Threat Level: green Handler on Duty: Daniel Wesemann

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
X-Frame-Options
Expires
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
CF-Cache-Status
Cf-Request-Id
ETag
Accept-Ranges
Expect-CT
Pragma
CF-RAY
X-Powered-By
X-Cache
Via
X-XSS-Protection
Age
Content-Security-Policy
Alt-Svc
Report-To
NEL
Referrer-Policy
Access-Control-Allow-Origin
X-Xss-Protection
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
X-Served-By
P3P
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-Varnish
CF-Ray
X-Adblock-Key
Accept-CH
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
Content-Security-Policy-Report-Only
X-Runtime
X-DNS-Prefetch-Control
X-AspNet-Version
P3p
X-Drupal-Cache
Server-Timing
X-Generator
X-Cache-Status
X-Cacheable
X-Envoy-Upstream-Service-Time
X-Ua-Compatible
X-FRAME-OPTIONS
X-Request-ID
Timing-Allow-Origin
X-Iinfo
X-Drupal-Dynamic-Cache
Permissions-Policy
X-Content-Security-Policy
Access-Control-Expose-Headers
Feature-Policy
Upgrade
Content-Encoding
Status
X-CDN
X-Check
X-AspNetMvc-Version
Access-Control-Max-Age
Host-Header
Cf-Edge-Cache
X-Robots-Tag
Request-Context
X-Amz-Request-Id
X-Amz-Id-2
X-Backend
X-Hacker
Cf-Apo-Via
X-Turbo-Charged-By
X-Cache-Group
X-Proxy-Cache
Keep-Alive
X-Via
X-Rq
X-Age
X-UA-Device
EagleId
X-Server
X-Dispatcher
X-Vhost
X-Amz-Version-Id
X-AH-Environment
X-Ws-Request-Id
X-Dns-Prefetch-Control
Accept-CH-Lifetime
X-Varnish-Cache
X-Litespeed-Cache
Grace
X-Server-Powered-By
X-Pingback
X-Swift-CacheTime
X-Swift-SaveTime
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
Allow
X-OneAgent-JS-Injection
Ali-Swift-Global-Savetime
X-WebKit-CSP
X-Cache-Lookup
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Page-Speed
X-Cloud-Trace-Context
X-Device
X-Backend-Server
Xkey
X-Akam-SW-Version
EagleEye-TraceId
X-Host
Surrogate-Control
X-Response-Time
X-Readtime
Cf-Railgun
X-Node
X-HW
X-Ruxit-JS-Agent
X-Server-Id
Request-Id
X-LiteSpeed-Cache
X-Country
X-Nginx-Cache-Status
X-Url
Cache-Tag
X-Content-Type
Content-Location
X-Nginx-Upstream-Cache-Status
X-Application-Context
X-NWS-LOG-UUID
X-Clacks-Overhead
Service-Worker-Allowed
Fastly-Restarts
X-Trace
Cross-Origin-Opener-Policy
X-Country-Code
X-Amz-Server-Side-Encryption
X-Rack-Cache
X-Times
X-PC
X-Vname
X-TtlSet
X-Edge
X-Mcache
X-Midtier
Rating
Surrogate-Key
X-Server-Name
X-Middleton-Display
Display
Pagespeed
X-Sol
X-Cache-TTL
X-Browser-Type
X-Element-Page-Cache
X-Cnection
X-Abt-Application-Version
X-GoogleNews-Bot
X-Exp-Id
X-Exp-Variant
X-Kinja-Build
X-Cdn-Fetch
X-Kinja-Revision
X-Kinja-Server
X-Kinja
X-ESI
Nginx-Cache
X-Oneagent-Js-Injection
