Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
X-Powered-By
Link
ETag
CF-RAY
X-XSS-Protection
Expect-CT
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
CF-Cache-Status
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-Xss-Protection
X-Drupal-Cache
X-Adblock-Key
Alt-Svc
X-Check
X-Cacheable
X-Cache-Status
Content-Security-Policy-Report-Only
X-Generator
X-Request-ID
CF-Ray
X-DNS-Prefetch-Control
X-Permitted-Cross-Domain-Policies
X-AspNetMvc-Version
X-Template
X-Language
Status
X-Iinfo
Content-Encoding
Timing-Allow-Origin
X-Content-Security-Policy
X-FRAME-OPTIONS
X-Buckets
Upgrade
Xkey
X-Turbo-Charged-By
X-Kinja-Server-Push
X-CDN
Keep-Alive
Access-Control-Expose-Headers
X-Backend
Access-Control-Max-Age
X-Cache-Group
X-Pass-Why
X-AH-Environment
P3p
X-Drupal-Dynamic-Cache
X-Age
X-Server
X-Ua-Compatible
X-Pingback
X-Via
X-Proxy-Cache
X-Amz-Id-2
X-Amz-Request-Id
Grace
X-Hacker
X-Varnish-Cache
WPE-Backend
X-Page-Speed
X-Robots-Tag
X-Server-Powered-By
X-Nginx-Cache-Status
X-UA-Device
EagleId
Request-Context
X-Envoy-Upstream-Service-Time
Cf-Railgun
X-Amz-Version-Id
X-LiteSpeed-Cache
X-Swift-SaveTime
X-Swift-CacheTime
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-OneAgent-JS-Injection
Ali-Swift-Global-Savetime
X-Device
X-WebKit-CSP
Server-Timing
Allow
X-Ac
X-Rq
X-Node
X-Host
Content-Location
X-Server-Id
Feature-Policy
X-Cnection
X-Response-Time
X-CST
Report-To
X-Backend-Server
X-Cloud-Trace-Context
EagleEye-TraceId
Surrogate-Control
X-Application-Context
X-ORACLE-DMS-ECID
X-Iejgwucgyu
X-Url
X-Readtime
Request-Id
X-Origin-Cache
X-Rack-Cache
X-Country
X-FTR-Request-ID
X-Cache-Lookup
X-Clacks-Overhead
X-Country-Code
X-Type
NEL
Rating
X-Instart-Request-ID
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Ruxit-JS-Agent
Pinterest-Generated-By
X-Vhost
X-DynaTrace
X-Cdn
X-DataDome
X-Mod-Pagespeed
X-Origin-Upstream-Status
Edge-Control
X-Px
X-Goog-Hash
X-HW
X-Server-Name
Verso
X-Dispatcher
Accept-CH
X-Upstream-Env
MS-Author-Via
X-ESI
X-VARITI-CCR
X-ORACLE-DMS-RID
AR-ATIME
AR-CACHE
AR-PoweredBy
X-Mobile-Rewrite
PB-RID
Arc-Version
PB-PID
X-MS-InvokeApp
X-GitHub-Request-Id
X-Kinja
X-Exp-Variant
X-Cdn-Fetch
X-Exp-Id
X-Kinja-Build
X-GoogleNews-Bot
X-Kinja-Server
X-Kinja-Revision
X-Use-Magma
X-DataStream-Cache-Status
X-Cached
Public-Key-Pins
X-TTL
X-Version
X-Powered-By-Plesk
Content-MD5
Service-Worker-Allowed
X-Recruiting
Charset
AR-Request-ID
RTSS
Ar-Sid
Accept-CH-Lifetime
X-Abt-Application-Version
X-D2id
X-TtlSet
X-PC
X-Amz-Server-Side-Encryption
X-Navigation-Version
X-Vname
X-Ser
X-Vcap-Request-Id
X-Server-ID
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Forwarded-Proto
X-Varnish-TTL
X-Client-IP
SPRequestGuid
X-Trace
Nginx-Cache
X-FTR-Realm
X-FTR-DC
X-FTR-Backend
