Threat Level: green Handler on Duty: Daniel Wesemann

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
X-Frame-Options
Expires
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
CF-Cache-Status
Cf-Request-Id
ETag
Accept-Ranges
Expect-CT
CF-RAY
Pragma
X-Powered-By
X-Cache
Via
X-XSS-Protection
Age
Content-Security-Policy
Alt-Svc
Report-To
NEL
Referrer-Policy
Access-Control-Allow-Origin
X-Xss-Protection
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
X-Served-By
P3P
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
Accept-CH
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
CF-Ray
Content-Security-Policy-Report-Only
X-Runtime
X-DNS-Prefetch-Control
X-AspNet-Version
X-Drupal-Cache
P3p
Server-Timing
X-Generator
X-Cache-Status
X-Cacheable
X-Envoy-Upstream-Service-Time
Timing-Allow-Origin
X-FRAME-OPTIONS
X-Iinfo
X-Request-ID
X-Drupal-Dynamic-Cache
Permissions-Policy
X-Content-Security-Policy
X-Ua-Compatible
Access-Control-Expose-Headers
Feature-Policy
Upgrade
Content-Encoding
Status
X-CDN
X-Check
X-AspNetMvc-Version
Access-Control-Max-Age
Host-Header
Cf-Edge-Cache
X-Robots-Tag
Request-Context
X-Amz-Request-Id
X-Amz-Id-2
X-Backend
X-Hacker
Cf-Apo-Via
X-Turbo-Charged-By
X-Cache-Group
X-Proxy-Cache
Keep-Alive
X-Via
X-Rq
X-Age
X-UA-Device
EagleId
X-Server
X-Dispatcher
X-Vhost
X-Amz-Version-Id
X-AH-Environment
X-Dns-Prefetch-Control
Accept-CH-Lifetime
X-Ws-Request-Id
X-Varnish-Cache
Grace
X-Litespeed-Cache
X-Server-Powered-By
X-Pingback
X-Swift-CacheTime
X-Swift-SaveTime
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
Allow
Ali-Swift-Global-Savetime
X-OneAgent-JS-Injection
X-Cache-Lookup
X-WebKit-CSP
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Page-Speed
X-Device
X-Cloud-Trace-Context
Xkey
X-Backend-Server
X-Akam-SW-Version
EagleEye-TraceId
X-Host
Surrogate-Control
X-Response-Time
X-Readtime
Cf-Railgun
X-Server-Id
X-Node
X-HW
X-LiteSpeed-Cache
Request-Id
X-Ruxit-JS-Agent
X-Country
X-Url
X-Nginx-Cache-Status
X-Content-Type
Content-Location
Cache-Tag
X-Application-Context
X-Nginx-Upstream-Cache-Status
X-Clacks-Overhead
Service-Worker-Allowed
X-NWS-LOG-UUID
Fastly-Restarts
X-Trace
Cross-Origin-Opener-Policy
X-Country-Code
X-Amz-Server-Side-Encryption
X-Times
X-Rack-Cache
X-Vname
X-TtlSet
X-PC
X-Midtier
X-Edge
X-Mcache
Surrogate-Key
Rating
X-Oneagent-Js-Injection
X-Server-Name
X-Cache-TTL
Display
X-Sol
X-Middleton-Display
Pagespeed
X-Browser-Type
X-Cnection
X-Element-Page-Cache
Nginx-Cache
X-ESI
X-Powered-By-Plesk
X-Abt-Application-Version
X-Exp-Variant
X-Cdn-Fetch
X-Exp-Id
X-Kinja-Revision
X-Kinja-Server
X-Kinja
X-Kinja-Build
X-GoogleNews-Bot
X-GitHub-Request-Id
