Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
X-Powered-By
Link
ETag
CF-RAY
X-XSS-Protection
Expect-CT
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
CF-Cache-Status
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-Xss-Protection
X-FRAME-OPTIONS
X-Drupal-Cache
X-Adblock-Key
Alt-Svc
X-Check
X-Cacheable
X-Cache-Status
Content-Security-Policy-Report-Only
X-Generator
X-DNS-Prefetch-Control
X-Request-ID
CF-Ray
X-Permitted-Cross-Domain-Policies
X-AspNetMvc-Version
X-Template
X-Language
Status
X-Iinfo
Content-Encoding
Timing-Allow-Origin
X-Content-Security-Policy
X-Buckets
Upgrade
Xkey
X-Turbo-Charged-By
X-Kinja-Server-Push
X-CDN
Keep-Alive
Access-Control-Expose-Headers
X-AH-Environment
X-Backend
Access-Control-Max-Age
X-Cache-Group
X-Pass-Why
X-Server
X-Drupal-Dynamic-Cache
X-Age
X-Ua-Compatible
X-Via
X-Pingback
X-Proxy-Cache
X-Amz-Request-Id
X-Amz-Id-2
Grace
X-Hacker
X-Varnish-Cache
WPE-Backend
X-Page-Speed
X-Robots-Tag
X-Server-Powered-By
X-Nginx-Cache-Status
X-UA-Device
EagleId
Request-Context
X-Envoy-Upstream-Service-Time
Cf-Railgun
P3p
X-Amz-Version-Id
X-Swift-CacheTime
X-Swift-SaveTime
X-OneAgent-JS-Injection
X-LiteSpeed-Cache
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
Ali-Swift-Global-Savetime
X-Device
X-WebKit-CSP
Server-Timing
X-Rq
Allow
X-Ac
X-Node
X-Server-Id
X-Host
Content-Location
Feature-Policy
X-Cnection
X-Response-Time
Report-To
X-Cloud-Trace-Context
X-Backend-Server
EagleEye-TraceId
X-Application-Context
Surrogate-Control
X-CST
X-ORACLE-DMS-ECID
Request-Id
X-Iejgwucgyu
X-Origin-Cache
X-Url
X-Readtime
X-Rack-Cache
X-FTR-Request-ID
X-Country
X-Cache-Lookup
X-Clacks-Overhead
X-Country-Code
NEL
Rating
X-Instart-Request-ID
Pinterest-Generated-By
X-DataDome
X-Vhost
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-DynaTrace
X-Ruxit-JS-Agent
X-Cdn
X-Mod-Pagespeed
X-Origin-Upstream-Status
Edge-Control
X-Goog-Hash
X-HW
X-Px
X-Type
Accept-CH
X-Dispatcher
Verso
X-Server-Name
MS-Author-Via
AR-PoweredBy
AR-CACHE
AR-ATIME
X-VARITI-CCR
X-ESI
X-ORACLE-DMS-RID
PB-PID
Arc-Version
X-GitHub-Request-Id
X-Mobile-Rewrite
PB-RID
X-MS-InvokeApp
X-DataStream-Cache-Status
X-Use-Magma
X-Kinja
X-Kinja-Revision
X-Exp-Variant
X-Kinja-Build
X-Kinja-Server
X-Cdn-Fetch
X-GoogleNews-Bot
X-Exp-Id
Public-Key-Pins
X-Powered-By-Plesk
Content-MD5
X-Cached
X-Version
Service-Worker-Allowed
X-Upstream-Env
AR-Request-ID
Accept-CH-Lifetime
X-D2id
X-Recruiting
X-Amz-Server-Side-Encryption
X-TTL
RTSS
X-Navigation-Version
Charset
X-Abt-Application-Version
X-TtlSet
X-Vname
X-PC
X-Vcap-Request-Id
X-Ser
Ar-Sid
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Varnish-TTL
X-Forwarded-Proto
X-Trace
SPRequestGuid
Nginx-Cache
X-Client-IP
X-FTR-DC
X-FTR-Realm
X-FTR-Cache-Status
X-FTR-Backend-Server