X-FTR-Cache-Status
X-FTR-Backend-Server
X-Country-Code-Real
X-FTR-Balancer
X-FTR-Expires
X-Goog-Stored-Content-Length
X-DynaTrace-JS-Agent
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
DynaTrace
X-Amz-Rid
S
X-Amz-Meta-S3cmd-Attrs
X-Webkit-CSP
X-Fastly-Request-ID
X-SharePointHealthScore
X-Debug
X-Oracle-Dms-Rid
TCN
X-Hits
X-VCache
X-TEC-API-ORIGIN
X-Dw-Request-Base-Id
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Upstream-Proxy
Pinterest-Version
Arr-Disable-Session-Affinity
X-Pinterest-Rid
X-XRDS-Location
X-Shield-Request-Id
X-Akam-SW-Version
X-Powered-CMS
SPIisLatency
SPRequestDuration
X-B3-TraceId
Access-Control-Request-Method
X-T
X-FTR-Cache-Host
X-Goog-Storage-Class
X-Id
Realpath
X-NF-Request-ID
X-Acc-Meta-Resource-Type
Tracecode
X-Amzn-Trace-Id
X-MSEdge-Ref
Front-End-Https
X-Aspnet-Version
X-N
Fastcgi-Cache
X-Varnish-Age
X-Content-Type
X-Forwarded-For
Paypal-Debug-Id
X-Dns-Prefetch-Control
X-Upstream
X-Ttl
X-Fastcgi-Cache
X-Mrf-Section-Lastmod
Mrf-Cache-Status
Alternate-Protocol
MRF-Tech
X-B3-TraceId-Primal
X-Mrf-Item-Lastmod
X-Frontend
X-Content-Digest
X-Logged-In
X-PressLabs-Stats
X-HS-Hub-Id
X-HS-Content-Id
X-Middleton-Response
X-Middleton-Display
Response
X-Sol
Fusion-Content-Source
Fusion-Component-Id
Fusion-Content-Id
Display
Fusion-Source
Fusion-Template-Id
X-Srv
X-Hostname
X-RateLimit-Remaining
X-Cache-Key
X-Pad
X-Litespeed-Cache
X-Accel-Expires
AMP-Access-Control-Allow-Source-Origin
Host
MicrosoftSharePointTeamServices
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
Server-Name
X-Kinsta-Cache
Backend-Timing
X-Analytics
X-Correlation-Id
X-SERVER
X-User-Agent
X-Revision
X-Debug-Info
X-LB-Cache
X-Content-Options
X-AppVersion
X-Az
X-Activity-Id
ServerID
X-B3-Sampled
X-B3-Traceid
X-IPLB-Instance
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Rid
X-Cache-Hit
Surrogate-Key
Accept-Charset
FilterID
X-Cache-2
X-Grace
Refresh
X-B
Powered-By-ChinaCache
X-CF-Powered-By
X-Accel-Buffering
X-Page-Id
X-Request-Received
X-Request-Processing-Time
X-DIS-Request-ID
X-Whom
TP-Cache
MS-CV
TP-L2-Cache
Server-Info
X-PHP-Backend
Host-Header
X-Cached-By
Cache-Status
X-Varnish-Backend
X-Akamai-Edgescape
X-Amz-Replication-Status
X-Cache-Action
X-App-Environment
VIX-Pulpo-Upstream-Status
Source
VIX-Pulpo-Node
X-TT
X-Content-Security-Policy-Report-Only
X-F-Cache
X-Cluster
X-Origin-Server
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Framework
X-Tumblr-User
X-Platform-Server
X-Mobile
X-Content-Powered-By
X-Varnish-Grace
Access-Control-Allow-Method
X-Kong-Upstream-Latency
X-FW-Hash
X-UA-Device-Type
X-Kong-Proxy-Latency
X-Instance
X-FW-Server
X-Drupal-Cache-Tags
X-FW-Serve
X-Request-Guid
X-FW-Type
X-FW-Static
X-FB-Debug
X-Ruxit-Js-Agent
X-Forwarded-Host
X-Geo-Country
X-Shard
