Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
X-Powered-By
Link
ETag
CF-RAY
X-XSS-Protection
Expect-CT
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
CF-Cache-Status
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-Xss-Protection
X-FRAME-OPTIONS
X-Drupal-Cache
X-Adblock-Key
Alt-Svc
X-Check
X-Cacheable
X-Cache-Status
Content-Security-Policy-Report-Only
X-Generator
X-Request-ID
CF-Ray
X-DNS-Prefetch-Control
X-Permitted-Cross-Domain-Policies
X-AspNetMvc-Version
X-Template
X-Language
Status
X-Iinfo
Content-Encoding
Timing-Allow-Origin
X-Content-Security-Policy
X-Buckets
Upgrade
Xkey
X-Turbo-Charged-By
X-Kinja-Server-Push
X-CDN
Keep-Alive
Access-Control-Expose-Headers
X-AH-Environment
X-Backend
Access-Control-Max-Age
X-Cache-Group
X-Pass-Why
X-Server
X-Drupal-Dynamic-Cache
X-Age
X-Ua-Compatible
X-Pingback
X-Via
X-Proxy-Cache
X-Amz-Request-Id
X-Amz-Id-2
Grace
X-Hacker
X-Varnish-Cache
X-Robots-Tag
X-Page-Speed
WPE-Backend
X-Server-Powered-By
X-Nginx-Cache-Status
X-UA-Device
EagleId
Request-Context
X-Envoy-Upstream-Service-Time
P3p
Cf-Railgun
X-Amz-Version-Id
X-Swift-CacheTime
X-Swift-SaveTime
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-LiteSpeed-Cache
Ali-Swift-Global-Savetime
X-WebKit-CSP
X-Device
X-OneAgent-JS-Injection
Server-Timing
Allow
X-Ac
X-Rq
X-Node
X-Host
X-Server-Id
Content-Location
Feature-Policy
X-Cnection
X-Response-Time
Report-To
X-Cloud-Trace-Context
X-Backend-Server
EagleEye-TraceId
X-Application-Context
X-CST
Surrogate-Control
X-ORACLE-DMS-ECID
X-Iejgwucgyu
Request-Id
X-Url
X-Origin-Cache
X-Readtime
X-Rack-Cache
X-FTR-Request-ID
X-Country
X-Cache-Lookup
X-Clacks-Overhead
X-Country-Code
Rating
X-Instart-Request-ID
NEL
X-Vhost
X-DataDome
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Pinterest-Generated-By
X-DynaTrace
X-Cdn
X-Ruxit-JS-Agent
X-Mod-Pagespeed
X-Origin-Upstream-Status
Edge-Control
X-Type
X-Px
X-Goog-Hash
X-HW
Accept-CH
X-Dispatcher
X-Server-Name
Verso
X-ESI
MS-Author-Via
AR-CACHE
AR-ATIME
X-VARITI-CCR
AR-PoweredBy
Arc-Version
X-Mobile-Rewrite
PB-RID
PB-PID
X-GitHub-Request-Id
X-MS-InvokeApp
X-Exp-Id
X-Cdn-Fetch
X-Use-Magma
X-ORACLE-DMS-RID
X-GoogleNews-Bot
X-Exp-Variant
X-Kinja-Server
X-Kinja
X-Kinja-Revision
X-Kinja-Build
X-DataStream-Cache-Status
Public-Key-Pins
X-Upstream-Env
X-Cached
X-Powered-By-Plesk
Content-MD5
X-Version
Service-Worker-Allowed
Accept-CH-Lifetime
AR-Request-ID
X-Recruiting
X-D2id
X-Amz-Server-Side-Encryption
RTSS
X-Navigation-Version
Charset
X-Abt-Application-Version
X-TtlSet
X-Vname
X-PC
X-Ser
Ar-Sid
X-Vcap-Request-Id
X-Varnish-TTL
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-TTL
X-Forwarded-Proto
X-Client-IP
X-Trace
Nginx-Cache
SPRequestGuid
X-FTR-Balancer
