Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
X-Powered-By
Link
ETag
CF-RAY
X-XSS-Protection
Expect-CT
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
CF-Cache-Status
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-AspNet-Version
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-Xss-Protection
X-FRAME-OPTIONS
X-Drupal-Cache
X-Adblock-Key
Alt-Svc
X-Check
X-Cacheable
X-Request-ID
X-Cache-Status
Content-Security-Policy-Report-Only
X-Generator
CF-Ray
X-DNS-Prefetch-Control
X-Permitted-Cross-Domain-Policies
X-AspNetMvc-Version
X-Template
X-Language
Status
X-Iinfo
Content-Encoding
Timing-Allow-Origin
X-Content-Security-Policy
X-Buckets
Upgrade
Xkey
X-Turbo-Charged-By
X-Kinja-Server-Push
X-CDN
Keep-Alive
Access-Control-Expose-Headers
X-Server
X-AH-Environment
X-Backend
Access-Control-Max-Age
X-Cache-Group
X-Pass-Why
X-Drupal-Dynamic-Cache
X-Age
X-Ua-Compatible
X-Via
X-Pingback
X-Proxy-Cache
X-Amz-Request-Id
X-Amz-Id-2
Grace
X-Hacker
X-Varnish-Cache
X-Page-Speed
X-Robots-Tag
WPE-Backend
X-Server-Powered-By
X-Nginx-Cache-Status
EagleId
X-UA-Device
Request-Context
X-Envoy-Upstream-Service-Time
P3p
Cf-Railgun
X-Amz-Version-Id
X-LiteSpeed-Cache
X-Swift-SaveTime
X-Swift-CacheTime
X-WebKit-CSP
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
Ali-Swift-Global-Savetime
X-Device
X-OneAgent-JS-Injection
Server-Timing
X-Server-Id
X-Ac
X-Rq
X-Node
Allow
X-Host
Content-Location
Feature-Policy
X-Cnection
X-Response-Time
Report-To
X-Cloud-Trace-Context
X-Backend-Server
EagleEye-TraceId
Surrogate-Control
X-Application-Context
X-CST
X-ORACLE-DMS-ECID
Request-Id
X-Iejgwucgyu
X-Url
X-Origin-Cache
X-Readtime
X-Rack-Cache
X-FTR-Request-ID
X-Country
X-Cache-Lookup
X-Clacks-Overhead
X-Country-Code
Rating
X-DataDome
X-Instart-Request-ID
NEL
X-Vhost
Pinterest-Generated-By
X-DynaTrace
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Cdn
X-Ruxit-JS-Agent
X-Mod-Pagespeed
X-Origin-Upstream-Status
Edge-Control
X-Goog-Hash
X-HW
X-Px
Accept-CH
X-Dispatcher
Verso
X-ESI
X-Server-Name
MS-Author-Via
X-VARITI-CCR
AR-CACHE
AR-ATIME
AR-PoweredBy
X-Mobile-Rewrite
Arc-Version
X-GitHub-Request-Id
PB-PID
PB-RID
X-DataStream-Cache-Status
X-MS-InvokeApp
X-Exp-Variant
X-Cdn-Fetch
X-Exp-Id
X-ORACLE-DMS-RID
X-GoogleNews-Bot
X-Use-Magma
X-Kinja-Server
X-Kinja-Revision
X-Kinja
X-Kinja-Build
X-Type
Public-Key-Pins
X-Cached
X-Powered-By-Plesk
Content-MD5
X-Version
Service-Worker-Allowed
Accept-CH-Lifetime
AR-Request-ID
X-Upstream-Env
X-D2id
X-Amz-Server-Side-Encryption
RTSS
X-Recruiting
X-Navigation-Version
X-Abt-Application-Version
X-TTL
Charset
X-Vcap-Request-Id
X-Ser
X-Vname
X-PC
X-TtlSet
Ar-Sid
X-Varnish-TTL
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Forwarded-Proto
Nginx-Cache
X-Client-IP
X-Trace
