Threat Level: green Handler on Duty: Daniel Wesemann

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
X-Frame-Options
Expires
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
CF-Cache-Status
Cf-Request-Id
ETag
Accept-Ranges
Expect-CT
CF-RAY
Pragma
X-Powered-By
X-Cache
Via
X-XSS-Protection
Age
Content-Security-Policy
Alt-Svc
Report-To
NEL
Referrer-Policy
Access-Control-Allow-Origin
X-Xss-Protection
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
X-Served-By
P3P
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Request-Id
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
Accept-CH
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
CF-Ray
Content-Security-Policy-Report-Only
X-Runtime
X-DNS-Prefetch-Control
X-AspNet-Version
P3p
X-Drupal-Cache
Server-Timing
X-Generator
X-Cache-Status
X-Cacheable
X-Envoy-Upstream-Service-Time
X-FRAME-OPTIONS
Timing-Allow-Origin
X-Iinfo
X-Drupal-Dynamic-Cache
Permissions-Policy
X-Request-ID
X-Ua-Compatible
X-Content-Security-Policy
Access-Control-Expose-Headers
Feature-Policy
Upgrade
Content-Encoding
Status
X-CDN
X-Check
X-AspNetMvc-Version
Access-Control-Max-Age
Host-Header
Cf-Edge-Cache
X-Robots-Tag
Request-Context
X-Amz-Request-Id
X-Amz-Id-2
X-Backend
X-Hacker
X-Turbo-Charged-By
Cf-Apo-Via
X-Cache-Group
X-Proxy-Cache
Keep-Alive
X-Via
X-Rq
X-Age
X-UA-Device
EagleId
X-Server
X-Dispatcher
X-Vhost
X-Amz-Version-Id
X-AH-Environment
X-Ws-Request-Id
X-Dns-Prefetch-Control
Accept-CH-Lifetime
X-Varnish-Cache
X-Litespeed-Cache
Grace
X-Server-Powered-By
X-Pingback
X-Swift-SaveTime
X-Swift-CacheTime
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
Allow
X-OneAgent-JS-Injection
Ali-Swift-Global-Savetime
X-WebKit-CSP
X-Cache-Lookup
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Page-Speed
X-Cloud-Trace-Context
X-Device
X-Backend-Server
Xkey
X-Akam-SW-Version
EagleEye-TraceId
X-Host
Surrogate-Control
X-Response-Time
Cf-Railgun
X-Readtime
X-Node
X-HW
X-Server-Id
Request-Id
X-Ruxit-JS-Agent
X-LiteSpeed-Cache
X-Country
X-Url
X-Nginx-Cache-Status
X-Content-Type
Cache-Tag
Content-Location
X-Nginx-Upstream-Cache-Status
X-Application-Context
X-NWS-LOG-UUID
X-Clacks-Overhead
Service-Worker-Allowed
X-Trace
Fastly-Restarts
Cross-Origin-Opener-Policy
X-Country-Code
X-Amz-Server-Side-Encryption
X-Times
X-Rack-Cache
X-PC
X-TtlSet
X-Vname
X-Midtier
X-Mcache
X-Edge
Surrogate-Key
Rating
X-Server-Name
X-Middleton-Display
X-Sol
Pagespeed
X-Cache-TTL
Display
X-Browser-Type
X-Cnection
X-Element-Page-Cache
X-Abt-Application-Version
X-GoogleNews-Bot
X-Kinja-Server
X-Kinja-Build
X-Kinja
X-Exp-Variant
X-Cdn-Fetch
X-Exp-Id
X-Kinja-Revision
X-ESI
