Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
X-Powered-By
Link
ETag
CF-RAY
X-XSS-Protection
Expect-CT
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
CF-Cache-Status
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-Xss-Protection
X-FRAME-OPTIONS
X-Drupal-Cache
X-Adblock-Key
Alt-Svc
X-Check
X-Cacheable
X-Cache-Status
Content-Security-Policy-Report-Only
X-Generator
X-Request-ID
CF-Ray
X-DNS-Prefetch-Control
X-Permitted-Cross-Domain-Policies
X-AspNetMvc-Version
X-Template
X-Language
Status
X-Iinfo
Content-Encoding
Timing-Allow-Origin
X-Content-Security-Policy
X-Buckets
Upgrade
Xkey
X-Turbo-Charged-By
X-Kinja-Server-Push
X-CDN
Keep-Alive
Access-Control-Expose-Headers
X-AH-Environment
X-Backend
Access-Control-Max-Age
X-Cache-Group
X-Pass-Why
X-Drupal-Dynamic-Cache
X-Age
X-Server
X-Ua-Compatible
X-Pingback
X-Via
X-Proxy-Cache
X-Amz-Id-2
X-Amz-Request-Id
Grace
X-Hacker
X-Varnish-Cache
X-Page-Speed
X-Robots-Tag
WPE-Backend
X-Server-Powered-By
X-Nginx-Cache-Status
X-UA-Device
EagleId
Request-Context
X-Envoy-Upstream-Service-Time
P3p
Cf-Railgun
X-Amz-Version-Id
X-LiteSpeed-Cache
X-Swift-SaveTime
X-Swift-CacheTime
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-OneAgent-JS-Injection
Ali-Swift-Global-Savetime
X-Device
X-WebKit-CSP
Server-Timing
Allow
X-Rq
X-Ac
X-Node
X-Host
Content-Location
Feature-Policy
X-Server-Id
X-Cnection
X-Response-Time
Report-To
X-CST
X-Cloud-Trace-Context
X-Backend-Server
EagleEye-TraceId
X-Application-Context
Surrogate-Control
X-ORACLE-DMS-ECID
X-Iejgwucgyu
X-Url
Request-Id
X-Origin-Cache
X-Readtime
X-Rack-Cache
X-Country
X-FTR-Request-ID
X-Cache-Lookup
X-Clacks-Overhead
X-Country-Code
Rating
NEL
X-Instart-Request-ID
X-Ruxit-JS-Agent
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Vhost
X-Type
X-DynaTrace
X-Cdn
Pinterest-Generated-By
X-DataDome
X-Mod-Pagespeed
X-Origin-Upstream-Status
Edge-Control
X-Px
X-Goog-Hash
Accept-CH
X-HW
Verso
X-Dispatcher
X-Server-Name
X-ORACLE-DMS-RID
MS-Author-Via
X-Upstream-Env
X-VARITI-CCR
X-ESI
AR-PoweredBy
AR-ATIME
AR-CACHE
X-Mobile-Rewrite
Arc-Version
PB-PID
PB-RID
X-MS-InvokeApp
X-GitHub-Request-Id
X-Cdn-Fetch
X-Use-Magma
X-Kinja-Server
X-Kinja-Revision
X-Kinja-Build
X-Kinja
X-GoogleNews-Bot
X-Exp-Variant
X-Exp-Id
X-DataStream-Cache-Status
X-Cached
Public-Key-Pins
X-Powered-By-Plesk
X-Version
Content-MD5
Service-Worker-Allowed
Accept-CH-Lifetime
AR-Request-ID
X-Recruiting
Charset
X-D2id
RTSS
X-Navigation-Version
X-Amz-Server-Side-Encryption
X-Abt-Application-Version
X-TTL
X-PC
X-TtlSet
X-Vname
X-Ser
X-Server-ID
Ar-Sid
X-Vcap-Request-Id
X-Varnish-TTL
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Forwarded-Proto
X-Trace
X-Client-IP
SPRequestGuid
Nginx-Cache
X-DynaTrace-JS-Agent
X-Country-Code-Real
