Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
X-Frame-Options
Expires
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
CF-Cache-Status
Cf-Request-Id
ETag
Accept-Ranges
Expect-CT
CF-RAY
Pragma
X-Powered-By
X-Cache
Via
Age
X-XSS-Protection
Content-Security-Policy
Alt-Svc
Report-To
NEL
Referrer-Policy
X-Xss-Protection
Access-Control-Allow-Origin
Content-Language
Accept-CH
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
X-Served-By
P3P
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
CF-Ray
Content-Security-Policy-Report-Only
X-Runtime
X-DNS-Prefetch-Control
X-AspNet-Version
X-Drupal-Cache
Server-Timing
X-Generator
P3p
X-Cache-Status
X-Cacheable
X-Envoy-Upstream-Service-Time
X-Request-ID
X-FRAME-OPTIONS
Timing-Allow-Origin
X-Iinfo
Permissions-Policy
X-Drupal-Dynamic-Cache
X-Ua-Compatible
Feature-Policy
X-Content-Security-Policy
Access-Control-Expose-Headers
Upgrade
Accept-CH-Lifetime
Content-Encoding
Status
X-CDN
Access-Control-Max-Age
X-AspNetMvc-Version
Host-Header
Cf-Edge-Cache
X-Robots-Tag
Request-Context
X-Amz-Request-Id
X-Backend
X-UA-Device
X-Amz-Id-2
X-Hacker
Cf-Apo-Via
X-Cache-Group
X-Age
X-Vhost
X-Turbo-Charged-By
X-Proxy-Cache
EagleId
Keep-Alive
X-Rq
X-Via
X-Dispatcher
X-Server
X-Amz-Version-Id
X-AH-Environment
X-Ws-Request-Id
X-Litespeed-Cache
X-Varnish-Cache
Xkey
X-WebKit-CSP
Grace
X-Server-Powered-By
X-Swift-SaveTime
X-Swift-CacheTime
X-OneAgent-JS-Injection
X-Check
X-Pingback
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
Ali-Swift-Global-Savetime
Allow
X-Dns-Prefetch-Control
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Page-Speed
X-Cache-Lookup
X-Cloud-Trace-Context
X-Device
X-Akam-SW-Version
X-Backend-Server
Surrogate-Control
X-Host
EagleEye-TraceId
X-Response-Time
X-Readtime
Cf-Railgun
X-HW
X-Node
Request-Id
X-Ruxit-JS-Agent
X-Server-Id
X-Country
X-Country-Code
Content-Location
X-Nginx-Cache-Status
X-Url
Cache-Tag
X-Content-Type
X-LiteSpeed-Cache
X-Nginx-Upstream-Cache-Status
Service-Worker-Allowed
Fastly-Restarts
X-Trace
X-Clacks-Overhead
Cross-Origin-Opener-Policy
X-Rack-Cache
X-Application-Context
X-Amz-Server-Side-Encryption
X-Times
X-NWS-LOG-UUID
X-Vname
X-TtlSet
X-PC
Surrogate-Key
X-Edge
X-Midtier
X-Mcache
Rating
X-Server-Name
X-Cache-TTL
Pagespeed
Display
X-Sol
X-Middleton-Display
X-Cnection
X-Powered-By-Plesk
X-Element-Page-Cache
X-Abt-Application-Version
X-Browser-Type
X-Cdn-Fetch
X-Kinja-Build
X-Kinja-Revision
X-Exp-Variant
X-Kinja
X-Exp-Id
X-GoogleNews-Bot
X-Kinja-Server
X-GitHub-Request-Id
X-ESI
Nginx-Cache
X-Vcap-Request-Id
Edge-Control
X-ECACHE
X-Ruxit-Js-Agent
X-D2id
