Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
X-Powered-By
Link
ETag
CF-RAY
X-XSS-Protection
Expect-CT
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
CF-Cache-Status
X-Timer
Access-Control-Allow-Headers
X-Request-Id
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-Xss-Protection
X-FRAME-OPTIONS
X-Drupal-Cache
X-Adblock-Key
Alt-Svc
X-Check
X-Cacheable
X-Cache-Status
X-Request-ID
Content-Security-Policy-Report-Only
X-Generator
X-DNS-Prefetch-Control
CF-Ray
X-Permitted-Cross-Domain-Policies
X-AspNetMvc-Version
X-Template
X-Language
Status
X-Iinfo
Content-Encoding
Timing-Allow-Origin
X-Content-Security-Policy
X-Buckets
Upgrade
Xkey
X-Turbo-Charged-By
X-Kinja-Server-Push
X-CDN
Keep-Alive
Access-Control-Expose-Headers
X-AH-Environment
X-Backend
Access-Control-Max-Age
X-Cache-Group
X-Pass-Why
X-Server
X-Drupal-Dynamic-Cache
X-Age
X-Ua-Compatible
X-Via
X-Pingback
X-Proxy-Cache
X-Amz-Request-Id
X-Amz-Id-2
Grace
X-Hacker
X-Varnish-Cache
WPE-Backend
X-Page-Speed
X-Robots-Tag
X-Server-Powered-By
X-Nginx-Cache-Status
X-UA-Device
EagleId
Request-Context
X-Envoy-Upstream-Service-Time
Cf-Railgun
P3p
X-Amz-Version-Id
X-Swift-SaveTime
X-Swift-CacheTime
X-OneAgent-JS-Injection
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-LiteSpeed-Cache
Ali-Swift-Global-Savetime
X-WebKit-CSP
X-Device
Server-Timing
X-Ac
X-Rq
Allow
X-Node
X-Host
Content-Location
X-Server-Id
Feature-Policy
X-Cnection
X-Response-Time
Report-To
X-Cloud-Trace-Context
X-Backend-Server
EagleEye-TraceId
X-Application-Context
Surrogate-Control
X-CST
X-ORACLE-DMS-ECID
X-Iejgwucgyu
Request-Id
X-Origin-Cache
X-Url
X-Readtime
X-Rack-Cache
X-FTR-Request-ID
X-Country
X-Cache-Lookup
X-Clacks-Overhead
X-Country-Code
NEL
Rating
X-Instart-Request-ID
X-Ruxit-JS-Agent
Pinterest-Generated-By
X-DataDome
X-Vhost
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-DynaTrace
X-Cdn
X-Mod-Pagespeed
X-Origin-Upstream-Status
Edge-Control
X-Goog-Hash
X-Px
X-HW
X-Type
Accept-CH
X-Dispatcher
Verso
X-ORACLE-DMS-RID
X-Server-Name
MS-Author-Via
X-ESI
AR-ATIME
X-VARITI-CCR
AR-PoweredBy
AR-CACHE
X-Mobile-Rewrite
PB-RID
Arc-Version
PB-PID
X-MS-InvokeApp
X-GitHub-Request-Id
X-DataStream-Cache-Status
X-Kinja
X-Kinja-Build
X-GoogleNews-Bot
X-Exp-Variant
X-Cdn-Fetch
X-Exp-Id
X-Kinja-Server
X-Kinja-Revision
X-Use-Magma
Public-Key-Pins
X-Powered-By-Plesk
X-Cached
Content-MD5
X-Version
Service-Worker-Allowed
X-Upstream-Env
Accept-CH-Lifetime
AR-Request-ID
X-Recruiting
X-D2id
RTSS
X-Amz-Server-Side-Encryption
X-Navigation-Version
Charset
X-Abt-Application-Version
X-PC
X-TtlSet
X-Vcap-Request-Id
X-Vname
X-Ser
X-TTL
X-Server-ID
X-Varnish-TTL
Ar-Sid
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Forwarded-Proto
X-Client-IP
Nginx-Cache
X-Trace