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-Backend
X-FTR-DC
X-FTR-Realm
X-FTR-Cache-Status
X-FTR-Expires
X-Webkit-CSP
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Generation
DynaTrace
X-Amz-Rid
X-VCache
X-Amz-Meta-S3cmd-Attrs
S
X-Fastly-Request-ID
X-XRDS-Location
X-Debug
X-SharePointHealthScore
X-Hits
TCN
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Pinterest-Rid
X-Dw-Request-Base-Id
X-Upstream-Proxy
Pinterest-Version
X-Shield-Request-Id
Arr-Disable-Session-Affinity
X-Akam-SW-Version
SPIisLatency
X-Powered-CMS
SPRequestDuration
X-Oracle-Dms-Rid
X-T
X-FTR-Cache-Host
Access-Control-Request-Method
X-Goog-Storage-Class
X-Id
X-Ttl
X-Aspnet-Version
X-Acc-Meta-Resource-Type
Realpath
X-MSEdge-Ref
X-NF-Request-ID
Tracecode
X-Amzn-Trace-Id
Front-End-Https
X-N
X-B3-TraceId
Fastcgi-Cache
X-Varnish-Age
X-Content-Type
X-Forwarded-For
X-Upstream
Paypal-Debug-Id
X-B3-TraceId-Primal
Mrf-Cache-Status
MRF-Tech
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
Alternate-Protocol
X-Fastcgi-Cache
X-Frontend
X-Content-Digest
X-Logged-In
X-PressLabs-Stats
X-HS-Content-Id
X-HS-Hub-Id
Fusion-Component-Id
Fusion-Content-Id
Fusion-Content-Source
X-RateLimit-Remaining
Fusion-Source
Fusion-Template-Id
X-Sol
Display
Response
X-Middleton-Response
X-Middleton-Display
X-Litespeed-Cache
X-Hostname
X-Pad
X-Srv
AMP-Access-Control-Allow-Source-Origin
X-B3-Traceid
X-Cache-Key
X-Accel-Expires
Host
MicrosoftSharePointTeamServices
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
Server-Name
X-Kinsta-Cache
X-Correlation-Id
X-Analytics
Backend-Timing
X-Debug-Info
X-AppVersion
X-LB-Cache
X-Activity-Id
X-B3-Sampled
X-Az
ServerID
X-User-Agent
X-Revision
X-Content-Options
Surrogate-Key
X-Rid
X-IPLB-Instance
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Cache-Hit
Accept-Charset
FilterID
X-Grace
X-Cache-2
Refresh
Powered-By-ChinaCache
X-CF-Powered-By
X-B
X-Request-Received
X-Request-Processing-Time
X-Page-Id
TP-Cache
TP-L2-Cache
X-Whom
X-Accel-Buffering
X-DIS-Request-ID
MS-CV
Server-Info
Host-Header
X-Ruxit-Js-Agent
Cache-Status
X-Cached-By
X-TT
X-Varnish-Backend
X-Origin-Server
X-PHP-Backend
X-Cache-Action
X-App-Environment
X-Amz-Replication-Status
VIX-Pulpo-Node
X-Content-Security-Policy-Report-Only
VIX-Pulpo-Upstream-Status
X-Akamai-Edgescape
Source
X-Tumblr-Pixel
X-Tumblr-User
X-Platform-Server
X-F-Cache
X-Cluster
X-Tumblr-Pixel-0
X-Mobile
X-Varnish-Grace
X-Content-Powered-By
X-Framework
X-GUploader-UploadID
Access-Control-Allow-Method
X-Instance
X-FW-Serve
X-FW-Server
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Request-Guid
X-FB-Debug
X-UA-Device-Type
X-Drupal-Cache-Tags
X-FW-Type
X-FW-Static
X-FW-Hash
PageSpeed
X-Forwarded-Host
Edge-Cache-Tag
X-Ezoic-Cdn