X-ECACHE
X-Ser
Edge-Control
X-D2id
Verso
X-Ac
X-Vcap-Request-Id
X-MS-InvokeApp
X-Client-IP
X-ORACLE-DMS-RID
X-ARC
X-B3-TraceId
X-Dw-Request-Base-Id
Response
X-Middleton-Response
X-Amz-Rid
X-CST
X-Powered-CMS
X-Navigation-Version
X-Goog-Hash
X-Ruxit-Js-Agent
X-Wormhole-Sdk
X-Kinsta-Cache
X-Edge-Location-Klb
X-Upstream
X-Server-Lifecycle-Phase
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Kraken-Loop-Name
X-Instrumentation
X-PDP-UNCACHING-HASH
X-Forwarded-For
X-Daa-Tunnel
X-Amzn-Trace-Id
Accept-Ch-Lifetime
X-FastCGI-Cache
RTSS
X-Ratelimit-Limit
X-Cache-Key
SPRequestDuration
SPIisLatency
X-NF-Request-ID
AR-Request-ID
AR-ATIME
AR-PoweredBy
AR-SID
Edge-Cache-Tag
X-Mod-Pagespeed
Cache-Status
X-Ratelimit-Remaining
X-ORACLE-DMS-ECID
X-Server-ID
Public-Key-Pins
X-Ezoic-Cdn
X-Version
X-Content-Digest
X-Mg-S
SPRequestGuid
X-SharePointHealthScore
S
X-Ttl
Realpath
X-Fastly-Request-ID
Cross-Origin-Resource-Policy
AR-CACHE
X-Shield-Request-Id
X-T
X-MSEdge-Ref
Fastcgi-Cache
X-Recruiting
X-Cached
X-Varnish-TTL
X-Accel-Expires
Front-End-Https
X-Ua-Device
X-Distributor
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-TTL
Origin-Trial
Access-Control-Request-Method
TP-Cache
X-Azure-Ref
X-Newrelic-App-Data
X-Request-Received
X-Request-Processing-Time
Arr-Disable-Session-Affinity
X-Ua-Browser
X-Id
Count-Hit
X-Debug
X-HS-Cache-Config
X-HS-Hub-Id
X-HS-Content-Id
X-LLID
Server-Node
X-Pinterest-Rid
MicrosoftSharePointTeamServices
Pinterest-Version
Pinterest-Generated-By
X-Content-Security-Policy-Report-Only
Cache-Tags
X-Ismobilevalue
X-Cluster-Name
X-VARITI-CCR
X-PressLabs-Stats
X-Frontend
X-Correlation-Id
X-HS-Combine-CSS
X-Hits
X-Varnish-Backend
X-Aspnetmvc-Version
X-GUploader-UploadID
X-Amz-Replication-Status
Payment
X-Protected-By
X-Xrds-Location
Accept-Ch
X-NGENIX-Cache
X-Goog-Metageneration
X-Request-Handler-Origin-Region
X-Microsite
X-Unique-Id
X-LB-Cache
Cleartype
X-Varnish-Server
X-FB-Debug
X-Www-Served-By
X-Activity-Id
X-Logged-In
X-Forwarded-Proto
X-Az
X-AppVersion
Host
X-Git-Hash
Content-Disposition
X-Hostname
X-Tt-Trace-Tag
X-Tt-Trace-Host
Akamai-GRN
Filterid
X-Nf-Request-Id
X-Ratelimit-Reset
X-FTR-Request-ID
X-Page-Id
X-DIS-Request-ID
X-Cambria-Cache-Control
X-Jurisdiction
X-HP-Trace-Id
X-HP-Webp
X-App-Server
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Template
MRF-Tech
X-B3-TraceId-Primal
Mrf-Cache-Status
X-Geo-Country
Frame-Options
Access-Control-Allow-Method
X-Origin-Server
X-Aspnet-Version
X-Goog-Stored-Content-Length
X-Upgrade-Enabled
X-Goog-Generation
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
MS-Author-Via
X-Type
X-Fastcgi-Cache
X-WP-CF-Super-Cache-Cache-Control
