Threat Level: green Handler on Duty: Daniel Wesemann

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
X-Frame-Options
Expires
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
CF-Cache-Status
Cf-Request-Id
ETag
Accept-Ranges
Expect-CT
CF-RAY
Pragma
X-Powered-By
X-Cache
X-XSS-Protection
Via
Age
Content-Security-Policy
Alt-Svc
Report-To
NEL
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Xss-Protection
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
X-Served-By
P3P
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-Varnish
X-Adblock-Key
Accept-CH
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
CF-Ray
Content-Security-Policy-Report-Only
X-Runtime
X-DNS-Prefetch-Control
X-AspNet-Version
P3p
X-Drupal-Cache
Server-Timing
X-Generator
X-Cache-Status
X-Cacheable
X-Envoy-Upstream-Service-Time
X-Request-ID
X-FRAME-OPTIONS
Timing-Allow-Origin
X-Iinfo
X-Drupal-Dynamic-Cache
Permissions-Policy
X-Ua-Compatible
X-Content-Security-Policy
Access-Control-Expose-Headers
Feature-Policy
Upgrade
Content-Encoding
Status
X-CDN
X-Check
X-AspNetMvc-Version
Access-Control-Max-Age
Host-Header
Cf-Edge-Cache
X-Robots-Tag
Request-Context
X-Amz-Request-Id
X-Amz-Id-2
X-Backend
X-Hacker
Cf-Apo-Via
X-Turbo-Charged-By
X-Cache-Group
X-Proxy-Cache
Keep-Alive
X-Via
X-Rq
X-Age
X-UA-Device
EagleId
X-Server
X-Dispatcher
X-Vhost
X-Amz-Version-Id
X-AH-Environment
X-Ws-Request-Id
X-Dns-Prefetch-Control
Accept-CH-Lifetime
X-Varnish-Cache
X-Litespeed-Cache
Grace
X-Server-Powered-By
X-Pingback
X-Swift-SaveTime
X-Swift-CacheTime
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
Allow
X-OneAgent-JS-Injection
Ali-Swift-Global-Savetime
X-WebKit-CSP
X-Cache-Lookup
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Page-Speed
X-Cloud-Trace-Context
X-Device
X-Backend-Server
Xkey
X-Akam-SW-Version
EagleEye-TraceId
X-Host
Surrogate-Control
X-Response-Time
Cf-Railgun
X-Readtime
X-Node
X-HW
X-Server-Id
Request-Id
X-Ruxit-JS-Agent
X-LiteSpeed-Cache
X-Country
X-Url
X-Nginx-Cache-Status
Cache-Tag
X-Content-Type
Content-Location
X-Nginx-Upstream-Cache-Status
X-Application-Context
X-NWS-LOG-UUID
X-Clacks-Overhead
Service-Worker-Allowed
X-Trace
Fastly-Restarts
Cross-Origin-Opener-Policy
X-Amz-Server-Side-Encryption
X-Country-Code
X-Rack-Cache
X-Times
X-Vname
X-PC
X-TtlSet
X-Midtier
X-Mcache
X-Edge
Surrogate-Key
Rating
X-Server-Name
X-Sol
X-Middleton-Display
Display
Pagespeed
X-Cache-TTL
X-Browser-Type
X-Cnection
X-Element-Page-Cache
X-Abt-Application-Version
X-Kinja-Server
X-Kinja
X-Exp-Id
X-Kinja-Build
X-Cdn-Fetch
X-GoogleNews-Bot
X-Exp-Variant
X-Kinja-Revision
Nginx-Cache
X-ESI
X-Oneagent-Js-Injection
