Threat Level: green Handler on Duty: Russ McRee

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
X-Powered-By
Link
ETag
CF-RAY
X-XSS-Protection
Expect-CT
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
CF-Cache-Status
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-Xss-Protection
X-AspNet-Version
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
Alt-Svc
X-Check
X-Cacheable
X-Request-ID
Content-Security-Policy-Report-Only
X-Cache-Status
X-Generator
CF-Ray
X-DNS-Prefetch-Control
X-Permitted-Cross-Domain-Policies
X-AspNetMvc-Version
X-Template
X-Language
Status
X-Iinfo
Content-Encoding
Timing-Allow-Origin
X-FRAME-OPTIONS
X-Buckets
X-Content-Security-Policy
Upgrade
X-CDN
Xkey
X-Turbo-Charged-By
X-Kinja-Server-Push
Keep-Alive
Access-Control-Expose-Headers
X-Backend
X-Cache-Group
X-Pass-Why
Access-Control-Max-Age
X-AH-Environment
X-Drupal-Dynamic-Cache
X-Age
X-Ua-Compatible
X-Pingback
X-Server
X-Via
X-Proxy-Cache
X-Amz-Id-2
X-Amz-Request-Id
Grace
X-Hacker
X-Robots-Tag
X-Varnish-Cache
X-Server-Powered-By
X-Page-Speed
X-Nginx-Cache-Status
WPE-Backend
X-UA-Device
EagleId
Request-Context
X-Envoy-Upstream-Service-Time
P3p
Cf-Railgun
X-Amz-Version-Id
X-LiteSpeed-Cache
X-WebKit-CSP
X-Swift-CacheTime
X-Swift-SaveTime
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-OneAgent-JS-Injection
X-Device
Ali-Swift-Global-Savetime
Server-Timing
Allow
X-Ac
X-Rq
X-Node
X-Host
X-CST
Content-Location
Feature-Policy
X-Server-Id
X-Cnection
X-Response-Time
Report-To
X-Backend-Server
X-Cloud-Trace-Context
X-Application-Context
Surrogate-Control
EagleEye-TraceId
X-Type
X-Iejgwucgyu
X-ORACLE-DMS-ECID
X-Url
X-Readtime
Request-Id
X-Origin-Cache
X-Rack-Cache
X-Country
X-FTR-Request-ID
X-Clacks-Overhead
X-Cache-Lookup
X-Country-Code
Rating
NEL
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Instart-Request-ID
X-Ruxit-JS-Agent
X-Vhost
X-DynaTrace
Pinterest-Generated-By
X-Mod-Pagespeed
X-Origin-Upstream-Status
X-Px
X-DataDome
Edge-Control
X-Upstream-Env
X-Goog-Hash
Verso
X-Server-Name
X-HW
Accept-CH
X-ESI
X-Dispatcher
X-ORACLE-DMS-RID
MS-Author-Via
AR-PoweredBy
AR-CACHE
X-VARITI-CCR
AR-ATIME
X-MS-InvokeApp
X-GitHub-Request-Id
X-DataStream-Cache-Status
PB-PID
X-Mobile-Rewrite
PB-RID
Arc-Version
X-Cdn-Fetch
X-Exp-Id
X-Kinja-Revision
X-Kinja-Server
X-Use-Magma
X-Exp-Variant
X-Kinja-Build
X-Kinja
X-GoogleNews-Bot
X-Cached
X-Version
Charset
Content-MD5
X-Powered-By-Plesk
Public-Key-Pins
X-TTL
X-Recruiting
Service-Worker-Allowed
AR-Request-ID
Accept-CH-Lifetime
RTSS
Ar-Sid
X-Abt-Application-Version
X-Navigation-Version
X-D2id
X-PC
X-TtlSet
X-Server-ID
X-Vname
X-Ser
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Varnish-TTL
X-Amz-Server-Side-Encryption
X-Vcap-Request-Id
X-Trace
X-Forwarded-Proto
