Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
X-Powered-By
Link
ETag
CF-RAY
X-XSS-Protection
Expect-CT
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-Cache-Hits
X-UA-Compatible
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
CF-Cache-Status
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-Xss-Protection
X-FRAME-OPTIONS
X-Drupal-Cache
X-Adblock-Key
Alt-Svc
X-Check
X-Cacheable
X-Cache-Status
Content-Security-Policy-Report-Only
X-Generator
X-Request-ID
CF-Ray
X-DNS-Prefetch-Control
X-Permitted-Cross-Domain-Policies
X-AspNetMvc-Version
X-Template
X-Language
Status
X-Iinfo
Content-Encoding
Timing-Allow-Origin
X-Content-Security-Policy
X-Buckets
Upgrade
Xkey
X-Turbo-Charged-By
X-Kinja-Server-Push
X-CDN
X-Ua-Compatible
Keep-Alive
Access-Control-Expose-Headers
X-AH-Environment
X-Backend
Access-Control-Max-Age
X-Cache-Group
X-Server
X-Pass-Why
X-Drupal-Dynamic-Cache
X-Age
X-Pingback
X-Via
X-Proxy-Cache
X-Amz-Id-2
X-Amz-Request-Id
Grace
X-Hacker
X-Varnish-Cache
X-Page-Speed
X-Robots-Tag
WPE-Backend
X-Server-Powered-By
X-Nginx-Cache-Status
X-UA-Device
EagleId
Request-Context
X-Envoy-Upstream-Service-Time
P3p
Cf-Railgun
X-Amz-Version-Id
X-LiteSpeed-Cache
X-Swift-CacheTime
X-Swift-SaveTime
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-OneAgent-JS-Injection
Ali-Swift-Global-Savetime
X-WebKit-CSP
X-Device
Server-Timing
Allow
X-Rq
X-Ac
X-Node
X-Host
X-Server-Id
Content-Location
Feature-Policy
X-Cnection
X-Response-Time
Report-To
X-Cloud-Trace-Context
X-Backend-Server
EagleEye-TraceId
X-Application-Context
Surrogate-Control
X-CST
X-ORACLE-DMS-ECID
X-Iejgwucgyu
Request-Id
X-Url
X-Origin-Cache
X-Readtime
X-Rack-Cache
X-FTR-Request-ID
X-Country
X-Cache-Lookup
X-Clacks-Overhead
X-Country-Code
Rating
NEL
X-Instart-Request-ID
X-Ruxit-JS-Agent
X-DataDome
X-Vhost
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Pinterest-Generated-By
X-DynaTrace
X-Cdn
X-Mod-Pagespeed
X-Origin-Upstream-Status
Edge-Control
X-Type
X-Px
X-Goog-Hash
X-HW
Accept-CH
X-Dispatcher
Verso
X-ORACLE-DMS-RID
X-Server-Name
MS-Author-Via
X-VARITI-CCR
AR-CACHE
AR-PoweredBy
AR-ATIME
X-ESI
PB-RID
Arc-Version
PB-PID
X-Mobile-Rewrite
X-MS-InvokeApp
X-GitHub-Request-Id
X-DataStream-Cache-Status
X-Kinja-Build
X-Kinja-Revision
X-Kinja
X-Use-Magma
X-Cdn-Fetch
X-GoogleNews-Bot
X-Exp-Id
X-Kinja-Server
X-Exp-Variant
X-Upstream-Env
Public-Key-Pins
X-Cached
X-Powered-By-Plesk
Content-MD5
X-Version
Service-Worker-Allowed
Accept-CH-Lifetime
AR-Request-ID
X-Recruiting
X-D2id
X-Amz-Server-Side-Encryption
RTSS
Charset
X-Navigation-Version
X-Abt-Application-Version
X-TTL
X-Vname
X-PC
X-TtlSet
X-Ser
X-Vcap-Request-Id
X-Varnish-TTL
X-SRCache-Store-Status
X-SRCache-Fetch-Status
Ar-Sid
X-Forwarded-Proto
X-Client-IP
