Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
X-Powered-By
Link
ETag
CF-RAY
X-XSS-Protection
Expect-CT
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
CF-Cache-Status
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-Xss-Protection
X-Drupal-Cache
X-Adblock-Key
Alt-Svc
X-Check
X-Cacheable
X-Cache-Status
Content-Security-Policy-Report-Only
X-Generator
CF-Ray
X-DNS-Prefetch-Control
X-Permitted-Cross-Domain-Policies
X-AspNetMvc-Version
X-Request-ID
X-Template
X-Language
Status
X-Iinfo
Content-Encoding
Timing-Allow-Origin
X-FRAME-OPTIONS
X-Content-Security-Policy
X-Buckets
Upgrade
Xkey
X-Turbo-Charged-By
X-CDN
X-Kinja-Server-Push
Keep-Alive
Access-Control-Expose-Headers
X-Backend
Access-Control-Max-Age
X-Cache-Group
X-Pass-Why
X-AH-Environment
X-Drupal-Dynamic-Cache
X-Age
X-Ua-Compatible
X-Server
X-Pingback
X-Via
X-Proxy-Cache
Grace
X-Amz-Request-Id
X-Amz-Id-2
X-Hacker
X-Varnish-Cache
X-Page-Speed
X-Robots-Tag
X-Nginx-Cache-Status
X-Server-Powered-By
WPE-Backend
X-UA-Device
EagleId
Request-Context
X-Envoy-Upstream-Service-Time
P3p
Cf-Railgun
X-Amz-Version-Id
X-LiteSpeed-Cache
X-Swift-SaveTime
X-Swift-CacheTime
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-OneAgent-JS-Injection
Ali-Swift-Global-Savetime
X-Device
X-WebKit-CSP
Server-Timing
Allow
X-Ac
X-Rq
X-Node
X-Host
X-Server-Id
Content-Location
Feature-Policy
X-Cnection
X-Response-Time
X-CST
Report-To
X-Backend-Server
X-Cloud-Trace-Context
EagleEye-TraceId
X-Application-Context
Surrogate-Control
X-ORACLE-DMS-ECID
X-Iejgwucgyu
X-Url
X-Readtime
Request-Id
X-Origin-Cache
X-Rack-Cache
X-Country
X-FTR-Request-ID
X-Type
X-Cache-Lookup
X-Clacks-Overhead
X-Country-Code
Rating
NEL
X-Instart-Request-ID
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Ruxit-JS-Agent
X-Vhost
X-DynaTrace
Pinterest-Generated-By
X-Mod-Pagespeed
X-DataDome
X-Origin-Upstream-Status
Edge-Control
X-Px
X-Goog-Hash
X-HW
X-Server-Name
Verso
Accept-CH
X-Upstream-Env
X-Dispatcher
X-ORACLE-DMS-RID
X-Cdn
MS-Author-Via
X-ESI
AR-CACHE
AR-PoweredBy
AR-ATIME
X-VARITI-CCR
Arc-Version
PB-RID
X-Mobile-Rewrite
PB-PID
X-MS-InvokeApp
X-Kinja-Build
X-Kinja
X-Kinja-Server
X-Exp-Id
X-Exp-Variant
X-GoogleNews-Bot
X-Cdn-Fetch
X-Kinja-Revision
X-Use-Magma
X-GitHub-Request-Id
X-DataStream-Cache-Status
X-Cached
X-Version
Public-Key-Pins
Content-MD5
X-Powered-By-Plesk
X-TTL
Service-Worker-Allowed
Charset
X-Recruiting
AR-Request-ID
RTSS
Accept-CH-Lifetime
Ar-Sid
X-Abt-Application-Version
X-D2id
X-Navigation-Version
X-Amz-Server-Side-Encryption
X-TtlSet
X-Vname
X-PC
X-Ser
X-Varnish-TTL
X-SRCache-Fetch-Status
X-Vcap-Request-Id
X-SRCache-Store-Status
X-Forwarded-Proto
X-Client-IP
X-Trace
SPRequestGuid
Nginx-Cache
X-Server-ID
X-FTR-Realm
X-FTR-Backend
