Threat Level: green Handler on Duty: Renato Marinho

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
X-Powered-By
Link
ETag
CF-RAY
X-XSS-Protection
Expect-CT
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
CF-Cache-Status
X-Timer
Access-Control-Allow-Headers
X-Request-Id
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-Xss-Protection
X-Drupal-Cache
X-Adblock-Key
Alt-Svc
X-Check
X-Cacheable
X-Request-ID
Content-Security-Policy-Report-Only
X-Cache-Status
X-Generator
CF-Ray
X-Permitted-Cross-Domain-Policies
X-DNS-Prefetch-Control
X-AspNetMvc-Version
X-Template
X-Language
Status
X-Iinfo
Content-Encoding
Timing-Allow-Origin
X-Buckets
X-FRAME-OPTIONS
X-Content-Security-Policy
Upgrade
X-CDN
Xkey
X-Turbo-Charged-By
X-Kinja-Server-Push
Keep-Alive
Access-Control-Expose-Headers
X-Backend
X-Cache-Group
X-Pass-Why
Access-Control-Max-Age
X-AH-Environment
P3p
X-Drupal-Dynamic-Cache
X-Age
X-Ua-Compatible
X-Pingback
X-Server
X-Via
X-Proxy-Cache
Grace
X-Amz-Id-2
X-Amz-Request-Id
X-Hacker
WPE-Backend
X-Robots-Tag
X-Varnish-Cache
X-Server-Powered-By
X-Nginx-Cache-Status
X-Page-Speed
EagleId
X-UA-Device
Request-Context
X-Envoy-Upstream-Service-Time
Cf-Railgun
X-Amz-Version-Id
X-LiteSpeed-Cache
X-WebKit-CSP
X-Swift-SaveTime
X-Swift-CacheTime
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-OneAgent-JS-Injection
X-Device
Ali-Swift-Global-Savetime
Allow
Server-Timing
X-Ac
X-Rq
X-Node
X-Host
X-CST
Content-Location
Feature-Policy
X-Cnection
X-Response-Time
Report-To
X-Server-Id
X-Type
X-Backend-Server
X-Cloud-Trace-Context
X-Application-Context
Surrogate-Control
EagleEye-TraceId
X-Iejgwucgyu
X-ORACLE-DMS-ECID
X-Url
X-Readtime
Request-Id
X-Origin-Cache
X-Rack-Cache
X-Country
X-FTR-Request-ID
X-Clacks-Overhead
X-Cache-Lookup
X-Country-Code
Rating
NEL
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Instart-Request-ID
X-Ruxit-JS-Agent
X-Vhost
X-DynaTrace
X-Mod-Pagespeed
Pinterest-Generated-By
X-Origin-Upstream-Status
X-DataDome
X-Px
Edge-Control
X-Upstream-Env
X-Goog-Hash
Verso
X-Server-Name
X-ESI
Accept-CH
X-HW
X-ORACLE-DMS-RID
X-Dispatcher
X-Server-ID
MS-Author-Via
X-VARITI-CCR
AR-ATIME
AR-CACHE
AR-PoweredBy
X-GitHub-Request-Id
X-DataStream-Cache-Status
X-MS-InvokeApp
Arc-Version
X-Mobile-Rewrite
PB-PID
PB-RID
X-Exp-Id
X-Exp-Variant
X-Use-Magma
X-Kinja-Revision
X-Kinja
X-Kinja-Server
X-Kinja-Build
X-GoogleNews-Bot
X-Cdn-Fetch
X-Cached
X-Version
Charset
Content-MD5
X-Powered-By-Plesk
Public-Key-Pins
X-Recruiting
X-Dns-Prefetch-Control
Service-Worker-Allowed
AR-Request-ID
Accept-CH-Lifetime
RTSS
Ar-Sid
X-Abt-Application-Version
X-D2id
X-Navigation-Version
X-PC
X-TtlSet
X-Vname
X-Ser
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-TTL
X-Varnish-TTL
X-Amz-Server-Side-Encryption
