Threat Level: green Handler on Duty: Jim Clausing

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
X-Frame-Options
Expires
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
CF-Cache-Status
Cf-Request-Id
ETag
Accept-Ranges
Expect-CT
CF-RAY
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
X-XSS-Protection
Alt-Svc
Report-To
NEL
X-Xss-Protection
Referrer-Policy
Access-Control-Allow-Origin
Accept-CH
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
X-Served-By
P3P
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Request-Id
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
CF-Ray
Content-Security-Policy-Report-Only
X-DNS-Prefetch-Control
X-Runtime
X-AspNet-Version
X-Drupal-Cache
Server-Timing
P3p
X-Generator
X-Cache-Status
X-Cacheable
X-Envoy-Upstream-Service-Time
X-FRAME-OPTIONS
Timing-Allow-Origin
Permissions-Policy
X-Iinfo
X-Drupal-Dynamic-Cache
X-Request-ID
X-Ua-Compatible
Feature-Policy
Accept-CH-Lifetime
X-Content-Security-Policy
Access-Control-Expose-Headers
Upgrade
Content-Encoding
Status
X-CDN
Access-Control-Max-Age
Host-Header
Cf-Edge-Cache
X-AspNetMvc-Version
X-Robots-Tag
Request-Context
X-Amz-Request-Id
X-Backend
X-UA-Device
X-Amz-Id-2
X-Hacker
Cf-Apo-Via
X-Age
X-Cache-Group
X-Vhost
X-Proxy-Cache
EagleId
X-Turbo-Charged-By
Keep-Alive
X-Rq
X-Via
X-Dispatcher
X-Server
X-Amz-Version-Id
X-AH-Environment
X-Ws-Request-Id
Xkey
X-Varnish-Cache
X-Litespeed-Cache
X-WebKit-CSP
Grace
X-Server-Powered-By
X-OneAgent-JS-Injection
X-Swift-CacheTime
X-Swift-SaveTime
X-Pingback
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
Ali-Swift-Global-Savetime
Allow
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Page-Speed
X-Cache-Lookup
X-Cloud-Trace-Context
X-Check
X-Dns-Prefetch-Control
X-Device
X-Akam-SW-Version
X-Backend-Server
X-Host
Surrogate-Control
EagleEye-TraceId
X-Response-Time
X-Readtime
Cf-Railgun
X-HW
X-Node
X-Ruxit-JS-Agent
Request-Id
X-Server-Id
X-Country
X-Country-Code
Content-Location
X-Nginx-Cache-Status
Cache-Tag
X-Url
X-Content-Type
X-LiteSpeed-Cache
X-Nginx-Upstream-Cache-Status
Service-Worker-Allowed
Fastly-Restarts
X-Clacks-Overhead
X-Trace
Cross-Origin-Opener-Policy
X-Rack-Cache
X-Application-Context
X-Amz-Server-Side-Encryption
X-Times
X-NWS-LOG-UUID
Surrogate-Key
X-Vname
X-TtlSet
X-PC
Rating
X-Mcache
X-Midtier
X-Edge
X-Server-Name
X-Cache-TTL
X-Middleton-Display
Pagespeed
Display
X-Sol
X-Cnection
X-Powered-By-Plesk
X-Element-Page-Cache
X-Abt-Application-Version
X-Kinja-Server
X-Kinja-Build
X-Kinja-Revision
X-Cdn-Fetch
X-Browser-Type
X-Exp-Id
X-Kinja
X-GoogleNews-Bot
