Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
X-Frame-Options
Expires
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
CF-Cache-Status
Cf-Request-Id
ETag
Accept-Ranges
Expect-CT
CF-RAY
Pragma
X-Powered-By
X-Cache
Via
Age
X-XSS-Protection
Content-Security-Policy
Alt-Svc
Report-To
NEL
Referrer-Policy
X-Xss-Protection
Access-Control-Allow-Origin
Content-Language
Accept-CH
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
X-Served-By
P3P
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Request-Id
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
CF-Ray
Content-Security-Policy-Report-Only
X-DNS-Prefetch-Control
X-Runtime
X-AspNet-Version
X-Drupal-Cache
Server-Timing
X-Generator
P3p
X-Cache-Status
X-Cacheable
X-Envoy-Upstream-Service-Time
X-FRAME-OPTIONS
Timing-Allow-Origin
X-Iinfo
Permissions-Policy
X-Drupal-Dynamic-Cache
X-Request-ID
X-Ua-Compatible
Feature-Policy
X-Content-Security-Policy
Access-Control-Expose-Headers
Upgrade
Accept-CH-Lifetime
Content-Encoding
Status
X-CDN
Access-Control-Max-Age
X-AspNetMvc-Version
Host-Header
Cf-Edge-Cache
X-Robots-Tag
Request-Context
X-Amz-Request-Id
X-Backend
X-UA-Device
X-Amz-Id-2
X-Hacker
Cf-Apo-Via
X-Cache-Group
X-Age
X-Vhost
X-Proxy-Cache
X-Turbo-Charged-By
EagleId
Keep-Alive
X-Rq
X-Via
X-Dispatcher
X-Server
X-Amz-Version-Id
X-AH-Environment
X-Ws-Request-Id
X-Litespeed-Cache
X-Varnish-Cache
Xkey
X-WebKit-CSP
Grace
X-Server-Powered-By
X-Swift-CacheTime
X-Swift-SaveTime
X-OneAgent-JS-Injection
X-Check
X-Pingback
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
Ali-Swift-Global-Savetime
Allow
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Page-Speed
X-Cache-Lookup
X-Cloud-Trace-Context
X-Dns-Prefetch-Control
X-Device
X-Akam-SW-Version
X-Backend-Server
X-Host
Surrogate-Control
EagleEye-TraceId
X-Response-Time
X-Readtime
Cf-Railgun
X-HW
X-Node
Request-Id
X-Ruxit-JS-Agent
X-Country
X-Server-Id
X-Country-Code
Content-Location
X-Nginx-Cache-Status
X-Url
Cache-Tag
X-Content-Type
X-LiteSpeed-Cache
X-Nginx-Upstream-Cache-Status
Service-Worker-Allowed
Fastly-Restarts
X-Trace
X-Clacks-Overhead
Cross-Origin-Opener-Policy
X-Rack-Cache
X-Application-Context
X-Amz-Server-Side-Encryption
X-Times
X-NWS-LOG-UUID
X-TtlSet
X-Vname
Surrogate-Key
X-PC
X-Midtier
X-Edge
X-Mcache
Rating
X-Server-Name
X-Cache-TTL
X-Middleton-Display
Pagespeed
Display
X-Sol
X-Cnection
X-Element-Page-Cache
X-Abt-Application-Version
X-Powered-By-Plesk
X-Browser-Type
X-Exp-Id
X-Kinja-Build
X-GoogleNews-Bot
X-Cdn-Fetch
X-Exp-Variant
X-Kinja
X-Kinja-Server
X-Kinja-Revision
X-Server-ID
X-GitHub-Request-Id
X-ESI
Nginx-Cache
