Threat Level: green Handler on Duty: Jim Clausing

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
Accept-Ranges
Expect-CT
CF-RAY
Pragma
X-Powered-By
X-Cache
X-XSS-Protection
Via
Age
Content-Security-Policy
Report-To
Alt-Svc
NEL
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Xss-Protection
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
X-Served-By
P3P
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
CF-Ray
Content-Security-Policy-Report-Only
X-Runtime
X-DNS-Prefetch-Control
X-AspNet-Version
X-Drupal-Cache
X-Generator
Server-Timing
P3p
X-Cache-Status
X-Cacheable
X-Envoy-Upstream-Service-Time
X-Request-ID
X-FRAME-OPTIONS
Timing-Allow-Origin
X-Iinfo
X-Check
X-Drupal-Dynamic-Cache
Permissions-Policy
X-Content-Security-Policy
Access-Control-Expose-Headers
Feature-Policy
Upgrade
Content-Encoding
Status
X-Ua-Compatible
X-CDN
X-AspNetMvc-Version
Access-Control-Max-Age
Host-Header
Cf-Edge-Cache
Accept-CH
X-Robots-Tag
Request-Context
X-Amz-Request-Id
X-Amz-Id-2
X-Backend
X-Hacker
X-Turbo-Charged-By
X-Cache-Group
Keep-Alive
X-Proxy-Cache
Cf-Apo-Via
X-Via
X-Rq
Accept-CH-Lifetime
EagleId
X-Age
X-Server
X-Dispatcher
X-Amz-Version-Id
X-Vhost
X-UA-Device
X-AH-Environment
X-Ws-Request-Id
X-Dns-Prefetch-Control
X-Varnish-Cache
Grace
X-Litespeed-Cache
X-Server-Powered-By
Allow
X-Pantheon-Styx-Hostname
X-Swift-CacheTime
X-Styx-Req-Id
X-Swift-SaveTime
X-Pingback
X-WebKit-CSP
X-Cache-Lookup
X-OneAgent-JS-Injection
Ali-Swift-Global-Savetime
X-Page-Speed
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Device
EagleEye-TraceId
X-Backend-Server
X-Akam-SW-Version
X-Host
X-Response-Time
Surrogate-Control
X-Cloud-Trace-Context
Cf-Railgun
X-Readtime
X-Node
X-Server-Id
X-HW
X-Ruxit-JS-Agent
X-LiteSpeed-Cache
Xkey
Request-Id
X-Country
X-Url
X-Nginx-Cache-Status
X-Application-Context
X-NWS-LOG-UUID
X-Content-Type
Cache-Tag
Content-Location
X-Nginx-Upstream-Cache-Status
X-Clacks-Overhead
Service-Worker-Allowed
X-Trace
X-Amz-Server-Side-Encryption
Fastly-Restarts
Cross-Origin-Opener-Policy
X-Times
X-Vname
X-TtlSet
X-PC
X-Edge
X-Midtier
X-Rack-Cache
X-Mcache
X-Country-Code
Rating
Surrogate-Key
X-Browser-Type
X-Server-Name
X-ESI
X-Cache-TTL
Display
X-Sol
Pagespeed
X-Middleton-Display
X-Abt-Application-Version
X-Cnection
X-Element-Page-Cache
X-GoogleNews-Bot
X-Exp-Id
X-Kinja
X-Exp-Variant
X-Kinja-Server
X-Cdn-Fetch
X-Kinja-Revision
X-Kinja-Build
X-Oneagent-Js-Injection
X-Ser
Edge-Control
X-Powered-By-Plesk
Nginx-Cache
X-GitHub-Request-Id
X-Ua-Device
X-D2id
Verso
X-Ac
X-ARC
X-Dw-Request-Base-Id
X-Vcap-Request-Id
X-Client-IP
Accept-Ch-Lifetime
