Threat Level: green Handler on Duty: Russ McRee

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
X-Powered-By
Link
ETag
CF-RAY
X-XSS-Protection
Expect-CT
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
CF-Cache-Status
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-AspNet-Version
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-Xss-Protection
X-Drupal-Cache
X-Adblock-Key
X-Request-ID
Alt-Svc
X-Check
X-Cacheable
Content-Security-Policy-Report-Only
X-Cache-Status
X-Generator
CF-Ray
X-DNS-Prefetch-Control
X-Permitted-Cross-Domain-Policies
X-AspNetMvc-Version
X-Template
X-Language
Status
X-Iinfo
Content-Encoding
Timing-Allow-Origin
X-FRAME-OPTIONS
X-Buckets
X-Content-Security-Policy
Upgrade
X-CDN
Xkey
X-Turbo-Charged-By
X-Kinja-Server-Push
Keep-Alive
Access-Control-Expose-Headers
X-Backend
X-Cache-Group
X-Pass-Why
Access-Control-Max-Age
X-AH-Environment
X-Drupal-Dynamic-Cache
X-Age
X-Ua-Compatible
X-Pingback
X-Server
X-Via
X-Proxy-Cache
Grace
X-Amz-Id-2
X-Amz-Request-Id
X-Hacker
X-Varnish-Cache
X-Robots-Tag
X-Server-Powered-By
X-Nginx-Cache-Status
WPE-Backend
X-Page-Speed
X-UA-Device
EagleId
Request-Context
X-Envoy-Upstream-Service-Time
P3p
Cf-Railgun
X-Amz-Version-Id
X-LiteSpeed-Cache
X-WebKit-CSP
X-Swift-CacheTime
X-Swift-SaveTime
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Device
Ali-Swift-Global-Savetime
X-OneAgent-JS-Injection
Server-Timing
Allow
X-Ac
X-Rq
X-Host
X-Node
Content-Location
X-CST
Feature-Policy
X-Server-Id
X-Cnection
X-Response-Time
Report-To
X-Backend-Server
X-Cloud-Trace-Context
Surrogate-Control
EagleEye-TraceId
X-Application-Context
X-Type
X-Iejgwucgyu
X-ORACLE-DMS-ECID
X-Url
X-Readtime
X-Origin-Cache
Request-Id
X-Rack-Cache
X-Country
X-FTR-Request-ID
X-Country-Code
X-Cache-Lookup
X-Clacks-Overhead
Rating
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Instart-Request-ID
NEL
X-Ruxit-JS-Agent
X-Vhost
X-DynaTrace
Pinterest-Generated-By
X-Mod-Pagespeed
X-Origin-Upstream-Status
X-Px
X-DataDome
Edge-Control
X-Upstream-Env
X-Goog-Hash
Verso
X-Server-Name
Accept-CH
X-ESI
X-HW
X-Dispatcher
MS-Author-Via
X-VARITI-CCR
AR-CACHE
AR-ATIME
AR-PoweredBy
X-MS-InvokeApp
X-GitHub-Request-Id
X-Mobile-Rewrite
PB-RID
PB-PID
Arc-Version
X-DataStream-Cache-Status
X-Kinja
X-Kinja-Server
X-Use-Magma
X-Kinja-Revision
X-Kinja-Build
X-Exp-Variant
X-GoogleNews-Bot
X-Cdn-Fetch
X-Exp-Id
X-Cached
X-Version
Content-MD5
X-ORACLE-DMS-RID
Charset
Public-Key-Pins
X-Powered-By-Plesk
X-TTL
X-Recruiting
Service-Worker-Allowed
AR-Request-ID
Accept-CH-Lifetime
Ar-Sid
RTSS
X-Abt-Application-Version
X-Navigation-Version
X-D2id
X-TtlSet
X-PC
X-Vname
X-Server-ID
X-Ser
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Varnish-TTL
X-Amz-Server-Side-Encryption
