Threat Level: green Handler on Duty: Russ McRee

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
X-Powered-By
Link
ETag
CF-RAY
X-XSS-Protection
Expect-CT
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
CF-Cache-Status
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-Xss-Protection
X-Drupal-Cache
X-Adblock-Key
Alt-Svc
X-Check
X-Cacheable
Content-Security-Policy-Report-Only
X-Cache-Status
X-Generator
X-Request-ID
CF-Ray
X-DNS-Prefetch-Control
X-Permitted-Cross-Domain-Policies
X-AspNetMvc-Version
X-Template
X-Language
Status
X-Iinfo
Content-Encoding
Timing-Allow-Origin
X-FRAME-OPTIONS
X-Content-Security-Policy
X-Buckets
Upgrade
Xkey
X-Turbo-Charged-By
X-CDN
X-Kinja-Server-Push
Keep-Alive
Access-Control-Expose-Headers
X-Backend
Access-Control-Max-Age
X-Cache-Group
X-Pass-Why
X-AH-Environment
X-Drupal-Dynamic-Cache
X-Age
X-Ua-Compatible
X-Pingback
X-Server
X-Via
X-Proxy-Cache
X-Amz-Request-Id
X-Amz-Id-2
Grace
X-Hacker
X-Varnish-Cache
X-Page-Speed
WPE-Backend
X-Robots-Tag
X-Server-Powered-By
X-Nginx-Cache-Status
X-UA-Device
EagleId
Request-Context
X-Envoy-Upstream-Service-Time
Cf-Railgun
P3p
X-Amz-Version-Id
X-LiteSpeed-Cache
X-Swift-CacheTime
X-Swift-SaveTime
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
Ali-Swift-Global-Savetime
X-Device
X-OneAgent-JS-Injection
X-WebKit-CSP
Server-Timing
Allow
X-Ac
X-Rq
X-Node
X-Server-Id
X-Host
Content-Location
Feature-Policy
X-Cnection
X-CST
X-Response-Time
Report-To
X-Backend-Server
X-Cloud-Trace-Context
EagleEye-TraceId
X-Application-Context
Surrogate-Control
X-ORACLE-DMS-ECID
X-Iejgwucgyu
X-Url
X-Readtime
X-Origin-Cache
Request-Id
X-Rack-Cache
X-Type
X-Country
X-FTR-Request-ID
X-Cache-Lookup
X-Clacks-Overhead
X-Country-Code
Rating
NEL
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Instart-Request-ID
X-Vhost
X-DynaTrace
X-Ruxit-JS-Agent
Pinterest-Generated-By
X-Mod-Pagespeed
X-Origin-Upstream-Status
X-DataDome
Edge-Control
X-Px
X-Goog-Hash
X-HW
X-Server-Name
Verso
X-Upstream-Env
Accept-CH
X-Dispatcher
MS-Author-Via
X-ESI
AR-PoweredBy
AR-ATIME
AR-CACHE
X-ORACLE-DMS-RID
X-VARITI-CCR
X-MS-InvokeApp
X-Mobile-Rewrite
Arc-Version
PB-PID
X-Cdn
PB-RID
X-GitHub-Request-Id
X-DataStream-Cache-Status
X-Kinja
X-GoogleNews-Bot
X-Kinja-Build
X-Kinja-Revision
X-Exp-Variant
X-Cdn-Fetch
X-Kinja-Server
X-Exp-Id
X-Use-Magma
X-Cached
X-Version
Public-Key-Pins
Content-MD5
X-Powered-By-Plesk
Charset
X-Recruiting
Service-Worker-Allowed
AR-Request-ID
RTSS
X-TTL
Accept-CH-Lifetime
Ar-Sid
X-D2id
X-Navigation-Version
X-PC
X-Vname
X-TtlSet
X-Abt-Application-Version
X-Amz-Server-Side-Encryption
X-Ser
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Vcap-Request-Id
X-Varnish-TTL
X-Forwarded-Proto
X-Client-IP
SPRequestGuid
X-Trace
