Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
X-Powered-By
Link
ETag
CF-RAY
X-XSS-Protection
Expect-CT
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
CF-Cache-Status
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-Xss-Protection
X-FRAME-OPTIONS
X-Drupal-Cache
X-Adblock-Key
Alt-Svc
X-Check
X-Cacheable
X-Cache-Status
Content-Security-Policy-Report-Only
X-Generator
X-Request-ID
CF-Ray
X-DNS-Prefetch-Control
X-Permitted-Cross-Domain-Policies
X-AspNetMvc-Version
X-Template
X-Language
Status
X-Iinfo
Content-Encoding
Timing-Allow-Origin
X-Content-Security-Policy
X-Buckets
Upgrade
Xkey
X-Turbo-Charged-By
X-Kinja-Server-Push
X-CDN
Keep-Alive
Access-Control-Expose-Headers
X-Server
X-AH-Environment
X-Backend
Access-Control-Max-Age
X-Cache-Group
X-Pass-Why
X-Drupal-Dynamic-Cache
X-Age
X-Ua-Compatible
X-Via
X-Pingback
X-Proxy-Cache
X-Amz-Request-Id
X-Amz-Id-2
Grace
X-Hacker
X-Varnish-Cache
X-Page-Speed
X-Robots-Tag
WPE-Backend
X-Nginx-Cache-Status
X-Server-Powered-By
X-UA-Device
EagleId
Request-Context
X-Envoy-Upstream-Service-Time
P3p
Cf-Railgun
X-Amz-Version-Id
X-Swift-SaveTime
X-Swift-CacheTime
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-OneAgent-JS-Injection
X-LiteSpeed-Cache
Ali-Swift-Global-Savetime
X-WebKit-CSP
X-Device
Server-Timing
X-Server-Id
X-Rq
X-Ac
X-Node
Allow
X-Host
Content-Location
Feature-Policy
X-Cnection
X-Response-Time
Report-To
X-Cloud-Trace-Context
X-Backend-Server
EagleEye-TraceId
Surrogate-Control
X-Application-Context
X-CST
X-ORACLE-DMS-ECID
Request-Id
X-Url
X-Origin-Cache
X-Iejgwucgyu
X-Readtime
X-Rack-Cache
X-FTR-Request-ID
X-Country
X-Cache-Lookup
X-Clacks-Overhead
X-Country-Code
Rating
NEL
X-DataDome
X-Instart-Request-ID
X-Vhost
X-Ruxit-JS-Agent
Pinterest-Generated-By
X-DynaTrace
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Cdn
X-Mod-Pagespeed
X-Origin-Upstream-Status
Edge-Control
X-Goog-Hash
X-HW
X-Px
Accept-CH
X-Dispatcher
Verso
X-ESI
X-ORACLE-DMS-RID
X-Server-Name
MS-Author-Via
AR-ATIME
AR-PoweredBy
AR-CACHE
X-VARITI-CCR
X-GitHub-Request-Id
Arc-Version
X-Mobile-Rewrite
PB-PID
PB-RID
X-DataStream-Cache-Status
X-MS-InvokeApp
X-Kinja-Server
X-Use-Magma
X-Kinja-Revision
X-Kinja-Build
X-Cdn-Fetch
X-Exp-Id
X-GoogleNews-Bot
X-Kinja
X-Exp-Variant
Public-Key-Pins
X-Type
X-Powered-By-Plesk
X-Cached
Content-MD5
Service-Worker-Allowed
X-Version
Accept-CH-Lifetime
AR-Request-ID
X-Upstream-Env
X-D2id
X-Amz-Server-Side-Encryption
X-Recruiting
RTSS
X-Navigation-Version
X-TTL
X-Abt-Application-Version
Charset
X-Ser
X-Vcap-Request-Id
X-PC
X-Vname
X-TtlSet
Ar-Sid
X-Varnish-TTL
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Forwarded-Proto
Nginx-Cache
X-Client-IP
X-Trace
SPRequestGuid
X-FTR-Balancer
X-FTR-Cache-Status
X-FTR-DC
