Threat Level: green Handler on Duty: Jim Clausing

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
X-Frame-Options
Expires
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
Accept-Ranges
Expect-CT
CF-RAY
Pragma
X-Powered-By
X-XSS-Protection
X-Cache
Via
Age
Content-Security-Policy
Report-To
Alt-Svc
NEL
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Xss-Protection
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
X-Served-By
P3P
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Request-Id
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
CF-Ray
Content-Security-Policy-Report-Only
X-Runtime
X-DNS-Prefetch-Control
X-AspNet-Version
X-Drupal-Cache
X-Generator
Server-Timing
X-Cache-Status
P3p
X-Request-ID
X-Cacheable
X-Envoy-Upstream-Service-Time
Timing-Allow-Origin
X-FRAME-OPTIONS
X-Iinfo
X-Drupal-Dynamic-Cache
X-Check
Permissions-Policy
X-Content-Security-Policy
Access-Control-Expose-Headers
Feature-Policy
Upgrade
Content-Encoding
Status
X-CDN
X-Ua-Compatible
X-AspNetMvc-Version
Access-Control-Max-Age
Host-Header
Cf-Edge-Cache
Accept-CH
X-Robots-Tag
Request-Context
X-Amz-Request-Id
X-Amz-Id-2
X-Backend
X-Hacker
X-Turbo-Charged-By
X-Cache-Group
X-Proxy-Cache
Keep-Alive
Cf-Apo-Via
X-Via
X-Rq
Accept-CH-Lifetime
EagleId
X-Server
X-Age
X-UA-Device
X-Dispatcher
X-Vhost
X-Amz-Version-Id
X-AH-Environment
X-Ws-Request-Id
X-Dns-Prefetch-Control
X-Varnish-Cache
Grace
X-Server-Powered-By
X-WebKit-CSP
X-Litespeed-Cache
X-Swift-CacheTime
X-Swift-SaveTime
X-Styx-Req-Id
Allow
X-Pantheon-Styx-Hostname
X-Pingback
X-OneAgent-JS-Injection
X-Cache-Lookup
Ali-Swift-Global-Savetime
X-Page-Speed
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Device
EagleEye-TraceId
X-Backend-Server
X-Akam-SW-Version
X-Cloud-Trace-Context
X-Host
X-Response-Time
Surrogate-Control
Cf-Railgun
X-Readtime
X-LiteSpeed-Cache
X-Server-Id
X-Node
X-HW
X-Ruxit-JS-Agent
Xkey
Request-Id
X-Country
X-Url
X-Nginx-Cache-Status
X-NWS-LOG-UUID
X-Application-Context
X-Content-Type
Cache-Tag
Content-Location
X-Nginx-Upstream-Cache-Status
X-Clacks-Overhead
Service-Worker-Allowed
X-Trace
X-Amz-Server-Side-Encryption
Cross-Origin-Opener-Policy
Fastly-Restarts
X-Times
X-Vname
X-TtlSet
X-PC
X-Rack-Cache
X-Edge
X-Mcache
X-Midtier
X-Country-Code
Rating
Surrogate-Key
X-Server-Name
X-Browser-Type
X-Sol
X-Middleton-Display
Pagespeed
Display
X-Cnection
X-Element-Page-Cache
X-Abt-Application-Version
X-Kinja-Build
X-Kinja-Revision
X-Kinja-Server
X-Kinja
X-Cdn-Fetch
X-ESI
X-Exp-Id
X-Exp-Variant
X-GoogleNews-Bot
X-Cache-TTL
X-Ser
X-GitHub-Request-Id
Nginx-Cache
X-Powered-By-Plesk
Edge-Control
X-Oneagent-Js-Injection