X-MS-InvokeApp
X-Aspnet-Version
X-Daa-Tunnel
X-ORACLE-DMS-RID
X-Upstream
X-Navigation-Version
X-Amz-Rid
X-Goog-Hash
X-ECACHE
X-CST
X-Powered-CMS
Response
X-Middleton-Response
X-Instrumentation
X-Erf-Bev-Bev-Is-Generated
X-Kraken-Loop-Name
X-Erf-Bev-Bev
X-Server-Lifecycle-Phase
X-PDP-UNCACHING-HASH
X-Kinsta-Cache
X-Edge-Location-Klb
X-B3-TraceId
X-Ttl
AR-SID
AR-Request-ID
AR-PoweredBy
AR-ATIME
X-Amzn-Trace-Id
X-Cache-Key
X-Forwarded-For
X-NF-Request-ID
X-Ratelimit-Limit
RTSS
X-Mod-Pagespeed
X-Wormhole-Sdk
X-Ratelimit-Remaining
X-Server-ID
SPRequestDuration
SPIisLatency
Edge-Cache-Tag
Cache-Status
AR-CACHE
X-Version
X-ORACLE-DMS-ECID
Public-Key-Pins
X-Ruxit-Js-Agent
X-Mg-S
X-FastCGI-Cache
S
Cross-Origin-Resource-Policy
X-Ezoic-Cdn
Realpath
X-MSEdge-Ref
X-SharePointHealthScore
SPRequestGuid
X-Shield-Request-Id
Fastcgi-Cache
X-T
X-Content-Digest
X-Cached
X-Recruiting
Access-Control-Request-Method
X-Accel-Expires
X-Distributor
X-Newrelic-App-Data
TP-Cache
X-Kong-Upstream-Latency
X-Correlation-Id
X-Kong-Proxy-Latency
Arr-Disable-Session-Affinity
Count-Hit
Front-End-Https
X-Debug
X-Id
X-Request-Received
X-Content-Security-Policy-Report-Only
X-Request-Processing-Time
Server-Node
X-HS-Cache-Config
X-HS-Content-Id
X-HS-Hub-Id
X-Ua-Browser
X-Fastly-Request-ID
MicrosoftSharePointTeamServices
X-LLID
X-VARITI-CCR
X-HS-Combine-CSS
X-Frontend
X-Azure-Ref
X-PressLabs-Stats
Cache-Tags
X-Cluster-Name
X-Varnish-TTL
X-Ismobilevalue
Payment
X-Hits
Accept-Ch
X-Varnish-Ttl
X-Forwarded-Proto
X-Amz-Replication-Status
X-LB-Cache
X-Varnish-Backend
X-GUploader-UploadID
X-Goog-Metageneration
X-Microsite
X-Request-Handler-Origin-Region
Filterid
Host
X-Protected-By
X-Unique-Id
X-Git-Hash
X-Logged-In
X-FB-Debug
Content-Disposition
X-Www-Served-By
X-Varnish-Server
X-Az
X-AppVersion
X-Activity-Id
Cleartype
X-Ratelimit-Reset
X-App-Server
X-Hostname
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-TTL
X-Amzn-RequestId
X-NGENIX-Cache
X-Amz-Apigw-Id
X-Webkit-CSP
X-Fastcgi-Cache
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
X-HP-Trace-Id
X-HP-Webp
X-Jurisdiction
X-DIS-Request-ID
X-Geo-Country
Access-Control-Allow-Method
X-Page-Id
Retry-After
X-Origin-Server
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Nf-Request-Id
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
X-Load-Cache
X-ASPNET-VERSION
X-Upgrade-Enabled
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
Pinterest-Version
MS-Author-Via
Pinterest-Generated-By
X-Pinterest-Rid
Accept-Charset
Origin-Trial
X-Ah-Environment
Akamai-GRN
Fastly-SWR
Fastly-SIE
X-Type
X-Cambria-Cache-Control
Section-Io-Cache
