Threat Level: green Handler on Duty: Renato Marinho

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
X-Powered-By
Link
ETag
CF-RAY
X-XSS-Protection
Expect-CT
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
CF-Cache-Status
X-Timer
Access-Control-Allow-Headers
X-Request-Id
Access-Control-Allow-Methods
X-AspNet-Version
X-Xss-Protection
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
Alt-Svc
X-Check
X-Cacheable
X-Request-ID
Content-Security-Policy-Report-Only
X-Cache-Status
X-Generator
CF-Ray
X-Permitted-Cross-Domain-Policies
X-DNS-Prefetch-Control
X-AspNetMvc-Version
X-Template
X-Language
Status
X-Iinfo
Content-Encoding
Timing-Allow-Origin
X-FRAME-OPTIONS
X-Buckets
X-Content-Security-Policy
Upgrade
X-CDN
Xkey
X-Turbo-Charged-By
X-Kinja-Server-Push
P3p
Keep-Alive
Access-Control-Expose-Headers
X-Backend
X-Cache-Group
X-Pass-Why
Access-Control-Max-Age
X-AH-Environment
X-Drupal-Dynamic-Cache
X-Age
X-Ua-Compatible
X-Pingback
X-Server
X-Via
X-Proxy-Cache
X-Amz-Id-2
X-Amz-Request-Id
Grace
X-Hacker
WPE-Backend
X-Varnish-Cache
X-Robots-Tag
X-Server-Powered-By
X-Page-Speed
X-Nginx-Cache-Status
EagleId
X-UA-Device
Request-Context
X-Envoy-Upstream-Service-Time
Cf-Railgun
X-Amz-Version-Id
X-LiteSpeed-Cache
X-Swift-SaveTime
X-Swift-CacheTime
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-WebKit-CSP
X-OneAgent-JS-Injection
X-Device
Ali-Swift-Global-Savetime
Allow
Server-Timing
X-Ac
X-Rq
X-Node
X-Host
X-CST
Content-Location
Feature-Policy
X-Cnection
X-Response-Time
X-Server-Id
Report-To
X-Type
X-Backend-Server
X-Cloud-Trace-Context
X-Application-Context
EagleEye-TraceId
Surrogate-Control
X-Iejgwucgyu
X-ORACLE-DMS-ECID
X-Url
X-Origin-Cache
Request-Id
X-Readtime
X-Rack-Cache
X-Country
X-FTR-Request-ID
X-Cache-Lookup
X-Clacks-Overhead
X-Country-Code
Rating
NEL
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Instart-Request-ID
X-Vhost
X-DynaTrace
X-Ruxit-JS-Agent
Pinterest-Generated-By
X-Mod-Pagespeed
X-Origin-Upstream-Status
X-Px
X-DataDome
Edge-Control
X-Upstream-Env
X-Goog-Hash
Verso
X-Server-Name
X-ESI
Accept-CH
X-HW
X-Dispatcher
MS-Author-Via
AR-CACHE
AR-PoweredBy
X-VARITI-CCR
AR-ATIME
X-GitHub-Request-Id
X-DataStream-Cache-Status
Arc-Version
PB-PID
X-MS-InvokeApp
X-Mobile-Rewrite
PB-RID
X-ORACLE-DMS-RID
X-Exp-Id
X-Kinja-Server
X-Use-Magma
X-Kinja-Revision
X-Kinja-Build
X-GoogleNews-Bot
X-Kinja
X-Cdn-Fetch
X-Exp-Variant
X-Cached
X-Version
Charset
Content-MD5
X-Powered-By-Plesk
Public-Key-Pins
X-Server-ID
X-Recruiting
X-Dns-Prefetch-Control
Service-Worker-Allowed
AR-Request-ID
Accept-CH-Lifetime
X-TTL
RTSS
Ar-Sid
X-Abt-Application-Version
X-D2id
X-Navigation-Version
X-Vname
X-TtlSet
X-PC
X-Ser
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Amz-Server-Side-Encryption
