Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
X-Powered-By
Link
ETag
CF-RAY
X-XSS-Protection
Expect-CT
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
CF-Cache-Status
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-Xss-Protection
X-Drupal-Cache
X-Adblock-Key
Alt-Svc
X-Check
X-Cacheable
X-Cache-Status
Content-Security-Policy-Report-Only
X-Generator
X-Request-ID
CF-Ray
X-DNS-Prefetch-Control
X-Permitted-Cross-Domain-Policies
X-AspNetMvc-Version
X-Template
X-Language
Status
X-Iinfo
Content-Encoding
Timing-Allow-Origin
X-FRAME-OPTIONS
X-Content-Security-Policy
X-Buckets
Upgrade
Xkey
X-Turbo-Charged-By
X-CDN
X-Kinja-Server-Push
Keep-Alive
Access-Control-Expose-Headers
X-Backend
Access-Control-Max-Age
X-Cache-Group
X-Pass-Why
X-AH-Environment
X-Drupal-Dynamic-Cache
X-Age
X-Ua-Compatible
X-Server
X-Pingback
X-Via
X-Proxy-Cache
Grace
X-Amz-Request-Id
X-Amz-Id-2
X-Hacker
X-Varnish-Cache
X-Page-Speed
X-Robots-Tag
X-Server-Powered-By
X-Nginx-Cache-Status
WPE-Backend
X-UA-Device
EagleId
Request-Context
X-Envoy-Upstream-Service-Time
P3p
Cf-Railgun
X-Amz-Version-Id
X-LiteSpeed-Cache
X-Swift-SaveTime
X-Swift-CacheTime
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
Ali-Swift-Global-Savetime
X-Device
X-WebKit-CSP
X-OneAgent-JS-Injection
Server-Timing
Allow
X-Ac
X-Rq
X-Node
X-Host
X-Server-Id
Content-Location
Feature-Policy
X-Cnection
X-Response-Time
X-CST
Report-To
X-Backend-Server
X-Cloud-Trace-Context
EagleEye-TraceId
X-Application-Context
Surrogate-Control
X-ORACLE-DMS-ECID
X-Iejgwucgyu
X-Url
X-Origin-Cache
X-Readtime
Request-Id
X-Rack-Cache
X-Country
X-FTR-Request-ID
X-Type
X-Cache-Lookup
X-Clacks-Overhead
X-Country-Code
Rating
X-Instart-Request-ID
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
NEL
X-Vhost
X-DynaTrace
Pinterest-Generated-By
X-Ruxit-JS-Agent
X-DataDome
X-Mod-Pagespeed
X-Origin-Upstream-Status
Edge-Control
X-Px
X-Goog-Hash
X-HW
Verso
X-Server-Name
Accept-CH
X-Upstream-Env
X-Dispatcher
X-ESI
X-Cdn
MS-Author-Via
AR-ATIME
AR-PoweredBy
AR-CACHE
X-VARITI-CCR
PB-PID
X-Mobile-Rewrite
PB-RID
Arc-Version
X-MS-InvokeApp
X-GitHub-Request-Id
X-Cdn-Fetch
X-Exp-Id
X-Kinja
X-GoogleNews-Bot
X-Exp-Variant
X-Kinja-Revision
X-Kinja-Build
X-Use-Magma
X-Kinja-Server
X-DataStream-Cache-Status
X-ORACLE-DMS-RID
X-Cached
Public-Key-Pins
X-Powered-By-Plesk
X-Version
Content-MD5
Service-Worker-Allowed
Charset
X-Recruiting
AR-Request-ID
RTSS
Accept-CH-Lifetime
Ar-Sid
X-Abt-Application-Version
X-D2id
X-TTL
X-Navigation-Version
X-Amz-Server-Side-Encryption
X-TtlSet
X-Vname
X-PC
X-Ser
X-Varnish-TTL
X-SRCache-Fetch-Status
X-Vcap-Request-Id
X-SRCache-Store-Status
X-Forwarded-Proto
X-Client-IP
X-Trace
SPRequestGuid
Nginx-Cache
X-DynaTrace-JS-Agent
