Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
X-Powered-By
Link
ETag
CF-RAY
X-XSS-Protection
Expect-CT
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
CF-Cache-Status
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-Xss-Protection
X-FRAME-OPTIONS
X-Drupal-Cache
X-Adblock-Key
Alt-Svc
X-Check
X-Cacheable
X-Cache-Status
Content-Security-Policy-Report-Only
X-Generator
X-Request-ID
CF-Ray
X-DNS-Prefetch-Control
X-Permitted-Cross-Domain-Policies
X-AspNetMvc-Version
X-Template
X-Language
Status
X-Iinfo
Content-Encoding
Timing-Allow-Origin
X-Content-Security-Policy
X-Buckets
Upgrade
Xkey
X-Turbo-Charged-By
X-Kinja-Server-Push
X-CDN
Keep-Alive
Access-Control-Expose-Headers
X-Server
X-AH-Environment
X-Backend
Access-Control-Max-Age
X-Cache-Group
X-Pass-Why
X-Drupal-Dynamic-Cache
X-Age
X-Ua-Compatible
X-Via
X-Pingback
X-Proxy-Cache
X-Amz-Request-Id
X-Amz-Id-2
Grace
X-Hacker
X-Varnish-Cache
X-Page-Speed
X-Robots-Tag
WPE-Backend
X-Server-Powered-By
X-Nginx-Cache-Status
X-UA-Device
EagleId
Request-Context
X-Envoy-Upstream-Service-Time
P3p
Cf-Railgun
X-Amz-Version-Id
X-LiteSpeed-Cache
X-Swift-CacheTime
X-Swift-SaveTime
X-WebKit-CSP
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-OneAgent-JS-Injection
Ali-Swift-Global-Savetime
X-Device
Server-Timing
X-Server-Id
X-Rq
X-Ac
Allow
X-Node
X-Host
Content-Location
Feature-Policy
X-Cnection
X-Response-Time
Report-To
X-Cloud-Trace-Context
X-Backend-Server
EagleEye-TraceId
Surrogate-Control
X-Application-Context
X-CST
X-ORACLE-DMS-ECID
Request-Id
X-Iejgwucgyu
X-Origin-Cache
X-Url
X-Readtime
X-Rack-Cache
X-FTR-Request-ID
X-Country
X-Cache-Lookup
X-Clacks-Overhead
X-Country-Code
Rating
NEL
X-DataDome
X-Instart-Request-ID
X-Ruxit-JS-Agent
X-Vhost
X-EdgeConnect-Origin-MEX-Latency
X-DynaTrace
X-EdgeConnect-MidMile-RTT
Pinterest-Generated-By
X-Cdn
X-Mod-Pagespeed
X-Origin-Upstream-Status
Edge-Control
X-Goog-Hash
X-HW
X-Px
Accept-CH
X-Dispatcher
Verso
X-ORACLE-DMS-RID
X-Server-Name
MS-Author-Via
AR-PoweredBy
AR-ATIME
X-VARITI-CCR
AR-CACHE
X-ESI
X-DataStream-Cache-Status
X-GitHub-Request-Id
X-Mobile-Rewrite
PB-RID
Arc-Version
PB-PID
X-MS-InvokeApp
X-Exp-Id
X-Use-Magma
X-Kinja-Server
X-Exp-Variant
Public-Key-Pins
X-Cdn-Fetch
X-GoogleNews-Bot
X-Kinja-Build
X-Kinja
X-Type
X-Kinja-Revision
X-Cached
X-Powered-By-Plesk
Service-Worker-Allowed
X-Version
Content-MD5
X-TTL
Accept-CH-Lifetime
AR-Request-ID
X-Upstream-Env
X-D2id
X-Recruiting
RTSS
X-Amz-Server-Side-Encryption
X-Navigation-Version
Charset
X-Abt-Application-Version
X-PC
X-TtlSet
X-Vname
X-Vcap-Request-Id
X-Ser
X-Varnish-TTL
Ar-Sid
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Forwarded-Proto
Nginx-Cache
X-Client-IP
X-Trace
SPRequestGuid
X-DynaTrace-JS-Agent
