Threat Level: green Handler on Duty: Jim Clausing

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
X-Frame-Options
Expires
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
Accept-Ranges
Expect-CT
CF-RAY
Pragma
X-Powered-By
X-Cache
Via
X-XSS-Protection
Age
Content-Security-Policy
Report-To
Alt-Svc
NEL
Referrer-Policy
Access-Control-Allow-Origin
X-Xss-Protection
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
X-Served-By
P3P
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Request-Id
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
CF-Ray
Content-Security-Policy-Report-Only
X-Runtime
X-DNS-Prefetch-Control
X-AspNet-Version
X-Drupal-Cache
P3p
Server-Timing
X-Generator
X-Cache-Status
X-Cacheable
X-Request-ID
X-Envoy-Upstream-Service-Time
Timing-Allow-Origin
X-FRAME-OPTIONS
X-Iinfo
X-Drupal-Dynamic-Cache
Permissions-Policy
X-Check
X-Content-Security-Policy
Access-Control-Expose-Headers
Feature-Policy
Upgrade
Content-Encoding
Status
X-CDN
X-Ua-Compatible
X-AspNetMvc-Version
Access-Control-Max-Age
Host-Header
Cf-Edge-Cache
X-Robots-Tag
Request-Context
X-Amz-Request-Id
X-Amz-Id-2
X-Backend
X-Hacker
Accept-CH
X-Turbo-Charged-By
X-Cache-Group
Cf-Apo-Via
X-Proxy-Cache
Keep-Alive
X-Via
X-Rq
X-Age
EagleId
X-Server
X-Dispatcher
X-UA-Device
X-Vhost
X-Amz-Version-Id
X-AH-Environment
Accept-CH-Lifetime
X-Ws-Request-Id
X-Dns-Prefetch-Control
X-Varnish-Cache
Grace
X-Server-Powered-By
X-WebKit-CSP
X-Litespeed-Cache
Allow
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Pingback
X-Swift-SaveTime
X-Swift-CacheTime
X-OneAgent-JS-Injection
X-Cache-Lookup
Ali-Swift-Global-Savetime
X-Page-Speed
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Device
X-Backend-Server
EagleEye-TraceId
X-Cloud-Trace-Context
X-Akam-SW-Version
X-Host
X-Response-Time
Surrogate-Control
Cf-Railgun
X-Readtime
X-LiteSpeed-Cache
X-Server-Id
X-Node
Xkey
X-HW
X-Ruxit-JS-Agent
Request-Id
X-Country
X-Nginx-Cache-Status
X-Url
X-NWS-LOG-UUID
X-Application-Context
X-Content-Type
Cache-Tag
X-Nginx-Upstream-Cache-Status
Content-Location
X-Clacks-Overhead
Service-Worker-Allowed
X-Trace
X-Amz-Server-Side-Encryption
Fastly-Restarts
Cross-Origin-Opener-Policy
X-Times
X-Rack-Cache
X-Country-Code
X-PC
X-Vname
X-TtlSet
X-Edge
X-Mcache
X-Midtier
Rating
Surrogate-Key
X-Browser-Type
Pagespeed
Display
X-Middleton-Display
X-Sol
X-Cache-TTL
X-Server-Name
X-Cnection
X-Abt-Application-Version
X-Element-Page-Cache
X-Exp-Id
X-Exp-Variant
X-Kinja-Revision
X-Kinja-Build
X-Kinja-Server
X-GoogleNews-Bot
X-Cdn-Fetch
X-Kinja
X-ESI
Nginx-Cache
X-Ser
X-Powered-By-Plesk
X-GitHub-Request-Id
Edge-Control
X-Oneagent-Js-Injection
