Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
X-Frame-Options
Expires
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
CF-Cache-Status
Cf-Request-Id
ETag
Accept-Ranges
Expect-CT
CF-RAY
Pragma
X-Powered-By
X-Cache
Via
Age
X-XSS-Protection
Content-Security-Policy
Report-To
Alt-Svc
NEL
Referrer-Policy
X-Xss-Protection
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
X-Served-By
X-Download-Options
P3P
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Request-Id
CF-Ray
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
Content-Security-Policy-Report-Only
P3p
X-Runtime
X-DNS-Prefetch-Control
X-AspNet-Version
X-Drupal-Cache
Server-Timing
X-Generator
X-Cache-Status
X-Cacheable
X-Request-ID
X-Envoy-Upstream-Service-Time
Timing-Allow-Origin
X-FRAME-OPTIONS
X-Iinfo
X-Drupal-Dynamic-Cache
Permissions-Policy
X-Content-Security-Policy
Access-Control-Expose-Headers
Feature-Policy
X-Check
Upgrade
Content-Encoding
Status
X-CDN
X-Ua-Compatible
X-AspNetMvc-Version
Access-Control-Max-Age
Host-Header
Cf-Edge-Cache
Accept-CH
X-Robots-Tag
Request-Context
X-Amz-Request-Id
X-Amz-Id-2
X-Backend
X-Hacker
X-Turbo-Charged-By
Cf-Apo-Via
X-Cache-Group
X-Proxy-Cache
Keep-Alive
X-Via
X-Rq
X-Age
EagleId
X-Server
X-Dispatcher
X-UA-Device
X-Vhost
X-Amz-Version-Id
X-AH-Environment
X-Dns-Prefetch-Control
X-Ws-Request-Id
Accept-Ch
Accept-CH-Lifetime
X-Varnish-Cache
Grace
X-Server-Powered-By
X-Litespeed-Cache
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Pingback
Allow
X-Swift-CacheTime
X-Swift-SaveTime
X-OneAgent-JS-Injection
X-WebKit-CSP
X-Cache-Lookup
Ali-Swift-Global-Savetime
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Page-Speed
X-Cloud-Trace-Context
X-Device
X-Backend-Server
EagleEye-TraceId
X-Akam-SW-Version
X-Host
Surrogate-Control
X-Response-Time
Xkey
Cf-Railgun
X-Readtime
X-Server-Id
X-Node
X-HW
X-Ruxit-JS-Agent
X-LiteSpeed-Cache
Request-Id
X-Nginx-Cache-Status
X-Country
X-Url
X-Content-Type
X-NWS-LOG-UUID
Cache-Tag
X-Application-Context
Content-Location
X-Nginx-Upstream-Cache-Status
X-Clacks-Overhead
Service-Worker-Allowed
X-Trace
X-Amz-Server-Side-Encryption
Cross-Origin-Opener-Policy
Fastly-Restarts
X-Times
X-Country-Code
X-Rack-Cache
X-PC
X-Vname
X-TtlSet
X-Mcache
X-Edge
X-Midtier
Rating
Accept-Ch-Lifetime
Surrogate-Key
X-Server-Name
X-Browser-Type
X-Middleton-Display
X-Sol
Pagespeed
Display
X-Cache-TTL
X-Cnection
X-Abt-Application-Version
X-Element-Page-Cache
X-Kinja-Revision
X-Exp-Id
X-GoogleNews-Bot
X-Kinja-Build
X-Exp-Variant
X-Kinja-Server
X-Kinja
X-Cdn-Fetch
X-ESI
Nginx-Cache
X-Ser
X-Powered-By-Plesk
X-GitHub-Request-Id
X-Oneagent-Js-Injection
