Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
X-Frame-Options
Expires
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
Accept-Ranges
Expect-CT
CF-RAY
Pragma
X-Powered-By
X-Cache
Via
X-XSS-Protection
Age
Content-Security-Policy
Report-To
Alt-Svc
NEL
Referrer-Policy
Access-Control-Allow-Origin
X-Xss-Protection
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
X-Served-By
P3P
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
CF-Ray
Content-Security-Policy-Report-Only
X-Runtime
X-DNS-Prefetch-Control
X-AspNet-Version
X-Drupal-Cache
X-Generator
Server-Timing
X-Cache-Status
P3p
X-Cacheable
X-Envoy-Upstream-Service-Time
Timing-Allow-Origin
X-Ua-Compatible
X-Request-ID
X-FRAME-OPTIONS
X-Iinfo
X-Check
X-Drupal-Dynamic-Cache
Permissions-Policy
X-Content-Security-Policy
Access-Control-Expose-Headers
Feature-Policy
Upgrade
Content-Encoding
Status
X-CDN
Accept-CH
X-AspNetMvc-Version
Access-Control-Max-Age
Host-Header
Cf-Edge-Cache
X-Robots-Tag
X-Amz-Request-Id
Request-Context
X-Amz-Id-2
Accept-CH-Lifetime
X-Backend
X-Hacker
X-Turbo-Charged-By
X-Cache-Group
Keep-Alive
X-Proxy-Cache
Cf-Apo-Via
X-Via
X-Rq
EagleId
X-Age
X-Server
X-UA-Device
X-Dispatcher
X-Vhost
X-Amz-Version-Id
X-AH-Environment
X-Dns-Prefetch-Control
X-Ws-Request-Id
X-Varnish-Cache
X-Litespeed-Cache
Grace
X-Server-Powered-By
X-WebKit-CSP
Allow
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Swift-CacheTime
X-Swift-SaveTime
X-Pingback
X-Cache-Lookup
Ali-Swift-Global-Savetime
X-OneAgent-JS-Injection
X-Page-Speed
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Device
EagleEye-TraceId
X-Backend-Server
X-Akam-SW-Version
X-Host
X-Response-Time
Surrogate-Control
X-Cloud-Trace-Context
Cf-Railgun
X-Readtime
X-Server-Id
X-Node
X-HW
Xkey
Request-Id
X-Ruxit-JS-Agent
X-LiteSpeed-Cache
X-Nginx-Cache-Status
X-Country
X-Url
X-Application-Context
X-NWS-LOG-UUID
X-Content-Type
Content-Location
X-Nginx-Upstream-Cache-Status
Cache-Tag
X-Clacks-Overhead
X-Trace
Service-Worker-Allowed
X-Amz-Server-Side-Encryption
Cross-Origin-Opener-Policy
Fastly-Restarts
X-Times
X-Midtier
X-Edge
X-Mcache
X-PC
X-TtlSet
X-Vname
X-Rack-Cache
X-Country-Code
Rating
X-Oneagent-Js-Injection
Surrogate-Key
X-Server-Name
X-Browser-Type
X-ESI
X-Cache-TTL
X-Sol
X-Abt-Application-Version
Pagespeed
Display
X-Middleton-Display
X-Cnection
X-Element-Page-Cache
X-Ser
X-Kinja
X-Kinja-Build
X-Kinja-Revision
X-Exp-Variant
X-Cdn-Fetch
X-Exp-Id
X-Kinja-Server
X-GoogleNews-Bot
Edge-Control
X-GitHub-Request-Id
X-Powered-By-Plesk
Nginx-Cache
X-D2id
Verso
X-Ac
X-ARC
X-Dw-Request-Base-Id
X-Client-IP
X-Vcap-Request-Id
X-MS-InvokeApp