X-D2id
Verso
X-Ac
X-Vcap-Request-Id
X-Dw-Request-Base-Id
X-ARC
X-Client-IP
X-MS-InvokeApp
X-ECACHE
X-B3-TraceId
Accept-Ch-Lifetime
X-Daa-Tunnel
X-CST
X-Navigation-Version
Response
X-Middleton-Response
X-Aspnet-Version
X-ORACLE-DMS-RID
X-Amz-Rid
X-Upstream
X-Goog-Hash
X-Powered-CMS
X-Erf-Bev-Bev
X-Server-Lifecycle-Phase
X-PDP-UNCACHING-HASH
X-Erf-Bev-Bev-Is-Generated
X-Instrumentation
X-Kraken-Loop-Name
X-Edge-Location-Klb
X-Kinsta-Cache
X-Amzn-Trace-Id
X-NF-Request-ID
X-Cache-Key
AR-SID
AR-ATIME
AR-Request-ID
AR-PoweredBy
X-Forwarded-For
X-Ratelimit-Limit
X-Ua-Device
X-Wormhole-Sdk
RTSS
X-Mod-Pagespeed
X-Ttl
SPIisLatency
SPRequestDuration
Edge-Cache-Tag
Cache-Status
X-Ratelimit-Remaining
X-FastCGI-Cache
X-Server-ID
X-Version
Public-Key-Pins
X-Mg-S
AR-CACHE
X-ORACLE-DMS-ECID
X-Ruxit-Js-Agent
X-Ezoic-Cdn
Cross-Origin-Resource-Policy
Realpath
S
X-Content-Digest
SPRequestGuid
X-SharePointHealthScore
X-MSEdge-Ref
X-Shield-Request-Id
X-T
Fastcgi-Cache
X-Cached
X-Recruiting
X-Varnish-TTL
X-Accel-Expires
X-Fastly-Request-ID
Accept-Ch
X-Distributor
Access-Control-Request-Method
X-Newrelic-App-Data
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
Front-End-Https
TP-Cache
X-Correlation-Id
Count-Hit
X-Debug
MicrosoftSharePointTeamServices
Arr-Disable-Session-Affinity
X-Request-Received
X-Request-Processing-Time
X-HS-Hub-Id
X-Id
X-HS-Cache-Config
X-HS-Content-Id
Server-Node
X-Ua-Browser
X-Content-Security-Policy-Report-Only
X-Azure-Ref
X-LLID
X-HS-Combine-CSS
X-VARITI-CCR
X-Frontend
X-PressLabs-Stats
X-Cluster-Name
Cache-Tags
X-Ismobilevalue
X-TTL
Payment
X-Amz-Replication-Status
X-GUploader-UploadID
X-Varnish-Backend
X-Hits
X-LB-Cache
X-Forwarded-Proto
X-Goog-Metageneration
X-Microsite
X-Request-Handler-Origin-Region
X-Protected-By
X-Git-Hash
Host
X-Unique-Id
Filterid
Cleartype
X-FB-Debug
X-Logged-In
X-Az
X-Www-Served-By
X-AppVersion
X-Varnish-Server
X-Activity-Id
X-Ratelimit-Reset
Content-Disposition
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-App-Server
Origin-Trial
X-Hostname
X-NGENIX-Cache
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Pinterest-Rid
Pinterest-Generated-By
Pinterest-Version
X-HP-Trace-Id
X-HP-Webp
X-Jurisdiction
X-Page-Id
X-DIS-Request-ID
Mrf-Cache-Status
X-B3-TraceId-Primal
X-Geo-Country
MRF-Tech
X-Fastcgi-Cache
Access-Control-Allow-Method
X-Varnish-Ttl
X-Origin-Server
Retry-After
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Cambria-Cache-Control
Akamai-GRN
X-WP-CF-Super-Cache-Cache-Control
X-Load-Cache
X-WP-CF-Super-Cache
X-Nf-Request-Id
X-Upgrade-Enabled
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Goog-Storage-Class
