Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
X-Powered-By
Link
ETag
CF-RAY
X-XSS-Protection
Expect-CT
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
CF-Cache-Status
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-Xss-Protection
X-Drupal-Cache
X-Adblock-Key
Alt-Svc
X-Check
X-Cacheable
Content-Security-Policy-Report-Only
X-Cache-Status
X-Generator
CF-Ray
X-Request-ID
X-DNS-Prefetch-Control
X-Permitted-Cross-Domain-Policies
X-AspNetMvc-Version
X-Template
X-Language
Status
X-Iinfo
Content-Encoding
Timing-Allow-Origin
X-FRAME-OPTIONS
X-Content-Security-Policy
X-Buckets
Upgrade
Xkey
X-Turbo-Charged-By
X-Kinja-Server-Push
X-CDN
Keep-Alive
Access-Control-Expose-Headers
X-Backend
Access-Control-Max-Age
X-Cache-Group
X-Pass-Why
X-AH-Environment
X-Drupal-Dynamic-Cache
X-Age
X-Ua-Compatible
X-Server
X-Pingback
X-Via
X-Proxy-Cache
X-Amz-Request-Id
X-Amz-Id-2
Grace
X-Hacker
X-Varnish-Cache
X-Page-Speed
X-Robots-Tag
WPE-Backend
X-Server-Powered-By
X-Nginx-Cache-Status
X-UA-Device
EagleId
Request-Context
X-Envoy-Upstream-Service-Time
P3p
Cf-Railgun
X-Amz-Version-Id
X-LiteSpeed-Cache
X-Swift-SaveTime
X-Swift-CacheTime
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-OneAgent-JS-Injection
Ali-Swift-Global-Savetime
X-Device
X-WebKit-CSP
Server-Timing
Allow
X-Ac
X-Rq
X-Node
X-Host
X-Server-Id
Content-Location
Feature-Policy
X-Cnection
X-Response-Time
X-CST
Report-To
X-Backend-Server
X-Cloud-Trace-Context
EagleEye-TraceId
X-Application-Context
Surrogate-Control
X-ORACLE-DMS-ECID
X-Iejgwucgyu
X-Url
X-Readtime
X-Origin-Cache
Request-Id
X-Rack-Cache
X-Country
X-FTR-Request-ID
X-Type
X-Cache-Lookup
X-Clacks-Overhead
X-Country-Code
Rating
NEL
X-Instart-Request-ID
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Ruxit-JS-Agent
X-Vhost
X-DynaTrace
Pinterest-Generated-By
X-DataDome
X-Mod-Pagespeed
X-Origin-Upstream-Status
Edge-Control
X-Px
X-Goog-Hash
X-HW
X-Server-Name
Verso
Accept-CH
X-Upstream-Env
X-Dispatcher
X-ESI
X-Cdn
MS-Author-Via
AR-CACHE
AR-ATIME
AR-PoweredBy
PB-PID
Arc-Version
X-VARITI-CCR
PB-RID
X-Mobile-Rewrite
X-MS-InvokeApp
X-GitHub-Request-Id
X-Exp-Id
X-Kinja-Build
X-Kinja
X-GoogleNews-Bot
X-Kinja-Server
X-Exp-Variant
X-Kinja-Revision
X-Use-Magma
X-Cdn-Fetch
X-ORACLE-DMS-RID
X-DataStream-Cache-Status
X-Cached
X-Powered-By-Plesk
X-Version
Content-MD5
Public-Key-Pins
X-TTL
Charset
X-Recruiting
Service-Worker-Allowed
AR-Request-ID
RTSS
Accept-CH-Lifetime
Ar-Sid
X-Abt-Application-Version
X-D2id
X-Navigation-Version
X-Amz-Server-Side-Encryption
X-Ser
X-Vname
X-PC
X-TtlSet
X-Varnish-TTL
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Vcap-Request-Id
X-Forwarded-Proto
X-Client-IP
X-Trace
SPRequestGuid
Nginx-Cache
X-Server-ID
X-FTR-Realm
X-FTR-Backend
