Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
X-Powered-By
Link
ETag
CF-RAY
X-XSS-Protection
Expect-CT
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
CF-Cache-Status
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-Xss-Protection
X-FRAME-OPTIONS
X-Drupal-Cache
X-Adblock-Key
Alt-Svc
X-Check
X-Cacheable
X-Cache-Status
Content-Security-Policy-Report-Only
X-Generator
X-Request-ID
CF-Ray
X-DNS-Prefetch-Control
X-Permitted-Cross-Domain-Policies
X-AspNetMvc-Version
X-Template
Status
X-Language
X-Iinfo
Content-Encoding
Timing-Allow-Origin
X-Content-Security-Policy
X-Buckets
Upgrade
Xkey
X-Turbo-Charged-By
X-Kinja-Server-Push
X-CDN
Keep-Alive
Access-Control-Expose-Headers
X-AH-Environment
X-Server
X-Backend
Access-Control-Max-Age
X-Cache-Group
X-Pass-Why
X-Drupal-Dynamic-Cache
X-Age
X-Ua-Compatible
X-Via
X-Pingback
X-Proxy-Cache
X-Amz-Id-2
X-Amz-Request-Id
Grace
X-Hacker
X-Varnish-Cache
X-Page-Speed
WPE-Backend
X-Robots-Tag
X-Nginx-Cache-Status
X-Server-Powered-By
X-UA-Device
EagleId
Request-Context
X-Envoy-Upstream-Service-Time
P3p
Cf-Railgun
X-Amz-Version-Id
X-LiteSpeed-Cache
X-Swift-SaveTime
X-Swift-CacheTime
X-WebKit-CSP
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-OneAgent-JS-Injection
Ali-Swift-Global-Savetime
X-Device
Server-Timing
X-Server-Id
X-Rq
X-Ac
X-Node
Allow
X-Host
Content-Location
Feature-Policy
X-Cnection
X-Response-Time
Report-To
X-Cloud-Trace-Context
X-Backend-Server
EagleEye-TraceId
Surrogate-Control
X-Application-Context
X-CST
X-ORACLE-DMS-ECID
Request-Id
X-Iejgwucgyu
X-Origin-Cache
X-Readtime
X-Rack-Cache
X-Url
X-FTR-Request-ID
X-Cache-Lookup
X-Cdn
X-Country
X-Clacks-Overhead
X-Country-Code
Rating
NEL
X-DataDome
X-Instart-Request-ID
X-Ruxit-JS-Agent
X-Vhost
Pinterest-Generated-By
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-DynaTrace
X-Mod-Pagespeed
X-Origin-Upstream-Status
Edge-Control
X-Goog-Hash
X-HW
X-Px
Accept-CH
X-Dispatcher
Verso
X-ORACLE-DMS-RID
MS-Author-Via
X-Server-Name
AR-PoweredBy
AR-ATIME
AR-CACHE
X-VARITI-CCR
X-ESI
X-DataStream-Cache-Status
Arc-Version
PB-PID
PB-RID
X-Mobile-Rewrite
X-GitHub-Request-Id
X-MS-InvokeApp
X-GoogleNews-Bot
X-Exp-Id
X-Cdn-Fetch
X-Kinja
X-Exp-Variant
X-Use-Magma
X-Kinja-Server
X-Kinja-Build
X-Kinja-Revision
X-Type
Public-Key-Pins
X-Powered-By-Plesk
Content-MD5
X-Cached
X-Version
Service-Worker-Allowed
X-TTL
AR-Request-ID
Accept-CH-Lifetime
X-Upstream-Env
X-Amz-Server-Side-Encryption
RTSS
X-Recruiting
X-D2id
X-Navigation-Version
X-Abt-Application-Version
Charset
X-Vcap-Request-Id
X-Ser
X-Vname
X-TtlSet
Ar-Sid
X-PC
X-Varnish-TTL
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Forwarded-Proto
X-Client-IP
Nginx-Cache
X-Trace
SPRequestGuid
X-FTR-Balancer
X-FTR-Cache-Status
