Threat Level: green Handler on Duty: Jim Clausing

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
Accept-Ranges
Expect-CT
CF-RAY
Pragma
X-Powered-By
X-Cache
X-XSS-Protection
Via
Age
Content-Security-Policy
Report-To
Alt-Svc
NEL
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Xss-Protection
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
X-Served-By
P3P
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
CF-Ray
Content-Security-Policy-Report-Only
X-Runtime
X-DNS-Prefetch-Control
X-AspNet-Version
X-Drupal-Cache
X-Generator
Server-Timing
P3p
X-Cache-Status
X-Cacheable
X-Envoy-Upstream-Service-Time
X-Request-ID
X-FRAME-OPTIONS
Timing-Allow-Origin
X-Iinfo
X-Check
X-Drupal-Dynamic-Cache
Permissions-Policy
X-Content-Security-Policy
Access-Control-Expose-Headers
Feature-Policy
Upgrade
Content-Encoding
Status
X-Ua-Compatible
X-CDN
X-AspNetMvc-Version
Access-Control-Max-Age
Host-Header
Cf-Edge-Cache
Accept-CH
X-Robots-Tag
Request-Context
X-Amz-Request-Id
X-Amz-Id-2
X-Backend
X-Hacker
X-Turbo-Charged-By
X-Cache-Group
Keep-Alive
X-Proxy-Cache
Cf-Apo-Via
X-Via
X-Rq
EagleId
Accept-CH-Lifetime
X-Server
X-Age
X-UA-Device
X-Dispatcher
X-Vhost
X-Amz-Version-Id
X-AH-Environment
X-Ws-Request-Id
X-Dns-Prefetch-Control
X-Varnish-Cache
Grace
X-Server-Powered-By
X-Litespeed-Cache
Allow
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Swift-CacheTime
X-Swift-SaveTime
X-Pingback
X-WebKit-CSP
X-Cache-Lookup
X-OneAgent-JS-Injection
Ali-Swift-Global-Savetime
X-Page-Speed
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Device
EagleEye-TraceId
X-Backend-Server
X-Akam-SW-Version
X-Host
X-Response-Time
Surrogate-Control
X-Cloud-Trace-Context
Cf-Railgun
X-Readtime
X-Node
X-Server-Id
X-HW
X-LiteSpeed-Cache
X-Ruxit-JS-Agent
Request-Id
Xkey
X-Country
X-Url
X-Nginx-Cache-Status
X-Application-Context
X-NWS-LOG-UUID
X-Content-Type
Cache-Tag
X-Nginx-Upstream-Cache-Status
Content-Location
X-Clacks-Overhead
Service-Worker-Allowed
X-Trace
X-Amz-Server-Side-Encryption
Fastly-Restarts
Cross-Origin-Opener-Policy
X-Times
X-PC
X-Vname
X-TtlSet
X-Rack-Cache
X-Midtier
X-Mcache
X-Edge
X-Country-Code
Rating
Surrogate-Key
X-Browser-Type
X-Server-Name
X-ESI
Pagespeed
Display
X-Sol
X-Middleton-Display
X-Cache-TTL
X-Abt-Application-Version
X-Cnection
X-Element-Page-Cache
X-Exp-Variant
X-GoogleNews-Bot
X-Cdn-Fetch
X-Exp-Id
X-Kinja-Revision
X-Kinja
X-Kinja-Build
X-Kinja-Server
X-Oneagent-Js-Injection
X-Ser
Edge-Control
X-Powered-By-Plesk
Nginx-Cache
X-GitHub-Request-Id
X-D2id
Verso
X-Ac
X-ARC
X-Dw-Request-Base-Id
X-Vcap-Request-Id
X-Client-IP
Accept-Ch-Lifetime
X-MS-InvokeApp