X-Daa-Tunnel
X-Ttl
X-ORACLE-DMS-RID
X-B3-TraceId
X-Upstream
X-Navigation-Version
X-Amz-Rid
X-Aspnet-Version
X-Powered-CMS
X-CST
X-Goog-Hash
X-Middleton-Response
Response
X-Instrumentation
X-PDP-UNCACHING-HASH
X-Kraken-Loop-Name
X-Erf-Bev-Bev-Is-Generated
X-Server-Lifecycle-Phase
X-Erf-Bev-Bev
X-Edge-Location-Klb
X-Kinsta-Cache
X-ECACHE
AR-SID
AR-Request-ID
AR-ATIME
AR-PoweredBy
X-Cache-Key
X-Amzn-Trace-Id
X-NF-Request-ID
X-Ratelimit-Limit
Accept-Ch-Lifetime
X-Forwarded-For
X-Ua-Device
RTSS
X-Ruxit-Js-Agent
X-Mod-Pagespeed
X-Wormhole-Sdk
X-FastCGI-Cache
SPRequestDuration
SPIisLatency
AR-CACHE
Cache-Status
X-Ratelimit-Remaining
Edge-Cache-Tag
X-Server-ID
X-Version
X-ORACLE-DMS-ECID
X-Mg-S
Public-Key-Pins
Cross-Origin-Resource-Policy
S
X-Ezoic-Cdn
X-SharePointHealthScore
Realpath
SPRequestGuid
X-MSEdge-Ref
X-Shield-Request-Id
Fastcgi-Cache
X-T
X-Cached
X-Content-Digest
X-Recruiting
X-Accel-Expires
Access-Control-Request-Method
X-Distributor
X-Correlation-Id
TP-Cache
Arr-Disable-Session-Affinity
X-Varnish-TTL
Count-Hit
X-Id
X-Newrelic-App-Data
X-Debug
X-Request-Received
X-Request-Processing-Time
X-Content-Security-Policy-Report-Only
Server-Node
Front-End-Https
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Ua-Browser
X-HS-Content-Id
X-HS-Hub-Id
X-VARITI-CCR
X-HS-Cache-Config
MicrosoftSharePointTeamServices
X-LLID
X-HS-Combine-CSS
X-Frontend
X-Azure-Ref
X-Fastly-Request-ID
Cache-Tags
X-Ismobilevalue
X-Cluster-Name
X-PressLabs-Stats
Payment
X-LB-Cache
X-Forwarded-Proto
X-Amz-Replication-Status
X-Hits
X-GUploader-UploadID
Accept-Ch
X-Goog-Metageneration
Filterid
X-Varnish-Backend
X-Microsite
X-Request-Handler-Origin-Region
X-Git-Hash
Host
X-Unique-Id
X-FB-Debug
Cleartype
X-Www-Served-By
X-Logged-In
X-Ratelimit-Reset
X-Varnish-Server
X-Activity-Id
X-Az
X-Protected-By
X-AppVersion
Content-Disposition
X-App-Server
X-Hostname
X-Varnish-Ttl
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-NGENIX-Cache
X-Amz-Apigw-Id
X-Amzn-RequestId
Mrf-Cache-Status
MRF-Tech
X-B3-TraceId-Primal
X-Jurisdiction
X-HP-Trace-Id
X-Geo-Country
X-HP-Webp
Access-Control-Allow-Method
X-Page-Id
X-Origin-Server
Retry-After
X-DIS-Request-ID
X-WP-CF-Super-Cache
X-Load-Cache
X-WP-CF-Super-Cache-Cache-Control
X-Upgrade-Enabled
MS-Author-Via
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-Goog-Stored-Content-Length
Accept-Charset
X-Nf-Request-Id
Section-Io-Cache
X-ASPNET-VERSION
X-Type
Fastly-SWR
Fastly-SIE
X-Pinterest-Rid
X-TT
Pinterest-Generated-By
Pinterest-Version
Viewport
X-Cache-Control
X-Fb-Rlafr
X-TTL
Origin-Trial
X-Fastcgi-Cache
Content-MD5
Akamai-GRN
X-Grace
