Threat Level: green Handler on Duty: Russ McRee

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
X-Powered-By
Link
ETag
CF-RAY
X-XSS-Protection
Expect-CT
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
CF-Cache-Status
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-Xss-Protection
X-Drupal-Cache
X-Adblock-Key
Alt-Svc
X-Check
X-Cacheable
Content-Security-Policy-Report-Only
X-Cache-Status
X-Generator
X-Request-ID
CF-Ray
X-DNS-Prefetch-Control
X-Permitted-Cross-Domain-Policies
X-AspNetMvc-Version
X-Template
X-Language
Status
X-Iinfo
Content-Encoding
Timing-Allow-Origin
X-FRAME-OPTIONS
X-Content-Security-Policy
X-Buckets
Upgrade
Xkey
X-Turbo-Charged-By
X-Kinja-Server-Push
X-CDN
Keep-Alive
Access-Control-Expose-Headers
X-Backend
Access-Control-Max-Age
X-Cache-Group
X-Pass-Why
X-AH-Environment
X-Drupal-Dynamic-Cache
X-Age
X-Ua-Compatible
X-Pingback
X-Server
X-Via
X-Proxy-Cache
Grace
X-Amz-Request-Id
X-Amz-Id-2
X-Hacker
X-Varnish-Cache
X-Page-Speed
X-Robots-Tag
X-Server-Powered-By
X-Nginx-Cache-Status
WPE-Backend
X-UA-Device
EagleId
Request-Context
X-Envoy-Upstream-Service-Time
P3p
Cf-Railgun
X-Amz-Version-Id
X-LiteSpeed-Cache
X-Swift-CacheTime
X-Swift-SaveTime
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-OneAgent-JS-Injection
X-Device
Ali-Swift-Global-Savetime
X-WebKit-CSP
Server-Timing
Allow
X-Ac
X-Rq
X-Node
X-Host
X-Server-Id
Content-Location
Feature-Policy
X-CST
X-Cnection
X-Response-Time
Report-To
X-Backend-Server
X-Cloud-Trace-Context
EagleEye-TraceId
X-Application-Context
Surrogate-Control
X-ORACLE-DMS-ECID
X-Iejgwucgyu
X-Url
X-Origin-Cache
X-Readtime
Request-Id
X-Rack-Cache
X-Type
X-Country
X-FTR-Request-ID
X-Cache-Lookup
X-Clacks-Overhead
X-Country-Code
Rating
NEL
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Instart-Request-ID
X-Ruxit-JS-Agent
X-Vhost
X-DynaTrace
Pinterest-Generated-By
X-Mod-Pagespeed
X-Origin-Upstream-Status
X-DataDome
Edge-Control
X-Px
X-Goog-Hash
X-Upstream-Env
Verso
X-Server-Name
X-HW
Accept-CH
X-Dispatcher
X-ORACLE-DMS-RID
X-Cdn
MS-Author-Via
X-ESI
X-VARITI-CCR
AR-PoweredBy
AR-ATIME
AR-CACHE
PB-PID
Arc-Version
PB-RID
X-Mobile-Rewrite
X-MS-InvokeApp
X-GitHub-Request-Id
X-DataStream-Cache-Status
X-GoogleNews-Bot
X-Exp-Variant
X-Kinja-Server
X-Kinja-Revision
X-Use-Magma
X-Exp-Id
X-Kinja-Build
X-Cdn-Fetch
X-Kinja
X-Cached
X-Version
Content-MD5
X-Powered-By-Plesk
Public-Key-Pins
Charset
X-TTL
X-Recruiting
Service-Worker-Allowed
AR-Request-ID
RTSS
Accept-CH-Lifetime
Ar-Sid
X-Abt-Application-Version
X-D2id
X-Navigation-Version
X-PC
X-Vname
X-TtlSet
X-Amz-Server-Side-Encryption
X-Ser
X-Varnish-TTL
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Vcap-Request-Id
X-Trace
X-Forwarded-Proto
X-Client-IP
SPRequestGuid
