Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
X-Powered-By
Link
ETag
CF-RAY
X-XSS-Protection
Expect-CT
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
CF-Cache-Status
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-Xss-Protection
X-Drupal-Cache
X-Adblock-Key
Alt-Svc
X-Check
X-Cacheable
X-Cache-Status
Content-Security-Policy-Report-Only
X-Generator
CF-Ray
X-DNS-Prefetch-Control
X-Permitted-Cross-Domain-Policies
X-AspNetMvc-Version
X-Request-ID
X-Template
X-Language
Status
X-Iinfo
Content-Encoding
Timing-Allow-Origin
X-FRAME-OPTIONS
X-Content-Security-Policy
X-Buckets
Upgrade
Xkey
X-Turbo-Charged-By
X-Kinja-Server-Push
X-CDN
Keep-Alive
Access-Control-Expose-Headers
X-Backend
Access-Control-Max-Age
X-Cache-Group
X-Pass-Why
X-AH-Environment
X-Drupal-Dynamic-Cache
X-Age
X-Ua-Compatible
X-Server
X-Pingback
X-Via
X-Proxy-Cache
Grace
X-Amz-Id-2
X-Amz-Request-Id
X-Hacker
X-Varnish-Cache
X-Robots-Tag
X-Page-Speed
X-Server-Powered-By
X-Nginx-Cache-Status
WPE-Backend
X-UA-Device
EagleId
Request-Context
X-Envoy-Upstream-Service-Time
P3p
Cf-Railgun
X-Amz-Version-Id
X-Swift-CacheTime
X-Swift-SaveTime
X-LiteSpeed-Cache
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
Ali-Swift-Global-Savetime
X-Device
X-WebKit-CSP
X-OneAgent-JS-Injection
Server-Timing
Allow
X-Ac
X-Rq
X-Node
X-Host
X-Server-Id
Content-Location
Feature-Policy
X-Cnection
X-Response-Time
X-CST
Report-To
X-Backend-Server
X-Cloud-Trace-Context
EagleEye-TraceId
Surrogate-Control
X-Application-Context
X-ORACLE-DMS-ECID
X-Iejgwucgyu
X-Url
X-Readtime
X-Origin-Cache
Request-Id
X-Rack-Cache
X-Country
X-FTR-Request-ID
X-Type
X-Cache-Lookup
X-Clacks-Overhead
X-Country-Code
Rating
X-Instart-Request-ID
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
NEL
X-Ruxit-JS-Agent
X-Vhost
X-DynaTrace
Pinterest-Generated-By
X-Mod-Pagespeed
X-DataDome
X-Origin-Upstream-Status
Edge-Control
X-Px
X-Goog-Hash
X-HW
X-Server-Name
Verso
Accept-CH
X-Upstream-Env
X-Dispatcher
X-ESI
X-Cdn
MS-Author-Via
X-VARITI-CCR
AR-ATIME
AR-CACHE
AR-PoweredBy
X-Mobile-Rewrite
PB-PID
Arc-Version
PB-RID
X-MS-InvokeApp
X-Cdn-Fetch
X-Exp-Variant
X-Kinja-Revision
X-Kinja-Build
X-GoogleNews-Bot
X-ORACLE-DMS-RID
X-Kinja
X-GitHub-Request-Id
X-Kinja-Server
X-Use-Magma
X-Exp-Id
X-DataStream-Cache-Status
X-Cached
Public-Key-Pins
X-Version
Content-MD5
X-Powered-By-Plesk
X-TTL
Service-Worker-Allowed
X-Recruiting
AR-Request-ID
Charset
Accept-CH-Lifetime
Ar-Sid
RTSS
X-Abt-Application-Version
X-D2id
X-Navigation-Version
X-Vname
X-PC
X-TtlSet
X-Ser
X-Amz-Server-Side-Encryption
X-Varnish-TTL
X-Vcap-Request-Id
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Forwarded-Proto
X-Client-IP
X-Trace
SPRequestGuid
X-DynaTrace-JS-Agent
Nginx-Cache
X-Server-ID
