Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
X-Powered-By
Link
ETag
CF-RAY
X-XSS-Protection
Expect-CT
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-Cache-Hits
X-UA-Compatible
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
CF-Cache-Status
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-Xss-Protection
X-FRAME-OPTIONS
X-Drupal-Cache
X-Adblock-Key
Alt-Svc
X-Check
X-Cacheable
Content-Security-Policy-Report-Only
X-Cache-Status
X-Generator
X-Request-ID
CF-Ray
X-DNS-Prefetch-Control
X-Permitted-Cross-Domain-Policies
X-AspNetMvc-Version
X-Template
X-Language
Status
X-Iinfo
Content-Encoding
Timing-Allow-Origin
X-Content-Security-Policy
X-Buckets
Upgrade
Xkey
X-Turbo-Charged-By
X-Kinja-Server-Push
X-CDN
X-Ua-Compatible
Keep-Alive
Access-Control-Expose-Headers
X-AH-Environment
X-Server
X-Backend
Access-Control-Max-Age
X-Cache-Group
X-Pass-Why
X-Drupal-Dynamic-Cache
X-Age
X-Via
X-Pingback
X-Proxy-Cache
X-Amz-Request-Id
X-Amz-Id-2
Grace
X-Hacker
X-Varnish-Cache
WPE-Backend
X-Page-Speed
X-Robots-Tag
X-Server-Powered-By
X-Nginx-Cache-Status
X-UA-Device
EagleId
Request-Context
X-Envoy-Upstream-Service-Time
P3p
Cf-Railgun
X-Amz-Version-Id
X-LiteSpeed-Cache
X-Swift-SaveTime
X-Swift-CacheTime
X-WebKit-CSP
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
Ali-Swift-Global-Savetime
X-Device
X-OneAgent-JS-Injection
Server-Timing
X-Server-Id
X-Rq
X-Ac
X-Node
Allow
X-Host
Content-Location
Feature-Policy
X-Cnection
X-Response-Time
Report-To
X-Cloud-Trace-Context
X-Backend-Server
EagleEye-TraceId
Surrogate-Control
X-Application-Context
X-CST
X-ORACLE-DMS-ECID
Request-Id
X-Iejgwucgyu
X-Url
X-Origin-Cache
X-Readtime
X-Rack-Cache
X-FTR-Request-ID
X-Country
X-Cache-Lookup
X-Clacks-Overhead
X-Country-Code
Rating
NEL
X-DataDome
X-Instart-Request-ID
X-Vhost
X-Ruxit-JS-Agent
Pinterest-Generated-By
X-DynaTrace
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Cdn
X-Mod-Pagespeed
X-Origin-Upstream-Status
Edge-Control
X-HW
X-Goog-Hash
X-Px
Accept-CH
X-Dispatcher
Verso
X-ESI
X-Server-Name
MS-Author-Via
AR-ATIME
AR-CACHE
X-VARITI-CCR
AR-PoweredBy
X-Mobile-Rewrite
PB-PID
Arc-Version
PB-RID
X-DataStream-Cache-Status
X-MS-InvokeApp
X-GitHub-Request-Id
X-ORACLE-DMS-RID
X-Kinja
X-Type
X-Cdn-Fetch
X-Exp-Id
X-Kinja-Revision
X-GoogleNews-Bot
X-Kinja-Build
X-Use-Magma
X-Kinja-Server
X-Exp-Variant
Public-Key-Pins
X-Cached
X-Powered-By-Plesk
Content-MD5
X-Version
Service-Worker-Allowed
X-TTL
Accept-CH-Lifetime
AR-Request-ID
X-Upstream-Env
X-Recruiting
RTSS
X-D2id
X-Amz-Server-Side-Encryption
X-Navigation-Version
X-Abt-Application-Version
Charset
X-Ser
X-Vcap-Request-Id
Ar-Sid
X-TtlSet
X-Vname
X-PC
X-Varnish-TTL
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Forwarded-Proto
Nginx-Cache