X-Oneagent-Js-Injection
Nginx-Cache
X-Powered-By-Plesk
X-GitHub-Request-Id
Edge-Control
X-Ser
X-ECACHE
X-D2id
Verso
X-Ac
X-Vcap-Request-Id
X-MS-InvokeApp
X-Client-IP
X-Dw-Request-Base-Id
X-ORACLE-DMS-RID
X-ARC
X-B3-TraceId
X-Middleton-Response
Response
X-Amz-Rid
X-CST
X-Powered-CMS
X-Goog-Hash
X-Navigation-Version
X-Upstream
X-Wormhole-Sdk
X-Kinsta-Cache
X-Edge-Location-Klb
X-Erf-Bev-Bev
X-Kraken-Loop-Name
X-Instrumentation
X-Erf-Bev-Bev-Is-Generated
X-PDP-UNCACHING-HASH
X-Server-Lifecycle-Phase
Accept-Ch-Lifetime
X-Forwarded-For
X-Daa-Tunnel
X-Ratelimit-Limit
X-Amzn-Trace-Id
X-Ruxit-Js-Agent
X-Cache-Key
RTSS
X-FastCGI-Cache
SPIisLatency
SPRequestDuration
X-Ratelimit-Remaining
X-Server-ID
AR-Request-ID
AR-SID
AR-ATIME
AR-PoweredBy
X-NF-Request-ID
X-Mod-Pagespeed
Edge-Cache-Tag
Cache-Status
X-ORACLE-DMS-ECID
Public-Key-Pins
X-Version
X-Ezoic-Cdn
X-Mg-S
X-Content-Digest
X-Ttl
X-SharePointHealthScore
SPRequestGuid
S
Realpath
X-Fastly-Request-ID
Cross-Origin-Resource-Policy
AR-CACHE
X-T
X-Shield-Request-Id
X-MSEdge-Ref
Fastcgi-Cache
X-Cached
X-Recruiting
X-Ua-Device
X-Accel-Expires
X-Varnish-TTL
Front-End-Https
X-Distributor
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-TTL
TP-Cache
Access-Control-Request-Method
X-Azure-Ref
X-Newrelic-App-Data
X-Request-Processing-Time
X-Request-Received
X-Ua-Browser
X-Id
Arr-Disable-Session-Affinity
Count-Hit
X-HS-Hub-Id
X-HS-Content-Id
Origin-Trial
X-HS-Cache-Config
X-Debug
Server-Node
MicrosoftSharePointTeamServices
X-LLID
X-Content-Security-Policy-Report-Only
Cache-Tags
Pinterest-Version
Pinterest-Generated-By
X-VARITI-CCR
X-Pinterest-Rid
X-Ismobilevalue
X-Frontend
X-Cluster-Name
X-PressLabs-Stats
X-HS-Combine-CSS
X-Correlation-Id
X-Aspnetmvc-Version
X-Hits
Accept-Ch
X-Varnish-Backend
X-GUploader-UploadID
Payment
X-Amz-Replication-Status
X-Protected-By
X-Goog-Metageneration
X-Xrds-Location
X-NGENIX-Cache
X-LB-Cache
X-Microsite
X-Request-Handler-Origin-Region
X-Unique-Id
X-Forwarded-Proto
Cleartype
X-Nf-Request-Id
X-Varnish-Server
X-FB-Debug
X-AppVersion
X-Logged-In
X-Www-Served-By
Host
X-Git-Hash
X-Az
X-Activity-Id
Content-Disposition
X-Ratelimit-Reset
X-Tt-Trace-Tag
X-Tt-Trace-Host
Filterid
X-Hostname
X-Page-Id
Akamai-GRN
X-DIS-Request-ID
X-Cambria-Cache-Control
X-HP-Trace-Id
X-HP-Webp
X-Jurisdiction
X-App-Server
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Template
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
X-FTR-Request-ID
X-Geo-Country
X-Aspnet-Version
X-Fastcgi-Cache
Access-Control-Allow-Method
X-ASPNET-VERSION
Frame-Options
X-Origin-Server
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Varnish-Ttl
X-Load-Cache