X-Client-IP
SPRequestGuid
X-DynaTrace-JS-Agent
Nginx-Cache
X-Country-Code-Real
X-FTR-DC
X-FTR-Realm
X-FTR-Cache-Status
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-Backend
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-FTR-Expires
X-VCache
X-Amz-Rid
X-SharePointHealthScore
S
X-Fastly-Request-ID
X-Amz-Meta-S3cmd-Attrs
X-Debug
TCN
DynaTrace
X-Hits
Arr-Disable-Session-Affinity
X-Dw-Request-Base-Id
X-Shield-Request-Id
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
SPIisLatency
SPRequestDuration
Pinterest-Version
X-Upstream-Proxy
X-XRDS-Location
X-Pinterest-Rid
X-Oracle-Dms-Rid
X-Akam-SW-Version
X-SERVER
X-T
X-FTR-Cache-Host
X-Powered-CMS
Access-Control-Request-Method
X-Goog-Storage-Class
X-B3-TraceId
Front-End-Https
X-Aspnet-Version
X-NF-Request-ID
X-Acc-Meta-Resource-Type
Realpath
Tracecode
X-Amzn-Trace-Id
X-MSEdge-Ref
X-Id
X-N
X-Dns-Prefetch-Control
X-Varnish-Age
Fastcgi-Cache
X-Content-Type
Paypal-Debug-Id
X-Forwarded-For
X-Ttl
X-Upstream
X-B3-TraceId-Primal
X-Mrf-Item-Lastmod
MRF-Tech
Mrf-Cache-Status
X-Mrf-Section-Lastmod
Alternate-Protocol
X-RateLimit-Remaining
X-Frontend
X-Logged-In
X-PressLabs-Stats
X-Content-Digest
Fusion-Content-Source
Fusion-Component-Id
Fusion-Template-Id
Fusion-Content-Id
Fusion-Source
X-HS-Content-Id
X-HS-Hub-Id
X-Litespeed-Cache
Display
X-Middleton-Display
X-Sol
AMP-Access-Control-Allow-Source-Origin
X-Fastcgi-Cache
X-Middleton-Response
Response
X-Hostname
X-Cache-Key
X-Accel-Expires
X-Srv
X-Pad
MicrosoftSharePointTeamServices
Host
X-B3-Traceid
X-Kinsta-Cache
Server-Name
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
X-Cdn
Backend-Timing
X-Accel-Buffering
X-Correlation-Id
X-Content-Options
X-Analytics
X-User-Agent
X-Debug-Info
X-Revision
X-LB-Cache
X-Amz-Apigw-Id
X-Az
X-Rid
X-Amzn-RequestId
X-AppVersion
X-Activity-Id
FilterID
X-B3-Sampled
Refresh
X-IPLB-Instance
Accept-Charset
X-Cache-2
X-Cache-Hit
X-Grace
Surrogate-Key
Powered-By-ChinaCache
X-B
X-DIS-Request-ID
X-CF-Powered-By
ServerID
X-Page-Id
X-Whom
Server-Info
X-FastCGI-Cache
TP-Cache
TP-L2-Cache
Host-Header
X-Request-Processing-Time
X-PHP-Backend
X-Request-Received
MS-CV
X-Webkit-CSP
X-Amz-Replication-Status
X-Cached-By
X-Ruxit-Js-Agent
X-Content-Security-Policy-Report-Only
X-App-Environment
VIX-Pulpo-Node
Source
Cache-Status
X-Varnish-Backend
X-Kong-Proxy-Latency
X-TT
VIX-Pulpo-Upstream-Status
X-Origin-Server
X-Kong-Upstream-Latency
X-Cluster
X-Framework
X-Cache-Action
X-Akamai-Edgescape
X-Platform-Server
Access-Control-Allow-Method
X-UA-Device-Type
X-Mobile
X-Varnish-Grace
X-Content-Powered-By
X-Tumblr-User
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-GUploader-UploadID
X-F-Cache
X-Request-Guid
X-FW-Serve
X-Drupal-Cache-Tags
X-FW-Server
X-FW-Static
X-FW-Type
