Threat Level: green Handler on Duty: Russ McRee

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
X-Powered-By
Link
ETag
CF-RAY
X-XSS-Protection
Expect-CT
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
CF-Cache-Status
X-Timer
Access-Control-Allow-Headers
X-Request-Id
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-Xss-Protection
X-Drupal-Cache
X-Adblock-Key
Alt-Svc
X-Check
X-Cacheable
Content-Security-Policy-Report-Only
X-Request-ID
X-Cache-Status
X-Generator
CF-Ray
X-DNS-Prefetch-Control
X-Permitted-Cross-Domain-Policies
X-AspNetMvc-Version
X-Template
X-Language
Status
X-Iinfo
Content-Encoding
Timing-Allow-Origin
X-Buckets
X-FRAME-OPTIONS
X-Content-Security-Policy
Upgrade
Xkey
X-CDN
X-Turbo-Charged-By
X-Kinja-Server-Push
Keep-Alive
Access-Control-Expose-Headers
X-Backend
X-Cache-Group
X-Pass-Why
Access-Control-Max-Age
X-AH-Environment
X-Drupal-Dynamic-Cache
X-Age
X-Ua-Compatible
X-Pingback
X-Server
X-Via
X-Proxy-Cache
Grace
X-Amz-Request-Id
X-Amz-Id-2
X-Hacker
X-Varnish-Cache
WPE-Backend
X-Page-Speed
X-Robots-Tag
X-Server-Powered-By
X-Nginx-Cache-Status
X-UA-Device
EagleId
Request-Context
X-Envoy-Upstream-Service-Time
Cf-Railgun
P3p
X-Amz-Version-Id
X-LiteSpeed-Cache
X-Swift-CacheTime
X-Swift-SaveTime
X-WebKit-CSP
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-OneAgent-JS-Injection
X-Device
Ali-Swift-Global-Savetime
Server-Timing
Allow
X-Ac
X-Rq
X-Node
X-Host
Content-Location
X-Server-Id
X-CST
Feature-Policy
X-Cnection
X-Response-Time
Report-To
X-Backend-Server
X-Cloud-Trace-Context
Surrogate-Control
EagleEye-TraceId
X-Application-Context
X-Type
X-Iejgwucgyu
X-ORACLE-DMS-ECID
X-Url
X-Readtime
X-Origin-Cache
Request-Id
X-Rack-Cache
X-Country
X-FTR-Request-ID
X-Cache-Lookup
X-Clacks-Overhead
X-Country-Code
NEL
Rating
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Instart-Request-ID
X-Vhost
X-DynaTrace
X-Ruxit-JS-Agent
X-Mod-Pagespeed
Pinterest-Generated-By
X-Origin-Upstream-Status
X-DataDome
X-Px
Edge-Control
X-Goog-Hash
X-Upstream-Env
Verso
X-Server-Name
X-HW
X-ESI
Accept-CH
X-Dispatcher
MS-Author-Via
X-VARITI-CCR
AR-ATIME
AR-PoweredBy
AR-CACHE
X-GitHub-Request-Id
X-MS-InvokeApp
PB-PID
PB-RID
X-Mobile-Rewrite
Arc-Version
X-ORACLE-DMS-RID
X-Cdn-Fetch
X-GoogleNews-Bot
X-Exp-Variant
X-Exp-Id
X-Kinja-Server
X-Kinja
X-Use-Magma
X-Kinja-Revision
X-Kinja-Build
X-Cached
X-DataStream-Cache-Status
X-Version
X-TTL
Charset
Content-MD5
X-Powered-By-Plesk
Public-Key-Pins
X-Recruiting
Service-Worker-Allowed
AR-Request-ID
Accept-CH-Lifetime
RTSS
Ar-Sid
X-Abt-Application-Version
X-D2id
X-Navigation-Version
X-Vname
X-PC
X-TtlSet
X-Ser
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Amz-Server-Side-Encryption
X-Server-ID
X-Vcap-Request-Id
X-Varnish-TTL
X-Trace
