Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
X-Powered-By
Link
ETag
CF-RAY
X-XSS-Protection
Expect-CT
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
CF-Cache-Status
X-Timer
Access-Control-Allow-Headers
X-Request-Id
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-Xss-Protection
X-FRAME-OPTIONS
X-Drupal-Cache
X-Adblock-Key
Alt-Svc
X-Check
X-Cacheable
X-Request-ID
X-Cache-Status
Content-Security-Policy-Report-Only
X-Generator
X-DNS-Prefetch-Control
CF-Ray
X-Permitted-Cross-Domain-Policies
X-AspNetMvc-Version
X-Template
X-Language
Status
X-Iinfo
Content-Encoding
Timing-Allow-Origin
X-Content-Security-Policy
X-Buckets
Upgrade
Xkey
X-Turbo-Charged-By
X-Kinja-Server-Push
X-CDN
Keep-Alive
Access-Control-Expose-Headers
X-AH-Environment
X-Backend
Access-Control-Max-Age
X-Cache-Group
X-Pass-Why
X-Drupal-Dynamic-Cache
X-Age
X-Server
X-Ua-Compatible
X-Pingback
X-Via
X-Proxy-Cache
X-Amz-Id-2
X-Amz-Request-Id
Grace
X-Hacker
WPE-Backend
X-Varnish-Cache
X-Page-Speed
X-Robots-Tag
X-Server-Powered-By
X-Nginx-Cache-Status
X-UA-Device
EagleId
Request-Context
X-Envoy-Upstream-Service-Time
Cf-Railgun
P3p
X-Amz-Version-Id
X-LiteSpeed-Cache
X-Swift-SaveTime
X-Swift-CacheTime
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-OneAgent-JS-Injection
Ali-Swift-Global-Savetime
X-Device
X-WebKit-CSP
Server-Timing
Allow
X-Rq
X-Ac
X-Node
X-Host
Content-Location
Feature-Policy
X-Cnection
X-Server-Id
X-Response-Time
Report-To
X-Cloud-Trace-Context
X-CST
X-Backend-Server
EagleEye-TraceId
X-Application-Context
Surrogate-Control
X-ORACLE-DMS-ECID
X-Iejgwucgyu
Request-Id
X-Origin-Cache
X-Readtime
X-Rack-Cache
X-Url
X-FTR-Request-ID
X-Country
X-Cache-Lookup
X-Clacks-Overhead
X-Country-Code
Rating
NEL
X-Instart-Request-ID
X-Ruxit-JS-Agent
X-Vhost
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-DynaTrace
X-DataDome
Pinterest-Generated-By
X-Type
X-Cdn
X-Mod-Pagespeed
X-Origin-Upstream-Status
Edge-Control
X-Px
X-Goog-Hash
X-HW
Accept-CH
X-Dispatcher
Verso
X-Server-Name
X-ORACLE-DMS-RID
MS-Author-Via
X-ESI
X-VARITI-CCR
AR-ATIME
AR-CACHE
AR-PoweredBy
X-Mobile-Rewrite
Arc-Version
PB-RID
PB-PID
X-MS-InvokeApp
X-GitHub-Request-Id
X-Exp-Id
X-Exp-Variant
X-Kinja
X-Cdn-Fetch
X-Kinja-Build
X-Kinja-Server
X-Use-Magma
X-GoogleNews-Bot
X-Kinja-Revision
X-Upstream-Env
X-DataStream-Cache-Status
Public-Key-Pins
X-Cached
X-Powered-By-Plesk
Content-MD5
X-Version
X-Server-ID
Service-Worker-Allowed
Accept-CH-Lifetime
AR-Request-ID
X-Recruiting
X-D2id
RTSS
Charset
X-Navigation-Version
X-Amz-Server-Side-Encryption
X-Abt-Application-Version
X-TtlSet
X-Vname
X-PC
Ar-Sid
X-Ser
X-Vcap-Request-Id
X-TTL
X-Varnish-TTL
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Forwarded-Proto
X-Client-IP
X-Trace
