Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
X-Powered-By
Link
ETag
CF-RAY
X-XSS-Protection
Expect-CT
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
CF-Cache-Status
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-Xss-Protection
X-Drupal-Cache
X-Adblock-Key
Alt-Svc
X-Check
X-Cacheable
X-Cache-Status
Content-Security-Policy-Report-Only
X-Generator
X-Request-ID
CF-Ray
X-DNS-Prefetch-Control
X-Permitted-Cross-Domain-Policies
X-AspNetMvc-Version
X-Template
X-Language
Status
X-Iinfo
Content-Encoding
Timing-Allow-Origin
X-Content-Security-Policy
X-FRAME-OPTIONS
X-Buckets
Upgrade
Xkey
X-Turbo-Charged-By
X-Kinja-Server-Push
X-CDN
Keep-Alive
Access-Control-Expose-Headers
X-Backend
Access-Control-Max-Age
X-Cache-Group
X-Pass-Why
X-AH-Environment
X-Drupal-Dynamic-Cache
X-Age
X-Server
X-Ua-Compatible
X-Pingback
X-Via
X-Proxy-Cache
X-Amz-Id-2
X-Amz-Request-Id
Grace
X-Hacker
X-Varnish-Cache
X-Page-Speed
WPE-Backend
X-Robots-Tag
X-Server-Powered-By
X-Nginx-Cache-Status
X-UA-Device
EagleId
Request-Context
X-Envoy-Upstream-Service-Time
Cf-Railgun
P3p
X-Amz-Version-Id
X-LiteSpeed-Cache
X-Swift-SaveTime
X-Swift-CacheTime
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-OneAgent-JS-Injection
Ali-Swift-Global-Savetime
X-Device
Server-Timing
X-WebKit-CSP
Allow
X-Ac
X-Rq
X-Node
X-Server-Id
X-Host
Content-Location
Feature-Policy
X-Cnection
X-Response-Time
X-CST
Report-To
X-Backend-Server
X-Cloud-Trace-Context
EagleEye-TraceId
Surrogate-Control
X-Application-Context
X-ORACLE-DMS-ECID
X-Iejgwucgyu
X-Url
X-Readtime
Request-Id
X-Origin-Cache
X-Rack-Cache
X-Country
X-FTR-Request-ID
X-Cdn
X-Cache-Lookup
X-Clacks-Overhead
X-Country-Code
X-Type
Rating
NEL
X-Instart-Request-ID
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Ruxit-JS-Agent
X-Vhost
X-DynaTrace
Pinterest-Generated-By
X-DataDome
X-Mod-Pagespeed
X-Origin-Upstream-Status
Edge-Control
X-Px
X-Goog-Hash
X-HW
X-Server-Name
Verso
X-ORACLE-DMS-RID
Accept-CH
X-Dispatcher
X-Upstream-Env
MS-Author-Via
X-VARITI-CCR
AR-CACHE
AR-PoweredBy
AR-ATIME
PB-RID
X-Mobile-Rewrite
PB-PID
Arc-Version
X-MS-InvokeApp
X-GitHub-Request-Id
X-Cdn-Fetch
X-Exp-Id
X-Exp-Variant
X-Kinja-Build
X-Kinja-Revision
X-Kinja-Server
X-Use-Magma
X-Kinja
X-GoogleNews-Bot
X-DataStream-Cache-Status
X-ESI
X-TTL
X-Cached
Public-Key-Pins
X-Version
X-Powered-By-Plesk
Content-MD5
Service-Worker-Allowed
X-Recruiting
Charset
AR-Request-ID
RTSS
Ar-Sid
Accept-CH-Lifetime
X-Abt-Application-Version
X-D2id
X-Navigation-Version
X-PC
X-Amz-Server-Side-Encryption
X-Vname
X-TtlSet
X-Ser
X-Varnish-TTL
X-Vcap-Request-Id
X-Webkit-CSP
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Forwarded-Proto
X-Client-IP
SPRequestGuid
X-Trace
Nginx-Cache
X-DynaTrace-JS-Agent
