Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
X-Powered-By
Link
ETag
CF-RAY
X-XSS-Protection
Expect-CT
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
CF-Cache-Status
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-Xss-Protection
X-Drupal-Cache
X-Adblock-Key
Alt-Svc
X-Check
X-Cacheable
X-Cache-Status
Content-Security-Policy-Report-Only
X-Generator
X-Request-ID
CF-Ray
X-DNS-Prefetch-Control
X-Permitted-Cross-Domain-Policies
X-AspNetMvc-Version
X-Template
X-Language
Status
X-Iinfo
Content-Encoding
Timing-Allow-Origin
X-Content-Security-Policy
X-FRAME-OPTIONS
X-Buckets
Upgrade
Xkey
X-Turbo-Charged-By
X-Kinja-Server-Push
X-CDN
Keep-Alive
Access-Control-Expose-Headers
X-Backend
Access-Control-Max-Age
X-Cache-Group
X-Pass-Why
X-Drupal-Dynamic-Cache
X-Age
X-AH-Environment
X-Server
X-Ua-Compatible
X-Pingback
X-Via
X-Proxy-Cache
X-Amz-Id-2
X-Amz-Request-Id
Grace
X-Hacker
X-Varnish-Cache
WPE-Backend
X-Page-Speed
X-Robots-Tag
X-Server-Powered-By
X-Nginx-Cache-Status
X-UA-Device
EagleId
Request-Context
X-Envoy-Upstream-Service-Time
Cf-Railgun
P3p
X-Amz-Version-Id
X-LiteSpeed-Cache
X-Swift-SaveTime
X-Swift-CacheTime
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-OneAgent-JS-Injection
Ali-Swift-Global-Savetime
X-Device
Server-Timing
X-WebKit-CSP
Allow
X-Ac
X-Rq
X-Node
X-Server-Id
X-Host
Content-Location
Feature-Policy
X-Cnection
X-Response-Time
X-CST
Report-To
X-Backend-Server
X-Cloud-Trace-Context
EagleEye-TraceId
Surrogate-Control
X-Application-Context
X-ORACLE-DMS-ECID
X-Iejgwucgyu
X-Url
X-Readtime
Request-Id
X-Origin-Cache
X-Rack-Cache
X-Country
X-FTR-Request-ID
X-Cdn
X-Cache-Lookup
X-Clacks-Overhead
X-Country-Code
X-Type
Rating
NEL
X-Instart-Request-ID
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Ruxit-JS-Agent
X-Vhost
X-DynaTrace
Pinterest-Generated-By
X-DataDome
X-Mod-Pagespeed
X-Origin-Upstream-Status
Edge-Control
X-Px
X-Goog-Hash
X-HW
X-Server-Name
Verso
X-ORACLE-DMS-RID
Accept-CH
X-Dispatcher
X-Upstream-Env
MS-Author-Via
X-ESI
X-VARITI-CCR
AR-ATIME
AR-CACHE
AR-PoweredBy
X-Mobile-Rewrite
Arc-Version
PB-RID
PB-PID
X-MS-InvokeApp
X-GitHub-Request-Id
X-Exp-Variant
X-Cdn-Fetch
X-GoogleNews-Bot
X-Exp-Id
X-Kinja-Build
X-Kinja
X-Kinja-Revision
X-Use-Magma
X-Kinja-Server
X-DataStream-Cache-Status
X-Cached
X-TTL
Public-Key-Pins
X-Powered-By-Plesk
X-Version
Content-MD5
Service-Worker-Allowed
X-Recruiting
Charset
AR-Request-ID
RTSS
Accept-CH-Lifetime
Ar-Sid
X-Abt-Application-Version
X-D2id
X-PC
X-Amz-Server-Side-Encryption
X-TtlSet
X-Navigation-Version
X-Vname
X-Ser
X-Varnish-TTL
X-Vcap-Request-Id
X-Webkit-CSP
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Forwarded-Proto
X-Client-IP
SPRequestGuid
X-Trace
Nginx-Cache
X-DynaTrace-JS-Agent
X-FTR-Balancer
