Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
X-Powered-By
Link
ETag
CF-RAY
X-XSS-Protection
Expect-CT
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
CF-Cache-Status
X-Timer
Access-Control-Allow-Headers
X-Request-Id
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-Xss-Protection
X-FRAME-OPTIONS
X-Drupal-Cache
X-Adblock-Key
Alt-Svc
X-Check
X-Cacheable
X-Request-ID
X-Cache-Status
Content-Security-Policy-Report-Only
X-Generator
X-DNS-Prefetch-Control
CF-Ray
X-Permitted-Cross-Domain-Policies
X-AspNetMvc-Version
X-Template
X-Language
Status
X-Iinfo
Content-Encoding
Timing-Allow-Origin
X-Content-Security-Policy
X-Buckets
Upgrade
Xkey
X-Turbo-Charged-By
X-Kinja-Server-Push
X-CDN
Keep-Alive
Access-Control-Expose-Headers
X-AH-Environment
X-Backend
Access-Control-Max-Age
X-Cache-Group
X-Pass-Why
X-Server
X-Drupal-Dynamic-Cache
X-Age
X-Ua-Compatible
X-Via
X-Pingback
X-Proxy-Cache
X-Amz-Request-Id
X-Amz-Id-2
Grace
X-Hacker
WPE-Backend
X-Varnish-Cache
X-Page-Speed
X-Robots-Tag
X-Server-Powered-By
X-Nginx-Cache-Status
X-UA-Device
EagleId
Request-Context
X-Envoy-Upstream-Service-Time
Cf-Railgun
P3p
X-Amz-Version-Id
X-LiteSpeed-Cache
X-Swift-CacheTime
X-Swift-SaveTime
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
Ali-Swift-Global-Savetime
X-WebKit-CSP
X-Device
X-OneAgent-JS-Injection
Server-Timing
X-Rq
X-Ac
Allow
X-Node
X-Host
Content-Location
X-Server-Id
Feature-Policy
X-Cnection
X-Response-Time
Report-To
X-Cloud-Trace-Context
X-Backend-Server
EagleEye-TraceId
X-Application-Context
Surrogate-Control
X-CST
X-ORACLE-DMS-ECID
Request-Id
X-Iejgwucgyu
X-Url
X-Origin-Cache
X-Readtime
X-Rack-Cache
X-FTR-Request-ID
X-Country
X-Cache-Lookup
X-Clacks-Overhead
X-Country-Code
NEL
Rating
X-Instart-Request-ID
Pinterest-Generated-By
X-DataDome
X-Vhost
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-DynaTrace
X-Ruxit-JS-Agent
X-Mod-Pagespeed
X-Cdn
X-Origin-Upstream-Status
Edge-Control
X-Goog-Hash
X-Px
X-HW
X-Type
Accept-CH
X-Dispatcher
Verso
X-Server-Name
MS-Author-Via
X-ESI
X-VARITI-CCR
AR-CACHE
AR-PoweredBy
AR-ATIME
X-ORACLE-DMS-RID
PB-RID
PB-PID
Arc-Version
X-Mobile-Rewrite
X-GitHub-Request-Id
X-MS-InvokeApp
X-DataStream-Cache-Status
X-GoogleNews-Bot
X-Use-Magma
X-Cdn-Fetch
X-Exp-Variant
X-Exp-Id
X-Kinja-Build
X-Kinja-Revision
X-Kinja-Server
X-Kinja
Public-Key-Pins
X-Cached
X-Powered-By-Plesk
Content-MD5
X-Version
Service-Worker-Allowed
X-Upstream-Env
Accept-CH-Lifetime
AR-Request-ID
X-Recruiting
X-D2id
RTSS
X-TTL
X-Amz-Server-Side-Encryption
X-Navigation-Version
Charset
X-Abt-Application-Version
X-TtlSet
X-Vname
X-PC
X-Ser
X-Vcap-Request-Id
X-Server-ID
Ar-Sid
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Forwarded-Proto
X-Varnish-TTL
X-Client-IP
Nginx-Cache
X-Trace
SPRequestGuid
