Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
X-Powered-By
Link
ETag
CF-RAY
X-XSS-Protection
Expect-CT
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
CF-Cache-Status
X-Timer
Access-Control-Allow-Headers
X-Request-Id
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-Xss-Protection
X-FRAME-OPTIONS
X-Drupal-Cache
X-Adblock-Key
Alt-Svc
X-Check
X-Cacheable
X-Request-ID
X-Cache-Status
Content-Security-Policy-Report-Only
X-Generator
X-DNS-Prefetch-Control
CF-Ray
X-Permitted-Cross-Domain-Policies
X-AspNetMvc-Version
X-Template
X-Language
Status
X-Iinfo
Content-Encoding
Timing-Allow-Origin
X-Content-Security-Policy
X-Buckets
Upgrade
Xkey
X-Turbo-Charged-By
X-Kinja-Server-Push
X-CDN
Keep-Alive
Access-Control-Expose-Headers
X-AH-Environment
X-Backend
Access-Control-Max-Age
X-Cache-Group
X-Pass-Why
X-Server
X-Drupal-Dynamic-Cache
X-Age
X-Ua-Compatible
X-Via
X-Pingback
X-Proxy-Cache
X-Amz-Request-Id
X-Amz-Id-2
Grace
X-Hacker
WPE-Backend
X-Varnish-Cache
X-Page-Speed
X-Robots-Tag
X-Server-Powered-By
X-Nginx-Cache-Status
X-UA-Device
EagleId
Request-Context
X-Envoy-Upstream-Service-Time
Cf-Railgun
P3p
X-Amz-Version-Id
X-LiteSpeed-Cache
X-Swift-SaveTime
X-Swift-CacheTime
X-OneAgent-JS-Injection
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
Ali-Swift-Global-Savetime
X-WebKit-CSP
X-Device
Server-Timing
X-Ac
X-Rq
Allow
X-Node
X-Host
Content-Location
X-Server-Id
Feature-Policy
X-Cnection
X-Response-Time
Report-To
X-Cloud-Trace-Context
X-Backend-Server
EagleEye-TraceId
X-Application-Context
Surrogate-Control
X-CST
X-ORACLE-DMS-ECID
Request-Id
X-Iejgwucgyu
X-Url
X-Origin-Cache
X-Readtime
X-Rack-Cache
X-FTR-Request-ID
X-Country
X-Cache-Lookup
X-Clacks-Overhead
X-Country-Code
NEL
Rating
X-Instart-Request-ID
X-Ruxit-JS-Agent
Pinterest-Generated-By
X-DataDome
X-Vhost
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-DynaTrace
X-Cdn
X-Mod-Pagespeed
X-Origin-Upstream-Status
Edge-Control
X-Goog-Hash
X-Px
X-HW
X-Type
Accept-CH
X-Dispatcher
Verso
X-ORACLE-DMS-RID
X-Server-Name
MS-Author-Via
X-ESI
X-VARITI-CCR
AR-ATIME
AR-CACHE
AR-PoweredBy
X-Mobile-Rewrite
PB-RID
Arc-Version
PB-PID
X-MS-InvokeApp
X-GitHub-Request-Id
X-DataStream-Cache-Status
X-Kinja
X-Kinja-Build
X-GoogleNews-Bot
X-Exp-Variant
X-Cdn-Fetch
X-Exp-Id
X-Kinja-Server
X-Kinja-Revision
X-Use-Magma
Public-Key-Pins
X-Cached
X-Powered-By-Plesk
Content-MD5
X-Version
Service-Worker-Allowed
X-Upstream-Env
Accept-CH-Lifetime
AR-Request-ID
X-Recruiting
X-Amz-Server-Side-Encryption
RTSS
X-D2id
X-Navigation-Version
Charset
X-Abt-Application-Version
X-Vname
X-PC
X-TtlSet
X-Vcap-Request-Id
X-Ser
X-TTL
X-Varnish-TTL
X-Server-ID
Ar-Sid
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Forwarded-Proto
X-Client-IP
Nginx-Cache
X-Trace
SPRequestGuid
