Threat Level: green Handler on Duty: Jim Clausing

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
X-Frame-Options
Expires
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
CF-Cache-Status
Cf-Request-Id
ETag
Accept-Ranges
Expect-CT
CF-RAY
Pragma
X-Powered-By
X-Cache
Via
Age
X-XSS-Protection
Content-Security-Policy
Alt-Svc
Report-To
NEL
Referrer-Policy
X-Xss-Protection
Access-Control-Allow-Origin
Accept-CH
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
P3P
X-Served-By
X-Download-Options
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
CF-Ray
Content-Security-Policy-Report-Only
X-DNS-Prefetch-Control
X-Runtime
X-AspNet-Version
X-Drupal-Cache
Server-Timing
X-Generator
X-Cache-Status
X-Cacheable
X-Envoy-Upstream-Service-Time
Timing-Allow-Origin
Permissions-Policy
P3p
X-Iinfo
X-FRAME-OPTIONS
X-Drupal-Dynamic-Cache
X-Request-ID
Accept-CH-Lifetime
X-Ua-Compatible
Feature-Policy
X-Content-Security-Policy
Access-Control-Expose-Headers
Upgrade
Content-Encoding
Status
X-CDN
Access-Control-Max-Age
X-AspNetMvc-Version
Host-Header
Cf-Edge-Cache
X-Robots-Tag
Request-Context
X-Amz-Request-Id
X-Backend
X-UA-Device
X-Amz-Id-2
X-Hacker
Cf-Apo-Via
X-Age
X-Cache-Group
X-Vhost
X-Proxy-Cache
EagleId
X-Turbo-Charged-By
Keep-Alive
X-Rq
X-Via
X-Dispatcher
X-Server
X-Amz-Version-Id
X-AH-Environment
X-Ws-Request-Id
Xkey
X-Varnish-Cache
X-WebKit-CSP
Grace
X-OneAgent-JS-Injection
X-Server-Powered-By
X-Swift-CacheTime
X-Swift-SaveTime
X-Litespeed-Cache
X-Pingback
Ali-Swift-Global-Savetime
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
Allow
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Page-Speed
X-Cache-Lookup
X-Cloud-Trace-Context
X-Check
X-Device
X-Dns-Prefetch-Control
X-Akam-SW-Version
X-Backend-Server
X-Host
Surrogate-Control
EagleEye-TraceId
X-Response-Time
X-Readtime
Cf-Railgun
X-Node
X-HW
X-Ruxit-JS-Agent
Request-Id
X-LiteSpeed-Cache
X-Server-Id
X-Country
X-Country-Code
Content-Location
X-Nginx-Cache-Status
Cache-Tag
X-Content-Type
X-Nginx-Upstream-Cache-Status
Fastly-Restarts
Service-Worker-Allowed
X-Trace
Cross-Origin-Opener-Policy
X-Clacks-Overhead
X-Url
X-Rack-Cache
X-Application-Context
X-Amz-Server-Side-Encryption
X-Times
Surrogate-Key
X-TtlSet
X-Vname
X-PC
X-NWS-LOG-UUID
Rating
X-Mcache
X-Midtier
X-Edge
X-Server-Name
X-Cache-TTL
X-Sol
X-Middleton-Display
Pagespeed
Display
X-Powered-By-Plesk
X-Cnection
X-Element-Page-Cache
X-Abt-Application-Version
X-GoogleNews-Bot
X-Kinja-Revision
X-Kinja-Server
X-Exp-Id
X-Cdn-Fetch
X-Browser-Type
X-Exp-Variant
X-Kinja-Build
X-Kinja
X-GitHub-Request-Id
X-ESI
Nginx-Cache
X-Vcap-Request-Id