X-Trace
X-Vcap-Request-Id
X-Forwarded-Proto
X-Client-IP
SPRequestGuid
X-DynaTrace-JS-Agent
Nginx-Cache
X-FTR-DC
X-FTR-Realm
X-FTR-Cache-Status
X-FTR-Backend
X-FTR-Balancer
X-FTR-Backend-Server
X-Country-Code-Real
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Generation
X-FTR-Expires
X-VCache
X-Amz-Rid
S
X-SharePointHealthScore
X-Fastly-Request-ID
X-XRDS-Location
X-Amz-Meta-S3cmd-Attrs
X-Debug
TCN
Arr-Disable-Session-Affinity
X-Shield-Request-Id
X-Hits
DynaTrace
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Dw-Request-Base-Id
X-TEC-API-VERSION
SPRequestDuration
X-Ttl
SPIisLatency
X-Akam-SW-Version
Access-Control-Request-Method
X-T
X-FTR-Cache-Host
X-Goog-Storage-Class
X-Powered-CMS
X-B3-TraceId
X-Upstream-Proxy
Pinterest-Version
X-Pinterest-Rid
X-Oracle-Dms-Rid
Front-End-Https
X-NF-Request-ID
X-SERVER
X-Acc-Meta-Resource-Type
Tracecode
X-Amzn-Trace-Id
Realpath
X-MSEdge-Ref
X-Aspnet-Version
X-N
Fastcgi-Cache
X-Varnish-Age
X-Id
X-Forwarded-For
X-Content-Type
Paypal-Debug-Id
X-Upstream
Alternate-Protocol
X-Mrf-Item-Lastmod
X-B3-TraceId-Primal
MRF-Tech
X-Mrf-Section-Lastmod
Mrf-Cache-Status
X-RateLimit-Remaining
X-Logged-In
X-Frontend
X-PressLabs-Stats
X-Sol
X-HS-Hub-Id
X-HS-Content-Id
X-Middleton-Display
X-Fastcgi-Cache
Display
Fusion-Content-Source
Fusion-Content-Id
Fusion-Component-Id
Fusion-Source
Fusion-Template-Id
X-Content-Digest
Response
X-Middleton-Response
AMP-Access-Control-Allow-Source-Origin
X-Hostname
X-Litespeed-Cache
X-Srv
X-Pad
X-Accel-Expires
X-Kinsta-Cache
MicrosoftSharePointTeamServices
Server-Name
Host
X-Accel-Buffering
X-Cache-Key
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
Backend-Timing
X-Analytics
X-Content-Options
X-User-Agent
X-Correlation-Id
X-Debug-Info
X-LB-Cache
X-Revision
X-B3-Traceid
X-AppVersion
X-Activity-Id
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Az
Refresh
FilterID
X-Cdn
Accept-Charset
X-Cache-2
X-IPLB-Instance
X-B3-Sampled
X-Rid
X-Cache-Hit
Powered-By-ChinaCache
Surrogate-Key
X-DIS-Request-ID
X-B
X-CF-Powered-By
ServerID
X-Page-Id
X-Grace
X-Whom
Server-Info
TP-Cache
TP-L2-Cache
X-PHP-Backend
X-Request-Received
X-Request-Processing-Time
MS-CV
Host-Header
X-FastCGI-Cache
X-Cached-By
X-GUploader-UploadID
X-Content-Security-Policy-Report-Only
VIX-Pulpo-Upstream-Status
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Origin-Server
X-TT
X-Varnish-Backend
Cache-Status
Source
X-Amz-Replication-Status
VIX-Pulpo-Node
X-App-Environment
X-UA-Device-Type
X-Cache-Action
X-Cluster
X-Akamai-Edgescape
X-Framework
X-Content-Powered-By
X-Platform-Server
X-Mobile
X-Webkit-CSP
Access-Control-Allow-Method
X-Drupal-Cache-Tags
X-Request-Guid
X-Varnish-Grace
X-Ruxit-Js-Agent
X-FW-Hash
X-FW-Type
X-FW-Static
X-Tumblr-User
X-FW-Server