Edge-Control
X-ECACHE
X-D2id
Verso
X-Ac
X-Vcap-Request-Id
X-MS-InvokeApp
X-Dw-Request-Base-Id
X-Client-IP
X-ARC
X-ORACLE-DMS-RID
X-B3-TraceId
X-Amz-Rid
Response
X-CST
X-Middleton-Response
X-Daa-Tunnel
X-Navigation-Version
X-Goog-Hash
X-Powered-CMS
X-Upstream
X-Kraken-Loop-Name
X-PDP-UNCACHING-HASH
X-Erf-Bev-Bev
X-Server-Lifecycle-Phase
X-Instrumentation
X-Erf-Bev-Bev-Is-Generated
X-Kinsta-Cache
X-Edge-Location-Klb
X-Amzn-Trace-Id
X-Forwarded-For
X-Wormhole-Sdk
X-Cache-Key
AR-PoweredBy
AR-Request-ID
X-Ua-Device
X-Ratelimit-Limit
AR-SID
AR-ATIME
RTSS
X-Ttl
SPIisLatency
SPRequestDuration
X-NF-Request-ID
X-Mod-Pagespeed
Edge-Cache-Tag
Cache-Status
X-FastCGI-Cache
X-Ratelimit-Remaining
X-ORACLE-DMS-ECID
X-Server-ID
X-Version
Public-Key-Pins
X-Mg-S
AR-CACHE
X-Ruxit-Js-Agent
X-Ezoic-Cdn
X-Content-Digest
Cross-Origin-Resource-Policy
SPRequestGuid
X-SharePointHealthScore
Realpath
S
X-Shield-Request-Id
X-MSEdge-Ref
Fastcgi-Cache
X-T
X-Varnish-TTL
X-Cached
X-Recruiting
X-Accel-Expires
X-Fastly-Request-ID
X-Distributor
Front-End-Https
Access-Control-Request-Method
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
TP-Cache
X-Correlation-Id
Count-Hit
X-Debug
Arr-Disable-Session-Affinity
X-Request-Processing-Time
X-Request-Received
X-HS-Hub-Id
X-Id
MicrosoftSharePointTeamServices
X-HS-Content-Id
X-HS-Cache-Config
X-Azure-Ref
Server-Node
X-Newrelic-App-Data
X-Ua-Browser
X-LLID
X-Content-Security-Policy-Report-Only
X-VARITI-CCR
X-HS-Combine-CSS
X-PressLabs-Stats
X-Frontend
X-Cluster-Name
Cache-Tags
X-Ismobilevalue
X-TTL
X-GUploader-UploadID
Payment
X-Amz-Replication-Status
X-Varnish-Backend
X-Hits
Origin-Trial
X-LB-Cache
X-Goog-Metageneration
X-Protected-By
X-Forwarded-Proto
X-Request-Handler-Origin-Region
X-Microsite
X-Git-Hash
Host
X-FB-Debug
X-Unique-Id
Cleartype
X-Logged-In
Pinterest-Generated-By
Pinterest-Version
X-Www-Served-By
X-Az
Filterid
X-Activity-Id
X-AppVersion
X-Varnish-Server
X-Pinterest-Rid
X-Ratelimit-Reset
Content-Disposition
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Hostname
X-App-Server
X-NGENIX-Cache
X-Nf-Request-Id
X-Amzn-RequestId
X-Amz-Apigw-Id
X-DIS-Request-ID
X-HP-Trace-Id
X-HP-Webp
X-Page-Id
X-Jurisdiction
X-Geo-Country
MRF-Tech
X-Fastcgi-Cache
Mrf-Cache-Status
X-B3-TraceId-Primal
X-Cambria-Cache-Control
Access-Control-Allow-Method
X-Xrds-Location
Akamai-GRN
X-Load-Cache
X-Origin-Server
X-TEC-API-VERSION
X-TEC-API-ROOT
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
X-TEC-API-ORIGIN
X-Template
Retry-After
X-Goog-Generation
X-Upgrade-Enabled
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Aspnet-Version
MS-Author-Via
Fastly-SIE