SPRequestGuid
X-FTR-Backend
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-Cache-Status
X-FTR-DC
X-FTR-Realm
X-Country-Code-Real
X-FTR-Expires
X-DynaTrace-JS-Agent
X-Goog-Generation
DynaTrace
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-VCache
X-Oracle-Dms-Rid
X-Amz-Rid
X-Fastly-Request-ID
X-Amz-Meta-S3cmd-Attrs
S
X-Hits
X-Debug
TCN
X-Upstream-Proxy
Pinterest-Version
X-Pinterest-Rid
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-SharePointHealthScore
X-Dw-Request-Base-Id
X-Akam-SW-Version
X-Shield-Request-Id
X-Powered-CMS
Arr-Disable-Session-Affinity
X-XRDS-Location
X-FTR-Cache-Host
SPRequestDuration
SPIisLatency
X-T
Access-Control-Request-Method
X-Goog-Storage-Class
X-Server-ID
X-Id
Realpath
X-Ttl
X-Aspnet-Version
X-Acc-Meta-Resource-Type
X-NF-Request-ID
X-MSEdge-Ref
Tracecode
X-Amzn-Trace-Id
X-N
Front-End-Https
X-B3-Traceid
Fastcgi-Cache
X-Varnish-Age
X-Content-Type
X-Fastcgi-Cache
X-Upstream
X-Forwarded-For
X-Mrf-Section-Lastmod
X-B3-TraceId-Primal
Mrf-Cache-Status
MRF-Tech
X-Mrf-Item-Lastmod
Paypal-Debug-Id
Alternate-Protocol
X-Sol
Response
Display
X-Middleton-Display
X-Middleton-Response
X-Frontend
X-Content-Digest
X-Logged-In
X-HS-Hub-Id
X-Pad
X-HS-Content-Id
X-Webkit-CSP
Fusion-Content-Id
Fusion-Content-Source
Fusion-Source
Fusion-Component-Id
Fusion-Template-Id
X-Litespeed-Cache
X-B3-TraceId
X-Srv
X-Hostname
X-PressLabs-Stats
X-RateLimit-Remaining
X-DataStream-Origin-MEX-Latency
AMP-Access-Control-Allow-Source-Origin
X-DataStream-MidMile-RTT
Host
X-Grace
X-Accel-Expires
X-Cache-Key
ServerID
MicrosoftSharePointTeamServices
X-Analytics
Backend-Timing
X-Correlation-Id
X-B3-Sampled
Server-Name
X-Az
X-Debug-Info
X-Activity-Id
X-Revision
X-AppVersion
X-Kinsta-Cache
X-LB-Cache
X-User-Agent
X-IPLB-Instance
Surrogate-Key
X-Rid
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Cache-Hit
X-Content-Options
FilterID
Accept-Charset
X-Ruxit-Js-Agent
X-Cache-2
Powered-By-ChinaCache
Refresh
X-Request-Received
X-CF-Powered-By
X-Request-Processing-Time
X-B
TP-L2-Cache
TP-Cache
MS-CV
X-Page-Id
X-Whom
X-Cached-By
PageSpeed
Host-Header
Cache-Status
X-DIS-Request-ID
Server-Info
X-Varnish-Backend
X-TT
Source
X-App-Environment
X-Cache-Action
X-Content-Security-Policy-Report-Only
X-Origin-Server
X-Amz-Replication-Status
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Akamai-Edgescape
X-Tumblr-User
X-F-Cache
X-Cluster
X-Mobile
X-Platform-Server
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-PHP-Backend
X-Ezoic-Cdn
X-Varnish-Grace
X-FW-Server
X-Content-Powered-By
X-Node-Name
X-FW-Hash
X-FW-Static
X-FW-Serve
X-FW-Type
Access-Control-Allow-Method
X-Framework
X-Shard
X-Forwarded-Host
X-FB-Debug
X-Drupal-Cache-Tags
X-Request-Guid
X-Instance
X-Kong-Upstream-Latency
Fastly-Restarts