X-Client-IP
X-Trace
SPRequestGuid
X-FTR-Realm
X-Country-Code-Real
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-Cache-Status
X-FTR-DC
X-FTR-Backend
X-FTR-Expires
DynaTrace
X-Goog-Generation
X-Oracle-Dms-Rid
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Amz-Rid
X-DynaTrace-JS-Agent
X-Amz-Meta-S3cmd-Attrs
X-Fastly-Request-ID
X-Hits
X-Debug
S
X-XRDS-Location
TCN
X-VCache
Pinterest-Version
X-Upstream-Proxy
X-Pinterest-Rid
X-SharePointHealthScore
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-Dw-Request-Base-Id
X-Shield-Request-Id
X-Powered-CMS
X-Akam-SW-Version
SPIisLatency
Arr-Disable-Session-Affinity
SPRequestDuration
X-FTR-Cache-Host
X-T
Access-Control-Request-Method
X-Goog-Storage-Class
X-Server-ID
X-Id
Realpath
X-Aspnet-Version
X-Acc-Meta-Resource-Type
Tracecode
X-MSEdge-Ref
X-Amzn-Trace-Id
X-NF-Request-ID
X-N
Front-End-Https
Fastcgi-Cache
X-B3-Traceid
X-Varnish-Age
X-Content-Type
X-Ttl
X-Upstream
X-Forwarded-For
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
X-Fastcgi-Cache
Paypal-Debug-Id
Alternate-Protocol
X-Sol
Display
X-Middleton-Display
Response
X-Middleton-Response
X-Content-Digest
X-Logged-In
X-Frontend
X-Pad
X-HS-Content-Id
X-HS-Hub-Id
X-Webkit-CSP
X-Litespeed-Cache
Fusion-Source
Fusion-Content-Id
Fusion-Template-Id
Fusion-Component-Id
Fusion-Content-Source
X-B3-TraceId
X-Hostname
AMP-Access-Control-Allow-Source-Origin
X-PressLabs-Stats
X-Srv
X-RateLimit-Remaining
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
Host
X-Cache-Key
X-Accel-Expires
X-Grace
ServerID
MicrosoftSharePointTeamServices
X-Correlation-Id
X-Analytics
X-B3-Sampled
Backend-Timing
Server-Name
X-IPLB-Instance
X-Revision
X-Debug-Info
Surrogate-Key
X-Activity-Id
X-Rid
X-LB-Cache
X-Az
X-Amzn-RequestId
X-User-Agent
X-AppVersion
X-Amz-Apigw-Id
X-Cache-Hit
X-Content-Options
X-Kinsta-Cache
Accept-Charset
FilterID
X-Cache-2
Refresh
Powered-By-ChinaCache
X-CF-Powered-By
X-Request-Received
X-Request-Processing-Time
X-B
TP-L2-Cache
TP-Cache
MS-CV
X-Page-Id
X-Whom
X-Cached-By
Host-Header
Server-Info
Cache-Status
X-Ruxit-Js-Agent
X-Origin-Server
X-App-Environment
X-Akamai-Edgescape
X-TT
X-Cache-Action
X-Amz-Replication-Status
X-Content-Security-Policy-Report-Only
X-DIS-Request-ID
Source
X-PHP-Backend
X-Varnish-Backend
X-Tumblr-Pixel-0
X-Platform-Server
X-Tumblr-Pixel
X-Tumblr-User
X-Mobile
X-Ezoic-Cdn
X-F-Cache
X-FW-Serve
X-FW-Hash
X-Content-Powered-By
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-FW-Type
X-Cluster
X-FW-Static
X-Framework
X-Node-Name
X-Varnish-Grace
X-FW-Server
X-Instance
X-Forwarded-Host
Access-Control-Allow-Method
X-Request-Guid
X-Shard
X-GUploader-UploadID
X-Drupal-Cache-Tags
X-FB-Debug
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-UA-Device-Type
