Threat Level: green Handler on Duty: Russ McRee

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
X-Powered-By
Link
ETag
CF-RAY
X-XSS-Protection
Expect-CT
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
CF-Cache-Status
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-AspNet-Version
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-Xss-Protection
X-Drupal-Cache
X-Adblock-Key
X-Request-ID
Alt-Svc
X-Check
X-Cacheable
Content-Security-Policy-Report-Only
X-Cache-Status
X-Generator
CF-Ray
X-DNS-Prefetch-Control
X-Permitted-Cross-Domain-Policies
X-AspNetMvc-Version
X-Template
X-Language
Status
X-Iinfo
Content-Encoding
Timing-Allow-Origin
X-FRAME-OPTIONS
X-Buckets
X-Content-Security-Policy
Upgrade
X-CDN
Xkey
X-Turbo-Charged-By
X-Kinja-Server-Push
Keep-Alive
Access-Control-Expose-Headers
X-Backend
X-Cache-Group
X-Pass-Why
Access-Control-Max-Age
X-AH-Environment
X-Drupal-Dynamic-Cache
X-Age
X-Ua-Compatible
X-Pingback
X-Server
X-Via
X-Proxy-Cache
Grace
X-Amz-Request-Id
X-Amz-Id-2
X-Hacker
X-Varnish-Cache
X-Robots-Tag
X-Server-Powered-By
X-Nginx-Cache-Status
X-Page-Speed
WPE-Backend
X-UA-Device
EagleId
Request-Context
X-Envoy-Upstream-Service-Time
P3p
Cf-Railgun
X-Amz-Version-Id
X-LiteSpeed-Cache
X-WebKit-CSP
X-Swift-CacheTime
X-Swift-SaveTime
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-OneAgent-JS-Injection
X-Device
Ali-Swift-Global-Savetime
Server-Timing
Allow
X-Ac
X-Rq
X-Node
X-Host
Content-Location
X-CST
Feature-Policy
X-Server-Id
X-Cnection
X-Response-Time
Report-To
X-Backend-Server
X-Cloud-Trace-Context
X-Application-Context
Surrogate-Control
EagleEye-TraceId
X-Type
X-Iejgwucgyu
X-ORACLE-DMS-ECID
X-Url
X-Readtime
Request-Id
X-Origin-Cache
X-Rack-Cache
X-Country
X-FTR-Request-ID
X-Clacks-Overhead
X-Cache-Lookup
X-Country-Code
Rating
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Instart-Request-ID
NEL
X-Vhost
X-DynaTrace
Pinterest-Generated-By
X-Ruxit-JS-Agent
X-Mod-Pagespeed
X-Origin-Upstream-Status
X-DataDome
X-Px
Edge-Control
X-Upstream-Env
X-Goog-Hash
Verso
X-Server-Name
Accept-CH
X-HW
X-ESI
X-Dispatcher
MS-Author-Via
AR-PoweredBy
AR-CACHE
X-VARITI-CCR
AR-ATIME
X-MS-InvokeApp
X-GitHub-Request-Id
X-DataStream-Cache-Status
X-Mobile-Rewrite
PB-PID
Arc-Version
PB-RID
X-Cdn-Fetch
X-Exp-Id
X-GoogleNews-Bot
X-Kinja-Build
X-Kinja
X-Exp-Variant
X-Kinja-Server
X-Use-Magma
X-Kinja-Revision
X-Cached
X-Version
Charset
Content-MD5
X-ORACLE-DMS-RID
X-Powered-By-Plesk
Public-Key-Pins
X-Recruiting
Service-Worker-Allowed
AR-Request-ID
Accept-CH-Lifetime
RTSS
Ar-Sid
X-Abt-Application-Version
X-D2id
X-Navigation-Version
X-TTL
X-TtlSet
X-PC
X-Vname
X-Server-ID
X-Ser
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Varnish-TTL
X-Amz-Server-Side-Encryption
