Threat Level: green Handler on Duty: Jim Clausing

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
X-Frame-Options
Expires
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
CF-Cache-Status
Cf-Request-Id
ETag
Accept-Ranges
Expect-CT
CF-RAY
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
X-XSS-Protection
Alt-Svc
Report-To
NEL
X-Xss-Protection
Referrer-Policy
Access-Control-Allow-Origin
Accept-CH
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
X-Served-By
P3P
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Request-Id
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
CF-Ray
Content-Security-Policy-Report-Only
X-Runtime
X-DNS-Prefetch-Control
X-AspNet-Version
X-Drupal-Cache
Server-Timing
P3p
X-Generator
X-Cache-Status
X-Cacheable
X-Envoy-Upstream-Service-Time
X-Ua-Compatible
X-FRAME-OPTIONS
Timing-Allow-Origin
Permissions-Policy
X-Iinfo
X-Drupal-Dynamic-Cache
X-Request-ID
Feature-Policy
Accept-CH-Lifetime
X-Content-Security-Policy
Access-Control-Expose-Headers
Upgrade
Content-Encoding
Status
X-CDN
Access-Control-Max-Age
X-AspNetMvc-Version
Host-Header
Cf-Edge-Cache
X-Robots-Tag
Request-Context
X-Amz-Request-Id
X-Backend
X-UA-Device
X-Amz-Id-2
X-Hacker
Cf-Apo-Via
X-Age
X-Cache-Group
X-Vhost
X-Proxy-Cache
EagleId
X-Turbo-Charged-By
Keep-Alive
X-Rq
X-Via
X-Dispatcher
X-Server
X-Amz-Version-Id
X-AH-Environment
X-Ws-Request-Id
Xkey
X-Varnish-Cache
X-Litespeed-Cache
Grace
X-Server-Powered-By
X-WebKit-CSP
X-OneAgent-JS-Injection
X-Swift-CacheTime
X-Swift-SaveTime
X-Pingback
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
Ali-Swift-Global-Savetime
Allow
X-Dns-Prefetch-Control
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Page-Speed
X-Cache-Lookup
X-Cloud-Trace-Context
X-Check
X-Device
X-Akam-SW-Version
X-Backend-Server
X-Host
Surrogate-Control
EagleEye-TraceId
X-Response-Time
X-Readtime
Cf-Railgun
X-HW
X-Node
X-Ruxit-JS-Agent
Request-Id
X-Server-Id
X-LiteSpeed-Cache
X-Country-Code
X-Country
Content-Location
X-Nginx-Cache-Status
Cache-Tag
X-Content-Type
X-Nginx-Upstream-Cache-Status
X-Url
Service-Worker-Allowed
Fastly-Restarts
X-Clacks-Overhead
X-Trace
Cross-Origin-Opener-Policy
X-Rack-Cache
X-Application-Context
X-Amz-Server-Side-Encryption
X-Times
X-NWS-LOG-UUID
Surrogate-Key
X-PC
X-TtlSet
X-Vname
Rating
X-Midtier
X-Mcache
X-Edge
X-Server-Name
X-Cache-TTL
X-Middleton-Display
Pagespeed
X-Sol
Display
X-Cnection
X-Powered-By-Plesk
X-Element-Page-Cache
X-Abt-Application-Version
X-Kinja-Server
X-Kinja-Build
X-Browser-Type
X-Cdn-Fetch
X-Exp-Variant
X-Exp-Id
X-Kinja
X-Kinja-Revision
X-GoogleNews-Bot
X-GitHub-Request-Id
