Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
X-Frame-Options
Expires
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
CF-Cache-Status
Cf-Request-Id
ETag
Accept-Ranges
Expect-CT
CF-RAY
Pragma
X-Powered-By
X-Cache
Via
Age
X-XSS-Protection
Content-Security-Policy
Alt-Svc
Report-To
NEL
Referrer-Policy
X-Xss-Protection
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
X-Served-By
P3P
X-Download-Options
X-Timer
Accept-CH
Access-Control-Allow-Headers
X-Request-Id
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
CF-Ray
Content-Security-Policy-Report-Only
X-DNS-Prefetch-Control
X-Runtime
X-AspNet-Version
P3p
X-Drupal-Cache
Server-Timing
X-Generator
X-Cache-Status
X-Cacheable
X-Envoy-Upstream-Service-Time
X-FRAME-OPTIONS
Timing-Allow-Origin
X-Iinfo
Permissions-Policy
X-Drupal-Dynamic-Cache
X-Request-ID
X-Ua-Compatible
X-Content-Security-Policy
Feature-Policy
Access-Control-Expose-Headers
Upgrade
Accept-Ch
Content-Encoding
Status
X-CDN
Access-Control-Max-Age
X-AspNetMvc-Version
Host-Header
Cf-Edge-Cache
X-Robots-Tag
X-Check
Request-Context
X-Amz-Request-Id
X-Backend
X-Amz-Id-2
X-Hacker
Cf-Apo-Via
X-Turbo-Charged-By
X-Cache-Group
X-Proxy-Cache
Keep-Alive
X-Age
X-Rq
X-Via
EagleId
X-UA-Device
X-Server
X-Dispatcher
X-Vhost
X-Amz-Version-Id
X-AH-Environment
Accept-CH-Lifetime
X-Ws-Request-Id
X-Litespeed-Cache
X-Varnish-Cache
Grace
X-Server-Powered-By
X-OneAgent-JS-Injection
X-Swift-CacheTime
X-Swift-SaveTime
X-Pingback
X-WebKit-CSP
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
Allow
X-Dns-Prefetch-Control
Ali-Swift-Global-Savetime
X-Cache-Lookup
X-Page-Speed
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Cloud-Trace-Context
Xkey
X-Device
X-Backend-Server
X-Akam-SW-Version
X-Host
EagleEye-TraceId
Surrogate-Control
X-Response-Time
X-Readtime
Cf-Railgun
X-HW
X-Node
X-Server-Id
Request-Id
X-Ruxit-JS-Agent
X-Country
X-Nginx-Cache-Status
X-Url
Content-Location
X-LiteSpeed-Cache
X-Content-Type
Cache-Tag
X-Nginx-Upstream-Cache-Status
Service-Worker-Allowed
X-Clacks-Overhead
X-Country-Code
Fastly-Restarts
X-Trace
X-Application-Context
Cross-Origin-Opener-Policy
X-NWS-LOG-UUID
Accept-Ch-Lifetime
X-Amz-Server-Side-Encryption
X-Rack-Cache
X-Times
X-Vname
X-TtlSet
X-PC
X-Midtier
X-Mcache
X-Edge
Surrogate-Key
Rating
X-Server-Name
X-Sol
X-Middleton-Display
Display
Pagespeed
X-Cache-TTL
X-Browser-Type
X-Cnection
X-Element-Page-Cache
X-Abt-Application-Version
X-GoogleNews-Bot
X-Exp-Id
X-Kinja
X-Cdn-Fetch
X-Exp-Variant
X-Kinja-Revision
X-Kinja-Build
X-Kinja-Server
Nginx-Cache
X-Powered-By-Plesk
X-ESI
X-GitHub-Request-Id
Edge-Control
X-ECACHE
X-Vcap-Request-Id
