Threat Level: green Handler on Duty: Jim Clausing

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
X-Frame-Options
Expires
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
CF-Cache-Status
Cf-Request-Id
ETag
Accept-Ranges
Expect-CT
CF-RAY
Pragma
X-Powered-By
X-Cache
Via
Age
X-XSS-Protection
Content-Security-Policy
Alt-Svc
Report-To
NEL
Referrer-Policy
X-Xss-Protection
Access-Control-Allow-Origin
Accept-CH
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
X-Served-By
P3P
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Request-Id
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
CF-Ray
Content-Security-Policy-Report-Only
X-Runtime
X-DNS-Prefetch-Control
X-AspNet-Version
X-Drupal-Cache
Server-Timing
X-Generator
P3p
X-Cache-Status
X-Cacheable
X-Envoy-Upstream-Service-Time
X-FRAME-OPTIONS
Timing-Allow-Origin
Permissions-Policy
X-Iinfo
X-Drupal-Dynamic-Cache
X-Request-ID
X-Ua-Compatible
Feature-Policy
Accept-CH-Lifetime
X-Content-Security-Policy
Access-Control-Expose-Headers
Upgrade
Content-Encoding
Status
X-CDN
Access-Control-Max-Age
Host-Header
X-AspNetMvc-Version
Cf-Edge-Cache
X-Robots-Tag
Request-Context
X-Amz-Request-Id
X-Backend
X-UA-Device
X-Amz-Id-2
X-Hacker
Cf-Apo-Via
X-Age
X-Cache-Group
X-Vhost
X-Proxy-Cache
EagleId
X-Turbo-Charged-By
Keep-Alive
X-Rq
X-Via
X-Dispatcher
X-Server
X-Amz-Version-Id
X-AH-Environment
X-Ws-Request-Id
Xkey
X-Varnish-Cache
X-WebKit-CSP
X-Litespeed-Cache
Grace
X-Server-Powered-By
X-Swift-SaveTime
X-Swift-CacheTime
X-Pingback
Ali-Swift-Global-Savetime
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-OneAgent-JS-Injection
Allow
X-Dns-Prefetch-Control
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Page-Speed
X-Cache-Lookup
X-Cloud-Trace-Context
X-Check
X-Device
X-Akam-SW-Version
X-Backend-Server
X-Host
Surrogate-Control
EagleEye-TraceId
X-Response-Time
X-Readtime
Cf-Railgun
X-HW
X-Node
Request-Id
X-Ruxit-JS-Agent
X-Server-Id
X-LiteSpeed-Cache
X-Country-Code
X-Country
Content-Location
X-Nginx-Cache-Status
Cache-Tag
X-Content-Type
X-Nginx-Upstream-Cache-Status
Service-Worker-Allowed
X-Url
Fastly-Restarts
X-Clacks-Overhead
X-Trace
Cross-Origin-Opener-Policy
X-Rack-Cache
X-Application-Context
X-Amz-Server-Side-Encryption
X-Times
Surrogate-Key
X-NWS-LOG-UUID
X-PC
X-TtlSet
X-Vname
Rating
X-Edge
X-Mcache
X-Midtier
X-Cache-TTL
X-Sol
Pagespeed
Display
X-Middleton-Display
X-Server-Name
X-Oneagent-Js-Injection
X-Cnection
X-Powered-By-Plesk
X-Element-Page-Cache
X-Abt-Application-Version
X-Kinja
X-GoogleNews-Bot
X-Kinja-Build
X-Kinja-Server
X-Exp-Variant
X-Exp-Id
X-Kinja-Revision