X-UA-Device-Type
X-Kong-Proxy-Latency
X-Geo-Country
Edge-Cache-Tag
X-Oneagent-Js-Injection
X-TA-CDN-Provider
X-GUploader-UploadID
X-Accel-Buffering
X-Zen-Fury
X-Varnish-Hostname
X-Handled-By
From-Origin
X-RateLimit-Limit
Cache-Tags
X-Cache-TTL
X-Magnolia-Registration
X-AOL-HN
X-BCube-Filmed-By
X-Cache-Age
X-SS-Set-Cookie
X-Cache-Control
X-Cache-Rule
X-XRDS-LOCATION
X-FastCGI-Cache
X-ATG-Version
Healthy
Upgrade-Insecure-Requests
Retry-After
X-Varnish-Server
Server-Node
Cleartype
Payment
DC
X-App-Server
X-Response-Served-From
X-RequestSource
X-WebKit-CSP-Report-Only
X-Signature
X-B-Cache
X-Storage
X-TX-ID
Powered
X-Tumblr-Pixel-2
X-TT-TIMESTAMP
X-Tumblr-Pixel-1
Ms-Operation-Id
X-FW-Dynamic
Actual-Object-TTL
X-GeoIP
Country
Filters
X-Adobe-Content
X-RTag
X-Adobe-Loc
X-VG-WebCache
X-Redis-Cache
X-Dns-Prefetch-Control
X-Jobs
X-Region
X-Drupal-Cache-Contexts
Cache-Tv-Group
X-UUID
X-Cacheable-TTL
X-Varnish-Hits
X-Content-Age
X-Generated-By
X-Locale
Frame-Options
Webserver
X-WA-Info
GEO-INFO
ServedBy
NGB
CACHE
X-Guploader-Uploadid
X-Cache-NE
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Contextid
X-BACKEND-TTL
HitType
X-ProcessESI
X-RemovedCookies
X-NWS-LOG-UUID
Eomportal-Instance
X-Rendered-As
Liferay-Portal
X-Cache-Operation
X-Varnish-IP
X-Cache-TTL-Remaining
Nel
X-Upgrade-Enabled
X-Esi
X-Mode
X-Real-IP
X-Via-JSL
Xserver
Viewport
S-Cnection
X-Varnish-Cache-Hits
LB
X-Is-Bot
Machine
Meta-Geo
Mn-Server-Ip
X-Cache-Var
X-Cache-Var-Map
Cache-Hits
X-Routing-Service
X-ES-SERVER
OT-Force-Account-Verify
X-Zipkin-Id
Cache-Key
X-RN-RSRV
X-Detected-As
X-Device-Type
X-Proto
X-Hl-Ver
X-Proxied
X-Path-Route
Load-Balancing
X-S
X-Cache-Remote
X-Time
X-Environment-Context
X-Cache-Enabled
X-Backend-Name
Webcakes-Region
X-Cache-Config
X-FB-TRIP-ID
X-Cache-Server
X-NCache
X-L-Path
X-Seen-By
X-FC-Vary-Parameters
X-FW-Version
Webcakes-App-Version
Access-Control-Request-Headers
TWC-Connection-Speed
TWC-Device-Class
L5d-Success-Class
Mail-Subject
Property-Id
TWC-GeoIP-Country
TWC-GeoIP-LatLong
We-Hiring
Vix-Hermes-Req-Id
TWC-Privacy
TWC-Locale-Group
Webcakes-App-Name
X-Hosted-By
X-Time-Microsecs
X-Proxy
X-Viewer-Country
X-Tb
X-Akamai-Transformed
X-VG-TLSProxy
X-Rocket-Nginx-Bypass
X-Origin-Hint
Azure-SiteName
Azure-SlotName
Azure-InstanceId
X-Access
X-ServerID
Azure-Version
Azure-RegionName
X-Tumblr-Pixel-3
Origin-Edge-Control
Origin-Cache-Control
NGX
S-Rt
X-Web-Node
X-AWS-Id
DB-Nickname
X-VWS-Id
X-TNCMS
X-Akamai-Request-ID
X-Labrador-Cache-Channel
X-Section
X-LJ-Flow-ID
X-Loop
X-Origin-Response-Time
X-MP-GENERATED-AT
X-Format
Now
X-RCS-CacheZone
X-Debug-Cache
X-R9-Blue-Green-Version
X-EIG-Tracking-Id
Selected-FE
X-PCL
X-Via-Fastly
X-OCL
X-BYPASS-REASON
X-JoinUs
X-Xfnlog-Site
X-Via-CDN
X-Proxy-Build
X-From
