Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
X-Frame-Options
Expires
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
CF-Cache-Status
Cf-Request-Id
ETag
Accept-Ranges
Expect-CT
CF-RAY
Pragma
X-Powered-By
X-Cache
Via
Age
X-XSS-Protection
Content-Security-Policy
Alt-Svc
Report-To
NEL
Referrer-Policy
Access-Control-Allow-Origin
X-Xss-Protection
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
Accept-CH
X-Served-By
P3P
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Request-Id
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
CF-Ray
X-DNS-Prefetch-Control
Content-Security-Policy-Report-Only
X-Runtime
X-AspNet-Version
X-Drupal-Cache
P3p
Server-Timing
X-Generator
X-Cache-Status
X-Cacheable
X-Envoy-Upstream-Service-Time
Timing-Allow-Origin
X-Iinfo
X-FRAME-OPTIONS
Permissions-Policy
X-Drupal-Dynamic-Cache
X-Request-ID
X-Content-Security-Policy
X-Ua-Compatible
Feature-Policy
Access-Control-Expose-Headers
Upgrade
Content-Encoding
Status
X-CDN
Access-Control-Max-Age
Host-Header
Cf-Edge-Cache
X-AspNetMvc-Version
X-Robots-Tag
Request-Context
X-Amz-Request-Id
X-Check
X-Backend
Accept-CH-Lifetime
X-Amz-Id-2
X-Hacker
Cf-Apo-Via
X-Cache-Group
X-Turbo-Charged-By
X-Proxy-Cache
X-Age
Keep-Alive
X-Rq
X-Via
X-UA-Device
X-Server
X-Dispatcher
EagleId
X-Vhost
X-Amz-Version-Id
X-AH-Environment
X-Ws-Request-Id
X-Litespeed-Cache
X-Varnish-Cache
X-OneAgent-JS-Injection
Grace
X-Server-Powered-By
X-WebKit-CSP
X-Pingback
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
Ali-Swift-Global-Savetime
Allow
X-Swift-CacheTime
X-Swift-SaveTime
X-Cache-Lookup
Xkey
X-Page-Speed
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Cloud-Trace-Context
X-Device
X-Backend-Server
X-Dns-Prefetch-Control
X-Akam-SW-Version
X-Host
Surrogate-Control
EagleEye-TraceId
X-Response-Time
X-Readtime
Cf-Railgun
X-Server-Id
X-Node
X-HW
X-Ruxit-JS-Agent
Request-Id
X-Country
X-Url
X-Nginx-Cache-Status
Content-Location
X-Content-Type
Cache-Tag
X-Country-Code
X-LiteSpeed-Cache
X-Nginx-Upstream-Cache-Status
Fastly-Restarts
Service-Worker-Allowed
X-Trace
X-Clacks-Overhead
X-Application-Context
Cross-Origin-Opener-Policy
X-NWS-LOG-UUID
X-Amz-Server-Side-Encryption
X-Rack-Cache
X-Times
X-TtlSet
X-Vname
X-PC
X-Mcache
X-Midtier
X-Edge
Surrogate-Key
Rating
X-Server-Name
X-Cache-TTL
Display
X-Sol
X-Middleton-Display
Pagespeed
X-Browser-Type
X-Cnection
X-Element-Page-Cache
X-Abt-Application-Version
X-Powered-By-Plesk
X-Cdn-Fetch
X-Exp-Id
X-Exp-Variant
X-Kinja-Revision
X-Kinja-Build
X-Kinja-Server
X-GoogleNews-Bot
X-Kinja
X-ESI
Nginx-Cache
X-GitHub-Request-Id
Edge-Control
X-Vcap-Request-Id
Verso
X-D2id
X-Ser