X-Browser-Type
X-Cdn-Fetch
X-ESI
X-GitHub-Request-Id
Nginx-Cache
X-Vcap-Request-Id
Edge-Control
X-ECACHE
X-D2id
X-Ruxit-Js-Agent
X-Ac
X-ORACLE-DMS-RID
Verso
X-MS-InvokeApp
X-Ser
X-Server-ID
X-Amz-Rid
X-Ratelimit-Limit
X-Client-IP
X-Middleton-Response
X-Wormhole-Sdk
Response
X-Ratelimit-Remaining
X-FTR-Request-ID
X-CST
X-Goog-Hash
X-ARC
X-Powered-CMS
X-Navigation-Version
X-B3-TraceId
X-Edge-Location-Klb
X-Kinsta-Cache
X-Dw-Request-Base-Id
X-Erf-Bev-Bev-Is-Generated
X-PDP-UNCACHING-HASH
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
X-Instrumentation
X-Erf-Bev-Bev
X-Upstream
Origin-Trial
X-Amzn-Trace-Id
SPRequestDuration
X-Forwarded-For
SPIisLatency
X-FastCGI-Cache
X-Mod-Pagespeed
X-Cache-Key
X-Content-Digest
Edge-Cache-Tag
RTSS
AR-SID
AR-ATIME
AR-PoweredBy
AR-Request-ID
Public-Key-Pins
Cache-Status
X-Ezoic-Cdn
X-NF-Request-ID
SPRequestGuid
X-SharePointHealthScore
X-Version
X-Ttl
X-Daa-Tunnel
X-Pinterest-Rid
Pinterest-Generated-By
Pinterest-Version
X-Fastly-Request-ID
X-Mg-S
Realpath
X-Recruiting
X-ORACLE-DMS-ECID
X-Shield-Request-Id
Front-End-Https
X-MSEdge-Ref
X-T
S
Fastcgi-Cache
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Accel-Expires
X-Distributor
Cross-Origin-Resource-Policy
X-Cached
AR-CACHE
X-Xrds-Location
X-Azure-Ref
Arr-Disable-Session-Affinity
X-TTL
Access-Control-Request-Method
X-Varnish-TTL
Akamai-GRN
X-Request-Received
X-Request-Processing-Time
X-Correlation-Id
X-HS-Cache-Config
Count-Hit
X-HS-Content-Id
Cache-Tags
X-HS-Hub-Id
TP-Cache
X-Debug
X-Ua-Browser
X-Id
X-Cluster-Name
X-Ismobilevalue
X-TraceId
X-LLID
X-NGENIX-Cache
X-Newrelic-App-Data
X-Nf-Request-Id
Server-Node
X-GUploader-UploadID
MicrosoftSharePointTeamServices
X-Aspnetmvc-Version
X-Content-Security-Policy-Report-Only
X-Frontend
X-Varnish-Backend
X-PressLabs-Stats
X-VARITI-CCR
Accept-Ch
X-Protected-By
X-HS-Combine-CSS
X-Amz-Replication-Status
X-Goog-Metageneration
X-Hits
X-Microsite
X-LB-Cache
X-Request-Handler-Origin-Region
X-DIS-Request-ID
X-Unique-Id
X-Page-Id
X-Ratelimit-Reset
Payment
X-Git-Hash
X-FB-Debug
Cleartype
X-Varnish-Server
X-Logged-In
X-Hostname
Content-Disposition
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Activity-Id
X-Cambria-Cache-Control
X-Www-Served-By
X-HP-Webp
X-HP-Trace-Id
X-Jurisdiction
X-Az
X-AppVersion
X-Template
Host
X-Amzn-RequestId
X-Amz-Apigw-Id
Filterid
Amp-Access-Control-Allow-Source-Origin
X-Forwarded-Proto
X-Fastcgi-Cache
X-Geo-Country
X-App-Server
X-Varnish-Ttl
Version
X-Aspnet-Version
X-ASPNET-VERSION
Accept-Charset
X-Load-Cache
X-Envoy-Decorator-Operation
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Source
