Threat Level: green Handler on Duty: Russ McRee

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
X-Powered-By
Link
ETag
CF-RAY
X-XSS-Protection
Expect-CT
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
CF-Cache-Status
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-Xss-Protection
X-Drupal-Cache
X-Adblock-Key
Alt-Svc
X-Check
X-Cacheable
Content-Security-Policy-Report-Only
X-Cache-Status
X-Generator
X-Request-ID
CF-Ray
X-DNS-Prefetch-Control
X-Permitted-Cross-Domain-Policies
X-AspNetMvc-Version
X-Template
X-Language
Status
X-Iinfo
Content-Encoding
Timing-Allow-Origin
X-FRAME-OPTIONS
X-Content-Security-Policy
X-Buckets
Upgrade
Xkey
X-CDN
X-Turbo-Charged-By
X-Kinja-Server-Push
Keep-Alive
Access-Control-Expose-Headers
X-Backend
X-Cache-Group
Access-Control-Max-Age
X-Pass-Why
X-AH-Environment
X-Drupal-Dynamic-Cache
X-Age
X-Ua-Compatible
X-Pingback
X-Server
X-Via
X-Proxy-Cache
Grace
X-Amz-Id-2
X-Amz-Request-Id
X-Hacker
X-Varnish-Cache
X-Page-Speed
X-Robots-Tag
X-Server-Powered-By
X-Nginx-Cache-Status
WPE-Backend
X-UA-Device
EagleId
Request-Context
X-Envoy-Upstream-Service-Time
P3p
Cf-Railgun
X-Amz-Version-Id
X-LiteSpeed-Cache
X-Swift-CacheTime
X-Swift-SaveTime
X-WebKit-CSP
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-OneAgent-JS-Injection
X-Device
Ali-Swift-Global-Savetime
Server-Timing
Allow
X-Ac
X-Rq
X-Node
X-Host
X-Server-Id
Content-Location
Feature-Policy
X-CST
X-Cnection
X-Response-Time
Report-To
X-Backend-Server
X-Cloud-Trace-Context
EagleEye-TraceId
X-Application-Context
Surrogate-Control
X-ORACLE-DMS-ECID
X-Iejgwucgyu
X-Url
X-Readtime
X-Origin-Cache
Request-Id
X-Rack-Cache
X-Type
X-Country
X-FTR-Request-ID
X-Cache-Lookup
X-Clacks-Overhead
X-Country-Code
Rating
NEL
X-EdgeConnect-MidMile-RTT
X-Instart-Request-ID
X-EdgeConnect-Origin-MEX-Latency
X-Ruxit-JS-Agent
X-Vhost
X-DynaTrace
Pinterest-Generated-By
X-Mod-Pagespeed
X-Origin-Upstream-Status
X-DataDome
Edge-Control
X-Px
X-Goog-Hash
X-Upstream-Env
X-Server-Name
X-HW
Verso
Accept-CH
X-Dispatcher
X-ORACLE-DMS-RID
MS-Author-Via
X-ESI
X-VARITI-CCR
AR-CACHE
AR-ATIME
AR-PoweredBy
PB-PID
PB-RID
X-Mobile-Rewrite
Arc-Version
X-MS-InvokeApp
X-Exp-Id
X-Exp-Variant
X-Cdn-Fetch
X-Use-Magma
X-GitHub-Request-Id
X-Kinja-Revision
X-GoogleNews-Bot
X-Kinja-Build
X-DataStream-Cache-Status
X-Kinja-Server
X-Kinja
X-Cached
X-Version
Content-MD5
X-Powered-By-Plesk
Public-Key-Pins
Charset
X-TTL
X-Recruiting
Service-Worker-Allowed
AR-Request-ID
Accept-CH-Lifetime
RTSS
Ar-Sid
X-Abt-Application-Version
X-D2id
X-Navigation-Version
X-PC
X-Vname
X-TtlSet
X-Amz-Server-Side-Encryption
X-Ser
X-Varnish-TTL
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Vcap-Request-Id
X-Trace
X-Forwarded-Proto
X-Client-IP
SPRequestGuid