X-Geo-Country
X-Node-Name
X-RateLimit-Limit
X-Shard
X-FastCGI-Cache
X-Zen-Fury
X-TA-CDN-Provider
X-Handled-By
From-Origin
X-SS-Set-Cookie
X-Cache-TTL
X-Magnolia-Registration
X-Varnish-Hostname
Fastly-Restarts
Cache-Tags
X-Cache-Age
X-BCube-Filmed-By
X-ATG-Version
X-AOL-HN
X-Cache-Control
X-Cache-Rule
X-Varnish-Server
Healthy
Upgrade-Insecure-Requests
Cleartype
X-SERVER
X-App-Server
DC
Server-Node
Payment
X-Response-Served-From
Retry-After
X-RequestSource
X-TX-ID
X-WebKit-CSP-Report-Only
X-Storage
X-Adobe-Loc
X-B-Cache
X-Signature
X-Adobe-Content
X-Region
Country
X-GeoIP
X-Redis-Cache
Ms-Operation-Id
Filters
Actual-Object-TTL
X-TT-TIMESTAMP
X-RTag
X-VG-WebCache
X-Tumblr-Pixel-1
X-UUID
X-Dns-Prefetch-Control
X-Tumblr-Pixel-2
X-FW-Dynamic
Cache-Tv-Group
X-Generated-By
Powered
X-Drupal-Cache-Contexts
X-Jobs
X-Varnish-Hits
X-Cacheable-TTL
X-Content-Age
X-XRDS-LOCATION
Webserver
X-Locale
CACHE
Frame-Options
NGB
GEO-INFO
X-Esi
ServedBy
X-WA-Info
X-Oneagent-Js-Injection
X-Contextid
Liferay-Portal
HitType
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Rendered-As
X-Cache-NE
X-ProcessESI
X-RemovedCookies
X-Varnish-IP
X-Cache-TTL-Remaining
X-Real-IP
Eomportal-Instance
X-Guploader-Uploadid
X-Via-JSL
X-Seen-By
X-Cache-Operation
X-BACKEND-TTL
X-Upgrade-Enabled
S-Cnection
X-Time
Viewport
X-NWS-LOG-UUID
X-Mode
Xserver
X-Varnish-Cache-Hits
Load-Balancing
NtCoent-Length
X-Cache-Enabled
X-RN-RSRV
X-Zipkin-Id
X-Proto
X-Cache-Var
Meta-Geo
OT-Force-Account-Verify
X-ES-SERVER
X-Is-Bot
X-Cache-Server
Machine
Mn-Server-Ip
Cache-Key
X-Path-Route
X-Hl-Ver
X-Cache-Var-Map
X-Routing-Service
X-Device-Type
Cache-Hits
X-From
X-Proxied
X-S
X-Detected-As
X-LJ-Flow-ID
Vix-Hermes-Req-Id
X-Backend-Name
X-R9-Blue-Green-Version
X-Rocket-Nginx-Bypass
X-Origin-Hint
Mail-Subject
TWC-GeoIP-Country
X-Akamai-Transformed
LB
TWC-Device-Class
X-Environment-Context
X-Time-Microsecs
X-Cache-Config
X-L-Path
X-VG-TLSProxy
X-AWS-Id
Webcakes-App-Version
Property-Id
Webcakes-Region
TWC-Privacy
X-Tb
X-Hosted-By
TWC-GeoIP-LatLong
TWC-Locale-Group
Webcakes-App-Name
X-FB-TRIP-ID
X-Proxy
X-Viewer-Country
NGX
TWC-Connection-Speed
L5d-Success-Class
X-FC-Vary-Parameters
X-VWS-Id
Access-Control-Request-Headers
We-Hiring
X-Origin-Response-Time
Azure-RegionName
Azure-InstanceId
X-Akamai-Request-ID
Azure-SiteName
Azure-SlotName
X-Access
Azure-Version
DB-Nickname
X-FW-Version
Datacenter
X-Vgn-Hpd-Reason
X-Tumblr-Pixel-3
S-Rt
Content-Style-Type
Content-Script-Type
X-Web-Node
Origin-Cache-Control
Now
X-Format
X-MP-GENERATED-AT
X-NCache
X-EIG-Tracking-Id
X-Debug-Cache
X-Loop
X-Labrador-Cache-Channel
X-RCS-CacheZone
X-ServerID
X-Section
X-TNCMS
Origin-Edge-Control
Selected-FE
X-ProxyCache-Key
X-Trace-Id
X-Via-CDN
X-Via-Fastly
X-PCL
X-Human
X-IP
