Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
X-Powered-By
Link
ETag
CF-RAY
X-XSS-Protection
Expect-CT
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
CF-Cache-Status
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-Xss-Protection
X-FRAME-OPTIONS
X-Drupal-Cache
X-Adblock-Key
Alt-Svc
X-Check
X-Cacheable
X-Cache-Status
Content-Security-Policy-Report-Only
X-Generator
X-DNS-Prefetch-Control
X-Request-ID
CF-Ray
X-Permitted-Cross-Domain-Policies
X-AspNetMvc-Version
X-Template
X-Language
Status
X-Iinfo
Content-Encoding
Timing-Allow-Origin
X-Content-Security-Policy
X-Buckets
Upgrade
Xkey
X-Turbo-Charged-By
X-Kinja-Server-Push
X-CDN
Keep-Alive
Access-Control-Expose-Headers
X-AH-Environment
X-Backend
Access-Control-Max-Age
X-Cache-Group
X-Pass-Why
X-Server
X-Drupal-Dynamic-Cache
X-Age
X-Ua-Compatible
X-Via
X-Pingback
X-Proxy-Cache
X-Amz-Id-2
X-Amz-Request-Id
Grace
X-Hacker
WPE-Backend
X-Varnish-Cache
X-Page-Speed
X-Robots-Tag
X-Server-Powered-By
X-Nginx-Cache-Status
X-UA-Device
EagleId
Request-Context
X-Envoy-Upstream-Service-Time
Cf-Railgun
P3p
X-Amz-Version-Id
X-LiteSpeed-Cache
X-Swift-CacheTime
X-Swift-SaveTime
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-OneAgent-JS-Injection
Ali-Swift-Global-Savetime
X-Device
X-WebKit-CSP
Server-Timing
X-Ac
Allow
X-Rq
X-Node
X-Server-Id
X-Host
Content-Location
Feature-Policy
X-Cnection
X-Response-Time
Report-To
X-Cloud-Trace-Context
X-Backend-Server
EagleEye-TraceId
X-Application-Context
Surrogate-Control
X-CST
X-ORACLE-DMS-ECID
X-Iejgwucgyu
Request-Id
X-Url
X-Origin-Cache
X-Readtime
X-Rack-Cache
X-FTR-Request-ID
X-Country
X-Cache-Lookup
X-Cdn
X-Clacks-Overhead
X-Country-Code
NEL
Rating
X-Instart-Request-ID
X-Ruxit-JS-Agent
X-DataDome
X-Vhost
X-EdgeConnect-MidMile-RTT
Pinterest-Generated-By
X-EdgeConnect-Origin-MEX-Latency
X-DynaTrace
X-Mod-Pagespeed
X-Origin-Upstream-Status
Edge-Control
X-Goog-Hash
X-Px
X-HW
X-Type
X-Dispatcher
Verso
Accept-CH
X-ORACLE-DMS-RID
X-Server-Name
MS-Author-Via
AR-ATIME
AR-PoweredBy
AR-CACHE
X-VARITI-CCR
PB-PID
X-MS-InvokeApp
X-GitHub-Request-Id
Arc-Version
PB-RID
X-Mobile-Rewrite
X-GoogleNews-Bot
X-Exp-Variant
X-Kinja-Revision
X-Kinja
X-Use-Magma
X-Cdn-Fetch
X-Kinja-Build
X-Exp-Id
X-Kinja-Server
X-DataStream-Cache-Status
X-ESI
Public-Key-Pins
X-Cached
X-Powered-By-Plesk
X-Version
Content-MD5
Service-Worker-Allowed
X-Upstream-Env
AR-Request-ID
X-Amz-Server-Side-Encryption
X-Recruiting
RTSS
X-TTL
Accept-CH-Lifetime
Charset
X-Abt-Application-Version
X-D2id
X-TtlSet
X-Ser
X-Vname
X-PC
X-Vcap-Request-Id
X-Navigation-Version
X-Varnish-TTL
Ar-Sid
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Forwarded-Proto
X-Client-IP
Nginx-Cache
X-Trace
SPRequestGuid
X-DynaTrace-JS-Agent