X-Server-ID
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-Backend
X-FTR-DC
X-FTR-Realm
X-FTR-Cache-Status
X-Country-Code-Real
X-FTR-Expires
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-Oracle-Dms-Rid
S
X-Amz-Meta-S3cmd-Attrs
X-Amz-Rid
DynaTrace
X-VCache
X-SharePointHealthScore
X-Fastly-Request-ID
X-Debug
TCN
X-Hits
X-Dw-Request-Base-Id
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
Arr-Disable-Session-Affinity
X-Pinterest-Rid
X-Upstream-Proxy
Pinterest-Version
X-Shield-Request-Id
X-Akam-SW-Version
SPIisLatency
SPRequestDuration
X-XRDS-Location
Access-Control-Request-Method
X-Powered-CMS
X-T
X-FTR-Cache-Host
X-Goog-Storage-Class
X-Ttl
X-Id
Realpath
X-Aspnet-Version
X-NF-Request-ID
X-Acc-Meta-Resource-Type
X-MSEdge-Ref
Tracecode
Front-End-Https
X-Amzn-Trace-Id
X-Webkit-CSP
X-N
X-B3-TraceId
Fastcgi-Cache
X-Dns-Prefetch-Control
X-Varnish-Age
X-Content-Type
X-Forwarded-For
Paypal-Debug-Id
X-Upstream
Mrf-Cache-Status
X-Mrf-Section-Lastmod
X-B3-TraceId-Primal
X-Mrf-Item-Lastmod
MRF-Tech
Alternate-Protocol
X-Fastcgi-Cache
X-Frontend
X-Logged-In
X-RateLimit-Remaining
X-PressLabs-Stats
X-Content-Digest
X-HS-Hub-Id
X-HS-Content-Id
Fusion-Source
Fusion-Content-Id
Fusion-Component-Id
Fusion-Content-Source
Fusion-Template-Id
X-Litespeed-Cache
Response
X-Middleton-Response
X-Sol
Display
X-Middleton-Display
X-Cache-Key
X-Hostname
X-Srv
X-B3-Traceid
AMP-Access-Control-Allow-Source-Origin
X-Pad
X-Accel-Expires
Host
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
X-SERVER
MicrosoftSharePointTeamServices
Server-Name
X-Kinsta-Cache
Backend-Timing
X-Correlation-Id
X-Analytics
X-LB-Cache
X-AppVersion
X-Az
X-Content-Options
X-Debug-Info
X-Revision
X-Activity-Id
X-User-Agent
X-Rid
X-Amzn-RequestId
X-Amz-Apigw-Id
X-B3-Sampled
X-IPLB-Instance
Surrogate-Key
X-Cache-Hit
Accept-Charset
FilterID
X-Cache-2
X-Grace
ServerID
X-Ruxit-Js-Agent
Refresh
X-B
Powered-By-ChinaCache
X-CF-Powered-By
X-Accel-Buffering
X-Page-Id
X-DIS-Request-ID
X-Request-Received
X-Whom
X-Request-Processing-Time
Server-Info
TP-L2-Cache
TP-Cache
MS-CV
Host-Header
X-PHP-Backend
Cache-Status
X-Varnish-Backend
X-Cached-By
X-App-Environment
X-Content-Security-Policy-Report-Only
X-Origin-Server
X-TT
X-Amz-Replication-Status
X-Akamai-Edgescape
VIX-Pulpo-Node
Source
X-F-Cache
VIX-Pulpo-Upstream-Status
X-Cache-Action
X-Platform-Server
X-Mobile
X-Framework
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Cluster
X-UA-Device-Type
X-Tumblr-User
X-Content-Powered-By
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
Access-Control-Allow-Method
X-Varnish-Grace
X-Drupal-Cache-Tags
X-Request-Guid
X-FW-Hash
X-FW-Static
X-FW-Server
X-FW-Serve
X-Instance
X-FW-Type
X-FB-Debug
PageSpeed
