Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
X-Frame-Options
Expires
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
Accept-Ranges
Expect-CT
CF-RAY
Pragma
X-Powered-By
X-Cache
Via
X-XSS-Protection
Age
Content-Security-Policy
Report-To
Alt-Svc
NEL
Referrer-Policy
Access-Control-Allow-Origin
X-Xss-Protection
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
X-Served-By
P3P
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
CF-Ray
Content-Security-Policy-Report-Only
X-Runtime
X-DNS-Prefetch-Control
X-AspNet-Version
X-Drupal-Cache
X-Generator
Server-Timing
X-Cache-Status
P3p
X-Cacheable
X-Envoy-Upstream-Service-Time
Timing-Allow-Origin
X-Request-ID
X-FRAME-OPTIONS
X-Iinfo
X-Check
X-Drupal-Dynamic-Cache
Permissions-Policy
X-Content-Security-Policy
X-Ua-Compatible
Access-Control-Expose-Headers
Feature-Policy
Upgrade
Content-Encoding
Status
X-CDN
X-AspNetMvc-Version
Accept-CH
Access-Control-Max-Age
Host-Header
Cf-Edge-Cache
X-Robots-Tag
X-Amz-Request-Id
Request-Context
X-Amz-Id-2
X-Backend
X-Hacker
Accept-CH-Lifetime
X-Turbo-Charged-By
X-Cache-Group
Keep-Alive
X-Proxy-Cache
Cf-Apo-Via
X-Via
X-Rq
EagleId
X-Age
X-Server
X-UA-Device
X-Dispatcher
X-Vhost
X-Amz-Version-Id
X-AH-Environment
X-Ws-Request-Id
X-Dns-Prefetch-Control
X-Varnish-Cache
Grace
X-Server-Powered-By
X-Litespeed-Cache
X-WebKit-CSP
Allow
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Swift-CacheTime
X-Swift-SaveTime
X-Pingback
X-OneAgent-JS-Injection
X-Cache-Lookup
Ali-Swift-Global-Savetime
X-Page-Speed
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Device
EagleEye-TraceId
X-Backend-Server
X-Akam-SW-Version
X-Host
X-Response-Time
Surrogate-Control
X-Cloud-Trace-Context
Cf-Railgun
X-Readtime
X-Server-Id
X-Node
X-HW
X-LiteSpeed-Cache
X-Ruxit-JS-Agent
Xkey
Request-Id
X-Country
X-Nginx-Cache-Status
X-Url
X-Application-Context
X-NWS-LOG-UUID
X-Content-Type
Content-Location
X-Nginx-Upstream-Cache-Status
Cache-Tag
X-Clacks-Overhead
X-Trace
Service-Worker-Allowed
X-Amz-Server-Side-Encryption
Cross-Origin-Opener-Policy
Fastly-Restarts
X-Times
X-PC
X-TtlSet
X-Vname
X-Midtier
X-Edge
X-Mcache
X-Rack-Cache
X-Country-Code
Rating
Surrogate-Key
X-Browser-Type
X-ESI
X-Cache-TTL
Pagespeed
Display
X-Middleton-Display
X-Sol
X-Server-Name
X-Abt-Application-Version
X-Cnection
X-Element-Page-Cache
X-Kinja
X-GoogleNews-Bot
X-Exp-Variant
X-Ser
X-Kinja-Server
X-Exp-Id
X-Kinja-Build
X-Cdn-Fetch
X-Kinja-Revision
Edge-Control
X-Powered-By-Plesk
X-GitHub-Request-Id
Nginx-Cache
X-Oneagent-Js-Injection
X-D2id
Verso
X-Ac
X-Dw-Request-Base-Id
X-ARC
X-Vcap-Request-Id
X-Client-IP
X-MS-InvokeApp
