Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
X-Powered-By
Link
ETag
CF-RAY
X-XSS-Protection
Expect-CT
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
CF-Cache-Status
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-Xss-Protection
X-FRAME-OPTIONS
X-Drupal-Cache
X-Adblock-Key
Alt-Svc
X-Check
X-Cacheable
X-Cache-Status
Content-Security-Policy-Report-Only
X-Generator
X-Request-ID
CF-Ray
X-DNS-Prefetch-Control
X-Permitted-Cross-Domain-Policies
X-AspNetMvc-Version
X-Template
X-Language
Status
X-Iinfo
Content-Encoding
Timing-Allow-Origin
X-Content-Security-Policy
X-Buckets
Upgrade
Xkey
X-Turbo-Charged-By
X-Kinja-Server-Push
X-CDN
Keep-Alive
Access-Control-Expose-Headers
X-AH-Environment
X-Backend
Access-Control-Max-Age
X-Cache-Group
X-Pass-Why
X-Server
X-Drupal-Dynamic-Cache
X-Age
X-Ua-Compatible
X-Pingback
X-Via
X-Proxy-Cache
X-Amz-Id-2
X-Amz-Request-Id
Grace
X-Hacker
X-Varnish-Cache
X-Page-Speed
X-Robots-Tag
WPE-Backend
X-Server-Powered-By
X-Nginx-Cache-Status
X-UA-Device
EagleId
Request-Context
X-Envoy-Upstream-Service-Time
P3p
Cf-Railgun
X-Amz-Version-Id
X-LiteSpeed-Cache
X-Swift-SaveTime
X-Swift-CacheTime
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-OneAgent-JS-Injection
Ali-Swift-Global-Savetime
X-WebKit-CSP
X-Device
Server-Timing
Allow
X-Rq
X-Ac
X-Node
X-Host
X-Server-Id
Content-Location
Feature-Policy
X-Cnection
X-Response-Time
Report-To
X-Cloud-Trace-Context
X-Backend-Server
EagleEye-TraceId
X-Application-Context
Surrogate-Control
X-CST
X-ORACLE-DMS-ECID
X-Iejgwucgyu
Request-Id
X-Url
X-Origin-Cache
X-Readtime
X-Rack-Cache
X-FTR-Request-ID
X-Country
X-Cache-Lookup
X-Clacks-Overhead
X-Country-Code
Rating
NEL
X-Instart-Request-ID
X-Ruxit-JS-Agent
X-DataDome
X-Vhost
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Pinterest-Generated-By
X-DynaTrace
X-Cdn
X-Mod-Pagespeed
X-Origin-Upstream-Status
Edge-Control
X-Type
X-Px
X-Goog-Hash
X-HW
Accept-CH
X-Dispatcher
Verso
X-ORACLE-DMS-RID
X-Server-Name
MS-Author-Via
AR-ATIME
X-VARITI-CCR
AR-CACHE
AR-PoweredBy
X-ESI
PB-PID
Arc-Version
PB-RID
X-Mobile-Rewrite
X-MS-InvokeApp
X-GitHub-Request-Id
X-DataStream-Cache-Status
X-Kinja-Build
X-Use-Magma
X-Exp-Id
X-Kinja-Revision
X-Cdn-Fetch
X-Exp-Variant
X-GoogleNews-Bot
X-Kinja-Server
X-Kinja
Public-Key-Pins
X-Upstream-Env
X-Cached
X-Powered-By-Plesk
Content-MD5
X-Version
Service-Worker-Allowed
Accept-CH-Lifetime
AR-Request-ID
X-Recruiting
X-D2id
X-Amz-Server-Side-Encryption
RTSS
Charset
X-Navigation-Version
X-Abt-Application-Version
X-TTL
X-Vname
X-PC
X-TtlSet
X-Ser
X-Vcap-Request-Id
X-Varnish-TTL
X-SRCache-Store-Status
X-SRCache-Fetch-Status
Ar-Sid
X-Forwarded-Proto
X-Client-IP
X-Trace
Nginx-Cache
SPRequestGuid
X-DynaTrace-JS-Agent
X-FTR-Balancer
X-FTR-Backend-Server
