Threat Level: green Handler on Duty: Jim Clausing

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
X-Frame-Options
Expires
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
Accept-Ranges
Expect-CT
CF-RAY
Pragma
X-Powered-By
X-Cache
Via
X-XSS-Protection
Age
Content-Security-Policy
Report-To
Alt-Svc
NEL
Referrer-Policy
Access-Control-Allow-Origin
X-Xss-Protection
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
X-Served-By
P3P
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
CF-Ray
Content-Security-Policy-Report-Only
X-Runtime
X-DNS-Prefetch-Control
X-AspNet-Version
X-Drupal-Cache
X-Generator
Server-Timing
X-Cache-Status
P3p
X-Cacheable
X-Envoy-Upstream-Service-Time
Timing-Allow-Origin
X-Request-ID
X-FRAME-OPTIONS
X-Iinfo
X-Drupal-Dynamic-Cache
X-Check
Permissions-Policy
X-Content-Security-Policy
Access-Control-Expose-Headers
Feature-Policy
Upgrade
Content-Encoding
Status
X-CDN
X-Ua-Compatible
X-AspNetMvc-Version
Access-Control-Max-Age
Host-Header
Cf-Edge-Cache
Accept-CH
X-Robots-Tag
Request-Context
X-Amz-Request-Id
X-Amz-Id-2
X-Backend
X-Hacker
X-Turbo-Charged-By
X-Proxy-Cache
Keep-Alive
Cf-Apo-Via
X-Via
X-Cache-Group
X-Rq
EagleId
X-Server
X-Age
Accept-CH-Lifetime
X-UA-Device
X-Dispatcher
X-Vhost
X-Amz-Version-Id
X-AH-Environment
X-Dns-Prefetch-Control
X-Ws-Request-Id
X-Varnish-Cache
Grace
X-Server-Powered-By
X-WebKit-CSP
X-Litespeed-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Allow
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Pingback
X-OneAgent-JS-Injection
X-Cache-Lookup
Ali-Swift-Global-Savetime
X-Page-Speed
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Device
X-Backend-Server
EagleEye-TraceId
X-Akam-SW-Version
X-Host
X-Cloud-Trace-Context
X-Response-Time
Surrogate-Control
Cf-Railgun
X-Readtime
X-Server-Id
X-LiteSpeed-Cache
X-Node
X-HW
X-Ruxit-JS-Agent
Xkey
Request-Id
X-Country
X-Url
X-Nginx-Cache-Status
X-NWS-LOG-UUID
X-Application-Context
X-Content-Type
Cache-Tag
Content-Location
X-Nginx-Upstream-Cache-Status
X-Clacks-Overhead
Service-Worker-Allowed
X-Amz-Server-Side-Encryption
X-Trace
Cross-Origin-Opener-Policy
Fastly-Restarts
X-Times
X-TtlSet
X-PC
X-Vname
X-Rack-Cache
X-Midtier
X-Mcache
X-Edge
X-Country-Code
Rating
Surrogate-Key
X-Server-Name
X-Browser-Type
X-Sol
X-Middleton-Display
Pagespeed
Display
X-Cnection
X-Abt-Application-Version
X-Element-Page-Cache
X-Kinja
X-GoogleNews-Bot
X-Kinja-Build
X-Kinja-Revision
X-Kinja-Server
X-Exp-Variant
X-Exp-Id
X-ESI
X-Cdn-Fetch
X-Cache-TTL
X-Ser
Nginx-Cache
X-GitHub-Request-Id
X-Powered-By-Plesk
Edge-Control
X-Oneagent-Js-Injection
X-D2id
Verso
X-Ac
X-Vcap-Request-Id