Amp-Access-Control-Allow-Source-Origin
X-Ah-Environment
X-B
X-Content-Options
X-B3-Sampled
X-Template
X-Request-Guid
X-Origin-Cache
X-Cambria-Cache-Control
X-RateLimit-Remaining
X-SRCache-Fetch-Status
X-ECache
X-SRCache-Store-Status
X-Revision
Version
TCN
X-Amz-Meta-S3cmd-Attrs
X-Trace-Id
X-Vcl-Version
Frame-Options
Healthy
X-Contextid
X-Envoy-Decorator-Operation
X-Magnolia-Registration
X-Cdn
X-Device-Type
X-CSRF-Token
X-Source
X-WP-CF-Super-Cache-Active
X-Fastly-Request-Id
DC
Server-Name
X-Backend-Name
X-Webkit-CSP
X-Aspnetmvc-Version
X-Proxy
X-Px
X-Seen-By
X-Mobile
X-Varnish-Grace
X-Xrds-Location
X-Tumblr-Pixel-0
X-ProcessESI
X-App-Environment
X-RemovedCookies
X-RM-Cache-TTL
X-Tumblr-Pixel
X-Tumblr-Pixel-1
X-Tumblr-User
Access-Control-Request-Headers
X-Status
X-Mg-Request-UUID
X-Debug-Info
X-Framework
X-Storage
X-Rule
X-Debug-IsPreview
X-Proxy-Cache-Info
X-ServerID
X-Cacheable-TTL
X-Adobe-Loc
X-G
X-L-Path
X-Adobe-Content
X-NYM-Debug-Backend
SD-X-WS
NGB
X-Instance
X-Rid
X-Environment-Context
X-Debug-IsConnected
X-Rendered-As
X-Cache-Age
X-HTML-Minification-Powered-By
X-FW-Hash
X-FW-Type
X-FW-Dynamic
X-Region
X-FW-Serve
GEO-INFO
X-FW-Static
Cross-Origin-Window-Policy
X-Node-Name
X-Content-Powered-By
X-FW-Server
Paypal-Debug-Id
X-FW-Version
X-Is-Bot
X-Yottaa-Metrics
X-UUID
X-Yottaa-Optimizations
X-Datadog-Sampling-Priority
X-Datadog-Trace-Id
X-Datadog-Sampled
X-Akamai-Edgescape
X-Datadog-Parent-Id
X-User-Agent
X-RTag
Ms-Operation-Id
MS-CV
X-CLOUD-TRACE-CONTEXT
Front
X-Language
Countrycode
Webserver
X-Cache-Time
X-EdgeConnect-Cache-Status
X-Tec-Api-Root
X-Tec-Api-Origin
Upgrade-Insecure-Requests
X-Tec-Api-Version
X-WebKit-CSP-Report-Only
X-Buckets
Charset
Protected
X-Whom
OT-Force-Account-Verify
X-N
X-IPS-LoggedIn
X-AB
X-Akamai-Request-ID2
X-Cache-Status-Check
Section-Io-Id
X-Edge-Location
X-Lambda-Id
X-Time
Refresh
Country
X-TT-LOGID
Trailer
X-VC
X-VHOST
Priority
X-B3-SpanId
X-Hl-Ver
X-Via-JSL
Alternate-Protocol
X-Hcs-Proxy-Type
X-Reqid
X-WP-CF-Super-Cache-Cookies-Bypass
X-CCDN-CacheTTL
X-CCDN-Origin-Time
X-Amzn-Remapped-Content-Length
X-XRDS-LOCATION
X-HS-Prerendered
Backend
X-B3-Traceid
Accept-Language
X-Wix-Request-Id
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
Liferay-Portal
Xet-Cookie
Onion-Location
Uber-Trace-Id
X-Tumblr-Pixel-2
X-Web-Node
X-UPSTREAM-Address
X-Origin-Date
X-VC-Cache
X-SaId
X-Cache-Host
X-Auth-Group-Type
X-Accel-Version
X-Scope-Id
X-Skip-Cache
X-Rewrite-Enabled
Meta-Geo
X-Rn-Rsrv
X-Frame-Option
From-Origin
X-FB-TRIP-ID
Filters
X-Generated-By
X-Request-URI
X-Fetched-On
X-JoinUs
Environment
X-DataDome
ServerID
