Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
X-Frame-Options
Expires
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
CF-Cache-Status
Cf-Request-Id
ETag
Accept-Ranges
Expect-CT
CF-RAY
Pragma
X-Powered-By
X-Cache
Via
Age
X-XSS-Protection
Content-Security-Policy
Alt-Svc
Report-To
NEL
Referrer-Policy
X-Xss-Protection
Access-Control-Allow-Origin
Content-Language
Accept-CH
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
X-Served-By
P3P
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Request-Id
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
CF-Ray
Content-Security-Policy-Report-Only
X-Runtime
X-DNS-Prefetch-Control
X-AspNet-Version
P3p
X-Drupal-Cache
Server-Timing
X-Generator
X-Cache-Status
X-Cacheable
X-Envoy-Upstream-Service-Time
X-FRAME-OPTIONS
Timing-Allow-Origin
Permissions-Policy
X-Iinfo
X-Drupal-Dynamic-Cache
X-Request-ID
X-Ua-Compatible
Feature-Policy
X-Content-Security-Policy
Access-Control-Expose-Headers
Upgrade
Accept-CH-Lifetime
Content-Encoding
Status
X-CDN
Access-Control-Max-Age
X-AspNetMvc-Version
Host-Header
Cf-Edge-Cache
X-Robots-Tag
Request-Context
X-Amz-Request-Id
X-Backend
X-UA-Device
X-Amz-Id-2
X-Hacker
Cf-Apo-Via
X-Cache-Group
X-Age
X-Vhost
X-Turbo-Charged-By
X-Proxy-Cache
EagleId
Keep-Alive
X-Rq
X-Via
X-Dispatcher
X-Server
X-Amz-Version-Id
X-AH-Environment
X-Ws-Request-Id
X-Litespeed-Cache
X-Varnish-Cache
Xkey
X-WebKit-CSP
Grace
X-Server-Powered-By
X-Swift-SaveTime
X-Swift-CacheTime
X-Check
X-Pingback
Ali-Swift-Global-Savetime
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-OneAgent-JS-Injection
Allow
X-Dns-Prefetch-Control
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Page-Speed
X-Cache-Lookup
X-Cloud-Trace-Context
X-Device
X-Akam-SW-Version
X-Backend-Server
X-Host
Surrogate-Control
EagleEye-TraceId
X-Response-Time
X-Readtime
Cf-Railgun
X-Node
X-HW
Request-Id
X-Ruxit-JS-Agent
X-Server-Id
X-Country
X-Country-Code
Content-Location
X-Nginx-Cache-Status
X-Url
Cache-Tag
X-Content-Type
X-LiteSpeed-Cache
X-Nginx-Upstream-Cache-Status
Service-Worker-Allowed
Fastly-Restarts
X-Trace
X-Clacks-Overhead
Cross-Origin-Opener-Policy
X-Rack-Cache
X-Application-Context
X-Amz-Server-Side-Encryption
X-Times
X-NWS-LOG-UUID
X-PC
X-TtlSet
X-Vname
Surrogate-Key
X-Edge
X-Mcache
Rating
X-Midtier
X-Cache-TTL
X-Middleton-Display
X-Sol
Pagespeed
Display
X-Server-Name
X-Oneagent-Js-Injection
X-Cnection
X-Powered-By-Plesk
X-Element-Page-Cache
X-Abt-Application-Version
X-Browser-Type
X-Kinja-Server
X-Exp-Variant
X-Cdn-Fetch
X-GoogleNews-Bot
X-Exp-Id
X-Kinja-Revision
X-Kinja-Build
X-Kinja
X-GitHub-Request-Id
X-ESI