X-Daa-Tunnel
X-B3-TraceId
Accept-Ch-Lifetime
X-Upstream
X-Navigation-Version
X-Amz-Rid
X-Goog-Hash
X-Aspnet-Version
X-Powered-CMS
X-ORACLE-DMS-RID
X-CST
Response
X-Middleton-Response
X-Erf-Bev-Bev-Is-Generated
X-Server-Lifecycle-Phase
X-PDP-UNCACHING-HASH
X-Kraken-Loop-Name
X-Instrumentation
X-Erf-Bev-Bev
X-Ttl
X-Edge-Location-Klb
X-Kinsta-Cache
X-ECACHE
AR-Request-ID
AR-ATIME
AR-SID
AR-PoweredBy
X-Cache-Key
X-NF-Request-ID
X-Amzn-Trace-Id
X-Forwarded-For
X-Ratelimit-Limit
X-Ua-Device
RTSS
X-Mod-Pagespeed
X-FastCGI-Cache
X-Wormhole-Sdk
SPIisLatency
SPRequestDuration
AR-CACHE
Cache-Status
X-Ratelimit-Remaining
Edge-Cache-Tag
X-Server-ID
X-Version
X-Mg-S
Public-Key-Pins
X-ORACLE-DMS-ECID
X-Ruxit-Js-Agent
S
Cross-Origin-Resource-Policy
X-Ezoic-Cdn
Realpath
SPRequestGuid
X-SharePointHealthScore
X-MSEdge-Ref
X-T
X-Shield-Request-Id
Fastcgi-Cache
X-Content-Digest
X-Cached
X-Recruiting
X-Accel-Expires
Access-Control-Request-Method
Accept-Ch
X-Newrelic-App-Data
X-Distributor
TP-Cache
X-Correlation-Id
X-Varnish-TTL
Arr-Disable-Session-Affinity
Count-Hit
X-Kong-Upstream-Latency
X-Id
X-Kong-Proxy-Latency
Front-End-Https
X-Debug
X-Request-Processing-Time
X-Request-Received
X-Content-Security-Policy-Report-Only
Server-Node
X-Ua-Browser
X-VARITI-CCR
X-HS-Content-Id
X-HS-Hub-Id
X-HS-Cache-Config
X-LLID
MicrosoftSharePointTeamServices
X-Frontend
X-HS-Combine-CSS
X-Azure-Ref
X-Fastly-Request-ID
X-PressLabs-Stats
Cache-Tags
X-Cluster-Name
X-Ismobilevalue
Payment
X-LB-Cache
X-Forwarded-Proto
X-Amz-Replication-Status
X-Hits
X-GUploader-UploadID
X-Goog-Metageneration
X-Varnish-Backend
Filterid
X-Request-Handler-Origin-Region
X-Microsite
X-Unique-Id
X-FB-Debug
X-Git-Hash
Host
Cleartype
X-Protected-By
X-Logged-In
X-Www-Served-By
X-Activity-Id
X-Varnish-Server
X-AppVersion
X-Az
X-Ratelimit-Reset
X-App-Server
Content-Disposition
X-Hostname
X-Varnish-Ttl
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-NGENIX-Cache
X-Amzn-RequestId
X-Amz-Apigw-Id
Mrf-Cache-Status
MRF-Tech
X-B3-TraceId-Primal
X-HP-Webp
X-TTL
X-Jurisdiction
X-HP-Trace-Id
X-Geo-Country
Access-Control-Allow-Method
X-TEC-API-VERSION
X-TEC-API-ORIGIN
Retry-After
X-TEC-API-ROOT
X-Page-Id
X-Origin-Server
X-DIS-Request-ID
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
X-Load-Cache
X-Upgrade-Enabled
MS-Author-Via
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
Accept-Charset
X-Nf-Request-Id
X-ASPNET-VERSION
Fastly-SIE
Fastly-SWR
Section-Io-Cache
X-Type
Pinterest-Generated-By
X-TT
X-Fb-Rlafr
Viewport
X-Pinterest-Rid
Pinterest-Version
X-Cache-Control
Akamai-GRN
X-Fastcgi-Cache
Origin-Trial
