Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
X-Powered-By
Link
ETag
CF-RAY
X-XSS-Protection
Expect-CT
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
CF-Cache-Status
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-Xss-Protection
X-Drupal-Cache
X-Adblock-Key
Alt-Svc
X-Check
X-Cacheable
X-Cache-Status
Content-Security-Policy-Report-Only
X-Generator
CF-Ray
X-DNS-Prefetch-Control
X-Permitted-Cross-Domain-Policies
X-AspNetMvc-Version
X-Request-ID
X-Template
X-Language
Status
X-Iinfo
Content-Encoding
Timing-Allow-Origin
X-FRAME-OPTIONS
X-Content-Security-Policy
X-Buckets
Upgrade
Xkey
X-Turbo-Charged-By
X-Kinja-Server-Push
X-CDN
Keep-Alive
Access-Control-Expose-Headers
P3p
X-Backend
Access-Control-Max-Age
X-Cache-Group
X-Pass-Why
X-AH-Environment
X-Drupal-Dynamic-Cache
X-Age
X-Ua-Compatible
X-Server
X-Pingback
X-Via
X-Proxy-Cache
Grace
X-Amz-Id-2
X-Amz-Request-Id
X-Hacker
X-Varnish-Cache
X-Page-Speed
X-Robots-Tag
X-Server-Powered-By
X-Nginx-Cache-Status
WPE-Backend
X-UA-Device
EagleId
Request-Context
X-Envoy-Upstream-Service-Time
Cf-Railgun
X-Amz-Version-Id
X-LiteSpeed-Cache
X-Swift-SaveTime
X-Swift-CacheTime
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-OneAgent-JS-Injection
Ali-Swift-Global-Savetime
X-Device
X-WebKit-CSP
Server-Timing
Allow
X-Ac
X-Rq
X-Node
X-Host
X-Server-Id
Content-Location
Feature-Policy
X-Cnection
X-Response-Time
X-CST
Report-To
X-Backend-Server
X-Cloud-Trace-Context
EagleEye-TraceId
X-Application-Context
Surrogate-Control
X-ORACLE-DMS-ECID
X-Iejgwucgyu
X-Url
X-Origin-Cache
X-Readtime
Request-Id
X-Rack-Cache
X-Country
X-FTR-Request-ID
X-Type
X-Cache-Lookup
X-Clacks-Overhead
X-Country-Code
Rating
NEL
X-Instart-Request-ID
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Ruxit-JS-Agent
X-Vhost
X-DynaTrace
Pinterest-Generated-By
X-DataDome
X-Mod-Pagespeed
X-Origin-Upstream-Status
Edge-Control
X-Px
X-Goog-Hash
X-HW
Verso
X-Server-Name
Accept-CH
X-Dispatcher
X-Upstream-Env
X-ORACLE-DMS-RID
X-Cdn
MS-Author-Via
X-ESI
AR-PoweredBy
AR-ATIME
AR-CACHE
X-VARITI-CCR
PB-RID
X-Mobile-Rewrite
Arc-Version
PB-PID
X-MS-InvokeApp
X-GitHub-Request-Id
X-Kinja-Build
X-Kinja-Revision
X-Kinja-Server
X-Use-Magma
X-Kinja
X-GoogleNews-Bot
X-Cdn-Fetch
X-Exp-Id
X-Exp-Variant
X-DataStream-Cache-Status
X-Cached
X-Powered-By-Plesk
X-Version
Public-Key-Pins
Content-MD5
X-TTL
Service-Worker-Allowed
Charset
X-Recruiting
AR-Request-ID
RTSS
Accept-CH-Lifetime
X-Abt-Application-Version
X-D2id
X-Navigation-Version
X-Amz-Server-Side-Encryption
X-PC
X-TtlSet
X-Vname
Ar-Sid
X-Ser
X-Varnish-TTL
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Vcap-Request-Id
X-Forwarded-Proto
X-Trace
X-Client-IP
SPRequestGuid
Nginx-Cache
X-DynaTrace-JS-Agent
X-Server-ID
