Threat Level: green Handler on Duty: Russ McRee

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
X-Powered-By
Link
ETag
CF-RAY
X-XSS-Protection
Expect-CT
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
CF-Cache-Status
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-Xss-Protection
X-Drupal-Cache
X-Adblock-Key
Alt-Svc
X-Check
X-Cacheable
Content-Security-Policy-Report-Only
X-Cache-Status
X-Generator
X-Request-ID
CF-Ray
X-DNS-Prefetch-Control
X-Permitted-Cross-Domain-Policies
X-AspNetMvc-Version
X-Template
X-Language
Status
X-Iinfo
Content-Encoding
Timing-Allow-Origin
X-FRAME-OPTIONS
X-Content-Security-Policy
X-Buckets
Upgrade
Xkey
X-CDN
X-Turbo-Charged-By
X-Kinja-Server-Push
Keep-Alive
Access-Control-Expose-Headers
X-Backend
X-Cache-Group
Access-Control-Max-Age
X-Pass-Why
X-AH-Environment
X-Drupal-Dynamic-Cache
X-Age
X-Ua-Compatible
X-Pingback
X-Server
X-Via
X-Proxy-Cache
Grace
X-Amz-Request-Id
X-Amz-Id-2
X-Hacker
X-Varnish-Cache
X-Page-Speed
X-Robots-Tag
X-Server-Powered-By
X-Nginx-Cache-Status
WPE-Backend
X-UA-Device
EagleId
Request-Context
X-Envoy-Upstream-Service-Time
P3p
Cf-Railgun
X-Amz-Version-Id
X-Swift-CacheTime
X-Swift-SaveTime
X-LiteSpeed-Cache
X-WebKit-CSP
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Device
Ali-Swift-Global-Savetime
X-OneAgent-JS-Injection
Server-Timing
Allow
X-Ac
X-Rq
X-Node
X-Host
X-Server-Id
Content-Location
Feature-Policy
X-CST
X-Cnection
X-Response-Time
Report-To
X-Backend-Server
X-Cloud-Trace-Context
EagleEye-TraceId
X-Application-Context
Surrogate-Control
X-ORACLE-DMS-ECID
X-Iejgwucgyu
X-Url
X-Origin-Cache
X-Readtime
Request-Id
X-Rack-Cache
X-Type
X-Country
X-FTR-Request-ID
X-Cache-Lookup
X-Clacks-Overhead
X-Country-Code
Rating
X-Instart-Request-ID
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
NEL
X-Ruxit-JS-Agent
X-Vhost
X-DynaTrace
Pinterest-Generated-By
X-Mod-Pagespeed
X-Origin-Upstream-Status
X-DataDome
Edge-Control
X-Px
X-Goog-Hash
X-Upstream-Env
X-Server-Name
Verso
X-HW
Accept-CH
X-Dispatcher
X-ESI
MS-Author-Via
AR-CACHE
X-VARITI-CCR
AR-ATIME
AR-PoweredBy
X-Mobile-Rewrite
PB-PID
Arc-Version
PB-RID
X-MS-InvokeApp
X-GitHub-Request-Id
X-Kinja
X-Kinja-Server
X-GoogleNews-Bot
X-Exp-Id
X-Cdn-Fetch
X-Kinja-Build
X-Kinja-Revision
X-DataStream-Cache-Status
X-Use-Magma
X-Exp-Variant
X-ORACLE-DMS-RID
X-Cached
X-Version
X-Powered-By-Plesk
Public-Key-Pins
Content-MD5
Charset
X-TTL
X-Recruiting
Service-Worker-Allowed
AR-Request-ID
Accept-CH-Lifetime
RTSS
Ar-Sid
X-Abt-Application-Version
X-Navigation-Version
X-D2id
X-PC
X-Vname
X-TtlSet
X-Ser
X-Amz-Server-Side-Encryption
X-Varnish-TTL
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Vcap-Request-Id
X-Forwarded-Proto
X-Trace
X-Client-IP
SPRequestGuid
X-DynaTrace-JS-Agent