X-Country-Code-Real
X-FTR-Realm
X-FTR-DC
X-FTR-Cache-Status
X-FTR-Backend
X-FTR-Expires
X-Server-ID
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
DynaTrace
X-Goog-Metageneration
X-Amz-Rid
X-VCache
X-Amz-Meta-S3cmd-Attrs
X-Fastly-Request-ID
S
X-Debug
X-Hits
X-XRDS-Location
TCN
X-SharePointHealthScore
X-Pinterest-Rid
Pinterest-Version
X-Upstream-Proxy
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Dw-Request-Base-Id
X-Akam-SW-Version
X-Shield-Request-Id
X-Powered-CMS
Arr-Disable-Session-Affinity
SPIisLatency
SPRequestDuration
X-Oracle-Dms-Rid
X-FTR-Cache-Host
X-T
Access-Control-Request-Method
X-Goog-Storage-Class
X-Id
X-Webkit-CSP
X-Ttl
Realpath
X-Aspnet-Version
X-Acc-Meta-Resource-Type
X-NF-Request-ID
Tracecode
X-MSEdge-Ref
X-Amzn-Trace-Id
Front-End-Https
X-N
Fastcgi-Cache
X-Varnish-Age
X-Content-Type
X-Forwarded-For
X-Upstream
X-B3-TraceId
Mrf-Cache-Status
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
X-B3-Traceid
Paypal-Debug-Id
MRF-Tech
X-B3-TraceId-Primal
Alternate-Protocol
X-Fastcgi-Cache
X-Frontend
X-PressLabs-Stats
X-Logged-In
X-Content-Digest
X-HS-Hub-Id
X-HS-Content-Id
X-Middleton-Response
X-Middleton-Display
Response
Display
X-Sol
Fusion-Content-Id
Fusion-Template-Id
Fusion-Source
Fusion-Component-Id
Fusion-Content-Source
X-Pad
X-Litespeed-Cache
X-RateLimit-Remaining
X-Hostname
X-Srv
AMP-Access-Control-Allow-Source-Origin
X-Cache-Key
X-Accel-Expires
X-DataStream-Origin-MEX-Latency
Host
X-DataStream-MidMile-RTT
MicrosoftSharePointTeamServices
X-Grace
ServerID
Server-Name
X-Analytics
Backend-Timing
X-Correlation-Id
X-Kinsta-Cache
X-B3-Sampled
X-LB-Cache
X-Revision
X-IPLB-Instance
X-User-Agent
X-AppVersion
Surrogate-Key
X-Debug-Info
X-Az
X-Activity-Id
X-Amzn-RequestId
X-Rid
X-Amz-Apigw-Id
X-Cache-Hit
X-Content-Options
FilterID
Accept-Charset
X-Cache-2
Refresh
Powered-By-ChinaCache
X-CF-Powered-By
X-B
X-Request-Processing-Time
X-Request-Received
TP-Cache
TP-L2-Cache
X-Page-Id
MS-CV
X-Whom
X-DIS-Request-ID
Server-Info
Host-Header
X-Cached-By
Cache-Status
X-Ruxit-Js-Agent
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Akamai-Edgescape
X-Varnish-Backend
X-Amz-Replication-Status
Source
X-Origin-Server
X-App-Environment
X-TT
X-Content-Security-Policy-Report-Only
X-Cache-Action
X-PHP-Backend
X-Cluster
X-F-Cache
X-Tumblr-User
X-GUploader-UploadID
PageSpeed
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Mobile
X-Platform-Server
X-Accel-Buffering
Access-Control-Allow-Method
X-FW-Serve
X-Content-Powered-By
X-FW-Type
X-Varnish-Grace
X-FW-Server
X-FW-Static
X-FW-Hash
X-Framework
X-Instance
X-Drupal-Cache-Tags
X-Forwarded-Host
X-FB-Debug
X-Request-Guid
X-UA-Device-Type
X-Ezoic-Cdn
X-Node-Name
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Geo-Country
