Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
X-Frame-Options
Expires
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
CF-Cache-Status
Cf-Request-Id
ETag
Accept-Ranges
Expect-CT
CF-RAY
Pragma
X-Powered-By
X-Cache
Via
Age
X-XSS-Protection
Content-Security-Policy
Alt-Svc
Report-To
NEL
Referrer-Policy
X-Xss-Protection
Access-Control-Allow-Origin
Content-Language
Accept-CH
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
X-Served-By
P3P
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Request-Id
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
CF-Ray
Content-Security-Policy-Report-Only
X-DNS-Prefetch-Control
X-Runtime
X-AspNet-Version
X-Drupal-Cache
Server-Timing
X-Generator
P3p
X-Cache-Status
X-Cacheable
X-Envoy-Upstream-Service-Time
X-FRAME-OPTIONS
Timing-Allow-Origin
X-Iinfo
Permissions-Policy
X-Drupal-Dynamic-Cache
X-Request-ID
X-Ua-Compatible
Feature-Policy
X-Content-Security-Policy
Access-Control-Expose-Headers
Upgrade
Accept-CH-Lifetime
Content-Encoding
Status
X-CDN
Access-Control-Max-Age
X-AspNetMvc-Version
Host-Header
Cf-Edge-Cache
X-Robots-Tag
Request-Context
X-Amz-Request-Id
X-Backend
X-UA-Device
X-Amz-Id-2
X-Hacker
Cf-Apo-Via
X-Cache-Group
X-Age
X-Vhost
X-Turbo-Charged-By
X-Proxy-Cache
EagleId
Keep-Alive
X-Rq
X-Via
X-Dispatcher
X-Server
X-Amz-Version-Id
X-AH-Environment
X-Ws-Request-Id
X-Litespeed-Cache
X-Varnish-Cache
Xkey
X-WebKit-CSP
Grace
X-Server-Powered-By
X-Swift-SaveTime
X-Swift-CacheTime
X-OneAgent-JS-Injection
X-Check
X-Pingback
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
Ali-Swift-Global-Savetime
Allow
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Page-Speed
X-Cache-Lookup
X-Cloud-Trace-Context
X-Dns-Prefetch-Control
X-Device
X-Akam-SW-Version
X-Backend-Server
X-Host
Surrogate-Control
EagleEye-TraceId
X-Response-Time
X-Readtime
Cf-Railgun
X-HW
X-Node
Request-Id
X-Ruxit-JS-Agent
X-Country
X-Server-Id
X-Country-Code
Content-Location
X-Nginx-Cache-Status
X-Url
Cache-Tag
X-Content-Type
X-LiteSpeed-Cache
X-Nginx-Upstream-Cache-Status
Service-Worker-Allowed
Fastly-Restarts
X-Trace
X-Clacks-Overhead
Cross-Origin-Opener-Policy
X-Rack-Cache
X-Application-Context
X-Amz-Server-Side-Encryption
X-Times
X-NWS-LOG-UUID
X-PC
X-Vname
X-TtlSet
Surrogate-Key
X-Midtier
X-Edge
X-Mcache
Rating
X-Server-Name
X-Cache-TTL
Display
X-Sol
X-Middleton-Display
Pagespeed
X-Cnection
X-Powered-By-Plesk
X-Element-Page-Cache
X-Abt-Application-Version
X-Browser-Type
X-Kinja-Build
X-GoogleNews-Bot
X-Cdn-Fetch
X-Exp-Variant
X-Exp-Id
X-Kinja
X-Kinja-Server
X-Kinja-Revision
X-Server-ID
X-GitHub-Request-Id
X-ESI