X-FTR-Backend
X-FTR-DC
X-FTR-Backend-Server
X-FTR-Realm
X-FTR-Cache-Status
X-Country-Code-Real
X-FTR-Expires
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Generation
DynaTrace
X-VCache
X-Server-ID
X-Amz-Meta-S3cmd-Attrs
X-Amz-Rid
S
X-XRDS-Location
X-Fastly-Request-ID
X-Debug
X-SharePointHealthScore
TCN
X-Hits
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Dw-Request-Base-Id
X-TEC-API-ORIGIN
Arr-Disable-Session-Affinity
Pinterest-Version
X-Pinterest-Rid
X-Upstream-Proxy
X-Akam-SW-Version
X-Shield-Request-Id
SPRequestDuration
SPIisLatency
X-B3-TraceId
X-Powered-CMS
Access-Control-Request-Method
X-T
X-FTR-Cache-Host
X-Goog-Storage-Class
X-Id
X-Oracle-Dms-Rid
Realpath
X-Acc-Meta-Resource-Type
X-NF-Request-ID
X-MSEdge-Ref
Tracecode
X-Amzn-Trace-Id
Front-End-Https
X-Aspnet-Version
X-N
Fastcgi-Cache
X-Varnish-Age
X-Content-Type
X-Forwarded-For
Paypal-Debug-Id
X-Dns-Prefetch-Control
X-Upstream
X-Fastcgi-Cache
X-B3-TraceId-Primal
Mrf-Cache-Status
MRF-Tech
X-Mrf-Item-Lastmod
X-Ttl
X-Mrf-Section-Lastmod
Alternate-Protocol
X-Frontend
X-PressLabs-Stats
X-Content-Digest
X-Logged-In
X-HS-Content-Id
X-HS-Hub-Id
X-RateLimit-Remaining
Fusion-Template-Id
Response
X-Middleton-Display
Fusion-Source
Display
Fusion-Content-Source
Fusion-Component-Id
X-Middleton-Response
Fusion-Content-Id
X-Sol
X-Hostname
X-Srv
AMP-Access-Control-Allow-Source-Origin
X-Cache-Key
X-Pad
X-Litespeed-Cache
X-Accel-Expires
Host
MicrosoftSharePointTeamServices
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
Server-Name
X-Kinsta-Cache
X-Analytics
X-Correlation-Id
Backend-Timing
X-SERVER
X-Debug-Info
X-AppVersion
X-Az
X-LB-Cache
X-Activity-Id
X-Content-Options
X-Revision
X-User-Agent
X-B3-Sampled
X-Amzn-RequestId
X-Amz-Apigw-Id
X-IPLB-Instance
X-Rid
X-B3-Traceid
ServerID
Surrogate-Key
X-Cache-Hit
Accept-Charset
FilterID
X-Cache-2
Refresh
X-B
X-CF-Powered-By
Powered-By-ChinaCache
X-Grace
X-Accel-Buffering
X-Page-Id
X-Request-Received
X-DIS-Request-ID
X-Request-Processing-Time
TP-L2-Cache
TP-Cache
X-Whom
MS-CV
Server-Info
Host-Header
X-GUploader-UploadID
X-PHP-Backend
X-Cached-By
X-Varnish-Backend
Cache-Status
X-Content-Security-Policy-Report-Only
X-Cache-Action
X-Amz-Replication-Status
X-App-Environment
PageSpeed
VIX-Pulpo-Upstream-Status
Source
X-TT
X-Origin-Server
X-Akamai-Edgescape
VIX-Pulpo-Node
X-F-Cache
X-Cluster
X-Tumblr-Pixel-0
X-Tumblr-User
X-Tumblr-Pixel
X-Framework
X-Mobile
X-Platform-Server
X-Varnish-Grace
Access-Control-Allow-Method
X-Content-Powered-By
X-FW-Static
X-FW-Type
X-Instance
X-FW-Server
X-FW-Serve
X-Drupal-Cache-Tags
X-FW-Hash
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-UA-Device-Type
X-Request-Guid
X-Ruxit-Js-Agent
X-FB-Debug
X-Forwarded-Host
X-Shard
X-Geo-Country
