Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
X-Frame-Options
Expires
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
Accept-Ranges
Expect-CT
CF-RAY
Pragma
X-Powered-By
X-Cache
Via
X-XSS-Protection
Age
Content-Security-Policy
Report-To
Alt-Svc
NEL
Referrer-Policy
Access-Control-Allow-Origin
X-Xss-Protection
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
X-Served-By
P3P
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
CF-Ray
Content-Security-Policy-Report-Only
X-Runtime
X-DNS-Prefetch-Control
X-AspNet-Version
X-Drupal-Cache
X-Generator
Server-Timing
X-Cache-Status
P3p
X-Cacheable
X-Envoy-Upstream-Service-Time
Timing-Allow-Origin
X-Request-ID
X-FRAME-OPTIONS
X-Iinfo
X-Check
X-Drupal-Dynamic-Cache
Permissions-Policy
X-Content-Security-Policy
X-Ua-Compatible
Access-Control-Expose-Headers
Feature-Policy
Upgrade
Content-Encoding
Status
X-CDN
Accept-CH
X-AspNetMvc-Version
Access-Control-Max-Age
Host-Header
Cf-Edge-Cache
X-Robots-Tag
X-Amz-Request-Id
Request-Context
X-Amz-Id-2
Accept-CH-Lifetime
X-Backend
X-Hacker
X-Turbo-Charged-By
X-Cache-Group
Keep-Alive
X-Proxy-Cache
Cf-Apo-Via
X-Via
X-Rq
EagleId
X-Age
X-Server
X-Dispatcher
X-Vhost
X-Amz-Version-Id
X-UA-Device
X-AH-Environment
X-Ws-Request-Id
X-Dns-Prefetch-Control
X-Varnish-Cache
X-Litespeed-Cache
Grace
X-Server-Powered-By
X-WebKit-CSP
Allow
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Swift-CacheTime
X-Swift-SaveTime
X-Pingback
X-Cache-Lookup
Ali-Swift-Global-Savetime
X-OneAgent-JS-Injection
X-Page-Speed
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Device
EagleEye-TraceId
X-Backend-Server
X-Akam-SW-Version
X-Response-Time
X-Host
Surrogate-Control
X-Cloud-Trace-Context
Cf-Railgun
X-Readtime
X-Server-Id
X-Node
X-HW
Xkey
Request-Id
X-Ruxit-JS-Agent
X-LiteSpeed-Cache
X-Nginx-Cache-Status
X-Country
X-Url
X-Application-Context
X-NWS-LOG-UUID
X-Content-Type
Content-Location
X-Nginx-Upstream-Cache-Status
Cache-Tag
X-Clacks-Overhead
X-Trace
X-Amz-Server-Side-Encryption
Service-Worker-Allowed
Cross-Origin-Opener-Policy
Fastly-Restarts
X-Times
X-Midtier
X-Edge
X-Mcache
X-PC
X-TtlSet
X-Vname
X-Rack-Cache
X-Country-Code
Rating
X-Oneagent-Js-Injection
Surrogate-Key
X-Server-Name
X-Browser-Type
X-ESI
X-Cache-TTL
X-Sol
X-Abt-Application-Version
Pagespeed
Display
X-Middleton-Display
X-Cnection
X-Element-Page-Cache
X-Ser
X-Kinja-Revision
X-Kinja-Build
X-GoogleNews-Bot
X-Exp-Variant
X-Cdn-Fetch
X-Exp-Id
X-Kinja-Server
X-Kinja
Edge-Control
X-GitHub-Request-Id
X-Powered-By-Plesk
Nginx-Cache
Verso
X-D2id
X-Ac
X-Ua-Device
X-Dw-Request-Base-Id
X-ARC
X-Vcap-Request-Id
X-Client-IP
X-MS-InvokeApp