X-Forwarded-Host
X-FastCGI-Cache
X-RateLimit-Limit
X-Geo-Country
Edge-Cache-Tag
X-Zen-Fury
X-Oneagent-Js-Injection
X-Cache-TTL
X-TA-CDN-Provider
X-Node-Name
X-Shard
X-SS-Set-Cookie
X-Ezoic-Cdn
X-Magnolia-Registration
X-Handled-By
From-Origin
X-GUploader-UploadID
X-Varnish-Hostname
X-ATG-Version
X-Cache-Age
Cache-Tags
Fastly-Restarts
X-XRDS-LOCATION
X-BCube-Filmed-By
X-AOL-HN
X-Varnish-Server
X-Cache-Control
X-App-Server
DC
Cleartype
Healthy
X-Cache-Rule
Upgrade-Insecure-Requests
Payment
Server-Node
X-B-Cache
X-Region
Filters
X-RequestSource
X-Response-Served-From
X-Signature
X-Adobe-Loc
X-Adobe-Content
X-WebKit-CSP-Report-Only
X-TX-ID
Country
X-RTag
X-TT-TIMESTAMP
X-Tumblr-Pixel-2
X-UUID
X-Tumblr-Pixel-1
X-Redis-Cache
CACHE
X-VG-WebCache
X-GeoIP
Webserver
Ms-Operation-Id
X-Storage
Retry-After
Actual-Object-TTL
X-Generated-By
X-FW-Dynamic
Cache-Tv-Group
X-Jobs
X-Drupal-Cache-Contexts
X-Cacheable-TTL
X-Content-Age
Powered
X-Locale
X-Varnish-Hits
NGB
GEO-INFO
ServedBy
Frame-Options
Liferay-Portal
X-Contextid
X-Guploader-Uploadid
X-WA-Info
HitType
X-Rendered-As
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Cache-TTL-Remaining
X-Varnish-IP
X-Cache-NE
X-Seen-By
Eomportal-Instance
X-RemovedCookies
X-ProcessESI
Nel
S-Cnection
X-Via-JSL
Viewport
X-Real-IP
X-Upgrade-Enabled
X-BACKEND-TTL
X-Esi
X-Cache-Operation
NtCoent-Length
Xserver
X-Mode
X-Cache-Server
X-Varnish-Cache-Hits
Cache-Hits
Cache-Key
Mn-Server-Ip
Meta-Geo
X-Hl-Ver
OT-Force-Account-Verify
X-Cache-Var-Map
X-RN-RSRV
X-Detected-As
X-ES-SERVER
X-Routing-Service
X-Zipkin-Id
X-Device-Type
X-Proxied
X-Proto
Machine
X-Cache-Var
X-Path-Route
X-From
X-Is-Bot
X-Cache-Enabled
Load-Balancing
Content-Script-Type
X-S
Content-Style-Type
X-Akamai-Transformed
X-Time
NGX
Mail-Subject
X-FC-Vary-Parameters
Property-Id
X-Environment-Context
X-FB-TRIP-ID
X-L-Path
X-Origin-Hint
X-Proxy
X-LJ-Flow-ID
TWC-Connection-Speed
L5d-Success-Class
X-Hosted-By
TWC-GeoIP-LatLong
Webcakes-Region
Webcakes-App-Version
X-AWS-Id
X-Backend-Name
X-Cache-Config
Webcakes-App-Name
We-Hiring
X-Rocket-Nginx-Bypass
TWC-GeoIP-Country
TWC-Locale-Group
TWC-Privacy
Vix-Hermes-Req-Id
TWC-Device-Class
Access-Control-Request-Headers
X-Tb
X-VWS-Id
X-VG-TLSProxy
X-NWS-LOG-UUID
X-Viewer-Country
Datacenter
Azure-SlotName
Azure-SiteName
Azure-InstanceId
X-Labrador-Cache-Channel
X-TNCMS
Azure-Version
Azure-RegionName
DB-Nickname
X-Format
X-Tumblr-Pixel-3
Now
Origin-Cache-Control
X-Vgn-Hpd-Reason
Origin-Edge-Control
S-Rt
X-Loop
X-Section
X-Access
X-FW-Version
X-Debug-Cache
X-Akamai-Request-ID
X-Birta-Cache-Post
X-Birta-Served
X-ServerID
X-EIG-Tracking-Id
X-NCache
X-MP-GENERATED-AT
X-Web-Node
X-Origin-Response-Time
X-Time-Microsecs
X-R9-Blue-Green-Version
