Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
X-Frame-Options
Expires
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
CF-Cache-Status
Cf-Request-Id
ETag
Accept-Ranges
Expect-CT
CF-RAY
Pragma
X-Powered-By
X-Cache
Via
Age
X-XSS-Protection
Content-Security-Policy
Alt-Svc
Report-To
NEL
Referrer-Policy
Access-Control-Allow-Origin
X-Xss-Protection
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
Accept-CH
X-Served-By
P3P
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
CF-Ray
X-DNS-Prefetch-Control
Content-Security-Policy-Report-Only
X-Runtime
X-AspNet-Version
X-Drupal-Cache
P3p
Server-Timing
X-Generator
X-Cache-Status
X-Cacheable
X-Envoy-Upstream-Service-Time
Timing-Allow-Origin
X-Request-ID
X-Iinfo
X-FRAME-OPTIONS
Permissions-Policy
X-Drupal-Dynamic-Cache
X-Content-Security-Policy
X-Ua-Compatible
Feature-Policy
Access-Control-Expose-Headers
Upgrade
Content-Encoding
Status
X-CDN
X-AspNetMvc-Version
Access-Control-Max-Age
Host-Header
Cf-Edge-Cache
X-Robots-Tag
Request-Context
X-Amz-Request-Id
X-Check
X-Backend
Accept-CH-Lifetime
X-Amz-Id-2
X-Hacker
Cf-Apo-Via
X-Cache-Group
X-Turbo-Charged-By
X-Proxy-Cache
Keep-Alive
X-Age
X-Rq
EagleId
X-Via
X-UA-Device
X-Server
X-Dispatcher
X-Vhost
X-Amz-Version-Id
X-AH-Environment
X-Ws-Request-Id
X-Litespeed-Cache
X-Varnish-Cache
X-OneAgent-JS-Injection
Grace
X-Server-Powered-By
X-WebKit-CSP
X-Swift-CacheTime
X-Swift-SaveTime
X-Pingback
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
Ali-Swift-Global-Savetime
Allow
X-Cache-Lookup
Xkey
X-Page-Speed
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Cloud-Trace-Context
X-Device
X-Backend-Server
X-Dns-Prefetch-Control
X-Akam-SW-Version
X-Host
EagleEye-TraceId
Surrogate-Control
X-Response-Time
X-Readtime
Cf-Railgun
X-Server-Id
X-Node
X-HW
X-Ruxit-JS-Agent
Request-Id
X-Country
X-Url
X-Nginx-Cache-Status
Content-Location
X-Content-Type
Cache-Tag
X-Country-Code
X-Nginx-Upstream-Cache-Status
X-LiteSpeed-Cache
Service-Worker-Allowed
X-Trace
X-Clacks-Overhead
Fastly-Restarts
X-Application-Context
Cross-Origin-Opener-Policy
X-NWS-LOG-UUID
X-Amz-Server-Side-Encryption
X-Rack-Cache
X-Times
X-PC
X-TtlSet
X-Vname
X-Midtier
X-Edge
X-Mcache
Surrogate-Key
Rating
X-Server-Name
X-Cache-TTL
Pagespeed
X-Middleton-Display
Display
X-Sol
X-Browser-Type
X-Cnection
X-Element-Page-Cache
X-Abt-Application-Version
X-Powered-By-Plesk
X-Kinja-Build
X-GoogleNews-Bot
X-Kinja-Server
X-Kinja-Revision
X-Exp-Variant
X-Kinja
X-Exp-Id
X-Cdn-Fetch
X-ESI
Nginx-Cache
X-GitHub-Request-Id
X-ECACHE
Edge-Control
X-Vcap-Request-Id
X-D2id
Verso
X-Ser
X-Ac
X-MS-InvokeApp
X-ORACLE-DMS-RID
X-Client-IP
