Threat Level: green Handler on Duty: Daniel Wesemann

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
X-Frame-Options
Expires
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
CF-Cache-Status
Cf-Request-Id
ETag
Accept-Ranges
Expect-CT
CF-RAY
Pragma
X-Powered-By
X-Cache
Via
X-XSS-Protection
Age
Content-Security-Policy
Alt-Svc
Report-To
NEL
Referrer-Policy
Access-Control-Allow-Origin
X-Xss-Protection
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
X-Served-By
P3P
X-Download-Options
X-Timer
Accept-CH
Access-Control-Allow-Headers
X-Request-Id
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
CF-Ray
Content-Security-Policy-Report-Only
X-DNS-Prefetch-Control
X-Runtime
X-AspNet-Version
P3p
X-Drupal-Cache
Server-Timing
X-Generator
X-Cache-Status
X-Cacheable
X-Envoy-Upstream-Service-Time
X-FRAME-OPTIONS
Timing-Allow-Origin
X-Iinfo
Permissions-Policy
X-Drupal-Dynamic-Cache
X-Request-ID
X-Ua-Compatible
X-Content-Security-Policy
Access-Control-Expose-Headers
Feature-Policy
Upgrade
Content-Encoding
Status
X-CDN
X-Check
X-AspNetMvc-Version
Access-Control-Max-Age
Host-Header
Cf-Edge-Cache
X-Robots-Tag
Request-Context
X-Amz-Request-Id
X-Backend
X-Amz-Id-2
X-Hacker
Cf-Apo-Via
X-Turbo-Charged-By
X-Cache-Group
X-Proxy-Cache
Keep-Alive
X-Rq
X-Via
X-Age
EagleId
X-UA-Device
X-Server
X-Dispatcher
X-Vhost
X-Amz-Version-Id
X-AH-Environment
Accept-CH-Lifetime
X-Ws-Request-Id
X-Varnish-Cache
X-Litespeed-Cache
Grace
X-Server-Powered-By
X-OneAgent-JS-Injection
X-Pingback
X-Swift-CacheTime
X-Swift-SaveTime
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-WebKit-CSP
X-Dns-Prefetch-Control
Allow
Ali-Swift-Global-Savetime
X-Cache-Lookup
X-Page-Speed
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Cloud-Trace-Context
Xkey
X-Device
X-Backend-Server
X-Akam-SW-Version
X-Host
EagleEye-TraceId
Surrogate-Control
X-Response-Time
X-Readtime
Cf-Railgun
X-HW
X-Node
X-Ruxit-JS-Agent
X-Server-Id
Request-Id
X-LiteSpeed-Cache
X-Country
X-Url
X-Nginx-Cache-Status
Content-Location
X-Content-Type
Cache-Tag
X-Nginx-Upstream-Cache-Status
X-Application-Context
X-Clacks-Overhead
Service-Worker-Allowed
Fastly-Restarts
X-NWS-LOG-UUID
X-Trace
X-Country-Code
Cross-Origin-Opener-Policy
X-Amz-Server-Side-Encryption
X-Rack-Cache
X-Times
X-TtlSet
X-PC
X-Vname
X-Edge
X-Mcache
X-Midtier
Surrogate-Key
Rating
X-Server-Name
Display
X-Middleton-Display
X-Sol
X-Cache-TTL
Pagespeed
X-Browser-Type
X-Cnection
X-Element-Page-Cache
X-Abt-Application-Version
X-Cdn-Fetch
X-Exp-Id
X-Exp-Variant
X-GoogleNews-Bot
X-Kinja-Server
X-Kinja-Revision
X-Kinja
X-Kinja-Build
Nginx-Cache
X-Powered-By-Plesk
X-ESI
X-GitHub-Request-Id
