Threat Level: green Handler on Duty: Daniel Wesemann

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
X-Frame-Options
Expires
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
CF-Cache-Status
Cf-Request-Id
ETag
Accept-Ranges
Expect-CT
CF-RAY
Pragma
X-Powered-By
X-Cache
Via
X-XSS-Protection
Age
Content-Security-Policy
Alt-Svc
Report-To
NEL
Referrer-Policy
Access-Control-Allow-Origin
X-Xss-Protection
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
X-Served-By
P3P
X-Download-Options
X-Timer
X-Request-Id
Accept-CH
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
CF-Ray
Content-Security-Policy-Report-Only
X-DNS-Prefetch-Control
X-Runtime
X-AspNet-Version
P3p
X-Drupal-Cache
Server-Timing
X-Generator
X-Cache-Status
X-Cacheable
X-Envoy-Upstream-Service-Time
X-FRAME-OPTIONS
Timing-Allow-Origin
X-Iinfo
Permissions-Policy
X-Drupal-Dynamic-Cache
X-Ua-Compatible
X-Content-Security-Policy
Feature-Policy
Access-Control-Expose-Headers
Upgrade
X-Request-ID
Content-Encoding
Status
X-CDN
X-Check
X-AspNetMvc-Version
Access-Control-Max-Age
Host-Header
Cf-Edge-Cache
X-Robots-Tag
Request-Context
X-Amz-Request-Id
X-Backend
X-Amz-Id-2
X-Hacker
Cf-Apo-Via
X-Turbo-Charged-By
X-Cache-Group
X-Proxy-Cache
Keep-Alive
X-Rq
X-Via
X-Age
EagleId
X-UA-Device
X-Server
X-Dispatcher
X-Vhost
X-Amz-Version-Id
X-AH-Environment
Accept-CH-Lifetime
X-Ws-Request-Id
X-Varnish-Cache
X-Litespeed-Cache
Grace
X-Server-Powered-By
X-OneAgent-JS-Injection
X-Pingback
X-Swift-SaveTime
X-Swift-CacheTime
X-WebKit-CSP
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Dns-Prefetch-Control
Allow
Ali-Swift-Global-Savetime
X-Cache-Lookup
X-Page-Speed
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Cloud-Trace-Context
Xkey
X-Device
X-Backend-Server
X-Akam-SW-Version
X-Host
EagleEye-TraceId
Surrogate-Control
X-Response-Time
X-Readtime
Cf-Railgun
X-Node
X-HW
X-Ruxit-JS-Agent
X-Server-Id
Request-Id
X-LiteSpeed-Cache
X-Country
X-Nginx-Cache-Status
X-Url
Content-Location
X-Content-Type
Cache-Tag
X-Nginx-Upstream-Cache-Status
X-Clacks-Overhead
X-Application-Context
Service-Worker-Allowed
Fastly-Restarts
X-NWS-LOG-UUID
X-Trace
X-Country-Code
Cross-Origin-Opener-Policy
X-Amz-Server-Side-Encryption
X-Rack-Cache
X-Times
X-Vname
X-TtlSet
X-PC
X-Edge
X-Mcache
X-Midtier
Surrogate-Key
Rating
X-Server-Name
X-Cache-TTL
X-Sol
Pagespeed
X-Middleton-Display
Display
X-Browser-Type
X-Cnection
X-Element-Page-Cache
X-Abt-Application-Version
X-Exp-Variant
X-Kinja-Build
X-GoogleNews-Bot
X-Cdn-Fetch
X-Exp-Id
X-Kinja
X-Kinja-Server
X-Kinja-Revision
Nginx-Cache
X-ESI
X-Powered-By-Plesk
X-GitHub-Request-Id
Edge-Control
X-Ser
