Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
X-Powered-By
Link
ETag
CF-RAY
X-XSS-Protection
Expect-CT
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
CF-Cache-Status
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-AspNet-Version
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-Xss-Protection
X-FRAME-OPTIONS
X-Drupal-Cache
X-Adblock-Key
Alt-Svc
X-Check
X-Cacheable
X-Request-ID
X-Cache-Status
Content-Security-Policy-Report-Only
X-Generator
CF-Ray
X-DNS-Prefetch-Control
X-Permitted-Cross-Domain-Policies
X-AspNetMvc-Version
X-Template
X-Language
Status
X-Iinfo
Content-Encoding
Timing-Allow-Origin
X-Content-Security-Policy
X-Buckets
Upgrade
Xkey
X-Turbo-Charged-By
X-Kinja-Server-Push
X-CDN
Keep-Alive
Access-Control-Expose-Headers
X-AH-Environment
X-Backend
Access-Control-Max-Age
X-Cache-Group
X-Server
X-Pass-Why
X-Drupal-Dynamic-Cache
X-Age
X-Ua-Compatible
X-Pingback
X-Via
X-Proxy-Cache
X-Amz-Request-Id
X-Amz-Id-2
Grace
X-Hacker
X-Varnish-Cache
X-Robots-Tag
X-Page-Speed
WPE-Backend
X-Server-Powered-By
X-Nginx-Cache-Status
X-UA-Device
EagleId
Request-Context
X-Envoy-Upstream-Service-Time
P3p
Cf-Railgun
X-Amz-Version-Id
X-LiteSpeed-Cache
X-Swift-CacheTime
X-Swift-SaveTime
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
Ali-Swift-Global-Savetime
X-WebKit-CSP
X-Device
X-OneAgent-JS-Injection
Server-Timing
Allow
X-Ac
X-Rq
X-Node
X-Host
X-Server-Id
Content-Location
Feature-Policy
X-Cnection
X-Response-Time
Report-To
X-Cloud-Trace-Context
X-Backend-Server
EagleEye-TraceId
X-Application-Context
X-CST
Surrogate-Control
X-ORACLE-DMS-ECID
X-Iejgwucgyu
X-Url
Request-Id
X-Origin-Cache
X-Readtime
X-Rack-Cache
X-FTR-Request-ID
X-Country
X-Cache-Lookup
X-Clacks-Overhead
X-Country-Code
Rating
X-Instart-Request-ID
NEL
X-Vhost
X-DataDome
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Pinterest-Generated-By
X-DynaTrace
X-Cdn
X-Ruxit-JS-Agent
X-Mod-Pagespeed
X-Origin-Upstream-Status
Edge-Control
X-Type
X-Px
X-Goog-Hash
X-HW
Accept-CH
X-Dispatcher
X-Server-Name
Verso
X-ESI
MS-Author-Via
AR-CACHE
AR-ATIME
X-VARITI-CCR
AR-PoweredBy
Arc-Version
X-Mobile-Rewrite
PB-RID
PB-PID
X-GitHub-Request-Id
X-MS-InvokeApp
X-Exp-Id
X-Cdn-Fetch
X-Use-Magma
X-ORACLE-DMS-RID
X-GoogleNews-Bot
X-Exp-Variant
X-Kinja-Server
X-Kinja
X-Kinja-Revision
X-Kinja-Build
X-DataStream-Cache-Status
Public-Key-Pins
X-Upstream-Env
X-Cached
X-Powered-By-Plesk
Content-MD5
X-Version
Service-Worker-Allowed
Accept-CH-Lifetime
AR-Request-ID
X-D2id
RTSS
X-Recruiting
X-Amz-Server-Side-Encryption
Charset
X-Navigation-Version
X-Abt-Application-Version
X-TtlSet
X-Vname
X-PC
X-Ser
Ar-Sid
X-Vcap-Request-Id
X-Varnish-TTL
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-TTL
X-Forwarded-Proto
X-Client-IP
X-Trace
Nginx-Cache