X-ARC
X-Dw-Request-Base-Id
X-Client-IP
X-MS-InvokeApp
X-ORACLE-DMS-RID
Accept-Ch-Lifetime
X-Daa-Tunnel
X-Navigation-Version
X-Amz-Rid
X-Upstream
X-Goog-Hash
X-CST
X-Powered-CMS
X-Aspnet-Version
Response
X-Middleton-Response
X-B3-TraceId
X-Erf-Bev-Bev-Is-Generated
X-PDP-UNCACHING-HASH
X-Server-Lifecycle-Phase
X-Erf-Bev-Bev
X-Kraken-Loop-Name
X-Ttl
X-Instrumentation
X-Edge-Location-Klb
X-Kinsta-Cache
X-ECACHE
AR-Request-ID
AR-ATIME
AR-PoweredBy
AR-SID
X-Amzn-Trace-Id
X-Cache-Key
X-NF-Request-ID
X-Forwarded-For
X-Ua-Device
RTSS
X-Mod-Pagespeed
X-Wormhole-Sdk
X-Ratelimit-Limit
SPRequestDuration
SPIisLatency
Edge-Cache-Tag
Cache-Status
X-Server-ID
X-Version
X-ORACLE-DMS-ECID
AR-CACHE
X-FastCGI-Cache
X-Mg-S
Public-Key-Pins
X-Ratelimit-Remaining
X-Ruxit-Js-Agent
X-Ezoic-Cdn
Cross-Origin-Resource-Policy
S
SPRequestGuid
Realpath
X-SharePointHealthScore
X-Shield-Request-Id
X-MSEdge-Ref
Fastcgi-Cache
X-T
X-Content-Digest
X-Cached
X-Recruiting
Access-Control-Request-Method
X-Accel-Expires
Accept-Ch
X-Distributor
X-Newrelic-App-Data
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
TP-Cache
X-Correlation-Id
Front-End-Https
Arr-Disable-Session-Affinity
Count-Hit
X-Debug
X-Request-Received
X-Request-Processing-Time
X-Id
X-HS-Hub-Id
X-HS-Cache-Config
X-HS-Content-Id
X-Content-Security-Policy-Report-Only
Server-Node
X-Ua-Browser
MicrosoftSharePointTeamServices
X-LLID
X-VARITI-CCR
X-HS-Combine-CSS
X-Azure-Ref
X-Frontend
X-Varnish-TTL
X-Fastly-Request-ID
X-PressLabs-Stats
Cache-Tags
X-Cluster-Name
X-Ismobilevalue
X-Hits
Payment
X-Amz-Replication-Status
X-LB-Cache
X-Varnish-Backend
X-Forwarded-Proto
X-GUploader-UploadID
X-Goog-Metageneration
X-Varnish-Ttl
X-Microsite
X-Request-Handler-Origin-Region
X-Protected-By
X-FB-Debug
X-Git-Hash
Filterid
X-Unique-Id
X-Logged-In
Cleartype
Host
X-AppVersion
X-Activity-Id
Content-Disposition
X-Az
X-Varnish-Server
X-Www-Served-By
X-Ratelimit-Reset
X-Hostname
X-App-Server
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-NGENIX-Cache
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Jurisdiction
X-HP-Webp
X-HP-Trace-Id
MRF-Tech
X-B3-TraceId-Primal
Mrf-Cache-Status
X-Page-Id
X-DIS-Request-ID
X-Fastcgi-Cache
X-TTL
Access-Control-Allow-Method
X-Geo-Country
Pinterest-Version
X-Pinterest-Rid
Origin-Trial
Pinterest-Generated-By
X-Origin-Server
Retry-After
X-Load-Cache
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
X-Upgrade-Enabled
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-RateLimit-Remaining
X-Goog-Storage-Class
MS-Author-Via
X-Nf-Request-Id
Accept-Charset
Akamai-GRN
Fastly-SIE
Section-Io-Cache
Fastly-SWR
X-Cambria-Cache-Control