X-Country-Code-Real
X-FTR-DC
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-Cache-Status
X-FTR-Expires
X-Goog-Stored-Content-Length
X-Goog-Generation
X-DynaTrace-JS-Agent
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Oracle-Dms-Rid
X-Amz-Meta-S3cmd-Attrs
X-Amz-Rid
DynaTrace
S
X-Fastly-Request-ID
X-SharePointHealthScore
X-VCache
X-XRDS-Location
TCN
X-Debug
X-Hits
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Dw-Request-Base-Id
Arr-Disable-Session-Affinity
X-Upstream-Proxy
Pinterest-Version
X-Pinterest-Rid
X-Shield-Request-Id
SPIisLatency
SPRequestDuration
X-Powered-CMS
X-Akam-SW-Version
Access-Control-Request-Method
X-T
X-FTR-Cache-Host
X-Goog-Storage-Class
X-Id
Realpath
X-Aspnet-Version
Tracecode
X-Acc-Meta-Resource-Type
X-NF-Request-ID
Front-End-Https
X-MSEdge-Ref
X-Webkit-CSP
X-Amzn-Trace-Id
X-B3-TraceId
X-N
Fastcgi-Cache
X-Dns-Prefetch-Control
X-Varnish-Age
X-Content-Type
X-Forwarded-For
Paypal-Debug-Id
X-Ttl
X-Upstream
X-Mrf-Item-Lastmod
MRF-Tech
Mrf-Cache-Status
X-B3-TraceId-Primal
X-Mrf-Section-Lastmod
Alternate-Protocol
X-PressLabs-Stats
X-Content-Digest
X-Logged-In
X-Frontend
X-RateLimit-Remaining
X-HS-Hub-Id
X-HS-Content-Id
Fusion-Component-Id
Fusion-Content-Source
Fusion-Content-Id
Fusion-Source
Fusion-Template-Id
X-Litespeed-Cache
Display
X-Srv
X-Cache-Key
X-Fastcgi-Cache
X-Middleton-Response
X-Middleton-Display
X-Hostname
Response
X-Sol
X-B3-Traceid
X-Pad
AMP-Access-Control-Allow-Source-Origin
X-Accel-Expires
Host
MicrosoftSharePointTeamServices
X-SERVER
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
Server-Name
Backend-Timing
X-Analytics
X-Correlation-Id
X-Content-Options
X-User-Agent
X-Revision
X-Az
X-AppVersion
X-Activity-Id
X-Debug-Info
X-Kinsta-Cache
X-Rid
X-IPLB-Instance
X-B3-Sampled
X-LB-Cache
X-Amz-Apigw-Id
X-Cache-Hit
Surrogate-Key
X-Amzn-RequestId
X-Cache-2
FilterID
ServerID
X-Grace
Accept-Charset
Refresh
X-B
Powered-By-ChinaCache
X-CF-Powered-By
X-Accel-Buffering
X-Page-Id
X-DIS-Request-ID
X-Request-Processing-Time
X-Request-Received
X-Whom
Server-Info
TP-Cache
TP-L2-Cache
MS-CV
X-FastCGI-Cache
Host-Header
X-PHP-Backend
X-Ruxit-Js-Agent
X-Akamai-Edgescape
X-Content-Security-Policy-Report-Only
X-Cache-Action
X-App-Environment
X-Amz-Replication-Status
X-Varnish-Backend
VIX-Pulpo-Upstream-Status
Cache-Status
X-TT
VIX-Pulpo-Node
X-Cached-By
Source
X-Origin-Server
X-Tumblr-User
X-Framework
X-Mobile
X-Tumblr-Pixel-0
X-UA-Device-Type
X-Tumblr-Pixel
X-Platform-Server
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Varnish-Grace
X-Content-Powered-By
X-FW-Hash
X-F-Cache
X-Cluster
Access-Control-Allow-Method
X-FW-Type
X-Instance
X-FW-Static
X-FW-Serve
X-FW-Server
X-Request-Guid
X-Drupal-Cache-Tags
X-GUploader-UploadID
X-Geo-Country
PageSpeed