Nginx-Cache
Edge-Control
X-Vcap-Request-Id
X-ECACHE
X-D2id
X-Ac
Verso
X-Ruxit-Js-Agent
X-ORACLE-DMS-RID
X-MS-InvokeApp
X-Server-ID
X-Ser
X-Ratelimit-Limit
X-Client-IP
X-Amz-Rid
X-Wormhole-Sdk
Response
X-Middleton-Response
X-Ratelimit-Remaining
X-CST
X-Goog-Hash
X-ARC
X-Powered-CMS
X-B3-TraceId
X-Navigation-Version
X-Dw-Request-Base-Id
X-Edge-Location-Klb
X-Kinsta-Cache
X-Instrumentation
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-PDP-UNCACHING-HASH
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
X-Upstream
X-Amzn-Trace-Id
X-FTR-Request-ID
X-Forwarded-For
X-FastCGI-Cache
SPRequestDuration
SPIisLatency
Origin-Trial
X-Cache-Key
X-Mod-Pagespeed
RTSS
Edge-Cache-Tag
X-Content-Digest
AR-Request-ID
Public-Key-Pins
AR-PoweredBy
AR-ATIME
AR-SID
Cache-Status
X-Ezoic-Cdn
X-Daa-Tunnel
X-NF-Request-ID
X-Version
X-Ttl
SPRequestGuid
X-SharePointHealthScore
X-Mg-S
X-Fastly-Request-ID
Realpath
Pinterest-Generated-By
X-Pinterest-Rid
Pinterest-Version
X-ORACLE-DMS-ECID
X-T
X-MSEdge-Ref
X-Shield-Request-Id
S
X-Recruiting
Front-End-Https
Fastcgi-Cache
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Accel-Expires
Cross-Origin-Resource-Policy
X-Distributor
X-Cached
AR-CACHE
X-Xrds-Location
X-Azure-Ref
Arr-Disable-Session-Affinity
Access-Control-Request-Method
X-TTL
X-Varnish-TTL
X-Request-Processing-Time
X-Request-Received
Count-Hit
X-HS-Hub-Id
X-Correlation-Id
X-HS-Content-Id
X-HS-Cache-Config
TP-Cache
X-Ua-Browser
X-Id
X-Debug
Cache-Tags
X-Ismobilevalue
X-Cluster-Name
X-LLID
Server-Node
X-Nf-Request-Id
X-NGENIX-Cache
Akamai-GRN
MicrosoftSharePointTeamServices
X-Content-Security-Policy-Report-Only
X-Aspnetmvc-Version
X-GUploader-UploadID
X-TraceId
X-Frontend
X-Newrelic-App-Data
X-Varnish-Backend
X-VARITI-CCR
Accept-Ch
X-HS-Combine-CSS
X-Protected-By
X-Amz-Replication-Status
X-Goog-Metageneration
X-Hits
X-PressLabs-Stats
X-Request-Handler-Origin-Region
X-Microsite
X-Page-Id
X-Unique-Id
Payment
X-LB-Cache
X-Ratelimit-Reset
X-Git-Hash
Cleartype
X-DIS-Request-ID
X-FB-Debug
X-Varnish-Server
X-Logged-In
X-Tt-Trace-Tag
Content-Disposition
X-Tt-Trace-Host
X-Hostname
X-Www-Served-By
X-Az
X-AppVersion
X-Activity-Id
X-Cambria-Cache-Control
X-Jurisdiction
X-HP-Trace-Id
X-HP-Webp
Host
X-Template
X-Amz-Apigw-Id
X-Amzn-RequestId
Filterid
Amp-Access-Control-Allow-Source-Origin
X-Forwarded-Proto
X-App-Server
X-Geo-Country
X-Varnish-Ttl
X-Fastcgi-Cache
X-Aspnet-Version
Version
X-ASPNET-VERSION
X-Load-Cache
Frame-Options
Trailer
Accept-Charset
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Generation
Mrf-Cache-Status
MRF-Tech
X-B3-TraceId-Primal
X-Envoy-Decorator-Operation