X-Daa-Tunnel
X-Ttl
X-B3-TraceId
X-ORACLE-DMS-RID
X-Upstream
X-Navigation-Version
X-Amz-Rid
X-Aspnet-Version
X-Powered-CMS
X-CST
X-Goog-Hash
X-Middleton-Response
Response
X-Instrumentation
X-PDP-UNCACHING-HASH
X-Kraken-Loop-Name
X-Erf-Bev-Bev-Is-Generated
X-Server-Lifecycle-Phase
X-Erf-Bev-Bev
X-Kinsta-Cache
X-Edge-Location-Klb
X-ECACHE
AR-PoweredBy
AR-SID
AR-Request-ID
AR-ATIME
X-Cache-Key
X-Amzn-Trace-Id
X-NF-Request-ID
X-Ratelimit-Limit
X-Forwarded-For
Accept-Ch-Lifetime
RTSS
X-Ruxit-Js-Agent
X-Mod-Pagespeed
X-Wormhole-Sdk
SPIisLatency
SPRequestDuration
X-FastCGI-Cache
AR-CACHE
Cache-Status
Edge-Cache-Tag
X-Ratelimit-Remaining
X-Server-ID
X-Version
X-ORACLE-DMS-ECID
X-Mg-S
Public-Key-Pins
Cross-Origin-Resource-Policy
S
X-Ezoic-Cdn
X-SharePointHealthScore
Realpath
SPRequestGuid
X-MSEdge-Ref
X-Shield-Request-Id
Fastcgi-Cache
X-T
X-Cached
X-Content-Digest
X-Recruiting
X-Accel-Expires
Access-Control-Request-Method
X-Distributor
X-Correlation-Id
TP-Cache
Arr-Disable-Session-Affinity
X-Varnish-TTL
Count-Hit
X-Id
X-Newrelic-App-Data
X-Debug
X-Request-Received
X-Request-Processing-Time
X-Content-Security-Policy-Report-Only
Server-Node
Front-End-Https
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Ua-Browser
X-HS-Content-Id
X-VARITI-CCR
X-HS-Hub-Id
X-HS-Cache-Config
MicrosoftSharePointTeamServices
X-LLID
X-HS-Combine-CSS
X-Frontend
X-Azure-Ref
X-Fastly-Request-ID
Cache-Tags
X-Cluster-Name
X-Ismobilevalue
X-PressLabs-Stats
Payment
X-LB-Cache
X-Forwarded-Proto
X-Amz-Replication-Status
X-Hits
Accept-Ch
X-Goog-Metageneration
X-GUploader-UploadID
X-Varnish-Backend
Filterid
X-Microsite
X-Request-Handler-Origin-Region
X-Git-Hash
Host
X-Unique-Id
Cleartype
X-FB-Debug
X-Www-Served-By
X-Logged-In
X-Ratelimit-Reset
X-Protected-By
X-Az
X-Activity-Id
X-AppVersion
X-Varnish-Server
Content-Disposition
X-App-Server
X-Hostname
X-Varnish-Ttl
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-NGENIX-Cache
X-Amz-Apigw-Id
X-Amzn-RequestId
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
X-Geo-Country
X-HP-Webp
X-HP-Trace-Id
X-Jurisdiction
Retry-After
Access-Control-Allow-Method
X-Page-Id
X-Origin-Server
X-DIS-Request-ID
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
X-Load-Cache
MS-Author-Via
X-Upgrade-Enabled
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Goog-Storage-Class
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-Goog-Stored-Content-Length
Accept-Charset
X-Nf-Request-Id
Fastly-SWR
X-ASPNET-VERSION
X-Type
Section-Io-Cache
Fastly-SIE
Akamai-GRN
Pinterest-Version
X-Pinterest-Rid
Pinterest-Generated-By
Viewport
X-TT
X-Fb-Rlafr
X-Cache-Control
