Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
X-Powered-By
Link
ETag
CF-RAY
X-XSS-Protection
Expect-CT
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
CF-Cache-Status
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-Xss-Protection
X-Drupal-Cache
X-Adblock-Key
Alt-Svc
X-Check
X-Cacheable
X-Cache-Status
Content-Security-Policy-Report-Only
X-Generator
X-Request-ID
CF-Ray
X-DNS-Prefetch-Control
X-Permitted-Cross-Domain-Policies
X-AspNetMvc-Version
X-Template
X-Language
Status
X-Iinfo
Content-Encoding
Timing-Allow-Origin
X-FRAME-OPTIONS
X-Content-Security-Policy
X-Buckets
Upgrade
Xkey
X-Turbo-Charged-By
X-Kinja-Server-Push
X-CDN
Keep-Alive
Access-Control-Expose-Headers
X-AH-Environment
X-Backend
Access-Control-Max-Age
X-Cache-Group
X-Pass-Why
X-Drupal-Dynamic-Cache
X-Age
X-Server
X-Ua-Compatible
X-Pingback
X-Via
X-Proxy-Cache
X-Amz-Request-Id
X-Amz-Id-2
Grace
X-Hacker
X-Varnish-Cache
X-Robots-Tag
X-Page-Speed
X-Server-Powered-By
X-Nginx-Cache-Status
WPE-Backend
X-UA-Device
EagleId
Request-Context
X-Envoy-Upstream-Service-Time
P3p
Cf-Railgun
X-Amz-Version-Id
X-Swift-SaveTime
X-Swift-CacheTime
X-LiteSpeed-Cache
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
Ali-Swift-Global-Savetime
X-Device
X-OneAgent-JS-Injection
X-WebKit-CSP
Server-Timing
Allow
X-Rq
X-Ac
X-Node
X-Host
X-Server-Id
Content-Location
Feature-Policy
X-Cnection
X-Response-Time
Report-To
X-CST
X-Cloud-Trace-Context
X-Backend-Server
EagleEye-TraceId
Surrogate-Control
X-Application-Context
X-ORACLE-DMS-ECID
X-Iejgwucgyu
X-Url
Request-Id
X-Readtime
X-Origin-Cache
X-Rack-Cache
X-Country
X-FTR-Request-ID
X-Cache-Lookup
X-Clacks-Overhead
X-Country-Code
Rating
X-Instart-Request-ID
NEL
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Ruxit-JS-Agent
X-Vhost
X-Type
Pinterest-Generated-By
X-DynaTrace
X-Cdn
X-DataDome
X-Mod-Pagespeed
X-Origin-Upstream-Status
Edge-Control
X-Px
X-Goog-Hash
Accept-CH
X-HW
X-Server-Name
Verso
X-Dispatcher
X-ESI
MS-Author-Via
X-Upstream-Env
X-VARITI-CCR
AR-PoweredBy
AR-CACHE
AR-ATIME
X-Mobile-Rewrite
PB-RID
X-MS-InvokeApp
PB-PID
Arc-Version
X-Kinja-Build
X-Kinja-Revision
X-Kinja
X-Cdn-Fetch
X-Exp-Id
X-Exp-Variant
X-GoogleNews-Bot
X-Kinja-Server
X-ORACLE-DMS-RID
X-GitHub-Request-Id
X-Use-Magma
X-DataStream-Cache-Status
X-Cached
Public-Key-Pins
X-Version
X-Powered-By-Plesk
Content-MD5
X-TTL
Service-Worker-Allowed
Accept-CH-Lifetime
AR-Request-ID
X-Recruiting
X-D2id
X-Navigation-Version
Ar-Sid
RTSS
Charset
X-Abt-Application-Version
X-Vname
X-TtlSet
X-PC
X-Amz-Server-Side-Encryption
X-Ser
X-Vcap-Request-Id
X-Varnish-TTL
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Forwarded-Proto
X-Client-IP
X-Trace
SPRequestGuid
Nginx-Cache
X-DynaTrace-JS-Agent
X-FTR-DC
