Threat Level: green Handler on Duty: Russ McRee

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
X-Powered-By
Link
ETag
CF-RAY
X-XSS-Protection
Expect-CT
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
CF-Cache-Status
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-Xss-Protection
X-Drupal-Cache
X-Adblock-Key
Alt-Svc
X-Check
X-Cacheable
Content-Security-Policy-Report-Only
X-Cache-Status
X-Generator
X-Request-ID
CF-Ray
X-DNS-Prefetch-Control
X-Permitted-Cross-Domain-Policies
X-AspNetMvc-Version
X-Template
X-Language
Status
X-Iinfo
Content-Encoding
Timing-Allow-Origin
X-Content-Security-Policy
X-FRAME-OPTIONS
X-Buckets
Upgrade
Xkey
X-Turbo-Charged-By
X-CDN
X-Kinja-Server-Push
Keep-Alive
Access-Control-Expose-Headers
X-Backend
Access-Control-Max-Age
X-Cache-Group
X-AH-Environment
X-Pass-Why
X-Drupal-Dynamic-Cache
X-Age
X-Ua-Compatible
X-Pingback
X-Server
X-Via
X-Proxy-Cache
Grace
X-Amz-Request-Id
X-Amz-Id-2
X-Hacker
X-Varnish-Cache
X-Page-Speed
X-Robots-Tag
X-Server-Powered-By
WPE-Backend
X-Nginx-Cache-Status
X-UA-Device
EagleId
Request-Context
X-Envoy-Upstream-Service-Time
Cf-Railgun
P3p
X-Amz-Version-Id
X-LiteSpeed-Cache
X-Swift-SaveTime
X-Swift-CacheTime
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-OneAgent-JS-Injection
Ali-Swift-Global-Savetime
X-Device
X-WebKit-CSP
Server-Timing
Allow
X-Ac
X-Rq
X-Node
X-Server-Id
X-Host
Content-Location
Feature-Policy
X-Cnection
X-CST
X-Response-Time
Report-To
X-Backend-Server
X-Cloud-Trace-Context
EagleEye-TraceId
Surrogate-Control
X-Application-Context
X-ORACLE-DMS-ECID
X-Iejgwucgyu
X-Url
X-Readtime
X-Origin-Cache
Request-Id
X-Rack-Cache
X-Type
X-Country
X-FTR-Request-ID
X-Cache-Lookup
X-Clacks-Overhead
X-Country-Code
NEL
Rating
X-EdgeConnect-Origin-MEX-Latency
X-Instart-Request-ID
X-EdgeConnect-MidMile-RTT
X-Ruxit-JS-Agent
X-Vhost
X-DynaTrace
Pinterest-Generated-By
X-Mod-Pagespeed
X-Origin-Upstream-Status
X-DataDome
Edge-Control
X-Px
X-Goog-Hash
X-HW
Verso
X-Server-Name
X-Upstream-Env
Accept-CH
X-ORACLE-DMS-RID
X-Dispatcher
MS-Author-Via
X-ESI
AR-ATIME
X-VARITI-CCR
AR-CACHE
AR-PoweredBy
X-Mobile-Rewrite
PB-RID
PB-PID
Arc-Version
X-Cdn
X-MS-InvokeApp
X-GitHub-Request-Id
X-DataStream-Cache-Status
X-Exp-Variant
X-Exp-Id
X-Cdn-Fetch
X-GoogleNews-Bot
X-Kinja
X-Kinja-Revision
X-Kinja-Build
X-Use-Magma
X-Kinja-Server
X-Cached
X-TTL
Public-Key-Pins
Content-MD5
X-Powered-By-Plesk
X-Version
Charset
Service-Worker-Allowed
X-Recruiting
AR-Request-ID
RTSS
Ar-Sid
Accept-CH-Lifetime
X-Abt-Application-Version
X-D2id
X-Navigation-Version
X-Vname
X-TtlSet
X-PC
X-Amz-Server-Side-Encryption
X-Ser
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Vcap-Request-Id
X-Varnish-TTL
X-Forwarded-Proto
X-Client-IP
X-Trace
SPRequestGuid
