Threat Level: green Handler on Duty: Renato Marinho

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
X-Powered-By
Link
ETag
CF-RAY
X-XSS-Protection
Expect-CT
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
CF-Cache-Status
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-AspNet-Version
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-Xss-Protection
X-Drupal-Cache
X-Adblock-Key
Alt-Svc
X-Check
X-Request-ID
X-Cacheable
Content-Security-Policy-Report-Only
X-Cache-Status
X-Generator
CF-Ray
X-Permitted-Cross-Domain-Policies
X-DNS-Prefetch-Control
X-AspNetMvc-Version
X-Template
X-Language
Status
X-Iinfo
Content-Encoding
Timing-Allow-Origin
X-Buckets
X-FRAME-OPTIONS
X-Content-Security-Policy
Upgrade
X-CDN
Xkey
X-Turbo-Charged-By
X-Kinja-Server-Push
Keep-Alive
Access-Control-Expose-Headers
X-Backend
X-Cache-Group
X-Pass-Why
Access-Control-Max-Age
X-AH-Environment
P3p
X-Drupal-Dynamic-Cache
X-Age
X-Ua-Compatible
X-Pingback
X-Server
X-Via
X-Proxy-Cache
Grace
X-Amz-Id-2
X-Amz-Request-Id
X-Hacker
WPE-Backend
X-Varnish-Cache
X-Robots-Tag
X-Server-Powered-By
X-Nginx-Cache-Status
X-Page-Speed
EagleId
X-UA-Device
Request-Context
X-Envoy-Upstream-Service-Time
Cf-Railgun
X-Amz-Version-Id
X-LiteSpeed-Cache
X-WebKit-CSP
X-Swift-CacheTime
X-Swift-SaveTime
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-OneAgent-JS-Injection
X-Device
Ali-Swift-Global-Savetime
Allow
Server-Timing
X-Ac
X-Rq
X-Node
X-Host
X-CST
Content-Location
Feature-Policy
X-Cnection
X-Response-Time
Report-To
X-Server-Id
X-Type
X-Backend-Server
X-Cloud-Trace-Context
X-Application-Context
Surrogate-Control
EagleEye-TraceId
X-Iejgwucgyu
X-ORACLE-DMS-ECID
X-Url
X-Readtime
X-Origin-Cache
Request-Id
X-Rack-Cache
X-Country
X-FTR-Request-ID
X-Clacks-Overhead
X-Cache-Lookup
X-Country-Code
Rating
NEL
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Instart-Request-ID
X-Ruxit-JS-Agent
X-Vhost
X-DynaTrace
X-Mod-Pagespeed
Pinterest-Generated-By
X-Origin-Upstream-Status
X-Px
X-DataDome
X-Upstream-Env
Edge-Control
X-Goog-Hash
Verso
X-Server-Name
X-ESI
Accept-CH
X-HW
X-ORACLE-DMS-RID
X-Dispatcher
X-Server-ID
MS-Author-Via
X-VARITI-CCR
AR-ATIME
AR-CACHE
AR-PoweredBy
X-GitHub-Request-Id
X-DataStream-Cache-Status
X-MS-InvokeApp
Arc-Version
X-Mobile-Rewrite
PB-PID
PB-RID
X-Kinja-Build
X-Exp-Variant
X-Exp-Id
X-GoogleNews-Bot
X-Cdn-Fetch
X-Kinja-Revision
X-Kinja
X-Kinja-Server
X-Use-Magma
X-Cached
X-Version
Charset
Content-MD5
X-Powered-By-Plesk
Public-Key-Pins
X-Recruiting
X-Dns-Prefetch-Control
Service-Worker-Allowed
AR-Request-ID
X-TTL
Accept-CH-Lifetime
RTSS
Ar-Sid
X-Abt-Application-Version
X-D2id
X-Navigation-Version
X-Vname
X-PC
X-TtlSet
X-Ser
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Varnish-TTL
