Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
X-Powered-By
Link
ETag
CF-RAY
X-XSS-Protection
Expect-CT
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
CF-Cache-Status
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-Xss-Protection
X-FRAME-OPTIONS
X-Drupal-Cache
X-Adblock-Key
Alt-Svc
X-Check
X-Cacheable
X-Cache-Status
Content-Security-Policy-Report-Only
X-Generator
X-DNS-Prefetch-Control
X-Request-ID
CF-Ray
X-Permitted-Cross-Domain-Policies
X-AspNetMvc-Version
X-Template
X-Language
Status
X-Iinfo
Content-Encoding
Timing-Allow-Origin
X-Content-Security-Policy
X-Buckets
Upgrade
Xkey
X-Turbo-Charged-By
X-Kinja-Server-Push
X-CDN
Keep-Alive
Access-Control-Expose-Headers
X-AH-Environment
X-Backend
Access-Control-Max-Age
X-Cache-Group
X-Pass-Why
X-Drupal-Dynamic-Cache
X-Age
X-Server
X-Ua-Compatible
X-Pingback
X-Via
X-Proxy-Cache
X-Amz-Request-Id
X-Amz-Id-2
Grace
X-Hacker
WPE-Backend
X-Varnish-Cache
X-Page-Speed
X-Robots-Tag
X-Server-Powered-By
X-Nginx-Cache-Status
X-UA-Device
EagleId
Request-Context
X-Envoy-Upstream-Service-Time
Cf-Railgun
P3p
X-Amz-Version-Id
X-LiteSpeed-Cache
X-Swift-SaveTime
X-Swift-CacheTime
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-OneAgent-JS-Injection
Ali-Swift-Global-Savetime
X-Device
Server-Timing
X-WebKit-CSP
Allow
X-Ac
X-Rq
X-Node
X-Host
Content-Location
X-Server-Id
Feature-Policy
X-Cnection
X-Response-Time
Report-To
X-Cloud-Trace-Context
X-CST
X-Backend-Server
EagleEye-TraceId
X-Application-Context
Surrogate-Control
X-ORACLE-DMS-ECID
X-Iejgwucgyu
Request-Id
X-Url
X-Origin-Cache
X-Readtime
X-Rack-Cache
X-FTR-Request-ID
X-Country
X-Cache-Lookup
X-Cdn
X-Clacks-Overhead
X-Country-Code
Rating
NEL
X-Instart-Request-ID
X-Ruxit-JS-Agent
X-Vhost
Pinterest-Generated-By
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-DynaTrace
X-DataDome
X-Type
X-Mod-Pagespeed
X-Origin-Upstream-Status
Edge-Control
X-Px
X-Goog-Hash
X-HW
Accept-CH
X-Dispatcher
Verso
X-Server-Name
X-ORACLE-DMS-RID
MS-Author-Via
X-VARITI-CCR
AR-ATIME
AR-PoweredBy
AR-CACHE
Arc-Version
PB-PID
X-Mobile-Rewrite
PB-RID
X-MS-InvokeApp
X-GitHub-Request-Id
X-Cdn-Fetch
X-Use-Magma
X-Exp-Id
X-Exp-Variant
X-GoogleNews-Bot
X-Kinja
X-Kinja-Build
X-Kinja-Server
X-Kinja-Revision
X-Upstream-Env
X-ESI
X-DataStream-Cache-Status
X-Cached
Public-Key-Pins
X-Powered-By-Plesk
Content-MD5
X-Version
Service-Worker-Allowed
Accept-CH-Lifetime
AR-Request-ID
X-Recruiting
X-D2id
X-TTL
RTSS
Charset
X-Navigation-Version
X-Amz-Server-Side-Encryption
X-Abt-Application-Version
X-PC
X-TtlSet
X-Vname
Ar-Sid
X-Ser
X-Vcap-Request-Id
X-Varnish-TTL
X-Webkit-CSP
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Server-ID
X-Forwarded-Proto
X-Client-IP
X-Trace
Nginx-Cache
SPRequestGuid
