Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
X-Powered-By
Link
ETag
CF-RAY
X-XSS-Protection
Expect-CT
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
CF-Cache-Status
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-Xss-Protection
X-FRAME-OPTIONS
X-Drupal-Cache
X-Adblock-Key
Alt-Svc
X-Check
X-Cacheable
X-Cache-Status
Content-Security-Policy-Report-Only
X-Generator
X-Request-ID
CF-Ray
X-DNS-Prefetch-Control
X-Permitted-Cross-Domain-Policies
X-AspNetMvc-Version
X-Template
X-Language
Status
X-Iinfo
Content-Encoding
Timing-Allow-Origin
X-Content-Security-Policy
X-Buckets
Upgrade
Xkey
X-Turbo-Charged-By
X-Kinja-Server-Push
X-CDN
Keep-Alive
Access-Control-Expose-Headers
X-Server
X-AH-Environment
X-Backend
Access-Control-Max-Age
X-Cache-Group
X-Pass-Why
X-Drupal-Dynamic-Cache
X-Age
X-Ua-Compatible
X-Via
X-Pingback
X-Proxy-Cache
X-Amz-Request-Id
X-Amz-Id-2
Grace
X-Hacker
X-Varnish-Cache
X-Page-Speed
X-Robots-Tag
WPE-Backend
X-Server-Powered-By
X-Nginx-Cache-Status
X-UA-Device
EagleId
Request-Context
X-Envoy-Upstream-Service-Time
P3p
Cf-Railgun
X-Amz-Version-Id
X-Swift-CacheTime
X-Swift-SaveTime
X-WebKit-CSP
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-LiteSpeed-Cache
Ali-Swift-Global-Savetime
X-Device
X-OneAgent-JS-Injection
Server-Timing
X-Server-Id
X-Rq
X-Ac
X-Node
Allow
X-Host
Content-Location
Feature-Policy
X-Cnection
X-Response-Time
Report-To
X-Cloud-Trace-Context
X-Backend-Server
EagleEye-TraceId
Surrogate-Control
X-Application-Context
X-CST
X-ORACLE-DMS-ECID
Request-Id
X-Iejgwucgyu
X-Url
X-Origin-Cache
X-Readtime
X-Rack-Cache
X-FTR-Request-ID
X-Country
X-Cache-Lookup
X-Clacks-Overhead
X-Country-Code
Rating
X-DataDome
X-Instart-Request-ID
NEL
X-Vhost
Pinterest-Generated-By
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-DynaTrace
X-Cdn
X-Ruxit-JS-Agent
X-Mod-Pagespeed
X-Origin-Upstream-Status
Edge-Control
X-Goog-Hash
X-HW
X-Px
Accept-CH
X-Dispatcher
Verso
X-ESI
X-Server-Name
MS-Author-Via
X-VARITI-CCR
AR-CACHE
AR-ATIME
AR-PoweredBy
X-Mobile-Rewrite
Arc-Version
X-GitHub-Request-Id
PB-PID
PB-RID
X-DataStream-Cache-Status
X-MS-InvokeApp
X-Exp-Variant
X-Cdn-Fetch
X-Kinja-Server
X-ORACLE-DMS-RID
X-Exp-Id
X-Kinja
X-Kinja-Revision
X-Kinja-Build
X-Use-Magma
X-GoogleNews-Bot
X-Type
Public-Key-Pins
X-Cached
X-Powered-By-Plesk
Content-MD5
Service-Worker-Allowed
X-Version
AR-Request-ID
Accept-CH-Lifetime
X-Upstream-Env
X-Recruiting
X-D2id
X-Amz-Server-Side-Encryption
RTSS
X-Navigation-Version
X-Abt-Application-Version
X-TTL
Charset
X-Vcap-Request-Id
X-Ser
X-Vname
X-PC
X-TtlSet
Ar-Sid
X-Varnish-TTL
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Forwarded-Proto
Nginx-Cache
X-Client-IP
X-Trace
SPRequestGuid
X-Country-Code-Real