X-Daa-Tunnel
X-Aspnet-Version
X-ORACLE-DMS-RID
X-Upstream
X-Navigation-Version
X-Amz-Rid
X-ECACHE
X-CST
X-Goog-Hash
X-Powered-CMS
Response
X-Middleton-Response
X-Erf-Bev-Bev-Is-Generated
X-Server-Lifecycle-Phase
X-PDP-UNCACHING-HASH
X-Kraken-Loop-Name
X-Instrumentation
X-Erf-Bev-Bev
X-B3-TraceId
X-Edge-Location-Klb
X-Kinsta-Cache
X-Ttl
AR-ATIME
AR-PoweredBy
AR-Request-ID
AR-SID
X-Ua-Device
X-Cache-Key
X-Amzn-Trace-Id
X-Forwarded-For
X-Ratelimit-Limit
X-NF-Request-ID
RTSS
X-Wormhole-Sdk
X-Mod-Pagespeed
X-Ratelimit-Remaining
X-Server-ID
SPRequestDuration
SPIisLatency
Edge-Cache-Tag
X-FastCGI-Cache
Cache-Status
AR-CACHE
X-Version
X-ORACLE-DMS-ECID
Public-Key-Pins
X-Ruxit-Js-Agent
X-Mg-S
S
Cross-Origin-Resource-Policy
X-Ezoic-Cdn
Realpath
X-Shield-Request-Id
SPRequestGuid
X-SharePointHealthScore
X-T
Fastcgi-Cache
X-MSEdge-Ref
X-Content-Digest
X-Cached
X-Recruiting
Access-Control-Request-Method
X-Accel-Expires
X-Distributor
X-Newrelic-App-Data
TP-Cache
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Correlation-Id
Arr-Disable-Session-Affinity
Front-End-Https
Count-Hit
X-Content-Security-Policy-Report-Only
X-Debug
X-Request-Received
X-Id
Server-Node
X-Request-Processing-Time
X-HS-Content-Id
X-HS-Hub-Id
X-HS-Cache-Config
X-Ua-Browser
X-Fastly-Request-ID
MicrosoftSharePointTeamServices
X-VARITI-CCR
X-LLID
X-HS-Combine-CSS
X-Azure-Ref
X-Frontend
X-PressLabs-Stats
Cache-Tags
X-Varnish-TTL
X-Cluster-Name
X-Ismobilevalue
X-Hits
Payment
X-Varnish-Ttl
Accept-Ch
X-LB-Cache
X-Forwarded-Proto
X-Amz-Replication-Status
X-Varnish-Backend
X-Goog-Metageneration
X-Microsite
X-Request-Handler-Origin-Region
Filterid
X-FB-Debug
X-Git-Hash
Host
X-Unique-Id
X-Protected-By
X-GUploader-UploadID
Cleartype
X-Logged-In
X-Www-Served-By
X-Varnish-Server
X-Activity-Id
Content-Disposition
X-AppVersion
X-Az
X-Ratelimit-Reset
X-App-Server
X-Hostname
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-TTL
X-NGENIX-Cache
X-Amzn-RequestId
X-Webkit-CSP
X-Amz-Apigw-Id
Mrf-Cache-Status
X-B3-TraceId-Primal
MRF-Tech
X-Jurisdiction
X-HP-Webp
X-HP-Trace-Id
X-DIS-Request-ID
X-Geo-Country
Access-Control-Allow-Method
X-Page-Id
Retry-After
X-Origin-Server
X-Nf-Request-Id
X-WP-CF-Super-Cache
X-Load-Cache
X-WP-CF-Super-Cache-Cache-Control
X-ASPNET-VERSION
X-Upgrade-Enabled
Pinterest-Version
Pinterest-Generated-By
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Pinterest-Rid
MS-Author-Via
X-Fastcgi-Cache
Accept-Charset
Origin-Trial
Akamai-GRN
X-Type
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
Section-Io-Cache
X-Ah-Environment
X-Cambria-Cache-Control
X-TT
Content-MD5
X-Fb-Rlafr