X-FTR-Realm
X-FTR-Backend
X-FTR-Backend-Server
X-Country-Code-Real
X-DynaTrace-JS-Agent
X-FTR-Expires
DynaTrace
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-VCache
X-Amz-Rid
X-Fastly-Request-ID
X-Amz-Meta-S3cmd-Attrs
S
X-Hits
X-XRDS-Location
TCN
X-Debug
X-Pinterest-Rid
X-Upstream-Proxy
Pinterest-Version
X-SharePointHealthScore
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-Akam-SW-Version
X-Dw-Request-Base-Id
X-Shield-Request-Id
X-Powered-CMS
Arr-Disable-Session-Affinity
SPRequestDuration
X-FTR-Cache-Host
SPIisLatency
X-Oracle-Dms-Rid
X-T
Access-Control-Request-Method
X-Goog-Storage-Class
X-Webkit-CSP
X-Id
X-Server-ID
Realpath
X-Ttl
X-Aspnet-Version
X-Litespeed-Cache
X-Acc-Meta-Resource-Type
Tracecode
X-NF-Request-ID
X-MSEdge-Ref
X-Amzn-Trace-Id
Front-End-Https
X-N
Fastcgi-Cache
X-B3-Traceid
X-Varnish-Age
X-Content-Type
X-Upstream
X-Forwarded-For
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
Mrf-Cache-Status
X-B3-TraceId-Primal
MRF-Tech
X-Fastcgi-Cache
Paypal-Debug-Id
Alternate-Protocol
X-Middleton-Response
Response
X-Middleton-Display
X-Sol
Display
X-Frontend
X-Content-Digest
X-HS-Hub-Id
X-HS-Content-Id
X-Logged-In
X-Pad
Fusion-Template-Id
Fusion-Source
Fusion-Component-Id
Fusion-Content-Source
Fusion-Content-Id
X-B3-TraceId
X-Hostname
X-PressLabs-Stats
X-Srv
AMP-Access-Control-Allow-Source-Origin
X-RateLimit-Remaining
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
X-Accel-Expires
X-Grace
Host
X-Cache-Key
ServerID
MicrosoftSharePointTeamServices
X-Analytics
Backend-Timing
X-Correlation-Id
X-B3-Sampled
Server-Name
X-IPLB-Instance
X-Revision
X-Debug-Info
Surrogate-Key
X-Az
X-LB-Cache
X-Activity-Id
X-AppVersion
X-User-Agent
X-Rid
X-Kinsta-Cache
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Cache-Hit
X-Content-Options
FilterID
Accept-Charset
X-Cache-2
Refresh
Powered-By-ChinaCache
X-CF-Powered-By
X-Request-Processing-Time
X-Request-Received
TP-L2-Cache
TP-Cache
X-B
MS-CV
X-Page-Id
X-Whom
X-Cached-By
Host-Header
X-Ruxit-Js-Agent
Cache-Status
Server-Info
X-DIS-Request-ID
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-TT
X-Varnish-Backend
Source
X-Akamai-Edgescape
X-Amz-Replication-Status
X-Content-Security-Policy-Report-Only
X-GUploader-UploadID
X-Origin-Server
X-App-Environment
X-F-Cache
X-Platform-Server
X-Mobile
X-PHP-Backend
X-Ezoic-Cdn
X-Cluster
X-Tumblr-Pixel-0
X-Cache-Action
X-Tumblr-Pixel
X-Tumblr-User
X-FW-Type
X-Forwarded-Host
X-Node-Name
X-FW-Hash
X-FW-Serve
X-Varnish-Grace
X-FW-Static
X-FW-Server
X-Framework
X-Request-Guid
X-Instance
X-FB-Debug
X-Shard
X-Content-Powered-By
X-Drupal-Cache-Tags
Access-Control-Allow-Method
X-UA-Device-Type
Fastly-Restarts
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Geo-Country
PageSpeed
