Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
X-Frame-Options
Expires
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
CF-Cache-Status
Cf-Request-Id
ETag
Accept-Ranges
Expect-CT
CF-RAY
Pragma
X-Powered-By
X-Cache
Via
Age
X-XSS-Protection
Content-Security-Policy
Alt-Svc
Report-To
NEL
Referrer-Policy
X-Xss-Protection
Access-Control-Allow-Origin
Content-Language
Accept-CH
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
X-Served-By
P3P
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Request-Id
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
CF-Ray
Content-Security-Policy-Report-Only
X-DNS-Prefetch-Control
X-Runtime
X-AspNet-Version
X-Drupal-Cache
P3p
Server-Timing
X-Generator
X-Cache-Status
X-Cacheable
X-Envoy-Upstream-Service-Time
Timing-Allow-Origin
X-Iinfo
Permissions-Policy
X-FRAME-OPTIONS
X-Drupal-Dynamic-Cache
X-Request-ID
X-Ua-Compatible
Feature-Policy
X-Content-Security-Policy
Access-Control-Expose-Headers
Upgrade
Content-Encoding
Status
Accept-CH-Lifetime
X-CDN
Access-Control-Max-Age
X-AspNetMvc-Version
Host-Header
Cf-Edge-Cache
X-Robots-Tag
Request-Context
X-Amz-Request-Id
X-Backend
X-UA-Device
X-Amz-Id-2
X-Hacker
Cf-Apo-Via
X-Cache-Group
X-Age
X-Vhost
X-Turbo-Charged-By
X-Proxy-Cache
EagleId
Keep-Alive
X-Rq
X-Via
X-Dispatcher
X-Server
X-Amz-Version-Id
X-AH-Environment
X-Ws-Request-Id
X-Litespeed-Cache
X-Check
X-Varnish-Cache
X-WebKit-CSP
Xkey
Grace
X-Server-Powered-By
X-OneAgent-JS-Injection
X-Swift-CacheTime
X-Swift-SaveTime
X-Pingback
Ali-Swift-Global-Savetime
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
Allow
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Cache-Lookup
X-Page-Speed
X-Cloud-Trace-Context
X-Device
X-Dns-Prefetch-Control
X-Akam-SW-Version
X-Backend-Server
X-Host
Surrogate-Control
EagleEye-TraceId
X-Response-Time
X-Readtime
Cf-Railgun
X-Node
X-HW
X-Ruxit-JS-Agent
Request-Id
X-Country
X-Server-Id
X-Country-Code
Content-Location
X-Nginx-Cache-Status
X-Url
Cache-Tag
X-Content-Type
X-Nginx-Upstream-Cache-Status
Service-Worker-Allowed
X-Trace
Fastly-Restarts
X-Clacks-Overhead
Cross-Origin-Opener-Policy
X-Rack-Cache
X-Application-Context
X-Amz-Server-Side-Encryption
X-NWS-LOG-UUID
X-Times
X-Vname
X-PC
X-TtlSet
Surrogate-Key
X-LiteSpeed-Cache
X-Mcache
X-Edge
X-Midtier
Rating
X-Server-Name
X-Cache-TTL
X-Middleton-Display
X-Sol
Display
Pagespeed
X-Cnection
X-Powered-By-Plesk
X-Element-Page-Cache
X-Browser-Type
X-Abt-Application-Version
X-Cdn-Fetch
X-Exp-Id
X-Exp-Variant
X-Kinja-Revision
X-Kinja-Server
X-Kinja
X-Kinja-Build
X-GoogleNews-Bot
X-ESI
Nginx-Cache
X-Server-ID
X-GitHub-Request-Id