X-Country-Code-Real
X-FTR-Backend
X-FTR-Backend-Server
X-FTR-Cache-Status
X-FTR-Balancer
X-FTR-Realm
X-FTR-DC
X-FTR-Expires
DynaTrace
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-VCache
X-Amz-Rid
X-Fastly-Request-ID
X-Amz-Meta-S3cmd-Attrs
S
X-Hits
X-Debug
X-XRDS-Location
TCN
X-Pinterest-Rid
X-Upstream-Proxy
Pinterest-Version
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Akam-SW-Version
X-SharePointHealthScore
X-Dw-Request-Base-Id
X-Powered-CMS
X-Shield-Request-Id
Arr-Disable-Session-Affinity
X-FTR-Cache-Host
X-Oracle-Dms-Rid
SPRequestDuration
SPIisLatency
X-T
Access-Control-Request-Method
X-Goog-Storage-Class
X-Server-ID
Realpath
X-Id
X-Aspnet-Version
X-Acc-Meta-Resource-Type
X-NF-Request-ID
X-MSEdge-Ref
X-Amzn-Trace-Id
Tracecode
X-N
X-Varnish-Age
Front-End-Https
Fastcgi-Cache
X-Content-Type
X-Ttl
X-Upstream
X-B3-TraceId
X-Mrf-Item-Lastmod
Mrf-Cache-Status
MRF-Tech
X-B3-TraceId-Primal
X-B3-Traceid
X-Mrf-Section-Lastmod
X-Forwarded-For
Paypal-Debug-Id
X-Fastcgi-Cache
Alternate-Protocol
Response
Display
X-Content-Digest
X-Frontend
X-Middleton-Response
X-Middleton-Display
X-Sol
X-HS-Content-Id
X-HS-Hub-Id
X-Logged-In
X-PressLabs-Stats
Fusion-Component-Id
Fusion-Template-Id
Fusion-Content-Id
Fusion-Content-Source
X-Webkit-CSP
Fusion-Source
X-Pad
X-Litespeed-Cache
AMP-Access-Control-Allow-Source-Origin
X-Hostname
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
X-RateLimit-Remaining
X-Srv
Host
X-Cache-Key
X-Accel-Expires
X-Grace
ServerID
MicrosoftSharePointTeamServices
X-B3-Sampled
Backend-Timing
X-Correlation-Id
X-Analytics
Server-Name
X-Debug-Info
X-Revision
X-AppVersion
X-Activity-Id
X-Kinsta-Cache
X-Az
Surrogate-Key
X-Amz-Apigw-Id
X-LB-Cache
X-IPLB-Instance
X-Amzn-RequestId
X-Cache-Hit
X-User-Agent
X-Rid
Accept-Charset
FilterID
X-Content-Options
X-Cache-2
Refresh
Powered-By-ChinaCache
X-CF-Powered-By
X-Request-Processing-Time
TP-Cache
TP-L2-Cache
X-B
X-Request-Received
MS-CV
X-Page-Id
X-Whom
X-Cached-By
Host-Header
Server-Info
Cache-Status
X-DIS-Request-ID
PageSpeed
X-Ruxit-Js-Agent
X-Content-Security-Policy-Report-Only
X-GUploader-UploadID
X-Origin-Server
VIX-Pulpo-Node
X-Varnish-Backend
VIX-Pulpo-Upstream-Status
X-Amz-Replication-Status
X-Cache-Action
X-Platform-Server
X-TT
X-Akamai-Edgescape
X-Mobile
X-Cluster
X-PHP-Backend
Source
X-Forwarded-Host
X-FW-Hash
X-Content-Powered-By
X-App-Environment
X-F-Cache
Access-Control-Allow-Method
X-FW-Serve
X-FW-Static
X-Varnish-Grace
X-Framework
X-Tumblr-User
X-Tumblr-Pixel-0
X-FW-Type
X-Tumblr-Pixel
X-Node-Name
X-FW-Server
X-Instance
X-Request-Guid
X-Ezoic-Cdn
X-FB-Debug
Fastly-Restarts
X-Shard
X-UA-Device-Type
X-Drupal-Cache-Tags
X-Geo-Country
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