X-Amz-Server-Side-Encryption
X-Vcap-Request-Id
X-Trace
X-Forwarded-Proto
X-Client-IP
SPRequestGuid
X-DynaTrace-JS-Agent
Nginx-Cache
X-FTR-DC
X-FTR-Cache-Status
X-FTR-Backend-Server
X-FTR-Backend
X-Country-Code-Real
X-FTR-Realm
X-FTR-Balancer
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-FTR-Expires
X-Amz-Rid
X-VCache
X-SharePointHealthScore
X-Fastly-Request-ID
S
X-XRDS-Location
X-Amz-Meta-S3cmd-Attrs
X-Debug
TCN
Arr-Disable-Session-Affinity
X-Shield-Request-Id
X-Hits
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Dw-Request-Base-Id
DynaTrace
X-TEC-API-VERSION
SPRequestDuration
X-Upstream-Proxy
SPIisLatency
X-Pinterest-Rid
Pinterest-Version
X-Akam-SW-Version
Access-Control-Request-Method
X-Goog-Storage-Class
X-FTR-Cache-Host
X-T
X-Powered-CMS
X-B3-TraceId
X-Oracle-Dms-Rid
Front-End-Https
X-SERVER
X-NF-Request-ID
X-Acc-Meta-Resource-Type
Tracecode
X-MSEdge-Ref
X-Amzn-Trace-Id
Realpath
X-Ttl
X-Aspnet-Version
X-N
Fastcgi-Cache
Paypal-Debug-Id
X-Varnish-Age
X-Id
X-Content-Type
X-Forwarded-For
X-Upstream
Alternate-Protocol
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
Mrf-Cache-Status
MRF-Tech
X-B3-TraceId-Primal
X-RateLimit-Remaining
X-Frontend
X-Logged-In
X-PressLabs-Stats
X-Sol
Display
X-HS-Content-Id
X-HS-Hub-Id
X-Middleton-Display
X-Fastcgi-Cache
Fusion-Content-Id
Fusion-Content-Source
Fusion-Component-Id
Fusion-Template-Id
Fusion-Source
X-Content-Digest
Response
X-Middleton-Response
AMP-Access-Control-Allow-Source-Origin
X-Hostname
X-Litespeed-Cache
X-Pad
X-Accel-Expires
X-Srv
X-Kinsta-Cache
MicrosoftSharePointTeamServices
Server-Name
X-Accel-Buffering
Host
X-Cache-Key
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
X-Analytics
Backend-Timing
X-Content-Options
X-User-Agent
X-Correlation-Id
X-LB-Cache
X-Revision
X-B3-Traceid
X-Debug-Info
X-Az
X-AppVersion
X-Amzn-RequestId
X-Activity-Id
X-Amz-Apigw-Id
Accept-Charset
Refresh
FilterID
X-Cdn
X-IPLB-Instance
X-Rid
X-Cache-2
X-B3-Sampled
X-Cache-Hit
Powered-By-ChinaCache
Surrogate-Key
X-B
X-DIS-Request-ID
X-CF-Powered-By
X-Page-Id
X-Grace
X-Whom
ServerID
Server-Info
TP-Cache
TP-L2-Cache
X-PHP-Backend
Host-Header
X-Request-Received
MS-CV
X-Request-Processing-Time
X-FastCGI-Cache
X-GUploader-UploadID
X-Cached-By
X-Content-Security-Policy-Report-Only
X-TT
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
Source
X-Origin-Server
Cache-Status
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Amz-Replication-Status
X-Varnish-Backend
X-Cache-Action
X-Framework
X-Cluster
X-App-Environment
X-UA-Device-Type
X-Akamai-Edgescape
X-Platform-Server
Access-Control-Allow-Method
X-Webkit-CSP
X-Mobile
X-Content-Powered-By
X-Request-Guid
X-FW-Hash
X-FW-Server
X-FW-Static
X-Varnish-Grace
X-F-Cache
X-FW-Type
X-FW-Serve
X-Tumblr-Pixel-0