X-FTR-Cache-Status
X-FTR-Backend-Server
X-FTR-DC
X-FTR-Backend
X-FTR-Realm
X-Country-Code-Real
X-FTR-Balancer
X-FTR-Expires
X-Oracle-Dms-Rid
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Stored-Content-Encoding
DynaTrace
S
X-VCache
X-Amz-Meta-S3cmd-Attrs
X-SharePointHealthScore
X-Amz-Rid
X-Fastly-Request-ID
X-Debug
TCN
X-Hits
X-Dw-Request-Base-Id
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
Arr-Disable-Session-Affinity
Pinterest-Version
X-Pinterest-Rid
X-Upstream-Proxy
X-Akam-SW-Version
X-Shield-Request-Id
SPRequestDuration
SPIisLatency
X-XRDS-Location
Access-Control-Request-Method
X-Powered-CMS
X-T
X-FTR-Cache-Host
X-B3-TraceId
X-Goog-Storage-Class
Realpath
X-Id
X-Aspnet-Version
Tracecode
X-MSEdge-Ref
X-NF-Request-ID
X-Webkit-CSP
X-Amzn-Trace-Id
X-Acc-Meta-Resource-Type
Front-End-Https
X-Litespeed-Cache
X-N
Fastcgi-Cache
X-Dns-Prefetch-Control
X-Varnish-Age
X-Content-Type
X-Forwarded-For
Paypal-Debug-Id
X-Ttl
X-Upstream
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
Alternate-Protocol
X-Content-Digest
X-PressLabs-Stats
X-RateLimit-Remaining
X-HS-Hub-Id
X-Logged-In
X-HS-Content-Id
X-Frontend
Fusion-Component-Id
Fusion-Content-Id
Fusion-Source
Fusion-Content-Source
Fusion-Template-Id
X-Middleton-Display
X-Sol
X-Middleton-Response
Response
Display
X-Cache-Key
X-Fastcgi-Cache
X-Hostname
X-Srv
AMP-Access-Control-Allow-Source-Origin
X-Pad
X-Accel-Expires
X-SERVER
Host
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
MicrosoftSharePointTeamServices
X-B3-Traceid
Server-Name
X-Kinsta-Cache
Backend-Timing
X-Analytics
X-Content-Options
X-AppVersion
X-Az
X-Correlation-Id
X-Activity-Id
X-LB-Cache
X-User-Agent
X-Debug-Info
X-Revision
X-Rid
X-IPLB-Instance
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Cache-Hit
X-B3-Sampled
Accept-Charset
Surrogate-Key
FilterID
X-Cache-2
X-Grace
ServerID
Refresh
X-B
Powered-By-ChinaCache
X-CF-Powered-By
X-Accel-Buffering
X-Page-Id
X-DIS-Request-ID
TP-L2-Cache
X-Request-Processing-Time
X-Whom
X-Request-Received
TP-Cache
MS-CV
Server-Info
X-FastCGI-Cache
Host-Header
X-PHP-Backend
X-Ruxit-Js-Agent
X-Cached-By
Cache-Status
X-Varnish-Backend
X-F-Cache
X-Origin-Server
X-App-Environment
X-Amz-Replication-Status
X-Akamai-Edgescape
X-Platform-Server
X-UA-Device-Type
X-Tumblr-Pixel
X-Tumblr-User
X-Cluster
X-Mobile
X-Tumblr-Pixel-0
X-Content-Powered-By
VIX-Pulpo-Upstream-Status
X-Content-Security-Policy-Report-Only
VIX-Pulpo-Node
Access-Control-Allow-Method
X-Kong-Upstream-Latency
X-TT
X-Kong-Proxy-Latency
X-Varnish-Grace
Source
X-FW-Server
X-Request-Guid
X-FW-Hash
X-FW-Serve
X-Cache-Action
X-Drupal-Cache-Tags
X-FW-Static
X-Framework
X-FW-Type
X-FB-Debug
X-Instance
X-GUploader-UploadID
X-Geo-Country
PageSpeed
