Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
X-Powered-By
Link
ETag
CF-RAY
X-XSS-Protection
Expect-CT
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
CF-Cache-Status
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-Xss-Protection
X-FRAME-OPTIONS
X-Drupal-Cache
X-Adblock-Key
Alt-Svc
X-Check
X-Cacheable
X-Cache-Status
Content-Security-Policy-Report-Only
X-Generator
X-Request-ID
CF-Ray
X-DNS-Prefetch-Control
X-Permitted-Cross-Domain-Policies
X-AspNetMvc-Version
X-Template
X-Language
Status
X-Iinfo
Content-Encoding
Timing-Allow-Origin
X-Content-Security-Policy
X-Buckets
Upgrade
Xkey
X-Turbo-Charged-By
X-Kinja-Server-Push
X-CDN
Keep-Alive
Access-Control-Expose-Headers
X-Server
X-AH-Environment
X-Backend
Access-Control-Max-Age
X-Cache-Group
X-Pass-Why
X-Drupal-Dynamic-Cache
X-Age
X-Ua-Compatible
X-Via
X-Pingback
X-Proxy-Cache
X-Amz-Id-2
X-Amz-Request-Id
Grace
X-Hacker
X-Varnish-Cache
X-Page-Speed
X-Robots-Tag
WPE-Backend
X-Server-Powered-By
X-Nginx-Cache-Status
EagleId
X-UA-Device
Request-Context
X-Envoy-Upstream-Service-Time
P3p
Cf-Railgun
X-Amz-Version-Id
X-Swift-SaveTime
X-Swift-CacheTime
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-OneAgent-JS-Injection
X-LiteSpeed-Cache
Ali-Swift-Global-Savetime
X-WebKit-CSP
X-Device
Server-Timing
X-Server-Id
X-Ac
X-Rq
X-Node
Allow
Content-Location
X-Host
Feature-Policy
X-Cnection
X-Response-Time
Report-To
X-Cloud-Trace-Context
X-Backend-Server
EagleEye-TraceId
Surrogate-Control
X-Application-Context
X-CST
X-ORACLE-DMS-ECID
Request-Id
X-Iejgwucgyu
X-Origin-Cache
X-Url
X-Readtime
X-Rack-Cache
X-FTR-Request-ID
X-Country
X-Cache-Lookup
X-Clacks-Overhead
X-Country-Code
Rating
NEL
X-DataDome
X-Instart-Request-ID
X-Vhost
Pinterest-Generated-By
X-EdgeConnect-MidMile-RTT
X-DynaTrace
X-EdgeConnect-Origin-MEX-Latency
X-Cdn
X-Ruxit-JS-Agent
X-Mod-Pagespeed
X-Origin-Upstream-Status
Edge-Control
X-Goog-Hash
X-HW
X-Px
Accept-CH
X-Dispatcher
Verso
X-ESI
X-Server-Name
MS-Author-Via
X-VARITI-CCR
AR-PoweredBy
AR-CACHE
AR-ATIME
X-GitHub-Request-Id
Arc-Version
X-Mobile-Rewrite
PB-RID
PB-PID
X-DataStream-Cache-Status
X-MS-InvokeApp
X-ORACLE-DMS-RID
X-Kinja-Build
X-Kinja-Server
X-Kinja
X-GoogleNews-Bot
X-Exp-Id
X-Cdn-Fetch
X-Use-Magma
X-Kinja-Revision
X-Exp-Variant
Public-Key-Pins
X-Type
X-Powered-By-Plesk
Content-MD5
X-Cached
Service-Worker-Allowed
X-Version
Accept-CH-Lifetime
AR-Request-ID
X-Upstream-Env
X-D2id
RTSS
X-Recruiting
X-Amz-Server-Side-Encryption
X-Navigation-Version
X-Abt-Application-Version
X-TTL
Charset
X-Vcap-Request-Id
X-Ser
X-TtlSet
X-Vname
X-PC
Ar-Sid
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Forwarded-Proto
X-Varnish-TTL
X-Client-IP
Nginx-Cache
X-Trace
SPRequestGuid
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-Backend
