Threat Level: green Handler on Duty: Jim Clausing

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
X-Frame-Options
Expires
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
Accept-Ranges
Expect-CT
CF-RAY
Pragma
X-Powered-By
X-Cache
Via
Age
X-XSS-Protection
Content-Security-Policy
Report-To
Alt-Svc
NEL
Referrer-Policy
Access-Control-Allow-Origin
X-Xss-Protection
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
X-Served-By
P3P
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Request-Id
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
CF-Ray
Content-Security-Policy-Report-Only
X-Runtime
X-DNS-Prefetch-Control
X-AspNet-Version
X-Drupal-Cache
P3p
X-Generator
Server-Timing
X-Cache-Status
X-Request-ID
X-Cacheable
X-Envoy-Upstream-Service-Time
Timing-Allow-Origin
X-FRAME-OPTIONS
X-Iinfo
X-Drupal-Dynamic-Cache
Permissions-Policy
X-Check
X-Content-Security-Policy
Access-Control-Expose-Headers
Feature-Policy
Upgrade
Content-Encoding
Status
X-CDN
X-Ua-Compatible
X-AspNetMvc-Version
Access-Control-Max-Age
Host-Header
Cf-Edge-Cache
X-Robots-Tag
Request-Context
X-Amz-Request-Id
X-Amz-Id-2
X-Backend
X-Hacker
Accept-CH
X-Turbo-Charged-By
X-Cache-Group
Cf-Apo-Via
X-Proxy-Cache
Keep-Alive
X-Via
X-Rq
X-Age
X-Server
EagleId
X-Dispatcher
X-UA-Device
X-Vhost
X-Amz-Version-Id
X-AH-Environment
X-Dns-Prefetch-Control
Accept-CH-Lifetime
X-Ws-Request-Id
X-Varnish-Cache
Grace
X-Server-Powered-By
X-Litespeed-Cache
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
Allow
X-Pingback
X-Swift-SaveTime
X-Swift-CacheTime
X-WebKit-CSP
X-Cache-Lookup
Ali-Swift-Global-Savetime
X-OneAgent-JS-Injection
X-Page-Speed
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Device
X-Backend-Server
EagleEye-TraceId
X-Cloud-Trace-Context
X-Akam-SW-Version
X-Host
X-Response-Time
Surrogate-Control
Cf-Railgun
X-Readtime
X-LiteSpeed-Cache
X-Server-Id
X-Node
Xkey
X-HW
X-Ruxit-JS-Agent
Request-Id
X-Nginx-Cache-Status
X-Country
X-Url
X-NWS-LOG-UUID
X-Content-Type
X-Application-Context
Cache-Tag
Content-Location
X-Nginx-Upstream-Cache-Status
X-Clacks-Overhead
Service-Worker-Allowed
X-Trace
X-Amz-Server-Side-Encryption
Fastly-Restarts
Cross-Origin-Opener-Policy
X-Times
X-Rack-Cache
X-Country-Code
X-TtlSet
X-PC
X-Vname
X-Midtier
X-Mcache
X-Edge
Rating
X-Oneagent-Js-Injection
Surrogate-Key
X-Server-Name
X-Browser-Type
X-Sol
Display
Pagespeed
X-Middleton-Display
X-Cache-TTL
X-Cnection
X-Element-Page-Cache
X-Abt-Application-Version
X-Kinja-Build
X-Exp-Id
X-GoogleNews-Bot
X-Exp-Variant
X-Kinja-Revision
X-Kinja-Server
X-Cdn-Fetch
X-Kinja
X-ESI
Nginx-Cache
X-Ser
X-GitHub-Request-Id
X-Powered-By-Plesk
