Threat Level: green Handler on Duty: Russ McRee

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
X-Powered-By
Link
ETag
CF-RAY
X-XSS-Protection
Expect-CT
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
CF-Cache-Status
X-Timer
Access-Control-Allow-Headers
X-Request-Id
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-Xss-Protection
X-Drupal-Cache
X-Adblock-Key
Alt-Svc
X-Check
X-Cacheable
X-Request-ID
Content-Security-Policy-Report-Only
X-Cache-Status
X-Generator
CF-Ray
X-DNS-Prefetch-Control
X-Permitted-Cross-Domain-Policies
X-AspNetMvc-Version
X-Template
X-Language
Status
X-Iinfo
Content-Encoding
Timing-Allow-Origin
X-FRAME-OPTIONS
X-Content-Security-Policy
X-Buckets
Upgrade
Xkey
X-Turbo-Charged-By
X-CDN
X-Kinja-Server-Push
Keep-Alive
Access-Control-Expose-Headers
X-Backend
Access-Control-Max-Age
X-Cache-Group
X-Pass-Why
X-AH-Environment
X-Drupal-Dynamic-Cache
X-Age
X-Ua-Compatible
X-Pingback
X-Server
X-Via
X-Proxy-Cache
Grace
X-Amz-Id-2
X-Amz-Request-Id
X-Hacker
X-Page-Speed
X-Varnish-Cache
WPE-Backend
X-Robots-Tag
X-Server-Powered-By
X-Nginx-Cache-Status
X-UA-Device
EagleId
Request-Context
X-Envoy-Upstream-Service-Time
Cf-Railgun
P3p
X-Amz-Version-Id
X-LiteSpeed-Cache
X-Swift-CacheTime
X-Swift-SaveTime
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-OneAgent-JS-Injection
Ali-Swift-Global-Savetime
X-Device
X-WebKit-CSP
Server-Timing
Allow
X-Ac
X-Rq
X-Node
X-Host
Content-Location
X-Server-Id
Feature-Policy
X-Cnection
X-CST
X-Response-Time
Report-To
X-Backend-Server
X-Cloud-Trace-Context
EagleEye-TraceId
X-Application-Context
Surrogate-Control
X-ORACLE-DMS-ECID
X-Iejgwucgyu
X-Url
X-Readtime
X-Origin-Cache
Request-Id
X-Rack-Cache
X-Type
X-Country
X-FTR-Request-ID
X-Cache-Lookup
X-Clacks-Overhead
X-Country-Code
NEL
Rating
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Instart-Request-ID
X-Ruxit-JS-Agent
X-Vhost
X-DynaTrace
Pinterest-Generated-By
X-Mod-Pagespeed
X-Origin-Upstream-Status
X-DataDome
Edge-Control
X-Px
X-Goog-Hash
X-HW
X-Server-Name
Verso
X-Upstream-Env
Accept-CH
X-Dispatcher
X-ORACLE-DMS-RID
MS-Author-Via
X-ESI
AR-CACHE
AR-ATIME
AR-PoweredBy
X-VARITI-CCR
X-Cdn
X-MS-InvokeApp
Arc-Version
PB-PID
X-Mobile-Rewrite
X-GitHub-Request-Id
PB-RID
X-Use-Magma
X-Kinja-Revision
X-Kinja-Server
X-Kinja-Build
X-Exp-Variant
X-Exp-Id
X-Kinja
X-GoogleNews-Bot
X-Cdn-Fetch
X-DataStream-Cache-Status
X-Cached
X-TTL
X-Version
Public-Key-Pins
Content-MD5
X-Powered-By-Plesk
Charset
Service-Worker-Allowed
X-Recruiting
AR-Request-ID
Accept-CH-Lifetime
RTSS
Ar-Sid
X-Abt-Application-Version
X-D2id
X-Navigation-Version
X-Vname
X-TtlSet
X-PC
X-Amz-Server-Side-Encryption
X-Ser
X-Varnish-TTL
X-Server-ID
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Vcap-Request-Id
