Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
X-Powered-By
Link
ETag
CF-RAY
X-XSS-Protection
Expect-CT
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
CF-Cache-Status
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-Xss-Protection
X-Drupal-Cache
X-Adblock-Key
Alt-Svc
X-Check
X-Cacheable
X-Cache-Status
Content-Security-Policy-Report-Only
X-Generator
X-Request-ID
CF-Ray
X-DNS-Prefetch-Control
X-Permitted-Cross-Domain-Policies
X-AspNetMvc-Version
X-Template
X-Language
Status
X-Iinfo
Content-Encoding
Timing-Allow-Origin
X-FRAME-OPTIONS
X-Content-Security-Policy
X-Buckets
Upgrade
Xkey
X-Turbo-Charged-By
X-Kinja-Server-Push
X-CDN
Keep-Alive
Access-Control-Expose-Headers
X-AH-Environment
X-Backend
Access-Control-Max-Age
X-Cache-Group
X-Pass-Why
X-Drupal-Dynamic-Cache
X-Age
X-Server
X-Ua-Compatible
X-Pingback
X-Via
X-Proxy-Cache
X-Amz-Request-Id
X-Amz-Id-2
Grace
X-Hacker
X-Varnish-Cache
X-Page-Speed
X-Robots-Tag
X-Server-Powered-By
X-Nginx-Cache-Status
WPE-Backend
X-UA-Device
EagleId
Request-Context
X-Envoy-Upstream-Service-Time
P3p
Cf-Railgun
X-Amz-Version-Id
X-LiteSpeed-Cache
X-Swift-SaveTime
X-Swift-CacheTime
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-OneAgent-JS-Injection
Ali-Swift-Global-Savetime
X-Device
X-WebKit-CSP
Server-Timing
Allow
X-Rq
X-Ac
X-Node
X-Host
X-Server-Id
Content-Location
Feature-Policy
X-Cnection
X-Response-Time
Report-To
X-CST
X-Cloud-Trace-Context
X-Backend-Server
EagleEye-TraceId
Surrogate-Control
X-Application-Context
X-ORACLE-DMS-ECID
X-Iejgwucgyu
X-Url
X-Origin-Cache
X-Readtime
Request-Id
X-Rack-Cache
X-Country
X-FTR-Request-ID
X-Cache-Lookup
X-Clacks-Overhead
X-Country-Code
Rating
X-Instart-Request-ID
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
NEL
X-Ruxit-JS-Agent
X-Vhost
X-Type
Pinterest-Generated-By
X-DynaTrace
X-Cdn
X-DataDome
X-Mod-Pagespeed
X-Origin-Upstream-Status
Edge-Control
X-Px
X-Goog-Hash
Accept-CH
X-HW
X-Server-Name
Verso
X-Dispatcher
X-ESI
MS-Author-Via
X-Upstream-Env
X-VARITI-CCR
AR-ATIME
AR-CACHE
AR-PoweredBy
PB-PID
X-Mobile-Rewrite
Arc-Version
PB-RID
X-MS-InvokeApp
X-GitHub-Request-Id
X-Exp-Variant
X-Exp-Id
X-Cdn-Fetch
X-ORACLE-DMS-RID
X-Kinja-Build
X-Kinja-Server
X-Use-Magma
X-GoogleNews-Bot
X-Kinja-Revision
X-Kinja
X-DataStream-Cache-Status
X-Cached
Public-Key-Pins
X-Powered-By-Plesk
Content-MD5
X-Version
Service-Worker-Allowed
Accept-CH-Lifetime
X-Recruiting
AR-Request-ID
Charset
X-D2id
RTSS
X-Navigation-Version
Ar-Sid
X-Amz-Server-Side-Encryption
X-Abt-Application-Version
X-TTL
X-TtlSet
X-PC
X-Vname
X-Ser
X-Vcap-Request-Id
X-Varnish-TTL
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Forwarded-Proto
X-Client-IP
X-Trace
SPRequestGuid
Nginx-Cache
X-DynaTrace-JS-Agent
X-FTR-DC
