Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
X-Powered-By
Link
ETag
CF-RAY
X-XSS-Protection
Expect-CT
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
CF-Cache-Status
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-Xss-Protection
X-FRAME-OPTIONS
X-Drupal-Cache
X-Adblock-Key
Alt-Svc
X-Check
X-Cacheable
X-Cache-Status
Content-Security-Policy-Report-Only
X-Generator
X-Request-ID
CF-Ray
X-DNS-Prefetch-Control
X-Permitted-Cross-Domain-Policies
X-AspNetMvc-Version
X-Template
X-Language
Status
X-Iinfo
Content-Encoding
Timing-Allow-Origin
X-Content-Security-Policy
X-Buckets
Upgrade
Xkey
X-Turbo-Charged-By
X-Kinja-Server-Push
X-CDN
Keep-Alive
Access-Control-Expose-Headers
X-Server
X-AH-Environment
X-Backend
Access-Control-Max-Age
X-Cache-Group
X-Pass-Why
X-Drupal-Dynamic-Cache
X-Age
X-Ua-Compatible
X-Via
X-Pingback
X-Proxy-Cache
X-Amz-Request-Id
X-Amz-Id-2
Grace
X-Hacker
X-Varnish-Cache
X-Page-Speed
X-Robots-Tag
WPE-Backend
X-Server-Powered-By
X-Nginx-Cache-Status
X-UA-Device
EagleId
Request-Context
X-Envoy-Upstream-Service-Time
P3p
Cf-Railgun
X-Amz-Version-Id
X-LiteSpeed-Cache
X-Swift-CacheTime
X-Swift-SaveTime
X-WebKit-CSP
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
Ali-Swift-Global-Savetime
X-Device
X-OneAgent-JS-Injection
Server-Timing
X-Server-Id
X-Rq
X-Ac
X-Node
Allow
X-Host
Content-Location
Feature-Policy
X-Cnection
X-Response-Time
Report-To
X-Cloud-Trace-Context
X-Backend-Server
EagleEye-TraceId
Surrogate-Control
X-Application-Context
X-CST
X-ORACLE-DMS-ECID
Request-Id
X-Iejgwucgyu
X-Origin-Cache
X-Url
X-Readtime
X-Rack-Cache
X-FTR-Request-ID
X-Country
X-Cache-Lookup
X-Clacks-Overhead
X-Country-Code
Rating
X-DataDome
X-Instart-Request-ID
NEL
X-Vhost
Pinterest-Generated-By
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-DynaTrace
X-Cdn
X-Ruxit-JS-Agent
X-Mod-Pagespeed
X-Origin-Upstream-Status
Edge-Control
X-Goog-Hash
X-HW
X-Px
Accept-CH
X-Dispatcher
Verso
X-ESI
X-Server-Name
MS-Author-Via
AR-PoweredBy
AR-CACHE
AR-ATIME
X-VARITI-CCR
X-Mobile-Rewrite
Arc-Version
X-GitHub-Request-Id
PB-PID
PB-RID
X-DataStream-Cache-Status
X-MS-InvokeApp
X-Use-Magma
X-Kinja-Server
X-Kinja-Build
X-Kinja-Revision
X-Exp-Id
X-Exp-Variant
X-Cdn-Fetch
X-ORACLE-DMS-RID
X-GoogleNews-Bot
X-Kinja
Public-Key-Pins
X-Type
X-Powered-By-Plesk
X-Cached
Content-MD5
X-Version
Service-Worker-Allowed
AR-Request-ID
Accept-CH-Lifetime
X-Upstream-Env
X-Amz-Server-Side-Encryption
X-Recruiting
RTSS
X-D2id
X-Navigation-Version
X-Abt-Application-Version
X-TTL
Charset
X-Vcap-Request-Id
X-Ser
X-PC
X-TtlSet
X-Vname
Ar-Sid
X-Varnish-TTL
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Forwarded-Proto
X-Client-IP
Nginx-Cache
X-Trace
SPRequestGuid
X-DynaTrace-JS-Agent
X-FTR-Balancer
