Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
X-Powered-By
Link
ETag
CF-RAY
X-XSS-Protection
Expect-CT
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
CF-Cache-Status
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-Xss-Protection
X-FRAME-OPTIONS
X-Drupal-Cache
X-Adblock-Key
Alt-Svc
X-Check
X-Cacheable
X-Cache-Status
Content-Security-Policy-Report-Only
X-Generator
X-Request-ID
CF-Ray
X-DNS-Prefetch-Control
X-Permitted-Cross-Domain-Policies
X-AspNetMvc-Version
X-Template
X-Language
Status
X-Iinfo
Content-Encoding
Timing-Allow-Origin
X-Content-Security-Policy
X-Buckets
Upgrade
Xkey
X-Turbo-Charged-By
X-Kinja-Server-Push
X-CDN
Keep-Alive
Access-Control-Expose-Headers
X-AH-Environment
X-Backend
Access-Control-Max-Age
X-Cache-Group
X-Pass-Why
X-Server
X-Drupal-Dynamic-Cache
X-Age
X-Ua-Compatible
X-Pingback
X-Via
X-Proxy-Cache
X-Amz-Request-Id
X-Amz-Id-2
Grace
X-Hacker
X-Varnish-Cache
X-Robots-Tag
X-Page-Speed
WPE-Backend
X-Server-Powered-By
X-Nginx-Cache-Status
X-UA-Device
EagleId
Request-Context
X-Envoy-Upstream-Service-Time
P3p
Cf-Railgun
X-Amz-Version-Id
X-LiteSpeed-Cache
X-Swift-CacheTime
X-Swift-SaveTime
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
Ali-Swift-Global-Savetime
X-WebKit-CSP
X-Device
X-OneAgent-JS-Injection
Server-Timing
X-Rq
X-Ac
Allow
X-Node
X-Host
X-Server-Id
Content-Location
Feature-Policy
X-Cnection
X-Response-Time
Report-To
X-Backend-Server
EagleEye-TraceId
X-Cloud-Trace-Context
X-Application-Context
Surrogate-Control
X-CST
X-ORACLE-DMS-ECID
X-Iejgwucgyu
Request-Id
X-Url
X-Origin-Cache
X-Readtime
X-Rack-Cache
X-FTR-Request-ID
X-Country
X-Cache-Lookup
X-Clacks-Overhead
X-Country-Code
Rating
X-Instart-Request-ID
NEL
X-DataDome
X-Vhost
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Pinterest-Generated-By
X-DynaTrace
X-Cdn
X-Ruxit-JS-Agent
X-Mod-Pagespeed
X-Origin-Upstream-Status
Edge-Control
X-Type
X-Goog-Hash
X-Px
X-HW
Accept-CH
X-Dispatcher
Verso
X-Server-Name
X-ESI
MS-Author-Via
AR-PoweredBy
X-VARITI-CCR
AR-CACHE
AR-ATIME
X-GitHub-Request-Id
X-Mobile-Rewrite
PB-RID
PB-PID
Arc-Version
X-MS-InvokeApp
X-Cdn-Fetch
X-ORACLE-DMS-RID
X-Kinja-Revision
X-Kinja-Build
X-Kinja-Server
X-Exp-Id
X-Kinja
X-GoogleNews-Bot
X-Exp-Variant
X-Use-Magma
X-DataStream-Cache-Status
Public-Key-Pins
X-Upstream-Env
X-Cached
X-Powered-By-Plesk
Content-MD5
X-Version
Service-Worker-Allowed
Accept-CH-Lifetime
AR-Request-ID
X-Recruiting
RTSS
X-D2id
X-Amz-Server-Side-Encryption
X-Navigation-Version
Charset
X-Abt-Application-Version
X-Vname
X-TtlSet
X-PC
X-Ser
Ar-Sid
X-Vcap-Request-Id
X-Varnish-TTL
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-TTL
X-Forwarded-Proto
X-Client-IP
X-Trace
Nginx-Cache
SPRequestGuid
X-DynaTrace-JS-Agent
