Threat Level: green Handler on Duty: Russ McRee

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
X-Powered-By
Link
ETag
CF-RAY
X-XSS-Protection
Expect-CT
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
CF-Cache-Status
X-Timer
Access-Control-Allow-Headers
X-Request-Id
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-Xss-Protection
X-Drupal-Cache
X-Adblock-Key
Alt-Svc
X-Check
X-Cacheable
Content-Security-Policy-Report-Only
X-Request-ID
X-Cache-Status
X-Generator
CF-Ray
X-DNS-Prefetch-Control
X-Permitted-Cross-Domain-Policies
X-AspNetMvc-Version
X-Template
X-Language
Status
X-Iinfo
Content-Encoding
Timing-Allow-Origin
X-Buckets
X-FRAME-OPTIONS
X-Content-Security-Policy
Upgrade
Xkey
X-CDN
X-Turbo-Charged-By
X-Kinja-Server-Push
Keep-Alive
Access-Control-Expose-Headers
X-Backend
X-Cache-Group
X-Pass-Why
Access-Control-Max-Age
X-AH-Environment
X-Drupal-Dynamic-Cache
X-Age
X-Ua-Compatible
X-Pingback
X-Server
X-Via
X-Proxy-Cache
Grace
X-Amz-Request-Id
X-Amz-Id-2
X-Hacker
X-Varnish-Cache
WPE-Backend
X-Robots-Tag
X-Page-Speed
X-Server-Powered-By
X-Nginx-Cache-Status
X-UA-Device
EagleId
Request-Context
X-Envoy-Upstream-Service-Time
Cf-Railgun
P3p
X-Amz-Version-Id
X-LiteSpeed-Cache
X-Swift-SaveTime
X-Swift-CacheTime
X-WebKit-CSP
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-OneAgent-JS-Injection
X-Device
Ali-Swift-Global-Savetime
Server-Timing
Allow
X-Ac
X-Rq
X-Node
X-Host
Content-Location
X-CST
Feature-Policy
X-Cnection
X-Server-Id
X-Response-Time
Report-To
X-Backend-Server
X-Cloud-Trace-Context
Surrogate-Control
X-Application-Context
EagleEye-TraceId
X-Type
X-Iejgwucgyu
X-ORACLE-DMS-ECID
X-Url
X-Readtime
X-Origin-Cache
Request-Id
X-Rack-Cache
X-Country
X-FTR-Request-ID
X-Clacks-Overhead
X-Country-Code
X-Cache-Lookup
NEL
Rating
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Instart-Request-ID
X-Vhost
X-DynaTrace
X-Ruxit-JS-Agent
X-Mod-Pagespeed
Pinterest-Generated-By
X-Origin-Upstream-Status
X-DataDome
X-Px
Edge-Control
X-Goog-Hash
X-Upstream-Env
Verso
X-Server-Name
X-HW
Accept-CH
X-ESI
X-Dispatcher
MS-Author-Via
X-VARITI-CCR
AR-PoweredBy
AR-ATIME
AR-CACHE
X-GitHub-Request-Id
PB-PID
X-MS-InvokeApp
X-Mobile-Rewrite
Arc-Version
PB-RID
X-ORACLE-DMS-RID
X-Exp-Id
X-Kinja-Revision
X-Use-Magma
X-Cdn-Fetch
X-Kinja-Build
X-Kinja
X-GoogleNews-Bot
X-Exp-Variant
X-Kinja-Server
X-DataStream-Cache-Status
X-Cached
X-Version
Charset
X-TTL
Public-Key-Pins
X-Powered-By-Plesk
Content-MD5
X-Server-ID
X-Recruiting
Service-Worker-Allowed
AR-Request-ID
Accept-CH-Lifetime
Ar-Sid
RTSS
X-Abt-Application-Version
X-Navigation-Version
X-D2id
X-PC
X-TtlSet
X-Vname
X-Ser
X-Amz-Server-Side-Encryption
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Vcap-Request-Id
X-Varnish-TTL
X-Trace
X-Forwarded-Proto