X-ECACHE
Edge-Control
X-Vcap-Request-Id
Verso
X-D2id
X-Ac
X-ORACLE-DMS-RID
X-MS-InvokeApp
X-Ser
X-Client-IP
X-Amz-Rid
X-Wormhole-Sdk
X-Middleton-Response
Response
X-Ratelimit-Limit
X-Oneagent-Js-Injection
X-CST
X-ARC
X-B3-TraceId
X-Powered-CMS
X-Goog-Hash
X-Dw-Request-Base-Id
X-Ratelimit-Remaining
X-Navigation-Version
X-Edge-Location-Klb
X-Kinsta-Cache
X-Erf-Bev-Bev
X-PDP-UNCACHING-HASH
X-Erf-Bev-Bev-Is-Generated
X-Server-Lifecycle-Phase
X-Instrumentation
X-Kraken-Loop-Name
X-Upstream
X-Forwarded-For
X-Ruxit-Js-Agent
X-Amzn-Trace-Id
SPIisLatency
SPRequestDuration
X-FTR-Request-ID
X-Cache-Key
RTSS
X-Mod-Pagespeed
X-FastCGI-Cache
X-Content-Digest
Edge-Cache-Tag
Origin-Trial
Cache-Status
AR-PoweredBy
Public-Key-Pins
AR-ATIME
AR-Request-ID
AR-SID
X-Daa-Tunnel
X-Ezoic-Cdn
X-Version
X-ORACLE-DMS-ECID
X-SharePointHealthScore
SPRequestGuid
X-NF-Request-ID
X-Mg-S
X-Ttl
Realpath
S
X-MSEdge-Ref
X-Fastly-Request-ID
X-Shield-Request-Id
X-T
X-Recruiting
Front-End-Https
Fastcgi-Cache
Pinterest-Version
Pinterest-Generated-By
X-Pinterest-Rid
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Accel-Expires
X-Xrds-Location
Cross-Origin-Resource-Policy
X-Cached
X-Distributor
AR-CACHE
X-TTL
Access-Control-Request-Method
Arr-Disable-Session-Affinity
X-Azure-Ref
TP-Cache
X-Request-Processing-Time
X-Request-Received
X-HS-Cache-Config
Count-Hit
X-Nf-Request-Id
X-HS-Hub-Id
X-HS-Content-Id
X-Id
X-Ua-Browser
X-Debug
Cache-Tags
X-Ismobilevalue
X-Cluster-Name
X-LLID
X-Newrelic-App-Data
X-Correlation-Id
Server-Node
X-NGENIX-Cache
MicrosoftSharePointTeamServices
X-Content-Security-Policy-Report-Only
X-GUploader-UploadID
X-Varnish-TTL
X-Hits
X-Frontend
X-VARITI-CCR
X-Varnish-Backend
X-Protected-By
X-TraceId
X-HS-Combine-CSS
X-Aspnetmvc-Version
X-Amz-Replication-Status
Akamai-GRN
X-PressLabs-Stats
X-Goog-Metageneration
Accept-Ch
X-Request-Handler-Origin-Region
X-Microsite
X-LB-Cache
Payment
X-Unique-Id
X-Page-Id
X-Ratelimit-Reset
X-Varnish-Ttl
X-FB-Debug
Cleartype
X-Git-Hash
X-Logged-In
X-Activity-Id
X-Varnish-Server
X-Az
X-AppVersion
X-DIS-Request-ID
X-Www-Served-By
X-Tt-Trace-Tag
X-Tt-Trace-Host
Content-Disposition
X-Cambria-Cache-Control
X-HP-Trace-Id
X-Hostname
X-HP-Webp
X-Jurisdiction
Host
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Template
X-Forwarded-Proto
Filterid
X-Fastcgi-Cache
X-App-Server
Amp-Access-Control-Allow-Source-Origin
X-Geo-Country
Version
Accept-Ch-Lifetime
X-Load-Cache
X-B3-TraceId-Primal
Accept-Charset
Mrf-Cache-Status
MRF-Tech
Frame-Options
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Aspnet-Version
X-Envoy-Decorator-Operation
