Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
X-Powered-By
Link
ETag
CF-RAY
X-XSS-Protection
Expect-CT
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
CF-Cache-Status
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-Xss-Protection
X-FRAME-OPTIONS
X-Drupal-Cache
X-Adblock-Key
Alt-Svc
X-Check
X-Cacheable
X-Cache-Status
Content-Security-Policy-Report-Only
X-Generator
X-DNS-Prefetch-Control
X-Request-ID
CF-Ray
X-Permitted-Cross-Domain-Policies
X-AspNetMvc-Version
X-Template
X-Language
Status
X-Iinfo
Content-Encoding
Timing-Allow-Origin
X-Content-Security-Policy
X-Buckets
Upgrade
Xkey
X-Turbo-Charged-By
X-Kinja-Server-Push
X-CDN
Keep-Alive
Access-Control-Expose-Headers
X-AH-Environment
X-Backend
Access-Control-Max-Age
X-Cache-Group
X-Pass-Why
X-Drupal-Dynamic-Cache
X-Age
X-Server
X-Ua-Compatible
X-Pingback
X-Via
X-Proxy-Cache
X-Amz-Request-Id
X-Amz-Id-2
Grace
X-Hacker
WPE-Backend
X-Varnish-Cache
X-Page-Speed
X-Robots-Tag
X-Server-Powered-By
X-Nginx-Cache-Status
X-UA-Device
EagleId
Request-Context
X-Envoy-Upstream-Service-Time
Cf-Railgun
P3p
X-Amz-Version-Id
X-LiteSpeed-Cache
X-Swift-SaveTime
X-Swift-CacheTime
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-OneAgent-JS-Injection
Ali-Swift-Global-Savetime
X-Device
X-WebKit-CSP
Server-Timing
Allow
X-Rq
X-Ac
X-Node
X-Host
Content-Location
Feature-Policy
X-Cnection
X-Server-Id
X-Response-Time
Report-To
X-CST
X-Cloud-Trace-Context
X-Backend-Server
EagleEye-TraceId
X-Application-Context
Surrogate-Control
X-ORACLE-DMS-ECID
X-Iejgwucgyu
Request-Id
X-Url
X-Origin-Cache
X-Readtime
X-Rack-Cache
X-FTR-Request-ID
X-Country
X-Cache-Lookup
X-Clacks-Overhead
X-Country-Code
NEL
Rating
X-Instart-Request-ID
X-Ruxit-JS-Agent
X-Vhost
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-DynaTrace
X-DataDome
Pinterest-Generated-By
X-Type
X-Cdn
X-Mod-Pagespeed
X-Origin-Upstream-Status
Edge-Control
X-Px
X-Goog-Hash
X-HW
Accept-CH
X-Dispatcher
X-Server-Name
Verso
X-ORACLE-DMS-RID
MS-Author-Via
X-ESI
X-VARITI-CCR
AR-CACHE
AR-PoweredBy
AR-ATIME
PB-PID
X-Mobile-Rewrite
Arc-Version
PB-RID
X-MS-InvokeApp
X-GitHub-Request-Id
X-Kinja-Revision
X-Kinja-Server
X-Use-Magma
X-Cdn-Fetch
X-Kinja-Build
X-Exp-Variant
X-Exp-Id
X-GoogleNews-Bot
X-Kinja
X-Upstream-Env
X-DataStream-Cache-Status
X-Cached
Public-Key-Pins
X-Powered-By-Plesk
Content-MD5
X-Version
X-Server-ID
Service-Worker-Allowed
Accept-CH-Lifetime
AR-Request-ID
X-Recruiting
X-D2id
RTSS
Charset
X-Navigation-Version
X-Amz-Server-Side-Encryption
X-Abt-Application-Version
X-Vname
X-TtlSet
X-PC
Ar-Sid
X-Ser
X-Vcap-Request-Id
X-TTL
X-Varnish-TTL
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Forwarded-Proto
X-Client-IP
X-Trace
Nginx-Cache
SPRequestGuid
X-DynaTrace-JS-Agent