X-FTR-Realm
X-FTR-Backend
X-FTR-DC
X-FTR-Backend-Server
X-FTR-Cache-Status
X-FTR-Balancer
X-Country-Code-Real
X-FTR-Expires
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-VCache
DynaTrace
X-Server-ID
X-Amz-Meta-S3cmd-Attrs
X-Amz-Rid
S
X-XRDS-Location
X-Fastly-Request-ID
X-Debug
X-SharePointHealthScore
TCN
X-Hits
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Dw-Request-Base-Id
Arr-Disable-Session-Affinity
X-Upstream-Proxy
X-Pinterest-Rid
Pinterest-Version
X-Akam-SW-Version
X-Shield-Request-Id
SPRequestDuration
SPIisLatency
X-Powered-CMS
X-B3-TraceId
Access-Control-Request-Method
X-T
X-FTR-Cache-Host
X-Goog-Storage-Class
X-Id
X-Oracle-Dms-Rid
Realpath
X-Acc-Meta-Resource-Type
X-NF-Request-ID
X-MSEdge-Ref
Tracecode
X-Amzn-Trace-Id
Front-End-Https
X-Aspnet-Version
Fastcgi-Cache
X-N
X-Varnish-Age
X-Content-Type
X-Forwarded-For
Paypal-Debug-Id
X-Dns-Prefetch-Control
X-Upstream
X-Fastcgi-Cache
X-B3-TraceId-Primal
X-Mrf-Item-Lastmod
X-Ttl
MRF-Tech
X-Mrf-Section-Lastmod
Mrf-Cache-Status
Alternate-Protocol
X-Frontend
X-PressLabs-Stats
X-Logged-In
X-Content-Digest
X-HS-Hub-Id
X-HS-Content-Id
X-RateLimit-Remaining
Display
Response
X-Sol
X-Middleton-Response
X-Middleton-Display
Fusion-Component-Id
Fusion-Content-Id
Fusion-Template-Id
Fusion-Source
Fusion-Content-Source
X-Hostname
X-Srv
AMP-Access-Control-Allow-Source-Origin
X-Pad
X-Cache-Key
X-Litespeed-Cache
X-Accel-Expires
Host
MicrosoftSharePointTeamServices
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
Server-Name
X-Kinsta-Cache
X-Analytics
X-Correlation-Id
Backend-Timing
X-SERVER
X-Revision
X-Content-Options
X-LB-Cache
X-User-Agent
X-Activity-Id
X-Debug-Info
X-Az
X-AppVersion
X-IPLB-Instance
X-Amz-Apigw-Id
X-Amzn-RequestId
X-B3-Traceid
X-Rid
X-B3-Sampled
ServerID
X-Cache-Hit
Surrogate-Key
Accept-Charset
FilterID
X-Cache-2
Refresh
X-B
X-CF-Powered-By
Powered-By-ChinaCache
X-Accel-Buffering
X-Grace
X-Page-Id
X-Request-Received
X-Request-Processing-Time
X-DIS-Request-ID
TP-L2-Cache
X-Whom
TP-Cache
MS-CV
Server-Info
X-GUploader-UploadID
X-PHP-Backend
Host-Header
X-Varnish-Backend
X-Cached-By
Cache-Status
X-Content-Security-Policy-Report-Only
X-Origin-Server
X-TT
X-Cache-Action
X-App-Environment
VIX-Pulpo-Upstream-Status
X-Akamai-Edgescape
X-Amz-Replication-Status
Source
VIX-Pulpo-Node
PageSpeed
X-Mobile
X-F-Cache
X-Platform-Server
X-Framework
X-Cluster
X-Tumblr-User
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Varnish-Grace
Access-Control-Allow-Method
X-Content-Powered-By
X-FW-Hash
X-Drupal-Cache-Tags
X-Kong-Proxy-Latency
X-Request-Guid
X-UA-Device-Type
X-Kong-Upstream-Latency
X-Instance
X-FW-Server
X-FW-Type
X-FW-Serve
X-FW-Static
X-Ruxit-Js-Agent
X-FB-Debug
X-Forwarded-Host
X-Shard
X-Geo-Country