Trailer
X-Type
Access-Control-Allow-Method
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
Fastly-SWR
X-Upgrade-Enabled
X-ASPNET-VERSION
Fastly-SIE
Viewport
X-Source
X-Cache-Age
Section-Io-Cache
X-Content-Options
X-Fb-Rlafr
X-Origin-Server
X-TT
X-B3-Sampled
X-B
X-Grace
X-Ah-Environment
X-Cache-Control
Server-Name
X-Rid
X-HS-Prerendered
X-TEC-API-VERSION
X-TEC-API-ORIGIN
Retry-After
X-TEC-API-ROOT
X-Device-Type
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Language
X-Buckets
Content-MD5
X-Magnolia-Registration
X-Px
MS-Author-Via
X-Request-Guid
X-Vcl-Version
X-Mobile
X-Tec-Api-Root
X-Tec-Api-Version
X-Cdn
X-Tec-Api-Origin
TCN
X-Trace-Id
X-Revision
X-EdgeConnect-Cache-Status
Healthy
X-Country-Code-Real
X-FTR-Backend
X-FTR-Cache-Status
X-FTR-Expires
X-FTR-Balancer
X-FTR-Backend-Server
X-Akamai-Edgescape
X-Varnish-Grace
Protected
X-WP-CF-Super-Cache-Active
X-Backend-Name
Charset
X-Proxy
SD-X-WS
Cross-Origin-Embedder-Policy-Report-Only
X-Debug-Info
X-CSRF-Token
X-Original-Request-Id
Upgrade-Insecure-Requests
X-App-Environment
X-Instance
X-Response-Served-From
X-RM-Cache-TTL
X-Is-Bot
X-NYM-Debug-Backend
X-Tumblr-Pixel
X-Rendered-As
X-Tumblr-User
X-Status
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
X-RemovedCookies
X-ServerID
X-ProcessESI
X-Rule
X-FW-Hash
X-FW-Serve
X-Adobe-Loc
X-FW-Server
NGB
X-Cache-Time
X-UUID
X-Adobe-Content
X-Framework
X-Cacheable-TTL
X-FW-Dynamic
X-Node-Name
X-Mg-Request-UUID
Cross-Origin-Window-Policy
X-FW-Static
Access-Control-Request-Headers
X-Region
X-FW-Type
X-FW-Version
X-Storage
X-Content-Powered-By
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Proxy-Cache-Info
Ms-Operation-Id
X-Datadog-Trace-Id
X-RTag
GEO-INFO
MS-CV
X-Datadog-Parent-Id
X-Debug-IsPreview
X-Datadog-Sampled
X-Datadog-Sampling-Priority
X-Debug-IsConnected
X-Whom
X-Environment-Context
X-G
X-L-Path
Refresh
X-Edge-Location
X-Contextid
OT-Force-Account-Verify
X-Lambda-Id
Webserver
Section-Io-Id
X-Amz-Meta-S3cmd-Attrs
X-Origin-Cache
Countrycode
X-Amzn-Remapped-Content-Length
X-Reqid
DC
X-B3-Traceid
X-User-Agent
Paypal-Debug-Id
X-Hcs-Proxy-Type
X-CCDN-Origin-Time
X-Resp-Is-Stale
X-CCDN-CacheTTL
X-VC
X-HTML-Minification-Powered-By
X-Server-W
Alternate-Protocol
Front
X-Seen-By
SRV
Priority
X-RateLimit-Remaining
X-B3-SpanId
X-Real-IP
X-ECache
X-Time
X-WebKit-CSP-Report-Only
Cross-Origin-Opener-Policy-Report-Only
X-Nginx-Cache
X-WP-CF-Super-Cache-Cookies-Bypass
X-Origin-CC
X-Origin-TTL
X-TT-LOGID
X-Mode
X-IPS-LoggedIn
WPO-Cache-Status
X-DataDome
WPO-Cache-Message
Liferay-Portal
X-Akamai-Request-ID2
X-Rocket-Nginx-Serving-Static