SPRequestGuid
Nginx-Cache
X-DynaTrace-JS-Agent
X-FTR-Cache-Status
X-FTR-Balancer
X-FTR-DC
X-FTR-Realm
X-FTR-Backend
X-FTR-Backend-Server
X-Country-Code-Real
X-FTR-Expires
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
DynaTrace
X-Amz-Rid
X-VCache
X-XRDS-Location
X-Amz-Meta-S3cmd-Attrs
X-Webkit-CSP
S
X-Fastly-Request-ID
X-Debug
TCN
X-SharePointHealthScore
X-Hits
X-Pinterest-Rid
Pinterest-Version
X-Upstream-Proxy
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-Dw-Request-Base-Id
X-Shield-Request-Id
Arr-Disable-Session-Affinity
X-Akam-SW-Version
X-Powered-CMS
SPRequestDuration
SPIisLatency
X-Ttl
X-FTR-Cache-Host
X-T
Access-Control-Request-Method
X-Goog-Storage-Class
X-Id
X-Oracle-Dms-Rid
Realpath
X-Acc-Meta-Resource-Type
X-B3-TraceId
X-MSEdge-Ref
X-NF-Request-ID
Tracecode
X-Amzn-Trace-Id
Front-End-Https
X-Aspnet-Version
X-Varnish-Age
X-N
Fastcgi-Cache
X-Content-Type
X-Forwarded-For
X-Upstream
Paypal-Debug-Id
MRF-Tech
Mrf-Cache-Status
X-B3-TraceId-Primal
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
Alternate-Protocol
X-Frontend
X-PressLabs-Stats
X-Logged-In
X-Content-Digest
X-HS-Hub-Id
X-HS-Content-Id
X-Middleton-Response
Fusion-Content-Id
Response
Fusion-Source
Fusion-Content-Source
Display
Fusion-Component-Id
X-Fastcgi-Cache
X-Sol
X-Middleton-Display
Fusion-Template-Id
X-RateLimit-Remaining
X-Pad
X-Hostname
X-Srv
AMP-Access-Control-Allow-Source-Origin
X-Litespeed-Cache
X-Accel-Expires
X-B3-Traceid
Host
X-Cache-Key
MicrosoftSharePointTeamServices
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
ServerID
Server-Name
X-Analytics
X-Kinsta-Cache
Backend-Timing
X-Correlation-Id
X-AppVersion
X-Az
X-Activity-Id
X-B3-Sampled
X-Revision
X-User-Agent
Surrogate-Key
X-LB-Cache
X-Debug-Info
X-IPLB-Instance
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Content-Options
X-Rid
FilterID
Accept-Charset
X-Cache-Hit
X-Cache-2
X-Grace
Refresh
X-CF-Powered-By
Powered-By-ChinaCache
X-B
X-Request-Processing-Time
X-Request-Received
TP-L2-Cache
X-Page-Id
TP-Cache
MS-CV
X-Whom
X-DIS-Request-ID
Server-Info
X-Accel-Buffering
Cache-Status
Host-Header
Source
X-Varnish-Backend
X-PHP-Backend
VIX-Pulpo-Node
X-Akamai-Edgescape
X-Origin-Server
X-TT
X-Content-Security-Policy-Report-Only
X-Cache-Action
X-Amz-Replication-Status
VIX-Pulpo-Upstream-Status
X-App-Environment
X-Cached-By
X-Mobile
X-Cluster
X-FastCGI-Cache
X-F-Cache
X-Tumblr-Pixel
X-Platform-Server
Access-Control-Allow-Method
X-Framework
X-Tumblr-Pixel-0
X-Tumblr-User
X-Varnish-Grace
X-FW-Server
X-FW-Type
X-Content-Powered-By
X-FW-Static
X-FW-Serve
X-FW-Hash
X-Instance
X-Drupal-Cache-Tags
X-FB-Debug
X-Forwarded-Host
X-Kong-Upstream-Latency
X-Ruxit-Js-Agent
X-Kong-Proxy-Latency
X-Request-Guid
X-UA-Device-Type
X-Node-Name
