Threat Level: green Handler on Duty: Renato Marinho

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
X-Powered-By
Link
ETag
CF-RAY
X-XSS-Protection
Expect-CT
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
CF-Cache-Status
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-AspNet-Version
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-Xss-Protection
X-Drupal-Cache
X-Adblock-Key
Alt-Svc
X-Check
X-Request-ID
X-Cacheable
Content-Security-Policy-Report-Only
X-Cache-Status
X-Generator
CF-Ray
X-Permitted-Cross-Domain-Policies
X-DNS-Prefetch-Control
X-AspNetMvc-Version
X-Template
X-Language
Status
X-Iinfo
Content-Encoding
Timing-Allow-Origin
X-Buckets
X-FRAME-OPTIONS
X-Content-Security-Policy
Upgrade
X-CDN
Xkey
X-Turbo-Charged-By
X-Kinja-Server-Push
Keep-Alive
Access-Control-Expose-Headers
X-Backend
X-Cache-Group
X-Pass-Why
Access-Control-Max-Age
X-AH-Environment
P3p
X-Drupal-Dynamic-Cache
X-Age
X-Ua-Compatible
X-Pingback
X-Server
X-Via
X-Proxy-Cache
Grace
X-Amz-Request-Id
X-Amz-Id-2
X-Hacker
WPE-Backend
X-Varnish-Cache
X-Robots-Tag
X-Server-Powered-By
X-Nginx-Cache-Status
X-Page-Speed
EagleId
X-UA-Device
Request-Context
X-Envoy-Upstream-Service-Time
Cf-Railgun
X-Amz-Version-Id
X-LiteSpeed-Cache
X-WebKit-CSP
X-Swift-CacheTime
X-Swift-SaveTime
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-OneAgent-JS-Injection
X-Device
Ali-Swift-Global-Savetime
Allow
Server-Timing
X-Ac
X-Rq
X-Node
X-Host
X-CST
Content-Location
Feature-Policy
X-Cnection
X-Response-Time
X-Server-Id
Report-To
X-Type
X-Backend-Server
X-Cloud-Trace-Context
X-Application-Context
Surrogate-Control
EagleEye-TraceId
X-Iejgwucgyu
X-ORACLE-DMS-ECID
X-Url
X-Readtime
X-Origin-Cache
Request-Id
X-Rack-Cache
X-Country
X-FTR-Request-ID
X-Cache-Lookup
X-Clacks-Overhead
X-Country-Code
Rating
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
NEL
X-Instart-Request-ID
X-Vhost
X-DynaTrace
X-Ruxit-JS-Agent
X-Mod-Pagespeed
Pinterest-Generated-By
X-Origin-Upstream-Status
X-DataDome
X-Px
X-Upstream-Env
Edge-Control
X-Goog-Hash
Verso
X-Server-Name
X-ESI
Accept-CH
X-HW
X-Dispatcher
MS-Author-Via
X-VARITI-CCR
AR-PoweredBy
AR-CACHE
AR-ATIME
X-GitHub-Request-Id
X-DataStream-Cache-Status
PB-RID
PB-PID
Arc-Version
X-MS-InvokeApp
X-Mobile-Rewrite
X-ORACLE-DMS-RID
X-Exp-Id
X-Kinja-Build
X-Exp-Variant
X-Use-Magma
X-Cdn-Fetch
X-GoogleNews-Bot
X-Kinja
X-Kinja-Server
X-Kinja-Revision
X-Cached
X-Version
Charset
Content-MD5
X-Powered-By-Plesk
Public-Key-Pins
X-Recruiting
X-Server-ID
X-Dns-Prefetch-Control
Service-Worker-Allowed
AR-Request-ID
Accept-CH-Lifetime
RTSS
Ar-Sid
X-Abt-Application-Version
X-D2id
X-Navigation-Version
X-PC
X-Vname
X-TtlSet
X-Ser
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Varnish-TTL
X-TTL