X-Forwarded-Proto
X-Client-IP
SPRequestGuid
Nginx-Cache
X-FTR-Realm
X-FTR-Backend-Server
X-FTR-DC
X-FTR-Cache-Status
X-FTR-Balancer
X-FTR-Backend
X-Country-Code-Real
X-DynaTrace-JS-Agent
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Goog-Metageneration
X-FTR-Expires
X-Amz-Rid
S
X-Amz-Meta-S3cmd-Attrs
X-SharePointHealthScore
X-Fastly-Request-ID
X-VCache
X-Cdn
X-Debug
X-Oracle-Dms-Rid
TCN
DynaTrace
X-Hits
Arr-Disable-Session-Affinity
X-Shield-Request-Id
X-Dw-Request-Base-Id
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-XRDS-Location
SPRequestDuration
X-Upstream-Proxy
SPIisLatency
X-Akam-SW-Version
Pinterest-Version
X-Pinterest-Rid
X-B3-TraceId
Access-Control-Request-Method
X-Powered-CMS
X-FTR-Cache-Host
X-Goog-Storage-Class
X-T
Front-End-Https
X-SERVER
X-NF-Request-ID
Realpath
X-Acc-Meta-Resource-Type
Tracecode
X-MSEdge-Ref
X-Amzn-Trace-Id
X-Id
X-Aspnet-Version
Fastcgi-Cache
X-N
X-Varnish-Age
X-Content-Type
Paypal-Debug-Id
X-Forwarded-For
X-Upstream
X-Dns-Prefetch-Control
X-Fastcgi-Cache
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
X-B3-TraceId-Primal
Mrf-Cache-Status
MRF-Tech
X-Ttl
Alternate-Protocol
X-Frontend
X-Logged-In
X-PressLabs-Stats
X-HS-Hub-Id
X-Content-Digest
X-HS-Content-Id
Fusion-Content-Source
Fusion-Template-Id
Fusion-Component-Id
Fusion-Content-Id
Fusion-Source
X-RateLimit-Remaining
X-Sol
Display
X-Middleton-Display
X-Hostname
AMP-Access-Control-Allow-Source-Origin
Response
X-Middleton-Response
X-Litespeed-Cache
X-Cache-Key
X-Srv
X-Accel-Expires
X-Pad
X-Webkit-CSP
Host
MicrosoftSharePointTeamServices
X-Kinsta-Cache
Server-Name
X-Content-Options
Backend-Timing
X-Correlation-Id
X-DataStream-MidMile-RTT
X-Analytics
X-DataStream-Origin-MEX-Latency
X-User-Agent
X-LB-Cache
X-Revision
X-Debug-Info
X-B3-Traceid
X-Amz-Apigw-Id
X-AppVersion
X-Az
X-Rid
X-Amzn-RequestId
X-Accel-Buffering
X-Activity-Id
X-Cache-2
X-Cache-Hit
Accept-Charset
X-B3-Sampled
FilterID
X-IPLB-Instance
Refresh
Surrogate-Key
X-B
X-Grace
Powered-By-ChinaCache
ServerID
X-CF-Powered-By
X-DIS-Request-ID
X-Ruxit-Js-Agent
X-Page-Id
X-Whom
Server-Info
TP-L2-Cache
TP-Cache
Host-Header
MS-CV
X-Request-Processing-Time
X-Request-Received
X-PHP-Backend
X-Content-Security-Policy-Report-Only
Cache-Status
Source
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Kong-Upstream-Latency
X-App-Environment
X-Varnish-Backend
X-Origin-Server
X-Cached-By
X-TT
X-Kong-Proxy-Latency
X-Amz-Replication-Status
X-UA-Device-Type
X-Akamai-Edgescape
X-Framework
X-Cache-Action
X-Cluster
X-Platform-Server
X-F-Cache
X-Mobile
X-Tumblr-Pixel-0
X-Tumblr-Pixel
Access-Control-Allow-Method
X-Content-Powered-By
X-Tumblr-User
X-Varnish-Grace
X-Drupal-Cache-Tags
X-FW-Hash
X-FW-Serve
X-FW-Static
X-FW-Server
X-Request-Guid