X-Client-IP
SPRequestGuid
Nginx-Cache
X-Country-Code-Real
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-DC
X-FTR-Realm
X-FTR-Backend
X-FTR-Cache-Status
X-DynaTrace-JS-Agent
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Generation
X-FTR-Expires
X-Amz-Rid
S
X-Fastly-Request-ID
X-SharePointHealthScore
X-Amz-Meta-S3cmd-Attrs
X-VCache
X-Cdn
X-Debug
X-Oracle-Dms-Rid
DynaTrace
Arr-Disable-Session-Affinity
X-Hits
TCN
X-Dw-Request-Base-Id
X-Shield-Request-Id
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-XRDS-Location
X-Pinterest-Rid
X-Upstream-Proxy
SPIisLatency
SPRequestDuration
Pinterest-Version
X-Akam-SW-Version
X-B3-TraceId
Access-Control-Request-Method
X-Powered-CMS
X-FTR-Cache-Host
X-T
X-Goog-Storage-Class
Front-End-Https
Realpath
X-SERVER
X-NF-Request-ID
X-Acc-Meta-Resource-Type
Tracecode
X-Amzn-Trace-Id
X-Id
X-MSEdge-Ref
X-Aspnet-Version
Fastcgi-Cache
X-N
X-Content-Type
Paypal-Debug-Id
X-Varnish-Age
X-Forwarded-For
X-Upstream
X-Dns-Prefetch-Control
X-Fastcgi-Cache
X-B3-TraceId-Primal
X-Ttl
Mrf-Cache-Status
MRF-Tech
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
Alternate-Protocol
X-Frontend
X-Logged-In
X-PressLabs-Stats
X-Content-Digest
Fusion-Content-Id
X-HS-Content-Id
X-HS-Hub-Id
Fusion-Source
Fusion-Template-Id
Fusion-Content-Source
Fusion-Component-Id
X-RateLimit-Remaining
X-Sol
Display
X-Middleton-Display
AMP-Access-Control-Allow-Source-Origin
X-Middleton-Response
Response
X-Litespeed-Cache
X-Cache-Key
X-Srv
X-Hostname
X-Accel-Expires
X-Pad
X-Webkit-CSP
Host
MicrosoftSharePointTeamServices
X-Kinsta-Cache
Server-Name
Backend-Timing
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
X-Analytics
X-User-Agent
X-Content-Options
X-Correlation-Id
X-LB-Cache
X-Revision
X-B3-Traceid
X-AppVersion
X-Amz-Apigw-Id
X-Az
X-Debug-Info
X-Activity-Id
X-Amzn-RequestId
X-Accel-Buffering
X-Cache-2
Accept-Charset
X-IPLB-Instance
X-Cache-Hit
X-Rid
X-B3-Sampled
Refresh
FilterID
Surrogate-Key
X-Grace
X-B
Powered-By-ChinaCache
X-DIS-Request-ID
ServerID
X-CF-Powered-By
X-Ruxit-Js-Agent
X-Page-Id
Server-Info
X-Whom
Host-Header
MS-CV
X-Request-Received
TP-Cache
X-Request-Processing-Time
TP-L2-Cache
X-PHP-Backend
X-Content-Security-Policy-Report-Only
Cache-Status
X-App-Environment
X-Varnish-Backend
X-Amz-Replication-Status
Source
X-TT
X-F-Cache
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Cached-By
X-Origin-Server
X-Cluster
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-UA-Device-Type
X-Akamai-Edgescape
X-Cache-Action
X-Framework
X-Tumblr-User
X-Tumblr-Pixel-0
X-Tumblr-Pixel
Access-Control-Allow-Method
X-Varnish-Grace
X-Mobile
X-Content-Powered-By
X-FW-Static
X-FW-Server
X-FW-Serve
X-FW-Hash
X-Request-Guid
X-Platform-Server
X-FW-Type
X-FB-Debug
X-Drupal-Cache-Tags