X-ASPNET-VERSION
X-Type
X-Template
Viewport
X-Fb-Rlafr
X-TT
X-Cache-Control
Content-MD5
X-B3-Sampled
X-Content-Options
X-Grace
X-B
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
Version
X-Ah-Environment
Frame-Options
X-Request-Guid
X-ECache
X-Revision
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Trace-Id
Amp-Access-Control-Allow-Source-Origin
X-Xrds-Location
X-Vcl-Version
X-Amz-Meta-S3cmd-Attrs
Healthy
TCN
X-Envoy-Decorator-Operation
X-Origin-Cache
X-Magnolia-Registration
X-Contextid
X-Device-Type
X-Cdn
X-Source
X-CSRF-Token
X-Fastly-Request-Id
X-WP-CF-Super-Cache-Active
X-Cache-Age
X-Rid
X-Webkit-CSP
X-Backend-Name
X-Aspnetmvc-Version
Server-Name
DC
X-Tec-Api-Version
X-Px
X-Tec-Api-Root
X-Mobile
X-Tec-Api-Origin
X-Proxy
X-Seen-By
X-Varnish-Grace
X-App-Environment
X-Tumblr-User
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
X-ProcessESI
X-Tumblr-Pixel
X-RM-Cache-TTL
X-RemovedCookies
X-Debug-Info
X-Status
X-Environment-Context
Access-Control-Request-Headers
X-Storage
X-Framework
X-L-Path
X-Mg-Request-UUID
X-Rule
X-ServerID
X-Proxy-Cache-Info
X-Akamai-Edgescape
X-HTML-Minification-Powered-By
X-Node-Name
X-NYM-Debug-Backend
X-G
X-Region
X-FW-Hash
X-FW-Static
X-FW-Type
X-Adobe-Content
X-UUID
X-Adobe-Loc
X-FW-Server
X-Cacheable-TTL
X-FW-Serve
X-FW-Version
X-Debug-IsPreview
Cross-Origin-Window-Policy
X-Instance
NGB
X-Debug-IsConnected
X-Content-Powered-By
SD-X-WS
X-FW-Dynamic
X-Language
Ms-Operation-Id
GEO-INFO
MS-CV
X-Is-Bot
X-RTag
X-Rendered-As
X-Yottaa-Optimizations
X-Yottaa-Metrics
Paypal-Debug-Id
X-Datadog-Parent-Id
X-Buckets
X-Datadog-Sampled
X-Datadog-Trace-Id
X-Datadog-Sampling-Priority
X-User-Agent
X-CLOUD-TRACE-CONTEXT
X-EdgeConnect-Cache-Status
X-Cache-Time
Webserver
Countrycode
Upgrade-Insecure-Requests
Front
Charset
Protected
X-WebKit-CSP-Report-Only
Trailer
X-B3-Traceid
X-Whom
OT-Force-Account-Verify
X-TT-LOGID
X-N
X-Edge-Location
X-Lambda-Id
X-VC
X-IPS-LoggedIn
Section-Io-Id
Refresh
X-Cache-Status-Check
X-Akamai-Request-ID2
Priority
X-AB
Country
X-CACHE-GROUP
X-Time
X-HS-Prerendered
X-VHOST
X-Reqid
X-Hcs-Proxy-Type
X-CCDN-Origin-Time
X-Amzn-Remapped-Content-Length
Backend
X-CCDN-CacheTTL
X-Hl-Ver
X-WP-CF-Super-Cache-Cookies-Bypass
Xet-Cookie
Alternate-Protocol
Liferay-Portal
X-B3-SpanId
X-Via-JSL
X-Server-W
VIX-Pulpo-Node
Onion-Location
VIX-Pulpo-Upstream-Status
Accept-Language
X-Mode
X-Wix-Request-Id
X-Scope-Id
X-VC-Cache
X-Skip-Cache
X-FB-TRIP-ID
X-Fetched-On
Environment
Filters
X-Tumblr-Pixel-2
X-UPSTREAM-Address
X-Cache-Host
Fastcgi-Useragent
ServerID
X-SaId
X-Tb
X-Origin-Date
X-Rn-Rsrv
X-Rewrite-Enabled
X-Frame-Option
