Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
CF-Cache-Status
Cf-Request-Id
ETag
Accept-Ranges
Expect-CT
CF-RAY
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
X-XSS-Protection
Alt-Svc
Report-To
NEL
X-Xss-Protection
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
Accept-CH
X-Cache-Hits
X-UA-Compatible
X-Served-By
P3P
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Request-Id
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-FRAME-OPTIONS
Access-Control-Allow-Credentials
CF-Ray
Content-Security-Policy-Report-Only
X-DNS-Prefetch-Control
X-Runtime
P3p
X-AspNet-Version
X-Drupal-Cache
Server-Timing
X-Generator
X-Cache-Status
X-Cacheable
X-Envoy-Upstream-Service-Time
Timing-Allow-Origin
X-Iinfo
Permissions-Policy
X-Drupal-Dynamic-Cache
X-Request-ID
X-Ua-Compatible
X-Content-Security-Policy
Feature-Policy
Access-Control-Expose-Headers
Upgrade
Content-Encoding
Status
X-CDN
Accept-CH-Lifetime
Access-Control-Max-Age
Host-Header
Cf-Edge-Cache
X-AspNetMvc-Version
X-Robots-Tag
Request-Context
X-Amz-Request-Id
X-Backend
X-Amz-Id-2
X-UA-Device
X-Hacker
Cf-Apo-Via
X-Cache-Group
X-Turbo-Charged-By
X-Proxy-Cache
X-Age
Keep-Alive
EagleId
X-Rq
X-Via
X-Vhost
X-Dispatcher
X-Server
X-Amz-Version-Id
X-AH-Environment
X-Check
X-Litespeed-Cache
X-Ws-Request-Id
X-Varnish-Cache
Grace
X-WebKit-CSP
X-Server-Powered-By
X-OneAgent-JS-Injection
X-Swift-SaveTime
X-Swift-CacheTime
Xkey
X-Pingback
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
Ali-Swift-Global-Savetime
Allow
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Cache-Lookup
X-Page-Speed
X-Cloud-Trace-Context
X-Device
X-Backend-Server
X-Dns-Prefetch-Control
X-Akam-SW-Version
X-Host
Surrogate-Control
EagleEye-TraceId
X-Response-Time
X-Readtime
Cf-Railgun
X-Node
X-HW
Request-Id
X-Server-Id
X-Ruxit-JS-Agent
X-Country
X-Url
X-Nginx-Cache-Status
Content-Location
X-Country-Code
X-Content-Type
Cache-Tag
X-Nginx-Upstream-Cache-Status
X-Trace
Fastly-Restarts
Service-Worker-Allowed
X-Clacks-Overhead
Cross-Origin-Opener-Policy
X-Application-Context
X-Rack-Cache
X-NWS-LOG-UUID
X-Amz-Server-Side-Encryption
X-Times
X-Vname
X-PC
X-TtlSet
Surrogate-Key
X-Midtier
X-Mcache
X-Edge
Rating
X-Server-Name
X-Cache-TTL
Display
X-Middleton-Display
X-Sol
Pagespeed
X-Cnection
X-LiteSpeed-Cache
X-Powered-By-Plesk
X-Browser-Type
X-Element-Page-Cache
X-Abt-Application-Version
X-Exp-Id
X-Exp-Variant
X-Kinja-Server
X-Kinja-Revision
X-Kinja-Build
X-Kinja
X-GoogleNews-Bot
X-Cdn-Fetch
X-ESI
X-GitHub-Request-Id
Nginx-Cache
Edge-Control
X-Vcap-Request-Id
X-D2id
Verso
X-Ac
X-ORACLE-DMS-RID
X-Ser
X-MS-InvokeApp
