Threat Level: green Handler on Duty: Jim Clausing

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
X-Frame-Options
Expires
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
Accept-Ranges
Expect-CT
CF-RAY
Pragma
X-Powered-By
X-Cache
Via
X-XSS-Protection
Age
Content-Security-Policy
Report-To
Alt-Svc
NEL
Referrer-Policy
Access-Control-Allow-Origin
X-Xss-Protection
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
X-Served-By
P3P
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
CF-Ray
Content-Security-Policy-Report-Only
X-Runtime
X-DNS-Prefetch-Control
X-AspNet-Version
X-Drupal-Cache
X-Generator
Server-Timing
P3p
X-Cache-Status
X-Cacheable
X-Envoy-Upstream-Service-Time
X-Request-ID
X-FRAME-OPTIONS
Timing-Allow-Origin
X-Iinfo
X-Drupal-Dynamic-Cache
X-Check
Permissions-Policy
X-Content-Security-Policy
Access-Control-Expose-Headers
Feature-Policy
Upgrade
Content-Encoding
Status
X-Ua-Compatible
X-CDN
X-AspNetMvc-Version
Access-Control-Max-Age
Host-Header
Cf-Edge-Cache
X-Robots-Tag
Request-Context
X-Amz-Request-Id
X-Amz-Id-2
Accept-CH
X-Backend
X-Hacker
X-Turbo-Charged-By
X-Cache-Group
Cf-Apo-Via
X-Proxy-Cache
Keep-Alive
X-Via
X-Rq
EagleId
X-Server
X-Age
X-Dispatcher
X-UA-Device
X-Vhost
X-Amz-Version-Id
X-AH-Environment
Accept-CH-Lifetime
X-Ws-Request-Id
X-Dns-Prefetch-Control
X-Varnish-Cache
Grace
X-Server-Powered-By
X-Litespeed-Cache
X-Pantheon-Styx-Hostname
Allow
X-Styx-Req-Id
X-Pingback
X-Swift-CacheTime
X-Swift-SaveTime
X-Cache-Lookup
X-WebKit-CSP
X-OneAgent-JS-Injection
Ali-Swift-Global-Savetime
X-Page-Speed
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Device
X-Backend-Server
EagleEye-TraceId
X-Cloud-Trace-Context
X-Akam-SW-Version
X-Host
X-Response-Time
Surrogate-Control
Cf-Railgun
X-Readtime
X-Node
X-Server-Id
X-HW
X-LiteSpeed-Cache
Xkey
Request-Id
X-Ruxit-JS-Agent
X-Country
X-Url
X-Nginx-Cache-Status
X-NWS-LOG-UUID
X-Application-Context
X-Content-Type
Cache-Tag
Content-Location
X-Nginx-Upstream-Cache-Status
X-Clacks-Overhead
Service-Worker-Allowed
X-Trace
X-Amz-Server-Side-Encryption
Fastly-Restarts
Cross-Origin-Opener-Policy
X-Times
X-PC
X-TtlSet
X-Vname
X-Rack-Cache
X-Mcache
X-Midtier
X-Edge
X-Country-Code
Rating
Surrogate-Key
X-Server-Name
X-Browser-Type
Display
Pagespeed
X-Sol
X-Middleton-Display
X-Cache-TTL
X-Cnection
X-Element-Page-Cache
X-Abt-Application-Version
X-Cdn-Fetch
X-Exp-Id
X-Kinja
X-Exp-Variant
X-GoogleNews-Bot
X-Kinja-Revision
X-Kinja-Build
X-Kinja-Server
X-ESI
X-Oneagent-Js-Injection
X-Ser
Nginx-Cache
X-GitHub-Request-Id
Edge-Control
X-Powered-By-Plesk
X-D2id
Verso
X-Ac
X-Vcap-Request-Id
X-Dw-Request-Base-Id