X-Forwarded-Proto
X-Client-IP
X-Trace
SPRequestGuid
X-DynaTrace-JS-Agent
Nginx-Cache
X-FTR-Realm
X-FTR-Backend-Server
X-FTR-Backend
X-Country-Code-Real
X-FTR-Balancer
X-FTR-Cache-Status
X-FTR-DC
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-FTR-Expires
S
X-XRDS-Location
X-Amz-Rid
X-Amz-Meta-S3cmd-Attrs
X-Fastly-Request-ID
X-VCache
X-SharePointHealthScore
DynaTrace
TCN
X-Debug
X-Hits
Arr-Disable-Session-Affinity
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Dw-Request-Base-Id
X-TEC-API-ORIGIN
X-Shield-Request-Id
X-Upstream-Proxy
Pinterest-Version
X-Pinterest-Rid
X-Akam-SW-Version
SPRequestDuration
SPIisLatency
X-Powered-CMS
X-B3-TraceId
Access-Control-Request-Method
X-FTR-Cache-Host
X-Goog-Storage-Class
X-T
X-Oracle-Dms-Rid
Realpath
X-NF-Request-ID
X-SERVER
X-Acc-Meta-Resource-Type
Front-End-Https
Tracecode
X-MSEdge-Ref
X-Id
X-Amzn-Trace-Id
X-Aspnet-Version
X-Webkit-CSP
Fastcgi-Cache
X-N
X-Content-Type
X-Varnish-Age
Paypal-Debug-Id
X-Forwarded-For
X-Upstream
X-Dns-Prefetch-Control
X-Fastcgi-Cache
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
X-B3-TraceId-Primal
Mrf-Cache-Status
MRF-Tech
X-Ttl
Alternate-Protocol
X-Frontend
X-RateLimit-Remaining
X-Logged-In
X-PressLabs-Stats
X-HS-Content-Id
X-Content-Digest
X-HS-Hub-Id
Fusion-Source
Fusion-Template-Id
Fusion-Content-Source
Fusion-Content-Id
Fusion-Component-Id
X-Hostname
X-Middleton-Display
Display
X-Sol
AMP-Access-Control-Allow-Source-Origin
Response
X-Middleton-Response
X-Cache-Key
X-Litespeed-Cache
X-Pad
X-Srv
X-Accel-Expires
Host
MicrosoftSharePointTeamServices
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
X-Kinsta-Cache
Server-Name
X-Correlation-Id
Backend-Timing
X-Analytics
X-Content-Options
X-LB-Cache
X-Revision
X-Debug-Info
X-User-Agent
X-B3-Traceid
X-B3-Sampled
X-Rid
X-Activity-Id
X-Amz-Apigw-Id
X-IPLB-Instance
X-AppVersion
X-Amzn-RequestId
X-Az
FilterID
X-Cache-Hit
X-Cache-2
Accept-Charset
Surrogate-Key
Refresh
X-Accel-Buffering
ServerID
X-B
Powered-By-ChinaCache
X-CF-Powered-By
X-DIS-Request-ID
X-Page-Id
X-Grace
X-Whom
Server-Info
TP-Cache
TP-L2-Cache
X-Request-Received
MS-CV
X-Request-Processing-Time
X-PHP-Backend
Host-Header
Cache-Status
X-GUploader-UploadID
Source
X-Amz-Replication-Status
X-App-Environment
X-Origin-Server
X-TT
X-Content-Security-Policy-Report-Only
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Varnish-Backend
X-Cached-By
X-F-Cache
X-Cluster
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Cache-Action
X-Akamai-Edgescape
X-Framework
X-UA-Device-Type
X-Platform-Server
X-Content-Powered-By
X-Tumblr-Pixel-0
X-Mobile
Access-Control-Allow-Method
X-Tumblr-Pixel
X-Varnish-Grace
X-Tumblr-User
X-FW-Serve
X-FW-Hash
X-Drupal-Cache-Tags
X-FW-Type
X-FW-Server
X-Request-Guid