X-FW-Hash
X-FB-Debug
X-Instance
X-RateLimit-Limit
X-SS-Set-Cookie
X-Geo-Country
X-Zen-Fury
X-Ezoic-Cdn
X-Shard
X-Handled-By
X-Forwarded-Host
X-Magnolia-Registration
X-Cache-TTL
Edge-Cache-Tag
From-Origin
X-Node-Name
PageSpeed
X-ATG-Version
X-Cache-Age
X-Varnish-Hostname
X-App-Server
Cache-Tags
X-XRDS-LOCATION
X-Varnish-Server
DC
X-BCube-Filmed-By
Cleartype
X-Cache-Control
X-AOL-HN
CACHE
Healthy
Payment
Upgrade-Insecure-Requests
X-Region
X-Response-Served-From
X-RequestSource
X-WebKit-CSP-Report-Only
X-Generated-By
Filters
X-Cache-Rule
X-Adobe-Content
Server-Node
Fastly-Restarts
X-Adobe-Loc
Webserver
X-TT-TIMESTAMP
NGB
Cache-Tv-Group
X-Storage
X-UUID
X-GeoIP
X-VG-WebCache
Ms-Operation-Id
Country
X-TX-ID
X-RTag
X-Redis-Cache
X-FW-Dynamic
X-Jobs
X-Signature
X-Drupal-Cache-Contexts
Actual-Object-TTL
X-Tumblr-Pixel-2
Retry-After
X-TA-CDN-Provider
X-Tumblr-Pixel-1
X-B-Cache
X-Cacheable-TTL
X-Locale
X-Content-Age
X-Varnish-Hits
GEO-INFO
ServedBy
Powered
Liferay-Portal
Frame-Options
X-Contextid
X-Oneagent-Js-Injection
HitType
X-Rendered-As
X-Seen-By
X-Cache-TTL-Remaining
X-WA-Info
X-Real-IP
X-Wix-Server-Artifact-Id
X-Varnish-IP
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Via-JSL
S-Cnection
X-BACKEND-TTL
X-Guploader-Uploadid
Viewport
X-ProcessESI
Eomportal-Instance
X-RemovedCookies
X-Cache-NE
X-Esi
X-Upgrade-Enabled
NtCoent-Length
X-Mode
X-Cache-Server
Content-Script-Type
Xserver
Content-Style-Type
Datacenter
X-Akamai-Transformed
X-Path-Route
X-Is-Bot
X-Hl-Ver
X-ES-SERVER
X-From
X-Proto
X-Routing-Service
X-RN-RSRV
X-Proxied
X-Device-Type
X-Zipkin-Id
Cache-Key
Cache-Hits
OT-Force-Account-Verify
X-Cache-Operation
X-Varnish-Cache-Hits
Load-Balancing
Meta-Geo
X-Cache-Var-Map
X-Cache-Var
X-Cache-Enabled
Mn-Server-Ip
X-Detected-As
Machine
X-S
X-Cache-Config
NGX
X-Time
X-Hosted-By
X-FC-Vary-Parameters
X-Environment-Context
X-FB-TRIP-ID
X-AWS-Id
X-Tb
X-Proxy
X-L-Path
X-LJ-Flow-ID
X-Origin-Hint
L5d-Success-Class
X-VG-TLSProxy
Mail-Subject
We-Hiring
Property-Id
TWC-GeoIP-Country
X-VWS-Id
Webcakes-Region
Access-Control-Request-Headers
TWC-Connection-Speed
TWC-GeoIP-LatLong
TWC-Locale-Group
Webcakes-App-Version
TWC-Device-Class
Webcakes-App-Name
TWC-Privacy
Vix-Hermes-Req-Id
X-Endurance-Cache-Level
Azure-RegionName
X-Debug-Cache
X-EIG-Tracking-Id
X-Labrador-Cache-Channel
X-Format
Azure-SlotName
Azure-Version
X-FW-Version
Azure-InstanceId
X-Section
X-Access
X-TNCMS
Origin-Edge-Control
S-Rt
X-Viewer-Country
X-Backend-Name
X-Web-Node
X-Time-Microsecs
Origin-Cache-Control
X-Origin-Response-Time
X-Birta-Served
X-Loop
X-Birta-Cache-Post
X-Akamai-Request-ID
Azure-SiteName
X-ServerID
X-BYPASS-REASON
Selected-FE
X-Human
X-ProxyCache-Status
X-ProxyCache-Key
X-Proxy-Build
X-Timing-Wait
X-Trace-Id
X-Vgn-Hpd-Reason