Fastly-Restarts
X-Geo-Country
PageSpeed
Edge-Cache-Tag
X-TA-CDN-Provider
X-Accel-Buffering
X-Oneagent-Js-Injection
X-Zen-Fury
X-FastCGI-Cache
X-Varnish-Hostname
X-Handled-By
From-Origin
X-RateLimit-Limit
Cache-Tags
X-Magnolia-Registration
X-AOL-HN
X-Cache-TTL
X-SS-Set-Cookie
X-BCube-Filmed-By
X-Cache-Age
X-Cache-Control
X-Cache-Rule
X-ATG-Version
Upgrade-Insecure-Requests
Healthy
Retry-After
X-Varnish-Server
Payment
Server-Node
DC
X-RequestSource
X-Response-Served-From
Cleartype
X-Storage
X-Adobe-Loc
X-Adobe-Content
Country
X-TX-ID
X-WebKit-CSP-Report-Only
X-App-Server
Powered
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-UUID
X-Dns-Prefetch-Control
X-B-Cache
X-FW-Dynamic
Filters
X-GeoIP
Actual-Object-TTL
X-Signature
X-VG-WebCache
X-TT-TIMESTAMP
X-Redis-Cache
Cache-Tv-Group
X-Drupal-Cache-Contexts
Ms-Operation-Id
X-RTag
X-Region
X-XRDS-LOCATION
X-Varnish-Hits
X-Cacheable-TTL
X-Generated-By
X-Content-Age
X-Jobs
X-Locale
Frame-Options
X-WA-Info
Webserver
GEO-INFO
NGB
ServedBy
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Contextid
X-Cache-NE
X-BACKEND-TTL
Liferay-Portal
HitType
X-NWS-LOG-UUID
X-ProcessESI
CACHE
X-RemovedCookies
X-Rendered-As
Eomportal-Instance
X-Cache-Operation
X-Varnish-IP
X-Guploader-Uploadid
X-Cache-TTL-Remaining
X-Real-IP
X-Upgrade-Enabled
X-Dynatrace-Js-Agent
X-Esi
X-Mode
X-Via-JSL
S-Cnection
LB
X-Varnish-Cache-Hits
Viewport
X-Cache-Remote
Mn-Server-Ip
X-Cache-Enabled
Meta-Geo
X-Cache-Var
Load-Balancing
X-Proxied
X-RN-RSRV
X-From
X-Hl-Ver
X-Proto
X-Is-Bot
X-Path-Route
X-Routing-Service
X-ES-SERVER
X-Device-Type
X-Detected-As
X-Cache-Var-Map
Cache-Key
Cache-Hits
X-Zipkin-Id
OT-Force-Account-Verify
X-Akamai-Transformed
Machine
X-S
X-Time
X-L-Path
X-LJ-Flow-ID
L5d-Success-Class
Mail-Subject
Property-Id
NGX
X-NCache
X-Origin-Hint
X-Tb
X-Time-Microsecs
X-Seen-By
X-Rocket-Nginx-Bypass
X-Proxy
X-R9-Blue-Green-Version
X-FW-Version
TWC-Connection-Speed
X-FB-TRIP-ID
Webcakes-Region
X-Environment-Context
X-AWS-Id
X-Cache-Config
X-Backend-Name
Webcakes-App-Version
Webcakes-App-Name
TWC-GeoIP-Country
TWC-Device-Class
TWC-GeoIP-LatLong
TWC-Locale-Group
We-Hiring
TWC-Privacy
X-Cache-Server
Access-Control-Request-Headers
X-VWS-Id
X-Viewer-Country
X-VG-TLSProxy
X-Web-Node
X-MP-GENERATED-AT
Xserver
X-Origin-Response-Time
DB-Nickname
X-Hosted-By
Azure-RegionName
Azure-Version
X-Labrador-Cache-Channel
Azure-SlotName
Azure-SiteName
Now
Azure-InstanceId
Origin-Cache-Control
X-ServerID
X-Section
X-FC-Vary-Parameters
X-Akamai-Request-ID
X-Debug-Cache
X-EIG-Tracking-Id
X-Access
Vix-Hermes-Req-Id
S-Rt
X-Tumblr-Pixel-3
X-Format
Origin-Edge-Control
X-BYPASS-REASON
X-Xfnlog-Site
X-Human
X-Via-Fastly
Cache-Tag
X-IP
X-ProxyCache-Key
X-PCL
X-ProxyCache-Status
NtCoent-Length