Nginx-Cache
X-Server-ID
X-FTR-DC
X-Country-Code-Real
X-FTR-Realm
X-FTR-Backend
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-Cache-Status
X-Cdn
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-FTR-Expires
X-Goog-Metageneration
X-Oracle-Dms-Rid
X-Amz-Meta-S3cmd-Attrs
S
X-Amz-Rid
X-SharePointHealthScore
X-VCache
X-Fastly-Request-ID
DynaTrace
X-Debug
TCN
X-Hits
Arr-Disable-Session-Affinity
X-Dw-Request-Base-Id
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Shield-Request-Id
SPIisLatency
SPRequestDuration
X-Pinterest-Rid
Pinterest-Version
X-Upstream-Proxy
X-Akam-SW-Version
X-XRDS-Location
Access-Control-Request-Method
X-T
X-Powered-CMS
X-FTR-Cache-Host
X-SERVER
X-Goog-Storage-Class
X-B3-TraceId
X-Id
X-Litespeed-Cache
X-Aspnet-Version
Realpath
X-NF-Request-ID
Front-End-Https
X-Acc-Meta-Resource-Type
Tracecode
X-Amzn-Trace-Id
X-MSEdge-Ref
Fastcgi-Cache
X-Content-Type
X-Varnish-Age
X-Dns-Prefetch-Control
X-N
X-Forwarded-For
Paypal-Debug-Id
X-Ttl
X-Upstream
MRF-Tech
X-B3-TraceId-Primal
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
Alternate-Protocol
Mrf-Cache-Status
X-RateLimit-Remaining
X-Frontend
X-Logged-In
X-PressLabs-Stats
X-Content-Digest
X-HS-Content-Id
X-HS-Hub-Id
Fusion-Content-Source
Fusion-Content-Id
Fusion-Component-Id
Fusion-Template-Id
Fusion-Source
X-Cache-Key
Display
X-Sol
X-Middleton-Display
X-Fastcgi-Cache
X-Srv
X-Hostname
X-Middleton-Response
Response
AMP-Access-Control-Allow-Source-Origin
X-Accel-Expires
X-Pad
X-Webkit-CSP
MicrosoftSharePointTeamServices
Host
X-B3-Traceid
Server-Name
X-Kinsta-Cache
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
X-Correlation-Id
X-Analytics
Backend-Timing
X-Content-Options
X-User-Agent
X-Revision
X-Debug-Info
X-LB-Cache
X-Cache-2
X-IPLB-Instance
X-Rid
X-Cache-Hit
X-Amzn-RequestId
X-Amz-Apigw-Id
X-AppVersion
X-Activity-Id
X-Az
X-B3-Sampled
Accept-Charset
FilterID
Surrogate-Key
X-Grace
Refresh
X-Accel-Buffering
ServerID
X-B
Powered-By-ChinaCache
X-CF-Powered-By
X-DIS-Request-ID
X-Page-Id
X-Whom
X-Request-Processing-Time
X-Request-Received
Server-Info
X-FastCGI-Cache
TP-L2-Cache
TP-Cache
MS-CV
Host-Header
X-PHP-Backend
Cache-Status
X-Varnish-Backend
X-Ruxit-Js-Agent
X-Content-Security-Policy-Report-Only
X-Cached-By
VIX-Pulpo-Upstream-Status
X-Kong-Proxy-Latency
X-Akamai-Edgescape
X-App-Environment
X-Cache-Action
X-Kong-Upstream-Latency
X-Amz-Replication-Status
X-Origin-Server
Source
VIX-Pulpo-Node
X-TT
X-UA-Device-Type
X-Cluster
X-Framework
X-Tumblr-User
X-F-Cache
X-Tumblr-Pixel
X-Platform-Server
X-Tumblr-Pixel-0
X-Content-Powered-By
Access-Control-Allow-Method
X-GUploader-UploadID
X-Varnish-Grace
X-Mobile
X-Request-Guid
X-Instance
X-FW-Type
X-FW-Hash
X-FW-Server
X-FW-Static
X-Drupal-Cache-Tags