X-ESI
Nginx-Cache
X-Vcap-Request-Id
Edge-Control
X-D2id
X-Ac
X-ORACLE-DMS-RID
Verso
X-MS-InvokeApp
X-Ser
X-Server-ID
X-Oneagent-Js-Injection
X-ECACHE
X-Ratelimit-Limit
X-Amz-Rid
X-Client-IP
X-Wormhole-Sdk
X-Middleton-Response
Response
X-FTR-Request-ID
X-Goog-Hash
X-CST
X-Powered-CMS
X-ARC
X-Navigation-Version
X-Dw-Request-Base-Id
X-Ruxit-Js-Agent
X-Kinsta-Cache
X-Edge-Location-Klb
X-Erf-Bev-Bev-Is-Generated
X-PDP-UNCACHING-HASH
X-Ratelimit-Remaining
X-Server-Lifecycle-Phase
X-Instrumentation
X-Erf-Bev-Bev
X-Kraken-Loop-Name
X-Upstream
X-Forwarded-For
X-B3-TraceId
Origin-Trial
X-Amzn-Trace-Id
SPRequestDuration
X-FastCGI-Cache
SPIisLatency
X-Mod-Pagespeed
X-Cache-Key
X-Content-Digest
Edge-Cache-Tag
Cache-Status
RTSS
Public-Key-Pins
AR-Request-ID
AR-ATIME
AR-PoweredBy
AR-SID
X-Ezoic-Cdn
X-Ttl
X-Version
X-SharePointHealthScore
SPRequestGuid
X-ORACLE-DMS-ECID
X-Daa-Tunnel
Pinterest-Generated-By
X-Pinterest-Rid
Pinterest-Version
X-NF-Request-ID
X-Mg-S
Realpath
X-Recruiting
X-MSEdge-Ref
X-Shield-Request-Id
X-T
Front-End-Https
S
Fastcgi-Cache
X-Fastly-Request-ID
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Accel-Expires
X-Distributor
Cross-Origin-Resource-Policy
X-Xrds-Location
X-Cached
AR-CACHE
Arr-Disable-Session-Affinity
X-Azure-Ref
X-Nf-Request-Id
Access-Control-Request-Method
X-TTL
Akamai-GRN
X-Correlation-Id
X-Request-Received
X-Request-Processing-Time
X-HS-Hub-Id
Cache-Tags
X-HS-Cache-Config
X-HS-Content-Id
TP-Cache
X-Id
Count-Hit
X-Debug
X-Ua-Browser
X-Ismobilevalue
X-Cluster-Name
X-TraceId
X-LLID
X-NGENIX-Cache
X-Varnish-TTL
Server-Node
X-PressLabs-Stats
X-GUploader-UploadID
MicrosoftSharePointTeamServices
X-Aspnetmvc-Version
X-Content-Security-Policy-Report-Only
X-Frontend
X-Varnish-Backend
X-Hits
X-Protected-By
X-Newrelic-App-Data
X-VARITI-CCR
Accept-Ch
X-HS-Combine-CSS
X-Amz-Replication-Status
X-Goog-Metageneration
X-LB-Cache
X-Request-Handler-Origin-Region
X-Microsite
X-Page-Id
X-DIS-Request-ID
X-Ratelimit-Reset
X-Unique-Id
Payment
X-Git-Hash
X-FB-Debug
Cleartype
X-Varnish-Server
X-Logged-In
X-Az
X-AppVersion
X-Activity-Id
X-Hostname
Content-Disposition
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-Www-Served-By
X-Cambria-Cache-Control
X-HP-Trace-Id
X-Jurisdiction
X-HP-Webp
X-Template
Host
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Varnish-Ttl
Filterid
Amp-Access-Control-Allow-Source-Origin
X-Forwarded-Proto
X-Fastcgi-Cache
X-App-Server
X-Geo-Country
Version
X-Aspnet-Version
X-Load-Cache
X-ASPNET-VERSION
Accept-Charset
X-Envoy-Decorator-Operation
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Cache-Age