Nginx-Cache
X-Vcap-Request-Id
Edge-Control
X-ECACHE
X-D2id
Verso
X-Ac
X-ORACLE-DMS-RID
X-MS-InvokeApp
X-Ser
X-Ratelimit-Limit
X-Client-IP
X-Oneagent-Js-Injection
X-Amz-Rid
Response
X-Middleton-Response
X-Wormhole-Sdk
X-Ratelimit-Remaining
X-CST
X-ARC
X-Goog-Hash
X-Powered-CMS
X-B3-TraceId
X-Dw-Request-Base-Id
X-Navigation-Version
X-Ruxit-Js-Agent
X-Edge-Location-Klb
X-Kinsta-Cache
X-PDP-UNCACHING-HASH
X-Kraken-Loop-Name
X-Instrumentation
X-Server-Lifecycle-Phase
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Upstream
X-Forwarded-For
X-Amzn-Trace-Id
X-FTR-Request-ID
SPIisLatency
SPRequestDuration
Origin-Trial
X-Cache-Key
X-Mod-Pagespeed
RTSS
X-Content-Digest
Edge-Cache-Tag
X-FastCGI-Cache
Cache-Status
Public-Key-Pins
AR-SID
AR-Request-ID
AR-PoweredBy
AR-ATIME
X-Ezoic-Cdn
X-NF-Request-ID
X-Daa-Tunnel
X-Version
X-Ttl
SPRequestGuid
X-SharePointHealthScore
X-ORACLE-DMS-ECID
X-Fastly-Request-ID
X-Mg-S
Realpath
X-Pinterest-Rid
Pinterest-Version
Pinterest-Generated-By
X-MSEdge-Ref
S
X-T
X-Shield-Request-Id
X-Recruiting
Front-End-Https
Fastcgi-Cache
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Accel-Expires
X-Distributor
Cross-Origin-Resource-Policy
X-Xrds-Location
X-Cached
AR-CACHE
X-Azure-Ref
X-TTL
Arr-Disable-Session-Affinity
Access-Control-Request-Method
TP-Cache
X-Request-Received
X-Request-Processing-Time
X-HS-Cache-Config
Count-Hit
X-HS-Hub-Id
X-HS-Content-Id
X-Correlation-Id
X-Id
Cache-Tags
X-Ua-Browser
X-Debug
X-Ismobilevalue
X-Cluster-Name
X-LLID
Akamai-GRN
X-Varnish-TTL
X-NGENIX-Cache
X-Newrelic-App-Data
Server-Node
X-Nf-Request-Id
X-Content-Security-Policy-Report-Only
MicrosoftSharePointTeamServices
X-GUploader-UploadID
X-Aspnetmvc-Version
X-TraceId
X-Frontend
X-Hits
X-Varnish-Backend
X-VARITI-CCR
X-PressLabs-Stats
X-HS-Combine-CSS
Accept-Ch
X-Protected-By
X-Amz-Replication-Status
X-Goog-Metageneration
X-LB-Cache
X-Request-Handler-Origin-Region
X-Microsite
X-Page-Id
X-Unique-Id
Payment
X-Ratelimit-Reset
Cleartype
X-FB-Debug
X-Git-Hash
X-DIS-Request-ID
X-Activity-Id
X-Logged-In
X-Az
X-Varnish-Server
X-AppVersion
X-Tt-Trace-Host
Content-Disposition
X-Tt-Trace-Tag
X-Www-Served-By
X-Hostname
X-HP-Trace-Id
X-Jurisdiction
X-Cambria-Cache-Control
X-HP-Webp
X-Fastcgi-Cache
Host
X-Varnish-Ttl
X-Template
X-Amz-Apigw-Id
X-Amzn-RequestId
Filterid
X-Forwarded-Proto
Amp-Access-Control-Allow-Source-Origin
X-App-Server
X-Geo-Country
Version
X-Aspnet-Version
X-ASPNET-VERSION
Accept-Charset
Frame-Options
Trailer
X-Load-Cache
Mrf-Cache-Status
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Goog-Storage-Class
MRF-Tech
X-B3-TraceId-Primal