X-FW-Serve
X-FB-Debug
X-SS-Set-Cookie
X-Zen-Fury
X-RateLimit-Limit
X-Geo-Country
PageSpeed
X-Forwarded-Host
X-Ezoic-Cdn
X-Oneagent-Js-Injection
X-Handled-By
Edge-Cache-Tag
X-Cache-TTL
X-Magnolia-Registration
X-Shard
X-Node-Name
From-Origin
X-Varnish-Hostname
X-ATG-Version
X-Cache-Age
Cache-Tags
X-XRDS-LOCATION
X-TA-CDN-Provider
X-App-Server
X-Varnish-Server
X-BCube-Filmed-By
DC
Cleartype
X-AOL-HN
X-Cache-Control
Fastly-Restarts
Healthy
Upgrade-Insecure-Requests
X-Cache-Rule
Payment
X-Region
Filters
X-Response-Served-From
X-RequestSource
Server-Node
X-WebKit-CSP-Report-Only
X-TX-ID
X-Signature
X-B-Cache
Country
X-Adobe-Content
X-Adobe-Loc
X-Generated-By
NGB
X-Storage
Ms-Operation-Id
X-Tumblr-Pixel-1
X-UUID
X-Redis-Cache
X-Tumblr-Pixel-2
Webserver
X-TT-TIMESTAMP
X-RTag
Actual-Object-TTL
X-VG-WebCache
X-GeoIP
X-Drupal-Cache-Contexts
Retry-After
Cache-Tv-Group
X-Jobs
X-FW-Dynamic
X-Cacheable-TTL
X-Locale
X-Content-Age
X-Varnish-Hits
Powered
GEO-INFO
CACHE
ServedBy
Frame-Options
Liferay-Portal
X-Contextid
HitType
X-Rendered-As
X-WA-Info
X-Seen-By
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Varnish-IP
X-Cache-TTL-Remaining
X-Real-IP
X-Via-JSL
X-Cache-NE
Eomportal-Instance
X-Guploader-Uploadid
X-ProcessESI
S-Cnection
X-RemovedCookies
Viewport
X-Upgrade-Enabled
Nel
X-Esi
X-BACKEND-TTL
X-Cache-Server
X-Mode
Xserver
X-Cache-Operation
X-Varnish-Cache-Hits
X-Wix-Server-Artifact-Id
OT-Force-Account-Verify
Datacenter
X-Is-Bot
X-Cache-Var-Map
X-Device-Type
Content-Style-Type
X-From
Content-Script-Type
X-Detected-As
X-Zipkin-Id
X-Path-Route
X-ES-SERVER
X-Routing-Service
X-RN-RSRV
Mn-Server-Ip
Meta-Geo
X-S
X-Cache-Enabled
X-Cache-Var
Cache-Key
X-Time
X-Hl-Ver
X-Proto
Machine
X-Proxied
Load-Balancing
Cache-Hits
X-AWS-Id
X-Hosted-By
X-L-Path
X-FC-Vary-Parameters
X-FB-TRIP-ID
X-Cache-Config
X-Environment-Context
X-LJ-Flow-ID
X-VWS-Id
X-Tb
X-Proxy
X-VG-TLSProxy
X-Viewer-Country
X-Origin-Hint
X-Backend-Name
Webcakes-Region
TWC-Device-Class
TWC-GeoIP-Country
TWC-Connection-Speed
Property-Id
L5d-Success-Class
NGX
TWC-GeoIP-LatLong
TWC-Locale-Group
Webcakes-App-Name
Webcakes-App-Version
We-Hiring
Vix-Hermes-Req-Id
TWC-Privacy
Access-Control-Request-Headers
Mail-Subject
NtCoent-Length
X-Akamai-Transformed
X-MP-GENERATED-AT
X-Loop
X-Labrador-Cache-Channel
DB-Nickname
Azure-Version
Azure-SlotName
S-Rt
Azure-RegionName
Azure-SiteName
X-FW-Version
X-Format
X-Access
Now
Origin-Cache-Control
Origin-Edge-Control
X-Birta-Cache-Post
X-Birta-Served
X-NCache
X-EIG-Tracking-Id
X-Debug-Cache
X-Akamai-Request-ID
Azure-InstanceId
X-ServerID
X-Tumblr-Pixel-3
X-Web-Node
X-Time-Microsecs
X-TNCMS
X-RCS-CacheZone
X-Section
X-Origin-Response-Time
X-Rocket-Nginx-Bypass
X-Newrelic-App-Data
X-Via-CDN
X-Varnish-Cacheable