X-FTR-Realm
X-FTR-DC
X-FTR-Cache-Status
X-FTR-Backend-Server
X-Country-Code-Real
X-FTR-Backend
X-FTR-Expires
DynaTrace
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-VCache
X-Oracle-Dms-Rid
X-Amz-Rid
X-Fastly-Request-ID
X-Amz-Meta-S3cmd-Attrs
S
X-Hits
X-Debug
TCN
X-Upstream-Proxy
Pinterest-Version
X-Pinterest-Rid
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-SharePointHealthScore
X-Akam-SW-Version
X-Dw-Request-Base-Id
X-Shield-Request-Id
X-Powered-CMS
Arr-Disable-Session-Affinity
X-XRDS-Location
SPIisLatency
SPRequestDuration
X-FTR-Cache-Host
X-T
Access-Control-Request-Method
X-Goog-Storage-Class
X-Id
X-Server-ID
X-Ttl
Realpath
X-Aspnet-Version
X-Acc-Meta-Resource-Type
X-NF-Request-ID
X-MSEdge-Ref
Tracecode
X-Amzn-Trace-Id
X-N
Front-End-Https
X-Varnish-Age
Fastcgi-Cache
X-B3-Traceid
X-Content-Type
X-Fastcgi-Cache
X-Upstream
X-Forwarded-For
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
Mrf-Cache-Status
X-B3-TraceId-Primal
MRF-Tech
Paypal-Debug-Id
Alternate-Protocol
X-Sol
Display
Response
X-Middleton-Display
X-Middleton-Response
X-Frontend
X-Logged-In
X-Content-Digest
X-HS-Hub-Id
X-Pad
X-HS-Content-Id
Fusion-Content-Source
X-Webkit-CSP
Fusion-Component-Id
Fusion-Content-Id
Fusion-Source
Fusion-Template-Id
X-Litespeed-Cache
X-B3-TraceId
X-Hostname
X-PressLabs-Stats
X-Srv
X-RateLimit-Remaining
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
Host
AMP-Access-Control-Allow-Source-Origin
X-Grace
X-Accel-Expires
X-Cache-Key
ServerID
MicrosoftSharePointTeamServices
X-Correlation-Id
X-B3-Sampled
Backend-Timing
X-Analytics
Server-Name
Surrogate-Key
X-Revision
X-User-Agent
X-IPLB-Instance
X-AppVersion
X-Activity-Id
X-Az
X-Kinsta-Cache
X-Debug-Info
X-LB-Cache
X-Amzn-RequestId
X-Rid
X-Amz-Apigw-Id
X-Cache-Hit
X-Content-Options
Accept-Charset
FilterID
X-Ruxit-Js-Agent
X-Cache-2
Refresh
Powered-By-ChinaCache
X-CF-Powered-By
X-B
TP-L2-Cache
TP-Cache
X-Request-Processing-Time
X-Request-Received
MS-CV
X-Page-Id
X-Whom
X-Cached-By
PageSpeed
Server-Info
Host-Header
Cache-Status
X-DIS-Request-ID
X-Amz-Replication-Status
X-App-Environment
X-Cache-Action
X-Content-Security-Policy-Report-Only
X-Origin-Server
X-Akamai-Edgescape
Source
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Varnish-Backend
X-TT
X-Ezoic-Cdn
X-Cluster
X-Tumblr-Pixel
X-Platform-Server
X-Mobile
X-PHP-Backend
X-Tumblr-User
X-F-Cache
X-Tumblr-Pixel-0
X-FW-Serve
X-Content-Powered-By
Access-Control-Allow-Method
X-FW-Type
X-FW-Server
X-FW-Static
X-Node-Name
X-Varnish-Grace
X-Framework
X-FW-Hash
X-Forwarded-Host
X-Shard
X-Request-Guid
X-Drupal-Cache-Tags
X-FB-Debug
X-Instance
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
Fastly-Restarts
X-UA-Device-Type
X-Geo-Country
Edge-Cache-Tag
X-Oneagent-Js-Injection
