Threat Level: green Handler on Duty: Renato Marinho

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
X-Powered-By
Link
ETag
CF-RAY
X-XSS-Protection
Expect-CT
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
CF-Cache-Status
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-AspNet-Version
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-Xss-Protection
X-Drupal-Cache
X-Adblock-Key
Alt-Svc
X-Check
X-Cacheable
X-Request-ID
Content-Security-Policy-Report-Only
X-Cache-Status
X-Generator
CF-Ray
X-Permitted-Cross-Domain-Policies
X-AspNetMvc-Version
X-DNS-Prefetch-Control
X-Template
X-Language
Status
X-Iinfo
Content-Encoding
X-FRAME-OPTIONS
Timing-Allow-Origin
X-Buckets
X-Content-Security-Policy
X-CDN
Upgrade
Xkey
X-Turbo-Charged-By
X-Kinja-Server-Push
Keep-Alive
Access-Control-Expose-Headers
P3p
X-Backend
X-Pass-Why
X-AH-Environment
Access-Control-Max-Age
X-Drupal-Dynamic-Cache
X-Age
X-Cache-Group
X-Ua-Compatible
X-Pingback
X-Server
X-Via
X-Proxy-Cache
Grace
X-Amz-Id-2
X-Amz-Request-Id
X-Hacker
X-Varnish-Cache
X-Robots-Tag
X-Nginx-Cache-Status
X-Server-Powered-By
WPE-Backend
X-Page-Speed
X-UA-Device
EagleId
Request-Context
X-Envoy-Upstream-Service-Time
Cf-Railgun
X-Amz-Version-Id
X-WebKit-CSP
X-LiteSpeed-Cache
X-Swift-CacheTime
X-Swift-SaveTime
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-OneAgent-JS-Injection
X-Device
Ali-Swift-Global-Savetime
Allow
Server-Timing
X-Ac
X-Rq
X-Node
X-CST
X-Host
Feature-Policy
Content-Location
X-Server-Id
X-Cnection
X-Response-Time
X-Type
Report-To
X-Backend-Server
X-Cloud-Trace-Context
X-Application-Context
Surrogate-Control
EagleEye-TraceId
X-Iejgwucgyu
X-ORACLE-DMS-ECID
X-Url
X-Origin-Cache
Request-Id
X-Readtime
X-Rack-Cache
X-Country
X-FTR-Request-ID
X-Clacks-Overhead
X-Country-Code
X-Cache-Lookup
Rating
NEL
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Instart-Request-ID
X-Vhost
X-Ruxit-JS-Agent
X-DynaTrace
Pinterest-Generated-By
X-Mod-Pagespeed
X-Upstream-Env
X-Origin-Upstream-Status
X-Px
X-DataDome
Edge-Control
X-Goog-Hash
Verso
X-Server-Name
Accept-CH
X-ESI
X-HW
X-Dispatcher
X-ORACLE-DMS-RID
MS-Author-Via
X-DataStream-Cache-Status
AR-PoweredBy
X-GitHub-Request-Id
AR-ATIME
X-VARITI-CCR
AR-CACHE
PB-RID
Arc-Version
X-Mobile-Rewrite
PB-PID
X-MS-InvokeApp
X-Exp-Variant
X-Cdn-Fetch
X-Exp-Id
X-Kinja-Build
X-GoogleNews-Bot
X-Kinja-Server
X-Kinja-Revision
X-Kinja
X-Use-Magma
X-Cached
X-Version
Charset
X-Dns-Prefetch-Control
Content-MD5
X-Powered-By-Plesk
Public-Key-Pins
X-Recruiting
Service-Worker-Allowed
Accept-CH-Lifetime
AR-Request-ID
X-Navigation-Version
X-D2id
RTSS
Ar-Sid
X-Abt-Application-Version
X-TtlSet
X-PC
X-Vname
X-Server-ID
X-Ser
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Varnish-TTL
