Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
X-Frame-Options
Expires
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
CF-Cache-Status
Cf-Request-Id
ETag
Accept-Ranges
Expect-CT
CF-RAY
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
X-XSS-Protection
Alt-Svc
Report-To
NEL
X-Xss-Protection
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
Accept-CH
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
X-Served-By
P3P
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Request-Id
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
CF-Ray
Content-Security-Policy-Report-Only
X-DNS-Prefetch-Control
X-Runtime
X-AspNet-Version
X-Drupal-Cache
P3p
Server-Timing
X-Generator
X-Cache-Status
X-Cacheable
X-Envoy-Upstream-Service-Time
Timing-Allow-Origin
X-Iinfo
X-FRAME-OPTIONS
Permissions-Policy
X-Drupal-Dynamic-Cache
X-Request-ID
X-Ua-Compatible
Feature-Policy
X-Content-Security-Policy
Access-Control-Expose-Headers
Upgrade
Content-Encoding
Status
Accept-CH-Lifetime
X-CDN
Access-Control-Max-Age
X-AspNetMvc-Version
Host-Header
Cf-Edge-Cache
X-Robots-Tag
Request-Context
X-Amz-Request-Id
X-Backend
X-UA-Device
X-Amz-Id-2
X-Hacker
Cf-Apo-Via
X-Cache-Group
X-Vhost
X-Age
X-Turbo-Charged-By
X-Proxy-Cache
EagleId
Keep-Alive
X-Rq
X-Via
X-Dispatcher
X-Server
X-Amz-Version-Id
X-AH-Environment
X-Ws-Request-Id
X-Litespeed-Cache
X-Check
X-Varnish-Cache
X-WebKit-CSP
Xkey
Grace
X-Server-Powered-By
X-Swift-CacheTime
X-Swift-SaveTime
X-Pingback
Ali-Swift-Global-Savetime
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-OneAgent-JS-Injection
Allow
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Cache-Lookup
X-Page-Speed
X-Cloud-Trace-Context
X-Device
X-Dns-Prefetch-Control
X-Akam-SW-Version
X-Backend-Server
X-Host
Surrogate-Control
EagleEye-TraceId
X-Response-Time
X-Readtime
Cf-Railgun
X-Node
X-HW
Request-Id
X-Ruxit-JS-Agent
X-Country
X-Url
X-Country-Code
X-Server-Id
Content-Location
X-Nginx-Cache-Status
Cache-Tag
X-Content-Type
X-Nginx-Upstream-Cache-Status
Service-Worker-Allowed
X-Trace
Fastly-Restarts
X-Clacks-Overhead
Cross-Origin-Opener-Policy
X-Rack-Cache
X-Application-Context
X-Amz-Server-Side-Encryption
X-NWS-LOG-UUID
X-Times
X-Vname
X-TtlSet
X-PC
Surrogate-Key
X-LiteSpeed-Cache
X-Mcache
X-Edge
X-Midtier
Rating
X-Server-Name
X-Cache-TTL
X-Middleton-Display
X-Sol
Pagespeed
Display
X-Server-ID
X-Cnection
X-Powered-By-Plesk
X-Element-Page-Cache
X-Browser-Type
X-Abt-Application-Version
X-Kinja-Revision
X-Kinja
X-Exp-Id
X-Kinja-Build
X-Cdn-Fetch
X-GoogleNews-Bot
X-Kinja-Server
X-Exp-Variant
X-ESI
X-GitHub-Request-Id
