Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
X-Frame-Options
Expires
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
CF-Cache-Status
Cf-Request-Id
ETag
Accept-Ranges
Expect-CT
CF-RAY
Pragma
X-Powered-By
X-Cache
Via
Age
X-XSS-Protection
Content-Security-Policy
Alt-Svc
Report-To
NEL
Referrer-Policy
X-Xss-Protection
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
X-Served-By
P3P
X-Download-Options
Accept-CH
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
CF-Ray
Content-Security-Policy-Report-Only
X-DNS-Prefetch-Control
X-Runtime
X-AspNet-Version
X-Drupal-Cache
P3p
Server-Timing
X-Generator
X-Cache-Status
X-Cacheable
X-Envoy-Upstream-Service-Time
Timing-Allow-Origin
X-Request-ID
X-FRAME-OPTIONS
X-Iinfo
Permissions-Policy
X-Drupal-Dynamic-Cache
X-Content-Security-Policy
X-Ua-Compatible
Feature-Policy
Access-Control-Expose-Headers
Upgrade
Content-Encoding
Status
X-CDN
X-AspNetMvc-Version
Access-Control-Max-Age
Host-Header
X-Check
Cf-Edge-Cache
X-Robots-Tag
Request-Context
X-Amz-Request-Id
X-Backend
X-Amz-Id-2
X-Hacker
Cf-Apo-Via
X-Turbo-Charged-By
X-Cache-Group
X-Proxy-Cache
Keep-Alive
X-Age
X-Rq
X-Via
EagleId
X-UA-Device
X-Server
X-Dispatcher
Accept-CH-Lifetime
X-Vhost
X-Amz-Version-Id
X-AH-Environment
X-Ws-Request-Id
CONTENT-SECURITY-POLICY
X-Litespeed-Cache
X-Varnish-Cache
Grace
X-Server-Powered-By
X-OneAgent-JS-Injection
X-Pingback
X-Swift-SaveTime
X-Swift-CacheTime
X-WebKit-CSP
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
Allow
Ali-Swift-Global-Savetime
X-Dns-Prefetch-Control
X-Cache-Lookup
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Page-Speed
Xkey
X-Cloud-Trace-Context
X-Device
X-Backend-Server
X-Akam-SW-Version
X-Host
EagleEye-TraceId
Surrogate-Control
X-Response-Time
X-Readtime
Cf-Railgun
X-Server-Id
X-Node
X-HW
X-Ruxit-JS-Agent
Request-Id
X-Country
X-Url
X-Nginx-Cache-Status
Content-Location
X-Content-Type
Cache-Tag
X-LiteSpeed-Cache
X-Nginx-Upstream-Cache-Status
Service-Worker-Allowed
X-Clacks-Overhead
X-Application-Context
Fastly-Restarts
X-Country-Code
X-Trace
X-NWS-LOG-UUID
Cross-Origin-Opener-Policy
X-Amz-Server-Side-Encryption
X-Rack-Cache
X-Times
X-PC
X-TtlSet
X-Vname
X-Midtier
X-Mcache
X-Edge
Surrogate-Key
Rating
X-Server-Name
Display
Pagespeed
X-Cache-TTL
X-Sol
X-Middleton-Display
X-Browser-Type
X-Element-Page-Cache
X-Cnection
X-Abt-Application-Version
X-Kinja
X-Cdn-Fetch
X-Exp-Variant
X-Kinja-Build
X-GoogleNews-Bot
X-Kinja-Server
X-Kinja-Revision
X-Exp-Id
Nginx-Cache
X-ESI
X-Powered-By-Plesk
X-GitHub-Request-Id
Edge-Control
X-Vcap-Request-Id
X-Ser
X-D2id
Verso
X-Ac
X-ECACHE
X-MS-InvokeApp
