Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
X-Powered-By
Link
ETag
CF-RAY
X-XSS-Protection
Expect-CT
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
CF-Cache-Status
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-Xss-Protection
X-FRAME-OPTIONS
X-Drupal-Cache
X-Adblock-Key
Alt-Svc
X-Check
X-Cacheable
X-Cache-Status
Content-Security-Policy-Report-Only
X-Generator
X-DNS-Prefetch-Control
X-Request-ID
CF-Ray
X-Permitted-Cross-Domain-Policies
X-AspNetMvc-Version
X-Template
X-Language
Status
X-Iinfo
Content-Encoding
Timing-Allow-Origin
X-Content-Security-Policy
X-Buckets
Upgrade
Xkey
X-Turbo-Charged-By
X-Kinja-Server-Push
X-CDN
Keep-Alive
Access-Control-Expose-Headers
X-Backend
Access-Control-Max-Age
X-Cache-Group
X-Pass-Why
X-Server
X-AH-Environment
X-Drupal-Dynamic-Cache
X-Age
X-Ua-Compatible
X-Via
X-Pingback
X-Proxy-Cache
X-Amz-Request-Id
X-Amz-Id-2
Grace
X-Hacker
X-Varnish-Cache
WPE-Backend
X-Page-Speed
X-Robots-Tag
X-Server-Powered-By
X-Nginx-Cache-Status
X-UA-Device
EagleId
Request-Context
X-Envoy-Upstream-Service-Time
Cf-Railgun
P3p
X-Amz-Version-Id
X-LiteSpeed-Cache
X-Swift-SaveTime
X-Swift-CacheTime
X-OneAgent-JS-Injection
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
Ali-Swift-Global-Savetime
X-Device
X-WebKit-CSP
Server-Timing
X-Ac
X-Rq
Allow
X-Node
X-Server-Id
X-Host
Content-Location
Feature-Policy
X-Cnection
X-Response-Time
Report-To
X-Cloud-Trace-Context
X-Backend-Server
EagleEye-TraceId
X-Application-Context
Surrogate-Control
X-CST
X-ORACLE-DMS-ECID
Request-Id
X-Iejgwucgyu
X-Url
X-Origin-Cache
X-Readtime
X-Rack-Cache
X-FTR-Request-ID
X-Country
X-Cache-Lookup
X-Cdn
X-Clacks-Overhead
X-Country-Code
NEL
Rating
X-Instart-Request-ID
X-Ruxit-JS-Agent
X-DataDome
X-Vhost
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-DynaTrace
Pinterest-Generated-By
X-Mod-Pagespeed
X-Origin-Upstream-Status
Edge-Control
X-Goog-Hash
X-Px
X-HW
X-Type
Accept-CH
X-Dispatcher
Verso
X-ORACLE-DMS-RID
X-Server-Name
MS-Author-Via
X-VARITI-CCR
X-ESI
AR-CACHE
AR-ATIME
AR-PoweredBy
PB-PID
X-Mobile-Rewrite
Arc-Version
PB-RID
X-GitHub-Request-Id
X-MS-InvokeApp
X-DataStream-Cache-Status
X-Kinja-Build
X-Kinja
X-Kinja-Revision
X-Kinja-Server
X-Exp-Id
X-GoogleNews-Bot
X-Use-Magma
X-Cdn-Fetch
X-Exp-Variant
Public-Key-Pins
X-Cached
X-Powered-By-Plesk
Content-MD5
X-Version
Service-Worker-Allowed
X-Upstream-Env
Accept-CH-Lifetime
AR-Request-ID
X-Recruiting
X-TTL
X-Amz-Server-Side-Encryption
X-D2id
RTSS
X-Navigation-Version
Charset
X-Abt-Application-Version
X-TtlSet
X-PC
X-Vname
X-Ser
X-Vcap-Request-Id
X-Varnish-TTL
Ar-Sid
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Forwarded-Proto
X-Client-IP
Nginx-Cache
X-Trace
SPRequestGuid
X-DynaTrace-JS-Agent
X-FTR-Realm
X-FTR-DC