Viewport
Fastly-SIE
Fastly-SWR
X-Cache-Control
X-Template
X-B3-Sampled
X-Grace
X-Content-Options
X-B
Amp-Access-Control-Allow-Source-Origin
Version
X-Request-Guid
X-Trace-Id
X-Revision
Frame-Options
TCN
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Amz-Meta-S3cmd-Attrs
X-Origin-Cache
Healthy
X-Cdn
X-Envoy-Decorator-Operation
X-Vcl-Version
X-Xrds-Location
X-Contextid
X-RateLimit-Remaining
X-Magnolia-Registration
X-Device-Type
X-ECache
X-CSRF-Token
X-Source
X-Aspnetmvc-Version
X-WP-CF-Super-Cache-Active
Server-Name
DC
X-Backend-Name
X-Px
X-Cache-Age
X-Proxy
X-Mobile
X-Seen-By
X-Rid
X-Varnish-Grace
X-Tumblr-Pixel
X-Tumblr-User
X-Tumblr-Pixel-1
X-Fastly-Request-Id
X-RemovedCookies
X-ProcessESI
X-Tumblr-Pixel-0
X-Storage
Access-Control-Request-Headers
X-RM-Cache-TTL
X-Environment-Context
X-Rule
X-Status
X-Mg-Request-UUID
X-App-Environment
X-Debug-Info
X-L-Path
X-Akamai-Edgescape
X-Cacheable-TTL
X-Content-Powered-By
SD-X-WS
X-Adobe-Loc
X-Adobe-Content
X-Debug-IsConnected
X-Debug-IsPreview
NGB
X-UUID
X-NYM-Debug-Backend
X-Proxy-Cache-Info
X-FW-Type
X-FW-Version
X-Node-Name
X-Instance
X-ServerID
X-G
X-FW-Server
X-FW-Static
X-FW-Serve
X-FW-Dynamic
X-Framework
X-Region
X-FW-Hash
Cross-Origin-Window-Policy
X-Is-Bot
MS-CV
X-Yottaa-Metrics
X-Yottaa-Optimizations
Paypal-Debug-Id
Ms-Operation-Id
GEO-INFO
X-Datadog-Parent-Id
X-Rendered-As
X-Datadog-Trace-Id
X-Datadog-Sampled
X-Datadog-Sampling-Priority
X-RTag
X-CLOUD-TRACE-CONTEXT
X-Tec-Api-Root
X-Language
X-Tec-Api-Version
X-Tec-Api-Origin
X-User-Agent
X-Buckets
X-HTML-Minification-Powered-By
X-Cache-Time
Countrycode
Front
X-EdgeConnect-Cache-Status
Webserver
Upgrade-Insecure-Requests
X-B3-Traceid
Charset
X-WebKit-CSP-Report-Only
Protected
X-Whom
OT-Force-Account-Verify
X-Lambda-Id
X-IPS-LoggedIn
Trailer
X-N
X-VC
X-Edge-Location
X-Cache-Status-Check
X-Akamai-Request-ID2
X-VHOST
X-AB
Section-Io-Id
Country
Refresh
Priority
X-Time
X-TT-LOGID
X-HS-Prerendered
X-Reqid
X-Amzn-Remapped-Content-Length
X-Hcs-Proxy-Type
X-CCDN-Origin-Time
X-Via-JSL
X-WP-CF-Super-Cache-Cookies-Bypass
X-CCDN-CacheTTL
X-Hl-Ver
Xet-Cookie
Alternate-Protocol
Backend
Liferay-Portal
X-B3-SpanId
VIX-Pulpo-Upstream-Status
Accept-Language
X-Wix-Request-Id
VIX-Pulpo-Node
X-Mode
X-DataDome
Onion-Location
X-Server-W
Filters
X-Origin-Date
X-JoinUs
X-Scope-Id
X-VC-Cache
X-Rn-Rsrv
X-Rewrite-Enabled
X-Tumblr-Pixel-2
X-Cache-Host
X-UPSTREAM-Address
X-Skip-Cache
X-Generated-By
Fastcgi-Useragent
Environment
X-Request-URI
X-Auth-Group-Type
X-Tb
X-Web-Node
X-FB-TRIP-ID
X-Accel-Version
ServerID
X-Frame-Option
From-Origin
Meta-Geo
X-Fetched-On
X-SaId