X-FTR-Realm
X-FTR-Cache-Status
X-FTR-DC
X-Country-Code-Real
X-DynaTrace-JS-Agent
X-FTR-Expires
DynaTrace
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-VCache
X-Oracle-Dms-Rid
X-Amz-Rid
X-Fastly-Request-ID
X-Amz-Meta-S3cmd-Attrs
S
X-Debug
X-Hits
TCN
X-Pinterest-Rid
X-Upstream-Proxy
Pinterest-Version
X-SharePointHealthScore
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Akam-SW-Version
X-Shield-Request-Id
X-Dw-Request-Base-Id
X-Powered-CMS
X-XRDS-Location
SPIisLatency
Arr-Disable-Session-Affinity
X-FTR-Cache-Host
SPRequestDuration
X-T
Access-Control-Request-Method
X-Goog-Storage-Class
X-Webkit-CSP
X-Server-ID
X-Id
Realpath
X-Litespeed-Cache
X-Aspnet-Version
X-Ttl
X-Acc-Meta-Resource-Type
X-Amzn-Trace-Id
X-NF-Request-ID
X-MSEdge-Ref
Tracecode
X-N
Front-End-Https
X-Varnish-Age
Fastcgi-Cache
X-B3-Traceid
X-Content-Type
X-Fastcgi-Cache
X-Upstream
X-Forwarded-For
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
Mrf-Cache-Status
X-B3-TraceId-Primal
MRF-Tech
Paypal-Debug-Id
Alternate-Protocol
X-Middleton-Display
Response
X-Sol
X-Middleton-Response
Display
X-Frontend
X-Logged-In
X-Content-Digest
X-HS-Content-Id
X-HS-Hub-Id
X-Pad
Fusion-Template-Id
Fusion-Content-Id
Fusion-Source
Fusion-Content-Source
Fusion-Component-Id
X-B3-TraceId
X-Hostname
X-Srv
X-PressLabs-Stats
AMP-Access-Control-Allow-Source-Origin
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
Host
X-Grace
X-Accel-Expires
X-Cache-Key
X-RateLimit-Remaining
ServerID
MicrosoftSharePointTeamServices
X-Analytics
X-B3-Sampled
Backend-Timing
X-Correlation-Id
Server-Name
X-LB-Cache
X-Activity-Id
Surrogate-Key
X-Kinsta-Cache
X-IPLB-Instance
X-Debug-Info
X-AppVersion
X-Revision
X-Az
X-User-Agent
X-Rid
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Content-Options
X-Cache-Hit
FilterID
Accept-Charset
X-Ruxit-Js-Agent
X-Cache-2
Powered-By-ChinaCache
Refresh
X-CF-Powered-By
X-Request-Received
X-Request-Processing-Time
X-B
TP-Cache
TP-L2-Cache
MS-CV
X-Page-Id
X-Whom
X-Cached-By
PageSpeed
Host-Header
Server-Info
X-DIS-Request-ID
Cache-Status
X-Amz-Replication-Status
X-Origin-Server
X-App-Environment
X-Akamai-Edgescape
VIX-Pulpo-Upstream-Status
Source
X-TT
X-Varnish-Backend
X-Cache-Action
VIX-Pulpo-Node
X-Content-Security-Policy-Report-Only
X-Tumblr-User
X-Ezoic-Cdn
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Mobile
X-F-Cache
X-Platform-Server
X-Cluster
X-PHP-Backend
Access-Control-Allow-Method
X-Node-Name
X-Varnish-Grace
X-Content-Powered-By
X-Forwarded-Host
X-Framework
X-FW-Static
X-Shard
X-FW-Serve
X-FW-Hash
X-FW-Server
X-Drupal-Cache-Tags
X-Instance
X-FB-Debug
X-FW-Type
X-Request-Guid
X-UA-Device-Type
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
Fastly-Restarts