X-DynaTrace-JS-Agent
Nginx-Cache
X-Country-Code-Real
X-FTR-DC
X-FTR-Cache-Status
X-FTR-Backend-Server
X-FTR-Backend
X-FTR-Realm
X-FTR-Balancer
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-FTR-Expires
X-Server-ID
X-Amz-Meta-S3cmd-Attrs
S
X-Amz-Rid
X-VCache
X-Fastly-Request-ID
X-XRDS-Location
X-SharePointHealthScore
DynaTrace
X-Debug
TCN
X-Hits
Arr-Disable-Session-Affinity
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-Dw-Request-Base-Id
X-Shield-Request-Id
X-Pinterest-Rid
X-Upstream-Proxy
Pinterest-Version
X-Akam-SW-Version
SPIisLatency
SPRequestDuration
Access-Control-Request-Method
X-B3-TraceId
X-Powered-CMS
X-T
X-FTR-Cache-Host
X-Goog-Storage-Class
X-Id
X-Oracle-Dms-Rid
Realpath
X-SERVER
X-NF-Request-ID
X-Acc-Meta-Resource-Type
Front-End-Https
X-MSEdge-Ref
Tracecode
X-Amzn-Trace-Id
X-Aspnet-Version
Fastcgi-Cache
X-N
X-Webkit-CSP
X-Varnish-Age
X-Content-Type
Paypal-Debug-Id
X-Forwarded-For
X-Dns-Prefetch-Control
X-Upstream
X-Fastcgi-Cache
MRF-Tech
X-B3-TraceId-Primal
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
Mrf-Cache-Status
X-Ttl
Alternate-Protocol
X-Frontend
X-PressLabs-Stats
X-RateLimit-Remaining
X-Content-Digest
X-HS-Content-Id
X-HS-Hub-Id
X-Logged-In
Fusion-Template-Id
Fusion-Component-Id
Fusion-Content-Source
Fusion-Content-Id
Fusion-Source
Display
X-Sol
X-Middleton-Display
X-Hostname
X-Srv
AMP-Access-Control-Allow-Source-Origin
X-Middleton-Response
Response
X-Cache-Key
X-Litespeed-Cache
X-Pad
X-Accel-Expires
Host
MicrosoftSharePointTeamServices
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
Server-Name
X-Kinsta-Cache
X-Correlation-Id
X-Analytics
Backend-Timing
X-Content-Options
X-Revision
X-Debug-Info
X-LB-Cache
X-User-Agent
X-Rid
X-B3-Traceid
X-IPLB-Instance
X-AppVersion
X-Cache-Hit
X-Az
X-Cache-2
X-B3-Sampled
X-Activity-Id
X-Amzn-RequestId
X-Amz-Apigw-Id
Accept-Charset
Surrogate-Key
FilterID
ServerID
Refresh
X-Accel-Buffering
X-B
Powered-By-ChinaCache
X-CF-Powered-By
X-DIS-Request-ID
X-Grace
X-Whom
Server-Info
X-Request-Processing-Time
X-Request-Received
X-Page-Id
TP-L2-Cache
TP-Cache
MS-CV
Cache-Status
X-PHP-Backend
Host-Header
X-Varnish-Backend
X-F-Cache
VIX-Pulpo-Node
X-Akamai-Edgescape
X-TT
X-Origin-Server
X-Cache-Action
X-Amz-Replication-Status
VIX-Pulpo-Upstream-Status
X-Content-Security-Policy-Report-Only
X-Cached-By
Source
X-App-Environment
X-Cluster
X-Framework
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Tumblr-User
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Platform-Server
X-UA-Device-Type
X-Mobile
Access-Control-Allow-Method
X-Content-Powered-By
X-FW-Type
X-Instance
X-FW-Server
X-FW-Serve
X-FW-Hash
X-Drupal-Cache-Tags
X-FW-Static
X-Varnish-Grace
X-FB-Debug
X-Ruxit-Js-Agent
X-SS-Set-Cookie
X-Forwarded-Host
