Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
X-Powered-By
Link
ETag
CF-RAY
X-XSS-Protection
Expect-CT
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
CF-Cache-Status
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-Xss-Protection
X-FRAME-OPTIONS
X-Drupal-Cache
X-Adblock-Key
Alt-Svc
X-Check
X-Cacheable
X-Cache-Status
Content-Security-Policy-Report-Only
X-Generator
X-DNS-Prefetch-Control
X-Request-ID
CF-Ray
X-Permitted-Cross-Domain-Policies
X-AspNetMvc-Version
X-Template
X-Language
Status
X-Iinfo
Content-Encoding
Timing-Allow-Origin
X-Content-Security-Policy
X-Buckets
Upgrade
Xkey
X-Turbo-Charged-By
X-Kinja-Server-Push
X-CDN
Keep-Alive
Access-Control-Expose-Headers
X-Backend
Access-Control-Max-Age
X-Cache-Group
X-Pass-Why
X-AH-Environment
X-Drupal-Dynamic-Cache
X-Age
X-Server
X-Ua-Compatible
X-Pingback
X-Via
X-Proxy-Cache
X-Amz-Id-2
X-Amz-Request-Id
Grace
X-Hacker
X-Varnish-Cache
WPE-Backend
X-Page-Speed
X-Robots-Tag
X-Server-Powered-By
X-Nginx-Cache-Status
X-UA-Device
EagleId
Request-Context
X-Envoy-Upstream-Service-Time
Cf-Railgun
P3p
X-Amz-Version-Id
X-LiteSpeed-Cache
X-Swift-SaveTime
X-Swift-CacheTime
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-OneAgent-JS-Injection
Ali-Swift-Global-Savetime
X-Device
Server-Timing
X-WebKit-CSP
Allow
X-Ac
X-Rq
X-Node
X-Host
Content-Location
X-Server-Id
Feature-Policy
X-Cnection
X-Response-Time
Report-To
X-Cloud-Trace-Context
X-CST
X-Backend-Server
EagleEye-TraceId
X-Application-Context
Surrogate-Control
X-ORACLE-DMS-ECID
X-Iejgwucgyu
Request-Id
X-Url
X-Origin-Cache
X-Readtime
X-Rack-Cache
X-FTR-Request-ID
X-Country
X-Cache-Lookup
X-Cdn
X-Clacks-Overhead
X-Country-Code
Rating
NEL
X-Instart-Request-ID
X-Ruxit-JS-Agent
Pinterest-Generated-By
X-Vhost
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-DynaTrace
X-DataDome
X-Type
X-Mod-Pagespeed
X-Origin-Upstream-Status
Edge-Control
X-Px
X-Goog-Hash
X-HW
Accept-CH
X-Dispatcher
Verso
X-Server-Name
X-ORACLE-DMS-RID
MS-Author-Via
X-ESI
X-VARITI-CCR
AR-CACHE
AR-PoweredBy
AR-ATIME
PB-RID
PB-PID
X-Mobile-Rewrite
Arc-Version
X-MS-InvokeApp
X-GitHub-Request-Id
X-Exp-Variant
X-Cdn-Fetch
X-GoogleNews-Bot
X-Exp-Id
X-Kinja-Build
X-Kinja-Server
X-Use-Magma
X-Kinja
X-Kinja-Revision
X-Upstream-Env
X-DataStream-Cache-Status
X-Cached
Public-Key-Pins
X-Powered-By-Plesk
Content-MD5
X-Version
Service-Worker-Allowed
Accept-CH-Lifetime
AR-Request-ID
X-Recruiting
X-D2id
RTSS
X-TTL
Charset
X-Navigation-Version
X-Amz-Server-Side-Encryption
X-Abt-Application-Version
X-TtlSet
X-Vname
X-PC
Ar-Sid
X-Ser
X-Vcap-Request-Id
X-Webkit-CSP
X-Varnish-TTL
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Server-ID
X-Forwarded-Proto
X-Client-IP
X-Trace
Nginx-Cache
SPRequestGuid
X-DynaTrace-JS-Agent