Edge-Control
X-D2id
Verso
X-Ac
X-Vcap-Request-Id
X-Dw-Request-Base-Id
X-ARC
X-ECACHE
X-Client-IP
X-MS-InvokeApp
X-ORACLE-DMS-RID
Accept-Ch-Lifetime
X-B3-TraceId
X-Daa-Tunnel
X-CST
X-Amz-Rid
X-Navigation-Version
X-Middleton-Response
Response
X-Goog-Hash
X-Aspnet-Version
X-Powered-CMS
X-Upstream
X-Server-Lifecycle-Phase
X-PDP-UNCACHING-HASH
X-Kraken-Loop-Name
X-Instrumentation
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Kinsta-Cache
X-Edge-Location-Klb
X-Ttl
X-Amzn-Trace-Id
X-NF-Request-ID
X-Forwarded-For
AR-Request-ID
AR-SID
AR-ATIME
X-Cache-Key
AR-PoweredBy
X-Ratelimit-Limit
X-Ua-Device
X-Wormhole-Sdk
RTSS
X-Ruxit-Js-Agent
X-Mod-Pagespeed
SPRequestDuration
SPIisLatency
Edge-Cache-Tag
Cache-Status
X-Ratelimit-Remaining
X-FastCGI-Cache
X-ORACLE-DMS-ECID
X-Server-ID
X-Version
Public-Key-Pins
X-Mg-S
AR-CACHE
X-Ezoic-Cdn
Cross-Origin-Resource-Policy
S
Realpath
X-Content-Digest
X-SharePointHealthScore
SPRequestGuid
X-MSEdge-Ref
X-Shield-Request-Id
Fastcgi-Cache
X-T
X-Cached
X-Recruiting
X-Varnish-TTL
X-Accel-Expires
Accept-Ch
X-Distributor
Access-Control-Request-Method
Front-End-Https
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
TP-Cache
X-Fastly-Request-ID
X-Correlation-Id
Arr-Disable-Session-Affinity
Count-Hit
X-Debug
MicrosoftSharePointTeamServices
X-Request-Received
X-Request-Processing-Time
X-HS-Content-Id
X-HS-Hub-Id
X-Id
X-Newrelic-App-Data
X-HS-Cache-Config
Server-Node
X-Ua-Browser
X-Content-Security-Policy-Report-Only
X-Azure-Ref
X-LLID
X-VARITI-CCR
X-HS-Combine-CSS
X-Frontend
X-PressLabs-Stats
X-Cluster-Name
Cache-Tags
X-Ismobilevalue
Payment
X-Amz-Replication-Status
X-GUploader-UploadID
X-LB-Cache
X-Hits
X-Varnish-Backend
X-Forwarded-Proto
X-Goog-Metageneration
X-Request-Handler-Origin-Region
X-Protected-By
X-Microsite
Host
X-Git-Hash
X-FB-Debug
X-Logged-In
X-Unique-Id
Cleartype
Filterid
X-Activity-Id
X-AppVersion
Content-Disposition
X-Www-Served-By
X-TTL
X-Az
X-Varnish-Server
X-Ratelimit-Reset
X-Tt-Trace-Tag
X-Tt-Trace-Host
Origin-Trial
X-App-Server
X-Hostname
X-NGENIX-Cache
X-Amz-Apigw-Id
X-Pinterest-Rid
X-Amzn-RequestId
Pinterest-Version
Pinterest-Generated-By
X-DIS-Request-ID
X-HP-Trace-Id
X-Jurisdiction
X-HP-Webp
X-Page-Id
MRF-Tech
X-B3-TraceId-Primal
X-Geo-Country
Mrf-Cache-Status
X-Fastcgi-Cache
Access-Control-Allow-Method
X-Varnish-Ttl
X-Origin-Server
Retry-After
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Load-Cache
X-WP-CF-Super-Cache
Akamai-GRN
X-WP-CF-Super-Cache-Cache-Control
X-Cambria-Cache-Control
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Nf-Request-Id
X-Goog-Generation
X-Upgrade-Enabled
X-Template
MS-Author-Via