X-Trace
Nginx-Cache
SPRequestGuid
X-DynaTrace-JS-Agent
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-Backend
X-FTR-Realm
X-FTR-DC
X-FTR-Cache-Status
X-Country-Code-Real
X-FTR-Expires
X-Server-ID
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Goog-Metageneration
DynaTrace
X-VCache
X-Amz-Rid
X-Amz-Meta-S3cmd-Attrs
X-Fastly-Request-ID
S
X-Debug
X-XRDS-Location
X-Hits
TCN
X-SharePointHealthScore
X-Upstream-Proxy
Pinterest-Version
X-Pinterest-Rid
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-Dw-Request-Base-Id
X-Akam-SW-Version
X-Shield-Request-Id
Arr-Disable-Session-Affinity
X-Powered-CMS
SPRequestDuration
SPIisLatency
X-Oracle-Dms-Rid
X-FTR-Cache-Host
X-T
Access-Control-Request-Method
X-Goog-Storage-Class
X-Webkit-CSP
X-Id
X-Ttl
X-Aspnet-Version
Realpath
X-Acc-Meta-Resource-Type
Tracecode
X-NF-Request-ID
X-MSEdge-Ref
X-Amzn-Trace-Id
Front-End-Https
Fastcgi-Cache
X-N
X-Varnish-Age
X-Content-Type
X-Upstream
X-B3-TraceId
Paypal-Debug-Id
X-Forwarded-For
MRF-Tech
Mrf-Cache-Status
X-B3-TraceId-Primal
X-Mrf-Item-Lastmod
X-B3-Traceid
X-Mrf-Section-Lastmod
X-Fastcgi-Cache
Alternate-Protocol
X-Frontend
X-Content-Digest
X-Logged-In
X-PressLabs-Stats
X-HS-Hub-Id
X-HS-Content-Id
Response
X-Middleton-Display
Display
X-Sol
X-Middleton-Response
Fusion-Content-Id
Fusion-Component-Id
X-Pad
Fusion-Content-Source
Fusion-Source
Fusion-Template-Id
X-RateLimit-Remaining
X-Litespeed-Cache
X-Hostname
AMP-Access-Control-Allow-Source-Origin
X-Srv
X-Cache-Key
X-Accel-Expires
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
Host
MicrosoftSharePointTeamServices
X-Grace
ServerID
X-Analytics
Server-Name
X-Correlation-Id
Backend-Timing
X-Kinsta-Cache
X-B3-Sampled
X-Az
X-AppVersion
X-IPLB-Instance
Surrogate-Key
X-User-Agent
X-Revision
X-LB-Cache
X-Debug-Info
X-Activity-Id
X-Amzn-RequestId
X-Rid
X-Amz-Apigw-Id
X-Content-Options
X-Cache-Hit
FilterID
Accept-Charset
X-Cache-2
Refresh
Powered-By-ChinaCache
X-CF-Powered-By
X-B
X-Request-Processing-Time
X-Request-Received
TP-L2-Cache
TP-Cache
X-Page-Id
MS-CV
X-Whom
X-DIS-Request-ID
Server-Info
Host-Header
X-Cached-By
X-Ruxit-Js-Agent
Cache-Status
X-Origin-Server
X-Content-Security-Policy-Report-Only
X-App-Environment
Source
X-Varnish-Backend
X-Akamai-Edgescape
X-Amz-Replication-Status
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-PHP-Backend
X-Cache-Action
X-Cluster
PageSpeed
X-GUploader-UploadID
X-Mobile
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Accel-Buffering
X-F-Cache
X-TT
X-Tumblr-User
X-Platform-Server
X-FW-Hash
X-FW-Server
X-Framework
X-Varnish-Grace
Access-Control-Allow-Method
X-Content-Powered-By
X-FW-Static
X-FW-Serve
X-FW-Type
X-Forwarded-Host
X-Drupal-Cache-Tags
X-FB-Debug
X-Request-Guid
X-Instance
X-Ezoic-Cdn
