Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
X-Powered-By
Link
ETag
CF-RAY
X-XSS-Protection
Expect-CT
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
CF-Cache-Status
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-Xss-Protection
X-Drupal-Cache
X-Adblock-Key
Alt-Svc
X-Check
X-Cacheable
X-Cache-Status
Content-Security-Policy-Report-Only
X-Generator
CF-Ray
X-DNS-Prefetch-Control
X-Permitted-Cross-Domain-Policies
X-AspNetMvc-Version
X-Request-ID
X-Template
X-Language
Status
X-Iinfo
Content-Encoding
Timing-Allow-Origin
X-FRAME-OPTIONS
X-Content-Security-Policy
X-Buckets
Upgrade
Xkey
X-Turbo-Charged-By
X-Kinja-Server-Push
X-CDN
Keep-Alive
Access-Control-Expose-Headers
X-Backend
P3p
Access-Control-Max-Age
X-Cache-Group
X-Pass-Why
X-AH-Environment
X-Drupal-Dynamic-Cache
X-Age
X-Ua-Compatible
X-Server
X-Pingback
X-Via
X-Proxy-Cache
Grace
X-Amz-Request-Id
X-Amz-Id-2
X-Hacker
X-Varnish-Cache
X-Page-Speed
X-Robots-Tag
X-Server-Powered-By
X-Nginx-Cache-Status
WPE-Backend
X-UA-Device
EagleId
Request-Context
X-Envoy-Upstream-Service-Time
Cf-Railgun
X-Amz-Version-Id
X-LiteSpeed-Cache
X-Swift-SaveTime
X-Swift-CacheTime
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-OneAgent-JS-Injection
Ali-Swift-Global-Savetime
X-Device
X-WebKit-CSP
Server-Timing
Allow
X-Ac
X-Rq
X-Node
X-Host
Content-Location
Feature-Policy
X-Server-Id
X-Cnection
X-Response-Time
X-CST
Report-To
X-Backend-Server
X-Cloud-Trace-Context
EagleEye-TraceId
X-Application-Context
Surrogate-Control
X-ORACLE-DMS-ECID
X-Iejgwucgyu
X-Url
X-Origin-Cache
X-Readtime
Request-Id
X-Rack-Cache
X-FTR-Request-ID
X-Country
X-Type
X-Cache-Lookup
X-Clacks-Overhead
X-Country-Code
Rating
NEL
X-Instart-Request-ID
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Ruxit-JS-Agent
X-Vhost
X-Cdn
X-DynaTrace
Pinterest-Generated-By
X-DataDome
X-Mod-Pagespeed
X-Origin-Upstream-Status
Edge-Control
X-Px
X-Goog-Hash
X-HW
Verso
X-Server-Name
Accept-CH
X-Upstream-Env
X-Dispatcher
X-ORACLE-DMS-RID
MS-Author-Via
X-ESI
AR-ATIME
X-VARITI-CCR
AR-CACHE
AR-PoweredBy
PB-PID
PB-RID
Arc-Version
X-Mobile-Rewrite
X-MS-InvokeApp
X-GitHub-Request-Id
X-Exp-Variant
X-Cdn-Fetch
X-Exp-Id
X-GoogleNews-Bot
X-Use-Magma
X-Kinja-Revision
X-Kinja-Server
X-Kinja-Build
X-Kinja
X-DataStream-Cache-Status
X-Cached
X-Version
Public-Key-Pins
X-Powered-By-Plesk
Content-MD5
X-TTL
Charset
Service-Worker-Allowed
X-Recruiting
AR-Request-ID
RTSS
Accept-CH-Lifetime
Ar-Sid
X-Abt-Application-Version
X-D2id
X-Server-ID
X-Amz-Server-Side-Encryption
X-Navigation-Version
X-TtlSet
X-Vname
X-PC
X-Ser
X-Varnish-TTL
X-Vcap-Request-Id
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Forwarded-Proto
X-Client-IP
X-Trace
SPRequestGuid
Nginx-Cache
X-DynaTrace-JS-Agent
