Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
X-Frame-Options
Expires
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
CF-Cache-Status
Cf-Request-Id
ETag
Accept-Ranges
Expect-CT
CF-RAY
Pragma
X-Powered-By
X-Cache
Via
Age
X-XSS-Protection
Content-Security-Policy
Alt-Svc
Report-To
NEL
Referrer-Policy
X-Xss-Protection
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
X-Served-By
P3P
X-Download-Options
Accept-CH
X-Timer
Access-Control-Allow-Headers
X-Request-Id
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
CF-Ray
Content-Security-Policy-Report-Only
X-DNS-Prefetch-Control
X-Runtime
X-AspNet-Version
X-Drupal-Cache
P3p
Server-Timing
X-Generator
X-Cache-Status
X-Cacheable
X-Envoy-Upstream-Service-Time
Timing-Allow-Origin
X-FRAME-OPTIONS
X-Iinfo
Permissions-Policy
X-Drupal-Dynamic-Cache
X-Request-ID
X-Content-Security-Policy
X-Ua-Compatible
Feature-Policy
Access-Control-Expose-Headers
Upgrade
Content-Encoding
Status
X-CDN
X-AspNetMvc-Version
Access-Control-Max-Age
Host-Header
X-Check
Cf-Edge-Cache
X-Robots-Tag
Request-Context
X-Amz-Request-Id
X-Backend
X-Amz-Id-2
X-Hacker
Cf-Apo-Via
X-Cache-Group
X-Turbo-Charged-By
X-Proxy-Cache
Keep-Alive
X-Age
X-Rq
X-Via
X-UA-Device
EagleId
X-Server
X-Dispatcher
Accept-CH-Lifetime
X-Vhost
X-Amz-Version-Id
X-AH-Environment
X-Ws-Request-Id
X-Litespeed-Cache
X-Varnish-Cache
Grace
X-Server-Powered-By
X-OneAgent-JS-Injection
X-Pingback
X-Swift-SaveTime
X-Swift-CacheTime
X-WebKit-CSP
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
Allow
Ali-Swift-Global-Savetime
X-Dns-Prefetch-Control
X-Cache-Lookup
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Page-Speed
Xkey
X-Cloud-Trace-Context
X-Device
X-Backend-Server
X-Akam-SW-Version
X-Host
EagleEye-TraceId
Surrogate-Control
X-Response-Time
X-Readtime
Cf-Railgun
X-Server-Id
X-Node
X-HW
X-Ruxit-JS-Agent
Request-Id
X-Country
X-Url
X-Nginx-Cache-Status
Content-Location
X-Content-Type
Cache-Tag
X-LiteSpeed-Cache
X-Nginx-Upstream-Cache-Status
Service-Worker-Allowed
X-Clacks-Overhead
X-Application-Context
Fastly-Restarts
X-Country-Code
X-Trace
X-NWS-LOG-UUID
Cross-Origin-Opener-Policy
X-Amz-Server-Side-Encryption
X-Rack-Cache
X-Times
X-PC
X-Vname
X-TtlSet
X-Mcache
X-Midtier
X-Edge
Surrogate-Key
Rating
X-Server-Name
X-Cache-TTL
Pagespeed
X-Sol
Display
X-Middleton-Display
X-Browser-Type
X-Cnection
X-Element-Page-Cache
X-Abt-Application-Version
X-GoogleNews-Bot
X-Kinja-Revision
X-Exp-Id
X-Kinja
X-Kinja-Server
X-Cdn-Fetch
X-Exp-Variant
X-Kinja-Build
X-Powered-By-Plesk
Nginx-Cache
X-ESI
X-GitHub-Request-Id
Edge-Control
X-Vcap-Request-Id
X-Ser
X-D2id
X-Ac
Verso
X-ECACHE