X-Upgrade-Enabled
MS-Author-Via
Retry-After
X-WP-CF-Super-Cache-Cache-Control
X-Type
X-WP-CF-Super-Cache
Fastly-SIE
Version
Viewport
Fastly-SWR
X-Ah-Environment
Section-Io-Cache
X-Content-Options
Accept-Charset
X-Cache-Control
X-TT
X-Fb-Rlafr
Content-MD5
X-B3-Sampled
X-B
X-Rid
Amp-Access-Control-Allow-Source-Origin
X-Grace
X-Envoy-Decorator-Operation
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Source
X-Request-Guid
X-Vcl-Version
X-Trace-Id
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Cdn
Trailer
X-Device-Type
X-Tec-Api-Version
X-Tec-Api-Root
X-Tec-Api-Origin
X-Revision
X-Cache-Age
Healthy
X-Language
Server-Name
X-Magnolia-Registration
X-Buckets
X-Webkit-CSP
X-RateLimit-Remaining
X-Origin-Cache
X-Px
X-Mobile
X-CSRF-Token
X-WP-CF-Super-Cache-Active
TCN
X-Backend-Name
X-Contextid
X-Amz-Meta-S3cmd-Attrs
X-TraceId
X-Akamai-Edgescape
X-HS-Prerendered
X-App-Environment
X-Status
X-RM-Cache-TTL
X-Tumblr-User
X-Tumblr-Pixel-1
X-Proxy
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Varnish-Grace
X-Environment-Context
X-RemovedCookies
X-Instance
X-L-Path
X-Rule
X-ProcessESI
X-Debug-Info
X-NYM-Debug-Backend
X-Node-Name
X-Mg-Request-UUID
X-FW-Version
X-FW-Type
NGB
SD-X-WS
X-Proxy-Cache-Info
X-Webkit-Csp
X-Region
Cross-Origin-Window-Policy
X-Edge-Location
GEO-INFO
X-FW-Serve
X-FW-Server
X-Storage
X-FW-Hash
X-Framework
X-FW-Dynamic
X-FW-Static
X-UUID
X-ServerID
Access-Control-Request-Headers
X-EdgeConnect-Cache-Status
X-Rendered-As
X-Adobe-Content
X-RTag
Ms-Operation-Id
X-Cacheable-TTL
MS-CV
X-Datadog-Sampling-Priority
X-Adobe-Loc
X-Debug-IsPreview
X-Debug-IsConnected
X-Datadog-Trace-Id
X-Datadog-Sampled
X-Content-Powered-By
X-Datadog-Parent-Id
X-Cache-Time
X-Is-Bot
X-Yottaa-Metrics
X-G
X-Yottaa-Optimizations
Charset
Upgrade-Insecure-Requests
Protected
DC
X-HTML-Minification-Powered-By
X-Whom
Paypal-Debug-Id
X-Seen-By
Countrycode
X-User-Agent
Webserver
Cross-Origin-Embedder-Policy-Report-Only
Refresh
OT-Force-Account-Verify
X-Lambda-Id
X-Response-Served-From
X-Original-Request-Id
Front
Section-Io-Id
X-VC
X-WebKit-CSP-Report-Only
X-Reqid
X-ECache
X-VHOST
X-Amzn-Remapped-Content-Length
Alternate-Protocol
SRV
X-IPS-LoggedIn
X-B3-Traceid
X-AB
X-Server-W
Priority
X-TT-LOGID
X-Akamai-Request-ID2
X-Cache-Status-Check
X-N
Country
X-WP-CF-Super-Cache-Cookies-Bypass
Backend
X-CCDN-Origin-Time
X-CCDN-CacheTTL
Liferay-Portal
X-Hcs-Proxy-Type
X-Time
X-Nginx-Cache
X-B3-SpanId
X-Real-IP
X-Mode
Xet-Cookie
Onion-Location
Meta-Geo
Filters
Property-Id
ServerID
Fastcgi-Useragent
TWC-Connection-Speed
TWC-Device-Class
TWC-Locale-Group
Webcakes-App-Name
Environment
TWC-GeoIP-LatLong
Webcakes-Region
TWC-Privacy