X-Powered-By-Plesk
X-GitHub-Request-Id
Edge-Control
X-Ser
X-ECACHE
X-D2id
Verso
X-Ac
X-Vcap-Request-Id
X-MS-InvokeApp
X-Client-IP
X-ORACLE-DMS-RID
X-Dw-Request-Base-Id
X-ARC
X-B3-TraceId
X-Middleton-Response
Response
X-Amz-Rid
X-CST
X-Powered-CMS
X-Goog-Hash
X-Navigation-Version
X-Kinsta-Cache
X-Wormhole-Sdk
X-Upstream
X-Edge-Location-Klb
X-Erf-Bev-Bev
X-Kraken-Loop-Name
X-Instrumentation
X-Erf-Bev-Bev-Is-Generated
X-PDP-UNCACHING-HASH
X-Server-Lifecycle-Phase
Accept-Ch-Lifetime
X-Forwarded-For
X-Daa-Tunnel
X-Ratelimit-Limit
X-Amzn-Trace-Id
X-Ruxit-Js-Agent
X-Cache-Key
RTSS
X-FastCGI-Cache
SPIisLatency
SPRequestDuration
X-Ratelimit-Remaining
X-Server-ID
AR-Request-ID
AR-SID
AR-ATIME
AR-PoweredBy
X-NF-Request-ID
X-Mod-Pagespeed
Edge-Cache-Tag
Cache-Status
X-ORACLE-DMS-ECID
Public-Key-Pins
X-Version
X-Ezoic-Cdn
X-Mg-S
X-Content-Digest
X-Ttl
X-SharePointHealthScore
SPRequestGuid
S
Realpath
X-Fastly-Request-ID
Cross-Origin-Resource-Policy
AR-CACHE
X-T
X-Shield-Request-Id
X-MSEdge-Ref
Fastcgi-Cache
X-Cached
X-Recruiting
X-Ua-Device
X-Accel-Expires
X-Varnish-TTL
Front-End-Https
X-Distributor
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-TTL
TP-Cache
Access-Control-Request-Method
X-Azure-Ref
X-Newrelic-App-Data
X-Request-Processing-Time
X-Request-Received
Arr-Disable-Session-Affinity
X-Id
Count-Hit
X-Ua-Browser
X-HS-Hub-Id
Origin-Trial
X-HS-Content-Id
X-HS-Cache-Config
X-Debug
MicrosoftSharePointTeamServices
Server-Node
X-LLID
X-Content-Security-Policy-Report-Only
Cache-Tags
X-Pinterest-Rid
X-VARITI-CCR
Pinterest-Generated-By
X-Ismobilevalue
Pinterest-Version
X-Frontend
X-Cluster-Name
X-PressLabs-Stats
X-HS-Combine-CSS
X-Correlation-Id
X-Hits
Accept-Ch
X-Varnish-Backend
X-GUploader-UploadID
Payment
X-Amz-Replication-Status
X-Protected-By
X-Goog-Metageneration
X-Xrds-Location
X-Microsite
X-NGENIX-Cache
X-LB-Cache
X-Request-Handler-Origin-Region
X-Unique-Id
X-Nf-Request-Id
Cleartype
X-Forwarded-Proto
X-FB-Debug
X-Varnish-Server
X-Az
Host
X-Git-Hash
X-Logged-In
X-AppVersion
X-Activity-Id
X-Www-Served-By
Content-Disposition
X-Ratelimit-Reset
X-Tt-Trace-Host
X-Tt-Trace-Tag
Filterid
X-Hostname
X-Page-Id
Akamai-GRN
X-DIS-Request-ID
X-HP-Webp
X-Cambria-Cache-Control
X-HP-Trace-Id
X-Jurisdiction
X-App-Server
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Template
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
X-FTR-Request-ID
X-Geo-Country
X-Aspnet-Version
Access-Control-Allow-Method
X-Fastcgi-Cache
Frame-Options
X-ASPNET-VERSION
X-Origin-Server
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Goog-Storage-Class
X-Upgrade-Enabled
X-Load-Cache
X-Varnish-Ttl
