Threat Level: green Handler on Duty: Jim Clausing

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
X-Frame-Options
Expires
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
Accept-Ranges
Expect-CT
CF-RAY
Pragma
X-Powered-By
X-Cache
Via
X-XSS-Protection
Age
Content-Security-Policy
Report-To
Alt-Svc
NEL
Referrer-Policy
Access-Control-Allow-Origin
X-Xss-Protection
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
X-Served-By
P3P
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
CF-Ray
Content-Security-Policy-Report-Only
X-Runtime
X-DNS-Prefetch-Control
X-AspNet-Version
X-Drupal-Cache
P3p
X-Generator
Server-Timing
X-Cache-Status
X-Cacheable
X-Envoy-Upstream-Service-Time
Timing-Allow-Origin
X-Request-ID
X-FRAME-OPTIONS
X-Iinfo
X-Drupal-Dynamic-Cache
Permissions-Policy
X-Check
X-Content-Security-Policy
X-Ua-Compatible
Access-Control-Expose-Headers
Feature-Policy
Upgrade
Content-Encoding
Status
X-CDN
X-AspNetMvc-Version
Access-Control-Max-Age
Host-Header
Cf-Edge-Cache
X-Robots-Tag
Request-Context
X-Amz-Request-Id
X-Amz-Id-2
Accept-CH
X-Backend
X-Hacker
X-Turbo-Charged-By
X-Cache-Group
Cf-Apo-Via
X-Proxy-Cache
Keep-Alive
X-Via
X-Rq
X-Age
EagleId
X-Server
X-UA-Device
X-Dispatcher
X-Vhost
X-Amz-Version-Id
X-AH-Environment
X-Dns-Prefetch-Control
Accept-CH-Lifetime
X-Ws-Request-Id
X-Varnish-Cache
Grace
X-Server-Powered-By
X-Litespeed-Cache
X-WebKit-CSP
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
Allow
X-Pingback
X-Swift-CacheTime
X-Swift-SaveTime
X-Cache-Lookup
Ali-Swift-Global-Savetime
X-OneAgent-JS-Injection
X-Page-Speed
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Device
X-Backend-Server
EagleEye-TraceId
X-Cloud-Trace-Context
X-Akam-SW-Version
X-Host
X-Response-Time
Surrogate-Control
Cf-Railgun
X-Readtime
X-Server-Id
X-Node
Xkey
X-HW
X-LiteSpeed-Cache
X-Ruxit-JS-Agent
Request-Id
X-Nginx-Cache-Status
X-Country
X-Url
X-NWS-LOG-UUID
X-Content-Type
X-Application-Context
Cache-Tag
Content-Location
X-Nginx-Upstream-Cache-Status
X-Clacks-Overhead
Service-Worker-Allowed
X-Trace
X-Amz-Server-Side-Encryption
Fastly-Restarts
Cross-Origin-Opener-Policy
X-Times
X-Rack-Cache
X-Country-Code
X-TtlSet
X-Vname
X-PC
X-Midtier
X-Mcache
X-Edge
Rating
Surrogate-Key
X-Oneagent-Js-Injection
X-Server-Name
X-Browser-Type
X-Sol
Pagespeed
Display
X-Middleton-Display
X-Cache-TTL
X-Cnection
X-Abt-Application-Version
X-Element-Page-Cache
X-ESI
X-Exp-Id
X-Kinja-Revision
X-GoogleNews-Bot
X-Exp-Variant
X-Kinja-Build
X-Kinja
X-Cdn-Fetch
X-Kinja-Server
Nginx-Cache
X-Ser
X-GitHub-Request-Id
X-Powered-By-Plesk
Edge-Control
X-D2id
Verso
X-Ac
X-Vcap-Request-Id
X-ARC