X-Country-Code-Real
X-FTR-Cache-Status
X-FTR-Balancer
X-FTR-Backend
X-FTR-Backend-Server
X-FTR-Realm
X-FTR-DC
X-FTR-Expires
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Goog-Stored-Content-Length
DynaTrace
S
X-Amz-Rid
X-Amz-Meta-S3cmd-Attrs
X-VCache
X-SharePointHealthScore
X-Fastly-Request-ID
X-XRDS-Location
X-Debug
TCN
X-Hits
X-TEC-API-ORIGIN
X-Dw-Request-Base-Id
X-TEC-API-VERSION
X-TEC-API-ROOT
Arr-Disable-Session-Affinity
X-Pinterest-Rid
X-Shield-Request-Id
Pinterest-Version
X-Upstream-Proxy
X-Akam-SW-Version
SPRequestDuration
SPIisLatency
X-Oracle-Dms-Rid
X-Powered-CMS
Access-Control-Request-Method
X-T
X-FTR-Cache-Host
X-B3-TraceId
X-Goog-Storage-Class
X-Id
X-Aspnet-Version
Realpath
X-NF-Request-ID
X-Acc-Meta-Resource-Type
Tracecode
X-MSEdge-Ref
X-Amzn-Trace-Id
Front-End-Https
X-Webkit-CSP
X-N
Fastcgi-Cache
X-Varnish-Age
X-Dns-Prefetch-Control
X-Content-Type
Paypal-Debug-Id
X-Ttl
X-Upstream
X-Forwarded-For
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
Alternate-Protocol
X-Frontend
X-RateLimit-Remaining
X-PressLabs-Stats
X-Logged-In
X-Content-Digest
X-HS-Hub-Id
X-HS-Content-Id
Fusion-Content-Source
Fusion-Template-Id
Fusion-Component-Id
Fusion-Content-Id
Fusion-Source
X-Litespeed-Cache
Display
X-Srv
X-Cache-Key
X-Fastcgi-Cache
X-Sol
X-Middleton-Display
X-Middleton-Response
X-Hostname
Response
AMP-Access-Control-Allow-Source-Origin
X-Pad
X-Accel-Expires
Host
MicrosoftSharePointTeamServices
X-SERVER
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
X-B3-Traceid
Server-Name
X-Kinsta-Cache
X-Analytics
X-Correlation-Id
Backend-Timing
X-User-Agent
X-Content-Options
X-LB-Cache
X-Activity-Id
X-Az
X-AppVersion
X-Debug-Info
X-Revision
X-Amz-Apigw-Id
X-B3-Sampled
X-Rid
X-Amzn-RequestId
X-IPLB-Instance
Surrogate-Key
X-Cache-Hit
FilterID
X-Cache-2
Accept-Charset
X-Grace
ServerID
Refresh
X-B
Powered-By-ChinaCache
X-CF-Powered-By
X-Accel-Buffering
X-DIS-Request-ID
X-Page-Id
X-Request-Processing-Time
X-Whom
X-Request-Received
TP-L2-Cache
TP-Cache
Server-Info
X-FastCGI-Cache
MS-CV
Host-Header
X-PHP-Backend
Cache-Status
X-Ruxit-Js-Agent
X-Cached-By
X-Amz-Replication-Status
X-Content-Security-Policy-Report-Only
X-Varnish-Backend
X-Cache-Action
X-App-Environment
X-Origin-Server
X-TT
VIX-Pulpo-Upstream-Status
Source
X-Akamai-Edgescape
VIX-Pulpo-Node
X-Framework
X-Tumblr-Pixel-0
X-Tumblr-User
X-Cluster
X-F-Cache
X-Mobile
X-Tumblr-Pixel
X-Platform-Server
X-GUploader-UploadID
Access-Control-Allow-Method
X-Content-Powered-By
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Drupal-Cache-Tags
X-FW-Serve
X-FW-Hash
X-UA-Device-Type
X-FW-Type
X-Instance
X-Request-Guid
X-FW-Static
X-Varnish-Grace
X-FW-Server
X-FB-Debug
X-Forwarded-Host
X-Geo-Country
X-RateLimit-Limit
