Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
X-Frame-Options
Expires
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
Accept-Ranges
Expect-CT
CF-RAY
Pragma
X-Powered-By
X-Cache
Via
Age
X-XSS-Protection
Content-Security-Policy
Report-To
Alt-Svc
NEL
Referrer-Policy
Access-Control-Allow-Origin
X-Xss-Protection
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
X-Served-By
P3P
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Request-Id
CF-Ray
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
Content-Security-Policy-Report-Only
X-Runtime
X-DNS-Prefetch-Control
X-AspNet-Version
X-Drupal-Cache
P3p
X-Generator
Server-Timing
X-Cache-Status
X-Cacheable
X-Request-ID
X-Envoy-Upstream-Service-Time
Timing-Allow-Origin
X-FRAME-OPTIONS
X-Iinfo
X-Check
X-Drupal-Dynamic-Cache
Permissions-Policy
X-Content-Security-Policy
X-Ua-Compatible
Access-Control-Expose-Headers
Feature-Policy
Upgrade
Content-Encoding
Status
X-CDN
X-AspNetMvc-Version
Accept-CH
Access-Control-Max-Age
Host-Header
Cf-Edge-Cache
X-Robots-Tag
X-Amz-Request-Id
Request-Context
X-Amz-Id-2
X-Backend
X-Hacker
Accept-CH-Lifetime
X-Turbo-Charged-By
X-Cache-Group
Keep-Alive
X-Proxy-Cache
Cf-Apo-Via
X-Via
X-Rq
EagleId
X-Age
X-Server
X-UA-Device
X-Dispatcher
X-Amz-Version-Id
X-Vhost
X-AH-Environment
X-Dns-Prefetch-Control
X-Ws-Request-Id
X-Varnish-Cache
Grace
X-Server-Powered-By
X-Litespeed-Cache
Allow
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Swift-SaveTime
X-Swift-CacheTime
X-Pingback
X-WebKit-CSP
X-OneAgent-JS-Injection
X-Cache-Lookup
Ali-Swift-Global-Savetime
X-Page-Speed
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Device
EagleEye-TraceId
X-Backend-Server
X-Akam-SW-Version
X-Host
X-Response-Time
Surrogate-Control
X-Cloud-Trace-Context
Cf-Railgun
X-Readtime
X-Server-Id
X-Node
X-HW
X-LiteSpeed-Cache
X-Ruxit-JS-Agent
Xkey
Request-Id
X-Nginx-Cache-Status
X-Country
X-Url
X-Application-Context
X-NWS-LOG-UUID
X-Content-Type
Content-Location
X-Nginx-Upstream-Cache-Status
Cache-Tag
X-Clacks-Overhead
X-Amz-Server-Side-Encryption
X-Trace
Service-Worker-Allowed
Fastly-Restarts
Cross-Origin-Opener-Policy
X-Times
X-PC
X-TtlSet
X-Vname
X-Edge
X-Midtier
X-Mcache
X-Rack-Cache
X-Country-Code
Rating
Surrogate-Key
X-Server-Name
X-Browser-Type
X-ESI
X-Cache-TTL
Display
X-Abt-Application-Version
X-Sol
Pagespeed
X-Middleton-Display
X-Cnection
X-Element-Page-Cache
X-Kinja
X-GoogleNews-Bot
X-Kinja-Build
X-Kinja-Server
X-Cdn-Fetch
X-Kinja-Revision
X-Exp-Id
X-Exp-Variant
X-Ser
Edge-Control
X-GitHub-Request-Id
X-Powered-By-Plesk
Nginx-Cache
X-Oneagent-Js-Injection
X-D2id
Verso
X-Ac
X-Dw-Request-Base-Id