X-Template
MS-Author-Via
Accept-Charset
X-ASPNET-VERSION
Section-Io-Cache
X-Type
Fastly-SWR
Fastly-SIE
Viewport
X-TT
X-Fb-Rlafr
X-Cache-Control
X-Content-Options
X-B3-Sampled
Content-MD5
Frame-Options
X-B
Version
X-Grace
X-Ah-Environment
X-RateLimit-Remaining
X-Request-Guid
Amp-Access-Control-Allow-Source-Origin
X-Revision
X-Xrds-Location
X-Trace-Id
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Vcl-Version
Healthy
X-Envoy-Decorator-Operation
X-Amz-Meta-S3cmd-Attrs
X-Origin-Cache
X-Device-Type
X-Magnolia-Registration
X-Cdn
X-Source
X-Contextid
X-CSRF-Token
X-Rid
TCN
Server-Name
X-WP-CF-Super-Cache-Active
X-Px
X-Webkit-CSP
X-Aspnetmvc-Version
X-Language
X-Mobile
X-Backend-Name
DC
X-Proxy
X-Cache-Age
X-Buckets
X-Tumblr-Pixel
X-ProcessESI
X-Tumblr-Pixel-0
X-Tumblr-User
X-Varnish-Grace
X-RM-Cache-TTL
X-App-Environment
X-RemovedCookies
X-Tumblr-Pixel-1
Access-Control-Request-Headers
X-Akamai-Edgescape
X-Debug-Info
X-Storage
X-Seen-By
X-L-Path
X-Status
X-EdgeConnect-Cache-Status
X-Environment-Context
Cross-Origin-Window-Policy
NGB
X-NYM-Debug-Backend
X-FW-Hash
X-Framework
X-FW-Serve
X-FW-Server
X-Adobe-Loc
X-Debug-IsPreview
X-Debug-IsConnected
X-Instance
X-Cacheable-TTL
X-UUID
X-ServerID
X-Rule
X-Adobe-Content
X-FW-Dynamic
X-FW-Static
X-Node-Name
X-FW-Type
X-FW-Version
X-G
X-Proxy-Cache-Info
X-Mg-Request-UUID
SD-X-WS
X-Region
X-Is-Bot
X-Content-Powered-By
X-HTML-Minification-Powered-By
X-Rendered-As
MS-CV
X-RTag
Ms-Operation-Id
X-Yottaa-Optimizations
X-Datadog-Parent-Id
X-Yottaa-Metrics
X-Datadog-Sampled
X-Datadog-Trace-Id
GEO-INFO
X-Datadog-Sampling-Priority
Paypal-Debug-Id
X-Cache-Time
X-User-Agent
X-Tec-Api-Origin
X-Tec-Api-Version
X-Tec-Api-Root
Trailer
Webserver
Upgrade-Insecure-Requests
X-ECache
Charset
Protected
Front
X-Whom
Countrycode
X-Edge-Location
X-WebKit-CSP-Report-Only
OT-Force-Account-Verify
X-Fastly-Request-Id
X-TT-LOGID
X-Lambda-Id
Refresh
Section-Io-Id
X-HS-Prerendered
X-IPS-LoggedIn
X-N
X-AB
X-Akamai-Request-ID2
X-FTR-Request-ID
Country
X-VC
X-Reqid
X-Time
X-VHOST
X-Cache-Status-Check
X-Amzn-Remapped-Content-Length
Priority
Alternate-Protocol
Backend
X-B3-SpanId
Xet-Cookie
X-CCDN-Origin-Time
X-B3-Traceid
X-CCDN-CacheTTL
X-WP-CF-Super-Cache-Cookies-Bypass
X-Hcs-Proxy-Type
X-Hl-Ver
X-Server-W
Liferay-Portal
X-Original-Request-Id
X-Response-Served-From
SRV
X-Mode
Cross-Origin-Embedder-Policy-Report-Only
X-Real-IP
Onion-Location
Accept-Language
X-Web-Node
X-Rewrite-Enabled
X-CLOUD-TRACE-CONTEXT
X-VC-Cache
X-XRDS-Location
Environment
X-Rn-Rsrv
X-Skip-Cache
X-Tumblr-Pixel-2
X-Scope-Id
X-SaId
X-UPSTREAM-Address
X-Tb
X-Frame-Option
X-Accel-Version
X-Auth-Group-Type