Verso
X-D2id
X-Ser
X-Ac
X-MS-InvokeApp
X-Client-IP
X-ORACLE-DMS-RID
X-B3-TraceId
Response
X-Middleton-Response
X-Amz-Rid
X-ARC
X-Dw-Request-Base-Id
X-Oneagent-Js-Injection
X-Ratelimit-Limit
X-CST
X-Wormhole-Sdk
X-Goog-Hash
X-Powered-CMS
X-Navigation-Version
X-Ratelimit-Remaining
X-Edge-Location-Klb
X-Kinsta-Cache
X-Upstream
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
X-PDP-UNCACHING-HASH
X-Erf-Bev-Bev-Is-Generated
X-Instrumentation
X-Erf-Bev-Bev
X-Forwarded-For
X-Ruxit-Js-Agent
X-Amzn-Trace-Id
RTSS
X-FastCGI-Cache
X-Cache-Key
X-Daa-Tunnel
SPRequestDuration
SPIisLatency
X-Server-ID
X-Mod-Pagespeed
Edge-Cache-Tag
X-Ttl
Cache-Status
AR-PoweredBy
AR-ATIME
AR-Request-ID
AR-SID
Public-Key-Pins
X-Content-Digest
X-Ezoic-Cdn
X-NF-Request-ID
X-Version
X-Mg-S
X-SharePointHealthScore
SPRequestGuid
X-ORACLE-DMS-ECID
S
Realpath
X-T
X-Shield-Request-Id
X-MSEdge-Ref
Cross-Origin-Resource-Policy
Fastcgi-Cache
AR-CACHE
X-Recruiting
X-Cached
X-Ua-Device
X-Fastly-Request-ID
Origin-Trial
Front-End-Https
X-Accel-Expires
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Distributor
X-Azure-Ref
X-Pinterest-Rid
TP-Cache
Pinterest-Version
Access-Control-Request-Method
Pinterest-Generated-By
X-Varnish-TTL
Arr-Disable-Session-Affinity
X-Request-Received
X-Request-Processing-Time
Count-Hit
X-Ua-Browser
X-Id
X-HS-Cache-Config
X-Debug
X-HS-Hub-Id
X-HS-Content-Id
X-LLID
Cache-Tags
Server-Node
MicrosoftSharePointTeamServices
X-Ismobilevalue
X-Newrelic-App-Data
X-Content-Security-Policy-Report-Only
X-Xrds-Location
X-Cluster-Name
X-TTL
X-FTR-Request-ID
X-PressLabs-Stats
X-Correlation-Id
X-Frontend
X-Nf-Request-Id
X-VARITI-CCR
X-Aspnetmvc-Version
X-HS-Combine-CSS
X-GUploader-UploadID
X-Varnish-Backend
X-NGENIX-Cache
X-Amz-Replication-Status
X-Protected-By
Payment
X-Goog-Metageneration
X-Hits
Akamai-GRN
X-Microsite
X-Request-Handler-Origin-Region
X-Unique-Id
Cleartype
X-LB-Cache
X-FB-Debug
X-Varnish-Server
X-Logged-In
X-Www-Served-By
X-Activity-Id
X-AppVersion
X-Git-Hash
X-Az
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Ratelimit-Reset
Content-Disposition
X-Page-Id
X-Forwarded-Proto
Host
X-Hostname
Filterid
X-DIS-Request-ID
X-Cambria-Cache-Control
X-HP-Trace-Id
X-Jurisdiction
X-HP-Webp
X-Amz-Apigw-Id
X-Amzn-RequestId
X-App-Server
X-Varnish-Ttl
X-Template
Amp-Access-Control-Allow-Source-Origin
X-Geo-Country
Frame-Options
X-Aspnet-Version
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
X-Fastcgi-Cache
X-ASPNET-VERSION
Access-Control-Allow-Method
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Origin-Server
Version
X-Load-Cache
X-Upgrade-Enabled
MS-Author-Via