X-FTR-DC
X-FTR-Balancer
X-Country-Code-Real
X-FTR-Backend-Server
X-FTR-Cache-Status
X-FTR-Realm
X-FTR-Backend
X-Server-ID
X-FTR-Expires
DynaTrace
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Oracle-Dms-Rid
X-Amz-Rid
X-VCache
X-Fastly-Request-ID
X-Amz-Meta-S3cmd-Attrs
S
X-Hits
X-Debug
TCN
X-SharePointHealthScore
Pinterest-Version
X-Upstream-Proxy
X-Pinterest-Rid
X-Ttl
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-Dw-Request-Base-Id
X-Akam-SW-Version
X-Shield-Request-Id
X-Powered-CMS
Arr-Disable-Session-Affinity
X-XRDS-Location
SPRequestDuration
SPIisLatency
X-FTR-Cache-Host
X-T
Access-Control-Request-Method
X-Goog-Storage-Class
X-Webkit-CSP
X-Id
Realpath
X-Aspnet-Version
X-Acc-Meta-Resource-Type
X-MSEdge-Ref
X-NF-Request-ID
Tracecode
X-Amzn-Trace-Id
Front-End-Https
Fastcgi-Cache
X-N
X-Varnish-Age
X-Content-Type
X-Fastcgi-Cache
X-Upstream
X-Forwarded-For
X-B3-TraceId
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
X-Mrf-Section-Lastmod
Paypal-Debug-Id
X-Mrf-Item-Lastmod
X-B3-Traceid
Alternate-Protocol
X-Frontend
X-Logged-In
X-Content-Digest
X-HS-Hub-Id
X-HS-Content-Id
Display
Response
X-Middleton-Display
X-Middleton-Response
X-Sol
X-Pad
Fusion-Component-Id
Fusion-Content-Source
Fusion-Content-Id
Fusion-Source
Fusion-Template-Id
X-Litespeed-Cache
X-RateLimit-Remaining
X-Hostname
X-PressLabs-Stats
X-Srv
AMP-Access-Control-Allow-Source-Origin
X-Cache-Key
X-Accel-Expires
Host
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
MicrosoftSharePointTeamServices
X-Grace
ServerID
Server-Name
Backend-Timing
X-Analytics
X-Correlation-Id
X-B3-Sampled
X-Kinsta-Cache
X-User-Agent
X-AppVersion
Surrogate-Key
X-Az
X-Debug-Info
X-LB-Cache
X-IPLB-Instance
X-Revision
X-Activity-Id
X-Rid
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Cache-Hit
X-Content-Options
FilterID
Accept-Charset
X-Ruxit-Js-Agent
X-Cache-2
Refresh
X-CF-Powered-By
Powered-By-ChinaCache
X-B
X-Request-Received
TP-Cache
X-Request-Processing-Time
TP-L2-Cache
X-Page-Id
MS-CV
X-Whom
Server-Info
X-Cached-By
X-DIS-Request-ID
Cache-Status
Host-Header
X-Content-Security-Policy-Report-Only
X-Amz-Replication-Status
X-Origin-Server
X-Akamai-Edgescape
VIX-Pulpo-Node
Source
X-App-Environment
X-Varnish-Backend
X-PHP-Backend
VIX-Pulpo-Upstream-Status
X-Cache-Action
X-F-Cache
X-Cluster
X-Mobile
X-Accel-Buffering
PageSpeed
X-Tumblr-Pixel-0
X-Tumblr-User
X-Platform-Server
X-Tumblr-Pixel
X-TT
X-FW-Serve
X-FW-Server
X-FW-Static
X-Content-Powered-By
X-Framework
X-Varnish-Grace
X-FW-Hash
X-FW-Type
Access-Control-Allow-Method
X-FB-Debug
X-Request-Guid
X-Forwarded-Host
X-Instance
X-Drupal-Cache-Tags
X-Ezoic-Cdn
X-Kong-Proxy-Latency
X-UA-Device-Type
X-Kong-Upstream-Latency
X-Node-Name
X-Shard
