Threat Level: green Handler on Duty: Jim Clausing

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
X-Frame-Options
Expires
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
CF-Cache-Status
Cf-Request-Id
ETag
Accept-Ranges
Expect-CT
CF-RAY
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
X-XSS-Protection
Alt-Svc
Report-To
NEL
X-Xss-Protection
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
Accept-CH
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
X-Served-By
P3P
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Request-Id
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
CF-Ray
Content-Security-Policy-Report-Only
X-Runtime
X-DNS-Prefetch-Control
X-AspNet-Version
X-Drupal-Cache
Server-Timing
X-Generator
X-Cache-Status
X-Cacheable
X-Envoy-Upstream-Service-Time
P3p
X-FRAME-OPTIONS
Timing-Allow-Origin
Permissions-Policy
X-Iinfo
X-Drupal-Dynamic-Cache
X-Request-ID
X-Ua-Compatible
Feature-Policy
X-Content-Security-Policy
Access-Control-Expose-Headers
Upgrade
Accept-CH-Lifetime
Content-Encoding
Accept-Ch
Status
X-CDN
Access-Control-Max-Age
X-AspNetMvc-Version
Host-Header
Cf-Edge-Cache
X-Robots-Tag
Request-Context
X-Amz-Request-Id
X-Backend
X-UA-Device
X-Amz-Id-2
X-Hacker
Cf-Apo-Via
X-Cache-Group
X-Age
X-Vhost
X-Proxy-Cache
X-Turbo-Charged-By
EagleId
Keep-Alive
X-Rq
X-Via
X-Dispatcher
X-Server
X-Amz-Version-Id
X-AH-Environment
X-Ws-Request-Id
Xkey
X-Varnish-Cache
X-WebKit-CSP
X-Litespeed-Cache
Grace
X-Server-Powered-By
X-OneAgent-JS-Injection
X-Swift-CacheTime
X-Swift-SaveTime
X-Pingback
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
Ali-Swift-Global-Savetime
Allow
X-Dns-Prefetch-Control
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Page-Speed
X-Cache-Lookup
X-Cloud-Trace-Context
X-Check
X-Device
X-Akam-SW-Version
X-Backend-Server
X-Host
Surrogate-Control
EagleEye-TraceId
X-Response-Time
X-Readtime
Cf-Railgun
X-HW
X-Node
X-Ruxit-JS-Agent
Request-Id
X-Server-Id
X-LiteSpeed-Cache
X-Country
X-Country-Code
Content-Location
X-Nginx-Cache-Status
Cache-Tag
X-Content-Type
X-Nginx-Upstream-Cache-Status
X-Url
Service-Worker-Allowed
Fastly-Restarts
X-Clacks-Overhead
X-Trace
Cross-Origin-Opener-Policy
X-Rack-Cache
X-Application-Context
X-Amz-Server-Side-Encryption
X-Times
X-NWS-LOG-UUID
Surrogate-Key
X-Vname
X-TtlSet
X-PC
Rating
X-Midtier
X-Mcache
X-Edge
X-Cache-TTL
Display
X-Sol
X-Middleton-Display
Pagespeed
X-Server-Name
X-Cnection
X-Powered-By-Plesk
X-Element-Page-Cache
X-Abt-Application-Version
X-Browser-Type
X-Cdn-Fetch
X-GoogleNews-Bot
X-Kinja
X-Kinja-Build
X-Kinja-Revision
X-Kinja-Server
X-Exp-Id