X-ECACHE
Edge-Control
X-D2id
X-Ac
X-ORACLE-DMS-RID
Verso
X-MS-InvokeApp
X-Ser
X-FTR-Request-ID
X-Client-IP
X-Ratelimit-Limit
X-Amz-Rid
X-Wormhole-Sdk
Response
X-Middleton-Response
X-Server-ID
X-Ratelimit-Remaining
X-Oneagent-Js-Injection
X-CST
X-Goog-Hash
X-B3-TraceId
X-ARC
X-Powered-CMS
X-Navigation-Version
X-Dw-Request-Base-Id
X-Edge-Location-Klb
X-Kinsta-Cache
X-Erf-Bev-Bev
X-Server-Lifecycle-Phase
X-PDP-UNCACHING-HASH
X-Kraken-Loop-Name
X-Erf-Bev-Bev-Is-Generated
X-Instrumentation
X-Upstream
Origin-Trial
X-Forwarded-For
X-Ruxit-Js-Agent
X-Amzn-Trace-Id
SPRequestDuration
SPIisLatency
X-Mod-Pagespeed
X-Cache-Key
X-Content-Digest
Edge-Cache-Tag
Cache-Status
AR-PoweredBy
AR-ATIME
Public-Key-Pins
AR-Request-ID
AR-SID
RTSS
X-NF-Request-ID
X-Ezoic-Cdn
X-Ttl
X-FastCGI-Cache
X-ORACLE-DMS-ECID
SPRequestGuid
X-SharePointHealthScore
X-Version
Pinterest-Version
Pinterest-Generated-By
X-Pinterest-Rid
X-Daa-Tunnel
X-Fastly-Request-ID
Realpath
X-Mg-S
X-Recruiting
X-MSEdge-Ref
Front-End-Https
X-Shield-Request-Id
S
X-T
Fastcgi-Cache
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Accel-Expires
X-Distributor
X-Xrds-Location
Cross-Origin-Resource-Policy
X-Cached
AR-CACHE
Akamai-GRN
Arr-Disable-Session-Affinity
X-Azure-Ref
Access-Control-Request-Method
X-TraceId
X-Correlation-Id
X-Request-Received
X-Request-Processing-Time
X-HS-Hub-Id
X-Id
X-HS-Content-Id
Count-Hit
TP-Cache
Cache-Tags
X-HS-Cache-Config
X-Ua-Browser
X-TTL
X-Debug
X-Cluster-Name
X-Ismobilevalue
X-Newrelic-App-Data
X-NGENIX-Cache
X-LLID
X-PressLabs-Stats
Server-Node
X-GUploader-UploadID
MicrosoftSharePointTeamServices
X-Varnish-TTL
X-Hits
X-Content-Security-Policy-Report-Only
X-Nf-Request-Id
X-Protected-By
X-Varnish-Backend
X-Frontend
X-VARITI-CCR
X-Aspnetmvc-Version
X-HS-Combine-CSS
X-Amz-Replication-Status
X-Fastcgi-Cache
Accept-Ch
X-Goog-Metageneration
X-LB-Cache
X-Request-Handler-Origin-Region
X-Microsite
X-DIS-Request-ID
X-Ratelimit-Reset
X-Page-Id
Payment
X-Unique-Id
X-Git-Hash
Cleartype
X-FB-Debug
X-Varnish-Server
X-Activity-Id
X-Az
X-Logged-In
X-AppVersion
Content-Disposition
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Hostname
X-Www-Served-By
X-HP-Trace-Id
X-HP-Webp
X-Cambria-Cache-Control
X-Varnish-Ttl
X-Jurisdiction
X-Template
X-Amzn-RequestId
Host
X-Amz-Apigw-Id
Amp-Access-Control-Allow-Source-Origin
Filterid
X-Forwarded-Proto
X-Geo-Country
X-App-Server
Version
X-Load-Cache
Accept-Charset
X-Envoy-Decorator-Operation
X-Cache-Age
X-Source
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Goog-Generation
X-Goog-Stored-Content-Encoding
Mrf-Cache-Status