X-Varnish-Cacheable
X-Via-CDN
DB-Nickname
X-JoinUs
X-RCS-CacheZone
X-NCache
Now
X-Rocket-Nginx-Bypass
X-IP
X-Tumblr-Pixel-3
Uber-Trace-Id
Cache-Tag
X-Www-Served-By
X-Via-Fastly
X-Status
Decoy-Debug-Status
Decoy-Debug-Key
X-Cache-Category-Id
X-Grey
X-GRACE
Decoy-Debug-TTL
X-Site-Version
X-PCL
X-OCL
X-Generated
X-MP-GENERATED-AT
X-Newrelic-App-Data
X-NWS-LOG-UUID
X-CCM
X-R9-Blue-Green-Version
X-UA
X-Dynatrace-Js-Agent
X-VC-Cache
Served-By
X-Xfnlog-Site
X-Wix-Request-Id
X-CDN-Cache
ViewerVersion
X-Internal-Host
X-Rule
X-Cache-Remote
X-EdgeConnect-Cache-Status
LB
Release
X-UnsetCookies
AsisCache
X-Origin-Host
X-TIME
X-Sucuri-ID
Nel
X-NewRelic-App-Data
X-Cluster-Node
Rt-Fastcgi-Cache
X-APP-VERSION
X-App-Name
X-ApacheServer
X-PERF
X-B3-Spanid
X-Datadome
X-Nginx-Cache
X-Source
User-Agent
X-Agile
X-Agile-Id
X-Request-Time
X-Agile-Age
X-Ua
Cache-Name
Pagespeed
X-OVcl-Cache
X-OVcl
X-Origin
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Hit
X-Edge-Location
X-VCT
X-App-Version
Warning
X-Pubstack
X-Origin-CC
X-Origin-TTL
X-Aed
Arc-Country
Ajk
X-Var-Ttl
X-Varnish-Authentication
X-A-Dcw
X-Webstats-RespID
X-A-Wwc
X-VG-WebServer
X-Accel-Expires-Debug
X-A-Dgt
Thinkindot-CacheControl-Type
Memcached
MD5-Digest
Meta-Geo-Continent
Node
On-Server
Lfy
Fly-Request-Id
Cache-Prefix
BehaviorPad-Version
Cross-Origin-Window-Policy
Ec-Rule-Version
Fly-Cache
Origin
Rendered-Blocks
UCS
Thinkindot-Control
X-A
X-A-Ccd
Xc-Version
Thinkindot-CacheControl
Server-Surrogate-Control
Request-Country
Request-EU
Request-Time
Server-Cache-Control
X-A-Dam
X-Server-Group
X-IN-WAF
X-Core-Value
X-D
X-IN-APIGATEWAY
X-Hp-Webp
X-Instart-Isnd
X-Logtrace-Id
X-NodeID
X-NU-AKA-ACS-Version
X-Mobile-URL
X-Connection-Hash
X-Matched-Rule
X-Generated-In
X-Gannett-Site-Version
X-DPWN-IS-SECURE
X-External-Request-Id
X-Developer
X-Debug-Cookies
X-Destination
X-F5-Cache
X-G
X-Date
X-Debug-Cache-Expiry
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-NX-Host
X-PAYTM-SRV-ID
X-SRCache-Key
X-Thinkindot-L3
X-Debug-Log
X-Secret
X-ScT
X-Transaction
X-BB-ID
X-Twitter-Response-Tags
X-Up
X-Trv-Group
X-ARC
X-B-Cookie
X-Cache-ASPX
X-S-Cookie
X-Processor
X-Region-Sid
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Platform
X-Cache-Info
X-Request-UUID
X-Rojux
X-Rewrite-Enabled
X-Cache-Expires
X-Cache-Grace
X-Application
Www
X-Sucuri-Cache
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-Ocache
X-Edge-IP
Hostname
X-Cache-Backend
DSUID
User-Cache-Control
X-ElasticPress-Search
X-Protected-By
X-Varnish-Ttl
X-Proxy-Upstream
X-Origin-Expires
X-Ah-Environment
X-Proxy-Cache-Status
X-Amzn-Remapped-Connection
X-Qloud-Router
X-Amzn-Remapped-Date
X-PHP-Host
X-RateLimit-Remaining-Second
Server-Host
Server-Int
RNT-Time
RNT-Machine
Proxy-Connection