X-DynaTrace-JS-Agent
X-FTR-Backend
X-FTR-DC
X-FTR-Balancer
X-FTR-Cache-Status
X-FTR-Realm
X-FTR-Backend-Server
X-Country-Code-Real
X-FTR-Expires
DynaTrace
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Amz-Rid
X-VCache
X-Amz-Meta-S3cmd-Attrs
X-XRDS-Location
S
X-Fastly-Request-ID
X-Debug
X-SharePointHealthScore
X-Hits
TCN
X-Upstream-Proxy
Pinterest-Version
X-Pinterest-Rid
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Dw-Request-Base-Id
X-Akam-SW-Version
X-Shield-Request-Id
Arr-Disable-Session-Affinity
X-Powered-CMS
SPRequestDuration
SPIisLatency
X-FTR-Cache-Host
X-T
Access-Control-Request-Method
X-Goog-Storage-Class
X-Id
X-Oracle-Dms-Rid
Realpath
X-Acc-Meta-Resource-Type
X-MSEdge-Ref
Tracecode
X-NF-Request-ID
X-B3-TraceId
X-Amzn-Trace-Id
Front-End-Https
X-Ttl
X-Aspnet-Version
X-N
Fastcgi-Cache
X-Varnish-Age
X-Content-Type
X-Forwarded-For
X-Upstream
X-Fastcgi-Cache
Paypal-Debug-Id
MRF-Tech
Mrf-Cache-Status
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
X-B3-TraceId-Primal
Alternate-Protocol
X-Frontend
X-PressLabs-Stats
X-Logged-In
X-Content-Digest
X-HS-Content-Id
X-HS-Hub-Id
X-Middleton-Display
Response
X-Middleton-Response
Fusion-Template-Id
Fusion-Component-Id
Fusion-Content-Id
Fusion-Content-Source
Fusion-Source
Display
X-Sol
X-RateLimit-Remaining
X-Hostname
X-Pad
X-Srv
AMP-Access-Control-Allow-Source-Origin
X-Cache-Key
X-Litespeed-Cache
X-Accel-Expires
X-B3-Traceid
Host
MicrosoftSharePointTeamServices
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
ServerID
Server-Name
X-Correlation-Id
Backend-Timing
X-Analytics
X-Kinsta-Cache
X-AppVersion
X-Activity-Id
X-LB-Cache
X-User-Agent
X-B3-Sampled
X-Revision
X-Debug-Info
X-Az
X-IPLB-Instance
X-Content-Options
X-Rid
X-Amz-Apigw-Id
Surrogate-Key
X-Amzn-RequestId
X-Cache-Hit
Accept-Charset
FilterID
X-Cache-2
X-Grace
Refresh
Powered-By-ChinaCache
X-CF-Powered-By
X-B
X-Request-Received
X-Request-Processing-Time
TP-L2-Cache
TP-Cache
X-Page-Id
MS-CV
X-Whom
X-DIS-Request-ID
Server-Info
X-Accel-Buffering
X-Cached-By
X-GUploader-UploadID
Cache-Status
Host-Header
X-PHP-Backend
X-Varnish-Backend
Source
VIX-Pulpo-Node
X-Akamai-Edgescape
X-Origin-Server
X-TT
X-Content-Security-Policy-Report-Only
X-Cache-Action
X-Amz-Replication-Status
VIX-Pulpo-Upstream-Status
X-App-Environment
PageSpeed
X-Mobile
X-Cluster
X-F-Cache
X-Platform-Server
X-Tumblr-User
X-Tumblr-Pixel
X-Tumblr-Pixel-0
Access-Control-Allow-Method
X-Content-Powered-By
X-Varnish-Grace
X-Framework
X-FW-Serve
X-FW-Hash
X-FB-Debug
X-Instance
X-Request-Guid
X-FW-Server
X-FW-Static
X-Drupal-Cache-Tags
X-FW-Type
X-Kong-Proxy-Latency
X-Ruxit-Js-Agent
X-Kong-Upstream-Latency
X-Forwarded-Host
X-UA-Device-Type
X-Ezoic-Cdn
X-Node-Name
Edge-Cache-Tag
