Threat Level: green Handler on Duty: Russ McRee

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
X-Powered-By
Link
ETag
CF-RAY
X-XSS-Protection
Expect-CT
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
CF-Cache-Status
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-AspNet-Version
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-Xss-Protection
X-Drupal-Cache
X-Adblock-Key
Alt-Svc
X-Check
X-Request-ID
X-Cacheable
Content-Security-Policy-Report-Only
X-Cache-Status
X-Generator
CF-Ray
X-Permitted-Cross-Domain-Policies
X-DNS-Prefetch-Control
X-AspNetMvc-Version
X-Template
X-Language
Status
X-Iinfo
Content-Encoding
Timing-Allow-Origin
X-Buckets
X-FRAME-OPTIONS
X-Content-Security-Policy
Upgrade
Xkey
X-Turbo-Charged-By
X-CDN
X-Kinja-Server-Push
Keep-Alive
Access-Control-Expose-Headers
X-Backend
X-Cache-Group
Access-Control-Max-Age
X-Pass-Why
X-AH-Environment
X-Drupal-Dynamic-Cache
X-Age
X-Ua-Compatible
X-Pingback
X-Server
X-Via
X-Proxy-Cache
Grace
X-Amz-Id-2
X-Amz-Request-Id
X-Hacker
X-Varnish-Cache
WPE-Backend
X-Page-Speed
X-Robots-Tag
X-Server-Powered-By
X-Nginx-Cache-Status
X-UA-Device
EagleId
Request-Context
X-Envoy-Upstream-Service-Time
Cf-Railgun
P3p
X-Amz-Version-Id
X-LiteSpeed-Cache
X-Swift-CacheTime
X-Swift-SaveTime
X-WebKit-CSP
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Device
Ali-Swift-Global-Savetime
X-OneAgent-JS-Injection
Server-Timing
Allow
X-Ac
X-Rq
X-Node
X-Host
Content-Location
X-Server-Id
X-CST
Feature-Policy
X-Cnection
X-Response-Time
Report-To
X-Backend-Server
X-Cloud-Trace-Context
Surrogate-Control
EagleEye-TraceId
X-Application-Context
X-Type
X-Iejgwucgyu
X-ORACLE-DMS-ECID
X-Url
X-Readtime
X-Origin-Cache
Request-Id
X-Rack-Cache
X-Country
X-FTR-Request-ID
X-Cache-Lookup
X-Clacks-Overhead
X-Country-Code
Rating
NEL
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Instart-Request-ID
X-Vhost
X-DynaTrace
X-Ruxit-JS-Agent
X-Mod-Pagespeed
Pinterest-Generated-By
X-Origin-Upstream-Status
X-DataDome
X-Px
Edge-Control
X-Goog-Hash
X-Upstream-Env
Verso
X-Server-Name
X-HW
Accept-CH
X-ESI
X-Dispatcher
MS-Author-Via
X-VARITI-CCR
AR-PoweredBy
AR-ATIME
AR-CACHE
X-Cdn
X-GitHub-Request-Id
X-MS-InvokeApp
Arc-Version
PB-PID
PB-RID
X-Mobile-Rewrite
X-ORACLE-DMS-RID
X-Kinja-Build
X-Kinja
X-GoogleNews-Bot
X-Cdn-Fetch
X-Exp-Id
X-Exp-Variant
X-Use-Magma
X-Kinja-Server
X-Kinja-Revision
X-DataStream-Cache-Status
X-Cached
X-Version
Charset
Content-MD5
Public-Key-Pins
X-Powered-By-Plesk
X-Recruiting
X-Dns-Prefetch-Control
Service-Worker-Allowed
AR-Request-ID
Accept-CH-Lifetime
X-TTL
Ar-Sid
RTSS
X-Abt-Application-Version
X-D2id
X-Navigation-Version
X-Vname
X-PC
X-TtlSet
X-Ser
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Amz-Server-Side-Encryption
X-Server-ID