PageSpeed
X-Zen-Fury
Edge-Cache-Tag
X-Cache-TTL
X-Node-Name
X-SS-Set-Cookie
X-TA-CDN-Provider
X-Handled-By
X-Shard
X-Ezoic-Cdn
X-Magnolia-Registration
From-Origin
X-Varnish-Hostname
X-ATG-Version
X-Cache-Age
Cache-Tags
Fastly-Restarts
X-BCube-Filmed-By
X-AOL-HN
X-Cache-Control
X-Varnish-Server
X-App-Server
DC
Cleartype
Healthy
Upgrade-Insecure-Requests
X-Cache-Rule
Server-Node
Payment
X-Region
X-RequestSource
X-Response-Served-From
Filters
X-Adobe-Loc
X-TX-ID
Country
X-Signature
X-Adobe-Content
X-B-Cache
X-WebKit-CSP-Report-Only
Ms-Operation-Id
X-GeoIP
X-Redis-Cache
X-Storage
Retry-After
X-Tumblr-Pixel-1
X-TT-TIMESTAMP
X-RTag
X-VG-WebCache
X-Tumblr-Pixel-2
Webserver
X-UUID
Actual-Object-TTL
X-Generated-By
X-Drupal-Cache-Contexts
X-Jobs
Cache-Tv-Group
X-FW-Dynamic
X-Varnish-Hits
X-Content-Age
X-XRDS-LOCATION
Powered
X-Locale
X-Cacheable-TTL
NGB
CACHE
GEO-INFO
X-Esi
Frame-Options
ServedBy
Liferay-Portal
X-Contextid
X-Oneagent-Js-Injection
X-WA-Info
HitType
X-Rendered-As
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Cache-TTL-Remaining
X-Varnish-IP
X-Cache-NE
X-Seen-By
Eomportal-Instance
X-RemovedCookies
X-ProcessESI
X-Guploader-Uploadid
S-Cnection
X-Via-JSL
X-BACKEND-TTL
X-Real-IP
Viewport
X-Upgrade-Enabled
X-Cache-Operation
X-Mode
X-Cache-Server
X-Varnish-Cache-Hits
X-Routing-Service
X-Cache-Var
X-Hl-Ver
X-Is-Bot
OT-Force-Account-Verify
X-From
X-ES-SERVER
X-Cache-Var-Map
X-Detected-As
X-Device-Type
Cache-Hits
X-Path-Route
X-Zipkin-Id
Mn-Server-Ip
Meta-Geo
X-Cache-Enabled
X-RN-RSRV
Cache-Key
X-Proto
X-Proxied
Machine
Load-Balancing
X-Time
X-S
Content-Style-Type
Content-Script-Type
X-Akamai-Transformed
TWC-Connection-Speed
NtCoent-Length
Property-Id
TWC-Device-Class
X-NWS-LOG-UUID
X-VG-TLSProxy
X-Tb
TWC-GeoIP-LatLong
TWC-Locale-Group
L5d-Success-Class
X-Proxy
Access-Control-Request-Headers
X-Origin-Hint
X-LJ-Flow-ID
X-L-Path
X-Hosted-By
TWC-Privacy
X-Rocket-Nginx-Bypass
NGX
TWC-GeoIP-Country
X-Environment-Context
Vix-Hermes-Req-Id
X-AWS-Id
X-Backend-Name
X-Cache-Config
Datacenter
X-FC-Vary-Parameters
X-FB-TRIP-ID
X-VWS-Id
Webcakes-App-Version
Webcakes-App-Name
X-Viewer-Country
Webcakes-Region
Azure-SlotName
Azure-Version
Azure-SiteName
Azure-RegionName
X-MP-GENERATED-AT
We-Hiring
X-Loop
X-Debug-Cache
X-Labrador-Cache-Channel
DB-Nickname
Origin-Edge-Control
X-Access
X-Format
S-Rt
Origin-Cache-Control
Now
X-EIG-Tracking-Id
X-FW-Version
X-Akamai-Request-ID
Mail-Subject
X-NCache
Azure-InstanceId
X-R9-Blue-Green-Version
X-Section
X-TNCMS
X-Web-Node
X-ServerID
X-RCS-CacheZone
X-Time-Microsecs
X-Origin-Response-Time
X-Tumblr-Pixel-3
X-Vgn-Hpd-Reason
Xserver
X-Timing-Wait
X-Via-Fastly
X-Birta-Served
X-BYPASS-REASON
X-Via-CDN
Selected-FE
X-OCL
X-Trace-Id
X-Birta-Cache-Post
