Threat Level: green Handler on Duty: Jim Clausing

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
Accept-Ranges
Expect-CT
CF-RAY
Pragma
X-Powered-By
X-Cache
X-XSS-Protection
Via
Age
Content-Security-Policy
Report-To
Alt-Svc
NEL
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Xss-Protection
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
X-Served-By
P3P
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
CF-Ray
Content-Security-Policy-Report-Only
X-Runtime
X-DNS-Prefetch-Control
X-AspNet-Version
X-Drupal-Cache
X-Generator
Server-Timing
P3p
X-Cache-Status
X-Cacheable
X-Envoy-Upstream-Service-Time
X-Request-ID
X-FRAME-OPTIONS
Timing-Allow-Origin
X-Iinfo
X-Check
X-Drupal-Dynamic-Cache
Permissions-Policy
X-Content-Security-Policy
Access-Control-Expose-Headers
Feature-Policy
Upgrade
Content-Encoding
Status
X-Ua-Compatible
X-CDN
X-AspNetMvc-Version
Access-Control-Max-Age
Host-Header
Cf-Edge-Cache
Accept-CH
X-Robots-Tag
Request-Context
X-Amz-Request-Id
X-Amz-Id-2
X-Backend
X-Hacker
X-Turbo-Charged-By
X-Cache-Group
Keep-Alive
X-Proxy-Cache
Cf-Apo-Via
X-Via
X-Rq
Accept-CH-Lifetime
EagleId
X-Age
X-Server
X-UA-Device
X-Dispatcher
X-Vhost
X-Amz-Version-Id
X-AH-Environment
X-Ws-Request-Id
X-Dns-Prefetch-Control
X-Varnish-Cache
Grace
X-Server-Powered-By
X-Litespeed-Cache
Allow
X-Swift-CacheTime
X-Swift-SaveTime
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Pingback
X-WebKit-CSP
X-Cache-Lookup
X-OneAgent-JS-Injection
Ali-Swift-Global-Savetime
X-Page-Speed
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Device
EagleEye-TraceId
X-Backend-Server
X-Akam-SW-Version
X-Host
X-Response-Time
Surrogate-Control
X-Cloud-Trace-Context
Cf-Railgun
X-Readtime
X-Node
X-Server-Id
X-HW
X-LiteSpeed-Cache
X-Ruxit-JS-Agent
Xkey
Request-Id
X-Country
X-Url
X-Nginx-Cache-Status
X-Application-Context
X-NWS-LOG-UUID
X-Content-Type
Cache-Tag
Content-Location
X-Nginx-Upstream-Cache-Status
X-Clacks-Overhead
X-Amz-Server-Side-Encryption
Service-Worker-Allowed
X-Trace
Fastly-Restarts
Cross-Origin-Opener-Policy
X-Times
X-PC
X-TtlSet
X-Vname
X-Midtier
X-Mcache
X-Edge
X-Rack-Cache
X-Country-Code
Rating
Surrogate-Key
X-Browser-Type
X-Server-Name
X-ESI
X-Cache-TTL
X-Sol
X-Middleton-Display
Display
Pagespeed
X-Abt-Application-Version
X-Cnection
X-Element-Page-Cache
X-Exp-Id
X-Kinja-Server
X-Cdn-Fetch
X-Exp-Variant
X-Kinja-Build
X-GoogleNews-Bot
X-Kinja-Revision
X-Kinja
X-Oneagent-Js-Injection
X-Ser
Edge-Control
Nginx-Cache
X-Powered-By-Plesk
X-GitHub-Request-Id
X-D2id
Verso
X-Ac
X-Dw-Request-Base-Id
X-ARC
X-Vcap-Request-Id
X-Client-IP
Accept-Ch-Lifetime
X-MS-InvokeApp