X-Exp-Variant
X-GitHub-Request-Id
X-ESI
Nginx-Cache
X-Vcap-Request-Id
Edge-Control
X-D2id
X-ECACHE
X-Ac
Verso
X-MS-InvokeApp
X-Ser
X-Server-ID
X-Oneagent-Js-Injection
X-Client-IP
X-Ratelimit-Limit
X-ORACLE-DMS-RID
X-Amz-Rid
X-Wormhole-Sdk
X-Middleton-Response
Response
X-Ratelimit-Remaining
X-FTR-Request-ID
X-CST
X-Goog-Hash
X-ARC
X-Powered-CMS
X-B3-TraceId
X-Navigation-Version
X-Ruxit-Js-Agent
X-Dw-Request-Base-Id
X-Edge-Location-Klb
X-Kinsta-Cache
X-Instrumentation
X-PDP-UNCACHING-HASH
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Upstream
X-Forwarded-For
Origin-Trial
X-Amzn-Trace-Id
X-FastCGI-Cache
SPRequestDuration
SPIisLatency
Accept-Ch-Lifetime
X-Mod-Pagespeed
X-Cache-Key
X-Content-Digest
Edge-Cache-Tag
RTSS
Cache-Status
Public-Key-Pins
AR-ATIME
AR-PoweredBy
AR-SID
AR-Request-ID
X-Ezoic-Cdn
X-NF-Request-ID
X-Version
X-Daa-Tunnel
SPRequestGuid
X-SharePointHealthScore
Pinterest-Version
X-Pinterest-Rid
Pinterest-Generated-By
X-Fastly-Request-ID
Realpath
X-Mg-S
X-MSEdge-Ref
X-ORACLE-DMS-ECID
X-Recruiting
X-Shield-Request-Id
Front-End-Https
X-T
X-Ttl
S
Fastcgi-Cache
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Accel-Expires
X-Distributor
X-TTL
Cross-Origin-Resource-Policy
X-Cached
AR-CACHE
X-Xrds-Location
Arr-Disable-Session-Affinity
X-Azure-Ref
Access-Control-Request-Method
Akamai-GRN
X-Varnish-TTL
X-Request-Received
X-Correlation-Id
X-Request-Processing-Time
X-Id
TP-Cache
X-HS-Content-Id
X-HS-Hub-Id
Count-Hit
X-HS-Cache-Config
X-Ua-Browser
Cache-Tags
X-Debug
X-Ismobilevalue
X-Cluster-Name
X-TraceId
X-NGENIX-Cache
X-LLID
X-Newrelic-App-Data
X-Nf-Request-Id
X-PressLabs-Stats
Server-Node
MicrosoftSharePointTeamServices
X-Aspnetmvc-Version
X-GUploader-UploadID
X-Content-Security-Policy-Report-Only
X-Varnish-Backend
X-Frontend
X-Protected-By
X-VARITI-CCR
X-HS-Combine-CSS
X-Amz-Replication-Status
X-Hits
X-Goog-Metageneration
X-LB-Cache
X-Microsite
X-Request-Handler-Origin-Region
X-Unique-Id
X-Page-Id
X-Ratelimit-Reset
X-DIS-Request-ID
Cleartype
Payment
X-Activity-Id
X-Git-Hash
X-FB-Debug
X-AppVersion
X-Varnish-Server
X-Az
Content-Disposition
X-Hostname
X-Www-Served-By
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Logged-In
X-HP-Trace-Id
X-Jurisdiction
X-Cambria-Cache-Control
X-HP-Webp
X-Template
Host
X-Amz-Apigw-Id
X-Amzn-RequestId
Filterid
Amp-Access-Control-Allow-Source-Origin
X-Forwarded-Proto
X-Fastcgi-Cache
X-App-Server
X-Geo-Country
Version
X-Aspnet-Version
X-Varnish-Ttl
Accept-Charset
X-ASPNET-VERSION
X-Load-Cache
X-Envoy-Decorator-Operation
MRF-Tech
X-Source
Frame-Options