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
X-Type
MS-Author-Via
Retry-After
Fastly-SIE
Viewport
Version
Fastly-SWR
X-Ah-Environment
X-Content-Options
Section-Io-Cache
X-Fb-Rlafr
Accept-Charset
X-Cache-Control
X-TT
Content-MD5
X-B
X-B3-Sampled
X-Rid
Amp-Access-Control-Allow-Source-Origin
X-Grace
X-Envoy-Decorator-Operation
X-SRCache-Fetch-Status
X-Source
X-SRCache-Store-Status
X-Vcl-Version
X-Request-Guid
X-Cdn
Trailer
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Trace-Id
X-TEC-API-ORIGIN
X-Device-Type
X-Tec-Api-Root
X-Tec-Api-Version
X-Tec-Api-Origin
X-Revision
X-Cache-Age
Server-Name
X-Language
Healthy
X-Magnolia-Registration
X-Buckets
X-Aspnetmvc-Version
X-Webkit-CSP
X-RateLimit-Remaining
X-Origin-Cache
X-Mobile
X-Px
X-CSRF-Token
X-WP-CF-Super-Cache-Active
X-Contextid
X-Backend-Name
TCN
X-Amz-Meta-S3cmd-Attrs
X-TraceId
X-Akamai-Edgescape
X-HS-Prerendered
X-Status
X-RM-Cache-TTL
X-App-Environment
X-Tumblr-Pixel
X-Tumblr-User
X-Tumblr-Pixel-0
X-Proxy
X-Tumblr-Pixel-1
X-RemovedCookies
X-Environment-Context
X-Varnish-Grace
X-L-Path
X-Instance
X-ProcessESI
X-Debug-Info
X-NYM-Debug-Backend
X-Rule
X-Mg-Request-UUID
GEO-INFO
X-FW-Type
X-FW-Static
X-FW-Version
NGB
X-Edge-Location
X-Webkit-Csp
X-Proxy-Cache-Info
SD-X-WS
X-FW-Server
Cross-Origin-Window-Policy
X-Framework
X-FW-Serve
X-FW-Dynamic
X-FW-Hash
X-EdgeConnect-Cache-Status
X-UUID
X-Node-Name
X-Region
X-ServerID
Access-Control-Request-Headers
X-Storage
MS-CV
X-Rendered-As
X-RTag
X-Adobe-Loc
Ms-Operation-Id
X-Datadog-Parent-Id
X-Datadog-Sampled
X-Adobe-Content
X-Datadog-Sampling-Priority
X-Debug-IsConnected
X-Is-Bot
X-Debug-IsPreview
X-Content-Powered-By
X-Datadog-Trace-Id
X-Cache-Time
X-Cacheable-TTL
X-Yottaa-Metrics
X-G
X-Yottaa-Optimizations
Protected
Charset
DC
Upgrade-Insecure-Requests
X-HTML-Minification-Powered-By
X-Seen-By
Paypal-Debug-Id
X-Whom
Countrycode
X-User-Agent
Webserver
Refresh
OT-Force-Account-Verify
Cross-Origin-Embedder-Policy-Report-Only
X-Response-Served-From
X-Lambda-Id
X-Original-Request-Id
Front
Section-Io-Id
X-VC
X-WebKit-CSP-Report-Only
X-VHOST
X-Reqid
X-ECache
X-Amzn-Remapped-Content-Length
Alternate-Protocol
SRV
X-IPS-LoggedIn
X-B3-Traceid
Priority
X-AB
X-TT-LOGID
X-Server-W
X-Akamai-Request-ID2
X-Cache-Status-Check
X-N
Country
X-WP-CF-Super-Cache-Cookies-Bypass
Backend
X-Hcs-Proxy-Type
X-CCDN-CacheTTL
X-CCDN-Origin-Time
Liferay-Portal
X-Nginx-Cache
X-B3-SpanId
X-Time
X-Real-IP
X-Mode
Xet-Cookie
Onion-Location
Filters
Fastcgi-Useragent
TWC-Connection-Speed
Property-Id
ServerID
Meta-Geo
TWC-GeoIP-Country
Webcakes-Region
TWC-Privacy
Environment
TWC-Locale-Group
Webcakes-App-Version
Webcakes-App-Name
