Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
X-Frame-Options
Expires
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
CF-Cache-Status
Cf-Request-Id
ETag
Accept-Ranges
Expect-CT
CF-RAY
Pragma
X-Powered-By
X-Cache
Via
Age
X-XSS-Protection
Content-Security-Policy
Alt-Svc
Report-To
NEL
Referrer-Policy
X-Xss-Protection
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
Accept-CH
X-Served-By
P3P
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Request-Id
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
CF-Ray
Content-Security-Policy-Report-Only
X-Runtime
X-DNS-Prefetch-Control
X-AspNet-Version
P3p
X-Drupal-Cache
Server-Timing
X-Generator
X-Cache-Status
X-Cacheable
X-Envoy-Upstream-Service-Time
X-FRAME-OPTIONS
Timing-Allow-Origin
X-Iinfo
Permissions-Policy
X-Drupal-Dynamic-Cache
X-Request-ID
X-Ua-Compatible
X-Content-Security-Policy
Feature-Policy
Access-Control-Expose-Headers
Upgrade
Accept-Ch
Content-Encoding
Status
X-CDN
Access-Control-Max-Age
X-AspNetMvc-Version
Host-Header
Cf-Edge-Cache
X-Robots-Tag
Request-Context
Accept-CH-Lifetime
X-Amz-Request-Id
X-Backend
X-Amz-Id-2
X-Hacker
X-UA-Device
Cf-Apo-Via
X-Cache-Group
X-Turbo-Charged-By
X-Proxy-Cache
X-Age
Keep-Alive
X-Rq
EagleId
X-Via
X-Vhost
X-Server
X-Dispatcher
X-Check
X-Amz-Version-Id
X-AH-Environment
X-Ws-Request-Id
X-Litespeed-Cache
X-Varnish-Cache
Grace
X-Server-Powered-By
X-WebKit-CSP
X-Swift-SaveTime
X-Swift-CacheTime
X-OneAgent-JS-Injection
X-Pingback
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
Ali-Swift-Global-Savetime
Allow
X-Dns-Prefetch-Control
Xkey
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Cache-Lookup
X-Page-Speed
X-Cloud-Trace-Context
X-Device
X-Backend-Server
X-Akam-SW-Version
X-Host
Surrogate-Control
EagleEye-TraceId
X-Response-Time
X-Readtime
Cf-Railgun
X-HW
X-Node
Request-Id
X-Server-Id
X-Ruxit-JS-Agent
X-Country
X-Nginx-Cache-Status
X-Url
Content-Location
X-Country-Code
X-Content-Type
Cache-Tag
X-Nginx-Upstream-Cache-Status
Fastly-Restarts
X-Trace
Service-Worker-Allowed
X-Clacks-Overhead
Cross-Origin-Opener-Policy
X-Application-Context
X-NWS-LOG-UUID
X-Rack-Cache
X-Amz-Server-Side-Encryption
X-Times
X-LiteSpeed-Cache
X-Vname
X-TtlSet
X-PC
Surrogate-Key
X-Midtier
X-Edge
X-Mcache
Rating
X-Server-Name
Accept-Ch-Lifetime
X-Cache-TTL
X-Middleton-Display
X-Sol
Pagespeed
Display
X-Cnection
X-Browser-Type
X-Element-Page-Cache
X-Abt-Application-Version
X-Powered-By-Plesk
X-Exp-Id
X-Cdn-Fetch
X-Kinja-Revision
X-Kinja-Build
X-Kinja
X-Kinja-Server
X-Exp-Variant
X-GoogleNews-Bot
X-GitHub-Request-Id
X-ESI
Nginx-Cache
Edge-Control
X-ECACHE
