Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
X-Powered-By
Link
ETag
CF-RAY
X-XSS-Protection
Expect-CT
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
CF-Cache-Status
X-Timer
Access-Control-Allow-Headers
X-Request-Id
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-Xss-Protection
X-FRAME-OPTIONS
X-Drupal-Cache
X-Adblock-Key
Alt-Svc
X-Check
X-Cacheable
X-Cache-Status
X-Request-ID
Content-Security-Policy-Report-Only
X-Generator
X-DNS-Prefetch-Control
CF-Ray
X-Permitted-Cross-Domain-Policies
X-AspNetMvc-Version
X-Template
X-Language
Status
X-Iinfo
Content-Encoding
Timing-Allow-Origin
X-Content-Security-Policy
X-Buckets
Upgrade
Xkey
X-Turbo-Charged-By
X-Kinja-Server-Push
X-CDN
Keep-Alive
Access-Control-Expose-Headers
X-AH-Environment
X-Backend
Access-Control-Max-Age
X-Cache-Group
X-Pass-Why
X-Server
X-Drupal-Dynamic-Cache
X-Age
X-Ua-Compatible
X-Via
X-Pingback
X-Proxy-Cache
X-Amz-Request-Id
X-Amz-Id-2
Grace
X-Hacker
WPE-Backend
X-Varnish-Cache
X-Page-Speed
X-Robots-Tag
X-Server-Powered-By
X-Nginx-Cache-Status
X-UA-Device
EagleId
Request-Context
X-Envoy-Upstream-Service-Time
Cf-Railgun
P3p
X-Amz-Version-Id
X-LiteSpeed-Cache
X-Swift-CacheTime
X-Swift-SaveTime
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-WebKit-CSP
Ali-Swift-Global-Savetime
X-Device
X-OneAgent-JS-Injection
Server-Timing
X-Ac
Allow
X-Rq
X-Node
X-Host
Content-Location
X-Server-Id
Feature-Policy
X-Cnection
X-Response-Time
Report-To
X-Cloud-Trace-Context
X-Backend-Server
EagleEye-TraceId
X-Application-Context
Surrogate-Control
X-CST
X-ORACLE-DMS-ECID
X-Iejgwucgyu
Request-Id
X-Url
X-Origin-Cache
X-Readtime
X-Rack-Cache
X-FTR-Request-ID
X-Country
X-Cache-Lookup
X-Clacks-Overhead
X-Country-Code
NEL
Rating
X-Instart-Request-ID
Pinterest-Generated-By
X-DataDome
X-Vhost
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-DynaTrace
X-Ruxit-JS-Agent
X-Mod-Pagespeed
X-Cdn
X-Origin-Upstream-Status
Edge-Control
X-Goog-Hash
X-Px
X-HW
X-Type
Accept-CH
X-Dispatcher
Verso
X-Server-Name
MS-Author-Via
X-ESI
X-VARITI-CCR
AR-CACHE
AR-PoweredBy
AR-ATIME
X-ORACLE-DMS-RID
PB-RID
PB-PID
Arc-Version
X-Mobile-Rewrite
X-GitHub-Request-Id
X-MS-InvokeApp
X-DataStream-Cache-Status
X-GoogleNews-Bot
X-Use-Magma
X-Cdn-Fetch
X-Exp-Variant
X-Exp-Id
X-Kinja-Build
X-Kinja-Revision
X-Kinja-Server
X-Kinja
Public-Key-Pins
X-Cached
X-Powered-By-Plesk
Content-MD5
X-Version
Service-Worker-Allowed
X-Upstream-Env
Accept-CH-Lifetime
AR-Request-ID
X-Recruiting
X-D2id
X-TTL
X-Amz-Server-Side-Encryption
RTSS
X-Navigation-Version
Charset
X-Abt-Application-Version
X-TtlSet
X-Vname
X-PC
X-Ser
X-Vcap-Request-Id
X-Server-ID
Ar-Sid
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Forwarded-Proto
X-Varnish-TTL
X-Client-IP
Nginx-Cache
X-Trace
