Threat Level: green Handler on Duty: Jim Clausing

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
X-Frame-Options
Expires
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
Accept-Ranges
Expect-CT
CF-RAY
Pragma
X-Powered-By
X-XSS-Protection
X-Cache
Via
Age
Content-Security-Policy
Report-To
Alt-Svc
NEL
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Xss-Protection
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
X-Served-By
P3P
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
CF-Ray
Content-Security-Policy-Report-Only
X-Runtime
X-DNS-Prefetch-Control
X-AspNet-Version
X-Drupal-Cache
X-Generator
Server-Timing
X-Cache-Status
P3p
X-Cacheable
X-Envoy-Upstream-Service-Time
Timing-Allow-Origin
X-Request-ID
X-FRAME-OPTIONS
X-Iinfo
X-Drupal-Dynamic-Cache
X-Check
Permissions-Policy
X-Content-Security-Policy
Access-Control-Expose-Headers
Feature-Policy
Upgrade
Content-Encoding
Status
X-CDN
X-Ua-Compatible
X-AspNetMvc-Version
Access-Control-Max-Age
Host-Header
Cf-Edge-Cache
Accept-CH
X-Robots-Tag
Request-Context
X-Amz-Request-Id
X-Amz-Id-2
X-Backend
X-Hacker
X-Turbo-Charged-By
X-Cache-Group
X-Proxy-Cache
Keep-Alive
Cf-Apo-Via
X-Via
X-Rq
Accept-CH-Lifetime
EagleId
X-Server
X-Age
X-UA-Device
X-Dispatcher
X-Vhost
X-Amz-Version-Id
X-AH-Environment
X-Ws-Request-Id
X-Dns-Prefetch-Control
X-Varnish-Cache
Grace
X-Server-Powered-By
X-Litespeed-Cache
X-WebKit-CSP
Allow
X-Swift-CacheTime
X-Styx-Req-Id
X-Swift-SaveTime
X-Pantheon-Styx-Hostname
X-Pingback
X-OneAgent-JS-Injection
X-Cache-Lookup
Ali-Swift-Global-Savetime
X-Page-Speed
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Device
X-Backend-Server
EagleEye-TraceId
X-Akam-SW-Version
X-Host
X-Cloud-Trace-Context
X-Response-Time
Surrogate-Control
Cf-Railgun
X-Readtime
X-Server-Id
X-Node
X-HW
X-LiteSpeed-Cache
X-Ruxit-JS-Agent
Xkey
Request-Id
X-Country
X-Url
X-Nginx-Cache-Status
X-NWS-LOG-UUID
X-Application-Context
X-Content-Type
Cache-Tag
Content-Location
X-Nginx-Upstream-Cache-Status
X-Clacks-Overhead
Service-Worker-Allowed
X-Amz-Server-Side-Encryption
X-Trace
Cross-Origin-Opener-Policy
Fastly-Restarts
X-Times
X-TtlSet
X-PC
X-Vname
X-Rack-Cache
X-Midtier
X-Edge
X-Mcache
X-Country-Code
Rating
Surrogate-Key
X-Server-Name
X-Browser-Type
X-Sol
Pagespeed
Display
X-Cache-TTL
X-Middleton-Display
X-Cnection
X-Abt-Application-Version
X-Element-Page-Cache
X-Kinja-Build
X-Kinja-Revision
X-Exp-Variant
X-Kinja-Server
X-Kinja
X-Cdn-Fetch
X-GoogleNews-Bot
X-Exp-Id
X-ESI
X-Ser
X-GitHub-Request-Id
Nginx-Cache
X-Powered-By-Plesk
Edge-Control
X-Oneagent-Js-Injection
X-D2id
Verso
X-Ac
X-Vcap-Request-Id
X-ARC