X-RCS-CacheZone
X-Loop
X-OCL
X-Via-CDN
X-CCM
X-TNCMS
X-Trace-Id
X-Cache-Category-Id
X-Www-Served-By
X-Internal-Host
Uber-Trace-Id
X-JoinUs
X-Grey
Datacenter
X-Vgn-Hpd-Reason
X-UnsetCookies
X-UA
Selected-FE
X-Proxy-Build
Content-Style-Type
Content-Script-Type
X-Timing-Wait
X-Endurance-Cache-Level
Release
X-VC-Cache
X-Site-Version
X-Generated
X-Rule
X-Varnish-Cacheable
X-APP-VERSION
X-Status
Decoy-Debug-Key
Decoy-Debug-TTL
Decoy-Debug-Status
Served-By
X-EdgeConnect-Cache-Status
X-Birta-Cache-Post
X-Birta-Served
X-B3-Spanid
X-TIME
Nel
X-CDN-Cache
DSUID
X-Request-Time
X-OVcl
X-OVcl-Cache
X-Cluster-Node
X-Origin
Cache
X-NewRelic-App-Data
AsisCache
X-VCT
Rt-Fastcgi-Cache
X-Hit
X-App-Name
Pagespeed
X-Nginx-Cache
X-Newrelic-App-Data
X-Goog-Meta-Goog-Reserved-File-Mtime
SRV
X-PERF
Cteonnt-Length
X-ApacheServer
X-Ua
X-GRACE
X-Source
X-Pubstack
Hostname
X-Agile-Id
X-Agile
X-Agile-Age
X-Sucuri-ID
X-Origin-Host
X-Cache-Host
X-ElasticPress-Search
X-Origin-CC
X-Origin-TTL
Cache-Name
Thinkindot-Control
X-A-Ccd
X-VG-WebServer
X-A
BehaviorPad-Version
Cache-Prefix
Cross-Origin-Window-Policy
UCS
Www
X-Var-Ttl
X-Aed
X-Accel-Expires-Debug
X-Application
X-Trv-Group
Arc-Country
X-Twitter-Response-Tags
X-A-Wwc
Thinkindot-CacheControl-Type
X-Up
X-A-Dcw
X-A-Dgt
X-Varnish-Authentication
Server-Host
Lfy
FNAC-ModuleRouting
Fly-Request-Id
X-Transaction
On-Server
Node
MD5-Digest
Memcached
Meta-Geo-Continent
Fly-Cache
Xc-Version
X-Webstats-RespID
Request-Time
Server-Cache-Control
Server-Surrogate-Control
Request-EU
Request-Country
Ec-Rule-Version
Origin
Rendered-Blocks
Thinkindot-CacheControl
X-Cache-ASPX
X-G
X-Gannett-Site-Version
X-F5-Cache
X-CF-Lambda-Fn
X-External-Request-Id
X-Generated-In
X-Hp-Webp
X-Cdn-Origin
X-Cache-Info
X-Instart-Isnd
X-IN-WAF
X-IN-APIGATEWAY
X-DPWN-IS-SECURE
X-Developer
X-Date
X-D
Ajk
X-Debug-Cache-Expiry
X-Debug-Cache-Store
X-Core-Value
X-Debug-Cookies
X-CF-Lambda-Version
X-Destination
X-Connection-Hash
X-Debug-Log
X-Cache-Grace
X-Logtrace-Id
X-B-Cookie
X-ScT
X-Debug-Cache-Fetch
X-S-Cookie
X-Rojux
X-Secret
X-Server-Group
X-SRCache-Key
X-ARC
X-Sn-Servicetimems
X-ServiceProvider
X-Server-Time
X-Rewrite-Enabled
X-Request-UUID
X-NU-AKA-ACS-Version
X-Cache-Expires
X-NodeID
X-Mobile-URL
X-Matched-Rule
X-NX-Host
X-PAYTM-SRV-ID
X-Region-Sid
X-Refresh
X-Reboot
X-Processor
X-Thinkindot-L3
X-A-Dam
X-Geo
X-Varnish-Ttl
X-WPE-Loopback-Upstream-Addr
User-Cache-Control
X-Cache-Backend
X-CGP
X-Cdn-Srv
X-Cache-Bucket
X-Cache-Id
X-Cache-Miss-From
X-Wix-Request-Id
X-Dispatcher-Server
X-Distil-CS
X-Device-Os
X-Developers
X-Swa-Ws
ViewerVersion
X-Qloud-Router
X-Apm-Inst-Hash
Rt-Proxy-Cache
True-Client-Country-4JS
ServerName
Server-Int
RNT-Time
X-ND-Cache
V-Age
Web-Mar-Node
X-Apm-App-Name
X-Distributor
