Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
X-Powered-By
Link
ETag
CF-RAY
X-XSS-Protection
Expect-CT
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
CF-Cache-Status
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-Xss-Protection
X-Drupal-Cache
X-Adblock-Key
Alt-Svc
X-Check
X-Cacheable
X-Cache-Status
Content-Security-Policy-Report-Only
X-Generator
X-Request-ID
CF-Ray
X-DNS-Prefetch-Control
X-Permitted-Cross-Domain-Policies
X-AspNetMvc-Version
X-Template
X-Language
Status
X-Iinfo
Content-Encoding
Timing-Allow-Origin
X-FRAME-OPTIONS
X-Content-Security-Policy
X-Buckets
Upgrade
Xkey
X-Turbo-Charged-By
X-Kinja-Server-Push
X-CDN
Keep-Alive
Access-Control-Expose-Headers
X-AH-Environment
X-Backend
Access-Control-Max-Age
X-Cache-Group
X-Pass-Why
X-Drupal-Dynamic-Cache
X-Age
X-Server
X-Ua-Compatible
X-Pingback
X-Via
X-Proxy-Cache
X-Amz-Request-Id
X-Amz-Id-2
Grace
X-Hacker
X-Varnish-Cache
X-Robots-Tag
X-Page-Speed
X-Server-Powered-By
X-Nginx-Cache-Status
WPE-Backend
X-UA-Device
EagleId
Request-Context
X-Envoy-Upstream-Service-Time
P3p
Cf-Railgun
X-Amz-Version-Id
X-LiteSpeed-Cache
X-Swift-CacheTime
X-Swift-SaveTime
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
Ali-Swift-Global-Savetime
X-Device
X-OneAgent-JS-Injection
X-WebKit-CSP
Server-Timing
Allow
X-Rq
X-Ac
X-Node
X-Host
X-Server-Id
Content-Location
Feature-Policy
X-Cnection
X-Response-Time
Report-To
X-CST
X-Cloud-Trace-Context
X-Backend-Server
EagleEye-TraceId
Surrogate-Control
X-Application-Context
X-ORACLE-DMS-ECID
X-Iejgwucgyu
X-Url
Request-Id
X-Origin-Cache
X-Readtime
X-Rack-Cache
X-Country
X-FTR-Request-ID
X-Cache-Lookup
X-Country-Code
X-Clacks-Overhead
Rating
X-Instart-Request-ID
NEL
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Ruxit-JS-Agent
X-Vhost
X-Type
Pinterest-Generated-By
X-DynaTrace
X-Cdn
X-DataDome
X-Mod-Pagespeed
X-Origin-Upstream-Status
Edge-Control
X-Px
X-Goog-Hash
Accept-CH
X-HW
X-Server-Name
Verso
X-Dispatcher
X-ESI
MS-Author-Via
X-Upstream-Env
X-VARITI-CCR
AR-CACHE
AR-PoweredBy
AR-ATIME
X-Mobile-Rewrite
PB-PID
Arc-Version
PB-RID
X-MS-InvokeApp
X-Kinja-Build
X-Kinja-Revision
X-Kinja
X-Cdn-Fetch
X-Exp-Id
X-Exp-Variant
X-GoogleNews-Bot
X-Kinja-Server
X-ORACLE-DMS-RID
X-GitHub-Request-Id
X-Use-Magma
X-DataStream-Cache-Status
X-Cached
Public-Key-Pins
X-Version
X-Powered-By-Plesk
Content-MD5
X-TTL
Service-Worker-Allowed
Accept-CH-Lifetime
AR-Request-ID
X-Recruiting
X-D2id
X-Navigation-Version
Ar-Sid
Charset
RTSS
X-Abt-Application-Version
X-Amz-Server-Side-Encryption
X-Vname
X-TtlSet
X-PC
X-Ser
X-Vcap-Request-Id
X-Varnish-TTL
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Forwarded-Proto
X-Client-IP
X-Trace
SPRequestGuid
Nginx-Cache
X-DynaTrace-JS-Agent
X-FTR-DC
