Threat Level: green Handler on Duty: Russ McRee

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
X-Powered-By
Link
ETag
CF-RAY
X-XSS-Protection
Expect-CT
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
CF-Cache-Status
X-Timer
Access-Control-Allow-Headers
X-Request-Id
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-Xss-Protection
X-Drupal-Cache
X-Adblock-Key
Alt-Svc
X-Check
X-Cacheable
X-Request-ID
Content-Security-Policy-Report-Only
X-Cache-Status
X-Generator
CF-Ray
X-DNS-Prefetch-Control
X-Permitted-Cross-Domain-Policies
X-AspNetMvc-Version
X-Template
X-Language
Status
X-Iinfo
Content-Encoding
Timing-Allow-Origin
X-Buckets
X-FRAME-OPTIONS
X-Content-Security-Policy
Upgrade
Xkey
X-CDN
X-Turbo-Charged-By
X-Kinja-Server-Push
Keep-Alive
Access-Control-Expose-Headers
X-Backend
X-Cache-Group
Access-Control-Max-Age
X-Pass-Why
X-AH-Environment
X-Drupal-Dynamic-Cache
X-Age
X-Ua-Compatible
X-Pingback
X-Server
X-Via
X-Proxy-Cache
Grace
X-Amz-Id-2
X-Amz-Request-Id
X-Hacker
X-Varnish-Cache
WPE-Backend
X-Page-Speed
X-Server-Powered-By
X-Nginx-Cache-Status
X-Robots-Tag
X-UA-Device
EagleId
Request-Context
X-Envoy-Upstream-Service-Time
Cf-Railgun
P3p
X-Amz-Version-Id
X-LiteSpeed-Cache
X-Swift-SaveTime
X-Swift-CacheTime
X-WebKit-CSP
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-OneAgent-JS-Injection
X-Device
Ali-Swift-Global-Savetime
Server-Timing
Allow
X-Ac
X-Rq
X-Node
X-Host
Content-Location
Feature-Policy
X-CST
X-Cnection
X-Server-Id
X-Response-Time
Report-To
X-Backend-Server
X-Cloud-Trace-Context
Surrogate-Control
EagleEye-TraceId
X-Application-Context
X-Type
X-Iejgwucgyu
X-ORACLE-DMS-ECID
X-Readtime
Request-Id
X-Origin-Cache
X-Url
X-Rack-Cache
X-Country
X-FTR-Request-ID
X-Cache-Lookup
X-Clacks-Overhead
X-Country-Code
NEL
Rating
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Instart-Request-ID
X-Ruxit-JS-Agent
X-Vhost
X-DynaTrace
X-Mod-Pagespeed
Pinterest-Generated-By
X-Origin-Upstream-Status
X-DataDome
X-Px
Edge-Control
X-Upstream-Env
X-Goog-Hash
Verso
X-HW
X-Server-Name
Accept-CH
X-ESI
X-Dispatcher
X-ORACLE-DMS-RID
MS-Author-Via
AR-CACHE
AR-ATIME
X-VARITI-CCR
AR-PoweredBy
X-MS-InvokeApp
PB-PID
X-Mobile-Rewrite
Arc-Version
PB-RID
X-GoogleNews-Bot
X-Kinja-Build
X-Kinja-Server
X-Exp-Id
X-Cdn-Fetch
X-Exp-Variant
X-Kinja
X-GitHub-Request-Id
X-Kinja-Revision
X-Use-Magma
X-DataStream-Cache-Status
X-Cached
X-Version
Charset
Content-MD5
Public-Key-Pins
X-Powered-By-Plesk
X-Server-ID
Service-Worker-Allowed
X-Recruiting
AR-Request-ID
X-TTL
Accept-CH-Lifetime
Ar-Sid
RTSS
X-Abt-Application-Version
X-D2id
X-Navigation-Version
X-PC
X-Vname
X-TtlSet
X-Ser
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Varnish-TTL
X-Amz-Server-Side-Encryption
X-Vcap-Request-Id
X-Forwarded-Proto
