Threat Level: green Handler on Duty: Russ McRee

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
X-Powered-By
Link
ETag
CF-RAY
X-XSS-Protection
Expect-CT
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
CF-Cache-Status
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-Xss-Protection
X-Drupal-Cache
X-Adblock-Key
Alt-Svc
X-Check
X-Cacheable
Content-Security-Policy-Report-Only
X-Cache-Status
X-Generator
X-Request-ID
CF-Ray
X-DNS-Prefetch-Control
X-Permitted-Cross-Domain-Policies
X-AspNetMvc-Version
X-Template
X-Language
Status
X-Iinfo
Content-Encoding
Timing-Allow-Origin
X-Content-Security-Policy
X-FRAME-OPTIONS
X-Buckets
Upgrade
Xkey
X-Turbo-Charged-By
X-Kinja-Server-Push
X-CDN
Keep-Alive
Access-Control-Expose-Headers
X-Backend
Access-Control-Max-Age
X-Cache-Group
X-Pass-Why
X-AH-Environment
X-Drupal-Dynamic-Cache
X-Age
X-Ua-Compatible
X-Pingback
X-Server
X-Via
X-Proxy-Cache
Grace
X-Amz-Id-2
X-Amz-Request-Id
X-Hacker
X-Varnish-Cache
X-Page-Speed
WPE-Backend
X-Robots-Tag
X-Server-Powered-By
X-Nginx-Cache-Status
X-UA-Device
EagleId
Request-Context
X-Envoy-Upstream-Service-Time
Cf-Railgun
P3p
X-Amz-Version-Id
X-LiteSpeed-Cache
X-Swift-CacheTime
X-Swift-SaveTime
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-OneAgent-JS-Injection
Ali-Swift-Global-Savetime
X-Device
X-WebKit-CSP
Server-Timing
Allow
X-Ac
X-Rq
X-Node
X-Server-Id
X-Host
Content-Location
Feature-Policy
X-Cnection
X-CST
X-Response-Time
Report-To
X-Backend-Server
X-Cloud-Trace-Context
EagleEye-TraceId
X-Application-Context
Surrogate-Control
X-ORACLE-DMS-ECID
X-Iejgwucgyu
X-Url
X-Readtime
X-Origin-Cache
Request-Id
X-Rack-Cache
X-Type
X-Country
X-FTR-Request-ID
X-Cache-Lookup
X-Clacks-Overhead
X-Country-Code
NEL
Rating
X-Instart-Request-ID
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Ruxit-JS-Agent
X-Vhost
X-DynaTrace
Pinterest-Generated-By
X-Cdn
X-Mod-Pagespeed
X-Origin-Upstream-Status
X-DataDome
Edge-Control
X-Px
X-Goog-Hash
X-HW
X-Server-Name
Verso
X-Upstream-Env
X-ORACLE-DMS-RID
Accept-CH
X-Dispatcher
MS-Author-Via
AR-PoweredBy
X-VARITI-CCR
AR-CACHE
AR-ATIME
PB-PID
Arc-Version
PB-RID
X-Mobile-Rewrite
X-MS-InvokeApp
X-GitHub-Request-Id
X-Kinja-Server
X-Use-Magma
X-Kinja-Revision
X-Exp-Variant
X-GoogleNews-Bot
X-Kinja
X-Kinja-Build
X-Exp-Id
X-Cdn-Fetch
X-DataStream-Cache-Status
X-ESI
X-Cached
X-TTL
X-Version
Public-Key-Pins
X-Powered-By-Plesk
Content-MD5
Charset
Service-Worker-Allowed
X-Recruiting
AR-Request-ID
RTSS
Ar-Sid
Accept-CH-Lifetime
X-Abt-Application-Version
X-D2id
X-Navigation-Version
X-Vname
X-PC
X-TtlSet
X-Amz-Server-Side-Encryption
X-Ser
X-Varnish-TTL
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Vcap-Request-Id
X-Forwarded-Proto
X-Trace
X-Client-IP
SPRequestGuid
Nginx-Cache
