Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
X-Powered-By
Link
ETag
CF-RAY
X-XSS-Protection
Expect-CT
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
CF-Cache-Status
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Xss-Protection
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-FRAME-OPTIONS
X-Drupal-Cache
X-Adblock-Key
Alt-Svc
X-Check
X-Cacheable
X-Cache-Status
Content-Security-Policy-Report-Only
X-Generator
X-DNS-Prefetch-Control
X-Request-ID
CF-Ray
X-Permitted-Cross-Domain-Policies
X-AspNetMvc-Version
X-Template
X-Language
Status
X-Iinfo
Content-Encoding
Timing-Allow-Origin
X-Content-Security-Policy
X-Buckets
Upgrade
Xkey
X-Turbo-Charged-By
X-Kinja-Server-Push
X-CDN
Keep-Alive
Access-Control-Expose-Headers
X-AH-Environment
X-Backend
Access-Control-Max-Age
X-Cache-Group
X-Pass-Why
P3p
X-Drupal-Dynamic-Cache
X-Age
X-Server
X-Ua-Compatible
X-Pingback
X-Via
X-Proxy-Cache
X-Amz-Request-Id
X-Amz-Id-2
Grace
X-Hacker
WPE-Backend
X-Varnish-Cache
X-Page-Speed
X-Robots-Tag
X-Server-Powered-By
X-Nginx-Cache-Status
X-UA-Device
EagleId
Request-Context
X-Envoy-Upstream-Service-Time
Cf-Railgun
X-Amz-Version-Id
X-LiteSpeed-Cache
X-Swift-SaveTime
X-Swift-CacheTime
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-OneAgent-JS-Injection
Ali-Swift-Global-Savetime
X-Device
X-WebKit-CSP
Server-Timing
Allow
X-Ac
X-Rq
X-Node
X-Host
Content-Location
Feature-Policy
X-Cnection
X-Server-Id
X-Response-Time
Report-To
X-CST
X-Cloud-Trace-Context
X-Backend-Server
EagleEye-TraceId
X-Application-Context
Surrogate-Control
X-ORACLE-DMS-ECID
X-Iejgwucgyu
Request-Id
X-Url
X-Origin-Cache
X-Readtime
X-Rack-Cache
X-FTR-Request-ID
X-Country
X-Cache-Lookup
X-Cdn
X-Clacks-Overhead
X-Country-Code
NEL
Rating
X-Instart-Request-ID
X-Ruxit-JS-Agent
Pinterest-Generated-By
X-Vhost
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-DynaTrace
X-DataDome
X-Type
X-Mod-Pagespeed
X-Origin-Upstream-Status
Edge-Control
X-Px
X-Goog-Hash
X-HW
Accept-CH
X-Dispatcher
X-Server-Name
Verso
X-ORACLE-DMS-RID
MS-Author-Via
X-ESI
X-VARITI-CCR
AR-CACHE
AR-PoweredBy
AR-ATIME
PB-RID
X-Mobile-Rewrite
PB-PID
X-MS-InvokeApp
Arc-Version
X-GitHub-Request-Id
X-Cdn-Fetch
X-Exp-Id
X-Exp-Variant
X-GoogleNews-Bot
X-Kinja
X-Kinja-Build
X-Kinja-Server
X-Use-Magma
X-Kinja-Revision
X-Upstream-Env
X-DataStream-Cache-Status
X-Cached
Public-Key-Pins
X-Powered-By-Plesk
X-Version
Content-MD5
X-Server-ID
Service-Worker-Allowed
Accept-CH-Lifetime
AR-Request-ID
X-Recruiting
X-TTL
X-D2id
RTSS
Charset
X-Navigation-Version
X-Amz-Server-Side-Encryption
X-Abt-Application-Version
X-Vname
X-PC
X-TtlSet
X-Ser
Ar-Sid
X-Vcap-Request-Id
X-Varnish-TTL
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Forwarded-Proto
X-Client-IP
X-Trace
