Cache
Server-Name
X-Analytics
Backend-Timing
X-Content-Options
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
X-Correlation-Id
X-User-Agent
X-Revision
X-LB-Cache
X-Debug-Info
X-B3-Traceid
X-Amz-Apigw-Id
X-Rid
X-Amzn-RequestId
X-Az
X-AppVersion
X-Activity-Id
X-Accel-Buffering
FilterID
Accept-Charset
X-Cache-Hit
X-B3-Sampled
X-Cache-2
X-IPLB-Instance
Refresh
Surrogate-Key
X-Grace
X-B
Powered-By-ChinaCache
X-CF-Powered-By
X-DIS-Request-ID
X-Ruxit-Js-Agent
ServerID
X-Page-Id
X-Whom
Server-Info
TP-Cache
TP-L2-Cache
Host-Header
X-Request-Received
X-Request-Processing-Time
MS-CV
X-PHP-Backend
X-Content-Security-Policy-Report-Only
X-App-Environment
VIX-Pulpo-Upstream-Status
Source
X-Varnish-Backend
X-TT
VIX-Pulpo-Node
X-Amz-Replication-Status
X-Cached-By
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Origin-Server
X-UA-Device-Type
X-Cache-Action
X-Platform-Server
X-Framework
X-F-Cache
X-Akamai-Edgescape
X-Cluster
Cache-Status
X-Varnish-Grace
X-Tumblr-Pixel-0
X-Mobile
X-Tumblr-User
X-Tumblr-Pixel
Access-Control-Allow-Method
X-Content-Powered-By
X-Drupal-Cache-Tags
X-Request-Guid
X-FW-Type
X-FB-Debug
X-FW-Hash
X-FW-Serve
X-FW-Static
X-Instance
X-FW-Server
X-Zen-Fury
X-SS-Set-Cookie
X-Forwarded-Host
X-Geo-Country
X-GUploader-UploadID
X-Handled-By
X-Ezoic-Cdn
X-Cache-TTL
X-Shard
X-Magnolia-Registration
X-FastCGI-Cache
X-RateLimit-Limit
Edge-Cache-Tag
PageSpeed
X-Node-Name
From-Origin
X-ATG-Version
X-Cache-Age
X-Varnish-Hostname
X-Varnish-Server
Cache-Tags
X-App-Server
DC
X-BCube-Filmed-By
Cleartype
X-Cache-Control
X-AOL-HN
X-TA-CDN-Provider
X-XRDS-LOCATION
Upgrade-Insecure-Requests
Fastly-Restarts
Healthy
X-Cache-Rule
Payment
Server-Node
X-WebKit-CSP-Report-Only
Filters
X-Generated-By
X-Response-Served-From
X-Region
X-TX-ID
CACHE
X-Adobe-Loc
X-Signature
X-Adobe-Content
X-B-Cache
X-GeoIP
X-Redis-Cache
X-VG-WebCache
Webserver
Ms-Operation-Id
X-UUID
NGB
X-RequestSource
X-Storage
X-RTag
Country
Actual-Object-TTL
X-FW-Dynamic
X-Tumblr-Pixel-1
X-Drupal-Cache-Contexts
X-TT-TIMESTAMP
X-Tumblr-Pixel-2
X-Jobs
X-Cacheable-TTL
Retry-After
Cache-Tv-Group
X-Locale
X-Varnish-Hits
X-Content-Age
GEO-INFO
Powered
ServedBy
Liferay-Portal
Frame-Options
X-Contextid
HitType
X-Rendered-As
X-Seen-By
X-Oneagent-Js-Injection
X-WA-Info
X-Cache-TTL-Remaining
X-Guploader-Uploadid
X-Varnish-IP
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Via-JSL
X-Real-IP
X-Wix-Server-Artifact-Id