Edge-Cache-Tag
X-TA-CDN-Provider
X-FastCGI-Cache
X-Accel-Buffering
X-Zen-Fury
X-Varnish-Hostname
X-Handled-By
From-Origin
X-RateLimit-Limit
Cache-Tags
X-Cache-TTL
X-Magnolia-Registration
X-AOL-HN
X-Cache-Age
X-BCube-Filmed-By
X-SS-Set-Cookie
X-Cache-Control
X-Cache-Rule
X-ATG-Version
Upgrade-Insecure-Requests
Healthy
Retry-After
X-Varnish-Server
Payment
Cleartype
Server-Node
DC
X-RequestSource
X-App-Server
X-Response-Served-From
Country
X-Adobe-Content
X-Adobe-Loc
X-TX-ID
X-B-Cache
X-Signature
X-Storage
Powered
X-WebKit-CSP-Report-Only
Filters
X-RTag
Ms-Operation-Id
Actual-Object-TTL
X-TT-TIMESTAMP
X-Tumblr-Pixel-2
X-UUID
X-GeoIP
X-FW-Dynamic
X-Tumblr-Pixel-1
X-VG-WebCache
X-Redis-Cache
X-Dns-Prefetch-Control
X-Region
X-Drupal-Cache-Contexts
X-Jobs
Cache-Tv-Group
X-XRDS-LOCATION
X-Cacheable-TTL
X-Content-Age
X-Varnish-Hits
X-Generated-By
Frame-Options
X-Locale
X-WA-Info
Webserver
GEO-INFO
NGB
ServedBy
X-Oneagent-Js-Injection
X-Cache-NE
CACHE
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Contextid
X-BACKEND-TTL
X-RemovedCookies
X-ProcessESI
X-NWS-LOG-UUID
HitType
Eomportal-Instance
X-Rendered-As
Liferay-Portal
X-Cache-Operation
X-Real-IP
X-Cache-TTL-Remaining
X-Guploader-Uploadid
X-Varnish-IP
X-Upgrade-Enabled
X-Esi
X-Mode
Viewport
X-Via-JSL
LB
X-Varnish-Cache-Hits
S-Cnection
Meta-Geo
X-Cache-Var
X-Cache-Var-Map
Mn-Server-Ip
X-Cache-Enabled
X-Is-Bot
X-Device-Type
X-Zipkin-Id
X-Routing-Service
X-ES-SERVER
X-Proxied
X-RN-RSRV
OT-Force-Account-Verify
Cache-Hits
X-Path-Route
X-Hl-Ver
X-From
X-Proto
Cache-Key
Load-Balancing
X-Detected-As
Machine
X-Time
X-Cache-Remote
X-Cache-Server
X-Tb
X-Time-Microsecs
X-FW-Version
X-FB-TRIP-ID
X-VG-TLSProxy
X-Akamai-Transformed
Property-Id
NGX
X-Hosted-By
X-Proxy
X-NCache
X-Origin-Hint
X-LJ-Flow-ID
Access-Control-Request-Headers
L5d-Success-Class
X-L-Path
X-R9-Blue-Green-Version
TWC-Connection-Speed
X-FC-Vary-Parameters
X-Viewer-Country
Webcakes-App-Name
Vix-Hermes-Req-Id
Webcakes-Region
X-Environment-Context
X-Backend-Name
X-AWS-Id
X-Cache-Config
TWC-Privacy
Webcakes-App-Version
TWC-GeoIP-LatLong
TWC-Device-Class
TWC-GeoIP-Country
X-VWS-Id
TWC-Locale-Group
Azure-InstanceId
Azure-RegionName
X-EIG-Tracking-Id
X-Loop
S-Rt
Azure-SiteName
X-Akamai-Request-ID
X-Debug-Cache
Azure-Version
Now
Origin-Cache-Control
We-Hiring
X-Format
X-Origin-Response-Time
Origin-Edge-Control
X-Access
Mail-Subject
Azure-SlotName
X-MP-GENERATED-AT
X-Tumblr-Pixel-3
X-Rocket-Nginx-Bypass
X-TNCMS
X-ServerID
X-Section
X-RCS-CacheZone
Xserver
X-Web-Node
X-S
X-PCL
NtCoent-Length
X-CCM
X-Via-Fastly
X-Xfnlog-Site
Selected-FE
X-Human
X-Vgn-Hpd-Reason
X-Via-CDN
X-Trace-Id
X-Timing-Wait
Cache-Tag
X-IP
X-JoinUs
X-Labrador-Cache-Channel
X-OCL
X-Seen-By
DB-Nickname
X-Proxy-Build