X-Vcap-Request-Id
X-Trace
X-Forwarded-Proto
X-Client-IP
SPRequestGuid
X-DynaTrace-JS-Agent
Nginx-Cache
X-FTR-Backend-Server
X-FTR-Realm
X-FTR-Backend
X-FTR-Cache-Status
X-Country-Code-Real
X-FTR-Balancer
X-FTR-DC
X-FTR-Expires
X-Oracle-Dms-Rid
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-VCache
X-SharePointHealthScore
S
X-Fastly-Request-ID
X-Amz-Rid
X-Amz-Meta-S3cmd-Attrs
TCN
X-Debug
DynaTrace
Arr-Disable-Session-Affinity
X-Hits
X-Dw-Request-Base-Id
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Shield-Request-Id
X-Upstream-Proxy
X-XRDS-Location
SPIisLatency
Pinterest-Version
X-Pinterest-Rid
SPRequestDuration
X-Akam-SW-Version
Access-Control-Request-Method
X-FTR-Cache-Host
X-SERVER
X-T
X-Powered-CMS
X-Goog-Storage-Class
Front-End-Https
X-Aspnet-Version
X-B3-TraceId
Realpath
X-NF-Request-ID
Tracecode
X-Acc-Meta-Resource-Type
X-MSEdge-Ref
X-Amzn-Trace-Id
X-Id
X-N
Fastcgi-Cache
X-Varnish-Age
X-Dns-Prefetch-Control
Paypal-Debug-Id
X-Content-Type
X-Forwarded-For
X-Ttl
X-Upstream
X-Mrf-Section-Lastmod
Alternate-Protocol
X-Mrf-Item-Lastmod
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
X-RateLimit-Remaining
X-Logged-In
X-Frontend
X-PressLabs-Stats
X-HS-Content-Id
X-Content-Digest
X-HS-Hub-Id
Fusion-Content-Id
Fusion-Component-Id
Fusion-Content-Source
Fusion-Template-Id
Fusion-Source
X-Litespeed-Cache
Display
X-Middleton-Display
X-Sol
X-Fastcgi-Cache
AMP-Access-Control-Allow-Source-Origin
Response
X-Hostname
X-Middleton-Response
X-Cache-Key
X-Srv
X-Accel-Expires
X-Pad
X-Kinsta-Cache
MicrosoftSharePointTeamServices
X-B3-Traceid
Host
Server-Name
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
X-Cdn
Backend-Timing
X-Analytics
X-Content-Options
X-Accel-Buffering
X-Correlation-Id
X-LB-Cache
X-User-Agent
X-Revision
X-Debug-Info
X-Az
X-Rid
X-Activity-Id
X-AppVersion
X-IPLB-Instance
X-Cache-Hit
X-Amz-Apigw-Id
X-Amzn-RequestId
Accept-Charset
Refresh
FilterID
X-Grace
X-Cache-2
X-B3-Sampled
Surrogate-Key
X-B
X-CF-Powered-By
Powered-By-ChinaCache
ServerID
X-DIS-Request-ID
X-Page-Id
X-Whom
TP-L2-Cache
TP-Cache
X-FastCGI-Cache
Host-Header
Server-Info
MS-CV
X-PHP-Backend
X-Request-Received
X-Webkit-CSP
X-Request-Processing-Time
X-Cached-By
X-Ruxit-Js-Agent
X-App-Environment
X-Varnish-Backend
X-Amz-Replication-Status
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Origin-Server
Cache-Status
X-Cluster
X-Content-Security-Policy-Report-Only
X-Platform-Server
X-UA-Device-Type
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Mobile
X-Tumblr-User
Access-Control-Allow-Method
X-Content-Powered-By
X-TT
VIX-Pulpo-Upstream-Status
Source
VIX-Pulpo-Node
X-Akamai-Edgescape
X-Varnish-Grace
X-FW-Serve
X-FW-Hash
X-F-Cache
X-FW-Server
X-Framework
X-Request-Guid
X-FW-Static
X-Drupal-Cache-Tags