X-ARC
Accept-Ch-Lifetime
X-Client-IP
X-MS-InvokeApp
X-ECACHE
X-Aspnet-Version
X-ORACLE-DMS-RID
X-Daa-Tunnel
X-CST
X-Navigation-Version
X-Amz-Rid
X-Goog-Hash
X-Upstream
Response
X-Middleton-Response
X-Powered-CMS
X-Server-Lifecycle-Phase
X-PDP-UNCACHING-HASH
X-Erf-Bev-Bev
X-Instrumentation
X-Kraken-Loop-Name
X-Erf-Bev-Bev-Is-Generated
X-Edge-Location-Klb
X-Kinsta-Cache
X-B3-TraceId
X-Ua-Device
AR-PoweredBy
AR-ATIME
AR-SID
AR-Request-ID
X-Amzn-Trace-Id
X-Cache-Key
X-Ruxit-Js-Agent
X-Forwarded-For
X-Ttl
X-Ratelimit-Limit
X-NF-Request-ID
X-Wormhole-Sdk
RTSS
X-Mod-Pagespeed
X-Ratelimit-Remaining
X-Server-ID
SPRequestDuration
SPIisLatency
Edge-Cache-Tag
Cache-Status
X-Version
Public-Key-Pins
AR-CACHE
X-FastCGI-Cache
X-Mg-S
X-ORACLE-DMS-ECID
X-Ezoic-Cdn
Cross-Origin-Resource-Policy
S
Realpath
X-SharePointHealthScore
SPRequestGuid
X-Shield-Request-Id
X-MSEdge-Ref
X-Content-Digest
X-T
Fastcgi-Cache
X-Cached
X-Recruiting
X-Accel-Expires
Access-Control-Request-Method
X-Distributor
X-Fastly-Request-ID
X-Newrelic-App-Data
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
Front-End-Https
TP-Cache
X-Correlation-Id
Arr-Disable-Session-Affinity
X-Debug
Count-Hit
X-Request-Received
X-Request-Processing-Time
X-Id
X-HS-Cache-Config
X-HS-Content-Id
X-HS-Hub-Id
MicrosoftSharePointTeamServices
X-Varnish-TTL
X-Content-Security-Policy-Report-Only
Server-Node
X-Ua-Browser
X-LLID
X-Azure-Ref
X-VARITI-CCR
X-HS-Combine-CSS
X-Frontend
X-PressLabs-Stats
X-Cluster-Name
Cache-Tags
X-Ismobilevalue
X-Hits
Accept-Ch
Payment
X-Amz-Replication-Status
X-LB-Cache
X-GUploader-UploadID
X-Forwarded-Proto
X-Varnish-Backend
X-Goog-Metageneration
X-TTL
X-Request-Handler-Origin-Region
X-Microsite
X-Protected-By
Host
X-FB-Debug
Filterid
X-Git-Hash
X-Unique-Id
Cleartype
X-Logged-In
X-Activity-Id
X-Az
X-AppVersion
Content-Disposition
X-Www-Served-By
X-Varnish-Server
X-Ratelimit-Reset
X-Varnish-Ttl
X-Tt-Trace-Host
X-App-Server
X-Tt-Trace-Tag
X-Hostname
X-NGENIX-Cache
X-Amz-Apigw-Id
X-Webkit-CSP
X-Amzn-RequestId
X-Fastcgi-Cache
X-HP-Trace-Id
X-HP-Webp
X-Jurisdiction
Origin-Trial
X-DIS-Request-ID
X-Page-Id
X-B3-TraceId-Primal
Pinterest-Generated-By
MRF-Tech
X-Pinterest-Rid
Pinterest-Version
Mrf-Cache-Status
X-Geo-Country
Access-Control-Allow-Method
X-Origin-Server
X-Nf-Request-Id
Retry-After
X-Load-Cache
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
X-ASPNET-VERSION
X-Cambria-Cache-Control
X-Upgrade-Enabled
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
Akamai-GRN
MS-Author-Via
X-Template
Accept-Charset
Fastly-SWR
X-Ah-Environment
Section-Io-Cache
Fastly-SIE
X-Type