Section-Io-Cache
X-Type
Viewport
Fastly-SWR
Accept-Charset
X-ASPNET-VERSION
Frame-Options
X-TT
X-Cache-Control
X-Fb-Rlafr
X-Content-Options
Version
X-B3-Sampled
X-Varnish-Ttl
X-B
X-Grace
X-Ah-Environment
Content-MD5
X-RateLimit-Remaining
Amp-Access-Control-Allow-Source-Origin
X-Request-Guid
X-Trace-Id
X-Revision
X-SRCache-Fetch-Status
X-Vcl-Version
X-Envoy-Decorator-Operation
X-SRCache-Store-Status
X-Rid
X-Device-Type
Healthy
X-Source
X-Magnolia-Registration
X-Cdn
X-Amz-Meta-S3cmd-Attrs
X-Origin-Cache
X-Contextid
Server-Name
X-WP-CF-Super-Cache-Active
X-Language
X-Mobile
X-Px
X-Aspnetmvc-Version
X-CSRF-Token
X-Webkit-CSP
TCN
X-Backend-Name
X-Cache-Age
X-Buckets
X-Proxy
DC
X-RM-Cache-TTL
X-Tumblr-Pixel-0
X-Akamai-Edgescape
X-Tumblr-Pixel
X-ProcessESI
X-App-Environment
X-Tumblr-User
X-RemovedCookies
X-Tumblr-Pixel-1
X-Status
X-Storage
X-L-Path
X-Debug-Info
X-Rule
X-Varnish-Grace
X-Framework
X-Mg-Request-UUID
X-Environment-Context
Access-Control-Request-Headers
Trailer
X-Debug-IsPreview
X-FW-Serve
X-Debug-IsConnected
X-ServerID
X-FW-Server
X-UUID
X-Adobe-Content
X-Adobe-Loc
X-NYM-Debug-Backend
X-Proxy-Cache-Info
SD-X-WS
Cross-Origin-Window-Policy
X-FTR-Request-ID
NGB
X-FW-Dynamic
X-Instance
X-G
X-FW-Hash
X-HTML-Minification-Powered-By
X-Region
X-Content-Powered-By
X-Node-Name
X-FW-Version
X-FW-Type
X-Cacheable-TTL
X-FW-Static
X-Datadog-Sampling-Priority
Ms-Operation-Id
MS-CV
X-Datadog-Parent-Id
X-Datadog-Sampled
X-Datadog-Trace-Id
X-Is-Bot
X-Seen-By
X-RTag
X-Rendered-As
GEO-INFO
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-EdgeConnect-Cache-Status
X-Webkit-Csp
X-Cache-Time
Paypal-Debug-Id
Upgrade-Insecure-Requests
X-Tec-Api-Origin
X-User-Agent
X-Tec-Api-Root
X-Tec-Api-Version
Charset
Webserver
Countrycode
Protected
X-Edge-Location
X-HS-Prerendered
X-Whom
Front
OT-Force-Account-Verify
X-TT-LOGID
X-WebKit-CSP-Report-Only
X-Lambda-Id
Refresh
X-Fastly-Request-Id
Section-Io-Id
X-VC
X-TraceId
X-IPS-LoggedIn
X-N
X-Cache-Status-Check
X-Reqid
X-AB
X-Akamai-Request-ID2
Priority
Alternate-Protocol
Country
X-ECache
X-VHOST
X-Amzn-Remapped-Content-Length
X-Time
X-Original-Request-Id
X-Response-Served-From
Cross-Origin-Embedder-Policy-Report-Only
Backend
SRV
X-Server-W
X-B3-Traceid
X-B3-SpanId
Xet-Cookie
X-WP-CF-Super-Cache-Cookies-Bypass
X-Hl-Ver
X-Hcs-Proxy-Type
X-CCDN-CacheTTL
X-CCDN-Origin-Time
Liferay-Portal
X-Real-IP
X-Mode
Onion-Location
X-VC-Cache
Environment
X-Tumblr-Pixel-2
X-UPSTREAM-Address
X-JoinUs
X-Origin-Date
X-Rewrite-Enabled
ServerID
X-Rn-Rsrv
X-SaId
X-Web-Node
X-Scope-Id
X-Skip-Cache
X-Fetched-On
Filters
Fastcgi-Useragent
X-Auth-Group-Type
Accept-Language