Edge-Control
X-ECACHE
X-Ser
X-D2id
X-Vcap-Request-Id
X-Ac
Verso
X-MS-InvokeApp
X-Client-IP
X-ORACLE-DMS-RID
X-B3-TraceId
X-ARC
X-Dw-Request-Base-Id
X-Middleton-Response
Response
X-Amz-Rid
X-Oneagent-Js-Injection
X-CST
X-Goog-Hash
X-Wormhole-Sdk
X-Navigation-Version
X-Powered-CMS
X-Server-ID
X-Ratelimit-Limit
X-Kinsta-Cache
X-Edge-Location-Klb
X-Upstream
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Kraken-Loop-Name
X-Instrumentation
X-PDP-UNCACHING-HASH
X-Server-Lifecycle-Phase
Accept-Ch-Lifetime
X-Forwarded-For
X-Ratelimit-Remaining
X-Amzn-Trace-Id
X-Daa-Tunnel
RTSS
X-Cache-Key
SPRequestDuration
SPIisLatency
X-NF-Request-ID
X-Mod-Pagespeed
AR-SID
AR-PoweredBy
AR-ATIME
AR-Request-ID
Edge-Cache-Tag
X-Ttl
X-ORACLE-DMS-ECID
Cache-Status
Public-Key-Pins
X-FastCGI-Cache
X-Ruxit-Js-Agent
X-Version
X-Ezoic-Cdn
X-Content-Digest
X-Mg-S
SPRequestGuid
X-SharePointHealthScore
S
Realpath
X-Fastly-Request-ID
Cross-Origin-Resource-Policy
X-Shield-Request-Id
X-MSEdge-Ref
AR-CACHE
Fastcgi-Cache
X-T
X-Recruiting
X-Cached
X-Ua-Device
X-Accel-Expires
Front-End-Https
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Distributor
Origin-Trial
X-Varnish-TTL
Access-Control-Request-Method
TP-Cache
X-Azure-Ref
Arr-Disable-Session-Affinity
X-Newrelic-App-Data
X-Id
Count-Hit
X-HS-Cache-Config
X-HS-Content-Id
X-HS-Hub-Id
X-Ua-Browser
Pinterest-Version
Pinterest-Generated-By
X-Request-Received
X-Request-Processing-Time
X-Debug
X-Pinterest-Rid
Server-Node
X-LLID
MicrosoftSharePointTeamServices
Cache-Tags
X-Content-Security-Policy-Report-Only
X-Ismobilevalue
X-TTL
X-Cluster-Name
X-Frontend
X-VARITI-CCR
X-Correlation-Id
X-HS-Combine-CSS
X-Aspnetmvc-Version
X-Xrds-Location
X-Hits
X-PressLabs-Stats
Accept-Ch
X-GUploader-UploadID
X-Varnish-Backend
X-Amz-Replication-Status
Payment
X-NGENIX-Cache
X-Protected-By
X-Goog-Metageneration
X-Microsite
X-Request-Handler-Origin-Region
X-LB-Cache
X-Unique-Id
X-Nf-Request-Id
Cleartype
X-FB-Debug
X-Git-Hash
X-FTR-Request-ID
X-Forwarded-Proto
X-Varnish-Server
X-Az
X-Logged-In
X-Activity-Id
X-AppVersion
X-Ratelimit-Reset
Host
X-Tt-Trace-Host
X-Www-Served-By
Content-Disposition
X-Tt-Trace-Tag
Akamai-GRN
X-Hostname
X-Page-Id
Filterid
X-DIS-Request-ID
X-Fastcgi-Cache
X-Jurisdiction
X-Cambria-Cache-Control
X-HP-Webp
X-HP-Trace-Id
X-Amzn-RequestId
X-Amz-Apigw-Id
X-App-Server
X-Varnish-Ttl
X-Template
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
X-Geo-Country
X-Aspnet-Version
Frame-Options
Access-Control-Allow-Method
X-ASPNET-VERSION
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-Origin-Server
Amp-Access-Control-Allow-Source-Origin
MS-Author-Via