X-Type
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
Access-Control-Allow-Method
X-Ah-Environment
X-Source
Fastly-SIE
Fastly-SWR
Section-Io-Cache
Viewport
X-Upgrade-Enabled
X-Content-Options
X-Fb-Rlafr
X-Origin-Server
X-HS-Prerendered
X-TT
X-B
X-B3-Sampled
X-Grace
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
Server-Name
X-Cache-Control
X-Cache-Age
X-Device-Type
X-Language
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Rid
Retry-After
X-Buckets
MS-Author-Via
X-Cdn
Content-MD5
X-Px
X-Magnolia-Registration
X-Request-Guid
X-Mobile
X-Vcl-Version
X-FTR-Expires
X-FTR-Cache-Status
X-EdgeConnect-Cache-Status
X-FTR-Backend-Server
X-FTR-Backend
X-Country-Code-Real
X-FTR-Balancer
X-Trace-Id
TCN
X-Revision
X-Akamai-Edgescape
X-Varnish-Grace
Accept-Ch-Lifetime
X-Tec-Api-Origin
X-Tec-Api-Root
X-Tec-Api-Version
Protected
Healthy
X-WP-CF-Super-Cache-Active
X-Backend-Name
Charset
Cross-Origin-Embedder-Policy-Report-Only
Upgrade-Insecure-Requests
SD-X-WS
X-App-Environment
X-Debug-Info
X-Original-Request-Id
X-Instance
X-RM-Cache-TTL
X-Response-Served-From
X-Proxy
X-Status
X-ProcessESI
X-CSRF-Token
X-Rule
X-ServerID
X-RemovedCookies
X-Tumblr-User
X-Rendered-As
X-Is-Bot
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-NYM-Debug-Backend
X-Tumblr-Pixel-1
X-Cacheable-TTL
X-Cache-Time
X-Storage
Cross-Origin-Window-Policy
X-Adobe-Content
X-Adobe-Loc
X-Framework
X-FW-Serve
X-FW-Version
X-FW-Type
X-Region
X-Mg-Request-UUID
NGB
X-FW-Dynamic
X-FW-Static
X-FW-Server
X-FW-Hash
GEO-INFO
X-Edge-Location
X-Whom
Access-Control-Request-Headers
X-UUID
X-Debug-IsPreview
X-Datadog-Sampling-Priority
X-Content-Powered-By
X-Debug-IsConnected
X-Datadog-Sampled
X-Datadog-Trace-Id
X-Datadog-Parent-Id
X-Node-Name
X-Yottaa-Metrics
X-L-Path
Ms-Operation-Id
MS-CV
X-Yottaa-Optimizations
X-Proxy-Cache-Info
X-RTag
X-G
Refresh
X-Environment-Context
OT-Force-Account-Verify
X-Lambda-Id
X-Contextid
Section-Io-Id
Webserver
X-B3-Traceid
X-Amzn-Remapped-Content-Length
X-Reqid
X-Amz-Meta-S3cmd-Attrs
DC
X-Resp-Is-Stale
X-User-Agent
Countrycode
Paypal-Debug-Id
X-Hcs-Proxy-Type
X-Origin-Cache
X-CCDN-Origin-Time
X-CCDN-CacheTTL
X-Server-W
X-HTML-Minification-Powered-By
X-TT-LOGID
X-ECache
Front
Alternate-Protocol
SRV
X-WebKit-CSP-Report-Only
Priority
X-Seen-By
X-Time
X-VC
X-B3-SpanId
X-Real-IP
Cross-Origin-Opener-Policy-Report-Only
X-DataDome
WPO-Cache-Message
X-WP-CF-Super-Cache-Cookies-Bypass
WPO-Cache-Status
Xet-Cookie
X-HS-CF-Cache-Status
Liferay-Portal
X-Origin-CC
X-Rocket-Nginx-Serving-Static
X-Origin-TTL
Ohc-File-Size
X-IPS-LoggedIn
X-Hl-Ver
Backend
X-Mode
X-Akamai-Request-ID2
