Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
X-Powered-By
Link
ETag
CF-RAY
X-XSS-Protection
Expect-CT
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
CF-Cache-Status
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-Xss-Protection
X-FRAME-OPTIONS
X-Drupal-Cache
X-Adblock-Key
Alt-Svc
X-Check
X-Cacheable
X-Cache-Status
Content-Security-Policy-Report-Only
X-Generator
X-DNS-Prefetch-Control
X-Request-ID
CF-Ray
X-Permitted-Cross-Domain-Policies
X-AspNetMvc-Version
X-Template
X-Language
Status
X-Iinfo
Content-Encoding
Timing-Allow-Origin
X-Content-Security-Policy
X-Buckets
Upgrade
Xkey
X-Turbo-Charged-By
X-Kinja-Server-Push
X-CDN
Keep-Alive
Access-Control-Expose-Headers
X-AH-Environment
X-Backend
Access-Control-Max-Age
X-Cache-Group
X-Pass-Why
X-Server
X-Drupal-Dynamic-Cache
X-Age
X-Ua-Compatible
X-Via
X-Pingback
X-Proxy-Cache
X-Amz-Id-2
X-Amz-Request-Id
Grace
X-Hacker
WPE-Backend
X-Varnish-Cache
X-Page-Speed
X-Robots-Tag
X-Server-Powered-By
X-Nginx-Cache-Status
X-UA-Device
EagleId
Request-Context
X-Envoy-Upstream-Service-Time
Cf-Railgun
P3p
X-Amz-Version-Id
X-LiteSpeed-Cache
X-Swift-CacheTime
X-Swift-SaveTime
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-OneAgent-JS-Injection
Ali-Swift-Global-Savetime
X-WebKit-CSP
X-Device
Server-Timing
X-Ac
X-Rq
Allow
X-Node
X-Host
Content-Location
X-Server-Id
Feature-Policy
X-Cnection
X-Response-Time
Report-To
X-Cloud-Trace-Context
X-Backend-Server
EagleEye-TraceId
X-Application-Context
Surrogate-Control
X-CST
X-ORACLE-DMS-ECID
Request-Id
X-Iejgwucgyu
X-Url
X-Origin-Cache
X-Readtime
X-Rack-Cache
X-FTR-Request-ID
X-Country
X-Cache-Lookup
X-Clacks-Overhead
X-Country-Code
NEL
Rating
X-Instart-Request-ID
X-Ruxit-JS-Agent
X-DataDome
X-Vhost
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-DynaTrace
Pinterest-Generated-By
X-Cdn
X-Mod-Pagespeed
X-Origin-Upstream-Status
Edge-Control
X-Goog-Hash
X-HW
X-Px
X-Type
Accept-CH
X-Dispatcher
Verso
X-ORACLE-DMS-RID
X-Server-Name
MS-Author-Via
AR-CACHE
X-VARITI-CCR
AR-ATIME
AR-PoweredBy
X-GitHub-Request-Id
Arc-Version
X-Mobile-Rewrite
PB-PID
PB-RID
X-MS-InvokeApp
X-DataStream-Cache-Status
X-Exp-Variant
X-GoogleNews-Bot
X-Kinja-Build
X-Kinja
X-Kinja-Revision
X-Cdn-Fetch
X-Kinja-Server
X-Exp-Id
X-Use-Magma
X-ESI
Public-Key-Pins
X-Cached
X-Powered-By-Plesk
Content-MD5
X-Version
Service-Worker-Allowed
X-Upstream-Env
Accept-CH-Lifetime
AR-Request-ID
X-Amz-Server-Side-Encryption
RTSS
X-D2id
X-Recruiting
X-Navigation-Version
Charset
X-Abt-Application-Version
X-TtlSet
X-PC
X-Vname
X-Vcap-Request-Id
X-Ser
X-TTL
X-Varnish-TTL
X-Server-ID
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Forwarded-Proto
Ar-Sid
X-Client-IP
Nginx-Cache
X-Trace
SPRequestGuid
X-DynaTrace-JS-Agent