X-Ezoic-Cdn
Edge-Cache-Tag
X-Geo-Country
X-Shard
X-GUploader-UploadID
PageSpeed
X-RateLimit-Limit
X-Zen-Fury
X-Handled-By
X-Cache-TTL
From-Origin
Fastly-Restarts
X-Varnish-Hostname
X-TA-CDN-Provider
X-Magnolia-Registration
X-SS-Set-Cookie
Cache-Tags
X-Cache-Age
X-BCube-Filmed-By
X-AOL-HN
X-ATG-Version
X-Cache-Control
X-Cache-Rule
Upgrade-Insecure-Requests
X-Varnish-Server
Healthy
Cleartype
DC
Server-Node
X-App-Server
Retry-After
Payment
X-Response-Served-From
X-SERVER
X-RequestSource
X-TX-ID
X-Adobe-Content
X-Adobe-Loc
Country
X-Signature
X-WebKit-CSP-Report-Only
X-Storage
X-B-Cache
X-RTag
X-VG-WebCache
Ms-Operation-Id
X-GeoIP
Filters
X-UUID
X-Redis-Cache
X-TT-TIMESTAMP
X-Region
Powered
X-Tumblr-Pixel-1
X-FW-Dynamic
X-Tumblr-Pixel-2
Cache-Tv-Group
X-Jobs
Actual-Object-TTL
X-Drupal-Cache-Contexts
X-Content-Age
X-Varnish-Hits
X-Generated-By
X-Cacheable-TTL
Webserver
X-Dns-Prefetch-Control
X-Locale
Frame-Options
X-XRDS-LOCATION
NGB
GEO-INFO
CACHE
ServedBy
X-WA-Info
X-Esi
X-Contextid
Liferay-Portal
X-Yottaa-Optimizations
X-Yottaa-Metrics
HitType
X-Oneagent-Js-Injection
X-Cache-NE
X-Guploader-Uploadid
X-Rendered-As
X-Real-IP
X-ProcessESI
X-RemovedCookies
Eomportal-Instance
X-Cache-TTL-Remaining
X-Varnish-IP
X-Via-JSL
X-Cache-Operation
X-Time
X-Upgrade-Enabled
X-BACKEND-TTL
X-NWS-LOG-UUID
X-Seen-By
S-Cnection
Viewport
X-Mode
Xserver
X-Varnish-Cache-Hits
X-Cache-Enabled
X-Proto
X-Path-Route
X-From
X-ES-SERVER
Machine
Load-Balancing
X-Cache-Var
X-Cache-Var-Map
X-Device-Type
X-Detected-As
Cache-Key
X-Routing-Service
X-Proxied
Cache-Hits
X-Zipkin-Id
Meta-Geo
X-Is-Bot
X-RN-RSRV
X-Hl-Ver
OT-Force-Account-Verify
Mn-Server-Ip
X-S
TWC-Locale-Group
TWC-GeoIP-LatLong
X-VWS-Id
Vix-Hermes-Req-Id
Webcakes-App-Name
We-Hiring
TWC-GeoIP-Country
TWC-Device-Class
L5d-Success-Class
Access-Control-Request-Headers
LB
Mail-Subject
NGX
TWC-Connection-Speed
Property-Id
Webcakes-App-Version
Webcakes-Region
X-R9-Blue-Green-Version
X-Origin-Hint
X-Rocket-Nginx-Bypass
X-Time-Microsecs
X-Viewer-Country
X-VG-TLSProxy
X-LJ-Flow-ID
X-L-Path
X-Backend-Name
X-AWS-Id
X-Cache-Config
X-Environment-Context
X-Hosted-By
X-FB-TRIP-ID
NtCoent-Length
TWC-Privacy
X-Akamai-Transformed
X-Cache-Server
X-Proxy
DB-Nickname
Azure-Version
Azure-SiteName
Azure-InstanceId
X-FW-Version
X-Access
Azure-SlotName
X-FC-Vary-Parameters
X-Labrador-Cache-Channel
Now
S-Rt
X-Loop
X-MP-GENERATED-AT
X-Origin-Response-Time
X-Format
X-Akamai-Request-ID
Azure-RegionName
X-Section
X-ServerID
X-Tb
X-Vgn-Hpd-Reason
X-Debug-Cache
X-EIG-Tracking-Id
X-TNCMS
X-Web-Node
X-RCS-CacheZone
X-NCache
X-JoinUs
Origin-Edge-Control
Selected-FE
X-Via-Fastly
X-Human
X-Via-CDN
X-Tumblr-Pixel-3
X-IP
Origin-Cache-Control
X-Timing-Wait
X-Cache-Remote
Content-Style-Type