X-FTR-Cache-Status
X-FTR-DC
X-FTR-Balancer
X-FTR-Backend
X-Country-Code-Real
X-FTR-Backend-Server
X-FTR-Realm
X-FTR-Expires
DynaTrace
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Amz-Rid
X-VCache
X-Amz-Meta-S3cmd-Attrs
X-XRDS-Location
S
X-Fastly-Request-ID
X-Debug
X-SharePointHealthScore
X-Hits
TCN
X-Upstream-Proxy
X-Pinterest-Rid
Pinterest-Version
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Dw-Request-Base-Id
X-Akam-SW-Version
X-Shield-Request-Id
Arr-Disable-Session-Affinity
X-Powered-CMS
SPRequestDuration
SPIisLatency
X-FTR-Cache-Host
X-T
Access-Control-Request-Method
X-Goog-Storage-Class
X-Id
X-Oracle-Dms-Rid
Realpath
X-Acc-Meta-Resource-Type
X-MSEdge-Ref
X-B3-TraceId
X-NF-Request-ID
Tracecode
X-Amzn-Trace-Id
X-Ttl
Front-End-Https
X-Aspnet-Version
X-N
Fastcgi-Cache
X-Varnish-Age
X-Content-Type
X-Forwarded-For
X-Upstream
Paypal-Debug-Id
X-Fastcgi-Cache
MRF-Tech
X-Mrf-Item-Lastmod
Mrf-Cache-Status
X-B3-TraceId-Primal
X-Mrf-Section-Lastmod
Alternate-Protocol
X-Frontend
X-Content-Digest
X-PressLabs-Stats
X-Logged-In
X-HS-Content-Id
X-HS-Hub-Id
X-Middleton-Response
Response
X-Middleton-Display
X-Sol
Fusion-Template-Id
Display
Fusion-Source
Fusion-Content-Id
Fusion-Component-Id
Fusion-Content-Source
X-RateLimit-Remaining
X-Pad
X-Hostname
X-Srv
AMP-Access-Control-Allow-Source-Origin
X-Cache-Key
X-Litespeed-Cache
X-Accel-Expires
X-B3-Traceid
Host
MicrosoftSharePointTeamServices
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
ServerID
Server-Name
X-Analytics
X-Correlation-Id
Backend-Timing
X-Kinsta-Cache
X-B3-Sampled
X-Activity-Id
X-Az
X-AppVersion
X-Revision
X-Debug-Info
X-User-Agent
X-LB-Cache
X-Rid
X-Amz-Apigw-Id
X-IPLB-Instance
X-Content-Options
X-Amzn-RequestId
Surrogate-Key
X-Cache-Hit
Accept-Charset
FilterID
X-Cache-2
X-Grace
Refresh
Powered-By-ChinaCache
X-CF-Powered-By
X-B
X-Request-Received
X-Request-Processing-Time
TP-L2-Cache
TP-Cache
X-Page-Id
X-Whom
MS-CV
X-DIS-Request-ID
X-Accel-Buffering
Server-Info
X-Cached-By
Host-Header
Cache-Status
X-GUploader-UploadID
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Akamai-Edgescape
Source
X-PHP-Backend
X-Amz-Replication-Status
X-Varnish-Backend
X-TT
PageSpeed
X-Content-Security-Policy-Report-Only
X-Cache-Action
X-App-Environment
X-Origin-Server
X-Tumblr-Pixel-0
X-Mobile
X-Tumblr-User
X-Tumblr-Pixel
X-Cluster
X-Platform-Server
X-F-Cache
X-Framework
Access-Control-Allow-Method
X-Content-Powered-By
X-Varnish-Grace
X-Drupal-Cache-Tags
X-FW-Static
X-FB-Debug
X-FW-Hash
X-FW-Type
X-Request-Guid
X-FW-Server
X-FW-Serve
X-Instance
X-Kong-Upstream-Latency
X-UA-Device-Type
X-Ruxit-Js-Agent
X-Kong-Proxy-Latency
X-Forwarded-Host
X-Ezoic-Cdn
X-Node-Name
Edge-Cache-Tag
X-Geo-Country
X-Shard
X-Zen-Fury