X-Geo-Country
Edge-Cache-Tag
X-TA-CDN-Provider
X-GUploader-UploadID
X-Accel-Buffering
X-Zen-Fury
X-Varnish-Hostname
X-Handled-By
From-Origin
Cache-Tags
X-Magnolia-Registration
X-Cache-TTL
X-AOL-HN
X-BCube-Filmed-By
X-RateLimit-Limit
X-SS-Set-Cookie
X-Cache-Age
X-Cache-Control
X-Cache-Rule
X-FastCGI-Cache
X-XRDS-LOCATION
X-ATG-Version
Healthy
Upgrade-Insecure-Requests
Retry-After
X-Varnish-Server
Payment
Cleartype
Server-Node
DC
X-App-Server
X-RequestSource
X-Response-Served-From
X-Signature
X-B-Cache
Country
X-Adobe-Content
X-Adobe-Loc
Powered
X-WebKit-CSP-Report-Only
X-Storage
Filters
Ms-Operation-Id
X-RTag
X-Tumblr-Pixel-1
Actual-Object-TTL
X-TT-TIMESTAMP
X-UUID
X-Tumblr-Pixel-2
X-GeoIP
X-TX-ID
X-VG-WebCache
X-Redis-Cache
X-Dns-Prefetch-Control
X-Drupal-Cache-Contexts
X-FW-Dynamic
X-Region
Cache-Tv-Group
X-Cacheable-TTL
X-Jobs
X-Varnish-Hits
X-Generated-By
X-Content-Age
Frame-Options
X-Locale
X-WA-Info
Webserver
GEO-INFO
ServedBy
NGB
CACHE
X-Oneagent-Js-Injection
X-Cache-NE
X-Guploader-Uploadid
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Contextid
X-BACKEND-TTL
HitType
Liferay-Portal
X-RemovedCookies
X-ProcessESI
X-NWS-LOG-UUID
Eomportal-Instance
X-Rendered-As
X-Cache-Operation
X-Cache-TTL-Remaining
X-Varnish-IP
X-Upgrade-Enabled
X-Esi
X-Mode
X-Via-JSL
Xserver
Viewport
X-Real-IP
LB
S-Cnection
X-Cache-Remote
X-Varnish-Cache-Hits
X-Path-Route
X-Cache-Enabled
X-Device-Type
X-RN-RSRV
X-Proto
Cache-Key
X-Proxied
X-Routing-Service
Meta-Geo
Machine
X-Cache-Var
X-Cache-Var-Map
X-From
X-ES-SERVER
X-Zipkin-Id
Cache-Hits
OT-Force-Account-Verify
X-Hl-Ver
X-Detected-As
X-Is-Bot
X-Akamai-Transformed
Load-Balancing
X-S
X-Time
L5d-Success-Class
X-Hosted-By
Mail-Subject
X-FW-Version
Property-Id
NGX
Mn-Server-Ip
Access-Control-Request-Headers
X-R9-Blue-Green-Version
X-Seen-By
X-Proxy
X-Origin-Hint
X-L-Path
X-NCache
X-FC-Vary-Parameters
X-Environment-Context
Webcakes-App-Version
Webcakes-App-Name
We-Hiring
Webcakes-Region
X-Cache-Config
X-Backend-Name
X-AWS-Id
Vix-Hermes-Req-Id
TWC-Privacy
TWC-Connection-Speed
X-Rocket-Nginx-Bypass
TWC-Device-Class
TWC-GeoIP-Country
TWC-Locale-Group
TWC-GeoIP-LatLong
X-FB-TRIP-ID
X-LJ-Flow-ID
X-VG-TLSProxy
X-VWS-Id
X-Time-Microsecs
X-Cache-Server
X-Tb
X-Viewer-Country
DB-Nickname
S-Rt
X-Labrador-Cache-Channel
X-MP-GENERATED-AT
X-Loop
X-Debug-Cache
X-Web-Node
Origin-Edge-Control
X-Format
Origin-Cache-Control
Now
X-Access
X-Tumblr-Pixel-3
X-EIG-Tracking-Id
X-TNCMS
X-RCS-CacheZone
X-Section
X-Akamai-Request-ID
X-Origin-Response-Time
X-ProxyCache-Status
NtCoent-Length
X-ProxyCache-Key
X-Trace-Id
X-CCM
X-Via-Fastly
X-ServerID
X-Via-CDN
X-Vgn-Hpd-Reason
X-Proxy-Build
Selected-FE
X-Human
X-PCL
Azure-InstanceId
X-Timing-Wait
X-Xfnlog-Site