X-Amz-Server-Side-Encryption
X-Vcap-Request-Id
X-Trace
X-Forwarded-Proto
X-Client-IP
SPRequestGuid
X-DynaTrace-JS-Agent
Nginx-Cache
X-FTR-Cache-Status
X-FTR-DC
X-FTR-Balancer
X-FTR-Realm
X-FTR-Backend-Server
X-Country-Code-Real
X-FTR-Backend
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-FTR-Expires
X-Amz-Rid
X-VCache
S
X-SharePointHealthScore
X-Fastly-Request-ID
X-Amz-Meta-S3cmd-Attrs
X-Oracle-Dms-Rid
X-Debug
TCN
Arr-Disable-Session-Affinity
X-Shield-Request-Id
X-Hits
X-TEC-API-ORIGIN
X-TEC-API-VERSION
DynaTrace
X-TEC-API-ROOT
X-Dw-Request-Base-Id
X-XRDS-Location
X-Ttl
SPIisLatency
X-Pinterest-Rid
Pinterest-Version
X-Upstream-Proxy
SPRequestDuration
X-Akam-SW-Version
Access-Control-Request-Method
X-T
X-Goog-Storage-Class
X-FTR-Cache-Host
X-Powered-CMS
Front-End-Https
X-NF-Request-ID
X-SERVER
X-Acc-Meta-Resource-Type
Realpath
Tracecode
X-Amzn-Trace-Id
X-MSEdge-Ref
X-Id
X-B3-TraceId
X-Aspnet-Version
Fastcgi-Cache
X-N
Paypal-Debug-Id
X-Varnish-Age
X-Content-Type
X-Forwarded-For
X-Upstream
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
Alternate-Protocol
Mrf-Cache-Status
X-B3-TraceId-Primal
MRF-Tech
X-RateLimit-Remaining
X-Frontend
X-Logged-In
X-PressLabs-Stats
X-Fastcgi-Cache
X-HS-Hub-Id
X-HS-Content-Id
Fusion-Source
Fusion-Component-Id
Fusion-Template-Id
X-Middleton-Display
Fusion-Content-Source
Fusion-Content-Id
Display
X-Content-Digest
X-Sol
X-Middleton-Response
AMP-Access-Control-Allow-Source-Origin
Response
X-Hostname
X-Litespeed-Cache
X-Srv
X-B3-Traceid
X-Pad
X-Accel-Expires
X-Cache-Key
X-Kinsta-Cache
MicrosoftSharePointTeamServices
Server-Name
X-Accel-Buffering
Host
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
X-User-Agent
Backend-Timing
X-Content-Options
X-Analytics
X-Correlation-Id
X-Debug-Info
X-LB-Cache
X-Revision
X-AppVersion
X-Az
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Activity-Id
Refresh
X-Rid
Accept-Charset
FilterID
X-IPLB-Instance
X-Cdn
X-B3-Sampled
X-Cache-2
X-Cache-Hit
Surrogate-Key
Powered-By-ChinaCache
X-DIS-Request-ID
X-B
X-Grace
X-CF-Powered-By
ServerID
X-Ruxit-Js-Agent
X-Page-Id
X-Whom
Server-Info
TP-Cache
TP-L2-Cache
X-PHP-Backend
X-Request-Received
MS-CV
X-Request-Processing-Time
Host-Header
X-FastCGI-Cache
X-Cached-By
X-Content-Security-Policy-Report-Only
X-Kong-Upstream-Latency
X-Origin-Server
X-TT
X-Amz-Replication-Status
X-Kong-Proxy-Latency
Cache-Status
Source
VIX-Pulpo-Upstream-Status
X-Varnish-Backend
VIX-Pulpo-Node
X-Akamai-Edgescape
X-App-Environment
X-UA-Device-Type
X-Framework
X-Cache-Action
X-Cluster
X-Platform-Server
X-Mobile
Access-Control-Allow-Method
X-Content-Powered-By
X-Webkit-CSP
X-FW-Server
X-FW-Serve
X-FW-Hash
X-F-Cache
X-FW-Static
X-FW-Type
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Varnish-Grace