X-ECACHE
Verso
X-D2id
X-Vcap-Request-Id
X-Ac
X-MS-InvokeApp
X-Client-IP
X-ORACLE-DMS-RID
X-B3-TraceId
X-Dw-Request-Base-Id
X-ARC
X-Middleton-Response
Response
X-Amz-Rid
X-CST
X-Oneagent-Js-Injection
X-Powered-CMS
X-Goog-Hash
X-Wormhole-Sdk
X-Navigation-Version
X-Server-ID
X-Kinsta-Cache
X-Ratelimit-Limit
X-Edge-Location-Klb
X-Upstream
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Kraken-Loop-Name
X-Instrumentation
X-PDP-UNCACHING-HASH
X-Server-Lifecycle-Phase
Accept-Ch-Lifetime
X-Forwarded-For
X-Ratelimit-Remaining
X-Amzn-Trace-Id
X-Daa-Tunnel
RTSS
X-Cache-Key
SPRequestDuration
SPIisLatency
X-NF-Request-ID
X-Mod-Pagespeed
AR-SID
AR-PoweredBy
AR-ATIME
AR-Request-ID
Edge-Cache-Tag
X-Ttl
Cache-Status
X-ORACLE-DMS-ECID
Public-Key-Pins
X-FastCGI-Cache
X-Ruxit-Js-Agent
X-Version
X-Ezoic-Cdn
X-Content-Digest
X-Mg-S
SPRequestGuid
X-SharePointHealthScore
S
Realpath
X-Fastly-Request-ID
Cross-Origin-Resource-Policy
X-Shield-Request-Id
X-T
X-MSEdge-Ref
AR-CACHE
Fastcgi-Cache
X-Recruiting
X-Cached
X-Ua-Device
X-Accel-Expires
Front-End-Https
X-Kong-Upstream-Latency
X-Distributor
X-Kong-Proxy-Latency
Origin-Trial
Access-Control-Request-Method
X-Azure-Ref
X-Varnish-TTL
TP-Cache
X-Newrelic-App-Data
Arr-Disable-Session-Affinity
X-Request-Processing-Time
X-Request-Received
X-Ua-Browser
X-Id
Count-Hit
X-HS-Cache-Config
X-HS-Content-Id
X-HS-Hub-Id
X-Debug
Pinterest-Version
X-Pinterest-Rid
Pinterest-Generated-By
Server-Node
X-LLID
MicrosoftSharePointTeamServices
X-Content-Security-Policy-Report-Only
Cache-Tags
X-Ismobilevalue
X-TTL
X-Cluster-Name
X-PressLabs-Stats
X-VARITI-CCR
X-Frontend
X-Correlation-Id
X-Aspnetmvc-Version
X-HS-Combine-CSS
X-Xrds-Location
X-Hits
Accept-Ch
X-GUploader-UploadID
X-Varnish-Backend
X-Amz-Replication-Status
Payment
X-NGENIX-Cache
X-Protected-By
X-Goog-Metageneration
X-Request-Handler-Origin-Region
X-Microsite
X-LB-Cache
X-Unique-Id
X-Nf-Request-Id
Cleartype
X-FB-Debug
X-Varnish-Server
X-Git-Hash
X-Forwarded-Proto
X-Www-Served-By
X-Az
X-FTR-Request-ID
X-Logged-In
X-Activity-Id
X-AppVersion
Content-Disposition
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Ratelimit-Reset
Host
Akamai-GRN
X-Page-Id
Filterid
X-Hostname
X-Fastcgi-Cache
X-DIS-Request-ID
X-Cambria-Cache-Control
X-HP-Webp
X-HP-Trace-Id
X-Jurisdiction
X-Amzn-RequestId
X-App-Server
X-Amz-Apigw-Id
X-Varnish-Ttl
X-Template
X-Geo-Country
MRF-Tech
Mrf-Cache-Status
X-B3-TraceId-Primal
X-Aspnet-Version
Frame-Options
Access-Control-Allow-Method
X-ASPNET-VERSION
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Origin-Server
X-Goog-Generation
Amp-Access-Control-Allow-Source-Origin