Onion-Location
X-AB
TWC-Locale-Group
X-Origin-Hint
X-Format
X-Cache-Host
Webcakes-Region
X-Cache-Action
TWC-Privacy
X-JoinUs
TWC-GeoIP-LatLong
X-FB-TRIP-ID
Webcakes-App-Name
Web-Mar-Node
Webcakes-App-Version
TWC-GeoIP-Country
TWC-Device-Class
Meta-Geo
X-UPSTREAM-Address
TWC-Connection-Speed
ServerID
Property-Id
X-DynaTrace
X-Tumblr-Pixel-2
X-SayCDN-TTL
Fastcgi-Useragent
X-Rewrite-Enabled
X-Rn-Rsrv
X-SaId
X-Say-TTL
X-Say-Cacheable
X-Redis-Cache
Filters
Environment
Country
X-Cache-Status-Check
X-N
X-RateLimit-Remaining
X-Detected-As
X-Director
X-Fetched-On
X-Handled-By
X-IPLB-Instance
X-Hosted-By
X-Connection-Hash
X-Accel-Version
From-Origin
Expiry
DB-Nickname
Mn-Server-Ip
Uber-Trace-Id
X-Cache-Expired-At
X-IPLB-Request-ID
X-Cluster-Node
X-Ms-Request-Id
X-Tncms
X-Soup
X-Skip-Cache
X-Varnish-Age
X-VC-Cache
X-Tumblr-Pixel-3
X-Vcache
X-Scope-Id
X-Restarts
X-Nginx-Cache
X-Loop
X-Ms-Version
X-Origin-Date
X-R9-Blue-Green-Version
X-PHP-Host
X-Labrador-Cache-Channel
X-Cms-Context
X-Servername
X-Varnish-Cache-Hits
X-Forwarded-Host
X-Frame-Option
X-BYPASS-REASON
X-Webstats-RespID
X-Varnish-Beresp-Grace
Url
X-Adobe-Source
X-Web-Node
X-Tb
Apigw-Requestid
X-ProxyCache-Status
X-ProxyCache-Key
X-Served-From
X-Cluster
Atl-Traceid
X-Auth-Group-Type
X-Httpd
ServedBy
X-Logging-Id
X-S
X-Extlb
X-Zipkin-Id
X-Proxied
X-Routing-Service
X-Cloudmap
Cross-Origin-Embedder-Policy
X-Hit
X-Timing-Wait
X-Proxy-Build
X-Azure-Ref-OriginShield
Selected-Fe
X-LSADC-Cache
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Origin
X-Worker
Accept-Language
X-SRV
Surrogated-Key
X-Request-URI
LB
Referer-Policy
X-Lagoon
N-Cache
X-Cache-Hit
X-Sucuri-Cache
X-CDN-Forward
X-Generated-By
X-Generation-Time
X-App-Version
X-Drupal-Cache-Tags
X-Fastly-Request-Id
X-Drupal-Cache-Contexts
Xserver
X-Cdn-Origin
X-Sucuri-ID
X-MP-GENERATED-AT
CF-IPCountry
X-Oracle-Dms-Ecid
X-Xfnlog-Site
X-XRDS-Location
X-Tx-Id
X-TA-CDN-Provider
Source
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
CDN-RequestId
X-Wix-Request-Id
X-F-Cache
Node
Ohc-Cache-HIT
X-Mly-Id
X-Cache-Debug
X-Cache-Rule
X-Via-CDN
X-RCS-CacheZone
Cache
Edge-Copy-Time
X-Via-Edge
X-NODE
X-Via-SSL
X-VC-TTL
X-Varnish-Beresp-Ttl
X-NWS-UUID-VERIFY
X-AIR-PT
X-INCAP-ABP
Cache-Provider
X-Site-Version
X-VCT
X-Pad
X-ElasticPress-Query
X-Locale
X-Tcp-Rtt
X-Urbn-Context-Path
X-Urbn-Site-Id
X-Is-Desktop
Locale
X-Browser-Name
X-Geo-Region
X-UA
X-Is-Mobile
X-Is-Supported-Browser
X-Is-Tablet
Ngx.Var.Host
X-A-Dam
Odigeo-Trace-Id
X-Destination
X-A-Ccd
PFcat
Origin
X-A-Dcw
Meta-Geo-Continent
Host-ID
HA-Ipaddr
Ha-Gx-Prefs
X-Developer
L5d-Success-Class
MD5-Digest