Uber-Trace-Id
Webcakes-App-Version
Webcakes-App-Name
TWC-Privacy
Webcakes-Region
X-BYPASS-REASON
X-Cluster-Node
X-Cache-Expired-At
X-Cache-Action
TWC-Locale-Group
TWC-GeoIP-LatLong
Expiry
Atl-Traceid
Apigw-Requestid
Property-Id
TWC-Connection-Speed
TWC-GeoIP-Country
TWC-Device-Class
X-Connection-Hash
X-Director
X-Say-TTL
X-Say-Cacheable
X-Restarts
X-SayCDN-TTL
X-Varnish-Age
X-Webstats-RespID
X-Varnish-Cache-Hits
X-Varnish-Beresp-Grace
X-Redis-Cache
X-R9-Blue-Green-Version
X-IPLB-Instance
X-Format
X-XRDS-LOCATION
X-IPLB-Request-ID
X-Logging-Id
X-ProxyCache-Status
X-Origin-Hint
X-Real-IP
X-ProxyCache-Key
X-Nginx-Cache
X-Vcache
X-Served-From
X-Response-Served-From
X-Original-Request-Id
X-Adobe-Source
Web-Mar-Node
Mn-Server-Ip
X-Tncms
X-Soup
X-Cms-Context
LB
X-Handled-By
X-Loop
X-Forwarded-Host
X-Httpd
X-Hosted-By
X-PHP-Host
Selected-Fe
X-Labrador-Cache-Channel
ServedBy
X-Proxy-Build
X-Timing-Wait
SRV
X-Servername
Url
X-Origin
X-Cluster
DB-Nickname
X-Proxied
X-Cloudmap
X-Zipkin-Id
X-S
X-Detected-As
X-Routing-Service
X-Extlb
X-Origin-TTL
Referer-Policy
Cross-Origin-Embedder-Policy-Report-Only
X-Origin-CC
Xserver
N-Cache
CF-IPCountry
X-LSADC-Cache
X-RID
X-Rocket-Nginx-Serving-Static
X-XRDS-Location
X-Hit
X-Xfnlog-Site
X-Webkit-Csp
X-SRV
X-Upstream-Ht
X-Lagoon
X-Upstream-Ct
Cross-Origin-Embedder-Policy
X-Ms-Request-Id
X-NWS-UUID-VERIFY
X-Ms-Version
X-Tumblr-Pixel-3
X-DynaTrace
X-Cache-Debug
X-VCT
X-TraceId
X-Proxy-Cache-Status
X-UA
X-RCS-CacheZone
Source
CDN-RequestId
X-Azure-Ref-OriginShield
Surrogated-Key
WPO-Cache-Status
WPO-Cache-Message
X-Signature
X-Is-Tablet
X-Is-Supported-Browser
X-Browser-Name
X-RateLimit-Limit-Second
X-Tcp-Rtt
X-Worker
X-F-Cache
X-Is-Mobile
X-RateLimit-Remaining-Second
X-Is-Desktop
X-B-Cache
X-Geo-Region
X-No-Session
Locale
X-Urbn-Site-Id
X-Urbn-Context-Path
Node
X-Cdn-Origin
X-Generation-Time
X-Sucuri-Cache
X-RateLimit-Limit
X-NODE
X-ShardId
X-Sorting-Hat-ShopId
X-Storefront-Renderer-Rendered
X-Shopify-Stage
X-Sorting-Hat-PodId
X-ShopId
X-Alternate-Cache-Key
X-FTR-Request-ID
X-Sucuri-ID
X-Tx-Id
X-Drupal-Cache-Tags
X-Locale
X-App-Version
X-Drupal-Cache-Contexts
X-Cdn-Forward
X-Service
TP-L2-Cache
X-Site-Version
X-Optimistic-Header
X-Cache-Rule
X-Cache-Operation
X-Varnish-Remaining-TTL
Rendered-Blocks
X-Debug-Cache-Fetch
X-Varnish-Director
X-Ig-Origin-Region
X-DefHash
Redirect-Candidate
X-MP-GENERATED-AT
X-GeoCode
X-GeoCountry
X-GeoIP
X-Ig-Push-State
X-GeoIP-City
Fastly-Backend-Name
X-Varnish-CookieINHashed-On
X-Proxy-CacheRZ
X-Loc
X-Debug-Cache-Store
Host-ID
X-ElasticPress-Query
X-Cache-NE
X-Jobs
X-DefElseHash
X-INCAP-ABP
