Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
X-Frame-Options
Expires
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
CF-Cache-Status
Cf-Request-Id
ETag
Accept-Ranges
Expect-CT
CF-RAY
Pragma
X-Powered-By
X-Cache
Via
Age
X-XSS-Protection
Content-Security-Policy
Alt-Svc
Report-To
NEL
Referrer-Policy
X-Xss-Protection
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
Accept-CH
X-Cache-Hits
X-UA-Compatible
X-Served-By
P3P
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Request-Id
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
CF-Ray
Content-Security-Policy-Report-Only
X-DNS-Prefetch-Control
X-Runtime
P3p
X-AspNet-Version
X-Drupal-Cache
Server-Timing
X-Generator
X-Cache-Status
X-Cacheable
X-Envoy-Upstream-Service-Time
Timing-Allow-Origin
X-Iinfo
X-FRAME-OPTIONS
Permissions-Policy
X-Drupal-Dynamic-Cache
X-Request-ID
X-Ua-Compatible
X-Content-Security-Policy
Feature-Policy
Access-Control-Expose-Headers
Upgrade
Content-Encoding
Status
X-CDN
Accept-CH-Lifetime
Access-Control-Max-Age
X-AspNetMvc-Version
Host-Header
Cf-Edge-Cache
X-Robots-Tag
Request-Context
X-Amz-Request-Id
X-Backend
X-Amz-Id-2
X-UA-Device
X-Hacker
Cf-Apo-Via
X-Cache-Group
X-Turbo-Charged-By
X-Proxy-Cache
X-Age
Keep-Alive
EagleId
X-Rq
X-Via
X-Vhost
X-Dispatcher
X-Server
X-Amz-Version-Id
X-AH-Environment
X-Check
X-Ws-Request-Id
X-Litespeed-Cache
X-Varnish-Cache
Grace
X-WebKit-CSP
X-Server-Powered-By
X-OneAgent-JS-Injection
X-Swift-SaveTime
X-Swift-CacheTime
Xkey
X-Pingback
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
Ali-Swift-Global-Savetime
Allow
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Cache-Lookup
X-Page-Speed
X-Cloud-Trace-Context
X-Device
X-Backend-Server
X-Dns-Prefetch-Control
X-Akam-SW-Version
X-Host
Surrogate-Control
EagleEye-TraceId
X-Response-Time
X-Readtime
Cf-Railgun
X-Node
X-HW
Request-Id
X-Server-Id
X-Ruxit-JS-Agent
X-Country
X-Url
X-Nginx-Cache-Status
Content-Location
X-Country-Code
X-Content-Type
Cache-Tag
X-Nginx-Upstream-Cache-Status
X-Trace
Fastly-Restarts
Service-Worker-Allowed
X-Clacks-Overhead
Cross-Origin-Opener-Policy
X-Application-Context
X-Rack-Cache
X-NWS-LOG-UUID
X-Amz-Server-Side-Encryption
X-Times
X-TtlSet
X-Vname
X-PC
X-LiteSpeed-Cache
Surrogate-Key
X-Edge
X-Mcache
X-Midtier
Rating
X-Server-Name
X-Cache-TTL
Display
X-Sol
X-Middleton-Display
Pagespeed
X-Cnection
X-Powered-By-Plesk
X-Element-Page-Cache
X-Browser-Type
X-Abt-Application-Version
X-Kinja
X-Kinja-Build
X-Kinja-Revision
X-Kinja-Server
X-Cdn-Fetch
X-GoogleNews-Bot
X-Exp-Variant
X-Exp-Id
X-GitHub-Request-Id
X-ESI
Nginx-Cache
Edge-Control
X-ECACHE
