Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
X-Powered-By
Link
ETag
CF-RAY
X-XSS-Protection
Expect-CT
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
CF-Cache-Status
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-Xss-Protection
X-FRAME-OPTIONS
X-Drupal-Cache
X-Adblock-Key
Alt-Svc
X-Check
X-Cacheable
X-Cache-Status
Content-Security-Policy-Report-Only
X-Generator
X-Request-ID
CF-Ray
X-DNS-Prefetch-Control
X-Permitted-Cross-Domain-Policies
X-AspNetMvc-Version
X-Template
X-Language
Status
X-Iinfo
Content-Encoding
Timing-Allow-Origin
X-Content-Security-Policy
X-Buckets
Upgrade
Xkey
X-Turbo-Charged-By
X-Kinja-Server-Push
X-CDN
Keep-Alive
Access-Control-Expose-Headers
X-Server
X-AH-Environment
X-Backend
Access-Control-Max-Age
X-Cache-Group
X-Pass-Why
X-Drupal-Dynamic-Cache
X-Age
X-Ua-Compatible
X-Via
X-Pingback
X-Proxy-Cache
X-Amz-Request-Id
X-Amz-Id-2
Grace
X-Hacker
X-Varnish-Cache
X-Page-Speed
X-Robots-Tag
WPE-Backend
X-Server-Powered-By
X-Nginx-Cache-Status
X-UA-Device
EagleId
Request-Context
X-Envoy-Upstream-Service-Time
P3p
Cf-Railgun
X-Amz-Version-Id
X-LiteSpeed-Cache
X-Swift-SaveTime
X-Swift-CacheTime
X-WebKit-CSP
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-OneAgent-JS-Injection
Ali-Swift-Global-Savetime
X-Device
Server-Timing
X-Server-Id
X-Rq
X-Ac
X-Node
Allow
X-Host
Content-Location
Feature-Policy
X-Cnection
X-Response-Time
Report-To
X-Cloud-Trace-Context
X-Backend-Server
EagleEye-TraceId
Surrogate-Control
X-Application-Context
X-CST
X-ORACLE-DMS-ECID
Request-Id
X-Iejgwucgyu
X-Origin-Cache
X-Url
X-Readtime
X-Rack-Cache
X-FTR-Request-ID
X-Cache-Lookup
X-Country
X-Clacks-Overhead
X-Country-Code
Rating
NEL
X-DataDome
X-Instart-Request-ID
X-Ruxit-JS-Agent
X-Vhost
Pinterest-Generated-By
X-DynaTrace
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Cdn
X-Mod-Pagespeed
X-Origin-Upstream-Status
Edge-Control
X-Goog-Hash
X-HW
X-Px
Accept-CH
X-Dispatcher
Verso
X-ESI
X-ORACLE-DMS-RID
X-Server-Name
MS-Author-Via
X-VARITI-CCR
AR-ATIME
AR-PoweredBy
AR-CACHE
PB-PID
PB-RID
X-GitHub-Request-Id
Arc-Version
X-Mobile-Rewrite
X-DataStream-Cache-Status
X-MS-InvokeApp
X-Use-Magma
X-Kinja-Server
X-Kinja-Build
Public-Key-Pins
X-Kinja-Revision
X-Exp-Id
X-Kinja
X-Cdn-Fetch
X-Type
X-Exp-Variant
X-GoogleNews-Bot
X-Powered-By-Plesk
X-Cached
Content-MD5
X-Version
Service-Worker-Allowed
X-TTL
Accept-CH-Lifetime
AR-Request-ID
X-Upstream-Env
X-D2id
RTSS
X-Amz-Server-Side-Encryption
X-Recruiting
X-Navigation-Version
X-Abt-Application-Version
X-Vcap-Request-Id
Charset
X-Ser
X-Vname
X-TtlSet
X-PC
Ar-Sid
X-Varnish-TTL
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Forwarded-Proto
Nginx-Cache
X-Client-IP
X-Trace
SPRequestGuid
X-DynaTrace-JS-Agent
X-FTR-Balancer
X-FTR-Realm
