Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
X-Frame-Options
Expires
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
CF-Cache-Status
Cf-Request-Id
ETag
Accept-Ranges
Expect-CT
Pragma
CF-RAY
X-Powered-By
X-Cache
Via
Age
X-XSS-Protection
Content-Security-Policy
Alt-Svc
Report-To
NEL
Referrer-Policy
X-Xss-Protection
Access-Control-Allow-Origin
Accept-CH
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
X-Served-By
P3P
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-Varnish
CF-Ray
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
Content-Security-Policy-Report-Only
X-DNS-Prefetch-Control
X-Runtime
X-AspNet-Version
X-Drupal-Cache
Server-Timing
X-Generator
X-Cache-Status
P3p
X-Cacheable
X-Envoy-Upstream-Service-Time
Timing-Allow-Origin
Permissions-Policy
X-Iinfo
X-Request-ID
X-FRAME-OPTIONS
X-Drupal-Dynamic-Cache
X-Ua-Compatible
Feature-Policy
X-Content-Security-Policy
Access-Control-Expose-Headers
Accept-CH-Lifetime
Upgrade
Content-Encoding
Status
X-CDN
Access-Control-Max-Age
X-AspNetMvc-Version
Host-Header
Cf-Edge-Cache
X-Robots-Tag
Request-Context
X-Amz-Request-Id
X-Backend
X-UA-Device
X-Amz-Id-2
X-Hacker
Cf-Apo-Via
X-Cache-Group
X-Age
X-Vhost
X-Proxy-Cache
X-Turbo-Charged-By
EagleId
Keep-Alive
X-Rq
X-Via
X-Dispatcher
X-Server
X-Amz-Version-Id
X-AH-Environment
X-Ws-Request-Id
Xkey
X-Varnish-Cache
X-Litespeed-Cache
X-WebKit-CSP
Grace
X-Server-Powered-By
X-OneAgent-JS-Injection
X-Swift-CacheTime
X-Swift-SaveTime
X-Pingback
Ali-Swift-Global-Savetime
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Check
Allow
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Page-Speed
X-Cache-Lookup
X-Cloud-Trace-Context
X-Device
X-Dns-Prefetch-Control
X-Akam-SW-Version
X-Backend-Server
X-Host
Surrogate-Control
EagleEye-TraceId
X-Response-Time
X-Readtime
Cf-Railgun
X-Node
X-HW
X-Ruxit-JS-Agent
Request-Id
X-Country
X-LiteSpeed-Cache
X-Country-Code
Content-Location
X-Server-Id
X-Nginx-Cache-Status
X-Url
Cache-Tag
X-Content-Type
X-Nginx-Upstream-Cache-Status
Service-Worker-Allowed
Fastly-Restarts
X-Clacks-Overhead
X-Trace
Cross-Origin-Opener-Policy
X-Rack-Cache
X-Application-Context
X-Amz-Server-Side-Encryption
X-Times
X-NWS-LOG-UUID
Surrogate-Key
X-TtlSet
X-Vname
X-PC
X-Midtier
X-Edge
X-Mcache
Rating
X-Server-Name
X-Cache-TTL
X-Middleton-Display
Display
Pagespeed
X-Sol
X-Server-ID
X-Cnection
X-Powered-By-Plesk
X-Element-Page-Cache
X-Abt-Application-Version
X-Browser-Type
X-Exp-Variant
X-Kinja-Build
X-Kinja-Revision
X-Kinja-Server
X-GoogleNews-Bot
X-Kinja
X-Cdn-Fetch
X-Exp-Id
X-ESI
X-GitHub-Request-Id
Nginx-Cache
X-Vcap-Request-Id