X-Exp-Variant
X-GitHub-Request-Id
X-ESI
Nginx-Cache
X-Vcap-Request-Id
Edge-Control
X-D2id
X-Ac
Verso
X-ORACLE-DMS-RID
X-MS-InvokeApp
X-Ser
X-Server-ID
X-Oneagent-Js-Injection
X-ECACHE
X-Client-IP
X-Amz-Rid
X-Ratelimit-Limit
X-Middleton-Response
Response
X-ASPNET-VERSION
X-Wormhole-Sdk
X-Ratelimit-Remaining
X-FTR-Request-ID
X-CST
X-Goog-Hash
X-Powered-CMS
X-ARC
X-B3-TraceId
X-Navigation-Version
X-Ruxit-Js-Agent
X-Dw-Request-Base-Id
X-Kinsta-Cache
X-Edge-Location-Klb
X-Kraken-Loop-Name
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Instrumentation
X-PDP-UNCACHING-HASH
X-Server-Lifecycle-Phase
X-Upstream
X-Forwarded-For
Origin-Trial
X-Amzn-Trace-Id
SPRequestDuration
X-FastCGI-Cache
SPIisLatency
X-Mod-Pagespeed
X-Cache-Key
X-Content-Digest
Edge-Cache-Tag
RTSS
Cache-Status
Public-Key-Pins
AR-ATIME
AR-SID
AR-PoweredBy
AR-Request-ID
X-Ezoic-Cdn
X-Aspnetmvc-Version
SPRequestGuid
X-SharePointHealthScore
X-Version
X-Ttl
X-Daa-Tunnel
X-ORACLE-DMS-ECID
Pinterest-Generated-By
X-Pinterest-Rid
Pinterest-Version
Realpath
X-Mg-S
X-NF-Request-ID
X-MSEdge-Ref
X-Recruiting
X-T
S
Front-End-Https
X-Shield-Request-Id
Fastcgi-Cache
X-Fastly-Request-ID
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Accel-Expires
X-Distributor
Cross-Origin-Resource-Policy
X-Cached
X-Xrds-Location
AR-CACHE
X-Azure-Ref
X-Nf-Request-Id
Arr-Disable-Session-Affinity
X-TTL
Access-Control-Request-Method
X-Varnish-TTL
X-Request-Processing-Time
X-Correlation-Id
X-Request-Received
Count-Hit
X-HS-Content-Id
Cache-Tags
X-HS-Cache-Config
TP-Cache
X-HS-Hub-Id
X-Id
X-Ua-Browser
X-Debug
X-Cluster-Name
X-Ismobilevalue
X-TraceId
X-NGENIX-Cache
X-LLID
X-Newrelic-App-Data
Server-Node
X-PressLabs-Stats
Akamai-GRN
X-GUploader-UploadID
MicrosoftSharePointTeamServices
X-Content-Security-Policy-Report-Only
X-Frontend
X-Varnish-Backend
X-Hits
X-Protected-By
Accept-Ch
X-VARITI-CCR
X-HS-Combine-CSS
X-Amz-Replication-Status
X-Goog-Metageneration
X-LB-Cache
X-Request-Handler-Origin-Region
X-Microsite
X-Unique-Id
X-Ratelimit-Reset
X-DIS-Request-ID
X-Page-Id
Payment
X-Git-Hash
X-FB-Debug
Cleartype
X-Logged-In
X-Az
X-AppVersion
X-Activity-Id
X-Varnish-Server
X-Hostname
X-Tt-Trace-Host
X-Www-Served-By
Content-Disposition
X-Tt-Trace-Tag
X-Cambria-Cache-Control
X-Jurisdiction
X-HP-Webp
X-HP-Trace-Id
X-Template
Host
X-Amz-Apigw-Id
X-Amzn-RequestId
Filterid
X-Forwarded-Proto
X-Fastcgi-Cache
X-App-Server
X-Geo-Country
Amp-Access-Control-Allow-Source-Origin
Version
X-Varnish-Ttl
X-Aspnet-Version
X-Load-Cache
Accept-Charset
X-Envoy-Decorator-Operation
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Goog-Stored-Content-Length