X-Middleton-Response
X-Amz-Rid
Response
X-ARC
X-Ratelimit-Limit
X-Dw-Request-Base-Id
X-CST
X-Wormhole-Sdk
X-B3-TraceId
X-Powered-CMS
X-Goog-Hash
X-Navigation-Version
X-Kinsta-Cache
X-Edge-Location-Klb
X-Erf-Bev-Bev-Is-Generated
X-Kraken-Loop-Name
X-Erf-Bev-Bev
X-Server-Lifecycle-Phase
X-PDP-UNCACHING-HASH
X-Instrumentation
X-Upstream
X-Ratelimit-Remaining
X-Forwarded-For
X-Amzn-Trace-Id
X-FastCGI-Cache
X-Ruxit-Js-Agent
RTSS
X-Cache-Key
X-Daa-Tunnel
SPRequestDuration
SPIisLatency
X-Mod-Pagespeed
AR-Request-ID
AR-SID
AR-PoweredBy
Edge-Cache-Tag
AR-ATIME
Cache-Status
Public-Key-Pins
X-Server-ID
X-Content-Digest
X-Oneagent-Js-Injection
X-Ezoic-Cdn
X-Version
Accept-Ch-Lifetime
X-Mg-S
X-ORACLE-DMS-ECID
SPRequestGuid
X-SharePointHealthScore
S
X-Ttl
Realpath
X-Fastly-Request-ID
X-T
X-MSEdge-Ref
X-Shield-Request-Id
Fastcgi-Cache
Cross-Origin-Resource-Policy
AR-CACHE
X-Recruiting
Origin-Trial
X-NF-Request-ID
Front-End-Https
X-Cached
X-Accel-Expires
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Distributor
X-Ua-Device
X-TTL
X-Nf-Request-Id
X-FTR-Request-ID
X-Azure-Ref
Pinterest-Generated-By
Pinterest-Version
X-Pinterest-Rid
Access-Control-Request-Method
TP-Cache
Arr-Disable-Session-Affinity
X-Request-Processing-Time
X-Request-Received
X-Newrelic-App-Data
Count-Hit
X-Ua-Browser
X-Id
X-Debug
X-HS-Cache-Config
X-HS-Hub-Id
X-HS-Content-Id
X-LLID
X-Varnish-TTL
X-Xrds-Location
Cache-Tags
Server-Node
X-Ismobilevalue
X-Content-Security-Policy-Report-Only
X-Cluster-Name
X-PressLabs-Stats
X-Correlation-Id
MicrosoftSharePointTeamServices
X-Frontend
X-VARITI-CCR
X-Hits
X-GUploader-UploadID
X-HS-Combine-CSS
X-NGENIX-Cache
X-Varnish-Backend
X-Aspnetmvc-Version
X-Protected-By
X-Amz-Replication-Status
Payment
Accept-Ch
X-Goog-Metageneration
X-Microsite
X-Request-Handler-Origin-Region
Akamai-GRN
X-Unique-Id
Cleartype
X-LB-Cache
X-Varnish-Server
X-FB-Debug
X-Az
X-Logged-In
X-AppVersion
X-Activity-Id
X-Git-Hash
X-Www-Served-By
X-Page-Id
X-Ratelimit-Reset
Content-Disposition
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-Hostname
X-Forwarded-Proto
Host
Filterid
X-DIS-Request-ID
X-Cambria-Cache-Control
X-HP-Trace-Id
X-Jurisdiction
X-HP-Webp
X-Varnish-Ttl
X-Amz-Apigw-Id
X-Amzn-RequestId
X-App-Server
X-Template
X-Geo-Country
Frame-Options
MRF-Tech
Mrf-Cache-Status
X-B3-TraceId-Primal
X-TraceId
Access-Control-Allow-Method
Trailer
Amp-Access-Control-Allow-Source-Origin
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Generation
X-Load-Cache
X-Aspnet-Version
Version
X-Origin-Server
X-WP-CF-Super-Cache-Cache-Control
X-Fastcgi-Cache
X-Upgrade-Enabled
X-WP-CF-Super-Cache