X-Instance
X-Zen-Fury
X-SS-Set-Cookie
X-GUploader-UploadID
X-Geo-Country
X-Forwarded-Host
X-Shard
X-Magnolia-Registration
X-Handled-By
X-Ezoic-Cdn
X-Cache-TTL
Edge-Cache-Tag
X-FastCGI-Cache
X-RateLimit-Limit
PageSpeed
X-Node-Name
From-Origin
X-ATG-Version
X-Varnish-Hostname
X-Cache-Age
Cache-Tags
X-Varnish-Server
DC
X-App-Server
Cleartype
X-BCube-Filmed-By
X-AOL-HN
X-TA-CDN-Provider
X-Cache-Control
X-XRDS-LOCATION
Fastly-Restarts
Upgrade-Insecure-Requests
Healthy
X-Generated-By
X-WebKit-CSP-Report-Only
X-Region
X-Response-Served-From
Filters
Payment
X-RequestSource
X-Adobe-Content
X-Adobe-Loc
X-Signature
X-TX-ID
X-Cache-Rule
X-B-Cache
Server-Node
X-RTag
X-GeoIP
NGB
X-UUID
X-TT-TIMESTAMP
X-Redis-Cache
Country
Ms-Operation-Id
CACHE
X-Storage
X-Jobs
X-FW-Dynamic
Webserver
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
Actual-Object-TTL
X-Content-Age
X-VG-WebCache
Retry-After
X-Locale
X-Drupal-Cache-Contexts
X-Varnish-Hits
X-Cacheable-TTL
Cache-Tv-Group
GEO-INFO
ServedBy
Powered
Liferay-Portal
Frame-Options
X-Contextid
HitType
X-Seen-By
X-Rendered-As
X-Oneagent-Js-Injection
X-WA-Info
X-Cache-TTL-Remaining
X-Guploader-Uploadid
X-Varnish-IP
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Via-JSL
X-Real-IP
X-Wix-Server-Artifact-Id
X-Cache-NE
X-ProcessESI
Eomportal-Instance
X-RemovedCookies
Viewport
X-Upgrade-Enabled
S-Cnection
X-BACKEND-TTL
X-Cache-Server
Xserver
X-Dynatrace-Js-Agent
X-Mode
X-Esi
X-Time
X-GRACE
Datacenter
Content-Script-Type
Content-Style-Type
X-Routing-Service
X-Device-Type
X-RN-RSRV
Mn-Server-Ip
X-Cache-Var
X-Cache-Enabled
X-Zipkin-Id
X-Cache-Var-Map
X-Proxied
X-Detected-As
X-Path-Route
OT-Force-Account-Verify
X-ES-SERVER
X-From
Cache-Hits
Load-Balancing
X-Is-Bot
Meta-Geo
X-Hl-Ver
X-Proto
Machine
NtCoent-Length
X-S
X-Cache-Config
TWC-Device-Class
TWC-Connection-Speed
TWC-GeoIP-LatLong
TWC-Locale-Group
Property-Id
TWC-GeoIP-Country
Mail-Subject
X-Cache-Operation
X-Varnish-Cache-Hits
Access-Control-Request-Headers
Cache-Key
TWC-Privacy
NGX
Webcakes-App-Version
X-LJ-Flow-ID
X-L-Path
X-Origin-Hint
X-Viewer-Country
X-VWS-Id
X-Hosted-By
X-FC-Vary-Parameters
Webcakes-Region
Webcakes-App-Name
X-AWS-Id
X-Environment-Context
X-FB-TRIP-ID
We-Hiring
X-Proxy
X-Akamai-Transformed
Azure-SiteName
Azure-SlotName
Azure-RegionName
Azure-InstanceId
Origin-Edge-Control
X-Loop
X-FW-Version
Azure-Version
X-EIG-Tracking-Id
Vix-Hermes-Req-Id
Origin-Cache-Control
X-Akamai-Request-ID
X-Birta-Cache-Post
L5d-Success-Class
X-Birta-Served
X-Debug-Cache
X-Origin-Response-Time
X-Web-Node
X-Backend-Name
X-TNCMS
X-VG-TLSProxy
X-Tb
X-ServerID
X-Xfnlog-Site
X-CCM
X-BYPASS-REASON
Now
DB-Nickname
X-NCache
X-Rocket-Nginx-Bypass
S-Rt
Selected-FE
X-Tumblr-Pixel-3
X-Access
X-Via-CDN
X-Time-Microsecs