X-Grace
Amp-Access-Control-Allow-Source-Origin
Content-MD5
X-Content-Options
X-B
X-B3-Sampled
X-Ah-Environment
X-Template
Version
X-Cambria-Cache-Control
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-RateLimit-Remaining
X-Request-Guid
X-Origin-Cache
X-ECache
X-Revision
TCN
X-Trace-Id
X-Amz-Meta-S3cmd-Attrs
Frame-Options
X-Vcl-Version
Healthy
X-Envoy-Decorator-Operation
X-Contextid
X-Magnolia-Registration
X-Cdn
X-Device-Type
X-CSRF-Token
X-Source
X-WP-CF-Super-Cache-Active
X-Fastly-Request-Id
DC
Server-Name
X-Aspnetmvc-Version
X-Backend-Name
X-Webkit-CSP
X-Proxy
X-Px
X-Seen-By
X-Mobile
X-Varnish-Grace
X-Tumblr-Pixel
X-RM-Cache-TTL
X-App-Environment
X-Tumblr-User
X-Tumblr-Pixel-1
X-RemovedCookies
X-Tumblr-Pixel-0
X-ProcessESI
X-Xrds-Location
X-Framework
X-Status
X-Rule
X-Debug-Info
X-Storage
X-Mg-Request-UUID
Access-Control-Request-Headers
SD-X-WS
X-Rid
X-UUID
X-L-Path
X-Region
X-Adobe-Loc
X-Adobe-Content
X-Proxy-Cache-Info
X-Node-Name
Cross-Origin-Window-Policy
NGB
X-NYM-Debug-Backend
X-Environment-Context
X-Instance
X-G
X-Debug-IsConnected
X-Debug-IsPreview
X-Cacheable-TTL
X-FW-Dynamic
Paypal-Debug-Id
X-Akamai-Edgescape
X-HTML-Minification-Powered-By
X-Cache-Age
GEO-INFO
X-FW-Hash
X-Datadog-Trace-Id
X-Datadog-Sampling-Priority
X-Datadog-Sampled
X-FW-Server
X-Content-Powered-By
X-Is-Bot
X-FW-Type
X-Yottaa-Metrics
X-FW-Static
X-Rendered-As
X-FW-Version
X-ServerID
X-Datadog-Parent-Id
X-Yottaa-Optimizations
X-FW-Serve
X-User-Agent
X-RTag
MS-CV
Ms-Operation-Id
X-CLOUD-TRACE-CONTEXT
X-Cache-Time
Front
X-Language
X-EdgeConnect-Cache-Status
Upgrade-Insecure-Requests
X-Buckets
X-WebKit-CSP-Report-Only
Charset
Countrycode
Webserver
Protected
X-Whom
X-N
OT-Force-Account-Verify
X-Tec-Api-Version
X-Tec-Api-Root
X-Tec-Api-Origin
X-IPS-LoggedIn
X-Cache-Status-Check
X-Lambda-Id
X-AB
X-Akamai-Request-ID2
Section-Io-Id
X-Edge-Location
Country
X-Time
Refresh
Trailer
X-TT-LOGID
X-VC
Priority
X-VHOST
X-B3-SpanId
X-Hcs-Proxy-Type
X-Hl-Ver
X-CCDN-CacheTTL
X-CCDN-Origin-Time
X-Via-JSL
X-XRDS-LOCATION
X-Amzn-Remapped-Content-Length
X-WP-CF-Super-Cache-Cookies-Bypass
Alternate-Protocol
X-Reqid
Backend
X-HS-Prerendered
X-B3-Traceid
Accept-Language
X-Wix-Request-Id
Xet-Cookie
Liferay-Portal
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-DataDome
Onion-Location
X-Generated-By
X-Rewrite-Enabled
X-Skip-Cache
From-Origin
X-Scope-Id
X-Tumblr-Pixel-2
X-JoinUs
X-UPSTREAM-Address
X-VC-Cache
Filters
X-Origin-Date
X-Request-URI
Meta-Geo
X-Auth-Group-Type
Uber-Trace-Id
X-Cache-Host
X-Web-Node
Environment
ServerID
Fastcgi-Useragent
X-Frame-Option
X-Tb
X-Fetched-On
