Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
X-Frame-Options
Expires
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
CF-Cache-Status
Cf-Request-Id
ETag
Accept-Ranges
Expect-CT
CF-RAY
Pragma
X-Powered-By
X-Cache
Via
Age
X-XSS-Protection
Content-Security-Policy
Alt-Svc
Report-To
NEL
Referrer-Policy
X-Xss-Protection
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
X-Served-By
P3P
X-Download-Options
X-Timer
Accept-CH
Access-Control-Allow-Headers
X-Request-Id
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
CF-Ray
Content-Security-Policy-Report-Only
X-DNS-Prefetch-Control
X-Runtime
X-AspNet-Version
P3p
X-Drupal-Cache
Server-Timing
X-Generator
X-Cache-Status
X-Cacheable
X-Envoy-Upstream-Service-Time
X-FRAME-OPTIONS
Timing-Allow-Origin
X-Iinfo
Permissions-Policy
X-Drupal-Dynamic-Cache
X-Request-ID
X-Ua-Compatible
X-Content-Security-Policy
Feature-Policy
Access-Control-Expose-Headers
Upgrade
Accept-Ch
Content-Encoding
Status
X-CDN
Access-Control-Max-Age
X-AspNetMvc-Version
Host-Header
Cf-Edge-Cache
X-Robots-Tag
X-Check
Request-Context
X-Amz-Request-Id
X-Backend
X-Amz-Id-2
X-Hacker
Cf-Apo-Via
X-Turbo-Charged-By
X-Cache-Group
X-Proxy-Cache
Keep-Alive
X-Age
X-Rq
X-Via
EagleId
X-UA-Device
X-Dispatcher
X-Server
X-Vhost
X-Amz-Version-Id
X-AH-Environment
Accept-CH-Lifetime
X-Ws-Request-Id
X-Litespeed-Cache
X-Varnish-Cache
Grace
X-Server-Powered-By
X-OneAgent-JS-Injection
X-Pingback
X-Swift-CacheTime
X-Swift-SaveTime
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-WebKit-CSP
Allow
X-Dns-Prefetch-Control
Ali-Swift-Global-Savetime
X-Cache-Lookup
X-Page-Speed
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Cloud-Trace-Context
Xkey
X-Device
X-Backend-Server
X-Akam-SW-Version
X-Host
EagleEye-TraceId
Surrogate-Control
X-Response-Time
X-Readtime
Cf-Railgun
X-HW
X-Node
X-Server-Id
Request-Id
X-Ruxit-JS-Agent
X-Country
X-Nginx-Cache-Status
X-Url
Content-Location
X-LiteSpeed-Cache
X-Content-Type
Cache-Tag
X-Nginx-Upstream-Cache-Status
Service-Worker-Allowed
X-Clacks-Overhead
X-Country-Code
Fastly-Restarts
X-Trace
X-Application-Context
Cross-Origin-Opener-Policy
X-NWS-LOG-UUID
Accept-Ch-Lifetime
X-Amz-Server-Side-Encryption
X-Rack-Cache
X-Times
X-Vname
X-PC
X-TtlSet
X-Edge
X-Midtier
X-Mcache
Surrogate-Key
Rating
X-Server-Name
X-Cache-TTL
Display
X-Middleton-Display
Pagespeed
X-Sol
X-Browser-Type
X-Cnection
X-Element-Page-Cache
X-Abt-Application-Version
X-Exp-Variant
X-Exp-Id
X-Cdn-Fetch
X-Kinja
X-GoogleNews-Bot
X-Kinja-Server
X-Kinja-Build
X-Kinja-Revision
Nginx-Cache
X-Powered-By-Plesk
X-ESI
X-GitHub-Request-Id
Edge-Control
X-ECACHE
X-Vcap-Request-Id