Nginx-Cache
X-Server-ID
X-FTR-Backend-Server
X-FTR-Cache-Status
X-Country-Code-Real
X-FTR-DC
X-FTR-Balancer
X-FTR-Backend
X-FTR-Realm
X-Cdn
X-FTR-Expires
X-Goog-Stored-Content-Length
X-DynaTrace-JS-Agent
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Goog-Metageneration
X-Amz-Meta-S3cmd-Attrs
S
X-Amz-Rid
X-SharePointHealthScore
X-VCache
DynaTrace
X-Fastly-Request-ID
X-Debug
X-XRDS-Location
TCN
X-Hits
X-Dw-Request-Base-Id
Arr-Disable-Session-Affinity
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Shield-Request-Id
X-TEC-API-VERSION
SPRequestDuration
SPIisLatency
X-Akam-SW-Version
Pinterest-Version
X-Upstream-Proxy
X-Pinterest-Rid
X-Oracle-Dms-Rid
X-Powered-CMS
X-T
Access-Control-Request-Method
X-FTR-Cache-Host
X-SERVER
X-Goog-Storage-Class
X-B3-TraceId
X-Id
X-Aspnet-Version
X-NF-Request-ID
X-Acc-Meta-Resource-Type
Realpath
Front-End-Https
Tracecode
X-MSEdge-Ref
X-Amzn-Trace-Id
Fastcgi-Cache
X-Dns-Prefetch-Control
X-Varnish-Age
X-N
X-Content-Type
Paypal-Debug-Id
X-Ttl
X-Upstream
X-Forwarded-For
Alternate-Protocol
MRF-Tech
X-Mrf-Item-Lastmod
X-B3-TraceId-Primal
Mrf-Cache-Status
X-Mrf-Section-Lastmod
X-RateLimit-Remaining
X-Frontend
X-PressLabs-Stats
X-HS-Hub-Id
X-HS-Content-Id
X-Logged-In
X-Content-Digest
Fusion-Content-Id
Fusion-Component-Id
Fusion-Content-Source
Fusion-Template-Id
Fusion-Source
X-Litespeed-Cache
X-Cache-Key
Display
X-Fastcgi-Cache
X-Middleton-Display
X-Sol
X-Hostname
X-Middleton-Response
Response
X-Srv
AMP-Access-Control-Allow-Source-Origin
X-Accel-Expires
X-Webkit-CSP
X-Pad
Host
MicrosoftSharePointTeamServices
Server-Name
X-B3-Traceid
X-Kinsta-Cache
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
X-Correlation-Id
X-Analytics
Backend-Timing
X-Content-Options
X-Debug-Info
X-Rid
X-User-Agent
X-Cache-2
X-Revision
X-IPLB-Instance
X-Cache-Hit
X-LB-Cache
X-B3-Sampled
X-Az
X-Amz-Apigw-Id
X-AppVersion
X-Activity-Id
X-Amzn-RequestId
Surrogate-Key
X-Grace
Accept-Charset
FilterID
Refresh
X-Accel-Buffering
ServerID
X-B
Powered-By-ChinaCache
X-CF-Powered-By
X-DIS-Request-ID
X-Whom
X-Page-Id
X-Request-Processing-Time
Server-Info
X-Request-Received
TP-Cache
X-FastCGI-Cache
TP-L2-Cache
MS-CV
Host-Header
X-PHP-Backend
X-Varnish-Backend
X-Ruxit-Js-Agent
Cache-Status
X-Cached-By
X-App-Environment
Source
X-Kong-Proxy-Latency
X-Content-Security-Policy-Report-Only
X-Kong-Upstream-Latency
X-Origin-Server
X-Akamai-Edgescape
X-Cache-Action
X-Amz-Replication-Status
X-Tumblr-Pixel-0
X-UA-Device-Type
X-Tumblr-Pixel
X-Platform-Server
X-TT
X-F-Cache
X-Framework
X-Tumblr-User
VIX-Pulpo-Node
X-Cluster
X-Varnish-Grace
Access-Control-Allow-Method
VIX-Pulpo-Upstream-Status
X-Mobile
X-FW-Static
X-Instance
X-FW-Hash
X-FW-Serve
X-GUploader-UploadID
X-Drupal-Cache-Tags
X-Request-Guid