X-Labrador-Cache-Channel
X-Proxy-Build
X-ProxyCache-Key
X-ProxyCache-Status
X-JoinUs
X-IP
X-Via-Fastly
X-Section
X-Vgn-Hpd-Reason
X-Trace-Id
X-Format
X-Timing-Wait
X-Endurance-Cache-Level
X-PCL
X-RCS-CacheZone
X-Cache-Category-Id
X-Varnish-Cacheable
Cache-Tag
Uber-Trace-Id
X-Www-Served-By
X-Grey
X-Generated
X-NWS-LOG-UUID
X-Human
X-Site-Version
X-OCL
Decoy-Debug-Status
X-Newrelic-App-Data
Decoy-Debug-Key
Decoy-Debug-TTL
X-Status
X-R9-Blue-Green-Version
X-MP-GENERATED-AT
Served-By
X-Internal-Host
X-VC-Cache
X-Cache-Remote
X-Rule
X-UA
X-Wix-Request-Id
LB
X-CDN-Cache
ViewerVersion
X-EdgeConnect-Cache-Status
X-UnsetCookies
Release
AsisCache
X-Cluster-Node
X-Origin-Host
Rt-Fastcgi-Cache
X-Sucuri-ID
X-TIME
Nel
X-NewRelic-App-Data
X-ApacheServer
X-PERF
X-App-Version
X-App-Name
X-Nginx-Cache
X-Varnish-Ttl
X-B3-Spanid
X-Datadome
X-Agile-Id
X-Request-Time
X-Agile
X-Agile-Age
X-Ua
User-Agent
X-Source
X-Goog-Meta-Goog-Reserved-File-Mtime
X-OVcl-Cache
Cache-Name
X-OVcl
X-APP-VERSION
X-Hit
Pagespeed
X-VCT
X-Edge-Location
X-Origin
Hostname
Warning
X-Pubstack
X-WPE-Loopback-Upstream-Addr
X-Origin-TTL
X-Origin-CC
X-Hp-Webp
X-CF-Lambda-Fn
X-IN-APIGATEWAY
X-Application
DSUID
X-B-Cookie
X-ARC
BehaviorPad-Version
X-Var-Ttl
X-Instart-Isnd
X-Aed
X-Accel-Expires-Debug
X-A-Wwc
X-Trv-Group
X-Varnish-Authentication
Fly-Request-Id
Fly-Cache
X-Cache-Info
X-Generated-In
X-IN-WAF
X-G
X-Date
Ajk
X-D
X-Cache-ASPX
SRV
X-Developer
X-Cache-Expires
X-Debug-Cookies
X-Debug-Log
X-Destination
Cache-Prefix
Cross-Origin-Window-Policy
X-Cache-Grace
X-CF-Lambda-Version
Ec-Rule-Version
Arc-Country
X-Connection-Hash
X-Core-Value
X-A-Dgt
X-DPWN-IS-SECURE
X-External-Request-Id
X-F5-Cache
X-BB-ID
X-VG-WebServer
Server-Surrogate-Control
Rendered-Blocks
Node
X-NodeID
On-Server
X-Rewrite-Enabled
X-Rojux
X-ScT
Thinkindot-CacheControl-Type
Meta-Geo-Continent
X-A-Dcw
X-S-Cookie
X-PAYTM-SRV-ID
X-NU-AKA-ACS-Version
Request-Time
X-Webstats-RespID
Request-EU
Xc-Version
Request-Country
X-Region-Sid
Server-Cache-Control
X-NX-Host
Origin
X-Twitter-Response-Tags
X-Request-UUID
Memcached
Thinkindot-CacheControl
UCS
X-Edge-IP
X-A
X-Cdn-Forward
X-A-Ccd
X-SRCache-Key
Www
X-Server-Group
X-Processor
Lfy
X-Logtrace-Id
X-Matched-Rule
X-Mobile-URL
MD5-Digest
X-Transaction
X-Thinkindot-L3
X-A-Dam
Thinkindot-Control
User-Cache-Control
X-ElasticPress-Search
X-Protected-By
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-Cache-Backend
X-Cache-Host
RNT-Machine
RNT-Time
X-Cache-Debug
X-Cache-Bucket
X-C
X-Block-Status
True-Client-Country-4JS
X-Amzn-Remapped-Date
Server-Host
Server-Int
X-Amzn-Remapped-Connection
X-Hash
X-Up
X-ServiceProvider
X-Secret
X-Nginx-Cache-Key
X-Rebelmouse-Cache-Control
X-RateLimit-Remaining-Second
X-Sf
X-Swa-Ws
X-LI-UUID
X-Sedo-Request-Id