X-ECACHE
X-Client-IP
X-Ratelimit-Limit
X-Server-ID
X-Amz-Rid
X-Ratelimit-Remaining
Response
X-Middleton-Response
X-Ruxit-Js-Agent
X-Wormhole-Sdk
X-ARC
X-CST
X-Oneagent-Js-Injection
X-Powered-CMS
X-Dw-Request-Base-Id
X-Goog-Hash
X-ASPNET-VERSION
X-Navigation-Version
X-Edge-Location-Klb
X-Kinsta-Cache
X-Erf-Bev-Bev
X-Server-Lifecycle-Phase
X-PDP-UNCACHING-HASH
X-Erf-Bev-Bev-Is-Generated
X-Kraken-Loop-Name
X-Instrumentation
X-Upstream
X-B3-TraceId
X-Forwarded-For
X-Amzn-Trace-Id
SPIisLatency
SPRequestDuration
X-Cache-Key
RTSS
X-FastCGI-Cache
X-Mod-Pagespeed
X-Daa-Tunnel
Edge-Cache-Tag
Cache-Status
AR-ATIME
AR-Request-ID
AR-PoweredBy
AR-SID
Public-Key-Pins
X-Content-Digest
X-Ezoic-Cdn
X-FTR-Request-ID
Origin-Trial
X-Version
X-Aspnetmvc-Version
X-ORACLE-DMS-ECID
SPRequestGuid
X-SharePointHealthScore
X-Mg-S
X-Ttl
Realpath
S
X-Fastly-Request-ID
X-MSEdge-Ref
X-T
X-Shield-Request-Id
Fastcgi-Cache
X-Recruiting
Front-End-Https
X-NF-Request-ID
Cross-Origin-Resource-Policy
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Accel-Expires
AR-CACHE
X-Cached
X-Distributor
Pinterest-Generated-By
X-Pinterest-Rid
Pinterest-Version
X-TTL
X-Nf-Request-Id
X-Xrds-Location
X-Azure-Ref
Access-Control-Request-Method
Arr-Disable-Session-Affinity
TP-Cache
X-Request-Received
X-Request-Processing-Time
X-HS-Hub-Id
X-Id
X-Ua-Browser
X-HS-Content-Id
Count-Hit
X-HS-Cache-Config
X-Debug
X-Correlation-Id
Cache-Tags
X-LLID
X-Varnish-TTL
X-Ismobilevalue
X-Cluster-Name
Server-Node
X-Newrelic-App-Data
X-Content-Security-Policy-Report-Only
MicrosoftSharePointTeamServices
X-NGENIX-Cache
X-Hits
X-Frontend
X-VARITI-CCR
X-GUploader-UploadID
X-Varnish-Backend
X-PressLabs-Stats
Akamai-GRN
X-HS-Combine-CSS
X-Protected-By
X-Amz-Replication-Status
Accept-Ch-Lifetime
X-Goog-Metageneration
Accept-Ch
Payment
X-Request-Handler-Origin-Region
X-Microsite
X-Unique-Id
X-Ratelimit-Reset
X-LB-Cache
X-Page-Id
X-Varnish-Server
X-Git-Hash
Cleartype
X-FB-Debug
X-AppVersion
X-Activity-Id
X-Az
X-Www-Served-By
X-Tt-Trace-Tag
Content-Disposition
X-Logged-In
X-Hostname
X-DIS-Request-ID
X-TraceId
X-Tt-Trace-Host
X-Jurisdiction
X-HP-Webp
X-HP-Trace-Id
X-Cambria-Cache-Control
Host
Filterid
X-Forwarded-Proto
X-Amz-Apigw-Id
X-Varnish-Ttl
X-Amzn-RequestId
X-Template
X-Fastcgi-Cache
X-App-Server
Amp-Access-Control-Allow-Source-Origin
X-Geo-Country
Version
Frame-Options
MRF-Tech
X-B3-TraceId-Primal
Mrf-Cache-Status
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Generation
Trailer
X-Goog-Storage-Class
Access-Control-Allow-Method
X-Aspnet-Version
X-Type
X-WP-CF-Super-Cache-Cache-Control
X-Load-Cache
X-WP-CF-Super-Cache