X-SIPLIST1
X-Servername
True-Client-Country-4JS
X-Rebelmouse-Cache-Control
X-Block-Status
X-Rebelmouse-Surrogate-Control
X-Reboot
X-Request-URI
X-RateLimit-Limit-Second
X-Cache-Bucket
X-Developers
X-Device-Os
X-Hash
X-Hnp-Log
X-Irp-Debug
X-Info
X-Dispatcher-Server
X-Distil-CS
X-Eu-Site
X-Gen-Mode
X-Epic-Correlation-Id
X-Geo-Header
X-Distributor
X-Key
X-LAGOON
X-Cache-Id
X-No-Session
X-Cache-Host
X-Cache-Debug
X-Origin-Date
Pramga
X-Nginx-Cache-Key
X-CGP
X-Crawler
X-Li-Fabric
X-Li-Pop
X-LI-Proto
X-LI-UUID
X-C
X-ServiceProvider
SRV
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
Backend
Apple-News-Services-Request-Url
N-Cache
Apple-News-Services-Parsed-Url
Magicmarker
IsBot
X-Cache-Miss-From
Fastly-SIE
Fastly-SWR
Country-Code
Ha-Gx-Prefs
Heartbleed
HA-Ipaddr
Apple-News-Services-Host
Cache-Cookie-Set-From
Pagetype
X-Sedo-Request-Id
X-Swa-Ws
X-Refresh
X-SN
X-TT-LOGID
Apple-News-Services-Handled
X-FireWall-Port
Cteonnt-Length
X-MSEdge-Flight
X-Fetched-On
X-Fastly-Cache
X-MSEdge-Features
X-Gateway-Skip-Cache
X-Cache-FS-Status
Fastly-Soc-X-Request-Id
X-Gateway-Cache-Status
Fastly-SSL
Fastly-Backend-Name
X-Location
X-Generated-On
X-Level-Front-Cache
Adler-Geo
AKAMAI
X-GeoIP-Country-Code
CDCHOST
X-Micro-Cache
X-Cdn-Srv
FNAC-ModuleRouting
X-Core-Mission
X-GeoIP-City
Content-Disposition
ServerName
Web-Mar-Node
X-Variation
X-User
X-Varnish-Url
X-Bip
Is-Eu
Kp-EeAlive
X-WPE-Loopback-Upstream-Addr
X-S-Maxage
X-Sf
SD-X-WS
Platform
X-Thanos
X-Gateway-Cache-Key
X-Server-IP
X-TrackingId
HTTPS
X-Via-Edge
X-Backend-State
X-Wikidot-Static-Cache
X-Via-SSL
X-Page-Type
X-Skip-Cache
X-BBXSRF
X-Cdn-Forward
X-Wikidot-Backend
X-Amz-Meta-Cache-Control
X-Policy
X-Amzn-Remapped-Content-Length
X-GZip
X-ShardId
X-ShopId
X-Sorting-Hat-PodId
X-Shopify-Stage
X-Sorting-Hat-ShopId
X-Server-Time
X-Backend-Host
X-Backend-Url
X-Planisys-CDN-Cache
X-Auto-Login
X-RateLimit-Reset
X-Node-Id
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Owner
X-Alternate-Cache-Key
X-Cms-Context
X-Real-Ip
Server-ID
X-Varnish-Beresp-Ttl
Gh-Request-Id
X-CDN-Forward
X-Cdn-Origin
X-Org
X-Sn-Servicetimems
X-Apm-Svc-Key
V-Age
X-Apm-App-Name
X-Apm-Inst-Hash
X-CUA
Powered-By
MIME-Version
X-FPC
Section-Io-Cache
X-NC
X-CACHE-KEY
Cache
X-ND-Cache
REQUESTUUID
Rt-Proxy-Cache
X-Pjax-Url
X-Geo
X-Exp-Se
Pragrma
Viewtype
VivaBuild
HostName
X-Nc
X-Load-Cache
X-Passed-To-DLL
X-Passed-To-PostProcessResponse
X-Passed-To-BeforeDispatch
X-Passed-To
X-Server-By
X-Served-From
X-Returned-From-PostProcessResponse
X-Actual-URL
X-Returned-From
X-Returned-From-BeforeDispatch
X-Returned-From-DLL
X-Dc
X-Aicache-OS
X-Gdpr
X-Stale
X-Svr
X-Original-Request
X-Parent-Response-Time
X-Croise-Owner
X-B3-Parentspanid
X-HS-Cache-Config
X-VServer
Host-ID
Fastcgi-Useragent
X-Edge-Server
