Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
X-Powered-By
Link
ETag
CF-RAY
X-XSS-Protection
Expect-CT
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
CF-Cache-Status
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-Xss-Protection
X-FRAME-OPTIONS
X-Drupal-Cache
X-Adblock-Key
Alt-Svc
X-Check
X-Cacheable
X-Cache-Status
Content-Security-Policy-Report-Only
X-Generator
CF-Ray
X-DNS-Prefetch-Control
X-Permitted-Cross-Domain-Policies
X-AspNetMvc-Version
X-Request-ID
X-Template
X-Language
Status
X-Iinfo
Content-Encoding
Timing-Allow-Origin
X-Content-Security-Policy
X-Buckets
Upgrade
Xkey
X-Turbo-Charged-By
X-Kinja-Server-Push
X-CDN
Keep-Alive
Access-Control-Expose-Headers
X-Backend
Access-Control-Max-Age
X-Cache-Group
X-Pass-Why
X-AH-Environment
X-Drupal-Dynamic-Cache
X-Age
X-Ua-Compatible
X-Server
X-Pingback
X-Via
X-Proxy-Cache
Grace
X-Amz-Id-2
X-Amz-Request-Id
X-Hacker
X-Varnish-Cache
X-Page-Speed
X-Robots-Tag
X-Server-Powered-By
X-Nginx-Cache-Status
WPE-Backend
X-UA-Device
EagleId
Request-Context
X-Envoy-Upstream-Service-Time
P3p
Cf-Railgun
X-Amz-Version-Id
X-Swift-CacheTime
X-Swift-SaveTime
X-LiteSpeed-Cache
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-OneAgent-JS-Injection
X-Device
Ali-Swift-Global-Savetime
X-WebKit-CSP
Server-Timing
Allow
X-Rq
X-Ac
X-Node
X-Host
Content-Location
Feature-Policy
X-Server-Id
X-Cnection
X-Response-Time
X-CST
Report-To
X-Backend-Server
X-Cloud-Trace-Context
EagleEye-TraceId
Surrogate-Control
X-Application-Context
X-ORACLE-DMS-ECID
X-Iejgwucgyu
X-Url
X-Readtime
X-Origin-Cache
Request-Id
X-Rack-Cache
X-FTR-Request-ID
X-Country
X-Type
X-Cache-Lookup
X-Clacks-Overhead
X-Country-Code
Rating
NEL
X-Instart-Request-ID
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Ruxit-JS-Agent
X-Vhost
X-Cdn
X-DynaTrace
Pinterest-Generated-By
X-DataDome
X-Mod-Pagespeed
X-Origin-Upstream-Status
Edge-Control
X-Px
X-Goog-Hash
X-HW
X-Server-Name
Verso
Accept-CH
X-Upstream-Env
X-Dispatcher
X-ORACLE-DMS-RID
MS-Author-Via
X-ESI
AR-ATIME
AR-PoweredBy
X-VARITI-CCR
AR-CACHE
Arc-Version
PB-RID
X-Mobile-Rewrite
PB-PID
X-MS-InvokeApp
X-GitHub-Request-Id
X-Kinja
X-Kinja-Build
X-Kinja-Revision
X-GoogleNews-Bot
X-Exp-Id
X-Use-Magma
X-Cdn-Fetch
X-Exp-Variant
X-Kinja-Server
X-DataStream-Cache-Status
X-Cached
X-Version
X-Powered-By-Plesk
Public-Key-Pins
Content-MD5
X-TTL
Charset
Service-Worker-Allowed
X-Recruiting
AR-Request-ID
RTSS
Accept-CH-Lifetime
Ar-Sid
X-Abt-Application-Version
X-D2id
X-Navigation-Version
X-Server-ID
X-Amz-Server-Side-Encryption
X-TtlSet
X-Vname
X-PC
X-Ser
X-Varnish-TTL
X-Vcap-Request-Id
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Forwarded-Proto
X-Trace
X-Client-IP
SPRequestGuid
Nginx-Cache
X-DynaTrace-JS-Agent
X-FTR-Backend-Server