Accept-Charset
Fastly-SWR
Fastly-SIE
X-Upgrade-Enabled
Viewport
X-Content-Options
X-Envoy-Decorator-Operation
Section-Io-Cache
X-Origin-Server
X-TT
X-Fb-Rlafr
X-Source
X-Cache-Age
X-B
X-Grace
X-B3-Sampled
X-Cache-Control
X-Ah-Environment
Retry-After
MS-Author-Via
X-Rid
Content-MD5
Server-Name
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-TEC-API-VERSION
X-Device-Type
X-Language
X-Buckets
X-Px
X-HS-Prerendered
X-Request-Guid
X-Magnolia-Registration
X-Vcl-Version
X-Trace-Id
X-Tec-Api-Version
X-Tec-Api-Origin
X-Tec-Api-Root
X-Mobile
X-Cdn
X-Revision
TCN
Healthy
X-Akamai-Edgescape
X-Varnish-Grace
Protected
X-WP-CF-Super-Cache-Active
X-EdgeConnect-Cache-Status
X-Backend-Name
X-CSRF-Token
X-B3-Traceid
X-Status
X-Response-Served-From
SD-X-WS
X-App-Environment
Upgrade-Insecure-Requests
X-Instance
X-RM-Cache-TTL
X-Debug-Info
X-Original-Request-Id
Charset
X-ProcessESI
Cross-Origin-Embedder-Policy-Report-Only
X-Proxy
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Tumblr-User
X-Tumblr-Pixel-1
X-Rule
X-RemovedCookies
X-NYM-Debug-Backend
X-ServerID
NGB
X-FW-Type
X-FW-Version
X-Storage
X-Cache-Time
X-Region
X-Cacheable-TTL
X-FW-Server
X-FW-Hash
X-FW-Dynamic
X-Framework
X-Adobe-Loc
X-FW-Serve
X-Is-Bot
X-Rendered-As
X-FW-Static
Access-Control-Request-Headers
X-Node-Name
X-Mg-Request-UUID
X-Adobe-Content
X-UUID
GEO-INFO
Cross-Origin-Window-Policy
X-Datadog-Trace-Id
X-Datadog-Sampling-Priority
X-Edge-Location
X-Datadog-Parent-Id
X-Datadog-Sampled
MS-CV
X-RTag
Ms-Operation-Id
X-Environment-Context
X-Yottaa-Metrics
X-Debug-IsConnected
X-Proxy-Cache-Info
X-Yottaa-Optimizations
X-Debug-IsPreview
X-L-Path
X-Content-Powered-By
X-Contextid
X-G
Refresh
X-Whom
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-Cache-Status
X-Country-Code-Real
X-FTR-Backend
X-FTR-Expires
X-ECache
OT-Force-Account-Verify
X-Lambda-Id
X-Origin-Cache
Webserver
X-Ua-Device
X-Amz-Meta-S3cmd-Attrs
Section-Io-Id
Countrycode
X-User-Agent
X-Reqid
DC
X-Amzn-Remapped-Content-Length
Paypal-Debug-Id
X-CCDN-Origin-Time
X-CCDN-CacheTTL
X-Seen-By
X-HTML-Minification-Powered-By
X-Hcs-Proxy-Type
X-VC
Front
Priority
Alternate-Protocol
X-Server-W
X-WebKit-CSP-Report-Only
X-Real-IP
X-TT-LOGID
X-DataDome
SRV
X-Time
X-Resp-Is-Stale
X-IPS-LoggedIn
X-WP-CF-Super-Cache-Cookies-Bypass
Cross-Origin-Opener-Policy-Report-Only
Liferay-Portal
X-Origin-CC
X-Origin-TTL
X-Akamai-Request-ID2
X-N
Backend
X-AB
X-B3-SpanId
X-Mode
WPO-Cache-Message
X-Hl-Ver
X-Cache-Status-Check
X-Rocket-Nginx-Serving-Static
WPO-Cache-Status
Country
X-Nginx-Cache
Onion-Location
Xet-Cookie
X-Origin-Hint
Fastcgi-Useragent