X-ProcessESI
X-RemovedCookies
Eomportal-Instance
X-Upgrade-Enabled
X-Cache-NE
Viewport
S-Cnection
X-BACKEND-TTL
X-Dynatrace-Js-Agent
X-Cache-Server
X-Mode
Xserver
X-Esi
Datacenter
X-GRACE
Content-Script-Type
Content-Style-Type
X-Cache-Operation
X-Time
X-Zipkin-Id
X-Hl-Ver
X-Is-Bot
X-Proto
X-RN-RSRV
X-Proxied
X-From
X-Routing-Service
X-Path-Route
Load-Balancing
Cache-Key
Cache-Hits
OT-Force-Account-Verify
X-Varnish-Cache-Hits
Meta-Geo
X-Cache-Enabled
X-Device-Type
X-Detected-As
X-Cache-Var-Map
X-Cache-Var
X-ES-SERVER
Machine
NtCoent-Length
X-Cache-Config
X-S
X-FC-Vary-Parameters
X-VG-TLSProxy
L5d-Success-Class
X-AWS-Id
X-Akamai-Transformed
X-Hosted-By
X-Tb
X-Environment-Context
We-Hiring
X-FB-TRIP-ID
X-VWS-Id
NGX
Mn-Server-Ip
Mail-Subject
X-LJ-Flow-ID
X-L-Path
Vix-Hermes-Req-Id
X-Proxy
X-Viewer-Country
X-FW-Version
X-Labrador-Cache-Channel
X-Birta-Cache-Post
Origin-Edge-Control
Origin-Cache-Control
S-Rt
Access-Control-Request-Headers
X-Debug-Cache
X-Birta-Served
X-EIG-Tracking-Id
X-Loop
X-Web-Node
X-Backend-Name
X-TNCMS
X-ServerID
X-Time-Microsecs
X-Via-Fastly
X-Access
X-Via-CDN
X-Akamai-Request-ID
DB-Nickname
X-Tumblr-Pixel-3
X-Rocket-Nginx-Bypass
X-RCS-CacheZone
X-NCache
Selected-FE
Now
X-Vgn-Hpd-Reason
X-CCM
X-IP
X-Human
X-Proxy-Build
X-JoinUs
X-Origin-Response-Time
X-PCL
X-ProxyCache-Key
X-ProxyCache-Status
X-OCL
X-BYPASS-REASON
X-Timing-Wait
X-Section
X-Format
X-Trace-Id
X-Varnish-Cacheable
Azure-SiteName
Azure-SlotName
Azure-RegionName
X-NWS-LOG-UUID
Azure-InstanceId
Azure-Version
Cache-Tag
TWC-Device-Class
TWC-Connection-Speed
X-Www-Served-By
TWC-GeoIP-Country
TWC-GeoIP-LatLong
Uber-Trace-Id
TWC-Privacy
TWC-Locale-Group
Webcakes-Region
X-Site-Version
Webcakes-App-Version
Webcakes-App-Name
X-Xfnlog-Site
X-Origin-Hint
X-Generated
X-Grey
X-Cache-Category-Id
Property-Id
Decoy-Debug-Status
X-Status
Decoy-Debug-TTL
Decoy-Debug-Key
X-Newrelic-App-Data
X-MP-GENERATED-AT
X-Endurance-Cache-Level
X-R9-Blue-Green-Version
Served-By
X-Internal-Host
X-VC-Cache
X-Rule
X-UA
X-Cache-Remote
X-CDN-Cache
ViewerVersion
X-Wix-Request-Id
X-EdgeConnect-Cache-Status
Release
X-UnsetCookies
LB
AsisCache
X-Cluster-Node
X-Origin-Host
X-Sucuri-ID
X-TIME
Rt-Fastcgi-Cache
Nel
X-App-Name
X-NewRelic-App-Data
X-ApacheServer
X-PERF
X-Source
X-Nginx-Cache
X-B3-Spanid
X-Request-Time
X-APP-VERSION
X-Varnish-Ttl
X-Agile
X-Ua
X-Agile-Age
X-Agile-Id
X-Datadome
User-Agent
Cache-Name
X-App-Version
X-OVcl