X-Aspnet-Version
X-Daa-Tunnel
X-ORACLE-DMS-RID
X-Upstream
X-Navigation-Version
X-Amz-Rid
X-CST
X-ECACHE
X-Powered-CMS
X-Goog-Hash
Response
X-Middleton-Response
X-Erf-Bev-Bev-Is-Generated
X-Instrumentation
X-Kinsta-Cache
X-PDP-UNCACHING-HASH
X-Erf-Bev-Bev
X-Edge-Location-Klb
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
X-B3-TraceId
X-Ttl
AR-ATIME
AR-Request-ID
AR-PoweredBy
AR-SID
X-Ua-Device
X-Cache-Key
X-Amzn-Trace-Id
X-Forwarded-For
X-Ratelimit-Limit
X-NF-Request-ID
RTSS
X-Mod-Pagespeed
X-Wormhole-Sdk
X-Ratelimit-Remaining
X-Server-ID
SPIisLatency
SPRequestDuration
Edge-Cache-Tag
X-FastCGI-Cache
Cache-Status
AR-CACHE
X-Version
X-ORACLE-DMS-ECID
Public-Key-Pins
X-Mg-S
X-Ruxit-Js-Agent
S
Cross-Origin-Resource-Policy
X-Ezoic-Cdn
Realpath
X-SharePointHealthScore
SPRequestGuid
X-MSEdge-Ref
Fastcgi-Cache
X-Shield-Request-Id
X-T
X-Cached
X-Content-Digest
X-Recruiting
X-Accel-Expires
Access-Control-Request-Method
X-Distributor
X-Newrelic-App-Data
TP-Cache
X-Correlation-Id
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
Arr-Disable-Session-Affinity
X-Debug
Front-End-Https
Count-Hit
X-Id
X-Content-Security-Policy-Report-Only
X-Request-Processing-Time
Server-Node
X-Request-Received
X-HS-Hub-Id
X-HS-Cache-Config
X-HS-Content-Id
X-Ua-Browser
X-Fastly-Request-ID
MicrosoftSharePointTeamServices
X-VARITI-CCR
X-HS-Combine-CSS
X-LLID
X-Frontend
X-Azure-Ref
X-PressLabs-Stats
Cache-Tags
X-Varnish-TTL
X-Cluster-Name
X-Ismobilevalue
Payment
X-Varnish-Ttl
Accept-Ch
X-Hits
X-Forwarded-Proto
X-LB-Cache
X-Amz-Replication-Status
X-Varnish-Backend
X-Goog-Metageneration
X-Microsite
X-Request-Handler-Origin-Region
Filterid
Host
X-Protected-By
X-Unique-Id
X-GUploader-UploadID
X-Logged-In
X-Git-Hash
X-FB-Debug
X-AppVersion
X-Varnish-Server
X-Az
Content-Disposition
X-Activity-Id
X-Www-Served-By
Cleartype
X-Ratelimit-Reset
X-App-Server
X-Hostname
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-TTL
X-Amz-Apigw-Id
X-Amzn-RequestId
X-NGENIX-Cache
X-Webkit-CSP
Mrf-Cache-Status
X-B3-TraceId-Primal
MRF-Tech
X-HP-Trace-Id
X-HP-Webp
X-Jurisdiction
X-Geo-Country
X-DIS-Request-ID
Access-Control-Allow-Method
Retry-After
X-Page-Id
X-Origin-Server
X-Nf-Request-Id
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
X-Load-Cache
X-ASPNET-VERSION
X-Upgrade-Enabled
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-Pinterest-Rid
MS-Author-Via
X-Fastcgi-Cache
Pinterest-Version
Pinterest-Generated-By
Origin-Trial
Accept-Charset
X-TEC-API-ROOT
Fastly-SIE
X-TEC-API-VERSION
X-Type
X-Ah-Environment
X-TEC-API-ORIGIN
Fastly-SWR
X-Fb-Rlafr
X-TT
Akamai-GRN
Content-MD5
Section-Io-Cache