X-Node-Name
X-UA-Device-Type
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Shard
X-Geo-Country
Edge-Cache-Tag
X-RateLimit-Limit
X-TA-CDN-Provider
X-FastCGI-Cache
X-Zen-Fury
Fastly-Restarts
X-Handled-By
From-Origin
X-Varnish-Hostname
X-SS-Set-Cookie
X-Magnolia-Registration
Cache-Tags
X-Cache-TTL
X-Cache-Age
X-AOL-HN
X-BCube-Filmed-By
X-Cache-Control
X-ATG-Version
X-Cache-Rule
Healthy
Upgrade-Insecure-Requests
X-Varnish-Server
Retry-After
Cleartype
Server-Node
X-App-Server
Payment
DC
X-Response-Served-From
X-RequestSource
X-Storage
X-WebKit-CSP-Report-Only
X-TX-ID
X-Signature
X-B-Cache
Country
X-Adobe-Content
X-Adobe-Loc
X-RTag
Ms-Operation-Id
X-TT-TIMESTAMP
X-Region
X-Tumblr-Pixel-2
X-Dns-Prefetch-Control
X-Redis-Cache
Actual-Object-TTL
X-FW-Dynamic
X-UUID
X-GeoIP
Powered
Filters
X-Tumblr-Pixel-1
X-VG-WebCache
Cache-Tv-Group
X-Drupal-Cache-Contexts
X-Jobs
X-Content-Age
X-XRDS-LOCATION
X-Cacheable-TTL
X-Generated-By
X-Varnish-Hits
X-Locale
Frame-Options
GEO-INFO
NGB
Webserver
X-Esi
X-WA-Info
ServedBy
X-Oneagent-Js-Injection
CACHE
X-Contextid
X-Cache-NE
Liferay-Portal
X-Yottaa-Optimizations
X-Yottaa-Metrics
HitType
X-Rendered-As
X-RemovedCookies
X-ProcessESI
X-BACKEND-TTL
Eomportal-Instance
X-Varnish-IP
X-Cache-Operation
X-Cache-TTL-Remaining
X-Guploader-Uploadid
X-NWS-LOG-UUID
X-Via-JSL
X-Upgrade-Enabled
X-Mode
X-Real-IP
Viewport
S-Cnection
X-Seen-By
Xserver
X-Varnish-Cache-Hits
X-Akamai-Transformed
X-Cache-Var
Cache-Key
X-Device-Type
X-ES-SERVER
Load-Balancing
Cache-Hits
OT-Force-Account-Verify
X-Proto
X-Proxied
X-RN-RSRV
X-Routing-Service
X-Is-Bot
X-Path-Route
X-Cache-Enabled
LB
Mn-Server-Ip
X-Cache-Var-Map
X-Zipkin-Id
X-Detected-As
X-Hl-Ver
X-From
Meta-Geo
Machine
NtCoent-Length
X-S
X-Time
Webcakes-Region
X-Cache-Server
Webcakes-App-Version
Webcakes-App-Name
We-Hiring
X-AWS-Id
X-Backend-Name
X-FC-Vary-Parameters
X-FB-TRIP-ID
X-VWS-Id
X-Cache-Config
Vix-Hermes-Req-Id
TWC-Privacy
NGX
Mail-Subject
Access-Control-Request-Headers
L5d-Success-Class
Property-Id
TWC-Connection-Speed
TWC-Locale-Group
TWC-GeoIP-LatLong
TWC-GeoIP-Country
TWC-Device-Class
X-FW-Version
X-Environment-Context
X-Tb
X-Cache-Remote
X-NCache
X-Origin-Hint
X-R9-Blue-Green-Version
X-Proxy
X-VG-TLSProxy
X-LJ-Flow-ID
X-L-Path
X-Hosted-By
X-Viewer-Country
X-Rocket-Nginx-Bypass
X-Time-Microsecs
S-Rt
Origin-Edge-Control
X-TNCMS
Now
Azure-Version
DB-Nickname
X-Vgn-Hpd-Reason
X-Tumblr-Pixel-3
Origin-Cache-Control
X-Web-Node
X-Debug-Cache
X-Loop
X-EIG-Tracking-Id
X-Labrador-Cache-Channel
Azure-SlotName
X-MP-GENERATED-AT
X-Akamai-Request-ID
X-Section
X-Format
X-RCS-CacheZone
X-Access
X-ServerID
X-Origin-Response-Time
Azure-RegionName
Azure-InstanceId
Azure-SiteName
X-JoinUs
X-PCL
X-OCL
X-IP
X-BYPASS-REASON