X-Trace
X-Amz-Server-Side-Encryption
X-TTL
X-Forwarded-Proto
X-Vcap-Request-Id
X-Client-IP
SPRequestGuid
X-DynaTrace-JS-Agent
Nginx-Cache
X-Country-Code-Real
X-FTR-Realm
X-FTR-Cache-Status
X-FTR-DC
X-FTR-Backend-Server
X-FTR-Backend
X-FTR-Balancer
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-VCache
X-FTR-Expires
X-Amz-Rid
X-SharePointHealthScore
X-Fastly-Request-ID
S
X-Amz-Meta-S3cmd-Attrs
X-XRDS-Location
X-Debug
Arr-Disable-Session-Affinity
TCN
X-Shield-Request-Id
X-TEC-API-VERSION
X-Ttl
X-TEC-API-ORIGIN
X-Dw-Request-Base-Id
X-TEC-API-ROOT
X-Hits
DynaTrace
SPRequestDuration
SPIisLatency
Pinterest-Version
X-Pinterest-Rid
X-Upstream-Proxy
X-Oracle-Dms-Rid
X-Akam-SW-Version
Access-Control-Request-Method
X-T
X-SERVER
X-Goog-Storage-Class
X-FTR-Cache-Host
Front-End-Https
X-Powered-CMS
X-Id
X-Litespeed-Cache
X-B3-TraceId
X-Aspnet-Version
X-NF-Request-ID
X-Acc-Meta-Resource-Type
Fastcgi-Cache
Tracecode
X-Amzn-Trace-Id
Realpath
X-MSEdge-Ref
X-N
X-Varnish-Age
Paypal-Debug-Id
X-Forwarded-For
X-Content-Type
X-Upstream
Alternate-Protocol
X-B3-TraceId-Primal
Mrf-Cache-Status
MRF-Tech
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
X-RateLimit-Remaining
X-Sol
X-Frontend
X-Middleton-Display
Display
X-Logged-In
X-PressLabs-Stats
X-HS-Hub-Id
X-HS-Content-Id
Fusion-Source
X-Content-Digest
Fusion-Content-Source
Fusion-Template-Id
Fusion-Content-Id
Fusion-Component-Id
Response
X-Middleton-Response
AMP-Access-Control-Allow-Source-Origin
X-Hostname
X-Cache-Key
X-Srv
X-Pad
X-Accel-Expires
X-Fastcgi-Cache
X-Accel-Buffering
X-Kinsta-Cache
MicrosoftSharePointTeamServices
X-B3-Traceid
Server-Name
Host
X-Content-Options
Backend-Timing
X-Analytics
X-User-Agent
X-Correlation-Id
X-LB-Cache
X-Revision
X-Debug-Info
X-Rid
X-AppVersion
X-Activity-Id
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Az
Refresh
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
Accept-Charset
FilterID
X-IPLB-Instance
X-Cache-2
X-Cache-Hit
X-B3-Sampled
X-Grace
X-B
X-DIS-Request-ID
Surrogate-Key
Powered-By-ChinaCache
X-CF-Powered-By
X-FastCGI-Cache
ServerID
X-Page-Id
X-Whom
Server-Info
TP-Cache
TP-L2-Cache
X-PHP-Backend
X-Webkit-CSP
X-Request-Received
X-Request-Processing-Time
MS-CV
Host-Header
X-Content-Security-Policy-Report-Only
X-Ruxit-Js-Agent
X-Varnish-Backend
X-Amz-Replication-Status
X-Kong-Proxy-Latency
X-TT
X-Cached-By
X-Origin-Server
Source
VIX-Pulpo-Node
X-Akamai-Edgescape
VIX-Pulpo-Upstream-Status
X-Kong-Upstream-Latency
X-App-Environment
X-Cluster
X-Framework
X-Tumblr-User
Cache-Status
X-GUploader-UploadID
X-UA-Device-Type
X-Tumblr-Pixel-0
X-Mobile
X-Platform-Server
X-Tumblr-Pixel
X-Cache-Action
X-F-Cache
X-Varnish-Grace
X-FW-Serve
X-FW-Type
X-FW-Hash
Access-Control-Allow-Method