X-Accel-Version
Meta-Geo
X-Auth-Group-Type
X-JoinUs
From-Origin
X-Web-Node
X-Real-IP
X-Response-Served-From
X-Original-Request-Id
X-Cluster-Node
Uber-Trace-Id
TWC-Device-Class
TWC-GeoIP-Country
TWC-Connection-Speed
Property-Id
Expiry
Atl-Traceid
TWC-GeoIP-LatLong
TWC-Locale-Group
X-BYPASS-REASON
X-Cache-Action
Webcakes-Region
Webcakes-App-Version
TWC-Privacy
Webcakes-App-Name
X-Cache-Expired-At
X-Varnish-Cache-Hits
X-Say-Cacheable
X-R9-Blue-Green-Version
X-Say-TTL
X-SayCDN-TTL
X-Hosted-By
X-Webstats-RespID
X-Redis-Cache
X-Restarts
X-Format
X-Request-URI
X-Generated-By
X-Varnish-Age
X-ProxyCache-Status
X-Connection-Hash
X-Origin-Hint
X-Logging-Id
X-Director
X-ProxyCache-Key
X-IPLB-Request-ID
X-IPLB-Instance
X-Loop
X-DataDome
Mn-Server-Ip
X-Httpd
Apigw-Requestid
X-Served-From
X-Handled-By
X-Forwarded-Host
X-Varnish-Beresp-Grace
X-Tncms
Web-Mar-Node
X-Soup
X-Vcache
X-Adobe-Source
X-Cms-Context
SRV
X-PHP-Host
X-Proxy-Build
X-Timing-Wait
X-Labrador-Cache-Channel
Cross-Origin-Embedder-Policy-Report-Only
Selected-Fe
X-Extlb
X-Detected-As
X-Cluster
X-Servername
ServedBy
X-S
X-Routing-Service
DB-Nickname
X-Zipkin-Id
X-Proxied
X-Cloudmap
Url
X-Nginx-Cache
X-XRDS-LOCATION
X-Origin-TTL
X-Origin-CC
LB
X-Origin
Xserver
Referer-Policy
X-LSADC-Cache
X-Rocket-Nginx-Serving-Static
X-Lagoon
N-Cache
X-Hit
X-RID
CF-IPCountry
X-SRV
X-XRDS-Location
Cross-Origin-Embedder-Policy
X-Xfnlog-Site
X-NWS-UUID-VERIFY
X-Ms-Version
X-TraceId
X-Ms-Request-Id
X-Tumblr-Pixel-3
X-Webkit-Csp
CDN-RequestId
X-Upstream-Ht
X-Upstream-Ct
X-UA
X-DynaTrace
X-VCT
Source
X-Cache-Debug
X-Proxy-Cache-Status
X-RCS-CacheZone
X-Azure-Ref-OriginShield
WPO-Cache-Status
X-RateLimit-Limit
WPO-Cache-Message
Surrogated-Key
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Worker
X-Is-Tablet
X-Is-Mobile
X-Is-Supported-Browser
X-F-Cache
X-Geo-Region
X-B-Cache
X-Browser-Name
X-Signature
X-Tcp-Rtt
X-Is-Desktop
X-FTR-Request-ID
X-Urbn-Context-Path
Locale
X-Urbn-Site-Id
X-No-Session
X-Sucuri-Cache
X-Cdn-Origin
Node
X-Generation-Time
X-ShardId
X-Sorting-Hat-PodId
X-Alternate-Cache-Key
X-ShopId
X-Drupal-Cache-Contexts
X-Drupal-Cache-Tags
X-Storefront-Renderer-Rendered
X-Sucuri-ID
X-Sorting-Hat-ShopId
X-Shopify-Stage
AMP-Access-Control-Allow-Source-Origin
X-Cdn-Forward
X-Locale
X-NODE
X-Tx-Id
X-NGINX-Cache
X-App-Version
TP-L2-Cache
X-Site-Version
X-MP-GENERATED-AT
X-Cache-Rule
X-Cache-Operation
X-AK-Request-ID
Thinkindot-CacheControl-Type
X-Aicache-OS
X-A-Dam
X-A-Dgt
X-A-Dcw
X-A-Ccd
X-Aed
X-A
We-Hiring
Meta-Geo-Continent
Cluster
Cdnsip
Content-Secure-Policy
DCR-Decision-By
Expect-Staple
DCR-Processing-Time-Ms
Cdncip