X-Shard
Edge-Cache-Tag
X-TA-CDN-Provider
X-FastCGI-Cache
X-RateLimit-Limit
X-Zen-Fury
Fastly-Restarts
X-Handled-By
X-Varnish-Hostname
From-Origin
X-Magnolia-Registration
X-SS-Set-Cookie
X-Cache-TTL
Cache-Tags
X-Cache-Age
X-AOL-HN
X-BCube-Filmed-By
X-ATG-Version
X-Cache-Control
X-Cache-Rule
Healthy
Upgrade-Insecure-Requests
X-Varnish-Server
Cleartype
Retry-After
Payment
X-App-Server
Server-Node
DC
X-Response-Served-From
X-RequestSource
X-TX-ID
Country
X-B-Cache
X-Signature
X-Adobe-Content
X-Storage
X-Adobe-Loc
X-WebKit-CSP-Report-Only
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-Redis-Cache
Powered
X-UUID
X-FW-Dynamic
Ms-Operation-Id
X-TT-TIMESTAMP
Actual-Object-TTL
X-Dns-Prefetch-Control
X-GeoIP
X-RTag
X-VG-WebCache
X-Region
Filters
Cache-Tv-Group
X-Drupal-Cache-Contexts
X-Jobs
X-Cacheable-TTL
X-Generated-By
X-XRDS-LOCATION
X-Varnish-Hits
X-Content-Age
X-Locale
Frame-Options
X-WA-Info
GEO-INFO
NGB
Webserver
X-Esi
ServedBy
X-Oneagent-Js-Injection
CACHE
X-Contextid
X-Yottaa-Optimizations
Liferay-Portal
X-Cache-NE
X-Yottaa-Metrics
HitType
X-Rendered-As
X-RemovedCookies
X-ProcessESI
X-BACKEND-TTL
Eomportal-Instance
X-Real-IP
X-Cache-TTL-Remaining
X-Cache-Operation
X-Varnish-IP
X-NWS-LOG-UUID
X-Guploader-Uploadid
X-Upgrade-Enabled
X-Via-JSL
X-Time
X-Mode
Viewport
S-Cnection
X-Seen-By
Xserver
X-Varnish-Cache-Hits
X-Cache-Var-Map
X-Path-Route
X-Proto
X-Proxied
X-RN-RSRV
X-ES-SERVER
X-Is-Bot
LB
X-Akamai-Transformed
X-From
X-Hl-Ver
X-Device-Type
OT-Force-Account-Verify
X-Zipkin-Id
X-Cache-Var
X-Cache-Enabled
Mn-Server-Ip
X-Detected-As
Load-Balancing
Cache-Hits
Cache-Key
X-Routing-Service
Meta-Geo
Machine
NtCoent-Length
X-S
X-Cache-Server
Webcakes-App-Name
We-Hiring
Vix-Hermes-Req-Id
Webcakes-Region
X-AWS-Id
TWC-Privacy
Webcakes-App-Version
TWC-GeoIP-Country
Mail-Subject
L5d-Success-Class
Access-Control-Request-Headers
NGX
Property-Id
X-Backend-Name
TWC-Device-Class
TWC-Connection-Speed
TWC-Locale-Group
X-Environment-Context
X-VWS-Id
X-Rocket-Nginx-Bypass
X-R9-Blue-Green-Version
X-Tb
X-Time-Microsecs
X-VG-TLSProxy
X-Viewer-Country
X-Proxy
X-Origin-Hint
X-FW-Version
X-FC-Vary-Parameters
X-FB-TRIP-ID
X-Hosted-By
X-L-Path
X-NCache
X-LJ-Flow-ID
X-Cache-Config
TWC-GeoIP-LatLong
X-Cache-Remote
DB-Nickname
X-Debug-Cache
X-Akamai-Request-ID
X-Format
Azure-SlotName
Azure-RegionName
Azure-SiteName
X-Origin-Response-Time
Azure-Version
X-MP-GENERATED-AT
Origin-Edge-Control
X-EIG-Tracking-Id
S-Rt
Origin-Cache-Control
Now
X-Loop
X-Labrador-Cache-Channel
Azure-InstanceId
X-Web-Node
X-TNCMS
X-Access
X-ServerID
X-Section
X-Vgn-Hpd-Reason
X-RCS-CacheZone
X-Tumblr-Pixel-3
X-ProxyCache-Status
X-OCL
X-Trace-Id
X-Via-Fastly
X-Human
X-Via-CDN
Selected-FE
X-IP
X-JoinUs
X-BYPASS-REASON