X-TA-CDN-Provider
X-GUploader-UploadID
X-Accel-Buffering
X-Zen-Fury
X-Varnish-Hostname
X-Handled-By
From-Origin
X-RateLimit-Limit
Cache-Tags
X-AOL-HN
X-Magnolia-Registration
X-Cache-TTL
X-SS-Set-Cookie
X-Cache-Age
X-BCube-Filmed-By
X-Cache-Control
X-Cache-Rule
X-XRDS-LOCATION
X-FastCGI-Cache
X-ATG-Version
Upgrade-Insecure-Requests
Healthy
Retry-After
X-Varnish-Server
Payment
Server-Node
Cleartype
DC
X-App-Server
X-RequestSource
X-Response-Served-From
X-Adobe-Loc
Powered
X-Storage
X-TX-ID
X-B-Cache
X-Signature
Country
X-Adobe-Content
X-WebKit-CSP-Report-Only
Ms-Operation-Id
X-Redis-Cache
X-Dns-Prefetch-Control
X-TT-TIMESTAMP
X-RTag
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-FW-Dynamic
X-UUID
X-GeoIP
Filters
Actual-Object-TTL
X-Jobs
X-Drupal-Cache-Contexts
Cache-Tv-Group
X-VG-WebCache
X-Region
X-Content-Age
X-Cacheable-TTL
X-Varnish-Hits
X-Generated-By
X-Locale
Frame-Options
X-WA-Info
Webserver
GEO-INFO
NGB
ServedBy
CACHE
X-Cache-NE
X-Guploader-Uploadid
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Contextid
X-BACKEND-TTL
Liferay-Portal
HitType
X-ProcessESI
X-RemovedCookies
X-NWS-LOG-UUID
Eomportal-Instance
X-Rendered-As
X-Cache-Operation
X-Varnish-IP
X-Cache-TTL-Remaining
Nel
X-Upgrade-Enabled
X-Esi
X-Mode
Xserver
Viewport
X-Real-IP
X-Via-JSL
X-Varnish-Cache-Hits
LB
X-Cache-Remote
S-Cnection
X-Cache-Enabled
Meta-Geo
Mn-Server-Ip
X-Zipkin-Id
X-Proto
X-Proxied
X-RN-RSRV
X-Hl-Ver
X-Path-Route
X-Akamai-Transformed
X-Is-Bot
X-Routing-Service
X-ES-SERVER
Cache-Key
X-Detected-As
X-Cache-Var-Map
Cache-Hits
OT-Force-Account-Verify
X-Device-Type
Machine
X-Cache-Var
Load-Balancing
X-S
X-Time
Vix-Hermes-Req-Id
TWC-Privacy
TWC-Locale-Group
We-Hiring
Webcakes-App-Name
X-AWS-Id
Webcakes-Region
Webcakes-App-Version
TWC-GeoIP-LatLong
Access-Control-Request-Headers
Property-Id
NGX
Mail-Subject
X-VG-TLSProxy
TWC-Device-Class
X-Backend-Name
TWC-GeoIP-Country
L5d-Success-Class
X-Cache-Config
X-Proxy
X-VWS-Id
X-Origin-Hint
X-R9-Blue-Green-Version
X-Viewer-Country
X-Time-Microsecs
X-Tb
X-Rocket-Nginx-Bypass
X-NCache
X-LJ-Flow-ID
X-FC-Vary-Parameters
X-FB-TRIP-ID
X-Environment-Context
X-From
X-FW-Version
X-L-Path
X-Hosted-By
X-Seen-By
TWC-Connection-Speed
X-Cache-Server
X-Web-Node
Origin-Cache-Control
DB-Nickname
Origin-Edge-Control
Azure-Version
Azure-RegionName
Azure-SiteName
Azure-SlotName
X-Origin-Response-Time
S-Rt
X-Format
X-EIG-Tracking-Id
X-Debug-Cache
X-Akamai-Request-ID
X-Access
Azure-InstanceId
X-Loop
X-Labrador-Cache-Channel
X-MP-GENERATED-AT
Now
X-Tumblr-Pixel-3
X-TNCMS
X-Section
X-ServerID
X-RCS-CacheZone
X-ProxyCache-Status
Selected-FE
X-OCL
X-Via-Fastly
X-JoinUs
X-IP
X-CCM
X-Vgn-Hpd-Reason
X-BYPASS-REASON
X-Human
NtCoent-Length
X-Trace-Id
X-Xfnlog-Site