X-Forwarded-Host
Edge-Cache-Tag
X-FB-Debug
X-RateLimit-Limit
X-Zen-Fury
X-Node-Name
X-Ezoic-Cdn
X-SS-Set-Cookie
X-Shard
X-TA-CDN-Provider
X-Cache-TTL
X-Magnolia-Registration
X-Handled-By
From-Origin
X-Varnish-Hostname
X-ATG-Version
X-Cache-Age
Cache-Tags
Fastly-Restarts
X-BCube-Filmed-By
X-Cache-Control
X-Varnish-Server
X-AOL-HN
DC
X-Cache-Rule
Cleartype
Upgrade-Insecure-Requests
X-App-Server
Healthy
Payment
Server-Node
X-Response-Served-From
X-RequestSource
Filters
X-Region
X-TX-ID
Country
X-WebKit-CSP-Report-Only
X-TT-TIMESTAMP
X-Tumblr-Pixel-1
X-Adobe-Content
X-VG-WebCache
X-Adobe-Loc
X-Tumblr-Pixel-2
X-B-Cache
X-Generated-By
X-Signature
X-Redis-Cache
X-Storage
Actual-Object-TTL
X-RTag
Ms-Operation-Id
Cache-Tv-Group
Retry-After
X-UUID
X-GeoIP
Webserver
X-FW-Dynamic
X-Drupal-Cache-Contexts
X-XRDS-LOCATION
X-Locale
X-Jobs
Powered
X-Content-Age
X-Cacheable-TTL
X-Varnish-Hits
NGB
CACHE
GEO-INFO
ServedBy
Frame-Options
X-Oneagent-Js-Injection
X-Contextid
Liferay-Portal
X-WA-Info
HitType
X-Rendered-As
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Real-IP
X-Varnish-IP
X-Seen-By
X-Cache-NE
X-RemovedCookies
X-ProcessESI
X-Cache-TTL-Remaining
X-Guploader-Uploadid
Eomportal-Instance
S-Cnection
X-BACKEND-TTL
X-Esi
X-Dynatrace-Js-Agent
Viewport
X-Via-JSL
X-Cache-Operation
X-Upgrade-Enabled
X-Mode
X-Cache-Server
X-Varnish-Cache-Hits
X-Cache-Var-Map
X-Is-Bot
Cache-Hits
Cache-Key
X-Detected-As
X-Hl-Ver
X-Device-Type
X-ES-SERVER
X-From
Load-Balancing
X-Path-Route
X-Cache-Var
X-Cache-Enabled
Mn-Server-Ip
X-Zipkin-Id
X-Routing-Service
X-Proto
X-Proxied
X-RN-RSRV
Meta-Geo
Machine
Content-Style-Type
Content-Script-Type
X-S
X-Time
X-Akamai-Transformed
X-LJ-Flow-ID
NtCoent-Length
TWC-Locale-Group
X-FC-Vary-Parameters
X-Origin-Hint
X-Proxy
TWC-Device-Class
X-FB-TRIP-ID
Webcakes-App-Name
TWC-GeoIP-LatLong
Vix-Hermes-Req-Id
Webcakes-Region
Webcakes-App-Version
OT-Force-Account-Verify
Access-Control-Request-Headers
X-AWS-Id
X-Backend-Name
X-Cache-Config
L5d-Success-Class
We-Hiring
TWC-Privacy
TWC-GeoIP-Country
Mail-Subject
X-VWS-Id
X-Tb
Property-Id
X-Viewer-Country
TWC-Connection-Speed
NGX
X-VG-TLSProxy
X-Rocket-Nginx-Bypass
X-Access
X-Akamai-Request-ID
X-Debug-Cache
X-Web-Node
X-R9-Blue-Green-Version
Azure-SiteName
Azure-SlotName
Azure-Version
Azure-RegionName
Azure-InstanceId
Datacenter
X-Time-Microsecs
Now
X-Tumblr-Pixel-3
X-NCache
X-MP-GENERATED-AT
X-Labrador-Cache-Channel
X-Section
X-Origin-Response-Time
Xserver
X-RCS-CacheZone
X-Environment-Context
X-L-Path
X-Format
X-NWS-LOG-UUID
X-FW-Version
X-Hosted-By
DB-Nickname
S-Rt
Origin-Edge-Control
Selected-FE
X-Human
X-Trace-Id
X-TNCMS
X-Timing-Wait
X-Vgn-Hpd-Reason
X-Via-CDN
X-Xfnlog-Site
X-Via-Fastly
X-ServerID
X-Proxy-Build
Origin-Cache-Control