From-Origin
Meta-Geo
X-Accel-Version
X-FB-TRIP-ID
X-Cache-Host
X-Frame-Option
X-Tb
X-Origin-TTL
Uber-Trace-Id
X-Logging-Id
X-IPLB-Instance
X-R9-Blue-Green-Version
X-ProxyCache-Key
Expiry
X-IPLB-Request-ID
X-Cluster-Node
X-Connection-Hash
X-Cache-Action
Atl-Traceid
X-Origin-CC
X-BYPASS-REASON
X-Director
X-ProxyCache-Status
TWC-GeoIP-LatLong
TWC-GeoIP-Country
X-Varnish-Age
TWC-Locale-Group
TWC-Privacy
TWC-Device-Class
TWC-Connection-Speed
X-Webstats-RespID
X-Varnish-Cache-Hits
X-Redis-Cache
Property-Id
Webcakes-App-Version
Webcakes-App-Name
X-Format
Webcakes-Region
X-Origin-Hint
X-Restarts
X-Request-URI
X-Cache-Expired-At
X-Say-Cacheable
X-SayCDN-TTL
X-Say-TTL
X-Hosted-By
Web-Mar-Node
X-Httpd
DB-Nickname
X-Adobe-Source
X-Cms-Context
Apigw-Requestid
Mn-Server-Ip
X-Handled-By
X-Varnish-Beresp-Grace
X-Served-From
X-Soup
X-Loop
X-Tncms
X-PHP-Host
X-Vcache
X-Labrador-Cache-Channel
X-Cluster
VIX-Pulpo-Upstream-Status
X-Proxy-Build
X-Forwarded-Host
X-Timing-Wait
ServedBy
Selected-Fe
X-Wix-Request-Id
VIX-Pulpo-Node
X-Proxied
X-S
X-Servername
X-Generated-By
X-Origin
X-Detected-As
X-Zipkin-Id
Url
X-Routing-Service
X-Extlb
X-Cloudmap
X-LSADC-Cache
X-SRV
X-Rocket-Nginx-Serving-Static
Referer-Policy
N-Cache
X-DynaTrace
X-Lagoon
X-Via-JSL
Cross-Origin-Embedder-Policy
Xserver
X-Hit
X-DataDome
X-Ms-Version
X-Ms-Request-Id
X-Nginx-Cache
X-Tumblr-Pixel-3
X-XRDS-Location
LB
X-Xfnlog-Site
WPO-Cache-Status
WPO-Cache-Message
X-NWS-UUID-VERIFY
X-Azure-Ref-OriginShield
Source
CF-IPCountry
Surrogated-Key
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-VCT
X-Cache-Debug
X-Worker
X-RCS-CacheZone
X-App-Version
X-Proxy-Cache-Status
X-Upstream-Ct
X-Upstream-Ht
X-UA
X-Generation-Time
X-Sucuri-Cache
CDN-RequestId
X-Tcp-Rtt
X-Is-Desktop
X-Is-Mobile
X-Is-Supported-Browser
X-Is-Tablet
X-F-Cache
X-Geo-Region
X-Browser-Name
X-No-Session
X-Urbn-Site-Id
Node
X-Urbn-Context-Path
Locale
Cross-Origin-Opener-Policy-Report-Only
X-Cdn-Origin
X-RID
X-B-Cache
X-Signature
X-Sucuri-ID
X-NGINX-Cache
Ohc-File-Size
X-Drupal-Cache-Tags
X-Drupal-Cache-Contexts
X-XRDS-LOCATION
X-CLOUD-TRACE-CONTEXT
AMP-Access-Control-Allow-Source-Origin
X-RateLimit-Limit
X-MP-GENERATED-AT
X-NODE
X-Tx-Id
X-Varnish-Beresp-Ttl
X-Alternate-Cache-Key
X-ElasticPress-Query
X-Shopify-Stage
X-Sorting-Hat-ShopId
X-Locale
X-Sorting-Hat-PodId
X-ShopId
X-Storefront-Renderer-Rendered
X-ShardId
X-Service
X-Cache-Operation
X-Cache-Rule
X-Thinkindot-L3
X-Varnish-CookieINHashed-On
X-Varnish-Remaining-TTL
X-Aed
Origin
X-Aicache-OS
X-Org
X-Vdms-Version
Odigeo-Trace-Id
X-Varnish-CookieHashed-On
X-A-Dcw
X-A-Dam
X-A-Dgt
X-Varnish-Authentication
X-A-Wwc