X-Hl-Ver
Backend
Xet-Cookie
X-AB
Ohc-File-Size
X-N
X-HS-CF-Cache-Status
Country
Onion-Location
X-Cache-Status-Check
X-Origin-Hint
X-DynaTrace
X-FB-TRIP-ID
TWC-Device-Class
X-JoinUs
X-Redis-Cache
X-Format
TWC-Connection-Speed
Meta-Geo
Property-Id
Filters
Fastcgi-Useragent
ServerID
Environment
X-Say-TTL
Webcakes-Region
Webcakes-App-Version
X-SayCDN-TTL
TWC-GeoIP-Country
X-Tumblr-Pixel-2
X-Cache-Host
X-Cache-Action
X-UPSTREAM-Address
TWC-GeoIP-LatLong
Webcakes-App-Name
TWC-Locale-Group
X-Rn-Rsrv
X-Rewrite-Enabled
TWC-Privacy
Web-Mar-Node
X-Say-Cacheable
X-SaId
X-Fetched-On
X-Cache-Expired-At
X-VC-Cache
Uber-Trace-Id
X-Accel-Version
X-Handled-By
X-Vcache
DB-Nickname
Expiry
Mn-Server-Ip
X-Loop
X-Labrador-Cache-Channel
X-Scope-Id
X-Origin-Date
X-Director
X-Restarts
X-R9-Blue-Green-Version
X-PHP-Host
X-Skip-Cache
X-Soup
X-Varnish-Age
X-Cms-Context
X-Hosted-By
X-Detected-As
X-Connection-Hash
X-IPLB-Request-ID
X-Tncms
X-IPLB-Instance
X-Cluster-Node
From-Origin
X-Tb
X-Ms-Request-Id
X-Varnish-Cache-Hits
Url
X-Forwarded-Host
X-Varnish-Beresp-Grace
X-Logging-Id
Atl-Traceid
X-Webstats-RespID
Apigw-Requestid
X-Web-Node
X-Frame-Option
X-Httpd
X-Ms-Version
X-Adobe-Source
X-Servername
X-Tumblr-Pixel-3
X-BYPASS-REASON
X-ProxyCache-Key
X-ProxyCache-Status
X-Timing-Wait
ServedBy
Selected-Fe
X-Proxy-Build
X-Cluster
X-Served-From
X-Auth-Group-Type
X-Extlb
X-Cloudmap
X-Zipkin-Id
X-Proxied
X-Origin
X-S
X-Routing-Service
X-Hit
Cross-Origin-Embedder-Policy
X-Fastly-Request-Id
Accept-Language
X-LSADC-Cache
Surrogated-Key
X-Azure-Ref-OriginShield
X-Request-URI
X-Worker
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
Referer-Policy
N-Cache
X-Lagoon
X-SRV
X-App-Version
X-Cache-Hit
X-Sucuri-Cache
LB
X-Generated-By
X-Generation-Time
X-CDN-Forward
X-Drupal-Cache-Contexts
Xserver
X-Drupal-Cache-Tags
X-Cdn-Origin
X-TA-CDN-Provider
X-Sucuri-ID
CF-IPCountry
X-MP-GENERATED-AT
X-Xfnlog-Site
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
Source
X-Wix-Request-Id
X-F-Cache
X-Tx-Id
Node
X-NWS-UUID-VERIFY
X-Cache-Debug
Cache
X-Mly-Id
Ohc-Cache-HIT
X-RCS-CacheZone
X-Via-Edge
Edge-Copy-Time
X-Via-CDN
X-Cache-Rule
X-Via-SSL
X-AIR-PT
X-Varnish-Beresp-Ttl
X-VCT
X-INCAP-ABP
X-NODE
X-Pad
CDN-RequestId
Cache-Provider
X-VC-TTL
X-Is-Supported-Browser
X-Is-Mobile
X-Is-Tablet
X-Urbn-Context-Path
X-Tcp-Rtt
X-Is-Desktop
X-Site-Version
X-Browser-Name
Locale
X-Geo-Region
X-Urbn-Site-Id
X-No-Session
X-Locale
X-XRDS-Location
X-ElasticPress-Query
Mime-Version
Odigeo-Trace-Id
Producers
Origin
PFcat
Redirect-Candidate
Rendered-Blocks
Apple-News-Services-Parsed-Url
Fastly-SSL
Fastly-GeoIP-CountryCode