X-RateLimit-Limit
X-Handled-By
X-Cache-TTL
Fastly-Restarts
X-FastCGI-Cache
From-Origin
X-TA-CDN-Provider
X-Varnish-Hostname
X-SS-Set-Cookie
X-Magnolia-Registration
Cache-Tags
X-Cache-Age
X-ATG-Version
X-AOL-HN
X-BCube-Filmed-By
X-Cache-Control
X-Cache-Rule
Healthy
Upgrade-Insecure-Requests
X-Varnish-Server
Cleartype
DC
X-App-Server
Server-Node
Retry-After
Payment
X-SERVER
X-RequestSource
X-Response-Served-From
X-Adobe-Content
X-Adobe-Loc
X-B-Cache
X-WebKit-CSP-Report-Only
X-TX-ID
X-Signature
Country
X-Storage
Filters
X-Tumblr-Pixel-2
Ms-Operation-Id
X-TT-TIMESTAMP
X-VG-WebCache
X-Region
Powered
X-Redis-Cache
X-RTag
X-Tumblr-Pixel-1
X-GeoIP
Actual-Object-TTL
X-UUID
Cache-Tv-Group
X-Jobs
X-FW-Dynamic
X-Drupal-Cache-Contexts
X-Generated-By
X-Content-Age
X-Varnish-Hits
X-Cacheable-TTL
X-Dns-Prefetch-Control
X-Locale
Frame-Options
X-XRDS-LOCATION
Webserver
NGB
GEO-INFO
CACHE
X-WA-Info
ServedBy
X-Esi
X-Contextid
Liferay-Portal
X-Yottaa-Metrics
HitType
X-Yottaa-Optimizations
X-Oneagent-Js-Injection
X-Cache-NE
X-Rendered-As
X-Real-IP
X-ProcessESI
X-RemovedCookies
X-Cache-TTL-Remaining
X-Varnish-IP
Eomportal-Instance
X-Via-JSL
X-Time
X-Cache-Operation
X-Upgrade-Enabled
X-NWS-LOG-UUID
X-Seen-By
S-Cnection
X-Mode
X-Guploader-Uploadid
Viewport
Xserver
X-BACKEND-TTL
X-Varnish-Cache-Hits
X-Is-Bot
Mn-Server-Ip
X-Cache-Enabled
X-Cache-Var
X-Cache-Var-Map
Machine
Load-Balancing
OT-Force-Account-Verify
Cache-Hits
Cache-Key
X-Detected-As
X-Device-Type
X-Proxied
X-RN-RSRV
X-Routing-Service
X-Proto
X-Path-Route
X-ES-SERVER
X-From
X-Hl-Ver
X-Zipkin-Id
Meta-Geo
X-S
Webcakes-Region
Webcakes-App-Version
LB
NtCoent-Length
Webcakes-App-Name
X-AWS-Id
X-FB-TRIP-ID
X-FC-Vary-Parameters
X-Akamai-Transformed
X-Cache-Config
X-Backend-Name
We-Hiring
TWC-Privacy
NGX
Property-Id
Mail-Subject
L5d-Success-Class
Access-Control-Request-Headers
TWC-Connection-Speed
TWC-Device-Class
X-Cache-Server
TWC-Locale-Group
TWC-GeoIP-LatLong
TWC-GeoIP-Country
Vix-Hermes-Req-Id
X-Environment-Context
X-VWS-Id
X-Hosted-By
X-Origin-Hint
X-VG-TLSProxy
X-Rocket-Nginx-Bypass
X-R9-Blue-Green-Version
X-LJ-Flow-ID
X-Proxy
X-L-Path
X-Time-Microsecs
X-Tb
X-Viewer-Country
S-Rt
X-Vgn-Hpd-Reason
Now
DB-Nickname
Azure-Version
X-NCache
X-FW-Version
Origin-Cache-Control
X-Web-Node
Origin-Edge-Control
X-Section
X-EIG-Tracking-Id
X-Loop
Azure-SlotName
X-Labrador-Cache-Channel
X-Format
X-MP-GENERATED-AT
X-Akamai-Request-ID
X-ServerID
X-TNCMS
X-RCS-CacheZone
X-Origin-Response-Time
X-Access
X-Tumblr-Pixel-3
X-Debug-Cache
Datacenter
Azure-InstanceId
Azure-SiteName
X-Cache-Remote
Azure-RegionName
X-Xfnlog-Site
Selected-FE
X-PCL
X-ProxyCache-Status
X-Proxy-Build
Content-Script-Type
Content-Style-Type
X-BYPASS-REASON
X-Via-Fastly
X-Human
X-JoinUs
X-IP