X-FTR-DC
X-FTR-Cache-Status
X-FTR-Backend-Server
X-Country-Code-Real
X-FTR-Backend
X-FTR-Expires
DynaTrace
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-VCache
X-Amz-Rid
X-Fastly-Request-ID
X-Amz-Meta-S3cmd-Attrs
S
X-Hits
X-Debug
X-Pinterest-Rid
X-Upstream-Proxy
TCN
Pinterest-Version
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-SharePointHealthScore
X-Akam-SW-Version
X-Powered-CMS
X-Dw-Request-Base-Id
X-Shield-Request-Id
Arr-Disable-Session-Affinity
X-XRDS-Location
SPIisLatency
SPRequestDuration
X-Oracle-Dms-Rid
X-FTR-Cache-Host
X-T
Access-Control-Request-Method
X-Goog-Storage-Class
X-Server-ID
X-Id
Realpath
X-Aspnet-Version
X-Acc-Meta-Resource-Type
Tracecode
X-MSEdge-Ref
X-NF-Request-ID
X-Amzn-Trace-Id
X-N
Front-End-Https
X-Varnish-Age
Fastcgi-Cache
X-Content-Type
X-Upstream
X-Ttl
X-Forwarded-For
X-B3-TraceId
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
MRF-Tech
X-B3-Traceid
X-B3-TraceId-Primal
Mrf-Cache-Status
X-Fastcgi-Cache
Paypal-Debug-Id
Alternate-Protocol
Display
Response
X-Middleton-Display
X-Middleton-Response
X-Sol
X-Frontend
X-Logged-In
X-Content-Digest
X-HS-Hub-Id
X-HS-Content-Id
X-Pad
Fusion-Content-Id
Fusion-Source
Fusion-Component-Id
Fusion-Content-Source
X-Webkit-CSP
Fusion-Template-Id
X-Litespeed-Cache
X-Hostname
X-PressLabs-Stats
X-Srv
AMP-Access-Control-Allow-Source-Origin
X-RateLimit-Remaining
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
Host
X-Accel-Expires
X-Cache-Key
X-Grace
ServerID
MicrosoftSharePointTeamServices
Backend-Timing
X-B3-Sampled
X-Correlation-Id
X-Analytics
Server-Name
X-Revision
X-User-Agent
Surrogate-Key
X-IPLB-Instance
X-AppVersion
X-Az
X-Debug-Info
X-Activity-Id
X-LB-Cache
X-Amz-Apigw-Id
X-Kinsta-Cache
X-Rid
X-Amzn-RequestId
X-Content-Options
Accept-Charset
X-Cache-Hit
FilterID
X-Cache-2
Refresh
Powered-By-ChinaCache
X-CF-Powered-By
X-Request-Processing-Time
X-Request-Received
TP-L2-Cache
TP-Cache
X-B
MS-CV
X-Page-Id
X-Whom
X-Cached-By
Host-Header
Server-Info
X-Ruxit-Js-Agent
X-DIS-Request-ID
X-Varnish-Backend
Cache-Status
X-TT
Source
X-GUploader-UploadID
X-Cache-Action
X-Content-Security-Policy-Report-Only
X-App-Environment
X-Amz-Replication-Status
VIX-Pulpo-Node
X-Origin-Server
VIX-Pulpo-Upstream-Status
X-Akamai-Edgescape
X-Tumblr-User
X-F-Cache
X-Cluster
X-Mobile
X-Platform-Server
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-PHP-Backend
X-Ezoic-Cdn
X-Node-Name
X-Content-Powered-By
X-FW-Hash
X-FW-Server
X-Forwarded-Host
X-Varnish-Grace
X-FW-Serve
X-FW-Static
X-Framework
X-FW-Type
Access-Control-Allow-Method
X-Instance
X-Shard
X-Drupal-Cache-Tags
X-Request-Guid
X-FB-Debug
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
Fastly-Restarts
X-UA-Device-Type
X-Geo-Country
PageSpeed