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-Cache-Status
X-FTR-DC
X-FTR-Realm
X-FTR-Backend
X-DynaTrace-JS-Agent
X-FTR-Expires
DynaTrace
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Goog-Stored-Content-Length
X-VCache
X-Oracle-Dms-Rid
X-Amz-Rid
X-Fastly-Request-ID
X-Amz-Meta-S3cmd-Attrs
S
X-Hits
X-Debug
TCN
X-Pinterest-Rid
X-Upstream-Proxy
Pinterest-Version
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-SharePointHealthScore
X-Akam-SW-Version
X-Dw-Request-Base-Id
X-Shield-Request-Id
X-Powered-CMS
X-XRDS-Location
Arr-Disable-Session-Affinity
X-FTR-Cache-Host
SPRequestDuration
SPIisLatency
X-T
Access-Control-Request-Method
X-Goog-Storage-Class
X-Server-ID
X-Id
Realpath
X-Ttl
X-Litespeed-Cache
X-Aspnet-Version
X-Acc-Meta-Resource-Type
X-MSEdge-Ref
X-NF-Request-ID
Tracecode
X-Amzn-Trace-Id
Front-End-Https
X-N
X-B3-Traceid
Fastcgi-Cache
X-Varnish-Age
X-Content-Type
X-Fastcgi-Cache
X-Upstream
X-Forwarded-For
X-Mrf-Item-Lastmod
Mrf-Cache-Status
MRF-Tech
X-B3-TraceId-Primal
X-Mrf-Section-Lastmod
Paypal-Debug-Id
Alternate-Protocol
Display
X-Sol
X-Middleton-Display
Response
X-Middleton-Response
X-Frontend
X-Logged-In
X-Content-Digest
X-HS-Hub-Id
X-Pad
X-HS-Content-Id
X-Webkit-CSP
Fusion-Content-Id
Fusion-Component-Id
Fusion-Content-Source
Fusion-Template-Id
Fusion-Source
X-B3-TraceId
X-Srv
X-PressLabs-Stats
X-Hostname
AMP-Access-Control-Allow-Source-Origin
Host
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
X-Accel-Expires
X-Grace
X-Cache-Key
X-RateLimit-Remaining
ServerID
MicrosoftSharePointTeamServices
X-B3-Sampled
X-Analytics
X-Correlation-Id
Backend-Timing
Server-Name
X-IPLB-Instance
X-LB-Cache
X-Revision
X-Debug-Info
X-Activity-Id
X-AppVersion
X-Az
X-Kinsta-Cache
X-User-Agent
Surrogate-Key
X-Rid
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Cache-Hit
X-Content-Options
Accept-Charset
FilterID
X-Ruxit-Js-Agent
X-Cache-2
Powered-By-ChinaCache
Refresh
X-Request-Processing-Time
X-CF-Powered-By
X-Request-Received
TP-Cache
X-B
TP-L2-Cache
MS-CV
X-Page-Id
X-Whom
X-Cached-By
PageSpeed
Host-Header
Cache-Status
Server-Info
X-DIS-Request-ID
X-TT
X-Varnish-Backend
VIX-Pulpo-Node
X-Origin-Server
X-Content-Security-Policy-Report-Only
Source
X-Akamai-Edgescape
VIX-Pulpo-Upstream-Status
X-Cache-Action
X-App-Environment
X-Amz-Replication-Status
X-Cluster
X-Ezoic-Cdn
X-Tumblr-User
X-Platform-Server
X-Tumblr-Pixel
X-PHP-Backend
X-Mobile
X-F-Cache
X-Tumblr-Pixel-0
X-FW-Type
X-FW-Hash
X-FW-Server
Access-Control-Allow-Method
X-Node-Name
X-FW-Serve
X-Varnish-Grace
X-Framework
X-FW-Static
X-Content-Powered-By
X-Request-Guid
X-Shard
X-FB-Debug
X-Forwarded-Host
X-Drupal-Cache-Tags
X-Instance
X-UA-Device-Type
Fastly-Restarts
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Geo-Country