X-D2id
Verso
X-Ac
X-Ser
X-MS-InvokeApp
X-Client-IP
X-ORACLE-DMS-RID
X-B3-TraceId
X-ARC
X-Amz-Rid
X-Middleton-Response
Response
X-Dw-Request-Base-Id
X-Oneagent-Js-Injection
X-Ratelimit-Limit
X-CST
X-Wormhole-Sdk
X-Goog-Hash
X-Powered-CMS
X-Navigation-Version
X-Ratelimit-Remaining
X-Edge-Location-Klb
X-Kinsta-Cache
X-Upstream
X-Erf-Bev-Bev-Is-Generated
X-Server-Lifecycle-Phase
X-Instrumentation
X-PDP-UNCACHING-HASH
X-Kraken-Loop-Name
X-Erf-Bev-Bev
X-Forwarded-For
X-Ruxit-Js-Agent
X-Amzn-Trace-Id
RTSS
X-FastCGI-Cache
X-Daa-Tunnel
X-Cache-Key
SPIisLatency
SPRequestDuration
X-Server-ID
X-Mod-Pagespeed
Edge-Cache-Tag
Cache-Status
X-Ttl
Public-Key-Pins
AR-PoweredBy
AR-Request-ID
AR-ATIME
AR-SID
X-Content-Digest
X-Ezoic-Cdn
X-NF-Request-ID
X-Version
X-Mg-S
X-SharePointHealthScore
SPRequestGuid
S
X-ORACLE-DMS-ECID
Realpath
X-MSEdge-Ref
X-Shield-Request-Id
X-T
Cross-Origin-Resource-Policy
Fastcgi-Cache
AR-CACHE
X-Recruiting
X-Ua-Device
X-Cached
X-Fastly-Request-ID
Origin-Trial
Front-End-Https
X-Accel-Expires
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Distributor
X-Azure-Ref
X-Pinterest-Rid
Access-Control-Request-Method
TP-Cache
Pinterest-Version
Pinterest-Generated-By
X-Varnish-TTL
Arr-Disable-Session-Affinity
X-Request-Received
X-Request-Processing-Time
Count-Hit
X-Ua-Browser
X-Id
X-HS-Cache-Config
X-Debug
X-HS-Hub-Id
X-HS-Content-Id
X-LLID
Cache-Tags
Server-Node
MicrosoftSharePointTeamServices
X-Newrelic-App-Data
X-Content-Security-Policy-Report-Only
X-Xrds-Location
X-Cluster-Name
X-Ismobilevalue
X-TTL
X-FTR-Request-ID
X-PressLabs-Stats
X-Correlation-Id
X-Frontend
X-Nf-Request-Id
X-VARITI-CCR
X-Aspnetmvc-Version
X-HS-Combine-CSS
X-GUploader-UploadID
X-Varnish-Backend
X-NGENIX-Cache
X-Amz-Replication-Status
X-Protected-By
Payment
X-Goog-Metageneration
X-Hits
Akamai-GRN
X-Microsite
X-Request-Handler-Origin-Region
X-Unique-Id
Cleartype
X-LB-Cache
X-FB-Debug
X-Varnish-Server
X-Logged-In
X-Www-Served-By
X-Activity-Id
X-AppVersion
X-Git-Hash
X-Az
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Ratelimit-Reset
Content-Disposition
X-Page-Id
X-Forwarded-Proto
Host
X-Hostname
Filterid
X-DIS-Request-ID
X-Cambria-Cache-Control
X-HP-Trace-Id
X-Jurisdiction
X-HP-Webp
X-Amz-Apigw-Id
X-Amzn-RequestId
X-App-Server
X-Varnish-Ttl
X-Template
Amp-Access-Control-Allow-Source-Origin
X-Geo-Country
Frame-Options
X-Aspnet-Version
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
X-Fastcgi-Cache
X-ASPNET-VERSION
Access-Control-Allow-Method
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Origin-Server
Version
X-Load-Cache
X-Upgrade-Enabled
MS-Author-Via