X-Client-IP
X-ORACLE-DMS-RID
X-ARC
X-Dw-Request-Base-Id
X-Middleton-Response
X-Amz-Rid
Response
X-CST
X-Wormhole-Sdk
X-Powered-CMS
X-Goog-Hash
X-Navigation-Version
X-Ratelimit-Limit
X-Edge-Location-Klb
X-Oneagent-Js-Injection
X-Kinsta-Cache
X-Upstream
X-Server-Lifecycle-Phase
X-PDP-UNCACHING-HASH
X-Kraken-Loop-Name
X-Erf-Bev-Bev-Is-Generated
X-Instrumentation
X-Erf-Bev-Bev
X-B3-TraceId
X-Forwarded-For
X-Ratelimit-Remaining
X-Amzn-Trace-Id
X-FastCGI-Cache
Accept-Ch-Lifetime
RTSS
X-Daa-Tunnel
X-Ruxit-Js-Agent
X-Cache-Key
SPIisLatency
SPRequestDuration
Edge-Cache-Tag
X-Mod-Pagespeed
AR-Request-ID
Cache-Status
AR-PoweredBy
AR-ATIME
AR-SID
Public-Key-Pins
X-Server-ID
X-Content-Digest
X-Ttl
X-ORACLE-DMS-ECID
X-Version
X-Ezoic-Cdn
X-Mg-S
X-NF-Request-ID
SPRequestGuid
X-SharePointHealthScore
S
Realpath
X-Shield-Request-Id
X-MSEdge-Ref
X-T
Cross-Origin-Resource-Policy
AR-CACHE
Fastcgi-Cache
X-Fastly-Request-ID
X-Recruiting
X-Cached
X-Accel-Expires
Front-End-Https
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Distributor
X-Ua-Device
Origin-Trial
Access-Control-Request-Method
X-Azure-Ref
X-Newrelic-App-Data
TP-Cache
Arr-Disable-Session-Affinity
X-Request-Received
X-Request-Processing-Time
X-Ua-Browser
Count-Hit
X-Debug
X-Id
X-HS-Hub-Id
X-HS-Cache-Config
X-TTL
X-HS-Content-Id
X-Varnish-TTL
X-Nf-Request-Id
Pinterest-Generated-By
Pinterest-Version
X-LLID
X-Pinterest-Rid
Server-Node
Cache-Tags
MicrosoftSharePointTeamServices
X-Content-Security-Policy-Report-Only
X-Ismobilevalue
X-Cluster-Name
X-PressLabs-Stats
X-Correlation-Id
X-VARITI-CCR
X-Frontend
X-Xrds-Location
X-FTR-Request-ID
X-Hits
X-HS-Combine-CSS
X-GUploader-UploadID
X-Aspnetmvc-Version
X-Varnish-Backend
X-Amz-Replication-Status
X-NGENIX-Cache
Payment
X-Protected-By
X-Goog-Metageneration
Accept-Ch
X-Request-Handler-Origin-Region
X-Microsite
X-LB-Cache
X-Unique-Id
Cleartype
Akamai-GRN
X-FB-Debug
X-Varnish-Server
X-AppVersion
X-Git-Hash
X-Logged-In
X-Www-Served-By
X-Az
X-Activity-Id
X-Forwarded-Proto
Content-Disposition
X-Tt-Trace-Host
X-Ratelimit-Reset
X-Tt-Trace-Tag
Host
X-Page-Id
X-Hostname
Filterid
X-DIS-Request-ID
X-Jurisdiction
X-Varnish-Ttl
X-HP-Trace-Id
X-HP-Webp
X-Cambria-Cache-Control
X-Amzn-RequestId
X-Amz-Apigw-Id
X-App-Server
X-Template
X-Geo-Country
Mrf-Cache-Status
MRF-Tech
X-B3-TraceId-Primal
Frame-Options
Access-Control-Allow-Method
Amp-Access-Control-Allow-Source-Origin
X-Origin-Server
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Goog-Storage-Class
X-Upgrade-Enabled
X-Aspnet-Version
X-Load-Cache
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
Version
MS-Author-Via