X-Geo-Country
X-Shard
X-RateLimit-Limit
X-Zen-Fury
X-Handled-By
X-Cache-TTL
From-Origin
Fastly-Restarts
X-FastCGI-Cache
X-TA-CDN-Provider
X-Varnish-Hostname
X-SS-Set-Cookie
X-Magnolia-Registration
Cache-Tags
X-Cache-Age
X-AOL-HN
X-ATG-Version
X-BCube-Filmed-By
X-Cache-Control
X-Cache-Rule
Healthy
X-Varnish-Server
Upgrade-Insecure-Requests
Cleartype
DC
X-App-Server
Server-Node
X-Esi
Retry-After
Payment
X-RequestSource
X-SERVER
X-Response-Served-From
X-Adobe-Content
X-Adobe-Loc
X-Signature
X-TX-ID
X-Storage
Country
X-B-Cache
X-WebKit-CSP-Report-Only
X-Tumblr-Pixel-2
Actual-Object-TTL
Filters
X-GeoIP
Ms-Operation-Id
X-TT-TIMESTAMP
X-Redis-Cache
X-Region
X-RTag
X-UUID
X-VG-WebCache
Powered
X-Tumblr-Pixel-1
X-FW-Dynamic
X-Jobs
X-Drupal-Cache-Contexts
Cache-Tv-Group
X-Varnish-Hits
X-Content-Age
X-Cacheable-TTL
X-Generated-By
X-Locale
X-Dns-Prefetch-Control
X-XRDS-LOCATION
Frame-Options
Webserver
GEO-INFO
NGB
ServedBy
CACHE
X-WA-Info
X-Contextid
Liferay-Portal
X-Oneagent-Js-Injection
HitType
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Cache-NE
X-Rendered-As
X-Real-IP
X-ProcessESI
X-RemovedCookies
X-Varnish-IP
X-Via-JSL
X-Cache-TTL-Remaining
Eomportal-Instance
X-Time
X-Cache-Operation
X-NWS-LOG-UUID
X-Upgrade-Enabled
X-Seen-By
X-Mode
S-Cnection
X-Guploader-Uploadid
Viewport
Xserver
X-BACKEND-TTL
X-Varnish-Cache-Hits
X-Proto
Cache-Key
Load-Balancing
Machine
X-Zipkin-Id
Cache-Hits
X-From
X-Is-Bot
X-Hl-Ver
OT-Force-Account-Verify
X-Cache-Enabled
X-Cache-Var
X-Proxied
X-RN-RSRV
X-ES-SERVER
X-Cache-Var-Map
X-Detected-As
X-Device-Type
Mn-Server-Ip
X-Path-Route
X-Routing-Service
Meta-Geo
X-S
TWC-Locale-Group
TWC-GeoIP-LatLong
X-VWS-Id
Vix-Hermes-Req-Id
Webcakes-App-Version
Webcakes-App-Name
We-Hiring
TWC-GeoIP-Country
TWC-Device-Class
L5d-Success-Class
Access-Control-Request-Headers
LB
Mail-Subject
NGX
TWC-Connection-Speed
Property-Id
Webcakes-Region
X-Backend-Name
X-Rocket-Nginx-Bypass
X-R9-Blue-Green-Version
X-Proxy
X-Tb
X-Time-Microsecs
X-Viewer-Country
X-VG-TLSProxy
X-Origin-Hint
X-LJ-Flow-ID
X-Environment-Context
X-Cache-Config
NtCoent-Length
X-FB-TRIP-ID
X-FC-Vary-Parameters
X-L-Path
X-Hosted-By
X-AWS-Id
TWC-Privacy
X-Cache-Server
X-Akamai-Transformed
X-Access
X-Akamai-Request-ID
X-Origin-Response-Time
X-MP-GENERATED-AT
X-Debug-Cache
Azure-Version
Azure-RegionName
Azure-SiteName
Azure-SlotName
X-Loop
X-Labrador-Cache-Channel
X-Cache-Remote
X-FW-Version
X-EIG-Tracking-Id
X-NCache
S-Rt
Origin-Edge-Control
Azure-InstanceId
Now
Origin-Cache-Control
X-Format
DB-Nickname
X-TNCMS
X-Tumblr-Pixel-3
X-ServerID
X-Web-Node
X-Vgn-Hpd-Reason
Datacenter
X-Section
X-RCS-CacheZone
X-ProxyCache-Key
X-Trace-Id
X-Human
X-Via-CDN
X-Via-Fastly
Selected-FE
Content-Style-Type
X-IP