X-Human
X-ProxyCache-Key
X-ProxyCache-Status
X-Proxy-Build
X-PCL
X-CCM
X-JoinUs
X-Xfnlog-Site
X-IP
X-Newrelic-App-Data
X-Site-Version
Uber-Trace-Id
X-Grey
LB
X-Endurance-Cache-Level
X-Www-Served-By
Cache-Tag
X-Internal-Host
X-Cache-Category-Id
X-Generated
X-Cache-Remote
X-Varnish-Cacheable
X-UA
X-VC-Cache
X-Status
Decoy-Debug-Key
Decoy-Debug-TTL
Decoy-Debug-Status
X-Dynatrace-Js-Agent
Served-By
X-GRACE
X-UnsetCookies
X-Rule
X-Wix-Server-Artifact-Id
X-EdgeConnect-Cache-Status
Release
X-TIME
X-CDN-Cache
Nel
AsisCache
X-Wix-Request-Id
X-Cluster-Node
ViewerVersion
X-APP-VERSION
Rt-Fastcgi-Cache
X-Origin-Host
X-B3-Spanid
X-Request-Time
X-App-Name
X-Sucuri-ID
X-PERF
X-ApacheServer
X-Nginx-Cache
X-Source
X-Origin
X-OVcl-Cache
X-Goog-Meta-Goog-Reserved-File-Mtime
X-OVcl
X-Hit
X-Agile-Id
X-Agile-Age
X-Agile
DSUID
X-Ua
X-VCT
X-NewRelic-App-Data
Cache-Name
SRV
X-App-Version
Warning
X-Origin-CC
User-Agent
X-Origin-TTL
X-ElasticPress-Search
On-Server
Origin
Meta-Geo-Continent
Node
Rendered-Blocks
Server-Surrogate-Control
X-Pubstack
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
Memcached
X-Sedo-Request-Id
Request-EU
Request-Time
Server-Cache-Control
Request-Country
X-Region-Sid
Cache-Prefix
X-Rojux
X-Rewrite-Enabled
BehaviorPad-Version
Arc-Country
X-ScT
X-S-Cookie
Ajk
Cross-Origin-Window-Policy
Ec-Rule-Version
X-Request-UUID
X-Refresh
Lfy
FNAC-ModuleRouting
X-Secret
Fly-Cache
Fly-Request-Id
Thinkindot-Control
MD5-Digest
X-A-Wwc
X-Developer
X-DPWN-IS-SECURE
X-External-Request-Id
X-F5-Cache
X-Destination
X-Debug-Log
X-Debug-Cache-Expiry
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-Debug-Cookies
X-PAYTM-SRV-ID
X-G
X-Mobile-URL
X-NodeID
X-NU-AKA-ACS-Version
X-NX-Host
X-Matched-Rule
X-Logtrace-Id
X-Gannett-Site-Version
X-Generated-In
X-Hp-Webp
X-Instart-Isnd
X-Date
X-D
X-Accel-Expires-Debug
X-Processor
X-Aed
X-Platform
X-A-Dgt
X-A-Dcw
Www
X-A
X-A-Ccd
X-A-Dam
X-Application
X-ARC
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Connection-Hash
X-Core-Value
X-Cache-Miss-From
X-Cache-Info
X-B-Cookie
X-Cache-ASPX
X-Cache-Expires
X-Cache-Grace
UCS
X-Reboot
X-Transaction
X-Webstats-RespID
Hostname
X-Trv-Group
X-Varnish-Authentication
X-Var-Ttl
X-Thinkindot-L3
X-SRCache-Key
X-VG-WebServer
X-Twitter-Response-Tags
X-Server-Group
Xc-Version
X-ServiceProvider
X-Up
X-Varnish-Ttl
X-Cache-Backend
User-Cache-Control
RNT-Machine
X-Qloud-Router
X-Device-Os
X-Ah-Environment
X-Dispatcher-Server
RNT-Time
ServerName
Server-Int
X-Page-Type
X-Developers
X-Hnp-Log
Proxy-Connection
X-Irp-Debug
X-RateLimit-Remaining-Second
X-Key
X-Rebelmouse-Cache-Control
X-Real-Ip
X-Edge-Location
Pagetype
Pramga
X-IN-WAF
X-Info
X-RateLimit-Limit-Second
X-Hash
X-Protected-By
X-BB-ID
X-Block-Status
X-Crawler