X-DynaTrace-JS-Agent
X-FTR-Backend-Server
X-FTR-Cache-Status
X-Country-Code-Real
X-FTR-Backend
X-FTR-Realm
X-FTR-DC
X-FTR-Balancer
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-FTR-Expires
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-Server-ID
X-Amz-Rid
S
X-XRDS-Location
X-Amz-Meta-S3cmd-Attrs
X-VCache
X-Fastly-Request-ID
X-Webkit-CSP
X-SharePointHealthScore
DynaTrace
X-Debug
TCN
X-Hits
Arr-Disable-Session-Affinity
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Dw-Request-Base-Id
X-TEC-API-ORIGIN
X-Shield-Request-Id
X-Upstream-Proxy
Pinterest-Version
X-Pinterest-Rid
X-Akam-SW-Version
SPRequestDuration
SPIisLatency
X-Powered-CMS
Access-Control-Request-Method
X-B3-TraceId
X-T
X-FTR-Cache-Host
X-Goog-Storage-Class
X-Oracle-Dms-Rid
X-Id
Realpath
X-NF-Request-ID
X-SERVER
X-Acc-Meta-Resource-Type
Tracecode
Front-End-Https
X-MSEdge-Ref
X-Amzn-Trace-Id
X-Aspnet-Version
Fastcgi-Cache
X-N
X-Varnish-Age
X-Content-Type
X-Forwarded-For
Paypal-Debug-Id
X-Upstream
X-Dns-Prefetch-Control
X-Fastcgi-Cache
MRF-Tech
X-Mrf-Item-Lastmod
X-B3-TraceId-Primal
Mrf-Cache-Status
X-Mrf-Section-Lastmod
X-Ttl
Alternate-Protocol
X-Frontend
X-PressLabs-Stats
X-Logged-In
X-RateLimit-Remaining
X-HS-Hub-Id
X-Content-Digest
X-HS-Content-Id
Fusion-Content-Source
Fusion-Component-Id
Fusion-Content-Id
Fusion-Source
Fusion-Template-Id
X-Cache-Key
X-Sol
X-Middleton-Display
Display
Response
X-Srv
X-Hostname
X-Middleton-Response
AMP-Access-Control-Allow-Source-Origin
X-Pad
X-Litespeed-Cache
X-Accel-Expires
Host
MicrosoftSharePointTeamServices
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
Server-Name
X-Kinsta-Cache
Backend-Timing
X-Correlation-Id
X-Analytics
X-Content-Options
X-LB-Cache
X-Debug-Info
X-Revision
X-User-Agent
X-Cache-2
X-Rid
X-IPLB-Instance
X-B3-Traceid
X-Amzn-RequestId
X-Cache-Hit
X-AppVersion
X-B3-Sampled
X-Az
X-Activity-Id
X-Amz-Apigw-Id
FilterID
Accept-Charset
Surrogate-Key
ServerID
Refresh
X-Accel-Buffering
X-B
X-CF-Powered-By
Powered-By-ChinaCache
X-DIS-Request-ID
X-Page-Id
X-Grace
X-Whom
X-Request-Processing-Time
X-Request-Received
Server-Info
TP-Cache
TP-L2-Cache
MS-CV
X-PHP-Backend
Host-Header
Cache-Status
X-GUploader-UploadID
X-Cached-By
X-Varnish-Backend
VIX-Pulpo-Upstream-Status
X-Akamai-Edgescape
X-F-Cache
X-Amz-Replication-Status
Source
VIX-Pulpo-Node
X-Cache-Action
X-App-Environment
X-TT
X-Origin-Server
X-Tumblr-User
X-UA-Device-Type
X-Tumblr-Pixel-0
X-Platform-Server
X-Cluster
X-Framework
X-Tumblr-Pixel
X-Content-Security-Policy-Report-Only
X-Content-Powered-By
X-Kong-Upstream-Latency
X-Varnish-Grace
X-Mobile
Access-Control-Allow-Method
X-Kong-Proxy-Latency
X-FW-Server
X-FW-Serve
X-FW-Static
X-FW-Type
X-Request-Guid
X-Instance
X-Drupal-Cache-Tags
X-FW-Hash
PageSpeed
X-FB-Debug