TWC-GeoIP-LatLong
TWC-Device-Class
X-JoinUs
X-Rewrite-Enabled
X-Rn-Rsrv
X-Format
X-Hl-Ver
X-Origin-Hint
X-SaId
X-FB-TRIP-ID
X-UPSTREAM-Address
X-Tumblr-Pixel-2
X-Cache-Host
X-R9-Blue-Green-Version
X-SayCDN-TTL
X-Tb
X-Origin-Date
Web-Mar-Node
X-Scope-Id
X-Redis-Cache
X-Restarts
X-Say-Cacheable
X-Varnish-Age
X-Request-URI
X-Rocket-Nginx-Serving-Static
Uber-Trace-Id
X-Say-TTL
X-VC-Cache
Expiry
X-Fetched-On
X-Skip-Cache
X-Connection-Hash
X-Cluster-Node
DB-Nickname
X-Cache-Action
X-Cache-Expired-At
Mn-Server-Ip
X-Frame-Option
X-IPLB-Request-ID
X-Accel-Version
From-Origin
X-IPLB-Instance
X-Hosted-By
X-Webstats-RespID
X-Vcache
X-Web-Node
X-Varnish-Cache-Hits
X-Soup
X-Varnish-Beresp-Grace
X-ProxyCache-Key
X-Forwarded-Host
X-Handled-By
X-Httpd
Apigw-Requestid
X-Director
X-BYPASS-REASON
X-Cms-Context
X-Tncms
X-Labrador-Cache-Channel
X-PHP-Host
Atl-Traceid
X-ProxyCache-Status
X-Loop
X-Logging-Id
X-Fastly-Request-Id
X-Timing-Wait
Url
X-Cluster
X-Auth-Group-Type
X-Adobe-Source
X-Proxy-Build
X-Served-From
Selected-Fe
X-Servername
ServedBy
X-Origin-CC
Accept-Language
X-Origin-TTL
X-Origin
X-Detected-As
X-Extlb
X-Proxied
X-Cloudmap
X-Zipkin-Id
X-Routing-Service
X-S
Cross-Origin-Embedder-Policy
X-DynaTrace
X-DataDome
Referer-Policy
X-Hit
X-Ms-Version
X-Ms-Request-Id
X-Generated-By
N-Cache
X-Tumblr-Pixel-3
X-XRDS-Location
WPO-Cache-Status
WPO-Cache-Message
X-Wix-Request-Id
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-LSADC-Cache
Xserver
X-Lagoon
X-SRV
X-Azure-Ref-OriginShield
Cross-Origin-Opener-Policy-Report-Only
Surrogated-Key
X-Xfnlog-Site
X-RateLimit-Limit-Second
X-Worker
X-RateLimit-Remaining-Second
Source
X-CLOUD-TRACE-CONTEXT
X-NWS-UUID-VERIFY
X-App-Version
LB
X-Sucuri-Cache
X-Generation-Time
CF-IPCountry
Ohc-File-Size
X-Cache-Debug
X-RCS-CacheZone
X-Via-JSL
X-VCT
X-Drupal-Cache-Contexts
X-Drupal-Cache-Tags
X-Proxy-Cache-Status
X-Cdn-Origin
Node
X-F-Cache
X-HS-CF-Cache-Status
X-MP-GENERATED-AT
X-Geo-Region
X-Is-Mobile
X-Is-Desktop
X-Is-Tablet
X-Browser-Name
X-Is-Supported-Browser
X-Tcp-Rtt
X-Sucuri-ID
X-No-Session
X-Cache-Hit
X-NODE
Locale
X-Urbn-Context-Path
X-Urbn-Site-Id
CDN-RequestId
X-Signature
X-Varnish-Beresp-Ttl
X-Tx-Id
X-B-Cache
X-Upstream-Ht
X-Upstream-Ct
X-FTR-Cache-Status
X-ElasticPress-Query
X-FTR-Expires
X-TA-CDN-Provider
X-FTR-Balancer
X-FTR-Backend
X-FTR-Backend-Server
X-Country-Code-Real
X-ShardId
X-Mly-Id
X-ShopId
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Shopify-Stage
X-Storefront-Renderer-Rendered
X-UA
X-Cache-Rule
Cache
X-Alternate-Cache-Key
X-Cache-Operation
X-Proxied-Request
Candidate-Md5Url
User-Agent
X-AB-Test
X-A-Dgt
X-Platform-Server