SPRequestGuid
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-Backend
X-FTR-Cache-Status
X-FTR-Realm
X-FTR-DC
X-Country-Code-Real
X-DynaTrace-JS-Agent
X-Server-ID
X-FTR-Expires
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Goog-Stored-Content-Encoding
DynaTrace
X-Oracle-Dms-Rid
X-Amz-Rid
X-VCache
X-Amz-Meta-S3cmd-Attrs
X-Fastly-Request-ID
S
X-Hits
X-Debug
TCN
X-SharePointHealthScore
X-Upstream-Proxy
X-Pinterest-Rid
X-Ttl
Pinterest-Version
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Dw-Request-Base-Id
X-Shield-Request-Id
X-Akam-SW-Version
Arr-Disable-Session-Affinity
X-Powered-CMS
X-XRDS-Location
SPIisLatency
SPRequestDuration
X-FTR-Cache-Host
X-T
Access-Control-Request-Method
X-Goog-Storage-Class
X-Id
X-Webkit-CSP
X-Aspnet-Version
Realpath
X-Acc-Meta-Resource-Type
X-NF-Request-ID
Tracecode
X-MSEdge-Ref
X-Amzn-Trace-Id
Front-End-Https
X-N
Fastcgi-Cache
X-Varnish-Age
X-Content-Type
X-Fastcgi-Cache
X-Forwarded-For
X-Upstream
X-B3-TraceId
Paypal-Debug-Id
Mrf-Cache-Status
X-Mrf-Section-Lastmod
MRF-Tech
X-B3-Traceid
X-Mrf-Item-Lastmod
X-B3-TraceId-Primal
Alternate-Protocol
X-Frontend
X-Content-Digest
X-Logged-In
X-HS-Content-Id
X-HS-Hub-Id
X-Middleton-Response
Display
X-Middleton-Display
X-Sol
Response
X-Pad
Fusion-Component-Id
Fusion-Template-Id
Fusion-Source
Fusion-Content-Source
Fusion-Content-Id
X-Litespeed-Cache
X-RateLimit-Remaining
X-Hostname
X-Srv
X-PressLabs-Stats
AMP-Access-Control-Allow-Source-Origin
X-Cache-Key
X-Accel-Expires
Host
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
MicrosoftSharePointTeamServices
X-Grace
ServerID
Server-Name
X-Analytics
X-Correlation-Id
Backend-Timing
X-Kinsta-Cache
X-B3-Sampled
X-AppVersion
Surrogate-Key
X-Debug-Info
X-Activity-Id
X-LB-Cache
X-User-Agent
X-Revision
X-IPLB-Instance
X-Az
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Rid
X-Cache-Hit
X-Content-Options
Accept-Charset
FilterID
X-Ruxit-Js-Agent
X-Cache-2
Refresh
X-CF-Powered-By
Powered-By-ChinaCache
X-B
X-Request-Processing-Time
X-Request-Received
TP-L2-Cache
TP-Cache
X-Page-Id
MS-CV
X-Whom
X-DIS-Request-ID
X-Cached-By
Server-Info
Host-Header
Cache-Status
VIX-Pulpo-Upstream-Status
X-Content-Security-Policy-Report-Only
X-Amz-Replication-Status
VIX-Pulpo-Node
X-Varnish-Backend
Source
X-PHP-Backend
X-Akamai-Edgescape
X-Cache-Action
X-App-Environment
X-Origin-Server
X-TT
X-Tumblr-User
X-Tumblr-Pixel
X-Mobile
X-Tumblr-Pixel-0
PageSpeed
X-Platform-Server
X-Cluster
X-Accel-Buffering
X-F-Cache
Access-Control-Allow-Method
X-FW-Static
X-FW-Hash
X-Framework
X-FW-Server
X-FW-Type
X-Content-Powered-By
X-FW-Serve
X-Varnish-Grace
X-Drupal-Cache-Tags
X-FB-Debug
X-Request-Guid
X-Instance
X-Node-Name
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Forwarded-Host
X-Ezoic-Cdn
