Threat Level: green Handler on Duty: Jim Clausing

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
X-Frame-Options
Expires
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
Accept-Ranges
Expect-CT
CF-RAY
Pragma
X-Powered-By
X-Cache
Via
X-XSS-Protection
Age
Content-Security-Policy
Report-To
Alt-Svc
NEL
Referrer-Policy
Access-Control-Allow-Origin
X-Xss-Protection
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
X-Served-By
P3P
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
CF-Ray
Content-Security-Policy-Report-Only
X-Runtime
X-DNS-Prefetch-Control
X-AspNet-Version
P3p
X-Drupal-Cache
Server-Timing
X-Generator
X-Cache-Status
X-Cacheable
X-Envoy-Upstream-Service-Time
X-Request-ID
X-FRAME-OPTIONS
Timing-Allow-Origin
X-Iinfo
X-Drupal-Dynamic-Cache
X-Check
Permissions-Policy
X-Content-Security-Policy
Access-Control-Expose-Headers
Feature-Policy
Upgrade
Content-Encoding
Status
X-Ua-Compatible
X-CDN
X-AspNetMvc-Version
Access-Control-Max-Age
Host-Header
Cf-Edge-Cache
X-Robots-Tag
Request-Context
X-Amz-Request-Id
X-Amz-Id-2
Accept-CH
X-Backend
X-Hacker
X-Turbo-Charged-By
X-Cache-Group
Cf-Apo-Via
X-Proxy-Cache
Keep-Alive
X-Via
X-Rq
X-Age
X-Server
EagleId
X-Dispatcher
X-UA-Device
X-Vhost
X-Amz-Version-Id
X-AH-Environment
Accept-CH-Lifetime
X-Ws-Request-Id
X-Dns-Prefetch-Control
X-Varnish-Cache
Grace
X-Server-Powered-By
X-Litespeed-Cache
X-WebKit-CSP
Allow
X-Pingback
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Swift-CacheTime
X-Swift-SaveTime
X-Cache-Lookup
X-OneAgent-JS-Injection
Ali-Swift-Global-Savetime
X-Page-Speed
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Device
X-Backend-Server
EagleEye-TraceId
X-Akam-SW-Version
X-Cloud-Trace-Context
X-Host
X-Response-Time
Surrogate-Control
Cf-Railgun
X-Readtime
X-Node
X-Server-Id
X-HW
X-LiteSpeed-Cache
Xkey
X-Ruxit-JS-Agent
Request-Id
X-Country
X-Url
X-Nginx-Cache-Status
X-NWS-LOG-UUID
X-Application-Context
X-Content-Type
Cache-Tag
Content-Location
X-Nginx-Upstream-Cache-Status
X-Clacks-Overhead
Service-Worker-Allowed
X-Trace
X-Amz-Server-Side-Encryption
Fastly-Restarts
Cross-Origin-Opener-Policy
X-Times
X-PC
X-TtlSet
X-Vname
X-Rack-Cache
X-Edge
X-Midtier
X-Mcache
X-Country-Code
Rating
Surrogate-Key
X-Server-Name
X-Browser-Type
X-Sol
Display
X-Middleton-Display
Pagespeed
X-Cache-TTL
X-Element-Page-Cache
X-Cnection
X-Abt-Application-Version
X-Cdn-Fetch
X-Kinja-Server
X-Kinja-Build
X-Exp-Id
X-GoogleNews-Bot
X-Exp-Variant
X-Kinja-Revision
X-Kinja
X-ESI
X-Oneagent-Js-Injection
X-Ser
Nginx-Cache
X-GitHub-Request-Id
X-Powered-By-Plesk
Edge-Control
X-D2id
Verso
X-Ac
X-Dw-Request-Base-Id