X-Country-Code-Real
X-FTR-Balancer
X-FTR-Cache-Status
X-FTR-DC
X-FTR-Backend-Server
X-FTR-Realm
X-FTR-Backend
X-FTR-Expires
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Generation
DynaTrace
X-VCache
X-Amz-Rid
X-Fastly-Request-ID
X-XRDS-Location
X-Amz-Meta-S3cmd-Attrs
S
X-Debug
X-Hits
TCN
X-Pinterest-Rid
X-Upstream-Proxy
X-SharePointHealthScore
Pinterest-Version
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Akam-SW-Version
X-Shield-Request-Id
X-Dw-Request-Base-Id
X-Powered-CMS
Arr-Disable-Session-Affinity
SPRequestDuration
SPIisLatency
X-FTR-Cache-Host
X-Ttl
X-T
X-Goog-Storage-Class
Access-Control-Request-Method
X-Id
X-Oracle-Dms-Rid
Realpath
X-Acc-Meta-Resource-Type
Tracecode
X-MSEdge-Ref
X-NF-Request-ID
X-Amzn-Trace-Id
X-Webkit-CSP
X-Aspnet-Version
Front-End-Https
X-Varnish-Age
Fastcgi-Cache
X-N
X-Content-Type
X-B3-Traceid
X-Upstream
X-Forwarded-For
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
X-B3-TraceId-Primal
Mrf-Cache-Status
MRF-Tech
Alternate-Protocol
Paypal-Debug-Id
X-Frontend
X-B3-TraceId
X-Logged-In
X-Content-Digest
X-PressLabs-Stats
Response
X-Middleton-Response
X-HS-Hub-Id
Display
X-Middleton-Display
X-Sol
X-HS-Content-Id
X-Pad
Fusion-Content-Id
Fusion-Content-Source
Fusion-Component-Id
X-Fastcgi-Cache
Fusion-Source
Fusion-Template-Id
X-Hostname
X-RateLimit-Remaining
X-Srv
AMP-Access-Control-Allow-Source-Origin
X-Litespeed-Cache
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
X-Cache-Key
X-Accel-Expires
Host
ServerID
X-Grace
MicrosoftSharePointTeamServices
Backend-Timing
X-Analytics
X-Correlation-Id
Server-Name
X-B3-Sampled
X-Kinsta-Cache
X-LB-Cache
X-Revision
X-IPLB-Instance
X-User-Agent
X-Az
X-Activity-Id
X-Debug-Info
X-AppVersion
Surrogate-Key
X-Amzn-RequestId
X-Rid
X-Amz-Apigw-Id
X-Cache-Hit
X-Content-Options
Accept-Charset
FilterID
X-Cache-2
Refresh
Powered-By-ChinaCache
X-CF-Powered-By
X-Request-Received
X-Request-Processing-Time
X-B
TP-L2-Cache
TP-Cache
X-Page-Id
MS-CV
X-Whom
X-GUploader-UploadID
Server-Info
X-DIS-Request-ID
PageSpeed
Host-Header
X-Cached-By
Cache-Status
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-App-Environment
X-Akamai-Edgescape
X-PHP-Backend
X-Amz-Replication-Status
Source
X-TT
X-Varnish-Backend
X-Origin-Server
X-Content-Security-Policy-Report-Only
X-Cache-Action
X-Cluster
X-Tumblr-User
X-Tumblr-Pixel
X-Platform-Server
X-Tumblr-Pixel-0
X-Mobile
X-F-Cache
X-FastCGI-Cache
Access-Control-Allow-Method
X-FW-Hash
X-FW-Server
X-FW-Type
X-Varnish-Grace
X-FW-Serve
X-FW-Static
X-Content-Powered-By
X-Framework
X-Drupal-Cache-Tags
X-Node-Name
X-Instance
X-Forwarded-Host
X-FB-Debug
X-Request-Guid
X-Ezoic-Cdn
X-Accel-Buffering
X-Ruxit-Js-Agent
X-UA-Device-Type
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Geo-Country