X-UA-Device-Type
X-Shard
X-Geo-Country
Edge-Cache-Tag
X-Oneagent-Js-Injection
X-TA-CDN-Provider
X-RateLimit-Limit
X-Zen-Fury
X-GUploader-UploadID
Fastly-Restarts
X-Handled-By
X-Cache-TTL
X-Varnish-Hostname
From-Origin
X-Magnolia-Registration
X-SS-Set-Cookie
Cache-Tags
X-Cache-Age
X-AOL-HN
X-BCube-Filmed-By
X-FastCGI-Cache
X-ATG-Version
X-XRDS-LOCATION
X-Cache-Rule
X-Cache-Control
Upgrade-Insecure-Requests
Healthy
X-Varnish-Server
Cleartype
Retry-After
X-App-Server
Server-Node
DC
X-RequestSource
Payment
X-Response-Served-From
X-B-Cache
X-Signature
X-TX-ID
X-Storage
X-WebKit-CSP-Report-Only
X-Region
Country
X-RTag
Filters
X-Tumblr-Pixel-1
X-TT-TIMESTAMP
X-Adobe-Loc
X-Redis-Cache
Actual-Object-TTL
X-GeoIP
X-FW-Dynamic
Powered
X-Dns-Prefetch-Control
X-Tumblr-Pixel-2
Ms-Operation-Id
X-Adobe-Content
X-VG-WebCache
X-Drupal-Cache-Contexts
X-UUID
X-Jobs
Cache-Tv-Group
X-Generated-By
X-Cacheable-TTL
X-Varnish-Hits
X-Content-Age
Webserver
X-Locale
Frame-Options
CACHE
NGB
GEO-INFO
ServedBy
X-WA-Info
X-Guploader-Uploadid
X-Contextid
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Cache-NE
HitType
Liferay-Portal
X-Rendered-As
X-ProcessESI
X-RemovedCookies
Eomportal-Instance
X-BACKEND-TTL
X-Cache-Operation
X-Varnish-IP
X-NWS-LOG-UUID
X-Cache-TTL-Remaining
X-Upgrade-Enabled
X-Via-JSL
Nel
X-Esi
X-Mode
S-Cnection
X-Seen-By
Viewport
X-Real-IP
Xserver
X-Varnish-Cache-Hits
NtCoent-Length
X-Device-Type
X-Is-Bot
X-Path-Route
X-Proto
Cache-Key
Cache-Hits
LB
X-Hl-Ver
OT-Force-Account-Verify
X-ES-SERVER
X-Proxied
X-Cache-Var-Map
X-Cache-Var
Mn-Server-Ip
Machine
X-Zipkin-Id
X-RN-RSRV
X-Routing-Service
X-Detected-As
Meta-Geo
Load-Balancing
X-Time
X-S
X-Cache-Enabled
X-Cache-Config
Webcakes-Region
X-Environment-Context
X-Backend-Name
X-FC-Vary-Parameters
X-Akamai-Transformed
X-NCache
X-L-Path
X-Hosted-By
Webcakes-App-Version
X-FB-TRIP-ID
Webcakes-App-Name
TWC-Connection-Speed
TWC-Device-Class
L5d-Success-Class
Property-Id
Mail-Subject
TWC-GeoIP-Country
TWC-GeoIP-LatLong
Access-Control-Request-Headers
We-Hiring
Vix-Hermes-Req-Id
TWC-Privacy
TWC-Locale-Group
X-Origin-Hint
X-FW-Version
X-Viewer-Country
X-Time-Microsecs
X-Rocket-Nginx-Bypass
X-Tb
X-Cache-Server
X-VG-TLSProxy
X-Proxy
X-TNCMS
Azure-InstanceId
Azure-RegionName
Origin-Edge-Control
Now
X-Origin-Response-Time
X-Access
Azure-SiteName
Origin-Cache-Control
Azure-SlotName
DB-Nickname
X-VWS-Id
X-Web-Node
X-Vgn-Hpd-Reason
X-AWS-Id
Azure-Version
X-Tumblr-Pixel-3
S-Rt
X-Akamai-Request-ID
X-ServerID
X-Format
X-R9-Blue-Green-Version
X-Labrador-Cache-Channel
X-LJ-Flow-ID
X-MP-GENERATED-AT
X-Loop
X-RCS-CacheZone
NGX
X-Section
X-Debug-Cache
X-Timing-Wait
X-Proxy-Build
Selected-FE
X-Xfnlog-Site
X-CCM
X-BYPASS-REASON
X-JoinUs
X-PCL
X-IP
X-From
X-Trace-Id