TWC-GeoIP-Country
Webcakes-App-Version
X-JoinUs
X-FB-TRIP-ID
X-Rewrite-Enabled
X-Format
X-Hl-Ver
X-Origin-Hint
X-Rn-Rsrv
X-UPSTREAM-Address
X-SaId
X-Cache-Host
X-Tumblr-Pixel-2
X-Tb
X-Rocket-Nginx-Serving-Static
X-Origin-Date
X-Varnish-Age
X-Scope-Id
X-SayCDN-TTL
X-Say-Cacheable
Uber-Trace-Id
X-Restarts
Mn-Server-Ip
X-Redis-Cache
Web-Mar-Node
X-R9-Blue-Green-Version
X-VC-Cache
X-Fetched-On
Expiry
X-Accel-Version
X-Connection-Hash
X-Cluster-Node
DB-Nickname
X-Cache-Action
X-Cache-Expired-At
X-Skip-Cache
X-Frame-Option
X-IPLB-Instance
X-Hosted-By
X-IPLB-Request-ID
From-Origin
X-Say-TTL
X-Varnish-Beresp-Grace
X-Soup
X-Web-Node
X-Vcache
X-Varnish-Cache-Hits
X-Webstats-RespID
X-ProxyCache-Key
X-Handled-By
X-Httpd
X-Tncms
X-Forwarded-Host
X-Director
X-BYPASS-REASON
X-Cms-Context
Apigw-Requestid
X-Labrador-Cache-Channel
Atl-Traceid
X-Fastly-Request-Id
X-PHP-Host
X-Request-URI
X-Logging-Id
X-Loop
X-ProxyCache-Status
X-Timing-Wait
Url
X-Auth-Group-Type
X-Cluster
X-Adobe-Source
X-Proxy-Build
X-Served-From
Selected-Fe
X-Servername
ServedBy
Accept-Language
X-Origin-CC
X-Origin-TTL
X-Cloudmap
X-Detected-As
X-Zipkin-Id
X-S
X-Routing-Service
X-Proxied
X-Origin
Cross-Origin-Embedder-Policy
X-Extlb
X-Hit
X-DynaTrace
Referer-Policy
N-Cache
X-Generated-By
X-Ms-Version
X-Ms-Request-Id
X-Tumblr-Pixel-3
WPO-Cache-Message
WPO-Cache-Status
X-XRDS-Location
X-LSADC-Cache
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
Xserver
X-Wix-Request-Id
X-DataDome
X-Lagoon
X-SRV
X-Azure-Ref-OriginShield
Surrogated-Key
Cross-Origin-Opener-Policy-Report-Only
X-Xfnlog-Site
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Worker
Source
X-CLOUD-TRACE-CONTEXT
X-App-Version
X-NWS-UUID-VERIFY
LB
X-Sucuri-Cache
X-Generation-Time
Ohc-File-Size
X-RCS-CacheZone
X-Cache-Debug
CF-IPCountry
X-Via-JSL
X-Drupal-Cache-Tags
X-VCT
X-Drupal-Cache-Contexts
Node
X-F-Cache
X-HS-CF-Cache-Status
X-Cdn-Origin
X-Proxy-Cache-Status
X-Is-Tablet
X-Is-Supported-Browser
X-Is-Mobile
X-Geo-Region
X-Is-Desktop
X-MP-GENERATED-AT
X-Tcp-Rtt
X-Sucuri-ID
X-Browser-Name
X-No-Session
X-Cache-Hit
X-Urbn-Site-Id
X-NODE
X-Urbn-Context-Path
Locale
X-Signature
X-Upstream-Ct
X-Upstream-Ht
X-Varnish-Beresp-Ttl
CDN-RequestId
X-B-Cache
X-FTR-Balancer
X-ElasticPress-Query
X-FTR-Expires
X-Country-Code-Real
X-TA-CDN-Provider
X-FTR-Backend-Server
X-FTR-Cache-Status
X-Tx-Id
X-FTR-Backend
X-Storefront-Renderer-Rendered
X-Cache-Operation
X-Sorting-Hat-PodId
X-Mly-Id
X-Alternate-Cache-Key
Cache
X-Shopify-Stage
X-Sorting-Hat-ShopId
X-ShopId
X-Cache-Rule
X-UA
X-ShardId
Meta-Geo-Continent
Odigeo-Trace-Id
PFcat
Origin
Ngx.Var.Host
Fastly-GeoIP-CountryCode
Cache-Provider