X-ECACHE
Edge-Control
X-D2id
Verso
X-Ac
X-ORACLE-DMS-RID
X-Ser
X-MS-InvokeApp
X-Client-IP
X-Ratelimit-Limit
X-Amz-Rid
X-Wormhole-Sdk
Response
X-Middleton-Response
X-Ratelimit-Remaining
X-Oneagent-Js-Injection
X-B3-TraceId
X-Goog-Hash
X-ARC
X-CST
X-Powered-CMS
X-Dw-Request-Base-Id
X-Navigation-Version
X-FTR-Request-ID
X-Edge-Location-Klb
X-Kinsta-Cache
X-Instrumentation
X-Server-Lifecycle-Phase
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Kraken-Loop-Name
X-PDP-UNCACHING-HASH
X-Upstream
X-Forwarded-For
X-Ruxit-Js-Agent
X-Amzn-Trace-Id
SPRequestDuration
SPIisLatency
Origin-Trial
X-Cache-Key
X-Mod-Pagespeed
RTSS
Edge-Cache-Tag
X-Content-Digest
Cache-Status
Public-Key-Pins
X-NF-Request-ID
AR-SID
AR-Request-ID
AR-PoweredBy
AR-ATIME
X-Ezoic-Cdn
X-Ttl
X-FastCGI-Cache
X-Daa-Tunnel
X-Version
X-ORACLE-DMS-ECID
X-SharePointHealthScore
SPRequestGuid
X-Fastly-Request-ID
X-Mg-S
Realpath
X-Pinterest-Rid
Pinterest-Version
Pinterest-Generated-By
S
X-MSEdge-Ref
X-Shield-Request-Id
X-Recruiting
X-T
Front-End-Https
Fastcgi-Cache
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Accel-Expires
X-Xrds-Location
X-Distributor
Cross-Origin-Resource-Policy
X-Cached
AR-CACHE
Access-Control-Request-Method
Arr-Disable-Session-Affinity
X-Azure-Ref
X-Request-Received
TP-Cache
X-Request-Processing-Time
X-Correlation-Id
X-HS-Hub-Id
X-HS-Cache-Config
X-HS-Content-Id
Count-Hit
X-Id
X-TTL
Cache-Tags
X-Debug
X-Ua-Browser
Akamai-GRN
X-Ismobilevalue
X-Cluster-Name
X-LLID
X-Newrelic-App-Data
X-TraceId
X-NGENIX-Cache
Server-Node
X-Content-Security-Policy-Report-Only
MicrosoftSharePointTeamServices
X-GUploader-UploadID
X-Nf-Request-Id
X-Varnish-TTL
X-Hits
X-Frontend
X-Varnish-Backend
X-HS-Combine-CSS
X-VARITI-CCR
X-Protected-By
X-Aspnetmvc-Version
X-Amz-Replication-Status
X-PressLabs-Stats
X-Fastcgi-Cache
X-Goog-Metageneration
Accept-Ch
X-LB-Cache
X-Microsite
X-Request-Handler-Origin-Region
Payment
X-Page-Id
X-Unique-Id
X-Ratelimit-Reset
Cleartype
X-FB-Debug
X-Git-Hash
X-DIS-Request-ID
X-Activity-Id
X-Logged-In
X-Varnish-Ttl
X-Az
X-AppVersion
X-Tt-Trace-Host
X-Hostname
X-Www-Served-By
X-Tt-Trace-Tag
X-Varnish-Server
Content-Disposition
X-HP-Webp
X-Cambria-Cache-Control
X-HP-Trace-Id
X-Jurisdiction
X-Template
Host
X-Amz-Apigw-Id
X-Amzn-RequestId
Amp-Access-Control-Allow-Source-Origin
Filterid
X-Forwarded-Proto
X-Geo-Country
X-App-Server
Version
X-Load-Cache
Accept-Charset
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Envoy-Decorator-Operation
X-Goog-Storage-Class
X-Goog-Generation
MRF-Tech
X-B3-TraceId-Primal
Mrf-Cache-Status
X-Aspnet-Version
X-Cache-Age
Frame-Options