X-FTR-Backend-Server
X-FTR-Backend
X-Country-Code-Real
X-FTR-DC
X-FTR-Realm
X-DynaTrace-JS-Agent
X-FTR-Expires
DynaTrace
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Amz-Rid
X-Fastly-Request-ID
X-Amz-Meta-S3cmd-Attrs
X-Hits
X-Debug
X-XRDS-Location
TCN
X-VCache
X-Pinterest-Rid
Pinterest-Version
X-Upstream-Proxy
S
X-SharePointHealthScore
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Shield-Request-Id
X-Akam-SW-Version
X-Powered-CMS
X-Dw-Request-Base-Id
Arr-Disable-Session-Affinity
X-Oracle-Dms-Rid
X-FTR-Cache-Host
SPIisLatency
SPRequestDuration
X-T
Access-Control-Request-Method
X-Goog-Storage-Class
X-Server-ID
X-Id
Realpath
X-Aspnet-Version
X-Acc-Meta-Resource-Type
X-MSEdge-Ref
X-Amzn-Trace-Id
X-NF-Request-ID
Tracecode
X-N
Front-End-Https
X-Varnish-Age
Fastcgi-Cache
X-Content-Type
X-Upstream
X-Ttl
X-B3-TraceId
X-B3-TraceId-Primal
MRF-Tech
X-Mrf-Item-Lastmod
Mrf-Cache-Status
X-B3-Traceid
X-Mrf-Section-Lastmod
X-Forwarded-For
Paypal-Debug-Id
X-Fastcgi-Cache
Alternate-Protocol
X-Sol
X-Middleton-Response
X-Middleton-Display
Response
Display
X-Frontend
X-Content-Digest
X-Logged-In
X-Pad
Fusion-Content-Source
Fusion-Source
Fusion-Component-Id
X-HS-Hub-Id
X-Webkit-CSP
X-HS-Content-Id
Fusion-Template-Id
Fusion-Content-Id
X-Litespeed-Cache
X-PressLabs-Stats
AMP-Access-Control-Allow-Source-Origin
X-Hostname
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
X-RateLimit-Remaining
X-Srv
Host
X-Accel-Expires
X-Cache-Key
X-Grace
ServerID
MicrosoftSharePointTeamServices
Backend-Timing
X-B3-Sampled
X-Analytics
X-Correlation-Id
Server-Name
Surrogate-Key
X-Kinsta-Cache
X-Debug-Info
X-IPLB-Instance
X-AppVersion
X-Activity-Id
X-Amz-Apigw-Id
X-Az
X-Amzn-RequestId
X-LB-Cache
X-Rid
X-User-Agent
X-Revision
X-Content-Options
X-Cache-Hit
Accept-Charset
FilterID
X-Cache-2
Refresh
Powered-By-ChinaCache
X-CF-Powered-By
X-Request-Processing-Time
X-Request-Received
X-B
TP-L2-Cache
TP-Cache
MS-CV
X-Page-Id
X-Whom
X-Cached-By
Server-Info
X-DIS-Request-ID
Cache-Status
X-Ruxit-Js-Agent
Host-Header
X-App-Environment
X-Cache-Action
X-Amz-Replication-Status
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Akamai-Edgescape
X-GUploader-UploadID
X-PHP-Backend
X-Platform-Server
X-Varnish-Backend
X-TT
X-Ezoic-Cdn
X-Content-Security-Policy-Report-Only
Source
X-Origin-Server
X-Mobile
X-Tumblr-Pixel
X-Node-Name
X-Tumblr-Pixel-0
X-Tumblr-User
X-FW-Static
X-FW-Serve
X-FW-Hash
X-Forwarded-Host
X-FW-Server
X-F-Cache
X-FW-Type
X-Cluster
X-FB-Debug
X-Drupal-Cache-Tags
X-Instance
X-Request-Guid
X-Shard
X-Framework
X-Content-Powered-By
Access-Control-Allow-Method
X-Varnish-Grace
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
Fastly-Restarts
X-Geo-Country
PageSpeed
X-UA-Device-Type
X-TA-CDN-Provider