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
X-Type
Viewport
X-Ah-Environment
Fastly-SIE
Fastly-SWR
Accept-Charset
Section-Io-Cache
X-Content-Options
Trailer
X-Cache-Control
X-TT
X-Fb-Rlafr
Retry-After
X-TraceId
X-B
X-TEC-API-VERSION
X-Grace
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-B3-Sampled
X-Rid
Content-MD5
X-Envoy-Decorator-Operation
X-Source
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Device-Type
X-Vcl-Version
Server-Name
X-Cdn
X-Request-Guid
X-Trace-Id
X-Revision
X-Language
X-Magnolia-Registration
X-Cache-Age
X-Buckets
Healthy
X-Px
X-Mobile
X-Tec-Api-Origin
X-Webkit-CSP
X-Tec-Api-Version
X-Tec-Api-Root
X-HS-Prerendered
TCN
X-WP-CF-Super-Cache-Active
X-EdgeConnect-Cache-Status
X-Backend-Name
X-Akamai-Edgescape
X-Varnish-Grace
X-Status
X-Contextid
X-RM-Cache-TTL
X-App-Environment
X-Origin-Cache
X-FW-Version
X-Debug-Info
X-Instance
Protected
X-CSRF-Token
X-FW-Server
X-FW-Dynamic
X-FW-Static
X-Environment-Context
X-FW-Type
X-FW-Serve
X-FW-Hash
X-RemovedCookies
X-ProcessESI
X-Rule
X-Tumblr-User
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
X-L-Path
X-Tumblr-Pixel
X-NYM-Debug-Backend
X-Storage
X-Amz-Meta-S3cmd-Attrs
SD-X-WS
Cross-Origin-Window-Policy
NGB
Access-Control-Request-Headers
GEO-INFO
X-ServerID
X-Edge-Location
X-UUID
X-Cache-Time
X-Node-Name
X-Framework
X-Proxy-Cache-Info
X-Region
X-Mg-Request-UUID
X-Adobe-Loc
X-Datadog-Trace-Id
X-Adobe-Content
Charset
X-Proxy
X-Cacheable-TTL
X-Debug-IsPreview
X-Datadog-Sampled
X-Datadog-Sampling-Priority
MS-CV
Ms-Operation-Id
X-Datadog-Parent-Id
X-Debug-IsConnected
X-Is-Bot
X-Rendered-As
X-Content-Powered-By
X-RTag
X-Original-Request-Id
X-Response-Served-From
X-G
X-Yottaa-Optimizations
Upgrade-Insecure-Requests
X-Yottaa-Metrics
Cross-Origin-Embedder-Policy-Report-Only
X-Whom
Refresh
Countrycode
OT-Force-Account-Verify
Webserver
DC
X-Lambda-Id
X-HTML-Minification-Powered-By
Paypal-Debug-Id
X-User-Agent
X-Seen-By
Section-Io-Id
Front
X-Reqid
X-VC
X-Amzn-Remapped-Content-Length
X-TT-LOGID
X-VHOST
X-ECache
X-WebKit-CSP-Report-Only
X-RateLimit-Remaining
Alternate-Protocol
X-B3-Traceid
SRV
X-Server-W
Priority
X-CCDN-CacheTTL
X-CCDN-Origin-Time
X-Hcs-Proxy-Type
X-Fastly-Request-Id
X-IPS-LoggedIn
X-Akamai-Request-ID2
X-B3-SpanId
X-Real-IP
X-WP-CF-Super-Cache-Cookies-Bypass
X-AB
X-Time
Country
Liferay-Portal
X-Cache-Status-Check
Backend
X-N
Xet-Cookie
Onion-Location
X-Mode
TWC-Locale-Group
X-UPSTREAM-Address
X-Tumblr-Pixel-2
TWC-Privacy
X-SaId
TWC-GeoIP-LatLong
X-Rocket-Nginx-Serving-Static
Fastcgi-Useragent
TWC-Connection-Speed
TWC-Device-Class
TWC-GeoIP-Country
X-Rn-Rsrv
Environment
X-Format
ServerID
Meta-Geo