Candidate-Md5Url
Cluster
Content-Secure-Policy
BehaviorPad-Version
Apple-News-Services-Request-Url
Apple-News-Services-Handled
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
DCR-Decision-By
DCR-Processing-Time-Ms
Host-ID
L5d-Success-Class
Lang
Mail-Subject
HA-Ipaddr
Ha-Gx-Prefs
Expect-Staple
Fastly-Backend-Name
Fl-Custom-Application
MD5-Digest
X-A-Dcw
X-Ig-Push-State
X-Ig-Origin-Region
X-Jobs
X-Mvc-Supplant-Cachable
X-Op-Id-All
X-Nyt-Route
X-HN
X-GeoCountry
X-Ec-GeoHdr
X-Ec-Fail
X-Eu-Site
X-FC-Vary-Parameters
X-GeoCode
X-Gdpr
X-ORCA-Accelerator
X-Org
X-TIM-N
X-Section
X-VarnishDD-TTL
X-Vdms-Version
Xc-Version
X-Vtex-Remote-Cache
X-ScT
X-Rojux
X-Path
X-Origin-Time
X-PAYTM-SRV-ID
X-Platform-Server
X-Proxied-Request
X-Proto
X-DPWN-IS-SECURE
X-Developer
X-A-Ccd
X-A
X-A-Dam
X-A-Dgt
X-AB-Test
X-A-Wwc
Wxu-Next-Region
Wxu-Next-Hostname
Rendered-Blocks
Redirect-Candidate
Sslversion
User-Agent
We-Hiring
W
X-Access
X-Aed
X-Conf
X-CGP
X-Csrf-Jwt
X-D
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-Cache-NE
X-Cache-Info
X-App-Name
X-Aicache-OS
X-Backend-Instance
X-Bc-Bl
X-Bug-Bounty
X-BCube-Filmed-By
Producers
Wxu-Next-Commit
AMP-Access-Control-Allow-Source-Origin
X-INCAP-ABP
X-Locale
Mime-Version
X-HS-Content-Campaign-Id
NM-Fastcgi-Cache
X-AK-Request-ID
X-Thinkindot-L3
X-Akamai-Device-Characteristics
X-Slack-Shared-Secret-Outcome
X-Slack-Backend
X-Irp-Debug
X-Accel-Expires-Debug
Origin-Agent-Cluster
X-Litespeed-Tag
X-Shield-Cache-Expires
L
X-Varnish-CookieINHashed-On
X-Varnish-CookieHashed-On
Gannett-Cam-Experience-Id
X-GoCache-CacheStatus
X-Varnish-Director
Fastly-SSL
Gh-Request-Id
X-Gzip
X-Hash
Platform
X-V-Cache
X-Var-Ttl
X-Amz-Storage-Class
X-Varnish-Authentication
X-Amz-Meta-Cb-Modifiedtime
X-Scheme
TDXMobile
Thinkindot-CacheControl
X-Policy
X-NMSegId
X-Powered-By-VTEX-Cache
X-Mvc-Supplant-OutputCached
Thinkindot-CacheControl-Type
X-Platform
V-Age
X-NodeID
X-Origin-Expires
X-Node-Id
X-Service
Web-Mar-Region
X-Micro-Cache
X-Request-Time
Req-Svc-Chain
X-Depends
X-SB
Esi-Enabled
Product
X-Level-Front-Cache
RNT-Machine
X-Req
X-Location
Server-Host
X-Loc
RNT-Time
X-SD-PageType
X-Auto-Login
Azure-SlotName
Azure-Version
Azure-SiteName
Azure-RegionName
X-We-Are-Hiring
Azure-InstanceId
X-VTEX-Cache-Time
X-VTEX-Cache-Server
X-Viewer-Country
CDCHOST
Canary
X-Vmg-Version
X-B3-Trace-ID
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-Esi-Check
X-Clientip
X-Epic-Correlation-Id
X-Edge-Server
X-Contensis-Viewer-Groups
X-Fastly-Backend
X-Content-Length
X-Cached-By
X-Gamma-Serve
X-CacheTTL
X-Fmm-Version
X-Cdn-Srv
X-GeoIP
X-Generated-On
X-GeoIP-Country-Code
Content-Script-Type
X-VG-WebCache