X-Vcap-Request-Id
X-Trace
X-Varnish-TTL
X-Forwarded-Proto
X-Client-IP
SPRequestGuid
Nginx-Cache
X-FTR-Cache-Status
X-FTR-Balancer
X-FTR-Realm
X-FTR-DC
X-FTR-Backend-Server
X-Country-Code-Real
X-FTR-Backend
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-DynaTrace-JS-Agent
X-Goog-Metageneration
X-Goog-Generation
X-FTR-Expires
X-Amz-Rid
X-VCache
S
X-SharePointHealthScore
X-Fastly-Request-ID
X-Amz-Meta-S3cmd-Attrs
X-Oracle-Dms-Rid
X-Debug
TCN
Arr-Disable-Session-Affinity
X-Shield-Request-Id
X-Hits
DynaTrace
X-Dw-Request-Base-Id
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-XRDS-Location
X-Pinterest-Rid
X-Upstream-Proxy
Pinterest-Version
SPRequestDuration
SPIisLatency
X-Akam-SW-Version
Access-Control-Request-Method
X-T
X-FTR-Cache-Host
X-Goog-Storage-Class
X-B3-TraceId
X-Powered-CMS
Front-End-Https
X-NF-Request-ID
X-SERVER
X-Acc-Meta-Resource-Type
Tracecode
X-MSEdge-Ref
X-Amzn-Trace-Id
Realpath
X-Id
X-Ttl
X-Aspnet-Version
X-Litespeed-Cache
X-N
Fastcgi-Cache
X-Varnish-Age
Paypal-Debug-Id
X-Content-Type
X-Forwarded-For
X-Upstream
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
X-B3-TraceId-Primal
Mrf-Cache-Status
MRF-Tech
Alternate-Protocol
X-Logged-In
X-Frontend
X-PressLabs-Stats
X-HS-Hub-Id
X-HS-Content-Id
X-Fastcgi-Cache
X-RateLimit-Remaining
Fusion-Content-Id
Display
Fusion-Component-Id
Fusion-Source
X-Content-Digest
Fusion-Content-Source
X-Middleton-Display
Fusion-Template-Id
X-Sol
AMP-Access-Control-Allow-Source-Origin
X-Middleton-Response
Response
X-Hostname
X-Srv
X-Pad
X-Accel-Expires
X-Cache-Key
X-Kinsta-Cache
MicrosoftSharePointTeamServices
Server-Name
X-Accel-Buffering
Host
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
X-Content-Options
X-Analytics
Backend-Timing
X-User-Agent
X-Correlation-Id
X-LB-Cache
X-Revision
X-Debug-Info
X-B3-Traceid
X-Activity-Id
X-Amzn-RequestId
X-AppVersion
X-Az
X-Amz-Apigw-Id
FilterID
Accept-Charset
Refresh
X-IPLB-Instance
X-Cdn
X-Rid
X-Cache-2
X-Cache-Hit
X-B3-Sampled
Surrogate-Key
Powered-By-ChinaCache
X-B
X-DIS-Request-ID
X-Grace
X-CF-Powered-By
ServerID
X-Ruxit-Js-Agent
X-Page-Id
X-Whom
Server-Info
TP-L2-Cache
TP-Cache
X-PHP-Backend
Host-Header
MS-CV
X-Request-Received
X-Request-Processing-Time
X-FastCGI-Cache
X-Cached-By
X-Content-Security-Policy-Report-Only
X-TT
VIX-Pulpo-Node
X-Varnish-Backend
Source
VIX-Pulpo-Upstream-Status
X-Amz-Replication-Status
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Cluster
X-Akamai-Edgescape
X-Framework
X-App-Environment
Cache-Status
X-UA-Device-Type
X-Origin-Server
X-Cache-Action
X-Webkit-CSP
X-Mobile
X-Content-Powered-By
X-Platform-Server
Access-Control-Allow-Method
X-FW-Server
X-FW-Static
X-Tumblr-User
X-FW-Hash
X-Drupal-Cache-Tags
X-F-Cache
X-Tumblr-Pixel-0
X-FW-Serve
X-FW-Type