X-FW-Static
X-Ruxit-Js-Agent
X-FB-Debug
X-Instance
X-SS-Set-Cookie
X-Forwarded-Host
X-RateLimit-Limit
X-Geo-Country
X-Zen-Fury
X-Cache-TTL
X-Node-Name
X-Handled-By
Edge-Cache-Tag
X-Ezoic-Cdn
PageSpeed
X-Magnolia-Registration
X-FastCGI-Cache
X-Shard
From-Origin
X-TA-CDN-Provider
X-Varnish-Hostname
X-ATG-Version
X-Cache-Age
Cache-Tags
X-BCube-Filmed-By
X-Varnish-Server
Fastly-Restarts
DC
X-Cache-Control
X-AOL-HN
X-App-Server
Cleartype
Healthy
Upgrade-Insecure-Requests
X-Cache-Rule
Server-Node
Payment
Filters
X-RequestSource
X-B-Cache
X-Signature
X-Response-Served-From
X-TX-ID
X-Adobe-Content
X-Region
X-WebKit-CSP-Report-Only
X-Adobe-Loc
Ms-Operation-Id
X-UUID
Webserver
X-Generated-By
X-TT-TIMESTAMP
X-VG-WebCache
Retry-After
X-RTag
X-Storage
Country
X-Redis-Cache
X-Drupal-Cache-Contexts
X-Jobs
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-GeoIP
X-FW-Dynamic
Actual-Object-TTL
X-Locale
X-Cacheable-TTL
Cache-Tv-Group
X-Content-Age
X-Varnish-Hits
Powered
NGB
GEO-INFO
X-XRDS-LOCATION
ServedBy
Frame-Options
CACHE
X-Contextid
Liferay-Portal
X-Esi
HitType
X-WA-Info
X-Rendered-As
X-Oneagent-Js-Injection
X-Real-IP
X-Seen-By
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Varnish-IP
X-Cache-TTL-Remaining
X-Cache-NE
X-ProcessESI
X-RemovedCookies
Eomportal-Instance
X-GRACE
X-Via-JSL
Viewport
X-Time
S-Cnection
X-Upgrade-Enabled
X-Guploader-Uploadid
Xserver
X-Mode
X-Cache-Operation
NtCoent-Length
X-BACKEND-TTL
X-Detected-As
X-Is-Bot
X-Hl-Ver
X-From
X-ES-SERVER
X-Path-Route
X-Proto
X-Zipkin-Id
X-Routing-Service
X-RN-RSRV
X-Proxied
X-Device-Type
X-Cache-Var-Map
Cache-Key
Cache-Hits
OT-Force-Account-Verify
X-Varnish-Cache-Hits
Load-Balancing
Meta-Geo
X-Cache-Var
X-Cache-Enabled
Mn-Server-Ip
X-Akamai-Transformed
Machine
X-S
X-Cache-Server
Datacenter
Mail-Subject
X-Environment-Context
NGX
X-FC-Vary-Parameters
X-FB-TRIP-ID
Access-Control-Request-Headers
X-LJ-Flow-ID
X-Origin-Hint
X-AWS-Id
X-Hosted-By
Property-Id
L5d-Success-Class
TWC-GeoIP-Country
Webcakes-App-Name
We-Hiring
Webcakes-App-Version
Webcakes-Region
X-Cache-Config
Vix-Hermes-Req-Id
TWC-Privacy
TWC-Device-Class
X-Proxy
TWC-GeoIP-LatLong
TWC-Locale-Group
TWC-Connection-Speed
X-L-Path
Content-Style-Type
X-NWS-LOG-UUID
X-Viewer-Country
X-VWS-Id
X-VG-TLSProxy
X-Tb
Content-Script-Type
X-TNCMS
Azure-Version
Azure-SiteName
X-Time-Microsecs
Azure-InstanceId
Azure-RegionName
X-Format
Azure-SlotName
Origin-Cache-Control
X-Web-Node
X-Rocket-Nginx-Bypass
X-Backend-Name
S-Rt
X-Debug-Cache
Origin-Edge-Control
X-Newrelic-App-Data
X-Wix-Server-Artifact-Id
X-EIG-Tracking-Id
X-FW-Version
X-Loop
X-Akamai-Request-ID
X-Origin-Response-Time
X-ServerID
X-RCS-CacheZone
X-Labrador-Cache-Channel
X-Birta-Served
X-Birta-Cache-Post
X-Via-Fastly
X-ProxyCache-Status