X-ARC
X-Client-IP
X-Vcap-Request-Id
X-MS-InvokeApp
X-ORACLE-DMS-RID
X-Daa-Tunnel
X-Ttl
Accept-Ch-Lifetime
X-B3-TraceId
X-Upstream
X-Navigation-Version
X-Amz-Rid
X-Goog-Hash
X-Aspnet-Version
X-Powered-CMS
X-CST
X-Middleton-Response
Response
X-Instrumentation
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Server-Lifecycle-Phase
X-PDP-UNCACHING-HASH
X-Kraken-Loop-Name
X-Edge-Location-Klb
X-Kinsta-Cache
X-ECACHE
AR-SID
AR-ATIME
AR-PoweredBy
AR-Request-ID
X-Cache-Key
X-NF-Request-ID
X-Amzn-Trace-Id
X-Forwarded-For
X-Ratelimit-Limit
X-Ua-Device
RTSS
X-Mod-Pagespeed
X-Wormhole-Sdk
X-FastCGI-Cache
SPIisLatency
SPRequestDuration
AR-CACHE
Cache-Status
Edge-Cache-Tag
X-Server-ID
X-Ratelimit-Remaining
X-Version
X-ORACLE-DMS-ECID
X-Mg-S
Public-Key-Pins
X-Ruxit-Js-Agent
S
Cross-Origin-Resource-Policy
X-Ezoic-Cdn
Realpath
SPRequestGuid
X-SharePointHealthScore
X-MSEdge-Ref
X-T
Fastcgi-Cache
X-Shield-Request-Id
X-Content-Digest
X-Cached
X-Recruiting
X-Accel-Expires
Access-Control-Request-Method
Accept-Ch
X-Distributor
TP-Cache
X-Correlation-Id
Arr-Disable-Session-Affinity
X-Varnish-TTL
X-Newrelic-App-Data
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Id
X-Debug
X-Request-Received
X-Request-Processing-Time
Count-Hit
X-Content-Security-Policy-Report-Only
Server-Node
Front-End-Https
X-Ua-Browser
X-HS-Hub-Id
X-HS-Content-Id
X-VARITI-CCR
X-HS-Cache-Config
X-LLID
MicrosoftSharePointTeamServices
X-Frontend
X-HS-Combine-CSS
X-Azure-Ref
X-PressLabs-Stats
Cache-Tags
X-Cluster-Name
X-Ismobilevalue
Payment
X-Fastly-Request-ID
X-LB-Cache
X-Forwarded-Proto
X-Amz-Replication-Status
X-GUploader-UploadID
X-Varnish-Backend
X-Hits
X-Goog-Metageneration
Filterid
X-Microsite
X-Request-Handler-Origin-Region
X-Unique-Id
X-Git-Hash
X-FB-Debug
X-Protected-By
Host
X-Logged-In
X-Www-Served-By
Cleartype
X-Az
X-AppVersion
X-Ratelimit-Reset
X-Activity-Id
X-Varnish-Server
Content-Disposition
X-App-Server
X-Varnish-Ttl
X-Hostname
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-NGENIX-Cache
X-Amz-Apigw-Id
X-Amzn-RequestId
Mrf-Cache-Status
X-B3-TraceId-Primal
MRF-Tech
X-Geo-Country
X-HP-Trace-Id
X-HP-Webp
Access-Control-Allow-Method
X-Jurisdiction
Retry-After
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Origin-Server
X-TEC-API-VERSION
X-DIS-Request-ID
X-Page-Id
X-WP-CF-Super-Cache
X-Load-Cache
X-WP-CF-Super-Cache-Cache-Control
MS-Author-Via
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Upgrade-Enabled
X-Goog-Storage-Class
Accept-Charset
X-Nf-Request-Id
Akamai-GRN
Fastly-SWR
Section-Io-Cache
X-ASPNET-VERSION
Fastly-SIE
X-Type
Viewport
Pinterest-Version
X-Pinterest-Rid