X-Oneagent-Js-Injection
Nginx-Cache
X-ECACHE
Edge-Control
X-Vcap-Request-Id
X-D2id
Verso
X-Ac
X-ORACLE-DMS-RID
X-MS-InvokeApp
X-Ser
X-Ratelimit-Limit
X-Client-IP
X-Ruxit-Js-Agent
X-Amz-Rid
X-Wormhole-Sdk
X-Middleton-Response
X-Ratelimit-Remaining
Response
X-CST
X-ARC
X-Goog-Hash
X-Powered-CMS
X-Dw-Request-Base-Id
X-Navigation-Version
X-Kinsta-Cache
X-Edge-Location-Klb
X-Instrumentation
X-Erf-Bev-Bev-Is-Generated
X-Server-Lifecycle-Phase
X-Erf-Bev-Bev
X-PDP-UNCACHING-HASH
X-Kraken-Loop-Name
X-Upstream
X-B3-TraceId
X-Forwarded-For
X-Amzn-Trace-Id
SPRequestDuration
SPIisLatency
X-FTR-Request-ID
X-Cache-Key
RTSS
X-Mod-Pagespeed
Edge-Cache-Tag
X-Content-Digest
Origin-Trial
Cache-Status
Public-Key-Pins
AR-PoweredBy
AR-ATIME
AR-Request-ID
AR-SID
X-Daa-Tunnel
X-Ezoic-Cdn
X-FastCGI-Cache
X-Version
X-ORACLE-DMS-ECID
SPRequestGuid
X-SharePointHealthScore
X-Fastly-Request-ID
X-NF-Request-ID
X-Mg-S
X-Ttl
Realpath
S
X-MSEdge-Ref
X-Shield-Request-Id
X-T
X-Recruiting
Front-End-Https
Fastcgi-Cache
Pinterest-Version
X-Pinterest-Rid
Pinterest-Generated-By
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Accel-Expires
X-Xrds-Location
Cross-Origin-Resource-Policy
X-Distributor
X-Cached
AR-CACHE
X-TTL
Access-Control-Request-Method
Arr-Disable-Session-Affinity
X-Azure-Ref
TP-Cache
X-Request-Processing-Time
X-Request-Received
X-HS-Content-Id
X-HS-Hub-Id
X-Id
Count-Hit
X-Correlation-Id
X-Nf-Request-Id
X-HS-Cache-Config
X-Ua-Browser
X-Debug
Cache-Tags
X-Ismobilevalue
X-LLID
X-Cluster-Name
Server-Node
Akamai-GRN
X-NGENIX-Cache
X-Content-Security-Policy-Report-Only
MicrosoftSharePointTeamServices
X-Newrelic-App-Data
X-GUploader-UploadID
X-Hits
X-Frontend
X-Varnish-TTL
X-VARITI-CCR
X-Varnish-Backend
X-HS-Combine-CSS
X-TraceId
X-Protected-By
X-Aspnetmvc-Version
X-Amz-Replication-Status
X-PressLabs-Stats
Accept-Ch
X-Goog-Metageneration
X-Fastcgi-Cache
X-Request-Handler-Origin-Region
Payment
X-Microsite
X-LB-Cache
X-Page-Id
X-Unique-Id
X-Ratelimit-Reset
X-Varnish-Ttl
X-FB-Debug
X-Git-Hash
X-Logged-In
X-Az
X-AppVersion
X-DIS-Request-ID
Cleartype
X-Varnish-Server
X-Activity-Id
Content-Disposition
X-Www-Served-By
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-HP-Trace-Id
X-Cambria-Cache-Control
X-Hostname
X-HP-Webp
X-Jurisdiction
Host
X-Template
X-Amzn-RequestId
X-Amz-Apigw-Id
Filterid
X-Forwarded-Proto
Amp-Access-Control-Allow-Source-Origin
X-App-Server
X-Geo-Country
Version
X-Load-Cache
Accept-Ch-Lifetime
Accept-Charset
Mrf-Cache-Status
MRF-Tech
Frame-Options
X-B3-TraceId-Primal
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Aspnet-Version
X-Type
X-WP-CF-Super-Cache
