Threat Level: green Handler on Duty: Russ McRee

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
X-Powered-By
Link
ETag
CF-RAY
X-XSS-Protection
Expect-CT
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
CF-Cache-Status
X-Timer
Access-Control-Allow-Headers
X-Request-Id
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-Xss-Protection
X-Drupal-Cache
X-Adblock-Key
Alt-Svc
X-Check
X-Cacheable
X-Request-ID
Content-Security-Policy-Report-Only
X-Cache-Status
X-Generator
CF-Ray
X-DNS-Prefetch-Control
X-Permitted-Cross-Domain-Policies
X-AspNetMvc-Version
X-Template
X-Language
Status
X-Iinfo
Content-Encoding
Timing-Allow-Origin
X-Content-Security-Policy
X-FRAME-OPTIONS
X-Buckets
Upgrade
Xkey
X-Turbo-Charged-By
X-CDN
X-Kinja-Server-Push
Keep-Alive
Access-Control-Expose-Headers
X-Backend
Access-Control-Max-Age
X-Cache-Group
X-Pass-Why
X-AH-Environment
X-Drupal-Dynamic-Cache
X-Age
X-Ua-Compatible
X-Pingback
X-Server
X-Via
X-Proxy-Cache
Grace
X-Amz-Id-2
X-Amz-Request-Id
X-Hacker
X-Varnish-Cache
X-Page-Speed
WPE-Backend
X-Robots-Tag
X-Server-Powered-By
X-Nginx-Cache-Status
X-UA-Device
EagleId
Request-Context
X-Envoy-Upstream-Service-Time
Cf-Railgun
P3p
X-Amz-Version-Id
X-LiteSpeed-Cache
X-Swift-SaveTime
X-Swift-CacheTime
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
Ali-Swift-Global-Savetime
X-Device
X-WebKit-CSP
X-OneAgent-JS-Injection
Server-Timing
Allow
X-Ac
X-Rq
X-Node
X-Server-Id
X-Host
Content-Location
Feature-Policy
X-Cnection
X-CST
X-Response-Time
Report-To
X-Backend-Server
X-Cloud-Trace-Context
EagleEye-TraceId
X-Application-Context
Surrogate-Control
X-ORACLE-DMS-ECID
X-Iejgwucgyu
X-Url
X-Readtime
X-Origin-Cache
Request-Id
X-Rack-Cache
X-Type
X-Country
X-FTR-Request-ID
X-Cache-Lookup
X-Clacks-Overhead
X-Country-Code
Rating
X-EdgeConnect-MidMile-RTT
X-Instart-Request-ID
NEL
X-EdgeConnect-Origin-MEX-Latency
X-Vhost
X-DynaTrace
X-Ruxit-JS-Agent
Pinterest-Generated-By
X-Mod-Pagespeed
X-Origin-Upstream-Status
X-DataDome
Edge-Control
X-Px
X-Goog-Hash
X-HW
X-Server-Name
Verso
X-Upstream-Env
Accept-CH
X-Dispatcher
MS-Author-Via
X-ESI
AR-CACHE
AR-ATIME
AR-PoweredBy
X-ORACLE-DMS-RID
X-VARITI-CCR
PB-RID
PB-PID
X-Mobile-Rewrite
Arc-Version
X-Cdn
X-MS-InvokeApp
X-GitHub-Request-Id
X-Kinja-Server
X-Exp-Id
X-Cdn-Fetch
X-Exp-Variant
X-GoogleNews-Bot
X-Kinja-Revision
X-Kinja-Build
X-Use-Magma
X-Kinja
X-DataStream-Cache-Status
X-Cached
X-Version
Public-Key-Pins
X-Powered-By-Plesk
Content-MD5
Charset
X-Recruiting
Service-Worker-Allowed
AR-Request-ID
X-TTL
Ar-Sid
RTSS
Accept-CH-Lifetime
X-Abt-Application-Version
X-D2id
X-Navigation-Version
X-Vname
X-TtlSet
X-PC
X-Amz-Server-Side-Encryption
X-Ser
X-Varnish-TTL
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Vcap-Request-Id
X-Forwarded-Proto
