Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
X-Frame-Options
Expires
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
CF-Cache-Status
Cf-Request-Id
ETag
Accept-Ranges
Expect-CT
CF-RAY
Pragma
X-Powered-By
X-Cache
Via
Age
X-XSS-Protection
Content-Security-Policy
Alt-Svc
Report-To
NEL
Referrer-Policy
Access-Control-Allow-Origin
X-Xss-Protection
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
X-Served-By
X-Download-Options
P3P
X-Timer
X-Request-Id
Accept-CH
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
CF-Ray
Content-Security-Policy-Report-Only
X-DNS-Prefetch-Control
X-Runtime
P3p
X-AspNet-Version
X-Drupal-Cache
Server-Timing
X-Generator
X-Cache-Status
X-Cacheable
X-Envoy-Upstream-Service-Time
X-FRAME-OPTIONS
Timing-Allow-Origin
X-Iinfo
Permissions-Policy
X-Drupal-Dynamic-Cache
X-Ua-Compatible
X-Content-Security-Policy
Feature-Policy
Access-Control-Expose-Headers
Upgrade
X-Request-ID
Content-Encoding
Status
X-CDN
X-Check
X-AspNetMvc-Version
Access-Control-Max-Age
Host-Header
Cf-Edge-Cache
X-Robots-Tag
Request-Context
X-Amz-Request-Id
X-Backend
X-Amz-Id-2
X-Hacker
Cf-Apo-Via
X-Turbo-Charged-By
X-Cache-Group
X-Proxy-Cache
Keep-Alive
X-Rq
X-Via
X-Age
EagleId
X-UA-Device
X-Server
X-Dispatcher
X-Vhost
X-Amz-Version-Id
X-AH-Environment
Accept-CH-Lifetime
X-Ws-Request-Id
X-Varnish-Cache
X-Litespeed-Cache
Grace
X-Server-Powered-By
X-Pingback
X-Swift-CacheTime
X-Swift-SaveTime
X-WebKit-CSP
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Dns-Prefetch-Control
Allow
Ali-Swift-Global-Savetime
X-OneAgent-JS-Injection
X-Cache-Lookup
X-Page-Speed
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Cloud-Trace-Context
Xkey
X-Device
X-Backend-Server
X-Akam-SW-Version
X-Host
EagleEye-TraceId
Surrogate-Control
X-Response-Time
X-Readtime
Cf-Railgun
X-HW
X-Node
X-Server-Id
Request-Id
X-Ruxit-JS-Agent
X-LiteSpeed-Cache
X-Country
X-Url
X-Nginx-Cache-Status
Content-Location
X-Content-Type
Cache-Tag
X-Nginx-Upstream-Cache-Status
X-Clacks-Overhead
X-Application-Context
Service-Worker-Allowed
Fastly-Restarts
X-NWS-LOG-UUID
X-Trace
X-Country-Code
Cross-Origin-Opener-Policy
X-Amz-Server-Side-Encryption
X-Rack-Cache
X-Times
X-Vname
X-TtlSet
X-PC
X-Mcache
X-Midtier
X-Edge
Surrogate-Key
Rating
X-Server-Name
Pagespeed
X-Sol
X-Middleton-Display
X-Cache-TTL
Display
X-Browser-Type
X-Element-Page-Cache
X-Cnection
X-Abt-Application-Version
X-Oneagent-Js-Injection
X-GoogleNews-Bot
X-Exp-Variant
X-Cdn-Fetch
X-Kinja
X-Exp-Id
X-Kinja-Build
X-Kinja-Revision
X-Kinja-Server
Nginx-Cache
X-ESI
X-Powered-By-Plesk
X-GitHub-Request-Id
Edge-Control
X-ECACHE
X-Ser
Verso
X-Vcap-Request-Id