X-Timing-Wait
Cache-Tag
X-Proxy-Build
X-Xfnlog-Site
Datacenter
X-CCM
X-ProxyCache-Key
X-PCL
X-Internal-Host
X-Grey
X-Generated
X-Www-Served-By
Uber-Trace-Id
Content-Style-Type
X-Cache-Category-Id
Content-Script-Type
X-Dynatrace-Js-Agent
X-Endurance-Cache-Level
X-VC-Cache
X-UnsetCookies
X-Site-Version
X-Varnish-Cacheable
Decoy-Debug-TTL
X-Status
Served-By
Release
X-Rule
Decoy-Debug-Key
Decoy-Debug-Status
X-Birta-Cache-Post
X-Birta-Served
X-EdgeConnect-Cache-Status
X-UA
X-APP-VERSION
X-Newrelic-App-Data
Nel
X-CDN-Cache
X-B3-Spanid
X-GRACE
X-Request-Time
DSUID
X-TIME
X-Cluster-Node
X-Ua
X-OVcl
X-OVcl-Cache
AsisCache
X-Nginx-Cache
Rt-Fastcgi-Cache
X-Origin
X-Goog-Meta-Goog-Reserved-File-Mtime
X-App-Name
X-PERF
X-Hit
X-VCT
X-ApacheServer
X-Source
X-Sucuri-ID
X-NewRelic-App-Data
SRV
X-Origin-Host
X-Agile-Age
X-Agile
X-Agile-Id
Cache
X-Wix-Request-Id
ViewerVersion
Hostname
Cteonnt-Length
X-Pubstack
Cache-Name
X-SERVER
X-Origin-TTL
AR-SID
X-Cache-Host
X-ElasticPress-Search
X-Origin-CC
X-Wix-Server-Artifact-Id
Server-Cache-Control
Thinkindot-Control
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
Request-Time
Request-EU
Server-Host
BehaviorPad-Version
Cross-Origin-Window-Policy
Server-Surrogate-Control
Request-Country
Cache-Prefix
On-Server
Lfy
X-B-Cookie
FNAC-ModuleRouting
Memcached
MD5-Digest
X-ARC
X-A-Wwc
X-Accel-Expires-Debug
X-Aed
X-Application
Fly-Request-Id
Meta-Geo-Continent
X-A-Dam
X-A-Ccd
Rendered-Blocks
X-A
Origin
Ec-Rule-Version
X-A-Dgt
Node
Fly-Cache
X-A-Dcw
UCS
X-D
X-Request-UUID
X-Region-Sid
X-Rewrite-Enabled
X-Rojux
X-ScT
X-S-Cookie
X-Refresh
X-Reboot
X-NU-AKA-ACS-Version
X-NodeID
X-NX-Host
X-PAYTM-SRV-ID
X-Processor
X-Platform
X-Secret
X-Sedo-Request-Id
X-Var-Ttl
X-Up
X-Varnish-Authentication
X-VG-WebServer
Xc-Version
X-Webstats-RespID
X-Twitter-Response-Tags
X-Trv-Group
X-ServiceProvider
X-Server-Group
X-SRCache-Key
X-Thinkindot-L3
X-Transaction
X-Mobile-URL
X-Matched-Rule
Arc-Country
X-Core-Value
X-Date
X-Debug-Cache-Expiry
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-Connection-Hash
X-CF-Lambda-Version
X-Cache-Grace
X-Cache-Expires
X-Cache-Info
X-Cache-Miss-From
X-CF-Lambda-Fn
X-Debug-Cookies
X-Debug-Log
X-Hp-Webp
X-Generated-In
X-IN-APIGATEWAY
X-IN-WAF
X-Logtrace-Id
X-Instart-Isnd
X-Gannett-Site-Version
X-G
X-Developer
X-Destination
X-DPWN-IS-SECURE
X-External-Request-Id
X-F5-Cache
X-Cache-ASPX
Www
Ajk
User-Cache-Control
X-WPE-Loopback-Upstream-Addr
X-Varnish-Ttl
X-Cdn-Srv
X-Device-Os
X-Developers
X-Crawler
X-Dispatcher-Server
X-CGP
X-Distributor
X-Gen-Mode
X-Hash
X-Fetched-On
X-Eu-Site
X-Cache-Id
X-Epic-Correlation-Id
X-Distil-CS
X-Cache-Debug
X-Amzn-Remapped-Connection
X-Amzn-Remapped-Content-Length
Web-Mar-Node
V-Age
ServerName