X-Aspnet-Version
MRF-Tech
X-B3-TraceId-Primal
X-FTR-Backend
X-Country-Code-Real
X-FTR-Expires
X-FTR-Backend-Server
X-FTR-Cache-Status
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
X-FTR-Balancer
Frame-Options
X-TEC-API-ORIGIN
X-TEC-API-VERSION
Fastly-SIE
Fastly-SWR
X-ASPNET-VERSION
X-TEC-API-ROOT
Access-Control-Allow-Method
Viewport
Section-Io-Cache
X-Content-Options
X-Type
X-Upgrade-Enabled
X-TT
X-Fb-Rlafr
Server-Name
X-HS-Prerendered
X-Language
Trailer
X-B3-Sampled
X-Grace
X-Origin-Server
X-B
X-Ah-Environment
X-Device-Type
X-Cache-Control
X-Buckets
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Rid
X-Px
Retry-After
Content-MD5
MS-Author-Via
X-Mobile
X-Magnolia-Registration
X-Vcl-Version
TCN
X-Request-Guid
X-Cdn
X-EdgeConnect-Cache-Status
X-Trace-Id
X-Varnish-Grace
X-Revision
Protected
X-Akamai-Edgescape
X-WP-CF-Super-Cache-Active
Healthy
X-Backend-Name
X-Tec-Api-Version
X-Tec-Api-Root
X-Tec-Api-Origin
Cross-Origin-Embedder-Policy-Report-Only
Upgrade-Insecure-Requests
X-Proxy
Charset
X-RM-Cache-TTL
X-Response-Served-From
X-Original-Request-Id
X-App-Environment
SD-X-WS
X-Debug-Info
X-Instance
X-ServerID
X-Status
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-ProcessESI
X-NYM-Debug-Backend
X-RemovedCookies
X-Rendered-As
X-Is-Bot
X-Tumblr-User
X-Tumblr-Pixel-1
X-FW-Serve
X-FW-Hash
X-FW-Server
X-FW-Type
X-Mg-Request-UUID
X-FW-Version
X-Framework
X-FW-Static
X-CSRF-Token
X-Adobe-Loc
NGB
X-Adobe-Content
X-Cache-Time
Cross-Origin-Window-Policy
X-Cacheable-TTL
Access-Control-Request-Headers
X-Node-Name
X-FW-Dynamic
X-Storage
X-Region
X-UUID
X-Debug-IsConnected
X-RTag
X-Content-Powered-By
X-Debug-IsPreview
Ms-Operation-Id
MS-CV
X-Datadog-Trace-Id
X-Datadog-Sampled
X-Datadog-Sampling-Priority
X-Rule
X-Whom
X-Datadog-Parent-Id
Refresh
X-Proxy-Cache-Info
X-Yottaa-Optimizations
X-Yottaa-Metrics
OT-Force-Account-Verify
X-Edge-Location
X-G
X-Resp-Is-Stale
X-Lambda-Id
GEO-INFO
X-L-Path
X-Environment-Context
Section-Io-Id
Webserver
X-Contextid
X-Reqid
X-Amzn-Remapped-Content-Length
X-TT-LOGID
DC
X-CCDN-CacheTTL
X-CCDN-Origin-Time
X-Hcs-Proxy-Type
X-B3-Traceid
Countrycode
X-Server-W
X-Origin-Cache
X-HTML-Minification-Powered-By
X-VC
X-User-Agent
X-Amz-Meta-S3cmd-Attrs
Paypal-Debug-Id
Alternate-Protocol
X-Real-IP
Cross-Origin-Opener-Policy-Report-Only
SRV
X-Time
X-DataDome
X-HS-CF-Cache-Status
Front
X-WebKit-CSP-Report-Only
X-B3-SpanId
X-ECache
Priority
Ohc-File-Size
WPO-Cache-Status
WPO-Cache-Message
X-Seen-By
X-Nginx-Cache
X-Hl-Ver
X-WP-CF-Super-Cache-Cookies-Bypass
X-Rocket-Nginx-Serving-Static
Liferay-Portal
X-Mode
Backend