X-D2id
X-Ac
X-MS-InvokeApp
X-Client-IP
X-ORACLE-DMS-RID
X-ARC
X-Dw-Request-Base-Id
X-Middleton-Response
Response
X-Amz-Rid
X-CST
X-Powered-CMS
X-Goog-Hash
X-Wormhole-Sdk
X-Navigation-Version
X-B3-TraceId
X-Server-ID
X-Edge-Location-Klb
X-Kinsta-Cache
X-Ratelimit-Limit
X-Upstream
X-Server-Lifecycle-Phase
X-Erf-Bev-Bev-Is-Generated
X-PDP-UNCACHING-HASH
X-Instrumentation
X-Erf-Bev-Bev
X-Kraken-Loop-Name
Accept-Ch-Lifetime
X-Forwarded-For
X-Ruxit-Js-Agent
X-Ratelimit-Remaining
X-Amzn-Trace-Id
X-Daa-Tunnel
RTSS
X-Cache-Key
SPRequestDuration
SPIisLatency
X-Mod-Pagespeed
AR-SID
AR-ATIME
AR-PoweredBy
AR-Request-ID
Edge-Cache-Tag
X-ORACLE-DMS-ECID
Cache-Status
Public-Key-Pins
X-FastCGI-Cache
X-Version
X-Ezoic-Cdn
X-Content-Digest
X-NF-Request-ID
X-Ttl
X-Mg-S
SPRequestGuid
X-SharePointHealthScore
S
Realpath
X-Fastly-Request-ID
Cross-Origin-Resource-Policy
X-MSEdge-Ref
X-T
X-Shield-Request-Id
AR-CACHE
Fastcgi-Cache
X-Recruiting
X-Cached
X-Ua-Device
X-Accel-Expires
Front-End-Https
X-Distributor
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
Origin-Trial
X-TTL
X-Varnish-TTL
X-Azure-Ref
Access-Control-Request-Method
TP-Cache
X-Newrelic-App-Data
Arr-Disable-Session-Affinity
X-Request-Received
X-Request-Processing-Time
X-Id
X-Ua-Browser
Count-Hit
X-HS-Hub-Id
X-HS-Cache-Config
X-Debug
X-HS-Content-Id
Pinterest-Generated-By
X-Pinterest-Rid
Pinterest-Version
X-LLID
Server-Node
MicrosoftSharePointTeamServices
X-Content-Security-Policy-Report-Only
Cache-Tags
X-Ismobilevalue
X-Cluster-Name
X-Frontend
X-VARITI-CCR
X-Correlation-Id
X-Nf-Request-Id
X-Aspnetmvc-Version
X-HS-Combine-CSS
X-Xrds-Location
X-Hits
X-PressLabs-Stats
Accept-Ch
X-GUploader-UploadID
X-Varnish-Backend
X-Amz-Replication-Status
Payment
X-NGENIX-Cache
X-Protected-By
X-Goog-Metageneration
X-Microsite
X-Request-Handler-Origin-Region
X-Unique-Id
X-LB-Cache
Cleartype
X-Varnish-Server
X-FB-Debug
X-Git-Hash
X-FTR-Request-ID
X-Forwarded-Proto
X-Www-Served-By
X-Az
X-Logged-In
X-Activity-Id
X-AppVersion
X-Ratelimit-Reset
Host
X-Tt-Trace-Host
Content-Disposition
X-Tt-Trace-Tag
Akamai-GRN
X-Page-Id
Filterid
X-Hostname
X-DIS-Request-ID
X-Fastcgi-Cache
X-Cambria-Cache-Control
X-Jurisdiction
X-HP-Trace-Id
X-HP-Webp
X-App-Server
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Varnish-Ttl
X-Template
X-Geo-Country
MRF-Tech
Mrf-Cache-Status
X-B3-TraceId-Primal
X-Aspnet-Version
Frame-Options
Access-Control-Allow-Method
X-ASPNET-VERSION
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Origin-Server
Amp-Access-Control-Allow-Source-Origin
X-Upgrade-Enabled
X-Type
X-Load-Cache
Version
X-WP-CF-Super-Cache
MS-Author-Via