X-Client-IP
X-Trace
SPRequestGuid
X-DynaTrace-JS-Agent
Nginx-Cache
X-Country-Code-Real
X-FTR-Cache-Status
X-FTR-DC
X-FTR-Realm
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-Backend
X-FTR-Expires
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Server-ID
X-Amz-Rid
X-Amz-Meta-S3cmd-Attrs
S
X-VCache
X-SharePointHealthScore
X-Fastly-Request-ID
DynaTrace
X-Debug
X-Oracle-Dms-Rid
TCN
X-Hits
Arr-Disable-Session-Affinity
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Dw-Request-Base-Id
X-TEC-API-ORIGIN
X-Shield-Request-Id
X-XRDS-Location
X-Upstream-Proxy
X-Pinterest-Rid
Pinterest-Version
X-Akam-SW-Version
SPRequestDuration
SPIisLatency
X-Powered-CMS
Access-Control-Request-Method
X-T
X-FTR-Cache-Host
X-Goog-Storage-Class
X-Id
Realpath
X-SERVER
X-NF-Request-ID
X-Acc-Meta-Resource-Type
Tracecode
Front-End-Https
X-B3-TraceId
X-Amzn-Trace-Id
X-MSEdge-Ref
X-Ttl
X-Aspnet-Version
Fastcgi-Cache
X-N
X-Webkit-CSP
X-Varnish-Age
X-Content-Type
X-Forwarded-For
Paypal-Debug-Id
X-Upstream
X-Dns-Prefetch-Control
X-Fastcgi-Cache
MRF-Tech
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
Mrf-Cache-Status
X-B3-TraceId-Primal
Alternate-Protocol
X-Frontend
X-Logged-In
X-RateLimit-Remaining
X-PressLabs-Stats
X-HS-Content-Id
X-Content-Digest
X-HS-Hub-Id
Fusion-Content-Id
Fusion-Component-Id
Fusion-Source
Fusion-Template-Id
Fusion-Content-Source
X-Middleton-Display
X-Sol
Display
X-Cache-Key
X-Middleton-Response
Response
X-Srv
X-Hostname
AMP-Access-Control-Allow-Source-Origin
X-Pad
X-Litespeed-Cache
X-Accel-Expires
X-B3-Traceid
Host
X-DataStream-Origin-MEX-Latency
MicrosoftSharePointTeamServices
X-DataStream-MidMile-RTT
Server-Name
X-Kinsta-Cache
X-Analytics
X-Correlation-Id
Backend-Timing
X-Content-Options
X-Debug-Info
X-Revision
X-User-Agent
X-LB-Cache
X-IPLB-Instance
X-Rid
X-Amzn-RequestId
X-AppVersion
X-Activity-Id
X-Amz-Apigw-Id
X-Az
X-B3-Sampled
X-Cache-Hit
X-Cache-2
Surrogate-Key
Accept-Charset
FilterID
ServerID
Refresh
X-Grace
X-Accel-Buffering
X-B
X-Ruxit-Js-Agent
Powered-By-ChinaCache
X-CF-Powered-By
X-DIS-Request-ID
X-Page-Id
X-Whom
X-Request-Received
X-Request-Processing-Time
Server-Info
TP-L2-Cache
TP-Cache
MS-CV
Host-Header
X-PHP-Backend
X-Cached-By
X-Varnish-Backend
Cache-Status
Source
X-F-Cache
X-Origin-Server
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-App-Environment
X-Content-Security-Policy-Report-Only
X-TT
X-Amz-Replication-Status
X-Cache-Action
X-Akamai-Edgescape
X-Tumblr-User
X-Platform-Server
X-Framework
X-Tumblr-Pixel
X-UA-Device-Type
X-Tumblr-Pixel-0
X-Cluster
X-Varnish-Grace
X-Mobile
Access-Control-Allow-Method
PageSpeed
X-Content-Powered-By
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Drupal-Cache-Tags
X-FW-Static
X-Instance
X-Request-Guid
X-FW-Server
X-FW-Type