X-FB-TRIP-ID
X-Cache-Host
Webcakes-App-Version
Filters
Webcakes-Region
X-Rewrite-Enabled
X-Origin-Hint
X-JoinUs
Webcakes-App-Name
Property-Id
X-DataDome
X-Fetched-On
X-Connection-Hash
X-Hl-Ver
X-Hosted-By
X-IPLB-Request-ID
X-IPLB-Instance
X-Cluster-Node
X-Cache-Expired-At
Expiry
DB-Nickname
From-Origin
Mn-Server-Ip
X-Accel-Version
Uber-Trace-Id
X-Labrador-Cache-Channel
X-Origin-Date
X-Cache-Action
Web-Mar-Node
X-Redis-Cache
X-Say-Cacheable
X-SayCDN-TTL
X-Say-TTL
X-VC-Cache
X-Varnish-Age
X-R9-Blue-Green-Version
X-PHP-Host
X-Restarts
X-Scope-Id
X-Skip-Cache
X-Tb
X-Frame-Option
X-Nginx-Cache
X-Httpd
X-ProxyCache-Key
X-Forwarded-Host
X-ProxyCache-Status
X-Origin-TTL
Atl-Traceid
X-BYPASS-REASON
X-Varnish-Beresp-Grace
X-Origin-CC
X-Varnish-Cache-Hits
X-Loop
X-Soup
X-Tncms
X-Vcache
X-Handled-By
X-Director
X-Web-Node
X-Webstats-RespID
X-Cms-Context
Apigw-Requestid
X-Logging-Id
X-Cluster
X-DynaTrace
Selected-Fe
X-Adobe-Source
Url
X-Auth-Group-Type
X-Timing-Wait
X-Servername
WPO-Cache-Status
X-Request-URI
X-Served-From
X-Proxy-Build
WPO-Cache-Message
ServedBy
X-Ms-Request-Id
X-S
X-Detected-As
Cross-Origin-Embedder-Policy
X-Ms-Version
Cross-Origin-Opener-Policy-Report-Only
X-Origin
X-Proxied
X-Cloudmap
Referer-Policy
X-Tumblr-Pixel-3
X-Routing-Service
X-Extlb
X-Zipkin-Id
Accept-Language
X-Hit
N-Cache
X-FTR-Balancer
X-FTR-Backend
X-FTR-Backend-Server
X-FTR-Cache-Status
X-FTR-Expires
X-Country-Code-Real
X-LSADC-Cache
X-XRDS-Location
X-Generated-By
X-Azure-Ref-OriginShield
Surrogated-Key
X-RateLimit-Limit-Second
X-Worker
Xserver
X-SRV
X-RateLimit-Remaining-Second
Ohc-File-Size
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Lagoon
X-Wix-Request-Id
X-Xfnlog-Site
X-App-Version
X-Sucuri-Cache
X-Generation-Time
X-HS-CF-Cache-Status
LB
X-NWS-UUID-VERIFY
X-Webkit-Csp
CF-IPCountry
X-Drupal-Cache-Tags
X-Drupal-Cache-Contexts
X-Cdn-Origin
Source
X-Cache-Debug
X-Cache-Hit
X-RCS-CacheZone
X-Sucuri-ID
Node
X-Resp-Is-Stale
X-MP-GENERATED-AT
X-F-Cache
CDN-RequestId
X-Tx-Id
X-VCT
X-Via-JSL
X-NODE
X-Is-Supported-Browser
X-Is-Tablet
X-Is-Mobile
X-Tcp-Rtt
X-Browser-Name
X-Is-Desktop
X-Geo-Region
X-Varnish-Beresp-Ttl
X-TA-CDN-Provider
X-No-Session
X-Urbn-Context-Path
X-Urbn-Site-Id
Locale
X-Cache-Rule
Cache
X-Mly-Id
X-CDN-Forward
X-Signature
X-Proxy-Cache-Status
X-B-Cache
X-ElasticPress-Query
X-INCAP-ABP
X-Pad
X-Cache-Operation
X-Jobs
Cluster
X-Aed
X-Op-Id-All
X-Access
Candidate-Md5Url
X-Aicache-OS
X-Developer
BehaviorPad-Version
Cache-Provider
X-DPWN-IS-SECURE
X-AB-Test
X-A-Wwc
Content-Secure-Policy
X-A-Dam
X-GeoCode
X-Nyt-Route
X-Ig-Push-State
X-Vdms-Version
X-A-Dgt
X-A-Dcw
Xc-Version