X-Amzn-Remapped-Date
X-Amzn-Remapped-Content-Length
X-Amzn-Remapped-Connection
X-Apm-Svc-Key
X-Eu-Site
X-Request-URI
X-Page-Type
Apple-News-Services-Handled
X-Nginx-Cache-Key
X-Location
X-Micro-Cache
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Policy
X-RateLimit-Limit-Second
X-Platform
X-PHP-Host
X-RateLimit-Remaining-Second
X-Sedo-Request-Id
X-LI-UUID
X-Gen-Mode
X-Hnp-Log
X-Sf
X-Fetched-On
RNT-Machine
X-SIPLIST1
X-Servername
X-Irp-Debug
X-Li-Pop
X-LI-Proto
X-Li-Fabric
X-LAGOON
X-Key
X-Epic-Correlation-Id
X-Block-Status
Gh-Request-Id
Pramga
Proxy-Connection
Cache-Cookie-Set-Idcheck
CDCHOST
Fastly-SWR
Fastly-SIE
IsBot
Pagetype
Cache-Cookie-Set-From
Cache-Cookie-Set-Lfrom
Ha-Gx-Prefs
Apple-News-Services-Host
HA-Ipaddr
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
X-FireWall-Port
X-Gateway-Cache-Key
X-C
X-Info
X-Variation
X-Cache-Debug
X-Protected-By
Fastly-SSL
Is-Eu
X-BBXSRF
Heartbleed
Fastly-Soc-X-Request-Id
X-Cache-FS-Status
X-Server-IP
X-Org
X-Backend-Url
X-Gateway-Cache-Status
X-Cms-Context
X-SN
X-Gateway-Skip-Cache
X-Fastly-Cache
X-User
X-Served-From
X-Crawler
X-Hash
X-GeoIP-Country-Code
X-Skip-Cache
Content-Disposition
REQUESTUUID
Backend
X-Planisys-CDN-Rules
AKAMAI
X-Backend-State
X-Wikidot-Static-Cache
Warning
Adler-Geo
X-Planisys-CDN-Cache
SD-X-WS
X-Level-Front-Cache
X-GeoIP-City
X-Generated-On
X-Geo-Header
X-Origin-Expires
X-Wikidot-Backend
X-MSEdge-Flight
X-Via-SSL
X-S-Maxage
X-Planisys-CDN-TTL
X-MSEdge-Features
X-Amz-Meta-Cache-Control
X-Via-Edge
X-Backend-Host
X-Origin-Date
X-No-Session
Country-Code
Platform
X-B3-Parentspanid
X-GZip
X-Sorting-Hat-PodId
X-RateLimit-Reset
X-CDN-Forward
X-Owner
X-ShardId
X-ShopId
X-Exp-Se
X-Shopify-Stage
Kp-EeAlive
X-Auto-Login
X-Bip
X-Alternate-Cache-Key
X-Thanos
X-Core-Mission
X-Sorting-Hat-ShopId
X-Git-Hash
MIME-Version
X-Real-Ip
X-Host-Name
X-App-Version
X-Ocache
HTTPS
X-Varnish-Beresp-Grace
Server-ID
X-BB-ID
X-Varnish-Beresp-Status
X-Wix-Server-Artifact-Id
X-Edge-Location
X-NC
X-Proxy-Upstream
Wxu-Next-Region
X-TT-LOGID
X-Proxy-Cache-Status
X-TrackingId
Wxu-Next-Hostname
X-Daa-Tunnel
Wxu-Next-Commit
X-FPC
X-Sucuri-Cache
VivaBuild
Viewtype
AR-SID
Fastly-Backend-Name
X-Aicache-OS
X-Gdpr
Magicmarker
X-Load-Cache
X-Edge-IP
X-Varnish-Url
N-Cache
X-Cdn-Forward
User-Agent
X-CSRF-TOKEN
Memory
X-Parent-Response-Time
X-Release
X-Dc
X-Node-Id
Time
HostName
X-DC
X-Varnish-Beresp-Ttl
X-Pjax-Url
X-TH-Server
CF-IPCountry
X-Upstream-CT
X-Upstream-HT
X-Nc
X-Wa
X-Servedbyhost
X-Phone
Powered-By
Resin-Trace
X-HS-Cache-Config
X-CUA
X-CACHE-KEY
X-WebServer
PICS-Label
Pragrma
X-Instart-Info
X-Returned-From-BeforeDispatch
X-Returned-From-DLL
X-Svr
Backend-Name
X-Stale
X-Returned-From
X-Request-Handler-Origin-Region
X-Returned-From-PostProcessResponse