X-FTR-Cache-Status
X-FTR-DC
X-FTR-Balancer
X-FTR-Realm
X-FTR-Backend
X-Country-Code-Real
X-FTR-Expires
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-Goog-Generation
X-Amz-Rid
DynaTrace
X-Amz-Meta-S3cmd-Attrs
S
X-VCache
X-Fastly-Request-ID
X-Debug
X-SharePointHealthScore
X-XRDS-Location
TCN
X-Hits
X-TEC-API-ORIGIN
Arr-Disable-Session-Affinity
X-Dw-Request-Base-Id
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Upstream-Proxy
X-Pinterest-Rid
X-Shield-Request-Id
Pinterest-Version
X-Akam-SW-Version
SPIisLatency
SPRequestDuration
X-Oracle-Dms-Rid
X-Powered-CMS
Access-Control-Request-Method
X-T
X-FTR-Cache-Host
X-B3-TraceId
X-Goog-Storage-Class
X-Id
X-Litespeed-Cache
Realpath
X-Aspnet-Version
X-Acc-Meta-Resource-Type
Tracecode
X-NF-Request-ID
X-MSEdge-Ref
Front-End-Https
X-Amzn-Trace-Id
X-Webkit-CSP
X-N
Fastcgi-Cache
X-Varnish-Age
X-Dns-Prefetch-Control
X-Content-Type
Paypal-Debug-Id
X-Ttl
X-Upstream
X-Forwarded-For
MRF-Tech
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
X-B3-TraceId-Primal
Mrf-Cache-Status
Alternate-Protocol
X-Frontend
X-Logged-In
X-RateLimit-Remaining
X-PressLabs-Stats
X-Content-Digest
X-HS-Hub-Id
X-HS-Content-Id
Fusion-Content-Id
Fusion-Template-Id
Fusion-Component-Id
Fusion-Source
Fusion-Content-Source
X-Middleton-Display
Response
Display
X-Srv
X-Fastcgi-Cache
X-Sol
X-Middleton-Response
X-Hostname
X-Cache-Key
AMP-Access-Control-Allow-Source-Origin
X-Pad
X-Accel-Expires
X-SERVER
Host
X-DataStream-MidMile-RTT
MicrosoftSharePointTeamServices
X-DataStream-Origin-MEX-Latency
X-B3-Traceid
Server-Name
X-Kinsta-Cache
X-Analytics
X-Correlation-Id
Backend-Timing
X-Debug-Info
X-LB-Cache
X-Activity-Id
X-AppVersion
X-Az
X-Content-Options
X-User-Agent
X-Revision
X-IPLB-Instance
X-Amz-Apigw-Id
X-B3-Sampled
X-Amzn-RequestId
X-Rid
Surrogate-Key
X-Cache-Hit
FilterID
X-Cache-2
Accept-Charset
X-Grace
ServerID
Refresh
X-B
Powered-By-ChinaCache
X-CF-Powered-By
X-Accel-Buffering
X-Page-Id
X-DIS-Request-ID
X-Request-Processing-Time
X-Request-Received
X-Whom
TP-L2-Cache
TP-Cache
Server-Info
X-FastCGI-Cache
MS-CV
Host-Header
X-PHP-Backend
Cache-Status
X-Varnish-Backend
X-Ruxit-Js-Agent
X-Cached-By
VIX-Pulpo-Node
X-Origin-Server
X-TT
X-Content-Security-Policy-Report-Only
X-Cache-Action
X-Akamai-Edgescape
X-Amz-Replication-Status
VIX-Pulpo-Upstream-Status
X-App-Environment
X-F-Cache
X-Platform-Server
Source
X-Cluster
X-Framework
X-UA-Device-Type
X-GUploader-UploadID
X-Content-Powered-By
X-Kong-Proxy-Latency
X-Mobile
X-Tumblr-User
X-Varnish-Grace
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Kong-Upstream-Latency
X-Drupal-Cache-Tags
Access-Control-Allow-Method
X-Instance
X-Request-Guid
X-FW-Type
X-FW-Static
X-FW-Server
X-FW-Serve
X-FW-Hash
X-FB-Debug