X-JoinUs
X-Timing-Wait
X-PCL
X-BYPASS-REASON
X-Xfnlog-Site
X-Proxy-Build
X-ProxyCache-Status
X-GRACE
Content-Script-Type
X-CCM
X-OCL
X-Www-Served-By
Uber-Trace-Id
Cache-Tag
X-Internal-Host
X-Generated
X-Cache-Category-Id
X-Grey
X-Endurance-Cache-Level
X-VC-Cache
X-Varnish-Cacheable
X-Newrelic-App-Data
X-UnsetCookies
X-Site-Version
Decoy-Debug-TTL
X-Status
X-Rule
Decoy-Debug-Key
Decoy-Debug-Status
X-Birta-Cache-Post
X-Dynatrace-Js-Agent
X-Birta-Served
Release
Served-By
X-EdgeConnect-Cache-Status
X-UA
X-CDN-Cache
Nel
X-Ua
X-Cluster-Node
AsisCache
X-Request-Time
X-APP-VERSION
X-Nginx-Cache
X-App-Name
X-Wix-Server-Artifact-Id
Rt-Fastcgi-Cache
X-TIME
DSUID
X-OVcl-Cache
X-Origin
X-Hit
X-Goog-Meta-Goog-Reserved-File-Mtime
X-B3-Spanid
X-ApacheServer
X-PERF
X-OVcl
X-Source
X-VCT
X-Origin-Host
ViewerVersion
X-Wix-Request-Id
SRV
X-Sucuri-ID
X-Agile-Age
X-Agile
X-App-Version
X-Agile-Id
Hostname
X-NewRelic-App-Data
Cache-Name
X-Pubstack
Cache
X-WPE-Loopback-Upstream-Addr
Cteonnt-Length
X-Cache-Host
X-ElasticPress-Search
X-Origin-TTL
X-Origin-CC
On-Server
Node
Cross-Origin-Window-Policy
Origin
Rendered-Blocks
Request-Country
Ec-Rule-Version
Fly-Cache
X-Accel-Expires-Debug
X-Cache-ASPX
X-A-Dcw
Fly-Request-Id
BehaviorPad-Version
X-A-Dgt
X-A-Dam
X-A-Wwc
Meta-Geo-Continent
Request-EU
Request-Time
X-B-Cookie
Thinkindot-CacheControl
X-A-Ccd
X-A
Lfy
X-ARC
Thinkindot-CacheControl-Type
MD5-Digest
Server-Surrogate-Control
Memcached
FNAC-ModuleRouting
Www
UCS
Server-Cache-Control
Server-Host
X-Application
X-Aed
Cache-Prefix
X-Debug-Cookies
X-Request-UUID
X-Region-Sid
X-Rewrite-Enabled
X-Rojux
X-ScT
X-S-Cookie
X-Refresh
X-Reboot
X-NX-Host
X-NU-AKA-ACS-Version
X-PAYTM-SRV-ID
X-Platform
X-Processor
X-Secret
X-Sedo-Request-Id
X-Var-Ttl
X-Up
X-Varnish-Authentication
X-VG-WebServer
Xc-Version
X-Webstats-RespID
X-Twitter-Response-Tags
X-Trv-Group
X-ServiceProvider
X-Server-Group
X-SRCache-Key
X-Thinkindot-L3
X-Transaction
X-NodeID
X-Mobile-URL
X-Date
X-D
X-Debug-Cache-Expiry
X-Debug-Cache-Fetch
Arc-Country
X-Debug-Cache-Store
X-Core-Value
X-Connection-Hash
X-Cache-Info
X-Cache-Grace
X-Cache-Miss-From
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Debug-Log
X-Destination
X-IN-APIGATEWAY
X-Hp-Webp
X-IN-WAF
X-Instart-Isnd
X-Matched-Rule
X-Logtrace-Id
X-Generated-In
X-Gannett-Site-Version
X-DPWN-IS-SECURE
X-Developer
X-External-Request-Id
X-F5-Cache
X-G
X-Cache-Expires
Thinkindot-Control
Ajk
User-Cache-Control
X-Device-Os
X-Developers
X-Crawler
X-Cdn-Srv
X-CGP
X-Dispatcher-Server
X-Distil-CS
X-Gen-Mode
X-Hash
X-Fetched-On
X-Epic-Correlation-Id
X-Distributor
X-Cache-Id
X-Cache-Bucket
ServerName
True-Client-Country-4JS
Server-Int
RNT-Time
Proxy-Connection
RNT-Machine
Web-Mar-Node
