Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
X-Powered-By
Link
ETag
CF-RAY
X-XSS-Protection
Expect-CT
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
CF-Cache-Status
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Xss-Protection
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
Alt-Svc
X-Check
X-Cacheable
X-Cache-Status
Content-Security-Policy-Report-Only
X-Generator
X-Request-ID
CF-Ray
X-Permitted-Cross-Domain-Policies
X-DNS-Prefetch-Control
X-AspNetMvc-Version
X-Template
X-Language
Status
X-Iinfo
Content-Encoding
Timing-Allow-Origin
X-FRAME-OPTIONS
X-Content-Security-Policy
X-Buckets
Upgrade
Xkey
X-Turbo-Charged-By
X-Kinja-Server-Push
X-CDN
Keep-Alive
Access-Control-Expose-Headers
X-Backend
Access-Control-Max-Age
X-Cache-Group
X-Pass-Why
X-AH-Environment
P3p
X-Drupal-Dynamic-Cache
X-Age
X-Server
X-Ua-Compatible
X-Pingback
X-Via
X-Proxy-Cache
X-Amz-Request-Id
X-Amz-Id-2
Grace
X-Hacker
X-Varnish-Cache
X-Page-Speed
WPE-Backend
X-Robots-Tag
X-Server-Powered-By
X-Nginx-Cache-Status
X-UA-Device
EagleId
Request-Context
X-Envoy-Upstream-Service-Time
Cf-Railgun
X-Amz-Version-Id
X-LiteSpeed-Cache
X-Swift-SaveTime
X-Swift-CacheTime
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-OneAgent-JS-Injection
Ali-Swift-Global-Savetime
X-Device
Server-Timing
X-WebKit-CSP
Allow
X-Ac
X-Rq
X-Node
X-Server-Id
X-Host
Content-Location
Feature-Policy
X-Cnection
X-Response-Time
X-CST
Report-To
X-Backend-Server
X-Cloud-Trace-Context
EagleEye-TraceId
Surrogate-Control
X-Application-Context
X-ORACLE-DMS-ECID
X-Iejgwucgyu
X-Url
X-Readtime
X-Origin-Cache
Request-Id
X-Rack-Cache
X-Country
X-FTR-Request-ID
X-Cache-Lookup
X-Clacks-Overhead
X-Country-Code
X-Type
Rating
NEL
X-Instart-Request-ID
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Ruxit-JS-Agent
Pinterest-Generated-By
X-Vhost
X-DynaTrace
X-Cdn
X-DataDome
X-Mod-Pagespeed
X-Origin-Upstream-Status
Edge-Control
X-Px
X-Goog-Hash
X-HW
X-Server-Name
Verso
Accept-CH
X-Dispatcher
X-Upstream-Env
MS-Author-Via
X-ESI
X-ORACLE-DMS-RID
X-VARITI-CCR
AR-ATIME
AR-CACHE
AR-PoweredBy
Arc-Version
PB-RID
X-Mobile-Rewrite
X-MS-InvokeApp
PB-PID
X-GitHub-Request-Id
X-DataStream-Cache-Status
X-GoogleNews-Bot
X-Exp-Id
X-Kinja
X-Exp-Variant
X-Kinja-Build
X-Use-Magma
X-Kinja-Server
X-Kinja-Revision
X-Cdn-Fetch
X-Cached
Public-Key-Pins
X-Powered-By-Plesk
X-Version
Content-MD5
Service-Worker-Allowed
X-Recruiting
Charset
AR-Request-ID
X-TTL
RTSS
Accept-CH-Lifetime
Ar-Sid
X-Dns-Prefetch-Control
X-D2id
X-TtlSet
X-Vname
X-Amz-Server-Side-Encryption
X-PC
X-Navigation-Version
X-Abt-Application-Version
X-Ser
X-Vcap-Request-Id
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Varnish-TTL
X-Forwarded-Proto
X-Client-IP
SPRequestGuid
X-Trace
Nginx-Cache