X-FW-Type
X-Content-Powered-By
X-FW-Server
X-FB-Debug
X-RateLimit-Limit
X-SS-Set-Cookie
X-Zen-Fury
X-Forwarded-Host
X-Geo-Country
PageSpeed
X-Cache-TTL
Edge-Cache-Tag
X-Ezoic-Cdn
X-Handled-By
X-Shard
X-Node-Name
X-Magnolia-Registration
From-Origin
X-Varnish-Hostname
X-ATG-Version
X-Cache-Age
Cache-Tags
X-TA-CDN-Provider
X-Varnish-Server
X-BCube-Filmed-By
X-App-Server
DC
X-AOL-HN
X-Cache-Control
Cleartype
Fastly-Restarts
Upgrade-Insecure-Requests
Healthy
X-Cache-Rule
X-Region
Server-Node
X-RequestSource
Payment
Filters
X-Response-Served-From
X-Adobe-Loc
X-TX-ID
X-Signature
X-B-Cache
X-Adobe-Content
Country
X-Generated-By
X-WebKit-CSP-Report-Only
X-Storage
X-UUID
X-TT-TIMESTAMP
X-RTag
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-Redis-Cache
Webserver
Actual-Object-TTL
NGB
X-GeoIP
Ms-Operation-Id
X-VG-WebCache
Cache-Tv-Group
X-Drupal-Cache-Contexts
X-FW-Dynamic
X-Jobs
Retry-After
X-Varnish-Hits
X-XRDS-LOCATION
X-Content-Age
X-Locale
X-Cacheable-TTL
Powered
GEO-INFO
CACHE
ServedBy
Frame-Options
Liferay-Portal
X-Contextid
X-Esi
X-Oneagent-Js-Injection
HitType
X-Rendered-As
X-WA-Info
X-Seen-By
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Varnish-IP
X-Cache-TTL-Remaining
X-Via-JSL
X-Cache-NE
X-RemovedCookies
X-ProcessESI
X-Guploader-Uploadid
S-Cnection
Eomportal-Instance
X-Real-IP
X-Dynatrace-Js-Agent
X-BACKEND-TTL
X-Upgrade-Enabled
Viewport
X-Cache-Server
X-Mode
X-Wix-Server-Artifact-Id
X-Cache-Operation
X-Varnish-Cache-Hits
NtCoent-Length
X-Is-Bot
X-From
X-ES-SERVER
X-Device-Type
X-Path-Route
X-RN-RSRV
X-Zipkin-Id
X-Routing-Service
X-Detected-As
X-Proxied
X-Proto
X-Cache-Var
Cache-Key
Cache-Hits
OT-Force-Account-Verify
Content-Style-Type
Load-Balancing
Meta-Geo
Content-Script-Type
X-Cache-Enabled
Mn-Server-Ip
X-Cache-Var-Map
Machine
X-Time
X-Newrelic-App-Data
Datacenter
X-S
X-FB-TRIP-ID
TWC-Connection-Speed
TWC-Device-Class
X-Akamai-Transformed
TWC-GeoIP-LatLong
Mail-Subject
TWC-GeoIP-Country
X-Tb
X-Environment-Context
X-LJ-Flow-ID
NGX
X-Origin-Hint
X-Proxy
Property-Id
L5d-Success-Class
X-Hosted-By
X-L-Path
X-AWS-Id
X-Hl-Ver
X-Viewer-Country
X-VWS-Id
Webcakes-App-Name
Webcakes-Region
We-Hiring
Webcakes-App-Version
TWC-Locale-Group
TWC-Privacy
Access-Control-Request-Headers
X-VG-TLSProxy
X-Loop
X-Format
X-MP-GENERATED-AT
DB-Nickname
X-FC-Vary-Parameters
X-FW-Version
Azure-SlotName
X-NCache
Azure-RegionName
Azure-SiteName
Azure-InstanceId
Azure-Version
X-Labrador-Cache-Channel
X-Section
X-Cache-Config
X-Web-Node
Vix-Hermes-Req-Id
X-Tumblr-Pixel-3
X-Access
X-Birta-Served
X-Backend-Name
X-Birta-Cache-Post
X-Akamai-Request-ID
X-TNCMS
Xserver
Origin-Edge-Control
Origin-Cache-Control
Now
X-Origin-Response-Time
X-EIG-Tracking-Id
X-Debug-Cache
X-Time-Microsecs
S-Rt