X-DynaTrace-JS-Agent
X-FTR-Backend-Server
X-FTR-Backend
X-FTR-Balancer
X-Country-Code-Real
X-FTR-Cache-Status
X-FTR-DC
X-FTR-Realm
X-FTR-Expires
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Stored-Content-Length
DynaTrace
X-Goog-Stored-Content-Encoding
X-VCache
X-Amz-Rid
X-Amz-Meta-S3cmd-Attrs
X-Fastly-Request-ID
X-XRDS-Location
S
X-Hits
X-Debug
TCN
Pinterest-Version
X-Pinterest-Rid
X-Upstream-Proxy
X-SharePointHealthScore
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Akam-SW-Version
X-Shield-Request-Id
X-Dw-Request-Base-Id
X-Powered-CMS
Arr-Disable-Session-Affinity
SPRequestDuration
X-Ttl
SPIisLatency
X-FTR-Cache-Host
X-T
Access-Control-Request-Method
X-Goog-Storage-Class
X-Oracle-Dms-Rid
X-Id
Realpath
X-Acc-Meta-Resource-Type
Tracecode
X-MSEdge-Ref
X-NF-Request-ID
X-Amzn-Trace-Id
X-Webkit-CSP
X-Aspnet-Version
Front-End-Https
Fastcgi-Cache
X-Varnish-Age
X-N
X-Content-Type
X-B3-TraceId
X-Upstream
X-Forwarded-For
X-Fastcgi-Cache
Mrf-Cache-Status
X-B3-TraceId-Primal
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
MRF-Tech
Paypal-Debug-Id
Alternate-Protocol
X-Frontend
X-Content-Digest
X-PressLabs-Stats
X-Logged-In
Display
X-Middleton-Display
Response
X-HS-Hub-Id
X-Middleton-Response
X-HS-Content-Id
X-B3-Traceid
X-Sol
X-Pad
Fusion-Template-Id
Fusion-Content-Source
Fusion-Source
Fusion-Component-Id
Fusion-Content-Id
X-Hostname
AMP-Access-Control-Allow-Source-Origin
X-RateLimit-Remaining
X-Srv
X-Litespeed-Cache
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
X-Accel-Expires
Host
X-Cache-Key
ServerID
X-Grace
MicrosoftSharePointTeamServices
X-Analytics
Backend-Timing
X-Correlation-Id
Server-Name
X-B3-Sampled
X-Kinsta-Cache
X-IPLB-Instance
X-LB-Cache
X-Revision
X-Debug-Info
X-AppVersion
Surrogate-Key
X-User-Agent
X-Activity-Id
X-Az
X-Rid
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Content-Options
X-Cache-Hit
FilterID
Accept-Charset
X-Cache-2
Powered-By-ChinaCache
Refresh
X-CF-Powered-By
X-Request-Received
X-Request-Processing-Time
X-B
TP-Cache
TP-L2-Cache
X-Page-Id
MS-CV
X-Whom
X-GUploader-UploadID
X-Cached-By
Host-Header
Server-Info
X-DIS-Request-ID
Cache-Status
VIX-Pulpo-Node
X-TT
VIX-Pulpo-Upstream-Status
X-Varnish-Backend
X-PHP-Backend
X-Akamai-Edgescape
Source
X-Origin-Server
X-Amz-Replication-Status
X-Content-Security-Policy-Report-Only
X-App-Environment
X-Cache-Action
X-Platform-Server
X-Tumblr-User
X-Cluster
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Mobile
X-F-Cache
X-Content-Powered-By
X-FW-Serve
X-FW-Hash
X-Framework
X-FW-Server
Access-Control-Allow-Method
X-FW-Type
X-Varnish-Grace
X-FW-Static
X-Ezoic-Cdn
X-Node-Name
X-FB-Debug
X-Drupal-Cache-Tags
X-Instance
X-Forwarded-Host
X-Request-Guid
X-Accel-Buffering
X-Ruxit-Js-Agent
X-UA-Device-Type