X-DynaTrace-JS-Agent
Nginx-Cache
X-FTR-Realm
X-FTR-Backend-Server
X-Country-Code-Real
X-FTR-DC
X-FTR-Balancer
X-FTR-Backend
X-FTR-Cache-Status
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-FTR-Expires
X-Server-ID
X-Amz-Meta-S3cmd-Attrs
X-Amz-Rid
S
X-Fastly-Request-ID
X-XRDS-Location
X-SharePointHealthScore
DynaTrace
X-VCache
X-Debug
X-Oracle-Dms-Rid
TCN
X-Hits
Arr-Disable-Session-Affinity
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Dw-Request-Base-Id
X-Shield-Request-Id
Pinterest-Version
X-Pinterest-Rid
X-Upstream-Proxy
X-Akam-SW-Version
SPIisLatency
SPRequestDuration
Access-Control-Request-Method
X-Powered-CMS
X-B3-TraceId
X-T
X-FTR-Cache-Host
X-Goog-Storage-Class
X-Id
Realpath
X-SERVER
X-NF-Request-ID
X-Acc-Meta-Resource-Type
Tracecode
Front-End-Https
X-MSEdge-Ref
X-Amzn-Trace-Id
X-Ttl
X-Aspnet-Version
Fastcgi-Cache
X-N
X-Webkit-CSP
X-Varnish-Age
X-Content-Type
Paypal-Debug-Id
X-Forwarded-For
X-Dns-Prefetch-Control
X-Upstream
X-Fastcgi-Cache
MRF-Tech
X-B3-TraceId-Primal
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
Mrf-Cache-Status
Alternate-Protocol
X-Frontend
X-Logged-In
X-PressLabs-Stats
X-RateLimit-Remaining
X-HS-Content-Id
X-HS-Hub-Id
X-Content-Digest
Fusion-Component-Id
Fusion-Content-Id
Fusion-Template-Id
Fusion-Content-Source
Fusion-Source
Display
X-Cache-Key
X-Middleton-Display
X-Sol
X-Srv
X-Hostname
X-Middleton-Response
Response
X-Pad
X-Litespeed-Cache
AMP-Access-Control-Allow-Source-Origin
X-Accel-Expires
Host
MicrosoftSharePointTeamServices
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
Server-Name
X-Kinsta-Cache
Backend-Timing
X-Analytics
X-Content-Options
X-Correlation-Id
X-Revision
X-Debug-Info
X-LB-Cache
X-Rid
X-User-Agent
X-B3-Traceid
X-Activity-Id
X-B3-Sampled
X-Az
X-IPLB-Instance
X-Cache-2
X-AppVersion
Accept-Charset
X-Amzn-RequestId
X-Amz-Apigw-Id
Surrogate-Key
FilterID
X-Cache-Hit
ServerID
Refresh
X-Accel-Buffering
X-Grace
X-B
Powered-By-ChinaCache
X-CF-Powered-By
X-Ruxit-Js-Agent
X-DIS-Request-ID
X-Page-Id
X-Whom
X-Request-Processing-Time
X-Request-Received
Server-Info
TP-L2-Cache
TP-Cache
MS-CV
Host-Header
X-PHP-Backend
Cache-Status
X-Varnish-Backend
X-Cached-By
Source
X-Content-Security-Policy-Report-Only
X-Origin-Server
VIX-Pulpo-Node
X-Cache-Action
X-TT
X-Amz-Replication-Status
VIX-Pulpo-Upstream-Status
X-App-Environment
X-Akamai-Edgescape
X-Kong-Proxy-Latency
X-F-Cache
X-Framework
X-UA-Device-Type
X-Tumblr-Pixel
X-Kong-Upstream-Latency
X-Platform-Server
X-Tumblr-User
X-Tumblr-Pixel-0
X-Content-Powered-By
X-Cluster
X-Mobile
X-Varnish-Grace
Access-Control-Allow-Method
X-Drupal-Cache-Tags
X-Instance
X-FB-Debug
X-FW-Static
X-Request-Guid
X-FW-Serve
X-FW-Hash
X-FW-Server
X-FW-Type
X-SS-Set-Cookie
X-Forwarded-Host