X-FW-Serve
X-FW-Hash
X-FB-Debug
X-Forwarded-Host
X-Geo-Country
X-GUploader-UploadID
X-RateLimit-Limit
X-Zen-Fury
X-Ezoic-Cdn
X-Shard
X-SS-Set-Cookie
X-Cache-TTL
X-Handled-By
X-Node-Name
Edge-Cache-Tag
X-FastCGI-Cache
X-Magnolia-Registration
From-Origin
X-Oneagent-Js-Injection
X-TA-CDN-Provider
X-Varnish-Hostname
X-ATG-Version
X-Cache-Age
Cache-Tags
Fastly-Restarts
X-BCube-Filmed-By
X-Varnish-Server
X-App-Server
X-AOL-HN
DC
X-Cache-Control
Cleartype
X-XRDS-LOCATION
Healthy
Upgrade-Insecure-Requests
X-Cache-Rule
Server-Node
Payment
X-RequestSource
X-Region
X-Response-Served-From
Filters
X-Signature
X-B-Cache
X-WebKit-CSP-Report-Only
X-Adobe-Content
X-TX-ID
Country
X-Adobe-Loc
X-UUID
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-Storage
X-TT-TIMESTAMP
X-RTag
X-VG-WebCache
Webserver
X-GeoIP
X-Generated-By
Retry-After
Ms-Operation-Id
Actual-Object-TTL
X-Redis-Cache
X-Drupal-Cache-Contexts
X-FW-Dynamic
X-Jobs
Cache-Tv-Group
X-Content-Age
X-Cacheable-TTL
X-Locale
X-Varnish-Hits
Powered
NGB
CACHE
GEO-INFO
ServedBy
Frame-Options
X-Esi
Liferay-Portal
X-Contextid
HitType
X-WA-Info
X-Rendered-As
X-Guploader-Uploadid
X-Seen-By
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Varnish-IP
X-Cache-TTL-Remaining
X-Cache-NE
X-RemovedCookies
Eomportal-Instance
X-Via-JSL
X-Real-IP
X-ProcessESI
S-Cnection
Viewport
X-Upgrade-Enabled
Nel
X-Cache-Operation
X-Mode
Xserver
X-Cache-Server
X-Time
X-BACKEND-TTL
X-Varnish-Cache-Hits
NtCoent-Length
X-Akamai-Transformed
Cache-Key
X-ES-SERVER
X-From
X-Hl-Ver
X-Is-Bot
X-Device-Type
X-Cache-Enabled
X-Cache-Var-Map
X-Cache-Var
X-Detected-As
Mn-Server-Ip
Meta-Geo
X-Zipkin-Id
Load-Balancing
Cache-Hits
X-Routing-Service
X-RN-RSRV
X-Path-Route
X-Proto
X-Proxied
OT-Force-Account-Verify
Machine
X-S
Datacenter
Webcakes-App-Version
Mail-Subject
X-AWS-Id
X-Hosted-By
TWC-Privacy
Content-Script-Type
Content-Style-Type
Access-Control-Request-Headers
X-FB-TRIP-ID
Webcakes-Region
X-Proxy
Vix-Hermes-Req-Id
TWC-Device-Class
X-L-Path
X-Origin-Hint
We-Hiring
X-LJ-Flow-ID
X-Environment-Context
Webcakes-App-Name
NGX
X-Tb
X-Cache-Config
TWC-Locale-Group
X-FC-Vary-Parameters
TWC-GeoIP-LatLong
TWC-GeoIP-Country
X-Backend-Name
L5d-Success-Class
TWC-Connection-Speed
X-VWS-Id
X-Viewer-Country
Property-Id
X-GRACE
X-VG-TLSProxy
X-Labrador-Cache-Channel
Azure-InstanceId
Azure-SlotName
Azure-SiteName
X-EIG-Tracking-Id
X-FW-Version
Azure-RegionName
DB-Nickname
X-Newrelic-App-Data
X-Format
Azure-Version
Now
X-Tumblr-Pixel-3
X-TNCMS
X-Debug-Cache
X-Time-Microsecs
S-Rt
X-Web-Node
X-Akamai-Request-ID
X-Rocket-Nginx-Bypass
X-Birta-Cache-Post
X-Birta-Served
X-Loop
X-Access
X-Wix-Server-Artifact-Id
X-Origin-Response-Time
X-NCache
X-MP-GENERATED-AT
Origin-Cache-Control
X-RCS-CacheZone
Origin-Edge-Control