X-Drupal-Cache-Tags
X-Tumblr-User
X-Request-Guid
X-Instance
X-SS-Set-Cookie
X-FB-Debug
X-Zen-Fury
X-Shard
X-Ezoic-Cdn
X-Geo-Country
X-RateLimit-Limit
X-GUploader-UploadID
X-Handled-By
X-Cache-TTL
X-Forwarded-Host
X-Magnolia-Registration
Edge-Cache-Tag
From-Origin
X-Node-Name
X-ATG-Version
PageSpeed
X-Cache-Age
X-Varnish-Hostname
X-App-Server
Cache-Tags
DC
X-Varnish-Server
Cleartype
X-BCube-Filmed-By
X-AOL-HN
CACHE
X-XRDS-LOCATION
X-Cache-Control
Payment
Healthy
Upgrade-Insecure-Requests
X-Response-Served-From
Filters
X-Generated-By
X-WebKit-CSP-Report-Only
X-RequestSource
X-Region
X-Adobe-Loc
X-Adobe-Content
Server-Node
Fastly-Restarts
X-TX-ID
X-UUID
X-Redis-Cache
X-RTag
X-Storage
NGB
X-Cache-Rule
X-VG-WebCache
Cache-Tv-Group
Ms-Operation-Id
Country
Webserver
X-TT-TIMESTAMP
X-GeoIP
X-B-Cache
X-Jobs
Retry-After
X-Signature
X-Drupal-Cache-Contexts
Actual-Object-TTL
X-FW-Dynamic
X-Locale
X-Tumblr-Pixel-1
X-Cacheable-TTL
X-Content-Age
X-Tumblr-Pixel-2
X-Varnish-Hits
GEO-INFO
X-TA-CDN-Provider
ServedBy
Liferay-Portal
Powered
X-Contextid
X-Seen-By
Frame-Options
X-Wix-Server-Artifact-Id
HitType
X-Rendered-As
X-Via-JSL
X-Cache-TTL-Remaining
X-Oneagent-Js-Injection
X-Guploader-Uploadid
X-Varnish-IP
X-WA-Info
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Real-IP
X-BACKEND-TTL
Viewport
S-Cnection
Eomportal-Instance
X-RemovedCookies
X-ProcessESI
X-Cache-NE
X-Upgrade-Enabled
X-Cache-Server
NtCoent-Length
Content-Script-Type
X-Mode
Xserver
Content-Style-Type
Datacenter
X-GRACE
Nel
X-Esi
X-Cache-Config
X-Akamai-Transformed
Cache-Key
X-Proxied
X-Proto
Machine
X-Device-Type
X-ES-SERVER
Cache-Hits
X-Routing-Service
X-RN-RSRV
Meta-Geo
X-Time
X-Path-Route
X-Varnish-Cache-Hits
X-From
X-Zipkin-Id
X-Is-Bot
X-S
OT-Force-Account-Verify
X-Cache-Var-Map
X-Detected-As
Mn-Server-Ip
Load-Balancing
X-Cache-Var
X-Hl-Ver
X-FC-Vary-Parameters
X-Environment-Context
X-Cache-Operation
Webcakes-App-Version
X-AWS-Id
Webcakes-Region
Access-Control-Request-Headers
TWC-Locale-Group
Mail-Subject
Property-Id
X-Origin-Hint
TWC-GeoIP-Country
TWC-Privacy
X-VG-TLSProxy
X-Cache-Enabled
X-Tb
TWC-Connection-Speed
TWC-Device-Class
L5d-Success-Class
We-Hiring
X-Hosted-By
Webcakes-App-Name
X-Viewer-Country
Vix-Hermes-Req-Id
X-LJ-Flow-ID
X-VWS-Id
TWC-GeoIP-LatLong
X-L-Path
X-Backend-Name
X-Birta-Served
X-Birta-Cache-Post
X-Access
Azure-InstanceId
Azure-RegionName
Azure-SiteName
S-Rt
X-Web-Node
X-FB-TRIP-ID
X-Proxy
X-Akamai-Request-ID
NGX
X-Debug-Cache
X-Section
X-ServerID
X-Origin-Response-Time
X-Format
X-Labrador-Cache-Channel
X-Loop
X-Endurance-Cache-Level
X-EIG-Tracking-Id
X-FW-Version
Azure-SlotName
Azure-Version
X-Time-Microsecs
Origin-Edge-Control
X-TNCMS
Origin-Cache-Control
DB-Nickname
Now
Selected-FE
X-Varnish-Cacheable