X-PCL
X-IP
X-Proxy-Build
X-ProxyCache-Key
X-Xfnlog-Site
X-Access
X-BYPASS-REASON
Cache-Tag
X-Vgn-Hpd-Reason
Selected-FE
X-Section
X-CCM
Now
X-Timing-Wait
X-NCache
DB-Nickname
X-JoinUs
X-OCL
X-Trace-Id
X-Human
X-Tumblr-Pixel-3
X-Www-Served-By
X-Cache-Category-Id
X-Grey
Uber-Trace-Id
X-Site-Version
X-Generated
X-Endurance-Cache-Level
X-Via-CDN
X-R9-Blue-Green-Version
X-Varnish-Cacheable
X-MP-GENERATED-AT
X-Cache-Remote
Decoy-Debug-Status
Decoy-Debug-Key
Decoy-Debug-TTL
X-Status
X-Internal-Host
X-VC-Cache
LB
X-Rule
X-Dynatrace-Js-Agent
Served-By
X-UnsetCookies
X-EdgeConnect-Cache-Status
Release
X-CDN-Cache
X-UA
X-Wix-Request-Id
AsisCache
ViewerVersion
X-Cluster-Node
X-Ua
Rt-Fastcgi-Cache
Nel
X-Origin-Host
X-Sucuri-ID
X-App-Name
X-Nginx-Cache
X-Source
X-Request-Time
X-PERF
X-ApacheServer
X-App-Version
X-TIME
X-Datadome
X-Agile-Id
X-Agile
X-Agile-Age
X-Origin
X-Goog-Meta-Goog-Reserved-File-Mtime
X-OVcl-Cache
X-Hit
X-OVcl
X-VCT
X-NewRelic-App-Data
X-B3-Spanid
X-APP-VERSION
Cache-Name
User-Agent
DSUID
X-WPE-Loopback-Upstream-Addr
Warning
SRV
Cache
X-Origin-TTL
X-Origin-CC
X-S-Cookie
X-ScT
X-IN-APIGATEWAY
X-Application
X-BB-ID
Request-EU
X-Cache-ASPX
Cross-Origin-Window-Policy
X-Cache-Expires
Request-Time
X-Server-Group
X-ARC
X-B-Cookie
X-Rojux
X-Secret
X-A-Dgt
Ajk
Cache-Prefix
UCS
X-Platform
X-Processor
X-Logtrace-Id
X-Matched-Rule
Thinkindot-Control
X-Mobile-URL
BehaviorPad-Version
Arc-Country
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
Www
X-A
Server-Cache-Control
X-Aed
X-Refresh
X-Region-Sid
X-Request-UUID
X-Accel-Expires-Debug
X-A-Wwc
X-Pubstack
X-A-Ccd
X-A-Dam
X-A-Dcw
X-Cache-Grace
X-Rewrite-Enabled
Rendered-Blocks
X-VG-WebServer
Meta-Geo-Continent
X-Instart-Isnd
X-SRCache-Key
X-G
X-Varnish-Authentication
X-NU-AKA-ACS-Version
X-Webstats-RespID
Node
Ec-Rule-Version
Xc-Version
X-External-Request-Id
X-F5-Cache
X-Gannett-Site-Version
X-Var-Ttl
Lfy
MD5-Digest
X-Thinkindot-L3
X-Hp-Webp
X-Trv-Group
X-Transaction
X-Twitter-Response-Tags
X-Up
Pagespeed
X-NX-Host
X-IN-WAF
Memcached
X-Generated-In
On-Server
X-NodeID
X-Core-Value
X-Connection-Hash
X-DPWN-IS-SECURE
X-Date
X-Debug-Cache-Expiry
Server-Surrogate-Control
X-CF-Lambda-Version
X-PAYTM-SRV-ID
X-Cache-Info
Request-Country
X-CF-Lambda-Fn
X-Debug-Cache-Fetch
X-D
Fly-Cache
X-Debug-Log
X-Developer
Fly-Request-Id
Origin
X-Debug-Cache-Store
X-Debug-Cookies
X-Destination
X-Cache-Backend
X-Edge-Location
X-ElasticPress-Search
User-Cache-Control
X-Cdn-Forward
X-Nginx-Cache-Key
RNT-Machine
Pagetype
Server-Int
Pramga
Proxy-Connection
RNT-Time
Server-Host
X-Cache-Debug
X-Distributor
X-LAGOON
X-Distil-CS
X-Dispatcher-Server
X-Li-Fabric
X-Device-Os
X-Epic-Correlation-Id
X-Eu-Site
X-Hash
X-Hnp-Log
X-Gen-Mode
X-Info
X-Key
X-Irp-Debug