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-Backend
X-FTR-Realm
X-FTR-DC
X-FTR-Cache-Status
X-Country-Code-Real
X-FTR-Expires
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Stored-Content-Length
DynaTrace
X-VCache
X-Amz-Rid
X-Server-ID
X-Amz-Meta-S3cmd-Attrs
X-Webkit-CSP
X-Fastly-Request-ID
S
X-XRDS-Location
X-Debug
X-Hits
TCN
X-Upstream-Proxy
X-Pinterest-Rid
Pinterest-Version
X-SharePointHealthScore
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Akam-SW-Version
X-Dw-Request-Base-Id
X-Shield-Request-Id
X-Powered-CMS
Arr-Disable-Session-Affinity
SPRequestDuration
SPIisLatency
X-FTR-Cache-Host
X-T
X-Goog-Storage-Class
Access-Control-Request-Method
X-Oracle-Dms-Rid
X-Id
Realpath
X-Acc-Meta-Resource-Type
Tracecode
X-NF-Request-ID
X-MSEdge-Ref
X-Amzn-Trace-Id
X-Ttl
Front-End-Https
X-Aspnet-Version
Fastcgi-Cache
X-Varnish-Age
X-Content-Type
X-N
X-B3-TraceId
X-Upstream
X-Forwarded-For
X-Fastcgi-Cache
Mrf-Cache-Status
X-Mrf-Item-Lastmod
MRF-Tech
X-Mrf-Section-Lastmod
X-B3-TraceId-Primal
Alternate-Protocol
Paypal-Debug-Id
X-Frontend
X-HS-Content-Id
Display
X-B3-Traceid
X-Middleton-Response
X-Middleton-Display
Response
X-HS-Hub-Id
X-Sol
X-Logged-In
X-PressLabs-Stats
X-Pad
Fusion-Content-Source
X-Content-Digest
Fusion-Source
Fusion-Content-Id
Fusion-Template-Id
Fusion-Component-Id
X-RateLimit-Remaining
X-Srv
AMP-Access-Control-Allow-Source-Origin
X-Hostname
X-Litespeed-Cache
X-Cache-Key
X-DataStream-MidMile-RTT
X-Accel-Expires
X-DataStream-Origin-MEX-Latency
Host
ServerID
X-Grace
MicrosoftSharePointTeamServices
X-Analytics
Server-Name
X-Correlation-Id
Backend-Timing
X-Kinsta-Cache
X-Debug-Info
X-Revision
X-User-Agent
X-B3-Sampled
X-LB-Cache
Surrogate-Key
X-IPLB-Instance
X-Rid
X-Amzn-RequestId
X-Cache-Hit
X-Amz-Apigw-Id
FilterID
Accept-Charset
X-AppVersion
X-Az
X-Content-Options
X-Activity-Id
X-Cache-2
Powered-By-ChinaCache
Refresh
X-CF-Powered-By
X-B
X-Request-Received
X-Request-Processing-Time
TP-Cache
TP-L2-Cache
X-Page-Id
MS-CV
X-Whom
X-GUploader-UploadID
X-Cached-By
Server-Info
PageSpeed
Host-Header
X-DIS-Request-ID
Cache-Status
VIX-Pulpo-Upstream-Status
X-TT
X-Cache-Action
X-App-Environment
X-Akamai-Edgescape
VIX-Pulpo-Node
Source
X-Cluster
X-F-Cache
X-Varnish-Backend
X-Origin-Server
X-Platform-Server
X-Tumblr-User
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-PHP-Backend
X-Content-Security-Policy-Report-Only
X-Framework
X-Amz-Replication-Status
X-Mobile
X-Varnish-Grace
Access-Control-Allow-Method
X-Drupal-Cache-Tags
X-Content-Powered-By
X-FW-Hash
X-FW-Static
X-Request-Guid
X-Instance
X-FW-Type
X-Ezoic-Cdn
X-FW-Server
X-FW-Serve
X-FB-Debug
X-Accel-Buffering
X-Forwarded-Host
X-Ruxit-Js-Agent
X-UA-Device-Type
X-Node-Name
X-Geo-Country