X-FTR-Realm
X-FTR-Balancer
X-Server-ID
X-Country-Code-Real
X-FTR-Backend
X-FTR-Cache-Status
X-FTR-Backend-Server
X-FTR-Expires
X-Webkit-CSP
X-Oracle-Dms-Rid
DynaTrace
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Generation
X-VCache
X-Amz-Rid
S
X-Fastly-Request-ID
X-Debug
X-Amz-Meta-S3cmd-Attrs
X-SharePointHealthScore
X-Hits
TCN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-Dw-Request-Base-Id
X-Upstream-Proxy
X-Pinterest-Rid
Pinterest-Version
Arr-Disable-Session-Affinity
X-Akam-SW-Version
X-Shield-Request-Id
SPRequestDuration
SPIisLatency
X-XRDS-Location
X-Powered-CMS
X-T
Access-Control-Request-Method
X-FTR-Cache-Host
X-B3-TraceId
X-Goog-Storage-Class
X-Id
Realpath
X-Aspnet-Version
Tracecode
X-NF-Request-ID
X-MSEdge-Ref
X-Amzn-Trace-Id
X-Acc-Meta-Resource-Type
Front-End-Https
X-N
Fastcgi-Cache
X-Varnish-Age
X-Content-Type
X-Forwarded-For
X-Ttl
Paypal-Debug-Id
X-Upstream
X-Mrf-Section-Lastmod
X-B3-TraceId-Primal
X-Mrf-Item-Lastmod
Mrf-Cache-Status
MRF-Tech
Alternate-Protocol
X-Fastcgi-Cache
X-Content-Digest
X-Frontend
X-Logged-In
X-HS-Hub-Id
X-HS-Content-Id
X-RateLimit-Remaining
X-Middleton-Response
Response
X-Sol
X-Middleton-Display
Display
Fusion-Content-Id
Fusion-Template-Id
Fusion-Content-Source
Fusion-Component-Id
Fusion-Source
X-Litespeed-Cache
X-PressLabs-Stats
X-Pad
X-Srv
X-Hostname
AMP-Access-Control-Allow-Source-Origin
X-Cache-Key
X-Accel-Expires
Host
MicrosoftSharePointTeamServices
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
X-B3-Traceid
X-Correlation-Id
Server-Name
Backend-Timing
X-Analytics
X-Kinsta-Cache
X-LB-Cache
ServerID
X-AppVersion
X-Az
X-Activity-Id
X-Content-Options
X-Rid
Surrogate-Key
X-Debug-Info
X-IPLB-Instance
X-User-Agent
X-Amz-Apigw-Id
X-Revision
X-Amzn-RequestId
X-B3-Sampled
X-Cache-Hit
Accept-Charset
FilterID
X-Grace
X-Cache-2
Refresh
Powered-By-ChinaCache
X-B
X-CF-Powered-By
X-Request-Received
X-Page-Id
X-Request-Processing-Time
TP-Cache
TP-L2-Cache
X-Whom
X-DIS-Request-ID
MS-CV
X-Accel-Buffering
Server-Info
Host-Header
X-Cached-By
X-PHP-Backend
Cache-Status
X-Ruxit-Js-Agent
X-TT
X-Varnish-Backend
X-Akamai-Edgescape
X-App-Environment
X-Amz-Replication-Status
X-Origin-Server
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Framework
X-Cluster
X-F-Cache
X-Platform-Server
X-Tumblr-User
X-Mobile
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
PageSpeed
X-Content-Powered-By
X-Varnish-Grace
Source
X-Content-Security-Policy-Report-Only
Access-Control-Allow-Method
X-FW-Server
X-Cache-Action
X-UA-Device-Type
X-FW-Type
X-Kong-Upstream-Latency
X-FW-Serve
X-Request-Guid
X-FB-Debug
X-FW-Hash
X-Kong-Proxy-Latency
X-FW-Static
X-Drupal-Cache-Tags
X-GUploader-UploadID
X-Instance
X-Forwarded-Host
X-Cache-TTL