X-Fastcgi-Cache
X-Type
Fastly-SIE
X-ASPNET-VERSION
Fastly-SWR
Viewport
X-Content-Options
Accept-Charset
Section-Io-Cache
X-Fb-Rlafr
Retry-After
X-Cache-Control
X-TT
X-B
X-B3-Sampled
X-Rid
X-Ah-Environment
X-Grace
X-Envoy-Decorator-Operation
X-TraceId
Content-MD5
X-Tec-Api-Version
X-Tec-Api-Origin
X-Tec-Api-Root
X-Source
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Cache-Age
Trailer
X-Vcl-Version
X-Device-Type
Server-Name
X-Request-Guid
X-Trace-Id
X-Revision
X-Language
X-Cdn
X-TEC-API-ORIGIN
X-Magnolia-Registration
X-TEC-API-VERSION
X-TEC-API-ROOT
Healthy
X-Buckets
X-Px
X-Mobile
TCN
X-WP-CF-Super-Cache-Active
X-Webkit-CSP
X-Backend-Name
X-EdgeConnect-Cache-Status
X-CSRF-Token
X-Akamai-Edgescape
X-HS-Prerendered
X-Origin-Cache
X-Varnish-Grace
X-B3-Traceid
X-Amz-Meta-S3cmd-Attrs
X-App-Environment
X-Status
X-RM-Cache-TTL
X-Contextid
X-Debug-Info
X-L-Path
X-NYM-Debug-Backend
X-Rule
X-ProcessESI
X-Environment-Context
X-RemovedCookies
X-Tumblr-Pixel
X-Tumblr-User
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
X-Instance
X-Framework
Access-Control-Request-Headers
Protected
Cross-Origin-Window-Policy
SD-X-WS
X-Proxy
X-Cache-Time
NGB
GEO-INFO
X-Mg-Request-UUID
X-ServerID
X-FW-Serve
X-FW-Hash
X-FW-Dynamic
X-FW-Static
X-FW-Server
X-FW-Version
X-Region
X-FW-Type
X-Proxy-Cache-Info
X-Node-Name
X-Storage
X-UUID
MS-CV
Ms-Operation-Id
X-Cacheable-TTL
X-RTag
X-Datadog-Trace-Id
X-Debug-IsConnected
X-Rendered-As
X-Edge-Location
X-Debug-IsPreview
X-Is-Bot
X-Datadog-Sampling-Priority
X-Content-Powered-By
X-Datadog-Sampled
X-Datadog-Parent-Id
Charset
X-G
X-Yottaa-Optimizations
X-Adobe-Loc
X-Yottaa-Metrics
X-Adobe-Content
Upgrade-Insecure-Requests
X-Whom
Cross-Origin-Embedder-Policy-Report-Only
DC
X-ECache
X-Original-Request-Id
Refresh
X-Response-Served-From
Countrycode
Webserver
OT-Force-Account-Verify
X-RateLimit-Remaining
Paypal-Debug-Id
X-HTML-Minification-Powered-By
X-User-Agent
X-Lambda-Id
X-Seen-By
Section-Io-Id
Front
X-VC
X-Reqid
X-WebKit-CSP-Report-Only
X-Amzn-Remapped-Content-Length
Alternate-Protocol
X-Server-W
X-VHOST
X-TT-LOGID
X-IPS-LoggedIn
X-CCDN-CacheTTL
Priority
X-CCDN-Origin-Time
X-Hcs-Proxy-Type
X-Akamai-Request-ID2
SRV
X-AB
X-Fastly-Request-Id
X-Real-IP
Country
X-WP-CF-Super-Cache-Cookies-Bypass
X-Time
X-Cache-Status-Check
Liferay-Portal
Backend
X-N
X-Mode
Xet-Cookie
X-Nginx-Cache
Onion-Location
Property-Id
Webcakes-App-Version
X-Format
Webcakes-Region
X-Origin-Hint
TWC-Privacy
TWC-Locale-Group
TWC-GeoIP-LatLong
TWC-GeoIP-Country
Webcakes-App-Name
X-FB-TRIP-ID
ServerID
TWC-Connection-Speed
Filters
X-JoinUs
Meta-Geo
X-SaId
X-Rn-Rsrv