X-Amzn-Remapped-Connection
X-Cache-Backend
X-Hnp-Log
X-Block-Status
X-Amzn-Remapped-Date
X-Amzn-Remapped-Content-Length
X-Cache-Debug
X-Irp-Debug
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Policy
X-Qloud-Router
Warning
X-Request-URI
X-SN
X-Swa-Ws
X-SIPLIST1
X-Sf
X-Servername
X-PHP-Host
X-Page-Type
X-Li-Fabric
X-Li-Pop
X-LAGOON
X-Key
Pramga
X-LI-Proto
X-LI-UUID
X-Origin-Date
X-Origin-Expires
X-Nginx-Cache-Key
X-Micro-Cache
X-Location
X-Info
X-Eu-Site
Fastly-SWR
Cache-Cookie-Set-From
Backend
Apple-News-Services-Request-Url
Cache-Cookie-Set-Lfrom
CDCHOST
Fastly-SIE
IsBot
Country-Code
Gh-Request-Id
Kp-EeAlive
Cache-Cookie-Set-Idcheck
Ha-Gx-Prefs
HA-Ipaddr
Pagetype
Apple-News-Services-Handled
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
X-FireWall-Port
X-Varnish-Ttl
X-C
X-Backend-Host
X-Via-SSL
X-Apm-Inst-Hash
X-Apm-Svc-Key
V-Age
Is-Eu
X-Level-Front-Cache
X-BBXSRF
X-Via-Edge
X-Backend-Url
X-Bip
X-Backend-State
X-GeoIP-City
X-Cms-Context
X-Wikidot-Backend
X-Sn-Servicetimems
X-Wikidot-Static-Cache
X-Fastly-Cache
X-Core-Mission
X-Apm-App-Name
X-Gateway-Cache-Key
X-Geo-Header
X-Cache-FS-Status
X-Generated-On
X-Gateway-Skip-Cache
X-Gateway-Cache-Status
Heartbleed
X-GeoIP-Country-Code
X-MSEdge-Flight
X-S-Maxage
X-Server-IP
X-ShardId
X-User
Adler-Geo
X-Protected-By
X-Cdn-Forward
X-ShopId
X-Shopify-Stage
X-Sorting-Hat-ShopId
X-Thanos
Platform
X-Server-Time
X-Sorting-Hat-PodId
SD-X-WS
X-Skip-Cache
X-Auto-Login
X-Planisys-CDN-TTL
X-Alternate-Cache-Key
X-No-Session
X-Cdn-Origin
X-Amz-Meta-Cache-Control
X-MSEdge-Features
Fastly-SSL
Fastly-Soc-X-Request-Id
X-Planisys-CDN-Rules
AKAMAI
Content-Disposition
X-Planisys-CDN-Cache
X-Varnish-Beresp-Status
X-Variation
X-Varnish-Beresp-Grace
Pagespeed
User-Agent
MIME-Version
HTTPS
X-Owner
X-NC
X-ND-Cache
X-Edge-Location
X-BB-ID
X-Ocache
Rt-Proxy-Cache
X-Geo
X-Exp-Se
X-GZip
X-Proxy-Upstream
X-Proxy-Cache-Status
X-Org
X-Sucuri-Cache
X-RateLimit-Reset
Server-ID
X-Served-From
REQUESTUUID
X-TrackingId
X-TT-LOGID
X-B3-Parentspanid
X-Real-Ip
X-Edge-IP
Fastly-Backend-Name
X-Varnish-Url
Magicmarker
X-FPC
N-Cache
X-Aicache-OS
Viewtype
VivaBuild
X-Gdpr
X-Git-Hash
X-Varnish-Beresp-Ttl
X-Host-Name
AR-SID
Wxu-Next-Region
Wxu-Next-Commit
Wxu-Next-Hostname
X-CDN-Forward
X-Pjax-Url
X-Node-Id
X-Load-Cache
X-DC
X-Daa-Tunnel
X-CSRF-TOKEN
CF-IPCountry
Powered-By
Memory
X-Parent-Response-Time
HostName
Time
X-CUA
X-Dc
X-Datadome
X-Release
X-Servedbyhost
Resin-Trace
Pragrma
X-Wa
X-HS-Cache-Config
X-Nc
X-Passed-To-PostProcessResponse
X-Passed-To-BeforeDispatch
X-Passed-To-DLL
X-Returned-From-BeforeDispatch
X-Passed-To
X-Server-By
PICS-Label
X-Returned-From-PostProcessResponse
X-Returned-From-DLL
X-Stale
X-Returned-From
X-Svr
X-Oss-Server-Time