X-FTR-Cache-Status
X-FTR-Backend-Server
X-FTR-Realm
X-FTR-Backend
X-FTR-DC
X-FTR-Balancer
X-Country-Code-Real
X-FTR-Expires
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Amz-Meta-S3cmd-Attrs
DynaTrace
S
X-Amz-Rid
X-VCache
X-Fastly-Request-ID
X-SharePointHealthScore
X-Debug
X-XRDS-Location
TCN
X-Hits
X-TEC-API-ORIGIN
X-Dw-Request-Base-Id
X-TEC-API-VERSION
X-TEC-API-ROOT
Arr-Disable-Session-Affinity
Pinterest-Version
X-Upstream-Proxy
X-Pinterest-Rid
X-Shield-Request-Id
X-Akam-SW-Version
SPIisLatency
SPRequestDuration
X-Oracle-Dms-Rid
X-Powered-CMS
Access-Control-Request-Method
X-T
X-FTR-Cache-Host
X-B3-TraceId
X-Goog-Storage-Class
X-Id
Realpath
X-Aspnet-Version
X-NF-Request-ID
X-Acc-Meta-Resource-Type
X-MSEdge-Ref
Tracecode
Front-End-Https
X-Amzn-Trace-Id
X-Webkit-CSP
X-N
Fastcgi-Cache
X-Dns-Prefetch-Control
X-Varnish-Age
X-Content-Type
X-Ttl
Paypal-Debug-Id
X-Upstream
X-Forwarded-For
X-B3-TraceId-Primal
Mrf-Cache-Status
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
MRF-Tech
Alternate-Protocol
X-RateLimit-Remaining
X-Frontend
X-Content-Digest
X-HS-Content-Id
X-PressLabs-Stats
X-HS-Hub-Id
X-Logged-In
Fusion-Content-Source
Fusion-Component-Id
Fusion-Content-Id
Fusion-Source
Fusion-Template-Id
X-Litespeed-Cache
Response
X-Sol
Display
X-Middleton-Response
X-Middleton-Display
X-Cache-Key
X-Hostname
X-Fastcgi-Cache
AMP-Access-Control-Allow-Source-Origin
X-Pad
X-Srv
X-Accel-Expires
Host
X-SERVER
MicrosoftSharePointTeamServices
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
X-B3-Traceid
Server-Name
X-Kinsta-Cache
Backend-Timing
X-Analytics
X-Correlation-Id
X-Activity-Id
X-Debug-Info
X-AppVersion
X-Az
X-Revision
X-Content-Options
X-User-Agent
X-LB-Cache
X-IPLB-Instance
X-Rid
X-B3-Sampled
X-Amz-Apigw-Id
X-Amzn-RequestId
Surrogate-Key
X-Cache-Hit
X-Cache-2
FilterID
Accept-Charset
X-Grace
ServerID
Refresh
X-B
X-CF-Powered-By
Powered-By-ChinaCache
X-Accel-Buffering
X-DIS-Request-ID
X-Page-Id
X-Whom
X-Request-Processing-Time
X-Request-Received
TP-Cache
TP-L2-Cache
Server-Info
X-FastCGI-Cache
MS-CV
Host-Header
X-PHP-Backend
Cache-Status
X-Cached-By
X-Ruxit-Js-Agent
X-Varnish-Backend
X-Content-Security-Policy-Report-Only
X-Cache-Action
X-Origin-Server
VIX-Pulpo-Upstream-Status
X-Amz-Replication-Status
X-Akamai-Edgescape
X-TT
VIX-Pulpo-Node
Source
X-App-Environment
X-Framework
X-F-Cache
X-Tumblr-User
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Cluster
X-Platform-Server
X-Mobile
X-Kong-Upstream-Latency
Access-Control-Allow-Method
X-Varnish-Grace
X-GUploader-UploadID
X-Content-Powered-By
X-UA-Device-Type
X-Kong-Proxy-Latency
X-Drupal-Cache-Tags
X-FW-Static
X-FW-Type
X-Instance
X-FW-Server
X-Request-Guid
X-FW-Hash
X-FW-Serve
X-FB-Debug
X-Forwarded-Host