Candidate-Md5Url
Azure-RegionName
Azure-InstanceId
Azure-SiteName
Azure-SlotName
BehaviorPad-Version
Azure-Version
Fastly-Backend-Name
Fastly-GeoIP-CountryCode
Producers
Origin-Agent-Cluster
Redirect-Candidate
Rendered-Blocks
TDXMobile
Sslversion
Odigeo-Trace-Id
Ngx.Var.Host
Host-ID
Gannett-Cam-Experience-Id
Lang
Mail-Subject
X-Amz-Storage-Class
MD5-Digest
Thinkindot-CacheControl
X-DefElseHash
X-Platform-Server
X-PAYTM-SRV-ID
X-Path
X-Proto
X-Proxied-Request
X-Request-Time
X-Proxy-CacheRZ
X-Origin-Time
X-Origin-Response-Time
X-Mvc-Supplant-Cachable
X-Mly-Id
X-Mvc-Supplant-OutputCached
X-Nyt-Route
X-Origin-Expires
X-Org
X-Rojux
X-Scheme
X-Vmg-Version
X-Vdms-Version
X-Vtex-Remote-Cache
X-We-Are-Hiring
XkeyRZ
Xc-Version
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
X-Shield-Cache-Expires
X-ScT
X-Thinkindot-L3
X-TIM-N
X-Varnish-CookieHashed-On
X-Varnish-Authentication
X-Loc
X-Jobs
X-D
X-Contensis-Viewer-Groups
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-DefHash
A
X-Conf
X-Cache-NE
X-Bc-Bl
X-Backend-Instance
X-BCube-Filmed-By
X-Bug-Bounty
X-Cache-Info
X-Cache-Aspx
X-Depends
X-Developer
X-GeoIP-City
X-GeoIP
X-Ig-Origin-Region
X-Ig-Push-State
X-Internal-TTL
X-INCAP-ABP
X-GeoCountry
X-GeoCode
X-Ec-Fail
X-DPWN-IS-SECURE
X-Ec-GeoHdr
X-Epic-Correlation-Id
X-Gdpr
X-FC-Vary-Parameters
X-App-Name
X-A-Wwc
Cross-Origin-Opener-Policy-Report-Only
X-Service
X-ElasticPress-Query
X-Optimistic-Header
Ohc-File-Size
Cache
Mime-Version
PFcat
X-Fastly-Backend
X-Eu-Site
X-Amz-Meta-Cb-Modifiedtime
X-Tb-Optimization-Total-Bytes-Saved
X-Csrf-Jwt
Product
X-Akamai-Device-Characteristics
X-VG-WebCache
Origin-EX
Platform
Origin
X-Auto-Login
X-Viewer-Country
X-Date
X-Node-Id
L5d-Success-Class
X-Wikidot-Backend
X-Sn-Servicetimems
NGX
X-Via-Fastly
Release
X-Op-Id-All
X-SVT-ORM-VERSION
X-Fmm-Version
X-SVT-ORM-RULES
Origin-CC
X-Varnishpool
Tube-Return
X-Location
Tube-Got-Results
Tube-Got-Eval
Wxu-Next-Hostname
Tube-Get-Contents
User-Agent
Wxu-Next-Commit
W
X-UA-Device-Type
X-V-Cache
X-Var-Ttl
V-Age
Wxu-Next-Region
X-Ec-Custom-Error
Server-Host
X-Edge-Server
X-Acquia-Purge-Cdn-Unconfigured
RNT-Time
L
RNT-Machine
X-VarnishDD-TTL
X-Access
X-Policy
X-Pad
X-Pool
X-Varnish-Director
X-Accel-Expires-Debug
Req-Svc-Chain
X-B3-Trace-ID
Cdn-Request-Time
X-SB
Apple-News-Services-Handled
Cdn-Host
X-Cached-By
X-SD-PageType
Web-Mar-Region
X-GeoIP-Region-Code
X-GoCache-CacheStatus
X-Cache-Grace
X-Content-Age
X-CacheTTL
Apple-News-Services-Host
Apple-News-Services-Request-Url
X-HN
X-HS-Content-Campaign-Id
X-Human
X-Clientip
Cache-Key
Cache-Provider
X-CGP
X-Hash
Apple-News-Services-Parsed-Url
Canary