Mail-Subject
Lang
Producers
X-Debug-Cache-Store
Wxu-Next-Hostname
X-GeoCode
Wxu-Next-Commit
X-GeoCountry
X-GeoIP-Country-Code
X-A
X-Geolocation
X-GeoIP-Region-Code
Web-Mar-Region
We-Hiring
X-Debug-Cache-Fetch
X-DPWN-IS-SECURE
Rendered-Blocks
X-D
Sslversion
W
X-Conf
X-Csrf-Jwt
Redirect-Candidate
Fastly-SSL
Wxu-Next-Region
Candidate-Md5Url
X-FC-Vary-Parameters
X-Backend-Instance
X-B-Cookie
X-Cache-NE
X-Application
BehaviorPad-Version
X-Cache-Info
X-External-Request-Id
DCR-Decision-By
X-BCube-Filmed-By
X-Bc-Bl
X-Bl-Debug
X-Bug-Bounty
X-Cache-Grace
X-Eu-Site
X-Ec-GeoHdr
Apple-News-Services-Request-Url
X-CGP
Expect-Staple
X-AB-Test
X-Access
X-A-Wwc
Fastly-Backend-Name
Fl-Custom-Application
Cluster
Fastly-GeoIP-CountryCode
X-GEO
X-Ec-Fail
Apple-News-Services-Parsed-Url
X-Aicache-OS
DCR-Processing-Time-Ms
Apple-News-Services-Host
Apple-News-Services-Handled
X-Aed
X-Cache-Operation
X-Gdpr
X-A-Dgt
X-Ig-Origin-Region
X-No-Session
X-Litespeed-Tag
X-PAYTM-SRV-ID
X-Path
X-Vdms-Version
X-Jobs
X-Platform-Server
X-ScT
X-Proto
X-Mvc-Supplant-Cachable
X-SD-PageType
X-Proxied-Request
X-Org
Xc-Version
X-Vtex-Remote-Cache
X-Origin-Time
X-HS-Content-Campaign-Id
X-Nyt-Route
X-Slack-Backend
X-HN
X-Rojux
X-Op-Id-All
X-Slack-Shared-Secret-Outcome
X-VarnishDD-TTL
X-S-Cookie
X-Ig-Push-State
X-Section
X-B-Cache
X-Signature
X-NGINX-Cache
X-Powered-By-VTEX-Cache
X-Dispatcher-Server
X-Akamai-Device-Characteristics
X-Policy
X-Varnish-Remaining-TTL
Origin-Agent-Cluster
X-Platform
X-Varnish-CookieHashed-On
X-Cached-By
X-App-Name
X-Origin-Expires
Platform
L
X-Amz-Meta-Cb-Modifiedtime
Gh-Request-Id
X-Amz-Storage-Class
X-Viewer-Country
NM-Fastcgi-Cache
RNT-Machine
Thinkindot-CacheControl-Type
X-Core-Value
Thinkindot-CacheControl
TDXMobile
X-User
X-Content-Length
X-Content-Age
User-Cache-Control
X-Req
X-TIM-N
X-Zen-Fury
X-SB
X-VTEX-Cache-Time
X-VTEX-Cache-Server
X-DefElseHash
Req-Svc-Chain
X-Vmg-Version
X-DefHash
Product
RNT-Time
Server-Host
X-CUA
X-Scheme
X-VServer
X-Accel-Expires-Debug
X-Date
X-AK-Request-ID
X-NodeID
Azure-Version
Gannett-Cam-Experience-Id
Azure-SlotName
Azure-SiteName
Azure-RegionName
X-Fmm-Version
Canary
X-Fastly-Backend
X-CacheTTL
CDCHOST
X-Micro-Cache
Azure-InstanceId
X-GeoIP
X-Level-Front-Cache
X-Gen-Mode
X-Human
X-Generated-On
X-Cache-Id
X-Loc
X-Varnish-Director
X-Hnp-Log
X-Cache-Date
X-Location
X-Varnish-CookieINHashed-On
X-Block-Status
X-VG-WebCache
Content-Secure-Policy
Content-Style-Type
Content-Script-Type
X-Via-Fastly
X-Mvc-Supplant-OutputCached
X-B3-Trace-ID
X-Auto-Login
X-Request-Time
X-Ec-Custom-Error
X-NMSegId
Debug
X-BBC-Edge-Cache-Status
X-Thinkindot-L3