X-FTR-Cache-Status
X-Country-Code-Real
X-FTR-Balancer
X-FTR-DC
X-FTR-Backend
X-FTR-Realm
X-FTR-Backend-Server
X-FTR-Expires
X-Goog-Stored-Content-Length
DynaTrace
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Amz-Rid
X-VCache
X-Amz-Meta-S3cmd-Attrs
X-XRDS-Location
X-Webkit-CSP
S
X-Fastly-Request-ID
X-Debug
X-SharePointHealthScore
TCN
X-Hits
X-Pinterest-Rid
X-Upstream-Proxy
Pinterest-Version
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Dw-Request-Base-Id
X-Akam-SW-Version
X-Shield-Request-Id
Arr-Disable-Session-Affinity
X-Powered-CMS
SPRequestDuration
X-Ttl
SPIisLatency
X-FTR-Cache-Host
X-T
Access-Control-Request-Method
X-Goog-Storage-Class
X-Oracle-Dms-Rid
X-Id
Realpath
X-Acc-Meta-Resource-Type
X-NF-Request-ID
X-B3-TraceId
Tracecode
X-MSEdge-Ref
X-Amzn-Trace-Id
Front-End-Https
X-Aspnet-Version
X-N
Fastcgi-Cache
X-Varnish-Age
X-Content-Type
X-Forwarded-For
X-Upstream
Paypal-Debug-Id
X-Fastcgi-Cache
Mrf-Cache-Status
MRF-Tech
X-Mrf-Section-Lastmod
X-B3-TraceId-Primal
X-Mrf-Item-Lastmod
Alternate-Protocol
X-Frontend
X-PressLabs-Stats
X-Logged-In
X-Content-Digest
X-HS-Hub-Id
X-HS-Content-Id
Response
Display
X-Middleton-Response
X-Sol
Fusion-Source
Fusion-Component-Id
Fusion-Content-Source
Fusion-Content-Id
Fusion-Template-Id
X-Middleton-Display
X-RateLimit-Remaining
X-Srv
X-Pad
X-Hostname
AMP-Access-Control-Allow-Source-Origin
X-Litespeed-Cache
X-Accel-Expires
X-B3-Traceid
X-Cache-Key
Host
MicrosoftSharePointTeamServices
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
ServerID
Server-Name
X-Analytics
X-Correlation-Id
Backend-Timing
X-Kinsta-Cache
X-Activity-Id
X-Az
X-B3-Sampled
X-User-Agent
X-AppVersion
X-Revision
X-Debug-Info
X-LB-Cache
X-Amz-Apigw-Id
X-Rid
X-Amzn-RequestId
Surrogate-Key
X-IPLB-Instance
X-Content-Options
X-Cache-Hit
FilterID
Accept-Charset
X-Cache-2
X-Grace
Refresh
X-CF-Powered-By
Powered-By-ChinaCache
X-B
X-Request-Received
X-Request-Processing-Time
X-Page-Id
TP-Cache
TP-L2-Cache
MS-CV
X-Whom
X-DIS-Request-ID
Server-Info
X-Accel-Buffering
Cache-Status
X-Cached-By
X-GUploader-UploadID
Host-Header
X-Content-Security-Policy-Report-Only
X-Origin-Server
X-TT
X-Varnish-Backend
X-App-Environment
X-Cache-Action
VIX-Pulpo-Node
Source
X-PHP-Backend
VIX-Pulpo-Upstream-Status
X-Amz-Replication-Status
X-Akamai-Edgescape
X-Tumblr-Pixel-0
X-Tumblr-User
X-F-Cache
X-Tumblr-Pixel
X-Cluster
X-Mobile
X-Platform-Server
X-Framework
Access-Control-Allow-Method
X-Content-Powered-By
X-Varnish-Grace
X-Drupal-Cache-Tags
X-Request-Guid
X-FW-Static
X-FW-Type
X-FB-Debug
X-FW-Server
X-FW-Serve
X-FW-Hash
X-Instance
X-UA-Device-Type
X-Ruxit-Js-Agent
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Forwarded-Host
Edge-Cache-Tag
X-Ezoic-Cdn
X-Node-Name
X-Geo-Country