X-FTR-Backend-Server
X-Country-Code-Real
X-FTR-Cache-Status
X-FTR-Realm
X-FTR-DC
X-FTR-Backend
X-DynaTrace-JS-Agent
X-FTR-Expires
X-Server-ID
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
DynaTrace
X-Oracle-Dms-Rid
X-VCache
X-Amz-Rid
X-Fastly-Request-ID
X-Amz-Meta-S3cmd-Attrs
S
X-Hits
X-Debug
TCN
X-SharePointHealthScore
X-Upstream-Proxy
Pinterest-Version
X-Pinterest-Rid
X-Ttl
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-Dw-Request-Base-Id
X-Shield-Request-Id
X-Akam-SW-Version
Arr-Disable-Session-Affinity
X-Powered-CMS
X-XRDS-Location
SPRequestDuration
SPIisLatency
X-FTR-Cache-Host
X-T
Access-Control-Request-Method
X-Goog-Storage-Class
X-Id
X-Webkit-CSP
Realpath
X-Aspnet-Version
X-Acc-Meta-Resource-Type
X-Litespeed-Cache
X-MSEdge-Ref
Tracecode
X-NF-Request-ID
X-Amzn-Trace-Id
Front-End-Https
X-Varnish-Age
Fastcgi-Cache
X-N
X-Content-Type
X-Fastcgi-Cache
X-Forwarded-For
X-Upstream
X-B3-TraceId
MRF-Tech
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
X-B3-TraceId-Primal
Mrf-Cache-Status
X-B3-Traceid
Paypal-Debug-Id
Alternate-Protocol
X-Frontend
X-Content-Digest
X-Logged-In
X-HS-Content-Id
X-HS-Hub-Id
Response
X-Sol
X-Middleton-Display
Display
X-Middleton-Response
X-Pad
Fusion-Content-Source
Fusion-Template-Id
Fusion-Source
Fusion-Component-Id
Fusion-Content-Id
X-Hostname
X-Srv
X-PressLabs-Stats
AMP-Access-Control-Allow-Source-Origin
X-RateLimit-Remaining
X-Cache-Key
X-Accel-Expires
Host
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
MicrosoftSharePointTeamServices
X-Grace
ServerID
X-Analytics
X-Correlation-Id
Backend-Timing
Server-Name
X-Kinsta-Cache
X-B3-Sampled
X-Activity-Id
X-Az
X-Debug-Info
X-LB-Cache
X-IPLB-Instance
X-User-Agent
X-Revision
X-AppVersion
Surrogate-Key
X-Amzn-RequestId
X-Rid
X-Amz-Apigw-Id
X-Content-Options
X-Cache-Hit
Accept-Charset
FilterID
X-Ruxit-Js-Agent
X-Cache-2
Refresh
X-CF-Powered-By
Powered-By-ChinaCache
X-B
X-Request-Received
X-Request-Processing-Time
TP-Cache
TP-L2-Cache
X-Page-Id
MS-CV
X-Whom
X-DIS-Request-ID
Server-Info
X-Cached-By
Cache-Status
Host-Header
X-PHP-Backend
X-Varnish-Backend
VIX-Pulpo-Node
X-Content-Security-Policy-Report-Only
X-Origin-Server
X-TT
X-Cache-Action
X-App-Environment
X-Akamai-Edgescape
X-Amz-Replication-Status
VIX-Pulpo-Upstream-Status
Source
X-Platform-Server
X-Mobile
X-F-Cache
PageSpeed
X-Tumblr-Pixel
X-Cluster
X-Tumblr-User
X-Accel-Buffering
X-Tumblr-Pixel-0
X-Framework
Access-Control-Allow-Method
X-Content-Powered-By
X-FW-Hash
X-FW-Type
X-Varnish-Grace
X-FW-Serve
X-FW-Static
X-FW-Server
X-Request-Guid
X-Instance
X-Drupal-Cache-Tags
X-FB-Debug
X-Node-Name
X-Kong-Proxy-Latency
X-UA-Device-Type
X-Forwarded-Host
X-Ezoic-Cdn
X-Kong-Upstream-Latency
X-Shard