X-Vgn-Hpd-Reason
X-Via-Fastly
X-NWS-LOG-UUID
Selected-FE
X-Xfnlog-Site
X-Timing-Wait
X-ProxyCache-Status
X-ProxyCache-Key
X-Proxy-Build
X-PCL
X-JoinUs
X-IP
X-CCM
X-Trace-Id
X-OCL
X-BYPASS-REASON
X-Human
Cache-Tag
X-Endurance-Cache-Level
Uber-Trace-Id
X-Internal-Host
X-Site-Version
X-Grey
X-Generated
X-Www-Served-By
X-Cache-Category-Id
X-Status
Decoy-Debug-TTL
Decoy-Debug-Status
Decoy-Debug-Key
X-R9-Blue-Green-Version
X-VC-Cache
Served-By
X-UA
X-GRACE
X-Dynatrace-Js-Agent
X-Cache-Remote
LB
X-Rule
X-UnsetCookies
X-CDN-Cache
Release
X-EdgeConnect-Cache-Status
X-Wix-Request-Id
ViewerVersion
AsisCache
X-TIME
X-Origin-Host
X-Cluster-Node
X-Sucuri-ID
Rt-Fastcgi-Cache
X-APP-VERSION
X-App-Name
X-ApacheServer
X-PERF
X-Datadome
X-B3-Spanid
X-Source
X-Request-Time
X-Nginx-Cache
X-NewRelic-App-Data
X-Agile-Age
X-Agile-Id
X-Agile
X-OVcl-Cache
X-Ua
Cache-Name
X-OVcl
User-Agent
X-Origin
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Hit
X-VCT
X-Edge-Location
DSUID
Warning
X-App-Version
SRV
X-WPE-Loopback-Upstream-Addr
X-Origin-CC
X-ElasticPress-Search
X-Origin-TTL
X-BB-ID
X-A-Dam
X-Application
X-Aed
X-A-Dcw
X-VG-WebServer
X-A-Wwc
X-Accel-Expires-Debug
Xc-Version
X-Webstats-RespID
X-B-Cookie
X-A-Dgt
Request-Time
MD5-Digest
Lfy
Memcached
Meta-Geo-Continent
Node
Fly-Request-Id
Fly-Cache
BehaviorPad-Version
Arc-Country
Cache-Prefix
Cross-Origin-Window-Policy
Ec-Rule-Version
On-Server
Origin
Thinkindot-Control
Thinkindot-CacheControl-Type
UCS
Www
X-A
Thinkindot-CacheControl
Server-Surrogate-Control
Rendered-Blocks
Request-Country
Request-EU
Server-Cache-Control
X-A-Ccd
X-Core-Value
X-Generated-In
X-Gannett-Site-Version
X-Hp-Webp
X-Rojux
X-Rewrite-Enabled
X-IN-APIGATEWAY
X-S-Cookie
X-G
X-Developer
X-Destination
X-DPWN-IS-SECURE
X-External-Request-Id
X-F5-Cache
X-IN-WAF
X-Instart-Isnd
X-NX-Host
X-NU-AKA-ACS-Version
X-Pubstack
X-PAYTM-SRV-ID
X-Platform
X-NodeID
X-Mobile-URL
X-Matched-Rule
X-Logtrace-Id
X-Request-UUID
X-Region-Sid
X-Refresh
X-Debug-Log
Ajk
X-Up
X-CF-Lambda-Version
X-Connection-Hash
X-Twitter-Response-Tags
X-Trv-Group
X-CF-Lambda-Fn
X-Cache-Miss-From
X-Varnish-Authentication
X-Cache-Expires
X-Var-Ttl
X-Cache-Grace
X-Cache-Info
X-Processor
X-Transaction
X-Secret
X-Sedo-Request-Id
X-ScT
X-Debug-Cache-Store
X-Debug-Cookies
X-Debug-Cache-Fetch
X-Debug-Cache-Expiry
X-SRCache-Key
X-Thinkindot-L3
X-D
X-Date
X-Server-Group
X-Cache-ASPX
X-ARC
X-Edge-IP
Hostname
X-Ocache
User-Cache-Control
X-Cache-Backend
X-Varnish-Ttl
Cache
X-Dispatcher-Server
X-Device-Os
X-Developers
X-Distil-CS
X-Epic-Correlation-Id
X-Hash
X-Hnp-Log
X-Geo-Header
X-Gen-Mode
X-Crawler
X-Eu-Site
X-Distributor
X-Cache-Id
Web-Mar-Node
X-Amzn-Remapped-Connection
True-Client-Country-4JS
ServerName
Server-Host
Server-Int