Frame-Options
Trailer
X-Type
Mrf-Cache-Status
MRF-Tech
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
X-B3-TraceId-Primal
Fastly-SIE
Fastly-SWR
X-Ah-Environment
Viewport
Section-Io-Cache
X-Upgrade-Enabled
X-HS-Prerendered
Access-Control-Allow-Method
X-Content-Options
X-Fb-Rlafr
Server-Name
X-TT
X-Origin-Server
X-B
X-B3-Sampled
X-Grace
X-Cache-Age
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Language
X-FTR-Expires
X-FTR-Balancer
X-Country-Code-Real
X-FTR-Backend
X-FTR-Backend-Server
X-FTR-Cache-Status
X-Device-Type
X-Cache-Control
X-Buckets
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Rid
X-Px
Retry-After
MS-Author-Via
X-Cdn
Content-MD5
X-Mobile
X-Magnolia-Registration
X-Vcl-Version
X-Request-Guid
TCN
X-Trace-Id
X-EdgeConnect-Cache-Status
X-Revision
X-Varnish-Grace
Protected
X-Tec-Api-Version
X-Tec-Api-Root
X-Tec-Api-Origin
X-Akamai-Edgescape
X-WP-CF-Super-Cache-Active
X-Backend-Name
Healthy
Cross-Origin-Embedder-Policy-Report-Only
X-Proxy
Charset
Upgrade-Insecure-Requests
SD-X-WS
X-App-Environment
X-RM-Cache-TTL
X-Instance
X-Original-Request-Id
X-Debug-Info
X-Response-Served-From
X-Status
X-Tumblr-Pixel-1
X-Tumblr-Pixel
X-RemovedCookies
X-Rendered-As
X-ProcessESI
X-NYM-Debug-Backend
X-Tumblr-Pixel-0
X-Tumblr-User
X-ServerID
X-Is-Bot
X-FW-Dynamic
X-FW-Hash
NGB
X-Adobe-Loc
X-Mg-Request-UUID
X-Cache-Time
X-Cacheable-TTL
X-CSRF-Token
X-Region
Cross-Origin-Window-Policy
X-Framework
X-FW-Static
X-FW-Type
X-FW-Server
X-Rule
X-FW-Serve
X-Storage
X-Adobe-Content
X-FW-Version
X-Whom
X-Edge-Location
X-Datadog-Trace-Id
X-UUID
X-Datadog-Sampled
X-Datadog-Parent-Id
X-Content-Powered-By
Access-Control-Request-Headers
X-Datadog-Sampling-Priority
X-Debug-IsPreview
X-Debug-IsConnected
X-G
MS-CV
Ms-Operation-Id
GEO-INFO
X-Proxy-Cache-Info
X-Node-Name
OT-Force-Account-Verify
X-RTag
X-Yottaa-Metrics
X-Yottaa-Optimizations
Refresh
X-Lambda-Id
X-L-Path
X-Environment-Context
X-Resp-Is-Stale
Section-Io-Id
X-Contextid
Webserver
X-B3-Traceid
X-Amzn-Remapped-Content-Length
X-Reqid
X-TT-LOGID
DC
X-CCDN-Origin-Time
X-CCDN-CacheTTL
X-Hcs-Proxy-Type
X-User-Agent
X-Server-W
X-HTML-Minification-Powered-By
Paypal-Debug-Id
X-Amz-Meta-S3cmd-Attrs
Countrycode
X-Origin-Cache
X-ECache
Alternate-Protocol
Priority
SRV
X-HS-CF-Cache-Status
X-Time
Front
X-Real-IP
Cross-Origin-Opener-Policy-Report-Only
X-DataDome
X-B3-SpanId
X-VC
X-WebKit-CSP-Report-Only
X-Seen-By
Ohc-File-Size
WPO-Cache-Status
WPO-Cache-Message
X-WP-CF-Super-Cache-Cookies-Bypass
Accept-Ch-Lifetime
Liferay-Portal
X-Hl-Ver
X-Rocket-Nginx-Serving-Static
X-Mode
Xet-Cookie
X-Origin-CC