X-Vcap-Request-Id
X-Trace
X-Forwarded-Proto
X-Client-IP
SPRequestGuid
X-DynaTrace-JS-Agent
Nginx-Cache
X-FTR-Backend
X-FTR-DC
X-FTR-Realm
X-FTR-Cache-Status
X-FTR-Balancer
X-FTR-Backend-Server
X-Country-Code-Real
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Generation
X-FTR-Expires
X-Oracle-Dms-Rid
X-Amz-Rid
X-VCache
S
X-SharePointHealthScore
X-Fastly-Request-ID
X-Amz-Meta-S3cmd-Attrs
X-Debug
TCN
Arr-Disable-Session-Affinity
DynaTrace
X-Hits
X-TEC-API-ORIGIN
X-Dw-Request-Base-Id
X-TEC-API-ROOT
X-Shield-Request-Id
X-TEC-API-VERSION
SPIisLatency
SPRequestDuration
X-XRDS-Location
Pinterest-Version
X-Pinterest-Rid
X-Upstream-Proxy
X-Akam-SW-Version
Access-Control-Request-Method
X-FTR-Cache-Host
X-Powered-CMS
X-T
X-SERVER
X-Goog-Storage-Class
X-Ttl
Front-End-Https
X-Aspnet-Version
X-NF-Request-ID
X-Acc-Meta-Resource-Type
Realpath
Tracecode
X-MSEdge-Ref
X-Amzn-Trace-Id
X-Id
X-N
Fastcgi-Cache
X-Varnish-Age
X-Dns-Prefetch-Control
X-B3-TraceId
Paypal-Debug-Id
X-Content-Type
X-Forwarded-For
X-Upstream
Mrf-Cache-Status
X-B3-TraceId-Primal
MRF-Tech
Alternate-Protocol
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
X-Fastcgi-Cache
X-RateLimit-Remaining
X-Frontend
X-Logged-In
X-PressLabs-Stats
X-HS-Content-Id
X-HS-Hub-Id
X-Content-Digest
Fusion-Template-Id
Fusion-Content-Source
Fusion-Source
Fusion-Content-Id
Fusion-Component-Id
X-Sol
X-Litespeed-Cache
Display
X-Middleton-Display
AMP-Access-Control-Allow-Source-Origin
X-Middleton-Response
Response
X-Hostname
X-B3-Traceid
X-Cache-Key
X-Accel-Expires
X-Srv
X-Pad
MicrosoftSharePointTeamServices
Host
X-Kinsta-Cache
Server-Name
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
X-Cdn
Backend-Timing
X-Accel-Buffering
X-Correlation-Id
X-Analytics
X-Content-Options
X-User-Agent
X-Revision
X-Debug-Info
X-LB-Cache
X-Amzn-RequestId
X-Az
X-Rid
X-Amz-Apigw-Id
X-AppVersion
X-Activity-Id
X-B3-Sampled
FilterID
X-Cache-Hit
Accept-Charset
Refresh
X-IPLB-Instance
X-Cache-2
X-Grace
Surrogate-Key
Powered-By-ChinaCache
X-B
X-Ruxit-Js-Agent
X-DIS-Request-ID
X-CF-Powered-By
ServerID
X-Page-Id
X-Whom
Server-Info
TP-Cache
TP-L2-Cache
Host-Header
X-PHP-Backend
X-Request-Received
MS-CV
X-Request-Processing-Time
X-Webkit-CSP
X-Cached-By
X-Amz-Replication-Status
X-Content-Security-Policy-Report-Only
VIX-Pulpo-Node
X-App-Environment
VIX-Pulpo-Upstream-Status
Source
X-Kong-Proxy-Latency
X-Varnish-Backend
X-Origin-Server
X-TT
Cache-Status
X-Kong-Upstream-Latency
X-Framework
X-UA-Device-Type
X-Cache-Action
X-Platform-Server
X-Akamai-Edgescape
X-Cluster
X-Tumblr-Pixel-0
X-Tumblr-User
X-Tumblr-Pixel
X-Varnish-Grace
X-Mobile
Access-Control-Allow-Method
X-Content-Powered-By
X-FW-Hash
X-FW-Server
X-FW-Static
X-Request-Guid
X-FW-Serve
X-FW-Type
X-F-Cache
X-Drupal-Cache-Tags