Access-Control-Allow-Method
Trailer
X-Envoy-Decorator-Operation
X-WP-CF-Super-Cache-Cache-Control
X-Upgrade-Enabled
X-TEC-API-ROOT
X-ASPNET-VERSION
X-TEC-API-VERSION
Fastly-SWR
X-TEC-API-ORIGIN
Fastly-SIE
X-Content-Options
X-Cache-Age
Section-Io-Cache
X-TT
X-Fb-Rlafr
X-Origin-Server
Viewport
X-Source
X-B
X-B3-Sampled
X-Grace
X-Ah-Environment
X-Cache-Control
Server-Name
X-Rid
X-HS-Prerendered
X-Device-Type
Retry-After
X-Language
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Buckets
Content-MD5
X-Magnolia-Registration
X-Px
X-Request-Guid
MS-Author-Via
X-Mobile
X-Cdn
X-Trace-Id
TCN
X-Revision
X-EdgeConnect-Cache-Status
X-Vcl-Version
X-Akamai-Edgescape
X-Country-Code-Real
X-FTR-Backend
X-FTR-Cache-Status
Healthy
X-FTR-Expires
X-Varnish-Grace
X-FTR-Balancer
X-FTR-Backend-Server
Protected
X-WP-CF-Super-Cache-Active
X-Backend-Name
X-Tec-Api-Root
X-Tec-Api-Version
X-Tec-Api-Origin
Charset
X-RM-Cache-TTL
X-Original-Request-Id
X-Proxy
Cross-Origin-Embedder-Policy-Report-Only
Upgrade-Insecure-Requests
SD-X-WS
X-Response-Served-From
X-CSRF-Token
X-Debug-Info
X-Instance
X-App-Environment
X-B3-Traceid
X-ServerID
X-Status
X-Rule
X-Rendered-As
X-RemovedCookies
X-ProcessESI
X-Tumblr-User
X-Tumblr-Pixel
X-Is-Bot
X-NYM-Debug-Backend
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
X-FW-Serve
X-FW-Server
X-FW-Version
X-Node-Name
X-FW-Type
X-Mg-Request-UUID
X-Adobe-Content
X-FW-Dynamic
Access-Control-Request-Headers
X-Framework
X-Adobe-Loc
Cross-Origin-Window-Policy
NGB
X-Region
X-Cache-Time
X-FW-Static
X-FW-Hash
X-UUID
X-Storage
X-Cacheable-TTL
X-Debug-IsPreview
X-Datadog-Trace-Id
X-Datadog-Parent-Id
X-Yottaa-Optimizations
GEO-INFO
MS-CV
Ms-Operation-Id
X-Yottaa-Metrics
X-Content-Powered-By
X-Datadog-Sampled
X-Debug-IsConnected
X-RTag
X-Datadog-Sampling-Priority
X-L-Path
Refresh
X-G
X-Proxy-Cache-Info
X-Environment-Context
X-Edge-Location
X-Whom
OT-Force-Account-Verify
X-Contextid
X-Lambda-Id
Webserver
Section-Io-Id
X-Amz-Meta-S3cmd-Attrs
Countrycode
X-Reqid
X-Amzn-Remapped-Content-Length
DC
X-Origin-Cache
X-User-Agent
X-Resp-Is-Stale
X-CCDN-Origin-Time
X-Hcs-Proxy-Type
Paypal-Debug-Id
X-CCDN-CacheTTL
X-VC
X-Server-W
X-HTML-Minification-Powered-By
X-Seen-By
Alternate-Protocol
Front
SRV
Priority
X-B3-SpanId
X-Real-IP
X-DataDome
X-Time
X-ECache
X-WebKit-CSP-Report-Only
Cross-Origin-Opener-Policy-Report-Only
X-Nginx-Cache
X-Origin-CC
X-WP-CF-Super-Cache-Cookies-Bypass
X-Origin-TTL
X-Mode
Liferay-Portal
WPO-Cache-Message
X-IPS-LoggedIn
X-TT-LOGID
WPO-Cache-Status
Xet-Cookie
X-Rocket-Nginx-Serving-Static
X-Hl-Ver
Backend
X-Akamai-Request-ID2