X-Vcap-Request-Id
X-Varnish-TTL
X-Forwarded-Proto
X-Trace
X-Client-IP
SPRequestGuid
X-DynaTrace-JS-Agent
Nginx-Cache
X-FTR-Backend
X-Country-Code-Real
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-Realm
X-FTR-DC
X-FTR-Cache-Status
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Goog-Stored-Content-Length
X-FTR-Expires
X-Amz-Rid
S
X-XRDS-Location
X-SharePointHealthScore
X-Amz-Meta-S3cmd-Attrs
X-Fastly-Request-ID
X-Oracle-Dms-Rid
X-Debug
DynaTrace
TCN
X-VCache
Arr-Disable-Session-Affinity
X-Hits
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-Dw-Request-Base-Id
X-Shield-Request-Id
X-TEC-API-ROOT
Pinterest-Version
X-Akam-SW-Version
X-Upstream-Proxy
SPRequestDuration
SPIisLatency
X-Pinterest-Rid
X-B3-TraceId
Access-Control-Request-Method
X-Powered-CMS
X-FTR-Cache-Host
X-Goog-Storage-Class
X-T
Front-End-Https
Realpath
X-NF-Request-ID
X-SERVER
X-Acc-Meta-Resource-Type
Tracecode
X-Amzn-Trace-Id
X-MSEdge-Ref
X-Ttl
X-Id
X-Aspnet-Version
Fastcgi-Cache
X-N
X-Varnish-Age
X-Content-Type
Paypal-Debug-Id
X-Forwarded-For
X-Upstream
X-Fastcgi-Cache
Mrf-Cache-Status
X-Mrf-Item-Lastmod
MRF-Tech
X-B3-TraceId-Primal
X-Mrf-Section-Lastmod
Alternate-Protocol
X-Frontend
X-RateLimit-Remaining
X-Logged-In
X-PressLabs-Stats
X-HS-Content-Id
X-Content-Digest
X-HS-Hub-Id
Fusion-Component-Id
Fusion-Content-Id
Fusion-Content-Source
Fusion-Source
Fusion-Template-Id
X-Middleton-Display
Display
X-Sol
X-Hostname
X-Middleton-Response
Response
X-Litespeed-Cache
X-Cache-Key
AMP-Access-Control-Allow-Source-Origin
X-Srv
X-Accel-Expires
X-Pad
X-Webkit-CSP
MicrosoftSharePointTeamServices
Host
X-Kinsta-Cache
Server-Name
X-Correlation-Id
X-Content-Options
X-Analytics
Backend-Timing
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
X-User-Agent
X-Revision
X-LB-Cache
X-Debug-Info
X-B3-Traceid
X-Amzn-RequestId
X-AppVersion
X-Az
X-Rid
X-Amz-Apigw-Id
X-Accel-Buffering
X-Activity-Id
X-Cache-Hit
X-IPLB-Instance
X-Cache-2
X-B3-Sampled
Accept-Charset
FilterID
Surrogate-Key
Refresh
X-B
X-Grace
Powered-By-ChinaCache
ServerID
X-CF-Powered-By
X-DIS-Request-ID
X-Ruxit-Js-Agent
X-Page-Id
X-Whom
Server-Info
TP-L2-Cache
TP-Cache
Host-Header
MS-CV
X-Request-Processing-Time
X-Request-Received
X-PHP-Backend
Cache-Status
X-Content-Security-Policy-Report-Only
X-Kong-Proxy-Latency
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Varnish-Backend
Source
X-Kong-Upstream-Latency
X-App-Environment
X-Amz-Replication-Status
X-Cached-By
X-Origin-Server
X-TT
X-Framework
X-Akamai-Edgescape
X-F-Cache
X-Platform-Server
X-Cluster
X-UA-Device-Type
X-Cache-Action
X-Varnish-Grace
X-Tumblr-User
X-Tumblr-Pixel
Access-Control-Allow-Method
X-Content-Powered-By
X-Tumblr-Pixel-0
X-Mobile
X-Request-Guid
X-FW-Server
X-FW-Static
X-FW-Type
X-FW-Serve