Edge-Cache-Tag
X-Shard
Fastly-Restarts
X-Zen-Fury
X-RateLimit-Limit
X-Varnish-Hostname
X-Handled-By
From-Origin
X-TA-CDN-Provider
X-Magnolia-Registration
Cache-Tags
X-AOL-HN
X-Cache-Age
X-SS-Set-Cookie
X-BCube-Filmed-By
X-ATG-Version
X-Cache-Control
X-Cache-TTL
X-Cache-Rule
Upgrade-Insecure-Requests
Healthy
X-Varnish-Server
Retry-After
Cleartype
Payment
X-Esi
Server-Node
X-App-Server
X-RequestSource
X-Response-Served-From
DC
X-TX-ID
X-Storage
Powered
X-Signature
X-B-Cache
X-WebKit-CSP-Report-Only
Country
X-Adobe-Loc
X-Adobe-Content
Filters
X-RTag
X-Tumblr-Pixel-1
X-FW-Dynamic
Ms-Operation-Id
X-Tumblr-Pixel-2
X-VG-WebCache
X-Redis-Cache
Actual-Object-TTL
X-UUID
X-GeoIP
X-TT-TIMESTAMP
X-Drupal-Cache-Contexts
X-Jobs
X-Region
Cache-Tv-Group
X-Varnish-Hits
X-Cacheable-TTL
X-Content-Age
X-Generated-By
X-Dns-Prefetch-Control
Frame-Options
X-Locale
X-XRDS-LOCATION
X-WA-Info
GEO-INFO
NGB
ServedBy
Webserver
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Contextid
X-Cache-NE
CACHE
X-Oneagent-Js-Injection
Liferay-Portal
HitType
X-ProcessESI
X-Rendered-As
X-RemovedCookies
X-BACKEND-TTL
X-NWS-LOG-UUID
X-Real-IP
Eomportal-Instance
X-Cache-Operation
X-Varnish-IP
X-Cache-TTL-Remaining
X-Time
X-Via-JSL
X-Upgrade-Enabled
X-Guploader-Uploadid
Xserver
X-Mode
Viewport
X-Seen-By
S-Cnection
X-Varnish-Cache-Hits
LB
X-Zipkin-Id
X-Routing-Service
X-Akamai-Transformed
X-Cache-Enabled
X-Cache-Var
X-Cache-Var-Map
Load-Balancing
X-Hl-Ver
X-RN-RSRV
X-Proxied
X-ES-SERVER
X-Path-Route
X-Is-Bot
X-Device-Type
Meta-Geo
X-Detected-As
X-Proto
X-From
Cache-Key
OT-Force-Account-Verify
Cache-Hits
Mn-Server-Ip
Machine
X-Cache-Server
X-S
X-Cache-Remote
X-Tb
NGX
X-Time-Microsecs
Property-Id
TWC-GeoIP-Country
X-VG-TLSProxy
TWC-Connection-Speed
X-FW-Version
NtCoent-Length
Mail-Subject
X-Proxy
X-Origin-Hint
Access-Control-Request-Headers
X-NCache
X-LJ-Flow-ID
X-R9-Blue-Green-Version
TWC-GeoIP-LatLong
L5d-Success-Class
X-Rocket-Nginx-Bypass
X-L-Path
X-Hosted-By
TWC-Device-Class
Webcakes-Region
Webcakes-App-Version
X-Environment-Context
X-AWS-Id
TWC-Locale-Group
X-FB-TRIP-ID
X-FC-Vary-Parameters
X-VWS-Id
Webcakes-App-Name
Vix-Hermes-Req-Id
TWC-Privacy
X-Viewer-Country
X-Cache-Config
X-Backend-Name
We-Hiring
Azure-Version
X-EIG-Tracking-Id
Azure-SlotName
X-Debug-Cache
Azure-RegionName
Azure-SiteName
X-Format
Origin-Edge-Control
S-Rt
X-Loop
Origin-Cache-Control
Now
X-Akamai-Request-ID
DB-Nickname
X-Access
X-Labrador-Cache-Channel
Azure-InstanceId
X-ServerID
X-Section
X-TNCMS
X-MP-GENERATED-AT
X-Web-Node
X-Vgn-Hpd-Reason
X-RCS-CacheZone
X-Tumblr-Pixel-3
X-Origin-Response-Time
X-PCL
X-Timing-Wait
X-OCL
X-Proxy-Build
X-Trace-Id
X-CCM
X-Via-CDN
Selected-FE
X-Via-Fastly
X-ProxyCache-Status
X-Human