Mrf-Cache-Status
Frame-Options
X-B3-TraceId-Primal
Trailer
X-Source
MRF-Tech
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
X-Type
Fastly-SIE
Fastly-SWR
X-Ah-Environment
Viewport
Section-Io-Cache
X-Content-Options
Access-Control-Allow-Method
X-HS-Prerendered
X-Upgrade-Enabled
X-Fb-Rlafr
X-TT
Server-Name
X-Origin-Server
X-B
X-Grace
X-B3-Sampled
X-Language
X-FTR-Cache-Status
X-FTR-Expires
X-FTR-Balancer
X-FTR-Backend
X-Country-Code-Real
X-FTR-Backend-Server
X-Cache-Control
X-Device-Type
X-Buckets
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Rid
X-Px
Retry-After
MS-Author-Via
X-Tec-Api-Origin
X-TEC-API-VERSION
X-Cdn
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Tec-Api-Version
X-Tec-Api-Root
Content-MD5
X-Mobile
X-Magnolia-Registration
X-Request-Guid
X-Vcl-Version
TCN
X-EdgeConnect-Cache-Status
X-Trace-Id
X-Revision
X-Varnish-Grace
X-Akamai-Edgescape
Protected
X-WP-CF-Super-Cache-Active
Healthy
X-Backend-Name
X-B3-Traceid
Cross-Origin-Embedder-Policy-Report-Only
Charset
X-Proxy
Upgrade-Insecure-Requests
X-Response-Served-From
X-RM-Cache-TTL
X-Original-Request-Id
X-Instance
X-App-Environment
X-Debug-Info
SD-X-WS
X-ServerID
X-Status
X-NYM-Debug-Backend
X-ProcessESI
X-RemovedCookies
X-Rendered-As
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Is-Bot
X-Tumblr-Pixel-1
X-Tumblr-User
X-FW-Static
X-FW-Server
X-FW-Hash
X-FW-Serve
X-FW-Dynamic
X-Cache-Time
NGB
Cross-Origin-Window-Policy
Access-Control-Request-Headers
X-Adobe-Content
X-Adobe-Loc
X-Cacheable-TTL
X-FW-Type
X-Framework
X-FW-Version
X-Region
X-Rule
X-UUID
X-Node-Name
X-Storage
X-Mg-Request-UUID
X-Edge-Location
Refresh
MS-CV
X-Yottaa-Optimizations
X-Yottaa-Metrics
Ms-Operation-Id
X-Whom
X-Datadog-Parent-Id
X-Debug-IsConnected
X-Debug-IsPreview
X-Proxy-Cache-Info
X-Datadog-Trace-Id
X-Datadog-Sampling-Priority
X-Content-Powered-By
X-RTag
X-Datadog-Sampled
X-G
OT-Force-Account-Verify
GEO-INFO
X-ECache
X-Environment-Context
X-Lambda-Id
X-L-Path
X-CSRF-Token
X-Resp-Is-Stale
Section-Io-Id
Webserver
X-Contextid
X-Reqid
X-Amzn-Remapped-Content-Length
X-TT-LOGID
X-Hcs-Proxy-Type
X-CCDN-Origin-Time
DC
X-CCDN-CacheTTL
Countrycode
X-User-Agent
X-Origin-Cache
X-Server-W
Paypal-Debug-Id
X-Amz-Meta-S3cmd-Attrs
X-HTML-Minification-Powered-By
X-RateLimit-Remaining
X-VC
X-Real-IP
Alternate-Protocol
X-WebKit-CSP-Report-Only
X-Time
SRV
Front
X-HS-CF-Cache-Status
Cross-Origin-Opener-Policy-Report-Only
X-DataDome
Priority
Ohc-File-Size
X-Seen-By
WPO-Cache-Status
WPO-Cache-Message
X-WP-CF-Super-Cache-Cookies-Bypass
Accept-Ch-Lifetime
X-B3-SpanId
X-Rocket-Nginx-Serving-Static
