Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
X-Frame-Options
Expires
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
CF-Cache-Status
Cf-Request-Id
ETag
Accept-Ranges
Expect-CT
CF-RAY
Pragma
X-Powered-By
X-Cache
Via
Age
X-XSS-Protection
Content-Security-Policy
Alt-Svc
Report-To
NEL
Referrer-Policy
X-Xss-Protection
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
Accept-CH
X-UA-Compatible
X-Served-By
P3P
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Request-Id
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
CF-Ray
Content-Security-Policy-Report-Only
X-DNS-Prefetch-Control
X-Runtime
P3p
X-AspNet-Version
X-Drupal-Cache
Server-Timing
X-Generator
X-Cache-Status
X-Cacheable
X-Envoy-Upstream-Service-Time
X-FRAME-OPTIONS
Timing-Allow-Origin
X-Iinfo
Permissions-Policy
X-Drupal-Dynamic-Cache
X-Request-ID
X-Ua-Compatible
Feature-Policy
X-Content-Security-Policy
Access-Control-Expose-Headers
Upgrade
Content-Encoding
Status
X-CDN
Accept-CH-Lifetime
Access-Control-Max-Age
X-AspNetMvc-Version
Host-Header
Cf-Edge-Cache
X-Robots-Tag
Request-Context
X-Amz-Request-Id
X-Backend
X-Amz-Id-2
X-UA-Device
X-Hacker
Cf-Apo-Via
X-Cache-Group
X-Turbo-Charged-By
X-Proxy-Cache
X-Age
Keep-Alive
EagleId
X-Rq
X-Via
X-Vhost
X-Server
X-Dispatcher
X-Check
X-Amz-Version-Id
X-AH-Environment
X-Ws-Request-Id
X-Litespeed-Cache
X-Varnish-Cache
Grace
X-OneAgent-JS-Injection
X-WebKit-CSP
X-Server-Powered-By
X-Swift-SaveTime
X-Swift-CacheTime
X-Pingback
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
Ali-Swift-Global-Savetime
Allow
Xkey
X-Dns-Prefetch-Control
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Cache-Lookup
X-Page-Speed
X-Cloud-Trace-Context
X-Device
X-Backend-Server
X-Akam-SW-Version
X-Host
Surrogate-Control
EagleEye-TraceId
X-Response-Time
X-Readtime
Cf-Railgun
X-Node
X-HW
X-Server-Id
Request-Id
X-Ruxit-JS-Agent
X-Country
X-Nginx-Cache-Status
X-Url
Content-Location
X-Country-Code
X-Content-Type
Cache-Tag
X-Nginx-Upstream-Cache-Status
Fastly-Restarts
X-Trace
Service-Worker-Allowed
X-Clacks-Overhead
Cross-Origin-Opener-Policy
X-Application-Context
X-NWS-LOG-UUID
X-Rack-Cache
X-Amz-Server-Side-Encryption
X-LiteSpeed-Cache
X-Times
X-TtlSet
X-Vname
X-PC
Surrogate-Key
X-Midtier
X-Mcache
X-Edge
Rating
X-Cache-TTL
X-Middleton-Display
Display
X-Sol
Pagespeed
X-Server-Name
X-Browser-Type
X-Cnection
X-Element-Page-Cache
X-Abt-Application-Version
X-Powered-By-Plesk
X-GoogleNews-Bot
X-Exp-Variant
X-Kinja
X-Kinja-Build
X-Kinja-Server
X-Kinja-Revision
X-Cdn-Fetch
X-Exp-Id
X-GitHub-Request-Id
X-ESI
Nginx-Cache
Edge-Control
X-ECACHE
X-Vcap-Request-Id