X-Ac
Verso
X-ORACLE-DMS-RID
X-MS-InvokeApp
X-Server-ID
X-Ser
X-Oneagent-Js-Injection
X-Client-IP
X-Ratelimit-Limit
X-Amz-Rid
X-Middleton-Response
X-Wormhole-Sdk
Response
X-Ratelimit-Remaining
X-CST
X-ARC
X-Goog-Hash
X-Powered-CMS
X-B3-TraceId
X-Dw-Request-Base-Id
X-Navigation-Version
X-Edge-Location-Klb
X-Kinsta-Cache
X-Instrumentation
X-Erf-Bev-Bev
X-Server-Lifecycle-Phase
X-PDP-UNCACHING-HASH
X-Erf-Bev-Bev-Is-Generated
X-Kraken-Loop-Name
X-Upstream
X-Forwarded-For
X-Amzn-Trace-Id
X-FTR-Request-ID
X-FastCGI-Cache
SPIisLatency
SPRequestDuration
Origin-Trial
X-Cache-Key
X-Mod-Pagespeed
RTSS
Edge-Cache-Tag
X-Content-Digest
Cache-Status
Public-Key-Pins
AR-SID
AR-ATIME
AR-Request-ID
AR-PoweredBy
X-Ezoic-Cdn
X-NF-Request-ID
X-Daa-Tunnel
X-Version
X-Ttl
SPRequestGuid
X-SharePointHealthScore
X-Fastly-Request-ID
X-Mg-S
Realpath
Pinterest-Generated-By
X-Pinterest-Rid
Pinterest-Version
X-MSEdge-Ref
X-ORACLE-DMS-ECID
X-Shield-Request-Id
X-T
S
X-Recruiting
Front-End-Https
Fastcgi-Cache
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Accel-Expires
X-Distributor
Cross-Origin-Resource-Policy
X-Cached
AR-CACHE
X-Xrds-Location
X-Azure-Ref
Arr-Disable-Session-Affinity
Access-Control-Request-Method
X-TTL
X-Varnish-TTL
X-Request-Received
X-Request-Processing-Time
TP-Cache
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Cache-Config
X-Id
Count-Hit
X-Correlation-Id
X-Debug
Cache-Tags
X-Ua-Browser
X-Ismobilevalue
X-Cluster-Name
X-LLID
Akamai-GRN
Server-Node
X-Nf-Request-Id
X-NGENIX-Cache
MicrosoftSharePointTeamServices
X-Content-Security-Policy-Report-Only
X-GUploader-UploadID
X-Aspnetmvc-Version
X-TraceId
X-Frontend
X-Newrelic-App-Data
X-Varnish-Backend
X-VARITI-CCR
Accept-Ch
X-HS-Combine-CSS
X-Protected-By
X-Amz-Replication-Status
X-Goog-Metageneration
X-Hits
X-PressLabs-Stats
X-LB-Cache
X-Microsite
X-Request-Handler-Origin-Region
Payment
X-Unique-Id
X-Ratelimit-Reset
X-Page-Id
Cleartype
X-FB-Debug
X-Git-Hash
X-DIS-Request-ID
X-Varnish-Server
X-Logged-In
X-Hostname
X-Www-Served-By
Content-Disposition
X-Activity-Id
X-AppVersion
X-Tt-Trace-Host
X-Az
X-Tt-Trace-Tag
X-HP-Trace-Id
X-Cambria-Cache-Control
X-HP-Webp
X-Jurisdiction
Host
X-Template
X-Amz-Apigw-Id
X-Amzn-RequestId
Filterid
X-Forwarded-Proto
Amp-Access-Control-Allow-Source-Origin
X-App-Server
X-Geo-Country
X-Fastcgi-Cache
X-Varnish-Ttl
Version
X-Aspnet-Version
X-ASPNET-VERSION
X-Load-Cache
Frame-Options
Accept-Charset
Trailer
Mrf-Cache-Status
X-B3-TraceId-Primal
MRF-Tech
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Envoy-Decorator-Operation
X-Type
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
