Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
X-Powered-By
Link
ETag
CF-RAY
X-XSS-Protection
Expect-CT
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
CF-Cache-Status
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-Xss-Protection
X-Drupal-Cache
X-Adblock-Key
Alt-Svc
X-Check
X-Cacheable
Content-Security-Policy-Report-Only
X-Cache-Status
X-Generator
X-Request-ID
CF-Ray
X-DNS-Prefetch-Control
X-Permitted-Cross-Domain-Policies
X-AspNetMvc-Version
X-Template
X-Language
Status
X-Iinfo
Content-Encoding
Timing-Allow-Origin
X-Content-Security-Policy
X-FRAME-OPTIONS
X-Buckets
Upgrade
Xkey
X-Turbo-Charged-By
X-Kinja-Server-Push
X-CDN
Keep-Alive
Access-Control-Expose-Headers
X-Backend
Access-Control-Max-Age
X-Cache-Group
X-Pass-Why
X-AH-Environment
X-Drupal-Dynamic-Cache
X-Age
X-Server
X-Ua-Compatible
X-Pingback
X-Via
X-Proxy-Cache
X-Amz-Id-2
X-Amz-Request-Id
Grace
X-Hacker
X-Varnish-Cache
WPE-Backend
X-Page-Speed
X-Robots-Tag
X-Server-Powered-By
X-Nginx-Cache-Status
X-UA-Device
EagleId
Request-Context
X-Envoy-Upstream-Service-Time
Cf-Railgun
P3p
X-Amz-Version-Id
X-LiteSpeed-Cache
X-Swift-SaveTime
X-Swift-CacheTime
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-OneAgent-JS-Injection
Ali-Swift-Global-Savetime
X-Device
X-WebKit-CSP
Server-Timing
Allow
X-Ac
X-Rq
X-Node
X-Server-Id
X-Host
Content-Location
Feature-Policy
X-Cnection
X-Response-Time
X-CST
Report-To
X-Backend-Server
X-Cloud-Trace-Context
EagleEye-TraceId
X-Application-Context
Surrogate-Control
X-ORACLE-DMS-ECID
X-Iejgwucgyu
X-Url
X-Readtime
X-Origin-Cache
Request-Id
X-Rack-Cache
X-Country
X-FTR-Request-ID
X-Cache-Lookup
X-Clacks-Overhead
X-Country-Code
X-Type
Rating
NEL
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Instart-Request-ID
X-Ruxit-JS-Agent
Pinterest-Generated-By
X-Vhost
X-DynaTrace
X-Cdn
X-DataDome
X-Mod-Pagespeed
X-Origin-Upstream-Status
Edge-Control
X-Px
X-Goog-Hash
X-HW
X-Server-Name
Verso
X-Dispatcher
Accept-CH
X-Upstream-Env
MS-Author-Via
X-ESI
X-VARITI-CCR
X-ORACLE-DMS-RID
AR-CACHE
AR-PoweredBy
AR-ATIME
PB-PID
Arc-Version
PB-RID
X-Mobile-Rewrite
X-MS-InvokeApp
X-GitHub-Request-Id
X-Cdn-Fetch
X-GoogleNews-Bot
X-Exp-Variant
X-Kinja
X-Kinja-Build
X-Kinja-Server
X-Use-Magma
X-Kinja-Revision
X-Exp-Id
X-DataStream-Cache-Status
X-Cached
X-TTL
Public-Key-Pins
X-Version
X-Powered-By-Plesk
Content-MD5
Service-Worker-Allowed
X-Recruiting
Charset
AR-Request-ID
RTSS
Ar-Sid
Accept-CH-Lifetime
X-D2id
X-Abt-Application-Version
X-Amz-Server-Side-Encryption
X-Vname
X-TtlSet
X-PC
X-Navigation-Version
X-Ser
X-Vcap-Request-Id
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Varnish-TTL
X-Forwarded-Proto
X-Client-IP
X-Trace
SPRequestGuid
Nginx-Cache
X-FTR-DC
X-FTR-Realm
X-FTR-Balancer
X-FTR-Backend