X-FTR-Backend
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-Cache-Status
X-Country-Code-Real
X-FTR-Expires
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-Goog-Generation
DynaTrace
X-VCache
X-Webkit-CSP
X-Amz-Rid
X-Fastly-Request-ID
X-Server-ID
X-XRDS-Location
X-Amz-Meta-S3cmd-Attrs
S
X-Hits
X-Debug
TCN
X-Upstream-Proxy
X-Pinterest-Rid
Pinterest-Version
X-SharePointHealthScore
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Akam-SW-Version
X-Dw-Request-Base-Id
X-Shield-Request-Id
X-Powered-CMS
Arr-Disable-Session-Affinity
SPRequestDuration
SPIisLatency
X-FTR-Cache-Host
X-T
Access-Control-Request-Method
X-Goog-Storage-Class
X-Oracle-Dms-Rid
X-Id
Realpath
X-Acc-Meta-Resource-Type
X-MSEdge-Ref
Tracecode
X-NF-Request-ID
X-Amzn-Trace-Id
X-Ttl
X-Aspnet-Version
Front-End-Https
Fastcgi-Cache
X-Varnish-Age
X-N
X-Content-Type
X-B3-TraceId
X-Upstream
X-Forwarded-For
X-Fastcgi-Cache
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
Mrf-Cache-Status
X-B3-TraceId-Primal
MRF-Tech
Paypal-Debug-Id
Alternate-Protocol
X-Frontend
X-PressLabs-Stats
X-Content-Digest
X-Logged-In
Display
Response
X-Sol
X-HS-Content-Id
X-HS-Hub-Id
X-B3-Traceid
X-Middleton-Response
X-Middleton-Display
X-Pad
Fusion-Content-Id
Fusion-Component-Id
Fusion-Content-Source
Fusion-Source
Fusion-Template-Id
X-Hostname
X-Srv
AMP-Access-Control-Allow-Source-Origin
X-RateLimit-Remaining
X-Litespeed-Cache
X-DataStream-Origin-MEX-Latency
X-Cache-Key
X-DataStream-MidMile-RTT
X-Accel-Expires
Host
ServerID
X-Grace
MicrosoftSharePointTeamServices
X-Analytics
Backend-Timing
X-Correlation-Id
Server-Name
X-Kinsta-Cache
X-B3-Sampled
Surrogate-Key
X-IPLB-Instance
X-Debug-Info
X-AppVersion
X-LB-Cache
X-User-Agent
X-Revision
X-Az
X-Activity-Id
X-Rid
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Cache-Hit
X-Content-Options
FilterID
Accept-Charset
X-Cache-2
Refresh
Powered-By-ChinaCache
X-CF-Powered-By
X-Request-Received
X-B
X-Request-Processing-Time
TP-Cache
TP-L2-Cache
MS-CV
X-Page-Id
X-Whom
X-GUploader-UploadID
PageSpeed
Host-Header
Server-Info
X-Cached-By
X-DIS-Request-ID
Cache-Status
X-PHP-Backend
VIX-Pulpo-Upstream-Status
X-Varnish-Backend
X-Origin-Server
VIX-Pulpo-Node
X-TT
Source
X-Cache-Action
X-App-Environment
X-Akamai-Edgescape
X-Content-Security-Policy-Report-Only
X-Amz-Replication-Status
X-F-Cache
X-Cluster
X-Tumblr-User
X-Mobile
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Platform-Server
X-FW-Static
X-Framework
X-FW-Server
X-FW-Type
X-Varnish-Grace
X-FW-Serve
Access-Control-Allow-Method
X-FW-Hash
X-Content-Powered-By
X-Drupal-Cache-Tags
X-Ezoic-Cdn
X-FB-Debug
X-Instance
X-Forwarded-Host
X-Node-Name
X-Request-Guid
X-Accel-Buffering
X-Ruxit-Js-Agent
X-Kong-Upstream-Latency
X-UA-Device-Type