X-Upgrade-Enabled
X-Load-Cache
X-WP-CF-Super-Cache-Cache-Control
Version
X-WP-CF-Super-Cache
X-Type
Fastly-SWR
Fastly-SIE
X-Ah-Environment
Viewport
Retry-After
Section-Io-Cache
X-Content-Options
Accept-Charset
X-Cache-Control
X-TT
X-Fb-Rlafr
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-B3-Sampled
X-TEC-API-VERSION
X-B
Content-MD5
X-Grace
X-Rid
Trailer
X-Envoy-Decorator-Operation
X-Source
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Cache-Age
X-Device-Type
X-Cdn
X-Request-Guid
X-Trace-Id
Server-Name
X-Revision
X-TraceId
X-Vcl-Version
X-Language
X-Magnolia-Registration
Healthy
X-Buckets
X-Webkit-CSP
X-Px
X-Tec-Api-Version
X-Tec-Api-Root
X-Tec-Api-Origin
X-Mobile
X-WP-CF-Super-Cache-Active
TCN
X-CSRF-Token
X-HS-Prerendered
X-Backend-Name
X-Origin-Cache
X-Akamai-Edgescape
X-EdgeConnect-Cache-Status
X-Contextid
X-Amz-Meta-S3cmd-Attrs
X-Varnish-Grace
X-App-Environment
X-RM-Cache-TTL
X-L-Path
X-ProcessESI
X-RemovedCookies
X-Instance
X-Debug-Info
X-Status
X-Rule
X-Environment-Context
X-Tumblr-Pixel
X-Framework
X-Cache-Time
SD-X-WS
X-Mg-Request-UUID
X-Node-Name
X-Region
X-Proxy-Cache-Info
X-NYM-Debug-Backend
NGB
GEO-INFO
X-Tumblr-Pixel-1
X-Tumblr-User
X-UUID
X-Tumblr-Pixel-0
X-Storage
Cross-Origin-Window-Policy
X-ServerID
Access-Control-Request-Headers
X-Proxy
X-FW-Dynamic
X-FW-Serve
X-FW-Server
X-FW-Static
X-FW-Hash
X-FW-Type
X-FW-Version
X-Adobe-Loc
X-Cacheable-TTL
X-Datadog-Parent-Id
X-Content-Powered-By
X-Adobe-Content
Ms-Operation-Id
Protected
X-Edge-Location
MS-CV
X-Datadog-Sampled
X-RTag
X-Datadog-Trace-Id
X-Debug-IsConnected
X-Debug-IsPreview
X-Is-Bot
X-Datadog-Sampling-Priority
X-Rendered-As
X-G
Charset
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-HTML-Minification-Powered-By
X-RateLimit-Remaining
Upgrade-Insecure-Requests
Cross-Origin-Embedder-Policy-Report-Only
X-Whom
DC
Countrycode
X-Response-Served-From
X-Original-Request-Id
Refresh
Webserver
Paypal-Debug-Id
OT-Force-Account-Verify
X-User-Agent
X-Seen-By
X-Lambda-Id
Section-Io-Id
Front
X-Reqid
X-VC
X-ECache
X-Amzn-Remapped-Content-Length
X-VHOST
X-WebKit-CSP-Report-Only
Alternate-Protocol
SRV
X-IPS-LoggedIn
X-Server-W
X-B3-Traceid
X-TT-LOGID
X-Hcs-Proxy-Type
X-CCDN-CacheTTL
Priority
X-CCDN-Origin-Time
X-Akamai-Request-ID2
X-AB
X-B3-SpanId
Country
X-WP-CF-Super-Cache-Cookies-Bypass
X-Cache-Status-Check
X-Real-IP
X-Nginx-Cache
X-Time
Backend
X-N
Liferay-Portal
X-Mode
TWC-Locale-Group
TWC-Privacy
Onion-Location
Fastcgi-Useragent
TWC-GeoIP-LatLong
Property-Id
TWC-Device-Class
TWC-Connection-Speed
Webcakes-Region
Meta-Geo
Webcakes-App-Version
Webcakes-App-Name
Filters
Environment