X-OCL
X-Timing-Wait
X-JoinUs
X-BYPASS-REASON
X-Cache-Remote
X-ProxyCache-Status
X-CCM
X-Proxy-Build
X-Xfnlog-Site
X-Grey
X-Cache-Category-Id
Uber-Trace-Id
Cache-Tag
X-Generated
X-Www-Served-By
X-Internal-Host
X-Endurance-Cache-Level
X-Birta-Served
X-Varnish-Cacheable
X-VC-Cache
X-Birta-Cache-Post
X-Dynatrace-Js-Agent
X-Site-Version
X-Status
X-UnsetCookies
Decoy-Debug-TTL
Decoy-Debug-Key
Decoy-Debug-Status
X-Newrelic-App-Data
X-Rule
Served-By
X-GRACE
Release
X-UA
X-EdgeConnect-Cache-Status
X-CDN-Cache
Nel
X-Cluster-Node
X-APP-VERSION
AsisCache
X-Request-Time
X-Wix-Server-Artifact-Id
X-TIME
X-Ua
X-B3-Spanid
X-Nginx-Cache
Rt-Fastcgi-Cache
X-App-Name
X-ApacheServer
X-Origin-Host
X-Wix-Request-Id
ViewerVersion
X-PERF
DSUID
X-Sucuri-ID
X-Origin
X-OVcl-Cache
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Source
X-Hit
X-OVcl
X-VCT
X-Agile-Age
X-Agile
X-NewRelic-App-Data
X-Agile-Id
SRV
Cache-Name
Hostname
X-App-Version
X-Origin-TTL
X-Pubstack
X-ElasticPress-Search
X-Origin-CC
X-Hp-Webp
Node
Origin
X-IN-WAF
X-IN-APIGATEWAY
Meta-Geo-Continent
X-F5-Cache
On-Server
X-Instart-Isnd
X-Mobile-URL
Arc-Country
BehaviorPad-Version
Cache-Prefix
X-Cache-Host
X-NodeID
X-PAYTM-SRV-ID
X-NX-Host
X-NU-AKA-ACS-Version
Rendered-Blocks
Cross-Origin-Window-Policy
X-Logtrace-Id
Lfy
MD5-Digest
FNAC-ModuleRouting
Fly-Request-Id
Ec-Rule-Version
X-Matched-Rule
Fly-Cache
Memcached
Thinkindot-Control
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-G
X-Connection-Hash
X-Cache-Miss-From
X-Cache-Info
X-Cache-ASPX
X-Cache-Expires
X-Cache-Grace
X-Core-Value
X-D
X-Debug-Cookies
X-Developer
X-Debug-Log
X-Destination
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-Date
X-Debug-Cache-Expiry
X-DPWN-IS-SECURE
X-Gannett-Site-Version
X-B-Cookie
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
UCS
X-Generated-In
Server-Surrogate-Control
Server-Host
Request-EU
Request-Time
Server-Cache-Control
Www
X-A
X-Accel-Expires-Debug
X-Aed
X-Application
X-ARC
X-A-Wwc
X-A-Dgt
X-A-Ccd
X-A-Dam
X-A-Dcw
Request-Country
Ajk
X-Var-Ttl
Xc-Version
X-Rewrite-Enabled
X-Rojux
X-Up
X-Webstats-RespID
X-Request-UUID
X-VG-WebServer
X-Varnish-Authentication
X-Refresh
X-Region-Sid
X-S-Cookie
X-External-Request-Id
X-Sedo-Request-Id
Warning
X-Server-Group
X-ServiceProvider
X-Secret
X-SRCache-Key
X-Trv-Group
X-Transaction
X-Thinkindot-L3
X-ScT
X-Reboot
X-Twitter-Response-Tags
X-Platform
X-Processor
X-Varnish-Ttl
User-Cache-Control
Cteonnt-Length
True-Client-Country-4JS
X-Rebelmouse-Surrogate-Control
Web-Mar-Node
X-Amzn-Remapped-Content-Length
X-Amzn-Remapped-Date
X-Amzn-Remapped-Connection
X-Page-Type
Server-Int
X-Gen-Mode
RNT-Time
Pagetype
X-Info
X-Qloud-Router
X-Irp-Debug
X-Key
X-Origin-Date
Pramga
X-Hash
X-Hnp-Log
X-Origin-Expires