X-ASPNET-VERSION
X-WP-CF-Super-Cache
X-Load-Cache
Viewport
Version
X-Webkit-Csp
Retry-After
Fastly-SIE
X-Content-Options
Fastly-SWR
Section-Io-Cache
X-Fb-Rlafr
X-TT
X-Varnish-Ttl
Content-MD5
X-Rid
Accept-Charset
X-B
X-B3-Sampled
X-Cache-Control
X-Grace
X-Ah-Environment
X-Envoy-Decorator-Operation
Trailer
X-SRCache-Fetch-Status
X-Tec-Api-Version
Amp-Access-Control-Allow-Source-Origin
X-SRCache-Store-Status
X-Tec-Api-Root
X-Source
X-Tec-Api-Origin
X-Vcl-Version
X-Cache-Age
X-Device-Type
X-Trace-Id
X-Revision
X-Request-Guid
X-Language
X-RateLimit-Remaining
Healthy
Server-Name
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Cdn
X-Buckets
X-Magnolia-Registration
X-TraceId
X-Mobile
X-Origin-Cache
X-Px
TCN
X-CSRF-Token
X-Webkit-CSP
X-WP-CF-Super-Cache-Active
X-Backend-Name
X-Amz-Meta-S3cmd-Attrs
X-Contextid
X-Akamai-Edgescape
X-HS-Prerendered
X-Status
X-App-Environment
X-L-Path
X-Tumblr-Pixel
X-Tumblr-User
X-Rule
X-ProcessESI
X-Tumblr-Pixel-0
X-RM-Cache-TTL
X-RemovedCookies
X-Environment-Context
X-Edge-Location
X-Tumblr-Pixel-1
X-Proxy
X-Framework
X-UUID
X-Instance
X-Storage
X-Proxy-Cache-Info
X-Region
X-NYM-Debug-Backend
NGB
Cross-Origin-Window-Policy
X-EdgeConnect-Cache-Status
X-Varnish-Grace
X-Datadog-Sampled
MS-CV
GEO-INFO
X-Datadog-Sampling-Priority
Ms-Operation-Id
X-Content-Powered-By
X-Datadog-Parent-Id
X-FW-Serve
X-FW-Type
X-FW-Static
X-Datadog-Trace-Id
X-FW-Version
X-Mg-Request-UUID
X-ServerID
X-RTag
X-Node-Name
X-Cache-Time
X-FW-Server
X-Debug-IsConnected
X-Debug-IsPreview
X-FW-Dynamic
X-FW-Hash
Access-Control-Request-Headers
X-Cacheable-TTL
X-G
SD-X-WS
X-Adobe-Content
X-Adobe-Loc
Charset
X-Debug-Info
Upgrade-Insecure-Requests
X-Is-Bot
X-Rendered-As
Protected
DC
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-HTML-Minification-Powered-By
X-Whom
Countrycode
Webserver
Paypal-Debug-Id
X-User-Agent
Refresh
OT-Force-Account-Verify
Cross-Origin-Embedder-Policy-Report-Only
X-Original-Request-Id
X-Lambda-Id
X-Response-Served-From
X-Seen-By
Section-Io-Id
Front
X-WebKit-CSP-Report-Only
X-VC
X-Reqid
Alternate-Protocol
X-Amzn-Remapped-Content-Length
X-VHOST
SRV
X-ECache
X-IPS-LoggedIn
X-Server-W
X-AB
Priority
X-Cache-Status-Check
X-Nginx-Cache
X-Akamai-Request-ID2
Country
X-B3-Traceid
X-N
X-CLOUD-TRACE-CONTEXT
X-B3-SpanId
Backend
X-Hcs-Proxy-Type
X-Time
X-CCDN-Origin-Time
X-CCDN-CacheTTL
Liferay-Portal
X-WP-CF-Super-Cache-Cookies-Bypass
X-TT-LOGID
X-Real-IP
X-Mode
Onion-Location
X-Rn-Rsrv
Filters
X-SaId
X-Origin-Hint
X-Rewrite-Enabled
Webcakes-App-Name
TWC-Device-Class
TWC-GeoIP-Country
Meta-Geo
Property-Id
ServerID
Webcakes-App-Version
TWC-Privacy
X-Format
