Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
X-Powered-By
Link
ETag
CF-RAY
X-XSS-Protection
Expect-CT
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
CF-Cache-Status
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-Xss-Protection
X-Drupal-Cache
X-Adblock-Key
Alt-Svc
X-Check
X-Cacheable
X-Cache-Status
Content-Security-Policy-Report-Only
X-Generator
CF-Ray
X-DNS-Prefetch-Control
X-Permitted-Cross-Domain-Policies
X-AspNetMvc-Version
X-Request-ID
X-Template
X-Language
Status
X-Iinfo
Content-Encoding
Timing-Allow-Origin
X-FRAME-OPTIONS
X-Content-Security-Policy
X-Buckets
Upgrade
Xkey
X-Turbo-Charged-By
X-CDN
X-Kinja-Server-Push
Keep-Alive
Access-Control-Expose-Headers
X-Backend
Access-Control-Max-Age
X-Pass-Why
X-AH-Environment
X-Drupal-Dynamic-Cache
X-Age
X-Cache-Group
X-Ua-Compatible
X-Server
X-Pingback
X-Via
X-Proxy-Cache
X-Amz-Request-Id
Grace
X-Amz-Id-2
X-Hacker
X-Varnish-Cache
X-Page-Speed
X-Robots-Tag
X-Nginx-Cache-Status
X-Server-Powered-By
WPE-Backend
X-UA-Device
EagleId
Request-Context
X-Envoy-Upstream-Service-Time
P3p
Cf-Railgun
X-Amz-Version-Id
X-Swift-SaveTime
X-Swift-CacheTime
X-LiteSpeed-Cache
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-OneAgent-JS-Injection
X-Device
Ali-Swift-Global-Savetime
X-WebKit-CSP
Server-Timing
Allow
X-Ac
X-Rq
X-Node
X-Host
X-Server-Id
Content-Location
Feature-Policy
X-Cnection
X-Response-Time
X-CST
Report-To
X-Backend-Server
X-Cloud-Trace-Context
EagleEye-TraceId
X-Application-Context
Surrogate-Control
X-ORACLE-DMS-ECID
X-Iejgwucgyu
X-Url
X-Origin-Cache
Request-Id
X-Readtime
X-Rack-Cache
X-Country
X-FTR-Request-ID
X-Type
X-Cache-Lookup
X-Clacks-Overhead
X-Country-Code
Rating
NEL
X-Instart-Request-ID
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Ruxit-JS-Agent
X-Vhost
X-DynaTrace
Pinterest-Generated-By
X-DataDome
X-Mod-Pagespeed
X-Origin-Upstream-Status
Edge-Control
X-Px
X-Goog-Hash
X-HW
X-Server-Name
Verso
Accept-CH
X-Dispatcher
X-Upstream-Env
X-ESI
X-ORACLE-DMS-RID
X-Cdn
MS-Author-Via
AR-PoweredBy
AR-ATIME
AR-CACHE
X-VARITI-CCR
PB-PID
X-Mobile-Rewrite
Arc-Version
PB-RID
X-MS-InvokeApp
X-GitHub-Request-Id
X-Exp-Variant
X-Exp-Id
X-GoogleNews-Bot
X-Kinja-Build
X-Use-Magma
X-Kinja-Server
X-Kinja-Revision
X-Kinja
X-Cdn-Fetch
X-DataStream-Cache-Status
X-Cached
Public-Key-Pins
X-Powered-By-Plesk
X-Version
Content-MD5
Service-Worker-Allowed
Charset
X-Recruiting
AR-Request-ID
RTSS
Accept-CH-Lifetime
Ar-Sid
X-Abt-Application-Version
X-D2id
X-TTL
X-Navigation-Version
X-Amz-Server-Side-Encryption
X-PC
X-Vname
X-TtlSet
X-Ser
X-Varnish-TTL
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Vcap-Request-Id
X-Forwarded-Proto
X-Trace
X-Client-IP
SPRequestGuid
Nginx-Cache
X-DynaTrace-JS-Agent
X-Server-ID