Frame-Options
X-Source
Trailer
Mrf-Cache-Status
MRF-Tech
X-B3-TraceId-Primal
X-Cache-Age
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
X-Type
X-Ah-Environment
Fastly-SIE
Fastly-SWR
Viewport
Section-Io-Cache
Access-Control-Allow-Method
X-Content-Options
X-Upgrade-Enabled
X-HS-Prerendered
X-Fb-Rlafr
X-TT
Server-Name
X-B
X-Origin-Server
X-Grace
X-B3-Sampled
X-Language
X-FTR-Backend
X-FTR-Balancer
X-Country-Code-Real
X-FTR-Backend-Server
X-FTR-Expires
X-FTR-Cache-Status
X-Device-Type
X-Cache-Control
X-Buckets
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Rid
Retry-After
X-Px
X-Tec-Api-Origin
X-Tec-Api-Root
X-Cdn
X-TEC-API-ROOT
X-Tec-Api-Version
X-TEC-API-ORIGIN
X-TEC-API-VERSION
MS-Author-Via
Content-MD5
X-Magnolia-Registration
X-Mobile
X-Request-Guid
X-Vcl-Version
TCN
X-Trace-Id
X-Varnish-Grace
X-Revision
X-EdgeConnect-Cache-Status
Protected
X-Akamai-Edgescape
Healthy
X-WP-CF-Super-Cache-Active
X-Backend-Name
Cross-Origin-Embedder-Policy-Report-Only
Upgrade-Insecure-Requests
X-Proxy
Charset
X-RM-Cache-TTL
X-App-Environment
X-Debug-Info
X-Instance
SD-X-WS
X-Original-Request-Id
X-Response-Served-From
X-Tumblr-Pixel
X-Is-Bot
X-NYM-Debug-Backend
X-ServerID
X-Tumblr-Pixel-0
X-ProcessESI
X-Tumblr-User
X-Rendered-As
X-Tumblr-Pixel-1
X-RemovedCookies
X-Status
X-Cacheable-TTL
X-CSRF-Token
X-Framework
Access-Control-Request-Headers
Cross-Origin-Window-Policy
X-Adobe-Loc
X-FW-Dynamic
X-Adobe-Content
NGB
X-Cache-Time
X-FW-Version
X-FW-Hash
X-Mg-Request-UUID
X-FW-Type
X-Region
X-Rule
X-UUID
X-Storage
X-FW-Static
X-Node-Name
X-FW-Server
X-FW-Serve
X-Yottaa-Optimizations
MS-CV
Ms-Operation-Id
X-Edge-Location
Refresh
X-Whom
X-Debug-IsPreview
X-Yottaa-Metrics
X-Debug-IsConnected
X-Datadog-Sampled
X-Content-Powered-By
X-Datadog-Parent-Id
X-Datadog-Sampling-Priority
X-RTag
X-Datadog-Trace-Id
X-Proxy-Cache-Info
OT-Force-Account-Verify
X-G
GEO-INFO
X-ECache
X-Environment-Context
X-Lambda-Id
X-L-Path
X-Resp-Is-Stale
Section-Io-Id
Webserver
X-Contextid
X-B3-Traceid
X-Amzn-Remapped-Content-Length
X-Reqid
X-TT-LOGID
X-CCDN-Origin-Time
X-CCDN-CacheTTL
DC
Countrycode
X-Hcs-Proxy-Type
X-Server-W
X-Origin-Cache
X-User-Agent
X-Amz-Meta-S3cmd-Attrs
Paypal-Debug-Id
X-VC
X-HTML-Minification-Powered-By
Alternate-Protocol
X-Real-IP
X-HS-CF-Cache-Status
Cross-Origin-Opener-Policy-Report-Only
X-Time
Front
X-WebKit-CSP-Report-Only
X-DataDome
Priority
X-Seen-By
Ohc-File-Size
WPO-Cache-Message
WPO-Cache-Status
SRV
X-WP-CF-Super-Cache-Cookies-Bypass
X-B3-SpanId
Accept-Ch-Lifetime
X-Hl-Ver
X-Rocket-Nginx-Serving-Static