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
X-Type
Viewport
X-Ah-Environment
Fastly-SIE
Fastly-SWR
Accept-Charset
Section-Io-Cache
X-Content-Options
Trailer
X-Cache-Control
X-TT
X-Fb-Rlafr
Retry-After
X-TraceId
X-B
X-TEC-API-VERSION
X-Grace
X-TEC-API-ORIGIN
X-B3-Sampled
X-TEC-API-ROOT
X-Rid
Content-MD5
X-Envoy-Decorator-Operation
X-Source
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Device-Type
X-Vcl-Version
Server-Name
X-Cdn
X-Request-Guid
X-Trace-Id
X-Revision
X-Language
X-Magnolia-Registration
X-Cache-Age
X-Buckets
Healthy
X-Px
X-Mobile
X-Tec-Api-Origin
X-Webkit-CSP
X-Tec-Api-Version
X-Tec-Api-Root
X-HS-Prerendered
TCN
X-WP-CF-Super-Cache-Active
X-Akamai-Edgescape
X-Backend-Name
X-EdgeConnect-Cache-Status
X-Varnish-Grace
X-Status
X-Contextid
X-RM-Cache-TTL
X-App-Environment
X-Origin-Cache
X-FW-Version
X-Debug-Info
X-Instance
Protected
X-CSRF-Token
X-FW-Server
X-FW-Dynamic
X-FW-Static
X-Environment-Context
X-FW-Type
X-FW-Serve
X-FW-Hash
X-RemovedCookies
X-ProcessESI
X-Rule
X-Tumblr-User
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
X-L-Path
X-Tumblr-Pixel
X-NYM-Debug-Backend
X-Storage
X-Amz-Meta-S3cmd-Attrs
SD-X-WS
Cross-Origin-Window-Policy
NGB
Access-Control-Request-Headers
GEO-INFO
X-ServerID
X-Edge-Location
X-UUID
X-Cache-Time
X-Node-Name
X-Framework
X-Proxy-Cache-Info
X-Region
X-Mg-Request-UUID
X-Adobe-Loc
X-Datadog-Trace-Id
X-Adobe-Content
Charset
X-Proxy
X-Cacheable-TTL
X-Debug-IsPreview
X-Datadog-Sampled
X-Datadog-Sampling-Priority
MS-CV
Ms-Operation-Id
X-Datadog-Parent-Id
X-Debug-IsConnected
X-Is-Bot
X-Rendered-As
X-Content-Powered-By
X-RTag
X-Original-Request-Id
X-Response-Served-From
X-G
X-Yottaa-Optimizations
Upgrade-Insecure-Requests
X-Yottaa-Metrics
Cross-Origin-Embedder-Policy-Report-Only
X-Whom
Refresh
Countrycode
OT-Force-Account-Verify
Webserver
DC
X-Lambda-Id
X-HTML-Minification-Powered-By
Paypal-Debug-Id
X-User-Agent
X-Seen-By
Section-Io-Id
Front
X-Reqid
X-VC
X-Amzn-Remapped-Content-Length
X-TT-LOGID
X-VHOST
X-ECache
X-WebKit-CSP-Report-Only
X-RateLimit-Remaining
Alternate-Protocol
X-B3-Traceid
SRV
X-Server-W
Priority
X-CCDN-CacheTTL
X-CCDN-Origin-Time
X-Hcs-Proxy-Type
X-Fastly-Request-Id
X-IPS-LoggedIn
X-WP-CF-Super-Cache-Cookies-Bypass
X-B3-SpanId
X-AB
X-Akamai-Request-ID2
X-Real-IP
X-Cache-Status-Check
X-Time
Liferay-Portal
Country
Backend
X-N
X-Mode
Xet-Cookie
Onion-Location
TWC-Locale-Group
X-UPSTREAM-Address
X-Tumblr-Pixel-2
X-SaId
TWC-Privacy
TWC-GeoIP-LatLong
X-Rocket-Nginx-Serving-Static
Fastcgi-Useragent
TWC-Connection-Speed
TWC-Device-Class
TWC-GeoIP-Country
X-Rn-Rsrv
Webcakes-App-Name
X-Format