X-Accel-Buffering
Edge-Cache-Tag
X-FastCGI-Cache
X-Zen-Fury
X-Varnish-Hostname
X-Handled-By
From-Origin
X-RateLimit-Limit
Cache-Tags
X-Cache-TTL
X-AOL-HN
X-Magnolia-Registration
X-Cache-Age
X-SS-Set-Cookie
X-BCube-Filmed-By
X-Cache-Control
X-ATG-Version
X-Cache-Rule
Healthy
Upgrade-Insecure-Requests
Retry-After
X-Varnish-Server
Server-Node
Payment
Cleartype
DC
X-RequestSource
X-Response-Served-From
X-App-Server
X-Adobe-Loc
X-TX-ID
X-Adobe-Content
X-Storage
Powered
X-FW-Dynamic
Country
Filters
Actual-Object-TTL
X-Signature
X-B-Cache
X-UUID
X-TT-TIMESTAMP
X-VG-WebCache
X-Dns-Prefetch-Control
X-WebKit-CSP-Report-Only
X-Redis-Cache
X-Region
X-Jobs
X-RTag
X-Tumblr-Pixel-2
X-Drupal-Cache-Contexts
X-Tumblr-Pixel-1
X-GeoIP
Cache-Tv-Group
Ms-Operation-Id
X-Varnish-Hits
X-Cacheable-TTL
X-Content-Age
X-XRDS-LOCATION
X-Generated-By
Frame-Options
X-Locale
X-WA-Info
GEO-INFO
X-Esi
NGB
ServedBy
X-Oneagent-Js-Injection
Webserver
X-Cache-NE
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Contextid
Liferay-Portal
X-BACKEND-TTL
HitType
CACHE
X-NWS-LOG-UUID
X-RemovedCookies
X-ProcessESI
X-Rendered-As
Eomportal-Instance
X-Cache-Operation
X-Guploader-Uploadid
X-Varnish-IP
X-Cache-TTL-Remaining
X-Upgrade-Enabled
X-Mode
Viewport
X-Real-IP
S-Cnection
X-Via-JSL
X-Varnish-Cache-Hits
X-Cache-Remote
LB
X-Proxied
X-From
Load-Balancing
X-Is-Bot
X-S
Cache-Key
X-Time
X-RN-RSRV
X-ES-SERVER
X-Routing-Service
Cache-Hits
Machine
X-Cache-Var-Map
X-Detected-As
X-Akamai-Transformed
X-Path-Route
X-Cache-Enabled
X-Cache-Var
Meta-Geo
OT-Force-Account-Verify
Mn-Server-Ip
X-Zipkin-Id
Access-Control-Request-Headers
X-Cache-Server
Property-Id
NGX
TWC-GeoIP-LatLong
X-VG-TLSProxy
X-L-Path
X-Time-Microsecs
X-Viewer-Country
TWC-Connection-Speed
Webcakes-Region
X-AWS-Id
X-Seen-By
X-Hosted-By
X-R9-Blue-Green-Version
X-Environment-Context
X-FB-TRIP-ID
X-FC-Vary-Parameters
X-FW-Version
X-Tb
X-Proto
X-VWS-Id
Webcakes-App-Name
X-NCache
Webcakes-App-Version
TWC-Privacy
TWC-Locale-Group
TWC-Device-Class
TWC-GeoIP-Country
X-Device-Type
X-LJ-Flow-ID
Vix-Hermes-Req-Id
X-Origin-Hint
Azure-SlotName
X-RCS-CacheZone
Azure-Version
X-Section
Origin-Edge-Control
X-Access
X-Rocket-Nginx-Bypass
Azure-InstanceId
X-EIG-Tracking-Id
Azure-RegionName
Azure-SiteName
X-Debug-Cache
S-Rt
X-Akamai-Request-ID
X-TNCMS
X-MP-GENERATED-AT
X-Web-Node
X-Tumblr-Pixel-3
X-Loop
X-Proxy
X-Cache-Config
X-Format
DB-Nickname
Origin-Cache-Control
X-Origin-Response-Time
X-Labrador-Cache-Channel
L5d-Success-Class
Xserver
X-IP
X-OCL
X-Human
X-CCM
Selected-FE
X-PCL
X-Hl-Ver
X-Proxy-Build
X-Via-CDN
X-Xfnlog-Site
X-Via-Fastly
X-Vgn-Hpd-Reason
X-Trace-Id
X-ServerID
X-Timing-Wait
Now
NtCoent-Length
Cache-Tag
X-Cache-Category-Id
X-BYPASS-REASON
X-Backend-Name