X-Proxy-Build
X-ProxyCache-Key
X-ProxyCache-Status
X-BYPASS-REASON
X-Xfnlog-Site
Content-Script-Type
X-GRACE
X-Trace-Id
Datacenter
X-CCM
Uber-Trace-Id
X-Generated
X-PCL
X-Grey
X-Www-Served-By
X-OCL
X-Cache-Category-Id
Cache-Tag
X-Internal-Host
X-Endurance-Cache-Level
X-Varnish-Cacheable
X-VC-Cache
X-Site-Version
X-UnsetCookies
Decoy-Debug-Status
X-Status
Decoy-Debug-Key
Decoy-Debug-TTL
X-Birta-Served
X-Dynatrace-Js-Agent
X-Birta-Cache-Post
Release
Served-By
X-Newrelic-App-Data
X-Rule
X-EdgeConnect-Cache-Status
X-UA
X-CDN-Cache
X-Ua
Nel
X-Request-Time
AsisCache
X-Cluster-Node
X-B3-Spanid
X-Nginx-Cache
X-APP-VERSION
X-Wix-Server-Artifact-Id
DSUID
X-TIME
X-App-Name
Rt-Fastcgi-Cache
X-Goog-Meta-Goog-Reserved-File-Mtime
X-PERF
X-ApacheServer
X-Origin
X-Hit
X-NewRelic-App-Data
X-VCT
X-Source
X-OVcl-Cache
X-OVcl
X-Origin-Host
ViewerVersion
X-Wix-Request-Id
X-App-Version
X-Sucuri-ID
X-Agile
X-Agile-Age
Hostname
X-Agile-Id
SRV
Pagespeed
Cache-Name
X-Pubstack
X-ElasticPress-Search
X-Cache-Host
X-Origin-CC
X-Origin-TTL
Cache
Server-Cache-Control
Request-Time
Request-EU
Meta-Geo-Continent
X-B-Cookie
Memcached
Ajk
Node
On-Server
Rendered-Blocks
Origin
Request-Country
Arc-Country
Fly-Cache
Ec-Rule-Version
X-A-Ccd
X-Accel-Expires-Debug
X-Aed
Cache-Prefix
X-A-Wwc
X-A-Dam
Cross-Origin-Window-Policy
X-A-Dcw
X-A-Dgt
X-A
Www
X-ARC
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
Server-Surrogate-Control
MD5-Digest
UCS
X-Application
BehaviorPad-Version
Fly-Request-Id
FNAC-ModuleRouting
Server-Host
X-Debug-Cookies
X-Request-UUID
X-Region-Sid
X-Rewrite-Enabled
X-Rojux
X-ScT
X-S-Cookie
X-Refresh
X-Reboot
X-NX-Host
X-NU-AKA-ACS-Version
X-PAYTM-SRV-ID
X-Platform
X-Processor
X-Secret
X-Sedo-Request-Id
X-Var-Ttl
X-Up
X-Varnish-Authentication
X-VG-WebServer
Xc-Version
X-Webstats-RespID
X-Twitter-Response-Tags
X-Trv-Group
X-ServiceProvider
X-Server-Group
X-SRCache-Key
X-Thinkindot-L3
X-Transaction
X-NodeID
X-Mobile-URL
X-Date
X-D
X-Debug-Cache-Expiry
X-Debug-Cache-Fetch
X-Debug-Log
X-Debug-Cache-Store
X-Core-Value
X-Connection-Hash
X-Cache-Grace
X-Cache-Expires
X-Cache-Miss-From
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Destination
X-Developer
X-IN-WAF
X-IN-APIGATEWAY
X-Instart-Isnd
X-Logtrace-Id
X-Matched-Rule
X-Hp-Webp
X-Generated-In
X-External-Request-Id
X-DPWN-IS-SECURE
X-F5-Cache
X-G
X-Gannett-Site-Version
X-Cache-ASPX
Thinkindot-Control
X-WPE-Loopback-Upstream-Addr
Cteonnt-Length
User-Cache-Control
X-Developers
X-Crawler
X-CGP
X-Cache-Info
X-Device-Os
X-Cache-Id
X-Distil-CS
X-Fetched-On
X-Gen-Mode
X-Eu-Site
X-Distributor
X-Cache-Debug
X-Dispatcher-Server
X-Amzn-Remapped-Date
RNT-Time
Server-Int
RNT-Machine
Proxy-Connection
Pramga
ServerName
True-Client-Country-4JS
X-Hash