X-Vcap-Request-Id
Edge-Control
X-ECACHE
X-D2id
X-Ac
Verso
X-MS-InvokeApp
X-ORACLE-DMS-RID
X-Ser
X-Oneagent-Js-Injection
X-Client-IP
X-Ratelimit-Limit
X-Amz-Rid
X-Middleton-Response
X-Wormhole-Sdk
Response
X-Ratelimit-Remaining
X-CST
X-ARC
X-Goog-Hash
X-Powered-CMS
X-B3-TraceId
X-Dw-Request-Base-Id
X-Navigation-Version
X-Ruxit-Js-Agent
X-Edge-Location-Klb
X-Kinsta-Cache
X-Server-Lifecycle-Phase
X-Instrumentation
X-Kraken-Loop-Name
X-Erf-Bev-Bev
X-PDP-UNCACHING-HASH
X-Erf-Bev-Bev-Is-Generated
X-Upstream
X-Forwarded-For
X-Amzn-Trace-Id
X-FTR-Request-ID
SPRequestDuration
SPIisLatency
X-Cache-Key
Origin-Trial
X-Mod-Pagespeed
RTSS
Edge-Cache-Tag
X-Content-Digest
X-FastCGI-Cache
Cache-Status
Public-Key-Pins
AR-ATIME
AR-Request-ID
AR-PoweredBy
AR-SID
X-Ezoic-Cdn
X-NF-Request-ID
X-Daa-Tunnel
X-Version
X-Ttl
X-SharePointHealthScore
SPRequestGuid
X-ORACLE-DMS-ECID
X-Fastly-Request-ID
X-Mg-S
Realpath
Pinterest-Generated-By
Pinterest-Version
X-Pinterest-Rid
X-MSEdge-Ref
S
X-Shield-Request-Id
X-T
X-Recruiting
Front-End-Https
Fastcgi-Cache
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Accel-Expires
Cross-Origin-Resource-Policy
X-Distributor
X-Cached
X-Xrds-Location
AR-CACHE
X-Azure-Ref
X-TTL
Access-Control-Request-Method
Arr-Disable-Session-Affinity
TP-Cache
X-Request-Received
X-Request-Processing-Time
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Cache-Config
Count-Hit
X-Id
X-Correlation-Id
X-Ua-Browser
Cache-Tags
X-Debug
X-Ismobilevalue
X-Cluster-Name
X-LLID
Akamai-GRN
Server-Node
X-NGENIX-Cache
X-Varnish-TTL
X-Newrelic-App-Data
X-Nf-Request-Id
X-Content-Security-Policy-Report-Only
MicrosoftSharePointTeamServices
X-Aspnetmvc-Version
X-GUploader-UploadID
X-TraceId
X-Frontend
X-Hits
X-Varnish-Backend
X-VARITI-CCR
X-PressLabs-Stats
X-HS-Combine-CSS
Accept-Ch
X-Protected-By
X-Amz-Replication-Status
X-Goog-Metageneration
X-LB-Cache
X-Request-Handler-Origin-Region
X-Microsite
Payment
X-Ratelimit-Reset
X-Page-Id
X-Unique-Id
X-FB-Debug
Cleartype
X-DIS-Request-ID
X-Git-Hash
X-Varnish-Server
X-Logged-In
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-Www-Served-By
X-Az
X-Activity-Id
Content-Disposition
X-AppVersion
X-Hostname
X-HP-Trace-Id
X-Cambria-Cache-Control
X-Jurisdiction
X-HP-Webp
X-Fastcgi-Cache
X-Varnish-Ttl
Host
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Template
Filterid
X-Forwarded-Proto
Amp-Access-Control-Allow-Source-Origin
X-App-Server
X-Geo-Country
Version
X-Aspnet-Version
X-ASPNET-VERSION
Frame-Options
Accept-Charset
X-Load-Cache
Trailer
X-B3-TraceId-Primal
X-Goog-Generation
MRF-Tech
Mrf-Cache-Status