X-Amzn-Remapped-Date
X-Ah-Environment
X-Cache-Host
X-Cdn-Srv
X-Cache-Debug
X-Cache-Bucket
X-Block-Status
X-C
X-CGP
X-Irp-Debug
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-Request-URI
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Proxy-Upstream
X-Qloud-Router
X-Servername
X-SIPLIST1
X-Reboot
X-ServiceProvider
FNAC-ModuleRouting
X-TT-LOGID
X-SN
X-Swa-Ws
X-Proxy-Cache-Status
X-Protected-By
X-Li-Pop
X-LI-Proto
X-Li-Fabric
X-LAGOON
RNT-Time
X-Key
X-LI-UUID
X-Location
X-PHP-Host
X-Policy
X-Origin-Date
X-No-Session
X-Micro-Cache
X-Nginx-Cache-Key
X-Info
X-Origin-Expires
Apple-News-Services-Request-Url
Pagetype
Ha-Gx-Prefs
Apple-News-Services-Parsed-Url
X-Sucuri-Cache
Cache-Cookie-Set-From
IsBot
Kp-EeAlive
Fastly-SWR
HA-Ipaddr
Apple-News-Services-Handled
Country-Code
Pramga
Backend
Apple-News-Services-Host
Fastly-Backend-Name
Proxy-Connection
Cache-Cookie-Set-Idcheck
CDCHOST
Cache-Cookie-Set-Lfrom
Fastly-SIE
RNT-Machine
X-Varnish-Beresp-Grace
Cteonnt-Length
X-Varnish-Beresp-Status
Pagespeed
X-FireWall-Port
AKAMAI
X-Sorting-Hat-ShopId
X-Wikidot-Static-Cache
X-Cms-Context
X-Thanos
X-Core-Mission
Fastly-SSL
N-Cache
Fastly-Soc-X-Request-Id
X-Level-Front-Cache
X-Amzn-Remapped-Content-Length
X-Via-SSL
X-Gateway-Cache-Key
Is-Eu
X-Variation
X-Gateway-Cache-Status
X-Gateway-Skip-Cache
HTTPS
X-Generated-On
X-GeoIP-City
X-GeoIP-Country-Code
Heartbleed
Magicmarker
X-TrackingId
X-Via-Edge
X-Fastly-Cache
X-Fetched-On
X-Varnish-Url
X-Wikidot-Backend
X-Cache-FS-Status
X-Planisys-CDN-TTL
X-Amz-Meta-Cache-Control
X-Alternate-Cache-Key
X-Server-IP
X-Auto-Login
X-Planisys-CDN-Cache
X-Backend-Host
X-Skip-Cache
X-Shopify-Stage
X-Page-Type
X-Sf
Adler-Geo
X-ShardId
X-ShopId
X-Planisys-CDN-Rules
X-Backend-Url
X-Backend-State
X-MSEdge-Flight
Content-Disposition
X-Sorting-Hat-PodId
X-User
SD-X-WS
Platform
X-S-Maxage
X-MSEdge-Features
X-Bip
X-BBXSRF
X-Cdn-Forward
X-GZip
X-Server-Time
X-Owner
X-RateLimit-Reset
Gh-Request-Id
X-Real-Ip
Server-ID
X-Node-Id
X-Apm-Svc-Key
X-Apm-Inst-Hash
V-Age
X-Cdn-Origin
X-Sn-Servicetimems
X-NC
X-Apm-App-Name
X-CDN-Forward
MIME-Version
X-Org
X-FPC
REQUESTUUID
Rt-Proxy-Cache
X-Geo
X-Exp-Se
X-ND-Cache
X-Varnish-Beresp-Ttl
HostName
Powered-By
VivaBuild
X-Pjax-Url
Viewtype
X-Served-From
X-CUA
X-Gdpr
X-Dc
X-Aicache-OS
Pragrma
X-B3-Parentspanid
Section-Io-Cache
X-Load-Cache
X-Parent-Response-Time
X-Passed-To-PostProcessResponse
X-Server-By
X-Returned-From-DLL
X-Nc
X-Returned-From-PostProcessResponse
X-Passed-To-BeforeDispatch
X-Actual-URL
X-Passed-To-DLL
X-Returned-From-BeforeDispatch
X-Svr
X-Stale
X-Returned-From
X-Original-Request
X-Passed-To
Wxu-Next-Hostname
Wxu-Next-Commit
Wxu-Next-Region
Time
CF-IPCountry
X-CSRF-TOKEN
X-VServer
Memory
X-HS-Cache-Config
PICS-Label
X-Croise-Owner