X-ServerID
X-Section
X-NWS-LOG-UUID
X-CCM
Selected-FE
X-OCL
X-Trace-Id
X-Timing-Wait
X-BYPASS-REASON
X-Via-CDN
X-Xfnlog-Site
X-Via-Fastly
X-Vgn-Hpd-Reason
X-ProxyCache-Status
X-IP
X-Human
X-JoinUs
X-PCL
X-ProxyCache-Key
X-Proxy-Build
Cache-Tag
X-Cache-Category-Id
Uber-Trace-Id
X-Internal-Host
X-Www-Served-By
X-Site-Version
X-Grey
X-Endurance-Cache-Level
X-Generated
X-Cache-Remote
X-R9-Blue-Green-Version
X-Varnish-Cacheable
X-Status
Decoy-Debug-Status
Decoy-Debug-Key
Decoy-Debug-TTL
X-VC-Cache
LB
Served-By
X-Rule
X-Dynatrace-Js-Agent
X-UnsetCookies
X-UA
X-EdgeConnect-Cache-Status
Release
X-CDN-Cache
AsisCache
X-Wix-Request-Id
ViewerVersion
X-TIME
X-Cluster-Node
Rt-Fastcgi-Cache
X-Origin-Host
X-Sucuri-ID
X-App-Name
X-PERF
X-ApacheServer
X-Nginx-Cache
X-Request-Time
X-APP-VERSION
X-Source
X-Ua
X-B3-Spanid
X-Datadome
X-Agile
X-Agile-Age
X-NewRelic-App-Data
X-Agile-Id
X-Origin
X-OVcl
X-OVcl-Cache
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Hit
X-VCT
X-App-Version
Cache-Name
SRV
DSUID
User-Agent
Hostname
Warning
X-Origin-TTL
X-Origin-CC
X-ElasticPress-Search
X-Rojux
X-IN-APIGATEWAY
X-S-Cookie
X-B-Cookie
Ec-Rule-Version
MD5-Digest
X-Cache-Expires
X-Cache-Grace
X-Cache-ASPX
Cross-Origin-Window-Policy
X-ScT
X-Secret
X-Sedo-Request-Id
X-Server-Group
X-ARC
Server-Surrogate-Control
X-Logtrace-Id
UCS
Ajk
Www
X-A
X-Platform
Cache-Prefix
X-Matched-Rule
BehaviorPad-Version
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
Arc-Country
Thinkindot-Control
X-Processor
X-A-Ccd
Server-Cache-Control
X-Aed
X-Refresh
X-Region-Sid
X-Request-UUID
X-Application
X-PAYTM-SRV-ID
X-Accel-Expires-Debug
X-A-Dcw
X-A-Dam
X-A-Dgt
X-Pubstack
X-A-Wwc
X-Rewrite-Enabled
Request-EU
X-NU-AKA-ACS-Version
Node
X-VG-WebServer
X-Instart-Isnd
X-G
X-Varnish-Authentication
X-F5-Cache
X-SRCache-Key
On-Server
Xc-Version
X-NodeID
X-External-Request-Id
X-Webstats-RespID
X-Gannett-Site-Version
X-Var-Ttl
Lfy
X-Twitter-Response-Tags
X-Transaction
X-Hp-Webp
X-Trv-Group
X-Thinkindot-L3
X-Up
X-IN-WAF
Meta-Geo-Continent
X-NX-Host
X-Generated-In
Memcached
Origin
X-DPWN-IS-SECURE
X-Connection-Hash
Request-Country
X-Core-Value
Rendered-Blocks
X-Date
Fly-Cache
X-Mobile-URL
X-CF-Lambda-Version
X-Cache-Miss-From
X-Cache-Info
Request-Time
X-CF-Lambda-Fn
X-WPE-Loopback-Upstream-Addr
X-Debug-Cache-Expiry
X-D
X-Destination
Fly-Request-Id
X-Developer
X-Debug-Log
X-Debug-Cookies
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-Cache-Backend
X-Edge-Location
User-Cache-Control
X-Nginx-Cache-Key
Pagetype
RNT-Machine
Server-Int
Pramga
Proxy-Connection
RNT-Time
ServerName
Server-Host
X-Cache-Debug
X-Distil-CS
X-Distributor
X-LAGOON
X-Dispatcher-Server
X-Device-Os
X-Li-Fabric
X-Developers
X-Epic-Correlation-Id
X-Eu-Site
X-Hash
X-Hnp-Log
X-Gen-Mode
X-Info