X-Upgrade-Enabled
X-Type
MS-Author-Via
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
Version
X-Load-Cache
Fastly-SIE
Viewport
X-Ah-Environment
Fastly-SWR
Retry-After
X-Content-Options
Section-Io-Cache
Accept-Charset
X-TT
X-Cache-Control
X-Fb-Rlafr
X-TEC-API-ROOT
X-TEC-API-VERSION
X-B
X-TEC-API-ORIGIN
X-B3-Sampled
Content-MD5
X-Grace
X-Rid
Trailer
X-Envoy-Decorator-Operation
X-Source
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Cache-Age
X-Vcl-Version
X-Device-Type
X-Request-Guid
X-Cdn
X-Trace-Id
X-Revision
Server-Name
X-TraceId
X-Language
X-Magnolia-Registration
Healthy
X-Buckets
X-Webkit-CSP
X-Px
X-Mobile
X-Tec-Api-Origin
X-Tec-Api-Root
X-Tec-Api-Version
TCN
X-WP-CF-Super-Cache-Active
X-CSRF-Token
X-Backend-Name
X-HS-Prerendered
X-Origin-Cache
X-Akamai-Edgescape
X-Contextid
X-EdgeConnect-Cache-Status
X-Amz-Meta-S3cmd-Attrs
X-Status
X-App-Environment
X-RM-Cache-TTL
X-Varnish-Grace
X-Tumblr-Pixel
X-L-Path
X-NYM-Debug-Backend
X-Instance
X-Rule
X-Environment-Context
X-Debug-Info
X-ProcessESI
X-Tumblr-User
X-RemovedCookies
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
X-Node-Name
X-Framework
X-Region
X-Proxy-Cache-Info
X-Mg-Request-UUID
X-ServerID
X-Storage
X-Proxy
X-Edge-Location
X-FW-Dynamic
Access-Control-Request-Headers
Cross-Origin-Window-Policy
X-UUID
SD-X-WS
NGB
GEO-INFO
X-Cache-Time
X-FW-Hash
X-FW-Server
X-FW-Type
X-FW-Version
X-FW-Serve
X-FW-Static
MS-CV
X-RTag
X-Cacheable-TTL
X-Content-Powered-By
X-Adobe-Loc
X-Adobe-Content
Protected
X-Datadog-Sampled
Ms-Operation-Id
X-Is-Bot
X-Datadog-Parent-Id
X-Debug-IsConnected
X-Datadog-Trace-Id
X-Datadog-Sampling-Priority
X-Rendered-As
X-Debug-IsPreview
X-G
X-Yottaa-Metrics
X-Yottaa-Optimizations
Charset
Upgrade-Insecure-Requests
X-HTML-Minification-Powered-By
X-RateLimit-Remaining
X-Whom
DC
Cross-Origin-Embedder-Policy-Report-Only
X-Response-Served-From
Countrycode
X-Original-Request-Id
Webserver
Refresh
Paypal-Debug-Id
OT-Force-Account-Verify
X-Seen-By
X-User-Agent
X-Lambda-Id
Section-Io-Id
Front
X-VC
X-Reqid
X-ECache
X-TT-LOGID
X-VHOST
X-Amzn-Remapped-Content-Length
Alternate-Protocol
SRV
X-IPS-LoggedIn
X-WebKit-CSP-Report-Only
X-Server-W
X-B3-Traceid
X-Akamai-Request-ID2
Priority
X-AB
X-Hcs-Proxy-Type
X-CCDN-Origin-Time
X-CCDN-CacheTTL
Country
X-WP-CF-Super-Cache-Cookies-Bypass
X-Cache-Status-Check
X-B3-SpanId
X-Nginx-Cache
X-N
Backend
X-Time
Liferay-Portal
X-Real-IP
X-Mode
Onion-Location
Fastcgi-Useragent
Filters
TWC-GeoIP-LatLong
Environment
TWC-Privacy
Webcakes-App-Name
Webcakes-App-Version
Xet-Cookie
Webcakes-Region
TWC-Locale-Group
TWC-GeoIP-Country
X-UPSTREAM-Address
Property-Id
ServerID
