Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
X-Frame-Options
Expires
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
Accept-Ranges
Expect-CT
CF-RAY
Pragma
X-Powered-By
X-Cache
Via
X-XSS-Protection
Age
Content-Security-Policy
Report-To
Alt-Svc
NEL
Referrer-Policy
Access-Control-Allow-Origin
X-Xss-Protection
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
X-Served-By
P3P
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
CF-Ray
Content-Security-Policy-Report-Only
X-Runtime
X-DNS-Prefetch-Control
X-AspNet-Version
X-Drupal-Cache
X-Generator
Server-Timing
X-Cache-Status
P3p
X-Cacheable
X-Envoy-Upstream-Service-Time
Timing-Allow-Origin
X-Request-ID
X-FRAME-OPTIONS
X-Iinfo
X-Check
X-Drupal-Dynamic-Cache
Permissions-Policy
X-Content-Security-Policy
X-Ua-Compatible
Access-Control-Expose-Headers
Feature-Policy
Upgrade
Content-Encoding
Status
X-CDN
X-AspNetMvc-Version
Accept-CH
Access-Control-Max-Age
Host-Header
Cf-Edge-Cache
X-Robots-Tag
X-Amz-Request-Id
Request-Context
X-Amz-Id-2
X-Backend
X-Hacker
Accept-CH-Lifetime
X-Turbo-Charged-By
Keep-Alive
X-Proxy-Cache
Cf-Apo-Via
X-Via
X-Cache-Group
X-Rq
EagleId
X-Age
X-Server
X-UA-Device
X-Dispatcher
X-Vhost
X-Amz-Version-Id
X-AH-Environment
X-Dns-Prefetch-Control
X-Ws-Request-Id
X-Varnish-Cache
X-Litespeed-Cache
Grace
X-Server-Powered-By
X-WebKit-CSP
Allow
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Swift-CacheTime
X-Swift-SaveTime
X-Pingback
X-Cache-Lookup
Ali-Swift-Global-Savetime
X-OneAgent-JS-Injection
X-Page-Speed
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Device
EagleEye-TraceId
X-Backend-Server
X-Akam-SW-Version
X-Host
X-Response-Time
Surrogate-Control
X-Cloud-Trace-Context
Cf-Railgun
X-Readtime
X-Server-Id
X-Node
X-HW
Xkey
Request-Id
X-Ruxit-JS-Agent
X-LiteSpeed-Cache
X-Country
X-Url
X-Nginx-Cache-Status
X-Application-Context
X-NWS-LOG-UUID
X-Content-Type
Content-Location
Cache-Tag
X-Nginx-Upstream-Cache-Status
X-Clacks-Overhead
X-Trace
Service-Worker-Allowed
X-Amz-Server-Side-Encryption
Fastly-Restarts
Cross-Origin-Opener-Policy
X-Times
X-PC
X-Vname
X-TtlSet
X-Mcache
X-Midtier
X-Edge
X-Rack-Cache
X-Country-Code
Rating
X-Oneagent-Js-Injection
Surrogate-Key
X-Server-Name
X-Browser-Type
X-ESI
Display
X-Sol
X-Middleton-Display
Pagespeed
X-Abt-Application-Version
X-Cnection
X-Element-Page-Cache
X-Kinja
X-Exp-Variant
X-Kinja-Build
X-Cdn-Fetch
X-Kinja-Server
X-Kinja-Revision
X-Exp-Id
X-GoogleNews-Bot
X-Ser
X-Cache-TTL
Edge-Control
X-Powered-By-Plesk
X-GitHub-Request-Id
Nginx-Cache
X-D2id
Verso
X-Ac
X-Dw-Request-Base-Id
X-ARC
X-Vcap-Request-Id
X-Client-IP
X-MS-InvokeApp