Backend
X-Origin-TTL
X-IPS-LoggedIn
X-Akamai-Request-ID2
Onion-Location
TWC-Device-Class
TWC-GeoIP-Country
TWC-Connection-Speed
Meta-Geo
X-Say-TTL
X-Format
X-Rn-Rsrv
X-SaId
X-SayCDN-TTL
X-Say-Cacheable
X-Tumblr-Pixel-2
X-Tumblr-Pixel-3
Filters
X-JoinUs
X-UPSTREAM-Address
X-Origin-Hint
X-Rewrite-Enabled
X-Redis-Cache
TWC-GeoIP-LatLong
X-FB-TRIP-ID
Webcakes-App-Name
Webcakes-App-Version
Web-Mar-Node
ServerID
TWC-Locale-Group
TWC-Privacy
X-AB
Webcakes-Region
X-RateLimit-Remaining
Fastcgi-Useragent
X-Cache-Host
X-Cache-Action
Property-Id
Expiry
DB-Nickname
From-Origin
Mn-Server-Ip
X-Fetched-On
X-VC-Cache
X-Varnish-Age
X-Vcache
X-Origin-Date
X-Ms-Version
X-PHP-Host
X-R9-Blue-Green-Version
X-Skip-Cache
X-Scope-Id
X-Soup
X-Tncms
X-Restarts
X-Ms-Request-Id
X-Loop
X-Cms-Context
X-Connection-Hash
X-Cluster-Node
X-Cache-Expired-At
X-Accel-Version
X-Detected-As
X-Director
X-IPLB-Request-ID
X-Labrador-Cache-Channel
X-IPLB-Instance
X-Hosted-By
X-Handled-By
Uber-Trace-Id
Country
X-Cache-Status-Check
X-DynaTrace
Environment
X-N
X-Nginx-Cache
X-Web-Node
Apigw-Requestid
X-BYPASS-REASON
Url
X-Tb
X-Varnish-Cache-Hits
X-ProxyCache-Status
X-ProxyCache-Key
X-Webstats-RespID
X-Frame-Option
X-Forwarded-Host
X-Adobe-Source
X-Servername
X-Varnish-Beresp-Grace
Atl-Traceid
X-Httpd
ServedBy
X-Logging-Id
X-Auth-Group-Type
X-Served-From
X-Cluster
X-S
X-Extlb
X-Zipkin-Id
X-Routing-Service
X-Proxied
X-Cloudmap
X-Hit
X-Azure-Ref-OriginShield
Cross-Origin-Embedder-Policy
X-RateLimit-Remaining-Second
X-Worker
X-RateLimit-Limit-Second
Surrogated-Key
Selected-Fe
X-Timing-Wait
X-Proxy-Build
X-LSADC-Cache
LB
X-SRV
X-Origin
X-CDN-Forward
Accept-Language
X-Cache-Hit
X-Request-URI
X-Sucuri-Cache
X-Lagoon
Referer-Policy
X-Generation-Time
X-Drupal-Cache-Tags
N-Cache
X-Fastly-Request-Id
X-Drupal-Cache-Contexts
X-Generated-By
X-App-Version
X-Cdn-Origin
X-Sucuri-ID
Xserver
X-MP-GENERATED-AT
CDN-RequestId
X-Oracle-Dms-Ecid
CF-IPCountry
X-URL
X-XRDS-Location
Ohc-Cache-HIT
X-Xfnlog-Site
X-Tx-Id
Source
Node
X-TA-CDN-Provider
X-F-Cache
X-Mly-Id
VIX-Pulpo-Node
X-AIR-PT
VIX-Pulpo-Upstream-Status
X-VC-TTL
X-Via-CDN
X-Wix-Request-Id
Cache
Edge-Copy-Time
X-Via-SSL
X-Via-Edge
X-NODE
X-Cache-Debug
X-Cache-Rule
X-UA
X-RCS-CacheZone
X-INCAP-ABP
X-Varnish-Beresp-Ttl
Cache-Provider
X-Pad
X-Site-Version
X-Locale
X-GEO
X-VCT
X-ElasticPress-Query
Wxu-Next-Region
Cluster
Sslversion
DCR-Decision-By
Apple-News-Services-Host
Wxu-Next-Hostname
BehaviorPad-Version
Apple-News-Services-Request-Url
Candidate-Md5Url
Wxu-Next-Commit
Web-Mar-Region
Apple-News-Services-Parsed-Url
We-Hiring
DCR-Processing-Time-Ms