Webcakes-Region
X-FB-TRIP-ID
Environment
X-Cache-Host
Xet-Cookie
TWC-Locale-Group
TWC-GeoIP-LatLong
X-JoinUs
X-Tumblr-Pixel-2
X-UPSTREAM-Address
X-Hl-Ver
TWC-Connection-Speed
Mn-Server-Ip
Expiry
DB-Nickname
X-Tb
From-Origin
Uber-Trace-Id
X-Rocket-Nginx-Serving-Static
X-R9-Blue-Green-Version
X-Accel-Version
X-Frame-Option
X-Fetched-On
X-Skip-Cache
X-IPLB-Instance
X-Varnish-Age
X-IPLB-Request-ID
X-VC-Cache
X-Connection-Hash
X-Scope-Id
X-Restarts
X-Cache-Expired-At
X-Cluster-Node
Atl-Traceid
X-ProxyCache-Key
X-Redis-Cache
X-Origin-Date
X-ProxyCache-Status
X-Logging-Id
Apigw-Requestid
X-Httpd
Web-Mar-Node
X-Cache-Action
X-BYPASS-REASON
X-Varnish-Beresp-Grace
X-Forwarded-Host
X-Hosted-By
X-Varnish-Cache-Hits
X-Soup
X-Webstats-RespID
X-Timing-Wait
X-Web-Node
X-Tncms
X-Vcache
Selected-Fe
X-Director
X-Handled-By
X-Cms-Context
X-Cluster
X-Auth-Group-Type
X-Labrador-Cache-Channel
X-Loop
X-Served-From
X-Request-URI
X-Proxy-Build
X-PHP-Host
Fastcgi-Useragent
ServedBy
X-Say-Cacheable
X-Servername
X-Cloudmap
X-Origin
X-Routing-Service
X-Say-TTL
Accept-Language
X-Proxied
X-Zipkin-Id
X-Origin-CC
X-Origin-TTL
Url
X-Adobe-Source
X-S
X-SayCDN-TTL
X-Extlb
X-DynaTrace
X-Hit
Cross-Origin-Embedder-Policy
X-Fastly-Request-Id
Referer-Policy
WPO-Cache-Message
WPO-Cache-Status
X-Ms-Version
N-Cache
X-Ms-Request-Id
X-Detected-As
X-Tumblr-Pixel-3
X-LSADC-Cache
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Generated-By
X-XRDS-Location
Xserver
Cross-Origin-Opener-Policy-Report-Only
X-Lagoon
X-Azure-Ref-OriginShield
X-Wix-Request-Id
Surrogated-Key
X-DataDome
X-Xfnlog-Site
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-SRV
X-Worker
Source
X-App-Version
Ohc-File-Size
X-Generation-Time
X-NWS-UUID-VERIFY
X-RCS-CacheZone
CF-IPCountry
X-Drupal-Cache-Tags
X-Sucuri-Cache
LB
X-HS-CF-Cache-Status
X-Drupal-Cache-Contexts
X-Cdn-Origin
X-Cache-Debug
X-VCT
X-FTR-Balancer
X-F-Cache
X-Via-JSL
Node
X-FTR-Backend-Server
X-FTR-Cache-Status
X-Country-Code-Real
X-Proxy-Cache-Status
X-FTR-Expires
X-FTR-Backend
X-MP-GENERATED-AT
X-Browser-Name
X-Tcp-Rtt
X-Is-Desktop
X-Geo-Region
X-Is-Tablet
X-Cache-Hit
X-Is-Supported-Browser
X-Is-Mobile
X-No-Session
X-Varnish-Beresp-Ttl
X-Sucuri-ID
X-Signature
X-B-Cache
X-Urbn-Site-Id
X-NODE
AMP-Access-Control-Allow-Source-Origin
X-Urbn-Context-Path
Locale
X-Upstream-Ht
CDN-RequestId
X-Upstream-Ct
X-Mly-Id
X-ElasticPress-Query
Cache
X-Cache-Rule
X-ShopId
X-ShardId
X-Storefront-Renderer-Rendered
X-Shopify-Stage
X-Cache-Operation
X-Alternate-Cache-Key
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-INCAP-ABP
Apple-News-Services-Handled
Apple-News-Services-Request-Url
Candidate-Md5Url