X-A-Wwc
Apple-News-Services-Parsed-Url
X-TIM-N
X-Cache-Info
Apple-News-Services-Request-Url
X-Aicache-OS
X-Aed
W
X-Access
Sslversion
We-Hiring
X-Bug-Bounty
X-Backend-Instance
X-A
X-BCube-Filmed-By
X-Proto
Wxu-Next-Region
X-Bc-Bl
Wxu-Next-Commit
X-Vdms-Version
Cache-Provider
X-App-Name
X-A-Dam
Wxu-Next-Hostname
Apple-News-Services-Host
BehaviorPad-Version
X-VarnishDD-TTL
X-A-Ccd
X-A-Dcw
Rendered-Blocks
DCR-Processing-Time-Ms
X-Eu-Site
DCR-Decision-By
X-FC-Vary-Parameters
Ngx.Var.Host
MD5-Digest
X-Mvc-Supplant-Cachable
Meta-Geo-Continent
Odigeo-Trace-Id
Content-Secure-Policy
X-Ec-GeoHdr
X-Ec-Fail
X-Cache-NE
Cluster
X-Op-Id-All
X-ScT
X-Nyt-Route
X-Gdpr
Expect-Staple
X-Ig-Origin-Region
Ha-Gx-Prefs
X-HN
X-Ig-Push-State
HA-Ipaddr
Host-ID
X-Jobs
L5d-Success-Class
Lang
X-GeoCountry
X-GeoCode
Fastly-Backend-Name
Fastly-GeoIP-CountryCode
Mail-Subject
X-Section
Fl-Custom-Application
Origin
X-DPWN-IS-SECURE
Producers
X-ORCA-Accelerator
X-Vtex-Remote-Cache
X-Csrf-Jwt
X-Origin-Time
Xc-Version
AMP-Access-Control-Allow-Source-Origin
X-Rojux
X-CGP
Apple-News-Services-Handled
X-Conf
Redirect-Candidate
X-D
X-Org
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-PAYTM-SRV-ID
X-Developer
X-Path
PFcat
X-Locale
Mime-Version
X-INCAP-ABP
L
TDXMobile
Server-Host
RNT-Time
RNT-Machine
X-Request-Time
Product
V-Age
X-Scheme
Origin-Agent-Cluster
X-Req
Thinkindot-CacheControl-Type
Platform
Req-Svc-Chain
Thinkindot-CacheControl
X-SB
NM-Fastcgi-Cache
X-SD-PageType
X-Platform
X-Esi-Check
X-Epic-Correlation-Id
X-Fastly-Backend
X-Fmm-Version
X-Mvc-Supplant-OutputCached
X-NMSegId
X-Node-Id
X-Depends
X-DefHash
X-Dispatcher-Server
X-Edge-Server
X-NodeID
X-Gamma-Serve
X-Generated-On
X-HS-Content-Campaign-Id
X-Hash
X-Irp-Debug
X-Level-Front-Cache
X-Location
X-Gzip
X-GoCache-CacheStatus
X-GeoIP
X-Micro-Cache
X-GeoIP-City
X-GeoIP-Country-Code
X-GeoIP-Region-Code
X-DefElseHash
X-Date
X-B3-Trace-ID
X-Auto-Login
X-BBC-Edge-Cache-Status
X-Bl-Debug
X-Cache-Aspx
X-Amz-Storage-Class
X-Amz-Meta-Cb-Modifiedtime
X-Powered-By-VTEX-Cache
X-Accel-Expires-Debug
X-Policy
X-AK-Request-ID
X-Akamai-Device-Characteristics
X-Cache-Grace
X-Cache-Id
X-Contensis-Viewer-Groups
X-Origin-Expires
X-Content-Age
X-Content-Length
X-Core-Value
X-Origin-Response-Time
X-Clientip
IsBot
X-Cached-By
X-CacheTTL
X-Cdn-Srv
Web-Mar-Region
Canary
X-Slack-Shared-Secret-Outcome
X-Slack-Backend
X-Thinkindot-L3
X-V-Cache
X-Varnish-Authentication
X-Var-Ttl
Azure-InstanceId
Azure-RegionName
CDCHOST
Cdn-Host
X-Loc
Azure-Version
Azure-SiteName
Azure-SlotName
X-Varnish-CookieHashed-On
X-Varnish-CookieINHashed-On
X-We-Are-Hiring
X-VTEX-Cache-Time