X-Vcap-Request-Id
X-D2id
Verso
X-Ac
X-Ser
X-MS-InvokeApp
X-Ruxit-Js-Agent
X-ORACLE-DMS-RID
X-Client-IP
X-Ratelimit-Limit
X-Oneagent-Js-Injection
X-Amz-Rid
Response
X-Wormhole-Sdk
X-Middleton-Response
X-Ratelimit-Remaining
X-CST
X-ARC
X-Powered-CMS
X-Dw-Request-Base-Id
X-Goog-Hash
X-B3-TraceId
X-Navigation-Version
X-Edge-Location-Klb
X-Kinsta-Cache
X-Server-ID
X-Erf-Bev-Bev-Is-Generated
X-Upstream
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
X-PDP-UNCACHING-HASH
X-Erf-Bev-Bev
X-Instrumentation
X-Forwarded-For
X-Amzn-Trace-Id
X-FastCGI-Cache
SPRequestDuration
SPIisLatency
X-Cache-Key
RTSS
X-Mod-Pagespeed
X-Daa-Tunnel
Edge-Cache-Tag
Cache-Status
AR-ATIME
AR-SID
AR-PoweredBy
AR-Request-ID
Public-Key-Pins
X-Content-Digest
X-Ezoic-Cdn
X-NF-Request-ID
X-Version
X-Ttl
Origin-Trial
SPRequestGuid
X-SharePointHealthScore
X-Mg-S
Realpath
S
X-FTR-Request-ID
X-MSEdge-Ref
X-T
X-Shield-Request-Id
X-Fastly-Request-ID
Fastcgi-Cache
X-ORACLE-DMS-ECID
X-Recruiting
Front-End-Https
Cross-Origin-Resource-Policy
X-Kong-Proxy-Latency
X-Accel-Expires
X-Kong-Upstream-Latency
AR-CACHE
X-Cached
X-Distributor
Pinterest-Generated-By
Pinterest-Version
X-Pinterest-Rid
X-Xrds-Location
X-Azure-Ref
X-TTL
Access-Control-Request-Method
Arr-Disable-Session-Affinity
TP-Cache
X-Request-Processing-Time
X-Request-Received
X-Varnish-TTL
X-Ua-Browser
Count-Hit
X-HS-Content-Id
X-HS-Cache-Config
X-Id
X-HS-Hub-Id
X-Debug
X-Correlation-Id
X-LLID
Cache-Tags
X-Ismobilevalue
X-Cluster-Name
Server-Node
X-Content-Security-Policy-Report-Only
X-Newrelic-App-Data
X-PressLabs-Stats
X-Nf-Request-Id
MicrosoftSharePointTeamServices
Akamai-GRN
X-VARITI-CCR
X-Frontend
X-Aspnetmvc-Version
X-GUploader-UploadID
X-NGENIX-Cache
X-Varnish-Backend
X-Amz-Replication-Status
X-Protected-By
X-HS-Combine-CSS
X-Hits
X-Goog-Metageneration
Payment
X-Microsite
X-Request-Handler-Origin-Region
X-Ratelimit-Reset
X-Unique-Id
X-LB-Cache
X-Git-Hash
X-Page-Id
X-Varnish-Server
Cleartype
X-Activity-Id
X-Logged-In
X-Www-Served-By
X-FB-Debug
X-Az
X-AppVersion
X-Tt-Trace-Tag
X-Hostname
X-Tt-Trace-Host
Content-Disposition
X-DIS-Request-ID
Host
X-Jurisdiction
X-HP-Trace-Id
X-HP-Webp
X-Cambria-Cache-Control
X-Forwarded-Proto
Filterid
X-TraceId
X-Amz-Apigw-Id
X-Amzn-RequestId
Amp-Access-Control-Allow-Source-Origin
X-Template
X-App-Server
X-Varnish-Ttl
X-Geo-Country
Frame-Options
X-Aspnet-Version
X-Fastcgi-Cache
Trailer
Version
X-B3-TraceId-Primal
MRF-Tech
X-ASPNET-VERSION
Mrf-Cache-Status
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Generation
X-Goog-Stored-Content-Length
Access-Control-Allow-Method
Accept-Charset