X-FB-TRIP-ID
Fastcgi-Useragent
Filters
ServerID
Meta-Geo
From-Origin
X-Fetched-On
X-Cache-Host
X-Origin-Date
X-JoinUs
Expiry
X-Logging-Id
Atl-Traceid
Uber-Trace-Id
Webcakes-App-Name
X-Request-URI
Webcakes-App-Version
TWC-Privacy
TWC-GeoIP-Country
Property-Id
TWC-GeoIP-LatLong
X-R9-Blue-Green-Version
X-Redis-Cache
TWC-Locale-Group
Webcakes-Region
X-Restarts
X-Format
X-IPLB-Instance
X-IPLB-Request-ID
X-SayCDN-TTL
X-Say-TTL
TWC-Device-Class
X-Say-Cacheable
X-Director
X-Connection-Hash
X-Varnish-Age
X-Hosted-By
X-Cache-Action
X-Cache-Expired-At
X-Cluster-Node
X-Origin-Hint
X-Varnish-Cache-Hits
TWC-Connection-Speed
X-Wix-Request-Id
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Forwarded-Host
X-Httpd
X-Labrador-Cache-Channel
X-ProxyCache-Key
X-Loop
X-BYPASS-REASON
Apigw-Requestid
Mn-Server-Ip
Web-Mar-Node
X-Via-JSL
X-ProxyCache-Status
X-Adobe-Source
X-Cms-Context
X-PHP-Host
X-Webstats-RespID
X-Vcache
X-Tncms
X-Soup
Selected-Fe
X-Proxy-Build
DB-Nickname
X-Varnish-Beresp-Grace
X-Timing-Wait
X-Generated-By
X-Served-From
X-Handled-By
Url
X-Origin-CC
X-Zipkin-Id
X-Origin-TTL
X-Cluster
X-Extlb
X-Cloudmap
X-Proxied
X-Servername
X-Origin
X-Detected-As
X-Routing-Service
X-S
X-DataDome
X-Nginx-Cache
ServedBy
X-SRV
X-LSADC-Cache
Referer-Policy
N-Cache
Xserver
X-TraceId
X-Rocket-Nginx-Serving-Static
X-Lagoon
X-Hit
LB
Cross-Origin-Embedder-Policy
X-Ms-Request-Id
X-Ms-Version
X-DynaTrace
X-Tumblr-Pixel-3
X-Xfnlog-Site
CF-IPCountry
X-Webkit-Csp
X-NWS-UUID-VERIFY
X-XRDS-LOCATION
X-Azure-Ref-OriginShield
WPO-Cache-Status
X-Cache-Debug
Source
X-VCT
WPO-Cache-Message
CDN-RequestId
X-UA
X-RCS-CacheZone
X-Upstream-Ht
X-Upstream-Ct
X-Proxy-Cache-Status
X-RID
Surrogated-Key
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Worker
X-Is-Desktop
X-Is-Tablet
X-Is-Supported-Browser
X-Browser-Name
X-Geo-Region
X-Is-Mobile
X-Tcp-Rtt
X-Generation-Time
X-B-Cache
X-Signature
X-Sucuri-Cache
X-App-Version
X-No-Session
X-F-Cache
X-Urbn-Context-Path
X-Urbn-Site-Id
Locale
Node
X-Cdn-Origin
X-Sucuri-ID
X-Drupal-Cache-Contexts
X-Drupal-Cache-Tags
X-Storefront-Renderer-Rendered
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-Shopify-Stage
X-ShopId
X-ShardId
X-RateLimit-Limit
AMP-Access-Control-Allow-Source-Origin
X-Alternate-Cache-Key
Cross-Origin-Opener-Policy-Report-Only
X-MP-GENERATED-AT
X-NODE
Ohc-File-Size
X-Tx-Id
X-Locale
X-NGINX-Cache
X-Cdn-Forward
X-Cache-Operation
X-Site-Version
X-Cache-Rule
X-DPWN-IS-SECURE
X-Proxied-Request
X-Developer
X-Origin-Time
X-DefHash
X-Depends
X-DefElseHash
X-Path
X-Origin-Response-Time
X-Ec-Fail
Candidate-Md5Url
X-Backend-Instance
X-Origin-Expires
We-Hiring