SPRequestGuid
X-DynaTrace-JS-Agent
X-FTR-Balancer
X-Country-Code-Real
X-FTR-Backend-Server
X-FTR-Backend
X-FTR-Cache-Status
X-FTR-Realm
X-FTR-DC
X-FTR-Expires
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Generation
DynaTrace
X-Goog-Stored-Content-Length
X-VCache
X-Amz-Rid
X-XRDS-Location
X-Amz-Meta-S3cmd-Attrs
X-Fastly-Request-ID
S
X-Hits
X-Debug
TCN
X-Pinterest-Rid
X-Upstream-Proxy
Pinterest-Version
X-SharePointHealthScore
X-TEC-API-ORIGIN
X-Akam-SW-Version
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Shield-Request-Id
X-Dw-Request-Base-Id
X-Powered-CMS
Arr-Disable-Session-Affinity
X-Ttl
SPRequestDuration
SPIisLatency
X-FTR-Cache-Host
X-T
Access-Control-Request-Method
X-Goog-Storage-Class
X-Oracle-Dms-Rid
X-Id
Realpath
X-MSEdge-Ref
X-Acc-Meta-Resource-Type
Tracecode
X-NF-Request-ID
X-Amzn-Trace-Id
X-Webkit-CSP
X-Litespeed-Cache
X-Aspnet-Version
Front-End-Https
Fastcgi-Cache
X-Varnish-Age
X-N
X-Content-Type
X-B3-TraceId
X-Upstream
X-Forwarded-For
X-Mrf-Section-Lastmod
X-B3-TraceId-Primal
Mrf-Cache-Status
MRF-Tech
X-Mrf-Item-Lastmod
Paypal-Debug-Id
Alternate-Protocol
X-PressLabs-Stats
X-Frontend
X-Content-Digest
X-Logged-In
Display
X-B3-Traceid
Response
X-Sol
X-Middleton-Response
X-Middleton-Display
X-HS-Content-Id
X-Pad
X-HS-Hub-Id
Fusion-Component-Id
Fusion-Content-Id
Fusion-Template-Id
X-Fastcgi-Cache
Fusion-Source
Fusion-Content-Source
X-Srv
X-RateLimit-Remaining
X-Hostname
AMP-Access-Control-Allow-Source-Origin
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
X-Accel-Expires
Host
X-Cache-Key
ServerID
X-Grace
MicrosoftSharePointTeamServices
X-Analytics
Backend-Timing
Server-Name
X-Kinsta-Cache
X-LB-Cache
X-Activity-Id
Surrogate-Key
X-AppVersion
X-Az
X-User-Agent
X-B3-Sampled
X-Debug-Info
X-Revision
X-Rid
X-IPLB-Instance
X-Amzn-RequestId
X-Amz-Apigw-Id
FilterID
X-Cache-Hit
X-Content-Options
X-Correlation-Id
Accept-Charset
X-Cache-2
Refresh
Powered-By-ChinaCache
X-CF-Powered-By
X-Request-Processing-Time
X-Request-Received
X-B
TP-L2-Cache
TP-Cache
MS-CV
X-Page-Id
X-Whom
X-Cached-By
X-GUploader-UploadID
Server-Info
X-DIS-Request-ID
Cache-Status
Host-Header
X-PHP-Backend
VIX-Pulpo-Upstream-Status
Source
X-TT
VIX-Pulpo-Node
X-Cache-Action
X-Origin-Server
X-Content-Security-Policy-Report-Only
X-Platform-Server
X-Varnish-Backend
X-Tumblr-Pixel
X-F-Cache
X-Tumblr-User
X-Amz-Replication-Status
X-Tumblr-Pixel-0
X-Mobile
X-FW-Type
X-Framework
X-Cluster
X-App-Environment
X-Akamai-Edgescape
X-Content-Powered-By
X-FW-Hash
X-FW-Server
X-FW-Serve
X-FW-Static
Access-Control-Allow-Method
X-FastCGI-Cache
X-Request-Guid
X-Instance
X-FB-Debug
X-Drupal-Cache-Tags
X-Forwarded-Host
X-Ezoic-Cdn
X-Varnish-Grace
X-Node-Name
X-Ruxit-Js-Agent
X-Accel-Buffering