X-Type
Viewport
Fastly-SWR
Fastly-SIE
Accept-Charset
X-ASPNET-VERSION
Section-Io-Cache
X-Content-Options
X-Fb-Rlafr
X-TT
X-B3-Sampled
X-Grace
X-Cache-Control
Retry-After
X-B
X-Envoy-Decorator-Operation
X-Rid
X-Ah-Environment
X-Source
Content-MD5
X-Cache-Age
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-TEC-API-VERSION
MS-Author-Via
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Device-Type
X-Vcl-Version
Server-Name
X-Magnolia-Registration
X-Request-Guid
X-Language
X-Trace-Id
X-Px
X-Tec-Api-Origin
X-Tec-Api-Version
X-Tec-Api-Root
X-Revision
X-Buckets
X-Cdn
Healthy
X-Mobile
X-HS-Prerendered
X-WP-CF-Super-Cache-Active
X-EdgeConnect-Cache-Status
X-Webkit-CSP
X-Akamai-Edgescape
X-Backend-Name
X-CSRF-Token
TCN
X-Varnish-Grace
X-RM-Cache-TTL
X-Status
Protected
X-Origin-Cache
X-App-Environment
X-NYM-Debug-Backend
X-FW-Dynamic
X-Tumblr-User
X-Instance
X-FW-Version
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-FW-Type
X-Debug-Info
X-Tumblr-Pixel-1
X-FW-Static
X-FW-Server
X-L-Path
X-FW-Serve
X-FW-Hash
X-ProcessESI
X-RemovedCookies
X-Rule
X-Environment-Context
X-Contextid
X-Mg-Request-UUID
Cross-Origin-Window-Policy
X-Cache-Time
X-ServerID
Access-Control-Request-Headers
X-Framework
NGB
GEO-INFO
X-Node-Name
X-Storage
SD-X-WS
X-Region
X-UUID
X-Proxy-Cache-Info
MS-CV
Ms-Operation-Id
X-Is-Bot
X-Rendered-As
X-Edge-Location
Charset
X-Adobe-Content
X-Content-Powered-By
X-Adobe-Loc
X-Debug-IsConnected
X-Debug-IsPreview
X-Amz-Meta-S3cmd-Attrs
X-Datadog-Trace-Id
X-Datadog-Sampling-Priority
X-Proxy
X-Datadog-Parent-Id
X-Datadog-Sampled
X-Cacheable-TTL
X-RTag
X-Yottaa-Metrics
X-Original-Request-Id
X-Response-Served-From
X-G
Upgrade-Insecure-Requests
X-Yottaa-Optimizations
Cross-Origin-Embedder-Policy-Report-Only
Refresh
X-Whom
OT-Force-Account-Verify
Webserver
X-Lambda-Id
DC
Countrycode
X-B3-Traceid
X-RateLimit-Remaining
Paypal-Debug-Id
X-User-Agent
X-Seen-By
Section-Io-Id
X-HTML-Minification-Powered-By
X-Reqid
Front
X-VC
X-Amzn-Remapped-Content-Length
X-WebKit-CSP-Report-Only
X-CCDN-CacheTTL
X-Hcs-Proxy-Type
Alternate-Protocol
X-CCDN-Origin-Time
SRV
X-Server-W
X-ECache
X-VHOST
X-TT-LOGID
Priority
X-IPS-LoggedIn
X-Real-IP
X-Time
X-WP-CF-Super-Cache-Cookies-Bypass
X-AB
X-Akamai-Request-ID2
X-Cache-Status-Check
Liferay-Portal
Country
X-FTR-Expires
X-N
X-FTR-Cache-Status
X-Country-Code-Real
X-FTR-Backend-Server
X-FTR-Backend
X-FTR-Balancer
X-Mode
Xet-Cookie
Backend
X-B3-SpanId
Onion-Location
X-Nginx-Cache
TWC-Privacy
Webcakes-Region
X-SaId
Webcakes-App-Name
X-Rn-Rsrv
TWC-Locale-Group
X-Origin-Hint
Webcakes-App-Version
X-Format
X-JoinUs
X-FB-TRIP-ID
X-Rewrite-Enabled