X-Vcap-Request-Id
Verso
X-D2id
X-Ac
X-Ser
X-ORACLE-DMS-RID
X-MS-InvokeApp
X-Ratelimit-Limit
X-Client-IP
X-Server-ID
X-Amz-Rid
X-Middleton-Response
Response
X-Wormhole-Sdk
X-Ruxit-Js-Agent
X-CST
X-ARC
X-Powered-CMS
X-Oneagent-Js-Injection
X-Dw-Request-Base-Id
X-Goog-Hash
X-Ratelimit-Remaining
X-Navigation-Version
X-Edge-Location-Klb
X-Kinsta-Cache
X-Instrumentation
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
X-PDP-UNCACHING-HASH
X-Upstream
X-B3-TraceId
X-Forwarded-For
X-Amzn-Trace-Id
SPIisLatency
SPRequestDuration
X-Cache-Key
RTSS
X-FastCGI-Cache
X-Mod-Pagespeed
X-Daa-Tunnel
Edge-Cache-Tag
Cache-Status
AR-PoweredBy
AR-ATIME
AR-SID
AR-Request-ID
Public-Key-Pins
X-Content-Digest
X-Ezoic-Cdn
X-FTR-Request-ID
Origin-Trial
X-Version
X-ORACLE-DMS-ECID
X-SharePointHealthScore
X-Fastly-Request-ID
SPRequestGuid
X-Mg-S
Realpath
S
X-MSEdge-Ref
X-Shield-Request-Id
X-T
Fastcgi-Cache
X-TTL
X-Recruiting
Front-End-Https
X-NF-Request-ID
Cross-Origin-Resource-Policy
X-Accel-Expires
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Ttl
AR-CACHE
X-Cached
X-Distributor
Pinterest-Generated-By
Pinterest-Version
X-Pinterest-Rid
X-Nf-Request-Id
X-Xrds-Location
X-Azure-Ref
Access-Control-Request-Method
Arr-Disable-Session-Affinity
TP-Cache
X-Request-Received
X-Request-Processing-Time
X-Ua-Browser
X-HS-Hub-Id
X-HS-Content-Id
Count-Hit
X-HS-Cache-Config
X-Id
X-Debug
X-Correlation-Id
X-LLID
Cache-Tags
X-Varnish-TTL
X-Ismobilevalue
Akamai-GRN
X-Cluster-Name
X-Newrelic-App-Data
Server-Node
X-Content-Security-Policy-Report-Only
MicrosoftSharePointTeamServices
X-NGENIX-Cache
X-Hits
X-VARITI-CCR
X-Frontend
X-GUploader-UploadID
X-PressLabs-Stats
X-Varnish-Backend
X-Protected-By
X-HS-Combine-CSS
X-Aspnetmvc-Version
X-Amz-Replication-Status
Accept-Ch-Lifetime
Accept-Ch
X-Goog-Metageneration
Payment
X-Request-Handler-Origin-Region
X-Microsite
X-Ratelimit-Reset
X-LB-Cache
X-Unique-Id
X-Page-Id
X-Git-Hash
X-FB-Debug
Cleartype
X-Varnish-Server
X-Activity-Id
X-Www-Served-By
X-AppVersion
X-Az
X-TraceId
X-Logged-In
X-Hostname
X-Tt-Trace-Tag
X-DIS-Request-ID
X-Tt-Trace-Host
Content-Disposition
X-Cambria-Cache-Control
X-Jurisdiction
X-HP-Webp
X-HP-Trace-Id
Host
X-Forwarded-Proto
Filterid
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Varnish-Ttl
X-Template
X-Fastcgi-Cache
X-App-Server
Amp-Access-Control-Allow-Source-Origin
X-Geo-Country
Version
Frame-Options
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
Accept-Charset
X-Goog-Generation
X-Goog-Storage-Class
Trailer
X-Aspnet-Version
Access-Control-Allow-Method
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