X-Country-Code-Real
X-FTR-Balancer
X-FTR-Backend
X-FTR-Expires
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
DynaTrace
X-VCache
X-DynaTrace-JS-Agent
X-Amz-Rid
X-Fastly-Request-ID
X-Server-ID
X-Amz-Meta-S3cmd-Attrs
S
X-Debug
X-Hits
X-Oracle-Dms-Rid
TCN
X-SharePointHealthScore
Pinterest-Version
X-Pinterest-Rid
X-Upstream-Proxy
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Shield-Request-Id
X-Dw-Request-Base-Id
X-XRDS-Location
X-Akam-SW-Version
X-Powered-CMS
SPIisLatency
SPRequestDuration
Arr-Disable-Session-Affinity
X-FTR-Cache-Host
X-T
Access-Control-Request-Method
X-Goog-Storage-Class
Realpath
X-Id
X-Acc-Meta-Resource-Type
Tracecode
X-MSEdge-Ref
X-NF-Request-ID
X-Amzn-Trace-Id
X-Webkit-CSP
X-Ttl
Front-End-Https
X-Aspnet-Version
Fastcgi-Cache
X-Varnish-Age
X-N
X-Litespeed-Cache
X-Content-Type
X-B3-TraceId
X-Forwarded-For
X-Upstream
X-Fastcgi-Cache
X-Mrf-Item-Lastmod
Mrf-Cache-Status
X-B3-TraceId-Primal
MRF-Tech
X-Mrf-Section-Lastmod
Paypal-Debug-Id
Alternate-Protocol
X-Frontend
X-Logged-In
X-Content-Digest
Response
X-HS-Content-Id
X-B3-Traceid
Display
X-HS-Hub-Id
X-Middleton-Response
X-Sol
X-Middleton-Display
Fusion-Component-Id
X-Pad
Fusion-Content-Id
Fusion-Content-Source
Fusion-Source
Fusion-Template-Id
X-Srv
X-PressLabs-Stats
AMP-Access-Control-Allow-Source-Origin
X-Hostname
X-RateLimit-Remaining
X-DataStream-Origin-MEX-Latency
X-Cache-Key
X-DataStream-MidMile-RTT
X-Accel-Expires
Host
X-Grace
MicrosoftSharePointTeamServices
ServerID
Server-Name
Backend-Timing
X-Analytics
X-Correlation-Id
X-Kinsta-Cache
X-User-Agent
X-Revision
X-LB-Cache
X-Debug-Info
X-Activity-Id
X-Az
X-IPLB-Instance
X-AppVersion
X-B3-Sampled
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Rid
Surrogate-Key
X-Cache-Hit
Accept-Charset
X-Content-Options
FilterID
X-Cache-2
Refresh
Powered-By-ChinaCache
X-Ruxit-Js-Agent
X-CF-Powered-By
X-Request-Received
X-B
X-Request-Processing-Time
TP-L2-Cache
TP-Cache
X-Page-Id
MS-CV
X-Whom
X-DIS-Request-ID
PageSpeed
Host-Header
Server-Info
X-Cached-By
X-Amz-Replication-Status
X-Varnish-Backend
X-TT
X-App-Environment
X-Akamai-Edgescape
X-Content-Security-Policy-Report-Only
Source
X-Cache-Action
X-PHP-Backend
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Platform-Server
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Cluster
X-Mobile
X-F-Cache
Cache-Status
X-Tumblr-User
X-Framework
X-Origin-Server
Access-Control-Allow-Method
X-Varnish-Grace
X-Content-Powered-By
X-FW-Hash
X-FW-Server
X-FW-Serve
X-FW-Type
X-Ezoic-Cdn
X-FW-Static
X-Request-Guid
X-FB-Debug
X-Node-Name
X-Drupal-Cache-Tags
X-Shard
X-Forwarded-Host
X-Accel-Buffering
X-Instance
X-UA-Device-Type
X-Kong-Proxy-Latency
X-GUploader-UploadID
Edge-Cache-Tag
X-Kong-Upstream-Latency
X-Geo-Country