X-Fb-Rlafr
X-TT
Viewport
X-Cache-Control
X-B3-Sampled
X-Content-Options
Content-MD5
X-Grace
Version
X-B
Frame-Options
Amp-Access-Control-Allow-Source-Origin
X-Xrds-Location
X-Request-Guid
X-Revision
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Trace-Id
X-TEC-API-VERSION
X-SRCache-Store-Status
X-SRCache-Fetch-Status
Healthy
X-Amz-Meta-S3cmd-Attrs
X-Cdn
X-Origin-Cache
X-Envoy-Decorator-Operation
TCN
X-RateLimit-Remaining
X-Magnolia-Registration
X-Device-Type
X-Vcl-Version
X-Contextid
X-Source
X-CSRF-Token
X-Tec-Api-Origin
X-Rid
X-Tec-Api-Version
X-Tec-Api-Root
X-Aspnetmvc-Version
X-WP-CF-Super-Cache-Active
X-Cache-Age
Server-Name
X-Px
X-Backend-Name
X-Mobile
DC
X-Proxy
X-Language
X-Varnish-Grace
X-Tumblr-Pixel-1
X-Tumblr-Pixel
X-ProcessESI
X-Buckets
X-Tumblr-User
X-Tumblr-Pixel-0
X-RM-Cache-TTL
X-App-Environment
X-RemovedCookies
X-Seen-By
X-Debug-Info
X-Rule
X-Environment-Context
X-Framework
X-Mg-Request-UUID
X-L-Path
X-Status
X-Storage
X-Akamai-Edgescape
Access-Control-Request-Headers
Cross-Origin-Window-Policy
X-Debug-IsConnected
X-FW-Dynamic
X-ServerID
X-Content-Powered-By
X-Adobe-Content
SD-X-WS
X-FW-Hash
X-Adobe-Loc
X-Cacheable-TTL
NGB
X-Debug-IsPreview
X-FW-Serve
X-Instance
X-FW-Version
X-Node-Name
X-NYM-Debug-Backend
X-Proxy-Cache-Info
X-Region
X-FW-Type
X-G
X-UUID
X-FW-Static
X-FW-Server
X-RTag
MS-CV
GEO-INFO
Ms-Operation-Id
X-Rendered-As
X-Datadog-Sampling-Priority
X-Datadog-Trace-Id
X-Datadog-Parent-Id
X-Is-Bot
X-Datadog-Sampled
X-EdgeConnect-Cache-Status
Paypal-Debug-Id
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-ECache
X-User-Agent
X-Cache-Time
X-HTML-Minification-Powered-By
Upgrade-Insecure-Requests
X-B3-Traceid
Trailer
Countrycode
Webserver
Front
Charset
Protected
X-Fastly-Request-Id
X-Whom
X-WebKit-CSP-Report-Only
OT-Force-Account-Verify
X-Edge-Location
X-Lambda-Id
X-VC
X-N
Section-Io-Id
Refresh
X-VHOST
X-IPS-LoggedIn
X-HS-Prerendered
X-Cache-Status-Check
X-AB
X-Akamai-Request-ID2
Country
X-TT-LOGID
X-Time
Priority
X-Reqid
Backend
X-Amzn-Remapped-Content-Length
Alternate-Protocol
X-CCDN-CacheTTL
X-Hl-Ver
X-Hcs-Proxy-Type
Xet-Cookie
X-CCDN-Origin-Time
X-WP-CF-Super-Cache-Cookies-Bypass
Liferay-Portal
X-Server-W
X-CLOUD-TRACE-CONTEXT
X-Original-Request-Id
X-Response-Served-From
X-B3-SpanId
SRV
Accept-Language
Onion-Location
X-Mode
X-Via-JSL
X-Rewrite-Enabled
X-Rn-Rsrv
X-Cache-Host
X-Wix-Request-Id
X-VC-Cache
X-Scope-Id
ServerID
X-Tb
Environment
Fastcgi-Useragent
X-SaId
X-JoinUs
Cross-Origin-Embedder-Policy-Report-Only
From-Origin
X-Origin-Date
X-Tumblr-Pixel-2
Filters
X-UPSTREAM-Address
X-Auth-Group-Type
X-Frame-Option