X-WP-CF-Super-Cache-Cache-Control
X-Type
X-Source
X-WP-CF-Super-Cache
X-ASPNET-VERSION
Fastly-SWR
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
Fastly-SIE
Access-Control-Allow-Method
Section-Io-Cache
Viewport
Trailer
X-Content-Options
X-Upgrade-Enabled
X-Fb-Rlafr
X-TT
X-HS-Prerendered
X-Origin-Server
X-Grace
Server-Name
X-B3-Sampled
X-B
X-Ah-Environment
X-Language
X-Cache-Control
X-Device-Type
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Rid
X-Buckets
X-FTR-Backend
X-Country-Code-Real
Retry-After
X-FTR-Backend-Server
X-FTR-Cache-Status
X-FTR-Balancer
X-FTR-Expires
MS-Author-Via
X-Px
Content-MD5
X-Magnolia-Registration
X-Mobile
X-Request-Guid
X-Cdn
TCN
X-Trace-Id
X-EdgeConnect-Cache-Status
X-Revision
X-Akamai-Edgescape
X-Varnish-Grace
X-Vcl-Version
Protected
Healthy
X-WP-CF-Super-Cache-Active
X-Backend-Name
X-Tec-Api-Origin
Accept-Ch-Lifetime
X-Tec-Api-Version
X-Tec-Api-Root
X-Proxy
Cross-Origin-Embedder-Policy-Report-Only
Charset
X-RM-Cache-TTL
X-Original-Request-Id
X-Response-Served-From
X-Debug-Info
X-Instance
Upgrade-Insecure-Requests
X-App-Environment
SD-X-WS
X-Rule
X-ServerID
X-Tumblr-Pixel
X-CSRF-Token
X-ProcessESI
X-NYM-Debug-Backend
X-Tumblr-Pixel-0
X-RemovedCookies
X-Rendered-As
X-Is-Bot
X-Tumblr-Pixel-1
X-Tumblr-User
X-FW-Static
X-FW-Server
X-FW-Serve
X-FW-Type
X-FW-Version
NGB
X-FW-Hash
X-Mg-Request-UUID
X-Cacheable-TTL
Access-Control-Request-Headers
Cross-Origin-Window-Policy
X-Adobe-Content
X-Adobe-Loc
X-Node-Name
X-Cache-Time
X-Framework
X-FW-Dynamic
X-UUID
X-Region
X-Storage
X-Status
Refresh
X-Datadog-Trace-Id
X-Debug-IsConnected
X-Debug-IsPreview
X-Datadog-Sampling-Priority
X-Content-Powered-By
Ms-Operation-Id
MS-CV
X-RTag
X-Datadog-Parent-Id
X-Datadog-Sampled
X-Yottaa-Metrics
X-Proxy-Cache-Info
X-Whom
X-Yottaa-Optimizations
X-G
GEO-INFO
OT-Force-Account-Verify
X-L-Path
X-Edge-Location
X-Environment-Context
X-Lambda-Id
X-Contextid
Section-Io-Id
Webserver
X-Resp-Is-Stale
X-Reqid
X-Amzn-Remapped-Content-Length
X-B3-Traceid
X-Origin-Cache
DC
Countrycode
X-Amz-Meta-S3cmd-Attrs
X-CCDN-CacheTTL
X-CCDN-Origin-Time
X-Hcs-Proxy-Type
X-User-Agent
X-HTML-Minification-Powered-By
X-VC
Paypal-Debug-Id
X-Server-W
Alternate-Protocol
X-Real-IP
SRV
X-B3-SpanId
Front
X-Time
X-DataDome
X-Seen-By
Cross-Origin-Opener-Policy-Report-Only
Priority
X-TT-LOGID
X-ECache
X-WebKit-CSP-Report-Only
X-HS-CF-Cache-Status
X-Nginx-Cache
WPO-Cache-Status
WPO-Cache-Message
X-WP-CF-Super-Cache-Cookies-Bypass
Xet-Cookie
Ohc-File-Size
Liferay-Portal
X-Rocket-Nginx-Serving-Static
X-Origin-TTL
X-Hl-Ver
X-Origin-CC
Backend
X-Mode
X-IPS-LoggedIn