X-Geo-Country
X-Ezoic-Cdn
X-Shard
X-Node-Name
X-RateLimit-Limit
Edge-Cache-Tag
X-TA-CDN-Provider
X-FastCGI-Cache
X-Zen-Fury
X-Handled-By
X-SS-Set-Cookie
X-Oneagent-Js-Injection
From-Origin
X-Magnolia-Registration
X-Varnish-Hostname
Fastly-Restarts
Cache-Tags
X-BCube-Filmed-By
X-Cache-Age
X-ATG-Version
X-XRDS-LOCATION
X-AOL-HN
X-Cache-Control
X-Varnish-Server
X-Cache-Rule
DC
Upgrade-Insecure-Requests
Healthy
X-SERVER
X-App-Server
Cleartype
Server-Node
Payment
X-RequestSource
Retry-After
X-Response-Served-From
Country
X-Storage
X-TX-ID
X-Adobe-Content
X-B-Cache
Webserver
X-Adobe-Loc
X-Signature
X-GeoIP
X-Dns-Prefetch-Control
X-Tumblr-Pixel-1
Actual-Object-TTL
X-Tumblr-Pixel-2
Filters
X-TT-TIMESTAMP
X-WebKit-CSP-Report-Only
X-Region
X-UUID
X-Redis-Cache
X-VG-WebCache
Ms-Operation-Id
X-RTag
X-Drupal-Cache-Contexts
Powered
Cache-Tv-Group
X-Jobs
X-FW-Dynamic
X-Generated-By
X-Content-Age
X-Cacheable-TTL
X-Locale
X-Varnish-Hits
CACHE
Frame-Options
NGB
GEO-INFO
X-WA-Info
ServedBy
Liferay-Portal
X-Contextid
HitType
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Cache-NE
X-Rendered-As
X-Varnish-IP
X-Cache-TTL-Remaining
X-RemovedCookies
X-ProcessESI
Eomportal-Instance
X-Real-IP
X-Via-JSL
X-Guploader-Uploadid
Nel
X-Seen-By
X-Cache-Operation
S-Cnection
X-Esi
X-BACKEND-TTL
Viewport
X-Upgrade-Enabled
X-NWS-LOG-UUID
Xserver
X-Mode
X-Cache-Server
X-Varnish-Cache-Hits
X-Proxied
X-Cache-Enabled
X-Cache-Var
X-Cache-Var-Map
Mn-Server-Ip
Machine
OT-Force-Account-Verify
Load-Balancing
X-Detected-As
X-Device-Type
X-Proto
X-RN-RSRV
X-Routing-Service
X-Path-Route
X-Is-Bot
X-ES-SERVER
X-From
X-Zipkin-Id
Meta-Geo
X-Time
X-S
Property-Id
X-Tb
Webcakes-App-Version
Webcakes-App-Name
TWC-Locale-Group
X-FC-Vary-Parameters
X-FB-TRIP-ID
TWC-Connection-Speed
X-Akamai-Transformed
TWC-GeoIP-Country
TWC-GeoIP-LatLong
X-AWS-Id
X-Backend-Name
X-VWS-Id
TWC-Device-Class
X-VG-TLSProxy
X-Hosted-By
LB
X-R9-Blue-Green-Version
X-Proxy
X-Rocket-Nginx-Bypass
X-Time-Microsecs
TWC-Privacy
Access-Control-Request-Headers
Cache-Hits
Cache-Key
X-LJ-Flow-ID
NGX
Webcakes-Region
Mail-Subject
L5d-Success-Class
X-Origin-Hint
We-Hiring
X-Hl-Ver
Now
Azure-SlotName
Azure-Version
DB-Nickname
Origin-Cache-Control
Origin-Edge-Control
X-Cache-Config
X-MP-GENERATED-AT
X-Tumblr-Pixel-3
X-Loop
X-Origin-Response-Time
X-TNCMS
X-ServerID
X-Section
X-RCS-CacheZone
X-L-Path
X-Format
Azure-SiteName
X-Akamai-Request-ID
X-Access
X-Viewer-Country
X-Debug-Cache
X-Environment-Context
X-EIG-Tracking-Id
X-Vgn-Hpd-Reason
Vix-Hermes-Req-Id
S-Rt
Content-Style-Type
Azure-RegionName
Content-Script-Type
Datacenter
X-NCache
Azure-InstanceId
X-FW-Version
X-JoinUs
X-Proxy-Build
X-Cache-Remote
Selected-FE
X-OCL
X-Human
NtCoent-Length
X-ProxyCache-Key
