Threat Level: green Handler on Duty: Jim Clausing

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
X-Frame-Options
Expires
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
Accept-Ranges
Expect-CT
CF-RAY
Pragma
X-Powered-By
X-Cache
X-XSS-Protection
Via
Age
Content-Security-Policy
Report-To
Alt-Svc
NEL
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Xss-Protection
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
X-Served-By
P3P
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
CF-Ray
Content-Security-Policy-Report-Only
X-Runtime
X-DNS-Prefetch-Control
X-AspNet-Version
X-Drupal-Cache
X-Generator
Server-Timing
P3p
X-Cache-Status
X-Cacheable
X-Envoy-Upstream-Service-Time
X-Request-ID
X-FRAME-OPTIONS
Timing-Allow-Origin
X-Iinfo
X-Drupal-Dynamic-Cache
X-Check
Permissions-Policy
X-Content-Security-Policy
Access-Control-Expose-Headers
Feature-Policy
Upgrade
Content-Encoding
Status
X-Ua-Compatible
X-CDN
X-AspNetMvc-Version
Access-Control-Max-Age
Host-Header
Cf-Edge-Cache
X-Robots-Tag
Request-Context
X-Amz-Request-Id
X-Amz-Id-2
Accept-CH
X-Backend
X-Hacker
X-Turbo-Charged-By
X-Cache-Group
Cf-Apo-Via
X-Proxy-Cache
Keep-Alive
X-Via
X-Rq
EagleId
X-Age
X-Server
X-Dispatcher
X-UA-Device
X-Vhost
X-Amz-Version-Id
X-AH-Environment
Accept-CH-Lifetime
X-Ws-Request-Id
X-Dns-Prefetch-Control
X-Varnish-Cache
Grace
X-Server-Powered-By
X-Litespeed-Cache
Allow
X-Swift-CacheTime
X-Pingback
X-Swift-SaveTime
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Cache-Lookup
X-WebKit-CSP
X-OneAgent-JS-Injection
Ali-Swift-Global-Savetime
X-Page-Speed
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Device
X-Backend-Server
EagleEye-TraceId
X-Akam-SW-Version
X-Host
X-Response-Time
Surrogate-Control
X-Cloud-Trace-Context
Cf-Railgun
X-Readtime
X-Node
X-Server-Id
X-HW
X-LiteSpeed-Cache
Xkey
X-Ruxit-JS-Agent
Request-Id
X-Country
X-Url
X-Nginx-Cache-Status
X-NWS-LOG-UUID
X-Application-Context
X-Content-Type
Cache-Tag
Content-Location
X-Nginx-Upstream-Cache-Status
X-Clacks-Overhead
Service-Worker-Allowed
X-Trace
X-Amz-Server-Side-Encryption
Fastly-Restarts
Cross-Origin-Opener-Policy
X-Times
X-PC
X-TtlSet
X-Vname
X-Rack-Cache
X-Edge
X-Mcache
X-Midtier
X-Country-Code
Rating
Surrogate-Key
X-Server-Name
X-Browser-Type
X-Middleton-Display
X-Sol
Display
Pagespeed
X-Cache-TTL
X-Cnection
X-Element-Page-Cache
X-ESI
X-Oneagent-Js-Injection
X-Abt-Application-Version
X-Kinja-Build
X-Kinja-Revision
X-GoogleNews-Bot
X-Exp-Variant
X-Kinja-Server
X-Cdn-Fetch
X-Kinja
X-Exp-Id
X-Ser
Nginx-Cache
X-GitHub-Request-Id
X-Powered-By-Plesk
Edge-Control
X-D2id
Verso
X-Ac
X-Dw-Request-Base-Id