X-D2id
Verso
X-Ac
X-Vcap-Request-Id
X-ARC
X-Dw-Request-Base-Id
X-Client-IP
X-MS-InvokeApp
X-ORACLE-DMS-RID
X-Daa-Tunnel
X-Navigation-Version
X-Amz-Rid
X-Upstream
X-CST
X-Goog-Hash
X-Middleton-Response
Response
X-Powered-CMS
X-Aspnet-Version
X-B3-TraceId
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Server-Lifecycle-Phase
X-Ttl
X-Instrumentation
X-Kraken-Loop-Name
X-PDP-UNCACHING-HASH
X-Kinsta-Cache
X-Edge-Location-Klb
X-ECACHE
AR-PoweredBy
AR-ATIME
AR-SID
AR-Request-ID
X-Amzn-Trace-Id
X-Cache-Key
X-NF-Request-ID
X-Forwarded-For
Accept-Ch-Lifetime
X-Ratelimit-Limit
X-Ua-Device
X-Mod-Pagespeed
X-Wormhole-Sdk
RTSS
SPRequestDuration
SPIisLatency
Edge-Cache-Tag
Cache-Status
X-Ratelimit-Remaining
X-Server-ID
X-ORACLE-DMS-ECID
AR-CACHE
X-Version
X-FastCGI-Cache
X-Mg-S
Public-Key-Pins
X-Ruxit-Js-Agent
X-Ezoic-Cdn
Cross-Origin-Resource-Policy
S
Realpath
X-SharePointHealthScore
SPRequestGuid
X-MSEdge-Ref
X-Shield-Request-Id
X-Content-Digest
Fastcgi-Cache
X-T
X-Cached
X-Recruiting
Access-Control-Request-Method
X-Accel-Expires
X-Distributor
X-Newrelic-App-Data
X-Correlation-Id
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
Arr-Disable-Session-Affinity
TP-Cache
Front-End-Https
Count-Hit
X-Debug
X-Request-Processing-Time
X-HS-Cache-Config
X-Request-Received
X-HS-Content-Id
X-HS-Hub-Id
X-Content-Security-Policy-Report-Only
Server-Node
X-Id
X-Ua-Browser
MicrosoftSharePointTeamServices
X-LLID
X-VARITI-CCR
X-HS-Combine-CSS
X-Azure-Ref
X-Frontend
X-Fastly-Request-ID
X-Varnish-TTL
X-PressLabs-Stats
Cache-Tags
X-Cluster-Name
X-Ismobilevalue
X-Hits
Payment
X-Amz-Replication-Status
X-LB-Cache
X-Forwarded-Proto
X-Varnish-Backend
X-GUploader-UploadID
X-Goog-Metageneration
Accept-Ch
X-Varnish-Ttl
X-Microsite
X-Request-Handler-Origin-Region
X-Protected-By
Filterid
Host
X-Git-Hash
X-FB-Debug
X-Unique-Id
X-Logged-In
Cleartype
X-Varnish-Server
X-Az
X-Activity-Id
X-AppVersion
Content-Disposition
X-Ratelimit-Reset
X-Www-Served-By
X-Hostname
X-App-Server
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-NGENIX-Cache
X-Amzn-RequestId
X-Amz-Apigw-Id
X-HP-Trace-Id
X-HP-Webp
X-Jurisdiction
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
X-DIS-Request-ID
X-Page-Id
X-TTL
Access-Control-Allow-Method
X-Fastcgi-Cache
X-Geo-Country
Origin-Trial
Retry-After
Pinterest-Version
X-Origin-Server
Pinterest-Generated-By
X-Pinterest-Rid
X-Load-Cache
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
X-Upgrade-Enabled
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
MS-Author-Via
X-Nf-Request-Id
Akamai-GRN
Accept-Charset
X-ASPNET-VERSION
X-Cambria-Cache-Control
X-Type