X-Origin
X-Hit
X-Goog-Meta-Goog-Reserved-File-Mtime
X-OVcl-Cache
X-VCT
Pagespeed
X-Edge-Location
Warning
Hostname
X-Origin-TTL
X-Origin-CC
X-WPE-Loopback-Upstream-Addr
X-Pubstack
Cross-Origin-Window-Policy
X-Connection-Hash
X-Server-Group
X-Core-Value
X-Debug-Cache-Store
X-Debug-Cookies
SRV
X-Debug-Log
X-Destination
X-SRCache-Key
X-Developer
Ajk
X-Debug-Cache-Fetch
Arc-Country
BehaviorPad-Version
X-D
X-Date
X-Debug-Cache-Expiry
Cache-Prefix
Memcached
Thinkindot-Control
X-Region-Sid
UCS
X-BB-ID
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
Request-Time
Server-Cache-Control
Server-Surrogate-Control
X-Request-UUID
Www
X-A
X-B-Cookie
X-Aed
X-ARC
X-Application
X-Accel-Expires-Debug
X-A-Wwc
X-A-Ccd
X-A-Dam
X-A-Dcw
X-A-Dgt
Request-EU
Request-Country
X-CF-Lambda-Fn
X-Rojux
X-Cache-Info
Lfy
X-S-Cookie
X-CF-Lambda-Version
X-Secret
Fly-Cache
Fly-Request-Id
X-ScT
MD5-Digest
X-DPWN-IS-SECURE
On-Server
Origin
X-Cache-ASPX
Rendered-Blocks
X-Cache-Expires
Node
X-Rewrite-Enabled
Meta-Geo-Continent
X-Cache-Grace
Ec-Rule-Version
X-Trv-Group
X-PAYTM-SRV-ID
X-Generated-In
X-Instart-Isnd
X-Varnish-Authentication
X-Edge-IP
X-External-Request-Id
X-IN-WAF
X-Cdn-Forward
X-Var-Ttl
X-NX-Host
X-NU-AKA-ACS-Version
X-VG-WebServer
X-G
X-Matched-Rule
X-Logtrace-Id
X-Gannett-Site-Version
X-Webstats-RespID
X-NodeID
X-Mobile-URL
X-Up
Xc-Version
X-Hp-Webp
X-Platform
X-Thinkindot-L3
X-Processor
X-Transaction
DSUID
X-IN-APIGATEWAY
X-Twitter-Response-Tags
X-ElasticPress-Search
X-Protected-By
X-Cache-Backend
X-Varnish-Beresp-Grace
User-Cache-Control
X-Varnish-Beresp-Status
X-Cache-Debug
X-Li-Fabric
Pagetype
X-Cache-Bucket
X-Hnp-Log
X-Proxy-Cache-Status
X-Rebelmouse-Cache-Control
X-LI-Proto
X-Cache-Host
X-Rebelmouse-Surrogate-Control
X-Hash
X-Cache-Miss-From
X-LI-UUID
X-Amzn-Remapped-Connection
X-Li-Pop
X-Irp-Debug
Kp-EeAlive
X-Sedo-Request-Id
X-Request-URI
X-Policy
X-Geo-Header
X-Refresh
X-Reboot
X-Info
True-Client-Country-4JS
Server-Int
Server-Host
X-LAGOON
Proxy-Connection
Pramga
X-Key
Web-Mar-Node
X-Gen-Mode
RNT-Time
RNT-Machine
X-Block-Status
HA-Ipaddr
IsBot
Cache-Cookie-Set-From
X-F5-Cache
Backend
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
X-SIPLIST1
X-Crawler
X-Origin-Date
X-Origin-Expires
X-RateLimit-Limit-Second
X-Ocache
X-Eu-Site
X-Sucuri-Cache
X-TT-LOGID
X-Sf
X-ServiceProvider
X-PHP-Host
X-Page-Type
X-Servername
X-Epic-Correlation-Id
X-Amzn-Remapped-Date
X-Qloud-Router
Fastly-SWR
