Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
X-Powered-By
Link
ETag
CF-RAY
X-XSS-Protection
Expect-CT
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
CF-Cache-Status
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-AspNet-Version
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-Xss-Protection
X-Drupal-Cache
X-Adblock-Key
Alt-Svc
X-Check
X-Cacheable
X-Request-ID
X-Cache-Status
Content-Security-Policy-Report-Only
X-Generator
CF-Ray
X-DNS-Prefetch-Control
X-Permitted-Cross-Domain-Policies
X-AspNetMvc-Version
X-Template
X-Language
Status
X-Iinfo
Content-Encoding
Timing-Allow-Origin
X-FRAME-OPTIONS
X-Content-Security-Policy
X-Buckets
Upgrade
Xkey
X-Turbo-Charged-By
X-Kinja-Server-Push
X-CDN
Keep-Alive
Access-Control-Expose-Headers
X-AH-Environment
X-Backend
Access-Control-Max-Age
X-Cache-Group
X-Pass-Why
X-Drupal-Dynamic-Cache
X-Age
X-Server
X-Ua-Compatible
X-Pingback
X-Via
X-Proxy-Cache
X-Amz-Request-Id
X-Amz-Id-2
Grace
X-Hacker
X-Varnish-Cache
X-Page-Speed
X-Robots-Tag
WPE-Backend
X-Server-Powered-By
X-Nginx-Cache-Status
X-UA-Device
EagleId
Request-Context
X-Envoy-Upstream-Service-Time
P3p
Cf-Railgun
X-Amz-Version-Id
X-LiteSpeed-Cache
X-Swift-SaveTime
X-Swift-CacheTime
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-OneAgent-JS-Injection
Ali-Swift-Global-Savetime
X-Device
X-WebKit-CSP
Server-Timing
Allow
X-Rq
X-Ac
X-Node
X-Host
X-Server-Id
Content-Location
Feature-Policy
X-Cnection
X-Response-Time
Report-To
X-CST
X-Cloud-Trace-Context
X-Backend-Server
EagleEye-TraceId
X-Application-Context
Surrogate-Control
X-ORACLE-DMS-ECID
X-Iejgwucgyu
X-Url
Request-Id
X-Origin-Cache
X-Readtime
X-Rack-Cache
X-Country
X-FTR-Request-ID
X-Cache-Lookup
X-Clacks-Overhead
X-Country-Code
Rating
X-Instart-Request-ID
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
NEL
X-Ruxit-JS-Agent
X-Vhost
X-Type
Pinterest-Generated-By
X-DynaTrace
X-Cdn
X-DataDome
X-Mod-Pagespeed
X-Origin-Upstream-Status
Edge-Control
X-Px
X-Goog-Hash
Accept-CH
X-HW
X-Server-Name
Verso
X-Dispatcher
X-ESI
MS-Author-Via
X-Upstream-Env
X-VARITI-CCR
AR-CACHE
AR-PoweredBy
AR-ATIME
Arc-Version
PB-PID
X-Mobile-Rewrite
PB-RID
X-MS-InvokeApp
X-GitHub-Request-Id
X-Kinja-Revision
X-Exp-Id
X-Cdn-Fetch
X-Kinja-Build
X-Kinja-Server
X-Exp-Variant
X-ORACLE-DMS-RID
X-Kinja
X-Use-Magma
X-GoogleNews-Bot
X-DataStream-Cache-Status
X-Cached
Public-Key-Pins
X-Powered-By-Plesk
Content-MD5
X-Version
Service-Worker-Allowed
Accept-CH-Lifetime
X-Recruiting
AR-Request-ID
Charset
X-D2id
RTSS
X-Navigation-Version
Ar-Sid
X-Amz-Server-Side-Encryption
X-Abt-Application-Version
X-TTL
X-TtlSet
X-PC
X-Vname
X-Ser
X-Vcap-Request-Id
X-Varnish-TTL
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Forwarded-Proto