X-Ac
X-MS-InvokeApp
X-ECACHE
X-ORACLE-DMS-RID
X-Client-IP
X-Amz-Rid
X-Middleton-Response
Response
X-ARC
X-Dw-Request-Base-Id
X-Ratelimit-Limit
X-CST
X-Wormhole-Sdk
X-B3-TraceId
X-Goog-Hash
X-Powered-CMS
X-ASPNET-VERSION
X-Ratelimit-Remaining
X-Navigation-Version
X-Kinsta-Cache
X-Edge-Location-Klb
X-Erf-Bev-Bev
X-Server-Lifecycle-Phase
X-PDP-UNCACHING-HASH
X-Instrumentation
X-Erf-Bev-Bev-Is-Generated
X-Kraken-Loop-Name
X-Upstream
X-Forwarded-For
X-Amzn-Trace-Id
X-FastCGI-Cache
X-Ruxit-Js-Agent
X-Cache-Key
RTSS
SPIisLatency
SPRequestDuration
X-Daa-Tunnel
X-Mod-Pagespeed
AR-SID
AR-ATIME
AR-Request-ID
AR-PoweredBy
Edge-Cache-Tag
Cache-Status
Public-Key-Pins
X-Server-ID
X-Content-Digest
X-Ezoic-Cdn
X-Oneagent-Js-Injection
X-Ttl
X-Version
Accept-Ch-Lifetime
X-Aspnetmvc-Version
X-Mg-S
X-ORACLE-DMS-ECID
SPRequestGuid
X-SharePointHealthScore
S
Realpath
X-MSEdge-Ref
X-T
X-Shield-Request-Id
Fastcgi-Cache
Cross-Origin-Resource-Policy
AR-CACHE
X-Recruiting
Origin-Trial
X-NF-Request-ID
X-Fastly-Request-ID
X-Cached
Front-End-Https
X-Accel-Expires
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Distributor
X-Ua-Device
X-Nf-Request-Id
X-FTR-Request-ID
X-Pinterest-Rid
Pinterest-Generated-By
Pinterest-Version
X-Azure-Ref
Access-Control-Request-Method
TP-Cache
Arr-Disable-Session-Affinity
X-Request-Processing-Time
X-Request-Received
Count-Hit
X-Ua-Browser
X-Id
X-Newrelic-App-Data
X-TTL
X-HS-Content-Id
X-HS-Hub-Id
X-HS-Cache-Config
X-Debug
X-LLID
X-Varnish-TTL
Cache-Tags
X-Xrds-Location
Server-Node
X-Ismobilevalue
X-Content-Security-Policy-Report-Only
X-Cluster-Name
X-PressLabs-Stats
MicrosoftSharePointTeamServices
X-Correlation-Id
X-Frontend
X-VARITI-CCR
X-Hits
X-GUploader-UploadID
X-HS-Combine-CSS
X-NGENIX-Cache
X-Varnish-Backend
X-Protected-By
X-Amz-Replication-Status
Payment
Accept-Ch
X-Goog-Metageneration
X-Microsite
X-Request-Handler-Origin-Region
X-Unique-Id
Akamai-GRN
Cleartype
X-LB-Cache
X-FB-Debug
X-Varnish-Server
X-Git-Hash
X-Activity-Id
X-Www-Served-By
X-AppVersion
X-Logged-In
X-Az
X-Page-Id
X-Ratelimit-Reset
Content-Disposition
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Hostname
X-Forwarded-Proto
Host
X-DIS-Request-ID
Filterid
X-Jurisdiction
X-HP-Webp
X-HP-Trace-Id
X-Cambria-Cache-Control
X-Varnish-Ttl
X-Amzn-RequestId
X-Amz-Apigw-Id
X-App-Server
X-Template
X-Geo-Country
Frame-Options
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
X-TraceId
Trailer
Access-Control-Allow-Method
Amp-Access-Control-Allow-Source-Origin
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Origin-Server
Version
X-Load-Cache
X-Aspnet-Version
X-Upgrade-Enabled