X-Generated
X-ProxyCache-Key
X-ProxyCache-Status
X-Cache-Category-Id
X-Www-Served-By
X-BYPASS-REASON
Datacenter
X-Internal-Host
Uber-Trace-Id
X-Grey
X-UnsetCookies
Content-Script-Type
Content-Style-Type
X-UA
X-Dynatrace-Js-Agent
Release
X-Endurance-Cache-Level
X-Site-Version
X-VC-Cache
X-Varnish-Cacheable
X-Rule
Decoy-Debug-Status
X-Status
Decoy-Debug-TTL
Decoy-Debug-Key
X-APP-VERSION
X-EdgeConnect-Cache-Status
Served-By
X-Birta-Served
X-Birta-Cache-Post
X-B3-Spanid
X-TIME
Nel
DSUID
X-Request-Time
X-CDN-Cache
X-OVcl-Cache
X-OVcl
X-Cluster-Node
X-Goog-Meta-Goog-Reserved-File-Mtime
X-NewRelic-App-Data
X-Nginx-Cache
AsisCache
X-VCT
X-Hit
X-Origin
Rt-Fastcgi-Cache
Hostname
Pagespeed
X-App-Name
X-PERF
SRV
X-ApacheServer
X-Newrelic-App-Data
Cteonnt-Length
X-Ua
X-Source
X-GRACE
Cache
X-Agile
X-Pubstack
X-Agile-Id
X-Agile-Age
X-Origin-Host
X-Sucuri-ID
X-Cache-Host
X-Origin-TTL
X-ElasticPress-Search
X-Origin-CC
Cache-Name
X-Webstats-RespID
X-VG-WebServer
Xc-Version
X-Varnish-Authentication
UCS
Www
Cross-Origin-Window-Policy
X-A
Ec-Rule-Version
X-A-Dgt
X-Application
Cache-Prefix
X-Up
X-Twitter-Response-Tags
X-Aed
X-Accel-Expires-Debug
X-A-Dcw
X-A-Wwc
X-Var-Ttl
X-A-Dam
Thinkindot-CacheControl
BehaviorPad-Version
Lfy
FNAC-ModuleRouting
Origin
X-Trv-Group
Arc-Country
Node
On-Server
Memcached
MD5-Digest
Rendered-Blocks
Fly-Request-Id
Server-Host
Server-Surrogate-Control
Meta-Geo-Continent
Thinkindot-CacheControl-Type
Server-Cache-Control
Request-Time
Request-Country
Request-EU
Fly-Cache
Thinkindot-Control
X-ScT
X-Cdn-Origin
X-G
X-F5-Cache
X-External-Request-Id
X-DPWN-IS-SECURE
X-Gannett-Site-Version
X-Generated-In
X-Cache-Info
X-Instart-Isnd
X-IN-WAF
X-IN-APIGATEWAY
X-Hp-Webp
X-CF-Lambda-Fn
X-Developer
X-Debug-Cache-Expiry
X-Date
Ajk
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-D
X-Core-Value
X-Destination
X-CF-Lambda-Version
X-Connection-Hash
X-Debug-Log
X-Debug-Cookies
X-Logtrace-Id
X-Cache-Grace
X-Cache-ASPX
X-B-Cookie
X-Secret
X-S-Cookie
X-Rojux
X-Server-Group
X-Server-Time
X-Thinkindot-L3
X-ARC
X-SRCache-Key
X-Sn-Servicetimems
X-ServiceProvider
X-Rewrite-Enabled
X-Request-UUID
X-NU-AKA-ACS-Version
X-NX-Host
X-NodeID
X-Mobile-URL
X-Matched-Rule
X-PAYTM-SRV-ID
X-Cache-Expires
X-Region-Sid
X-Refresh
X-Reboot
X-Processor
X-Transaction
X-A-Ccd
X-Geo
User-Cache-Control
X-Varnish-Ttl
X-WPE-Loopback-Upstream-Addr
X-Cache-Backend
Server-Int
X-Distil-CS
True-Client-Country-4JS
Rt-Proxy-Cache
X-Eu-Site
X-SN
ServerName
X-Distributor
X-Epic-Correlation-Id
RNT-Time
X-Hash
X-Hnp-Log
Pagetype
X-Sf
Pramga
Proxy-Connection
RNT-Machine
X-Fetched-On
X-SIPLIST1
X-ND-Cache
Web-Mar-Node
X-Apm-App-Name
X-Amzn-Remapped-Date
X-Amzn-Remapped-Content-Length
X-Amzn-Remapped-Connection
X-Apm-Inst-Hash