X-Client-IP
X-Trace
SPRequestGuid
Nginx-Cache
X-DynaTrace-JS-Agent
X-FTR-DC
X-FTR-Cache-Status
X-FTR-Balancer
X-Country-Code-Real
X-FTR-Backend-Server
X-FTR-Realm
X-FTR-Backend
X-Server-ID
X-FTR-Expires
X-Webkit-CSP
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
DynaTrace
X-Oracle-Dms-Rid
X-Amz-Rid
X-VCache
X-Amz-Meta-S3cmd-Attrs
S
X-Fastly-Request-ID
X-Debug
X-SharePointHealthScore
TCN
X-Hits
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
Pinterest-Version
X-Upstream-Proxy
X-Pinterest-Rid
X-Dw-Request-Base-Id
X-Shield-Request-Id
Arr-Disable-Session-Affinity
X-Akam-SW-Version
SPRequestDuration
SPIisLatency
X-Powered-CMS
X-XRDS-Location
X-FTR-Cache-Host
Access-Control-Request-Method
X-T
X-Goog-Storage-Class
Realpath
X-Ttl
X-Id
X-Aspnet-Version
X-NF-Request-ID
X-Acc-Meta-Resource-Type
X-MSEdge-Ref
Tracecode
X-Amzn-Trace-Id
Front-End-Https
X-B3-TraceId
X-N
Fastcgi-Cache
X-Varnish-Age
X-Content-Type
X-Fastcgi-Cache
X-Forwarded-For
Paypal-Debug-Id
X-Upstream
X-Mrf-Item-Lastmod
Mrf-Cache-Status
X-B3-TraceId-Primal
MRF-Tech
X-Mrf-Section-Lastmod
Alternate-Protocol
X-Frontend
X-Content-Digest
X-Logged-In
X-HS-Content-Id
X-HS-Hub-Id
X-Sol
X-Middleton-Display
Response
Fusion-Template-Id
Fusion-Source
Fusion-Component-Id
Fusion-Content-Id
Fusion-Content-Source
Display
X-Middleton-Response
X-RateLimit-Remaining
X-Litespeed-Cache
X-PressLabs-Stats
X-Pad
X-Srv
X-Hostname
X-B3-Traceid
AMP-Access-Control-Allow-Source-Origin
X-Cache-Key
X-Accel-Expires
Host
MicrosoftSharePointTeamServices
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
Server-Name
X-Analytics
Backend-Timing
X-Correlation-Id
X-Kinsta-Cache
X-User-Agent
X-LB-Cache
X-AppVersion
X-Revision
X-Debug-Info
X-Az
X-Activity-Id
ServerID
X-B3-Sampled
X-Content-Options
X-Rid
Surrogate-Key
X-Amz-Apigw-Id
X-IPLB-Instance
X-Amzn-RequestId
X-Cache-Hit
Accept-Charset
FilterID
X-Grace
X-Cache-2
Refresh
Powered-By-ChinaCache
X-B
X-CF-Powered-By
X-Request-Processing-Time
X-Request-Received
X-Page-Id
TP-L2-Cache
TP-Cache
X-Whom
X-Accel-Buffering
MS-CV
X-DIS-Request-ID
Server-Info
Host-Header
X-Cached-By
X-Ruxit-Js-Agent
Cache-Status
X-PHP-Backend
X-Origin-Server
X-TT
X-Amz-Replication-Status
VIX-Pulpo-Node
X-Content-Security-Policy-Report-Only
X-App-Environment
X-Cache-Action
X-Akamai-Edgescape
VIX-Pulpo-Upstream-Status
X-Varnish-Backend
Source
X-Mobile
X-Cluster
X-Platform-Server
X-Tumblr-Pixel
X-Tumblr-User
X-Tumblr-Pixel-0
X-F-Cache
X-Framework
X-Varnish-Grace
Access-Control-Allow-Method
X-Content-Powered-By
PageSpeed
X-Instance
X-Drupal-Cache-Tags
X-Kong-Upstream-Latency
X-FB-Debug
X-UA-Device-Type
X-FW-Static
X-FW-Type
X-FW-Server
X-FW-Serve
X-FW-Hash
X-Request-Guid
X-Kong-Proxy-Latency
X-Forwarded-Host
X-Ezoic-Cdn
