Threat Level: green Handler on Duty: Russ McRee

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
X-Powered-By
Link
ETag
CF-RAY
X-XSS-Protection
Expect-CT
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
CF-Cache-Status
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-Xss-Protection
X-Drupal-Cache
X-Adblock-Key
Alt-Svc
X-Check
X-Cacheable
Content-Security-Policy-Report-Only
X-Cache-Status
X-Generator
X-Request-ID
CF-Ray
X-DNS-Prefetch-Control
X-Permitted-Cross-Domain-Policies
X-AspNetMvc-Version
X-Template
X-Language
Status
X-Iinfo
Content-Encoding
Timing-Allow-Origin
X-Content-Security-Policy
X-FRAME-OPTIONS
X-Buckets
Upgrade
Xkey
X-Turbo-Charged-By
X-Kinja-Server-Push
X-CDN
Keep-Alive
Access-Control-Expose-Headers
X-Backend
Access-Control-Max-Age
X-Cache-Group
X-Pass-Why
X-AH-Environment
X-Drupal-Dynamic-Cache
X-Age
X-Ua-Compatible
X-Pingback
X-Server
X-Via
X-Proxy-Cache
Grace
X-Amz-Request-Id
X-Amz-Id-2
X-Hacker
X-Varnish-Cache
X-Page-Speed
X-Server-Powered-By
WPE-Backend
X-Nginx-Cache-Status
X-Robots-Tag
X-UA-Device
EagleId
Request-Context
X-Envoy-Upstream-Service-Time
Cf-Railgun
P3p
X-Amz-Version-Id
X-LiteSpeed-Cache
X-Swift-SaveTime
X-Swift-CacheTime
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-OneAgent-JS-Injection
Ali-Swift-Global-Savetime
X-WebKit-CSP
X-Device
Server-Timing
Allow
X-Ac
X-Rq
X-Node
X-Host
Content-Location
X-Server-Id
Feature-Policy
X-Cnection
X-CST
X-Response-Time
Report-To
X-Backend-Server
X-Cloud-Trace-Context
EagleEye-TraceId
Surrogate-Control
X-Application-Context
X-ORACLE-DMS-ECID
X-Iejgwucgyu
X-Readtime
X-Origin-Cache
Request-Id
X-Rack-Cache
X-Url
X-Type
X-Country
X-FTR-Request-ID
X-Cache-Lookup
X-Clacks-Overhead
X-Country-Code
NEL
Rating
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Instart-Request-ID
X-Ruxit-JS-Agent
X-Vhost
X-DynaTrace
Pinterest-Generated-By
X-Mod-Pagespeed
X-Origin-Upstream-Status
X-DataDome
Edge-Control
X-Px
X-Goog-Hash
X-HW
X-Server-Name
Verso
X-Upstream-Env
Accept-CH
X-ORACLE-DMS-RID
X-Dispatcher
MS-Author-Via
X-ESI
AR-PoweredBy
AR-ATIME
AR-CACHE
X-VARITI-CCR
X-Cdn
PB-PID
Arc-Version
X-Mobile-Rewrite
X-MS-InvokeApp
PB-RID
X-Exp-Variant
X-Cdn-Fetch
X-Exp-Id
X-Kinja-Server
X-Use-Magma
X-Kinja-Build
X-Kinja-Revision
X-Kinja
X-GoogleNews-Bot
X-DataStream-Cache-Status
X-GitHub-Request-Id
X-Cached
X-Version
Public-Key-Pins
Content-MD5
X-Powered-By-Plesk
Charset
Service-Worker-Allowed
X-Recruiting
AR-Request-ID
X-TTL
RTSS
Accept-CH-Lifetime
Ar-Sid
X-Abt-Application-Version
X-D2id
X-Navigation-Version
X-TtlSet
X-Vname
X-PC
X-Amz-Server-Side-Encryption
X-Ser
X-Varnish-TTL
X-Server-ID
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Vcap-Request-Id
X-Forwarded-Proto
X-Client-IP
SPRequestGuid
X-Trace