X-Dw-Request-Base-Id
X-ECACHE
X-MS-InvokeApp
X-Client-IP
X-ORACLE-DMS-RID
X-B3-TraceId
X-Daa-Tunnel
X-Amz-Rid
X-CST
X-Middleton-Response
Response
X-Navigation-Version
X-Upstream
X-Powered-CMS
X-Aspnet-Version
X-Goog-Hash
X-Erf-Bev-Bev-Is-Generated
X-Instrumentation
X-PDP-UNCACHING-HASH
X-Erf-Bev-Bev
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
X-Kinsta-Cache
X-Edge-Location-Klb
X-Amzn-Trace-Id
X-NF-Request-ID
X-Ttl
X-Cache-Key
X-Forwarded-For
AR-Request-ID
AR-ATIME
AR-SID
AR-PoweredBy
Accept-Ch-Lifetime
X-Ratelimit-Limit
X-Ua-Device
X-Wormhole-Sdk
RTSS
X-Ruxit-Js-Agent
X-Mod-Pagespeed
SPRequestDuration
SPIisLatency
Edge-Cache-Tag
Cache-Status
X-Ratelimit-Remaining
X-Server-ID
X-FastCGI-Cache
X-Version
Public-Key-Pins
X-Mg-S
AR-CACHE
X-ORACLE-DMS-ECID
X-Ezoic-Cdn
Cross-Origin-Resource-Policy
X-SharePointHealthScore
Realpath
S
SPRequestGuid
X-Content-Digest
X-Shield-Request-Id
X-MSEdge-Ref
Fastcgi-Cache
X-T
X-Cached
X-Recruiting
X-Accel-Expires
X-Varnish-TTL
X-Fastly-Request-ID
Access-Control-Request-Method
X-Distributor
Front-End-Https
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Correlation-Id
TP-Cache
X-Debug
MicrosoftSharePointTeamServices
Count-Hit
Arr-Disable-Session-Affinity
X-Request-Received
X-Request-Processing-Time
X-HS-Hub-Id
X-Id
X-HS-Content-Id
X-HS-Cache-Config
X-Newrelic-App-Data
Server-Node
X-Ua-Browser
X-Content-Security-Policy-Report-Only
X-LLID
X-Azure-Ref
X-VARITI-CCR
X-HS-Combine-CSS
X-Frontend
Cache-Tags
X-Cluster-Name
X-Ismobilevalue
X-PressLabs-Stats
Payment
X-Amz-Replication-Status
X-GUploader-UploadID
X-LB-Cache
X-Hits
X-Varnish-Backend
X-Forwarded-Proto
Accept-Ch
X-Goog-Metageneration
X-Microsite
X-Request-Handler-Origin-Region
Host
X-Git-Hash
X-FB-Debug
Cleartype
X-Protected-By
X-Unique-Id
X-Logged-In
Filterid
Content-Disposition
X-Www-Served-By
X-TTL
X-AppVersion
X-Activity-Id
X-Ratelimit-Reset
X-Varnish-Server
X-Az
X-Tt-Trace-Host
X-Tt-Trace-Tag
Origin-Trial
X-Hostname
X-App-Server
X-NGENIX-Cache
Pinterest-Generated-By
X-Pinterest-Rid
X-Amzn-RequestId
X-Amz-Apigw-Id
Pinterest-Version
X-Jurisdiction
X-DIS-Request-ID
X-HP-Webp
X-HP-Trace-Id
X-Page-Id
MRF-Tech
Mrf-Cache-Status
X-Geo-Country
X-B3-TraceId-Primal
X-Fastcgi-Cache
Access-Control-Allow-Method
X-Varnish-Ttl
X-Origin-Server
Retry-After
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
X-Load-Cache
X-Cambria-Cache-Control
Akamai-GRN
X-Nf-Request-Id
X-Upgrade-Enabled
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Template
X-Goog-Generation
MS-Author-Via
X-Type
Fastly-SWR
Section-Io-Cache
Accept-Charset
Fastly-SIE
X-ASPNET-VERSION
X-TT
Viewport
X-Cache-Control