X-Akamai-Request-ID2
Onion-Location
X-AB
X-Origin-Hint
X-SayCDN-TTL
X-Say-TTL
X-SaId
X-Rewrite-Enabled
X-Format
X-Tumblr-Pixel-2
TWC-GeoIP-Country
TWC-Device-Class
X-Redis-Cache
ServerID
Property-Id
Meta-Geo
Fastcgi-Useragent
TWC-Connection-Speed
Filters
TWC-Locale-Group
X-Rn-Rsrv
X-Say-Cacheable
X-UPSTREAM-Address
Country
Webcakes-Region
X-Cache-Host
X-Cache-Action
Environment
TWC-GeoIP-LatLong
X-FB-TRIP-ID
X-JoinUs
Web-Mar-Node
Webcakes-App-Name
Webcakes-App-Version
TWC-Privacy
X-Cache-Status-Check
X-Ms-Request-Id
X-Cache-Expired-At
X-Accel-Version
X-Loop
X-Handled-By
X-Cluster-Node
X-Fetched-On
X-Labrador-Cache-Channel
DB-Nickname
Expiry
X-IPLB-Request-ID
X-IPLB-Instance
X-Skip-Cache
X-Origin-Date
X-Scope-Id
X-Vcache
X-Soup
X-Ms-Version
Uber-Trace-Id
X-VC-Cache
X-Tncms
X-PHP-Host
X-R9-Blue-Green-Version
X-Connection-Hash
X-Cms-Context
X-Varnish-Age
X-Hosted-By
X-Detected-As
X-Tumblr-Pixel-3
X-Director
X-Restarts
Mn-Server-Ip
From-Origin
X-N
X-DynaTrace
X-Tb
X-Httpd
X-BYPASS-REASON
X-Logging-Id
Atl-Traceid
X-Adobe-Source
Url
X-Forwarded-Host
X-Web-Node
Apigw-Requestid
X-Webstats-RespID
X-Varnish-Beresp-Grace
X-Servername
X-ProxyCache-Status
X-Varnish-Cache-Hits
X-ProxyCache-Key
X-Proxy-Build
X-Frame-Option
X-Auth-Group-Type
X-RateLimit-Remaining
Selected-Fe
ServedBy
X-Timing-Wait
X-Served-From
X-Cluster
X-Cloudmap
X-Extlb
X-Routing-Service
X-Origin
X-Zipkin-Id
X-Proxied
X-S
X-Hit
Cross-Origin-Embedder-Policy
X-SRV
Surrogated-Key
X-RateLimit-Limit-Second
X-LSADC-Cache
Accept-Language
X-Azure-Ref-OriginShield
X-RateLimit-Remaining-Second
X-Worker
LB
X-Request-URI
X-Cache-Hit
X-Lagoon
Referer-Policy
X-CDN-Forward
X-Sucuri-Cache
N-Cache
X-Drupal-Cache-Tags
X-Generated-By
X-Generation-Time
X-Drupal-Cache-Contexts
X-App-Version
X-Cdn-Origin
Xserver
X-Fastly-Request-Id
X-Sucuri-ID
X-MP-GENERATED-AT
CF-IPCountry
X-Tx-Id
X-Xfnlog-Site
X-AIR-PT
VIX-Pulpo-Upstream-Status
Source
X-F-Cache
VIX-Pulpo-Node
Node
X-Wix-Request-Id
X-TA-CDN-Provider
Ohc-Cache-HIT
Cache
X-Mly-Id
X-Via-Edge
X-Cache-Debug
X-Cache-Rule
X-Via-SSL
Edge-Copy-Time
CDN-RequestId
X-Via-CDN
X-RCS-CacheZone
X-VC-TTL
X-Varnish-Beresp-Ttl
X-INCAP-ABP
X-UA
X-NODE
X-VCT
Cache-Provider
X-Pad
X-Site-Version
X-Locale
X-NWS-UUID-VERIFY
X-Geo-Region
X-Browser-Name
Locale
X-Urbn-Context-Path
X-Urbn-Site-Id
X-Is-Desktop
X-ElasticPress-Query
X-XRDS-Location
X-GEO
X-Is-Mobile
X-Is-Tablet
X-Is-Supported-Browser
X-Tcp-Rtt
Producers
Rendered-Blocks
Apple-News-Services-Handled
Redirect-Candidate
Sslversion
We-Hiring
Meta-Geo-Continent
Host-ID
HA-Ipaddr
Web-Mar-Region
DCR-Processing-Time-Ms
DCR-Decision-By