X-CCM
X-Human
X-Proxy-Build
X-ProxyCache-Key
X-Via-Fastly
X-Xfnlog-Site
X-Via-CDN
X-Trace-Id
X-ProxyCache-Status
X-Timing-Wait
Selected-FE
Datacenter
Cache-Tag
X-Grey
X-Internal-Host
X-Generated
X-Cache-Category-Id
Content-Script-Type
Content-Style-Type
Uber-Trace-Id
X-Www-Served-By
X-Endurance-Cache-Level
X-UnsetCookies
X-VC-Cache
X-Dynatrace-Js-Agent
X-Varnish-Cacheable
X-Site-Version
Decoy-Debug-Key
Served-By
Decoy-Debug-TTL
Decoy-Debug-Status
X-Status
X-Rule
Release
X-Birta-Cache-Post
X-Birta-Served
X-EdgeConnect-Cache-Status
X-UA
X-APP-VERSION
X-TIME
X-Newrelic-App-Data
Nel
X-CDN-Cache
X-B3-Spanid
X-GRACE
X-Request-Time
X-Cluster-Node
DSUID
X-Ua
AsisCache
X-OVcl-Cache
X-OVcl
X-Nginx-Cache
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Origin
X-App-Name
Rt-Fastcgi-Cache
X-VCT
X-Hit
X-PERF
X-ApacheServer
X-Source
SRV
X-Sucuri-ID
X-Origin-Host
X-NewRelic-App-Data
Cache
X-Agile
X-Agile-Id
X-Agile-Age
X-Wix-Request-Id
ViewerVersion
Hostname
X-Pubstack
Cteonnt-Length
Cache-Name
X-SERVER
X-Wix-Server-Artifact-Id
X-Origin-TTL
X-ElasticPress-Search
AR-SID
X-Cache-Host
X-Origin-CC
X-F5-Cache
X-Accel-Expires-Debug
X-IN-WAF
X-IN-APIGATEWAY
X-A-Dgt
X-Instart-Isnd
X-A-Dcw
Request-Time
X-Hp-Webp
X-Gannett-Site-Version
X-Aed
X-Generated-In
X-A-Wwc
X-G
X-Destination
X-CF-Lambda-Fn
X-ARC
BehaviorPad-Version
X-CF-Lambda-Version
X-Application
Arc-Country
X-Cache-Miss-From
Cache-Prefix
X-Cache-ASPX
Ec-Rule-Version
X-Cache-Expires
X-Cache-Grace
X-Cache-Info
X-B-Cookie
X-Connection-Hash
X-Core-Value
X-Developer
X-A-Dam
Fly-Cache
Fly-Request-Id
X-DPWN-IS-SECURE
FNAC-ModuleRouting
X-Debug-Log
X-Debug-Cookies
Ajk
X-D
X-Date
X-Debug-Cache-Expiry
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-External-Request-Id
X-Processor
Origin
X-Request-UUID
X-Rewrite-Enabled
X-Thinkindot-L3
X-SRCache-Key
Thinkindot-Control
X-Matched-Rule
X-Transaction
X-A-Ccd
X-Twitter-Response-Tags
X-Region-Sid
On-Server
X-PAYTM-SRV-ID
Rendered-Blocks
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
X-Server-Group
Server-Cache-Control
X-NX-Host
X-Sedo-Request-Id
X-S-Cookie
X-Secret
X-Rojux
X-ServiceProvider
X-Mobile-URL
Server-Surrogate-Control
Server-Host
X-NodeID
X-NU-AKA-ACS-Version
UCS
X-Trv-Group
Meta-Geo-Continent
X-VG-WebServer
X-Varnish-Authentication
MD5-Digest
Memcached
Request-Country
Cross-Origin-Window-Policy
Xc-Version
X-Webstats-RespID
X-ScT
X-Var-Ttl
X-Refresh
X-Reboot
Node
X-Platform
X-Logtrace-Id
X-Up
X-A
Request-EU
Www
Lfy
X-WPE-Loopback-Upstream-Addr
X-Varnish-Ttl
User-Cache-Control
X-Sn-Servicetimems
X-Apm-App-Name
X-Apm-Inst-Hash
V-Age
X-Block-Status
RNT-Time
True-Client-Country-4JS
X-Apm-Svc-Key
X-Amzn-Remapped-Connection
X-Amzn-Remapped-Content-Length
X-Amzn-Remapped-Date
Server-Int