Fastly-Restarts
X-Zen-Fury
X-Varnish-Hostname
X-Handled-By
X-FastCGI-Cache
From-Origin
X-TA-CDN-Provider
X-RateLimit-Limit
X-Cache-TTL
X-Magnolia-Registration
X-AOL-HN
Cache-Tags
X-Cache-Age
X-BCube-Filmed-By
X-SS-Set-Cookie
X-ATG-Version
X-Cache-Control
X-Cache-Rule
Upgrade-Insecure-Requests
Healthy
Retry-After
X-XRDS-LOCATION
X-Varnish-Server
Cleartype
DC
Payment
Server-Node
X-App-Server
X-Response-Served-From
X-Signature
X-B-Cache
X-Storage
X-WebKit-CSP-Report-Only
Powered
Country
X-Adobe-Content
X-TX-ID
X-Adobe-Loc
X-Tumblr-Pixel-2
X-GeoIP
Actual-Object-TTL
Ms-Operation-Id
X-Redis-Cache
X-FW-Dynamic
X-RTag
X-Tumblr-Pixel-1
Filters
X-RequestSource
X-Jobs
X-TT-TIMESTAMP
X-UUID
Cache-Tv-Group
X-Region
X-VG-WebCache
X-Varnish-Hits
X-Drupal-Cache-Contexts
X-Cacheable-TTL
X-Generated-By
X-Content-Age
X-Dns-Prefetch-Control
X-Locale
Frame-Options
X-WA-Info
Webserver
CACHE
GEO-INFO
NGB
ServedBy
X-Esi
X-Yottaa-Optimizations
X-Cache-NE
X-Contextid
X-Yottaa-Metrics
X-Oneagent-Js-Injection
HitType
X-Guploader-Uploadid
Liferay-Portal
X-Rendered-As
X-ProcessESI
X-RemovedCookies
X-BACKEND-TTL
Eomportal-Instance
X-Cache-Operation
X-Varnish-IP
X-Cache-TTL-Remaining
X-NWS-LOG-UUID
X-Real-IP
X-Upgrade-Enabled
X-Via-JSL
X-Dynatrace-Js-Agent
Viewport
Xserver
X-Seen-By
S-Cnection
X-Time
X-Varnish-Cache-Hits
X-Cache-Enabled
X-ES-SERVER
X-Device-Type
X-Detected-As
X-Cache-Var-Map
X-From
X-Hl-Ver
X-Is-Bot
X-Path-Route
X-Proto
X-RN-RSRV
X-Cache-Var
X-Cache-Server
OT-Force-Account-Verify
X-Mode
X-S
X-Cache-Remote
Cache-Hits
Cache-Key
Meta-Geo
Machine
Load-Balancing
X-Akamai-Transformed
X-Backend-Name
X-Rocket-Nginx-Bypass
X-Time-Microsecs
X-Hosted-By
X-R9-Blue-Green-Version
X-Proxy
X-L-Path
X-LJ-Flow-ID
X-NCache
X-Viewer-Country
X-VWS-Id
X-AWS-Id
We-Hiring
NGX
X-Cache-Config
X-Environment-Context
X-FW-Version
X-FC-Vary-Parameters
X-FB-TRIP-ID
Mn-Server-Ip
Mail-Subject
X-Debug-Cache
Vix-Hermes-Req-Id
X-EIG-Tracking-Id
X-Loop
X-MP-GENERATED-AT
Origin-Edge-Control
Origin-Cache-Control
Access-Control-Request-Headers
DB-Nickname
L5d-Success-Class
Now
X-RCS-CacheZone
X-Labrador-Cache-Channel
X-ServerID
X-VG-TLSProxy
X-Tumblr-Pixel-3
X-TNCMS
X-Web-Node
X-Tb
X-Zipkin-Id
Azure-SiteName
S-Rt
Selected-FE
Azure-SlotName
X-Via-CDN
X-Trace-Id
X-Via-Fastly
NtCoent-Length
Azure-Version
X-CCM
X-Proxied
X-Origin-Response-Time
X-Proxy-Build
X-ProxyCache-Key
X-ProxyCache-Status
Azure-RegionName
X-JoinUs
X-Routing-Service
X-BYPASS-REASON
X-Timing-Wait
X-Human
X-IP
X-Akamai-Request-ID
X-Vgn-Hpd-Reason
LB
Azure-InstanceId
Datacenter
Webcakes-App-Name
Webcakes-App-Version
Webcakes-Region
X-Cache-Category-Id
Uber-Trace-Id
TWC-Locale-Group
TWC-GeoIP-Country
TWC-Device-Class
TWC-GeoIP-LatLong
Property-Id
X-Generated
TWC-Privacy
X-Internal-Host