Fastly-SWR
Access-Control-Allow-Method
X-Source
X-Ah-Environment
Fastly-SIE
X-Content-Options
Viewport
X-Upgrade-Enabled
Section-Io-Cache
X-Fb-Rlafr
X-TT
X-HS-Prerendered
X-Origin-Server
X-B3-Sampled
X-Grace
X-B
Server-Name
X-Cache-Control
X-Cache-Age
X-Language
X-Device-Type
X-SRCache-Fetch-Status
Retry-After
X-SRCache-Store-Status
X-Rid
X-Buckets
MS-Author-Via
X-TEC-API-ORIGIN
X-Cdn
X-Tec-Api-Origin
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Tec-Api-Version
X-Tec-Api-Root
Content-MD5
X-Magnolia-Registration
X-Px
X-Mobile
X-Request-Guid
X-Vcl-Version
X-Country-Code-Real
X-FTR-Backend
X-FTR-Backend-Server
X-FTR-Cache-Status
X-FTR-Balancer
X-FTR-Expires
X-EdgeConnect-Cache-Status
TCN
X-Trace-Id
X-Revision
X-Akamai-Edgescape
X-Varnish-Grace
Accept-Ch-Lifetime
Healthy
Protected
X-WP-CF-Super-Cache-Active
X-Backend-Name
Charset
Cross-Origin-Embedder-Policy-Report-Only
Upgrade-Insecure-Requests
X-Proxy
X-App-Environment
SD-X-WS
X-RM-Cache-TTL
X-Instance
X-Response-Served-From
X-Debug-Info
X-Original-Request-Id
X-Tumblr-User
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
X-CSRF-Token
X-Is-Bot
X-RemovedCookies
X-NYM-Debug-Backend
X-Rule
X-Rendered-As
X-ServerID
X-Tumblr-Pixel
X-ProcessESI
X-Status
X-FW-Server
X-FW-Serve
X-Framework
NGB
X-Region
X-Storage
X-FW-Dynamic
X-FW-Hash
X-FW-Static
Access-Control-Request-Headers
X-Cache-Time
Cross-Origin-Window-Policy
X-Adobe-Content
X-Adobe-Loc
X-Cacheable-TTL
X-UUID
X-FW-Type
X-Mg-Request-UUID
X-FW-Version
GEO-INFO
X-Edge-Location
X-Datadog-Sampling-Priority
X-Datadog-Sampled
X-Datadog-Parent-Id
X-Content-Powered-By
X-Proxy-Cache-Info
X-Datadog-Trace-Id
Refresh
X-Debug-IsPreview
X-Yottaa-Metrics
X-Debug-IsConnected
X-Whom
X-Yottaa-Optimizations
X-Node-Name
X-L-Path
X-G
X-Environment-Context
Ms-Operation-Id
MS-CV
X-RTag
OT-Force-Account-Verify
X-Lambda-Id
X-Contextid
Section-Io-Id
Webserver
X-B3-Traceid
X-Amzn-Remapped-Content-Length
X-Reqid
Countrycode
X-Amz-Meta-S3cmd-Attrs
DC
X-Resp-Is-Stale
X-Origin-Cache
X-User-Agent
X-CCDN-Origin-Time
X-Hcs-Proxy-Type
X-CCDN-CacheTTL
Paypal-Debug-Id
X-HTML-Minification-Powered-By
X-Server-W
X-ECache
X-TT-LOGID
X-WebKit-CSP-Report-Only
Alternate-Protocol
Front
X-Seen-By
X-Real-IP
SRV
Priority
X-VC
X-B3-SpanId
X-Time
X-DataDome
Cross-Origin-Opener-Policy-Report-Only
WPO-Cache-Message
X-WP-CF-Super-Cache-Cookies-Bypass
WPO-Cache-Status
Xet-Cookie
Liferay-Portal
X-Rocket-Nginx-Serving-Static
Ohc-File-Size
X-Origin-TTL
X-Origin-CC
X-HS-CF-Cache-Status
X-Hl-Ver
X-IPS-LoggedIn
Backend
X-Mode
X-Akamai-Request-ID2
X-AB
X-DynaTrace