X-FW-Hash
X-Drupal-Cache-Tags
X-FB-Debug
X-Instance
X-SS-Set-Cookie
X-Zen-Fury
X-Geo-Country
X-GUploader-UploadID
X-RateLimit-Limit
X-Forwarded-Host
X-Shard
X-Handled-By
X-Ezoic-Cdn
X-Cache-TTL
X-Magnolia-Registration
Edge-Cache-Tag
X-FastCGI-Cache
From-Origin
X-Node-Name
X-Oneagent-Js-Injection
X-ATG-Version
PageSpeed
X-Varnish-Hostname
X-Cache-Age
Cache-Tags
X-Varnish-Server
X-App-Server
DC
X-BCube-Filmed-By
Cleartype
X-Cache-Control
X-AOL-HN
X-TA-CDN-Provider
Fastly-Restarts
Upgrade-Insecure-Requests
Healthy
X-Cache-Rule
Payment
X-Region
X-Response-Served-From
Filters
X-Generated-By
Server-Node
X-WebKit-CSP-Report-Only
X-RequestSource
X-Adobe-Loc
X-Adobe-Content
X-B-Cache
X-Signature
X-TX-ID
X-RTag
Webserver
X-VG-WebCache
X-GeoIP
NGB
X-Storage
Country
X-Redis-Cache
Ms-Operation-Id
X-TT-TIMESTAMP
X-UUID
X-FW-Dynamic
X-Drupal-Cache-Contexts
X-Tumblr-Pixel-2
X-Jobs
Actual-Object-TTL
X-Tumblr-Pixel-1
X-Content-Age
X-Locale
X-Cacheable-TTL
Retry-After
Cache-Tv-Group
X-Varnish-Hits
CACHE
GEO-INFO
Powered
X-XRDS-LOCATION
ServedBy
Liferay-Portal
Frame-Options
X-Contextid
HitType
X-Seen-By
X-Rendered-As
X-WA-Info
X-Cache-TTL-Remaining
X-Guploader-Uploadid
X-Yottaa-Metrics
X-Varnish-IP
X-Yottaa-Optimizations
X-Via-JSL
X-Real-IP
X-Wix-Server-Artifact-Id
X-ProcessESI
X-Cache-NE
S-Cnection
X-RemovedCookies
Viewport
Eomportal-Instance
X-Upgrade-Enabled
X-Time
X-BACKEND-TTL
Xserver
X-Cache-Server
X-Mode
X-Esi
X-GRACE
Datacenter
Content-Script-Type
OT-Force-Account-Verify
Content-Style-Type
X-Cache-Operation
X-Hl-Ver
X-From
X-Zipkin-Id
X-Is-Bot
X-Proto
X-Routing-Service
X-RN-RSRV
X-ES-SERVER
X-Proxied
X-Path-Route
Load-Balancing
Meta-Geo
Cache-Key
Cache-Hits
X-Varnish-Cache-Hits
Mn-Server-Ip
X-Cache-Enabled
X-Detected-As
X-Cache-Var-Map
X-Cache-Var
X-Device-Type
Machine
X-S
NtCoent-Length
X-Cache-Config
TWC-GeoIP-LatLong
TWC-Locale-Group
Vix-Hermes-Req-Id
We-Hiring
TWC-GeoIP-Country
TWC-Privacy
TWC-Connection-Speed
L5d-Success-Class
Access-Control-Request-Headers
Mail-Subject
NGX
Webcakes-App-Name
Property-Id
TWC-Device-Class
Webcakes-Region
X-Tb
X-Origin-Hint
X-VG-TLSProxy
X-Viewer-Country
X-VWS-Id
X-LJ-Flow-ID
X-L-Path
X-Environment-Context
X-AWS-Id
X-FB-TRIP-ID
X-FC-Vary-Parameters
X-Hosted-By
Webcakes-App-Version
X-Proxy
X-Akamai-Transformed
S-Rt
X-NWS-LOG-UUID
X-Access
X-Birta-Cache-Post
X-Akamai-Request-ID
Origin-Edge-Control
Origin-Cache-Control
Azure-RegionName
Azure-SiteName
Azure-SlotName
Azure-Version
X-Birta-Served
X-Debug-Cache
X-ServerID
X-Section
X-Time-Microsecs
X-Web-Node
X-Backend-Name
X-Origin-Response-Time
X-Loop
X-EIG-Tracking-Id
X-Format
X-FW-Version
X-Labrador-Cache-Channel
Azure-InstanceId
X-TNCMS
X-OCL
X-JoinUs
X-PCL
X-Proxy-Build
X-ProxyCache-Key
X-IP
X-Human
X-BYPASS-REASON