X-FW-Type
X-FB-Debug
X-Instance
X-Zen-Fury
X-SS-Set-Cookie
X-Geo-Country
X-Forwarded-Host
X-GUploader-UploadID
X-Ezoic-Cdn
X-Handled-By
X-Cache-TTL
X-Magnolia-Registration
X-Shard
X-FastCGI-Cache
Edge-Cache-Tag
X-RateLimit-Limit
PageSpeed
X-Node-Name
From-Origin
X-ATG-Version
X-Varnish-Hostname
X-Cache-Age
Cache-Tags
X-Varnish-Server
X-App-Server
X-BCube-Filmed-By
DC
Cleartype
X-AOL-HN
X-Cache-Control
X-TA-CDN-Provider
X-XRDS-LOCATION
Fastly-Restarts
Upgrade-Insecure-Requests
Healthy
X-Cache-Rule
Payment
Filters
Server-Node
X-Generated-By
X-WebKit-CSP-Report-Only
X-RequestSource
X-Response-Served-From
X-Region
CACHE
X-Adobe-Loc
X-B-Cache
X-Signature
X-Adobe-Content
X-TX-ID
Country
X-Redis-Cache
X-UUID
X-VG-WebCache
NGB
X-GeoIP
Ms-Operation-Id
X-RTag
Webserver
X-Storage
X-TT-TIMESTAMP
X-FW-Dynamic
X-Tumblr-Pixel-2
X-Jobs
X-Drupal-Cache-Contexts
X-Tumblr-Pixel-1
Actual-Object-TTL
X-Cacheable-TTL
Cache-Tv-Group
X-Content-Age
X-Locale
Retry-After
X-Varnish-Hits
Powered
GEO-INFO
ServedBy
Liferay-Portal
Frame-Options
X-Contextid
HitType
X-Rendered-As
X-Seen-By
X-Oneagent-Js-Injection
X-WA-Info
X-Cache-TTL-Remaining
X-Guploader-Uploadid
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Varnish-IP
X-Via-JSL
X-Real-IP
X-Wix-Server-Artifact-Id
X-ProcessESI
X-RemovedCookies
Eomportal-Instance
X-Upgrade-Enabled
X-Cache-NE
Viewport
S-Cnection
X-BACKEND-TTL
X-Dynatrace-Js-Agent
Xserver
X-Cache-Server
X-Mode
X-Esi
Datacenter
X-GRACE
Content-Script-Type
X-Cache-Operation
Content-Style-Type
X-Time
X-Is-Bot
X-Hl-Ver
X-Zipkin-Id
X-From
X-Path-Route
X-RN-RSRV
X-Proxied
X-ES-SERVER
X-Routing-Service
X-Proto
Meta-Geo
Cache-Key
Cache-Hits
OT-Force-Account-Verify
X-Varnish-Cache-Hits
Load-Balancing
Mn-Server-Ip
X-Detected-As
X-Cache-Var-Map
X-Cache-Var
X-Cache-Enabled
X-Device-Type
Machine
NtCoent-Length
X-Cache-Config
X-S
X-FB-TRIP-ID
Access-Control-Request-Headers
X-Environment-Context
L5d-Success-Class
Mail-Subject
X-FC-Vary-Parameters
X-Hosted-By
X-Proxy
X-LJ-Flow-ID
Webcakes-App-Name
X-AWS-Id
X-Origin-Hint
Property-Id
TWC-Locale-Group
TWC-GeoIP-LatLong
TWC-Privacy
Vix-Hermes-Req-Id
We-Hiring
TWC-GeoIP-Country
TWC-Device-Class
X-Tb
Webcakes-Region
Webcakes-App-Version
TWC-Connection-Speed
NGX
X-L-Path
X-Viewer-Country
X-VG-TLSProxy
X-VWS-Id
X-Akamai-Transformed
Azure-SiteName
Azure-Version
X-EIG-Tracking-Id
Azure-RegionName
Azure-InstanceId
X-Format
X-Backend-Name
X-Debug-Cache
S-Rt
Origin-Cache-Control
Origin-Edge-Control
X-Akamai-Request-ID
X-Access
X-Birta-Cache-Post
X-Birta-Served
X-FW-Version
X-Web-Node
Azure-SlotName
X-Loop
X-TNCMS
X-Labrador-Cache-Channel
X-Origin-Response-Time
X-NWS-LOG-UUID
X-Section
X-Time-Microsecs
X-ServerID
X-ProxyCache-Status
X-ProxyCache-Key
Cache-Tag
X-PCL
X-Proxy-Build