SPRequestGuid
Nginx-Cache
X-DynaTrace-JS-Agent
X-FTR-Cache-Status
X-FTR-Balancer
X-FTR-DC
X-FTR-Realm
X-FTR-Backend
X-FTR-Backend-Server
X-Country-Code-Real
X-FTR-Expires
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
DynaTrace
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Amz-Rid
X-VCache
X-XRDS-Location
X-Amz-Meta-S3cmd-Attrs
X-Webkit-CSP
S
X-Fastly-Request-ID
X-Debug
TCN
X-SharePointHealthScore
X-Hits
Pinterest-Version
X-Pinterest-Rid
X-Upstream-Proxy
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Dw-Request-Base-Id
X-Akam-SW-Version
X-Shield-Request-Id
Arr-Disable-Session-Affinity
X-Powered-CMS
SPIisLatency
SPRequestDuration
X-FTR-Cache-Host
X-T
Access-Control-Request-Method
X-Goog-Storage-Class
X-Oracle-Dms-Rid
Realpath
X-Acc-Meta-Resource-Type
X-MSEdge-Ref
Tracecode
X-NF-Request-ID
X-B3-TraceId
X-Amzn-Trace-Id
X-Id
Front-End-Https
X-Ttl
X-Aspnet-Version
X-N
X-Varnish-Age
X-Content-Type
Fastcgi-Cache
X-Forwarded-For
X-Upstream
Paypal-Debug-Id
Mrf-Cache-Status
MRF-Tech
X-Mrf-Item-Lastmod
X-Fastcgi-Cache
X-B3-TraceId-Primal
X-Mrf-Section-Lastmod
Alternate-Protocol
X-Frontend
X-Content-Digest
X-Logged-In
X-PressLabs-Stats
X-HS-Hub-Id
X-HS-Content-Id
Fusion-Component-Id
Fusion-Content-Id
Fusion-Source
Fusion-Template-Id
Fusion-Content-Source
Display
X-Middleton-Response
Response
X-Middleton-Display
X-Sol
X-RateLimit-Remaining
X-Hostname
X-Pad
X-Srv
AMP-Access-Control-Allow-Source-Origin
X-Litespeed-Cache
X-Accel-Expires
X-B3-Traceid
X-Cache-Key
Host
MicrosoftSharePointTeamServices
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
ServerID
Server-Name
X-Kinsta-Cache
X-Correlation-Id
Backend-Timing
X-Analytics
X-Activity-Id
X-AppVersion
X-Az
X-B3-Sampled
X-Revision
X-Debug-Info
X-LB-Cache
X-User-Agent
X-IPLB-Instance
X-Content-Options
Surrogate-Key
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Rid
Accept-Charset
FilterID
X-Cache-Hit
X-Cache-2
X-Grace
Refresh
Powered-By-ChinaCache
X-CF-Powered-By
X-B
X-Request-Processing-Time
X-Request-Received
TP-L2-Cache
TP-Cache
X-Page-Id
X-Whom
MS-CV
X-DIS-Request-ID
Server-Info
X-Accel-Buffering
Cache-Status
Host-Header
X-Cached-By
X-GUploader-UploadID
X-Origin-Server
X-Varnish-Backend
X-TT
X-PHP-Backend
X-Content-Security-Policy-Report-Only
Source
VIX-Pulpo-Upstream-Status
X-Cache-Action
VIX-Pulpo-Node
X-Amz-Replication-Status
X-App-Environment
X-F-Cache
X-Tumblr-Pixel-0
X-Platform-Server
X-Mobile
X-Akamai-Edgescape
X-Cluster
X-Tumblr-User
X-Tumblr-Pixel
X-Varnish-Grace
X-Framework
Access-Control-Allow-Method
X-Content-Powered-By
X-FW-Static
X-FW-Type
X-Drupal-Cache-Tags
X-Instance
X-FW-Hash
X-Request-Guid
X-FW-Serve
X-FW-Server
X-FB-Debug
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Ruxit-Js-Agent