X-FW-Serve
X-F-Cache
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Instance
X-Zen-Fury
X-SS-Set-Cookie
X-FB-Debug
X-RateLimit-Limit
X-Ezoic-Cdn
X-Shard
X-Handled-By
X-Geo-Country
X-Cache-TTL
X-Forwarded-Host
X-Magnolia-Registration
Edge-Cache-Tag
From-Origin
X-Node-Name
X-ATG-Version
X-Cache-Age
X-Varnish-Hostname
X-App-Server
Cache-Tags
X-Varnish-Server
DC
Cleartype
PageSpeed
X-BCube-Filmed-By
X-AOL-HN
X-Cache-Control
Payment
Healthy
Upgrade-Insecure-Requests
X-Generated-By
X-RequestSource
X-Response-Served-From
X-Region
Filters
X-WebKit-CSP-Report-Only
CACHE
X-Adobe-Loc
X-TX-ID
X-Adobe-Content
Server-Node
Fastly-Restarts
Country
Cache-Tv-Group
X-UUID
NGB
X-VG-WebCache
X-TT-TIMESTAMP
X-Storage
Ms-Operation-Id
X-RTag
X-GeoIP
Webserver
X-Cache-Rule
X-Redis-Cache
Actual-Object-TTL
X-Drupal-Cache-Contexts
Retry-After
X-Jobs
X-Cacheable-TTL
X-Signature
X-B-Cache
X-FW-Dynamic
X-Content-Age
X-Locale
X-Tumblr-Pixel-1
X-Varnish-Hits
X-Tumblr-Pixel-2
GEO-INFO
ServedBy
X-TA-CDN-Provider
X-XRDS-LOCATION
Powered
Liferay-Portal
X-Contextid
Frame-Options
X-Seen-By
X-Wix-Server-Artifact-Id
HitType
X-Rendered-As
X-Real-IP
X-Via-JSL
X-Cache-TTL-Remaining
X-Oneagent-Js-Injection
X-Varnish-IP
X-WA-Info
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-GRACE
X-BACKEND-TTL
Viewport
S-Cnection
X-ProcessESI
Eomportal-Instance
X-RemovedCookies
X-Time
X-Cache-NE
X-Upgrade-Enabled
NtCoent-Length
X-Guploader-Uploadid
X-Cache-Server
X-Mode
Content-Style-Type
Content-Script-Type
Xserver
X-Esi
Datacenter
X-Cache-Config
X-Akamai-Transformed
X-Path-Route
X-Is-Bot
X-Hl-Ver
X-From
X-Proto
X-Proxied
X-Zipkin-Id
X-Routing-Service
X-RN-RSRV
X-ES-SERVER
X-Device-Type
Load-Balancing
Cache-Key
Cache-Hits
Machine
Mn-Server-Ip
X-Detected-As
X-Cache-Var-Map
X-Cache-Var
X-Varnish-Cache-Hits
Meta-Geo
X-S
Webcakes-Region
Webcakes-App-Version
Webcakes-App-Name
Access-Control-Request-Headers
Property-Id
X-Cache-Enabled
OT-Force-Account-Verify
X-AWS-Id
We-Hiring
TWC-GeoIP-Country
TWC-Device-Class
TWC-Connection-Speed
TWC-GeoIP-LatLong
TWC-Locale-Group
Vix-Hermes-Req-Id
TWC-Privacy
L5d-Success-Class
Mail-Subject
X-Tb
X-L-Path
X-LJ-Flow-ID
X-Cache-Operation
X-Origin-Hint
X-Hosted-By
X-Viewer-Country
X-VG-TLSProxy
X-Environment-Context
X-VWS-Id
X-FC-Vary-Parameters
Azure-SiteName
Azure-RegionName
Azure-InstanceId
X-FB-TRIP-ID
Origin-Cache-Control
Origin-Edge-Control
NGX
Azure-Version
Azure-SlotName
X-Access
X-Origin-Response-Time
X-Loop
X-Section
X-ServerID
X-TNCMS
X-Time-Microsecs
X-Labrador-Cache-Channel
X-EIG-Tracking-Id
X-Birta-Cache-Post
X-Backend-Name
X-Birta-Served
X-Debug-Cache
X-Web-Node
X-Akamai-Request-ID
S-Rt
X-Endurance-Cache-Level
X-Format
X-FW-Version
X-Human
X-CCM
Cache-Tag
X-Trace-Id
Selected-FE
X-IP