X-Cambria-Cache-Control
X-Cache-Control
X-B3-Sampled
Viewport
X-Template
X-B
X-Content-Options
X-Grace
Amp-Access-Control-Allow-Source-Origin
Version
X-Request-Guid
X-Trace-Id
Frame-Options
X-Revision
TCN
X-SRCache-Store-Status
X-Amz-Meta-S3cmd-Attrs
X-SRCache-Fetch-Status
X-Origin-Cache
Healthy
X-Cdn
X-Envoy-Decorator-Operation
X-Contextid
X-Vcl-Version
X-RateLimit-Remaining
X-Magnolia-Registration
X-Xrds-Location
X-Device-Type
X-ECache
X-CSRF-Token
X-Source
X-Aspnetmvc-Version
X-WP-CF-Super-Cache-Active
Server-Name
DC
X-Backend-Name
X-Proxy
X-Cache-Age
X-Px
X-Mobile
X-Seen-By
X-Rid
X-Varnish-Grace
X-RM-Cache-TTL
X-Tumblr-Pixel-1
X-RemovedCookies
X-ProcessESI
X-Tumblr-Pixel-0
X-Tumblr-User
X-Tumblr-Pixel
X-Fastly-Request-Id
Access-Control-Request-Headers
X-App-Environment
X-Environment-Context
X-Framework
X-Debug-Info
X-L-Path
X-Rule
X-UUID
X-G
Cross-Origin-Window-Policy
X-Storage
X-Cacheable-TTL
X-ServerID
X-Debug-IsPreview
X-Debug-IsConnected
X-Content-Powered-By
X-Akamai-Edgescape
X-Status
X-Mg-Request-UUID
X-Adobe-Loc
X-NYM-Debug-Backend
X-Region
X-Adobe-Content
SD-X-WS
X-Node-Name
X-Datadog-Trace-Id
X-Datadog-Sampling-Priority
Ms-Operation-Id
X-RTag
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Datadog-Sampled
X-Datadog-Parent-Id
X-CLOUD-TRACE-CONTEXT
X-Instance
MS-CV
X-Proxy-Cache-Info
X-FW-Dynamic
Paypal-Debug-Id
NGB
GEO-INFO
X-FW-Hash
X-FW-Version
X-Rendered-As
X-Is-Bot
X-FW-Static
X-FW-Type
X-FW-Serve
X-FW-Server
X-User-Agent
X-Language
X-Tec-Api-Root
X-Tec-Api-Origin
X-Tec-Api-Version
X-HTML-Minification-Powered-By
X-EdgeConnect-Cache-Status
X-Cache-Time
X-Buckets
Countrycode
Front
X-B3-Traceid
Upgrade-Insecure-Requests
Webserver
Charset
X-WebKit-CSP-Report-Only
Protected
X-Whom
OT-Force-Account-Verify
X-N
X-Lambda-Id
X-Edge-Location
X-VC
X-AB
X-Akamai-Request-ID2
X-IPS-LoggedIn
X-Cache-Status-Check
X-VHOST
Trailer
Section-Io-Id
Country
Priority
Refresh
X-Time
X-TT-LOGID
X-HS-Prerendered
X-Reqid
X-Hl-Ver
X-Via-JSL
Alternate-Protocol
X-CCDN-CacheTTL
X-Amzn-Remapped-Content-Length
X-CCDN-Origin-Time
X-Hcs-Proxy-Type
X-WP-CF-Super-Cache-Cookies-Bypass
Xet-Cookie
Backend
Accept-Language
X-B3-SpanId
VIX-Pulpo-Node
Liferay-Portal
VIX-Pulpo-Upstream-Status
X-Wix-Request-Id
Onion-Location
X-DataDome
X-Server-W
X-Mode
X-SaId
X-JoinUs
Meta-Geo
X-Rn-Rsrv
X-Web-Node
Uber-Trace-Id
X-Request-URI
X-Generated-By
X-Rewrite-Enabled
X-Skip-Cache
X-UPSTREAM-Address
X-Auth-Group-Type
X-Tumblr-Pixel-2
Fastcgi-Useragent
Environment
X-Origin-Date
From-Origin
X-Fetched-On
Filters
X-BYPASS-REASON
X-Tb
X-Connection-Hash
X-Say-Cacheable
X-Cache-Host