Liferay-Portal
X-Hl-Ver
Xet-Cookie
X-Origin-CC
Backend
X-Origin-TTL
X-Mode
X-IPS-LoggedIn
Onion-Location
X-Akamai-Request-ID2
Webcakes-Region
TWC-GeoIP-Country
X-JoinUs
ServerID
X-Rewrite-Enabled
X-Tumblr-Pixel-2
X-SayCDN-TTL
X-Cache-Action
X-Origin-Hint
TWC-Connection-Speed
Web-Mar-Node
X-Redis-Cache
X-Say-TTL
X-Tumblr-Pixel-3
TWC-Privacy
X-Cache-Host
X-Rn-Rsrv
Property-Id
X-AB
X-SaId
X-FB-TRIP-ID
X-Format
Webcakes-App-Version
Webcakes-App-Name
TWC-GeoIP-LatLong
TWC-Device-Class
TWC-Locale-Group
Meta-Geo
X-UPSTREAM-Address
Fastcgi-Useragent
Filters
X-Say-Cacheable
Mn-Server-Ip
DB-Nickname
Expiry
From-Origin
X-Handled-By
X-Fetched-On
X-Skip-Cache
X-Ms-Version
X-IPLB-Instance
X-IPLB-Request-ID
X-Soup
X-Tncms
X-PHP-Host
X-Scope-Id
X-R9-Blue-Green-Version
X-Restarts
X-Origin-Date
X-Director
X-Detected-As
Uber-Trace-Id
X-VC-Cache
X-Labrador-Cache-Channel
X-Ms-Request-Id
X-Varnish-Age
X-Vcache
X-Accel-Version
X-Cms-Context
X-Connection-Hash
X-Cluster-Node
X-Cache-Expired-At
X-Hosted-By
X-Loop
Country
X-Tb
X-Nginx-Cache
X-DynaTrace
X-N
Environment
X-Cache-Status-Check
Atl-Traceid
X-Logging-Id
X-Httpd
Url
X-Forwarded-Host
X-Adobe-Source
X-BYPASS-REASON
X-ProxyCache-Key
X-Frame-Option
Apigw-Requestid
X-Varnish-Cache-Hits
X-Webstats-RespID
X-ProxyCache-Status
X-Servername
X-Web-Node
X-Varnish-Beresp-Grace
X-Fastly-Request-Id
X-Cluster
Selected-Fe
ServedBy
X-Timing-Wait
X-Served-From
X-Proxy-Build
X-Auth-Group-Type
X-Extlb
X-Cloudmap
X-Routing-Service
X-S
X-Zipkin-Id
X-Origin
X-Proxied
X-Azure-Ref-OriginShield
X-Hit
Surrogated-Key
X-RateLimit-Limit-Second
X-Worker
X-RateLimit-Remaining-Second
Cross-Origin-Embedder-Policy
X-LSADC-Cache
X-SRV
X-CDN-Forward
LB
X-Request-URI
X-Cache-Hit
Accept-Language
X-Lagoon
X-Sucuri-Cache
Referer-Policy
X-Generation-Time
X-Drupal-Cache-Tags
N-Cache
X-Generated-By
X-Drupal-Cache-Contexts
X-Cdn-Origin
X-App-Version
X-Sucuri-ID
X-MP-GENERATED-AT
Xserver
CDN-RequestId
CF-IPCountry
X-Webkit-Csp
X-URL
Ohc-Cache-HIT
X-Xfnlog-Site
X-Tx-Id
X-TA-CDN-Provider
X-F-Cache
Node
Source
X-VC-TTL
Cache
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-AIR-PT
X-Mly-Id
Edge-Copy-Time
X-Via-CDN
X-Via-SSL
X-Via-Edge
X-Wix-Request-Id
X-NODE
X-Cache-Rule
X-Cache-Debug
X-UA
X-RCS-CacheZone
X-INCAP-ABP
X-Pad
Cache-Provider
X-Site-Version
X-XRDS-Location
X-VCT
X-Varnish-Beresp-Ttl
X-Locale
X-GEO
X-Oracle-Dms-Ecid
X-ElasticPress-Query
Cluster
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Wxu-Next-Hostname
Wxu-Next-Region
L5d-Success-Class
Apple-News-Services-Request-Url
We-Hiring
Wxu-Next-Commit
Candidate-Md5Url
BehaviorPad-Version