Fastly-Backend-Name
Expect-Staple
Fl-Custom-Application
Ha-Gx-Prefs
L5d-Success-Class
Host-ID
Lang
HA-Ipaddr
Mail-Subject
DCR-Processing-Time-Ms
MD5-Digest
Apple-News-Services-Host
Meta-Geo-Continent
Ngx.Var.Host
Apple-News-Services-Request-Url
BehaviorPad-Version
DCR-Decision-By
Cluster
Candidate-Md5Url
Apple-News-Services-Handled
X-B-Cookie
X-Ig-Origin-Region
X-HS-Content-Campaign-Id
X-HN
X-Ig-Push-State
X-Jobs
X-Op-Id-All
X-Nyt-Route
X-Mvc-Supplant-Cachable
X-Geolocation
X-GeoIP-Region-Code
X-FC-Vary-Parameters
X-External-Request-Id
X-Eu-Site
X-Gdpr
X-GeoCode
X-GeoIP-Country-Code
X-GeoCountry
X-Org
X-Origin-Time
X-Slack-Shared-Secret-Outcome
X-Slack-Backend
X-Section
X-VarnishDD-TTL
X-Vdms-Version
Xc-Version
X-Vtex-Remote-Cache
X-SD-PageType
X-ScT
X-Platform-Server
X-PAYTM-SRV-ID
X-Path
X-Proto
X-Proxied-Request
X-S-Cookie
X-Rojux
X-Ec-GeoHdr
X-Ec-Fail
X-AB-Test
X-A-Wwc
X-A-Dgt
X-Access
X-Aed
X-Application
X-Aicache-OS
X-A-Dcw
X-A-Dam
Web-Mar-Region
We-Hiring
W
Wxu-Next-Hostname
Wxu-Next-Region
X-A-Ccd
X-A
X-Backend-Instance
X-Bc-Bl
X-Debug-Cache-Fetch
X-D
X-Csrf-Jwt
X-Debug-Cache-Store
X-Destination
X-DPWN-IS-SECURE
X-Developer
X-Conf
X-CGP
X-Bug-Bounty
X-Bl-Debug
X-BCube-Filmed-By
X-Cache-Grace
X-Cache-Info
X-Cache-Operation
X-Cache-NE
Sslversion
Wxu-Next-Commit
X-Signature
X-B-Cache
X-Oracle-Dms-Ecid
X-Via-JSL
X-Cached-By
X-CUA
X-Date
X-Core-Value
X-Content-Length
X-Clientip
X-Content-Age
X-DefElseHash
X-CacheTTL
X-Dispatcher-Server
X-Esi-Check
X-Fastly-Backend
X-Fmm-Version
X-Epic-Correlation-Id
X-Ec-Custom-Error
X-Gamma-Serve
X-Litespeed-Tag
X-Gen-Mode
X-DefHash
X-Cache-Date
Thinkindot-CacheControl-Type
User-Cache-Control
V-Age
X-Accel-Expires-Debug
Thinkindot-CacheControl
TDXMobile
RNT-Machine
RNT-Time
Server-Host
X-AK-Request-ID
X-Akamai-Device-Characteristics
X-BBC-Edge-Cache-Status
X-Block-Status
X-Generated-On
X-B3-Trace-ID
X-Auto-Login
X-Amz-Meta-Cb-Modifiedtime
X-Amz-Storage-Class
X-App-Name
X-Cache-Id
X-GoCache-CacheStatus
X-V-Cache
X-Varnish-CookieHashed-On
X-Varnish-CookieINHashed-On
X-Varnish-Director
X-User
X-TIM-N
X-Scheme
X-Shield-Cache-Expires
X-Thinkindot-L3
X-Varnish-Remaining-TTL
X-VG-WebCache
X-VTEX-Cache-Time
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-Zen-Fury
X-VTEX-Cache-Server
X-VServer
X-Via-Fastly
X-Viewer-Country
X-Vmg-Version
X-SB
X-Request-Time
X-Irp-Debug
X-Level-Front-Cache
X-Loc
X-Location
X-Human
X-Hnp-Log
Req-Svc-Chain
X-Gzip
X-Hash
X-Micro-Cache
X-Mvc-Supplant-OutputCached
X-Policy
X-Powered-By-VTEX-Cache
X-Req
X-Request-Host
X-Platform
X-Origin-Expires
X-NMSegId
X-Node-Id
X-NodeID