X-ProxyCache-Key
X-Trace-Id
X-Timing-Wait
X-IP
X-Vgn-Hpd-Reason
X-Human
X-ProxyCache-Status
X-CCM
NtCoent-Length
Cache-Tag
X-Internal-Host
Uber-Trace-Id
X-Grey
X-Generated
X-Cache-Category-Id
Datacenter
X-Www-Served-By
X-UnsetCookies
X-Dynatrace-Js-Agent
Content-Script-Type
X-UA
Content-Style-Type
X-Endurance-Cache-Level
Release
X-VC-Cache
X-Site-Version
X-APP-VERSION
X-Varnish-Cacheable
X-Rule
Decoy-Debug-Status
Served-By
Decoy-Debug-TTL
Decoy-Debug-Key
X-EdgeConnect-Cache-Status
X-Status
X-Birta-Cache-Post
X-Birta-Served
X-TIME
X-B3-Spanid
DSUID
X-CDN-Cache
X-Request-Time
X-OVcl
X-OVcl-Cache
X-Cluster-Node
X-Origin
X-Nginx-Cache
X-NewRelic-App-Data
X-Goog-Meta-Goog-Reserved-File-Mtime
AsisCache
X-Hit
X-VCT
Rt-Fastcgi-Cache
Hostname
X-App-Name
X-ApacheServer
SRV
X-Newrelic-App-Data
X-PERF
Cteonnt-Length
X-Source
X-Ua
Cache
X-GRACE
X-Agile-Age
X-Pubstack
X-Agile
X-Agile-Id
X-Origin-Host
X-Sucuri-ID
X-Cache-Host
X-Origin-TTL
X-ElasticPress-Search
X-Origin-CC
Cache-Name
X-Destination
Www
X-Debug-Cache-Fetch
UCS
X-Debug-Log
X-Debug-Cookies
X-A-Ccd
X-Debug-Cache-Store
X-Accel-Expires-Debug
X-Developer
X-A-Dam
X-A-Dcw
Thinkindot-Control
X-A-Wwc
X-A-Dgt
X-DPWN-IS-SECURE
Rendered-Blocks
FNAC-ModuleRouting
Lfy
MD5-Digest
Memcached
Fly-Request-Id
Fly-Cache
BehaviorPad-Version
Cache-Prefix
Cross-Origin-Window-Policy
Ec-Rule-Version
Meta-Geo-Continent
Node
Server-Cache-Control
Server-Host
Server-Surrogate-Control
Thinkindot-CacheControl
Request-Time
Request-EU
On-Server
Origin
Arc-Country
Request-Country
Thinkindot-CacheControl-Type
X-Thinkindot-L3
X-Cdn-Origin
X-Cache-Info
X-Hp-Webp
X-NX-Host
X-NU-AKA-ACS-Version
X-PAYTM-SRV-ID
X-Cache-Grace
X-Gannett-Site-Version
X-Refresh
X-Generated-In
X-Reboot
X-Processor
X-NodeID
X-Mobile-URL
X-Debug-Cache-Expiry
X-Date
X-Instart-Isnd
X-IN-WAF
X-IN-APIGATEWAY
Ajk
X-D
X-CF-Lambda-Fn
X-Matched-Rule
X-CF-Lambda-Version
X-Logtrace-Id
X-Connection-Hash
X-Region-Sid
X-Request-UUID
X-Transaction
X-Trv-Group
X-External-Request-Id
X-F5-Cache
X-SRCache-Key
X-Twitter-Response-Tags
X-Application
X-VG-WebServer
X-Webstats-RespID
X-Varnish-Authentication
X-Var-Ttl
X-Aed
X-ARC
X-Sn-Servicetimems
X-S-Cookie
X-Cache-ASPX
X-Cache-Expires
X-Rojux
X-Rewrite-Enabled
X-G
X-ScT
X-ServiceProvider
X-B-Cookie
X-Server-Time
X-Server-Group
X-Secret
Xc-Version
X-A
X-Geo
X-Varnish-Ttl
User-Cache-Control
X-Developers
X-Device-Os
X-Crawler
X-CGP
X-Cdn-Srv
X-Dispatcher-Server
X-Core-Value
X-Distil-CS
X-Hash
X-Hnp-Log
X-Info
X-Gen-Mode
X-Fetched-On
X-Epic-Correlation-Id
X-Eu-Site
X-Cache-Miss-From
X-Cache-Id
X-Amzn-Remapped-Connection
X-Amzn-Remapped-Content-Length
Web-Mar-Node
V-Age
ServerName
True-Client-Country-4JS
X-Amzn-Remapped-Date
X-Apm-App-Name
X-Cache-Bucket
X-Cache-Debug