X-Varnish-Grace
X-Request-Guid
X-Tumblr-Pixel
X-Instance
X-SS-Set-Cookie
X-FB-Debug
X-Zen-Fury
X-Ezoic-Cdn
X-Geo-Country
X-Shard
X-Handled-By
X-GUploader-UploadID
X-Forwarded-Host
X-Cache-TTL
X-RateLimit-Limit
X-Magnolia-Registration
Edge-Cache-Tag
From-Origin
X-Node-Name
X-ATG-Version
X-Cache-Age
PageSpeed
X-Varnish-Hostname
X-App-Server
DC
X-Varnish-Server
Cache-Tags
Cleartype
X-BCube-Filmed-By
X-AOL-HN
CACHE
X-XRDS-LOCATION
X-Cache-Control
Payment
Healthy
Upgrade-Insecure-Requests
Filters
X-Generated-By
X-Region
X-Response-Served-From
X-WebKit-CSP-Report-Only
X-RequestSource
Server-Node
X-Adobe-Content
X-Adobe-Loc
Fastly-Restarts
X-VG-WebCache
Country
Cache-Tv-Group
X-GeoIP
NGB
Webserver
Ms-Operation-Id
X-RTag
X-TT-TIMESTAMP
X-Storage
X-Redis-Cache
X-TX-ID
X-Signature
Actual-Object-TTL
Retry-After
X-B-Cache
X-Jobs
X-FW-Dynamic
X-Drupal-Cache-Contexts
X-UUID
X-Cache-Rule
X-Tumblr-Pixel-2
X-Cacheable-TTL
X-Content-Age
X-Locale
X-Tumblr-Pixel-1
X-Varnish-Hits
GEO-INFO
ServedBy
X-TA-CDN-Provider
Powered
Liferay-Portal
X-Contextid
Frame-Options
X-Seen-By
X-Wix-Server-Artifact-Id
HitType
X-Rendered-As
X-Cache-TTL-Remaining
X-Oneagent-Js-Injection
X-Via-JSL
X-Guploader-Uploadid
X-Varnish-IP
X-WA-Info
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Real-IP
X-BACKEND-TTL
Viewport
S-Cnection
Eomportal-Instance
X-ProcessESI
X-RemovedCookies
X-Cache-NE
X-Upgrade-Enabled
NtCoent-Length
X-Cache-Server
Content-Script-Type
Xserver
Content-Style-Type
Datacenter
X-Dynatrace-Js-Agent
X-GRACE
X-Esi
X-Akamai-Transformed
X-Cache-Config
X-Detected-As
X-From
OT-Force-Account-Verify
Cache-Key
X-ES-SERVER
Cache-Hits
X-Cache-Var
X-Varnish-Cache-Hits
X-Device-Type
X-Cache-Var-Map
X-Mode
X-Path-Route
Machine
X-Time
Load-Balancing
X-Proto
Meta-Geo
X-Is-Bot
X-S
X-RN-RSRV
X-Hl-Ver
TWC-GeoIP-Country
X-Tb
TWC-Connection-Speed
X-Environment-Context
X-Cache-Enabled
X-Viewer-Country
X-AWS-Id
X-VWS-Id
Access-Control-Request-Headers
TWC-Locale-Group
Property-Id
Mn-Server-Ip
X-VG-TLSProxy
TWC-GeoIP-LatLong
TWC-Privacy
TWC-Device-Class
X-FC-Vary-Parameters
X-L-Path
Webcakes-App-Version
Mail-Subject
X-Origin-Hint
We-Hiring
Webcakes-App-Name
X-LJ-Flow-ID
Vix-Hermes-Req-Id
L5d-Success-Class
Webcakes-Region
X-Hosted-By
Azure-SiteName
X-Labrador-Cache-Channel
X-Endurance-Cache-Level
Azure-InstanceId
X-Loop
X-Access
X-Birta-Served
Azure-SlotName
X-Backend-Name
X-Web-Node
X-Akamai-Request-ID
X-Birta-Cache-Post
X-Cache-Operation
Azure-Version
Origin-Cache-Control
X-TNCMS
Azure-RegionName
X-Format
X-Time-Microsecs
X-Section
X-FW-Version
X-Origin-Response-Time
X-Proxy
X-Debug-Cache
X-ServerID
X-FB-TRIP-ID
NGX
Origin-Edge-Control
X-EIG-Tracking-Id
Now
S-Rt
Selected-FE
DB-Nickname
X-Trace-Id
X-Routing-Service
X-ProxyCache-Status