X-FB-Debug
X-Instance
X-Zen-Fury
X-SS-Set-Cookie
X-FastCGI-Cache
X-RateLimit-Limit
X-Geo-Country
X-Ezoic-Cdn
X-Shard
X-Handled-By
X-Forwarded-Host
X-Cache-TTL
X-Magnolia-Registration
Edge-Cache-Tag
X-GUploader-UploadID
From-Origin
X-Node-Name
PageSpeed
X-ATG-Version
X-Cache-Age
X-Varnish-Hostname
Cache-Tags
X-App-Server
X-Varnish-Server
X-XRDS-LOCATION
DC
Cleartype
X-BCube-Filmed-By
X-AOL-HN
X-Cache-Control
CACHE
Upgrade-Insecure-Requests
Healthy
Payment
X-WebKit-CSP-Report-Only
X-Response-Served-From
X-RequestSource
X-Generated-By
Fastly-Restarts
X-Cache-Rule
Filters
X-Region
X-Adobe-Content
X-TX-ID
X-Adobe-Loc
Server-Node
X-Storage
X-UUID
X-RTag
Country
NGB
X-VG-WebCache
Ms-Operation-Id
X-Redis-Cache
Webserver
X-TT-TIMESTAMP
X-GeoIP
Cache-Tv-Group
X-Jobs
Actual-Object-TTL
X-FW-Dynamic
Retry-After
X-TA-CDN-Provider
X-Tumblr-Pixel-1
X-B-Cache
X-Tumblr-Pixel-2
X-Drupal-Cache-Contexts
X-Signature
X-Locale
X-Content-Age
X-Cacheable-TTL
X-Varnish-Hits
GEO-INFO
ServedBy
Powered
Liferay-Portal
X-Contextid
Frame-Options
X-Oneagent-Js-Injection
HitType
X-Guploader-Uploadid
X-Seen-By
X-Rendered-As
X-Cache-TTL-Remaining
X-Varnish-IP
X-WA-Info
X-Wix-Server-Artifact-Id
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Via-JSL
S-Cnection
X-BACKEND-TTL
Viewport
X-Real-IP
X-RemovedCookies
X-ProcessESI
X-Cache-NE
Eomportal-Instance
X-Esi
X-Upgrade-Enabled
Nel
NtCoent-Length
X-Cache-Server
X-Mode
Content-Script-Type
Content-Style-Type
Xserver
Datacenter
X-Akamai-Transformed
X-Path-Route
X-Is-Bot
X-Hl-Ver
X-From
X-Proto
X-Routing-Service
X-Zipkin-Id
X-RN-RSRV
X-Proxied
X-ES-SERVER
Cache-Key
Cache-Hits
Machine
OT-Force-Account-Verify
X-Cache-Operation
X-Varnish-Cache-Hits
Meta-Geo
Mn-Server-Ip
X-Detected-As
X-Cache-Var-Map
X-Cache-Var
X-Cache-Enabled
X-Device-Type
Load-Balancing
X-S
X-Cache-Config
TWC-Connection-Speed
X-VWS-Id
X-Time
X-Viewer-Country
TWC-Device-Class
TWC-Locale-Group
TWC-GeoIP-LatLong
X-Proxy
X-LJ-Flow-ID
X-VG-TLSProxy
X-FC-Vary-Parameters
X-Tb
Access-Control-Request-Headers
L5d-Success-Class
Mail-Subject
TWC-Privacy
NGX
X-Origin-Hint
Property-Id
TWC-GeoIP-Country
X-L-Path
X-Hosted-By
X-Environment-Context
X-AWS-Id
Vix-Hermes-Req-Id
X-FB-TRIP-ID
We-Hiring
Webcakes-App-Name
Webcakes-App-Version
Webcakes-Region
X-EIG-Tracking-Id
X-Origin-Response-Time
X-Format
Azure-RegionName
Azure-InstanceId
X-Debug-Cache
Azure-SiteName
Azure-SlotName
X-Birta-Served
X-Access
S-Rt
X-Labrador-Cache-Channel
X-Akamai-Request-ID
X-Birta-Cache-Post
Origin-Cache-Control
Origin-Edge-Control
X-Loop
X-FW-Version
Azure-Version
X-Section
X-ServerID
X-Backend-Name
X-Time-Microsecs
X-Endurance-Cache-Level
X-TNCMS
X-Web-Node
X-Trace-Id
X-Varnish-Cacheable
Cache-Tag
X-OCL
X-Vgn-Hpd-Reason
X-NCache