Cache-Tag
X-Www-Served-By
X-Xfnlog-Site
X-Grey
X-PCL
TWC-Connection-Speed
X-Origin-Hint
X-OCL
X-Access
X-Section
Content-Style-Type
Content-Script-Type
X-Format
X-UnsetCookies
X-VC-Cache
X-Site-Version
Release
Served-By
X-Rule
X-UA
X-Endurance-Cache-Level
X-Status
Decoy-Debug-Key
Decoy-Debug-TTL
Decoy-Debug-Status
X-EdgeConnect-Cache-Status
X-Varnish-Cacheable
X-Birta-Served
X-APP-VERSION
X-Birta-Cache-Post
X-B3-Spanid
X-Newrelic-App-Data
X-CDN-Cache
X-Request-Time
X-TIME
Nel
DSUID
X-Cluster-Node
X-OVcl-Cache
X-GRACE
X-OVcl
X-Nginx-Cache
AsisCache
X-Varnish-Ttl
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Origin
X-Ua
Rt-Fastcgi-Cache
X-NewRelic-App-Data
X-Hit
X-VCT
X-PERF
X-ApacheServer
X-App-Name
SRV
Hostname
X-Agile-Age
X-Agile
Cteonnt-Length
X-Agile-Id
X-Source
X-Origin-Host
X-Pubstack
X-Sucuri-ID
Cache
X-Cache-Host
Cache-Name
ViewerVersion
X-ElasticPress-Search
X-Origin-TTL
X-Wix-Request-Id
X-Origin-CC
X-A-Dam
X-NU-AKA-ACS-Version
X-Hp-Webp
Server-Host
Server-Cache-Control
X-IN-APIGATEWAY
X-Instart-Isnd
X-A-Ccd
X-CF-Lambda-Version
X-IN-WAF
X-Matched-Rule
X-CF-Lambda-Fn
X-Logtrace-Id
X-Mobile-URL
X-A-Dcw
X-NodeID
Cache-Prefix
Lfy
X-Debug-Cookies
MD5-Digest
Rendered-Blocks
X-Debug-Log
X-Destination
X-DPWN-IS-SECURE
Thinkindot-CacheControl
X-Developer
Memcached
Meta-Geo-Continent
X-Cache-Info
X-D
On-Server
X-Date
X-Debug-Cache-Expiry
X-Connection-Hash
X-Debug-Cache-Store
X-Debug-Cache-Fetch
Node
Thinkindot-CacheControl-Type
FNAC-ModuleRouting
X-Generated-In
UCS
Server-Surrogate-Control
X-Gannett-Site-Version
BehaviorPad-Version
Arc-Country
X-Cache-Grace
Ajk
Www
Request-Time
X-G
Thinkindot-Control
Fly-Cache
Fly-Request-Id
X-External-Request-Id
Request-Country
Cross-Origin-Window-Policy
Request-EU
Ec-Rule-Version
X-A
X-Accel-Expires-Debug
X-Server-Group
X-Twitter-Response-Tags
X-Secret
X-ScT
X-Trv-Group
X-Transaction
X-Processor
Xc-Version
X-Refresh
X-Webstats-RespID
X-VG-WebServer
X-Varnish-Authentication
X-Rewrite-Enabled
X-Request-UUID
X-Region-Sid
X-Reboot
X-NX-Host
X-Rojux
X-Up
X-S-Cookie
X-Var-Ttl
X-WPE-Loopback-Upstream-Addr
X-ServiceProvider
X-A-Wwc
X-PAYTM-SRV-ID
X-ARC
X-A-Dgt
X-B-Cookie
X-Cache-ASPX
X-Aed
X-Application
X-SRCache-Key
X-Cache-Expires
X-Thinkindot-L3
User-Cache-Control
X-Wix-Server-Artifact-Id
AR-SID
X-SERVER
Gh-Request-Id
X-Device-Os
X-Swa-Ws
X-Cache-Miss-From
X-Epic-Correlation-Id
X-Dispatcher-Server
X-Distributor
X-Cache-Id
X-Block-Status
X-Request-URI
X-Cdn-Srv
X-SIPLIST1
X-Core-Value
Pramga
X-Sf
Origin
X-Apm-Svc-Key
Pagetype
Proxy-Connection
X-Servername
IsBot
X-SN
X-Apm-App-Name
X-Crawler
X-Apm-Inst-Hash
X-Sedo-Request-Id
ServerName
Country-Code
X-Info
X-Irp-Debug
X-Key
X-Sn-Servicetimems
X-Platform
X-Server-Time
X-Hash
X-Hnp-Log
X-Policy