Nginx-Cache
X-DynaTrace-JS-Agent
X-Server-ID
X-FTR-Realm
X-Country-Code-Real
X-FTR-Backend
X-FTR-DC
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-Cache-Status
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-FTR-Expires
X-Amz-Rid
S
X-Amz-Meta-S3cmd-Attrs
X-VCache
X-SharePointHealthScore
X-Fastly-Request-ID
DynaTrace
X-Debug
X-XRDS-Location
TCN
X-Hits
Arr-Disable-Session-Affinity
X-Dw-Request-Base-Id
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Shield-Request-Id
X-Upstream-Proxy
Pinterest-Version
X-Pinterest-Rid
SPIisLatency
X-Akam-SW-Version
SPRequestDuration
X-Oracle-Dms-Rid
Access-Control-Request-Method
X-Powered-CMS
X-T
X-FTR-Cache-Host
X-SERVER
X-Goog-Storage-Class
X-B3-TraceId
X-Id
X-Aspnet-Version
X-NF-Request-ID
X-Acc-Meta-Resource-Type
Front-End-Https
Realpath
Tracecode
X-MSEdge-Ref
X-Webkit-CSP
X-Amzn-Trace-Id
Fastcgi-Cache
X-N
X-Varnish-Age
X-Dns-Prefetch-Control
X-Content-Type
X-Forwarded-For
Paypal-Debug-Id
X-Ttl
X-Upstream
X-Mrf-Item-Lastmod
MRF-Tech
Alternate-Protocol
Mrf-Cache-Status
X-Mrf-Section-Lastmod
X-B3-TraceId-Primal
X-Fastcgi-Cache
X-RateLimit-Remaining
X-Frontend
X-Logged-In
X-PressLabs-Stats
X-HS-Hub-Id
X-HS-Content-Id
X-Content-Digest
Fusion-Content-Source
Fusion-Component-Id
Fusion-Source
Fusion-Template-Id
Fusion-Content-Id
X-Litespeed-Cache
X-Cache-Key
X-Sol
X-Middleton-Display
Display
X-Hostname
X-Middleton-Response
Response
X-Srv
AMP-Access-Control-Allow-Source-Origin
X-Pad
X-Accel-Expires
Host
MicrosoftSharePointTeamServices
X-B3-Traceid
Server-Name
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
X-Kinsta-Cache
X-Analytics
Backend-Timing
X-Correlation-Id
X-Content-Options
X-Debug-Info
X-Revision
X-LB-Cache
X-User-Agent
X-Cache-2
X-Rid
X-IPLB-Instance
X-B3-Sampled
X-Amz-Apigw-Id
X-Az
X-Activity-Id
X-Cache-Hit
X-Amzn-RequestId
X-AppVersion
Surrogate-Key
Accept-Charset
FilterID
Refresh
X-Accel-Buffering
ServerID
X-B
Powered-By-ChinaCache
X-Grace
X-CF-Powered-By
X-DIS-Request-ID
X-Page-Id
X-Whom
X-Request-Received
X-Request-Processing-Time
Server-Info
TP-L2-Cache
TP-Cache
MS-CV
Host-Header
X-PHP-Backend
X-Cached-By
Cache-Status
X-Ruxit-Js-Agent
X-Varnish-Backend
VIX-Pulpo-Upstream-Status
X-Akamai-Edgescape
VIX-Pulpo-Node
Source
X-Content-Security-Policy-Report-Only
X-Origin-Server
X-App-Environment
X-Amz-Replication-Status
X-TT
X-Cache-Action
X-Framework
X-Cluster
X-F-Cache
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Tumblr-User
X-Platform-Server
X-Kong-Upstream-Latency
X-UA-Device-Type
X-Kong-Proxy-Latency
Access-Control-Allow-Method
X-GUploader-UploadID
X-Content-Powered-By
X-Varnish-Grace
X-Mobile
X-Request-Guid
X-Instance
X-FW-Static
X-FW-Hash
X-FW-Serve
X-FW-Server
X-FW-Type
X-Drupal-Cache-Tags