X-TTL
X-Fastcgi-Cache
Origin-Trial
Content-MD5
Amp-Access-Control-Allow-Source-Origin
X-Grace
X-Ah-Environment
X-B3-Sampled
X-Content-Options
X-B
X-Template
X-Origin-Cache
X-Cambria-Cache-Control
Version
X-RateLimit-Remaining
X-Request-Guid
X-SRCache-Fetch-Status
X-ECache
X-SRCache-Store-Status
X-Revision
TCN
X-Trace-Id
X-Amz-Meta-S3cmd-Attrs
Frame-Options
X-Vcl-Version
Healthy
X-Contextid
X-Envoy-Decorator-Operation
X-Magnolia-Registration
X-Cdn
X-Device-Type
X-CSRF-Token
X-Source
X-WP-CF-Super-Cache-Active
X-Fastly-Request-Id
DC
Server-Name
X-Backend-Name
X-Webkit-CSP
X-Aspnetmvc-Version
X-Proxy
X-Px
X-Seen-By
X-Mobile
X-Varnish-Grace
X-Xrds-Location
X-Tumblr-Pixel-0
X-ProcessESI
X-App-Environment
X-RemovedCookies
X-RM-Cache-TTL
X-Tumblr-Pixel
X-Tumblr-Pixel-1
X-Tumblr-User
Access-Control-Request-Headers
X-Status
X-Mg-Request-UUID
X-Debug-Info
X-Framework
X-Storage
X-Rule
X-ServerID
X-Debug-IsPreview
X-Cacheable-TTL
X-Adobe-Loc
X-Instance
X-Proxy-Cache-Info
X-G
X-NYM-Debug-Backend
X-Adobe-Content
SD-X-WS
NGB
X-L-Path
X-UUID
X-Rid
X-Environment-Context
X-Debug-IsConnected
X-Rendered-As
X-Cache-Age
X-HTML-Minification-Powered-By
X-FW-Version
X-FW-Type
X-FW-Dynamic
X-Region
X-FW-Serve
GEO-INFO
X-FW-Static
Cross-Origin-Window-Policy
X-Node-Name
X-Content-Powered-By
X-FW-Server
Paypal-Debug-Id
X-FW-Hash
X-Is-Bot
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Datadog-Sampling-Priority
X-Datadog-Sampled
X-Akamai-Edgescape
X-Datadog-Trace-Id
X-Datadog-Parent-Id
X-User-Agent
X-RTag
MS-CV
Ms-Operation-Id
X-CLOUD-TRACE-CONTEXT
Countrycode
X-EdgeConnect-Cache-Status
Front
X-Cache-Time
Webserver
X-Language
X-Tec-Api-Root
Upgrade-Insecure-Requests
X-Tec-Api-Origin
X-Tec-Api-Version
X-WebKit-CSP-Report-Only
X-Buckets
Charset
Protected
X-Whom
X-N
OT-Force-Account-Verify
X-IPS-LoggedIn
X-AB
X-Akamai-Request-ID2
X-Cache-Status-Check
Section-Io-Id
X-Edge-Location
X-Lambda-Id
X-Time
Refresh
Country
X-TT-LOGID
Trailer
Priority
X-VHOST
X-VC
X-B3-SpanId
X-Hl-Ver
X-Hcs-Proxy-Type
X-Via-JSL
X-CCDN-CacheTTL
X-CCDN-Origin-Time
X-WP-CF-Super-Cache-Cookies-Bypass
X-XRDS-LOCATION
X-Reqid
Alternate-Protocol
X-Amzn-Remapped-Content-Length
X-HS-Prerendered
Backend
X-B3-Traceid
Accept-Language
X-Wix-Request-Id
VIX-Pulpo-Node
Liferay-Portal
VIX-Pulpo-Upstream-Status
Xet-Cookie
Onion-Location
X-Tumblr-Pixel-2
X-Rn-Rsrv
X-Web-Node
X-UPSTREAM-Address
X-Origin-Date
X-VC-Cache
Uber-Trace-Id
X-Cache-Host
X-Auth-Group-Type
X-Accel-Version
X-Scope-Id
X-Skip-Cache
Environment
Meta-Geo
X-SaId
X-Rewrite-Enabled
X-Frame-Option
ServerID
X-FB-TRIP-ID
Filters
X-Generated-By
X-Request-URI