X-LAGOON
RNT-Machine
X-RateLimit-Remaining-Second
X-PHP-Host
X-Micro-Cache
X-Location
X-LI-UUID
X-Li-Fabric
X-Li-Pop
X-LI-Proto
X-Policy
X-Swa-Ws
X-SN
X-Request-URI
X-Origin-Date
X-Origin-Expires
X-Page-Type
X-Servername
X-Rebelmouse-Surrogate-Control
X-SIPLIST1
X-Sf
X-Nginx-Cache-Key
X-Rebelmouse-Cache-Control
X-Qloud-Router
X-Cdn-Origin
X-Developers
X-Device-Os
X-Dispatcher-Server
X-Distil-CS
X-Crawler
X-CGP
X-Cache-Bucket
X-Cache-Debug
X-Cache-Id
X-Cdn-Srv
X-Distributor
X-Epic-Correlation-Id
X-Irp-Debug
X-Key
X-RateLimit-Limit-Second
X-Server-Time
X-Info
X-Hnp-Log
X-Eu-Site
X-Fetched-On
X-Gen-Mode
X-Hash
X-Cache-Backend
Web-Mar-Node
Fastly-SWR
Fastly-SIE
Apple-News-Services-Handled
Gh-Request-Id
CDCHOST
IsBot
HA-Ipaddr
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-From
Backend
Apple-News-Services-Request-Url
Country-Code
Warning
Ha-Gx-Prefs
Pagetype
X-Real-Ip
Pramga
X-App-Version
Pagespeed
X-Geo
X-FireWall-Port
Adler-Geo
X-Gateway-Cache-Status
X-Exp-Se
X-Gateway-Cache-Key
X-ShopId
AKAMAI
X-Fastly-Cache
X-Core-Mission
X-Sorting-Hat-ShopId
X-Thanos
X-Variation
X-Sorting-Hat-PodId
X-Cms-Context
X-Skip-Cache
X-Gateway-Skip-Cache
X-Shopify-Stage
X-Generated-On
X-Planisys-CDN-Cache
Rt-Proxy-Cache
X-No-Session
X-Planisys-CDN-Rules
X-S-Maxage
X-Wikidot-Static-Cache
X-Protected-By
X-Planisys-CDN-TTL
X-ND-Cache
X-Via-SSL
X-Via-Edge
X-Geo-Header
X-Wikidot-Backend
X-GeoIP-City
X-User
X-MSEdge-Flight
X-MSEdge-Features
X-Level-Front-Cache
X-ShardId
X-GeoIP-Country-Code
Proxy-Connection
X-Amz-Meta-Cache-Control
X-Backend-State
X-BBXSRF
X-Alternate-Cache-Key
Platform
ServerName
X-Backend-Host
X-Auto-Login
Fastly-Soc-X-Request-Id
Fastly-SSL
Heartbleed
X-Backend-Url
X-Cache-FS-Status
SD-X-WS
Content-Disposition
Is-Eu
X-C
X-Bip
Kp-EeAlive
X-GZip
HTTPS
X-Owner
X-Server-IP
X-Ocache
X-Varnish-Beresp-Status
X-Served-From
X-Org
X-RateLimit-Reset
X-Varnish-Beresp-Grace
REQUESTUUID
X-BB-ID
MIME-Version
X-Edge-Location
X-B3-Parentspanid
Server-ID
X-Proxy-Upstream
X-Proxy-Cache-Status
X-TT-LOGID
X-TrackingId
X-Sucuri-Cache
X-NC
X-CDN-Forward
X-Cdn-Forward
User-Agent
X-Git-Hash
Magicmarker
X-FPC
Fastly-Backend-Name
N-Cache
X-Edge-IP
X-Varnish-Url
X-Host-Name
X-Aicache-OS
X-Load-Cache
Wxu-Next-Hostname
VivaBuild
X-Gdpr
Wxu-Next-Commit
Viewtype
Wxu-Next-Region
X-Varnish-Beresp-Ttl
X-Node-Id
X-Daa-Tunnel
X-Dc
HostName
X-DC
X-CSRF-TOKEN
X-Pjax-Url
X-Parent-Response-Time
CF-IPCountry
Memory
Time
X-CUA
Powered-By
X-Release
X-Nc
PICS-Label
X-WebServer
X-Servedbyhost
X-HS-Cache-Config
X-TH-Server
X-Wa
Pragrma
Resin-Trace
X-CACHE-KEY
X-Svr
X-Returned-From-DLL
X-Passed-To-PostProcessResponse
X-Passed-To-DLL
X-Returned-From-PostProcessResponse
X-Passed-To-BeforeDispatch
X-Returned-From
X-Stale