Fastcgi-Useragent
Property-Id
X-SayCDN-TTL
X-Redis-Cache
Webcakes-App-Version
X-Say-TTL
TWC-Connection-Speed
TWC-Device-Class
TWC-GeoIP-Country
Webcakes-Region
TWC-GeoIP-LatLong
TWC-Locale-Group
X-Say-Cacheable
TWC-Privacy
Webcakes-App-Name
X-ProxyCache-Status
X-Cache-Action
X-Hosted-By
X-Tb
X-Logging-Id
X-Cache-Expired-At
X-Varnish-Cache-Hits
X-Connection-Hash
X-Director
X-Format
X-Origin-Hint
X-XRDS-Location
X-Real-IP
X-R9-Blue-Green-Version
X-BYPASS-REASON
X-Varnish-Beresp-Grace
X-ProxyCache-Key
Expiry
Atl-Traceid
X-Webstats-RespID
X-Server-W
LB
X-Cms-Context
X-IPLB-Instance
X-Cluster-Node
X-IPLB-Request-ID
X-Varnish-Age
X-Served-From
X-Restarts
Apigw-Requestid
X-PHP-Host
X-Handled-By
X-Forwarded-Host
X-Httpd
X-Labrador-Cache-Channel
X-Soup
Web-Mar-Node
X-Adobe-Source
X-RID
X-Timing-Wait
X-Vcache
X-Tncms
Selected-Fe
X-Mode
X-Loop
ServedBy
Mn-Server-Ip
X-Proxy-Build
X-Detected-As
X-S
DB-Nickname
X-Origin
Url
X-Original-Request-Id
X-Response-Served-From
X-Cluster
X-SRV
X-Servername
Xserver
CF-IPCountry
Referer-Policy
X-Origin-TTL
X-Origin-CC
SRV
N-Cache
X-Lagoon
X-Hit
Cross-Origin-Embedder-Policy-Report-Only
X-Zipkin-Id
X-LSADC-Cache
X-Extlb
X-Proxied
X-Rocket-Nginx-Serving-Static
X-Cloudmap
X-Routing-Service
X-Nginx-Cache
X-Upstream-Ht
X-Xfnlog-Site
CDN-RequestId
X-Upstream-Ct
X-UA
X-Ms-Request-Id
Cross-Origin-Embedder-Policy
X-Ms-Version
X-Webkit-Csp
X-Tumblr-Pixel-3
X-Cache-Debug
X-VCT
X-Proxy-Cache-Status
X-TraceId
Source
X-RCS-CacheZone
X-NWS-UUID-VERIFY
X-F-Cache
X-DynaTrace
X-Azure-Ref-OriginShield
X-B-Cache
X-Signature
X-Geo-Region
X-Is-Tablet
WPO-Cache-Message
X-Is-Mobile
X-Tcp-Rtt
WPO-Cache-Status
X-Is-Desktop
X-Is-Supported-Browser
X-Browser-Name
Locale
Surrogated-Key
X-Urbn-Context-Path
X-Urbn-Site-Id
X-Worker
X-No-Session
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
Node
X-Cdn-Origin
X-NGINX-Cache
X-Generation-Time
X-Sucuri-Cache
X-Sorting-Hat-ShopId
X-Alternate-Cache-Key
X-Sorting-Hat-PodId
X-Storefront-Renderer-Rendered
X-Shopify-Stage
X-ShopId
X-ShardId
X-FTR-Request-ID
X-RateLimit-Limit
X-Drupal-Cache-Contexts
TP-L2-Cache
X-Sucuri-ID
X-Locale
X-Tx-Id
X-NODE
X-Cdn-Forward
X-Site-Version
X-Drupal-Cache-Tags
X-Optimistic-Header
X-Service
X-App-Version
X-Cache-Rule
X-Cache-Operation
X-Origin-Expires
X-Origin-Time
X-TIM-N
X-Ig-Push-State
X-Thinkindot-L3
X-INCAP-ABP
Origin-Agent-Cluster
X-Cache-NE
Ngx.Var.Host
X-Cache-Info
Odigeo-Trace-Id
X-ScT
X-Origin-Response-Time
X-Shield-Cache-Expires
Meta-Geo-Continent
X-ElasticPress-Query
Lang
X-Bc-Bl
Gannett-Cam-Experience-Id
X-Backend-Instance
Cdncip
X-BCube-Filmed-By
X-Amz-Storage-Class