ServerID
Webcakes-Region
Meta-Geo
X-FB-TRIP-ID
Webcakes-App-Version
Filters
Environment
X-Rewrite-Enabled
X-Origin-Hint
X-JoinUs
X-Cache-Host
Property-Id
X-DataDome
X-Hl-Ver
X-Hosted-By
X-Frame-Option
X-Cache-Action
X-Fetched-On
X-Restarts
Web-Mar-Node
X-Skip-Cache
X-VC-Cache
X-Origin-Date
X-PHP-Host
X-Nginx-Cache
X-Labrador-Cache-Channel
X-IPLB-Instance
X-IPLB-Request-ID
X-Connection-Hash
X-Cluster-Node
DB-Nickname
X-Accel-Version
Expiry
Uber-Trace-Id
Mn-Server-Ip
From-Origin
X-Scope-Id
X-SayCDN-TTL
X-R9-Blue-Green-Version
X-Cache-Expired-At
X-Tb
X-Redis-Cache
X-Say-TTL
X-Say-Cacheable
X-Varnish-Age
X-ProxyCache-Key
X-Forwarded-Host
X-BYPASS-REASON
Atl-Traceid
Apigw-Requestid
X-Httpd
X-Logging-Id
X-ProxyCache-Status
X-Cms-Context
X-Origin-TTL
X-Webstats-RespID
X-Web-Node
X-Director
X-Handled-By
X-Vcache
X-Tncms
X-Soup
X-Loop
X-Varnish-Cache-Hits
X-Origin-CC
X-Varnish-Beresp-Grace
X-Request-URI
X-Adobe-Source
X-Timing-Wait
X-DynaTrace
X-Auth-Group-Type
X-Served-From
X-Servername
X-Cluster
X-Proxy-Build
WPO-Cache-Message
ServedBy
Url
WPO-Cache-Status
Selected-Fe
X-Cloudmap
X-S
X-Ms-Version
X-Ms-Request-Id
X-Extlb
X-Zipkin-Id
Cross-Origin-Embedder-Policy
X-Proxied
Cross-Origin-Opener-Policy-Report-Only
X-Routing-Service
X-Detected-As
X-Origin
Referer-Policy
X-Tumblr-Pixel-3
Accept-Language
X-Hit
X-FTR-Cache-Status
X-FTR-Balancer
N-Cache
X-FTR-Expires
X-Country-Code-Real
X-FTR-Backend
X-FTR-Backend-Server
X-XRDS-Location
X-LSADC-Cache
X-Generated-By
X-Azure-Ref-OriginShield
Surrogated-Key
Ohc-File-Size
X-SRV
X-Worker
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
Xserver
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Wix-Request-Id
X-Lagoon
X-Xfnlog-Site
X-App-Version
X-HS-CF-Cache-Status
X-Generation-Time
LB
X-Sucuri-Cache
X-Webkit-Csp
X-NWS-UUID-VERIFY
CF-IPCountry
X-Drupal-Cache-Tags
X-Drupal-Cache-Contexts
X-Cdn-Origin
Source
X-RCS-CacheZone
X-Cache-Debug
X-Cache-Hit
CDN-RequestId
X-MP-GENERATED-AT
X-F-Cache
Node
X-Resp-Is-Stale
X-Sucuri-ID
X-VCT
X-Tx-Id
X-Via-JSL
X-NODE
X-Browser-Name
X-Tcp-Rtt
X-TA-CDN-Provider
X-Is-Tablet
X-Is-Supported-Browser
X-Varnish-Beresp-Ttl
X-Geo-Region
X-Is-Desktop
X-Is-Mobile
X-Urbn-Site-Id
X-Urbn-Context-Path
Locale
X-No-Session
X-Signature
X-Cache-Rule
Cache
X-Proxy-Cache-Status
X-CDN-Forward
X-B-Cache
X-Mly-Id
X-ElasticPress-Query
X-Oracle-Dms-Ecid
X-Pad
X-INCAP-ABP
X-Cache-Operation
X-Origin-Time
X-Path
X-Org
DCR-Processing-Time-Ms
X-Platform-Server
X-PAYTM-SRV-ID
Cluster
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
BehaviorPad-Version
Cache-Provider
Candidate-Md5Url
Apple-News-Services-Host