X-Xfnlog-Site
X-Tumblr-Pixel-3
X-Rocket-Nginx-Bypass
X-RCS-CacheZone
X-NCache
DB-Nickname
Now
Selected-FE
X-OCL
X-IP
X-JoinUs
X-Varnish-Cacheable
X-Human
X-Trace-Id
X-Vgn-Hpd-Reason
X-Timing-Wait
X-Endurance-Cache-Level
X-CCM
X-Via-Fastly
X-BYPASS-REASON
X-Via-CDN
X-Cache-Category-Id
Uber-Trace-Id
X-Generated
X-Site-Version
X-Grey
X-Www-Served-By
X-MP-GENERATED-AT
X-Status
X-Newrelic-App-Data
Decoy-Debug-TTL
Decoy-Debug-Status
Decoy-Debug-Key
X-R9-Blue-Green-Version
Served-By
X-VC-Cache
X-Internal-Host
X-Rule
X-Cache-Remote
X-UA
LB
X-CDN-Cache
ViewerVersion
X-Wix-Request-Id
X-EdgeConnect-Cache-Status
Release
X-UnsetCookies
AsisCache
X-Cluster-Node
X-Origin-Host
Rt-Fastcgi-Cache
X-Sucuri-ID
X-TIME
Nel
X-NewRelic-App-Data
X-App-Name
X-PERF
X-ApacheServer
X-Nginx-Cache
X-APP-VERSION
X-Source
X-B3-Spanid
X-Varnish-Ttl
X-Request-Time
X-Datadome
X-Agile-Age
X-Agile-Id
X-Ua
X-Agile
User-Agent
X-OVcl-Cache
X-App-Version
Cache-Name
X-OVcl
X-Hit
X-Origin
X-Goog-Meta-Goog-Reserved-File-Mtime
X-VCT
Pagespeed
X-Edge-Location
Hostname
Warning
X-Pubstack
X-Origin-CC
X-Origin-TTL
X-WPE-Loopback-Upstream-Addr
X-Debug-Cookies
Server-Surrogate-Control
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
X-Debug-Log
Server-Cache-Control
Rendered-Blocks
Request-Country
Request-EU
Request-Time
Thinkindot-Control
UCS
X-A-Dgt
Xc-Version
X-A-Wwc
X-Accel-Expires-Debug
X-A-Dcw
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-A
X-A-Ccd
X-A-Dam
Origin
On-Server
Cache-Prefix
Cross-Origin-Window-Policy
X-G
X-Gannett-Site-Version
BehaviorPad-Version
Arc-Country
X-Developer
X-External-Request-Id
X-F5-Cache
Ajk
X-Generated-In
X-Hp-Webp
MD5-Digest
Memcached
Meta-Geo-Continent
Node
X-Destination
Lfy
Ec-Rule-Version
Fly-Cache
Fly-Request-Id
X-Aed
X-Application
X-Server-Group
X-PAYTM-SRV-ID
X-Platform
X-D
X-SRCache-Key
X-DPWN-IS-SECURE
X-Cache-ASPX
X-Cache-Expires
X-Cache-Grace
X-Thinkindot-L3
X-Secret
X-ScT
X-Rojux
X-Rewrite-Enabled
X-Request-UUID
X-CF-Lambda-Fn
X-S-Cookie
X-Region-Sid
X-Core-Value
X-Processor
X-Cache-Info
X-Connection-Hash
X-Transaction
X-NX-Host
X-Instart-Isnd
X-B-Cookie
X-Varnish-Authentication
X-Var-Ttl
X-IN-WAF
SRV
X-Webstats-RespID
X-IN-APIGATEWAY
X-ARC
X-VG-WebServer
X-Up
X-Logtrace-Id
X-NodeID
X-NU-AKA-ACS-Version
X-Trv-Group
X-Date
X-Mobile-URL
X-Debug-Cache-Expiry
X-BB-ID
X-Matched-Rule
X-Twitter-Response-Tags
X-CF-Lambda-Version
Www
X-Cdn-Forward
X-Edge-IP
DSUID
X-Cache-Backend
X-Varnish-Beresp-Grace
X-ElasticPress-Search
X-Protected-By
X-Varnish-Beresp-Status
User-Cache-Control
X-Dispatcher-Server
X-Distil-CS
X-Device-Os
X-Developers
X-Crawler
X-Distributor
X-Hnp-Log
X-CGP
X-Geo-Header
X-Eu-Site
X-Epic-Correlation-Id
X-Hash
X-Gen-Mode
X-Cache-Bucket
Web-Mar-Node
X-Amzn-Remapped-Connection