Ohc-File-Size
X-AB
Country
X-Cache-Status-Check
Onion-Location
X-N
X-HS-CF-Cache-Status
TWC-Connection-Speed
X-JoinUs
TWC-Device-Class
X-Origin-Hint
X-Redis-Cache
Fastcgi-Useragent
TWC-Locale-Group
X-Format
X-DynaTrace
Filters
Meta-Geo
Environment
Property-Id
ServerID
X-Rewrite-Enabled
X-Tumblr-Pixel-2
Web-Mar-Node
X-Cache-Action
X-Cache-Host
X-Rn-Rsrv
X-UPSTREAM-Address
Webcakes-App-Version
Webcakes-App-Name
Webcakes-Region
TWC-GeoIP-Country
X-Say-Cacheable
X-SaId
TWC-Privacy
X-Say-TTL
TWC-GeoIP-LatLong
X-FB-TRIP-ID
X-SayCDN-TTL
X-Handled-By
X-Accel-Version
X-Fetched-On
Uber-Trace-Id
X-Director
X-VC-Cache
X-Varnish-Age
DB-Nickname
Expiry
Mn-Server-Ip
X-Labrador-Cache-Channel
X-Connection-Hash
X-IPLB-Request-ID
X-Loop
X-Origin-Date
X-Restarts
X-R9-Blue-Green-Version
X-PHP-Host
X-IPLB-Instance
X-Scope-Id
X-Cluster-Node
X-Tncms
X-Cache-Expired-At
X-Detected-As
X-Soup
X-Hosted-By
X-Skip-Cache
X-Cms-Context
X-Vcache
From-Origin
X-Tb
X-Tumblr-Pixel-3
X-BYPASS-REASON
X-Forwarded-Host
X-Webstats-RespID
X-Web-Node
X-Varnish-Cache-Hits
X-Servername
Apigw-Requestid
Atl-Traceid
X-Frame-Option
X-Adobe-Source
X-Ms-Request-Id
X-Logging-Id
X-Varnish-Beresp-Grace
Url
X-ProxyCache-Key
X-Httpd
X-ProxyCache-Status
X-Ms-Version
X-Cluster
X-Auth-Group-Type
Selected-Fe
X-Proxy-Build
ServedBy
X-RateLimit-Remaining
X-Timing-Wait
X-Served-From
X-Zipkin-Id
X-Cloudmap
X-S
X-Routing-Service
X-Origin
X-Proxied
X-Extlb
X-Hit
Cross-Origin-Embedder-Policy
Accept-Language
X-LSADC-Cache
X-Request-URI
Surrogated-Key
X-Azure-Ref-OriginShield
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
LB
Referer-Policy
X-Worker
X-Lagoon
N-Cache
X-SRV
X-Sucuri-Cache
X-Cache-Hit
X-App-Version
X-Generated-By
X-Generation-Time
X-CDN-Forward
X-Drupal-Cache-Contexts
Xserver
X-Drupal-Cache-Tags
X-Fastly-Request-Id
X-Cdn-Origin
CF-IPCountry
X-Sucuri-ID
X-MP-GENERATED-AT
X-Xfnlog-Site
VIX-Pulpo-Upstream-Status
X-Tx-Id
X-TA-CDN-Provider
VIX-Pulpo-Node
Source
X-Wix-Request-Id
X-F-Cache
Node
X-Cache-Debug
X-NWS-UUID-VERIFY
Ohc-Cache-HIT
X-RCS-CacheZone
Cache
X-Mly-Id
X-Via-Edge
X-Via-SSL
X-Via-CDN
Edge-Copy-Time
X-Cache-Rule
X-AIR-PT
X-Varnish-Beresp-Ttl
X-VCT
X-INCAP-ABP
X-Pad
X-NODE
X-VC-TTL
Cache-Provider
CDN-RequestId
X-Is-Tablet
X-Site-Version
X-Is-Supported-Browser
Locale
X-Is-Desktop
X-Geo-Region
X-Tcp-Rtt
X-Urbn-Context-Path
X-Browser-Name
X-Urbn-Site-Id
X-Is-Mobile
X-ElasticPress-Query
X-XRDS-Location
X-No-Session
X-UA
X-Path
X-Origin-Time
X-Org
L5d-Success-Class
Host-ID
X-PAYTM-SRV-ID
HA-Ipaddr
Fastly-GeoIP-CountryCode
X-Platform-Server
Fastly-SSL
Fl-Custom-Application