X-Vcap-Request-Id
X-ARC
X-Client-IP
X-MS-InvokeApp
X-ECACHE
Accept-Ch-Lifetime
X-ORACLE-DMS-RID
X-Aspnet-Version
X-Daa-Tunnel
X-B3-TraceId
X-CST
X-Navigation-Version
Response
X-Middleton-Response
X-Goog-Hash
X-Amz-Rid
X-Powered-CMS
X-Upstream
X-Kinsta-Cache
X-Edge-Location-Klb
X-Erf-Bev-Bev-Is-Generated
X-Instrumentation
X-Erf-Bev-Bev
X-Kraken-Loop-Name
X-PDP-UNCACHING-HASH
X-Server-Lifecycle-Phase
X-NF-Request-ID
X-Ua-Device
X-Amzn-Trace-Id
AR-ATIME
AR-PoweredBy
AR-Request-ID
X-Cache-Key
AR-SID
X-Forwarded-For
X-Ttl
RTSS
X-Wormhole-Sdk
X-Mod-Pagespeed
X-Server-ID
X-Ratelimit-Limit
SPIisLatency
SPRequestDuration
Edge-Cache-Tag
Cache-Status
X-Version
X-Ratelimit-Remaining
X-ORACLE-DMS-ECID
Public-Key-Pins
X-Ruxit-Js-Agent
X-FastCGI-Cache
AR-CACHE
X-Mg-S
X-Ezoic-Cdn
S
Cross-Origin-Resource-Policy
Realpath
SPRequestGuid
X-Shield-Request-Id
X-SharePointHealthScore
X-Content-Digest
X-MSEdge-Ref
Fastcgi-Cache
X-T
X-Cached
X-Recruiting
X-Accel-Expires
Access-Control-Request-Method
X-Distributor
X-Fastly-Request-ID
X-Varnish-TTL
X-Newrelic-App-Data
X-Kong-Upstream-Latency
Front-End-Https
X-Kong-Proxy-Latency
Count-Hit
TP-Cache
X-Debug
X-Request-Received
X-Request-Processing-Time
Arr-Disable-Session-Affinity
X-HS-Content-Id
X-HS-Cache-Config
X-HS-Hub-Id
MicrosoftSharePointTeamServices
X-Content-Security-Policy-Report-Only
Server-Node
X-Id
X-Ua-Browser
X-Azure-Ref
X-LLID
X-VARITI-CCR
X-Correlation-Id
X-HS-Combine-CSS
X-Frontend
X-PressLabs-Stats
Cache-Tags
X-Cluster-Name
X-Ismobilevalue
X-Hits
Payment
Accept-Ch
X-Amz-Replication-Status
X-GUploader-UploadID
X-LB-Cache
X-Goog-Metageneration
X-Varnish-Backend
X-Forwarded-Proto
X-TTL
X-Request-Handler-Origin-Region
X-Microsite
X-Protected-By
Filterid
X-FB-Debug
Host
X-Unique-Id
X-Logged-In
Cleartype
X-Git-Hash
X-Www-Served-By
Content-Disposition
X-Activity-Id
X-AppVersion
X-Varnish-Server
X-Az
X-Ratelimit-Reset
X-Tt-Trace-Tag
X-App-Server
X-Tt-Trace-Host
X-Hostname
X-NGENIX-Cache
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Fastcgi-Cache
X-Jurisdiction
X-HP-Webp
X-HP-Trace-Id
X-Varnish-Ttl
X-Page-Id
X-Pinterest-Rid
Mrf-Cache-Status
Pinterest-Generated-By
Pinterest-Version
X-B3-TraceId-Primal
MRF-Tech
X-DIS-Request-ID
Access-Control-Allow-Method
Origin-Trial
Retry-After
X-Geo-Country
X-Origin-Server
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
X-Cambria-Cache-Control
X-ASPNET-VERSION
X-Upgrade-Enabled
X-Load-Cache
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
Akamai-GRN
MS-Author-Via
X-Template
Accept-Charset
X-Type
X-Ah-Environment
Fastly-SIE
X-Fb-Rlafr
Fastly-SWR
Viewport