X-D2id
Verso
X-Ac
X-MS-InvokeApp
X-Ser
X-ORACLE-DMS-RID
X-Ruxit-Js-Agent
X-Ratelimit-Limit
X-Client-IP
X-Amz-Rid
Response
X-Middleton-Response
X-Wormhole-Sdk
X-Ratelimit-Remaining
X-ARC
X-CST
X-Powered-CMS
X-Dw-Request-Base-Id
X-Goog-Hash
X-B3-TraceId
X-Navigation-Version
X-Kinsta-Cache
X-Edge-Location-Klb
X-Server-ID
X-Server-Lifecycle-Phase
X-PDP-UNCACHING-HASH
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Kraken-Loop-Name
X-Instrumentation
X-Upstream
X-Amzn-Trace-Id
X-Forwarded-For
X-FastCGI-Cache
SPRequestDuration
SPIisLatency
X-Cache-Key
RTSS
X-Oneagent-Js-Injection
X-Mod-Pagespeed
X-Daa-Tunnel
Edge-Cache-Tag
Public-Key-Pins
AR-SID
AR-ATIME
AR-Request-ID
AR-PoweredBy
Cache-Status
X-Content-Digest
X-Ezoic-Cdn
X-Version
X-NF-Request-ID
X-Ttl
Origin-Trial
SPRequestGuid
X-SharePointHealthScore
X-Mg-S
X-Fastly-Request-ID
Realpath
X-FTR-Request-ID
S
X-Shield-Request-Id
X-MSEdge-Ref
X-T
Fastcgi-Cache
X-ORACLE-DMS-ECID
Cross-Origin-Resource-Policy
X-Recruiting
Front-End-Https
X-Accel-Expires
X-Kong-Upstream-Latency
AR-CACHE
X-Kong-Proxy-Latency
X-Cached
X-Distributor
Pinterest-Version
X-Pinterest-Rid
Pinterest-Generated-By
X-Azure-Ref
X-TTL
Access-Control-Request-Method
Arr-Disable-Session-Affinity
X-Xrds-Location
TP-Cache
X-Varnish-TTL
X-Request-Received
X-Request-Processing-Time
X-HS-Hub-Id
Count-Hit
X-HS-Content-Id
X-Ua-Browser
X-HS-Cache-Config
X-Debug
X-Id
X-Correlation-Id
X-LLID
Cache-Tags
X-Ismobilevalue
X-Cluster-Name
Server-Node
X-Newrelic-App-Data
X-Nf-Request-Id
X-Content-Security-Policy-Report-Only
MicrosoftSharePointTeamServices
X-Aspnetmvc-Version
X-VARITI-CCR
X-Frontend
Accept-Ch-Lifetime
Akamai-GRN
X-NGENIX-Cache
X-GUploader-UploadID
X-Varnish-Backend
X-PressLabs-Stats
Accept-Ch
X-HS-Combine-CSS
X-Amz-Replication-Status
X-Hits
X-Protected-By
X-Goog-Metageneration
Payment
X-Microsite
X-Request-Handler-Origin-Region
X-Unique-Id
X-Ratelimit-Reset
X-Page-Id
X-Git-Hash
Cleartype
X-LB-Cache
X-FB-Debug
X-Varnish-Server
X-Logged-In
Content-Disposition
X-Tt-Trace-Tag
X-Www-Served-By
X-Hostname
X-Tt-Trace-Host
X-Az
X-AppVersion
X-Activity-Id
X-DIS-Request-ID
X-HP-Trace-Id
X-Cambria-Cache-Control
Host
X-HP-Webp
X-Jurisdiction
Filterid
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Forwarded-Proto
X-TraceId
X-Template
Amp-Access-Control-Allow-Source-Origin
X-App-Server
X-Varnish-Ttl
X-Geo-Country
Frame-Options
X-Fastcgi-Cache
X-Aspnet-Version
Trailer
X-ASPNET-VERSION
MRF-Tech
Mrf-Cache-Status
X-B3-TraceId-Primal
Version
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Generation
Accept-Charset
X-WP-CF-Super-Cache