X-ProxyCache-Status
X-ProxyCache-Key
X-BYPASS-REASON
X-PCL
X-Timing-Wait
X-Trace-Id
X-Xfnlog-Site
X-Via-Fastly
X-Via-CDN
X-OCL
X-Proxy-Build
X-CCM
Cache-Tag
X-Human
X-IP
X-JoinUs
X-NCache
X-Rocket-Nginx-Bypass
X-Cache-Category-Id
X-Tumblr-Pixel-3
X-Vgn-Hpd-Reason
X-Generated
X-Site-Version
X-Status
X-Grey
X-Www-Served-By
Decoy-Debug-Status
Decoy-Debug-Key
Decoy-Debug-TTL
X-NWS-LOG-UUID
Uber-Trace-Id
ViewerVersion
X-MP-GENERATED-AT
X-Wix-Request-Id
X-RCS-CacheZone
X-R9-Blue-Green-Version
X-Internal-Host
X-VC-Cache
Served-By
X-CDN-Cache
X-EdgeConnect-Cache-Status
X-Newrelic-App-Data
X-Rule
X-Dynatrace-Js-Agent
X-UA
X-Cache-Remote
X-NewRelic-App-Data
LB
AsisCache
Release
X-Origin-Host
X-UnsetCookies
X-Sucuri-ID
X-Cluster-Node
Rt-Fastcgi-Cache
X-TIME
X-App-Name
Pagespeed
X-ApacheServer
X-PERF
User-Agent
X-Source
X-APP-VERSION
X-Nginx-Cache
X-Agile-Id
X-Agile-Age
X-Agile
X-Request-Time
X-B3-Spanid
X-Ua
X-Datadome
Hostname
Cache-Name
X-App-Version
X-Edge-Location
X-Goog-Meta-Goog-Reserved-File-Mtime
X-OVcl-Cache
X-Hit
X-Origin
X-OVcl
X-VCT
X-Pubstack
Warning
X-Edge-IP
X-Origin-TTL
X-Origin-CC
Fly-Request-Id
X-NodeID
Ec-Rule-Version
Fly-Cache
Arc-Country
X-NX-Host
Node
Meta-Geo-Continent
MD5-Digest
X-Generated-In
X-NU-AKA-ACS-Version
X-Gannett-Site-Version
X-IN-WAF
X-IN-APIGATEWAY
Cache-Prefix
Ajk
X-Sucuri-Cache
BehaviorPad-Version
X-Ocache
Cross-Origin-Window-Policy
X-Hp-Webp
X-Instart-Isnd
X-Logtrace-Id
X-Mobile-URL
X-Developer
X-Debug-Cache-Fetch
X-Debug-Cache-Expiry
X-Date
X-D
X-Debug-Cache-Store
X-Aed
X-A-Wwc
X-Accel-Expires-Debug
X-Debug-Cookies
X-Application
X-ARC
X-CF-Lambda-Fn
X-Cache-ASPX
X-Cache-Expires
X-Cache-Grace
X-CF-Lambda-Version
X-BB-ID
X-B-Cookie
X-Core-Value
X-Connection-Hash
X-A-Dgt
X-A-Dcw
Request-EU
Request-Time
X-DPWN-IS-SECURE
Server-Cache-Control
Request-Country
Rendered-Blocks
Origin
X-G
X-External-Request-Id
Server-Surrogate-Control
Thinkindot-CacheControl
Www
X-A
X-A-Ccd
X-A-Dam
X-Debug-Log
X-Destination
Thinkindot-CacheControl-Type
Thinkindot-Control
UCS
On-Server
X-Matched-Rule
X-SRCache-Key
X-Protected-By
Xc-Version
X-Rewrite-Enabled
X-Server-Group
X-Processor
X-ScT
X-Varnish-Beresp-Status
X-Request-UUID
X-Rojux
X-Region-Sid
X-Secret
X-Varnish-Beresp-Grace
X-Platform
X-S-Cookie
X-Varnish-Authentication
X-Thinkindot-L3
X-Twitter-Response-Tags
X-Up
X-Var-Ttl
X-Transaction
X-Trv-Group
X-VG-WebServer
X-PAYTM-SRV-ID
User-Cache-Control
X-Cache-Backend
X-ElasticPress-Search
Proxy-Connection
X-Servername
Pramga
Pagetype
X-Eu-Site
Lfy
Memcached
Kp-EeAlive
IsBot
X-Gen-Mode
Magicmarker
X-ServiceProvider
X-CGP
N-Cache
X-Sedo-Request-Id
X-Crawler
Web-Mar-Node
X-Swa-Ws
X-Developers
True-Client-Country-4JS
X-Amzn-Remapped-Date
X-WPE-Loopback-Upstream-Addr
X-Varnish-Url