X-Country-Code-Real
X-FTR-DC
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-Cache-Status
X-FTR-Expires
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-DynaTrace-JS-Agent
DynaTrace
X-Amz-Meta-S3cmd-Attrs
X-Amz-Rid
S
X-VCache
X-SharePointHealthScore
X-Fastly-Request-ID
X-Debug
X-XRDS-Location
TCN
X-Hits
X-Dw-Request-Base-Id
X-TEC-API-VERSION
X-TEC-API-ORIGIN
Arr-Disable-Session-Affinity
X-TEC-API-ROOT
X-Shield-Request-Id
Pinterest-Version
X-Upstream-Proxy
X-Pinterest-Rid
X-Akam-SW-Version
SPIisLatency
SPRequestDuration
X-Oracle-Dms-Rid
X-Powered-CMS
X-T
X-FTR-Cache-Host
Access-Control-Request-Method
X-Goog-Storage-Class
X-B3-TraceId
X-Id
Realpath
X-Aspnet-Version
X-Acc-Meta-Resource-Type
X-NF-Request-ID
X-MSEdge-Ref
Tracecode
Front-End-Https
X-Amzn-Trace-Id
X-Webkit-CSP
X-N
Fastcgi-Cache
X-Dns-Prefetch-Control
X-Varnish-Age
X-Content-Type
Paypal-Debug-Id
X-Ttl
X-Upstream
X-Forwarded-For
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
Alternate-Protocol
X-Frontend
X-Content-Digest
X-PressLabs-Stats
X-RateLimit-Remaining
X-Logged-In
X-HS-Content-Id
X-HS-Hub-Id
Fusion-Content-Source
Fusion-Source
Fusion-Template-Id
Fusion-Content-Id
Fusion-Component-Id
X-Litespeed-Cache
Display
X-Middleton-Response
X-Middleton-Display
X-Sol
Response
X-Fastcgi-Cache
X-Srv
X-Cache-Key
X-Hostname
AMP-Access-Control-Allow-Source-Origin
X-Pad
X-Accel-Expires
Host
X-SERVER
MicrosoftSharePointTeamServices
X-DataStream-MidMile-RTT
X-B3-Traceid
X-DataStream-Origin-MEX-Latency
Server-Name
X-Kinsta-Cache
X-Correlation-Id
Backend-Timing
X-Analytics
X-Activity-Id
X-Content-Options
X-AppVersion
X-Az
X-Debug-Info
X-Amzn-RequestId
X-IPLB-Instance
X-Amz-Apigw-Id
X-Revision
X-Rid
X-User-Agent
X-B3-Sampled
X-LB-Cache
X-Cache-Hit
Surrogate-Key
X-Cache-2
FilterID
X-Grace
Accept-Charset
Refresh
ServerID
X-B
Powered-By-ChinaCache
X-CF-Powered-By
X-Accel-Buffering
X-DIS-Request-ID
X-Whom
X-Request-Received
X-Request-Processing-Time
X-Page-Id
TP-Cache
TP-L2-Cache
Server-Info
X-FastCGI-Cache
MS-CV
Host-Header
X-PHP-Backend
X-Cached-By
X-Ruxit-Js-Agent
X-Varnish-Backend
Cache-Status
Source
X-Cache-Action
X-App-Environment
X-Akamai-Edgescape
X-Amz-Replication-Status
X-Origin-Server
X-Tumblr-User
X-Platform-Server
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-UA-Device-Type
X-Content-Security-Policy-Report-Only
X-F-Cache
X-Mobile
X-Framework
X-TT
X-Kong-Upstream-Latency
X-Cluster
Access-Control-Allow-Method
VIX-Pulpo-Upstream-Status
X-Varnish-Grace
X-Kong-Proxy-Latency
VIX-Pulpo-Node
X-GUploader-UploadID
X-Request-Guid
X-Drupal-Cache-Tags
X-FW-Static
X-FW-Serve
X-FW-Server
X-FW-Hash
X-Instance
X-FW-Type
X-Content-Powered-By
X-FB-Debug
X-Forwarded-Host
X-RateLimit-Limit
PageSpeed