X-Load-Cache
X-WP-CF-Super-Cache-Cache-Control
X-Type
Access-Control-Allow-Method
X-Upgrade-Enabled
Fastly-SWR
X-Ah-Environment
Fastly-SIE
Viewport
Section-Io-Cache
X-Origin-Server
X-Fb-Rlafr
X-Content-Options
X-TT
X-Envoy-Decorator-Operation
X-Source
X-Grace
X-B3-Sampled
X-B
X-Cache-Control
X-TEC-API-ORIGIN
X-TEC-API-VERSION
MS-Author-Via
X-TEC-API-ROOT
Retry-After
X-Rid
Content-MD5
Server-Name
X-Device-Type
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Vcl-Version
X-Cache-Age
X-Cdn
X-Language
X-Px
X-Request-Guid
X-HS-Prerendered
X-Buckets
X-Magnolia-Registration
X-Trace-Id
X-Mobile
X-Revision
TCN
Healthy
X-Tec-Api-Root
X-Tec-Api-Version
X-Tec-Api-Origin
X-Akamai-Edgescape
X-EdgeConnect-Cache-Status
X-Varnish-Grace
X-WP-CF-Super-Cache-Active
Protected
X-Backend-Name
X-CSRF-Token
X-Instance
X-RM-Cache-TTL
X-Response-Served-From
X-Debug-Info
X-Status
X-App-Environment
SD-X-WS
X-Original-Request-Id
GEO-INFO
X-Tumblr-Pixel-1
X-Rule
X-Tumblr-User
X-Tumblr-Pixel-0
X-Origin-Cache
Cross-Origin-Embedder-Policy-Report-Only
X-ServerID
X-Rendered-As
Upgrade-Insecure-Requests
X-Is-Bot
Charset
X-Tumblr-Pixel
X-NYM-Debug-Backend
X-ProcessESI
X-RemovedCookies
X-FW-Hash
X-Adobe-Content
X-Mg-Request-UUID
X-L-Path
X-Adobe-Loc
X-Framework
X-Environment-Context
X-Edge-Location
X-Cacheable-TTL
X-Cache-Time
X-FW-Serve
X-Storage
X-FW-Version
X-FW-Dynamic
NGB
X-FW-Static
X-FW-Type
X-FW-Server
Cross-Origin-Window-Policy
X-Debug-IsPreview
X-Content-Powered-By
X-UUID
X-Debug-IsConnected
X-Region
X-Proxy
X-Contextid
Access-Control-Request-Headers
X-Datadog-Sampled
X-Datadog-Parent-Id
X-Yottaa-Metrics
X-G
MS-CV
X-Yottaa-Optimizations
Ms-Operation-Id
X-Proxy-Cache-Info
X-Datadog-Sampling-Priority
X-Node-Name
X-RTag
X-Datadog-Trace-Id
Refresh
X-Ua-Device
X-Whom
OT-Force-Account-Verify
X-Amz-Meta-S3cmd-Attrs
X-B3-Traceid
Webserver
X-Lambda-Id
Section-Io-Id
Paypal-Debug-Id
DC
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-Backend
X-FTR-Expires
X-FTR-Cache-Status
X-Country-Code-Real
Countrycode
X-Amzn-Remapped-Content-Length
X-User-Agent
X-Reqid
X-Seen-By
X-HTML-Minification-Powered-By
Front
X-Hcs-Proxy-Type
X-CCDN-Origin-Time
X-CCDN-CacheTTL
X-TT-LOGID
Priority
X-ECache
Alternate-Protocol
X-Server-W
SRV
X-VC
X-WebKit-CSP-Report-Only
X-Real-IP
X-DataDome
X-Time
X-B3-SpanId
X-IPS-LoggedIn
X-WP-CF-Super-Cache-Cookies-Bypass
Liferay-Portal
Cross-Origin-Opener-Policy-Report-Only
X-Akamai-Request-ID2
X-Origin-TTL
X-AB
X-N
X-Origin-CC
X-Rocket-Nginx-Serving-Static
Backend
X-Mode
X-Cache-Status-Check
Country
X-Hl-Ver
WPO-Cache-Status
Onion-Location
WPO-Cache-Message