X-WP-CF-Super-Cache-Cache-Control
X-Ah-Environment
Fastly-SIE
Viewport
Fastly-SWR
Section-Io-Cache
X-Content-Options
Retry-After
X-Cache-Control
X-Fb-Rlafr
X-TT
Accept-Charset
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-B3-Sampled
X-TEC-API-VERSION
X-B
X-Rid
Content-MD5
X-Grace
Trailer
X-Envoy-Decorator-Operation
X-Source
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Cache-Age
X-Cdn
X-Device-Type
X-Request-Guid
X-Trace-Id
Server-Name
X-Revision
X-TraceId
X-Language
X-Vcl-Version
X-Magnolia-Registration
Healthy
X-Buckets
X-Px
X-Webkit-CSP
X-Mobile
X-Tec-Api-Version
X-Tec-Api-Root
X-Tec-Api-Origin
TCN
X-WP-CF-Super-Cache-Active
X-CSRF-Token
X-Origin-Cache
X-Backend-Name
X-HS-Prerendered
X-Akamai-Edgescape
X-EdgeConnect-Cache-Status
X-Contextid
X-Amz-Meta-S3cmd-Attrs
X-App-Environment
X-Varnish-Grace
X-Status
X-RM-Cache-TTL
X-L-Path
X-Environment-Context
X-Debug-Info
X-Instance
X-RemovedCookies
X-Rule
X-NYM-Debug-Backend
X-Tumblr-User
X-Tumblr-Pixel-1
X-ProcessESI
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Framework
X-Node-Name
X-Storage
X-Proxy
X-Mg-Request-UUID
NGB
Access-Control-Request-Headers
GEO-INFO
X-Region
X-FW-Dynamic
X-ServerID
X-Proxy-Cache-Info
SD-X-WS
Cross-Origin-Window-Policy
X-UUID
X-Cache-Time
X-Edge-Location
X-FW-Hash
X-FW-Static
X-FW-Type
X-FW-Version
X-FW-Serve
X-FW-Server
MS-CV
X-Is-Bot
X-Cacheable-TTL
X-RTag
X-Adobe-Loc
X-Datadog-Parent-Id
Protected
Ms-Operation-Id
X-Adobe-Content
X-Content-Powered-By
X-Datadog-Trace-Id
X-Debug-IsConnected
X-Debug-IsPreview
X-Rendered-As
X-Datadog-Sampling-Priority
X-Datadog-Sampled
X-G
Charset
X-Yottaa-Optimizations
X-Yottaa-Metrics
Upgrade-Insecure-Requests
X-HTML-Minification-Powered-By
X-RateLimit-Remaining
X-Whom
Cross-Origin-Embedder-Policy-Report-Only
DC
X-Response-Served-From
X-Original-Request-Id
Countrycode
X-B3-Traceid
Refresh
Webserver
Paypal-Debug-Id
OT-Force-Account-Verify
X-Seen-By
X-User-Agent
X-Lambda-Id
Section-Io-Id
Front
X-Reqid
X-VC
X-VHOST
X-Amzn-Remapped-Content-Length
X-ECache
X-WebKit-CSP-Report-Only
Alternate-Protocol
SRV
X-IPS-LoggedIn
X-Server-W
X-TT-LOGID
X-Hcs-Proxy-Type
X-CCDN-CacheTTL
Priority
X-Akamai-Request-ID2
X-CCDN-Origin-Time
X-AB
Country
X-Cache-Status-Check
X-WP-CF-Super-Cache-Cookies-Bypass
X-B3-SpanId
X-Nginx-Cache
X-Real-IP
Backend
X-N
X-Time
Liferay-Portal
X-Mode
Onion-Location
Xet-Cookie
Filters
Fastcgi-Useragent
TWC-GeoIP-LatLong
Environment
TWC-Privacy
Webcakes-App-Name
Webcakes-App-Version
Webcakes-Region
TWC-Locale-Group
TWC-GeoIP-Country
X-UPSTREAM-Address
Property-Id
ServerID
TWC-Connection-Speed
TWC-Device-Class
Meta-Geo