X-TIM-N
Azure-RegionName
X-ScT
Expect-Staple
Fastly-Backend-Name
Fastly-GeoIP-CountryCode
Rendered-Blocks
DCR-Processing-Time-Ms
Cluster
X-Proxy-CacheRZ
Content-Secure-Policy
DCR-Decision-By
Gannett-Cam-Experience-Id
X-Scheme
Mail-Subject
MD5-Digest
Meta-Geo-Continent
Ngx.Var.Host
X-Request-Time
Lang
Redirect-Candidate
Host-ID
X-Rojux
Producers
X-Proxied-Request
X-Proto
Azure-InstanceId
Azure-SiteName
X-Nyt-Route
Azure-SlotName
X-Path
X-Origin-Time
X-A
X-Origin-Expires
We-Hiring
X-Origin-Response-Time
Azure-Version
BehaviorPad-Version
X-Platform-Server
Sslversion
Cdncip
Cdnsip
TDXMobile
Thinkindot-CacheControl
X-Shield-Cache-Expires
Candidate-Md5Url
X-PAYTM-SRV-ID
Thinkindot-CacheControl-Type
X-A-Ccd
X-Backend-Instance
X-Ig-Push-State
X-D
X-Site-Version
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-Ig-Origin-Region
X-Gdpr
X-Mly-Id
X-We-Are-Hiring
X-GeoCode
X-Conf
Xc-Version
X-DefElseHash
X-DefHash
X-Internal-TTL
X-Ec-GeoHdr
XkeyRZ
X-Jobs
X-Epic-Correlation-Id
X-Ec-Fail
X-FC-Vary-Parameters
X-Developer
X-Depends
X-Loc
X-INCAP-ABP
X-DPWN-IS-SECURE
X-Mvc-Supplant-Cachable
X-Contensis-Viewer-Groups
X-HS-CF-Cache-Status
X-BCube-Filmed-By
X-Bug-Bounty
X-Cache-Aspx
Origin-Agent-Cluster
X-App-Name
X-AK-Request-ID
X-Vmg-Version
X-Amz-Storage-Class
X-Cache-Info
X-Bc-Bl
X-GeoIP
X-GeoIP-City
X-Cache-NE
X-Vtex-Remote-Cache
X-GeoCountry
X-Pad
Mime-Version
X-Cdn-Forward
X-Cache-Hit
X-GeoIP-Region-Code
Origin-CC
RNT-Time
X-Irp-Debug
X-HS-Content-Campaign-Id
Platform
X-Hash
Server-Host
X-GeoIP-Country-Code
Product
X-Fastly-Backend
X-Generated-On
Release
X-Human
X-Req
X-GoCache-CacheStatus
X-Gzip
X-Gamma-Serve
X-Esi-Check
X-Fmm-Version
Origin-EX
Req-Svc-Chain
RNT-Machine
X-Dispatcher-Server
X-Accel-Expires-Debug
X-Cache-Id
X-Cache-Grace
X-Cached-By
X-CacheTTL
X-Micro-Cache
X-Cdn-Srv
X-Cache-Bucket
X-Bl-Debug
X-NMSegId
X-Amz-Meta-Cb-Modifiedtime
X-Node-Id
X-Auto-Login
X-B3-Trace-ID
X-Acquia-Purge-Cdn-Unconfigured
X-BBC-Edge-Cache-Status
X-Clientip
X-Content-Age
X-Platform
X-Ec-Custom-Error
Tube-Get-Contents
X-Level-Front-Cache
X-Edge-Server
X-Pool
X-Policy
Tube-Got-Eval
Tube-Got-Results
Web-Mar-Region
X-Core-Value
X-Location
X-Date
Tube-Return
V-Age
X-Powered-By-VTEX-Cache
Cache-Key
X-VTEX-Cache-Time
X-CGP
X-VTEX-Cache-Server
X-Viewer-Country
X-Eu-Site
X-HN
X-Section
X-Op-Id-All
X-Newrelic-Synthetics
X-Via-Fastly
X-VG-WebCache
X-Tb-Optimization-Total-Bytes-Saved
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-UA-Device-Type
X-V-Cache
X-Varnishpool
X-Varnish-Director
X-Var-Ttl
X-VarnishDD-TTL
X-Wikidot-Backend
HA-Ipaddr
L
Yak-Timeinfo
L5d-Success-Class
Ha-Gx-Prefs