X-SIPLIST1
X-No-Session
X-Rebelmouse-Surrogate-Control
X-Origin-Date
X-Cache-Miss-From
X-Origin-Expires
X-Reboot
X-Request-URI
X-Refresh
X-Policy
X-Platform
X-PHP-Host
X-Page-Type
X-RateLimit-Limit-Second
X-Qloud-Router
X-Distil-CS
X-Dispatcher-Server
X-Distributor
X-Gannett-Site-Version
X-Gen-Mode
X-Device-Os
X-Developers
X-Crawler
X-Debug-Cache-Expiry
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-Geo-Header
X-TT-LOGID
X-Li-Fabric
X-Li-Pop
X-Varnish-Url
X-LI-Proto
X-Key
X-Irp-Debug
X-Proxy-Upstream
X-Hnp-Log
X-Proxy-Cache-Status
X-Info
X-Cache-Id
Web-Mar-Node
Fastly-SWR
Proxy-Connection
Country-Code
Fastly-Backend-Name
Kp-EeAlive
X-Sucuri-Cache
Fastly-SIE
IsBot
X-Ocache
Cache-Cookie-Set-From
Cache-Cookie-Set-Lfrom
CDCHOST
Backend
Cache-Cookie-Set-Idcheck
Pramga
Pagetype
X-FireWall-Port
X-Eu-Site
X-GeoIP-City
X-Fetched-On
X-Generated-On
X-Epic-Correlation-Id
AKAMAI
X-Cms-Context
X-CGP
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
X-Core-Mission
X-LAGOON
Apple-News-Services-Handled
Apple-News-Services-Host
Adler-Geo
X-MSEdge-Flight
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-Via-SSL
X-Via-Edge
X-Variation
ServerName
X-Cdn-Srv
FNAC-ModuleRouting
X-Real-Ip
X-Micro-Cache
X-Location
X-User
X-TrackingId
X-Servername
X-ShardId
X-Server-IP
X-MSEdge-Features
X-Ah-Environment
X-ShopId
X-Shopify-Stage
X-Thanos
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-SN
X-Level-Front-Cache
X-S-Maxage
HA-Ipaddr
Magicmarker
Fastly-Soc-X-Request-Id
HTTPS
Ha-Gx-Prefs
Fastly-SSL
X-Amz-Meta-Cache-Control
Is-Eu
X-Alternate-Cache-Key
X-Amzn-Remapped-Content-Length
Heartbleed
X-Cache-FS-Status
X-BBXSRF
X-Bip
Content-Disposition
SD-X-WS
N-Cache
Platform
Cteonnt-Length
X-Owner
X-Auto-Login
X-Fastly-Cache
X-Backend-Host
X-Gateway-Skip-Cache
X-Gateway-Cache-Status
X-Backend-Url
X-Skip-Cache
X-Gateway-Cache-Key
X-GeoIP-Country-Code
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Server-Time
X-Planisys-CDN-Cache
X-Backend-State
X-Varnish-Beresp-Ttl
X-GZip
X-Node-Id
Gh-Request-Id
X-RateLimit-Reset
Server-ID
Cache
MIME-Version
X-Org
X-Sn-Servicetimems
X-NC
X-Apm-Inst-Hash
V-Age
X-FPC
X-Apm-App-Name
X-Cdn-Origin
X-Apm-Svc-Key
X-Pjax-Url
X-Exp-Se
Powered-By
X-CUA
X-Geo
VivaBuild
Viewtype
Rt-Proxy-Cache
X-ND-Cache
REQUESTUUID
X-Load-Cache
Section-Io-Cache
X-CACHE-KEY
HostName
X-Gdpr
X-Served-From
Pragrma
X-CDN-Forward
X-Dc
X-B3-Parentspanid
X-Passed-To-BeforeDispatch
X-Passed-To-DLL
X-Passed-To-PostProcessResponse
X-Aicache-OS
X-Returned-From-PostProcessResponse
X-Server-By
X-Returned-From-DLL
X-Returned-From-BeforeDispatch
X-Stale
X-Returned-From
X-Svr
X-Passed-To
X-Original-Request
X-Actual-URL
X-Nc
X-Parent-Response-Time
Memory
X-VServer
Host-ID
X-CSRF-TOKEN
X-Croise-Owner
X-DC