Fastcgi-Useragent
X-UPSTREAM-Address
X-Tumblr-Pixel-2
X-Rewrite-Enabled
TWC-Device-Class
X-Cache-Host
X-Say-TTL
X-SayCDN-TTL
X-Connection-Hash
From-Origin
X-Cache-Action
X-Origin-Date
X-Frame-Option
Web-Mar-Node
X-Rocket-Nginx-Serving-Static
X-Hl-Ver
X-Cache-Expired-At
X-Hosted-By
X-Scope-Id
Environment
Uber-Trace-Id
X-Fetched-On
X-Varnish-Age
X-Redis-Cache
X-Accel-Version
X-Cluster-Node
Mn-Server-Ip
Expiry
X-IPLB-Request-ID
X-Skip-Cache
X-VC-Cache
X-IPLB-Instance
DB-Nickname
X-R9-Blue-Green-Version
X-Restarts
X-Tb
X-Say-Cacheable
Atl-Traceid
Apigw-Requestid
X-Labrador-Cache-Channel
X-Varnish-Beresp-Grace
X-Varnish-Cache-Hits
X-Vcache
X-Webstats-RespID
X-Httpd
X-BYPASS-REASON
X-Director
X-Cms-Context
X-Forwarded-Host
X-Handled-By
X-Soup
X-Web-Node
X-Tncms
X-Logging-Id
X-ProxyCache-Key
X-ProxyCache-Status
X-Loop
X-PHP-Host
X-Proxy-Build
X-Cluster
X-Servername
X-Timing-Wait
Url
X-Request-URI
X-Auth-Group-Type
Selected-Fe
X-Served-From
ServedBy
X-B3-SpanId
X-DataDome
X-Origin-TTL
X-Origin-CC
X-S
X-DynaTrace
X-Routing-Service
X-Detected-As
Accept-Language
X-Cloudmap
X-Adobe-Source
X-Zipkin-Id
X-Extlb
X-Origin
WPO-Cache-Status
X-Proxied
WPO-Cache-Message
Cross-Origin-Embedder-Policy
X-Hit
X-Tumblr-Pixel-3
Referer-Policy
X-Ms-Version
X-Ms-Request-Id
N-Cache
Cross-Origin-Opener-Policy-Report-Only
X-Generated-By
X-LSADC-Cache
X-FTR-Cache-Status
X-FTR-Backend
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-Expires
X-Country-Code-Real
X-Azure-Ref-OriginShield
X-XRDS-Location
Xserver
Surrogated-Key
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Wix-Request-Id
X-Worker
X-Lagoon
X-Xfnlog-Site
X-SRV
Ohc-File-Size
LB
X-Generation-Time
X-Webkit-Csp
X-Sucuri-Cache
X-NWS-UUID-VERIFY
X-HS-CF-Cache-Status
CF-IPCountry
X-App-Version
X-Drupal-Cache-Tags
Source
X-Drupal-Cache-Contexts
X-RCS-CacheZone
X-Cdn-Origin
X-Cache-Debug
X-Cache-Hit
X-F-Cache
Node
X-MP-GENERATED-AT
X-Sucuri-ID
X-VCT
X-Resp-Is-Stale
X-Via-JSL
CDN-RequestId
X-Is-Mobile
X-Tcp-Rtt
X-Browser-Name
X-Is-Desktop
X-Tx-Id
X-Geo-Region
X-Is-Supported-Browser
X-Is-Tablet
X-No-Session
X-Urbn-Context-Path
Locale
X-Urbn-Site-Id
X-B-Cache
X-NODE
X-Proxy-Cache-Status
X-Signature
X-TA-CDN-Provider
Cache
X-Mly-Id
X-Varnish-Beresp-Ttl
X-Cache-Rule
X-ElasticPress-Query
X-Cache-Operation
X-INCAP-ABP
Origin
Mail-Subject
MD5-Digest
Ngx.Var.Host
Odigeo-Trace-Id
Meta-Geo-Continent
Cluster
Cache-Provider
Candidate-Md5Url
PFcat
Content-Secure-Policy
BehaviorPad-Version
Apple-News-Services-Request-Url
Apple-News-Services-Handled
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
DCR-Decision-By
DCR-Processing-Time-Ms