X-Cdn-Origin
Server-Int
X-Li-Fabric
X-Micro-Cache
X-Page-Type
X-Origin-Expires
X-Origin-Date
X-PHP-Host
X-Location
X-Li-Pop
X-LI-Proto
X-LI-UUID
Fastly-SWR
X-Cache-Debug
X-Fetched-On
X-Amzn-Remapped-Date
X-RateLimit-Limit-Second
V-Age
X-RateLimit-Remaining-Second
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
Fastly-SIE
X-F5-Cache
True-Client-Country-4JS
X-Geo
Web-Mar-Node
X-Cache-Bucket
Apple-News-Services-Host
X-Cache-Backend
Apple-News-Services-Handled
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
X-Gen-Mode
X-Amzn-Remapped-Content-Length
Backend
X-Amzn-Remapped-Connection
X-FireWall-Port
X-Cache-FS-Status
X-Bip
X-No-Session
X-Via-Edge
X-Qloud-Router
X-Variation
X-Protected-By
X-Via-SSL
X-BBXSRF
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-User
X-S-Maxage
X-Thanos
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Skip-Cache
X-Shopify-Stage
X-Server-IP
X-ShardId
X-ShopId
Rt-Proxy-Cache
X-Planisys-CDN-Cache
X-Exp-Se
X-Fastly-Cache
X-Gateway-Cache-Key
X-Eu-Site
X-Distil-CS
X-Cms-Context
X-Core-Mission
X-Developers
X-Gateway-Cache-Status
X-Gateway-Skip-Cache
X-Level-Front-Cache
X-Nginx-Cache-Key
X-ND-Cache
X-LAGOON
X-GeoIP-City
X-Generated-On
X-Geo-Header
X-CGP
X-Alternate-Cache-Key
Cache-Cookie-Set-Lfrom
CDCHOST
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
RNT-Time
RNT-Machine
Content-Disposition
Platform
Heartbleed
Is-Eu
HA-Ipaddr
Ha-Gx-Prefs
Fastly-SSL
AKAMAI
SD-X-WS
X-Backend-Host
Adler-Geo
X-Auto-Login
X-Amz-Meta-Cache-Control
Warning
X-Backend-Url
X-Real-Ip
X-App-Version
Pagespeed
X-Served-From
X-Owner
X-Org
REQUESTUUID
X-GeoIP-Country-Code
Kp-EeAlive
X-Wikidot-Backend
X-MSEdge-Features
Fastly-Soc-X-Request-Id
X-MSEdge-Flight
X-Wikidot-Static-Cache
X-Backend-State
X-C
X-GZip
X-B3-Parentspanid
X-Cdn-Forward
X-Varnish-Beresp-Status
Server-ID
X-Ocache
HTTPS
X-Varnish-Beresp-Grace
X-RateLimit-Reset
X-BB-ID
X-Host-Name
X-Git-Hash
X-Edge-Location
MIME-Version
X-Proxy-Upstream
X-Sucuri-Cache
X-Proxy-Cache-Status
X-NC
X-TrackingId
X-TT-LOGID
X-FPC
User-Agent
X-CDN-Forward
Magicmarker
Fastly-Backend-Name
X-Aicache-OS
X-Varnish-Url
VivaBuild
N-Cache
X-Edge-IP
Viewtype
X-Gdpr
X-Daa-Tunnel
X-Load-Cache
Wxu-Next-Hostname
Wxu-Next-Region
Wxu-Next-Commit
X-Dc
X-Pjax-Url
X-Node-Id
X-Varnish-Beresp-Ttl
HostName
Memory
X-Parent-Response-Time
X-CSRF-TOKEN
X-Release
Time
X-DC
CF-IPCountry
X-Nc
Resin-Trace
PICS-Label
X-TH-Server
X-WebServer
X-CUA
X-HS-Cache-Config
Powered-By
X-Upstream-CT
X-Upstream-HT
X-Oss-Request-Id
Pragrma
X-Oss-Storage-Class
X-CACHE-KEY
X-Oss-Object-Type
X-Phone
X-Servedbyhost
X-Oss-Server-Time
X-Oss-Hash-Crc64ecma
X-Wa
X-Webkit-Csp
X-Instart-Info
X-Returned-From-DLL
X-Returned-From-PostProcessResponse
Host-ID
X-Server-By
X-Actual-URL
X-Returned-From-BeforeDispatch