X-MS-InvokeApp
X-Client-IP
X-ORACLE-DMS-RID
X-ARC
X-Dw-Request-Base-Id
X-Amz-Rid
X-Middleton-Response
Response
X-CST
X-B3-TraceId
X-Powered-CMS
X-Goog-Hash
X-Wormhole-Sdk
X-Navigation-Version
X-Ratelimit-Limit
X-Kinsta-Cache
X-Oneagent-Js-Injection
X-Edge-Location-Klb
X-Upstream
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Instrumentation
X-PDP-UNCACHING-HASH
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
X-Forwarded-For
X-Ratelimit-Remaining
X-Amzn-Trace-Id
X-FastCGI-Cache
Accept-Ch-Lifetime
X-Daa-Tunnel
RTSS
X-Ruxit-Js-Agent
X-Cache-Key
SPIisLatency
SPRequestDuration
X-Mod-Pagespeed
Edge-Cache-Tag
AR-Request-ID
AR-PoweredBy
Cache-Status
AR-SID
AR-ATIME
Public-Key-Pins
X-Server-ID
X-Content-Digest
X-ORACLE-DMS-ECID
X-Ezoic-Cdn
X-Ttl
X-Version
X-Mg-S
X-SharePointHealthScore
SPRequestGuid
X-NF-Request-ID
S
Realpath
X-MSEdge-Ref
Cross-Origin-Resource-Policy
X-Shield-Request-Id
X-T
AR-CACHE
Fastcgi-Cache
X-Recruiting
X-Fastly-Request-ID
X-Cached
Front-End-Https
X-Accel-Expires
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Distributor
X-Ua-Device
Origin-Trial
X-Varnish-TTL
X-Azure-Ref
Access-Control-Request-Method
X-Newrelic-App-Data
TP-Cache
Arr-Disable-Session-Affinity
Count-Hit
X-Request-Processing-Time
X-Ua-Browser
X-Request-Received
X-Id
Pinterest-Version
Pinterest-Generated-By
X-TTL
X-Debug
X-HS-Hub-Id
X-HS-Content-Id
X-Pinterest-Rid
X-HS-Cache-Config
X-LLID
Cache-Tags
MicrosoftSharePointTeamServices
Server-Node
X-Nf-Request-Id
X-Content-Security-Policy-Report-Only
X-Ismobilevalue
X-Cluster-Name
X-PressLabs-Stats
X-Correlation-Id
X-VARITI-CCR
X-Frontend
X-Xrds-Location
X-Hits
X-FTR-Request-ID
X-HS-Combine-CSS
X-GUploader-UploadID
X-Varnish-Backend
X-Aspnetmvc-Version
X-NGENIX-Cache
X-Amz-Replication-Status
X-Protected-By
Payment
X-Goog-Metageneration
Accept-Ch
X-Microsite
X-Request-Handler-Origin-Region
X-Unique-Id
X-LB-Cache
Cleartype
Akamai-GRN
X-Varnish-Server
X-FB-Debug
X-Activity-Id
X-Git-Hash
X-AppVersion
X-Www-Served-By
X-Az
X-Tt-Trace-Host
X-Forwarded-Proto
Content-Disposition
X-Tt-Trace-Tag
X-Logged-In
X-Ratelimit-Reset
Host
X-Hostname
X-Page-Id
Filterid
X-DIS-Request-ID
X-HP-Webp
X-Jurisdiction
X-HP-Trace-Id
X-Cambria-Cache-Control
X-Amz-Apigw-Id
X-Amzn-RequestId
X-App-Server
X-Template
X-Geo-Country
X-Varnish-Ttl
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
Frame-Options
Access-Control-Allow-Method
Amp-Access-Control-Allow-Source-Origin
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Generation
X-Origin-Server
X-Aspnet-Version
X-Upgrade-Enabled
Version
X-WP-CF-Super-Cache-Cache-Control
X-Type
X-Load-Cache