X-Powered-By-Plesk
X-GitHub-Request-Id
X-Ser
Edge-Control
X-D2id
X-ECACHE
Verso
X-Ac
X-Vcap-Request-Id
X-MS-InvokeApp
X-Client-IP
X-Dw-Request-Base-Id
X-ARC
X-B3-TraceId
Response
X-Middleton-Response
X-Amz-Rid
X-CST
X-ORACLE-DMS-RID
X-Powered-CMS
X-Goog-Hash
X-Navigation-Version
X-Server-ID
X-Wormhole-Sdk
X-Upstream
X-Kinsta-Cache
X-Edge-Location-Klb
X-Server-Lifecycle-Phase
X-Erf-Bev-Bev-Is-Generated
X-Instrumentation
X-PDP-UNCACHING-HASH
X-Erf-Bev-Bev
X-Kraken-Loop-Name
Accept-Ch-Lifetime
X-Ratelimit-Limit
X-Forwarded-For
X-Daa-Tunnel
X-Amzn-Trace-Id
X-NF-Request-ID
X-Cache-Key
RTSS
X-FastCGI-Cache
SPRequestDuration
SPIisLatency
X-Ratelimit-Remaining
AR-PoweredBy
AR-Request-ID
AR-ATIME
AR-SID
X-Mod-Pagespeed
Edge-Cache-Tag
Cache-Status
Public-Key-Pins
X-Ruxit-Js-Agent
X-Version
X-Ezoic-Cdn
X-ORACLE-DMS-ECID
X-Mg-S
X-Content-Digest
X-Ttl
SPRequestGuid
X-SharePointHealthScore
S
Realpath
Cross-Origin-Resource-Policy
AR-CACHE
X-Fastly-Request-ID
X-Varnish-TTL
X-T
X-MSEdge-Ref
Fastcgi-Cache
X-Shield-Request-Id
X-Cached
X-Recruiting
X-Ua-Device
X-Accel-Expires
Front-End-Https
X-Distributor
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-TTL
Access-Control-Request-Method
TP-Cache
X-Azure-Ref
X-Newrelic-App-Data
X-Request-Received
X-Request-Processing-Time
Arr-Disable-Session-Affinity
X-Ua-Browser
X-Id
X-HS-Hub-Id
X-Debug
X-HS-Cache-Config
X-HS-Content-Id
Count-Hit
MicrosoftSharePointTeamServices
Server-Node
Origin-Trial
X-LLID
X-Correlation-Id
X-Content-Security-Policy-Report-Only
Cache-Tags
X-VARITI-CCR
X-Ismobilevalue
Pinterest-Version
Pinterest-Generated-By
X-Pinterest-Rid
X-PressLabs-Stats
X-Cluster-Name
X-Frontend
X-HS-Combine-CSS
Accept-Ch
X-GUploader-UploadID
X-Varnish-Backend
Payment
X-Amz-Replication-Status
X-Protected-By
X-Hits
X-Goog-Metageneration
X-Request-Handler-Origin-Region
X-Microsite
X-NGENIX-Cache
X-LB-Cache
Cleartype
X-Forwarded-Proto
X-Varnish-Server
X-FB-Debug
X-Unique-Id
X-Www-Served-By
X-Az
Host
X-Activity-Id
X-AppVersion
X-Git-Hash
X-Logged-In
Content-Disposition
X-Ratelimit-Reset
X-Tt-Trace-Host
X-Tt-Trace-Tag
Filterid
X-Hostname
X-Xrds-Location
X-Page-Id
Akamai-GRN
X-HP-Webp
X-Jurisdiction
X-DIS-Request-ID
X-HP-Trace-Id
X-Cambria-Cache-Control
X-App-Server
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Template
X-Nf-Request-Id
X-Geo-Country
Mrf-Cache-Status
X-B3-TraceId-Primal
MRF-Tech
X-Aspnet-Version
X-FTR-Request-ID
Access-Control-Allow-Method
X-Fastcgi-Cache
Frame-Options
X-ASPNET-VERSION
X-Origin-Server
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-Upgrade-Enabled
X-Load-Cache
Retry-After
X-WP-CF-Super-Cache