PageSpeed
X-Geo-Country
X-RateLimit-Limit
Edge-Cache-Tag
X-Zen-Fury
X-Ezoic-Cdn
X-SS-Set-Cookie
X-Node-Name
X-Shard
X-TA-CDN-Provider
X-Magnolia-Registration
X-Handled-By
From-Origin
X-Cache-TTL
X-Varnish-Hostname
X-Cache-Age
X-ATG-Version
Cache-Tags
Fastly-Restarts
X-BCube-Filmed-By
X-AOL-HN
X-Cache-Control
X-App-Server
DC
X-Varnish-Server
Cleartype
Healthy
Upgrade-Insecure-Requests
X-Cache-Rule
Payment
Server-Node
X-RequestSource
X-Response-Served-From
X-Region
Filters
X-Adobe-Content
X-Adobe-Loc
Country
X-TX-ID
X-Signature
X-WebKit-CSP-Report-Only
X-B-Cache
Webserver
X-RTag
X-Redis-Cache
X-Tumblr-Pixel-2
Retry-After
X-UUID
X-VG-WebCache
X-GeoIP
X-Storage
Ms-Operation-Id
Actual-Object-TTL
X-Generated-By
X-TT-TIMESTAMP
X-Tumblr-Pixel-1
Cache-Tv-Group
X-Drupal-Cache-Contexts
X-FW-Dynamic
X-Jobs
X-Locale
Powered
X-Content-Age
X-Varnish-Hits
X-XRDS-LOCATION
X-Cacheable-TTL
NGB
CACHE
GEO-INFO
X-Esi
Frame-Options
ServedBy
Liferay-Portal
X-Contextid
X-Oneagent-Js-Injection
X-WA-Info
HitType
X-Rendered-As
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Varnish-IP
X-Cache-NE
X-Cache-TTL-Remaining
X-Seen-By
X-RemovedCookies
Eomportal-Instance
X-ProcessESI
X-Via-JSL
X-Guploader-Uploadid
S-Cnection
X-BACKEND-TTL
X-Upgrade-Enabled
X-Real-IP
Viewport
X-Cache-Operation
X-Mode
X-Cache-Server
X-Varnish-Cache-Hits
Xserver
X-Cache-Var
Cache-Hits
X-Cache-Var-Map
Cache-Key
OT-Force-Account-Verify
X-From
X-Detected-As
X-Device-Type
X-ES-SERVER
X-Hl-Ver
X-Is-Bot
X-Zipkin-Id
Mn-Server-Ip
Meta-Geo
X-Routing-Service
X-RN-RSRV
X-Path-Route
X-Proto
X-Proxied
Machine
Load-Balancing
X-S
X-Time
Content-Script-Type
Content-Style-Type
X-Akamai-Transformed
TWC-Privacy
X-AWS-Id
Vix-Hermes-Req-Id
We-Hiring
TWC-Locale-Group
Webcakes-App-Version
Webcakes-App-Name
TWC-GeoIP-Country
NGX
Mail-Subject
Property-Id
TWC-Connection-Speed
X-Backend-Name
TWC-Device-Class
TWC-GeoIP-LatLong
X-Environment-Context
X-Rocket-Nginx-Bypass
X-Proxy
X-Tb
X-VG-TLSProxy
X-VWS-Id
X-Viewer-Country
X-Origin-Hint
X-LJ-Flow-ID
L5d-Success-Class
X-Cache-Enabled
X-FB-TRIP-ID
X-FC-Vary-Parameters
X-L-Path
X-Hosted-By
X-Cache-Config
Webcakes-Region
NtCoent-Length
Datacenter
X-NWS-LOG-UUID
Azure-Version
X-TNCMS
X-Origin-Response-Time
X-Labrador-Cache-Channel
X-Debug-Cache
Azure-InstanceId
Azure-RegionName
DB-Nickname
Azure-SlotName
X-Access
X-Section
X-RCS-CacheZone
S-Rt
Origin-Edge-Control
Origin-Cache-Control
X-Tumblr-Pixel-3
X-ServerID
Now
X-Akamai-Request-ID
Azure-SiteName
X-FW-Version
X-Web-Node
X-Time-Microsecs
X-NCache
X-R9-Blue-Green-Version
X-MP-GENERATED-AT
X-Loop
X-Format
X-Vgn-Hpd-Reason
X-PCL
X-Human
X-IP
X-JoinUs
X-ProxyCache-Status
X-ProxyCache-Key
X-Xfnlog-Site
X-Birta-Cache-Post
X-BYPASS-REASON
X-Trace-Id
X-CCM