X-Vtex-Remote-Cache
Apple-News-Services-Request-Url
X-Gdpr
X-Via-CDN
X-Via-Edge
X-Via-SSL
X-CGP
X-Conf
Edge-Copy-Time
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-D
X-Csrf-Jwt
X-Cache-NE
X-Proto
X-Bc-Bl
X-Backend-Instance
Apple-News-Services-Parsed-Url
X-App-Name
Apple-News-Services-Host
X-BCube-Filmed-By
X-Cache-Info
X-Bug-Bounty
Apple-News-Services-Handled
X-Bl-Debug
X-A-Ccd
X-Ig-Origin-Region
HA-Ipaddr
Host-ID
X-Section
X-PAYTM-SRV-ID
Ha-Gx-Prefs
X-FC-Vary-Parameters
Fastly-GeoIP-CountryCode
Fl-Custom-Application
X-Path
Redirect-Candidate
L5d-Success-Class
Lang
Meta-Geo-Continent
X-Mvc-Supplant-Cachable
X-Rojux
Origin
PFcat
X-Platform-Server
Mail-Subject
Producers
X-ScT
MD5-Digest
Fastly-Backend-Name
Expect-Staple
Wxu-Next-Commit
We-Hiring
X-Proxied-Request
X-Ec-Fail
X-Org
Wxu-Next-Hostname
X-A
Ngx.Var.Host
Wxu-Next-Region
X-VarnishDD-TTL
DCR-Decision-By
X-Origin-Time
User-Agent
Rendered-Blocks
X-GeoCountry
X-TIM-N
X-Eu-Site
X-Ec-GeoHdr
W
X-HN
X-Geolocation
DCR-Processing-Time-Ms
Odigeo-Trace-Id
Sslversion
X-Storefront-Renderer-Rendered
X-Upstream-Ht
X-Oracle-Dms-Ecid
X-UA
X-Upstream-Ct
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-ShopId
X-Shopify-Stage
X-Alternate-Cache-Key
X-ShardId
X-NGINX-Cache
X-GeoIP
X-Gzip
X-GoCache-CacheStatus
X-GeoIP-City
RNT-Time
X-Gamma-Serve
X-Fmm-Version
X-Fastly-Backend
X-Generated-On
Server-Host
RNT-Machine
X-Hash
Req-Svc-Chain
Platform
X-Micro-Cache
NM-Fastcgi-Cache
Mime-Version
X-Mvc-Supplant-OutputCached
X-Node-Id
X-Auto-Login
X-Location
X-Locale
X-Litespeed-Tag
X-B-Cookie
X-Irp-Debug
X-Level-Front-Cache
X-Loc
Origin-Agent-Cluster
Product
Thinkindot-CacheControl-Type
X-Cache-Aspx
X-GeoIP-Country-Code
X-SD-PageType
X-Slack-Backend
X-Cache-Date
X-Cached-By
X-Cache-Id
X-Slack-Shared-Secret-Outcome
X-S-Cookie
X-BBC-Edge-Cache-Status
X-HS-Content-Campaign-Id
X-Amz-Storage-Class
X-B3-Trace-ID
X-Amz-Meta-Cb-Modifiedtime
X-GeoIP-Region-Code
X-AK-Request-ID
X-Akamai-Device-Characteristics
X-CacheTTL
X-Cdn-Srv
X-Destination
X-Edge-Server
X-Dispatcher-Server
X-Cache-Grace
X-Epic-Correlation-Id
Thinkindot-CacheControl
X-Esi-Check
X-Depends
V-Age
X-Contensis-Viewer-Groups
X-Clientip
X-External-Request-Id
X-Content-Length
X-Core-Value
X-DefHash
X-DefElseHash
TDXMobile
X-NMSegId
Cdn-Host
X-Via-Fastly
X-VG-WebCache
L
CDCHOST
Cdn-Request-Time
X-Viewer-Country
X-Varnish-CookieINHashed-On
X-VTEX-Cache-Server
X-VServer
X-Shield-Cache-Expires
X-Vmg-Version
X-Thinkindot-L3
Canary
Azure-RegionName
Azure-SiteName
Azure-InstanceId
X-Varnish-Director
X-Varnish-CookieHashed-On
Azure-SlotName
Azure-Version
X-V-Cache
X-Varnishpool
X-Var-Ttl