HA-Ipaddr
Host-ID
L5d-Success-Class
Ha-Gx-Prefs
Fl-Custom-Application
Expect-Staple
Fastly-Backend-Name
Fastly-GeoIP-CountryCode
Lang
X-A-Dcw
X-Ig-Origin-Region
X-HN
X-Ig-Push-State
X-Jobs
X-Nyt-Route
X-Mvc-Supplant-Cachable
X-GeoCountry
X-GeoCode
X-Ec-Fail
X-DPWN-IS-SECURE
X-Ec-GeoHdr
X-Eu-Site
X-Gdpr
X-FC-Vary-Parameters
X-Op-Id-All
X-Org
X-TIM-N
X-Section
X-VarnishDD-TTL
X-Vdms-Version
Xc-Version
X-Vtex-Remote-Cache
X-ScT
X-Rojux
X-Path
X-Origin-Time
X-PAYTM-SRV-ID
X-Platform-Server
X-Proxied-Request
X-Proto
X-Developer
X-Debug-Cache-Store
X-A
Wxu-Next-Region
X-A-Dam
X-A-Dgt
X-AB-Test
X-A-Wwc
Wxu-Next-Hostname
Wxu-Next-Commit
Rendered-Blocks
Redirect-Candidate
Sslversion
User-Agent
We-Hiring
W
X-Access
X-Aed
X-CGP
X-Cache-NE
X-Conf
X-Csrf-Jwt
X-Debug-Cache-Fetch
X-D
X-Cache-Info
X-Bug-Bounty
X-App-Name
X-Aicache-OS
X-Backend-Instance
X-Bc-Bl
X-BCube-Filmed-By
Producers
X-A-Ccd
X-Sorting-Hat-PodId
X-Storefront-Renderer-Rendered
X-Upstream-Ct
X-Upstream-Ht
X-Shopify-Stage
X-ShopId
X-Alternate-Cache-Key
X-CDN-Forward
X-ShardId
X-UA
X-Sorting-Hat-ShopId
Mime-Version
X-Cdn-Srv
X-Platform
NM-Fastcgi-Cache
X-Policy
X-Edge-Server
X-Geolocation
Origin-Agent-Cluster
Platform
X-Gamma-Serve
X-Fmm-Version
X-Fastly-Backend
X-Epic-Correlation-Id
X-Esi-Check
X-AK-Request-ID
X-Powered-By-VTEX-Cache
Gh-Request-Id
X-Bl-Debug
X-SD-PageType
X-Dispatcher-Server
Fastly-SSL
X-Shield-Cache-Expires
X-Scheme
X-SB
X-Req
X-Akamai-Device-Characteristics
X-Amz-Meta-Cb-Modifiedtime
L
X-Request-Time
X-Amz-Storage-Class
X-Accel-Expires-Debug
X-Generated-On
X-Loc
X-Level-Front-Cache
X-Locale
Thinkindot-CacheControl-Type
TDXMobile
Thinkindot-CacheControl
X-GoCache-CacheStatus
X-Gzip
V-Age
X-HS-Content-Campaign-Id
X-Irp-Debug
Web-Mar-Region
X-Hash
X-Location
X-GeoIP-Region-Code
RNT-Time
X-ORCA-Accelerator
RNT-Machine
Req-Svc-Chain
X-GeoIP
X-Origin-Expires
Server-Host
X-NodeID
X-Mvc-Supplant-OutputCached
X-GeoIP-Country-Code
X-GeoIP-City
X-NMSegId
X-Node-Id
X-Auto-Login
Gannett-Cam-Experience-Id
Azure-InstanceId
Azure-RegionName
Azure-SiteName
X-Clientip
X-Varnish-CookieHashed-On
X-Varnish-Director
X-Varnish-CookieINHashed-On
Azure-SlotName
Azure-Version
Canary
X-Depends
X-V-Cache
X-Var-Ttl
X-Pad
X-Varnish-Authentication
X-Varnish-Remaining-TTL
X-Varnishpool
X-VTEX-Cache-Server
X-VServer
X-VTEX-Cache-Time
X-We-Are-Hiring
X-Wikidot-Static-Cache
X-Wikidot-Backend
Edge-Copy-Time
X-Via-CDN
X-Via-Fastly
X-VG-WebCache
X-Viewer-Country
X-Vmg-Version
X-Via-Edge
X-Via-SSL
CDCHOST
X-CacheTTL
Content-Style-Type
X-DefElseHash
X-Date
Content-Script-Type
Cdnsip
X-BBC-Edge-Cache-Status