X-FTR-Cache-Status
X-FTR-Realm
X-FTR-Backend
X-FTR-Backend-Server
X-FTR-Balancer
X-Country-Code-Real
X-Server-ID
X-FTR-Expires
X-Webkit-CSP
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Goog-Stored-Content-Encoding
DynaTrace
X-Oracle-Dms-Rid
X-Amz-Rid
X-VCache
X-Amz-Meta-S3cmd-Attrs
S
X-Fastly-Request-ID
X-Debug
X-Hits
TCN
X-SharePointHealthScore
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Pinterest-Rid
X-Upstream-Proxy
X-Dw-Request-Base-Id
Pinterest-Version
Arr-Disable-Session-Affinity
X-Shield-Request-Id
X-Akam-SW-Version
X-Powered-CMS
X-XRDS-Location
SPRequestDuration
SPIisLatency
Access-Control-Request-Method
X-FTR-Cache-Host
X-T
X-Goog-Storage-Class
Realpath
X-Id
X-Ttl
X-Aspnet-Version
X-NF-Request-ID
X-Acc-Meta-Resource-Type
X-MSEdge-Ref
Tracecode
X-Amzn-Trace-Id
Front-End-Https
X-B3-TraceId
X-N
Fastcgi-Cache
X-Varnish-Age
X-Content-Type
X-Fastcgi-Cache
X-Forwarded-For
Paypal-Debug-Id
X-Upstream
X-Mrf-Section-Lastmod
X-B3-TraceId-Primal
MRF-Tech
X-Mrf-Item-Lastmod
Mrf-Cache-Status
Alternate-Protocol
X-Frontend
X-Logged-In
X-Content-Digest
X-HS-Hub-Id
X-HS-Content-Id
Response
X-Middleton-Display
Fusion-Content-Source
Fusion-Template-Id
X-Middleton-Response
Fusion-Source
X-RateLimit-Remaining
X-Sol
Display
Fusion-Content-Id
Fusion-Component-Id
X-Litespeed-Cache
X-Hostname
X-PressLabs-Stats
X-Pad
X-Srv
X-B3-Traceid
AMP-Access-Control-Allow-Source-Origin
X-Cache-Key
X-Accel-Expires
Host
MicrosoftSharePointTeamServices
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
Server-Name
X-Correlation-Id
X-Kinsta-Cache
X-Analytics
Backend-Timing
X-Activity-Id
ServerID
X-Az
X-User-Agent
X-Revision
X-B3-Sampled
X-AppVersion
X-LB-Cache
X-Debug-Info
X-Rid
X-Content-Options
X-IPLB-Instance
X-Amz-Apigw-Id
Surrogate-Key
X-Amzn-RequestId
X-Cache-Hit
FilterID
Accept-Charset
X-Grace
X-Cache-2
Refresh
X-B
Powered-By-ChinaCache
X-CF-Powered-By
X-Page-Id
TP-Cache
X-Request-Received
TP-L2-Cache
X-Request-Processing-Time
X-Whom
X-DIS-Request-ID
MS-CV
X-Accel-Buffering
Server-Info
Host-Header
X-Ruxit-Js-Agent
X-Cached-By
Cache-Status
X-PHP-Backend
VIX-Pulpo-Node
Source
X-Varnish-Backend
X-Amz-Replication-Status
X-Content-Security-Policy-Report-Only
X-Cache-Action
X-TT
X-Origin-Server
X-App-Environment
X-Akamai-Edgescape
VIX-Pulpo-Upstream-Status
X-Platform-Server
X-Tumblr-Pixel
X-Tumblr-User
X-Tumblr-Pixel-0
X-Framework
X-Mobile
X-Cluster
X-F-Cache
Access-Control-Allow-Method
X-Varnish-Grace
X-Content-Powered-By
PageSpeed
X-FW-Hash
X-Drupal-Cache-Tags
X-FW-Serve
X-FW-Server
X-FW-Type
X-FW-Static
X-UA-Device-Type
X-Instance
X-Kong-Proxy-Latency
X-Request-Guid
X-Kong-Upstream-Latency
X-FB-Debug
X-Forwarded-Host
X-Cache-TTL
X-Ezoic-Cdn
X-Geo-Country
X-Node-Name
X-Shard
X-RateLimit-Limit