X-Dw-Request-Base-Id
X-Client-IP
X-MS-InvokeApp
X-ORACLE-DMS-RID
X-Daa-Tunnel
X-Navigation-Version
X-Upstream
X-Amz-Rid
X-Goog-Hash
X-CST
X-Powered-CMS
Response
X-Middleton-Response
X-Aspnet-Version
X-B3-TraceId
X-PDP-UNCACHING-HASH
X-Instrumentation
X-Ttl
X-Erf-Bev-Bev
X-Server-Lifecycle-Phase
X-Erf-Bev-Bev-Is-Generated
X-Kraken-Loop-Name
X-Edge-Location-Klb
X-Kinsta-Cache
X-ECACHE
AR-Request-ID
AR-PoweredBy
AR-ATIME
AR-SID
X-Amzn-Trace-Id
X-Cache-Key
X-NF-Request-ID
X-Forwarded-For
Accept-Ch-Lifetime
X-Ratelimit-Limit
X-Ua-Device
RTSS
X-Mod-Pagespeed
X-Wormhole-Sdk
SPRequestDuration
SPIisLatency
Edge-Cache-Tag
Cache-Status
X-Ratelimit-Remaining
X-Server-ID
AR-CACHE
X-ORACLE-DMS-ECID
X-Version
X-FastCGI-Cache
X-Mg-S
Public-Key-Pins
X-Ruxit-Js-Agent
X-Ezoic-Cdn
Cross-Origin-Resource-Policy
S
Realpath
SPRequestGuid
X-SharePointHealthScore
X-Shield-Request-Id
X-MSEdge-Ref
Fastcgi-Cache
X-Content-Digest
X-T
X-Cached
X-Recruiting
X-Accel-Expires
Access-Control-Request-Method
X-Distributor
X-Newrelic-App-Data
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
Front-End-Https
X-Correlation-Id
Arr-Disable-Session-Affinity
TP-Cache
X-Debug
Count-Hit
X-Id
X-HS-Cache-Config
X-Request-Received
X-Request-Processing-Time
X-HS-Hub-Id
X-HS-Content-Id
Server-Node
X-Content-Security-Policy-Report-Only
X-Ua-Browser
MicrosoftSharePointTeamServices
X-VARITI-CCR
X-Azure-Ref
X-HS-Combine-CSS
X-LLID
X-Frontend
X-Varnish-TTL
X-Fastly-Request-ID
X-PressLabs-Stats
X-Cluster-Name
Cache-Tags
X-Ismobilevalue
X-Hits
Payment
X-Amz-Replication-Status
X-LB-Cache
X-Forwarded-Proto
X-Varnish-Backend
X-GUploader-UploadID
X-Goog-Metageneration
Accept-Ch
X-Varnish-Ttl
X-Request-Handler-Origin-Region
X-Microsite
X-Protected-By
X-Git-Hash
X-FB-Debug
Host
Cleartype
X-Unique-Id
Filterid
X-Logged-In
X-Varnish-Server
X-AppVersion
X-Az
X-Www-Served-By
Content-Disposition
X-Activity-Id
X-Ratelimit-Reset
X-App-Server
X-Hostname
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-NGENIX-Cache
X-Amz-Apigw-Id
X-Amzn-RequestId
X-HP-Webp
X-Jurisdiction
X-HP-Trace-Id
X-B3-TraceId-Primal
Mrf-Cache-Status
X-DIS-Request-ID
MRF-Tech
X-Page-Id
Access-Control-Allow-Method
X-Fastcgi-Cache
X-TTL
X-Geo-Country
X-Origin-Server
Origin-Trial
Retry-After
X-Load-Cache
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
X-Upgrade-Enabled
Pinterest-Generated-By
Pinterest-Version
X-Pinterest-Rid
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Goog-Stored-Content-Encoding
MS-Author-Via
X-Nf-Request-Id
Accept-Charset
Akamai-GRN
X-Type
X-Cambria-Cache-Control
X-ASPNET-VERSION
X-Fb-Rlafr
X-TT
Fastly-SWR
Viewport
X-Template