Section-Io-Cache
Fastly-SWR
X-Fb-Rlafr
Fastly-SIE
X-Template
Viewport
X-Cache-Control
X-B3-Sampled
X-TT
X-B
X-Content-Options
Content-MD5
X-TEC-API-ORIGIN
X-Grace
X-TEC-API-ROOT
Version
X-Ah-Environment
X-TEC-API-VERSION
Frame-Options
X-ECache
X-RateLimit-Remaining
X-Request-Guid
X-Revision
X-Trace-Id
X-SRCache-Store-Status
X-SRCache-Fetch-Status
Amp-Access-Control-Allow-Source-Origin
X-Xrds-Location
X-Amz-Meta-S3cmd-Attrs
X-Vcl-Version
Healthy
TCN
X-Envoy-Decorator-Operation
X-Origin-Cache
X-Device-Type
X-Contextid
X-Cdn
X-Magnolia-Registration
X-Source
X-CSRF-Token
X-Fastly-Request-Id
X-WP-CF-Super-Cache-Active
X-Cache-Age
Server-Name
X-Webkit-CSP
X-Rid
DC
X-Backend-Name
X-Aspnetmvc-Version
X-Px
X-Proxy
X-Mobile
X-Tec-Api-Origin
X-Tec-Api-Version
X-Tec-Api-Root
X-Varnish-Grace
X-Seen-By
X-Tumblr-Pixel-1
X-Tumblr-User
X-App-Environment
X-Tumblr-Pixel
X-RemovedCookies
X-Tumblr-Pixel-0
X-ProcessESI
Access-Control-Request-Headers
X-Debug-Info
X-Rule
X-Status
X-L-Path
X-Mg-Request-UUID
X-Framework
X-Environment-Context
X-Storage
X-RM-Cache-TTL
X-G
X-Node-Name
X-NYM-Debug-Backend
X-Debug-IsPreview
SD-X-WS
NGB
X-FW-Hash
X-Akamai-Edgescape
X-HTML-Minification-Powered-By
X-FW-Dynamic
X-Debug-IsConnected
X-FW-Serve
X-FW-Version
X-FW-Type
X-Instance
X-FW-Server
X-ServerID
X-Content-Powered-By
X-Proxy-Cache-Info
X-Region
X-Cacheable-TTL
Cross-Origin-Window-Policy
X-FW-Static
X-Language
X-Datadog-Sampling-Priority
GEO-INFO
MS-CV
X-Rendered-As
X-RTag
X-Adobe-Content
X-Datadog-Sampled
X-UUID
X-Datadog-Parent-Id
X-Datadog-Trace-Id
X-Is-Bot
X-Adobe-Loc
Ms-Operation-Id
X-Buckets
Paypal-Debug-Id
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-User-Agent
X-EdgeConnect-Cache-Status
X-Cache-Time
X-CLOUD-TRACE-CONTEXT
Countrycode
Webserver
Upgrade-Insecure-Requests
Front
Protected
X-B3-Traceid
X-WebKit-CSP-Report-Only
Trailer
Charset
X-Whom
OT-Force-Account-Verify
X-TT-LOGID
X-N
X-Edge-Location
X-Lambda-Id
X-VC
Section-Io-Id
Refresh
X-IPS-LoggedIn
X-Cache-Status-Check
X-Akamai-Request-ID2
Priority
X-AB
Country
X-Time
X-HS-Prerendered
X-VHOST
X-Reqid
X-Hcs-Proxy-Type
X-Amzn-Remapped-Content-Length
Backend
X-CCDN-Origin-Time
X-CCDN-CacheTTL
X-Hl-Ver
X-WP-CF-Super-Cache-Cookies-Bypass
Xet-Cookie
Alternate-Protocol
X-B3-SpanId
Liferay-Portal
X-Via-JSL
X-Server-W
VIX-Pulpo-Node
X-Wix-Request-Id
X-Mode
Onion-Location
Accept-Language
VIX-Pulpo-Upstream-Status
X-JoinUs
X-UPSTREAM-Address
X-Tumblr-Pixel-2
Filters
X-Fetched-On
Meta-Geo
From-Origin
X-Accel-Version
Fastcgi-Useragent
X-Tb
X-Origin-Date
X-Auth-Group-Type
X-Skip-Cache
X-FB-TRIP-ID
X-Cache-Host
X-SaId
X-Real-IP
X-Web-Node
X-Scope-Id