Edge-Cache-Tag
X-TA-CDN-Provider
X-Zen-Fury
X-GUploader-UploadID
X-Handled-By
X-SS-Set-Cookie
From-Origin
X-Magnolia-Registration
X-Varnish-Hostname
Fastly-Restarts
X-Cache-Age
Cache-Tags
X-FastCGI-Cache
X-ATG-Version
X-BCube-Filmed-By
X-XRDS-LOCATION
X-Cache-Control
X-AOL-HN
X-Cache-Rule
X-Varnish-Server
DC
Upgrade-Insecure-Requests
Healthy
X-SERVER
X-App-Server
Cleartype
Server-Node
Payment
X-RequestSource
Retry-After
X-Response-Served-From
X-Storage
Webserver
X-WebKit-CSP-Report-Only
X-Signature
X-Region
X-B-Cache
Country
X-TX-ID
X-Tumblr-Pixel-2
X-Redis-Cache
Ms-Operation-Id
X-Adobe-Loc
Filters
X-TT-TIMESTAMP
X-Dns-Prefetch-Control
X-GeoIP
X-Adobe-Content
X-RTag
X-UUID
X-Tumblr-Pixel-1
Actual-Object-TTL
X-FW-Dynamic
X-Generated-By
Cache-Tv-Group
CACHE
X-Jobs
X-Drupal-Cache-Contexts
Powered
X-VG-WebCache
X-Content-Age
X-Varnish-Hits
X-Cacheable-TTL
X-Locale
Frame-Options
NGB
GEO-INFO
ServedBy
X-WA-Info
X-Oneagent-Js-Injection
X-Contextid
Liferay-Portal
X-Guploader-Uploadid
HitType
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Rendered-As
X-Cache-NE
X-ProcessESI
X-RemovedCookies
X-Cache-TTL-Remaining
X-Varnish-IP
Eomportal-Instance
X-Via-JSL
Nel
X-Seen-By
X-Cache-Operation
X-BACKEND-TTL
X-Esi
S-Cnection
X-Upgrade-Enabled
X-Real-IP
Viewport
X-NWS-LOG-UUID
X-Mode
Xserver
X-Cache-Server
X-Varnish-Cache-Hits
X-Zipkin-Id
X-ES-SERVER
X-Routing-Service
X-Device-Type
Mn-Server-Ip
X-Cache-Enabled
X-Cache-Var
X-Cache-Var-Map
X-Detected-As
X-RN-RSRV
X-Proxied
Cache-Hits
OT-Force-Account-Verify
X-Is-Bot
Cache-Key
Load-Balancing
X-Proto
X-Path-Route
Machine
X-Hl-Ver
Meta-Geo
X-S
X-Time
LB
Webcakes-Region
Webcakes-App-Version
Webcakes-App-Name
X-AWS-Id
X-Backend-Name
X-Akamai-Transformed
X-FB-TRIP-ID
X-Environment-Context
X-Cache-Config
We-Hiring
TWC-Privacy
NGX
Property-Id
Access-Control-Request-Headers
Mail-Subject
L5d-Success-Class
TWC-Connection-Speed
TWC-Device-Class
X-From
TWC-Locale-Group
TWC-GeoIP-LatLong
TWC-GeoIP-Country
Vix-Hermes-Req-Id
X-FC-Vary-Parameters
X-Hosted-By
X-VWS-Id
X-Origin-Hint
X-Rocket-Nginx-Bypass
X-Proxy
X-R9-Blue-Green-Version
X-LJ-Flow-ID
X-VG-TLSProxy
X-L-Path
X-Time-Microsecs
X-Tb
X-Viewer-Country
X-Vgn-Hpd-Reason
S-Rt
Origin-Cache-Control
X-NCache
DB-Nickname
X-FW-Version
X-Web-Node
X-Tumblr-Pixel-3
Now
Origin-Edge-Control
X-Section
X-Loop
X-EIG-Tracking-Id
X-Labrador-Cache-Channel
Azure-Version
X-Format
X-MP-GENERATED-AT
X-Origin-Response-Time
X-ServerID
X-RCS-CacheZone
X-Access
X-Akamai-Request-ID
X-TNCMS
X-Debug-Cache
Datacenter
Azure-RegionName
Azure-InstanceId
X-Cache-Remote
Azure-SiteName
Azure-SlotName
Content-Style-Type
Content-Script-Type
X-Via-Fastly
X-Via-CDN
X-Proxy-Build
X-ProxyCache-Key
X-Timing-Wait
Selected-FE
X-Trace-Id