X-Via-Fastly
X-Via-CDN
X-EIG-Tracking-Id
X-Birta-Served
X-OCL
X-Internal-Host
X-Cache-Category-Id
X-Newrelic-App-Data
Uber-Trace-Id
X-Proxy-Build
X-Grey
X-Generated
Selected-FE
X-Site-Version
X-Endurance-Cache-Level
Cache-Tag
X-Timing-Wait
Access-Control-Request-Headers
LB
X-Www-Served-By
X-Varnish-Cacheable
X-Cache-Remote
X-Status
X-Dynatrace-Js-Agent
Decoy-Debug-TTL
Decoy-Debug-Status
Decoy-Debug-Key
X-VC-Cache
X-GRACE
Served-By
X-UnsetCookies
X-Rule
X-Wix-Server-Artifact-Id
X-EdgeConnect-Cache-Status
Release
X-UA
X-TIME
X-CDN-Cache
Nel
AsisCache
X-Cluster-Node
ViewerVersion
X-Wix-Request-Id
X-APP-VERSION
Rt-Fastcgi-Cache
X-Origin-Host
X-B3-Spanid
X-Sucuri-ID
X-Request-Time
X-Ua
X-App-Name
X-Nginx-Cache
X-PERF
X-ApacheServer
X-Source
X-Agile
X-Origin
X-OVcl-Cache
X-Agile-Id
X-OVcl
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Hit
X-Agile-Age
X-NewRelic-App-Data
DSUID
X-VCT
Cache-Name
SRV
X-App-Version
Warning
X-ElasticPress-Search
X-Origin-TTL
User-Agent
X-Origin-CC
X-Pubstack
Cache-Prefix
Thinkindot-Control
On-Server
X-S-Cookie
Node
UCS
Arc-Country
X-A
Www
X-Application
BehaviorPad-Version
X-ARC
Thinkindot-CacheControl-Type
X-B-Cookie
X-SRCache-Key
Server-Surrogate-Control
X-Cache-Info
Fly-Cache
X-Cache-Miss-From
Fly-Request-Id
X-Rewrite-Enabled
Ec-Rule-Version
X-Cache-ASPX
X-A-Ccd
X-Cache-Grace
X-Rojux
Cross-Origin-Window-Policy
Thinkindot-CacheControl
Server-Cache-Control
X-Sedo-Request-Id
FNAC-ModuleRouting
X-CF-Lambda-Fn
Lfy
X-Region-Sid
X-ServiceProvider
Meta-Geo-Continent
X-Accel-Expires-Debug
MD5-Digest
Memcached
X-Aed
X-Server-Group
Origin
Rendered-Blocks
Request-Country
Ajk
X-A-Wwc
X-A-Dgt
X-A-Dcw
X-Refresh
X-ScT
X-Request-UUID
Request-Time
Request-EU
X-Secret
X-Reboot
X-Processor
X-A-Dam
X-Var-Ttl
Xc-Version
X-DPWN-IS-SECURE
X-F5-Cache
X-G
X-Gannett-Site-Version
X-Webstats-RespID
X-VG-WebServer
X-Varnish-Authentication
X-Debug-Log
X-Destination
X-Developer
X-Generated-In
X-Hp-Webp
X-Mobile-URL
X-Matched-Rule
X-NodeID
X-NU-AKA-ACS-Version
X-NX-Host
X-Logtrace-Id
X-Instart-Isnd
X-PAYTM-SRV-ID
X-IN-APIGATEWAY
Hostname
X-IN-WAF
X-Debug-Cookies
X-External-Request-Id
X-Twitter-Response-Tags
X-Transaction
X-Thinkindot-L3
X-Trv-Group
X-Platform
X-Debug-Cache-Expiry
X-Up
X-Date
X-Connection-Hash
X-Debug-Cache-Store
X-Core-Value
X-Debug-Cache-Fetch
X-D
X-CF-Lambda-Version
X-Cache-Host
User-Cache-Control
X-Varnish-Ttl
X-Cache-Backend
Server-Int
X-RateLimit-Remaining-Second
X-Li-Fabric
X-Li-Pop
RNT-Time
X-Irp-Debug
X-Key
RNT-Machine
X-LI-Proto
X-LAGOON
Pagetype
X-Cache-Id
X-Nginx-Cache-Key
X-CGP
X-Origin-Date
X-Origin-Expires
X-Micro-Cache
X-Info
X-Location
Proxy-Connection
Pramga
X-Rebelmouse-Cache-Control
X-LI-UUID
X-Cache-Bucket
X-Epic-Correlation-Id