X-ProxyCache-Key
X-Xfnlog-Site
Selected-FE
Now
X-Via-Fastly
X-JoinUs
X-Via-CDN
X-Human
X-Rocket-Nginx-Bypass
X-CCM
X-ProxyCache-Status
X-Proxy-Build
X-IP
X-PCL
DB-Nickname
X-Timing-Wait
X-Tumblr-Pixel-3
X-BYPASS-REASON
X-RCS-CacheZone
X-GRACE
Uber-Trace-Id
X-Generated
X-Grey
X-Cache-Category-Id
X-Www-Served-By
Decoy-Debug-Key
X-Status
X-Site-Version
Decoy-Debug-TTL
Decoy-Debug-Status
X-MP-GENERATED-AT
X-Newrelic-App-Data
X-NWS-LOG-UUID
X-VC-Cache
X-UA
X-R9-Blue-Green-Version
X-Dynatrace-Js-Agent
ViewerVersion
X-Internal-Host
X-CDN-Cache
X-Wix-Request-Id
Served-By
X-Rule
X-Cache-Remote
X-EdgeConnect-Cache-Status
LB
AsisCache
Release
X-UnsetCookies
X-Origin-Host
X-TIME
X-Sucuri-ID
X-Cluster-Node
X-NewRelic-App-Data
Rt-Fastcgi-Cache
X-APP-VERSION
X-App-Name
X-PERF
X-ApacheServer
X-Datadome
X-B3-Spanid
X-Source
X-Nginx-Cache
User-Agent
X-Agile-Id
X-Agile
X-Agile-Age
X-Request-Time
Pagespeed
X-Ua
Cache-Name
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Hit
Hostname
X-OVcl-Cache
X-Origin
X-OVcl
X-VCT
X-Edge-Location
Warning
X-App-Version
X-Pubstack
X-Origin-CC
X-Origin-TTL
X-Debug-Cookies
X-Thinkindot-L3
X-D
X-Transaction
X-Varnish-Authentication
X-Processor
X-Debug-Log
X-Core-Value
X-A
X-Date
X-Var-Ttl
X-PAYTM-SRV-ID
X-Connection-Hash
Www
X-Trv-Group
X-Twitter-Response-Tags
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-Up
X-Platform
X-Debug-Cache-Expiry
X-Ocache
X-BB-ID
X-B-Cookie
X-A-Wwc
X-A-Dgt
Ajk
X-ARC
Arc-Country
X-Aed
X-Request-UUID
X-Accel-Expires-Debug
BehaviorPad-Version
X-Application
X-Cache-ASPX
X-A-Dcw
X-CF-Lambda-Fn
X-Varnish-Beresp-Status
X-CF-Lambda-Version
X-SRCache-Key
X-A-Ccd
X-Cache-Info
X-Sucuri-Cache
X-Cache-Expires
X-A-Dam
X-Cache-Grace
Cross-Origin-Window-Policy
Ec-Rule-Version
X-Region-Sid
Fly-Cache
X-Webstats-RespID
Meta-Geo-Continent
Request-EU
Request-Country
X-Hp-Webp
X-ScT
X-IN-APIGATEWAY
Request-Time
X-Instart-Isnd
MD5-Digest
Memcached
X-IN-WAF
Node
X-S-Cookie
X-Rewrite-Enabled
Rendered-Blocks
Xc-Version
X-F5-Cache
X-External-Request-Id
X-G
X-Gannett-Site-Version
On-Server
X-Rojux
X-DPWN-IS-SECURE
X-Generated-In
Origin
X-Varnish-Beresp-Grace
Lfy
X-Developer
X-NU-AKA-ACS-Version
X-NodeID
Thinkindot-Control
X-NX-Host
Fly-Request-Id
UCS
X-Destination
Cache-Prefix
X-Edge-IP
X-Mobile-URL
X-Server-Group
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
Server-Surrogate-Control
Server-Cache-Control
X-Secret
X-VG-WebServer
X-Logtrace-Id
X-Matched-Rule
X-Varnish-Ttl
X-Cache-Backend
X-Protected-By
User-Cache-Control
DSUID
X-ElasticPress-Search
RNT-Machine
Proxy-Connection
Server-Host
Server-Int
RNT-Time
Web-Mar-Node
True-Client-Country-4JS
X-Page-Type
X-Info
X-Dispatcher-Server
X-Distil-CS
X-RateLimit-Limit-Second
X-Irp-Debug
X-Key
X-Li-Pop