X-Key
X-Irp-Debug
X-Crawler
X-Li-Pop
X-Amzn-Remapped-Connection
X-Amzn-Remapped-Date
X-LI-UUID
X-Location
True-Client-Country-4JS
Web-Mar-Node
X-BB-ID
X-LI-Proto
X-Cdn-Srv
X-CGP
X-Cache-Id
X-Cache-Host
X-Block-Status
X-Cache-Bucket
X-Micro-Cache
Country-Code
X-Policy
FNAC-ModuleRouting
X-Protected-By
X-Proxy-Cache-Status
X-Proxy-Upstream
Apple-News-Services-Handled
Apple-News-Services-Host
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-From
Backend
Apple-News-Services-Parsed-Url
X-Ocache
X-Qloud-Router
X-SN
X-ServiceProvider
X-SIPLIST1
X-Servername
X-Sf
X-Request-URI
X-Rebelmouse-Surrogate-Control
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Reboot
X-Rebelmouse-Cache-Control
Cteonnt-Length
CDCHOST
Apple-News-Services-Request-Url
X-Origin-Date
Fastly-SIE
X-Origin-Expires
Fastly-SWR
X-Page-Type
X-PHP-Host
Ha-Gx-Prefs
HA-Ipaddr
IsBot
X-Swa-Ws
Kp-EeAlive
X-FireWall-Port
X-Varnish-Ttl
Cache
X-Thanos
X-Skip-Cache
X-GeoIP-Country-Code
X-TrackingId
X-Shopify-Stage
X-Real-Ip
X-Ah-Environment
X-ShardId
X-ShopId
X-Cms-Context
X-TT-LOGID
X-Core-Mission
X-GeoIP-City
X-Level-Front-Cache
X-Edge-IP
X-Variation
X-Gateway-Cache-Key
X-Wikidot-Backend
X-Cache-FS-Status
X-Fetched-On
X-Via-SSL
X-Via-Edge
X-Wikidot-Static-Cache
X-Gateway-Cache-Status
X-Fastly-Cache
X-Generated-On
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-User
X-Amzn-Remapped-Content-Length
X-Gateway-Skip-Cache
X-Geo-Header
X-Server-IP
Fastly-SSL
Fastly-Soc-X-Request-Id
Content-Disposition
X-Backend-State
SD-X-WS
X-MSEdge-Flight
X-MSEdge-Features
X-Backend-Host
X-S-Maxage
X-Amz-Meta-Cache-Control
Adler-Geo
X-Cdn-Forward
X-Auto-Login
X-Backend-Url
Platform
HTTPS
X-Planisys-CDN-Rules
X-C
X-Planisys-CDN-Cache
Is-Eu
Heartbleed
X-No-Session
AKAMAI
X-BBXSRF
X-Planisys-CDN-TTL
X-Sucuri-Cache
X-Bip
X-Alternate-Cache-Key
Pagespeed
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-Owner
N-Cache
X-Server-Time
Magicmarker
Fastly-Backend-Name
Gh-Request-Id
X-Varnish-Url
X-GZip
X-NC
X-Apm-Inst-Hash
X-Apm-Svc-Key
X-Cdn-Origin
X-Sn-Servicetimems
V-Age
X-Apm-App-Name
X-RateLimit-Reset
Server-ID
MIME-Version
X-Org
Rt-Proxy-Cache
X-ND-Cache
REQUESTUUID
X-Geo
X-Exp-Se
X-Node-Id
X-FPC
X-CDN-Forward
X-Pjax-Url
X-Served-From
VivaBuild
X-Load-Cache
X-Gdpr
Viewtype
X-Varnish-Beresp-Ttl
X-CUA
HostName
Powered-By
X-B3-Parentspanid
X-Dc
X-Parent-Response-Time
Pragrma
X-Aicache-OS
Section-Io-Cache
Wxu-Next-Hostname
X-Passed-To-BeforeDispatch
Wxu-Next-Commit
X-Passed-To
Wxu-Next-Region
X-Passed-To-DLL
X-Passed-To-PostProcessResponse
X-Returned-From-DLL
X-Stale
X-Svr
X-DC
X-Server-By
X-Returned-From-PostProcessResponse
X-Returned-From
X-Returned-From-BeforeDispatch
X-Original-Request
X-Nc
X-Git-Hash
Memory
Time
X-CSRF-TOKEN
X-Actual-URL
CF-IPCountry