X-Server-By
X-Returned-From-BeforeDispatch
Host-ID
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-Phone
X-Original-Request
X-Passed-To
X-Actual-URL
X-Oss-Request-Id
X-Upstream-HT
X-Oss-Server-Time
X-Upstream-CT
X-Oss-Storage-Class
Section-Io-Cache
X-VServer
X-Instart-Info
X-Croise-Owner
Mime-Version
X-Newrelic-Synthetics
Cdn-Host
Cdn-Request-Time
X-Edge-Server
X-From-Cache
ProcessTime
Backend-Name
X-Tb-Optimization-Total-Bytes-Saved
X-Optimization
X-Cache-HT
X-Varnish-Beresp-TTL
X-Worker
X-Lb-Id
Cf-Ipcountry
CF-Cached-On
188prxHost
SID
X-Server-W
189phosttRef
352pxline
Cdn
Version
178proxuri
355prline
X-Request-Handler-Origin-Region
286prxHost
X-APP
Xxline
409pxxline
225prxHost
X-Microsite
219prxHost
X-Atg-Version
X-Unique-ID
X-Microcachable
X-Fastly-Backend-Reqs
XServer
X-Req
X-Datadome
X-SERVER-NAME
Proxy-Firewall
X-ID
X-Zone
Processtime
X-Akamai-Request-ID2
X-LB-ID
X-Ratelimit-Remaining
Accept-Language
X-V
Esi-Enabled
X-VCL-Version
X-Vcl-Version
X-B3-SpanId
X-Ratelimit-Limit
Odigeo-Trace-Id
X-CLOUD-TRACE-CONTEXT
Fastcgi-Useragent
X-CACHE-AGE
X-HTML-Minification-Powered-By
X-AssetVersion
GeoIP-Latitude
GeoIP-City
X-IPS-LoggedIn
X-UPSTREAM-Address
GeoIP-Country-Code
X-Contensis-Viewer-Groups
X-Vcache
X-Check-Cacheable
X-Fstrz
X-Backend-TTL
X-NGINX-Cache
SN
X-WR-MODIFICATION
X-HS-Status
X-RequestId
X-Response-By
X-URL
X-WA
Pics-Label
X-Nananana
X-Ratelimit-Reset
X-Vtex-Remote-Cache
X-Vtex-Processado-Em
X-Be
X-ServedByHost
X-ZONE
X-CSRF-Token
GMS-Ver
X-Urbn-Site-Id
X-Reqid
Locale
X-Via-NSCOPI
X-Urbn-Context-Path
X-Cache-Ttl
DataCenter
X-NWS-UUID-VERIFY
X-Hyper-Cache
Geoip-Latitude
X-Hello
X-FORWARDED-FOR
X-ABtesting
X-SRV
X-Flog
CDN
GeoIp-Country-Code
X-Dynatrace
X-Fastly-Country-Code
Public-Key-Pins-Report-Only
IBM-Web2-Location
X-Render-Time
Fastcgi-X-Cache-Version
X-Via-Ucdn
Dnion-Transfer-Encoding
Geoip-City
X-Request-Start
X-Cdn-Cache
WP-Super-Cache
X-Generation-Time
X-GDPR
Requestid
WZWS-RAY
GW-Server
X-Amz-Meta-Surrogate-Control
X-CS
X-PJAX-URL
X-LiteSpeed-Cache-Control
WebServer
X-NGENIX-Cache
X-Unique-Id
URI
Lb
X-We-Are-Hiring
X-Cluster-Name
X-UE-Client-Country
Countrycode
Mobile-Detection-Method
X-Clientip
Dynatrace
X-HostName
FastCGI-Cache
Amp-Access-Control-Allow-Source-Origin
X-Fpc
X-HS-Combine-CSS
X-Gen-Id
X-BE
Serverid
X-Pf-Uncompressing
X-GEO
Cneonction
SS
Ohc-File-Size
X-Compress-Hint
X-Cache-URL
X-Store
X-Varnish-Action
X-Test
Who
A
X-Bug-Bounty
X-Got-Non-Ke-Cookie
Server-Id
GEO-REGION-INFO
X-LiteSpeed-Tag
X-Akamai-SSL-Client-Sid
X-Dw-Trace-Id
Epwk-Cache
Https
X-Request-Url
Frontcache
RequestUuid
X-Cdn-Request-ID
X-HTML-Edge-Cache
FSS-Cache
FSS-Proxy
NnCoection
X-ServerName
X-Fastly-Cache-Hits
X-PF-Uncompressing
X-EC-Lua
X-GZIP
X-Html-Edge-Cache
X-Serial