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-Cache-Status
X-FTR-Backend
X-FTR-Realm
X-Country-Code-Real
X-FTR-DC
X-FTR-Expires
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Goog-Stored-Content-Length
DynaTrace
X-Amz-Meta-S3cmd-Attrs
S
X-VCache
X-Amz-Rid
X-SharePointHealthScore
X-Fastly-Request-ID
X-Debug
X-XRDS-Location
TCN
X-Hits
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Dw-Request-Base-Id
Arr-Disable-Session-Affinity
X-Shield-Request-Id
X-Upstream-Proxy
X-Pinterest-Rid
Pinterest-Version
X-Akam-SW-Version
SPIisLatency
SPRequestDuration
X-Oracle-Dms-Rid
X-Powered-CMS
Access-Control-Request-Method
X-T
X-FTR-Cache-Host
X-B3-TraceId
X-Goog-Storage-Class
X-Id
X-Litespeed-Cache
X-Ttl
Realpath
X-Aspnet-Version
X-Acc-Meta-Resource-Type
X-NF-Request-ID
Tracecode
X-MSEdge-Ref
Front-End-Https
X-Webkit-CSP
X-Amzn-Trace-Id
X-N
Fastcgi-Cache
X-Dns-Prefetch-Control
X-Varnish-Age
X-Content-Type
Paypal-Debug-Id
X-Forwarded-For
X-Upstream
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
Alternate-Protocol
X-Frontend
X-Content-Digest
X-PressLabs-Stats
X-RateLimit-Remaining
X-Logged-In
X-HS-Content-Id
X-HS-Hub-Id
Fusion-Content-Id
Fusion-Component-Id
Fusion-Content-Source
Fusion-Template-Id
Fusion-Source
Response
Display
X-Middleton-Response
X-Sol
X-Middleton-Display
X-Srv
X-Fastcgi-Cache
X-Hostname
X-Cache-Key
AMP-Access-Control-Allow-Source-Origin
X-Pad
X-Accel-Expires
Host
X-SERVER
MicrosoftSharePointTeamServices
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
X-B3-Traceid
Server-Name
X-Kinsta-Cache
X-Correlation-Id
X-Analytics
Backend-Timing
X-Activity-Id
X-AppVersion
X-Content-Options
X-Debug-Info
X-Az
X-LB-Cache
X-Revision
X-User-Agent
X-Amz-Apigw-Id
X-B3-Sampled
X-Rid
X-Amzn-RequestId
X-IPLB-Instance
Surrogate-Key
X-Cache-Hit
FilterID
X-Cache-2
Accept-Charset
X-Grace
ServerID
Refresh
Powered-By-ChinaCache
X-CF-Powered-By
X-Accel-Buffering
X-B
X-DIS-Request-ID
X-Page-Id
X-Request-Processing-Time
X-Request-Received
TP-Cache
TP-L2-Cache
X-Whom
Server-Info
X-FastCGI-Cache
MS-CV
Host-Header
X-PHP-Backend
X-Ruxit-Js-Agent
X-Varnish-Backend
X-Cached-By
X-Origin-Server
X-Amz-Replication-Status
X-App-Environment
Cache-Status
Source
X-F-Cache
X-TT
X-Content-Security-Policy-Report-Only
VIX-Pulpo-Node
X-Akamai-Edgescape
VIX-Pulpo-Upstream-Status
X-Tumblr-User
X-Tumblr-Pixel
X-Cluster
X-Tumblr-Pixel-0
X-Framework
X-Cache-Action
X-Mobile
X-Platform-Server
X-GUploader-UploadID
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Varnish-Grace
X-UA-Device-Type
X-Instance
X-Content-Powered-By
X-Drupal-Cache-Tags
X-FW-Server
X-FW-Static
Access-Control-Allow-Method
X-FW-Hash
X-Request-Guid
X-FW-Serve
X-FW-Type
X-FB-Debug
PageSpeed
X-Forwarded-Host
