Threat Level: green Handler on Duty: Jim Clausing

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
X-Frame-Options
Expires
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
Accept-Ranges
Expect-CT
CF-RAY
Pragma
X-Powered-By
X-Cache
X-XSS-Protection
Via
Age
Content-Security-Policy
Report-To
Alt-Svc
NEL
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Xss-Protection
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
X-Served-By
P3P
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
CF-Ray
Content-Security-Policy-Report-Only
X-Runtime
X-DNS-Prefetch-Control
X-AspNet-Version
X-Drupal-Cache
X-Generator
Server-Timing
P3p
X-Cache-Status
X-Cacheable
X-Envoy-Upstream-Service-Time
X-Request-ID
X-FRAME-OPTIONS
Timing-Allow-Origin
X-Iinfo
X-Drupal-Dynamic-Cache
X-Check
Permissions-Policy
X-Ua-Compatible
X-Content-Security-Policy
Access-Control-Expose-Headers
Feature-Policy
Upgrade
Content-Encoding
Status
X-CDN
X-AspNetMvc-Version
Access-Control-Max-Age
Host-Header
Cf-Edge-Cache
X-Robots-Tag
Request-Context
X-Amz-Request-Id
X-Amz-Id-2
Accept-CH
X-Backend
X-Hacker
X-Turbo-Charged-By
X-Cache-Group
Keep-Alive
Cf-Apo-Via
X-Proxy-Cache
X-Via
X-Rq
EagleId
X-Server
X-Age
X-Dispatcher
X-UA-Device
X-Vhost
X-Amz-Version-Id
X-AH-Environment
Accept-CH-Lifetime
X-Ws-Request-Id
X-Dns-Prefetch-Control
X-Varnish-Cache
Grace
X-Server-Powered-By
X-WebKit-CSP
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Pingback
X-Swift-CacheTime
X-Swift-SaveTime
Allow
X-Litespeed-Cache
X-Cache-Lookup
Ali-Swift-Global-Savetime
X-OneAgent-JS-Injection
X-Page-Speed
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Device
X-Backend-Server
EagleEye-TraceId
X-Cloud-Trace-Context
X-Akam-SW-Version
X-Host
X-Response-Time
Surrogate-Control
Cf-Railgun
X-LiteSpeed-Cache
X-Readtime
X-Node
X-Server-Id
X-HW
Xkey
Request-Id
X-Ruxit-JS-Agent
X-Country
X-Url
X-Nginx-Cache-Status
X-NWS-LOG-UUID
X-Application-Context
X-Content-Type
Cache-Tag
Content-Location
X-Nginx-Upstream-Cache-Status
X-Clacks-Overhead
Service-Worker-Allowed
X-Amz-Server-Side-Encryption
X-Trace
Fastly-Restarts
Cross-Origin-Opener-Policy
X-Times
X-Rack-Cache
X-Vname
X-PC
X-TtlSet
X-Midtier
X-Mcache
X-Edge
X-Country-Code
X-Oneagent-Js-Injection
Rating
Surrogate-Key
X-Server-Name
X-Browser-Type
X-Sol
X-Middleton-Display
Display
Pagespeed
X-Cache-TTL
X-Cnection
X-Abt-Application-Version
X-Element-Page-Cache
X-Kinja
X-Kinja-Build
X-GoogleNews-Bot
X-Cdn-Fetch
X-Exp-Id
X-Exp-Variant
X-Kinja-Revision
X-Kinja-Server
X-ESI
X-Ser
Nginx-Cache
X-Powered-By-Plesk
X-GitHub-Request-Id
Edge-Control
X-D2id
Verso
X-Ac
X-Vcap-Request-Id