X-GeoIP-City
X-GeoIP
Cdnsip
Content-Script-Type
Cdncip
NM-Fastcgi-Cache
Canary
Platform
Content-Secure-Policy
Content-Style-Type
Origin-Agent-Cluster
L
Gh-Request-Id
Gannett-Cam-Experience-Id
Debug
Azure-Version
CDCHOST
Azure-SlotName
Product
Azure-RegionName
Azure-InstanceId
Azure-SiteName
X-GEO
X-UA
Akamai-Mon-Iucid-Del
X-Edge-Server
Country-Code
X-IsAdmin
X-Internal-TTL
X-VG-TLSProxy
DSUID
X-Depends
X-Cache-FS-Status
X-Cache-Aspx
X-Bip
NGX
Yak-Timeinfo
X-Cdn-Srv
X-We-Are-Hiring
X-Contensis-Viewer-Groups
XM
Click-Count-Error
X-Varnish-Beresp-Status
X-Sn-Servicetimems
X-Shopify-Stage
X-ShopId
X-ShardId
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Storefront-Renderer-Rendered
X-Server-IP
X-UA-Device-Type
X-Origin-Response-Time
Cdn-Request-Time
X-Varnish-Authentication
X-Thanos
Req-ID
Cdn-Host
X-Request-Start
X-Pubstack
X-Pool
Click-Count-Action-Start
X-Men
Tube-Got-Eval
X-Alternate-Cache-Key
Tube-Get-Contents
Ssr
X-Acquia-Purge-Cdn-Unconfigured
Tube-Return
Origin-CC
Origin-EX
User-Agent
ServerName
Tube-Got-Results
Release
X-Ua-Device
CDN-EdgeStorageId
CDN-PullZone
X-Service
CDN-Cache
CDN-RequestCountryCode
CDN-RequestPullCode
Fastly-Drupal-HTML
X-LB-NoCache
CDN-Uid
CDN-RequestPullSuccess
IsBot
CDN-CachedAt
X-Tb-Optimization-Total-Bytes-Saved
X-Var-Ttl
X-SIPLIST1
X-Varnishpool
X-URL
X-DC
X-Presslabs-Stats
X-Cs
X-Tt-Logid
X-HOST
Sid
Cdn-Requestid
X-Proxy-Cache-Status
X-NGINX-Cache
X-RID
X-TH-Server
Pramga
X-CACHE-GROUP
X-Vgn-Hpd-Reason
X-ORCA-Accelerator
GeoIP-Latitude
X-Varnish-Hits
X-Moov-Xdn-Version
X-Moov-Xdn-Caching-Status
Esi-Enabled
X-Servedbyhost
CloudFront-Viewer-Country
X-Upstream-Ct
X-Moov-T
X-Old-Content-Length
X-RequestId
X-Refresh
X-Upstream-Ht
X-HubSpot-Correlation-Id
X-Wa
X-HITS
X-Nc
N1-Cache
AMP-Access-Control-Allow-Source-Origin
X-Via-Popn
X-HA-Backend
X-Cache-Bucket
X-Via-Poph
Server-ID
X-Via-Popv
X-Api-Version
C-Via
X-ZONE
X-DynaTrace-JS-Agent
X-Action
X-LiteSpeed-Tag
X-LiteSpeed-Cache-Control
X-Proxy-CacheRZ
Cache-Key
XkeyRZ
X-LB-ID
X-Zone
A
X-Newrelic-Synthetics
Cache-Hits
X-Nananana
HostName
TWC-GeoIP-DMA
X-APP
X-Vercel-Cache
Location
X-Vercel-Id
TWC-GeoIP-City
X-Cache-VC
TWC-GeoIP-Region
X-Thinkindot-L1
X-Webkit-CSP
X-Parent-Response-Time
X-Ua
X-Webkit-Csp-Report-Only
X-NewRelic-App-Data
X-B3-Parentspanid
X-Srv
X-Endurance-Cache-Level
X-B3-Spanid
WP-Super-Cache
X-Dc
X-COUNTRY
X-CS
X-API-Version
X-Cdn-Forward
X-Webkit-Csp
Fastly-Drupal-Html
X-PERF
X-ApacheServer
X-Fpc
SID
Proxy-Firewall
X-CACHE-AGE
X-WA-Info
X-Render-Time
Uri
X-Litespeed-Cache-Control
X-Datadome
X-Optimistic-Header
TP-L2-Cache
X-RateLimit-Limit