MD5-Digest
Mail-Subject
X-A
Redirect-Candidate
Meta-Geo-Continent
Ngx.Var.Host
Origin
Producers
Odigeo-Trace-Id
Lang
L5d-Success-Class
Fastly-SSL
Fastly-GeoIP-CountryCode
Fastly-Backend-Name
Expect-Staple
Fl-Custom-Application
Ha-Gx-Prefs
Host-ID
Rendered-Blocks
HA-Ipaddr
PFcat
X-Bug-Bounty
X-Is-Tablet
X-Is-Supported-Browser
X-Is-Mobile
X-Jobs
X-Mvc-Supplant-Cachable
X-Org
X-Op-Id-All
X-Nyt-Route
X-Is-Desktop
X-Ig-Push-State
X-GeoIP-Region-Code
X-GeoIP-Country-Code
X-GeoCountry
X-Geolocation
X-HN
X-Ig-Origin-Region
X-HS-Content-Campaign-Id
X-Origin-Time
X-Path
X-Tcp-Rtt
X-Slack-Shared-Secret-Outcome
X-Slack-Backend
X-VarnishDD-TTL
X-Vdms-Version
Xc-Version
X-Vtex-Remote-Cache
X-Section
X-SD-PageType
X-Proto
X-Platform-Server
X-PAYTM-SRV-ID
X-Proxied-Request
X-Rojux
X-ScT
X-S-Cookie
X-GeoCode
X-Geo-Region
X-BCube-Filmed-By
X-Bc-Bl
X-Backend-Instance
X-Bl-Debug
X-Browser-Name
X-Cache-Grace
Apple-News-Services-Handled
X-B-Cookie
X-Application
X-A-Dgt
X-A-Dcw
X-A-Dam
X-AB-Test
X-Access
X-Aicache-OS
X-Aed
X-Cache-NE
X-Cache-Operation
X-Ec-GeoHdr
X-Ec-Fail
X-DPWN-IS-SECURE
X-Eu-Site
X-External-Request-Id
X-Gdpr
X-FC-Vary-Parameters
X-Developer
X-Destination
X-Conf
X-CGP
X-Cached-By
X-Csrf-Jwt
X-D
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-A-Ccd
X-A-Wwc
X-Urbn-Context-Path
X-NWS-UUID-VERIFY
X-Urbn-Site-Id
Locale
X-NGINX-Cache
X-No-Session
RNT-Machine
RNT-Time
X-Platform
X-Policy
X-CacheTTL
Req-Svc-Chain
X-Origin-Expires
X-NMSegId
X-Mvc-Supplant-OutputCached
X-App-Name
X-NodeID
Server-Host
X-Dispatcher-Server
X-Auto-Login
X-B3-Trace-ID
X-SB
Origin-Agent-Cluster
X-Shield-Cache-Expires
NM-Fastcgi-Cache
X-Request-Time
Platform
X-Powered-By-VTEX-Cache
Product
X-B-Cache
X-Req
X-Micro-Cache
X-Location
X-Gzip
X-Esi-Check
X-Hash
X-Hnp-Log
V-Age
X-GeoIP-City
X-GeoIP
X-Fmm-Version
X-Fastly-Backend
X-Accel-Expires-Debug
X-Gen-Mode
X-Generated-On
User-Cache-Control
X-Human
TDXMobile
Thinkindot-CacheControl
X-Level-Front-Cache
X-Loc
X-Signature
Thinkindot-CacheControl-Type
X-Amz-Storage-Class
X-Epic-Correlation-Id
X-AK-Request-ID
X-Akamai-Device-Characteristics
X-Amz-Meta-Cb-Modifiedtime
X-Ec-Custom-Error
X-Scheme
X-DefHash
Content-Style-Type
X-Content-Age
Content-Script-Type
X-Content-Length
X-VTEX-Cache-Time
Azure-Version
X-VServer
X-VTEX-Cache-Server
Debug
X-Cache-Date
X-Cache-Id
Canary
X-Zen-Fury
Azure-SiteName
Azure-SlotName
CDCHOST
Azure-RegionName
Cdnsip
Cdncip
Azure-InstanceId
X-Cache-Info
X-Viewer-Country
X-Vmg-Version
X-Via-Fastly
X-V-Cache
X-DefElseHash
X-User
X-BBC-Edge-Cache-Status
X-Thinkindot-L3
X-Date
L
X-Block-Status
X-CUA