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Generation
Mrf-Cache-Status
X-B3-TraceId-Primal
X-Goog-Stored-Content-Length
Trailer
X-WP-CF-Super-Cache-Cache-Control
X-Type
X-WP-CF-Super-Cache
Fastly-SIE
Fastly-SWR
X-Ah-Environment
X-Upgrade-Enabled
Viewport
X-Content-Options
Section-Io-Cache
X-HS-Prerendered
X-TT
Access-Control-Allow-Method
X-Fb-Rlafr
Server-Name
X-B
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Origin-Server
X-B3-Sampled
X-Grace
X-Cache-Age
X-Language
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-Backend
X-Country-Code-Real
X-FTR-Expires
X-FTR-Cache-Status
X-Cache-Control
X-Device-Type
X-Buckets
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Rid
Retry-After
X-Px
X-Cdn
MS-Author-Via
Content-MD5
X-Mobile
X-Magnolia-Registration
X-Request-Guid
X-Vcl-Version
TCN
X-EdgeConnect-Cache-Status
X-Varnish-Grace
X-Trace-Id
X-Revision
X-Akamai-Edgescape
Protected
X-Tec-Api-Root
X-Tec-Api-Origin
X-Tec-Api-Version
Healthy
X-WP-CF-Super-Cache-Active
Cross-Origin-Embedder-Policy-Report-Only
X-Backend-Name
X-Proxy
Charset
X-Original-Request-Id
X-App-Environment
Upgrade-Insecure-Requests
SD-X-WS
X-Debug-Info
X-Instance
X-Response-Served-From
X-RM-Cache-TTL
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
X-Status
X-Tumblr-Pixel
X-Is-Bot
X-Tumblr-User
X-ProcessESI
X-RemovedCookies
X-Rendered-As
X-NYM-Debug-Backend
X-Storage
X-Adobe-Loc
X-Adobe-Content
Cross-Origin-Window-Policy
X-Cache-Time
Access-Control-Request-Headers
X-UUID
X-FW-Hash
X-FW-Type
X-FW-Version
X-ServerID
X-Node-Name
X-FW-Static
X-FW-Server
X-CSRF-Token
X-FW-Dynamic
X-Region
X-FW-Serve
X-Cacheable-TTL
NGB
X-Edge-Location
X-Framework
X-Datadog-Parent-Id
Refresh
X-Debug-IsPreview
X-Datadog-Sampling-Priority
X-Datadog-Trace-Id
X-Debug-IsConnected
X-Datadog-Sampled
X-Mg-Request-UUID
X-Yottaa-Optimizations
Ms-Operation-Id
MS-CV
X-Yottaa-Metrics
X-Whom
X-Proxy-Cache-Info
X-RTag
X-Rule
X-Content-Powered-By
X-G
OT-Force-Account-Verify
GEO-INFO
X-Lambda-Id
X-L-Path
X-Environment-Context
X-Resp-Is-Stale
Section-Io-Id
X-B3-Traceid
X-Contextid
X-Amzn-Remapped-Content-Length
X-Reqid
X-TT-LOGID
Webserver
X-CCDN-Origin-Time
DC
X-CCDN-CacheTTL
X-Hcs-Proxy-Type
Countrycode
X-Server-W
X-User-Agent
Paypal-Debug-Id
X-HTML-Minification-Powered-By
X-Amz-Meta-S3cmd-Attrs
X-ECache
X-Origin-Cache
Alternate-Protocol
X-Real-IP
Cross-Origin-Opener-Policy-Report-Only
SRV
X-HS-CF-Cache-Status
X-Time
Front
Priority
X-WebKit-CSP-Report-Only
X-VC
X-B3-SpanId
X-DataDome
X-Seen-By
Ohc-File-Size
WPO-Cache-Status
WPO-Cache-Message
X-WP-CF-Super-Cache-Cookies-Bypass
X-Hl-Ver
Liferay-Portal