True-Client-Ip
X-Nitro-Cache
True-Client-Country-4JS
GeoIp-Country-Code
Sever-Int
Server-Ext
Server-Hostname
X-Uri
X-DataCenter
X-Ion-Hop
RewriteTestHook
X-Test
RewriteTeamHook
X-Datacenter
X-Jungle-Id
Cache-Contol
Cdn
X-Ion-Healthy
GeoIP-Country-Code
AKAMAI-GRN
Cmsid
Resin-Trace
My-App
Adler-Geo
SEZNAM-JOBS-OFFER
X-Dispatcher-Number
Cmstype
Is-Eu
True-Client-IP
Log-Origin
X-From
X-Pass-Why
X-Ssense-Shipping-Surcharge-Enabled
X-Up
X-Nginx-Cache-Key
X-Ssense-Gql
X-CLOUD-TRACE-CONTEXT
WZWS-RAY
X-Service-Response-Time
X-SERVER-NAME
Sm-Log-Id
CacheControlHeader
Tcn
Lb
X-Udemy-Cache-App-Namespace
X-Stale
X-LJ-Flow-ID
X-VWS-Id
X-AWS-Id
X-Varnish-Beresp-TTL
X-Client-Ip
X-FPC
T-Server
X-Geo-Header
X-Correlation-ID
X-Air-Pt
X-Custom-Header
X-Srcache-Fetch-Status
X-Provided-By
X-Srcache-Store-Status
X-Dynatrace-Js-Agent
X-TX-ID
X-ND-Cache
Srv
X-APP-VERSION
X-App
X-Oracle-Dms-Rid
X-Fastly-Cache-Status
X-Air-Hostname
X-CMSURLCustom
Vc-Max-Age
X-Debug-Service
X-Air-Trace-Id
Hostname
X-Cache-Server
Serverhost
X-Air-Source
S-Rt
Origin-Site
Server-Id
Pics-Label
Av-Poweredby
X-Vc
Cache-Tv-Group
X-Fastly-Backend-Reqs
X-Akamai-Pragma-Client-IP
X-Varnish-Hostname
X-Lb-Id
Powered-By
X-Cdn-Cache-Status
X-SRCache-Key
Cf-Ipcountry
X-VCL-Version
X-Cache-Ttl
X-Ha-Backend
X-NC
X-Via-PopV
X-Via-PopN
ServerHost
X-Via-PopH
X-WA
NtCoent-Length
X-Cache-TTL-Remaining
Vix-Hermes-Req-Id
X-Html-Minification-Powered-By
Edge-Cache
Ms-Author-Via
X-Oracle-DMS-ECID
X-Esi
X-XRDS-LOCATION
X-Github-Request-Id
YJS-ID
Geoip-Latitude
X-Ckpd-Fst-Backend
Pragrma
X-Fastly-Cache
Epwk-X-Cache
X-LAGOON
Thinkindot-Control
X-Sigma
X-Sigma-Backend
WebServer
On-Server
X-ServedByHost
Xkeylog
X-Traceid
Cloudfront-Viewer-Country
WWW-Authenticate
Machine
X-Forwarded-Site
X-Requestid
X-Proxy-Cache-La3
Xkey-La3
X-Region-Sid
X-Rocket-Build-Number
CountryCode
X-Sucuri-Id
X-MSEdge-Features
X-MSEdge-Flight
X-HS-Status
Warning
Nord-Request-ID
X-Serial
X-PHP-Backend
X-Ee-Request-Id
X-Ee-Request-Date
X-Wp-Cf-Super-Cache-Cache-Control
X-Wp-Cf-Super-Cache
X-Save-Cache
X-Ee-Origin
X-Ee-Generated-By
Store-Cloud-Cache
Time-Cloud-Cache
X-Amz-Meta-Opti
X-Cms-Device
X-Vary-Devices
AKAMAI
FSS-Cache
X-IAuth-Set-Uid
X-Lb-Nocache
Reporter
X-Check-Cacheable
X-Geo
X-Akamai-ERRuleID
X-Limited
X-Pod
X-BBC-Origin-Response-Status
X-Orig-Cache-Control
X-Akamai-ERPolicy
X-Cdn-Request-ID
X-Mg-Cache
X-Web-Server
X-Elasticpress-Query
X-Td-Header-From-No-Data
Thinkindot-Cache-Type
X-Akamai-Transformed
X-VTEX-Cache-Backend-Connect-Time
X-VTEX-Cache-Backend-Header-Time
X-Dw-Trace-Id
Cneonction
X-Lsadc-Cache
X-Tncms-Bot-Tier
Timeexpire