True-Client-Country-4JS
X-Amzn-Remapped-Date
X-Apm-App-Name
X-Cache-Bucket
X-Hnp-Log
X-Cache-Backend
X-Block-Status
X-Apm-Inst-Hash
X-Apm-Svc-Key
Server-Int
X-Irp-Debug
X-Rebelmouse-Surrogate-Control
X-Request-URI
X-Rebelmouse-Cache-Control
X-RateLimit-Remaining-Second
X-Qloud-Router
X-RateLimit-Limit-Second
X-Servername
X-Sf
X-Server-Time
X-Sn-Servicetimems
X-Cdn-Origin
X-Swa-Ws
X-SIPLIST1
X-SN
X-Policy
X-PHP-Host
X-Li-Pop
X-LI-Proto
X-Li-Fabric
X-LAGOON
RNT-Time
X-Key
X-LI-UUID
X-Location
X-Origin-Expires
X-Page-Type
X-Origin-Date
Apple-News-Services-Parsed-Url
X-Micro-Cache
X-Nginx-Cache-Key
X-Info
Warning
Pramga
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
Fastly-SWR
RNT-Machine
Proxy-Connection
Fastly-SIE
Country-Code
Gh-Request-Id
CDCHOST
Ha-Gx-Prefs
HA-Ipaddr
Pagetype
Cache-Cookie-Set-From
Apple-News-Services-Request-Url
IsBot
Apple-News-Services-Host
Backend
Apple-News-Services-Handled
Pagespeed
X-Geo
X-App-Version
X-FireWall-Port
Fastly-SSL
X-C
X-MSEdge-Flight
X-Bip
Platform
Fastly-Soc-X-Request-Id
X-No-Session
X-Cache-FS-Status
Heartbleed
X-Gateway-Cache-Status
X-Gateway-Skip-Cache
X-Gateway-Cache-Key
Is-Eu
X-Exp-Se
X-Fastly-Cache
X-Generated-On
X-Geo-Header
X-GeoIP-Country-Code
X-Level-Front-Cache
X-Cms-Context
X-GeoIP-City
X-Core-Mission
X-MSEdge-Features
X-Planisys-CDN-Rules
X-Sorting-Hat-ShopId
X-Thanos
X-User
X-Sorting-Hat-PodId
X-Skip-Cache
X-ShopId
X-Shopify-Stage
X-Variation
X-Via-Edge
X-ND-Cache
SD-X-WS
Rt-Proxy-Cache
X-Wikidot-Static-Cache
X-Via-SSL
X-Wikidot-Backend
X-ShardId
AKAMAI
X-Auto-Login
Kp-EeAlive
X-Backend-Host
X-Backend-State
X-Planisys-CDN-Cache
X-Backend-Url
X-Planisys-CDN-TTL
Adler-Geo
X-S-Maxage
X-Server-IP
X-Alternate-Cache-Key
X-Amz-Meta-Cache-Control
X-Protected-By
Content-Disposition
X-BBXSRF
X-GZip
X-Served-From
X-BB-ID
X-Ocache
X-RateLimit-Reset
REQUESTUUID
X-Org
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-Owner
X-Real-Ip
X-B3-Parentspanid
X-Edge-Location
MIME-Version
HTTPS
X-Proxy-Upstream
Server-ID
X-TT-LOGID
X-NC
X-Proxy-Cache-Status
X-TrackingId
X-Sucuri-Cache
User-Agent
X-Git-Hash
X-CDN-Forward
X-Cdn-Forward
X-Varnish-Url
X-Edge-IP
Magicmarker
N-Cache
Fastly-Backend-Name
X-FPC
X-Host-Name
Wxu-Next-Commit
VivaBuild
Viewtype
X-Aicache-OS
Wxu-Next-Hostname
X-Gdpr
Wxu-Next-Region
X-Load-Cache
X-Daa-Tunnel
X-Node-Id
X-Parent-Response-Time
X-Dc
HostName
X-CSRF-TOKEN
X-Pjax-Url
X-DC
X-Varnish-Beresp-Ttl
CF-IPCountry
X-CUA
X-Release
Powered-By
Memory
Time
X-Nc
Pragrma
X-Servedbyhost
PICS-Label
X-HS-Cache-Config
X-CACHE-KEY
Resin-Trace
X-WebServer
X-TH-Server
X-Wa
X-Returned-From-BeforeDispatch
X-Returned-From
X-Upstream-CT
X-Actual-URL
X-Returned-From-DLL
X-Phone
X-Returned-From-PostProcessResponse
X-Stale
X-Passed-To-PostProcessResponse