X-Slack-Shared-Secret-Outcome
X-Slack-Backend
X-B3-Trace-ID
X-DefHash
Debug
Cdncip
X-Cache-Aspx
Cdn-Host
X-Contensis-Viewer-Groups
X-Cached-By
X-Thinkindot-L3
Cdn-Request-Time
X-Content-Length
X-Cache-Id
X-Cache-Grace
X-NGINX-Cache
X-External-Request-Id
X-Core-Value
X-Hnp-Log
X-Gen-Mode
X-Content-Age
X-Human
X-Ec-Custom-Error
X-Bip
X-S-Cookie
X-CUA
X-Cache-FS-Status
X-Litespeed-Tag
X-Acquia-Purge-Cdn-Unconfigured
X-Block-Status
X-Application
Country-Code
X-Sn-Servicetimems
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Tb-Optimization-Total-Bytes-Saved
DSUID
Esi-Enabled
Yak-Timeinfo
X-Server-IP
X-SIPLIST1
X-Site-Version
Click-Count-Error
Click-Count-Action-Start
CDN-CachedAt
CDN-EdgeStorageId
CDN-Cache
X-UA-Device-Type
X-Varnish-Beresp-Status
CDN-PullZone
CDN-RequestCountryCode
X-Thanos
CDN-Uid
CDN-RequestPullSuccess
CDN-RequestPullCode
IsBot
X-Request-Start
X-Micro-Cache
X-Men
ServerName
Req-ID
Release
X-IsAdmin
Tube-Get-Contents
User-Cache-Control
Tube-Return
Tube-Got-Results
Tube-Got-Eval
X-Destination
Product
X-Pool
Origin-CC
X-Cache-Date
X-Pubstack
X-Request-Host
Origin-EX
XM
X-B-Cookie
Pramga
X-Origin-Response-Time
X-Service
X-Internal-TTL
Sid
Akamai-Mon-Iucid-Del
X-Varnish-Hits
X-VG-TLSProxy
NGX
X-GEO
X-LB-NoCache
Ssr
X-Api-Version
X-User
X-HOST
X-RID
X-B3-Spanid
X-Zen-Fury
X-VC-TTL
AMP-Access-Control-Allow-Source-Origin
X-Cache-Bucket
X-CACHE-GROUP
Cache-Key
X-Refresh
Ohc-Cache-HIT
A
X-Proxy-CacheRZ
XkeyRZ
Cdn-Requestid
X-ZONE
X-Cs
X-CLOUD-TRACE-CONTEXT
GeoIP-Latitude
Fastly-Drupal-HTML
X-Servedbyhost
X-RequestId
X-Oracle-Dms-Ecid
CloudFront-Viewer-Country
X-Dc
X-Newrelic-Synthetics
X-Tt-Logid
X-Cdn-Forward
X-AIR-PT
X-HITS
TP-L2-Cache
X-Nc
C-Via
X-APP
X-Nananana
X-Wa
X-TH-Server
X-Vgn-Hpd-Reason
X-DC
X-Optimistic-Header
Server-ID
X-HA-Backend
X-B3-Parentspanid
X-Via-Poph
X-Via-Popv
X-Via-Popn
X-Endurance-Cache-Level
X-Moov-T
X-Old-Content-Length
X-LB-ID
X-Air-Pt
X-Moov-Xdn-Caching-Status
X-Moov-Xdn-Version
Proxy-Firewall
X-DynaTrace-JS-Agent
Fastly-Drupal-Html
X-HubSpot-Correlation-Id
X-RateLimit-Limit
X-Srv
True-Client-Country-4JS
X-CS
HostName
X-Webkit-Csp-Report-Only
X-LiteSpeed-Tag
X-Parent-Response-Time
Cdn
X-LiteSpeed-Cache-Control
X-Presslabs-Stats
X-COUNTRY
X-Zone
X-Test
X-URL
WP-Super-Cache
Server-Ext
Server-Hostname
Sever-Int
Adler-Geo
X-Action
X-Datadome
Is-Eu
GeoIp-Country-Code
X-CACHE-AGE
X-AWS-Id
X-LJ-Flow-ID
X-VWS-Id
N1-Cache
X-Thinkindot-L1
X-Vercel-Id
X-Vercel-Cache
X-Fpc
WZWS-RAY
X-DataCenter
X-Cache-VC
X-Nginx-Cache-Key
Location
X-Dispatcher-Number
X-API-Version
SID
X-Provided-By
X-Ua
X-NewRelic-App-Data
X-Litespeed-Cache-Control