X-DynaTrace-JS-Agent
Nginx-Cache
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-Cache-Status
X-FTR-Backend
X-FTR-Realm
X-Country-Code-Real
X-FTR-DC
X-FTR-Expires
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
S
X-Amz-Rid
X-XRDS-Location
X-VCache
X-Amz-Meta-S3cmd-Attrs
X-SharePointHealthScore
DynaTrace
X-Debug
X-Fastly-Request-ID
TCN
X-Hits
Arr-Disable-Session-Affinity
X-Dw-Request-Base-Id
X-TEC-API-ORIGIN
X-Shield-Request-Id
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Akam-SW-Version
SPIisLatency
SPRequestDuration
Access-Control-Request-Method
X-T
X-Powered-CMS
X-B3-TraceId
X-Pinterest-Rid
Pinterest-Version
X-Upstream-Proxy
X-FTR-Cache-Host
X-Goog-Storage-Class
X-Oracle-Dms-Rid
X-Id
Realpath
X-SERVER
X-NF-Request-ID
Tracecode
X-Acc-Meta-Resource-Type
X-MSEdge-Ref
Front-End-Https
X-Amzn-Trace-Id
X-Ttl
X-Aspnet-Version
Fastcgi-Cache
X-Webkit-CSP
X-N
X-Varnish-Age
X-Content-Type
X-Forwarded-For
Paypal-Debug-Id
X-Upstream
X-Dns-Prefetch-Control
MRF-Tech
Mrf-Cache-Status
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
Alternate-Protocol
X-B3-TraceId-Primal
X-Logged-In
X-PressLabs-Stats
X-RateLimit-Remaining
X-Frontend
X-HS-Hub-Id
X-HS-Content-Id
X-Fastcgi-Cache
X-Content-Digest
Fusion-Component-Id
Fusion-Source
Fusion-Template-Id
Fusion-Content-Source
Fusion-Content-Id
X-Sol
Display
X-Middleton-Display
X-Hostname
Response
X-Middleton-Response
X-Srv
AMP-Access-Control-Allow-Source-Origin
X-Litespeed-Cache
X-Pad
X-Cache-Key
X-Accel-Expires
Host
MicrosoftSharePointTeamServices
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
Server-Name
X-Kinsta-Cache
X-Analytics
Backend-Timing
X-Correlation-Id
X-User-Agent
X-LB-Cache
X-Content-Options
X-B3-Traceid
X-Debug-Info
X-Revision
X-Az
X-Activity-Id
X-Cache-2
X-AppVersion
X-Rid
X-Amz-Apigw-Id
FilterID
X-B3-Sampled
X-Amzn-RequestId
X-IPLB-Instance
Surrogate-Key
X-Cache-Hit
Accept-Charset
ServerID
Refresh
X-Accel-Buffering
X-B
Powered-By-ChinaCache
X-CF-Powered-By
X-DIS-Request-ID
X-Grace
X-Page-Id
X-Whom
X-Request-Processing-Time
Server-Info
X-Request-Received
TP-Cache
TP-L2-Cache
MS-CV
X-PHP-Backend
Cache-Status
Host-Header
X-FastCGI-Cache
X-Origin-Server
X-TT
X-Cache-Action
X-Varnish-Backend
VIX-Pulpo-Upstream-Status
Source
VIX-Pulpo-Node
X-Cached-By
X-Amz-Replication-Status
X-F-Cache
X-Content-Security-Policy-Report-Only
X-Kong-Proxy-Latency
X-UA-Device-Type
X-Kong-Upstream-Latency
X-Framework
Access-Control-Allow-Method
X-Akamai-Edgescape
X-App-Environment
X-Cluster
X-Content-Powered-By
X-Platform-Server
X-Request-Guid
X-Varnish-Grace
X-Mobile
X-Tumblr-User
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Drupal-Cache-Tags
X-FW-Type
X-Instance
X-FW-Server
X-FW-Serve
X-FW-Hash
X-FB-Debug
X-FW-Static
X-Ruxit-Js-Agent