SPRequestGuid
X-FTR-DC
X-FTR-Realm
X-FTR-Cache-Status
X-FTR-Balancer
X-Country-Code-Real
X-FTR-Backend-Server
X-FTR-Backend
X-FTR-Expires
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Generation
DynaTrace
X-VCache
X-DynaTrace-JS-Agent
X-Amz-Rid
X-Fastly-Request-ID
X-Amz-Meta-S3cmd-Attrs
S
X-Debug
X-Hits
X-Oracle-Dms-Rid
TCN
X-Pinterest-Rid
Pinterest-Version
X-Upstream-Proxy
X-SharePointHealthScore
X-Akam-SW-Version
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-XRDS-Location
X-Shield-Request-Id
X-Dw-Request-Base-Id
X-Powered-CMS
Arr-Disable-Session-Affinity
SPIisLatency
SPRequestDuration
X-FTR-Cache-Host
X-T
Access-Control-Request-Method
X-Goog-Storage-Class
X-Id
Realpath
X-Acc-Meta-Resource-Type
X-MSEdge-Ref
Tracecode
X-NF-Request-ID
X-Amzn-Trace-Id
X-Ttl
X-Webkit-CSP
Front-End-Https
X-Aspnet-Version
X-Varnish-Age
Fastcgi-Cache
X-N
X-Content-Type
X-B3-TraceId
X-Upstream
X-Forwarded-For
X-Fastcgi-Cache
MRF-Tech
X-B3-TraceId-Primal
X-Mrf-Section-Lastmod
Mrf-Cache-Status
X-Mrf-Item-Lastmod
Paypal-Debug-Id
Alternate-Protocol
X-Frontend
X-Middleton-Display
X-Logged-In
Response
X-Middleton-Response
Display
X-Content-Digest
X-Sol
X-PressLabs-Stats
X-B3-Traceid
X-HS-Hub-Id
X-HS-Content-Id
X-Pad
Fusion-Template-Id
Fusion-Source
Fusion-Component-Id
Fusion-Content-Id
Fusion-Content-Source
X-Srv
X-RateLimit-Remaining
X-Litespeed-Cache
X-Hostname
X-Cache-Key
AMP-Access-Control-Allow-Source-Origin
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
Host
X-Accel-Expires
ServerID
X-Grace
MicrosoftSharePointTeamServices
X-Analytics
Server-Name
Backend-Timing
X-Correlation-Id
X-B3-Sampled
X-Kinsta-Cache
X-AppVersion
X-LB-Cache
X-User-Agent
X-Activity-Id
X-Revision
X-IPLB-Instance
Surrogate-Key
X-Az
X-Rid
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Cache-Hit
X-Content-Options
X-Debug-Info
FilterID
Accept-Charset
X-Cache-2
Refresh
Powered-By-ChinaCache
X-Ruxit-Js-Agent
X-CF-Powered-By
X-Request-Received
X-Request-Processing-Time
X-B
TP-L2-Cache
TP-Cache
X-Page-Id
MS-CV
X-Whom
X-DIS-Request-ID
Server-Info
X-Cached-By
Host-Header
Cache-Status
X-App-Environment
X-Cache-Action
X-Varnish-Backend
VIX-Pulpo-Upstream-Status
X-PHP-Backend
Source
VIX-Pulpo-Node
X-Akamai-Edgescape
X-Amz-Replication-Status
X-Content-Security-Policy-Report-Only
X-TT
X-Origin-Server
X-Cluster
X-Tumblr-Pixel
X-F-Cache
X-Tumblr-Pixel-0
X-Mobile
X-Tumblr-User
X-FW-Type
Access-Control-Allow-Method
X-FW-Server
X-Varnish-Grace
X-Content-Powered-By
X-Framework
X-FW-Hash
X-FW-Static
X-FW-Serve
X-Request-Guid
X-Instance
X-FB-Debug
X-Drupal-Cache-Tags
X-Platform-Server
X-Ezoic-Cdn
X-Forwarded-Host
X-Accel-Buffering
X-Node-Name
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-UA-Device-Type
X-Shard