X-Real-IP
VIX-Pulpo-Node
X-Accel-Version
X-Skip-Cache
VIX-Pulpo-Upstream-Status
X-Web-Node
Meta-Geo
X-FB-TRIP-ID
X-Fetched-On
TWC-Locale-Group
X-Varnish-Age
X-Varnish-Cache-Hits
X-Webstats-RespID
X-R9-Blue-Green-Version
X-Redis-Cache
X-Request-URI
X-Connection-Hash
X-Director
X-ProxyCache-Status
X-Format
X-IPLB-Instance
X-Logging-Id
X-IPLB-Request-ID
X-Origin-Hint
X-ProxyCache-Key
X-Generated-By
X-Hosted-By
X-Restarts
X-SayCDN-TTL
TWC-GeoIP-LatLong
TWC-Privacy
Uber-Trace-Id
TWC-GeoIP-Country
TWC-Device-Class
Expiry
Property-Id
Webcakes-App-Name
Webcakes-App-Version
X-Cluster-Node
X-Say-Cacheable
X-Say-TTL
X-Cache-Expired-At
X-Cache-Action
Webcakes-Region
X-BYPASS-REASON
Atl-Traceid
TWC-Connection-Speed
X-Nginx-Cache
X-DataDome
X-Varnish-Beresp-Grace
X-PHP-Host
X-Served-From
Mn-Server-Ip
Apigw-Requestid
X-Vcache
X-Httpd
X-Cms-Context
X-Handled-By
X-Forwarded-Host
X-Tncms
X-Loop
X-Adobe-Source
X-Labrador-Cache-Channel
X-Soup
Web-Mar-Node
X-Proxy-Build
Selected-Fe
X-Timing-Wait
DB-Nickname
X-Zipkin-Id
X-Detected-As
X-Origin-TTL
X-Origin
X-Extlb
X-Proxied
X-Cloudmap
Url
ServedBy
X-Cluster
X-Servername
X-Routing-Service
X-Origin-CC
X-S
Referer-Policy
LB
Xserver
X-TraceId
N-Cache
X-LSADC-Cache
X-Rocket-Nginx-Serving-Static
X-XRDS-Location
X-FTR-Request-ID
X-Hit
Cross-Origin-Embedder-Policy
CF-IPCountry
X-Webkit-Csp
X-Xfnlog-Site
X-DynaTrace
X-SRV
X-Ms-Version
X-Lagoon
X-Ms-Request-Id
X-Tumblr-Pixel-3
X-NWS-UUID-VERIFY
X-XRDS-LOCATION
X-RID
X-Upstream-Ht
X-Upstream-Ct
X-Cache-Debug
X-VCT
X-Azure-Ref-OriginShield
Source
X-Proxy-Cache-Status
WPO-Cache-Status
X-RCS-CacheZone
WPO-Cache-Message
Surrogated-Key
X-RateLimit-Limit-Second
X-Worker
X-UA
CDN-RequestId
X-RateLimit-Remaining-Second
X-Is-Mobile
X-Is-Tablet
X-Browser-Name
X-Is-Supported-Browser
X-Tcp-Rtt
X-Geo-Region
X-Is-Desktop
X-Urbn-Context-Path
X-Signature
X-Urbn-Site-Id
X-No-Session
X-B-Cache
X-F-Cache
Locale
Node
X-Generation-Time
X-Sucuri-Cache
X-Cdn-Origin
X-App-Version
X-RateLimit-Limit
X-NODE
X-Drupal-Cache-Tags
X-Sucuri-ID
X-Drupal-Cache-Contexts
X-ShopId
X-Shopify-Stage
X-ShardId
X-Tx-Id
X-Sorting-Hat-ShopId
X-Storefront-Renderer-Rendered
X-Alternate-Cache-Key
X-Sorting-Hat-PodId
X-Cdn-Forward
X-MP-GENERATED-AT
X-Locale
Cross-Origin-Opener-Policy-Report-Only
Ohc-File-Size
X-Cache-Operation
X-Site-Version
X-Cache-Rule
Content-Secure-Policy
X-GeoIP
A
X-GeoIP-City
X-Gdpr
X-Debug-Cache-Store
X-GeoCode
X-GeoCountry
Azure-InstanceId
X-FC-Vary-Parameters
Azure-RegionName
X-Nyt-Route
Azure-SlotName
X-Jobs
X-DPWN-IS-SECURE
X-ElasticPress-Query
X-Internal-TTL
X-Mvc-Supplant-Cachable
X-Amz-Storage-Class