X-RateLimit-Limit
X-Ezoic-Cdn
X-GUploader-UploadID
X-Geo-Country
X-Cache-TTL
X-Zen-Fury
X-Node-Name
X-Shard
Edge-Cache-Tag
X-Magnolia-Registration
X-FastCGI-Cache
PageSpeed
X-Handled-By
X-TA-CDN-Provider
From-Origin
X-Oneagent-Js-Injection
X-Varnish-Hostname
X-ATG-Version
X-Cache-Age
Cache-Tags
Fastly-Restarts
X-BCube-Filmed-By
X-Varnish-Server
X-Cache-Control
X-App-Server
X-AOL-HN
Cleartype
DC
Upgrade-Insecure-Requests
Healthy
X-Cache-Rule
Server-Node
Payment
Filters
X-Region
X-Response-Served-From
X-RequestSource
X-B-Cache
X-Signature
X-WebKit-CSP-Report-Only
Country
X-Adobe-Content
X-Adobe-Loc
X-TT-TIMESTAMP
X-Generated-By
Ms-Operation-Id
Webserver
Retry-After
X-GeoIP
X-Storage
X-RTag
X-Redis-Cache
X-Tumblr-Pixel-1
X-TX-ID
X-Tumblr-Pixel-2
X-UUID
Actual-Object-TTL
X-Drupal-Cache-Contexts
Cache-Tv-Group
X-Jobs
X-VG-WebCache
X-Locale
X-Cacheable-TTL
X-Varnish-Hits
X-FW-Dynamic
X-Content-Age
Powered
NGB
X-XRDS-LOCATION
GEO-INFO
ServedBy
Frame-Options
CACHE
X-Esi
X-Contextid
Liferay-Portal
HitType
X-WA-Info
X-Rendered-As
X-Guploader-Uploadid
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Seen-By
X-Varnish-IP
X-Cache-TTL-Remaining
X-Cache-NE
X-RemovedCookies
X-Via-JSL
X-ProcessESI
Eomportal-Instance
X-Real-IP
X-Time
Viewport
S-Cnection
X-Upgrade-Enabled
Xserver
X-Cache-Operation
X-Mode
X-BACKEND-TTL
X-Cache-Server
NtCoent-Length
X-Varnish-Cache-Hits
X-Detected-As
Cache-Hits
X-Akamai-Transformed
Load-Balancing
Cache-Key
X-From
X-Is-Bot
X-Hl-Ver
X-RN-RSRV
X-Path-Route
X-Cache-Var
X-Cache-Enabled
X-Routing-Service
Mn-Server-Ip
X-ES-SERVER
X-Cache-Var-Map
X-Zipkin-Id
X-Proxied
Meta-Geo
Machine
Datacenter
X-S
Access-Control-Request-Headers
X-LJ-Flow-ID
OT-Force-Account-Verify
Content-Style-Type
Content-Script-Type
X-Proxy
X-Proto
X-Origin-Hint
X-L-Path
Webcakes-App-Version
X-FB-TRIP-ID
X-Environment-Context
X-Device-Type
X-Backend-Name
X-AWS-Id
We-Hiring
Webcakes-Region
Webcakes-App-Name
X-NWS-LOG-UUID
TWC-Connection-Speed
Vix-Hermes-Req-Id
L5d-Success-Class
Mail-Subject
X-GRACE
Property-Id
X-VWS-Id
X-Viewer-Country
TWC-GeoIP-Country
TWC-Device-Class
TWC-Privacy
TWC-Locale-Group
X-Tb
TWC-GeoIP-LatLong
NGX
S-Rt
Now
X-Birta-Served
X-Cache-Config
Azure-Version
X-Birta-Cache-Post
X-Access
Azure-SiteName
Azure-InstanceId
Azure-SlotName
DB-Nickname
Azure-RegionName
X-Wix-Server-Artifact-Id
X-Akamai-Request-ID
X-Format
X-Newrelic-App-Data
X-VG-TLSProxy
X-Origin-Response-Time
X-NCache
X-Tumblr-Pixel-3
X-RCS-CacheZone
X-Time-Microsecs
X-ServerID
X-Section
X-MP-GENERATED-AT
X-Labrador-Cache-Channel
X-Hosted-By
X-FC-Vary-Parameters
X-Rocket-Nginx-Bypass
X-Web-Node
X-EIG-Tracking-Id
X-Debug-Cache
X-Vgn-Hpd-Reason
X-Trace-Id
X-Xfnlog-Site
X-Via-Fastly
Selected-FE
X-Via-CDN