Edge-Cache-Tag
X-TA-CDN-Provider
X-FastCGI-Cache
X-Accel-Buffering
X-Varnish-Hostname
X-Zen-Fury
X-Handled-By
From-Origin
X-RateLimit-Limit
X-AOL-HN
Cache-Tags
X-Magnolia-Registration
X-Cache-Age
X-BCube-Filmed-By
X-SS-Set-Cookie
X-Cache-Control
X-Cache-Rule
X-ATG-Version
X-Cache-TTL
Upgrade-Insecure-Requests
Healthy
Retry-After
X-Varnish-Server
Payment
Server-Node
Cleartype
DC
X-Response-Served-From
X-App-Server
Country
X-TX-ID
X-Storage
X-WebKit-CSP-Report-Only
Powered
X-Adobe-Content
X-Adobe-Loc
X-RTag
Ms-Operation-Id
X-VG-WebCache
X-TT-TIMESTAMP
X-Tumblr-Pixel-1
X-UUID
X-Tumblr-Pixel-2
Actual-Object-TTL
X-B-Cache
X-Dns-Prefetch-Control
X-Signature
X-FW-Dynamic
X-RequestSource
X-Redis-Cache
X-Region
X-GeoIP
Cache-Tv-Group
X-Cacheable-TTL
X-Content-Age
X-Drupal-Cache-Contexts
X-Jobs
Filters
X-XRDS-LOCATION
X-Varnish-Hits
X-Locale
X-Generated-By
Frame-Options
X-WA-Info
X-Esi
ServedBy
NGB
GEO-INFO
X-Oneagent-Js-Injection
X-Cache-NE
Webserver
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Contextid
X-BACKEND-TTL
Liferay-Portal
X-NWS-LOG-UUID
X-RemovedCookies
CACHE
HitType
X-ProcessESI
X-Rendered-As
X-Cache-Operation
Eomportal-Instance
X-Varnish-IP
X-Guploader-Uploadid
X-Cache-TTL-Remaining
X-Upgrade-Enabled
X-Mode
Viewport
X-Via-JSL
X-Real-IP
S-Cnection
Xserver
LB
X-Cache-Remote
X-Proto
X-Path-Route
X-RN-RSRV
X-Cache-Var
Meta-Geo
X-ES-SERVER
Machine
Cache-Key
X-Cache-Var-Map
X-From
X-Hl-Ver
X-Is-Bot
X-Routing-Service
X-Varnish-Cache-Hits
X-Zipkin-Id
X-Detected-As
X-Proxied
X-Akamai-Transformed
Cache-Hits
Load-Balancing
X-S
X-Time
X-Seen-By
X-Device-Type
Mail-Subject
X-Environment-Context
X-FW-Version
X-L-Path
X-Hosted-By
X-Cache-Server
X-Cache-Enabled
NGX
Mn-Server-Ip
L5d-Success-Class
OT-Force-Account-Verify
Vix-Hermes-Req-Id
X-Cache-Config
X-Backend-Name
We-Hiring
X-NCache
X-FC-Vary-Parameters
X-Time-Microsecs
X-Proxy
X-Rocket-Nginx-Bypass
X-Viewer-Country
X-Tb
X-VG-TLSProxy
X-R9-Blue-Green-Version
TWC-GeoIP-Country
Cache-Tag
X-TNCMS
TWC-Privacy
Webcakes-App-Version
Webcakes-App-Name
TWC-Device-Class
TWC-Locale-Group
TWC-GeoIP-LatLong
Azure-RegionName
Origin-Cache-Control
Origin-Edge-Control
DB-Nickname
Now
X-Tumblr-Pixel-3
Property-Id
S-Rt
Webcakes-Region
Azure-InstanceId
Azure-SiteName
Azure-SlotName
Azure-Version
TWC-Connection-Speed
X-Akamai-Request-ID
X-Labrador-Cache-Channel
X-RCS-CacheZone
X-Format
X-Access
X-Web-Node
X-Loop
X-MP-GENERATED-AT
X-Origin-Hint
X-ServerID
X-Section
X-Origin-Response-Time
X-JoinUs
X-PCL
X-OCL
X-Trace-Id
X-IP
X-ProxyCache-Key
X-Debug-Cache
X-CCM
X-BYPASS-REASON
X-Vgn-Hpd-Reason
X-EIG-Tracking-Id
X-Via-CDN
X-Xfnlog-Site
X-ProxyCache-Status
X-Human
X-Via-Fastly
NtCoent-Length
X-Cache-Category-Id
Access-Control-Request-Headers