Cache-Tag
X-CCM
X-Endurance-Cache-Level
Selected-FE
X-Timing-Wait
X-ProxyCache-Status
X-NCache
Now
X-RCS-CacheZone
X-Tumblr-Pixel-3
X-Rocket-Nginx-Bypass
X-Xfnlog-Site
DB-Nickname
X-Vgn-Hpd-Reason
X-Varnish-Cacheable
X-Trace-Id
X-Via-Fastly
X-Via-CDN
Uber-Trace-Id
X-Site-Version
X-Cache-Category-Id
X-Grey
X-Generated
X-Www-Served-By
X-Newrelic-App-Data
Decoy-Debug-Status
Decoy-Debug-Key
X-Status
X-MP-GENERATED-AT
Decoy-Debug-TTL
X-R9-Blue-Green-Version
Served-By
X-Internal-Host
X-VC-Cache
X-Cache-Remote
X-Rule
X-Dynatrace-Js-Agent
X-UA
LB
ViewerVersion
X-Wix-Request-Id
X-CDN-Cache
X-EdgeConnect-Cache-Status
X-UnsetCookies
Release
AsisCache
X-Origin-Host
X-Cluster-Node
X-Sucuri-ID
Rt-Fastcgi-Cache
Nel
X-NewRelic-App-Data
X-App-Name
X-ApacheServer
X-PERF
X-App-Version
X-Source
X-Nginx-Cache
X-Request-Time
X-B3-Spanid
Pagespeed
X-TIME
X-Varnish-Ttl
X-Agile-Age
X-Agile
X-Datadome
X-Agile-Id
X-Ua
User-Agent
X-Hit
X-OVcl
X-APP-VERSION
X-Origin
Cache-Name
X-OVcl-Cache
X-Goog-Meta-Goog-Reserved-File-Mtime
X-VCT
X-Edge-Location
Warning
Hostname
X-WPE-Loopback-Upstream-Addr
X-Origin-CC
X-Pubstack
X-Origin-TTL
X-Debug-Cache-Store
X-Destination
X-Server-Group
X-Up
X-A-Ccd
X-A-Dgt
X-Twitter-Response-Tags
X-Var-Ttl
X-Debug-Cookies
X-A-Dcw
X-A-Dam
X-Debug-Log
X-Accel-Expires-Debug
X-Cache-Grace
X-Cache-Expires
Arc-Country
BehaviorPad-Version
X-CF-Lambda-Fn
X-Cache-Info
X-Application
X-ARC
User-Cache-Control
X-BB-ID
SRV
X-B-Cookie
X-Cache-ASPX
X-CF-Lambda-Version
X-Aed
X-Date
X-Thinkindot-L3
DSUID
X-Debug-Cache-Expiry
X-Trv-Group
X-Transaction
X-D
X-A-Wwc
X-Connection-Hash
Cache-Prefix
X-SRCache-Key
X-Core-Value
X-Hp-Webp
X-Debug-Cache-Fetch
Fly-Request-Id
X-G
X-IN-APIGATEWAY
Meta-Geo-Continent
X-NX-Host
X-IN-WAF
X-Webstats-RespID
X-Rojux
MD5-Digest
Server-Cache-Control
Memcached
X-Mobile-URL
X-Gannett-Site-Version
X-Rewrite-Enabled
Node
Request-Country
X-Instart-Isnd
Rendered-Blocks
X-NodeID
X-NU-AKA-ACS-Version
Request-EU
Origin
Request-Time
Xc-Version
On-Server
X-External-Request-Id
X-F5-Cache
X-DPWN-IS-SECURE
Lfy
X-Varnish-Authentication
UCS
Fly-Cache
X-Matched-Rule
Ajk
X-Region-Sid
Www
X-Developer
Cross-Origin-Window-Policy
Ec-Rule-Version
X-Cdn-Forward
X-A
X-Secret
X-PAYTM-SRV-ID
X-S-Cookie
Thinkindot-CacheControl
X-Request-UUID
X-Logtrace-Id
Server-Surrogate-Control
Thinkindot-CacheControl-Type
Thinkindot-Control
X-ScT
X-Generated-In
X-Platform
X-VG-WebServer
X-Processor
X-Edge-IP
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-Protected-By
X-Cache-Backend
X-ElasticPress-Search
Server-Host
Server-Int
X-Distributor
X-LAGOON
X-PHP-Host
X-Gen-Mode
X-Distil-CS
Pramga
X-Request-URI
X-Dispatcher-Server
Proxy-Connection
X-Policy
X-Qloud-Router
X-Info
RNT-Machine
X-Key
X-Nginx-Cache-Key
X-Eu-Site