X-Node-Name
X-Cache-TTL
X-Ezoic-Cdn
Edge-Cache-Tag
X-RateLimit-Limit
X-Zen-Fury
X-Handled-By
X-FastCGI-Cache
X-SS-Set-Cookie
From-Origin
X-Magnolia-Registration
X-TA-CDN-Provider
X-Varnish-Hostname
Fastly-Restarts
X-Cache-Age
X-ATG-Version
Cache-Tags
X-BCube-Filmed-By
X-AOL-HN
X-Cache-Control
X-Varnish-Server
DC
Healthy
X-Cache-Rule
X-App-Server
Upgrade-Insecure-Requests
Cleartype
Server-Node
Payment
X-Region
X-Response-Served-From
X-RequestSource
X-Adobe-Loc
X-TX-ID
X-Adobe-Content
Country
X-WebKit-CSP-Report-Only
X-B-Cache
Retry-After
X-Signature
Ms-Operation-Id
X-GeoIP
Webserver
X-RTag
X-Redis-Cache
Actual-Object-TTL
X-Tumblr-Pixel-2
X-VG-WebCache
Filters
X-Tumblr-Pixel-1
X-Storage
X-TT-TIMESTAMP
X-UUID
X-Generated-By
X-FW-Dynamic
Powered
Cache-Tv-Group
X-Drupal-Cache-Contexts
X-Jobs
X-Content-Age
X-Varnish-Hits
X-Locale
X-Cacheable-TTL
X-Ah-Environment
X-XRDS-LOCATION
NGB
GEO-INFO
Frame-Options
ServedBy
CACHE
X-WA-Info
X-Esi
Liferay-Portal
X-Contextid
HitType
X-Oneagent-Js-Injection
X-Rendered-As
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Real-IP
X-Cache-NE
X-Cache-TTL-Remaining
X-Varnish-IP
X-ProcessESI
X-RemovedCookies
X-Seen-By
X-Via-JSL
Eomportal-Instance
X-Time
X-GRACE
S-Cnection
X-Upgrade-Enabled
X-Cache-Operation
Viewport
X-Guploader-Uploadid
Xserver
X-Cache-Server
X-Mode
X-NWS-LOG-UUID
X-Varnish-Cache-Hits
X-Routing-Service
X-Device-Type
X-Path-Route
X-From
X-ES-SERVER
Cache-Hits
OT-Force-Account-Verify
X-Detected-As
X-Cache-Var-Map
X-Cache-Var
Cache-Key
X-Cache-Enabled
X-Proxied
X-RN-RSRV
X-Hl-Ver
Meta-Geo
Mn-Server-Ip
Machine
X-Zipkin-Id
X-Proto
X-Is-Bot
Load-Balancing
X-S
X-Akamai-Transformed
TWC-Privacy
TWC-Locale-Group
Vix-Hermes-Req-Id
We-Hiring
Webcakes-App-Version
Webcakes-App-Name
TWC-GeoIP-LatLong
TWC-GeoIP-Country
Mail-Subject
L5d-Success-Class
NGX
Property-Id
TWC-Device-Class
TWC-Connection-Speed
Webcakes-Region
X-Backend-Name
X-Rocket-Nginx-Bypass
X-Proxy
X-Tb
X-VG-TLSProxy
X-VWS-Id
X-Viewer-Country
X-LJ-Flow-ID
X-L-Path
X-Cache-Config
Access-Control-Request-Headers
X-Environment-Context
X-FB-TRIP-ID
X-Hosted-By
X-FC-Vary-Parameters
X-AWS-Id
X-Origin-Hint
Content-Script-Type
Datacenter
Content-Style-Type
X-Akamai-Request-ID
X-EIG-Tracking-Id
X-FW-Version
X-Format
X-Debug-Cache
X-Access
Origin-Cache-Control
Now
Origin-Edge-Control
X-BACKEND-TTL
S-Rt
X-Labrador-Cache-Channel
X-NCache
X-Vgn-Hpd-Reason
X-Tumblr-Pixel-3
X-Web-Node
X-R9-Blue-Green-Version
X-Time-Microsecs
X-TNCMS
X-ServerID
X-MP-GENERATED-AT
DB-Nickname
X-Origin-Response-Time
X-RCS-CacheZone
X-Loop
X-Section
Azure-InstanceId
Azure-SlotName
Azure-RegionName
Azure-SiteName
Azure-Version
X-Newrelic-App-Data
X-CCM
Selected-FE
X-Xfnlog-Site
X-Proxy-Build
X-BYPASS-REASON
X-Via-Fastly