Datacenter
X-Proxy-Build
Selected-FE
X-AWS-Id
X-Generated
Uber-Trace-Id
X-VWS-Id
X-Grey
X-Internal-Host
X-Www-Served-By
X-Timing-Wait
X-FB-TRIP-ID
X-LJ-Flow-ID
X-Dynatrace-Js-Agent
Content-Style-Type
X-UnsetCookies
Content-Script-Type
X-Endurance-Cache-Level
X-VC-Cache
X-Site-Version
X-Varnish-Cacheable
X-APP-VERSION
X-Rule
Release
Decoy-Debug-Status
X-Status
Decoy-Debug-TTL
Decoy-Debug-Key
X-EdgeConnect-Cache-Status
X-UA
X-Birta-Served
X-Birta-Cache-Post
Served-By
X-B3-Spanid
X-TIME
Nel
X-Request-Time
X-CDN-Cache
DSUID
X-OVcl
X-OVcl-Cache
X-Cluster-Node
X-Ua
Cache
X-Nginx-Cache
X-Origin
X-NewRelic-App-Data
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Hit
AsisCache
X-App-Name
X-VCT
Rt-Fastcgi-Cache
X-PERF
SRV
Cteonnt-Length
X-ApacheServer
X-Newrelic-App-Data
X-Source
X-GRACE
X-Agile-Age
Hostname
X-Pubstack
X-Agile-Id
X-Agile
X-Sucuri-ID
X-Origin-Host
X-Origin-TTL
X-Cache-Host
X-Origin-CC
X-ElasticPress-Search
Cache-Name
AR-SID
Ajk
Thinkindot-CacheControl-Type
Thinkindot-Control
Thinkindot-CacheControl
Arc-Country
Cache-Prefix
BehaviorPad-Version
Www
X-Geo
X-A-Dcw
X-A-Dam
X-A-Ccd
X-A-Dgt
Server-Surrogate-Control
X-A-Wwc
X-Aed
Server-Cache-Control
Fly-Cache
Node
Ec-Rule-Version
Fly-Request-Id
Meta-Geo-Continent
Memcached
FNAC-ModuleRouting
Cross-Origin-Window-Policy
On-Server
Request-EU
Request-Time
Request-Country
Rendered-Blocks
Origin
X-Accel-Expires-Debug
MD5-Digest
X-Core-Value
X-Region-Sid
X-Refresh
X-Request-UUID
X-Rewrite-Enabled
X-S-Cookie
X-Rojux
X-Reboot
X-Processor
X-NodeID
X-Mobile-URL
X-NU-AKA-ACS-Version
X-NX-Host
X-PAYTM-SRV-ID
X-ScT
X-Secret
X-Twitter-Response-Tags
X-Trv-Group
X-Up
X-Varnish-Authentication
Xc-Version
X-VG-WebServer
X-Transaction
X-Thinkindot-L3
X-Server-Time
X-Server-Group
X-ServiceProvider
X-Sn-Servicetimems
X-SRCache-Key
X-Matched-Rule
X-Logtrace-Id
X-Connection-Hash
X-CF-Lambda-Version
X-D
X-Date
X-Debug-Cache-Fetch
X-Debug-Cache-Expiry
X-CF-Lambda-Fn
X-Cdn-Origin
X-B-Cookie
X-ARC
X-Cache-ASPX
X-Cache-Grace
X-Cache-Info
X-Debug-Cache-Store
X-Debug-Cookies
X-Generated-In
X-Gannett-Site-Version
X-Hp-Webp
X-IN-APIGATEWAY
X-IN-WAF
X-G
X-F5-Cache
X-Destination
X-Debug-Log
X-Developer
X-DPWN-IS-SECURE
X-External-Request-Id
X-Application
X-A
X-Varnish-Ttl
User-Cache-Control
X-WPE-Loopback-Upstream-Addr
X-Cache-Backend
X-CGP
X-Developers
X-Cdn-Srv
X-Cache-Miss-From
X-Distil-CS
X-Cache-Id
X-Cache-Expires
X-Epic-Correlation-Id
X-Hnp-Log
X-Info
X-Gen-Mode
X-Fetched-On
X-Cache-Debug
X-Eu-Site
X-Distributor
X-Block-Status
UCS
V-Age
True-Client-Country-4JS
Server-Int
RNT-Time
Server-Host
Web-Mar-Node
X-Amzn-Remapped-Connection
X-Apm-Svc-Key
X-Instart-Isnd
X-Apm-Inst-Hash
X-Apm-App-Name
X-Amzn-Remapped-Content-Length
X-Amzn-Remapped-Date