X-Timing-Wait
X-Proxy-Build
X-Human
X-FW-Version
Origin-Edge-Control
X-BYPASS-REASON
X-IP
X-JoinUs
X-ProxyCache-Key
X-PCL
X-OCL
X-ProxyCache-Status
X-CCM
Origin-Cache-Control
X-Www-Served-By
X-Site-Version
X-Cache-Category-Id
X-Grey
Cache-Tag
X-Endurance-Cache-Level
X-Generated
Uber-Trace-Id
X-Cache-Remote
X-R9-Blue-Green-Version
X-TNCMS
X-Loop
X-Varnish-Cacheable
X-Internal-Host
X-Status
Decoy-Debug-Key
Decoy-Debug-Status
Decoy-Debug-TTL
X-VC-Cache
Served-By
LB
X-Rule
X-UnsetCookies
X-Dynatrace-Js-Agent
X-EdgeConnect-Cache-Status
Release
X-UA
ViewerVersion
AsisCache
X-Wix-Request-Id
X-CDN-Cache
X-Cluster-Node
X-Ua
Rt-Fastcgi-Cache
Nel
X-Origin-Host
X-Sucuri-ID
X-App-Name
X-Request-Time
X-ApacheServer
X-Source
X-App-Version
X-PERF
X-Nginx-Cache
X-Varnish-Ttl
X-TIME
X-Datadome
X-B3-Spanid
X-Agile-Age
X-Agile
X-Agile-Id
X-NewRelic-App-Data
X-Hit
X-Origin
X-Goog-Meta-Goog-Reserved-File-Mtime
X-OVcl
X-OVcl-Cache
X-VCT
X-APP-VERSION
Cache-Name
SRV
User-Agent
DSUID
Hostname
Pagespeed
Warning
Cache
X-ElasticPress-Search
X-Origin-CC
X-Origin-TTL
Xc-Version
X-Application
X-Aed
X-Accel-Expires-Debug
X-ARC
X-Webstats-RespID
X-A-Wwc
X-VG-WebServer
X-A-Dgt
Server-Cache-Control
Lfy
Fly-Request-Id
MD5-Digest
Meta-Geo-Continent
Node
Fly-Cache
Ec-Rule-Version
Arc-Country
Ajk
BehaviorPad-Version
Cache-Prefix
Cross-Origin-Window-Policy
Origin
Rendered-Blocks
Www
Thinkindot-Control
X-A
X-A-Ccd
X-A-Dam
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
Request-Country
Request-EU
Request-Time
Server-Surrogate-Control
X-A-Dcw
X-SRCache-Key
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-NU-AKA-ACS-Version
X-Mobile-URL
X-Matched-Rule
X-NX-Host
X-Debug-Cache-Expiry
X-Platform
X-Processor
X-PAYTM-SRV-ID
X-D
X-Date
X-Logtrace-Id
X-Instart-Isnd
X-External-Request-Id
X-F5-Cache
X-Debug-Log
X-DPWN-IS-SECURE
X-Destination
X-G
X-Gannett-Site-Version
X-IN-APIGATEWAY
X-IN-WAF
X-Hp-Webp
X-Debug-Cookies
X-Generated-In
X-Core-Value
X-Refresh
X-Trv-Group
X-Twitter-Response-Tags
X-Transaction
X-Cache-Miss-From
X-CF-Lambda-Fn
X-Cache-Info
X-Cache-Grace
X-Up
X-Var-Ttl
X-B-Cookie
X-Cache-ASPX
X-Cache-Expires
X-Thinkindot-L3
X-Developer
X-Rojux
X-S-Cookie
X-Rewrite-Enabled
X-Request-UUID
X-Region-Sid
X-ScT
X-Secret
X-Server-Group
X-Sedo-Request-Id
X-CF-Lambda-Version
X-Connection-Hash
X-Varnish-Authentication
UCS
X-WPE-Loopback-Upstream-Addr
X-Edge-Location
X-Cdn-Forward
User-Cache-Control
Pramga
X-Cache-Host
X-Cache-Id
Proxy-Connection
X-Swa-Ws
RNT-Machine
X-Cache-Debug
X-SN
Pagetype
X-TT-LOGID
X-CGP
X-Origin-Expires
Memcached
X-Origin-Date
X-Amzn-Remapped-Date
Cteonnt-Length
On-Server
X-PHP-Host
X-Cdn-Srv
RNT-Time
X-Cache-Bucket
X-Qloud-Router
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Policy