MS-Author-Via
X-Fastcgi-Cache
X-WP-CF-Super-Cache
Viewport
X-ASPNET-VERSION
Fastly-SWR
Fastly-SIE
Section-Io-Cache
X-Content-Options
X-Fb-Rlafr
X-Cache-Control
X-TT
Retry-After
Accept-Charset
X-Rid
X-B3-Sampled
X-Ah-Environment
X-Grace
X-B
Content-MD5
Trailer
X-Source
X-TraceId
X-Envoy-Decorator-Operation
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Tec-Api-Version
X-Tec-Api-Origin
X-Tec-Api-Root
X-Cache-Age
X-Vcl-Version
X-Device-Type
X-Request-Guid
Server-Name
X-Trace-Id
X-Revision
X-Language
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Magnolia-Registration
X-TEC-API-ORIGIN
X-Cdn
X-Buckets
Healthy
X-Px
X-Mobile
TCN
X-WP-CF-Super-Cache-Active
X-Backend-Name
X-Webkit-CSP
X-CSRF-Token
X-EdgeConnect-Cache-Status
X-Akamai-Edgescape
X-HS-Prerendered
X-Origin-Cache
X-Contextid
X-Varnish-Grace
X-Amz-Meta-S3cmd-Attrs
X-Status
X-RM-Cache-TTL
X-App-Environment
X-Debug-Info
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
X-Environment-Context
X-Tumblr-Pixel
X-NYM-Debug-Backend
X-ProcessESI
X-Tumblr-User
X-Rule
X-RemovedCookies
X-Instance
X-L-Path
Cross-Origin-Window-Policy
GEO-INFO
X-UUID
X-FW-Serve
SD-X-WS
X-FW-Hash
X-Proxy
X-FW-Dynamic
X-Cache-Time
X-FW-Static
X-Proxy-Cache-Info
X-Node-Name
X-Region
X-FW-Version
X-ServerID
Access-Control-Request-Headers
X-Mg-Request-UUID
X-FW-Type
NGB
X-Storage
X-FW-Server
X-Framework
Protected
Ms-Operation-Id
MS-CV
X-Edge-Location
X-Datadog-Sampled
X-Adobe-Content
X-Datadog-Sampling-Priority
X-Debug-IsConnected
X-Debug-IsPreview
X-RTag
X-Datadog-Parent-Id
X-Datadog-Trace-Id
X-Adobe-Loc
X-Content-Powered-By
X-Cacheable-TTL
X-Rendered-As
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Is-Bot
Charset
X-G
Upgrade-Insecure-Requests
X-Whom
Countrycode
Refresh
Cross-Origin-Embedder-Policy-Report-Only
X-Response-Served-From
X-ECache
X-Original-Request-Id
DC
Webserver
Paypal-Debug-Id
X-HTML-Minification-Powered-By
X-RateLimit-Remaining
OT-Force-Account-Verify
X-Lambda-Id
X-User-Agent
X-Seen-By
X-B3-Traceid
Section-Io-Id
Front
X-VC
X-Reqid
X-Amzn-Remapped-Content-Length
X-WebKit-CSP-Report-Only
Alternate-Protocol
X-VHOST
X-TT-LOGID
X-Server-W
X-IPS-LoggedIn
X-CCDN-Origin-Time
Priority
X-Hcs-Proxy-Type
X-CCDN-CacheTTL
SRV
X-Akamai-Request-ID2
X-AB
X-Real-IP
X-Fastly-Request-Id
X-Time
X-Cache-Status-Check
X-WP-CF-Super-Cache-Cookies-Bypass
Country
X-N
Backend
Liferay-Portal
X-Mode
Xet-Cookie
X-Nginx-Cache
Onion-Location
Filters
X-FB-TRIP-ID
Meta-Geo
Fastcgi-Useragent
X-SaId
X-Rn-Rsrv
X-JoinUs
TWC-Privacy
Webcakes-Region
TWC-GeoIP-Country
X-Rewrite-Enabled
TWC-Connection-Speed
X-Cache-Host
TWC-Device-Class
