Threat Level: green Handler on Duty: Russ McRee

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
X-Powered-By
Link
ETag
CF-RAY
X-XSS-Protection
Expect-CT
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
CF-Cache-Status
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-AspNet-Version
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-Xss-Protection
X-Drupal-Cache
X-Adblock-Key
Alt-Svc
X-Check
X-Cacheable
X-Request-ID
Content-Security-Policy-Report-Only
X-Cache-Status
X-Generator
CF-Ray
X-DNS-Prefetch-Control
X-Permitted-Cross-Domain-Policies
X-AspNetMvc-Version
X-Template
X-Language
Status
X-Iinfo
Content-Encoding
Timing-Allow-Origin
X-FRAME-OPTIONS
X-Content-Security-Policy
X-Buckets
Upgrade
Xkey
X-Turbo-Charged-By
X-Kinja-Server-Push
X-CDN
Keep-Alive
Access-Control-Expose-Headers
X-Backend
X-Cache-Group
Access-Control-Max-Age
X-Pass-Why
X-AH-Environment
X-Drupal-Dynamic-Cache
X-Age
X-Ua-Compatible
X-Pingback
X-Server
X-Via
X-Proxy-Cache
Grace
X-Amz-Request-Id
X-Amz-Id-2
X-Hacker
X-Varnish-Cache
X-Page-Speed
X-Server-Powered-By
X-Robots-Tag
X-Nginx-Cache-Status
WPE-Backend
X-UA-Device
EagleId
Request-Context
X-Envoy-Upstream-Service-Time
P3p
Cf-Railgun
X-Amz-Version-Id
X-LiteSpeed-Cache
X-Swift-CacheTime
X-Swift-SaveTime
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-OneAgent-JS-Injection
X-Device
Ali-Swift-Global-Savetime
X-WebKit-CSP
Server-Timing
Allow
X-Ac
X-Rq
X-Node
X-Host
X-Server-Id
Content-Location
Feature-Policy
X-CST
X-Cnection
X-Response-Time
Report-To
X-Backend-Server
X-Cloud-Trace-Context
EagleEye-TraceId
Surrogate-Control
X-Application-Context
X-ORACLE-DMS-ECID
X-Iejgwucgyu
X-Url
X-Readtime
X-Origin-Cache
Request-Id
X-Rack-Cache
X-Type
X-Country
X-FTR-Request-ID
X-Cache-Lookup
X-Clacks-Overhead
X-Country-Code
Rating
NEL
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Instart-Request-ID
X-Ruxit-JS-Agent
X-Vhost
X-DynaTrace
Pinterest-Generated-By
X-Mod-Pagespeed
X-Origin-Upstream-Status
X-DataDome
Edge-Control
X-Px
X-Goog-Hash
X-Upstream-Env
X-Server-Name
Verso
X-HW
X-Dispatcher
X-ORACLE-DMS-RID
Accept-CH
X-Cdn
MS-Author-Via
X-ESI
X-VARITI-CCR
AR-CACHE
AR-PoweredBy
AR-ATIME
PB-PID
X-Mobile-Rewrite
PB-RID
X-MS-InvokeApp
Arc-Version
X-DataStream-Cache-Status
X-Use-Magma
X-Kinja-Server
X-Kinja-Build
X-Exp-Variant
X-Exp-Id
X-Cdn-Fetch
X-GoogleNews-Bot
X-Kinja
X-Kinja-Revision
X-GitHub-Request-Id
X-Cached
X-Version
X-Powered-By-Plesk
Content-MD5
Public-Key-Pins
Charset
X-TTL
X-Recruiting
Service-Worker-Allowed
AR-Request-ID
RTSS
Ar-Sid
X-Abt-Application-Version
Accept-CH-Lifetime
X-PC
X-TtlSet
X-Vname
X-Amz-Server-Side-Encryption
X-Ser
X-Navigation-Version
X-D2id
X-Varnish-TTL
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Vcap-Request-Id
X-Forwarded-Proto