X-Daa-Tunnel
X-ORACLE-DMS-RID
Accept-Ch-Lifetime
X-Ttl
X-Navigation-Version
X-Upstream
X-Amz-Rid
X-Goog-Hash
X-Aspnet-Version
X-Powered-CMS
X-CST
Response
X-Middleton-Response
X-Instrumentation
X-Erf-Bev-Bev-Is-Generated
X-B3-TraceId
X-Erf-Bev-Bev
X-Kraken-Loop-Name
X-PDP-UNCACHING-HASH
X-Server-Lifecycle-Phase
X-Edge-Location-Klb
X-Kinsta-Cache
AR-SID
AR-ATIME
AR-Request-ID
AR-PoweredBy
X-Cache-Key
X-NF-Request-ID
X-Amzn-Trace-Id
X-Forwarded-For
X-ECACHE
X-Ua-Device
X-Ruxit-Js-Agent
RTSS
X-Mod-Pagespeed
X-Ratelimit-Limit
X-FastCGI-Cache
X-Wormhole-Sdk
SPRequestDuration
SPIisLatency
AR-CACHE
Cache-Status
Edge-Cache-Tag
X-Server-ID
X-Version
X-ORACLE-DMS-ECID
Public-Key-Pins
X-Mg-S
X-Ratelimit-Remaining
S
Cross-Origin-Resource-Policy
X-Ezoic-Cdn
Realpath
X-SharePointHealthScore
SPRequestGuid
X-MSEdge-Ref
X-Shield-Request-Id
X-T
Fastcgi-Cache
X-Cached
X-Content-Digest
X-Recruiting
X-Accel-Expires
Access-Control-Request-Method
Accept-Ch
X-Newrelic-App-Data
X-Distributor
TP-Cache
X-Correlation-Id
Arr-Disable-Session-Affinity
X-Id
X-Kong-Upstream-Latency
Count-Hit
X-Kong-Proxy-Latency
X-Debug
X-Request-Received
X-Request-Processing-Time
Front-End-Https
Server-Node
X-Content-Security-Policy-Report-Only
X-Ua-Browser
X-HS-Cache-Config
X-HS-Content-Id
X-HS-Hub-Id
X-VARITI-CCR
MicrosoftSharePointTeamServices
X-LLID
X-Frontend
X-HS-Combine-CSS
X-Azure-Ref
X-Varnish-TTL
X-PressLabs-Stats
Cache-Tags
X-Ismobilevalue
X-Cluster-Name
X-Hits
Payment
X-Fastly-Request-ID
X-LB-Cache
X-Forwarded-Proto
X-Amz-Replication-Status
X-GUploader-UploadID
X-Goog-Metageneration
X-Varnish-Backend
X-Varnish-Ttl
Filterid
X-Microsite
X-Request-Handler-Origin-Region
X-FB-Debug
Host
X-Unique-Id
X-Git-Hash
Cleartype
X-Protected-By
X-Logged-In
X-Www-Served-By
X-AppVersion
X-Varnish-Server
X-Activity-Id
X-Az
X-Ratelimit-Reset
X-App-Server
Content-Disposition
X-Hostname
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-NGENIX-Cache
X-Amzn-RequestId
X-Amz-Apigw-Id
MRF-Tech
Mrf-Cache-Status
X-B3-TraceId-Primal
X-Jurisdiction
X-HP-Trace-Id
X-HP-Webp
X-Geo-Country
Access-Control-Allow-Method
Retry-After
X-Page-Id
X-Origin-Server
X-DIS-Request-ID
X-Load-Cache
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
X-ECache
X-RateLimit-Remaining
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Generation
MS-Author-Via
X-Upgrade-Enabled
X-Goog-Storage-Class
Accept-Charset
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Nf-Request-Id
Akamai-GRN
X-Type
Fastly-SIE
Fastly-SWR
Section-Io-Cache
X-ASPNET-VERSION
Pinterest-Generated-By
X-Pinterest-Rid
X-Fb-Rlafr
X-TT
Viewport
Pinterest-Version