Edge-Cache-Tag
X-TA-CDN-Provider
X-Oneagent-Js-Injection
X-Accel-Buffering
X-GUploader-UploadID
X-Zen-Fury
X-Varnish-Hostname
X-Handled-By
From-Origin
Cache-Tags
X-AOL-HN
X-Cache-TTL
X-Magnolia-Registration
X-SS-Set-Cookie
X-BCube-Filmed-By
X-RateLimit-Limit
X-Cache-Age
X-XRDS-LOCATION
X-Cache-Control
X-FastCGI-Cache
X-Cache-Rule
X-ATG-Version
Upgrade-Insecure-Requests
Healthy
Retry-After
X-Varnish-Server
Cleartype
Payment
Server-Node
DC
X-RequestSource
X-App-Server
X-Response-Served-From
Powered
X-TX-ID
X-Signature
X-WebKit-CSP-Report-Only
X-B-Cache
X-Storage
X-Tumblr-Pixel-1
Filters
Ms-Operation-Id
X-VG-WebCache
Country
X-FW-Dynamic
Actual-Object-TTL
X-GeoIP
X-Tumblr-Pixel-2
X-Dns-Prefetch-Control
X-Adobe-Content
X-Adobe-Loc
X-TT-TIMESTAMP
X-UUID
X-Redis-Cache
X-RTag
X-Jobs
Cache-Tv-Group
X-Drupal-Cache-Contexts
X-Region
X-Varnish-Hits
X-Cacheable-TTL
X-Content-Age
X-Generated-By
Frame-Options
X-Locale
X-WA-Info
Webserver
GEO-INFO
NGB
ServedBy
CACHE
X-Guploader-Uploadid
X-Cache-NE
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Contextid
X-BACKEND-TTL
HitType
X-NWS-LOG-UUID
X-RemovedCookies
X-ProcessESI
X-Rendered-As
Liferay-Portal
Eomportal-Instance
X-Cache-Operation
X-Varnish-IP
Nel
X-Cache-TTL-Remaining
X-Upgrade-Enabled
X-Esi
X-Mode
Viewport
X-Via-JSL
Xserver
X-Real-IP
LB
S-Cnection
X-Varnish-Cache-Hits
X-Cache-Remote
X-Detected-As
X-Zipkin-Id
X-Device-Type
X-Cache-Var-Map
X-Cache-Var
Mn-Server-Ip
Meta-Geo
Machine
Cache-Hits
Cache-Key
OT-Force-Account-Verify
X-Is-Bot
X-Akamai-Transformed
X-Path-Route
X-Proto
X-Routing-Service
X-RN-RSRV
X-Proxied
X-Hl-Ver
X-ES-SERVER
Load-Balancing
X-S
X-Time
X-Cache-Enabled
X-Cache-Config
X-Backend-Name
Webcakes-Region
X-Environment-Context
X-FB-TRIP-ID
X-Cache-Server
X-L-Path
X-Hosted-By
X-FW-Version
X-FC-Vary-Parameters
X-From
Webcakes-App-Version
Access-Control-Request-Headers
L5d-Success-Class
TWC-Connection-Speed
X-VG-TLSProxy
Mail-Subject
Property-Id
TWC-Device-Class
TWC-GeoIP-Country
Vix-Hermes-Req-Id
We-Hiring
TWC-Privacy
TWC-Locale-Group
TWC-GeoIP-LatLong
Webcakes-App-Name
X-Seen-By
X-NCache
X-Tb
X-Origin-Hint
X-Rocket-Nginx-Bypass
X-Viewer-Country
X-Time-Microsecs
X-Proxy
Azure-SlotName
Azure-Version
Azure-SiteName
X-LJ-Flow-ID
X-R9-Blue-Green-Version
Azure-InstanceId
X-RCS-CacheZone
Azure-RegionName
X-ServerID
Origin-Edge-Control
Origin-Cache-Control
NGX
X-Tumblr-Pixel-3
S-Rt
X-Akamai-Request-ID
DB-Nickname
X-TNCMS
X-Section
X-Access
X-Format
X-AWS-Id
X-Web-Node
Now
X-MP-GENERATED-AT
X-Labrador-Cache-Channel
X-Loop
X-EIG-Tracking-Id
X-Origin-Response-Time
X-VWS-Id
X-Debug-Cache
X-JoinUs
X-Xfnlog-Site
X-Trace-Id
X-Vgn-Hpd-Reason
X-ProxyCache-Key
X-ProxyCache-Status
X-Proxy-Build
X-IP
X-Human