X-Envoy-Decorator-Operation
X-WP-CF-Super-Cache
X-Type
X-WP-CF-Super-Cache-Cache-Control
Fastly-SIE
Fastly-SWR
X-Ah-Environment
Access-Control-Allow-Method
X-Cache-Age
X-Source
Viewport
Section-Io-Cache
X-Content-Options
X-Upgrade-Enabled
X-Fb-Rlafr
X-TT
X-HS-Prerendered
X-Origin-Server
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-B3-Sampled
X-B
X-Grace
Server-Name
X-Cache-Control
X-Device-Type
X-Language
X-Rid
X-SRCache-Store-Status
X-SRCache-Fetch-Status
Retry-After
X-Buckets
MS-Author-Via
X-Cdn
X-Px
Content-MD5
X-Magnolia-Registration
X-Mobile
X-Request-Guid
X-Vcl-Version
X-FTR-Cache-Status
X-FTR-Expires
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-Backend
X-Country-Code-Real
X-Trace-Id
X-EdgeConnect-Cache-Status
TCN
X-Revision
X-Akamai-Edgescape
Accept-Ch-Lifetime
X-Tec-Api-Origin
X-Varnish-Grace
X-Tec-Api-Root
X-Tec-Api-Version
Protected
Healthy
X-WP-CF-Super-Cache-Active
X-Backend-Name
Cross-Origin-Embedder-Policy-Report-Only
Charset
X-Proxy
X-RM-Cache-TTL
X-Response-Served-From
X-Instance
SD-X-WS
Upgrade-Insecure-Requests
X-Debug-Info
X-Original-Request-Id
X-App-Environment
X-Rule
X-RemovedCookies
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
X-Tumblr-User
X-Status
X-ProcessESI
X-CSRF-Token
X-Rendered-As
X-ServerID
X-NYM-Debug-Backend
X-Is-Bot
X-FW-Server
Access-Control-Request-Headers
X-Framework
X-Cacheable-TTL
X-FW-Dynamic
X-FW-Hash
X-FW-Serve
X-Cache-Time
X-Adobe-Loc
Cross-Origin-Window-Policy
X-Region
NGB
X-Adobe-Content
X-FW-Static
X-Storage
X-FW-Type
X-Mg-Request-UUID
X-UUID
X-Node-Name
X-FW-Version
X-Edge-Location
X-Proxy-Cache-Info
Ms-Operation-Id
X-Yottaa-Optimizations
GEO-INFO
MS-CV
X-Whom
Refresh
X-Content-Powered-By
X-Datadog-Trace-Id
X-Debug-IsConnected
X-Debug-IsPreview
X-RTag
X-Datadog-Sampling-Priority
X-Yottaa-Metrics
X-Datadog-Parent-Id
X-Datadog-Sampled
X-Environment-Context
X-L-Path
X-G
OT-Force-Account-Verify
X-Lambda-Id
X-Contextid
Section-Io-Id
Webserver
X-B3-Traceid
X-Amzn-Remapped-Content-Length
X-Reqid
X-Origin-Cache
Countrycode
X-Resp-Is-Stale
DC
X-Amz-Meta-S3cmd-Attrs
X-CCDN-Origin-Time
X-User-Agent
X-CCDN-CacheTTL
X-Hcs-Proxy-Type
Paypal-Debug-Id
X-HTML-Minification-Powered-By
X-VC
X-Server-W
X-TT-LOGID
X-ECache
Alternate-Protocol
Front
X-Real-IP
SRV
X-Seen-By
Priority
X-B3-SpanId
X-Time
Cross-Origin-Opener-Policy-Report-Only
X-DataDome
X-WebKit-CSP-Report-Only
WPO-Cache-Message
X-WP-CF-Super-Cache-Cookies-Bypass
WPO-Cache-Status
X-HS-CF-Cache-Status
X-Origin-TTL
Xet-Cookie
X-Rocket-Nginx-Serving-Static
Ohc-File-Size
Liferay-Portal
X-Origin-CC
X-Nginx-Cache
X-Mode
Backend