X-Load-Cache
X-Type
Fastly-SWR
Fastly-SIE
X-Upgrade-Enabled
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-ASPNET-VERSION
X-Content-Options
Section-Io-Cache
Viewport
X-Envoy-Decorator-Operation
X-Origin-Server
X-TT
X-Fb-Rlafr
X-Source
X-Cache-Age
X-B3-Sampled
X-B
X-Grace
X-Cache-Control
X-Ah-Environment
MS-Author-Via
Retry-After
X-Rid
Server-Name
Content-MD5
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Device-Type
X-Language
X-Px
X-Buckets
X-Request-Guid
X-Magnolia-Registration
X-HS-Prerendered
X-Vcl-Version
X-Cdn
X-Trace-Id
X-Mobile
X-Revision
Healthy
X-Varnish-Grace
X-Akamai-Edgescape
X-WP-CF-Super-Cache-Active
Protected
X-EdgeConnect-Cache-Status
X-Backend-Name
TCN
X-Tec-Api-Root
X-Tec-Api-Origin
X-Tec-Api-Version
X-B3-Traceid
X-CSRF-Token
X-App-Environment
Upgrade-Insecure-Requests
X-Response-Served-From
X-RM-Cache-TTL
X-Debug-Info
X-Status
SD-X-WS
X-Original-Request-Id
X-Instance
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Rule
Cross-Origin-Embedder-Policy-Report-Only
Charset
X-RemovedCookies
X-Is-Bot
X-NYM-Debug-Backend
X-Proxy
X-Tumblr-Pixel-1
X-Rendered-As
X-ServerID
X-ProcessESI
X-Tumblr-User
X-Cacheable-TTL
X-Mg-Request-UUID
X-Cache-Time
X-Adobe-Loc
X-UUID
X-FW-Server
X-FW-Serve
X-FW-Hash
X-FW-Static
X-FW-Type
Cross-Origin-Window-Policy
X-Node-Name
X-FW-Version
X-FW-Dynamic
X-Framework
GEO-INFO
X-Storage
X-Adobe-Content
Access-Control-Request-Headers
NGB
X-Region
MS-CV
X-Edge-Location
Ms-Operation-Id
Refresh
X-Datadog-Trace-Id
X-Content-Powered-By
X-Debug-IsPreview
X-RTag
X-Environment-Context
X-Debug-IsConnected
X-Proxy-Cache-Info
X-L-Path
X-Datadog-Sampled
X-Datadog-Parent-Id
X-Yottaa-Optimizations
X-Datadog-Sampling-Priority
X-Yottaa-Metrics
X-G
X-Contextid
X-FTR-Backend-Server
X-FTR-Backend
X-Whom
X-FTR-Balancer
X-FTR-Cache-Status
X-FTR-Expires
X-Country-Code-Real
OT-Force-Account-Verify
X-Lambda-Id
X-Amz-Meta-S3cmd-Attrs
X-Origin-Cache
Webserver
X-Ua-Device
Section-Io-Id
Countrycode
DC
X-User-Agent
Paypal-Debug-Id
X-Amzn-Remapped-Content-Length
X-Reqid
X-CCDN-Origin-Time
X-Hcs-Proxy-Type
X-CCDN-CacheTTL
X-HTML-Minification-Powered-By
X-VC
X-Seen-By
Priority
Front
X-Server-W
Alternate-Protocol
SRV
X-WebKit-CSP-Report-Only
X-RateLimit-Remaining
X-ECache
X-Real-IP
X-TT-LOGID
X-Time
X-Resp-Is-Stale
X-B3-SpanId
Cross-Origin-Opener-Policy-Report-Only
X-IPS-LoggedIn
X-WP-CF-Super-Cache-Cookies-Bypass
X-Origin-TTL
Liferay-Portal
X-Akamai-Request-ID2
X-Origin-CC
Backend
X-AB
X-N
X-DataDome
X-Cache-Status-Check
X-Mode
Country
X-Rocket-Nginx-Serving-Static
X-Hl-Ver
WPO-Cache-Message
WPO-Cache-Status