X-Type
MS-Author-Via
X-WP-CF-Super-Cache-Cache-Control
Viewport
Version
Fastly-SIE
Fastly-SWR
X-Ah-Environment
Section-Io-Cache
X-TT
X-Content-Options
X-Fb-Rlafr
Accept-Charset
X-Cache-Control
Content-MD5
X-B3-Sampled
X-B
X-Rid
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
Amp-Access-Control-Allow-Source-Origin
X-Grace
X-Envoy-Decorator-Operation
X-Varnish-Ttl
X-SRCache-Fetch-Status
X-Source
X-SRCache-Store-Status
X-Vcl-Version
X-Request-Guid
X-Cdn
Trailer
X-Trace-Id
X-Device-Type
X-Revision
X-Language
Server-Name
Healthy
X-Buckets
X-Magnolia-Registration
X-Origin-Cache
X-RateLimit-Remaining
X-Aspnetmvc-Version
X-Webkit-CSP
X-Cache-Age
X-Mobile
X-Px
X-Tec-Api-Origin
X-Tec-Api-Root
X-Tec-Api-Version
X-WP-CF-Super-Cache-Active
X-CSRF-Token
X-Amz-Meta-S3cmd-Attrs
X-Contextid
X-Backend-Name
TCN
X-Akamai-Edgescape
X-HS-Prerendered
X-Status
X-RM-Cache-TTL
X-Tumblr-Pixel-0
X-Proxy
X-Environment-Context
X-L-Path
X-Varnish-Grace
X-NYM-Debug-Backend
X-Debug-Info
X-Tumblr-Pixel-1
X-ProcessESI
X-RemovedCookies
X-Instance
X-Rule
X-Tumblr-User
X-Tumblr-Pixel
X-FW-Server
NGB
X-UUID
X-FW-Version
X-FW-Type
X-FW-Static
X-ServerID
X-Proxy-Cache-Info
X-FW-Dynamic
X-FW-Hash
X-Edge-Location
X-Framework
X-App-Environment
X-HTML-Minification-Powered-By
Access-Control-Request-Headers
X-FW-Serve
X-Webkit-Csp
GEO-INFO
X-Region
X-Storage
X-Node-Name
SD-X-WS
X-EdgeConnect-Cache-Status
X-Mg-Request-UUID
X-Debug-IsConnected
Ms-Operation-Id
X-Datadog-Sampled
X-Datadog-Sampling-Priority
X-Datadog-Parent-Id
X-Content-Powered-By
X-Cache-Time
X-Debug-IsPreview
X-Datadog-Trace-Id
X-Is-Bot
X-Cacheable-TTL
X-RTag
X-Adobe-Loc
MS-CV
Cross-Origin-Window-Policy
X-Adobe-Content
X-Rendered-As
X-G
X-Yottaa-Metrics
X-Yottaa-Optimizations
Protected
Charset
DC
Upgrade-Insecure-Requests
X-Seen-By
Countrycode
X-Whom
Paypal-Debug-Id
X-TraceId
X-User-Agent
Cross-Origin-Embedder-Policy-Report-Only
Refresh
OT-Force-Account-Verify
X-Original-Request-Id
X-Lambda-Id
X-Response-Served-From
Webserver
Front
Section-Io-Id
X-VC
X-VHOST
X-ECache
X-TT-LOGID
X-Reqid
X-Amzn-Remapped-Content-Length
Alternate-Protocol
SRV
X-WebKit-CSP-Report-Only
X-IPS-LoggedIn
X-B3-Traceid
X-AB
X-Akamai-Request-ID2
X-Cache-Status-Check
X-N
X-Server-W
Country
Priority
Backend
X-WP-CF-Super-Cache-Cookies-Bypass
X-Nginx-Cache
X-B3-SpanId
X-Time
X-CCDN-CacheTTL
Liferay-Portal
X-Hcs-Proxy-Type
X-CCDN-Origin-Time
X-Real-IP
X-Mode
X-XRDS-Location
Onion-Location
X-Hl-Ver
X-JoinUs
Filters
X-Tumblr-Pixel-2
X-Rn-Rsrv
X-SaId
X-Rewrite-Enabled
Fastcgi-Useragent
X-Rocket-Nginx-Serving-Static
X-UPSTREAM-Address
Meta-Geo
ServerID
Environment