X-FTR-DC
X-FTR-Realm
X-FTR-Cache-Status
X-FTR-Balancer
X-Country-Code-Real
X-FTR-Backend-Server
X-FTR-Backend
X-FTR-Expires
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Stored-Content-Length
DynaTrace
X-VCache
X-DynaTrace-JS-Agent
X-Amz-Rid
X-Fastly-Request-ID
X-Amz-Meta-S3cmd-Attrs
S
X-Debug
X-Hits
X-Oracle-Dms-Rid
TCN
X-Pinterest-Rid
Pinterest-Version
X-SharePointHealthScore
X-Upstream-Proxy
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Akam-SW-Version
X-Dw-Request-Base-Id
X-Shield-Request-Id
X-XRDS-Location
X-Powered-CMS
Arr-Disable-Session-Affinity
SPIisLatency
SPRequestDuration
X-FTR-Cache-Host
X-T
Access-Control-Request-Method
X-Goog-Storage-Class
X-Id
Realpath
X-Acc-Meta-Resource-Type
X-MSEdge-Ref
X-NF-Request-ID
Tracecode
X-Amzn-Trace-Id
X-Ttl
X-Webkit-CSP
Front-End-Https
X-Aspnet-Version
Fastcgi-Cache
X-Varnish-Age
X-N
X-Content-Type
X-B3-TraceId
X-Upstream
X-Forwarded-For
X-Fastcgi-Cache
X-Mrf-Item-Lastmod
MRF-Tech
Mrf-Cache-Status
X-B3-TraceId-Primal
X-Mrf-Section-Lastmod
Paypal-Debug-Id
Alternate-Protocol
X-Frontend
X-Middleton-Response
X-Sol
Response
Display
X-Middleton-Display
X-PressLabs-Stats
X-Logged-In
X-Content-Digest
X-HS-Content-Id
X-HS-Hub-Id
X-B3-Traceid
X-Pad
Fusion-Content-Source
Fusion-Template-Id
Fusion-Content-Id
Fusion-Source
Fusion-Component-Id
X-Srv
X-RateLimit-Remaining
X-Litespeed-Cache
X-Hostname
X-DataStream-MidMile-RTT
X-Cache-Key
AMP-Access-Control-Allow-Source-Origin
X-DataStream-Origin-MEX-Latency
Host
X-Accel-Expires
ServerID
X-Grace
MicrosoftSharePointTeamServices
X-Analytics
Backend-Timing
Server-Name
X-Correlation-Id
X-Kinsta-Cache
X-B3-Sampled
X-Az
X-Debug-Info
X-IPLB-Instance
Surrogate-Key
X-LB-Cache
X-Revision
X-User-Agent
X-AppVersion
X-Activity-Id
X-Rid
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Cache-Hit
X-Content-Options
Accept-Charset
FilterID
X-Cache-2
X-Ruxit-Js-Agent
Refresh
Powered-By-ChinaCache
X-CF-Powered-By
X-B
X-Request-Received
X-Request-Processing-Time
TP-Cache
TP-L2-Cache
MS-CV
X-Page-Id
X-Whom
X-DIS-Request-ID
Server-Info
X-Cached-By
Host-Header
Cache-Status
X-Varnish-Backend
X-TT
X-PHP-Backend
X-Content-Security-Policy-Report-Only
X-Origin-Server
VIX-Pulpo-Node
X-Cache-Action
Source
X-App-Environment
X-Amz-Replication-Status
X-Akamai-Edgescape
VIX-Pulpo-Upstream-Status
X-Mobile
X-Tumblr-Pixel
X-Tumblr-User
X-Platform-Server
X-Cluster
X-F-Cache
X-Tumblr-Pixel-0
X-FW-Serve
X-FW-Static
X-FW-Server
X-FW-Hash
X-Framework
X-Varnish-Grace
X-Ezoic-Cdn
Access-Control-Allow-Method
X-FW-Type
X-Content-Powered-By
X-Drupal-Cache-Tags
X-Node-Name
X-Instance
X-Forwarded-Host
X-FB-Debug
X-Request-Guid
X-Shard
X-Accel-Buffering
X-Kong-Upstream-Latency
X-UA-Device-Type
X-Kong-Proxy-Latency
PageSpeed
Edge-Cache-Tag