X-Dw-Request-Base-Id
X-ARC
Accept-Ch-Lifetime
X-MS-InvokeApp
X-Client-IP
X-ECACHE
X-Aspnet-Version
X-Daa-Tunnel
X-ORACLE-DMS-RID
X-CST
X-Navigation-Version
X-Amz-Rid
X-Middleton-Response
Response
X-Powered-CMS
X-Upstream
X-Goog-Hash
X-Kraken-Loop-Name
X-Erf-Bev-Bev-Is-Generated
X-PDP-UNCACHING-HASH
X-Server-Lifecycle-Phase
X-Erf-Bev-Bev
X-Instrumentation
X-B3-TraceId
X-Edge-Location-Klb
X-Kinsta-Cache
X-Ttl
X-Ua-Device
AR-ATIME
AR-Request-ID
AR-SID
AR-PoweredBy
X-Amzn-Trace-Id
X-Forwarded-For
X-Cache-Key
X-Ruxit-Js-Agent
X-NF-Request-ID
X-Wormhole-Sdk
RTSS
X-Mod-Pagespeed
X-Server-ID
SPIisLatency
SPRequestDuration
X-Ratelimit-Limit
Cache-Status
Edge-Cache-Tag
X-Ratelimit-Remaining
AR-CACHE
X-Version
Public-Key-Pins
X-ORACLE-DMS-ECID
X-FastCGI-Cache
X-Mg-S
X-Ezoic-Cdn
Cross-Origin-Resource-Policy
S
Realpath
X-SharePointHealthScore
SPRequestGuid
X-Shield-Request-Id
X-MSEdge-Ref
X-T
X-Content-Digest
Fastcgi-Cache
X-Cached
X-Recruiting
X-Accel-Expires
X-Distributor
Access-Control-Request-Method
X-Fastly-Request-ID
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Newrelic-App-Data
Front-End-Https
TP-Cache
Arr-Disable-Session-Affinity
X-Debug
Count-Hit
X-Request-Received
X-Request-Processing-Time
X-Id
X-HS-Content-Id
X-HS-Hub-Id
Server-Node
X-Varnish-TTL
X-HS-Cache-Config
MicrosoftSharePointTeamServices
X-Content-Security-Policy-Report-Only
X-Ua-Browser
X-LLID
X-Correlation-Id
X-VARITI-CCR
X-Azure-Ref
X-HS-Combine-CSS
X-Frontend
X-PressLabs-Stats
X-Cluster-Name
Cache-Tags
X-Ismobilevalue
Accept-Ch
X-Hits
Payment
X-Amz-Replication-Status
X-LB-Cache
X-GUploader-UploadID
X-Forwarded-Proto
X-Varnish-Backend
X-Goog-Metageneration
X-Request-Handler-Origin-Region
X-Microsite
X-Protected-By
X-FB-Debug
Host
X-Git-Hash
X-Logged-In
X-Unique-Id
Cleartype
Filterid
X-Www-Served-By
X-AppVersion
Content-Disposition
X-Activity-Id
X-Az
X-Varnish-Server
X-App-Server
X-Varnish-Ttl
X-Tt-Trace-Host
X-Hostname
X-Tt-Trace-Tag
X-Ratelimit-Reset
X-NGENIX-Cache
X-Amzn-RequestId
X-Amz-Apigw-Id
X-TTL
X-Fastcgi-Cache
X-Jurisdiction
X-HP-Trace-Id
Origin-Trial
X-HP-Webp
X-DIS-Request-ID
Mrf-Cache-Status
X-B3-TraceId-Primal
X-Pinterest-Rid
MRF-Tech
Pinterest-Generated-By
Pinterest-Version
X-Page-Id
X-Geo-Country
Access-Control-Allow-Method
X-Nf-Request-Id
X-Origin-Server
Retry-After
X-Load-Cache
X-ASPNET-VERSION
X-Cambria-Cache-Control
X-WP-CF-Super-Cache
X-Upgrade-Enabled
X-WP-CF-Super-Cache-Cache-Control
X-Goog-Stored-Content-Encoding
Akamai-GRN
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Goog-Storage-Class
X-Template
MS-Author-Via
X-Type
Fastly-SWR
Accept-Charset
Fastly-SIE