X-FTR-Backend-Server
X-FTR-Cache-Status
X-Country-Code-Real
X-FTR-Expires
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-DynaTrace-JS-Agent
X-Goog-Generation
DynaTrace
X-VCache
X-Server-ID
S
X-Amz-Rid
X-Amz-Meta-S3cmd-Attrs
X-Webkit-CSP
X-Fastly-Request-ID
X-SharePointHealthScore
X-Debug
X-Oracle-Dms-Rid
X-Hits
TCN
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Dw-Request-Base-Id
X-TEC-API-VERSION
Pinterest-Version
X-Pinterest-Rid
X-Upstream-Proxy
Arr-Disable-Session-Affinity
X-XRDS-Location
X-Shield-Request-Id
X-Akam-SW-Version
X-Powered-CMS
SPRequestDuration
SPIisLatency
X-B3-TraceId
X-FTR-Cache-Host
Access-Control-Request-Method
X-T
X-Goog-Storage-Class
Realpath
X-Id
Tracecode
X-Acc-Meta-Resource-Type
X-MSEdge-Ref
X-NF-Request-ID
X-Amzn-Trace-Id
Front-End-Https
X-Aspnet-Version
X-N
Fastcgi-Cache
X-Varnish-Age
X-Content-Type
X-Forwarded-For
Paypal-Debug-Id
X-Dns-Prefetch-Control
X-Upstream
X-Fastcgi-Cache
X-B3-TraceId-Primal
X-Mrf-Item-Lastmod
MRF-Tech
Mrf-Cache-Status
X-Ttl
X-Mrf-Section-Lastmod
Alternate-Protocol
X-Frontend
X-Content-Digest
X-Logged-In
X-HS-Content-Id
X-HS-Hub-Id
X-PressLabs-Stats
Fusion-Template-Id
Fusion-Source
Fusion-Component-Id
Fusion-Content-Source
Fusion-Content-Id
Display
X-Middleton-Response
X-Middleton-Display
X-Sol
Response
X-RateLimit-Remaining
X-Srv
X-Hostname
X-Pad
X-Cache-Key
AMP-Access-Control-Allow-Source-Origin
X-Litespeed-Cache
X-Accel-Expires
Host
MicrosoftSharePointTeamServices
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
Server-Name
X-Kinsta-Cache
X-Analytics
Backend-Timing
X-SERVER
X-Correlation-Id
X-AppVersion
X-Activity-Id
X-Debug-Info
X-User-Agent
X-Revision
X-Az
X-LB-Cache
ServerID
X-B3-Traceid
X-Amzn-RequestId
X-Amz-Apigw-Id
X-IPLB-Instance
X-Content-Options
X-B3-Sampled
X-Rid
X-Cache-Hit
Accept-Charset
Surrogate-Key
FilterID
X-Cache-2
X-Grace
Refresh
X-B
X-CF-Powered-By
Powered-By-ChinaCache
X-Accel-Buffering
X-Page-Id
X-DIS-Request-ID
X-Request-Processing-Time
X-Request-Received
TP-L2-Cache
TP-Cache
X-Whom
MS-CV
Server-Info
Host-Header
X-PHP-Backend
X-Varnish-Backend
Cache-Status
X-TT
X-Cache-Action
X-Akamai-Edgescape
X-Amz-Replication-Status
X-Content-Security-Policy-Report-Only
X-App-Environment
Source
X-Cached-By
X-Tumblr-User
X-Cluster
X-Framework
X-Platform-Server
VIX-Pulpo-Node
X-Origin-Server
X-Tumblr-Pixel
X-Mobile
X-Tumblr-Pixel-0
VIX-Pulpo-Upstream-Status
X-F-Cache
Access-Control-Allow-Method
X-Content-Powered-By
X-Varnish-Grace
X-Kong-Proxy-Latency
X-FW-Hash
X-Kong-Upstream-Latency
X-FW-Static
X-FW-Server
X-FW-Type
X-FW-Serve
X-Request-Guid
X-UA-Device-Type
X-FB-Debug
X-Drupal-Cache-Tags
X-Ruxit-Js-Agent
X-Instance
X-Geo-Country
X-Forwarded-Host
X-Ezoic-Cdn
X-Shard
X-GUploader-UploadID