Environment
Webcakes-App-Name
X-Origin-Hint
ServerID
X-Tumblr-Pixel-2
X-UPSTREAM-Address
Property-Id
X-Format
TWC-GeoIP-LatLong
TWC-Locale-Group
Webcakes-App-Version
Expiry
From-Origin
Mn-Server-Ip
X-Rocket-Nginx-Serving-Static
X-Tb
DB-Nickname
Uber-Trace-Id
Web-Mar-Node
X-IPLB-Request-ID
X-Hl-Ver
X-Say-Cacheable
X-Frame-Option
X-Skip-Cache
X-Hosted-By
X-VC-Cache
X-SayCDN-TTL
X-Say-TTL
X-IPLB-Instance
X-Scope-Id
X-Fetched-On
X-Accel-Version
X-Cache-Action
X-Varnish-Age
X-Restarts
X-Cache-Expired-At
X-Redis-Cache
X-Origin-Date
X-Cluster-Node
X-Connection-Hash
X-Webstats-RespID
X-Web-Node
X-Varnish-Cache-Hits
Apigw-Requestid
X-Tncms
Atl-Traceid
X-Varnish-Beresp-Grace
X-Labrador-Cache-Channel
X-Soup
X-Vcache
X-ProxyCache-Status
X-Handled-By
X-PHP-Host
X-Cms-Context
X-Forwarded-Host
X-Director
X-Httpd
X-Logging-Id
X-R9-Blue-Green-Version
X-ProxyCache-Key
X-BYPASS-REASON
X-Loop
X-Adobe-Source
X-Auth-Group-Type
X-Timing-Wait
X-Cluster
X-Served-From
Selected-Fe
X-Request-URI
X-Proxy-Build
Url
X-Servername
ServedBy
X-DataDome
X-B3-SpanId
X-Origin-TTL
X-Origin-CC
X-Cloudmap
X-DynaTrace
X-Routing-Service
X-S
X-Zipkin-Id
WPO-Cache-Status
Accept-Language
WPO-Cache-Message
X-Proxied
X-Extlb
X-Origin
X-Ms-Request-Id
X-Ms-Version
X-Hit
X-Detected-As
Cross-Origin-Embedder-Policy
Referer-Policy
X-Tumblr-Pixel-3
N-Cache
X-LSADC-Cache
Cross-Origin-Opener-Policy-Report-Only
X-Generated-By
X-Country-Code-Real
X-XRDS-Location
X-FTR-Backend
X-FTR-Cache-Status
X-Azure-Ref-OriginShield
X-FTR-Expires
X-SRV
X-FTR-Balancer
X-FTR-Backend-Server
Xserver
Surrogated-Key
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Wix-Request-Id
X-Worker
X-Lagoon
X-Xfnlog-Site
Ohc-File-Size
LB
X-Webkit-Csp
X-Generation-Time
X-Sucuri-Cache
X-NWS-UUID-VERIFY
X-App-Version
CF-IPCountry
X-HS-CF-Cache-Status
Source
X-Drupal-Cache-Tags
X-RCS-CacheZone
X-Cdn-Origin
X-Drupal-Cache-Contexts
Node
X-Sucuri-ID
X-F-Cache
X-Cache-Debug
X-VCT
X-Cache-Hit
X-MP-GENERATED-AT
X-Via-JSL
X-Geo-Region
X-Is-Supported-Browser
X-Is-Mobile
X-Is-Tablet
X-Browser-Name
X-Tcp-Rtt
X-Resp-Is-Stale
X-Tx-Id
CDN-RequestId
X-Is-Desktop
X-Urbn-Site-Id
X-Urbn-Context-Path
X-No-Session
Locale
X-NODE
X-Proxy-Cache-Status
X-Cache-Rule
Cache
X-Mly-Id
X-Varnish-Beresp-Ttl
X-TA-CDN-Provider
X-B-Cache
X-ElasticPress-Query
X-Signature
X-INCAP-ABP
X-Cache-Operation
X-Ig-Origin-Region
Content-Secure-Policy
X-Vdms-Version
DCR-Decision-By
X-Ig-Push-State
Cluster
X-Mvc-Supplant-Cachable
Candidate-Md5Url
X-Jobs
DCR-Processing-Time-Ms
X-HN
Fl-Custom-Application
X-GeoCountry
X-GeoCode
Fastly-GeoIP-CountryCode
Xc-Version
X-Vtex-Remote-Cache
Expect-Staple