X-Cache-Control
X-TT
Section-Io-Cache
X-Content-Options
X-RateLimit-Remaining
X-B
Content-MD5
X-B3-Sampled
Frame-Options
X-CLOUD-TRACE-CONTEXT
X-Xrds-Location
Version
X-Grace
X-Nf-Request-Id
X-Request-Guid
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Trace-Id
X-Revision
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Vcl-Version
Amp-Access-Control-Allow-Source-Origin
Healthy
X-Cdn
X-Amz-Meta-S3cmd-Attrs
X-Envoy-Decorator-Operation
X-Origin-Cache
X-Magnolia-Registration
X-Contextid
X-Device-Type
X-Source
X-CSRF-Token
TCN
X-Webkit-CSP
X-Rid
X-Tec-Api-Root
X-Aspnetmvc-Version
X-Tec-Api-Version
X-Tec-Api-Origin
X-WP-CF-Super-Cache-Active
Server-Name
X-Cache-Age
X-Px
X-Backend-Name
X-Mobile
DC
X-Proxy
X-Language
X-Webkit-Csp
X-Tumblr-Pixel
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
X-Varnish-Grace
X-Tumblr-User
X-App-Environment
X-Buckets
X-Environment-Context
X-Storage
X-Seen-By
X-L-Path
X-RM-Cache-TTL
X-ProcessESI
X-Rule
X-RemovedCookies
X-Status
X-Cacheable-TTL
X-ServerID
X-UUID
X-Content-Powered-By
X-Akamai-Edgescape
X-Proxy-Cache-Info
X-Node-Name
X-Framework
X-Instance
X-Region
SD-X-WS
Cross-Origin-Window-Policy
Access-Control-Request-Headers
NGB
X-Debug-IsConnected
X-Debug-Info
GEO-INFO
X-Datadog-Trace-Id
X-Debug-IsPreview
X-Datadog-Sampled
X-Adobe-Content
X-Adobe-Loc
MS-CV
X-HTML-Minification-Powered-By
Ms-Operation-Id
X-Datadog-Parent-Id
X-Datadog-Sampling-Priority
X-RTag
X-FW-Static
X-FW-Server
X-FW-Hash
X-Is-Bot
X-FW-Serve
X-FW-Type
X-Rendered-As
X-Mg-Request-UUID
X-NYM-Debug-Backend
X-FW-Version
X-FW-Dynamic
X-EdgeConnect-Cache-Status
X-ECache
X-G
Paypal-Debug-Id
X-Yottaa-Metrics
X-User-Agent
X-Yottaa-Optimizations
X-Cache-Time
Webserver
Countrycode
Trailer
Upgrade-Insecure-Requests
Charset
Front
Protected
X-Fastly-Request-Id
X-Whom
X-WebKit-CSP-Report-Only
X-Edge-Location
X-Lambda-Id
OT-Force-Account-Verify
X-N
Refresh
X-VC
X-VHOST
Section-Io-Id
X-HS-Prerendered
X-IPS-LoggedIn
X-Cache-Status-Check
X-AB
X-Akamai-Request-ID2
Country
X-TT-LOGID
X-Reqid
X-B3-Traceid
X-Time
Priority
Backend
X-Amzn-Remapped-Content-Length
Alternate-Protocol
X-B3-SpanId
X-CCDN-Origin-Time
X-Hcs-Proxy-Type
X-CCDN-CacheTTL
X-Hl-Ver
Xet-Cookie
X-WP-CF-Super-Cache-Cookies-Bypass
Liferay-Portal
X-Server-W
X-Response-Served-From
X-Original-Request-Id
X-Via-JSL
Onion-Location
Accept-Language
X-Mode
SRV
Environment
X-Real-IP
X-Cache-Host
X-JoinUs
X-Accel-Version
X-Tumblr-Pixel-2
X-UPSTREAM-Address
X-Frame-Option
X-Auth-Group-Type
X-FB-TRIP-ID
X-Fetched-On
X-Skip-Cache
Filters
ServerID
VIX-Pulpo-Upstream-Status
X-Rn-Rsrv
Cross-Origin-Embedder-Policy-Report-Only