X-Cache-Expired-At
X-Cluster-Node
X-Say-TTL
X-Cache-Action
X-IPLB-Instance
X-Real-IP
ServerID
TWC-Connection-Speed
Apigw-Requestid
Atl-Traceid
Expiry
Property-Id
TWC-Device-Class
TWC-GeoIP-Country
Webcakes-App-Version
Webcakes-Region
X-Accel-Version
Webcakes-App-Name
TWC-Privacy
TWC-GeoIP-LatLong
TWC-Locale-Group
X-IPLB-Request-ID
X-SayCDN-TTL
X-Webstats-RespID
X-ProxyCache-Key
X-Format
X-Nginx-Cache
X-R9-Blue-Green-Version
X-Varnish-Cache-Hits
X-Logging-Id
X-XRDS-LOCATION
X-ProxyCache-Status
X-Origin-Hint
X-Varnish-Age
X-VC-Cache
X-Hosted-By
X-Restarts
X-Varnish-Beresp-Grace
X-Scope-Id
X-FB-TRIP-ID
X-Frame-Option
X-Adobe-Source
X-Redis-Cache
X-Labrador-Cache-Channel
X-Director
X-PHP-Host
X-Handled-By
X-Response-Served-From
X-Original-Request-Id
X-Cms-Context
Mn-Server-Ip
X-Served-From
X-Forwarded-Host
X-Httpd
X-Soup
LB
Selected-Fe
X-Proxy-Build
ServedBy
X-Timing-Wait
Web-Mar-Node
SRV
X-Loop
X-Tncms
X-Vcache
X-Cluster
X-Cloudmap
X-Proxied
X-Extlb
X-S
X-Routing-Service
X-Detected-As
X-Servername
X-Zipkin-Id
X-Origin
DB-Nickname
Url
Cross-Origin-Embedder-Policy-Report-Only
X-Origin-TTL
Xserver
X-Origin-CC
X-RID
N-Cache
X-LSADC-Cache
CF-IPCountry
X-XRDS-Location
Referer-Policy
X-Rocket-Nginx-Serving-Static
X-Hit
X-Xfnlog-Site
X-Webkit-Csp
Cross-Origin-Embedder-Policy
X-SRV
X-Lagoon
X-Upstream-Ct
X-Upstream-Ht
X-Ms-Request-Id
X-Ms-Version
X-NWS-UUID-VERIFY
X-Tumblr-Pixel-3
X-Cache-Debug
X-VCT
X-TraceId
X-DynaTrace
Source
X-UA
X-RCS-CacheZone
X-Proxy-Cache-Status
X-Azure-Ref-OriginShield
CDN-RequestId
WPO-Cache-Message
WPO-Cache-Status
X-Signature
X-Is-Mobile
X-Geo-Region
X-F-Cache
X-B-Cache
X-Is-Desktop
X-Worker
X-Is-Tablet
X-Is-Supported-Browser
X-Browser-Name
X-Tcp-Rtt
X-Urbn-Context-Path
X-RateLimit-Limit-Second
X-Urbn-Site-Id
X-No-Session
Locale
X-RateLimit-Remaining-Second
Surrogated-Key
Node
X-Cdn-Origin
X-Sucuri-Cache
X-FTR-Request-ID
X-Generation-Time
X-RateLimit-Limit
X-ShardId
X-Shopify-Stage
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Alternate-Cache-Key
X-ShopId
X-NODE
X-Storefront-Renderer-Rendered
X-Tx-Id
X-Sucuri-ID
X-Drupal-Cache-Tags
X-Drupal-Cache-Contexts
X-App-Version
X-Cdn-Forward
X-Service
X-Locale
X-Site-Version
TP-L2-Cache
X-Optimistic-Header
X-Cache-Rule
X-Cache-Operation
X-Developer
X-DPWN-IS-SECURE
X-Ec-Fail
X-Ec-GeoHdr
X-Epic-Correlation-Id
X-GeoCode
Producers
X-Gdpr
X-FC-Vary-Parameters
X-GeoCountry
Thinkindot-CacheControl
X-MP-GENERATED-AT
X-GeoIP-City
TDXMobile
X-GeoIP
X-ElasticPress-Query
X-Conf
X-Aicache-OS
X-Aed
Expect-Staple
Fastly-GeoIP-CountryCode
X-AK-Request-ID
DCR-Processing-Time-Ms
Ngx.Var.Host