X-Ruxit-Js-Agent
X-SS-Set-Cookie
X-Forwarded-Host
X-RateLimit-Limit
X-Geo-Country
X-Zen-Fury
X-Ezoic-Cdn
X-Cache-TTL
X-Shard
Edge-Cache-Tag
X-Node-Name
X-Handled-By
X-Magnolia-Registration
X-FastCGI-Cache
From-Origin
X-TA-CDN-Provider
X-Varnish-Hostname
X-ATG-Version
X-Cache-Age
Cache-Tags
Fastly-Restarts
X-BCube-Filmed-By
X-Varnish-Server
X-App-Server
X-AOL-HN
X-Cache-Control
DC
Cleartype
Upgrade-Insecure-Requests
Healthy
X-Cache-Rule
X-Esi
Payment
Server-Node
X-Region
X-Signature
Filters
X-B-Cache
X-RequestSource
X-Response-Served-From
X-Adobe-Loc
X-TX-ID
Country
X-Adobe-Content
X-UUID
X-TT-TIMESTAMP
X-RTag
X-Storage
Actual-Object-TTL
Retry-After
X-Tumblr-Pixel-2
X-Generated-By
X-VG-WebCache
Ms-Operation-Id
Webserver
X-Tumblr-Pixel-1
X-WebKit-CSP-Report-Only
X-Redis-Cache
X-GeoIP
Cache-Tv-Group
X-FW-Dynamic
X-Jobs
X-Drupal-Cache-Contexts
X-Locale
X-Content-Age
X-Cacheable-TTL
X-Varnish-Hits
Powered
NGB
GEO-INFO
X-XRDS-LOCATION
ServedBy
Frame-Options
CACHE
Liferay-Portal
X-Contextid
HitType
X-WA-Info
X-Rendered-As
X-Oneagent-Js-Injection
X-Real-IP
X-Seen-By
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Varnish-IP
X-Cache-TTL-Remaining
X-Cache-NE
X-RemovedCookies
Eomportal-Instance
X-ProcessESI
X-Via-JSL
X-Time
X-GRACE
Viewport
S-Cnection
X-Upgrade-Enabled
X-Guploader-Uploadid
X-Mode
X-Cache-Operation
Xserver
X-Cache-Server
NtCoent-Length
X-Newrelic-App-Data
X-Varnish-Cache-Hits
Load-Balancing
X-Is-Bot
X-Cache-Var-Map
X-Path-Route
X-Proto
X-Cache-Var
Mn-Server-Ip
X-ES-SERVER
X-Device-Type
X-Detected-As
X-Akamai-Transformed
X-From
Cache-Key
X-Zipkin-Id
Meta-Geo
X-Cache-Enabled
Cache-Hits
X-Routing-Service
X-Proxied
X-RN-RSRV
OT-Force-Account-Verify
X-Hl-Ver
Machine
Datacenter
X-S
X-FC-Vary-Parameters
X-Proxy
X-Origin-Hint
X-Cache-Config
TWC-Device-Class
TWC-GeoIP-Country
Content-Style-Type
TWC-Locale-Group
X-NWS-LOG-UUID
TWC-GeoIP-LatLong
Property-Id
X-L-Path
X-Environment-Context
Mail-Subject
X-FB-TRIP-ID
L5d-Success-Class
Access-Control-Request-Headers
X-Hosted-By
Content-Script-Type
X-AWS-Id
NGX
X-LJ-Flow-ID
TWC-Connection-Speed
Webcakes-App-Version
Webcakes-App-Name
X-VG-TLSProxy
X-Viewer-Country
X-Tb
X-Backend-Name
Webcakes-Region
We-Hiring
X-VWS-Id
TWC-Privacy
Vix-Hermes-Req-Id
Azure-InstanceId
Azure-RegionName
Azure-SiteName
X-Rocket-Nginx-Bypass
X-Wix-Server-Artifact-Id
Now
X-Access
Azure-SlotName
Azure-Version
DB-Nickname
X-Birta-Served
X-Birta-Cache-Post
X-Format
X-FW-Version
X-Akamai-Request-ID
X-EIG-Tracking-Id
X-Time-Microsecs
Origin-Cache-Control
X-Origin-Response-Time
X-ServerID
X-Debug-Cache
X-BACKEND-TTL
X-Section
X-Tumblr-Pixel-3
S-Rt
X-RCS-CacheZone
X-NCache
X-Web-Node
Origin-Edge-Control
X-MP-GENERATED-AT
X-Labrador-Cache-Channel
X-TNCMS
X-Loop