X-Kong-Proxy-Latency
X-Geo-Country
Edge-Cache-Tag
X-Shard
Fastly-Restarts
X-RateLimit-Limit
X-Zen-Fury
X-Handled-By
X-Varnish-Hostname
X-TA-CDN-Provider
X-FastCGI-Cache
From-Origin
Cache-Tags
X-Magnolia-Registration
X-Cache-TTL
X-SS-Set-Cookie
X-AOL-HN
X-Cache-Age
X-BCube-Filmed-By
X-ATG-Version
X-Cache-Control
X-Cache-Rule
Healthy
Upgrade-Insecure-Requests
X-Varnish-Server
Retry-After
Payment
Cleartype
Server-Node
DC
X-App-Server
X-Response-Served-From
X-RequestSource
Powered
X-Storage
Country
X-WebKit-CSP-Report-Only
X-Adobe-Loc
X-Adobe-Content
X-B-Cache
X-Signature
X-TX-ID
X-Tumblr-Pixel-2
X-VG-WebCache
X-FW-Dynamic
X-Tumblr-Pixel-1
X-Redis-Cache
X-TT-TIMESTAMP
Filters
X-RTag
X-GeoIP
X-UUID
Actual-Object-TTL
Ms-Operation-Id
X-Region
X-Jobs
X-Drupal-Cache-Contexts
X-Content-Age
X-Varnish-Hits
X-Cacheable-TTL
Cache-Tv-Group
X-Generated-By
X-Locale
X-Dns-Prefetch-Control
Frame-Options
X-XRDS-LOCATION
X-WA-Info
GEO-INFO
ServedBy
NGB
X-Esi
Webserver
X-Contextid
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Cache-NE
CACHE
X-Oneagent-Js-Injection
Liferay-Portal
HitType
X-Rendered-As
X-ProcessESI
X-RemovedCookies
X-Real-IP
X-NWS-LOG-UUID
Eomportal-Instance
X-Cache-Operation
X-Varnish-IP
X-Cache-TTL-Remaining
X-Time
X-Via-JSL
X-BACKEND-TTL
X-Upgrade-Enabled
X-Guploader-Uploadid
Xserver
Viewport
X-Mode
S-Cnection
X-Seen-By
X-Varnish-Cache-Hits
X-Routing-Service
X-Device-Type
X-Path-Route
X-Proto
X-Proxied
X-Is-Bot
X-Hl-Ver
X-Akamai-Transformed
LB
X-ES-SERVER
X-From
OT-Force-Account-Verify
Cache-Hits
X-Cache-Var
X-Cache-Enabled
Mn-Server-Ip
Meta-Geo
X-Zipkin-Id
X-Cache-Var-Map
Cache-Key
X-Detected-As
X-RN-RSRV
Machine
Load-Balancing
X-Cache-Remote
X-S
X-Cache-Server
Webcakes-App-Version
We-Hiring
Webcakes-Region
Webcakes-App-Name
X-AWS-Id
X-FC-Vary-Parameters
X-FB-TRIP-ID
X-Cache-Config
X-Backend-Name
NtCoent-Length
TWC-Privacy
NGX
Property-Id
Mail-Subject
L5d-Success-Class
Access-Control-Request-Headers
TWC-Connection-Speed
TWC-Device-Class
X-FW-Version
TWC-Locale-Group
TWC-GeoIP-LatLong
TWC-GeoIP-Country
Vix-Hermes-Req-Id
X-Environment-Context
X-R9-Blue-Green-Version
X-Proxy
X-Origin-Hint
X-Tb
X-Time-Microsecs
X-VWS-Id
X-Viewer-Country
X-VG-TLSProxy
X-NCache
X-Rocket-Nginx-Bypass
X-L-Path
X-LJ-Flow-ID
X-Hosted-By
Now
Origin-Cache-Control
Origin-Edge-Control
X-Tumblr-Pixel-3
Azure-SiteName
Azure-SlotName
Azure-Version
DB-Nickname
S-Rt
X-Web-Node
X-TNCMS
X-Labrador-Cache-Channel
X-Loop
X-Akamai-Request-ID
X-MP-GENERATED-AT
X-RCS-CacheZone
X-Format
X-EIG-Tracking-Id
X-Debug-Cache
X-ServerID
X-Section
X-Access
X-Origin-Response-Time
Azure-RegionName
Azure-InstanceId
X-JoinUs
X-PCL
X-OCL
X-Human
X-BYPASS-REASON
X-CCM
X-Proxy-Build
X-IP
X-ProxyCache-Status
X-Via-CDN
X-Via-Fastly