Content-MD5
X-Fb-Rlafr
X-TT
X-Cache-Control
Viewport
X-B3-Sampled
X-Template
X-B
X-Grace
X-Content-Options
Version
Amp-Access-Control-Allow-Source-Origin
X-Request-Guid
X-Trace-Id
Frame-Options
X-Revision
TCN
X-SRCache-Fetch-Status
X-Amz-Meta-S3cmd-Attrs
X-SRCache-Store-Status
X-Origin-Cache
Healthy
X-Cdn
X-Envoy-Decorator-Operation
X-Vcl-Version
X-Contextid
X-Magnolia-Registration
X-RateLimit-Remaining
X-Device-Type
X-ECache
X-CSRF-Token
X-Source
X-Aspnetmvc-Version
X-WP-CF-Super-Cache-Active
Server-Name
DC
X-Backend-Name
X-Xrds-Location
X-Px
X-Proxy
X-Cache-Age
X-Seen-By
X-Mobile
X-Rid
X-Varnish-Grace
X-Tumblr-Pixel-1
X-RM-Cache-TTL
X-RemovedCookies
X-Tumblr-User
X-App-Environment
X-Tumblr-Pixel-0
X-Fastly-Request-Id
X-ProcessESI
X-Tumblr-Pixel
X-Framework
X-Rule
Access-Control-Request-Headers
X-L-Path
X-Storage
X-Debug-Info
X-Environment-Context
X-Status
X-Mg-Request-UUID
X-Region
SD-X-WS
Cross-Origin-Window-Policy
NGB
X-G
X-Akamai-Edgescape
X-NYM-Debug-Backend
X-Node-Name
X-Adobe-Content
X-ServerID
X-UUID
X-Cacheable-TTL
X-Adobe-Loc
X-Debug-IsPreview
X-Content-Powered-By
X-Debug-IsConnected
X-Yottaa-Optimizations
X-Datadog-Parent-Id
X-CLOUD-TRACE-CONTEXT
X-Is-Bot
X-Proxy-Cache-Info
X-Datadog-Trace-Id
X-Datadog-Sampling-Priority
X-Yottaa-Metrics
GEO-INFO
MS-CV
X-RTag
Ms-Operation-Id
X-Instance
X-Rendered-As
X-Datadog-Sampled
X-FW-Server
X-FW-Serve
X-FW-Hash
X-FW-Dynamic
X-Language
X-FW-Type
X-FW-Version
X-FW-Static
Paypal-Debug-Id
X-User-Agent
X-Buckets
X-HTML-Minification-Powered-By
X-EdgeConnect-Cache-Status
X-Cache-Time
Front
Countrycode
Webserver
X-B3-Traceid
Upgrade-Insecure-Requests
Charset
X-WebKit-CSP-Report-Only
Protected
X-Tec-Api-Version
X-Tec-Api-Origin
X-Tec-Api-Root
X-Whom
OT-Force-Account-Verify
X-N
X-Lambda-Id
X-Edge-Location
X-VC
X-VHOST
Trailer
X-Cache-Status-Check
X-Akamai-Request-ID2
X-AB
X-IPS-LoggedIn
Section-Io-Id
Country
Refresh
Priority
X-Time
X-HS-Prerendered
X-TT-LOGID
X-Reqid
X-B3-SpanId
X-Amzn-Remapped-Content-Length
X-Hl-Ver
Alternate-Protocol
X-Hcs-Proxy-Type
X-CCDN-CacheTTL
X-Via-JSL
X-CCDN-Origin-Time
X-WP-CF-Super-Cache-Cookies-Bypass
Xet-Cookie
Backend
Liferay-Portal
VIX-Pulpo-Upstream-Status
X-Wix-Request-Id
X-XRDS-Location
Accept-Language
VIX-Pulpo-Node
X-DataDome
Onion-Location
X-Mode
X-Server-W
Uber-Trace-Id
X-Tumblr-Pixel-2
X-Rn-Rsrv
X-Scope-Id
X-UPSTREAM-Address
X-Web-Node
X-Fetched-On
X-Accel-Version
X-Tb
Environment
X-VC-Cache
X-Auth-Group-Type
X-SaId
X-Skip-Cache
X-Request-URI
X-JoinUs
Fastcgi-Useragent
X-Rewrite-Enabled
X-Generated-By
Meta-Geo
From-Origin
Filters
X-Frame-Option
X-Origin-Date