Section-Io-Cache
X-Ah-Environment
X-Fb-Rlafr
X-TT
Viewport
X-Content-Options
X-B3-Sampled
X-B
Version
X-Cache-Control
X-Grace
Content-MD5
Frame-Options
X-RateLimit-Remaining
X-Xrds-Location
X-Request-Guid
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Trace-Id
X-Revision
Amp-Access-Control-Allow-Source-Origin
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Vcl-Version
Healthy
X-Cdn
X-Amz-Meta-S3cmd-Attrs
X-Envoy-Decorator-Operation
X-Origin-Cache
TCN
X-Magnolia-Registration
X-Device-Type
X-Contextid
X-Source
X-CSRF-Token
X-Tec-Api-Root
X-Webkit-CSP
X-Aspnetmvc-Version
X-Tec-Api-Version
X-Rid
X-Tec-Api-Origin
X-Cache-Age
X-Px
X-WP-CF-Super-Cache-Active
DC
X-Backend-Name
Server-Name
X-Mobile
X-Language
X-Proxy
X-RemovedCookies
X-ProcessESI
X-Buckets
X-Tumblr-Pixel
X-Tumblr-User
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
X-RM-Cache-TTL
X-App-Environment
X-Mg-Request-UUID
Access-Control-Request-Headers
X-Akamai-Edgescape
X-Seen-By
X-L-Path
X-Status
X-Environment-Context
X-Storage
X-Framework
X-Debug-IsConnected
X-Debug-IsPreview
X-FW-Hash
Cross-Origin-Window-Policy
X-Varnish-Grace
X-G
X-FW-Server
X-FW-Serve
X-FW-Static
X-FW-Type
X-UUID
X-FW-Version
NGB
X-Content-Powered-By
X-Rule
X-FW-Dynamic
X-Proxy-Cache-Info
X-NYM-Debug-Backend
X-Region
X-Datadog-Parent-Id
X-Instance
X-Datadog-Trace-Id
X-Debug-Info
X-Datadog-Sampling-Priority
MS-CV
X-Datadog-Sampled
X-Adobe-Content
Ms-Operation-Id
X-RTag
X-ServerID
X-Cacheable-TTL
X-Adobe-Loc
X-Node-Name
Paypal-Debug-Id
X-ECache
SD-X-WS
GEO-INFO
X-EdgeConnect-Cache-Status
X-User-Agent
X-Yottaa-Metrics
X-Rendered-As
X-Is-Bot
X-Yottaa-Optimizations
X-HTML-Minification-Powered-By
X-Cache-Time
Upgrade-Insecure-Requests
Trailer
X-B3-Traceid
Webserver
Countrycode
Charset
Front
X-Fastly-Request-Id
Protected
X-Whom
X-WebKit-CSP-Report-Only
OT-Force-Account-Verify
X-Edge-Location
X-Lambda-Id
Section-Io-Id
X-VC
Refresh
X-N
X-IPS-LoggedIn
X-VHOST
X-AB
X-Cache-Status-Check
X-HS-Prerendered
Country
X-Akamai-Request-ID2
X-TT-LOGID
Priority
X-Reqid
Alternate-Protocol
X-Time
Backend
X-Amzn-Remapped-Content-Length
X-Hl-Ver
X-CCDN-Origin-Time
X-CCDN-CacheTTL
X-Hcs-Proxy-Type
Xet-Cookie
Liferay-Portal
X-Server-W
X-CLOUD-TRACE-CONTEXT
X-Response-Served-From
X-Original-Request-Id
X-WP-CF-Super-Cache-Cookies-Bypass
X-B3-SpanId
X-Via-JSL
X-Mode
Onion-Location
Environment
X-Tb
SRV
X-JoinUs
X-Rewrite-Enabled
X-Accel-Version
X-Rn-Rsrv
X-Scope-Id
X-Skip-Cache
X-Auth-Group-Type
X-Cache-Host
X-Origin-Date
X-Frame-Option
X-Fetched-On
X-FB-TRIP-ID
VIX-Pulpo-Upstream-Status
X-Tumblr-Pixel-2
X-SaId
Cross-Origin-Embedder-Policy-Report-Only