X-A
X-Proxy-CacheRZ
X-Shield-Cache-Expires
X-Varnish-Authentication
X-Org
X-Ec-GeoHdr
X-Varnish-CookieHashed-On
X-Epic-Correlation-Id
X-ElasticPress-Query
X-Debug-Cache-Store
X-We-Are-Hiring
A
Ngx.Var.Host
Azure-Version
XkeyRZ
Xc-Version
X-BCube-Filmed-By
X-Vtex-Remote-Cache
Azure-InstanceId
Azure-RegionName
Azure-SlotName
Mail-Subject
Meta-Geo-Continent
MD5-Digest
Odigeo-Trace-Id
X-Bc-Bl
X-Platform-Server
X-Proto
Lang
X-Debug-Cache-Fetch
Content-Secure-Policy
X-Cache-NE
X-D
X-Contensis-Viewer-Groups
DCR-Processing-Time-Ms
X-A-Ccd
Origin-Agent-Cluster
BehaviorPad-Version
DCR-Decision-By
X-PAYTM-SRV-ID
Producers
Gannett-Cam-Experience-Id
X-Loc
X-Vdms-Version
X-Jobs
X-Internal-TTL
Thinkindot-CacheControl-Type
X-Scheme
X-ScT
X-GeoCode
Cdnsip
Azure-SiteName
X-GeoCountry
X-GeoIP-City
X-GeoIP
X-AK-Request-ID
X-Thinkindot-L3
Thinkindot-CacheControl
TDXMobile
X-Service
X-Request-Time
X-Ig-Push-State
X-TIM-N
X-Rojux
X-INCAP-ABP
X-Aed
X-Aicache-OS
Sslversion
X-Varnish-Remaining-TTL
Cdncip
X-Ig-Origin-Region
X-A-Wwc
X-Gdpr
Host-ID
Cluster
X-App-Name
X-Varnish-CookieINHashed-On
X-A-Dcw
Rendered-Blocks
X-Amz-Storage-Class
X-Nyt-Route
X-Vmg-Version
X-A-Dam
Redirect-Candidate
Fastly-Backend-Name
X-Conf
X-FC-Vary-Parameters
Fastly-GeoIP-CountryCode
X-Cache-Aspx
X-Mly-Id
X-A-Dgt
X-Cache-Info
Expect-Staple
X-Newrelic-Synthetics
X-Varnish-Beresp-Ttl
Mime-Version
X-Cache-Hit
X-Bug-Bounty
X-Cache-Id
Esi-Enabled
X-Viewer-Country
Ha-Gx-Prefs
HA-Ipaddr
X-Cache-Bucket
L5d-Success-Class
X-Cache-Grace
L
Req-Svc-Chain
Tube-Get-Contents
Tube-Got-Eval
Tube-Got-Results
X-Accel-Expires-Debug
X-Access
X-VG-WebCache
X-Acquia-Purge-Cdn-Unconfigured
Tube-Return
User-Agent
Wxu-Next-Commit
Wxu-Next-Hostname
Wxu-Next-Region
Web-Mar-Region
W
V-Age
X-Varnishpool
X-Akamai-Device-Characteristics
X-Amz-Meta-Cb-Modifiedtime
PFcat
X-Via-Fastly
Platform
X-BBC-Edge-Cache-Status
Origin-EX
NM-Fastcgi-Cache
Origin-CC
X-B3-Trace-ID
Product
X-VarnishDD-TTL
Server-Host
RNT-Time
RNT-Machine
X-Auto-Login
DSUID
X-Bl-Debug
X-Dispatcher-Server
X-GeoIP-Region-Code
X-GeoIP-Country-Code
X-Generated-On
X-GoCache-CacheStatus
X-Gzip
X-Hash
X-SB
X-SD-PageType
X-Gamma-Serve
X-Fmm-Version
X-Fastly-Backend
X-Eu-Site
Debug
X-V-Cache
X-UA-Device-Type
X-Section
X-HN
X-Sn-Servicetimems
X-Req
X-Op-Id-All
X-Node-Id
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Powered-By-VTEX-Cache
X-Pool
X-NMSegId
X-Tb-Optimization-Total-Bytes-Saved
X-Level-Front-Cache
X-Human
X-HS-Content-Campaign-Id
X-Location
X-Micro-Cache
X-Mvc-Supplant-OutputCached
X-Mvc-Supplant-Cachable
X-Esi-Check
X-Slack-Shared-Secret-Outcome
Cache-Provider
X-Edge-Server