TWC-Connection-Speed
TWC-Device-Class
Meta-Geo
X-FB-TRIP-ID
X-SaId
X-Origin-Hint
X-Tumblr-Pixel-2
X-Format
X-Rewrite-Enabled
X-Rn-Rsrv
X-JoinUs
X-Cache-Host
X-Varnish-Age
From-Origin
X-Restarts
X-VC-Cache
X-Say-Cacheable
Mn-Server-Ip
X-Rocket-Nginx-Serving-Static
X-Skip-Cache
X-Tb
Uber-Trace-Id
X-Origin-Date
X-SayCDN-TTL
Web-Mar-Node
X-Say-TTL
X-IPLB-Request-ID
X-Scope-Id
X-Fetched-On
Expiry
X-Connection-Hash
X-Cluster-Node
X-Cache-Action
X-Cache-Expired-At
X-Frame-Option
DB-Nickname
X-R9-Blue-Green-Version
X-IPLB-Instance
X-Hosted-By
X-Accel-Version
X-Redis-Cache
X-Hl-Ver
X-PHP-Host
X-Labrador-Cache-Channel
X-Request-URI
X-Loop
Apigw-Requestid
X-ProxyCache-Status
Atl-Traceid
X-ProxyCache-Key
X-Origin-TTL
X-Director
X-Fastly-Request-Id
X-Varnish-Cache-Hits
X-Tncms
X-Varnish-Beresp-Grace
X-Handled-By
X-Httpd
X-Logging-Id
X-Forwarded-Host
X-Vcache
X-Soup
X-Webstats-RespID
X-Origin-CC
X-Cms-Context
X-BYPASS-REASON
X-Web-Node
X-Proxy-Build
X-Cluster
X-Auth-Group-Type
X-Timing-Wait
X-Servername
Url
ServedBy
X-Served-From
X-Adobe-Source
Selected-Fe
X-Detected-As
Accept-Language
X-Cloudmap
Cross-Origin-Embedder-Policy
X-Extlb
X-Proxied
X-Zipkin-Id
X-S
X-Routing-Service
X-DynaTrace
X-Origin
X-Hit
X-Ms-Request-Id
Referer-Policy
X-Ms-Version
WPO-Cache-Message
WPO-Cache-Status
X-DataDome
X-Tumblr-Pixel-3
N-Cache
X-Generated-By
X-SRV
X-XRDS-Location
Cross-Origin-Opener-Policy-Report-Only
X-LSADC-Cache
Xserver
VIX-Pulpo-Upstream-Status
X-Azure-Ref-OriginShield
X-Lagoon
VIX-Pulpo-Node
Surrogated-Key
X-Wix-Request-Id
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Worker
X-Xfnlog-Site
X-Webkit-Csp
X-App-Version
Ohc-File-Size
X-Sucuri-Cache
Source
X-Generation-Time
LB
X-NWS-UUID-VERIFY
X-FTR-Cache-Status
CF-IPCountry
X-Country-Code-Real
X-FTR-Backend
X-FTR-Backend-Server
X-FTR-Expires
X-FTR-Balancer
X-HS-CF-Cache-Status
X-RCS-CacheZone
X-Drupal-Cache-Contexts
X-Cache-Debug
X-Drupal-Cache-Tags
X-Cdn-Origin
X-VCT
X-F-Cache
Node
CDN-RequestId
X-Cache-Hit
X-MP-GENERATED-AT
X-Sucuri-ID
X-Via-JSL
X-Is-Desktop
X-Is-Tablet
X-Proxy-Cache-Status
X-Geo-Region
X-Is-Supported-Browser
X-Is-Mobile
X-NODE
X-Browser-Name
X-Tcp-Rtt
X-Urbn-Site-Id
X-No-Session
X-Varnish-Beresp-Ttl
X-Tx-Id
X-TA-CDN-Provider
Locale
X-Urbn-Context-Path
X-Signature
X-B-Cache
X-Upstream-Ht
X-Mly-Id
X-Cache-Rule
X-Upstream-Ct
X-UA
Cache
X-ElasticPress-Query
X-Cache-Operation
Origin
X-INCAP-ABP
Ngx.Var.Host
Meta-Geo-Continent
Mail-Subject
MD5-Digest
Odigeo-Trace-Id
Lang
L5d-Success-Class
Ha-Gx-Prefs
Apple-News-Services-Request-Url
Xc-Version
DCR-Processing-Time-Ms
DCR-Decision-By
Content-Secure-Policy
Cache-Provider