X-Ezoic-Cdn
X-Node-Name
X-Cache-TTL
Edge-Cache-Tag
X-Zen-Fury
X-RateLimit-Limit
X-FastCGI-Cache
X-Handled-By
X-SS-Set-Cookie
X-Magnolia-Registration
From-Origin
X-TA-CDN-Provider
X-Varnish-Hostname
Fastly-Restarts
X-Cache-Age
Cache-Tags
X-ATG-Version
X-BCube-Filmed-By
X-Cache-Control
X-AOL-HN
X-Varnish-Server
DC
X-Cache-Rule
Upgrade-Insecure-Requests
Cleartype
Healthy
X-App-Server
X-Esi
Server-Node
Payment
X-Response-Served-From
X-Region
X-RequestSource
X-Adobe-Loc
Country
X-TX-ID
X-Adobe-Content
X-WebKit-CSP-Report-Only
X-B-Cache
Retry-After
X-Signature
X-Redis-Cache
Filters
X-Tumblr-Pixel-2
X-UUID
X-GeoIP
Actual-Object-TTL
X-TT-TIMESTAMP
X-Tumblr-Pixel-1
X-Storage
X-VG-WebCache
Ms-Operation-Id
X-RTag
Webserver
X-Drupal-Cache-Contexts
X-Jobs
X-Generated-By
Powered
X-FW-Dynamic
Cache-Tv-Group
X-Content-Age
X-Locale
X-Varnish-Hits
X-Cacheable-TTL
X-XRDS-LOCATION
NGB
GEO-INFO
Frame-Options
ServedBy
CACHE
X-WA-Info
Liferay-Portal
X-Contextid
HitType
X-Oneagent-Js-Injection
X-Rendered-As
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Real-IP
X-Cache-NE
X-Cache-TTL-Remaining
X-Varnish-IP
X-RemovedCookies
X-ProcessESI
Eomportal-Instance
X-Seen-By
X-Via-JSL
X-Time
X-GRACE
X-Upgrade-Enabled
S-Cnection
X-Cache-Operation
Viewport
X-Guploader-Uploadid
Xserver
X-Mode
X-Cache-Server
X-NWS-LOG-UUID
X-Varnish-Cache-Hits
X-Routing-Service
X-Cache-Enabled
OT-Force-Account-Verify
X-From
X-Hl-Ver
X-Cache-Var
X-Cache-Var-Map
Machine
X-Zipkin-Id
Cache-Hits
X-Detected-As
Cache-Key
Meta-Geo
X-Proxied
X-RN-RSRV
Mn-Server-Ip
X-Proto
X-Is-Bot
X-ES-SERVER
X-Path-Route
X-Device-Type
Load-Balancing
X-S
X-Akamai-Transformed
TWC-Connection-Speed
X-Proxy
Mail-Subject
X-AWS-Id
X-Rocket-Nginx-Bypass
Access-Control-Request-Headers
X-FB-TRIP-ID
L5d-Success-Class
X-Backend-Name
TWC-GeoIP-Country
X-LJ-Flow-ID
TWC-GeoIP-LatLong
TWC-Locale-Group
X-Cache-Config
X-Tb
TWC-Privacy
X-Origin-Hint
TWC-Device-Class
X-Hosted-By
Content-Script-Type
Webcakes-App-Name
Webcakes-App-Version
Content-Style-Type
Datacenter
Vix-Hermes-Req-Id
We-Hiring
X-VWS-Id
X-Viewer-Country
NGX
X-L-Path
X-VG-TLSProxy
X-Environment-Context
X-FC-Vary-Parameters
Property-Id
Webcakes-Region
X-EIG-Tracking-Id
X-Access
Azure-SlotName
Azure-Version
Azure-SiteName
Azure-RegionName
X-Akamai-Request-ID
Azure-InstanceId
X-Debug-Cache
X-MP-GENERATED-AT
X-Vgn-Hpd-Reason
X-Tumblr-Pixel-3
X-TNCMS
S-Rt
Now
Origin-Cache-Control
X-Time-Microsecs
X-R9-Blue-Green-Version
Origin-Edge-Control
X-Web-Node
X-ServerID
X-Section
DB-Nickname
X-Loop
X-Labrador-Cache-Channel
X-FW-Version
X-NCache
X-Origin-Response-Time
X-RCS-CacheZone
X-BACKEND-TTL
X-Format
Selected-FE
X-Human
X-Timing-Wait
X-ProxyCache-Status
X-Trace-Id
X-Via-CDN
X-Xfnlog-Site
X-Via-Fastly