Ha-Gx-Prefs
Fl-Custom-Application
Fastly-GeoIP-CountryCode
Fastly-Backend-Name
Expect-Staple
Fastly-SSL
L5d-Success-Class
Lang
Ngx.Var.Host
Apple-News-Services-Parsed-Url
Odigeo-Trace-Id
Apple-News-Services-Host
Origin
Apple-News-Services-Request-Url
BehaviorPad-Version
Mail-Subject
Cluster
MD5-Digest
Candidate-Md5Url
PFcat
X-Bug-Bounty
X-Jobs
X-Ig-Push-State
X-Ig-Origin-Region
X-Mvc-Supplant-Cachable
X-Nyt-Route
X-Org
X-Op-Id-All
X-HS-Content-Campaign-Id
X-HN
X-GeoCode
X-Gdpr
X-FC-Vary-Parameters
X-GeoCountry
X-GeoIP-Country-Code
X-Geolocation
X-GeoIP-Region-Code
X-Origin-Time
X-Path
X-Slack-Shared-Secret-Outcome
X-Slack-Backend
X-Section
X-VarnishDD-TTL
X-Vdms-Version
Xc-Version
X-Vtex-Remote-Cache
X-SD-PageType
X-ScT
X-Platform-Server
X-PAYTM-SRV-ID
X-Proto
X-Proxied-Request
X-S-Cookie
X-Rojux
X-External-Request-Id
X-Eu-Site
X-Aicache-OS
X-Aed
X-Access
X-Application
X-B-Cookie
X-Bc-Bl
X-Backend-Instance
X-AB-Test
X-A-Wwc
X-A
Wxu-Next-Hostname
X-A-Ccd
X-A-Dam
X-A-Dgt
X-A-Dcw
X-BCube-Filmed-By
X-Bl-Debug
X-Destination
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-Developer
X-DPWN-IS-SECURE
X-Ec-GeoHdr
X-Ec-Fail
X-D
X-Csrf-Jwt
X-Cache-Info
X-Cache-Grace
X-Cache-NE
X-Cache-Operation
X-Conf
X-CGP
Wxu-Next-Commit
Wxu-Next-Region
X-No-Session
X-B-Cache
X-Signature
X-Oracle-Dms-Ecid
X-DefElseHash
X-Date
X-CUA
X-Content-Length
X-Clientip
X-Litespeed-Tag
X-Content-Age
X-DefHash
X-Core-Value
X-Ec-Custom-Error
X-Gamma-Serve
X-Gen-Mode
X-Generated-On
X-Fmm-Version
X-Fastly-Backend
X-CacheTTL
X-Epic-Correlation-Id
X-Esi-Check
X-Dispatcher-Server
X-Cache-Date
Thinkindot-CacheControl-Type
User-Cache-Control
V-Age
Thinkindot-CacheControl
TDXMobile
RNT-Machine
RNT-Time
Server-Host
X-Accel-Expires-Debug
X-AK-Request-ID
X-BBC-Edge-Cache-Status
X-Block-Status
X-GeoIP
X-B3-Trace-ID
X-Auto-Login
X-Akamai-Device-Characteristics
X-Amz-Meta-Cb-Modifiedtime
X-Amz-Storage-Class
X-Cache-Id
X-GeoIP-City
X-Varnish-CookieHashed-On
X-Varnish-CookieINHashed-On
X-Varnish-Director
X-Varnish-Remaining-TTL
X-V-Cache
X-User
X-Scheme
X-Shield-Cache-Expires
X-Thinkindot-L3
X-VG-WebCache
X-Via-Fastly
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-Zen-Fury
X-Cached-By
X-VTEX-Cache-Time
X-VTEX-Cache-Server
X-Viewer-Country
X-Vmg-Version
X-VServer
X-SB
X-Request-Time
X-Level-Front-Cache
X-Loc
X-Location
X-Micro-Cache
X-Via-JSL
X-Human
X-Gzip
X-Hash
X-Hnp-Log
X-Mvc-Supplant-OutputCached
X-NMSegId
X-Powered-By-VTEX-Cache
X-Req
X-Request-Host
X-Policy
X-Platform
X-Node-Id
X-NodeID
X-Origin-Expires
Req-Svc-Chain
X-GoCache-CacheStatus
L
Content-Script-Type
Gannett-Cam-Experience-Id