X-Cache-TTL
X-Node-Name
X-Geo-Country
X-Shard
X-RateLimit-Limit
Edge-Cache-Tag
X-TA-CDN-Provider
X-Zen-Fury
X-Handled-By
X-GUploader-UploadID
From-Origin
X-SS-Set-Cookie
X-Magnolia-Registration
X-Varnish-Hostname
Fastly-Restarts
X-Cache-Age
Cache-Tags
X-FastCGI-Cache
X-BCube-Filmed-By
X-ATG-Version
X-XRDS-LOCATION
X-Cache-Control
X-AOL-HN
X-Varnish-Server
X-Cache-Rule
Healthy
Upgrade-Insecure-Requests
DC
X-SERVER
X-App-Server
Cleartype
Server-Node
Payment
Retry-After
X-RequestSource
X-Response-Served-From
X-WebKit-CSP-Report-Only
Webserver
X-Adobe-Content
X-Region
X-Adobe-Loc
X-Storage
X-Signature
Country
X-TX-ID
X-B-Cache
X-RTag
X-Redis-Cache
X-VG-WebCache
X-TT-TIMESTAMP
Ms-Operation-Id
Actual-Object-TTL
CACHE
X-Dns-Prefetch-Control
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-GeoIP
X-UUID
Filters
X-Drupal-Cache-Contexts
X-Generated-By
X-FW-Dynamic
Powered
Cache-Tv-Group
X-Jobs
X-Locale
X-Cacheable-TTL
X-Varnish-Hits
X-Content-Age
Frame-Options
NGB
GEO-INFO
ServedBy
X-WA-Info
X-Oneagent-Js-Injection
X-Contextid
Liferay-Portal
X-Guploader-Uploadid
HitType
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Rendered-As
X-Cache-NE
X-Varnish-IP
X-Cache-TTL-Remaining
X-ProcessESI
X-RemovedCookies
Eomportal-Instance
X-Via-JSL
X-Seen-By
Nel
X-Cache-Operation
S-Cnection
X-Esi
X-BACKEND-TTL
Viewport
X-Upgrade-Enabled
X-Real-IP
X-NWS-LOG-UUID
X-Mode
Xserver
X-Varnish-Cache-Hits
X-Cache-Server
X-RN-RSRV
Cache-Key
Cache-Hits
X-Zipkin-Id
X-Proxied
Mn-Server-Ip
OT-Force-Account-Verify
X-ES-SERVER
X-Cache-Enabled
X-Path-Route
X-Routing-Service
X-Detected-As
X-Cache-Var
X-Cache-Var-Map
Machine
X-From
X-Hl-Ver
X-Proto
X-Is-Bot
X-Device-Type
Load-Balancing
Meta-Geo
X-Time
X-S
NGX
X-FB-TRIP-ID
X-FC-Vary-Parameters
X-Akamai-Transformed
X-LJ-Flow-ID
X-AWS-Id
X-Tb
X-Environment-Context
X-Rocket-Nginx-Bypass
X-R9-Blue-Green-Version
X-Proxy
X-Origin-Hint
Access-Control-Request-Headers
X-Hosted-By
LB
Property-Id
Mail-Subject
L5d-Success-Class
X-L-Path
X-Time-Microsecs
Vix-Hermes-Req-Id
TWC-Privacy
TWC-GeoIP-LatLong
TWC-GeoIP-Country
We-Hiring
Webcakes-App-Name
X-Backend-Name
Webcakes-Region
Webcakes-App-Version
TWC-Device-Class
TWC-Locale-Group
X-Cache-Config
X-VWS-Id
TWC-Connection-Speed
X-VG-TLSProxy
X-Viewer-Country
Origin-Edge-Control
Azure-RegionName
Azure-InstanceId
X-Akamai-Request-ID
X-EIG-Tracking-Id
Azure-SiteName
X-Access
Origin-Cache-Control
S-Rt
X-Format
DB-Nickname
Now
X-Debug-Cache
Azure-Version
Azure-SlotName
X-Labrador-Cache-Channel
X-Tumblr-Pixel-3
X-Vgn-Hpd-Reason
X-ServerID
X-TNCMS
X-RCS-CacheZone
X-Section
X-Loop
X-Cache-Remote
X-Web-Node
X-Origin-Response-Time
Content-Style-Type
X-MP-GENERATED-AT
Datacenter
X-FW-Version
Content-Script-Type
X-NCache