Webcakes-App-Name
Fastcgi-Useragent
Webcakes-App-Version
Web-Mar-Node
Webcakes-Region
X-Rn-Rsrv
Filters
X-RateLimit-Remaining
X-Say-TTL
X-Rewrite-Enabled
TWC-Privacy
Meta-Geo
TWC-Connection-Speed
Property-Id
X-SaId
ServerID
TWC-Device-Class
TWC-GeoIP-Country
X-SayCDN-TTL
Xet-Cookie
TWC-Locale-Group
TWC-GeoIP-LatLong
X-Say-Cacheable
Environment
X-Cache-Action
X-FB-TRIP-ID
X-Redis-Cache
X-Origin-Hint
X-Tumblr-Pixel-2
X-JoinUs
X-Format
X-Cache-Host
X-UPSTREAM-Address
X-Soup
X-VC-Cache
X-Nginx-Cache
X-Cms-Context
X-Frame-Option
X-Handled-By
X-Hosted-By
X-Scope-Id
X-IPLB-Request-ID
X-IPLB-Instance
X-PHP-Host
Mn-Server-Ip
X-Skip-Cache
X-R9-Blue-Green-Version
X-Director
X-Cluster-Node
X-Detected-As
X-Labrador-Cache-Channel
X-Accel-Version
X-Connection-Hash
Expiry
X-Restarts
X-Fetched-On
X-Cache-Expired-At
From-Origin
X-Origin-Date
DB-Nickname
Uber-Trace-Id
Apigw-Requestid
X-ProxyCache-Key
X-ProxyCache-Status
Url
X-Webstats-RespID
X-Forwarded-Host
X-BYPASS-REASON
X-DynaTrace
X-Web-Node
X-Vcache
X-Varnish-Age
X-Varnish-Beresp-Grace
X-Varnish-Cache-Hits
X-Loop
X-Tncms
X-Tb
X-Ms-Version
X-Servername
X-Adobe-Source
X-Ms-Request-Id
Ohc-File-Size
X-Httpd
ServedBy
X-Tumblr-Pixel-3
X-Resp-Is-Stale
X-Logging-Id
Atl-Traceid
X-Cluster
X-Served-From
X-Auth-Group-Type
X-Extlb
X-Cloudmap
X-Proxied
X-Routing-Service
Cross-Origin-Embedder-Policy
X-S
X-Zipkin-Id
Referer-Policy
X-Request-URI
X-Webkit-CSP
X-Hit
X-Proxy-Build
Selected-Fe
X-Timing-Wait
Accept-Language
N-Cache
X-Azure-Ref-OriginShield
X-LSADC-Cache
X-SRV
X-Origin
X-HS-CF-Cache-Status
X-Worker
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
Surrogated-Key
X-XRDS-Location
LB
X-Generated-By
X-Sucuri-Cache
X-Lagoon
X-Fastly-Request-Id
X-Generation-Time
Xserver
X-App-Version
X-Cache-Hit
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-TA-CDN-Provider
X-Drupal-Cache-Tags
X-Drupal-Cache-Contexts
X-Xfnlog-Site
CF-IPCountry
X-Wix-Request-Id
X-Sucuri-ID
X-Cdn-Origin
Source
X-Oracle-Dms-Ecid
X-Tx-Id
X-MP-GENERATED-AT
X-CDN-Forward
X-NWS-UUID-VERIFY
X-Cache-Debug
CDN-RequestId
X-F-Cache
Node
X-RCS-CacheZone
X-NODE
X-Mly-Id
X-Varnish-Beresp-Ttl
X-VCT
Cache
X-Cache-Rule
X-Via-SSL
X-Via-CDN
Edge-Copy-Time
X-Via-Edge
X-Urbn-Context-Path
X-Is-Supported-Browser
X-Urbn-Site-Id
X-Tcp-Rtt
X-Is-Tablet
X-Is-Mobile
Locale
X-Browser-Name
X-Is-Desktop
X-Geo-Region
X-INCAP-ABP
X-Pad
X-No-Session
X-ElasticPress-Query
Ohc-Cache-HIT
Cache-Provider
X-Signature
X-B-Cache
Wxu-Next-Commit
Wxu-Next-Hostname
Producers
Rendered-Blocks
Web-Mar-Region
Wxu-Next-Region
W
Redirect-Candidate
We-Hiring
Sslversion
X-A-Dam
X-Aicache-OS
X-Aed