X-FB-TRIP-ID
X-SaId
X-Origin-Hint
X-Tumblr-Pixel-2
X-Format
X-Rewrite-Enabled
X-Rn-Rsrv
X-JoinUs
X-Cache-Host
X-Varnish-Age
From-Origin
X-Restarts
X-VC-Cache
X-Say-Cacheable
Mn-Server-Ip
X-Skip-Cache
X-Rocket-Nginx-Serving-Static
X-Tb
Uber-Trace-Id
X-Origin-Date
X-SayCDN-TTL
Web-Mar-Node
X-Say-TTL
X-IPLB-Request-ID
X-Scope-Id
X-Fetched-On
Expiry
X-Connection-Hash
X-Cluster-Node
X-Cache-Action
X-Cache-Expired-At
X-Frame-Option
DB-Nickname
X-R9-Blue-Green-Version
X-IPLB-Instance
X-Hosted-By
X-Accel-Version
X-Redis-Cache
X-Hl-Ver
X-PHP-Host
X-Labrador-Cache-Channel
X-Loop
X-ProxyCache-Key
Apigw-Requestid
X-ProxyCache-Status
Atl-Traceid
X-Request-URI
X-Origin-TTL
X-Webstats-RespID
X-Fastly-Request-Id
X-Varnish-Cache-Hits
X-Tncms
X-Varnish-Beresp-Grace
X-Handled-By
X-Httpd
X-Logging-Id
X-Forwarded-Host
X-Vcache
X-Origin-CC
X-Web-Node
X-Soup
X-Cms-Context
X-Director
X-BYPASS-REASON
X-Proxy-Build
X-Cluster
X-Auth-Group-Type
X-Timing-Wait
X-Served-From
X-Servername
Url
Selected-Fe
X-Adobe-Source
ServedBy
X-Origin
X-Proxied
X-Routing-Service
X-S
Cross-Origin-Embedder-Policy
X-Extlb
X-Cloudmap
Accept-Language
X-Detected-As
X-Zipkin-Id
X-DynaTrace
X-DataDome
X-Ms-Version
Referer-Policy
X-Ms-Request-Id
X-Hit
WPO-Cache-Message
WPO-Cache-Status
X-Tumblr-Pixel-3
N-Cache
X-XRDS-Location
X-Generated-By
X-LSADC-Cache
Cross-Origin-Opener-Policy-Report-Only
X-Lagoon
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
Xserver
X-Azure-Ref-OriginShield
X-Wix-Request-Id
X-SRV
Surrogated-Key
X-RateLimit-Remaining-Second
X-Worker
X-RateLimit-Limit-Second
X-Xfnlog-Site
X-Webkit-Csp
X-App-Version
Ohc-File-Size
X-Sucuri-Cache
LB
X-Generation-Time
Source
X-NWS-UUID-VERIFY
X-FTR-Expires
X-Country-Code-Real
CF-IPCountry
X-FTR-Backend
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-Cache-Status
X-HS-CF-Cache-Status
X-RCS-CacheZone
X-Cache-Debug
X-Drupal-Cache-Contexts
X-Drupal-Cache-Tags
X-Cdn-Origin
Node
X-VCT
X-F-Cache
X-Sucuri-ID
X-MP-GENERATED-AT
X-Cache-Hit
X-Via-JSL
X-Browser-Name
X-Proxy-Cache-Status
X-Is-Tablet
X-Geo-Region
X-Tcp-Rtt
X-Is-Desktop
X-NODE
X-Is-Supported-Browser
X-Is-Mobile
CDN-RequestId
X-Tx-Id
X-Varnish-Beresp-Ttl
X-Urbn-Context-Path
X-Urbn-Site-Id
Locale
X-TA-CDN-Provider
X-No-Session
X-B-Cache
X-Signature
X-Upstream-Ht
X-UA
X-Mly-Id
X-Upstream-Ct
Cache
X-ElasticPress-Query
X-Cache-Rule
X-Cache-Operation
Fl-Custom-Application
Xc-Version
X-INCAP-ABP
Fastly-Backend-Name
Ha-Gx-Prefs
Fastly-GeoIP-CountryCode
X-VarnishDD-TTL
Host-ID
Expect-Staple
Lang
Mail-Subject
X-Vtex-Remote-Cache
HA-Ipaddr
L5d-Success-Class
X-Vdms-Version
DCR-Processing-Time-Ms
Apple-News-Services-Host