X-Drupal-Cache-Tags
X-Request-Guid
X-FW-Static
X-FW-Server
X-Content-Powered-By
X-Instance
X-RateLimit-Limit
X-Shard
X-Ezoic-Cdn
X-SS-Set-Cookie
X-Zen-Fury
X-FB-Debug
X-Geo-Country
X-Handled-By
X-Cache-TTL
X-Magnolia-Registration
X-Forwarded-Host
Edge-Cache-Tag
PageSpeed
From-Origin
X-Node-Name
X-ATG-Version
X-Cache-Age
X-Varnish-Hostname
X-App-Server
CACHE
DC
X-Varnish-Server
Cleartype
Cache-Tags
X-BCube-Filmed-By
X-AOL-HN
X-Cache-Control
Upgrade-Insecure-Requests
X-Region
Payment
Healthy
Filters
X-Response-Served-From
X-WebKit-CSP-Report-Only
X-RequestSource
X-Generated-By
X-Adobe-Content
X-TX-ID
X-Adobe-Loc
X-GeoIP
X-RTag
X-TT-TIMESTAMP
Server-Node
NGB
Ms-Operation-Id
Webserver
X-VG-WebCache
Cache-Tv-Group
X-UUID
X-Storage
X-Redis-Cache
X-Drupal-Cache-Contexts
X-Jobs
X-B-Cache
X-FW-Dynamic
Fastly-Restarts
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
Country
Retry-After
X-Cache-Rule
X-Signature
Actual-Object-TTL
X-Cacheable-TTL
X-Content-Age
X-XRDS-LOCATION
X-Locale
X-Varnish-Hits
GEO-INFO
ServedBy
Liferay-Portal
X-Wix-Server-Artifact-Id
X-Contextid
X-TA-CDN-Provider
Powered
Frame-Options
X-Seen-By
X-Oneagent-Js-Injection
X-Rendered-As
HitType
X-Via-JSL
X-Cache-TTL-Remaining
X-Real-IP
X-Varnish-IP
X-BACKEND-TTL
X-WA-Info
X-Yottaa-Metrics
X-Yottaa-Optimizations
S-Cnection
Viewport
X-Guploader-Uploadid
X-Esi
X-Upgrade-Enabled
Eomportal-Instance
X-Cache-Server
Content-Style-Type
X-RemovedCookies
X-ProcessESI
X-Cache-NE
Content-Script-Type
X-Mode
NtCoent-Length
Datacenter
X-Cache-Config
Meta-Geo
Machine
X-From
Mn-Server-Ip
Load-Balancing
Cache-Key
X-Cache-Var-Map
X-Detected-As
X-Cache-Var
Cache-Hits
X-Device-Type
X-ES-SERVER
X-Routing-Service
X-RN-RSRV
X-Proto
X-Akamai-Transformed
X-Path-Route
X-Is-Bot
X-Proxied
X-Hl-Ver
X-Varnish-Cache-Hits
X-Zipkin-Id
X-L-Path
X-LJ-Flow-ID
X-FC-Vary-Parameters
Webcakes-App-Name
X-Environment-Context
X-Cdn
TWC-GeoIP-Country
TWC-Device-Class
TWC-Connection-Speed
TWC-GeoIP-LatLong
TWC-Locale-Group
Vix-Hermes-Req-Id
TWC-Privacy
Webcakes-App-Version
Webcakes-Region
L5d-Success-Class
X-Origin-Hint
X-AWS-Id
OT-Force-Account-Verify
X-Access
Property-Id
Access-Control-Request-Headers
X-Hosted-By
X-VWS-Id
X-VG-TLSProxy
X-Tb
X-Cache-Enabled
X-Viewer-Country
X-Section
X-Backend-Name
X-Time
Azure-Version
Azure-SiteName
X-Birta-Served
X-Cache-Operation
X-Birta-Cache-Post
Azure-RegionName
X-Via-CDN
Azure-SlotName
Mail-Subject
S-Rt
NGX
X-FB-TRIP-ID
X-Proxy
We-Hiring
X-Wix-Request-Id
X-Akamai-Request-ID
ViewerVersion
X-Web-Node
Origin-Cache-Control
Origin-Edge-Control
X-TNCMS
Azure-InstanceId
X-Loop
X-EIG-Tracking-Id
X-FW-Version
X-Format
X-ServerID
X-Time-Microsecs
Xserver
X-Origin-Response-Time
X-Human
X-Timing-Wait
X-Proxy-Build
X-Via-Fastly