X-Distributor
X-Eu-Site
X-Cdn-Srv
X-BB-ID
X-PHP-Host
X-Distil-CS
X-Dispatcher-Server
X-Protected-By
X-Amzn-Remapped-Connection
X-Amzn-Remapped-Content-Length
X-Amzn-Remapped-Date
X-Developers
Web-Mar-Node
X-Policy
X-Cache-Expires
X-Cache-Debug
X-Crawler
X-Qloud-Router
X-RateLimit-Limit-Second
X-Page-Type
X-Rebelmouse-Surrogate-Control
X-Gen-Mode
True-Client-Country-4JS
X-Block-Status
X-Hash
X-Hnp-Log
ServerName
X-Sf
Apple-News-Services-Request-Url
Fastly-SIE
Apple-News-Services-Parsed-Url
Fastly-SWR
Apple-News-Services-Handled
Apple-News-Services-Host
Server-Host
Country-Code
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
CDCHOST
Cache-Cookie-Set-From
Backend
X-Ah-Environment
X-Servername
X-Swa-Ws
Cteonnt-Length
X-SIPLIST1
IsBot
X-Real-Ip
Kp-EeAlive
X-SN
Cache
Ha-Gx-Prefs
X-Ocache
X-Request-URI
HA-Ipaddr
X-Edge-Location
X-Datadome
X-FireWall-Port
Pagespeed
X-WPE-Loopback-Upstream-Addr
X-Core-Mission
X-TrackingId
X-GeoIP-Country-Code
X-Planisys-CDN-TTL
X-Geo-Header
X-GeoIP-City
X-Cms-Context
X-MSEdge-Features
X-Sorting-Hat-ShopId
X-No-Session
X-Sorting-Hat-PodId
X-Cache-FS-Status
X-Varnish-Beresp-Status
X-MSEdge-Flight
X-Varnish-Beresp-Grace
X-Level-Front-Cache
X-TT-LOGID
X-Generated-On
X-Gateway-Cache-Key
X-Gateway-Cache-Status
X-Fetched-On
X-Planisys-CDN-Cache
Gh-Request-Id
X-Fastly-Cache
X-Planisys-CDN-Rules
X-Wikidot-Backend
X-User
X-Gateway-Skip-Cache
X-Variation
X-Device-Os
X-Via-SSL
X-Via-Edge
X-Wikidot-Static-Cache
X-Thanos
Adler-Geo
AKAMAI
X-Proxy-Upstream
X-Proxy-Cache-Status
X-Server-IP
X-Amz-Meta-Cache-Control
X-Alternate-Cache-Key
X-S-Maxage
Content-Disposition
HTTPS
Is-Eu
Platform
Heartbleed
SD-X-WS
X-Skip-Cache
Fastly-SSL
X-Sucuri-Cache
Fastly-Soc-X-Request-Id
X-Bip
X-C
X-Backend-Host
X-Shopify-Stage
X-Backend-Url
X-BBXSRF
X-ShopId
X-Auto-Login
X-Backend-State
X-ShardId
X-Edge-IP
X-GZip
Fastly-Backend-Name
X-Apm-Inst-Hash
X-Apm-Svc-Key
X-Sn-Servicetimems
V-Age
Magicmarker
X-NC
X-Apm-App-Name
X-RateLimit-Reset
X-Owner
N-Cache
X-Server-Time
X-Cdn-Origin
X-Varnish-Url
X-Cdn-Forward
MIME-Version
REQUESTUUID
X-Geo
X-ND-Cache
Rt-Proxy-Cache
Server-ID
X-Exp-Se
X-CDN-Forward
X-FPC
X-Node-Id
X-Served-From
X-Org
X-B3-Parentspanid
VivaBuild
X-Aicache-OS
AR-SID
Viewtype
X-Varnish-Beresp-Ttl
HostName
X-Gdpr
X-CUA
X-Load-Cache
Powered-By
X-Pjax-Url
X-CSRF-TOKEN
Wxu-Next-Region
X-DC
X-Git-Hash
Wxu-Next-Commit
X-Parent-Response-Time
X-Dc
Pragrma
Wxu-Next-Hostname
Section-Io-Cache
CF-IPCountry
X-Returned-From
X-Stale
X-Returned-From-PostProcessResponse
X-Svr
X-Server-By
X-Returned-From-DLL
X-Returned-From-BeforeDispatch
X-Passed-To-BeforeDispatch
X-Passed-To-DLL
X-Passed-To-PostProcessResponse
X-Original-Request
X-Passed-To
Time
Memory
X-Actual-URL
PICS-Label