From-Origin
X-JoinUs
X-DataDome
X-Tb
X-Fetched-On
Fastcgi-Useragent
X-Say-TTL
Webcakes-App-Version
X-Redis-Cache
Property-Id
TWC-Connection-Speed
TWC-Device-Class
TWC-GeoIP-Country
X-SayCDN-TTL
TWC-GeoIP-LatLong
TWC-Locale-Group
X-Say-Cacheable
TWC-Privacy
Webcakes-App-Name
X-ProxyCache-Status
X-Cache-Action
X-Hosted-By
X-Logging-Id
X-Origin-Hint
X-Cache-Expired-At
X-Varnish-Cache-Hits
X-Connection-Hash
X-Director
X-Format
X-XRDS-Location
Expiry
X-R9-Blue-Green-Version
X-BYPASS-REASON
X-Varnish-Beresp-Grace
Webcakes-Region
X-Real-IP
X-Webstats-RespID
X-ProxyCache-Key
Atl-Traceid
LB
X-Server-W
X-Cms-Context
X-IPLB-Instance
X-Cluster-Node
X-IPLB-Request-ID
X-Varnish-Age
X-Served-From
X-Restarts
Apigw-Requestid
X-PHP-Host
X-Handled-By
X-Forwarded-Host
X-Httpd
X-Labrador-Cache-Channel
X-Soup
Web-Mar-Node
X-Adobe-Source
X-RID
X-Tncms
X-Loop
X-Mode
X-Proxy-Build
ServedBy
X-Timing-Wait
Selected-Fe
Mn-Server-Ip
X-Vcache
X-Origin
X-Detected-As
X-S
X-Servername
X-Cluster
Url
X-Response-Served-From
DB-Nickname
X-SRV
X-Original-Request-Id
Xserver
X-Origin-TTL
Referer-Policy
X-Origin-CC
CF-IPCountry
SRV
N-Cache
X-Lagoon
X-Hit
X-Extlb
Cross-Origin-Embedder-Policy-Report-Only
X-LSADC-Cache
X-Proxied
X-Routing-Service
X-Cloudmap
X-Zipkin-Id
X-Rocket-Nginx-Serving-Static
X-Nginx-Cache
X-Xfnlog-Site
X-UA
CDN-RequestId
X-Upstream-Ht
X-Upstream-Ct
Cross-Origin-Embedder-Policy
X-Ms-Version
X-Ms-Request-Id
X-Webkit-Csp
X-Tumblr-Pixel-3
X-Cache-Debug
X-VCT
X-RCS-CacheZone
X-Proxy-Cache-Status
X-HOST
Source
X-TraceId
X-NWS-UUID-VERIFY
X-DynaTrace
X-Azure-Ref-OriginShield
X-F-Cache
X-Signature
X-B-Cache
X-Is-Tablet
X-Is-Supported-Browser
X-Is-Desktop
X-Geo-Region
X-Is-Mobile
X-Tcp-Rtt
X-Browser-Name
WPO-Cache-Status
Surrogated-Key
WPO-Cache-Message
Locale
X-Urbn-Context-Path
X-Urbn-Site-Id
X-Worker
X-RateLimit-Limit-Second
X-No-Session
X-RateLimit-Remaining-Second
Node
X-Sucuri-Cache
X-Cdn-Origin
X-Generation-Time
X-NGINX-Cache
X-Sorting-Hat-PodId
X-Shopify-Stage
X-ShardId
X-ShopId
X-Storefront-Renderer-Rendered
X-Sorting-Hat-ShopId
X-Alternate-Cache-Key
X-FTR-Request-ID
TP-L2-Cache
X-RateLimit-Limit
X-Locale
X-Sucuri-ID
X-Tx-Id
X-Drupal-Cache-Contexts
X-Cdn-Forward
X-NODE
X-Site-Version
X-Drupal-Cache-Tags
X-Optimistic-Header
X-App-Version
X-Service
X-Cache-Operation
X-Cache-Rule
BehaviorPad-Version
X-Cache-Aspx
Candidate-Md5Url
X-Proxy-CacheRZ
X-Scheme
X-Rojux
X-Cache-Info
X-ScT
X-Cache-NE
X-Shield-Cache-Expires
X-INCAP-ABP
X-Request-Time
X-GeoIP
Azure-RegionName
Azure-SiteName
Azure-SlotName
Azure-InstanceId
X-Proto
A
X-Proxied-Request
Azure-Version
Host-ID
X-Jobs
Sslversion