Fl-Custom-Application
Cluster
Content-Secure-Policy
Fastly-Backend-Name
Ha-Gx-Prefs
Cache-Provider
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Fastly-GeoIP-CountryCode
BehaviorPad-Version
HA-Ipaddr
User-Agent
X-HN
X-Gdpr
X-Ig-Origin-Region
X-Ig-Push-State
X-Mvc-Supplant-Cachable
X-Jobs
X-Eu-Site
X-Ec-GeoHdr
X-D
X-Csrf-Jwt
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-Ec-Fail
X-Developer
X-Nyt-Route
X-Op-Id-All
X-Section
X-ScT
X-TIM-N
X-VarnishDD-TTL
Xc-Version
X-Vtex-Remote-Cache
X-Rojux
X-Proxied-Request
X-Org
X-ORCA-Accelerator
X-Origin-Time
X-PAYTM-SRV-ID
X-Proto
X-Conf
X-CGP
Redirect-Candidate
PFcat
Rendered-Blocks
Sslversion
Wxu-Next-Commit
W
Origin
Odigeo-Trace-Id
Lang
L5d-Success-Class
Mail-Subject
MD5-Digest
Ngx.Var.Host
Meta-Geo-Continent
Wxu-Next-Hostname
Wxu-Next-Region
X-Aed
X-Access
X-Aicache-OS
X-Bc-Bl
X-Cache-NE
X-Cache-Info
X-AB-Test
X-A-Wwc
X-A-Ccd
X-A
X-A-Dam
X-A-Dcw
X-A-Dgt
Host-ID
We-Hiring
X-Tx-Id
X-TA-CDN-Provider
X-Locale
X-UA
X-RateLimit-Limit
Mime-Version
X-Clientip
X-Contensis-Viewer-Groups
X-Content-Length
X-Core-Value
X-Cdn-Srv
X-Cache-Aspx
X-Bug-Bounty
X-Date
X-Cache-Id
X-CacheTTL
X-Depends
X-Epic-Correlation-Id
X-Esi-Check
X-FC-Vary-Parameters
X-Gamma-Serve
X-Edge-Server
X-DPWN-IS-SECURE
X-DefHash
X-Bl-Debug
X-Dispatcher-Server
X-DefElseHash
X-BBC-Edge-Cache-Status
RNT-Time
Server-Host
TDXMobile
Thinkindot-CacheControl
RNT-Machine
Req-Svc-Chain
Origin-Agent-Cluster
Producers
Product
Thinkindot-CacheControl-Type
V-Age
X-Auto-Login
X-B3-Trace-ID
X-Backend-Instance
X-Generated-On
X-App-Name
X-Amz-Storage-Class
X-Accel-Expires-Debug
X-Akamai-Device-Characteristics
X-Amz-Meta-Cb-Modifiedtime
X-BCube-Filmed-By
X-GeoCountry
X-Varnish-CookieHashed-On
X-Varnish-CookieINHashed-On
X-Varnish-Director
X-Varnish-Remaining-TTL
X-Varnish-Authentication
X-Var-Ttl
X-Scheme
X-Shield-Cache-Expires
X-Thinkindot-L3
X-V-Cache
X-Varnishpool
X-Vdms-Version
X-VTEX-Cache-Time
X-We-Are-Hiring
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-VTEX-Cache-Server
X-Vmg-Version
X-VG-WebCache
X-Via-Fastly
X-Viewer-Country
X-SB
X-Request-Time
X-Irp-Debug
X-Level-Front-Cache
X-Loc
X-Location
X-Hash
X-Gzip
NM-Fastcgi-Cache
X-GeoIP
X-GeoIP-City
X-GoCache-CacheStatus
X-Micro-Cache
X-Mvc-Supplant-OutputCached
X-Platform-Server
X-Policy
X-Powered-By-VTEX-Cache
X-Req
X-Platform
X-Path
X-NMSegId
X-Node-Id
X-NodeID
X-GeoCode
X-Fmm-Version
Azure-SiteName
Cdn-Host
Azure-SlotName
Gh-Request-Id
Azure-RegionName
Cdn-Request-Time
Gannett-Cam-Experience-Id
Azure-InstanceId
Canary
Azure-Version
Debug
L
CDCHOST
Expect-Staple
DCR-Processing-Time-Ms
Esi-Enabled
DCR-Decision-By
X-CDN-Forward