X-SaId
X-Rewrite-Enabled
VIX-Pulpo-Node
Meta-Geo
X-Scope-Id
Uber-Trace-Id
Webcakes-Region
X-Format
Webcakes-App-Version
X-Redis-Cache
X-Varnish-Age
Webcakes-App-Name
X-BYPASS-REASON
X-ProxyCache-Key
X-ProxyCache-Status
X-IPLB-Instance
X-Tb
X-Logging-Id
X-IPLB-Request-ID
X-Varnish-Cache-Hits
X-R9-Blue-Green-Version
X-Cache-Action
X-Restarts
X-Cache-Expired-At
TWC-Connection-Speed
X-Connection-Hash
Property-Id
Atl-Traceid
From-Origin
Expiry
X-Cluster-Node
X-VC-Cache
TWC-Device-Class
TWC-Locale-Group
X-Request-URI
TWC-Privacy
TWC-GeoIP-Country
X-Nginx-Cache
TWC-GeoIP-LatLong
X-Origin-Hint
X-Director
X-Soup
Apigw-Requestid
Mn-Server-Ip
Web-Mar-Node
X-Cms-Context
X-Handled-By
X-Hosted-By
X-Httpd
X-Loop
X-Say-TTL
X-Vcache
X-Wix-Request-Id
X-Varnish-Beresp-Grace
X-SayCDN-TTL
X-Served-From
X-Say-Cacheable
X-Tncms
X-Forwarded-Host
Fastcgi-Useragent
X-Web-Node
X-Adobe-Source
X-Origin-Date
X-Proxy-Build
X-PHP-Host
X-Labrador-Cache-Channel
Selected-Fe
X-Timing-Wait
Url
ServedBy
X-Cluster
X-Cloudmap
X-Routing-Service
X-Zipkin-Id
X-S
X-Servername
X-Webstats-RespID
X-Proxied
X-Detected-As
X-Origin-TTL
X-Generated-By
X-Origin
DB-Nickname
X-Extlb
X-Origin-CC
X-TraceId
Referer-Policy
X-LSADC-Cache
N-Cache
Xserver
X-FTR-Request-ID
X-Lagoon
X-DataDome
X-Rocket-Nginx-Serving-Static
X-XRDS-Location
X-Hit
CF-IPCountry
LB
Cross-Origin-Embedder-Policy
X-Ms-Request-Id
X-Xfnlog-Site
X-SRV
X-Ms-Version
X-DynaTrace
X-Tumblr-Pixel-3
X-NWS-UUID-VERIFY
X-XRDS-LOCATION
X-RateLimit-Limit
X-Upstream-Ct
X-RID
X-Upstream-Ht
X-Cache-Debug
X-VCT
X-Proxy-Cache-Status
X-RCS-CacheZone
X-Azure-Ref-OriginShield
Source
WPO-Cache-Status
WPO-Cache-Message
Surrogated-Key
X-UA
X-RateLimit-Remaining-Second
CDN-RequestId
X-RateLimit-Limit-Second
X-Worker
X-Is-Tablet
X-Tcp-Rtt
X-Browser-Name
X-Geo-Region
X-Is-Supported-Browser
X-Is-Mobile
X-Is-Desktop
X-No-Session
X-Signature
X-Urbn-Context-Path
X-Urbn-Site-Id
X-B-Cache
Locale
X-F-Cache
X-Generation-Time
Node
X-Sucuri-Cache
X-App-Version
AMP-Access-Control-Allow-Source-Origin
X-Cdn-Origin
X-Drupal-Cache-Contexts
X-Sucuri-ID
X-Drupal-Cache-Tags
X-NODE
X-ShardId
X-Alternate-Cache-Key
X-ShopId
X-Sorting-Hat-ShopId
X-Storefront-Renderer-Rendered
X-Shopify-Stage
X-Sorting-Hat-PodId
X-Cdn-Forward
X-Locale
X-MP-GENERATED-AT
Ohc-File-Size
Cross-Origin-Opener-Policy-Report-Only
X-Tx-Id
X-Cache-Operation
X-Site-Version
X-Cache-Rule
Content-Secure-Policy
Cluster
X-A-Dam
DCR-Decision-By
We-Hiring
X-A
X-A-Ccd
Azure-RegionName
Azure-SiteName
Candidate-Md5Url
BehaviorPad-Version
X-A-Wwc
Azure-SlotName
X-A-Dcw
Thinkindot-CacheControl-Type
X-A-Dgt
TDXMobile