X-FW-Type
X-Cache-Action
X-FB-Debug
X-Geo-Country
X-RateLimit-Limit
X-GUploader-UploadID
X-Instance
X-SS-Set-Cookie
X-Zen-Fury
X-Shard
X-Ezoic-Cdn
X-Handled-By
X-Forwarded-Host
X-Cache-TTL
X-Magnolia-Registration
From-Origin
X-Oneagent-Js-Injection
X-Node-Name
Edge-Cache-Tag
PageSpeed
X-ATG-Version
X-Varnish-Hostname
X-App-Server
X-Varnish-Server
X-XRDS-LOCATION
X-Cache-Age
DC
Cache-Tags
Cleartype
X-BCube-Filmed-By
X-Cache-Control
X-AOL-HN
Payment
Healthy
CACHE
Upgrade-Insecure-Requests
X-Response-Served-From
X-Cache-Rule
Filters
X-RequestSource
X-Region
X-WebKit-CSP-Report-Only
X-Redis-Cache
Server-Node
Fastly-Restarts
X-GeoIP
X-Generated-By
Country
Cache-Tv-Group
X-RTag
X-UUID
Ms-Operation-Id
NGB
X-TX-ID
Webserver
X-B-Cache
X-Adobe-Loc
X-Adobe-Content
X-Tumblr-Pixel-2
Retry-After
X-Jobs
X-TA-CDN-Provider
X-VG-WebCache
Actual-Object-TTL
X-Storage
X-Signature
X-Drupal-Cache-Contexts
X-FW-Dynamic
X-Tumblr-Pixel-1
X-Locale
X-TT-TIMESTAMP
X-Content-Age
X-Cacheable-TTL
X-Varnish-Hits
GEO-INFO
Powered
Liferay-Portal
ServedBy
Frame-Options
X-Contextid
X-Seen-By
X-Rendered-As
HitType
X-Cache-TTL-Remaining
X-WA-Info
X-Varnish-IP
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Real-IP
X-Wix-Server-Artifact-Id
X-Via-JSL
X-BACKEND-TTL
Viewport
X-Guploader-Uploadid
X-ProcessESI
X-Cache-NE
S-Cnection
X-RemovedCookies
Nel
Eomportal-Instance
X-Upgrade-Enabled
X-Esi
NtCoent-Length
X-Mode
X-Cache-Server
Content-Style-Type
Content-Script-Type
X-Akamai-Transformed
Xserver
X-Proxied
X-Is-Bot
X-Zipkin-Id
OT-Force-Account-Verify
X-Path-Route
X-Cache-Var
X-Cache-Operation
X-Varnish-Cache-Hits
X-Cache-Enabled
Meta-Geo
Machine
X-ES-SERVER
X-Routing-Service
Mn-Server-Ip
Load-Balancing
X-RN-RSRV
X-Detected-As
X-Device-Type
Datacenter
X-Cache-Var-Map
X-S
X-FB-TRIP-ID
Mail-Subject
X-Time
X-FC-Vary-Parameters
X-AWS-Id
Webcakes-App-Name
Webcakes-Region
Webcakes-App-Version
TWC-Device-Class
Access-Control-Request-Headers
Property-Id
X-LJ-Flow-ID
X-Hl-Ver
We-Hiring
TWC-GeoIP-Country
TWC-Connection-Speed
X-Cache-Config
X-Hosted-By
X-Proxy
X-Origin-Hint
X-VWS-Id
X-From
X-Proto
TWC-Locale-Group
TWC-GeoIP-LatLong
TWC-Privacy
Cache-Hits
Azure-SlotName
Azure-Version
Azure-InstanceId
Azure-SiteName
Azure-RegionName
X-Section
X-TNCMS
X-EIG-Tracking-Id
X-VG-TLSProxy
S-Rt
X-Time-Microsecs
X-Tb
X-FW-Version
Vix-Hermes-Req-Id
X-L-Path
X-Debug-Cache
X-Loop
Origin-Cache-Control
X-ServerID
NGX
X-Format
X-Viewer-Country
X-Access
X-Backend-Name
Origin-Edge-Control
X-Environment-Context
L5d-Success-Class
X-Endurance-Cache-Level
X-Varnish-Cacheable
X-ProxyCache-Key
X-Birta-Cache-Post
X-Birta-Served
X-Vgn-Hpd-Reason
X-Via-CDN
X-Xfnlog-Site
X-Web-Node
X-Via-Fastly
Selected-FE
X-BYPASS-REASON
X-Timing-Wait
X-Origin-Response-Time