ServerID
X-Rewrite-Enabled
X-Frame-Option
X-Rn-Rsrv
X-Response-Served-From
X-Original-Request-Id
Webcakes-App-Version
X-Cluster-Node
Environment
X-Director
Uber-Trace-Id
X-Cache-Action
X-Connection-Hash
X-Cache-Expired-At
Webcakes-App-Name
X-BYPASS-REASON
TWC-GeoIP-Country
X-Hosted-By
X-R9-Blue-Green-Version
X-Redis-Cache
X-Request-URI
X-Generated-By
Property-Id
X-IPLB-Instance
X-IPLB-Request-ID
X-Origin-Hint
Expiry
X-Logging-Id
Atl-Traceid
X-ProxyCache-Status
X-ProxyCache-Key
TWC-Privacy
X-Restarts
TWC-Locale-Group
X-Say-TTL
X-SayCDN-TTL
X-Varnish-Cache-Hits
X-Varnish-Age
X-Format
X-Say-Cacheable
TWC-Device-Class
TWC-Connection-Speed
Webcakes-Region
X-Webstats-RespID
X-VC-Cache
TWC-GeoIP-LatLong
Web-Mar-Node
Apigw-Requestid
Mn-Server-Ip
X-Varnish-Beresp-Grace
X-Labrador-Cache-Channel
X-Vcache
X-Tncms
X-Httpd
X-Handled-By
X-DataDome
X-Forwarded-Host
X-Loop
X-Soup
X-PHP-Host
X-Cms-Context
X-Served-From
X-Proxy-Build
Cross-Origin-Embedder-Policy-Report-Only
X-Adobe-Source
Selected-Fe
SRV
X-Timing-Wait
X-Origin
X-Proxied
X-S
X-Detected-As
X-Cluster
X-Cloudmap
X-Extlb
X-Servername
DB-Nickname
X-Routing-Service
X-Zipkin-Id
ServedBy
Url
X-XRDS-LOCATION
X-Origin-TTL
X-Nginx-Cache
LB
X-Origin-CC
Xserver
X-LSADC-Cache
Referer-Policy
N-Cache
X-Rocket-Nginx-Serving-Static
X-Lagoon
X-Hit
CF-IPCountry
X-SRV
X-RID
X-XRDS-Location
X-Xfnlog-Site
Cross-Origin-Embedder-Policy
X-TraceId
X-NWS-UUID-VERIFY
X-Ms-Request-Id
X-Webkit-Csp
X-Ms-Version
X-Tumblr-Pixel-3
CDN-RequestId
X-Upstream-Ct
X-UA
X-Upstream-Ht
X-DynaTrace
X-Cache-Debug
Source
X-VCT
X-RCS-CacheZone
X-Proxy-Cache-Status
X-Azure-Ref-OriginShield
WPO-Cache-Message
WPO-Cache-Status
Surrogated-Key
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Worker
X-B-Cache
X-F-Cache
X-FTR-Request-ID
X-Signature
X-No-Session
X-Urbn-Context-Path
X-Urbn-Site-Id
Locale
X-Geo-Region
X-Is-Supported-Browser
X-Tcp-Rtt
X-Is-Mobile
X-Is-Tablet
X-Is-Desktop
X-Browser-Name
X-Cdn-Origin
X-Generation-Time
X-Sucuri-Cache
Node
X-ShardId
X-Drupal-Cache-Tags
X-ShopId
X-Sorting-Hat-ShopId
X-Sucuri-ID
X-Shopify-Stage
X-Alternate-Cache-Key
X-Sorting-Hat-PodId
X-Storefront-Renderer-Rendered
X-Drupal-Cache-Contexts
X-Cdn-Forward
AMP-Access-Control-Allow-Source-Origin
X-RateLimit-Limit
X-Locale
X-NODE
X-Tx-Id
X-NGINX-Cache
X-Site-Version
TP-L2-Cache
X-App-Version
X-MP-GENERATED-AT
X-Cache-Operation
X-Cache-Rule
TDXMobile
X-A
X-A-Dam
X-A-Dcw
X-A-Ccd
A
Thinkindot-CacheControl-Type
We-Hiring
Thinkindot-CacheControl
Lang
Azure-Version
DCR-Processing-Time-Ms
Expect-Staple
Fastly-Backend-Name
Fastly-GeoIP-CountryCode
DCR-Decision-By
Content-Secure-Policy