X-Microsite
X-Server-By
X-Oss-Object-Type
X-Oss-Request-Id
X-Oss-Hash-Crc64ecma
X-Original-Request
Host-ID
X-Oss-Server-Time
X-Actual-URL
X-Passed-To-DLL
X-Passed-To-PostProcessResponse
X-Passed-To-BeforeDispatch
X-Passed-To
X-Oss-Storage-Class
X-Newrelic-Synthetics
Mime-Version
X-Varnish-Beresp-TTL
X-Lb-Id
X-Tb-Optimization-Total-Bytes-Saved
Section-Io-Cache
X-VServer
X-Croise-Owner
X-Worker
X-From-Cache
X-Cache-HT
Version
X-Optimization
409pxxline
286prxHost
X-Edge-Server
352pxline
XServer
355prline
Xxline
225prxHost
188prxHost
178proxuri
Cdn-Request-Time
Cdn-Host
189phosttRef
219prxHost
Cf-Ipcountry
CF-Cached-On
ProcessTime
X-Vcache
X-Server-W
X-APP
X-Atg-Version
X-Akamai-Request-ID2
X-SERVER-NAME
SID
Cdn
Accept-Language
Processtime
X-Fastly-Backend-Reqs
X-Unique-ID
X-Microcachable
X-VCL-Version
X-ID
Esi-Enabled
X-Req
X-Zone
X-Ratelimit-Remaining
X-Vcl-Version
Proxy-Firewall
X-Ratelimit-Limit
X-Contensis-Viewer-Groups
X-LB-ID
X-CLOUD-TRACE-CONTEXT
X-CACHE-AGE
X-NGINX-Cache
X-IPS-LoggedIn
SN
GeoIP-Country-Code
X-AssetVersion
X-V
X-B3-SpanId
GeoIP-Latitude
Odigeo-Trace-Id
GeoIP-City
X-HTML-Minification-Powered-By
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
X-UPSTREAM-Address
X-ZONE
Locale
Fastcgi-Useragent
X-Urbn-Site-Id
X-Urbn-Context-Path
X-Reqid
X-RequestId
X-Fstrz
X-HS-Status
X-WA
X-Nananana
X-URL
Pics-Label
X-Via-NSCOPI
CDN
X-WR-MODIFICATION
X-Check-Cacheable
X-ServedByHost
X-CSRF-Token
GeoIp-Country-Code
X-Response-By
X-Be
X-Flog
X-ABtesting
X-Backend-TTL
Geoip-Latitude
X-Hello
X-Cache-Ttl
DataCenter
IBM-Web2-Location
X-NWS-UUID-VERIFY
GMS-Ver
Geoip-City
X-Hyper-Cache
Dnion-Transfer-Encoding
X-Dynatrace
X-Datadome
X-Generation-Time
X-Via-Ucdn
X-Render-Time
X-LiteSpeed-Cache-Control
X-Ratelimit-Reset
X-Request-Start
X-NGENIX-Cache
X-Fastly-Country-Code
X-Cdn-Cache
WP-Super-Cache
X-Cluster-Name
Requestid
WebServer
X-GDPR
X-PJAX-URL
Fastcgi-X-Cache-Version
X-CS
Public-Key-Pins-Report-Only
X-Unique-Id
WZWS-RAY
X-Amz-Meta-Surrogate-Control
X-HS-Combine-CSS
Lb
X-Cache-URL
GW-Server
URI
X-HostName
Dynatrace
X-SRV
Amp-Access-Control-Allow-Source-Origin
X-FORWARDED-FOR
FastCGI-Cache
X-Presslabs-Stats
X-LiteSpeed-Tag
Who
X-Varnish-Action
X-Compress-Hint
X-Gen-Id
GEO-REGION-INFO
X-Got-Non-Ke-Cookie
Serverid
X-Fpc
Cneonction
Mobile-Detection-Method
X-Pf-Uncompressing
X-UE-Client-Country
X-We-Are-Hiring
X-Clientip
Countrycode
Epwk-Cache
X-Bug-Bounty
A
Ohc-File-Size
Https
Server-Id
X-Test
X-Store
SS
X-BE
X-GEO
Get-Access-Time
Cache-Provider
Is-Session-Tracking
RequestId
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Requestid
X-EC-Lua
X-HTML-Edge-Cache
X-Html-Edge-Cache
X-Request-Url
X-Fastly-Cache-Hits
X-Cdn-Request-ID
NnCoection
X-Dw-Trace-Id
X-ServerName
Frontcache