X-Vcap-Request-Id
X-ARC
X-Client-IP
X-MS-InvokeApp
X-ECACHE
X-Aspnet-Version
X-ORACLE-DMS-RID
X-B3-TraceId
X-Daa-Tunnel
X-CST
X-Navigation-Version
X-Amz-Rid
X-Upstream
X-Middleton-Response
Response
X-Powered-CMS
X-Goog-Hash
X-Kinsta-Cache
X-Edge-Location-Klb
X-PDP-UNCACHING-HASH
X-Instrumentation
X-Kraken-Loop-Name
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Server-Lifecycle-Phase
Accept-Ch-Lifetime
X-Ua-Device
AR-PoweredBy
AR-ATIME
AR-Request-ID
AR-SID
X-Amzn-Trace-Id
X-Forwarded-For
X-Cache-Key
X-NF-Request-ID
X-Ttl
X-Wormhole-Sdk
X-Ratelimit-Limit
RTSS
X-Mod-Pagespeed
X-Server-ID
SPRequestDuration
SPIisLatency
Edge-Cache-Tag
Cache-Status
X-Version
X-Ratelimit-Remaining
X-ORACLE-DMS-ECID
AR-CACHE
Public-Key-Pins
X-Ruxit-Js-Agent
X-Mg-S
X-FastCGI-Cache
X-Ezoic-Cdn
S
Cross-Origin-Resource-Policy
Realpath
X-Content-Digest
SPRequestGuid
X-SharePointHealthScore
X-MSEdge-Ref
X-T
X-Shield-Request-Id
Fastcgi-Cache
X-Cached
X-Recruiting
X-Accel-Expires
Access-Control-Request-Method
X-Distributor
X-Varnish-TTL
X-Fastly-Request-ID
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Newrelic-App-Data
Front-End-Https
TP-Cache
X-Correlation-Id
X-Request-Processing-Time
Arr-Disable-Session-Affinity
X-Request-Received
X-Debug
Count-Hit
MicrosoftSharePointTeamServices
X-Id
Server-Node
X-Content-Security-Policy-Report-Only
X-HS-Cache-Config
X-HS-Hub-Id
X-HS-Content-Id
X-Ua-Browser
X-Azure-Ref
X-LLID
X-VARITI-CCR
X-HS-Combine-CSS
X-Frontend
X-PressLabs-Stats
Cache-Tags
X-Cluster-Name
X-Ismobilevalue
X-Hits
Accept-Ch
Payment
X-Amz-Replication-Status
X-LB-Cache
X-Varnish-Backend
X-Forwarded-Proto
X-GUploader-UploadID
X-TTL
X-Goog-Metageneration
X-Microsite
X-Request-Handler-Origin-Region
Filterid
X-Protected-By
X-Git-Hash
X-Unique-Id
Cleartype
Host
X-FB-Debug
X-Logged-In
X-Az
X-AppVersion
X-Activity-Id
X-Www-Served-By
X-Varnish-Server
Content-Disposition
X-Ratelimit-Reset
X-App-Server
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Hostname
X-NGENIX-Cache
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Fastcgi-Cache
X-Jurisdiction
X-HP-Webp
X-HP-Trace-Id
X-DIS-Request-ID
X-Varnish-Ttl
X-Page-Id
Pinterest-Version
Mrf-Cache-Status
Origin-Trial
X-Pinterest-Rid
X-B3-TraceId-Primal
MRF-Tech
Pinterest-Generated-By
Access-Control-Allow-Method
X-Geo-Country
X-Origin-Server
Retry-After
X-Nf-Request-Id
X-Cambria-Cache-Control
X-WP-CF-Super-Cache
X-Load-Cache
X-ASPNET-VERSION
X-WP-CF-Super-Cache-Cache-Control
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-Upgrade-Enabled
X-Goog-Stored-Content-Encoding
X-Goog-Generation
Akamai-GRN
MS-Author-Via
Accept-Charset