X-Request-Guid
X-RateLimit-Limit
X-Ezoic-Cdn
X-Zen-Fury
X-GUploader-UploadID
X-Geo-Country
X-Cache-TTL
Edge-Cache-Tag
X-Handled-By
X-Shard
X-Node-Name
X-FastCGI-Cache
PageSpeed
X-Magnolia-Registration
From-Origin
X-TA-CDN-Provider
X-Varnish-Hostname
X-Cache-Age
X-ATG-Version
Cache-Tags
X-BCube-Filmed-By
Fastly-Restarts
X-Varnish-Server
X-App-Server
DC
X-AOL-HN
X-Cache-Control
Cleartype
Healthy
Upgrade-Insecure-Requests
X-Cache-Rule
Payment
Server-Node
X-Response-Served-From
Filters
X-Region
X-Signature
X-B-Cache
X-RequestSource
X-TX-ID
Country
X-WebKit-CSP-Report-Only
X-Adobe-Content
X-Adobe-Loc
X-Generated-By
X-Tumblr-Pixel-1
X-RTag
X-VG-WebCache
X-GeoIP
X-Storage
Webserver
X-TT-TIMESTAMP
X-Tumblr-Pixel-2
Ms-Operation-Id
X-UUID
X-Redis-Cache
Retry-After
Actual-Object-TTL
X-Jobs
X-Drupal-Cache-Contexts
Cache-Tv-Group
X-FW-Dynamic
X-Varnish-Hits
X-Content-Age
X-Cacheable-TTL
Powered
NGB
X-Locale
GEO-INFO
X-XRDS-LOCATION
ServedBy
Frame-Options
CACHE
Liferay-Portal
X-Esi
HitType
X-Contextid
X-WA-Info
X-Rendered-As
X-Oneagent-Js-Injection
X-Guploader-Uploadid
X-Yottaa-Metrics
X-Seen-By
X-Yottaa-Optimizations
X-Varnish-IP
X-Cache-TTL-Remaining
X-Cache-NE
X-Real-IP
X-Via-JSL
Eomportal-Instance
X-RemovedCookies
X-ProcessESI
X-GRACE
X-Time
S-Cnection
Viewport
X-Upgrade-Enabled
Xserver
X-Mode
X-Cache-Operation
X-BACKEND-TTL
X-Cache-Server
X-Varnish-Cache-Hits
NtCoent-Length
X-Zipkin-Id
X-Akamai-Transformed
X-Device-Type
X-ES-SERVER
Cache-Hits
OT-Force-Account-Verify
X-Cache-Enabled
X-Cache-Var-Map
X-Routing-Service
X-Cache-Var
Cache-Key
Load-Balancing
X-Path-Route
X-Detected-As
X-Proto
X-Proxied
X-Is-Bot
X-Hl-Ver
Mn-Server-Ip
X-From
Meta-Geo
X-RN-RSRV
Machine
Datacenter
X-NWS-LOG-UUID
L5d-Success-Class
Webcakes-App-Name
X-Tb
Content-Style-Type
Mail-Subject
X-LJ-Flow-ID
Webcakes-App-Version
X-FB-TRIP-ID
X-Proxy
X-Cache-Config
X-L-Path
We-Hiring
X-Origin-Hint
X-AWS-Id
X-Environment-Context
Access-Control-Request-Headers
X-Hosted-By
Webcakes-Region
Content-Script-Type
TWC-Connection-Speed
TWC-Locale-Group
TWC-GeoIP-LatLong
TWC-GeoIP-Country
X-S
TWC-Device-Class
Property-Id
X-VWS-Id
X-VG-TLSProxy
X-Backend-Name
NGX
Vix-Hermes-Req-Id
TWC-Privacy
X-Viewer-Country
Azure-InstanceId
X-Labrador-Cache-Channel
Azure-RegionName
X-FW-Version
X-Format
X-Newrelic-App-Data
Now
X-FC-Vary-Parameters
X-Wix-Server-Artifact-Id
DB-Nickname
Azure-SlotName
Azure-Version
X-EIG-Tracking-Id
Azure-SiteName
X-Loop
X-Akamai-Request-ID
X-Birta-Served
X-ServerID
X-Section
X-MP-GENERATED-AT
X-TNCMS
X-Birta-Cache-Post
X-Rocket-Nginx-Bypass
X-Tumblr-Pixel-3
X-RCS-CacheZone
X-Time-Microsecs
X-Access
X-Origin-Response-Time
X-NCache
X-Web-Node
X-Via-Fastly
Origin-Cache-Control
Origin-Edge-Control
X-Debug-Cache
X-CCM