Edge-Cache-Tag
X-Node-Name
X-Cache-TTL
X-Zen-Fury
PageSpeed
X-Handled-By
X-FastCGI-Cache
X-SS-Set-Cookie
X-RateLimit-Limit
X-Magnolia-Registration
From-Origin
X-TA-CDN-Provider
X-Varnish-Hostname
X-Cache-Age
Fastly-Restarts
Cache-Tags
X-ATG-Version
X-BCube-Filmed-By
X-AOL-HN
X-Varnish-Server
X-Cache-Control
DC
X-Cache-Rule
X-App-Server
Cleartype
X-XRDS-LOCATION
Healthy
Upgrade-Insecure-Requests
Payment
Server-Node
X-RequestSource
X-Response-Served-From
Retry-After
X-Adobe-Loc
Webserver
X-WebKit-CSP-Report-Only
X-Signature
X-Region
X-B-Cache
X-TX-ID
Country
X-Adobe-Content
X-GeoIP
Actual-Object-TTL
X-Redis-Cache
X-TT-TIMESTAMP
Ms-Operation-Id
X-UUID
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-RTag
Filters
X-Storage
X-Jobs
Cache-Tv-Group
Powered
X-FW-Dynamic
X-Generated-By
X-Locale
X-Cacheable-TTL
X-Varnish-Hits
X-VG-WebCache
X-Drupal-Cache-Contexts
X-Content-Age
CACHE
NGB
Frame-Options
GEO-INFO
ServedBy
X-WA-Info
X-Esi
X-Contextid
Liferay-Portal
HitType
X-Oneagent-Js-Injection
X-Rendered-As
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Guploader-Uploadid
X-Cache-NE
X-Cache-TTL-Remaining
X-Varnish-IP
X-ProcessESI
X-RemovedCookies
X-Via-JSL
Eomportal-Instance
X-Seen-By
X-Real-IP
X-Cache-Operation
X-Upgrade-Enabled
Viewport
S-Cnection
Xserver
X-Cache-Server
X-BACKEND-TTL
X-Dynatrace-Js-Agent
X-Time
X-Mode
X-Detected-As
X-Varnish-Cache-Hits
X-Cache-Enabled
X-Cache-Var
X-Cache-Var-Map
X-Device-Type
X-Hl-Ver
X-Path-Route
X-From
Load-Balancing
Cache-Key
OT-Force-Account-Verify
Cache-Hits
X-Proto
X-Proxied
Meta-Geo
Mn-Server-Ip
X-Is-Bot
X-Routing-Service
X-RN-RSRV
X-ES-SERVER
X-Zipkin-Id
Machine
X-S
X-Akamai-Transformed
X-FC-Vary-Parameters
X-L-Path
X-Proxy
X-NWS-LOG-UUID
X-FB-TRIP-ID
X-LJ-Flow-ID
X-Cache-Config
Mail-Subject
NGX
We-Hiring
X-AWS-Id
X-Rocket-Nginx-Bypass
X-Backend-Name
X-Environment-Context
X-Hosted-By
Datacenter
X-VWS-Id
X-Viewer-Country
Content-Style-Type
Content-Script-Type
Azure-SlotName
Webcakes-App-Name
Azure-SiteName
Azure-Version
Access-Control-Request-Headers
X-Akamai-Request-ID
Webcakes-Region
Webcakes-App-Version
Azure-InstanceId
Azure-RegionName
TWC-Privacy
S-Rt
X-R9-Blue-Green-Version
Property-Id
Origin-Edge-Control
Now
X-Time-Microsecs
TWC-Connection-Speed
L5d-Success-Class
DB-Nickname
TWC-Locale-Group
TWC-GeoIP-LatLong
TWC-GeoIP-Country
TWC-Device-Class
Vix-Hermes-Req-Id
X-GRACE
X-Loop
X-VG-TLSProxy
X-Labrador-Cache-Channel
X-MP-GENERATED-AT
X-NCache
X-Vgn-Hpd-Reason
X-Origin-Response-Time
X-Origin-Hint
Origin-Cache-Control
X-RCS-CacheZone
X-EIG-Tracking-Id
X-Web-Node
X-Debug-Cache
X-Tb
X-TNCMS
X-FW-Version
X-ServerID
X-Tumblr-Pixel-3
X-Proxy-Build
X-Timing-Wait
X-ProxyCache-Status
X-ProxyCache-Key
Selected-FE
X-Via-CDN
X-Access
X-BYPASS-REASON