Apple-News-Services-Handled
Edge-Copy-Time
X-Via-CDN
X-Via-Edge
X-Via-SSL
Xc-Version
X-Vtex-Remote-Cache
X-ScT
X-Rojux
X-Proxied-Request
DCR-Decision-By
X-Section
X-TIM-N
X-Op-Id-All
Content-Secure-Policy
X-Vdms-Version
X-VarnishDD-TTL
X-Proto
HA-Ipaddr
X-Bug-Bounty
X-Cache-Info
Rendered-Blocks
X-Bl-Debug
User-Agent
X-BCube-Filmed-By
W
X-Cache-NE
X-CGP
X-Debug-Cache-Fetch
Producers
Redirect-Candidate
X-D
X-Conf
X-Csrf-Jwt
X-Bc-Bl
X-Backend-Instance
X-AB-Test
X-Access
X-A-Wwc
X-A-Dgt
X-A-Dam
X-A-Dcw
X-A
Wxu-Next-Region
We-Hiring
X-App-Name
X-Aicache-OS
Wxu-Next-Commit
Wxu-Next-Hostname
X-Aed
X-Debug-Cache-Store
PFcat
L5d-Success-Class
Host-ID
X-Ig-Push-State
Lang
MD5-Digest
Mail-Subject
X-A-Ccd
Ha-Gx-Prefs
X-Mvc-Supplant-Cachable
X-Nyt-Route
X-Jobs
Fastly-Backend-Name
Fl-Custom-Application
Fastly-GeoIP-CountryCode
X-Ig-Origin-Region
Meta-Geo-Continent
X-Ec-Fail
X-Ec-GeoHdr
Odigeo-Trace-Id
Origin
X-Developer
X-DPWN-IS-SECURE
X-Eu-Site
X-FC-Vary-Parameters
X-Geolocation
X-HN
Ngx.Var.Host
X-GeoCountry
X-Gdpr
X-GeoCode
Expect-Staple
Sslversion
X-Storefront-Renderer-Rendered
X-Upstream-Ct
X-Alternate-Cache-Key
X-UA
X-Upstream-Ht
X-NGINX-Cache
X-Sorting-Hat-ShopId
X-Shopify-Stage
X-ShopId
X-Sorting-Hat-PodId
X-ShardId
X-GoCache-CacheStatus
RNT-Machine
Req-Svc-Chain
X-GeoIP-City
X-Generated-On
X-Fmm-Version
X-Fastly-Backend
TDXMobile
X-Gamma-Serve
X-Gzip
Server-Host
X-GeoIP
RNT-Time
Platform
NM-Fastcgi-Cache
X-Location
X-Micro-Cache
X-Mvc-Supplant-OutputCached
X-B3-Trace-ID
Mime-Version
X-Locale
Origin-Agent-Cluster
X-B-Cookie
Product
Thinkindot-CacheControl
X-Irp-Debug
X-Loc
X-Level-Front-Cache
X-Hash
X-Esi-Check
X-Cache-Aspx
X-GeoIP-Country-Code
X-SD-PageType
X-Cache-Date
X-Slack-Backend
X-Cached-By
X-Slack-Shared-Secret-Outcome
X-Cache-Id
X-S-Cookie
X-AK-Request-ID
X-Amz-Storage-Class
X-GeoIP-Region-Code
X-Auto-Login
X-HS-Content-Campaign-Id
X-Amz-Meta-Cb-Modifiedtime
X-Akamai-Device-Characteristics
X-BBC-Edge-Cache-Status
X-Accel-Expires-Debug
X-CacheTTL
X-Dispatcher-Server
V-Age
X-Depends
X-Edge-Server
X-Destination
X-Litespeed-Tag
X-Epic-Correlation-Id
X-Cache-Grace
X-DefHash
X-DefElseHash
X-Clientip
X-External-Request-Id
X-Cdn-Srv
X-Contensis-Viewer-Groups
X-Content-Length
X-Date
X-Core-Value
Thinkindot-CacheControl-Type
X-NMSegId
Cdn-Request-Time
X-Via-Fastly
X-VG-WebCache
Cdn-Host
X-Varnishpool
X-Node-Id
X-Viewer-Country
X-Vmg-Version
Cdnsip
X-Varnish-CookieINHashed-On
Cdncip
X-VServer
X-Shield-Cache-Expires
X-Thinkindot-L3
CDCHOST
Azure-RegionName
Azure-SiteName
X-Varnish-Director
Azure-InstanceId
X-Varnish-CookieHashed-On
Azure-SlotName
Azure-Version
Canary