PageSpeed
X-GUploader-UploadID
Edge-Cache-Tag
X-Geo-Country
Fastly-Restarts
X-Zen-Fury
X-Handled-By
X-Varnish-Hostname
X-TA-CDN-Provider
X-RateLimit-Limit
X-Oneagent-Js-Injection
X-FastCGI-Cache
From-Origin
X-Cache-TTL
X-Magnolia-Registration
Cache-Tags
X-SS-Set-Cookie
X-AOL-HN
X-Cache-Age
X-BCube-Filmed-By
X-ATG-Version
X-Cache-Control
X-Cache-Rule
Upgrade-Insecure-Requests
Healthy
X-XRDS-LOCATION
X-Varnish-Server
Retry-After
Payment
Cleartype
DC
Server-Node
X-App-Server
X-RequestSource
X-Response-Served-From
X-TX-ID
X-B-Cache
X-Adobe-Content
X-Storage
X-Signature
X-Adobe-Loc
Country
X-WebKit-CSP-Report-Only
X-FW-Dynamic
X-Redis-Cache
X-TT-TIMESTAMP
X-Tumblr-Pixel-2
Ms-Operation-Id
X-RTag
X-UUID
Powered
X-VG-WebCache
X-Tumblr-Pixel-1
Filters
Actual-Object-TTL
X-GeoIP
X-Region
X-Drupal-Cache-Contexts
Cache-Tv-Group
X-Jobs
X-Content-Age
X-Varnish-Hits
X-Cacheable-TTL
X-Generated-By
X-Locale
X-Dns-Prefetch-Control
Frame-Options
Webserver
X-WA-Info
GEO-INFO
CACHE
NGB
ServedBy
X-Esi
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Cache-NE
X-Contextid
X-Guploader-Uploadid
Liferay-Portal
HitType
X-Rendered-As
X-ProcessESI
X-RemovedCookies
X-BACKEND-TTL
Eomportal-Instance
X-NWS-LOG-UUID
X-Cache-Operation
X-Cache-TTL-Remaining
X-Varnish-IP
X-Time
X-Via-JSL
X-Real-IP
X-Upgrade-Enabled
Viewport
X-Dynatrace-Js-Agent
X-Mode
Xserver
X-Seen-By
X-Varnish-Cache-Hits
X-Device-Type
X-Routing-Service
X-Cache-Var
Mn-Server-Ip
Machine
X-Cache-Enabled
Load-Balancing
X-Detected-As
X-Cache-Var-Map
X-Zipkin-Id
X-RN-RSRV
X-Is-Bot
X-From
X-Hl-Ver
LB
X-Akamai-Transformed
X-Path-Route
X-Proto
Cache-Hits
OT-Force-Account-Verify
X-ES-SERVER
X-Proxied
Cache-Key
Meta-Geo
X-Cache-Remote
X-Cache-Server
X-S
S-Cnection
Webcakes-App-Name
We-Hiring
Webcakes-App-Version
X-Backend-Name
X-AWS-Id
Webcakes-Region
Vix-Hermes-Req-Id
TWC-Locale-Group
NGX
Mail-Subject
L5d-Success-Class
Property-Id
TWC-Connection-Speed
X-Cache-Config
TWC-GeoIP-LatLong
TWC-GeoIP-Country
TWC-Privacy
X-FB-TRIP-ID
X-R9-Blue-Green-Version
X-Proxy
X-Viewer-Country
X-Rocket-Nginx-Bypass
X-Tb
X-VG-TLSProxy
X-Time-Microsecs
X-Origin-Hint
X-NCache
X-FW-Version
X-FC-Vary-Parameters
Access-Control-Request-Headers
X-Hosted-By
X-VWS-Id
X-LJ-Flow-ID
X-L-Path
X-Environment-Context
TWC-Device-Class
X-MP-GENERATED-AT
X-Loop
Now
DB-Nickname
Azure-Version
Azure-RegionName
Azure-SiteName
Azure-SlotName
Origin-Cache-Control
Origin-Edge-Control
X-Debug-Cache
X-Access
X-Akamai-Request-ID
X-EIG-Tracking-Id
X-Format
X-Labrador-Cache-Channel
S-Rt
X-Web-Node
Azure-InstanceId
X-Origin-Response-Time
X-ServerID
X-Section
X-Tumblr-Pixel-3
X-TNCMS
X-Proxy-Build
X-Vgn-Hpd-Reason
X-JoinUs
X-Trace-Id
X-Timing-Wait
X-CCM
Selected-FE
X-Human
X-OCL
X-IP
X-Xfnlog-Site
X-Via-CDN