Liferay-Portal
X-Origin-TTL
Backend
X-Mode
Xet-Cookie
X-Origin-CC
X-IPS-LoggedIn
Onion-Location
X-Akamai-Request-ID2
X-Say-Cacheable
X-SaId
X-Cache-Action
TWC-Privacy
TWC-GeoIP-Country
X-Say-TTL
X-Tumblr-Pixel-2
TWC-GeoIP-LatLong
X-JoinUs
X-Rewrite-Enabled
X-Format
X-RateLimit-Remaining
X-Origin-Hint
TWC-Locale-Group
X-Rn-Rsrv
X-Tumblr-Pixel-3
TWC-Device-Class
X-SayCDN-TTL
ServerID
X-Cache-Host
Webcakes-Region
Webcakes-App-Version
TWC-Connection-Speed
Filters
Meta-Geo
Property-Id
Fastcgi-Useragent
X-FB-TRIP-ID
Webcakes-App-Name
X-UPSTREAM-Address
X-AB
Web-Mar-Node
X-Redis-Cache
Mn-Server-Ip
X-Accel-Version
X-Handled-By
X-Cms-Context
X-Loop
X-DynaTrace
X-Labrador-Cache-Channel
X-Fetched-On
Expiry
X-Cluster-Node
X-Hosted-By
From-Origin
X-Cache-Expired-At
X-IPLB-Instance
Country
DB-Nickname
X-Connection-Hash
X-Director
X-IPLB-Request-ID
X-Detected-As
Uber-Trace-Id
X-Tncms
X-Nginx-Cache
X-VC-Cache
X-Vcache
X-Scope-Id
X-Varnish-Age
X-Soup
X-Cache-Status-Check
X-N
X-Skip-Cache
X-PHP-Host
X-Restarts
X-R9-Blue-Green-Version
X-Ms-Request-Id
X-Origin-Date
X-Tb
Environment
X-Ms-Version
Apigw-Requestid
X-Servername
X-Varnish-Beresp-Grace
Url
X-Adobe-Source
X-Webstats-RespID
X-Web-Node
X-Forwarded-Host
X-Varnish-Cache-Hits
X-BYPASS-REASON
Atl-Traceid
X-ProxyCache-Key
X-Logging-Id
X-ProxyCache-Status
X-Frame-Option
X-Httpd
X-Cluster
X-Served-From
X-Proxy-Build
X-Timing-Wait
Selected-Fe
X-Auth-Group-Type
ServedBy
X-Fastly-Request-Id
X-Zipkin-Id
X-Origin
X-Cloudmap
X-Proxied
X-Routing-Service
X-S
X-Extlb
Surrogated-Key
X-Hit
X-Azure-Ref-OriginShield
Cross-Origin-Embedder-Policy
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Worker
LB
X-SRV
X-LSADC-Cache
X-Cache-Hit
X-Request-URI
Accept-Language
X-Lagoon
X-Sucuri-Cache
X-Generation-Time
X-Drupal-Cache-Tags
Referer-Policy
X-CDN-Forward
N-Cache
X-Drupal-Cache-Contexts
X-Generated-By
X-Cdn-Origin
X-App-Version
X-Sucuri-ID
X-MP-GENERATED-AT
Xserver
CF-IPCountry
CDN-RequestId
Ohc-Cache-HIT
X-Xfnlog-Site
X-Tx-Id
Source
Node
X-TA-CDN-Provider
X-F-Cache
X-AIR-PT
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
Cache
X-Mly-Id
X-VC-TTL
X-Wix-Request-Id
X-Via-SSL
X-Via-Edge
X-Via-CDN
Edge-Copy-Time
X-NODE
X-Cache-Rule
X-Cache-Debug
X-UA
X-RCS-CacheZone
X-INCAP-ABP
Cache-Provider
X-Pad
X-XRDS-Location
X-VCT
X-Site-Version
X-Varnish-Beresp-Ttl
X-Locale
X-ElasticPress-Query
X-GEO
X-Oracle-Dms-Ecid
DCR-Processing-Time-Ms
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Apple-News-Services-Handled
X-GeoIP-Country-Code
X-FC-Vary-Parameters
Wxu-Next-Region
Apple-News-Services-Request-Url