True-Client-Country-4JS
Server-Int
Server-Host
X-Amzn-Remapped-Date
X-Block-Status
X-Cache-Host
X-Cache-Debug
X-Info
X-C
X-Cache-Id
X-Key
X-Servername
X-ServiceProvider
X-Sf
X-Request-URI
X-Reboot
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-SIPLIST1
X-SN
X-Refresh
X-Sedo-Request-Id
X-Cache-Miss-From
X-Varnish-Url
X-Swa-Ws
X-TT-LOGID
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-LI-Proto
X-LI-UUID
X-Nginx-Cache-Key
X-Li-Pop
X-Li-Fabric
RNT-Time
X-LAGOON
X-No-Session
X-Origin-Date
X-Proxy-Upstream
X-Qloud-Router
X-Proxy-Cache-Status
X-Policy
X-Origin-Expires
X-PHP-Host
X-Irp-Debug
X-Page-Type
X-Ocache
Cache-Cookie-Set-Idcheck
Fastly-SWR
IsBot
Country-Code
Pramga
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
HA-Ipaddr
Pagetype
Ha-Gx-Prefs
Apple-News-Services-Host
Apple-News-Services-Handled
Proxy-Connection
Kp-EeAlive
Cache-Cookie-Set-From
Fastly-Backend-Name
RNT-Machine
X-Sucuri-Cache
CDCHOST
Cache-Cookie-Set-Lfrom
Fastly-SIE
Backend
X-FireWall-Port
Cteonnt-Length
AKAMAI
X-Variation
X-Gateway-Cache-Status
X-Gateway-Cache-Key
X-Real-Ip
HTTPS
X-Gateway-Skip-Cache
X-Via-SSL
Content-Disposition
X-Wikidot-Backend
Is-Eu
X-Wikidot-Static-Cache
X-Via-Edge
X-Fetched-On
X-Thanos
X-ShopId
X-Shopify-Stage
Fastly-Soc-X-Request-Id
Fastly-SSL
X-MSEdge-Features
X-MSEdge-Flight
X-S-Maxage
X-Server-IP
X-ShardId
X-Level-Front-Cache
X-Skip-Cache
X-GeoIP-City
Heartbleed
X-Generated-On
X-GeoIP-Country-Code
X-TrackingId
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
ServerName
X-User
Magicmarker
X-Bip
X-BBXSRF
X-Micro-Cache
X-Location
N-Cache
X-Amz-Meta-Cache-Control
X-Ah-Environment
X-Backend-State
Platform
X-Alternate-Cache-Key
X-Amzn-Remapped-Content-Length
FNAC-ModuleRouting
Adler-Geo
X-Cdn-Srv
X-Cache-FS-Status
X-Cms-Context
SD-X-WS
X-Core-Mission
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Backend-Host
X-Auto-Login
X-Server-Time
X-Fastly-Cache
X-Owner
X-Backend-Url
X-Planisys-CDN-Cache
X-GZip
X-Varnish-Beresp-Ttl
X-RateLimit-Reset
Gh-Request-Id
Server-ID
Cache
X-Node-Id
MIME-Version
X-Apm-Svc-Key
X-Cdn-Origin
X-Sn-Servicetimems
X-Apm-Inst-Hash
V-Age
X-Org
X-Apm-App-Name
X-NC
X-FPC
Viewtype
VivaBuild
X-Exp-Se
REQUESTUUID
X-Pjax-Url
X-CUA
X-ND-Cache
X-Geo
Rt-Proxy-Cache
Powered-By
Section-Io-Cache
X-Load-Cache
X-CACHE-KEY
X-Served-From
X-CDN-Forward
HostName
Pragrma
X-Gdpr
X-Nc
X-B3-Parentspanid
X-Dc
X-Original-Request
X-Server-By
X-Returned-From-BeforeDispatch
X-Passed-To-DLL
X-Actual-URL
X-Returned-From
X-Returned-From-PostProcessResponse
X-Passed-To-PostProcessResponse
X-Svr
X-Returned-From-DLL
X-Passed-To
X-Passed-To-BeforeDispatch
X-Aicache-OS
X-Stale
X-Parent-Response-Time
X-Croise-Owner
X-DC
X-VServer
Host-ID
Memory
Time
X-CSRF-TOKEN