X-Cache-Bucket
X-LAGOON
ViewerVersion
X-Sf
X-SIPLIST1
X-Servername
X-Sedo-Request-Id
X-Rebelmouse-Surrogate-Control
X-Request-URI
X-SN
X-Wix-Request-Id
Rt-Proxy-Cache
X-ND-Cache
X-Webstats-RespID
X-Var-Ttl
X-Swa-Ws
X-Real-Ip
X-Rebelmouse-Cache-Control
X-Qloud-Router
X-LI-Proto
X-LI-UUID
X-Li-Pop
X-Li-Fabric
X-Key
RNT-Machine
X-Location
X-Micro-Cache
X-Platform
X-Policy
X-PHP-Host
X-Page-Type
X-Nginx-Cache-Key
X-Origin-Date
X-Irp-Debug
X-Origin-Expires
Apple-News-Services-Handled
Apple-News-Services-Host
Lfy
Fastly-SWR
Cache-Cookie-Set-Lfrom
Pramga
Fastly-SIE
Gh-Request-Id
Cache-Cookie-Set-From
HA-Ipaddr
Backend
Ha-Gx-Prefs
Apple-News-Services-Request-Url
IsBot
Apple-News-Services-Parsed-Url
Proxy-Connection
Cache-Cookie-Set-Idcheck
Country-Code
CDCHOST
X-FireWall-Port
Pagespeed
X-Shopify-Stage
X-Wikidot-Backend
X-Device-Os
X-Via-SSL
X-Wikidot-Static-Cache
X-Dispatcher-Server
X-Via-Edge
X-Crawler
Warning
REQUESTUUID
Adler-Geo
Fastly-SSL
X-ShardId
X-Core-Mission
X-Cms-Context
X-ShopId
X-Exp-Se
Content-Disposition
X-RateLimit-Remaining-Second
X-Skip-Cache
SD-X-WS
X-GeoIP-Country-Code
X-Sorting-Hat-ShopId
Heartbleed
X-Hash
X-Gateway-Skip-Cache
X-Gateway-Cache-Status
X-RateLimit-Limit-Second
X-Variation
X-Sorting-Hat-PodId
X-Fastly-Cache
Is-Eu
X-Gateway-Cache-Key
X-Thanos
ServerName
AKAMAI
X-Planisys-CDN-TTL
Fastly-Soc-X-Request-Id
X-Protected-By
X-Auto-Login
X-Planisys-CDN-Rules
X-Backend-State
X-Org
X-Served-From
Pagetype
X-MSEdge-Features
X-Amz-Meta-Cache-Control
X-Alternate-Cache-Key
X-No-Session
X-Server-IP
X-User
Platform
X-MSEdge-Flight
X-Backend-Url
X-Backend-Host
X-Generated-On
X-Level-Front-Cache
X-GeoIP-City
X-Cache-FS-Status
X-Geo-Header
X-S-Maxage
X-Bip
X-C
X-Planisys-CDN-Cache
X-BBXSRF
X-GZip
X-B3-Parentspanid
X-RateLimit-Reset
X-Owner
Kp-EeAlive
X-CDN-Forward
X-Host-Name
MIME-Version
X-Git-Hash
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
Server-ID
X-Ocache
HTTPS
X-BB-ID
X-App-Version
X-Edge-Location
X-NC
X-Wix-Server-Artifact-Id
Viewtype
VivaBuild
X-Proxy-Upstream
X-Sucuri-Cache
X-Proxy-Cache-Status
X-TrackingId
X-Daa-Tunnel
X-FPC
X-TT-LOGID
Fastly-Backend-Name
Magicmarker
N-Cache
X-Load-Cache
X-Aicache-OS
Wxu-Next-Hostname
Wxu-Next-Region
X-Edge-IP
Wxu-Next-Commit
X-Gdpr
X-Varnish-Url
X-Cdn-Forward
User-Agent
Time
X-Parent-Response-Time
X-Node-Id
HostName
X-Dc
X-DC
X-CSRF-TOKEN
Memory
CF-IPCountry
X-Varnish-Beresp-Ttl
X-Pjax-Url
X-Release
X-WebServer
X-TH-Server
X-Upstream-HT
X-Nc
X-Upstream-CT
X-Phone
Resin-Trace
X-CACHE-KEY
Powered-By
X-CUA
X-HS-Cache-Config
PICS-Label
X-Wa
X-Servedbyhost
X-Instart-Info
Pragrma
X-Oss-Request-Id
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Oss-Storage-Class
X-Oss-Server-Time
X-Svr
Backend-Name