X-Trace
X-Client-IP
SPRequestGuid
X-DynaTrace-JS-Agent
Nginx-Cache
X-Server-ID
X-FTR-Backend-Server
X-FTR-Realm
X-Country-Code-Real
X-FTR-Balancer
X-FTR-Cache-Status
X-FTR-Backend
X-FTR-DC
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Goog-Metageneration
X-FTR-Expires
X-Amz-Meta-S3cmd-Attrs
S
X-Amz-Rid
X-SharePointHealthScore
X-VCache
DynaTrace
X-Debug
X-Fastly-Request-ID
X-XRDS-Location
TCN
X-Hits
Arr-Disable-Session-Affinity
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Dw-Request-Base-Id
X-Shield-Request-Id
Pinterest-Version
X-Upstream-Proxy
X-Pinterest-Rid
SPRequestDuration
X-Akam-SW-Version
SPIisLatency
X-Oracle-Dms-Rid
X-T
Access-Control-Request-Method
X-Powered-CMS
X-FTR-Cache-Host
X-SERVER
X-Goog-Storage-Class
X-B3-TraceId
X-Id
X-Aspnet-Version
X-NF-Request-ID
X-Acc-Meta-Resource-Type
Front-End-Https
Realpath
Tracecode
X-Amzn-Trace-Id
X-MSEdge-Ref
X-Webkit-CSP
Fastcgi-Cache
X-Dns-Prefetch-Control
X-Varnish-Age
X-N
X-Content-Type
Paypal-Debug-Id
X-Forwarded-For
X-Ttl
X-Upstream
Alternate-Protocol
X-Mrf-Item-Lastmod
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
X-Mrf-Section-Lastmod
X-Fastcgi-Cache
X-RateLimit-Remaining
X-Frontend
X-PressLabs-Stats
X-Logged-In
X-HS-Content-Id
X-HS-Hub-Id
Fusion-Source
Fusion-Content-Id
Fusion-Component-Id
Fusion-Content-Source
Fusion-Template-Id
X-Content-Digest
X-Cache-Key
X-Litespeed-Cache
X-Sol
X-Middleton-Display
Display
X-Srv
Response
X-Middleton-Response
X-Hostname
AMP-Access-Control-Allow-Source-Origin
X-Accel-Expires
X-Pad
Host
MicrosoftSharePointTeamServices
X-B3-Traceid
Server-Name
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
X-Kinsta-Cache
X-Analytics
Backend-Timing
X-Correlation-Id
X-Content-Options
X-Debug-Info
X-Revision
X-User-Agent
X-LB-Cache
X-Rid
X-Cache-2
X-Cache-Hit
X-IPLB-Instance
X-B3-Sampled
FilterID
Accept-Charset
X-Amz-Apigw-Id
Surrogate-Key
X-Amzn-RequestId
Refresh
X-Az
X-Activity-Id
X-AppVersion
X-Accel-Buffering
ServerID
X-B
Powered-By-ChinaCache
X-CF-Powered-By
X-Grace
X-DIS-Request-ID
X-Page-Id
X-Whom
X-Request-Received
Server-Info
X-Request-Processing-Time
TP-L2-Cache
TP-Cache
Host-Header
MS-CV
X-PHP-Backend
X-Cached-By
Cache-Status
X-Ruxit-Js-Agent
X-Content-Security-Policy-Report-Only
X-Varnish-Backend
Source
X-Origin-Server
X-TT
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Cache-Action
X-App-Environment
X-Kong-Upstream-Latency
X-Akamai-Edgescape
X-Kong-Proxy-Latency
X-Amz-Replication-Status
X-Tumblr-User
X-UA-Device-Type
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Framework
X-Platform-Server
X-F-Cache
X-Cluster
X-Varnish-Grace
X-GUploader-UploadID
Access-Control-Allow-Method
X-Content-Powered-By
X-Mobile
X-Instance
X-Request-Guid
X-Drupal-Cache-Tags
X-FW-Server