From-Origin
Filters
X-UPSTREAM-Address
X-Web-Node
Meta-Geo
X-VC-Cache
VIX-Pulpo-Node
Accept-Language
X-Origin-Hint
X-Webstats-RespID
X-IPLB-Request-ID
X-ProxyCache-Status
X-IPLB-Instance
X-Varnish-Age
X-Varnish-Cache-Hits
X-Restarts
X-R9-Blue-Green-Version
X-ProxyCache-Key
X-Cluster-Node
TWC-Device-Class
TWC-GeoIP-Country
TWC-GeoIP-LatLong
ServerID
Property-Id
X-Real-IP
Expiry
Fastcgi-Useragent
TWC-Locale-Group
TWC-Privacy
X-Cache-Expired-At
X-Connection-Hash
X-Format
X-BYPASS-REASON
Webcakes-Region
Uber-Trace-Id
Webcakes-App-Name
Webcakes-App-Version
X-Hosted-By
TWC-Connection-Speed
X-Nginx-Cache
X-Generated-By
X-Httpd
X-Cache-Action
X-Forwarded-Host
X-Served-From
X-Redis-Cache
X-Request-URI
X-Director
X-Varnish-Beresp-Grace
X-Wix-Request-Id
X-SayCDN-TTL
Atl-Traceid
Apigw-Requestid
X-PHP-Host
Mn-Server-Ip
X-Logging-Id
X-Say-Cacheable
X-Say-TTL
X-Labrador-Cache-Channel
X-Adobe-Source
Selected-Fe
Web-Mar-Node
X-Soup
X-Timing-Wait
X-Tncms
X-Loop
X-Proxy-Build
X-Handled-By
X-Cms-Context
X-Vcache
DB-Nickname
X-Zipkin-Id
X-Origin
X-Extlb
ServedBy
X-S
X-Cloudmap
X-Cluster
X-Proxied
X-Routing-Service
X-Origin-TTL
X-Origin-CC
X-Servername
Referer-Policy
Url
N-Cache
Xserver
X-LSADC-Cache
X-TraceId
X-XRDS-Location
X-DataDome
X-Detected-As
X-Rocket-Nginx-Serving-Static
X-Hit
X-Lagoon
LB
X-Webkit-Csp
Cross-Origin-Embedder-Policy
X-SRV
CF-IPCountry
X-FTR-Request-ID
X-Xfnlog-Site
X-DynaTrace
X-Ms-Request-Id
X-Ms-Version
X-XRDS-LOCATION
X-NWS-UUID-VERIFY
X-Tumblr-Pixel-3
X-RID
X-Upstream-Ct
X-Upstream-Ht
X-Azure-Ref-OriginShield
Source
X-VCT
WPO-Cache-Status
WPO-Cache-Message
X-RCS-CacheZone
X-Proxy-Cache-Status
X-Cache-Debug
Surrogated-Key
X-RateLimit-Limit
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-UA
X-Worker
CDN-RequestId
X-Tcp-Rtt
X-Is-Supported-Browser
X-Is-Tablet
X-Is-Mobile
X-Is-Desktop
X-Geo-Region
X-Browser-Name
X-No-Session
X-B-Cache
X-Signature
X-F-Cache
X-Generation-Time
Node
X-Cdn-Origin
Locale
X-App-Version
X-Urbn-Context-Path
X-Urbn-Site-Id
X-Drupal-Cache-Contexts
X-NODE
X-Sucuri-Cache
X-Drupal-Cache-Tags
AMP-Access-Control-Allow-Source-Origin
X-Sorting-Hat-ShopId
X-ShardId
X-Storefront-Renderer-Rendered
X-Shopify-Stage
X-Alternate-Cache-Key
X-ShopId
X-Sorting-Hat-PodId
X-Cdn-Forward
X-MP-GENERATED-AT
X-Locale
X-Sucuri-ID
X-Tx-Id
Ohc-File-Size
Cross-Origin-Opener-Policy-Report-Only
X-Cache-Operation
X-Cache-Rule
X-GeoCountry
X-GeoCode
X-Gdpr
X-ElasticPress-Query
X-Aed
A
X-BCube-Filmed-By
X-Bug-Bounty
X-Cache-Aspx
X-A-Dgt
X-A-Wwc
X-Cache-NE
X-Bc-Bl
X-Aicache-OS
Azure-SlotName
Azure-Version
BehaviorPad-Version
Azure-SiteName
Azure-RegionName