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-Service
X-Litespeed-Tag
X-VTEX-Cache-Server
X-Vmg-Version
X-Varnish-Remaining-TTL
X-Varnish-Director
X-VG-WebCache
X-Via-Fastly
X-Viewer-Country
Cdn-Request-Time
X-Varnishpool
Content-Style-Type
X-Shield-Cache-Expires
Gh-Request-Id
X-SIPLIST1
Cdnsip
Cdncip
Gannett-Cam-Experience-Id
Content-Script-Type
Esi-Enabled
Fastly-SSL
Debug
Akamai-Mon-Iucid-Del
X-Site-Version
X-Pad
XM
X-UA-Device-Type
X-Acquia-Purge-Cdn-Unconfigured
Click-Count-Action-Start
X-SVT-ORM-VERSION
DSUID
NGX
Origin-EX
X-Tb-Optimization-Total-Bytes-Saved
CDN-PullZone
X-Thanos
X-CUA
X-Cache-FS-Status
X-Bip
X-Block-Status
X-VG-TLSProxy
X-Server-IP
X-SVT-ORM-RULES
X-Pool
Country-Code
X-Varnish-Beresp-Status
Click-Count-Error
Origin-CC
Yak-Timeinfo
X-Internal-TTL
CDN-RequestPullCode
CDN-CachedAt
X-Human
Tube-Get-Contents
X-Pubstack
X-Men
CDN-Cache
CDN-RequestCountryCode
X-Request-Host
Release
X-Geolocation
ServerName
Tube-Got-Eval
Tube-Got-Results
X-Sn-Servicetimems
X-VServer
X-Gen-Mode
CDN-EdgeStorageId
Req-ID
Pramga
CDN-Uid
X-Hnp-Log
Tube-Return
User-Cache-Control
CDN-RequestPullSuccess
X-Ec-Custom-Error
X-Request-Start
X-CDN-Forward
X-RID
Sid
X-IsAdmin
X-B-Cookie
X-RateLimit-Limit
XkeyRZ
X-External-Request-Id
X-Application
X-Destination
X-NGINX-Cache
X-Cache-Date
X-Varnish-Hits
A
X-Via-SSL
X-Via-CDN
X-Proxy-CacheRZ
Cache-Key
X-LB-NoCache
Ssr
Edge-Copy-Time
X-Via-Edge
X-S-Cookie
X-HOST
X-Cache-Bucket
X-Cdn-Forward
X-Newrelic-Synthetics
X-CACHE-GROUP
X-GEO
X-ZONE
X-Cs
Cdn-Requestid
X-Api-Version
X-Refresh
X-User
X-Resp-Is-Stale
X-Zen-Fury
X-Tt-Logid
X-Nananana
CloudFront-Viewer-Country
X-Optimistic-Header
X-HITS
X-Servedbyhost
TP-L2-Cache
X-Dc
X-VC-TTL
Fastly-Drupal-HTML
X-RequestId
X-DC
X-APP
Ohc-Cache-HIT
GeoIP-Latitude
X-HA-Backend
X-AIR-PT
X-Via-Popv
X-B3-Spanid
X-Via-Poph
X-Via-Popn
Proxy-Firewall
C-Via
Server-ID
Fastly-Drupal-Html
True-Client-Country-4JS
X-TH-Server
X-LB-ID
X-Endurance-Cache-Level
X-Air-Pt
X-Wa
X-Vgn-Hpd-Reason
X-Nc
X-LiteSpeed-Tag
X-Webkit-Csp-Report-Only
X-Test
Server-Hostname
Sever-Int
X-B3-Parentspanid
HostName
Server-Ext
X-DynaTrace-JS-Agent
Cdn
X-Presslabs-Stats
X-XRDS-LOCATION
X-Srv
X-LiteSpeed-Cache-Control
X-Old-Content-Length
X-Moov-Xdn-Version
X-Moov-Xdn-Caching-Status
X-Moov-T
WP-Super-Cache
X-Oracle-Dms-Ecid
X-LJ-Flow-ID
X-AWS-Id
Is-Eu
X-COUNTRY
Adler-Geo
X-URL
X-VWS-Id
X-CS
X-Datadome
X-Dispatcher-Number
X-Provided-By
GeoIp-Country-Code
WZWS-RAY
X-Nginx-Cache-Key
X-Parent-Response-Time
X-CACHE-AGE
X-Zone
X-HubSpot-Correlation-Id
X-Fpc
SID
X-API-Version
X-Geo-Header
X-Action
X-NewRelic-App-Data
T-Server
X-DataCenter
X-Custom-Header
S-Rt