X-Xfnlog-Site
X-PCL
X-Timing-Wait
X-Web-Node
X-CCM
X-BYPASS-REASON
X-ProxyCache-Status
X-Via-Fastly
X-IP
X-Labrador-Cache-Channel
X-Via-CDN
X-Internal-Host
X-Generated
X-Cache-Category-Id
X-Grey
Uber-Trace-Id
X-Www-Served-By
X-Trace-Id
Cache-Tag
X-Site-Version
X-Endurance-Cache-Level
X-VC-Cache
X-Birta-Served
X-Varnish-Cacheable
X-Birta-Cache-Post
X-Dynatrace-Js-Agent
Decoy-Debug-Key
X-Status
Decoy-Debug-TTL
X-UA
X-UnsetCookies
Decoy-Debug-Status
Served-By
X-Rule
X-GRACE
Release
X-EdgeConnect-Cache-Status
X-Newrelic-App-Data
X-TIME
X-CDN-Cache
AsisCache
X-Cluster-Node
X-APP-VERSION
X-Wix-Server-Artifact-Id
X-Request-Time
X-B3-Spanid
X-NewRelic-App-Data
X-Nginx-Cache
X-App-Name
Rt-Fastcgi-Cache
DSUID
X-Origin-Host
X-PERF
X-Wix-Request-Id
ViewerVersion
X-ApacheServer
X-OVcl
X-Source
X-Hit
X-Origin
X-Sucuri-ID
X-OVcl-Cache
X-Goog-Meta-Goog-Reserved-File-Mtime
X-VCT
X-Agile-Id
X-Agile
X-Agile-Age
X-Ua
SRV
Cache-Name
X-App-Version
X-Origin-TTL
X-Origin-CC
Request-EU
Server-Surrogate-Control
Thinkindot-Control
Thinkindot-CacheControl
UCS
Server-Host
Www
Server-Cache-Control
Request-Time
Fly-Request-Id
Cross-Origin-Window-Policy
Cache-Prefix
BehaviorPad-Version
MD5-Digest
Lfy
Fly-Cache
Ec-Rule-Version
FNAC-ModuleRouting
Arc-Country
Memcached
X-A
Ajk
Rendered-Blocks
On-Server
X-A-Dam
Meta-Geo-Continent
X-A-Ccd
Node
Request-Country
X-Core-Value
X-Refresh
X-Reboot
X-Region-Sid
X-Request-UUID
X-Rojux
X-Rewrite-Enabled
X-Pubstack
X-Processor
X-Mobile-URL
X-Matched-Rule
X-NU-AKA-ACS-Version
X-PAYTM-SRV-ID
X-Platform
X-S-Cookie
X-ScT
X-Up
X-Twitter-Response-Tags
X-Varnish-Authentication
X-VG-WebServer
Xc-Version
X-Webstats-RespID
X-Trv-Group
X-Transaction
X-Server-Group
X-Sedo-Request-Id
X-ServiceProvider
X-SRCache-Key
X-Thinkindot-L3
X-Logtrace-Id
X-Instart-Isnd
X-Cache-Grace
X-Cache-ASPX
X-Cache-Miss-From
X-CF-Lambda-Fn
X-Connection-Hash
X-CF-Lambda-Version
X-B-Cookie
X-ARC
X-A-Wwc
X-A-Dgt
X-Accel-Expires-Debug
X-Aed
X-Application
X-D
X-Date
X-G
X-F5-Cache
X-Generated-In
X-Hp-Webp
X-IN-WAF
X-IN-APIGATEWAY
X-External-Request-Id
X-DPWN-IS-SECURE
X-Debug-Cache-Fetch
X-Debug-Cache-Expiry
X-Debug-Cache-Store
X-Destination
X-Developer
X-A-Dcw
Thinkindot-CacheControl-Type
Warning
Hostname
X-Varnish-Ttl
X-Cache-Host
Cteonnt-Length
X-ElasticPress-Search
User-Cache-Control
X-Micro-Cache
X-NodeID
X-NX-Host
Origin
X-Fetched-On
Pagetype
X-Nginx-Cache-Key
X-Origin-Date
X-Epic-Correlation-Id
X-Policy
X-Protected-By
X-Qloud-Router
IsBot
Kp-EeAlive
X-Eu-Site
X-Distributor
X-Distil-CS
X-Origin-Expires
Pramga
X-Hash
X-Hnp-Log
X-Info
RNT-Time
Server-Int
ServerName
X-Gen-Mode
X-Generated-On
X-Gannett-Site-Version
Web-Mar-Node
RNT-Machine
X-Irp-Debug
X-LI-Proto
Proxy-Connection
HA-Ipaddr