Uber-Trace-Id
We-Hiring
X-Generated
X-Grey
X-Www-Served-By
X-ProxyCache-Status
X-ProxyCache-Key
X-JoinUs
Datacenter
X-Internal-Host
Mail-Subject
X-UnsetCookies
Content-Script-Type
Content-Style-Type
X-Dynatrace-Js-Agent
X-UA
X-Site-Version
X-Endurance-Cache-Level
X-VC-Cache
Release
X-APP-VERSION
X-Varnish-Cacheable
X-Rule
X-Status
Decoy-Debug-TTL
Decoy-Debug-Key
Decoy-Debug-Status
X-EdgeConnect-Cache-Status
Served-By
X-Birta-Cache-Post
X-Birta-Served
X-B3-Spanid
X-TIME
Nel
DSUID
X-CDN-Cache
X-Request-Time
X-OVcl-Cache
X-OVcl
X-Cluster-Node
X-Origin
X-Goog-Meta-Goog-Reserved-File-Mtime
X-NewRelic-App-Data
Cache
AsisCache
X-Hit
X-Nginx-Cache
Pagespeed
Rt-Fastcgi-Cache
X-VCT
X-App-Name
X-PERF
X-Newrelic-App-Data
SRV
Cteonnt-Length
X-ApacheServer
X-Source
X-Ua
X-GRACE
X-Agile-Age
X-Agile-Id
Hostname
X-Agile
X-Pubstack
X-Cache-Host
X-Sucuri-ID
X-Origin-Host
X-ElasticPress-Search
Cache-Name
X-Origin-TTL
X-Origin-CC
X-Cache-Expires
Ec-Rule-Version
Cross-Origin-Window-Policy
X-IN-WAF
X-Mobile-URL
X-NodeID
Cache-Prefix
Arc-Country
Ajk
X-Geo
X-Cache-Grace
X-Core-Value
BehaviorPad-Version
X-Logtrace-Id
X-Instart-Isnd
X-Cache-Info
X-Cdn-Origin
X-Matched-Rule
X-G
X-Developer
X-Destination
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
Server-Host
Request-Time
X-DPWN-IS-SECURE
Rendered-Blocks
Request-Country
Request-EU
X-Date
X-Aed
X-A-Dam
X-Accel-Expires-Debug
X-A-Dcw
X-A-Dgt
X-A-Ccd
X-A
Thinkindot-Control
UCS
Www
Origin
X-NU-AKA-ACS-Version
X-Generated-In
X-Gannett-Site-Version
X-A-Wwc
MD5-Digest
FNAC-ModuleRouting
Fly-Request-Id
X-B-Cookie
X-CF-Lambda-Fn
X-Hp-Webp
Fly-Cache
Memcached
X-F5-Cache
X-External-Request-Id
X-D
Node
On-Server
X-CF-Lambda-Version
X-Connection-Hash
X-ARC
Meta-Geo-Continent
X-Application
X-IN-APIGATEWAY
X-PAYTM-SRV-ID
X-Secret
X-Server-Group
X-Server-Time
X-ServiceProvider
X-ScT
X-S-Cookie
X-Request-UUID
X-Rewrite-Enabled
X-Rojux
X-SRCache-Key
X-Thinkindot-L3
X-VG-WebServer
X-Webstats-RespID
Xc-Version
X-Var-Ttl
X-Up
X-Transaction
X-Trv-Group
X-Twitter-Response-Tags
X-Region-Sid
X-Sn-Servicetimems
X-Reboot
X-Processor
X-Refresh
X-Varnish-Ttl
User-Cache-Control
X-WPE-Loopback-Upstream-Addr
X-Cache-Backend
X-Crawler
X-Swa-Ws
Pagetype
X-Distributor
Proxy-Connection
Pramga
X-Apm-App-Name
Web-Mar-Node
X-Epic-Correlation-Id
X-Page-Type
Lfy
X-Fetched-On
IsBot
X-SIPLIST1
X-Origin-Date
X-ND-Cache
X-Dispatcher-Server
X-SN
X-Amzn-Remapped-Date
X-Apm-Svc-Key
X-Debug-Log
X-Cache-Miss-From
ServerName
Server-Surrogate-Control
X-Debug-Cookies
X-Wix-Request-Id
True-Client-Country-4JS
X-Debug-Cache-Store
X-Varnish-Authentication
X-Apm-Inst-Hash
Server-Int
X-PHP-Host
X-Device-Os
X-Platform
X-Amzn-Remapped-Content-Length
X-Nginx-Cache-Key
RNT-Machine
RNT-Time
ViewerVersion