X-Geo-Country
X-GUploader-UploadID
Fastly-Restarts
X-Zen-Fury
X-Varnish-Hostname
X-Oneagent-Js-Injection
X-Handled-By
From-Origin
X-RateLimit-Limit
X-TA-CDN-Provider
X-FastCGI-Cache
X-Cache-TTL
X-Magnolia-Registration
Cache-Tags
X-AOL-HN
X-Cache-Age
X-SS-Set-Cookie
X-BCube-Filmed-By
X-Cache-Control
X-ATG-Version
X-Cache-Rule
Healthy
Upgrade-Insecure-Requests
X-XRDS-LOCATION
Retry-After
X-Varnish-Server
Payment
Cleartype
DC
Server-Node
X-App-Server
X-Response-Served-From
X-RequestSource
X-Adobe-Content
X-TX-ID
X-Adobe-Loc
Powered
Country
X-Storage
X-WebKit-CSP-Report-Only
X-Signature
X-B-Cache
X-UUID
X-FW-Dynamic
Filters
X-GeoIP
Actual-Object-TTL
X-Tumblr-Pixel-2
X-VG-WebCache
X-RTag
Ms-Operation-Id
X-TT-TIMESTAMP
X-Redis-Cache
X-Tumblr-Pixel-1
Cache-Tv-Group
X-Region
X-Drupal-Cache-Contexts
X-Jobs
X-Varnish-Hits
X-Content-Age
X-Cacheable-TTL
X-Generated-By
X-Locale
X-Dns-Prefetch-Control
Frame-Options
Webserver
X-WA-Info
CACHE
GEO-INFO
ServedBy
NGB
X-Esi
X-Yottaa-Metrics
X-Cache-NE
X-Contextid
X-Yottaa-Optimizations
X-Guploader-Uploadid
Liferay-Portal
HitType
X-Rendered-As
X-RemovedCookies
X-ProcessESI
X-BACKEND-TTL
Eomportal-Instance
X-NWS-LOG-UUID
X-Cache-Operation
X-Cache-TTL-Remaining
X-Varnish-IP
X-Time
X-Via-JSL
X-Upgrade-Enabled
X-Real-IP
Viewport
Xserver
X-Dynatrace-Js-Agent
X-Mode
X-Seen-By
S-Cnection
X-Varnish-Cache-Hits
Cache-Key
Load-Balancing
Cache-Hits
OT-Force-Account-Verify
X-Zipkin-Id
X-Cache-Var-Map
Mn-Server-Ip
X-Cache-Enabled
X-Cache-Var
X-Routing-Service
X-Detected-As
X-RN-RSRV
X-Is-Bot
X-Hl-Ver
LB
X-Akamai-Transformed
X-From
X-Path-Route
X-ES-SERVER
Machine
X-Proxied
X-Proto
X-Device-Type
Meta-Geo
X-S
X-Cache-Server
X-Cache-Remote
Vix-Hermes-Req-Id
We-Hiring
Webcakes-App-Version
X-AWS-Id
Webcakes-Region
TWC-Privacy
Webcakes-App-Name
TWC-GeoIP-LatLong
NGX
Mail-Subject
L5d-Success-Class
Property-Id
TWC-Connection-Speed
X-Backend-Name
X-VG-TLSProxy
TWC-Device-Class
TWC-Locale-Group
X-FB-TRIP-ID
X-Proxy
X-Viewer-Country
X-VWS-Id
X-R9-Blue-Green-Version
X-Rocket-Nginx-Bypass
X-Time-Microsecs
X-Tb
X-Origin-Hint
X-NCache
X-FC-Vary-Parameters
Access-Control-Request-Headers
X-Environment-Context
X-FW-Version
X-Hosted-By
X-LJ-Flow-ID
X-L-Path
X-Cache-Config
TWC-GeoIP-Country
X-Access
X-Akamai-Request-ID
X-Web-Node
X-Debug-Cache
Azure-Version
Azure-RegionName
Azure-SiteName
Azure-SlotName
X-Origin-Response-Time
X-MP-GENERATED-AT
S-Rt
X-Format
X-EIG-Tracking-Id
X-Labrador-Cache-Channel
Origin-Edge-Control
X-Loop
Now
Origin-Cache-Control
Azure-InstanceId
DB-Nickname
X-ServerID
X-Section
X-Tumblr-Pixel-3
X-RCS-CacheZone
X-TNCMS
X-ProxyCache-Status
X-OCL
X-Timing-Wait
X-Trace-Id
X-Via-CDN
X-IP
Selected-FE
X-Xfnlog-Site
X-JoinUs
X-Vgn-Hpd-Reason
X-Human
NtCoent-Length
X-ProxyCache-Key