X-Via-CDN
X-Trace-Id
X-OCL
X-JoinUs
X-PCL
X-ProxyCache-Status
X-ProxyCache-Key
X-Human
X-IP
X-Cache-Remote
X-Timing-Wait
Uber-Trace-Id
X-Birta-Cache-Post
X-Www-Served-By
NtCoent-Length
X-Site-Version
LB
X-Generated
X-Cache-Category-Id
X-Internal-Host
X-Grey
X-Birta-Served
Cache-Tag
X-Endurance-Cache-Level
X-Varnish-Cacheable
X-VC-Cache
Decoy-Debug-TTL
Decoy-Debug-Key
Decoy-Debug-Status
X-Status
X-Rule
X-UnsetCookies
Served-By
X-Dynatrace-Js-Agent
X-EdgeConnect-Cache-Status
Release
X-Wix-Server-Artifact-Id
X-UA
X-CDN-Cache
AsisCache
X-Ua
X-Cluster-Node
Nel
X-Wix-Request-Id
ViewerVersion
X-Request-Time
X-App-Name
X-Nginx-Cache
Rt-Fastcgi-Cache
X-App-Version
X-Origin-Host
X-TIME
X-ApacheServer
X-PERF
X-Source
X-Sucuri-ID
X-Hit
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Origin
X-OVcl
X-OVcl-Cache
X-Agile-Id
X-VCT
X-Agile
DSUID
X-Agile-Age
X-APP-VERSION
X-B3-Spanid
Cache-Name
SRV
X-NewRelic-App-Data
Warning
X-Origin-CC
X-Origin-TTL
Cache
X-ElasticPress-Search
X-Core-Value
X-Developer
X-Debug-Log
X-Debug-Cookies
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-Debug-Cache-Expiry
X-Destination
X-External-Request-Id
X-DPWN-IS-SECURE
X-D
X-Date
X-F5-Cache
X-B-Cookie
Thinkindot-Control
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
Server-Surrogate-Control
UCS
Www
X-A-Dcw
X-A-Dam
X-A-Ccd
X-A
Lfy
Server-Cache-Control
On-Server
Origin
Request-Country
Rendered-Blocks
Request-EU
Node
MD5-Digest
Memcached
Meta-Geo-Continent
Request-Time
FNAC-ModuleRouting
Fly-Request-Id
Arc-Country
X-Cache-Grace
BehaviorPad-Version
X-Cache-Expires
X-Cache-Info
X-Cache-Miss-From
X-Cache-Host
X-CF-Lambda-Version
Ajk
X-CF-Lambda-Fn
Cache-Prefix
X-Cache-ASPX
X-Accel-Expires-Debug
X-A-Wwc
X-A-Dgt
Fly-Cache
X-Aed
Ec-Rule-Version
X-G
X-ARC
X-Application
Cross-Origin-Window-Policy
X-Connection-Hash
X-Server-Group
X-Gannett-Site-Version
X-Request-UUID
X-Mobile-URL
X-NodeID
X-Varnish-Authentication
X-NU-AKA-ACS-Version
X-Rewrite-Enabled
X-Rojux
X-Webstats-RespID
X-Secret
X-Logtrace-Id
X-Matched-Rule
X-S-Cookie
X-ScT
X-Var-Ttl
X-Up
X-Thinkindot-L3
X-Transaction
X-Platform
X-SRCache-Key
X-Pubstack
X-Processor
X-Trv-Group
X-PAYTM-SRV-ID
X-Region-Sid
X-NX-Host
X-Twitter-Response-Tags
X-Refresh
X-Reboot
X-Sedo-Request-Id
X-VG-WebServer
X-Generated-In
X-IN-WAF
X-ServiceProvider
X-Hp-Webp
X-Instart-Isnd
X-IN-APIGATEWAY
Xc-Version
Cteonnt-Length
User-Cache-Control
X-Cache-Backend
User-Agent
X-Eu-Site
X-Swa-Ws
X-Cdn-Forward
X-Dispatcher-Server
X-Epic-Correlation-Id
ServerName
X-Distil-CS
Web-Mar-Node
X-Distributor
Server-Int
X-RateLimit-Limit-Second
X-Qloud-Router
X-Gen-Mode
X-SN
X-RateLimit-Remaining-Second
Proxy-Connection
X-Rebelmouse-Cache-Control
X-Protected-By
RNT-Machine
X-SIPLIST1
X-Page-Type