X-ServerID
X-CCM
X-BYPASS-REASON
X-IP
X-NWS-LOG-UUID
X-Vgn-Hpd-Reason
Cache-Tag
X-RCS-CacheZone
X-Rocket-Nginx-Bypass
X-Trace-Id
X-Xfnlog-Site
X-Via-Fastly
X-Via-CDN
X-ProxyCache-Key
X-ProxyCache-Status
X-Human
X-OCL
X-Endurance-Cache-Level
X-PCL
X-Generated
X-Grey
X-Varnish-Cacheable
Uber-Trace-Id
X-Internal-Host
X-Cache-Category-Id
X-Www-Served-By
X-JoinUs
X-Site-Version
Decoy-Debug-Key
X-R9-Blue-Green-Version
Decoy-Debug-Status
X-Status
Decoy-Debug-TTL
X-VC-Cache
Selected-FE
X-UA
X-Proxy-Build
Served-By
X-GRACE
X-Timing-Wait
LB
X-Cache-Remote
X-UnsetCookies
X-Rule
Release
X-EdgeConnect-Cache-Status
X-Wix-Request-Id
ViewerVersion
X-CDN-Cache
X-TIME
AsisCache
Nel
X-Origin-Host
X-Cluster-Node
Rt-Fastcgi-Cache
X-Sucuri-ID
X-APP-VERSION
X-App-Name
X-Datadome
X-PERF
X-B3-Spanid
X-ApacheServer
X-Source
X-Request-Time
X-Nginx-Cache
X-Agile
X-Agile-Id
X-Agile-Age
X-OVcl
X-Hit
User-Agent
X-OVcl-Cache
X-Origin
X-Ua
Cache-Name
X-NewRelic-App-Data
X-VCT
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Edge-Location
Warning
X-App-Version
SRV
X-Origin-CC
DSUID
X-ElasticPress-Search
X-WPE-Loopback-Upstream-Addr
X-Origin-TTL
X-Region-Sid
X-PAYTM-SRV-ID
Cross-Origin-Window-Policy
X-Thinkindot-L3
Ec-Rule-Version
X-Application
X-Refresh
X-Request-UUID
X-Secret
X-ScT
X-Sedo-Request-Id
Server-Cache-Control
X-Cache-ASPX
X-Server-Group
X-IN-APIGATEWAY
X-BB-ID
X-Rewrite-Enabled
X-Aed
X-Rojux
X-S-Cookie
X-B-Cookie
X-ARC
X-Transaction
Arc-Country
X-Matched-Rule
UCS
X-Logtrace-Id
Www
BehaviorPad-Version
Thinkindot-Control
Server-Surrogate-Control
X-Mobile-URL
Cache-Prefix
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
Ajk
X-A
X-Trv-Group
X-Accel-Expires-Debug
Request-Time
X-Hp-Webp
Memcached
X-Pubstack
X-A-Wwc
X-A-Dam
X-A-Ccd
X-Processor
X-A-Dcw
X-A-Dgt
X-Ocache
X-Cache-Expires
X-Destination
X-Debug-Log
X-Generated-In
X-Developer
X-Webstats-RespID
X-NX-Host
X-Debug-Cookies
X-Debug-Cache-Expiry
X-Debug-Cache-Fetch
X-Debug-Cache-Store
Meta-Geo-Continent
Lfy
Node
Origin
On-Server
X-NodeID
X-External-Request-Id
Xc-Version
X-DPWN-IS-SECURE
X-F5-Cache
X-Var-Ttl
X-IN-WAF
Hostname
X-Gannett-Site-Version
X-Date
Fly-Cache
X-Cache-Info
X-Cache-Miss-From
Fly-Request-Id
X-Varnish-Authentication
Request-EU
X-Instart-Isnd
X-Twitter-Response-Tags
X-G
X-Cache-Grace
X-CF-Lambda-Fn
X-D
Rendered-Blocks
X-Connection-Hash
X-Core-Value
X-NU-AKA-ACS-Version
Request-Country
X-SRCache-Key
X-CF-Lambda-Version
MD5-Digest
X-Up
X-Edge-IP
X-VG-WebServer
Cache
X-Varnish-Ttl
X-Cache-Backend
User-Cache-Control
ServerName
RNT-Machine
Proxy-Connection
RNT-Time
X-Nginx-Cache-Key
Server-Int
Pagetype
X-No-Session
Server-Host
Pramga
X-Cache-Debug
X-Distributor
X-LAGOON
X-Dispatcher-Server
X-Device-Os
X-Li-Fabric
X-Developers