X-BYPASS-REASON
X-JoinUs
X-Proxy-Build
X-ProxyCache-Key
X-ProxyCache-Status
X-Timing-Wait
X-Varnish-Cacheable
X-PCL
X-Via-CDN
X-NCache
X-OCL
Now
X-Xfnlog-Site
DB-Nickname
X-Proxy
X-Grey
X-Vgn-Hpd-Reason
X-Generated
Decoy-Debug-TTL
X-Via-Fastly
Decoy-Debug-Key
X-Status
X-Www-Served-By
X-Site-Version
Decoy-Debug-Status
X-Rocket-Nginx-Bypass
X-Cache-Category-Id
X-MP-GENERATED-AT
X-Wix-Request-Id
X-Tumblr-Pixel-3
X-NWS-LOG-UUID
Uber-Trace-Id
ViewerVersion
X-VC-Cache
X-RCS-CacheZone
X-Internal-Host
Served-By
X-EdgeConnect-Cache-Status
X-CDN-Cache
X-R9-Blue-Green-Version
X-Newrelic-App-Data
X-Dynatrace-Js-Agent
X-NewRelic-App-Data
X-Rule
X-Cache-Remote
LB
Pagespeed
X-Origin-Host
AsisCache
Release
X-UnsetCookies
X-Sucuri-ID
X-UA
X-Cluster-Node
Rt-Fastcgi-Cache
X-App-Name
Nel
X-Ua
X-PERF
X-ApacheServer
User-Agent
X-Source
X-App-Version
X-Nginx-Cache
X-Agile
X-TIME
X-Agile-Age
X-Agile-Id
X-Request-Time
X-Datadome
Cache-Name
X-APP-VERSION
X-B3-Spanid
X-OVcl
X-Goog-Meta-Goog-Reserved-File-Mtime
X-OVcl-Cache
X-Hit
X-Origin
X-Edge-Location
X-CACHE-KEY
X-VCT
Warning
X-Pubstack
Hostname
X-Origin-TTL
X-Edge-IP
X-Cdn-Forward
X-Origin-CC
MD5-Digest
Node
X-Platform
X-Ocache
Fly-Request-Id
Request-EU
X-Processor
Arc-Country
BehaviorPad-Version
Ajk
Origin
On-Server
Cache-Prefix
X-Sucuri-Cache
Fly-Cache
Request-Country
Ec-Rule-Version
Cross-Origin-Window-Policy
Meta-Geo-Continent
Rendered-Blocks
X-IN-APIGATEWAY
X-Debug-Cookies
X-Application
X-Debug-Cache-Store
X-ARC
X-Debug-Cache-Fetch
X-Aed
X-Accel-Expires-Debug
X-Destination
X-Developer
X-A-Dgt
X-Debug-Log
X-A-Wwc
X-B-Cookie
X-BB-ID
X-CF-Lambda-Version
X-Date
X-D
X-Connection-Hash
X-Core-Value
X-CF-Lambda-Fn
Xc-Version
X-Cache-ASPX
X-Cache-Expires
X-Cache-Grace
X-Debug-Cache-Expiry
X-DPWN-IS-SECURE
X-A-Dcw
X-Logtrace-Id
X-Matched-Rule
X-Instart-Isnd
X-IN-WAF
X-PAYTM-SRV-ID
X-Mobile-URL
X-NodeID
X-NU-AKA-ACS-Version
Request-Time
Server-Cache-Control
Server-Surrogate-Control
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
X-A-Ccd
X-A
X-G
X-External-Request-Id
X-A-Dam
X-Gannett-Site-Version
Www
Thinkindot-Control
X-Hp-Webp
UCS
X-Generated-In
X-NX-Host
X-Trv-Group
X-Rojux
X-Twitter-Response-Tags
X-Secret
X-Region-Sid
X-S-Cookie
X-Rewrite-Enabled
X-VG-WebServer
X-Varnish-Authentication
X-ScT
X-Transaction
X-Var-Ttl
X-Up
X-SRCache-Key
X-Protected-By
X-Thinkindot-L3
X-Request-UUID
X-Server-Group
X-ElasticPress-Search
X-Cache-Backend
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
Server-Host
X-Crawler
Server-Int
SRV
X-Cache-Info
X-Dispatcher-Server
X-Device-Os
X-CGP
X-Sedo-Request-Id
Pramga
X-Developers
RNT-Machine
Proxy-Connection
X-Origin-Expires
Pagetype
RNT-Time
X-PHP-Host
X-Sf
X-Amzn-Remapped-Date
X-Amzn-Remapped-Connection
Memcached