X-GRACE
X-Xfnlog-Site
X-Labrador-Cache-Channel
X-JoinUs
X-PCL
Cache-Tag
X-IP
Decoy-Debug-Status
X-Trace-Id
X-OCL
X-Endurance-Cache-Level
X-Debug-Cache
X-S
X-NCache
X-CCM
X-Status
X-Tumblr-Pixel-3
Decoy-Debug-TTL
Selected-FE
Decoy-Debug-Key
X-Varnish-Cacheable
DB-Nickname
X-MP-GENERATED-AT
X-Vgn-Hpd-Reason
X-ProxyCache-Status
X-Site-Version
X-BYPASS-REASON
X-ProxyCache-Key
X-Generated
Now
X-Www-Served-By
X-Cache-Category-Id
X-Rocket-Nginx-Bypass
Uber-Trace-Id
X-Grey
X-UA
X-Dynatrace-Js-Agent
Served-By
X-VC-Cache
X-CDN-Cache
X-RCS-CacheZone
X-NewRelic-App-Data
X-NWS-LOG-UUID
X-Internal-Host
X-R9-Blue-Green-Version
X-EdgeConnect-Cache-Status
X-Rule
X-Newrelic-App-Data
X-Cache-Remote
LB
X-Origin-Host
X-Sucuri-ID
AsisCache
X-UnsetCookies
Release
X-TIME
X-Cluster-Node
Rt-Fastcgi-Cache
Nel
X-App-Name
User-Agent
X-ApacheServer
X-APP-VERSION
X-PERF
X-B3-Spanid
X-Datadome
X-Nginx-Cache
X-Agile
X-Agile-Age
X-Source
Pagespeed
X-Agile-Id
X-Request-Time
Hostname
Cache-Name
X-Ua
X-Edge-Location
X-Ocache
X-OVcl-Cache
X-Goog-Meta-Goog-Reserved-File-Mtime
X-OVcl
X-Hit
Warning
X-App-Version
X-Origin-CC
X-Origin
X-Pubstack
X-Origin-TTL
X-VCT
X-Sucuri-Cache
X-ElasticPress-Search
X-Edge-IP
X-A-Dcw
X-A-Dgt
X-A-Wwc
X-PAYTM-SRV-ID
X-Processor
X-Rewrite-Enabled
X-ARC
X-Application
X-B-Cookie
X-Platform
X-BB-ID
X-Mobile-URL
X-Debug-Cache-Store
X-Cache-Grace
X-Debug-Cookies
X-Accel-Expires-Debug
X-Varnish-Authentication
X-Aed
X-Cache-ASPX
X-A-Dam
Fly-Request-Id
Request-EU
Fly-Cache
Request-Time
X-NodeID
X-NU-AKA-ACS-Version
Request-Country
Rendered-Blocks
N-Cache
Meta-Geo-Continent
Node
On-Server
X-NX-Host
Origin
Server-Cache-Control
Ec-Rule-Version
Xc-Version
Arc-Country
Www
X-A
X-A-Ccd
Ajk
BehaviorPad-Version
UCS
Server-Surrogate-Control
Cross-Origin-Window-Policy
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
Cache-Prefix
Thinkindot-Control
X-CF-Lambda-Fn
X-Cache-Expires
X-Gannett-Site-Version
X-Date
X-Transaction
MD5-Digest
X-G
X-ScT
X-Secret
X-IN-APIGATEWAY
X-Logtrace-Id
X-Debug-Log
X-D
X-Request-UUID
X-Protected-By
X-VG-WebServer
X-IN-WAF
X-Thinkindot-L3
X-SRCache-Key
X-Hp-Webp
X-Var-Ttl
X-Generated-In
X-Destination
X-Rojux
X-Developer
X-S-Cookie
X-Connection-Hash
X-External-Request-Id
X-CF-Lambda-Version
X-Up
X-Matched-Rule
X-Server-Group
X-Trv-Group
X-Instart-Isnd
X-Debug-Cache-Expiry
X-Developers
X-Twitter-Response-Tags
X-Region-Sid
X-Debug-Cache-Fetch
X-DPWN-IS-SECURE
X-Core-Value
X-Cache-Backend
X-Varnish-Ttl
Server-Int
X-Info
X-No-Session
SRV
X-Distributor
Proxy-Connection
X-Location
Pramga
Pagetype
X-Irp-Debug
Server-Host
X-Origin-Date
X-Hnp-Log
X-LAGOON
X-Block-Status
X-Via-SSL
X-Key
X-Amzn-Remapped-Connection
X-Amzn-Remapped-Date
X-C
X-Cms-Context
X-Cache-Host