Fastly-Backend-Name
Cache-Provider
X-Nyt-Route
X-Proxied-Request
Apple-News-Services-Handled
X-Rojux
X-Org
X-Origin-Time
X-PAYTM-SRV-ID
X-Platform-Server
X-Proto
X-Op-Id-All
Apple-News-Services-Host
X-TIM-N
BehaviorPad-Version
X-VarnishDD-TTL
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
X-ScT
X-Section
Ha-Gx-Prefs
X-Path
L5d-Success-Class
X-A
X-Conf
X-CGP
X-Cache-NE
X-Cache-Info
Wxu-Next-Region
Wxu-Next-Hostname
X-D
We-Hiring
X-Csrf-Jwt
Wxu-Next-Commit
X-A-Dam
X-Bug-Bounty
X-Backend-Instance
X-App-Name
X-Aicache-OS
X-Access
X-Bc-Bl
X-AB-Test
X-A-Dcw
X-A-Dgt
X-A-Wwc
X-BCube-Filmed-By
W
X-Debug-Cache-Fetch
Ngx.Var.Host
Meta-Geo-Continent
Odigeo-Trace-Id
Origin
PFcat
X-Gdpr
MD5-Digest
Host-ID
X-Aed
Lang
Mail-Subject
Producers
Redirect-Candidate
X-Ec-Fail
X-DPWN-IS-SECURE
X-Developer
X-Debug-Cache-Store
X-Ec-GeoHdr
X-Eu-Site
Rendered-Blocks
X-FC-Vary-Parameters
Sslversion
User-Agent
HA-Ipaddr
X-A-Ccd
X-Upstream-Ct
X-UA
X-Upstream-Ht
Mime-Version
X-NodeID
X-Storefront-Renderer-Rendered
X-Origin-Expires
X-ORCA-Accelerator
NM-Fastcgi-Cache
X-Cached-By
X-Sorting-Hat-ShopId
X-Accel-Expires-Debug
X-NMSegId
X-Mvc-Supplant-OutputCached
X-Alternate-Cache-Key
Origin-Agent-Cluster
X-Node-Id
X-Sorting-Hat-PodId
X-Platform
X-Dispatcher-Server
Fastly-SSL
X-DefElseHash
X-AK-Request-ID
X-Request-Time
X-Gzip
X-SB
Gannett-Cam-Experience-Id
X-Req
X-Policy
Platform
X-Depends
X-Powered-By-VTEX-Cache
X-DefHash
Gh-Request-Id
L
X-Edge-Server
Thinkindot-CacheControl-Type
X-Generated-On
X-HS-Content-Campaign-Id
Thinkindot-CacheControl
TDXMobile
X-Gamma-Serve
X-Irp-Debug
X-GeoIP
X-GeoIP-City
X-GoCache-CacheStatus
V-Age
X-Hash
X-GeoIP-Region-Code
Web-Mar-Region
X-GeoIP-Country-Code
X-Level-Front-Cache
X-Loc
X-ShardId
X-Esi-Check
X-Epic-Correlation-Id
X-ShopId
X-Shopify-Stage
Product
X-Litespeed-Tag
RNT-Machine
X-Location
X-Locale
X-Fastly-Backend
Server-Host
RNT-Time
X-Micro-Cache
X-Akamai-Device-Characteristics
Esi-Enabled
X-Varnish-Director
X-Varnish-CookieINHashed-On
X-Varnish-Remaining-TTL
X-Varnishpool
X-Via-Fastly
X-VG-WebCache
Azure-InstanceId
Azure-RegionName
X-Varnish-CookieHashed-On
X-Clientip
X-Pad
Azure-Version
Azure-SiteName
Debug
X-Viewer-Country
X-Vmg-Version
X-Cache-Aspx
X-Bl-Debug
X-Geolocation
X-CacheTTL
X-Cache-Id
X-Cache-Grace
X-Cdn-Srv
X-Wikidot-Static-Cache
X-VTEX-Cache-Server
X-VServer
X-VTEX-Cache-Time
X-We-Are-Hiring
X-Wikidot-Backend
X-Varnish-Authentication
Azure-SlotName
Cdncip
Content-Style-Type
X-Slack-Shared-Secret-Outcome
X-Auto-Login
X-Content-Length
Canary
X-Shield-Cache-Expires
X-Core-Value
X-Date
X-Slack-Backend
Cdnsip
Content-Script-Type