Cdncip
Cdnsip
Candidate-Md5Url
BehaviorPad-Version
Cluster
Azure-SlotName
Azure-SiteName
Redirect-Candidate
Origin-Agent-Cluster
Rendered-Blocks
Azure-RegionName
Sslversion
Odigeo-Trace-Id
Ngx.Var.Host
Host-ID
Gannett-Cam-Experience-Id
Mail-Subject
MD5-Digest
Meta-Geo-Continent
Azure-InstanceId
X-D
X-Path
X-Origin-Time
X-PAYTM-SRV-ID
X-Platform-Server
X-Proxied-Request
X-Proto
X-Origin-Response-Time
X-Origin-Expires
X-Loc
X-Jobs
X-Mvc-Supplant-Cachable
X-Mvc-Supplant-OutputCached
X-Org
X-Nyt-Route
X-Proxy-CacheRZ
X-Request-Time
X-Vmg-Version
X-Vdms-Version
X-Vtex-Remote-Cache
X-We-Are-Hiring
XkeyRZ
Xc-Version
X-Varnish-Authentication
X-TIM-N
X-Scheme
X-Rojux
X-ScT
X-Shield-Cache-Expires
X-Thinkindot-L3
X-Internal-TTL
X-INCAP-ABP
X-Cache-Aspx
X-Bug-Bounty
X-Cache-Info
X-Cache-NE
X-Contensis-Viewer-Groups
X-Conf
X-BCube-Filmed-By
X-Bc-Bl
X-Aicache-OS
X-Aed
X-AK-Request-ID
X-Amz-Storage-Class
X-Backend-Instance
X-App-Name
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-GeoCountry
X-GeoCode
X-GeoIP
X-GeoIP-City
X-Ig-Push-State
X-Ig-Origin-Region
X-Gdpr
X-FC-Vary-Parameters
X-Developer
X-Depends
X-Ec-Fail
X-Ec-GeoHdr
X-Epic-Correlation-Id
X-A-Dgt
X-A-Wwc
X-Service
Ohc-File-Size
Cross-Origin-Opener-Policy-Report-Only
X-Optimistic-Header
X-ElasticPress-Query
Mime-Version
Cache
X-CacheTTL
X-Clientip
X-CGP
X-Cache-Grace
X-Bl-Debug
X-Cache-Bucket
X-Cache-Id
X-Cached-By
X-Date
X-Edge-Server
X-Ec-Custom-Error
X-Esi-Check
X-Eu-Site
X-Fastly-Backend
X-DPWN-IS-SECURE
X-Dispatcher-Server
X-Csrf-Jwt
X-BBC-Edge-Cache-Status
X-DefElseHash
X-DefHash
X-Content-Age
X-Auto-Login
Tube-Got-Eval
Tube-Got-Results
Tube-Return
User-Agent
Tube-Get-Contents
Server-Host
Release
Req-Svc-Chain
RNT-Machine
RNT-Time
V-Age
W
X-Acquia-Purge-Cdn-Unconfigured
X-Akamai-Device-Characteristics
X-Amz-Meta-Cb-Modifiedtime
X-Fmm-Version
X-Access
X-Accel-Expires-Debug
Web-Mar-Region
Wxu-Next-Commit
Wxu-Next-Hostname
Wxu-Next-Region
X-B3-Trace-ID
X-GeoIP-Country-Code
X-V-Cache
X-Var-Ttl
X-Varnish-CookieHashed-On
X-Varnish-CookieINHashed-On
X-UA-Device-Type
X-Tb-Optimization-Total-Bytes-Saved
X-Slack-Shared-Secret-Outcome
X-Sn-Servicetimems
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Varnish-Director
X-Varnish-Remaining-TTL
X-VTEX-Cache-Time
X-Wikidot-Backend
X-Wikidot-Static-Cache
Yak-Timeinfo
X-VTEX-Cache-Server
X-Viewer-Country
X-VarnishDD-TTL
X-Varnishpool
X-VG-WebCache
X-Via-Fastly
X-Slack-Backend
X-Section
X-HS-Content-Campaign-Id
X-Human
Sid
X-Level-Front-Cache
X-Hash
X-Gzip
X-Generated-On
X-Pad
X-GeoIP-Region-Code
X-GoCache-CacheStatus
X-Location
X-Mly-Id
X-Powered-By-VTEX-Cache
X-Req