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-UA-Device-Type
Edge-Cache-Tag
X-Shard
PageSpeed
X-Geo-Country
Fastly-Restarts
X-Zen-Fury
X-RateLimit-Limit
X-Varnish-Hostname
From-Origin
X-Handled-By
X-TA-CDN-Provider
Cache-Tags
X-Cache-TTL
X-AOL-HN
X-SS-Set-Cookie
X-Magnolia-Registration
X-Cache-Age
X-BCube-Filmed-By
X-Cache-Control
X-Cache-Rule
X-ATG-Version
Upgrade-Insecure-Requests
Healthy
Retry-After
X-Varnish-Server
Payment
Cleartype
DC
Server-Node
X-App-Server
X-RequestSource
X-Response-Served-From
X-TX-ID
X-Adobe-Content
X-Adobe-Loc
X-Storage
Country
X-B-Cache
X-Signature
Actual-Object-TTL
X-UUID
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
Filters
Powered
Ms-Operation-Id
X-WebKit-CSP-Report-Only
X-RTag
X-TT-TIMESTAMP
X-FW-Dynamic
X-VG-WebCache
X-GeoIP
Cache-Tv-Group
X-Redis-Cache
X-Region
X-Drupal-Cache-Contexts
X-Jobs
X-Varnish-Hits
X-Content-Age
X-Cacheable-TTL
X-Dns-Prefetch-Control
X-Locale
X-Generated-By
Frame-Options
X-XRDS-LOCATION
X-WA-Info
Webserver
GEO-INFO
ServedBy
NGB
X-Esi
X-Cache-NE
X-Yottaa-Metrics
X-Contextid
X-Yottaa-Optimizations
CACHE
X-Oneagent-Js-Injection
Liferay-Portal
HitType
X-Rendered-As
X-ProcessESI
X-RemovedCookies
X-BACKEND-TTL
X-NWS-LOG-UUID
Eomportal-Instance
X-Real-IP
X-Cache-Operation
X-Cache-TTL-Remaining
X-Varnish-IP
X-Time
X-Via-JSL
X-Upgrade-Enabled
X-Guploader-Uploadid
Viewport
Xserver
X-Mode
X-Seen-By
S-Cnection
X-Varnish-Cache-Hits
OT-Force-Account-Verify
X-Hl-Ver
LB
X-Path-Route
X-Akamai-Transformed
X-Cache-Var
X-RN-RSRV
X-From
X-Detected-As
X-Device-Type
X-ES-SERVER
X-Is-Bot
X-Proto
X-Cache-Remote
Load-Balancing
Cache-Key
X-S
Machine
X-Cache-Var-Map
Mn-Server-Ip
Meta-Geo
X-Cache-Server
X-Cache-Config
X-NCache
X-Origin-Hint
X-Zipkin-Id
X-LJ-Flow-ID
X-FW-Version
X-FB-TRIP-ID
X-FC-Vary-Parameters
X-VWS-Id
X-VG-TLSProxy
X-R9-Blue-Green-Version
X-Proxy
X-Proxied
X-Rocket-Nginx-Bypass
X-Routing-Service
X-Time-Microsecs
X-Tb
X-Cache-Enabled
X-Backend-Name
TWC-Device-Class
TWC-GeoIP-Country
TWC-GeoIP-LatLong
TWC-Connection-Speed
Property-Id
L5d-Success-Class
NGX
TWC-Locale-Group
TWC-Privacy
Webcakes-Region
X-AWS-Id
Webcakes-App-Version
Webcakes-App-Name
Vix-Hermes-Req-Id
We-Hiring
Access-Control-Request-Headers
Mail-Subject
NtCoent-Length
X-Debug-Cache
X-EIG-Tracking-Id
X-Environment-Context
X-Format
X-Akamai-Request-ID
Origin-Cache-Control
Origin-Edge-Control
S-Rt
X-Access
X-Hosted-By
X-L-Path
X-TNCMS
X-Tumblr-Pixel-3
X-Viewer-Country
X-Web-Node
X-ServerID
X-RCS-CacheZone
X-Labrador-Cache-Channel
X-Loop
X-MP-GENERATED-AT
X-Origin-Response-Time
Now
X-Section
X-Via-CDN
X-Vgn-Hpd-Reason
X-CCM
Datacenter
X-Xfnlog-Site
X-JoinUs
X-OCL
X-PCL
Selected-FE
X-ProxyCache-Key
X-Proxy-Build
X-ProxyCache-Status
X-BYPASS-REASON
X-Trace-Id
X-Timing-Wait
X-IP
X-Via-Fastly