Candidate-Md5Url
Cluster
Cache-Provider
MD5-Digest
X-ScT
Apple-News-Services-Parsed-Url
BehaviorPad-Version
X-Rojux
X-Proxied-Request
X-Platform-Server
Apple-News-Services-Request-Url
X-TIM-N
DCR-Decision-By
X-Proto
Apple-News-Services-Handled
Content-Secure-Policy
X-Section
X-PAYTM-SRV-ID
Producers
X-BCube-Filmed-By
X-Bc-Bl
X-Bug-Bounty
X-GeoCountry
X-Cache-NE
X-Cache-Info
X-Backend-Instance
X-App-Name
X-AB-Test
X-A-Wwc
X-Access
X-Aed
X-Aicache-OS
X-GeoCode
X-Gdpr
X-Developer
X-Debug-Cache-Store
X-Ec-GeoHdr
X-DPWN-IS-SECURE
X-Ec-Fail
X-Debug-Cache-Fetch
X-D
X-FC-Vary-Parameters
X-CGP
X-Conf
X-Csrf-Jwt
X-Eu-Site
X-HN
X-A-Dgt
User-Agent
Sslversion
W
We-Hiring
X-Origin-Time
Rendered-Blocks
Redirect-Candidate
Odigeo-Trace-Id
Ngx.Var.Host
Origin
PFcat
X-Path
X-Org
X-ORCA-Accelerator
X-A
Wxu-Next-Region
X-A-Ccd
X-Ig-Origin-Region
X-A-Dcw
Wxu-Next-Hostname
Wxu-Next-Commit
X-Nyt-Route
X-Op-Id-All
X-Mvc-Supplant-Cachable
X-Jobs
X-Ig-Push-State
Meta-Geo-Continent
X-A-Dam
X-Sorting-Hat-PodId
X-Shopify-Stage
X-ShopId
X-Alternate-Cache-Key
X-ShardId
X-Storefront-Renderer-Rendered
X-Sorting-Hat-ShopId
X-Resp-Is-Stale
X-CDN-Forward
Mime-Version
X-Policy
X-Powered-By-VTEX-Cache
Web-Mar-Region
V-Age
X-Req
X-Platform
X-Service
X-Akamai-Device-Characteristics
X-NodeID
X-Node-Id
X-Origin-Expires
X-Request-Time
X-Accel-Expires-Debug
X-AK-Request-ID
X-Litespeed-Tag
Thinkindot-CacheControl
Product
Req-Svc-Chain
RNT-Machine
X-Slack-Shared-Secret-Outcome
Platform
NM-Fastcgi-Cache
Origin-Agent-Cluster
RNT-Time
X-Slack-Backend
X-Amz-Meta-Cb-Modifiedtime
Thinkindot-CacheControl-Type
X-Scheme
TDXMobile
X-SD-PageType
X-Fastly-Backend
X-Shield-Cache-Expires
X-SB
X-Amz-Storage-Class
X-DefHash
X-Depends
X-GoCache-CacheStatus
X-GeoIP-Region-Code
X-DefElseHash
X-Gzip
X-HS-Content-Campaign-Id
X-Hash
X-Date
X-Dispatcher-Server
X-GeoIP-Country-Code
X-Epic-Correlation-Id
X-Esi-Check
X-Fmm-Version
X-Gamma-Serve
X-Generated-On
X-GeoIP-City
X-GeoIP
X-Edge-Server
X-Core-Value
X-Content-Length
X-BBC-Edge-Cache-Status
X-Location
X-Cache-Aspx
X-Cache-Grace
X-Micro-Cache
X-B3-Trace-ID
X-Thinkindot-L3
X-Mvc-Supplant-OutputCached
X-Auto-Login
X-Cache-Id
X-Locale
X-Irp-Debug
X-Clientip
X-Contensis-Viewer-Groups
X-Cdn-Srv
X-CacheTTL
X-Loc
X-Level-Front-Cache
X-Cached-By
X-NMSegId
Server-Host
Content-Style-Type
Azure-InstanceId
Azure-RegionName
Azure-SiteName
Azure-SlotName
X-VTEX-Cache-Server
X-VTEX-Cache-Time
X-Wikidot-Static-Cache
X-Varnishpool
Esi-Enabled
X-We-Are-Hiring
Debug
Azure-Version
X-VServer
X-VG-WebCache
Cdn-Host
Cdnsip
Cdncip
Cdn-Request-Time
X-Via-Fastly
CDCHOST
X-Vmg-Version
Content-Script-Type