X-PCL
X-ProxyCache-Status
X-Proxy-Build
X-OCL
X-Labrador-Cache-Channel
X-Human
X-IP
X-JoinUs
Cache-Tag
X-Akamai-Request-ID
X-Tumblr-Pixel-3
X-RCS-CacheZone
X-NCache
Cache-Key
X-Rocket-Nginx-Bypass
Now
DB-Nickname
X-CCM
Uber-Trace-Id
X-Cache-Category-Id
X-Status
X-Trace-Id
X-Site-Version
X-Grey
X-Generated
X-Www-Served-By
X-GRACE
X-MP-GENERATED-AT
X-Newrelic-App-Data
X-NWS-LOG-UUID
Decoy-Debug-Status
Decoy-Debug-TTL
X-Dynatrace-Js-Agent
X-R9-Blue-Green-Version
Decoy-Debug-Key
X-Internal-Host
ViewerVersion
X-CDN-Cache
X-Wix-Request-Id
Served-By
X-UA
X-VC-Cache
X-Rule
X-Cache-Remote
LB
X-EdgeConnect-Cache-Status
AsisCache
X-UnsetCookies
Release
X-Origin-Host
X-Sucuri-ID
X-TIME
X-NewRelic-App-Data
X-Cluster-Node
Rt-Fastcgi-Cache
X-APP-VERSION
X-App-Name
X-Datadome
X-ApacheServer
X-PERF
X-B3-Spanid
X-Nginx-Cache
X-Source
User-Agent
X-Request-Time
X-Agile-Id
X-Agile
X-Agile-Age
Cache-Name
Pagespeed
X-Ua
X-Origin
X-OVcl
X-OVcl-Cache
X-Hit
X-Goog-Meta-Goog-Reserved-File-Mtime
X-VCT
X-Edge-Location
X-App-Version
X-Origin-CC
X-Origin-TTL
X-External-Request-Id
X-Date
X-Debug-Cache-Expiry
X-Destination
X-Developer
X-Debug-Cache-Store
X-F5-Cache
X-DPWN-IS-SECURE
X-Debug-Cache-Fetch
X-G
Ajk
Www
UCS
Fly-Cache
Fly-Request-Id
X-A
X-A-Ccd
X-A-Dam
Cross-Origin-Window-Policy
Ec-Rule-Version
Server-Surrogate-Control
Server-Cache-Control
MD5-Digest
Memcached
Meta-Geo-Continent
Node
Lfy
Rendered-Blocks
Request-Time
Request-EU
Request-Country
X-A-Dcw
X-A-Dgt
X-CF-Lambda-Fn
X-Cache-Grace
X-Generated-In
X-Cache-ASPX
X-CF-Lambda-Version
X-Connection-Hash
X-Ocache
X-Core-Value
X-Sucuri-Cache
X-BB-ID
Arc-Country
X-Aed
X-Accel-Expires-Debug
X-A-Wwc
Cache-Prefix
X-Application
X-B-Cookie
BehaviorPad-Version
X-ARC
X-D
X-IN-WAF
X-Rewrite-Enabled
X-Request-UUID
X-Rojux
X-S-Cookie
X-ScT
X-Region-Sid
X-Varnish-Beresp-Status
X-Mobile-URL
X-NU-AKA-ACS-Version
X-PAYTM-SRV-ID
X-Platform
X-Server-Group
X-SRCache-Key
X-Webstats-RespID
Xc-Version
Hostname
Warning
X-VG-WebServer
X-Varnish-Authentication
X-Transaction
X-Trv-Group
X-Twitter-Response-Tags
X-Up
X-Logtrace-Id
X-Processor
X-Instart-Isnd
X-IN-APIGATEWAY
X-Hp-Webp
X-Varnish-Beresp-Grace
X-Edge-IP
X-Protected-By
User-Cache-Control
DSUID
X-Pubstack
X-Varnish-Ttl
X-Epic-Correlation-Id
Thinkindot-Control
X-Eu-Site
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
X-Li-Fabric
Web-Mar-Node
X-Servername
X-Distributor
X-Secret
X-Sf
X-SN
X-Thinkindot-L3
X-Li-Pop
X-Hnp-Log
X-Var-Ttl
Pramga
X-Cache-Miss-From
X-Refresh
Pagetype
X-Sedo-Request-Id
Origin
X-Gen-Mode
Proxy-Connection
RNT-Time
X-Distil-CS
RNT-Machine
X-Hash
X-Gannett-Site-Version
X-Geo-Header
Server-Host
X-Dispatcher-Server
X-LI-Proto
X-Irp-Debug
X-NX-Host
X-Cache-Info
X-Policy
X-Cache-Expires