X-IPS-LoggedIn
X-Hl-Ver
X-Akamai-Request-ID2
X-AB
Onion-Location
TWC-Locale-Group
Meta-Geo
Filters
Fastcgi-Useragent
X-DynaTrace
Property-Id
ServerID
TWC-Device-Class
TWC-Connection-Speed
TWC-GeoIP-LatLong
TWC-GeoIP-Country
X-Format
X-UPSTREAM-Address
X-RateLimit-Remaining
X-Rewrite-Enabled
X-Say-TTL
X-Origin-Hint
X-SayCDN-TTL
X-FB-TRIP-ID
X-N
X-JoinUs
X-Tumblr-Pixel-2
X-Redis-Cache
X-Say-Cacheable
X-Cache-Host
X-Cache-Action
X-Rn-Rsrv
TWC-Privacy
X-Cache-Status-Check
Environment
Web-Mar-Node
Country
Webcakes-App-Version
X-SaId
Webcakes-Region
Webcakes-App-Name
X-Skip-Cache
X-Tncms
Mn-Server-Ip
X-Soup
X-Restarts
X-R9-Blue-Green-Version
X-PHP-Host
X-Scope-Id
DB-Nickname
Expiry
X-Loop
X-Connection-Hash
X-Detected-As
X-Director
X-Fetched-On
X-Cms-Context
X-Cluster-Node
Uber-Trace-Id
X-Accel-Version
X-Cache-Expired-At
X-Handled-By
X-Hosted-By
X-Tumblr-Pixel-3
X-Vcache
X-Origin-Date
X-VC-Cache
X-Ms-Version
X-Ms-Request-Id
X-IPLB-Instance
X-IPLB-Request-ID
X-Labrador-Cache-Channel
X-Varnish-Age
From-Origin
X-Tb
Atl-Traceid
Apigw-Requestid
X-Servername
X-Varnish-Cache-Hits
X-Varnish-Beresp-Grace
X-Adobe-Source
X-Webstats-RespID
X-ProxyCache-Key
X-ProxyCache-Status
X-Web-Node
Url
X-Logging-Id
X-Httpd
X-Frame-Option
X-Forwarded-Host
X-BYPASS-REASON
ServedBy
X-Auth-Group-Type
X-Cluster
X-Proxy-Build
X-Timing-Wait
Selected-Fe
X-Served-From
X-Zipkin-Id
X-Cloudmap
X-Proxied
X-Routing-Service
X-S
X-Origin
X-Extlb
Cross-Origin-Embedder-Policy
X-Hit
X-Azure-Ref-OriginShield
Surrogated-Key
X-SRV
X-RateLimit-Remaining-Second
X-Worker
X-LSADC-Cache
X-RateLimit-Limit-Second
X-Request-URI
Accept-Language
LB
Referer-Policy
X-Lagoon
X-Sucuri-Cache
N-Cache
X-Cache-Hit
X-CDN-Forward
X-Generation-Time
X-Generated-By
X-Drupal-Cache-Tags
X-Fastly-Request-Id
X-App-Version
X-Drupal-Cache-Contexts
Xserver
X-Cdn-Origin
X-Sucuri-ID
CF-IPCountry
X-MP-GENERATED-AT
X-Xfnlog-Site
X-Tx-Id
X-TA-CDN-Provider
Source
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
CDN-RequestId
X-Wix-Request-Id
X-F-Cache
Node
X-AIR-PT
Ohc-Cache-HIT
Cache
X-Mly-Id
X-Cache-Debug
X-Via-Edge
X-Via-SSL
X-Via-CDN
Edge-Copy-Time
X-RCS-CacheZone
X-Cache-Rule
X-NODE
X-VC-TTL
X-Varnish-Beresp-Ttl
X-VCT
X-INCAP-ABP
X-NWS-UUID-VERIFY
X-Pad
Cache-Provider
X-XRDS-Location
X-UA
X-Site-Version
X-Browser-Name
X-Urbn-Site-Id
X-Locale
X-ElasticPress-Query
X-Urbn-Context-Path
Locale
X-Is-Mobile
X-Is-Desktop
X-Geo-Region
X-Tcp-Rtt
X-Is-Supported-Browser
X-Is-Tablet
X-Oracle-Dms-Ecid
X-Bl-Debug
Apple-News-Services-Request-Url
X-Bug-Bounty
BehaviorPad-Version
X-Application
X-Aicache-OS
X-B-Cookie
Candidate-Md5Url
X-Bc-Bl