X-JoinUs
X-Vgn-Hpd-Reason
X-Xfnlog-Site
Selected-FE
X-ProxyCache-Key
S-Rt
X-Trace-Id
X-BYPASS-REASON
X-Proxy-Build
X-Timing-Wait
X-ProxyCache-Status
Cache-Tag
X-PCL
X-Grey
Uber-Trace-Id
X-Cache-Category-Id
X-Www-Served-By
X-Via-CDN
X-Endurance-Cache-Level
X-Internal-Host
X-Human
X-OCL
X-R9-Blue-Green-Version
X-Varnish-Cacheable
X-Generated
X-Site-Version
X-Cache-Remote
X-IP
Decoy-Debug-TTL
Decoy-Debug-Key
X-Status
Decoy-Debug-Status
X-VC-Cache
LB
Served-By
X-UnsetCookies
X-Rule
X-Dynatrace-Js-Agent
X-EdgeConnect-Cache-Status
Release
X-CDN-Cache
X-UA
ViewerVersion
X-Wix-Request-Id
AsisCache
X-Cluster-Node
Rt-Fastcgi-Cache
X-Ua
Nel
X-Origin-Host
X-App-Name
X-Sucuri-ID
X-Source
X-Nginx-Cache
X-Request-Time
X-PERF
X-ApacheServer
X-App-Version
X-TIME
X-B3-Spanid
X-Datadome
X-Varnish-Ttl
X-Goog-Meta-Goog-Reserved-File-Mtime
X-OVcl-Cache
X-Origin
X-Hit
X-OVcl
X-NewRelic-App-Data
X-VCT
X-Agile-Age
X-Agile
Cache-Name
X-Agile-Id
X-APP-VERSION
SRV
DSUID
User-Agent
Warning
Cache
Hostname
X-ElasticPress-Search
X-Origin-TTL
Pagespeed
X-Origin-CC
X-S-Cookie
X-Application
X-ScT
X-Matched-Rule
X-Cache-Grace
X-ARC
X-Sedo-Request-Id
Cross-Origin-Window-Policy
X-Cache-ASPX
X-Transaction
X-Server-Group
X-Cache-Expires
Ec-Rule-Version
X-PAYTM-SRV-ID
X-Secret
X-B-Cookie
X-Accel-Expires-Debug
Request-EU
X-Processor
Thinkindot-CacheControl
Www
X-A
UCS
X-Platform
Thinkindot-CacheControl-Type
Thinkindot-Control
X-Logtrace-Id
Request-Time
X-A-Ccd
X-Pubstack
X-Region-Sid
X-Refresh
X-Aed
X-Request-UUID
X-Rewrite-Enabled
Request-Country
Rendered-Blocks
X-A-Dam
X-A-Dcw
X-A-Dgt
X-A-Wwc
X-Rojux
X-Connection-Hash
X-Varnish-Authentication
Lfy
X-Instart-Isnd
X-NX-Host
X-Var-Ttl
X-VG-WebServer
X-F5-Cache
Memcached
Xc-Version
MD5-Digest
X-Webstats-RespID
X-External-Request-Id
X-SRCache-Key
X-IN-WAF
X-Trv-Group
X-Hp-Webp
X-Generated-In
X-Thinkindot-L3
BehaviorPad-Version
X-IN-APIGATEWAY
X-Twitter-Response-Tags
X-Up
X-G
Cache-Prefix
X-Gannett-Site-Version
X-DPWN-IS-SECURE
X-NU-AKA-ACS-Version
Ajk
Origin
X-Core-Value
On-Server
Fly-Cache
Arc-Country
X-CF-Lambda-Version
X-Cache-Miss-From
X-Cache-Info
Server-Surrogate-Control
X-CF-Lambda-Fn
Server-Cache-Control
X-D
X-Date
Fly-Request-Id
X-Developer
Node
X-NodeID
Meta-Geo-Continent
X-Destination
X-Debug-Log
X-Debug-Cache-Expiry
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-Debug-Cookies
X-Mobile-URL
X-WPE-Loopback-Upstream-Addr
X-Edge-Location
X-Cache-Backend
X-Cdn-Forward
RNT-Time
Kp-EeAlive
Pramga
Proxy-Connection
RNT-Machine
X-Nginx-Cache-Key
X-Cache-Debug
X-Device-Os
X-Dispatcher-Server
X-Developers
X-LAGOON
X-Li-Fabric
X-Crawler
X-Distil-CS
X-Distributor
X-Info
X-Hash
X-Irp-Debug
X-Eu-Site
X-Epic-Correlation-Id
X-CGP
X-Cdn-Srv
True-Client-Country-4JS
X-Location