X-Geo-Country
Edge-Cache-Tag
X-Zen-Fury
X-Cache-TTL
X-Node-Name
X-TA-CDN-Provider
X-SS-Set-Cookie
X-Handled-By
X-Ezoic-Cdn
X-Shard
X-Magnolia-Registration
From-Origin
X-Varnish-Hostname
X-Cache-Age
X-ATG-Version
Cache-Tags
Fastly-Restarts
X-BCube-Filmed-By
X-AOL-HN
X-Varnish-Server
X-Cache-Control
X-App-Server
DC
Upgrade-Insecure-Requests
Cleartype
Healthy
X-Cache-Rule
Server-Node
X-Response-Served-From
Filters
X-RequestSource
Payment
X-Region
X-B-Cache
X-Signature
Country
X-TX-ID
X-Adobe-Loc
X-Adobe-Content
X-TT-TIMESTAMP
X-UUID
Ms-Operation-Id
Retry-After
X-GeoIP
X-Generated-By
Actual-Object-TTL
Webserver
X-Redis-Cache
X-WebKit-CSP-Report-Only
X-VG-WebCache
X-Storage
X-Tumblr-Pixel-1
X-RTag
X-Tumblr-Pixel-2
X-Drupal-Cache-Contexts
X-FW-Dynamic
X-Jobs
Cache-Tv-Group
X-Cacheable-TTL
X-Locale
Powered
X-Content-Age
X-Varnish-Hits
X-XRDS-LOCATION
NGB
CACHE
GEO-INFO
Frame-Options
ServedBy
Liferay-Portal
X-Esi
X-Contextid
X-Oneagent-Js-Injection
X-WA-Info
HitType
X-Rendered-As
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Varnish-IP
X-Cache-TTL-Remaining
X-Cache-NE
X-Seen-By
Eomportal-Instance
X-RemovedCookies
X-ProcessESI
X-Guploader-Uploadid
X-Via-JSL
S-Cnection
X-Dynatrace-Js-Agent
X-BACKEND-TTL
X-Real-IP
X-Upgrade-Enabled
Viewport
X-Cache-Operation
X-Mode
X-Varnish-Cache-Hits
X-Cache-Server
X-Cache-Enabled
X-Cache-Var
Meta-Geo
X-Zipkin-Id
Mn-Server-Ip
X-Path-Route
X-Cache-Var-Map
X-Is-Bot
X-From
X-ES-SERVER
X-Detected-As
X-Device-Type
OT-Force-Account-Verify
Cache-Hits
X-Proxied
X-RN-RSRV
Load-Balancing
X-Proto
Cache-Key
X-Routing-Service
Machine
X-Time
X-S
Content-Style-Type
Content-Script-Type
X-Akamai-Transformed
X-Origin-Hint
TWC-Device-Class
X-AWS-Id
X-NWS-LOG-UUID
Mail-Subject
TWC-Locale-Group
TWC-Connection-Speed
X-Proxy
TWC-GeoIP-Country
X-Hosted-By
X-Hl-Ver
X-Environment-Context
L5d-Success-Class
NtCoent-Length
X-LJ-Flow-ID
X-FB-TRIP-ID
X-L-Path
TWC-GeoIP-LatLong
Webcakes-Region
We-Hiring
X-VG-TLSProxy
Webcakes-App-Version
NGX
X-VWS-Id
X-Viewer-Country
Datacenter
Property-Id
TWC-Privacy
Access-Control-Request-Headers
Webcakes-App-Name
X-Tb
Vix-Hermes-Req-Id
X-Cache-Config
X-EIG-Tracking-Id
X-Debug-Cache
Azure-Version
Azure-RegionName
Azure-InstanceId
X-Akamai-Request-ID
Azure-SiteName
X-Backend-Name
Azure-SlotName
X-Access
X-MP-GENERATED-AT
X-Tumblr-Pixel-3
X-TNCMS
X-ServerID
X-Section
X-Vgn-Hpd-Reason
Origin-Edge-Control
X-Time-Microsecs
X-R9-Blue-Green-Version
Now
X-Web-Node
X-Rocket-Nginx-Bypass
X-RCS-CacheZone
X-Labrador-Cache-Channel
Origin-Cache-Control
X-FW-Version
X-Format
X-Loop
DB-Nickname
S-Rt
Xserver
X-Origin-Response-Time
X-NCache
X-FC-Vary-Parameters
X-Human
X-Trace-Id
X-ProxyCache-Status
X-Via-CDN
X-Via-Fastly
X-Xfnlog-Site