X-Template
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Ah-Environment
Fastly-SWR
X-Type
Fastly-SIE
Section-Io-Cache
Viewport
X-TT
X-Fb-Rlafr
X-Cache-Control
X-B3-Sampled
X-Content-Options
X-RateLimit-Remaining
Version
Content-MD5
X-Grace
X-B
Frame-Options
X-Xrds-Location
X-Request-Guid
X-Trace-Id
X-Revision
X-SRCache-Fetch-Status
X-SRCache-Store-Status
Amp-Access-Control-Allow-Source-Origin
X-Vcl-Version
X-Cdn
X-Amz-Meta-S3cmd-Attrs
X-Origin-Cache
Healthy
X-Envoy-Decorator-Operation
X-Magnolia-Registration
X-Device-Type
X-Contextid
X-Source
TCN
X-CSRF-Token
X-Aspnetmvc-Version
X-Webkit-CSP
X-Rid
X-Cache-Age
Server-Name
X-WP-CF-Super-Cache-Active
X-Backend-Name
X-Px
DC
X-Mobile
X-Proxy
X-Language
X-Seen-By
X-Varnish-Grace
X-App-Environment
X-RM-Cache-TTL
X-RemovedCookies
X-ProcessESI
X-Debug-Info
X-Tumblr-Pixel
X-Framework
X-Status
X-L-Path
X-Akamai-Edgescape
X-Buckets
X-Mg-Request-UUID
X-Rule
X-Tumblr-Pixel-1
X-Environment-Context
X-Tumblr-Pixel-0
X-Tumblr-User
NGB
X-Adobe-Content
X-Adobe-Loc
SD-X-WS
X-HTML-Minification-Powered-By
Cross-Origin-Window-Policy
Access-Control-Request-Headers
X-ServerID
X-FW-Server
X-FW-Serve
X-Node-Name
X-Proxy-Cache-Info
X-UUID
X-FW-Static
X-G
X-Instance
X-FW-Version
X-FW-Type
X-FW-Hash
X-NYM-Debug-Backend
X-FW-Dynamic
X-Debug-IsPreview
X-Debug-IsConnected
X-Storage
Ms-Operation-Id
X-Datadog-Trace-Id
X-Tec-Api-Origin
X-Tec-Api-Version
X-Datadog-Parent-Id
X-Datadog-Sampled
X-Tec-Api-Root
MS-CV
GEO-INFO
X-Region
X-Cacheable-TTL
X-Datadog-Sampling-Priority
X-Rendered-As
X-Content-Powered-By
X-RTag
X-Is-Bot
X-ECache
Paypal-Debug-Id
X-Yottaa-Metrics
X-EdgeConnect-Cache-Status
X-Yottaa-Optimizations
X-User-Agent
X-Cache-Time
Trailer
Upgrade-Insecure-Requests
Countrycode
Charset
Webserver
Front
Protected
X-Fastly-Request-Id
X-Whom
X-WebKit-CSP-Report-Only
OT-Force-Account-Verify
X-Edge-Location
X-Lambda-Id
X-TT-LOGID
Refresh
X-N
X-VC
X-VHOST
X-HS-Prerendered
X-IPS-LoggedIn
Section-Io-Id
X-AB
X-Akamai-Request-ID2
X-Cache-Status-Check
Country
Priority
X-Reqid
X-B3-Traceid
X-Amzn-Remapped-Content-Length
Alternate-Protocol
Backend
X-B3-SpanId
X-CCDN-Origin-Time
X-WP-CF-Super-Cache-Cookies-Bypass
X-Time
Xet-Cookie
X-CCDN-CacheTTL
X-Hcs-Proxy-Type
Liferay-Portal
X-Hl-Ver
X-CLOUD-TRACE-CONTEXT
X-Server-W
X-Response-Served-From
X-Original-Request-Id
Onion-Location
SRV
Accept-Language
X-Via-JSL
X-Mode
VIX-Pulpo-Upstream-Status
X-Wix-Request-Id
Cross-Origin-Embedder-Policy-Report-Only
X-JoinUs
X-UPSTREAM-Address
X-FB-TRIP-ID
X-Rn-Rsrv
X-Tumblr-Pixel-2
X-Tb
X-Rewrite-Enabled
X-VC-Cache
Environment
X-Cache-Host
From-Origin