X-Hnp-Log
X-Policy
RNT-Time
X-Hash
X-PHP-Host
X-Device-Os
Server-Host
X-Cdn-Srv
X-Li-Fabric
X-Cache-Id
X-LAGOON
X-Micro-Cache
Pramga
X-Rebelmouse-Surrogate-Control
X-LI-UUID
X-Crawler
X-Location
X-LI-Proto
X-CGP
X-Li-Pop
X-Key
X-Irp-Debug
X-Amzn-Remapped-Content-Length
X-Info
X-Amzn-Remapped-Connection
X-Developers
X-Origin-Date
X-Sf
X-Amzn-Remapped-Date
X-Request-URI
X-Cache-Bucket
X-Cache-Debug
X-Nginx-Cache-Key
X-Block-Status
X-Servername
X-Origin-Expires
True-Client-Country-4JS
Kp-EeAlive
HA-Ipaddr
Apple-News-Services-Host
IsBot
Apple-News-Services-Handled
Fastly-SIE
CDCHOST
X-WPE-Loopback-Upstream-Addr
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Ha-Gx-Prefs
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
Pagetype
Cache-Cookie-Set-From
Backend
Hostname
Fastly-SWR
Country-Code
X-FireWall-Port
X-Varnish-Ttl
X-Via-Edge
X-Ocache
X-User
X-Variation
AKAMAI
X-No-Session
Adler-Geo
X-Cache-FS-Status
X-Cms-Context
X-Core-Mission
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-Via-SSL
X-Fastly-Cache
X-ShopId
X-ShardId
X-Shopify-Stage
X-GeoIP-Country-Code
X-GeoIP-City
X-Server-IP
X-Planisys-CDN-TTL
X-MSEdge-Flight
X-MSEdge-Features
X-Edge-Location
X-S-Maxage
X-Geo-Header
X-Varnish-Beresp-Grace
X-Sorting-Hat-ShopId
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-Thanos
X-Sorting-Hat-PodId
X-Skip-Cache
X-Varnish-Beresp-Status
X-Gateway-Skip-Cache
X-Gateway-Cache-Status
X-Gateway-Cache-Key
X-TrackingId
Gh-Request-Id
Fastly-SSL
Platform
X-C
X-Alternate-Cache-Key
Fastly-Soc-X-Request-Id
HTTPS
X-Amz-Meta-Cache-Control
SD-X-WS
Is-Eu
Heartbleed
Content-Disposition
X-BBXSRF
X-Auto-Login
X-Backend-State
X-Backend-Url
X-Generated-On
X-Bip
X-Level-Front-Cache
X-Backend-Host
X-Fetched-On
X-BB-ID
X-NC
X-Datadome
Pagespeed
MIME-Version
X-TT-LOGID
X-Sn-Servicetimems
X-Proxy-Cache-Status
X-Server-Time
X-Cdn-Origin
X-Sucuri-Cache
X-Apm-Inst-Hash
X-Apm-App-Name
V-Age
X-Owner
X-Apm-Svc-Key
X-Proxy-Upstream
X-GZip
X-Edge-IP
N-Cache
Rt-Proxy-Cache
X-Geo
X-RateLimit-Reset
Magicmarker
X-ND-Cache
X-Varnish-Url
X-Exp-Se
Fastly-Backend-Name
Server-ID
REQUESTUUID
X-Real-Ip
X-Org
X-FPC
X-B3-Parentspanid
X-Served-From
HostName
X-Node-Id
X-Varnish-Beresp-Ttl
VivaBuild
Viewtype
X-Pjax-Url
X-Aicache-OS
X-Gdpr
X-CDN-Forward
X-Load-Cache
X-DC
Wxu-Next-Region
X-Git-Hash
X-Parent-Response-Time
Wxu-Next-Hostname
Powered-By
X-CUA
Wxu-Next-Commit
CF-IPCountry
X-CSRF-TOKEN
X-Host-Name
Pragrma
Memory
X-Dc
Time
Section-Io-Cache
X-Passed-To-PostProcessResponse
X-Original-Request
X-Passed-To
X-Passed-To-BeforeDispatch
X-Wa
X-Stale
X-Svr
X-Passed-To-DLL
X-Actual-URL
X-Servedbyhost
X-Server-By
X-Returned-From-BeforeDispatch
X-Returned-From-DLL
X-Returned-From
X-Returned-From-PostProcessResponse