X-Xfnlog-Site
X-Trace-Id
X-Format
X-Human
X-Via-Fastly
X-JoinUs
X-IP
X-CCM
X-Section
X-Cache-Remote
NtCoent-Length
X-Site-Version
X-OCL
X-PCL
X-Internal-Host
X-Grey
X-Cache-Category-Id
X-Generated
X-Www-Served-By
Uber-Trace-Id
Cache-Tag
X-Birta-Cache-Post
X-Birta-Served
X-VC-Cache
X-Endurance-Cache-Level
X-Newrelic-App-Data
LB
X-Status
Decoy-Debug-Status
Decoy-Debug-TTL
Decoy-Debug-Key
Served-By
X-Varnish-Cacheable
X-Rule
X-UnsetCookies
X-UA
X-EdgeConnect-Cache-Status
Release
X-Wix-Server-Artifact-Id
X-CDN-Cache
AsisCache
X-TIME
X-Cluster-Node
Nel
ViewerVersion
X-Wix-Request-Id
X-Request-Time
X-App-Version
X-Nginx-Cache
Rt-Fastcgi-Cache
X-ApacheServer
X-Varnish-Ttl
X-B3-Spanid
X-Origin-Host
X-PERF
X-Sucuri-ID
X-Ua
X-App-Name
X-Goog-Meta-Goog-Reserved-File-Mtime
X-NewRelic-App-Data
X-OVcl-Cache
X-OVcl
X-Hit
X-Origin
DSUID
X-Agile-Id
X-Source
X-Agile
X-Agile-Age
X-APP-VERSION
X-VCT
SRV
Cache-Name
Pagespeed
Warning
X-Origin-TTL
X-Origin-CC
Hostname
X-Pubstack
X-ElasticPress-Search
X-Cache-Info
X-Cache-Host
X-Reboot
Ajk
Cache-Prefix
X-Cache-ASPX
Cross-Origin-Window-Policy
BehaviorPad-Version
Arc-Country
X-Cache-Grace
X-Cache-Expires
X-ServiceProvider
X-Region-Sid
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-ScT
X-Mobile-URL
X-Secret
X-S-Cookie
X-A-Dcw
X-Server-Group
X-Sedo-Request-Id
X-Request-UUID
X-Rojux
X-Cache-Miss-From
X-Refresh
Fly-Cache
Server-Cache-Control
X-A-Dam
X-Aed
X-PAYTM-SRV-ID
Request-Time
Rendered-Blocks
Request-Country
Request-EU
Server-Surrogate-Control
Thinkindot-CacheControl
X-A-Wwc
Www
X-A
X-Accel-Expires-Debug
UCS
Thinkindot-CacheControl-Type
Thinkindot-Control
X-NX-Host
Origin
X-Processor
X-B-Cookie
X-Platform
X-NodeID
X-Connection-Hash
X-A-Ccd
Fly-Request-Id
FNAC-ModuleRouting
Lfy
X-ARC
X-NU-AKA-ACS-Version
Node
On-Server
Meta-Geo-Continent
X-Application
MD5-Digest
Memcached
Ec-Rule-Version
X-Rewrite-Enabled
X-IN-APIGATEWAY
X-Developer
X-Webstats-RespID
X-External-Request-Id
X-G
X-Destination
X-VG-WebServer
X-Debug-Log
X-SRCache-Key
X-Var-Ttl
X-Instart-Isnd
X-IN-WAF
X-A-Dgt
X-F5-Cache
X-Hp-Webp
X-Trv-Group
X-DPWN-IS-SECURE
X-Twitter-Response-Tags
X-Up
X-Matched-Rule
X-Generated-In
X-Thinkindot-L3
Xc-Version
X-Transaction
X-Logtrace-Id
X-Debug-Cookies
X-Gannett-Site-Version
X-Date
X-Core-Value
X-Varnish-Authentication
X-Debug-Cache-Expiry
X-D
X-Debug-Cache-Fetch
X-Debug-Cache-Store
User-Agent
X-Cache-Backend
X-WPE-Loopback-Upstream-Addr
User-Cache-Control
Cteonnt-Length
X-LI-Proto
X-Hnp-Log
X-Hash
X-Location
X-Amzn-Remapped-Date
X-Policy
X-LI-UUID
X-Nginx-Cache-Key
X-Request-URI
X-Li-Fabric
X-Developers
IsBot
Kp-EeAlive
X-SIPLIST1
X-Device-Os
Server-Host
X-Gen-Mode
ServerName
RNT-Machine
RNT-Time
Server-Int
X-Micro-Cache
Proxy-Connection
Pramga