X-RCS-CacheZone
X-BYPASS-REASON
X-Via-Fastly
X-Xfnlog-Site
Selected-FE
X-Via-CDN
X-CCM
X-Trace-Id
X-Timing-Wait
X-Human
X-PCL
X-IP
X-JoinUs
X-OCL
X-Proxy-Build
X-ProxyCache-Key
X-ProxyCache-Status
X-Www-Served-By
X-Site-Version
X-Generated
X-Endurance-Cache-Level
LB
Uber-Trace-Id
Cache-Tag
X-Cache-Category-Id
X-Internal-Host
X-Grey
X-Cache-Remote
X-Varnish-Cacheable
Decoy-Debug-Status
X-Status
Decoy-Debug-TTL
Decoy-Debug-Key
X-VC-Cache
X-UA
X-Dynatrace-Js-Agent
X-GRACE
Served-By
X-Newrelic-App-Data
X-UnsetCookies
X-Rule
X-Wix-Server-Artifact-Id
X-EdgeConnect-Cache-Status
Release
X-TIME
X-CDN-Cache
AsisCache
X-Cluster-Node
X-Wix-Request-Id
ViewerVersion
Rt-Fastcgi-Cache
X-APP-VERSION
X-Origin-Host
X-Request-Time
X-B3-Spanid
X-Sucuri-ID
X-App-Name
X-Nginx-Cache
X-NewRelic-App-Data
X-PERF
X-ApacheServer
X-Source
X-Goog-Meta-Goog-Reserved-File-Mtime
X-OVcl
X-Origin
X-Agile-Id
X-Agile
X-OVcl-Cache
X-Hit
X-Agile-Age
X-Ua
X-VCT
DSUID
Hostname
Cache-Name
SRV
X-App-Version
Warning
User-Agent
X-Origin-CC
X-Origin-TTL
X-ElasticPress-Search
X-Application
X-A-Ccd
X-A-Dam
X-Varnish-Authentication
X-A
Www
X-Cache-ASPX
X-B-Cookie
X-A-Dcw
Thinkindot-Control
X-A-Wwc
X-VG-WebServer
X-Var-Ttl
X-Accel-Expires-Debug
X-A-Dgt
X-Aed
X-ARC
Request-EU
FNAC-ModuleRouting
Fly-Request-Id
Lfy
MD5-Digest
Memcached
Fly-Cache
Ec-Rule-Version
Arc-Country
BehaviorPad-Version
Cache-Prefix
Cross-Origin-Window-Policy
Meta-Geo-Continent
Node
Server-Surrogate-Control
Server-Cache-Control
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
Xc-Version
Request-Time
X-Cache-Expires
On-Server
Origin
Rendered-Blocks
Request-Country
X-Webstats-RespID
X-Cache-Miss-From
X-Logtrace-Id
X-Date
X-Instart-Isnd
X-IN-WAF
X-Debug-Cache-Expiry
X-Matched-Rule
X-Mobile-URL
X-NX-Host
X-PAYTM-SRV-ID
X-D
X-NU-AKA-ACS-Version
X-NodeID
X-IN-APIGATEWAY
X-Debug-Cache-Fetch
X-Debug-Log
X-Debug-Cookies
Ajk
X-Destination
X-Developer
X-External-Request-Id
X-F5-Cache
X-Generated-In
X-Hp-Webp
X-Debug-Cache-Store
X-Gannett-Site-Version
X-G
X-Platform
X-Processor
X-ServiceProvider
X-SRCache-Key
X-Server-Group
X-Sedo-Request-Id
X-Secret
X-Thinkindot-L3
X-DPWN-IS-SECURE
X-Trv-Group
X-Twitter-Response-Tags
X-Transaction
X-Cache-Grace
X-Cache-Info
X-ScT
X-S-Cookie
X-Connection-Hash
X-Refresh
X-Core-Value
X-Reboot
X-Pubstack
X-Region-Sid
X-Request-UUID
X-Rojux
X-CF-Lambda-Fn
X-Rewrite-Enabled
X-CF-Lambda-Version
X-Up
UCS
X-Varnish-Ttl
X-Cache-Backend
User-Cache-Control
X-CGP
X-Crawler
X-Cdn-Srv
X-Cache-Id
X-Cache-Host
X-Eu-Site
X-Developers
X-Distil-CS
X-Distributor
X-Dispatcher-Server
X-Ah-Environment
X-Device-Os
X-Epic-Correlation-Id
X-Cache-Bucket
ServerName
True-Client-Country-4JS
Server-Int
RNT-Time
Proxy-Connection
RNT-Machine