Web-Mar-Region
Mail-Subject
Redirect-Candidate
Fl-Custom-Application
Odigeo-Trace-Id
Ngx.Var.Host
Fastly-SSL
Fastly-GeoIP-CountryCode
Expect-Staple
PFcat
Fastly-Backend-Name
Producers
Ha-Gx-Prefs
Meta-Geo-Continent
Sslversion
DCR-Decision-By
Origin
Host-ID
X-A
MD5-Digest
Rendered-Blocks
HA-Ipaddr
DCR-Processing-Time-Ms
Lang
X-Bug-Bounty
X-Is-Tablet
X-Is-Supported-Browser
X-Is-Mobile
X-Jobs
X-Mvc-Supplant-Cachable
X-Org
X-Op-Id-All
X-Nyt-Route
X-Is-Desktop
X-Ig-Push-State
X-GeoIP-Region-Code
X-GeoIP-Country-Code
X-GeoCountry
X-Geolocation
X-HN
X-Ig-Origin-Region
X-HS-Content-Campaign-Id
X-Origin-Time
X-Path
X-Tcp-Rtt
X-Slack-Shared-Secret-Outcome
X-Slack-Backend
X-VarnishDD-TTL
X-Vdms-Version
Xc-Version
X-Vtex-Remote-Cache
X-Section
X-SD-PageType
X-Proto
X-Platform-Server
X-PAYTM-SRV-ID
X-Proxied-Request
X-Rojux
X-ScT
X-S-Cookie
X-GeoCode
X-Geo-Region
X-BCube-Filmed-By
X-Bc-Bl
X-Backend-Instance
X-Bl-Debug
X-Browser-Name
X-Cache-Grace
Apple-News-Services-Handled
X-B-Cookie
X-Application
X-A-Dgt
X-A-Dcw
X-A-Dam
X-AB-Test
X-Access
X-Aicache-OS
X-Aed
X-Cache-NE
X-Cache-Operation
X-Ec-GeoHdr
X-Ec-Fail
X-DPWN-IS-SECURE
X-Eu-Site
X-External-Request-Id
X-Gdpr
X-FC-Vary-Parameters
X-Developer
X-Destination
X-Conf
X-CGP
X-Cached-By
X-Csrf-Jwt
X-D
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-A-Ccd
X-A-Wwc
X-Urbn-Context-Path
X-NWS-UUID-VERIFY
X-Urbn-Site-Id
Locale
X-No-Session
X-NGINX-Cache
X-DefElseHash
X-DefHash
X-Dispatcher-Server
X-Date
X-CUA
X-Content-Age
X-Content-Length
X-Core-Value
X-Ec-Custom-Error
X-Epic-Correlation-Id
X-GeoIP
X-GeoIP-City
X-GoCache-CacheStatus
X-Generated-On
X-Gamma-Serve
X-Esi-Check
X-Fastly-Backend
X-Fmm-Version
X-Clientip
X-CacheTTL
X-AK-Request-ID
X-Akamai-Device-Characteristics
X-Amz-Meta-Cb-Modifiedtime
X-Accel-Expires-Debug
V-Age
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
User-Cache-Control
X-Amz-Storage-Class
X-App-Name
X-Cache-Date
X-Cache-Id
X-Cache-Info
X-Block-Status
X-BBC-Edge-Cache-Status
X-Auto-Login
X-B-Cache
X-B3-Trace-ID
X-Gzip
X-Hash
X-Varnish-CookieINHashed-On
X-Varnish-Director
X-Varnish-Remaining-TTL
X-Varnish-CookieHashed-On
X-V-Cache
X-Signature
X-Thinkindot-L3
X-User
X-VG-WebCache
X-Via-Fastly
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-Zen-Fury
X-VTEX-Cache-Time
X-VTEX-Cache-Server
X-Viewer-Country
X-Vmg-Version
X-VServer
X-Shield-Cache-Expires
X-Scheme
X-Micro-Cache
X-Mvc-Supplant-OutputCached
X-NMSegId
X-Location
X-Loc
X-Hnp-Log
X-Human
X-Level-Front-Cache
X-Node-Id
X-NodeID
X-Request-Host
X-Request-Time
X-SB
X-Req
X-Powered-By-VTEX-Cache
X-Origin-Expires
X-Platform