Onion-Location
Filters
Meta-Geo
X-SayCDN-TTL
X-Origin-Hint
X-Redis-Cache
X-Tumblr-Pixel-2
X-RateLimit-Remaining
TWC-Locale-Group
X-UPSTREAM-Address
TWC-GeoIP-LatLong
Fastcgi-Useragent
X-JoinUs
X-Rn-Rsrv
Webcakes-Region
X-Cache-Status-Check
X-Cache-Action
TWC-Connection-Speed
X-Cache-Host
Webcakes-App-Version
Webcakes-App-Name
Environment
TWC-Device-Class
TWC-Privacy
Country
ServerID
TWC-GeoIP-Country
X-Say-TTL
Web-Mar-Node
X-SaId
X-Rewrite-Enabled
X-N
Property-Id
X-FB-TRIP-ID
X-Format
X-Say-Cacheable
DB-Nickname
Mn-Server-Ip
Expiry
X-Accel-Version
X-Hosted-By
X-Vcache
X-Origin-Date
X-VC-Cache
X-Tncms
X-Varnish-Age
X-Tumblr-Pixel-3
X-IPLB-Instance
X-Loop
X-Labrador-Cache-Channel
X-Ms-Request-Id
X-IPLB-Request-ID
X-Ms-Version
X-Soup
X-Skip-Cache
X-Connection-Hash
X-Detected-As
X-Cms-Context
X-Cluster-Node
X-Cache-Expired-At
X-Director
X-Fetched-On
X-PHP-Host
X-Scope-Id
X-R9-Blue-Green-Version
X-Restarts
X-Handled-By
Uber-Trace-Id
From-Origin
X-Nginx-Cache
X-Tb
X-Forwarded-Host
X-Frame-Option
X-Httpd
X-Adobe-Source
Atl-Traceid
Apigw-Requestid
Url
X-BYPASS-REASON
X-Logging-Id
X-Webstats-RespID
X-Varnish-Beresp-Grace
X-Servername
X-Varnish-Cache-Hits
X-ProxyCache-Status
X-Web-Node
X-ProxyCache-Key
Selected-Fe
X-Timing-Wait
X-Auth-Group-Type
X-Proxy-Build
X-Served-From
ServedBy
X-Cluster
X-Routing-Service
X-Extlb
X-Origin
X-S
X-Zipkin-Id
X-Proxied
X-Cloudmap
X-Hit
Cross-Origin-Embedder-Policy
Surrogated-Key
X-Azure-Ref-OriginShield
X-SRV
X-Worker
X-Request-URI
X-LSADC-Cache
X-RateLimit-Limit-Second
Accept-Language
X-RateLimit-Remaining-Second
LB
Referer-Policy
X-Lagoon
X-HOST
X-Cache-Hit
N-Cache
X-Sucuri-Cache
X-CDN-Forward
X-App-Version
X-Generation-Time
X-Generated-By
X-Drupal-Cache-Tags
X-Fastly-Request-Id
X-Drupal-Cache-Contexts
X-Cdn-Origin
Xserver
X-Sucuri-ID
X-MP-GENERATED-AT
CF-IPCountry
X-Oracle-Dms-Ecid
X-Xfnlog-Site
X-XRDS-Location
X-Tx-Id
X-TA-CDN-Provider
VIX-Pulpo-Upstream-Status
Source
VIX-Pulpo-Node
X-F-Cache
X-Wix-Request-Id
Node
CDN-RequestId
Ohc-Cache-HIT
X-Cache-Debug
X-Mly-Id
Cache
Edge-Copy-Time
X-Cache-Rule
X-Via-SSL
X-Via-CDN
X-RCS-CacheZone
X-Via-Edge
X-NODE
X-Varnish-Beresp-Ttl
X-VC-TTL
X-NWS-UUID-VERIFY
X-INCAP-ABP
X-AIR-PT
X-VCT
Cache-Provider
X-Pad
X-Site-Version
X-UA
X-Urbn-Site-Id
X-Urbn-Context-Path
X-Geo-Region
X-Is-Desktop
Locale
X-Browser-Name
X-Tcp-Rtt
X-Is-Mobile
X-Locale
X-ElasticPress-Query
X-Is-Supported-Browser
X-Is-Tablet
Sslversion
Expect-Staple
Candidate-Md5Url
DCR-Processing-Time-Ms
DCR-Decision-By
W
Cluster
Apple-News-Services-Host
We-Hiring
Web-Mar-Region
BehaviorPad-Version
Fl-Custom-Application