Akamai-Mon-Iucid-Del
CDN-RequestCountryCode
CDN-EdgeStorageId
CDN-RequestPullCode
CDN-PullZone
Cdnsip
X-Bip
Content-Script-Type
Content-Style-Type
Country-Code
X-AK-Request-ID
DSUID
X-Cache-FS-Status
X-Cache-Grace
Cdncip
CDN-Uid
CDN-CachedAt
Click-Count-Action-Start
Click-Count-Error
X-Cached-By
CDN-RequestPullSuccess
X-GeoIP-Country-Code
X-Thanos
X-UA-Device-Type
X-Tb-Optimization-Total-Bytes-Saved
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Varnish-Beresp-Status
X-Service
X-VServer
X-Geolocation
Yak-Timeinfo
XM
X-VG-TLSProxy
X-Sn-Servicetimems
X-Slack-Shared-Secret-Outcome
X-Internal-TTL
X-Men
X-HS-Content-Campaign-Id
X-GeoIP-Region-Code
X-Acquia-Purge-Cdn-Unconfigured
X-Origin-Expires
X-Pool
X-Server-IP
X-Slack-Backend
X-SD-PageType
X-Request-Start
X-Pubstack
CDN-Cache
X-Fastly-Backend
Origin-EX
Fastly-SSL
Origin-CC
NGX
Web-Mar-Region
X-Litespeed-Tag
ServerName
Platform
Tube-Return
Release
Tube-Got-Results
Req-ID
Tube-Get-Contents
Tube-Got-Eval
Sid
X-Via-SSL
Edge-Copy-Time
X-Pad
X-Via-CDN
X-Site-Version
X-Via-Edge
X-Resp-Is-Stale
X-Origin-Response-Time
X-Hnp-Log
Pramga
X-Request-Host
X-Content-Age
X-Human
X-Gen-Mode
Ssr
X-Ec-Custom-Error
X-Cache-Date
X-Varnish-Hits
X-LB-NoCache
IsBot
X-SIPLIST1
X-CUA
X-S-Cookie
X-IsAdmin
X-External-Request-Id
X-B-Cookie
X-Application
X-Block-Status
X-Destination
User-Cache-Control
Cdn-Requestid
X-ZONE
X-HOST
X-Cs
X-NGINX-Cache
XkeyRZ
X-RID
Cache-Key
X-Cache-Bucket
X-Proxy-CacheRZ
A
X-Dc
X-Api-Version
X-CACHE-GROUP
X-GEO
X-Newrelic-Synthetics
X-Tt-Logid
X-Zen-Fury
X-Cdn-Forward
X-User
X-Refresh
CloudFront-Viewer-Country
Ohc-Cache-HIT
TP-L2-Cache
X-Servedbyhost
X-VC-TTL
X-Nananana
X-RequestId
X-AIR-PT
X-HITS
X-Optimistic-Header
Fastly-Drupal-HTML
C-Via
GeoIP-Latitude
X-HA-Backend
X-Via-Popn
X-Via-Poph
X-Via-Popv
Server-ID
X-APP
Proxy-Firewall
X-LB-ID
Fastly-Drupal-Html
X-Endurance-Cache-Level
X-B3-Spanid
X-Vgn-Hpd-Reason
X-TH-Server
X-Datadome
X-DC
X-Srv
X-Nc
HostName
X-Air-Pt
X-Wa
X-DynaTrace-JS-Agent
True-Client-Country-4JS
X-LiteSpeed-Tag
Sever-Int
X-Moov-T
X-Moov-Xdn-Version
X-B3-Parentspanid
WP-Super-Cache
X-Test
Server-Ext
Server-Hostname
X-Webkit-Csp-Report-Only
X-Moov-Xdn-Caching-Status
X-Presslabs-Stats
Cdn
X-LiteSpeed-Cache-Control
X-XRDS-LOCATION
Adler-Geo
X-Old-Content-Length
X-LJ-Flow-ID
X-VWS-Id
X-AWS-Id
WZWS-RAY
X-Oracle-Dms-Ecid
Is-Eu
X-URL
X-COUNTRY
X-Parent-Response-Time
X-CS
X-Dispatcher-Number
X-Fpc
X-Nginx-Cache-Key
X-HubSpot-Correlation-Id
GeoIp-Country-Code
X-Provided-By
X-Zone
X-CACHE-AGE
X-Action
SID
X-API-Version
X-NewRelic-App-Data
X-Ua
X-DataCenter
Uri
X-Thinkindot-L1
X-Vercel-Id
X-Vercel-Cache
X-Geo-Header