BehaviorPad-Version
Cluster
Expect-Staple
Fastly-Backend-Name
Candidate-Md5Url
HA-Ipaddr
Apple-News-Services-Handled
Fl-Custom-Application
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Fastly-GeoIP-CountryCode
Host-ID
X-A
X-Eu-Site
X-Ec-GeoHdr
X-FC-Vary-Parameters
X-Gdpr
X-Rojux
X-GeoCode
X-Ec-Fail
X-DPWN-IS-SECURE
X-Debug-Cache-Fetch
X-TIM-N
X-Debug-Cache-Store
X-Section
X-ScT
X-Developer
X-GeoCountry
X-HN
X-Path
X-Origin-Time
X-PAYTM-SRV-ID
X-Platform-Server
X-Proxied-Request
X-Proto
X-Org
X-ORCA-Accelerator
X-Ig-Push-State
X-Ig-Origin-Region
X-Jobs
X-Mvc-Supplant-Cachable
X-Op-Id-All
X-Nyt-Route
X-D
X-Csrf-Jwt
Wxu-Next-Hostname
Wxu-Next-Commit
Wxu-Next-Region
X-Vdms-Version
X-A-Dcw
X-A-Dam
We-Hiring
X-Vtex-Remote-Cache
Redirect-Candidate
Producers
Rendered-Blocks
Sslversion
W
User-Agent
X-A-Dgt
X-A-Wwc
X-Cache-Info
X-Bug-Bounty
X-Cache-NE
X-CGP
X-VarnishDD-TTL
X-Conf
X-BCube-Filmed-By
X-Bc-Bl
X-Access
X-AB-Test
X-Aed
X-Aicache-OS
X-Backend-Instance
X-App-Name
PFcat
X-A-Ccd
X-Sorting-Hat-PodId
X-ShopId
X-ShardId
X-Sorting-Hat-ShopId
X-Shopify-Stage
X-Alternate-Cache-Key
X-Storefront-Renderer-Rendered
X-CDN-Forward
Mime-Version
X-Policy
X-Powered-By-VTEX-Cache
Web-Mar-Region
X-Resp-Is-Stale
V-Age
X-Platform
X-Req
X-Origin-Expires
X-Node-Id
X-NMSegId
X-AK-Request-ID
X-NodeID
X-Request-Time
X-Service
X-Accel-Expires-Debug
X-Litespeed-Tag
Thinkindot-CacheControl
X-Slack-Shared-Secret-Outcome
Req-Svc-Chain
RNT-Machine
Product
Platform
NM-Fastcgi-Cache
Origin-Agent-Cluster
RNT-Time
X-Esi-Check
X-Akamai-Device-Characteristics
Thinkindot-CacheControl-Type
X-Scheme
TDXMobile
X-SD-PageType
Server-Host
X-Shield-Cache-Expires
X-SB
X-Amz-Storage-Class
X-GeoIP-Region-Code
X-DefElseHash
X-DefHash
X-Depends
X-Date
X-GoCache-CacheStatus
X-Core-Value
X-Hash
X-Gzip
X-GeoIP-Country-Code
X-Dispatcher-Server
X-Fmm-Version
X-Fastly-Backend
X-Epic-Correlation-Id
X-Gamma-Serve
X-Edge-Server
X-GeoIP-City
X-GeoIP
X-Generated-On
X-Content-Length
X-Contensis-Viewer-Groups
X-Location
X-BBC-Edge-Cache-Status
X-Locale
X-Loc
X-B3-Trace-ID
X-Auto-Login
X-Thinkindot-L3
X-Mvc-Supplant-OutputCached
X-Micro-Cache
X-Level-Front-Cache
X-Cache-Aspx
X-Cdn-Srv
X-Clientip
X-HS-Content-Campaign-Id
X-CacheTTL
X-Cached-By
X-Cache-Grace
X-Cache-Id
X-Irp-Debug
X-Amz-Meta-Cb-Modifiedtime
X-Slack-Backend
X-Wikidot-Static-Cache
Canary
X-Wikidot-Backend
X-We-Are-Hiring
Esi-Enabled
CDCHOST
Content-Script-Type
Fastly-SSL
X-Varnishpool
X-Via-Fastly
Debug
X-VTEX-Cache-Time
X-Vmg-Version
Azure-SiteName
Azure-SlotName
Azure-Version
Azure-RegionName
Azure-InstanceId
X-VTEX-Cache-Server
X-VServer
Content-Style-Type