X-Via-Fastly
Datacenter
X-RCS-CacheZone
X-ProxyCache-Key
X-ProxyCache-Status
Cache-Tag
X-PCL
X-BYPASS-REASON
NtCoent-Length
Uber-Trace-Id
X-Grey
X-Generated
X-Cache-Category-Id
X-Www-Served-By
X-Internal-Host
Content-Style-Type
Content-Script-Type
X-UnsetCookies
X-Endurance-Cache-Level
X-VC-Cache
X-Site-Version
X-Rule
Release
Served-By
X-Varnish-Cacheable
X-Status
X-UA
Decoy-Debug-Status
Decoy-Debug-Key
Decoy-Debug-TTL
X-EdgeConnect-Cache-Status
X-Birta-Cache-Post
X-Birta-Served
X-APP-VERSION
X-Newrelic-App-Data
X-CDN-Cache
X-B3-Spanid
Nel
X-Request-Time
DSUID
X-Cluster-Node
X-OVcl
X-GRACE
X-OVcl-Cache
X-Nginx-Cache
AsisCache
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Varnish-Ttl
X-Origin
X-TIME
X-VCT
X-Ua
X-Hit
Rt-Fastcgi-Cache
X-App-Name
X-NewRelic-App-Data
X-ApacheServer
X-PERF
X-Source
SRV
Hostname
X-Agile-Id
X-Agile-Age
Pagespeed
X-Agile
X-Sucuri-ID
X-Origin-Host
Cteonnt-Length
X-Pubstack
Cache
X-Cache-Host
Cache-Name
X-ElasticPress-Search
X-Origin-TTL
X-Wix-Request-Id
ViewerVersion
X-Origin-CC
Server-Cache-Control
Request-EU
Server-Host
BehaviorPad-Version
Server-Surrogate-Control
Thinkindot-CacheControl
Request-Country
Request-Time
Rendered-Blocks
On-Server
Arc-Country
Origin
Cache-Prefix
Fly-Request-Id
FNAC-ModuleRouting
Fly-Cache
Lfy
X-Accel-Expires-Debug
X-A-Wwc
X-A-Dam
X-A-Dcw
X-A-Dgt
Ec-Rule-Version
MD5-Digest
UCS
Thinkindot-Control
Thinkindot-CacheControl-Type
Meta-Geo-Continent
Www
Memcached
X-A-Ccd
Cross-Origin-Window-Policy
Node
X-Core-Value
X-Refresh
X-Reboot
X-Region-Sid
X-Request-UUID
X-Rojux
X-Rewrite-Enabled
X-Processor
X-PAYTM-SRV-ID
X-Matched-Rule
X-Logtrace-Id
X-Mobile-URL
X-NodeID
X-NX-Host
X-NU-AKA-ACS-Version
X-S-Cookie
X-ScT
X-Var-Ttl
X-Twitter-Response-Tags
X-Varnish-Authentication
X-VG-WebServer
Xc-Version
X-Webstats-RespID
X-Trv-Group
X-Transaction
X-Server-Group
X-Sedo-Request-Id
X-ServiceProvider
X-SRCache-Key
X-Thinkindot-L3
X-Instart-Isnd
X-IN-WAF
X-CF-Lambda-Fn
X-Cache-Miss-From
X-CF-Lambda-Version
X-Connection-Hash
X-D
Ajk
X-Cache-Info
X-Cache-Grace
X-ARC
X-Application
X-B-Cookie
X-Cache-ASPX
X-Cache-Expires
X-Date
X-Debug-Cache-Expiry
X-F5-Cache
X-External-Request-Id
X-G
X-Generated-In
X-IN-APIGATEWAY
X-Hp-Webp
X-DPWN-IS-SECURE
X-Developer
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-Debug-Cookies
X-Debug-Log
X-Destination
X-Aed
X-A
X-WPE-Loopback-Upstream-Addr
X-App-Version
User-Cache-Control
X-Wix-Server-Artifact-Id
AR-SID
X-SERVER
X-Amzn-Remapped-Content-Length
X-Amzn-Remapped-Date
V-Age
X-Page-Type
Web-Mar-Node
X-Origin-Expires
X-Micro-Cache
X-Amzn-Remapped-Connection
X-Nginx-Cache-Key
X-Origin-Date
X-Location
X-PHP-Host
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-Secret
X-Request-URI
RNT-Machine
RNT-Time