X-Via-Fastly
X-PCL
X-Via-CDN
X-CCM
X-OCL
X-BYPASS-REASON
X-Timing-Wait
Selected-FE
Cache-Tag
NtCoent-Length
Uber-Trace-Id
X-Generated
X-Grey
X-Internal-Host
X-Www-Served-By
X-Cache-Category-Id
Datacenter
X-UnsetCookies
X-Dynatrace-Js-Agent
Content-Script-Type
Content-Style-Type
X-UA
X-Endurance-Cache-Level
X-VC-Cache
X-Site-Version
Release
X-Varnish-Cacheable
X-APP-VERSION
X-Rule
Served-By
Decoy-Debug-Key
Decoy-Debug-Status
Decoy-Debug-TTL
X-EdgeConnect-Cache-Status
X-Status
X-Birta-Served
X-Birta-Cache-Post
X-B3-Spanid
X-TIME
DSUID
X-Request-Time
X-CDN-Cache
X-OVcl-Cache
X-OVcl
X-Cluster-Node
X-NewRelic-App-Data
X-Origin
X-Nginx-Cache
X-Goog-Meta-Goog-Reserved-File-Mtime
AsisCache
X-VCT
X-Hit
X-App-Name
Rt-Fastcgi-Cache
Hostname
X-PERF
Cteonnt-Length
SRV
X-ApacheServer
X-Newrelic-App-Data
X-Ua
X-Source
X-GRACE
Cache
X-Pubstack
X-Agile
X-Agile-Id
X-Agile-Age
X-Cache-Host
X-Sucuri-ID
X-Origin-Host
Cache-Name
X-Origin-CC
X-Origin-TTL
X-ElasticPress-Search
Ec-Rule-Version
Cache-Prefix
BehaviorPad-Version
Arc-Country
Cross-Origin-Window-Policy
Lfy
Fly-Request-Id
Fly-Cache
FNAC-ModuleRouting
Rendered-Blocks
Thinkindot-CacheControl-Type
Thinkindot-Control
Thinkindot-CacheControl
Server-Surrogate-Control
Server-Host
UCS
Www
X-A-Dam
X-A-Dcw
X-A-Dgt
X-A
X-A-Wwc
X-Accel-Expires-Debug
On-Server
Origin
Node
Meta-Geo-Continent
Memcached
X-Application
Request-Country
Server-Cache-Control
X-Aed
Request-Time
Request-EU
MD5-Digest
X-Date
X-Request-UUID
X-Region-Sid
X-Rewrite-Enabled
X-Rojux
X-ScT
X-S-Cookie
X-Refresh
X-Reboot
X-NodeID
X-Mobile-URL
X-NU-AKA-ACS-Version
X-NX-Host
X-Processor
X-PAYTM-SRV-ID
X-Secret
X-Server-Group
X-Var-Ttl
X-Up
X-Varnish-Authentication
X-VG-WebServer
Xc-Version
X-Webstats-RespID
X-Twitter-Response-Tags
X-Trv-Group
X-ServiceProvider
X-Server-Time
X-Sn-Servicetimems
X-SRCache-Key
X-Transaction
X-Thinkindot-L3
X-Matched-Rule
X-Logtrace-Id
X-Core-Value
X-Connection-Hash
X-D
Ajk
X-Debug-Cache-Fetch
X-Debug-Cache-Expiry
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-Cache-ASPX
X-B-Cookie
X-Cache-Expires
X-Cache-Grace
X-Cdn-Origin
X-Cache-Info
X-Debug-Cache-Store
X-Debug-Cookies
X-Generated-In
X-Gannett-Site-Version
X-Hp-Webp
X-IN-APIGATEWAY
X-Instart-Isnd
X-IN-WAF
X-G
X-F5-Cache
X-Destination
X-Debug-Log
X-Developer
X-DPWN-IS-SECURE
X-External-Request-Id
X-ARC
X-A-Ccd
X-Geo
X-Varnish-Ttl
User-Cache-Control
X-Crawler
X-Wix-Request-Id
X-CGP
X-Cdn-Srv
X-Swa-Ws
X-Cache-Miss-From
ViewerVersion
X-Distributor
X-Epic-Correlation-Id
X-Distil-CS
X-Dispatcher-Server
X-Developers
X-Device-Os
X-Real-Ip
X-Cache-Debug
Web-Mar-Node
X-WPE-Loopback-Upstream-Addr
X-Amzn-Remapped-Connection
V-Age
True-Client-Country-4JS
ServerName
Rt-Proxy-Cache
X-Amzn-Remapped-Content-Length