X-Varnish-Remaining-TTL
Gannett-Cam-Experience-Id
X-Core-Value
X-VG-WebCache
X-Varnish-CookieHashed-On
X-Varnish-Director
X-Varnish-CookieINHashed-On
Gh-Request-Id
X-COUNTRY
X-Storefront-Renderer-Rendered
X-Ua-Device
Akamai-Mon-Iucid-Del
X-Alternate-Cache-Key
X-ShardId
X-Sorting-Hat-PodId
X-ShopId
X-Sorting-Hat-ShopId
X-Shopify-Stage
X-Cache-Aspx
X-Cache-FS-Status
X-Litespeed-Tag
X-Bip
X-Depends
X-Contensis-Viewer-Groups
X-Edge-Server
X-Acquia-Purge-Cdn-Unconfigured
X-Clientip
X-HITS
X-Cdn-Srv
X-Origin-Response-Time
X-VG-TLSProxy
Country-Code
Content-Secure-Policy
X-Varnish-Beresp-Status
X-Varnish-Authentication
X-Thanos
X-TIM-N
X-UA-Device-Type
X-We-Are-Hiring
X-Wikidot-Backend
X-Wikidot-Static-Cache
XM
X-TH-Server
Cdn-Host
Cdn-Request-Time
Click-Count-Error
Click-Count-Action-Start
X-Gamma-Serve
X-Sn-Servicetimems
Tube-Get-Contents
X-Internal-TTL
X-IsAdmin
Tube-Got-Eval
Tube-Got-Results
X-GoCache-CacheStatus
W
Tube-Return
X-Men
X-Node-Id
X-Request-Host
Origin-EX
Origin-CC
X-Pubstack
X-Pool
NGX
Release
X-Service
X-Via-JSL
Mime-Version
CDN-RequestPullCode
CDN-RequestCountryCode
CDN-PullZone
CDN-EdgeStorageId
CDN-RequestPullSuccess
CDN-Uid
X-Vgn-Hpd-Reason
User-Agent
X-Irp-Debug
Ssr
ServerName
CDN-CachedAt
CDN-Cache
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Tb-Optimization-Total-Bytes-Saved
IsBot
X-SIPLIST1
X-Server-IP
Req-ID
Yak-Timeinfo
X-Request-Start
DSUID
X-HOST
X-LB-NoCache
X-RID
Fastly-Drupal-HTML
X-CACHE-GROUP
X-Old-Content-Length
X-Moov-Xdn-Caching-Status
X-Varnishpool
X-Varnish-Hits
X-Moov-Xdn-Version
X-Moov-T
X-Var-Ttl
Sid
Pramga
N1-Cache
GeoIP-Latitude
X-Api-Version
X-DC
CloudFront-Viewer-Country
X-Cs
X-Refresh
X-ORCA-Accelerator
X-RequestId
X-Servedbyhost
X-Proxy-Cache-Status
X-Presslabs-Stats
X-HubSpot-Correlation-Id
X-APP
X-Nc
Esi-Enabled
X-Action
X-Wa
X-ZONE
TWC-GeoIP-City
TWC-GeoIP-Region
TWC-GeoIP-DMA
Cache-Hits
X-Via-Poph
X-Via-Popv
X-Via-Popn
C-Via
Server-ID
X-Cache-VC
X-Thinkindot-L1
X-LiteSpeed-Tag
X-Upstream-Ct
X-HA-Backend
X-Upstream-Ht
Location
X-Vercel-Cache
X-Vercel-Id
X-Newrelic-Synthetics
Cdn-Requestid
X-Cache-Bucket
X-CACHE-AGE
X-Dc
X-LiteSpeed-Cache-Control
X-Webkit-CSP
Cache-Key
X-Proxy-CacheRZ
X-Parent-Response-Time
A
X-Nananana
X-LB-ID
XkeyRZ
X-B3-Parentspanid
X-NewRelic-App-Data
AMP-Access-Control-Allow-Source-Origin
X-Tt-Logid
X-DynaTrace-JS-Agent
X-SERVER-NAME
X-B3-Spanid
X-CS
X-PERF
X-ApacheServer
HostName
X-Zone
X-Webkit-Csp
SID
X-DataCenter
X-Endurance-Cache-Level
X-Ua
X-Render-Time
WP-Super-Cache
Fastly-Drupal-Html
X-Srv
X-Fpc
X-Uri
GeoIp-Country-Code
X-Webkit-Csp-Report-Only
X-WA-Info