X-EIG-Tracking-Id
X-Birta-Served
X-IP
X-Loop
X-PCL
X-OCL
X-Birta-Cache-Post
X-CCM
X-ProxyCache-Status
X-Endurance-Cache-Level
X-BYPASS-REASON
Cache-Tag
X-Internal-Host
LB
X-ProxyCache-Key
X-Site-Version
X-Www-Served-By
X-Varnish-Cacheable
Uber-Trace-Id
X-Grey
X-Cache-Category-Id
X-Cache-Remote
Decoy-Debug-Status
X-VC-Cache
Decoy-Debug-TTL
X-JoinUs
X-UA
Decoy-Debug-Key
X-GRACE
X-Generated
Served-By
X-Rule
X-UnsetCookies
X-Status
X-Newrelic-App-Data
X-Wix-Server-Artifact-Id
Release
X-EdgeConnect-Cache-Status
X-TIME
Nel
X-CDN-Cache
AsisCache
X-Cluster-Node
ViewerVersion
X-Wix-Request-Id
Rt-Fastcgi-Cache
X-APP-VERSION
X-Origin-Host
X-B3-Spanid
X-Sucuri-ID
X-App-Name
X-Request-Time
X-ApacheServer
X-PERF
X-NewRelic-App-Data
X-Nginx-Cache
X-Origin
X-OVcl-Cache
X-OVcl
X-Source
X-Goog-Meta-Goog-Reserved-File-Mtime
DSUID
X-Hit
X-Ua
X-VCT
Cache-Name
X-Agile-Age
X-Agile
X-Agile-Id
SRV
X-App-Version
Warning
X-Origin-CC
X-ElasticPress-Search
User-Agent
X-Origin-TTL
X-Cache-ASPX
X-B-Cookie
X-A-Wwc
X-VG-WebServer
X-Accel-Expires-Debug
Xc-Version
X-Aed
X-A-Dgt
X-Application
X-Webstats-RespID
X-ARC
Server-Surrogate-Control
Lfy
FNAC-ModuleRouting
MD5-Digest
Memcached
Node
Meta-Geo-Continent
Fly-Request-Id
Fly-Cache
BehaviorPad-Version
Arc-Country
Cache-Prefix
Cross-Origin-Window-Policy
Ec-Rule-Version
On-Server
Origin
Www
Thinkindot-Control
X-A
X-A-Ccd
X-A-Dam
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
Request-Country
Rendered-Blocks
Request-EU
Request-Time
Server-Cache-Control
X-A-Dcw
X-SRCache-Key
X-Platform
X-Destination
X-Developer
X-PAYTM-SRV-ID
X-NU-AKA-ACS-Version
X-NX-Host
X-Debug-Log
Ajk
X-Pubstack
X-Reboot
X-Debug-Cache-Store
X-Processor
X-Debug-Cookies
X-NodeID
X-DPWN-IS-SECURE
X-Generated-In
X-External-Request-Id
X-F5-Cache
X-Gannett-Site-Version
X-G
X-Hp-Webp
X-IN-APIGATEWAY
X-Matched-Rule
X-Mobile-URL
X-Logtrace-Id
X-Instart-Isnd
X-IN-WAF
X-Refresh
X-Debug-Cache-Fetch
X-Transaction
X-Cache-Miss-From
X-Thinkindot-L3
X-ServiceProvider
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-Trv-Group
X-Cache-Info
X-Up
X-Var-Ttl
X-Twitter-Response-Tags
X-Cache-Expires
X-Cache-Grace
X-Server-Group
X-Connection-Hash
X-Request-UUID
X-D
X-Date
X-Debug-Cache-Expiry
X-Region-Sid
X-Rewrite-Enabled
X-Rojux
X-Secret
X-Sedo-Request-Id
X-Core-Value
X-ScT
X-S-Cookie
X-Varnish-Authentication
UCS
Hostname
X-Cache-Backend
X-Varnish-Ttl
User-Cache-Control
X-Cache-Id
X-Cdn-Srv
X-Cache-Bucket
X-Ah-Environment
X-Distil-CS
X-Crawler
X-Device-Os
X-Developers
X-Block-Status
X-Dispatcher-Server
X-CGP
X-Edge-Location
RNT-Time
Server-Int
RNT-Machine
Proxy-Connection
Pramga
ServerName
True-Client-Country-4JS
X-Amzn-Remapped-Date
X-Gen-Mode
X-Amzn-Remapped-Content-Length
X-Amzn-Remapped-Connection