X-Geo-Country
Edge-Cache-Tag
X-TA-CDN-Provider
X-Oneagent-Js-Injection
X-Zen-Fury
X-GUploader-UploadID
Fastly-Restarts
X-RateLimit-Limit
X-Cache-TTL
X-Handled-By
X-Varnish-Hostname
From-Origin
X-SS-Set-Cookie
X-Magnolia-Registration
Cache-Tags
X-Cache-Age
X-AOL-HN
X-BCube-Filmed-By
X-FastCGI-Cache
X-ATG-Version
X-XRDS-LOCATION
X-Cache-Control
X-Cache-Rule
Upgrade-Insecure-Requests
Healthy
X-Varnish-Server
Retry-After
Cleartype
X-App-Server
Server-Node
DC
Payment
X-Response-Served-From
X-RequestSource
X-Adobe-Content
X-B-Cache
X-WebKit-CSP-Report-Only
X-Storage
X-TX-ID
X-Signature
X-Adobe-Loc
X-Redis-Cache
X-FW-Dynamic
X-Tumblr-Pixel-2
Powered
X-RTag
X-Region
X-TT-TIMESTAMP
X-Tumblr-Pixel-1
X-UUID
Actual-Object-TTL
X-GeoIP
Filters
X-VG-WebCache
Ms-Operation-Id
X-Dns-Prefetch-Control
Country
Cache-Tv-Group
X-Drupal-Cache-Contexts
X-Jobs
X-Generated-By
X-Varnish-Hits
X-Cacheable-TTL
X-Content-Age
Webserver
X-Locale
Frame-Options
CACHE
NGB
X-WA-Info
GEO-INFO
ServedBy
X-Guploader-Uploadid
X-Contextid
X-Yottaa-Optimizations
X-Cache-NE
X-Yottaa-Metrics
Liferay-Portal
HitType
X-Rendered-As
X-RemovedCookies
X-ProcessESI
Eomportal-Instance
X-BACKEND-TTL
X-Varnish-IP
X-Cache-Operation
X-NWS-LOG-UUID
X-Cache-TTL-Remaining
X-Upgrade-Enabled
X-Via-JSL
Nel
X-Esi
X-Mode
S-Cnection
Viewport
X-Real-IP
X-Seen-By
Xserver
NtCoent-Length
X-Varnish-Cache-Hits
Meta-Geo
X-Zipkin-Id
X-Is-Bot
X-Cache-Var-Map
X-Cache-Var
OT-Force-Account-Verify
X-Akamai-Transformed
LB
Cache-Hits
Cache-Key
X-Cache-Enabled
Mn-Server-Ip
Machine
X-Device-Type
X-Routing-Service
X-Detected-As
X-RN-RSRV
X-Proxied
X-Path-Route
X-Proto
X-ES-SERVER
X-Hl-Ver
Load-Balancing
X-S
X-Time
X-Viewer-Country
X-VG-TLSProxy
X-Proxy
TWC-Device-Class
TWC-Locale-Group
TWC-GeoIP-LatLong
TWC-GeoIP-Country
Property-Id
NGX
X-Origin-Hint
X-Rocket-Nginx-Bypass
Access-Control-Request-Headers
L5d-Success-Class
Mail-Subject
X-Time-Microsecs
X-Tb
X-NCache
TWC-Privacy
TWC-Connection-Speed
Vix-Hermes-Req-Id
X-FB-TRIP-ID
X-Backend-Name
X-Cache-Config
X-Hosted-By
X-FW-Version
X-From
X-Environment-Context
X-FC-Vary-Parameters
Webcakes-Region
Webcakes-App-Version
Webcakes-App-Name
We-Hiring
X-Cache-Server
X-L-Path
Azure-SlotName
Azure-RegionName
Azure-InstanceId
DB-Nickname
X-Format
Azure-Version
Azure-SiteName
Now
X-Akamai-Request-ID
S-Rt
X-Labrador-Cache-Channel
X-Access
X-AWS-Id
X-LJ-Flow-ID
X-MP-GENERATED-AT
Origin-Cache-Control
Origin-Edge-Control
X-Loop
X-Debug-Cache
X-Origin-Response-Time
X-ServerID
X-Cache-Remote
X-Vgn-Hpd-Reason
X-Web-Node
X-VWS-Id
X-RCS-CacheZone
X-Section
X-Tumblr-Pixel-3
X-TNCMS
X-R9-Blue-Green-Version
X-Trace-Id
X-OCL
X-Timing-Wait
X-BYPASS-REASON
X-JoinUs
X-Proxy-Build
X-IP
X-CCM
X-ProxyCache-Status