TWC-GeoIP-Country
Xet-Cookie
X-UPSTREAM-Address
X-FB-TRIP-ID
X-Rn-Rsrv
X-Rewrite-Enabled
X-JoinUs
X-SaId
X-Origin-Hint
X-Cache-Host
X-Skip-Cache
X-Say-Cacheable
X-Rocket-Nginx-Serving-Static
X-Tb
X-Tumblr-Pixel-2
X-Varnish-Age
From-Origin
X-Say-TTL
X-Origin-Date
ServerID
Web-Mar-Node
X-SayCDN-TTL
X-Scope-Id
X-VC-Cache
Mn-Server-Ip
Uber-Trace-Id
X-IPLB-Request-ID
X-IPLB-Instance
X-Fetched-On
X-Format
X-Connection-Hash
X-Cluster-Node
X-Cache-Action
X-Cache-Expired-At
Expiry
DB-Nickname
X-R9-Blue-Green-Version
X-Restarts
X-Accel-Version
X-Hl-Ver
X-Hosted-By
X-Redis-Cache
X-PHP-Host
X-Labrador-Cache-Channel
X-Request-URI
X-ProxyCache-Key
Atl-Traceid
X-Loop
X-ProxyCache-Status
Apigw-Requestid
X-Origin-TTL
X-Director
X-Fastly-Request-Id
X-Varnish-Cache-Hits
X-Tncms
X-Varnish-Beresp-Grace
X-Forwarded-Host
X-Httpd
X-Logging-Id
X-Frame-Option
X-Vcache
X-Web-Node
X-Webstats-RespID
X-BYPASS-REASON
X-Soup
X-Origin-CC
X-Cms-Context
X-Cluster
X-Proxy-Build
X-Auth-Group-Type
X-Timing-Wait
Url
X-Servername
Selected-Fe
X-Served-From
X-Adobe-Source
X-Handled-By
ServedBy
X-Cloudmap
Cross-Origin-Embedder-Policy
Accept-Language
X-Extlb
X-Zipkin-Id
X-Detected-As
X-Origin
X-DynaTrace
X-S
X-Routing-Service
X-Proxied
X-DataDome
X-Ms-Request-Id
X-Ms-Version
WPO-Cache-Message
WPO-Cache-Status
Referer-Policy
X-Hit
N-Cache
X-SRV
X-Tumblr-Pixel-3
X-Generated-By
X-XRDS-Location
Cross-Origin-Opener-Policy-Report-Only
X-LSADC-Cache
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Lagoon
Xserver
Surrogated-Key
X-Azure-Ref-OriginShield
X-Wix-Request-Id
X-Worker
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Xfnlog-Site
X-Webkit-Csp
X-App-Version
Ohc-File-Size
Source
LB
X-NWS-UUID-VERIFY
X-Sucuri-Cache
X-HS-CF-Cache-Status
CF-IPCountry
X-FTR-Cache-Status
X-FTR-Backend-Server
X-FTR-Backend
X-Country-Code-Real
X-FTR-Expires
X-FTR-Balancer
X-Cache-Debug
X-RCS-CacheZone
X-Drupal-Cache-Contexts
X-Drupal-Cache-Tags
X-Generation-Time
X-Cdn-Origin
X-VCT
Node
X-F-Cache
X-Cache-Hit
X-MP-GENERATED-AT
X-Sucuri-ID
X-Via-JSL
X-Is-Tablet
X-Tcp-Rtt
X-Is-Desktop
X-Proxy-Cache-Status
X-Is-Supported-Browser
X-Is-Mobile
X-Geo-Region
X-NODE
X-Browser-Name
X-Tx-Id
X-Urbn-Site-Id
X-No-Session
Locale
X-TA-CDN-Provider
CDN-RequestId
X-Urbn-Context-Path
X-Varnish-Beresp-Ttl
X-B-Cache
X-Signature
X-ElasticPress-Query
X-Upstream-Ct
Cache
X-Mly-Id
X-Upstream-Ht
X-UA
X-Cache-Rule
X-Cache-Operation
Lang
X-INCAP-ABP
Apple-News-Services-Request-Url
Apple-News-Services-Host
MD5-Digest
Meta-Geo-Continent
Mail-Subject
Apple-News-Services-Parsed-Url
Ha-Gx-Prefs
Fastly-GeoIP-CountryCode
Content-Secure-Policy
Cluster
Fastly-Backend-Name