Web-Mar-Node
X-BB-ID
X-Info
X-Rebelmouse-Surrogate-Control
X-Request-URI
X-Rebelmouse-Cache-Control
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
Cache
X-Servername
X-Swa-Ws
Server-Host
X-SN
X-SIPLIST1
X-Sf
X-Qloud-Router
X-Proxy-Upstream
X-LAGOON
X-Location
X-Key
X-Irp-Debug
Pagetype
X-Micro-Cache
X-Nginx-Cache-Key
X-Protected-By
X-Proxy-Cache-Status
X-Policy
X-PHP-Host
X-Page-Type
X-Hnp-Log
X-Eu-Site
Ha-Gx-Prefs
HA-Ipaddr
Cache-Cookie-Set-From
Cache-Cookie-Set-Lfrom
CDCHOST
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Kp-EeAlive
IsBot
Apple-News-Services-Handled
X-Ocache
Apple-News-Services-Host
Fastly-SWR
Cache-Cookie-Set-Idcheck
Cteonnt-Length
Fastly-SIE
Pagespeed
X-WPE-Loopback-Upstream-Addr
X-Datadome
HTTPS
X-Cache-Debug
X-Cache-Host
X-LI-Proto
Heartbleed
X-LI-UUID
Is-Eu
X-Bip
X-Origin-Expires
X-Backend-Url
X-Backend-State
X-No-Session
X-MSEdge-Flight
X-BBXSRF
X-MSEdge-Features
X-C
X-Origin-Date
X-Sucuri-Cache
Content-Disposition
Fastly-SSL
X-Geo-Header
X-Hash
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
Country-Code
Fastly-Soc-X-Request-Id
X-Fastly-Cache
X-Li-Fabric
X-Cms-Context
X-Planisys-CDN-Cache
Backend
X-Distributor
X-Backend-Host
X-Epic-Correlation-Id
X-Li-Pop
X-Server-IP
X-Skip-Cache
X-Via-Edge
X-User
X-TT-LOGID
X-Thanos
X-TrackingId
X-Via-SSL
X-Wikidot-Backend
X-Level-Front-Cache
Platform
X-Generated-On
Adler-Geo
X-Wikidot-Static-Cache
Gh-Request-Id
AKAMAI
X-Variation
X-Auto-Login
X-Edge-IP
X-FireWall-Port
X-GZip
X-GeoIP-City
X-Alternate-Cache-Key
X-GeoIP-Country-Code
X-Apm-Inst-Hash
X-Gateway-Skip-Cache
X-Apm-Svc-Key
X-NC
X-Varnish-Url
X-Amz-Meta-Cache-Control
X-ShardId
X-Gateway-Cache-Status
X-Server-Time
X-Fetched-On
Magicmarker
Fastly-Backend-Name
X-Sn-Servicetimems
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Apm-App-Name
N-Cache
X-Shopify-Stage
X-Cdn-Forward
SD-X-WS
X-Gateway-Cache-Key
X-Core-Mission
X-RateLimit-Reset
X-S-Maxage
X-Cache-FS-Status
X-Cdn-Origin
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-ShopId
MIME-Version
X-Real-Ip
V-Age
X-ND-Cache
Rt-Proxy-Cache
X-Owner
REQUESTUUID
X-Geo
X-CDN-Forward
X-Exp-Se
X-Org
X-Node-Id
Server-ID
X-FPC
X-Served-From
X-B3-Parentspanid
X-Pjax-Url
X-Aicache-OS
VivaBuild
Viewtype
X-Gdpr
HostName
X-Load-Cache
X-CUA
Powered-By
X-Varnish-Beresp-Ttl
Pragrma
X-Parent-Response-Time
X-CSRF-TOKEN
Wxu-Next-Region
X-Dc
Wxu-Next-Hostname
X-Git-Hash
Wxu-Next-Commit
Section-Io-Cache
X-DC
X-Original-Request
X-Svr
X-Stale
X-Returned-From-BeforeDispatch
X-Returned-From
X-Passed-To
X-Server-By
X-Passed-To-PostProcessResponse
X-Passed-To-DLL
X-Passed-To-BeforeDispatch
X-Returned-From-PostProcessResponse
X-Returned-From-DLL
CF-IPCountry
Memory
X-Actual-URL
Time
PICS-Label
X-Nc
X-Host-Name