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Shard
PageSpeed
X-Geo-Country
Edge-Cache-Tag
Fastly-Restarts
X-Zen-Fury
X-RateLimit-Limit
X-Varnish-Hostname
X-Handled-By
From-Origin
X-TA-CDN-Provider
X-FastCGI-Cache
Cache-Tags
X-Cache-TTL
X-Magnolia-Registration
X-SS-Set-Cookie
X-AOL-HN
X-Cache-Age
X-BCube-Filmed-By
X-ATG-Version
X-Cache-Control
X-Cache-Rule
Upgrade-Insecure-Requests
Healthy
Retry-After
X-Varnish-Server
Payment
Cleartype
Server-Node
DC
X-App-Server
X-Response-Served-From
X-RequestSource
X-WebKit-CSP-Report-Only
X-Storage
X-B-Cache
X-Signature
X-TX-ID
Powered
X-Adobe-Content
Country
X-Adobe-Loc
Filters
Actual-Object-TTL
X-UUID
X-GeoIP
X-Tumblr-Pixel-2
X-Redis-Cache
X-VG-WebCache
Ms-Operation-Id
X-Tumblr-Pixel-1
X-FW-Dynamic
X-TT-TIMESTAMP
X-RTag
Cache-Tv-Group
X-Region
X-Drupal-Cache-Contexts
X-Jobs
X-Varnish-Hits
X-Content-Age
X-Cacheable-TTL
X-Generated-By
X-Locale
X-Dns-Prefetch-Control
Frame-Options
X-XRDS-LOCATION
X-WA-Info
Webserver
GEO-INFO
NGB
ServedBy
X-Esi
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Cache-NE
X-Contextid
CACHE
X-Oneagent-Js-Injection
Liferay-Portal
HitType
X-Rendered-As
X-RemovedCookies
X-ProcessESI
Eomportal-Instance
X-Real-IP
X-NWS-LOG-UUID
X-BACKEND-TTL
X-Cache-Operation
X-Cache-TTL-Remaining
X-Varnish-IP
X-Time
X-Via-JSL
X-Upgrade-Enabled
X-Guploader-Uploadid
Xserver
Viewport
X-Mode
S-Cnection
X-Seen-By
X-Varnish-Cache-Hits
X-Cache-Server
Cache-Key
LB
X-Akamai-Transformed
Cache-Hits
OT-Force-Account-Verify
X-Cache-Var
X-From
X-Hl-Ver
X-ES-SERVER
X-Detected-As
X-Cache-Var-Map
X-Is-Bot
X-Path-Route
X-RN-RSRV
X-Proxied
X-Routing-Service
X-Proto
X-Zipkin-Id
X-Cache-Enabled
X-Device-Type
Meta-Geo
X-Cache-Remote
X-S
Machine
Mn-Server-Ip
Load-Balancing
X-Origin-Hint
X-Proxy
X-NCache
X-L-Path
NGX
X-R9-Blue-Green-Version
X-LJ-Flow-ID
X-VWS-Id
X-Time-Microsecs
X-Tb
X-Hosted-By
X-VG-TLSProxy
X-Viewer-Country
X-Rocket-Nginx-Bypass
Access-Control-Request-Headers
Webcakes-Region
X-AWS-Id
X-Backend-Name
X-Cache-Config
Webcakes-App-Version
Webcakes-App-Name
TWC-Privacy
Vix-Hermes-Req-Id
We-Hiring
TWC-GeoIP-LatLong
TWC-GeoIP-Country
X-FC-Vary-Parameters
Property-Id
X-FW-Version
X-FB-TRIP-ID
TWC-Connection-Speed
TWC-Device-Class
L5d-Success-Class
X-Environment-Context
TWC-Locale-Group
Mail-Subject
NtCoent-Length
X-Debug-Cache
X-Loop
X-Section
X-EIG-Tracking-Id
X-Origin-Response-Time
X-MP-GENERATED-AT
X-Labrador-Cache-Channel
X-Format
X-ServerID
X-RCS-CacheZone
Now
X-Web-Node
X-Access
S-Rt
Origin-Edge-Control
X-Akamai-Request-ID
Origin-Cache-Control
X-TNCMS
X-Tumblr-Pixel-3
Cache-Tag
DB-Nickname
X-IP
X-CCM
X-Human
X-BYPASS-REASON
X-JoinUs
Azure-Version
X-Timing-Wait
X-ProxyCache-Status
X-ProxyCache-Key
X-Trace-Id
X-Vgn-Hpd-Reason
X-Xfnlog-Site