X-Block-Status
X-Amzn-Remapped-Content-Length
X-Amzn-Remapped-Connection
Web-Mar-Node
X-Cache-Backend
X-Info
X-RateLimit-Remaining-Second
X-Rebelmouse-Cache-Control
X-RateLimit-Limit-Second
X-Qloud-Router
Warning
X-Rebelmouse-Surrogate-Control
X-Request-URI
X-SN
X-Swa-Ws
X-SIPLIST1
X-Sf
X-Servername
X-Policy
X-PHP-Host
X-Li-Fabric
X-Li-Pop
X-LAGOON
X-Key
Pagetype
X-LI-Proto
X-LI-UUID
X-Origin-Expires
X-Page-Type
X-Origin-Date
X-Nginx-Cache-Key
X-Location
X-Hnp-Log
X-Epic-Correlation-Id
Apple-News-Services-Request-Url
Backend
Cache-Cookie-Set-From
IsBot
Lfy
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
Country-Code
Fastly-SIE
Fastly-SWR
Gh-Request-Id
CDCHOST
HA-Ipaddr
Ha-Gx-Prefs
Apple-News-Services-Handled
Kp-EeAlive
X-FireWall-Port
X-Varnish-Ttl
X-Core-Mission
V-Age
Platform
X-Apm-App-Name
X-Apm-Inst-Hash
X-Cms-Context
Heartbleed
X-Level-Front-Cache
X-Cache-Bucket
X-C
X-Bip
Fastly-Soc-X-Request-Id
X-Cache-FS-Status
X-Cdn-Srv
X-S-Maxage
X-Irp-Debug
X-Apm-Svc-Key
X-Cdn-Origin
X-Geo-Header
X-Generated-On
X-Micro-Cache
X-GeoIP-City
X-GeoIP-Country-Code
X-MSEdge-Features
X-MSEdge-Flight
X-No-Session
X-Gateway-Skip-Cache
X-Gateway-Cache-Status
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Protected-By
X-Sn-Servicetimems
X-Planisys-CDN-Cache
X-Gateway-Cache-Key
Content-Disposition
X-Server-Time
X-Server-IP
Is-Eu
X-Shopify-Stage
X-Varnish-Beresp-Status
X-Thanos
X-ShopId
X-Via-SSL
X-Varnish-Beresp-Grace
X-Sorting-Hat-PodId
AKAMAI
X-Skip-Cache
X-Alternate-Cache-Key
X-Sorting-Hat-ShopId
X-ShardId
X-Backend-State
X-Variation
Adler-Geo
X-Backend-Url
X-Via-Edge
Fastly-SSL
X-Backend-Host
X-User
X-Auto-Login
X-Cdn-Forward
SD-X-WS
X-Ocache
X-Owner
X-BBXSRF
X-Geo
X-Fastly-Cache
Rt-Proxy-Cache
User-Agent
X-Exp-Se
HTTPS
X-ND-Cache
X-Wikidot-Backend
X-BB-ID
X-Amz-Meta-Cache-Control
X-Wikidot-Static-Cache
X-Edge-Location
X-GZip
X-TT-LOGID
X-Proxy-Upstream
X-RateLimit-Reset
X-Sucuri-Cache
X-Org
REQUESTUUID
X-TrackingId
Server-ID
X-Served-From
X-Proxy-Cache-Status
MIME-Version
X-NC
X-B3-Parentspanid
X-Real-Ip
X-Edge-IP
X-Varnish-Url
N-Cache
Magicmarker
Fastly-Backend-Name
X-Git-Hash
X-Aicache-OS
VivaBuild
Viewtype
X-FPC
X-Varnish-Beresp-Ttl
X-Host-Name
Wxu-Next-Hostname
Wxu-Next-Region
X-Load-Cache
AR-SID
X-CDN-Forward
X-Gdpr
X-Pjax-Url
X-Node-Id
Wxu-Next-Commit
X-Daa-Tunnel
X-CSRF-TOKEN
X-CACHE-KEY
X-Dc
Time
X-Nc
HostName
X-Parent-Response-Time
Memory
X-CUA
X-DC
Powered-By
X-Datadome
Resin-Trace
X-Wa
X-Servedbyhost
Pragrma
X-Release
CF-IPCountry
X-HS-Cache-Config
X-Passed-To-BeforeDispatch
X-Passed-To
X-Stale
X-Passed-To-DLL
X-WebServer
Section-Io-Cache
PICS-Label
X-Svr
X-Passed-To-PostProcessResponse
X-Oss-Server-Time
X-Server-By
X-Actual-URL
X-Returned-From-PostProcessResponse