X-Fb-Rlafr
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
Content-MD5
Frame-Options
X-Grace
X-Content-Options
X-B3-Sampled
X-B
X-Ah-Environment
Version
X-RateLimit-Remaining
X-Request-Guid
X-Revision
X-Trace-Id
X-Xrds-Location
Amp-Access-Control-Allow-Source-Origin
X-SRCache-Fetch-Status
X-Vcl-Version
X-SRCache-Store-Status
Healthy
X-Envoy-Decorator-Operation
X-Amz-Meta-S3cmd-Attrs
X-Device-Type
X-Magnolia-Registration
X-Origin-Cache
X-Source
X-Cdn
X-Contextid
X-Rid
TCN
X-CSRF-Token
Server-Name
X-WP-CF-Super-Cache-Active
X-Webkit-CSP
X-Aspnetmvc-Version
X-Px
X-Mobile
X-Backend-Name
X-Language
X-Proxy
DC
X-Tec-Api-Version
X-Tec-Api-Root
X-Tec-Api-Origin
X-Cache-Age
X-Buckets
X-RM-Cache-TTL
X-Varnish-Grace
X-RemovedCookies
X-Tumblr-Pixel-0
X-App-Environment
X-Tumblr-Pixel
X-Tumblr-Pixel-1
X-Tumblr-User
X-ProcessESI
X-Seen-By
X-Mg-Request-UUID
X-Debug-Info
X-L-Path
X-EdgeConnect-Cache-Status
X-Status
X-Storage
X-Environment-Context
X-Framework
X-Rule
Access-Control-Request-Headers
X-Debug-IsConnected
X-Cacheable-TTL
X-Debug-IsPreview
X-Content-Powered-By
NGB
X-Akamai-Edgescape
X-HTML-Minification-Powered-By
SD-X-WS
X-Adobe-Content
X-Adobe-Loc
X-FW-Version
X-FW-Dynamic
X-NYM-Debug-Backend
X-Proxy-Cache-Info
X-ServerID
X-Instance
X-G
X-FW-Server
X-FW-Hash
X-FW-Static
X-FW-Type
X-FW-Serve
X-UUID
X-Rendered-As
X-Is-Bot
X-Node-Name
Cross-Origin-Window-Policy
X-Region
GEO-INFO
X-Yottaa-Metrics
X-Datadog-Sampled
X-Yottaa-Optimizations
X-RTag
Ms-Operation-Id
X-Datadog-Trace-Id
MS-CV
X-Datadog-Sampling-Priority
X-Datadog-Parent-Id
Paypal-Debug-Id
Trailer
X-Cache-Time
X-User-Agent
Upgrade-Insecure-Requests
Charset
Countrycode
Webserver
X-ECache
Protected
Front
X-Edge-Location
X-Whom
X-WebKit-CSP-Report-Only
OT-Force-Account-Verify
X-TT-LOGID
X-Fastly-Request-Id
Refresh
X-Lambda-Id
Section-Io-Id
X-HS-Prerendered
X-N
X-IPS-LoggedIn
X-FTR-Request-ID
X-Cache-Status-Check
X-AB
X-Akamai-Request-ID2
X-VC
X-Time
X-VHOST
Country
X-Reqid
X-Amzn-Remapped-Content-Length
Alternate-Protocol
X-B3-SpanId
Priority
Backend
Xet-Cookie
X-WP-CF-Super-Cache-Cookies-Bypass
X-B3-Traceid
X-Hl-Ver
X-CCDN-Origin-Time
X-CCDN-CacheTTL
Liferay-Portal
X-Server-W
X-Hcs-Proxy-Type
X-TraceId
X-Response-Served-From
X-Original-Request-Id
Cross-Origin-Embedder-Policy-Report-Only
SRV
X-Mode
Onion-Location
Accept-Language
X-Real-IP
X-Skip-Cache
X-FB-TRIP-ID
From-Origin
X-Scope-Id
X-SaId
Filters
X-JoinUs
X-Frame-Option
Meta-Geo
X-Tumblr-Pixel-2
Environment
X-UPSTREAM-Address
X-CLOUD-TRACE-CONTEXT
X-VC-Cache
X-Origin-Date
ServerID
X-Web-Node
X-Cache-Host
X-Fetched-On
X-Accel-Version
X-Rewrite-Enabled