Candidate-Md5Url
Azure-InstanceId
X-A-Dcw
X-Conf
X-DPWN-IS-SECURE
X-Developer
X-Depends
X-Ec-Fail
X-Ec-GeoHdr
We-Hiring
X-Epic-Correlation-Id
X-DefHash
X-DefElseHash
X-A-Ccd
X-A-Dam
X-Contensis-Viewer-Groups
X-A
X-D
X-Debug-Cache-Store
X-Debug-Cache-Fetch
Cluster
X-Jobs
X-Shield-Cache-Expires
X-ScT
X-Scheme
Rendered-Blocks
Redirect-Candidate
X-Thinkindot-L3
Host-ID
X-NGINX-Cache
X-Rojux
Fastly-GeoIP-CountryCode
X-Platform-Server
Fastly-Backend-Name
X-Proto
X-Proxied-Request
X-Request-Time
X-GeoIP
X-TIM-N
Producers
MD5-Digest
Mail-Subject
X-We-Are-Hiring
Xc-Version
Meta-Geo-Continent
Ngx.Var.Host
Origin-Agent-Cluster
X-Vtex-Remote-Cache
X-Vmg-Version
X-Varnish-CookieINHashed-On
X-Varnish-CookieHashed-On
X-Varnish-Authentication
X-Varnish-Remaining-TTL
X-Service
X-Vdms-Version
Lang
X-PAYTM-SRV-ID
Gannett-Cam-Experience-Id
Content-Secure-Policy
Thinkindot-CacheControl
TDXMobile
Sslversion
X-Amz-Storage-Class
X-Ig-Origin-Region
DCR-Processing-Time-Ms
X-Mly-Id
Thinkindot-CacheControl-Type
X-Path
X-Loc
X-Nyt-Route
X-Org
X-Origin-Expires
Expect-Staple
X-Origin-Time
X-Internal-TTL
X-GeoIP-City
Odigeo-Trace-Id
X-Ig-Push-State
X-INCAP-ABP
DCR-Decision-By
X-Optimistic-Header
X-Varnish-Beresp-Ttl
Mime-Version
X-Site-Version
Origin-EX
X-Akamai-Device-Characteristics
X-Amz-Meta-Cb-Modifiedtime
Origin-CC
Tube-Return
User-Agent
X-AK-Request-ID
Tube-Got-Results
Platform
RNT-Machine
Req-Svc-Chain
Wxu-Next-Commit
Wxu-Next-Region
Server-Host
Wxu-Next-Hostname
RNT-Time
Release
Product
X-Access
X-Acquia-Purge-Cdn-Unconfigured
X-Accel-Expires-Debug
V-Age
Tube-Get-Contents
W
PFcat
X-Gzip
X-Req
X-Proxy-CacheRZ
X-SB
X-Section
X-SVT-ORM-RULES
X-Sn-Servicetimems
X-Pool
X-Platform
X-NMSegId
X-Mvc-Supplant-OutputCached
X-Node-Id
X-Op-Id-All
X-Origin-Response-Time
X-SVT-ORM-VERSION
X-Tb-Optimization-Total-Bytes-Saved
X-Wikidot-Static-Cache
X-Wikidot-Backend
XkeyRZ
Yak-Timeinfo
Origin
X-Viewer-Country
X-Via-Fastly
X-V-Cache
X-UA-Device-Type
X-Var-Ttl
X-VarnishDD-TTL
X-Varnishpool
X-Mvc-Supplant-Cachable
X-Micro-Cache
X-CacheTTL
X-Cache-Info
X-CGP
X-Clientip
X-Core-Value
X-Content-Age
X-Cache-Id
X-Cache-Bucket
X-B3-Trace-ID
X-Auto-Login
X-Backend-Instance
X-BBC-Edge-Cache-Status
X-Bl-Debug
X-Csrf-Jwt
X-Date
X-Hash
X-GoCache-CacheStatus
X-HN
X-Level-Front-Cache
X-Location
X-Generated-On
X-Gamma-Serve
X-Edge-Server
X-Dispatcher-Server
X-Esi-Check
X-Eu-Site
X-FC-Vary-Parameters
X-App-Name
Tube-Got-Eval
Cdnsip
Cdncip
Cdn-Request-Time
Click-Count-Action-Start
Click-Count-Error
DSUID
Debug
Cdn-Host
Canary
Apple-News-Services-Handled
NM-Fastcgi-Cache
X-Pad