NM-Fastcgi-Cache
Product
Cdnsip
Platform
CDCHOST
Gh-Request-Id
Cdncip
Origin-Agent-Cluster
Azure-Version
Canary
Azure-InstanceId
Content-Style-Type
Azure-RegionName
Azure-SiteName
Debug
Azure-SlotName
Mime-Version
Akamai-Mon-Iucid-Del
X-Depends
Origin-CC
X-Cache-Aspx
X-Acquia-Purge-Cdn-Unconfigured
Origin-EX
X-Pool
Req-ID
DSUID
X-Origin-Response-Time
Click-Count-Action-Start
X-Pubstack
X-Bip
X-Internal-TTL
Content-Secure-Policy
X-IsAdmin
X-App-Name
X-Alternate-Cache-Key
NGX
X-Men
Click-Count-Error
Country-Code
X-ShopId
X-TIM-N
X-UA-Device-Type
X-Thanos
Tube-Get-Contents
Release
Tube-Got-Eval
X-Varnish-Authentication
X-Varnish-Beresp-Status
X-Service
XM
X-We-Are-Hiring
ServerName
Ssr
X-VG-TLSProxy
Yak-Timeinfo
Tube-Got-Results
X-Contensis-Viewer-Groups
X-Sn-Servicetimems
X-Shopify-Stage
X-Cache-FS-Status
X-Server-IP
X-ShardId
Tube-Return
W
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Storefront-Renderer-Rendered
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-Request-Start
X-Ua-Device
X-Edge-Server
IsBot
Cdn-Host
X-SIPLIST1
X-Tb-Optimization-Total-Bytes-Saved
X-TH-Server
X-Cdn-Srv
X-DC
X-LB-NoCache
Fastly-Drupal-HTML
X-Irp-Debug
Cdn-Request-Time
User-Agent
X-Presslabs-Stats
X-URL
CDN-EdgeStorageId
X-Varnish-Hits
X-Cs
CDN-Cache
X-Varnishpool
X-HOST
X-NGINX-Cache
CDN-RequestCountryCode
CDN-CachedAt
CDN-PullZone
CDN-RequestPullSuccess
CDN-Uid
X-Var-Ttl
CDN-RequestPullCode
X-RID
X-Moov-Xdn-Version
X-Moov-Xdn-Caching-Status
X-CACHE-GROUP
X-Vgn-Hpd-Reason
GeoIP-Latitude
X-Old-Content-Length
Pramga
X-Moov-T
X-Proxy-Cache-Status
Sid
X-Servedbyhost
CloudFront-Viewer-Country
X-ORCA-Accelerator
X-RequestId
N1-Cache
Cdn-Requestid
X-Tt-Logid
X-HubSpot-Correlation-Id
X-Nc
X-Refresh
Esi-Enabled
X-HITS
X-ZONE
X-Wa
X-Upstream-Ht
X-Upstream-Ct
X-Via-Popv
X-Via-Popn
C-Via
X-HA-Backend
X-Api-Version
X-Via-Poph
X-Action
Server-ID
TWC-GeoIP-City
TWC-GeoIP-Region
X-LiteSpeed-Cache-Control
Cache-Hits
TWC-GeoIP-DMA
Location
X-Vercel-Cache
X-APP
X-Cache-Bucket
X-Cache-VC
X-LiteSpeed-Tag
X-Thinkindot-L1
X-Vercel-Id
X-LB-ID
X-DynaTrace-JS-Agent
X-Newrelic-Synthetics
A
X-Proxy-CacheRZ
XkeyRZ
X-B3-Parentspanid
X-Parent-Response-Time
Cache-Key
HostName
X-Webkit-CSP
X-Zone
X-Nananana
AMP-Access-Control-Allow-Source-Origin
X-NewRelic-App-Data
X-B3-Spanid
SID
X-Webkit-Csp-Report-Only
X-API-Version
X-Dc
X-COUNTRY
X-Endurance-Cache-Level
X-PERF
X-ApacheServer
X-CS
X-Webkit-Csp
X-WA-Info
X-Fpc
X-Render-Time
Fastly-Drupal-Html
Proxy-Firewall
X-Ua
WP-Super-Cache
X-CACHE-AGE
X-Srv
X-DataCenter
Uri
X-Uri
X-Nitro-Cache
X-Cdn-Forward
X-Litespeed-Cache-Control
Cache-Contol