X-Crawler
X-Li-Pop
X-Amzn-Remapped-Date
X-LI-Proto
X-Amzn-Remapped-Connection
X-LI-UUID
True-Client-Country-4JS
Web-Mar-Node
X-Block-Status
X-Cache-Bucket
X-Cache-Miss-From
X-CGP
X-Cache-Id
X-Cache-Host
Kp-EeAlive
ServerName
X-PHP-Host
Backend
Cache-Cookie-Set-From
X-Servername
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
X-Rebelmouse-Surrogate-Control
FNAC-ModuleRouting
CDCHOST
X-ServiceProvider
Apple-News-Services-Host
Apple-News-Services-Handled
X-Ocache
X-Reboot
X-Qloud-Router
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Proxy-Upstream
X-Proxy-Cache-Status
Hostname
X-SN
X-Policy
X-Protected-By
X-Rebelmouse-Cache-Control
X-Request-URI
Ha-Gx-Prefs
X-Origin-Date
X-Origin-Expires
X-Sedo-Request-Id
HA-Ipaddr
X-Sf
X-TT-LOGID
IsBot
Fastly-SWR
X-Page-Type
X-SIPLIST1
Country-Code
Fastly-SIE
X-Swa-Ws
X-FireWall-Port
Cteonnt-Length
X-Varnish-Ttl
X-Skip-Cache
X-Cache-FS-Status
X-ShardId
X-Core-Mission
X-Level-Front-Cache
X-Cdn-Srv
X-Shopify-Stage
X-Ah-Environment
X-ShopId
X-Sorting-Hat-ShopId
X-Generated-On
X-Edge-IP
X-User
X-Geo-Header
X-GeoIP-City
X-TrackingId
X-Thanos
X-GeoIP-Country-Code
X-Gateway-Skip-Cache
X-Gateway-Cache-Status
X-Wikidot-Static-Cache
X-Amzn-Remapped-Content-Length
X-Sorting-Hat-PodId
X-Wikidot-Backend
X-Fastly-Cache
X-Gateway-Cache-Key
X-Variation
X-Fetched-On
X-Developers
X-BBXSRF
X-Micro-Cache
SD-X-WS
Adler-Geo
X-Location
X-Amz-Meta-Cache-Control
X-Alternate-Cache-Key
X-MSEdge-Features
Fastly-SSL
HTTPS
Is-Eu
Heartbleed
X-No-Session
X-MSEdge-Flight
Platform
X-S-Maxage
X-Sucuri-Cache
X-Server-IP
X-Bip
X-C
X-Backend-State
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
Content-Disposition
X-Varnish-Url
X-Via-Edge
X-Planisys-CDN-Cache
X-Via-SSL
Fastly-Soc-X-Request-Id
N-Cache
Magicmarker
X-Owner
MIME-Version
AKAMAI
X-Backend-Url
Fastly-Backend-Name
X-Planisys-CDN-Rules
X-Backend-Host
X-Server-Time
X-Planisys-CDN-TTL
X-Cms-Context
X-Auto-Login
X-NC
X-GZip
X-Sn-Servicetimems
X-Apm-App-Name
X-Apm-Inst-Hash
X-Apm-Svc-Key
X-Cdn-Origin
V-Age
Server-ID
X-RateLimit-Reset
Gh-Request-Id
X-Real-Ip
HostName
X-Org
X-ND-Cache
Rt-Proxy-Cache
REQUESTUUID
X-FPC
X-Geo
X-Exp-Se
X-Node-Id
X-Pjax-Url
X-Served-From
Viewtype
VivaBuild
X-Load-Cache
X-Varnish-Beresp-Ttl
Powered-By
X-CUA
X-B3-Parentspanid
X-Gdpr
X-CDN-Forward
X-DC
X-Parent-Response-Time
X-Aicache-OS
Section-Io-Cache
Pragrma
X-CSRF-TOKEN
X-CACHE-KEY
X-Passed-To
X-Passed-To-BeforeDispatch
X-Passed-To-DLL
X-Passed-To-PostProcessResponse
Wxu-Next-Commit
X-Returned-From-BeforeDispatch
X-Dc
X-Server-By
X-Stale
X-Svr
X-Returned-From-PostProcessResponse
X-Returned-From-DLL
Wxu-Next-Region
X-Returned-From
X-Original-Request
Wxu-Next-Hostname
X-Git-Hash
Time
X-Actual-URL
Memory
X-Nc
X-VServer
X-Servedbyhost