X-Li-Fabric
X-Qloud-Router
X-LAGOON
Pramga
X-RateLimit-Remaining-Second
X-Gen-Mode
X-Reboot
X-Rebelmouse-Surrogate-Control
X-Eu-Site
X-Distributor
X-Geo-Header
X-Rebelmouse-Cache-Control
X-Hnp-Log
X-Hash
X-Device-Os
X-Developers
X-Cache-Debug
X-Cache-Host
X-Cache-Id
X-CGP
X-Cache-Bucket
X-C
X-Amzn-Remapped-Date
X-Request-URI
X-Block-Status
X-Crawler
X-Epic-Correlation-Id
X-No-Session
X-Nginx-Cache-Key
X-LI-UUID
X-LI-Proto
X-Origin-Date
X-Origin-Expires
X-Policy
X-Proxy-Cache-Status
X-Proxy-Upstream
X-Amzn-Remapped-Connection
X-SN
CDCHOST
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
SRV
X-Sf
Fastly-SIE
Fastly-Backend-Name
X-Servername
X-ServiceProvider
Backend
Apple-News-Services-Request-Url
X-TT-LOGID
X-SIPLIST1
X-Swa-Ws
X-PHP-Host
X-Varnish-Url
X-Ah-Environment
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Apple-News-Services-Handled
X-Cache-Miss-From
Country-Code
Heartbleed
X-Refresh
HA-Ipaddr
Magicmarker
X-Sedo-Request-Id
IsBot
Kp-EeAlive
N-Cache
Ha-Gx-Prefs
Fastly-SWR
X-Real-Ip
Pagetype
X-FireWall-Port
Cteonnt-Length
X-Core-Mission
X-Cms-Context
X-Via-Edge
X-Cdn-Forward
X-Via-SSL
X-Thanos
X-Wikidot-Backend
X-Variation
X-WPE-Loopback-Upstream-Addr
X-TrackingId
FNAC-ModuleRouting
X-Gateway-Cache-Status
X-Gateway-Cache-Key
X-Fetched-On
X-GeoIP-Country-Code
X-Gateway-Skip-Cache
X-Cdn-Srv
X-GeoIP-City
X-Location
X-Fastly-Cache
X-Level-Front-Cache
X-MSEdge-Features
X-Generated-On
X-Wikidot-Static-Cache
X-Micro-Cache
ServerName
X-MSEdge-Flight
X-User
X-Amz-Meta-Cache-Control
X-Alternate-Cache-Key
X-Amzn-Remapped-Content-Length
X-Backend-State
X-Bip
X-BBXSRF
Content-Disposition
Fastly-Soc-X-Request-Id
Is-Eu
SD-X-WS
HTTPS
X-S-Maxage
Fastly-SSL
Platform
AKAMAI
X-Server-IP
X-Shopify-Stage
X-Sorting-Hat-ShopId
X-Cache-FS-Status
X-Sorting-Hat-PodId
X-Skip-Cache
X-ShopId
Adler-Geo
X-ShardId
X-GZip
X-Backend-Url
X-Planisys-CDN-Cache
X-Server-Time
X-Owner
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-RateLimit-Reset
X-Backend-Host
X-Node-Id
X-Auto-Login
Server-ID
X-Varnish-Beresp-Ttl
Gh-Request-Id
X-CDN-Forward
X-Apm-Svc-Key
X-Apm-Inst-Hash
X-Org
Powered-By
V-Age
X-Apm-App-Name
MIME-Version
X-Cdn-Origin
X-FPC
X-Sn-Servicetimems
X-CUA
X-NC
Section-Io-Cache
X-CACHE-KEY
Cache
REQUESTUUID
Pragrma
VivaBuild
X-Exp-Se
X-ND-Cache
X-Geo
X-Pjax-Url
Viewtype
Rt-Proxy-Cache
X-Nc
X-Dc
X-Load-Cache
X-Served-From
X-Passed-To-BeforeDispatch
X-Passed-To
X-Passed-To-PostProcessResponse
X-Passed-To-DLL
X-Original-Request
X-Returned-From-DLL
X-Returned-From-BeforeDispatch
X-Server-By
X-Returned-From
X-Actual-URL
X-Svr
X-Stale
X-Gdpr
X-Aicache-OS
X-Returned-From-PostProcessResponse
X-Parent-Response-Time
X-Croise-Owner
X-VServer
HostName
X-HS-Cache-Config
Host-ID
X-B3-Parentspanid