X-PCL
X-OCL
X-IP
X-CCM
X-Human
NtCoent-Length
X-JoinUs
X-ProxyCache-Status
X-Xfnlog-Site
X-BYPASS-REASON
X-Generated
X-Grey
X-Internal-Host
X-Cache-Category-Id
Uber-Trace-Id
Cache-Tag
X-Site-Version
X-Www-Served-By
X-Endurance-Cache-Level
X-UA
X-Varnish-Cacheable
X-VC-Cache
X-Dynatrace-Js-Agent
X-Birta-Served
X-Birta-Cache-Post
X-UnsetCookies
Decoy-Debug-TTL
X-Status
Decoy-Debug-Key
Decoy-Debug-Status
X-GRACE
Served-By
X-Rule
Release
X-EdgeConnect-Cache-Status
X-Newrelic-App-Data
X-TIME
X-CDN-Cache
X-APP-VERSION
AsisCache
X-Cluster-Node
X-B3-Spanid
X-Request-Time
X-Wix-Server-Artifact-Id
X-Nginx-Cache
X-NewRelic-App-Data
X-App-Name
Rt-Fastcgi-Cache
X-Wix-Request-Id
X-PERF
ViewerVersion
DSUID
X-Origin-Host
X-ApacheServer
X-Sucuri-ID
X-Source
X-OVcl
X-OVcl-Cache
X-Origin
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Hit
X-VCT
X-Agile-Age
X-Ua
X-Agile
X-Agile-Id
SRV
Hostname
Cache-Name
X-App-Version
X-ElasticPress-Search
X-Origin-TTL
X-Origin-CC
X-Pubstack
X-Aed
X-Hp-Webp
Thinkindot-CacheControl
Server-Cache-Control
Request-Time
Server-Host
Server-Surrogate-Control
Thinkindot-CacheControl-Type
UCS
X-IN-APIGATEWAY
X-A
X-Generated-In
X-A-Wwc
Xc-Version
X-Webstats-RespID
X-A-Dgt
X-A-Dcw
X-Accel-Expires-Debug
Request-EU
X-A-Ccd
X-A-Dam
Www
Node
Fly-Cache
Fly-Request-Id
FNAC-ModuleRouting
Lfy
Ec-Rule-Version
Cross-Origin-Window-Policy
Ajk
Arc-Country
BehaviorPad-Version
Cache-Prefix
X-S-Cookie
X-Secret
X-IN-WAF
On-Server
Origin
Rendered-Blocks
X-Gannett-Site-Version
Meta-Geo-Continent
X-Sedo-Request-Id
X-Server-Group
MD5-Digest
Memcached
Request-Country
X-ARC
X-Destination
X-Cache-Info
X-Cache-Miss-From
X-Debug-Cache-Expiry
X-Request-UUID
X-Region-Sid
X-Refresh
X-Trv-Group
X-Cache-Grace
X-Processor
X-Reboot
X-Rewrite-Enabled
X-Transaction
X-Debug-Cookies
X-CF-Lambda-Version
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-Connection-Hash
X-Debug-Log
X-ServiceProvider
X-CF-Lambda-Fn
X-Thinkindot-L3
X-SRCache-Key
X-Rojux
X-Cache-Expires
X-Platform
X-External-Request-Id
X-ScT
X-Matched-Rule
X-VG-WebServer
X-DPWN-IS-SECURE
X-Date
X-F5-Cache
X-G
X-Instart-Isnd
X-Core-Value
X-Logtrace-Id
X-B-Cookie
X-Cache-ASPX
X-D
X-NU-AKA-ACS-Version
X-NX-Host
X-Twitter-Response-Tags
X-PAYTM-SRV-ID
X-Up
X-Var-Ttl
X-Varnish-Authentication
X-Mobile-URL
X-Developer
X-NodeID
X-Application
Thinkindot-Control
Warning
X-Cache-Host
X-Varnish-Ttl
User-Cache-Control
Cteonnt-Length
RNT-Machine
X-Gen-Mode
RNT-Time
Server-Int
X-Epic-Correlation-Id
ServerName
X-Eu-Site
X-Fetched-On
Pramga
X-Info
X-Irp-Debug
X-Key
X-LAGOON
X-Servername
X-Sf
X-SIPLIST1
X-Generated-On
Pagetype
X-Hnp-Log
Proxy-Connection
X-Dispatcher-Server
X-Amzn-Remapped-Content-Length
X-Amzn-Remapped-Connection
X-Cache-Id
X-Swa-Ws