Accept-Charset
Fastly-SIE
X-Xrds-Location
X-ASPNET-VERSION
Section-Io-Cache
X-Type
Fastly-SWR
X-TT
Viewport
X-Fb-Rlafr
X-Cache-Control
X-B3-Sampled
X-Content-Options
X-B
Content-MD5
Frame-Options
X-Grace
Version
X-Ah-Environment
X-RateLimit-Remaining
X-Request-Guid
X-Trace-Id
Amp-Access-Control-Allow-Source-Origin
X-Revision
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Vcl-Version
X-Envoy-Decorator-Operation
Healthy
X-Amz-Meta-S3cmd-Attrs
X-Device-Type
X-Magnolia-Registration
X-Origin-Cache
X-Cdn
X-Source
X-Contextid
TCN
X-Rid
Server-Name
X-WP-CF-Super-Cache-Active
X-CSRF-Token
X-Aspnetmvc-Version
X-Webkit-CSP
X-Px
X-Mobile
X-Backend-Name
X-Language
X-Proxy
X-Cache-Age
DC
X-Buckets
X-Tumblr-Pixel-1
X-Tumblr-Pixel
X-App-Environment
X-Tumblr-User
X-Tumblr-Pixel-0
X-Varnish-Grace
X-RM-Cache-TTL
X-ProcessESI
X-RemovedCookies
X-Status
X-Storage
X-Seen-By
X-Rule
X-Environment-Context
Access-Control-Request-Headers
X-Framework
X-Mg-Request-UUID
X-L-Path
X-EdgeConnect-Cache-Status
X-Debug-Info
X-Adobe-Content
X-FW-Type
X-NYM-Debug-Backend
X-Adobe-Loc
X-Instance
X-Proxy-Cache-Info
X-Region
NGB
X-Akamai-Edgescape
X-HTML-Minification-Powered-By
X-FW-Hash
X-ServerID
X-FW-Static
SD-X-WS
X-FW-Server
X-Cacheable-TTL
X-Debug-IsConnected
Cross-Origin-Window-Policy
X-FW-Dynamic
X-FW-Serve
X-Content-Powered-By
X-Node-Name
X-UUID
X-Debug-IsPreview
X-G
X-FW-Version
Ms-Operation-Id
X-Datadog-Sampled
X-Rendered-As
X-Datadog-Parent-Id
GEO-INFO
X-Is-Bot
MS-CV
X-Datadog-Trace-Id
X-Datadog-Sampling-Priority
X-RTag
X-Webkit-Csp
X-Fastly-Request-Id
X-Yottaa-Metrics
X-Yottaa-Optimizations
Paypal-Debug-Id
X-Cache-Time
X-User-Agent
Trailer
X-Tec-Api-Version
X-Tec-Api-Origin
X-Tec-Api-Root
Upgrade-Insecure-Requests
Charset
Countrycode
Webserver
X-ECache
Protected
Front
X-Whom
X-WebKit-CSP-Report-Only
X-Edge-Location
OT-Force-Account-Verify
X-TT-LOGID
X-Lambda-Id
Refresh
X-VC
Section-Io-Id
X-HS-Prerendered
X-N
X-IPS-LoggedIn
X-Cache-Status-Check
X-Akamai-Request-ID2
X-FTR-Request-ID
X-AB
Country
X-Time
X-VHOST
X-Reqid
Alternate-Protocol
X-Amzn-Remapped-Content-Length
Priority
Backend
X-B3-SpanId
Xet-Cookie
X-Hcs-Proxy-Type
X-CCDN-CacheTTL
X-CCDN-Origin-Time
X-B3-Traceid
Liferay-Portal
X-Hl-Ver
X-WP-CF-Super-Cache-Cookies-Bypass
X-Server-W
X-TraceId
X-Original-Request-Id
X-Response-Served-From
Cross-Origin-Embedder-Policy-Report-Only
X-Mode
SRV
Onion-Location
Accept-Language
X-Real-IP
X-Auth-Group-Type
X-Web-Node
X-Tb
X-CLOUD-TRACE-CONTEXT
X-VC-Cache
X-Rewrite-Enabled
X-FB-TRIP-ID
X-Fetched-On
Environment
X-Frame-Option
X-JoinUs
X-Origin-Date
X-Rn-Rsrv
X-SaId
ServerID
Meta-Geo
From-Origin