X-Varnish-Remaining-TTL
X-V-Cache
X-Var-Ttl
X-Varnish-Authentication
X-Scheme
X-VTEX-Cache-Server
X-Origin-Expires
X-Policy
Esi-Enabled
X-ORCA-Accelerator
X-NodeID
X-Platform
Gannett-Cam-Experience-Id
Gh-Request-Id
Fastly-SSL
X-Application
Web-Mar-Region
X-Wikidot-Static-Cache
L
X-We-Are-Hiring
X-Request-Time
X-VTEX-Cache-Time
X-SB
Content-Script-Type
X-Req
Debug
X-Powered-By-VTEX-Cache
X-Wikidot-Backend
Content-Style-Type
X-COUNTRY
X-HITS
Akamai-Mon-Iucid-Del
Pramga
X-GEO
X-VG-TLSProxy
XM
X-Bip
Yak-Timeinfo
X-Tb-Optimization-Total-Bytes-Saved
X-Request-Start
User-Cache-Control
X-Block-Status
X-Server-IP
X-Pubstack
X-Internal-TTL
X-Origin-Response-Time
X-Men
X-IsAdmin
X-Pool
X-Service
X-SIPLIST1
X-Thanos
X-UA-Device-Type
X-Varnish-Beresp-Status
X-Ec-Custom-Error
X-CUA
X-Content-Age
X-Sn-Servicetimems
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Gen-Mode
X-Cache-FS-Status
Origin-EX
Origin-CC
X-Hnp-Log
IsBot
Release
Req-ID
Tube-Got-Results
Tube-Got-Eval
Tube-Get-Contents
ServerName
DSUID
Country-Code
CDN-PullZone
CDN-EdgeStorageId
CDN-CachedAt
CDN-Cache
CDN-RequestCountryCode
CDN-RequestPullCode
Click-Count-Error
Click-Count-Action-Start
CDN-Uid
CDN-RequestPullSuccess
Tube-Return
NGX
X-Site-Version
X-Acquia-Purge-Cdn-Unconfigured
X-Human
X-Request-Host
X-URL
X-User
X-Zen-Fury
Sid
X-LB-NoCache
X-HOST
Ssr
X-RID
X-Varnish-Hits
Ohc-Cache-HIT
X-VC-TTL
Fastly-Drupal-HTML
X-CACHE-GROUP
X-Api-Version
GeoIP-Latitude
Cache-Key
X-Proxy-CacheRZ
A
XkeyRZ
X-Cache-Bucket
X-Refresh
X-DC
X-AIR-PT
X-Servedbyhost
X-Cs
X-RequestId
X-ZONE
CloudFront-Viewer-Country
Cdn-Requestid
X-Cdn-Forward
X-Newrelic-Synthetics
X-Nc
X-Vgn-Hpd-Reason
X-Wa
AMP-Access-Control-Allow-Source-Origin
X-B3-Spanid
X-APP
X-Tt-Logid
X-TH-Server
TP-L2-Cache
C-Via
Server-ID
X-Nananana
X-Moov-Xdn-Version
X-Optimistic-Header
X-Old-Content-Length
X-Moov-Xdn-Caching-Status
X-HubSpot-Correlation-Id
X-Dc
X-B3-Parentspanid
X-Via-Poph
X-Via-Popv
X-Moov-T
Proxy-Firewall
X-HA-Backend
X-CACHE-AGE
X-Via-Popn
X-Webkit-Csp-Report-Only
X-LiteSpeed-Tag
X-Endurance-Cache-Level
X-LB-ID
X-CS
X-NewRelic-App-Data
Cdn
X-Presslabs-Stats
X-Srv
X-LiteSpeed-Cache-Control
X-DynaTrace-JS-Agent
X-Air-Pt
X-Zone
HostName
True-Client-Country-4JS
WP-Super-Cache
X-Parent-Response-Time
Server-Ext
X-Action
X-Test
Sever-Int
Fastly-Drupal-Html
Server-Hostname
N1-Cache
X-Fpc
GeoIp-Country-Code
X-Thinkindot-L1
Adler-Geo
X-Cache-VC
X-Vercel-Cache
Location
X-DataCenter
X-Vercel-Id
Is-Eu
SID
X-API-Version
X-Datadome
X-VWS-Id
X-Dispatcher-Number
X-Nginx-Cache-Key
WZWS-RAY
X-AWS-Id
X-LJ-Flow-ID
X-Ua
X-Litespeed-Cache-Control
X-RateLimit-Limit