X-Proxy-Build
X-CCM
X-Via-Fastly
X-BYPASS-REASON
Cache-Tag
Datacenter
X-PCL
Uber-Trace-Id
X-Internal-Host
X-Generated
X-Www-Served-By
X-Cache-Category-Id
X-Grey
Content-Script-Type
Content-Style-Type
X-UnsetCookies
X-Endurance-Cache-Level
X-VC-Cache
X-Site-Version
X-Rule
X-Varnish-Cacheable
Release
Served-By
Decoy-Debug-TTL
X-Status
X-UA
Decoy-Debug-Key
Decoy-Debug-Status
X-EdgeConnect-Cache-Status
X-Birta-Served
X-Birta-Cache-Post
X-APP-VERSION
X-Newrelic-App-Data
X-B3-Spanid
X-CDN-Cache
Nel
X-Request-Time
DSUID
X-OVcl
X-Cluster-Node
X-OVcl-Cache
X-GRACE
X-Nginx-Cache
AsisCache
X-Varnish-Ttl
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Origin
X-TIME
X-Hit
Rt-Fastcgi-Cache
X-VCT
X-App-Name
X-Ua
X-NewRelic-App-Data
X-PERF
X-ApacheServer
X-Source
SRV
Pagespeed
Hostname
X-Agile-Id
X-Agile-Age
X-Agile
Cteonnt-Length
X-Origin-Host
X-Pubstack
X-Sucuri-ID
X-Cache-Host
Cache-Name
Cache
X-Origin-CC
ViewerVersion
X-ElasticPress-Search
X-Origin-TTL
X-Wix-Request-Id
Request-Country
Cache-Prefix
Thinkindot-Control
Request-EU
Request-Time
Thinkindot-CacheControl
Server-Surrogate-Control
Rendered-Blocks
Server-Host
Origin
Server-Cache-Control
Thinkindot-CacheControl-Type
BehaviorPad-Version
Ec-Rule-Version
Fly-Request-Id
Fly-Cache
MD5-Digest
X-B-Cookie
X-ARC
X-Application
FNAC-ModuleRouting
X-Accel-Expires-Debug
Lfy
X-Aed
Memcached
Meta-Geo-Continent
Cross-Origin-Window-Policy
X-A-Dam
X-A
Www
On-Server
X-A-Wwc
Node
X-A-Dgt
X-A-Dcw
UCS
X-Debug-Cache-Fetch
X-Request-UUID
X-Region-Sid
X-Rewrite-Enabled
X-Rojux
X-ScT
X-S-Cookie
X-Refresh
X-Reboot
X-NU-AKA-ACS-Version
X-NodeID
X-NX-Host
X-PAYTM-SRV-ID
X-Processor
X-Secret
X-Sedo-Request-Id
X-Var-Ttl
X-Up
X-Varnish-Authentication
X-VG-WebServer
Xc-Version
X-Webstats-RespID
X-Twitter-Response-Tags
X-Trv-Group
X-ServiceProvider
X-Server-Group
X-SRCache-Key
X-Thinkindot-L3
X-Transaction
X-Mobile-URL
X-Matched-Rule
X-D
X-Core-Value
X-Date
X-Debug-Cache-Expiry
X-Debug-Cache-Store
Arc-Country
X-Connection-Hash
X-CF-Lambda-Version
X-Cache-Grace
X-Cache-Expires
X-Cache-Info
X-Cache-Miss-From
X-CF-Lambda-Fn
X-Debug-Cookies
X-Debug-Log
X-Hp-Webp
X-Generated-In
X-IN-APIGATEWAY
X-IN-WAF
X-Logtrace-Id
X-Instart-Isnd
X-Gannett-Site-Version
X-G
X-Developer
X-Destination
X-DPWN-IS-SECURE
X-External-Request-Id
X-F5-Cache
X-Cache-ASPX
X-A-Ccd
X-App-Version
X-WPE-Loopback-Upstream-Addr
Ajk
X-Wix-Server-Artifact-Id
AR-SID
User-Cache-Control
X-SERVER
X-Developers
X-Crawler
X-CGP
X-Cdn-Srv
X-Distil-CS
X-Eu-Site
X-Fetched-On
X-Gen-Mode
X-Epic-Correlation-Id
X-Distributor
X-Dispatcher-Server
X-Cache-Id
X-Device-Os
X-Cache-Backend
Web-Mar-Node
X-Amzn-Remapped-Connection
V-Age
True-Client-Country-4JS
Server-Int
ServerName
X-Amzn-Remapped-Content-Length
X-Amzn-Remapped-Date
X-Hash