X-Epic-Correlation-Id
X-Eu-Site
X-Hash
X-Hnp-Log
X-Geo-Header
X-Gen-Mode
X-Key
X-Irp-Debug
X-Li-Pop
X-CGP
X-Amzn-Remapped-Connection
X-Amzn-Remapped-Date
X-LI-UUID
X-Location
True-Client-Country-4JS
Web-Mar-Node
X-LI-Proto
X-Block-Status
X-Cache-Id
X-Cdn-Srv
X-Cache-Host
X-Cache-Bucket
X-C
X-Micro-Cache
X-PHP-Host
Apple-News-Services-Handled
Apple-News-Services-Host
X-Platform
X-Sucuri-Cache
X-Qloud-Router
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
Backend
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-SIPLIST1
X-ServiceProvider
X-Reboot
FNAC-ModuleRouting
X-Ah-Environment
X-Sf
X-Rebelmouse-Surrogate-Control
X-Request-URI
X-Swa-Ws
X-Servername
CDCHOST
X-Rebelmouse-Cache-Control
X-Page-Type
Fastly-SWR
IsBot
X-Origin-Date
Ha-Gx-Prefs
X-TT-LOGID
HA-Ipaddr
Fastly-SIE
X-Origin-Expires
Country-Code
Kp-EeAlive
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-FireWall-Port
Cteonnt-Length
X-Real-Ip
Pagespeed
X-Cms-Context
X-Sorting-Hat-ShopId
X-Cache-FS-Status
X-ShopId
X-ShardId
X-Gateway-Cache-Status
X-Core-Mission
X-Info
X-Gateway-Skip-Cache
X-TrackingId
X-Gateway-Cache-Key
X-Sorting-Hat-PodId
X-Wikidot-Backend
X-Fetched-On
X-Via-SSL
X-Fastly-Cache
X-Distil-CS
X-Wikidot-Static-Cache
X-Skip-Cache
X-Via-Edge
X-Varnish-Url
Is-Eu
X-Crawler
X-Shopify-Stage
X-SN
HTTPS
X-Variation
X-Level-Front-Cache
N-Cache
Magicmarker
Adler-Geo
AKAMAI
Fastly-SSL
X-Policy
X-Protected-By
Heartbleed
X-Proxy-Cache-Status
X-MSEdge-Features
Fastly-Soc-X-Request-Id
X-Planisys-CDN-Cache
Content-Disposition
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
SD-X-WS
Fastly-Backend-Name
X-MSEdge-Flight
X-Proxy-Upstream
X-Generated-On
X-Backend-Url
X-Backend-State
X-BBXSRF
X-GeoIP-Country-Code
X-User
X-Server-IP
X-Alternate-Cache-Key
X-Backend-Host
X-Amzn-Remapped-Content-Length
X-Amz-Meta-Cache-Control
X-GeoIP-City
X-S-Maxage
Platform
X-GZip
X-NC
X-Cdn-Forward
X-Thanos
X-Bip
X-Auto-Login
X-Server-Time
X-Owner
X-RateLimit-Reset
MIME-Version
Server-ID
X-Node-Id
X-Cdn-Origin
X-Sn-Servicetimems
X-Apm-App-Name
X-Apm-Inst-Hash
V-Age
Gh-Request-Id
X-Apm-Svc-Key
X-Varnish-Beresp-Ttl
X-CDN-Forward
X-Org
X-FPC
X-ND-Cache
REQUESTUUID
Rt-Proxy-Cache
X-Geo
X-Exp-Se
X-Served-From
VivaBuild
HostName
X-CUA
Viewtype
X-Gdpr
Powered-By
X-Load-Cache
Section-Io-Cache
Pragrma
X-Pjax-Url
X-Aicache-OS
X-B3-Parentspanid
X-Parent-Response-Time
X-Dc
X-Returned-From-BeforeDispatch
X-Original-Request
X-Stale
X-Svr
X-Server-By
X-DC
X-Returned-From-PostProcessResponse
X-CSRF-TOKEN
X-Returned-From-DLL
X-Returned-From
X-Passed-To-PostProcessResponse
X-Passed-To-DLL
X-Passed-To
X-Actual-URL
X-Passed-To-BeforeDispatch
X-VServer
PICS-Label
Wxu-Next-Commit
Time
X-Croise-Owner
X-HS-Cache-Config
Host-ID
CF-IPCountry
Wxu-Next-Region