X-JoinUs
X-BYPASS-REASON
Datacenter
Cache-Tag
X-Xfnlog-Site
X-ProxyCache-Key
X-IP
X-Cache-Category-Id
X-Generated
X-Grey
X-Www-Served-By
X-Internal-Host
Uber-Trace-Id
Content-Script-Type
Content-Style-Type
X-UnsetCookies
X-VC-Cache
X-Endurance-Cache-Level
X-Rule
Release
Served-By
X-Varnish-Cacheable
Decoy-Debug-Key
X-Dynatrace-Js-Agent
Decoy-Debug-Status
Decoy-Debug-TTL
X-Status
X-Site-Version
X-APP-VERSION
X-EdgeConnect-Cache-Status
X-Birta-Cache-Post
X-Birta-Served
X-Newrelic-App-Data
X-UA
X-B3-Spanid
X-CDN-Cache
X-Ua
Nel
X-Request-Time
AR-SID
DSUID
X-OVcl
X-OVcl-Cache
X-Cluster-Node
X-GRACE
AsisCache
X-Nginx-Cache
X-TIME
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Origin
X-Hit
X-VCT
X-App-Name
Cache
Rt-Fastcgi-Cache
X-ApacheServer
X-PERF
SRV
X-Source
X-Agile
X-Agile-Id
X-Agile-Age
X-Pubstack
Cteonnt-Length
X-NewRelic-App-Data
X-Sucuri-ID
X-Origin-Host
Cache-Name
X-Cache-Host
Hostname
X-WPE-Loopback-Upstream-Addr
X-Origin-CC
X-ElasticPress-Search
X-Origin-TTL
ViewerVersion
X-Wix-Request-Id
X-Application
UCS
X-ARC
Thinkindot-Control
X-B-Cookie
X-Aed
X-A-Ccd
X-A-Dgt
X-A-Dcw
X-Var-Ttl
Thinkindot-CacheControl-Type
X-A-Wwc
X-Varnish-Authentication
X-A-Dam
X-Accel-Expires-Debug
X-A
Xc-Version
Lfy
FNAC-ModuleRouting
MD5-Digest
Memcached
Meta-Geo-Continent
Fly-Request-Id
Fly-Cache
BehaviorPad-Version
Cache-Prefix
Cross-Origin-Window-Policy
Ec-Rule-Version
Node
On-Server
X-VG-WebServer
Request-Time
Server-Cache-Control
Server-Host
Server-Surrogate-Control
Request-EU
Request-Country
Origin
X-Up
X-Webstats-RespID
Rendered-Blocks
Thinkindot-CacheControl
X-Cache-ASPX
X-Generated-In
X-Hp-Webp
X-Gannett-Site-Version
X-G
X-F5-Cache
X-IN-APIGATEWAY
X-IN-WAF
X-Matched-Rule
X-Cache-Miss-From
X-CF-Lambda-Fn
X-Logtrace-Id
X-Instart-Isnd
X-External-Request-Id
X-DPWN-IS-SECURE
X-Debug-Cache-Store
X-D
X-Date
Arc-Country
X-Debug-Cache-Expiry
X-Debug-Cookies
X-Core-Value
X-Developer
X-CF-Lambda-Version
X-Connection-Hash
X-Destination
X-Debug-Log
X-Cache-Info
X-Mobile-URL
X-Cache-Expires
X-Debug-Cache-Fetch
X-Secret
X-ScT
X-S-Cookie
X-Sedo-Request-Id
X-Server-Group
X-Transaction
X-Trv-Group
X-Thinkindot-L3
X-SRCache-Key
X-ServiceProvider
X-Rojux
X-Rewrite-Enabled
X-PAYTM-SRV-ID
X-Platform
X-NX-Host
X-NU-AKA-ACS-Version
X-NodeID
X-Processor
X-Reboot
X-Request-UUID
X-Region-Sid
X-Refresh
X-Cache-Grace
X-Twitter-Response-Tags
Www
Ajk
X-Wix-Server-Artifact-Id
User-Cache-Control
X-SERVER
Apple-News-Services-Host
X-Origin-Date
X-Origin-Expires
X-Page-Type
X-PHP-Host
X-Nginx-Cache-Key
X-Apm-Inst-Hash
X-Apm-Svc-Key
X-Apm-App-Name
X-Amzn-Remapped-Date
X-Amzn-Remapped-Connection
X-Amzn-Remapped-Content-Length
Web-Mar-Node
X-Fetched-On
RNT-Time
X-Rebelmouse-Surrogate-Control
RNT-Machine
X-Request-URI