Azure-InstanceId
Host-ID
Lang
A
DCR-Processing-Time-Ms
Gannett-Cam-Experience-Id
Expect-Staple
Fastly-Backend-Name
Fastly-GeoIP-CountryCode
Mail-Subject
MD5-Digest
Redirect-Candidate
Rendered-Blocks
Sslversion
X-Aed
Origin-Agent-Cluster
Odigeo-Trace-Id
Azure-Version
Meta-Geo-Continent
Ngx.Var.Host
Thinkindot-CacheControl
X-Cache-NE
X-Proxy-CacheRZ
X-Proxied-Request
X-Request-Time
X-Rojux
X-Scheme
X-Proto
X-Platform-Server
X-Origin-Expires
X-Org
X-Origin-Response-Time
X-Origin-Time
X-PAYTM-SRV-ID
X-ScT
X-Shield-Cache-Expires
X-Vtex-Remote-Cache
X-Vmg-Version
X-We-Are-Hiring
Xc-Version
XkeyRZ
X-Vdms-Version
X-Varnish-Remaining-TTL
X-Thinkindot-L3
X-TIM-N
X-Varnish-CookieHashed-On
X-Varnish-CookieINHashed-On
X-Nyt-Route
X-Mvc-Supplant-OutputCached
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-DefElseHash
X-DefHash
X-Developer
X-D
X-Conf
X-App-Name
X-Amz-Storage-Class
X-Backend-Instance
X-Bc-Bl
X-Cache-Info
X-Ec-Fail
X-Ec-GeoHdr
X-INCAP-ABP
X-Ig-Push-State
X-Jobs
X-Mly-Id
X-Mvc-Supplant-Cachable
X-Ig-Origin-Region
X-GeoCountry
X-Epic-Correlation-Id
X-FC-Vary-Parameters
X-Gdpr
X-GeoCode
X-Aicache-OS
X-BCube-Filmed-By
X-NGINX-Cache
X-ElasticPress-Query
X-Service
X-Varnish-Beresp-Ttl
X-Optimistic-Header
Mime-Version
X-Cached-By
X-CacheTTL
X-Cache-Id
X-Bug-Bounty
X-Cache-Bucket
X-CGP
X-Cache-Grace
X-Cache-Aspx
X-Contensis-Viewer-Groups
X-DPWN-IS-SECURE
X-Dispatcher-Server
X-Ec-Custom-Error
X-Edge-Server
X-Esi-Check
X-Depends
X-Date
X-Bl-Debug
X-Content-Age
X-Core-Value
X-Csrf-Jwt
X-Clientip
X-BBC-Edge-Cache-Status
Tube-Got-Results
Tube-Got-Eval
Tube-Return
User-Agent
V-Age
Tube-Get-Contents
Server-Host
Release
Req-Svc-Chain
RNT-Machine
RNT-Time
W
Web-Mar-Region
X-Akamai-Device-Characteristics
X-AK-Request-ID
X-Amz-Meta-Cb-Modifiedtime
X-Auto-Login
X-B3-Trace-ID
X-Acquia-Purge-Cdn-Unconfigured
X-Access
Wxu-Next-Commit
Wxu-Next-Hostname
Wxu-Next-Region
X-Accel-Expires-Debug
X-Eu-Site
X-Fmm-Version
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-V-Cache
X-Var-Ttl
X-Varnish-Authentication
X-Slack-Shared-Secret-Outcome
X-Slack-Backend
X-Req
X-SB
X-SD-PageType
X-Section
X-Varnish-Director
X-VarnishDD-TTL
X-Wikidot-Backend
X-Wikidot-Static-Cache
Yak-Timeinfo
Origin
X-VTEX-Cache-Time
X-VTEX-Cache-Server
X-Varnishpool
X-VG-WebCache
X-Via-Fastly
X-Viewer-Country
X-Powered-By-VTEX-Cache
X-Pool
X-GoCache-CacheStatus
X-GeoIP-Region-Code
X-Gzip
X-HN
X-HS-Content-Campaign-Id
X-GeoIP-Country-Code
X-GeoIP-City
Product
X-Gamma-Serve
X-Generated-On
X-GeoIP
X-Human
X-Internal-TTL
X-Op-Id-All
X-Path
X-Platform
X-Policy
X-Node-Id
X-NMSegId
X-Level-Front-Cache
X-Loc