X-RateLimit-Limit
X-Forwarded-Host
X-Cache-TTL
X-TA-CDN-Provider
X-SS-Set-Cookie
X-Zen-Fury
X-Node-Name
X-Handled-By
X-Shard
Edge-Cache-Tag
X-Ezoic-Cdn
X-Magnolia-Registration
X-Oneagent-Js-Injection
From-Origin
X-Varnish-Hostname
X-ATG-Version
Cache-Tags
X-XRDS-LOCATION
X-Cache-Age
X-BCube-Filmed-By
Fastly-Restarts
X-Varnish-Server
X-Cache-Control
X-App-Server
DC
X-AOL-HN
Cleartype
X-Cache-Rule
Healthy
Upgrade-Insecure-Requests
Payment
X-Signature
X-B-Cache
Filters
X-Response-Served-From
Server-Node
X-RequestSource
Country
X-Region
Ms-Operation-Id
Webserver
X-GeoIP
X-TX-ID
X-RTag
X-Tumblr-Pixel-2
X-WebKit-CSP-Report-Only
Retry-After
X-Redis-Cache
Actual-Object-TTL
X-UUID
X-Tumblr-Pixel-1
X-Jobs
Cache-Tv-Group
X-VG-WebCache
X-Drupal-Cache-Contexts
X-FW-Dynamic
X-Generated-By
X-Adobe-Loc
X-Adobe-Content
Powered
X-Content-Age
X-Cacheable-TTL
X-Locale
X-TT-TIMESTAMP
X-Storage
X-Varnish-Hits
NGB
CACHE
Frame-Options
GEO-INFO
Liferay-Portal
ServedBy
X-Contextid
X-WA-Info
HitType
X-Rendered-As
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Cache-TTL-Remaining
X-Cache-NE
X-Varnish-IP
X-Seen-By
X-Real-IP
X-RemovedCookies
X-ProcessESI
X-Guploader-Uploadid
Eomportal-Instance
X-Via-JSL
Nel
X-BACKEND-TTL
Viewport
X-Esi
X-Upgrade-Enabled
S-Cnection
X-Cache-Operation
X-Mode
NtCoent-Length
X-Varnish-Cache-Hits
X-Cache-Server
Xserver
Mn-Server-Ip
X-Cache-Enabled
X-ES-SERVER
X-Device-Type
X-Detected-As
X-Cache-Var
X-Cache-Var-Map
X-Is-Bot
X-Path-Route
Meta-Geo
Machine
X-Zipkin-Id
X-Routing-Service
X-Proxied
X-RN-RSRV
OT-Force-Account-Verify
Load-Balancing
Content-Style-Type
X-S
X-Time
Content-Script-Type
X-Akamai-Transformed
Webcakes-Region
Webcakes-App-Version
Webcakes-App-Name
X-AWS-Id
X-Backend-Name
X-Hl-Ver
We-Hiring
X-FC-Vary-Parameters
X-From
TWC-GeoIP-LatLong
Property-Id
Mail-Subject
Cache-Hits
Access-Control-Request-Headers
TWC-Connection-Speed
TWC-Device-Class
TWC-Locale-Group
X-NWS-LOG-UUID
TWC-GeoIP-Country
TWC-Privacy
X-FB-TRIP-ID
X-Proto
X-Proxy
X-Hosted-By
X-VWS-Id
X-Origin-Hint
X-Rocket-Nginx-Bypass
X-LJ-Flow-ID
Origin-Cache-Control
Now
Origin-Edge-Control
X-Vgn-Hpd-Reason
X-VG-TLSProxy
S-Rt
NGX
X-Viewer-Country
Azure-SlotName
X-R9-Blue-Green-Version
Azure-SiteName
Azure-Version
X-FW-Version
L5d-Success-Class
DB-Nickname
X-Tumblr-Pixel-3
X-TNCMS
X-MP-GENERATED-AT
X-NCache
X-Cache-Config
X-Debug-Cache
X-Environment-Context
X-EIG-Tracking-Id
X-Access
X-Loop
X-ServerID
X-Tb
X-L-Path
Vix-Hermes-Req-Id
X-Format
X-RCS-CacheZone
Azure-RegionName
X-Section
Datacenter
Azure-InstanceId
X-OCL
X-Labrador-Cache-Channel
X-Origin-Response-Time
X-Proxy-Build
X-Akamai-Request-ID
X-PCL
Selected-FE
X-Birta-Served
X-Birta-Cache-Post
X-BYPASS-REASON
X-Human
X-ProxyCache-Status
X-IP
X-JoinUs