X-Distil-CS
X-Amzn-Remapped-Date
X-Cache-Bucket
X-Cache-Debug
X-Epic-Correlation-Id
X-Cache-Id
X-Cache-Host
X-Eu-Site
X-Amzn-Remapped-Content-Length
X-Amzn-Remapped-Connection
X-Gen-Mode
X-Distributor
X-Cdn-Srv
X-CGP
Web-Mar-Node
Cache
X-Policy
X-PHP-Host
Server-Host
X-Rebelmouse-Surrogate-Control
True-Client-Country-4JS
X-IN-APIGATEWAY
Fastly-SWR
Cteonnt-Length
Cache-Cookie-Set-From
X-SN
Apple-News-Services-Host
X-Origin-Date
CDCHOST
Backend
X-Sf
Apple-News-Services-Request-Url
Apple-News-Services-Handled
X-Swa-Ws
Country-Code
X-Micro-Cache
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
Fastly-SIE
X-Nginx-Cache-Key
X-Location
X-Servername
X-LI-UUID
Kp-EeAlive
X-SIPLIST1
IsBot
X-Li-Pop
X-LI-Proto
X-Li-Fabric
X-LAGOON
X-Request-URI
X-Origin-Expires
Ha-Gx-Prefs
HA-Ipaddr
Apple-News-Services-Parsed-Url
X-Ocache
X-Datadome
X-WPE-Loopback-Upstream-Addr
X-FireWall-Port
Pagespeed
X-Cache-FS-Status
X-Wikidot-Backend
X-BBXSRF
X-Planisys-CDN-TTL
X-Bip
X-C
AKAMAI
X-Cms-Context
X-Generated-On
X-Level-Front-Cache
X-No-Session
X-Fetched-On
X-Sucuri-Cache
X-Server-IP
X-Wikidot-Static-Cache
Gh-Request-Id
X-Planisys-CDN-Cache
X-Core-Mission
X-ShopId
X-User
X-Shopify-Stage
X-TT-LOGID
X-S-Maxage
X-Planisys-CDN-Rules
X-ShardId
Adler-Geo
X-Alternate-Cache-Key
X-Proxy-Upstream
Fastly-SSL
X-Via-Edge
Fastly-Soc-X-Request-Id
X-GeoIP-Country-Code
X-Proxy-Cache-Status
X-GeoIP-City
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
Platform
Is-Eu
X-Thanos
HTTPS
Heartbleed
SD-X-WS
X-Variation
X-Backend-Url
X-Geo-Header
X-Skip-Cache
X-Amz-Meta-Cache-Control
X-Sorting-Hat-ShopId
X-Auto-Login
X-Fastly-Cache
X-Backend-State
X-Backend-Host
X-Via-SSL
X-MSEdge-Flight
X-MSEdge-Features
X-Gateway-Skip-Cache
X-Gateway-Cache-Key
X-TrackingId
X-Sorting-Hat-PodId
X-Gateway-Cache-Status
Content-Disposition
X-Edge-IP
X-GZip
X-Owner
X-Sn-Servicetimems
Magicmarker
X-Server-Time
N-Cache
X-NC
X-RateLimit-Reset
X-Varnish-Url
X-Cdn-Origin
V-Age
Fastly-Backend-Name
X-Apm-Svc-Key
X-Apm-App-Name
X-Cdn-Forward
X-Apm-Inst-Hash
MIME-Version
Rt-Proxy-Cache
X-ND-Cache
REQUESTUUID
Server-ID
X-Geo
X-Exp-Se
X-CDN-Forward
X-Served-From
X-FPC
X-Org
X-Node-Id
X-B3-Parentspanid
HostName
VivaBuild
Viewtype
X-Aicache-OS
X-Varnish-Beresp-Ttl
X-Gdpr
X-Pjax-Url
X-CUA
Powered-By
X-Load-Cache
X-Dc
Wxu-Next-Region
X-Parent-Response-Time
Pragrma
Wxu-Next-Commit
X-CSRF-TOKEN
X-Git-Hash
X-DC
Wxu-Next-Hostname
CF-IPCountry
Section-Io-Cache
X-Returned-From-PostProcessResponse
X-Server-By
X-Passed-To-BeforeDispatch
X-Passed-To
X-Passed-To-DLL
X-Passed-To-PostProcessResponse
X-Original-Request
X-Svr
X-Returned-From-BeforeDispatch
X-Returned-From
X-Stale
X-Returned-From-DLL
Time
X-Actual-URL
PICS-Label
Memory
X-Nc
X-Host-Name