X-Timing-Wait
X-Via-CDN
X-Proxy-Build
X-PCL
Cache-Tag
X-ProxyCache-Key
X-Cache-Category-Id
X-Grey
X-Internal-Host
X-Www-Served-By
Uber-Trace-Id
X-Generated
Datacenter
X-UnsetCookies
Content-Script-Type
Content-Style-Type
X-UA
X-Dynatrace-Js-Agent
X-Endurance-Cache-Level
Release
X-Site-Version
X-VC-Cache
X-APP-VERSION
X-Rule
X-Varnish-Cacheable
Served-By
Decoy-Debug-Status
X-Status
Decoy-Debug-TTL
Decoy-Debug-Key
X-EdgeConnect-Cache-Status
X-Birta-Served
X-Birta-Cache-Post
X-B3-Spanid
X-TIME
DSUID
X-Request-Time
X-CDN-Cache
X-OVcl
X-OVcl-Cache
X-Cluster-Node
X-Nginx-Cache
X-Origin
X-NewRelic-App-Data
X-Goog-Meta-Goog-Reserved-File-Mtime
AsisCache
X-VCT
X-Hit
Rt-Fastcgi-Cache
X-App-Name
Hostname
SRV
X-Newrelic-App-Data
X-PERF
Cteonnt-Length
X-ApacheServer
X-Ua
X-Source
X-GRACE
Cache
X-Agile-Id
X-Pubstack
X-Agile
X-Agile-Age
X-Origin-Host
X-Cache-Host
X-Sucuri-ID
X-Origin-TTL
Cache-Name
X-ElasticPress-Search
X-Origin-CC
Thinkindot-CacheControl
X-A-Wwc
X-Application
Thinkindot-CacheControl-Type
FNAC-ModuleRouting
UCS
Thinkindot-Control
X-Accel-Expires-Debug
Server-Surrogate-Control
Request-Country
Rendered-Blocks
Origin
Request-EU
Request-Time
Server-Host
Server-Cache-Control
Arc-Country
Www
X-A-Dgt
X-Aed
Cache-Prefix
Memcached
Ec-Rule-Version
Cross-Origin-Window-Policy
Node
MD5-Digest
X-A-Dcw
BehaviorPad-Version
X-A
Meta-Geo-Continent
Fly-Cache
Lfy
X-A-Dam
Fly-Request-Id
On-Server
X-Date
X-Request-UUID
X-Region-Sid
X-Rewrite-Enabled
X-Rojux
X-ScT
X-S-Cookie
X-Refresh
X-Reboot
X-NodeID
X-Mobile-URL
X-NU-AKA-ACS-Version
X-NX-Host
X-Processor
X-PAYTM-SRV-ID
X-Secret
X-Server-Group
X-Var-Ttl
X-Up
X-Varnish-Authentication
X-VG-WebServer
Xc-Version
X-Webstats-RespID
X-Twitter-Response-Tags
X-Trv-Group
X-ServiceProvider
X-Server-Time
X-Sn-Servicetimems
X-SRCache-Key
X-Transaction
X-Thinkindot-L3
X-Matched-Rule
X-Logtrace-Id
X-Core-Value
X-Connection-Hash
X-D
Ajk
X-Debug-Cache-Fetch
X-Debug-Cache-Expiry
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-Cache-ASPX
X-B-Cookie
X-Cache-Expires
X-Cache-Grace
X-Cdn-Origin
X-Cache-Info
X-Debug-Cache-Store
X-Debug-Cookies
X-Generated-In
X-Gannett-Site-Version
X-Hp-Webp
X-IN-APIGATEWAY
X-Instart-Isnd
X-IN-WAF
X-G
X-F5-Cache
X-Destination
X-Debug-Log
X-Developer
X-DPWN-IS-SECURE
X-External-Request-Id
X-ARC
X-A-Ccd
X-Geo
X-WPE-Loopback-Upstream-Addr
User-Cache-Control
X-Cache-Backend
X-Varnish-Ttl
RNT-Time
RNT-Machine
X-CGP
X-Cdn-Srv
X-Cache-Miss-From
ServerName
X-Origin-Date
Server-Int
X-Origin-Expires
X-Key
X-Crawler
Pagetype
X-Sedo-Request-Id
X-Location
X-Wix-Request-Id
X-Page-Type
X-ND-Cache
Rt-Proxy-Cache
Proxy-Connection
Pramga
X-SN
X-Irp-Debug
X-Amzn-Remapped-Connection
X-Micro-Cache
X-SIPLIST1
X-Block-Status
X-Amzn-Remapped-Content-Length