X-Kong-Upstream-Latency
X-Shard
X-Kong-Proxy-Latency
Edge-Cache-Tag
Fastly-Restarts
X-Zen-Fury
X-RateLimit-Limit
X-Handled-By
X-Varnish-Hostname
X-FastCGI-Cache
X-TA-CDN-Provider
From-Origin
Cache-Tags
X-Magnolia-Registration
X-SS-Set-Cookie
X-Cache-Age
X-AOL-HN
X-Cache-TTL
X-BCube-Filmed-By
X-Cache-Control
X-Cache-Rule
X-ATG-Version
Upgrade-Insecure-Requests
Healthy
X-Varnish-Server
Retry-After
Payment
X-Esi
X-App-Server
Server-Node
Cleartype
X-RequestSource
X-Response-Served-From
DC
X-Signature
X-Adobe-Loc
X-TX-ID
X-B-Cache
X-Adobe-Content
Powered
X-Storage
Country
X-TT-TIMESTAMP
X-GeoIP
X-Tumblr-Pixel-1
X-UUID
Actual-Object-TTL
X-VG-WebCache
X-Tumblr-Pixel-2
X-WebKit-CSP-Report-Only
X-FW-Dynamic
Cache-Tv-Group
X-RTag
X-Region
X-Drupal-Cache-Contexts
X-Jobs
Ms-Operation-Id
X-Redis-Cache
Filters
X-Cacheable-TTL
X-Content-Age
X-Varnish-Hits
X-Generated-By
X-Dns-Prefetch-Control
Frame-Options
X-Locale
X-XRDS-LOCATION
X-WA-Info
GEO-INFO
NGB
ServedBy
Webserver
X-Cache-NE
X-Oneagent-Js-Injection
X-Contextid
CACHE
X-Yottaa-Optimizations
X-Yottaa-Metrics
HitType
Liferay-Portal
X-Rendered-As
X-Real-IP
X-Cache-Operation
Eomportal-Instance
X-NWS-LOG-UUID
X-Cache-TTL-Remaining
X-Varnish-IP
X-RemovedCookies
X-ProcessESI
X-Via-JSL
X-Time
X-BACKEND-TTL
X-Guploader-Uploadid
X-Upgrade-Enabled
X-Mode
Xserver
X-Seen-By
S-Cnection
X-Varnish-Cache-Hits
X-Detected-As
X-Cache-Var
X-Cache-Enabled
Mn-Server-Ip
X-RN-RSRV
X-Cache-Var-Map
X-Zipkin-Id
X-Device-Type
LB
Load-Balancing
OT-Force-Account-Verify
X-Hl-Ver
X-Proto
X-Routing-Service
Meta-Geo
Cache-Hits
Cache-Key
X-Path-Route
X-Proxied
X-Is-Bot
X-ES-SERVER
X-From
Machine
X-Cache-Remote
Viewport
X-S
X-Backend-Name
X-AWS-Id
Webcakes-App-Version
X-Cache-Config
Webcakes-Region
X-FB-TRIP-ID
X-L-Path
X-LJ-Flow-ID
NGX
X-Hosted-By
X-FC-Vary-Parameters
X-Environment-Context
Webcakes-App-Name
TWC-Connection-Speed
TWC-Device-Class
L5d-Success-Class
Property-Id
Mail-Subject
TWC-GeoIP-Country
TWC-GeoIP-LatLong
Access-Control-Request-Headers
We-Hiring
Vix-Hermes-Req-Id
TWC-Privacy
TWC-Locale-Group
X-Akamai-Transformed
NtCoent-Length
X-VG-TLSProxy
X-VWS-Id
X-Viewer-Country
X-Cache-Server
X-Tb
X-Origin-Hint
X-Proxy
Azure-SiteName
Azure-InstanceId
Azure-RegionName
X-TNCMS
X-NCache
X-ServerID
X-Time-Microsecs
Azure-SlotName
DB-Nickname
Origin-Edge-Control
Origin-Cache-Control
Now
S-Rt
X-Web-Node
X-Tumblr-Pixel-3
X-Akamai-Request-ID
Azure-Version
X-Access
X-Section
X-Format
X-Labrador-Cache-Channel
X-Origin-Response-Time
X-MP-GENERATED-AT
X-Loop
X-R9-Blue-Green-Version
X-FW-Version
X-EIG-Tracking-Id
X-RCS-CacheZone
X-Debug-Cache
X-Rocket-Nginx-Bypass
X-JoinUs
X-PCL
X-Xfnlog-Site
Selected-FE
X-Timing-Wait
X-BYPASS-REASON
X-Human
X-Trace-Id
X-ProxyCache-Key