X-Xfnlog-Site
X-BYPASS-REASON
X-Via-Fastly
X-Trace-Id
X-CCM
Selected-FE
X-Via-CDN
X-Timing-Wait
X-ProxyCache-Status
X-ProxyCache-Key
X-Human
X-Proxy-Build
X-OCL
X-PCL
NtCoent-Length
X-IP
X-JoinUs
X-Internal-Host
Uber-Trace-Id
X-Cache-Category-Id
Cache-Tag
X-Site-Version
X-Www-Served-By
X-Generated
X-Grey
X-Endurance-Cache-Level
X-VC-Cache
X-Birta-Cache-Post
X-UA
X-Dynatrace-Js-Agent
X-Varnish-Cacheable
X-Birta-Served
X-UnsetCookies
Decoy-Debug-Key
Decoy-Debug-Status
X-Status
Decoy-Debug-TTL
X-Rule
X-GRACE
Served-By
Release
X-EdgeConnect-Cache-Status
X-Newrelic-App-Data
X-TIME
X-CDN-Cache
X-Cluster-Node
X-APP-VERSION
AsisCache
X-B3-Spanid
X-Request-Time
X-Wix-Server-Artifact-Id
X-App-Name
Rt-Fastcgi-Cache
X-NewRelic-App-Data
X-Nginx-Cache
ViewerVersion
X-Wix-Request-Id
DSUID
X-ApacheServer
X-PERF
X-Origin-Host
X-OVcl
X-Hit
X-Source
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Sucuri-ID
X-OVcl-Cache
X-Origin
X-VCT
X-Agile
X-Agile-Id
X-Agile-Age
X-Ua
SRV
Hostname
Cache-Name
X-App-Version
X-Pubstack
X-Origin-CC
X-ElasticPress-Search
X-Origin-TTL
X-A
X-Var-Ttl
X-Accel-Expires-Debug
Www
X-A-Wwc
X-A-Ccd
X-A-Dgt
X-Webstats-RespID
X-VG-WebServer
X-Aed
UCS
X-Varnish-Authentication
X-A-Dcw
X-Application
X-A-Dam
Request-Country
FNAC-ModuleRouting
Fly-Request-Id
Lfy
MD5-Digest
Memcached
Fly-Cache
Ec-Rule-Version
Arc-Country
Ajk
BehaviorPad-Version
Cache-Prefix
Cross-Origin-Window-Policy
Meta-Geo-Continent
Node
Server-Host
Server-Cache-Control
Server-Surrogate-Control
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
Request-Time
Request-EU
On-Server
Origin
Rendered-Blocks
X-Up
Xc-Version
X-ServiceProvider
X-Core-Value
X-Connection-Hash
X-IN-APIGATEWAY
X-D
X-Hp-Webp
X-IN-WAF
X-Instart-Isnd
X-Mobile-URL
X-NodeID
X-Matched-Rule
X-CF-Lambda-Version
X-Logtrace-Id
X-Generated-In
X-Gannett-Site-Version
X-Debug-Cookies
X-Debug-Cache-Store
X-Debug-Log
X-Developer
X-Destination
X-DPWN-IS-SECURE
X-Debug-Cache-Fetch
X-F5-Cache
X-G
X-External-Request-Id
X-Date
X-Debug-Cache-Expiry
X-CF-Lambda-Fn
X-NU-AKA-ACS-Version
X-Sedo-Request-Id
X-Server-Group
X-Secret
X-ScT
X-S-Cookie
X-SRCache-Key
X-Thinkindot-L3
X-Trv-Group
X-Twitter-Response-Tags
X-Transaction
X-B-Cookie
X-Cache-ASPX
X-Cache-Expires
X-Rojux
X-Cache-Miss-From
X-Processor
X-Platform
X-PAYTM-SRV-ID
X-NX-Host
X-Reboot
X-Cache-Info
X-Rewrite-Enabled
X-Cache-Grace
X-Request-UUID
X-Region-Sid
X-Refresh
X-ARC
Thinkindot-Control
X-Cache-Host
Warning
X-Varnish-Ttl
User-Cache-Control
Cteonnt-Length
RNT-Machine
X-Gen-Mode
RNT-Time
X-Fetched-On
ServerName
X-Eu-Site
Server-Int
X-Epic-Correlation-Id
Pramga
X-Info
X-Irp-Debug
X-Key
X-LAGOON
X-Servername
X-Sf
X-SIPLIST1
X-Generated-On
Pagetype
X-Hnp-Log
Proxy-Connection
X-Dispatcher-Server