X-Amzn-Remapped-Date
X-Apm-Svc-Key
X-Apm-Inst-Hash
X-Apm-App-Name
X-Servername
X-Cache-Bucket
True-Client-Country-4JS
X-Cache-Id
X-LI-UUID
X-Real-Ip
X-Fetched-On
V-Age
X-Cache-Debug
X-Nginx-Cache-Key
Web-Mar-Node
X-Epic-Correlation-Id
X-PHP-Host
X-Qloud-Router
X-RateLimit-Limit-Second
Country-Code
X-Li-Fabric
X-Sf
Fastly-SIE
X-Hnp-Log
Fastly-SWR
X-Distil-CS
X-Info
X-RateLimit-Remaining-Second
X-Rebelmouse-Cache-Control
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Apple-News-Services-Handled
Backend
Cache-Cookie-Set-From
CDCHOST
X-Rebelmouse-Surrogate-Control
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
X-Hash
X-Distributor
X-Swa-Ws
X-Dispatcher-Server
X-Platform
X-LAGOON
ViewerVersion
X-Request-URI
X-Policy
X-LI-Proto
X-Li-Pop
X-Developers
IsBot
X-Device-Os
X-Gen-Mode
X-Eu-Site
Gh-Request-Id
HA-Ipaddr
Ha-Gx-Prefs
Pagespeed
X-FireWall-Port
X-Sorting-Hat-PodId
X-Backend-State
X-BBXSRF
X-Backend-Host
X-Shopify-Stage
X-Thanos
X-Backend-Url
X-Core-Mission
X-Sorting-Hat-ShopId
X-Fastly-Cache
X-Skip-Cache
X-Cache-FS-Status
X-Variation
X-C
X-Cms-Context
X-Bip
REQUESTUUID
X-Gateway-Skip-Cache
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Protected-By
Platform
X-Gateway-Cache-Status
X-Via-Edge
Adler-Geo
X-Planisys-CDN-Cache
X-User
X-ShardId
Fastly-SSL
Fastly-Soc-X-Request-Id
X-Server-IP
Content-Disposition
X-GeoIP-Country-Code
Heartbleed
X-Org
Is-Eu
X-Served-From
SD-X-WS
X-Level-Front-Cache
X-S-Maxage
X-ShopId
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-Alternate-Cache-Key
X-Auto-Login
X-Via-SSL
X-Amz-Meta-Cache-Control
X-GeoIP-City
X-MSEdge-Features
X-Generated-On
X-Gateway-Cache-Key
X-Geo-Header
Warning
X-Exp-Se
X-MSEdge-Flight
X-No-Session
AKAMAI
X-B3-Parentspanid
X-GZip
X-RateLimit-Reset
X-Owner
Kp-EeAlive
X-CDN-Forward
X-Host-Name
X-Git-Hash
X-Varnish-Beresp-Grace
X-BB-ID
X-Varnish-Beresp-Status
X-Ocache
HTTPS
X-App-Version
Server-ID
X-Wix-Server-Artifact-Id
X-Edge-Location
X-Daa-Tunnel
Wxu-Next-Commit
VivaBuild
Wxu-Next-Hostname
Wxu-Next-Region
X-Proxy-Cache-Status
Viewtype
X-Proxy-Upstream
X-Sucuri-Cache
X-TT-LOGID
MIME-Version
X-FPC
X-TrackingId
AR-SID
X-Load-Cache
X-Varnish-Url
X-NC
N-Cache
Magicmarker
Fastly-Backend-Name
X-Edge-IP
X-Aicache-OS
X-Gdpr
X-Dc
X-Cdn-Forward
User-Agent
X-Parent-Response-Time
X-Node-Id
X-Nc
Memory
X-Pjax-Url
Time
X-WebServer
X-TH-Server
X-CSRF-TOKEN
X-Release
X-Upstream-HT
X-Upstream-CT
X-DC
X-Varnish-Beresp-Ttl
X-CUA
PICS-Label
X-HS-Cache-Config
CF-IPCountry
X-Phone
Powered-By
Resin-Trace
HostName
X-CACHE-KEY
Mime-Version
X-Wa
X-Oss-Hash-Crc64ecma
X-Servedbyhost
Pragrma
X-Oss-Object-Type
X-Oss-Request-Id
X-Oss-Server-Time
X-Oss-Storage-Class
X-Instart-Info
X-Varnish-Beresp-TTL
X-Stale
Backend-Name
X-Server-By