X-RateLimit-Limit
X-Geo-Country
X-Cache-TTL
X-Zen-Fury
Edge-Cache-Tag
X-Ezoic-Cdn
X-Shard
X-Node-Name
X-SS-Set-Cookie
X-TA-CDN-Provider
X-Handled-By
X-Magnolia-Registration
From-Origin
X-Varnish-Hostname
X-ATG-Version
X-Cache-Age
Cache-Tags
X-BCube-Filmed-By
Fastly-Restarts
X-Cache-Control
X-AOL-HN
X-Varnish-Server
X-App-Server
DC
Cleartype
X-Cache-Rule
Healthy
Upgrade-Insecure-Requests
Server-Node
Payment
X-RequestSource
X-Response-Served-From
Filters
X-Signature
X-Region
X-B-Cache
X-WebKit-CSP-Report-Only
X-Adobe-Loc
X-Adobe-Content
X-TT-TIMESTAMP
Actual-Object-TTL
X-GeoIP
X-Generated-By
Country
Webserver
Ms-Operation-Id
X-TX-ID
Retry-After
X-Tumblr-Pixel-1
X-Storage
X-VG-WebCache
X-RTag
X-Redis-Cache
X-Tumblr-Pixel-2
X-UUID
X-Drupal-Cache-Contexts
Cache-Tv-Group
X-Jobs
X-FW-Dynamic
X-Cacheable-TTL
Powered
X-Content-Age
X-Locale
X-Varnish-Hits
X-XRDS-LOCATION
NGB
CACHE
GEO-INFO
Frame-Options
ServedBy
Liferay-Portal
X-Oneagent-Js-Injection
X-Contextid
X-WA-Info
HitType
X-Rendered-As
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Real-IP
X-Cache-NE
X-Cache-TTL-Remaining
Eomportal-Instance
X-RemovedCookies
X-Seen-By
X-Guploader-Uploadid
X-Varnish-IP
X-ProcessESI
X-Via-JSL
S-Cnection
Viewport
X-BACKEND-TTL
X-Esi
X-Upgrade-Enabled
X-Cache-Operation
X-Mode
X-Varnish-Cache-Hits
NtCoent-Length
X-Cache-Server
X-Hl-Ver
X-Routing-Service
X-Cache-Var
X-Zipkin-Id
Mn-Server-Ip
X-Device-Type
Machine
Meta-Geo
X-Detected-As
X-From
X-Cache-Enabled
X-ES-SERVER
X-Is-Bot
Cache-Key
X-Path-Route
X-Proto
X-Proxied
OT-Force-Account-Verify
X-Cache-Var-Map
X-RN-RSRV
Cache-Hits
Load-Balancing
Content-Script-Type
Content-Style-Type
X-Time
X-AWS-Id
Webcakes-Region
Webcakes-App-Version
Webcakes-App-Name
X-Backend-Name
X-Cache-Config
X-Hosted-By
X-FC-Vary-Parameters
X-FB-TRIP-ID
Vix-Hermes-Req-Id
TWC-Privacy
Property-Id
NGX
L5d-Success-Class
Access-Control-Request-Headers
TWC-Connection-Speed
TWC-Device-Class
TWC-Locale-Group
TWC-GeoIP-LatLong
TWC-GeoIP-Country
X-NWS-LOG-UUID
X-Environment-Context
X-Proxy
X-VG-TLSProxy
X-VWS-Id
X-L-Path
X-Tb
X-Akamai-Transformed
X-Origin-Hint
X-LJ-Flow-ID
Datacenter
S-Rt
Azure-RegionName
X-Viewer-Country
Azure-SiteName
X-Vgn-Hpd-Reason
X-Web-Node
Azure-Version
Mail-Subject
Azure-SlotName
Origin-Cache-Control
Origin-Edge-Control
X-Time-Microsecs
X-ServerID
X-MP-GENERATED-AT
X-R9-Blue-Green-Version
Azure-InstanceId
X-Loop
X-FW-Version
X-Format
X-EIG-Tracking-Id
X-NCache
X-Section
We-Hiring
X-Rocket-Nginx-Bypass
X-Access
X-Origin-Response-Time
X-Akamai-Request-ID
X-TNCMS
X-Tumblr-Pixel-3
Xserver
X-Human
X-Debug-Cache
X-Birta-Served
Selected-FE
X-Birta-Cache-Post
X-IP
X-JoinUs
X-S
X-Via-CDN
X-Trace-Id
X-Timing-Wait
X-Labrador-Cache-Channel
X-Proxy-Build