Apple-News-Services-Handled
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Cache-Provider
PFcat
User-Agent
X-Access
X-Akamai-Device-Characteristics
X-Wikidot-Static-Cache
X-AB-Test
Wxu-Next-Region
W
Wxu-Next-Commit
Wxu-Next-Hostname
X-Slack-Shared-Secret-Outcome
X-Csrf-Jwt
DSUID
Debug
Cdn-Host
Gh-Request-Id
X-SB
Cdn-Request-Time
Content-Style-Type
A
Click-Count-Action-Start
Click-Count-Error
X-SD-PageType
Content-Script-Type
IsBot
Esi-Enabled
Canary
X-Slack-Backend
Apple-News-Services-Host
NGX
Cache
X-SIPLIST1
NM-Fastcgi-Cache
Akamai-Mon-Iucid-Del
CDN-Uid
X-CUA
X-Mvc-Supplant-OutputCached
X-Men
Fl-Custom-Application
X-Server-IP
Country-Code
CDCHOST
Fastly-SSL
X-Gen-Mode
ServerName
Req-ID
Pramga
X-Pubstack
XM
X-Request-Start
X-ORCA-Accelerator
X-Varnish-Beresp-Status
CDN-Cache
X-VG-TLSProxy
X-Content-Length
X-NodeID
X-Request-Host
Ssr
X-Thanos
CDN-PullZone
User-Cache-Control
X-Sn-Servicetimems
X-Bip
CDN-RequestPullSuccess
Sid
X-Hnp-Log
CDN-CachedAt
CDN-EdgeStorageId
CDN-RequestPullCode
X-Block-Status
CDN-RequestCountryCode
X-Cache-FS-Status
X-COUNTRY
X-Optimistic-Header
X-Varnish-Hits
X-HITS
TP-L2-Cache
X-URL
X-VServer
X-Litespeed-Tag
X-HOST
X-TA-CDN-Provider
X-LB-NoCache
X-Api-Version
X-Dc
X-CACHE-GROUP
X-Refresh
X-Geolocation
X-Cache-Date
X-GEO
X-Cs
X-LiteSpeed-Tag
X-S-Cookie
X-Application
X-IsAdmin
X-B-Cookie
X-Destination
X-Nananana
X-External-Request-Id
X-APP
X-Via-Edge
Edge-Copy-Time
X-Servedbyhost
CloudFront-Viewer-Country
X-Via-CDN
X-Via-SSL
True-Client-Country-4JS
Proxy-Firewall
X-Zen-Fury
X-LiteSpeed-Cache-Control
X-AWS-Id
X-VWS-Id
X-Zone
X-LJ-Flow-ID
Fastly-Drupal-HTML
X-CDN-Forward
Cdn-Requestid
Server-Hostname
X-RequestId
Sever-Int
Server-Ext
GeoIP-Latitude
C-Via
X-Test
X-User
X-DC
X-Endurance-Cache-Level
Fastly-Drupal-Html
X-Provided-By
Adler-Geo
X-AIR-PT
X-HA-Backend
X-Via-Poph
X-Via-Popv
X-Via-Popn
Server-ID
Is-Eu
X-Air-Pt
X-B3-Spanid
X-FTR-Balancer
X-FTR-Backend-Server
X-Country-Code-Real
X-FTR-Cache-Status
Ohc-Cache-HIT
X-FTR-Expires
X-FTR-Backend
X-Nginx-Cache-Key
X-Wa
X-VC-TTL
X-ZONE
X-Nc
X-LB-ID
X-Dispatcher-Number
X-CACHE-AGE
X-B3-Parentspanid
X-DynaTrace-JS-Agent
GeoIp-Country-Code
WZWS-RAY
X-NewRelic-App-Data
X-CS
S-Rt
HostName
X-Webkit-Csp-Report-Only
X-Tt-Logid
Cdn
X-Presslabs-Stats
X-TH-Server
X-Vgn-Hpd-Reason
WP-Super-Cache
Cache-Tv-Group
X-Oracle-Dms-Ecid
X-Datadome
X-Geo-Header
T-Server
X-Custom-Header
X-Moov-Xdn-Caching-Status
X-Moov-Xdn-Version
X-Moov-T
X-Pass-Why
X-ND-Cache
X-Resp-Is-Stale
True-Client-IP
X-Parent-Response-Time
X-Srv
X-DataCenter
X-Cache-Server
Vc-Max-Age
X-Old-Content-Length
X-CMSURLCustom
SID
X-API-Version