X-Origin-CC
Xet-Cookie
X-Origin-TTL
X-IPS-LoggedIn
Accept-Ch-Lifetime
Onion-Location
X-Akamai-Request-ID2
TWC-Device-Class
X-Rewrite-Enabled
Fastcgi-Useragent
TWC-Locale-Group
X-Redis-Cache
X-Rn-Rsrv
X-Format
X-Say-Cacheable
ServerID
Property-Id
X-JoinUs
X-FB-TRIP-ID
Filters
Meta-Geo
TWC-Connection-Speed
X-Origin-Hint
X-SaId
X-AB
X-Cache-Action
X-UPSTREAM-Address
X-Say-TTL
Webcakes-Region
Webcakes-App-Version
TWC-Privacy
TWC-GeoIP-LatLong
Web-Mar-Node
Webcakes-App-Name
X-Tumblr-Pixel-3
X-Cache-Host
X-Tumblr-Pixel-2
TWC-GeoIP-Country
X-SayCDN-TTL
X-Restarts
X-IPLB-Instance
X-VC-Cache
X-Vcache
Expiry
Country
X-Soup
X-Hosted-By
X-Handled-By
X-Fetched-On
Uber-Trace-Id
X-Skip-Cache
X-Varnish-Age
X-Director
X-Tncms
X-Accel-Version
X-Labrador-Cache-Channel
X-Origin-Date
X-Loop
X-Connection-Hash
X-Ms-Request-Id
X-Detected-As
X-Cms-Context
X-Cluster-Node
From-Origin
X-IPLB-Request-ID
X-R9-Blue-Green-Version
X-PHP-Host
Mn-Server-Ip
X-Cache-Expired-At
X-Ms-Version
DB-Nickname
X-Tb
X-N
Environment
X-Cache-Status-Check
Url
X-Httpd
X-ProxyCache-Key
Apigw-Requestid
X-Web-Node
X-ProxyCache-Status
Atl-Traceid
X-Webstats-RespID
X-Adobe-Source
X-Varnish-Cache-Hits
X-Servername
X-Varnish-Beresp-Grace
X-Logging-Id
X-Forwarded-Host
X-BYPASS-REASON
X-Frame-Option
X-Scope-Id
X-DynaTrace
X-Cluster
X-Proxy-Build
X-Auth-Group-Type
Selected-Fe
ServedBy
X-RateLimit-Remaining
X-Served-From
X-Timing-Wait
X-S
X-Routing-Service
X-Origin
X-Cloudmap
X-Proxied
X-Extlb
X-Zipkin-Id
X-Azure-Ref-OriginShield
Surrogated-Key
X-Hit
X-RateLimit-Limit-Second
X-URL
LB
X-RateLimit-Remaining-Second
X-SRV
X-LSADC-Cache
X-Cache-Hit
Cross-Origin-Embedder-Policy
X-CDN-Forward
X-Worker
Accept-Language
X-Lagoon
X-Sucuri-Cache
X-Request-URI
X-Generation-Time
Referer-Policy
X-Drupal-Cache-Tags
X-Drupal-Cache-Contexts
N-Cache
X-Cdn-Origin
X-Generated-By
X-Sucuri-ID
X-App-Version
X-MP-GENERATED-AT
X-Fastly-Request-Id
CDN-RequestId
CF-IPCountry
Xserver
X-AIR-PT
Ohc-Cache-HIT
X-Tx-Id
X-Xfnlog-Site
X-F-Cache
Source
Node
Cache
X-Mly-Id
VIX-Pulpo-Upstream-Status
X-Via-Edge
X-VC-TTL
X-Via-CDN
X-Via-SSL
VIX-Pulpo-Node
Edge-Copy-Time
X-UA
X-Wix-Request-Id
X-TA-CDN-Provider
X-Varnish-Beresp-Ttl
X-Cache-Debug
X-INCAP-ABP
X-Cache-Rule
X-RCS-CacheZone
Cache-Provider
X-NODE
X-Site-Version
X-Pad
X-Locale
X-VCT
X-GEO
X-XRDS-Location
X-ElasticPress-Query
Ngx.Var.Host
Candidate-Md5Url
Odigeo-Trace-Id
Meta-Geo-Continent
Cluster
MD5-Digest
Web-Mar-Region
Origin
BehaviorPad-Version
Wxu-Next-Hostname
Apple-News-Services-Host
Wxu-Next-Region
Wxu-Next-Commit
Producers
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