Web-Mar-Node
X-Amzn-Remapped-Connection
X-BB-ID
X-Block-Status
X-Edge-Location
X-Amzn-Remapped-Date
X-Amzn-Remapped-Content-Length
X-Gen-Mode
X-Hash
X-Policy
X-Protected-By
X-PHP-Host
X-Page-Type
X-Origin-Date
X-Origin-Expires
X-Proxy-Cache-Status
X-Proxy-Upstream
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Qloud-Router
X-Nginx-Cache-Key
X-Micro-Cache
X-Info
X-Irp-Debug
X-Request-URI
Server-Host
X-Hnp-Log
X-Real-Ip
X-Key
X-LAGOON
X-LI-UUID
X-Location
X-LI-Proto
X-Li-Pop
X-Li-Fabric
Pramga
X-Cache-Debug
X-SIPLIST1
X-SN
Fastly-SWR
Fastly-SIE
Ha-Gx-Prefs
IsBot
X-Sf
X-Ocache
Kp-EeAlive
X-Swa-Ws
Country-Code
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Apple-News-Services-Handled
Backend
Cache-Cookie-Set-From
CDCHOST
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
X-Servername
HA-Ipaddr
Pagetype
Cteonnt-Length
X-FireWall-Port
Pagespeed
X-WPE-Loopback-Upstream-Addr
X-Datadome
X-Gateway-Cache-Status
X-Gateway-Cache-Key
X-Gateway-Skip-Cache
X-Geo-Header
X-Sucuri-Cache
X-GeoIP-Country-Code
X-GeoIP-City
X-Fetched-On
X-Skip-Cache
X-TrackingId
Is-Eu
X-Core-Mission
X-Cms-Context
HTTPS
Heartbleed
X-Fastly-Cache
X-Shopify-Stage
X-ShopId
X-Generated-On
Gh-Request-Id
Platform
X-Via-SSL
SD-X-WS
Adler-Geo
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
AKAMAI
X-Thanos
X-Via-Edge
X-Planisys-CDN-TTL
X-No-Session
X-MSEdge-Flight
Fastly-Soc-X-Request-Id
Fastly-SSL
X-ShardId
X-Variation
X-Sorting-Hat-ShopId
X-Wikidot-Static-Cache
X-MSEdge-Features
X-Wikidot-Backend
Content-Disposition
X-Sorting-Hat-PodId
X-Level-Front-Cache
X-Backend-Url
X-Backend-State
X-BBXSRF
X-Bip
X-C
X-Auto-Login
X-TT-LOGID
X-Server-IP
X-S-Maxage
X-Alternate-Cache-Key
X-Amz-Meta-Cache-Control
X-User
X-Cache-FS-Status
X-Backend-Host
X-Edge-IP
X-GZip
V-Age
X-Varnish-Url
X-Server-Time
X-Cdn-Origin
X-Apm-App-Name
X-Cdn-Forward
X-Apm-Inst-Hash
X-RateLimit-Reset
Magicmarker
X-Varnish-Beresp-Grace
X-Owner
X-Varnish-Beresp-Status
X-Sn-Servicetimems
N-Cache
Fastly-Backend-Name
X-Apm-Svc-Key
Cache
X-Exp-Se
REQUESTUUID
X-ND-Cache
X-Geo
Rt-Proxy-Cache
Server-ID
X-CDN-Forward
X-NC
X-FPC
X-Org
X-Node-Id
MIME-Version
X-Served-From
VivaBuild
X-Pjax-Url
X-B3-Parentspanid
Viewtype
X-Gdpr
X-Dc
X-Load-Cache
Powered-By
X-Varnish-Beresp-Ttl
X-CUA
X-Aicache-OS
Wxu-Next-Commit
HostName
Pragrma
X-Git-Hash
Wxu-Next-Region
X-Parent-Response-Time
X-Nc
Wxu-Next-Hostname
Section-Io-Cache
X-Passed-To-DLL
X-Actual-URL
PICS-Label
X-Passed-To
X-Returned-From-DLL
X-Passed-To-BeforeDispatch
X-Original-Request
X-Stale
X-Server-By
Memory
X-Returned-From-BeforeDispatch
X-Passed-To-PostProcessResponse
X-CSRF-TOKEN
Time
X-Returned-From-PostProcessResponse
X-Returned-From
X-Svr
X-DC
X-Host-Name
X-VServer
Host-ID