X-Bl-Debug
Cdnsip
X-Via-Fastly
X-Varnishpool
Content-Style-Type
X-GeoIP-Region-Code
Debug
X-DefHash
X-Varnish-Remaining-TTL
X-BBC-Edge-Cache-Status
X-DefElseHash
Cdncip
X-Cache-Grace
X-Date
X-Core-Value
Cdn-Host
X-Cache-Id
X-Dispatcher-Server
Cdn-Request-Time
X-Cache-Aspx
X-GeoIP-City
X-Site-Version
X-Pad
Akamai-Mon-Iucid-Del
X-Ec-Custom-Error
User-Cache-Control
X-Content-Age
X-CUA
X-Gen-Mode
X-Block-Status
X-Bip
Tube-Return
X-Cache-FS-Status
X-Hnp-Log
X-Acquia-Purge-Cdn-Unconfigured
X-Internal-TTL
X-Human
X-Men
Release
DSUID
X-Varnish-Beresp-Status
Tube-Got-Results
X-VG-TLSProxy
Click-Count-Error
IsBot
X-UA-Device-Type
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Tb-Optimization-Total-Bytes-Saved
X-Thanos
Click-Count-Action-Start
CDN-Uid
XM
CDN-Cache
Yak-Timeinfo
X-VServer
X-Geolocation
CDN-CachedAt
CDN-EdgeStorageId
CDN-RequestPullSuccess
CDN-RequestPullCode
CDN-RequestCountryCode
CDN-PullZone
X-Sn-Servicetimems
Country-Code
X-Request-Host
X-Request-Start
Req-ID
Tube-Get-Contents
X-Pubstack
X-Pool
X-Origin-Response-Time
ServerName
Pramga
Tube-Got-Eval
Origin-CC
X-SIPLIST1
NGX
X-Server-IP
Origin-EX
X-CDN-Forward
X-Via-SSL
X-Via-Edge
X-IsAdmin
X-B-Cookie
X-S-Cookie
X-Via-CDN
X-NGINX-Cache
X-External-Request-Id
X-Cache-Date
A
Edge-Copy-Time
X-Destination
X-Application
Ssr
XkeyRZ
X-LB-NoCache
X-Varnish-Hits
X-HOST
X-RateLimit-Limit
X-Cache-Bucket
X-RID
Cache-Key
X-Proxy-CacheRZ
Sid
X-GEO
X-CACHE-GROUP
X-Newrelic-Synthetics
X-Cdn-Forward
X-Cs
Cdn-Requestid
X-ZONE
X-Zen-Fury
X-User
X-Refresh
X-Dc
X-Api-Version
X-Resp-Is-Stale
X-Nananana
X-HITS
CloudFront-Viewer-Country
X-Servedbyhost
X-Tt-Logid
TP-L2-Cache
X-Optimistic-Header
X-VC-TTL
Fastly-Drupal-HTML
X-RequestId
Ohc-Cache-HIT
X-APP
GeoIP-Latitude
Proxy-Firewall
Server-ID
X-Via-Popv
X-B3-Spanid
X-AIR-PT
C-Via
X-Via-Poph
X-HA-Backend
X-Via-Popn
X-DC
X-Air-Pt
X-Wa
X-TH-Server
X-Vgn-Hpd-Reason
Fastly-Drupal-Html
True-Client-Country-4JS
X-Endurance-Cache-Level
X-Nc
X-LB-ID
X-LiteSpeed-Tag
X-Datadome
X-Test
HostName
Server-Hostname
X-Webkit-Csp-Report-Only
Server-Ext
X-B3-Parentspanid
Sever-Int
X-DynaTrace-JS-Agent
X-XRDS-LOCATION
Cdn
X-LiteSpeed-Cache-Control
X-Srv
X-Presslabs-Stats
X-Old-Content-Length
WP-Super-Cache
X-COUNTRY
Adler-Geo
X-Oracle-Dms-Ecid
X-Moov-Xdn-Version
X-URL
X-VWS-Id
X-Moov-T
X-AWS-Id
X-Moov-Xdn-Caching-Status
X-LJ-Flow-ID
Is-Eu
X-CS
X-Dispatcher-Number
GeoIp-Country-Code
WZWS-RAY
X-Provided-By
X-Nginx-Cache-Key
X-Parent-Response-Time
X-Zone
X-CACHE-AGE
X-Fpc
X-HubSpot-Correlation-Id
SID
X-API-Version
X-DataCenter
X-Action
X-Custom-Header
X-Geo-Header
X-NewRelic-App-Data
T-Server
X-Litespeed-Cache-Control