X-Backend-Instance
X-BCube-Filmed-By
X-GEO
X-Ig-Push-State
X-SD-PageType
X-CGP
X-ScT
X-Csrf-Jwt
X-Debug-Cache-Fetch
X-D
X-Section
X-Slack-Backend
X-Cache-Grace
Apple-News-Services-Handled
Apple-News-Services-Host
X-Cache-Info
X-Cache-NE
X-Slack-Shared-Secret-Outcome
X-Cache-Operation
Apple-News-Services-Parsed-Url
X-A-Wwc
L5d-Success-Class
Lang
Mail-Subject
MD5-Digest
X-Vtex-Remote-Cache
We-Hiring
HA-Ipaddr
Host-ID
Web-Mar-Region
Meta-Geo-Continent
Ngx.Var.Host
Producers
Redirect-Candidate
Rendered-Blocks
Xc-Version
Sslversion
Odigeo-Trace-Id
Origin
PFcat
Ha-Gx-Prefs
Wxu-Next-Commit
X-A-Dcw
DCR-Decision-By
DCR-Processing-Time-Ms
X-A-Dgt
X-Debug-Cache-Store
X-Access
Cluster
X-AB-Test
X-A-Dam
X-A-Ccd
Fl-Custom-Application
Wxu-Next-Region
Wxu-Next-Hostname
Fastly-SSL
Fastly-GeoIP-CountryCode
X-A
Expect-Staple
Fastly-Backend-Name
X-Aed
X-Conf
X-VarnishDD-TTL
X-Geolocation
X-Path
X-GeoIP-Region-Code
X-Vdms-Version
X-PAYTM-SRV-ID
X-Proto
X-Ec-Fail
X-No-Session
X-Ec-GeoHdr
X-GeoIP-Country-Code
X-Origin-Time
X-FC-Vary-Parameters
X-Gdpr
X-Op-Id-All
X-Nyt-Route
X-Org
X-GeoCode
X-Mvc-Supplant-Cachable
X-Eu-Site
X-External-Request-Id
X-GeoCountry
X-Proxied-Request
X-Platform-Server
X-Destination
X-DPWN-IS-SECURE
X-Litespeed-Tag
X-Rojux
X-Developer
X-HS-Content-Campaign-Id
X-S-Cookie
X-Ig-Origin-Region
X-Jobs
X-HN
X-Signature
X-B-Cache
Server-Host
X-GeoIP
X-Varnish-CookieHashed-On
X-Varnish-CookieINHashed-On
X-VTEX-Cache-Time
X-NodeID
X-Gen-Mode
RNT-Machine
RNT-Time
X-Generated-On
X-Node-Id
X-Varnish-Director
X-NMSegId
X-GeoIP-City
X-Wikidot-Backend
X-Level-Front-Cache
X-Gamma-Serve
X-GoCache-CacheStatus
X-Gzip
X-Hash
User-Cache-Control
V-Age
X-Location
X-Micro-Cache
Thinkindot-CacheControl-Type
X-Zen-Fury
X-Loc
X-Mvc-Supplant-OutputCached
X-Wikidot-Static-Cache
X-Hnp-Log
Thinkindot-CacheControl
W
TDXMobile
X-Human
X-VServer
X-Req
X-Shield-Cache-Expires
X-Request-Host
X-Dispatcher-Server
X-Thinkindot-L3
X-TIM-N
X-Ec-Custom-Error
X-User
X-Viewer-Country
X-CacheTTL
X-Clientip
X-Via-Fastly
X-CUA
X-SB
X-Date
X-DefHash
X-Scheme
X-Request-Time
X-VG-WebCache
X-Content-Age
X-Content-Length
X-Core-Value
X-Powered-By-VTEX-Cache
X-Policy
X-Amz-Storage-Class
X-Vmg-Version
X-App-Name
X-Fastly-Backend
X-DefElseHash
X-Amz-Meta-Cb-Modifiedtime
X-Fmm-Version
X-AK-Request-ID
X-Akamai-Device-Characteristics
X-VTEX-Cache-Server
X-Auto-Login
X-Origin-Expires
X-Cache-Date
X-Varnish-Remaining-TTL
X-Platform
X-Cache-Id
X-Block-Status
Req-Svc-Chain
X-B3-Trace-ID
X-BBC-Edge-Cache-Status
X-Esi-Check
X-Epic-Correlation-Id
X-Accel-Expires-Debug
Gh-Request-Id
X-Cached-By
Azure-Version