X-Varnish-Authentication
X-Varnish-Remaining-TTL
Cdnsip
Cdncip
X-Origin-Expires
X-Policy
Debug
X-Scheme
X-ORCA-Accelerator
Esi-Enabled
X-Platform
Fastly-SSL
X-Application
Gannett-Cam-Experience-Id
Web-Mar-Region
Gh-Request-Id
X-Wikidot-Static-Cache
X-We-Are-Hiring
X-NodeID
X-Request-Time
X-VTEX-Cache-Time
X-SB
X-Req
Content-Script-Type
Content-Style-Type
X-Wikidot-Backend
X-Powered-By-VTEX-Cache
X-HITS
X-COUNTRY
Akamai-Mon-Iucid-Del
X-Gen-Mode
XM
X-Bip
X-VG-TLSProxy
X-GEO
Yak-Timeinfo
Pramga
X-Thanos
X-Request-Start
User-Cache-Control
X-Block-Status
X-Server-IP
X-Pubstack
X-Pool
X-Origin-Response-Time
X-Men
X-IsAdmin
X-Internal-TTL
X-Service
X-SIPLIST1
X-CUA
X-UA-Device-Type
X-Date
X-Varnish-Beresp-Status
X-Content-Age
X-Tb-Optimization-Total-Bytes-Saved
X-Sn-Servicetimems
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Ec-Custom-Error
X-Cache-FS-Status
ServerName
Tube-Got-Results
CDN-Uid
CDN-RequestPullSuccess
X-Accel-Expires-Debug
Origin-CC
Tube-Return
Tube-Got-Eval
IsBot
Release
Click-Count-Error
Tube-Get-Contents
Click-Count-Action-Start
DSUID
Country-Code
CDN-RequestPullCode
CDN-CachedAt
X-Site-Version
CDN-Cache
Req-ID
Origin-EX
CDN-RequestCountryCode
X-Acquia-Purge-Cdn-Unconfigured
X-Hnp-Log
X-Human
X-Request-Host
NGX
CDN-EdgeStorageId
CDN-PullZone
X-URL
X-RID
X-Varnish-Hits
X-HOST
Sid
X-User
Ssr
X-Zen-Fury
X-LB-NoCache
Ohc-Cache-HIT
Fastly-Drupal-HTML
X-VC-TTL
X-CACHE-GROUP
X-Api-Version
X-Cache-Bucket
GeoIP-Latitude
X-Refresh
XkeyRZ
Cache-Key
X-Proxy-CacheRZ
A
X-DC
X-AIR-PT
X-Servedbyhost
X-RequestId
X-Cs
X-ZONE
CloudFront-Viewer-Country
Cdn-Requestid
X-Cdn-Forward
AMP-Access-Control-Allow-Source-Origin
X-Newrelic-Synthetics
X-Wa
X-Nc
X-Vgn-Hpd-Reason
Server-ID
X-APP
X-B3-Spanid
C-Via
X-Tt-Logid
TP-L2-Cache
X-TH-Server
X-Nananana
X-Old-Content-Length
X-Optimistic-Header
X-Moov-Xdn-Caching-Status
X-Moov-Xdn-Version
X-B3-Parentspanid
X-CACHE-AGE
X-Moov-T
X-HubSpot-Correlation-Id
X-Via-Popn
X-Via-Poph
X-Via-Popv
X-Dc
Proxy-Firewall
X-HA-Backend
X-NewRelic-App-Data
X-Endurance-Cache-Level
X-LiteSpeed-Tag
X-Webkit-Csp-Report-Only
X-CS
X-LB-ID
X-Srv
Cdn
X-LiteSpeed-Cache-Control
X-Presslabs-Stats
True-Client-Country-4JS
HostName
X-DynaTrace-JS-Agent
X-Zone
WP-Super-Cache
X-Air-Pt
X-Parent-Response-Time
Fastly-Drupal-Html
X-Test
X-Action
Server-Ext
Sever-Int
Server-Hostname
N1-Cache
Adler-Geo
X-Thinkindot-L1
X-DataCenter
Is-Eu
X-Cache-VC
X-Vercel-Cache
GeoIp-Country-Code
Location
X-Vercel-Id
X-Fpc
X-API-Version
SID
WZWS-RAY
X-Ua
X-LJ-Flow-ID
X-Dispatcher-Number
X-VWS-Id
X-Nginx-Cache-Key
X-AWS-Id
X-Datadome
X-Litespeed-Cache-Control
TWC-GeoIP-City
Uri