Expect-Staple
DCR-Decision-By
DCR-Processing-Time-Ms
Candidate-Md5Url
Ngx.Var.Host
HA-Ipaddr
Host-ID
BehaviorPad-Version
Apple-News-Services-Handled
Cache-Provider
Fl-Custom-Application
L5d-Success-Class
X-A
X-HN
X-GeoCountry
X-Ig-Origin-Region
X-Ig-Push-State
X-Mvc-Supplant-Cachable
X-Jobs
X-GeoCode
X-FC-Vary-Parameters
X-Developer
X-Debug-Cache-Store
X-DPWN-IS-SECURE
X-Ec-Fail
X-Eu-Site
X-Ec-GeoHdr
X-Op-Id-All
X-ORCA-Accelerator
X-TIM-N
X-Section
X-VarnishDD-TTL
X-Vdms-Version
Xc-Version
X-Vtex-Remote-Cache
X-ScT
X-Rojux
X-Path
X-Org
X-PAYTM-SRV-ID
X-Platform-Server
X-Proxied-Request
X-Proto
X-Debug-Cache-Fetch
X-D
Wxu-Next-Commit
We-Hiring
Wxu-Next-Hostname
Wxu-Next-Region
X-A-Dcw
X-A-Ccd
W
User-Agent
PFcat
Origin
Producers
Redirect-Candidate
Sslversion
Rendered-Blocks
X-A-Dgt
X-A-Wwc
X-Cache-Info
X-Bug-Bounty
X-Cache-NE
X-CGP
X-Csrf-Jwt
X-Conf
X-BCube-Filmed-By
X-Bc-Bl
X-Access
X-AB-Test
X-Aed
X-Aicache-OS
X-Backend-Instance
Odigeo-Trace-Id
X-A-Dam
X-Shopify-Stage
X-Sorting-Hat-PodId
X-Storefront-Renderer-Rendered
X-ShopId
X-ShardId
X-Alternate-Cache-Key
X-Sorting-Hat-ShopId
Mime-Version
X-CDN-Forward
X-B3-Trace-ID
X-Varnishpool
X-BBC-Edge-Cache-Status
X-Varnish-Remaining-TTL
X-Auto-Login
X-App-Name
X-AK-Request-ID
X-Akamai-Device-Characteristics
X-Amz-Storage-Class
X-Cache-Aspx
X-Cache-Grace
X-CacheTTL
X-Varnish-CookieHashed-On
X-Clientip
X-Varnish-Authentication
X-Cached-By
X-Varnish-CookieINHashed-On
Platform
X-Cache-Id
X-Varnish-Director
X-VG-WebCache
X-Via-Fastly
TDXMobile
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
X-We-Are-Hiring
X-Wikidot-Backend
X-Wikidot-Static-Cache
Server-Host
X-Resp-Is-Stale
Product
X-VTEX-Cache-Time
V-Age
X-Litespeed-Tag
X-Request-Time
X-Accel-Expires-Debug
X-Var-Ttl
Web-Mar-Region
X-VTEX-Cache-Server
X-VServer
X-Vmg-Version
Req-Svc-Chain
X-Core-Value
X-Mvc-Supplant-OutputCached
X-Micro-Cache
X-Shield-Cache-Expires
X-NMSegId
X-Node-Id
X-Locale
X-Loc
X-HS-Content-Campaign-Id
X-Slack-Backend
X-Irp-Debug
X-Level-Front-Cache
X-NodeID
X-Nyt-Route
X-Policy
X-Powered-By-VTEX-Cache
X-SB
X-Req
X-Scheme
X-Platform
X-Origin-Expires
X-Origin-Time
X-Service
X-SD-PageType
X-Hash
X-Gzip
X-Depends
X-Dispatcher-Server
X-Thinkindot-L3
X-Epic-Correlation-Id
X-DefHash
X-DefElseHash
X-Content-Length
Origin-Agent-Cluster
X-V-Cache
X-Date
X-Esi-Check
X-Fastly-Backend
X-GeoIP-City
X-GeoIP-Country-Code
X-GeoIP-Region-Code
X-GoCache-CacheStatus
X-GeoIP
X-Slack-Shared-Secret-Outcome
X-Fmm-Version
X-Gamma-Serve
X-Gdpr
X-Generated-On
X-Contensis-Viewer-Groups
X-Viewer-Country
L
Azure-RegionName
X-Geolocation
Cdncip
Cdnsip
Azure-InstanceId