X-Forwarded-Host
X-Geo-Country
X-RateLimit-Limit
PageSpeed
X-Cache-TTL
X-Zen-Fury
X-SS-Set-Cookie
Edge-Cache-Tag
X-TA-CDN-Provider
X-Node-Name
X-Handled-By
X-Shard
X-Magnolia-Registration
X-Ezoic-Cdn
From-Origin
X-Varnish-Hostname
X-ATG-Version
X-Cache-Age
Cache-Tags
Fastly-Restarts
X-BCube-Filmed-By
X-Varnish-Server
X-Cache-Control
X-AOL-HN
X-App-Server
DC
Cleartype
Healthy
Upgrade-Insecure-Requests
X-Cache-Rule
Payment
Server-Node
X-RequestSource
X-Response-Served-From
X-Region
Filters
X-Adobe-Loc
X-Signature
Country
X-B-Cache
X-Adobe-Content
X-TX-ID
X-WebKit-CSP-Report-Only
X-Redis-Cache
X-UUID
X-VG-WebCache
Ms-Operation-Id
Retry-After
Actual-Object-TTL
X-TT-TIMESTAMP
X-GeoIP
X-Storage
X-RTag
X-Generated-By
X-Tumblr-Pixel-1
X-FW-Dynamic
Webserver
X-Tumblr-Pixel-2
X-Jobs
X-Drupal-Cache-Contexts
Cache-Tv-Group
Powered
X-XRDS-LOCATION
X-Varnish-Hits
X-Content-Age
X-Locale
X-Cacheable-TTL
NGB
CACHE
GEO-INFO
X-Esi
ServedBy
Frame-Options
Liferay-Portal
X-Oneagent-Js-Injection
X-Contextid
X-WA-Info
HitType
X-Rendered-As
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Varnish-IP
X-Cache-NE
X-Cache-TTL-Remaining
X-Seen-By
Eomportal-Instance
X-RemovedCookies
X-ProcessESI
X-Guploader-Uploadid
X-Via-JSL
S-Cnection
X-BACKEND-TTL
X-Upgrade-Enabled
X-Real-IP
Viewport
X-Cache-Operation
X-Mode
X-Varnish-Cache-Hits
X-Cache-Server
Load-Balancing
X-Akamai-Transformed
Meta-Geo
X-RN-RSRV
X-Routing-Service
Cache-Key
Mn-Server-Ip
X-Zipkin-Id
OT-Force-Account-Verify
X-ES-SERVER
X-From
X-Is-Bot
X-Proxied
X-Detected-As
X-Cache-Enabled
X-Cache-Var
Cache-Hits
X-Cache-Var-Map
X-Path-Route
Machine
X-Time
X-S
Content-Script-Type
Content-Style-Type
Webcakes-App-Name
X-Hl-Ver
NtCoent-Length
TWC-GeoIP-LatLong
Webcakes-App-Version
X-Tb
Webcakes-Region
X-Hosted-By
X-Device-Type
X-Environment-Context
Property-Id
TWC-Privacy
X-LJ-Flow-ID
X-Origin-Hint
X-L-Path
TWC-Locale-Group
Vix-Hermes-Req-Id
X-Proto
X-Rocket-Nginx-Bypass
X-NWS-LOG-UUID
X-VWS-Id
X-Viewer-Country
TWC-GeoIP-Country
X-FC-Vary-Parameters
X-FB-TRIP-ID
X-Cache-Config
TWC-Device-Class
TWC-Connection-Speed
Access-Control-Request-Headers
X-AWS-Id
NGX
X-VG-TLSProxy
Datacenter
X-Loop
X-Labrador-Cache-Channel
S-Rt
Azure-Version
Azure-InstanceId
X-Format
X-FW-Version
Azure-RegionName
Azure-SiteName
DB-Nickname
Azure-SlotName
X-Akamai-Request-ID
X-RCS-CacheZone
Origin-Cache-Control
Now
X-Vgn-Hpd-Reason
X-Tumblr-Pixel-3
X-Access
X-Web-Node
X-Time-Microsecs
X-R9-Blue-Green-Version
X-Backend-Name
Origin-Edge-Control
X-TNCMS
X-Debug-Cache
X-Proxy
L5d-Success-Class
X-Origin-Response-Time
X-NCache
X-EIG-Tracking-Id
Mail-Subject
X-Section
Xserver
We-Hiring
X-MP-GENERATED-AT
X-CCM
Selected-FE
X-OCL
X-Timing-Wait
X-ServerID
X-Trace-Id
X-Birta-Served
X-Via-CDN
X-Human