L5d-Success-Class
Origin
Host-ID
Apple-News-Services-Request-Url
Lang
Odigeo-Trace-Id
MD5-Digest
Ngx.Var.Host
Mail-Subject
HA-Ipaddr
PFcat
Fastly-GeoIP-CountryCode
Apple-News-Services-Parsed-Url
Rendered-Blocks
Redirect-Candidate
Fastly-SSL
Ha-Gx-Prefs
Producers
Meta-Geo-Continent
Fastly-Backend-Name
X-Bl-Debug
X-Jobs
X-Ig-Push-State
X-Ig-Origin-Region
X-Mvc-Supplant-Cachable
X-Nyt-Route
X-Org
X-Op-Id-All
X-HS-Content-Campaign-Id
X-HN
X-GeoCode
X-Gdpr
X-FC-Vary-Parameters
X-GeoCountry
X-GeoIP-Country-Code
X-Geolocation
X-GeoIP-Region-Code
X-Origin-Time
X-Path
X-Slack-Shared-Secret-Outcome
X-Slack-Backend
X-Section
X-VarnishDD-TTL
X-Vdms-Version
Xc-Version
X-Vtex-Remote-Cache
X-SD-PageType
X-ScT
X-Platform-Server
X-PAYTM-SRV-ID
X-Proto
X-Proxied-Request
X-S-Cookie
X-Rojux
X-External-Request-Id
X-Eu-Site
X-Application
X-Aicache-OS
X-Aed
X-B-Cookie
X-Backend-Instance
X-BCube-Filmed-By
X-Bc-Bl
X-Access
X-AB-Test
X-A-Ccd
Wxu-Next-Region
Wxu-Next-Hostname
X-A-Dam
X-A-Dcw
X-A-Wwc
X-A-Dgt
Apple-News-Services-Handled
X-Bug-Bounty
X-Destination
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-Developer
X-DPWN-IS-SECURE
X-Ec-GeoHdr
X-Ec-Fail
X-D
X-Csrf-Jwt
X-Cache-Info
X-Cache-Grace
X-Cache-NE
X-Cache-Operation
X-Conf
X-CGP
Wxu-Next-Commit
X-A
X-Litespeed-Tag
X-No-Session
X-GEO
X-NGINX-Cache
X-B-Cache
X-Signature
X-Powered-By-VTEX-Cache
Req-Svc-Chain
X-Policy
X-Varnish-Director
X-Platform
RNT-Machine
L
X-Varnish-CookieHashed-On
Server-Host
X-Varnish-CookieINHashed-On
RNT-Time
Product
X-CacheTTL
X-VG-WebCache
X-NodeID
X-Via-Fastly
NM-Fastcgi-Cache
X-Content-Length
Origin-Agent-Cluster
X-Clientip
X-Core-Value
Platform
X-Viewer-Country
X-Origin-Expires
X-Varnish-Remaining-TTL
X-User
X-Amz-Storage-Class
X-Request-Time
User-Cache-Control
X-App-Name
X-Request-Host
X-Amz-Meta-Cb-Modifiedtime
X-Akamai-Device-Characteristics
X-Accel-Expires-Debug
X-Shield-Cache-Expires
X-Scheme
X-SB
X-AK-Request-ID
X-Auto-Login
X-GeoIP
X-TIM-N
TDXMobile
X-Block-Status
X-Node-Id
X-Cache-Date
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
X-Req
X-B3-Trace-ID
X-BBC-Edge-Cache-Status
X-Thinkindot-L3
X-Cache-Id
X-Content-Age
Cdncip
X-Vmg-Version
Azure-InstanceId
Azure-RegionName
X-Irp-Debug
Cdnsip
X-Ec-Custom-Error
Content-Secure-Policy
Azure-Version
Content-Script-Type
X-Cached-By
X-Level-Front-Cache
Azure-SiteName
X-Via-JSL
X-Hash
CDCHOST
Canary
X-Fmm-Version
X-Gzip
X-Fastly-Backend
X-Hnp-Log
X-Epic-Correlation-Id
X-Esi-Check
X-Human
Azure-SlotName
X-Dispatcher-Server
Content-Style-Type
X-NMSegId
Gh-Request-Id
X-Mvc-Supplant-OutputCached
Gannett-Cam-Experience-Id