Cache-Tag
Azure-Version
X-Human
Cache-Hits
Azure-SlotName
Azure-SiteName
DB-Nickname
Azure-RegionName
Azure-InstanceId
X-Www-Served-By
X-Cache-Category-Id
X-Grey
X-Generated
X-Internal-Host
Content-Style-Type
Content-Script-Type
Uber-Trace-Id
X-UnsetCookies
X-Site-Version
X-VC-Cache
X-Endurance-Cache-Level
Release
X-Varnish-Cacheable
X-Rule
Served-By
X-Dynatrace-Js-Agent
Decoy-Debug-Status
Decoy-Debug-TTL
X-Status
Decoy-Debug-Key
X-EdgeConnect-Cache-Status
X-Birta-Cache-Post
X-Birta-Served
X-UA
X-APP-VERSION
X-Newrelic-App-Data
X-CDN-Cache
X-B3-Spanid
X-Request-Time
Nel
X-Ua
DSUID
X-OVcl
X-OVcl-Cache
X-GRACE
AsisCache
X-Nginx-Cache
X-Origin
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Cluster-Node
X-TIME
X-VCT
X-App-Name
Cache
Rt-Fastcgi-Cache
X-NewRelic-App-Data
X-Hit
X-Source
SRV
X-PERF
X-ApacheServer
Hostname
X-Agile-Age
X-Agile-Id
X-Agile
Cteonnt-Length
X-Pubstack
X-Origin-Host
X-Sucuri-ID
Pagespeed
X-Cache-Host
Cache-Name
X-Origin-TTL
X-Wix-Request-Id
X-Origin-CC
X-ElasticPress-Search
ViewerVersion
X-Aed
X-Hp-Webp
X-NX-Host
X-Connection-Hash
X-D
X-Generated-In
X-Gannett-Site-Version
X-G
X-Core-Value
X-Cache-Grace
X-A-Dgt
X-A-Dcw
X-A-Dam
X-A-Ccd
X-A-Wwc
X-Accel-Expires-Debug
X-ServiceProvider
FNAC-ModuleRouting
X-Server-Group
X-IN-WAF
X-IN-APIGATEWAY
Fly-Request-Id
X-Debug-Log
X-Destination
X-WPE-Loopback-Upstream-Addr
X-Developer
Request-Country
X-Date
X-Debug-Cache-Fetch
Node
X-Debug-Cache-Store
X-Debug-Cookies
X-Cache-ASPX
Ajk
X-DPWN-IS-SECURE
Fly-Cache
Ec-Rule-Version
X-Cache-Expires
X-Application
Request-Time
X-B-Cookie
X-ARC
X-SRCache-Key
Rendered-Blocks
X-External-Request-Id
X-A
Cache-Prefix
X-CF-Lambda-Fn
Server-Surrogate-Control
Cross-Origin-Window-Policy
X-Cache-Miss-From
Server-Host
X-Mobile-URL
Meta-Geo-Continent
BehaviorPad-Version
Thinkindot-CacheControl-Type
X-Reboot
X-PAYTM-SRV-ID
Origin
X-Varnish-Authentication
On-Server
X-Platform
X-Twitter-Response-Tags
X-Up
X-NU-AKA-ACS-Version
X-VG-WebServer
X-Processor
X-Trv-Group
X-NodeID
X-Debug-Cache-Expiry
UCS
X-Var-Ttl
X-S-Cookie
X-ScT
X-Cache-Info
X-Thinkindot-L3
Lfy
X-Secret
Thinkindot-Control
X-Transaction
Thinkindot-CacheControl
Www
Arc-Country
X-CF-Lambda-Version
X-Rojux
Xc-Version
Request-EU
X-Refresh
X-Matched-Rule
X-Region-Sid
Server-Cache-Control
X-Rewrite-Enabled
MD5-Digest
X-Logtrace-Id
X-Request-UUID
X-Sedo-Request-Id
X-Wix-Server-Artifact-Id
User-Cache-Control
AR-SID
X-SERVER
X-App-Version
RNT-Time
RNT-Machine
ServerName
X-Cache-Bucket
Server-Int
True-Client-Country-4JS
V-Age
X-Apm-Svc-Key
X-Block-Status
X-Cache-Backend
X-Apm-Inst-Hash
Web-Mar-Node
X-Amzn-Remapped-Content-Length
X-Cache-Debug
X-LI-Proto
X-Origin-Date
X-Origin-Expires
X-Page-Type
X-PHP-Host
X-Nginx-Cache-Key
X-Webstats-RespID
X-LI-UUID