Fastly-SIE
Section-Io-Cache
X-Cache-Control
Content-MD5
X-B3-Sampled
X-Content-Options
X-Grace
X-B
Version
X-TEC-API-VERSION
X-Ah-Environment
X-TEC-API-ORIGIN
X-TEC-API-ROOT
Frame-Options
X-ECache
X-RateLimit-Remaining
X-Request-Guid
X-Trace-Id
X-SRCache-Fetch-Status
X-Revision
X-SRCache-Store-Status
X-Xrds-Location
Amp-Access-Control-Allow-Source-Origin
X-Vcl-Version
X-Amz-Meta-S3cmd-Attrs
Healthy
X-Envoy-Decorator-Operation
TCN
X-Origin-Cache
X-Device-Type
X-Magnolia-Registration
X-Contextid
X-Cdn
X-CSRF-Token
X-Source
X-Fastly-Request-Id
X-WP-CF-Super-Cache-Active
X-Cache-Age
Server-Name
X-Rid
X-Aspnetmvc-Version
DC
X-Backend-Name
X-Webkit-CSP
X-Mobile
X-Px
X-Proxy
X-Tec-Api-Version
X-Tec-Api-Origin
X-Tec-Api-Root
X-Varnish-Grace
X-Seen-By
X-RemovedCookies
X-App-Environment
X-ProcessESI
X-Tumblr-Pixel
X-RM-Cache-TTL
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
X-Tumblr-User
Access-Control-Request-Headers
X-Environment-Context
X-Rule
X-Mg-Request-UUID
X-L-Path
X-Framework
X-Status
X-Debug-Info
X-Cacheable-TTL
X-Adobe-Loc
X-Content-Powered-By
X-FW-Dynamic
X-FW-Hash
X-Adobe-Content
SD-X-WS
X-Akamai-Edgescape
X-HTML-Minification-Powered-By
Cross-Origin-Window-Policy
NGB
X-FW-Serve
X-FW-Server
X-Region
X-ServerID
X-Storage
X-UUID
X-NYM-Debug-Backend
X-Node-Name
X-FW-Static
X-FW-Version
X-G
X-Instance
X-Language
X-FW-Type
GEO-INFO
MS-CV
X-Debug-IsPreview
X-Is-Bot
X-Rendered-As
Ms-Operation-Id
X-Debug-IsConnected
X-Datadog-Parent-Id
X-Datadog-Sampled
X-Datadog-Sampling-Priority
X-Datadog-Trace-Id
X-RTag
X-Proxy-Cache-Info
X-Yottaa-Metrics
X-Buckets
X-Yottaa-Optimizations
Paypal-Debug-Id
X-User-Agent
X-CLOUD-TRACE-CONTEXT
X-Cache-Time
X-EdgeConnect-Cache-Status
Webserver
Countrycode
Upgrade-Insecure-Requests
Front
Charset
Protected
X-WebKit-CSP-Report-Only
X-B3-Traceid
X-Whom
X-Lambda-Id
OT-Force-Account-Verify
X-TT-LOGID
X-N
X-Edge-Location
X-VC
Trailer
Section-Io-Id
Refresh
X-IPS-LoggedIn
X-Akamai-Request-ID2
X-Cache-Status-Check
Priority
X-AB
Country
X-Time
X-VHOST
X-HS-Prerendered
X-Reqid
Alternate-Protocol
X-Hcs-Proxy-Type
Backend
X-Amzn-Remapped-Content-Length
X-CCDN-Origin-Time
X-CCDN-CacheTTL
Xet-Cookie
X-Hl-Ver
X-WP-CF-Super-Cache-Cookies-Bypass
Liferay-Portal
X-B3-SpanId
X-Via-JSL
X-Server-W
X-Mode
X-Wix-Request-Id
Accept-Language
VIX-Pulpo-Upstream-Status
Onion-Location
VIX-Pulpo-Node
X-Web-Node
X-Rn-Rsrv
X-FB-TRIP-ID
X-Rewrite-Enabled
X-JoinUs
X-Fetched-On
X-Accel-Version
X-Real-IP
Meta-Geo
From-Origin
Filters
ServerID
X-Tb
Environment
X-Origin-Date
X-Auth-Group-Type
X-Cache-Host
X-Skip-Cache
X-Scope-Id
X-SaId
X-UPSTREAM-Address
X-Frame-Option