VIX-Pulpo-Node
ServerID
X-SaId
Filters
Meta-Geo
X-Origin-Date
Fastcgi-Useragent
Uber-Trace-Id
TWC-Privacy
TWC-Locale-Group
TWC-GeoIP-LatLong
Webcakes-App-Version
Webcakes-App-Name
X-Accel-Version
X-Web-Node
X-Webstats-RespID
X-Restarts
X-IPLB-Request-ID
TWC-Device-Class
X-Cluster-Node
X-Connection-Hash
Webcakes-Region
X-Real-IP
X-Cache-Action
Property-Id
X-Fetched-On
Expiry
TWC-GeoIP-Country
X-Frame-Option
TWC-Connection-Speed
X-Format
X-Hosted-By
X-IPLB-Instance
X-Skip-Cache
X-R9-Blue-Green-Version
X-Varnish-Age
X-Redis-Cache
X-Request-URI
X-Origin-Hint
X-SayCDN-TTL
X-Say-Cacheable
X-Say-TTL
X-Scope-Id
X-Varnish-Beresp-Grace
X-Adobe-Source
X-Cms-Context
X-Director
X-Forwarded-Host
Web-Mar-Node
X-PHP-Host
X-Varnish-Cache-Hits
X-Cache-Expired-At
X-Soup
X-BYPASS-REASON
Mn-Server-Ip
X-Tncms
X-Generated-By
Apigw-Requestid
Atl-Traceid
X-Loop
X-ProxyCache-Key
X-Logging-Id
X-Httpd
X-Vcache
X-Handled-By
X-Labrador-Cache-Channel
X-ProxyCache-Status
X-Served-From
X-Auth-Group-Type
X-Timing-Wait
DB-Nickname
X-Proxy-Build
Selected-Fe
X-Cloudmap
X-Origin-CC
X-Cluster
X-Servername
X-Origin
X-Routing-Service
X-Zipkin-Id
X-Origin-TTL
X-Detected-As
X-S
ServedBy
X-Proxied
Url
X-Extlb
Referer-Policy
X-TraceId
Xserver
X-FTR-Request-ID
N-Cache
X-Nginx-Cache
X-Lagoon
X-Rocket-Nginx-Serving-Static
X-SRV
X-DataDome
X-XRDS-Location
X-LSADC-Cache
X-Hit
Cross-Origin-Embedder-Policy
LB
X-Webkit-Csp
X-Xfnlog-Site
X-DynaTrace
X-Ms-Request-Id
X-Ms-Version
X-Tumblr-Pixel-3
X-XRDS-LOCATION
X-NWS-UUID-VERIFY
CF-IPCountry
X-RID
X-Upstream-Ht
X-Upstream-Ct
X-Azure-Ref-OriginShield
X-Cache-Debug
Source
X-RCS-CacheZone
Surrogated-Key
X-VCT
WPO-Cache-Status
WPO-Cache-Message
X-UA
X-RateLimit-Limit-Second
CDN-RequestId
X-Worker
X-Proxy-Cache-Status
X-RateLimit-Remaining-Second
X-Is-Tablet
X-Tcp-Rtt
X-Browser-Name
X-Is-Mobile
X-Geo-Region
X-Is-Supported-Browser
X-Is-Desktop
X-Urbn-Context-Path
X-Signature
X-F-Cache
X-No-Session
X-Urbn-Site-Id
Locale
X-B-Cache
X-Sucuri-Cache
X-Generation-Time
Node
X-Cdn-Origin
X-App-Version
X-RateLimit-Limit
X-Drupal-Cache-Tags
X-Drupal-Cache-Contexts
AMP-Access-Control-Allow-Source-Origin
X-Sucuri-ID
X-NODE
X-Storefront-Renderer-Rendered
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-Shopify-Stage
X-ShardId
X-Alternate-Cache-Key
X-ShopId
X-Cdn-Forward
X-NGINX-Cache
X-MP-GENERATED-AT
X-Locale
X-Tx-Id
Cross-Origin-Opener-Policy-Report-Only
Ohc-File-Size
X-Cache-Rule
X-Cache-Operation
X-Site-Version
X-Debug-Cache-Store
X-Contensis-Viewer-Groups
X-D
X-Debug-Cache-Fetch
X-Developer
X-Gdpr
X-GeoCode
X-GeoIP
X-GeoIP-City
X-ElasticPress-Query
X-FC-Vary-Parameters