X-SB
X-SD-PageType
X-Pool
X-Policy
X-NMSegId
X-Node-Id
X-Op-Id-All
X-Platform
X-Gamma-Serve
X-HN
PFcat
Click-Count-Error
Origin-EX
Content-Script-Type
Canary
Content-Style-Type
Cache-Provider
Click-Count-Action-Start
Origin-CC
Gh-Request-Id
NM-Fastcgi-Cache
Cdn-Request-Time
HA-Ipaddr
Cdn-Host
NGX
Origin
Debug
Cache-Key
DSUID
Platform
Producers
Ha-Gx-Prefs
L5d-Success-Class
Apple-News-Services-Handled
Apple-News-Services-Host
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
L
X-Micro-Cache
X-Men
X-Bip
CDN-RequestPullSuccess
X-Core-Value
X-CUA
Fastly-SSL
X-Newrelic-Synthetics
CDN-RequestPullCode
Country-Code
X-Gen-Mode
Esi-Enabled
X-Dc
X-Hnp-Log
X-Content-Length
CDN-Uid
CDN-EdgeStorageId
X-Varnish-Beresp-Status
IsBot
ServerName
Ssr
X-Thanos
X-Cache-Hit
X-Cache-FS-Status
Product
X-Cdn-Srv
Req-ID
Pramga
X-SIPLIST1
X-Server-IP
CDN-CachedAt
X-Block-Status
CDN-PullZone
X-NodeID
CDN-Cache
User-Cache-Control
X-Request-Start
X-Request-Host
X-Pubstack
CDCHOST
CDN-RequestCountryCode
X-Api-Version
X-Irp-Debug
X-AB-Test
XM
X-VG-TLSProxy
X-Varnish-Beresp-Ttl
X-LiteSpeed-Tag
Akamai-Mon-Iucid-Del
X-Air-Pt
X-Varnish-Hits
Fl-Custom-Application
X-HOST
X-ORCA-Accelerator
X-VWS-Id
X-AWS-Id
X-LJ-Flow-ID
X-GEO
True-Client-Country-4JS
X-CACHE-GROUP
X-Provided-By
X-Cs
X-APP
X-VServer
X-RequestId
Proxy-Firewall
X-LB-NoCache
X-TA-CDN-Provider
X-LiteSpeed-Cache-Control
X-HS-CF-Cache-Status
Server-Hostname
Sever-Int
Server-Ext
X-Test
GeoIP-Latitude
C-Via
X-B3-Spanid
X-Geolocation
X-Via-Edge
X-Via-CDN
Fastly-Drupal-Html
X-Via-SSL
CloudFront-Viewer-Country
Adler-Geo
X-Refresh
X-Servedbyhost
X-Nananana
X-Cache-Date
X-B3-Parentspanid
X-HITS
Is-Eu
Edge-Copy-Time
X-External-Request-Id
X-IsAdmin
X-S-Cookie
X-Destination
X-Application
S-Rt
X-B-Cookie
X-Dispatcher-Number
X-Nginx-Cache-Key
X-Endurance-Cache-Level
X-ZONE
Cache-Tv-Group
WZWS-RAY
X-Zone
X-Via-Popv
X-Via-Poph
X-Via-Popn
X-Zen-Fury
Fastly-Drupal-HTML
X-HA-Backend
X-DC
X-DynaTrace-JS-Agent
X-LB-ID
X-Wa
X-Nc
X-User
X-Litespeed-Tag
T-Server
X-Custom-Header
X-Geo-Header
X-Pass-Why
X-CS
X-Webkit-Csp-Report-Only
HostName
X-ND-Cache
GeoIp-Country-Code
X-Tt-Logid
X-Presslabs-Stats
Cdn
Cdn-Requestid
X-CDN-Forward
X-Srv
Vc-Max-Age
X-Oracle-Dms-Ecid
X-COUNTRY
X-URL
Server-ID
X-Cache-Server
X-CMSURLCustom
X-AIR-PT
X-HubSpot-Correlation-Id
Ohc-Cache-HIT
X-Parent-Response-Time
X-VC-TTL
True-Client-IP
X-CACHE-AGE
X-Varnish-Beresp-TTL
X-DataCenter
WP-Super-Cache
X-TH-Server
Resin-Trace
X-Vgn-Hpd-Reason
SID
X-NewRelic-App-Data
Powered-By
X-Moov-T
X-Fpc
X-APP-VERSION
X-Moov-Xdn-Caching-Status
X-Moov-Xdn-Version
Uri
Vix-Hermes-Req-Id
X-API-Version