X-Cache-Host
X-Format
TWC-Locale-Group
X-VC-Cache
TWC-GeoIP-LatLong
X-Say-Cacheable
TWC-GeoIP-Country
X-Varnish-Age
Property-Id
TWC-Privacy
Uber-Trace-Id
X-Scope-Id
TWC-Connection-Speed
Xet-Cookie
X-SayCDN-TTL
Web-Mar-Node
Webcakes-App-Name
X-Say-TTL
Webcakes-App-Version
X-Tb
X-Frame-Option
X-Hosted-By
Expiry
X-IPLB-Instance
X-Skip-Cache
X-Connection-Hash
X-Cache-Expired-At
X-Cluster-Node
X-Accel-Version
Webcakes-Region
X-IPLB-Request-ID
X-Request-URI
X-Redis-Cache
X-R9-Blue-Green-Version
X-Restarts
TWC-Device-Class
From-Origin
X-Origin-Date
X-Origin-Hint
X-Fastly-Request-Id
Mn-Server-Ip
Atl-Traceid
X-Tncms
Apigw-Requestid
X-Soup
X-Web-Node
X-Forwarded-Host
X-Handled-By
X-Httpd
X-Logging-Id
X-Fetched-On
X-Director
X-BYPASS-REASON
X-Cache-Action
X-Cms-Context
X-Loop
X-Labrador-Cache-Channel
X-PHP-Host
X-Varnish-Beresp-Grace
X-Vcache
X-Varnish-Cache-Hits
X-Webstats-RespID
X-ProxyCache-Status
X-ProxyCache-Key
X-Adobe-Source
Url
X-Cluster
X-Auth-Group-Type
X-Served-From
X-Servername
X-FB-TRIP-ID
ServedBy
Cross-Origin-Embedder-Policy
Accept-Language
X-Origin-CC
X-Origin-TTL
X-Extlb
X-Detected-As
X-Cloudmap
X-Origin
DB-Nickname
X-Proxied
X-Zipkin-Id
Selected-Fe
X-Timing-Wait
X-S
X-Proxy-Build
X-Routing-Service
X-DataDome
Referer-Policy
X-Hit
X-DynaTrace
N-Cache
X-Generated-By
X-Ms-Request-Id
X-Ms-Version
X-SRV
X-Tumblr-Pixel-3
WPO-Cache-Status
X-Wix-Request-Id
X-Lagoon
WPO-Cache-Message
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-LSADC-Cache
Xserver
X-Azure-Ref-OriginShield
Surrogated-Key
X-Xfnlog-Site
Cross-Origin-Opener-Policy-Report-Only
X-RateLimit-Remaining-Second
X-Worker
X-RateLimit-Limit-Second
Source
X-CLOUD-TRACE-CONTEXT
X-NWS-UUID-VERIFY
X-App-Version
X-Generation-Time
X-Sucuri-Cache
LB
X-Cache-Debug
CF-IPCountry
X-Via-JSL
Ohc-File-Size
X-Drupal-Cache-Tags
X-Drupal-Cache-Contexts
X-VCT
X-RCS-CacheZone
X-HS-CF-Cache-Status
X-Proxy-Cache-Status
X-F-Cache
X-Cdn-Origin
Node
CDN-RequestId
X-Is-Desktop
X-Geo-Region
X-Is-Tablet
X-Browser-Name
X-MP-GENERATED-AT
X-Is-Supported-Browser
X-Tcp-Rtt
X-Is-Mobile
X-Urbn-Context-Path
X-NODE
X-Cache-Hit
X-No-Session
X-Urbn-Site-Id
Locale
X-UA
X-B-Cache
X-Signature
X-Varnish-Beresp-Ttl
X-Tx-Id
X-Upstream-Ct
X-Upstream-Ht
X-Sucuri-ID
X-ElasticPress-Query
X-Litespeed-Tag
X-TA-CDN-Provider
X-FTR-Balancer
X-FTR-Backend-Server
X-Shopify-Stage
X-Cache-Rule
X-FTR-Expires
X-FTR-Backend
X-ShardId
X-ShopId
X-Sorting-Hat-ShopId
X-Country-Code-Real
X-Cache-Operation
X-Storefront-Renderer-Rendered
X-Sorting-Hat-PodId
Cache
X-FTR-Cache-Status
X-Alternate-Cache-Key
X-Backend-Instance
Cache-Provider
X-ORCA-Accelerator
Cluster