X-ProxyCache-Key
X-Timing-Wait
X-Web-Node
X-Via-Fastly
X-Via-CDN
X-Xfnlog-Site
X-Time-Microsecs
Cache-Key
LB
X-Internal-Host
X-Grey
X-Cache-Category-Id
X-CCM
X-Generated
X-Endurance-Cache-Level
Uber-Trace-Id
Cache-Tag
X-Www-Served-By
X-Site-Version
X-Trace-Id
X-Varnish-Cacheable
X-Dynatrace-Js-Agent
X-Cache-Remote
X-Status
X-GRACE
Served-By
X-UnsetCookies
X-Newrelic-App-Data
X-Rule
X-UA
X-VC-Cache
Decoy-Debug-Status
Decoy-Debug-Key
Decoy-Debug-TTL
X-Wix-Server-Artifact-Id
Release
X-EdgeConnect-Cache-Status
X-CDN-Cache
X-TIME
AsisCache
ViewerVersion
X-Cluster-Node
X-Wix-Request-Id
X-APP-VERSION
Rt-Fastcgi-Cache
X-Origin-Host
X-Sucuri-ID
X-Request-Time
X-App-Name
X-B3-Spanid
X-NewRelic-App-Data
X-Nginx-Cache
X-Source
X-ApacheServer
X-PERF
X-OVcl-Cache
X-Agile
X-OVcl
X-Hit
X-Agile-Age
X-Origin
X-Agile-Id
X-VCT
DSUID
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Ua
Cache-Name
SRV
X-App-Version
X-Origin-TTL
User-Agent
X-Origin-CC
X-Sedo-Request-Id
X-Destination
X-Rewrite-Enabled
Cache-Prefix
X-CF-Lambda-Version
BehaviorPad-Version
Arc-Country
Ajk
X-Rojux
X-Debug-Cache-Store
X-Debug-Cache-Expiry
X-CF-Lambda-Fn
X-Date
X-D
X-ScT
X-Connection-Hash
X-Server-Group
X-NU-AKA-ACS-Version
X-Debug-Cache-Fetch
X-S-Cookie
Ec-Rule-Version
Server-Surrogate-Control
X-Processor
UCS
X-Application
X-ARC
Request-EU
Request-Time
Server-Cache-Control
Www
X-A
X-Accel-Expires-Debug
X-Platform
X-Aed
X-A-Wwc
X-A-Dgt
X-A-Ccd
X-A-Dam
X-A-Dcw
Request-Country
Rendered-Blocks
FNAC-ModuleRouting
X-Request-UUID
X-Region-Sid
Fly-Request-Id
Fly-Cache
Cross-Origin-Window-Policy
X-Developer
X-Cache-Grace
X-Refresh
X-Reboot
Meta-Geo-Continent
Node
X-B-Cookie
Memcached
MD5-Digest
X-Cache-ASPX
Lfy
X-Cache-Miss-From
X-Core-Value
X-Webstats-RespID
X-IN-WAF
X-VG-WebServer
X-PAYTM-SRV-ID
X-G
X-DPWN-IS-SECURE
X-Up
X-Twitter-Response-Tags
Xc-Version
X-Trv-Group
X-Instart-Isnd
X-Mobile-URL
X-Varnish-Authentication
Warning
X-F5-Cache
X-IN-APIGATEWAY
X-External-Request-Id
X-Generated-In
X-SRCache-Key
Hostname
X-Logtrace-Id
X-Hp-Webp
X-Transaction
X-Varnish-Ttl
X-ElasticPress-Search
Server-Host
X-Cache-Debug
Country-Code
X-Protected-By
X-Matched-Rule
X-Proxy-Cache-Status
Thinkindot-CacheControl-Type
X-Cache-Info
X-Hash
Thinkindot-CacheControl
X-Device-Os
Thinkindot-Control
X-Cache-Expires
X-Irp-Debug
X-LI-UUID
X-Qloud-Router
X-BB-ID
X-RateLimit-Limit-Second
On-Server
Origin
X-Gannett-Site-Version
X-Pubstack
Pagetype
X-RateLimit-Remaining-Second
X-Proxy-Upstream
X-Cache-Bucket
HA-Ipaddr
Ha-Gx-Prefs
X-Cdn-Srv
X-Location
RNT-Machine
Kp-EeAlive
RNT-Time
ServerName
X-LI-Proto
X-Info
X-Edge-Location
Cteonnt-Length
X-Servername
X-Crawler
X-Ocache
X-Var-Ttl
X-Nginx-Cache-Key
X-Key
X-Ah-Environment
X-ServiceProvider