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
X-Fastcgi-Cache
X-Type
Viewport
Accept-Charset
Fastly-SWR
Fastly-SIE
X-Content-Options
Section-Io-Cache
X-Fb-Rlafr
X-TT
X-Grace
X-B3-Sampled
X-B
X-Cache-Control
Retry-After
X-Ah-Environment
MS-Author-Via
X-Envoy-Decorator-Operation
X-Rid
X-Source
Content-MD5
X-Tec-Api-Root
X-Tec-Api-Origin
X-Tec-Api-Version
X-Cache-Age
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Device-Type
Server-Name
X-Vcl-Version
X-Magnolia-Registration
X-Request-Guid
X-Trace-Id
X-Language
X-Px
X-Revision
X-Cdn
X-TEC-API-ROOT
X-Buckets
X-TEC-API-VERSION
X-TEC-API-ORIGIN
Healthy
X-Mobile
TCN
X-EdgeConnect-Cache-Status
X-HS-Prerendered
X-WP-CF-Super-Cache-Active
X-Webkit-CSP
X-Backend-Name
X-Akamai-Edgescape
X-CSRF-Token
X-Varnish-Grace
X-App-Environment
X-Status
Protected
X-RM-Cache-TTL
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
X-Tumblr-User
X-FW-Type
X-FW-Server
X-FW-Static
X-FW-Version
X-Tumblr-Pixel
X-Contextid
X-RemovedCookies
X-ProcessESI
X-Rule
X-L-Path
X-NYM-Debug-Backend
X-Origin-Cache
X-FW-Serve
X-FW-Dynamic
X-Debug-Info
X-Instance
X-FW-Hash
X-Environment-Context
SD-X-WS
Cross-Origin-Window-Policy
NGB
X-Storage
X-Mg-Request-UUID
X-Proxy-Cache-Info
X-Node-Name
X-Framework
X-Cache-Time
Access-Control-Request-Headers
X-Region
X-ServerID
GEO-INFO
X-UUID
X-Datadog-Sampled
X-Debug-IsPreview
X-Datadog-Sampling-Priority
X-Datadog-Trace-Id
X-Datadog-Parent-Id
X-Content-Powered-By
Charset
Ms-Operation-Id
MS-CV
X-Edge-Location
X-Proxy
X-Is-Bot
X-Cacheable-TTL
X-Adobe-Loc
X-Rendered-As
X-Adobe-Content
X-Debug-IsConnected
X-RTag
X-Amz-Meta-S3cmd-Attrs
X-Yottaa-Metrics
Upgrade-Insecure-Requests
X-Original-Request-Id
X-G
X-Response-Served-From
X-Yottaa-Optimizations
Cross-Origin-Embedder-Policy-Report-Only
X-Whom
Refresh
X-ECache
Webserver
OT-Force-Account-Verify
DC
X-Lambda-Id
Countrycode
Paypal-Debug-Id
X-B3-Traceid
X-User-Agent
X-Seen-By
Section-Io-Id
X-HTML-Minification-Powered-By
X-Reqid
X-VC
Front
X-Amzn-Remapped-Content-Length
X-WebKit-CSP-Report-Only
Alternate-Protocol
X-CCDN-Origin-Time
X-Hcs-Proxy-Type
X-CCDN-CacheTTL
X-Server-W
Priority
X-TT-LOGID
X-VHOST
X-IPS-LoggedIn
X-RateLimit-Remaining
X-Real-IP
SRV
X-Fastly-Request-Id
X-Akamai-Request-ID2
X-AB
X-Time
X-WP-CF-Super-Cache-Cookies-Bypass
Liferay-Portal
Country
X-Cache-Status-Check
X-FTR-Cache-Status
X-FTR-Expires
X-FTR-Balancer
X-FTR-Backend
X-Country-Code-Real
Backend
X-FTR-Backend-Server
X-N
X-Mode
X-DataDome
Xet-Cookie
X-Nginx-Cache
Onion-Location
X-Rn-Rsrv
X-Rewrite-Enabled
X-Origin-Hint
Environment
X-UPSTREAM-Address
X-Cache-Host
X-JoinUs
X-Tumblr-Pixel-2
X-Format