Pinterest-Generated-By
X-Cache-Control
X-Fb-Rlafr
X-TT
X-TTL
Origin-Trial
X-Fastcgi-Cache
X-Grace
Content-MD5
Amp-Access-Control-Allow-Source-Origin
X-B
X-Ah-Environment
X-Content-Options
X-B3-Sampled
X-Template
X-Request-Guid
X-SRCache-Store-Status
Version
X-SRCache-Fetch-Status
X-RateLimit-Remaining
X-Origin-Cache
X-Cambria-Cache-Control
X-Revision
X-ECache
TCN
X-Amz-Meta-S3cmd-Attrs
X-Trace-Id
Frame-Options
X-Vcl-Version
Healthy
X-Fastly-Request-Id
X-Envoy-Decorator-Operation
X-Contextid
X-Magnolia-Registration
X-Device-Type
X-Cdn
X-Xrds-Location
X-Source
X-CSRF-Token
X-WP-CF-Super-Cache-Active
DC
Server-Name
X-Backend-Name
X-Webkit-CSP
X-Aspnetmvc-Version
X-Seen-By
X-Proxy
X-Mobile
X-Varnish-Grace
X-Px
X-App-Environment
X-Tumblr-Pixel-1
X-RM-Cache-TTL
X-Tumblr-Pixel
X-ProcessESI
X-Tumblr-Pixel-0
X-RemovedCookies
X-Tumblr-User
X-Debug-Info
X-Storage
X-Rule
X-Mg-Request-UUID
X-Framework
SD-X-WS
Cross-Origin-Window-Policy
Access-Control-Request-Headers
NGB
X-Adobe-Content
X-Adobe-Loc
X-NYM-Debug-Backend
X-Node-Name
X-Instance
X-Proxy-Cache-Info
X-UUID
X-Status
X-Region
X-G
X-Rid
X-FW-Dynamic
X-Content-Powered-By
X-FW-Version
X-Yottaa-Optimizations
X-FW-Hash
X-FW-Serve
X-FW-Static
X-FW-Server
X-Yottaa-Metrics
X-HTML-Minification-Powered-By
GEO-INFO
X-Datadog-Trace-Id
X-Datadog-Sampling-Priority
X-Datadog-Sampled
X-Datadog-Parent-Id
X-Debug-IsConnected
X-Debug-IsPreview
X-Cacheable-TTL
X-Is-Bot
Paypal-Debug-Id
X-Rendered-As
X-FW-Type
X-Cache-Age
X-User-Agent
X-Environment-Context
X-L-Path
X-RTag
X-ServerID
X-Akamai-Edgescape
Ms-Operation-Id
MS-CV
X-Webkit-Csp
X-CLOUD-TRACE-CONTEXT
X-EdgeConnect-Cache-Status
Webserver
Countrycode
Front
X-Language
X-Cache-Time
Upgrade-Insecure-Requests
X-WebKit-CSP-Report-Only
Charset
X-Buckets
Protected
X-Whom
X-Tec-Api-Root
OT-Force-Account-Verify
X-IPS-LoggedIn
X-N
X-Tec-Api-Version
X-Tec-Api-Origin
X-Cache-Status-Check
X-Lambda-Id
X-VC
X-Akamai-Request-ID2
Section-Io-Id
Country
X-Edge-Location
X-AB
Refresh
X-TT-LOGID
X-Time
Trailer
Priority
X-VHOST
X-B3-SpanId
X-Hl-Ver
X-Hcs-Proxy-Type
X-CCDN-Origin-Time
X-Via-JSL
X-CCDN-CacheTTL
Alternate-Protocol
X-WP-CF-Super-Cache-Cookies-Bypass
X-Amzn-Remapped-Content-Length
X-Reqid
Backend
X-XRDS-LOCATION
X-HS-Prerendered
X-B3-Traceid
VIX-Pulpo-Upstream-Status
X-Wix-Request-Id
VIX-Pulpo-Node
Xet-Cookie
Accept-Language
Liferay-Portal
X-DataDome
X-Origin-Date
X-Request-URI
X-Tumblr-Pixel-2
X-VC-Cache
X-Web-Node
X-UPSTREAM-Address
X-Scope-Id
X-SaId
X-Rewrite-Enabled
X-Fetched-On
ServerID
X-Tb
Meta-Geo
Filters
Onion-Location
Uber-Trace-Id
X-Accel-Version
X-Frame-Option
X-Generated-By
Fastcgi-Useragent