X-Nc
X-Release
X-Daa-Tunnel
Resin-Trace
X-CACHE-KEY
X-VServer
X-Oss-Server-Time
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
PICS-Label
X-Croise-Owner
X-Oss-Request-Id
Host-ID
X-HS-Cache-Config
X-Oss-Storage-Class
X-WebServer
Cdn-Host
Cdn-Request-Time
X-TH-Server
ProcessTime
X-Tb-Optimization-Total-Bytes-Saved
X-Edge-Server
X-From-Cache
X-Phone
X-Optimization
X-Upstream-HT
Mime-Version
X-Cache-HT
X-Unique-ID
AR-SID
X-Upstream-CT
Cdn
X-Microcachable
X-Instart-Info
SID
X-Newrelic-Synthetics
Fastcgi-Useragent
X-Varnish-Beresp-TTL
X-B3-SpanId
Backend-Name
X-APP
X-Lb-Id
X-Backend-TTL
Cf-Ipcountry
X-Req
X-Worker
X-Atg-Version
X-V
CF-Cached-On
Proxy-Firewall
X-Fastly-Backend-Reqs
X-LB-ID
178proxuri
355prline
188prxHost
189phosttRef
219prxHost
225prxHost
409pxxline
X-Server-W
XServer
Odigeo-Trace-Id
Xxline
286prxHost
352pxline
X-Zone
Version
X-ID
Processtime
X-Check-Cacheable
X-HTML-Minification-Powered-By
X-Ratelimit-Remaining
X-Vcl-Version
X-Ratelimit-Limit
X-WR-MODIFICATION
X-Microsite
X-Request-Handler-Origin-Region
X-Fstrz
X-Akamai-Request-ID2
X-CACHE-AGE
X-CLOUD-TRACE-CONTEXT
X-IPS-LoggedIn
X-Response-By
X-VCL-Version
X-Nananana
Esi-Enabled
Accept-Language
GMS-Ver
X-Contensis-Viewer-Groups
GeoIP-Latitude
X-AssetVersion
SN
X-NGINX-Cache
X-Vcache
GeoIP-Country-Code
Pics-Label
GeoIP-City
X-UPSTREAM-Address
Public-Key-Pins-Report-Only
X-WA
X-URL
X-Ratelimit-Reset
WZWS-RAY
X-ServedByHost
X-RequestId
X-Vtex-Remote-Cache
X-CSRF-Token
X-HS-Status
X-Vtex-Processado-Em
X-Be
Fastcgi-X-Cache-Version
X-Hyper-Cache
DataCenter
Locale
X-Via-NSCOPI
X-Urbn-Site-Id
X-Urbn-Context-Path
X-Fastly-Country-Code
X-Reqid
GW-Server
Geoip-Latitude
GeoIp-Country-Code
X-Amz-Meta-Surrogate-Control
X-SERVER-NAME
X-ZONE
X-Dynatrace
X-GEO
Geoip-City
X-Via-Ucdn
X-Request-Start
X-ABtesting
X-Flog
Countrycode
X-Clientip
X-We-Are-Hiring
X-Render-Time
X-UE-Client-Country
Mobile-Detection-Method
X-Hello
Lb
WP-Super-Cache
X-Cdn-Cache
Dnion-Transfer-Encoding
X-LiteSpeed-Cache-Control
X-BE
IBM-Web2-Location
X-GDPR
X-CS
SS
X-NWS-UUID-VERIFY
URI
X-Unique-Id
Ohc-File-Size
Requestid
X-Generation-Time
CDN
X-PJAX-URL
X-HostName
Amp-Access-Control-Allow-Source-Origin
X-GZIP
FastCGI-Cache
X-FORWARDED-FOR
X-SRV
Dynatrace
X-HS-Combine-CSS
Serverid
X-PF-Uncompressing
FSS-Cache
FSS-Proxy
Cneonction
X-Cluster-Name
X-Bug-Bounty
X-Pf-Uncompressing
X-Gen-Id
RequestUuid
X-Fpc
X-Cache-Ttl
X-Fastly-Cache-Hits
X-Cache-URL
X-Test
X-Html-Edge-Cache
X-LiteSpeed-Tag
Server-Id
A
X-Store
Accept-Ch
X-Request-Url
X-NGENIX-Cache
X-Akamai-SSL-Client-Sid
Is-Session-Tracking
X-Compress-Hint
Frontcache
X-Dw-Trace-Id
X-Cdn-Request-ID
NnCoection
Ohc-Cache-HIT
X-EC-Lua
Ohc-Response-Time
X-ServerName
X-Serial
X-HTML-Edge-Cache
Get-Access-Time