X-Rocket-Nginx-Serving-Static
X-SaId
Webcakes-Region
TWC-Device-Class
TWC-GeoIP-Country
TWC-Locale-Group
TWC-Privacy
TWC-Connection-Speed
ServerID
Fastcgi-Useragent
Filters
Meta-Geo
Property-Id
X-FB-TRIP-ID
TWC-GeoIP-LatLong
Webcakes-App-Name
Webcakes-App-Version
X-Connection-Hash
X-Cache-Action
X-Origin-Date
X-Labrador-Cache-Channel
X-Scope-Id
X-Hosted-By
X-PHP-Host
X-Say-Cacheable
Expiry
X-IPLB-Instance
X-Tb
X-IPLB-Request-ID
X-Redis-Cache
From-Origin
X-Skip-Cache
X-Varnish-Age
X-R9-Blue-Green-Version
X-VC-Cache
Web-Mar-Node
Uber-Trace-Id
X-Frame-Option
X-Accel-Version
X-Fetched-On
X-Hl-Ver
X-Cluster-Node
DB-Nickname
X-Say-TTL
X-SayCDN-TTL
X-Restarts
X-Cache-Expired-At
Mn-Server-Ip
X-Origin-TTL
X-Origin-CC
X-Vcache
X-ProxyCache-Key
X-Tncms
X-Logging-Id
Apigw-Requestid
X-Httpd
X-BYPASS-REASON
Atl-Traceid
X-Forwarded-Host
WPO-Cache-Status
WPO-Cache-Message
X-Soup
X-ProxyCache-Status
X-Cms-Context
X-Varnish-Cache-Hits
X-Web-Node
X-Webstats-RespID
X-Director
X-Varnish-Beresp-Grace
X-Loop
X-Handled-By
X-Served-From
X-B3-SpanId
ServedBy
X-Auth-Group-Type
Selected-Fe
Url
X-Proxy-Build
X-Servername
X-Adobe-Source
X-Timing-Wait
X-Cluster
Cross-Origin-Opener-Policy-Report-Only
X-DynaTrace
X-Zipkin-Id
X-Proxied
X-Ms-Request-Id
X-Cloudmap
X-Detected-As
X-Extlb
X-Ms-Version
X-Origin
X-S
X-Routing-Service
X-Request-URI
Cross-Origin-Embedder-Policy
X-Tumblr-Pixel-3
X-Hit
Accept-Language
Referer-Policy
N-Cache
X-LSADC-Cache
X-Azure-Ref-OriginShield
X-Generated-By
X-XRDS-Location
Ohc-File-Size
Surrogated-Key
X-SRV
X-Worker
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
Xserver
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
LB
X-Resp-Is-Stale
X-Wix-Request-Id
X-HS-CF-Cache-Status
X-Generation-Time
X-Xfnlog-Site
X-Sucuri-Cache
X-Lagoon
CF-IPCountry
X-App-Version
X-Drupal-Cache-Tags
Source
X-Drupal-Cache-Contexts
X-Cdn-Origin
X-Cache-Hit
X-NWS-UUID-VERIFY
X-MP-GENERATED-AT
X-Sucuri-ID
X-RCS-CacheZone
X-F-Cache
X-Cache-Debug
Node
X-Tx-Id
X-TA-CDN-Provider
X-VCT
CDN-RequestId
X-Is-Supported-Browser
X-Is-Mobile
X-Is-Desktop
X-Browser-Name
X-Geo-Region
X-Tcp-Rtt
X-Is-Tablet
X-Urbn-Site-Id
X-No-Session
X-Urbn-Context-Path
X-Cache-Rule
Cache
X-Mly-Id
Locale
X-NODE
X-Signature
X-Pad
X-Varnish-Beresp-Ttl
X-B-Cache
X-Via-JSL
X-ElasticPress-Query
X-INCAP-ABP
X-Via-CDN
X-Via-Edge
Edge-Copy-Time
X-Via-SSL
X-Proxy-Cache-Status
X-Litespeed-Tag
X-CDN-Forward
X-Cache-Operation
X-Aicache-OS
X-TIM-N
Wxu-Next-Hostname
X-Debug-Cache-Fetch
X-Bl-Debug
X-Backend-Instance
X-Bc-Bl
X-Bug-Bounty
L5d-Success-Class
Content-Secure-Policy
X-ScT
Apple-News-Services-Host
X-Section
Fastly-GeoIP-CountryCode
Fl-Custom-Application