X-GUploader-UploadID
X-Node-Name
X-Cache-TTL
X-Ezoic-Cdn
X-Zen-Fury
Edge-Cache-Tag
PageSpeed
X-FastCGI-Cache
X-SS-Set-Cookie
X-Handled-By
X-RateLimit-Limit
From-Origin
X-Magnolia-Registration
X-TA-CDN-Provider
X-Varnish-Hostname
Fastly-Restarts
X-Cache-Age
X-ATG-Version
Cache-Tags
X-BCube-Filmed-By
X-Cache-Control
X-AOL-HN
X-Varnish-Server
DC
Upgrade-Insecure-Requests
Healthy
Cleartype
X-App-Server
X-Cache-Rule
X-XRDS-LOCATION
Server-Node
Payment
X-RequestSource
Retry-After
X-Response-Served-From
X-Adobe-Loc
X-TX-ID
X-Region
Country
X-Adobe-Content
X-Signature
X-WebKit-CSP-Report-Only
X-B-Cache
X-UUID
Ms-Operation-Id
X-Redis-Cache
Actual-Object-TTL
X-GeoIP
Filters
X-RTag
X-VG-WebCache
X-Storage
Webserver
X-TT-TIMESTAMP
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-Jobs
X-Generated-By
Powered
X-FW-Dynamic
X-Drupal-Cache-Contexts
X-Varnish-Hits
X-Content-Age
Cache-Tv-Group
X-Locale
X-Cacheable-TTL
NGB
GEO-INFO
Frame-Options
ServedBy
CACHE
X-Esi
X-WA-Info
Liferay-Portal
X-Contextid
HitType
X-Oneagent-Js-Injection
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Rendered-As
X-Guploader-Uploadid
X-Cache-NE
X-Varnish-IP
X-Cache-TTL-Remaining
X-ProcessESI
X-RemovedCookies
X-Via-JSL
Eomportal-Instance
X-Seen-By
X-Real-IP
X-Time
X-Upgrade-Enabled
S-Cnection
X-Cache-Operation
Viewport
Xserver
X-Mode
X-BACKEND-TTL
X-Cache-Server
X-NWS-LOG-UUID
X-Dynatrace-Js-Agent
X-Varnish-Cache-Hits
X-Proxied
Mn-Server-Ip
X-Cache-Enabled
X-Cache-Var
X-Cache-Var-Map
Meta-Geo
Load-Balancing
OT-Force-Account-Verify
Cache-Hits
Cache-Key
X-Detected-As
X-Device-Type
X-Proto
X-RN-RSRV
X-Routing-Service
X-Path-Route
X-Is-Bot
X-ES-SERVER
X-From
X-Hl-Ver
X-Zipkin-Id
Machine
X-S
X-Akamai-Transformed
X-Hosted-By
TWC-Connection-Speed
Property-Id
TWC-Device-Class
TWC-GeoIP-LatLong
Vix-Hermes-Req-Id
TWC-Privacy
TWC-Locale-Group
TWC-GeoIP-Country
NGX
X-LJ-Flow-ID
X-Proxy
Access-Control-Request-Headers
X-Origin-Hint
X-Rocket-Nginx-Bypass
L5d-Success-Class
We-Hiring
Mail-Subject
X-L-Path
X-Tb
X-VG-TLSProxy
X-Backend-Name
Webcakes-App-Name
X-FB-TRIP-ID
X-Cache-Config
X-Environment-Context
Datacenter
Content-Style-Type
Content-Script-Type
X-FC-Vary-Parameters
X-AWS-Id
Webcakes-Region
X-Viewer-Country
X-VWS-Id
Webcakes-App-Version
Azure-SlotName
X-Debug-Cache
X-GRACE
X-EIG-Tracking-Id
Azure-InstanceId
X-Loop
Azure-SiteName
Azure-RegionName
DB-Nickname
Origin-Cache-Control
Origin-Edge-Control
X-Format
Now
X-Access
X-NCache
X-FW-Version
X-Akamai-Request-ID
Azure-Version
X-Vgn-Hpd-Reason
X-Section
X-Tumblr-Pixel-3
X-TNCMS
X-ServerID
X-Web-Node
X-RCS-CacheZone
X-Origin-Response-Time
X-R9-Blue-Green-Version
X-Timing-Wait
S-Rt
X-CCM
X-IP
X-Trace-Id
X-BYPASS-REASON
X-Cache-Remote
X-Via-Fastly
X-Via-CDN
X-Time-Microsecs