BehaviorPad-Version
X-Bc-Bl
X-BCube-Filmed-By
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
X-Mvc-Supplant-Cachable
X-Bug-Bounty
X-Nyt-Route
X-Proto
Expect-Staple
X-App-Name
DCR-Processing-Time-Ms
X-Op-Id-All
Content-Secure-Policy
DCR-Decision-By
X-Proxied-Request
Apple-News-Services-Host
X-Debug-Cache-Store
X-Path
X-PAYTM-SRV-ID
X-CGP
X-Origin-Time
X-Conf
X-Csrf-Jwt
X-D
X-Debug-Cache-Fetch
X-Developer
X-Platform-Server
Apple-News-Services-Handled
X-Ec-GeoHdr
Fastly-Backend-Name
X-Mly-Id
X-Ec-Fail
X-TIM-N
X-DPWN-IS-SECURE
X-Cache-NE
X-Cache-Info
Fastly-GeoIP-CountryCode
PFcat
X-A
X-Ig-Origin-Region
X-GeoCode
Origin
X-Section
Meta-Geo-Continent
Ngx.Var.Host
Odigeo-Trace-Id
We-Hiring
W
Producers
Redirect-Candidate
Rendered-Blocks
X-ScT
Sslversion
X-GeoCountry
User-Agent
X-Rojux
X-Gdpr
X-A-Ccd
Ha-Gx-Prefs
HA-Ipaddr
Host-ID
L5d-Success-Class
X-Access
X-Eu-Site
Fl-Custom-Application
X-Aicache-OS
X-Aed
X-Ig-Push-State
X-AB-Test
MD5-Digest
X-A-Dcw
X-A-Dam
Mail-Subject
X-A-Dgt
X-FC-Vary-Parameters
Lang
X-A-Wwc
X-HN
Candidate-Md5Url
Xc-Version
AMP-Access-Control-Allow-Source-Origin
X-VarnishDD-TTL
X-Vtex-Remote-Cache
X-Vdms-Version
Mime-Version
X-Locale
X-INCAP-ABP
X-Powered-By-VTEX-Cache
X-Accel-Expires-Debug
Wxu-Next-Region
Wxu-Next-Commit
Wxu-Next-Hostname
X-AK-Request-ID
X-Amz-Meta-Cb-Modifiedtime
X-Bl-Debug
X-Cache-Aspx
X-Cache-Grace
X-Cache-Id
X-BBC-Edge-Cache-Status
X-B3-Trace-ID
Web-Mar-Region
X-Amz-Storage-Class
X-Auto-Login
X-Akamai-Device-Characteristics
Thinkindot-CacheControl-Type
X-SD-PageType
Platform
Product
Origin-Agent-Cluster
X-Wikidot-Static-Cache
X-We-Are-Hiring
NM-Fastcgi-Cache
X-Wikidot-Backend
Req-Svc-Chain
X-Scheme
TDXMobile
Thinkindot-CacheControl
X-Policy
X-Request-Time
X-SB
RNT-Machine
RNT-Time
Server-Host
V-Age
X-Platform
X-Generated-On
X-Mvc-Supplant-OutputCached
X-GeoIP
X-GeoIP-Country-Code
X-Service
X-NMSegId
X-Fastly-Backend
X-Node-Id
X-Fmm-Version
X-GeoIP-Region-Code
X-GoCache-CacheStatus
X-Level-Front-Cache
X-Loc
X-Location
X-Jobs
X-Irp-Debug
X-Gzip
X-Hash
X-HS-Content-Campaign-Id
X-Esi-Check
X-Epic-Correlation-Id
X-Content-Age
X-Content-Length
X-Core-Value
X-Contensis-Viewer-Groups
X-Clientip
X-CacheTTL
X-VTEX-Cache-Time
X-Cdn-Srv
X-Origin-Response-Time
X-Date
X-Edge-Server
X-Org
X-NodeID
X-Dispatcher-Server
X-Origin-Expires
X-DefElseHash
X-DefHash
X-Depends
X-Cached-By
X-Req
X-Varnish-Authentication
Fastly-SSL
X-Varnishpool
X-Var-Ttl
Gannett-Cam-Experience-Id
Azure-SiteName
Content-Script-Type
Cdn-Host
Cdnsip
Cdn-Request-Time
Azure-RegionName
X-VG-WebCache
Azure-InstanceId
X-Thinkindot-L3
Cdncip
X-Varnish-Remaining-TTL