Filters
X-Accel-Version
X-Scope-Id
X-Cache-Host
X-UPSTREAM-Address
X-Tumblr-Pixel-2
X-Skip-Cache
Fastcgi-Useragent
Webcakes-App-Version
X-Request-URI
X-Director
X-Webstats-RespID
X-Varnish-Cache-Hits
X-Varnish-Age
X-Say-Cacheable
X-Restarts
X-Format
X-Redis-Cache
X-Logging-Id
X-IPLB-Request-ID
X-IPLB-Instance
X-Origin-Hint
X-ProxyCache-Key
X-R9-Blue-Green-Version
X-ProxyCache-Status
X-Connection-Hash
X-Cluster-Node
TWC-GeoIP-LatLong
TWC-Locale-Group
TWC-Privacy
TWC-GeoIP-Country
TWC-Connection-Speed
Expiry
Property-Id
Uber-Trace-Id
Webcakes-App-Name
X-Cache-Expired-At
X-Say-TTL
X-SayCDN-TTL
X-Cache-Action
X-BYPASS-REASON
X-Hosted-By
Webcakes-Region
Atl-Traceid
TWC-Device-Class
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Wix-Request-Id
Mn-Server-Ip
X-PHP-Host
X-Cms-Context
X-Via-JSL
X-Loop
X-Forwarded-Host
X-Handled-By
X-Httpd
X-Labrador-Cache-Channel
Apigw-Requestid
X-Served-From
X-Soup
X-Vcache
X-Adobe-Source
Web-Mar-Node
X-Varnish-Beresp-Grace
X-Tncms
X-Timing-Wait
X-Generated-By
Selected-Fe
DB-Nickname
X-Proxy-Build
Url
X-Detected-As
X-Cloudmap
X-Extlb
X-Origin
X-Servername
X-Zipkin-Id
ServedBy
X-Cluster
X-S
X-Routing-Service
X-Origin-TTL
X-Proxied
X-Origin-CC
X-DataDome
X-SRV
X-LSADC-Cache
Referer-Policy
X-Lagoon
N-Cache
Xserver
X-Rocket-Nginx-Serving-Static
X-Hit
LB
Cross-Origin-Embedder-Policy
X-Nginx-Cache
X-XRDS-Location
X-Ms-Request-Id
X-DynaTrace
X-Ms-Version
X-Xfnlog-Site
X-Tumblr-Pixel-3
CF-IPCountry
X-NWS-UUID-VERIFY
X-Azure-Ref-OriginShield
X-XRDS-LOCATION
WPO-Cache-Status
WPO-Cache-Message
Source
X-VCT
X-Cache-Debug
X-Upstream-Ct
X-RCS-CacheZone
X-Proxy-Cache-Status
X-UA
X-RID
X-Upstream-Ht
Surrogated-Key
CDN-RequestId
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Worker
X-Is-Tablet
X-Is-Supported-Browser
X-Is-Desktop
X-Browser-Name
X-Tcp-Rtt
X-Geo-Region
X-Is-Mobile
X-Generation-Time
X-Sucuri-Cache
X-F-Cache
X-No-Session
X-Signature
X-Urbn-Context-Path
X-App-Version
Locale
X-B-Cache
X-Urbn-Site-Id
Node
X-Cdn-Origin
X-NGINX-Cache
X-Drupal-Cache-Tags
X-Sucuri-ID
X-Drupal-Cache-Contexts
X-RateLimit-Limit
X-ShopId
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Alternate-Cache-Key
X-Storefront-Renderer-Rendered
X-ShardId
X-Shopify-Stage
AMP-Access-Control-Allow-Source-Origin
Ohc-File-Size
Cross-Origin-Opener-Policy-Report-Only
X-MP-GENERATED-AT
X-NODE
X-Tx-Id
X-Locale
X-Cdn-Forward
X-Cache-Rule
X-Cache-Operation
X-Site-Version
Azure-SiteName
Azure-RegionName
Azure-SlotName
X-FC-Vary-Parameters
Azure-InstanceId
X-Ec-GeoHdr
X-DPWN-IS-SECURE
Cdncip
X-Ec-Fail
X-Epic-Correlation-Id
BehaviorPad-Version
Candidate-Md5Url
Azure-Version