X-Cache-Bucket
X-Block-Status
X-Apm-Svc-Key
X-Apm-App-Name
X-Apm-Inst-Hash
X-Cache-Debug
X-Irp-Debug
X-Rebelmouse-Surrogate-Control
X-Request-URI
X-Rebelmouse-Cache-Control
X-RateLimit-Remaining-Second
X-Qloud-Router
X-RateLimit-Limit-Second
X-Servername
X-Sf
X-Server-Time
X-Sn-Servicetimems
X-Cdn-Origin
X-Swa-Ws
X-SIPLIST1
X-SN
X-Policy
X-Platform
X-Li-Fabric
X-Li-Pop
X-LAGOON
X-Key
X-Info
RNT-Time
X-LI-Proto
X-LI-UUID
X-Page-Type
X-PHP-Host
X-Origin-Date
X-Nginx-Cache-Key
X-Location
X-Micro-Cache
X-Hnp-Log
X-Origin-Expires
Fastly-SWR
Country-Code
RNT-Machine
HA-Ipaddr
CDCHOST
Apple-News-Services-Parsed-Url
Proxy-Connection
Apple-News-Services-Host
Pagetype
Fastly-SIE
X-Geo
Pramga
Backend
Apple-News-Services-Request-Url
Ha-Gx-Prefs
IsBot
Cache-Cookie-Set-From
Apple-News-Services-Handled
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
Gh-Request-Id
X-FireWall-Port
X-User
X-Exp-Se
X-No-Session
Is-Eu
AKAMAI
X-Gateway-Skip-Cache
X-Level-Front-Cache
X-Fastly-Cache
X-Real-Ip
X-GeoIP-Country-Code
X-Cache-FS-Status
Warning
Fastly-Soc-X-Request-Id
Rt-Proxy-Cache
Fastly-SSL
X-Variation
Adler-Geo
X-Gateway-Cache-Key
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-Via-Edge
X-Gateway-Cache-Status
X-MSEdge-Flight
X-Cms-Context
X-ND-Cache
X-Core-Mission
X-MSEdge-Features
X-Via-SSL
X-Bip
X-Sorting-Hat-PodId
X-C
Content-Disposition
X-Generated-On
X-Amz-Meta-Cache-Control
X-ShopId
X-Skip-Cache
X-Thanos
X-GeoIP-City
X-ShardId
X-Server-IP
X-Shopify-Stage
X-S-Maxage
X-Geo-Header
X-Sorting-Hat-ShopId
X-Alternate-Cache-Key
X-Planisys-CDN-Cache
Platform
X-Backend-Host
Heartbleed
X-Planisys-CDN-Rules
X-Backend-Url
X-Auto-Login
X-Protected-By
X-Backend-State
X-Planisys-CDN-TTL
SD-X-WS
X-BBXSRF
Kp-EeAlive
REQUESTUUID
X-Served-From
X-Owner
X-Org
X-B3-Parentspanid
X-GZip
HTTPS
Server-ID
X-RateLimit-Reset
X-Ocache
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-BB-ID
X-Cdn-Forward
X-Git-Hash
MIME-Version
X-Edge-Location
X-Host-Name
X-Sucuri-Cache
X-Proxy-Cache-Status
X-Proxy-Upstream
X-TrackingId
X-FPC
X-TT-LOGID
X-NC
User-Agent
X-Daa-Tunnel
X-CDN-Forward
X-Varnish-Url
Fastly-Backend-Name
X-Gdpr
N-Cache
X-Edge-IP
Wxu-Next-Region
Magicmarker
Wxu-Next-Hostname
X-Aicache-OS
VivaBuild
Viewtype
Wxu-Next-Commit
X-Load-Cache
X-Dc
X-Pjax-Url
X-Node-Id
X-Release
X-Nc
X-CSRF-TOKEN
X-Parent-Response-Time
X-DC
X-Varnish-Beresp-Ttl
Memory
HostName
Time
CF-IPCountry
Resin-Trace
X-TH-Server
Powered-By
X-HS-Cache-Config
X-WebServer
PICS-Label
X-CUA
X-Upstream-CT
X-Upstream-HT
X-Oss-Request-Id
X-CACHE-KEY
Pragrma
X-Oss-Object-Type
X-Oss-Storage-Class
X-Oss-Server-Time
X-Oss-Hash-Crc64ecma
X-Phone
X-Servedbyhost
X-Wa
X-Actual-URL
Mime-Version
X-Returned-From
X-Returned-From-DLL
X-Server-By
X-Svr
X-Stale