Candidate-Md5Url
X-Bug-Bounty
We-Hiring
Cdnsip
X-App-Name
X-Internal-TTL
DCR-Decision-By
DCR-Processing-Time-Ms
Content-Secure-Policy
Expect-Staple
Fastly-GeoIP-CountryCode
Fastly-Backend-Name
Cluster
Host-ID
BehaviorPad-Version
X-PAYTM-SRV-ID
X-Proxy-CacheRZ
X-Org
Mail-Subject
X-GeoIP
X-Rojux
MD5-Digest
X-Request-Time
X-Cache-Aspx
A
Azure-SiteName
Azure-SlotName
Azure-Version
Azure-RegionName
Azure-InstanceId
X-Proxied-Request
X-Proto
X-Platform-Server
X-Scheme
X-Loc
X-A
X-D
X-A-Dgt
X-Mvc-Supplant-OutputCached
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-FC-Vary-Parameters
X-LiteSpeed-Tag
XkeyRZ
X-A-Wwc
X-Vmg-Version
X-We-Are-Hiring
Xc-Version
X-AK-Request-ID
Sslversion
X-DefElseHash
X-DefHash
X-Ec-GeoHdr
X-Ec-Fail
X-Mly-Id
X-Mvc-Supplant-Cachable
X-Epic-Correlation-Id
X-A-Ccd
Thinkindot-CacheControl-Type
X-DPWN-IS-SECURE
X-Developer
X-Depends
X-A-Dcw
TDXMobile
Thinkindot-CacheControl
X-A-Dam
X-Viewer-Country
X-Vtex-Remote-Cache
X-Gdpr
X-Varnish-CookieINHashed-On
X-Nyt-Route
X-Varnish-Director
X-Conf
Rendered-Blocks
X-Varnish-Remaining-TTL
X-Contensis-Viewer-Groups
X-Aicache-OS
X-GeoIP-City
X-Jobs
X-GeoCountry
X-Varnish-Authentication
X-Varnish-CookieHashed-On
Producers
X-Ig-Origin-Region
X-GeoCode
X-Vdms-Version
Redirect-Candidate
X-Aed
X-VG-WebCache
Mime-Version
Product
Tube-Got-Results
X-Akamai-Device-Characteristics
Platform
X-Platform
Req-Svc-Chain
Server-Host
RNT-Time
X-Op-Id-All
Esi-Enabled
Tube-Return
RNT-Machine
Tube-Get-Contents
PFcat
DSUID
Tube-Got-Eval
X-Level-Front-Cache
User-Agent
Release
L5d-Success-Class
X-Policy
NM-Fastcgi-Cache
NGX
HA-Ipaddr
X-Node-Id
L
Gh-Request-Id
X-NMSegId
Ha-Gx-Prefs
X-Micro-Cache
X-Pool
X-Varnish-Beresp-Status
X-Core-Value
X-VTEX-Cache-Server
X-Via-Fastly
X-VTEX-Cache-Time
AMP-Access-Control-Allow-Source-Origin
Wxu-Next-Region
X-Csrf-Jwt
X-VG-TLSProxy
X-Varnishpool
X-CGP
W
Wxu-Next-Hostname
X-Clientip
X-Human
X-VarnishDD-TTL
X-Content-Age
X-Location
X-HS-Content-Campaign-Id
X-Path
X-GeoIP-Region-Code
X-Fmm-Version
X-GeoIP-Country-Code
Cache
X-Generated-On
X-Acquia-Purge-Cdn-Unconfigured
X-Gzip
X-Eu-Site
X-HN
Yak-Timeinfo
X-Dispatcher-Server
X-Ec-Custom-Error
X-Esi-Check
X-Edge-Server
X-Pad
X-Var-Ttl
Canary
X-Bl-Debug
Cdn-Host
Cache-Provider
Cache-Key
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Cdn-Request-Time
X-BBC-Edge-Cache-Status
Content-Script-Type
Content-Style-Type
X-Powered-By-VTEX-Cache
Click-Count-Error
X-B3-Trace-ID
Click-Count-Action-Start
Apple-News-Services-Host
Apple-News-Services-Handled
X-Slack-Shared-Secret-Outcome
X-Slack-Backend
X-Cache-Id
X-Sn-Servicetimems