X-FTR-Realm
X-FTR-Balancer
X-Server-ID
X-Country-Code-Real
X-FTR-Backend
X-FTR-Cache-Status
X-FTR-Backend-Server
X-FTR-Expires
X-Webkit-CSP
X-Oracle-Dms-Rid
DynaTrace
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Generation
X-VCache
X-Amz-Rid
S
X-Debug
X-Amz-Meta-S3cmd-Attrs
X-Fastly-Request-ID
X-SharePointHealthScore
TCN
X-Hits
X-Dw-Request-Base-Id
X-Upstream-Proxy
X-TEC-API-VERSION
X-TEC-API-ROOT
Pinterest-Version
X-TEC-API-ORIGIN
X-Pinterest-Rid
Arr-Disable-Session-Affinity
X-Akam-SW-Version
X-Shield-Request-Id
SPRequestDuration
SPIisLatency
X-XRDS-Location
X-Powered-CMS
X-T
Access-Control-Request-Method
X-FTR-Cache-Host
X-B3-TraceId
X-Goog-Storage-Class
X-Id
Realpath
X-Aspnet-Version
X-Litespeed-Cache
Tracecode
X-MSEdge-Ref
X-NF-Request-ID
X-Acc-Meta-Resource-Type
X-Amzn-Trace-Id
Front-End-Https
X-N
Fastcgi-Cache
X-Varnish-Age
X-Content-Type
X-Forwarded-For
X-Ttl
Paypal-Debug-Id
X-Upstream
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
X-B3-TraceId-Primal
Mrf-Cache-Status
MRF-Tech
Alternate-Protocol
X-Fastcgi-Cache
X-Content-Digest
X-Frontend
X-Logged-In
X-HS-Hub-Id
X-HS-Content-Id
X-RateLimit-Remaining
X-Middleton-Response
Response
X-Sol
X-Middleton-Display
Display
Fusion-Content-Id
Fusion-Template-Id
Fusion-Content-Source
Fusion-Component-Id
Fusion-Source
X-PressLabs-Stats
X-Pad
X-Hostname
X-Srv
AMP-Access-Control-Allow-Source-Origin
X-Cache-Key
X-Accel-Expires
Host
MicrosoftSharePointTeamServices
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
X-B3-Traceid
X-Analytics
Backend-Timing
X-Correlation-Id
Server-Name
X-Kinsta-Cache
X-AppVersion
ServerID
X-Az
X-Activity-Id
X-LB-Cache
X-User-Agent
X-Revision
X-Debug-Info
X-Content-Options
X-Rid
X-IPLB-Instance
X-B3-Sampled
Surrogate-Key
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Cache-Hit
Accept-Charset
FilterID
X-Grace
X-Cache-2
Refresh
Powered-By-ChinaCache
X-CF-Powered-By
X-B
X-Request-Received
X-Page-Id
X-Request-Processing-Time
TP-L2-Cache
TP-Cache
X-Whom
X-DIS-Request-ID
MS-CV
X-Accel-Buffering
Server-Info
Host-Header
X-PHP-Backend
X-Ruxit-Js-Agent
Cache-Status
X-Cached-By
X-Varnish-Backend
X-TT
X-Akamai-Edgescape
X-App-Environment
X-Origin-Server
X-Cluster
X-Tumblr-Pixel
X-Framework
X-Tumblr-Pixel-0
X-F-Cache
X-Platform-Server
X-Amz-Replication-Status
X-Mobile
X-Tumblr-User
VIX-Pulpo-Upstream-Status
PageSpeed
X-Content-Powered-By
X-Varnish-Grace
VIX-Pulpo-Node
Source
X-Content-Security-Policy-Report-Only
Access-Control-Allow-Method
X-FW-Server
X-Cache-Action
X-Request-Guid
X-Kong-Upstream-Latency
X-FB-Debug
X-UA-Device-Type
X-FW-Type
X-FW-Hash
X-Kong-Proxy-Latency
X-FW-Static
X-Drupal-Cache-Tags
X-FW-Serve
X-GUploader-UploadID
X-Instance
X-Forwarded-Host
X-Geo-Country
X-Ezoic-Cdn
X-Cache-TTL