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Envoy-Decorator-Operation
X-Type
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
X-Cache-Age
Access-Control-Allow-Method
Fastly-SWR
Fastly-SIE
X-Ah-Environment
X-Source
X-Content-Options
X-Upgrade-Enabled
Viewport
Section-Io-Cache
X-TT
X-Fb-Rlafr
X-HS-Prerendered
X-Origin-Server
X-B
X-B3-Sampled
X-Grace
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
Server-Name
X-Cache-Control
X-Language
X-Device-Type
X-Rid
X-SRCache-Fetch-Status
X-SRCache-Store-Status
Retry-After
X-Buckets
MS-Author-Via
X-Cdn
Content-MD5
X-Magnolia-Registration
X-Px
X-Request-Guid
X-Mobile
X-Vcl-Version
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-Cache-Status
X-Country-Code-Real
X-FTR-Backend
X-FTR-Expires
X-Trace-Id
X-EdgeConnect-Cache-Status
TCN
X-Revision
X-Akamai-Edgescape
Accept-Ch-Lifetime
X-Tec-Api-Root
X-Tec-Api-Origin
X-Varnish-Grace
X-Tec-Api-Version
Protected
Healthy
X-WP-CF-Super-Cache-Active
X-Backend-Name
Cross-Origin-Embedder-Policy-Report-Only
Charset
X-RM-Cache-TTL
Upgrade-Insecure-Requests
X-App-Environment
X-Original-Request-Id
X-Response-Served-From
X-Proxy
SD-X-WS
X-Instance
X-Debug-Info
X-Status
X-RemovedCookies
X-ProcessESI
X-NYM-Debug-Backend
X-Rule
X-Is-Bot
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-ServerID
X-Tumblr-User
X-Tumblr-Pixel-1
X-CSRF-Token
X-Rendered-As
NGB
Cross-Origin-Window-Policy
Access-Control-Request-Headers
X-Adobe-Content
X-Adobe-Loc
X-Cache-Time
X-Cacheable-TTL
X-FW-Hash
X-FW-Type
X-FW-Static
X-FW-Server
X-FW-Serve
X-Mg-Request-UUID
X-UUID
X-Storage
X-Region
X-Node-Name
X-FW-Dynamic
X-FW-Version
X-Framework
X-Edge-Location
X-Datadog-Sampled
X-Yottaa-Optimizations
X-Datadog-Sampling-Priority
X-Datadog-Trace-Id
GEO-INFO
X-Proxy-Cache-Info
X-Datadog-Parent-Id
Refresh
X-Yottaa-Metrics
X-Debug-IsPreview
X-Content-Powered-By
X-Whom
X-Debug-IsConnected
MS-CV
X-RTag
X-G
X-L-Path
Ms-Operation-Id
X-Environment-Context
OT-Force-Account-Verify
X-Lambda-Id
X-Contextid
Webserver
Section-Io-Id
X-B3-Traceid
X-Reqid
X-Amzn-Remapped-Content-Length
Countrycode
X-Origin-Cache
X-Resp-Is-Stale
DC
X-Amz-Meta-S3cmd-Attrs
X-Hcs-Proxy-Type
X-User-Agent
X-CCDN-Origin-Time
X-CCDN-CacheTTL
Paypal-Debug-Id
X-HTML-Minification-Powered-By
X-VC
X-Server-W
X-TT-LOGID
X-ECache
Alternate-Protocol
Front
X-Seen-By
X-Real-IP
SRV
X-Time
X-B3-SpanId
Priority
X-DataDome
Cross-Origin-Opener-Policy-Report-Only
X-WebKit-CSP-Report-Only
WPO-Cache-Status
X-WP-CF-Super-Cache-Cookies-Bypass
WPO-Cache-Message
X-HS-CF-Cache-Status
X-Origin-TTL
X-Nginx-Cache
Xet-Cookie
Liferay-Portal
X-Rocket-Nginx-Serving-Static