X-FW-Hash
X-FW-Serve
X-FW-Type
X-FW-Static
X-FB-Debug
X-RateLimit-Limit
X-FastCGI-Cache
X-SS-Set-Cookie
PageSpeed
X-Zen-Fury
X-Geo-Country
X-Forwarded-Host
X-Ezoic-Cdn
X-Shard
X-Handled-By
Edge-Cache-Tag
X-Cache-TTL
X-Magnolia-Registration
X-Node-Name
From-Origin
X-Varnish-Hostname
X-ATG-Version
X-Cache-Age
Cache-Tags
X-TA-CDN-Provider
X-Varnish-Server
X-App-Server
DC
X-BCube-Filmed-By
Cleartype
X-Cache-Control
Fastly-Restarts
X-AOL-HN
Upgrade-Insecure-Requests
Healthy
X-Cache-Rule
Payment
X-Region
X-RequestSource
X-Response-Served-From
Server-Node
X-WebKit-CSP-Report-Only
X-TX-ID
X-Signature
X-B-Cache
X-Adobe-Content
X-Adobe-Loc
Country
X-Generated-By
Actual-Object-TTL
X-GeoIP
X-Storage
X-TT-TIMESTAMP
X-UUID
Webserver
Filters
X-VG-WebCache
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-Redis-Cache
X-RTag
Cache-Tv-Group
Ms-Operation-Id
X-Jobs
X-Drupal-Cache-Contexts
X-Locale
X-XRDS-LOCATION
X-Content-Age
X-Varnish-Hits
X-FW-Dynamic
X-Cacheable-TTL
NGB
Retry-After
Powered
CACHE
GEO-INFO
ServedBy
X-Esi
Frame-Options
Liferay-Portal
X-Contextid
X-Oneagent-Js-Injection
HitType
X-WA-Info
X-Rendered-As
X-Seen-By
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Real-IP
X-Varnish-IP
X-Cache-TTL-Remaining
X-Cache-NE
X-Via-JSL
S-Cnection
X-Guploader-Uploadid
Viewport
Eomportal-Instance
X-RemovedCookies
X-ProcessESI
X-Time
X-Upgrade-Enabled
X-Mode
X-Cache-Server
X-Cache-Operation
Xserver
X-GRACE
X-Newrelic-App-Data
X-BACKEND-TTL
X-Varnish-Cache-Hits
X-Wix-Server-Artifact-Id
Mn-Server-Ip
X-Proxied
X-RN-RSRV
X-Routing-Service
Content-Style-Type
X-Device-Type
X-Proto
X-Hl-Ver
X-Path-Route
X-From
X-ES-SERVER
Content-Script-Type
OT-Force-Account-Verify
Meta-Geo
X-Is-Bot
X-Cache-Var-Map
X-Cache-Var
X-Detected-As
Load-Balancing
Cache-Hits
X-Zipkin-Id
Cache-Key
X-Cache-Enabled
Machine
X-S
NtCoent-Length
Datacenter
Vix-Hermes-Req-Id
TWC-Connection-Speed
Property-Id
X-Akamai-Transformed
TWC-Device-Class
TWC-GeoIP-LatLong
X-Tb
TWC-GeoIP-Country
TWC-Privacy
Mail-Subject
X-Proxy
X-Origin-Hint
Access-Control-Request-Headers
X-LJ-Flow-ID
X-L-Path
NGX
We-Hiring
L5d-Success-Class
X-Hosted-By
TWC-Locale-Group
X-VG-TLSProxy
X-FB-TRIP-ID
X-AWS-Id
X-Backend-Name
X-Cache-Config
X-FC-Vary-Parameters
X-Environment-Context
X-Viewer-Country
Webcakes-Region
X-VWS-Id
Webcakes-App-Name
Webcakes-App-Version
Azure-SlotName
Azure-Version
X-Birta-Cache-Post
Azure-RegionName
X-Loop
X-Birta-Served
X-Labrador-Cache-Channel
Azure-SiteName
X-Debug-Cache
Origin-Cache-Control
Origin-Edge-Control
X-Access
S-Rt
Now
X-Akamai-Request-ID
DB-Nickname
X-Format
X-EIG-Tracking-Id
X-MP-GENERATED-AT
Azure-InstanceId
X-Tumblr-Pixel-3
X-TNCMS
X-ServerID
X-Section
X-Web-Node
X-RCS-CacheZone
X-Origin-Response-Time
X-NCache
X-FW-Version
X-Time-Microsecs