X-Platform
X-Apm-App-Name
Server-Int
X-Policy
X-Qloud-Router
True-Client-Country-4JS
X-LI-UUID
X-Gen-Mode
X-Gannett-Site-Version
X-Crawler
X-Hash
X-Hnp-Log
X-CGP
X-Fetched-On
X-Eu-Site
X-Distil-CS
X-Distributor
X-Dispatcher-Server
X-Device-Os
X-Developers
X-Cdn-Srv
X-Info
X-Li-Fabric
X-Block-Status
X-Li-Pop
X-LI-Proto
X-Apm-Svc-Key
Proxy-Connection
X-LAGOON
X-Cache-Backend
X-Irp-Debug
X-Cache-Id
X-Key
X-Cache-Debug
X-Cache-Bucket
X-Apm-Inst-Hash
ServerName
Country-Code
X-Sn-Servicetimems
X-Server-Time
CDCHOST
IsBot
X-Swa-Ws
Cache-Cookie-Set-Idcheck
X-Up
X-Cdn-Origin
Pramga
Fastly-SWR
Gh-Request-Id
Ha-Gx-Prefs
Fastly-SIE
HA-Ipaddr
Cache-Cookie-Set-From
Cache-Cookie-Set-Lfrom
X-Sf
Apple-News-Services-Request-Url
Backend
Pagetype
Apple-News-Services-Parsed-Url
Apple-News-Services-Handled
Apple-News-Services-Host
X-SIPLIST1
X-Geo
X-FireWall-Port
X-GeoIP-City
Fastly-SSL
X-C
X-Core-Mission
X-GeoIP-Country-Code
X-Bip
Fastly-Soc-X-Request-Id
AKAMAI
X-BBXSRF
X-Generated-On
X-Level-Front-Cache
X-Backend-Url
X-Cms-Context
Content-Disposition
Rt-Proxy-Cache
X-Backend-State
X-Gateway-Cache-Key
X-Gateway-Cache-Status
X-Geo-Header
X-Gateway-Skip-Cache
X-Exp-Se
X-Fastly-Cache
X-Cache-FS-Status
X-ND-Cache
X-Wikidot-Backend
X-Epic-Correlation-Id
X-SN
X-Skip-Cache
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-Planisys-CDN-Cache
X-Protected-By
X-Shopify-Stage
Platform
X-Server-IP
X-S-Maxage
X-Servername
X-ShardId
SD-X-WS
X-ShopId
X-Backend-Host
X-Thanos
X-User
Heartbleed
X-Amz-Meta-Cache-Control
X-Alternate-Cache-Key
X-Variation
X-Via-Edge
X-Wikidot-Static-Cache
X-Auto-Login
X-Via-SSL
X-MSEdge-Features
X-MSEdge-Flight
Is-Eu
Warning
X-Real-Ip
Adler-Geo
X-No-Session
X-Owner
X-Served-From
REQUESTUUID
X-Org
Kp-EeAlive
X-GZip
X-B3-Parentspanid
X-Cdn-Forward
X-RateLimit-Reset
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-BB-ID
HTTPS
Server-ID
X-Ocache
X-Edge-Location
X-Host-Name
X-Git-Hash
MIME-Version
X-TrackingId
X-Proxy-Cache-Status
X-TT-LOGID
X-NC
X-FPC
X-Sucuri-Cache
X-Proxy-Upstream
X-Daa-Tunnel
User-Agent
X-CDN-Forward
X-Aicache-OS
X-Edge-IP
Magicmarker
X-Varnish-Url
N-Cache
VivaBuild
Wxu-Next-Commit
Wxu-Next-Hostname
Wxu-Next-Region
Viewtype
X-Gdpr
Fastly-Backend-Name
X-Load-Cache
X-Dc
X-Node-Id
X-Pjax-Url
X-Varnish-Beresp-Ttl
X-CSRF-TOKEN
X-DC
X-Nc
HostName
Time
Memory
X-Release
X-Parent-Response-Time
CF-IPCountry
Resin-Trace
PICS-Label
X-CUA
X-HS-Cache-Config
X-TH-Server
X-WebServer
Powered-By
X-Upstream-CT
X-Upstream-HT
X-Oss-Request-Id
X-Oss-Server-Time
X-Oss-Storage-Class
X-Oss-Object-Type
X-Phone
X-Servedbyhost
Pragrma
X-Wa
X-Oss-Hash-Crc64ecma
X-CACHE-KEY
X-Svr
Mime-Version
X-Returned-From
X-Stale
X-Returned-From-BeforeDispatch
X-Instart-Info
X-Returned-From-DLL