X-FB-Debug
X-FastCGI-Cache
X-RateLimit-Limit
X-SS-Set-Cookie
PageSpeed
X-Forwarded-Host
X-Zen-Fury
X-Geo-Country
X-Ezoic-Cdn
X-Shard
Edge-Cache-Tag
X-Handled-By
X-Cache-TTL
X-Magnolia-Registration
X-Node-Name
From-Origin
X-Varnish-Hostname
X-ATG-Version
X-Cache-Age
Cache-Tags
X-TA-CDN-Provider
X-BCube-Filmed-By
X-App-Server
X-Varnish-Server
DC
X-AOL-HN
Cleartype
X-Cache-Control
Fastly-Restarts
Healthy
Upgrade-Insecure-Requests
X-Cache-Rule
Payment
Server-Node
X-RequestSource
Filters
X-Region
X-Response-Served-From
X-TX-ID
X-WebKit-CSP-Report-Only
X-Adobe-Content
X-Adobe-Loc
X-Generated-By
X-B-Cache
X-Signature
Country
X-UUID
X-Redis-Cache
Actual-Object-TTL
X-TT-TIMESTAMP
X-RTag
X-VG-WebCache
Webserver
X-GeoIP
X-Tumblr-Pixel-1
X-Storage
X-Tumblr-Pixel-2
Ms-Operation-Id
X-Jobs
Retry-After
X-FW-Dynamic
Cache-Tv-Group
X-Drupal-Cache-Contexts
X-Content-Age
X-Locale
X-Cacheable-TTL
X-XRDS-LOCATION
X-Varnish-Hits
NGB
Powered
GEO-INFO
CACHE
ServedBy
X-Esi
Frame-Options
Liferay-Portal
X-Contextid
X-Oneagent-Js-Injection
HitType
X-Rendered-As
X-WA-Info
X-Seen-By
X-Yottaa-Metrics
X-Cache-TTL-Remaining
X-Real-IP
X-Varnish-IP
X-Yottaa-Optimizations
X-Cache-NE
X-Via-JSL
X-Guploader-Uploadid
Eomportal-Instance
S-Cnection
X-ProcessESI
X-RemovedCookies
Viewport
X-Time
X-Upgrade-Enabled
X-Cache-Server
X-Mode
X-GRACE
X-Cache-Operation
Xserver
X-Newrelic-App-Data
NtCoent-Length
X-Varnish-Cache-Hits
X-Wix-Server-Artifact-Id
X-BACKEND-TTL
Content-Script-Type
X-Proto
X-Device-Type
Content-Style-Type
X-Proxied
X-Path-Route
X-Akamai-Transformed
X-From
X-ES-SERVER
X-Hl-Ver
X-Is-Bot
X-RN-RSRV
X-Routing-Service
Load-Balancing
Meta-Geo
X-Cache-Var
Mn-Server-Ip
Cache-Key
X-Cache-Var-Map
X-Zipkin-Id
X-Detected-As
OT-Force-Account-Verify
Cache-Hits
X-Cache-Enabled
Machine
Datacenter
X-S
Vix-Hermes-Req-Id
TWC-Locale-Group
TWC-GeoIP-LatLong
We-Hiring
Webcakes-Region
Webcakes-App-Version
Webcakes-App-Name
TWC-GeoIP-Country
Mail-Subject
L5d-Success-Class
NGX
Property-Id
TWC-Device-Class
TWC-Connection-Speed
X-AWS-Id
X-Cache-Config
X-Proxy
X-Origin-Hint
X-Tb
X-VWS-Id
X-VG-TLSProxy
X-Viewer-Country
X-LJ-Flow-ID
X-L-Path
X-Environment-Context
Access-Control-Request-Headers
X-FB-TRIP-ID
X-FC-Vary-Parameters
X-Hosted-By
X-Backend-Name
TWC-Privacy
X-Debug-Cache
X-Birta-Served
X-Rocket-Nginx-Bypass
X-EIG-Tracking-Id
X-Format
X-Akamai-Request-ID
X-Access
Now
DB-Nickname
Origin-Cache-Control
Origin-Edge-Control
S-Rt
X-FW-Version
X-Labrador-Cache-Channel
X-ServerID
X-Section
X-Time-Microsecs
X-TNCMS
X-Tumblr-Pixel-3
X-Web-Node
X-RCS-CacheZone
X-Loop
X-MP-GENERATED-AT
X-NCache
X-Origin-Response-Time
Azure-Version
X-Birta-Cache-Post
Azure-SiteName
Azure-InstanceId
Azure-SlotName
Azure-RegionName