X-BYPASS-REASON
X-OCL
Azure-RegionName
X-IP
Cache-Tag
Azure-SiteName
X-JoinUs
Azure-Version
Azure-SlotName
Datacenter
Uber-Trace-Id
X-Www-Served-By
X-Internal-Host
X-Generated
X-Grey
X-Cache-Category-Id
X-UnsetCookies
Content-Script-Type
Content-Style-Type
X-UA
X-Dynatrace-Js-Agent
Release
X-Site-Version
X-Endurance-Cache-Level
X-VC-Cache
X-Varnish-Cacheable
X-Rule
X-APP-VERSION
Decoy-Debug-TTL
Decoy-Debug-Key
Served-By
Decoy-Debug-Status
X-Status
X-EdgeConnect-Cache-Status
X-Birta-Cache-Post
X-Birta-Served
X-B3-Spanid
X-TIME
Nel
DSUID
X-Request-Time
X-CDN-Cache
X-Varnish-Ttl
X-OVcl-Cache
X-OVcl
X-Cluster-Node
X-NewRelic-App-Data
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Origin
X-Nginx-Cache
AsisCache
X-VCT
X-Hit
Rt-Fastcgi-Cache
Hostname
X-Newrelic-App-Data
Cteonnt-Length
X-PERF
X-ApacheServer
SRV
X-App-Name
X-Ua
X-Source
X-GRACE
Cache
X-Agile-Id
X-Agile
X-Pubstack
X-Agile-Age
X-Sucuri-ID
X-Origin-Host
X-Cache-Host
X-Origin-TTL
Cache-Name
X-Origin-CC
X-ElasticPress-Search
Thinkindot-Control
UCS
X-A
Xc-Version
X-Webstats-RespID
Www
X-A-Dcw
X-Aed
X-Accel-Expires-Debug
X-Up
X-Twitter-Response-Tags
X-Trv-Group
X-A-Wwc
X-Var-Ttl
X-Varnish-Authentication
X-A-Dam
Thinkindot-CacheControl-Type
X-A-Dgt
X-VG-WebServer
Origin
Lfy
MD5-Digest
Memcached
Meta-Geo-Continent
FNAC-ModuleRouting
Fly-Request-Id
Cross-Origin-Window-Policy
Ec-Rule-Version
Cache-Prefix
Fly-Cache
Node
BehaviorPad-Version
Request-Time
Server-Cache-Control
Server-Host
Server-Surrogate-Control
Request-EU
Request-Country
Arc-Country
X-Transaction
On-Server
Rendered-Blocks
Thinkindot-CacheControl
X-S-Cookie
X-Cache-Info
X-F5-Cache
X-External-Request-Id
X-DPWN-IS-SECURE
X-Cdn-Origin
X-G
X-Gannett-Site-Version
X-IN-WAF
X-Instart-Isnd
X-IN-APIGATEWAY
X-Hp-Webp
X-Generated-In
X-Developer
X-CF-Lambda-Fn
Ajk
X-D
X-Date
X-Debug-Cache-Expiry
X-Debug-Cache-Fetch
X-Core-Value
X-Connection-Hash
X-CF-Lambda-Version
X-Destination
X-Debug-Log
X-Debug-Cookies
X-Debug-Cache-Store
X-Logtrace-Id
X-Cache-Grace
X-Secret
X-B-Cookie
X-ScT
X-Rojux
X-Rewrite-Enabled
X-ARC
X-Server-Group
X-SRCache-Key
X-Thinkindot-L3
X-Sn-Servicetimems
X-ServiceProvider
X-Server-Time
X-Request-UUID
X-Region-Sid
X-NodeID
X-NU-AKA-ACS-Version
X-Mobile-URL
X-Matched-Rule
X-Cache-Expires
X-NX-Host
X-PAYTM-SRV-ID
X-Refresh
X-Reboot
X-Cache-ASPX
X-Processor
X-Application
X-A-Ccd
X-Geo
User-Cache-Control
X-Wix-Request-Id
X-Crawler
X-CGP
X-Cdn-Srv
X-Real-Ip
X-Cache-Miss-From
X-Swa-Ws
ViewerVersion
X-Distributor
X-Epic-Correlation-Id
X-Distil-CS
X-Dispatcher-Server
X-Developers
X-Device-Os
X-Cache-Id
X-Cache-Debug
Web-Mar-Node
X-WPE-Loopback-Upstream-Addr
V-Age
True-Client-Country-4JS
ServerName
Rt-Proxy-Cache
X-Amzn-Remapped-Connection
X-Amzn-Remapped-Content-Length