X-Xfnlog-Site
X-Vgn-Hpd-Reason
X-Trace-Id
Selected-FE
X-Timing-Wait
X-ProxyCache-Key
Datacenter
Cache-Tag
X-Internal-Host
X-Cache-Category-Id
X-Generated
X-Www-Served-By
Uber-Trace-Id
X-Grey
Content-Script-Type
Content-Style-Type
X-UnsetCookies
X-Endurance-Cache-Level
X-Site-Version
X-VC-Cache
X-Varnish-Cacheable
Served-By
X-Rule
Release
Decoy-Debug-Key
X-Dynatrace-Js-Agent
Decoy-Debug-TTL
Decoy-Debug-Status
X-Status
X-EdgeConnect-Cache-Status
X-Birta-Cache-Post
X-Birta-Served
X-Newrelic-App-Data
X-UA
X-APP-VERSION
X-CDN-Cache
X-Ua
X-Request-Time
Nel
DSUID
X-OVcl
X-Cluster-Node
X-OVcl-Cache
X-B3-Spanid
X-GRACE
AsisCache
X-Nginx-Cache
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Origin
X-TIME
Rt-Fastcgi-Cache
X-VCT
X-App-Name
X-Hit
Cache
X-ApacheServer
X-PERF
SRV
X-Source
X-Agile-Age
X-Agile
X-Agile-Id
X-Sucuri-ID
X-NewRelic-App-Data
X-Pubstack
X-Origin-Host
Cteonnt-Length
X-Cache-Host
Cache-Name
X-Wix-Request-Id
X-Origin-CC
X-Origin-TTL
X-ElasticPress-Search
ViewerVersion
Hostname
X-Accel-Expires-Debug
X-S-Cookie
X-Aed
X-DPWN-IS-SECURE
X-Rojux
X-ScT
X-Request-UUID
X-Destination
X-Debug-Log
X-Developer
X-App-Version
X-A-Wwc
X-Rewrite-Enabled
X-External-Request-Id
X-A-Dam
X-Generated-In
X-A-Ccd
Cross-Origin-Window-Policy
X-Server-Group
X-A-Dcw
X-Gannett-Site-Version
FNAC-ModuleRouting
X-F5-Cache
X-A-Dgt
X-G
X-Secret
X-Debug-Cookies
X-Cache-Miss-From
X-Cache-Info
X-Application
BehaviorPad-Version
X-CF-Lambda-Fn
Cache-Prefix
X-ARC
Ec-Rule-Version
X-Cache-ASPX
X-B-Cookie
X-Cache-Expires
X-Cache-Grace
Arc-Country
X-CF-Lambda-Version
X-Debug-Cache-Fetch
Fly-Cache
X-Region-Sid
X-Debug-Cache-Store
X-Hp-Webp
X-Debug-Cache-Expiry
X-Refresh
X-Core-Value
X-Connection-Hash
Ajk
X-D
X-Date
Fly-Request-Id
X-Sedo-Request-Id
Server-Surrogate-Control
X-Webstats-RespID
X-VG-WebServer
X-Varnish-Authentication
X-Thinkindot-L3
Thinkindot-CacheControl
Xc-Version
X-Mobile-URL
Origin
X-IN-APIGATEWAY
X-SRCache-Key
X-WPE-Loopback-Upstream-Addr
X-Transaction
X-Var-Ttl
X-Platform
Request-EU
X-Twitter-Response-Tags
X-Logtrace-Id
Request-Time
X-Up
X-Matched-Rule
Server-Cache-Control
Server-Host
X-Trv-Group
Rendered-Blocks
Request-Country
X-NodeID
Thinkindot-CacheControl-Type
X-NX-Host
Memcached
Meta-Geo-Continent
X-PAYTM-SRV-ID
UCS
MD5-Digest
X-Reboot
X-A
X-IN-WAF
X-Instart-Isnd
Www
Lfy
X-Processor
X-ServiceProvider
Node
Thinkindot-Control
On-Server
X-NU-AKA-ACS-Version
X-SERVER
User-Cache-Control
AR-SID
X-Wix-Server-Artifact-Id
X-Block-Status
X-Sn-Servicetimems
X-Apm-App-Name
X-Amzn-Remapped-Date
RNT-Time
Server-Int
X-Amzn-Remapped-Connection
X-Apm-Inst-Hash
X-Apm-Svc-Key
V-Age
X-Amzn-Remapped-Content-Length
ServerName
True-Client-Country-4JS
X-Developers
X-LAGOON
X-Li-Fabric
X-RateLimit-Remaining-Second