Ha-Gx-Prefs
X-Op-Id-All
X-Nyt-Route
MD5-Digest
X-HS-Content-Campaign-Id
X-HN
X-Geolocation
X-GeoIP-Region-Code
X-Ig-Origin-Region
Mail-Subject
Lang
X-Mvc-Supplant-Cachable
X-Jobs
X-Ig-Push-State
Fastly-Backend-Name
Expect-Staple
X-Slack-Backend
X-Slack-Shared-Secret-Outcome
X-Section
X-SD-PageType
X-ScT
X-GEO
X-VarnishDD-TTL
Xc-Version
X-Vtex-Remote-Cache
X-Vdms-Version
X-Locale
Apple-News-Services-Handled
X-S-Cookie
X-Rojux
DCR-Decision-By
X-Proxied-Request
X-Proto
DCR-Processing-Time-Ms
Cluster
Candidate-Md5Url
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
BehaviorPad-Version
Meta-Geo-Continent
X-GeoIP-Country-Code
X-A-Dcw
X-A-Dam
X-A-Dgt
X-Cache-NE
X-A-Wwc
X-Cache-Operation
X-CGP
Wxu-Next-Region
Wxu-Next-Hostname
X-A
X-Conf
X-A-Ccd
X-Cache-Info
X-Cache-Grace
X-Aed
X-Backend-Instance
X-Aicache-OS
X-Application
Mime-Version
X-Access
X-Bc-Bl
X-Bug-Bounty
X-Bl-Debug
X-AB-Test
X-BCube-Filmed-By
X-Csrf-Jwt
X-D
X-External-Request-Id
Origin
X-Eu-Site
X-Ec-GeoHdr
PFcat
Odigeo-Trace-Id
X-FC-Vary-Parameters
X-GeoCountry
X-GeoCode
X-Gdpr
Ngx.Var.Host
X-Ec-Fail
X-DPWN-IS-SECURE
X-Debug-Cache-Store
X-Destination
X-Debug-Cache-Fetch
We-Hiring
Web-Mar-Region
W
Sslversion
Producers
Redirect-Candidate
Rendered-Blocks
X-Developer
X-B-Cookie
Wxu-Next-Commit
X-B-Cache
X-Signature
X-Via-JSL
X-Oracle-Dms-Ecid
X-Mvc-Supplant-OutputCached
X-NodeID
X-NMSegId
X-Node-Id
V-Age
User-Cache-Control
X-Micro-Cache
X-Accel-Expires-Debug
X-Human
X-Irp-Debug
X-Level-Front-Cache
X-Location
X-Loc
X-Origin-Expires
Thinkindot-CacheControl-Type
RNT-Machine
RNT-Time
X-SB
Req-Svc-Chain
X-Scheme
X-Shield-Cache-Expires
Product
Server-Host
X-Content-Length
TDXMobile
Thinkindot-CacheControl
X-Hnp-Log
X-Policy
X-Powered-By-VTEX-Cache
X-Request-Host
X-Req
X-Platform
X-Gzip
X-Cache-Id
X-Dispatcher-Server
X-Litespeed-Tag
X-Ec-Custom-Error
X-Cache-Date
X-Epic-Correlation-Id
X-Block-Status
X-DefHash
X-Cached-By
X-CUA
X-Core-Value
X-Content-Age
X-Date
X-Clientip
X-CacheTTL
X-DefElseHash
X-Esi-Check
X-BBC-Edge-Cache-Status
X-Akamai-Device-Characteristics
X-Amz-Meta-Cb-Modifiedtime
X-GeoIP
X-AK-Request-ID
X-GeoIP-City
Platform
X-GoCache-CacheStatus
X-Amz-Storage-Class
X-Generated-On
X-Fmm-Version
X-B3-Trace-ID
X-Fastly-Backend
X-Gamma-Serve
X-Auto-Login
X-App-Name
X-Gen-Mode
X-Hash
X-Request-Time
X-V-Cache
Cdnsip
Gh-Request-Id
X-Viewer-Country
Cdncip
X-User
L
X-Vmg-Version
CDCHOST
X-TIM-N
X-Via-Fastly
Content-Script-Type
X-Varnish-Remaining-TTL
Content-Style-Type
Debug
X-VG-WebCache
X-Varnish-Director
X-Varnish-CookieINHashed-On
Gannett-Cam-Experience-Id
Content-Secure-Policy