GeoIp-Country-Code
TP-L2-Cache
RewriteTeamHook
RewriteTestHook
True-Client-Ip
X-Jungle-Id
X-Ion-Hop
X-Ion-Healthy
Sever-Int
True-Client-Country-4JS
GeoIP-Country-Code
Server-Ext
X-Optimistic-Header
Server-Hostname
Cmstype
My-App
Log-Origin
Cmsid
X-Service-Response-Time
Sm-Log-Id
X-Up
Resin-Trace
X-Datadome
X-From
X-Test
X-Datacenter
True-Client-IP
Cdn
X-Dispatcher-Number
SEZNAM-JOBS-OFFER
Adler-Geo
X-CLOUD-TRACE-CONTEXT
X-Ssense-Shipping-Surcharge-Enabled
X-Ssense-Gql
Is-Eu
CacheControlHeader
X-SERVER-NAME
X-Pass-Why
WZWS-RAY
Tcn
X-Stale
X-Nginx-Cache-Key
X-Client-Ip
X-Varnish-Beresp-TTL
X-Udemy-Cache-App-Namespace
X-FPC
X-RateLimit-Limit
X-Srcache-Store-Status
X-Dynatrace-Js-Agent
X-Srcache-Fetch-Status
X-VWS-Id
X-LJ-Flow-ID
X-APP-VERSION
X-Custom-Header
T-Server
X-Oracle-Dms-Rid
X-Geo-Header
X-AWS-Id
Lb
Srv
X-Debug-Service
X-Air-Pt
X-ND-Cache
X-App
X-VCL-Version
Hostname
X-Fastly-Cache-Status
Origin-Site
X-Provided-By
X-Air-Source
X-Air-Trace-Id
X-Air-Hostname
X-TX-ID
Vc-Max-Age
Server-Id
X-Cache-Server
X-CMSURLCustom
Serverhost
X-Varnish-Hostname
X-SRCache-Key
NtCoent-Length
X-Vc
X-Correlation-ID
X-Lb-Id
X-Akamai-Pragma-Client-IP
Pics-Label
Cf-Ipcountry
Edge-Cache
X-Fastly-Backend-Reqs
AKAMAI-GRN
X-Cache-Ttl
S-Rt
ServerHost
X-Oracle-DMS-ECID
Pragrma
YJS-ID
X-WA
X-Html-Minification-Powered-By
X-Via-PopH
X-Via-PopV
Av-Poweredby
X-Via-PopN
X-NC
X-Ha-Backend
X-Cdn-Cache-Status
Powered-By
X-Esi
Cache-Tv-Group
X-XRDS-LOCATION
X-Cache-TTL-Remaining
Vix-Hermes-Req-Id
Geoip-Latitude
Epwk-X-Cache
X-Rocket-Build-Number
Machine
X-Sigma-Backend
X-Region-Sid
X-Sigma
X-Forwarded-Site
X-LAGOON
Ms-Author-Via
Cloudfront-Viewer-Country
Nord-Request-ID
X-Requestid
Xkey-La3
X-ServedByHost
Xkeylog
X-Traceid
X-Proxy-Cache-La3
X-Ckpd-Fst-Backend
X-Fastly-Cache
WebServer
WWW-Authenticate
CountryCode
On-Server
X-HS-Status
X-MSEdge-Features
X-MSEdge-Flight
Warning
Thinkindot-Control
X-Akamai-ERRuleID
X-Akamai-ERPolicy
X-Sucuri-Id
X-IAuth-Set-Uid
X-Lb-Nocache
Reporter
DataCenter
X-Wp-Cf-Super-Cache-Cache-Control
X-Wp-Cf-Super-Cache
X-Check-Cacheable
FSS-Cache
X-Serial
MIME-Version
X-Lsadc-Cache
X-Ee-Generated-By
X-Mg-Cache
X-Vary-Devices
X-Cms-Device
X-Cdn-Request-ID
X-Akamai-Transformed
AKAMAI
Thinkindot-Cache-Type
X-BBC-Origin-Response-Status
Store-Cloud-Cache
X-PHP-Backend
X-Tncms-Bot-Tier
X-Save-Cache
Cneonction
Time-Cloud-Cache
X-Elasticpress-Query
X-Ee-Request-Id
X-Ee-Request-Date
Timeexpire
X-VTEX-Cache-Backend-Connect-Time
X-VTEX-Cache-Backend-Header-Time
X-Web-Server
X-Td-Header-From-No-Data
X-Amz-Meta-Opti
X-Dw-Trace-Id
X-Orig-Cache-Control
X-Ee-Origin