X-DPWN-IS-SECURE
X-Ec-Fail
X-Ec-GeoHdr
X-Depends
X-Backend-Instance
Expect-Staple
Fastly-Backend-Name
Fastly-GeoIP-CountryCode
Sslversion
We-Hiring
DCR-Processing-Time-Ms
X-A
Content-Secure-Policy
DCR-Decision-By
Host-ID
Rendered-Blocks
Meta-Geo-Continent
Ngx.Var.Host
Odigeo-Trace-Id
MD5-Digest
Mail-Subject
Redirect-Candidate
Lang
Producers
Cluster
X-A-Ccd
X-Bug-Bounty
X-BCube-Filmed-By
X-Bc-Bl
Candidate-Md5Url
BehaviorPad-Version
X-Cache-Aspx
X-Conf
X-Cache-NE
X-Cache-Info
X-App-Name
X-AK-Request-ID
X-A-Dgt
X-A-Dcw
X-A-Dam
Cdnsip
Cdncip
X-Aicache-OS
X-Aed
X-A-Wwc
A
X-GeoCountry
X-Org
X-Origin-Time
X-Path
X-Service
X-Nyt-Route
X-Mvc-Supplant-Cachable
X-Mvc-Supplant-OutputCached
X-Vdms-Version
X-Platform-Server
X-Rojux
X-TIM-N
X-ScT
X-Varnish-Authentication
X-Proxy-CacheRZ
X-Proto
X-Proxied-Request
X-Loc
X-Origin-Expires
X-Ig-Push-State
X-Vtex-Remote-Cache
X-Jobs
X-Ig-Origin-Region
XkeyRZ
Xc-Version
X-Varnish-Beresp-Ttl
Mime-Version
X-Optimistic-Header
X-Varnish-CookieINHashed-On
X-Varnish-CookieHashed-On
X-Varnish-Director
X-Varnish-Remaining-TTL
Wxu-Next-Region
PFcat
Wxu-Next-Hostname
X-V-Cache
X-Tb-Optimization-Total-Bytes-Saved
X-Access
X-Sn-Servicetimems
X-Amz-Meta-Cb-Modifiedtime
X-Amz-Storage-Class
Origin-CC
X-Accel-Expires-Debug
Wxu-Next-Commit
Origin-EX
X-UA-Device-Type
Origin
X-Thinkindot-L3
X-Var-Ttl
Web-Mar-Region
X-Viewer-Country
Server-Host
TDXMobile
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
RNT-Time
RNT-Machine
Product
X-VTEX-Cache-Server
Req-Svc-Chain
X-Vmg-Version
X-We-Are-Hiring
X-Via-Fastly
W
X-Wikidot-Static-Cache
X-VTEX-Cache-Time
X-Varnishpool
V-Age
User-Agent
Platform
X-Slack-Shared-Secret-Outcome
X-VG-WebCache
X-Wikidot-Backend
X-VarnishDD-TTL
X-Cache-Bucket
X-Epic-Correlation-Id
X-Micro-Cache
X-Esi-Check
X-Eu-Site
X-Fastly-Backend
X-Edge-Server
X-Mly-Id
X-Op-Id-All
X-Origin-Response-Time
X-Dispatcher-Server
X-Node-Id
X-NMSegId
X-Location
X-Fmm-Version
X-GeoIP-Country-Code
X-HN
X-GeoIP-Region-Code
X-GoCache-CacheStatus
X-Gzip
X-HS-Content-Campaign-Id
Origin-Agent-Cluster
X-Gamma-Serve
X-Level-Front-Cache
X-Internal-TTL
X-INCAP-ABP
X-Generated-On
X-DefHash
X-DefElseHash
X-Hash
X-SB
X-Cache-Grace
X-Cache-Id
X-Request-Time
X-Scheme
X-Bl-Debug
X-Slack-Backend
X-B3-Trace-ID
X-Shield-Cache-Expires
X-Section
X-SD-PageType
X-Cached-By
X-CacheTTL
X-Date
X-Powered-By-VTEX-Cache
X-Policy
X-Platform
X-PAYTM-SRV-ID
X-Csrf-Jwt
X-Core-Value
X-CGP
X-Clientip
X-Req
X-Content-Age
X-Auto-Login
X-BBC-Edge-Cache-Status
Cdn-Host
Canary
Cache-Provider
Cache-Key
Cdn-Request-Time
Content-Script-Type
Esi-Enabled
Debug
Content-Style-Type
Cache