X-BYPASS-REASON
Selected-FE
X-CCM
X-IP
X-Trace-Id
X-Timing-Wait
X-ProxyCache-Key
X-Proxy-Build
X-Via-CDN
X-Via-Fastly
X-Vgn-Hpd-Reason
Cache-Tag
X-Xfnlog-Site
X-PCL
X-ProxyCache-Status
X-JoinUs
X-Human
X-OCL
X-Internal-Host
X-Grey
X-Www-Served-By
X-Generated
X-Site-Version
Uber-Trace-Id
X-Cache-Category-Id
X-Endurance-Cache-Level
X-Varnish-Cacheable
X-Cache-Remote
X-R9-Blue-Green-Version
Decoy-Debug-Key
Decoy-Debug-Status
Decoy-Debug-TTL
X-Status
X-VC-Cache
LB
Served-By
X-Rule
X-Dynatrace-Js-Agent
X-UnsetCookies
X-EdgeConnect-Cache-Status
Release
X-UA
ViewerVersion
AsisCache
X-Wix-Request-Id
X-CDN-Cache
X-Cluster-Node
Rt-Fastcgi-Cache
X-Ua
Nel
X-Origin-Host
X-App-Name
X-Sucuri-ID
X-Request-Time
X-PERF
X-Source
X-Nginx-Cache
X-App-Version
X-ApacheServer
X-TIME
X-Datadome
X-Agile-Age
X-Agile
X-Agile-Id
X-Origin
X-OVcl-Cache
X-Goog-Meta-Goog-Reserved-File-Mtime
X-OVcl
X-Hit
X-VCT
Cache-Name
X-APP-VERSION
X-B3-Spanid
DSUID
X-NewRelic-App-Data
User-Agent
SRV
Cache
Warning
X-Origin-CC
X-ElasticPress-Search
X-Origin-TTL
X-WPE-Loopback-Upstream-Addr
X-S-Cookie
X-ARC
X-IN-APIGATEWAY
X-B-Cookie
X-Cache-ASPX
X-PAYTM-SRV-ID
MD5-Digest
X-Cache-Expires
Ec-Rule-Version
Cross-Origin-Window-Policy
X-Secret
X-BB-ID
X-Sedo-Request-Id
X-Server-Group
X-ScT
X-Accel-Expires-Debug
Ajk
X-Logtrace-Id
Server-Surrogate-Control
Www
X-A
X-Platform
UCS
X-Matched-Rule
Thinkindot-CacheControl
X-Mobile-URL
Thinkindot-CacheControl-Type
BehaviorPad-Version
Arc-Country
Thinkindot-Control
X-Processor
X-A-Ccd
X-Refresh
Server-Cache-Control
X-Region-Sid
X-Application
X-Rewrite-Enabled
X-Request-UUID
X-Aed
X-Cache-Grace
X-A-Dcw
X-A-Dam
X-A-Dgt
X-Pubstack
X-A-Wwc
X-Rojux
Request-EU
X-VG-WebServer
X-SRCache-Key
X-NU-AKA-ACS-Version
X-Varnish-Authentication
X-G
X-Instart-Isnd
Node
X-F5-Cache
Xc-Version
On-Server
X-NodeID
X-External-Request-Id
X-Webstats-RespID
X-Var-Ttl
X-Gannett-Site-Version
Memcached
X-Twitter-Response-Tags
X-Transaction
X-Hp-Webp
X-Trv-Group
X-Thinkindot-L3
X-Up
X-IN-WAF
Meta-Geo-Continent
X-NX-Host
X-Generated-In
Lfy
X-DPWN-IS-SECURE
Origin
X-Core-Value
X-Connection-Hash
Fly-Cache
Fly-Request-Id
X-Date
Request-Country
Cache-Prefix
X-Cache-Miss-From
X-Cache-Info
Request-Time
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Debug-Cache-Expiry
X-D
Rendered-Blocks
X-Destination
X-Debug-Cache-Fetch
X-Debug-Log
X-Debug-Cookies
X-Developer
X-Debug-Cache-Store
X-Cache-Backend
X-Cdn-Forward
X-Edge-Location
User-Cache-Control
Pagetype
RNT-Time
Server-Int
RNT-Machine
Server-Host
Proxy-Connection
ServerName
Pramga
X-Nginx-Cache-Key
X-Cache-Debug
X-Distributor
X-LAGOON
X-Distil-CS
X-Dispatcher-Server
X-Developers
X-Device-Os
X-Epic-Correlation-Id
X-Eu-Site
X-Hash
X-Hnp-Log
X-Gen-Mode
X-Info
X-Key
X-Irp-Debug
X-Li-Fabric