X-Forwarded-Host
X-UA-Device-Type
Edge-Cache-Tag
X-Node-Name
X-Geo-Country
X-Ezoic-Cdn
X-Shard
PageSpeed
X-Zen-Fury
X-RateLimit-Limit
X-Cache-TTL
X-Handled-By
From-Origin
X-FastCGI-Cache
X-Varnish-Hostname
X-TA-CDN-Provider
Fastly-Restarts
X-SS-Set-Cookie
X-Magnolia-Registration
Cache-Tags
X-Cache-Age
X-BCube-Filmed-By
X-AOL-HN
X-ATG-Version
X-Cache-Control
X-Cache-Rule
X-Varnish-Server
Healthy
Upgrade-Insecure-Requests
Cleartype
X-App-Server
DC
Server-Node
Retry-After
Payment
X-Response-Served-From
X-SERVER
X-RequestSource
Country
X-Storage
X-Adobe-Content
X-Adobe-Loc
X-WebKit-CSP-Report-Only
X-Signature
X-B-Cache
X-TX-ID
X-UUID
Ms-Operation-Id
Filters
Actual-Object-TTL
X-GeoIP
X-Tumblr-Pixel-2
X-Redis-Cache
X-RTag
Powered
X-VG-WebCache
X-TT-TIMESTAMP
X-Region
X-Tumblr-Pixel-1
X-FW-Dynamic
X-Jobs
Cache-Tv-Group
X-Drupal-Cache-Contexts
X-Content-Age
X-Varnish-Hits
X-Generated-By
X-Cacheable-TTL
X-Dns-Prefetch-Control
X-Locale
X-XRDS-LOCATION
Frame-Options
NGB
Webserver
GEO-INFO
X-WA-Info
ServedBy
CACHE
X-Esi
X-Contextid
Liferay-Portal
X-Oneagent-Js-Injection
HitType
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Cache-NE
X-Rendered-As
X-Real-IP
X-ProcessESI
X-RemovedCookies
Eomportal-Instance
X-Varnish-IP
X-Cache-TTL-Remaining
X-Via-JSL
X-Cache-Operation
X-Time
X-Upgrade-Enabled
X-NWS-LOG-UUID
X-Seen-By
X-Guploader-Uploadid
Viewport
X-Mode
S-Cnection
Xserver
X-BACKEND-TTL
X-Varnish-Cache-Hits
X-Path-Route
X-Cache-Enabled
X-Hl-Ver
X-Cache-Var-Map
X-Cache-Var
X-ES-SERVER
X-Detected-As
X-Device-Type
X-Zipkin-Id
Machine
X-Proto
Mn-Server-Ip
X-Routing-Service
Cache-Hits
X-Is-Bot
X-From
X-Proxied
Cache-Key
X-RN-RSRV
Load-Balancing
OT-Force-Account-Verify
Meta-Geo
X-S
X-FC-Vary-Parameters
TWC-Connection-Speed
X-FB-TRIP-ID
X-Hosted-By
X-Environment-Context
Access-Control-Request-Headers
TWC-GeoIP-LatLong
TWC-Device-Class
X-Akamai-Transformed
X-Origin-Hint
NtCoent-Length
LB
X-LJ-Flow-ID
X-Cache-Config
TWC-Locale-Group
We-Hiring
Webcakes-App-Name
Property-Id
Vix-Hermes-Req-Id
TWC-Privacy
NGX
Webcakes-App-Version
L5d-Success-Class
X-Backend-Name
X-AWS-Id
Mail-Subject
Webcakes-Region
X-Proxy
X-L-Path
X-Time-Microsecs
X-R9-Blue-Green-Version
X-VG-TLSProxy
TWC-GeoIP-Country
X-Tb
X-Viewer-Country
X-Rocket-Nginx-Bypass
X-VWS-Id
Azure-SiteName
Azure-SlotName
Azure-RegionName
Azure-InstanceId
X-TNCMS
X-EIG-Tracking-Id
X-Web-Node
Azure-Version
X-Tumblr-Pixel-3
Origin-Cache-Control
X-Vgn-Hpd-Reason
X-Akamai-Request-ID
Origin-Edge-Control
X-Cache-Remote
Datacenter
Now
X-Debug-Cache
X-Loop
X-ServerID
S-Rt
X-Labrador-Cache-Channel
X-RCS-CacheZone
X-FW-Version
X-Origin-Response-Time
X-NCache
X-Format
X-Via-CDN
X-Access
X-ProxyCache-Status
X-ProxyCache-Key
X-Via-Fastly
X-MP-GENERATED-AT
Content-Style-Type