Canary
Click-Count-Action-Start
Cache-Key
Click-Count-Error
Cache
X-Clientip
X-VTEX-Cache-Time
X-Slack-Backend
Cdn-Request-Time
X-CacheTTL
Cdn-Host
X-CGP
X-Cached-By
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
X-Core-Value
Content-Script-Type
Origin
X-Csrf-Jwt
Content-Style-Type
X-Ec-Custom-Error
X-Date
X-VTEX-Cache-Server
Yak-Timeinfo
Apple-News-Services-Handled
Apple-News-Services-Host
X-Content-Age
X-Wikidot-Backend
X-Varnish-Director
X-Wikidot-Static-Cache
TP-L2-Cache
X-Optimistic-Header
X-Platform
X-Content-Length
X-Policy
X-Var-Ttl
X-Server-IP
X-Gen-Mode
X-Block-Status
X-Request-Host
X-Men
X-NodeID
X-Request-Start
X-Hnp-Log
X-Cache-FS-Status
CDN-PullZone
CDN-RequestPullSuccess
CDN-RequestPullCode
CDN-RequestCountryCode
CDN-Uid
Country-Code
NGX
Gh-Request-Id
Fastly-SSL
CDN-EdgeStorageId
CDN-CachedAt
X-Irp-Debug
X-SIPLIST1
X-Pad
X-Cdn-Srv
IsBot
CDN-Cache
CDCHOST
Pramga
X-AB-Test
User-Cache-Control
Req-ID
Ssr
X-VG-TLSProxy
ServerName
Release
Akamai-Mon-Iucid-Del
X-Thanos
X-Varnish-Beresp-Status
X-HITS
X-CUA
X-Pubstack
XM
Sid
Fl-Custom-Application
X-ORCA-Accelerator
X-Bip
X-URL
X-Litespeed-Tag
X-HOST
X-Varnish-Hits
X-HS-CF-Cache-Status
X-Dc
X-Api-Version
X-GEO
X-LB-NoCache
X-VServer
X-CACHE-GROUP
X-LiteSpeed-Cache-Control
X-Cs
X-Nananana
X-Refresh
X-Geolocation
Proxy-Firewall
True-Client-Country-4JS
X-LJ-Flow-ID
X-APP
X-Cache-Date
X-LiteSpeed-Tag
X-VWS-Id
X-TA-CDN-Provider
X-AWS-Id
X-Air-Pt
X-Application
X-RequestId
X-Provided-By
X-External-Request-Id
X-Destination
X-B-Cookie
X-Test
X-IsAdmin
X-S-Cookie
X-Servedbyhost
X-Oracle-Dms-Ecid
CloudFront-Viewer-Country
X-Via-CDN
Server-Hostname
GeoIP-Latitude
Server-Ext
Edge-Copy-Time
X-Via-Edge
Sever-Int
C-Via
X-Via-SSL
Fastly-Drupal-HTML
X-Via-Popn
X-Zen-Fury
Is-Eu
Adler-Geo
X-DC
X-HA-Backend
X-Via-Popv
X-Via-Poph
Fastly-Drupal-Html
X-ZONE
X-Endurance-Cache-Level
X-Dispatcher-Number
X-Nginx-Cache-Key
X-B3-Spanid
X-User
X-B3-Parentspanid
X-Zone
X-CDN-Forward
S-Rt
Cdn-Requestid
X-CACHE-AGE
Server-ID
X-Nc
WZWS-RAY
X-Wa
X-LB-ID
X-AIR-PT
X-DynaTrace-JS-Agent
Cache-Tv-Group
GeoIp-Country-Code
HostName
Ohc-Cache-HIT
T-Server
X-Geo-Header
X-Webkit-Csp-Report-Only
X-CS
X-Custom-Header
X-Presslabs-Stats
X-SERVER-NAME
X-Tt-Logid
Cdn
X-ND-Cache
X-Pass-Why
X-HubSpot-Correlation-Id
X-COUNTRY
X-VC-TTL
X-Parent-Response-Time
X-TH-Server
X-Vgn-Hpd-Reason
X-CMSURLCustom
X-Cache-Server
SID
True-Client-IP
WP-Super-Cache
Vc-Max-Age
X-Srv
X-Country-Code-Real
X-Moov-Xdn-Version
X-API-Version
X-Fpc
X-FTR-Backend
X-DataCenter
X-FTR-Expires
Resin-Trace
X-FTR-Backend-Server
X-FTR-Cache-Status
X-FTR-Balancer
X-Moov-T
X-Moov-Xdn-Caching-Status