X-Tumblr-Pixel-2
X-VC-Cache
Fastcgi-Useragent
Webcakes-Region
X-Format
Webcakes-App-Version
X-Say-TTL
Webcakes-App-Name
X-Origin-Hint
X-IPLB-Instance
X-Webstats-RespID
X-Response-Served-From
X-Cache-Expired-At
X-Cache-Action
X-Varnish-Age
Uber-Trace-Id
TWC-Privacy
Atl-Traceid
Property-Id
X-Redis-Cache
X-Request-URI
Expiry
X-Generated-By
TWC-Connection-Speed
TWC-Locale-Group
TWC-GeoIP-LatLong
TWC-GeoIP-Country
TWC-Device-Class
X-Original-Request-Id
X-BYPASS-REASON
X-Connection-Hash
X-ProxyCache-Status
X-Director
X-Varnish-Cache-Hits
X-Hosted-By
X-Cluster-Node
X-Restarts
X-ProxyCache-Key
X-IPLB-Request-ID
X-Say-Cacheable
X-SayCDN-TTL
X-Logging-Id
X-Vcache
X-Tncms
X-Forwarded-Host
X-DataDome
Mn-Server-Ip
X-Labrador-Cache-Channel
X-Handled-By
X-Served-From
Apigw-Requestid
X-Varnish-Beresp-Grace
X-R9-Blue-Green-Version
X-Cms-Context
X-Adobe-Source
X-Loop
X-PHP-Host
Web-Mar-Node
X-Soup
X-Proxy-Build
X-Timing-Wait
Cross-Origin-Embedder-Policy-Report-Only
X-Httpd
Selected-Fe
X-Routing-Service
X-Cluster
X-S
X-Origin
ServedBy
X-Extlb
X-Proxied
X-Detected-As
X-Servername
X-Zipkin-Id
X-Cloudmap
DB-Nickname
Url
X-XRDS-LOCATION
LB
X-SRV
X-Origin-CC
X-Origin-TTL
Xserver
Referer-Policy
X-LSADC-Cache
SRV
N-Cache
X-Lagoon
X-Rocket-Nginx-Serving-Static
X-Hit
CF-IPCountry
X-RID
X-Nginx-Cache
Cross-Origin-Embedder-Policy
X-XRDS-Location
X-Xfnlog-Site
X-Ms-Version
X-Ms-Request-Id
X-NWS-UUID-VERIFY
X-TraceId
X-Tumblr-Pixel-3
X-Webkit-Csp
X-UA
X-DynaTrace
X-Upstream-Ct
X-Upstream-Ht
CDN-RequestId
X-VCT
Source
X-RCS-CacheZone
X-Proxy-Cache-Status
X-Azure-Ref-OriginShield
X-Cache-Debug
WPO-Cache-Status
WPO-Cache-Message
Surrogated-Key
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Worker
X-Tcp-Rtt
X-B-Cache
X-Geo-Region
X-Is-Tablet
X-Is-Mobile
X-FTR-Request-ID
X-Is-Supported-Browser
X-Signature
X-F-Cache
X-Is-Desktop
X-Browser-Name
X-No-Session
X-Urbn-Context-Path
Locale
X-Urbn-Site-Id
X-Cdn-Origin
X-Generation-Time
X-Sucuri-Cache
Node
X-NGINX-Cache
X-Drupal-Cache-Tags
X-Sucuri-ID
X-Drupal-Cache-Contexts
X-RateLimit-Limit
X-Cdn-Forward
AMP-Access-Control-Allow-Source-Origin
X-Shopify-Stage
X-NODE
X-Sorting-Hat-PodId
X-Locale
X-Alternate-Cache-Key
X-Sorting-Hat-ShopId
X-Storefront-Renderer-Rendered
X-ShardId
X-ShopId
X-Tx-Id
X-Site-Version
X-App-Version
X-Cache-Operation
X-Cache-Rule
X-Amz-Storage-Class
Azure-SlotName
X-A-Ccd
Azure-SiteName
Azure-InstanceId
X-A-Wwc
Azure-RegionName
X-Aicache-OS
X-Aed
X-A-Dam
X-AK-Request-ID
X-A-Dcw
Meta-Geo-Continent
Gannett-Cam-Experience-Id
Cdncip
Host-ID
Lang
Candidate-Md5Url
Mail-Subject
Fastly-GeoIP-CountryCode
Fastly-Backend-Name