X-Auth-Group-Type
X-Rn-Rsrv
Fastcgi-Useragent
X-Request-URI
X-Tb
TWC-GeoIP-Country
TWC-Connection-Speed
TWC-GeoIP-LatLong
X-Webstats-RespID
Property-Id
TWC-Privacy
X-Say-Cacheable
X-Varnish-Cache-Hits
Webcakes-App-Version
X-Restarts
Webcakes-App-Name
X-Say-TTL
Uber-Trace-Id
TWC-Locale-Group
X-Redis-Cache
X-ProxyCache-Status
X-Format
X-R9-Blue-Green-Version
X-ProxyCache-Key
X-Hosted-By
X-Logging-Id
X-IPLB-Request-ID
X-IPLB-Instance
Expiry
Atl-Traceid
X-Cluster-Node
X-Cache-Action
Webcakes-Region
X-Connection-Hash
X-Director
X-SayCDN-TTL
X-Cache-Expired-At
X-BYPASS-REASON
X-Origin-Hint
TWC-Device-Class
X-Wix-Request-Id
X-XRDS-Location
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Soup
X-Varnish-Age
X-Forwarded-Host
X-Handled-By
X-Served-From
X-Httpd
X-PHP-Host
Apigw-Requestid
X-Labrador-Cache-Channel
X-Varnish-Beresp-Grace
X-Adobe-Source
Mn-Server-Ip
X-Cms-Context
Web-Mar-Node
X-Via-JSL
Selected-Fe
X-Proxy-Build
X-Loop
X-Generated-By
DB-Nickname
X-Tncms
X-Timing-Wait
X-Vcache
X-Origin-CC
ServedBy
X-Origin-TTL
X-Cluster
X-S
X-Detected-As
X-Extlb
Url
X-Cloudmap
X-Routing-Service
X-SRV
X-Servername
X-Zipkin-Id
X-Origin
X-Proxied
X-DataDome
Referer-Policy
X-LSADC-Cache
N-Cache
Xserver
X-Rocket-Nginx-Serving-Static
X-Lagoon
LB
X-Hit
X-Nginx-Cache
Cross-Origin-Embedder-Policy
X-Ms-Request-Id
X-DynaTrace
X-Ms-Version
X-Tumblr-Pixel-3
X-Xfnlog-Site
X-Webkit-Csp
CF-IPCountry
X-NWS-UUID-VERIFY
WPO-Cache-Status
X-XRDS-LOCATION
Source
WPO-Cache-Message
X-Azure-Ref-OriginShield
X-Cache-Debug
X-VCT
X-RID
CDN-RequestId
X-Proxy-Cache-Status
X-Upstream-Ct
X-UA
X-RCS-CacheZone
X-Upstream-Ht
Surrogated-Key
X-Worker
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Browser-Name
X-Tcp-Rtt
X-Is-Tablet
X-Is-Supported-Browser
X-Is-Desktop
X-Is-Mobile
X-Geo-Region
X-B-Cache
X-Generation-Time
X-Sucuri-Cache
X-No-Session
X-Signature
Locale
X-Urbn-Site-Id
X-F-Cache
X-Urbn-Context-Path
X-Cdn-Origin
X-App-Version
Node
X-NGINX-Cache
X-Drupal-Cache-Contexts
X-Drupal-Cache-Tags
X-Sucuri-ID
X-Shopify-Stage
X-ShardId
X-RateLimit-Limit
X-Alternate-Cache-Key
X-Storefront-Renderer-Rendered
AMP-Access-Control-Allow-Source-Origin
X-ShopId
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-NODE
Cross-Origin-Opener-Policy-Report-Only
Ohc-File-Size
X-MP-GENERATED-AT
X-Tx-Id
X-Locale
X-Cdn-Forward
X-Cache-Rule
X-Cache-Operation
X-Site-Version
X-Ec-Fail
X-Depends
X-Developer
X-DPWN-IS-SECURE
X-DefHash
X-Ec-GeoHdr
A
X-GeoIP
X-GeoCountry
X-Gdpr
X-GeoIP-City
X-Varnish-CookieINHashed-On
X-Ig-Origin-Region
X-Varnish-CookieHashed-On
X-FC-Vary-Parameters
Azure-InstanceId
BehaviorPad-Version