X-Returned-From
X-Returned-From-DLL
X-Returned-From-PostProcessResponse
X-Returned-From-BeforeDispatch
X-Request-Handler-Origin-Region
X-Microsite
X-Svr
X-Original-Request
X-Passed-To-BeforeDispatch
Host-ID
X-Passed-To
X-Actual-URL
X-Passed-To-DLL
X-Passed-To-PostProcessResponse
X-Newrelic-Synthetics
X-Tb-Optimization-Total-Bytes-Saved
X-VServer
Section-Io-Cache
Cf-Ipcountry
X-Lb-Id
X-Worker
X-Croise-Owner
X-From-Cache
X-Optimization
Version
X-Cache-HT
Cdn-Request-Time
X-Edge-Server
X-Server-W
Cdn-Host
355prline
Xxline
188prxHost
189phosttRef
219prxHost
178proxuri
225prxHost
409pxxline
286prxHost
352pxline
ProcessTime
Cdn
X-APP
X-Akamai-Request-ID2
X-Atg-Version
CF-Cached-On
X-SERVER-NAME
SID
XServer
X-Fastly-Backend-Reqs
Processtime
Accept-Language
X-Vcl-Version
X-Microcachable
X-ID
X-Zone
X-Req
X-Unique-ID
Esi-Enabled
X-Ratelimit-Remaining
Proxy-Firewall
X-AssetVersion
X-Contensis-Viewer-Groups
X-VCL-Version
X-Ratelimit-Limit
X-LB-ID
X-CACHE-AGE
X-CLOUD-TRACE-CONTEXT
GeoIP-Latitude
SN
X-V
X-IPS-LoggedIn
GeoIP-Country-Code
GeoIP-City
Odigeo-Trace-Id
X-B3-SpanId
X-Vcache
X-HTML-Minification-Powered-By
X-RequestId
X-WA
X-UPSTREAM-Address
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
X-NGINX-Cache
X-ServedByHost
X-CSRF-Token
X-HS-Status
X-Fstrz
X-URL
Fastcgi-Useragent
X-Nananana
Locale
Pics-Label
X-Via-NSCOPI
X-Urbn-Context-Path
X-Urbn-Site-Id
X-Reqid
X-ZONE
X-WR-MODIFICATION
X-Check-Cacheable
X-Hello
X-Be
GeoIp-Country-Code
X-Backend-TTL
X-ABtesting
Geoip-Latitude
X-Response-By
X-Flog
Amp-Access-Control-Allow-Source-Origin
X-Cache-Ttl
DataCenter
CDN
Geoip-City
X-Hyper-Cache
IBM-Web2-Location
X-NWS-UUID-VERIFY
GMS-Ver
Dnion-Transfer-Encoding
X-Dynatrace
X-Datadome
X-Render-Time
X-Generation-Time
X-Fastly-Country-Code
X-Ratelimit-Reset
X-Via-Ucdn
X-NGENIX-Cache
X-Request-Start
X-Cdn-Cache
WP-Super-Cache
X-PJAX-URL
X-LiteSpeed-Cache-Control
X-Cluster-Name
X-CS
Requestid
X-GDPR
WebServer
Fastcgi-X-Cache-Version
Public-Key-Pins-Report-Only
X-Unique-Id
Lb
X-Cache-URL
X-HS-Combine-CSS
GW-Server
URI
X-Amz-Meta-Surrogate-Control
WZWS-RAY
X-HostName
Dynatrace
X-FORWARDED-FOR
FastCGI-Cache
X-SRV
X-Presslabs-Stats
X-Clientip
X-UE-Client-Country
X-Pf-Uncompressing
GEO-REGION-INFO
Mobile-Detection-Method
X-Compress-Hint
Cneonction
X-Got-Non-Ke-Cookie
Who
X-We-Are-Hiring
X-Varnish-Action
Serverid
Countrycode
X-Gen-Id
X-Fpc
X-BE
X-Bug-Bounty
SS
X-LiteSpeed-Tag
X-Store
Ohc-File-Size
X-Test
Server-Id
A
Https
Epwk-Cache
X-GEO
Get-Access-Time
Cache-Provider
NnCoection
Is-Session-Tracking
RequestId
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-ServerName
X-HTML-Edge-Cache
X-Request-Url
X-Fastly-Cache-Hits
X-Cdn-Request-ID
X-Html-Edge-Cache
Frontcache
X-EC-Lua
X-Dw-Trace-Id