X-Shard
X-Node-Name
X-RateLimit-Limit
Edge-Cache-Tag
X-TA-CDN-Provider
X-FastCGI-Cache
X-Zen-Fury
X-Handled-By
X-SS-Set-Cookie
X-Oneagent-Js-Injection
From-Origin
X-Magnolia-Registration
X-Varnish-Hostname
Fastly-Restarts
Cache-Tags
X-BCube-Filmed-By
X-Cache-Age
X-ATG-Version
X-XRDS-LOCATION
X-AOL-HN
X-Cache-Control
X-Varnish-Server
X-Cache-Rule
DC
Healthy
Upgrade-Insecure-Requests
X-App-Server
Cleartype
X-SERVER
Payment
Server-Node
Retry-After
X-RequestSource
X-Response-Served-From
Country
X-Adobe-Content
X-B-Cache
Webserver
X-Adobe-Loc
X-Signature
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-Dns-Prefetch-Control
Filters
X-GeoIP
Ms-Operation-Id
X-RTag
X-UUID
X-TX-ID
X-Redis-Cache
X-WebKit-CSP-Report-Only
Actual-Object-TTL
X-VG-WebCache
X-Region
X-Drupal-Cache-Contexts
X-Jobs
X-Storage
Powered
X-TT-TIMESTAMP
Cache-Tv-Group
X-FW-Dynamic
X-Content-Age
X-Locale
X-Cacheable-TTL
X-Generated-By
X-Varnish-Hits
CACHE
NGB
Frame-Options
GEO-INFO
X-WA-Info
ServedBy
Liferay-Portal
X-Contextid
HitType
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Rendered-As
X-Cache-NE
X-Cache-TTL-Remaining
X-Varnish-IP
X-RemovedCookies
X-ProcessESI
X-Real-IP
Eomportal-Instance
X-Guploader-Uploadid
X-Via-JSL
X-Seen-By
X-Cache-Operation
Nel
X-Esi
X-BACKEND-TTL
Viewport
X-Upgrade-Enabled
S-Cnection
X-NWS-LOG-UUID
X-Mode
X-Varnish-Cache-Hits
X-Cache-Server
Xserver
X-Proxied
X-Cache-Enabled
X-Cache-Var
X-Cache-Var-Map
Mn-Server-Ip
Machine
OT-Force-Account-Verify
Load-Balancing
X-Detected-As
X-Device-Type
X-Proto
X-RN-RSRV
X-Routing-Service
X-Path-Route
X-Is-Bot
X-ES-SERVER
X-From
X-Zipkin-Id
Meta-Geo
X-Time
X-S
X-FC-Vary-Parameters
X-FB-TRIP-ID
TWC-GeoIP-Country
We-Hiring
TWC-Device-Class
TWC-Connection-Speed
X-Hosted-By
X-Hl-Ver
TWC-GeoIP-LatLong
TWC-Locale-Group
LB
Webcakes-Region
Webcakes-App-Version
TWC-Privacy
X-AWS-Id
X-LJ-Flow-ID
X-Akamai-Transformed
X-Backend-Name
Webcakes-App-Name
Property-Id
L5d-Success-Class
Mail-Subject
X-VG-TLSProxy
Cache-Hits
X-VWS-Id
Access-Control-Request-Headers
X-Tb
NGX
X-R9-Blue-Green-Version
X-Origin-Hint
X-Rocket-Nginx-Bypass
X-Proxy
Vix-Hermes-Req-Id
Azure-Version
Azure-SlotName
DB-Nickname
S-Rt
Origin-Cache-Control
Now
Origin-Edge-Control
X-EIG-Tracking-Id
X-TNCMS
X-Time-Microsecs
X-ServerID
X-Section
X-Tumblr-Pixel-3
X-Vgn-Hpd-Reason
X-NCache
X-FW-Version
X-Viewer-Country
X-RCS-CacheZone
X-Origin-Response-Time
Azure-SiteName
X-Debug-Cache
X-Akamai-Request-ID
X-Environment-Context
X-Format
X-MP-GENERATED-AT
X-Loop
X-L-Path
X-Access
X-Cache-Config
Datacenter
Content-Script-Type
Azure-RegionName
Azure-InstanceId
Content-Style-Type
X-JoinUs
X-OCL
X-PCL
X-Human
X-BYPASS-REASON
NtCoent-Length
X-Proxy-Build
X-IP
X-Timing-Wait
X-Via-Fastly
X-Web-Node