X-ProxyCache-Key
X-Proxy-Build
X-Newrelic-App-Data
X-CCM
X-IP
X-JoinUs
X-PCL
X-BYPASS-REASON
X-OCL
X-Cache-Remote
X-Cache-Category-Id
X-Birta-Served
X-Birta-Cache-Post
X-Generated
Cache-Tag
X-Internal-Host
X-Www-Served-By
NtCoent-Length
LB
Uber-Trace-Id
X-Grey
X-Site-Version
X-Endurance-Cache-Level
X-Varnish-Cacheable
Decoy-Debug-Status
X-VC-Cache
Decoy-Debug-TTL
X-Status
Decoy-Debug-Key
X-UnsetCookies
Served-By
X-Rule
X-Dynatrace-Js-Agent
X-EdgeConnect-Cache-Status
Release
X-Wix-Server-Artifact-Id
X-UA
X-CDN-Cache
AsisCache
X-Ua
X-Cluster-Node
Nel
X-Request-Time
X-Wix-Request-Id
ViewerVersion
X-Nginx-Cache
X-App-Version
Rt-Fastcgi-Cache
X-App-Name
X-Origin-Host
X-PERF
X-ApacheServer
X-TIME
X-Source
X-Sucuri-ID
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Origin
X-OVcl-Cache
X-OVcl
X-Hit
X-Agile
X-Agile-Id
X-VCT
X-Agile-Age
DSUID
X-B3-Spanid
X-APP-VERSION
SRV
Cache-Name
X-NewRelic-App-Data
Warning
X-ElasticPress-Search
X-Origin-TTL
X-Origin-CC
Cache
X-Accel-Expires-Debug
X-DPWN-IS-SECURE
X-Aed
X-A-Wwc
X-Developer
X-Debug-Log
X-Debug-Cookies
X-Destination
X-Reboot
X-A-Dgt
Ec-Rule-Version
X-Refresh
FNAC-ModuleRouting
Fly-Request-Id
X-Region-Sid
X-Hp-Webp
X-Processor
X-Generated-In
Fly-Cache
Request-Country
X-Debug-Cache-Store
X-F5-Cache
X-G
X-Gannett-Site-Version
X-External-Request-Id
X-PAYTM-SRV-ID
X-CF-Lambda-Fn
X-Application
Ajk
X-CF-Lambda-Version
X-Cache-Host
X-Cache-Miss-From
X-Cache-Info
BehaviorPad-Version
X-Cache-Grace
Arc-Country
X-ARC
X-B-Cookie
X-Connection-Hash
On-Server
X-Debug-Cache-Fetch
X-IN-WAF
Request-EU
X-Cache-Expires
X-Debug-Cache-Expiry
X-Date
X-Core-Value
Cache-Prefix
Cross-Origin-Window-Policy
X-D
Node
X-IN-APIGATEWAY
X-Thinkindot-L3
X-Transaction
Thinkindot-CacheControl-Type
X-SRCache-Key
Thinkindot-CacheControl
X-Secret
X-ScT
X-Trv-Group
X-S-Cookie
X-Rojux
X-A-Dcw
X-NU-AKA-ACS-Version
Thinkindot-Control
X-Logtrace-Id
X-NodeID
X-ServiceProvider
Server-Cache-Control
MD5-Digest
X-Server-Group
X-Sedo-Request-Id
Lfy
X-Mobile-URL
X-Matched-Rule
X-Pubstack
Memcached
Rendered-Blocks
Server-Surrogate-Control
X-Rewrite-Enabled
X-Cache-ASPX
X-Webstats-RespID
X-Platform
X-VG-WebServer
X-Request-UUID
X-Var-Ttl
Request-Time
Www
X-A-Dam
Xc-Version
X-Instart-Isnd
X-A-Ccd
X-A
X-Up
X-Varnish-Authentication
X-Twitter-Response-Tags
UCS
Meta-Geo-Continent
Origin
X-NX-Host
User-Agent
User-Cache-Control
Cteonnt-Length
X-Cache-Backend
Proxy-Connection
X-Block-Status
X-Amzn-Remapped-Content-Length
X-Cdn-Forward
X-Amzn-Remapped-Date
RNT-Time
RNT-Machine
ServerName
X-Amzn-Remapped-Connection
Web-Mar-Node
Server-Int
X-Irp-Debug
X-Sf
X-Micro-Cache
X-Servername
X-Nginx-Cache-Key
X-SIPLIST1
Pramga
X-LI-UUID
X-Swa-Ws
X-Location
X-SN
X-Request-URI
X-Origin-Date