X-EIG-Tracking-Id
Datacenter
X-ProxyCache-Key
Selected-FE
X-PCL
X-Human
X-Xfnlog-Site
Cache-Tag
X-Via-CDN
X-Via-Fastly
X-Cache-Category-Id
X-Generated
Content-Style-Type
X-Grey
Content-Script-Type
X-Internal-Host
Uber-Trace-Id
X-Www-Served-By
X-Endurance-Cache-Level
X-Dynatrace-Js-Agent
X-UnsetCookies
X-UA
X-VC-Cache
X-Site-Version
X-Varnish-Cacheable
Decoy-Debug-Key
Decoy-Debug-TTL
Decoy-Debug-Status
X-Rule
Release
X-Birta-Cache-Post
Served-By
X-Birta-Served
X-Status
X-EdgeConnect-Cache-Status
X-APP-VERSION
X-TIME
X-CDN-Cache
X-B3-Spanid
X-Newrelic-App-Data
X-GRACE
X-Request-Time
X-Cluster-Node
DSUID
X-OVcl
AsisCache
X-OVcl-Cache
X-Nginx-Cache
X-Origin
X-App-Name
X-Goog-Meta-Goog-Reserved-File-Mtime
X-NewRelic-App-Data
Rt-Fastcgi-Cache
X-VCT
Hostname
X-PERF
X-Hit
X-ApacheServer
X-Source
SRV
X-Origin-Host
X-Ua
X-Sucuri-ID
X-Agile-Id
X-Agile
X-Agile-Age
X-Wix-Request-Id
ViewerVersion
Cteonnt-Length
Cache-Name
X-Pubstack
X-Wix-Server-Artifact-Id
X-Origin-CC
X-ElasticPress-Search
X-Origin-TTL
X-Cache-Host
X-SERVER
X-Accel-Expires-Debug
X-Aed
X-Varnish-Authentication
Fly-Request-Id
X-VG-WebServer
FNAC-ModuleRouting
X-Webstats-RespID
X-DPWN-IS-SECURE
X-Gannett-Site-Version
X-Twitter-Response-Tags
X-Up
X-A-Dcw
X-A-Dam
X-Hp-Webp
X-Var-Ttl
X-Generated-In
X-A-Wwc
X-F5-Cache
X-G
Xc-Version
X-A-Dgt
X-External-Request-Id
X-Debug-Cache-Store
BehaviorPad-Version
X-Application
X-Cache-Info
Arc-Country
X-CF-Lambda-Fn
X-Cache-Miss-From
X-Cache-Grace
X-Cache-Expires
Cross-Origin-Window-Policy
X-Cache-ASPX
Ec-Rule-Version
X-ARC
Cache-Prefix
X-CF-Lambda-Version
Ajk
X-Debug-Cookies
X-IN-APIGATEWAY
X-Debug-Log
X-Destination
X-Developer
Fly-Cache
X-Debug-Cache-Fetch
X-Core-Value
X-Connection-Hash
X-D
X-Date
X-Debug-Cache-Expiry
X-WPE-Loopback-Upstream-Addr
X-A-Ccd
Origin
On-Server
X-Processor
Server-Surrogate-Control
Request-EU
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
X-Refresh
Meta-Geo-Continent
X-IN-WAF
Thinkindot-Control
Node
X-Platform
X-PAYTM-SRV-ID
Rendered-Blocks
X-Mobile-URL
Request-Country
X-Logtrace-Id
X-Matched-Rule
Request-Time
X-NodeID
Server-Host
Server-Cache-Control
X-NX-Host
X-NU-AKA-ACS-Version
X-Region-Sid
X-Reboot
Lfy
Www
UCS
X-ServiceProvider
X-Server-Group
Memcached
X-SRCache-Key
X-A
X-Instart-Isnd
X-B-Cookie
X-Trv-Group
X-Transaction
X-Thinkindot-L3
X-Sedo-Request-Id
MD5-Digest
X-Secret
X-ScT
X-S-Cookie
X-Rojux
X-Request-UUID
X-Rewrite-Enabled
User-Cache-Control
X-Varnish-Ttl
RNT-Machine
X-Amzn-Remapped-Content-Length
True-Client-Country-4JS
RNT-Time
Server-Int
X-Amzn-Remapped-Connection
X-Apm-App-Name
X-Apm-Inst-Hash
X-Amzn-Remapped-Date
ServerName
V-Age
X-Apm-Svc-Key
X-Sn-Servicetimems
X-Device-Os
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Li-Fabric