X-BYPASS-REASON
X-Proxy-Build
X-Timing-Wait
X-Varnish-Cacheable
X-Zipkin-Id
X-Xfnlog-Site
X-Via-Fastly
X-Via-CDN
X-Proxied
X-ProxyCache-Key
X-CCM
X-Human
X-PCL
Cache-Tag
X-IP
X-NCache
X-JoinUs
X-OCL
X-Cache-Category-Id
X-Rocket-Nginx-Bypass
X-Tumblr-Pixel-3
X-Vgn-Hpd-Reason
X-Grey
X-Site-Version
X-Status
X-Generated
X-Www-Served-By
Decoy-Debug-Status
Decoy-Debug-Key
Decoy-Debug-TTL
X-NWS-LOG-UUID
Uber-Trace-Id
X-Wix-Request-Id
ViewerVersion
X-MP-GENERATED-AT
X-RCS-CacheZone
X-Internal-Host
Served-By
X-EdgeConnect-Cache-Status
X-VC-Cache
X-CDN-Cache
X-R9-Blue-Green-Version
X-Newrelic-App-Data
X-Rule
X-Cache-Remote
X-UA
LB
X-NewRelic-App-Data
X-Origin-Host
AsisCache
Release
X-UnsetCookies
X-Sucuri-ID
X-Cluster-Node
Rt-Fastcgi-Cache
X-TIME
Nel
Pagespeed
X-ApacheServer
X-PERF
User-Agent
X-App-Name
X-APP-VERSION
X-Source
X-Nginx-Cache
X-Agile
X-Varnish-Ttl
X-Agile-Age
X-Agile-Id
X-Datadome
X-Ua
X-Request-Time
X-B3-Spanid
Cache-Name
Hostname
X-App-Version
X-OVcl
X-OVcl-Cache
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Edge-Location
X-Hit
X-Origin
X-VCT
X-Pubstack
Warning
X-Origin-CC
X-Origin-TTL
X-Edge-IP
X-Cdn-Forward
X-B-Cookie
X-ARC
X-A-Dam
Arc-Country
X-A-Ccd
X-Application
X-A-Dcw
X-Aed
X-A
X-A-Wwc
Cache-Prefix
X-A-Dgt
BehaviorPad-Version
X-Accel-Expires-Debug
Cross-Origin-Window-Policy
MD5-Digest
Request-EU
Request-Time
Meta-Geo-Continent
Request-Country
On-Server
Rendered-Blocks
Node
Fly-Request-Id
Fly-Cache
Thinkindot-CacheControl-Type
Thinkindot-Control
UCS
Thinkindot-CacheControl
Server-Surrogate-Control
Ajk
Server-Cache-Control
Ec-Rule-Version
Www
X-Gannett-Site-Version
X-Request-UUID
X-Region-Sid
X-Rewrite-Enabled
X-Rojux
X-S-Cookie
X-Processor
X-Platform
X-NodeID
X-NU-AKA-ACS-Version
X-NX-Host
X-PAYTM-SRV-ID
X-ScT
X-Secret
X-Var-Ttl
X-Up
X-Varnish-Authentication
X-VG-WebServer
Xc-Version
X-Twitter-Response-Tags
X-Trv-Group
X-Server-Group
X-SRCache-Key
X-Thinkindot-L3
X-Transaction
X-Mobile-URL
X-Matched-Rule
X-Debug-Cache-Expiry
X-Date
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-Debug-Cookies
X-D
X-CF-Lambda-Version
X-Cache-ASPX
X-Cache-Expires
X-Cache-Grace
X-CF-Lambda-Fn
X-Debug-Log
X-Destination
X-IN-APIGATEWAY
X-IN-WAF
X-Instart-Isnd
X-Logtrace-Id
X-Hp-Webp
X-Generated-In
X-Developer
X-DPWN-IS-SECURE
X-External-Request-Id
X-G
X-BB-ID
X-Connection-Hash
X-Ocache
X-Protected-By
X-Sucuri-Cache
X-Varnish-Beresp-Grace
X-Cache-Backend
X-ElasticPress-Search
User-Cache-Control
X-Varnish-Beresp-Status
X-Cache-Debug
X-Info
X-Cache-Id
X-Irp-Debug
Server-Host
Server-Int
X-Geo-Header
X-Hash
SRV
X-Hnp-Log
X-Key
X-LAGOON
X-Cache-Host
Pagetype
Origin
N-Cache
X-LI-Proto
X-Li-Pop
X-TT-LOGID
X-Li-Fabric
Proxy-Connection
Pramga
True-Client-Country-4JS
X-Gen-Mode
X-Amzn-Remapped-Date