Pagetype
X-Crawler
X-Cdn-Forward
X-Amzn-Remapped-Connection
X-Origin-Date
X-PHP-Host
X-Page-Type
X-Amzn-Remapped-Content-Length
X-Protected-By
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
X-Swa-Ws
X-Cache-Bucket
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
Cache-Cookie-Set-From
X-Cdn-Srv
X-Info
X-Cache-Id
X-Epic-Correlation-Id
X-SN
Backend
X-Cache-Debug
Country-Code
X-RateLimit-Remaining-Second
X-Origin-Expires
X-Dispatcher-Server
Fastly-SWR
X-Distributor
X-Qloud-Router
True-Client-Country-4JS
X-Key
X-Irp-Debug
X-Block-Status
X-Servername
X-Li-Pop
X-Sf
X-RateLimit-Limit-Second
Web-Mar-Node
Fastly-SIE
X-FireWall-Port
X-MSEdge-Features
X-GeoIP-City
X-MSEdge-Flight
X-Geo-Header
X-No-Session
X-C
X-Bip
X-Distil-CS
X-Cms-Context
X-Gateway-Skip-Cache
X-Gateway-Cache-Status
X-LAGOON
X-Cache-FS-Status
X-Eu-Site
X-Gateway-Cache-Key
X-BBXSRF
X-Amz-Meta-Cache-Control
X-Fastly-Cache
X-Alternate-Cache-Key
X-CGP
X-Auto-Login
X-BB-ID
X-Backend-Url
X-Backend-Host
X-Core-Mission
X-Server-IP
X-Varnish-Beresp-Status
X-Shopify-Stage
X-Varnish-Beresp-Grace
X-Skip-Cache
X-Edge-Location
X-Sorting-Hat-PodId
X-ShopId
X-ShardId
AKAMAI
Apple-News-Services-Handled
Adler-Geo
X-Ocache
X-S-Maxage
X-Ah-Environment
X-Thanos
X-Fetched-On
Gh-Request-Id
X-Generated-On
X-Level-Front-Cache
X-Real-Ip
Cache
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-User
X-TrackingId
X-Variation
X-Via-Edge
X-Via-SSL
Apple-News-Services-Host
X-Sorting-Hat-ShopId
HTTPS
Heartbleed
SD-X-WS
Ha-Gx-Prefs
Is-Eu
X-Planisys-CDN-TTL
Platform
Apple-News-Services-Parsed-Url
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
Fastly-SSL
HA-Ipaddr
Content-Disposition
CDCHOST
Fastly-Soc-X-Request-Id
Apple-News-Services-Request-Url
X-Datadome
X-Sucuri-Cache
X-TT-LOGID
V-Age
X-Owner
X-GeoIP-Country-Code
X-Sn-Servicetimems
X-Apm-App-Name
X-Server-Time
X-Apm-Svc-Key
X-Cdn-Origin
X-Proxy-Cache-Status
X-Backend-State
X-Apm-Inst-Hash
X-Proxy-Upstream
X-Edge-IP
X-GZip
X-RateLimit-Reset
X-Exp-Se
Server-ID
Magicmarker
REQUESTUUID
X-ND-Cache
X-NC
Fastly-Backend-Name
Rt-Proxy-Cache
X-Geo
X-Varnish-Url
N-Cache
MIME-Version
X-B3-Parentspanid
X-FPC
X-Served-From
X-Org
Viewtype
X-Pjax-Url
X-Aicache-OS
X-Varnish-Beresp-Ttl
VivaBuild
X-Gdpr
X-Node-Id
HostName
X-CDN-Forward
X-Load-Cache
X-Dc
X-Git-Hash
Wxu-Next-Hostname
Wxu-Next-Region
X-Parent-Response-Time
Powered-By
X-CUA
Wxu-Next-Commit
X-Host-Name
Time
Pragrma
X-DC
X-CSRF-TOKEN
Memory
Section-Io-Cache
CF-IPCountry
X-Nc
PICS-Label
X-Passed-To-DLL
X-Passed-To-BeforeDispatch
X-Passed-To-PostProcessResponse
X-Svr
X-Returned-From-DLL
X-Returned-From-BeforeDispatch
X-Original-Request
X-Stale
X-Returned-From-PostProcessResponse
X-Returned-From
X-Passed-To
X-Actual-URL
X-Server-By
X-Oss-Hash-Crc64ecma