X-Loc
X-Depends
X-Mly-Id
Cdnsip
Cdncip
X-Developer
X-INCAP-ABP
X-Ig-Push-State
BehaviorPad-Version
Candidate-Md5Url
Azure-Version
X-DefHash
Azure-SiteName
X-Epic-Correlation-Id
Cluster
X-Ig-Origin-Region
X-Mvc-Supplant-OutputCached
X-Ec-Fail
X-Ec-GeoHdr
X-DefElseHash
Fastly-GeoIP-CountryCode
X-Varnish-Remaining-TTL
TDXMobile
X-Varnish-CookieINHashed-On
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
X-Bc-Bl
X-BCube-Filmed-By
X-Vdms-Version
X-Varnish-CookieHashed-On
Sslversion
Rendered-Blocks
X-TIM-N
X-NGINX-Cache
X-Cache-Info
X-Cache-Aspx
X-Bug-Bounty
X-Varnish-Authentication
X-Backend-Instance
X-Vmg-Version
X-A-Dgt
X-A-Dcw
X-A-Dam
X-A-Wwc
X-Aed
X-AK-Request-ID
X-Aicache-OS
XkeyRZ
X-Service
X-Vtex-Remote-Cache
X-App-Name
We-Hiring
X-We-Are-Hiring
X-A
Xc-Version
X-A-Ccd
X-Thinkindot-L3
Redirect-Candidate
X-Proxied-Request
X-Proto
Expect-Staple
X-Proxy-CacheRZ
Fastly-Backend-Name
X-D
AMP-Access-Control-Allow-Source-Origin
X-Debug-Cache-Fetch
DCR-Processing-Time-Ms
X-Origin-Time
X-Origin-Response-Time
X-Origin-Expires
X-Path
X-PAYTM-SRV-ID
X-Platform-Server
DCR-Decision-By
Gannett-Cam-Experience-Id
Host-ID
Odigeo-Trace-Id
Ngx.Var.Host
Meta-Geo-Continent
X-Conf
Origin-Agent-Cluster
X-Cache-NE
Producers
X-Shield-Cache-Expires
MD5-Digest
Lang
X-Rojux
X-Request-Time
X-Scheme
X-ScT
Mail-Subject
X-Contensis-Viewer-Groups
X-Org
Mime-Version
X-Optimistic-Header
X-Varnish-Beresp-Ttl
Release
X-UA-Device-Type
Product
X-Tb-Optimization-Total-Bytes-Saved
X-CacheTTL
X-Cached-By
X-V-Cache
Req-Svc-Chain
X-Cache-Grace
X-Cache-Bucket
Server-Host
X-Cache-Id
RNT-Machine
RNT-Time
Platform
X-CGP
X-Slack-Shared-Secret-Outcome
NM-Fastcgi-Cache
X-Fmm-Version
X-Slack-Backend
X-SD-PageType
X-Section
X-Sn-Servicetimems
X-SVT-ORM-RULES
X-Amz-Meta-Cb-Modifiedtime
PFcat
X-Clientip
Origin-EX
X-SVT-ORM-VERSION
Origin-CC
X-Var-Ttl
X-Bl-Debug
Wxu-Next-Hostname
Wxu-Next-Region
Wxu-Next-Commit
Web-Mar-Region
W
X-VTEX-Cache-Server
X-VTEX-Cache-Time
X-Wikidot-Backend
X-Access
X-Acquia-Purge-Cdn-Unconfigured
X-Accel-Expires-Debug
Origin
X-Wikidot-Static-Cache
Yak-Timeinfo
X-Auto-Login
X-B3-Trace-ID
X-VG-WebCache
X-BBC-Edge-Cache-Status
X-Varnishpool
X-VarnishDD-TTL
X-Content-Age
X-Varnish-Director
Tube-Get-Contents
Tube-Got-Eval
X-Viewer-Country
V-Age
User-Agent
X-Via-Fastly
Tube-Got-Results
Tube-Return
X-Akamai-Device-Characteristics
NGX
X-HS-Content-Campaign-Id
Cdn-Host
X-Edge-Server
X-Esi-Check
Canary
X-HN
X-Human
Cdn-Request-Time
X-SB
Click-Count-Action-Start
X-Location
X-Dispatcher-Server
X-Ec-Custom-Error
X-Level-Front-Cache
Cache-Provider
Cache-Key