X-Returned-From-PostProcessResponse
X-Returned-From-BeforeDispatch
Host-ID
X-Passed-To
X-Instart-Info
X-Original-Request
X-Passed-To-DLL
X-Passed-To-PostProcessResponse
X-Passed-To-BeforeDispatch
Section-Io-Cache
X-Varnish-Beresp-TTL
ProcessTime
Backend-Name
X-VServer
X-Request-Handler-Origin-Region
X-Croise-Owner
X-Tb-Optimization-Total-Bytes-Saved
X-Microsite
X-Newrelic-Synthetics
Cdn-Request-Time
Cf-Ipcountry
X-Edge-Server
X-Lb-Id
X-From-Cache
Cdn-Host
X-Worker
X-Cache-HT
Version
X-Optimization
Cdn
X-Server-W
355prline
352pxline
409pxxline
Xxline
286prxHost
188prxHost
225prxHost
189phosttRef
178proxuri
219prxHost
CF-Cached-On
X-Ratelimit-Remaining
SID
X-APP
X-Akamai-Request-ID2
X-Atg-Version
X-Unique-ID
X-Fastly-Backend-Reqs
XServer
X-Req
X-Microcachable
Accept-Language
X-Datadome
X-SERVER-NAME
X-Ratelimit-Limit
Processtime
Esi-Enabled
X-Zone
X-Vcl-Version
X-ID
Proxy-Firewall
X-LB-ID
X-Contensis-Viewer-Groups
X-B3-SpanId
X-AssetVersion
Odigeo-Trace-Id
X-VCL-Version
X-V
Fastcgi-Useragent
X-CACHE-AGE
X-CLOUD-TRACE-CONTEXT
GeoIP-Country-Code
X-IPS-LoggedIn
SN
GeoIP-Latitude
X-HTML-Minification-Powered-By
GeoIP-City
X-Fstrz
X-Check-Cacheable
X-Vcache
X-WA
X-Vtex-Remote-Cache
X-Vtex-Processado-Em
X-UPSTREAM-Address
X-RequestId
X-Backend-TTL
X-NGINX-Cache
X-WR-MODIFICATION
X-Via-NSCOPI
X-Nananana
X-Urbn-Site-Id
X-ServedByHost
X-Urbn-Context-Path
Pics-Label
Locale
X-Reqid
X-CSRF-Token
X-URL
X-ZONE
X-HS-Status
X-Response-By
X-Ratelimit-Reset
X-ABtesting
X-Flog
X-Hello
GMS-Ver
X-Be
X-NWS-UUID-VERIFY
Geoip-Latitude
GeoIp-Country-Code
X-Cache-Ttl
Amp-Access-Control-Allow-Source-Origin
DataCenter
CDN
Geoip-City
IBM-Web2-Location
X-HostName
X-Hyper-Cache
Dnion-Transfer-Encoding
X-Dynatrace
X-Render-Time
X-Request-Start
Public-Key-Pins-Report-Only
X-Fastly-Country-Code
Fastcgi-X-Cache-Version
X-NGENIX-Cache
X-Via-Ucdn
X-Generation-Time
X-Cdn-Cache
WP-Super-Cache
GW-Server
X-Amz-Meta-Surrogate-Control
WZWS-RAY
X-Cluster-Name
X-CS
X-LiteSpeed-Cache-Control
X-GDPR
WebServer
X-PJAX-URL
Requestid
X-Unique-Id
X-Cache-URL
X-HS-Combine-CSS
Lb
Countrycode
X-Clientip
X-Compress-Hint
URI
X-We-Are-Hiring
Mobile-Detection-Method
X-UE-Client-Country
FastCGI-Cache
Dynatrace
X-FORWARDED-FOR
X-SRV
X-Gen-Id
X-Pf-Uncompressing
X-GEO
Cneonction
X-Fpc
Serverid
GEO-REGION-INFO
Who
X-Varnish-Action
X-BE
Ohc-File-Size
X-Got-Non-Ke-Cookie
SS
Server-Id
X-Test
Https
A
Epwk-Cache
X-Bug-Bounty
X-LiteSpeed-Tag
X-Store
X-Akamai-SSL-Client-Sid
X-SVT-ORM-VERSION
RequestId
Cache-Provider
Get-Access-Time
Is-Session-Tracking
X-SVT-ORM-RULES
X-Fastly-Cache-Hits
X-Request-Url
NnCoection
FSS-Cache
X-Cdn-Request-ID
FSS-Proxy
RequestUuid
X-ServerName
X-HTML-Edge-Cache
X-Html-Edge-Cache
X-Serial
Frontcache
X-GZIP
X-PF-Uncompressing
X-EC-Lua
X-Dw-Trace-Id