DCR-Decision-By
Cluster
DCR-Processing-Time-Ms
Expect-Staple
Cdnsip
BehaviorPad-Version
MD5-Digest
Sslversion
Rendered-Blocks
TDXMobile
Thinkindot-CacheControl
We-Hiring
Thinkindot-CacheControl-Type
Redirect-Candidate
Producers
Ngx.Var.Host
Content-Secure-Policy
Odigeo-Trace-Id
Azure-Version
Origin-Agent-Cluster
X-A
X-DefElseHash
X-Platform-Server
X-PAYTM-SRV-ID
X-Path
X-Proto
X-Proxied-Request
X-Request-Time
X-Proxy-CacheRZ
X-Origin-Time
X-Origin-Response-Time
X-Mvc-Supplant-Cachable
X-Mly-Id
X-Mvc-Supplant-OutputCached
X-Nyt-Route
X-Origin-Expires
X-Org
X-Rojux
X-Scheme
X-Vmg-Version
X-Vdms-Version
X-Vtex-Remote-Cache
X-We-Are-Hiring
XkeyRZ
Xc-Version
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
X-Shield-Cache-Expires
X-ScT
X-Thinkindot-L3
X-TIM-N
X-Varnish-CookieHashed-On
X-Varnish-Authentication
X-Loc
X-Jobs
X-D
X-Contensis-Viewer-Groups
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-DefHash
A
X-Conf
X-Cache-NE
X-Bc-Bl
X-Backend-Instance
X-BCube-Filmed-By
X-Bug-Bounty
X-Cache-Info
X-Cache-Aspx
X-Depends
X-Developer
X-GeoIP-City
X-GeoIP
X-Ig-Origin-Region
X-Ig-Push-State
X-Internal-TTL
X-INCAP-ABP
X-GeoCountry
X-GeoCode
X-Ec-Fail
X-DPWN-IS-SECURE
X-Ec-GeoHdr
X-Epic-Correlation-Id
X-Gdpr
X-FC-Vary-Parameters
X-App-Name
X-A-Dgt
Cross-Origin-Opener-Policy-Report-Only
X-Service
X-ElasticPress-Query
Ohc-File-Size
TP-L2-Cache
X-MP-GENERATED-AT
X-Optimistic-Header
Cache
Mime-Version
X-CacheTTL
X-Cached-By
X-Cache-Id
X-Cache-Grace
X-Cache-Bucket
X-BBC-Edge-Cache-Status
X-Fastly-Backend
X-Bl-Debug
X-CGP
X-Content-Age
X-Date
X-Dispatcher-Server
X-Ec-Custom-Error
X-Edge-Server
X-Csrf-Jwt
X-B3-Trace-ID
X-Esi-Check
X-Core-Value
X-Eu-Site
X-Clientip
X-Akamai-Device-Characteristics
Tube-Got-Results
Tube-Return
User-Agent
V-Age
Tube-Got-Eval
Tube-Get-Contents
RNT-Machine
RNT-Time
Server-Host
W
X-Pad
X-Access
X-Acquia-Purge-Cdn-Unconfigured
X-Fmm-Version
X-Amz-Meta-Cb-Modifiedtime
X-Accel-Expires-Debug
Wxu-Next-Region
Web-Mar-Region
Wxu-Next-Commit
Wxu-Next-Hostname
X-Auto-Login
X-GeoIP-Country-Code
X-Tb-Optimization-Total-Bytes-Saved
X-UA-Device-Type
X-V-Cache
X-Var-Ttl
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Section
X-Slack-Backend
X-Slack-Shared-Secret-Outcome
X-Sn-Servicetimems
X-Varnish-Director
X-VarnishDD-TTL
X-VTEX-Cache-Time
X-Wikidot-Backend
X-Wikidot-Static-Cache
Yak-Timeinfo
X-VTEX-Cache-Server
X-Viewer-Country
X-Varnishpool
X-VG-WebCache
X-Via-Fastly
X-SD-PageType
X-SB
X-Hash
X-HN
X-HS-Content-Campaign-Id
Sid
X-Gzip
X-GoCache-CacheStatus
X-Generated-On
Req-Svc-Chain
X-GeoIP-Region-Code
X-Level-Front-Cache
X-Location
X-Policy
X-Pool