X-Amz-Storage-Class
X-B3-Trace-ID
X-Contensis-Viewer-Groups
X-V-Cache
CDCHOST
X-Var-Ttl
X-Thinkindot-L3
Cdn-Host
X-Amz-Meta-Cb-Modifiedtime
Cdn-Request-Time
X-SD-PageType
X-Scheme
X-NGINX-Cache
X-CDN-Forward
Akamai-Mon-Iucid-Del
X-Via-CDN
X-Via-Edge
Edge-Copy-Time
X-Via-SSL
X-Cache-FS-Status
X-Acquia-Purge-Cdn-Unconfigured
X-Content-Age
X-BBC-Edge-Cache-Status
X-Ec-Custom-Error
X-Bip
X-Fmm-Version
X-Block-Status
X-CUA
X-Gen-Mode
NGX
X-Sn-Servicetimems
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Tb-Optimization-Total-Bytes-Saved
Click-Count-Action-Start
Click-Count-Error
DSUID
X-Server-IP
X-SIPLIST1
X-Site-Version
X-Thanos
X-UA-Device-Type
X-B-Cookie
X-Destination
X-External-Request-Id
X-S-Cookie
X-Application
X-Cache-Date
X-Varnish-Beresp-Status
X-VG-TLSProxy
XM
Yak-Timeinfo
X-Request-Start
X-Request-Host
X-Internal-TTL
X-IsAdmin
ServerName
X-Men
X-Human
X-Hnp-Log
Tube-Return
Tube-Got-Results
Tube-Got-Eval
Tube-Get-Contents
Req-Svc-Chain
Req-ID
X-Service
IsBot
X-Pool
X-Pubstack
X-Origin-Response-Time
Origin-CC
Release
Pramga
Origin-EX
User-Cache-Control
Sid
CDN-PullZone
CDN-EdgeStorageId
CDN-CachedAt
CDN-Cache
CDN-RequestCountryCode
CDN-RequestPullSuccess
Ssr
Country-Code
CDN-Uid
X-Varnish-Hits
CDN-RequestPullCode
X-GEO
X-Api-Version
X-User
X-LB-NoCache
X-B3-Spanid
X-HOST
X-Zen-Fury
X-RID
Ohc-Cache-HIT
X-VC-TTL
AMP-Access-Control-Allow-Source-Origin
X-Cdn-Forward
X-CACHE-GROUP
A
XkeyRZ
X-Cache-Bucket
X-Refresh
Cache-Key
X-Proxy-CacheRZ
X-CLOUD-TRACE-CONTEXT
Cdn-Requestid
X-Cs
X-Oracle-Dms-Ecid
X-RequestId
X-ZONE
Fastly-Drupal-HTML
CloudFront-Viewer-Country
GeoIP-Latitude
X-Servedbyhost
X-Tt-Logid
X-Newrelic-Synthetics
X-HITS
X-AIR-PT
X-Dc
X-Nananana
X-TH-Server
X-Nc
X-Vgn-Hpd-Reason
C-Via
X-APP
X-DC
X-Optimistic-Header
TP-L2-Cache
X-Via-Popv
X-Via-Poph
X-B3-Parentspanid
X-HA-Backend
Server-ID
X-Via-Popn
X-Wa
X-Endurance-Cache-Level
X-LB-ID
X-Moov-T
X-Moov-Xdn-Caching-Status
X-HubSpot-Correlation-Id
Fastly-Drupal-Html
X-RateLimit-Limit
X-Moov-Xdn-Version
X-Old-Content-Length
X-DynaTrace-JS-Agent
Proxy-Firewall
X-Air-Pt
HostName
True-Client-Country-4JS
X-Webkit-Csp-Report-Only
X-CS
X-LiteSpeed-Tag
X-Presslabs-Stats
X-Srv
X-LiteSpeed-Cache-Control
X-Parent-Response-Time
Cdn
X-Test
WP-Super-Cache
X-URL
X-COUNTRY
X-Zone
Server-Ext
Server-Hostname
Sever-Int
Is-Eu
X-Datadome
GeoIp-Country-Code
Adler-Geo
X-Action
X-AWS-Id
N1-Cache
X-VWS-Id
X-CACHE-AGE
X-LJ-Flow-ID
X-Cache-VC
WZWS-RAY
X-Nginx-Cache-Key
X-DataCenter
X-Dispatcher-Number
X-Thinkindot-L1
X-Vercel-Id
Location
X-Fpc
X-Vercel-Cache
X-Litespeed-Cache-Control
X-API-Version
SID
X-Provided-By