X-Webstats-RespID
Apigw-Requestid
Atl-Traceid
X-Say-TTL
X-Say-Cacheable
Expiry
Webcakes-App-Version
TWC-Locale-Group
TWC-Privacy
TWC-GeoIP-LatLong
X-SayCDN-TTL
TWC-GeoIP-Country
TWC-Connection-Speed
ServerID
X-Restarts
TWC-Device-Class
Webcakes-App-Name
Property-Id
Webcakes-Region
X-Cluster-Node
X-BYPASS-REASON
X-XRDS-LOCATION
X-Connection-Hash
X-ProxyCache-Key
X-ProxyCache-Status
X-Origin-Hint
X-Nginx-Cache
X-IPLB-Instance
X-IPLB-Request-ID
X-Logging-Id
X-Hosted-By
X-Varnish-Age
X-FB-TRIP-ID
X-Varnish-Beresp-Grace
X-Cache-Expired-At
X-Cache-Action
X-Format
X-Varnish-Cache-Hits
X-Cache-Host
X-Real-IP
X-R9-Blue-Green-Version
X-Response-Served-From
Mn-Server-Ip
X-Labrador-Cache-Channel
X-Adobe-Source
X-Redis-Cache
X-Original-Request-Id
LB
X-Soup
X-Cms-Context
X-Forwarded-Host
X-Served-From
X-Httpd
X-Handled-By
X-PHP-Host
X-Director
X-Proxy-Build
X-Tncms
X-Vcache
X-Timing-Wait
ServedBy
Selected-Fe
X-Loop
Web-Mar-Node
SRV
X-Origin
X-S
X-Routing-Service
Url
DB-Nickname
X-Zipkin-Id
X-Servername
X-Proxied
X-Detected-As
X-Extlb
X-Cluster
X-Cloudmap
Cross-Origin-Embedder-Policy-Report-Only
X-Origin-TTL
Xserver
X-Origin-CC
X-LSADC-Cache
N-Cache
X-RID
CF-IPCountry
Referer-Policy
X-Rocket-Nginx-Serving-Static
X-Hit
X-Webkit-Csp
X-Xfnlog-Site
X-Lagoon
Cross-Origin-Embedder-Policy
X-Upstream-Ht
X-SRV
X-Upstream-Ct
X-Ms-Version
X-Ms-Request-Id
X-NWS-UUID-VERIFY
X-Tumblr-Pixel-3
X-Cache-Debug
X-TraceId
X-VCT
X-UA
X-DynaTrace
Source
X-RCS-CacheZone
X-Proxy-Cache-Status
CDN-RequestId
X-Azure-Ref-OriginShield
Surrogated-Key
WPO-Cache-Status
WPO-Cache-Message
X-F-Cache
X-Tcp-Rtt
X-Signature
X-B-Cache
X-Browser-Name
X-Geo-Region
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Is-Desktop
X-Is-Tablet
X-Is-Supported-Browser
X-Worker
X-Is-Mobile
X-No-Session
X-Urbn-Context-Path
Locale
X-Urbn-Site-Id
Node
X-FTR-Request-ID
X-Generation-Time
X-Sucuri-Cache
X-Cdn-Origin
X-RateLimit-Limit
X-Alternate-Cache-Key
X-NODE
X-Shopify-Stage
X-ShopId
X-Storefront-Renderer-Rendered
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-ShardId
X-Sucuri-ID
X-Tx-Id
X-Drupal-Cache-Tags
X-Drupal-Cache-Contexts
X-Cdn-Forward
X-App-Version
TP-L2-Cache
X-Site-Version
X-Locale
X-Service
X-Optimistic-Header
X-Cache-Operation
X-Cache-Rule
X-Gdpr
X-A-Dcw
X-A-Dam
MD5-Digest
X-A-Ccd
Meta-Geo-Continent
Lang
Mail-Subject
X-FC-Vary-Parameters
X-Aicache-OS
X-Epic-Correlation-Id
Host-ID
X-Aed
X-GeoCode
X-A-Wwc
X-A-Dgt
X-GeoCountry
Thinkindot-CacheControl
Producers
TDXMobile
Redirect-Candidate
Rendered-Blocks
Sslversion
Thinkindot-CacheControl-Type
We-Hiring
X-MP-GENERATED-AT
X-A
Odigeo-Trace-Id