X-Cache-Control
X-TTL
Origin-Trial
X-Fastcgi-Cache
X-Grace
Amp-Access-Control-Allow-Source-Origin
Content-MD5
X-Ah-Environment
X-B3-Sampled
X-Content-Options
X-B
X-Template
X-Cambria-Cache-Control
Version
X-Request-Guid
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Origin-Cache
TCN
X-Revision
X-Amz-Meta-S3cmd-Attrs
X-Trace-Id
Frame-Options
X-Vcl-Version
Healthy
X-Fastly-Request-Id
X-Envoy-Decorator-Operation
X-Contextid
X-Magnolia-Registration
X-Cdn
X-Device-Type
X-CSRF-Token
X-Xrds-Location
X-Source
X-WP-CF-Super-Cache-Active
DC
Server-Name
X-Webkit-CSP
X-Cache-Age
X-Backend-Name
X-Aspnetmvc-Version
X-Proxy
X-Px
X-Seen-By
X-Varnish-Grace
X-Mobile
X-App-Environment
X-Tumblr-Pixel
X-Tumblr-Pixel-1
X-RemovedCookies
X-ProcessESI
X-Tumblr-User
X-Tumblr-Pixel-0
X-RM-Cache-TTL
X-Storage
X-Status
Access-Control-Request-Headers
X-Mg-Request-UUID
X-Debug-Info
X-Rule
X-Framework
X-Adobe-Loc
X-NYM-Debug-Backend
X-Debug-IsConnected
NGB
X-Proxy-Cache-Info
X-Adobe-Content
X-Region
X-Instance
X-L-Path
X-Environment-Context
X-Node-Name
X-Rid
X-G
X-Debug-IsPreview
X-ServerID
X-Cacheable-TTL
SD-X-WS
Cross-Origin-Window-Policy
X-UUID
X-HTML-Minification-Powered-By
GEO-INFO
X-Is-Bot
Paypal-Debug-Id
X-Yottaa-Optimizations
X-Datadog-Parent-Id
X-Yottaa-Metrics
X-Datadog-Sampled
X-Datadog-Sampling-Priority
X-Datadog-Trace-Id
X-Rendered-As
X-Akamai-Edgescape
X-FW-Type
X-FW-Serve
X-FW-Hash
X-FW-Server
X-FW-Static
X-Content-Powered-By
X-FW-Dynamic
X-FW-Version
X-User-Agent
X-RTag
MS-CV
Ms-Operation-Id
X-CLOUD-TRACE-CONTEXT
Front
X-Language
X-Tec-Api-Origin
X-EdgeConnect-Cache-Status
Webserver
X-Tec-Api-Version
X-Tec-Api-Root
Countrycode
X-Cache-Time
Upgrade-Insecure-Requests
X-Buckets
X-WebKit-CSP-Report-Only
Charset
X-B3-Traceid
Protected
X-Whom
X-N
OT-Force-Account-Verify
X-IPS-LoggedIn
X-Lambda-Id
X-AB
X-VC
X-Akamai-Request-ID2
X-Cache-Status-Check
Section-Io-Id
X-Edge-Location
Country
X-CACHE-GROUP
Refresh
Priority
Trailer
X-TT-LOGID
X-Time
X-VHOST
X-Via-JSL
X-Hl-Ver
X-Hcs-Proxy-Type
X-CCDN-CacheTTL
X-CCDN-Origin-Time
X-Amzn-Remapped-Content-Length
Alternate-Protocol
X-Reqid
X-WP-CF-Super-Cache-Cookies-Bypass
X-XRDS-LOCATION
Backend
X-HS-Prerendered
Accept-Language
X-B3-SpanId
X-Wix-Request-Id
Liferay-Portal
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
Xet-Cookie
Onion-Location
X-DataDome
X-Frame-Option
From-Origin
Filters
X-Generated-By
ServerID
X-FB-TRIP-ID
X-Fetched-On
Meta-Geo
X-Cache-Host
X-Tumblr-Pixel-2
X-Skip-Cache
X-UPSTREAM-Address
X-VC-Cache
Uber-Trace-Id
X-Scope-Id
X-Request-URI
X-Tb
X-SaId
X-Accel-Version
X-Origin-Date
Fastcgi-Useragent