Cdn-Request-Time
X-CSRF-TOKEN
PICS-Label
Memory
Cdn-Host
Time
X-DC
X-Unique-ID
Wxu-Next-Commit
Wxu-Next-Hostname
Wxu-Next-Region
X-Git-Hash
X-Microcachable
X-Oss-Object-Type
SID
X-Oss-Server-Time
X-Oss-Storage-Class
X-Oss-Request-Id
X-Wa
CF-IPCountry
Mime-Version
X-Servedbyhost
Resin-Trace
X-Oss-Hash-Crc64ecma
ProcessTime
X-Tb-Optimization-Total-Bytes-Saved
X-ID
AR-SID
X-Cache-HT
X-Optimization
X-V
X-Newrelic-Synthetics
X-Lb-Id
X-Req
X-From-Cache
X-Release
X-Host-Name
Odigeo-Trace-Id
X-WebServer
X-TH-Server
Cdn
X-Varnish-Beresp-TTL
Cf-Ipcountry
X-Phone
X-HTML-Minification-Powered-By
X-Atg-Version
X-Daa-Tunnel
XServer
X-Instart-Info
X-APP
X-Fstrz
Proxy-Firewall
Processtime
CF-Cached-On
X-Upstream-HT
X-Upstream-CT
X-WR-MODIFICATION
X-Response-By
Backend-Name
X-Ratelimit-Remaining
X-Check-Cacheable
X-Fastly-Backend-Reqs
Public-Key-Pins-Report-Only
X-Ratelimit-Limit
X-Vcl-Version
X-Worker
GMS-Ver
X-LB-ID
X-CACHE-AGE
X-CLOUD-TRACE-CONTEXT
189phosttRef
286prxHost
178proxuri
225prxHost
188prxHost
219prxHost
X-Server-W
Xxline
WZWS-RAY
409pxxline
355prline
X-B3-SpanId
352pxline
X-Zone
X-Backend-TTL
X-NGINX-Cache
X-Vcache
X-GEO
X-WA
Fastcgi-X-Cache-Version
X-Nananana
X-IPS-LoggedIn
Version
X-CSRF-Token
X-Amz-Meta-Surrogate-Control
X-Ratelimit-Reset
X-URL
X-HS-Status
Lb
GW-Server
GeoIp-Country-Code
Countrycode
SN
X-ServedByHost
X-Hyper-Cache
X-Clientip
Esi-Enabled
X-UPSTREAM-Address
Mobile-Detection-Method
Geoip-Latitude
Pics-Label
X-We-Are-Hiring
X-UE-Client-Country
DataCenter
X-SERVER-NAME
X-Contensis-Viewer-Groups
Geoip-City
SS
X-VCL-Version
X-Akamai-Request-ID2
X-Fastly-Country-Code
WP-Super-Cache
Accept-Language
X-SRV
X-Dynatrace
Ohc-File-Size
X-Request-Start
X-Render-Time
X-Via-Ucdn
GeoIP-Latitude
GeoIP-Country-Code
GeoIP-City
X-BE
X-AssetVersion
X-GZIP
Serverid
X-NWS-UUID-VERIFY
X-RequestId
X-CS
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
X-GDPR
FSS-Proxy
X-HS-Combine-CSS
X-ZONE
FSS-Cache
X-PF-Uncompressing
X-LiteSpeed-Cache-Control
URI
X-Be
X-Unique-Id
X-Urbn-Site-Id
X-Gen-Id
X-Reqid
X-Urbn-Context-Path
X-PJAX-URL
Locale
X-Via-NSCOPI
CDN
X-HostName
FastCGI-Cache
Amp-Access-Control-Allow-Source-Origin
X-FORWARDED-FOR
Dynatrace
X-Microsite
X-Request-Handler-Origin-Region
Cneonction
X-Pf-Uncompressing
X-Fpc
Ohc-Cache-HIT
RequestUuid
X-Fastly-Cache-Hits
X-Cdn-Cache
X-Cache-Ttl
X-Flog
X-ABtesting
X-Store
X-Hello
X-Html-Edge-Cache
A
X-Generation-Time
IBM-Web2-Location
Dnion-Transfer-Encoding
X-LiteSpeed-Tag
Server-Id
X-Request-Url
Accept-Ch
X-UCC
X-Akamai-SSL-Client-Sid
X-ServerName
Frontcache
NnCoection
X-Dw-Trace-Id
X-PAGE-TYPE
X-Varnish-URL
X-SF
X-Varnish-Action
X-EC-Lua
X-Port
Is-Session-Tracking
Ohc-Response-Time
X-HTML-Edge-Cache
Who
X-Cdn-Request-ID
X-Serial
Get-Access-Time