Origin-Agent-Cluster
X-GeoIP-City
X-GeoIP
Ngx.Var.Host
X-AK-Request-ID
Content-Secure-Policy
Azure-Version
BehaviorPad-Version
X-BCube-Filmed-By
DCR-Decision-By
Azure-SiteName
Azure-SlotName
X-DefElseHash
Candidate-Md5Url
X-Cache-NE
X-Cache-Info
Cdncip
Cluster
X-Conf
X-Bug-Bounty
X-D
Azure-RegionName
Azure-InstanceId
A
X-App-Name
Fastly-GeoIP-CountryCode
Gannett-Cam-Experience-Id
X-Amz-Storage-Class
X-Ec-GeoHdr
X-Ec-Fail
X-DPWN-IS-SECURE
Fastly-Backend-Name
X-Developer
X-DefHash
DCR-Processing-Time-Ms
X-Bc-Bl
Expect-Staple
X-Backend-Instance
Cdnsip
X-Loc
X-VG-WebCache
X-Platform-Server
X-Vdms-Version
X-Proto
AMP-Access-Control-Allow-Source-Origin
X-Viewer-Country
X-PAYTM-SRV-ID
X-Origin-Expires
X-Org
X-Origin-Response-Time
X-Origin-Time
X-Path
X-Proxied-Request
X-Varnish-Remaining-TTL
X-ScT
X-Scheme
X-TIM-N
X-Thinkindot-L3
X-Shield-Cache-Expires
X-NGINX-Cache
X-Rojux
X-Varnish-Director
X-Request-Time
X-Varnish-CookieINHashed-On
X-Varnish-CookieHashed-On
X-Nyt-Route
X-Vmg-Version
X-Mly-Id
X-Jobs
X-ElasticPress-Query
X-Mvc-Supplant-OutputCached
X-Mvc-Supplant-Cachable
X-Internal-TTL
Xc-Version
X-Vtex-Remote-Cache
X-Ig-Push-State
X-Ig-Origin-Region
Ohc-File-Size
X-Varnish-Beresp-Ttl
Mime-Version
Cache
X-SVT-ORM-VERSION
RNT-Time
X-Akamai-Device-Characteristics
X-Varnish-Authentication
X-Varnish-Beresp-Status
X-SVT-ORM-RULES
X-BBC-Edge-Cache-Status
X-Amz-Meta-Cb-Modifiedtime
X-B3-Trace-ID
XkeyRZ
X-UA-Device-Type
Server-Host
X-V-Cache
X-Var-Ttl
X-Auto-Login
X-Tb-Optimization-Total-Bytes-Saved
Yak-Timeinfo
X-Wikidot-Backend
V-Age
Wxu-Next-Region
Tube-Return
Tube-Got-Results
X-VTEX-Cache-Server
Wxu-Next-Hostname
X-VTEX-Cache-Time
W
Wxu-Next-Commit
X-Sn-Servicetimems
Tube-Got-Eval
X-VarnishDD-TTL
X-Wikidot-Static-Cache
X-Accel-Expires-Debug
X-Varnishpool
X-We-Are-Hiring
X-Via-Fastly
Tube-Get-Contents
X-VG-TLSProxy
X-Acquia-Purge-Cdn-Unconfigured
X-Cached-By
X-Op-Id-All
X-Fastly-Backend
X-Fmm-Version
X-Gamma-Serve
X-Node-Id
X-Eu-Site
X-Esi-Check
X-Dispatcher-Server
X-Platform
X-Ec-Custom-Error
X-Edge-Server
X-NMSegId
X-Generated-On
X-Gzip
X-GoCache-CacheStatus
X-Hash
X-Human
X-HN
X-GeoIP-Region-Code
X-INCAP-ABP
X-Location
RNT-Machine
X-Level-Front-Cache
X-GeoIP-Country-Code
X-Depends
X-Policy
X-SB
X-Cache-Id
X-HS-Content-Campaign-Id
X-CacheTTL
X-CGP
X-Cache-Bucket
X-Cache-Aspx
X-Slack-Backend
X-Bl-Debug
X-Section
X-SD-PageType
X-Clientip
X-Contensis-Viewer-Groups
X-Pubstack
X-Debug-Cache-Store
X-Proxy-CacheRZ
X-Powered-By-VTEX-Cache
X-Pool
X-Debug-Cache-Fetch
X-Date
X-Content-Age
X-Core-Value
X-Csrf-Jwt
X-Req
X-Slack-Shared-Secret-Outcome