Now
X-RCS-CacheZone
DB-Nickname
X-PCL
X-OCL
X-Site-Version
LB
X-ProxyCache-Key
X-ProxyCache-Status
Uber-Trace-Id
X-Via-Fastly
X-BYPASS-REASON
X-Internal-Host
X-Www-Served-By
X-Generated
X-Grey
Cache-Tag
X-Cache-Category-Id
X-Varnish-Cacheable
X-Cache-Remote
Decoy-Debug-Key
X-Dynatrace-Js-Agent
Decoy-Debug-Status
X-Endurance-Cache-Level
Decoy-Debug-TTL
X-CCM
X-Xfnlog-Site
X-VC-Cache
X-Status
X-UA
X-GRACE
Served-By
X-Rule
X-UnsetCookies
X-Newrelic-App-Data
X-Wix-Server-Artifact-Id
X-EdgeConnect-Cache-Status
Release
X-TIME
X-CDN-Cache
Nel
AsisCache
X-Wix-Request-Id
ViewerVersion
X-Cluster-Node
Rt-Fastcgi-Cache
X-APP-VERSION
X-B3-Spanid
X-Origin-Host
X-Request-Time
X-App-Name
X-Sucuri-ID
X-PERF
X-NewRelic-App-Data
X-Nginx-Cache
X-ApacheServer
X-Source
X-Hit
X-OVcl-Cache
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Agile-Age
X-Agile-Id
X-OVcl
X-Agile
X-Origin
DSUID
X-Ua
X-VCT
Cache-Name
SRV
Hostname
X-App-Version
Warning
User-Agent
X-Origin-TTL
X-ElasticPress-Search
X-Origin-CC
Request-Time
Cache-Prefix
X-NodeID
X-ScT
X-NX-Host
X-Debug-Cache-Fetch
X-NU-AKA-ACS-Version
X-Date
X-Core-Value
X-External-Request-Id
X-Platform
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
Server-Surrogate-Control
X-Refresh
X-PAYTM-SRV-ID
X-DPWN-IS-SECURE
X-D
Server-Cache-Control
X-B-Cookie
X-Debug-Cache-Expiry
X-Debug-Log
X-IN-WAF
Lfy
X-Instart-Isnd
Node
X-IN-APIGATEWAY
Ajk
MD5-Digest
Memcached
Meta-Geo-Continent
X-Hp-Webp
X-Developer
On-Server
X-Secret
X-Logtrace-Id
X-Matched-Rule
X-Mobile-URL
X-Debug-Cache-Store
X-Debug-Cookies
Origin
BehaviorPad-Version
X-Destination
X-Processor
Rendered-Blocks
X-S-Cookie
X-Gannett-Site-Version
X-Trv-Group
X-A-Dam
X-Twitter-Response-Tags
X-Request-UUID
X-Server-Group
X-Transaction
X-Cache-Info
X-A
Thinkindot-Control
X-A-Ccd
Fly-Cache
X-A-Dcw
X-Up
X-Cache-Miss-From
X-Sedo-Request-Id
X-Cache-Grace
Fly-Request-Id
X-Aed
X-Accel-Expires-Debug
X-Var-Ttl
FNAC-ModuleRouting
X-A-Dgt
X-Webstats-RespID
X-A-Wwc
X-Region-Sid
X-Pubstack
X-Varnish-Authentication
X-ServiceProvider
X-F5-Cache
X-VG-WebServer
X-Application
X-Rojux
X-ARC
X-Cache-Expires
X-SRCache-Key
Arc-Country
X-Connection-Hash
X-Generated-In
UCS
X-Cache-ASPX
Xc-Version
X-G
Www
X-Thinkindot-L3
X-CF-Lambda-Version
Ec-Rule-Version
X-CF-Lambda-Fn
X-Reboot
X-Rewrite-Enabled
Cross-Origin-Window-Policy
X-Cache-Backend
X-Varnish-Ttl
User-Cache-Control
X-Distributor
X-Eu-Site
HA-Ipaddr
Ha-Gx-Prefs
X-Epic-Correlation-Id
IsBot
Server-Int
X-BB-ID
Web-Mar-Node
X-Cdn-Srv
X-CGP
X-Cache-Bucket
X-Amzn-Remapped-Date
X-Cache-Host
X-Amzn-Remapped-Connection
X-Amzn-Remapped-Content-Length
X-Block-Status
ServerName
Pramga
Pagetype
X-Developers
Proxy-Connection
Request-Country
X-Crawler
X-Cache-Debug