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Cache-Key
Cache
Esi-Enabled
Apple-News-Services-Request-Url
HA-Ipaddr
Ha-Gx-Prefs
L
L5d-Success-Class
NGX
Gh-Request-Id
TP-L2-Cache
CDN-CachedAt
CDN-EdgeStorageId
CDN-Cache
CDCHOST
X-VG-WebCache
Cache-Provider
CDN-PullZone
X-NodeID
X-AB-Test
X-Cdn-Srv
CDN-RequestPullSuccess
CDN-RequestPullCode
CDN-RequestCountryCode
X-GeoIP-Country-Code
X-Content-Length
X-GeoIP-Region-Code
X-Bip
X-Pubstack
X-Cache-Grace
X-VTEX-Cache-Server
X-Cached-By
X-Request-Start
X-Powered-By-VTEX-Cache
X-Policy
X-VG-TLSProxy
X-VTEX-Cache-Time
X-Varnish-Beresp-Status
X-Irp-Debug
CDN-Uid
X-Newrelic-Synthetics
X-Thanos
Content-Style-Type
Content-Script-Type
Country-Code
X-Slack-Shared-Secret-Outcome
X-HS-Content-Campaign-Id
X-Server-IP
X-Slack-Backend
X-Fmm-Version
Ssr
X-SD-PageType
Req-ID
Sid
Web-Mar-Region
X-Cache-FS-Status
X-Ec-Custom-Error
X-Men
X-Fastly-Backend
X-Human
X-Varnish-Director
ServerName
X-Cache-Hit
Akamai-Mon-Iucid-Del
X-Gen-Mode
X-CUA
XM
X-HOST
X-SIPLIST1
IsBot
X-Hnp-Log
X-ORCA-Accelerator
X-Block-Status
Fl-Custom-Application
User-Cache-Control
Pramga
Fastly-SSL
X-Request-Host
X-Api-Version
X-Dc
X-Varnish-Hits
X-CACHE-GROUP
X-Cs
X-LJ-Flow-ID
X-TA-CDN-Provider
X-VServer
X-LiteSpeed-Tag
X-AWS-Id
X-VWS-Id
X-LB-NoCache
True-Client-Country-4JS
X-Air-Pt
X-HS-CF-Cache-Status
X-B3-Spanid
Server-Ext
X-Refresh
X-Test
X-Servedbyhost
X-HITS
CloudFront-Viewer-Country
Server-Hostname
X-Provided-By
Sever-Int
Proxy-Firewall
X-Cache-Date
X-Litespeed-Tag
X-Geolocation
X-RequestId
C-Via
X-Nananana
X-GEO
Fastly-Drupal-HTML
X-LiteSpeed-Cache-Control
X-B-Cookie
X-Via-Edge
X-Application
Adler-Geo
X-Destination
X-External-Request-Id
GeoIP-Latitude
Edge-Copy-Time
X-S-Cookie
X-B3-Parentspanid
X-APP
X-Via-CDN
Is-Eu
X-IsAdmin
X-Via-SSL
X-HA-Backend
X-Nginx-Cache-Key
X-Via-Popn
X-Via-Poph
X-Via-Popv
X-Dispatcher-Number
X-Zone
X-Zen-Fury
X-DC
X-Endurance-Cache-Level
S-Rt
Cdn-Requestid
X-Tt-Logid
X-ZONE
X-User
Fastly-Drupal-Html
WZWS-RAY
X-LB-ID
X-Wa
X-Nc
Cache-Tv-Group
X-DynaTrace-JS-Agent
X-Geo-Header
Server-ID
HostName
X-Custom-Header
X-Webkit-Csp-Report-Only
T-Server
X-Presslabs-Stats
X-CDN-Forward
X-Srv
Cdn
X-AIR-PT
X-COUNTRY
X-Oracle-Dms-Ecid
X-Pass-Why
X-URL
X-ND-Cache
Ohc-Cache-HIT
X-CS
GeoIp-Country-Code
X-CMSURLCustom
X-Cache-Server
Vc-Max-Age
X-VC-TTL
X-Parent-Response-Time
X-HubSpot-Correlation-Id
X-CACHE-AGE
X-TH-Server
X-Fpc
WP-Super-Cache
X-Vgn-Hpd-Reason
SID
X-Datadome
X-Moov-Xdn-Caching-Status
X-Moov-Xdn-Version
Resin-Trace
X-NewRelic-App-Data
X-Moov-T
True-Client-IP
X-DataCenter
X-API-Version
Pics-Label
Vix-Hermes-Req-Id
Powered-By
X-Varnish-Beresp-TTL