X-WP-CF-Super-Cache-Cache-Control
X-Load-Cache
X-WP-CF-Super-Cache
X-Type
Fastly-SIE
Fastly-SWR
X-Upgrade-Enabled
X-Ah-Environment
Viewport
X-Content-Options
Section-Io-Cache
X-Origin-Server
X-Envoy-Decorator-Operation
X-TT
X-Fb-Rlafr
X-Source
X-B
X-Cache-Control
X-Grace
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-B3-Sampled
MS-Author-Via
Retry-After
X-Rid
Server-Name
Content-MD5
X-Device-Type
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Vcl-Version
X-Cache-Age
X-Language
X-Cdn
X-Px
X-Request-Guid
X-Buckets
X-Magnolia-Registration
X-HS-Prerendered
X-Trace-Id
X-Revision
X-Mobile
Healthy
TCN
X-Tec-Api-Origin
X-Tec-Api-Version
X-Tec-Api-Root
X-EdgeConnect-Cache-Status
X-WP-CF-Super-Cache-Active
X-Varnish-Grace
X-Akamai-Edgescape
Protected
X-Backend-Name
X-Original-Request-Id
SD-X-WS
X-Debug-Info
X-App-Environment
X-Response-Served-From
X-Instance
X-RM-Cache-TTL
X-Rule
X-Status
X-Tumblr-Pixel-1
X-ServerID
X-Rendered-As
Upgrade-Insecure-Requests
Charset
X-Is-Bot
Cross-Origin-Embedder-Policy-Report-Only
X-Origin-Cache
X-Tumblr-User
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-NYM-Debug-Backend
X-RemovedCookies
GEO-INFO
X-ProcessESI
X-Region
X-UUID
X-Adobe-Content
X-FW-Server
X-FW-Serve
X-FW-Hash
Cross-Origin-Window-Policy
X-Node-Name
NGB
X-Environment-Context
X-Edge-Location
X-Adobe-Loc
X-Framework
X-Cacheable-TTL
X-FW-Type
X-FW-Version
Access-Control-Request-Headers
X-Storage
X-FW-Static
X-Mg-Request-UUID
X-FW-Dynamic
X-Cache-Time
X-L-Path
X-Proxy-Cache-Info
X-Yottaa-Optimizations
X-Datadog-Sampling-Priority
X-Yottaa-Metrics
X-Datadog-Trace-Id
X-Debug-IsPreview
X-Datadog-Sampled
X-Proxy
X-RTag
X-Content-Powered-By
X-Datadog-Parent-Id
X-Debug-IsConnected
Ms-Operation-Id
MS-CV
X-Contextid
X-CSRF-Token
X-G
Refresh
X-Ua-Device
X-Whom
OT-Force-Account-Verify
X-Lambda-Id
X-Amz-Meta-S3cmd-Attrs
X-B3-Traceid
Webserver
Countrycode
Section-Io-Id
Paypal-Debug-Id
X-Country-Code-Real
X-FTR-Balancer
X-FTR-Backend-Server
X-User-Agent
X-FTR-Cache-Status
DC
X-FTR-Backend
X-FTR-Expires
X-Amzn-Remapped-Content-Length
X-Reqid
X-Seen-By
X-HTML-Minification-Powered-By
X-VC
X-CCDN-CacheTTL
Front
X-CCDN-Origin-Time
X-Hcs-Proxy-Type
X-TT-LOGID
X-ECache
Priority
X-Server-W
Alternate-Protocol
SRV
X-WebKit-CSP-Report-Only
X-Real-IP
X-DataDome
X-Time
X-IPS-LoggedIn
X-WP-CF-Super-Cache-Cookies-Bypass
X-B3-SpanId
Liferay-Portal
X-Akamai-Request-ID2
Cross-Origin-Opener-Policy-Report-Only
X-Origin-TTL
X-Origin-CC
Backend
X-AB
X-N
X-Rocket-Nginx-Serving-Static
X-Cache-Status-Check
Country
Onion-Location
WPO-Cache-Status
Xet-Cookie
WPO-Cache-Message
X-Mode