X-Tumblr-User
X-Tumblr-Pixel
X-Drupal-Cache-Tags
X-Instance
X-Ruxit-Js-Agent
X-FB-Debug
X-Zen-Fury
X-SS-Set-Cookie
X-RateLimit-Limit
X-Ezoic-Cdn
X-Shard
X-Handled-By
X-Geo-Country
X-Forwarded-Host
X-Cache-TTL
X-Magnolia-Registration
Edge-Cache-Tag
From-Origin
X-Node-Name
X-ATG-Version
X-Cache-Age
X-Varnish-Hostname
X-App-Server
DC
X-Varnish-Server
Cache-Tags
Cleartype
PageSpeed
X-BCube-Filmed-By
X-AOL-HN
X-Cache-Control
Payment
Upgrade-Insecure-Requests
Healthy
X-Generated-By
CACHE
X-Region
X-WebKit-CSP-Report-Only
X-Response-Served-From
X-RequestSource
Filters
Server-Node
X-TX-ID
Fastly-Restarts
X-Adobe-Loc
X-Adobe-Content
Cache-Tv-Group
Webserver
NGB
X-Storage
Ms-Operation-Id
X-UUID
X-TT-TIMESTAMP
X-VG-WebCache
X-RTag
X-GeoIP
X-Cache-Rule
Country
X-Redis-Cache
Retry-After
Actual-Object-TTL
X-Signature
X-B-Cache
X-Drupal-Cache-Contexts
X-Jobs
X-FW-Dynamic
X-Cacheable-TTL
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-Content-Age
X-Locale
X-Varnish-Hits
GEO-INFO
ServedBy
X-TA-CDN-Provider
X-XRDS-LOCATION
Powered
Liferay-Portal
X-Contextid
Frame-Options
X-Seen-By
X-Wix-Server-Artifact-Id
HitType
X-Rendered-As
X-Real-IP
X-Via-JSL
X-Cache-TTL-Remaining
X-Oneagent-Js-Injection
X-Varnish-IP
X-WA-Info
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-GRACE
X-BACKEND-TTL
Viewport
S-Cnection
X-ProcessESI
Eomportal-Instance
X-RemovedCookies
X-Time
X-Cache-NE
X-Upgrade-Enabled
NtCoent-Length
X-Guploader-Uploadid
X-Cache-Server
X-Mode
Content-Style-Type
Content-Script-Type
Xserver
X-Esi
Datacenter
X-Cache-Config
X-Akamai-Transformed
X-Path-Route
X-Is-Bot
X-Hl-Ver
X-From
X-Proto
X-Proxied
X-Zipkin-Id
X-Routing-Service
X-RN-RSRV
X-ES-SERVER
X-Device-Type
Load-Balancing
Cache-Key
Cache-Hits
Machine
Mn-Server-Ip
X-Detected-As
X-Cache-Var-Map
X-Cache-Var
X-Varnish-Cache-Hits
Meta-Geo
X-S
X-AWS-Id
TWC-Connection-Speed
Webcakes-Region
Property-Id
OT-Force-Account-Verify
TWC-Device-Class
Mail-Subject
X-Cache-Enabled
Webcakes-App-Version
TWC-Locale-Group
TWC-GeoIP-LatLong
TWC-GeoIP-Country
TWC-Privacy
Vix-Hermes-Req-Id
Webcakes-App-Name
We-Hiring
X-VWS-Id
X-Environment-Context
X-FC-Vary-Parameters
X-L-Path
X-LJ-Flow-ID
X-Cache-Operation
X-Origin-Hint
X-VG-TLSProxy
X-Hosted-By
X-Viewer-Country
L5d-Success-Class
X-Tb
Access-Control-Request-Headers
Azure-SlotName
Azure-SiteName
Azure-RegionName
X-Proxy
Origin-Cache-Control
Origin-Edge-Control
X-FB-TRIP-ID
NGX
Azure-Version
X-Access
X-Origin-Response-Time
X-Loop
X-Labrador-Cache-Channel
X-Section
X-ServerID
X-TNCMS
X-Time-Microsecs
X-FW-Version
X-Format
X-Birta-Cache-Post
X-Backend-Name
X-Akamai-Request-ID
X-Birta-Served
X-Debug-Cache
X-EIG-Tracking-Id
X-Web-Node
Azure-InstanceId
S-Rt
X-Endurance-Cache-Level
X-Human
X-IP
X-Via-Fastly