X-App-Name
X-Application
X-B-Cookie
X-Access
X-AB-Test
PFcat
X-A-Ccd
X-A-Dcw
X-A-Dgt
X-A-Wwc
X-A
Meta-Geo-Continent
Content-Secure-Policy
Cluster
DCR-Decision-By
DCR-Processing-Time-Ms
Expect-Staple
Candidate-Md5Url
BehaviorPad-Version
Apple-News-Services-Handled
X-Site-Version
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Fastly-Backend-Name
Fastly-GeoIP-CountryCode
MD5-Digest
Mail-Subject
X-Backend-Instance
Ngx.Var.Host
Odigeo-Trace-Id
Lang
L5d-Success-Class
Fl-Custom-Application
Fastly-SSL
Ha-Gx-Prefs
HA-Ipaddr
Host-ID
Origin
X-Bug-Bounty
X-Origin-Time
X-Org
X-Path
X-PAYTM-SRV-ID
X-Platform-Server
X-Op-Id-All
X-Nyt-Route
X-Ig-Origin-Region
X-HS-Content-Campaign-Id
X-Ig-Push-State
X-Jobs
X-Mvc-Supplant-Cachable
X-Proto
X-Proxied-Request
X-TIM-N
X-Slack-Shared-Secret-Outcome
X-VarnishDD-TTL
X-Vdms-Version
X-Vtex-Remote-Cache
X-Slack-Backend
X-Section
X-Rojux
X-S-Cookie
X-ScT
X-SD-PageType
X-HN
X-Geolocation
X-Csrf-Jwt
X-Conf
X-D
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-CGP
X-Cache-Operation
X-Bl-Debug
X-BCube-Filmed-By
Xc-Version
X-Cache-Info
X-Cache-NE
X-Destination
X-Developer
X-GeoCode
X-Gdpr
X-GeoCountry
X-GeoIP-Country-Code
X-GeoIP-Region-Code
X-FC-Vary-Parameters
X-External-Request-Id
X-DPWN-IS-SECURE
X-Ec-Fail
X-Ec-GeoHdr
X-Eu-Site
X-Bc-Bl
X-Cache-Grace
X-Litespeed-Tag
X-Via-JSL
X-NGINX-Cache
X-Locale
X-VC-TTL
X-Level-Front-Cache
X-Varnish-Remaining-TTL
X-Loc
X-Location
X-Micro-Cache
User-Cache-Control
User-Agent
X-Accel-Expires-Debug
X-Akamai-Device-Characteristics
X-Amz-Meta-Cb-Modifiedtime
X-AK-Request-ID
X-Hnp-Log
X-Human
X-VG-WebCache
Thinkindot-CacheControl
X-Varnish-Director
Pramga
Product
X-Varnish-CookieHashed-On
X-Origin-Expires
Platform
NM-Fastcgi-Cache
Origin-Agent-Cluster
X-Varnish-CookieINHashed-On
Req-Svc-Chain
X-NMSegId
X-Amz-Storage-Class
X-Mvc-Supplant-OutputCached
X-NodeID
Server-Host
RNT-Machine
RNT-Time
TDXMobile
X-Auto-Login
X-DefElseHash
X-DefHash
X-Fmm-Version
X-VTEX-Cache-Time
X-Date
X-Gen-Mode
X-CUA
X-Dispatcher-Server
X-Ec-Custom-Error
X-Viewer-Country
X-Epic-Correlation-Id
X-Esi-Check
X-Vmg-Version
X-VServer
X-Edge-Server
X-VTEX-Cache-Server
X-Core-Value
X-Content-Length
X-Via-Fastly
X-GeoIP-City
X-Block-Status
X-BBC-Edge-Cache-Status
X-B3-Trace-ID
X-Gzip
X-Var-Ttl
X-Cache-Date
X-Cache-Id
X-Cached-By
X-Cdn-Srv
X-Content-Age
X-Zen-Fury
X-Generated-On
X-GeoIP
X-GEO
X-Hash
Thinkindot-CacheControl-Type
X-SB
Content-Style-Type
X-Scheme
Cdnsip
Debug
X-Thinkindot-L3
X-Req
Gannett-Cam-Experience-Id
X-Request-Time
Cdncip
Cdn-Request-Time
Azure-SlotName
Azure-SiteName
Azure-RegionName
Azure-InstanceId