X-Xfnlog-Site
Selected-FE
X-MP-GENERATED-AT
X-JoinUs
X-Labrador-Cache-Channel
X-ProxyCache-Status
X-ProxyCache-Key
X-PCL
X-OCL
X-Proxy-Build
X-Cache-Category-Id
Uber-Trace-Id
X-Www-Served-By
X-Generated
Cache-Tag
X-Grey
NtCoent-Length
X-Site-Version
LB
X-Human
X-Internal-Host
X-Endurance-Cache-Level
X-Varnish-Cacheable
X-Birta-Served
X-Birta-Cache-Post
X-Status
Decoy-Debug-Key
X-Newrelic-App-Data
X-VC-Cache
Decoy-Debug-Status
Decoy-Debug-TTL
X-UnsetCookies
X-Rule
Served-By
X-UA
X-EdgeConnect-Cache-Status
Release
X-Wix-Server-Artifact-Id
X-CDN-Cache
AsisCache
Nel
X-Cluster-Node
ViewerVersion
X-Request-Time
X-Wix-Request-Id
X-App-Version
Rt-Fastcgi-Cache
X-App-Name
X-Nginx-Cache
X-Varnish-Ttl
X-PERF
X-Origin-Host
X-TIME
X-B3-Spanid
X-ApacheServer
X-Sucuri-ID
X-Source
X-Ua
X-Hit
X-Goog-Meta-Goog-Reserved-File-Mtime
X-NewRelic-App-Data
X-Origin
X-OVcl-Cache
X-OVcl
X-Agile-Id
DSUID
X-VCT
X-Agile
X-Agile-Age
X-APP-VERSION
Cache-Name
SRV
Pagespeed
Warning
X-Pubstack
X-Origin-TTL
Hostname
Cache
X-Origin-CC
X-ElasticPress-Search
X-Cache-Info
X-Destination
X-Cache-Miss-From
X-Developer
X-CF-Lambda-Fn
Arc-Country
X-G
X-F5-Cache
BehaviorPad-Version
X-DPWN-IS-SECURE
X-Debug-Log
Ajk
X-Debug-Cache-Fetch
X-D
X-Debug-Cache-Expiry
X-Date
X-Core-Value
X-Debug-Cache-Store
X-Cache-Grace
X-Connection-Hash
X-Cache-Host
X-Debug-Cookies
X-CF-Lambda-Version
X-ARC
Lfy
MD5-Digest
Memcached
Server-Surrogate-Control
Thinkindot-CacheControl
UCS
Thinkindot-Control
Thinkindot-CacheControl-Type
Server-Cache-Control
Meta-Geo-Continent
Request-EU
Request-Country
Rendered-Blocks
Origin
On-Server
Node
Request-Time
Www
X-A
Cross-Origin-Window-Policy
Ec-Rule-Version
X-Aed
X-Application
Xc-Version
Cache-Prefix
X-Cache-ASPX
X-B-Cookie
X-Accel-Expires-Debug
X-A-Wwc
X-A-Dcw
X-A-Dam
X-A-Ccd
X-A-Dgt
FNAC-ModuleRouting
Fly-Cache
Fly-Request-Id
X-Cache-Expires
X-External-Request-Id
X-SRCache-Key
X-Reboot
X-Refresh
X-Webstats-RespID
X-Thinkindot-L3
X-Transaction
X-NodeID
X-Up
X-Rewrite-Enabled
X-Trv-Group
X-Region-Sid
X-ServiceProvider
X-S-Cookie
X-Request-UUID
X-Matched-Rule
X-Rojux
X-ScT
X-Secret
X-Mobile-URL
X-Server-Group
X-Sedo-Request-Id
X-Logtrace-Id
X-Var-Ttl
X-Twitter-Response-Tags
X-Generated-In
X-PAYTM-SRV-ID
X-IN-APIGATEWAY
X-Hp-Webp
X-NU-AKA-ACS-Version
X-NX-Host
X-Platform
X-IN-WAF
X-VG-WebServer
X-Varnish-Authentication
X-Gannett-Site-Version
X-Processor
X-Instart-Isnd
Cteonnt-Length
X-Cache-Backend
User-Cache-Control
User-Agent
X-WPE-Loopback-Upstream-Addr
Proxy-Connection
X-Micro-Cache
X-PHP-Host
RNT-Machine
X-Origin-Date
X-Page-Type
X-Request-URI
X-Rebelmouse-Surrogate-Control
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
ServerName
X-Qloud-Router
Server-Int
X-Rebelmouse-Cache-Control
X-Cdn-Forward
X-Policy