X-Access
NM-Fastcgi-Cache
NGX
Cross-Origin-Opener-Policy-Report-Only
L5d-Success-Class
Cdn-Host
Origin
Cache-Key
Cache-Provider
Canary
Origin-EX
L
Cdn-Request-Time
Content-Script-Type
DSUID
Debug
Content-Style-Type
Click-Count-Error
Esi-Enabled
HA-Ipaddr
Ha-Gx-Prefs
Gh-Request-Id
Click-Count-Action-Start
Apple-News-Services-Request-Url
Origin-CC
PFcat
Product
Apple-News-Services-Handled
Apple-News-Services-Host
X-Pad
Apple-News-Services-Parsed-Url
Release
Platform
Req-Svc-Chain
Sid
X-LiteSpeed-Tag
X-Request-Start
CDN-RequestPullSuccess
X-Request-Host
X-Server-IP
CDN-Uid
X-Men
X-NodeID
X-Cache-FS-Status
X-Cache-Grace
X-Block-Status
X-Micro-Cache
X-SIPLIST1
X-Content-Length
CDN-EdgeStorageId
CDN-CachedAt
X-Bip
X-CUA
CDN-Cache
X-Api-Version
X-Thanos
CDN-RequestCountryCode
X-Cdn-Srv
X-Hnp-Log
X-Gen-Mode
CDN-PullZone
CDN-RequestPullCode
CDCHOST
User-Cache-Control
User-Agent
Web-Mar-Region
XM
Req-ID
ServerName
Fastly-SSL
Ssr
IsBot
Country-Code
Pramga
X-LiteSpeed-Cache-Control
X-Cache-Hit
X-HOST
X-AB-Test
X-Air-Pt
Akamai-Mon-Iucid-Del
X-AWS-Id
X-Newrelic-Synthetics
X-LJ-Flow-ID
X-VWS-Id
X-CACHE-GROUP
Fl-Custom-Application
X-ORCA-Accelerator
X-Dc
X-Irp-Debug
True-Client-Country-4JS
X-Varnish-Hits
X-Provided-By
X-Cs
X-GEO
X-RequestId
Server-Ext
X-Test
Server-Hostname
GeoIP-Latitude
X-TA-CDN-Provider
Sever-Int
C-Via
X-HITS
Proxy-Firewall
X-LB-NoCache
CloudFront-Viewer-Country
Is-Eu
Adler-Geo
X-Servedbyhost
X-Nananana
Fastly-Drupal-HTML
X-Geolocation
X-Via-SSL
X-HS-CF-Cache-Status
X-Nginx-Cache-Key
X-Cache-Date
Edge-Copy-Time
X-B3-Parentspanid
X-Via-Edge
X-Via-CDN
X-APP
X-Refresh
X-Dispatcher-Number
X-VServer
X-DC
S-Rt
X-External-Request-Id
X-B3-Spanid
X-Destination
X-Zone
X-Tt-Logid
X-IsAdmin
X-Via-Popv
X-HA-Backend
Cache-Tv-Group
WZWS-RAY
X-B-Cookie
X-S-Cookie
X-Via-Popn
X-Application
X-Via-Poph
X-Endurance-Cache-Level
Cdn-Requestid
X-Zen-Fury
X-ZONE
X-Wa
X-Geo-Header
Fastly-Drupal-Html
X-Custom-Header
X-Nc
X-LB-ID
T-Server
X-Pass-Why
X-DynaTrace-JS-Agent
X-ND-Cache
Server-ID
X-Webkit-Csp-Report-Only
HostName
X-User
X-CDN-Forward
X-Presslabs-Stats
X-Srv
X-Litespeed-Tag
Cdn
X-URL
X-CMSURLCustom
X-Cache-Server
X-Oracle-Dms-Ecid
Vc-Max-Age
X-COUNTRY
X-CS
GeoIp-Country-Code
X-AIR-PT
Ohc-Cache-HIT
X-CACHE-AGE
X-Parent-Response-Time
X-HubSpot-Correlation-Id
X-Fpc
SID
X-VC-TTL
Resin-Trace
WP-Super-Cache
X-Moov-T
Powered-By
X-TH-Server
X-Moov-Xdn-Caching-Status
X-DataCenter
True-Client-IP
X-Moov-Xdn-Version
X-NewRelic-App-Data
Vix-Hermes-Req-Id
X-Vgn-Hpd-Reason
X-Fastly-Cache
X-Ckpd-Fst-Backend
Pics-Label
Srv
Uri
X-Varnish-Beresp-TTL
X-APP-VERSION
X-API-Version