X-DynaTrace-JS-Agent
X-FTR-Balancer
X-FTR-Realm
X-FTR-Backend-Server
X-Country-Code-Real
X-FTR-Backend
X-FTR-DC
X-FTR-Cache-Status
X-FTR-Expires
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
DynaTrace
X-Server-ID
S
X-Amz-Rid
X-Amz-Meta-S3cmd-Attrs
X-XRDS-Location
X-Webkit-CSP
X-Fastly-Request-ID
X-Debug
X-SharePointHealthScore
X-Oracle-Dms-Rid
TCN
X-Hits
X-VCache
X-Dw-Request-Base-Id
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
Arr-Disable-Session-Affinity
Pinterest-Version
X-Upstream-Proxy
X-Pinterest-Rid
X-Akam-SW-Version
X-Shield-Request-Id
SPRequestDuration
SPIisLatency
X-B3-TraceId
X-Powered-CMS
Access-Control-Request-Method
X-T
X-FTR-Cache-Host
X-Goog-Storage-Class
X-Id
Realpath
X-Acc-Meta-Resource-Type
X-NF-Request-ID
Tracecode
X-MSEdge-Ref
X-Amzn-Trace-Id
Front-End-Https
X-Ttl
X-Aspnet-Version
X-N
Fastcgi-Cache
X-Varnish-Age
X-Content-Type
X-Forwarded-For
Paypal-Debug-Id
X-Upstream
X-Fastcgi-Cache
Alternate-Protocol
MRF-Tech
X-Mrf-Item-Lastmod
X-B3-TraceId-Primal
X-Mrf-Section-Lastmod
Mrf-Cache-Status
X-Frontend
X-Logged-In
X-PressLabs-Stats
X-Content-Digest
X-HS-Hub-Id
X-HS-Content-Id
X-RateLimit-Remaining
Response
Fusion-Content-Id
X-Middleton-Display
Display
Fusion-Component-Id
Fusion-Content-Source
X-Middleton-Response
Fusion-Template-Id
Fusion-Source
X-Sol
X-Hostname
X-Srv
X-Pad
X-Cache-Key
X-Litespeed-Cache
X-Accel-Expires
AMP-Access-Control-Allow-Source-Origin
Host
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
MicrosoftSharePointTeamServices
Server-Name
X-Kinsta-Cache
Backend-Timing
X-Analytics
X-SERVER
X-Correlation-Id
X-Debug-Info
X-Revision
X-Az
X-AppVersion
ServerID
X-Content-Options
X-Activity-Id
X-B3-Sampled
X-Rid
X-User-Agent
X-LB-Cache
X-B3-Traceid
X-Amz-Apigw-Id
Surrogate-Key
X-Amzn-RequestId
X-IPLB-Instance
Accept-Charset
FilterID
X-Cache-Hit
X-Cache-2
Refresh
X-Grace
X-B
X-CF-Powered-By
Powered-By-ChinaCache
X-Accel-Buffering
X-Page-Id
X-DIS-Request-ID
X-Request-Processing-Time
X-Request-Received
X-Whom
TP-L2-Cache
TP-Cache
MS-CV
Server-Info
Host-Header
Cache-Status
X-Cached-By
X-Varnish-Backend
X-PHP-Backend
X-TT
VIX-Pulpo-Upstream-Status
X-App-Environment
X-Content-Security-Policy-Report-Only
X-Origin-Server
X-Amz-Replication-Status
X-Cache-Action
X-Akamai-Edgescape
Source
VIX-Pulpo-Node
X-Tumblr-User
X-Mobile
X-Framework
X-Platform-Server
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-F-Cache
X-Cluster
X-Content-Powered-By
X-Kong-Upstream-Latency
X-Varnish-Grace
X-UA-Device-Type
X-Instance
X-Drupal-Cache-Tags
X-Kong-Proxy-Latency
Access-Control-Allow-Method
X-FW-Static
X-FW-Serve
X-FW-Hash
X-Ruxit-Js-Agent
X-FW-Type
X-FW-Server
X-Request-Guid
X-FB-Debug
X-Forwarded-Host
X-Shard
X-Geo-Country
X-GUploader-UploadID