Environment
X-JoinUs
X-Rewrite-Enabled
X-Web-Node
X-Rn-Rsrv
X-Auth-Group-Type
Expiry
X-Redis-Cache
X-SayCDN-TTL
X-R9-Blue-Green-Version
X-ProxyCache-Key
Atl-Traceid
X-Hosted-By
X-Say-TTL
X-ProxyCache-Status
X-Say-Cacheable
TWC-Connection-Speed
X-Webstats-RespID
Webcakes-App-Name
X-Connection-Hash
TWC-Privacy
TWC-Locale-Group
Webcakes-App-Version
Webcakes-Region
X-Cache-Expired-At
X-Cache-Action
X-BYPASS-REASON
X-Origin-Hint
TWC-GeoIP-LatLong
X-Logging-Id
X-Varnish-Beresp-Grace
X-Varnish-Cache-Hits
X-Varnish-Age
Property-Id
X-Format
X-Director
TWC-Device-Class
TWC-GeoIP-Country
X-Httpd
X-Real-IP
X-Loop
LB
X-Forwarded-Host
X-Server-W
X-Cms-Context
X-Labrador-Cache-Channel
X-Handled-By
X-Adobe-Source
X-PHP-Host
Web-Mar-Node
X-Served-From
X-Vcache
X-Tncms
X-Soup
X-RID
X-Cluster-Node
X-Restarts
X-IPLB-Request-ID
X-IPLB-Instance
X-Mode
Apigw-Requestid
Selected-Fe
Mn-Server-Ip
X-Timing-Wait
X-Proxy-Build
ServedBy
Url
X-S
X-Origin
X-Nginx-Cache
X-Detected-As
X-Servername
X-Response-Served-From
Xserver
DB-Nickname
X-Cluster
X-Original-Request-Id
X-Origin-TTL
Referer-Policy
X-Origin-CC
SRV
CF-IPCountry
X-Cloudmap
X-Zipkin-Id
N-Cache
X-Proxied
X-Extlb
X-Routing-Service
X-Lagoon
X-Hit
X-Rocket-Nginx-Serving-Static
X-LSADC-Cache
Cross-Origin-Embedder-Policy-Report-Only
X-SRV
X-Upstream-Ct
X-Xfnlog-Site
X-Upstream-Ht
X-UA
CDN-RequestId
X-XRDS-Location
Cross-Origin-Embedder-Policy
X-Ms-Version
X-Ms-Request-Id
X-Webkit-Csp
X-Tumblr-Pixel-3
X-VCT
X-Cache-Debug
X-TraceId
X-Proxy-Cache-Status
Source
X-RCS-CacheZone
X-RateLimit-Limit
X-NWS-UUID-VERIFY
X-Azure-Ref-OriginShield
X-F-Cache
X-DynaTrace
X-Signature
X-B-Cache
X-Is-Tablet
X-Is-Mobile
X-Is-Supported-Browser
WPO-Cache-Status
X-Is-Desktop
Surrogated-Key
X-Tcp-Rtt
X-Browser-Name
X-Geo-Region
WPO-Cache-Message
X-RateLimit-Remaining-Second
X-Urbn-Site-Id
X-RateLimit-Limit-Second
X-Worker
X-Urbn-Context-Path
Locale
X-No-Session
Node
X-Cdn-Origin
X-Generation-Time
X-Sucuri-Cache
X-ShopId
X-Alternate-Cache-Key
X-ShardId
X-Shopify-Stage
X-Sorting-Hat-ShopId
X-Storefront-Renderer-Rendered
X-Sorting-Hat-PodId
X-FTR-Request-ID
X-Sucuri-ID
X-Drupal-Cache-Contexts
X-Tx-Id
TP-L2-Cache
X-Locale
X-Cdn-Forward
X-NODE
X-NGINX-Cache
X-Site-Version
X-Drupal-Cache-Tags
X-Optimistic-Header
X-Service
X-Cache-Operation
X-Cache-Rule
X-Rojux
Fastly-Backend-Name
Fastly-GeoIP-CountryCode
X-Request-Time
Expect-Staple
DCR-Decision-By
Cdnsip
Content-Secure-Policy
X-GeoIP-City
X-Conf
Cdncip
Cluster
X-FC-Vary-Parameters
DCR-Processing-Time-Ms
Azure-SlotName
X-Proxy-CacheRZ
X-Ig-Origin-Region
X-Proxied-Request
X-D
X-Ig-Push-State
X-LiteSpeed-Tag