X-Returned-From-PostProcessResponse
X-Microsite
X-Request-Handler-Origin-Region
X-Stale
X-Server-By
X-Returned-From-BeforeDispatch
X-Returned-From
X-Returned-From-DLL
X-Passed-To-DLL
X-Passed-To-BeforeDispatch
X-Passed-To
X-Original-Request
X-Actual-URL
X-Passed-To-PostProcessResponse
Host-ID
X-Newrelic-Synthetics
X-Varnish-Beresp-TTL
Mime-Version
X-From-Cache
Section-Io-Cache
X-Tb-Optimization-Total-Bytes-Saved
X-Croise-Owner
X-VServer
X-Worker
ProcessTime
X-Cache-HT
X-Optimization
X-Edge-Server
X-Lb-Id
Version
178proxuri
409pxxline
355prline
Xxline
Cdn-Host
Cdn-Request-Time
X-Server-W
352pxline
286prxHost
188prxHost
189phosttRef
219prxHost
225prxHost
CF-Cached-On
Cf-Ipcountry
X-APP
X-Atg-Version
X-Fastly-Backend-Reqs
X-SERVER-NAME
Accept-Language
X-Akamai-Request-ID2
Cdn
XServer
SID
X-ID
X-Zone
X-Req
X-Microcachable
X-Unique-ID
Processtime
X-LB-ID
X-VCL-Version
Esi-Enabled
X-Ratelimit-Remaining
Proxy-Firewall
X-Vcl-Version
X-AssetVersion
X-Ratelimit-Limit
X-Contensis-Viewer-Groups
X-CACHE-AGE
X-CLOUD-TRACE-CONTEXT
X-B3-SpanId
X-V
GeoIP-City
X-IPS-LoggedIn
GeoIP-Country-Code
SN
GeoIP-Latitude
Odigeo-Trace-Id
X-Vtex-Processado-Em
X-HTML-Minification-Powered-By
X-RequestId
X-UPSTREAM-Address
X-Vtex-Remote-Cache
X-Vcache
X-NGINX-Cache
X-Cache-Ttl
X-ZONE
X-WA
X-Nananana
X-Urbn-Context-Path
X-Fstrz
Pics-Label
X-Via-NSCOPI
X-Urbn-Site-Id
Locale
X-HS-Status
X-URL
Fastcgi-Useragent
X-Reqid
CDN
X-WR-MODIFICATION
X-Check-Cacheable
X-Flog
X-Response-By
X-Hello
X-ABtesting
X-CSRF-Token
X-ServedByHost
X-Be
X-Backend-TTL
DataCenter
Geoip-Latitude
GMS-Ver
GeoIp-Country-Code
IBM-Web2-Location
X-NWS-UUID-VERIFY
X-FORWARDED-FOR
X-Hyper-Cache
WebServer
X-SRV
X-Dynatrace
X-Datadome
X-NGENIX-Cache
Geoip-City
Requestid
X-Via-Ucdn
Dnion-Transfer-Encoding
X-Generation-Time
X-Fastly-Country-Code
X-PJAX-URL
X-LiteSpeed-Cache-Control
X-Render-Time
X-Request-Start
X-Ratelimit-Reset
X-Cdn-Cache
WP-Super-Cache
X-CS
Fastcgi-X-Cache-Version
X-Cluster-Name
X-GDPR
Public-Key-Pins-Report-Only
X-Unique-Id
WZWS-RAY
X-Amz-Meta-Surrogate-Control
URI
GW-Server
X-HS-Combine-CSS
X-Cache-URL
Lb
FastCGI-Cache
Amp-Access-Control-Allow-Source-Origin
Dynatrace
X-HostName
X-UE-Client-Country
X-LiteSpeed-Tag
GEO-REGION-INFO
X-We-Are-Hiring
Cneonction
X-Fpc
X-Varnish-Action
X-Got-Non-Ke-Cookie
X-Pf-Uncompressing
Countrycode
Serverid
X-Compress-Hint
Mobile-Detection-Method
X-Gen-Id
X-Clientip
X-Test
X-Bug-Bounty
Who
Ohc-File-Size
A
SS
X-BE
Server-Id
Epwk-Cache
Https
X-Store
X-GEO
X-SVT-ORM-VERSION
Get-Access-Time
Cache-Provider
Is-Session-Tracking
X-SVT-ORM-RULES
X-ServerName
X-HTML-Edge-Cache
X-Html-Edge-Cache
Frontcache
X-Request-Url
X-Cdn-Request-ID
X-EC-Lua
NnCoection
X-Fastly-Cache-Hits
X-Dw-Trace-Id