X-Developers
X-Amzn-Remapped-Connection
X-Device-Os
Lfy
Memcached
X-Block-Status
X-CGP
X-Core-Value
X-Crawler
X-Dispatcher-Server
X-Distil-CS
X-No-Session
X-Cache-Info
X-Varnish-Url
Web-Mar-Node
X-C
X-Eu-Site
X-Distributor
X-Webstats-RespID
X-Epic-Correlation-Id
X-F5-Cache
X-LI-UUID
Country-Code
X-Reboot
X-Refresh
X-Request-URI
X-Rebelmouse-Cache-Control
X-RateLimit-Remaining-Second
Fastly-SWR
X-RateLimit-Limit-Second
Fastly-SIE
Fastly-Backend-Name
CDCHOST
X-Swa-Ws
Apple-News-Services-Handled
X-Sf
X-SIPLIST1
X-SN
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
X-Servername
Backend
X-ServiceProvider
Apple-News-Services-Request-Url
X-Proxy-Upstream
X-Rebelmouse-Surrogate-Control
X-Proxy-Cache-Status
X-Page-Type
Heartbleed
HA-Ipaddr
X-Origin-Date
IsBot
X-WPE-Loopback-Upstream-Addr
Magicmarker
Kp-EeAlive
Ha-Gx-Prefs
X-Origin-Expires
X-PHP-Host
X-Policy
DSUID
X-FireWall-Port
X-Core-Mission
X-MSEdge-Features
X-ShardId
X-Micro-Cache
X-Wikidot-Static-Cache
X-Qloud-Router
X-Wikidot-Backend
X-ShopId
X-CACHE-KEY
X-User
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Skip-Cache
X-MSEdge-Flight
X-Shopify-Stage
X-Cache-Miss-From
X-Variation
X-Location
X-Fetched-On
X-GeoIP-City
X-Thanos
X-TrackingId
X-Level-Front-Cache
X-Gateway-Cache-Status
X-Gateway-Cache-Key
X-Via-Edge
X-GeoIP-Country-Code
X-Server-IP
X-Real-Ip
X-Generated-On
X-Sedo-Request-Id
X-S-Maxage
X-Nginx-Cache-Key
X-Via-SSL
X-Gateway-Skip-Cache
X-Cms-Context
X-Amzn-Remapped-Content-Length
X-Alternate-Cache-Key
Fastly-SSL
Fastly-Soc-X-Request-Id
X-Fastly-Cache
Content-Disposition
HTTPS
Is-Eu
RNT-Time
SD-X-WS
RNT-Machine
Platform
X-Ah-Environment
Cache-Cookie-Set-Lfrom
X-Amz-Meta-Cache-Control
X-Backend-State
Cache-Cookie-Set-From
AKAMAI
X-BBXSRF
X-Bip
Cache-Cookie-Set-Idcheck
X-Cache-FS-Status
X-Cache-Bucket
Adler-Geo
Cteonnt-Length
FNAC-ModuleRouting
X-Server-Time
X-Planisys-CDN-Cache
X-Node-Id
X-Cdn-Srv
ServerName
X-Owner
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Auto-Login
X-Backend-Url
X-Backend-Host
X-GZip
X-Varnish-Beresp-Ttl
Server-ID
X-RateLimit-Reset
Gh-Request-Id
Powered-By
Section-Io-Cache
X-Org
X-CUA
X-Nc
X-Cdn-Origin
X-Sn-Servicetimems
REQUESTUUID
X-Load-Cache
Pragrma
X-Apm-App-Name
X-Apm-Inst-Hash
X-Pjax-Url
X-Apm-Svc-Key
Viewtype
VivaBuild
MIME-Version
V-Age
X-FPC
X-NC
Cache
X-Dc
X-Passed-To-PostProcessResponse
X-Passed-To-DLL
X-Passed-To
X-Svr
X-Passed-To-BeforeDispatch
X-Returned-From
X-Geo
X-ND-Cache
X-Returned-From-PostProcessResponse
X-Aicache-OS
X-Actual-URL
Rt-Proxy-Cache
X-CDN-Forward
X-Returned-From-BeforeDispatch
X-Returned-From-DLL
X-Original-Request
X-Parent-Response-Time
X-Server-By
Fastcgi-Useragent
X-Stale
X-Exp-Se
X-HS-Cache-Config
X-VServer
X-Served-From
X-Gdpr
Host-ID
X-Croise-Owner