X-Block-Status
X-Cache-Bucket
X-Apm-Svc-Key
X-Apm-Inst-Hash
X-Amzn-Remapped-Date
X-Apm-App-Name
X-Eu-Site
X-Fetched-On
X-Page-Type
X-Request-URI
X-Origin-Expires
X-Origin-Date
X-Micro-Cache
X-Nginx-Cache-Key
X-PHP-Host
X-Platform
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Policy
X-Qloud-Router
X-Location
X-Sedo-Request-Id
X-Hash
X-Hnp-Log
X-Servername
X-Gen-Mode
RNT-Time
X-Sf
X-Info
X-Irp-Debug
X-LI-Proto
X-LI-UUID
X-Li-Pop
X-Li-Fabric
X-Key
X-LAGOON
X-SN
X-Cache-Backend
Fastly-SIE
HA-Ipaddr
X-ND-Cache
Pagetype
Fastly-SWR
Gh-Request-Id
Pramga
Proxy-Connection
Ha-Gx-Prefs
CDCHOST
Country-Code
Backend
RNT-Machine
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Apple-News-Services-Handled
Cache-Cookie-Set-From
Apple-News-Services-Request-Url
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
Pagespeed
X-FireWall-Port
X-Served-From
X-Planisys-CDN-TTL
X-Exp-Se
Heartbleed
X-Sorting-Hat-PodId
X-Protected-By
SD-X-WS
X-Cms-Context
X-Thanos
X-User
X-Sorting-Hat-ShopId
X-Org
X-Planisys-CDN-Rules
Is-Eu
X-Gateway-Cache-Key
Content-Disposition
Fastly-Soc-X-Request-Id
X-Server-IP
X-S-Maxage
X-No-Session
Adler-Geo
Warning
X-GeoIP-Country-Code
X-Gateway-Skip-Cache
X-Shopify-Stage
X-SIPLIST1
X-Fastly-Cache
X-ShopId
X-ShardId
X-Gateway-Cache-Status
X-Cache-FS-Status
X-Skip-Cache
IsBot
X-Backend-State
X-Backend-Host
X-Via-Edge
X-Backend-Url
AKAMAI
X-Bip
X-Level-Front-Cache
X-Auto-Login
X-Wikidot-Static-Cache
X-Amz-Meta-Cache-Control
X-Alternate-Cache-Key
X-Wikidot-Backend
X-Planisys-CDN-Cache
X-Variation
X-Via-SSL
Platform
REQUESTUUID
X-BBXSRF
X-C
Server-Int
X-Geo-Header
X-Generated-On
X-GeoIP-City
X-GZip
X-B3-Parentspanid
X-RateLimit-Reset
X-Owner
X-MSEdge-Features
X-MSEdge-Flight
Fastly-SSL
Kp-EeAlive
X-Core-Mission
X-Git-Hash
X-Host-Name
Server-ID
X-Ocache
X-Varnish-Beresp-Grace
X-App-Version
X-Varnish-Beresp-Status
HTTPS
X-BB-ID
X-Edge-Location
X-CDN-Forward
X-Wix-Server-Artifact-Id
X-Daa-Tunnel
VivaBuild
X-Proxy-Upstream
X-Proxy-Cache-Status
Wxu-Next-Region
Viewtype
Wxu-Next-Hostname
Wxu-Next-Commit
X-TrackingId
X-Cdn-Forward
AR-SID
X-TT-LOGID
MIME-Version
X-FPC
X-Sucuri-Cache
X-Edge-IP
X-Gdpr
X-Varnish-Url
Fastly-Backend-Name
Magicmarker
X-Aicache-OS
X-Load-Cache
X-NC
N-Cache
X-Dc
User-Agent
X-Nc
X-Release
X-Node-Id
X-Parent-Response-Time
Time
Memory
X-Pjax-Url
X-WebServer
X-CSRF-TOKEN
X-TH-Server
X-DC
X-Varnish-Beresp-Ttl
Resin-Trace
X-HS-Cache-Config
Powered-By
X-CUA
X-CACHE-KEY
HostName
X-Upstream-CT
CF-IPCountry
X-Upstream-HT
PICS-Label
X-Oss-Storage-Class
X-Oss-Server-Time
X-Instart-Info
X-Phone
Mime-Version
X-Servedbyhost
X-Oss-Request-Id
Pragrma
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Wa
X-Varnish-Beresp-TTL
X-Request-Handler-Origin-Region