X-Xfnlog-Site
X-Via-CDN
X-Cache-Remote
X-ProxyCache-Status
Selected-FE
X-ProxyCache-Key
X-Labrador-Cache-Channel
Cache-Key
X-Cache-Category-Id
X-Trace-Id
Cache-Tag
X-Www-Served-By
X-Grey
X-Internal-Host
X-Site-Version
Uber-Trace-Id
X-Generated
X-CCM
X-Endurance-Cache-Level
X-Birta-Cache-Post
X-Dynatrace-Js-Agent
X-Varnish-Cacheable
X-Birta-Served
X-VC-Cache
X-Status
X-UnsetCookies
X-UA
X-Rule
X-GRACE
Served-By
Decoy-Debug-Key
Decoy-Debug-Status
Release
Decoy-Debug-TTL
X-EdgeConnect-Cache-Status
X-Newrelic-App-Data
X-TIME
X-CDN-Cache
AsisCache
X-Cluster-Node
X-APP-VERSION
X-Wix-Server-Artifact-Id
X-Request-Time
X-B3-Spanid
X-Nginx-Cache
X-NewRelic-App-Data
X-App-Name
Rt-Fastcgi-Cache
ViewerVersion
X-Origin-Host
X-Wix-Request-Id
DSUID
X-Origin
X-Sucuri-ID
X-Hit
X-OVcl-Cache
X-OVcl
X-Source
X-Goog-Meta-Goog-Reserved-File-Mtime
X-VCT
X-PERF
X-ApacheServer
X-Agile-Age
X-Agile
X-Ua
X-Agile-Id
Cache-Name
SRV
X-App-Version
X-Origin-CC
X-Origin-TTL
Server-Host
X-Processor
Server-Cache-Control
Request-EU
Node
Rendered-Blocks
Request-Country
Xc-Version
Request-Time
Thinkindot-CacheControl
X-External-Request-Id
X-Reboot
Www
X-Core-Value
UCS
X-Pubstack
Server-Surrogate-Control
Meta-Geo-Continent
Thinkindot-Control
X-Webstats-RespID
X-PAYTM-SRV-ID
Ajk
X-Mobile-URL
Arc-Country
BehaviorPad-Version
X-Matched-Rule
X-Logtrace-Id
X-Instart-Isnd
X-D
X-IN-WAF
Cache-Prefix
Cross-Origin-Window-Policy
MD5-Digest
Memcached
X-NU-AKA-ACS-Version
X-F5-Cache
Lfy
FNAC-ModuleRouting
Ec-Rule-Version
Fly-Cache
Fly-Request-Id
X-Platform
X-ScT
X-Date
X-Debug-Cache-Store
X-A-Wwc
X-ARC
X-Cache-ASPX
X-A-Dgt
X-Developer
X-Cache-Miss-From
X-Destination
X-Cache-Grace
X-Rewrite-Enabled
X-Rojux
X-G
X-Server-Group
X-Generated-In
X-Aed
X-SRCache-Key
X-Thinkindot-L3
X-S-Cookie
X-B-Cookie
X-Accel-Expires-Debug
X-IN-APIGATEWAY
X-Transaction
X-A-Ccd
X-VG-WebServer
X-Hp-Webp
X-Request-UUID
X-A
X-Region-Sid
X-Debug-Cache-Fetch
X-Sedo-Request-Id
X-Application
X-DPWN-IS-SECURE
X-Varnish-Authentication
X-CF-Lambda-Version
X-A-Dam
X-CF-Lambda-Fn
X-A-Dcw
X-Trv-Group
X-Twitter-Response-Tags
X-Up
X-Debug-Cache-Expiry
X-Connection-Hash
X-Refresh
Thinkindot-CacheControl-Type
Hostname
Warning
X-Cache-Host
X-ElasticPress-Search
X-Varnish-Ttl
Cteonnt-Length
X-Crawler
X-CGP
X-Cdn-Srv
X-Debug-Cookies
X-Device-Os
X-Epic-Correlation-Id
X-Eu-Site
X-Distributor
X-Distil-CS
X-Cache-Info
X-Dispatcher-Server
X-Debug-Log
X-Cache-Bucket
RNT-Time
Server-Int
RNT-Machine
Pramga
Origin
Pagetype
ServerName
Web-Mar-Node
X-Fetched-On
X-Cache-Debug
X-Amzn-Remapped-Date
X-Amzn-Remapped-Content-Length
X-Amzn-Remapped-Connection
X-Cache-Expires
X-Hash
X-Qloud-Router
X-RateLimit-Limit-Second
X-Protected-By
X-Policy
X-Origin-Date
X-Origin-Expires