X-Powered-By-VTEX-Cache
X-Req
X-Platform
X-Op-Id-All
X-Micro-Cache
X-NMSegId
X-Node-Id
X-Gamma-Serve
X-Human
Debug
Origin-EX
Origin-CC
PFcat
Content-Style-Type
Click-Count-Action-Start
Click-Count-Error
Content-Script-Type
DSUID
Origin
L
NM-Fastcgi-Cache
L5d-Success-Class
HA-Ipaddr
Ha-Gx-Prefs
Esi-Enabled
Gh-Request-Id
Cdn-Request-Time
Platform
Apple-News-Services-Request-Url
Product
Cache-Provider
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Release
Apple-News-Services-Handled
Canary
Cache-Key
Cdn-Host
X-Cdn-Srv
X-Request-Start
X-Content-Length
IsBot
X-Men
X-Block-Status
X-VG-TLSProxy
X-Cache-FS-Status
X-NodeID
X-Hnp-Log
X-CUA
X-Newrelic-Synthetics
X-Gen-Mode
X-Server-IP
Country-Code
CDCHOST
X-Pubstack
Fastly-SSL
X-Bip
X-Varnish-Beresp-Status
X-Thanos
X-SIPLIST1
X-Request-Host
Ssr
User-Cache-Control
ServerName
Req-ID
NGX
Pramga
X-Dc
X-Cache-Hit
CDN-RequestPullCode
X-Api-Version
CDN-Uid
CDN-RequestCountryCode
CDN-CachedAt
X-Irp-Debug
X-AB-Test
XM
CDN-Cache
X-Varnish-Beresp-Ttl
CDN-EdgeStorageId
CDN-PullZone
CDN-RequestPullSuccess
X-LiteSpeed-Tag
X-HOST
X-Air-Pt
Fl-Custom-Application
X-ORCA-Accelerator
X-Varnish-Hits
X-VWS-Id
Akamai-Mon-Iucid-Del
X-GEO
X-LJ-Flow-ID
X-AWS-Id
True-Client-Country-4JS
X-CACHE-GROUP
X-Cs
X-Provided-By
X-TA-CDN-Provider
Sever-Int
X-HS-CF-Cache-Status
X-APP
Proxy-Firewall
Server-Ext
C-Via
X-RequestId
X-LB-NoCache
X-VServer
X-LiteSpeed-Cache-Control
X-Nananana
Server-Hostname
X-Test
GeoIP-Latitude
X-B3-Spanid
X-Via-Edge
Edge-Copy-Time
X-Via-SSL
Adler-Geo
X-B3-Parentspanid
CloudFront-Viewer-Country
X-Cache-Date
X-Refresh
X-Servedbyhost
X-HITS
X-Via-CDN
Is-Eu
X-Geolocation
Fastly-Drupal-Html
X-External-Request-Id
X-S-Cookie
X-IsAdmin
X-B-Cookie
S-Rt
X-Nginx-Cache-Key
X-Dispatcher-Number
X-Destination
X-Application
X-Endurance-Cache-Level
X-ZONE
X-HA-Backend
Cache-Tv-Group
Fastly-Drupal-HTML
X-Zone
X-Via-Popv
X-Via-Popn
X-Via-Poph
WZWS-RAY
X-Zen-Fury
X-DC
X-DynaTrace-JS-Agent
X-User
T-Server
X-LB-ID
X-Geo-Header
X-Litespeed-Tag
X-Nc
X-Wa
X-Custom-Header
X-Pass-Why
HostName
X-ND-Cache
GeoIp-Country-Code
X-CS
X-Webkit-Csp-Report-Only
X-Tt-Logid
Cdn-Requestid
X-Presslabs-Stats
Cdn
X-COUNTRY
Server-ID
X-Cache-Server
X-AIR-PT
X-URL
Vc-Max-Age
X-CMSURLCustom
X-Oracle-Dms-Ecid
X-Parent-Response-Time
X-HubSpot-Correlation-Id
X-CDN-Forward
Ohc-Cache-HIT
X-VC-TTL
True-Client-IP
X-Srv
X-CACHE-AGE
X-Varnish-Beresp-TTL
X-DataCenter
X-TH-Server
Resin-Trace
WP-Super-Cache
X-Vgn-Hpd-Reason
Srv
SID
X-Moov-T
Powered-By
X-APP-VERSION
X-NewRelic-App-Data
X-Fpc
Vix-Hermes-Req-Id
X-Moov-Xdn-Caching-Status
Uri
X-Moov-Xdn-Version
X-API-Version