Request-EU
X-Distil-CS
X-Origin-Date
X-Li-Pop
X-LI-Proto
X-Ocache
X-LI-UUID
X-Li-Fabric
X-LAGOON
X-Edge-Location
X-Info
X-Irp-Debug
X-Key
X-Location
Cteonnt-Length
X-Servername
X-Origin-Expires
X-Protected-By
Server-Host
X-Proxy-Cache-Status
X-Nginx-Cache-Key
X-Micro-Cache
X-Qloud-Router
X-Proxy-Upstream
Apple-News-Services-Handled
X-Rebelmouse-Cache-Control
X-Swa-Ws
Cache
X-Ah-Environment
Country-Code
Fastly-SIE
X-SN
X-Policy
X-Gen-Mode
X-SIPLIST1
X-Rebelmouse-Surrogate-Control
X-Hash
Backend
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
X-Hnp-Log
CDCHOST
Cache-Cookie-Set-Lfrom
Fastly-SWR
X-Datadome
Pagespeed
X-WPE-Loopback-Upstream-Addr
X-FireWall-Port
X-User
X-TT-LOGID
X-TrackingId
X-Cache-FS-Status
X-Fastly-Cache
X-Request-URI
X-GeoIP-Country-Code
X-GeoIP-City
X-Cache-Id
X-Thanos
X-Geo-Header
X-Server-IP
X-C
X-Sf
X-Gateway-Skip-Cache
X-Gateway-Cache-Status
X-Gateway-Cache-Key
X-Skip-Cache
X-S-Maxage
X-Via-Edge
X-Dispatcher-Server
X-Fetched-On
X-PHP-Host
X-Page-Type
X-No-Session
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Generated-On
X-Core-Mission
X-Planisys-CDN-TTL
X-MSEdge-Flight
X-Bip
X-Device-Os
X-RateLimit-Remaining-Second
X-Via-SSL
X-RateLimit-Limit-Second
X-MSEdge-Features
Gh-Request-Id
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-Level-Front-Cache
True-Client-Country-4JS
Content-Disposition
RNT-Time
Fastly-Soc-X-Request-Id
AKAMAI
SD-X-WS
HTTPS
RNT-Machine
X-Sucuri-Cache
Fastly-SSL
Kp-EeAlive
X-Backend-State
X-Backend-Url
X-BBXSRF
X-Auto-Login
X-Backend-Host
X-Amz-Meta-Cache-Control
Heartbleed
X-GZip
X-Edge-IP
X-Owner
X-Varnish-Beresp-Status
Fastly-Backend-Name
Adler-Geo
X-Server-Time
X-Cdn-Origin
V-Age
X-ShopId
X-ShardId
X-Shopify-Stage
X-Sorting-Hat-PodId
X-RateLimit-Reset
X-Sorting-Hat-ShopId
X-Variation
X-Varnish-Url
X-Apm-Inst-Hash
X-Apm-Svc-Key
X-Apm-App-Name
X-Cdn-Forward
X-CACHE-GROUP
X-Varnish-Beresp-Grace
X-Sn-Servicetimems
Is-Eu
N-Cache
Platform
X-Cms-Context
Magicmarker
X-Alternate-Cache-Key
X-Real-Ip
X-NC
MIME-Version
X-ND-Cache
REQUESTUUID
X-Geo
Rt-Proxy-Cache
X-CDN-Forward
X-Org
X-Node-Id
X-Served-From
X-Exp-Se
Server-ID
X-FPC
X-B3-Parentspanid
X-Gdpr
X-Pjax-Url
VivaBuild
Viewtype
X-Load-Cache
X-Dc
Powered-By
X-Varnish-Beresp-Ttl
X-Aicache-OS
X-CUA
X-Git-Hash
Wxu-Next-Region
Pragrma
HostName
Wxu-Next-Hostname
X-Parent-Response-Time
Wxu-Next-Commit
Section-Io-Cache
CF-IPCountry
X-Original-Request
X-Actual-URL
X-Passed-To-DLL
X-Passed-To-BeforeDispatch
X-CSRF-TOKEN
Memory
Time
X-Returned-From
X-Passed-To
X-Passed-To-PostProcessResponse
X-Returned-From-BeforeDispatch
PICS-Label
X-Svr
X-Returned-From-PostProcessResponse
X-Returned-From-DLL
X-Server-By
X-Stale
X-Host-Name
X-Nc
X-DC
Host-ID
X-VServer
X-Croise-Owner