X-Amz-Storage-Class
DCR-Decision-By
Meta-Geo-Continent
Gannett-Cam-Experience-Id
Rendered-Blocks
X-A-Dam
X-A-Ccd
Host-ID
X-A
X-A-Dcw
X-A-Dgt
Sslversion
Origin-Agent-Cluster
X-A-Wwc
MD5-Digest
X-App-Name
Content-Secure-Policy
Azure-SiteName
Azure-SlotName
Azure-Version
BehaviorPad-Version
Azure-RegionName
Azure-InstanceId
Odigeo-Trace-Id
X-DefHash
X-DefElseHash
X-D
Lang
Candidate-Md5Url
X-BCube-Filmed-By
Thinkindot-CacheControl-Type
X-Bc-Bl
Cluster
Cdnsip
Redirect-Candidate
X-Cache-NE
X-Cache-Info
X-Bug-Bounty
Cdncip
A
X-Ig-Origin-Region
X-NGINX-Cache
X-Proto
X-Proxied-Request
X-Rojux
X-Scheme
X-Platform-Server
AMP-Access-Control-Allow-Source-Origin
X-Origin-Expires
X-Org
X-Origin-Response-Time
X-Origin-Time
X-PAYTM-SRV-ID
X-ScT
X-Shield-Cache-Expires
X-Viewer-Country
X-VG-WebCache
X-Vmg-Version
X-Vtex-Remote-Cache
Xc-Version
X-Vdms-Version
X-Varnish-Remaining-TTL
X-TIM-N
X-Thinkindot-L3
X-Varnish-CookieHashed-On
X-Varnish-CookieINHashed-On
X-Varnish-Director
X-Nyt-Route
X-Request-Time
X-Mvc-Supplant-OutputCached
X-Mly-Id
X-Internal-TTL
X-Mvc-Supplant-Cachable
X-Jobs
X-Ig-Push-State
X-Loc
X-Varnish-Beresp-Ttl
Ohc-File-Size
Cache
Mime-Version
X-VarnishDD-TTL
X-HS-Content-Campaign-Id
X-INCAP-ABP
X-SVT-ORM-VERSION
X-Varnishpool
Wxu-Next-Hostname
Wxu-Next-Region
X-HN
X-Akamai-Device-Characteristics
X-Human
Wxu-Next-Commit
X-V-Cache
X-Varnish-Authentication
X-UA-Device-Type
X-Varnish-Beresp-Status
Product
X-Access
X-Acquia-Purge-Cdn-Unconfigured
Tube-Return
RNT-Time
Server-Host
X-We-Are-Hiring
X-VTEX-Cache-Time
RNT-Machine
Req-Svc-Chain
Yak-Timeinfo
XkeyRZ
Release
X-GoCache-CacheStatus
X-VTEX-Cache-Server
X-GeoIP-Country-Code
Tube-Got-Results
X-SVT-ORM-RULES
W
X-VG-TLSProxy
X-Hash
X-Via-Fastly
Tube-Get-Contents
X-Gzip
Tube-Got-Eval
We-Hiring
X-Auto-Login
X-Csrf-Jwt
X-Policy
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-Pool
X-Powered-By-VTEX-Cache
X-Core-Value
X-Proxy-CacheRZ
X-Location
X-Gamma-Serve
X-Fmm-Version
X-Platform
X-Eu-Site
X-Op-Id-All
X-Edge-Server
X-Esi-Check
X-NMSegId
X-Ec-Custom-Error
X-Depends
X-Path
X-Dispatcher-Server
X-Fastly-Backend
X-Content-Age
X-Contensis-Viewer-Groups
X-Section
X-SD-PageType
X-Bl-Debug
X-SB
X-BBC-Edge-Cache-Status
X-Backend-Instance
X-Slack-Shared-Secret-Outcome
X-Slack-Backend
X-Node-Id
X-Generated-On
X-Cache-Aspx
X-Cache-Bucket
X-CGP
X-Clientip
X-Req
X-Pubstack
X-CacheTTL
X-Cached-By
X-Cache-Id
X-Level-Front-Cache
X-GeoIP-Region-Code
X-Sn-Servicetimems
X-Amz-Meta-Cb-Modifiedtime
NGX
Mail-Subject
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
NM-Fastcgi-Cache
Apple-News-Services-Handled
X-Pad