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-Original-Request
X-Actual-URL
X-TH-Server
X-CACHE-KEY
Section-Io-Cache
X-Oss-Storage-Class
X-Oss-Request-Id
X-WebServer
X-VServer
X-Upstream-CT
X-Croise-Owner
X-Upstream-HT
X-Phone
Host-ID
ProcessTime
X-Newrelic-Synthetics
X-Instart-Info
Cdn-Host
X-Edge-Server
Cdn-Request-Time
X-Optimization
X-Cache-HT
Mime-Version
Backend-Name
X-From-Cache
X-Tb-Optimization-Total-Bytes-Saved
CF-Cached-On
X-Varnish-Beresp-TTL
X-Lb-Id
SID
X-APP
X-Fastly-Backend-Reqs
X-Worker
Cdn
X-Unique-ID
X-Microcachable
Cf-Ipcountry
X-Request-Handler-Origin-Region
178proxuri
Xxline
188prxHost
189phosttRef
X-Req
286prxHost
X-Microsite
355prline
X-Server-W
Version
409pxxline
352pxline
225prxHost
219prxHost
X-Atg-Version
X-B3-SpanId
XServer
X-LB-ID
Proxy-Firewall
Fastcgi-Useragent
X-Backend-TTL
X-ID
Processtime
Odigeo-Trace-Id
X-V
X-Akamai-Request-ID2
Accept-Language
X-Ratelimit-Remaining
X-Vcl-Version
X-Ratelimit-Limit
X-VCL-Version
X-HTML-Minification-Powered-By
X-Zone
Esi-Enabled
X-CLOUD-TRACE-CONTEXT
X-CACHE-AGE
GeoIP-City
X-UPSTREAM-Address
X-IPS-LoggedIn
X-Check-Cacheable
X-WR-MODIFICATION
X-Fstrz
X-AssetVersion
GeoIP-Latitude
X-Contensis-Viewer-Groups
GeoIP-Country-Code
SN
X-Nananana
X-NGINX-Cache
X-Vcache
X-Response-By
Pics-Label
X-ZONE
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
X-HS-Status
X-Be
X-WA
X-RequestId
X-Ratelimit-Reset
X-URL
GMS-Ver
Locale
X-Urbn-Context-Path
X-Urbn-Site-Id
X-Via-NSCOPI
X-Reqid
X-ServedByHost
X-CSRF-Token
Public-Key-Pins-Report-Only
DataCenter
Geoip-Latitude
X-Hyper-Cache
GeoIp-Country-Code
X-Flog
X-Hello
X-ABtesting
X-SERVER-NAME
Fastcgi-X-Cache-Version
CDN
X-NWS-UUID-VERIFY
WZWS-RAY
X-Dynatrace
IBM-Web2-Location
X-Via-Ucdn
X-Amz-Meta-Surrogate-Control
Dnion-Transfer-Encoding
GW-Server
Geoip-City
X-Render-Time
X-Request-Start
X-Fastly-Country-Code
WP-Super-Cache
X-Cdn-Cache
X-Clientip
Requestid
Mobile-Detection-Method
X-We-Are-Hiring
WebServer
X-LiteSpeed-Cache-Control
Countrycode
X-Generation-Time
X-CS
X-Cache-Ttl
X-GDPR
X-UE-Client-Country
X-Unique-Id
X-NGENIX-Cache
Ohc-File-Size
X-GEO
URI
X-PJAX-URL
Lb
X-Cluster-Name
X-HS-Combine-CSS
SS
X-BE
Dynatrace
Amp-Access-Control-Allow-Source-Origin
X-FORWARDED-FOR
X-HostName
X-SRV
FastCGI-Cache
X-Gen-Id
X-Fpc
X-Compress-Hint
Cneonction
X-Cache-URL
Serverid
X-Pf-Uncompressing
X-GZIP
X-Got-Non-Ke-Cookie
Who
X-Varnish-Action
RequestUuid
X-PF-Uncompressing
GEO-REGION-INFO
Server-Id
A
X-Bug-Bounty
X-Store
FSS-Cache
FSS-Proxy
X-Test
X-LiteSpeed-Tag
X-Akamai-SSL-Client-Sid
X-Html-Edge-Cache
Frontcache
Https
X-Request-Url
X-Fastly-Cache-Hits
X-Serial
X-HTML-Edge-Cache
X-Cdn-Request-ID
X-ServerName
X-Dw-Trace-Id
NnCoection
Ohc-Cache-HIT
Ohc-Response-Time
X-EC-Lua