X-RateLimit-Remaining-Second
X-Secret
X-SN
X-Var-Ttl
X-SIPLIST1
X-ServiceProvider
X-Servername
X-NX-Host
X-NodeID
X-Key
X-Level-Front-Cache
X-Irp-Debug
X-Info
X-Generated-On
On-Server
X-Li-Fabric
X-Li-Pop
X-Micro-Cache
X-Nginx-Cache-Key
X-Location
X-LI-UUID
X-LI-Proto
X-Gannett-Site-Version
X-Developers
Apple-News-Services-Request-Url
Kp-EeAlive
Country-Code
Apple-News-Services-Parsed-Url
IsBot
Apple-News-Services-Handled
Gh-Request-Id
Apple-News-Services-Host
HA-Ipaddr
CDCHOST
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
Ha-Gx-Prefs
Cache-Cookie-Set-From
Backend
User-Cache-Control
X-FireWall-Port
X-WPE-Loopback-Upstream-Addr
Cache
Pagespeed
X-Planisys-CDN-TTL
X-Request-URI
X-Core-Mission
X-Rebelmouse-Surrogate-Control
X-Cms-Context
X-Rebelmouse-Cache-Control
X-Cache-Backend
X-S-Maxage
X-BBXSRF
X-BB-ID
X-Backend-Url
X-Block-Status
X-C
X-Cache-FS-Status
X-Planisys-CDN-Rules
X-Edge-Location
X-Cache-Id
Fastly-SSL
X-Gateway-Skip-Cache
X-Gen-Mode
X-Gateway-Cache-Status
X-Gateway-Cache-Key
X-Fastly-Cache
X-Geo-Header
X-GeoIP-City
X-LAGOON
X-Hnp-Log
Content-Disposition
X-GeoIP-Country-Code
X-MSEdge-Features
X-MSEdge-Flight
Adler-Geo
Fastly-SWR
X-Page-Type
X-PHP-Host
X-Server-Time
X-Backend-State
X-No-Session
AKAMAI
Fastly-SIE
Fastly-Soc-X-Request-Id
X-Planisys-CDN-Cache
X-Bip
X-Backend-Host
X-Varnish-Beresp-Grace
X-Thanos
SD-X-WS
X-Swa-Ws
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
Is-Eu
Platform
X-Wikidot-Backend
X-TrackingId
True-Client-Country-4JS
Proxy-Connection
X-Wikidot-Static-Cache
User-Agent
X-Varnish-Beresp-Status
X-Via-SSL
HTTPS
X-Variation
X-Amz-Meta-Cache-Control
Heartbleed
X-Server-IP
X-Auto-Login
X-Ocache
X-Skip-Cache
X-Alternate-Cache-Key
X-ShardId
X-ShopId
X-Via-Edge
X-Sf
X-User
X-Shopify-Stage
X-GZip
Rt-Proxy-Cache
X-Apm-Svc-Key
X-Cdn-Origin
X-Sn-Servicetimems
REQUESTUUID
X-Exp-Se
X-Apm-App-Name
X-Apm-Inst-Hash
V-Age
X-TT-LOGID
X-Proxy-Cache-Status
X-ND-Cache
X-Owner
X-RateLimit-Reset
X-Proxy-Upstream
X-Sucuri-Cache
X-Cdn-Forward
X-Edge-IP
X-Real-Ip
Fastly-Backend-Name
N-Cache
X-Served-From
X-Org
Magicmarker
X-Varnish-Url
X-Geo
Server-ID
X-B3-Parentspanid
X-CDN-Forward
MIME-Version
X-FPC
X-NC
X-Aicache-OS
X-Node-Id
VivaBuild
X-Gdpr
Viewtype
X-Pjax-Url
X-Dc
X-Git-Hash
HostName
X-Varnish-Beresp-Ttl
Wxu-Next-Commit
Wxu-Next-Hostname
Wxu-Next-Region
X-Load-Cache
X-CUA
X-Parent-Response-Time
X-Nc
X-Host-Name
Powered-By
X-Datadome
CF-IPCountry
Memory
X-CSRF-TOKEN
Time
Pragrma
X-DC
X-Daa-Tunnel
X-Passed-To
X-Passed-To-DLL
X-Passed-To-BeforeDispatch
Section-Io-Cache
X-Passed-To-PostProcessResponse
X-Stale
X-Svr
Resin-Trace
PICS-Label
X-Actual-URL
X-Server-By
X-Returned-From-DLL
X-Returned-From-PostProcessResponse
X-Returned-From
X-Returned-From-BeforeDispatch