X-ProxyCache-Status
X-ProxyCache-Key
X-Via-CDN
X-Human
X-Via-Fastly
X-EIG-Tracking-Id
X-OCL
Cache-Tag
Datacenter
X-Cache-Remote
X-Grey
X-Internal-Host
X-Www-Served-By
Uber-Trace-Id
X-Generated
X-Cache-Category-Id
Content-Style-Type
Content-Script-Type
X-UA
X-Dynatrace-Js-Agent
X-Endurance-Cache-Level
X-UnsetCookies
X-VC-Cache
X-Varnish-Cacheable
X-Site-Version
Release
Decoy-Debug-TTL
Decoy-Debug-Status
X-Rule
Decoy-Debug-Key
X-Birta-Served
X-Birta-Cache-Post
Served-By
X-Status
X-EdgeConnect-Cache-Status
X-APP-VERSION
X-TIME
X-CDN-Cache
X-B3-Spanid
X-Newrelic-App-Data
X-GRACE
X-Request-Time
DSUID
X-Cluster-Node
AsisCache
X-OVcl-Cache
X-OVcl
X-Nginx-Cache
Rt-Fastcgi-Cache
X-App-Name
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Origin
X-NewRelic-App-Data
Hostname
X-ApacheServer
X-Hit
X-PERF
X-VCT
X-Source
X-Origin-Host
X-Ua
SRV
X-Sucuri-ID
X-Agile
X-Agile-Id
X-Agile-Age
ViewerVersion
X-Wix-Request-Id
X-Pubstack
Cache-Name
Cteonnt-Length
X-Wix-Server-Artifact-Id
X-Cache-Host
X-SERVER
X-Origin-TTL
X-Origin-CC
X-ElasticPress-Search
X-Instart-Isnd
X-A-Dcw
X-A-Dgt
FNAC-ModuleRouting
X-F5-Cache
X-PAYTM-SRV-ID
X-A-Wwc
X-Accel-Expires-Debug
X-Generated-In
X-Aed
X-Hp-Webp
X-Gannett-Site-Version
X-External-Request-Id
X-IN-APIGATEWAY
Fly-Request-Id
X-G
X-IN-WAF
X-Debug-Log
X-Cache-Miss-From
Arc-Country
Ec-Rule-Version
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Cache-Info
BehaviorPad-Version
Cache-Prefix
X-B-Cookie
X-Cache-Expires
X-Cache-Grace
Cross-Origin-Window-Policy
X-ARC
Ajk
X-A-Dam
X-Debug-Cookies
X-Destination
X-Developer
Fly-Cache
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-Application
X-Connection-Hash
X-D
X-Date
X-Debug-Cache-Expiry
X-DPWN-IS-SECURE
UCS
Server-Host
X-ServiceProvider
Server-Cache-Control
X-Server-Group
X-Matched-Rule
X-Logtrace-Id
Server-Surrogate-Control
Origin
X-Thinkindot-L3
X-Transaction
X-A-Ccd
X-SRCache-Key
On-Server
X-Sedo-Request-Id
X-Secret
X-Region-Sid
Request-EU
X-Refresh
X-Reboot
X-NodeID
Rendered-Blocks
Request-Time
X-Request-UUID
X-S-Cookie
X-ScT
X-Rojux
X-Rewrite-Enabled
X-Mobile-URL
Thinkindot-CacheControl
Request-Country
X-Platform
Xc-Version
X-Webstats-RespID
X-VG-WebServer
X-Trv-Group
X-WPE-Loopback-Upstream-Addr
Lfy
Www
X-A
X-NX-Host
X-NU-AKA-ACS-Version
X-Cache-ASPX
X-Var-Ttl
X-Varnish-Authentication
Meta-Geo-Continent
X-Twitter-Response-Tags
Thinkindot-CacheControl-Type
Node
X-Processor
Thinkindot-Control
Memcached
MD5-Digest
X-Varnish-Ttl
User-Cache-Control
X-Amzn-Remapped-Date
Web-Mar-Node
X-Apm-App-Name
X-Apm-Inst-Hash
ServerName
X-Block-Status
RNT-Time
RNT-Machine
X-Apm-Svc-Key
True-Client-Country-4JS
X-Amzn-Remapped-Connection
Server-Int
X-Amzn-Remapped-Content-Length
X-Hash
X-Up
X-Li-Pop
X-LI-Proto
X-LI-UUID
X-Qloud-Router
X-Li-Fabric