TWC-GeoIP-Country
Filters
Fastcgi-Useragent
X-UPSTREAM-Address
Meta-Geo
X-Rocket-Nginx-Serving-Static
ServerID
TWC-Connection-Speed
Environment
X-Tumblr-Pixel-2
X-Cache-Host
TWC-Device-Class
TWC-GeoIP-LatLong
Property-Id
X-Skip-Cache
X-Frame-Option
X-Scope-Id
X-Varnish-Age
X-Fetched-On
X-Origin-CC
X-Origin-TTL
X-Connection-Hash
X-Restarts
X-R9-Blue-Green-Version
X-Tb
X-Labrador-Cache-Channel
X-IPLB-Request-ID
X-Origin-Date
X-PHP-Host
X-Hl-Ver
X-Hosted-By
X-IPLB-Instance
X-VC-Cache
X-Say-Cacheable
X-Redis-Cache
Mn-Server-Ip
X-Say-TTL
X-SayCDN-TTL
DB-Nickname
Expiry
From-Origin
X-Cluster-Node
Uber-Trace-Id
X-Accel-Version
Web-Mar-Node
X-Cache-Action
X-Cache-Expired-At
Atl-Traceid
X-BYPASS-REASON
WPO-Cache-Message
WPO-Cache-Status
X-Forwarded-Host
X-Httpd
X-ProxyCache-Status
X-Logging-Id
X-Webstats-RespID
X-Loop
X-Cms-Context
X-Handled-By
X-Director
X-Soup
X-Web-Node
X-Vcache
Apigw-Requestid
X-ProxyCache-Key
X-Tncms
X-Varnish-Beresp-Grace
X-Varnish-Cache-Hits
X-Servername
Selected-Fe
X-Auth-Group-Type
X-Timing-Wait
X-Served-From
X-Cluster
Url
X-Adobe-Source
ServedBy
X-Proxy-Build
X-DataDome
Cross-Origin-Opener-Policy-Report-Only
X-DynaTrace
X-Detected-As
X-Zipkin-Id
X-Ms-Request-Id
X-Cloudmap
X-Ms-Version
X-S
X-Extlb
X-Routing-Service
X-Proxied
X-Origin
X-Request-URI
X-Hit
X-Tumblr-Pixel-3
Cross-Origin-Embedder-Policy
Accept-Language
X-Fastly-Request-Id
Referer-Policy
N-Cache
X-Azure-Ref-OriginShield
X-Generated-By
Surrogated-Key
X-LSADC-Cache
X-XRDS-Location
Ohc-File-Size
X-SRV
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Worker
Xserver
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Wix-Request-Id
X-Resp-Is-Stale
X-Generation-Time
X-HS-CF-Cache-Status
X-Sucuri-Cache
X-App-Version
X-Xfnlog-Site
X-Lagoon
Source
X-Drupal-Cache-Tags
X-Drupal-Cache-Contexts
LB
X-Cdn-Origin
X-Cache-Hit
CF-IPCountry
X-NWS-UUID-VERIFY
X-Cache-Debug
X-MP-GENERATED-AT
X-RCS-CacheZone
X-F-Cache
X-Sucuri-ID
Node
X-TA-CDN-Provider
X-VCT
X-Tx-Id
X-Varnish-Beresp-Ttl
X-Is-Mobile
X-Is-Supported-Browser
X-Is-Tablet
X-Tcp-Rtt
X-Is-Desktop
X-Browser-Name
X-Geo-Region
X-NODE
X-No-Session
Locale
Cache
X-Mly-Id
X-Urbn-Site-Id
X-Cache-Rule
X-Urbn-Context-Path
X-Signature
X-Pad
CDN-RequestId
X-B-Cache
X-ElasticPress-Query
X-Via-JSL
X-INCAP-ABP
X-Litespeed-Tag
X-Cache-Operation
X-Via-Edge
X-Via-CDN
X-Via-SSL
Edge-Copy-Time
X-Proxy-Cache-Status
X-CDN-Forward
PFcat
X-Origin-Time
X-HN
X-VarnishDD-TTL
Host-ID
Wxu-Next-Commit
HA-Ipaddr
Candidate-Md5Url
Redirect-Candidate
X-Org
X-Vdms-Version
X-Vtex-Remote-Cache
X-PAYTM-SRV-ID
X-D
X-Ec-GeoHdr
X-GeoCode
X-GeoCountry
X-AB-Test
X-Geolocation