X-Cache-Host
X-Key
X-Irp-Debug
Lfy
X-Info
X-Block-Status
X-C
X-Cache-Debug
X-LAGOON
X-SN
User-Cache-Control
X-LI-Proto
N-Cache
X-LI-UUID
True-Client-Country-4JS
X-Li-Pop
Web-Mar-Node
X-Rebelmouse-Cache-Control
X-Cache-Id
X-Cache-Miss-From
X-Li-Fabric
X-Varnish-Url
X-TT-LOGID
X-F5-Cache
Apple-News-Services-Request-Url
Backend
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Apple-News-Services-Handled
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
X-Hnp-Log
X-Policy
CDCHOST
X-Hash
Cache-Cookie-Set-Lfrom
X-Servername
X-Proxy-Upstream
X-RateLimit-Remaining-Second
X-Origin-Date
X-Rebelmouse-Surrogate-Control
X-Geo-Header
X-Swa-Ws
X-Reboot
X-SIPLIST1
X-Gen-Mode
X-Refresh
X-Qloud-Router
X-ServiceProvider
X-RateLimit-Limit-Second
X-WPE-Loopback-Upstream-Addr
X-Proxy-Cache-Status
X-Distil-CS
X-No-Session
X-Request-URI
HA-Ipaddr
X-Distributor
X-Epic-Correlation-Id
Ha-Gx-Prefs
X-Eu-Site
Heartbleed
Fastly-SWR
IsBot
Magicmarker
X-Webstats-RespID
Country-Code
Fastly-SIE
Fastly-Backend-Name
Kp-EeAlive
X-Page-Type
DSUID
X-FireWall-Port
X-Varnish-Ttl
X-GeoIP-City
X-Server-IP
X-Generated-On
X-Bip
X-Gateway-Cache-Status
X-Fetched-On
X-Wikidot-Backend
X-Core-Mission
X-BBXSRF
X-Wikidot-Static-Cache
X-Via-SSL
X-Gateway-Cache-Key
X-Sorting-Hat-ShopId
X-User
X-Gateway-Skip-Cache
X-Cms-Context
X-S-Maxage
X-Sorting-Hat-PodId
X-Micro-Cache
SD-X-WS
Fastly-SSL
X-Shopify-Stage
X-GeoIP-Country-Code
Is-Eu
Adler-Geo
X-Nginx-Cache-Key
X-Cache-Bucket
HTTPS
Platform
X-MSEdge-Flight
X-MSEdge-Features
X-Fastly-Cache
X-Thanos
X-ShopId
X-Variation
X-Amzn-Remapped-Content-Length
X-Location
X-TrackingId
X-ShardId
X-Backend-State
AKAMAI
X-Amz-Meta-Cache-Control
Content-Disposition
X-Ah-Environment
X-Via-Edge
X-Level-Front-Cache
X-Alternate-Cache-Key
Fastly-Soc-X-Request-Id
Cteonnt-Length
X-Planisys-CDN-TTL
X-Node-Id
X-Owner
X-Server-Time
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
FNAC-ModuleRouting
X-Cache-FS-Status
X-Auto-Login
X-Backend-Host
X-Skip-Cache
X-Backend-Url
ServerName
X-Cdn-Srv
X-GZip
Cache
X-RateLimit-Reset
X-Varnish-Beresp-Ttl
Server-ID
MIME-Version
X-Real-Ip
Section-Io-Cache
Gh-Request-Id
X-CUA
X-Org
Powered-By
X-Nc
X-Cdn-Origin
REQUESTUUID
X-Pjax-Url
Viewtype
X-Load-Cache
Pragrma
X-Apm-Svc-Key
V-Age
X-Apm-App-Name
X-Apm-Inst-Hash
X-Sn-Servicetimems
VivaBuild
X-NC
X-FPC
X-Svr
X-Returned-From
X-Passed-To-PostProcessResponse
X-Server-By
X-Passed-To-DLL
X-Stale
X-Passed-To
Fastcgi-Useragent
X-Passed-To-BeforeDispatch
X-Original-Request
X-Returned-From-BeforeDispatch
Rt-Proxy-Cache
X-Actual-URL
X-Aicache-OS
X-CDN-Forward
X-Exp-Se
X-ND-Cache
HostName
X-Returned-From-DLL
X-Returned-From-PostProcessResponse
X-Geo
X-Parent-Response-Time
X-Dc
X-Served-From
X-Croise-Owner
X-HS-Cache-Config
X-CSRF-TOKEN