X-Say-Cacheable
X-Rn-Rsrv
X-Rewrite-Enabled
TWC-GeoIP-LatLong
TWC-GeoIP-Country
X-Hl-Ver
X-Say-TTL
TWC-Device-Class
X-SaId
Environment
Filters
Fastcgi-Useragent
X-Origin-Hint
Meta-Geo
Property-Id
ServerID
X-Tumblr-Pixel-2
X-Redis-Cache
X-SayCDN-TTL
TWC-Connection-Speed
X-RateLimit-Remaining
X-FB-TRIP-ID
X-JoinUs
X-Cache-Action
X-Cache-Host
TWC-Locale-Group
X-UPSTREAM-Address
Webcakes-Region
X-Format
Webcakes-App-Name
Web-Mar-Node
Webcakes-App-Version
TWC-Privacy
X-PHP-Host
X-IPLB-Instance
X-DynaTrace
X-Detected-As
X-Tb
X-Soup
X-Skip-Cache
X-IPLB-Request-ID
X-Scope-Id
X-Labrador-Cache-Channel
X-Vcache
X-Handled-By
X-Varnish-Age
X-VC-Cache
X-Restarts
X-Frame-Option
X-Nginx-Cache
X-Fetched-On
Expiry
X-Director
DB-Nickname
X-Accel-Version
X-Loop
Mn-Server-Ip
X-R9-Blue-Green-Version
X-Origin-Date
Uber-Trace-Id
X-Cache-Expired-At
From-Origin
X-Tncms
X-Connection-Hash
X-Cms-Context
X-Cluster-Node
Url
X-ProxyCache-Key
Apigw-Requestid
X-Adobe-Source
X-Hosted-By
Atl-Traceid
X-Httpd
X-Ms-Request-Id
X-ProxyCache-Status
X-Servername
X-Varnish-Cache-Hits
X-Webstats-RespID
X-BYPASS-REASON
X-Logging-Id
X-Web-Node
X-Ms-Version
X-Auth-Group-Type
X-Cluster
X-Forwarded-Host
X-Proxy-Build
Selected-Fe
ServedBy
X-Timing-Wait
X-Resp-Is-Stale
X-Varnish-Beresp-Grace
X-Tumblr-Pixel-3
X-Fastly-Request-Id
X-Served-From
Ohc-File-Size
X-S
X-Origin
X-Hit
X-Cloudmap
X-Request-URI
X-Proxied
X-Webkit-CSP
X-Zipkin-Id
X-Extlb
X-Routing-Service
Referer-Policy
N-Cache
Cross-Origin-Embedder-Policy
Accept-Language
X-LSADC-Cache
X-Azure-Ref-OriginShield
X-SRV
X-HS-CF-Cache-Status
Surrogated-Key
X-Worker
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Generated-By
LB
X-Sucuri-Cache
X-Lagoon
X-Generation-Time
Xserver
X-App-Version
X-Cache-Hit
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Drupal-Cache-Contexts
X-Drupal-Cache-Tags
X-Xfnlog-Site
X-TA-CDN-Provider
X-Wix-Request-Id
X-Sucuri-ID
X-XRDS-Location
X-Webkit-Csp
CF-IPCountry
X-Cdn-Origin
Source
X-CDN-Forward
X-MP-GENERATED-AT
X-Tx-Id
X-Oracle-Dms-Ecid
X-NWS-UUID-VERIFY
CDN-RequestId
Node
X-Cache-Debug
X-F-Cache
X-RCS-CacheZone
X-NODE
X-VCT
X-Mly-Id
Cache
X-Cache-Rule
Edge-Copy-Time
X-Varnish-Beresp-Ttl
X-Via-CDN
X-Via-SSL
X-Via-Edge
X-Is-Tablet
X-Is-Supported-Browser
X-Tcp-Rtt
X-Urbn-Context-Path
X-Urbn-Site-Id
Locale
X-Is-Mobile
X-Browser-Name
X-Geo-Region
X-Is-Desktop
X-Pad
X-No-Session
X-INCAP-ABP
Cache-Provider
Ohc-Cache-HIT
X-Signature
X-ElasticPress-Query
X-B-Cache
We-Hiring
Web-Mar-Region
Wxu-Next-Commit
Sslversion
Rendered-Blocks
Producers
PFcat
Redirect-Candidate
W
X-A-Dam
X-Access
X-AB-Test
X-Aed
X-Aicache-OS