Proxy-Connection
RNT-Machine
X-Policy
X-Developers
X-Device-Os
X-Sf
X-PHP-Host
X-SIPLIST1
X-Dispatcher-Server
X-Distil-CS
X-Eu-Site
X-Epic-Correlation-Id
X-Servername
X-Distributor
X-Fetched-On
X-Crawler
X-Cache-Bucket
X-Cache-Backend
X-LAGOON
X-Block-Status
X-Cache-Debug
X-Swa-Ws
X-SN
X-CGP
X-Cdn-Srv
X-Cache-Id
X-WPE-Loopback-Upstream-Addr
ServerName
Cache
HA-Ipaddr
X-Request-URI
X-LI-UUID
Gh-Request-Id
Fastly-SIE
Cache-Cookie-Set-From
Country-Code
Cache-Cookie-Set-Idcheck
X-LI-Proto
Ha-Gx-Prefs
X-Rebelmouse-Cache-Control
X-Micro-Cache
Backend
IsBot
CDCHOST
X-RateLimit-Limit-Second
X-Location
X-Li-Fabric
X-Nginx-Cache-Key
X-RateLimit-Remaining-Second
Apple-News-Services-Handled
Apple-News-Services-Host
Kp-EeAlive
Fastly-SWR
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
X-Li-Pop
Cache-Cookie-Set-Lfrom
X-FireWall-Port
Pagespeed
X-BBXSRF
X-BB-ID
X-Sorting-Hat-ShopId
Fastly-Soc-X-Request-Id
X-Backend-Url
X-Bip
X-C
X-Cache-FS-Status
Content-Disposition
X-Varnish-Beresp-Status
X-MSEdge-Features
X-Skip-Cache
X-Planisys-CDN-Cache
X-ShardId
X-ShopId
X-No-Session
X-Planisys-CDN-TTL
Adler-Geo
X-Server-IP
AKAMAI
X-Shopify-Stage
X-Ocache
X-Cms-Context
X-Sorting-Hat-PodId
X-Edge-Location
X-Varnish-Beresp-Grace
X-Core-Mission
X-Fastly-Cache
X-Backend-State
X-MSEdge-Flight
X-Via-Edge
X-GeoIP-Country-Code
X-Apm-Inst-Hash
SD-X-WS
Heartbleed
X-Apm-Svc-Key
X-GeoIP-City
X-Backend-Host
X-Cdn-Origin
X-Geo-Header
Is-Eu
User-Agent
Platform
X-Via-SSL
X-Wikidot-Backend
X-Level-Front-Cache
V-Age
X-Variation
X-Apm-App-Name
X-Planisys-CDN-Rules
X-User
X-Server-Time
X-Generated-On
X-Gateway-Cache-Key
Fastly-SSL
X-Protected-By
X-Wikidot-Static-Cache
X-Gateway-Skip-Cache
X-Gateway-Cache-Status
X-Thanos
X-S-Maxage
X-Auto-Login
X-Amz-Meta-Cache-Control
X-Alternate-Cache-Key
X-Sn-Servicetimems
X-Cdn-Forward
X-GZip
X-RateLimit-Reset
X-Proxy-Upstream
X-Proxy-Cache-Status
HTTPS
X-Exp-Se
X-Geo
Rt-Proxy-Cache
X-Owner
X-ND-Cache
X-Sucuri-Cache
X-TT-LOGID
X-TrackingId
MIME-Version
X-NC
X-Edge-IP
X-Real-Ip
N-Cache
X-Varnish-Url
Server-ID
Magicmarker
X-Served-From
REQUESTUUID
X-Org
Fastly-Backend-Name
X-B3-Parentspanid
X-FPC
VivaBuild
X-Node-Id
AR-SID
X-Aicache-OS
X-CDN-Forward
Viewtype
X-Gdpr
X-Varnish-Beresp-Ttl
X-Git-Hash
X-Pjax-Url
Wxu-Next-Region
Wxu-Next-Hostname
Wxu-Next-Commit
X-Load-Cache
X-Host-Name
Powered-By
HostName
X-Dc
X-Parent-Response-Time
X-CSRF-TOKEN
X-DC
X-CUA
X-Datadome
Pragrma
Memory
CF-IPCountry
Time
X-Nc
X-Daa-Tunnel
X-Passed-To
X-Passed-To-PostProcessResponse
X-Passed-To-BeforeDispatch
X-CACHE-KEY
X-Wa
Section-Io-Cache
X-Stale
X-Svr
X-Server-By
X-Servedbyhost
X-Returned-From-BeforeDispatch
X-Returned-From-DLL
X-Returned-From-PostProcessResponse
X-Returned-From
X-Passed-To-DLL
X-Release