X-Geo-Country
X-Oneagent-Js-Injection
Edge-Cache-Tag
X-TA-CDN-Provider
X-RateLimit-Limit
X-Zen-Fury
X-GUploader-UploadID
Fastly-Restarts
X-Handled-By
X-Cache-TTL
X-Varnish-Hostname
From-Origin
X-SS-Set-Cookie
X-Magnolia-Registration
Cache-Tags
X-Cache-Age
X-AOL-HN
X-BCube-Filmed-By
X-FastCGI-Cache
X-ATG-Version
X-XRDS-LOCATION
X-Cache-Control
X-Cache-Rule
Healthy
Upgrade-Insecure-Requests
X-Varnish-Server
Cleartype
Retry-After
Server-Node
DC
X-App-Server
Payment
X-Response-Served-From
X-RequestSource
X-Storage
X-B-Cache
X-WebKit-CSP-Report-Only
Country
X-Signature
X-TX-ID
X-UUID
X-Region
Filters
Ms-Operation-Id
Powered
X-GeoIP
X-Adobe-Loc
X-Adobe-Content
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-Redis-Cache
X-RTag
X-TT-TIMESTAMP
X-FW-Dynamic
X-Dns-Prefetch-Control
Actual-Object-TTL
X-Jobs
Cache-Tv-Group
X-Drupal-Cache-Contexts
X-VG-WebCache
X-Content-Age
X-Varnish-Hits
X-Generated-By
X-Cacheable-TTL
Webserver
X-Locale
Frame-Options
CACHE
NGB
X-WA-Info
GEO-INFO
ServedBy
X-Guploader-Uploadid
X-Contextid
Liferay-Portal
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Cache-NE
HitType
X-Rendered-As
X-RemovedCookies
X-ProcessESI
X-BACKEND-TTL
X-Cache-TTL-Remaining
X-Cache-Operation
Eomportal-Instance
X-Varnish-IP
X-NWS-LOG-UUID
X-Upgrade-Enabled
Nel
X-Via-JSL
X-Mode
X-Esi
X-Real-IP
S-Cnection
Viewport
X-Seen-By
Xserver
X-Varnish-Cache-Hits
NtCoent-Length
X-Zipkin-Id
X-ES-SERVER
X-Proto
X-Proxied
X-RN-RSRV
X-Path-Route
X-Is-Bot
X-Akamai-Transformed
LB
X-Hl-Ver
OT-Force-Account-Verify
Cache-Hits
X-Cache-Var-Map
X-Cache-Var
X-Cache-Enabled
Mn-Server-Ip
X-Detected-As
X-Routing-Service
Cache-Key
X-Device-Type
Load-Balancing
Meta-Geo
Machine
X-S
X-Time
X-FW-Version
L5d-Success-Class
X-From
X-FC-Vary-Parameters
X-FB-TRIP-ID
X-Hosted-By
Mail-Subject
Access-Control-Request-Headers
X-Proxy
X-R9-Blue-Green-Version
X-Origin-Hint
X-NCache
X-AWS-Id
X-LJ-Flow-ID
NGX
X-Environment-Context
Webcakes-App-Name
We-Hiring
Webcakes-App-Version
Webcakes-Region
X-Backend-Name
X-Cache-Config
Vix-Hermes-Req-Id
TWC-Privacy
TWC-Connection-Speed
Property-Id
TWC-Device-Class
TWC-GeoIP-Country
TWC-Locale-Group
TWC-GeoIP-LatLong
X-Rocket-Nginx-Bypass
X-L-Path
X-Time-Microsecs
X-Tb
X-Viewer-Country
X-VWS-Id
X-Cache-Server
X-Access
X-VG-TLSProxy
X-Section
Azure-SlotName
Azure-RegionName
Azure-SiteName
Azure-Version
DB-Nickname
Now
X-EIG-Tracking-Id
X-Debug-Cache
S-Rt
X-Web-Node
X-Cache-Remote
Origin-Edge-Control
X-Vgn-Hpd-Reason
Azure-InstanceId
Origin-Cache-Control
X-Format
X-Tumblr-Pixel-3
X-RCS-CacheZone
X-Origin-Response-Time
X-Akamai-Request-ID
X-ServerID
X-Loop
X-MP-GENERATED-AT
X-TNCMS
X-Labrador-Cache-Channel
X-Via-Fastly
X-BYPASS-REASON
X-PCL
X-Xfnlog-Site
X-Via-CDN