X-Distributor
X-Debug-Log
X-Amzn-Remapped-Connection
X-Developers
X-SN
X-NX-Host
X-Dispatcher-Server
X-NodeID
X-Distil-CS
X-Debug-Cookies
X-Secret
X-Epic-Correlation-Id
Backend
X-Policy
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Pramga
Cache-Cookie-Set-From
CDCHOST
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
Apple-News-Services-Host
Apple-News-Services-Handled
X-Li-Fabric
X-Thinkindot-L3
X-Eu-Site
X-Li-Pop
Web-Mar-Node
X-CGP
X-Amzn-Remapped-Date
X-Amzn-Remapped-Content-Length
X-Micro-Cache
X-WPE-Loopback-Upstream-Addr
X-Datadome
X-Cache-Backend
User-Cache-Control
Pagespeed
X-FireWall-Port
X-Gateway-Skip-Cache
X-Gateway-Cache-Status
X-Amz-Meta-Cache-Control
X-GeoIP-City
X-MSEdge-Features
X-Cms-Context
X-Gen-Mode
X-Fastly-Cache
X-Geo-Header
X-Planisys-CDN-TTL
X-PHP-Host
X-No-Session
X-Planisys-CDN-Rules
X-Core-Mission
X-MSEdge-Flight
X-Cache-Id
X-LAGOON
X-Planisys-CDN-Cache
X-Auto-Login
X-BBXSRF
X-Backend-Url
X-Backend-State
X-Page-Type
X-Origin-Expires
X-Bip
X-Block-Status
X-Cache-FS-Status
X-Cache-Host
X-Backend-Host
X-Hnp-Log
X-Gateway-Cache-Key
X-Origin-Date
X-C
X-GeoIP-Country-Code
X-Server-IP
X-SIPLIST1
X-Shopify-Stage
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Alternate-Cache-Key
X-ShopId
X-ShardId
Adler-Geo
AKAMAI
X-S-Maxage
X-Sucuri-Cache
X-Sf
X-Swa-Ws
X-Thanos
Gh-Request-Id
X-Wikidot-Static-Cache
X-Fetched-On
X-Generated-On
X-Level-Front-Cache
X-Wikidot-Backend
X-Via-SSL
X-TT-LOGID
X-TrackingId
X-User
X-Variation
X-Via-Edge
Content-Disposition
X-Skip-Cache
Fastly-SWR
Fastly-SSL
Is-Eu
X-Request-URI
Heartbleed
X-Rebelmouse-Surrogate-Control
IsBot
SD-X-WS
Platform
Server-Int
HTTPS
Proxy-Connection
True-Client-Country-4JS
Fastly-SIE
Fastly-Soc-X-Request-Id
X-Rebelmouse-Cache-Control
X-GZip
Cache
X-Edge-IP
Magicmarker
X-Varnish-Url
X-Owner
N-Cache
X-Varnish-Beresp-Status
Fastly-Backend-Name
X-Server-Time
X-RateLimit-Reset
X-Varnish-Beresp-Grace
X-Cdn-Forward
X-Real-Ip
V-Age
Rt-Proxy-Cache
Server-ID
X-Apm-App-Name
REQUESTUUID
X-Apm-Inst-Hash
X-Exp-Se
X-Cdn-Origin
X-Sn-Servicetimems
X-Apm-Svc-Key
X-ND-Cache
X-CDN-Forward
X-NC
X-Org
X-FPC
X-Node-Id
X-Geo
X-Served-From
MIME-Version
VivaBuild
X-Gdpr
X-Pjax-Url
Viewtype
X-Dc
X-Load-Cache
HostName
X-B3-Parentspanid
X-CUA
Powered-By
X-Aicache-OS
X-Varnish-Beresp-Ttl
Pragrma
Wxu-Next-Region
X-Git-Hash
X-Nc
Wxu-Next-Commit
Wxu-Next-Hostname
Section-Io-Cache
X-Svr
X-Returned-From-PostProcessResponse
X-Returned-From-DLL
X-Returned-From-BeforeDispatch
X-Returned-From
X-Server-By
X-Stale
X-Passed-To
X-Passed-To-BeforeDispatch
X-Passed-To-DLL
X-Passed-To-PostProcessResponse
X-Original-Request
Time
PICS-Label
Memory
CF-IPCountry
X-Actual-URL
X-CSRF-TOKEN
X-Parent-Response-Time
X-DC
X-Host-Name
X-VServer