X-FB-TRIP-ID
X-Auth-Group-Type
X-JoinUs
X-Rn-Rsrv
X-Logging-Id
X-Origin-Hint
X-Format
X-Director
X-Cache-Host
X-Connection-Hash
X-ProxyCache-Key
TWC-Privacy
X-Say-TTL
X-SayCDN-TTL
X-Say-Cacheable
X-Redis-Cache
X-R9-Blue-Green-Version
X-Cache-Expired-At
Atl-Traceid
TWC-Device-Class
TWC-Connection-Speed
TWC-GeoIP-Country
TWC-GeoIP-LatLong
TWC-Locale-Group
Property-Id
Webcakes-App-Name
X-BYPASS-REASON
Expiry
Webcakes-Region
From-Origin
Webcakes-App-Version
Environment
X-ProxyCache-Status
X-Varnish-Age
X-Skip-Cache
X-Webstats-RespID
X-Handled-By
X-Varnish-Cache-Hits
X-Vcache
X-Hosted-By
X-Httpd
X-Restarts
X-Labrador-Cache-Channel
LB
X-Cms-Context
X-IPLB-Instance
Web-Mar-Node
X-Cluster-Node
X-Adobe-Source
X-Loop
X-Cache-Action
X-IPLB-Request-ID
X-Varnish-Beresp-Grace
X-Tncms
X-RID
X-Soup
X-Served-From
X-Mode
X-Real-IP
X-PHP-Host
Selected-Fe
Mn-Server-Ip
Apigw-Requestid
X-Forwarded-Host
X-Server-W
X-Timing-Wait
ServedBy
X-Proxy-Build
X-S
X-Origin
Url
X-Detected-As
X-Servername
DB-Nickname
X-Response-Served-From
X-Cluster
Xserver
X-Original-Request-Id
X-Origin-TTL
X-Origin-CC
Referer-Policy
X-SRV
SRV
CF-IPCountry
X-Lagoon
X-Zipkin-Id
X-Proxied
X-Extlb
X-Routing-Service
X-Cloudmap
N-Cache
Cross-Origin-Embedder-Policy-Report-Only
X-LSADC-Cache
X-Hit
X-Nginx-Cache
X-Rocket-Nginx-Serving-Static
X-Xfnlog-Site
CDN-RequestId
X-UA
X-Upstream-Ct
X-XRDS-Location
X-Upstream-Ht
X-Ms-Request-Id
X-Ms-Version
Cross-Origin-Embedder-Policy
X-VCT
X-Tumblr-Pixel-3
X-Cache-Debug
X-RCS-CacheZone
X-Proxy-Cache-Status
Source
X-TraceId
X-NWS-UUID-VERIFY
X-DynaTrace
X-F-Cache
X-Azure-Ref-OriginShield
X-Signature
X-B-Cache
WPO-Cache-Status
Surrogated-Key
WPO-Cache-Message
X-Worker
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Is-Desktop
X-Is-Mobile
X-Is-Tablet
X-Tcp-Rtt
X-No-Session
X-Is-Supported-Browser
X-Browser-Name
X-Geo-Region
Locale
X-Urbn-Context-Path
X-Urbn-Site-Id
Node
X-Sucuri-Cache
X-Generation-Time
X-NGINX-Cache
X-Cdn-Origin
X-FTR-Request-ID
X-Storefront-Renderer-Rendered
X-ShardId
X-Alternate-Cache-Key
X-RateLimit-Limit
X-Sucuri-ID
X-Tx-Id
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-ShopId
X-Shopify-Stage
X-Drupal-Cache-Contexts
X-Locale
X-NODE
X-Cdn-Forward
X-Site-Version
TP-L2-Cache
X-Optimistic-Header
X-Drupal-Cache-Tags
X-Cache-Rule
X-Service
X-Cache-Operation
X-App-Version
X-Debug-Cache-Store
A
X-Epic-Correlation-Id
Azure-InstanceId
X-DefElseHash
Cluster
Content-Secure-Policy
X-GeoCode
X-Gdpr
X-GeoCountry
X-FC-Vary-Parameters
Cdnsip
Azure-Version
X-Developer
BehaviorPad-Version
X-DPWN-IS-SECURE
Candidate-Md5Url
X-Ec-Fail
Azure-SlotName
X-Depends
X-GeoIP