BehaviorPad-Version
X-Geo-Region
X-Gdpr
Cluster
X-GeoCode
Candidate-Md5Url
X-GeoCountry
X-A
DCR-Decision-By
X-A-Ccd
X-A-Wwc
Xc-Version
We-Hiring
X-HN
X-HS-Content-Campaign-Id
X-AB-Test
X-Ig-Push-State
X-Ig-Origin-Region
Locale
X-Bc-Bl
X-A-Dgt
X-A-Dcw
Expect-Staple
X-GeoIP-Region-Code
X-Geolocation
X-BCube-Filmed-By
X-VarnishDD-TTL
X-Vdms-Version
X-Bl-Debug
Fastly-Backend-Name
Redirect-Candidate
Rendered-Blocks
X-Debug-Cache-Store
X-Debug-Cache-Fetch
Wxu-Next-Commit
Producers
PFcat
X-Developer
X-Destination
X-D
X-Csrf-Jwt
X-Cache-Operation
X-Cache-NE
X-Cache-Grace
X-Cached-By
Web-Mar-Region
Sslversion
X-Conf
X-CGP
X-DPWN-IS-SECURE
Origin
Ha-Gx-Prefs
HA-Ipaddr
Host-ID
X-Eu-Site
X-External-Request-Id
Fastly-GeoIP-CountryCode
Fastly-SSL
Fl-Custom-Application
Wxu-Next-Hostname
L5d-Success-Class
Ngx.Var.Host
Odigeo-Trace-Id
X-Ec-Fail
X-Ec-GeoHdr
Meta-Geo-Continent
Lang
Mail-Subject
MD5-Digest
X-Is-Desktop
X-A-Dam
X-Platform-Server
X-PAYTM-SRV-ID
X-Aicache-OS
X-Urbn-Site-Id
X-Urbn-Context-Path
X-Path
X-Origin-Time
X-Org
X-Op-Id-All
X-Backend-Instance
X-Vtex-Remote-Cache
X-Aed
X-Is-Mobile
X-Proxied-Request
X-B-Cookie
X-Slack-Shared-Secret-Outcome
X-Browser-Name
X-Tcp-Rtt
X-Application
X-Slack-Backend
X-Section
X-S-Cookie
X-Rojux
X-ScT
X-SD-PageType
X-NWS-UUID-VERIFY
X-Nyt-Route
X-Proto
X-Is-Tablet
X-Mvc-Supplant-Cachable
X-Jobs
X-Access
X-Is-Supported-Browser
X-Bug-Bounty
X-NGINX-Cache
X-No-Session
X-VServer
X-DefElseHash
Req-Svc-Chain
X-Hnp-Log
X-V-Cache
X-Accel-Expires-Debug
X-Signature
Product
X-DefHash
X-Amz-Meta-Cb-Modifiedtime
NM-Fastcgi-Cache
X-Hash
X-Zen-Fury
X-Loc
X-Scheme
X-Level-Front-Cache
Origin-Agent-Cluster
X-Dispatcher-Server
X-Shield-Cache-Expires
RNT-Machine
X-Ec-Custom-Error
Platform
X-Amz-Storage-Class
X-Clientip
X-CacheTTL
X-App-Name
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
X-Thinkindot-L3
X-Auto-Login
X-Cache-Id
X-B-Cache
X-Cache-Info
V-Age
User-Cache-Control
TDXMobile
X-Cache-Date
X-Date
X-Viewer-Country
Server-Host
X-SB
X-Vmg-Version
X-CUA
X-Via-Fastly
X-Content-Age
X-Human
X-Content-Length
X-Core-Value
RNT-Time
X-Location
Canary
X-Platform
X-Wikidot-Static-Cache
X-GeoIP
X-VTEX-Cache-Time
CDCHOST
X-Varnish-Director
X-Generated-On
X-Gen-Mode
Cdnsip
Cdncip
X-GoCache-CacheStatus
Azure-Version
Azure-SlotName
X-Origin-Expires
X-Mvc-Supplant-OutputCached
X-NMSegId
X-Node-Id
X-NodeID
X-GeoIP-City
X-VG-WebCache
Azure-RegionName
Azure-SiteName
Azure-InstanceId
X-Wikidot-Backend
X-B3-Trace-ID
X-Varnish-CookieINHashed-On
X-Policy
X-Request-Host
X-VTEX-Cache-Server
Gh-Request-Id
X-Req