Edge-Cache-Tag
X-TA-CDN-Provider
X-FastCGI-Cache
X-Accel-Buffering
X-Zen-Fury
X-Varnish-Hostname
X-Handled-By
From-Origin
X-RateLimit-Limit
Cache-Tags
X-Cache-TTL
X-Magnolia-Registration
X-AOL-HN
X-Cache-Age
X-SS-Set-Cookie
X-BCube-Filmed-By
X-Cache-Control
X-Cache-Rule
X-XRDS-LOCATION
X-ATG-Version
Healthy
Upgrade-Insecure-Requests
Retry-After
X-Varnish-Server
Payment
Cleartype
Server-Node
DC
X-App-Server
X-Response-Served-From
X-RequestSource
X-Adobe-Content
Powered
X-TX-ID
X-Adobe-Loc
X-Storage
X-Signature
X-B-Cache
X-WebKit-CSP-Report-Only
Filters
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-TT-TIMESTAMP
Country
X-UUID
X-RTag
Actual-Object-TTL
Ms-Operation-Id
X-GeoIP
X-FW-Dynamic
X-VG-WebCache
X-Dns-Prefetch-Control
X-Redis-Cache
X-Drupal-Cache-Contexts
X-Jobs
Cache-Tv-Group
X-Region
X-Content-Age
X-Varnish-Hits
X-Cacheable-TTL
X-Generated-By
Frame-Options
X-Locale
X-WA-Info
Webserver
GEO-INFO
NGB
ServedBy
X-Oneagent-Js-Injection
CACHE
X-Cache-NE
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Contextid
X-BACKEND-TTL
HitType
Liferay-Portal
X-NWS-LOG-UUID
Eomportal-Instance
X-Rendered-As
X-RemovedCookies
X-ProcessESI
X-Cache-Operation
X-Guploader-Uploadid
X-Cache-TTL-Remaining
X-Real-IP
X-Varnish-IP
X-Upgrade-Enabled
X-Esi
X-Mode
Viewport
X-Via-JSL
X-Varnish-Cache-Hits
LB
S-Cnection
X-Cache-Remote
Meta-Geo
X-Akamai-Transformed
X-Cache-Var
Mn-Server-Ip
X-Cache-Var-Map
X-Cache-Enabled
X-Routing-Service
Cache-Hits
Cache-Key
OT-Force-Account-Verify
X-RN-RSRV
X-Zipkin-Id
X-ES-SERVER
Load-Balancing
X-Proxied
X-Device-Type
X-Detected-As
X-Is-Bot
X-From
X-Proto
X-Path-Route
X-Hl-Ver
Machine
X-Time
X-S
Vix-Hermes-Req-Id
TWC-Privacy
TWC-Locale-Group
Webcakes-App-Name
X-AWS-Id
Webcakes-Region
Webcakes-App-Version
We-Hiring
TWC-GeoIP-LatLong
Mail-Subject
L5d-Success-Class
Access-Control-Request-Headers
NGX
Property-Id
TWC-GeoIP-Country
TWC-Device-Class
X-Backend-Name
X-Cache-Config
X-VWS-Id
X-R9-Blue-Green-Version
X-Proxy
X-Rocket-Nginx-Bypass
X-Tb
X-VG-TLSProxy
X-Time-Microsecs
X-Origin-Hint
X-NCache
X-FC-Vary-Parameters
X-FB-TRIP-ID
X-Environment-Context
X-FW-Version
X-Hosted-By
X-LJ-Flow-ID
X-L-Path
X-Seen-By
TWC-Connection-Speed
X-Cache-Server
Azure-SiteName
Azure-SlotName
Azure-Version
S-Rt
Azure-InstanceId
X-EIG-Tracking-Id
X-ServerID
X-Section
X-Web-Node
Origin-Cache-Control
Origin-Edge-Control
Xserver
X-Access
DB-Nickname
X-Akamai-Request-ID
X-Format
Azure-RegionName
X-Loop
X-Labrador-Cache-Channel
X-Viewer-Country
X-Tumblr-Pixel-3
X-TNCMS
X-Origin-Response-Time
X-MP-GENERATED-AT
X-OCL
X-JoinUs
Selected-FE
X-Proxy-Build
X-Vgn-Hpd-Reason
X-IP
X-RCS-CacheZone
Now
X-Via-CDN
X-Human
X-PCL
X-Timing-Wait
X-Debug-Cache
NtCoent-Length
X-Trace-Id
X-Grey
X-Via-Fastly