X-Varnish-CookieHashed-On
Canary
X-Thinkindot-L3
NM-Fastcgi-Cache
X-VTEX-Cache-Time
X-Wikidot-Backend
Azure-Version
Origin-Agent-Cluster
X-Zen-Fury
Azure-SiteName
Azure-InstanceId
X-VServer
X-Wikidot-Static-Cache
Azure-RegionName
X-VTEX-Cache-Server
Azure-SlotName
Akamai-Mon-Iucid-Del
X-Cdn-Srv
X-Acquia-Purge-Cdn-Unconfigured
X-Contensis-Viewer-Groups
X-Internal-TTL
Yak-Timeinfo
Country-Code
XM
Click-Count-Error
Cdn-Host
X-VG-TLSProxy
X-Cache-Aspx
X-Edge-Server
Cdn-Request-Time
X-Cache-FS-Status
X-Bip
Click-Count-Action-Start
X-Alternate-Cache-Key
X-Depends
X-IsAdmin
X-Request-Start
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Storefront-Renderer-Rendered
ServerName
X-Thanos
X-Pool
Ssr
Origin-CC
NGX
X-Sorting-Hat-ShopId
X-Sn-Servicetimems
X-ShopId
X-Shopify-Stage
Origin-EX
X-ShardId
X-Sorting-Hat-PodId
Req-ID
Release
X-Server-IP
X-UA-Device-Type
X-Pubstack
Tube-Return
Tube-Got-Eval
Tube-Get-Contents
User-Agent
X-Varnish-Authentication
DSUID
X-Men
X-Varnish-Beresp-Status
X-Origin-Response-Time
Tube-Got-Results
X-Ua-Device
CDN-Cache
CDN-PullZone
X-Varnishpool
Fastly-Drupal-HTML
X-LB-NoCache
X-Service
CDN-CachedAt
X-We-Are-Hiring
X-Var-Ttl
CDN-RequestPullSuccess
X-Tb-Optimization-Total-Bytes-Saved
CDN-EdgeStorageId
CDN-RequestPullCode
CDN-RequestCountryCode
CDN-Uid
X-Presslabs-Stats
X-DC
X-SIPLIST1
X-TH-Server
X-NGINX-Cache
X-Tt-Logid
X-Cs
Cdn-Requestid
Sid
X-HOST
IsBot
X-RID
Pramga
X-Proxy-Cache-Status
X-ORCA-Accelerator
X-Varnish-Hits
X-Vgn-Hpd-Reason
GeoIP-Latitude
X-CACHE-GROUP
X-Moov-T
X-Moov-Xdn-Caching-Status
X-Moov-Xdn-Version
X-Old-Content-Length
X-RequestId
X-Refresh
X-Servedbyhost
X-NewRelic-App-Data
X-Upstream-Ht
X-Upstream-Ct
Esi-Enabled
CloudFront-Viewer-Country
X-HubSpot-Correlation-Id
X-HITS
X-Wa
X-Nc
N1-Cache
X-Api-Version
X-Cache-Bucket
C-Via
X-Via-Popn
X-Via-Poph
Server-ID
X-HA-Backend
X-Via-Popv
X-ZONE
XkeyRZ
Cache-Key
A
X-LB-ID
X-Action
X-LiteSpeed-Tag
X-Proxy-CacheRZ
X-LiteSpeed-Cache-Control
X-DynaTrace-JS-Agent
X-Zone
X-Newrelic-Synthetics
X-Nananana
TWC-GeoIP-City
TWC-GeoIP-DMA
HostName
Cache-Hits
X-APP
X-Vercel-Id
Location
X-Vercel-Cache
X-Cache-VC
X-Thinkindot-L1
TWC-GeoIP-Region
X-Webkit-CSP
X-Parent-Response-Time
AMP-Access-Control-Allow-Source-Origin
X-Webkit-Csp-Report-Only
X-B3-Parentspanid
X-Endurance-Cache-Level
X-B3-Spanid
X-Srv
X-Dc
X-URL
WP-Super-Cache
X-COUNTRY
X-CS
X-Webkit-Csp
X-API-Version
X-Cdn-Forward
X-ApacheServer
SID
Proxy-Firewall
X-PERF
X-Fpc
X-Ua
Fastly-Drupal-Html
X-CACHE-AGE
X-Render-Time
X-WA-Info
Uri
TP-L2-Cache
X-Litespeed-Cache-Control
X-Optimistic-Header
GeoIp-Country-Code