Azure-SiteName
Azure-SlotName
CDCHOST
Gh-Request-Id
Canary
Gannett-Cam-Experience-Id
Azure-Version
Esi-Enabled
X-Bl-Debug
Fastly-SSL
Content-Script-Type
NM-Fastcgi-Cache
Content-Style-Type
Debug
Akamai-Mon-Iucid-Del
X-Via-CDN
Edge-Copy-Time
X-Via-SSL
X-Pad
X-Via-Edge
Origin-CC
DSUID
Cdn-Request-Time
X-CUA
Cdn-Host
X-Amz-Meta-Cb-Modifiedtime
X-VG-TLSProxy
X-Cdn-Srv
X-UA-Device-Type
Click-Count-Action-Start
X-Cache-FS-Status
X-Block-Status
X-Bip
Country-Code
Click-Count-Error
X-Varnish-Beresp-Status
X-SVT-ORM-RULES
X-SIPLIST1
X-Men
X-Location
X-Site-Version
X-Server-IP
X-Origin-Response-Time
X-Request-Start
X-Request-Host
X-Pubstack
X-Pool
X-IsAdmin
X-Internal-TTL
X-Tb-Optimization-Total-Bytes-Saved
X-Thanos
X-Edge-Server
X-Ec-Custom-Error
X-SVT-ORM-VERSION
X-Gen-Mode
X-Human
X-Hnp-Log
X-Sn-Servicetimems
X-S-Cookie
X-Content-Age
X-B-Cookie
XM
X-Application
X-Destination
Release
ServerName
RNT-Time
RNT-Machine
NGX
Req-ID
User-Cache-Control
Yak-Timeinfo
Tube-Got-Results
Pramga
X-Cache-Date
Tube-Got-Eval
IsBot
Tube-Get-Contents
Tube-Return
X-External-Request-Id
X-Acquia-Purge-Cdn-Unconfigured
Origin-EX
CDN-RequestPullCode
CDN-RequestPullSuccess
Ssr
X-RID
CDN-Cache
CDN-CachedAt
CDN-EdgeStorageId
CDN-PullZone
CDN-RequestCountryCode
X-Varnish-Hits
X-NGINX-Cache
X-HOST
X-GEO
X-LB-NoCache
CDN-Uid
AMP-Access-Control-Allow-Source-Origin
X-Zen-Fury
X-User
X-CACHE-GROUP
Cache-Key
X-Proxy-CacheRZ
X-Cache-Bucket
A
XkeyRZ
X-Cs
X-CLOUD-TRACE-CONTEXT
Sid
Cdn-Requestid
X-VC-TTL
X-Api-Version
Fastly-Drupal-HTML
X-Tt-Logid
X-Cdn-Forward
Ohc-Cache-HIT
X-RequestId
X-Refresh
GeoIP-Latitude
X-AIR-PT
CloudFront-Viewer-Country
X-Servedbyhost
X-HITS
X-ZONE
X-Newrelic-Synthetics
X-Presslabs-Stats
X-Nananana
X-DC
X-Dc
X-Optimistic-Header
TP-L2-Cache
Server-ID
X-Via-Popn
X-Via-Poph
X-HA-Backend
X-TH-Server
X-APP
X-B3-Spanid
C-Via
X-Via-Popv
X-Nc
X-Wa
X-B3-Parentspanid
X-RateLimit-Limit
Proxy-Firewall
X-Vgn-Hpd-Reason
X-LB-ID
X-Endurance-Cache-Level
True-Client-Country-4JS
X-Old-Content-Length
X-Moov-T
HostName
X-DynaTrace-JS-Agent
X-Webkit-Csp-Report-Only
X-Moov-Xdn-Caching-Status
X-Moov-Xdn-Version
X-LiteSpeed-Tag
Cdn
Fastly-Drupal-Html
X-LiteSpeed-Cache-Control
X-HubSpot-Correlation-Id
Server-Hostname
X-Test
Sever-Int
X-Zone
X-URL
X-Oracle-Dms-Ecid
Server-Ext
X-COUNTRY
X-Air-Pt
X-CS
X-Parent-Response-Time
X-Datadome
Is-Eu
WP-Super-Cache
SID
Adler-Geo
X-CACHE-AGE
X-LJ-Flow-ID
X-Srv
X-VWS-Id
X-AWS-Id
X-Action
WZWS-RAY
GeoIp-Country-Code
X-Nginx-Cache-Key
X-Fpc
X-Dispatcher-Number
X-API-Version
X-Provided-By
X-Vercel-Id
X-Vercel-Cache
X-NewRelic-App-Data
N1-Cache
X-Thinkindot-L1
X-DataCenter
Location