X-Location
X-Micro-Cache
X-Fastly-Backend
X-Hash
Cache
Apple-News-Services-Request-Url
HA-Ipaddr
Ha-Gx-Prefs
Gh-Request-Id
L
Click-Count-Error
Apple-News-Services-Handled
NGX
Apple-News-Services-Host
Producers
Apple-News-Services-Parsed-Url
Cache-Key
Cache-Provider
Cdncip
Content-Style-Type
Content-Script-Type
Cdnsip
Click-Count-Action-Start
Cdn-Request-Time
Debug
Canary
Esi-Enabled
Cdn-Host
DSUID
NM-Fastcgi-Cache
L5d-Success-Class
PFcat
X-Cache-Hit
TP-L2-Cache
CDN-PullZone
X-Content-Length
Req-ID
X-Bip
Origin-EX
X-NodeID
CDN-RequestCountryCode
X-Pubstack
X-Newrelic-Synthetics
Pramga
Ssr
X-Block-Status
ServerName
CDN-Cache
CDN-Uid
Fastly-SSL
CDN-CachedAt
CDCHOST
Sid
Country-Code
X-Cache-FS-Status
X-Hnp-Log
X-Men
CDN-EdgeStorageId
X-AB-Test
CDN-RequestPullSuccess
X-Varnish-Beresp-Status
X-UA-Device-Type
X-Cdn-Srv
X-CUA
X-Irp-Debug
IsBot
Origin-CC
User-Cache-Control
X-VG-TLSProxy
CDN-RequestPullCode
X-Thanos
Platform
X-Request-Host
X-SIPLIST1
X-Gen-Mode
X-Request-Start
X-Server-IP
X-Tb-Optimization-Total-Bytes-Saved
X-Pad
X-Sn-Servicetimems
Akamai-Mon-Iucid-Del
X-Dc
X-ORCA-Accelerator
X-HOST
XM
Fl-Custom-Application
X-Api-Version
X-CACHE-GROUP
X-Varnish-Hits
X-Cs
X-VServer
X-LJ-Flow-ID
True-Client-Country-4JS
X-TA-CDN-Provider
X-AWS-Id
X-LB-NoCache
X-GEO
X-VWS-Id
X-HS-CF-Cache-Status
X-LiteSpeed-Tag
X-Air-Pt
X-Cache-Date
Proxy-Firewall
X-Geolocation
Sever-Int
X-APP
X-HITS
X-Test
X-Refresh
CloudFront-Viewer-Country
C-Via
Server-Ext
X-Nananana
X-Provided-By
Server-Hostname
X-Litespeed-Tag
X-LiteSpeed-Cache-Control
X-Application
X-IsAdmin
X-B-Cookie
Edge-Copy-Time
X-Destination
X-Servedbyhost
Is-Eu
Adler-Geo
X-Via-CDN
X-Via-Edge
X-Via-SSL
X-RequestId
X-External-Request-Id
GeoIP-Latitude
X-S-Cookie
Fastly-Drupal-HTML
X-B3-Parentspanid
X-Nginx-Cache-Key
X-Via-Popv
X-HA-Backend
X-Via-Poph
X-Via-Popn
Fastly-Drupal-Html
X-Zone
X-Tt-Logid
X-B3-Spanid
X-Dispatcher-Number
X-DC
S-Rt
Cdn-Requestid
X-Endurance-Cache-Level
X-Zen-Fury
X-LB-ID
X-User
WZWS-RAY
X-ZONE
X-DynaTrace-JS-Agent
Cache-Tv-Group
X-Custom-Header
T-Server
X-Geo-Header
X-Nc
X-Webkit-Csp-Report-Only
HostName
X-Wa
Server-ID
X-CDN-Forward
X-Presslabs-Stats
X-Srv
Cdn
X-AIR-PT
GeoIp-Country-Code
X-URL
X-Oracle-Dms-Ecid
X-ND-Cache
X-COUNTRY
X-Pass-Why
X-CS
Ohc-Cache-HIT
Vc-Max-Age
X-CMSURLCustom
X-Cache-Server
X-VC-TTL
X-CACHE-AGE
X-Parent-Response-Time
X-HubSpot-Correlation-Id
X-Vgn-Hpd-Reason
WP-Super-Cache
X-TH-Server
X-Datadome
SID
X-Moov-Xdn-Caching-Status
X-Moov-Xdn-Version
X-Fpc
X-NewRelic-App-Data
X-DataCenter
True-Client-IP
X-Moov-T
Resin-Trace
X-API-Version
X-Old-Content-Length
Vix-Hermes-Req-Id