X-Returned-From
X-Returned-From-BeforeDispatch
X-Oss-Storage-Class
X-Original-Request
X-Returned-From-DLL
X-Oss-Request-Id
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-TH-Server
X-Croise-Owner
X-Upstream-HT
Mime-Version
Host-ID
X-VServer
X-Upstream-CT
X-Phone
ProcessTime
X-Newrelic-Synthetics
Cdn-Request-Time
X-Instart-Info
Cdn-Host
X-Edge-Server
X-URL
X-Optimization
Cdn
X-Cache-HT
X-Tb-Optimization-Total-Bytes-Saved
X-From-Cache
Backend-Name
Cf-Ipcountry
CF-Cached-On
X-Varnish-Beresp-TTL
X-Unique-ID
X-Lb-Id
SID
X-Worker
X-Fastly-Backend-Reqs
X-Microcachable
X-Server-W
409pxxline
X-Microsite
225prxHost
178proxuri
X-Req
X-APP
352pxline
355prline
Xxline
286prxHost
Version
189phosttRef
X-Request-Handler-Origin-Region
188prxHost
219prxHost
X-Atg-Version
XServer
Proxy-Firewall
Fastcgi-Useragent
X-LB-ID
X-V
Odigeo-Trace-Id
X-Akamai-Request-ID2
X-B3-SpanId
X-Vcl-Version
Processtime
X-ID
X-Ratelimit-Remaining
Accept-Language
X-Ratelimit-Limit
X-Zone
Esi-Enabled
X-Backend-TTL
X-HTML-Minification-Powered-By
X-CLOUD-TRACE-CONTEXT
X-CACHE-AGE
X-Contensis-Viewer-Groups
X-Check-Cacheable
X-IPS-LoggedIn
GeoIP-City
X-AssetVersion
X-WR-MODIFICATION
X-VCL-Version
GeoIP-Country-Code
GeoIP-Latitude
X-Fstrz
X-UPSTREAM-Address
SN
X-Vcache
X-NGINX-Cache
Pics-Label
X-Response-By
X-Nananana
X-RequestId
X-Be
X-HS-Status
X-Vtex-Remote-Cache
X-WA
X-Vtex-Processado-Em
X-Ratelimit-Reset
GMS-Ver
X-ZONE
X-CSRF-Token
X-ServedByHost
Locale
X-Via-NSCOPI
X-Urbn-Context-Path
X-Urbn-Site-Id
DataCenter
Public-Key-Pins-Report-Only
X-Reqid
Fastcgi-X-Cache-Version
X-Flog
X-Hyper-Cache
X-SERVER-NAME
X-NWS-UUID-VERIFY
X-Hello
Geoip-Latitude
GeoIp-Country-Code
X-ABtesting
WZWS-RAY
X-Dynatrace
Geoip-City
X-Request-Start
Dnion-Transfer-Encoding
IBM-Web2-Location
X-Fastly-Country-Code
X-Via-Ucdn
X-Amz-Meta-Surrogate-Control
X-Render-Time
X-GDPR
GW-Server
CDN
WP-Super-Cache
X-Cdn-Cache
Mobile-Detection-Method
X-Clientip
X-Cache-Ttl
X-LiteSpeed-Cache-Control
Countrycode
X-We-Are-Hiring
X-UE-Client-Country
X-Generation-Time
X-CS
X-NGENIX-Cache
X-Unique-Id
X-GEO
Ohc-File-Size
X-Fpc
X-Cluster-Name
Lb
SS
X-HS-Combine-CSS
URI
X-BE
Requestid
X-PJAX-URL
X-FORWARDED-FOR
X-SRV
FastCGI-Cache
X-HostName
Dynatrace
Amp-Access-Control-Allow-Source-Origin
X-Cache-URL
X-Pf-Uncompressing
X-Compress-Hint
X-Gen-Id
Cneonction
Serverid
WebServer
X-GZIP
X-Got-Non-Ke-Cookie
FSS-Cache
FSS-Proxy
X-Store
X-Test
X-Bug-Bounty
X-Varnish-Action
Who
GEO-REGION-INFO
RequestUuid
X-PF-Uncompressing
A
Server-Id
X-LiteSpeed-Tag
X-Akamai-SSL-Client-Sid
X-HTML-Edge-Cache
Https
RequestId
X-Request-Url
Ohc-Response-Time
Ohc-Cache-HIT
X-ServerName
NnCoection
X-EC-Lua
X-Cdn-Request-ID
X-Dw-Trace-Id
X-Fastly-Cache-Hits
X-Serial
X-Html-Edge-Cache
Frontcache