X-Policy
X-PHP-Host
X-Key
X-LAGOON
X-Cdn-Origin
X-Swa-Ws
X-SN
X-Micro-Cache
X-Nginx-Cache-Key
X-Request-URI
X-Rebelmouse-Surrogate-Control
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-SIPLIST1
X-Sf
X-Location
X-Servername
X-Server-Time
X-Sn-Servicetimems
X-Crawler
X-Developers
X-Device-Os
X-Dispatcher-Server
X-Core-Value
X-CGP
X-Cache-Bucket
X-Cache-Debug
X-Cache-Id
X-Cdn-Srv
X-Distil-CS
X-Epic-Correlation-Id
X-Info
X-Irp-Debug
X-Origin-Expires
X-Origin-Date
X-Hnp-Log
X-Page-Type
X-Eu-Site
X-Fetched-On
X-Gen-Mode
X-Rebelmouse-Cache-Control
X-Cache-Backend
V-Age
Fastly-SWR
Fastly-SIE
Country-Code
Gh-Request-Id
Ha-Gx-Prefs
IsBot
HA-Ipaddr
CDCHOST
Backend
Cache
Warning
Apple-News-Services-Handled
Apple-News-Services-Host
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Kp-EeAlive
X-Real-Ip
Proxy-Connection
Pagetype
Pramga
X-Geo
X-FireWall-Port
Pagespeed
X-App-Version
X-Geo-Header
Is-Eu
X-GeoIP-City
AKAMAI
X-MSEdge-Flight
Adler-Geo
X-Cms-Context
SD-X-WS
X-GeoIP-Country-Code
Platform
X-Via-Edge
X-Exp-Se
X-Cache-FS-Status
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
X-Core-Mission
X-Generated-On
X-Distributor
X-Skip-Cache
X-Sorting-Hat-PodId
X-Shopify-Stage
X-Server-IP
X-ShardId
X-ShopId
X-Sorting-Hat-ShopId
X-Thanos
X-Variation
X-S-Maxage
X-User
X-Gateway-Skip-Cache
X-Gateway-Cache-Key
X-Gateway-Cache-Status
X-Via-SSL
Cache-Cookie-Set-Lfrom
X-ND-Cache
X-Varnish-Beresp-Grace
Fastly-SSL
Fastly-Soc-X-Request-Id
X-Varnish-Beresp-Status
Content-Disposition
X-Protected-By
X-Planisys-CDN-Cache
X-Level-Front-Cache
X-Alternate-Cache-Key
X-Amz-Meta-Cache-Control
X-Planisys-CDN-TTL
X-No-Session
X-Wikidot-Static-Cache
Heartbleed
X-BBXSRF
X-Bip
Rt-Proxy-Cache
X-C
X-MSEdge-Features
X-Backend-Url
X-Auto-Login
X-Wikidot-Backend
X-Backend-Host
X-Backend-State
X-Planisys-CDN-Rules
X-GZip
X-BB-ID
X-Org
X-Fastly-Cache
REQUESTUUID
X-RateLimit-Reset
HTTPS
X-Ocache
X-Owner
X-Edge-Location
X-B3-Parentspanid
X-Proxy-Upstream
X-Proxy-Cache-Status
X-TrackingId
X-TT-LOGID
X-Served-From
Server-ID
X-Sucuri-Cache
User-Agent
X-Cdn-Forward
X-Git-Hash
N-Cache
MIME-Version
Magicmarker
X-Varnish-Url
Fastly-Backend-Name
X-FPC
X-Edge-IP
X-Host-Name
X-NC
X-CDN-Forward
X-Load-Cache
Wxu-Next-Region
AR-SID
X-Gdpr
VivaBuild
Wxu-Next-Commit
Viewtype
X-Aicache-OS
Wxu-Next-Hostname
X-Dc
X-Node-Id
X-Daa-Tunnel
X-Varnish-Beresp-Ttl
X-Pjax-Url
X-Parent-Response-Time
X-Nc
Memory
X-CUA
Powered-By
X-Release
Time
X-CSRF-TOKEN
X-DC
X-WebServer
CF-IPCountry
X-TH-Server
HostName
X-CACHE-KEY
X-HS-Cache-Config
Resin-Trace
PICS-Label
Pragrma
X-Server-By
X-Passed-To-PostProcessResponse
X-Passed-To-BeforeDispatch
X-Servedbyhost
X-Passed-To-DLL
X-Returned-From-PostProcessResponse
X-Returned-From
X-Returned-From-BeforeDispatch