Filters
Property-Id
Meta-Geo
X-Redis-Cache
X-Rn-Rsrv
X-Say-TTL
X-SayCDN-TTL
X-Say-Cacheable
X-SaId
ServerID
X-Tumblr-Pixel-2
TWC-Connection-Speed
X-Cache-Action
Webcakes-Region
X-Cache-Host
X-JoinUs
X-Format
X-FB-TRIP-ID
Webcakes-App-Version
Webcakes-App-Name
TWC-GeoIP-Country
TWC-Device-Class
TWC-GeoIP-LatLong
TWC-Locale-Group
Web-Mar-Node
TWC-Privacy
Environment
X-Rewrite-Enabled
X-UPSTREAM-Address
Mn-Server-Ip
X-Vcache
Uber-Trace-Id
X-Accel-Version
X-VC-Cache
From-Origin
Expiry
X-Restarts
X-Tncms
X-R9-Blue-Green-Version
X-PHP-Host
DB-Nickname
X-Loop
X-Labrador-Cache-Channel
X-Handled-By
X-Frame-Option
X-Hosted-By
X-IPLB-Instance
X-IPLB-Request-ID
X-Fetched-On
X-Varnish-Age
X-Cluster-Node
X-Cache-Expired-At
X-Cms-Context
X-Connection-Hash
X-Director
X-Scope-Id
X-Origin-Date
X-DynaTrace
X-Soup
X-Skip-Cache
X-Tb
X-Ms-Version
X-Ms-Request-Id
X-Web-Node
X-ProxyCache-Status
Apigw-Requestid
Atl-Traceid
Ohc-File-Size
X-ProxyCache-Key
Url
X-Servername
X-Webstats-RespID
X-Varnish-Cache-Hits
X-Varnish-Beresp-Grace
X-Detected-As
X-Httpd
X-Forwarded-Host
X-BYPASS-REASON
X-Logging-Id
X-Adobe-Source
X-Proxy-Build
X-Tumblr-Pixel-3
X-Timing-Wait
X-RateLimit-Remaining
X-Auth-Group-Type
Selected-Fe
ServedBy
X-Cluster
X-Served-From
X-Cloudmap
X-Extlb
X-Origin
X-Zipkin-Id
X-Proxied
X-S
X-Routing-Service
X-Hit
Cross-Origin-Embedder-Policy
X-Request-URI
Referer-Policy
X-Fastly-Request-Id
Accept-Language
X-HS-CF-Cache-Status
X-Azure-Ref-OriginShield
X-LSADC-Cache
N-Cache
X-Webkit-CSP
Surrogated-Key
LB
X-RateLimit-Remaining-Second
X-Worker
X-RateLimit-Limit-Second
X-SRV
X-Sucuri-Cache
X-Generated-By
X-Lagoon
X-Cache-Hit
X-Generation-Time
Xserver
X-App-Version
X-Drupal-Cache-Contexts
X-Drupal-Cache-Tags
X-TA-CDN-Provider
X-Sucuri-ID
CF-IPCountry
VIX-Pulpo-Node
X-Cdn-Origin
X-Xfnlog-Site
VIX-Pulpo-Upstream-Status
X-Wix-Request-Id
Source
X-Tx-Id
X-MP-GENERATED-AT
X-XRDS-Location
X-F-Cache
X-NWS-UUID-VERIFY
X-Cache-Debug
X-CDN-Forward
Node
X-RCS-CacheZone
CDN-RequestId
X-Mly-Id
Cache
X-VCT
X-Via-Edge
X-Cache-Rule
X-Via-SSL
X-Via-CDN
Edge-Copy-Time
X-NODE
X-Is-Supported-Browser
X-Urbn-Context-Path
X-Tcp-Rtt
X-Varnish-Beresp-Ttl
X-Is-Mobile
X-Is-Tablet
X-INCAP-ABP
X-Urbn-Site-Id
Locale
Ohc-Cache-HIT
X-Is-Desktop
X-Browser-Name
X-Geo-Region
X-No-Session
Cache-Provider
X-Pad
X-Signature
X-ElasticPress-Query
X-Site-Version
X-B-Cache
Cluster
Host-ID
Content-Secure-Policy
DCR-Decision-By
X-Destination
X-DPWN-IS-SECURE
X-D
X-Developer
DCR-Processing-Time-Ms
Expect-Staple
Fastly-SSL
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-Ec-Fail
Fastly-GeoIP-CountryCode