X-Via-Fastly
X-Via-CDN
Datacenter
X-Proxy-Build
Azure-RegionName
Azure-SiteName
Azure-SlotName
Selected-FE
X-PCL
Azure-InstanceId
X-OCL
Uber-Trace-Id
X-Www-Served-By
X-Generated
X-Cache-Category-Id
X-Grey
X-Internal-Host
Content-Script-Type
Content-Style-Type
X-UnsetCookies
X-VC-Cache
X-Endurance-Cache-Level
X-Site-Version
X-Varnish-Cacheable
X-Rule
Release
Served-By
Decoy-Debug-Status
Decoy-Debug-TTL
X-Status
Decoy-Debug-Key
X-Dynatrace-Js-Agent
X-EdgeConnect-Cache-Status
X-Birta-Cache-Post
X-Birta-Served
X-UA
X-APP-VERSION
X-CDN-Cache
X-Newrelic-App-Data
X-Request-Time
Nel
X-Ua
DSUID
X-OVcl
X-GRACE
X-B3-Spanid
X-Cluster-Node
X-OVcl-Cache
AsisCache
X-Nginx-Cache
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Origin
X-TIME
X-VCT
X-App-Name
X-Hit
Rt-Fastcgi-Cache
Cache
X-NewRelic-App-Data
X-ApacheServer
X-PERF
SRV
X-Source
X-Agile-Age
X-Agile-Id
X-Agile
X-Origin-Host
Pagespeed
X-Sucuri-ID
X-Pubstack
Cteonnt-Length
X-Cache-Host
Cache-Name
X-Wix-Request-Id
X-ElasticPress-Search
X-Origin-TTL
Hostname
ViewerVersion
X-Origin-CC
X-Accel-Expires-Debug
X-B-Cookie
Xc-Version
X-Webstats-RespID
X-Cache-ASPX
X-ARC
X-Aed
X-A-Dcw
X-A-Dgt
X-A-Wwc
X-A-Dam
Server-Cache-Control
MD5-Digest
Lfy
Memcached
Meta-Geo-Continent
Node
FNAC-ModuleRouting
Fly-Request-Id
Cache-Prefix
BehaviorPad-Version
Cross-Origin-Window-Policy
Ec-Rule-Version
Fly-Cache
On-Server
Origin
Thinkindot-Control
Thinkindot-CacheControl-Type
UCS
Www
X-A
Thinkindot-CacheControl
Server-Surrogate-Control
Request-Country
Rendered-Blocks
Request-EU
Request-Time
Server-Host
X-A-Ccd
X-Connection-Hash
X-ScT
X-Hp-Webp
X-IN-APIGATEWAY
X-IN-WAF
X-Rojux
X-S-Cookie
X-Generated-In
X-Secret
X-External-Request-Id
X-DPWN-IS-SECURE
X-F5-Cache
X-G
X-Gannett-Site-Version
X-Instart-Isnd
X-Rewrite-Enabled
X-NX-Host
X-NU-AKA-ACS-Version
X-PAYTM-SRV-ID
X-Platform
X-Processor
X-NodeID
X-Refresh
X-Logtrace-Id
X-Request-UUID
X-Matched-Rule
X-Mobile-URL
X-Region-Sid
X-Developer
X-Destination
X-CF-Lambda-Fn
X-Cache-Miss-From
X-Trv-Group
X-CF-Lambda-Version
X-Transaction
X-Reboot
X-Twitter-Response-Tags
X-Up
X-Cache-Expires
X-Varnish-Authentication
X-Cache-Grace
X-Cache-Info
X-Var-Ttl
X-Core-Value
X-Thinkindot-L3
X-Debug-Cache-Store
X-Sedo-Request-Id
Arc-Country
X-Debug-Cookies
X-Debug-Log
X-Server-Group
X-Debug-Cache-Fetch
X-Date
X-D
X-SRCache-Key
X-ServiceProvider
X-Debug-Cache-Expiry
X-VG-WebServer
X-Application
Ajk
X-WPE-Loopback-Upstream-Addr
X-App-Version
AR-SID
X-Wix-Server-Artifact-Id
X-SERVER
User-Cache-Control
X-Apm-Svc-Key
X-Apm-Inst-Hash
X-Apm-App-Name
X-Amzn-Remapped-Date
X-Cache-Debug
X-Cache-Bucket
X-Amzn-Remapped-Content-Length
X-Cache-Backend
X-Block-Status
X-PHP-Host
X-Policy
ServerName
X-Request-URI
Server-Int
X-Servername
RNT-Machine
RNT-Time