X-Viewer-Country
Gannett-Cam-Experience-Id
X-Varnish-Remaining-TTL
X-VG-WebCache
X-Geolocation
Cdn-Request-Time
X-Varnish-CookieHashed-On
X-Varnish-Authentication
Cdn-Host
Cdncip
Cdnsip
X-Var-Ttl
X-Bl-Debug
X-Varnish-CookieINHashed-On
X-V-Cache
X-Varnish-Director
L
Gh-Request-Id
X-Via-CDN
X-Via-Edge
Edge-Copy-Time
X-Pad
Akamai-Mon-Iucid-Del
X-Via-SSL
CDN-RequestCountryCode
CDN-EdgeStorageId
CDN-CachedAt
CDN-Cache
X-Men
CDN-PullZone
X-Human
X-B-Cookie
X-Application
X-Cache-Date
X-Ec-Custom-Error
X-Destination
X-S-Cookie
X-External-Request-Id
X-Gen-Mode
Yak-Timeinfo
X-CUA
X-IsAdmin
X-Cache-FS-Status
X-Block-Status
X-Internal-TTL
X-Origin-Response-Time
X-Hnp-Log
XM
X-Content-Age
X-Bip
X-Acquia-Purge-Cdn-Unconfigured
Tube-Got-Eval
Tube-Get-Contents
X-VG-TLSProxy
X-Sn-Servicetimems
Tube-Got-Results
User-Cache-Control
X-Request-Start
Tube-Return
Pramga
Release
X-UA-Device-Type
X-SIPLIST1
ServerName
X-Site-Version
DSUID
Country-Code
Req-ID
X-Server-IP
X-Request-Host
Click-Count-Action-Start
NGX
X-SVT-ORM-RULES
X-Thanos
X-Pool
CDN-Uid
CDN-RequestPullCode
CDN-RequestPullSuccess
X-Tb-Optimization-Total-Bytes-Saved
Origin-CC
Origin-EX
X-Varnish-Beresp-Status
X-SVT-ORM-VERSION
X-Pubstack
Click-Count-Error
IsBot
X-URL
X-Varnish-Hits
X-GEO
X-NGINX-Cache
X-HOST
X-LB-NoCache
X-RID
Ssr
AMP-Access-Control-Allow-Source-Origin
Cache-Key
X-Zen-Fury
X-Proxy-CacheRZ
X-User
X-CACHE-GROUP
X-Cache-Bucket
XkeyRZ
A
X-CLOUD-TRACE-CONTEXT
Sid
X-Cs
X-VC-TTL
Fastly-Drupal-HTML
Ohc-Cache-HIT
X-Cdn-Forward
X-HITS
X-AIR-PT
CloudFront-Viewer-Country
GeoIP-Latitude
X-RequestId
X-Servedbyhost
X-Refresh
X-ZONE
X-Newrelic-Synthetics
X-Api-Version
Cdn-Requestid
X-Nananana
X-DC
X-Dc
X-APP
TP-L2-Cache
X-Optimistic-Header
X-Tt-Logid
X-HA-Backend
X-B3-Spanid
C-Via
X-Webkit-Csp-Report-Only
X-Via-Poph
X-Nc
X-TH-Server
X-Via-Popn
X-Via-Popv
X-Wa
X-Vgn-Hpd-Reason
Server-ID
X-B3-Parentspanid
X-LB-ID
X-RateLimit-Limit
Proxy-Firewall
X-Endurance-Cache-Level
HostName
True-Client-Country-4JS
X-Moov-Xdn-Version
X-Old-Content-Length
X-Moov-Xdn-Caching-Status
X-Moov-T
X-DynaTrace-JS-Agent
Fastly-Drupal-Html
X-Presslabs-Stats
Cdn
X-LiteSpeed-Tag
X-LiteSpeed-Cache-Control
Sever-Int
X-Air-Pt
X-HubSpot-Correlation-Id
X-COUNTRY
X-Zone
Server-Hostname
X-Oracle-Dms-Ecid
Server-Ext
X-Test
X-CS
X-API-Version
X-Parent-Response-Time
WP-Super-Cache
Is-Eu
Adler-Geo
SID
X-Datadome
X-LJ-Flow-ID
X-CACHE-AGE
X-VWS-Id
X-AWS-Id
X-Srv
X-Fpc
X-Dispatcher-Number
GeoIp-Country-Code
X-Nginx-Cache-Key
X-DataCenter
WZWS-RAY
X-Action
X-Provided-By
X-Vercel-Cache
X-Vercel-Id
N1-Cache
X-Thinkindot-L1
X-NewRelic-App-Data
Location
X-Cache-VC