X-Epic-Correlation-Id
Azure-Version
Azure-SlotName
Azure-RegionName
Azure-SiteName
Candidate-Md5Url
Content-Secure-Policy
Sslversion
X-Bc-Bl
X-Backend-Instance
TDXMobile
Thinkindot-CacheControl
X-BCube-Filmed-By
X-Bug-Bounty
Producers
Redirect-Candidate
Rendered-Blocks
X-Cache-Aspx
Thinkindot-CacheControl-Type
X-App-Name
X-A-Dcw
X-A-Dam
X-A-Dgt
X-A-Wwc
X-Aed
X-A-Ccd
X-A
X-Amz-Storage-Class
X-AK-Request-ID
We-Hiring
X-Aicache-OS
X-Cache-Info
X-Cache-NE
DCR-Decision-By
X-D
DCR-Processing-Time-Ms
Expect-Staple
Fastly-Backend-Name
X-Ig-Push-State
Cluster
Cdncip
Cdnsip
X-Debug-Cache-Store
X-Debug-Cache-Fetch
Fastly-GeoIP-CountryCode
Gannett-Cam-Experience-Id
Meta-Geo-Continent
Ngx.Var.Host
Odigeo-Trace-Id
Origin-Agent-Cluster
MD5-Digest
Mail-Subject
Host-ID
X-Contensis-Viewer-Groups
X-Conf
Lang
X-DefElseHash
X-GeoCode
X-Rojux
Xc-Version
X-Request-Time
X-Nyt-Route
X-Org
X-Vmg-Version
X-TIM-N
X-Scheme
X-Mvc-Supplant-Cachable
X-Mly-Id
X-Varnish-Remaining-TTL
X-ScT
X-Mvc-Supplant-OutputCached
X-Service
X-Origin-Expires
X-Proxied-Request
X-Platform-Server
X-ElasticPress-Query
X-Vtex-Remote-Cache
X-Proto
X-Proxy-CacheRZ
X-Varnish-Authentication
X-Origin-Response-Time
X-We-Are-Hiring
X-Origin-Time
X-Path
X-PAYTM-SRV-ID
X-Thinkindot-L3
XkeyRZ
X-Varnish-Beresp-Ttl
X-Jobs
X-Loc
X-Shield-Cache-Expires
X-Vdms-Version
X-INCAP-ABP
X-Internal-TTL
X-Newrelic-Synthetics
X-Cache-Hit
Mime-Version
X-Sn-Servicetimems
PFcat
Origin-EX
X-Slack-Shared-Secret-Outcome
Wxu-Next-Hostname
Wxu-Next-Commit
HA-Ipaddr
Wxu-Next-Region
Origin-CC
Ha-Gx-Prefs
NM-Fastcgi-Cache
X-Clientip
X-CGP
X-Tb-Optimization-Total-Bytes-Saved
L5d-Success-Class
X-Access
X-VTEX-Cache-Time
X-Varnishpool
X-Cached-By
L
X-VTEX-Cache-Server
Platform
X-Req
X-Cache-Grace
X-BBC-Edge-Cache-Status
Tube-Return
X-Via-Fastly
X-Viewer-Country
Gh-Request-Id
X-Bl-Debug
Tube-Got-Results
Tube-Got-Eval
X-Section
X-Auto-Login
X-VG-WebCache
X-SD-PageType
Tube-Get-Contents
Server-Host
X-SB
X-Slack-Backend
X-Akamai-Device-Characteristics
Product
W
X-B3-Trace-ID
Web-Mar-Region
Release
X-Amz-Meta-Cb-Modifiedtime
RNT-Time
User-Agent
RNT-Machine
Req-Svc-Chain
X-Cache-Bucket
X-Cache-Id
X-UA-Device-Type
Apple-News-Services-Handled
Apple-News-Services-Host
X-Esi-Check
X-Eu-Site
X-Generated-On
X-Fmm-Version
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Cache-Key
Cache-Provider
X-Edge-Server
X-Node-Id
X-Content-Age
Yak-Timeinfo
X-VarnishDD-TTL
X-Level-Front-Cache
X-Gzip
X-Varnish-Director
X-HN
X-Human
X-HS-Content-Campaign-Id
X-GeoIP-Region-Code
X-GeoIP-Country-Code
X-Pad
Origin
X-Micro-Cache
X-Location
X-Acquia-Purge-Cdn-Unconfigured
Canary