Cache-Tag
X-Xfnlog-Site
X-Trace-Id
Selected-FE
X-BYPASS-REASON
X-JoinUs
X-Via-CDN
X-ProxyCache-Key
X-ProxyCache-Status
X-Timing-Wait
X-Proxy-Build
X-Varnish-Cacheable
X-OCL
X-PCL
X-NCache
X-CCM
DB-Nickname
Now
Decoy-Debug-TTL
Decoy-Debug-Key
X-Tumblr-Pixel-3
X-Grey
X-Generated
X-Www-Served-By
X-Rocket-Nginx-Bypass
X-Cache-Category-Id
Decoy-Debug-Status
X-Status
X-Site-Version
X-Vgn-Hpd-Reason
X-NWS-LOG-UUID
ViewerVersion
Uber-Trace-Id
X-MP-GENERATED-AT
X-Wix-Request-Id
X-RCS-CacheZone
X-VC-Cache
X-CDN-Cache
X-EdgeConnect-Cache-Status
X-Internal-Host
X-R9-Blue-Green-Version
Served-By
X-Newrelic-App-Data
X-Rule
X-Dynatrace-Js-Agent
X-Cache-Remote
X-NewRelic-App-Data
LB
Pagespeed
X-Origin-Host
X-UnsetCookies
Release
AsisCache
X-Sucuri-ID
X-UA
X-Cluster-Node
Rt-Fastcgi-Cache
Nel
X-App-Name
X-Ua
X-ApacheServer
X-PERF
User-Agent
X-Nginx-Cache
X-App-Version
X-Source
X-TIME
X-Agile
X-Agile-Age
X-Agile-Id
X-Request-Time
X-Datadome
Cache-Name
X-APP-VERSION
X-B3-Spanid
X-OVcl
X-Goog-Meta-Goog-Reserved-File-Mtime
X-OVcl-Cache
X-Edge-Location
X-Origin
X-Hit
X-CACHE-KEY
X-VCT
X-Pubstack
Warning
Hostname
X-Origin-TTL
X-Cdn-Forward
X-Origin-CC
X-Edge-IP
Request-EU
X-Ocache
Node
MD5-Digest
X-Platform
Fly-Request-Id
Origin
X-Processor
BehaviorPad-Version
X-Sucuri-Cache
On-Server
Arc-Country
Ajk
Cache-Prefix
Cross-Origin-Window-Policy
Rendered-Blocks
Meta-Geo-Continent
Fly-Cache
Ec-Rule-Version
Request-Country
X-IN-APIGATEWAY
X-Debug-Cookies
X-Application
X-Debug-Cache-Store
X-ARC
X-Debug-Cache-Fetch
X-Aed
X-Accel-Expires-Debug
X-Destination
X-Developer
X-A-Dgt
X-Debug-Log
X-A-Wwc
X-B-Cookie
X-BB-ID
X-CF-Lambda-Version
X-Date
X-D
X-Connection-Hash
X-Core-Value
X-CF-Lambda-Fn
Xc-Version
X-Cache-ASPX
X-Cache-Expires
X-Cache-Grace
X-Debug-Cache-Expiry
X-DPWN-IS-SECURE
X-A-Dcw
X-Logtrace-Id
X-Matched-Rule
X-Instart-Isnd
X-IN-WAF
X-PAYTM-SRV-ID
X-Mobile-URL
X-NodeID
X-NU-AKA-ACS-Version
Request-Time
Server-Cache-Control
Server-Surrogate-Control
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
X-A-Ccd
X-A
X-G
X-External-Request-Id
X-A-Dam
X-Gannett-Site-Version
Www
Thinkindot-Control
X-Hp-Webp
UCS
X-Generated-In
X-NX-Host
X-Trv-Group
X-Rojux
X-Twitter-Response-Tags
X-VG-WebServer
X-Region-Sid
X-S-Cookie
X-Rewrite-Enabled
X-ScT
X-Transaction
X-Varnish-Authentication
X-Var-Ttl
X-Up
X-Secret
X-SRCache-Key
X-Protected-By
X-Request-UUID
X-Server-Group
X-Thinkindot-L3
X-ElasticPress-Search
X-Cache-Backend
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-Cache-Info
X-Distil-CS
Server-Int
X-Crawler
Server-Host
RNT-Time
RNT-Machine
SRV
X-Developers
Proxy-Connection
X-Device-Os
X-Sedo-Request-Id
Pramga
X-Origin-Expires
Pagetype
X-Dispatcher-Server
X-PHP-Host
X-Amzn-Remapped-Connection
X-Amzn-Remapped-Date