X-HS-Cache-Config
Fastcgi-Useragent
Cdn-Request-Time
Cdn-Host
X-Edge-Server
PICS-Label
X-Git-Hash
Wxu-Next-Hostname
Wxu-Next-Region
Wxu-Next-Commit
X-Unique-ID
X-Wa
Resin-Trace
X-Servedbyhost
CF-IPCountry
X-Microcachable
X-Oss-Storage-Class
X-Oss-Server-Time
X-Oss-Request-Id
ProcessTime
Mime-Version
X-Oss-Hash-Crc64ecma
X-Tb-Optimization-Total-Bytes-Saved
X-Oss-Object-Type
SID
X-Host-Name
X-Release
X-V
X-Newrelic-Synthetics
X-ID
AR-SID
X-Cache-HT
X-Optimization
Cdn
X-TH-Server
X-WebServer
X-Daa-Tunnel
X-From-Cache
Cf-Ipcountry
X-Lb-Id
X-Req
X-Phone
Odigeo-Trace-Id
X-Varnish-Beresp-TTL
X-HTML-Minification-Powered-By
X-APP
X-Upstream-CT
X-Instart-Info
X-Ratelimit-Remaining
X-Upstream-HT
X-Atg-Version
X-Fstrz
Backend-Name
X-Fastly-Backend-Reqs
Processtime
XServer
Proxy-Firewall
X-Ratelimit-Limit
CF-Cached-On
X-Response-By
X-Worker
X-Vcl-Version
X-WR-MODIFICATION
X-LB-ID
X-B3-SpanId
188prxHost
178proxuri
X-Zone
X-Nananana
GMS-Ver
189phosttRef
219prxHost
409pxxline
Xxline
X-Server-W
352pxline
355prline
225prxHost
X-Backend-TTL
Public-Key-Pins-Report-Only
286prxHost
X-CLOUD-TRACE-CONTEXT
X-CACHE-AGE
WZWS-RAY
X-IPS-LoggedIn
X-Check-Cacheable
Version
X-Vcache
Fastcgi-X-Cache-Version
X-WA
X-NGINX-Cache
X-GEO
X-Amz-Meta-Surrogate-Control
Esi-Enabled
X-ServedByHost
X-UPSTREAM-Address
X-Ratelimit-Reset
X-URL
Pics-Label
X-HS-Status
X-CSRF-Token
X-Akamai-Request-ID2
Lb
Geoip-Latitude
GeoIp-Country-Code
GW-Server
X-Clientip
X-UE-Client-Country
X-VCL-Version
X-We-Are-Hiring
Countrycode
SN
X-Hyper-Cache
X-AssetVersion
Accept-Language
X-Contensis-Viewer-Groups
Mobile-Detection-Method
DataCenter
X-Fastly-Country-Code
SS
Geoip-City
X-SERVER-NAME
GeoIP-City
GeoIP-Latitude
GeoIP-Country-Code
X-Dynatrace
Ohc-File-Size
X-SRV
X-NWS-UUID-VERIFY
X-Request-Start
X-Vtex-Processado-Em
X-BE
X-Vtex-Remote-Cache
X-Request-Handler-Origin-Region
X-Microsite
X-Via-Ucdn
X-RequestId
X-Render-Time
X-Be
WP-Super-Cache
X-GZIP
Serverid
X-CS
X-HS-Combine-CSS
X-GDPR
X-Via-NSCOPI
Locale
X-Reqid
X-Urbn-Context-Path
X-Urbn-Site-Id
X-PF-Uncompressing
X-ZONE
URI
FSS-Proxy
X-LiteSpeed-Cache-Control
FSS-Cache
X-Unique-Id
X-ABtesting
X-Gen-Id
X-PJAX-URL
X-Flog
X-Hello
X-Cdn-Cache
CDN
FastCGI-Cache
X-HostName
Dynatrace
X-FORWARDED-FOR
Amp-Access-Control-Allow-Source-Origin
IBM-Web2-Location
Dnion-Transfer-Encoding
X-Fpc
X-Generation-Time
X-Fastly-Cache-Hits
Cneonction
X-Pf-Uncompressing
Ohc-Cache-HIT
RequestUuid
X-Cache-Ttl
X-LiteSpeed-Tag
X-UCC
X-Html-Edge-Cache
Accept-Ch
Server-Id
X-Test
X-Store
A
X-Request-Url
X-Akamai-SSL-Client-Sid
RequestId
Requestid
X-Dw-Trace-Id
Ohc-Response-Time
X-Varnish-Action
X-Cdn-Request-ID
Who
Frontcache
X-HTML-Edge-Cache
X-Serial
NnCoection
Get-Access-Time
Is-Session-Tracking
X-EC-Lua
X-ServerName
X-Port