X-ProxyCache-Status
X-CCM
X-Vgn-Hpd-Reason
X-Proxy-Build
X-Via-CDN
X-IP
X-OCL
Cache-Tag
Datacenter
X-Cache-Category-Id
Uber-Trace-Id
X-Generated
X-Via-Fastly
X-Internal-Host
X-Grey
Content-Style-Type
Content-Script-Type
X-UnsetCookies
X-Endurance-Cache-Level
X-Www-Served-By
Served-By
X-Rule
Release
X-Status
X-Dynatrace-Js-Agent
X-VC-Cache
X-Varnish-Cacheable
X-Site-Version
Decoy-Debug-Key
Decoy-Debug-TTL
Decoy-Debug-Status
X-Birta-Served
X-Birta-Cache-Post
X-EdgeConnect-Cache-Status
X-Newrelic-App-Data
X-UA
X-APP-VERSION
X-CDN-Cache
Nel
X-Request-Time
X-Ua
DSUID
X-GRACE
X-Cluster-Node
X-B3-Spanid
X-OVcl
X-OVcl-Cache
AsisCache
X-Nginx-Cache
X-TIME
X-Origin
X-Goog-Meta-Goog-Reserved-File-Mtime
X-VCT
Cache
X-Hit
X-App-Name
X-ApacheServer
X-PERF
SRV
Rt-Fastcgi-Cache
X-Source
X-Agile-Id
X-Agile-Age
X-Agile
X-Origin-Host
X-Sucuri-ID
X-Pubstack
X-NewRelic-App-Data
X-Cache-Host
Cteonnt-Length
Cache-Name
X-Origin-CC
X-Origin-TTL
X-ElasticPress-Search
ViewerVersion
X-Wix-Request-Id
Hostname
Cache-Prefix
Memcached
Meta-Geo-Continent
MD5-Digest
Node
On-Server
Lfy
X-Developer
X-Cache-Grace
X-A
Www
Ec-Rule-Version
Origin
X-Gannett-Site-Version
X-G
X-Generated-In
X-ARC
Request-Country
X-F5-Cache
X-B-Cookie
Request-Time
X-DPWN-IS-SECURE
Request-EU
X-Cache-Expires
X-External-Request-Id
X-Destination
X-Application
X-Debug-Cache-Expiry
X-CF-Lambda-Fn
X-Accel-Expires-Debug
X-Debug-Cache-Fetch
X-A-Dcw
X-Date
X-CF-Lambda-Version
Ajk
X-Core-Value
X-A-Dgt
X-D
X-Connection-Hash
Arc-Country
X-Aed
X-Debug-Cookies
Fly-Request-Id
X-Debug-Log
X-Cache-Info
Fly-Cache
X-Debug-Cache-Store
X-A-Ccd
Cross-Origin-Window-Policy
FNAC-ModuleRouting
X-Cache-Miss-From
BehaviorPad-Version
X-A-Dam
X-A-Wwc
Xc-Version
X-Trv-Group
X-Transaction
X-Processor
X-Twitter-Response-Tags
X-Up
X-VG-WebServer
X-ScT
X-Var-Ttl
X-Region-Sid
X-Logtrace-Id
X-Sedo-Request-Id
X-Server-Group
X-NU-AKA-ACS-Version
Rendered-Blocks
X-SRCache-Key
X-Refresh
X-Secret
X-NX-Host
X-WPE-Loopback-Upstream-Addr
X-IN-WAF
X-S-Cookie
X-Rojux
X-NodeID
X-Instart-Isnd
X-Webstats-RespID
X-Mobile-URL
X-IN-APIGATEWAY
X-Hp-Webp
X-Rewrite-Enabled
X-PAYTM-SRV-ID
X-Platform
X-Request-UUID
User-Cache-Control
X-App-Version
X-SERVER
AR-SID
X-Wix-Server-Artifact-Id
X-Rebelmouse-Surrogate-Control
X-Request-URI
X-Reboot
X-Nginx-Cache-Key
X-Amzn-Remapped-Date
X-Amzn-Remapped-Connection
X-Qloud-Router
Server-Int
X-Origin-Date
Server-Surrogate-Control
ServerName
Server-Host
Server-Cache-Control
X-Origin-Expires
X-PHP-Host
RNT-Machine
RNT-Time
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
UCS
V-Age
X-Server-Time
X-RateLimit-Remaining-Second
True-Client-Country-4JS
X-RateLimit-Limit-Second
X-Policy
X-Apm-App-Name
Thinkindot-Control
X-Rebelmouse-Cache-Control