Uri
True-Client-IP
X-Custom-Header
TWC-GeoIP-DMA
TWC-GeoIP-City
TWC-GeoIP-Region
X-Geo-Header
Cache-Hits
T-Server
True-Client-Ip
X-Pass-Why
X-XRDS-LOCATION
X-ApacheServer
S-Rt
X-Datacenter
SEZNAM-JOBS-OFFER
X-Stale
X-ND-Cache
X-PERF
X-Cache-Server
X-Varnish-Beresp-TTL
X-CMSURLCustom
GeoIP-Country-Code
Cache-Tv-Group
X-Render-Time
Vc-Max-Age
Resin-Trace
X-SERVER-NAME
Tcn
X-WA-Info
Srv
Serverhost
X-APP-VERSION
X-Nitro-Cache
Pics-Label
X-FPC
X-Client-Ip
X-Service-Response-Time
Sm-Log-Id
X-Ssense-Gql
X-TX-ID
X-Ssense-Shipping-Surcharge-Enabled
Powered-By
RewriteTestHook
Log-Origin
Cache-Contol
RewriteTeamHook
X-Ion-Healthy
X-Jungle-Id
X-Ion-Hop
X-Uri
X-Srcache-Store-Status
X-Srcache-Fetch-Status
X-Dynatrace-Js-Agent
X-Correlation-ID
Vix-Hermes-Req-Id
X-Oracle-Dms-Rid
Cmsid
Cmstype
My-App
Lb
Hostname
X-Debug-Service
X-Cdn-Cache-Status
X-Air-Source
X-Air-Hostname
X-Air-Trace-Id
X-From
X-Ckpd-Fst-Backend
X-Cache-TTL-Remaining
Av-Poweredby
X-Fastly-Cache
X-Fastly-Cache-Status
Server-Id
X-Udemy-Cache-App-Namespace
X-Up
CacheControlHeader
On-Server
X-Lb-Id
X-Akamai-Pragma-Client-IP
Thinkindot-Control
X-Vc
X-App
X-Via-PopN
X-Via-PopV
ServerHost
X-NC
X-Via-PopH
X-Ha-Backend
X-WA
Cf-Ipcountry
X-Cache-Ttl
X-Fastly-Backend-Reqs
AKAMAI
X-Save-Cache
X-Proxy-Cache-La3
X-Oracle-DMS-ECID
Geoip-Latitude
X-LAGOON
Xkey-La3
X-Vary-Devices
X-PHP-Backend
Store-Cloud-Cache
X-Ee-Generated-By
X-Amz-Meta-Opti
X-Cms-Device
X-Ee-Origin
X-Ee-Request-Date
Time-Cloud-Cache
X-Ee-Request-Id
Xkeylog
X-Github-Request-Id
X-Esi
X-VTEX-Cache-Backend-Connect-Time
X-VTEX-Cache-Backend-Header-Time
X-VCL-Version
NtCoent-Length
X-Info
Cl-Cache
Magicmarker
X-IAuth-Set-Uid
X-Html-Minification-Powered-By
WebServer
Origin-Site
X-ServedByHost
X-Traceid
Warning
Cloudfront-Viewer-Country
WWW-Authenticate
X-Requestid
CountryCode
X-MSEdge-Flight
X-Limited
X-Serial
X-HS-Status
X-Dw-Trace-Id
X-MSEdge-Features
X-Varnish-Hostname
X-Sucuri-Id
X-Check-Cacheable
X-SRCache-Key
Epwk-X-Cache
X-Geo
Edge-Cache
X-Akamai-Transformed
X-CDN-Cache-Status
X-Acquia-Purge-Tags
X-Acquia-Application-UUID
X-Acquia-Application-Trace
FSS-Cache
X-Lb-Nocache
X-Acquia-Site
X-Pod
X-Wp-Cf-Super-Cache-Cache-Control
X-Wp-Cf-Super-Cache
Reporter
X-Td-Header-From-No-Data
X-Web-Server
X-Lsadc-Cache
Thinkindot-Cache-Type
X-Mg-Cache
X-UP
Yjs-Id
X-Ms-Lease-Status
CDN
X-Tncms-Bot-Tier
X-Rollout
Cneonction
X-Akamai-ERRuleID
CF-Cached-On
Timeexpire
X-Akamai-ERPolicy
X-Platform-Cluster
X-Platform-Processor
X-Platform-Router
X-Elasticpress-Query
X-Ramcache
X-Ms-Blob-Type
X-Eligible
X-New
X-Orig-Cache-Control
X-BBC-Origin-Response-Status