True-Client-Country-4JS
V-Age
X-Qloud-Router
X-Page-Type
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
Web-Mar-Node
X-Rebelmouse-Surrogate-Control
X-Amzn-Remapped-Connection
X-Cdn-Srv
X-Key
X-Irp-Debug
X-LAGOON
X-Distributor
X-Dispatcher-Server
X-Distil-CS
X-Epic-Correlation-Id
X-Eu-Site
X-Hash
X-Gen-Mode
X-Hnp-Log
X-Fetched-On
X-Info
X-Device-Os
X-Developers
X-CGP
X-Crawler
X-Origin-Date
X-Sf
X-Origin-Expires
X-Nginx-Cache-Key
X-Micro-Cache
X-Li-Pop
X-Li-Fabric
X-LI-Proto
X-LI-UUID
X-Location
X-Cache-Id
X-Rebelmouse-Cache-Control
CDCHOST
X-Geo
X-Sn-Servicetimems
X-Swa-Ws
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
X-Server-Time
Fastly-SIE
Ha-Gx-Prefs
HA-Ipaddr
Gh-Request-Id
IsBot
Fastly-SWR
X-Cdn-Origin
Pagetype
Country-Code
X-SN
Pramga
Proxy-Connection
X-SIPLIST1
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Apple-News-Services-Request-Url
Backend
Apple-News-Services-Handled
X-FireWall-Port
X-Varnish-Ttl
AKAMAI
X-No-Session
X-Cms-Context
X-Wikidot-Static-Cache
X-Gateway-Skip-Cache
X-Geo-Header
Heartbleed
X-Cache-FS-Status
X-Via-Edge
X-Wikidot-Backend
X-Via-SSL
X-Gateway-Cache-Status
X-MSEdge-Flight
X-Variation
X-Level-Front-Cache
Content-Disposition
X-ND-Cache
Adler-Geo
X-Fastly-Cache
Rt-Proxy-Cache
X-GeoIP-Country-Code
X-Exp-Se
Fastly-SSL
Fastly-Soc-X-Request-Id
X-MSEdge-Features
X-GeoIP-City
X-Gateway-Cache-Key
X-Core-Mission
Is-Eu
X-S-Maxage
X-Planisys-CDN-Rules
Platform
X-User
Warning
X-Amz-Meta-Cache-Control
X-Alternate-Cache-Key
X-Sorting-Hat-ShopId
X-Generated-On
X-Protected-By
X-Sorting-Hat-PodId
X-Planisys-CDN-TTL
X-Thanos
X-Skip-Cache
X-BBXSRF
X-ShopId
X-Planisys-CDN-Cache
X-Bip
X-C
X-Shopify-Stage
X-Server-IP
X-ShardId
X-Backend-Host
X-Auto-Login
SD-X-WS
X-Backend-State
X-Backend-Url
X-Org
X-Served-From
MIME-Version
REQUESTUUID
X-Owner
Kp-EeAlive
X-GZip
X-B3-Parentspanid
X-Cdn-Forward
X-RateLimit-Reset
Server-ID
X-Git-Hash
X-Varnish-Beresp-Status
X-BB-ID
X-Varnish-Beresp-Grace
HTTPS
X-Ocache
X-Host-Name
X-Real-Ip
X-Edge-Location
X-NC
X-Proxy-Upstream
X-Sucuri-Cache
X-Proxy-Cache-Status
X-TT-LOGID
X-TrackingId
X-CDN-Forward
X-Daa-Tunnel
User-Agent
X-Edge-IP
Fastly-Backend-Name
Magicmarker
N-Cache
X-Aicache-OS
Wxu-Next-Region
X-Varnish-Url
Wxu-Next-Commit
VivaBuild
X-FPC
Wxu-Next-Hostname
Viewtype
X-Gdpr
X-Load-Cache
HostName
X-DC
X-Pjax-Url
X-Node-Id
X-CSRF-TOKEN
X-CACHE-KEY
X-Parent-Response-Time
Memory
Time
X-Release
X-Varnish-Beresp-Ttl
X-Nc
X-Dc
CF-IPCountry
X-Servedbyhost
Resin-Trace
Powered-By
X-HS-Cache-Config
X-TH-Server
X-WebServer
X-CUA
X-Wa
X-Upstream-CT
X-Upstream-HT
X-Oss-Server-Time
X-Oss-Request-Id
X-Oss-Storage-Class
PICS-Label
X-Phone
X-Oss-Object-Type
Pragrma
X-Oss-Hash-Crc64ecma
X-Returned-From
X-Actual-URL
X-Returned-From-BeforeDispatch
X-Svr