X-CGP
X-Cache-Id
X-No-Session
X-Distributor
X-Swa-Ws
X-Nginx-Cache-Key
X-Varnish-Url
X-Dispatcher-Server
X-RateLimit-Remaining-Second
Country-Code
X-Proxy-Upstream
X-SN
Ha-Gx-Prefs
X-Device-Os
Fastly-SIE
Fastly-Backend-Name
Cteonnt-Length
X-FireWall-Port
X-Distil-CS
X-GeoIP-Country-Code
X-Developers
X-GeoIP-City
X-BBXSRF
X-Level-Front-Cache
X-C
X-Gateway-Cache-Status
X-Cache-FS-Status
X-Gateway-Cache-Key
X-Cms-Context
X-Fetched-On
X-Generated-On
X-Bip
X-Gateway-Skip-Cache
X-Core-Mission
X-Backend-State
X-Skip-Cache
X-ShopId
X-ShardId
X-Shopify-Stage
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
Adler-Geo
AKAMAI
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Apple-News-Services-Handled
X-Thanos
X-TrackingId
X-Location
X-Cdn-Srv
X-Micro-Cache
FNAC-ModuleRouting
X-Real-Ip
ServerName
X-Via-SSL
X-User
X-Ah-Environment
X-Amzn-Remapped-Content-Length
X-Via-Edge
CDCHOST
X-Variation
Is-Eu
X-Alternate-Cache-Key
Magicmarker
Platform
SD-X-WS
N-Cache
Heartbleed
HTTPS
X-Amz-Meta-Cache-Control
X-S-Maxage
Content-Disposition
X-Server-IP
Fastly-SSL
X-Planisys-CDN-TTL
X-Backend-Host
X-Planisys-CDN-Cache
X-Backend-Url
X-Fastly-Cache
X-Planisys-CDN-Rules
X-MSEdge-Flight
Fastly-Soc-X-Request-Id
X-Owner
X-Wikidot-Backend
X-Server-Time
X-Wikidot-Static-Cache
X-MSEdge-Features
X-Auto-Login
X-GZip
X-Varnish-Beresp-Ttl
Server-ID
X-Node-Id
Gh-Request-Id
Cache
X-RateLimit-Reset
MIME-Version
X-Apm-Svc-Key
X-Apm-Inst-Hash
V-Age
X-Cdn-Origin
X-Sn-Servicetimems
X-Org
X-NC
X-FPC
X-Apm-App-Name
X-Exp-Se
Powered-By
X-Pjax-Url
Viewtype
X-ND-Cache
X-Geo
VivaBuild
Rt-Proxy-Cache
X-CUA
REQUESTUUID
X-CACHE-KEY
Section-Io-Cache
X-Load-Cache
Pragrma
X-Gdpr
HostName
X-CDN-Forward
X-Served-From
X-Dc
X-B3-Parentspanid
X-Nc
X-Passed-To-BeforeDispatch
X-Passed-To-DLL
X-Server-By
X-Passed-To-PostProcessResponse
X-Original-Request
X-Returned-From-PostProcessResponse
X-Aicache-OS
X-Returned-From-BeforeDispatch
X-Returned-From
X-Returned-From-DLL
X-Svr
X-Passed-To
X-Actual-URL
X-Stale
X-Parent-Response-Time
X-VServer
Time
X-HS-Cache-Config
X-CSRF-TOKEN
Memory
X-Croise-Owner
Host-ID
X-DC
Fastcgi-Useragent
X-Edge-Server
X-Git-Hash
PICS-Label
Cdn-Request-Time
Cdn-Host
X-Unique-ID
X-Servedbyhost
X-Wa
Wxu-Next-Region
Wxu-Next-Hostname
Wxu-Next-Commit
Resin-Trace
X-Microcachable
CF-IPCountry
X-Oss-Object-Type
ProcessTime
X-Oss-Hash-Crc64ecma
X-Oss-Request-Id
X-Oss-Server-Time
Mime-Version
SID