X-Tb-Optimization-Total-Bytes-Saved
X-Access
Wxu-Next-Commit
X-Cache-Grace
X-Section
X-Pubstack
X-MP-GENERATED-AT
X-Req
X-Cache-Bucket
X-SD-PageType
Web-Mar-Region
Debug
X-Varnish-Beresp-Ttl
X-Air-Pt
X-Api-Version
Ohc-File-Size
X-Fastly-Backend
X-Gamma-Serve
X-GoCache-CacheStatus
X-Hash
X-Date
X-Cache-FS-Status
X-CacheTTL
X-Cdn-Srv
X-CUA
X-Bip
X-Request-Start
X-V-Cache
X-Cached-By
X-Accel-Expires-Debug
X-Thanos
X-SB
CDN-Cache
X-UA-Device-Type
X-SVT-ORM-RULES
X-Wikidot-Backend
X-Wikidot-Static-Cache
Sid
Origin-CC
Origin-EX
Origin
X-Amz-Meta-Cb-Modifiedtime
X-Auto-Login
XM
CDN-CachedAt
X-SVT-ORM-VERSION
Pramga
CDN-EdgeStorageId
CDN-Uid
Req-ID
X-NodeID
V-Age
Cross-Origin-Opener-Policy-Report-Only
Ssr
CDN-RequestPullSuccess
Fastly-SSL
CDN-PullZone
CDN-RequestPullCode
CDN-RequestCountryCode
X-LiteSpeed-Cache-Control
X-Cache-Hit
X-COUNTRY
User-Cache-Control
IsBot
CDCHOST
X-Hnp-Log
X-Men
X-Request-Host
X-SIPLIST1
ServerName
X-Newrelic-Synthetics
X-HITS
X-Dc
X-Server-IP
Country-Code
X-Content-Length
X-Gen-Mode
X-Block-Status
X-URL
X-Irp-Debug
X-AB-Test
X-Varnish-Hits
X-GEO
X-HOST
Fl-Custom-Application
True-Client-Country-4JS
X-Provided-By
Akamai-Mon-Iucid-Del
X-VWS-Id
X-LJ-Flow-ID
X-AWS-Id
X-RequestId
X-Test
GeoIP-Latitude
X-ORCA-Accelerator
X-CACHE-GROUP
X-Cs
Server-Hostname
Sever-Int
Server-Ext
C-Via
X-APP
Proxy-Firewall
X-TA-CDN-Provider
Adler-Geo
Is-Eu
X-B3-Parentspanid
X-Refresh
S-Rt
X-Nananana
X-Servedbyhost
CloudFront-Viewer-Country
X-Dispatcher-Number
X-VServer
X-LB-NoCache
Fastly-Drupal-HTML
X-Geolocation
X-Cache-Date
Cache-Tv-Group
X-HS-CF-Cache-Status
X-Via-CDN
X-Via-Edge
X-DC
Edge-Copy-Time
X-Via-SSL
X-Presslabs-Stats
X-Nginx-Cache-Key
WZWS-RAY
Fastly-Drupal-Html
X-ZONE
X-Custom-Header
X-External-Request-Id
X-IsAdmin
X-B3-Spanid
X-S-Cookie
X-Zone
X-Geo-Header
X-B-Cookie
T-Server
X-Destination
X-Application
X-Pass-Why
X-Endurance-Cache-Level
X-Via-Poph
X-Via-Popv
X-Via-Popn
X-Zen-Fury
X-CACHE-AGE
X-HA-Backend
X-LB-ID
X-Tt-Logid
X-ND-Cache
X-Nc
X-Wa
X-DynaTrace-JS-Agent
X-Webkit-Csp-Report-Only
X-CMSURLCustom
Vc-Max-Age
X-Cache-Server
GeoIp-Country-Code
Server-ID
X-User
HostName
X-Litespeed-Tag
Cdn-Requestid
Cdn
X-CDN-Forward
X-CS
X-NewRelic-App-Data
X-Oracle-Dms-Ecid
X-Parent-Response-Time
True-Client-IP
Ohc-Cache-HIT
X-Srv
X-AIR-PT
Srv
Vix-Hermes-Req-Id
X-DataCenter
Powered-By
X-HubSpot-Correlation-Id
X-Fpc
X-VC-TTL
SID
X-Varnish-Beresp-TTL
X-Vgn-Hpd-Reason
X-Fastly-Cache
WP-Super-Cache
X-APP-VERSION
X-Moov-Xdn-Version
X-Moov-T
X-Moov-Xdn-Caching-Status
Resin-Trace
X-Ckpd-Fst-Backend
Uri
Pics-Label
X-TH-Server
On-Server
X-API-Version