X-Provided-By
True-Client-IP
Cache-Hits
TWC-GeoIP-Region
TWC-GeoIP-DMA
X-RateLimit-Limit
SEZNAM-JOBS-OFFER
X-PERF
True-Client-Ip
X-ApacheServer
X-Geo-Header
T-Server
X-Custom-Header
X-Pass-Why
X-CLOUD-TRACE-CONTEXT
Resin-Trace
GeoIP-Country-Code
X-ND-Cache
X-WA-Info
X-Stale
X-Datacenter
X-Render-Time
X-SERVER-NAME
S-Rt
Vc-Max-Age
Serverhost
X-Cache-Server
X-Nitro-Cache
X-Uri
X-CMSURLCustom
Tcn
X-Service-Response-Time
X-Dynatrace-Js-Agent
Sm-Log-Id
Cache-Tv-Group
X-Varnish-Beresp-TTL
X-Ssense-Gql
X-Ssense-Shipping-Surcharge-Enabled
X-Client-Ip
X-Ion-Hop
X-Jungle-Id
X-FPC
X-Ion-Healthy
RewriteTestHook
Log-Origin
Cache-Contol
Pics-Label
RewriteTeamHook
X-Srcache-Store-Status
X-Correlation-ID
X-Srcache-Fetch-Status
Hostname
Srv
Cmstype
X-APP-VERSION
X-Oracle-Dms-Rid
Cmsid
Powered-By
My-App
Lb
X-TX-ID
X-XRDS-LOCATION
X-From
X-Up
X-Udemy-Cache-App-Namespace
X-Cdn-Cache-Status
Av-Poweredby
X-Debug-Service
Vix-Hermes-Req-Id
X-Fastly-Cache-Status
X-Air-Trace-Id
X-Air-Source
X-Air-Hostname
Server-Id
X-Lb-Id
X-Akamai-Pragma-Client-IP
CacheControlHeader
X-Ckpd-Fst-Backend
X-Cache-TTL-Remaining
X-Fastly-Cache
X-Vc
Thinkindot-Control
X-Ha-Backend
X-App
X-Via-PopV
On-Server
X-Via-PopH
X-Via-PopN
Cf-Ipcountry
X-Cache-Ttl
X-Oracle-DMS-ECID
X-Github-Request-Id
ServerHost
X-NC
X-Fastly-Backend-Reqs
X-LAGOON
X-WA
X-Esi
X-Vary-Devices
AKAMAI
X-Save-Cache
X-VCL-Version
Geoip-Latitude
X-PHP-Backend
NtCoent-Length
Time-Cloud-Cache
Store-Cloud-Cache
X-Proxy-Cache-La3
X-Ee-Request-Date
X-Ee-Origin
X-Cms-Device
X-Ee-Request-Id
X-Amz-Meta-Opti
Xkeylog
Xkey-La3
X-Ee-Generated-By
Origin-Site
X-ServedByHost
X-Requestid
Cloudfront-Viewer-Country
X-IAuth-Set-Uid
X-VTEX-Cache-Backend-Header-Time
X-Traceid
WebServer
X-Html-Minification-Powered-By
WWW-Authenticate
X-VTEX-Cache-Backend-Connect-Time
Warning
CountryCode
Magicmarker
X-SRCache-Key
X-Serial
X-Limited
X-Info
Cl-Cache
X-Check-Cacheable
X-Sucuri-Id
X-Varnish-Hostname
X-HS-Status
X-MSEdge-Flight
X-MSEdge-Features
Epwk-X-Cache
FSS-Cache
X-Dw-Trace-Id
X-Pod
X-Wp-Cf-Super-Cache
X-Acquia-Purge-Tags
X-Acquia-Application-Trace
X-Lb-Nocache
X-Acquia-Site
Edge-Cache
Reporter
X-CSRF-TOKEN
X-Wp-Cf-Super-Cache-Cache-Control
X-Akamai-Transformed
X-Acquia-Application-UUID
X-Web-Server
X-Th-Server
Yjs-Id
X-Mg-Cache
X-Lsadc-Cache
Thinkindot-Cache-Type
X-Td-Header-From-No-Data
CF-Cached-On
X-Geo
X-Tncms-Bot-Tier
X-Ms-Lease-Status
Cneonction
Timeexpire
X-Akamai-ERRuleID
X-Akamai-ERPolicy
X-Ms-Blob-Type
X-Ramcache
X-Elasticpress-Query
X-CDN-Cache-Status
X-Platform-Cluster
X-Platform-Processor
X-Orig-Cache-Control
X-Platform-Router
X-BBC-Origin-Response-Status