X-Pass-Why
S-Rt
X-ND-Cache
Location
X-Cache-VC
True-Client-Ip
X-Thinkindot-L1
X-Vercel-Id
X-Vercel-Cache
Uri
Cache-Tv-Group
N1-Cache
X-Cache-Server
SEZNAM-JOBS-OFFER
X-CMSURLCustom
X-Ua
Vc-Max-Age
True-Client-IP
Pics-Label
X-Datacenter
Resin-Trace
X-TX-ID
X-SERVER-NAME
Tcn
Cache-Hits
TWC-GeoIP-DMA
X-ApacheServer
X-Stale
X-PERF
Serverhost
TWC-GeoIP-Region
TWC-GeoIP-City
Powered-By
GeoIP-Country-Code
X-Client-Ip
X-Varnish-Beresp-TTL
Vix-Hermes-Req-Id
X-Render-Time
X-WA-Info
X-FPC
X-Dynatrace-Js-Agent
X-Srcache-Fetch-Status
Sm-Log-Id
X-Service-Response-Time
X-Correlation-ID
X-Srcache-Store-Status
X-Oracle-Dms-Rid
X-Ckpd-Fst-Backend
X-Cache-TTL-Remaining
Srv
Lb
X-APP-VERSION
X-Fastly-Cache
X-Nitro-Cache
X-Uri
X-Ssense-Shipping-Surcharge-Enabled
X-Ssense-Gql
Thinkindot-Control
X-Jungle-Id
X-Ion-Healthy
X-Debug-Service
X-Ion-Hop
Hostname
Cache-Contol
X-Cdn-Cache-Status
Av-Poweredby
X-Fastly-Cache-Status
Log-Origin
RewriteTeamHook
On-Server
RewriteTestHook
X-Udemy-Cache-App-Namespace
X-NC
Server-Id
Cmsid
Cmstype
My-App
ServerHost
X-Air-Source
X-Air-Hostname
X-WA
X-Air-Trace-Id
X-Vc
X-From
X-Up
X-Ee-Origin
X-Ee-Request-Id
X-Lb-Id
X-Ee-Generated-By
X-Ee-Request-Date
X-Cms-Device
Cf-Ipcountry
X-Amz-Meta-Opti
X-Save-Cache
Store-Cloud-Cache
Time-Cloud-Cache
X-PHP-Backend
AKAMAI
Geoip-Latitude
X-Vary-Devices
X-Cache-Ttl
Xkeylog
X-Via-PopN
X-Via-PopH
X-Via-PopV
X-Fastly-Backend-Reqs
X-Ha-Backend
X-Github-Request-Id
X-Oracle-DMS-ECID
X-Proxy-Cache-La3
Xkey-La3
X-App
CacheControlHeader
X-Akamai-Pragma-Client-IP
X-Esi
X-VTEX-Cache-Backend-Connect-Time
Magicmarker
Cl-Cache
X-Info
X-VTEX-Cache-Backend-Header-Time
X-VCL-Version
X-LAGOON
X-Limited
X-IAuth-Set-Uid
WebServer
X-Geo
X-Traceid
Cloudfront-Viewer-Country
X-Requestid
WWW-Authenticate
X-ServedByHost
CountryCode
X-HS-Status
X-Sucuri-Id
X-MSEdge-Flight
NtCoent-Length
X-Serial
X-Check-Cacheable
X-Dw-Trace-Id
Warning
X-MSEdge-Features
X-CDN-Cache-Status
CDN
Origin-Site
X-Lb-Nocache
X-Rollout
X-Html-Minification-Powered-By
X-New
Reporter
X-Wp-Cf-Super-Cache
X-Acquia-Purge-Tags
X-Acquia-Application-UUID
X-Akamai-Transformed
X-Acquia-Application-Trace
X-Wp-Cf-Super-Cache-Cache-Control
FSS-Cache
X-Acquia-Site
X-Eligible
X-Pod
X-V
Thinkindot-Cache-Type
X-Ramcache
X-Web-Server
X-Mg-Cache
X-SRCache-Key
X-Varnish-Hostname
Epwk-X-Cache
X-Lsadc-Cache
X-Platform-Cluster
X-Platform-Router
X-Td-Header-From-No-Data
X-Region-Sid
X-Akamai-ERPolicy
X-Forwarded-Site
X-Akamai-ERRuleID
X-Platform-Processor
X-Orig-Cache-Control
Machine
Timeexpire
Cneonction
X-BBC-Origin-Response-Status
X-Ms-Lease-Status
X-Elasticpress-Query
X-Tncms-Bot-Tier
CF-Cached-On
X-Ms-Blob-Type