Azure-Version
X-Shield-Cache-Expires
Cdn-Host
CDCHOST
Canary
Gh-Request-Id
Content-Script-Type
X-Platform
L
X-Policy
X-Powered-By-VTEX-Cache
Mime-Version
X-User
X-Proxy-Cache-Status
X-UA
X-ShardId
X-Storefront-Renderer-Rendered
X-ShopId
X-Shopify-Stage
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Alternate-Cache-Key
X-COUNTRY
Akamai-Mon-Iucid-Del
X-Fastly-Backend
CDN-PullZone
X-Cache-FS-Status
CDN-EdgeStorageId
CDN-CachedAt
X-CacheTTL
X-Origin-Response-Time
CDN-Cache
X-V-Cache
X-Cache-Aspx
XM
X-GoCache-CacheStatus
Click-Count-Action-Start
CDN-Uid
X-Bip
Tube-Get-Contents
CDN-RequestPullCode
CDN-RequestPullSuccess
X-Wikidot-Static-Cache
X-Server-IP
X-Varnish-Authentication
X-Varnish-Beresp-Status
X-Gamma-Serve
X-Depends
X-UA-Device-Type
X-Pubstack
X-Sn-Servicetimems
X-Node-Id
IsBot
Origin-CC
X-We-Are-Hiring
X-Clientip
X-Wikidot-Backend
X-Contensis-Viewer-Groups
X-AIR-PT
X-SIPLIST1
Origin-EX
Click-Count-Error
CDN-RequestCountryCode
Release
X-Varnishpool
X-Thanos
X-Request-Host
X-Acquia-Purge-Cdn-Unconfigured
X-Internal-TTL
X-Irp-Debug
Tube-Got-Results
X-Men
V-Age
X-HITS
Tube-Return
X-VG-TLSProxy
X-IsAdmin
NGX
X-Pool
Tube-Got-Eval
X-URL
X-SVT-ORM-RULES
X-Request-Start
X-Tb-Optimization-Total-Bytes-Saved
X-LB-NoCache
Yak-Timeinfo
DSUID
X-Varnish-Hits
X-RID
X-SVT-ORM-VERSION
Country-Code
ServerName
Req-ID
X-HOST
Ssr
X-ORCA-Accelerator
X-Service
Fastly-Drupal-HTML
X-Upstream-Ht
X-Upstream-Ct
Esi-Enabled
X-CACHE-GROUP
X-DC
Sid
X-VHOST
X-Vgn-Hpd-Reason
GeoIP-Latitude
X-HubSpot-Correlation-Id
X-Api-Version
X-Refresh
X-Cache-Bucket
CloudFront-Viewer-Country
X-TH-Server
X-Servedbyhost
X-ZONE
X-Cs
X-RequestId
Cdn-Requestid
X-Proxy-CacheRZ
A
X-Wa
X-Moov-T
XkeyRZ
X-Old-Content-Length
X-Presslabs-Stats
X-Moov-Xdn-Caching-Status
X-Nc
X-Moov-Xdn-Version
Cache-Key
X-Newrelic-Synthetics
X-B3-Spanid
Server-ID
X-APP
C-Via
X-Tt-Logid
X-Nananana
X-CACHE-AGE
X-Via-Popn
X-Via-Popv
X-B3-Parentspanid
X-Via-Poph
X-HA-Backend
X-Parent-Response-Time
N1-Cache
X-NewRelic-App-Data
AMP-Access-Control-Allow-Source-Origin
X-LB-ID
X-Action
X-LiteSpeed-Cache-Control
X-Webkit-Csp-Report-Only
X-Cdn-Forward
X-CS
X-LiteSpeed-Tag
X-SERVER-NAME
Proxy-Firewall
X-Cache-VC
Location
X-Thinkindot-L1
X-Dc
X-DynaTrace-JS-Agent
HostName
X-Vercel-Id
X-Vercel-Cache
X-Endurance-Cache-Level
X-Webkit-Csp
TWC-GeoIP-Region
Fastly-Drupal-Html
TWC-GeoIP-DMA
X-Optimistic-Header
TWC-GeoIP-City
X-Ua
SID
Cache-Hits
X-Srv
X-Zone
Server-Ext
X-DataCenter
TP-L2-Cache
Server-Hostname
X-Fpc
WP-Super-Cache
GeoIp-Country-Code
True-Client-Country-4JS
Sever-Int
X-Litespeed-Cache-Control
Cdn
X-API-Version