N1-Cache
True-Client-Ip
X-Custom-Header
X-Cache-VC
T-Server
Location
X-Pass-Why
X-Litespeed-Cache-Control
S-Rt
X-ND-Cache
Cache-Tv-Group
X-Datacenter
X-Cache-Server
X-CMSURLCustom
SEZNAM-JOBS-OFFER
True-Client-IP
Vc-Max-Age
X-TX-ID
TWC-GeoIP-City
Cache-Hits
TWC-GeoIP-Region
TWC-GeoIP-DMA
Pics-Label
X-ApacheServer
Resin-Trace
X-PERF
X-SERVER-NAME
GeoIP-Country-Code
X-Render-Time
Tcn
Powered-By
Serverhost
X-Stale
X-WA-Info
X-Client-Ip
X-Varnish-Beresp-TTL
X-Cache-TTL-Remaining
X-Uri
Lb
X-FPC
Vix-Hermes-Req-Id
X-Srcache-Fetch-Status
X-Dynatrace-Js-Agent
X-Ssense-Shipping-Surcharge-Enabled
Sm-Log-Id
X-Srcache-Store-Status
X-Correlation-ID
X-Service-Response-Time
X-Ssense-Gql
RewriteTeamHook
X-APP-VERSION
Srv
X-Ion-Healthy
RewriteTestHook
Cache-Contol
X-Ckpd-Fst-Backend
X-Oracle-Dms-Rid
X-Jungle-Id
X-Ion-Hop
X-Fastly-Cache
X-Nitro-Cache
Log-Origin
X-Air-Source
X-Cdn-Cache-Status
X-Air-Trace-Id
Cmstype
X-Air-Hostname
Thinkindot-Control
Cmsid
On-Server
My-App
X-Fastly-Cache-Status
X-Debug-Service
Hostname
Av-Poweredby
X-From
X-Up
X-Udemy-Cache-App-Namespace
ServerHost
X-NC
X-WA
Server-Id
X-Vc
X-Cms-Device
X-Ee-Request-Id
Store-Cloud-Cache
X-Save-Cache
X-Akamai-Pragma-Client-IP
X-Amz-Meta-Opti
Cf-Ipcountry
Time-Cloud-Cache
Geoip-Latitude
X-Ee-Request-Date
AKAMAI
X-Ee-Generated-By
X-Lb-Id
X-Fastly-Backend-Reqs
CacheControlHeader
X-PHP-Backend
X-Vary-Devices
X-Ee-Origin
X-Cache-Ttl
X-Via-PopV
X-Github-Request-Id
X-Via-PopH
X-App
X-Ha-Backend
X-Proxy-Cache-La3
Xkeylog
Xkey-La3
X-Oracle-DMS-ECID
X-Via-PopN
X-Esi
X-Info
Cl-Cache
X-VTEX-Cache-Backend-Header-Time
Magicmarker
X-VCL-Version
X-VTEX-Cache-Backend-Connect-Time
X-LAGOON
WebServer
X-IAuth-Set-Uid
X-Check-Cacheable
X-ServedByHost
X-Limited
NtCoent-Length
X-Serial
X-Traceid
WWW-Authenticate
X-Geo
X-HS-Status
Cloudfront-Viewer-Country
X-Requestid
CountryCode
X-CDN-Cache-Status
Origin-Site
X-Dw-Trace-Id
X-MSEdge-Flight
X-MSEdge-Features
Warning
X-Sucuri-Id
CDN
X-New
X-Akamai-Transformed
X-SRCache-Key
X-Lb-Nocache
X-Varnish-Hostname
X-Acquia-Purge-Tags
X-Acquia-Application-UUID
X-Acquia-Application-Trace
FSS-Cache
Reporter
X-Pod
X-Wp-Cf-Super-Cache-Cache-Control
Epwk-X-Cache
X-Eligible
X-Mg-Cache
X-Rollout
X-Wp-Cf-Super-Cache
X-Html-Minification-Powered-By
X-Acquia-Site
X-V
X-Td-Header-From-No-Data
X-Platform-Processor
X-Platform-Cluster
X-Platform-Router
X-Lsadc-Cache
X-Web-Server
Thinkindot-Cache-Type
X-Ms-Blob-Type
X-Region-Sid
X-Orig-Cache-Control
Timeexpire
X-Forwarded-Site
X-Akamai-ERRuleID
X-Akamai-ERPolicy
Cneonction
X-Tncms-Bot-Tier
CF-Cached-On
X-BBC-Origin-Response-Status
X-Elasticpress-Query
X-Ramcache
X-Ms-Lease-Status
Machine