X-Shield-Cache-Expires
X-Epic-Correlation-Id
X-Hash
X-GeoIP-City
X-Esi-Check
X-Via-JSL
Cdnsip
X-Gzip
Cdncip
X-COUNTRY
X-Ua-Device
Mime-Version
Akamai-Mon-Iucid-Del
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-We-Are-Hiring
X-Shopify-Stage
X-Alternate-Cache-Key
X-ShopId
X-Clientip
X-ShardId
X-Bip
X-Thanos
X-Cache-FS-Status
X-Cdn-Srv
X-Cache-Aspx
X-Acquia-Purge-Cdn-Unconfigured
XM
X-Pool
X-Origin-Response-Time
X-Node-Id
X-Sorting-Hat-ShopId
X-IsAdmin
X-Irp-Debug
X-Varnish-Beresp-Status
NGX
X-HITS
X-Men
X-Storefront-Renderer-Rendered
Cdn-Request-Time
Cdn-Host
X-Gamma-Serve
X-Sn-Servicetimems
X-Edge-Server
Country-Code
Click-Count-Error
Click-Count-Action-Start
Origin-CC
Origin-EX
Tube-Return
Tube-Got-Results
Tube-Got-Eval
X-Contensis-Viewer-Groups
User-Agent
X-Request-Host
X-UA-Device-Type
V-Age
Tube-Get-Contents
Ssr
X-Sorting-Hat-PodId
X-Depends
X-Varnish-Authentication
Release
X-Pubstack
X-GoCache-CacheStatus
X-V-Cache
X-Internal-TTL
X-VG-TLSProxy
X-Presslabs-Stats
X-URL
X-Service
X-Request-Start
X-Tb-Optimization-Total-Bytes-Saved
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Server-IP
X-LB-NoCache
X-SIPLIST1
CDN-RequestPullCode
CDN-Uid
CDN-RequestPullSuccess
DSUID
IsBot
X-Var-Ttl
Req-ID
CDN-RequestCountryCode
CDN-PullZone
X-RID
X-HOST
X-Varnishpool
Yak-Timeinfo
CDN-EdgeStorageId
CDN-CachedAt
ServerName
CDN-Cache
Fastly-Drupal-HTML
X-DC
X-Vgn-Hpd-Reason
X-TH-Server
X-CACHE-GROUP
Pramga
X-Varnish-Hits
X-Proxy-Cache-Status
Sid
X-Moov-Xdn-Caching-Status
X-Moov-T
X-Moov-Xdn-Version
X-Old-Content-Length
GeoIP-Latitude
X-ORCA-Accelerator
X-NewRelic-App-Data
X-HubSpot-Correlation-Id
X-RequestId
X-Servedbyhost
Esi-Enabled
X-Refresh
X-Cs
CloudFront-Viewer-Country
N1-Cache
X-Upstream-Ct
X-Upstream-Ht
X-Wa
X-Nc
X-Api-Version
Cdn-Requestid
X-Cache-Bucket
X-Tt-Logid
Server-ID
X-APP
X-Via-Popn
C-Via
X-Via-Poph
X-Via-Popv
X-HA-Backend
X-Action
X-Newrelic-Synthetics
X-LiteSpeed-Cache-Control
X-ZONE
XkeyRZ
TWC-GeoIP-Region
Cache-Key
Location
X-Proxy-CacheRZ
X-Cache-VC
X-Thinkindot-L1
X-Vercel-Cache
X-CACHE-AGE
X-Vercel-Id
X-LiteSpeed-Tag
A
TWC-GeoIP-DMA
TWC-GeoIP-City
X-Webkit-CSP
X-Zone
Cache-Hits
X-LB-ID
X-Nananana
X-B3-Parentspanid
X-Parent-Response-Time
AMP-Access-Control-Allow-Source-Origin
X-B3-Spanid
X-DynaTrace-JS-Agent
X-CS
X-SERVER-NAME
X-Dc
HostName
X-Webkit-Csp
X-Ua
Fastly-Drupal-Html
X-Endurance-Cache-Level
X-ApacheServer
X-PERF
WP-Super-Cache
Proxy-Firewall
X-Srv
X-Webkit-Csp-Report-Only
SID
X-Render-Time
X-Cdn-Forward
X-API-Version
GeoIp-Country-Code
X-DataCenter
X-Fpc
X-Litespeed-Cache-Control
X-Uri
X-Nitro-Cache
Uri
X-WA-Info