X-Amzn-Remapped-Connection
X-Cdn-Forward
X-TT-LOGID
X-SN
X-Device-Os
X-Distributor
RNT-Time
RNT-Machine
X-Epic-Correlation-Id
X-SIPLIST1
Server-Host
SRV
X-Dispatcher-Server
Server-Int
X-Distil-CS
X-Sf
X-Block-Status
X-LAGOON
X-Key
X-Cache-Debug
X-Proxy-Upstream
X-Li-Pop
X-Li-Fabric
X-Qloud-Router
X-Irp-Debug
Apple-News-Services-Request-Url
Heartbleed
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Apple-News-Services-Handled
X-LI-Proto
X-LI-UUID
X-Nginx-Cache-Key
X-Cache-Host
X-No-Session
X-Page-Type
X-Origin-Date
X-Origin-Expires
X-Webstats-RespID
X-Cache-Miss-From
X-Policy
X-Proxy-Cache-Status
X-F5-Cache
X-PHP-Host
X-Cache-Id
Backend
X-RateLimit-Limit-Second
Fastly-SIE
X-Hnp-Log
Fastly-Backend-Name
X-Request-URI
X-RateLimit-Remaining-Second
X-Hash
Fastly-SWR
Ha-Gx-Prefs
HA-Ipaddr
X-Geo-Header
X-C
X-Cache-Info
X-Refresh
Country-Code
X-Rebelmouse-Cache-Control
Cache-Cookie-Set-Lfrom
X-Reboot
CDCHOST
X-Rebelmouse-Surrogate-Control
X-Info
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
X-Varnish-Ttl
DSUID
X-FireWall-Port
X-Cache-Bucket
X-Wikidot-Backend
X-Via-Edge
X-Wikidot-Static-Cache
X-Via-SSL
X-Core-Mission
X-Gateway-Cache-Status
X-GeoIP-City
X-Generated-On
X-Gateway-Skip-Cache
X-S-Maxage
X-GeoIP-Country-Code
X-Level-Front-Cache
X-MSEdge-Flight
X-MSEdge-Features
X-Micro-Cache
X-Location
X-Gateway-Cache-Key
X-Server-IP
X-Sorting-Hat-ShopId
X-Thanos
X-TrackingId
X-User
X-Sorting-Hat-PodId
X-Skip-Cache
X-Fetched-On
X-ShardId
X-ShopId
X-Shopify-Stage
X-Variation
X-Cms-Context
AKAMAI
X-Real-Ip
Adler-Geo
X-Cache-FS-Status
X-Amz-Meta-Cache-Control
Content-Disposition
Fastly-Soc-X-Request-Id
Is-Eu
Platform
HTTPS
SD-X-WS
Fastly-SSL
X-CACHE-KEY
X-Alternate-Cache-Key
X-BBXSRF
X-Bip
X-Amzn-Remapped-Content-Length
X-Ah-Environment
X-Backend-State
Cteonnt-Length
X-Owner
X-Fastly-Cache
X-Planisys-CDN-Cache
X-Cdn-Srv
ServerName
X-Planisys-CDN-Rules
X-Backend-Url
X-Server-Time
FNAC-ModuleRouting
X-Planisys-CDN-TTL
X-Node-Id
X-Auto-Login
X-Backend-Host
X-Varnish-Beresp-Ttl
X-GZip
X-RateLimit-Reset
Server-ID
X-Org
Section-Io-Cache
Gh-Request-Id
X-CUA
Powered-By
X-Nc
X-CDN-Forward
X-Apm-Svc-Key
X-Pjax-Url
VivaBuild
X-Sn-Servicetimems
X-Cdn-Origin
X-Load-Cache
Pragrma
X-FPC
V-Age
REQUESTUUID
X-Apm-App-Name
Viewtype
X-Apm-Inst-Hash
MIME-Version
Cache
X-NC
X-Dc
X-Passed-To-BeforeDispatch
X-Returned-From
X-Passed-To
X-Returned-From-BeforeDispatch
X-Passed-To-DLL
X-Passed-To-PostProcessResponse
X-Geo
X-ND-Cache
X-Original-Request
X-Returned-From-DLL
X-Stale
X-Svr
X-Returned-From-PostProcessResponse
X-Parent-Response-Time
X-Exp-Se
X-Actual-URL
Fastcgi-Useragent
Rt-Proxy-Cache
X-Server-By
X-Aicache-OS
X-VServer
Host-ID
X-Gdpr
X-HS-Cache-Config
X-Served-From
X-Croise-Owner
X-Ua-Device
HostName
X-CSRF-TOKEN