CF-IPCountry
X-HS-Cache-Config
X-Croise-Owner
X-CACHE-KEY
X-Release
X-Servedbyhost
Cdn-Host
Cdn-Request-Time
Mime-Version
X-Edge-Server
X-Wa
X-Oss-Hash-Crc64ecma
X-Oss-Server-Time
X-Oss-Request-Id
X-Oss-Object-Type
X-Oss-Storage-Class
X-TH-Server
X-WebServer
Resin-Trace
X-Daa-Tunnel
X-Tb-Optimization-Total-Bytes-Saved
X-Varnish-Beresp-TTL
X-Unique-ID
X-Optimization
X-Cache-HT
AR-SID
X-Microcachable
SID
X-Lb-Id
ProcessTime
X-Phone
Cf-Ipcountry
X-Upstream-HT
X-Newrelic-Synthetics
Fastcgi-Useragent
X-Upstream-CT
X-Instart-Info
X-From-Cache
Cdn
CF-Cached-On
X-Fastly-Backend-Reqs
X-Req
X-APP
Backend-Name
X-Atg-Version
X-V
X-Worker
XServer
Proxy-Firewall
Processtime
Odigeo-Trace-Id
355prline
352pxline
409pxxline
Xxline
X-Server-W
X-HTML-Minification-Powered-By
225prxHost
178proxuri
X-ID
188prxHost
189phosttRef
X-Vcl-Version
219prxHost
286prxHost
X-B3-SpanId
X-Ratelimit-Remaining
X-Ratelimit-Limit
X-Fstrz
X-Backend-TTL
X-LB-ID
X-WR-MODIFICATION
Version
X-Zone
X-CACHE-AGE
X-CLOUD-TRACE-CONTEXT
X-IPS-LoggedIn
X-Check-Cacheable
X-Nananana
X-Response-By
GMS-Ver
X-Akamai-Request-ID2
X-WA
X-UPSTREAM-Address
Esi-Enabled
X-Vcache
X-NGINX-Cache
Accept-Language
Public-Key-Pins-Report-Only
X-Contensis-Viewer-Groups
SN
X-Microsite
X-ServedByHost
X-Ratelimit-Reset
X-VCL-Version
X-Request-Handler-Origin-Region
X-CSRF-Token
X-AssetVersion
X-URL
Geoip-Latitude
GeoIp-Country-Code
Pics-Label
X-Hyper-Cache
GeoIP-Latitude
WZWS-RAY
GeoIP-City
GeoIP-Country-Code
X-HS-Status
Fastcgi-X-Cache-Version
DataCenter
X-Amz-Meta-Surrogate-Control
X-Vtex-Processado-Em
X-RequestId
X-Be
X-Vtex-Remote-Cache
X-SERVER-NAME
Geoip-City
X-Fastly-Country-Code
GW-Server
X-Dynatrace
X-ZONE
X-Via-NSCOPI
X-Request-Start
Mobile-Detection-Method
X-Via-Ucdn
Countrycode
Locale
X-Urbn-Site-Id
X-Urbn-Context-Path
X-Reqid
X-GEO
X-Clientip
X-We-Are-Hiring
X-UE-Client-Country
X-Render-Time
X-Cdn-Cache
Lb
WP-Super-Cache
X-CS
SS
X-NWS-UUID-VERIFY
X-Hello
X-Flog
X-ABtesting
X-GDPR
URI
X-LiteSpeed-Cache-Control
X-BE
Ohc-File-Size
X-Unique-Id
X-PJAX-URL
IBM-Web2-Location
CDN
Dnion-Transfer-Encoding
FastCGI-Cache
X-SRV
X-FORWARDED-FOR
X-GZIP
Dynatrace
X-HostName
Amp-Access-Control-Allow-Source-Origin
X-Generation-Time
X-Fpc
X-Test
Serverid
FSS-Cache
FSS-Proxy
X-Pf-Uncompressing
X-HS-Combine-CSS
X-PF-Uncompressing
RequestUuid
X-NGENIX-Cache
X-Gen-Id
Cneonction
X-Cache-Ttl
X-Fastly-Cache-Hits
X-Request-Url
Requestid
X-Compress-Hint
X-Cluster-Name
X-Bug-Bounty
X-Html-Edge-Cache
Accept-Ch
A
X-LiteSpeed-Tag
X-Store
Server-Id
X-Akamai-SSL-Client-Sid
Ohc-Cache-HIT
X-Cdn-Request-ID
NnCoection
RequestId
Get-Access-Time
X-ServerName
Is-Session-Tracking
Frontcache
X-Serial
X-HTML-Edge-Cache
X-EC-Lua
X-Dw-Trace-Id
Ohc-Response-Time