X-Nginx-Cache-Key
X-SIPLIST1
X-Sf
X-Servername
X-Server-Time
X-Cdn-Origin
X-Qloud-Router
X-SN
X-Swa-Ws
X-Location
RNT-Machine
X-PHP-Host
X-Rebelmouse-Surrogate-Control
X-Policy
X-LI-UUID
X-Li-Pop
X-LI-Proto
X-Rebelmouse-Cache-Control
X-Micro-Cache
X-RateLimit-Limit-Second
X-Key
X-Page-Type
X-Origin-Expires
X-Request-URI
X-Origin-Date
X-Crawler
X-CGP
X-Cache-Bucket
X-Cache-Debug
X-Cache-Id
X-Cdn-Srv
X-Device-Os
X-Dispatcher-Server
X-Hash
X-Hnp-Log
X-Info
X-Irp-Debug
X-Gen-Mode
X-Fetched-On
X-Distil-CS
X-Distributor
X-Epic-Correlation-Id
X-Eu-Site
X-Cache-Backend
Web-Mar-Node
X-Ah-Environment
Country-Code
CDCHOST
Fastly-SWR
Gh-Request-Id
HA-Ipaddr
Ha-Gx-Prefs
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
Apple-News-Services-Host
Apple-News-Services-Handled
X-Geo
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Cache-Cookie-Set-From
Backend
IsBot
Fastly-SIE
Pagetype
Pramga
Proxy-Connection
X-Varnish-Ttl
X-FireWall-Port
Platform
X-ShopId
X-Shopify-Stage
X-Fastly-Cache
X-Skip-Cache
X-ND-Cache
X-Cache-FS-Status
X-C
X-ShardId
Content-Disposition
X-Level-Front-Cache
X-Sorting-Hat-PodId
X-Server-IP
X-Gateway-Cache-Key
Adler-Geo
X-GeoIP-City
X-Thanos
X-Geo-Header
X-Gateway-Skip-Cache
X-Generated-On
X-GeoIP-Country-Code
AKAMAI
X-Cms-Context
Rt-Proxy-Cache
SD-X-WS
X-Core-Mission
X-Sorting-Hat-ShopId
X-Gateway-Cache-Status
X-Bip
X-Amz-Meta-Cache-Control
X-Alternate-Cache-Key
X-Wikidot-Static-Cache
X-Via-Edge
X-Protected-By
X-Variation
X-Planisys-CDN-Cache
X-Planisys-CDN-TTL
X-Wikidot-Backend
Warning
X-S-Maxage
X-Planisys-CDN-Rules
Is-Eu
X-User
X-Backend-State
X-Backend-Host
X-Backend-Url
X-BBXSRF
X-Via-SSL
X-No-Session
X-MSEdge-Features
X-MSEdge-Flight
Fastly-SSL
Fastly-Soc-X-Request-Id
X-Auto-Login
X-Exp-Se
Pagespeed
X-Org
REQUESTUUID
X-Owner
MIME-Version
X-Served-From
Heartbleed
Kp-EeAlive
X-NC
X-Git-Hash
X-GZip
X-B3-Parentspanid
X-Varnish-Beresp-Status
X-RateLimit-Reset
X-BB-ID
X-Cdn-Forward
Server-ID
X-Varnish-Beresp-Grace
X-Ocache
HTTPS
X-Host-Name
X-Real-Ip
X-Edge-Location
X-Proxy-Upstream
X-TrackingId
X-Proxy-Cache-Status
X-FPC
X-TT-LOGID
X-Sucuri-Cache
X-CDN-Forward
User-Agent
X-Daa-Tunnel
X-Varnish-Url
VivaBuild
Magicmarker
Wxu-Next-Commit
X-Edge-IP
Wxu-Next-Hostname
Fastly-Backend-Name
X-Gdpr
X-Aicache-OS
Viewtype
Wxu-Next-Region
N-Cache
HostName
X-Load-Cache
X-DC
CF-IPCountry
X-Pjax-Url
X-CSRF-TOKEN
X-Node-Id
Time
Memory
X-Parent-Response-Time
X-Release
X-Varnish-Beresp-Ttl
X-Dc
X-HS-Cache-Config
X-Wa
Powered-By
X-Servedbyhost
X-CUA
X-TH-Server
Resin-Trace
X-WebServer
X-Upstream-HT
X-Upstream-CT
X-Nc
PICS-Label
X-Oss-Storage-Class
X-CACHE-KEY
Pragrma
X-Oss-Server-Time
X-Oss-Object-Type
X-Oss-Request-Id
X-Phone
X-Oss-Hash-Crc64ecma
X-Returned-From
Host-ID