X-Vgn-Hpd-Reason
X-Endurance-Cache-Level
X-ProxyCache-Status
X-PCL
X-CCM
Selected-FE
X-Xfnlog-Site
X-Trace-Id
X-BYPASS-REASON
X-NWS-LOG-UUID
X-Timing-Wait
X-ProxyCache-Key
X-OCL
X-Human
X-IP
X-JoinUs
X-Via-CDN
Cache-Tag
X-Proxy-Build
X-Via-Fastly
X-Www-Served-By
X-Varnish-Cacheable
Uber-Trace-Id
X-Site-Version
X-Internal-Host
X-Generated
X-Cache-Category-Id
X-Grey
X-R9-Blue-Green-Version
X-Status
Decoy-Debug-Key
Decoy-Debug-Status
Decoy-Debug-TTL
X-Dynatrace-Js-Agent
X-VC-Cache
Served-By
X-Cache-Remote
LB
X-Rule
X-UnsetCookies
X-EdgeConnect-Cache-Status
Release
X-UA
X-Wix-Request-Id
ViewerVersion
X-CDN-Cache
AsisCache
Nel
X-Origin-Host
X-Cluster-Node
X-Sucuri-ID
Rt-Fastcgi-Cache
X-App-Name
X-TIME
X-ApacheServer
X-PERF
X-Datadome
X-Ua
X-Nginx-Cache
X-Request-Time
X-Source
X-App-Version
X-B3-Spanid
X-Agile
X-Agile-Id
X-APP-VERSION
X-Agile-Age
X-OVcl
Cache-Name
X-Hit
X-Goog-Meta-Goog-Reserved-File-Mtime
X-NewRelic-App-Data
X-Origin
User-Agent
X-OVcl-Cache
X-VCT
Warning
SRV
DSUID
X-ElasticPress-Search
X-Origin-CC
X-Origin-TTL
X-Edge-Location
Meta-Geo-Continent
BehaviorPad-Version
Arc-Country
Memcached
Node
X-Accel-Expires-Debug
X-A-Dcw
Fly-Cache
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
MD5-Digest
Ec-Rule-Version
Fly-Request-Id
X-A-Dam
UCS
Thinkindot-Control
X-A
X-A-Ccd
Lfy
Server-Surrogate-Control
X-A-Dgt
X-ARC
Request-EU
Request-Country
Rendered-Blocks
On-Server
Origin
X-Application
Request-Time
Server-Cache-Control
X-A-Wwc
Cross-Origin-Window-Policy
X-Aed
Cache-Prefix
X-B-Cookie
X-Debug-Cache-Fetch
X-Region-Sid
X-Refresh
X-Request-UUID
X-Rewrite-Enabled
X-S-Cookie
X-Rojux
X-Pubstack
X-Processor
X-NodeID
X-Mobile-URL
X-NU-AKA-ACS-Version
X-NX-Host
X-Platform
X-PAYTM-SRV-ID
X-ScT
X-Secret
X-Var-Ttl
X-Up
X-Varnish-Authentication
X-VG-WebServer
Xc-Version
X-Webstats-RespID
X-Twitter-Response-Tags
X-Trv-Group
X-Server-Group
X-Sedo-Request-Id
X-SRCache-Key
X-Thinkindot-L3
X-Transaction
X-Matched-Rule
X-Logtrace-Id
X-Core-Value
X-Connection-Hash
X-D
X-Date
Ajk
X-Debug-Cache-Expiry
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-Cache-Expires
X-Cache-ASPX
X-Cache-Grace
X-Cache-Info
X-Cache-Miss-From
X-Debug-Cache-Store
X-Debug-Cookies
X-Generated-In
X-Gannett-Site-Version
X-Hp-Webp
X-IN-APIGATEWAY
X-Instart-Isnd
X-IN-WAF
X-G
X-F5-Cache
X-Destination
X-Debug-Log
X-Developer
X-DPWN-IS-SECURE
X-External-Request-Id
X-BB-ID
Www
X-Ocache
Hostname
Cache
X-Cache-Backend
X-Varnish-Ttl
User-Cache-Control
X-WPE-Loopback-Upstream-Addr
X-Device-Os
X-Edge-IP
X-Developers
X-Dispatcher-Server
X-Distributor
X-Hash
X-Hnp-Log
X-Info
X-Gen-Mode
X-Eu-Site
X-Crawler
X-Epic-Correlation-Id
X-Distil-CS
X-Cache-Id
Web-Mar-Node
X-Amzn-Remapped-Connection
True-Client-Country-4JS