X-Old-Content-Length
On-Server
SEZNAM-JOBS-OFFER
True-Client-Ip
X-Srcache-Store-Status
X-Srcache-Fetch-Status
Thinkindot-Control
ServerHost
X-SERVER-NAME
X-Air-Source
GeoIP-Country-Code
X-Air-Trace-Id
X-Vercel-Cache
X-Cache-TTL-Remaining
X-Amz-Meta-Opti
AKAMAI
X-Air-Hostname
X-Vercel-Id
Serverhost
X-PHP-Backend
X-TX-ID
X-Datadome
X-FPC
X-Client-Ip
X-Thinkindot-L1
Location
X-Cache-VC
X-Dynatrace-Js-Agent
X-Action
Magicmarker
Cl-Cache
X-Oracle-Dms-Rid
X-Info
Server-Id
X-V
X-Stale
N1-Cache
X-Debug-Service
Av-Poweredby
Hostname
X-Cdn-Cache-Status
X-FTR-Cache-Status
X-FTR-Expires
X-NC
X-Datacenter
X-FTR-Balancer
X-WA
X-IAuth-Set-Uid
X-FTR-Backend
X-Country-Code-Real
X-CDN-Cache-Status
X-FTR-Backend-Server
Sm-Log-Id
X-Vc
X-Service-Response-Time
X-VCL-Version
CDN
X-Lb-Id
X-Fastly-Cache-Status
X-PERF
X-Cms-Device
Time-Cloud-Cache
Store-Cloud-Cache
X-Ee-Origin
X-Save-Cache
X-Vary-Devices
X-Ee-Request-Id
X-Ee-Request-Date
X-Ee-Generated-By
X-ApacheServer
X-Udemy-Cache-App-Namespace
X-Rollout
X-VTEX-Cache-Backend-Header-Time
X-New
X-Geo
X-VTEX-Cache-Backend-Connect-Time
X-Eligible
X-Cache-Ttl
X-Oracle-DMS-ECID
X-Github-Request-Id
X-Region-Sid
X-App
X-Via-PopV
X-Via-PopN
X-Via-PopH
Machine
Xkeylog
X-Ssense-Gql
X-Forwarded-Site
X-WA-Info
X-Resp-Is-Stale
X-Limited
X-Render-Time
X-Ssense-Shipping-Surcharge-Enabled
X-Ha-Backend
X-Fastly-Backend-Reqs
Xkey-La3
X-Nitro-Cache
X-Proxy-Cache-La3
Tcn
Cloudfront-Viewer-Country
X-ServedByHost
X-Litespeed-Cache-Control
X-Uri
Server-Info
X-Lb-Nocache
TWC-GeoIP-City
X-Git-Commit
Cache-Hits
X-Container-Uri
TWC-GeoIP-DMA
TWC-GeoIP-Region
X-Ion-Healthy
X-Ion-Hop
WWW-Authenticate
X-EC-Lua
Geoip-Latitude
X-Ftr-Request-Id
X-Jungle-Id
X-Traceid
Edge-Cache
RewriteTestHook
Cache-Contol
RewriteTeamHook
WebServer
X-Akamai-Pragma-Client-IP
Cneonction
X-MSEdge-Features
X-MSEdge-Flight
X-Correlation-ID
CountryCode
X-Ua
Log-Origin
Permission-Policy
Cmsid
Cmstype
My-App
X-HS-Status
X-LAGOON
X-Dw-Trace-Id
X-SRCache-Key
X-Varnish-Hostname
Pragrma
X-Check-Cacheable
FSS-Cache
PICS-Label
X-Acquia-Site
Reporter
X-Acquia-Application-Trace
X-Acquia-Application-UUID
X-Acquia-Purge-Tags
X-Up
X-Serial
X-Pod
X-Requestid
X-From
X-Akamai-Transformed
X-Cdn-Request-ID
X-Html-Minification-Powered-By
Cf-Ipcountry
X-Sucuri-Id
X-BBC-Origin-Response-Status
X-Web-Server
X-Elasticpress-Query
CacheControlHeader
X-Fastly-Cache-Hits
CF-Cached-On
X-Orig-Cache-Control
Timeexpire
X-Tncms-Bot-Tier
Warning
X-Akamai-ERPolicy
X-Akamai-ERRuleID
X-Ms-Lease-Status
X-Ms-Blob-Type
X-Platform-Processor
X-Platform-Router
X-Ramcache
NtCoent-Length
X-Platform-Cluster