X-Ezoic-Cdn
X-Node-Name
X-Cache-TTL
X-RateLimit-Limit
Edge-Cache-Tag
PageSpeed
X-Zen-Fury
X-FastCGI-Cache
X-Handled-By
X-SS-Set-Cookie
X-Magnolia-Registration
From-Origin
X-TA-CDN-Provider
X-Varnish-Hostname
Fastly-Restarts
X-Cache-Age
X-ATG-Version
Cache-Tags
X-BCube-Filmed-By
X-Cache-Control
X-AOL-HN
X-Varnish-Server
DC
Cleartype
Upgrade-Insecure-Requests
X-Cache-Rule
X-App-Server
Healthy
Server-Node
X-RequestSource
Retry-After
X-Response-Served-From
Payment
X-WebKit-CSP-Report-Only
Webserver
Country
X-Adobe-Loc
X-Adobe-Content
X-Region
X-Storage
X-Redis-Cache
X-GeoIP
X-B-Cache
X-TX-ID
X-Tumblr-Pixel-1
X-UUID
Ms-Operation-Id
X-TT-TIMESTAMP
X-Tumblr-Pixel-2
Filters
X-Signature
X-RTag
X-Generated-By
Cache-Tv-Group
X-Jobs
X-VG-WebCache
Powered
Actual-Object-TTL
X-Drupal-Cache-Contexts
X-Locale
X-Cacheable-TTL
X-FW-Dynamic
X-Content-Age
X-Varnish-Hits
NGB
X-XRDS-LOCATION
GEO-INFO
Frame-Options
ServedBy
CACHE
X-Esi
X-WA-Info
X-Contextid
Liferay-Portal
HitType
X-Oneagent-Js-Injection
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Rendered-As
X-Guploader-Uploadid
X-Cache-NE
X-Varnish-IP
X-Cache-TTL-Remaining
X-RemovedCookies
X-Via-JSL
X-ProcessESI
X-Seen-By
Eomportal-Instance
X-Time
X-Real-IP
Viewport
X-Cache-Operation
S-Cnection
X-Upgrade-Enabled
Xserver
X-Cache-Server
X-BACKEND-TTL
X-Mode
X-NWS-LOG-UUID
X-Varnish-Cache-Hits
X-RN-RSRV
Mn-Server-Ip
X-ES-SERVER
X-From
X-Detected-As
X-Cache-Enabled
X-Cache-Var
X-Cache-Var-Map
X-Hl-Ver
X-Is-Bot
X-Zipkin-Id
Machine
Cache-Hits
X-Routing-Service
Meta-Geo
X-Path-Route
X-Proxied
Cache-Key
Load-Balancing
X-S
X-Akamai-Transformed
TWC-Connection-Speed
X-Tb
TWC-Device-Class
Property-Id
TWC-GeoIP-LatLong
X-Viewer-Country
TWC-Privacy
TWC-Locale-Group
X-Origin-Hint
Mail-Subject
Access-Control-Request-Headers
X-Proto
OT-Force-Account-Verify
X-Proxy
X-LJ-Flow-ID
L5d-Success-Class
X-L-Path
X-Rocket-Nginx-Bypass
Vix-Hermes-Req-Id
TWC-GeoIP-Country
X-Environment-Context
We-Hiring
Content-Script-Type
Content-Style-Type
X-Device-Type
Datacenter
X-AWS-Id
X-Backend-Name
Webcakes-Region
X-VWS-Id
Webcakes-App-Version
Webcakes-App-Name
Azure-SiteName
Azure-Version
Azure-SlotName
X-Debug-Cache
X-EIG-Tracking-Id
X-NCache
X-MP-GENERATED-AT
Azure-InstanceId
X-Cache-Config
NGX
X-GRACE
Now
X-Hosted-By
X-Akamai-Request-ID
X-FB-TRIP-ID
X-FC-Vary-Parameters
X-Labrador-Cache-Channel
X-Access
DB-Nickname
X-Format
S-Rt
Azure-RegionName
X-R9-Blue-Green-Version
X-Tumblr-Pixel-3
X-Section
X-Web-Node
X-Time-Microsecs
X-Vgn-Hpd-Reason
X-VG-TLSProxy
X-RCS-CacheZone
X-Origin-Response-Time
X-ServerID
X-TNCMS
X-Human
Origin-Cache-Control
Origin-Edge-Control
Selected-FE
X-Via-CDN
X-BYPASS-REASON
X-CCM
X-Cache-Remote
X-Xfnlog-Site
X-Via-Fastly
X-FW-Version
X-Timing-Wait