X-Amzn-Remapped-Date
X-Cache-Debug
X-Block-Status
X-Cache-Backend
X-Cache-Bucket
X-Cdn-Srv
X-CGP
True-Client-Country-4JS
X-Device-Os
X-Level-Front-Cache
X-Distil-CS
X-Developers
X-SN
X-Real-Ip
X-Crawler
Web-Mar-Node
X-Distributor
X-Hash
Backend
X-Origin-Date
Cache-Cookie-Set-From
X-Nginx-Cache-Key
Country-Code
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
X-Rebelmouse-Cache-Control
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
X-PHP-Host
Fastly-SIE
X-Policy
X-Li-Fabric
Fastly-SWR
X-Origin-Expires
X-Page-Type
X-RateLimit-Remaining-Second
Gh-Request-Id
IsBot
X-Location
CDCHOST
X-RateLimit-Limit-Second
Kp-EeAlive
X-Li-Pop
X-LI-Proto
X-LI-UUID
X-Request-URI
X-Micro-Cache
Ha-Gx-Prefs
Apple-News-Services-Handled
HA-Ipaddr
X-Rebelmouse-Surrogate-Control
X-Protected-By
Apple-News-Services-Host
X-Qloud-Router
X-FireWall-Port
Pagespeed
X-WPE-Loopback-Upstream-Addr
X-C
X-Bip
X-TrackingId
X-Edge-Location
X-Cms-Context
X-Cache-FS-Status
X-Core-Mission
X-S-Maxage
X-MSEdge-Features
X-MSEdge-Flight
X-Gateway-Skip-Cache
X-Gateway-Cache-Status
X-Geo-Header
X-GeoIP-City
X-Server-IP
X-BBXSRF
X-GeoIP-Country-Code
X-Gateway-Cache-Key
X-ShardId
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Skip-Cache
X-Sorting-Hat-PodId
X-Planisys-CDN-Cache
X-Shopify-Stage
X-No-Session
X-Fastly-Cache
X-ShopId
X-Sorting-Hat-ShopId
X-Thanos
Is-Eu
AKAMAI
V-Age
X-Ocache
X-Varnish-Beresp-Status
Platform
X-User
Heartbleed
HTTPS
X-Variation
X-Server-Time
X-Via-SSL
Content-Disposition
X-Sn-Servicetimems
X-BB-ID
X-Wikidot-Backend
X-Via-Edge
SD-X-WS
X-Wikidot-Static-Cache
X-Apm-App-Name
X-Varnish-Beresp-Grace
X-Amz-Meta-Cache-Control
User-Agent
X-Alternate-Cache-Key
X-Backend-Host
Fastly-SSL
X-Cdn-Origin
X-Auto-Login
Fastly-Soc-X-Request-Id
X-Backend-State
X-Backend-Url
X-Apm-Svc-Key
X-Apm-Inst-Hash
Adler-Geo
X-GZip
X-Owner
X-ND-Cache
X-RateLimit-Reset
X-Exp-Se
X-TT-LOGID
X-Proxy-Upstream
REQUESTUUID
X-Geo
Rt-Proxy-Cache
X-Sucuri-Cache
X-Proxy-Cache-Status
Cache
X-Edge-IP
X-Cdn-Forward
Fastly-Backend-Name
X-Served-From
X-Org
Magicmarker
X-B3-Parentspanid
N-Cache
X-Varnish-Url
Server-ID
X-CDN-Forward
MIME-Version
X-FPC
X-NC
X-Pjax-Url
X-Node-Id
X-Aicache-OS
VivaBuild
Viewtype
X-Gdpr
X-Git-Hash
X-Dc
X-Varnish-Beresp-Ttl
Wxu-Next-Region
Wxu-Next-Commit
X-Parent-Response-Time
Wxu-Next-Hostname
X-Load-Cache
X-Host-Name
Powered-By
X-CUA
HostName
X-Nc
X-Datadome
Memory
Pragrma
Time
X-CSRF-TOKEN
X-DC
X-Daa-Tunnel
X-Returned-From-BeforeDispatch
X-Returned-From-DLL
X-Passed-To-DLL
X-Returned-From
X-Passed-To
X-Passed-To-BeforeDispatch
X-Passed-To-PostProcessResponse
X-Original-Request
X-Svr
X-Stale
PICS-Label
Section-Io-Cache
X-Server-By
X-CACHE-KEY
CF-IPCountry
X-Returned-From-PostProcessResponse
X-Actual-URL