X-Birta-Cache-Post
X-Xfnlog-Site
X-IP
X-JoinUs
X-PCL
X-Proxy-Build
X-Via-Fastly
Uber-Trace-Id
X-BYPASS-REASON
X-Cache-Category-Id
X-Internal-Host
X-Newrelic-App-Data
X-Endurance-Cache-Level
X-ProxyCache-Key
X-ProxyCache-Status
X-Www-Served-By
X-Site-Version
X-Grey
LB
Cache-Tag
X-Generated
X-Varnish-Cacheable
X-Cache-Remote
X-Status
X-UA
X-Dynatrace-Js-Agent
Decoy-Debug-TTL
Decoy-Debug-Key
X-VC-Cache
Decoy-Debug-Status
Served-By
X-GRACE
X-Rule
X-UnsetCookies
X-Wix-Server-Artifact-Id
X-EdgeConnect-Cache-Status
Release
X-CDN-Cache
X-TIME
Nel
AsisCache
X-Wix-Request-Id
X-Cluster-Node
ViewerVersion
Rt-Fastcgi-Cache
X-APP-VERSION
X-B3-Spanid
X-Origin-Host
X-App-Name
X-Sucuri-ID
X-Request-Time
X-PERF
X-Nginx-Cache
X-ApacheServer
X-Source
X-Agile-Id
X-Origin
X-Goog-Meta-Goog-Reserved-File-Mtime
X-OVcl
X-Agile
X-Hit
X-Agile-Age
X-OVcl-Cache
X-NewRelic-App-Data
X-VCT
X-Ua
DSUID
Cache-Name
SRV
X-App-Version
Warning
X-ElasticPress-Search
User-Agent
X-Origin-TTL
X-Origin-CC
X-ServiceProvider
Server-Cache-Control
X-Request-UUID
X-Reboot
X-Rewrite-Enabled
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
X-Matched-Rule
Thinkindot-Control
Server-Surrogate-Control
Meta-Geo-Continent
X-Mobile-URL
X-A-Ccd
X-PAYTM-SRV-ID
Memcached
X-SRCache-Key
X-A
FNAC-ModuleRouting
UCS
X-DPWN-IS-SECURE
Www
X-Refresh
X-Server-Group
Rendered-Blocks
X-S-Cookie
X-ScT
X-A-Dam
X-Secret
X-Rojux
Ajk
On-Server
Ec-Rule-Version
Origin
Arc-Country
X-External-Request-Id
X-Sedo-Request-Id
MD5-Digest
Request-Time
Lfy
BehaviorPad-Version
Fly-Cache
Fly-Request-Id
X-Logtrace-Id
Cross-Origin-Window-Policy
Request-EU
Request-Country
Node
Cache-Prefix
X-F5-Cache
X-Pubstack
X-Accel-Expires-Debug
X-Twitter-Response-Tags
X-A-Dcw
X-Cache-Info
X-Instart-Isnd
X-Cache-Miss-From
X-Cache-Grace
X-Cache-Expires
X-B-Cookie
X-Transaction
X-Cache-ASPX
X-Trv-Group
X-Hp-Webp
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Destination
X-Var-Ttl
X-VG-WebServer
X-Developer
X-Varnish-Authentication
X-Webstats-RespID
X-Date
X-Core-Value
X-Connection-Hash
Xc-Version
X-Up
X-D
X-ARC
Hostname
X-NodeID
X-Thinkindot-L3
X-NU-AKA-ACS-Version
X-Gannett-Site-Version
X-Processor
X-Aed
X-Generated-In
X-Region-Sid
X-G
X-Application
X-A-Dgt
X-A-Wwc
X-Platform
User-Cache-Control
X-Cache-Backend
X-Varnish-Ttl
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Debug-Cache-Expiry
X-Dispatcher-Server
Web-Mar-Node
X-Debug-Cookies
IsBot
X-Rebelmouse-Surrogate-Control
X-Developers
Kp-EeAlive
X-Debug-Log
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-Crawler
X-Rebelmouse-Cache-Control
X-Qloud-Router
X-Amzn-Remapped-Date
ServerName
X-Cache-Host
X-Amzn-Remapped-Content-Length
X-Cache-Id
X-Cache-Debug
X-Cache-Bucket
RNT-Time
X-BB-ID
X-Block-Status
Server-Int