X-Nginx-Cache
Xet-Cookie
Onion-Location
Property-Id
Web-Mar-Node
Webcakes-App-Version
X-Cache-Action
Webcakes-Region
Webcakes-App-Name
TWC-Privacy
TWC-GeoIP-Country
TWC-Connection-Speed
TWC-GeoIP-LatLong
TWC-Locale-Group
ServerID
Filters
TWC-Device-Class
X-SayCDN-TTL
X-Say-Cacheable
Fastcgi-Useragent
X-Say-TTL
X-Tumblr-Pixel-2
Environment
X-UPSTREAM-Address
X-SaId
X-Rn-Rsrv
X-Format
X-FB-TRIP-ID
X-JoinUs
X-Origin-Hint
X-Rewrite-Enabled
X-Redis-Cache
X-Cache-Host
Meta-Geo
X-IPLB-Instance
X-IPLB-Request-ID
X-Hosted-By
X-Handled-By
X-Frame-Option
X-Labrador-Cache-Channel
X-Loop
X-Restarts
X-R9-Blue-Green-Version
Uber-Trace-Id
X-Origin-Date
X-Fetched-On
X-Director
From-Origin
X-Cache-Expired-At
Mn-Server-Ip
X-Accel-Version
X-Cluster-Node
X-Cms-Context
X-Detected-As
X-Connection-Hash
DB-Nickname
Expiry
X-Scope-Id
X-PHP-Host
X-Tncms
X-Vcache
X-VC-Cache
X-Tb
X-Varnish-Age
X-Skip-Cache
X-Soup
X-DynaTrace
X-Httpd
X-Varnish-Beresp-Grace
Ohc-File-Size
X-BYPASS-REASON
X-Varnish-Cache-Hits
X-Servername
Atl-Traceid
X-Web-Node
X-Forwarded-Host
X-Webstats-RespID
Apigw-Requestid
X-Logging-Id
X-Adobe-Source
Url
X-ProxyCache-Status
X-Ms-Version
X-Ms-Request-Id
X-ProxyCache-Key
X-Served-From
X-Tumblr-Pixel-3
X-Cluster
Selected-Fe
X-Auth-Group-Type
X-Timing-Wait
X-Proxy-Build
ServedBy
X-Zipkin-Id
X-Cloudmap
X-Origin
X-Proxied
X-S
X-Routing-Service
X-Extlb
X-Hit
Cross-Origin-Embedder-Policy
Accept-Language
X-Request-URI
Referer-Policy
X-Azure-Ref-OriginShield
N-Cache
X-HS-CF-Cache-Status
X-Webkit-CSP
Surrogated-Key
X-Worker
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-LSADC-Cache
X-SRV
X-Sucuri-Cache
X-Generated-By
X-App-Version
X-Lagoon
LB
X-Generation-Time
X-Cache-Hit
Xserver
X-Drupal-Cache-Contexts
X-Fastly-Request-Id
X-Drupal-Cache-Tags
X-Sucuri-ID
X-Cdn-Origin
VIX-Pulpo-Node
X-TA-CDN-Provider
VIX-Pulpo-Upstream-Status
X-Xfnlog-Site
X-Wix-Request-Id
X-CDN-Forward
X-MP-GENERATED-AT
Source
CF-IPCountry
X-XRDS-Location
X-F-Cache
X-NWS-UUID-VERIFY
X-Tx-Id
Node
X-Cache-Debug
X-RCS-CacheZone
X-Varnish-Beresp-Ttl
Cache
X-Mly-Id
X-VCT
X-Via-Edge
X-Via-SSL
X-Via-CDN
X-Cache-Rule
Edge-Copy-Time
X-NODE
X-Is-Tablet
X-Is-Mobile
X-Is-Supported-Browser
X-Urbn-Site-Id
X-Urbn-Context-Path
CDN-RequestId
X-INCAP-ABP
X-Tcp-Rtt
Locale
Ohc-Cache-HIT
X-Is-Desktop
X-Browser-Name
X-Geo-Region
Cache-Provider
X-AIR-PT
X-No-Session
X-Pad
X-B-Cache
X-Signature
X-Site-Version
X-ElasticPress-Query
X-GeoIP-Country-Code
X-AB-Test
X-Csrf-Jwt
Xc-Version
Cluster
X-Access
X-Developer
X-Aed
L5d-Success-Class
X-GeoIP-Region-Code
X-Conf
X-A-Dcw
X-A-Wwc
X-TIM-N
X-D
Rendered-Blocks