X-Amzn-Remapped-Content-Length
X-Amzn-Remapped-Connection
X-Cache-Id
X-Swa-Ws
X-Amzn-Remapped-Date
X-Cache-Debug
X-Block-Status
X-Cache-Backend
X-Cache-Bucket
X-Cdn-Srv
X-CGP
True-Client-Country-4JS
X-Device-Os
X-Level-Front-Cache
X-Distil-CS
X-Developers
X-SN
X-Real-Ip
X-Crawler
Web-Mar-Node
X-Distributor
X-Hash
X-Protected-By
Country-Code
X-Qloud-Router
X-RateLimit-Limit-Second
CDCHOST
X-Policy
Fastly-SIE
X-Origin-Expires
X-Page-Type
Fastly-SWR
X-Li-Fabric
X-RateLimit-Remaining-Second
Cache-Cookie-Set-Lfrom
Apple-News-Services-Host
Apple-News-Services-Handled
X-Rebelmouse-Surrogate-Control
X-Request-URI
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
Backend
X-Rebelmouse-Cache-Control
X-Origin-Date
X-PHP-Host
Gh-Request-Id
X-LI-UUID
X-Location
X-Micro-Cache
HA-Ipaddr
Ha-Gx-Prefs
Kp-EeAlive
IsBot
X-Li-Pop
X-LI-Proto
X-Nginx-Cache-Key
X-WPE-Loopback-Upstream-Addr
Pagespeed
X-FireWall-Port
X-Core-Mission
X-Cms-Context
X-GeoIP-Country-Code
X-GeoIP-City
X-C
X-Server-IP
X-Cache-FS-Status
X-TrackingId
X-BBXSRF
X-Bip
X-Edge-Location
X-Gateway-Cache-Status
X-Planisys-CDN-Cache
X-Gateway-Skip-Cache
X-Gateway-Cache-Key
X-ShardId
X-Fastly-Cache
X-ShopId
X-Shopify-Stage
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-No-Session
X-MSEdge-Features
X-Skip-Cache
X-S-Maxage
X-MSEdge-Flight
X-Geo-Header
X-Thanos
X-Wikidot-Static-Cache
X-Varnish-Beresp-Status
X-Wikidot-Backend
X-Varnish-Beresp-Grace
X-Server-Time
X-User
V-Age
X-Ocache
X-BB-ID
X-Sn-Servicetimems
SD-X-WS
X-Variation
X-Via-Edge
X-Via-SSL
AKAMAI
Platform
Content-Disposition
HTTPS
Is-Eu
Fastly-SSL
X-Cdn-Origin
Fastly-Soc-X-Request-Id
User-Agent
X-Auto-Login
X-Backend-Url
X-Backend-State
X-Backend-Host
X-Amz-Meta-Cache-Control
X-Apm-Svc-Key
X-Apm-App-Name
X-Apm-Inst-Hash
Adler-Geo
X-Alternate-Cache-Key
Heartbleed
X-GZip
REQUESTUUID
X-ND-Cache
X-Sucuri-Cache
X-Exp-Se
X-Owner
X-Proxy-Cache-Status
X-Geo
X-Proxy-Upstream
X-RateLimit-Reset
Rt-Proxy-Cache
X-TT-LOGID
Cache
X-Cdn-Forward
X-Edge-IP
Magicmarker
X-B3-Parentspanid
X-Org
Server-ID
Fastly-Backend-Name
X-Served-From
N-Cache
X-Varnish-Url
X-CDN-Forward
MIME-Version
X-FPC
X-NC
X-Pjax-Url
X-Aicache-OS
VivaBuild
Viewtype
X-Gdpr
X-Node-Id
X-Varnish-Beresp-Ttl
X-Dc
X-Git-Hash
X-Parent-Response-Time
Wxu-Next-Hostname
Wxu-Next-Region
Wxu-Next-Commit
X-Load-Cache
X-Host-Name
X-CUA
Powered-By
HostName
X-Nc
X-Datadome
X-CSRF-TOKEN
Pragrma
Memory
Time
X-Daa-Tunnel
X-DC
X-Returned-From-BeforeDispatch
Resin-Trace
X-Passed-To-BeforeDispatch
X-Returned-From
X-Passed-To-DLL
X-Passed-To-PostProcessResponse
X-Passed-To
X-Original-Request
X-Returned-From-DLL
X-Actual-URL
X-Returned-From-PostProcessResponse
X-CACHE-KEY
X-Stale
X-Release
CF-IPCountry
X-Server-By