X-GeoCode
X-Ig-Push-State
X-Ig-Origin-Region
X-Varnish-Remaining-TTL
X-INCAP-ABP
X-Varnish-Authentication
X-ElasticPress-Query
X-Jobs
X-Internal-TTL
X-Amz-Storage-Class
X-Varnish-CookieHashed-On
X-Backend-Instance
Cdnsip
X-Gdpr
X-GeoIP
X-A-Dgt
X-App-Name
X-Varnish-CookieINHashed-On
X-GeoIP-City
A
X-Bc-Bl
X-Contensis-Viewer-Groups
Ngx.Var.Host
Odigeo-Trace-Id
Meta-Geo-Continent
MD5-Digest
Host-ID
Lang
Mail-Subject
X-Conf
Origin-Agent-Cluster
We-Hiring
X-Cache-Aspx
X-Bug-Bounty
X-Cache-Info
Rendered-Blocks
Producers
X-Cache-NE
Redirect-Candidate
X-D
Gannett-Cam-Experience-Id
X-Depends
Cluster
X-DefHash
TDXMobile
Thinkindot-CacheControl
Sslversion
X-BCube-Filmed-By
Thinkindot-CacheControl-Type
Content-Secure-Policy
X-DefElseHash
Expect-Staple
Fastly-Backend-Name
Fastly-GeoIP-CountryCode
X-Debug-Cache-Fetch
X-Debug-Cache-Store
DCR-Decision-By
DCR-Processing-Time-Ms
X-Developer
X-GeoCountry
X-Path
X-A-Wwc
X-A
X-Rojux
X-We-Are-Hiring
X-A-Ccd
X-Vmg-Version
X-PAYTM-SRV-ID
X-Proxy-CacheRZ
X-Aicache-OS
X-Mvc-Supplant-OutputCached
X-Nyt-Route
X-Origin-Time
X-Thinkindot-L3
X-TIM-N
X-A-Dcw
X-Request-Time
X-Origin-Expires
X-Org
X-Service
X-Origin-Response-Time
X-A-Dam
X-Aed
X-Scheme
XkeyRZ
X-AK-Request-ID
Xc-Version
X-Varnish-Beresp-Ttl
X-Vtex-Remote-Cache
X-Mly-Id
X-ScT
X-Platform-Server
X-Proxied-Request
X-Vdms-Version
X-Loc
X-Proto
X-Shield-Cache-Expires
X-Mvc-Supplant-Cachable
Mime-Version
X-Newrelic-Synthetics
X-Cache-Hit
Web-Mar-Region
X-Content-Age
X-Core-Value
L
Origin-EX
Wxu-Next-Commit
Origin-CC
Gh-Request-Id
HA-Ipaddr
X-Wikidot-Static-Cache
Ha-Gx-Prefs
X-Req
L5d-Success-Class
NM-Fastcgi-Cache
X-Csrf-Jwt
Product
X-SVT-ORM-RULES
X-VTEX-Cache-Time
X-Sn-Servicetimems
X-Auto-Login
X-Bl-Debug
X-SVT-ORM-VERSION
W
X-BBC-Edge-Cache-Status
Tube-Get-Contents
User-Agent
X-Akamai-Device-Characteristics
V-Age
X-Slack-Shared-Secret-Outcome
Tube-Return
Tube-Got-Eval
Tube-Got-Results
X-Tb-Optimization-Total-Bytes-Saved
X-Cache-Bucket
X-Cached-By
X-Wikidot-Backend
Wxu-Next-Hostname
X-CacheTTL
Platform
PFcat
X-CGP
X-VTEX-Cache-Server
Release
Server-Host
X-Cache-Grace
X-SB
X-Cache-Id
RNT-Time
Req-Svc-Chain
RNT-Machine
X-Clientip
X-Platform
X-Section
X-B3-Trace-ID
X-Slack-Backend
X-GeoIP-Country-Code
X-Varnish-Director
X-GoCache-CacheStatus
X-GeoIP-Region-Code
X-NMSegId
X-Generated-On
X-Fmm-Version
Apple-News-Services-Handled
X-Varnishpool
X-Gamma-Serve
Wxu-Next-Region
X-Node-Id
X-SD-PageType
X-Gzip
X-Access
X-V-Cache
X-Micro-Cache
X-Var-Ttl
X-Location
X-Amz-Meta-Cb-Modifiedtime
X-Via-Fastly
X-Human
X-Viewer-Country
X-Hash
X-HN
X-Pad
X-HS-Content-Campaign-Id
X-VarnishDD-TTL