Server-Cache-Control
X-Developers
V-Age
X-Cdn-Srv
Backend
X-Micro-Cache
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
X-Debug-Cache-Expiry
Cache-Cookie-Set-From
CDCHOST
X-RateLimit-Remaining-Second
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
Apple-News-Services-Host
Apple-News-Services-Handled
X-Li-Pop
X-LI-Proto
X-LI-UUID
X-Location
X-Request-URI
X-Li-Fabric
X-Rebelmouse-Cache-Control
X-LAGOON
X-Rebelmouse-Surrogate-Control
X-Cache-Id
Rt-Proxy-Cache
X-Servername
Fastly-SWR
X-Hash
X-Sf
X-Cache-Debug
X-Cache-ASPX
X-Gen-Mode
X-Cache-Bucket
X-Amzn-Remapped-Connection
X-Hnp-Log
X-Block-Status
X-Info
X-Debug-Cache-Fetch
X-Sedo-Request-Id
X-RateLimit-Limit-Second
Fastly-SIE
X-Qloud-Router
X-Origin-Expires
X-NX-Host
X-Real-Ip
X-FireWall-Port
X-CGP
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-User
X-Org
X-Served-From
X-Planisys-CDN-Cache
REQUESTUUID
X-GeoIP-City
X-Geo-Header
X-Level-Front-Cache
X-Core-Mission
X-Cms-Context
X-Generated-On
X-Distil-CS
X-Gateway-Cache-Status
X-Gateway-Skip-Cache
X-Gateway-Cache-Key
X-ShopId
X-Fastly-Cache
X-Shopify-Stage
X-ShardId
X-GeoIP-Country-Code
X-Key
X-S-Maxage
X-Irp-Debug
X-MSEdge-Features
X-Server-IP
X-Skip-Cache
X-Sorting-Hat-PodId
X-Via-Edge
X-Variation
X-Via-SSL
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-No-Session
X-MSEdge-Flight
X-Sorting-Hat-ShopId
X-Exp-Se
X-Eu-Site
X-Policy
X-Thanos
AKAMAI
X-C
HA-Ipaddr
X-Alternate-Cache-Key
X-Amz-Meta-Cache-Control
Ha-Gx-Prefs
Heartbleed
Warning
SD-X-WS
Content-Disposition
Country-Code
Is-Eu
X-Cache-FS-Status
X-Auto-Login
X-BBXSRF
Fastly-SSL
X-Bip
Fastly-Soc-X-Request-Id
Adler-Geo
Gh-Request-Id
X-Backend-Host
X-Backend-State
X-Backend-Url
Platform
X-B3-Parentspanid
X-GZip
X-CDN-Forward
X-RateLimit-Reset
Kp-EeAlive
X-Protected-By
X-Owner
X-Host-Name
X-Git-Hash
MIME-Version
X-Varnish-Beresp-Status
X-App-Version
HTTPS
X-Ocache
Server-ID
X-BB-ID
X-Varnish-Beresp-Grace
X-Edge-Location
X-Wix-Server-Artifact-Id
X-NC
X-Daa-Tunnel
Wxu-Next-Hostname
X-Sucuri-Cache
Wxu-Next-Commit
X-FPC
Wxu-Next-Region
X-TrackingId
AR-SID
X-TT-LOGID
Viewtype
X-Proxy-Cache-Status
X-Proxy-Upstream
VivaBuild
N-Cache
X-Load-Cache
X-Aicache-OS
X-Edge-IP
X-Varnish-Url
X-Gdpr
Magicmarker
Fastly-Backend-Name
X-Cdn-Forward
User-Agent
Memory
X-DC
X-Parent-Response-Time
HostName
Time
X-Node-Id
X-CSRF-TOKEN
X-Dc
X-Release
CF-IPCountry
X-Varnish-Beresp-Ttl
X-WebServer
X-Pjax-Url
X-Upstream-HT
X-Upstream-CT
X-Nc
Resin-Trace
X-TH-Server
Powered-By
X-CACHE-KEY
X-Wa
PICS-Label
X-Phone
X-Servedbyhost
X-CUA
X-Instart-Info
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-HS-Cache-Config
Pragrma
X-Oss-Request-Id
X-Oss-Storage-Class
X-Oss-Server-Time
X-URL
X-Returned-From-BeforeDispatch
X-Actual-URL