X-PCL
X-Cache-Server
Content-Script-Type
X-OCL
X-JoinUs
X-Human
X-Section
X-Trace-Id
X-Proxy-Build
Selected-FE
X-CCM
X-GRACE
X-BYPASS-REASON
X-Xfnlog-Site
DB-Nickname
X-IP
X-Timing-Wait
X-Internal-Host
X-Www-Served-By
Cache-Tag
X-Grey
X-Generated
X-Cache-Category-Id
Uber-Trace-Id
X-Endurance-Cache-Level
X-Site-Version
X-UnsetCookies
X-Varnish-Cacheable
X-Newrelic-App-Data
X-VC-Cache
X-Rule
X-Status
Decoy-Debug-Key
Decoy-Debug-Status
Decoy-Debug-TTL
X-Birta-Served
X-Dynatrace-Js-Agent
Release
X-Birta-Cache-Post
Served-By
X-EdgeConnect-Cache-Status
X-UA
X-CDN-Cache
X-Ua
Nel
X-Cluster-Node
AsisCache
X-Request-Time
X-Nginx-Cache
X-APP-VERSION
DSUID
X-TIME
Rt-Fastcgi-Cache
X-App-Name
X-Wix-Server-Artifact-Id
X-Hit
X-Origin
X-B3-Spanid
X-PERF
X-Goog-Meta-Goog-Reserved-File-Mtime
X-OVcl-Cache
X-OVcl
X-ApacheServer
X-VCT
X-Source
ViewerVersion
X-Origin-Host
X-Wix-Request-Id
X-App-Version
X-Agile
SRV
X-Agile-Age
X-Sucuri-ID
X-Agile-Id
Hostname
X-NewRelic-App-Data
Cache-Name
X-Pubstack
Pagespeed
X-Origin-CC
X-Cache-Host
Cteonnt-Length
X-WPE-Loopback-Upstream-Addr
Cache
X-Origin-TTL
Fly-Request-Id
Arc-Country
Www
X-Cache-ASPX
BehaviorPad-Version
Cache-Prefix
X-A
Fly-Cache
X-Cache-Expires
Ec-Rule-Version
UCS
Cross-Origin-Window-Policy
Thinkindot-CacheControl
On-Server
Origin
Node
X-A-Wwc
X-A-Dgt
Rendered-Blocks
X-Accel-Expires-Debug
Request-EU
Request-Time
X-Aed
Request-Country
Server-Cache-Control
X-Application
X-A-Dcw
X-A-Ccd
MD5-Digest
Lfy
X-B-Cookie
FNAC-ModuleRouting
Memcached
Meta-Geo-Continent
Server-Host
X-ARC
Server-Surrogate-Control
X-A-Dam
Thinkindot-CacheControl-Type
X-Debug-Log
X-Request-UUID
X-Region-Sid
X-Rewrite-Enabled
X-Rojux
X-ScT
X-S-Cookie
X-Refresh
X-Reboot
X-NX-Host
X-NU-AKA-ACS-Version
X-PAYTM-SRV-ID
X-Platform
X-Processor
X-Secret
X-Sedo-Request-Id
X-Var-Ttl
X-Up
X-Varnish-Authentication
X-VG-WebServer
Xc-Version
X-Webstats-RespID
X-Twitter-Response-Tags
X-Trv-Group
X-ServiceProvider
X-Server-Group
X-SRCache-Key
X-Thinkindot-L3
X-Transaction
X-NodeID
X-Mobile-URL
X-Debug-Cache-Expiry
X-Date
X-Debug-Cache-Fetch
X-Debug-Cache-Store
Ajk
X-Debug-Cookies
X-D
X-Core-Value
X-Cache-Miss-From
X-Cache-Info
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Connection-Hash
X-Destination
X-Developer
X-IN-WAF
X-IN-APIGATEWAY
X-Instart-Isnd
X-Logtrace-Id
X-Matched-Rule
X-Hp-Webp
X-Generated-In
X-External-Request-Id
X-DPWN-IS-SECURE
X-F5-Cache
X-G
X-Gannett-Site-Version
X-Cache-Grace
Thinkindot-Control
X-ElasticPress-Search
User-Cache-Control
Pramga
X-Origin-Date
X-Origin-Expires
Proxy-Connection
X-Crawler
X-CGP
X-Swa-Ws
X-LI-Proto
X-LI-UUID
X-Request-URI
Warning
X-Rebelmouse-Surrogate-Control
X-Epic-Correlation-Id
X-Eu-Site
X-Distributor
X-Servername
RNT-Machine