Resin-Trace
X-HS-Cache-Config
X-WebServer
X-Oss-Storage-Class
X-Wa
Mime-Version
X-Croise-Owner
X-Release
X-TH-Server
Host-ID
X-VServer
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-Servedbyhost
X-Oss-Server-Time
X-Oss-Request-Id
X-Edge-Server
X-Phone
Cdn-Host
Cdn-Request-Time
X-Upstream-CT
X-Upstream-HT
AR-SID
X-Newrelic-Synthetics
Cdn
X-Optimization
X-Cache-HT
X-Instart-Info
X-Tb-Optimization-Total-Bytes-Saved
Cf-Ipcountry
X-Lb-Id
X-From-Cache
ProcessTime
X-Varnish-Beresp-TTL
SID
Backend-Name
X-Unique-ID
X-Microcachable
X-Worker
X-APP
X-Req
CF-Cached-On
X-Atg-Version
286prxHost
352pxline
Fastcgi-Useragent
409pxxline
225prxHost
188prxHost
189phosttRef
Xxline
178proxuri
219prxHost
Proxy-Firewall
XServer
355prline
X-Fastly-Backend-Reqs
X-Server-W
Processtime
Version
X-Zone
X-V
X-Vcl-Version
Odigeo-Trace-Id
X-B3-SpanId
X-ID
X-Ratelimit-Remaining
X-Request-Handler-Origin-Region
X-Microsite
X-Check-Cacheable
X-LB-ID
X-Backend-TTL
X-Ratelimit-Limit
X-HTML-Minification-Powered-By
X-Akamai-Request-ID2
X-CLOUD-TRACE-CONTEXT
X-CACHE-AGE
X-Nananana
Esi-Enabled
X-WR-MODIFICATION
X-Fstrz
X-IPS-LoggedIn
Accept-Language
SN
X-Contensis-Viewer-Groups
X-VCL-Version
X-AssetVersion
X-Vcache
X-NGINX-Cache
X-Response-By
X-WA
GeoIP-Latitude
X-URL
X-CSRF-Token
X-UPSTREAM-Address
X-Ratelimit-Reset
GeoIP-Country-Code
X-ServedByHost
GMS-Ver
Pics-Label
GeoIP-City
Geoip-Latitude
X-Be
GeoIp-Country-Code
X-Vtex-Processado-Em
X-RequestId
X-Vtex-Remote-Cache
Public-Key-Pins-Report-Only
DataCenter
X-Hyper-Cache
X-Via-NSCOPI
X-SERVER-NAME
Locale
X-Reqid
X-Urbn-Context-Path
X-HS-Status
Fastcgi-X-Cache-Version
Geoip-City
X-Urbn-Site-Id
X-Dynatrace
WZWS-RAY
X-ZONE
X-Request-Start
X-Hello
GW-Server
X-NWS-UUID-VERIFY
X-Amz-Meta-Surrogate-Control
X-Flog
X-ABtesting
X-Via-Ucdn
X-Fastly-Country-Code
X-Render-Time
X-Cdn-Cache
WP-Super-Cache
Mobile-Detection-Method
X-UE-Client-Country
Dnion-Transfer-Encoding
IBM-Web2-Location
Countrycode
X-We-Are-Hiring
X-CS
X-GDPR
X-Clientip
X-LiteSpeed-Cache-Control
Ohc-File-Size
X-Unique-Id
X-GEO
X-Generation-Time
X-BE
SS
URI
CDN
X-PJAX-URL
Lb
X-Presslabs-Stats
X-FORWARDED-FOR
Amp-Access-Control-Allow-Source-Origin
X-HostName
Dynatrace
FastCGI-Cache
X-SRV
Requestid
X-Gen-Id
Serverid
X-Fpc
X-Pf-Uncompressing
Cneonction
X-Cluster-Name
X-Bug-Bounty
X-Cache-Ttl
X-GZIP
RequestUuid
X-Store
FSS-Cache
X-Cache-URL
X-Test
A
FSS-Proxy
X-HS-Combine-CSS
X-LiteSpeed-Tag
X-PF-Uncompressing
Server-Id
X-NGENIX-Cache
X-Akamai-SSL-Client-Sid
X-Request-Url
NnCoection
X-Compress-Hint
GEO-REGION-INFO
RequestId
X-ServerName
X-Got-Non-Ke-Cookie
X-Html-Edge-Cache
X-Serial
Ohc-Response-Time
X-Cdn-Request-ID
Frontcache
Ohc-Cache-HIT
X-EC-Lua
X-Dw-Trace-Id
X-HTML-Edge-Cache
X-Fastly-Cache-Hits