Click-Count-Action-Start
Click-Count-Error
X-Slack-Backend
X-BBC-Edge-Cache-Status
X-Level-Front-Cache
X-Core-Value
Yak-Timeinfo
X-Gamma-Serve
Gh-Request-Id
X-Slack-Shared-Secret-Outcome
X-Wikidot-Static-Cache
HA-Ipaddr
Ha-Gx-Prefs
X-Bl-Debug
Esi-Enabled
Content-Style-Type
X-Cache-Bucket
Content-Script-Type
X-GeoIP-Country-Code
X-Req
X-Section
X-Generated-On
X-Micro-Cache
DSUID
Debug
Sid
X-Pubstack
X-Content-Length
X-Cache-Id
X-Server-IP
X-Block-Status
X-Bip
X-SIPLIST1
X-Cache-FS-Status
X-Powered-By-VTEX-Cache
X-Request-Host
X-Thanos
X-Cdn-Srv
X-CUA
X-Dispatcher-Server
X-VG-TLSProxy
X-NodeID
X-VTEX-Cache-Server
X-VTEX-Cache-Time
CDN-RequestPullCode
NM-Fastcgi-Cache
Pramga
X-Newrelic-Synthetics
IsBot
X-NMSegId
X-Gzip
X-Gen-Mode
CDN-Uid
Fastly-SSL
CDN-RequestPullSuccess
User-Cache-Control
X-Esi-Check
CDN-RequestCountryCode
X-Platform
Ssr
X-Cache-Hit
X-Dc
X-Varnish-Beresp-Status
X-Men
X-Hnp-Log
CDCHOST
CDN-CachedAt
CDN-EdgeStorageId
Country-Code
ServerName
CDN-Cache
CDN-PullZone
X-Request-Start
XM
X-Varnish-Beresp-Ttl
X-AB-Test
X-Api-Version
X-LiteSpeed-Tag
Req-ID
X-Irp-Debug
Akamai-Mon-Iucid-Del
Fl-Custom-Application
X-HOST
X-Air-Pt
X-Varnish-Hits
X-ORCA-Accelerator
X-AWS-Id
X-LJ-Flow-ID
X-VWS-Id
True-Client-Country-4JS
X-GEO
X-Cs
X-Provided-By
X-TA-CDN-Provider
X-HS-CF-Cache-Status
X-Nananana
X-LiteSpeed-Cache-Control
X-RequestId
GeoIP-Latitude
Sever-Int
Server-Hostname
Proxy-Firewall
Server-Ext
X-VServer
X-LB-NoCache
C-Via
X-APP
X-Test
X-B3-Spanid
X-Geolocation
Adler-Geo
X-Via-SSL
CloudFront-Viewer-Country
X-Via-Edge
X-Refresh
Edge-Copy-Time
X-Servedbyhost
X-Cache-Date
Is-Eu
X-Via-CDN
X-HITS
X-B3-Parentspanid
Fastly-Drupal-Html
X-Nginx-Cache-Key
X-IsAdmin
X-Dispatcher-Number
X-Application
X-S-Cookie
X-External-Request-Id
X-Destination
X-B-Cookie
S-Rt
X-ZONE
X-Endurance-Cache-Level
X-HA-Backend
X-Zen-Fury
X-Zone
X-Via-Popv
X-Via-Popn
X-Via-Poph
Fastly-Drupal-HTML
Cache-Tv-Group
WZWS-RAY
X-DC
X-Geo-Header
X-User
X-Custom-Header
X-LB-ID
X-Litespeed-Tag
X-Nc
X-Wa
T-Server
X-DynaTrace-JS-Agent
X-Pass-Why
X-ND-Cache
X-Webkit-Csp-Report-Only
HostName
X-CS
GeoIp-Country-Code
Cdn-Requestid
X-CDN-Forward
X-Srv
Cdn
X-Tt-Logid
X-Presslabs-Stats
X-AIR-PT
X-CMSURLCustom
X-COUNTRY
Vc-Max-Age
X-URL
X-Oracle-Dms-Ecid
X-Cache-Server
Server-ID
X-HubSpot-Correlation-Id
X-Parent-Response-Time
Ohc-Cache-HIT
True-Client-IP
X-VC-TTL
X-CACHE-AGE
X-Varnish-Beresp-TTL
X-Vgn-Hpd-Reason
X-TH-Server
X-DataCenter
Resin-Trace
WP-Super-Cache
SID
Powered-By
X-Moov-T
X-Moov-Xdn-Caching-Status
X-Moov-Xdn-Version
X-APP-VERSION
X-Fpc
Vix-Hermes-Req-Id
Uri
X-NewRelic-App-Data
X-API-Version