Azure-Version
Apple-News-Services-Host
Apple-News-Services-Handled
X-Pad
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Azure-SlotName
Azure-SiteName
Azure-RegionName
Gannett-Cam-Experience-Id
Azure-InstanceId
Gh-Request-Id
NM-Fastcgi-Cache
Ha-Gx-Prefs
HA-Ipaddr
L5d-Success-Class
X-Newrelic-Synthetics
X-Cache-Hit
TP-L2-Cache
X-NodeID
Pramga
X-Cache-FS-Status
X-SIPLIST1
X-Pool
NGX
X-Men
X-Irp-Debug
X-Block-Status
CDN-Cache
CDN-CachedAt
CDN-EdgeStorageId
CDCHOST
Release
X-Bip
L
X-Cdn-Srv
Yak-Timeinfo
Sid
X-SVT-ORM-RULES
X-Gen-Mode
X-Request-Host
X-Server-IP
X-Human
X-Hnp-Log
X-SVT-ORM-VERSION
X-Thanos
Req-ID
X-CUA
X-Content-Length
X-Ec-Custom-Error
X-Pubstack
X-Varnish-Beresp-Status
X-VG-TLSProxy
X-Request-Start
IsBot
Tube-Got-Results
X-AB-Test
DSUID
CDN-Uid
Click-Count-Action-Start
Click-Count-Error
Country-Code
User-Cache-Control
X-Akamai-Device-Characteristics
Tube-Return
CDN-RequestPullSuccess
Tube-Got-Eval
CDN-RequestPullCode
CDN-PullZone
ServerName
CDN-RequestCountryCode
Fastly-SSL
Tube-Get-Contents
X-Acquia-Purge-Cdn-Unconfigured
XM
Fl-Custom-Application
X-ORCA-Accelerator
Ssr
X-Dc
X-HOST
Akamai-Mon-Iucid-Del
X-Api-Version
X-CACHE-GROUP
X-Varnish-Hits
X-Cs
X-VWS-Id
True-Client-Country-4JS
X-GEO
X-LJ-Flow-ID
X-AWS-Id
X-LiteSpeed-Tag
X-LB-NoCache
X-HS-CF-Cache-Status
X-TA-CDN-Provider
X-Air-Pt
X-Litespeed-Tag
X-Test
C-Via
X-Nananana
X-Geolocation
Server-Hostname
Sever-Int
X-HITS
X-APP
X-VServer
X-Provided-By
Proxy-Firewall
Server-Ext
X-Refresh
X-LiteSpeed-Cache-Control
X-IsAdmin
X-RequestId
X-Via-SSL
Is-Eu
Edge-Copy-Time
CloudFront-Viewer-Country
X-Application
X-Cache-Date
Adler-Geo
X-External-Request-Id
X-B-Cookie
GeoIP-Latitude
X-Servedbyhost
X-Via-CDN
X-Destination
X-S-Cookie
X-Via-Edge
Fastly-Drupal-Html
X-HA-Backend
Fastly-Drupal-HTML
X-B3-Spanid
X-Zen-Fury
X-Dispatcher-Number
X-Zone
X-Via-Poph
X-Nginx-Cache-Key
X-B3-Parentspanid
X-Via-Popn
X-Via-Popv
X-DC
Cdn-Requestid
S-Rt
X-Endurance-Cache-Level
X-LB-ID
WZWS-RAY
X-User
X-ZONE
Cache-Tv-Group
X-DynaTrace-JS-Agent
HostName
X-Webkit-Csp-Report-Only
Server-ID
X-Geo-Header
T-Server
X-Custom-Header
X-Nc
X-Wa
X-CDN-Forward
Cdn
X-Tt-Logid
X-Presslabs-Stats
X-AIR-PT
X-Pass-Why
X-Oracle-Dms-Ecid
GeoIp-Country-Code
X-URL
X-ND-Cache
X-COUNTRY
X-CS
Ohc-Cache-HIT
X-CMSURLCustom
Vc-Max-Age
X-Cache-Server
X-VC-TTL
X-CACHE-AGE
X-Srv
X-Parent-Response-Time
WP-Super-Cache
X-TH-Server
X-HubSpot-Correlation-Id
X-Vgn-Hpd-Reason
SID
X-Datadome
True-Client-IP
X-Fpc
Resin-Trace
X-DataCenter
X-NewRelic-App-Data
X-API-Version
Vix-Hermes-Req-Id
X-Old-Content-Length
X-Moov-Xdn-Version
Powered-By
X-Moov-Xdn-Caching-Status