X-BYPASS-REASON
Cache-Tag
Selected-FE
X-Trace-Id
X-Via-CDN
X-Via-Fastly
X-Human
X-NWS-LOG-UUID
X-Xfnlog-Site
X-Rocket-Nginx-Bypass
X-Timing-Wait
X-Endurance-Cache-Level
X-ProxyCache-Status
X-PCL
X-CCM
X-ProxyCache-Key
X-Proxy-Build
X-OCL
X-JoinUs
X-IP
X-Cache-Category-Id
X-Internal-Host
Uber-Trace-Id
X-Varnish-Cacheable
X-Www-Served-By
X-Vgn-Hpd-Reason
X-Generated
X-Site-Version
X-Grey
X-Status
Served-By
X-Dynatrace-Js-Agent
X-R9-Blue-Green-Version
X-VC-Cache
Decoy-Debug-TTL
Decoy-Debug-Key
Decoy-Debug-Status
LB
X-Cache-Remote
X-Rule
X-UnsetCookies
X-EdgeConnect-Cache-Status
X-UA
Release
ViewerVersion
X-Wix-Request-Id
X-CDN-Cache
AsisCache
Nel
X-Origin-Host
X-Cluster-Node
X-Sucuri-ID
Rt-Fastcgi-Cache
X-TIME
X-App-Name
X-PERF
X-ApacheServer
X-Datadome
X-Ua
X-Source
X-Request-Time
X-Nginx-Cache
X-Agile
X-App-Version
X-Agile-Id
X-B3-Spanid
X-APP-VERSION
X-Agile-Age
User-Agent
Cache-Name
X-Hit
X-Origin
X-Goog-Meta-Goog-Reserved-File-Mtime
X-NewRelic-App-Data
X-OVcl-Cache
X-OVcl
X-VCT
DSUID
SRV
Warning
X-Origin-CC
X-Edge-Location
X-Origin-TTL
X-ElasticPress-Search
X-Varnish-Authentication
X-A-Dam
X-VG-WebServer
X-A
X-A-Ccd
Ajk
X-Var-Ttl
X-Application
X-Twitter-Response-Tags
X-Trv-Group
X-Aed
X-Accel-Expires-Debug
X-A-Dgt
X-Up
X-A-Wwc
X-A-Dcw
Request-Time
MD5-Digest
Memcached
Meta-Geo-Continent
Node
Lfy
Fly-Request-Id
Cross-Origin-Window-Policy
Ec-Rule-Version
BehaviorPad-Version
Fly-Cache
On-Server
X-Transaction
Request-EU
Cache-Prefix
Server-Cache-Control
Server-Surrogate-Control
X-Webstats-RespID
Xc-Version
Origin
Rendered-Blocks
Request-Country
Arc-Country
X-Secret
X-Generated-In
X-Hp-Webp
X-Gannett-Site-Version
X-G
X-F5-Cache
X-IN-APIGATEWAY
X-IN-WAF
X-NodeID
X-Mobile-URL
X-Logtrace-Id
X-Instart-Isnd
X-External-Request-Id
X-DPWN-IS-SECURE
X-Date
X-D
X-Debug-Cache-Expiry
X-Debug-Cache-Fetch
X-Debug-Cookies
X-Core-Value
X-Debug-Log
X-CF-Lambda-Version
X-Developer
X-Destination
X-Connection-Hash
X-CF-Lambda-Fn
X-Cache-Miss-From
X-Debug-Cache-Store
X-Sedo-Request-Id
X-ScT
X-S-Cookie
X-Rojux
X-Cache-Expires
X-Cache-ASPX
X-Server-Group
X-ARC
X-B-Cookie
X-BB-ID
X-Rewrite-Enabled
X-Request-UUID
X-PAYTM-SRV-ID
X-NX-Host
X-Cache-Info
X-NU-AKA-ACS-Version
X-Platform
X-Processor
X-Region-Sid
X-Refresh
X-Pubstack
X-Cache-Grace
X-SRCache-Key
Www
X-Ocache
Hostname
X-WPE-Loopback-Upstream-Addr
X-Varnish-Ttl
Cache
X-Cache-Backend
User-Cache-Control
X-Eu-Site
X-Distributor
X-Epic-Correlation-Id
Proxy-Connection
X-Device-Os
X-Dispatcher-Server
X-Distil-CS
X-Gen-Mode
Pramga
X-Hash
X-LAGOON
X-Li-Fabric
X-Li-Pop
X-LI-Proto
X-Key
X-Irp-Debug
X-Geo-Header
X-Hnp-Log
X-Info
Pagetype
RNT-Machine
True-Client-Country-4JS
X-C
Thinkindot-Control
Thinkindot-CacheControl-Type
UCS
X-Block-Status
X-Amzn-Remapped-Connection