X-LAGOON
X-Irp-Debug
X-Key
X-Servername
X-Request-URI
X-Li-Pop
X-LI-Proto
X-LI-UUID
X-Nginx-Cache-Key
X-Location
X-Micro-Cache
X-Origin-Date
X-Origin-Expires
X-Qloud-Router
X-Policy
X-PHP-Host
X-Page-Type
X-Sf
X-SIPLIST1
X-Crawler
X-Server-Time
X-Cdn-Origin
X-Developers
X-CGP
X-Cdn-Srv
X-Cache-Backend
X-Cache-Bucket
X-Cache-Debug
X-Cache-Id
X-Dispatcher-Server
X-Distil-CS
X-Hnp-Log
X-Info
X-Swa-Ws
X-SN
X-Hash
X-Gen-Mode
X-Distributor
X-Epic-Correlation-Id
X-Eu-Site
X-Fetched-On
X-Block-Status
Web-Mar-Node
HA-Ipaddr
Cache
Country-Code
Ha-Gx-Prefs
Fastly-SIE
Kp-EeAlive
Gh-Request-Id
X-Real-Ip
IsBot
Warning
Pagetype
Pramga
Proxy-Connection
Backend
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Fastly-SWR
Apple-News-Services-Handled
Apple-News-Services-Host
CDCHOST
Pagespeed
X-Geo
X-App-Version
X-FireWall-Port
X-Exp-Se
X-User
X-Sorting-Hat-ShopId
X-Thanos
Adler-Geo
X-Cms-Context
X-Wikidot-Static-Cache
AKAMAI
X-Sorting-Hat-PodId
X-Core-Mission
X-Via-SSL
X-Wikidot-Backend
X-Variation
X-Gateway-Skip-Cache
X-S-Maxage
X-MSEdge-Features
X-Level-Front-Cache
X-Varnish-Beresp-Grace
X-Server-IP
X-MSEdge-Flight
X-No-Session
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Protected-By
X-Varnish-Beresp-Status
X-ShardId
X-Gateway-Cache-Status
X-Gateway-Cache-Key
X-Shopify-Stage
X-Skip-Cache
Cache-Cookie-Set-From
X-ShopId
X-GeoIP-Country-Code
X-GeoIP-City
X-Geo-Header
X-Generated-On
X-Fastly-Cache
X-Via-Edge
Platform
Heartbleed
X-Alternate-Cache-Key
X-Backend-Host
Is-Eu
Fastly-Soc-X-Request-Id
Fastly-SSL
X-Amz-Meta-Cache-Control
X-ND-Cache
Rt-Proxy-Cache
Cache-Cookie-Set-Idcheck
X-Backend-State
X-Auto-Login
X-C
Cache-Cookie-Set-Lfrom
Content-Disposition
X-BBXSRF
SD-X-WS
X-Backend-Url
X-Cache-FS-Status
X-Bip
X-GZip
X-RateLimit-Reset
HTTPS
X-Owner
X-Served-From
X-BB-ID
X-Org
REQUESTUUID
X-Ocache
X-Edge-Location
X-B3-Parentspanid
X-TrackingId
X-Sucuri-Cache
Server-ID
X-Proxy-Upstream
X-Proxy-Cache-Status
X-TT-LOGID
User-Agent
X-Git-Hash
X-Cdn-Forward
Magicmarker
X-Edge-IP
X-Varnish-Url
MIME-Version
Fastly-Backend-Name
N-Cache
X-CDN-Forward
X-FPC
X-NC
X-Host-Name
Viewtype
Wxu-Next-Hostname
Wxu-Next-Region
X-Gdpr
X-Load-Cache
VivaBuild
X-Aicache-OS
Wxu-Next-Commit
AR-SID
X-Dc
X-Pjax-Url
X-Daa-Tunnel
X-Node-Id
X-Varnish-Beresp-Ttl
X-Nc
X-Parent-Response-Time
Time
Powered-By
Memory
X-CSRF-TOKEN
X-Release
X-CUA
X-DC
X-CACHE-KEY
HostName
Pragrma
CF-IPCountry
X-WebServer
X-HS-Cache-Config
PICS-Label
X-TH-Server
Resin-Trace
X-Passed-To-DLL
X-Passed-To-PostProcessResponse
X-Svr
X-Returned-From-DLL
X-Returned-From-PostProcessResponse
X-Phone
X-Servedbyhost
X-Returned-From-BeforeDispatch
X-Returned-From
X-Passed-To-BeforeDispatch
X-Server-By