X-Actual-URL
X-Returned-From-DLL
X-Instart-Info
X-Server-By
X-Stale
X-Returned-From-PostProcessResponse
X-Returned-From-BeforeDispatch
X-Svr
X-Passed-To-BeforeDispatch
X-Passed-To
X-Passed-To-DLL
X-Passed-To-PostProcessResponse
X-Original-Request
Section-Io-Cache
X-Varnish-Beresp-TTL
X-Croise-Owner
ProcessTime
X-Tb-Optimization-Total-Bytes-Saved
X-VServer
X-Request-Handler-Origin-Region
X-Microsite
Backend-Name
X-Newrelic-Synthetics
Mime-Version
X-Edge-Server
X-Worker
Cdn-Host
X-From-Cache
Cdn-Request-Time
Version
X-Optimization
X-Cache-HT
219prxHost
Xxline
X-Lb-Id
225prxHost
409pxxline
188prxHost
189phosttRef
178proxuri
Cdn
X-Server-W
355prline
286prxHost
352pxline
CF-Cached-On
Cf-Ipcountry
X-APP
SID
X-Akamai-Request-ID2
X-Unique-ID
X-Atg-Version
X-Fastly-Backend-Reqs
Accept-Language
XServer
X-Req
X-LB-ID
X-Datadome
X-Zone
X-SERVER-NAME
X-Microcachable
X-B3-SpanId
X-VCL-Version
Esi-Enabled
Proxy-Firewall
X-ID
Processtime
X-Ratelimit-Remaining
X-AssetVersion
X-Backend-TTL
X-Contensis-Viewer-Groups
Odigeo-Trace-Id
GeoIP-Country-Code
X-Ratelimit-Limit
GeoIP-City
X-V
X-Vcl-Version
GeoIP-Latitude
Fastcgi-Useragent
X-CLOUD-TRACE-CONTEXT
X-CACHE-AGE
X-HTML-Minification-Powered-By
SN
X-IPS-LoggedIn
Pics-Label
X-Vtex-Processado-Em
X-Fstrz
X-RequestId
X-NGINX-Cache
X-HS-Status
X-Vtex-Remote-Cache
X-Vcache
X-UPSTREAM-Address
X-Check-Cacheable
X-WR-MODIFICATION
X-Response-By
X-Ratelimit-Reset
X-Via-NSCOPI
X-WA
X-Urbn-Site-Id
X-Nananana
Locale
X-Reqid
X-Urbn-Context-Path
X-URL
GMS-Ver
X-ServedByHost
X-NWS-UUID-VERIFY
X-CSRF-Token
X-ZONE
X-Be
X-Hello
X-ABtesting
X-Flog
WebServer
X-Cache-Ttl
DataCenter
CDN
IBM-Web2-Location
Dnion-Transfer-Encoding
Geoip-Latitude
GeoIp-Country-Code
X-Hyper-Cache
X-Dynatrace
Fastcgi-X-Cache-Version
Requestid
Public-Key-Pins-Report-Only
Geoip-City
X-Generation-Time
X-Via-Ucdn
X-NGENIX-Cache
X-Fastly-Country-Code
X-Request-Start
X-Render-Time
X-Cdn-Cache
WP-Super-Cache
X-Cluster-Name
X-Amz-Meta-Surrogate-Control
GW-Server
WZWS-RAY
X-GDPR
X-LiteSpeed-Cache-Control
X-PJAX-URL
X-CS
X-Unique-Id
X-Cache-URL
X-Compress-Hint
Countrycode
X-We-Are-Hiring
X-Clientip
Lb
URI
Mobile-Detection-Method
X-HS-Combine-CSS
X-UE-Client-Country
X-FORWARDED-FOR
Dynatrace
X-SRV
FastCGI-Cache
Amp-Access-Control-Allow-Source-Origin
X-HostName
Ohc-File-Size
X-Fpc
X-Gen-Id
X-GEO
SS
Cneonction
GEO-REGION-INFO
X-BE
X-Pf-Uncompressing
Serverid
X-Varnish-Action
X-Got-Non-Ke-Cookie
Who
Server-Id
A
Epwk-Cache
X-Test
X-Store
X-LiteSpeed-Tag
X-Bug-Bounty
Https
X-Akamai-SSL-Client-Sid
X-Dw-Trace-Id
X-Serial
X-Request-Url
RequestUuid
X-HTML-Edge-Cache
FSS-Cache
FSS-Proxy
X-Cdn-Request-ID
NnCoection
X-ServerName
X-GZIP
X-Fastly-Cache-Hits
X-Html-Edge-Cache
X-EC-Lua
Frontcache
X-PF-Uncompressing