X-Croise-Owner
Host-ID
X-CACHE-KEY
X-HS-Cache-Config
Mime-Version
X-Servedbyhost
Cdn-Request-Time
X-Oss-Server-Time
X-Oss-Request-Id
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Wa
X-Oss-Storage-Class
Cdn-Host
X-Edge-Server
X-WebServer
Resin-Trace
X-Release
X-Daa-Tunnel
X-TH-Server
X-Cache-HT
X-Unique-ID
X-Optimization
X-Varnish-Beresp-TTL
AR-SID
ProcessTime
X-Microcachable
X-Tb-Optimization-Total-Bytes-Saved
X-Phone
X-Lb-Id
SID
X-Newrelic-Synthetics
X-Upstream-HT
X-Upstream-CT
Fastcgi-Useragent
X-From-Cache
Cdn
X-Instart-Info
CF-Cached-On
Cf-Ipcountry
X-Req
X-APP
Backend-Name
X-Atg-Version
X-V
Odigeo-Trace-Id
Processtime
Proxy-Firewall
XServer
X-Worker
X-Fastly-Backend-Reqs
X-ID
286prxHost
X-HTML-Minification-Powered-By
352pxline
X-Vcl-Version
219prxHost
189phosttRef
225prxHost
355prline
Xxline
178proxuri
409pxxline
188prxHost
X-Server-W
X-Ratelimit-Remaining
X-B3-SpanId
X-Fstrz
X-LB-ID
X-Ratelimit-Limit
X-WR-MODIFICATION
X-Backend-TTL
X-Zone
Version
X-CLOUD-TRACE-CONTEXT
X-CACHE-AGE
X-Response-By
X-Nananana
X-IPS-LoggedIn
X-Check-Cacheable
GMS-Ver
X-UPSTREAM-Address
Esi-Enabled
X-WA
X-Akamai-Request-ID2
X-NGINX-Cache
X-Vcache
Accept-Language
X-Ratelimit-Reset
SN
X-CSRF-Token
X-ServedByHost
Public-Key-Pins-Report-Only
X-VCL-Version
X-Request-Handler-Origin-Region
X-Microsite
X-AssetVersion
X-Contensis-Viewer-Groups
X-URL
Geoip-Latitude
GeoIp-Country-Code
Fastcgi-X-Cache-Version
WZWS-RAY
X-Hyper-Cache
GeoIP-City
GeoIP-Latitude
GeoIP-Country-Code
X-HS-Status
Pics-Label
DataCenter
X-RequestId
GW-Server
X-Be
X-Vtex-Processado-Em
X-Amz-Meta-Surrogate-Control
Geoip-City
X-SERVER-NAME
X-Fastly-Country-Code
X-Vtex-Remote-Cache
X-ZONE
X-Dynatrace
Mobile-Detection-Method
X-Reqid
X-Clientip
X-Urbn-Context-Path
X-We-Are-Hiring
X-Urbn-Site-Id
X-Request-Start
X-Render-Time
Locale
Countrycode
X-UE-Client-Country
X-GEO
X-Via-NSCOPI
X-Via-Ucdn
WP-Super-Cache
X-Cdn-Cache
Lb
X-GDPR
X-Hello
X-LiteSpeed-Cache-Control
X-BE
X-ABtesting
X-CS
URI
X-Flog
SS
X-NWS-UUID-VERIFY
X-Unique-Id
Ohc-File-Size
IBM-Web2-Location
X-PJAX-URL
CDN
Dnion-Transfer-Encoding
FastCGI-Cache
X-FORWARDED-FOR
Amp-Access-Control-Allow-Source-Origin
Dynatrace
X-GZIP
X-SRV
X-HostName
RequestUuid
X-HS-Combine-CSS
X-PF-Uncompressing
FSS-Proxy
X-Fpc
Cneonction
FSS-Cache
X-NGENIX-Cache
X-Generation-Time
X-Pf-Uncompressing
Serverid
X-Gen-Id
X-Test
X-Cache-Ttl
X-Fastly-Cache-Hits
X-Request-Url
X-Cluster-Name
Requestid
X-Bug-Bounty
X-Html-Edge-Cache
A
X-Store
Server-Id
X-LiteSpeed-Tag
Accept-Ch
X-Akamai-SSL-Client-Sid
X-Serial
X-ServerName
X-Compress-Hint
RequestId
X-Dw-Trace-Id
NnCoection
Ohc-Response-Time
X-EC-Lua
X-HTML-Edge-Cache
Get-Access-Time
Is-Session-Tracking
Frontcache
Ohc-Cache-HIT
X-Cdn-Request-ID