X-Litespeed-Cache-Control
X-Pass-Why
Location
X-Thinkindot-L1
X-Vercel-Id
X-Cache-VC
X-Vercel-Cache
X-ND-Cache
Uri
True-Client-Ip
Cache-Tv-Group
N1-Cache
SEZNAM-JOBS-OFFER
X-CMSURLCustom
X-Ua
Vc-Max-Age
True-Client-IP
X-Cache-Server
Pics-Label
Resin-Trace
X-Datacenter
X-SERVER-NAME
X-PERF
Cache-Hits
Serverhost
X-Stale
X-TX-ID
Tcn
X-ApacheServer
GeoIP-Country-Code
TWC-GeoIP-DMA
TWC-GeoIP-Region
Powered-By
TWC-GeoIP-City
X-Client-Ip
X-Varnish-Beresp-TTL
Vix-Hermes-Req-Id
X-FPC
X-WA-Info
X-Render-Time
X-Srcache-Store-Status
X-Srcache-Fetch-Status
X-Service-Response-Time
Sm-Log-Id
X-Dynatrace-Js-Agent
Srv
X-Nitro-Cache
X-Oracle-Dms-Rid
X-Cache-TTL-Remaining
Lb
X-APP-VERSION
X-Uri
X-Fastly-Cache
X-Correlation-ID
X-Ckpd-Fst-Backend
X-Ssense-Gql
X-Ssense-Shipping-Surcharge-Enabled
RewriteTeamHook
X-Cdn-Cache-Status
X-Jungle-Id
X-Ion-Hop
X-Ion-Healthy
RewriteTestHook
Thinkindot-Control
Log-Origin
X-Fastly-Cache-Status
Av-Poweredby
X-Debug-Service
Hostname
Cache-Contol
On-Server
X-Air-Source
Cmsid
Server-Id
X-Udemy-Cache-App-Namespace
X-Air-Trace-Id
Cmstype
My-App
X-NC
X-Air-Hostname
ServerHost
X-WA
X-Vc
X-Cms-Device
X-Amz-Meta-Opti
Cf-Ipcountry
X-Save-Cache
Store-Cloud-Cache
X-Ee-Request-Id
X-Lb-Id
X-Vary-Devices
X-PHP-Backend
AKAMAI
X-Ee-Request-Date
Time-Cloud-Cache
X-From
X-Up
Geoip-Latitude
X-Ee-Origin
X-Ee-Generated-By
X-Cache-Ttl
X-Oracle-DMS-ECID
X-Github-Request-Id
X-Via-PopH
CacheControlHeader
X-Fastly-Backend-Reqs
X-Via-PopV
X-Via-PopN
X-Proxy-Cache-La3
Xkeylog
Xkey-La3
X-App
X-Akamai-Pragma-Client-IP
X-Ha-Backend
X-Esi
Magicmarker
Cl-Cache
X-Info
X-VTEX-Cache-Backend-Header-Time
X-VTEX-Cache-Backend-Connect-Time
X-VCL-Version
X-LAGOON
X-Limited
X-IAuth-Set-Uid
X-ServedByHost
X-Traceid
X-Requestid
Cloudfront-Viewer-Country
X-Geo
WebServer
WWW-Authenticate
CountryCode
X-Sucuri-Id
X-HS-Status
X-CDN-Cache-Status
X-MSEdge-Features
X-Dw-Trace-Id
X-Serial
X-Check-Cacheable
Warning
NtCoent-Length
X-MSEdge-Flight
CDN
Reporter
X-Lb-Nocache
Origin-Site
X-Akamai-Transformed
X-Wp-Cf-Super-Cache
X-Rollout
X-Wp-Cf-Super-Cache-Cache-Control
X-Html-Minification-Powered-By
X-Acquia-Purge-Tags
X-New
X-Acquia-Application-Trace
X-Eligible
FSS-Cache
X-Acquia-Application-UUID
X-Acquia-Site
X-Pod
X-V
X-Region-Sid
Epwk-X-Cache
X-Mg-Cache
X-Varnish-Hostname
X-Lsadc-Cache
CF-Cached-On
X-Td-Header-From-No-Data
Thinkindot-Cache-Type
Machine
X-Web-Server
X-Platform-Router
Timeexpire
Cneonction
X-Akamai-ERPolicy
X-Akamai-ERRuleID
X-Forwarded-Site
X-Orig-Cache-Control
X-Tncms-Bot-Tier
X-Ms-Lease-Status
X-Platform-Processor
X-Platform-Cluster
X-Elasticpress-Query
X-Ramcache
X-Ms-Blob-Type
X-BBC-Origin-Response-Status