X-NewRelic-App-Data
X-Ua
TWC-GeoIP-DMA
T-Server
True-Client-IP
TWC-GeoIP-City
Cache-Hits
Uri
X-Custom-Header
TWC-GeoIP-Region
X-Geo-Header
True-Client-Ip
X-XRDS-LOCATION
X-Pass-Why
S-Rt
X-ApacheServer
X-Datacenter
SEZNAM-JOBS-OFFER
X-Stale
X-PERF
X-ND-Cache
Cache-Tv-Group
GeoIP-Country-Code
Resin-Trace
Vc-Max-Age
X-Cache-Server
X-Render-Time
X-CMSURLCustom
X-WA-Info
X-Varnish-Beresp-TTL
X-SERVER-NAME
Srv
Tcn
Serverhost
X-APP-VERSION
X-Uri
X-Nitro-Cache
Pics-Label
X-FPC
X-Ssense-Gql
X-Client-Ip
Sm-Log-Id
X-TX-ID
X-Service-Response-Time
X-Ssense-Shipping-Surcharge-Enabled
RewriteTestHook
X-Ion-Healthy
Powered-By
Cache-Contol
RewriteTeamHook
X-Jungle-Id
Log-Origin
X-Ion-Hop
X-Correlation-ID
X-Dynatrace-Js-Agent
X-Srcache-Fetch-Status
X-Srcache-Store-Status
Cmsid
Vix-Hermes-Req-Id
X-Oracle-Dms-Rid
Lb
Cmstype
Hostname
X-Udemy-Cache-App-Namespace
X-Fastly-Cache
Av-Poweredby
My-App
X-Cdn-Cache-Status
X-Ckpd-Fst-Backend
X-Fastly-Cache-Status
Server-Id
X-Debug-Service
X-Cache-TTL-Remaining
On-Server
X-Air-Trace-Id
X-Lb-Id
X-Air-Source
X-Air-Hostname
X-From
CacheControlHeader
X-Up
Thinkindot-Control
X-Akamai-Pragma-Client-IP
X-Vc
X-Via-PopV
X-Via-PopH
ServerHost
X-Ha-Backend
X-NC
Cf-Ipcountry
X-WA
X-Via-PopN
X-App
X-Cache-Ttl
X-PHP-Backend
X-Proxy-Cache-La3
Geoip-Latitude
X-Cms-Device
X-Fastly-Backend-Reqs
Xkeylog
Store-Cloud-Cache
Time-Cloud-Cache
X-Oracle-DMS-ECID
Xkey-La3
X-Github-Request-Id
X-Ee-Request-Date
X-Ee-Request-Id
AKAMAI
X-Vary-Devices
X-Save-Cache
X-Ee-Generated-By
X-Amz-Meta-Opti
X-Ee-Origin
X-LAGOON
X-Esi
X-VTEX-Cache-Backend-Connect-Time
NtCoent-Length
X-VCL-Version
X-VTEX-Cache-Backend-Header-Time
X-IAuth-Set-Uid
X-Traceid
X-ServedByHost
Cl-Cache
Magicmarker
Warning
X-Html-Minification-Powered-By
Origin-Site
X-Requestid
WebServer
X-Info
WWW-Authenticate
Cloudfront-Viewer-Country
CountryCode
X-SRCache-Key
X-HS-Status
Epwk-X-Cache
X-Sucuri-Id
X-Serial
X-Limited
X-Check-Cacheable
X-Dw-Trace-Id
X-MSEdge-Flight
X-MSEdge-Features
X-Geo
X-Acquia-Purge-Tags
X-Lb-Nocache
X-CDN-Cache-Status
Edge-Cache
X-Varnish-Hostname
X-Acquia-Application-UUID
X-Acquia-Site
Reporter
X-Wp-Cf-Super-Cache
X-Pod
X-Acquia-Application-Trace
X-Akamai-Transformed
FSS-Cache
X-Wp-Cf-Super-Cache-Cache-Control
Yjs-Id
X-Web-Server
X-Rollout
X-Lsadc-Cache
X-Eligible
X-Mg-Cache
CDN
X-Td-Header-From-No-Data
X-New
Thinkindot-Cache-Type
X-Elasticpress-Query
X-Tncms-Bot-Tier
X-Ms-Lease-Status
Cneonction
Timeexpire
X-Akamai-ERRuleID
X-Akamai-ERPolicy
X-Orig-Cache-Control
X-Ms-Blob-Type
X-Platform-Cluster
X-BBC-Origin-Response-Status
X-Platform-Processor
X-Platform-Router
X-Ramcache
CF-Cached-On