X-Date
X-VTEX-Cache-Time
X-Generated-On
X-VServer
X-CUA
X-VTEX-Cache-Server
X-GeoIP-City
X-Micro-Cache
X-Gen-Mode
Debug
X-Zen-Fury
X-DefHash
X-Location
X-DefElseHash
X-Loc
X-Ua-Device
Akamai-Mon-Iucid-Del
Mime-Version
X-COUNTRY
X-Request-Start
X-Alternate-Cache-Key
X-Gamma-Serve
X-Acquia-Purge-Cdn-Unconfigured
X-GoCache-CacheStatus
X-HITS
X-Origin-Response-Time
X-Depends
X-Cdn-Srv
X-Men
X-Server-IP
X-Contensis-Viewer-Groups
X-Pool
X-Cache-FS-Status
X-Internal-TTL
X-Bip
X-IsAdmin
X-Edge-Server
X-Cache-Aspx
X-Pubstack
Tube-Got-Results
X-Thanos
X-UA-Device-Type
Ssr
X-ShardId
X-VG-TLSProxy
Tube-Get-Contents
Cdn-Request-Time
Country-Code
Origin-CC
X-V-Cache
X-Varnish-Beresp-Status
Req-ID
Click-Count-Action-Start
X-Varnish-Authentication
ServerName
Click-Count-Error
Origin-EX
Tube-Got-Eval
Tube-Return
X-Wikidot-Static-Cache
DSUID
X-Sn-Servicetimems
X-Wikidot-Backend
X-Shopify-Stage
X-We-Are-Hiring
X-ShopId
XM
Cdn-Host
V-Age
User-Agent
NGX
X-Storefront-Renderer-Rendered
X-Sorting-Hat-ShopId
Yak-Timeinfo
X-Sorting-Hat-PodId
Release
X-Presslabs-Stats
X-Service
X-URL
CDN-PullZone
X-SVT-ORM-RULES
CDN-EdgeStorageId
IsBot
CDN-Cache
X-SIPLIST1
X-SVT-ORM-VERSION
CDN-CachedAt
CDN-RequestCountryCode
X-Varnishpool
X-LB-NoCache
CDN-Uid
CDN-RequestPullSuccess
X-Var-Ttl
X-Tb-Optimization-Total-Bytes-Saved
CDN-RequestPullCode
X-RID
Fastly-Drupal-HTML
X-CACHE-GROUP
Pramga
X-TH-Server
X-Vgn-Hpd-Reason
X-Varnish-Hits
X-DC
Sid
X-Proxy-Cache-Status
X-Moov-Xdn-Caching-Status
X-Old-Content-Length
X-Moov-Xdn-Version
X-Moov-T
X-NewRelic-App-Data
X-ORCA-Accelerator
GeoIP-Latitude
X-HubSpot-Correlation-Id
X-Servedbyhost
X-RequestId
X-Cs
X-Refresh
Esi-Enabled
CloudFront-Viewer-Country
X-Upstream-Ht
X-Upstream-Ct
N1-Cache
Cdn-Requestid
X-Wa
X-Nc
X-Api-Version
X-ZONE
X-Action
X-Via-Poph
X-APP
X-Via-Popn
X-Via-Popv
X-HA-Backend
C-Via
Server-ID
X-Cache-Bucket
X-Tt-Logid
X-LiteSpeed-Cache-Control
X-Newrelic-Synthetics
Cache-Hits
X-Thinkindot-L1
X-LiteSpeed-Tag
X-Vercel-Id
X-Cache-VC
X-CACHE-AGE
X-Vercel-Cache
Location
TWC-GeoIP-Region
X-Proxy-CacheRZ
Cache-Key
A
TWC-GeoIP-DMA
TWC-GeoIP-City
XkeyRZ
X-Webkit-CSP
X-Zone
X-B3-Parentspanid
X-Parent-Response-Time
AMP-Access-Control-Allow-Source-Origin
X-Nananana
X-LB-ID
X-CS
X-B3-Spanid
X-DynaTrace-JS-Agent
X-Dc
HostName
X-Webkit-Csp
X-PERF
X-Ua
Proxy-Firewall
WP-Super-Cache
Fastly-Drupal-Html
X-Endurance-Cache-Level
X-ApacheServer
SID
X-Webkit-Csp-Report-Only
X-Srv
GeoIp-Country-Code
X-Cdn-Forward
X-Render-Time
X-WA-Info
X-Fpc
X-DataCenter
X-API-Version
X-Litespeed-Cache-Control
X-Nitro-Cache
X-Uri
Uri
Server-Ext
Sever-Int