X-Fastly-Cache
X-Old-Content-Length
Srv
Pics-Label
X-Ckpd-Fst-Backend
X-Datadome
On-Server
SEZNAM-JOBS-OFFER
X-FPC
X-Srcache-Store-Status
X-TX-ID
X-Srcache-Fetch-Status
True-Client-Ip
X-Vercel-Cache
ServerHost
Thinkindot-Control
X-Vercel-Id
X-Cache-Ttl
X-SERVER-NAME
X-Cache-TTL-Remaining
X-Action
X-Air-Source
Server-Id
X-Air-Hostname
X-PHP-Backend
Location
X-Amz-Meta-Opti
X-Thinkindot-L1
X-Air-Trace-Id
X-Cache-VC
Serverhost
AKAMAI
X-Client-Ip
X-Stale
GeoIP-Country-Code
X-Dynatrace-Js-Agent
Magicmarker
X-Litespeed-Cache-Control
X-Oracle-Dms-Rid
X-Info
Hostname
Cl-Cache
N1-Cache
X-FTR-Backend-Server
X-Country-Code-Real
X-FTR-Balancer
X-FTR-Cache-Status
X-FTR-Backend
X-FTR-Expires
X-WA
X-V
Av-Poweredby
X-NC
X-Debug-Service
X-Cdn-Cache-Status
Xkeylog
Xkey-La3
X-PERF
X-Proxy-Cache-La3
X-Datacenter
X-ApacheServer
X-Fastly-Backend-Reqs
X-CDN-Cache-Status
X-IAuth-Set-Uid
X-Fastly-Cache-Status
X-Lb-Id
X-Resp-Is-Stale
Tcn
X-Ssense-Gql
X-Ssense-Shipping-Surcharge-Enabled
Sm-Log-Id
X-Vc
X-Service-Response-Time
CDN
X-Ee-Request-Id
X-Via-PopV
X-Ee-Request-Date
X-Render-Time
X-Nitro-Cache
X-Via-PopN
X-Ee-Origin
X-Via-PopH
X-WA-Info
X-Ee-Generated-By
X-Udemy-Cache-App-Namespace
X-Vary-Devices
X-Ha-Backend
X-Save-Cache
X-Cms-Device
X-Eligible
X-VTEX-Cache-Backend-Header-Time
X-Rollout
X-New
X-Geo
X-VTEX-Cache-Backend-Connect-Time
Time-Cloud-Cache
Store-Cloud-Cache
Machine
X-Region-Sid
TWC-GeoIP-DMA
X-Forwarded-Site
X-Oracle-DMS-ECID
X-Limited
X-Uri
X-ServedByHost
X-Github-Request-Id
TWC-GeoIP-Region
Cache-Hits
TWC-GeoIP-City
Cloudfront-Viewer-Country
X-Esi
Log-Origin
X-Jungle-Id
Server-Info
X-Lb-Nocache
X-App
Geoip-Latitude
X-Ion-Hop
X-Ion-Healthy
X-VCL-Version
RewriteTestHook
Cache-Contol
RewriteTeamHook
X-Git-Commit
X-Container-Uri
My-App
WWW-Authenticate
WebServer
Cmsid
X-Ftr-Request-Id
X-MSEdge-Features
Cmstype
X-MSEdge-Flight
X-Ua
X-EC-Lua
X-Traceid
Cneonction
X-Akamai-Pragma-Client-IP
Edge-Cache
X-Correlation-ID
CountryCode
Pragrma
X-Varnish-Hostname
X-SRCache-Key
Permission-Policy
Cf-Ipcountry
X-LAGOON
X-Dw-Trace-Id
X-From
X-Requestid
X-Acquia-Application-UUID
X-Acquia-Purge-Tags
X-Cdn-Request-ID
X-Check-Cacheable
X-Serial
X-Acquia-Site
Reporter
Lb
X-Pod
X-Acquia-Application-Trace
X-HS-Status
FSS-Cache
CacheControlHeader
PICS-Label
X-Up
X-Akamai-Transformed
X-Sucuri-Id
X-BBC-Origin-Response-Status
X-Fastly-Cache-Hits
X-Elasticpress-Query
CF-Cached-On
X-UP
X-Platform-Router
Warning
X-Ms-Lease-Status
Timeexpire
NtCoent-Length
X-Web-Server
X-Akamai-ERPolicy
X-Akamai-ERRuleID
X-Platform-Processor
X-Platform-Cluster
X-Tncms-Bot-Tier
X-Ramcache
X-Ms-Blob-Type
X-Orig-Cache-Control