X-Amzn-Remapped-Date
X-Cache-Bucket
X-Eu-Site
X-Block-Status
X-Apm-Svc-Key
X-Apm-App-Name
X-Apm-Inst-Hash
X-Cache-Id
X-Fetched-On
X-Origin-Expires
X-Page-Type
X-PHP-Host
X-Origin-Date
X-Nginx-Cache-Key
X-Sedo-Request-Id
X-Micro-Cache
X-Platform
X-Policy
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Request-URI
X-Qloud-Router
X-Location
X-LI-UUID
X-Hnp-Log
X-Sf
X-Hash
X-Gen-Mode
Server-Int
X-SIPLIST1
X-Servername
X-Info
X-Li-Pop
X-LI-Proto
X-Li-Fabric
X-LAGOON
X-Irp-Debug
X-Key
X-SN
X-Cache-Backend
Ha-Gx-Prefs
Gh-Request-Id
Fastly-SWR
HA-Ipaddr
Pagetype
Proxy-Connection
Pramga
Fastly-SIE
Country-Code
Apple-News-Services-Host
Apple-News-Services-Handled
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
CDCHOST
Backend
X-ND-Cache
IsBot
RNT-Time
RNT-Machine
X-FireWall-Port
Pagespeed
X-Gateway-Cache-Status
X-Fastly-Cache
X-Exp-Se
X-ShopId
X-Skip-Cache
Is-Eu
X-Gateway-Cache-Key
X-Shopify-Stage
X-Sorting-Hat-ShopId
X-Protected-By
X-Core-Mission
X-Cms-Context
X-Thanos
X-User
X-Gateway-Skip-Cache
X-Geo-Header
X-Org
X-Sorting-Hat-PodId
X-GeoIP-Country-Code
Cache-Cookie-Set-Lfrom
Adler-Geo
Warning
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
X-GeoIP-City
SD-X-WS
X-Generated-On
X-S-Maxage
X-No-Session
Fastly-SSL
X-Server-IP
X-Planisys-CDN-TTL
Fastly-Soc-X-Request-Id
REQUESTUUID
X-MSEdge-Flight
X-MSEdge-Features
Content-Disposition
X-ShardId
Heartbleed
X-Alternate-Cache-Key
X-Via-SSL
X-Wikidot-Backend
AKAMAI
X-C
X-Amz-Meta-Cache-Control
X-Planisys-CDN-Cache
X-Variation
X-Level-Front-Cache
X-Cache-FS-Status
Platform
X-Bip
X-Auto-Login
X-Wikidot-Static-Cache
X-Via-Edge
X-BBXSRF
X-Backend-Host
X-Planisys-CDN-Rules
X-Backend-State
X-Backend-Url
X-GZip
X-B3-Parentspanid
X-Served-From
X-RateLimit-Reset
Kp-EeAlive
X-Owner
X-Git-Hash
X-CDN-Forward
X-Host-Name
X-Varnish-Beresp-Grace
X-Ocache
X-Varnish-Beresp-Status
HTTPS
X-App-Version
X-BB-ID
Server-ID
X-Wix-Server-Artifact-Id
X-Daa-Tunnel
X-Edge-Location
X-Proxy-Upstream
Viewtype
Wxu-Next-Region
X-Proxy-Cache-Status
Wxu-Next-Commit
VivaBuild
X-Sucuri-Cache
Wxu-Next-Hostname
AR-SID
MIME-Version
X-FPC
X-TrackingId
X-TT-LOGID
X-Gdpr
X-Load-Cache
X-NC
X-Aicache-OS
Magicmarker
X-Varnish-Url
X-Edge-IP
Fastly-Backend-Name
N-Cache
X-Dc
X-Cdn-Forward
User-Agent
X-Nc
X-Parent-Response-Time
Memory
X-Node-Id
X-Release
X-Pjax-Url
Time
X-TH-Server
X-WebServer
X-CSRF-TOKEN
X-DC
X-Varnish-Beresp-Ttl
X-CUA
X-Phone
CF-IPCountry
PICS-Label
HostName
Resin-Trace
X-HS-Cache-Config
X-CACHE-KEY
X-Upstream-HT
Powered-By
X-Upstream-CT
Pragrma
Mime-Version
X-Oss-Server-Time
X-Oss-Object-Type
X-Wa
X-Oss-Hash-Crc64ecma
X-Oss-Request-Id
X-Instart-Info
X-Oss-Storage-Class
X-Servedbyhost
X-Varnish-Beresp-TTL
Backend-Name
X-Microsite