Ohc-File-Size
X-Origin-CC
X-IPS-LoggedIn
Backend
X-Mode
X-Hl-Ver
X-Akamai-Request-ID2
X-AB
Onion-Location
X-JoinUs
X-Cache-Host
Webcakes-App-Name
Webcakes-App-Version
Meta-Geo
X-Origin-Hint
TWC-GeoIP-LatLong
TWC-Privacy
TWC-Locale-Group
TWC-Connection-Speed
Fastcgi-Useragent
ServerID
TWC-Device-Class
Web-Mar-Node
X-DynaTrace
X-Rn-Rsrv
X-Rewrite-Enabled
X-SaId
X-Tumblr-Pixel-2
X-Say-TTL
X-Say-Cacheable
X-Redis-Cache
X-UPSTREAM-Address
X-Cache-Action
Webcakes-Region
X-Format
X-FB-TRIP-ID
TWC-GeoIP-Country
Property-Id
X-SayCDN-TTL
Filters
X-RateLimit-Remaining
Country
Environment
X-Cache-Status-Check
X-N
X-IPLB-Instance
X-Handled-By
X-IPLB-Request-ID
X-Hosted-By
X-Labrador-Cache-Channel
From-Origin
X-Ms-Request-Id
X-Loop
X-Fetched-On
X-Origin-Date
X-Connection-Hash
Uber-Trace-Id
DB-Nickname
Expiry
Mn-Server-Ip
X-Accel-Version
X-Cache-Expired-At
X-Detected-As
X-PHP-Host
X-Cms-Context
X-Cluster-Node
X-Director
X-Ms-Version
X-Tncms
X-Soup
X-Varnish-Age
X-VC-Cache
X-Vcache
X-Tb
X-Skip-Cache
X-R9-Blue-Green-Version
X-Restarts
X-Tumblr-Pixel-3
Apigw-Requestid
Atl-Traceid
X-ProxyCache-Status
X-Varnish-Cache-Hits
X-BYPASS-REASON
X-ProxyCache-Key
X-Adobe-Source
X-Varnish-Beresp-Grace
Url
X-Scope-Id
X-Webstats-RespID
X-Logging-Id
X-Httpd
X-Web-Node
X-Forwarded-Host
X-Frame-Option
X-Servername
X-Auth-Group-Type
X-Timing-Wait
ServedBy
X-Proxy-Build
X-Cluster
Selected-Fe
X-Served-From
X-Zipkin-Id
X-Extlb
X-Proxied
X-Origin
X-Routing-Service
X-S
X-Cloudmap
X-Hit
Cross-Origin-Embedder-Policy
Surrogated-Key
X-Azure-Ref-OriginShield
X-SRV
X-RateLimit-Limit-Second
X-LSADC-Cache
X-RateLimit-Remaining-Second
X-Worker
Accept-Language
X-Request-URI
LB
X-Lagoon
Referer-Policy
N-Cache
X-Sucuri-Cache
X-Cache-Hit
X-Generated-By
X-CDN-Forward
X-Generation-Time
X-Drupal-Cache-Tags
X-App-Version
X-Fastly-Request-Id
X-Drupal-Cache-Contexts
X-Cdn-Origin
Xserver
X-Sucuri-ID
CF-IPCountry
X-MP-GENERATED-AT
X-Xfnlog-Site
X-Tx-Id
X-TA-CDN-Provider
VIX-Pulpo-Node
Source
VIX-Pulpo-Upstream-Status
X-F-Cache
Node
X-Wix-Request-Id
CDN-RequestId
Ohc-Cache-HIT
X-AIR-PT
X-Cache-Debug
Cache
X-Mly-Id
X-RCS-CacheZone
X-Cache-Rule
X-NODE
X-Via-CDN
X-Via-SSL
Edge-Copy-Time
X-Via-Edge
X-Varnish-Beresp-Ttl
X-INCAP-ABP
X-VC-TTL
X-NWS-UUID-VERIFY
X-VCT
X-XRDS-Location
Cache-Provider
X-Pad
X-Site-Version
X-UA
X-Tcp-Rtt
X-Locale
X-Urbn-Site-Id
X-Browser-Name
X-Oracle-Dms-Ecid
X-ElasticPress-Query
Locale
X-Geo-Region
X-Urbn-Context-Path
X-Is-Desktop
X-Is-Mobile
X-Is-Supported-Browser
X-Is-Tablet
X-Developer
X-Destination
X-Ec-Fail
Odigeo-Trace-Id
X-Ec-GeoHdr
X-DPWN-IS-SECURE
X-Csrf-Jwt