DCR-Decision-By
We-Hiring
Fl-Custom-Application
Fastly-SSL
Fastly-GeoIP-CountryCode
Ha-Gx-Prefs
HA-Ipaddr
Host-ID
Rendered-Blocks
Fastly-Backend-Name
Expect-Staple
Mail-Subject
Sslversion
Lang
Redirect-Candidate
X-A
DCR-Processing-Time-Ms
PFcat
L5d-Success-Class
X-Browser-Name
X-Is-Tablet
X-Is-Supported-Browser
X-Is-Mobile
X-Jobs
X-Mvc-Supplant-Cachable
X-Org
X-Op-Id-All
X-Nyt-Route
X-Is-Desktop
X-Ig-Push-State
X-GeoIP-Region-Code
X-GeoIP-Country-Code
X-GeoCountry
X-Geolocation
X-HN
X-Ig-Origin-Region
X-HS-Content-Campaign-Id
X-Origin-Time
X-Path
X-Tcp-Rtt
X-Slack-Shared-Secret-Outcome
X-Slack-Backend
X-VarnishDD-TTL
X-Vdms-Version
Xc-Version
X-Vtex-Remote-Cache
X-Section
X-SD-PageType
X-Proto
X-Platform-Server
X-PAYTM-SRV-ID
X-Proxied-Request
X-Rojux
X-ScT
X-S-Cookie
X-GeoCode
X-Geo-Region
X-BCube-Filmed-By
X-Bc-Bl
X-Backend-Instance
X-Bl-Debug
Apple-News-Services-Handled
X-Cache-Grace
X-Bug-Bounty
X-B-Cookie
X-Application
X-A-Dgt
X-A-Dcw
X-A-Dam
X-AB-Test
X-Access
X-Aicache-OS
X-Aed
X-Cache-NE
X-Cache-Operation
X-Ec-GeoHdr
X-Ec-Fail
X-DPWN-IS-SECURE
X-Eu-Site
X-External-Request-Id
X-Gdpr
X-FC-Vary-Parameters
X-Developer
X-Destination
X-Conf
X-CGP
X-Cached-By
X-Csrf-Jwt
X-D
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-A-Ccd
X-A-Wwc
X-Urbn-Context-Path
Locale
X-Urbn-Site-Id
X-Oracle-Dms-Ecid
X-No-Session
Server-Host
X-GeoIP-City
X-Powered-By-VTEX-Cache
X-GeoIP
RNT-Time
X-Policy
X-Platform
X-B3-Trace-ID
X-Wikidot-Backend
X-Origin-Expires
X-Storefront-Renderer-Rendered
X-BBC-Edge-Cache-Status
RNT-Machine
Req-Svc-Chain
X-VTEX-Cache-Server
Platform
X-VServer
X-Generated-On
Origin-Agent-Cluster
X-Request-Time
X-Cache-Date
X-Block-Status
X-VTEX-Cache-Time
X-Req
Product
X-Request-Host
X-NodeID
X-Dispatcher-Server
X-Loc
X-Level-Front-Cache
X-Location
X-Akamai-Device-Characteristics
X-Amz-Meta-Cb-Modifiedtime
X-AK-Request-ID
X-Hash
X-Human
X-Accel-Expires-Debug
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Hnp-Log
X-Amz-Storage-Class
X-Micro-Cache
X-Wikidot-Static-Cache
X-Auto-Login
X-NMSegId
X-Node-Id
X-B-Cache
X-GoCache-CacheStatus
X-App-Name
V-Age
X-Mvc-Supplant-OutputCached
User-Cache-Control
X-Zen-Fury
X-Gzip
X-Scheme
X-SB
X-Varnish-Remaining-TTL
X-Epic-Correlation-Id
X-Date
Cdnsip
X-Ec-Custom-Error
Cdncip
Content-Script-Type
X-CUA
X-Varnish-CookieINHashed-On
Debug
X-Varnish-Director
X-Esi-Check
Content-Style-Type
X-DefElseHash
CDCHOST
Azure-InstanceId
Azure-RegionName
X-Alternate-Cache-Key
X-ShardId
X-ShopId
Azure-SiteName
Azure-SlotName
Canary
X-DefHash
X-VG-WebCache
X-Via-Fastly
Azure-Version
X-Varnish-CookieHashed-On
