Threat Level: green Handler on Duty: Daniel Wesemann

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
X-Frame-Options
Expires
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
CF-Cache-Status
Cf-Request-Id
ETag
Accept-Ranges
Expect-CT
CF-RAY
Pragma
X-Powered-By
X-Cache
Via
Age
X-XSS-Protection
Content-Security-Policy
Alt-Svc
Report-To
NEL
Referrer-Policy
Access-Control-Allow-Origin
X-Xss-Protection
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
X-Served-By
X-Download-Options
P3P
X-Timer
Access-Control-Allow-Headers
X-Request-Id
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
CF-Ray
Content-Security-Policy-Report-Only
X-Runtime
P3p
X-DNS-Prefetch-Control
X-AspNet-Version
X-Drupal-Cache
Server-Timing
X-Generator
X-Cache-Status
Accept-CH
X-Cacheable
X-Envoy-Upstream-Service-Time
X-FRAME-OPTIONS
Timing-Allow-Origin
X-Iinfo
X-Drupal-Dynamic-Cache
Permissions-Policy
X-Request-ID
X-Content-Security-Policy
Access-Control-Expose-Headers
Feature-Policy
Upgrade
Content-Encoding
Status
X-Check
Accept-Ch
X-CDN
X-Ua-Compatible
X-AspNetMvc-Version
Access-Control-Max-Age
Host-Header
Cf-Edge-Cache
X-Robots-Tag
Request-Context
X-Amz-Request-Id
X-Amz-Id-2
X-Backend
X-Hacker
X-Turbo-Charged-By
Cf-Apo-Via
X-Cache-Group
X-Proxy-Cache
Keep-Alive
X-Via
X-Rq
X-Age
X-UA-Device
EagleId
X-Server
X-Dispatcher
X-Vhost
X-Dns-Prefetch-Control
X-Amz-Version-Id
X-AH-Environment
X-Ws-Request-Id
X-Varnish-Cache
Grace
X-Server-Powered-By
X-Litespeed-Cache
X-Pingback
X-WebKit-CSP
Accept-CH-Lifetime
X-Styx-Req-Id
Allow
X-Pantheon-Styx-Hostname
X-Swift-CacheTime
X-Swift-SaveTime
X-OneAgent-JS-Injection
Ali-Swift-Global-Savetime
X-Cache-Lookup
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Page-Speed
X-Cloud-Trace-Context
X-Device
X-Backend-Server
EagleEye-TraceId
X-Akam-SW-Version
X-Host
Xkey
Surrogate-Control
X-Response-Time
Cf-Railgun
X-Readtime
X-Node
X-HW
X-Server-Id
X-LiteSpeed-Cache
X-Ruxit-JS-Agent
Request-Id
X-Country
X-Nginx-Cache-Status
X-Url
Cache-Tag
X-Content-Type
Content-Location
X-Application-Context
X-NWS-LOG-UUID
Accept-Ch-Lifetime
X-Nginx-Upstream-Cache-Status
X-Clacks-Overhead
Service-Worker-Allowed
X-Trace
Cross-Origin-Opener-Policy
Fastly-Restarts
X-Amz-Server-Side-Encryption
X-Country-Code
X-Rack-Cache
X-Times
X-TtlSet
X-PC
X-Vname
X-Edge
X-Midtier
X-Mcache
Rating
Surrogate-Key
X-Browser-Type
X-Cache-TTL
X-Sol
X-Middleton-Display
Pagespeed
Display
X-Server-Name
X-Cnection
X-Element-Page-Cache
X-Abt-Application-Version
X-GoogleNews-Bot
X-Exp-Variant
X-Kinja
X-Cdn-Fetch
X-Kinja-Build
X-Kinja-Revision
X-Exp-Id
X-Kinja-Server
Nginx-Cache
X-Oneagent-Js-Injection
X-ESI
X-Powered-By-Plesk
X-Ser
X-GitHub-Request-Id
Edge-Control
X-D2id
X-Ac
X-ECACHE
Verso
X-Vcap-Request-Id
X-MS-InvokeApp
X-Client-IP
X-ARC
X-Dw-Request-Base-Id
X-B3-TraceId
Response
X-Middleton-Response
X-CST
X-Amz-Rid
X-ORACLE-DMS-RID
X-Navigation-Version
X-Powered-CMS
X-Goog-Hash
X-Upstream
X-Erf-Bev-Bev-Is-Generated