X-Trace-Id
X-OCL
X-ProxyCache-Key
X-Proxy-Build
X-PCL
X-Loop
X-ProxyCache-Status
X-IP
X-JoinUs
X-Generated
X-Cache-Category-Id
LB
X-Site-Version
NtCoent-Length
X-Grey
X-Www-Served-By
X-Internal-Host
X-Endurance-Cache-Level
Cache-Tag
Uber-Trace-Id
X-Varnish-Cacheable
X-Birta-Cache-Post
X-Birta-Served
Decoy-Debug-Status
Decoy-Debug-TTL
X-Newrelic-App-Data
X-Status
X-VC-Cache
Decoy-Debug-Key
Served-By
X-Rule
X-UnsetCookies
X-Dynatrace-Js-Agent
X-EdgeConnect-Cache-Status
Release
X-Wix-Server-Artifact-Id
X-UA
AsisCache
X-CDN-Cache
X-Cluster-Node
X-Ua
Nel
ViewerVersion
X-Request-Time
X-Wix-Request-Id
X-App-Name
X-Nginx-Cache
X-App-Version
Rt-Fastcgi-Cache
X-PERF
X-Origin-Host
X-Varnish-Ttl
X-TIME
X-B3-Spanid
X-ApacheServer
X-Source
X-Sucuri-ID
X-OVcl-Cache
X-Hit
X-OVcl
X-Origin
X-Goog-Meta-Goog-Reserved-File-Mtime
X-NewRelic-App-Data
X-Agile
X-Agile-Id
DSUID
X-Agile-Age
X-VCT
X-APP-VERSION
Pagespeed
Cache-Name
SRV
Warning
X-Origin-CC
X-Origin-TTL
X-ElasticPress-Search
Hostname
Cache
Www
X-VG-WebServer
X-Up
X-A-Wwc
UCS
Thinkindot-CacheControl
X-ARC
Thinkindot-CacheControl-Type
X-Accel-Expires-Debug
X-A
X-A-Dcw
X-Varnish-Authentication
X-Application
X-A-Dam
X-Var-Ttl
X-A-Ccd
X-A-Dgt
X-Aed
Origin
Ec-Rule-Version
Fly-Cache
Fly-Request-Id
FNAC-ModuleRouting
Cross-Origin-Window-Policy
Cache-Prefix
X-Cache-Host
Ajk
Arc-Country
BehaviorPad-Version
Xc-Version
Lfy
Request-EU
Request-Time
Server-Cache-Control
Server-Surrogate-Control
Request-Country
Rendered-Blocks
MD5-Digest
Meta-Geo-Continent
Node
X-B-Cookie
X-Webstats-RespID
X-Secret
X-Generated-In
X-Hp-Webp
X-CF-Lambda-Version
X-Gannett-Site-Version
X-G
X-IN-APIGATEWAY
X-IN-WAF
X-Matched-Rule
X-Logtrace-Id
X-CF-Lambda-Fn
X-Instart-Isnd
X-Connection-Hash
X-F5-Cache
X-Debug-Cookies
X-Debug-Log
X-Date
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-D
X-Destination
X-External-Request-Id
X-DPWN-IS-SECURE
X-Developer
X-Core-Value
X-Mobile-URL
X-NU-AKA-ACS-Version
X-Debug-Cache-Expiry
X-Sedo-Request-Id
X-Cache-ASPX
X-Cache-Expires
X-Cache-Grace
X-Server-Group
X-ServiceProvider
X-Trv-Group
X-Transaction
X-Thinkindot-L3
X-SRCache-Key
X-ScT
X-S-Cookie
X-Cache-Miss-From
X-Processor
X-Platform
X-PAYTM-SRV-ID
X-NX-Host
X-Cache-Info
X-Pubstack
X-Rojux
X-Rewrite-Enabled
X-Region-Sid
X-Refresh
X-Twitter-Response-Tags
Thinkindot-Control
User-Agent
Cteonnt-Length
X-WPE-Loopback-Upstream-Addr
X-Cache-Backend
User-Cache-Control
Pagetype
X-Cdn-Srv
X-Cache-Id
Proxy-Connection
X-Swa-Ws
X-Policy
On-Server
Pramga
X-CGP
X-Origin-Expires
Kp-EeAlive
IsBot
X-Crawler
Memcached
X-Origin-Date
X-Cache-Debug
X-Page-Type
X-PHP-Host
RNT-Time
X-Request-URI
X-Request-UUID
X-Qloud-Router
Web-Mar-Node
X-Reboot
X-Amzn-Remapped-Date