X-Client-IP
X-Trace
SPRequestGuid
X-DynaTrace-JS-Agent
Nginx-Cache
X-FTR-Balancer
X-FTR-Cache-Status
X-FTR-Backend-Server
X-FTR-Backend
X-FTR-Realm
X-Country-Code-Real
X-FTR-DC
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-FTR-Expires
X-Goog-Stored-Content-Length
X-Amz-Rid
X-VCache
X-XRDS-Location
S
X-SharePointHealthScore
X-Amz-Meta-S3cmd-Attrs
X-Cdn
X-Fastly-Request-ID
X-Debug
TCN
DynaTrace
Arr-Disable-Session-Affinity
X-Hits
X-Shield-Request-Id
X-Dw-Request-Base-Id
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
SPRequestDuration
SPIisLatency
X-Akam-SW-Version
Access-Control-Request-Method
X-B3-TraceId
X-Powered-CMS
X-T
X-FTR-Cache-Host
X-Goog-Storage-Class
X-Pinterest-Rid
X-Upstream-Proxy
Pinterest-Version
X-Oracle-Dms-Rid
Realpath
X-NF-Request-ID
X-SERVER
Front-End-Https
X-Acc-Meta-Resource-Type
Tracecode
X-MSEdge-Ref
X-Amzn-Trace-Id
X-Ttl
X-Id
X-Aspnet-Version
X-Varnish-Age
Fastcgi-Cache
X-N
X-Content-Type
X-Forwarded-For
Paypal-Debug-Id
X-Upstream
X-Dns-Prefetch-Control
Alternate-Protocol
MRF-Tech
X-Mrf-Item-Lastmod
Mrf-Cache-Status
X-B3-TraceId-Primal
X-Mrf-Section-Lastmod
X-RateLimit-Remaining
X-Logged-In
X-Frontend
X-PressLabs-Stats
X-Fastcgi-Cache
X-HS-Content-Id
X-HS-Hub-Id
X-Content-Digest
Fusion-Source
Fusion-Component-Id
Fusion-Content-Source
Fusion-Content-Id
Fusion-Template-Id
Display
X-Middleton-Display
X-Sol
X-Hostname
X-Middleton-Response
AMP-Access-Control-Allow-Source-Origin
Response
X-Litespeed-Cache
X-Accel-Expires
X-Srv
X-Pad
X-Cache-Key
X-Webkit-CSP
Host
MicrosoftSharePointTeamServices
X-Kinsta-Cache
Server-Name
X-DataStream-MidMile-RTT
Backend-Timing
X-DataStream-Origin-MEX-Latency
X-Analytics
X-Correlation-Id
X-User-Agent
X-Content-Options
X-Debug-Info
X-LB-Cache
X-Revision
X-B3-Traceid
X-Az
X-Activity-Id
X-AppVersion
X-Accel-Buffering
X-Amz-Apigw-Id
FilterID
X-Amzn-RequestId
X-Cache-2
X-B3-Sampled
Surrogate-Key
Accept-Charset
X-Rid
Refresh
X-IPLB-Instance
X-Cache-Hit
X-B
Powered-By-ChinaCache
X-DIS-Request-ID
X-CF-Powered-By
ServerID
X-Page-Id
X-Grace
X-Whom
Server-Info
TP-L2-Cache
TP-Cache
X-Request-Received
Host-Header
X-Request-Processing-Time
MS-CV
X-PHP-Backend
Cache-Status
X-FastCGI-Cache
VIX-Pulpo-Node
Source
VIX-Pulpo-Upstream-Status
X-Content-Security-Policy-Report-Only
X-TT
X-Origin-Server
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Varnish-Backend
X-Amz-Replication-Status
X-UA-Device-Type
X-Framework
X-Cached-By
X-Cache-Action
X-Platform-Server
X-Cluster
Access-Control-Allow-Method
X-App-Environment
X-F-Cache
X-Content-Powered-By
X-Varnish-Grace
X-Request-Guid
X-Drupal-Cache-Tags
X-Akamai-Edgescape
X-Mobile
X-FW-Hash
X-FB-Debug
X-FW-Serve
X-FW-Type
X-FW-Static
X-FW-Server
X-Tumblr-User
X-Tumblr-Pixel
X-Ruxit-Js-Agent