X-Litespeed-Cache-Control
T-Server
True-Client-Ip
X-Geo-Header
Uri
X-Custom-Header
X-Pass-Why
X-XRDS-LOCATION
SEZNAM-JOBS-OFFER
S-Rt
True-Client-IP
X-ND-Cache
X-Ua
Cache-Hits
TWC-GeoIP-City
TWC-GeoIP-DMA
TWC-GeoIP-Region
Vc-Max-Age
Cache-Tv-Group
GeoIP-Country-Code
X-Datacenter
X-CMSURLCustom
X-ApacheServer
Resin-Trace
X-Cache-Server
X-PERF
X-SERVER-NAME
X-Render-Time
Serverhost
Tcn
X-Stale
X-WA-Info
Pics-Label
Sm-Log-Id
X-Varnish-Beresp-TTL
X-Service-Response-Time
X-TX-ID
X-Client-Ip
X-Uri
Powered-By
X-Nitro-Cache
X-FPC
X-Srcache-Store-Status
X-Ssense-Shipping-Surcharge-Enabled
X-Correlation-ID
X-Ssense-Gql
X-Dynatrace-Js-Agent
X-Srcache-Fetch-Status
RewriteTeamHook
Vix-Hermes-Req-Id
Log-Origin
X-Jungle-Id
X-Ion-Hop
RewriteTestHook
X-Ion-Healthy
Cache-Contol
Srv
Lb
X-Oracle-Dms-Rid
X-APP-VERSION
Av-Poweredby
Hostname
Cmsid
My-App
Cmstype
X-Ckpd-Fst-Backend
X-Cdn-Cache-Status
X-Fastly-Cache
X-Cache-TTL-Remaining
X-Fastly-Cache-Status
X-Debug-Service
X-From
X-Air-Trace-Id
X-Up
On-Server
X-Air-Source
X-Udemy-Cache-App-Namespace
Server-Id
Thinkindot-Control
X-Air-Hostname
X-Akamai-Pragma-Client-IP
X-Vc
ServerHost
X-Lb-Id
Cf-Ipcountry
X-WA
X-NC
CacheControlHeader
X-Cache-Ttl
X-Via-PopH
X-Ee-Request-Date
X-Ee-Request-Id
X-Via-PopN
X-Ha-Backend
X-Oracle-DMS-ECID
X-Proxy-Cache-La3
Geoip-Latitude
X-Ee-Origin
X-Fastly-Backend-Reqs
X-App
X-PHP-Backend
AKAMAI
Time-Cloud-Cache
Xkeylog
X-Save-Cache
Xkey-La3
X-Vary-Devices
X-Cms-Device
X-Ee-Generated-By
X-Github-Request-Id
Store-Cloud-Cache
X-Amz-Meta-Opti
X-Via-PopV
X-Esi
X-VTEX-Cache-Backend-Connect-Time
X-VCL-Version
X-VTEX-Cache-Backend-Header-Time
X-LAGOON
X-Info
Magicmarker
Cloudfront-Viewer-Country
X-Traceid
X-Requestid
WWW-Authenticate
X-IAuth-Set-Uid
NtCoent-Length
WebServer
Cl-Cache
X-ServedByHost
CountryCode
Origin-Site
X-HS-Status
Warning
X-Dw-Trace-Id
X-MSEdge-Flight
X-MSEdge-Features
X-Serial
X-Check-Cacheable
X-Limited
X-Sucuri-Id
X-Geo
X-Html-Minification-Powered-By
X-Acquia-Application-Trace
Reporter
X-Wp-Cf-Super-Cache
X-CDN-Cache-Status
X-Acquia-Site
X-Acquia-Purge-Tags
X-Lb-Nocache
X-Acquia-Application-UUID
X-SRCache-Key
X-Pod
X-Akamai-Transformed
FSS-Cache
X-Wp-Cf-Super-Cache-Cache-Control
X-Varnish-Hostname
Epwk-X-Cache
X-Td-Header-From-No-Data
X-Mg-Cache
Edge-Cache
X-MG-Cache
X-Lsadc-Cache
X-Rollout
Thinkindot-Cache-Type
X-Web-Server
CF-Cached-On
X-Platform-Processor
Cneonction
X-Tncms-Bot-Tier
X-Ms-Lease-Status
X-Eligible
Timeexpire
X-Akamai-ERRuleID
X-Akamai-ERPolicy
X-Ms-Blob-Type
X-Ramcache
X-Platform-Cluster
X-Elasticpress-Query
X-Platform-Router
X-New
X-Orig-Cache-Control
CDN
X-BBC-Origin-Response-Status