Apple-News-Services-Parsed-Url
Apple-News-Services-Handled
Fastly-Backend-Name
DCR-Processing-Time-Ms
X-Cache-NE
X-Cache-Info
X-Mvc-Supplant-Cachable
Expect-Staple
X-Rojux
X-CGP
X-Proxied-Request
X-Proto
Cluster
BehaviorPad-Version
X-App-Name
Candidate-Md5Url
Cache-Provider
X-Csrf-Jwt
Host-ID
Ha-Gx-Prefs
X-Conf
Apple-News-Services-Request-Url
HA-Ipaddr
DCR-Decision-By
X-D
X-VarnishDD-TTL
X-Access
Rendered-Blocks
Wxu-Next-Region
X-Origin-Time
X-Vtex-Remote-Cache
X-GeoCountry
Redirect-Candidate
X-Op-Id-All
X-Ec-Fail
X-Platform-Server
Producers
X-Ec-GeoHdr
X-PAYTM-SRV-ID
X-GeoCode
X-Ig-Push-State
Xc-Version
Sslversion
X-A-Dgt
X-A-Dcw
User-Agent
X-Org
X-A-Wwc
X-AB-Test
Lang
X-Eu-Site
X-FC-Vary-Parameters
X-HN
X-Ig-Origin-Region
W
X-A
X-Aed
X-Jobs
Ngx.Var.Host
X-Gdpr
X-Geolocation
Meta-Geo-Continent
X-Debug-Cache-Store
Wxu-Next-Commit
Mail-Subject
MD5-Digest
X-Path
X-BCube-Filmed-By
X-A-Dam
X-Nyt-Route
Odigeo-Trace-Id
X-A-Ccd
We-Hiring
X-Developer
X-DPWN-IS-SECURE
X-Vdms-Version
PFcat
Origin
X-Sorting-Hat-PodId
X-ShardId
X-Alternate-Cache-Key
X-ShopId
X-Shopify-Stage
X-Sorting-Hat-ShopId
X-Oracle-Dms-Ecid
X-Storefront-Renderer-Rendered
X-Auto-Login
Cdnsip
X-Origin-Expires
Cdncip
X-BBC-Edge-Cache-Status
X-B3-Trace-ID
X-Amz-Storage-Class
Content-Style-Type
Content-Script-Type
V-Age
X-Amz-Meta-Cb-Modifiedtime
RNT-Time
Platform
X-Policy
Product
Gh-Request-Id
X-NMSegId
X-Node-Id
Origin-Agent-Cluster
Mime-Version
X-Powered-By-VTEX-Cache
L
NM-Fastcgi-Cache
X-NodeID
Req-Svc-Chain
RNT-Machine
TDXMobile
Debug
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
X-Platform
X-S-Cookie
X-Akamai-Device-Characteristics
Gannett-Cam-Experience-Id
Server-Host
X-Accel-Expires-Debug
X-AK-Request-ID
X-SD-PageType
X-Date
X-Epic-Correlation-Id
X-Loc
X-Locale
X-Edge-Server
X-VTEX-Cache-Server
X-VTEX-Cache-Time
X-We-Are-Hiring
X-Fastly-Backend
X-Esi-Check
X-GeoIP-Country-Code
X-VServer
X-VG-WebCache
X-GeoIP-Region-Code
X-Varnishpool
X-Via-Fastly
X-Depends
X-Vmg-Version
X-Viewer-Country
X-Dispatcher-Server
X-Wikidot-Backend
X-Fmm-Version
X-Slack-Shared-Secret-Outcome
X-B-Cookie
X-Hash
X-Application
X-Cache-Grace
X-Slack-Backend
X-Destination
X-Irp-Debug
X-External-Request-Id
X-Gzip
X-GoCache-CacheStatus
X-Generated-On
X-Gamma-Serve
X-Wikidot-Static-Cache
X-Level-Front-Cache
Fastly-SSL
Web-Mar-Region
X-GeoIP-City
X-GeoIP
X-Varnish-Remaining-TTL
X-DefHash
X-Cached-By
X-Scheme
X-Cache-Id
X-DefElseHash
X-CacheTTL
X-Clientip
X-Shield-Cache-Expires
X-Cdn-Srv
X-SB
X-HS-Content-Campaign-Id
Azure-RegionName
Azure-SiteName
Azure-SlotName
Azure-InstanceId
X-Req
X-Request-Time
X-Mvc-Supplant-OutputCached