X-Proxy-Build
X-CCM
Selected-FE
X-IP
X-ProxyCache-Status
X-ProxyCache-Key
X-Trace-Id
X-JoinUs
X-Human
X-Timing-Wait
Cache-Tag
Datacenter
X-OCL
X-Internal-Host
X-Generated
X-Grey
X-Cache-Category-Id
Content-Script-Type
X-Www-Served-By
Uber-Trace-Id
Content-Style-Type
X-UA
X-UnsetCookies
X-Dynatrace-Js-Agent
X-Endurance-Cache-Level
X-Varnish-Cacheable
X-Site-Version
Release
Decoy-Debug-Status
X-Status
X-Rule
Decoy-Debug-TTL
Decoy-Debug-Key
X-VC-Cache
X-Birta-Served
X-Birta-Cache-Post
Served-By
X-EdgeConnect-Cache-Status
X-APP-VERSION
X-TIME
X-CDN-Cache
X-Newrelic-App-Data
X-B3-Spanid
X-GRACE
X-Request-Time
X-Cluster-Node
DSUID
X-OVcl-Cache
X-OVcl
AsisCache
X-Nginx-Cache
X-Origin
Rt-Fastcgi-Cache
X-Goog-Meta-Goog-Reserved-File-Mtime
X-NewRelic-App-Data
X-App-Name
X-Hit
X-VCT
Hostname
X-PERF
X-ApacheServer
X-Source
X-Ua
X-Sucuri-ID
X-Origin-Host
SRV
X-Agile-Id
X-Agile
X-Agile-Age
ViewerVersion
X-Wix-Request-Id
X-Pubstack
Cteonnt-Length
Cache-Name
X-SERVER
X-Wix-Server-Artifact-Id
X-Cache-Host
X-ElasticPress-Search
X-Origin-CC
X-Origin-TTL
X-A-Ccd
X-A-Dam
X-A
X-Twitter-Response-Tags
X-Webstats-RespID
X-VG-WebServer
X-A-Dcw
X-Var-Ttl
X-Accel-Expires-Debug
Xc-Version
X-Varnish-Authentication
Ec-Rule-Version
X-A-Dgt
X-A-Wwc
X-Up
Thinkindot-CacheControl-Type
Fly-Request-Id
On-Server
Origin
Rendered-Blocks
X-Trv-Group
Node
Cache-Prefix
MD5-Digest
Memcached
Meta-Geo-Continent
FNAC-ModuleRouting
Request-Country
Request-EU
Thinkindot-CacheControl
Lfy
BehaviorPad-Version
Thinkindot-Control
Server-Surrogate-Control
Fly-Cache
Cross-Origin-Window-Policy
Request-Time
Server-Cache-Control
Server-Host
UCS
X-Secret
X-External-Request-Id
X-F5-Cache
X-Cache-Info
X-Cache-Miss-From
X-DPWN-IS-SECURE
X-G
X-Gannett-Site-Version
X-IN-APIGATEWAY
X-IN-WAF
X-Hp-Webp
X-Generated-In
X-Cache-Grace
X-Developer
X-Destination
X-Debug-Cache-Expiry
Arc-Country
X-Core-Value
X-D
X-Date
X-Connection-Hash
X-CF-Lambda-Version
X-Debug-Cookies
X-Debug-Log
X-CF-Lambda-Fn
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-Instart-Isnd
X-Matched-Rule
X-S-Cookie
X-ScT
X-Rojux
X-Rewrite-Enabled
X-Request-UUID
X-Sedo-Request-Id
X-Server-Group
X-SRCache-Key
X-Thinkindot-L3
X-Aed
X-Application
X-ServiceProvider
X-ARC
X-Region-Sid
X-NX-Host
X-Cache-Expires
X-NU-AKA-ACS-Version
X-NodeID
X-Mobile-URL
X-Cache-ASPX
X-PAYTM-SRV-ID
X-Refresh
X-B-Cookie
X-Reboot
X-Processor
X-Platform
X-Transaction
Www
X-WPE-Loopback-Upstream-Addr
X-Varnish-Ttl
User-Cache-Control
X-Developers
X-Device-Os
X-Crawler
X-Dispatcher-Server
X-Cdn-Srv
X-CGP
X-Distributor
X-Gen-Mode
X-Hash
X-Hnp-Log
X-Fetched-On
X-Eu-Site
X-Cache-Id
X-Epic-Correlation-Id
X-Distil-CS
X-Cache-Debug
V-Age
Web-Mar-Node
X-Amzn-Remapped-Connection
True-Client-Country-4JS