Fl-Custom-Application
Ha-Gx-Prefs
Fastly-Backend-Name
HA-Ipaddr
X-FC-Vary-Parameters
X-GeoIP-Region-Code
X-GeoIP-Country-Code
X-GeoCountry
X-GeoCode
X-Geolocation
X-HN
X-Ig-Push-State
X-Ig-Origin-Region
X-HS-Content-Campaign-Id
X-Locale
X-Gdpr
Candidate-Md5Url
X-External-Request-Id
X-Eu-Site
L5d-Success-Class
BehaviorPad-Version
Apple-News-Services-Handled
Apple-News-Services-Host
Apple-News-Services-Request-Url
X-Ec-GeoHdr
Meta-Geo-Continent
Wxu-Next-Commit
Wxu-Next-Hostname
Wxu-Next-Region
X-Application
Web-Mar-Region
We-Hiring
X-Backend-Instance
X-B-Cookie
W
X-A
X-A-Ccd
X-Access
X-App-Name
X-Aed
X-Aicache-OS
X-AB-Test
X-A-Wwc
X-A-Dam
X-A-Dcw
X-A-Dgt
X-Bc-Bl
X-BCube-Filmed-By
Odigeo-Trace-Id
Origin
PFcat
X-Conf
Ngx.Var.Host
X-Jobs
X-Csrf-Jwt
Mail-Subject
MD5-Digest
X-CGP
Producers
X-Cache-Grace
Sslversion
X-Bug-Bounty
X-Bl-Debug
X-Cache-Info
X-Cache-NE
Redirect-Candidate
Rendered-Blocks
X-Cache-Operation
Lang
Apple-News-Services-Parsed-Url
X-Org
X-Proto
X-Op-Id-All
X-Nyt-Route
Xc-Version
X-Proxied-Request
X-Origin-Time
X-Path
X-TIM-N
X-Platform-Server
X-Vtex-Remote-Cache
X-ScT
X-PAYTM-SRV-ID
X-VC-TTL
X-Via-JSL
X-S-Cookie
X-Mvc-Supplant-Cachable
X-SD-PageType
X-Section
X-Rojux
X-VarnishDD-TTL
X-Slack-Shared-Secret-Outcome
X-Vdms-Version
X-Slack-Backend
X-Oracle-Dms-Ecid
X-GEO
X-UA
Gh-Request-Id
X-Content-Age
Product
Platform
Gannett-Cam-Experience-Id
X-Clientip
NM-Fastcgi-Cache
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-Date
L
X-Cdn-Srv
X-Shield-Cache-Expires
X-Thinkindot-L3
X-Content-Length
X-CUA
X-Core-Value
Origin-Agent-Cluster
RNT-Time
X-Via-Fastly
X-Varnish-Remaining-TTL
X-Varnish-Director
X-Block-Status
Thinkindot-CacheControl-Type
X-Varnish-CookieINHashed-On
X-BBC-Edge-Cache-Status
X-Varnishpool
X-AIR-PT
X-Auto-Login
V-Age
User-Cache-Control
X-B3-Trace-ID
User-Agent
Thinkindot-CacheControl
TDXMobile
RNT-Machine
X-V-Cache
Req-Svc-Chain
X-Cached-By
X-CacheTTL
X-User
Server-Host
X-VTEX-Cache-Server
X-Cache-Date
X-Viewer-Country
X-Varnish-CookieHashed-On
X-Vmg-Version
X-VServer
X-Cache-Id
X-VTEX-Cache-Time
X-DefElseHash
X-Gen-Mode
X-Gamma-Serve
X-Fmm-Version
X-Origin-Expires
X-Generated-On
X-GeoIP
X-NodeID
X-AK-Request-ID
Azure-InstanceId
X-Platform
X-Fastly-Backend
Azure-Version
Azure-SlotName
Azure-RegionName
Azure-SiteName
X-GeoIP-City
X-Node-Id
X-Amz-Meta-Cb-Modifiedtime
X-Irp-Debug
X-Amz-Storage-Class
X-Akamai-Device-Characteristics
X-Level-Front-Cache
X-Location
X-Loc
X-Micro-Cache
X-Human
X-Gzip
X-GoCache-CacheStatus
X-Hash
X-NMSegId
X-Mvc-Supplant-OutputCached
X-Hnp-Log
X-Policy
Canary
X-Request-Host
Content-Script-Type