X-Shard
PageSpeed
X-RateLimit-Limit
X-Zen-Fury
X-Cache-TTL
X-Handled-By
X-FastCGI-Cache
From-Origin
Fastly-Restarts
X-TA-CDN-Provider
X-Varnish-Hostname
X-SS-Set-Cookie
X-Magnolia-Registration
Cache-Tags
X-Cache-Age
X-ATG-Version
X-AOL-HN
X-BCube-Filmed-By
X-Cache-Control
X-Cache-Rule
X-Varnish-Server
Upgrade-Insecure-Requests
Healthy
Cleartype
Server-Node
DC
X-App-Server
Retry-After
Payment
X-Response-Served-From
X-SERVER
X-RequestSource
X-TX-ID
X-Adobe-Loc
X-WebKit-CSP-Report-Only
X-Storage
X-Adobe-Content
X-B-Cache
Country
X-Signature
Ms-Operation-Id
X-Tumblr-Pixel-2
X-UUID
X-VG-WebCache
Powered
X-Tumblr-Pixel-1
X-TT-TIMESTAMP
X-GeoIP
Actual-Object-TTL
X-RTag
X-Region
X-Redis-Cache
Filters
X-Drupal-Cache-Contexts
Cache-Tv-Group
X-Jobs
X-FW-Dynamic
X-Content-Age
X-Generated-By
X-Varnish-Hits
X-Cacheable-TTL
X-Locale
Webserver
X-Dns-Prefetch-Control
Frame-Options
X-XRDS-LOCATION
NGB
GEO-INFO
ServedBy
X-WA-Info
CACHE
X-Esi
X-Contextid
Liferay-Portal
X-Yottaa-Optimizations
X-Yottaa-Metrics
HitType
X-Oneagent-Js-Injection
X-Cache-NE
X-Rendered-As
X-Real-IP
X-ProcessESI
X-RemovedCookies
Eomportal-Instance
X-Cache-TTL-Remaining
X-Via-JSL
X-Varnish-IP
X-Cache-Operation
X-Time
X-Upgrade-Enabled
X-BACKEND-TTL
X-NWS-LOG-UUID
X-Seen-By
X-Mode
X-Guploader-Uploadid
S-Cnection
Viewport
Xserver
X-Varnish-Cache-Hits
X-Device-Type
Meta-Geo
X-Hl-Ver
X-From
X-Cache-Enabled
X-Is-Bot
X-Zipkin-Id
Cache-Hits
X-Detected-As
Mn-Server-Ip
Cache-Key
X-Proxied
X-Proto
X-Path-Route
X-S
X-RN-RSRV
X-Cache-Var-Map
X-Cache-Var
Load-Balancing
Machine
OT-Force-Account-Verify
X-Routing-Service
X-ES-SERVER
Mail-Subject
X-R9-Blue-Green-Version
TWC-GeoIP-Country
X-Cache-Server
X-Cache-Config
Webcakes-Region
X-Tb
X-FB-TRIP-ID
X-VWS-Id
X-Akamai-Transformed
X-FC-Vary-Parameters
L5d-Success-Class
TWC-Connection-Speed
X-Hosted-By
NGX
TWC-Device-Class
X-Proxy
LB
Webcakes-App-Version
X-Backend-Name
Vix-Hermes-Req-Id
X-Time-Microsecs
X-Viewer-Country
TWC-Privacy
X-Environment-Context
TWC-Locale-Group
X-Origin-Hint
X-AWS-Id
NtCoent-Length
We-Hiring
X-VG-TLSProxy
Access-Control-Request-Headers
X-L-Path
X-Rocket-Nginx-Bypass
Webcakes-App-Name
TWC-GeoIP-LatLong
X-LJ-Flow-ID
Property-Id
X-Format
X-Akamai-Request-ID
X-Section
X-MP-GENERATED-AT
X-Loop
X-ServerID
X-Cache-Remote
X-Origin-Response-Time
X-Access
X-FW-Version
X-NCache
X-RCS-CacheZone
Datacenter
X-Labrador-Cache-Channel
X-TNCMS
Origin-Edge-Control
Origin-Cache-Control
X-Web-Node
X-Tumblr-Pixel-3
X-Vgn-Hpd-Reason
X-EIG-Tracking-Id
Now
S-Rt
X-Debug-Cache
DB-Nickname
X-BYPASS-REASON
Selected-FE
X-CCM
X-Trace-Id
Azure-Version
X-IP
X-Timing-Wait
X-Human
X-ProxyCache-Key
X-Proxy-Build
X-ProxyCache-Status
X-Via-Fastly
X-Via-CDN
Content-Style-Type
Content-Script-Type