X-Servername
Server-Int
X-Rebelmouse-Cache-Control
X-Qloud-Router
X-Policy
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
ServerName
V-Age
X-Cache-Backend
X-Hash
X-Gen-Mode
X-Hnp-Log
X-Info
X-Crawler
X-Irp-Debug
X-Developers
X-Device-Os
X-Epic-Correlation-Id
X-Eu-Site
X-Distributor
X-Distil-CS
X-Dispatcher-Server
X-Key
X-LAGOON
X-Cache-Debug
X-Location
X-Cache-Bucket
X-Sf
X-Micro-Cache
X-LI-UUID
X-Cache-Id
X-Li-Fabric
X-CGP
X-Cdn-Srv
X-Li-Pop
X-LI-Proto
X-Block-Status
True-Client-Country-4JS
X-Sn-Servicetimems
Fastly-SIE
X-Geo
X-Swa-Ws
X-SN
CDCHOST
IsBot
Fastly-SWR
Gh-Request-Id
Proxy-Connection
Ha-Gx-Prefs
HA-Ipaddr
X-Server-Time
X-Cdn-Origin
Cache-Cookie-Set-Lfrom
Country-Code
Apple-News-Services-Handled
Cache-Cookie-Set-Idcheck
Apple-News-Services-Request-Url
Pramga
Apple-News-Services-Parsed-Url
Cache-Cookie-Set-From
Backend
X-SIPLIST1
Pagetype
X-FireWall-Port
X-Varnish-Ttl
X-Cache-FS-Status
X-Gateway-Cache-Key
X-Generated-On
X-Geo-Header
X-Wikidot-Static-Cache
X-Exp-Se
X-Fastly-Cache
X-MSEdge-Features
X-Bip
X-Wikidot-Backend
X-C
X-Gateway-Cache-Status
Fastly-SSL
X-Core-Mission
Rt-Proxy-Cache
X-BBXSRF
Content-Disposition
X-ND-Cache
X-Cms-Context
Adler-Geo
X-GeoIP-City
Fastly-Soc-X-Request-Id
X-GeoIP-Country-Code
X-Level-Front-Cache
AKAMAI
X-Gateway-Skip-Cache
X-Backend-Url
X-Planisys-CDN-TTL
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-Planisys-CDN-Rules
X-Thanos
X-User
Warning
X-Skip-Cache
X-Shopify-Stage
X-S-Maxage
X-Server-IP
X-ShardId
X-ShopId
Platform
SD-X-WS
X-Variation
X-Planisys-CDN-Cache
X-Alternate-Cache-Key
X-Backend-Host
X-MSEdge-Flight
X-Via-SSL
X-Amz-Meta-Cache-Control
Is-Eu
X-No-Session
Heartbleed
X-Via-Edge
X-Auto-Login
X-Backend-State
X-App-Version
Pagespeed
X-Protected-By
X-Org
MIME-Version
X-Owner
Kp-EeAlive
X-Served-From
X-GZip
X-NC
X-B3-Parentspanid
X-Git-Hash
REQUESTUUID
X-Varnish-Beresp-Status
X-Ocache
Server-ID
X-BB-ID
X-RateLimit-Reset
X-Varnish-Beresp-Grace
X-Cdn-Forward
X-Real-Ip
X-Host-Name
X-Edge-Location
X-Sucuri-Cache
X-Proxy-Upstream
X-Proxy-Cache-Status
X-TrackingId
HTTPS
X-TT-LOGID
X-FPC
X-Daa-Tunnel
X-CDN-Forward
User-Agent
Wxu-Next-Region
VivaBuild
Wxu-Next-Hostname
Viewtype
Fastly-Backend-Name
X-Varnish-Url
Magicmarker
N-Cache
X-Aicache-OS
X-Load-Cache
Wxu-Next-Commit
X-Edge-IP
X-Gdpr
HostName
X-DC
X-CSRF-TOKEN
X-Node-Id
X-Pjax-Url
CF-IPCountry
Time
Memory
X-Release
X-Dc
X-Varnish-Beresp-Ttl
X-Parent-Response-Time
X-HS-Cache-Config
Powered-By
X-Wa
X-CUA
Resin-Trace
X-Servedbyhost
PICS-Label
X-WebServer
X-TH-Server
X-Upstream-CT
X-Nc
X-Upstream-HT
X-Oss-Server-Time
X-Oss-Storage-Class
X-Oss-Request-Id
Pragrma
X-CACHE-KEY
X-Phone
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-Svr
X-Returned-From-BeforeDispatch