X-Stale
X-Request-Handler-Origin-Region
X-Returned-From-DLL
X-Returned-From-PostProcessResponse
X-Returned-From-BeforeDispatch
X-Returned-From
X-Svr
X-Server-By
X-Original-Request
X-Passed-To-BeforeDispatch
X-Passed-To
Host-ID
X-Actual-URL
X-Passed-To-DLL
X-Passed-To-PostProcessResponse
X-Newrelic-Synthetics
X-Tb-Optimization-Total-Bytes-Saved
X-VServer
Section-Io-Cache
Cf-Ipcountry
X-Lb-Id
X-Worker
X-Croise-Owner
X-From-Cache
X-Optimization
Version
X-Cache-HT
Cdn-Request-Time
X-Edge-Server
355prline
Cdn-Host
Xxline
X-Server-W
225prxHost
188prxHost
189phosttRef
219prxHost
178proxuri
352pxline
409pxxline
286prxHost
ProcessTime
Cdn
X-Ratelimit-Remaining
X-APP
X-Akamai-Request-ID2
X-Atg-Version
CF-Cached-On
X-SERVER-NAME
Processtime
SID
Accept-Language
X-Fastly-Backend-Reqs
XServer
X-Ratelimit-Limit
X-Unique-ID
X-Req
X-Vcl-Version
X-Microcachable
X-ID
X-Zone
Esi-Enabled
Proxy-Firewall
X-Contensis-Viewer-Groups
X-AssetVersion
X-VCL-Version
X-LB-ID
X-CACHE-AGE
X-CLOUD-TRACE-CONTEXT
X-V
GeoIP-Country-Code
GeoIP-Latitude
X-IPS-LoggedIn
SN
X-B3-SpanId
Odigeo-Trace-Id
GeoIP-City
X-UPSTREAM-Address
X-Vcache
X-NGINX-Cache
X-Vtex-Remote-Cache
X-Vtex-Processado-Em
X-RequestId
X-HTML-Minification-Powered-By
X-WA
Locale
Pics-Label
X-ServedByHost
X-CSRF-Token
X-Via-NSCOPI
X-ZONE
X-Fstrz
X-Urbn-Context-Path
X-Urbn-Site-Id
X-HS-Status
X-Reqid
Fastcgi-Useragent
X-URL
X-Nananana
X-Check-Cacheable
X-WR-MODIFICATION
X-Response-By
X-Backend-TTL
Geoip-Latitude
X-Flog
X-ABtesting
X-Be
GeoIp-Country-Code
X-Hello
DataCenter
X-Cache-Ttl
X-NWS-UUID-VERIFY
Amp-Access-Control-Allow-Source-Origin
CDN
Geoip-City
GMS-Ver
X-Hyper-Cache
X-Dynatrace
X-Datadome
X-Ratelimit-Reset
Dnion-Transfer-Encoding
X-Request-Start
IBM-Web2-Location
X-Generation-Time
X-Render-Time
X-Fastly-Country-Code
X-NGENIX-Cache
X-Via-Ucdn
WP-Super-Cache
X-Cdn-Cache
Requestid
X-LiteSpeed-Cache-Control
X-Cluster-Name
X-PJAX-URL
X-GDPR
Fastcgi-X-Cache-Version
X-CS
WebServer
Public-Key-Pins-Report-Only
X-Unique-Id
X-Cache-URL
X-Compress-Hint
Lb
X-HS-Combine-CSS
WZWS-RAY
X-Amz-Meta-Surrogate-Control
GW-Server
URI
X-HostName
X-Presslabs-Stats
FastCGI-Cache
X-FORWARDED-FOR
X-SRV
Dynatrace
Mobile-Detection-Method
X-Clientip
X-Pf-Uncompressing
GEO-REGION-INFO
X-Varnish-Action
X-Got-Non-Ke-Cookie
Who
Serverid
X-UE-Client-Country
Countrycode
X-Fpc
X-Gen-Id
Cneonction
X-We-Are-Hiring
Server-Id
X-BE
Epwk-Cache
X-Bug-Bounty
SS
Https
X-Test
Ohc-File-Size
A
X-LiteSpeed-Tag
X-Store
X-GEO
Get-Access-Time
Cache-Provider
X-Html-Edge-Cache
Is-Session-Tracking
RequestId
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
NnCoection
X-ServerName
X-Cdn-Request-ID
Frontcache
X-HTML-Edge-Cache
X-EC-Lua
X-Dw-Trace-Id
X-Fastly-Cache-Hits
X-Request-Url