Fastly-Backend-Name
Cdn-Request-Time
Click-Count-Action-Start
Apple-News-Services-Request-Url
Gh-Request-Id
Ha-Gx-Prefs
HA-Ipaddr
L
Canary
Cdn-Host
Cache-Provider
L5d-Success-Class
Origin
Esi-Enabled
Cross-Origin-Opener-Policy-Report-Only
Origin-EX
Content-Style-Type
Content-Script-Type
PFcat
Platform
Origin-CC
Click-Count-Error
Debug
DSUID
Sid
X-Bip
CDN-Uid
X-Block-Status
CDN-RequestPullSuccess
X-Cache-FS-Status
X-Cache-Grace
CDN-RequestCountryCode
CDN-RequestPullCode
CDN-CachedAt
CDN-PullZone
CDN-EdgeStorageId
X-CUA
X-Tb-Optimization-Total-Bytes-Saved
X-SIPLIST1
X-Server-IP
X-Request-Start
X-Thanos
X-Api-Version
XM
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-Var-Ttl
X-LiteSpeed-Tag
X-NodeID
X-Content-Length
Cache-Key
CDCHOST
CDN-Cache
X-Date
X-Gen-Mode
X-Micro-Cache
X-Men
X-Hnp-Log
X-Cdn-Srv
X-Request-Host
User-Cache-Control
Fastly-SSL
ServerName
Ssr
Web-Mar-Region
IsBot
Req-ID
X-Accel-Expires-Debug
Country-Code
Pramga
User-Agent
X-B3-Trace-ID
V-Age
X-Air-Pt
X-AB-Test
X-Cache-Hit
X-LiteSpeed-Cache-Control
X-HOST
X-VWS-Id
X-LJ-Flow-ID
Akamai-Mon-Iucid-Del
X-AWS-Id
X-Newrelic-Synthetics
True-Client-Country-4JS
X-Dc
X-ORCA-Accelerator
Fl-Custom-Application
X-Irp-Debug
X-CACHE-GROUP
X-Varnish-Hits
X-Cs
X-Provided-By
X-GEO
Sever-Int
X-Test
Server-Ext
C-Via
GeoIP-Latitude
Server-Hostname
X-RequestId
X-TA-CDN-Provider
X-HITS
Is-Eu
X-B3-Spanid
X-LB-NoCache
Adler-Geo
X-Nananana
X-Servedbyhost
CloudFront-Viewer-Country
Fastly-Drupal-HTML
X-Via-Edge
X-Via-CDN
X-DC
X-Refresh
X-Cache-Date
X-VServer
X-Dispatcher-Number
X-Geolocation
X-Nginx-Cache-Key
X-HS-CF-Cache-Status
X-B3-Parentspanid
Edge-Copy-Time
S-Rt
Proxy-Firewall
X-Via-SSL
X-APP
WZWS-RAY
X-Via-Popn
X-B-Cookie
X-Destination
X-External-Request-Id
X-S-Cookie
X-Application
X-IsAdmin
X-Via-Poph
X-Zone
Cache-Tv-Group
X-Tt-Logid
X-Via-Popv
X-HA-Backend
Cdn-Requestid
X-Endurance-Cache-Level
X-Zen-Fury
T-Server
X-Wa
X-Geo-Header
X-Custom-Header
X-Nc
Fastly-Drupal-Html
X-LB-ID
X-ZONE
X-DynaTrace-JS-Agent
X-Pass-Why
Server-ID
X-ND-Cache
X-Webkit-Csp-Report-Only
X-User
HostName
Cdn
X-Litespeed-Tag
X-CDN-Forward
X-Srv
X-Presslabs-Stats
X-CMSURLCustom
X-Oracle-Dms-Ecid
X-URL
Vc-Max-Age
X-Cache-Server
X-COUNTRY
X-CS
GeoIp-Country-Code
X-CACHE-AGE
X-Parent-Response-Time
X-AIR-PT
Ohc-Cache-HIT
X-Fpc
X-HubSpot-Correlation-Id
SID
X-VC-TTL
X-Vgn-Hpd-Reason
Powered-By
X-Moov-Xdn-Version
X-Moov-Xdn-Caching-Status
True-Client-IP
X-DataCenter
Vix-Hermes-Req-Id
X-NewRelic-App-Data
Resin-Trace
X-Moov-T
X-TH-Server
X-Varnish-Beresp-TTL
Srv
X-Fastly-Cache
X-Ckpd-Fst-Backend
Pics-Label
Uri
WP-Super-Cache
X-API-Version