X-CACHE-KEY
X-HS-Cache-Config
X-Wa
Resin-Trace
X-Edge-Server
X-Release
Cdn-Request-Time
Cdn-Host
X-Servedbyhost
X-Oss-Hash-Crc64ecma
X-Daa-Tunnel
X-TH-Server
X-Oss-Object-Type
X-Tb-Optimization-Total-Bytes-Saved
X-Oss-Request-Id
X-Oss-Server-Time
X-Oss-Storage-Class
X-Cache-HT
X-Varnish-Beresp-TTL
Mime-Version
AR-SID
X-Optimization
X-Unique-ID
X-Microcachable
ProcessTime
SID
X-Lb-Id
X-WebServer
X-Phone
Fastcgi-Useragent
X-Upstream-CT
X-Upstream-HT
X-Newrelic-Synthetics
X-Instart-Info
X-From-Cache
XServer
Cf-Ipcountry
X-APP
Cdn
Backend-Name
X-Req
X-V
X-Atg-Version
CF-Cached-On
X-Worker
X-Fastly-Backend-Reqs
Odigeo-Trace-Id
Proxy-Firewall
Processtime
225prxHost
286prxHost
X-Server-W
352pxline
X-HTML-Minification-Powered-By
188prxHost
Xxline
409pxxline
178proxuri
355prline
219prxHost
X-ID
189phosttRef
X-Ratelimit-Remaining
X-B3-SpanId
X-Vcl-Version
X-Ratelimit-Limit
X-Backend-TTL
X-Fstrz
X-WR-MODIFICATION
X-Zone
Version
X-LB-ID
X-CLOUD-TRACE-CONTEXT
X-CACHE-AGE
X-Nananana
X-Check-Cacheable
X-Response-By
X-IPS-LoggedIn
X-WA
Esi-Enabled
X-NGINX-Cache
GMS-Ver
X-Akamai-Request-ID2
X-Vcache
X-UPSTREAM-Address
Accept-Language
X-Ratelimit-Reset
X-URL
X-Microsite
X-VCL-Version
X-Request-Handler-Origin-Region
X-Contensis-Viewer-Groups
X-CSRF-Token
Public-Key-Pins-Report-Only
X-AssetVersion
GeoIP-Latitude
Pics-Label
GeoIP-City
GeoIp-Country-Code
Geoip-Latitude
X-ServedByHost
X-HS-Status
GeoIP-Country-Code
X-Hyper-Cache
Fastcgi-X-Cache-Version
WZWS-RAY
SN
DataCenter
GW-Server
X-Fastly-Country-Code
Geoip-City
X-SERVER-NAME
X-Amz-Meta-Surrogate-Control
X-Be
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
X-Dynatrace
X-ZONE
Locale
X-We-Are-Hiring
X-Request-Start
X-Urbn-Site-Id
X-Urbn-Context-Path
X-Clientip
X-Via-NSCOPI
X-Via-Ucdn
X-GEO
X-Reqid
X-UE-Client-Country
X-RequestId
Mobile-Detection-Method
X-Render-Time
Countrycode
X-Cdn-Cache
WP-Super-Cache
Lb
X-LiteSpeed-Cache-Control
SS
X-BE
X-GDPR
URI
X-NWS-UUID-VERIFY
X-CS
X-Unique-Id
Ohc-File-Size
Dnion-Transfer-Encoding
X-Hello
CDN
X-Flog
X-ABtesting
IBM-Web2-Location
X-PJAX-URL
X-FORWARDED-FOR
X-GZIP
X-HostName
FastCGI-Cache
X-SRV
Amp-Access-Control-Allow-Source-Origin
Dynatrace
X-Test
X-Pf-Uncompressing
FSS-Cache
RequestUuid
Cneonction
X-Fpc
X-Generation-Time
Serverid
X-HS-Combine-CSS
FSS-Proxy
X-PF-Uncompressing
X-Gen-Id
X-Cache-Ttl
X-LiteSpeed-Tag
X-Html-Edge-Cache
Server-Id
X-Fastly-Cache-Hits
X-Bug-Bounty
X-Request-Url
X-Store
Accept-Ch
X-Cluster-Name
A
Requestid
X-NGENIX-Cache
X-Akamai-SSL-Client-Sid
RequestId
X-Compress-Hint
X-Dw-Trace-Id
X-Cache-URL
NnCoection
Get-Access-Time
Ohc-Cache-HIT
Ohc-Response-Time
Frontcache
X-HTML-Edge-Cache
Is-Session-Tracking
X-EC-Lua
X-ServerName
X-Cdn-Request-ID
X-Serial