X-Platform-Server
Cluster
X-Debug-Cache-Fetch
X-Gdpr
Origin
Rendered-Blocks
X-Path
X-Bug-Bounty
DCR-Decision-By
DCR-Processing-Time-Ms
X-FC-Vary-Parameters
BehaviorPad-Version
User-Agent
Expect-Staple
Apple-News-Services-Request-Url
Apple-News-Services-Host
X-Eu-Site
W
X-Jobs
Apple-News-Services-Parsed-Url
X-Ig-Push-State
Producers
Cache-Provider
Ha-Gx-Prefs
Content-Secure-Policy
X-Nyt-Route
X-Op-Id-All
X-Debug-Cache-Store
X-Mvc-Supplant-Cachable
Fastly-Backend-Name
X-Ig-Origin-Region
Fl-Custom-Application
We-Hiring
Apple-News-Services-Handled
X-Cache-Info
X-Proto
X-BCube-Filmed-By
X-Backend-Instance
X-A-Dcw
Xc-Version
X-Aed
X-Csrf-Jwt
X-Bc-Bl
Meta-Geo-Continent
L5d-Success-Class
Wxu-Next-Hostname
Mail-Subject
X-Access
X-DPWN-IS-SECURE
X-Rojux
Lang
X-Bl-Debug
X-A-Dam
Ngx.Var.Host
X-A-Dgt
X-A-Ccd
X-Ec-Fail
Wxu-Next-Region
X-A
Odigeo-Trace-Id
X-Developer
X-Aicache-OS
MD5-Digest
X-Cache-NE
X-Section
X-A-Wwc
X-CGP
X-Conf
Sslversion
X-TIM-N
X-ScT
X-App-Name
X-Sorting-Hat-ShopId
X-Storefront-Renderer-Rendered
X-Alternate-Cache-Key
X-ShopId
X-Shopify-Stage
X-Oracle-Dms-Ecid
X-ShardId
X-Sorting-Hat-PodId
Mime-Version
X-Contensis-Viewer-Groups
X-Generated-On
X-Content-Length
Cdnsip
X-Core-Value
X-Gamma-Serve
X-Fmm-Version
X-Dispatcher-Server
Cdncip
Content-Style-Type
X-Fastly-Backend
Content-Script-Type
Debug
Gannett-Cam-Experience-Id
X-Date
Origin-Agent-Cluster
X-Depends
X-DefHash
L
X-Edge-Server
X-Cdn-Srv
X-Cache-Date
X-Cache-Id
X-Cached-By
NM-Fastcgi-Cache
X-CacheTTL
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
Server-Host
X-Esi-Check
Fastly-GeoIP-CountryCode
X-Clientip
RNT-Machine
Platform
X-DefElseHash
Product
TDXMobile
Gh-Request-Id
X-Epic-Correlation-Id
RNT-Time
X-Powered-By-VTEX-Cache
X-Vmg-Version
X-Viewer-Country
X-Via-Fastly
X-VServer
X-VTEX-Cache-Server
X-Wikidot-Backend
X-We-Are-Hiring
X-VTEX-Cache-Time
X-VG-WebCache
X-Accel-Expires-Debug
X-Varnish-Authentication
X-Var-Ttl
X-GeoIP
X-Varnish-CookieHashed-On
X-Varnish-CookieINHashed-On
X-Varnishpool
X-Varnish-Remaining-TTL
X-Varnish-Director
X-Wikidot-Static-Cache
Fastly-SSL
X-Akamai-Device-Characteristics
X-AK-Request-ID
X-HS-Content-Campaign-Id
X-S-Cookie
X-SD-PageType
X-Slack-Shared-Secret-Outcome
X-Slack-Backend
X-Amz-Storage-Class
X-GeoIP-Region-Code
X-GeoIP-Country-Code
X-B-Cookie
X-Application
Web-Mar-Region
X-Cache-Grace
X-Destination
X-Auto-Login
X-B3-Trace-ID
X-External-Request-Id
X-Thinkindot-L3
X-V-Cache
Azure-InstanceId
Azure-RegionName
Azure-SiteName
X-Cache-Aspx
X-Irp-Debug
X-Locale
X-Loc
X-Level-Front-Cache
Azure-SlotName
Azure-Version
X-GoCache-CacheStatus
Cdn-Request-Time