X-Internal-Host
X-Generated
X-BYPASS-REASON
X-Www-Served-By
Uber-Trace-Id
X-Cache-Category-Id
X-ProxyCache-Key
X-ProxyCache-Status
Cache-Tag
Datacenter
X-UnsetCookies
X-UA
Content-Script-Type
Content-Style-Type
X-Xfnlog-Site
X-CCM
X-Dynatrace-Js-Agent
X-VC-Cache
X-Site-Version
Release
X-Rule
X-APP-VERSION
X-Varnish-Cacheable
Decoy-Debug-Status
X-Status
Decoy-Debug-Key
X-Endurance-Cache-Level
Decoy-Debug-TTL
X-EdgeConnect-Cache-Status
Served-By
X-Birta-Cache-Post
X-Birta-Served
X-TIME
X-B3-Spanid
Nel
DSUID
X-CDN-Cache
X-Request-Time
X-OVcl
X-OVcl-Cache
X-Cluster-Node
X-Origin
X-NewRelic-App-Data
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Nginx-Cache
X-VCT
AsisCache
X-Hit
Pagespeed
X-App-Name
Rt-Fastcgi-Cache
SRV
X-ApacheServer
X-PERF
Hostname
Cteonnt-Length
X-Newrelic-App-Data
X-Ua
X-Source
Cache
X-GRACE
X-Agile-Id
X-Agile
X-Agile-Age
X-Pubstack
X-Cache-Host
X-Origin-Host
X-Sucuri-ID
Cache-Name
X-Origin-CC
X-ElasticPress-Search
X-Origin-TTL
Arc-Country
Cache-Prefix
BehaviorPad-Version
Lfy
Thinkindot-Control
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
UCS
Www
X-A-Ccd
X-A
Server-Surrogate-Control
Server-Host
Rendered-Blocks
Origin
Request-Country
Request-EU
Server-Cache-Control
Request-Time
X-A-Dcw
X-A-Dgt
X-Application
X-Aed
Fly-Request-Id
Fly-Cache
Ec-Rule-Version
X-ARC
X-Accel-Expires-Debug
X-A-Wwc
Node
On-Server
Meta-Geo-Continent
Memcached
FNAC-ModuleRouting
MD5-Digest
Cross-Origin-Window-Policy
X-Debug-Cache-Expiry
X-Rewrite-Enabled
X-Request-UUID
X-Rojux
X-S-Cookie
X-Secret
X-ScT
X-Region-Sid
X-Refresh
X-NU-AKA-ACS-Version
X-NodeID
X-NX-Host
X-PAYTM-SRV-ID
X-Reboot
X-Processor
X-Server-Group
X-Server-Time
X-Var-Ttl
X-Up
X-Varnish-Authentication
X-VG-WebServer
Xc-Version
X-Webstats-RespID
X-Twitter-Response-Tags
X-Trv-Group
X-Sn-Servicetimems
X-ServiceProvider
X-SRCache-Key
X-Thinkindot-L3
X-Transaction
X-Mobile-URL
X-Matched-Rule
X-D
X-Core-Value
X-Date
Ajk
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-Connection-Hash
X-CF-Lambda-Version
X-Cache-Expires
X-Cache-ASPX
X-Cache-Grace
X-Cache-Info
X-CF-Lambda-Fn
X-Cdn-Origin
X-Debug-Cookies
X-Debug-Log
X-Hp-Webp
X-Generated-In
X-IN-APIGATEWAY
X-IN-WAF
X-Logtrace-Id
X-Instart-Isnd
X-Gannett-Site-Version
X-G
X-Developer
X-Destination
X-DPWN-IS-SECURE
X-External-Request-Id
X-F5-Cache
X-B-Cookie
X-A-Dam
X-Geo
X-WPE-Loopback-Upstream-Addr
User-Cache-Control
X-Varnish-Ttl
X-Cache-Backend
X-Eu-Site
X-ND-Cache
Proxy-Connection
X-Cache-Bucket
X-Amzn-Remapped-Date
X-Amzn-Remapped-Connection
X-Servername
X-Amzn-Remapped-Content-Length
X-Fetched-On
X-PHP-Host
X-Hnp-Log
X-Sedo-Request-Id
X-Apm-Svc-Key
X-Hash
Pagetype
X-Apm-App-Name
X-Gen-Mode
X-Apm-Inst-Hash
Pramga
X-Distributor
Web-Mar-Node
V-Age
X-Crawler