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Yak-Timeinfo
Content-Script-Type
Click-Count-Error
Click-Count-Action-Start
Origin
X-Acquia-Purge-Cdn-Unconfigured
X-Level-Front-Cache
Content-Style-Type
Esi-Enabled
X-Pool
X-VG-WebCache
DSUID
X-Policy
Debug
X-Dispatcher-Server
X-Ec-Custom-Error
X-Fastly-Backend
Cache
X-UA-Device-Type
X-Op-Id-All
X-Powered-By-VTEX-Cache
Apple-News-Services-Request-Url
Cache-Key
Cache-Provider
X-Edge-Server
Cdn-Host
Cdn-Request-Time
X-Esi-Check
X-Eu-Site
Canary
TP-L2-Cache
Sid
X-Optimistic-Header
X-Men
X-VG-TLSProxy
X-Varnish-Beresp-Status
X-Thanos
X-Server-IP
IsBot
X-Cdn-Srv
X-AB-Test
X-SIPLIST1
X-Irp-Debug
X-Request-Start
X-Request-Host
X-CUA
X-Content-Length
X-Cache-FS-Status
X-Block-Status
X-Date
X-Gen-Mode
X-Pubstack
X-NodeID
X-Hnp-Log
X-Bip
User-Cache-Control
Ssr
CDN-Cache
CDN-Uid
CDN-EdgeStorageId
ServerName
Req-ID
Country-Code
CDN-RequestPullSuccess
Pramga
Fastly-SSL
CDN-PullZone
X-Accel-Expires-Debug
NGX
CDN-CachedAt
CDN-RequestPullCode
CDN-RequestCountryCode
CDCHOST
X-COUNTRY
X-LiteSpeed-Tag
Akamai-Mon-Iucid-Del
Fl-Custom-Application
XM
X-ORCA-Accelerator
X-HITS
X-URL
X-Dc
X-Varnish-Hits
X-HOST
X-HS-CF-Cache-Status
X-Api-Version
X-VServer
X-LB-NoCache
X-GEO
X-CACHE-GROUP
X-LiteSpeed-Cache-Control
X-Cs
X-VWS-Id
X-Nananana
X-LJ-Flow-ID
X-Geolocation
X-AWS-Id
True-Client-Country-4JS
X-Cache-Date
Proxy-Firewall
X-APP
X-TA-CDN-Provider
X-Refresh
X-Air-Pt
X-Litespeed-Tag
X-IsAdmin
X-Servedbyhost
C-Via
CloudFront-Viewer-Country
X-Application
X-Test
Server-Hostname
Sever-Int
X-Via-CDN
X-Via-SSL
X-Via-Edge
Server-Ext
X-External-Request-Id
X-Provided-By
Edge-Copy-Time
X-RequestId
GeoIP-Latitude
X-Destination
X-B-Cookie
X-S-Cookie
Fastly-Drupal-HTML
Is-Eu
Adler-Geo
X-Zen-Fury
X-DC
Fastly-Drupal-Html
X-ZONE
X-Endurance-Cache-Level
X-Via-Poph
X-Via-Popn
X-Nginx-Cache-Key
X-Dispatcher-Number
X-B3-Spanid
X-Zone
X-Via-Popv
X-User
X-HA-Backend
X-B3-Parentspanid
X-CDN-Forward
Cdn-Requestid
S-Rt
WZWS-RAY
Server-ID
X-Wa
X-CACHE-AGE
X-Nc
X-LB-ID
X-DynaTrace-JS-Agent
X-AIR-PT
Cache-Tv-Group
X-Custom-Header
X-CS
Ohc-Cache-HIT
T-Server
HostName
X-Webkit-Csp-Report-Only
GeoIp-Country-Code
X-Geo-Header
X-NewRelic-App-Data
Cdn
X-Tt-Logid
X-VC-TTL
X-Presslabs-Stats
X-HubSpot-Correlation-Id
X-Pass-Why
X-ND-Cache
X-Oracle-Dms-Ecid
X-Parent-Response-Time
X-Cache-Server
True-Client-IP
Vc-Max-Age
X-TH-Server
X-CMSURLCustom
X-Vgn-Hpd-Reason
WP-Super-Cache
X-Srv
Resin-Trace
X-FTR-Expires
X-FTR-Cache-Status
X-FTR-Balancer
X-Moov-Xdn-Version
X-FTR-Backend-Server
X-DataCenter
X-Moov-T
X-API-Version
X-Fpc
X-FTR-Backend
X-Country-Code-Real
X-Moov-Xdn-Caching-Status
X-Datadome