True-Client-Ip
X-Old-Content-Length
Uri
X-Fastly-Cache
X-Ckpd-Fst-Backend
SEZNAM-JOBS-OFFER
X-Srcache-Store-Status
X-Srcache-Fetch-Status
Srv
X-TX-ID
X-APP-VERSION
On-Server
X-SERVER-NAME
X-Thinkindot-L1
X-Vercel-Id
X-Cache-VC
X-Vercel-Cache
X-FPC
Location
X-Action
Serverhost
ServerHost
Thinkindot-Control
X-Client-Ip
GeoIP-Country-Code
X-FTR-Cache-Status
X-FTR-Balancer
X-FTR-Expires
X-FTR-Backend-Server
X-PHP-Backend
AKAMAI
X-FTR-Backend
X-Cache-TTL-Remaining
X-Country-Code-Real
X-Amz-Meta-Opti
X-Air-Hostname
X-Dynatrace-Js-Agent
X-Air-Trace-Id
X-Air-Source
X-Oracle-Dms-Rid
Server-Id
N1-Cache
X-Stale
X-Litespeed-Cache-Control
Cl-Cache
Magicmarker
Av-Poweredby
X-Cdn-Cache-Status
X-Datacenter
Hostname
X-Info
X-Debug-Service
X-Resp-Is-Stale
X-WA
X-ApacheServer
X-PERF
X-Fastly-Backend-Reqs
X-NC
X-Fastly-Cache-Status
Sm-Log-Id
X-Ssense-Shipping-Surcharge-Enabled
Tcn
X-Vc
X-Ssense-Gql
X-V
X-Service-Response-Time
X-Ee-Request-Date
X-Cms-Device
X-Ee-Generated-By
X-Ee-Request-Id
X-Ee-Origin
X-Udemy-Cache-App-Namespace
Time-Cloud-Cache
X-CDN-Cache-Status
X-Lb-Id
X-WA-Info
X-Save-Cache
X-Vary-Devices
X-Geo
X-Render-Time
X-VTEX-Cache-Backend-Connect-Time
X-VTEX-Cache-Backend-Header-Time
X-Nitro-Cache
Store-Cloud-Cache
X-Proxy-Cache-La3
X-IAuth-Set-Uid
Xkeylog
Xkey-La3
CDN
X-Correlation-ID
X-Cache-Ttl
TWC-GeoIP-DMA
X-Ua
X-Ha-Backend
Cache-Hits
TWC-GeoIP-City
TWC-GeoIP-Region
X-Via-PopH
X-Rollout
X-New
X-Via-PopV
X-Uri
X-Github-Request-Id
X-Via-PopN
X-Eligible
X-Oracle-DMS-ECID
X-Esi
X-ServedByHost
X-Ion-Hop
X-Jungle-Id
Cloudfront-Viewer-Country
X-Forwarded-Site
X-Ion-Healthy
X-VCL-Version
Geoip-Latitude
X-Akamai-Pragma-Client-IP
Log-Origin
Cache-Contol
RewriteTeamHook
RewriteTestHook
X-Limited
X-Region-Sid
Machine
X-App
WWW-Authenticate
Cmsid
Cmstype
Server-Info
Cneonction
My-App
X-Traceid
X-Lb-Nocache
WebServer
CountryCode
X-MSEdge-Features
X-Git-Commit
X-Requestid
X-LAGOON
X-Dw-Trace-Id
X-EC-Lua
X-Ftr-Request-Id
Cf-Ipcountry
Pragrma
X-Up
Lb
Edge-Cache
X-Container-Uri
X-From
X-MSEdge-Flight
X-Acquia-Application-Trace
X-Acquia-Application-UUID
CacheControlHeader
X-Html-Minification-Powered-By
X-Cdn-Request-ID
X-SRCache-Key
Reporter
X-HS-Status
X-Serial
FSS-Cache
X-Acquia-Purge-Tags
X-Akamai-Transformed
X-Pod
Permission-Policy
X-Acquia-Site
X-Varnish-Hostname
X-Check-Cacheable
X-Sucuri-Id
X-Ramcache
X-Elasticpress-Query
X-BBC-Origin-Response-Status
X-Tncms-Bot-Tier
X-Ms-Blob-Type
X-Ms-Lease-Status
Timeexpire
X-Fastly-Cache-Hits
X-Orig-Cache-Control
X-Platform-Cluster
CF-Cached-On
X-Platform-Processor
X-Platform-Router
X-Akamai-ERPolicy
X-Akamai-ERRuleID
PICS-Label
Warning