X-Cache-Backend
X-Block-Status
X-Apm-Inst-Hash
X-Apm-Svc-Key
X-Irp-Debug
X-LAGOON
X-Sf
X-SIPLIST1
X-SN
X-Servername
X-Sedo-Request-Id
X-Rebelmouse-Surrogate-Control
X-Request-URI
ViewerVersion
X-Wix-Request-Id
Rt-Proxy-Cache
X-ND-Cache
X-WPE-Loopback-Upstream-Addr
X-Up
X-Swa-Ws
X-Real-Ip
X-Rebelmouse-Cache-Control
X-RateLimit-Remaining-Second
X-LI-UUID
X-Location
X-Micro-Cache
X-LI-Proto
X-Li-Pop
Server-Int
X-Li-Fabric
X-Nginx-Cache-Key
X-Origin-Date
X-Qloud-Router
X-RateLimit-Limit-Second
X-Policy
X-Platform
X-Page-Type
X-PHP-Host
X-Key
X-Origin-Expires
Apple-News-Services-Host
RNT-Time
Gh-Request-Id
RNT-Machine
CDCHOST
Apple-News-Services-Parsed-Url
Pramga
Apple-News-Services-Request-Url
Fastly-SWR
Backend
Fastly-SIE
Country-Code
Proxy-Connection
Pagetype
IsBot
Apple-News-Services-Handled
HA-Ipaddr
Ha-Gx-Prefs
Pagespeed
X-FireWall-Port
X-Gateway-Cache-Key
X-Gateway-Skip-Cache
X-Gateway-Cache-Status
X-Variation
X-Wikidot-Static-Cache
X-Core-Mission
X-Cms-Context
X-Generated-On
X-Geo-Header
REQUESTUUID
AKAMAI
X-Via-SSL
X-Exp-Se
X-Wikidot-Backend
X-Via-Edge
Heartbleed
X-No-Session
X-MSEdge-Flight
X-MSEdge-Features
Cache-Cookie-Set-Lfrom
Warning
X-Server-IP
Content-Disposition
X-S-Maxage
Fastly-Soc-X-Request-Id
Fastly-SSL
X-ShardId
X-ShopId
X-GeoIP-City
X-Sorting-Hat-ShopId
X-Thanos
Is-Eu
X-Sorting-Hat-PodId
Cache-Cookie-Set-From
X-Shopify-Stage
Cache-Cookie-Set-Idcheck
X-Skip-Cache
X-GeoIP-Country-Code
X-Distributor
X-C
X-Bip
X-Planisys-CDN-Cache
X-Protected-By
Platform
X-Auto-Login
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-BBXSRF
X-Backend-Url
X-Backend-State
X-Backend-Host
Adler-Geo
X-User
X-Amz-Meta-Cache-Control
X-Cache-FS-Status
X-Level-Front-Cache
SD-X-WS
X-Alternate-Cache-Key
X-Org
X-B3-Parentspanid
X-GZip
X-Fastly-Cache
X-Owner
X-Served-From
X-RateLimit-Reset
Kp-EeAlive
X-Host-Name
X-Git-Hash
X-Varnish-Beresp-Grace
HTTPS
X-Varnish-Beresp-Status
X-App-Version
Server-ID
X-Ocache
X-BB-ID
X-Edge-Location
X-CDN-Forward
X-Daa-Tunnel
X-Wix-Server-Artifact-Id
X-Proxy-Upstream
X-TT-LOGID
VivaBuild
Viewtype
X-TrackingId
X-Proxy-Cache-Status
MIME-Version
X-Sucuri-Cache
Wxu-Next-Hostname
AR-SID
X-FPC
Wxu-Next-Commit
Wxu-Next-Region
X-Varnish-Url
N-Cache
X-Load-Cache
Magicmarker
X-Gdpr
X-Aicache-OS
X-NC
Fastly-Backend-Name
X-Edge-IP
X-Dc
X-Cdn-Forward
User-Agent
Time
X-Node-Id
X-Release
X-Parent-Response-Time
Memory
X-Pjax-Url
X-Nc
X-TH-Server
X-WebServer
X-CSRF-TOKEN
X-Varnish-Beresp-Ttl
X-DC
HostName
X-HS-Cache-Config
X-CACHE-KEY
X-Upstream-HT
X-Phone
X-CUA
Powered-By
X-Upstream-CT
CF-IPCountry
PICS-Label
Resin-Trace
X-Wa
X-Instart-Info
Mime-Version
X-Oss-Storage-Class
X-Oss-Hash-Crc64ecma
X-Servedbyhost
X-Oss-Object-Type
X-Oss-Request-Id
Pragrma
X-Oss-Server-Time
X-Varnish-Beresp-TTL