X-Cache-Miss-From
X-CGP
X-Distil-CS
X-Cache-Debug
X-Via-Edge
X-Crawler
Web-Mar-Node
Lfy
X-Li-Pop
X-Nginx-Cache-Key
Memcached
User-Cache-Control
X-Epic-Correlation-Id
X-Hash
X-LI-Proto
X-LI-UUID
X-Eu-Site
X-Gen-Mode
X-Geo-Header
X-Li-Fabric
X-ServiceProvider
Backend
Cache-Cookie-Set-From
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
X-Proxy-Upstream
Cache-Cookie-Set-Lfrom
Country-Code
Content-Disposition
CDCHOST
X-WPE-Loopback-Upstream-Addr
Apple-News-Services-Handled
AKAMAI
X-Qloud-Router
X-Rebelmouse-Cache-Control
Magicmarker
X-Policy
X-Proxy-Cache-Status
X-Rebelmouse-Surrogate-Control
X-Reboot
X-Webstats-RespID
X-Servername
X-Sedo-Request-Id
X-Refresh
X-SIPLIST1
Cache-Cookie-Set-Idcheck
Heartbleed
Fastly-Soc-X-Request-Id
Fastly-Backend-Name
Fastly-SWR
X-SN
X-F5-Cache
HA-Ipaddr
X-Cache-Info
X-Origin-Expires
Fastly-SIE
X-Ah-Environment
Ha-Gx-Prefs
Kp-EeAlive
X-TT-LOGID
IsBot
X-Swa-Ws
X-Varnish-Beresp-Grace
X-FireWall-Port
X-Varnish-Beresp-Status
X-Cdn-Forward
X-RateLimit-Remaining-Second
X-Micro-Cache
X-TrackingId
X-Thanos
X-Skip-Cache
X-ShopId
X-RateLimit-Limit-Second
X-Cache-Id
X-Cache-FS-Status
X-Gateway-Skip-Cache
X-Gateway-Cache-Status
X-Generated-On
X-Shopify-Stage
X-Gateway-Cache-Key
X-GeoIP-City
X-Core-Mission
X-User
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Varnish-Url
X-Fetched-On
X-Level-Front-Cache
X-Server-IP
X-Dispatcher-Server
X-Request-URI
X-GeoIP-Country-Code
X-S-Maxage
X-ShardId
X-Device-Os
X-Sf
X-Bip
X-MSEdge-Flight
True-Client-Country-4JS
X-Page-Type
DSUID
X-PHP-Host
X-Amz-Meta-Cache-Control
X-Alternate-Cache-Key
X-Node-Id
SD-X-WS
HTTPS
X-Cache-Bucket
X-Fastly-Cache
Fastly-SSL
RNT-Time
RNT-Machine
X-Wikidot-Static-Cache
X-MSEdge-Features
X-Amzn-Remapped-Content-Length
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Wikidot-Backend
X-Backend-Host
X-Planisys-CDN-Cache
X-Backend-Url
X-BBXSRF
X-Backend-State
X-GZip
X-Cdn-Srv
ServerName
Platform
Adler-Geo
X-Variation
X-Owner
X-RateLimit-Reset
Cteonnt-Length
FNAC-ModuleRouting
Is-Eu
X-Auto-Login
X-Server-Time
X-Real-Ip
X-CACHE-KEY
X-CACHE-GROUP
Section-Io-Cache
Powered-By
X-CUA
X-CDN-Forward
X-Varnish-Beresp-Ttl
X-Org
Server-ID
Pragrma
Gh-Request-Id
X-Dc
MIME-Version
X-Stale
X-Svr
X-Passed-To-BeforeDispatch
X-Returned-From-PostProcessResponse
X-Returned-From-DLL
X-Returned-From-BeforeDispatch
X-Returned-From
X-Pjax-Url
X-Server-By
X-Passed-To
X-Passed-To-DLL
X-Passed-To-PostProcessResponse
X-Original-Request
X-Nc
X-Apm-Inst-Hash
X-Parent-Response-Time
V-Age
X-FPC
REQUESTUUID
X-Apm-Svc-Key
X-Cdn-Origin
Fastcgi-Useragent
X-NC
X-Sn-Servicetimems
X-Load-Cache
Viewtype
X-Apm-App-Name
VivaBuild
X-Aicache-OS
X-Actual-URL
X-Croise-Owner
X-VServer
X-HS-Cache-Config
Host-ID
X-ND-Cache
X-Geo