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-D
Sslversion
Origin
Producers
Redirect-Candidate
Rendered-Blocks
PFcat
HA-Ipaddr
X-Cache-NE
X-Cache-Operation
X-A-Wwc
X-Cache-Info
X-AB-Test
DCR-Decision-By
Apple-News-Services-Request-Url
Apple-News-Services-Handled
Apple-News-Services-Host
DCR-Processing-Time-Ms
Apple-News-Services-Parsed-Url
X-Access
X-Cache-Grace
X-Backend-Instance
Cluster
X-B-Cookie
X-Aed
X-Application
X-Bc-Bl
X-BCube-Filmed-By
BehaviorPad-Version
X-Bug-Bounty
Candidate-Md5Url
X-Bl-Debug
X-A-Dgt
X-A-Dcw
Wxu-Next-Commit
Web-Mar-Region
Host-ID
X-Aicache-OS
Ha-Gx-Prefs
We-Hiring
L5d-Success-Class
Meta-Geo-Continent
MD5-Digest
Mail-Subject
Lang
Wxu-Next-Hostname
X-GEO
Fastly-Backend-Name
X-Conf
Expect-Staple
X-A-Dam
X-CGP
Fastly-GeoIP-CountryCode
Fastly-SSL
Wxu-Next-Region
X-A
X-A-Ccd
Fl-Custom-Application
Ngx.Var.Host
X-GeoIP-Country-Code
X-Org
X-Op-Id-All
X-Path
X-PAYTM-SRV-ID
X-Litespeed-Tag
X-Nyt-Route
X-Mvc-Supplant-Cachable
X-HS-Content-Campaign-Id
X-No-Session
X-Ig-Origin-Region
X-Ig-Push-State
X-Jobs
X-Platform-Server
X-Proto
X-VarnishDD-TTL
X-Slack-Shared-Secret-Outcome
X-Vdms-Version
X-Vtex-Remote-Cache
Xc-Version
X-Slack-Backend
X-Section
X-Rojux
X-Proxied-Request
X-S-Cookie
X-ScT
X-SD-PageType
X-HN
X-Origin-Time
X-GeoIP-Region-Code
X-Eu-Site
X-GeoCountry
X-FC-Vary-Parameters
X-GeoCode
X-Gdpr
X-Geolocation
X-External-Request-Id
X-B-Cache
X-Signature
X-Dispatcher-Server
X-Wikidot-Static-Cache
X-Fmm-Version
Req-Svc-Chain
X-Fastly-Backend
X-V-Cache
X-User
X-TIM-N
X-Gamma-Serve
X-Scheme
X-Request-Time
X-Request-Host
X-Req
X-Esi-Check
X-DefHash
X-SB
X-Zen-Fury
X-Varnish-CookieHashed-On
X-Varnish-CookieINHashed-On
X-VServer
User-Cache-Control
X-Vmg-Version
X-VTEX-Cache-Server
RNT-Time
RNT-Machine
X-VTEX-Cache-Time
V-Age
X-Via-Fastly
W
X-Varnish-Director
Server-Host
X-Varnish-Remaining-TTL
X-DefElseHash
X-VG-WebCache
X-Ec-Custom-Error
X-Wikidot-Backend
X-Accel-Expires-Debug
X-Mvc-Supplant-OutputCached
Product
X-Micro-Cache
X-Location
X-Cache-Id
X-NMSegId
X-NodeID
X-Cache-Date
X-Node-Id
X-Loc
X-CacheTTL
X-Core-Value
X-Hnp-Log
X-Hash
X-Content-Age
X-Gzip
X-Clientip
X-GoCache-CacheStatus
X-Human
X-Block-Status
X-GeoIP-City
X-Cached-By
X-AK-Request-ID
X-Akamai-Device-Characteristics
X-Platform
X-Date
X-Powered-By-VTEX-Cache
X-Policy
X-Content-Length
X-Amz-Meta-Cb-Modifiedtime
X-Amz-Storage-Class
X-BBC-Edge-Cache-Status
X-Origin-Expires
X-GeoIP
X-Epic-Correlation-Id
X-B3-Trace-ID
X-App-Name
X-Auto-Login
X-CUA
X-Gen-Mode
Gannett-Cam-Experience-Id
Azure-Version
Canary
CDCHOST
Debug
Azure-SiteName
Azure-InstanceId
Azure-RegionName
NM-Fastcgi-Cache
Cdncip