X-Stale
X-Wa
X-Oss-Server-Time
X-Original-Request
X-Oss-Hash-Crc64ecma
X-Passed-To
X-Actual-URL
Host-ID
X-Oss-Object-Type
Mime-Version
X-Oss-Request-Id
X-Oss-Storage-Class
X-Upstream-HT
Section-Io-Cache
X-Upstream-CT
X-Croise-Owner
X-VServer
X-Instart-Info
X-Newrelic-Synthetics
X-Tb-Optimization-Total-Bytes-Saved
Cdn-Request-Time
Backend-Name
X-From-Cache
Cdn-Host
X-Lb-Id
X-Edge-Server
X-Optimization
X-Cache-HT
Cdn
Cf-Ipcountry
CF-Cached-On
X-Varnish-Beresp-TTL
X-Worker
ProcessTime
X-Microsite
X-Request-Handler-Origin-Region
Version
X-APP
X-Ratelimit-Remaining
X-Fastly-Backend-Reqs
X-Server-W
178proxuri
286prxHost
188prxHost
225prxHost
219prxHost
352pxline
355prline
409pxxline
189phosttRef
Xxline
SID
X-Unique-ID
X-Atg-Version
Processtime
X-Microcachable
XServer
X-Req
X-Datadome
X-Zone
X-Ratelimit-Limit
X-Akamai-Request-ID2
X-ID
Proxy-Firewall
X-Vcl-Version
Accept-Language
X-B3-SpanId
X-LB-ID
Odigeo-Trace-Id
X-V
X-CLOUD-TRACE-CONTEXT
X-CACHE-AGE
Fastcgi-Useragent
X-IPS-LoggedIn
X-UPSTREAM-Address
Esi-Enabled
X-AssetVersion
X-VCL-Version
X-Contensis-Viewer-Groups
X-HTML-Minification-Powered-By
X-Check-Cacheable
X-Vcache
GeoIP-Latitude
X-Fstrz
X-Backend-TTL
GeoIP-City
X-NGINX-Cache
X-WA
GeoIP-Country-Code
SN
X-WR-MODIFICATION
X-URL
Pics-Label
X-HS-Status
X-Be
X-Vtex-Remote-Cache
X-Ratelimit-Reset
X-Response-By
X-CSRF-Token
X-Nananana
X-Vtex-Processado-Em
X-ServedByHost
X-RequestId
GMS-Ver
X-ZONE
X-Via-NSCOPI
X-Urbn-Site-Id
X-Reqid
GeoIp-Country-Code
X-Urbn-Context-Path
Geoip-Latitude
Locale
DataCenter
Geoip-City
X-Hyper-Cache
X-Hello
X-NWS-UUID-VERIFY
X-Flog
X-SERVER-NAME
X-ABtesting
X-Dynatrace
X-Fastly-Country-Code
X-Request-Start
Fastcgi-X-Cache-Version
Public-Key-Pins-Report-Only
X-Render-Time
IBM-Web2-Location
X-Via-Ucdn
CDN
WP-Super-Cache
X-Cdn-Cache
X-CS
GW-Server
X-LiteSpeed-Cache-Control
X-GDPR
X-Cache-Ttl
Dnion-Transfer-Encoding
X-Amz-Meta-Surrogate-Control
WZWS-RAY
X-Generation-Time
X-Unique-Id
X-NGENIX-Cache
Countrycode
X-UE-Client-Country
X-We-Are-Hiring
X-Clientip
Mobile-Detection-Method
URI
X-PJAX-URL
Requestid
Lb
X-Cluster-Name
X-FORWARDED-FOR
FastCGI-Cache
Amp-Access-Control-Allow-Source-Origin
X-HostName
Dynatrace
X-Presslabs-Stats
X-SRV
X-GEO
Cneonction
Serverid
X-BE
Ohc-File-Size
X-Cache-URL
X-Compress-Hint
SS
X-Fpc
X-HS-Combine-CSS
X-Pf-Uncompressing
X-Gen-Id
WebServer
X-Bug-Bounty
A
Server-Id
Who
GEO-REGION-INFO
X-Got-Non-Ke-Cookie
X-LiteSpeed-Tag
X-Test
X-Store
X-Varnish-Action
X-Akamai-SSL-Client-Sid
RequestUuid
Https
RequestId
X-ServerName
NnCoection
X-Request-Url
Frontcache
X-HTML-Edge-Cache
X-Cdn-Request-ID
X-Fastly-Cache-Hits
X-Serial
X-PF-Uncompressing
X-GZIP
X-Dw-Trace-Id
FSS-Proxy
FSS-Cache
X-EC-Lua
X-Html-Edge-Cache