X-NMSegId
Content-Script-Type
X-Csrf-Jwt
Click-Count-Error
X-Pool
X-Var-Ttl
X-Core-Value
X-Platform
Content-Style-Type
X-Policy
Click-Count-Action-Start
Debug
Cdn-Host
X-Ec-Custom-Error
X-Op-Id-All
Esi-Enabled
X-Powered-By-VTEX-Cache
X-Dispatcher-Server
DSUID
Cdn-Request-Time
TP-L2-Cache
X-Optimistic-Header
X-GoCache-CacheStatus
X-VG-TLSProxy
X-Cdn-Srv
X-SIPLIST1
X-Thanos
X-Irp-Debug
X-Content-Length
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Hnp-Log
X-Hash
IsBot
X-Block-Status
X-Request-Start
X-Bip
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-Varnish-Beresp-Status
X-NodeID
X-Date
X-Fastly-Backend
X-Pubstack
X-V-Cache
X-CUA
X-CacheTTL
X-Cache-FS-Status
X-Gamma-Serve
X-Gen-Mode
X-AB-Test
User-Cache-Control
ServerName
Ssr
CDN-RequestPullCode
CDN-Uid
Fastly-SSL
NGX
Pramga
Req-ID
CDN-RequestCountryCode
CDN-RequestPullSuccess
CDN-Cache
CDN-PullZone
Cache
X-Accel-Expires-Debug
V-Age
CDN-EdgeStorageId
CDCHOST
CDN-CachedAt
X-LiteSpeed-Tag
Akamai-Mon-Iucid-Del
X-COUNTRY
X-HITS
Sid
Fl-Custom-Application
Country-Code
X-Server-IP
XM
X-Men
X-Request-Host
X-ORCA-Accelerator
X-URL
X-HS-CF-Cache-Status
X-Dc
X-Varnish-Hits
X-HOST
X-Api-Version
X-VServer
X-CACHE-GROUP
X-LB-NoCache
X-GEO
X-LiteSpeed-Cache-Control
X-Cs
True-Client-Country-4JS
X-Geolocation
X-Cache-Date
X-Nananana
X-LJ-Flow-ID
X-TA-CDN-Provider
X-Refresh
Proxy-Firewall
X-VWS-Id
X-AWS-Id
X-APP
X-Air-Pt
X-Litespeed-Tag
X-Test
X-RequestId
X-Provided-By
C-Via
X-Oracle-Dms-Ecid
X-Via-Edge
X-IsAdmin
X-Servedbyhost
Server-Hostname
X-Via-CDN
Sever-Int
X-Application
X-S-Cookie
X-External-Request-Id
X-Destination
X-B-Cookie
CloudFront-Viewer-Country
Server-Ext
GeoIP-Latitude
Edge-Copy-Time
X-Via-SSL
Fastly-Drupal-HTML
X-Presslabs-Stats
Adler-Geo
X-Zen-Fury
X-DC
Is-Eu
Fastly-Drupal-Html
X-Endurance-Cache-Level
X-ZONE
X-Zone
X-Via-Poph
X-Via-Popv
X-Via-Popn
X-Nginx-Cache-Key
X-User
X-B3-Spanid
X-HA-Backend
X-Dispatcher-Number
X-B3-Parentspanid
Cdn-Requestid
X-CDN-Forward
S-Rt
X-CACHE-AGE
X-Nc
WZWS-RAY
X-Wa
Server-ID
X-LB-ID
X-AIR-PT
X-DynaTrace-JS-Agent
Cache-Tv-Group
X-Geo-Header
Ohc-Cache-HIT
HostName
X-Custom-Header
GeoIp-Country-Code
X-Webkit-Csp-Report-Only
T-Server
X-NewRelic-App-Data
X-Tt-Logid
X-VC-TTL
X-CS
Cdn
X-ND-Cache
X-Pass-Why
X-HubSpot-Correlation-Id
X-Parent-Response-Time
True-Client-IP
Vc-Max-Age
X-Vgn-Hpd-Reason
X-Cache-Server
WP-Super-Cache
X-CMSURLCustom
X-Srv
X-DataCenter
X-API-Version
X-FTR-Backend
Resin-Trace
X-Moov-Xdn-Caching-Status
X-Moov-T
X-FTR-Expires
X-TH-Server
X-Moov-Xdn-Version
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-Cache-Status
X-Fpc
X-Country-Code-Real
X-Datadome