X-Optimistic-Header
RewriteTeamHook
True-Client-Country-4JS
True-Client-IP
Cache-Contol
Sever-Int
Server-Hostname
Server-Ext
X-Ion-Hop
X-Ion-Healthy
X-Jungle-Id
TP-L2-Cache
RewriteTestHook
Cmsid
X-Datadome
My-App
True-Client-Ip
Log-Origin
X-Test
Resin-Trace
Cmstype
Sm-Log-Id
X-Service-Response-Time
Cdn
GeoIP-Country-Code
X-CLOUD-TRACE-CONTEXT
Adler-Geo
SEZNAM-JOBS-OFFER
X-Ssense-Gql
Is-Eu
X-Ssense-Shipping-Surcharge-Enabled
X-Up
X-From
X-Datacenter
X-Dispatcher-Number
X-Nginx-Cache-Key
CacheControlHeader
Tcn
WZWS-RAY
X-Varnish-Beresp-TTL
X-Pass-Why
X-Client-Ip
X-Dynatrace-Js-Agent
X-RateLimit-Limit
X-FPC
X-Stale
X-Air-Pt
X-Udemy-Cache-App-Namespace
X-Srcache-Fetch-Status
X-Srcache-Store-Status
Lb
Hostname
X-APP-VERSION
X-Custom-Header
Srv
X-AWS-Id
X-VWS-Id
T-Server
X-LJ-Flow-ID
X-Oracle-Dms-Rid
X-Geo-Header
X-Vc
X-ND-Cache
X-Debug-Service
X-Provided-By
X-Fastly-Cache-Status
X-TX-ID
Origin-Site
X-Lb-Id
X-Air-Hostname
X-Air-Source
Server-Id
X-Air-Trace-Id
Serverhost
X-Cache-Server
Vc-Max-Age
X-CMSURLCustom
X-App
X-Fastly-Backend-Reqs
X-Varnish-Hostname
X-SRCache-Key
X-Correlation-ID
X-Akamai-Pragma-Client-IP
AKAMAI-GRN
Cf-Ipcountry
Pics-Label
X-VCL-Version
X-Cache-Ttl
S-Rt
X-Via-PopN
Powered-By
ServerHost
X-Via-PopV
X-Ha-Backend
X-Oracle-DMS-ECID
X-WA
X-Html-Minification-Powered-By
X-NC
Av-Poweredby
NtCoent-Length
X-Via-PopH
X-Cdn-Cache-Status
Edge-Cache
X-XRDS-LOCATION
Cache-Tv-Group
X-Esi
X-Cache-TTL-Remaining
Epwk-X-Cache
Geoip-Latitude
Pragrma
Vix-Hermes-Req-Id
CountryCode
X-LAGOON
X-FORWARDED-FOR
YJS-ID
X-Traceid
X-Region-Sid
X-Rocket-Build-Number
Xkey-La3
Ms-Author-Via
X-Sigma
Machine
X-Sigma-Backend
WWW-Authenticate
X-Fastly-Cache
Cloudfront-Viewer-Country
X-Requestid
WebServer
X-ServedByHost
X-Proxy-Cache-La3
Xkeylog
X-Forwarded-Site
X-Ckpd-Fst-Backend
Thinkindot-Control
X-MSEdge-Flight
X-MSEdge-Features
Nord-Request-ID
X-HS-Status
X-Sucuri-Id
On-Server
Warning
X-Wp-Cf-Super-Cache-Cache-Control
Reporter
X-IAuth-Set-Uid
X-Akamai-ERPolicy
X-Akamai-ERRuleID
X-Serial
FSS-Cache
X-Wp-Cf-Super-Cache
X-Check-Cacheable
X-Lb-Nocache
MIME-Version
Yjs-Id
Datacenter
X-Cdn-Request-ID
X-Snapshot-Date
X-VTEX-Cache-Backend-Header-Time
X-Mg-Cache
X-Lsadc-Cache
Time-Cloud-Cache
X-Ee-Origin
X-Ee-Request-Date
X-Ee-Request-Id
X-PHP-Backend
X-Ee-Generated-By
X-Cms-Device
AKAMAI
Store-Cloud-Cache
X-Akamai-Transformed
X-Amz-Meta-Opti
X-Save-Cache
X-Vary-Devices
X-Dw-Trace-Id
Thinkindot-Cache-Type
X-Td-Header-From-No-Data
X-Web-Server
X-BBC-Origin-Response-Status
X-Elasticpress-Query
X-Tncms-Bot-Tier
Cneonction
Timeexpire
X-Orig-Cache-Control
X-VTEX-Cache-Backend-Connect-Time