True-Client-Country-4JS
True-Client-IP
Cache-Contol
RewriteTestHook
RewriteTeamHook
X-Optimistic-Header
X-Ion-Hop
X-Ion-Healthy
X-Jungle-Id
Server-Hostname
TP-L2-Cache
My-App
Cmstype
X-Test
True-Client-Ip
Cmsid
Resin-Trace
X-Datadome
Log-Origin
Sm-Log-Id
X-Service-Response-Time
Cdn
Adler-Geo
X-Up
X-From
SEZNAM-JOBS-OFFER
X-Ssense-Shipping-Surcharge-Enabled
X-CLOUD-TRACE-CONTEXT
X-Dispatcher-Number
Is-Eu
X-Ssense-Gql
X-Datacenter
GeoIP-Country-Code
X-SERVER-NAME
CacheControlHeader
Tcn
WZWS-RAY
X-Nginx-Cache-Key
X-Dynatrace-Js-Agent
X-Varnish-Beresp-TTL
X-Pass-Why
X-Client-Ip
X-Udemy-Cache-App-Namespace
X-RateLimit-Limit
X-Stale
X-Air-Pt
X-FPC
X-Srcache-Fetch-Status
X-Srcache-Store-Status
X-AWS-Id
X-Oracle-Dms-Rid
Hostname
X-LJ-Flow-ID
X-Geo-Header
Srv
X-APP-VERSION
X-Custom-Header
Lb
X-VWS-Id
T-Server
X-Vc
X-Provided-By
X-Fastly-Cache-Status
X-Debug-Service
X-ND-Cache
X-TX-ID
X-App
X-Air-Source
Origin-Site
X-Air-Hostname
X-Cache-Server
Vc-Max-Age
Serverhost
X-CMSURLCustom
X-Air-Trace-Id
X-Lb-Id
Server-Id
X-Fastly-Backend-Reqs
X-Akamai-Pragma-Client-IP
X-Correlation-ID
X-VCL-Version
Cf-Ipcountry
X-Varnish-Hostname
AKAMAI-GRN
Pics-Label
X-SRCache-Key
X-Cache-Ttl
S-Rt
X-Via-PopV
Powered-By
X-Oracle-DMS-ECID
X-Via-PopN
ServerHost
X-Cdn-Cache-Status
Av-Poweredby
X-NC
X-Via-PopH
X-WA
NtCoent-Length
X-Html-Minification-Powered-By
X-Ha-Backend
Edge-Cache
X-Esi
X-XRDS-LOCATION
Cache-Tv-Group
X-Cache-TTL-Remaining
Pragrma
Epwk-X-Cache
Vix-Hermes-Req-Id
Geoip-Latitude
X-LAGOON
WebServer
X-Requestid
X-Region-Sid
X-Rocket-Build-Number
X-Sigma
X-Sigma-Backend
X-Forwarded-Site
Machine
Cloudfront-Viewer-Country
X-ServedByHost
YJS-ID
X-Fastly-Cache
X-Ckpd-Fst-Backend
Xkey-La3
X-Traceid
WWW-Authenticate
Xkeylog
X-Proxy-Cache-La3
Ms-Author-Via
CountryCode
On-Server
Warning
X-MSEdge-Flight
X-HS-Status
X-MSEdge-Features
X-Sucuri-Id
Nord-Request-ID
Thinkindot-Control
X-Akamai-ERPolicy
X-Wp-Cf-Super-Cache
X-Wp-Cf-Super-Cache-Cache-Control
Reporter
X-Akamai-ERRuleID
X-Check-Cacheable
X-Lb-Nocache
X-IAuth-Set-Uid
FSS-Cache
X-Serial
MIME-Version
X-Lsadc-Cache
X-Mg-Cache
X-Snapshot-Date
Yjs-Id
Store-Cloud-Cache
Time-Cloud-Cache
X-Cdn-Request-ID
X-Vary-Devices
X-Akamai-Transformed
X-Save-Cache
Datacenter
Thinkindot-Cache-Type
X-Ee-Request-Id
X-Elasticpress-Query
X-PHP-Backend
X-Ee-Request-Date
X-Ee-Origin
X-Orig-Cache-Control
X-Cms-Device
X-Ee-Generated-By
X-BBC-Origin-Response-Status
Timeexpire
X-VTEX-Cache-Backend-Connect-Time
X-VTEX-Cache-Backend-Header-Time
X-Tncms-Bot-Tier
X-Web-Server
X-Td-Header-From-No-Data
AKAMAI
X-Dw-Trace-Id
Cneonction
X-Amz-Meta-Opti