A
X-Varnish-CookieHashed-On
Gannett-Cam-Experience-Id
X-A-Dgt
X-Internal-TTL
X-NGINX-Cache
Producers
X-Ec-Fail
MD5-Digest
Mail-Subject
Cdnsip
Cdncip
Meta-Geo-Continent
X-Ec-GeoHdr
Cluster
Lang
X-D
X-Developer
DCR-Processing-Time-Ms
DCR-Decision-By
Content-Secure-Policy
X-DPWN-IS-SECURE
Expect-Staple
X-Epic-Correlation-Id
Azure-SiteName
X-Cache-Info
Azure-SlotName
Azure-RegionName
Azure-InstanceId
X-Conf
X-Contensis-Viewer-Groups
Azure-Version
BehaviorPad-Version
Odigeo-Trace-Id
Ngx.Var.Host
X-FC-Vary-Parameters
Origin-Agent-Cluster
X-Gdpr
Candidate-Md5Url
X-Depends
X-A-Dcw
X-Rojux
X-Request-Time
X-Aicache-OS
XkeyRZ
X-Origin-Time
X-Vdms-Version
X-BCube-Filmed-By
X-Scheme
X-AK-Request-ID
X-Origin-Response-Time
X-Bug-Bounty
X-Path
Thinkindot-CacheControl-Type
X-Mly-Id
X-VG-WebCache
Xc-Version
X-Aed
X-PAYTM-SRV-ID
X-Vmg-Version
X-A-Wwc
We-Hiring
X-Bc-Bl
AMP-Access-Control-Allow-Source-Origin
X-Shield-Cache-Expires
Thinkindot-CacheControl
X-Origin-Expires
X-Platform-Server
X-A-Dam
X-Cache-Aspx
X-A-Ccd
X-Nyt-Route
Sslversion
X-We-Are-Hiring
X-Vtex-Remote-Cache
X-Mvc-Supplant-Cachable
X-Mvc-Supplant-OutputCached
X-Varnish-Authentication
X-Viewer-Country
X-A
X-TIM-N
X-Proto
X-ScT
TDXMobile
X-Amz-Storage-Class
X-Backend-Instance
X-Thinkindot-L3
X-App-Name
X-Org
Cache
X-Varnish-Beresp-Ttl
Ohc-File-Size
NGX
L
Tube-Got-Results
Tube-Return
Tube-Got-Eval
Tube-Get-Contents
X-Bl-Debug
X-Date
X-Akamai-Device-Characteristics
X-Amz-Meta-Cb-Modifiedtime
User-Agent
HA-Ipaddr
L5d-Success-Class
X-Csrf-Jwt
PFcat
X-CacheTTL
X-Auto-Login
Req-Svc-Chain
Release
Wxu-Next-Hostname
Wxu-Next-Region
RNT-Machine
RNT-Time
X-Cache-Bucket
X-Cache-Grace
Server-Host
X-Cached-By
X-Access
X-Accel-Expires-Debug
X-CGP
Product
Origin-CC
Origin-EX
V-Age
Origin
X-Core-Value
X-B3-Trace-ID
X-Content-Age
X-BBC-Edge-Cache-Status
Web-Mar-Region
Wxu-Next-Commit
W
X-Clientip
Platform
X-Acquia-Purge-Cdn-Unconfigured
NM-Fastcgi-Cache
X-Op-Id-All
X-NMSegId
Cross-Origin-Opener-Policy-Report-Only
Ha-Gx-Prefs
X-Node-Id
X-Pad
X-Platform
X-Varnish-Beresp-Status
X-VarnishDD-TTL
X-Micro-Cache
X-HS-Content-Campaign-Id
X-HN
X-VG-TLSProxy
X-Human
X-Level-Front-Cache
X-Varnishpool
X-Location
X-Policy
X-Pool
X-Section
X-SD-PageType
X-SB
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Slack-Shared-Secret-Outcome
X-Slack-Backend
X-Tb-Optimization-Total-Bytes-Saved
X-UA-Device-Type
X-Var-Ttl
X-Powered-By-VTEX-Cache
X-Proxied-Request
X-Pubstack
X-V-Cache
X-Req
X-Sn-Servicetimems
X-Hash
Click-Count-Action-Start
Click-Count-Error
X-Ec-Custom-Error
X-Edge-Server
Cdn-Request-Time
Cdn-Host
X-Eu-Site
Yak-Timeinfo