X-LI-UUID
X-Li-Pop
X-Li-Fabric
X-Key
X-LAGOON
X-Level-Front-Cache
X-Location
Ha-Gx-Prefs
X-Amzn-Remapped-Date
Backend
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
CDCHOST
X-Amzn-Remapped-Content-Length
True-Client-Country-4JS
Apple-News-Services-Host
Apple-News-Services-Handled
X-Cache-Debug
X-Cache-Bucket
X-Block-Status
X-Cache-Expires
X-Var-Ttl
X-CGP
X-Cdn-Srv
X-Cache-Info
X-SN
Cache-Cookie-Set-Lfrom
X-Secret
Gh-Request-Id
X-Debug-Log
X-Dispatcher-Server
X-Amzn-Remapped-Connection
X-Developers
X-Device-Os
X-RateLimit-Remaining-Second
X-Servername
Country-Code
X-SIPLIST1
X-RateLimit-Limit-Second
X-Crawler
X-Sf
X-Debug-Cookies
X-FireWall-Port
X-WPE-Loopback-Upstream-Addr
Pagespeed
Cache
X-Cache-Backend
X-Gateway-Cache-Status
X-Gateway-Cache-Key
X-Core-Mission
X-Fastly-Cache
X-Edge-Location
X-Cache-FS-Status
X-Cache-Id
X-Cms-Context
X-No-Session
X-Thanos
User-Agent
X-TrackingId
X-Swa-Ws
X-Sorting-Hat-ShopId
X-Skip-Cache
X-Sorting-Hat-PodId
X-User
X-Variation
V-Age
X-Server-Time
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-Via-Edge
X-Via-SSL
X-Shopify-Stage
X-ShopId
X-Page-Type
X-PHP-Host
X-Planisys-CDN-Cache
X-MSEdge-Flight
X-GeoIP-Country-Code
X-Geo-Header
X-GeoIP-City
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Server-IP
X-ShardId
X-S-Maxage
X-Request-URI
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-Gateway-Skip-Cache
X-MSEdge-Features
X-Alternate-Cache-Key
Heartbleed
AKAMAI
HTTPS
Adler-Geo
X-Amz-Meta-Cache-Control
Content-Disposition
Fastly-SIE
Fastly-Soc-X-Request-Id
Fastly-SSL
Fastly-SWR
Is-Eu
X-Ocache
X-BB-ID
X-Backend-Url
X-BBXSRF
SD-X-WS
X-Bip
X-Backend-State
X-Backend-Host
Platform
X-Auto-Login
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-C
X-GZip
X-Owner
X-Proxy-Cache-Status
X-Proxy-Upstream
X-RateLimit-Reset
X-TT-LOGID
X-Cdn-Origin
X-Apm-Svc-Key
X-Apm-Inst-Hash
X-Sn-Servicetimems
REQUESTUUID
X-ND-Cache
Rt-Proxy-Cache
X-Apm-App-Name
X-Exp-Se
X-Sucuri-Cache
X-Cdn-Forward
X-Edge-IP
X-Real-Ip
X-Served-From
Magicmarker
N-Cache
X-Varnish-Url
X-Org
Server-ID
X-Geo
Fastly-Backend-Name
X-B3-Parentspanid
X-CDN-Forward
X-NC
MIME-Version
X-FPC
X-Node-Id
X-Pjax-Url
X-Aicache-OS
X-Gdpr
VivaBuild
Viewtype
HostName
X-Dc
X-Git-Hash
X-Varnish-Beresp-Ttl
Wxu-Next-Commit
Wxu-Next-Hostname
Wxu-Next-Region
X-Load-Cache
X-Nc
X-CUA
X-Host-Name
Powered-By
X-Parent-Response-Time
X-Datadome
CF-IPCountry
X-CSRF-TOKEN
Pragrma
Memory
Time
X-Daa-Tunnel
X-DC
X-Passed-To-PostProcessResponse
X-Actual-URL
X-Passed-To-BeforeDispatch
X-Original-Request
X-Passed-To
X-Passed-To-DLL
PICS-Label
Resin-Trace
X-Returned-From-BeforeDispatch
X-Release
X-Returned-From-DLL
X-Returned-From-PostProcessResponse
X-Returned-From
X-Server-By
X-Stale