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Apple-News-Services-Host
Apple-News-Services-Handled
X-Gamma-Serve
X-Fastly-Backend
X-Generated-On
X-GeoIP-Country-Code
X-Eu-Site
Cache
X-Hash
X-Gzip
X-GeoIP-Region-Code
X-GoCache-CacheStatus
Click-Count-Error
X-Micro-Cache
X-Powered-By-VTEX-Cache
X-Req
Esi-Enabled
X-Pool
Debug
DSUID
X-Csrf-Jwt
Gh-Request-Id
L
L5d-Success-Class
X-Core-Value
HA-Ipaddr
Ha-Gx-Prefs
X-Policy
X-Date
X-Platform
Content-Script-Type
X-NMSegId
X-Node-Id
Content-Style-Type
X-Pad
X-Op-Id-All
X-Newrelic-Synthetics
TP-L2-Cache
X-Cdn-Srv
X-Content-Length
IsBot
X-Irp-Debug
X-Gen-Mode
X-AB-Test
X-SIPLIST1
X-Request-Start
X-Server-IP
X-Bip
X-Cache-FS-Status
X-VG-TLSProxy
X-Hnp-Log
X-Thanos
X-NodeID
X-Pubstack
X-Varnish-Beresp-Status
X-CUA
X-Request-Host
X-Men
X-Block-Status
User-Cache-Control
CDN-RequestCountryCode
CDN-RequestPullCode
CDN-PullZone
CDN-EdgeStorageId
ServerName
CDN-RequestPullSuccess
Req-ID
Pramga
Fastly-SSL
Country-Code
CDN-Uid
Sid
CDN-CachedAt
Ssr
X-Cache-Hit
CDCHOST
CDN-Cache
Akamai-Mon-Iucid-Del
X-ORCA-Accelerator
X-HOST
XM
Fl-Custom-Application
X-Api-Version
X-LiteSpeed-Cache-Control
X-CACHE-GROUP
X-Varnish-Hits
X-Cs
X-Dc
X-LB-NoCache
True-Client-Country-4JS
X-HS-CF-Cache-Status
X-VWS-Id
X-GEO
X-LiteSpeed-Tag
X-AWS-Id
X-LJ-Flow-ID
X-TA-CDN-Provider
X-VServer
X-Air-Pt
X-Oracle-Dms-Ecid
X-B3-Spanid
X-Geolocation
X-Nananana
X-Cache-Date
Sever-Int
C-Via
Server-Hostname
X-Servedbyhost
X-Test
CloudFront-Viewer-Country
GeoIP-Latitude
X-Refresh
X-HITS
X-RequestId
X-Litespeed-Tag
Proxy-Firewall
Server-Ext
X-Provided-By
Fastly-Drupal-HTML
X-DC
X-B-Cookie
X-Destination
X-Application
X-External-Request-Id
X-S-Cookie
X-APP
X-B3-Parentspanid
X-IsAdmin
Is-Eu
Edge-Copy-Time
X-Via-Edge
X-Via-SSL
X-Via-CDN
Adler-Geo
X-Via-Poph
X-Zone
X-Tt-Logid
X-Dispatcher-Number
X-HA-Backend
X-Zen-Fury
X-Nginx-Cache-Key
X-Via-Popv
X-Via-Popn
S-Rt
X-Endurance-Cache-Level
Cdn-Requestid
X-LB-ID
Fastly-Drupal-Html
X-Nc
X-Wa
X-ZONE
WZWS-RAY
X-User
Cache-Tv-Group
X-DynaTrace-JS-Agent
X-Geo-Header
X-Webkit-Csp-Report-Only
T-Server
X-Custom-Header
HostName
Server-ID
X-Presslabs-Stats
Cdn
X-Srv
X-CDN-Forward
X-URL
X-COUNTRY
X-AIR-PT
X-Pass-Why
X-ND-Cache
Ohc-Cache-HIT
X-CS
X-CMSURLCustom
X-VC-TTL
Vc-Max-Age
GeoIp-Country-Code
X-Cache-Server
X-CACHE-AGE
X-HubSpot-Correlation-Id
X-Parent-Response-Time
X-Vgn-Hpd-Reason
WP-Super-Cache
X-Fpc
X-TH-Server
SID
X-Moov-Xdn-Version
Resin-Trace
True-Client-IP
X-DataCenter
X-Moov-Xdn-Caching-Status
X-NewRelic-App-Data
X-Moov-T
X-API-Version
Powered-By
X-Old-Content-Length
Pics-Label
Vix-Hermes-Req-Id
X-Varnish-Beresp-TTL
Uri