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Amzn-Remapped-Connection
True-Client-Country-4JS
X-Sf
X-Protected-By
X-Cache-Bucket
X-NodeID
Server-Int
X-SN
X-SIPLIST1
X-Block-Status
ServerName
RNT-Machine
X-Cdn-Forward
X-LAGOON
X-Irp-Debug
CDCHOST
Cache-Cookie-Set-Lfrom
Country-Code
X-Li-Fabric
X-Epic-Correlation-Id
X-Eu-Site
X-Li-Pop
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
Apple-News-Services-Handled
X-Hash
X-Gen-Mode
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
X-Hnp-Log
Backend
Apple-News-Services-Request-Url
X-LI-Proto
X-Key
HA-Ipaddr
X-Micro-Cache
X-Device-Os
Ha-Gx-Prefs
Server-Host
X-Developers
X-Distil-CS
X-Dispatcher-Server
X-Nginx-Cache-Key
X-Distributor
X-LI-UUID
X-FireWall-Port
X-Backend-Host
X-MSEdge-Features
X-Auto-Login
X-MSEdge-Flight
X-Ah-Environment
X-Gateway-Skip-Cache
X-Geo-Header
X-GeoIP-Country-Code
X-Amzn-Remapped-Content-Length
X-Backend-State
X-Gateway-Cache-Status
X-BBXSRF
X-No-Session
X-Cms-Context
X-C
X-Fastly-Cache
X-Cache-FS-Status
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-Info
X-Core-Mission
X-Amz-Meta-Cache-Control
X-Gateway-Cache-Key
X-BB-ID
X-Planisys-CDN-TTL
X-Location
X-Bip
X-Backend-Url
X-Varnish-Beresp-Status
X-User
AKAMAI
Fastly-SWR
X-Ocache
Fastly-SSL
Fastly-Soc-X-Request-Id
X-Thanos
X-Generated-On
Fastly-SIE
X-Via-Edge
X-Via-SSL
Gh-Request-Id
Heartbleed
X-Fetched-On
HTTPS
X-Level-Front-Cache
X-Alternate-Cache-Key
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-Sorting-Hat-ShopId
X-TrackingId
SD-X-WS
X-Rebelmouse-Surrogate-Control
X-Servername
X-Server-IP
X-S-Maxage
X-Varnish-Beresp-Grace
X-GeoIP-City
X-ShardId
X-Edge-Location
X-Shopify-Stage
X-Rebelmouse-Cache-Control
X-Sorting-Hat-PodId
X-ShopId
X-Skip-Cache
X-Datadome
X-Real-Ip
X-Sucuri-Cache
Content-Disposition
X-Apm-App-Name
X-Sn-Servicetimems
X-Apm-Svc-Key
X-Apm-Inst-Hash
V-Age
X-Server-Time
X-Variation
X-TT-LOGID
Adler-Geo
X-Proxy-Cache-Status
X-Proxy-Upstream
Is-Eu
Platform
X-Cdn-Origin
X-Owner
X-Edge-IP
X-GZip
X-ND-Cache
X-Geo
Rt-Proxy-Cache
REQUESTUUID
Magicmarker
X-NC
Server-ID
X-RateLimit-Reset
X-Exp-Se
X-Varnish-Url
N-Cache
Fastly-Backend-Name
MIME-Version
X-Served-From
X-Org
X-B3-Parentspanid
X-Pjax-Url
X-Node-Id
X-Aicache-OS
VivaBuild
Viewtype
X-FPC
X-Varnish-Beresp-Ttl
X-CDN-Forward
HostName
X-Load-Cache
X-Gdpr
X-Dc
X-CSRF-TOKEN
X-Parent-Response-Time
Powered-By
Wxu-Next-Region
Wxu-Next-Hostname
Wxu-Next-Commit
X-CUA
X-Git-Hash
X-Host-Name
X-Nc
X-DC
Pragrma
CF-IPCountry
Section-Io-Cache
X-Passed-To-DLL
X-Passed-To-BeforeDispatch
X-Passed-To-PostProcessResponse
X-Actual-URL
X-Servedbyhost
X-Stale
X-Svr
Memory
Time
X-Passed-To
X-Returned-From-BeforeDispatch
X-Returned-From-DLL
X-Returned-From-PostProcessResponse
X-Returned-From
X-Server-By
X-Original-Request