X-App-Name
X-A-Wwc
X-A-Dgt
X-A
Wxu-Next-Region
X-A-Ccd
Origin
X-A-Dcw
Wxu-Next-Hostname
Mail-Subject
Content-Secure-Policy
Cluster
DCR-Decision-By
DCR-Processing-Time-Ms
Expect-Staple
Candidate-Md5Url
BehaviorPad-Version
Apple-News-Services-Handled
X-Site-Version
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Fastly-Backend-Name
Fastly-GeoIP-CountryCode
X-Application
Lang
MD5-Digest
Meta-Geo-Continent
Ngx.Var.Host
L5d-Success-Class
Host-ID
Fastly-SSL
Fl-Custom-Application
Ha-Gx-Prefs
HA-Ipaddr
Odigeo-Trace-Id
X-Bug-Bounty
X-Org
X-Op-Id-All
X-Origin-Time
X-Path
X-PAYTM-SRV-ID
X-Nyt-Route
X-Mvc-Supplant-Cachable
X-HS-Content-Campaign-Id
X-HN
X-Ig-Origin-Region
X-Ig-Push-State
X-Jobs
X-Platform-Server
X-Proto
X-VarnishDD-TTL
X-TIM-N
X-Vdms-Version
X-Vtex-Remote-Cache
Xc-Version
X-Section
X-SD-PageType
X-Proxied-Request
X-Rojux
X-S-Cookie
X-ScT
X-GeoIP-Region-Code
X-GeoIP-Country-Code
X-CGP
X-Cache-Operation
X-Conf
X-Csrf-Jwt
X-D
X-Cache-NE
X-Cache-Info
X-Backend-Instance
X-Bc-Bl
X-BCube-Filmed-By
X-Bl-Debug
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-FC-Vary-Parameters
X-External-Request-Id
X-Gdpr
X-GeoCode
X-GeoCountry
X-Eu-Site
X-Ec-GeoHdr
X-Destination
X-Developer
X-DPWN-IS-SECURE
X-Ec-Fail
X-B-Cookie
X-Cache-Grace
X-Via-JSL
X-Litespeed-Tag
X-VC-TTL
X-Locale
X-NGINX-Cache
X-DefElseHash
X-Clientip
X-DefHash
X-Content-Age
X-Content-Length
X-Dispatcher-Server
X-Core-Value
X-CUA
X-Edge-Server
X-Gen-Mode
X-Generated-On
X-GeoIP
X-GeoIP-City
X-Gamma-Serve
X-Fmm-Version
X-Cdn-Srv
X-Epic-Correlation-Id
X-Esi-Check
X-Fastly-Backend
X-Ec-Custom-Error
X-Cache-Id
Thinkindot-CacheControl-Type
User-Agent
User-Cache-Control
V-Age
Thinkindot-CacheControl
TDXMobile
RNT-Machine
RNT-Time
Server-Host
X-AK-Request-ID
X-Akamai-Device-Characteristics
X-Block-Status
X-Cache-Date
X-Geolocation
X-Cached-By
X-BBC-Edge-Cache-Status
X-B3-Trace-ID
X-Amz-Meta-Cb-Modifiedtime
X-Amz-Storage-Class
X-Auto-Login
X-CacheTTL
X-GoCache-CacheStatus
X-Varnish-CookieHashed-On
X-Varnish-CookieINHashed-On
X-Varnish-Director
X-Varnish-Remaining-TTL
X-Var-Ttl
X-V-Cache
X-Slack-Backend
X-Slack-Shared-Secret-Outcome
X-Thinkindot-L3
X-User
X-Varnishpool
X-VG-WebCache
X-VTEX-Cache-Time
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-Zen-Fury
X-VTEX-Cache-Server
X-VServer
X-Via-Fastly
X-Viewer-Country
X-Vmg-Version
X-Shield-Cache-Expires
X-Scheme
X-Loc
X-Location
X-Micro-Cache
X-Mvc-Supplant-OutputCached
X-Level-Front-Cache
X-Irp-Debug
X-Gzip
X-Hash
X-Hnp-Log
X-Human
X-NMSegId
X-Node-Id
X-Req
X-Request-Host
X-Request-Time
X-SB
X-Powered-By-VTEX-Cache
X-Policy
X-NodeID