Host-ID
X-Git-Hash
X-DC
X-CACHE-KEY
Cdn-Host
Cdn-Request-Time
X-Edge-Server
X-Servedbyhost
Fastcgi-Useragent
X-Wa
Mime-Version
X-Unique-ID
Resin-Trace
X-Host-Name
X-Release
SID
X-Oss-Hash-Crc64ecma
X-Microcachable
X-Oss-Storage-Class
X-Oss-Object-Type
X-Tb-Optimization-Total-Bytes-Saved
X-Oss-Request-Id
X-Oss-Server-Time
AR-SID
X-Newrelic-Synthetics
ProcessTime
X-Cache-HT
X-Optimization
X-From-Cache
X-TH-Server
X-WebServer
X-Lb-Id
X-Daa-Tunnel
X-Varnish-Beresp-TTL
X-Phone
X-Req
Cdn
X-V
Cf-Ipcountry
X-Upstream-HT
X-Instart-Info
X-Upstream-CT
Odigeo-Trace-Id
X-Atg-Version
X-HTML-Minification-Powered-By
X-Fastly-Backend-Reqs
X-APP
XServer
Proxy-Firewall
Processtime
Backend-Name
CF-Cached-On
X-Vcl-Version
X-Worker
X-Fstrz
X-ID
X-WR-MODIFICATION
X-Ratelimit-Remaining
X-Server-W
X-Ratelimit-Limit
X-B3-SpanId
188prxHost
189phosttRef
Xxline
225prxHost
X-Backend-TTL
X-Response-By
352pxline
355prline
286prxHost
409pxxline
X-Nananana
219prxHost
X-LB-ID
178proxuri
X-CLOUD-TRACE-CONTEXT
X-CACHE-AGE
X-Check-Cacheable
GMS-Ver
X-IPS-LoggedIn
X-Zone
Version
Public-Key-Pins-Report-Only
X-Vcache
X-NGINX-Cache
X-WA
WZWS-RAY
X-CSRF-Token
X-UPSTREAM-Address
Fastcgi-X-Cache-Version
X-URL
X-Ratelimit-Reset
X-ServedByHost
Esi-Enabled
X-Akamai-Request-ID2
Geoip-Latitude
X-Hyper-Cache
X-Amz-Meta-Surrogate-Control
Accept-Language
GeoIp-Country-Code
X-VCL-Version
X-AssetVersion
X-HS-Status
GW-Server
SN
X-GEO
Pics-Label
X-Contensis-Viewer-Groups
DataCenter
Geoip-City
Mobile-Detection-Method
GeoIP-Latitude
GeoIP-Country-Code
Lb
X-UE-Client-Country
X-Clientip
GeoIP-City
X-We-Are-Hiring
X-Fastly-Country-Code
X-SERVER-NAME
Countrycode
X-Dynatrace
X-ZONE
X-RequestId
SS
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
X-Request-Handler-Origin-Region
X-Request-Start
X-Microsite
X-Render-Time
X-Via-Ucdn
X-BE
X-Be
WP-Super-Cache
Ohc-File-Size
X-LiteSpeed-Cache-Control
X-Urbn-Context-Path
X-Urbn-Site-Id
X-Reqid
X-CS
X-NWS-UUID-VERIFY
X-Via-NSCOPI
Locale
X-GDPR
URI
X-GZIP
X-Unique-Id
FSS-Cache
X-ABtesting
FSS-Proxy
X-HS-Combine-CSS
X-Gen-Id
X-PJAX-URL
CDN
X-Cdn-Cache
X-Hello
X-PF-Uncompressing
X-Flog
Amp-Access-Control-Allow-Source-Origin
Dynatrace
FastCGI-Cache
X-HostName
X-FORWARDED-FOR
X-SRV
Serverid
X-Generation-Time
IBM-Web2-Location
Dnion-Transfer-Encoding
X-Fpc
X-Fastly-Cache-Hits
X-Pf-Uncompressing
Cneonction
RequestUuid
X-Cache-Ttl
Accept-Ch
Ohc-Cache-HIT
Server-Id
A
X-LiteSpeed-Tag
X-Test
X-Request-Url
X-Html-Edge-Cache
X-Store
X-NGENIX-Cache
X-Akamai-SSL-Client-Sid
X-Dw-Trace-Id
X-Varnish-URL
X-PAGE-TYPE
X-SF
X-HTML-Edge-Cache
Frontcache
RequestId
Requestid
X-Compress-Hint
X-Serial
Is-Session-Tracking
Get-Access-Time
X-ServerName
X-EC-Lua
X-Cdn-Request-ID
NnCoection
Ohc-Response-Time
X-UCC
X-Port