Host-ID
X-VServer
Cdn-Host
X-Gdpr
X-Ua-Device
X-Unique-ID
X-DC
X-ID
Cdn-Request-Time
X-Edge-Server
X-B3-Parentspanid
Memory
X-Wa
X-Servedbyhost
X-Microcachable
Time
X-Git-Hash
ProcessTime
X-Oss-Server-Time
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Oss-Request-Id
PICS-Label
X-Oss-Storage-Class
Resin-Trace
Wxu-Next-Commit
SID
Wxu-Next-Hostname
Wxu-Next-Region
Mime-Version
X-Tb-Optimization-Total-Bytes-Saved
X-V
X-Newrelic-Synthetics
CF-IPCountry
X-From-Cache
X-Req
AR-SID
Cf-Ipcountry
X-Optimization
X-Cache-HT
Odigeo-Trace-Id
Cdn
X-Release
X-Host-Name
X-TH-Server
X-WebServer
X-HTML-Minification-Powered-By
X-Lb-Id
X-Varnish-Beresp-TTL
X-Fstrz
CF-Cached-On
X-Phone
X-Atg-Version
X-Daa-Tunnel
Proxy-Firewall
XServer
X-Instart-Info
X-APP
X-LB-ID
X-Response-By
X-Upstream-HT
X-Upstream-CT
Public-Key-Pins-Report-Only
X-WR-MODIFICATION
GMS-Ver
Processtime
Backend-Name
X-Ratelimit-Remaining
X-B3-SpanId
X-Check-Cacheable
X-Fastly-Backend-Reqs
X-Ratelimit-Limit
X-Vcl-Version
X-Worker
WZWS-RAY
X-Zone
Fastcgi-X-Cache-Version
X-CACHE-AGE
X-CLOUD-TRACE-CONTEXT
X-GEO
352pxline
355prline
Xxline
286prxHost
409pxxline
219prxHost
178proxuri
188prxHost
189phosttRef
X-Server-W
225prxHost
X-NGINX-Cache
X-Nananana
X-Vcache
X-IPS-LoggedIn
X-Backend-TTL
Pics-Label
X-Amz-Meta-Surrogate-Control
Version
GW-Server
X-WA
Mobile-Detection-Method
X-UE-Client-Country
X-Ratelimit-Reset
X-HS-Status
X-URL
Countrycode
X-Clientip
X-We-Are-Hiring
Lb
SN
X-ServedByHost
X-CSRF-Token
X-VCL-Version
WP-Super-Cache
SS
X-UPSTREAM-Address
X-Fastly-Country-Code
X-Hyper-Cache
DataCenter
Ohc-File-Size
Geoip-Latitude
X-Contensis-Viewer-Groups
GeoIP-City
GeoIp-Country-Code
Esi-Enabled
GeoIP-Latitude
X-AssetVersion
X-Akamai-Request-ID2
X-SERVER-NAME
GeoIP-Country-Code
X-Dynatrace
X-SRV
X-GZIP
Accept-Language
URI
FSS-Proxy
FSS-Cache
Geoip-City
X-Be
X-HS-Combine-CSS
X-Via-Ucdn
X-GDPR
X-PF-Uncompressing
X-Request-Start
X-BE
X-Render-Time
Serverid
X-CS
X-Vtex-Remote-Cache
X-NWS-UUID-VERIFY
X-Vtex-Processado-Em
X-LiteSpeed-Cache-Control
X-RequestId
X-Unique-Id
X-Gen-Id
X-ZONE
X-PJAX-URL
X-Via-NSCOPI
Ohc-Cache-HIT
X-Fpc
Locale
X-Urbn-Context-Path
X-Urbn-Site-Id
X-Reqid
CDN
Amp-Access-Control-Allow-Source-Origin
FastCGI-Cache
X-HostName
X-FORWARDED-FOR
Dynatrace
Cneonction
X-ABtesting
X-UCC
X-Html-Edge-Cache
X-Fastly-Cache-Hits
X-Pf-Uncompressing
X-Hello
RequestUuid
X-Flog
X-Cache-Ttl
X-Cdn-Cache
IBM-Web2-Location
X-LiteSpeed-Tag
Dnion-Transfer-Encoding
X-Generation-Time
X-Varnish-Action
Who
Server-Id
Accept-Ch
X-Request-Url
A
X-Store
X-Akamai-SSL-Client-Sid
Frontcache
X-HTML-Edge-Cache
X-Serial
Ohc-Response-Time
X-Dw-Trace-Id
X-Port
X-ServerName
X-EC-Lua
NnCoection
X-Cache-URL
Get-Access-Time
X-Cdn-Request-ID
Is-Session-Tracking