Wxu-Next-Hostname
Memory
X-Git-Hash
X-Nc
X-Servedbyhost
Cdn-Request-Time
X-CACHE-KEY
Cdn-Host
X-Wa
X-Edge-Server
Resin-Trace
Fastcgi-Useragent
X-Unique-ID
X-Host-Name
X-Oss-Server-Time
X-Microcachable
SID
X-Oss-Storage-Class
X-Oss-Hash-Crc64ecma
X-Release
X-Oss-Object-Type
X-Tb-Optimization-Total-Bytes-Saved
X-Oss-Request-Id
AR-SID
X-Optimization
Mime-Version
X-Cache-HT
ProcessTime
X-Newrelic-Synthetics
X-From-Cache
X-TH-Server
X-Daa-Tunnel
XServer
X-V
X-WebServer
X-Phone
X-Req
X-Lb-Id
X-Varnish-Beresp-TTL
Cf-Ipcountry
X-Upstream-HT
Odigeo-Trace-Id
X-Instart-Info
Cdn
X-Upstream-CT
CF-Cached-On
X-Atg-Version
X-APP
X-Fastly-Backend-Reqs
Processtime
Proxy-Firewall
X-HTML-Minification-Powered-By
Backend-Name
X-WR-MODIFICATION
X-Fstrz
X-Worker
X-ID
X-Ratelimit-Remaining
355prline
X-Backend-TTL
352pxline
X-LB-ID
X-Vcl-Version
X-Server-W
Xxline
X-B3-SpanId
409pxxline
188prxHost
178proxuri
225prxHost
219prxHost
286prxHost
X-Ratelimit-Limit
189phosttRef
X-Response-By
X-CACHE-AGE
X-CLOUD-TRACE-CONTEXT
X-IPS-LoggedIn
GMS-Ver
X-Check-Cacheable
X-Nananana
Version
X-Zone
Public-Key-Pins-Report-Only
X-Vcache
X-NGINX-Cache
WZWS-RAY
Esi-Enabled
X-VCL-Version
X-WA
X-URL
X-UPSTREAM-Address
Fastcgi-X-Cache-Version
X-Ratelimit-Reset
X-Akamai-Request-ID2
X-Contensis-Viewer-Groups
X-AssetVersion
Accept-Language
X-GEO
GeoIp-Country-Code
SN
Pics-Label
GW-Server
X-CSRF-Token
X-Amz-Meta-Surrogate-Control
X-HS-Status
X-ServedByHost
Geoip-Latitude
X-Hyper-Cache
DataCenter
Geoip-City
GeoIP-City
GeoIP-Country-Code
GeoIP-Latitude
X-We-Are-Hiring
X-UE-Client-Country
Lb
X-Fastly-Country-Code
X-SERVER-NAME
X-Clientip
Countrycode
Mobile-Detection-Method
X-Dynatrace
X-FORWARDED-FOR
X-ZONE
X-Via-Ucdn
X-Vtex-Processado-Em
X-Microsite
X-Request-Start
SS
X-BE
X-Vtex-Remote-Cache
X-Render-Time
X-Request-Handler-Origin-Region
X-Be
Ohc-File-Size
WP-Super-Cache
X-Cdn-Cache
X-CS
X-NWS-UUID-VERIFY
X-Urbn-Context-Path
X-GDPR
CDN
Locale
X-Reqid
X-LiteSpeed-Cache-Control
URI
X-Urbn-Site-Id
X-Via-NSCOPI
X-RequestId
X-GZIP
X-Unique-Id
X-Gen-Id
X-HS-Combine-CSS
X-PJAX-URL
FSS-Cache
X-ABtesting
X-Hello
X-Flog
X-PF-Uncompressing
FSS-Proxy
Amp-Access-Control-Allow-Source-Origin
Dynatrace
X-HostName
X-SRV
FastCGI-Cache
X-Fpc
RequestUuid
Cneonction
Dnion-Transfer-Encoding
X-Fastly-Cache-Hits
IBM-Web2-Location
X-Generation-Time
X-Pf-Uncompressing
Serverid
X-Cache-Ttl
A
X-Html-Edge-Cache
X-Request-Url
X-Test
Server-Id
X-LiteSpeed-Tag
X-Store
Ohc-Cache-HIT
Accept-Ch
X-Akamai-SSL-Client-Sid
X-NGENIX-Cache
RequestId
Requestid
X-Dw-Trace-Id
X-Requestid
X-Compress-Hint
X-Bug-Bounty
X-Cdn-Request-ID
X-HTML-Edge-Cache
Frontcache
Get-Access-Time
Is-Session-Tracking
X-UCC
X-Serial
X-ServerName
NnCoection
Ohc-Response-Time
X-Port
X-EC-Lua