X-RateLimit-Limit-Second
X-Qloud-Router
X-Protected-By
X-PHP-Host
X-RateLimit-Remaining-Second
X-Rebelmouse-Cache-Control
X-Origin-Expires
X-Page-Type
X-Rebelmouse-Surrogate-Control
X-LI-Proto
X-Li-Pop
X-Device-Os
X-Dispatcher-Server
X-Distil-CS
X-Distributor
X-Developers
X-Crawler
X-Cache-Debug
X-Cache-Id
X-Cdn-Srv
X-CGP
X-Epic-Correlation-Id
X-Eu-Site
X-Policy
X-Key
X-LAGOON
X-Li-Fabric
X-Info
Server-Host
X-Gen-Mode
X-Hash
X-Hnp-Log
X-Cache-Bucket
True-Client-Country-4JS
CDCHOST
Cache-Cookie-Set-Lfrom
Country-Code
Fastly-SIE
Ha-Gx-Prefs
Fastly-SWR
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
X-WPE-Loopback-Upstream-Addr
Hostname
Apple-News-Services-Handled
Apple-News-Services-Host
Backend
Apple-News-Services-Parsed-Url
HA-Ipaddr
Apple-News-Services-Request-Url
Kp-EeAlive
Pagetype
IsBot
X-FireWall-Port
X-Varnish-Ttl
X-Cache-FS-Status
X-TrackingId
X-Thanos
X-Ocache
X-Sorting-Hat-PodId
X-Shopify-Stage
X-Skip-Cache
Platform
X-Sorting-Hat-ShopId
X-Variation
X-Via-SSL
Adler-Geo
AKAMAI
X-Via-Edge
X-Core-Mission
X-Ah-Environment
X-ShopId
X-User
X-S-Maxage
X-Planisys-CDN-Rules
X-GeoIP-Country-Code
X-GeoIP-City
X-Planisys-CDN-Cache
X-No-Session
X-Edge-Location
X-MSEdge-Features
X-MSEdge-Flight
X-Geo-Header
X-Planisys-CDN-TTL
X-Fastly-Cache
SD-X-WS
X-Server-IP
X-Varnish-Beresp-Status
X-Gateway-Cache-Key
X-Varnish-Beresp-Grace
X-Gateway-Skip-Cache
X-Gateway-Cache-Status
X-ShardId
X-Cms-Context
X-Fetched-On
Fastly-SSL
Gh-Request-Id
Content-Disposition
X-Backend-Host
X-Wikidot-Static-Cache
X-Generated-On
X-Amz-Meta-Cache-Control
HTTPS
X-Level-Front-Cache
Fastly-Soc-X-Request-Id
Is-Eu
X-Alternate-Cache-Key
X-Backend-State
X-Auto-Login
X-Wikidot-Backend
X-Bip
X-C
Heartbleed
X-BB-ID
X-BBXSRF
X-Backend-Url
X-Datadome
Pagespeed
X-NC
X-Server-Time
X-Proxy-Upstream
X-Apm-Inst-Hash
X-Cdn-Origin
X-Owner
X-Apm-App-Name
X-Sucuri-Cache
X-Sn-Servicetimems
V-Age
MIME-Version
X-Apm-Svc-Key
X-TT-LOGID
X-Proxy-Cache-Status
X-Edge-IP
X-GZip
X-Exp-Se
X-Geo
REQUESTUUID
N-Cache
Magicmarker
Rt-Proxy-Cache
X-Varnish-Url
Fastly-Backend-Name
Server-ID
X-RateLimit-Reset
X-ND-Cache
X-Real-Ip
X-Org
X-Served-From
X-B3-Parentspanid
HostName
X-FPC
X-Node-Id
X-Varnish-Beresp-Ttl
X-Aicache-OS
X-Pjax-Url
VivaBuild
X-Gdpr
Viewtype
X-CDN-Forward
X-Load-Cache
X-DC
Wxu-Next-Hostname
Wxu-Next-Commit
Wxu-Next-Region
X-CSRF-TOKEN
CF-IPCountry
X-Git-Hash
Powered-By
X-Parent-Response-Time
X-CUA
X-Host-Name
Memory
Time
Pragrma
X-Dc
Section-Io-Cache
X-Returned-From-BeforeDispatch
X-Passed-To-PostProcessResponse
X-Svr
X-Passed-To-DLL
X-Passed-To-BeforeDispatch
X-Stale
X-Servedbyhost
X-Returned-From
X-Returned-From-PostProcessResponse
X-Returned-From-DLL
X-Server-By
X-Passed-To
X-Original-Request
X-Wa
X-Actual-URL
X-Nc