X-Cdn-Origin
X-Location
X-Micro-Cache
X-Policy
X-Qloud-Router
X-Sf
X-SIPLIST1
X-SN
X-Swa-Ws
X-Servername
X-Request-URI
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-Server-Time
X-Li-Pop
X-Distil-CS
X-Distributor
X-Epic-Correlation-Id
X-Eu-Site
X-Dispatcher-Server
X-Device-Os
X-Cdn-Srv
X-CGP
X-Crawler
X-Developers
X-F5-Cache
X-Fetched-On
X-Key
X-LAGOON
X-Li-Fabric
X-Sn-Servicetimems
X-Irp-Debug
X-Instart-Isnd
X-Gen-Mode
X-Hash
X-Hnp-Log
X-Info
X-Cache-Id
X-Apm-App-Name
Gh-Request-Id
Apple-News-Services-Handled
Apple-News-Services-Host
Memcached
Ha-Gx-Prefs
Fastly-SWR
IsBot
HA-Ipaddr
Apple-News-Services-Parsed-Url
Pagetype
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
Proxy-Connection
Country-Code
CDCHOST
Fastly-SIE
Apple-News-Services-Request-Url
X-Varnish-Ttl
X-FireWall-Port
X-Generated-On
X-Geo-Header
X-Gateway-Skip-Cache
X-GeoIP-City
AKAMAI
X-Core-Mission
X-Cms-Context
Backend
X-GeoIP-Country-Code
Adler-Geo
X-Gateway-Cache-Key
X-Fastly-Cache
X-Exp-Se
X-Gateway-Cache-Status
X-No-Session
Warning
X-Variation
X-User
X-Thanos
X-Sorting-Hat-ShopId
X-Via-Edge
X-Via-SSL
X-ND-Cache
Rt-Proxy-Cache
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-Sorting-Hat-PodId
X-Skip-Cache
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Planisys-CDN-Cache
X-Cache-FS-Status
X-MSEdge-Features
X-Protected-By
X-S-Maxage
X-Shopify-Stage
X-ShopId
X-ShardId
X-Server-IP
X-Level-Front-Cache
X-MSEdge-Flight
Fastly-SSL
X-Amzn-Remapped-Date
X-Auto-Login
Fastly-Soc-X-Request-Id
X-Backend-Host
X-Amzn-Remapped-Connection
X-Amz-Meta-Cache-Control
SD-X-WS
Pramga
Platform
Heartbleed
X-Alternate-Cache-Key
X-Backend-State
Is-Eu
X-Bip
X-BBXSRF
X-Backend-Url
X-C
Content-Disposition
X-Geo
X-Served-From
Kp-EeAlive
X-Org
REQUESTUUID
X-Owner
X-B3-Parentspanid
X-GZip
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
Server-ID
X-Cdn-Forward
X-Git-Hash
HTTPS
X-RateLimit-Reset
X-BB-ID
X-Ocache
X-Edge-Location
MIME-Version
X-Real-Ip
X-TrackingId
X-TT-LOGID
X-Host-Name
X-Proxy-Cache-Status
X-Proxy-Upstream
X-Sucuri-Cache
X-NC
X-CDN-Forward
X-Daa-Tunnel
User-Agent
Magicmarker
N-Cache
X-Varnish-Url
X-Aicache-OS
Fastly-Backend-Name
Wxu-Next-Commit
Wxu-Next-Region
Wxu-Next-Hostname
VivaBuild
X-FPC
Viewtype
X-Edge-IP
X-Gdpr
X-Load-Cache
X-DC
X-CSRF-TOKEN
X-Pjax-Url
X-Node-Id
X-CACHE-KEY
X-Release
X-Varnish-Beresp-Ttl
X-Nc
HostName
X-Dc
X-Parent-Response-Time
CF-IPCountry
X-CUA
X-TH-Server
X-Wa
Resin-Trace
Powered-By
X-HS-Cache-Config
Memory
Time
X-WebServer
X-Servedbyhost
X-Upstream-CT
X-Upstream-HT
X-Oss-Server-Time
X-Oss-Storage-Class
X-Phone
X-Oss-Request-Id
X-Oss-Object-Type
Pragrma
PICS-Label
X-Oss-Hash-Crc64ecma
Host-ID
X-Returned-From
X-Returned-From-PostProcessResponse
X-Svr
X-Stale
X-Instart-Info