Server-Hostname
Sever-Int
Server-Ext
X-DataCenter
True-Client-Country-4JS
X-Nitro-Cache
True-Client-Ip
X-Uri
X-Jungle-Id
X-Ion-Healthy
Cache-Contol
RewriteTeamHook
RewriteTestHook
X-Test
X-Ion-Hop
GeoIP-Country-Code
X-Datacenter
Cdn
Resin-Trace
Is-Eu
Cmsid
Cmstype
X-Datadome
True-Client-IP
Adler-Geo
My-App
SEZNAM-JOBS-OFFER
X-Dispatcher-Number
X-From
X-Up
X-Ssense-Gql
X-Ssense-Shipping-Surcharge-Enabled
X-CLOUD-TRACE-CONTEXT
X-Nginx-Cache-Key
WZWS-RAY
Log-Origin
X-Pass-Why
X-SERVER-NAME
Sm-Log-Id
X-Service-Response-Time
X-Stale
X-Udemy-Cache-App-Namespace
CacheControlHeader
Tcn
X-Varnish-Beresp-TTL
X-AWS-Id
X-LJ-Flow-ID
X-Client-Ip
X-VWS-Id
X-Custom-Header
X-FPC
X-Geo-Header
X-Air-Pt
X-RateLimit-Limit
T-Server
X-Provided-By
X-Dynatrace-Js-Agent
X-Srcache-Fetch-Status
X-Srcache-Store-Status
X-Oracle-Dms-Rid
Lb
X-App
X-APP-VERSION
X-ND-Cache
Srv
X-VCL-Version
Vc-Max-Age
X-Cache-Server
X-CMSURLCustom
Hostname
X-Debug-Service
X-Air-Trace-Id
X-Fastly-Cache-Status
X-Air-Source
Serverhost
X-Air-Hostname
X-TX-ID
Origin-Site
Pics-Label
Server-Id
S-Rt
X-Vc
Av-Poweredby
Powered-By
AKAMAI-GRN
X-Lb-Id
X-Correlation-ID
X-Cdn-Cache-Status
Cache-Tv-Group
X-SRCache-Key
X-Fastly-Backend-Reqs
X-Varnish-Hostname
X-Akamai-Pragma-Client-IP
Cf-Ipcountry
X-Cache-Ttl
X-Via-PopH
X-Cache-TTL-Remaining
X-Html-Minification-Powered-By
NtCoent-Length
X-Ha-Backend
ServerHost
X-Via-PopV
X-NC
X-Oracle-DMS-ECID
X-WA
Ms-Author-Via
X-Via-PopN
Edge-Cache
Vix-Hermes-Req-Id
X-XRDS-LOCATION
X-Esi
Pragrma
Epwk-X-Cache
X-Fastly-Cache
Geoip-Latitude
YJS-ID
X-Ckpd-Fst-Backend
X-LAGOON
X-Requestid
Cloudfront-Viewer-Country
X-ServedByHost
Machine
WWW-Authenticate
X-Sigma
X-Proxy-Cache-La3
Xkey-La3
X-Rocket-Build-Number
X-Sigma-Backend
WebServer
On-Server
Thinkindot-Control
X-Traceid
X-Region-Sid
Xkeylog
X-Forwarded-Site
CountryCode
X-HS-Status
Nord-Request-ID
X-MSEdge-Features
X-Sucuri-Id
X-MSEdge-Flight
Warning
X-PHP-Backend
Time-Cloud-Cache
X-Ee-Origin
X-Ee-Generated-By
X-Wp-Cf-Super-Cache
Store-Cloud-Cache
X-Save-Cache
X-Amz-Meta-Opti
X-Wp-Cf-Super-Cache-Cache-Control
X-Ee-Request-Date
X-Vary-Devices
Reporter
X-IAuth-Set-Uid
X-Cms-Device
X-Check-Cacheable
X-Serial
X-Ee-Request-Id
FSS-Cache
X-Lb-Nocache
AKAMAI
X-Lsadc-Cache
X-Cdn-Request-ID
X-Mg-Cache
Timeexpire
Cneonction
X-Akamai-ERPolicy
X-Akamai-ERRuleID
X-Tncms-Bot-Tier
X-Akamai-Transformed
X-Pod
X-Limited
X-Orig-Cache-Control
X-Elasticpress-Query
X-Web-Server
X-VTEX-Cache-Backend-Connect-Time
X-Td-Header-From-No-Data
Thinkindot-Cache-Type
X-BBC-Origin-Response-Status
X-Dw-Trace-Id
X-VTEX-Cache-Backend-Header-Time