Pics-Label
X-Fastly-Cache
X-Ckpd-Fst-Backend
Srv
X-Old-Content-Length
X-Datadome
X-FPC
SEZNAM-JOBS-OFFER
On-Server
X-Srcache-Store-Status
X-Srcache-Fetch-Status
X-TX-ID
X-Vercel-Id
ServerHost
True-Client-Ip
Thinkindot-Control
X-Vercel-Cache
X-SERVER-NAME
AKAMAI
Server-Id
X-Cache-VC
X-Cache-TTL-Remaining
X-Thinkindot-L1
X-Action
X-Air-Trace-Id
X-PHP-Backend
X-Cache-Ttl
X-Amz-Meta-Opti
X-Air-Source
Serverhost
X-Air-Hostname
Location
X-Client-Ip
GeoIP-Country-Code
X-Stale
X-Dynatrace-Js-Agent
Magicmarker
X-Info
Hostname
X-Oracle-Dms-Rid
X-Litespeed-Cache-Control
Cl-Cache
X-FTR-Backend
X-Country-Code-Real
X-FTR-Expires
X-FTR-Cache-Status
X-FTR-Balancer
X-FTR-Backend-Server
N1-Cache
X-NC
X-WA
X-V
X-Cdn-Cache-Status
X-Debug-Service
Av-Poweredby
Xkeylog
Xkey-La3
X-Fastly-Backend-Reqs
X-Datacenter
X-Proxy-Cache-La3
X-CDN-Cache-Status
X-PERF
X-Lb-Id
X-IAuth-Set-Uid
X-Fastly-Cache-Status
X-ApacheServer
X-Vc
X-Ssense-Gql
CDN
Tcn
X-Ssense-Shipping-Surcharge-Enabled
Sm-Log-Id
X-Resp-Is-Stale
X-Service-Response-Time
X-Ee-Origin
X-Ee-Generated-By
X-Cms-Device
X-Via-PopV
X-Ee-Request-Date
X-Geo
X-Vary-Devices
X-Ha-Backend
X-Save-Cache
Time-Cloud-Cache
X-Ee-Request-Id
X-Render-Time
X-VTEX-Cache-Backend-Connect-Time
X-Nitro-Cache
X-VTEX-Cache-Backend-Header-Time
X-Udemy-Cache-App-Namespace
X-Via-PopN
X-WA-Info
X-Eligible
X-New
X-Via-PopH
X-Rollout
Store-Cloud-Cache
X-Github-Request-Id
TWC-GeoIP-DMA
Cache-Hits
TWC-GeoIP-City
X-Forwarded-Site
X-Limited
Machine
Cloudfront-Viewer-Country
X-Region-Sid
TWC-GeoIP-Region
X-Oracle-DMS-ECID
X-ServedByHost
X-Uri
X-Esi
X-Lb-Nocache
X-App
X-Jungle-Id
Server-Info
Cache-Contol
X-VCL-Version
Log-Origin
Geoip-Latitude
RewriteTeamHook
RewriteTestHook
X-Ion-Healthy
X-Ion-Hop
X-Git-Commit
X-Container-Uri
X-Ua
Cmstype
Cmsid
X-EC-Lua
Edge-Cache
WWW-Authenticate
X-Ftr-Request-Id
X-Akamai-Pragma-Client-IP
X-Traceid
Cneonction
WebServer
X-MSEdge-Flight
X-MSEdge-Features
My-App
X-Correlation-ID
CountryCode
Pragrma
X-Requestid
X-LAGOON
X-SRCache-Key
X-Dw-Trace-Id
Cf-Ipcountry
Permission-Policy
X-Varnish-Hostname
X-From
Reporter
X-HS-Status
X-Acquia-Site
X-Up
X-Acquia-Application-Trace
PICS-Label
CacheControlHeader
Lb
X-Cdn-Request-ID
FSS-Cache
X-Acquia-Application-UUID
X-Acquia-Purge-Tags
X-Pod
X-Serial
X-Akamai-Transformed
X-Check-Cacheable
X-Sucuri-Id
X-Elasticpress-Query
X-UP
X-BBC-Origin-Response-Status
X-Platform-Router
X-Platform-Cluster
X-Platform-Processor
CF-Cached-On
NtCoent-Length
X-Web-Server
X-Fastly-Cache-Hits
X-Ramcache
X-Ms-Blob-Type
X-Akamai-ERPolicy
X-Akamai-ERRuleID
Warning
Timeexpire
X-Ms-Lease-Status
X-Tncms-Bot-Tier
X-Orig-Cache-Control