X-Returned-From-DLL
X-Passed-To
Mime-Version
X-Oss-Storage-Class
X-Svr
X-Original-Request
X-Wa
X-Actual-URL
Host-ID
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-Stale
X-Oss-Server-Time
X-Oss-Request-Id
X-Phone
X-Upstream-CT
X-Upstream-HT
Section-Io-Cache
X-Instart-Info
X-VServer
X-Croise-Owner
X-Newrelic-Synthetics
Backend-Name
X-Edge-Server
X-From-Cache
X-Lb-Id
X-Tb-Optimization-Total-Bytes-Saved
Cdn-Host
Cdn-Request-Time
Cf-Ipcountry
CF-Cached-On
X-Cache-HT
Cdn
X-Optimization
X-Varnish-Beresp-TTL
ProcessTime
X-Worker
352pxline
Xxline
225prxHost
286prxHost
X-Server-W
X-Request-Handler-Origin-Region
X-Microsite
409pxxline
355prline
219prxHost
189phosttRef
178proxuri
SID
188prxHost
X-Fastly-Backend-Reqs
X-APP
X-Unique-ID
Version
X-Atg-Version
Processtime
X-Req
X-Datadome
XServer
X-Microcachable
X-Zone
Proxy-Firewall
X-Akamai-Request-ID2
X-Vcl-Version
X-ID
X-Ratelimit-Remaining
Accept-Language
X-B3-SpanId
X-V
Odigeo-Trace-Id
X-Ratelimit-Limit
X-LB-ID
Fastcgi-Useragent
X-CACHE-AGE
X-CLOUD-TRACE-CONTEXT
X-IPS-LoggedIn
X-VCL-Version
Esi-Enabled
X-HTML-Minification-Powered-By
X-Contensis-Viewer-Groups
X-UPSTREAM-Address
X-AssetVersion
GeoIP-Latitude
X-Fstrz
SN
X-WA
GeoIP-Country-Code
X-Check-Cacheable
X-NGINX-Cache
GeoIP-City
X-Backend-TTL
X-Vcache
X-WR-MODIFICATION
X-HS-Status
X-Response-By
X-Vtex-Processado-Em
X-CSRF-Token
X-Vtex-Remote-Cache
X-ServedByHost
X-RequestId
X-URL
X-Nananana
X-Ratelimit-Reset
Pics-Label
X-ZONE
GMS-Ver
X-Urbn-Site-Id
Locale
X-Be
X-Reqid
X-Urbn-Context-Path
Geoip-Latitude
X-Via-NSCOPI
GeoIp-Country-Code
DataCenter
X-Hyper-Cache
X-NWS-UUID-VERIFY
X-ABtesting
X-Hello
Geoip-City
X-Flog
X-SERVER-NAME
X-Dynatrace
X-Via-Ucdn
X-Request-Start
X-Fastly-Country-Code
Fastcgi-X-Cache-Version
Public-Key-Pins-Report-Only
X-Render-Time
WP-Super-Cache
CDN
X-Cdn-Cache
Dnion-Transfer-Encoding
IBM-Web2-Location
X-Cache-Ttl
X-CS
GW-Server
X-Generation-Time
X-GDPR
X-LiteSpeed-Cache-Control
WZWS-RAY
X-Amz-Meta-Surrogate-Control
X-NGENIX-Cache
X-Unique-Id
Lb
Countrycode
X-Cluster-Name
Requestid
X-UE-Client-Country
X-Clientip
X-We-Are-Hiring
URI
X-PJAX-URL
Mobile-Detection-Method
X-FORWARDED-FOR
X-SRV
Amp-Access-Control-Allow-Source-Origin
X-HostName
Dynatrace
FastCGI-Cache
X-Presslabs-Stats
SS
X-BE
X-Fpc
Ohc-File-Size
X-Pf-Uncompressing
X-HS-Combine-CSS
X-Cache-URL
X-Gen-Id
Cneonction
Serverid
X-GEO
X-Compress-Hint
WebServer
A
GEO-REGION-INFO
Server-Id
X-LiteSpeed-Tag
X-Got-Non-Ke-Cookie
X-Bug-Bounty
Who
X-Store
X-Test
X-Varnish-Action
X-Akamai-SSL-Client-Sid
RequestId
X-Dw-Trace-Id
Https
X-ServerName
X-HTML-Edge-Cache
X-Fastly-Cache-Hits
RequestUuid
X-Request-Url
X-Html-Edge-Cache
Frontcache
FSS-Proxy
FSS-Cache
X-EC-Lua
X-GZIP
X-Serial
NnCoection
X-Cdn-Request-ID
X-PF-Uncompressing