SID
X-Old-Content-Length
Powered-By
Vix-Hermes-Req-Id
Pics-Label
X-Varnish-Beresp-TTL
X-Fastly-Cache
X-Ckpd-Fst-Backend
Uri
SEZNAM-JOBS-OFFER
Thinkindot-Control
X-TX-ID
X-Srcache-Store-Status
X-Srcache-Fetch-Status
X-Thinkindot-L1
True-Client-Ip
On-Server
X-APP-VERSION
Srv
X-Vercel-Id
X-Vercel-Cache
X-Action
X-FPC
X-Cache-VC
Location
X-SERVER-NAME
Serverhost
ServerHost
X-Resp-Is-Stale
X-Dynatrace-Js-Agent
X-Client-Ip
X-Amz-Meta-Opti
GeoIP-Country-Code
AKAMAI
X-Cache-TTL-Remaining
X-PHP-Backend
N1-Cache
X-Air-Source
X-Air-Trace-Id
X-Air-Hostname
Hostname
X-Litespeed-Cache-Control
Server-Id
Tcn
X-Stale
X-Oracle-Dms-Rid
X-ApacheServer
X-NC
X-Info
Av-Poweredby
X-Debug-Service
X-PERF
Cl-Cache
X-Vc
X-WA
X-Datacenter
X-Fastly-Cache-Status
X-Cdn-Cache-Status
Magicmarker
X-Ssense-Shipping-Surcharge-Enabled
Sm-Log-Id
X-Ssense-Gql
X-Service-Response-Time
X-Render-Time
X-Nitro-Cache
X-WA-Info
X-Lb-Id
TWC-GeoIP-City
X-V
TWC-GeoIP-Region
TWC-GeoIP-DMA
X-Ee-Generated-By
X-Udemy-Cache-App-Namespace
X-Cms-Device
X-Ee-Origin
X-Ee-Request-Id
X-Save-Cache
X-Vary-Devices
X-Ee-Request-Date
X-Uri
X-IAuth-Set-Uid
X-Fastly-Backend-Reqs
X-CDN-Cache-Status
Time-Cloud-Cache
X-VTEX-Cache-Backend-Connect-Time
X-Proxy-Cache-La3
Xkey-La3
X-Geo
X-VTEX-Cache-Backend-Header-Time
Store-Cloud-Cache
Xkeylog
Cache-Hits
X-Akamai-Pragma-Client-IP
CDN
X-Cache-Ttl
X-Ion-Healthy
RewriteTestHook
X-New
X-Via-PopH
X-Ion-Hop
X-ServedByHost
X-Ha-Backend
X-Rollout
X-Jungle-Id
X-Eligible
X-Via-PopN
Cache-Contol
X-Github-Request-Id
X-Via-PopV
X-Ua
X-Oracle-DMS-ECID
Cloudfront-Viewer-Country
RewriteTeamHook
Geoip-Latitude
Log-Origin
X-Esi
Machine
X-VCL-Version
X-App
My-App
X-Region-Sid
X-Limited
X-Forwarded-Site
Cf-Ipcountry
X-Up
Cmsid
X-From
Cmstype
WWW-Authenticate
X-Requestid
Cneonction
Server-Info
Lb
X-Traceid
X-Lb-Nocache
WebServer
CountryCode
X-Correlation-ID
X-LAGOON
X-EC-Lua
Edge-Cache
X-Container-Uri
X-Ftr-Request-Id
X-Dw-Trace-Id
Pragrma
CacheControlHeader
X-MSEdge-Flight
X-Git-Commit
X-MSEdge-Features
Warning
X-Cdn-Request-ID
X-SRCache-Key
X-Web-Server
X-Td-Header-From-No-Data
Thinkindot-Cache-Type
X-Varnish-Hostname
Reporter
Permission-Policy
X-Check-Cacheable
X-Acquia-Site
X-Akamai-Transformed
FSS-Cache
X-Serial
X-Acquia-Application-UUID
X-Acquia-Purge-Tags
X-Pod
X-Acquia-Application-Trace
X-HS-Status
X-Sucuri-Id
Ngx
X-BBC-Origin-Response-Status
X-Ramcache
X-Akamai-ERPolicy
X-Ms-Blob-Type
X-Ms-Lease-Status
Timeexpire
X-Platform-Router
X-Orig-Cache-Control
PICS-Label
X-Fastly-Cache-Hits
CF-Cached-On
X-Platform-Cluster
X-Elasticpress-Query
X-Tncms-Bot-Tier
X-Platform-Processor
X-Akamai-ERRuleID