X-Instart-Info
Host-ID
X-Stale
X-Server-By
X-Returned-From-DLL
X-Returned-From-PostProcessResponse
X-Passed-To-BeforeDispatch
X-Passed-To-DLL
X-Passed-To-PostProcessResponse
X-Passed-To
X-Original-Request
X-Varnish-Beresp-TTL
Section-Io-Cache
Backend-Name
ProcessTime
X-Microsite
X-Croise-Owner
X-Request-Handler-Origin-Region
X-VServer
X-Tb-Optimization-Total-Bytes-Saved
Mime-Version
X-Newrelic-Synthetics
Cdn-Request-Time
X-Worker
X-From-Cache
Cdn-Host
Cf-Ipcountry
X-Edge-Server
X-Cache-HT
X-Optimization
Cdn
Version
178proxuri
225prxHost
189phosttRef
409pxxline
219prxHost
188prxHost
Xxline
X-Lb-Id
X-Server-W
286prxHost
352pxline
355prline
CF-Cached-On
SID
X-APP
X-Akamai-Request-ID2
X-Unique-ID
X-Atg-Version
X-Microcachable
X-Fastly-Backend-Reqs
X-LB-ID
Accept-Language
X-SERVER-NAME
X-Zone
X-Datadome
XServer
X-Req
X-B3-SpanId
Processtime
X-VCL-Version
X-ID
Proxy-Firewall
Esi-Enabled
X-Ratelimit-Remaining
X-AssetVersion
X-Contensis-Viewer-Groups
GeoIP-Country-Code
X-Vcl-Version
X-V
Odigeo-Trace-Id
GeoIP-City
GeoIP-Latitude
X-Ratelimit-Limit
Fastcgi-Useragent
X-CACHE-AGE
X-CLOUD-TRACE-CONTEXT
X-HTML-Minification-Powered-By
SN
X-IPS-LoggedIn
X-Check-Cacheable
X-HS-Status
X-Fstrz
Pics-Label
X-NGINX-Cache
X-Vtex-Processado-Em
X-UPSTREAM-Address
X-RequestId
X-Backend-TTL
X-Vcache
X-Vtex-Remote-Cache
X-WR-MODIFICATION
X-Reqid
X-Urbn-Site-Id
X-Nananana
X-Ratelimit-Reset
X-Urbn-Context-Path
X-URL
Locale
X-Response-By
X-Via-NSCOPI
X-WA
X-Flog
X-ServedByHost
X-CSRF-Token
X-Hello
X-ABtesting
X-NWS-UUID-VERIFY
GMS-Ver
X-Be
X-ZONE
X-Cache-Ttl
DataCenter
CDN
IBM-Web2-Location
X-Hyper-Cache
Dnion-Transfer-Encoding
GeoIp-Country-Code
Geoip-Latitude
X-Dynatrace
Fastcgi-X-Cache-Version
X-Render-Time
X-Fastly-Country-Code
X-NGENIX-Cache
X-Request-Start
X-Generation-Time
X-Via-Ucdn
X-GDPR
Geoip-City
Public-Key-Pins-Report-Only
X-Cdn-Cache
WP-Super-Cache
X-Cluster-Name
WZWS-RAY
WebServer
Requestid
X-Amz-Meta-Surrogate-Control
GW-Server
X-PJAX-URL
X-LiteSpeed-Cache-Control
X-CS
X-Unique-Id
Countrycode
X-HS-Combine-CSS
X-Compress-Hint
X-Fpc
X-We-Are-Hiring
Lb
X-Clientip
X-Cache-URL
URI
X-UE-Client-Country
Mobile-Detection-Method
FastCGI-Cache
Dynatrace
X-FORWARDED-FOR
X-HostName
X-SRV
Amp-Access-Control-Allow-Source-Origin
X-Pf-Uncompressing
X-BE
GEO-REGION-INFO
SS
Ohc-File-Size
X-GEO
X-Gen-Id
Serverid
X-Got-Non-Ke-Cookie
Who
Cneonction
X-Varnish-Action
Https
X-Bug-Bounty
X-Test
Epwk-Cache
X-Store
Server-Id
X-LiteSpeed-Tag
A
X-Akamai-SSL-Client-Sid
Frontcache
X-Fastly-Cache-Hits
X-Request-Url
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
RequestId
X-HTML-Edge-Cache
X-Html-Edge-Cache
FSS-Proxy
X-ServerName
X-PF-Uncompressing
X-GZIP
X-EC-Lua
X-Dw-Trace-Id
NnCoection
RequestUuid
X-Cdn-Request-ID
X-Serial
FSS-Cache