X-Timing-Wait
X-Trace-Id
X-CCM
X-Via-CDN
X-GRACE
X-OCL
X-ProxyCache-Key
X-Generated
Cache-Tag
X-Internal-Host
X-Grey
X-Www-Served-By
X-Cache-Category-Id
Uber-Trace-Id
X-Endurance-Cache-Level
X-Newrelic-App-Data
X-Site-Version
X-VC-Cache
X-Varnish-Cacheable
X-UnsetCookies
Decoy-Debug-Status
X-Status
X-Rule
Decoy-Debug-Key
Decoy-Debug-TTL
X-Birta-Served
X-Dynatrace-Js-Agent
Release
Served-By
X-Birta-Cache-Post
X-EdgeConnect-Cache-Status
X-UA
X-CDN-Cache
X-Ua
Nel
AsisCache
X-Request-Time
X-Cluster-Node
X-APP-VERSION
X-Nginx-Cache
X-Wix-Server-Artifact-Id
DSUID
X-App-Name
X-TIME
Rt-Fastcgi-Cache
X-Hit
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Origin
X-B3-Spanid
X-ApacheServer
X-OVcl-Cache
X-PERF
X-OVcl
X-VCT
X-Source
X-Wix-Request-Id
ViewerVersion
X-Origin-Host
SRV
X-Agile-Age
X-Agile-Id
X-App-Version
X-Agile
X-Sucuri-ID
Hostname
Cache-Name
X-NewRelic-App-Data
X-WPE-Loopback-Upstream-Addr
X-Pubstack
X-ElasticPress-Search
Cteonnt-Length
Cache
X-Origin-TTL
X-Cache-Host
X-Origin-CC
X-Generated-In
Www
X-A-Ccd
X-A
X-Logtrace-Id
Server-Surrogate-Control
Thinkindot-CacheControl
Thinkindot-Control
UCS
X-A-Dam
X-A-Dgt
X-Webstats-RespID
X-Accel-Expires-Debug
Arc-Country
X-Aed
Xc-Version
X-Gannett-Site-Version
Server-Host
X-A-Wwc
BehaviorPad-Version
X-A-Dcw
Request-Time
X-IN-APIGATEWAY
Meta-Geo-Continent
Node
On-Server
X-Instart-Isnd
X-IN-WAF
FNAC-ModuleRouting
Lfy
MD5-Digest
Memcached
Fly-Cache
Ec-Rule-Version
Request-Country
Cache-Prefix
Request-EU
Fly-Request-Id
Rendered-Blocks
X-Hp-Webp
Cross-Origin-Window-Policy
X-Application
Origin
Server-Cache-Control
X-B-Cookie
X-Destination
X-ScT
X-Debug-Log
X-Debug-Cookies
Ajk
X-CF-Lambda-Fn
X-S-Cookie
X-Rewrite-Enabled
X-Transaction
X-Cache-Info
X-Cache-Miss-From
X-Rojux
X-CF-Lambda-Version
X-Thinkindot-L3
X-Server-Group
X-Sedo-Request-Id
X-Connection-Hash
X-Core-Value
X-Date
X-Debug-Cache-Expiry
X-Secret
X-SRCache-Key
X-ServiceProvider
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-Developer
X-Request-UUID
X-DPWN-IS-SECURE
X-NU-AKA-ACS-Version
X-VG-WebServer
X-NX-Host
X-Cache-ASPX
X-External-Request-Id
X-NodeID
X-G
X-ARC
X-D
X-Mobile-URL
X-F5-Cache
X-Cache-Expires
X-Varnish-Authentication
X-Region-Sid
X-Refresh
X-Twitter-Response-Tags
X-Trv-Group
X-Cache-Grace
X-Reboot
X-Up
X-PAYTM-SRV-ID
X-Var-Ttl
X-Platform
X-Processor
X-Matched-Rule
Thinkindot-CacheControl-Type
X-Ah-Environment
User-Cache-Control
X-Developers
X-Crawler
X-Cdn-Srv
X-Device-Os
X-CGP
X-Dispatcher-Server
X-Gen-Mode
X-Hash
X-Fetched-On
X-Epic-Correlation-Id
X-Distil-CS
X-Distributor
X-Cache-Id
X-Cache-Bucket
ServerName
True-Client-Country-4JS
Server-Int
RNT-Time
Proxy-Connection
RNT-Machine
Web-Mar-Node
X-Amzn-Remapped-Connection
X-Cache-Backend
X-Hnp-Log