X-Moov-T
Pics-Label
X-Varnish-Beresp-TTL
X-Fastly-Cache
Uri
X-Ckpd-Fst-Backend
SEZNAM-JOBS-OFFER
X-TX-ID
X-Srcache-Store-Status
X-Srcache-Fetch-Status
True-Client-Ip
On-Server
X-APP-VERSION
X-FPC
Srv
X-SERVER-NAME
Thinkindot-Control
X-FTR-Backend
ServerHost
X-Country-Code-Real
X-Action
X-FTR-Expires
X-FTR-Cache-Status
X-FTR-Balancer
Serverhost
X-FTR-Backend-Server
X-Client-Ip
X-Cache-VC
X-Vercel-Id
X-Vercel-Cache
X-PHP-Backend
AKAMAI
X-Cache-TTL-Remaining
X-Thinkindot-L1
Location
X-Amz-Meta-Opti
GeoIP-Country-Code
X-Dynatrace-Js-Agent
X-Air-Hostname
X-Air-Source
X-Air-Trace-Id
X-Oracle-Dms-Rid
X-Stale
X-Litespeed-Cache-Control
N1-Cache
Server-Id
Tcn
Av-Poweredby
X-Cdn-Cache-Status
X-Info
X-Resp-Is-Stale
X-NC
Magicmarker
X-WA
Hostname
Cl-Cache
X-Datacenter
X-Debug-Service
X-Fastly-Cache-Status
X-PERF
X-ApacheServer
X-Ssense-Shipping-Surcharge-Enabled
X-Service-Response-Time
Sm-Log-Id
X-Ssense-Gql
X-Vc
X-V
X-Cms-Device
X-Ee-Generated-By
X-Geo
X-IAuth-Set-Uid
X-Render-Time
X-CDN-Cache-Status
X-Ee-Request-Date
X-Lb-Id
X-Udemy-Cache-App-Namespace
X-Vary-Devices
X-Save-Cache
X-Ee-Request-Id
Time-Cloud-Cache
X-WA-Info
X-Ee-Origin
X-Fastly-Backend-Reqs
Store-Cloud-Cache
X-VTEX-Cache-Backend-Header-Time
X-Proxy-Cache-La3
X-VTEX-Cache-Backend-Connect-Time
Xkey-La3
Xkeylog
CDN
X-Cache-Ttl
X-Uri
X-Rollout
X-Github-Request-Id
X-New
X-Ha-Backend
X-ServedByHost
X-Nitro-Cache
X-Via-PopH
X-Oracle-DMS-ECID
X-Via-PopN
Cache-Hits
X-Eligible
X-Ua
TWC-GeoIP-City
TWC-GeoIP-DMA
Geoip-Latitude
X-Via-PopV
TWC-GeoIP-Region
X-Esi
X-Ion-Hop
X-Jungle-Id
X-Ion-Healthy
RewriteTestHook
Cache-Contol
RewriteTeamHook
Log-Origin
X-Region-Sid
X-Forwarded-Site
X-VCL-Version
X-Limited
X-App
Cloudfront-Viewer-Country
X-Akamai-Pragma-Client-IP
Machine
WebServer
WWW-Authenticate
X-Requestid
X-Lb-Nocache
My-App
Lb
Cmsid
Cmstype
X-Traceid
Cneonction
Cf-Ipcountry
Server-Info
X-Correlation-ID
CountryCode
X-Up
X-Git-Commit
X-From
X-Ftr-Request-Id
X-EC-Lua
Pragrma
Edge-Cache
X-LAGOON
X-Container-Uri
X-Dw-Trace-Id
X-MSEdge-Flight
X-MSEdge-Features
X-Acquia-Purge-Tags
X-Cdn-Request-ID
X-Acquia-Site
Reporter
X-Akamai-Transformed
CacheControlHeader
X-Serial
Permission-Policy
X-Acquia-Application-UUID
X-Pod
X-Check-Cacheable
X-Varnish-Hostname
X-Acquia-Application-Trace
Warning
X-HS-Status
X-SRCache-Key
FSS-Cache
X-Sucuri-Id
X-Fastly-Cache-Hits
X-Ramcache
PICS-Label
X-Akamai-ERRuleID
X-Elasticpress-Query
X-BBC-Origin-Response-Status
X-Akamai-ERPolicy
X-Ms-Blob-Type
X-Tncms-Bot-Tier
X-Orig-Cache-Control
CF-Cached-On
X-Platform-Cluster
X-Platform-Processor
X-Ms-Lease-Status
Timeexpire
X-Platform-Router