Content-Secure-Policy
X-Geolocation
X-VC-TTL
X-A-Dgt
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-Jobs
Lang
Ha-Gx-Prefs
X-Bug-Bounty
X-Bl-Debug
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Apple-News-Services-Handled
Apple-News-Services-Host
X-BCube-Filmed-By
X-Bc-Bl
Candidate-Md5Url
X-B-Cookie
X-Application
X-Backend-Instance
BehaviorPad-Version
X-App-Name
X-Cache-Grace
X-Vtex-Remote-Cache
HA-Ipaddr
Host-ID
X-Ig-Push-State
Mail-Subject
X-Aicache-OS
X-Cache-Operation
X-Ig-Origin-Region
X-HN
X-Locale
X-Cache-Info
Mime-Version
X-HS-Content-Campaign-Id
X-Cache-NE
We-Hiring
X-CGP
X-Destination
Wxu-Next-Region
X-Origin-Time
Sslversion
X-Eu-Site
X-External-Request-Id
MD5-Digest
X-Org
Redirect-Candidate
X-Op-Id-All
Expect-Staple
X-S-Cookie
X-Rojux
Fastly-Backend-Name
PFcat
X-PAYTM-SRV-ID
Fastly-SSL
Origin
Fl-Custom-Application
X-Gdpr
X-Platform-Server
X-Path
Fastly-GeoIP-CountryCode
X-Proxied-Request
X-Proto
Ngx.Var.Host
X-FC-Vary-Parameters
X-A
X-Vdms-Version
Wxu-Next-Commit
X-Section
X-Via-JSL
X-SD-PageType
Meta-Geo-Continent
X-GeoCode
Producers
X-Slack-Backend
X-Slack-Shared-Secret-Outcome
Web-Mar-Region
DCR-Decision-By
X-Nyt-Route
X-Mvc-Supplant-Cachable
X-A-Ccd
X-GeoCountry
Wxu-Next-Hostname
X-DPWN-IS-SECURE
X-ScT
W
X-A-Dam
X-VarnishDD-TTL
Odigeo-Trace-Id
DCR-Processing-Time-Ms
X-Ec-Fail
X-Ec-GeoHdr
X-GEO
X-Oracle-Dms-Ecid
X-Amz-Storage-Class
Thinkindot-CacheControl-Type
X-VTEX-Cache-Time
X-Auto-Login
X-AK-Request-ID
X-Accel-Expires-Debug
RNT-Time
RNT-Machine
User-Cache-Control
V-Age
Req-Svc-Chain
Server-Host
X-Wikidot-Static-Cache
TDXMobile
Thinkindot-CacheControl
X-Zen-Fury
X-Amz-Meta-Cb-Modifiedtime
X-Wikidot-Backend
X-Akamai-Device-Characteristics
User-Agent
X-Epic-Correlation-Id
X-Location
X-Loc
X-Level-Front-Cache
X-Micro-Cache
X-Varnish-Director
X-Varnish-CookieINHashed-On
X-Mvc-Supplant-OutputCached
X-Irp-Debug
X-Varnish-Remaining-TTL
X-GoCache-CacheStatus
X-GeoIP-City
X-Gzip
X-Hash
X-Human
X-Hnp-Log
X-NMSegId
X-Node-Id
X-SB
X-Request-Time
X-Scheme
X-Shield-Cache-Expires
X-Thinkindot-L3
X-V-Cache
X-Request-Host
X-Req
X-Origin-Expires
X-NodeID
X-Varnish-CookieHashed-On
X-Platform
X-Powered-By-VTEX-Cache
X-Policy
X-GeoIP
X-Generated-On
X-Cdn-Srv
X-Vmg-Version
X-Viewer-Country
X-Clientip
X-Content-Length
X-Content-Age
X-CacheTTL
X-Cached-By
X-Block-Status
X-BBC-Edge-Cache-Status
X-Cache-Date
X-Cache-Id
X-VServer
X-VTEX-Cache-Server
X-Core-Value
X-CUA
X-Fastly-Backend
X-Esi-Check
X-Varnishpool
X-Fmm-Version
X-Gen-Mode
X-Gamma-Serve
X-VG-WebCache
X-Via-Fastly
X-DefElseHash
X-Date
X-DefHash
X-Dispatcher-Server
X-Edge-Server