X-Origin-Expires
X-Platform
Req-Svc-Chain
X-GEO
Gannett-Cam-Experience-Id
Debug
Content-Style-Type
Content-Script-Type
Gh-Request-Id
L
Origin-Agent-Cluster
NM-Fastcgi-Cache
Mime-Version
Cdncip
Cdn-Request-Time
Azure-SiteName
Azure-RegionName
Azure-InstanceId
Azure-SlotName
Azure-Version
Cdn-Host
CDCHOST
Canary
Platform
Cdnsip
Pramga
Product
X-Proxy-Cache-Status
X-UA
Akamai-Mon-Iucid-Del
X-COUNTRY
ServerName
X-Men
Click-Count-Action-Start
CDN-Uid
CDN-RequestPullSuccess
X-Cache-Aspx
CDN-RequestCountryCode
CDN-RequestPullCode
Click-Count-Error
X-IsAdmin
X-Depends
X-Date
IsBot
DSUID
Country-Code
X-Contensis-Viewer-Groups
X-Internal-TTL
X-Origin-Response-Time
X-Cache-FS-Status
CDN-PullZone
Release
X-Varnish-Beresp-Status
X-Varnish-Authentication
X-UA-Device-Type
Req-ID
X-VG-TLSProxy
Yak-Timeinfo
XM
X-We-Are-Hiring
X-Thanos
X-SVT-ORM-VERSION
CDN-CachedAt
CDN-EdgeStorageId
X-Pubstack
X-Pool
X-Request-Start
CDN-Cache
X-SVT-ORM-RULES
X-SIPLIST1
X-Server-IP
X-Bip
X-AIR-PT
Tube-Got-Eval
Tube-Return
Tube-Got-Results
X-Acquia-Purge-Cdn-Unconfigured
X-Accel-Expires-Debug
Origin-EX
Tube-Get-Contents
Origin-CC
NGX
X-ShardId
X-Sorting-Hat-ShopId
X-Alternate-Cache-Key
X-ShopId
X-Shopify-Stage
X-Storefront-Renderer-Rendered
X-URL
X-HITS
X-Sorting-Hat-PodId
Sid
Ssr
X-LB-NoCache
X-Varnish-Hits
X-Tb-Optimization-Total-Bytes-Saved
X-Service
X-RID
X-HOST
X-ORCA-Accelerator
X-Sn-Servicetimems
X-Upstream-Ct
X-Upstream-Ht
X-CACHE-GROUP
Esi-Enabled
Fastly-Drupal-HTML
X-ZONE
X-VHOST
X-DC
GeoIP-Latitude
X-Vgn-Hpd-Reason
X-TH-Server
X-Api-Version
X-HubSpot-Correlation-Id
X-RequestId
CloudFront-Viewer-Country
X-Cs
X-Refresh
X-Cache-Bucket
X-Servedbyhost
Cdn-Requestid
X-Old-Content-Length
X-Moov-Xdn-Caching-Status
X-Moov-Xdn-Version
XkeyRZ
X-Nc
X-Moov-T
X-Proxy-CacheRZ
X-Wa
A
Cache-Key
X-Newrelic-Synthetics
C-Via
X-Tt-Logid
X-APP
X-B3-Spanid
X-HA-Backend
X-Nananana
Server-ID
X-NewRelic-App-Data
X-B3-Parentspanid
X-Via-Popv
X-Via-Popn
X-Via-Poph
X-Parent-Response-Time
N1-Cache
X-CACHE-AGE
X-LiteSpeed-Cache-Control
AMP-Access-Control-Allow-Source-Origin
X-LB-ID
X-Cdn-Forward
X-Webkit-Csp-Report-Only
X-CS
X-LiteSpeed-Tag
X-Presslabs-Stats
X-Vercel-Id
Proxy-Firewall
X-Thinkindot-L1
X-Action
X-Vercel-Cache
X-Cache-VC
X-Dc
HostName
Location
X-Endurance-Cache-Level
X-DynaTrace-JS-Agent
X-Optimistic-Header
TWC-GeoIP-Region
TWC-GeoIP-DMA
Cache-Hits
TWC-GeoIP-City
X-Ua
Fastly-Drupal-Html
X-Srv
X-Zone
Server-Hostname
X-DataCenter
Server-Ext
Sever-Int
WP-Super-Cache
TP-L2-Cache
True-Client-Country-4JS
GeoIp-Country-Code
Cdn
X-Litespeed-Cache-Control
SID
X-API-Version
X-PERF
X-ApacheServer