ViewerVersion
X-Cache-Id
X-Swa-Ws
X-Cdn-Srv
X-Cache-Miss-From
X-CGP
X-SN
X-Developers
Server-Int
X-Info
X-SIPLIST1
X-Distil-CS
ServerName
X-Cache-Debug
Rt-Proxy-Cache
X-Dispatcher-Server
X-Epic-Correlation-Id
X-Irp-Debug
X-Qloud-Router
Country-Code
Apple-News-Services-Handled
X-Origin-Expires
X-Origin-Date
X-Wix-Request-Id
Fastly-SIE
X-RateLimit-Limit-Second
X-Policy
X-Platform
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Backend
Cache-Cookie-Set-From
CDCHOST
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
Fastly-SWR
X-Nginx-Cache-Key
X-LI-UUID
IsBot
X-Location
X-Rebelmouse-Surrogate-Control
X-LI-Proto
X-Li-Pop
X-Key
X-LAGOON
X-Request-URI
X-Li-Fabric
X-Block-Status
X-Micro-Cache
Gh-Request-Id
X-RateLimit-Remaining-Second
X-Rebelmouse-Cache-Control
Ha-Gx-Prefs
HA-Ipaddr
X-FireWall-Port
X-Bip
X-C
X-Variation
X-Cache-FS-Status
X-BBXSRF
X-Gateway-Skip-Cache
X-MSEdge-Features
X-S-Maxage
X-GeoIP-Country-Code
X-MSEdge-Flight
X-No-Session
X-Page-Type
Warning
X-Gateway-Cache-Status
X-Gateway-Cache-Key
X-Device-Os
X-Skip-Cache
X-Core-Mission
X-Exp-Se
X-Fastly-Cache
X-Server-IP
X-Sf
X-Thanos
X-Backend-Url
X-Wikidot-Backend
X-Wikidot-Static-Cache
RNT-Time
X-Served-From
Fastly-SSL
RNT-Machine
Is-Eu
SD-X-WS
True-Client-Country-4JS
AKAMAI
X-Generated-On
REQUESTUUID
X-Geo-Header
Heartbleed
X-GeoIP-City
X-Planisys-CDN-Rules
X-Org
Fastly-Soc-X-Request-Id
X-Planisys-CDN-TTL
X-Planisys-CDN-Cache
X-Level-Front-Cache
X-Auto-Login
Adler-Geo
Platform
X-Backend-Host
X-Protected-By
X-Amz-Meta-Cache-Control
X-Via-SSL
X-User
Content-Disposition
X-Backend-State
X-Via-Edge
X-B3-Parentspanid
X-GZip
X-ShardId
X-CDN-Forward
X-ShopId
X-Shopify-Stage
Kp-EeAlive
X-Sorting-Hat-PodId
X-Cms-Context
X-Alternate-Cache-Key
X-Sorting-Hat-ShopId
X-Owner
X-RateLimit-Reset
X-Git-Hash
X-Host-Name
X-Real-Ip
HTTPS
X-Ocache
X-BB-ID
X-App-Version
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
MIME-Version
X-Edge-Location
X-Daa-Tunnel
X-Wix-Server-Artifact-Id
VivaBuild
X-Sucuri-Cache
Viewtype
Wxu-Next-Hostname
Wxu-Next-Region
X-Proxy-Cache-Status
X-Proxy-Upstream
Wxu-Next-Commit
X-FPC
Server-ID
AR-SID
X-TrackingId
X-TT-LOGID
X-NC
Fastly-Backend-Name
Magicmarker
X-Load-Cache
N-Cache
X-Varnish-Url
X-Aicache-OS
X-Edge-IP
X-Gdpr
X-Cdn-Forward
X-Dc
User-Agent
X-Pjax-Url
X-Parent-Response-Time
X-Release
X-Node-Id
Time
Memory
CF-IPCountry
X-CSRF-TOKEN
X-TH-Server
X-WebServer
X-Upstream-CT
X-Varnish-Beresp-Ttl
X-Upstream-HT
X-DC
X-Nc
X-CUA
X-HS-Cache-Config
X-Servedbyhost
Powered-By
X-CACHE-KEY
PICS-Label
X-Phone
Resin-Trace
HostName
X-Wa
X-Instart-Info
X-Oss-Object-Type
X-Oss-Server-Time
X-Oss-Request-Id
X-Oss-Hash-Crc64ecma
X-Oss-Storage-Class
Pragrma
X-Varnish-Beresp-TTL
X-Returned-From-PostProcessResponse