X-Tumblr-Pixel-0
X-SS-Set-Cookie
X-Zen-Fury
X-Instance
X-Geo-Country
X-RateLimit-Limit
X-Forwarded-Host
X-GUploader-UploadID
X-Shard
X-Cache-TTL
X-Ezoic-Cdn
X-Handled-By
Edge-Cache-Tag
X-Magnolia-Registration
From-Origin
X-Node-Name
X-ATG-Version
PageSpeed
X-Varnish-Hostname
X-Cache-Age
Cache-Tags
X-BCube-Filmed-By
X-Varnish-Server
X-App-Server
DC
Cleartype
X-AOL-HN
X-Cache-Control
Upgrade-Insecure-Requests
Healthy
Fastly-Restarts
Payment
X-Cache-Rule
X-Response-Served-From
Server-Node
X-RequestSource
Filters
X-Generated-By
X-Region
X-TX-ID
X-Adobe-Loc
X-Adobe-Content
X-WebKit-CSP-Report-Only
X-TT-TIMESTAMP
X-VG-WebCache
NGB
Ms-Operation-Id
X-UUID
X-Storage
Country
X-RTag
X-GeoIP
X-Signature
X-B-Cache
X-Drupal-Cache-Contexts
Webserver
Actual-Object-TTL
X-Jobs
X-Redis-Cache
Cache-Tv-Group
X-Locale
X-FW-Dynamic
X-Cacheable-TTL
Retry-After
X-Content-Age
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-Varnish-Hits
CACHE
X-TA-CDN-Provider
GEO-INFO
X-XRDS-LOCATION
ServedBy
Powered
Liferay-Portal
Frame-Options
X-Contextid
HitType
X-Rendered-As
X-Seen-By
X-Oneagent-Js-Injection
X-WA-Info
X-Real-IP
X-Cache-TTL-Remaining
X-Varnish-IP
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Guploader-Uploadid
X-Via-JSL
X-GRACE
X-Wix-Server-Artifact-Id
Eomportal-Instance
S-Cnection
X-Upgrade-Enabled
X-RemovedCookies
Viewport
X-ProcessESI
X-Cache-NE
X-BACKEND-TTL
X-Time
Xserver
X-Cache-Server
X-Esi
X-Mode
Content-Script-Type
X-Cache-Operation
OT-Force-Account-Verify
Content-Style-Type
X-Cache-Var
Load-Balancing
X-Cache-Var-Map
X-Path-Route
X-Varnish-Cache-Hits
Mn-Server-Ip
Meta-Geo
X-Device-Type
Cache-Key
X-Proto
X-Is-Bot
X-Hl-Ver
X-RN-RSRV
X-ES-SERVER
X-From
X-Detected-As
Machine
X-S
Datacenter
X-Cache-Config
X-FC-Vary-Parameters
X-FB-TRIP-ID
TWC-Privacy
TWC-Locale-Group
TWC-GeoIP-LatLong
Access-Control-Request-Headers
X-LJ-Flow-ID
We-Hiring
X-Akamai-Transformed
Webcakes-App-Version
X-AWS-Id
Webcakes-App-Name
X-Cache-Enabled
TWC-GeoIP-Country
Vix-Hermes-Req-Id
X-Proxied
X-Zipkin-Id
X-Origin-Hint
X-VG-TLSProxy
NGX
X-VWS-Id
Property-Id
L5d-Success-Class
TWC-Device-Class
Webcakes-Region
X-Routing-Service
TWC-Connection-Speed
Mail-Subject
Origin-Edge-Control
S-Rt
Origin-Cache-Control
X-Environment-Context
X-Tb
X-ServerID
X-Section
X-Time-Microsecs
X-TNCMS
X-Backend-Name
X-Web-Node
X-Viewer-Country
X-Origin-Response-Time
X-Loop
X-Birta-Served
X-Birta-Cache-Post
X-Akamai-Request-ID
X-EIG-Tracking-Id
X-Hosted-By
X-Labrador-Cache-Channel
X-L-Path
X-Access
X-Debug-Cache
NtCoent-Length
X-NWS-LOG-UUID
Selected-FE
X-ProxyCache-Status
X-Format
X-Trace-Id
X-Vgn-Hpd-Reason
X-Xfnlog-Site
X-Endurance-Cache-Level
X-Via-CDN
X-ProxyCache-Key
X-Varnish-Cacheable
X-PCL
X-JoinUs
X-IP
X-Human
X-FW-Version