X-SaId
X-FB-TRIP-ID
X-Rn-Rsrv
X-Accel-Version
X-XRDS-Location
Expiry
Webcakes-Region
Webcakes-App-Name
X-BYPASS-REASON
Webcakes-App-Version
X-Cache-Action
X-Varnish-Age
X-ProxyCache-Status
X-R9-Blue-Green-Version
X-Cache-Expired-At
TWC-Privacy
TWC-Locale-Group
X-Say-TTL
X-SayCDN-TTL
X-Real-IP
Atl-Traceid
Property-Id
X-Say-Cacheable
TWC-GeoIP-LatLong
TWC-GeoIP-Country
TWC-Device-Class
TWC-Connection-Speed
X-ProxyCache-Key
X-Redis-Cache
X-Webstats-RespID
X-Origin-Hint
X-Hosted-By
X-Format
X-Director
X-Logging-Id
X-Varnish-Beresp-Grace
X-Varnish-Cache-Hits
X-Connection-Hash
X-Httpd
X-Handled-By
X-Soup
X-Restarts
LB
X-Served-From
X-Loop
X-IPLB-Instance
X-Server-W
X-Labrador-Cache-Channel
Apigw-Requestid
X-RID
X-IPLB-Request-ID
X-PHP-Host
X-Adobe-Source
X-Mode
X-Cms-Context
X-Cluster-Node
X-Forwarded-Host
X-Vcache
Web-Mar-Node
X-Tncms
X-Proxy-Build
Mn-Server-Ip
X-Timing-Wait
ServedBy
Selected-Fe
Url
X-Origin
X-S
X-Detected-As
X-Servername
X-Nginx-Cache
Xserver
X-Response-Served-From
X-Cluster
DB-Nickname
X-SRV
X-Original-Request-Id
X-Origin-CC
CF-IPCountry
X-Origin-TTL
SRV
Referer-Policy
X-Zipkin-Id
X-Extlb
X-Proxied
X-Lagoon
N-Cache
X-Routing-Service
X-Cloudmap
X-LSADC-Cache
X-Hit
X-Rocket-Nginx-Serving-Static
Cross-Origin-Embedder-Policy-Report-Only
X-Upstream-Ht
CDN-RequestId
X-Upstream-Ct
X-Xfnlog-Site
X-UA
X-Ms-Version
Cross-Origin-Embedder-Policy
X-Ms-Request-Id
X-Webkit-Csp
X-VCT
X-Cache-Debug
X-Tumblr-Pixel-3
X-Proxy-Cache-Status
X-RCS-CacheZone
Source
X-NWS-UUID-VERIFY
X-DynaTrace
X-F-Cache
X-Azure-Ref-OriginShield
X-Signature
X-B-Cache
WPO-Cache-Message
X-Geo-Region
X-Is-Mobile
X-Is-Tablet
X-Is-Supported-Browser
X-Is-Desktop
WPO-Cache-Status
X-TraceId
Surrogated-Key
X-Tcp-Rtt
X-Browser-Name
X-Urbn-Site-Id
Locale
X-Urbn-Context-Path
X-RateLimit-Limit-Second
X-Worker
X-RateLimit-Remaining-Second
X-No-Session
Node
X-Cdn-Origin
X-Sucuri-Cache
X-Generation-Time
X-ShopId
X-ShardId
X-Sorting-Hat-ShopId
X-Storefront-Renderer-Rendered
X-Sorting-Hat-PodId
X-Shopify-Stage
X-Alternate-Cache-Key
X-FTR-Request-ID
X-Sucuri-ID
X-Tx-Id
TP-L2-Cache
X-RateLimit-Limit
X-Drupal-Cache-Contexts
X-Locale
X-Cdn-Forward
X-NODE
X-NGINX-Cache
X-Optimistic-Header
X-Site-Version
X-Drupal-Cache-Tags
X-App-Version
X-Cache-Rule
X-Cache-Operation
X-Service
Expect-Staple
DCR-Processing-Time-Ms
Azure-InstanceId
Azure-RegionName
Cluster
Azure-SlotName
Cdncip
Candidate-Md5Url
BehaviorPad-Version
Cdnsip
X-Vmg-Version
Azure-SiteName
Content-Secure-Policy
Azure-Version
DCR-Decision-By
Gannett-Cam-Experience-Id
X-Varnish-Remaining-TTL
TDXMobile
Origin-Agent-Cluster
Sslversion
Producers