X-Croise-Owner
CF-IPCountry
X-HS-Cache-Config
X-Wa
Host-ID
X-Host-Name
X-Oss-Storage-Class
X-Oss-Server-Time
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-Oss-Request-Id
X-Edge-Server
PICS-Label
Cdn-Request-Time
Cdn-Host
ProcessTime
Resin-Trace
Fastcgi-Useragent
X-Release
X-Tb-Optimization-Total-Bytes-Saved
X-Unique-ID
X-Daa-Tunnel
X-Microcachable
X-TH-Server
SID
X-WebServer
X-Varnish-Beresp-TTL
X-Cache-HT
AR-SID
X-Newrelic-Synthetics
X-Optimization
Mime-Version
Cdn
X-ID
X-Phone
X-From-Cache
X-Upstream-CT
Cf-Ipcountry
X-Upstream-HT
X-Req
X-Lb-Id
X-V
X-Instart-Info
CF-Cached-On
X-Fastly-Backend-Reqs
Backend-Name
X-B3-SpanId
Odigeo-Trace-Id
X-APP
X-Atg-Version
XServer
X-Backend-TTL
X-WR-MODIFICATION
Proxy-Firewall
X-HTML-Minification-Powered-By
X-Worker
X-LB-ID
178proxuri
X-Server-W
Xxline
188prxHost
286prxHost
225prxHost
355prline
352pxline
Processtime
409pxxline
219prxHost
X-Fstrz
189phosttRef
X-Ratelimit-Remaining
X-Vcl-Version
X-Ratelimit-Limit
X-IPS-LoggedIn
X-Response-By
X-CACHE-AGE
Version
X-CLOUD-TRACE-CONTEXT
GMS-Ver
X-Check-Cacheable
X-Nananana
X-Zone
Public-Key-Pins-Report-Only
X-VCL-Version
X-NGINX-Cache
X-UPSTREAM-Address
Esi-Enabled
Pics-Label
X-Vcache
WZWS-RAY
X-Akamai-Request-ID2
GeoIP-City
SN
X-Contensis-Viewer-Groups
GeoIP-Country-Code
GeoIP-Latitude
X-Ratelimit-Reset
X-Request-Handler-Origin-Region
X-Microsite
X-AssetVersion
Fastcgi-X-Cache-Version
Accept-Language
X-URL
X-WA
X-CSRF-Token
X-ServedByHost
X-Amz-Meta-Surrogate-Control
X-GEO
X-Hyper-Cache
GW-Server
X-HS-Status
X-ZONE
DataCenter
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
X-RequestId
X-Be
Geoip-Latitude
GeoIp-Country-Code
X-We-Are-Hiring
X-Clientip
Countrycode
Mobile-Detection-Method
X-Fastly-Country-Code
Lb
X-UE-Client-Country
X-SERVER-NAME
X-SRV
X-Dynatrace
X-BE
Geoip-City
X-Request-Start
SS
X-Render-Time
X-Reqid
X-Via-Ucdn
X-Via-NSCOPI
Ohc-File-Size
WP-Super-Cache
X-Cdn-Cache
Serverid
X-CS
X-Urbn-Context-Path
X-Urbn-Site-Id
URI
X-LiteSpeed-Cache-Control
Locale
X-NWS-UUID-VERIFY
X-GDPR
X-GZIP
X-Unique-Id
Dnion-Transfer-Encoding
IBM-Web2-Location
X-Hello
FSS-Proxy
CDN
X-PF-Uncompressing
X-PJAX-URL
FSS-Cache
X-Flog
X-Gen-Id
X-ABtesting
X-HS-Combine-CSS
Dynatrace
X-HostName
X-FORWARDED-FOR
FastCGI-Cache
Amp-Access-Control-Allow-Source-Origin
X-Fpc
Cneonction
X-NGENIX-Cache
X-Test
X-Fastly-Cache-Hits
RequestUuid
X-Pf-Uncompressing
X-Cache-Ttl
Accept-Ch
X-Compress-Hint
X-Cluster-Name
X-Bug-Bounty
X-Generation-Time
Requestid
A
Ohc-Cache-HIT
X-Store
X-Html-Edge-Cache
Server-Id
X-LiteSpeed-Tag
X-Request-Url
X-Akamai-SSL-Client-Sid
X-Port
X-Cdn-Request-ID
X-UCC
Get-Access-Time
X-HTML-Edge-Cache
X-Dw-Trace-Id
NnCoection
X-EC-Lua
X-Serial
X-ServerName
Ohc-Response-Time
Frontcache
Is-Session-Tracking