X-Nitro-Cache
Proxy-Firewall
X-Litespeed-Cache-Control
X-Ion-Hop
RewriteTestHook
X-Ion-Healthy
Uri
X-Jungle-Id
X-API-Version
RewriteTeamHook
Cache-Contol
X-Cdn-Forward
Log-Origin
Cmsid
My-App
TP-L2-Cache
True-Client-IP
Cmstype
Server-Ext
True-Client-Country-4JS
Server-Hostname
True-Client-Ip
X-Datadome
Sever-Int
X-From
Resin-Trace
X-Up
X-Service-Response-Time
X-Optimistic-Header
Sm-Log-Id
CacheControlHeader
GeoIP-Country-Code
X-Ssense-Gql
X-CLOUD-TRACE-CONTEXT
X-Ssense-Shipping-Surcharge-Enabled
X-Test
X-Udemy-Cache-App-Namespace
Cdn
Adler-Geo
Tcn
X-Stale
X-Dispatcher-Number
Is-Eu
SEZNAM-JOBS-OFFER
X-Datacenter
X-Pass-Why
X-Client-Ip
X-Varnish-Beresp-TTL
X-Dynatrace-Js-Agent
X-Nginx-Cache-Key
X-RateLimit-Limit
WZWS-RAY
X-FPC
X-Srcache-Store-Status
X-Srcache-Fetch-Status
Lb
X-Oracle-Dms-Rid
Hostname
Srv
X-APP-VERSION
X-Air-Pt
X-Vc
X-Fastly-Cache-Status
T-Server
X-Debug-Service
X-Custom-Header
X-Geo-Header
X-Air-Hostname
Origin-Site
X-Air-Source
X-Air-Trace-Id
X-TX-ID
X-LJ-Flow-ID
X-AWS-Id
X-VWS-Id
X-Varnish-Hostname
Server-Id
X-ND-Cache
X-SRCache-Key
X-Lb-Id
X-Provided-By
X-App
Cf-Ipcountry
AKAMAI-GRN
X-Correlation-ID
Edge-Cache
NtCoent-Length
Serverhost
X-Cache-Server
X-CMSURLCustom
Vc-Max-Age
X-Akamai-Pragma-Client-IP
X-Fastly-Backend-Reqs
X-VCL-Version
X-Cache-Ttl
X-Via-PopN
X-Ha-Backend
Pragrma
X-NC
X-Html-Minification-Powered-By
X-Oracle-DMS-ECID
X-WA
X-Via-PopV
X-Via-PopH
ServerHost
Pics-Label
X-Esi
X-XRDS-LOCATION
X-Rocket-Build-Number
Epwk-X-Cache
Powered-By
X-Region-Sid
X-Sigma
X-Forwarded-Site
S-Rt
X-Sigma-Backend
Machine
Geoip-Latitude
YJS-ID
X-Cdn-Cache-Status
X-LAGOON
CountryCode
Av-Poweredby
X-FORWARDED-FOR
WWW-Authenticate
X-ServedByHost
Cloudfront-Viewer-Country
X-Cache-TTL-Remaining
X-Requestid
X-Traceid
Cache-Tv-Group
WebServer
Ms-Author-Via
Vix-Hermes-Req-Id
Nord-Request-ID
Xkeylog
X-HS-Status
Xkey-La3
X-Proxy-Cache-La3
X-Fastly-Cache
X-Sucuri-Id
Warning
X-MSEdge-Features
MIME-Version
X-MSEdge-Flight
X-Ckpd-Fst-Backend
X-Wp-Cf-Super-Cache-Cache-Control
X-Serial
X-Wp-Cf-Super-Cache
X-Akamai-ERPolicy
Reporter
X-Lb-Nocache
Thinkindot-Control
X-Check-Cacheable
On-Server
FSS-Cache
X-IAuth-Set-Uid
X-Akamai-ERRuleID
X-Cdn-Request-ID
Coldstone-Viewer-Currency
Coldstone-Viewer-Country
Yjs-Id
Coldstone-Viewer-Country-Region-Name
DataCenter
Datacenter
X-Orig-Cache-Control
X-Elasticpress-Query
X-BBC-Origin-Response-Status
X-Tncms-Bot-Tier
Timeexpire
Cneonction
X-Dw-Trace-Id
Thinkindot-Cache-Type
X-VTEX-Cache-Backend-Header-Time
X-Lsadc-Cache
X-VTEX-Cache-Backend-Connect-Time
X-Web-Server
X-Td-Header-From-No-Data
X-Mg-Cache