Redirect-Candidate
X-Varnish-CookieHashed-On
X-Varnish-CookieINHashed-On
X-Varnish-Director
Rendered-Blocks
Odigeo-Trace-Id
X-Vdms-Version
Lang
Host-ID
X-Viewer-Country
Fastly-GeoIP-CountryCode
X-VG-WebCache
Mail-Subject
Ngx.Var.Host
Meta-Geo-Continent
MD5-Digest
Fastly-Backend-Name
X-AK-Request-ID
X-Ig-Push-State
X-Ig-Origin-Region
X-GeoIP-City
X-INCAP-ABP
X-Internal-TTL
X-Loc
X-Jobs
X-GeoIP
X-GeoCountry
X-Ec-GeoHdr
X-Ec-Fail
X-Epic-Correlation-Id
X-Shield-Cache-Expires
X-GeoCode
X-Gdpr
X-Mly-Id
X-Mvc-Supplant-Cachable
X-Proto
X-Platform-Server
X-Scheme
X-Proxied-Request
X-Proxy-CacheRZ
X-Request-Time
X-Rojux
X-PAYTM-SRV-ID
X-Origin-Time
X-ScT
X-Mvc-Supplant-OutputCached
X-Nyt-Route
X-Org
X-Origin-Response-Time
X-Origin-Expires
X-DPWN-IS-SECURE
X-Developer
X-Aicache-OS
X-Aed
X-A-Wwc
A
X-TIM-N
X-Amz-Storage-Class
X-Thinkindot-L3
X-A-Dgt
X-A-Dcw
X-Varnish-Authentication
Thinkindot-CacheControl-Type
We-Hiring
X-A
X-A-Dam
X-A-Ccd
X-App-Name
X-Backend-Instance
X-Debug-Cache-Fetch
X-D
X-Debug-Cache-Store
X-DefElseHash
X-Depends
X-DefHash
X-Contensis-Viewer-Groups
X-Conf
X-BCube-Filmed-By
X-Bc-Bl
X-Bug-Bounty
X-Cache-Aspx
X-Cache-NE
X-Cache-Info
Thinkindot-CacheControl
X-We-Are-Hiring
Xc-Version
Cache
XkeyRZ
X-ElasticPress-Query
X-Vtex-Remote-Cache
X-LiteSpeed-Tag
Mime-Version
X-Policy
X-Platform
X-Acquia-Purge-Cdn-Unconfigured
X-Access
X-Accel-Expires-Debug
X-Akamai-Device-Characteristics
X-Node-Id
X-Cache-Bucket
X-Cache-Grace
X-Bl-Debug
X-BBC-Edge-Cache-Status
X-Path
X-Op-Id-All
X-B3-Trace-ID
X-V-Cache
Wxu-Next-Hostname
X-Varnish-Beresp-Status
X-Pool
Tube-Get-Contents
X-Powered-By-VTEX-Cache
X-Pubstack
RNT-Machine
RNT-Time
Server-Host
Tube-Got-Eval
X-HN
Web-Mar-Region
Wxu-Next-Commit
X-Cache-Id
W
X-Var-Ttl
Tube-Return
User-Agent
V-Age
Wxu-Next-Region
X-Tb-Optimization-Total-Bytes-Saved
X-Fmm-Version
X-Slack-Shared-Secret-Outcome
X-Slack-Backend
X-FC-Vary-Parameters
X-Sn-Servicetimems
X-Esi-Check
X-Eu-Site
X-Fastly-Backend
X-Gamma-Serve
X-Generated-On
X-GoCache-CacheStatus
X-Gzip
X-Hash
X-GeoIP-Region-Code
X-GeoIP-Country-Code
X-Human
X-HS-Content-Campaign-Id
X-SVT-ORM-RULES
X-Edge-Server
X-SD-PageType
X-Content-Age
X-Core-Value
X-SVT-ORM-VERSION
X-Clientip
X-CacheTTL
X-CGP
Req-Svc-Chain
X-Csrf-Jwt
X-Date
X-Dispatcher-Server
X-Ec-Custom-Error
X-Section
X-Level-Front-Cache
X-Location
AMP-Access-Control-Allow-Source-Origin
X-Micro-Cache
X-NMSegId
Tube-Got-Results
Cdn-Request-Time
L5d-Success-Class
L
Click-Count-Action-Start
X-VG-TLSProxy
NGX
X-Varnishpool
X-Wikidot-Static-Cache
NM-Fastcgi-Cache
X-Via-Fastly
Click-Count-Error
Gh-Request-Id
Debug