X-Returned-From-DLL
X-Returned-From-PostProcessResponse
X-Stale
X-Returned-From
X-Passed-To-DLL
X-Original-Request
Host-ID
X-Actual-URL
X-Server-By
X-Instart-Info
X-Passed-To-BeforeDispatch
X-Passed-To
X-Passed-To-PostProcessResponse
X-Varnish-Beresp-TTL
Section-Io-Cache
ProcessTime
X-Croise-Owner
Backend-Name
X-Microsite
X-Request-Handler-Origin-Region
X-VServer
X-Tb-Optimization-Total-Bytes-Saved
X-Newrelic-Synthetics
Mime-Version
X-From-Cache
X-Worker
Cdn-Host
X-Edge-Server
Cdn-Request-Time
Version
X-Optimization
X-Cache-HT
355prline
189phosttRef
352pxline
178proxuri
188prxHost
225prxHost
X-Lb-Id
219prxHost
X-Server-W
409pxxline
Xxline
286prxHost
CF-Cached-On
Cf-Ipcountry
SID
X-APP
Cdn
X-Unique-ID
X-Akamai-Request-ID2
X-Atg-Version
XServer
Accept-Language
X-Zone
X-Req
X-SERVER-NAME
X-LB-ID
X-Datadome
X-Fastly-Backend-Reqs
X-Microcachable
X-ID
X-VCL-Version
Esi-Enabled
Processtime
Proxy-Firewall
X-Ratelimit-Remaining
X-AssetVersion
GeoIP-Latitude
X-Contensis-Viewer-Groups
GeoIP-City
X-Vcl-Version
GeoIP-Country-Code
X-V
X-Ratelimit-Limit
X-B3-SpanId
Odigeo-Trace-Id
Fastcgi-Useragent
X-CACHE-AGE
X-CLOUD-TRACE-CONTEXT
X-HTML-Minification-Powered-By
X-IPS-LoggedIn
X-Vtex-Processado-Em
X-HS-Status
X-UPSTREAM-Address
X-Vtex-Remote-Cache
X-Fstrz
SN
X-NGINX-Cache
X-Cache-Ttl
X-Backend-TTL
X-Vcache
X-Check-Cacheable
X-RequestId
X-WR-MODIFICATION
X-URL
X-Via-NSCOPI
X-Reqid
X-Urbn-Context-Path
X-Ratelimit-Reset
X-Nananana
Locale
X-WA
X-Response-By
Pics-Label
X-Urbn-Site-Id
CDN
X-NWS-UUID-VERIFY
X-CSRF-Token
GMS-Ver
X-Flog
X-ServedByHost
X-ABtesting
X-Hello
X-Be
X-ZONE
WebServer
DataCenter
GeoIp-Country-Code
Geoip-Latitude
X-Hyper-Cache
IBM-Web2-Location
Dnion-Transfer-Encoding
X-Dynatrace
X-Via-Ucdn
X-Render-Time
Fastcgi-X-Cache-Version
Public-Key-Pins-Report-Only
Geoip-City
X-NGENIX-Cache
Requestid
X-Fastly-Country-Code
X-Request-Start
X-Generation-Time
X-Cdn-Cache
WP-Super-Cache
WZWS-RAY
X-PJAX-URL
GW-Server
X-GDPR
X-LiteSpeed-Cache-Control
X-Amz-Meta-Surrogate-Control
X-CS
X-Cluster-Name
X-Unique-Id
X-UE-Client-Country
X-Compress-Hint
X-We-Are-Hiring
X-Cache-URL
Mobile-Detection-Method
X-Clientip
X-HS-Combine-CSS
Lb
URI
Countrycode
Dynatrace
X-HostName
X-SRV
X-FORWARDED-FOR
Amp-Access-Control-Allow-Source-Origin
FastCGI-Cache
X-BE
Serverid
Cneonction
SS
X-Pf-Uncompressing
Ohc-File-Size
GEO-REGION-INFO
X-Gen-Id
Who
X-GEO
X-Varnish-Action
Https
X-Got-Non-Ke-Cookie
X-Fpc
X-Bug-Bounty
X-Store
A
Epwk-Cache
X-Test
Server-Id
X-LiteSpeed-Tag
X-Akamai-SSL-Client-Sid
FSS-Proxy
X-Serial
FSS-Cache
X-PF-Uncompressing
X-Cdn-Request-ID
X-EC-Lua
X-GZIP
X-ServerName
NnCoection
X-HTML-Edge-Cache
Frontcache
X-Fastly-Cache-Hits
X-Request-Url
RequestUuid
X-Html-Edge-Cache
X-Dw-Trace-Id