X-Policy
TDXMobile
X-Gen-Mode
Req-Svc-Chain
RNT-Time
Azure-Version
Content-Style-Type
Azure-SiteName
CDCHOST
NM-Fastcgi-Cache
Content-Script-Type
Azure-SlotName
Origin-Agent-Cluster
Cdncip
Azure-RegionName
Azure-InstanceId
Canary
Product
L
Cdnsip
Gh-Request-Id
Gannett-Cam-Experience-Id
Server-Host
RNT-Machine
Debug
Platform
X-Sorting-Hat-ShopId
Akamai-Mon-Iucid-Del
X-ShardId
X-Ua-Device
X-Shopify-Stage
X-Storefront-Renderer-Rendered
X-Alternate-Cache-Key
X-ShopId
X-COUNTRY
X-Sorting-Hat-PodId
X-Sn-Servicetimems
X-SVT-ORM-VERSION
X-Cache-FS-Status
X-UA-Device-Type
X-Cache-Aspx
X-TIM-N
X-Thanos
X-SVT-ORM-RULES
X-Cdn-Srv
Origin-EX
X-Server-IP
X-Origin-Response-Time
X-Edge-Server
X-Pool
DSUID
X-Men
X-Internal-TTL
X-IsAdmin
X-Pubstack
Country-Code
X-Litespeed-Tag
Click-Count-Error
Origin-CC
X-Depends
Content-Secure-Policy
NGX
X-Request-Start
X-Contensis-Viewer-Groups
Click-Count-Action-Start
Tube-Get-Contents
Tube-Got-Eval
X-Acquia-Purge-Cdn-Unconfigured
Req-ID
Release
X-We-Are-Hiring
Tube-Got-Results
W
Yak-Timeinfo
XM
Tube-Return
X-TH-Server
X-VG-TLSProxy
X-Varnish-Beresp-Status
Cdn-Request-Time
ServerName
X-Bip
X-Varnish-Authentication
Cdn-Host
X-Via-JSL
Mime-Version
X-Service
Ssr
CDN-PullZone
CDN-RequestPullSuccess
CDN-EdgeStorageId
CDN-Uid
CDN-CachedAt
X-LB-NoCache
Sid
IsBot
CDN-RequestCountryCode
CDN-RequestPullCode
X-Irp-Debug
X-Vgn-Hpd-Reason
User-Agent
X-SIPLIST1
X-Tb-Optimization-Total-Bytes-Saved
CDN-Cache
X-RID
X-HOST
X-Moov-Xdn-Version
X-Varnish-Hits
X-Var-Ttl
X-Old-Content-Length
X-CACHE-GROUP
X-Moov-Xdn-Caching-Status
X-Varnishpool
X-Moov-T
Pramga
GeoIP-Latitude
N1-Cache
X-NewRelic-App-Data
Fastly-Drupal-HTML
X-Api-Version
X-DC
X-Proxy-Cache-Status
X-ZONE
X-ORCA-Accelerator
X-HITS
X-Cs
X-Servedbyhost
CloudFront-Viewer-Country
X-Refresh
X-RequestId
X-HubSpot-Correlation-Id
Esi-Enabled
X-Action
X-APP
X-Nc
X-Wa
TWC-GeoIP-City
TWC-GeoIP-Region
Cache-Hits
TWC-GeoIP-DMA
X-Thinkindot-L1
X-Vercel-Cache
C-Via
X-Cache-VC
Location
X-Vercel-Id
X-LiteSpeed-Tag
X-Upstream-Ht
X-Upstream-Ct
X-Newrelic-Synthetics
X-B3-Spanid
Server-ID
X-Via-Poph
X-LiteSpeed-Cache-Control
X-Cache-Bucket
X-Dc
X-Via-Popn
X-Via-Popv
Cdn-Requestid
X-HA-Backend
X-Webkit-CSP
X-Parent-Response-Time
AMP-Access-Control-Allow-Source-Origin
X-Proxy-CacheRZ
Cache-Key
XkeyRZ
A
X-B3-Parentspanid
X-Nananana
X-CS
X-LB-ID
Fastly-Drupal-Html
X-Tt-Logid
X-Presslabs-Stats
X-DynaTrace-JS-Agent
X-PERF
X-Zone
HostName
X-ApacheServer
X-Endurance-Cache-Level
X-Ua
X-Render-Time
X-WA-Info
WP-Super-Cache
X-DataCenter
X-Srv
X-CACHE-AGE
Proxy-Firewall
X-Webkit-Csp-Report-Only
X-Uri