X-Viewer-Country
Canary
Fastly-SSL
X-Wikidot-Backend
X-Bl-Debug
X-Varnish-CookieHashed-On
X-Varnish-CookieINHashed-On
X-Varnish-Authentication
X-Varnish-Remaining-TTL
L
X-Var-Ttl
X-Geolocation
Gh-Request-Id
X-Varnish-Director
Gannett-Cam-Experience-Id
X-V-Cache
Edge-Copy-Time
X-Via-SSL
X-Pad
Akamai-Mon-Iucid-Del
X-Via-Edge
X-Via-CDN
CDN-Cache
CDN-RequestCountryCode
CDN-RequestPullCode
X-S-Cookie
X-B-Cookie
X-Gen-Mode
CDN-EdgeStorageId
X-Application
X-Destination
X-External-Request-Id
CDN-PullZone
CDN-CachedAt
X-Cache-Date
X-Human
X-Content-Age
X-CUA
XM
Yak-Timeinfo
X-Hnp-Log
X-Origin-Response-Time
X-Internal-TTL
X-Bip
X-Men
X-Block-Status
X-Cache-FS-Status
X-IsAdmin
X-Ec-Custom-Error
CDN-RequestPullSuccess
X-SIPLIST1
ServerName
X-Site-Version
Req-ID
Release
X-Server-IP
X-VG-TLSProxy
Tube-Got-Results
Tube-Got-Eval
Tube-Get-Contents
Country-Code
Pramga
X-Varnish-Beresp-Status
NGX
X-Tb-Optimization-Total-Bytes-Saved
X-Thanos
X-UA-Device-Type
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Sn-Servicetimems
Origin-EX
Origin-CC
IsBot
Tube-Return
DSUID
X-Pool
CDN-Uid
X-Request-Host
Click-Count-Action-Start
X-Acquia-Purge-Cdn-Unconfigured
X-Pubstack
User-Cache-Control
Click-Count-Error
X-Request-Start
X-HOST
X-Varnish-Hits
Sid
X-NGINX-Cache
X-LB-NoCache
Ssr
X-RID
X-GEO
AMP-Access-Control-Allow-Source-Origin
X-Cache-Bucket
X-CACHE-GROUP
X-Proxy-CacheRZ
X-Zen-Fury
X-User
A
Cache-Key
XkeyRZ
X-Api-Version
Cdn-Requestid
X-CLOUD-TRACE-CONTEXT
X-Cs
X-VC-TTL
X-Refresh
Fastly-Drupal-HTML
Ohc-Cache-HIT
X-Tt-Logid
X-Cdn-Forward
X-RequestId
X-AIR-PT
X-ZONE
X-Servedbyhost
X-HITS
CloudFront-Viewer-Country
GeoIP-Latitude
X-Presslabs-Stats
X-Newrelic-Synthetics
X-Nananana
X-DC
X-Dc
TP-L2-Cache
X-Optimistic-Header
C-Via
X-Nc
X-HA-Backend
X-Via-Popn
X-Via-Poph
X-APP
X-B3-Spanid
X-Wa
Server-ID
X-Via-Popv
X-Vgn-Hpd-Reason
X-TH-Server
X-LB-ID
Proxy-Firewall
X-RateLimit-Limit
X-B3-Parentspanid
X-Endurance-Cache-Level
X-Moov-Xdn-Version
X-Webkit-Csp-Report-Only
X-DynaTrace-JS-Agent
True-Client-Country-4JS
HostName
X-Moov-Xdn-Caching-Status
X-Old-Content-Length
X-Moov-T
X-Srv
Cdn
X-LiteSpeed-Tag
Fastly-Drupal-Html
Server-Ext
X-Test
X-Air-Pt
Server-Hostname
X-LiteSpeed-Cache-Control
X-Oracle-Dms-Ecid
X-HubSpot-Correlation-Id
X-Zone
Sever-Int
X-COUNTRY
X-URL
X-CS
X-Parent-Response-Time
X-Datadome
Adler-Geo
WP-Super-Cache
Is-Eu
X-LJ-Flow-ID
X-CACHE-AGE
X-AWS-Id
X-VWS-Id
WZWS-RAY
X-Dispatcher-Number
X-Nginx-Cache-Key
X-Fpc
X-Action
GeoIp-Country-Code
SID
X-API-Version
X-Provided-By
X-Cache-VC
Location
X-Thinkindot-L1
X-Vercel-Cache
X-Vercel-Id
N1-Cache
X-DataCenter
X-NewRelic-App-Data