X-Zen-Fury
X-Req
X-Dispatcher-Server
CDCHOST
Cdnsip
Content-Style-Type
X-Accel-Expires-Debug
X-SB
X-Scheme
X-VG-WebCache
X-DefHash
X-Request-Time
Debug
X-Ec-Custom-Error
Cdncip
X-Epic-Correlation-Id
Cdn-Host
X-Esi-Check
X-Powered-By-VTEX-Cache
Cdn-Request-Time
X-Edge-Server
X-Litespeed-Tag
X-ShopId
X-Shopify-Stage
Mime-Version
X-NGINX-Cache
X-ShardId
X-Storefront-Renderer-Rendered
Akamai-Mon-Iucid-Del
X-Sorting-Hat-PodId
X-Alternate-Cache-Key
X-Sorting-Hat-ShopId
X-We-Are-Hiring
Yak-Timeinfo
XM
X-Server-IP
X-Pubstack
X-Request-Start
X-Depends
X-Sn-Servicetimems
X-Pool
X-Origin-Response-Time
X-Men
X-IsAdmin
X-Internal-TTL
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Varnish-Beresp-Status
X-Cache-Aspx
X-Bip
X-Varnish-Authentication
X-Var-Ttl
X-Thanos
X-Contensis-Viewer-Groups
X-UA-Device-Type
X-VG-TLSProxy
X-Cache-FS-Status
Origin-EX
CDN-RequestPullCode
Origin-CC
CDN-RequestPullSuccess
Req-ID
NGX
CDN-RequestCountryCode
ServerName
CDN-Cache
Release
CDN-CachedAt
CDN-EdgeStorageId
CDN-PullZone
Tube-Got-Eval
Tube-Get-Contents
Click-Count-Error
Tube-Got-Results
Click-Count-Action-Start
X-Acquia-Purge-Cdn-Unconfigured
Country-Code
DSUID
CDN-Uid
Tube-Return
Sid
X-Proxy-Cache-Status
X-Service
X-Tb-Optimization-Total-Bytes-Saved
Pramga
Ssr
X-SIPLIST1
IsBot
X-RID
X-LB-NoCache
X-HOST
X-ORCA-Accelerator
X-Varnish-Hits
X-Upstream-Ht
X-Upstream-Ct
Fastly-Drupal-HTML
X-TH-Server
GeoIP-Latitude
X-Api-Version
X-Vgn-Hpd-Reason
X-CACHE-GROUP
Esi-Enabled
X-Refresh
X-Cs
Cdn-Requestid
X-VHOST
X-HubSpot-Correlation-Id
X-DC
X-RequestId
CloudFront-Viewer-Country
X-Servedbyhost
X-Tt-Logid
X-B3-Spanid
X-Cache-Bucket
X-Old-Content-Length
X-Moov-Xdn-Caching-Status
X-Moov-Xdn-Version
X-ZONE
X-Moov-T
X-Nc
X-HITS
AMP-Access-Control-Allow-Source-Origin
X-Presslabs-Stats
XkeyRZ
A
Cache-Key
C-Via
X-Wa
X-Proxy-CacheRZ
X-Newrelic-Synthetics
N1-Cache
Server-ID
X-HA-Backend
X-Via-Popv
X-Via-Poph
X-APP
X-Via-Popn
X-Cdn-Forward
X-LiteSpeed-Cache-Control
X-Nananana
X-LB-ID
X-DynaTrace-JS-Agent
X-Action
X-LiteSpeed-Tag
X-B3-Parentspanid
X-Dc
X-Zone
X-Parent-Response-Time
X-Endurance-Cache-Level
HostName
X-Cache-VC
X-NewRelic-App-Data
X-Webkit-Csp-Report-Only
X-CS
X-Thinkindot-L1
Location
X-Vercel-Cache
X-Vercel-Id
Fastly-Drupal-Html
X-Srv
TWC-GeoIP-City
TWC-GeoIP-Region
TWC-GeoIP-DMA
Cache-Hits
X-URL
Proxy-Firewall
X-COUNTRY
X-Webkit-Csp
WP-Super-Cache
X-Ua
X-Optimistic-Header
X-CACHE-AGE
Server-Hostname
Uri
TP-L2-Cache
Sever-Int
X-DataCenter
X-ApacheServer
GeoIp-Country-Code
X-Fpc
X-PERF
Server-Ext
True-Client-Country-4JS
X-API-Version
Cdn
SID
X-Litespeed-Cache-Control
X-Render-Time