X-Micro-Cache
ServerName
Server-Int
X-LI-UUID
X-LI-Proto
X-Cache-Host
X-Cache-Id
IsBot
X-Li-Pop
X-BB-ID
Server-Host
Country-Code
X-SN
FNAC-ModuleRouting
X-Policy
X-Protected-By
X-Proxy-Cache-Status
Apple-News-Services-Handled
Apple-News-Services-Host
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-From
Backend
Apple-News-Services-Request-Url
X-Reboot
X-Proxy-Upstream
X-ServiceProvider
X-Request-URI
X-SIPLIST1
X-Sf
X-Servername
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Qloud-Router
X-Ocache
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
Cteonnt-Length
CDCHOST
Apple-News-Services-Parsed-Url
X-Swa-Ws
Fastly-SWR
X-Origin-Expires
X-Origin-Date
HA-Ipaddr
Ha-Gx-Prefs
Fastly-SIE
X-TT-LOGID
X-Page-Type
X-PHP-Host
User-Cache-Control
X-Core-Mission
X-ShopId
X-Shopify-Stage
X-Level-Front-Cache
X-Wikidot-Static-Cache
X-Geo-Header
X-Cms-Context
X-ShardId
X-Cache-Bucket
X-Server-IP
X-C
X-Cache-FS-Status
X-GeoIP-Country-Code
X-Ah-Environment
X-GeoIP-City
X-Fastly-Cache
X-Key
X-Skip-Cache
X-Edge-IP
X-Gateway-Cache-Key
X-User
X-Sorting-Hat-PodId
X-Block-Status
X-Variation
X-Gateway-Cache-Status
X-Amzn-Remapped-Content-Length
X-Thanos
X-Sorting-Hat-ShopId
X-Gen-Mode
X-Fetched-On
X-Gateway-Skip-Cache
X-Wikidot-Backend
X-Generated-On
X-Backend-Url
X-Planisys-CDN-Rules
Adler-Geo
AKAMAI
X-Planisys-CDN-TTL
Web-Mar-Node
X-Amz-Meta-Cache-Control
X-Alternate-Cache-Key
X-Bip
X-Planisys-CDN-Cache
Content-Disposition
X-No-Session
Heartbleed
HTTPS
Pagetype
Fastly-Soc-X-Request-Id
X-MSEdge-Features
X-MSEdge-Flight
Platform
X-Amzn-Remapped-Connection
X-Sucuri-Cache
X-Amzn-Remapped-Date
X-Auto-Login
X-Hnp-Log
X-S-Maxage
X-Backend-Host
X-BBXSRF
Is-Eu
X-Varnish-Beresp-Grace
X-FireWall-Port
X-Varnish-Beresp-Status
X-Real-Ip
X-Backend-State
Gh-Request-Id
X-Varnish-Url
X-Via-Edge
X-Server-Time
Fastly-SSL
X-TrackingId
Magicmarker
N-Cache
X-Owner
X-Via-SSL
Fastly-Backend-Name
SD-X-WS
X-GZip
X-NC
X-Sn-Servicetimems
X-Apm-Inst-Hash
X-Cdn-Origin
V-Age
X-Apm-App-Name
X-RateLimit-Reset
Server-ID
X-Apm-Svc-Key
MIME-Version
X-Org
X-Geo
X-Exp-Se
Rt-Proxy-Cache
REQUESTUUID
X-ND-Cache
X-Node-Id
X-Pjax-Url
X-Served-From
VivaBuild
X-FPC
Viewtype
X-Load-Cache
X-Varnish-Beresp-Ttl
X-CDN-Forward
X-CUA
HostName
Powered-By
X-B3-Parentspanid
X-Gdpr
X-Dc
X-Parent-Response-Time
X-CACHE-KEY
X-CSRF-TOKEN
Pragrma
X-Aicache-OS
Section-Io-Cache
X-Passed-To-PostProcessResponse
X-Passed-To-DLL
X-Returned-From-DLL
X-Passed-To-BeforeDispatch
X-Returned-From-PostProcessResponse
X-Returned-From-BeforeDispatch
X-Git-Hash
X-Nc
X-Returned-From
X-Original-Request
Memory
X-Stale
X-DC
Wxu-Next-Commit
Wxu-Next-Hostname
Wxu-Next-Region
X-Actual-URL
Time
X-Passed-To
X-Server-By
X-Svr
CF-IPCountry
X-VServer
X-Servedbyhost
X-Wa