X-Ec-GeoHdr
Azure-SiteName
Cdncip
X-DefHash
Azure-RegionName
Host-ID
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
X-Bug-Bounty
We-Hiring
TDXMobile
X-Cache-Aspx
X-Cache-NE
X-Cache-Info
X-App-Name
Sslversion
X-BCube-Filmed-By
X-A
X-Aed
X-Aicache-OS
X-AK-Request-ID
X-Amz-Storage-Class
X-Bc-Bl
X-A-Wwc
X-A-Ccd
X-A-Dam
X-A-Dcw
X-A-Dgt
Rendered-Blocks
Redirect-Candidate
X-D
X-Backend-Instance
Lang
X-Contensis-Viewer-Groups
Gannett-Cam-Experience-Id
X-Debug-Cache-Fetch
DCR-Processing-Time-Ms
Expect-Staple
Fastly-Backend-Name
Fastly-GeoIP-CountryCode
Mail-Subject
MD5-Digest
Origin-Agent-Cluster
XkeyRZ
X-Thinkindot-L3
Producers
X-TIM-N
Odigeo-Trace-Id
Meta-Geo-Continent
Ngx.Var.Host
X-Conf
DCR-Decision-By
X-Varnish-Authentication
X-Proto
X-ScT
X-Internal-TTL
X-Vdms-Version
X-Viewer-Country
X-Varnish-Remaining-TTL
X-We-Are-Hiring
X-Ig-Push-State
X-Request-Time
X-Mly-Id
X-INCAP-ABP
X-Org
Xc-Version
X-Origin-Response-Time
X-Origin-Time
X-PAYTM-SRV-ID
X-LiteSpeed-Tag
X-Proxy-CacheRZ
X-Vmg-Version
X-Origin-Expires
X-Loc
X-Shield-Cache-Expires
X-Platform-Server
X-Mvc-Supplant-Cachable
X-VG-WebCache
X-Varnish-Director
X-Varnish-CookieINHashed-On
X-Scheme
X-ElasticPress-Query
X-Vtex-Remote-Cache
X-Rojux
X-Nyt-Route
X-GeoIP-City
Cache
X-Ig-Origin-Region
X-Mvc-Supplant-OutputCached
X-Proxied-Request
X-Varnish-CookieHashed-On
Mime-Version
Sid
X-BBC-Edge-Cache-Status
X-CGP
X-Akamai-Device-Characteristics
X-NMSegId
Release
Product
X-VarnishDD-TTL
X-Op-Id-All
X-Node-Id
NGX
X-B3-Trace-ID
X-Req
X-Content-Age
NM-Fastcgi-Cache
AMP-Access-Control-Allow-Source-Origin
X-SVT-ORM-RULES
PFcat
X-Clientip
X-CacheTTL
Platform
X-SD-PageType
User-Agent
V-Age
Tube-Return
Tube-Got-Results
Tube-Get-Contents
Tube-Got-Eval
X-SVT-ORM-VERSION
W
Wxu-Next-Hostname
Wxu-Next-Region
Wxu-Next-Commit
Web-Mar-Region
X-Micro-Cache
X-Tb-Optimization-Total-Bytes-Saved
X-Platform
X-Cache-Id
X-Cache-Grace
X-VTEX-Cache-Server
RNT-Time
RNT-Machine
X-Cache-Bucket
X-Location
X-Accel-Expires-Debug
X-Bl-Debug
X-VTEX-Cache-Time
X-Access
X-Acquia-Purge-Cdn-Unconfigured
Req-Svc-Chain
Gh-Request-Id
Apple-News-Services-Handled
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
X-Edge-Server
X-Powered-By-VTEX-Cache
X-Esi-Check
X-Path
Apple-News-Services-Request-Url
X-Wikidot-Static-Cache
Canary
L5d-Success-Class
X-Ec-Custom-Error
Cache-Provider
Cache-Key
X-Wikidot-Backend
X-VG-TLSProxy
X-Eu-Site
X-Fastly-Backend
X-Var-Ttl
X-V-Cache
X-Hash
X-Gzip
X-GoCache-CacheStatus
X-GeoIP-Country-Code
X-GeoIP-Region-Code
X-HN
X-HS-Content-Campaign-Id
Yak-Timeinfo
X-Fmm-Version
X-Gamma-Serve
X-Human
X-Generated-On
X-Pad
Cdn-Host