X-Rocket-Nginx-Serving-Static
X-Nginx-Cache
Backend
X-Origin-TTL
X-Origin-CC
Xet-Cookie
X-Mode
X-IPS-LoggedIn
Onion-Location
X-Akamai-Request-ID2
Fastcgi-Useragent
X-Cache-Action
X-JoinUs
Property-Id
Meta-Geo
X-Format
X-FB-TRIP-ID
X-Cache-Host
X-Tumblr-Pixel-3
Filters
X-AB
X-Say-TTL
Webcakes-App-Name
X-RateLimit-Remaining
Webcakes-App-Version
X-Say-Cacheable
X-Rn-Rsrv
X-SaId
X-SayCDN-TTL
TWC-Connection-Speed
TWC-Privacy
Web-Mar-Node
TWC-Locale-Group
TWC-GeoIP-LatLong
TWC-Device-Class
TWC-GeoIP-Country
X-Rewrite-Enabled
Webcakes-Region
ServerID
X-Origin-Hint
X-Tumblr-Pixel-2
X-UPSTREAM-Address
X-Redis-Cache
X-Scope-Id
X-Hosted-By
X-Cluster-Node
X-Vcache
X-Accel-Version
X-Cms-Context
X-Connection-Hash
X-Skip-Cache
X-Labrador-Cache-Channel
Uber-Trace-Id
X-Ms-Version
X-Loop
Expiry
X-Fetched-On
X-Ms-Request-Id
Mn-Server-Ip
X-Cache-Expired-At
X-Detected-As
X-Director
From-Origin
X-PHP-Host
X-VC-Cache
X-Restarts
X-Varnish-Age
X-Soup
X-Tncms
DB-Nickname
Country
X-DynaTrace
X-Tb
Environment
X-N
X-Frame-Option
X-Handled-By
X-IPLB-Instance
X-Httpd
X-Forwarded-Host
X-Servername
Url
X-Adobe-Source
Atl-Traceid
Apigw-Requestid
X-IPLB-Request-ID
X-R9-Blue-Green-Version
X-Webstats-RespID
X-Origin-Date
X-Web-Node
X-Varnish-Cache-Hits
X-Logging-Id
X-Proxy-Build
X-BYPASS-REASON
X-Auth-Group-Type
X-Served-From
X-Varnish-Beresp-Grace
Selected-Fe
X-Cluster
X-Timing-Wait
X-ProxyCache-Key
X-ProxyCache-Status
X-Routing-Service
X-Proxied
ServedBy
X-Origin
X-Cache-Status-Check
X-Zipkin-Id
X-Extlb
X-Cloudmap
X-S
X-Azure-Ref-OriginShield
Surrogated-Key
X-Hit
Cross-Origin-Embedder-Policy
X-Worker
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-CDN-Forward
LB
X-SRV
X-LSADC-Cache
X-Request-URI
Accept-Language
X-Cache-Hit
X-Lagoon
X-Sucuri-Cache
Referer-Policy
X-Generation-Time
N-Cache
X-Drupal-Cache-Tags
X-Generated-By
X-Fastly-Request-Id
X-Drupal-Cache-Contexts
X-Cdn-Origin
X-App-Version
X-Sucuri-ID
X-MP-GENERATED-AT
Xserver
CF-IPCountry
CDN-RequestId
X-URL
Ohc-Cache-HIT
X-XRDS-Location
X-Xfnlog-Site
X-Tx-Id
X-Oracle-Dms-Ecid
Node
X-F-Cache
X-TA-CDN-Provider
VIX-Pulpo-Upstream-Status
X-Mly-Id
Cache
VIX-Pulpo-Node
X-AIR-PT
Edge-Copy-Time
X-Via-CDN
Source
X-Wix-Request-Id
X-VC-TTL
X-Via-Edge
X-Via-SSL
X-Cache-Rule
X-Cache-Debug
X-NODE
X-UA
X-RCS-CacheZone
X-INCAP-ABP
X-Varnish-Beresp-Ttl
Cache-Provider
X-Site-Version
X-VCT
X-Pad
X-Locale
X-ElasticPress-Query
X-GEO
Redirect-Candidate
Producers
Rendered-Blocks
Sslversion
Web-Mar-Region
We-Hiring
Mail-Subject
Cluster
DCR-Decision-By
DCR-Processing-Time-Ms
Expect-Staple
Candidate-Md5Url
BehaviorPad-Version