X-Release
Resin-Trace
X-Daa-Tunnel
X-Oss-Object-Type
PICS-Label
X-HS-Cache-Config
X-CACHE-KEY
X-Oss-Server-Time
X-Oss-Request-Id
X-Oss-Storage-Class
X-VServer
X-Croise-Owner
Host-ID
X-Oss-Hash-Crc64ecma
X-Edge-Server
X-WebServer
X-Tb-Optimization-Total-Bytes-Saved
Cdn-Host
ProcessTime
X-TH-Server
Cdn-Request-Time
X-Phone
X-From-Cache
X-Optimization
X-Unique-ID
X-Upstream-HT
X-Upstream-CT
AR-SID
Mime-Version
X-Cache-HT
X-Instart-Info
SID
Cdn
X-Microcachable
X-Varnish-Beresp-TTL
Fastcgi-Useragent
X-B3-SpanId
X-Newrelic-Synthetics
Backend-Name
X-Lb-Id
X-APP
X-Backend-TTL
Cf-Ipcountry
X-Worker
X-Req
X-V
CF-Cached-On
X-Atg-Version
178proxuri
188prxHost
Proxy-Firewall
XServer
189phosttRef
X-Server-W
X-LB-ID
X-Fastly-Backend-Reqs
409pxxline
219prxHost
Xxline
355prline
225prxHost
286prxHost
352pxline
Odigeo-Trace-Id
X-Zone
Version
X-Check-Cacheable
Processtime
X-HTML-Minification-Powered-By
X-ID
X-Ratelimit-Remaining
X-Microsite
X-Ratelimit-Limit
X-Vcl-Version
X-WR-MODIFICATION
X-Fstrz
X-Request-Handler-Origin-Region
X-Akamai-Request-ID2
X-CLOUD-TRACE-CONTEXT
X-CACHE-AGE
X-IPS-LoggedIn
X-Nananana
Accept-Language
Esi-Enabled
X-Response-By
X-VCL-Version
GeoIP-City
Pics-Label
GMS-Ver
SN
X-AssetVersion
GeoIP-Country-Code
X-NGINX-Cache
X-Vcache
X-Contensis-Viewer-Groups
GeoIP-Latitude
X-WA
X-UPSTREAM-Address
X-Ratelimit-Reset
X-URL
Public-Key-Pins-Report-Only
X-ServedByHost
X-RequestId
X-Be
X-CSRF-Token
X-Hyper-Cache
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
WZWS-RAY
Fastcgi-X-Cache-Version
X-HS-Status
DataCenter
X-SERVER-NAME
X-Via-NSCOPI
X-Urbn-Site-Id
X-Urbn-Context-Path
Geoip-Latitude
X-Fastly-Country-Code
GeoIp-Country-Code
X-Reqid
GW-Server
Locale
X-Amz-Meta-Surrogate-Control
X-Dynatrace
X-ZONE
X-Request-Start
Geoip-City
X-ABtesting
X-Hello
X-Flog
X-GEO
Countrycode
X-Render-Time
X-UE-Client-Country
X-Clientip
X-Via-Ucdn
X-We-Are-Hiring
Mobile-Detection-Method
WP-Super-Cache
X-Cdn-Cache
Lb
X-GDPR
Dnion-Transfer-Encoding
X-NWS-UUID-VERIFY
SS
IBM-Web2-Location
URI
X-CS
X-LiteSpeed-Cache-Control
X-BE
X-Unique-Id
Ohc-File-Size
CDN
X-PJAX-URL
Requestid
X-Generation-Time
X-GZIP
X-FORWARDED-FOR
X-SRV
X-HostName
FastCGI-Cache
Dynatrace
Amp-Access-Control-Allow-Source-Origin
X-Cluster-Name
X-Bug-Bounty
X-Fpc
X-Pf-Uncompressing
FSS-Proxy
X-PF-Uncompressing
X-Gen-Id
RequestUuid
Cneonction
FSS-Cache
X-HS-Combine-CSS
Serverid
X-Cache-Ttl
X-Html-Edge-Cache
Accept-Ch
X-LiteSpeed-Tag
X-Request-Url
X-Store
X-Cache-URL
X-Fastly-Cache-Hits
A
Server-Id
X-Test
X-NGENIX-Cache
X-Akamai-SSL-Client-Sid
X-Compress-Hint
X-Dw-Trace-Id
Get-Access-Time
Frontcache
X-HTML-Edge-Cache
X-Cdn-Request-ID
X-ServerName
X-EC-Lua
Is-Session-Tracking
Ohc-Response-Time
NnCoection
X-Serial
Ohc-Cache-HIT