TWC-GeoIP-City
X-Provided-By
TWC-GeoIP-DMA
Uri
Cache-Hits
TWC-GeoIP-Region
True-Client-IP
SEZNAM-JOBS-OFFER
T-Server
True-Client-Ip
X-Geo-Header
X-Custom-Header
X-PERF
X-ApacheServer
X-Pass-Why
X-ND-Cache
Resin-Trace
GeoIP-Country-Code
X-Datacenter
X-CLOUD-TRACE-CONTEXT
X-Render-Time
X-WA-Info
X-Stale
S-Rt
X-SERVER-NAME
X-Uri
X-Cache-Server
Vc-Max-Age
X-Nitro-Cache
Serverhost
Tcn
X-CMSURLCustom
X-Ssense-Gql
X-Varnish-Beresp-TTL
X-Ssense-Shipping-Surcharge-Enabled
X-Client-Ip
X-Service-Response-Time
X-Dynatrace-Js-Agent
Sm-Log-Id
Cache-Tv-Group
X-Ion-Hop
Log-Origin
X-Ion-Healthy
Cache-Contol
RewriteTestHook
X-FPC
X-Jungle-Id
RewriteTeamHook
Pics-Label
X-Srcache-Fetch-Status
X-Srcache-Store-Status
X-Correlation-ID
Hostname
Srv
Cmstype
X-APP-VERSION
X-Oracle-Dms-Rid
Cmsid
Powered-By
My-App
Lb
X-TX-ID
X-XRDS-LOCATION
X-From
X-Up
X-Udemy-Cache-App-Namespace
X-Cdn-Cache-Status
Av-Poweredby
X-Debug-Service
Vix-Hermes-Req-Id
X-Fastly-Cache-Status
X-Air-Trace-Id
X-Air-Source
X-Air-Hostname
Server-Id
X-Lb-Id
X-Akamai-Pragma-Client-IP
CacheControlHeader
X-Ckpd-Fst-Backend
X-Cache-TTL-Remaining
X-Fastly-Cache
X-Vc
X-Ha-Backend
Thinkindot-Control
X-App
X-Via-PopV
On-Server
X-Via-PopN
X-Via-PopH
Cf-Ipcountry
X-Cache-Ttl
X-NC
X-Github-Request-Id
X-Oracle-DMS-ECID
X-Fastly-Backend-Reqs
ServerHost
X-WA
X-LAGOON
X-Esi
X-Save-Cache
AKAMAI
X-Vary-Devices
NtCoent-Length
X-VCL-Version
X-PHP-Backend
Geoip-Latitude
Time-Cloud-Cache
Store-Cloud-Cache
X-Ee-Request-Date
X-Ee-Origin
X-Ee-Generated-By
X-Cms-Device
X-Proxy-Cache-La3
Xkeylog
X-Ee-Request-Id
Xkey-La3
X-Amz-Meta-Opti
Origin-Site
X-Requestid
X-ServedByHost
Cloudfront-Viewer-Country
X-IAuth-Set-Uid
X-VTEX-Cache-Backend-Header-Time
X-Traceid
WebServer
X-Html-Minification-Powered-By
WWW-Authenticate
X-VTEX-Cache-Backend-Connect-Time
Warning
CountryCode
Magicmarker
X-SRCache-Key
X-Serial
X-Limited
X-Info
Cl-Cache
X-Check-Cacheable
X-Sucuri-Id
X-Varnish-Hostname
X-HS-Status
X-MSEdge-Flight
X-MSEdge-Features
Epwk-X-Cache
FSS-Cache
X-Dw-Trace-Id
X-Pod
X-Wp-Cf-Super-Cache
X-Acquia-Purge-Tags
X-Acquia-Application-Trace
X-Lb-Nocache
X-Acquia-Site
Edge-Cache
Reporter
X-CSRF-TOKEN
X-Wp-Cf-Super-Cache-Cache-Control
X-Akamai-Transformed
X-Acquia-Application-UUID
X-Web-Server
X-Th-Server
Yjs-Id
X-Mg-Cache
X-Lsadc-Cache
Thinkindot-Cache-Type
X-Td-Header-From-No-Data
CF-Cached-On
X-Geo
X-Tncms-Bot-Tier
X-Ms-Lease-Status
Cneonction
Timeexpire
X-Akamai-ERRuleID
X-Akamai-ERPolicy
X-Ms-Blob-Type
X-Ramcache
X-Elasticpress-Query
X-CDN-Cache-Status
X-Platform-Cluster
X-Platform-Processor
X-Orig-Cache-Control
X-Platform-Router
X-BBC-Origin-Response-Status