Memcached
X-Cache-Host
X-Cache-Id
X-Key
X-Irp-Debug
X-Block-Status
X-Info
X-C
X-Cache-Debug
X-Sf
X-LAGOON
X-SN
Lfy
User-Cache-Control
X-LI-UUID
True-Client-Country-4JS
X-CGP
X-LI-Proto
X-Li-Pop
X-Rebelmouse-Cache-Control
X-Cache-Miss-From
X-Li-Fabric
X-Varnish-Url
Web-Mar-Node
X-TT-LOGID
N-Cache
Apple-News-Services-Request-Url
Backend
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Apple-News-Services-Handled
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
X-Proxy-Cache-Status
X-Hnp-Log
X-F5-Cache
X-Hash
Cache-Cookie-Set-Lfrom
X-Servername
X-Proxy-Upstream
X-RateLimit-Remaining-Second
X-Origin-Date
X-Rebelmouse-Surrogate-Control
X-Geo-Header
X-Swa-Ws
X-Reboot
X-SIPLIST1
X-Gen-Mode
X-Refresh
X-Qloud-Router
X-ServiceProvider
X-RateLimit-Limit-Second
X-Policy
CDCHOST
X-WPE-Loopback-Upstream-Addr
X-Epic-Correlation-Id
X-Distributor
X-Request-URI
X-Eu-Site
X-No-Session
HA-Ipaddr
Ha-Gx-Prefs
X-Nginx-Cache-Key
Heartbleed
IsBot
X-Webstats-RespID
Country-Code
Magicmarker
Fastly-Backend-Name
Fastly-SIE
Kp-EeAlive
X-Page-Type
Fastly-SWR
X-Varnish-Ttl
X-FireWall-Port
DSUID
X-Bip
X-S-Maxage
X-GeoIP-City
X-Generated-On
X-Cache-FS-Status
X-Gateway-Skip-Cache
X-Fetched-On
X-Core-Mission
X-Wikidot-Static-Cache
X-Cms-Context
X-Wikidot-Backend
X-Via-SSL
X-Sorting-Hat-ShopId
X-Gateway-Cache-Status
X-Gateway-Cache-Key
X-User
X-Server-IP
X-Sorting-Hat-PodId
SD-X-WS
Adler-Geo
X-Micro-Cache
Fastly-SSL
Is-Eu
X-Shopify-Stage
X-Fastly-Cache
X-MSEdge-Features
X-Cache-Bucket
X-Skip-Cache
Platform
HTTPS
X-BBXSRF
X-MSEdge-Flight
X-GeoIP-Country-Code
X-ShopId
X-ShardId
Content-Disposition
X-Amzn-Remapped-Content-Length
X-Variation
X-TrackingId
AKAMAI
X-Backend-State
X-Thanos
X-Amz-Meta-Cache-Control
X-Alternate-Cache-Key
X-Via-Edge
X-Location
Fastly-Soc-X-Request-Id
X-Ah-Environment
X-Level-Front-Cache
Cteonnt-Length
X-Server-Time
X-Owner
X-Planisys-CDN-TTL
X-Node-Id
X-Planisys-CDN-Cache
X-Auto-Login
X-Backend-Host
X-Backend-Url
X-Planisys-CDN-Rules
FNAC-ModuleRouting
X-Cdn-Srv
ServerName
Cache
X-GZip
X-Varnish-Beresp-Ttl
Server-ID
X-RateLimit-Reset
MIME-Version
X-Real-Ip
Section-Io-Cache
Gh-Request-Id
X-CUA
X-Org
Powered-By
X-Nc
X-Cdn-Origin
REQUESTUUID
X-Pjax-Url
Viewtype
X-Load-Cache
Pragrma
X-FPC
V-Age
X-Apm-App-Name
X-Apm-Inst-Hash
X-Apm-Svc-Key
X-Sn-Servicetimems
VivaBuild
X-NC
X-Svr
X-Server-By
X-Original-Request
X-Returned-From
X-Passed-To-PostProcessResponse
X-Passed-To-BeforeDispatch
X-Stale
X-Passed-To
Fastcgi-Useragent
HostName
X-Passed-To-DLL
X-Parent-Response-Time
X-ND-Cache
X-Exp-Se
X-Actual-URL
X-Aicache-OS
Rt-Proxy-Cache
X-Returned-From-PostProcessResponse
X-Returned-From-BeforeDispatch
X-Geo
X-Returned-From-DLL
X-CDN-Forward
X-Dc
X-Served-From
X-Croise-Owner
X-HS-Cache-Config
X-CSRF-TOKEN