X-PCL
X-Xfnlog-Site
X-GRACE
Azure-SlotName
Azure-SiteName
X-OCL
Azure-InstanceId
Azure-RegionName
X-JoinUs
X-Www-Served-By
X-Generated
X-Cache-Category-Id
Cache-Tag
X-Grey
Uber-Trace-Id
X-Internal-Host
X-Endurance-Cache-Level
X-VC-Cache
X-Site-Version
X-Varnish-Cacheable
X-UnsetCookies
Decoy-Debug-TTL
X-Status
Decoy-Debug-Status
X-Rule
Decoy-Debug-Key
Served-By
X-Birta-Served
Release
X-Birta-Cache-Post
X-Dynatrace-Js-Agent
X-Newrelic-App-Data
X-EdgeConnect-Cache-Status
X-UA
X-CDN-Cache
X-Ua
Nel
X-Cluster-Node
AsisCache
X-Request-Time
X-Nginx-Cache
X-APP-VERSION
X-App-Name
X-Wix-Server-Artifact-Id
X-TIME
Rt-Fastcgi-Cache
DSUID
X-OVcl-Cache
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Origin
X-Hit
X-OVcl
X-B3-Spanid
X-ApacheServer
X-PERF
X-Source
X-VCT
X-NewRelic-App-Data
ViewerVersion
X-Wix-Request-Id
X-Origin-Host
X-Sucuri-ID
X-Agile
X-App-Version
X-Agile-Id
X-Agile-Age
SRV
Hostname
Cache-Name
Pagespeed
X-Pubstack
X-Origin-TTL
X-Origin-CC
X-ElasticPress-Search
Cteonnt-Length
X-Cache-Host
Cache
X-A
Cross-Origin-Window-Policy
X-PAYTM-SRV-ID
Request-Country
X-Generated-In
Ec-Rule-Version
Www
Rendered-Blocks
X-A-Dcw
X-A-Wwc
X-Accel-Expires-Debug
X-DPWN-IS-SECURE
X-Aed
X-A-Dgt
X-Processor
X-A-Ccd
X-A-Dam
UCS
X-Hp-Webp
X-Platform
X-NX-Host
Ajk
X-F5-Cache
Cache-Prefix
Node
X-G
Origin
Server-Cache-Control
X-Logtrace-Id
X-Matched-Rule
Server-Surrogate-Control
X-Mobile-URL
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
Server-Host
Thinkindot-Control
X-External-Request-Id
On-Server
Request-EU
X-NU-AKA-ACS-Version
X-Gannett-Site-Version
Request-Time
X-NodeID
Arc-Country
BehaviorPad-Version
Fly-Cache
X-Core-Value
X-Connection-Hash
X-Developer
X-Destination
X-ServiceProvider
X-D
X-IN-APIGATEWAY
X-IN-WAF
X-CF-Lambda-Fn
Meta-Geo-Continent
X-CF-Lambda-Version
X-WPE-Loopback-Upstream-Addr
X-Refresh
X-Region-Sid
X-Date
X-ScT
X-Secret
X-Rojux
X-Debug-Cookies
X-S-Cookie
X-Sedo-Request-Id
X-Rewrite-Enabled
X-Debug-Cache-Fetch
X-Debug-Cache-Expiry
X-Debug-Cache-Store
X-Server-Group
X-Request-UUID
X-Cache-Miss-From
X-SRCache-Key
X-B-Cookie
X-Webstats-RespID
X-Thinkindot-L3
X-Cache-Expires
X-ARC
X-Instart-Isnd
FNAC-ModuleRouting
Xc-Version
Fly-Request-Id
MD5-Digest
X-Reboot
X-Cache-Grace
X-VG-WebServer
X-Trv-Group
X-Twitter-Response-Tags
X-Transaction
X-Debug-Log
Memcached
X-Up
X-Cache-Info
X-Application
X-Varnish-Authentication
Lfy
X-Var-Ttl
X-Cache-ASPX
User-Cache-Control
IsBot
Kp-EeAlive
X-Hash
Pagetype
X-Gen-Mode
X-Hnp-Log
Pramga
Proxy-Connection
X-Distributor
X-Cache-Backend
X-Cache-Bucket
X-Block-Status
X-Device-Os
X-Dispatcher-Server
X-Cache-Debug
X-Cache-Id
X-Crawler
X-Developers
X-CGP
X-Cdn-Srv
X-Amzn-Remapped-Date
X-Amzn-Remapped-Content-Length
ServerName
Server-Int