X-Via-Fastly
X-Date
X-Pubstack
Esi-Enabled
DSUID
Content-Style-Type
Debug
X-Varnish-Beresp-Status
Ha-Gx-Prefs
X-Core-Value
L
X-Csrf-Jwt
X-Section
HA-Ipaddr
Content-Script-Type
X-Varnishpool
X-Policy
Click-Count-Action-Start
X-Pool
X-Dispatcher-Server
X-Jobs
Cdn-Request-Time
Click-Count-Error
X-Level-Front-Cache
X-Air-Pt
X-MP-GENERATED-AT
Ohc-File-Size
X-Api-Version
X-Request-Host
X-Slack-Backend
X-Bip
X-Men
X-Slack-Shared-Secret-Outcome
Origin
Origin-CC
X-Server-IP
X-NodeID
X-Cdn-Srv
Origin-EX
X-Request-Start
X-CUA
XM
X-Varnish-Beresp-Ttl
Country-Code
X-SB
Server-Host
CDN-Uid
Req-ID
Cross-Origin-Opener-Policy-Report-Only
X-Sn-Servicetimems
X-UA-Device-Type
Fastly-SSL
Pramga
X-Auto-Login
X-Thanos
CDN-EdgeStorageId
X-Amz-Meta-Cb-Modifiedtime
CDN-CachedAt
CDN-Cache
CDN-PullZone
CDN-RequestCountryCode
CDN-RequestPullSuccess
Ssr
CDN-RequestPullCode
X-Cache-Hit
X-Hnp-Log
X-SIPLIST1
X-Content-Length
X-LiteSpeed-Cache-Control
X-Block-Status
X-Cache-FS-Status
CDCHOST
X-Cached-By
ServerName
X-Gen-Mode
X-Newrelic-Synthetics
X-Dc
IsBot
User-Cache-Control
X-HITS
X-COUNTRY
X-HOST
X-Provided-By
X-Varnish-Hits
X-Irp-Debug
X-GEO
X-URL
X-AB-Test
Fl-Custom-Application
True-Client-Country-4JS
Akamai-Mon-Iucid-Del
X-AWS-Id
X-LJ-Flow-ID
X-VWS-Id
X-Test
GeoIP-Latitude
X-RequestId
X-CACHE-GROUP
X-ORCA-Accelerator
X-Cs
Is-Eu
Sever-Int
Server-Hostname
X-TA-CDN-Provider
C-Via
X-APP
Server-Ext
Adler-Geo
CloudFront-Viewer-Country
S-Rt
X-Refresh
X-Servedbyhost
Proxy-Firewall
X-VServer
X-Dispatcher-Number
X-LB-NoCache
X-Nananana
X-Nginx-Cache-Key
X-HS-CF-Cache-Status
X-Via-CDN
X-Via-SSL
Edge-Copy-Time
X-B3-Parentspanid
X-Via-Edge
X-Cache-Date
Fastly-Drupal-HTML
Cache-Tv-Group
WZWS-RAY
Fastly-Drupal-Html
X-DC
X-ZONE
X-Application
X-B-Cookie
X-Destination
T-Server
X-B3-Spanid
X-Zone
X-S-Cookie
X-IsAdmin
X-Custom-Header
X-External-Request-Id
X-Geolocation
X-Geo-Header
X-Pass-Why
X-Endurance-Cache-Level
X-Zen-Fury
X-Via-Poph
X-Via-Popn
X-Via-Popv
X-LB-ID
X-ND-Cache
X-HA-Backend
X-Nc
X-Tt-Logid
X-Wa
X-DynaTrace-JS-Agent
HostName
X-CACHE-AGE
X-User
GeoIp-Country-Code
Vc-Max-Age
X-Webkit-Csp-Report-Only
X-CMSURLCustom
X-Cache-Server
X-CS
X-CDN-Forward
Cdn
Cdn-Requestid
X-NewRelic-App-Data
X-Presslabs-Stats
X-Litespeed-Tag
Server-ID
X-Oracle-Dms-Ecid
X-Parent-Response-Time
True-Client-IP
X-Srv
Ohc-Cache-HIT
X-AIR-PT
Srv
Powered-By
X-HubSpot-Correlation-Id
X-DataCenter
Vix-Hermes-Req-Id
SID
X-Varnish-Beresp-TTL
X-VC-TTL
X-Moov-Xdn-Version
X-Moov-T
X-Moov-Xdn-Caching-Status
X-APP-VERSION
X-Vgn-Hpd-Reason
WP-Super-Cache
X-Ckpd-Fst-Backend
X-Fastly-Cache
X-Fpc
Resin-Trace
X-TH-Server
Uri
Pics-Label