X-Block-Status
X-Akamai-Device-Characteristics
X-Esi-Check
X-User
X-Litespeed-Tag
L
X-Request-Time
X-Epic-Correlation-Id
Gannett-Cam-Experience-Id
X-AK-Request-ID
X-Fmm-Version
X-Varnish-CookieHashed-On
Content-Style-Type
X-Gamma-Serve
Content-Script-Type
X-Varnish-Remaining-TTL
Debug
X-Micro-Cache
X-Gzip
X-Fastly-Backend
X-Powered-By-VTEX-Cache
X-BBC-Edge-Cache-Status
X-Sorting-Hat-PodId
X-ShopId
X-Shopify-Stage
X-ShardId
X-Ua-Device
Akamai-Mon-Iucid-Del
X-Sorting-Hat-ShopId
X-Alternate-Cache-Key
X-Storefront-Renderer-Rendered
X-TIM-N
X-UA-Device-Type
X-Thanos
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-TH-Server
X-Varnish-Beresp-Status
X-Sn-Servicetimems
XM
Yak-Timeinfo
X-VG-TLSProxy
X-We-Are-Hiring
X-Varnish-Authentication
X-Origin-Response-Time
X-Cache-Aspx
X-Internal-TTL
X-Edge-Server
X-Depends
X-Contensis-Viewer-Groups
X-IsAdmin
X-Men
X-Request-Start
X-Pubstack
X-Pool
X-Cdn-Srv
X-Server-IP
X-Cache-FS-Status
Country-Code
Origin-CC
Tube-Get-Contents
Tube-Got-Eval
Tube-Got-Results
ServerName
NGX
Origin-EX
Release
Req-ID
Cdn-Request-Time
Tube-Return
DSUID
Click-Count-Action-Start
X-Bip
X-Acquia-Purge-Cdn-Unconfigured
W
Cdn-Host
Click-Count-Error
Content-Secure-Policy
X-Via-JSL
Mime-Version
X-Service
X-URL
CDN-RequestPullCode
CDN-RequestCountryCode
User-Agent
CDN-PullZone
X-RID
CDN-CachedAt
CDN-EdgeStorageId
CDN-RequestPullSuccess
CDN-Cache
X-SIPLIST1
X-Irp-Debug
Ssr
X-Vgn-Hpd-Reason
CDN-Uid
X-HOST
Sid
X-Tb-Optimization-Total-Bytes-Saved
IsBot
X-CACHE-GROUP
X-Varnishpool
X-Moov-Xdn-Version
X-LB-NoCache
X-Var-Ttl
X-Moov-Xdn-Caching-Status
X-Old-Content-Length
X-Varnish-Hits
X-Moov-T
N1-Cache
GeoIP-Latitude
Fastly-Drupal-HTML
Pramga
X-Api-Version
X-DC
X-Proxy-Cache-Status
X-ORCA-Accelerator
X-ZONE
X-RequestId
X-Servedbyhost
X-Cs
X-HITS
X-Refresh
CloudFront-Viewer-Country
AMP-Access-Control-Allow-Source-Origin
X-HubSpot-Correlation-Id
X-Action
X-Nc
Esi-Enabled
X-Wa
X-APP
TWC-GeoIP-DMA
TWC-GeoIP-Region
TWC-GeoIP-City
Cache-Hits
X-Thinkindot-L1
X-Cache-VC
Location
X-Upstream-Ht
X-Vercel-Cache
X-Upstream-Ct
X-Vercel-Id
C-Via
X-B3-Spanid
X-Newrelic-Synthetics
X-Cache-Bucket
X-LiteSpeed-Tag
Cdn-Requestid
X-Via-Popv
X-HA-Backend
X-Dc
Server-ID
X-Via-Poph
X-Via-Popn
X-DynaTrace-JS-Agent
X-Webkit-CSP
X-Proxy-CacheRZ
X-CS
X-Parent-Response-Time
X-NewRelic-App-Data
Cache-Key
A
X-B3-Parentspanid
X-LB-ID
XkeyRZ
X-LiteSpeed-Cache-Control
X-Presslabs-Stats
Fastly-Drupal-Html
X-Tt-Logid
X-Zone
X-ApacheServer
X-PERF
HostName
X-Nananana
X-COUNTRY
X-Webkit-Csp
X-Render-Time
WP-Super-Cache
X-Endurance-Cache-Level
X-DataCenter