ServerName
Server-Host
Server-Int
X-Amzn-Remapped-Date
X-Ah-Environment
X-Irp-Debug
X-Cdn-Srv
X-Cache-Host
X-Cache-Debug
X-Block-Status
X-Cache-Bucket
X-CGP
X-Li-Fabric
X-Request-URI
X-Servername
X-Sf
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-SIPLIST1
X-SN
X-Reboot
X-ServiceProvider
FNAC-ModuleRouting
X-Cdn-Forward
X-Swa-Ws
X-TT-LOGID
X-Qloud-Router
X-Proxy-Upstream
X-LI-UUID
X-Location
X-LI-Proto
X-Li-Pop
X-LAGOON
RNT-Time
X-Micro-Cache
X-Nginx-Cache-Key
X-Protected-By
X-Proxy-Cache-Status
X-Policy
X-PHP-Host
X-Origin-Expires
X-Page-Type
X-Key
X-Origin-Date
Ha-Gx-Prefs
Fastly-SWR
Fastly-SIE
Country-Code
HA-Ipaddr
IsBot
Pramga
Pagetype
Kp-EeAlive
CDCHOST
RNT-Machine
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Apple-News-Services-Handled
Apple-News-Services-Request-Url
Backend
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
Proxy-Connection
X-Sucuri-Cache
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
Cteonnt-Length
Pagespeed
X-FireWall-Port
N-Cache
X-S-Maxage
X-Gateway-Cache-Status
X-Gateway-Cache-Key
Content-Disposition
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Server-IP
X-ShardId
X-Shopify-Stage
Is-Eu
X-Cms-Context
X-ShopId
X-Gateway-Skip-Cache
X-Core-Mission
X-Planisys-CDN-Cache
X-Generated-On
X-Fastly-Cache
Heartbleed
X-Level-Front-Cache
HTTPS
X-Fetched-On
X-GeoIP-City
X-GeoIP-Country-Code
X-MSEdge-Features
X-MSEdge-Flight
Fastly-Soc-X-Request-Id
Fastly-Backend-Name
X-Sorting-Hat-PodId
Magicmarker
Fastly-SSL
X-No-Session
X-Geo-Header
X-Skip-Cache
X-Backend-Host
X-Auto-Login
X-Backend-State
X-Sorting-Hat-ShopId
X-BBXSRF
X-Via-SSL
X-Wikidot-Backend
X-Wikidot-Static-Cache
AKAMAI
Adler-Geo
X-Amzn-Remapped-Content-Length
X-Alternate-Cache-Key
SD-X-WS
X-Amz-Meta-Cache-Control
X-Via-Edge
X-Backend-Url
X-Bip
X-User
X-TrackingId
X-Thanos
X-Variation
X-Cache-FS-Status
X-C
Platform
X-Varnish-Url
X-GZip
X-NC
X-Owner
X-RateLimit-Reset
Gh-Request-Id
X-Server-Time
MIME-Version
X-Real-Ip
X-Sn-Servicetimems
X-Cdn-Origin
V-Age
X-Apm-Svc-Key
X-Apm-Inst-Hash
X-Apm-App-Name
Server-ID
X-Node-Id
REQUESTUUID
X-FPC
Rt-Proxy-Cache
X-Geo
X-ND-Cache
X-Org
X-Exp-Se
X-Varnish-Beresp-Ttl
X-CUA
X-Pjax-Url
HostName
VivaBuild
X-Served-From
X-Gdpr
X-CDN-Forward
Powered-By
Viewtype
X-Load-Cache
X-B3-Parentspanid
Section-Io-Cache
Pragrma
X-Aicache-OS
X-Parent-Response-Time
X-Returned-From-DLL
X-Passed-To-PostProcessResponse
X-Passed-To
X-Dc
X-Actual-URL
X-Original-Request
X-Passed-To-DLL
X-Passed-To-BeforeDispatch
X-Stale
X-Svr
X-DC
X-Returned-From-BeforeDispatch
X-Returned-From-PostProcessResponse
X-CSRF-TOKEN
X-Returned-From
X-Server-By
X-Croise-Owner
X-Git-Hash
Wxu-Next-Region
Wxu-Next-Hostname
Memory
X-VServer
Time
CF-IPCountry
X-HS-Cache-Config