X-Mvc-Supplant-OutputCached
TDXMobile
Thinkindot-CacheControl
X-Amz-Storage-Class
Rendered-Blocks
X-App-Name
X-Org
Producers
X-Nyt-Route
Redirect-Candidate
Thinkindot-CacheControl-Type
X-Mvc-Supplant-Cachable
X-A-Dgt
X-A-Dcw
X-A-Wwc
X-Aicache-OS
X-Loc
X-A-Dam
X-A-Ccd
X-Mly-Id
X-AK-Request-ID
We-Hiring
X-A
X-Origin-Expires
Origin-Agent-Cluster
DCR-Processing-Time-Ms
DCR-Decision-By
Expect-Staple
Fastly-Backend-Name
Fastly-GeoIP-CountryCode
Content-Secure-Policy
Cluster
X-BCube-Filmed-By
X-Bc-Bl
Cdncip
Cdnsip
X-Backend-Instance
Gannett-Cam-Experience-Id
Ngx.Var.Host
Meta-Geo-Continent
X-Origin-Time
Odigeo-Trace-Id
X-Origin-Response-Time
MD5-Digest
Mail-Subject
X-Internal-TTL
X-Platform-Server
Lang
X-PAYTM-SRV-ID
X-Bug-Bounty
X-Ig-Origin-Region
X-FC-Vary-Parameters
X-DefHash
X-Contensis-Viewer-Groups
X-Varnish-CookieINHashed-On
X-Conf
X-Ec-Fail
X-GeoCode
X-DefElseHash
X-Vtex-Remote-Cache
X-Varnish-Director
X-Depends
X-Vmg-Version
X-Varnish-Remaining-TTL
XkeyRZ
X-DPWN-IS-SECURE
X-Epic-Correlation-Id
X-Developer
X-Vdms-Version
Cache
X-Varnish-CookieHashed-On
X-Debug-Cache-Store
X-VG-WebCache
X-ElasticPress-Query
X-Ec-GeoHdr
X-GeoCountry
X-Ig-Push-State
X-GeoIP-City
X-LiteSpeed-Tag
X-D
X-Gdpr
X-Viewer-Country
X-Debug-Cache-Fetch
X-Varnish-Authentication
X-We-Are-Hiring
Xc-Version
X-Aed
X-TIM-N
X-Thinkindot-L3
Mime-Version
X-Ec-Custom-Error
X-Op-Id-All
NM-Fastcgi-Cache
X-Platform
L5d-Success-Class
L
X-Policy
Yak-Timeinfo
NGX
PFcat
X-Dispatcher-Server
X-HN
Platform
RNT-Time
Tube-Return
User-Agent
Tube-Got-Results
Tube-Got-Eval
X-GoCache-CacheStatus
Tube-Get-Contents
X-Akamai-Device-Characteristics
X-Micro-Cache
Web-Mar-Region
Wxu-Next-Commit
X-Path
W
X-GeoIP-Region-Code
X-Level-Front-Cache
Wxu-Next-Region
Server-Host
X-Esi-Check
RNT-Machine
Req-Svc-Chain
X-Edge-Server
Release
X-Node-Id
X-NMSegId
X-Gzip
X-Fmm-Version
X-Location
X-GeoIP-Country-Code
X-Eu-Site
Product
Esi-Enabled
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Apple-News-Services-Handled
X-Cache-Grace
X-Pubstack
X-MP-GENERATED-AT
Apple-News-Services-Request-Url
X-Content-Age
X-Varnishpool
Cache-Key
X-VarnishDD-TTL
X-Csrf-Jwt
X-Core-Value
X-Req
X-Cache-Id
X-CGP
X-Section
X-Acquia-Purge-Cdn-Unconfigured
X-Tb-Optimization-Total-Bytes-Saved
X-Slack-Backend
X-Sn-Servicetimems
X-SD-PageType
X-Access
X-Varnish-Beresp-Status
X-Human
X-Clientip
X-Pad
X-Var-Ttl
Cache-Provider
Canary
Wxu-Next-Hostname
X-Wikidot-Backend
DSUID
Debug
X-BBC-Edge-Cache-Status
AMP-Access-Control-Allow-Source-Origin
X-Wikidot-Static-Cache
X-B3-Trace-ID
Gh-Request-Id
Ha-Gx-Prefs
X-HS-Content-Campaign-Id
X-Pool
X-Slack-Shared-Secret-Outcome