X-APP-VERSION
X-Old-Content-Length
True-Client-Ip
On-Server
SEZNAM-JOBS-OFFER
X-Srcache-Fetch-Status
X-Srcache-Store-Status
Thinkindot-Control
ServerHost
X-SERVER-NAME
GeoIP-Country-Code
X-Amz-Meta-Opti
X-Air-Trace-Id
X-Vercel-Cache
X-FPC
X-Air-Hostname
X-Vercel-Id
Serverhost
X-Air-Source
AKAMAI
X-PHP-Backend
X-Datadome
X-TX-ID
X-Cache-TTL-Remaining
X-Client-Ip
X-Cache-VC
X-Thinkindot-L1
Location
X-Dynatrace-Js-Agent
Magicmarker
X-Action
X-Info
Server-Id
X-Oracle-Dms-Rid
Cl-Cache
X-V
X-Stale
Av-Poweredby
Hostname
N1-Cache
X-Cdn-Cache-Status
X-Debug-Service
X-Country-Code-Real
X-FTR-Balancer
X-FTR-Cache-Status
X-FTR-Backend
X-WA
X-IAuth-Set-Uid
X-FTR-Backend-Server
X-FTR-Expires
X-CDN-Cache-Status
X-Datacenter
X-NC
CDN
X-Service-Response-Time
X-Vc
Sm-Log-Id
X-VCL-Version
Store-Cloud-Cache
X-PERF
X-Ee-Request-Date
X-Save-Cache
Time-Cloud-Cache
X-ApacheServer
X-Ee-Generated-By
X-Cms-Device
X-Vary-Devices
X-Ee-Origin
X-Ee-Request-Id
X-Geo
X-Rollout
X-Fastly-Cache-Status
X-VTEX-Cache-Backend-Connect-Time
X-Eligible
X-New
X-Udemy-Cache-App-Namespace
X-VTEX-Cache-Backend-Header-Time
X-Lb-Id
X-Cache-Ttl
X-Resp-Is-Stale
X-App
X-Via-PopN
X-Via-PopV
X-Forwarded-Site
X-Via-PopH
X-Ha-Backend
X-Nitro-Cache
X-Region-Sid
X-Limited
X-Github-Request-Id
Machine
X-Oracle-DMS-ECID
X-Ssense-Gql
X-Render-Time
Xkey-La3
X-Fastly-Backend-Reqs
Xkeylog
X-Proxy-Cache-La3
X-Ssense-Shipping-Surcharge-Enabled
X-WA-Info
Cloudfront-Viewer-Country
X-Lb-Nocache
X-ServedByHost
Tcn
Server-Info
X-Litespeed-Cache-Control
X-Uri
TWC-GeoIP-Region
TWC-GeoIP-City
X-Git-Commit
X-Container-Uri
Cache-Hits
TWC-GeoIP-DMA
X-Ion-Hop
X-Jungle-Id
Cache-Contol
RewriteTeamHook
RewriteTestHook
WWW-Authenticate
X-Ion-Healthy
Geoip-Latitude
WebServer
X-MSEdge-Features
X-MSEdge-Flight
Edge-Cache
X-Akamai-Pragma-Client-IP
X-EC-Lua
Cneonction
X-Traceid
X-Ftr-Request-Id
CountryCode
X-Ua
X-Correlation-ID
Pragrma
Permission-Policy
X-SRCache-Key
Cmsid
X-Dw-Trace-Id
Log-Origin
My-App
X-HS-Status
X-LAGOON
Cmstype
X-Varnish-Hostname
X-Guploader-Uploadid
Reporter
X-Pod
X-Cdn-Request-ID
PICS-Label
X-Acquia-Application-UUID
X-Requestid
X-Up
X-Serial
X-Akamai-Transformed
X-From
X-Check-Cacheable
X-Acquia-Application-Trace
X-Acquia-Purge-Tags
X-Acquia-Site
FSS-Cache
X-Html-Minification-Powered-By
Cf-Ipcountry
X-Sucuri-Id
X-Elasticpress-Query
NtCoent-Length
X-BBC-Origin-Response-Status
X-Fastly-Cache-Hits
X-Platform-Router
X-Platform-Processor
X-Ramcache
X-Ms-Blob-Type
X-Ms-Lease-Status
X-Tncms-Bot-Tier
X-Platform-Cluster
Timeexpire
CF-Cached-On
X-Web-Server
X-Akamai-ERRuleID
X-Akamai-ERPolicy
Warning
X-Orig-Cache-Control