Time
X-HS-Cache-Config
Fastcgi-Useragent
Wxu-Next-Hostname
Cdn-Host
Wxu-Next-Region
X-Edge-Server
X-Git-Hash
Cdn-Request-Time
Wxu-Next-Commit
X-Unique-ID
PICS-Label
Resin-Trace
X-Wa
X-Servedbyhost
ProcessTime
X-Microcachable
CF-IPCountry
X-Oss-Storage-Class
X-Oss-Server-Time
X-Oss-Object-Type
X-Oss-Request-Id
X-Oss-Hash-Crc64ecma
SID
X-Host-Name
Mime-Version
X-Tb-Optimization-Total-Bytes-Saved
X-Release
X-Cache-HT
X-Newrelic-Synthetics
X-Optimization
X-ID
X-V
AR-SID
X-Lb-Id
Cdn
X-From-Cache
X-WebServer
X-Req
Cf-Ipcountry
X-TH-Server
X-Daa-Tunnel
Odigeo-Trace-Id
X-Phone
X-Varnish-Beresp-TTL
X-Upstream-CT
X-Upstream-HT
X-Instart-Info
X-HTML-Minification-Powered-By
X-APP
X-Ratelimit-Remaining
X-Atg-Version
X-Fastly-Backend-Reqs
Proxy-Firewall
Backend-Name
X-Fstrz
XServer
CF-Cached-On
X-Ratelimit-Limit
X-B3-SpanId
X-WR-MODIFICATION
X-Vcl-Version
Processtime
X-LB-ID
X-Response-By
219prxHost
225prxHost
189phosttRef
352pxline
178proxuri
X-Zone
GMS-Ver
X-Nananana
409pxxline
355prline
X-Worker
X-Server-W
Public-Key-Pins-Report-Only
X-Backend-TTL
188prxHost
Xxline
286prxHost
X-CACHE-AGE
X-CLOUD-TRACE-CONTEXT
X-IPS-LoggedIn
WZWS-RAY
X-Check-Cacheable
Version
X-WA
X-Vcache
X-GEO
X-NGINX-Cache
Fastcgi-X-Cache-Version
Esi-Enabled
X-ServedByHost
X-Amz-Meta-Surrogate-Control
X-HS-Status
X-UPSTREAM-Address
X-URL
Pics-Label
X-Ratelimit-Reset
Lb
X-Akamai-Request-ID2
X-We-Are-Hiring
X-Clientip
X-Contensis-Viewer-Groups
Mobile-Detection-Method
X-CSRF-Token
GW-Server
Accept-Language
SN
Countrycode
X-VCL-Version
X-AssetVersion
X-UE-Client-Country
X-Hyper-Cache
GeoIp-Country-Code
Geoip-Latitude
DataCenter
GeoIP-Country-Code
GeoIP-City
GeoIP-Latitude
X-SERVER-NAME
Geoip-City
X-Fastly-Country-Code
SS
X-SRV
X-Dynatrace
Ohc-File-Size
X-Request-Start
X-Render-Time
X-Vtex-Remote-Cache
X-HostName
X-Request-Handler-Origin-Region
X-BE
X-Microsite
X-Via-Ucdn
X-RequestId
X-Be
X-Vtex-Processado-Em
Serverid
X-GZIP
WP-Super-Cache
Locale
URI
X-Reqid
X-HS-Combine-CSS
X-ZONE
X-NWS-UUID-VERIFY
X-Via-NSCOPI
X-CS
X-PF-Uncompressing
X-Urbn-Context-Path
FSS-Cache
X-LiteSpeed-Cache-Control
FSS-Proxy
X-GDPR
X-Urbn-Site-Id
X-Unique-Id
X-PJAX-URL
CDN
X-Cdn-Cache
X-Hello
X-Flog
X-ABtesting
X-Gen-Id
X-FORWARDED-FOR
FastCGI-Cache
Dynatrace
Amp-Access-Control-Allow-Source-Origin
Cneonction
X-Fpc
X-Fastly-Cache-Hits
IBM-Web2-Location
X-Generation-Time
X-Pf-Uncompressing
Dnion-Transfer-Encoding
Ohc-Cache-HIT
RequestUuid
X-Cache-Ttl
X-Test
X-LiteSpeed-Tag
X-Store
X-Request-Url
X-UCC
X-Html-Edge-Cache
Server-Id
Accept-Ch
A
X-Akamai-SSL-Client-Sid
Ohc-Response-Time
X-Serial
X-Dw-Trace-Id
RequestId
Requestid
Frontcache
Is-Session-Tracking
X-Cdn-Request-ID
NnCoection
X-ServerName
Who
X-Varnish-Action
X-EC-Lua
Get-Access-Time
X-Port
X-HTML-Edge-Cache