X-Returned-From-DLL
X-Returned-From-PostProcessResponse
X-Passed-To-BeforeDispatch
X-Svr
X-Original-Request
Backend-Name
X-Server-By
X-Stale
X-Passed-To
X-Returned-From
Host-ID
X-Request-Handler-Origin-Region
X-Passed-To-PostProcessResponse
X-Passed-To-DLL
X-Microsite
X-Varnish-Beresp-TTL
X-Newrelic-Synthetics
Mime-Version
X-VServer
Section-Io-Cache
X-Worker
X-Croise-Owner
X-Tb-Optimization-Total-Bytes-Saved
X-From-Cache
X-Optimization
Version
X-Cache-HT
Xxline
X-Server-W
409pxxline
XServer
219prxHost
225prxHost
189phosttRef
188prxHost
Cdn-Request-Time
178proxuri
Cdn-Host
286prxHost
X-Lb-Id
X-Vcache
X-Edge-Server
352pxline
355prline
ProcessTime
Cf-Ipcountry
CF-Cached-On
X-APP
X-Atg-Version
X-Akamai-Request-ID2
Cdn
X-Fastly-Backend-Reqs
X-SERVER-NAME
SID
Accept-Language
Esi-Enabled
X-Zone
X-Unique-ID
Processtime
X-ID
X-Microcachable
X-Req
X-VCL-Version
X-Ratelimit-Remaining
X-AssetVersion
X-Vcl-Version
X-Ratelimit-Limit
Proxy-Firewall
X-LB-ID
X-CACHE-AGE
X-CLOUD-TRACE-CONTEXT
X-Contensis-Viewer-Groups
X-IPS-LoggedIn
SN
X-V
X-B3-SpanId
Odigeo-Trace-Id
GeoIP-City
GeoIP-Country-Code
GeoIP-Latitude
X-HTML-Minification-Powered-By
X-Vtex-Remote-Cache
X-NGINX-Cache
X-Vtex-Processado-Em
X-UPSTREAM-Address
X-ZONE
X-Fstrz
Fastcgi-Useragent
Locale
Pics-Label
X-Via-NSCOPI
X-WA
X-Urbn-Site-Id
X-Urbn-Context-Path
X-Nananana
X-HS-Status
X-RequestId
X-WR-MODIFICATION
X-Check-Cacheable
CDN
X-COUNTRY
X-Hello
X-Reqid
X-ServedByHost
Geoip-Latitude
GeoIp-Country-Code
X-CSRF-Token
X-ABtesting
X-Flog
X-Be
X-Response-By
X-Backend-TTL
DataCenter
X-Cache-Ttl
X-NWS-UUID-VERIFY
GMS-Ver
Geoip-City
X-Hyper-Cache
Dnion-Transfer-Encoding
IBM-Web2-Location
X-SRV
WebServer
X-FORWARDED-FOR
X-Dynatrace
X-Datadome
X-Via-Ucdn
X-Ratelimit-Reset
X-Fastly-Country-Code
X-Generation-Time
X-PJAX-URL
X-LiteSpeed-Cache-Control
X-Render-Time
X-Request-Start
X-NGENIX-Cache
WP-Super-Cache
X-Cdn-Cache
X-CS
Fastcgi-X-Cache-Version
X-Cluster-Name
X-GDPR
Requestid
X-Unique-Id
Public-Key-Pins-Report-Only
WZWS-RAY
X-Amz-Meta-Surrogate-Control
GW-Server
URI
Lb
X-Cache-URL
Amp-Access-Control-Allow-Source-Origin
X-Presslabs-Stats
Dynatrace
FastCGI-Cache
X-HostName
X-Varnish-Action
Who
X-Compress-Hint
GEO-REGION-INFO
X-Fpc
X-Got-Non-Ke-Cookie
X-LiteSpeed-Tag
Serverid
X-We-Are-Hiring
X-Pf-Uncompressing
Countrycode
X-Gen-Id
X-Clientip
Mobile-Detection-Method
Cneonction
X-UE-Client-Country
X-HS-Combine-CSS
SS
Epwk-Cache
X-Test
X-Bug-Bounty
X-BE
X-Store
A
Server-Id
Https
Ohc-File-Size
X-GEO
X-ServerName
Cache-Provider
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
Is-Session-Tracking
Get-Access-Time
X-Cdn-Request-ID
X-HTML-Edge-Cache
X-Request-Url
X-Html-Edge-Cache
X-Fastly-Cache-Hits
X-Dw-Trace-Id
Frontcache
X-EC-Lua
NnCoection