X-HS-Cache-Config
Host-ID
X-Croise-Owner
X-VServer
X-CACHE-KEY
X-Servedbyhost
X-Edge-Server
X-Oss-Object-Type
X-Oss-Request-Id
X-Oss-Storage-Class
Cdn-Host
Cdn-Request-Time
X-Wa
X-Release
X-Oss-Hash-Crc64ecma
X-Oss-Server-Time
Resin-Trace
X-WebServer
X-Tb-Optimization-Total-Bytes-Saved
X-TH-Server
AR-SID
X-Cache-HT
X-Unique-ID
X-Optimization
Mime-Version
X-Daa-Tunnel
X-From-Cache
SID
ProcessTime
X-Lb-Id
X-Phone
X-Microcachable
X-Upstream-HT
X-Upstream-CT
X-Newrelic-Synthetics
Fastcgi-Useragent
X-Varnish-Beresp-TTL
X-Instart-Info
XServer
Cf-Ipcountry
Backend-Name
Cdn
X-APP
X-Req
CF-Cached-On
X-Atg-Version
X-V
X-Fastly-Backend-Reqs
Odigeo-Trace-Id
Proxy-Firewall
Processtime
X-Worker
X-ID
X-HTML-Minification-Powered-By
X-B3-SpanId
X-Ratelimit-Remaining
X-WR-MODIFICATION
X-Server-W
X-Backend-TTL
X-Zone
X-Vcl-Version
409pxxline
Xxline
225prxHost
X-Fstrz
219prxHost
X-Ratelimit-Limit
Version
352pxline
189phosttRef
178proxuri
188prxHost
355prline
286prxHost
X-LB-ID
X-CLOUD-TRACE-CONTEXT
X-CACHE-AGE
X-Nananana
X-Response-By
X-IPS-LoggedIn
X-NGINX-Cache
X-Check-Cacheable
X-VCL-Version
X-UPSTREAM-Address
X-Vcache
X-Akamai-Request-ID2
GMS-Ver
Esi-Enabled
Accept-Language
X-WA
X-Microsite
X-Request-Handler-Origin-Region
X-Ratelimit-Reset
X-Contensis-Viewer-Groups
X-URL
SN
Public-Key-Pins-Report-Only
GeoIp-Country-Code
Geoip-Latitude
X-CSRF-Token
X-ServedByHost
X-Hyper-Cache
X-HS-Status
Fastcgi-X-Cache-Version
X-AssetVersion
GeoIP-Latitude
Pics-Label
WZWS-RAY
GeoIP-City
GeoIP-Country-Code
DataCenter
X-Be
X-Vtex-Remote-Cache
X-Fastly-Country-Code
X-SERVER-NAME
X-Amz-Meta-Surrogate-Control
GW-Server
X-Vtex-Processado-Em
Geoip-City
X-ZONE
X-Dynatrace
X-Reqid
Countrycode
X-Clientip
X-Request-Start
Mobile-Detection-Method
X-Urbn-Site-Id
X-Urbn-Context-Path
X-GEO
X-Via-Ucdn
X-RequestId
X-We-Are-Hiring
Locale
X-Via-NSCOPI
X-UE-Client-Country
X-Render-Time
WP-Super-Cache
Lb
X-Cdn-Cache
X-BE
CDN
X-GDPR
X-ABtesting
X-LiteSpeed-Cache-Control
SS
X-Flog
URI
X-Hello
X-NWS-UUID-VERIFY
X-CS
Ohc-File-Size
X-Unique-Id
X-PJAX-URL
Dnion-Transfer-Encoding
IBM-Web2-Location
X-SRV
Dynatrace
FastCGI-Cache
X-HostName
Amp-Access-Control-Allow-Source-Origin
X-FORWARDED-FOR
X-GZIP
X-PF-Uncompressing
Serverid
X-Test
Cneonction
X-Fpc
X-Pf-Uncompressing
X-HS-Combine-CSS
RequestUuid
FSS-Proxy
X-Gen-Id
X-Generation-Time
FSS-Cache
X-Cache-Ttl
X-Cluster-Name
X-Html-Edge-Cache
X-Fastly-Cache-Hits
Requestid
X-LiteSpeed-Tag
Server-Id
A
X-Store
Accept-Ch
X-Request-Url
X-Akamai-SSL-Client-Sid
X-NGENIX-Cache
X-Cdn-Request-ID
X-Bug-Bounty
RequestId
X-Requestid
X-Cache-URL
X-Compress-Hint
Frontcache
Get-Access-Time
NnCoection
X-ServerName
X-EC-Lua
Ohc-Cache-HIT
Ohc-Response-Time
X-Serial
X-HTML-Edge-Cache
Is-Session-Tracking
X-Dw-Trace-Id