X-Amzn-Remapped-Date
X-Ah-Environment
Web-Mar-Node
Thinkindot-CacheControl
X-Cache-Bucket
X-Crawler
RNT-Time
X-LI-UUID
X-Edge-IP
X-CGP
X-Cdn-Srv
X-Cache-Host
ServerName
X-Cache-Id
Server-Int
X-Developers
Kp-EeAlive
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
X-Servername
Backend
Cache-Cookie-Set-Lfrom
CDCHOST
X-RateLimit-Remaining-Second
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-Request-URI
X-Sucuri-Cache
Apple-News-Services-Request-Url
X-SN
X-Swa-Ws
X-Thinkindot-L3
X-TT-LOGID
X-SIPLIST1
X-Sf
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Apple-News-Services-Handled
X-Location
Country-Code
HA-Ipaddr
Ha-Gx-Prefs
FNAC-ModuleRouting
X-Origin-Date
X-No-Session
X-Nginx-Cache-Key
X-Matched-Rule
IsBot
X-Micro-Cache
X-RateLimit-Limit-Second
X-Origin-Expires
Fastly-SIE
X-Proxy-Cache-Status
X-Proxy-Upstream
X-Qloud-Router
X-Page-Type
X-Protected-By
Fastly-SWR
X-Cdn-Forward
X-Policy
X-PHP-Host
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
Pagespeed
Cteonnt-Length
X-FireWall-Port
X-S-Maxage
X-Reboot
X-Via-Edge
X-Sorting-Hat-ShopId
X-Variation
N-Cache
X-GeoIP-Country-Code
X-Core-Mission
Server-Host
Fastly-Backend-Name
X-Cms-Context
X-Thanos
X-GeoIP-City
SD-X-WS
X-Via-SSL
X-Gateway-Cache-Key
Platform
X-Fastly-Cache
X-ShopId
AKAMAI
X-ShardId
X-Gateway-Cache-Status
X-Shopify-Stage
Adler-Geo
X-Sorting-Hat-PodId
X-Server-IP
X-Skip-Cache
X-Gateway-Skip-Cache
X-ServiceProvider
Magicmarker
Content-Disposition
X-Auto-Login
Fastly-SSL
X-Wikidot-Backend
X-Backend-Host
Fastly-Soc-X-Request-Id
X-Backend-State
X-Wikidot-Static-Cache
X-Planisys-CDN-TTL
X-Planisys-CDN-Cache
X-User
X-Alternate-Cache-Key
X-Amz-Meta-Cache-Control
X-Planisys-CDN-Rules
X-BBXSRF
X-Backend-Url
X-Cache-Debug
X-MSEdge-Features
X-Cache-FS-Status
Is-Eu
X-TrackingId
X-Varnish-Url
HTTPS
X-MSEdge-Flight
Heartbleed
X-Bip
X-NC
X-GZip
X-Fetched-On
Gh-Request-Id
X-Generated-On
X-Owner
X-Server-Time
X-Level-Front-Cache
X-Amzn-Remapped-Content-Length
X-RateLimit-Reset
X-Real-Ip
MIME-Version
X-Node-Id
V-Age
X-Apm-App-Name
Server-ID
X-Apm-Inst-Hash
X-Apm-Svc-Key
X-FPC
X-Cdn-Origin
X-Sn-Servicetimems
X-ND-Cache
X-Org
X-Geo
Rt-Proxy-Cache
X-Exp-Se
X-Varnish-Beresp-Ttl
VivaBuild
HostName
Viewtype
Powered-By
X-Pjax-Url
X-Served-From
X-Gdpr
REQUESTUUID
X-CDN-Forward
X-CUA
Pragrma
X-Aicache-OS
Section-Io-Cache
X-Parent-Response-Time
X-Returned-From-PostProcessResponse
X-Passed-To-PostProcessResponse
X-Stale
X-Passed-To-BeforeDispatch
X-DC
X-B3-Parentspanid
X-CSRF-TOKEN
X-Actual-URL
X-Returned-From
X-Returned-From-BeforeDispatch
X-Passed-To
X-Returned-From-DLL
X-Svr
X-Passed-To-DLL
X-Original-Request
X-Load-Cache
X-Dc
X-Server-By
X-Git-Hash
CF-IPCountry
Host-ID
X-VServer
Memory
X-Croise-Owner
Wxu-Next-Region
Time
X-HS-Cache-Config