X-CACHE-KEY
Host-ID
X-Croise-Owner
Resin-Trace
X-HS-Cache-Config
X-Release
X-Servedbyhost
X-Oss-Storage-Class
X-Oss-Server-Time
X-Oss-Request-Id
X-Oss-Object-Type
X-Wa
X-VServer
X-Daa-Tunnel
Cdn-Request-Time
Cdn-Host
X-WebServer
X-TH-Server
X-Edge-Server
Mime-Version
X-Phone
ProcessTime
X-Tb-Optimization-Total-Bytes-Saved
X-Upstream-HT
AR-SID
X-Unique-ID
X-Optimization
X-Upstream-CT
X-Cache-HT
Cdn
Cf-Ipcountry
X-Lb-Id
X-Instart-Info
SID
X-Microcachable
X-From-Cache
X-Newrelic-Synthetics
X-Varnish-Beresp-TTL
Fastcgi-Useragent
Backend-Name
X-APP
X-Worker
X-Ratelimit-Remaining
X-Req
CF-Cached-On
X-Atg-Version
X-V
X-B3-SpanId
286prxHost
Xxline
352pxline
Odigeo-Trace-Id
X-Server-W
X-Fastly-Backend-Reqs
178proxuri
188prxHost
225prxHost
219prxHost
189phosttRef
409pxxline
355prline
X-Backend-TTL
XServer
Proxy-Firewall
X-Ratelimit-Limit
Version
X-Zone
X-HTML-Minification-Powered-By
Processtime
X-LB-ID
X-Vcl-Version
X-ID
X-Check-Cacheable
X-Microsite
X-WR-MODIFICATION
X-Request-Handler-Origin-Region
X-Fstrz
X-CACHE-AGE
X-Akamai-Request-ID2
X-CLOUD-TRACE-CONTEXT
Accept-Language
X-IPS-LoggedIn
X-Response-By
X-Nananana
Esi-Enabled
X-WA
X-VCL-Version
SN
GMS-Ver
X-AssetVersion
X-NGINX-Cache
X-Contensis-Viewer-Groups
X-Vcache
X-ServedByHost
X-Ratelimit-Reset
GeoIP-Country-Code
X-UPSTREAM-Address
GeoIP-City
X-CSRF-Token
X-URL
GeoIP-Latitude
Public-Key-Pins-Report-Only
Pics-Label
Fastcgi-X-Cache-Version
X-RequestId
X-Vtex-Remote-Cache
GeoIp-Country-Code
X-Hyper-Cache
X-HS-Status
Geoip-Latitude
X-Be
X-Vtex-Processado-Em
WZWS-RAY
DataCenter
X-Reqid
Locale
GW-Server
Geoip-City
X-Amz-Meta-Surrogate-Control
X-Urbn-Context-Path
X-Urbn-Site-Id
X-SERVER-NAME
X-Fastly-Country-Code
X-Via-NSCOPI
X-ZONE
X-Dynatrace
X-Request-Start
X-We-Are-Hiring
X-Clientip
X-Flog
X-UE-Client-Country
X-Hello
Mobile-Detection-Method
X-ABtesting
X-Via-Ucdn
Countrycode
X-GEO
X-Render-Time
WP-Super-Cache
X-Cdn-Cache
Lb
IBM-Web2-Location
Dnion-Transfer-Encoding
X-GDPR
X-BE
X-NWS-UUID-VERIFY
X-LiteSpeed-Cache-Control
SS
URI
X-CS
Ohc-File-Size
X-Unique-Id
CDN
X-Generation-Time
X-PJAX-URL
Dynatrace
Amp-Access-Control-Allow-Source-Origin
X-GZIP
FastCGI-Cache
X-SRV
X-HostName
X-FORWARDED-FOR
FSS-Proxy
X-Gen-Id
X-Bug-Bounty
X-Fpc
FSS-Cache
Requestid
Serverid
X-HS-Combine-CSS
Cneonction
X-Cluster-Name
RequestUuid
X-Pf-Uncompressing
X-PF-Uncompressing
X-Cache-Ttl
X-Request-Url
X-Fastly-Cache-Hits
X-Html-Edge-Cache
X-Cache-URL
Server-Id
X-Store
A
X-Test
Accept-Ch
X-LiteSpeed-Tag
X-Akamai-SSL-Client-Sid
X-NGENIX-Cache
RequestId
X-Dw-Trace-Id
X-Compress-Hint
X-Got-Non-Ke-Cookie
Ohc-Response-Time
X-Serial
Ohc-Cache-HIT
Get-Access-Time
Is-Session-Tracking
Frontcache
X-HTML-Edge-Cache
X-ServerName
NnCoection
X-Cdn-Request-ID
X-EC-Lua