X-SS-Set-Cookie
X-Forwarded-Host
X-RateLimit-Limit
X-Ezoic-Cdn
X-Zen-Fury
X-GUploader-UploadID
X-Geo-Country
X-Cache-TTL
X-Node-Name
Edge-Cache-Tag
X-Shard
PageSpeed
X-Handled-By
X-Magnolia-Registration
From-Origin
X-TA-CDN-Provider
X-Varnish-Hostname
X-ATG-Version
X-Cache-Age
Cache-Tags
X-BCube-Filmed-By
Fastly-Restarts
X-AOL-HN
X-Varnish-Server
X-App-Server
DC
Cleartype
X-Cache-Control
Healthy
Upgrade-Insecure-Requests
X-Cache-Rule
Server-Node
Payment
Filters
X-Response-Served-From
X-RequestSource
X-Adobe-Content
X-Region
X-Adobe-Loc
X-Signature
Country
X-TX-ID
X-B-Cache
X-Storage
X-TT-TIMESTAMP
X-RTag
Ms-Operation-Id
X-WebKit-CSP-Report-Only
X-VG-WebCache
X-UUID
Retry-After
X-GeoIP
Actual-Object-TTL
X-Generated-By
X-Jobs
X-Drupal-Cache-Contexts
Cache-Tv-Group
X-Redis-Cache
Webserver
X-Locale
X-Cacheable-TTL
X-Varnish-Hits
X-FW-Dynamic
X-Content-Age
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
NGB
Powered
GEO-INFO
X-XRDS-LOCATION
ServedBy
Frame-Options
CACHE
X-Contextid
X-Esi
Liferay-Portal
HitType
X-WA-Info
X-Oneagent-Js-Injection
X-Rendered-As
X-Real-IP
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Seen-By
X-Guploader-Uploadid
X-Varnish-IP
X-Cache-TTL-Remaining
X-Cache-NE
X-ProcessESI
X-Via-JSL
X-RemovedCookies
Eomportal-Instance
X-GRACE
S-Cnection
Viewport
X-Time
X-Upgrade-Enabled
Xserver
X-Cache-Operation
X-Mode
X-Cache-Server
X-BACKEND-TTL
NtCoent-Length
X-Varnish-Cache-Hits
OT-Force-Account-Verify
Load-Balancing
X-Device-Type
X-ES-SERVER
X-Cache-Var-Map
Meta-Geo
X-Akamai-Transformed
X-RN-RSRV
X-From
X-Hl-Ver
X-Detected-As
X-Proto
X-Path-Route
Cache-Key
X-Cache-Var
Mn-Server-Ip
X-Is-Bot
Machine
X-S
TWC-Locale-Group
TWC-GeoIP-LatLong
TWC-Privacy
Vix-Hermes-Req-Id
Webcakes-App-Name
We-Hiring
TWC-GeoIP-Country
L5d-Success-Class
Access-Control-Request-Headers
Mail-Subject
NGX
TWC-Device-Class
Property-Id
Webcakes-App-Version
X-AWS-Id
X-Origin-Hint
X-LJ-Flow-ID
X-Proxied
X-VWS-Id
X-VG-TLSProxy
X-Routing-Service
X-Zipkin-Id
X-FC-Vary-Parameters
X-Backend-Name
Content-Style-Type
X-Cache-Config
X-Cache-Enabled
X-FB-TRIP-ID
Webcakes-Region
TWC-Connection-Speed
X-NWS-LOG-UUID
Datacenter
Content-Script-Type
X-MP-GENERATED-AT
X-Loop
S-Rt
Origin-Cache-Control
X-Origin-Response-Time
Now
X-Labrador-Cache-Channel
Origin-Edge-Control
X-L-Path
X-Debug-Cache
X-Rocket-Nginx-Bypass
X-EIG-Tracking-Id
X-Environment-Context
X-Newrelic-App-Data
X-Birta-Served
X-Access
X-Akamai-Request-ID
X-Hosted-By
X-Birta-Cache-Post
X-Web-Node
X-Wix-Server-Artifact-Id
X-ServerID
X-Section
X-Viewer-Country
X-Tb
X-Time-Microsecs
X-RCS-CacheZone
X-TNCMS
X-IP
X-Xfnlog-Site
X-Human
X-JoinUs
X-Timing-Wait
X-BYPASS-REASON
X-CCM
X-OCL
Selected-FE
X-Trace-Id
X-NCache
DB-Nickname
Cache-Tag
X-Format
Azure-InstanceId