X-Ec-Custom-Error
X-B3-Trace-ID
Cdncip
Content-Script-Type
Cdnsip
X-User
Content-Style-Type
Debug
L
Gh-Request-Id
Gannett-Cam-Experience-Id
Cdn-Request-Time
CDCHOST
Azure-SiteName
Azure-RegionName
Azure-InstanceId
Azure-SlotName
Azure-Version
Canary
X-Litespeed-Tag
NM-Fastcgi-Cache
Cdn-Host
Origin-Agent-Cluster
Product
Platform
X-Storefront-Renderer-Rendered
X-ShopId
X-Shopify-Stage
X-Alternate-Cache-Key
X-Sorting-Hat-ShopId
X-ShardId
Akamai-Mon-Iucid-Del
X-Sorting-Hat-PodId
X-NGINX-Cache
CDN-CachedAt
CDN-Cache
X-Men
CDN-EdgeStorageId
X-VG-TLSProxy
Tube-Get-Contents
CDN-RequestPullCode
CDN-RequestCountryCode
X-Origin-Response-Time
CDN-PullZone
X-Contensis-Viewer-Groups
XM
X-SVT-ORM-RULES
X-Pool
X-Cache-FS-Status
X-SVT-ORM-VERSION
X-Internal-TTL
X-Cache-Aspx
X-Varnish-Beresp-Status
NGX
X-Bip
X-Pubstack
Req-ID
X-Sn-Servicetimems
CDN-RequestPullSuccess
X-Depends
Origin-EX
Tube-Got-Eval
DSUID
Yak-Timeinfo
X-Thanos
Tube-Got-Results
X-Server-IP
Tube-Return
Release
X-Request-Start
Origin-CC
X-We-Are-Hiring
Country-Code
X-IsAdmin
ServerName
X-UA-Device-Type
CDN-Uid
Click-Count-Action-Start
X-Acquia-Purge-Cdn-Unconfigured
X-Varnish-Authentication
X-Var-Ttl
Click-Count-Error
Sid
X-UA
X-Proxy-Cache-Status
X-SIPLIST1
Pramga
X-Tb-Optimization-Total-Bytes-Saved
IsBot
X-Varnish-Hits
X-LB-NoCache
Ssr
X-Service
Cdn-Requestid
X-Cs
X-ORCA-Accelerator
X-HOST
X-RID
Fastly-Drupal-HTML
X-Upstream-Ht
X-Upstream-Ct
X-HubSpot-Correlation-Id
X-CACHE-GROUP
X-Api-Version
Esi-Enabled
X-Refresh
X-Vgn-Hpd-Reason
X-TH-Server
X-VHOST
X-DC
GeoIP-Latitude
X-Tt-Logid
X-ZONE
CloudFront-Viewer-Country
X-Servedbyhost
X-HITS
X-Moov-T
X-Cache-Bucket
X-Moov-Xdn-Version
X-Old-Content-Length
X-Moov-Xdn-Caching-Status
X-RequestId
AMP-Access-Control-Allow-Source-Origin
X-Presslabs-Stats
X-HA-Backend
X-Nc
X-Proxy-CacheRZ
X-Via-Popn
X-Wa
Cache-Key
X-Via-Popv
X-Via-Poph
C-Via
XkeyRZ
A
X-Newrelic-Synthetics
X-B3-Spanid
Server-ID
X-APP
N1-Cache
X-LB-ID
HostName
X-LiteSpeed-Cache-Control
X-Action
X-LiteSpeed-Tag
X-Nananana
X-DynaTrace-JS-Agent
X-B3-Parentspanid
X-Parent-Response-Time
X-Zone
X-Dc
X-NewRelic-App-Data
X-Thinkindot-L1
X-Cdn-Forward
X-Ua
X-Webkit-Csp-Report-Only
X-Vercel-Id
Location
X-Vercel-Cache
X-Endurance-Cache-Level
X-Cache-VC
X-Srv
TWC-GeoIP-DMA
Cache-Hits
TWC-GeoIP-City
Fastly-Drupal-Html
TWC-GeoIP-Region
X-COUNTRY
X-URL
Proxy-Firewall
X-CS
X-Webkit-Csp
X-Optimistic-Header
X-CACHE-AGE
Sever-Int
X-Fpc
Server-Ext
TP-L2-Cache
Server-Hostname
GeoIp-Country-Code
True-Client-Country-4JS
X-ApacheServer
Uri
X-PERF
WP-Super-Cache
Cdn
X-Datadome
X-API-Version
SID
X-Litespeed-Cache-Control