SID
X-Old-Content-Length
Pics-Label
Powered-By
Vix-Hermes-Req-Id
X-Varnish-Beresp-TTL
Uri
X-Ckpd-Fst-Backend
Thinkindot-Control
SEZNAM-JOBS-OFFER
X-Fastly-Cache
X-Srcache-Store-Status
X-TX-ID
X-Srcache-Fetch-Status
X-Vercel-Cache
True-Client-Ip
X-FPC
Srv
On-Server
X-Thinkindot-L1
Location
X-APP-VERSION
X-Cache-VC
X-Action
X-Vercel-Id
X-SERVER-NAME
Serverhost
ServerHost
X-Resp-Is-Stale
X-Dynatrace-Js-Agent
X-Client-Ip
X-PHP-Backend
N1-Cache
GeoIP-Country-Code
X-Cache-TTL-Remaining
AKAMAI
X-Amz-Meta-Opti
X-Air-Hostname
X-Air-Source
X-Air-Trace-Id
Server-Id
X-Oracle-Dms-Rid
X-Stale
Hostname
Tcn
X-Litespeed-Cache-Control
X-Debug-Service
X-Fastly-Cache-Status
X-Datacenter
X-Cdn-Cache-Status
X-ApacheServer
X-Info
X-PERF
Cl-Cache
Magicmarker
X-NC
X-WA
Av-Poweredby
X-Ssense-Gql
Sm-Log-Id
X-Ssense-Shipping-Surcharge-Enabled
X-Service-Response-Time
X-Nitro-Cache
X-Lb-Id
X-WA-Info
X-Render-Time
Cache-Hits
X-V
TWC-GeoIP-City
TWC-GeoIP-DMA
TWC-GeoIP-Region
X-Vc
X-Ee-Request-Date
X-Ee-Generated-By
X-Cms-Device
X-CDN-Cache-Status
X-Uri
X-IAuth-Set-Uid
X-Vary-Devices
X-Save-Cache
X-Ee-Request-Id
X-Ee-Origin
Time-Cloud-Cache
X-Via-PopN
X-Via-PopV
X-Ha-Backend
X-VTEX-Cache-Backend-Connect-Time
X-Udemy-Cache-App-Namespace
X-VTEX-Cache-Backend-Header-Time
X-Fastly-Backend-Reqs
X-Via-PopH
X-Geo
Xkey-La3
X-Proxy-Cache-La3
Store-Cloud-Cache
Xkeylog
X-Cache-Ttl
CDN
X-Akamai-Pragma-Client-IP
RewriteTeamHook
Cloudfront-Viewer-Country
X-Oracle-DMS-ECID
RewriteTestHook
X-Ion-Healthy
X-Jungle-Id
X-Ion-Hop
X-Github-Request-Id
X-ServedByHost
X-Eligible
Log-Origin
Geoip-Latitude
X-Ua
Cache-Contol
X-Rollout
X-New
X-Esi
My-App
Cmstype
Cmsid
X-VCL-Version
X-App
X-Region-Sid
X-Limited
Machine
X-Forwarded-Site
Cf-Ipcountry
X-From
WebServer
X-Up
X-Lb-Nocache
X-Traceid
X-Requestid
Server-Info
Cneonction
Lb
WWW-Authenticate
X-Correlation-ID
CountryCode
Pragrma
X-LAGOON
X-Container-Uri
X-MSEdge-Features
CacheControlHeader
X-MSEdge-Flight
Edge-Cache
X-EC-Lua
X-Ftr-Request-Id
X-Git-Commit
X-Dw-Trace-Id
Warning
X-Akamai-Transformed
X-Acquia-Purge-Tags
Permission-Policy
X-Acquia-Application-UUID
X-Acquia-Application-Trace
X-Serial
X-Pod
Reporter
X-Acquia-Site
X-SRCache-Key
X-Check-Cacheable
X-Cdn-Request-ID
X-Web-Server
X-Td-Header-From-No-Data
X-CSRF-TOKEN
FSS-Cache
X-HS-Status
X-Varnish-Hostname
Thinkindot-Cache-Type
X-Sucuri-Id
X-Platform-Processor
X-Orig-Cache-Control
X-Platform-Router
X-Akamai-ERRuleID
X-Ramcache
Ngx
X-Platform-Cluster
X-BBC-Origin-Response-Status
X-Ms-Blob-Type
X-Tncms-Bot-Tier
X-Fastly-Cache-Hits
Timeexpire
X-Elasticpress-Query
X-Ms-Lease-Status
PICS-Label
X-Akamai-ERPolicy
CF-Cached-On