X-Svr
X-Stale
X-Original-Request
X-Returned-From
X-Passed-To
X-Passed-To-PostProcessResponse
X-Passed-To-DLL
X-Passed-To-BeforeDispatch
X-Varnish-Beresp-TTL
Section-Io-Cache
Mime-Version
X-Request-Handler-Origin-Region
Backend-Name
X-Croise-Owner
X-VServer
X-Microsite
X-Newrelic-Synthetics
X-Lb-Id
X-Tb-Optimization-Total-Bytes-Saved
X-From-Cache
X-Worker
ProcessTime
Cdn-Request-Time
X-Edge-Server
Cdn-Host
Cf-Ipcountry
X-Cache-HT
Version
Cdn
X-Optimization
219prxHost
188prxHost
178proxuri
225prxHost
189phosttRef
409pxxline
Xxline
355prline
X-Server-W
352pxline
286prxHost
CF-Cached-On
X-APP
SID
X-Ratelimit-Remaining
X-Akamai-Request-ID2
X-Atg-Version
X-Unique-ID
X-Microcachable
XServer
X-Fastly-Backend-Reqs
Accept-Language
X-Datadome
X-Req
X-SERVER-NAME
X-Ratelimit-Limit
Esi-Enabled
X-Zone
X-LB-ID
X-ID
Processtime
X-Vcl-Version
Proxy-Firewall
X-Contensis-Viewer-Groups
X-AssetVersion
X-VCL-Version
Odigeo-Trace-Id
X-B3-SpanId
X-V
X-CLOUD-TRACE-CONTEXT
Fastcgi-Useragent
X-CACHE-AGE
SN
GeoIP-Country-Code
GeoIP-Latitude
GeoIP-City
X-HTML-Minification-Powered-By
X-IPS-LoggedIn
X-WA
X-NGINX-Cache
X-Vcache
X-Check-Cacheable
X-UPSTREAM-Address
X-Backend-TTL
X-Fstrz
X-Vtex-Remote-Cache
X-Vtex-Processado-Em
X-RequestId
X-WR-MODIFICATION
X-Ratelimit-Reset
X-URL
X-ZONE
X-Response-By
X-Reqid
X-Urbn-Context-Path
Locale
X-Nananana
Pics-Label
X-Via-NSCOPI
X-Urbn-Site-Id
X-CSRF-Token
X-ServedByHost
X-HS-Status
X-Flog
X-NWS-UUID-VERIFY
X-ABtesting
X-Hello
Geoip-Latitude
GeoIp-Country-Code
GMS-Ver
X-Be
DataCenter
X-Cache-Ttl
CDN
Geoip-City
IBM-Web2-Location
Dnion-Transfer-Encoding
X-Hyper-Cache
X-Dynatrace
X-Render-Time
X-Via-Ucdn
X-NGENIX-Cache
Fastcgi-X-Cache-Version
X-Generation-Time
Public-Key-Pins-Report-Only
X-Fastly-Country-Code
X-Request-Start
WP-Super-Cache
X-Cdn-Cache
X-GDPR
GW-Server
X-LiteSpeed-Cache-Control
X-PJAX-URL
WZWS-RAY
X-CS
Requestid
X-Amz-Meta-Surrogate-Control
X-Cluster-Name
WebServer
X-Unique-Id
X-We-Are-Hiring
X-HS-Combine-CSS
X-Cache-URL
Lb
X-UE-Client-Country
Countrycode
URI
X-Clientip
Mobile-Detection-Method
X-HostName
X-FORWARDED-FOR
Dynatrace
FastCGI-Cache
X-SRV
Amp-Access-Control-Allow-Source-Origin
Ohc-File-Size
Serverid
X-Got-Non-Ke-Cookie
X-BE
SS
Cneonction
X-Pf-Uncompressing
GEO-REGION-INFO
X-Compress-Hint
X-Varnish-Action
X-GEO
X-Fpc
X-Gen-Id
X-Presslabs-Stats
A
Server-Id
X-LiteSpeed-Tag
X-Test
X-Bug-Bounty
X-Store
Https
Who
Epwk-Cache
X-Akamai-SSL-Client-Sid
Cache-Provider
X-SVT-ORM-VERSION
Get-Access-Time
RequestId
Is-Session-Tracking
X-SVT-ORM-RULES
Frontcache
FSS-Cache
X-EC-Lua
X-Cdn-Request-ID
X-ServerName
X-Fastly-Cache-Hits
NnCoection
X-Serial
X-Request-Url
RequestUuid
X-Dw-Trace-Id
FSS-Proxy
X-HTML-Edge-Cache
X-GZIP
X-PF-Uncompressing
X-Html-Edge-Cache