X-ProxyCache-Key
X-PCL
X-Birta-Served
X-BYPASS-REASON
X-IP
X-OCL
X-Birta-Cache-Post
X-CCM
X-Grey
LB
X-Internal-Host
X-Generated
Uber-Trace-Id
X-Endurance-Cache-Level
Cache-Tag
X-JoinUs
X-Site-Version
X-Cache-Category-Id
X-Www-Served-By
X-Newrelic-App-Data
X-Varnish-Cacheable
X-Cache-Remote
X-VC-Cache
X-UA
X-Status
X-Timing-Wait
X-Proxy-Build
Selected-FE
Decoy-Debug-Status
Decoy-Debug-Key
Decoy-Debug-TTL
X-GRACE
Served-By
X-UnsetCookies
X-Wix-Server-Artifact-Id
X-Rule
X-EdgeConnect-Cache-Status
Release
X-TIME
X-CDN-Cache
Nel
AsisCache
X-Cluster-Node
ViewerVersion
X-Wix-Request-Id
Rt-Fastcgi-Cache
X-APP-VERSION
X-Origin-Host
X-B3-Spanid
X-Request-Time
X-Sucuri-ID
X-App-Name
X-PERF
X-ApacheServer
X-Source
X-Nginx-Cache
X-Agile-Age
X-Hit
X-Agile
X-OVcl
X-OVcl-Cache
X-Origin
X-Agile-Id
X-VCT
X-Ua
DSUID
X-Goog-Meta-Goog-Reserved-File-Mtime
X-NewRelic-App-Data
Cache-Name
SRV
X-App-Version
Warning
X-ElasticPress-Search
X-Origin-CC
X-Origin-TTL
User-Agent
Thinkindot-Control
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
X-NX-Host
Server-Surrogate-Control
Request-Time
Server-Cache-Control
Www
X-Debug-Log
X-IN-WAF
X-A-Ccd
Xc-Version
X-Webstats-RespID
X-Accel-Expires-Debug
X-Aed
X-A-Wwc
X-A-Dgt
Request-EU
X-A-Dam
X-External-Request-Id
X-A-Dcw
X-A
Origin
Fly-Cache
Ec-Rule-Version
X-Logtrace-Id
X-Matched-Rule
X-Mobile-URL
Cross-Origin-Window-Policy
Cache-Prefix
Ajk
Arc-Country
X-Destination
BehaviorPad-Version
X-NodeID
Fly-Request-Id
Node
On-Server
X-Application
Rendered-Blocks
Meta-Geo-Continent
Memcached
FNAC-ModuleRouting
Lfy
MD5-Digest
X-NU-AKA-ACS-Version
Request-Country
X-B-Cookie
X-CF-Lambda-Fn
X-Cache-Miss-From
X-Refresh
X-Server-Group
X-CF-Lambda-Version
X-ServiceProvider
X-F5-Cache
X-Date
X-Transaction
X-Thinkindot-L3
X-SRCache-Key
X-Hp-Webp
X-D
X-ScT
X-S-Cookie
X-Rojux
X-Rewrite-Enabled
X-Connection-Hash
X-Core-Value
X-Region-Sid
X-Sedo-Request-Id
X-Request-UUID
X-Secret
X-Cache-Info
X-Reboot
X-Up
X-Var-Ttl
X-Twitter-Response-Tags
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-Varnish-Authentication
X-DPWN-IS-SECURE
X-Generated-In
X-Debug-Cookies
X-G
X-VG-WebServer
X-Cache-ASPX
X-Cache-Expires
X-Debug-Cache-Expiry
X-Gannett-Site-Version
X-Instart-Isnd
X-Pubstack
X-Processor
X-Developer
X-Cache-Grace
X-Trv-Group
X-PAYTM-SRV-ID
X-IN-APIGATEWAY
X-ARC
UCS
Hostname
X-Varnish-Ttl
User-Cache-Control
X-Cache-Backend
X-Cache-Id
X-Cdn-Srv
X-Gen-Mode
X-Cache-Host
X-Cache-Debug
X-CGP
X-Epic-Correlation-Id
X-Device-Os
X-Developers
X-Cache-Bucket
X-Distributor
X-Dispatcher-Server
X-Block-Status
ServerName
True-Client-Country-4JS
Server-Int
RNT-Time
Proxy-Connection
RNT-Machine
Web-Mar-Node
X-Edge-Location
X-Ah-Environment
X-BB-ID
X-Amzn-Remapped-Date