Azure-InstanceId
Platform
Origin-Agent-Cluster
Gannett-Cam-Experience-Id
Azure-SiteName
X-V-Cache
Azure-SlotName
Cdnsip
Canary
Debug
Product
NM-Fastcgi-Cache
L
Cdncip
Azure-RegionName
Content-Script-Type
CDCHOST
Content-Style-Type
X-Via-JSL
Content-Secure-Policy
Mime-Version
X-Ua-Device
Akamai-Mon-Iucid-Del
X-Alternate-Cache-Key
Cdn-Request-Time
Cdn-Host
X-Bip
X-Cache-Aspx
X-Cdn-Srv
X-Varnish-Beresp-Status
X-Pool
X-Varnish-Authentication
X-Origin-Response-Time
X-Men
X-IsAdmin
X-Irp-Debug
X-Internal-TTL
X-Edge-Server
Req-ID
X-ShardId
X-Contensis-Viewer-Groups
X-ShopId
X-Server-IP
X-VG-TLSProxy
X-Pubstack
X-Depends
X-Request-Start
X-Cache-FS-Status
X-Shopify-Stage
Ssr
X-Sorting-Hat-PodId
X-Sn-Servicetimems
Tube-Got-Results
X-UA-Device-Type
X-Sorting-Hat-ShopId
Tube-Got-Eval
Click-Count-Action-Start
ServerName
NGX
X-Storefront-Renderer-Rendered
Tube-Return
Release
DSUID
Yak-Timeinfo
Origin-CC
X-Acquia-Purge-Cdn-Unconfigured
X-Thanos
X-We-Are-Hiring
Click-Count-Error
X-SVT-ORM-VERSION
XM
Country-Code
Tube-Get-Contents
Origin-EX
X-SVT-ORM-RULES
User-Agent
X-Service
X-URL
X-Var-Ttl
X-Tb-Optimization-Total-Bytes-Saved
X-Varnishpool
X-TH-Server
X-SIPLIST1
X-LB-NoCache
CDN-EdgeStorageId
CDN-CachedAt
CDN-PullZone
CDN-RequestCountryCode
CDN-Uid
CDN-RequestPullSuccess
CDN-RequestPullCode
CDN-Cache
X-RID
X-HOST
X-NGINX-Cache
IsBot
Fastly-Drupal-HTML
X-Varnish-Hits
Pramga
X-Vgn-Hpd-Reason
X-CACHE-GROUP
X-DC
X-Proxy-Cache-Status
X-Cs
Sid
X-Moov-Xdn-Version
GeoIP-Latitude
X-Moov-T
X-Moov-Xdn-Caching-Status
X-ORCA-Accelerator
X-Old-Content-Length
X-HubSpot-Correlation-Id
X-RequestId
X-HITS
CloudFront-Viewer-Country
Esi-Enabled
X-Servedbyhost
X-Refresh
X-Upstream-Ct
X-Upstream-Ht
X-Presslabs-Stats
N1-Cache
X-Api-Version
Cdn-Requestid
X-Nc
X-Wa
X-ZONE
X-Action
X-HA-Backend
X-Tt-Logid
X-Via-Poph
C-Via
X-Cache-Bucket
X-Via-Popv
Server-ID
X-Via-Popn
X-APP
X-Newrelic-Synthetics
X-LiteSpeed-Cache-Control
Cache-Hits
TWC-GeoIP-City
A
Cache-Key
X-Vercel-Id
X-LiteSpeed-Tag
XkeyRZ
X-Thinkindot-L1
X-Cache-VC
Location
X-LB-ID
TWC-GeoIP-Region
X-Proxy-CacheRZ
TWC-GeoIP-DMA
X-Vercel-Cache
X-Zone
X-DynaTrace-JS-Agent
X-Webkit-CSP
X-Parent-Response-Time
X-Nananana
X-NewRelic-App-Data
HostName
X-B3-Parentspanid
AMP-Access-Control-Allow-Source-Origin
X-Webkit-Csp-Report-Only
X-B3-Spanid
X-Dc
X-COUNTRY
X-Webkit-Csp
X-CS
WP-Super-Cache
X-PERF
X-Ua
X-ApacheServer
Proxy-Firewall
X-Endurance-Cache-Level
Fastly-Drupal-Html
SID
X-Srv
X-API-Version
X-CACHE-AGE
X-DataCenter
X-WA-Info
X-Cdn-Forward
X-Render-Time
X-Fpc
X-Litespeed-Cache-Control
GeoIp-Country-Code
X-Uri
X-Nitro-Cache