X-Old-Content-Length
X-Fastly-Cache
X-Ckpd-Fst-Backend
Pics-Label
X-Datadome
SEZNAM-JOBS-OFFER
On-Server
X-FPC
X-Srcache-Store-Status
X-TX-ID
X-Srcache-Fetch-Status
X-Vercel-Id
X-Vercel-Cache
ServerHost
Thinkindot-Control
True-Client-Ip
X-SERVER-NAME
Serverhost
X-Cache-TTL-Remaining
X-Air-Trace-Id
X-Air-Source
X-Cache-VC
X-PHP-Backend
X-Thinkindot-L1
X-Amz-Meta-Opti
AKAMAI
X-Action
Server-Id
X-Air-Hostname
Location
X-Client-Ip
GeoIP-Country-Code
X-Stale
X-Dynatrace-Js-Agent
Hostname
X-Info
Cl-Cache
Magicmarker
N1-Cache
X-Oracle-Dms-Rid
X-Country-Code-Real
X-FTR-Cache-Status
X-FTR-Backend-Server
X-Litespeed-Cache-Control
X-FTR-Balancer
X-FTR-Expires
X-FTR-Backend
Av-Poweredby
X-WA
X-NC
X-Cdn-Cache-Status
X-V
X-Debug-Service
X-CDN-Cache-Status
X-Fastly-Backend-Reqs
X-Proxy-Cache-La3
X-IAuth-Set-Uid
X-Datacenter
Xkeylog
Xkey-La3
X-Fastly-Cache-Status
X-PERF
X-Lb-Id
X-ApacheServer
Tcn
X-Ssense-Gql
X-Ssense-Shipping-Surcharge-Enabled
X-Vc
X-Service-Response-Time
CDN
X-Resp-Is-Stale
Sm-Log-Id
X-Ee-Generated-By
X-Ee-Origin
X-Ee-Request-Id
X-Save-Cache
X-Ee-Request-Date
X-Cms-Device
X-Vary-Devices
Store-Cloud-Cache
Time-Cloud-Cache
X-Geo
X-Ha-Backend
X-Eligible
X-Via-PopH
X-Via-PopN
X-Via-PopV
X-Udemy-Cache-App-Namespace
X-New
X-Nitro-Cache
X-VTEX-Cache-Backend-Connect-Time
X-VTEX-Cache-Backend-Header-Time
X-Render-Time
X-Rollout
X-Cache-Ttl
X-WA-Info
TWC-GeoIP-DMA
Cache-Hits
TWC-GeoIP-City
X-Oracle-DMS-ECID
X-Forwarded-Site
X-Region-Sid
X-Limited
TWC-GeoIP-Region
Cloudfront-Viewer-Country
X-Github-Request-Id
Machine
X-ServedByHost
X-Esi
X-Ion-Healthy
X-Ion-Hop
X-VCL-Version
X-Lb-Nocache
Geoip-Latitude
X-Jungle-Id
X-App
RewriteTestHook
X-Uri
Cache-Contol
RewriteTeamHook
Log-Origin
Server-Info
X-Container-Uri
X-Git-Commit
WebServer
WWW-Authenticate
X-Traceid
Cmstype
My-App
Cmsid
X-EC-Lua
X-Ftr-Request-Id
Edge-Cache
X-MSEdge-Features
X-MSEdge-Flight
X-Ua
Cneonction
X-Akamai-Pragma-Client-IP
CountryCode
X-Correlation-ID
Permission-Policy
X-Varnish-Hostname
Pragrma
X-SRCache-Key
X-LAGOON
Cf-Ipcountry
X-From
X-Requestid
X-Dw-Trace-Id
X-Acquia-Application-Trace
X-Cdn-Request-ID
X-Acquia-Application-UUID
CacheControlHeader
X-Pod
X-Check-Cacheable
Reporter
X-Up
X-Acquia-Purge-Tags
X-Serial
PICS-Label
FSS-Cache
X-Acquia-Site
X-Akamai-Transformed
X-HS-Status
Lb
X-Sucuri-Id
X-UP
CF-Cached-On
X-Fastly-Cache-Hits
X-Elasticpress-Query
X-BBC-Origin-Response-Status
X-Platform-Router
Timeexpire
Warning
X-Ms-Blob-Type
X-Ms-Lease-Status
X-Tncms-Bot-Tier
X-Akamai-ERPolicy
X-Akamai-ERRuleID
X-Orig-Cache-Control
X-Platform-Cluster
NtCoent-Length
X-Platform-Processor
X-Ramcache
X-Web-Server