X-Crawler
X-Debug-Log
X-NodeID
X-Matched-Rule
X-Key
X-Debug-Cookies
X-Nginx-Cache-Key
X-CGP
X-No-Session
X-Developers
X-Cache-Debug
X-Amzn-Remapped-Date
X-Device-Os
X-LAGOON
X-Amzn-Remapped-Connection
On-Server
X-Info
X-Reboot
X-RateLimit-Remaining-Second
X-Proxy-Cache-Status
X-Cache-Bucket
X-C
X-Proxy-Upstream
X-RateLimit-Limit-Second
X-Qloud-Router
X-LI-UUID
X-Block-Status
Backend
Country-Code
HA-Ipaddr
Apple-News-Services-Request-Url
Cache-Cookie-Set-From
X-Ah-Environment
Fastly-Backend-Name
CDCHOST
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
Heartbleed
Ha-Gx-Prefs
Magicmarker
Apple-News-Services-Host
N-Cache
Kp-EeAlive
Apple-News-Services-Handled
Apple-News-Services-Parsed-Url
X-FireWall-Port
X-Cache-Backend
X-ElasticPress-Search
Cteonnt-Length
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-TrackingId
X-Swa-Ws
X-TT-LOGID
SRV
X-Thanos
X-Variation
X-Wikidot-Backend
X-Varnish-Url
X-Via-Edge
X-Wikidot-Static-Cache
X-Cms-Context
ServerName
X-Via-SSL
X-User
X-Skip-Cache
X-Request-URI
X-Rebelmouse-Surrogate-Control
X-Level-Front-Cache
X-WPE-Loopback-Upstream-Addr
X-Server-IP
X-S-Maxage
X-Rebelmouse-Cache-Control
X-MSEdge-Features
X-Origin-Expires
X-Page-Type
X-Origin-Date
X-PHP-Host
X-MSEdge-Flight
X-ServiceProvider
X-ShardId
X-SIPLIST1
X-Gateway-Cache-Key
X-Cache-Id
X-Cdn-Forward
X-Fetched-On
X-Gateway-Cache-Status
X-Gateway-Skip-Cache
X-GeoIP-City
X-GeoIP-Country-Code
X-ShopId
X-Generated-On
X-Shopify-Stage
X-Fastly-Cache
X-Core-Mission
Content-Disposition
Fastly-SIE
Fastly-Soc-X-Request-Id
FNAC-ModuleRouting
X-Alternate-Cache-Key
X-Micro-Cache
X-Amz-Meta-Cache-Control
Fastly-SSL
Fastly-SWR
IsBot
Platform
Is-Eu
HTTPS
Server-Int
SD-X-WS
X-Amzn-Remapped-Content-Length
True-Client-Country-4JS
X-BBXSRF
Adler-Geo
AKAMAI
X-Cache-FS-Status
X-Cdn-Srv
X-Location
X-Cache-Host
X-Backend-State
X-Bip
X-GZip
X-Backend-Url
X-Planisys-CDN-Cache
X-Owner
X-RateLimit-Reset
X-Server-Time
X-Auto-Login
X-Backend-Host
X-Planisys-CDN-TTL
X-Node-Id
X-Planisys-CDN-Rules
X-Real-Ip
Gh-Request-Id
X-Varnish-Beresp-Ttl
Server-ID
X-CDN-Forward
Powered-By
V-Age
X-Org
X-CUA
MIME-Version
X-FPC
X-CACHE-KEY
Section-Io-Cache
X-NC
Cache
REQUESTUUID
X-Pjax-Url
X-Exp-Se
X-Apm-App-Name
Viewtype
VivaBuild
X-ND-Cache
Pragrma
X-Apm-Inst-Hash
X-Sn-Servicetimems
X-Cdn-Origin
Rt-Proxy-Cache
X-Apm-Svc-Key
X-Nc
HostName
X-Dc
X-Load-Cache
X-Passed-To
X-Served-From
X-Geo
X-Passed-To-BeforeDispatch
X-Passed-To-DLL
X-Passed-To-PostProcessResponse
X-Server-By
X-Aicache-OS
X-Stale
X-Gdpr
X-Svr
X-Returned-From-DLL
X-Returned-From-PostProcessResponse
X-Returned-From
X-Returned-From-BeforeDispatch
X-Actual-URL
X-Original-Request
X-Parent-Response-Time
X-Croise-Owner
X-VServer
Host-ID
X-HS-Cache-Config
Fastcgi-Useragent