Canary
X-Micro-Cache
X-Varnish-CookieHashed-On
X-Cache-Date
X-Varnish-Authentication
X-Varnish-CookieINHashed-On
X-Cache-Aspx
X-Varnish-Director
Cdn-Request-Time
Cdn-Host
X-Var-Ttl
X-V-Cache
X-Content-Length
X-Contensis-Viewer-Groups
X-Core-Value
X-Thinkindot-L3
X-Location
CDCHOST
Azure-Version
X-UA
X-NGINX-Cache
X-Upstream-Ht
Akamai-Mon-Iucid-Del
X-Upstream-Ct
X-Bip
X-IsAdmin
X-Internal-TTL
X-Acquia-Purge-Cdn-Unconfigured
X-Cache-FS-Status
X-ORCA-Accelerator
X-Men
X-Site-Version
X-Request-Start
X-Hnp-Log
CDN-Cache
X-Server-IP
X-SIPLIST1
X-SVT-ORM-RULES
X-Origin-Response-Time
CDN-CachedAt
CDN-EdgeStorageId
CDN-RequestPullSuccess
CDN-Uid
CDN-RequestPullCode
CDN-RequestCountryCode
CDN-PullZone
X-SVT-ORM-VERSION
X-Thanos
X-Gen-Mode
User-Cache-Control
X-Block-Status
X-Content-Age
X-CUA
Pramga
Yak-Timeinfo
X-Varnish-Beresp-Status
X-UA-Device-Type
X-VG-TLSProxy
X-GEO
XM
X-Pubstack
X-Sn-Servicetimems
Origin-CC
Origin-EX
X-Pool
NGX
X-Ec-Custom-Error
IsBot
Tube-Got-Results
Release
Tube-Get-Contents
Tube-Got-Eval
X-Request-Host
ServerName
X-Human
Tube-Return
Req-ID
DSUID
Click-Count-Error
Click-Count-Action-Start
Country-Code
Sid
Ohc-Cache-HIT
X-Service
X-Tb-Optimization-Total-Bytes-Saved
Esi-Enabled
X-Zen-Fury
X-User
Ssr
X-VC-TTL
X-Varnish-Hits
Eagleid
X-HOST
X-B3-Spanid
X-LB-NoCache
X-Api-Version
X-RID
Fastly-Drupal-HTML
AMP-Access-Control-Allow-Source-Origin
X-CACHE-GROUP
X-AIR-PT
GeoIP-Latitude
X-Refresh
X-Cs
Cdn-Requestid
X-ZONE
A
X-Servedbyhost
CloudFront-Viewer-Country
X-Cache-Bucket
X-Cdn-Forward
Cache-Key
XkeyRZ
X-Proxy-CacheRZ
X-RequestId
X-DC
X-Newrelic-Synthetics
X-Tt-Logid
X-Nc
X-HITS
X-Vgn-Hpd-Reason
X-TH-Server
X-HubSpot-Correlation-Id
TP-L2-Cache
X-Wa
C-Via
X-Dc
X-B3-Parentspanid
X-Via-Popv
X-HA-Backend
X-Old-Content-Length
X-Moov-Xdn-Version
X-Moov-T
X-Via-Poph
X-Via-Popn
X-Moov-Xdn-Caching-Status
Server-ID
X-Nananana
X-APP
X-Optimistic-Header
X-LB-ID
X-DynaTrace-JS-Agent
Proxy-Firewall
X-Endurance-Cache-Level
HostName
X-Swift-Cachetime
X-Webkit-Csp-Report-Only
X-CS
X-Swift-Savetime
X-Presslabs-Stats
X-Parent-Response-Time
Cdn
X-Srv
Fastly-Drupal-Html
N1-Cache
WP-Super-Cache
X-Zone
True-Client-Country-4JS
X-Action
X-URL
X-COUNTRY
X-LiteSpeed-Tag
X-Air-Pt
X-LiteSpeed-Cache-Control
X-Webkit-Csp
Location
X-Vercel-Id
X-Test
X-Ua
X-Vercel-Cache
Sever-Int
Server-Hostname
X-Thinkindot-L1
X-Litespeed-Cache-Control
X-Cache-VC
Server-Ext
X-CACHE-AGE
X-Fpc
Adler-Geo
GeoIp-Country-Code
Is-Eu
X-DataCenter
SID
TWC-GeoIP-Region
TWC-GeoIP-City
Cache-Hits
TWC-GeoIP-DMA
X-API-Version
WZWS-RAY
X-Nginx-Cache-Key
X-NewRelic-App-Data
X-Datadome
X-LJ-Flow-ID
X-VWS-Id