X-HubSpot-Correlation-Id
X-Fpc
Resin-Trace
Pics-Label
Uri
X-Thinkindot-L1
X-Vercel-Cache
Powered-By
X-Cache-VC
Location
X-Vercel-Id
X-Action
Vix-Hermes-Req-Id
SEZNAM-JOBS-OFFER
X-Srcache-Fetch-Status
X-Srcache-Store-Status
X-TX-ID
X-Varnish-Beresp-TTL
True-Client-Ip
X-FPC
X-Ckpd-Fst-Backend
X-Fastly-Cache
X-SERVER-NAME
Tcn
Thinkindot-Control
X-Litespeed-Cache-Control
X-Stale
N1-Cache
Serverhost
On-Server
X-Dynatrace-Js-Agent
X-Client-Ip
X-APP-VERSION
Srv
X-Cache-TTL-Remaining
GeoIP-Country-Code
ServerHost
X-Service-Response-Time
Sm-Log-Id
X-ApacheServer
X-PERF
Hostname
AKAMAI
X-Amz-Meta-Opti
X-Oracle-Dms-Rid
X-Datacenter
X-PHP-Backend
TWC-GeoIP-City
TWC-GeoIP-DMA
X-Fastly-Cache-Status
Xkeylog
Cache-Hits
X-Cdn-Cache-Status
X-Render-Time
X-WA
Server-Id
X-Nitro-Cache
X-WA-Info
TWC-GeoIP-Region
X-Proxy-Cache-La3
Xkey-La3
X-Air-Source
X-Air-Trace-Id
X-Debug-Service
X-Air-Hostname
Av-Poweredby
X-NC
Magicmarker
X-Lb-Id
X-Ua
X-Uri
X-Info
Cl-Cache
X-Ssense-Gql
X-Vc
X-Ssense-Shipping-Surcharge-Enabled
X-Geo
RewriteTestHook
RewriteTeamHook
Cache-Contol
X-Via-PopV
Log-Origin
X-Via-PopN
X-Ha-Backend
X-Udemy-Cache-App-Namespace
X-Ee-Generated-By
Time-Cloud-Cache
X-Cms-Device
X-Via-PopH
Store-Cloud-Cache
X-Jungle-Id
Geoip-Latitude
X-Fastly-Backend-Reqs
X-Ee-Request-Date
X-Ee-Origin
X-Ion-Healthy
X-Save-Cache
X-Vary-Devices
X-Ion-Hop
X-Ee-Request-Id
X-Cache-Ttl
X-Github-Request-Id
Cloudfront-Viewer-Country
X-IAuth-Set-Uid
X-Oracle-DMS-ECID
Cmstype
X-VTEX-Cache-Backend-Header-Time
X-VTEX-Cache-Backend-Connect-Time
Cf-Ipcountry
My-App
Lb
X-CDN-Cache-Status
X-ServedByHost
X-V
Cmsid
X-Esi
CDN
X-Rollout
X-Requestid
X-Up
X-New
X-VCL-Version
X-App
X-From
X-Limited
X-Eligible
X-Akamai-Pragma-Client-IP
WebServer
Warning
X-Traceid
WWW-Authenticate
CacheControlHeader
X-Forwarded-Site
Machine
X-Region-Sid
CountryCode
X-Correlation-ID
X-MSEdge-Flight
Cneonction
X-Lb-Nocache
X-Dw-Trace-Id
Server-Info
X-MSEdge-Features
Pragrma
X-LAGOON
X-Serial
X-EC-Lua
X-HS-Status
X-Acquia-Application-Trace
X-Acquia-Application-UUID
X-Acquia-Site
X-Check-Cacheable
X-Acquia-Purge-Tags
Reporter
X-Cdn-Request-ID
X-CSRF-TOKEN
X-Pod
X-Akamai-Transformed
X-Ftr-Request-Id
FSS-Cache
Edge-Cache
X-Sucuri-Id
X-Git-Commit
X-Container-Uri
X-Td-Header-From-No-Data
X-Web-Server
NtCoent-Length
CF-Cached-On
X-Elasticpress-Query
X-BBC-Origin-Response-Status
Thinkindot-Cache-Type
X-Orig-Cache-Control
X-Ms-Lease-Status
X-Ms-Blob-Type
X-Tncms-Bot-Tier
X-Akamai-ERRuleID
X-Varnish-Hostname
X-Akamai-ERPolicy
X-Ramcache
Permission-Policy
X-Platform-Processor
Timeexpire
X-Platform-Router
X-Fastly-Cache-Hits
X-SRCache-Key
X-Platform-Cluster