X-Amzn-Remapped-Connection
X-Policy
X-Li-Fabric
RNT-Machine
Pagetype
X-Protected-By
Pramga
True-Client-Country-4JS
X-Epic-Correlation-Id
X-Cdn-Srv
X-Distil-CS
Proxy-Connection
X-Distributor
Apple-News-Services-Host
X-Micro-Cache
X-SN
X-NX-Host
X-Swa-Ws
X-Request-URI
X-Info
X-SIPLIST1
X-Origin-Date
X-Ocache
X-Servername
Cteonnt-Length
X-Sf
X-Ah-Environment
X-Real-Ip
Server-Host
X-Page-Type
X-IN-APIGATEWAY
X-IN-WAF
X-Nginx-Cache-Key
X-LAGOON
X-Hnp-Log
X-Origin-Expires
X-Gen-Mode
Cache
X-Hash
X-PHP-Host
X-Edge-Location
X-Li-Pop
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
X-Location
X-LI-UUID
Fastly-SWR
Fastly-SIE
X-LI-Proto
Backend
CDCHOST
Apple-News-Services-Parsed-Url
X-Device-Os
Apple-News-Services-Handled
Apple-News-Services-Request-Url
X-WPE-Loopback-Upstream-Addr
X-FireWall-Port
X-Datadome
Pagespeed
X-Cache-FS-Status
HTTPS
X-Level-Front-Cache
X-Key
X-Irp-Debug
HA-Ipaddr
X-Bip
X-Planisys-CDN-TTL
X-BBXSRF
Fastly-SSL
X-C
Is-Eu
X-Variation
Ha-Gx-Prefs
X-TT-LOGID
X-CGP
X-Via-Edge
X-Wikidot-Static-Cache
Heartbleed
X-Planisys-CDN-Cache
X-Wikidot-Backend
X-No-Session
X-User
Gh-Request-Id
X-Core-Mission
X-Via-SSL
X-Fetched-On
X-Planisys-CDN-Rules
X-Cms-Context
X-MSEdge-Flight
X-GeoIP-Country-Code
X-Generated-On
X-Geo-Header
X-Skip-Cache
X-Shopify-Stage
X-Proxy-Cache-Status
X-Sorting-Hat-PodId
X-Varnish-Beresp-Status
X-MSEdge-Features
X-Sorting-Hat-ShopId
X-Varnish-Beresp-Grace
X-Proxy-Upstream
X-ShopId
X-Sucuri-Cache
X-S-Maxage
Adler-Geo
X-Server-IP
Platform
X-ShardId
X-Eu-Site
SD-X-WS
Content-Disposition
Country-Code
AKAMAI
X-Gateway-Skip-Cache
X-Gateway-Cache-Status
Fastly-Soc-X-Request-Id
X-Auto-Login
X-Backend-State
X-Backend-Host
X-GeoIP-City
X-TrackingId
X-Amz-Meta-Cache-Control
X-Fastly-Cache
X-Thanos
X-Backend-Url
X-Gateway-Cache-Key
X-Alternate-Cache-Key
X-Edge-IP
X-GZip
X-Owner
Fastly-Backend-Name
X-Cdn-Forward
X-Cdn-Origin
X-Server-Time
X-RateLimit-Reset
X-Sn-Servicetimems
X-NC
Magicmarker
N-Cache
V-Age
X-Varnish-Url
X-Apm-Inst-Hash
X-Apm-App-Name
X-Apm-Svc-Key
MIME-Version
Rt-Proxy-Cache
REQUESTUUID
X-Exp-Se
X-Geo
X-ND-Cache
Server-ID
X-CDN-Forward
X-FPC
X-Served-From
X-Node-Id
X-Org
X-B3-Parentspanid
X-Aicache-OS
HostName
VivaBuild
X-Gdpr
Viewtype
X-Varnish-Beresp-Ttl
X-Load-Cache
X-CUA
Powered-By
X-Pjax-Url
X-Git-Hash
X-Parent-Response-Time
X-DC
X-Dc
X-CSRF-TOKEN
Pragrma
Wxu-Next-Region
Wxu-Next-Commit
Wxu-Next-Hostname
Section-Io-Cache
CF-IPCountry
X-Svr
X-Stale
X-Server-By
X-Passed-To-DLL
X-Passed-To-BeforeDispatch
X-Passed-To
X-Passed-To-PostProcessResponse
X-Returned-From
X-Returned-From-PostProcessResponse
X-Returned-From-DLL
X-Returned-From-BeforeDispatch
X-Original-Request
Time
Memory
PICS-Label
X-Actual-URL
X-Host-Name
X-Nc
X-VServer
X-Croise-Owner
X-Wa