ServerHost
Thinkindot-Control
X-Old-Content-Length
SEZNAM-JOBS-OFFER
X-Air-Hostname
X-Air-Trace-Id
X-Air-Source
X-Srcache-Store-Status
X-Srcache-Fetch-Status
X-Cache-TTL-Remaining
X-Amz-Meta-Opti
X-Vercel-Cache
X-Vercel-Id
X-FPC
X-PHP-Backend
True-Client-Ip
AKAMAI
X-SERVER-NAME
X-Datadome
X-TX-ID
Serverhost
X-Client-Ip
X-Dynatrace-Js-Agent
GeoIP-Country-Code
X-Info
Location
X-Cache-VC
Magicmarker
X-Action
X-Thinkindot-L1
Server-Id
X-Oracle-Dms-Rid
Cl-Cache
Hostname
X-CDN-Cache-Status
X-V
X-Vc
X-Debug-Service
N1-Cache
X-NC
X-WA
X-Cdn-Cache-Status
X-Stale
Av-Poweredby
CDN
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-Backend
X-Rollout
X-Eligible
X-IAuth-Set-Uid
X-New
X-FTR-Expires
X-FTR-Cache-Status
X-Lb-Id
X-Country-Code-Real
Sm-Log-Id
X-Service-Response-Time
X-Ee-Request-Date
X-Ee-Request-Id
X-Region-Sid
X-Ee-Origin
X-VTEX-Cache-Backend-Header-Time
Time-Cloud-Cache
X-Cms-Device
X-Save-Cache
X-Vary-Devices
X-ApacheServer
X-PERF
X-WA-Info
Machine
X-Forwarded-Site
X-Datacenter
X-Fastly-Cache-Status
Store-Cloud-Cache
X-Ee-Generated-By
X-Udemy-Cache-App-Namespace
X-Geo
X-VTEX-Cache-Backend-Connect-Time
X-Cache-Ttl
X-Github-Request-Id
X-Oracle-DMS-ECID
X-Nitro-Cache
X-Container-Uri
X-Render-Time
Cloudfront-Viewer-Country
Server-Info
X-Git-Commit
X-Via-PopV
Xkeylog
Xkey-La3
X-Resp-Is-Stale
X-Ha-Backend
X-Via-PopH
X-Limited
X-Lb-Nocache
X-Ssense-Gql
X-Fastly-Backend-Reqs
X-Via-PopN
X-Ssense-Shipping-Surcharge-Enabled
X-Proxy-Cache-La3
X-App
X-ServedByHost
X-Ftr-Request-Id
X-Uri
X-Litespeed-Cache-Control
Tcn
X-VCL-Version
TWC-GeoIP-DMA
TWC-GeoIP-City
TWC-GeoIP-Region
X-MSEdge-Features
Cache-Contol
Cneonction
Permission-Policy
WebServer
X-EC-Lua
X-SRCache-Key
X-Traceid
X-Varnish-Hostname
WWW-Authenticate
Cache-Hits
Edge-Cache
Log-Origin
X-MSEdge-Flight
Geoip-Latitude
RewriteTestHook
X-Akamai-Pragma-Client-IP
X-Ion-Healthy
X-Jungle-Id
X-Ion-Hop
RewriteTeamHook
X-Correlation-ID
CountryCode
X-Akamai-Transformed
Pragrma
PICS-Label
My-App
X-LAGOON
X-Serial
X-Check-Cacheable
X-Ua
FSS-Cache
Cmstype
X-Requestid
X-Pod
Reporter
NtCoent-Length
X-Acquia-Site
X-Up
X-HS-Status
X-Acquia-Application-UUID
X-Acquia-Application-Trace
X-Dw-Trace-Id
X-Cdn-Request-ID
Cmsid
X-From
X-Acquia-Purge-Tags
Cf-Ipcountry
X-Sucuri-Id
X-Elasticpress-Query
CacheControlHeader
X-BBC-Origin-Response-Status
X-Web-Server
CF-Cached-On
X-Platform-Cluster
X-Platform-Processor
X-Fastly-Cache-Hits
X-Ad-Load-Variation
X-Sqd-Ctime
X-Sqd-Stime
X-Platform-Router
X-Ramcache
Warning
X-Akamai-ERPolicy
X-Akamai-ERRuleID
Timeexpire
X-Tncms-Bot-Tier
X-Ms-Blob-Type
X-Ms-Lease-Status
X-Orig-Cache-Control