Host-ID
X-VServer
Cdn-Host
X-Gdpr
X-Ua-Device
X-Unique-ID
X-DC
X-ID
Cdn-Request-Time
X-Edge-Server
X-B3-Parentspanid
Memory
X-Wa
X-Servedbyhost
X-Microcachable
Time
X-Git-Hash
ProcessTime
X-Oss-Server-Time
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Oss-Request-Id
PICS-Label
X-Oss-Storage-Class
Resin-Trace
Wxu-Next-Commit
SID
Wxu-Next-Hostname
Wxu-Next-Region
Mime-Version
X-Tb-Optimization-Total-Bytes-Saved
X-V
X-Newrelic-Synthetics
CF-IPCountry
X-From-Cache
X-Req
AR-SID
Cf-Ipcountry
X-Optimization
X-Cache-HT
Odigeo-Trace-Id
Cdn
X-Release
X-Host-Name
X-TH-Server
X-WebServer
X-HTML-Minification-Powered-By
X-Lb-Id
X-Varnish-Beresp-TTL
X-Fstrz
CF-Cached-On
X-Phone
X-Atg-Version
X-Daa-Tunnel
Proxy-Firewall
XServer
X-Instart-Info
X-APP
X-LB-ID
X-Response-By
X-Upstream-HT
X-Upstream-CT
Public-Key-Pins-Report-Only
X-WR-MODIFICATION
GMS-Ver
Processtime
Backend-Name
X-Ratelimit-Remaining
X-B3-SpanId
X-Check-Cacheable
X-Fastly-Backend-Reqs
X-Ratelimit-Limit
X-Vcl-Version
X-Worker
WZWS-RAY
X-Zone
Fastcgi-X-Cache-Version
X-CACHE-AGE
X-CLOUD-TRACE-CONTEXT
X-GEO
189phosttRef
188prxHost
178proxuri
225prxHost
219prxHost
286prxHost
Xxline
409pxxline
355prline
X-Server-W
352pxline
X-NGINX-Cache
X-Backend-TTL
X-IPS-LoggedIn
X-Nananana
X-Vcache
X-SRV
X-Amz-Meta-Surrogate-Control
Pics-Label
Version
X-Ratelimit-Reset
X-WA
X-UE-Client-Country
X-We-Are-Hiring
Mobile-Detection-Method
X-URL
GW-Server
Countrycode
X-HS-Status
X-Clientip
Serverid
Lb
X-VCL-Version
SS
SN
X-Hyper-Cache
X-ServedByHost
X-Fastly-Country-Code
X-CSRF-Token
X-UPSTREAM-Address
Esi-Enabled
WP-Super-Cache
DataCenter
Ohc-File-Size
GeoIP-Latitude
GeoIP-Country-Code
GeoIP-City
X-SERVER-NAME
Geoip-Latitude
GeoIp-Country-Code
X-AssetVersion
X-Akamai-Request-ID2
X-Contensis-Viewer-Groups
Accept-Language
X-Dynatrace
X-GZIP
URI
FSS-Proxy
X-HS-Combine-CSS
X-Be
FSS-Cache
X-PF-Uncompressing
X-BE
Geoip-City
X-Request-Start
X-GDPR
X-Via-Ucdn
X-Render-Time
X-Vtex-Remote-Cache
X-RequestId
X-NWS-UUID-VERIFY
X-LiteSpeed-Cache-Control
X-Vtex-Processado-Em
X-CS
X-Unique-Id
X-Urbn-Site-Id
X-PJAX-URL
CDN
X-ZONE
X-Via-NSCOPI
X-Fpc
Ohc-Cache-HIT
Locale
X-Reqid
X-Urbn-Context-Path
X-Gen-Id
Dynatrace
X-HostName
FastCGI-Cache
Amp-Access-Control-Allow-Source-Origin
X-FORWARDED-FOR
X-UCC
RequestUuid
X-Pf-Uncompressing
Cneonction
X-ABtesting
X-Hello
X-Html-Edge-Cache
X-Flog
X-Fastly-Cache-Hits
X-Cdn-Cache
X-Cache-Ttl
Who
A
X-Store
Dnion-Transfer-Encoding
IBM-Web2-Location
X-Generation-Time
X-Dw-Trace-Id
X-LiteSpeed-Tag
X-Request-Url
Accept-Ch
Server-Id
X-Varnish-Action
X-Akamai-SSL-Client-Sid
X-Port
X-Cache-URL
Get-Access-Time
NnCoection
Frontcache
Ohc-Response-Time
X-Serial
X-ServerName
X-EC-Lua
X-Cdn-Request-ID
Is-Session-Tracking
X-HTML-Edge-Cache