Host-ID
X-HS-Cache-Config
X-CACHE-KEY
X-Servedbyhost
Resin-Trace
X-Oss-Storage-Class
X-Oss-Request-Id
X-Oss-Object-Type
X-Edge-Server
Cdn-Host
Cdn-Request-Time
X-Oss-Hash-Crc64ecma
X-Release
X-Oss-Server-Time
X-Daa-Tunnel
X-WebServer
X-TH-Server
X-Tb-Optimization-Total-Bytes-Saved
Mime-Version
X-Cache-HT
X-Optimization
AR-SID
X-Unique-ID
X-Phone
X-Microcachable
X-From-Cache
ProcessTime
SID
X-Upstream-CT
X-Upstream-HT
X-Varnish-Beresp-TTL
X-Newrelic-Synthetics
Fastcgi-Useragent
X-Instart-Info
XServer
X-Lb-Id
Cf-Ipcountry
Cdn
X-Req
Backend-Name
X-APP
CF-Cached-On
X-Atg-Version
X-V
X-Fastly-Backend-Reqs
X-Worker
Processtime
Odigeo-Trace-Id
Proxy-Firewall
178proxuri
X-LB-ID
286prxHost
352pxline
355prline
X-ID
225prxHost
189phosttRef
219prxHost
188prxHost
409pxxline
X-HTML-Minification-Powered-By
X-Server-W
Xxline
X-B3-SpanId
X-Ratelimit-Remaining
X-Check-Cacheable
X-Ratelimit-Limit
X-WR-MODIFICATION
X-Fstrz
Version
X-Vcl-Version
X-Backend-TTL
X-Zone
X-CLOUD-TRACE-CONTEXT
X-CACHE-AGE
X-Nananana
X-IPS-LoggedIn
X-Response-By
X-VCL-Version
X-Akamai-Request-ID2
Esi-Enabled
GMS-Ver
X-NGINX-Cache
X-Vcache
X-UPSTREAM-Address
Accept-Language
X-Ratelimit-Reset
X-AssetVersion
X-WA
X-COUNTRY
X-Request-Handler-Origin-Region
X-Microsite
Public-Key-Pins-Report-Only
X-Contensis-Viewer-Groups
X-URL
SN
GeoIp-Country-Code
Geoip-Latitude
X-HS-Status
X-ServedByHost
X-Hyper-Cache
GeoIP-City
Fastcgi-X-Cache-Version
GeoIP-Country-Code
Pics-Label
GeoIP-Latitude
WZWS-RAY
X-CSRF-Token
DataCenter
X-Fastly-Country-Code
X-Be
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
X-Amz-Meta-Surrogate-Control
GW-Server
X-FORWARDED-FOR
Geoip-City
X-SERVER-NAME
X-ZONE
X-Dynatrace
Mobile-Detection-Method
Countrycode
X-Request-Start
X-Urbn-Context-Path
X-Urbn-Site-Id
X-Render-Time
X-We-Are-Hiring
Locale
X-Clientip
X-RequestId
X-Via-Ucdn
X-GEO
X-UE-Client-Country
X-Via-NSCOPI
Lb
WP-Super-Cache
X-Cdn-Cache
X-Reqid
X-LiteSpeed-Cache-Control
X-ABtesting
X-Hello
X-NWS-UUID-VERIFY
X-PJAX-URL
SS
URI
X-BE
X-CS
X-GDPR
CDN
X-Flog
X-Unique-Id
Ohc-File-Size
IBM-Web2-Location
Dnion-Transfer-Encoding
Dynatrace
X-GZIP
FastCGI-Cache
X-HostName
Amp-Access-Control-Allow-Source-Origin
X-SRV
FSS-Proxy
X-PF-Uncompressing
X-Pf-Uncompressing
X-Fpc
X-HS-Combine-CSS
Cneonction
RequestUuid
FSS-Cache
X-Generation-Time
X-Gen-Id
Serverid
X-Cache-Ttl
Server-Id
A
X-Fastly-Cache-Hits
Requestid
X-Test
X-Store
X-Bug-Bounty
X-Request-Url
X-Cluster-Name
X-Html-Edge-Cache
Accept-Ch
X-LiteSpeed-Tag
X-NGENIX-Cache
X-Akamai-SSL-Client-Sid
X-Serial
Ohc-Response-Time
X-HTML-Edge-Cache
X-Compress-Hint
X-Requestid
X-Cache-URL
RequestId
Ohc-Cache-HIT
X-Cdn-Request-ID
Get-Access-Time
Is-Session-Tracking
Frontcache
X-ServerName
X-Dw-Trace-Id
NnCoection
X-EC-Lua