DSUID
Esi-Enabled
Ha-Gx-Prefs
Content-Style-Type
HA-Ipaddr
Yak-Timeinfo
Content-Script-Type
X-Req
Cdn-Host
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
X-MP-GENERATED-AT
X-VarnishDD-TTL
X-Wikidot-Backend
Apple-News-Services-Host
Product
X-VTEX-Cache-Server
Release
X-Pad
Apple-News-Services-Handled
Cache-Key
X-VTEX-Cache-Time
Platform
PFcat
Cache-Provider
Canary
X-Varnish-Beresp-Ttl
X-Api-Version
X-Air-Pt
Ohc-File-Size
Country-Code
CDN-EdgeStorageId
CDN-CachedAt
CDN-Cache
Fastly-SSL
X-Thanos
X-Cdn-Srv
Origin
X-Cache-FS-Status
CDN-PullZone
CDN-RequestCountryCode
CDN-Uid
CDN-RequestPullSuccess
X-Men
XM
X-Server-IP
CDN-RequestPullCode
Cross-Origin-Opener-Policy-Report-Only
X-CUA
X-NodeID
Pramga
Sid
X-Amz-Meta-Cb-Modifiedtime
X-Request-Host
X-Cached-By
X-SB
X-Request-Start
X-UA-Device-Type
Ssr
X-Bip
X-Auto-Login
Origin-EX
Origin-CC
Req-ID
X-Cache-Hit
X-Content-Length
ServerName
X-Block-Status
X-Hnp-Log
X-LiteSpeed-Cache-Control
User-Cache-Control
X-Gen-Mode
CDCHOST
X-Dc
IsBot
X-HITS
X-SIPLIST1
X-Newrelic-Synthetics
X-URL
True-Client-Country-4JS
X-Varnish-Hits
X-Provided-By
X-Irp-Debug
X-GEO
X-HOST
Fl-Custom-Application
X-AB-Test
X-AWS-Id
X-VWS-Id
X-LJ-Flow-ID
Akamai-Mon-Iucid-Del
X-ORCA-Accelerator
GeoIP-Latitude
X-Test
X-RequestId
X-CACHE-GROUP
X-Cs
Sever-Int
C-Via
Proxy-Firewall
Adler-Geo
Server-Ext
X-APP
Is-Eu
Server-Hostname
X-TA-CDN-Provider
X-Oracle-Dms-Ecid
X-Refresh
X-VServer
X-Nananana
X-Servedbyhost
X-B3-Parentspanid
X-Dispatcher-Number
X-LB-NoCache
S-Rt
CloudFront-Viewer-Country
Fastly-Drupal-HTML
X-Via-Edge
X-DC
Cache-Tv-Group
Edge-Copy-Time
X-Via-SSL
WZWS-RAY
X-Nginx-Cache-Key
X-Via-CDN
X-Geolocation
X-Cache-Date
X-HS-CF-Cache-Status
Fastly-Drupal-Html
X-ZONE
X-External-Request-Id
X-Destination
X-HA-Backend
X-S-Cookie
X-Geo-Header
X-IsAdmin
X-Zone
T-Server
X-Custom-Header
X-LB-ID
X-B3-Spanid
X-Via-Popn
X-B-Cookie
X-Via-Poph
X-Application
X-Via-Popv
X-Endurance-Cache-Level
X-Pass-Why
X-Zen-Fury
X-Tt-Logid
X-ND-Cache
X-Wa
X-Nc
X-CACHE-AGE
X-DynaTrace-JS-Agent
X-User
Server-ID
Vc-Max-Age
X-CMSURLCustom
X-Webkit-Csp-Report-Only
X-CS
HostName
GeoIp-Country-Code
X-Cache-Server
Cdn-Requestid
X-Litespeed-Tag
X-CDN-Forward
X-Presslabs-Stats
Cdn
X-SERVER-NAME
X-COUNTRY
X-Parent-Response-Time
SID
True-Client-IP
Ohc-Cache-HIT
X-AIR-PT
X-Srv
Powered-By
Vix-Hermes-Req-Id
X-Fpc
X-DataCenter
Srv
X-HubSpot-Correlation-Id
X-Varnish-Beresp-TTL
X-VC-TTL
X-TH-Server
X-Oracle-Dms-Rid
X-Moov-T
X-Moov-Xdn-Version
X-NewRelic-App-Data
X-Vgn-Hpd-Reason
X-APP-VERSION
X-Ckpd-Fst-Backend
X-Fastly-Cache
WP-Super-Cache
X-Moov-Xdn-Caching-Status
Resin-Trace