Content-Style-Type
X-VTEX-Cache-Time
Cdn-Request-Time
X-Bl-Debug
Cdn-Host
X-VG-TLSProxy
X-Cache-Bucket
X-Via-Fastly
X-VTEX-Cache-Server
X-Generated-On
Content-Script-Type
X-Powered-By-VTEX-Cache
Click-Count-Error
Click-Count-Action-Start
HA-Ipaddr
X-Air-Pt
Ohc-File-Size
X-Api-Version
X-Varnish-Beresp-Ttl
X-Cache-FS-Status
X-Cdn-Srv
X-CacheTTL
X-Bip
X-Date
X-Fastly-Backend
X-Hash
X-Gamma-Serve
X-CUA
X-Request-Start
X-SB
X-Thanos
X-V-Cache
X-SVT-ORM-VERSION
X-UA-Device-Type
CDN-Cache
X-Request-Host
X-Cached-By
X-Accel-Expires-Debug
Sid
Origin-CC
Origin-EX
Origin
X-Amz-Meta-Cb-Modifiedtime
XM
X-Auto-Login
CDN-CachedAt
X-SVT-ORM-RULES
X-NodeID
Fastly-SSL
Ssr
V-Age
CDN-EdgeStorageId
Pramga
Req-ID
CDN-RequestPullSuccess
CDN-Uid
CDN-RequestPullCode
CDN-RequestCountryCode
CDN-PullZone
Cross-Origin-Opener-Policy-Report-Only
X-LiteSpeed-Cache-Control
X-COUNTRY
X-Cache-Hit
CDCHOST
User-Cache-Control
IsBot
X-Newrelic-Synthetics
ServerName
Country-Code
X-Dc
X-Server-IP
X-SIPLIST1
X-Hnp-Log
X-Gen-Mode
X-HITS
X-Men
X-Content-Length
X-Block-Status
X-URL
X-Irp-Debug
X-AB-Test
X-Varnish-Hits
X-GEO
X-Provided-By
Fl-Custom-Application
True-Client-Country-4JS
X-VWS-Id
Akamai-Mon-Iucid-Del
X-AWS-Id
X-LJ-Flow-ID
GeoIP-Latitude
X-Test
X-ORCA-Accelerator
X-CACHE-GROUP
X-RequestId
X-Cs
C-Via
Server-Ext
Server-Hostname
Sever-Int
X-APP
Proxy-Firewall
X-TA-CDN-Provider
Adler-Geo
Is-Eu
X-B3-Parentspanid
X-Refresh
S-Rt
X-Nananana
X-Servedbyhost
CloudFront-Viewer-Country
X-Dispatcher-Number
X-VServer
X-LB-NoCache
Fastly-Drupal-HTML
X-Geolocation
X-Cache-Date
Cache-Tv-Group
X-HS-CF-Cache-Status
X-Via-CDN
X-Via-Edge
X-DC
Edge-Copy-Time
X-Via-SSL
X-Presslabs-Stats
X-Nginx-Cache-Key
WZWS-RAY
Fastly-Drupal-Html
X-ZONE
X-Custom-Header
X-External-Request-Id
X-IsAdmin
X-B3-Spanid
X-S-Cookie
X-Zone
X-Geo-Header
X-B-Cookie
T-Server
X-Destination
X-Application
X-Pass-Why
X-Endurance-Cache-Level
X-Via-Poph
X-Via-Popv
X-Via-Popn
X-Zen-Fury
X-CACHE-AGE
X-HA-Backend
X-LB-ID
X-Nc
X-Tt-Logid
X-ND-Cache
X-Wa
X-DynaTrace-JS-Agent
X-Webkit-Csp-Report-Only
X-CS
X-CMSURLCustom
Vc-Max-Age
X-Cache-Server
GeoIp-Country-Code
HostName
X-User
Server-ID
X-Litespeed-Tag
Cdn-Requestid
Cdn
X-CDN-Forward
X-NewRelic-App-Data
X-Oracle-Dms-Ecid
X-Parent-Response-Time
True-Client-IP
Ohc-Cache-HIT
X-Srv
X-AIR-PT
Srv
Vix-Hermes-Req-Id
X-DataCenter
Powered-By
X-HubSpot-Correlation-Id
X-Fpc
X-VC-TTL
SID
X-Varnish-Beresp-TTL
X-Vgn-Hpd-Reason
X-Fastly-Cache
WP-Super-Cache
X-APP-VERSION
X-Moov-Xdn-Version
X-Moov-T
X-Moov-Xdn-Caching-Status
Resin-Trace
X-Ckpd-Fst-Backend
Uri
Pics-Label
X-TH-Server
On-Server
X-API-Version