X-Cache-Id
X-Developers
X-Device-Os
X-Dispatcher-Server
X-LAGOON
X-Varnish-Authentication
X-LI-Proto
X-Li-Pop
X-Li-Fabric
X-Distil-CS
X-Key
X-Info
X-Gen-Mode
X-Hash
X-Irp-Debug
X-Eu-Site
X-Distributor
X-Page-Type
X-Epic-Correlation-Id
X-Thinkindot-L3
X-LI-UUID
X-Cache-Bucket
X-Matched-Rule
X-Hnp-Log
X-Cache-Backend
X-Cache-ASPX
X-Apm-Svc-Key
X-Micro-Cache
X-Block-Status
X-Location
X-Cdn-Srv
X-Crawler
X-SN
X-Swa-Ws
X-SIPLIST1
X-Sf
X-Servername
X-CGP
X-ServiceProvider
X-Apm-Inst-Hash
Web-Mar-Node
Fastly-SIE
Country-Code
CDCHOST
Fastly-SWR
Gh-Request-Id
HA-Ipaddr
Ha-Gx-Prefs
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
Apple-News-Services-Host
Apple-News-Services-Handled
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Cache-Cookie-Set-From
Backend
IsBot
X-Geo
Pagetype
Proxy-Connection
Pramga
X-FireWall-Port
X-Varnish-Ttl
X-Cache-FS-Status
X-Gateway-Cache-Key
SD-X-WS
X-Shopify-Stage
Warning
Platform
X-Cache-Debug
X-Bip
X-Wikidot-Static-Cache
Content-Disposition
X-Wikidot-Backend
X-ShardId
X-Skip-Cache
X-S-Maxage
X-GeoIP-Country-Code
X-Via-Edge
X-Geo-Header
X-Sorting-Hat-ShopId
X-Server-IP
X-Variation
X-Sorting-Hat-PodId
Adler-Geo
X-Thanos
X-Fetched-On
X-Gateway-Cache-Status
X-Via-SSL
X-Core-Mission
X-Cms-Context
X-Gateway-Skip-Cache
X-BBXSRF
X-ShopId
X-Fastly-Cache
X-Cdn-Origin
X-Alternate-Cache-Key
X-Amz-Meta-Cache-Control
X-MSEdge-Features
Rt-Proxy-Cache
Is-Eu
Heartbleed
X-MSEdge-Flight
X-ND-Cache
X-Amzn-Remapped-Content-Length
X-Sn-Servicetimems
X-Exp-Se
X-Backend-State
X-Backend-Url
X-Auto-Login
X-Backend-Host
Fastly-Soc-X-Request-Id
Fastly-SSL
Pagespeed
X-Owner
X-No-Session
X-User
X-Generated-On
MIME-Version
X-Served-From
Kp-EeAlive
X-GeoIP-City
AKAMAI
X-Planisys-CDN-TTL
X-Level-Front-Cache
X-Planisys-CDN-Cache
X-C
X-Protected-By
X-Planisys-CDN-Rules
X-Org
X-Git-Hash
X-GZip
X-NC
X-BB-ID
Server-ID
REQUESTUUID
X-Varnish-Beresp-Grace
X-RateLimit-Reset
X-Varnish-Beresp-Status
X-Ocache
X-Edge-Location
X-Real-Ip
X-Cdn-Forward
X-B3-Parentspanid
HTTPS
X-FPC
X-Host-Name
X-TT-LOGID
X-Sucuri-Cache
X-Proxy-Cache-Status
X-TrackingId
X-Proxy-Upstream
X-CDN-Forward
User-Agent
Wxu-Next-Commit
VivaBuild
Wxu-Next-Hostname
Fastly-Backend-Name
Wxu-Next-Region
X-Aicache-OS
N-Cache
X-Varnish-Url
Viewtype
X-Edge-IP
X-Daa-Tunnel
Magicmarker
X-Gdpr
HostName
X-Load-Cache
X-DC
X-CSRF-TOKEN
X-Node-Id
CF-IPCountry
X-Pjax-Url
Time
X-Release
Memory
X-Dc
X-Varnish-Beresp-Ttl
X-Parent-Response-Time
X-WebServer
X-Servedbyhost
X-CUA
X-HS-Cache-Config
Powered-By
X-Wa
X-TH-Server
Resin-Trace
X-Nc
X-Oss-Object-Type
X-Oss-Request-Id
X-Oss-Server-Time
X-Oss-Storage-Class
X-Oss-Hash-Crc64ecma
X-CACHE-KEY
X-Upstream-CT
PICS-Label
X-Upstream-HT
Pragrma
X-Server-By
X-Returned-From-PostProcessResponse