Fastcgi-Useragent
PICS-Label
Time
Memory
X-CSRF-TOKEN
X-Edge-Server
Cdn-Host
Cdn-Request-Time
X-Unique-ID
X-DC
Wxu-Next-Hostname
Wxu-Next-Commit
X-Git-Hash
Wxu-Next-Region
X-Microcachable
X-Servedbyhost
Mime-Version
X-Wa
SID
X-Oss-Request-Id
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
Resin-Trace
X-Oss-Server-Time
X-Oss-Storage-Class
ProcessTime
X-Tb-Optimization-Total-Bytes-Saved
CF-IPCountry
X-ID
X-Optimization
X-Cache-HT
X-Newrelic-Synthetics
AR-SID
X-V
X-Lb-Id
X-Release
X-Req
X-From-Cache
X-Host-Name
Cf-Ipcountry
Cdn
X-WebServer
Odigeo-Trace-Id
X-TH-Server
X-Varnish-Beresp-TTL
X-Phone
X-HTML-Minification-Powered-By
CF-Cached-On
X-Daa-Tunnel
X-Atg-Version
Proxy-Firewall
X-APP
XServer
X-Fstrz
X-Instart-Info
Processtime
X-Upstream-HT
X-Upstream-CT
Backend-Name
X-Vcl-Version
X-WR-MODIFICATION
X-Response-By
X-Ratelimit-Remaining
X-Check-Cacheable
GMS-Ver
Public-Key-Pins-Report-Only
X-Ratelimit-Limit
X-LB-ID
X-Worker
X-Fastly-Backend-Reqs
X-CLOUD-TRACE-CONTEXT
X-CACHE-AGE
X-Zone
409pxxline
Xxline
X-Server-W
355prline
286prxHost
225prxHost
352pxline
189phosttRef
219prxHost
188prxHost
178proxuri
X-B3-SpanId
WZWS-RAY
X-WA
X-NGINX-Cache
Fastcgi-X-Cache-Version
X-GEO
X-IPS-LoggedIn
X-Backend-TTL
X-Nananana
X-Vcache
Version
X-Ratelimit-Reset
X-CSRF-Token
X-HS-Status
X-Amz-Meta-Surrogate-Control
X-ServedByHost
X-URL
Lb
SN
Esi-Enabled
X-UPSTREAM-Address
Countrycode
Pics-Label
X-Clientip
Mobile-Detection-Method
Geoip-Latitude
GeoIp-Country-Code
X-We-Are-Hiring
X-UE-Client-Country
GW-Server
X-Hyper-Cache
DataCenter
Geoip-City
X-SERVER-NAME
SS
X-Akamai-Request-ID2
WP-Super-Cache
X-VCL-Version
X-Contensis-Viewer-Groups
X-Fastly-Country-Code
X-AssetVersion
Ohc-File-Size
Accept-Language
X-SRV
X-Dynatrace
X-Render-Time
X-Via-Ucdn
X-BE
X-Request-Start
GeoIP-City
GeoIP-Latitude
GeoIP-Country-Code
Serverid
X-GZIP
X-GDPR
FSS-Proxy
X-Vtex-Processado-Em
X-RequestId
X-PF-Uncompressing
URI
X-NWS-UUID-VERIFY
FSS-Cache
X-CS
X-HS-Combine-CSS
X-Vtex-Remote-Cache
X-LiteSpeed-Cache-Control
X-Be
X-Unique-Id
X-PJAX-URL
X-Urbn-Site-Id
Locale
X-Reqid
X-Urbn-Context-Path
X-ZONE
CDN
X-Gen-Id
X-Via-NSCOPI
X-HostName
Amp-Access-Control-Allow-Source-Origin
FastCGI-Cache
Dynatrace
X-FORWARDED-FOR
X-Fpc
X-ABtesting
X-Fastly-Cache-Hits
X-Flog
Cneonction
Ohc-Cache-HIT
X-Microsite
RequestUuid
X-Pf-Uncompressing
X-Request-Handler-Origin-Region
X-Hello
X-Cdn-Cache
X-Cache-Ttl
X-Html-Edge-Cache
X-LiteSpeed-Tag
IBM-Web2-Location
Dnion-Transfer-Encoding
X-Request-Url
A
X-Store
X-Generation-Time
Server-Id
Accept-Ch
X-UCC
X-Akamai-SSL-Client-Sid
X-Dw-Trace-Id
Who
Is-Session-Tracking
Ohc-Response-Time
Get-Access-Time
X-Port
X-Varnish-Action
X-Serial
Frontcache
X-ServerName
NnCoection
X-Cdn-Request-ID
X-HTML-Edge-Cache
X-EC-Lua