Host-ID
X-Upstream-HT
X-Svr
X-Server-By
X-Oss-Request-Id
X-Oss-Hash-Crc64ecma
X-Original-Request
X-Passed-To-DLL
X-Oss-Server-Time
X-Oss-Object-Type
X-Passed-To-BeforeDispatch
X-Oss-Storage-Class
X-Passed-To
Section-Io-Cache
X-Instart-Info
X-VServer
X-Croise-Owner
X-Newrelic-Synthetics
X-Varnish-Beresp-TTL
Mime-Version
ProcessTime
X-Tb-Optimization-Total-Bytes-Saved
Backend-Name
X-Edge-Server
Cdn-Host
Cdn-Request-Time
X-From-Cache
X-Optimization
X-Cache-HT
X-Worker
X-Lb-Id
CF-Cached-On
Cf-Ipcountry
355prline
409pxxline
Xxline
X-Server-W
Version
219prxHost
SID
X-APP
286prxHost
225prxHost
189phosttRef
Cdn
188prxHost
352pxline
X-Request-Handler-Origin-Region
178proxuri
X-Microsite
X-Atg-Version
X-Unique-ID
X-Fastly-Backend-Reqs
XServer
X-Req
X-SERVER-NAME
X-Datadome
X-Microcachable
Processtime
Proxy-Firewall
X-Zone
X-ID
X-Akamai-Request-ID2
X-LB-ID
X-Ratelimit-Remaining
Accept-Language
X-V
Esi-Enabled
X-Ratelimit-Limit
X-Vcl-Version
X-VCL-Version
Odigeo-Trace-Id
X-B3-SpanId
X-CACHE-AGE
Fastcgi-Useragent
X-CLOUD-TRACE-CONTEXT
X-Contensis-Viewer-Groups
X-AssetVersion
GeoIP-City
GeoIP-Latitude
X-HTML-Minification-Powered-By
GeoIP-Country-Code
X-IPS-LoggedIn
X-Fstrz
X-NGINX-Cache
X-Check-Cacheable
SN
X-UPSTREAM-Address
X-Backend-TTL
X-Vcache
X-WR-MODIFICATION
X-HS-Status
X-WA
Pics-Label
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
X-Nananana
X-RequestId
X-Response-By
X-URL
X-Ratelimit-Reset
X-Urbn-Context-Path
X-Reqid
X-ServedByHost
X-Be
X-Urbn-Site-Id
X-ZONE
GMS-Ver
X-Via-NSCOPI
Locale
X-CSRF-Token
DataCenter
X-Cache-Ttl
X-NWS-UUID-VERIFY
Geoip-Latitude
X-Hyper-Cache
X-Flog
X-ABtesting
X-Hello
GeoIp-Country-Code
CDN
X-Dynatrace
IBM-Web2-Location
X-Via-Ucdn
Public-Key-Pins-Report-Only
Geoip-City
Dnion-Transfer-Encoding
X-Request-Start
X-Fastly-Country-Code
X-Render-Time
Fastcgi-X-Cache-Version
X-Cdn-Cache
WP-Super-Cache
X-GDPR
GW-Server
X-PJAX-URL
WebServer
X-Amz-Meta-Surrogate-Control
Requestid
WZWS-RAY
X-LiteSpeed-Cache-Control
X-Generation-Time
X-CS
X-NGENIX-Cache
X-Unique-Id
Countrycode
X-Clientip
X-UE-Client-Country
X-Cluster-Name
Mobile-Detection-Method
X-We-Are-Hiring
Lb
URI
FastCGI-Cache
Dynatrace
Amp-Access-Control-Allow-Source-Origin
X-HostName
X-FORWARDED-FOR
X-SRV
X-Compress-Hint
X-Cache-URL
X-Fpc
X-BE
Serverid
SS
X-Gen-Id
Ohc-File-Size
Cneonction
X-GEO
X-Pf-Uncompressing
X-HS-Combine-CSS
X-Bug-Bounty
X-Test
A
GEO-REGION-INFO
Https
X-Varnish-Action
X-Got-Non-Ke-Cookie
Who
X-LiteSpeed-Tag
Server-Id
X-Store
X-Akamai-SSL-Client-Sid
X-PF-Uncompressing
RequestUuid
X-GZIP
X-Fastly-Cache-Hits
FSS-Proxy
Epwk-Cache
X-EC-Lua
FSS-Cache
NnCoection
X-Serial
X-Html-Edge-Cache
Frontcache
X-Dw-Trace-Id
X-HTML-Edge-Cache
X-Cdn-Request-ID
X-Request-Url
X-ServerName