X-Unique-ID
X-Edge-Server
Cdn-Request-Time
Cdn-Host
X-B3-Parentspanid
PICS-Label
Time
Memory
X-Microcachable
Mime-Version
X-DC
X-Git-Hash
X-Wa
X-Servedbyhost
Resin-Trace
Wxu-Next-Commit
X-Oss-Request-Id
X-Oss-Server-Time
X-Oss-Storage-Class
SID
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
Wxu-Next-Hostname
Wxu-Next-Region
ProcessTime
X-Newrelic-Synthetics
X-V
X-From-Cache
X-Req
X-Tb-Optimization-Total-Bytes-Saved
CF-IPCountry
X-ID
X-Cache-HT
Cf-Ipcountry
X-Optimization
AR-SID
X-Release
Cdn
Odigeo-Trace-Id
X-Lb-Id
X-Host-Name
X-TH-Server
X-WebServer
X-HTML-Minification-Powered-By
X-Varnish-Beresp-TTL
CF-Cached-On
X-Fstrz
X-Phone
X-Daa-Tunnel
X-Atg-Version
Proxy-Firewall
XServer
Processtime
X-Instart-Info
X-APP
X-Response-By
X-Upstream-HT
X-Upstream-CT
Public-Key-Pins-Report-Only
X-WR-MODIFICATION
X-Vcl-Version
Backend-Name
GMS-Ver
X-LB-ID
X-Ratelimit-Remaining
X-Check-Cacheable
WZWS-RAY
X-Worker
X-Ratelimit-Limit
X-Fastly-Backend-Reqs
X-Zone
X-CACHE-AGE
X-CLOUD-TRACE-CONTEXT
Fastcgi-X-Cache-Version
X-GEO
188prxHost
178proxuri
X-B3-SpanId
286prxHost
219prxHost
X-Server-W
225prxHost
409pxxline
189phosttRef
Xxline
352pxline
355prline
X-WA
X-NGINX-Cache
X-Backend-TTL
X-Amz-Meta-Surrogate-Control
X-Nananana
X-IPS-LoggedIn
X-Vcache
Version
X-ServedByHost
X-Clientip
Pics-Label
X-HS-Status
X-CSRF-Token
X-We-Are-Hiring
Countrycode
X-UE-Client-Country
GW-Server
X-Ratelimit-Reset
X-URL
Mobile-Detection-Method
Lb
SN
X-Fastly-Country-Code
X-UPSTREAM-Address
GeoIp-Country-Code
X-Hyper-Cache
Esi-Enabled
Geoip-Latitude
SS
WP-Super-Cache
DataCenter
Ohc-File-Size
X-VCL-Version
X-SERVER-NAME
X-Contensis-Viewer-Groups
Geoip-City
X-AssetVersion
X-Akamai-Request-ID2
X-Dynatrace
X-SRV
Accept-Language
X-GZIP
X-PF-Uncompressing
X-Be
FSS-Proxy
X-HS-Combine-CSS
X-Request-Start
GeoIP-City
GeoIP-Country-Code
URI
FSS-Cache
GeoIP-Latitude
X-Render-Time
X-Via-Ucdn
X-BE
Serverid
X-CS
X-GDPR
X-NWS-UUID-VERIFY
X-LiteSpeed-Cache-Control
X-Vtex-Remote-Cache
X-RequestId
X-Vtex-Processado-Em
X-Unique-Id
X-Via-NSCOPI
Ohc-Cache-HIT
X-Reqid
Locale
X-ZONE
X-Fpc
X-Gen-Id
X-PJAX-URL
X-Urbn-Site-Id
X-Urbn-Context-Path
CDN
X-FORWARDED-FOR
Amp-Access-Control-Allow-Source-Origin
X-HostName
FastCGI-Cache
Dynatrace
X-Hello
X-ABtesting
X-Flog
X-Request-Handler-Origin-Region
X-Microsite
X-Pf-Uncompressing
X-Html-Edge-Cache
RequestUuid
X-Fastly-Cache-Hits
X-UCC
Cneonction
X-Cdn-Cache
X-Cache-Ttl
X-LiteSpeed-Tag
X-Varnish-Action
Accept-Ch
Who
X-Store
A
X-Generation-Time
Server-Id
IBM-Web2-Location
X-Request-Url
Dnion-Transfer-Encoding
X-Akamai-SSL-Client-Sid
X-Cache-URL
X-Dw-Trace-Id
Get-Access-Time
X-ServerName
NnCoection
Frontcache
X-HTML-Edge-Cache
X-Serial
Ohc-Response-Time
X-Cdn-Request-ID
X-EC-Lua
Is-Session-Tracking
X-Port