X-Daa-Tunnel
X-VServer
X-Wa
PICS-Label
X-Release
X-CACHE-KEY
X-Oss-Object-Type
Host-ID
Resin-Trace
X-Oss-Storage-Class
X-Oss-Server-Time
X-Oss-Request-Id
X-Croise-Owner
X-HS-Cache-Config
X-Oss-Hash-Crc64ecma
X-Webkit-Csp
ProcessTime
Cdn-Host
X-Edge-Server
X-WebServer
Cdn-Request-Time
X-Tb-Optimization-Total-Bytes-Saved
Mime-Version
X-TH-Server
X-Phone
X-Optimization
X-Upstream-CT
Cdn
X-Cache-HT
X-Upstream-HT
X-Unique-ID
AR-SID
SID
X-Microcachable
Cf-Ipcountry
X-From-Cache
X-Lb-Id
X-Instart-Info
X-Varnish-Beresp-TTL
X-Newrelic-Synthetics
Fastcgi-Useragent
X-APP
Backend-Name
X-Worker
X-Req
X-Vcache
X-B3-SpanId
X-V
CF-Cached-On
X-Atg-Version
409pxxline
355prline
X-Server-W
Xxline
Odigeo-Trace-Id
352pxline
225prxHost
X-Backend-TTL
X-Fastly-Backend-Reqs
188prxHost
178proxuri
189phosttRef
Proxy-Firewall
219prxHost
286prxHost
XServer
X-Zone
Version
Processtime
X-Vcl-Version
X-HTML-Minification-Powered-By
X-ID
X-Check-Cacheable
X-LB-ID
X-Ratelimit-Remaining
X-Ratelimit-Limit
X-Request-Handler-Origin-Region
X-Fstrz
X-Microsite
X-WR-MODIFICATION
X-CACHE-AGE
X-CLOUD-TRACE-CONTEXT
X-Akamai-Request-ID2
X-IPS-LoggedIn
Esi-Enabled
Accept-Language
X-Nananana
X-Response-By
GMS-Ver
X-VCL-Version
X-Contensis-Viewer-Groups
X-NGINX-Cache
Pics-Label
SN
X-AssetVersion
GeoIP-Latitude
Public-Key-Pins-Report-Only
X-WA
X-UPSTREAM-Address
GeoIP-City
X-URL
GeoIP-Country-Code
X-Ratelimit-Reset
X-Vtex-Remote-Cache
WZWS-RAY
X-ServedByHost
X-Be
X-RequestId
X-CSRF-Token
X-Vtex-Processado-Em
Fastcgi-X-Cache-Version
X-Hyper-Cache
X-HS-Status
DataCenter
X-Urbn-Context-Path
Locale
X-Amz-Meta-Surrogate-Control
GW-Server
X-Reqid
X-Urbn-Site-Id
X-SERVER-NAME
Geoip-Latitude
GeoIp-Country-Code
X-Fastly-Country-Code
X-Via-NSCOPI
Amp-Access-Control-Allow-Source-Origin
X-Dynatrace
X-ZONE
X-Request-Start
X-NWS-UUID-VERIFY
X-Hello
Geoip-City
X-ABtesting
X-Flog
X-Via-Ucdn
Mobile-Detection-Method
X-Clientip
X-We-Are-Hiring
X-UE-Client-Country
Countrycode
X-GEO
X-Render-Time
WP-Super-Cache
Lb
X-Cdn-Cache
X-GDPR
X-BE
X-LiteSpeed-Cache-Control
X-CS
URI
Dnion-Transfer-Encoding
SS
Ohc-File-Size
X-Unique-Id
X-Generation-Time
X-Fpc
X-PJAX-URL
IBM-Web2-Location
CDN
X-SRV
X-FORWARDED-FOR
FastCGI-Cache
Dynatrace
X-HostName
X-GZIP
Cneonction
X-HS-Combine-CSS
X-PF-Uncompressing
RequestUuid
X-Cluster-Name
X-Bug-Bounty
Serverid
FSS-Proxy
FSS-Cache
Requestid
X-Pf-Uncompressing
X-Gen-Id
X-Cache-Ttl
A
X-Html-Edge-Cache
X-Fastly-Cache-Hits
X-Cache-URL
Server-Id
X-LiteSpeed-Tag
X-Request-Url
Accept-Ch
X-Store
X-Test
X-NGENIX-Cache
X-Akamai-SSL-Client-Sid
RequestId
X-Dw-Trace-Id
X-Compress-Hint
NnCoection
Get-Access-Time
X-Serial
X-HTML-Edge-Cache
Frontcache
Ohc-Response-Time
Ohc-Cache-HIT
X-ServerName
X-Cdn-Request-ID
Is-Session-Tracking
X-EC-Lua