X-Core-Value
L
X-Viewer-Country
X-Shopify-Stage
X-Fmm-Version
X-Content-Length
X-Gamma-Serve
X-Signature
NM-Fastcgi-Cache
X-Vmg-Version
X-Cache-Id
X-Gen-Mode
X-NWS-UUID-VERIFY
X-CacheTTL
X-Fastly-Backend
X-User
X-V-Cache
X-Content-Age
X-Clientip
Gannett-Cam-Experience-Id
Gh-Request-Id
Akamai-Mon-Iucid-Del
X-Acquia-Purge-Cdn-Unconfigured
X-Edge-Server
X-Bip
XM
X-Cache-FS-Status
Yak-Timeinfo
X-Depends
X-Cache-Aspx
X-Cdn-Srv
X-Contensis-Viewer-Groups
X-TH-Server
X-Cache-Info
Thinkindot-CacheControl
X-Shield-Cache-Expires
X-Sn-Servicetimems
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Server-IP
X-Internal-TTL
X-Pubstack
X-Request-Start
Origin-EX
Origin-CC
X-Thanos
X-Thinkindot-L3
Click-Count-Action-Start
Cdn-Request-Time
Cdn-Host
X-VG-TLSProxy
Click-Count-Error
Country-Code
X-UA-Device-Type
X-Varnish-Authentication
X-Varnish-Beresp-Status
DSUID
Release
NGX
Tube-Get-Contents
Thinkindot-CacheControl-Type
TDXMobile
Tube-Got-Eval
X-Men
Tube-Return
Tube-Got-Results
X-We-Are-Hiring
X-IsAdmin
X-Origin-Response-Time
Req-ID
X-Pool
ServerName
X-Service
X-Ua-Device
CDN-RequestPullCode
CDN-RequestPullSuccess
X-Litespeed-Tag
Content-Secure-Policy
CDN-Uid
CDN-RequestCountryCode
Fastly-Drupal-HTML
X-LB-NoCache
X-TIM-N
X-SIPLIST1
W
CDN-EdgeStorageId
CDN-CachedAt
X-Vgn-Hpd-Reason
CDN-Cache
IsBot
CDN-PullZone
X-Tb-Optimization-Total-Bytes-Saved
Mime-Version
X-Via-JSL
X-Cs
X-NGINX-Cache
X-Varnish-Hits
X-Irp-Debug
X-Moov-Xdn-Caching-Status
X-Moov-Xdn-Version
User-Agent
X-Old-Content-Length
X-Moov-T
X-HOST
Ssr
X-RID
N1-Cache
GeoIP-Latitude
X-Var-Ttl
X-CACHE-GROUP
X-Varnishpool
X-ZONE
Sid
X-HubSpot-Correlation-Id
X-Refresh
Pramga
X-RequestId
CloudFront-Viewer-Country
X-Servedbyhost
X-DC
X-Action
Cache-Hits
X-Nc
TWC-GeoIP-Region
X-Wa
TWC-GeoIP-DMA
TWC-GeoIP-City
X-ORCA-Accelerator
X-Proxy-Cache-Status
X-APP
X-HITS
Server-ID
X-Vercel-Id
X-Via-Popv
X-LiteSpeed-Tag
X-HA-Backend
X-Dc
X-Via-Poph
X-Api-Version
X-Via-Popn
C-Via
Esi-Enabled
X-LiteSpeed-Cache-Control
X-Vercel-Cache
X-Upstream-Ht
X-Cache-VC
X-Upstream-Ct
X-LB-ID
X-Thinkindot-L1
Location
X-Nananana
HostName
Cdn-Requestid
X-Parent-Response-Time
X-Cache-Bucket
X-Webkit-CSP
X-Newrelic-Synthetics
X-DynaTrace-JS-Agent
X-Proxy-CacheRZ
AMP-Access-Control-Allow-Source-Origin
Cache-Key
X-PERF
X-B3-Parentspanid
X-ApacheServer
XkeyRZ
X-NewRelic-App-Data
A
X-B3-Spanid
X-Presslabs-Stats
SID
X-Tt-Logid
X-DataCenter
X-Zone
X-Endurance-Cache-Level
X-COUNTRY
X-WA-Info
X-Render-Time
X-CS
X-Webkit-Csp
X-API-Version
WP-Super-Cache
Fastly-Drupal-Html
X-Fpc
X-Nitro-Cache
X-Uri
X-Ua
X-CACHE-AGE
X-Srv
X-Ion-Hop