X-Fetched-On
RNT-Time
True-Client-Country-4JS
X-Eu-Site
X-Amzn-Remapped-Connection
X-Distil-CS
Web-Mar-Node
X-Epic-Correlation-Id
RNT-Machine
Apple-News-Services-Parsed-Url
X-Micro-Cache
X-Location
X-Nginx-Cache-Key
X-Origin-Date
X-Origin-Expires
X-LI-UUID
X-LI-Proto
Apple-News-Services-Request-Url
Backend
Apple-News-Services-Host
Apple-News-Services-Handled
X-Li-Pop
X-Page-Type
X-PHP-Host
X-Sf
X-SIPLIST1
X-Request-URI
Warning
X-Servername
X-SN
X-Swa-Ws
X-RateLimit-Limit-Second
X-Qloud-Router
X-RateLimit-Remaining-Second
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
Cache-Cookie-Set-From
X-Policy
X-Info
Cache-Cookie-Set-Idcheck
X-Key
X-Irp-Debug
Country-Code
Fastly-SWR
X-LAGOON
Fastly-SIE
X-Li-Fabric
Gh-Request-Id
CDCHOST
Cache-Cookie-Set-Lfrom
HA-Ipaddr
Ha-Gx-Prefs
X-FireWall-Port
X-Varnish-Ttl
V-Age
X-Via-SSL
X-Wikidot-Static-Cache
X-Wikidot-Backend
Fastly-Soc-X-Request-Id
X-Apm-Inst-Hash
X-Apm-Svc-Key
X-Backend-Url
X-BBXSRF
X-Cache-FS-Status
X-Apm-App-Name
X-Bip
X-C
X-Sorting-Hat-ShopId
X-ShopId
X-Shopify-Stage
X-Core-Mission
X-ShardId
Is-Eu
X-S-Maxage
X-Server-IP
X-Cdn-Forward
X-Cms-Context
X-Thanos
X-User
X-Variation
Fastly-SSL
X-Backend-State
X-Skip-Cache
X-Sorting-Hat-PodId
X-Via-Edge
X-Cdn-Origin
X-MSEdge-Flight
X-Fastly-Cache
X-MSEdge-Features
X-No-Session
X-Generated-On
X-Planisys-CDN-Cache
X-Geo-Header
Content-Disposition
X-Level-Front-Cache
AKAMAI
X-Gateway-Cache-Status
X-Gateway-Cache-Key
Adler-Geo
SD-X-WS
Platform
X-Gateway-Skip-Cache
X-Backend-Host
X-Planisys-CDN-Rules
X-Sn-Servicetimems
X-Planisys-CDN-TTL
X-GeoIP-City
X-Alternate-Cache-Key
X-Amz-Meta-Cache-Control
X-Server-Time
X-Protected-By
X-Auto-Login
Heartbleed
X-Varnish-Beresp-Status
X-GeoIP-Country-Code
X-Varnish-Beresp-Grace
X-Exp-Se
Rt-Proxy-Cache
X-ND-Cache
X-Owner
X-Geo
MIME-Version
X-Edge-Location
HTTPS
X-BB-ID
User-Agent
X-Ocache
X-GZip
X-RateLimit-Reset
Server-ID
X-TT-LOGID
X-Org
X-Sucuri-Cache
X-Proxy-Cache-Status
X-Served-From
X-Proxy-Upstream
X-TrackingId
REQUESTUUID
X-B3-Parentspanid
X-Edge-IP
X-NC
X-Real-Ip
N-Cache
Magicmarker
Fastly-Backend-Name
X-Varnish-Url
X-Aicache-OS
VivaBuild
X-FPC
X-Git-Hash
Viewtype
X-Host-Name
X-Varnish-Beresp-Ttl
Wxu-Next-Hostname
Wxu-Next-Region
X-CDN-Forward
X-Load-Cache
X-Pjax-Url
AR-SID
X-Gdpr
X-Node-Id
Wxu-Next-Commit
X-DC
X-CSRF-TOKEN
X-CACHE-KEY
X-Daa-Tunnel
X-Dc
X-Parent-Response-Time
HostName
Time
X-Nc
Memory
X-CUA
Powered-By
X-Datadome
Pragrma
X-HS-Cache-Config
Resin-Trace
X-Servedbyhost
X-Wa
X-Release
CF-IPCountry
X-Passed-To-PostProcessResponse
X-Passed-To-DLL
X-Passed-To-BeforeDispatch
X-Passed-To
X-Server-By
X-Returned-From
X-Returned-From-BeforeDispatch
X-Stale
X-Returned-From-DLL
X-Returned-From-PostProcessResponse
Section-Io-Cache