GeoIp-Country-Code
X-Nitro-Cache
SID
X-Litespeed-Cache-Control
Uri
X-API-Version
Cache-Contol
X-Ion-Hop
RewriteTestHook
X-Ion-Healthy
RewriteTeamHook
X-Fpc
X-Jungle-Id
X-Cdn-Forward
Log-Origin
Cmstype
Cmsid
My-App
TP-L2-Cache
True-Client-IP
X-Datadome
True-Client-Ip
Sever-Int
True-Client-Country-4JS
Server-Hostname
Server-Ext
X-Up
X-From
Resin-Trace
X-Service-Response-Time
Sm-Log-Id
X-Optimistic-Header
X-Ssense-Gql
GeoIP-Country-Code
X-Ssense-Shipping-Surcharge-Enabled
X-Varnish-Beresp-TTL
X-Test
X-CLOUD-TRACE-CONTEXT
CacheControlHeader
X-SERVER-NAME
X-FPC
X-Dispatcher-Number
Is-Eu
X-Datacenter
Tcn
SEZNAM-JOBS-OFFER
X-Stale
Cdn
X-Udemy-Cache-App-Namespace
Adler-Geo
X-Client-Ip
X-Pass-Why
X-Dynatrace-Js-Agent
X-RateLimit-Limit
X-Nginx-Cache-Key
WZWS-RAY
X-Srcache-Store-Status
X-Srcache-Fetch-Status
X-Oracle-Dms-Rid
Hostname
X-APP-VERSION
Lb
Srv
X-Air-Pt
X-Air-Trace-Id
Origin-Site
X-Air-Hostname
X-Custom-Header
X-Debug-Service
Server-Id
X-Fastly-Cache-Status
X-Air-Source
T-Server
X-Geo-Header
X-LJ-Flow-ID
X-TX-ID
X-VWS-Id
X-AWS-Id
X-Lb-Id
X-ND-Cache
X-Varnish-Hostname
X-SRCache-Key
X-Vc
X-Provided-By
X-Cache-Server
X-Ha-Backend
Serverhost
X-VCL-Version
X-CMSURLCustom
X-Via-PopN
AKAMAI-GRN
Vc-Max-Age
X-Akamai-Pragma-Client-IP
X-App
Cf-Ipcountry
X-Via-PopV
X-Via-PopH
X-Correlation-ID
NtCoent-Length
Edge-Cache
X-Fastly-Backend-Reqs
X-Cache-Ttl
X-Html-Minification-Powered-By
Pragrma
X-Oracle-DMS-ECID
X-WA
ServerHost
Pics-Label
X-NC
X-XRDS-LOCATION
X-Esi
Geoip-Latitude
X-Sigma
S-Rt
YJS-ID
X-Forwarded-Site
X-Sigma-Backend
X-Rocket-Build-Number
X-Cdn-Cache-Status
Machine
Epwk-X-Cache
X-Region-Sid
Powered-By
Av-Poweredby
X-LAGOON
X-ServedByHost
Cloudfront-Viewer-Country
X-Requestid
Nord-Request-ID
WebServer
X-Cache-TTL-Remaining
Vix-Hermes-Req-Id
Ms-Author-Via
Cache-Tv-Group
X-Traceid
WWW-Authenticate
CountryCode
X-Sucuri-Id
Warning
MIME-Version
X-MSEdge-Features
X-Ckpd-Fst-Backend
X-HS-Status
X-MSEdge-Flight
X-Proxy-Cache-La3
Xkeylog
X-Fastly-Cache
Xkey-La3
X-Wp-Cf-Super-Cache-Cache-Control
Reporter
X-CSRF-TOKEN
X-Check-Cacheable
X-Lb-Nocache
X-Wp-Cf-Super-Cache
On-Server
Thinkindot-Control
X-Akamai-ERPolicy
X-IAuth-Set-Uid
FSS-Cache
DataCenter
X-Serial
X-Akamai-ERRuleID
Coldstone-Viewer-Country-Region-Name
X-Cdn-Request-ID
Coldstone-Viewer-Currency
Yjs-Id
Coldstone-Viewer-Country
X-VTEX-Cache-Backend-Header-Time
Timeexpire
X-Dw-Trace-Id
X-BBC-Origin-Response-Status
X-Orig-Cache-Control
X-Elasticpress-Query
Cneonction
Thinkindot-Cache-Type
X-Tncms-Bot-Tier
X-Lsadc-Cache
X-VTEX-Cache-Backend-Connect-Time
X-Web-Server
X-Td-Header-From-No-Data
X-Mg-Cache