Content-Script-Type
Fastly-GeoIP-CountryCode
Gh-Request-Id
Esi-Enabled
DSUID
Content-Style-Type
X-Dispatcher-Server
X-Fastly-Backend
X-Wikidot-Static-Cache
X-Wikidot-Backend
Apple-News-Services-Handled
Apple-News-Services-Host
X-Generated-On
X-VTEX-Cache-Time
X-GoCache-CacheStatus
X-VTEX-Cache-Server
X-Via-Fastly
Apple-News-Services-Parsed-Url
Canary
X-Gamma-Serve
Apple-News-Services-Request-Url
Cache-Provider
Cache-Key
X-Fmm-Version
Sid
X-LiteSpeed-Tag
Mime-Version
X-GeoIP-Country-Code
X-GeoIP-Region-Code
X-Gzip
X-Cdn-Srv
X-Gen-Mode
X-Content-Length
X-CUA
XM
X-Esi-Check
X-Hnp-Log
X-Men
X-Request-Start
X-Thanos
X-Bip
X-Server-IP
X-Request-Host
X-Block-Status
X-Cache-Id
X-Cache-FS-Status
X-NodeID
X-SIPLIST1
Ssr
Country-Code
CDN-Uid
X-Api-Version
Fastly-SSL
Pramga
IsBot
CDN-RequestPullSuccess
CDN-RequestPullCode
CDN-Cache
CDCHOST
CDN-CachedAt
CDN-EdgeStorageId
CDN-RequestCountryCode
CDN-PullZone
Req-ID
Debug
ServerName
User-Cache-Control
X-LiteSpeed-Cache-Control
X-Cache-Hit
X-Irp-Debug
X-AB-Test
X-Air-Pt
X-HOST
X-Newrelic-Synthetics
X-LJ-Flow-ID
X-VWS-Id
X-AWS-Id
Akamai-Mon-Iucid-Del
X-Dc
True-Client-Country-4JS
X-Varnish-Hits
X-ORCA-Accelerator
X-CACHE-GROUP
Fl-Custom-Application
X-Cs
X-GEO
X-Provided-By
Server-Ext
Server-Hostname
C-Via
X-RequestId
GeoIP-Latitude
Sever-Int
X-Test
X-TA-CDN-Provider
X-Servedbyhost
X-Nananana
Adler-Geo
X-VServer
Is-Eu
Proxy-Firewall
CloudFront-Viewer-Country
X-B3-Spanid
X-LB-NoCache
X-HITS
Fastly-Drupal-HTML
X-Nginx-Cache-Key
X-B3-Parentspanid
X-Cache-Date
X-DC
X-Via-Edge
X-Via-CDN
Edge-Copy-Time
X-Dispatcher-Number
X-APP
S-Rt
X-Refresh
X-HS-CF-Cache-Status
X-Via-SSL
X-Destination
Cache-Tv-Group
X-B-Cookie
X-Application
X-Via-Popv
X-Geolocation
X-External-Request-Id
X-HA-Backend
X-IsAdmin
X-Tt-Logid
X-Via-Poph
X-Zone
WZWS-RAY
X-S-Cookie
X-Via-Popn
X-Endurance-Cache-Level
Cdn-Requestid
X-Wa
Fastly-Drupal-Html
X-ZONE
X-Nc
X-LB-ID
X-Custom-Header
X-Zen-Fury
T-Server
X-Geo-Header
X-DynaTrace-JS-Agent
X-Pass-Why
Server-ID
HostName
X-ND-Cache
X-User
X-Webkit-Csp-Report-Only
X-Presslabs-Stats
X-Litespeed-Tag
X-Srv
X-CDN-Forward
Cdn
X-COUNTRY
Vc-Max-Age
X-CMSURLCustom
X-Oracle-Dms-Ecid
X-Cache-Server
X-URL
X-CS
GeoIp-Country-Code
X-AIR-PT
X-Parent-Response-Time
X-CACHE-AGE
Ohc-Cache-HIT
X-Fpc
X-HubSpot-Correlation-Id
SID
X-VC-TTL
X-TH-Server
X-DataCenter
Powered-By
X-NewRelic-App-Data
Resin-Trace
X-Moov-T
True-Client-IP
WP-Super-Cache
X-Moov-Xdn-Caching-Status
X-Moov-Xdn-Version
Vix-Hermes-Req-Id
X-Vgn-Hpd-Reason
Uri
X-Varnish-Beresp-TTL
X-Ckpd-Fst-Backend
Srv
X-Fastly-Cache
Pics-Label
X-API-Version
X-APP-VERSION
On-Server