X-Amzn-Remapped-Content-Length
X-Amzn-Remapped-Connection
X-Hash
X-Irp-Debug
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Platform
X-Qloud-Router
X-Request-URI
Cache
X-Swa-Ws
Server-Host
X-SIPLIST1
X-Sf
X-Servername
X-PHP-Host
X-Page-Type
X-Li-Fabric
X-Li-Pop
X-LAGOON
X-Key
Pramga
X-LI-Proto
X-LI-UUID
X-Origin-Date
X-Origin-Expires
X-Nginx-Cache-Key
X-Micro-Cache
X-Location
X-Hnp-Log
X-Eu-Site
X-Ocache
Cache-Cookie-Set-Idcheck
Cteonnt-Length
Kp-EeAlive
Apple-News-Services-Parsed-Url
CDCHOST
Cache-Cookie-Set-From
Apple-News-Services-Host
Apple-News-Services-Request-Url
Fastly-SWR
Apple-News-Services-Handled
Backend
IsBot
Fastly-SIE
HA-Ipaddr
Country-Code
Pagetype
Cache-Cookie-Set-Lfrom
Ha-Gx-Prefs
X-WPE-Loopback-Upstream-Addr
X-Datadome
X-Real-Ip
Pagespeed
X-FireWall-Port
Content-Disposition
X-No-Session
Fastly-Soc-X-Request-Id
X-MSEdge-Features
X-MSEdge-Flight
X-GeoIP-Country-Code
X-Distil-CS
X-Fastly-Cache
X-Crawler
X-Core-Mission
X-Cms-Context
X-Gateway-Cache-Key
X-Gateway-Cache-Status
X-Sucuri-Cache
Platform
X-GeoIP-City
X-Geo-Header
X-Gateway-Skip-Cache
Fastly-SSL
X-Proxy-Cache-Status
X-User
X-Variation
X-TT-LOGID
X-TrackingId
X-Sorting-Hat-ShopId
Adler-Geo
X-Via-Edge
X-Via-SSL
X-Generated-On
X-Level-Front-Cache
X-Fetched-On
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-Sorting-Hat-PodId
X-SN
Heartbleed
X-Proxy-Upstream
X-Protected-By
X-Policy
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-S-Maxage
X-Server-IP
X-Shopify-Stage
X-Skip-Cache
X-ShopId
X-ShardId
AKAMAI
X-Planisys-CDN-Cache
X-Info
X-Backend-Host
X-Cache-FS-Status
X-BBXSRF
Is-Eu
X-C
SD-X-WS
X-Backend-Url
X-Varnish-Beresp-Grace
HTTPS
X-Amz-Meta-Cache-Control
X-Backend-State
X-Alternate-Cache-Key
X-Varnish-Beresp-Status
X-Edge-IP
X-GZip
X-Bip
X-Thanos
X-Owner
X-Apm-Inst-Hash
X-Sn-Servicetimems
X-Server-Time
N-Cache
X-Cdn-Origin
Magicmarker
X-Apm-Svc-Key
X-RateLimit-Reset
V-Age
X-Apm-App-Name
X-NC
Fastly-Backend-Name
Gh-Request-Id
X-Auto-Login
X-Varnish-Url
X-Cdn-Forward
MIME-Version
X-ND-Cache
X-Geo
Rt-Proxy-Cache
REQUESTUUID
Server-ID
X-Exp-Se
X-CDN-Forward
X-Served-From
X-Node-Id
X-FPC
X-Org
X-B3-Parentspanid
X-Aicache-OS
HostName
VivaBuild
X-Varnish-Beresp-Ttl
X-Gdpr
Viewtype
Powered-By
X-CUA
X-Load-Cache
X-Pjax-Url
X-Parent-Response-Time
X-Dc
Pragrma
Wxu-Next-Hostname
Wxu-Next-Region
Wxu-Next-Commit
X-DC
X-Git-Hash
X-CSRF-TOKEN
CF-IPCountry
Section-Io-Cache
X-Passed-To-PostProcessResponse
X-Passed-To
X-Passed-To-BeforeDispatch
X-Passed-To-DLL
X-Original-Request
Memory
X-Server-By
X-Stale
X-Svr
PICS-Label
Time
X-Returned-From-PostProcessResponse
X-Returned-From
X-Actual-URL
X-Returned-From-BeforeDispatch
X-Returned-From-DLL
X-Nc
X-Host-Name
X-Servedbyhost
X-VServer
X-HS-Cache-Config