X-GeoIP-City
Cdn-Host
X-Gzip
Canary
CDCHOST
X-Hash
X-Shield-Cache-Expires
X-Location
X-Proxied-Request
V-Age
X-Amz-Meta-Cb-Modifiedtime
X-Req
X-Request-Time
X-Scheme
X-SB
X-Platform
X-Policy
X-NodeID
X-Origin-Expires
X-NMSegId
X-Mvc-Supplant-OutputCached
X-Micro-Cache
X-Node-Id
X-Upstream-Ht
Akamai-Mon-Iucid-Del
X-Upstream-Ct
X-NGINX-Cache
X-Bip
X-BBC-Edge-Cache-Status
X-Pool
X-Block-Status
X-Content-Age
User-Cache-Control
Pramga
XM
Yak-Timeinfo
X-CUA
X-Ec-Custom-Error
X-Request-Host
X-Site-Version
X-Human
X-Hnp-Log
X-Gen-Mode
X-GEO
X-VG-TLSProxy
X-Varnish-Beresp-Status
X-Origin-Response-Time
X-Pubstack
X-ORCA-Accelerator
X-Men
X-Internal-TTL
X-IsAdmin
X-Request-Start
X-Server-IP
X-Thanos
X-UA-Device-Type
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-SIPLIST1
X-Sn-Servicetimems
X-Cache-FS-Status
IsBot
NGX
DSUID
Country-Code
Origin-CC
Origin-EX
Req-Svc-Chain
Req-ID
Release
Click-Count-Error
Click-Count-Action-Start
CDN-PullZone
CDN-EdgeStorageId
CDN-CachedAt
CDN-RequestCountryCode
CDN-RequestPullCode
CDN-Uid
CDN-RequestPullSuccess
ServerName
CDN-Cache
Tube-Got-Eval
Tube-Got-Results
Tube-Return
Tube-Get-Contents
X-Acquia-Purge-Cdn-Unconfigured
Ohc-Cache-HIT
Sid
X-Tb-Optimization-Total-Bytes-Saved
Esi-Enabled
X-Varnish-Hits
X-VC-TTL
X-User
X-Zen-Fury
X-AIR-PT
X-Service
Ssr
X-UA
Cdn-Requestid
X-HOST
X-RID
X-Cs
X-Api-Version
X-LB-NoCache
AMP-Access-Control-Allow-Source-Origin
Fastly-Drupal-HTML
X-CACHE-GROUP
X-Refresh
X-ZONE
Cache-Key
GeoIP-Latitude
X-Proxy-CacheRZ
X-Cache-Bucket
A
XkeyRZ
X-DC
X-B3-Spanid
X-Tt-Logid
X-Newrelic-Synthetics
X-Cdn-Forward
X-RequestId
X-TH-Server
X-Vgn-Hpd-Reason
CloudFront-Viewer-Country
X-HITS
X-Servedbyhost
X-HubSpot-Correlation-Id
TP-L2-Cache
C-Via
X-HA-Backend
X-Via-Popn
X-Via-Popv
X-Nc
X-Wa
X-Via-Poph
X-Dc
X-Nananana
X-Old-Content-Length
X-APP
X-LB-ID
X-B3-Parentspanid
X-Moov-T
Server-ID
X-Moov-Xdn-Caching-Status
X-Moov-Xdn-Version
X-Endurance-Cache-Level
X-DynaTrace-JS-Agent
HostName
Proxy-Firewall
X-Optimistic-Header
X-Webkit-Csp-Report-Only
X-Ua
X-Presslabs-Stats
Fastly-Drupal-Html
X-Srv
X-Parent-Response-Time
Cdn
WP-Super-Cache
X-LiteSpeed-Tag
X-Zone
X-Action
N1-Cache
X-COUNTRY
True-Client-Country-4JS
X-URL
X-CS
X-Datadome
X-LiteSpeed-Cache-Control
X-Webkit-Csp
Server-Ext
X-Vercel-Id
X-Test
X-Vercel-Cache
Server-Hostname
Location
X-Litespeed-Cache-Control
Sever-Int
X-Cache-VC
X-Thinkindot-L1
X-CACHE-AGE
X-Fpc
X-Air-Pt
GeoIp-Country-Code
Is-Eu
Adler-Geo
TWC-GeoIP-DMA
TWC-GeoIP-Region
TWC-GeoIP-City
Cache-Hits
X-API-Version
SID
X-AWS-Id
X-Dispatcher-Number
X-Nginx-Cache-Key
X-LJ-Flow-ID
X-VWS-Id
X-NewRelic-App-Data