X-Old-Content-Length
SEZNAM-JOBS-OFFER
True-Client-Ip
X-Srcache-Store-Status
X-Srcache-Fetch-Status
ServerHost
Thinkindot-Control
X-SERVER-NAME
Serverhost
AKAMAI
X-PHP-Backend
X-Vercel-Cache
X-FPC
X-Vercel-Id
X-Cache-TTL-Remaining
X-Amz-Meta-Opti
X-Air-Source
GeoIP-Country-Code
X-Air-Hostname
X-Air-Trace-Id
X-Datadome
X-TX-ID
X-Client-Ip
X-Cache-VC
X-Thinkindot-L1
X-Action
Location
X-Dynatrace-Js-Agent
X-Stale
Cl-Cache
Magicmarker
Server-Id
X-Oracle-Dms-Rid
X-Info
Av-Poweredby
Hostname
N1-Cache
X-Debug-Service
X-Cdn-Cache-Status
X-V
X-CDN-Cache-Status
X-NC
X-WA
X-IAuth-Set-Uid
X-Datacenter
X-Vc
Sm-Log-Id
CDN
X-Service-Response-Time
X-VCL-Version
X-FTR-Expires
X-FTR-Cache-Status
X-Geo
X-PERF
X-Udemy-Cache-App-Namespace
X-Save-Cache
X-Rollout
X-Ee-Generated-By
X-Ee-Origin
X-Cms-Device
X-Ee-Request-Id
Time-Cloud-Cache
Store-Cloud-Cache
X-Vary-Devices
X-VTEX-Cache-Backend-Header-Time
X-New
X-VTEX-Cache-Backend-Connect-Time
X-Fastly-Cache-Status
X-Lb-Id
X-Eligible
X-Country-Code-Real
X-Ee-Request-Date
X-ApacheServer
X-FTR-Balancer
X-FTR-Backend
X-FTR-Backend-Server
X-Cache-Ttl
X-Via-PopV
X-Limited
X-Forwarded-Site
Machine
X-WA-Info
X-Ssense-Shipping-Surcharge-Enabled
X-Ssense-Gql
X-Ha-Backend
X-Nitro-Cache
X-App
X-Via-PopH
X-Via-PopN
Xkey-La3
X-Proxy-Cache-La3
X-Render-Time
X-Fastly-Backend-Reqs
X-Region-Sid
Xkeylog
X-Github-Request-Id
X-Oracle-DMS-ECID
Cloudfront-Viewer-Country
X-Litespeed-Cache-Control
X-Uri
X-Resp-Is-Stale
X-Lb-Nocache
Tcn
X-ServedByHost
Server-Info
TWC-GeoIP-City
Cache-Hits
TWC-GeoIP-DMA
X-Container-Uri
TWC-GeoIP-Region
X-LAGOON
X-Git-Commit
X-Ftr-Request-Id
WWW-Authenticate
RewriteTestHook
WebServer
RewriteTeamHook
Cache-Contol
Edge-Cache
Cneonction
X-EC-Lua
X-Ion-Healthy
X-Ua
X-MSEdge-Features
X-MSEdge-Flight
X-Akamai-Pragma-Client-IP
X-Jungle-Id
X-Traceid
X-Ion-Hop
Geoip-Latitude
Log-Origin
X-Correlation-ID
CountryCode
X-Dw-Trace-Id
X-HS-Status
Permission-Policy
Pragrma
X-Varnish-Hostname
Cmstype
X-Guploader-Uploadid
My-App
X-SRCache-Key
Cmsid
Reporter
X-Serial
X-Acquia-Application-UUID
X-Acquia-Purge-Tags
X-Acquia-Site
X-Acquia-Application-Trace
X-Up
X-Cdn-Request-ID
X-Html-Minification-Powered-By
X-Requestid
PICS-Label
X-Check-Cacheable
X-From
X-Akamai-Transformed
X-Pod
FSS-Cache
Cf-Ipcountry
X-Sucuri-Id
CacheControlHeader
X-Elasticpress-Query
X-BBC-Origin-Response-Status
X-Ramcache
X-Platform-Router
X-Web-Server
X-Platform-Processor
X-Platform-Cluster
X-Fastly-Cache-Hits
CF-Cached-On
X-Ms-Blob-Type
X-Ms-Lease-Status
X-Akamai-ERRuleID
NtCoent-Length
X-Akamai-ERPolicy
Warning
X-Tncms-Bot-Tier
Timeexpire
X-Orig-Cache-Control