X-Pubstack
X-Proxy-Upstream
X-Amzn-Remapped-Connection
X-Proxy-Cache-Status
X-Protected-By
X-Request-URI
Web-Mar-Node
X-Block-Status
Server-Int
Server-Host
X-SIPLIST1
ServerName
X-Sf
X-Irp-Debug
True-Client-Country-4JS
X-BB-ID
X-Crawler
X-Page-Type
Kp-EeAlive
X-Hash
CDCHOST
X-Epic-Correlation-Id
Country-Code
X-Distil-CS
X-Device-Os
X-Hnp-Log
X-Dispatcher-Server
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Apple-News-Services-Handled
Apple-News-Services-Request-Url
X-Eu-Site
Cache-Cookie-Set-From
X-Gen-Mode
Backend
X-Developers
X-Distributor
IsBot
X-ServiceProvider
Ha-Gx-Prefs
X-NodeID
X-Key
X-Nginx-Cache-Key
X-Ocache
HA-Ipaddr
X-Micro-Cache
FNAC-ModuleRouting
X-LAGOON
X-FireWall-Port
X-Cache-Backend
X-No-Session
X-Core-Mission
X-Li-Fabric
X-Fastly-Cache
X-Fetched-On
X-Ah-Environment
X-Cms-Context
X-Auto-Login
X-Backend-Url
X-Planisys-CDN-Cache
X-C
X-LI-Proto
X-MSEdge-Features
X-Location
X-Cache-FS-Status
X-LI-UUID
X-Li-Pop
X-MSEdge-Flight
X-Edge-IP
X-Backend-State
X-Planisys-CDN-Rules
X-BBXSRF
X-Bip
X-Planisys-CDN-TTL
X-Backend-Host
X-ShardId
X-Gateway-Cache-Status
X-Via-Edge
Content-Disposition
X-Via-SSL
X-Real-Ip
X-Amz-Meta-Cache-Control
X-User
X-GeoIP-City
X-GeoIP-Country-Code
X-Gateway-Skip-Cache
X-Gateway-Cache-Key
HTTPS
Fastly-SWR
Fastly-SSL
Fastly-Soc-X-Request-Id
Fastly-SIE
X-Reboot
X-Sucuri-Cache
X-Wikidot-Backend
Heartbleed
X-Wikidot-Static-Cache
AKAMAI
X-Generated-On
X-Server-IP
X-Servername
X-Level-Front-Cache
X-Geo-Header
X-S-Maxage
X-Alternate-Cache-Key
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-ShopId
X-Shopify-Stage
X-Sorting-Hat-ShopId
X-Thanos
X-TrackingId
X-Sorting-Hat-PodId
X-Skip-Cache
SD-X-WS
X-Info
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
Adler-Geo
Gh-Request-Id
X-Owner
N-Cache
Platform
X-Server-Time
Fastly-Backend-Name
X-Variation
X-Amzn-Remapped-Content-Length
X-Varnish-Url
Magicmarker
Is-Eu
X-GZip
X-NC
X-RateLimit-Reset
X-Apm-Inst-Hash
X-Apm-Svc-Key
X-Cdn-Origin
X-Sn-Servicetimems
V-Age
X-Apm-App-Name
Server-ID
MIME-Version
REQUESTUUID
Rt-Proxy-Cache
X-ND-Cache
X-Exp-Se
X-Geo
X-Node-Id
X-Org
X-FPC
X-Load-Cache
X-Served-From
X-Pjax-Url
VivaBuild
Viewtype
X-Varnish-Beresp-Ttl
X-Gdpr
X-B3-Parentspanid
HostName
X-CUA
X-CDN-Forward
Powered-By
X-Dc
X-Parent-Response-Time
Pragrma
X-CSRF-TOKEN
Section-Io-Cache
X-Aicache-OS
X-Returned-From-BeforeDispatch
X-Original-Request
Wxu-Next-Region
X-Git-Hash
X-Svr
X-Returned-From-DLL
X-Passed-To-BeforeDispatch
X-Passed-To
X-Passed-To-PostProcessResponse
X-Returned-From-PostProcessResponse
Wxu-Next-Hostname
X-Stale
X-Returned-From
X-DC
X-Passed-To-DLL
X-Server-By
Wxu-Next-Commit
X-Actual-URL
X-Nc
X-HS-Cache-Config
X-Servedbyhost
Host-ID
Time
X-VServer
Memory
X-Croise-Owner