Apple-News-Services-Handled
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Fastly-Backend-Name
Fastly-GeoIP-CountryCode
Meta-Geo-Continent
Ngx.Var.Host
Odigeo-Trace-Id
Origin
MD5-Digest
Wxu-Next-Commit
Fastly-SSL
Fl-Custom-Application
Host-ID
Lang
PFcat
X-BCube-Filmed-By
X-Is-Tablet
X-Is-Supported-Browser
X-Is-Mobile
X-Jobs
X-Nyt-Route
X-Org
X-Op-Id-All
X-Is-Desktop
X-Ig-Push-State
X-GeoIP-Region-Code
X-GeoIP-Country-Code
X-Geolocation
X-HN
X-Ig-Origin-Region
X-HS-Content-Campaign-Id
X-Origin-Time
X-Path
X-Tcp-Rtt
X-Slack-Shared-Secret-Outcome
X-Slack-Backend
X-VarnishDD-TTL
X-Vdms-Version
Xc-Version
X-Vtex-Remote-Cache
X-Section
X-SD-PageType
X-Platform-Server
X-PAYTM-SRV-ID
X-Proxied-Request
X-Rojux
X-ScT
X-S-Cookie
X-GeoCountry
X-GeoCode
X-Application
X-Aicache-OS
X-Aed
X-B-Cookie
X-Backend-Instance
X-Bl-Debug
X-Bc-Bl
X-Access
X-AB-Test
X-A
Wxu-Next-Region
X-A-Ccd
X-A-Dam
X-A-Wwc
X-A-Dgt
X-Browser-Name
X-Cache-Grace
X-Ec-Fail
X-DPWN-IS-SECURE
X-Developer
X-Ec-GeoHdr
X-External-Request-Id
X-Geo-Region
X-Gdpr
X-Destination
X-Debug-Cache-Store
X-Cache-Operation
X-Cache-NE
X-Cached-By
X-Conf
X-Debug-Cache-Fetch
X-D
Wxu-Next-Hostname
X-A-Dcw
X-Urbn-Site-Id
X-NWS-UUID-VERIFY
X-Urbn-Context-Path
Locale
X-No-Session
X-Csrf-Jwt
X-CUA
X-Date
X-Core-Value
X-Content-Length
X-CGP
X-Clientip
X-Content-Age
X-DefElseHash
X-DefHash
X-Esi-Check
X-Eu-Site
X-FC-Vary-Parameters
X-Epic-Correlation-Id
X-Fmm-Version
X-Dispatcher-Server
X-Cache-Info
X-Ec-Custom-Error
X-Fastly-Backend
X-Cache-Date
V-Age
X-Accel-Expires-Debug
X-AK-Request-ID
X-Akamai-Device-Characteristics
User-Cache-Control
Thinkindot-CacheControl-Type
Server-Host
TDXMobile
Thinkindot-CacheControl
X-Amz-Meta-Cb-Modifiedtime
X-Amz-Storage-Class
X-Block-Status
X-Bug-Bounty
X-Gamma-Serve
X-BBC-Edge-Cache-Status
X-B3-Trace-ID
X-App-Name
X-Auto-Login
X-B-Cache
X-Cache-Id
X-Gen-Mode
X-V-Cache
X-Varnish-CookieHashed-On
X-Varnish-CookieINHashed-On
X-Varnish-Director
X-User
X-Thinkindot-L3
X-Scheme
X-Shield-Cache-Expires
X-Signature
X-Varnish-Remaining-TTL
X-VG-WebCache
X-VTEX-Cache-Time
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-Zen-Fury
X-VTEX-Cache-Server
X-VServer
X-Via-Fastly
X-Viewer-Country
X-Vmg-Version
X-SB
X-Request-Time
X-Hash
X-Hnp-Log
X-Level-Front-Cache
X-Loc
X-Gzip
X-GoCache-CacheStatus
X-Generated-On
X-GeoIP
X-GeoIP-City
X-Location
X-Micro-Cache
X-Powered-By-VTEX-Cache
X-Proto
X-Req
X-Request-Host
X-Origin-Expires
X-NodeID
X-Mvc-Supplant-Cachable
X-NMSegId
X-Node-Id
RNT-Time
X-Human
Ha-Gx-Prefs
RNT-Machine
Origin-Agent-Cluster
CDCHOST
Platform
Azure-SlotName