Cache-Tag
X-CCM
Now
X-OCL
X-BYPASS-REASON
X-Proxy-Build
X-Timing-Wait
Azure-InstanceId
Cache-Hits
Azure-Version
Azure-SlotName
Azure-RegionName
Azure-SiteName
X-Rocket-Nginx-Bypass
X-RCS-CacheZone
X-Cache-Category-Id
X-Grey
X-Site-Version
X-Via-Fastly
X-Www-Served-By
X-NCache
X-Proxy
X-Generated
DB-Nickname
X-MP-GENERATED-AT
Uber-Trace-Id
X-Status
Decoy-Debug-Key
Decoy-Debug-Status
X-Newrelic-App-Data
Decoy-Debug-TTL
X-R9-Blue-Green-Version
X-Tumblr-Pixel-3
Served-By
X-Internal-Host
X-VC-Cache
X-Rule
X-Dynatrace-Js-Agent
X-Cache-Remote
X-Wix-Request-Id
ViewerVersion
X-CDN-Cache
LB
X-UnsetCookies
Release
AsisCache
X-EdgeConnect-Cache-Status
X-UA
X-Origin-Host
Rt-Fastcgi-Cache
X-Sucuri-ID
Nel
X-Ua
X-Cluster-Node
X-NewRelic-App-Data
X-App-Name
X-Nginx-Cache
X-Source
X-Request-Time
X-PERF
X-App-Version
X-TIME
Pagespeed
X-ApacheServer
X-Agile-Age
X-Agile-Id
X-Agile
X-Datadome
X-B3-Spanid
User-Agent
X-APP-VERSION
X-Origin
Cache-Name
X-Goog-Meta-Goog-Reserved-File-Mtime
X-VCT
X-Hit
X-OVcl-Cache
X-OVcl
X-Edge-Location
Warning
Hostname
X-Pubstack
X-Origin-CC
X-Origin-TTL
MD5-Digest
X-PAYTM-SRV-ID
Node
Meta-Geo-Continent
On-Server
X-Accel-Expires-Debug
Request-Country
X-ARC
X-SRCache-Key
X-B-Cookie
X-A-Dgt
Request-Time
Request-EU
X-NX-Host
X-A-Wwc
Rendered-Blocks
X-Platform
Origin
Ec-Rule-Version
X-Rojux
X-Mobile-URL
X-S-Cookie
Arc-Country
X-Rewrite-Enabled
Ajk
X-Region-Sid
SRV
User-Cache-Control
X-Request-UUID
BehaviorPad-Version
X-ScT
DSUID
Xc-Version
X-Aed
Fly-Cache
X-Processor
X-A-Dcw
X-Secret
X-Server-Group
Cache-Prefix
Cross-Origin-Window-Policy
Fly-Request-Id
X-A-Ccd
X-Debug-Cache-Expiry
X-Date
X-Application
X-Debug-Cache-Fetch
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
X-Thinkindot-L3
X-NodeID
X-Logtrace-Id
X-D
X-Var-Ttl
X-Transaction
X-Cdn-Forward
X-Debug-Cache-Store
X-Debug-Cookies
X-Debug-Log
X-Destination
X-Twitter-Response-Tags
X-Up
X-DPWN-IS-SECURE
UCS
X-Developer
X-Trv-Group
X-External-Request-Id
X-Core-Value
X-Hp-Webp
X-Cache-ASPX
X-A
X-Cache-Expires
X-Varnish-Authentication
X-BB-ID
X-VG-WebServer
X-IN-WAF
X-A-Dam
X-IN-APIGATEWAY
Thinkindot-Control
X-Generated-In
Server-Cache-Control
X-G
X-CF-Lambda-Version
X-Matched-Rule
X-Connection-Hash
X-CF-Lambda-Fn
X-Cache-Grace
Server-Surrogate-Control
X-NU-AKA-ACS-Version
Www
X-Gannett-Site-Version
X-Edge-IP
X-ElasticPress-Search
X-Varnish-Beresp-Status
X-Cache-Backend
X-Varnish-Beresp-Grace
X-Protected-By
Proxy-Connection
X-Distributor
X-LI-Proto
X-Dispatcher-Server
X-Distil-CS
X-Epic-Correlation-Id
RNT-Time
RNT-Machine
X-Eu-Site
X-SIPLIST1
X-Page-Type
X-Instart-Isnd
Memcached
X-F5-Cache
X-Origin-Expires
X-Origin-Date
Pagetype
X-SN
X-WPE-Loopback-Upstream-Addr
X-Device-Os
X-Developers
X-Webstats-RespID
X-Cache-Info
X-CGP