SEZNAM-JOBS-OFFER
X-Ckpd-Fst-Backend
X-Datadome
True-Client-Ip
X-Fastly-Cache
X-Srcache-Fetch-Status
X-Srcache-Store-Status
On-Server
X-APP-VERSION
Srv
X-SERVER-NAME
X-Vercel-Cache
X-TX-ID
ServerHost
GeoIP-Country-Code
X-Vercel-Id
X-FPC
Serverhost
X-Thinkindot-L1
Location
X-Cache-VC
X-Action
Thinkindot-Control
X-FTR-Expires
X-FTR-Cache-Status
X-FTR-Backend-Server
X-FTR-Backend
X-FTR-Balancer
X-Country-Code-Real
X-Client-Ip
X-Cache-TTL-Remaining
X-Amz-Meta-Opti
X-PHP-Backend
AKAMAI
X-Air-Hostname
X-Air-Trace-Id
X-Dynatrace-Js-Agent
X-Air-Source
X-Stale
X-Oracle-Dms-Rid
Server-Id
N1-Cache
Hostname
X-Datacenter
Av-Poweredby
X-Cdn-Cache-Status
X-Debug-Service
X-Info
Cl-Cache
Magicmarker
X-Resp-Is-Stale
X-WA
Xkeylog
X-Proxy-Cache-La3
X-ApacheServer
X-Fastly-Cache-Status
X-Fastly-Backend-Reqs
X-NC
X-PERF
Xkey-La3
X-VCL-Version
Tcn
X-Ssense-Shipping-Surcharge-Enabled
X-Litespeed-Cache-Control
X-Vc
X-V
X-Service-Response-Time
X-Ssense-Gql
Sm-Log-Id
X-Save-Cache
X-Nitro-Cache
X-Vary-Devices
X-Ee-Origin
X-Ee-Request-Date
X-Geo
X-Udemy-Cache-App-Namespace
X-Lb-Id
X-WA-Info
X-Ee-Generated-By
X-CDN-Cache-Status
X-Render-Time
X-Ee-Request-Id
Store-Cloud-Cache
X-VTEX-Cache-Backend-Header-Time
X-VTEX-Cache-Backend-Connect-Time
X-Cms-Device
Time-Cloud-Cache
X-IAuth-Set-Uid
CDN
X-Cache-Ttl
X-Github-Request-Id
X-Ha-Backend
X-Via-PopH
X-App
Cache-Hits
X-Ua
TWC-GeoIP-DMA
TWC-GeoIP-City
X-Via-PopN
TWC-GeoIP-Region
X-Rollout
X-Eligible
X-New
X-Via-PopV
X-Uri
X-Oracle-DMS-ECID
X-Esi
X-Limited
Cloudfront-Viewer-Country
X-Forwarded-Site
X-Region-Sid
Geoip-Latitude
X-Jungle-Id
RewriteTeamHook
RewriteTestHook
X-Ion-Healthy
Cache-Contol
Log-Origin
Machine
X-Akamai-Pragma-Client-IP
X-ServedByHost
X-Ion-Hop
X-LAGOON
My-App
Cmsid
Server-Info
Cneonction
Cmstype
WWW-Authenticate
X-Traceid
WebServer
X-Lb-Nocache
X-Correlation-ID
CountryCode
X-Git-Commit
X-Requestid
X-Dw-Trace-Id
X-MSEdge-Features
Edge-Cache
X-EC-Lua
X-From
X-MSEdge-Flight
Pragrma
X-Up
Cf-Ipcountry
X-Ftr-Request-Id
X-Container-Uri
X-Acquia-Application-Trace
X-Acquia-Application-UUID
Reporter
X-Html-Minification-Powered-By
X-Cdn-Request-ID
CacheControlHeader
Lb
X-Acquia-Purge-Tags
X-Varnish-Hostname
X-SRCache-Key
X-HS-Status
X-Akamai-Transformed
FSS-Cache
Permission-Policy
X-Check-Cacheable
X-Acquia-Site
X-Serial
X-Pod
X-Sucuri-Id
X-Elasticpress-Query
X-Fastly-Cache-Hits
X-Ms-Lease-Status
X-Ms-Blob-Type
X-BBC-Origin-Response-Status
Timeexpire
X-Ramcache
X-Akamai-ERRuleID
CF-Cached-On
PICS-Label
X-Tncms-Bot-Tier
X-Orig-Cache-Control
X-Platform-Cluster
X-Akamai-ERPolicy
X-Platform-Router
X-Platform-Processor
Warning