X-PERF
X-Test
X-ApacheServer
X-Dispatcher-Number
Is-Eu
Adler-Geo
X-Render-Time
X-Air-Pt
True-Client-IP
Uri
WZWS-RAY
X-Nginx-Cache-Key
Resin-Trace
True-Client-Ip
X-WA-Info
X-Datadome
X-Nitro-Cache
X-Uri
SEZNAM-JOBS-OFFER
X-Ion-Healthy
X-Ion-Hop
X-VWS-Id
X-CLOUD-TRACE-CONTEXT
X-Jungle-Id
X-AWS-Id
X-LJ-Flow-ID
RewriteTeamHook
Cache-Contol
X-Datacenter
GeoIP-Country-Code
RewriteTestHook
X-Ssense-Shipping-Surcharge-Enabled
X-Ssense-Gql
X-Service-Response-Time
Sm-Log-Id
Log-Origin
My-App
X-Geo-Header
T-Server
Tcn
X-Custom-Header
X-Provided-By
X-Pass-Why
X-Dynatrace-Js-Agent
X-Client-Ip
X-Varnish-Beresp-TTL
X-ND-Cache
X-RateLimit-Limit
Cmstype
Cmsid
X-FPC
X-Up
X-From
X-Stale
X-Srcache-Fetch-Status
X-Srcache-Store-Status
Hostname
CacheControlHeader
X-Oracle-Dms-Rid
X-Cache-Server
X-Udemy-Cache-App-Namespace
Vc-Max-Age
Serverhost
X-CMSURLCustom
Lb
Srv
X-APP-VERSION
S-Rt
X-Debug-Service
Av-Poweredby
X-Vc
X-Fastly-Cache-Status
Pics-Label
X-TX-ID
Cache-Tv-Group
X-App
X-Lb-Id
X-Air-Trace-Id
X-Air-Hostname
Server-Id
X-Cdn-Cache-Status
Powered-By
X-Air-Source
X-Fastly-Backend-Reqs
Cf-Ipcountry
Vix-Hermes-Req-Id
X-Correlation-ID
X-Akamai-Pragma-Client-IP
X-Cache-TTL-Remaining
X-Cache-Ttl
X-Ckpd-Fst-Backend
X-Via-PopN
X-LAGOON
X-Oracle-DMS-ECID
Origin-Site
X-Via-PopV
X-Fastly-Cache
X-WA
X-Html-Minification-Powered-By
X-Via-PopH
ServerHost
X-Ha-Backend
X-NC
X-Esi
X-XRDS-LOCATION
On-Server
NtCoent-Length
Geoip-Latitude
Epwk-X-Cache
X-VCL-Version
Xkeylog
Xkey-La3
Thinkindot-Control
X-Varnish-Hostname
X-SRCache-Key
X-Proxy-Cache-La3
CountryCode
X-Requestid
X-FORWARDED-FOR
Edge-Cache
X-ServedByHost
Cloudfront-Viewer-Country
WebServer
X-Traceid
WWW-Authenticate
X-Sucuri-Id
X-Ee-Request-Date
X-Save-Cache
X-Vary-Devices
X-Ee-Origin
X-Ee-Request-Id
X-PHP-Backend
X-Cms-Device
Warning
Store-Cloud-Cache
Time-Cloud-Cache
AKAMAI
X-MSEdge-Flight
X-MSEdge-Features
Pragrma
X-Ee-Generated-By
X-Amz-Meta-Opti
X-HS-Status
X-Sigma
X-Sigma-Backend
X-Cdn-Request-ID
Machine
YJS-ID
X-Forwarded-Site
X-Region-Sid
X-Rocket-Build-Number
FSS-Cache
X-IAuth-Set-Uid
X-Wp-Cf-Super-Cache
X-Serial
X-Akamai-Transformed
X-VTEX-Cache-Backend-Connect-Time
X-Wp-Cf-Super-Cache-Cache-Control
Reporter
Ms-Author-Via
X-Pod
X-VTEX-Cache-Backend-Header-Time
X-Check-Cacheable
X-Lb-Nocache
X-Tncms-Bot-Tier
X-Limited
X-Ms-Lease-Status
Yjs-Id
X-Mg-Cache
X-Ms-Blob-Type
X-Info
Timeexpire
Magicmarker
X-Orig-Cache-Control
X-Elasticpress-Query
Cl-Cache
X-BBC-Origin-Response-Status
X-Dw-Trace-Id
X-Akamai-ERRuleID
X-Akamai-ERPolicy
X-Lsadc-Cache
X-Web-Server
X-Td-Header-From-No-Data
Thinkindot-Cache-Type
Cneonction