X-Via-Fastly
X-VTEX-Cache-Server
Esi-Enabled
Debug
X-Slack-Shared-Secret-Outcome
Content-Style-Type
X-Varnish-Director
X-Shield-Cache-Expires
X-Varnish-CookieINHashed-On
CDCHOST
X-Micro-Cache
IsBot
Azure-Version
Canary
L
X-Vmg-Version
X-SIPLIST1
X-Varnish-CookieHashed-On
X-Viewer-Country
Gh-Request-Id
X-Slack-Backend
Azure-SlotName
X-Pad
Akamai-Mon-Iucid-Del
X-Site-Version
Click-Count-Error
Click-Count-Action-Start
X-SVT-ORM-VERSION
X-Sn-Servicetimems
X-VServer
X-Acquia-Purge-Cdn-Unconfigured
X-Ec-Custom-Error
X-Tb-Optimization-Total-Bytes-Saved
X-VG-TLSProxy
X-SVT-ORM-RULES
X-Block-Status
CDN-EdgeStorageId
X-Cache-FS-Status
X-Geolocation
X-CUA
CDN-Cache
CDN-CachedAt
CDN-PullZone
Yak-Timeinfo
CDN-RequestPullSuccess
CDN-Uid
CDN-RequestPullCode
CDN-RequestCountryCode
X-Bip
X-Pool
Country-Code
X-Hnp-Log
Req-ID
X-Human
X-V-Cache
ServerName
X-Request-Start
X-UA-Device-Type
X-GeoIP-City
Release
X-HITS
NGX
X-Men
X-Server-IP
Origin-CC
Origin-EX
X-Internal-TTL
X-Varnish-Beresp-Status
Pramga
X-Request-Host
DSUID
XM
Tube-Return
X-Thanos
X-Pubstack
X-Gamma-Serve
Tube-Got-Results
User-Cache-Control
Tube-Get-Contents
X-Gen-Mode
Tube-Got-Eval
X-CDN-Forward
X-URL
X-External-Request-Id
X-Via-Edge
X-S-Cookie
A
X-Via-CDN
X-LB-NoCache
X-B-Cookie
X-Application
X-Varnish-Hits
X-Destination
Cache-Key
X-Via-SSL
Edge-Copy-Time
X-NGINX-Cache
X-IsAdmin
X-Newrelic-Synthetics
X-Cache-Bucket
X-Cache-Date
X-Proxy-CacheRZ
X-RID
X-RateLimit-Limit
XkeyRZ
X-HOST
X-GEO
X-Cdn-Forward
Ssr
X-CACHE-GROUP
X-Resp-Is-Stale
X-Api-Version
Sid
X-ZONE
X-User
X-Zen-Fury
X-Refresh
X-Oracle-Dms-Ecid
TP-L2-Cache
X-APP
CloudFront-Viewer-Country
X-Cs
X-Optimistic-Header
X-Nananana
X-Servedbyhost
X-Dc
X-VC-TTL
Fastly-Drupal-HTML
Cdn-Requestid
GeoIP-Latitude
X-RequestId
X-DC
X-Air-Pt
Ohc-Cache-HIT
Proxy-Firewall
X-Via-Popv
X-Tt-Logid
X-HA-Backend
Server-ID
C-Via
X-Via-Poph
X-B3-Spanid
X-Via-Popn
X-Webkit-Csp-Report-Only
Fastly-Drupal-Html
X-Nc
X-Endurance-Cache-Level
X-Vgn-Hpd-Reason
X-CACHE-AGE
X-TH-Server
True-Client-Country-4JS
X-LB-ID
X-Wa
Server-Hostname
X-Test
X-LiteSpeed-Cache-Control
X-B3-Parentspanid
Sever-Int
X-AIR-PT
X-CS
Server-Ext
X-LiteSpeed-Tag
X-XRDS-LOCATION
Cdn
X-Presslabs-Stats
X-Moov-Xdn-Caching-Status
X-Moov-T
X-Old-Content-Length
X-Moov-Xdn-Version
WP-Super-Cache
Is-Eu
X-VWS-Id
X-LJ-Flow-ID
Adler-Geo
HostName
X-DynaTrace-JS-Agent
X-AWS-Id
X-COUNTRY
X-Datadome
X-Dispatcher-Number
X-Provided-By
GeoIp-Country-Code
SID
X-Nginx-Cache-Key
X-Parent-Response-Time
X-Srv
X-Zone
X-HubSpot-Correlation-Id
WZWS-RAY
X-DataCenter
X-Fpc
X-API-Version
X-Custom-Header
X-Oracle-Dms-Rid
T-Server
X-Action