X-Original-Request
X-Actual-URL
PICS-Label
Resin-Trace
X-HS-Cache-Config
X-WebServer
X-Croise-Owner
X-Oss-Storage-Class
X-VServer
Host-ID
X-TH-Server
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Oss-Request-Id
X-Oss-Server-Time
X-Phone
Cdn-Request-Time
X-Edge-Server
Cdn-Host
X-Upstream-CT
X-Upstream-HT
X-Newrelic-Synthetics
X-Cache-HT
ProcessTime
X-Optimization
Mime-Version
X-Tb-Optimization-Total-Bytes-Saved
X-Instart-Info
X-From-Cache
X-Varnish-Beresp-TTL
X-Lb-Id
SID
Cdn
X-Unique-ID
Backend-Name
Cf-Ipcountry
X-Microcachable
CF-Cached-On
X-Fastly-Backend-Reqs
X-Worker
X-Req
X-APP
X-Atg-Version
409pxxline
Xxline
X-Server-W
286prxHost
355prline
XServer
352pxline
178proxuri
189phosttRef
188prxHost
225prxHost
219prxHost
Proxy-Firewall
Fastcgi-Useragent
Version
Processtime
X-ID
Odigeo-Trace-Id
X-V
X-LB-ID
X-B3-SpanId
X-Ratelimit-Remaining
X-Request-Handler-Origin-Region
X-Ratelimit-Limit
X-Vcl-Version
X-Microsite
X-Backend-TTL
X-HTML-Minification-Powered-By
X-Zone
X-Akamai-Request-ID2
X-CLOUD-TRACE-CONTEXT
X-CACHE-AGE
X-Fstrz
X-WR-MODIFICATION
Esi-Enabled
X-IPS-LoggedIn
X-Check-Cacheable
Accept-Language
X-VCL-Version
X-Nananana
X-Response-By
X-UPSTREAM-Address
GeoIP-City
SN
X-NGINX-Cache
X-Vcache
GeoIP-Country-Code
X-AssetVersion
X-Contensis-Viewer-Groups
GeoIP-Latitude
X-Ratelimit-Reset
GMS-Ver
X-WA
Pics-Label
X-URL
X-ServedByHost
X-ZONE
X-Be
X-CSRF-Token
X-HS-Status
X-Vtex-Remote-Cache
X-RequestId
X-Vtex-Processado-Em
Public-Key-Pins-Report-Only
DataCenter
X-Via-NSCOPI
X-Urbn-Context-Path
X-Urbn-Site-Id
X-Hyper-Cache
Geoip-Latitude
Locale
GeoIp-Country-Code
X-Reqid
Fastcgi-X-Cache-Version
X-SERVER-NAME
X-Dynatrace
WZWS-RAY
X-Via-Ucdn
GW-Server
X-Render-Time
X-Request-Start
X-Amz-Meta-Surrogate-Control
Geoip-City
X-Fastly-Country-Code
X-Flog
X-Hello
X-NWS-UUID-VERIFY
X-ABtesting
X-Cdn-Cache
CDN
WP-Super-Cache
X-Clientip
X-LiteSpeed-Cache-Control
IBM-Web2-Location
Dnion-Transfer-Encoding
Mobile-Detection-Method
X-CS
X-UE-Client-Country
X-We-Are-Hiring
X-GDPR
X-Cache-Ttl
Countrycode
X-Unique-Id
Ohc-File-Size
X-GEO
Lb
SS
X-BE
X-Generation-Time
URI
Requestid
X-PJAX-URL
Dynatrace
X-HostName
Amp-Access-Control-Allow-Source-Origin
FastCGI-Cache
X-FORWARDED-FOR
X-SRV
X-Fpc
Serverid
X-Gen-Id
X-Cluster-Name
X-NGENIX-Cache
Cneonction
X-HS-Combine-CSS
X-Pf-Uncompressing
WebServer
X-GZIP
Server-Id
A
X-Compress-Hint
X-PF-Uncompressing
X-Cache-URL
X-Store
RequestUuid
FSS-Proxy
FSS-Cache
X-Bug-Bounty
X-LiteSpeed-Tag
X-Test
X-Akamai-SSL-Client-Sid
X-Request-Url
X-Html-Edge-Cache
Frontcache
GEO-REGION-INFO
Https
X-Varnish-Action
X-Got-Non-Ke-Cookie
Who
X-Fastly-Cache-Hits
X-HTML-Edge-Cache
X-Serial
NnCoection
X-ServerName
X-Cdn-Request-ID
X-Dw-Trace-Id
Ohc-Cache-HIT
Ohc-Response-Time
X-EC-Lua