Content-Secure-Policy
Content-Style-Type
Content-Script-Type
Gh-Request-Id
L
Cdnsip
Origin-Agent-Cluster
Azure-SlotName
Platform
X-Via-JSL
Mime-Version
X-Ua-Device
Akamai-Mon-Iucid-Del
X-Request-Start
X-Pubstack
X-We-Are-Hiring
X-Alternate-Cache-Key
X-Generated-On
X-Edge-Server
Country-Code
X-Depends
X-Acquia-Purge-Cdn-Unconfigured
X-VG-TLSProxy
Click-Count-Error
Cdn-Request-Time
X-IsAdmin
X-Irp-Debug
X-Level-Front-Cache
X-Cdn-Srv
X-Men
X-Origin-Response-Time
X-Internal-TTL
X-Cache-FS-Status
X-Bip
Cdn-Host
X-Contensis-Viewer-Groups
X-Pool
X-Cache-Aspx
X-Viewer-Country
Click-Count-Action-Start
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
TDXMobile
X-Thinkindot-L3
X-Thanos
DSUID
Tube-Got-Results
Tube-Got-Eval
Tube-Get-Contents
X-SVT-ORM-RULES
X-UA-Device-Type
Ssr
X-Varnish-Beresp-Status
Origin-EX
Req-ID
Release
Origin-CC
X-Varnish-Authentication
Yak-Timeinfo
ServerName
XM
Tube-Return
X-SVT-ORM-VERSION
X-Sn-Servicetimems
X-Sorting-Hat-PodId
X-Server-IP
X-Shopify-Stage
X-ShopId
X-ShardId
X-Shield-Cache-Expires
NGX
X-Sorting-Hat-ShopId
User-Agent
X-Storefront-Renderer-Rendered
X-Service
X-URL
X-Varnishpool
X-Var-Ttl
CDN-PullZone
X-SIPLIST1
X-TH-Server
CDN-CachedAt
X-HOST
CDN-EdgeStorageId
X-LB-NoCache
CDN-RequestCountryCode
CDN-Uid
CDN-RequestPullSuccess
CDN-RequestPullCode
X-Tb-Optimization-Total-Bytes-Saved
X-RID
CDN-Cache
IsBot
X-NGINX-Cache
Fastly-Drupal-HTML
X-Varnish-Hits
Pramga
X-Vgn-Hpd-Reason
X-CACHE-GROUP
X-DC
Sid
X-Cs
X-Proxy-Cache-Status
X-ORCA-Accelerator
X-Moov-T
X-Old-Content-Length
X-Moov-Xdn-Version
X-Moov-Xdn-Caching-Status
GeoIP-Latitude
X-HubSpot-Correlation-Id
X-HITS
X-Refresh
X-RequestId
Esi-Enabled
X-Servedbyhost
CloudFront-Viewer-Country
X-Upstream-Ct
N1-Cache
X-Upstream-Ht
X-Presslabs-Stats
X-Wa
X-Nc
Cdn-Requestid
X-Api-Version
X-ZONE
X-Via-Popn
X-Via-Popv
X-HA-Backend
Server-ID
X-Via-Poph
X-Cache-Bucket
X-Action
X-Tt-Logid
C-Via
X-APP
X-LiteSpeed-Cache-Control
X-Newrelic-Synthetics
A
X-LB-ID
X-Vercel-Id
TWC-GeoIP-DMA
Cache-Hits
X-Proxy-CacheRZ
Cache-Key
XkeyRZ
TWC-GeoIP-City
TWC-GeoIP-Region
X-LiteSpeed-Tag
X-Vercel-Cache
X-Zone
X-Webkit-CSP
X-Nananana
AMP-Access-Control-Allow-Source-Origin
X-Parent-Response-Time
X-Thinkindot-L1
X-NewRelic-App-Data
HostName
X-B3-Parentspanid
X-Cache-VC
Location
X-DynaTrace-JS-Agent
X-Webkit-Csp-Report-Only
X-B3-Spanid
X-COUNTRY
X-Dc
X-Webkit-Csp
X-CS
X-ApacheServer
WP-Super-Cache
SID
X-PERF
Fastly-Drupal-Html
X-Endurance-Cache-Level
Proxy-Firewall
X-Ua
X-Srv
X-CACHE-AGE
X-API-Version
X-DataCenter
X-Render-Time
X-Cdn-Forward
X-Fpc
X-WA-Info
X-Litespeed-Cache-Control
Uri
GeoIp-Country-Code