On-Server
X-API-Version
SEZNAM-JOBS-OFFER
ServerHost
X-Old-Content-Length
Thinkindot-Control
X-Air-Hostname
X-Srcache-Store-Status
X-Air-Trace-Id
X-Srcache-Fetch-Status
X-Air-Source
X-Vercel-Cache
True-Client-Ip
AKAMAI
X-Amz-Meta-Opti
X-FPC
X-Vercel-Id
X-Cache-TTL-Remaining
X-PHP-Backend
X-SERVER-NAME
Serverhost
X-Datadome
X-TX-ID
X-Dynatrace-Js-Agent
X-Client-Ip
X-Cache-VC
GeoIP-Country-Code
Magicmarker
Server-Id
X-Thinkindot-L1
Location
X-Info
Cl-Cache
X-Oracle-Dms-Rid
X-Action
Hostname
X-CDN-Cache-Status
X-Debug-Service
X-Cdn-Cache-Status
X-Stale
N1-Cache
X-NC
X-WA
X-V
Av-Poweredby
CDN
X-FTR-Balancer
X-Rollout
X-FTR-Backend-Server
X-Country-Code-Real
X-FTR-Backend
X-Lb-Id
X-Eligible
X-IAuth-Set-Uid
X-New
X-FTR-Cache-Status
X-FTR-Expires
Sm-Log-Id
X-Service-Response-Time
X-Vc
X-Ee-Generated-By
X-Ee-Origin
X-Ee-Request-Date
X-Cms-Device
Time-Cloud-Cache
X-Forwarded-Site
Store-Cloud-Cache
X-Fastly-Cache-Status
X-Ee-Request-Id
X-WA-Info
X-Ha-Backend
X-Via-PopH
X-Udemy-Cache-App-Namespace
X-Save-Cache
X-Vary-Devices
X-Region-Sid
X-Datacenter
X-VTEX-Cache-Backend-Header-Time
X-VTEX-Cache-Backend-Connect-Time
X-ApacheServer
X-PERF
X-Geo
X-Via-PopV
Machine
X-Via-PopN
X-Cache-Ttl
X-Oracle-DMS-ECID
X-Nitro-Cache
X-Limited
Xkey-La3
X-Ssense-Gql
Xkeylog
X-Render-Time
X-Ssense-Shipping-Surcharge-Enabled
X-Github-Request-Id
X-Fastly-Backend-Reqs
Server-Info
X-Resp-Is-Stale
X-Git-Commit
Cloudfront-Viewer-Country
X-Proxy-Cache-La3
X-Container-Uri
X-Lb-Nocache
X-App
X-Litespeed-Cache-Control
X-ServedByHost
Tcn
X-Ftr-Request-Id
X-VCL-Version
X-Uri
TWC-GeoIP-Region
TWC-GeoIP-City
TWC-GeoIP-DMA
X-Ion-Healthy
X-MSEdge-Features
X-Varnish-Hostname
X-Traceid
WWW-Authenticate
X-MSEdge-Flight
Cache-Contol
Edge-Cache
Cneonction
X-SRCache-Key
Cache-Hits
X-Jungle-Id
Permission-Policy
X-EC-Lua
X-Ion-Hop
WebServer
Log-Origin
Geoip-Latitude
RewriteTeamHook
RewriteTestHook
X-Akamai-Pragma-Client-IP
X-Correlation-ID
CountryCode
X-LAGOON
PICS-Label
My-App
Cmstype
Cmsid
Pragrma
X-Akamai-Transformed
Reporter
X-HS-Status
X-Acquia-Site
X-Acquia-Application-Trace
X-Acquia-Application-UUID
FSS-Cache
X-From
X-Dw-Trace-Id
X-Cdn-Request-ID
X-Requestid
NtCoent-Length
X-Acquia-Purge-Tags
X-Pod
X-Check-Cacheable
X-Serial
X-Ua
X-CSRF-TOKEN
Cf-Ipcountry
X-Sucuri-Id
X-Elasticpress-Query
X-Up
X-Th-Server
X-BBC-Origin-Response-Status
CF-Cached-On
X-Fastly-Cache-Hits
X-Platform-Cluster
X-Platform-Processor
X-Web-Server
X-Ad-Load-Variation
X-Sqd-Stime
X-Sqd-Ctime
X-Platform-Router
X-Ramcache
Warning
X-Akamai-ERPolicy
X-Akamai-ERRuleID
Timeexpire
X-Tncms-Bot-Tier
X-Ms-Blob-Type
X-Ms-Lease-Status
X-Orig-Cache-Control