X-CACHE-KEY
X-Wa
Host-ID
X-Croise-Owner
Resin-Trace
Cdn-Host
X-Edge-Server
X-Release
X-Oss-Server-Time
X-Oss-Object-Type
X-Oss-Request-Id
X-Oss-Storage-Class
X-Oss-Hash-Crc64ecma
Cdn-Request-Time
X-TH-Server
X-Tb-Optimization-Total-Bytes-Saved
X-Daa-Tunnel
X-Optimization
X-Cache-HT
X-Unique-ID
Mime-Version
AR-SID
X-WebServer
X-Phone
ProcessTime
X-From-Cache
X-Microcachable
SID
X-Varnish-Beresp-TTL
X-Upstream-HT
X-Upstream-CT
Fastcgi-Useragent
X-Newrelic-Synthetics
X-Instart-Info
X-Lb-Id
XServer
Cf-Ipcountry
X-APP
X-Req
Cdn
Backend-Name
X-V
CF-Cached-On
X-Atg-Version
Odigeo-Trace-Id
Proxy-Firewall
Processtime
X-Fastly-Backend-Reqs
X-Worker
225prxHost
X-ID
352pxline
X-Server-W
Xxline
189phosttRef
X-HTML-Minification-Powered-By
355prline
286prxHost
188prxHost
178proxuri
219prxHost
409pxxline
X-Ratelimit-Remaining
X-B3-SpanId
X-Vcl-Version
X-WR-MODIFICATION
X-Ratelimit-Limit
X-Zone
Version
X-Fstrz
X-Backend-TTL
X-Check-Cacheable
X-LB-ID
X-CACHE-AGE
X-CLOUD-TRACE-CONTEXT
X-Nananana
X-IPS-LoggedIn
X-Response-By
X-VCL-Version
Esi-Enabled
X-Vcache
X-UPSTREAM-Address
X-Akamai-Request-ID2
X-NGINX-Cache
GMS-Ver
Accept-Language
X-URL
Public-Key-Pins-Report-Only
X-Contensis-Viewer-Groups
X-Microsite
X-Ratelimit-Reset
X-Request-Handler-Origin-Region
X-AssetVersion
SN
X-WA
X-CSRF-Token
X-ServedByHost
GeoIp-Country-Code
Geoip-Latitude
X-Hyper-Cache
Pics-Label
X-HS-Status
GeoIP-Latitude
WZWS-RAY
GeoIP-City
GeoIP-Country-Code
Fastcgi-X-Cache-Version
DataCenter
X-Be
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
X-Fastly-Country-Code
X-Amz-Meta-Surrogate-Control
X-SERVER-NAME
GW-Server
Geoip-City
X-Dynatrace
X-ZONE
X-FORWARDED-FOR
Countrycode
X-Urbn-Site-Id
X-Urbn-Context-Path
X-Request-Start
X-Reqid
Mobile-Detection-Method
X-Clientip
X-GEO
X-Via-NSCOPI
X-Via-Ucdn
X-RequestId
X-We-Are-Hiring
Locale
X-UE-Client-Country
X-Render-Time
X-Cdn-Cache
Lb
WP-Super-Cache
X-GDPR
X-CS
SS
CDN
X-BE
X-NWS-UUID-VERIFY
X-ABtesting
X-Flog
X-LiteSpeed-Cache-Control
URI
X-Hello
X-Unique-Id
Ohc-File-Size
IBM-Web2-Location
X-PJAX-URL
Dnion-Transfer-Encoding
FastCGI-Cache
X-HostName
Dynatrace
X-GZIP
X-SRV
Amp-Access-Control-Allow-Source-Origin
RequestUuid
Serverid
X-PF-Uncompressing
X-Fpc
X-HS-Combine-CSS
Cneonction
FSS-Proxy
FSS-Cache
X-Pf-Uncompressing
X-Gen-Id
X-Test
X-Generation-Time
X-Cache-Ttl
X-Cluster-Name
X-Fastly-Cache-Hits
Server-Id
X-Bug-Bounty
Requestid
X-Html-Edge-Cache
Accept-Ch
X-Store
A
X-LiteSpeed-Tag
X-Request-Url
X-NGENIX-Cache
X-Akamai-SSL-Client-Sid
X-Requestid
Ohc-Response-Time
X-Serial
X-Cache-URL
X-Compress-Hint
RequestId
NnCoection
Ohc-Cache-HIT
Frontcache
X-EC-Lua
X-HTML-Edge-Cache
Is-Session-Tracking
Get-Access-Time
X-Dw-Trace-Id
X-Cdn-Request-ID
X-ServerName