X-Via-CDN
X-Proxy-Build
X-ProxyCache-Status
X-ProxyCache-Key
X-Vgn-Hpd-Reason
Azure-RegionName
X-FW-Version
X-PCL
Cache-Hits
Azure-SiteName
Azure-SlotName
Azure-Version
X-Site-Version
X-Internal-Host
X-Www-Served-By
X-Generated
X-Proxy
X-Via-Fastly
X-Grey
X-Cache-Category-Id
X-Endurance-Cache-Level
X-Tumblr-Pixel-3
Uber-Trace-Id
X-Varnish-Cacheable
X-R9-Blue-Green-Version
Decoy-Debug-TTL
X-Status
Decoy-Debug-Key
Decoy-Debug-Status
X-Cache-Remote
X-VC-Cache
LB
Served-By
X-UnsetCookies
X-Dynatrace-Js-Agent
X-Rule
X-EdgeConnect-Cache-Status
Release
X-UA
X-CDN-Cache
AsisCache
ViewerVersion
X-Wix-Request-Id
Rt-Fastcgi-Cache
Nel
X-Ua
X-Origin-Host
X-Cluster-Node
X-App-Name
X-Sucuri-ID
X-Request-Time
X-Nginx-Cache
X-Source
X-TIME
X-App-Version
X-ApacheServer
X-PERF
X-Datadome
X-Agile-Id
X-B3-Spanid
X-Agile-Age
X-Agile
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Origin
X-NewRelic-App-Data
X-APP-VERSION
X-OVcl
X-Hit
Cache-Name
X-OVcl-Cache
X-VCT
DSUID
SRV
User-Agent
Warning
Pagespeed
X-WPE-Loopback-Upstream-Addr
Cache
X-ElasticPress-Search
Hostname
X-Origin-CC
X-Origin-TTL
Fly-Request-Id
Server-Surrogate-Control
MD5-Digest
Server-Cache-Control
Request-Country
Origin
Node
Meta-Geo-Continent
Rendered-Blocks
Request-EU
On-Server
Request-Time
Fly-Cache
Cache-Prefix
X-A-Dgt
X-A-Dcw
BehaviorPad-Version
X-A-Wwc
Ajk
X-Aed
X-Accel-Expires-Debug
X-A-Dam
Cross-Origin-Window-Policy
Www
Thinkindot-Control
Thinkindot-CacheControl-Type
Arc-Country
Ec-Rule-Version
X-A-Ccd
X-A
Thinkindot-CacheControl
X-Debug-Cache-Fetch
X-Region-Sid
X-Refresh
X-Request-UUID
X-Rewrite-Enabled
X-S-Cookie
X-Rojux
X-Pubstack
X-Processor
X-NodeID
X-Mobile-URL
X-NU-AKA-ACS-Version
X-NX-Host
X-Platform
X-ScT
X-Secret
X-Var-Ttl
X-Up
X-Varnish-Authentication
X-VG-WebServer
Xc-Version
X-Twitter-Response-Tags
X-Trv-Group
X-Server-Group
X-Sedo-Request-Id
X-SRCache-Key
X-Thinkindot-L3
X-Transaction
X-Matched-Rule
X-Logtrace-Id
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-Connection-Hash
X-Core-Value
X-Date
X-D
X-Cache-Miss-From
X-Cache-Grace
X-B-Cookie
X-ARC
X-BB-ID
X-Cache-ASPX
X-Cache-Expires
X-Debug-Cache-Expiry
X-Debug-Cache-Store
X-Generated-In
X-Gannett-Site-Version
X-Hp-Webp
X-IN-APIGATEWAY
X-IN-WAF
X-G
X-External-Request-Id
X-Debug-Log
X-Debug-Cookies
X-Destination
X-Developer
X-DPWN-IS-SECURE
X-Application
UCS
X-Cache-Backend
X-Edge-Location
X-Cdn-Forward
User-Cache-Control
X-LI-UUID
RNT-Time
RNT-Machine
X-LI-Proto
X-Li-Pop
X-LAGOON
Server-Int
Server-Host
X-Li-Fabric
X-Location
X-Origin-Date
X-Policy
X-Protected-By
Memcached
X-Proxy-Cache-Status
X-PHP-Host
X-PAYTM-SRV-ID
ServerName
X-Origin-Expires
Pagetype
X-Cache-Debug
Proxy-Connection
X-Info
X-Developers
X-Device-Os
X-Dispatcher-Server
X-Distil-CS
X-Crawler