X-Device-Os
X-Dispatcher-Server
Pagetype
X-Micro-Cache
X-Nginx-Cache-Key
Web-Mar-Node
X-SIPLIST1
True-Client-Country-4JS
X-Page-Type
X-Amzn-Remapped-Date
X-Amzn-Remapped-Connection
X-Amzn-Remapped-Content-Length
X-Sf
X-Block-Status
X-Cache-Backend
X-Cache-Id
X-Cdn-Srv
X-Rebelmouse-Cache-Control
Server-Int
ServerName
X-SN
X-Cache-Bucket
X-Cache-Debug
RNT-Time
X-Distil-CS
X-Li-Fabric
X-Info
CDCHOST
X-Irp-Debug
X-Policy
Country-Code
Fastly-SIE
X-Hash
X-Li-Pop
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Apple-News-Services-Handled
Apple-News-Services-Request-Url
X-LAGOON
Cache-Cookie-Set-From
X-Key
Backend
Fastly-SWR
X-Hnp-Log
Gh-Request-Id
X-RateLimit-Limit-Second
HA-Ipaddr
X-Qloud-Router
Ha-Gx-Prefs
X-Fetched-On
X-Gen-Mode
Kp-EeAlive
IsBot
X-PHP-Host
X-RateLimit-Remaining-Second
X-Varnish-Ttl
X-FireWall-Port
X-Bip
X-MSEdge-Features
X-BBXSRF
X-Auto-Login
X-Backend-State
X-Fastly-Cache
X-Server-IP
X-C
X-Location
X-Generated-On
X-GeoIP-Country-Code
X-GeoIP-City
X-Cms-Context
X-Geo-Header
X-Sn-Servicetimems
X-S-Maxage
X-Gateway-Cache-Key
X-Core-Mission
X-Gateway-Cache-Status
X-Gateway-Skip-Cache
X-Protected-By
X-Cache-FS-Status
X-Developers
X-ShardId
X-Apm-Svc-Key
Fastly-Soc-X-Request-Id
X-Via-SSL
Fastly-SSL
X-Thanos
Heartbleed
Content-Disposition
SD-X-WS
AKAMAI
Platform
X-Apm-Inst-Hash
V-Age
X-Wikidot-Static-Cache
X-Via-Edge
X-Wikidot-Backend
X-Variation
X-Amz-Meta-Cache-Control
X-User
X-Apm-App-Name
Is-Eu
X-Cdn-Origin
X-No-Session
X-Cdn-Forward
X-Shopify-Stage
Adler-Geo
X-Varnish-Beresp-Status
X-ShopId
X-Server-Time
X-Varnish-Beresp-Grace
X-Skip-Cache
X-Level-Front-Cache
X-Sorting-Hat-ShopId
X-MSEdge-Flight
X-Alternate-Cache-Key
X-Sorting-Hat-PodId
X-Edge-Location
X-Backend-Host
X-Ocache
X-NC
X-Owner
X-Planisys-CDN-Cache
X-Exp-Se
X-ND-Cache
X-Geo
Rt-Proxy-Cache
X-Planisys-CDN-TTL
MIME-Version
User-Agent
X-Backend-Url
X-BB-ID
HTTPS
X-Planisys-CDN-Rules
X-GZip
X-Proxy-Upstream
X-Sucuri-Cache
X-Served-From
REQUESTUUID
X-Org
Server-ID
X-TrackingId
X-RateLimit-Reset
X-TT-LOGID
X-Proxy-Cache-Status
X-Edge-IP
X-Real-Ip
X-B3-Parentspanid
X-FPC
X-Varnish-Url
Fastly-Backend-Name
Magicmarker
N-Cache
X-Git-Hash
X-Gdpr
Viewtype
X-Aicache-OS
VivaBuild
X-Varnish-Beresp-Ttl
X-Host-Name
X-CDN-Forward
Wxu-Next-Hostname
X-Node-Id
X-Load-Cache
AR-SID
X-Pjax-Url
Wxu-Next-Commit
Wxu-Next-Region
X-DC
X-Daa-Tunnel
X-CSRF-TOKEN
X-CACHE-KEY
CF-IPCountry
X-Dc
Powered-By
Memory
HostName
X-Parent-Response-Time
Time
X-CUA
X-Datadome
Resin-Trace
X-Wa
Pragrma
X-Release
X-HS-Cache-Config
X-Servedbyhost
X-Nc
X-Passed-To
X-Passed-To-PostProcessResponse
X-Passed-To-DLL
X-Passed-To-BeforeDispatch
X-Svr
X-Returned-From-DLL
X-Server-By
X-Returned-From-BeforeDispatch
X-Stale
X-Returned-From-PostProcessResponse