HostName
X-Unique-ID
X-Edge-Server
X-Ua-Device
X-CSRF-TOKEN
Cdn-Host
Cdn-Request-Time
X-B3-Parentspanid
Time
PICS-Label
Memory
X-Microcachable
X-DC
X-Webkit-Csp
Mime-Version
Wxu-Next-Hostname
Wxu-Next-Region
X-Wa
Wxu-Next-Commit
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Servedbyhost
X-Oss-Request-Id
X-Oss-Server-Time
X-Git-Hash
SID
Resin-Trace
X-Oss-Storage-Class
ProcessTime
X-V
X-Newrelic-Synthetics
X-Tb-Optimization-Total-Bytes-Saved
CF-IPCountry
X-From-Cache
X-Req
X-Cache-HT
X-Optimization
X-ID
AR-SID
Cf-Ipcountry
X-Lb-Id
X-Release
Odigeo-Trace-Id
Cdn
X-Host-Name
X-WebServer
X-HTML-Minification-Powered-By
X-TH-Server
X-Varnish-Beresp-TTL
X-Ratelimit-Remaining
X-Phone
X-Fstrz
CF-Cached-On
X-Daa-Tunnel
X-Atg-Version
X-Instart-Info
Proxy-Firewall
Processtime
X-APP
XServer
X-Response-By
X-Upstream-CT
X-Ratelimit-Limit
X-Upstream-HT
Public-Key-Pins-Report-Only
GMS-Ver
X-WR-MODIFICATION
X-Vcl-Version
Backend-Name
X-LB-ID
X-Check-Cacheable
WZWS-RAY
X-Worker
X-Fastly-Backend-Reqs
X-GEO
X-CLOUD-TRACE-CONTEXT
Fastcgi-X-Cache-Version
X-CACHE-AGE
X-Zone
352pxline
286prxHost
219prxHost
X-B3-SpanId
225prxHost
189phosttRef
355prline
178proxuri
188prxHost
Xxline
409pxxline
X-Server-W
X-Amz-Meta-Surrogate-Control
X-NGINX-Cache
X-WA
X-Vcache
X-IPS-LoggedIn
X-Backend-TTL
X-Nananana
Version
X-UE-Client-Country
Pics-Label
X-Ratelimit-Reset
X-ServedByHost
X-CSRF-Token
X-We-Are-Hiring
Mobile-Detection-Method
X-URL
X-Clientip
GW-Server
X-HS-Status
Countrycode
Lb
SS
SN
Geoip-Latitude
X-UPSTREAM-Address
Esi-Enabled
X-Fastly-Country-Code
GeoIp-Country-Code
X-Hyper-Cache
DataCenter
Ohc-File-Size
WP-Super-Cache
X-VCL-Version
X-SERVER-NAME
Geoip-City
X-Contensis-Viewer-Groups
X-AssetVersion
X-Akamai-Request-ID2
X-Dynatrace
Accept-Language
X-GZIP
X-SRV
X-Render-Time
X-HS-Combine-CSS
FSS-Cache
GeoIP-Latitude
X-BE
URI
GeoIP-City
X-PF-Uncompressing
X-Request-Start
FSS-Proxy
X-Be
GeoIP-Country-Code
Serverid
X-CS
X-GDPR
X-Vtex-Remote-Cache
X-LiteSpeed-Cache-Control
X-Via-Ucdn
X-RequestId
X-Vtex-Processado-Em
X-NWS-UUID-VERIFY
X-Unique-Id
X-Urbn-Site-Id
X-Via-NSCOPI
Locale
X-Reqid
X-Urbn-Context-Path
X-PJAX-URL
Ohc-Cache-HIT
X-Fpc
CDN
X-Gen-Id
X-ZONE
FastCGI-Cache
X-HostName
X-FORWARDED-FOR
Amp-Access-Control-Allow-Source-Origin
Dynatrace
X-Flog
X-ABtesting
X-Html-Edge-Cache
X-Fastly-Cache-Hits
RequestUuid
X-Pf-Uncompressing
Cneonction
X-UCC
X-Hello
X-Cache-Ttl
X-Cdn-Cache
X-Generation-Time
X-LiteSpeed-Tag
Dnion-Transfer-Encoding
Accept-Ch
X-Varnish-Action
IBM-Web2-Location
Who
Server-Id
X-Request-Url
X-Store
A
X-Akamai-SSL-Client-Sid
Ohc-Response-Time
X-Cdn-Request-ID
Frontcache
X-Serial
X-Cache-URL
X-Dw-Trace-Id
X-HTML-Edge-Cache
X-Port
NnCoection
Get-Access-Time
X-EC-Lua
Is-Session-Tracking
X-ServerName