Section-Io-Cache
X-CACHE-KEY
X-Svr
Mime-Version
X-WebServer
X-Servedbyhost
X-Oss-Server-Time
X-TH-Server
X-VServer
Host-ID
X-Croise-Owner
X-HS-Cache-Config
X-Oss-Hash-Crc64ecma
X-Wa
X-Oss-Storage-Class
X-Oss-Object-Type
X-Oss-Request-Id
Cdn-Request-Time
Cdn-Host
X-Phone
X-Edge-Server
AR-SID
X-Cache-HT
X-Optimization
X-Upstream-HT
Cdn
X-Newrelic-Synthetics
X-Upstream-CT
X-Instart-Info
X-Tb-Optimization-Total-Bytes-Saved
X-Lb-Id
X-From-Cache
X-Varnish-Beresp-TTL
ProcessTime
X-Unique-ID
SID
Backend-Name
X-Microcachable
Cf-Ipcountry
X-Worker
X-APP
X-Req
X-Atg-Version
CF-Cached-On
X-Fastly-Backend-Reqs
Fastcgi-Useragent
188prxHost
178proxuri
225prxHost
Processtime
XServer
189phosttRef
219prxHost
Xxline
X-Server-W
355prline
409pxxline
Proxy-Firewall
352pxline
286prxHost
X-ID
X-V
X-Vcl-Version
X-B3-SpanId
Version
Odigeo-Trace-Id
X-Ratelimit-Remaining
X-Backend-TTL
X-Request-Handler-Origin-Region
X-Ratelimit-Limit
X-LB-ID
X-HTML-Minification-Powered-By
X-Zone
X-Check-Cacheable
X-Microsite
X-Akamai-Request-ID2
X-CACHE-AGE
X-CLOUD-TRACE-CONTEXT
X-Nananana
Accept-Language
X-Fstrz
Esi-Enabled
X-IPS-LoggedIn
X-WR-MODIFICATION
X-Vcache
X-Response-By
X-WA
SN
X-Contensis-Viewer-Groups
X-VCL-Version
X-NGINX-Cache
X-AssetVersion
Pics-Label
X-Ratelimit-Reset
X-CSRF-Token
X-UPSTREAM-Address
GeoIP-City
GeoIP-Country-Code
GMS-Ver
X-URL
X-ServedByHost
GeoIP-Latitude
Geoip-Latitude
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
GeoIp-Country-Code
X-Be
X-RequestId
Public-Key-Pins-Report-Only
DataCenter
X-ZONE
X-Urbn-Site-Id
X-Hyper-Cache
Geoip-City
Locale
X-Reqid
X-Urbn-Context-Path
X-Via-NSCOPI
Fastcgi-X-Cache-Version
X-SERVER-NAME
X-HS-Status
X-Dynatrace
WZWS-RAY
X-Render-Time
X-Fastly-Country-Code
GW-Server
X-Via-Ucdn
X-Hello
X-Flog
X-ABtesting
X-Amz-Meta-Surrogate-Control
X-Request-Start
X-NWS-UUID-VERIFY
WP-Super-Cache
X-Cdn-Cache
X-CS
X-Clientip
IBM-Web2-Location
X-UE-Client-Country
Countrycode
X-GDPR
Mobile-Detection-Method
X-LiteSpeed-Cache-Control
X-We-Are-Hiring
Dnion-Transfer-Encoding
Ohc-File-Size
X-Unique-Id
X-GEO
X-PJAX-URL
Lb
X-BE
X-Generation-Time
SS
URI
CDN
X-SRV
X-FORWARDED-FOR
Dynatrace
X-HostName
Amp-Access-Control-Allow-Source-Origin
FastCGI-Cache
X-Presslabs-Stats
X-Cluster-Name
Cneonction
Serverid
X-Gen-Id
X-Pf-Uncompressing
X-Fpc
X-Bug-Bounty
Requestid
X-Cache-Ttl
X-GZIP
FSS-Cache
RequestUuid
X-Store
FSS-Proxy
X-HS-Combine-CSS
Server-Id
A
X-Compress-Hint
X-PF-Uncompressing
X-Test
X-Cache-URL
X-LiteSpeed-Tag
X-Akamai-SSL-Client-Sid
X-NGENIX-Cache
RequestId
X-Dw-Trace-Id
GEO-REGION-INFO
X-ServerName
Ohc-Cache-HIT
X-Fastly-Cache-Hits
X-HTML-Edge-Cache
X-Serial
Ohc-Response-Time
X-Cdn-Request-ID
X-Html-Edge-Cache
X-EC-Lua
Frontcache
NnCoection
X-Request-Url