X-VServer
Host-ID
X-HS-Cache-Config
PICS-Label
X-Croise-Owner
X-Host-Name
Cdn-Request-Time
Cdn-Host
X-Servedbyhost
X-CACHE-KEY
X-Oss-Server-Time
X-Oss-Storage-Class
X-Wa
X-Oss-Object-Type
X-Oss-Request-Id
X-Oss-Hash-Crc64ecma
X-Edge-Server
X-Tb-Optimization-Total-Bytes-Saved
Fastcgi-Useragent
X-Release
X-Unique-ID
Mime-Version
Resin-Trace
ProcessTime
X-TH-Server
X-WebServer
X-Daa-Tunnel
SID
X-Microcachable
X-Optimization
AR-SID
X-Newrelic-Synthetics
X-Cache-HT
X-Varnish-Beresp-TTL
Cdn
X-From-Cache
Cf-Ipcountry
X-Lb-Id
X-Phone
X-Upstream-CT
X-Upstream-HT
X-Instart-Info
X-V
X-Req
CF-Cached-On
Backend-Name
X-APP
Odigeo-Trace-Id
X-Fastly-Backend-Reqs
X-Atg-Version
X-Worker
X-HTML-Minification-Powered-By
XServer
X-Backend-TTL
Processtime
Proxy-Firewall
X-B3-SpanId
X-ID
X-Server-W
X-Vcl-Version
189phosttRef
Xxline
286prxHost
352pxline
219prxHost
178proxuri
X-WR-MODIFICATION
188prxHost
X-Fstrz
225prxHost
355prline
X-LB-ID
409pxxline
X-Ratelimit-Remaining
X-Response-By
X-Ratelimit-Limit
X-Zone
Version
X-CACHE-AGE
X-CLOUD-TRACE-CONTEXT
GMS-Ver
X-Check-Cacheable
X-Nananana
X-IPS-LoggedIn
Public-Key-Pins-Report-Only
X-NGINX-Cache
X-Akamai-Request-ID2
X-UPSTREAM-Address
X-Vcache
Esi-Enabled
X-WA
Accept-Language
WZWS-RAY
X-AssetVersion
X-Request-Handler-Origin-Region
X-Ratelimit-Reset
X-Microsite
Pics-Label
X-VCL-Version
Fastcgi-X-Cache-Version
SN
X-Contensis-Viewer-Groups
X-CSRF-Token
X-URL
X-ServedByHost
GeoIP-Latitude
X-GEO
X-Amz-Meta-Surrogate-Control
GW-Server
X-HS-Status
GeoIp-Country-Code
GeoIP-Country-Code
X-Hyper-Cache
Geoip-Latitude
GeoIP-City
DataCenter
X-Vtex-Remote-Cache
X-Vtex-Processado-Em
X-Be
Geoip-City
X-RequestId
X-We-Are-Hiring
X-UE-Client-Country
Lb
X-SERVER-NAME
Countrycode
Mobile-Detection-Method
X-Fastly-Country-Code
X-Clientip
X-Dynatrace
X-ZONE
X-Reqid
X-Request-Start
Locale
X-Via-NSCOPI
SS
X-BE
X-Urbn-Context-Path
X-Render-Time
X-Urbn-Site-Id
X-Via-Ucdn
Ohc-File-Size
X-Cdn-Cache
WP-Super-Cache
X-NWS-UUID-VERIFY
X-LiteSpeed-Cache-Control
X-GDPR
X-CS
X-Hello
X-ABtesting
URI
X-Flog
X-Unique-Id
X-GZIP
X-HS-Combine-CSS
IBM-Web2-Location
FSS-Cache
X-PJAX-URL
Dnion-Transfer-Encoding
X-PF-Uncompressing
FSS-Proxy
CDN
X-Gen-Id
X-HostName
X-SRV
FastCGI-Cache
X-FORWARDED-FOR
Amp-Access-Control-Allow-Source-Origin
Dynatrace
X-Test
X-Generation-Time
X-Fastly-Cache-Hits
X-Pf-Uncompressing
X-Fpc
X-NGENIX-Cache
Cneonction
RequestUuid
Serverid
X-Cache-Ttl
X-Html-Edge-Cache
Accept-Ch
X-Store
Server-Id
Ohc-Cache-HIT
A
Requestid
X-Request-Url
X-Cluster-Name
X-Bug-Bounty
X-LiteSpeed-Tag
X-Compress-Hint
X-Akamai-SSL-Client-Sid
RequestId
X-Dw-Trace-Id
NnCoection
Get-Access-Time
X-Port
X-Cdn-Request-ID
X-EC-Lua
Ohc-Response-Time
X-Serial
X-UCC
Is-Session-Tracking
X-ServerName
X-HTML-Edge-Cache
Frontcache