X-App-Name
A
Azure-Version
BehaviorPad-Version
X-Cache-NE
Azure-SiteName
Azure-InstanceId
Azure-RegionName
Candidate-Md5Url
MD5-Digest
X-ScT
X-Scheme
We-Hiring
X-A
X-Bc-Bl
Thinkindot-CacheControl-Type
X-BCube-Filmed-By
TDXMobile
Thinkindot-CacheControl
X-A-Ccd
X-A-Dam
X-Aicache-OS
X-AK-Request-ID
X-Amz-Storage-Class
X-Aed
X-Backend-Instance
X-A-Dcw
X-A-Dgt
X-A-Wwc
Sslversion
X-Bug-Bounty
X-GeoCode
Mail-Subject
X-Debug-Cache-Fetch
Lang
X-GeoCountry
Gannett-Cam-Experience-Id
X-GeoIP
Host-ID
Meta-Geo-Continent
Ngx.Var.Host
Redirect-Candidate
Rendered-Blocks
X-Cache-Aspx
X-Gdpr
Producers
Odigeo-Trace-Id
Origin-Agent-Cluster
X-Shield-Cache-Expires
X-Cache-Info
X-Contensis-Viewer-Groups
X-Vdms-Version
Xc-Version
X-VG-WebCache
X-Varnish-Remaining-TTL
X-Epic-Correlation-Id
X-Developer
X-Depends
X-Mvc-Supplant-OutputCached
X-Viewer-Country
X-DefHash
X-DefElseHash
X-Proto
X-Vmg-Version
X-Mvc-Supplant-Cachable
X-Mly-Id
X-We-Are-Hiring
X-Platform-Server
X-Org
X-Origin-Expires
Cache
X-Ec-Fail
X-Ec-GeoHdr
X-Nyt-Route
X-Varnish-Authentication
X-DPWN-IS-SECURE
X-Varnish-CookieINHashed-On
X-Varnish-Director
X-PAYTM-SRV-ID
X-Varnish-CookieHashed-On
X-Origin-Response-Time
X-Origin-Time
X-Vtex-Remote-Cache
XkeyRZ
X-INCAP-ABP
X-ElasticPress-Query
X-Loc
X-Debug-Cache-Store
X-Thinkindot-L3
X-Internal-TTL
X-TIM-N
X-Jobs
X-App-Version
Mime-Version
Sid
RNT-Machine
Req-Svc-Chain
X-Platform
X-Bl-Debug
X-Gamma-Serve
Yak-Timeinfo
X-Pubstack
X-Dispatcher-Server
Server-Host
RNT-Time
Product
X-Slack-Backend
X-Fastly-Backend
X-Req
X-Generated-On
NM-Fastcgi-Cache
X-Cache-Grace
PFcat
X-Human
X-Section
X-Cache-Bucket
X-Eu-Site
Platform
Release
Tube-Got-Eval
X-Access
X-Acquia-Purge-Cdn-Unconfigured
X-Accel-Expires-Debug
X-Tb-Optimization-Total-Bytes-Saved
X-SVT-ORM-VERSION
X-Op-Id-All
X-Node-Id
X-NMSegId
X-Fmm-Version
X-Esi-Check
X-B3-Trace-ID
X-Akamai-Device-Characteristics
X-Edge-Server
X-BBC-Edge-Cache-Status
Wxu-Next-Region
User-Agent
V-Age
Tube-Return
Tube-Got-Results
X-SD-PageType
Tube-Get-Contents
X-Varnish-Beresp-Status
X-Ec-Custom-Error
Wxu-Next-Commit
Wxu-Next-Hostname
Web-Mar-Region
X-Wikidot-Backend
W
X-SVT-ORM-RULES
X-Wikidot-Static-Cache
X-VTEX-Cache-Server
X-Powered-By-VTEX-Cache
X-CacheTTL
X-CGP
Cdn-Host
Cdn-Request-Time
X-Csrf-Jwt
Click-Count-Action-Start
X-GeoIP-Region-Code
NGX
Content-Script-Type
X-Micro-Cache
Click-Count-Error
AMP-Access-Control-Allow-Source-Origin
X-Clientip
X-Core-Value
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Apple-News-Services-Host
Apple-News-Services-Handled
X-GeoIP-Country-Code
X-Path
X-MP-GENERATED-AT
X-Location
X-Content-Age