X-Block-Status
X-Amzn-Remapped-Date
X-Amzn-Remapped-Content-Length
X-Cache-Debug
X-Info
X-RateLimit-Remaining-Second
X-Rebelmouse-Cache-Control
X-RateLimit-Limit-Second
X-Qloud-Router
X-Policy
Warning
X-Rebelmouse-Surrogate-Control
X-Request-URI
X-SN
X-Swa-Ws
X-SIPLIST1
X-Sf
X-Servername
X-PHP-Host
X-Page-Type
X-Li-Fabric
X-Li-Pop
X-LAGOON
X-Key
X-Irp-Debug
X-LI-Proto
X-LI-UUID
X-Origin-Date
X-Origin-Expires
X-Nginx-Cache-Key
X-Micro-Cache
X-Location
Pramga
X-Eu-Site
Fastly-SIE
Country-Code
CDCHOST
Fastly-SWR
Ha-Gx-Prefs
IsBot
HA-Ipaddr
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
Apple-News-Services-Host
Apple-News-Services-Handled
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Cache-Cookie-Set-From
Backend
Kp-EeAlive
Gh-Request-Id
Pagetype
X-Varnish-Ttl
X-FireWall-Port
X-Via-SSL
SD-X-WS
X-GeoIP-Country-Code
X-GeoIP-City
X-C
X-Geo-Header
X-Bip
X-Backend-Url
X-Backend-State
Fastly-Soc-X-Request-Id
X-BBXSRF
X-Cache-FS-Status
Fastly-SSL
X-Level-Front-Cache
X-Apm-Inst-Hash
X-Core-Mission
X-Sn-Servicetimems
X-Cms-Context
Heartbleed
Is-Eu
X-Apm-App-Name
V-Age
X-Cdn-Forward
X-Fastly-Cache
X-Gateway-Skip-Cache
X-Generated-On
X-Gateway-Cache-Status
X-Gateway-Cache-Key
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-Backend-Host
X-Auto-Login
X-Server-IP
X-ShardId
X-S-Maxage
X-User
X-Protected-By
X-Server-Time
X-ShopId
X-Shopify-Stage
AKAMAI
X-Thanos
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
Platform
X-Skip-Cache
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
Adler-Geo
X-Amz-Meta-Cache-Control
X-No-Session
X-MSEdge-Flight
X-Via-Edge
X-MSEdge-Features
X-Alternate-Cache-Key
Content-Disposition
X-Planisys-CDN-TTL
X-Variation
X-Cdn-Origin
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-Apm-Svc-Key
Pagespeed
Rt-Proxy-Cache
X-Owner
X-NC
X-ND-Cache
MIME-Version
User-Agent
HTTPS
X-BB-ID
X-Ocache
X-Edge-Location
X-Exp-Se
X-Geo
X-GZip
X-Sucuri-Cache
REQUESTUUID
X-Proxy-Upstream
X-Org
X-Proxy-Cache-Status
X-RateLimit-Reset
X-Served-From
Server-ID
X-TT-LOGID
X-TrackingId
X-Edge-IP
X-Real-Ip
X-B3-Parentspanid
Magicmarker
N-Cache
X-Varnish-Url
X-FPC
Fastly-Backend-Name
X-Aicache-OS
X-Git-Hash
X-Gdpr
VivaBuild
Viewtype
X-Varnish-Beresp-Ttl
X-Host-Name
AR-SID
X-Pjax-Url
X-Node-Id
Wxu-Next-Region
X-CDN-Forward
Wxu-Next-Commit
X-Load-Cache
Wxu-Next-Hostname
X-DC
X-Daa-Tunnel
X-CSRF-TOKEN
HostName
CF-IPCountry
Memory
X-CUA
Powered-By
X-Parent-Response-Time
Time
X-Dc
X-Datadome
Resin-Trace
X-Release
X-Wa
X-HS-Cache-Config
X-Servedbyhost
Pragrma
X-Nc
X-Passed-To-DLL
X-Passed-To-PostProcessResponse
X-Passed-To-BeforeDispatch
X-Returned-From-PostProcessResponse
X-Server-By
X-Stale
X-Svr
X-Passed-To
X-Returned-From-DLL
X-Returned-From
X-Returned-From-BeforeDispatch