X-Edge-Server
Memory
Time
Cdn-Request-Time
X-CSRF-TOKEN
PICS-Label
Cdn-Host
X-DC
X-B3-Parentspanid
X-Unique-ID
Wxu-Next-Region
X-Git-Hash
Wxu-Next-Hostname
Wxu-Next-Commit
X-Microcachable
Mime-Version
SID
X-Servedbyhost
X-Wa
X-Oss-Hash-Crc64ecma
X-Oss-Request-Id
X-Oss-Object-Type
X-Oss-Server-Time
X-Oss-Storage-Class
Resin-Trace
CF-IPCountry
X-Tb-Optimization-Total-Bytes-Saved
ProcessTime
X-Cache-HT
X-Optimization
X-ID
X-Newrelic-Synthetics
AR-SID
X-V
X-Lb-Id
X-From-Cache
X-Req
X-TH-Server
Odigeo-Trace-Id
X-Release
X-Host-Name
X-WebServer
Cdn
X-Varnish-Beresp-TTL
Cf-Ipcountry
X-HTML-Minification-Powered-By
CF-Cached-On
X-Phone
X-Daa-Tunnel
X-Atg-Version
Proxy-Firewall
X-APP
Processtime
X-Fstrz
XServer
X-Instart-Info
X-Upstream-HT
X-Upstream-CT
X-WR-MODIFICATION
Backend-Name
X-Response-By
X-Vcl-Version
X-NODE
X-Check-Cacheable
X-Ratelimit-Remaining
X-LB-ID
X-Fastly-Backend-Reqs
X-Worker
GMS-Ver
Public-Key-Pins-Report-Only
X-Ratelimit-Limit
X-CLOUD-TRACE-CONTEXT
X-CACHE-AGE
409pxxline
355prline
Xxline
X-Server-W
352pxline
225prxHost
188prxHost
189phosttRef
219prxHost
178proxuri
286prxHost
X-B3-SpanId
WZWS-RAY
X-Zone
X-Nananana
X-NGINX-Cache
X-Backend-TTL
X-WA
Fastcgi-X-Cache-Version
X-Vcache
X-GEO
X-IPS-LoggedIn
X-ServedByHost
X-Ratelimit-Reset
X-CSRF-Token
X-HS-Status
X-URL
X-Amz-Meta-Surrogate-Control
Lb
Version
X-Clientip
Geoip-Latitude
SN
Mobile-Detection-Method
Pics-Label
GW-Server
X-UE-Client-Country
X-We-Are-Hiring
GeoIp-Country-Code
Esi-Enabled
X-UPSTREAM-Address
Countrycode
X-Hyper-Cache
DataCenter
X-AssetVersion
X-VCL-Version
WP-Super-Cache
X-Akamai-Request-ID2
Geoip-City
X-Contensis-Viewer-Groups
X-SERVER-NAME
X-Fastly-Country-Code
SS
X-SRV
Accept-Language
Ohc-File-Size
X-Dynatrace
X-Via-Ucdn
X-Request-Start
X-BE
GeoIP-Latitude
X-Render-Time
GeoIP-City
GeoIP-Country-Code
Serverid
X-GZIP
X-GDPR
FSS-Cache
URI
FSS-Proxy
X-Vtex-Processado-Em
X-RequestId
X-Be
X-NWS-UUID-VERIFY
X-LiteSpeed-Cache-Control
X-HS-Combine-CSS
X-CS
X-Vtex-Remote-Cache
X-PF-Uncompressing
X-Unique-Id
X-PJAX-URL
X-ZONE
X-Via-NSCOPI
X-Urbn-Site-Id
CDN
X-Urbn-Context-Path
X-Reqid
Locale
X-Gen-Id
Dynatrace
Amp-Access-Control-Allow-Source-Origin
X-FORWARDED-FOR
FastCGI-Cache
X-HostName
X-ABtesting
X-Flog
X-Hello
RequestUuid
X-Fpc
Ohc-Cache-HIT
X-Microsite
X-Request-Handler-Origin-Region
X-Fastly-Cache-Hits
Cneonction
X-Pf-Uncompressing
X-Cache-Ttl
X-Cdn-Cache
X-LiteSpeed-Tag
X-UCC
Server-Id
X-Generation-Time
X-Html-Edge-Cache
X-Request-Url
X-Store
A
Accept-Ch
Dnion-Transfer-Encoding
IBM-Web2-Location
X-Akamai-SSL-Client-Sid
X-Dw-Trace-Id
X-EC-Lua
X-HTML-Edge-Cache
X-Varnish-Action
X-Port
Ohc-Response-Time
X-Cdn-Request-ID
NnCoection
X-ServerName
Frontcache
Get-Access-Time
Is-Session-Tracking
Who
X-Serial