X-Uri
X-Nitro-Cache
Sever-Int
True-Client-Country-4JS
True-Client-Ip
Cache-Contol
Server-Ext
Server-Hostname
X-Optimistic-Header
RewriteTeamHook
RewriteTestHook
X-Jungle-Id
X-Ion-Healthy
X-Ion-Hop
TP-L2-Cache
X-Datadome
True-Client-IP
GeoIP-Country-Code
X-Test
Resin-Trace
Cmsid
Cmstype
My-App
Log-Origin
X-Service-Response-Time
Cdn
Sm-Log-Id
X-Datacenter
X-Up
SEZNAM-JOBS-OFFER
X-Ssense-Shipping-Surcharge-Enabled
X-Ssense-Gql
X-From
X-Dispatcher-Number
Adler-Geo
X-CLOUD-TRACE-CONTEXT
Is-Eu
X-SERVER-NAME
Tcn
CacheControlHeader
X-Nginx-Cache-Key
WZWS-RAY
X-Varnish-Beresp-TTL
X-Pass-Why
X-Client-Ip
X-Udemy-Cache-App-Namespace
X-Stale
X-RateLimit-Limit
X-FPC
X-Dynatrace-Js-Agent
X-Srcache-Fetch-Status
X-Srcache-Store-Status
Srv
X-LJ-Flow-ID
X-Geo-Header
X-Custom-Header
X-AWS-Id
X-VWS-Id
T-Server
Lb
X-APP-VERSION
X-Oracle-Dms-Rid
Hostname
X-Fastly-Cache-Status
X-Debug-Service
X-Provided-By
X-Air-Pt
X-ND-Cache
X-TX-ID
Origin-Site
Server-Id
Serverhost
X-CMSURLCustom
Vc-Max-Age
X-Cache-Server
X-App
X-Vc
X-Air-Hostname
Pics-Label
X-Lb-Id
X-Air-Source
Cf-Ipcountry
X-Fastly-Backend-Reqs
X-Air-Trace-Id
X-SRCache-Key
X-Varnish-Hostname
NtCoent-Length
AKAMAI-GRN
X-Akamai-Pragma-Client-IP
X-VCL-Version
X-Correlation-ID
X-Cache-Ttl
S-Rt
ServerHost
X-NC
Powered-By
X-Via-PopH
X-Oracle-DMS-ECID
Av-Poweredby
X-Via-PopV
X-Via-PopN
X-Ha-Backend
X-Html-Minification-Powered-By
X-WA
X-Cdn-Cache-Status
Edge-Cache
X-XRDS-LOCATION
X-Esi
Cache-Tv-Group
X-Cache-TTL-Remaining
Geoip-Latitude
YJS-ID
Epwk-X-Cache
Pragrma
Vix-Hermes-Req-Id
X-LAGOON
X-Traceid
Machine
X-ServedByHost
Xkey-La3
Ms-Author-Via
X-Proxy-Cache-La3
X-Fastly-Cache
X-Region-Sid
X-Sigma
Cloudfront-Viewer-Country
WebServer
X-Sigma-Backend
X-Requestid
X-Rocket-Build-Number
WWW-Authenticate
Xkeylog
X-Forwarded-Site
X-Ckpd-Fst-Backend
CountryCode
X-HS-Status
Thinkindot-Control
Warning
X-MSEdge-Flight
X-MSEdge-Features
Nord-Request-ID
On-Server
X-Sucuri-Id
FSS-Cache
X-Wp-Cf-Super-Cache-Cache-Control
X-Check-Cacheable
Reporter
X-Akamai-ERPolicy
X-Akamai-ERRuleID
X-Serial
X-Wp-Cf-Super-Cache
X-IAuth-Set-Uid
X-Lb-Nocache
MIME-Version
X-VTEX-Cache-Backend-Connect-Time
X-VTEX-Cache-Backend-Header-Time
X-Mg-Cache
X-Lsadc-Cache
X-Cdn-Request-ID
Time-Cloud-Cache
X-Ee-Origin
X-Ee-Request-Date
X-Ee-Request-Id
X-PHP-Backend
X-Ee-Generated-By
X-Cms-Device
AKAMAI
Store-Cloud-Cache
X-Akamai-Transformed
X-Amz-Meta-Opti
X-Save-Cache
X-Vary-Devices
X-BBC-Origin-Response-Status
X-Dw-Trace-Id
Thinkindot-Cache-Type
X-Td-Header-From-No-Data
X-Elasticpress-Query
X-Orig-Cache-Control
X-Tncms-Bot-Tier
Cneonction
Timeexpire
X-Web-Server