X-Dispatcher-Number
X-AWS-Id
X-ApacheServer
X-PERF
Uri
True-Client-IP
X-RateLimit-Limit
True-Client-Ip
X-Provided-By
T-Server
X-WA-Info
SEZNAM-JOBS-OFFER
GeoIP-Country-Code
X-Render-Time
X-Geo-Header
X-Custom-Header
Resin-Trace
X-Datacenter
X-Pass-Why
X-CLOUD-TRACE-CONTEXT
X-ND-Cache
X-Ssense-Shipping-Surcharge-Enabled
X-Varnish-Beresp-TTL
X-Ssense-Gql
X-Uri
X-Nitro-Cache
X-SERVER-NAME
S-Rt
X-Jungle-Id
X-Cache-Server
X-Ion-Healthy
X-CMSURLCustom
Tcn
RewriteTestHook
X-Ion-Hop
Cache-Contol
RewriteTeamHook
Vc-Max-Age
Serverhost
X-Stale
X-FPC
Eagleeye-Traceid
Log-Origin
Srv
Sm-Log-Id
Cache-Tv-Group
X-Service-Response-Time
X-Client-Ip
X-APP-VERSION
My-App
Pics-Label
Cmstype
Cmsid
X-Srcache-Store-Status
X-Srcache-Fetch-Status
X-Correlation-ID
X-Dynatrace-Js-Agent
X-From
X-Up
Lb
X-Oracle-Dms-Rid
Powered-By
X-TX-ID
Hostname
X-XRDS-LOCATION
Server-Id
CacheControlHeader
X-Fastly-Cache-Status
X-Debug-Service
X-Udemy-Cache-App-Namespace
Vix-Hermes-Req-Id
Av-Poweredby
X-Cdn-Cache-Status
X-Air-Trace-Id
X-Air-Source
X-Air-Hostname
X-Lb-Id
X-Fastly-Cache
X-Cache-TTL-Remaining
X-Akamai-Pragma-Client-IP
X-App
X-Ckpd-Fst-Backend
X-Vc
X-LAGOON
X-Via-PopH
Cf-Ipcountry
X-WA
X-Via-PopV
X-Via-PopN
X-Ha-Backend
On-Server
Thinkindot-Control
X-Cache-Ttl
NtCoent-Length
X-NC
X-Github-Request-Id
X-Oracle-DMS-ECID
ServerHost
X-Html-Minification-Powered-By
X-Fastly-Backend-Reqs
X-Esi
X-VCL-Version
X-Vary-Devices
AKAMAI
Store-Cloud-Cache
X-PHP-Backend
Time-Cloud-Cache
X-Save-Cache
X-Amz-Meta-Opti
X-Cms-Device
Origin-Site
X-Ee-Generated-By
X-Ee-Origin
X-Ee-Request-Date
Xkeylog
X-Proxy-Cache-La3
Geoip-Latitude
X-Ee-Request-Id
Xkey-La3
X-Varnish-Hostname
X-Traceid
X-SRCache-Key
Epwk-X-Cache
WebServer
X-MSEdge-Features
X-VTEX-Cache-Backend-Header-Time
X-Requestid
X-ServedByHost
X-VTEX-Cache-Backend-Connect-Time
Cloudfront-Viewer-Country
X-MSEdge-Flight
X-IAuth-Set-Uid
WWW-Authenticate
CountryCode
X-Serial
X-HS-Status
Magicmarker
X-Lb-Nocache
X-Info
X-Sucuri-Id
Warning
Edge-Cache
Cl-Cache
X-Check-Cacheable
X-Limited
Ms-Author-Via
X-Dw-Trace-Id
X-Akamai-Transformed
Pragrma
X-Wp-Cf-Super-Cache
X-Wp-Cf-Super-Cache-Cache-Control
Reporter
X-Acquia-Application-Trace
X-Pod
X-Acquia-Purge-Tags
X-Acquia-Application-UUID
X-Acquia-Site
FSS-Cache
Yjs-Id
X-Lsadc-Cache
Cneonction
X-Platform-Processor
X-Mg-Cache
X-Ms-Lease-Status
CF-Cached-On
X-Web-Server
YJS-ID
X-Ramcache
X-Tncms-Bot-Tier
X-Platform-Router
X-Orig-Cache-Control
Timeexpire
X-BBC-Origin-Response-Status
X-Elasticpress-Query
X-Akamai-ERRuleID
X-Geo
X-Platform-Cluster
Thinkindot-Cache-Type
X-Ms-Blob-Type
X-Akamai-ERPolicy
X-CDN-Cache-Status
X-Td-Header-From-No-Data