X-Returned-From-DLL
X-Returned-From-BeforeDispatch
X-Returned-From
X-Actual-URL
X-Svr
X-Request-Handler-Origin-Region
X-Microsite
X-Stale
X-Server-By
X-Passed-To
X-Passed-To-BeforeDispatch
X-Passed-To-DLL
X-Passed-To-PostProcessResponse
Host-ID
Backend-Name
X-Original-Request
Mime-Version
X-Newrelic-Synthetics
Section-Io-Cache
X-From-Cache
X-Tb-Optimization-Total-Bytes-Saved
X-VServer
X-Croise-Owner
X-Lb-Id
X-Worker
Version
X-Cache-HT
X-Optimization
409pxxline
178proxuri
Cdn-Host
Cdn-Request-Time
X-Server-W
355prline
X-Edge-Server
Xxline
352pxline
219prxHost
286prxHost
188prxHost
189phosttRef
225prxHost
Cf-Ipcountry
XServer
ProcessTime
X-APP
CF-Cached-On
X-Akamai-Request-ID2
X-Atg-Version
Accept-Language
Processtime
Cdn
X-SERVER-NAME
SID
X-Fastly-Backend-Reqs
X-Req
X-Zone
X-Microcachable
Esi-Enabled
X-Unique-ID
X-ID
X-Ratelimit-Remaining
X-LB-ID
X-Contensis-Viewer-Groups
X-VCL-Version
X-Vcl-Version
Proxy-Firewall
X-Ratelimit-Limit
X-CACHE-AGE
X-CLOUD-TRACE-CONTEXT
GeoIP-Country-Code
X-V
X-AssetVersion
GeoIP-Latitude
X-B3-SpanId
GeoIP-City
Odigeo-Trace-Id
X-IPS-LoggedIn
X-Vtex-Remote-Cache
X-Vtex-Processado-Em
X-NGINX-Cache
X-UPSTREAM-Address
X-WA
X-Vcache
SN
X-HTML-Minification-Powered-By
X-ZONE
X-RequestId
X-Reqid
Locale
X-Via-NSCOPI
X-Nananana
X-CSRF-Token
Fastcgi-Useragent
X-Fstrz
X-URL
X-Urbn-Context-Path
X-Urbn-Site-Id
Pics-Label
X-HS-Status
X-Check-Cacheable
X-WR-MODIFICATION
X-Be
CDN
X-ServedByHost
X-Backend-TTL
Geoip-Latitude
GeoIp-Country-Code
X-Response-By
DataCenter
X-Cache-Ttl
X-Flog
X-ABtesting
X-Hyper-Cache
GMS-Ver
X-NWS-UUID-VERIFY
Dnion-Transfer-Encoding
IBM-Web2-Location
X-Hello
Geoip-City
X-Datadome
X-Dynatrace
X-Via-Ucdn
X-Ratelimit-Reset
X-Request-Start
X-Fastly-Country-Code
X-Generation-Time
X-Render-Time
X-NGENIX-Cache
X-Cdn-Cache
WP-Super-Cache
X-GDPR
WebServer
Requestid
X-CS
Fastcgi-X-Cache-Version
X-Cluster-Name
X-LiteSpeed-Cache-Control
X-PJAX-URL
X-Unique-Id
Public-Key-Pins-Report-Only
X-Cache-URL
URI
X-HS-Combine-CSS
GW-Server
Lb
WZWS-RAY
X-Amz-Meta-Surrogate-Control
X-Presslabs-Stats
X-HostName
Dynatrace
X-SRV
FastCGI-Cache
Amp-Access-Control-Allow-Source-Origin
X-FORWARDED-FOR
X-Clientip
X-We-Are-Hiring
Serverid
X-Gen-Id
X-UE-Client-Country
X-Fpc
Mobile-Detection-Method
Countrycode
GEO-REGION-INFO
Who
X-Varnish-Action
X-Compress-Hint
Cneonction
X-Pf-Uncompressing
X-Got-Non-Ke-Cookie
X-Bug-Bounty
Epwk-Cache
X-Store
Https
SS
X-LiteSpeed-Tag
Ohc-File-Size
X-BE
Server-Id
X-Test
A
X-GEO
Is-Session-Tracking
Get-Access-Time
Cache-Provider
RequestId
X-PAGE-TYPE
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Cdn-Request-ID
X-HTML-Edge-Cache
X-Request-Url
X-EC-Lua
X-Fastly-Cache-Hits
X-Html-Edge-Cache
X-ServerName
Frontcache
NnCoection
X-Dw-Trace-Id