X-No-Session
RNT-Time
X-Epic-Correlation-Id
X-Origin-Expires
X-Li-Fabric
X-Origin-Date
X-RateLimit-Limit-Second
X-Irp-Debug
X-LI-UUID
X-Reboot
X-Amzn-Remapped-Connection
X-CGP
X-Rebelmouse-Cache-Control
X-Crawler
X-Cache-Id
X-Amzn-Remapped-Date
X-Cache-Bucket
X-C
X-Cache-Debug
X-Rebelmouse-Surrogate-Control
X-Cache-Host
X-RateLimit-Remaining-Second
X-Proxy-Upstream
X-Developers
Web-Mar-Node
True-Client-Country-4JS
X-Device-Os
X-Block-Status
X-Geo-Header
X-Hash
X-Proxy-Cache-Status
X-Hnp-Log
X-LI-Proto
X-Page-Type
X-Li-Pop
X-SN
Fastly-SIE
Fastly-Backend-Name
Country-Code
X-TT-LOGID
X-Cache-Miss-From
Cache-Cookie-Set-From
Fastly-SWR
Apple-News-Services-Handled
Apple-News-Services-Host
Cache-Cookie-Set-Lfrom
X-Varnish-Url
Cache-Cookie-Set-Idcheck
Backend
CDCHOST
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Ha-Gx-Prefs
X-Swa-Ws
X-Sedo-Request-Id
X-Refresh
Pagetype
X-Sucuri-Cache
X-Ocache
X-SIPLIST1
HA-Ipaddr
Kp-EeAlive
X-Sf
IsBot
X-ServiceProvider
X-FireWall-Port
Cache
Cteonnt-Length
X-Core-Mission
X-Variation
X-Sorting-Hat-ShopId
X-User
X-Cms-Context
X-Sorting-Hat-PodId
X-Thanos
X-Wikidot-Static-Cache
X-Micro-Cache
X-Location
X-GeoIP-Country-Code
X-GeoIP-City
FNAC-ModuleRouting
X-Level-Front-Cache
X-Real-Ip
X-MSEdge-Flight
X-MSEdge-Features
X-Cdn-Srv
X-Generated-On
X-Skip-Cache
X-Wikidot-Backend
X-Via-SSL
X-Via-Edge
ServerName
X-Fetched-On
X-Gateway-Skip-Cache
X-Gateway-Cache-Status
X-Gateway-Cache-Key
X-Ah-Environment
X-TrackingId
Content-Disposition
Fastly-Soc-X-Request-Id
X-Server-IP
X-Servername
X-Amz-Meta-Cache-Control
X-Alternate-Cache-Key
Fastly-SSL
X-S-Maxage
N-Cache
Platform
SD-X-WS
Magicmarker
Heartbleed
Is-Eu
X-Amzn-Remapped-Content-Length
HTTPS
X-ShardId
Adler-Geo
X-Backend-State
X-Shopify-Stage
X-Cache-FS-Status
X-Bip
X-ShopId
X-BBXSRF
AKAMAI
X-Owner
X-Backend-Url
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Backend-Host
X-Planisys-CDN-Cache
X-Auto-Login
X-Fastly-Cache
X-Server-Time
X-Varnish-Beresp-Ttl
X-GZip
Gh-Request-Id
X-RateLimit-Reset
X-Node-Id
Server-ID
MIME-Version
X-Apm-Inst-Hash
X-Apm-App-Name
X-NC
X-Apm-Svc-Key
X-Org
X-FPC
X-Cdn-Origin
V-Age
X-Sn-Servicetimems
X-Geo
X-ND-Cache
X-Pjax-Url
Rt-Proxy-Cache
VivaBuild
X-CUA
Viewtype
REQUESTUUID
Powered-By
X-Exp-Se
X-CACHE-KEY
X-Load-Cache
Section-Io-Cache
HostName
X-Served-From
Pragrma
X-CDN-Forward
X-Gdpr
X-Nc
X-B3-Parentspanid
X-Dc
X-Passed-To
X-Passed-To-DLL
X-Passed-To-PostProcessResponse
X-Original-Request
X-Aicache-OS
X-Stale
X-Svr
X-Actual-URL
X-Server-By
X-Passed-To-BeforeDispatch
X-Returned-From
X-CSRF-TOKEN
X-Returned-From-DLL
X-Returned-From-PostProcessResponse
X-Returned-From-BeforeDispatch
X-Parent-Response-Time
X-VServer
Time
X-DC
Memory
Host-ID
X-Croise-Owner
X-HS-Cache-Config