X-DataCenter
WZWS-RAY
X-RateLimit-Limit
True-Client-Ip
Uri
True-Client-IP
Tcn
X-ApacheServer
X-PERF
X-Provided-By
X-Datacenter
X-Geo-Header
GeoIP-Country-Code
Resin-Trace
X-WA-Info
X-Custom-Header
T-Server
SEZNAM-JOBS-OFFER
X-Render-Time
X-Pass-Why
X-ND-Cache
X-Nitro-Cache
X-Uri
X-CLOUD-TRACE-CONTEXT
S-Rt
X-SERVER-NAME
X-Ssense-Gql
X-Ssense-Shipping-Surcharge-Enabled
X-CMSURLCustom
Serverhost
X-Jungle-Id
Cache-Contol
RewriteTestHook
RewriteTeamHook
X-Ion-Healthy
Vc-Max-Age
X-Ion-Hop
X-Cache-Server
Log-Origin
Lb
X-Stale
X-FPC
X-Service-Response-Time
X-Client-Ip
Sm-Log-Id
X-Varnish-Beresp-TTL
Cache-Tv-Group
X-TX-ID
Pics-Label
Cmstype
Cmsid
My-App
X-Srcache-Store-Status
X-Srcache-Fetch-Status
X-Correlation-ID
X-Dynatrace-Js-Agent
Powered-By
X-Oracle-Dms-Rid
X-Udemy-Cache-App-Namespace
X-APP-VERSION
X-From
Srv
X-Up
X-XRDS-LOCATION
X-Cdn-Cache-Status
CacheControlHeader
Server-Id
X-Air-Trace-Id
X-Air-Source
X-Air-Hostname
X-Debug-Service
Av-Poweredby
X-Fastly-Cache-Status
Hostname
Request-ID
Vix-Hermes-Req-Id
Cf-Ipcountry
X-Akamai-Pragma-Client-IP
X-App
X-Fastly-Cache
X-Ckpd-Fst-Backend
X-Cache-TTL-Remaining
X-LAGOON
X-Vc
X-Lb-Id
Thinkindot-Control
X-NC
X-WA
On-Server
X-Cache-Ttl
ServerHost
X-Via-PopN
X-Via-PopV
X-Via-PopH
X-Ha-Backend
X-Github-Request-Id
NtCoent-Length
Geoip-Latitude
X-Oracle-DMS-ECID
X-Fastly-Backend-Reqs
X-Html-Minification-Powered-By
X-Esi
X-ServedByHost
Cloudfront-Viewer-Country
Origin-Site
X-Requestid
Store-Cloud-Cache
X-Ee-Request-Date
X-Ee-Request-Id
AKAMAI
X-PHP-Backend
X-Ee-Origin
X-Ee-Generated-By
X-Amz-Meta-Opti
Time-Cloud-Cache
X-Cms-Device
X-Vary-Devices
X-Save-Cache
X-VCL-Version
Xkey-La3
X-Proxy-Cache-La3
Xkeylog
WebServer
X-IAuth-Set-Uid
X-SRCache-Key
X-Traceid
X-Varnish-Hostname
WWW-Authenticate
Epwk-X-Cache
X-VTEX-Cache-Backend-Header-Time
X-MSEdge-Features
Ms-Author-Via
X-VTEX-Cache-Backend-Connect-Time
X-MSEdge-Flight
CountryCode
Magicmarker
X-HS-Status
X-Check-Cacheable
Edge-Cache
Cl-Cache
X-Serial
X-Info
X-Limited
Warning
X-Sucuri-Id
X-Lsadc-Cache
Pragrma
X-Acquia-Application-UUID
X-Acquia-Application-Trace
X-Wp-Cf-Super-Cache-Cache-Control
X-Wp-Cf-Super-Cache
X-Acquia-Purge-Tags
X-Dw-Trace-Id
X-Akamai-Transformed
X-Pod
FSS-Cache
Reporter
X-Lb-Nocache
X-Acquia-Site
X-Web-Server
X-Ms-Blob-Type
X-Ms-Lease-Status
Timeexpire
YJS-ID
Yjs-Id
Cneonction
X-Tncms-Bot-Tier
X-Td-Header-From-No-Data
X-Mg-Cache
X-Akamai-ERRuleID
X-BBC-Origin-Response-Status
CF-Cached-On
X-Orig-Cache-Control
X-CDN-Cache-Status
X-Elasticpress-Query
X-Geo
X-Platform-Cluster
X-Akamai-ERPolicy
X-Ramcache
X-Platform-Router
X-Platform-Processor
Thinkindot-Cache-Type