X-Original-Request
X-Release
X-CACHE-KEY
X-TH-Server
X-WebServer
X-Wa
X-VServer
X-HS-Cache-Config
Mime-Version
X-Servedbyhost
X-Oss-Storage-Class
X-Croise-Owner
X-Oss-Object-Type
X-Oss-Request-Id
X-Oss-Server-Time
Host-ID
X-Oss-Hash-Crc64ecma
X-Edge-Server
Cdn-Request-Time
X-Phone
Cdn-Host
X-Optimization
X-Cache-HT
X-Newrelic-Synthetics
AR-SID
X-Upstream-HT
X-Upstream-CT
Cdn
X-Tb-Optimization-Total-Bytes-Saved
X-From-Cache
X-Lb-Id
X-Instart-Info
X-Varnish-Beresp-TTL
ProcessTime
Backend-Name
SID
X-Unique-ID
Cf-Ipcountry
X-Microcachable
X-Worker
X-Req
X-APP
CF-Cached-On
X-Atg-Version
Xxline
189phosttRef
Fastcgi-Useragent
286prxHost
352pxline
355prline
409pxxline
Proxy-Firewall
225prxHost
X-Fastly-Backend-Reqs
219prxHost
XServer
X-Server-W
Processtime
178proxuri
188prxHost
X-ID
Version
Odigeo-Trace-Id
X-Vcl-Version
X-V
X-B3-SpanId
X-Ratelimit-Remaining
X-Request-Handler-Origin-Region
X-Check-Cacheable
X-HTML-Minification-Powered-By
X-LB-ID
X-Microsite
X-Zone
X-Backend-TTL
X-Ratelimit-Limit
X-CACHE-AGE
X-Akamai-Request-ID2
X-CLOUD-TRACE-CONTEXT
X-Fstrz
Accept-Language
X-Nananana
X-IPS-LoggedIn
Esi-Enabled
X-WR-MODIFICATION
X-WA
X-Vcache
X-AssetVersion
X-VCL-Version
X-Response-By
X-NGINX-Cache
X-Contensis-Viewer-Groups
SN
X-UPSTREAM-Address
GeoIP-Latitude
GeoIP-City
GeoIP-Country-Code
Pics-Label
X-CSRF-Token
X-ServedByHost
X-Ratelimit-Reset
GMS-Ver
X-URL
X-Vtex-Processado-Em
X-Be
Geoip-Latitude
GeoIp-Country-Code
X-Vtex-Remote-Cache
X-RequestId
Public-Key-Pins-Report-Only
DataCenter
X-ZONE
X-Urbn-Site-Id
Geoip-City
Fastcgi-X-Cache-Version
X-Urbn-Context-Path
X-Via-NSCOPI
X-Hyper-Cache
X-Reqid
X-SERVER-NAME
X-HS-Status
Locale
WZWS-RAY
X-Dynatrace
GW-Server
X-NWS-UUID-VERIFY
X-Fastly-Country-Code
X-Amz-Meta-Surrogate-Control
X-Flog
X-Request-Start
X-Via-Ucdn
X-Hello
X-Render-Time
X-ABtesting
X-Cdn-Cache
WP-Super-Cache
X-GDPR
Countrycode
IBM-Web2-Location
X-CS
X-LiteSpeed-Cache-Control
Mobile-Detection-Method
X-UE-Client-Country
Dnion-Transfer-Encoding
X-Clientip
X-We-Are-Hiring
X-Unique-Id
Ohc-File-Size
X-GEO
SS
X-PJAX-URL
X-Generation-Time
Lb
CDN
URI
X-BE
Amp-Access-Control-Allow-Source-Origin
Dynatrace
X-HostName
X-SRV
FastCGI-Cache
X-FORWARDED-FOR
X-Presslabs-Stats
X-Fpc
Requestid
X-Cluster-Name
Cneonction
X-Gen-Id
Serverid
X-Bug-Bounty
X-Pf-Uncompressing
X-GZIP
X-Cache-Ttl
X-PF-Uncompressing
X-Cache-URL
X-Compress-Hint
X-LiteSpeed-Tag
Server-Id
X-Store
FSS-Proxy
RequestUuid
X-Test
FSS-Cache
A
X-HS-Combine-CSS
X-Akamai-SSL-Client-Sid
X-NGENIX-Cache
X-Request-Url
X-Html-Edge-Cache
X-Fastly-Cache-Hits
GEO-REGION-INFO
RequestId
Frontcache
X-Serial
Ohc-Response-Time
NnCoection
X-ServerName
X-Cdn-Request-ID
Ohc-Cache-HIT
X-EC-Lua
X-Dw-Trace-Id
X-HTML-Edge-Cache