Fastcgi-Useragent
X-Git-Hash
Wxu-Next-Region
Cdn-Host
Cdn-Request-Time
X-Edge-Server
Wxu-Next-Hostname
Wxu-Next-Commit
X-Unique-ID
X-Wa
PICS-Label
ProcessTime
X-Servedbyhost
Resin-Trace
X-Microcachable
CF-IPCountry
Mime-Version
X-Oss-Server-Time
X-Oss-Storage-Class
X-Oss-Request-Id
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
SID
X-Host-Name
X-Tb-Optimization-Total-Bytes-Saved
X-Release
X-ID
X-Optimization
X-Newrelic-Synthetics
X-Cache-HT
X-V
AR-SID
Cf-Ipcountry
X-TH-Server
X-From-Cache
X-Daa-Tunnel
X-Lb-Id
X-WebServer
X-Req
Cdn
Odigeo-Trace-Id
X-Phone
X-Varnish-Beresp-TTL
X-APP
X-Upstream-HT
X-Instart-Info
X-HTML-Minification-Powered-By
X-Upstream-CT
X-Atg-Version
X-Vcache
X-Fstrz
Backend-Name
X-Fastly-Backend-Reqs
XServer
Proxy-Firewall
CF-Cached-On
Processtime
X-B3-SpanId
X-LB-ID
X-Worker
X-Response-By
X-WR-MODIFICATION
X-Vcl-Version
X-Ratelimit-Remaining
X-Backend-TTL
409pxxline
X-Server-W
Public-Key-Pins-Report-Only
X-Ratelimit-Limit
Xxline
352pxline
X-Zone
355prline
225prxHost
189phosttRef
188prxHost
178proxuri
X-Nananana
GMS-Ver
219prxHost
286prxHost
X-CACHE-AGE
X-CLOUD-TRACE-CONTEXT
WZWS-RAY
X-Check-Cacheable
X-IPS-LoggedIn
Version
X-GEO
Pics-Label
X-NGINX-Cache
X-WA
Fastcgi-X-Cache-Version
Esi-Enabled
X-ServedByHost
X-UPSTREAM-Address
X-Ratelimit-Reset
X-URL
X-HS-Status
X-Amz-Meta-Surrogate-Control
X-Akamai-Request-ID2
Lb
X-UE-Client-Country
X-We-Are-Hiring
GW-Server
X-VCL-Version
GeoIp-Country-Code
Countrycode
X-AssetVersion
X-Contensis-Viewer-Groups
X-Clientip
Mobile-Detection-Method
Accept-Language
SN
Geoip-Latitude
X-CSRF-Token
X-Hyper-Cache
DataCenter
X-SERVER-NAME
GeoIP-City
SS
Geoip-City
GeoIP-Country-Code
X-Fastly-Country-Code
Amp-Access-Control-Allow-Source-Origin
GeoIP-Latitude
X-Dynatrace
X-SRV
Ohc-File-Size
X-Request-Start
X-Request-Handler-Origin-Region
X-NWS-UUID-VERIFY
X-RequestId
X-Render-Time
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
X-BE
X-Be
X-Microsite
X-Via-Ucdn
Serverid
X-GZIP
WP-Super-Cache
X-ZONE
FSS-Proxy
FSS-Cache
URI
X-PF-Uncompressing
X-Reqid
X-GDPR
X-Via-NSCOPI
X-HS-Combine-CSS
X-Urbn-Context-Path
X-Urbn-Site-Id
X-CS
Locale
X-LiteSpeed-Cache-Control
X-Unique-Id
X-Gen-Id
X-PJAX-URL
X-ABtesting
X-Cdn-Cache
CDN
X-Hello
X-Flog
Dynatrace
X-HostName
X-FORWARDED-FOR
FastCGI-Cache
X-Fpc
X-Pf-Uncompressing
RequestUuid
X-Fastly-Cache-Hits
Dnion-Transfer-Encoding
Ohc-Cache-HIT
X-Generation-Time
Cneonction
IBM-Web2-Location
X-Cache-Ttl
Accept-Ch
X-LiteSpeed-Tag
Server-Id
X-UCC
X-Request-Url
X-Html-Edge-Cache
A
X-ServerName
X-Store
X-Test
X-Akamai-SSL-Client-Sid
X-Dw-Trace-Id
RequestId
Requestid
Who
Is-Session-Tracking
Get-Access-Time
X-Port
X-Varnish-Action
Ohc-Response-Time
X-Serial
NnCoection
X-Cdn-Request-ID
X-HTML-Edge-Cache
Frontcache
X-EC-Lua