Rt-Proxy-Cache
X-Ua-Device
X-Gdpr
X-Served-From
X-Edge-Server
Cdn-Host
X-Exp-Se
X-Unique-ID
Cdn-Request-Time
Cache
PICS-Label
X-CSRF-TOKEN
X-Microcachable
X-B3-Parentspanid
X-Oss-Request-Id
Memory
X-Oss-Storage-Class
X-Oss-Server-Time
X-Oss-Object-Type
HostName
SID
Time
X-Servedbyhost
X-Oss-Hash-Crc64ecma
Mime-Version
Resin-Trace
X-Wa
X-DC
Wxu-Next-Hostname
X-Git-Hash
Wxu-Next-Commit
Wxu-Next-Region
X-V
CF-IPCountry
ProcessTime
X-Newrelic-Synthetics
X-Req
X-From-Cache
X-Tb-Optimization-Total-Bytes-Saved
X-Cache-HT
AR-SID
X-Optimization
X-Lb-Id
Odigeo-Trace-Id
X-Varnish-Beresp-TTL
Cf-Ipcountry
X-Release
X-HTML-Minification-Powered-By
XServer
X-Fstrz
X-TH-Server
Cdn
X-Atg-Version
X-Host-Name
X-Phone
X-WebServer
X-Response-By
Proxy-Firewall
Processtime
Public-Key-Pins-Report-Only
X-ID
CF-Cached-On
X-Instart-Info
X-APP
GMS-Ver
X-WR-MODIFICATION
X-Ratelimit-Remaining
Backend-Name
X-Vcl-Version
X-Upstream-HT
X-Daa-Tunnel
WZWS-RAY
X-LB-ID
X-Fastly-Backend-Reqs
X-Ratelimit-Limit
X-Upstream-CT
Fastcgi-X-Cache-Version
X-CLOUD-TRACE-CONTEXT
X-GEO
X-CACHE-AGE
X-Worker
X-Zone
189phosttRef
219prxHost
178proxuri
X-WA
X-Vcache
X-Nananana
188prxHost
225prxHost
X-Amz-Meta-Surrogate-Control
409pxxline
Xxline
X-Server-W
X-NGINX-Cache
355prline
352pxline
286prxHost
X-B3-SpanId
X-Check-Cacheable
X-URL
X-CSRF-Token
X-Ratelimit-Reset
X-UE-Client-Country
X-HS-Status
Mobile-Detection-Method
X-Clientip
Countrycode
X-IPS-LoggedIn
X-We-Are-Hiring
GW-Server
Version
Lb
X-Fastly-Country-Code
X-Backend-TTL
SS
Pics-Label
Geoip-Latitude
X-Hyper-Cache
SN
GeoIp-Country-Code
X-ServedByHost
Ohc-File-Size
DataCenter
Geoip-City
Esi-Enabled
X-SERVER-NAME
X-VCL-Version
X-Dynatrace
X-SRV
X-GZIP
URI
X-HS-Combine-CSS
X-Request-Start
X-UPSTREAM-Address
FSS-Proxy
X-BE
FSS-Cache
X-Render-Time
X-PF-Uncompressing
X-Contensis-Viewer-Groups
X-AssetVersion
Serverid
X-Akamai-Request-ID2
X-GDPR
Accept-Language
GeoIP-City
X-Via-Ucdn
WP-Super-Cache
X-Be
GeoIP-Country-Code
X-LiteSpeed-Cache-Control
X-CS
GeoIP-Latitude
X-Unique-Id
X-Vtex-Remote-Cache
X-Fpc
X-Vtex-Processado-Em
X-NWS-UUID-VERIFY
X-ZONE
Ohc-Cache-HIT
CDN
X-Gen-Id
X-PJAX-URL
X-HostName
X-FORWARDED-FOR
Dynatrace
Amp-Access-Control-Allow-Source-Origin
X-ABtesting
X-Flog
X-UCC
X-Fastly-Cache-Hits
X-Pf-Uncompressing
X-RequestId
X-Via-NSCOPI
Locale
X-Urbn-Context-Path
RequestUuid
X-Html-Edge-Cache
Cneonction
X-Reqid
X-Urbn-Site-Id
X-Hello
X-Cache-Ttl
X-Cdn-Cache
X-Varnish-Action
X-LiteSpeed-Tag
Who
Accept-Ch
A
X-Store
X-Request-Url
Server-Id
X-Akamai-SSL-Client-Sid
X-Bug-Bounty
X-Varnish-URL
IBM-Web2-Location
NnCoection
Frontcache
Is-Session-Tracking
Get-Access-Time
X-Port
X-Serial
X-Cache-URL
X-EC-Lua
X-ServerName
X-HTML-Edge-Cache
X-Cdn-Request-ID
Ohc-Response-Time