X-NewRelic-App-Data
X-Geo-Header
X-Litespeed-Cache-Control
S-Rt
X-Pass-Why
X-Thinkindot-L1
X-Cache-VC
Uri
True-Client-Ip
Location
X-ND-Cache
X-Vercel-Id
X-Vercel-Cache
N1-Cache
Cache-Tv-Group
True-Client-IP
X-CMSURLCustom
Vc-Max-Age
SEZNAM-JOBS-OFFER
X-Cache-Server
Resin-Trace
X-Stale
Pics-Label
X-SERVER-NAME
Cache-Hits
X-PERF
X-Ua
GeoIP-Country-Code
X-TX-ID
X-Datacenter
Serverhost
X-ApacheServer
Tcn
Powered-By
X-Client-Ip
TWC-GeoIP-City
X-Dynatrace-Js-Agent
TWC-GeoIP-Region
X-Varnish-Beresp-TTL
TWC-GeoIP-DMA
X-FPC
Vix-Hermes-Req-Id
X-Render-Time
X-WA-Info
Sm-Log-Id
X-Srcache-Store-Status
X-Service-Response-Time
X-Srcache-Fetch-Status
X-Fastly-Cache
X-Cache-TTL-Remaining
X-Ckpd-Fst-Backend
X-Uri
Lb
X-Nitro-Cache
Srv
X-APP-VERSION
X-Ssense-Gql
X-Ssense-Shipping-Surcharge-Enabled
X-Traceid
X-Jungle-Id
Hostname
Cache-Contol
Thinkindot-Control
X-Cdn-Cache-Status
X-Debug-Service
Log-Origin
RewriteTestHook
X-Ion-Hop
RewriteTeamHook
X-Ion-Healthy
X-Fastly-Cache-Status
On-Server
Av-Poweredby
My-App
Cmstype
X-NC
X-Air-Hostname
ServerHost
X-Air-Source
X-Air-Trace-Id
X-WA
Cmsid
Server-Id
X-Udemy-Cache-App-Namespace
X-Vc
Store-Cloud-Cache
X-Ee-Generated-By
X-Vary-Devices
Cf-Ipcountry
X-PHP-Backend
AKAMAI
X-Cms-Device
X-Ee-Request-Date
X-Ee-Origin
X-Ee-Request-Id
Geoip-Latitude
X-Amz-Meta-Opti
X-Up
X-Lb-Id
Time-Cloud-Cache
X-Save-Cache
X-Correlation-ID
X-Cache-Ttl
CacheControlHeader
X-Via-PopH
X-Via-PopN
X-Ha-Backend
X-Proxy-Cache-La3
X-From
WebServer
X-Oracle-DMS-ECID
X-Via-PopV
X-Fastly-Backend-Reqs
X-Github-Request-Id
Xkey-La3
Xkeylog
X-Esi
X-VTEX-Cache-Backend-Connect-Time
X-VCL-Version
X-VTEX-Cache-Backend-Header-Time
X-Info
X-Akamai-Pragma-Client-IP
Cl-Cache
Magicmarker
X-App
X-Sucuri-Id
X-IAuth-Set-Uid
X-Requestid
X-Geo
X-ServedByHost
X-Limited
Cloudfront-Viewer-Country
WWW-Authenticate
CountryCode
NtCoent-Length
X-HS-Status
X-LAGOON
X-Dw-Trace-Id
X-CDN-Cache-Status
X-MSEdge-Flight
X-MSEdge-Features
Warning
CDN
X-Lb-Nocache
Origin-Site
Reporter
X-Akamai-Transformed
X-New
X-Wp-Cf-Super-Cache
X-Wp-Cf-Super-Cache-Cache-Control
X-Acquia-Application-Trace
X-Pod
X-Rollout
X-Acquia-Application-UUID
X-Eligible
X-Acquia-Site
FSS-Cache
X-Check-Cacheable
X-Acquia-Purge-Tags
X-Serial
X-V
CF-Cached-On
X-Td-Header-From-No-Data
Epwk-X-Cache
X-Varnish-Hostname
X-Lsadc-Cache
Machine
X-BBC-Origin-Response-Status
X-Web-Server
Thinkindot-Cache-Type
X-Elasticpress-Query
Timeexpire
Cneonction
X-Akamai-ERPolicy
X-Orig-Cache-Control
X-Forwarded-Site
X-Akamai-ERRuleID
X-Tncms-Bot-Tier
X-Ms-Lease-Status
X-Platform-Processor
X-Platform-Cluster
X-Platform-Router
X-Ramcache
X-Ms-Blob-Type
X-Region-Sid