X-Crawler
X-Amzn-Remapped-Connection
X-Amzn-Remapped-Date
X-LI-UUID
X-Location
True-Client-Country-4JS
Web-Mar-Node
X-LI-Proto
X-Block-Status
X-CGP
X-Li-Pop
X-Cdn-Srv
X-Cache-Id
X-Cache-Bucket
X-Cache-Host
X-Micro-Cache
Country-Code
Hostname
FNAC-ModuleRouting
X-Policy
X-Protected-By
X-Proxy-Cache-Status
Apple-News-Services-Handled
Apple-News-Services-Host
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-From
Backend
Apple-News-Services-Parsed-Url
X-Proxy-Upstream
X-Ocache
X-ServiceProvider
X-Reboot
X-SIPLIST1
X-Sf
X-Servername
X-Request-URI
X-Rebelmouse-Surrogate-Control
X-RateLimit-Limit-Second
X-Qloud-Router
X-RateLimit-Remaining-Second
X-SN
X-Rebelmouse-Cache-Control
CDCHOST
Apple-News-Services-Request-Url
Fastly-SWR
Ha-Gx-Prefs
X-Page-Type
X-TT-LOGID
X-Origin-Date
X-Origin-Expires
X-Swa-Ws
Fastly-SIE
IsBot
Kp-EeAlive
HA-Ipaddr
X-PHP-Host
Cteonnt-Length
X-FireWall-Port
X-Varnish-Ttl
X-Skip-Cache
X-TrackingId
X-GeoIP-Country-Code
X-Thanos
X-Core-Mission
X-Ah-Environment
X-ShardId
X-Cache-FS-Status
X-ShopId
X-Cms-Context
X-GeoIP-City
X-Shopify-Stage
X-Level-Front-Cache
X-Edge-IP
X-Fetched-On
X-NC
X-Variation
X-Via-Edge
X-Fastly-Cache
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-Gateway-Cache-Key
X-Amzn-Remapped-Content-Length
X-Via-SSL
X-Sorting-Hat-PodId
X-User
X-Sorting-Hat-ShopId
X-Gateway-Cache-Status
X-Gateway-Skip-Cache
X-Generated-On
X-Server-IP
Adler-Geo
AKAMAI
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-Planisys-CDN-TTL
X-Sucuri-Cache
X-Auto-Login
X-S-Maxage
X-Amz-Meta-Cache-Control
Content-Disposition
SD-X-WS
Heartbleed
HTTPS
Is-Eu
Platform
X-MSEdge-Flight
X-MSEdge-Features
Fastly-Soc-X-Request-Id
Fastly-SSL
X-Backend-Host
X-Alternate-Cache-Key
X-Backend-Url
X-BBXSRF
X-Bip
X-Backend-State
Pagespeed
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
MIME-Version
X-Owner
X-Varnish-Url
X-No-Session
X-Geo-Header
X-Server-Time
N-Cache
X-C
Gh-Request-Id
Fastly-Backend-Name
Magicmarker
X-GZip
Server-ID
X-RateLimit-Reset
X-Apm-App-Name
X-Apm-Svc-Key
X-Sn-Servicetimems
X-Apm-Inst-Hash
V-Age
X-Cdn-Origin
X-Real-Ip
HostName
X-Org
X-Node-Id
X-ND-Cache
X-Geo
X-FPC
REQUESTUUID
Rt-Proxy-Cache
X-Exp-Se
X-Pjax-Url
X-Served-From
VivaBuild
Viewtype
X-Gdpr
X-Load-Cache
X-Varnish-Beresp-Ttl
Powered-By
X-B3-Parentspanid
X-CDN-Forward
X-CUA
X-DC
X-Parent-Response-Time
X-CSRF-TOKEN
X-Aicache-OS
Section-Io-Cache
Pragrma
CF-IPCountry
Wxu-Next-Commit
X-Passed-To-PostProcessResponse
X-Passed-To
X-Passed-To-BeforeDispatch
X-Passed-To-DLL
Wxu-Next-Hostname
X-Returned-From-BeforeDispatch
X-Server-By
X-Stale
X-Svr
X-Dc
X-Returned-From-PostProcessResponse
X-Returned-From
X-Original-Request
X-Returned-From-DLL
Wxu-Next-Region
X-Git-Hash
Memory
X-Actual-URL
Time
X-Croise-Owner