X-Returned-From
X-WebServer
X-Original-Request
Section-Io-Cache
PICS-Label
X-TH-Server
X-Oss-Hash-Crc64ecma
X-Oss-Storage-Class
X-Oss-Server-Time
X-Oss-Request-Id
X-Oss-Object-Type
X-Actual-URL
X-Upstream-HT
X-Upstream-CT
X-VServer
X-Croise-Owner
X-Phone
Host-ID
ProcessTime
X-Newrelic-Synthetics
X-Edge-Server
Cdn-Host
Cdn-Request-Time
X-Instart-Info
Cdn
X-Cache-HT
Mime-Version
X-Optimization
X-ID
X-Tb-Optimization-Total-Bytes-Saved
X-From-Cache
Backend-Name
X-Varnish-Beresp-TTL
CF-Cached-On
X-APP
X-Lb-Id
X-Unique-ID
SID
X-Fastly-Backend-Reqs
X-Worker
X-Microcachable
Cf-Ipcountry
Version
409pxxline
355prline
219prxHost
178proxuri
X-Req
188prxHost
X-Server-W
Xxline
225prxHost
286prxHost
352pxline
189phosttRef
X-Microsite
X-Request-Handler-Origin-Region
X-B3-SpanId
X-Atg-Version
X-Backend-TTL
X-LB-ID
Proxy-Firewall
XServer
Fastcgi-Useragent
Processtime
X-Akamai-Request-ID2
Odigeo-Trace-Id
X-V
Accept-Language
X-Ratelimit-Remaining
Esi-Enabled
X-Zone
X-HTML-Minification-Powered-By
X-Ratelimit-Limit
X-Vcl-Version
X-VCL-Version
X-CLOUD-TRACE-CONTEXT
X-CACHE-AGE
GeoIP-Latitude
GeoIP-Country-Code
X-AssetVersion
X-Contensis-Viewer-Groups
X-Fstrz
X-Check-Cacheable
X-IPS-LoggedIn
GeoIP-City
X-UPSTREAM-Address
X-WR-MODIFICATION
X-Response-By
X-NGINX-Cache
SN
X-Nananana
Pics-Label
X-Vcache
X-ZONE
X-Vtex-Remote-Cache
X-Be
X-WA
X-HS-Status
X-Vtex-Processado-Em
X-RequestId
X-Ratelimit-Reset
GMS-Ver
X-URL
Locale
X-CSRF-Token
X-ServedByHost
X-Via-NSCOPI
X-Urbn-Site-Id
X-Urbn-Context-Path
X-Reqid
FastCGI-Cache
Public-Key-Pins-Report-Only
DataCenter
GeoIp-Country-Code
X-SERVER-NAME
X-Hyper-Cache
X-NWS-UUID-VERIFY
Fastcgi-X-Cache-Version
Geoip-Latitude
X-Dynatrace
WZWS-RAY
GW-Server
X-Flog
X-Hello
X-ABtesting
X-Via-Ucdn
X-Amz-Meta-Surrogate-Control
IBM-Web2-Location
Dnion-Transfer-Encoding
Geoip-City
X-Fastly-Country-Code
X-Request-Start
X-Render-Time
WP-Super-Cache
CDN
X-Cdn-Cache
Requestid
X-Generation-Time
X-Clientip
Mobile-Detection-Method
X-We-Are-Hiring
X-Cache-Ttl
Countrycode
WebServer
X-CS
X-GDPR
X-UE-Client-Country
X-LiteSpeed-Cache-Control
X-NGENIX-Cache
X-Unique-Id
Ohc-File-Size
X-GEO
X-HS-Combine-CSS
X-PJAX-URL
X-BE
URI
Lb
X-Cluster-Name
SS
Amp-Access-Control-Allow-Source-Origin
Dynatrace
X-HostName
X-FORWARDED-FOR
X-SRV
X-Fpc
X-Compress-Hint
Cneonction
X-Gen-Id
X-Cache-URL
X-Pf-Uncompressing
Serverid
X-GZIP
X-Got-Non-Ke-Cookie
X-Varnish-Action
Who
RequestUuid
X-PF-Uncompressing
GEO-REGION-INFO
Server-Id
A
X-Bug-Bounty
X-Store
FSS-Cache
FSS-Proxy
X-Test
X-LiteSpeed-Tag
X-Akamai-SSL-Client-Sid
X-Html-Edge-Cache
Frontcache
Https
X-Request-Url
X-Fastly-Cache-Hits
X-Serial
X-HTML-Edge-Cache
X-Cdn-Request-ID
X-ServerName
X-Dw-Trace-Id
NnCoection
Ohc-Cache-HIT
Ohc-Response-Time
X-EC-Lua