X-Server-By
X-Returned-From-BeforeDispatch
X-Returned-From-DLL
X-Passed-To-DLL
X-Original-Request
X-Passed-To
X-Passed-To-PostProcessResponse
X-Passed-To-BeforeDispatch
X-Actual-URL
Mime-Version
Section-Io-Cache
X-Varnish-Beresp-TTL
X-Croise-Owner
X-Tb-Optimization-Total-Bytes-Saved
X-Request-Handler-Origin-Region
Backend-Name
X-VServer
X-Microsite
ProcessTime
X-Newrelic-Synthetics
X-Edge-Server
Cdn-Host
Cf-Ipcountry
X-Worker
Cdn-Request-Time
X-From-Cache
Version
X-Optimization
X-Cache-HT
Cdn
219prxHost
X-Lb-Id
178proxuri
409pxxline
355prline
352pxline
X-Server-W
225prxHost
189phosttRef
Xxline
286prxHost
188prxHost
CF-Cached-On
SID
X-APP
X-Unique-ID
X-Akamai-Request-ID2
X-Atg-Version
X-Fastly-Backend-Reqs
X-SERVER-NAME
Accept-Language
X-Microcachable
X-Zone
X-LB-ID
X-Req
X-Datadome
XServer
Processtime
Esi-Enabled
Proxy-Firewall
X-ID
X-Ratelimit-Remaining
X-Vcl-Version
X-V
Odigeo-Trace-Id
X-VCL-Version
X-Ratelimit-Limit
X-Contensis-Viewer-Groups
GeoIP-Country-Code
GeoIP-Latitude
GeoIP-City
X-B3-SpanId
X-AssetVersion
X-CLOUD-TRACE-CONTEXT
Fastcgi-Useragent
X-CACHE-AGE
SN
X-IPS-LoggedIn
X-HTML-Minification-Powered-By
X-Vtex-Remote-Cache
X-HS-Status
Pics-Label
X-Vtex-Processado-Em
X-Vcache
X-Backend-TTL
X-NGINX-Cache
X-Fstrz
X-RequestId
X-Check-Cacheable
X-UPSTREAM-Address
X-WR-MODIFICATION
X-Urbn-Context-Path
X-Nananana
Locale
X-URL
X-Via-NSCOPI
X-Reqid
X-Urbn-Site-Id
X-Response-By
X-WA
X-Ratelimit-Reset
X-ABtesting
X-NWS-UUID-VERIFY
X-ZONE
X-CSRF-Token
X-Flog
X-Hello
GMS-Ver
X-ServedByHost
X-Be
X-Cache-Ttl
DataCenter
X-Hyper-Cache
Dnion-Transfer-Encoding
GeoIp-Country-Code
CDN
Geoip-Latitude
IBM-Web2-Location
X-Dynatrace
X-Request-Start
Geoip-City
X-Generation-Time
X-Via-Ucdn
X-GDPR
X-NGENIX-Cache
Fastcgi-X-Cache-Version
X-Fastly-Country-Code
Public-Key-Pins-Report-Only
X-Render-Time
X-Cdn-Cache
WP-Super-Cache
X-Cluster-Name
Requestid
X-Amz-Meta-Surrogate-Control
WebServer
X-LiteSpeed-Cache-Control
X-PJAX-URL
X-CS
WZWS-RAY
GW-Server
X-Unique-Id
Countrycode
X-Clientip
Mobile-Detection-Method
X-GEO
X-UE-Client-Country
Lb
X-We-Are-Hiring
X-HS-Combine-CSS
X-Fpc
X-Cache-URL
X-Compress-Hint
URI
FastCGI-Cache
Amp-Access-Control-Allow-Source-Origin
X-HostName
Dynatrace
X-SRV
X-FORWARDED-FOR
Ohc-File-Size
SS
X-Varnish-Action
Cneonction
X-Got-Non-Ke-Cookie
Who
Serverid
X-Gen-Id
X-BE
GEO-REGION-INFO
X-Pf-Uncompressing
X-Correlation-ID
Epwk-Cache
Https
X-Store
A
X-LiteSpeed-Tag
Server-Id
X-Bug-Bounty
X-Test
X-Akamai-SSL-Client-Sid
FSS-Cache
X-GZIP
X-PF-Uncompressing
FSS-Proxy
RequestUuid
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
RequestId
X-Serial
X-Fastly-Cache-Hits
NnCoection
X-Dw-Trace-Id
X-ServerName
X-Cdn-Request-ID
X-HTML-Edge-Cache
X-Request-Url
X-Html-Edge-Cache
Frontcache
X-EC-Lua