PICS-Label
X-Svr
Section-Io-Cache
X-HS-Cache-Config
X-Oss-Storage-Class
X-VServer
X-WebServer
Mime-Version
X-TH-Server
X-Croise-Owner
Host-ID
X-Wa
X-Oss-Request-Id
X-Oss-Object-Type
X-Servedbyhost
X-Oss-Server-Time
X-Oss-Hash-Crc64ecma
X-Phone
Cdn-Host
X-Edge-Server
Cdn-Request-Time
X-Upstream-CT
X-Newrelic-Synthetics
AR-SID
X-Upstream-HT
X-Cache-HT
Cdn
X-Optimization
X-Instart-Info
X-Tb-Optimization-Total-Bytes-Saved
Cf-Ipcountry
X-Lb-Id
X-From-Cache
ProcessTime
X-Varnish-Beresp-TTL
SID
Backend-Name
X-Unique-ID
X-Microcachable
X-Worker
X-Req
X-APP
X-Atg-Version
CF-Cached-On
Fastcgi-Useragent
Proxy-Firewall
409pxxline
178proxuri
286prxHost
352pxline
225prxHost
219prxHost
188prxHost
189phosttRef
Xxline
XServer
X-Server-W
355prline
X-Fastly-Backend-Reqs
Processtime
X-Zone
Version
X-B3-SpanId
X-V
Odigeo-Trace-Id
X-Vcl-Version
X-ID
X-Ratelimit-Remaining
X-Check-Cacheable
X-HTML-Minification-Powered-By
X-LB-ID
X-Request-Handler-Origin-Region
X-Ratelimit-Limit
X-Backend-TTL
X-Microsite
X-Akamai-Request-ID2
X-CLOUD-TRACE-CONTEXT
X-CACHE-AGE
X-Nananana
Esi-Enabled
X-IPS-LoggedIn
Accept-Language
X-WR-MODIFICATION
X-Fstrz
SN
X-Contensis-Viewer-Groups
X-VCL-Version
X-AssetVersion
X-Vcache
X-NGINX-Cache
X-Response-By
X-WA
GeoIP-Latitude
X-UPSTREAM-Address
X-CSRF-Token
X-Ratelimit-Reset
X-URL
GeoIP-Country-Code
GMS-Ver
X-ServedByHost
GeoIP-City
Pics-Label
Geoip-Latitude
X-Be
GeoIp-Country-Code
X-Vtex-Processado-Em
X-RequestId
X-Vtex-Remote-Cache
Public-Key-Pins-Report-Only
DataCenter
X-Hyper-Cache
X-Via-NSCOPI
X-SERVER-NAME
Locale
X-Reqid
X-Urbn-Context-Path
X-HS-Status
Fastcgi-X-Cache-Version
Geoip-City
X-Urbn-Site-Id
X-Dynatrace
WZWS-RAY
X-ZONE
X-Request-Start
X-Hello
GW-Server
X-NWS-UUID-VERIFY
X-Amz-Meta-Surrogate-Control
X-Flog
X-ABtesting
X-Via-Ucdn
X-Fastly-Country-Code
X-Render-Time
X-Cdn-Cache
WP-Super-Cache
Mobile-Detection-Method
X-UE-Client-Country
Dnion-Transfer-Encoding
IBM-Web2-Location
Countrycode
X-We-Are-Hiring
X-CS
X-Clientip
X-LiteSpeed-Cache-Control
X-GDPR
X-Unique-Id
Ohc-File-Size
X-GEO
X-Generation-Time
X-BE
SS
URI
CDN
Lb
X-PJAX-URL
X-Presslabs-Stats
X-FORWARDED-FOR
Amp-Access-Control-Allow-Source-Origin
X-HostName
Dynatrace
FastCGI-Cache
X-SRV
Requestid
X-Gen-Id
Serverid
X-Fpc
X-Pf-Uncompressing
Cneonction
X-Cluster-Name
X-Bug-Bounty
X-Cache-Ttl
X-GZIP
RequestUuid
X-Store
FSS-Cache
X-Cache-URL
X-Test
A
FSS-Proxy
X-HS-Combine-CSS
X-LiteSpeed-Tag
X-PF-Uncompressing
Server-Id
X-NGENIX-Cache
X-Akamai-SSL-Client-Sid
X-Request-Url
NnCoection
X-Compress-Hint
GEO-REGION-INFO
RequestId
X-ServerName
X-Got-Non-Ke-Cookie
X-Html-Edge-Cache
X-Serial
Ohc-Response-Time
X-Cdn-Request-ID
Frontcache
Ohc-Cache-HIT
X-EC-Lua
X-Dw-Trace-Id
X-HTML-Edge-Cache
X-Fastly-Cache-Hits