X-Test
X-WA-Info
X-Uri
X-Dispatcher-Number
Is-Eu
X-Nitro-Cache
X-Air-Pt
Adler-Geo
True-Client-IP
True-Client-Ip
X-Ion-Healthy
RewriteTestHook
X-Ion-Hop
X-Jungle-Id
RewriteTeamHook
X-Datacenter
X-Datadome
WZWS-RAY
Resin-Trace
GeoIP-Country-Code
Cache-Contol
X-Nginx-Cache-Key
SEZNAM-JOBS-OFFER
My-App
X-Ssense-Gql
Log-Origin
Cmsid
Cmstype
X-CLOUD-TRACE-CONTEXT
X-Varnish-Beresp-TTL
X-AWS-Id
X-LJ-Flow-ID
X-Ssense-Shipping-Surcharge-Enabled
X-VWS-Id
X-Pass-Why
X-SERVER-NAME
X-Service-Response-Time
Sm-Log-Id
X-APP-VERSION
Srv
X-Provided-By
Tcn
X-Stale
X-Geo-Header
T-Server
X-Custom-Header
X-Up
X-From
X-FPC
X-Client-Ip
X-ND-Cache
X-Udemy-Cache-App-Namespace
CacheControlHeader
X-RateLimit-Limit
X-Dynatrace-Js-Agent
X-Srcache-Store-Status
X-Srcache-Fetch-Status
X-Oracle-Dms-Rid
X-CMSURLCustom
X-Cache-Server
Vc-Max-Age
Serverhost
Hostname
Lb
S-Rt
X-App
X-Fastly-Cache-Status
Server-Id
Pics-Label
X-Debug-Service
X-Air-Hostname
X-Air-Source
Av-Poweredby
X-Air-Trace-Id
X-TX-ID
Cache-Tv-Group
X-Cdn-Cache-Status
X-Lb-Id
Powered-By
X-VCL-Version
X-Vc
AKAMAI-GRN
X-Cache-TTL-Remaining
Vix-Hermes-Req-Id
X-Fastly-Backend-Reqs
Cf-Ipcountry
X-Ha-Backend
X-Via-PopH
X-Akamai-Pragma-Client-IP
X-Via-PopV
X-Via-PopN
NtCoent-Length
X-Correlation-ID
Origin-Site
X-Cache-Ttl
ServerHost
X-Html-Minification-Powered-By
X-LAGOON
X-Varnish-Hostname
X-WA
X-Ckpd-Fst-Backend
X-Fastly-Cache
X-Oracle-DMS-ECID
X-SRCache-Key
X-NC
X-Esi
X-XRDS-LOCATION
X-Proxy-Cache-La3
Xkey-La3
Edge-Cache
Thinkindot-Control
Epwk-X-Cache
On-Server
Xkeylog
Geoip-Latitude
WWW-Authenticate
X-Traceid
Cloudfront-Viewer-Country
X-Requestid
X-ServedByHost
WebServer
Pragrma
CountryCode
Time-Cloud-Cache
X-Sigma-Backend
X-Cms-Device
X-Ee-Request-Id
X-Ee-Origin
X-Lb-Nocache
Store-Cloud-Cache
X-Ee-Request-Date
X-Ee-Generated-By
AKAMAI
Warning
X-MSEdge-Flight
X-PHP-Backend
X-Sucuri-Id
Machine
X-Rocket-Build-Number
X-MSEdge-Features
X-Vary-Devices
X-Save-Cache
X-Region-Sid
X-HS-Status
X-Sigma
YJS-ID
X-Amz-Meta-Opti
X-Forwarded-Site
Nord-Request-ID
X-Wp-Cf-Super-Cache-Cache-Control
FSS-Cache
X-Serial
X-Akamai-Transformed
X-Wp-Cf-Super-Cache
X-IAuth-Set-Uid
Ms-Author-Via
X-VTEX-Cache-Backend-Connect-Time
X-Check-Cacheable
X-Pod
Reporter
X-VTEX-Cache-Backend-Header-Time
MIME-Version
X-Info
Cl-Cache
Yjs-Id
Magicmarker
X-Limited
X-Ms-Lease-Status
X-Ms-Blob-Type
X-Cdn-Request-ID
Cneonction
X-Akamai-ERRuleID
X-Dw-Trace-Id
X-Orig-Cache-Control
X-Elasticpress-Query
X-BBC-Origin-Response-Status
X-Akamai-ERPolicy
Timeexpire
X-Lsadc-Cache
X-Tncms-Bot-Tier
X-Web-Server
X-Td-Header-From-No-Data
Thinkindot-Cache-Type
X-Mg-Cache