X-Tb-Optimization-Total-Bytes-Saved
X-Oss-Storage-Class
X-Host-Name
X-Release
X-Cache-HT
X-Optimization
X-V
X-Newrelic-Synthetics
X-ID
AR-SID
X-WebServer
X-TH-Server
X-Lb-Id
Cf-Ipcountry
X-Req
X-From-Cache
Cdn
X-Daa-Tunnel
Odigeo-Trace-Id
X-Phone
X-Varnish-Beresp-TTL
X-APP
X-Upstream-CT
X-HTML-Minification-Powered-By
X-Upstream-HT
X-Instart-Info
X-Ratelimit-Remaining
X-Atg-Version
X-Fstrz
XServer
X-Fastly-Backend-Reqs
Proxy-Firewall
Backend-Name
CF-Cached-On
X-Ratelimit-Limit
X-LB-ID
X-B3-SpanId
X-Response-By
X-Worker
X-WR-MODIFICATION
Processtime
X-Vcl-Version
Public-Key-Pins-Report-Only
X-Server-W
286prxHost
219prxHost
189phosttRef
188prxHost
225prxHost
352pxline
X-Backend-TTL
409pxxline
355prline
GMS-Ver
Xxline
X-Zone
X-Nananana
178proxuri
X-CACHE-AGE
X-CLOUD-TRACE-CONTEXT
X-Check-Cacheable
X-IPS-LoggedIn
WZWS-RAY
Version
X-NGINX-Cache
X-Vcache
Fastcgi-X-Cache-Version
X-GEO
X-WA
Pics-Label
X-HS-Status
X-CSRF-Token
X-Ratelimit-Reset
X-UPSTREAM-Address
Esi-Enabled
X-ServedByHost
X-Amz-Meta-Surrogate-Control
X-URL
X-Akamai-Request-ID2
Lb
GeoIp-Country-Code
Geoip-Latitude
X-VCL-Version
Accept-Language
Mobile-Detection-Method
X-UE-Client-Country
SN
X-AssetVersion
X-Contensis-Viewer-Groups
Countrycode
X-We-Are-Hiring
X-Hyper-Cache
X-Clientip
GW-Server
DataCenter
X-SERVER-NAME
GeoIP-Country-Code
Geoip-City
X-Fastly-Country-Code
GeoIP-City
GeoIP-Latitude
SS
X-SRV
Ohc-File-Size
X-Dynatrace
X-Request-Start
X-Render-Time
X-NWS-UUID-VERIFY
X-RequestId
X-Via-Ucdn
X-Be
X-BE
X-Request-Handler-Origin-Region
X-Microsite
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
Serverid
X-GZIP
WP-Super-Cache
X-CS
X-Urbn-Site-Id
X-Reqid
URI
X-LiteSpeed-Cache-Control
X-GDPR
X-Urbn-Context-Path
X-Via-NSCOPI
X-PF-Uncompressing
X-HS-Combine-CSS
X-ZONE
FSS-Cache
FSS-Proxy
Locale
X-Unique-Id
X-Hello
X-Gen-Id
X-Cdn-Cache
CDN
X-PJAX-URL
X-ABtesting
X-Flog
Amp-Access-Control-Allow-Source-Origin
X-FORWARDED-FOR
X-HostName
Dynatrace
FastCGI-Cache
Ohc-Cache-HIT
X-Fastly-Cache-Hits
RequestUuid
X-Fpc
Cneonction
X-Pf-Uncompressing
IBM-Web2-Location
Dnion-Transfer-Encoding
X-Generation-Time
X-Cache-Ttl
X-LiteSpeed-Tag
X-Test
X-Html-Edge-Cache
X-UCC
X-Store
X-Request-Url
Server-Id
Accept-Ch
A
X-Akamai-SSL-Client-Sid
Requestid
X-Dw-Trace-Id
RequestId
Who
Is-Session-Tracking
Ohc-Response-Time
Get-Access-Time
X-Port
X-Varnish-Action
X-Serial
Frontcache
X-ServerName
NnCoection
X-Cdn-Request-ID
X-HTML-Edge-Cache
X-EC-Lua