X-Server-By
Backend-Name
X-Stale
X-Returned-From-DLL
X-Returned-From-PostProcessResponse
X-Returned-From-BeforeDispatch
X-Returned-From
X-Svr
X-Microsite
X-Original-Request
X-Passed-To-BeforeDispatch
X-Passed-To
Host-ID
X-Passed-To-DLL
X-Passed-To-PostProcessResponse
X-Actual-URL
X-Newrelic-Synthetics
X-Lb-Id
X-Tb-Optimization-Total-Bytes-Saved
Cf-Ipcountry
X-VServer
Section-Io-Cache
X-From-Cache
X-Croise-Owner
X-Worker
X-Optimization
Version
X-Cache-HT
355prline
409pxxline
X-Edge-Server
X-Server-W
Xxline
352pxline
286prxHost
Cdn-Host
188prxHost
178proxuri
Cdn-Request-Time
225prxHost
189phosttRef
219prxHost
ProcessTime
Cdn
X-APP
X-Ratelimit-Remaining
X-Atg-Version
X-Akamai-Request-ID2
CF-Cached-On
X-Fastly-Backend-Reqs
Accept-Language
X-SERVER-NAME
SID
Processtime
XServer
X-Ratelimit-Limit
X-Vcl-Version
X-Zone
X-ID
X-Req
X-Microcachable
Esi-Enabled
X-Unique-ID
X-HOST
X-AssetVersion
X-VCL-Version
Proxy-Firewall
X-Contensis-Viewer-Groups
X-LB-ID
X-CACHE-AGE
X-CLOUD-TRACE-CONTEXT
SN
GeoIP-Country-Code
GeoIP-City
X-IPS-LoggedIn
GeoIP-Latitude
Odigeo-Trace-Id
X-B3-SpanId
X-V
X-RequestId
X-Vtex-Processado-Em
X-WA
X-HTML-Minification-Powered-By
X-UPSTREAM-Address
X-Vtex-Remote-Cache
X-NGINX-Cache
X-Vcache
X-Urbn-Context-Path
X-Fstrz
X-Nananana
Pics-Label
X-URL
X-Via-NSCOPI
X-CSRF-Token
X-ServedByHost
X-Reqid
X-Urbn-Site-Id
Locale
Fastcgi-Useragent
X-ZONE
X-HS-Status
X-Check-Cacheable
X-WR-MODIFICATION
X-Flog
X-Response-By
X-ABtesting
GeoIp-Country-Code
X-Be
X-Backend-TTL
X-Hello
Geoip-Latitude
X-Cache-Ttl
DataCenter
Geoip-City
CDN
IBM-Web2-Location
X-NWS-UUID-VERIFY
X-Hyper-Cache
Dnion-Transfer-Encoding
GMS-Ver
X-Datadome
X-Dynatrace
X-Fastly-Country-Code
X-Generation-Time
X-Request-Start
X-NGENIX-Cache
X-Via-Ucdn
X-Ratelimit-Reset
X-Render-Time
X-Cdn-Cache
WP-Super-Cache
WebServer
Fastcgi-X-Cache-Version
X-PJAX-URL
X-GDPR
X-Cluster-Name
Requestid
X-LiteSpeed-Cache-Control
X-CS
Public-Key-Pins-Report-Only
X-Unique-Id
URI
X-Compress-Hint
X-Cache-URL
X-Amz-Meta-Surrogate-Control
WZWS-RAY
X-HS-Combine-CSS
GW-Server
Lb
X-FORWARDED-FOR
Amp-Access-Control-Allow-Source-Origin
X-SRV
X-HostName
FastCGI-Cache
X-Presslabs-Stats
Dynatrace
Mobile-Detection-Method
X-Pf-Uncompressing
X-Gen-Id
X-We-Are-Hiring
X-Got-Non-Ke-Cookie
GEO-REGION-INFO
X-Clientip
X-UE-Client-Country
Who
X-Varnish-Action
Countrycode
Serverid
Cneonction
X-Fpc
X-BE
Https
Epwk-Cache
X-Test
X-Bug-Bounty
Ohc-File-Size
Server-Id
A
X-LiteSpeed-Tag
SS
X-Store
X-GEO
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
Cache-Provider
Get-Access-Time
Is-Session-Tracking
RequestId
X-Fastly-Cache-Hits
X-ServerName
NnCoection
X-Cdn-Request-ID
X-HTML-Edge-Cache
Frontcache
X-Request-Url
X-Html-Edge-Cache
X-EC-Lua
X-Dw-Trace-Id