Wxu-Next-Hostname
Wxu-Next-Commit
X-Nc
Cdn-Host
Cdn-Request-Time
X-Edge-Server
PICS-Label
X-CACHE-KEY
X-Servedbyhost
X-Wa
X-Oss-Storage-Class
Resin-Trace
X-Oss-Server-Time
Fastcgi-Useragent
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Unique-ID
X-Oss-Request-Id
ProcessTime
X-Release
X-Tb-Optimization-Total-Bytes-Saved
X-Microcachable
SID
X-Host-Name
X-Newrelic-Synthetics
Mime-Version
AR-SID
X-Cache-HT
X-Optimization
X-From-Cache
X-WebServer
X-TH-Server
X-Daa-Tunnel
X-Varnish-Beresp-TTL
X-Req
Cdn
X-V
X-Lb-Id
Cf-Ipcountry
X-Instart-Info
X-Phone
Odigeo-Trace-Id
X-Upstream-CT
X-Atg-Version
CF-Cached-On
X-Upstream-HT
Proxy-Firewall
XServer
X-HTML-Minification-Powered-By
X-Fastly-Backend-Reqs
X-APP
Backend-Name
X-Backend-TTL
X-WR-MODIFICATION
X-B3-SpanId
X-ID
Processtime
X-Fstrz
X-Worker
X-LB-ID
X-Ratelimit-Remaining
Xxline
188prxHost
219prxHost
X-Vcl-Version
178proxuri
X-Response-By
286prxHost
352pxline
225prxHost
X-Ratelimit-Limit
189phosttRef
355prline
409pxxline
X-CACHE-AGE
X-CLOUD-TRACE-CONTEXT
X-IPS-LoggedIn
X-Server-W
GMS-Ver
X-Check-Cacheable
X-Nananana
Version
X-Zone
Public-Key-Pins-Report-Only
X-Vcache
X-NGINX-Cache
WZWS-RAY
X-WA
Esi-Enabled
X-VCL-Version
X-UPSTREAM-Address
Fastcgi-X-Cache-Version
X-Ratelimit-Reset
X-URL
X-Akamai-Request-ID2
SN
X-ServedByHost
X-Amz-Meta-Surrogate-Control
Pics-Label
X-Contensis-Viewer-Groups
X-CSRF-Token
GW-Server
GeoIP-Country-Code
GeoIP-City
Accept-Language
X-GEO
X-HS-Status
GeoIP-Latitude
X-AssetVersion
X-Hyper-Cache
DataCenter
X-SERVER-NAME
X-We-Are-Hiring
Lb
X-UE-Client-Country
X-Fastly-Country-Code
Geoip-Latitude
Mobile-Detection-Method
Countrycode
X-Clientip
GeoIp-Country-Code
X-ZONE
X-Dynatrace
Geoip-City
X-Render-Time
X-Request-Start
SS
X-Be
X-Microsite
X-Request-Handler-Origin-Region
X-BE
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
X-RequestId
X-Via-Ucdn
Ohc-File-Size
WP-Super-Cache
X-Cdn-Cache
X-NWS-UUID-VERIFY
URI
X-Via-NSCOPI
Locale
X-CS
X-GDPR
X-Urbn-Context-Path
X-LiteSpeed-Cache-Control
X-Reqid
X-Urbn-Site-Id
X-Unique-Id
X-GZIP
FSS-Cache
CDN
FSS-Proxy
X-ABtesting
X-PJAX-URL
X-Hello
X-Gen-Id
X-Flog
X-PF-Uncompressing
X-HS-Combine-CSS
X-FORWARDED-FOR
Amp-Access-Control-Allow-Source-Origin
X-HostName
Dynatrace
X-SRV
FastCGI-Cache
IBM-Web2-Location
Dnion-Transfer-Encoding
X-Pf-Uncompressing
Cneonction
X-Fastly-Cache-Hits
X-Fpc
Serverid
X-Generation-Time
RequestUuid
X-Cache-Ttl
X-LiteSpeed-Tag
Server-Id
X-Store
X-Request-Url
X-Html-Edge-Cache
Accept-Ch
Requestid
X-Test
A
Ohc-Cache-HIT
X-Akamai-SSL-Client-Sid
X-NGENIX-Cache
X-Dw-Trace-Id
X-Bug-Bounty
X-Cluster-Name
X-Compress-Hint
Frontcache
Is-Session-Tracking
Get-Access-Time
X-Port
X-UCC
Ohc-Response-Time
X-Serial
X-ServerName
NnCoection
X-Cdn-Request-ID
X-HTML-Edge-Cache
X-EC-Lua