X-Varnish-Url
X-Cache-Id
X-Cache-Host
X-Cache-Miss-From
X-Block-Status
X-C
X-Cache-Debug
X-Rebelmouse-Surrogate-Control
Web-Mar-Node
X-Sedo-Request-Id
X-Swa-Ws
Server-Int
X-Li-Fabric
X-LI-UUID
X-TT-LOGID
X-No-Session
X-Crawler
True-Client-Country-4JS
X-Refresh
Server-Host
X-Li-Pop
Cache-Cookie-Set-Lfrom
CDCHOST
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
X-LAGOON
X-RateLimit-Limit-Second
Lfy
X-Proxy-Cache-Status
Country-Code
X-Hnp-Log
X-Proxy-Upstream
X-Key
Apple-News-Services-Request-Url
X-Request-URI
X-RateLimit-Remaining-Second
X-Rebelmouse-Cache-Control
X-Reboot
X-Sucuri-Cache
X-Info
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Apple-News-Services-Handled
X-Ocache
X-Hash
X-Qloud-Router
X-Gen-Mode
X-Policy
X-Geo-Header
X-Servername
HA-Ipaddr
Kp-EeAlive
IsBot
X-PHP-Host
X-Sf
Ha-Gx-Prefs
X-ServiceProvider
Fastly-Backend-Name
Fastly-SIE
Fastly-SWR
Cache
Cteonnt-Length
X-Varnish-Ttl
X-FireWall-Port
X-Gateway-Cache-Key
X-Fetched-On
X-Cache-Bucket
X-Gateway-Cache-Status
X-Bip
X-Backend-State
X-Irp-Debug
X-GeoIP-Country-Code
X-GeoIP-City
FNAC-ModuleRouting
X-Core-Mission
X-Gateway-Skip-Cache
X-Location
X-Level-Front-Cache
X-Cms-Context
X-Generated-On
X-Nginx-Cache-Key
Adler-Geo
Fastly-Soc-X-Request-Id
AKAMAI
X-S-Maxage
Backend
X-Thanos
X-ShardId
X-User
Is-Eu
X-TrackingId
X-Ah-Environment
Heartbleed
SD-X-WS
N-Cache
X-Shopify-Stage
Magicmarker
Content-Disposition
Platform
HTTPS
X-Sorting-Hat-ShopId
Pramga
X-Server-IP
X-Sorting-Hat-PodId
X-Variation
Fastly-SSL
X-Amzn-Remapped-Content-Length
X-MSEdge-Flight
X-Amzn-Remapped-Connection
X-MSEdge-Features
X-Alternate-Cache-Key
X-Via-Edge
X-Via-SSL
X-ShopId
X-Amzn-Remapped-Date
ServerName
X-Backend-Url
X-BBXSRF
X-Owner
X-Fastly-Cache
X-Skip-Cache
X-Cdn-Srv
X-Wikidot-Static-Cache
X-Micro-Cache
X-CACHE-KEY
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Wikidot-Backend
X-Server-Time
X-Planisys-CDN-TTL
X-Backend-Host
X-Cache-FS-Status
X-Auto-Login
X-Amz-Meta-Cache-Control
X-Varnish-Beresp-Ttl
X-GZip
X-RateLimit-Reset
X-Node-Id
Gh-Request-Id
Server-ID
MIME-Version
X-Real-Ip
X-Apm-Inst-Hash
X-Apm-App-Name
V-Age
X-Apm-Svc-Key
X-Org
X-NC
X-Sn-Servicetimems
X-Cdn-Origin
X-ND-Cache
Rt-Proxy-Cache
X-Exp-Se
X-Pjax-Url
REQUESTUUID
Viewtype
VivaBuild
X-CUA
X-FPC
Powered-By
Section-Io-Cache
X-Load-Cache
X-Served-From
Pragrma
HostName
X-Geo
X-CDN-Forward
X-B3-Parentspanid
X-Nc
X-Returned-From
X-Returned-From-DLL
X-Passed-To-PostProcessResponse
X-Passed-To-BeforeDispatch
X-Passed-To-DLL
X-Gdpr
X-Returned-From-PostProcessResponse
X-Passed-To
X-Stale
X-Dc
X-Aicache-OS
X-Svr
X-Server-By
X-CSRF-TOKEN
X-Returned-From-BeforeDispatch
X-Original-Request
X-Actual-URL
X-Parent-Response-Time
X-VServer
X-HS-Cache-Config
Host-ID
X-DC
X-Croise-Owner