X-Croise-Owner
Host-ID
X-HS-Cache-Config
X-Oss-Request-Id
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Oss-Server-Time
X-Edge-Server
X-Oss-Storage-Class
Cdn-Request-Time
PICS-Label
X-Host-Name
Cdn-Host
ProcessTime
Resin-Trace
X-Unique-ID
X-Release
Fastcgi-Useragent
Mime-Version
X-Tb-Optimization-Total-Bytes-Saved
X-Daa-Tunnel
X-TH-Server
X-WebServer
X-Microcachable
SID
X-Varnish-Beresp-TTL
X-Cache-HT
AR-SID
X-Optimization
X-Newrelic-Synthetics
X-Phone
Cdn
Cf-Ipcountry
X-From-Cache
X-Upstream-CT
X-Upstream-HT
X-Req
X-V
X-Lb-Id
X-Instart-Info
CF-Cached-On
Backend-Name
Odigeo-Trace-Id
X-Fastly-Backend-Reqs
X-Atg-Version
X-Worker
XServer
X-WR-MODIFICATION
X-LB-ID
Proxy-Firewall
X-HTML-Minification-Powered-By
X-Backend-TTL
X-APP
X-B3-SpanId
X-Vcl-Version
X-Fstrz
X-ID
Processtime
X-Server-W
X-Ratelimit-Remaining
Xxline
409pxxline
219prxHost
189phosttRef
188prxHost
X-Ratelimit-Limit
225prxHost
286prxHost
352pxline
X-Response-By
355prline
178proxuri
X-Zone
X-CLOUD-TRACE-CONTEXT
X-CACHE-AGE
Version
X-IPS-LoggedIn
X-Check-Cacheable
GMS-Ver
X-Nananana
Public-Key-Pins-Report-Only
X-NGINX-Cache
X-Akamai-Request-ID2
Pics-Label
X-UPSTREAM-Address
X-Vcache
Esi-Enabled
WZWS-RAY
Accept-Language
GeoIP-City
Fastcgi-X-Cache-Version
X-Microsite
X-Request-Handler-Origin-Region
X-VCL-Version
X-Contensis-Viewer-Groups
X-Ratelimit-Reset
X-URL
X-AssetVersion
X-WA
GeoIP-Country-Code
GeoIP-Latitude
SN
X-HS-Status
X-CSRF-Token
X-Hyper-Cache
X-ServedByHost
X-GEO
GW-Server
X-Amz-Meta-Surrogate-Control
DataCenter
Geoip-Latitude
GeoIp-Country-Code
X-Be
Lb
X-UE-Client-Country
X-We-Are-Hiring
X-SERVER-NAME
Mobile-Detection-Method
Countrycode
X-Fastly-Country-Code
X-Clientip
X-RequestId
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
X-ZONE
X-Dynatrace
X-Request-Start
Geoip-City
X-Via-Ucdn
X-Urbn-Site-Id
X-BE
SS
X-Via-NSCOPI
X-Urbn-Context-Path
X-Render-Time
Locale
X-GDPR
Ohc-File-Size
X-Cdn-Cache
WP-Super-Cache
X-LiteSpeed-Cache-Control
X-Flog
X-NWS-UUID-VERIFY
X-ABtesting
X-CS
X-Reqid
URI
X-Hello
X-GZIP
X-Unique-Id
FSS-Cache
FSS-Proxy
X-HS-Combine-CSS
X-PJAX-URL
CDN
X-PF-Uncompressing
IBM-Web2-Location
X-Fpc
Dnion-Transfer-Encoding
X-Gen-Id
X-HostName
Dynatrace
Amp-Access-Control-Allow-Source-Origin
X-SRV
FastCGI-Cache
X-FORWARDED-FOR
X-Test
X-Generation-Time
X-Fastly-Cache-Hits
Cneonction
X-NGENIX-Cache
X-Pf-Uncompressing
Serverid
RequestUuid
X-Cache-Ttl
Requestid
X-Html-Edge-Cache
Accept-Ch
X-Request-Url
X-LiteSpeed-Tag
X-Compress-Hint
X-Store
Ohc-Cache-HIT
X-Cluster-Name
Server-Id
A
X-Bug-Bounty
X-Akamai-SSL-Client-Sid
X-Dw-Trace-Id
X-Port
RequestId
Ohc-Response-Time
Frontcache
X-HTML-Edge-Cache
X-Cdn-Request-ID
X-ServerName
X-EC-Lua
X-Serial
Get-Access-Time
Is-Session-Tracking
NnCoection
X-UCC