X-Cache-VC
X-Litespeed-Cache-Control
Uri
X-Geo-Header
T-Server
X-Custom-Header
True-Client-Ip
X-XRDS-LOCATION
X-Pass-Why
X-Ua
SEZNAM-JOBS-OFFER
X-ND-Cache
True-Client-IP
X-Datacenter
S-Rt
Cache-Hits
TWC-GeoIP-City
TWC-GeoIP-Region
TWC-GeoIP-DMA
GeoIP-Country-Code
X-PERF
X-ApacheServer
Vc-Max-Age
Resin-Trace
X-CMSURLCustom
Cache-Tv-Group
X-Cache-Server
X-SERVER-NAME
Tcn
X-Render-Time
Serverhost
Pics-Label
X-Stale
X-WA-Info
X-Varnish-Beresp-TTL
X-Service-Response-Time
X-TX-ID
X-Client-Ip
Sm-Log-Id
X-Uri
X-FPC
X-Nitro-Cache
Powered-By
X-Srcache-Fetch-Status
X-Correlation-ID
X-Dynatrace-Js-Agent
X-Srcache-Store-Status
Vix-Hermes-Req-Id
X-APP-VERSION
X-Oracle-Dms-Rid
Lb
Log-Origin
Srv
X-Ssense-Gql
X-Ssense-Shipping-Surcharge-Enabled
Av-Poweredby
X-Fastly-Cache-Status
X-Ion-Healthy
X-Ion-Hop
X-Jungle-Id
My-App
RewriteTestHook
RewriteTeamHook
Hostname
Cache-Contol
Cmsid
Cmstype
X-Debug-Service
X-Cdn-Cache-Status
X-Cache-TTL-Remaining
X-Ckpd-Fst-Backend
X-Fastly-Cache
X-Air-Trace-Id
X-Air-Source
Thinkindot-Control
X-Air-Hostname
Server-Id
X-Udemy-Cache-App-Namespace
X-Up
On-Server
X-From
X-Vc
X-WA
CacheControlHeader
Cf-Ipcountry
X-Lb-Id
X-App
X-NC
X-VCL-Version
ServerHost
X-Akamai-Pragma-Client-IP
X-Cache-Ttl
Xkeylog
X-Amz-Meta-Opti
X-Ee-Generated-By
X-Github-Request-Id
X-Oracle-DMS-ECID
X-Vary-Devices
X-Ha-Backend
X-Fastly-Backend-Reqs
X-Via-PopN
X-Ee-Request-Id
X-PHP-Backend
X-Save-Cache
X-Ee-Request-Date
X-Ee-Origin
Xkey-La3
X-Via-PopV
X-Via-PopH
X-Cms-Device
Geoip-Latitude
X-Proxy-Cache-La3
AKAMAI
Time-Cloud-Cache
Store-Cloud-Cache
X-Esi
X-VTEX-Cache-Backend-Connect-Time
X-VTEX-Cache-Backend-Header-Time
X-LAGOON
NtCoent-Length
Magicmarker
X-ServedByHost
X-Requestid
Cloudfront-Viewer-Country
X-Traceid
X-Info
WebServer
Cl-Cache
X-IAuth-Set-Uid
WWW-Authenticate
CountryCode
X-MSEdge-Flight
Origin-Site
X-MSEdge-Features
Warning
X-HS-Status
X-Limited
X-Serial
X-Sucuri-Id
X-Dw-Trace-Id
X-Check-Cacheable
X-Geo
X-CDN-Cache-Status
X-Lb-Nocache
X-Acquia-Purge-Tags
FSS-Cache
X-Pod
X-Wp-Cf-Super-Cache-Cache-Control
X-Html-Minification-Powered-By
X-Wp-Cf-Super-Cache
X-Acquia-Application-UUID
X-Acquia-Site
Reporter
X-SRCache-Key
Epwk-X-Cache
X-Akamai-Transformed
X-Acquia-Application-Trace
X-Varnish-Hostname
Thinkindot-Cache-Type
Cneonction
Edge-Cache
X-Lsadc-Cache
X-Mg-Cache
X-Td-Header-From-No-Data
X-Tncms-Bot-Tier
X-Web-Server
Timeexpire
CF-Cached-On
CDN
X-Ramcache
X-Ms-Blob-Type
X-Akamai-ERPolicy
X-Akamai-ERRuleID
X-Ms-Lease-Status
X-Platform-Cluster
X-Orig-Cache-Control
X-Elasticpress-Query
X-Rollout
X-New
X-Eligible
X-Platform-Router
X-Platform-Processor
X-BBC-Origin-Response-Status