On-Server
Uri
Pics-Label
X-API-Version
ServerHost
SEZNAM-JOBS-OFFER
X-Old-Content-Length
Thinkindot-Control
X-Srcache-Store-Status
X-Air-Source
X-Srcache-Fetch-Status
X-Air-Trace-Id
X-Air-Hostname
X-Vercel-Id
X-PHP-Backend
X-Vercel-Cache
X-Cache-TTL-Remaining
True-Client-Ip
X-Amz-Meta-Opti
AKAMAI
X-FPC
Serverhost
X-Datadome
X-TX-ID
X-Client-Ip
X-Dynatrace-Js-Agent
X-Thinkindot-L1
X-Info
Server-Id
X-Action
Location
Magicmarker
X-Cache-VC
GeoIP-Country-Code
Hostname
Cl-Cache
X-CDN-Cache-Status
X-Vc
X-WA
X-Cdn-Cache-Status
N1-Cache
X-Stale
X-V
Av-Poweredby
X-Debug-Service
X-NC
CDN
X-Eligible
X-FTR-Expires
X-Rollout
X-FTR-Backend-Server
X-FTR-Cache-Status
X-Country-Code-Real
X-New
X-FTR-Backend
X-IAuth-Set-Uid
X-FTR-Balancer
X-Service-Response-Time
Sm-Log-Id
X-Ee-Origin
X-Ee-Request-Date
X-Ee-Generated-By
Store-Cloud-Cache
Time-Cloud-Cache
X-Ee-Request-Id
X-Vary-Devices
X-Lb-Id
X-PERF
X-Fastly-Cache-Status
X-Forwarded-Site
X-ApacheServer
X-Datacenter
X-Save-Cache
X-Cms-Device
X-Geo
X-VTEX-Cache-Backend-Connect-Time
X-VTEX-Cache-Backend-Header-Time
X-WA-Info
Machine
X-Udemy-Cache-App-Namespace
X-Region-Sid
X-Cache-Ttl
X-Via-PopH
X-Via-PopV
X-Oracle-DMS-ECID
X-Container-Uri
X-Git-Commit
X-Via-PopN
X-Nitro-Cache
X-Render-Time
X-Ha-Backend
X-Limited
X-Proxy-Cache-La3
X-Ssense-Gql
Xkey-La3
Server-Info
Xkeylog
X-Ssense-Shipping-Surcharge-Enabled
X-Fastly-Backend-Reqs
X-Github-Request-Id
X-Lb-Nocache
X-Traceid
Cloudfront-Viewer-Country
X-Resp-Is-Stale
CountryCode
WebServer
X-ServedByHost
X-App
X-Ftr-Request-Id
X-VCL-Version
X-Uri
Tcn
X-Litespeed-Cache-Control
TWC-GeoIP-DMA
TWC-GeoIP-Region
Cache-Hits
TWC-GeoIP-City
X-EC-Lua
X-Varnish-Hostname
X-Ion-Hop
Permission-Policy
X-Ion-Healthy
RewriteTeamHook
Edge-Cache
Geoip-Latitude
WWW-Authenticate
X-SRCache-Key
Cneonction
X-Jungle-Id
RewriteTestHook
Log-Origin
X-Akamai-Pragma-Client-IP
X-MSEdge-Flight
Cache-Contol
X-MSEdge-Features
X-Correlation-ID
X-Dw-Trace-Id
Cmsid
Cmstype
PICS-Label
Pragrma
My-App
X-LAGOON
X-Akamai-Transformed
X-Up
Reporter
X-From
X-HS-Status
X-Requestid
X-Acquia-Purge-Tags
FSS-Cache
X-Check-Cacheable
X-Acquia-Application-UUID
X-Acquia-Application-Trace
NtCoent-Length
X-Cdn-Request-ID
X-Ua
X-Serial
X-Acquia-Site
X-Pod
Cf-Ipcountry
X-Sucuri-Id
X-Elasticpress-Query
X-Web-Server
X-Akamai-ERRuleID
X-Ad-Load-Variation
CacheControlHeader
X-Sqd-Ctime
X-Sqd-Stime
X-BBC-Origin-Response-Status
X-Akamai-ERPolicy
Warning
X-Platform-Cluster
X-Orig-Cache-Control
X-Platform-Processor
X-Platform-Router
X-Ms-Blob-Type
X-Ms-Lease-Status
X-Ramcache
CF-Cached-On
Timeexpire
X-Tncms-Bot-Tier
X-Fastly-Cache-Hits