Host-ID
Wxu-Next-Commit
X-Nc
Cdn-Request-Time
X-Servedbyhost
X-Wa
Cdn-Host
PICS-Label
X-CACHE-KEY
X-Edge-Server
X-Oss-Request-Id
X-Oss-Storage-Class
X-Unique-ID
X-Oss-Object-Type
Resin-Trace
X-Oss-Hash-Crc64ecma
Fastcgi-Useragent
X-Oss-Server-Time
X-Host-Name
ProcessTime
X-Microcachable
SID
X-Tb-Optimization-Total-Bytes-Saved
X-Release
AR-SID
X-Optimization
X-Newrelic-Synthetics
X-Cache-HT
Mime-Version
X-WebServer
X-From-Cache
X-TH-Server
X-Daa-Tunnel
X-Varnish-Beresp-TTL
X-Lb-Id
X-V
Cdn
X-Phone
X-Req
Cf-Ipcountry
Odigeo-Trace-Id
X-Upstream-CT
X-Upstream-HT
X-Instart-Info
CF-Cached-On
X-Atg-Version
X-Backend-TTL
Proxy-Firewall
Backend-Name
X-Fastly-Backend-Reqs
X-APP
X-HTML-Minification-Powered-By
XServer
X-B3-SpanId
Processtime
X-ID
X-Worker
X-WR-MODIFICATION
X-LB-ID
X-Fstrz
X-Ratelimit-Remaining
X-Vcl-Version
Xxline
352pxline
286prxHost
X-Server-W
188prxHost
X-Ratelimit-Limit
219prxHost
225prxHost
178proxuri
355prline
X-Response-By
189phosttRef
409pxxline
X-CACHE-AGE
X-CLOUD-TRACE-CONTEXT
X-Check-Cacheable
GMS-Ver
X-IPS-LoggedIn
X-Nananana
X-Zone
Public-Key-Pins-Report-Only
Version
X-NGINX-Cache
X-Vcache
WZWS-RAY
Esi-Enabled
X-URL
X-Ratelimit-Reset
Fastcgi-X-Cache-Version
Pics-Label
X-UPSTREAM-Address
X-WA
X-VCL-Version
X-Akamai-Request-ID2
GeoIP-City
X-AssetVersion
X-ServedByHost
GeoIP-Latitude
X-CSRF-Token
X-Contensis-Viewer-Groups
GeoIP-Country-Code
SN
Accept-Language
X-GEO
X-Amz-Meta-Surrogate-Control
GW-Server
X-HS-Status
X-Hyper-Cache
DataCenter
X-We-Are-Hiring
X-UE-Client-Country
Lb
Countrycode
X-SERVER-NAME
Mobile-Detection-Method
X-Fastly-Country-Code
GeoIp-Country-Code
X-Clientip
Geoip-Latitude
X-ZONE
X-Dynatrace
Geoip-City
X-Request-Start
X-BE
X-Microsite
SS
X-Render-Time
X-Vtex-Processado-Em
X-RequestId
X-Be
X-Vtex-Remote-Cache
X-Request-Handler-Origin-Region
X-Via-Ucdn
Ohc-File-Size
X-Cdn-Cache
WP-Super-Cache
X-Reqid
X-CS
URI
X-Urbn-Context-Path
X-LiteSpeed-Cache-Control
X-Urbn-Site-Id
X-NWS-UUID-VERIFY
Locale
X-GDPR
X-Via-NSCOPI
X-Unique-Id
X-GZIP
X-Gen-Id
X-Hello
X-ABtesting
X-Flog
X-HS-Combine-CSS
X-PF-Uncompressing
X-PJAX-URL
CDN
FSS-Proxy
FSS-Cache
X-FORWARDED-FOR
Dynatrace
X-HostName
Amp-Access-Control-Allow-Source-Origin
FastCGI-Cache
X-SRV
X-Pf-Uncompressing
Serverid
RequestUuid
X-Fpc
X-Fastly-Cache-Hits
Cneonction
IBM-Web2-Location
Dnion-Transfer-Encoding
X-Cache-Ttl
Accept-Ch
X-Request-Url
X-Html-Edge-Cache
X-LiteSpeed-Tag
X-Generation-Time
Server-Id
X-Store
Ohc-Cache-HIT
Requestid
X-Test
A
X-NGENIX-Cache
X-Akamai-SSL-Client-Sid
X-Compress-Hint
X-Cluster-Name
X-Bug-Bounty
X-Dw-Trace-Id
X-EC-Lua
Frontcache
X-Cdn-Request-ID
X-HTML-Edge-Cache
Ohc-Response-Time
NnCoection
X-ServerName
Is-Session-Tracking
Get-Access-Time
X-UCC
X-Port
X-Serial