X-Litespeed-Cache-Control
T-Server
Uri
X-Custom-Header
X-Geo-Header
True-Client-Ip
X-XRDS-LOCATION
X-Pass-Why
X-ND-Cache
True-Client-IP
X-Datacenter
S-Rt
X-Ua
SEZNAM-JOBS-OFFER
TWC-GeoIP-Region
TWC-GeoIP-DMA
TWC-GeoIP-City
Cache-Hits
X-ApacheServer
GeoIP-Country-Code
X-Cache-Server
X-PERF
Cache-Tv-Group
X-CMSURLCustom
Resin-Trace
Vc-Max-Age
X-SERVER-NAME
X-Render-Time
X-WA-Info
Tcn
X-Stale
Pics-Label
Serverhost
X-Varnish-Beresp-TTL
X-Client-Ip
X-Service-Response-Time
Sm-Log-Id
X-TX-ID
X-FPC
X-Nitro-Cache
X-Uri
Powered-By
X-Srcache-Store-Status
X-Srcache-Fetch-Status
X-Ssense-Shipping-Surcharge-Enabled
X-Correlation-ID
X-Ssense-Gql
X-Dynatrace-Js-Agent
X-Oracle-Dms-Rid
X-Ion-Hop
X-Ion-Healthy
RewriteTestHook
RewriteTeamHook
Cache-Contol
Vix-Hermes-Req-Id
X-APP-VERSION
Lb
X-Jungle-Id
Srv
Log-Origin
X-Cache-TTL-Remaining
Cmstype
X-Ckpd-Fst-Backend
X-Cdn-Cache-Status
My-App
Cmsid
Av-Poweredby
Hostname
X-Debug-Service
X-Fastly-Cache-Status
X-Fastly-Cache
Server-Id
X-Udemy-Cache-App-Namespace
X-Air-Hostname
On-Server
X-From
X-Air-Trace-Id
Thinkindot-Control
X-Air-Source
X-Up
X-Vc
X-VCL-Version
CacheControlHeader
X-Lb-Id
X-App
Cf-Ipcountry
X-NC
X-Akamai-Pragma-Client-IP
ServerHost
X-WA
X-Cache-Ttl
X-Cms-Device
X-Vary-Devices
X-Ha-Backend
Xkeylog
X-Ee-Request-Id
X-Ee-Origin
X-Ee-Request-Date
Xkey-La3
X-Fastly-Backend-Reqs
X-Ee-Generated-By
AKAMAI
X-Via-PopH
X-Github-Request-Id
X-Save-Cache
X-Via-PopN
X-Oracle-DMS-ECID
X-PHP-Backend
Time-Cloud-Cache
X-Via-PopV
Geoip-Latitude
X-Amz-Meta-Opti
X-Proxy-Cache-La3
Store-Cloud-Cache
X-Esi
X-VTEX-Cache-Backend-Header-Time
X-VTEX-Cache-Backend-Connect-Time
X-LAGOON
Cl-Cache
X-Requestid
Magicmarker
Cloudfront-Viewer-Country
X-Info
X-Traceid
X-IAuth-Set-Uid
WWW-Authenticate
NtCoent-Length
X-ServedByHost
WebServer
CountryCode
X-HS-Status
X-MSEdge-Features
Warning
Origin-Site
X-MSEdge-Flight
X-Dw-Trace-Id
X-Sucuri-Id
X-Serial
X-Limited
X-Check-Cacheable
X-Geo
Epwk-X-Cache
X-Lb-Nocache
Reporter
X-Acquia-Site
X-Html-Minification-Powered-By
X-Acquia-Purge-Tags
X-Varnish-Hostname
X-Wp-Cf-Super-Cache
X-SRCache-Key
X-CDN-Cache-Status
X-Acquia-Application-Trace
X-Wp-Cf-Super-Cache-Cache-Control
X-Akamai-Transformed
FSS-Cache
X-Pod
X-Acquia-Application-UUID
X-Mg-Cache
Thinkindot-Cache-Type
X-Td-Header-From-No-Data
X-BBC-Origin-Response-Status
X-Web-Server
X-Lsadc-Cache
Edge-Cache
X-Platform-Router
X-Platform-Cluster
X-Platform-Processor
X-Ramcache
CF-Cached-On
CDN
X-Rollout
X-New
X-Ms-Blob-Type
X-Ms-Lease-Status
X-Akamai-ERRuleID
X-Eligible
X-Orig-Cache-Control
X-Akamai-ERPolicy
Timeexpire
X-Tncms-Bot-Tier
Cneonction
X-Elasticpress-Query