X-CGP
X-Cache-Host
X-Block-Status
X-Cache-Id
X-Cache-Info
X-Distributor
X-Epic-Correlation-Id
X-Hash
X-Hnp-Log
X-Proxy-Upstream
X-Instart-Isnd
True-Client-Country-4JS
Web-Mar-Node
X-Eu-Site
X-F5-Cache
X-Gen-Mode
X-Key
X-Page-Type
X-Ocache
X-SN
Apple-News-Services-Parsed-Url
X-SIPLIST1
Apple-News-Services-Host
Fastly-SWR
Apple-News-Services-Handled
Fastly-SIE
Country-Code
Lfy
Cache-Cookie-Set-Idcheck
X-TT-LOGID
Cache-Cookie-Set-Lfrom
CDCHOST
Cache-Cookie-Set-From
X-Swa-Ws
Apple-News-Services-Request-Url
X-Servername
X-Sf
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
HA-Ipaddr
Ha-Gx-Prefs
X-Reboot
X-ServiceProvider
Kp-EeAlive
IsBot
X-Qloud-Router
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Webstats-RespID
X-Request-URI
FNAC-ModuleRouting
X-Varnish-Ttl
X-FireWall-Port
Cteonnt-Length
X-Ah-Environment
X-Core-Mission
X-Fetched-On
X-Via-SSL
X-Gateway-Cache-Key
X-Via-Edge
X-Cdn-Srv
X-Cms-Context
X-Edge-IP
X-Amzn-Remapped-Content-Length
X-Variation
X-User
X-Sorting-Hat-ShopId
X-MSEdge-Features
X-Micro-Cache
X-S-Maxage
X-Server-IP
X-MSEdge-Flight
X-Nginx-Cache-Key
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-No-Session
X-ShardId
X-ShopId
X-GeoIP-City
X-Geo-Header
X-Generated-On
X-Gateway-Skip-Cache
X-TrackingId
X-Thanos
X-Level-Front-Cache
X-Shopify-Stage
X-Sorting-Hat-PodId
X-GeoIP-Country-Code
X-Gateway-Cache-Status
X-Irp-Debug
X-Cache-Bucket
SD-X-WS
AKAMAI
Heartbleed
HTTPS
Platform
Is-Eu
X-Amzn-Remapped-Date
X-Amzn-Remapped-Connection
Content-Disposition
X-Sucuri-Cache
Backend
X-Alternate-Cache-Key
Fastly-SSL
Fastly-Soc-X-Request-Id
X-Auto-Login
Pramga
X-C
X-Bip
Adler-Geo
X-Backend-Url
X-Backend-State
X-Backend-Host
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-Varnish-Url
Fastly-Backend-Name
X-Fastly-Cache
Gh-Request-Id
X-Cache-FS-Status
X-Amz-Meta-Cache-Control
X-Skip-Cache
N-Cache
X-BBXSRF
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-Owner
Magicmarker
X-GZip
X-NC
X-Cdn-Origin
X-Server-Time
Server-ID
X-RateLimit-Reset
X-Sn-Servicetimems
V-Age
X-Apm-Svc-Key
X-Apm-App-Name
X-Apm-Inst-Hash
X-Real-Ip
MIME-Version
X-ND-Cache
X-Exp-Se
X-Node-Id
X-Org
REQUESTUUID
Rt-Proxy-Cache
X-Pjax-Url
Viewtype
X-Load-Cache
X-Served-From
X-Geo
VivaBuild
X-FPC
X-Varnish-Beresp-Ttl
X-CDN-Forward
X-B3-Parentspanid
X-CUA
HostName
Powered-By
X-Gdpr
X-CACHE-KEY
X-Parent-Response-Time
Pragrma
X-CSRF-TOKEN
X-Aicache-OS
X-Dc
Section-Io-Cache
Wxu-Next-Hostname
X-Passed-To
X-Passed-To-BeforeDispatch
Wxu-Next-Region
X-Passed-To-DLL
X-Original-Request
Wxu-Next-Commit
X-Passed-To-PostProcessResponse
X-Returned-From-BeforeDispatch
X-Returned-From-DLL
X-Returned-From-PostProcessResponse
X-Nc
X-Server-By
X-Actual-URL
X-Svr
X-Returned-From
X-DC
X-Stale
X-HS-Cache-Config
CF-IPCountry