Azure-InstanceId
Azure-RegionName
Azure-SiteName
NM-Fastcgi-Cache
Cdncip
Debug
Gannett-Cam-Experience-Id
HA-Ipaddr
L
L5d-Success-Class
Cdnsip
Content-Script-Type
Content-Style-Type
Product
Azure-Version
Req-Svc-Chain
X-Sorting-Hat-ShopId
X-Storefront-Renderer-Rendered
X-Alternate-Cache-Key
X-Sorting-Hat-PodId
X-Ua-Device
Akamai-Mon-Iucid-Del
X-ShopId
X-ShardId
X-Shopify-Stage
Click-Count-Error
X-Cache-FS-Status
Click-Count-Action-Start
X-Men
NGX
X-HITS
X-Bip
X-Origin-Response-Time
Tube-Got-Results
Cdn-Host
Cdn-Request-Time
X-Mvc-Supplant-OutputCached
X-Cache-Aspx
ServerName
X-TH-Server
DSUID
X-Edge-Server
Gh-Request-Id
X-Depends
Country-Code
X-Contensis-Viewer-Groups
X-Cdn-Srv
X-CacheTTL
X-Internal-TTL
Content-Secure-Policy
X-Litespeed-Tag
X-IsAdmin
X-Platform
X-Acquia-Purge-Cdn-Unconfigured
X-TIM-N
X-Server-IP
X-We-Are-Hiring
X-UA-Device-Type
Tube-Get-Contents
X-Policy
X-SVT-ORM-RULES
X-Sn-Servicetimems
X-SVT-ORM-VERSION
X-Thanos
XM
Yak-Timeinfo
Origin-CC
Canary
Tube-Got-Eval
Tube-Return
X-Pool
Origin-EX
W
X-Varnish-Authentication
X-Request-Start
X-VG-TLSProxy
Req-ID
X-Service
X-Via-JSL
Mime-Version
X-Varnish-Beresp-Status
CDN-RequestCountryCode
CDN-PullZone
CDN-CachedAt
X-Vgn-Hpd-Reason
CDN-Cache
CDN-EdgeStorageId
X-NGINX-Cache
X-Tb-Optimization-Total-Bytes-Saved
CDN-RequestPullCode
X-SIPLIST1
CDN-RequestPullSuccess
X-LB-NoCache
CDN-Uid
X-Irp-Debug
X-Pubstack
Ssr
User-Agent
X-HOST
Release
X-RID
IsBot
Fastly-Drupal-HTML
X-Moov-T
X-Varnishpool
X-Moov-Xdn-Caching-Status
X-Varnish-Hits
X-Var-Ttl
X-CACHE-GROUP
X-Moov-Xdn-Version
X-Old-Content-Length
Sid
GeoIP-Latitude
N1-Cache
Pramga
X-Api-Version
X-DC
X-Cs
X-Proxy-Cache-Status
X-Refresh
CloudFront-Viewer-Country
X-ZONE
X-ORCA-Accelerator
X-RequestId
X-Servedbyhost
X-HubSpot-Correlation-Id
X-APP
X-Wa
Esi-Enabled
X-Action
X-Nc
Cache-Hits
TWC-GeoIP-City
TWC-GeoIP-DMA
TWC-GeoIP-Region
X-Via-Poph
C-Via
X-Upstream-Ct
X-Via-Popv
X-Via-Popn
Server-ID
X-LiteSpeed-Tag
X-Thinkindot-L1
Location
X-Vercel-Id
X-Vercel-Cache
X-Upstream-Ht
X-Cache-VC
X-HA-Backend
X-Newrelic-Synthetics
X-CACHE-AGE
X-Dc
X-LB-ID
X-LiteSpeed-Cache-Control
Cdn-Requestid
X-Cache-Bucket
X-Webkit-CSP
A
X-Parent-Response-Time
AMP-Access-Control-Allow-Source-Origin
X-Proxy-CacheRZ
X-NewRelic-App-Data
XkeyRZ
X-Nananana
Cache-Key
X-B3-Parentspanid
X-SERVER-NAME
X-CS
X-Presslabs-Stats
X-DynaTrace-JS-Agent
X-Tt-Logid
X-B3-Spanid
X-Zone
X-PERF
HostName
X-COUNTRY
X-ApacheServer
X-Webkit-Csp
X-Render-Time
X-Ua
X-DataCenter
Fastly-Drupal-Html
SID
X-WA-Info
WP-Super-Cache
X-Endurance-Cache-Level
X-Srv
Proxy-Firewall
X-Nitro-Cache