X-VTEX-Cache-Time
Canary
Cache-Provider
X-V-Cache
Cache-Key
X-Pool
Content-Style-Type
X-HN
X-Slack-Shared-Secret-Outcome
HA-Ipaddr
Ha-Gx-Prefs
X-GoCache-CacheStatus
Gh-Request-Id
X-Var-Ttl
L
X-Cache-Id
X-HS-Content-Campaign-Id
X-VarnishDD-TTL
X-Varnishpool
L5d-Success-Class
X-Sn-Servicetimems
X-Date
X-Pad
DSUID
Esi-Enabled
X-Gzip
X-Via-Fastly
X-Level-Front-Cache
X-Hash
X-VG-TLSProxy
X-Policy
Debug
Ohc-File-Size
X-Air-Pt
X-Api-Version
X-Dc
X-CUA
X-Cdn-Srv
X-Bip
X-Cache-FS-Status
X-Request-Start
CDN-RequestCountryCode
CDN-PullZone
CDN-CachedAt
CDN-Cache
Origin-EX
CDN-RequestPullCode
CDN-Uid
CDN-RequestPullSuccess
X-SB
X-UA-Device-Type
Cross-Origin-Opener-Policy-Report-Only
X-NodeID
Origin-CC
Origin
XM
X-Thanos
X-Men
Country-Code
CDN-EdgeStorageId
Req-ID
X-Cached-By
Ssr
X-Server-IP
Fastly-SSL
Pramga
X-Amz-Meta-Cb-Modifiedtime
X-Request-Host
X-Auto-Login
X-Cache-Hit
User-Cache-Control
X-Varnish-Beresp-Ttl
IsBot
X-LiteSpeed-Cache-Control
X-Newrelic-Synthetics
CDCHOST
ServerName
X-Content-Length
X-Hnp-Log
X-SIPLIST1
X-Gen-Mode
X-Block-Status
X-GEO
Fl-Custom-Application
X-Provided-By
X-Varnish-Hits
X-AB-Test
X-Irp-Debug
True-Client-Country-4JS
X-HOST
X-VWS-Id
X-LJ-Flow-ID
Akamai-Mon-Iucid-Del
X-AWS-Id
GeoIP-Latitude
X-RequestId
X-Test
X-ORCA-Accelerator
X-Cs
Is-Eu
Adler-Geo
X-TA-CDN-Provider
Proxy-Firewall
C-Via
X-APP
Server-Hostname
Sever-Int
Server-Ext
X-B3-Spanid
X-Refresh
X-HITS
Fastly-Drupal-Html
X-VServer
X-Servedbyhost
S-Rt
CloudFront-Viewer-Country
X-LB-NoCache
X-B3-Parentspanid
X-Dispatcher-Number
X-Nananana
X-Nginx-Cache-Key
X-HS-CF-Cache-Status
X-Via-SSL
WZWS-RAY
X-Via-Edge
Edge-Copy-Time
X-Geolocation
X-Cache-Date
Cache-Tv-Group
X-Via-CDN
X-ZONE
X-External-Request-Id
X-Custom-Header
X-Application
X-B-Cookie
X-Destination
X-S-Cookie
Fastly-Drupal-HTML
X-Geo-Header
T-Server
X-IsAdmin
X-Zone
X-Endurance-Cache-Level
X-DC
X-Pass-Why
X-Zen-Fury
X-Tt-Logid
X-LB-ID
X-Via-Poph
X-HA-Backend
X-Via-Popn
X-Via-Popv
X-Nc
X-ND-Cache
X-Wa
X-DynaTrace-JS-Agent
X-CS
HostName
GeoIp-Country-Code
X-Webkit-Csp-Report-Only
X-Cache-Server
Vc-Max-Age
X-CMSURLCustom
X-User
X-CDN-Forward
X-Litespeed-Tag
X-Srv
X-Presslabs-Stats
Cdn-Requestid
Cdn
X-COUNTRY
X-Oracle-Dms-Ecid
X-URL
Server-ID
X-Parent-Response-Time
True-Client-IP
X-Varnish-Beresp-TTL
X-AIR-PT
X-APP-VERSION
Ohc-Cache-HIT
X-CACHE-AGE
X-DataCenter
Vix-Hermes-Req-Id
Powered-By
Srv
X-HubSpot-Correlation-Id
SID
X-VC-TTL
X-Moov-T
X-Moov-Xdn-Caching-Status
X-Vgn-Hpd-Reason
X-NewRelic-App-Data
X-Moov-Xdn-Version
WP-Super-Cache
X-Ckpd-Fst-Backend
X-Fastly-Cache
Resin-Trace
X-Fpc
Uri
On-Server
X-TH-Server
Pics-Label