X-Datadome
X-NewRelic-App-Data
X-Old-Content-Length
Pics-Label
Uri
Vix-Hermes-Req-Id
X-Oracle-Dms-Rid
Powered-By
X-Varnish-Beresp-TTL
X-Ckpd-Fst-Backend
Thinkindot-Control
SEZNAM-JOBS-OFFER
X-Fastly-Cache
X-Srcache-Fetch-Status
X-Srcache-Store-Status
X-TX-ID
X-Thinkindot-L1
X-Vercel-Id
X-Vercel-Cache
True-Client-Ip
Location
X-APP-VERSION
X-Action
On-Server
Srv
X-Cache-VC
X-FPC
ServerHost
Serverhost
X-Resp-Is-Stale
X-Client-Ip
X-Dynatrace-Js-Agent
AKAMAI
X-Amz-Meta-Opti
X-Cache-TTL-Remaining
X-PHP-Backend
GeoIP-Country-Code
N1-Cache
X-Air-Trace-Id
X-Air-Hostname
X-Air-Source
Server-Id
Tcn
X-Stale
Hostname
X-Litespeed-Cache-Control
X-Vc
X-Traceid
X-PERF
X-Datacenter
Av-Poweredby
X-Fastly-Cache-Status
X-Info
X-NC
X-ApacheServer
X-Debug-Service
X-Cdn-Cache-Status
Cl-Cache
X-WA
Magicmarker
X-Ssense-Shipping-Surcharge-Enabled
X-Ssense-Gql
X-Service-Response-Time
Sm-Log-Id
X-WA-Info
X-Render-Time
X-Nitro-Cache
X-V
TWC-GeoIP-Region
TWC-GeoIP-City
Cache-Hits
TWC-GeoIP-DMA
X-Ee-Origin
X-Ee-Generated-By
X-Ee-Request-Date
X-Cms-Device
X-Save-Cache
X-Vary-Devices
X-IAuth-Set-Uid
X-Ee-Request-Id
Xkeylog
X-CDN-Cache-Status
X-Proxy-Cache-La3
X-VTEX-Cache-Backend-Header-Time
X-Geo
Time-Cloud-Cache
X-Udemy-Cache-App-Namespace
X-Lb-Id
Xkey-La3
X-Fastly-Backend-Reqs
X-VTEX-Cache-Backend-Connect-Time
Store-Cloud-Cache
X-Uri
CDN
X-Akamai-Pragma-Client-IP
X-Cache-Ttl
X-Via-PopN
X-Ua
Cache-Contol
X-Via-PopH
X-Ha-Backend
X-Rollout
Cloudfront-Viewer-Country
RewriteTeamHook
X-Ion-Healthy
RewriteTestHook
X-Via-PopV
X-Github-Request-Id
X-Oracle-DMS-ECID
X-Eligible
Log-Origin
X-Jungle-Id
X-Ion-Hop
Geoip-Latitude
X-ServedByHost
X-New
X-Esi
X-Forwarded-Site
X-VCL-Version
Machine
CountryCode
X-Limited
X-Region-Sid
My-App
X-App
Cmstype
Cmsid
Cf-Ipcountry
X-Up
Cneonction
WebServer
Server-Info
WWW-Authenticate
X-From
X-Requestid
Lb
X-Lb-Nocache
X-Correlation-ID
Pragrma
X-LAGOON
X-EC-Lua
X-Ftr-Request-Id
X-Dw-Trace-Id
Edge-Cache
X-Git-Commit
X-MSEdge-Features
CacheControlHeader
Warning
X-Container-Uri
X-MSEdge-Flight
X-Td-Header-From-No-Data
Thinkindot-Cache-Type
X-Varnish-Hostname
Reporter
X-SRCache-Key
X-Akamai-Transformed
X-Pod
X-Serial
Permission-Policy
X-Web-Server
X-Acquia-Application-UUID
X-Acquia-Application-Trace
FSS-Cache
X-Cdn-Request-ID
X-Acquia-Purge-Tags
X-HS-Status
X-Check-Cacheable
X-Acquia-Site
X-Sucuri-Id
X-Elasticpress-Query
X-BBC-Origin-Response-Status
Ngx
CF-Cached-On
X-Platform-Processor
X-Platform-Router
X-Platform-Cluster
X-Fastly-Cache-Hits
PICS-Label
X-Ramcache
X-Ms-Blob-Type
X-Akamai-ERPolicy
X-Akamai-ERRuleID
Timeexpire
X-Tncms-Bot-Tier
X-Ms-Lease-Status
X-Orig-Cache-Control