X-Original-Request
X-Oss-Hash-Crc64ecma
X-Actual-URL
X-WebServer
X-TH-Server
PICS-Label
X-Svr
X-Oss-Storage-Class
X-Oss-Server-Time
X-Oss-Request-Id
X-Oss-Object-Type
X-Upstream-HT
X-Croise-Owner
X-Upstream-CT
X-VServer
X-Phone
Host-ID
X-Newrelic-Synthetics
ProcessTime
X-Edge-Server
Cdn-Request-Time
Cdn-Host
X-Instart-Info
Cdn
X-Cache-HT
X-Optimization
Mime-Version
X-Tb-Optimization-Total-Bytes-Saved
X-From-Cache
Backend-Name
CF-Cached-On
Cf-Ipcountry
X-Varnish-Beresp-TTL
X-Fastly-Backend-Reqs
X-Unique-ID
X-Worker
X-Lb-Id
X-APP
SID
X-Microcachable
355prline
Xxline
X-Server-W
409pxxline
352pxline
X-Request-Handler-Origin-Region
178proxuri
X-Microsite
X-Req
Version
188prxHost
189phosttRef
286prxHost
225prxHost
219prxHost
X-Atg-Version
X-B3-SpanId
XServer
Fastcgi-Useragent
Proxy-Firewall
X-LB-ID
Odigeo-Trace-Id
X-ID
X-V
X-Akamai-Request-ID2
Processtime
Accept-Language
X-Ratelimit-Remaining
X-VCL-Version
X-Ratelimit-Limit
X-Vcl-Version
X-HTML-Minification-Powered-By
X-Zone
Esi-Enabled
X-Backend-TTL
X-CLOUD-TRACE-CONTEXT
X-CACHE-AGE
GeoIP-Country-Code
GeoIP-Latitude
GeoIP-City
X-UPSTREAM-Address
X-AssetVersion
X-Fstrz
X-IPS-LoggedIn
X-Check-Cacheable
X-WR-MODIFICATION
X-Contensis-Viewer-Groups
SN
X-Response-By
Pics-Label
X-Vcache
X-Nananana
X-NGINX-Cache
X-ZONE
X-Be
X-WA
X-URL
X-HS-Status
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
X-RequestId
X-Ratelimit-Reset
GMS-Ver
X-Urbn-Site-Id
X-Reqid
X-Urbn-Context-Path
X-CSRF-Token
X-Via-NSCOPI
Locale
X-ServedByHost
Public-Key-Pins-Report-Only
DataCenter
Fastcgi-X-Cache-Version
X-Hello
X-ABtesting
X-NWS-UUID-VERIFY
X-Flog
Geoip-Latitude
GeoIp-Country-Code
X-Hyper-Cache
X-SERVER-NAME
X-Dynatrace
WZWS-RAY
X-Request-Start
X-Render-Time
GW-Server
X-Amz-Meta-Surrogate-Control
Geoip-City
X-Fastly-Country-Code
X-Via-Ucdn
IBM-Web2-Location
Dnion-Transfer-Encoding
X-GDPR
X-Cdn-Cache
WP-Super-Cache
CDN
X-Cache-Ttl
X-Generation-Time
Countrycode
Mobile-Detection-Method
X-We-Are-Hiring
X-LiteSpeed-Cache-Control
X-CS
X-Clientip
X-UE-Client-Country
X-Unique-Id
X-GEO
X-NGENIX-Cache
Ohc-File-Size
Lb
Requestid
X-BE
SS
X-Cluster-Name
X-PJAX-URL
URI
X-Fpc
X-HS-Combine-CSS
X-HostName
Dynatrace
Amp-Access-Control-Allow-Source-Origin
FastCGI-Cache
X-SRV
X-FORWARDED-FOR
Serverid
X-Compress-Hint
X-Pf-Uncompressing
X-Cache-URL
X-Gen-Id
Cneonction
WebServer
X-GZIP
FSS-Cache
X-Got-Non-Ke-Cookie
FSS-Proxy
X-PF-Uncompressing
Server-Id
GEO-REGION-INFO
X-Store
Who
X-Bug-Bounty
X-Test
RequestUuid
A
X-LiteSpeed-Tag
X-Varnish-Action
X-Akamai-SSL-Client-Sid
RequestId
Https
Frontcache
X-Html-Edge-Cache
X-HTML-Edge-Cache
X-Request-Url
X-Fastly-Cache-Hits
X-Serial
Ohc-Cache-HIT
Ohc-Response-Time
X-EC-Lua
X-ServerName
NnCoection
X-Cdn-Request-ID
X-Dw-Trace-Id