X-Server-By
X-Returned-From-PostProcessResponse
Host-ID
X-Passed-To-DLL
X-Passed-To-PostProcessResponse
X-Passed-To-BeforeDispatch
X-Actual-URL
X-Original-Request
X-Passed-To
X-Varnish-Beresp-TTL
Section-Io-Cache
X-Microsite
Backend-Name
X-Request-Handler-Origin-Region
ProcessTime
X-Croise-Owner
X-Tb-Optimization-Total-Bytes-Saved
X-VServer
X-Newrelic-Synthetics
X-Lb-Id
X-Worker
Cf-Ipcountry
Cdn-Host
Cdn-Request-Time
X-From-Cache
X-Edge-Server
Cdn
X-Cache-HT
X-Optimization
Version
188prxHost
409pxxline
178proxuri
189phosttRef
219prxHost
X-Server-W
352pxline
355prline
225prxHost
Xxline
286prxHost
CF-Cached-On
X-Ratelimit-Remaining
X-APP
SID
X-Atg-Version
X-Akamai-Request-ID2
X-Unique-ID
Accept-Language
X-SERVER-NAME
X-Fastly-Backend-Reqs
XServer
X-Microcachable
X-Req
X-Datadome
X-Ratelimit-Limit
X-Zone
Processtime
Proxy-Firewall
Esi-Enabled
X-ID
X-Vcl-Version
X-LB-ID
X-AssetVersion
X-Contensis-Viewer-Groups
X-VCL-Version
X-B3-SpanId
X-V
Odigeo-Trace-Id
X-CLOUD-TRACE-CONTEXT
X-CACHE-AGE
Fastcgi-Useragent
X-IPS-LoggedIn
SN
GeoIP-City
X-HTML-Minification-Powered-By
GeoIP-Country-Code
GeoIP-Latitude
X-UPSTREAM-Address
X-Backend-TTL
X-NGINX-Cache
X-Vcache
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
X-RequestId
X-WA
X-Fstrz
X-Check-Cacheable
X-WR-MODIFICATION
Pics-Label
X-HS-Status
X-ServedByHost
Locale
X-Ratelimit-Reset
X-Nananana
X-Urbn-Site-Id
X-URL
X-Response-By
X-Reqid
X-Urbn-Context-Path
X-ZONE
X-Via-NSCOPI
X-ABtesting
X-CSRF-Token
Geoip-Latitude
GeoIp-Country-Code
X-NWS-UUID-VERIFY
GMS-Ver
X-Flog
X-Be
X-Hello
X-Cache-Ttl
Amp-Access-Control-Allow-Source-Origin
DataCenter
CDN
IBM-Web2-Location
X-Hyper-Cache
Geoip-City
Dnion-Transfer-Encoding
X-Dynatrace
X-HostName
X-Via-Ucdn
X-Request-Start
X-Fastly-Country-Code
Fastcgi-X-Cache-Version
X-Generation-Time
X-NGENIX-Cache
X-Render-Time
Public-Key-Pins-Report-Only
X-Cdn-Cache
WP-Super-Cache
X-Amz-Meta-Surrogate-Control
WebServer
Requestid
X-Cluster-Name
WZWS-RAY
X-LiteSpeed-Cache-Control
X-PJAX-URL
GW-Server
X-CS
X-GDPR
X-Unique-Id
X-Cache-URL
X-Compress-Hint
URI
X-HS-Combine-CSS
X-We-Are-Hiring
X-UE-Client-Country
Mobile-Detection-Method
Lb
Countrycode
X-Clientip
Dynatrace
X-SRV
X-FORWARDED-FOR
FastCGI-Cache
Cneonction
X-GEO
Serverid
X-Varnish-Action
Who
X-Got-Non-Ke-Cookie
X-Gen-Id
X-BE
X-Pf-Uncompressing
SS
Ohc-File-Size
GEO-REGION-INFO
X-Fpc
X-Bug-Bounty
Https
X-Test
Server-Id
A
Epwk-Cache
X-Store
X-LiteSpeed-Tag
X-Akamai-SSL-Client-Sid
RequestUuid
X-SVT-ORM-VERSION
X-PF-Uncompressing
RequestId
Is-Session-Tracking
Get-Access-Time
X-SVT-ORM-RULES
X-HTML-Edge-Cache
X-ServerName
FSS-Cache
X-EC-Lua
X-Fastly-Cache-Hits
X-Request-Url
X-GZIP
Frontcache
X-Dw-Trace-Id
X-Cdn-Request-ID
X-Html-Edge-Cache
NnCoection
FSS-Proxy
X-Serial