X-Returned-From-DLL
X-Returned-From-BeforeDispatch
X-Stale
X-Svr
Host-ID
X-Original-Request
X-Returned-From
X-Instart-Info
X-Phone
X-Actual-URL
X-Passed-To-PostProcessResponse
X-Passed-To-DLL
X-Passed-To-BeforeDispatch
X-Passed-To
Section-Io-Cache
X-Varnish-Beresp-TTL
X-Microsite
X-Request-Handler-Origin-Region
Backend-Name
X-Croise-Owner
ProcessTime
X-VServer
X-Tb-Optimization-Total-Bytes-Saved
Mime-Version
X-Newrelic-Synthetics
X-Worker
Cdn-Host
X-From-Cache
X-Edge-Server
Cdn-Request-Time
X-Optimization
X-Cache-HT
Version
Xxline
355prline
409pxxline
188prxHost
178proxuri
X-Lb-Id
219prxHost
189phosttRef
352pxline
286prxHost
225prxHost
CF-Cached-On
Cf-Ipcountry
X-APP
X-Server-W
Cdn
SID
X-Akamai-Request-ID2
X-Unique-ID
X-Atg-Version
X-Datadome
X-Req
Accept-Language
X-LB-ID
X-SERVER-NAME
X-Microcachable
X-Fastly-Backend-Reqs
X-Zone
XServer
Esi-Enabled
Processtime
X-ID
Proxy-Firewall
X-VCL-Version
X-B3-SpanId
X-Ratelimit-Remaining
X-Ratelimit-Limit
Odigeo-Trace-Id
GeoIP-Latitude
X-V
X-AssetVersion
X-Vcl-Version
GeoIP-Country-Code
GeoIP-City
X-CLOUD-TRACE-CONTEXT
Fastcgi-Useragent
X-CACHE-AGE
X-HTML-Minification-Powered-By
X-IPS-LoggedIn
X-Contensis-Viewer-Groups
X-Backend-TTL
X-Check-Cacheable
X-RequestId
X-Vcache
X-NGINX-Cache
X-Vtex-Processado-Em
SN
X-UPSTREAM-Address
X-Fstrz
X-HS-Status
X-Vtex-Remote-Cache
X-WR-MODIFICATION
X-Ratelimit-Reset
X-Response-By
Pics-Label
X-Urbn-Site-Id
X-URL
Locale
X-Via-NSCOPI
X-Urbn-Context-Path
X-WA
X-Nananana
X-Reqid
CDN
X-ServedByHost
X-Flog
X-Hello
X-CSRF-Token
X-ZONE
GMS-Ver
X-ABtesting
X-NWS-UUID-VERIFY
X-Be
WebServer
DataCenter
X-Cache-Ttl
Dnion-Transfer-Encoding
X-Hyper-Cache
GeoIp-Country-Code
IBM-Web2-Location
Geoip-Latitude
X-Dynatrace
X-Via-Ucdn
Geoip-City
Public-Key-Pins-Report-Only
Requestid
X-Fastly-Country-Code
X-Render-Time
Fastcgi-X-Cache-Version
X-Request-Start
WP-Super-Cache
X-Cdn-Cache
X-NGENIX-Cache
X-Amz-Meta-Surrogate-Control
X-LiteSpeed-Cache-Control
X-PJAX-URL
GW-Server
WZWS-RAY
X-Cluster-Name
X-CS
X-Generation-Time
X-GDPR
X-Unique-Id
X-We-Are-Hiring
X-Clientip
Lb
X-UE-Client-Country
X-Compress-Hint
Countrycode
X-HS-Combine-CSS
Mobile-Detection-Method
URI
X-Cache-URL
X-HostName
Dynatrace
X-FORWARDED-FOR
Amp-Access-Control-Allow-Source-Origin
FastCGI-Cache
X-SRV
X-Fpc
Ohc-File-Size
SS
X-Gen-Id
Who
X-BE
GEO-REGION-INFO
X-Pf-Uncompressing
X-Got-Non-Ke-Cookie
Cneonction
Serverid
X-GEO
Https
Server-Id
X-Varnish-Action
Epwk-Cache
A
X-Bug-Bounty
X-Store
X-Test
X-LiteSpeed-Tag
X-Akamai-SSL-Client-Sid
X-Dw-Trace-Id
X-Request-Url
FSS-Proxy
X-Fastly-Cache-Hits
FSS-Cache
X-PF-Uncompressing
X-Serial
X-GZIP
X-Html-Edge-Cache
Frontcache
NnCoection
X-ServerName
X-Cdn-Request-ID
X-HTML-Edge-Cache
RequestUuid
X-EC-Lua