X-API-Version
X-FPC
SEZNAM-JOBS-OFFER
ServerHost
Thinkindot-Control
X-Old-Content-Length
X-Air-Hostname
X-Air-Source
X-Air-Trace-Id
X-Srcache-Fetch-Status
X-Srcache-Store-Status
True-Client-Ip
X-PHP-Backend
X-Vercel-Id
X-Vercel-Cache
X-Cache-TTL-Remaining
AKAMAI
X-Cache-Ttl
X-Amz-Meta-Opti
X-SERVER-NAME
Serverhost
X-TX-ID
X-Datadome
Server-Id
X-Client-Ip
X-Dynatrace-Js-Agent
Magicmarker
X-Action
Location
X-Cache-VC
X-Thinkindot-L1
GeoIP-Country-Code
X-Info
X-Oracle-Dms-Rid
Cl-Cache
Hostname
X-CDN-Cache-Status
X-NC
X-V
X-Stale
X-Cdn-Cache-Status
X-WA
X-Debug-Service
Av-Poweredby
N1-Cache
CDN
X-FTR-Balancer
X-Eligible
X-FTR-Backend-Server
X-FTR-Expires
X-FTR-Cache-Status
X-FTR-Backend
X-Lb-Id
X-Rollout
X-IAuth-Set-Uid
X-Country-Code-Real
X-New
Sm-Log-Id
X-Service-Response-Time
X-Vc
Store-Cloud-Cache
X-Ee-Generated-By
X-Cms-Device
X-Forwarded-Site
Time-Cloud-Cache
X-Ee-Origin
X-Fastly-Cache-Status
X-Udemy-Cache-App-Namespace
X-Ha-Backend
X-Region-Sid
X-Datacenter
X-Save-Cache
X-WA-Info
X-Ee-Request-Id
X-Ee-Request-Date
X-Vary-Devices
X-VTEX-Cache-Backend-Connect-Time
X-Via-PopN
X-Via-PopV
X-VTEX-Cache-Backend-Header-Time
X-ApacheServer
Machine
X-Geo
X-PERF
X-Via-PopH
X-Nitro-Cache
X-Lb-Nocache
Server-Info
X-Ssense-Shipping-Surcharge-Enabled
X-Ssense-Gql
Cloudfront-Viewer-Country
X-Limited
X-Container-Uri
X-Fastly-Backend-Reqs
X-Resp-Is-Stale
X-Proxy-Cache-La3
Xkeylog
X-Github-Request-Id
X-Render-Time
Xkey-La3
X-Git-Commit
X-Oracle-DMS-ECID
X-ServedByHost
X-VCL-Version
Tcn
X-Uri
X-App
X-Litespeed-Cache-Control
X-Ftr-Request-Id
TWC-GeoIP-City
TWC-GeoIP-DMA
Cache-Hits
TWC-GeoIP-Region
WWW-Authenticate
X-Varnish-Hostname
RewriteTeamHook
X-EC-Lua
Geoip-Latitude
X-MSEdge-Features
X-Traceid
X-SRCache-Key
Edge-Cache
Permission-Policy
X-MSEdge-Flight
X-Akamai-Pragma-Client-IP
WebServer
Cache-Contol
X-Jungle-Id
X-Ion-Hop
Cneonction
RewriteTestHook
X-Ion-Healthy
Log-Origin
X-Correlation-ID
CountryCode
X-Akamai-Transformed
PICS-Label
My-App
Cmsid
Cmstype
X-LAGOON
Pragrma
X-HS-Status
X-Acquia-Purge-Tags
X-From
FSS-Cache
X-Acquia-Application-UUID
X-Dw-Trace-Id
X-Requestid
NtCoent-Length
X-Cdn-Request-ID
Reporter
X-Acquia-Application-Trace
X-Pod
X-Acquia-Site
X-Serial
X-Check-Cacheable
X-Ua
X-Sucuri-Id
Cf-Ipcountry
X-Elasticpress-Query
X-UP
X-Up
X-BBC-Origin-Response-Status
X-Th-Server
X-Platform-Router
X-Platform-Cluster
X-Platform-Processor
X-Ramcache
CF-Cached-On
X-Fastly-Cache-Hits
X-Ad-Load-Variation
X-Web-Server
X-Ms-Blob-Type
X-Ms-Lease-Status
X-Akamai-ERPolicy
X-Akamai-ERRuleID
X-Sqd-Stime
Warning
Timeexpire
X-Tncms-Bot-Tier
X-Sqd-Ctime
X-Orig-Cache-Control