X-Croise-Owner
X-Servedbyhost
X-Wa
X-VServer
X-HS-Cache-Config
Host-ID
X-CACHE-KEY
Cdn-Request-Time
X-Oss-Storage-Class
Resin-Trace
X-Oss-Hash-Crc64ecma
X-Release
X-Oss-Request-Id
X-Edge-Server
X-Oss-Server-Time
Cdn-Host
X-Oss-Object-Type
X-Daa-Tunnel
X-TH-Server
X-WebServer
X-Tb-Optimization-Total-Bytes-Saved
Mime-Version
X-Optimization
AR-SID
X-Cache-HT
X-Unique-ID
ProcessTime
X-Microcachable
X-From-Cache
X-Phone
SID
X-Upstream-CT
X-Newrelic-Synthetics
Fastcgi-Useragent
X-Varnish-Beresp-TTL
X-Upstream-HT
X-Instart-Info
X-Lb-Id
XServer
Cf-Ipcountry
X-Req
Backend-Name
Cdn
X-APP
X-Atg-Version
CF-Cached-On
X-V
Proxy-Firewall
X-Worker
Odigeo-Trace-Id
X-Fastly-Backend-Reqs
189phosttRef
178proxuri
Processtime
219prxHost
188prxHost
X-LB-ID
355prline
409pxxline
352pxline
286prxHost
225prxHost
X-ID
Xxline
X-HTML-Minification-Powered-By
X-Server-W
X-B3-SpanId
X-Ratelimit-Remaining
X-WR-MODIFICATION
Version
X-Fstrz
X-Ratelimit-Limit
X-Backend-TTL
X-Vcl-Version
X-Zone
X-Check-Cacheable
X-CLOUD-TRACE-CONTEXT
X-CACHE-AGE
X-Response-By
X-Nananana
X-IPS-LoggedIn
X-VCL-Version
X-NGINX-Cache
X-Akamai-Request-ID2
GMS-Ver
X-UPSTREAM-Address
X-Vcache
Esi-Enabled
X-COUNTRY
X-WA
X-Request-Handler-Origin-Region
SN
X-URL
Public-Key-Pins-Report-Only
X-Contensis-Viewer-Groups
X-Microsite
X-Ratelimit-Reset
Accept-Language
X-AssetVersion
GeoIP-Latitude
Pics-Label
GeoIp-Country-Code
Geoip-Latitude
X-HS-Status
Fastcgi-X-Cache-Version
X-CSRF-Token
GeoIP-City
WZWS-RAY
X-ServedByHost
GeoIP-Country-Code
X-Hyper-Cache
DataCenter
X-Amz-Meta-Surrogate-Control
X-Fastly-Country-Code
X-Be
X-Vtex-Remote-Cache
Geoip-City
X-Vtex-Processado-Em
X-SERVER-NAME
X-FORWARDED-FOR
GW-Server
X-Dynatrace
X-ZONE
X-Request-Start
X-Render-Time
X-UE-Client-Country
X-Clientip
Locale
X-Reqid
X-Urbn-Context-Path
X-Urbn-Site-Id
X-RequestId
X-Via-Ucdn
X-GEO
Countrycode
X-Via-NSCOPI
Mobile-Detection-Method
X-We-Are-Hiring
Lb
X-Cdn-Cache
WP-Super-Cache
X-PJAX-URL
CDN
X-LiteSpeed-Cache-Control
X-NWS-UUID-VERIFY
X-ABtesting
X-Hello
SS
URI
X-CS
X-GDPR
X-Flog
X-BE
X-Unique-Id
Ohc-File-Size
IBM-Web2-Location
Dnion-Transfer-Encoding
X-SRV
X-GZIP
Dynatrace
FastCGI-Cache
X-HostName
Amp-Access-Control-Allow-Source-Origin
FSS-Cache
X-Pf-Uncompressing
FSS-Proxy
Cneonction
RequestUuid
X-Fpc
X-Generation-Time
X-PF-Uncompressing
X-Gen-Id
X-HS-Combine-CSS
Serverid
X-Cache-Ttl
X-Html-Edge-Cache
X-Bug-Bounty
Server-Id
A
X-Cluster-Name
X-Test
Accept-Ch
X-Store
X-Request-Url
Requestid
X-Fastly-Cache-Hits
X-LiteSpeed-Tag
X-Akamai-SSL-Client-Sid
X-NGENIX-Cache
X-Cache-URL
X-Compress-Hint
X-Dw-Trace-Id
X-ServerName
Ohc-Cache-HIT
Ohc-Response-Time
X-Serial
X-HTML-Edge-Cache
X-Cdn-Request-ID
NnCoection
X-EC-Lua
Get-Access-Time
Frontcache
Is-Session-Tracking