X-Returned-From-BeforeDispatch
X-Returned-From
X-Microsite
X-Server-By
X-Request-Handler-Origin-Region
Backend-Name
X-Stale
X-Svr
X-Returned-From-DLL
X-Returned-From-PostProcessResponse
X-Passed-To-BeforeDispatch
X-Passed-To-DLL
X-Passed-To
X-Actual-URL
Host-ID
X-Passed-To-PostProcessResponse
X-Original-Request
X-Newrelic-Synthetics
X-Tb-Optimization-Total-Bytes-Saved
Cf-Ipcountry
X-Lb-Id
Section-Io-Cache
X-From-Cache
X-VServer
X-Croise-Owner
X-Worker
X-Optimization
X-Cache-HT
Version
189phosttRef
188prxHost
X-Edge-Server
X-Server-W
225prxHost
219prxHost
352pxline
355prline
178proxuri
Cdn-Request-Time
286prxHost
Xxline
Cdn-Host
409pxxline
ProcessTime
Cdn
X-APP
CF-Cached-On
X-Akamai-Request-ID2
X-Atg-Version
SID
Accept-Language
Processtime
XServer
X-Fastly-Backend-Reqs
X-SERVER-NAME
X-Zone
X-Vcl-Version
X-Req
X-ID
X-Microcachable
X-Unique-ID
X-Ratelimit-Remaining
X-Ratelimit-Limit
Esi-Enabled
Proxy-Firewall
X-VCL-Version
X-LB-ID
X-AssetVersion
X-Contensis-Viewer-Groups
X-CACHE-AGE
X-CLOUD-TRACE-CONTEXT
X-IPS-LoggedIn
GeoIP-Country-Code
GeoIP-Latitude
X-B3-SpanId
SN
X-V
GeoIP-City
Odigeo-Trace-Id
X-UPSTREAM-Address
X-NGINX-Cache
X-Vcache
X-Vtex-Remote-Cache
X-HTML-Minification-Powered-By
X-WA
X-Vtex-Processado-Em
X-RequestId
X-Fstrz
X-Urbn-Context-Path
X-Nananana
X-Urbn-Site-Id
Locale
X-Reqid
X-URL
Pics-Label
X-Via-NSCOPI
X-HS-Status
X-CSRF-Token
X-ZONE
Fastcgi-Useragent
X-ServedByHost
X-Check-Cacheable
X-WR-MODIFICATION
GeoIp-Country-Code
X-Flog
X-Response-By
X-ABtesting
X-Backend-TTL
Geoip-Latitude
X-Be
X-Hello
X-Cache-Ttl
DataCenter
CDN
GMS-Ver
X-NWS-UUID-VERIFY
Amp-Access-Control-Allow-Source-Origin
Geoip-City
X-Hyper-Cache
X-Datadome
X-Dynatrace
Dnion-Transfer-Encoding
X-Ratelimit-Reset
IBM-Web2-Location
X-Generation-Time
X-Fastly-Country-Code
X-NGENIX-Cache
X-Render-Time
X-Via-Ucdn
X-Request-Start
WP-Super-Cache
X-Cdn-Cache
WebServer
Requestid
Fastcgi-X-Cache-Version
X-Cluster-Name
X-GDPR
X-LiteSpeed-Cache-Control
X-CS
X-PJAX-URL
X-Unique-Id
Public-Key-Pins-Report-Only
GW-Server
WZWS-RAY
X-HS-Combine-CSS
URI
X-Amz-Meta-Surrogate-Control
X-Compress-Hint
X-Cache-URL
Lb
X-FORWARDED-FOR
X-HostName
FastCGI-Cache
X-SRV
Dynatrace
X-Presslabs-Stats
Who
X-Got-Non-Ke-Cookie
X-Varnish-Action
X-We-Are-Hiring
X-UE-Client-Country
X-Gen-Id
GEO-REGION-INFO
Mobile-Detection-Method
X-Clientip
Serverid
X-Pf-Uncompressing
Cneonction
Countrycode
X-Fpc
X-Bug-Bounty
A
Https
Epwk-Cache
SS
Server-Id
X-Test
Ohc-File-Size
X-Store
X-LiteSpeed-Tag
X-BE
X-GEO
Get-Access-Time
Cache-Provider
X-Dw-Trace-Id
Is-Session-Tracking
RequestId
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-HTML-Edge-Cache
X-EC-Lua
X-Request-Url
X-ServerName
X-Fastly-Cache-Hits
Frontcache
X-Cdn-Request-ID
X-Html-Edge-Cache
NnCoection