X-Actual-URL
X-Oss-Hash-Crc64ecma
X-WebServer
PICS-Label
X-CACHE-KEY
X-TH-Server
X-Original-Request
Section-Io-Cache
X-Oss-Server-Time
X-Oss-Storage-Class
X-Oss-Request-Id
X-Oss-Object-Type
X-Upstream-CT
Host-ID
X-Phone
X-Upstream-HT
X-VServer
X-Croise-Owner
X-Newrelic-Synthetics
ProcessTime
X-Instart-Info
Cdn-Request-Time
X-Edge-Server
Cdn-Host
Cdn
Mime-Version
X-Cache-HT
X-Optimization
X-Tb-Optimization-Total-Bytes-Saved
X-From-Cache
Backend-Name
X-Varnish-Beresp-TTL
CF-Cached-On
X-APP
X-Fastly-Backend-Reqs
X-Worker
SID
X-Lb-Id
X-Unique-ID
Cf-Ipcountry
X-Microcachable
352pxline
409pxxline
X-Server-W
286prxHost
355prline
178proxuri
188prxHost
189phosttRef
Xxline
219prxHost
Version
X-Req
X-Microsite
X-Request-Handler-Origin-Region
225prxHost
X-Atg-Version
X-B3-SpanId
XServer
X-LB-ID
Fastcgi-Useragent
X-Backend-TTL
Proxy-Firewall
Odigeo-Trace-Id
X-V
Processtime
X-ID
X-Akamai-Request-ID2
Accept-Language
X-Ratelimit-Remaining
X-Ratelimit-Limit
Esi-Enabled
X-HTML-Minification-Powered-By
X-VCL-Version
X-Vcl-Version
X-Zone
X-CACHE-AGE
X-CLOUD-TRACE-CONTEXT
GeoIP-City
X-Check-Cacheable
X-IPS-LoggedIn
X-UPSTREAM-Address
GeoIP-Country-Code
X-WR-MODIFICATION
X-Fstrz
X-AssetVersion
GeoIP-Latitude
X-Contensis-Viewer-Groups
X-NGINX-Cache
X-Nananana
X-Response-By
Pics-Label
SN
X-Vcache
X-ZONE
X-Vtex-Remote-Cache
X-Vtex-Processado-Em
X-WA
X-Be
X-RequestId
X-HS-Status
X-Ratelimit-Reset
X-URL
GMS-Ver
X-ServedByHost
Locale
X-CSRF-Token
X-Reqid
X-Urbn-Site-Id
X-Urbn-Context-Path
X-Via-NSCOPI
Public-Key-Pins-Report-Only
DataCenter
X-SERVER-NAME
GeoIp-Country-Code
X-Hyper-Cache
X-NWS-UUID-VERIFY
X-ABtesting
Fastcgi-X-Cache-Version
X-Hello
X-Flog
Geoip-Latitude
WZWS-RAY
X-Dynatrace
Dnion-Transfer-Encoding
X-Request-Start
GW-Server
IBM-Web2-Location
X-Via-Ucdn
Geoip-City
X-Amz-Meta-Surrogate-Control
X-Fastly-Country-Code
X-Render-Time
CDN
X-Cdn-Cache
WP-Super-Cache
X-LiteSpeed-Cache-Control
WebServer
X-Clientip
X-Generation-Time
X-We-Are-Hiring
Requestid
Countrycode
X-UE-Client-Country
X-CS
Mobile-Detection-Method
X-Cache-Ttl
X-GDPR
Ohc-File-Size
X-Unique-Id
X-GEO
X-NGENIX-Cache
Lb
X-PJAX-URL
URI
X-BE
X-HS-Combine-CSS
X-Cluster-Name
SS
Dynatrace
FastCGI-Cache
X-FORWARDED-FOR
X-SRV
X-HostName
Amp-Access-Control-Allow-Source-Origin
X-Fpc
X-Compress-Hint
X-Gen-Id
X-Pf-Uncompressing
X-Cache-URL
Serverid
Cneonction
X-GZIP
X-Bug-Bounty
X-Test
Server-Id
A
RequestUuid
X-Got-Non-Ke-Cookie
Who
GEO-REGION-INFO
X-Varnish-Action
X-PF-Uncompressing
FSS-Proxy
FSS-Cache
X-LiteSpeed-Tag
X-Store
X-Akamai-SSL-Client-Sid
Frontcache
X-ServerName
Https
X-EC-Lua
X-Serial
NnCoection
X-HTML-Edge-Cache
X-Dw-Trace-Id
X-Request-Url
X-Html-Edge-Cache
Ohc-Response-Time
Ohc-Cache-HIT
X-Cdn-Request-ID
X-Fastly-Cache-Hits