Fastcgi-Useragent
Memory
Cdn-Request-Time
Cdn-Host
Wxu-Next-Commit
X-Wa
X-Edge-Server
X-Servedbyhost
Wxu-Next-Hostname
Wxu-Next-Region
Time
X-Unique-ID
Resin-Trace
X-Git-Hash
PICS-Label
ProcessTime
X-Microcachable
CF-IPCountry
X-Oss-Storage-Class
X-Oss-Server-Time
X-Oss-Hash-Crc64ecma
X-Oss-Request-Id
X-Oss-Object-Type
SID
Mime-Version
X-Tb-Optimization-Total-Bytes-Saved
X-Host-Name
X-Release
X-Cache-HT
X-Newrelic-Synthetics
X-Optimization
X-V
X-ID
AR-SID
X-From-Cache
X-WebServer
Cdn
X-TH-Server
X-Req
Cf-Ipcountry
X-Daa-Tunnel
X-URL
X-Lb-Id
Odigeo-Trace-Id
X-Phone
X-Varnish-Beresp-TTL
X-Upstream-CT
X-Instart-Info
X-Upstream-HT
X-HTML-Minification-Powered-By
X-Atg-Version
Proxy-Firewall
X-Fstrz
X-Fastly-Backend-Reqs
X-LB-ID
XServer
X-APP
Backend-Name
CF-Cached-On
X-Response-By
X-B3-SpanId
X-Worker
X-WR-MODIFICATION
Processtime
X-Ratelimit-Remaining
189phosttRef
X-Vcl-Version
355prline
286prxHost
219prxHost
X-Backend-TTL
188prxHost
X-Server-W
Xxline
225prxHost
178proxuri
409pxxline
Public-Key-Pins-Report-Only
X-Ratelimit-Limit
GMS-Ver
X-Nananana
352pxline
X-CACHE-AGE
X-CLOUD-TRACE-CONTEXT
X-Check-Cacheable
X-IPS-LoggedIn
WZWS-RAY
X-Zone
Version
Pics-Label
X-GEO
X-NGINX-Cache
X-Vcache
Fastcgi-X-Cache-Version
X-Amz-Meta-Surrogate-Control
X-HS-Status
X-WA
X-UPSTREAM-Address
X-Ratelimit-Reset
Lb
X-Akamai-Request-ID2
Mobile-Detection-Method
Esi-Enabled
SN
X-ServedByHost
X-VCL-Version
Accept-Language
Countrycode
X-CSRF-Token
GeoIP-City
X-UE-Client-Country
GeoIP-Latitude
X-AssetVersion
X-We-Are-Hiring
GW-Server
X-Clientip
X-Hyper-Cache
X-Contensis-Viewer-Groups
GeoIP-Country-Code
DataCenter
SS
X-Via-Ucdn
X-Fastly-Country-Code
Geoip-Latitude
GeoIp-Country-Code
X-SERVER-NAME
X-SRV
X-Dynatrace
Ohc-File-Size
X-BE
X-Request-Start
X-Vtex-Processado-Em
X-NWS-UUID-VERIFY
X-RequestId
X-Be
X-Request-Handler-Origin-Region
X-Vtex-Remote-Cache
Geoip-City
X-GDPR
X-Microsite
X-Render-Time
X-GZIP
Serverid
WP-Super-Cache
URI
X-Urbn-Context-Path
X-Via-NSCOPI
Locale
X-HS-Combine-CSS
X-Urbn-Site-Id
X-CS
X-LiteSpeed-Cache-Control
X-PF-Uncompressing
X-ZONE
FSS-Proxy
FSS-Cache
X-Reqid
X-Unique-Id
X-ABtesting
X-Gen-Id
CDN
X-PJAX-URL
X-Cdn-Cache
X-Flog
X-Hello
FastCGI-Cache
X-FORWARDED-FOR
X-HostName
Amp-Access-Control-Allow-Source-Origin
Dynatrace
IBM-Web2-Location
Ohc-Cache-HIT
X-Fpc
RequestUuid
X-Generation-Time
X-Fastly-Cache-Hits
X-Pf-Uncompressing
Cneonction
Dnion-Transfer-Encoding
X-Cache-Ttl
X-LiteSpeed-Tag
Accept-Ch
X-Request-Url
A
Server-Id
X-Test
X-UCC
X-Html-Edge-Cache
X-Store
X-Akamai-SSL-Client-Sid
RequestId
X-Dw-Trace-Id
Requestid
Who
Get-Access-Time
NnCoection
X-Serial
X-Cdn-Request-ID
Frontcache
X-ServerName
Ohc-Response-Time
X-Port
X-HTML-Edge-Cache
X-EC-Lua
Is-Session-Tracking
X-Varnish-Action