ServerName
RNT-Time
Server-Int
X-Amzn-Remapped-Content-Length
X-Amzn-Remapped-Date
X-Cache-Backend
X-Cache-Bucket
X-Block-Status
X-Apm-Svc-Key
X-Apm-App-Name
X-Apm-Inst-Hash
X-Info
X-Key
Cache
X-Request-URI
X-Servername
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Sf
X-SIPLIST1
X-Server-Time
X-Sn-Servicetimems
X-Cdn-Origin
X-Real-Ip
X-SN
X-Swa-Ws
X-Qloud-Router
X-Policy
X-LI-Proto
X-LI-UUID
X-Li-Pop
X-Li-Fabric
RNT-Machine
X-LAGOON
X-Location
X-Logtrace-Id
X-Page-Type
X-PHP-Host
X-Origin-Expires
X-Origin-Date
X-Micro-Cache
X-Nginx-Cache-Key
X-Irp-Debug
Warning
Gh-Request-Id
Fastly-SWR
Fastly-SIE
Ha-Gx-Prefs
HA-Ipaddr
Pagetype
Kp-EeAlive
IsBot
Country-Code
CDCHOST
Apple-News-Services-Host
Apple-News-Services-Handled
Ajk
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
Backend
Pramga
Cache-Cookie-Set-Lfrom
Proxy-Connection
X-FireWall-Port
Pagespeed
X-App-Version
X-Geo
X-Core-Mission
X-Shopify-Stage
X-Via-Edge
X-Wikidot-Backend
X-Via-SSL
X-Skip-Cache
X-Wikidot-Static-Cache
AKAMAI
X-Cache-FS-Status
X-S-Maxage
X-Server-IP
X-ShopId
X-ShardId
X-Cms-Context
SD-X-WS
X-Gateway-Cache-Key
X-Gateway-Cache-Status
X-Gateway-Skip-Cache
X-Thanos
Is-Eu
X-Sorting-Hat-ShopId
X-Exp-Se
Heartbleed
X-Sorting-Hat-PodId
X-Variation
X-Fastly-Cache
X-GeoIP-City
X-Geo-Header
X-Generated-On
X-User
X-GeoIP-Country-Code
Rt-Proxy-Cache
Platform
X-No-Session
Adler-Geo
Content-Disposition
X-MSEdge-Flight
X-Auto-Login
X-ND-Cache
X-Amz-Meta-Cache-Control
X-Alternate-Cache-Key
X-Varnish-Beresp-Status
X-Planisys-CDN-Cache
X-Varnish-Beresp-Grace
X-Planisys-CDN-Rules
X-Protected-By
X-Planisys-CDN-TTL
Fastly-Soc-X-Request-Id
X-MSEdge-Features
Fastly-SSL
X-Level-Front-Cache
X-C
X-BBXSRF
X-Bip
X-Backend-State
X-Backend-Url
X-Backend-Host
X-GZip
X-RateLimit-Reset
REQUESTUUID
X-Served-From
X-BB-ID
HTTPS
X-Owner
X-Org
X-Ocache
X-Edge-Location
X-B3-Parentspanid
Server-ID
X-Proxy-Upstream
X-Proxy-Cache-Status
X-TrackingId
X-TT-LOGID
X-Sucuri-Cache
X-CDN-Forward
X-Cdn-Forward
X-Git-Hash
User-Agent
X-Varnish-Url
N-Cache
Magicmarker
X-Edge-IP
X-FPC
Fastly-Backend-Name
MIME-Version
X-Host-Name
X-NC
Viewtype
Wxu-Next-Region
X-Aicache-OS
Wxu-Next-Hostname
X-CLOUD-TRACE-CONTEXT
X-Load-Cache
VivaBuild
Wxu-Next-Commit
AR-SID
X-Gdpr
X-Dc
X-Node-Id
X-Pjax-Url
X-Varnish-Beresp-Ttl
X-Daa-Tunnel
X-Nc
X-Parent-Response-Time
Memory
X-CUA
Powered-By
X-CSRF-TOKEN
Time
X-DC
PICS-Label
X-CACHE-KEY
Pragrma
CF-IPCountry
HostName
X-WebServer
Resin-Trace
X-HS-Cache-Config
X-TH-Server
X-Release
X-Phone
X-Passed-To-PostProcessResponse
X-Passed-To-DLL
X-Passed-To-BeforeDispatch
X-Svr
X-Servedbyhost
X-Server-By
X-Wa
X-Returned-From-DLL
X-Returned-From
X-Returned-From-BeforeDispatch
X-Stale