CF-IPCountry
X-Host-Name
X-Oss-Request-Id
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-Wa
Cdn-Request-Time
PICS-Label
X-Edge-Server
X-Oss-Server-Time
X-Oss-Storage-Class
Cdn-Host
X-CACHE-KEY
X-Webkit-Csp
ProcessTime
Resin-Trace
X-Release
Mime-Version
Fastcgi-Useragent
X-Tb-Optimization-Total-Bytes-Saved
X-Unique-ID
X-Daa-Tunnel
X-Microcachable
SID
X-WebServer
X-Newrelic-Synthetics
X-Cache-HT
X-Optimization
AR-SID
X-Varnish-Beresp-TTL
X-TH-Server
Cf-Ipcountry
X-Phone
Cdn
X-From-Cache
X-Upstream-HT
X-Upstream-CT
X-V
X-Lb-Id
X-Instart-Info
X-Req
CF-Cached-On
Backend-Name
X-APP
Odigeo-Trace-Id
X-Fastly-Backend-Reqs
X-Atg-Version
XServer
X-HTML-Minification-Powered-By
Proxy-Firewall
X-Backend-TTL
X-Worker
X-WR-MODIFICATION
X-B3-SpanId
409pxxline
X-Server-W
188prxHost
Xxline
X-LB-ID
Processtime
X-Fstrz
355prline
X-ID
225prxHost
219prxHost
189phosttRef
178proxuri
286prxHost
X-Vcl-Version
352pxline
X-Ratelimit-Remaining
X-IPS-LoggedIn
X-Response-By
X-Zone
X-Ratelimit-Limit
X-CLOUD-TRACE-CONTEXT
X-CACHE-AGE
Version
X-Nananana
X-Check-Cacheable
GMS-Ver
Public-Key-Pins-Report-Only
X-NGINX-Cache
Pics-Label
X-UPSTREAM-Address
X-Vcache
X-Akamai-Request-ID2
Esi-Enabled
WZWS-RAY
Accept-Language
X-Ratelimit-Reset
X-URL
X-Contensis-Viewer-Groups
X-Request-Handler-Origin-Region
X-VCL-Version
SN
X-Microsite
Fastcgi-X-Cache-Version
X-WA
X-AssetVersion
X-ServedByHost
GeoIP-City
GeoIP-Country-Code
X-CSRF-Token
X-HS-Status
GeoIP-Latitude
X-GEO
X-Amz-Meta-Surrogate-Control
X-Hyper-Cache
GW-Server
DataCenter
X-SERVER-NAME
X-Vtex-Remote-Cache
X-Be
X-UE-Client-Country
Geoip-Latitude
GeoIp-Country-Code
X-We-Are-Hiring
X-Clientip
Mobile-Detection-Method
X-Fastly-Country-Code
Lb
X-RequestId
Countrycode
X-Vtex-Processado-Em
X-ZONE
Amp-Access-Control-Allow-Source-Origin
X-Dynatrace
X-Reqid
X-Urbn-Context-Path
X-Urbn-Site-Id
X-BE
X-Request-Start
SS
X-Render-Time
Geoip-City
X-Via-NSCOPI
X-Via-Ucdn
Locale
X-Cdn-Cache
Ohc-File-Size
WP-Super-Cache
X-CS
X-Hello
X-NWS-UUID-VERIFY
X-ABtesting
X-LiteSpeed-Cache-Control
URI
X-Flog
X-GDPR
X-GZIP
X-Unique-Id
X-Fpc
Dnion-Transfer-Encoding
CDN
FSS-Proxy
X-HS-Combine-CSS
FSS-Cache
X-PJAX-URL
X-PF-Uncompressing
X-Gen-Id
X-HostName
X-SRV
FastCGI-Cache
Dynatrace
X-FORWARDED-FOR
Serverid
IBM-Web2-Location
X-Fastly-Cache-Hits
X-Generation-Time
X-Test
X-NGENIX-Cache
Cneonction
X-Pf-Uncompressing
RequestUuid
X-Cache-Ttl
X-Cluster-Name
X-Compress-Hint
Ohc-Cache-HIT
Requestid
X-Bug-Bounty
X-Html-Edge-Cache
Server-Id
X-Store
X-LiteSpeed-Tag
A
X-Request-Url
Accept-Ch
X-Akamai-SSL-Client-Sid
RequestId
X-Dw-Trace-Id
NnCoection
Frontcache
X-Cdn-Request-ID
X-Port
X-HTML-Edge-Cache
Get-Access-Time
Is-Session-Tracking
X-EC-Lua
X-UCC
X-Serial
Ohc-Response-Time
X-ServerName