ServerHost
Thinkindot-Control
X-Old-Content-Length
SEZNAM-JOBS-OFFER
X-Air-Hostname
X-Air-Trace-Id
X-Air-Source
X-Srcache-Store-Status
X-Srcache-Fetch-Status
X-Cache-TTL-Remaining
X-Amz-Meta-Opti
X-Vercel-Cache
X-Vercel-Id
X-FPC
X-PHP-Backend
True-Client-Ip
AKAMAI
X-SERVER-NAME
X-Datadome
X-TX-ID
Serverhost
X-Client-Ip
X-Dynatrace-Js-Agent
GeoIP-Country-Code
X-Info
Location
X-Cache-VC
Magicmarker
X-Action
X-Thinkindot-L1
Server-Id
X-Oracle-Dms-Rid
Cl-Cache
Hostname
X-CDN-Cache-Status
X-V
X-Vc
X-Debug-Service
N1-Cache
X-NC
X-WA
X-Cdn-Cache-Status
X-Stale
Av-Poweredby
CDN
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-Backend
X-Rollout
X-Eligible
X-IAuth-Set-Uid
X-New
X-FTR-Expires
X-FTR-Cache-Status
X-Lb-Id
X-Country-Code-Real
Sm-Log-Id
X-Service-Response-Time
X-Ee-Request-Date
X-Ee-Request-Id
X-Region-Sid
X-Ee-Origin
X-VTEX-Cache-Backend-Header-Time
Time-Cloud-Cache
X-Cms-Device
X-Save-Cache
X-Vary-Devices
X-ApacheServer
X-PERF
X-WA-Info
Machine
X-Forwarded-Site
X-Datacenter
X-Fastly-Cache-Status
Store-Cloud-Cache
X-Ee-Generated-By
X-Udemy-Cache-App-Namespace
X-Geo
X-VTEX-Cache-Backend-Connect-Time
X-Cache-Ttl
X-Github-Request-Id
X-Oracle-DMS-ECID
X-Nitro-Cache
X-Container-Uri
X-Render-Time
Cloudfront-Viewer-Country
Server-Info
X-Git-Commit
X-Via-PopV
Xkeylog
Xkey-La3
X-Resp-Is-Stale
X-Ha-Backend
X-Via-PopH
X-Limited
X-Lb-Nocache
X-Ssense-Gql
X-Fastly-Backend-Reqs
X-Via-PopN
X-Ssense-Shipping-Surcharge-Enabled
X-Proxy-Cache-La3
X-App
X-ServedByHost
X-Ftr-Request-Id
X-Uri
X-Litespeed-Cache-Control
Tcn
X-VCL-Version
TWC-GeoIP-DMA
Cache-Hits
TWC-GeoIP-Region
TWC-GeoIP-City
X-MSEdge-Features
Cneonction
Cache-Contol
Permission-Policy
WebServer
X-EC-Lua
X-SRCache-Key
X-Traceid
X-Varnish-Hostname
WWW-Authenticate
Edge-Cache
Log-Origin
X-MSEdge-Flight
Geoip-Latitude
RewriteTestHook
X-Akamai-Pragma-Client-IP
X-Ion-Healthy
X-Jungle-Id
X-Ion-Hop
RewriteTeamHook
X-Correlation-ID
CountryCode
X-Akamai-Transformed
Pragrma
PICS-Label
My-App
X-LAGOON
X-Serial
X-Check-Cacheable
X-Ua
FSS-Cache
Cmstype
X-Requestid
X-Pod
Reporter
NtCoent-Length
X-Acquia-Site
X-Up
X-HS-Status
X-Acquia-Application-UUID
X-Acquia-Application-Trace
X-Dw-Trace-Id
X-Cdn-Request-ID
Cmsid
X-From
X-Acquia-Purge-Tags
Cf-Ipcountry
X-Sucuri-Id
X-Elasticpress-Query
CacheControlHeader
X-BBC-Origin-Response-Status
X-Web-Server
CF-Cached-On
X-Platform-Cluster
X-Platform-Processor
X-Fastly-Cache-Hits
X-Ad-Load-Variation
X-Sqd-Ctime
X-Sqd-Stime
X-Platform-Router
X-Ramcache
Warning
X-Akamai-ERPolicy
X-Akamai-ERRuleID
Timeexpire
X-Tncms-Bot-Tier
X-Ms-Blob-Type
X-Ms-Lease-Status
X-Orig-Cache-Control