Powered-By
Pics-Label
X-Varnish-Beresp-TTL
Uri
SEZNAM-JOBS-OFFER
True-Client-Ip
X-Fastly-Cache
X-Ckpd-Fst-Backend
X-Srcache-Fetch-Status
X-Srcache-Store-Status
X-TX-ID
On-Server
X-APP-VERSION
Srv
X-SERVER-NAME
ServerHost
X-FTR-Backend
Serverhost
X-FTR-Balancer
Thinkindot-Control
X-FTR-Expires
X-FTR-Backend-Server
X-Vercel-Cache
X-Country-Code-Real
X-Action
X-Cache-VC
X-Thinkindot-L1
Location
X-FPC
X-FTR-Cache-Status
X-Vercel-Id
X-Client-Ip
X-Cache-TTL-Remaining
X-PHP-Backend
X-Amz-Meta-Opti
GeoIP-Country-Code
AKAMAI
X-Air-Trace-Id
X-Dynatrace-Js-Agent
X-Air-Hostname
X-Air-Source
Server-Id
X-Stale
X-Oracle-Dms-Rid
N1-Cache
Tcn
X-Litespeed-Cache-Control
X-Datacenter
X-Resp-Is-Stale
Hostname
X-Info
Cl-Cache
X-Cdn-Cache-Status
X-Debug-Service
Av-Poweredby
Magicmarker
X-ApacheServer
X-Fastly-Backend-Reqs
X-PERF
X-NC
X-WA
X-Fastly-Cache-Status
Sm-Log-Id
X-V
X-Service-Response-Time
X-Vc
X-Geo
X-Save-Cache
X-Ee-Request-Id
X-Ee-Request-Date
X-Ee-Generated-By
X-Ee-Origin
X-Ssense-Shipping-Surcharge-Enabled
X-Vary-Devices
X-Render-Time
X-VTEX-Cache-Backend-Header-Time
X-IAuth-Set-Uid
X-Cms-Device
X-VTEX-Cache-Backend-Connect-Time
X-CDN-Cache-Status
X-Ssense-Gql
X-Lb-Id
Xkey-La3
X-WA-Info
X-Proxy-Cache-La3
X-Udemy-Cache-App-Namespace
Time-Cloud-Cache
Store-Cloud-Cache
Xkeylog
CDN
X-Cache-Ttl
Geoip-Latitude
X-Eligible
X-Via-PopH
X-Nitro-Cache
X-Oracle-DMS-ECID
Cache-Hits
X-Via-PopV
X-Ua
X-Correlation-ID
X-Ha-Backend
X-Rollout
TWC-GeoIP-Region
TWC-GeoIP-DMA
X-Via-PopN
X-Uri
TWC-GeoIP-City
X-Github-Request-Id
X-New
X-Esi
X-Region-Sid
X-Jungle-Id
RewriteTeamHook
Cloudfront-Viewer-Country
X-Ion-Hop
RewriteTestHook
X-ServedByHost
X-Ion-Healthy
X-Forwarded-Site
Machine
X-App
Cache-Contol
X-Akamai-Pragma-Client-IP
X-VCL-Version
Log-Origin
X-Limited
Cneonction
WWW-Authenticate
Cmstype
X-Lb-Nocache
Lb
My-App
Cmsid
X-Traceid
Server-Info
WebServer
CountryCode
X-LAGOON
Pragrma
Cf-Ipcountry
X-Container-Uri
X-Git-Commit
X-Requestid
X-Up
Edge-Cache
X-MSEdge-Features
X-MSEdge-Flight
X-Ftr-Request-Id
X-EC-Lua
X-Dw-Trace-Id
X-From
X-HS-Status
Reporter
X-Acquia-Site
X-Varnish-Hostname
X-Acquia-Application-Trace
X-Acquia-Application-UUID
X-SRCache-Key
Permission-Policy
X-Cdn-Request-ID
CacheControlHeader
X-Acquia-Purge-Tags
X-Check-Cacheable
Warning
FSS-Cache
X-Pod
X-Akamai-Transformed
X-Serial
X-Sucuri-Id
X-BBC-Origin-Response-Status
X-Elasticpress-Query
X-Platform-Processor
X-Platform-Cluster
X-Platform-Router
CF-Cached-On
PICS-Label
X-Fastly-Cache-Hits
X-Ramcache
X-Ms-Blob-Type
X-Akamai-ERPolicy
X-Akamai-ERRuleID
Timeexpire
X-Tncms-Bot-Tier
X-Ms-Lease-Status
X-Orig-Cache-Control