X-WA-Info
X-Test
X-DataCenter
X-Render-Time
X-Dispatcher-Number
True-Client-Ip
X-Uri
Is-Eu
True-Client-IP
X-Datacenter
Adler-Geo
X-Nitro-Cache
Tcn
X-Ion-Hop
RewriteTestHook
X-Jungle-Id
X-Ion-Healthy
GeoIP-Country-Code
Resin-Trace
WZWS-RAY
RewriteTeamHook
Cache-Contol
SEZNAM-JOBS-OFFER
X-Nginx-Cache-Key
X-Service-Response-Time
Sm-Log-Id
X-Ssense-Gql
X-Air-Pt
X-Ssense-Shipping-Surcharge-Enabled
X-AWS-Id
Cmsid
Cmstype
Log-Origin
My-App
X-CLOUD-TRACE-CONTEXT
X-LJ-Flow-ID
X-VWS-Id
X-SERVER-NAME
X-Pass-Why
X-FPC
X-Up
X-From
T-Server
X-Custom-Header
X-Provided-By
X-Stale
X-Geo-Header
Lb
X-Varnish-Beresp-TTL
X-Client-Ip
X-Udemy-Cache-App-Namespace
CacheControlHeader
X-ND-Cache
X-RateLimit-Limit
X-Srcache-Store-Status
X-Dynatrace-Js-Agent
X-Srcache-Fetch-Status
X-TX-ID
X-Cache-Server
Vc-Max-Age
X-Oracle-Dms-Rid
X-APP-VERSION
Serverhost
Srv
X-CMSURLCustom
S-Rt
Pics-Label
X-Debug-Service
Hostname
Server-Id
X-Fastly-Cache-Status
X-Air-Hostname
X-Air-Trace-Id
X-App
X-Air-Source
Av-Poweredby
Cache-Tv-Group
Cf-Ipcountry
Powered-By
X-Cdn-Cache-Status
X-VCL-Version
X-Vc
Origin-Site
X-Correlation-ID
X-Fastly-Backend-Reqs
X-WA
X-Akamai-Pragma-Client-IP
X-NC
NtCoent-Length
X-Lb-Id
Vix-Hermes-Req-Id
X-Cache-TTL-Remaining
X-Cache-Ttl
X-Fastly-Cache
Epwk-X-Cache
ServerHost
X-Varnish-Hostname
X-Oracle-DMS-ECID
X-Ha-Backend
X-Via-PopN
X-Html-Minification-Powered-By
X-Ckpd-Fst-Backend
Geoip-Latitude
X-Via-PopV
X-LAGOON
X-Via-PopH
X-SRCache-Key
X-Esi
X-XRDS-LOCATION
X-ServedByHost
Thinkindot-Control
Cloudfront-Viewer-Country
X-Requestid
On-Server
Xkeylog
Xkey-La3
Edge-Cache
X-Proxy-Cache-La3
Pragrma
WWW-Authenticate
WebServer
X-Traceid
CountryCode
X-Ee-Request-Date
X-MSEdge-Flight
X-Amz-Meta-Opti
X-Ee-Origin
X-Cms-Device
AKAMAI
X-Ee-Generated-By
X-Save-Cache
X-MSEdge-Features
X-Sucuri-Id
Warning
X-Vary-Devices
X-Region-Sid
Store-Cloud-Cache
Machine
X-Forwarded-Site
X-Rocket-Build-Number
X-HS-Status
YJS-ID
X-Sigma-Backend
X-PHP-Backend
X-Sigma
Time-Cloud-Cache
X-Ee-Request-Id
X-Lsadc-Cache
Nord-Request-ID
X-VTEX-Cache-Backend-Header-Time
X-Akamai-Transformed
Reporter
X-Serial
X-IAuth-Set-Uid
FSS-Cache
X-Pod
Ms-Author-Via
X-Lb-Nocache
X-VTEX-Cache-Backend-Connect-Time
X-Wp-Cf-Super-Cache-Cache-Control
X-Wp-Cf-Super-Cache
X-Check-Cacheable
Cneonction
Yjs-Id
X-Akamai-ERPolicy
X-Cdn-Request-ID
X-Limited
Magicmarker
X-Akamai-ERRuleID
Cl-Cache
Timeexpire
X-Tncms-Bot-Tier
X-Orig-Cache-Control
X-Dw-Trace-Id
X-Info
X-Elasticpress-Query
X-BBC-Origin-Response-Status
Thinkindot-Cache-Type
X-Td-Header-From-No-Data
X-Ms-Lease-Status
X-Mg-Cache
X-Web-Server
X-Ms-Blob-Type