Time
Memory
X-Wa
Host-ID
X-VServer
X-Croise-Owner
X-Git-Hash
X-Servedbyhost
Cdn-Host
Cdn-Request-Time
PICS-Label
X-Oss-Storage-Class
X-Oss-Object-Type
X-Oss-Server-Time
X-Oss-Hash-Crc64ecma
X-Host-Name
X-Oss-Request-Id
X-Edge-Server
ProcessTime
X-Release
Resin-Trace
X-Tb-Optimization-Total-Bytes-Saved
Fastcgi-Useragent
X-Unique-ID
X-Daa-Tunnel
Mime-Version
X-Microcachable
SID
X-TH-Server
X-WebServer
X-Varnish-Beresp-TTL
X-Newrelic-Synthetics
X-Cache-HT
AR-SID
X-Optimization
Cdn
X-From-Cache
X-Phone
Cf-Ipcountry
X-URL
X-Upstream-HT
X-Upstream-CT
X-Lb-Id
X-Instart-Info
X-Req
X-V
CF-Cached-On
X-Fastly-Backend-Reqs
Odigeo-Trace-Id
Backend-Name
X-Atg-Version
X-WR-MODIFICATION
X-Worker
X-Backend-TTL
X-APP
XServer
Proxy-Firewall
X-HTML-Minification-Powered-By
X-LB-ID
X-B3-SpanId
Processtime
225prxHost
X-Fstrz
188prxHost
X-Server-W
189phosttRef
219prxHost
409pxxline
X-ID
178proxuri
Xxline
286prxHost
355prline
352pxline
X-Ratelimit-Remaining
X-IPS-LoggedIn
X-Ratelimit-Limit
X-Response-By
X-Vcl-Version
X-CACHE-AGE
X-CLOUD-TRACE-CONTEXT
Version
X-Check-Cacheable
GMS-Ver
X-Nananana
X-Zone
Public-Key-Pins-Report-Only
Pics-Label
X-NGINX-Cache
X-UPSTREAM-Address
X-Akamai-Request-ID2
X-Vcache
WZWS-RAY
Accept-Language
GeoIP-Latitude
GeoIP-Country-Code
GeoIP-City
SN
Esi-Enabled
X-WA
X-VCL-Version
X-Ratelimit-Reset
X-Contensis-Viewer-Groups
X-AssetVersion
X-Request-Handler-Origin-Region
Fastcgi-X-Cache-Version
X-Microsite
X-GEO
X-Hyper-Cache
X-ServedByHost
GW-Server
X-CSRF-Token
X-HS-Status
X-Amz-Meta-Surrogate-Control
DataCenter
X-SERVER-NAME
X-Be
GeoIp-Country-Code
X-Clientip
Lb
Geoip-Latitude
X-Vtex-Processado-Em
Mobile-Detection-Method
X-Vtex-Remote-Cache
X-UE-Client-Country
X-RequestId
X-Fastly-Country-Code
Countrycode
X-We-Are-Hiring
X-ZONE
X-Dynatrace
Geoip-City
X-Reqid
X-BE
X-Request-Start
SS
Locale
X-Urbn-Context-Path
X-Via-Ucdn
X-Via-NSCOPI
X-Urbn-Site-Id
X-GDPR
X-Render-Time
Ohc-File-Size
WP-Super-Cache
X-Cdn-Cache
X-CS
URI
X-Flog
X-NWS-UUID-VERIFY
X-ABtesting
X-LiteSpeed-Cache-Control
X-Hello
X-Unique-Id
X-GZIP
Dnion-Transfer-Encoding
X-PJAX-URL
FSS-Cache
X-PF-Uncompressing
IBM-Web2-Location
X-HS-Combine-CSS
CDN
X-Gen-Id
FSS-Proxy
FastCGI-Cache
X-SRV
Amp-Access-Control-Allow-Source-Origin
X-FORWARDED-FOR
X-HostName
Dynatrace
X-Generation-Time
X-Fpc
Serverid
X-Fastly-Cache-Hits
X-NGENIX-Cache
RequestUuid
X-Pf-Uncompressing
X-Test
Cneonction
X-Cache-Ttl
X-Store
Accept-Ch
A
X-Compress-Hint
Server-Id
Ohc-Cache-HIT
Requestid
X-Bug-Bounty
X-Request-Url
X-Cluster-Name
X-LiteSpeed-Tag
X-Html-Edge-Cache
X-Akamai-SSL-Client-Sid
RequestId
X-Dw-Trace-Id
X-UCC
NnCoection
X-Serial
Frontcache
X-Cdn-Request-ID
X-ServerName
Ohc-Response-Time
X-HTML-Edge-Cache
Get-Access-Time
X-EC-Lua
Is-Session-Tracking
X-Port