X-Apm-Svc-Key
X-Block-Status
X-Cache-Bucket
X-Cache-Debug
X-Cache-Miss-From
X-Cdn-Srv
X-Developers
X-Servername
V-Age
ViewerVersion
X-Swa-Ws
X-CGP
X-Crawler
X-Wix-Request-Id
X-Device-Os
X-Gen-Mode
X-Nginx-Cache-Key
X-Policy
X-Platform
Ha-Gx-Prefs
HA-Ipaddr
X-Rebelmouse-Cache-Control
Cache-Cookie-Set-Lfrom
CDCHOST
Gh-Request-Id
Country-Code
Fastly-SIE
X-Request-URI
X-Rebelmouse-Surrogate-Control
Apple-News-Services-Handled
X-Origin-Expires
X-Origin-Date
Fastly-SWR
Cache-Cookie-Set-Idcheck
X-Micro-Cache
Apple-News-Services-Host
IsBot
X-LAGOON
X-Key
X-Info
X-Irp-Debug
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Backend
X-Location
Cache-Cookie-Set-From
X-Sedo-Request-Id
X-Qloud-Router
X-RateLimit-Remaining-Second
X-PHP-Host
X-Bip
X-Cms-Context
X-RateLimit-Limit-Second
X-Core-Mission
X-Cache-Id
X-Via-Edge
Warning
X-ShardId
X-ShopId
X-Shopify-Stage
X-LI-UUID
X-LI-Proto
X-Li-Pop
X-Li-Fabric
X-GeoIP-Country-Code
X-BBXSRF
X-Skip-Cache
X-Fastly-Cache
X-No-Session
X-Server-IP
X-Dispatcher-Server
X-Page-Type
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-MSEdge-Features
X-Exp-Se
X-MSEdge-Flight
X-Thanos
X-C
X-Wikidot-Backend
X-Served-From
SD-X-WS
X-Generated-On
AKAMAI
X-Alternate-Cache-Key
X-Org
X-User
X-Wikidot-Static-Cache
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-Planisys-CDN-TTL
X-Protected-By
X-Level-Front-Cache
X-Amz-Meta-Cache-Control
Content-Disposition
X-Auto-Login
X-Geo-Header
X-Backend-Host
X-Backend-Url
X-Backend-State
X-Via-SSL
REQUESTUUID
Fastly-SSL
Heartbleed
Fastly-Soc-X-Request-Id
X-GeoIP-City
X-B3-Parentspanid
X-FireWall-Port
X-GZip
X-Gateway-Cache-Key
X-CDN-Forward
X-Owner
X-RateLimit-Reset
Adler-Geo
X-S-Maxage
Is-Eu
Platform
Kp-EeAlive
X-Gateway-Cache-Status
X-Gateway-Skip-Cache
X-Variation
X-Cache-FS-Status
MIME-Version
X-Git-Hash
X-Host-Name
X-Real-Ip
X-Varnish-Beresp-Status
X-BB-ID
X-Varnish-Beresp-Grace
HTTPS
X-Ocache
X-App-Version
X-Daa-Tunnel
X-NC
X-Wix-Server-Artifact-Id
X-Edge-Location
X-TrackingId
Viewtype
X-Proxy-Cache-Status
X-FPC
X-TT-LOGID
AR-SID
Wxu-Next-Region
Wxu-Next-Hostname
Wxu-Next-Commit
VivaBuild
X-Sucuri-Cache
Server-ID
X-Proxy-Upstream
X-Aicache-OS
X-Load-Cache
X-Edge-IP
Magicmarker
Fastly-Backend-Name
X-Varnish-Url
N-Cache
X-Gdpr
X-Cdn-Forward
X-Dc
User-Agent
X-Node-Id
X-Release
X-Pjax-Url
Time
Memory
X-Parent-Response-Time
CF-IPCountry
X-TH-Server
X-CSRF-TOKEN
X-WebServer
X-Nc
X-DC
X-Upstream-HT
X-Upstream-CT
X-Varnish-Beresp-Ttl
X-Phone
X-Servedbyhost
X-HS-Cache-Config
PICS-Label
Powered-By
HostName
X-CUA
X-CACHE-KEY
Resin-Trace
X-Instart-Info
X-Wa
Pragrma
X-Varnish-Beresp-TTL
Backend-Name
X-Microsite
X-Request-Handler-Origin-Region
X-Svr
X-Stale
X-Server-By
X-Returned-From-PostProcessResponse