GeoIp-Country-Code
X-Uri
X-Webkit-Csp-Report-Only
X-Fpc
X-Litespeed-Cache-Control
Uri
Cache-Contol
RewriteTestHook
X-Ion-Healthy
X-Jungle-Id
RewriteTeamHook
X-Ion-Hop
X-API-Version
X-Cdn-Forward
Log-Origin
My-App
True-Client-IP
Cmstype
TP-L2-Cache
Cmsid
X-Oracle-Dms-Rid
Sever-Int
Server-Ext
Server-Hostname
X-Up
True-Client-Country-4JS
X-From
X-Datadome
Resin-Trace
True-Client-Ip
Sm-Log-Id
X-Service-Response-Time
X-Optimistic-Header
X-Test
CacheControlHeader
X-Ssense-Gql
X-CLOUD-TRACE-CONTEXT
GeoIP-Country-Code
X-Ssense-Shipping-Surcharge-Enabled
Is-Eu
SEZNAM-JOBS-OFFER
Tcn
X-Udemy-Cache-App-Namespace
X-Datacenter
X-Dispatcher-Number
Adler-Geo
Cdn
X-Dynatrace-Js-Agent
X-Pass-Why
X-Varnish-Beresp-TTL
X-Client-Ip
X-Stale
X-RateLimit-Limit
X-Nginx-Cache-Key
WZWS-RAY
X-FPC
X-Srcache-Fetch-Status
X-Srcache-Store-Status
Srv
Lb
X-APP-VERSION
Hostname
X-Air-Pt
X-Vc
X-Custom-Header
X-Debug-Service
X-Fastly-Cache-Status
X-Air-Hostname
X-Air-Source
X-Geo-Header
Origin-Site
T-Server
X-Air-Trace-Id
X-VWS-Id
X-LJ-Flow-ID
X-TX-ID
X-AWS-Id
Server-Id
X-ND-Cache
X-Varnish-Hostname
X-SRCache-Key
X-Provided-By
X-Lb-Id
X-Akamai-Pragma-Client-IP
NtCoent-Length
Edge-Cache
Vc-Max-Age
X-App
Serverhost
AKAMAI-GRN
Cf-Ipcountry
X-Correlation-ID
X-Fastly-Backend-Reqs
X-VCL-Version
X-Cache-Server
X-CMSURLCustom
X-Cache-Ttl
YJS-ID
X-Via-PopV
X-Via-PopN
Pragrma
X-Via-PopH
X-Oracle-DMS-ECID
X-NC
X-Ha-Backend
Pics-Label
X-WA
X-Html-Minification-Powered-By
ServerHost
WebServer
X-XRDS-LOCATION
X-Esi
Powered-By
S-Rt
Epwk-X-Cache
Geoip-Latitude
X-Cdn-Cache-Status
X-Forwarded-Site
X-Region-Sid
X-Rocket-Build-Number
X-Sigma
Machine
X-Sigma-Backend
Av-Poweredby
X-LAGOON
Cache-Tv-Group
WWW-Authenticate
X-Requestid
X-Traceid
Ms-Author-Via
Nord-Request-ID
X-ServedByHost
Cloudfront-Viewer-Country
Vix-Hermes-Req-Id
X-Cache-TTL-Remaining
CountryCode
X-Ckpd-Fst-Backend
X-MSEdge-Features
X-MSEdge-Flight
X-Proxy-Cache-La3
MIME-Version
X-Fastly-Cache
Xkey-La3
X-HS-Status
Xkeylog
X-Sucuri-Id
Warning
X-Akamai-ERPolicy
X-IAuth-Set-Uid
X-Akamai-ERRuleID
FSS-Cache
Reporter
Thinkindot-Control
X-Wp-Cf-Super-Cache
On-Server
X-Check-Cacheable
X-Serial
X-Lb-Nocache
X-Wp-Cf-Super-Cache-Cache-Control
X-Elasticpress-Query
X-VTEX-Cache-Backend-Connect-Time
X-Web-Server
X-BBC-Origin-Response-Status
DataCenter
Coldstone-Viewer-Country
Datacenter
Coldstone-Viewer-Currency
Coldstone-Viewer-Country-Region-Name
Cneonction
X-Td-Header-From-No-Data
X-Dw-Trace-Id
X-Lsadc-Cache
X-Mg-Cache
Timeexpire
Thinkindot-Cache-Type
X-Cdn-Request-ID
X-Tncms-Bot-Tier
X-VTEX-Cache-Backend-Header-Time
X-Orig-Cache-Control