X-Fpc
X-Test
True-Client-IP
Uri
Adler-Geo
Is-Eu
X-Air-Pt
X-Dispatcher-Number
X-WA-Info
X-Render-Time
X-Uri
X-Datadome
WZWS-RAY
X-Nitro-Cache
X-Nginx-Cache-Key
SEZNAM-JOBS-OFFER
True-Client-Ip
Resin-Trace
X-AWS-Id
Cache-Contol
X-VWS-Id
RewriteTestHook
RewriteTeamHook
X-Jungle-Id
X-LJ-Flow-ID
X-Ssense-Gql
GeoIP-Country-Code
X-Ssense-Shipping-Surcharge-Enabled
X-Datacenter
X-Ion-Healthy
X-Ion-Hop
X-CLOUD-TRACE-CONTEXT
X-SERVER-NAME
X-Service-Response-Time
Sm-Log-Id
My-App
Log-Origin
X-Geo-Header
X-Provided-By
T-Server
Tcn
X-Custom-Header
Cmstype
Cmsid
X-Client-Ip
X-Varnish-Beresp-TTL
X-Pass-Why
X-Dynatrace-Js-Agent
X-From
X-FPC
X-Stale
X-Up
X-ND-Cache
X-RateLimit-Limit
X-Srcache-Fetch-Status
X-Srcache-Store-Status
Serverhost
CacheControlHeader
X-Udemy-Cache-App-Namespace
X-APP-VERSION
Lb
Hostname
Srv
X-Oracle-Dms-Rid
X-CMSURLCustom
Vc-Max-Age
X-Cache-Server
S-Rt
X-Fastly-Cache-Status
Pics-Label
X-Debug-Service
Av-Poweredby
X-TX-ID
Cache-Tv-Group
X-Air-Hostname
X-Air-Trace-Id
X-Air-Source
Powered-By
Server-Id
X-App
X-Lb-Id
X-Cdn-Cache-Status
X-Vc
X-Cache-TTL-Remaining
X-Via-PopN
X-Via-PopV
X-Via-PopH
X-Ha-Backend
X-Akamai-Pragma-Client-IP
X-Fastly-Backend-Reqs
X-Correlation-ID
Vix-Hermes-Req-Id
Cf-Ipcountry
X-Cache-Ttl
ServerHost
X-Ckpd-Fst-Backend
X-Fastly-Cache
X-Html-Minification-Powered-By
X-NC
X-Oracle-DMS-ECID
Origin-Site
X-LAGOON
X-WA
X-Esi
X-XRDS-LOCATION
X-Varnish-Hostname
Xkeylog
Xkey-La3
X-Proxy-Cache-La3
X-SRCache-Key
X-VCL-Version
Geoip-Latitude
Epwk-X-Cache
On-Server
Thinkindot-Control
NtCoent-Length
WWW-Authenticate
Edge-Cache
Cloudfront-Viewer-Country
X-Traceid
X-Requestid
X-ServedByHost
WebServer
CountryCode
X-Vary-Devices
X-Ee-Request-Date
AKAMAI
X-Cms-Device
X-Ee-Generated-By
X-Ee-Origin
Pragrma
X-Sucuri-Id
Warning
Time-Cloud-Cache
X-Amz-Meta-Opti
X-MSEdge-Flight
Store-Cloud-Cache
X-Ee-Request-Id
X-Save-Cache
X-HS-Status
X-PHP-Backend
X-MSEdge-Features
X-Sigma-Backend
X-Region-Sid
X-Rocket-Build-Number
X-Cdn-Request-ID
YJS-ID
Machine
X-Serial
X-Sigma
X-Forwarded-Site
X-CSRF-TOKEN
X-Pod
X-VTEX-Cache-Backend-Connect-Time
X-Wp-Cf-Super-Cache
Ms-Author-Via
X-Wp-Cf-Super-Cache-Cache-Control
FSS-Cache
X-IAuth-Set-Uid
X-Check-Cacheable
X-VTEX-Cache-Backend-Header-Time
X-Lb-Nocache
Reporter
X-Akamai-Transformed
X-Ms-Lease-Status
X-Info
Yjs-Id
Magicmarker
X-Mg-Cache
Cl-Cache
X-Ms-Blob-Type
X-Tncms-Bot-Tier
X-Dw-Trace-Id
X-Akamai-ERPolicy
X-Akamai-ERRuleID
X-Orig-Cache-Control
X-BBC-Origin-Response-Status
Timeexpire
Thinkindot-Cache-Type
X-Elasticpress-Query
X-Lsadc-Cache
Cneonction
X-Web-Server
X-Td-Header-From-No-Data
X-Limited