Uri
X-Ion-Hop
X-Optimistic-Header
Server-Ext
True-Client-Country-4JS
True-Client-Ip
Sever-Int
TP-L2-Cache
Server-Hostname
X-Jungle-Id
RewriteTestHook
Cache-Contol
RewriteTeamHook
X-Ion-Healthy
GeoIP-Country-Code
X-Test
True-Client-IP
Cmstype
X-Datadome
Log-Origin
My-App
Resin-Trace
Cmsid
Cdn
X-Service-Response-Time
Sm-Log-Id
X-CLOUD-TRACE-CONTEXT
SEZNAM-JOBS-OFFER
X-Up
X-Datacenter
X-From
X-Ssense-Gql
X-Ssense-Shipping-Surcharge-Enabled
Is-Eu
X-Dispatcher-Number
Adler-Geo
X-SERVER-NAME
CacheControlHeader
WZWS-RAY
Tcn
X-Nginx-Cache-Key
X-Pass-Why
X-Client-Ip
X-Varnish-Beresp-TTL
X-Stale
X-RateLimit-Limit
X-Udemy-Cache-App-Namespace
X-FPC
X-Srcache-Fetch-Status
X-Srcache-Store-Status
X-Dynatrace-Js-Agent
T-Server
X-VWS-Id
X-LJ-Flow-ID
X-AWS-Id
X-APP-VERSION
Srv
X-Oracle-Dms-Rid
Lb
X-Geo-Header
X-Custom-Header
X-ND-Cache
X-Provided-By
X-Debug-Service
X-Air-Pt
Hostname
X-Fastly-Cache-Status
X-TX-ID
X-App
X-Air-Hostname
X-Air-Source
X-Air-Trace-Id
Origin-Site
X-CMSURLCustom
Vc-Max-Age
Server-Id
X-Cache-Server
Serverhost
X-Vc
X-Fastly-Backend-Reqs
X-Correlation-ID
AKAMAI-GRN
X-Lb-Id
X-VCL-Version
NtCoent-Length
Pics-Label
X-SRCache-Key
X-Varnish-Hostname
Cf-Ipcountry
X-Akamai-Pragma-Client-IP
X-Cache-Ttl
S-Rt
X-Via-PopN
X-Via-PopH
X-Via-PopV
Edge-Cache
X-NC
X-Ha-Backend
X-Html-Minification-Powered-By
Av-Poweredby
X-WA
ServerHost
Powered-By
X-Oracle-DMS-ECID
X-Cdn-Cache-Status
Cache-Tv-Group
X-XRDS-LOCATION
X-Esi
Pragrma
X-Cache-TTL-Remaining
Epwk-X-Cache
YJS-ID
Vix-Hermes-Req-Id
Geoip-Latitude
X-LAGOON
Machine
WebServer
Ms-Author-Via
X-Region-Sid
Xkeylog
X-Forwarded-Site
Xkey-La3
X-Sigma
X-Traceid
X-Requestid
X-ServedByHost
X-Fastly-Cache
X-Rocket-Build-Number
WWW-Authenticate
X-Ckpd-Fst-Backend
X-Sigma-Backend
X-Proxy-Cache-La3
Cloudfront-Viewer-Country
CountryCode
Thinkindot-Control
X-Sucuri-Id
X-HS-Status
Nord-Request-ID
Warning
X-MSEdge-Features
X-MSEdge-Flight
On-Server
X-IAuth-Set-Uid
FSS-Cache
X-Check-Cacheable
X-Akamai-ERRuleID
X-Akamai-ERPolicy
Reporter
X-Lb-Nocache
X-Wp-Cf-Super-Cache-Cache-Control
X-Wp-Cf-Super-Cache
X-Serial
MIME-Version
X-Lsadc-Cache
X-Ee-Request-Date
X-Ee-Request-Id
X-Ee-Origin
X-PHP-Backend
DataCenter
X-Cdn-Request-ID
X-Mg-Cache
X-Amz-Meta-Opti
X-Orig-Cache-Control
Store-Cloud-Cache
Time-Cloud-Cache
X-Elasticpress-Query
AKAMAI
X-Tncms-Bot-Tier
Timeexpire
X-Save-Cache
Cneonction
X-Akamai-Transformed
X-BBC-Origin-Response-Status
X-Ee-Generated-By
X-VTEX-Cache-Backend-Connect-Time
X-VTEX-Cache-Backend-Header-Time
X-Web-Server
X-Td-Header-From-No-Data
X-Cms-Device
X-Dw-Trace-Id
Thinkindot-Cache-Type
X-Vary-Devices