Pramga
X-Protected-By
Web-Mar-Node
X-Nginx-Cache-Key
RNT-Time
X-Sf
X-Hnp-Log
X-Hash
X-Developers
X-Info
X-Irp-Debug
X-LAGOON
X-Key
Server-Host
X-Device-Os
X-Eu-Site
X-Origin-Expires
X-Gen-Mode
X-Epic-Correlation-Id
X-Distributor
X-Dispatcher-Server
X-Distil-CS
X-Li-Fabric
X-Li-Pop
X-Cache-Debug
X-SIPLIST1
X-SN
X-Cache-Bucket
X-Block-Status
X-Amzn-Remapped-Content-Length
X-Amzn-Remapped-Date
X-Cache-Id
X-Location
X-CGP
X-Crawler
X-Swa-Ws
X-LI-Proto
X-LI-UUID
X-Cdn-Srv
X-Amzn-Remapped-Connection
True-Client-Country-4JS
Country-Code
Apple-News-Services-Host
Apple-News-Services-Handled
Fastly-SIE
HA-Ipaddr
Fastly-SWR
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Cache-Cookie-Set-Lfrom
CDCHOST
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
Backend
IsBot
Ha-Gx-Prefs
Kp-EeAlive
Pagetype
X-FireWall-Port
X-Wikidot-Static-Cache
Adler-Geo
X-Cms-Context
X-S-Maxage
X-Core-Mission
X-Wikidot-Backend
X-Via-Edge
X-Via-SSL
X-Planisys-CDN-TTL
X-No-Session
X-MSEdge-Flight
X-MSEdge-Features
X-Cache-FS-Status
X-Ah-Environment
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-Edge-Location
X-Variation
X-Real-Ip
X-Fastly-Cache
X-ShardId
X-ShopId
X-Servername
X-Server-IP
X-GeoIP-City
X-Geo-Header
X-Varnish-Beresp-Status
X-Shopify-Stage
X-Skip-Cache
X-Ocache
X-Varnish-Beresp-Grace
X-User
X-TrackingId
X-Thanos
X-C
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-GeoIP-Country-Code
AKAMAI
Fastly-Soc-X-Request-Id
X-Alternate-Cache-Key
X-Amz-Meta-Cache-Control
X-Level-Front-Cache
Fastly-SSL
Gh-Request-Id
Platform
SD-X-WS
Is-Eu
HTTPS
X-Generated-On
Heartbleed
X-Backend-Url
X-Backend-State
X-BB-ID
X-Fetched-On
X-Bip
X-Backend-Host
X-BBXSRF
X-Auto-Login
Content-Disposition
X-Datadome
X-Gateway-Cache-Key
X-Sn-Servicetimems
X-Server-Time
X-Gateway-Skip-Cache
X-Proxy-Upstream
X-Owner
X-Proxy-Cache-Status
X-Cdn-Origin
V-Age
X-Gateway-Cache-Status
X-Apm-Inst-Hash
X-TT-LOGID
X-Apm-App-Name
X-Sucuri-Cache
X-Apm-Svc-Key
X-GZip
X-Edge-IP
X-RateLimit-Reset
X-NC
Server-ID
N-Cache
X-Varnish-Url
Magicmarker
X-Geo
X-ND-Cache
Fastly-Backend-Name
REQUESTUUID
X-Exp-Se
Rt-Proxy-Cache
MIME-Version
X-Served-From
X-B3-Parentspanid
X-FPC
X-Org
X-Node-Id
X-Aicache-OS
X-Pjax-Url
VivaBuild
Viewtype
X-Gdpr
X-Varnish-Beresp-Ttl
X-Load-Cache
X-CDN-Forward
HostName
X-Dc
X-Git-Hash
Powered-By
Wxu-Next-Commit
X-Parent-Response-Time
Wxu-Next-Region
Wxu-Next-Hostname
X-CUA
X-CSRF-TOKEN
X-Host-Name
X-Nc
Pragrma
X-DC
Memory
Time
Section-Io-Cache
CF-IPCountry
X-Returned-From
X-Returned-From-BeforeDispatch
X-Returned-From-DLL
X-Actual-URL
X-Passed-To
X-Passed-To-PostProcessResponse
X-Passed-To-DLL
X-Passed-To-BeforeDispatch
X-Returned-From-PostProcessResponse
X-Original-Request
X-Stale
X-Server-By
X-Svr
X-Daa-Tunnel
PICS-Label