X-Returned-From-PostProcessResponse
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-Original-Request
Host-ID
X-Passed-To
X-Oss-Request-Id
X-Oss-Server-Time
X-Actual-URL
X-Upstream-CT
X-Upstream-HT
X-Oss-Storage-Class
Mime-Version
Section-Io-Cache
X-Instart-Info
X-Croise-Owner
X-VServer
X-Newrelic-Synthetics
X-Lb-Id
X-Tb-Optimization-Total-Bytes-Saved
X-Edge-Server
X-From-Cache
Cdn-Request-Time
Cdn-Host
Backend-Name
X-Cache-HT
Cdn
CF-Cached-On
Cf-Ipcountry
X-Varnish-Beresp-TTL
X-Optimization
X-Worker
ProcessTime
X-Fastly-Backend-Reqs
286prxHost
225prxHost
219prxHost
352pxline
355prline
X-Server-W
Xxline
409pxxline
SID
189phosttRef
Version
X-Request-Handler-Origin-Region
X-APP
X-Microsite
178proxuri
188prxHost
X-Atg-Version
X-Unique-ID
X-Req
XServer
Processtime
X-Datadome
X-Microcachable
X-Zone
Proxy-Firewall
X-ID
X-Akamai-Request-ID2
X-Vcl-Version
X-Ratelimit-Remaining
Accept-Language
X-V
X-Ratelimit-Limit
Esi-Enabled
Odigeo-Trace-Id
X-LB-ID
X-B3-SpanId
X-CACHE-AGE
Fastcgi-Useragent
X-HTML-Minification-Powered-By
X-Contensis-Viewer-Groups
X-AssetVersion
X-UPSTREAM-Address
X-IPS-LoggedIn
X-VCL-Version
X-Fstrz
SN
GeoIP-Latitude
GeoIP-Country-Code
X-WA
X-Backend-TTL
X-NGINX-Cache
GeoIP-City
X-Vcache
X-Check-Cacheable
X-WR-MODIFICATION
X-ServedByHost
X-Vtex-Remote-Cache
X-Response-By
X-Vtex-Processado-Em
X-CSRF-Token
X-HS-Status
X-RequestId
X-URL
Pics-Label
X-Nananana
X-Ratelimit-Reset
X-Be
X-Urbn-Context-Path
X-Urbn-Site-Id
GMS-Ver
X-Reqid
X-Via-NSCOPI
Geoip-Latitude
GeoIp-Country-Code
Locale
X-ZONE
DataCenter
X-Flog
X-Hyper-Cache
X-NWS-UUID-VERIFY
Geoip-City
X-Hello
X-SERVER-NAME
X-ABtesting
X-Dynatrace
X-Request-Start
Public-Key-Pins-Report-Only
Fastcgi-X-Cache-Version
IBM-Web2-Location
X-Fastly-Country-Code
Dnion-Transfer-Encoding
X-Render-Time
X-Via-Ucdn
CDN
WP-Super-Cache
X-Cdn-Cache
WZWS-RAY
X-CS
X-Amz-Meta-Surrogate-Control
X-Cache-Ttl
X-GDPR
X-Generation-Time
GW-Server
X-LiteSpeed-Cache-Control
X-Unique-Id
X-NGENIX-Cache
X-UE-Client-Country
Mobile-Detection-Method
Countrycode
X-Cluster-Name
Requestid
X-Clientip
X-We-Are-Hiring
Lb
URI
X-PJAX-URL
X-Presslabs-Stats
Amp-Access-Control-Allow-Source-Origin
X-HostName
Dynatrace
FastCGI-Cache
X-FORWARDED-FOR
X-SRV
X-Fpc
X-Cache-URL
Cneonction
X-Pf-Uncompressing
Ohc-File-Size
X-BE
X-Gen-Id
Serverid
X-GEO
SS
X-HS-Combine-CSS
X-Compress-Hint
WebServer
X-Got-Non-Ke-Cookie
X-Varnish-Action
Who
Server-Id
GEO-REGION-INFO
X-Store
X-Bug-Bounty
A
X-LiteSpeed-Tag
X-Test
X-Akamai-SSL-Client-Sid
Epwk-Cache
Https
X-Dw-Trace-Id
RequestId
FSS-Cache
FSS-Proxy
X-Html-Edge-Cache
X-Request-Url
X-Fastly-Cache-Hits
X-GZIP
RequestUuid
X-Serial
Frontcache
NnCoection
X-ServerName
X-PF-Uncompressing
X-Cdn-Request-ID
X-HTML-Edge-Cache
X-EC-Lua