Uri
X-Jungle-Id
X-Webkit-Csp-Report-Only
X-Ion-Healthy
RewriteTestHook
Proxy-Firewall
Cache-Contol
RewriteTeamHook
X-Litespeed-Cache-Control
Cmstype
My-App
Cmsid
True-Client-Ip
Log-Origin
GeoIp-Country-Code
X-Cdn-Forward
X-Up
X-From
TP-L2-Cache
GeoIP-Country-Code
True-Client-IP
Resin-Trace
Sever-Int
Server-Ext
True-Client-Country-4JS
Server-Hostname
CacheControlHeader
X-Datadome
Sm-Log-Id
X-Optimistic-Header
X-Service-Response-Time
X-Stale
X-Ssense-Gql
X-Ssense-Shipping-Surcharge-Enabled
X-Test
X-Udemy-Cache-App-Namespace
X-CLOUD-TRACE-CONTEXT
X-Pass-Why
X-SERVER-NAME
Is-Eu
X-Dispatcher-Number
Tcn
X-Datacenter
Adler-Geo
Cdn
SEZNAM-JOBS-OFFER
X-Client-Ip
X-Varnish-Beresp-TTL
X-FPC
X-RateLimit-Limit
X-Nginx-Cache-Key
WZWS-RAY
X-Srcache-Fetch-Status
X-Srcache-Store-Status
X-Dynatrace-Js-Agent
X-Oracle-Dms-Rid
Srv
X-Air-Hostname
X-Air-Source
X-Air-Trace-Id
Origin-Site
X-APP-VERSION
Lb
T-Server
X-Debug-Service
X-Fastly-Cache-Status
X-SRCache-Key
Hostname
X-Varnish-Hostname
X-Geo-Header
X-Custom-Header
X-VWS-Id
X-TX-ID
X-AWS-Id
X-LJ-Flow-ID
Edge-Cache
Server-Id
X-ND-Cache
X-Air-Pt
X-Provided-By
X-Vc
X-CMSURLCustom
X-App
AKAMAI-GRN
Serverhost
X-Lb-Id
Vc-Max-Age
X-Correlation-ID
X-Akamai-Pragma-Client-IP
X-Fastly-Backend-Reqs
NtCoent-Length
X-Cache-Server
Pragrma
Cf-Ipcountry
X-VCL-Version
YJS-ID
X-Cache-Ttl
X-Sigma-Backend
X-Via-PopV
Machine
X-NC
X-WA
X-Via-PopN
X-Forwarded-Site
X-Region-Sid
X-Sigma
X-Rocket-Build-Number
Pics-Label
X-Via-PopH
X-Oracle-DMS-ECID
X-Ha-Backend
X-Html-Minification-Powered-By
ServerHost
X-Esi
X-XRDS-LOCATION
X-Cdn-Cache-Status
Nord-Request-ID
Epwk-X-Cache
Powered-By
Geoip-Latitude
S-Rt
Av-Poweredby
X-LAGOON
MIME-Version
X-Requestid
Cache-Tv-Group
X-ServedByHost
Ms-Author-Via
WebServer
X-Cache-TTL-Remaining
WWW-Authenticate
Vix-Hermes-Req-Id
Cloudfront-Viewer-Country
X-Traceid
CountryCode
Xkey-La3
Warning
X-MSEdge-Flight
Xkeylog
X-Ckpd-Fst-Backend
X-Proxy-Cache-La3
DataCenter
X-MSEdge-Features
X-HS-Status
X-Sucuri-Id
X-Fastly-Cache
FSS-Cache
X-Lb-Nocache
On-Server
Reporter
Thinkindot-Control
X-Wp-Cf-Super-Cache
Coldstone-Viewer-Country
X-IAuth-Set-Uid
Coldstone-Viewer-Country-Region-Name
Coldstone-Viewer-Currency
X-Akamai-ERPolicy
X-Snapshot-Date
X-Akamai-ERRuleID
X-Serial
X-Check-Cacheable
X-Wp-Cf-Super-Cache-Cache-Control
X-Cdn-Request-ID
X-Web-Server
X-Orig-Cache-Control
X-Tncms-Bot-Tier
Timeexpire
X-BBC-Origin-Response-Status
X-Elasticpress-Query
X-Dw-Trace-Id
Thinkindot-Cache-Type
Cneonction
X-Lsadc-Cache
X-VTEX-Cache-Backend-Header-Time
X-VTEX-Cache-Backend-Connect-Time
X-Td-Header-From-No-Data
X-Mg-Cache