X-Host-Name
X-Nc
Host-ID
X-CACHE-KEY
X-HS-Cache-Config
X-Croise-Owner
X-VServer
X-Servedbyhost
X-Wa
X-Oss-Storage-Class
X-Release
X-Oss-Request-Id
X-Oss-Hash-Crc64ecma
X-Edge-Server
X-Oss-Object-Type
Resin-Trace
Cdn-Request-Time
X-Oss-Server-Time
Cdn-Host
X-Daa-Tunnel
X-Tb-Optimization-Total-Bytes-Saved
ProcessTime
X-WebServer
X-TH-Server
X-Unique-ID
Mime-Version
X-Optimization
X-Cache-HT
X-Phone
SID
X-From-Cache
X-Microcachable
X-Varnish-Beresp-TTL
X-Upstream-CT
X-Upstream-HT
Fastcgi-Useragent
X-Newrelic-Synthetics
X-Instart-Info
X-Lb-Id
Cf-Ipcountry
Backend-Name
X-APP
Cdn
X-Req
X-Atg-Version
CF-Cached-On
X-V
Odigeo-Trace-Id
XServer
X-Worker
X-Fastly-Backend-Reqs
Proxy-Firewall
178proxuri
X-ID
286prxHost
409pxxline
Processtime
Xxline
X-Server-W
X-HTML-Minification-Powered-By
352pxline
355prline
188prxHost
X-LB-ID
225prxHost
189phosttRef
219prxHost
X-Ratelimit-Remaining
X-B3-SpanId
X-Ratelimit-Limit
X-Vcl-Version
X-WR-MODIFICATION
X-Check-Cacheable
Version
X-Zone
X-Backend-TTL
X-Fstrz
X-CACHE-AGE
X-CLOUD-TRACE-CONTEXT
X-Nananana
X-Response-By
X-IPS-LoggedIn
X-Akamai-Request-ID2
GMS-Ver
X-VCL-Version
X-NGINX-Cache
Esi-Enabled
X-UPSTREAM-Address
X-Vcache
Accept-Language
GeoIP-Country-Code
GeoIP-City
X-AssetVersion
X-Ratelimit-Reset
X-Contensis-Viewer-Groups
X-Request-Handler-Origin-Region
SN
GeoIP-Latitude
X-Microsite
Public-Key-Pins-Report-Only
X-URL
X-WA
X-Hyper-Cache
X-HS-Status
X-CSRF-Token
X-ServedByHost
Pics-Label
Fastcgi-X-Cache-Version
WZWS-RAY
DataCenter
Geoip-Latitude
X-Vtex-Remote-Cache
GeoIp-Country-Code
X-RequestId
X-Vtex-Processado-Em
X-Be
X-FORWARDED-FOR
X-Amz-Meta-Surrogate-Control
GW-Server
X-SERVER-NAME
X-Fastly-Country-Code
X-SRV
X-Dynatrace
X-ZONE
Geoip-City
X-UE-Client-Country
X-Urbn-Context-Path
X-GEO
X-Urbn-Site-Id
X-Request-Start
Countrycode
Locale
X-Clientip
X-Via-Ucdn
X-Render-Time
Mobile-Detection-Method
X-Reqid
X-We-Are-Hiring
X-Via-NSCOPI
X-Cdn-Cache
WP-Super-Cache
Lb
X-BE
CDN
X-Cache-Ttl
URI
X-NWS-UUID-VERIFY
X-LiteSpeed-Cache-Control
SS
X-GDPR
X-ABtesting
X-PJAX-URL
X-Flog
X-Hello
X-CS
X-Unique-Id
Ohc-File-Size
Dnion-Transfer-Encoding
IBM-Web2-Location
X-HostName
Dynatrace
Amp-Access-Control-Allow-Source-Origin
X-GZIP
FastCGI-Cache
X-Gen-Id
RequestUuid
Serverid
X-HS-Combine-CSS
Cneonction
X-Pf-Uncompressing
X-Generation-Time
FSS-Cache
Requestid
FSS-Proxy
X-Fpc
X-PF-Uncompressing
X-Html-Edge-Cache
X-LiteSpeed-Tag
X-Store
Accept-Ch
Server-Id
A
X-Cluster-Name
X-Test
X-Bug-Bounty
X-Request-Url
X-Fastly-Cache-Hits
X-Akamai-SSL-Client-Sid
X-NGENIX-Cache
X-Dw-Trace-Id
X-Compress-Hint
X-Cache-URL
Get-Access-Time
Frontcache
Ohc-Cache-HIT
Ohc-Response-Time
X-Serial
X-HTML-Edge-Cache
X-Cdn-Request-ID
X-ServerName
NnCoection
Is-Session-Tracking
X-EC-Lua