X-Croise-Owner
X-CACHE-KEY
X-VServer
X-Release
X-Servedbyhost
X-Wa
Resin-Trace
X-HS-Cache-Config
Host-ID
X-Oss-Object-Type
X-Oss-Storage-Class
X-Oss-Server-Time
X-Oss-Hash-Crc64ecma
X-Oss-Request-Id
ProcessTime
X-Edge-Server
X-TH-Server
X-Tb-Optimization-Total-Bytes-Saved
Mime-Version
Cdn-Request-Time
X-WebServer
Cdn-Host
X-Phone
X-Unique-ID
X-Optimization
X-Cache-HT
Cdn
X-Upstream-CT
AR-SID
X-Upstream-HT
Cf-Ipcountry
X-Lb-Id
X-Microcachable
X-From-Cache
SID
X-Instart-Info
X-Varnish-Beresp-TTL
Fastcgi-Useragent
X-Newrelic-Synthetics
X-APP
Backend-Name
X-Vcache
X-Req
X-Worker
X-V
CF-Cached-On
X-B3-SpanId
X-Atg-Version
X-Ratelimit-Remaining
XServer
Xxline
X-Server-W
352pxline
225prxHost
219prxHost
178proxuri
188prxHost
Odigeo-Trace-Id
286prxHost
355prline
Proxy-Firewall
189phosttRef
X-Fastly-Backend-Reqs
409pxxline
X-Backend-TTL
Version
X-Zone
X-Vcl-Version
X-Check-Cacheable
X-ID
X-LB-ID
X-Ratelimit-Limit
Processtime
X-HTML-Minification-Powered-By
X-Microsite
X-WR-MODIFICATION
X-Fstrz
X-Request-Handler-Origin-Region
X-CACHE-AGE
X-CLOUD-TRACE-CONTEXT
X-Akamai-Request-ID2
Accept-Language
Esi-Enabled
X-IPS-LoggedIn
X-Nananana
X-Response-By
X-NGINX-Cache
X-AssetVersion
GMS-Ver
X-VCL-Version
X-Contensis-Viewer-Groups
X-WA
SN
Public-Key-Pins-Report-Only
X-URL
Pics-Label
GeoIP-Latitude
GeoIP-Country-Code
GeoIP-City
X-UPSTREAM-Address
X-ServedByHost
X-Ratelimit-Reset
X-Hyper-Cache
X-CSRF-Token
X-HS-Status
GeoIp-Country-Code
Geoip-Latitude
X-Vtex-Remote-Cache
X-Vtex-Processado-Em
X-RequestId
X-Be
WZWS-RAY
Fastcgi-X-Cache-Version
DataCenter
Locale
X-Fastly-Country-Code
X-SERVER-NAME
X-Amz-Meta-Surrogate-Control
Geoip-City
GW-Server
X-Via-NSCOPI
X-Urbn-Context-Path
X-Reqid
X-Urbn-Site-Id
Amp-Access-Control-Allow-Source-Origin
X-Dynatrace
X-ZONE
X-UE-Client-Country
X-NWS-UUID-VERIFY
X-Clientip
X-Via-Ucdn
X-Flog
X-We-Are-Hiring
X-Hello
X-ABtesting
X-GEO
X-Request-Start
X-Render-Time
Countrycode
Mobile-Detection-Method
Lb
WP-Super-Cache
X-Cdn-Cache
URI
IBM-Web2-Location
Dnion-Transfer-Encoding
X-CS
X-BE
X-GDPR
X-LiteSpeed-Cache-Control
SS
Ohc-File-Size
X-Unique-Id
CDN
X-Generation-Time
X-PJAX-URL
X-GZIP
X-FORWARDED-FOR
Dynatrace
X-HostName
X-SRV
FastCGI-Cache
X-Cluster-Name
FSS-Proxy
X-Fpc
X-Gen-Id
X-HS-Combine-CSS
FSS-Cache
Serverid
Requestid
Cneonction
RequestUuid
X-Bug-Bounty
X-PF-Uncompressing
X-Pf-Uncompressing
X-Cache-Ttl
X-Cache-URL
X-Test
X-Request-Url
X-LiteSpeed-Tag
X-Html-Edge-Cache
X-Store
X-ServerName
X-Fastly-Cache-Hits
A
Accept-Ch
Server-Id
X-Akamai-SSL-Client-Sid
X-NGENIX-Cache
Get-Access-Time
X-Got-Non-Ke-Cookie
RequestId
X-HTML-Edge-Cache
Frontcache
X-Compress-Hint
Is-Session-Tracking
X-Serial
X-EC-Lua
NnCoection
Ohc-Cache-HIT
X-Cdn-Request-ID
Ohc-Response-Time
X-Dw-Trace-Id