X-Returned-From-BeforeDispatch
X-Returned-From-DLL
X-Returned-From
X-Oss-Object-Type
X-Passed-To
X-Actual-URL
X-Original-Request
X-Oss-Storage-Class
X-Oss-Request-Id
Host-ID
X-Oss-Hash-Crc64ecma
X-Passed-To-PostProcessResponse
X-Passed-To-DLL
X-Passed-To-BeforeDispatch
X-Oss-Server-Time
X-Newrelic-Synthetics
Mime-Version
Section-Io-Cache
X-Croise-Owner
X-Worker
X-Tb-Optimization-Total-Bytes-Saved
X-Lb-Id
X-From-Cache
X-VServer
X-Cache-HT
Version
X-Optimization
Xxline
XServer
X-Edge-Server
X-Server-W
286prxHost
219prxHost
352pxline
189phosttRef
Cdn-Request-Time
225prxHost
Cdn-Host
178proxuri
188prxHost
409pxxline
355prline
Cf-Ipcountry
CF-Cached-On
ProcessTime
X-APP
X-Atg-Version
Processtime
X-Fastly-Backend-Reqs
Cdn
SID
X-SERVER-NAME
X-Akamai-Request-ID2
Accept-Language
X-ID
Esi-Enabled
X-Zone
X-Req
X-Unique-ID
X-Microcachable
X-VCL-Version
X-Ratelimit-Remaining
X-LB-ID
X-Contensis-Viewer-Groups
X-Ratelimit-Limit
Proxy-Firewall
X-Vcl-Version
X-AssetVersion
X-CLOUD-TRACE-CONTEXT
X-CACHE-AGE
GeoIP-City
X-V
X-B3-SpanId
SN
GeoIP-Latitude
Odigeo-Trace-Id
GeoIP-Country-Code
X-IPS-LoggedIn
X-HTML-Minification-Powered-By
X-Vcache
X-WA
X-NGINX-Cache
X-UPSTREAM-Address
X-Vtex-Remote-Cache
X-Vtex-Processado-Em
X-ZONE
X-Nananana
X-RequestId
X-URL
Fastcgi-Useragent
X-Via-NSCOPI
X-Fstrz
Pics-Label
X-Reqid
X-HS-Status
X-WR-MODIFICATION
X-Check-Cacheable
CDN
X-Flog
Geoip-Latitude
X-ABtesting
X-Urbn-Site-Id
Locale
X-CSRF-Token
X-Urbn-Context-Path
X-Response-By
X-Hello
X-ServedByHost
X-Backend-TTL
X-Be
GeoIp-Country-Code
DataCenter
X-Cache-Ttl
X-Hyper-Cache
X-NWS-UUID-VERIFY
IBM-Web2-Location
Dnion-Transfer-Encoding
Geoip-City
GMS-Ver
X-Datadome
X-Dynatrace
X-Generation-Time
X-Via-Ucdn
X-Render-Time
X-Ratelimit-Reset
X-Request-Start
X-NGENIX-Cache
X-Fastly-Country-Code
WP-Super-Cache
X-Cdn-Cache
X-Cluster-Name
Requestid
X-GDPR
X-LiteSpeed-Cache-Control
WebServer
X-PJAX-URL
Fastcgi-X-Cache-Version
X-CS
Public-Key-Pins-Report-Only
X-Unique-Id
WZWS-RAY
X-Amz-Meta-Surrogate-Control
Lb
X-HS-Combine-CSS
X-Cache-URL
GW-Server
URI
Amp-Access-Control-Allow-Source-Origin
X-HostName
Dynatrace
X-SRV
X-FORWARDED-FOR
FastCGI-Cache
X-Presslabs-Stats
X-Clientip
X-Varnish-Action
X-Compress-Hint
X-Got-Non-Ke-Cookie
X-Gen-Id
GEO-REGION-INFO
Serverid
Who
X-Fpc
Server-Id
Mobile-Detection-Method
X-Pf-Uncompressing
X-UE-Client-Country
X-We-Are-Hiring
Countrycode
Cneonction
X-LiteSpeed-Tag
Ohc-File-Size
X-Bug-Bounty
Epwk-Cache
Https
A
X-Test
X-Store
X-BE
SS
X-GEO
Is-Session-Tracking
Get-Access-Time
Cache-Provider
RequestId
X-Requestid
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-EC-Lua
Frontcache
NnCoection
X-Html-Edge-Cache
X-Request-Url
X-ServerName
X-Cdn-Request-ID
X-HTML-Edge-Cache
X-Dw-Trace-Id
X-Fastly-Cache-Hits