X-VServer
Host-ID
X-Wa
X-Servedbyhost
X-HS-Cache-Config
X-Host-Name
X-Nc
X-Oss-Storage-Class
X-Oss-Server-Time
X-Oss-Request-Id
X-Oss-Object-Type
PICS-Label
Cdn-Host
X-Oss-Hash-Crc64ecma
X-CACHE-KEY
Cdn-Request-Time
X-Edge-Server
ProcessTime
X-Tb-Optimization-Total-Bytes-Saved
Fastcgi-Useragent
Resin-Trace
X-Release
X-Unique-ID
X-Daa-Tunnel
X-WebServer
X-Microcachable
X-TH-Server
SID
X-Varnish-Beresp-TTL
X-Cache-HT
AR-SID
X-Newrelic-Synthetics
X-Optimization
Mime-Version
X-Phone
X-From-Cache
Cdn
X-Upstream-CT
X-Upstream-HT
X-Req
X-Backend-TTL
X-Instart-Info
X-Lb-Id
X-V
CF-Cached-On
Cf-Ipcountry
Backend-Name
X-B3-SpanId
X-APP
Odigeo-Trace-Id
X-Fastly-Backend-Reqs
X-Atg-Version
X-HTML-Minification-Powered-By
XServer
X-WR-MODIFICATION
Proxy-Firewall
X-LB-ID
X-Worker
X-Server-W
409pxxline
Xxline
178proxuri
X-ID
188prxHost
286prxHost
X-Fstrz
355prline
352pxline
Processtime
219prxHost
225prxHost
189phosttRef
X-Ratelimit-Remaining
X-Ratelimit-Limit
X-IPS-LoggedIn
X-Response-By
X-Vcl-Version
Version
X-CACHE-AGE
X-CLOUD-TRACE-CONTEXT
GMS-Ver
X-Nananana
X-Check-Cacheable
Public-Key-Pins-Report-Only
X-Zone
X-VCL-Version
X-NGINX-Cache
X-Akamai-Request-ID2
X-UPSTREAM-Address
Pics-Label
X-Vcache
Esi-Enabled
Accept-Language
WZWS-RAY
X-AssetVersion
X-Ratelimit-Reset
X-WA
GeoIP-Country-Code
Fastcgi-X-Cache-Version
GeoIP-City
X-Request-Handler-Origin-Region
X-Contensis-Viewer-Groups
GeoIP-Latitude
X-Microsite
X-URL
X-Amz-Meta-Surrogate-Control
X-GEO
SN
GW-Server
X-HS-Status
X-CSRF-Token
X-ServedByHost
X-ZONE
X-Hyper-Cache
DataCenter
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
X-RequestId
X-Be
Geoip-Latitude
GeoIp-Country-Code
X-We-Are-Hiring
Mobile-Detection-Method
X-Clientip
X-Fastly-Country-Code
Lb
Countrycode
X-Cdn-Cache
X-SERVER-NAME
X-UE-Client-Country
X-Dynatrace
Geoip-City
X-Request-Start
X-Via-NSCOPI
SS
X-BE
X-Urbn-Context-Path
X-Reqid
Locale
X-Render-Time
X-Urbn-Site-Id
X-Via-Ucdn
WP-Super-Cache
Ohc-File-Size
X-CS
X-LiteSpeed-Cache-Control
X-Hello
X-ABtesting
URI
X-Flog
X-NWS-UUID-VERIFY
X-GDPR
X-GZIP
X-Unique-Id
Dnion-Transfer-Encoding
X-HS-Combine-CSS
X-PJAX-URL
CDN
X-Gen-Id
FSS-Cache
X-PF-Uncompressing
IBM-Web2-Location
FSS-Proxy
Amp-Access-Control-Allow-Source-Origin
X-HostName
FastCGI-Cache
Dynatrace
X-SRV
X-FORWARDED-FOR
X-Fpc
X-Pf-Uncompressing
X-Test
Requestid
RequestUuid
Serverid
X-Fastly-Cache-Hits
Cneonction
X-NGENIX-Cache
X-Cache-Ttl
X-Store
Ohc-Cache-HIT
X-Generation-Time
Accept-Ch
X-Html-Edge-Cache
X-Request-Url
Server-Id
X-Bug-Bounty
X-Compress-Hint
A
X-LiteSpeed-Tag
X-Cluster-Name
X-Akamai-SSL-Client-Sid
X-Dw-Trace-Id
X-HTML-Edge-Cache
X-UCC
X-Serial
NnCoection
X-EC-Lua
X-ServerName
Is-Session-Tracking
Ohc-Response-Time
X-Cdn-Request-ID
Get-Access-Time
Frontcache
X-Port