X-WA-Info
X-Ua
X-Cdn-Forward
X-CACHE-AGE
X-Litespeed-Cache-Control
X-Srv
X-Nitro-Cache
GeoIp-Country-Code
Proxy-Firewall
X-Webkit-Csp-Report-Only
X-Uri
SID
X-API-Version
RewriteTestHook
Uri
RewriteTeamHook
Cache-Contol
TP-L2-Cache
X-Ion-Healthy
X-Fpc
X-Jungle-Id
X-Ion-Hop
Cmstype
Cmsid
My-App
Log-Origin
True-Client-IP
AKAMAI-GRN
True-Client-Ip
True-Client-Country-4JS
Server-Ext
Resin-Trace
X-Datadome
Server-Hostname
X-Up
Sever-Int
X-From
X-Service-Response-Time
X-Optimistic-Header
Sm-Log-Id
X-CLOUD-TRACE-CONTEXT
CacheControlHeader
GeoIP-Country-Code
X-Varnish-Beresp-TTL
X-Ssense-Gql
X-Ssense-Shipping-Surcharge-Enabled
X-Test
X-SERVER-NAME
X-Stale
Cdn
Tcn
Is-Eu
Adler-Geo
X-Datacenter
SEZNAM-JOBS-OFFER
X-Dispatcher-Number
X-FPC
Srv
X-Udemy-Cache-App-Namespace
X-Client-Ip
X-Pass-Why
X-RateLimit-Limit
X-Nginx-Cache-Key
WZWS-RAY
X-Srcache-Fetch-Status
X-Dynatrace-Js-Agent
X-Srcache-Store-Status
Hostname
X-Oracle-Dms-Rid
Lb
X-APP-VERSION
X-Air-Pt
X-Geo-Header
X-Debug-Service
Server-Id
X-Fastly-Cache-Status
T-Server
X-Custom-Header
X-Air-Trace-Id
X-Air-Source
X-Air-Hostname
Origin-Site
X-TX-ID
X-VWS-Id
X-AWS-Id
X-LJ-Flow-ID
X-Varnish-Hostname
X-Lb-Id
X-ND-Cache
NtCoent-Length
X-SRCache-Key
X-Vc
X-Provided-By
Edge-Cache
Cf-Ipcountry
X-App
X-Cache-Server
X-Via-PopV
X-VCL-Version
X-Fastly-Backend-Reqs
X-Ha-Backend
Serverhost
Vc-Max-Age
X-Correlation-ID
X-Via-PopH
X-Akamai-Pragma-Client-IP
X-CMSURLCustom
X-Via-PopN
X-Cache-Ttl
X-WA
Pics-Label
Pragrma
X-Oracle-DMS-ECID
X-Html-Minification-Powered-By
X-NC
ServerHost
X-XRDS-LOCATION
X-Esi
Powered-By
X-Sigma-Backend
Machine
X-Forwarded-Site
S-Rt
X-Rocket-Build-Number
X-Cdn-Cache-Status
Geoip-Latitude
Epwk-X-Cache
YJS-ID
X-Sigma
X-Region-Sid
X-LAGOON
Av-Poweredby
Cache-Tv-Group
X-ServedByHost
Ms-Author-Via
X-Requestid
X-Traceid
X-Cache-TTL-Remaining
Nord-Request-ID
Cloudfront-Viewer-Country
WWW-Authenticate
WebServer
Vix-Hermes-Req-Id
CountryCode
Xkey-La3
X-Ckpd-Fst-Backend
X-Fastly-Cache
MIME-Version
Warning
X-Sucuri-Id
X-HS-Status
X-Lb-Nocache
X-MSEdge-Flight
Xkeylog
X-Proxy-Cache-La3
X-MSEdge-Features
On-Server
X-Akamai-ERPolicy
X-Akamai-ERRuleID
X-Wp-Cf-Super-Cache
Thinkindot-Control
X-Wp-Cf-Super-Cache-Cache-Control
X-Serial
FSS-Cache
X-Check-Cacheable
X-IAuth-Set-Uid
Reporter
DataCenter
X-Cdn-Request-ID
Yjs-Id
X-Tncms-Bot-Tier
X-Elasticpress-Query
X-BBC-Origin-Response-Status
X-Orig-Cache-Control
Cneonction
Timeexpire
X-Dw-Trace-Id
Thinkindot-Cache-Type
X-VTEX-Cache-Backend-Header-Time
X-Lsadc-Cache
X-VTEX-Cache-Backend-Connect-Time
X-Web-Server
X-Td-Header-From-No-Data
X-Mg-Cache