X-Edge-Location-Klb
X-PDP-UNCACHING-HASH
X-Erf-Bev-Bev
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
X-Instrumentation
X-Kinsta-Cache
X-Daa-Tunnel
X-Wormhole-Sdk
X-Ratelimit-Limit
X-Forwarded-For
X-Amzn-Trace-Id
X-NF-Request-ID
RTSS
X-Cache-Key
X-FastCGI-Cache
AR-ATIME
AR-Request-ID
AR-PoweredBy
AR-SID
SPIisLatency
SPRequestDuration
X-Ratelimit-Remaining
X-Server-ID
X-Mod-Pagespeed
Cache-Status
Edge-Cache-Tag
Public-Key-Pins
X-Version
X-Ruxit-Js-Agent
X-Mg-S
X-Ezoic-Cdn
X-Ttl
X-ORACLE-DMS-ECID
X-Content-Digest
X-SharePointHealthScore
SPRequestGuid
AR-CACHE
Realpath
S
Cross-Origin-Resource-Policy
X-Varnish-TTL
X-Shield-Request-Id
X-MSEdge-Ref
X-T
Fastcgi-Cache
X-Cached
X-Ua-Device
X-Recruiting
X-Fastly-Request-ID
X-Accel-Expires
Front-End-Https
X-Distributor
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-TTL
TP-Cache
Access-Control-Request-Method
X-Newrelic-App-Data
X-Azure-Ref
X-Request-Received
X-Correlation-Id
X-Request-Processing-Time
X-Id
X-Ua-Browser
X-Debug
Count-Hit
X-HS-Content-Id
X-HS-Hub-Id
X-HS-Cache-Config
MicrosoftSharePointTeamServices
Arr-Disable-Session-Affinity
Server-Node
X-LLID
X-Content-Security-Policy-Report-Only
Origin-Trial
X-HS-Combine-CSS
X-VARITI-CCR
Cache-Tags
X-Frontend
X-Ismobilevalue
X-Cluster-Name
X-PressLabs-Stats
Pinterest-Version
Pinterest-Generated-By
X-Pinterest-Rid
X-Amz-Replication-Status
X-GUploader-UploadID
X-Varnish-Backend
Payment
X-Hits
X-Protected-By
X-Goog-Metageneration
X-LB-Cache
X-Forwarded-Proto
X-Request-Handler-Origin-Region
X-Microsite
X-Unique-Id
Cleartype
X-Varnish-Server
X-NGENIX-Cache
Host
X-Activity-Id
X-AppVersion
X-Git-Hash
X-FB-Debug
X-Az
X-Www-Served-By
Filterid
X-Logged-In
X-Ratelimit-Reset
X-Tt-Trace-Tag
Content-Disposition
X-Tt-Trace-Host
X-Hostname
X-Page-Id
X-App-Server
X-DIS-Request-ID
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Cambria-Cache-Control
X-HP-Trace-Id
X-Jurisdiction
X-HP-Webp
Akamai-GRN
X-Xrds-Location
X-Nf-Request-Id
Mrf-Cache-Status
X-Geo-Country
MRF-Tech
X-Template
X-B3-TraceId-Primal
X-Aspnet-Version
X-Origin-Server
Access-Control-Allow-Method
X-ASPNET-VERSION
X-Fastcgi-Cache
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
Frame-Options
Retry-After
X-Load-Cache
X-Upgrade-Enabled
X-Goog-Generation
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Type
MS-Author-Via
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
Fastly-SIE
Viewport
X-Ah-Environment
Section-Io-Cache
Version
Fastly-SWR
X-TT
X-Content-Options
Accept-Charset
X-Cache-Control
Content-MD5
X-B3-Sampled
X-Fb-Rlafr
X-B
X-Rid
Amp-Access-Control-Allow-Source-Origin
X-Grace
X-SRCache-Fetch-Status
X-FTR-Request-ID
X-SRCache-Store-Status
X-Varnish-Ttl
X-Request-Guid
X-Vcl-Version
X-Envoy-Decorator-Operation
X-Trace-Id
X-Revision
X-Source
X-Cdn
Healthy
X-Device-Type
Server-Name
X-Magnolia-Registration
Trailer
X-Language
X-Origin-Cache
X-RateLimit-Remaining
X-Aspnetmvc-Version
X-Webkit-CSP
X-Buckets
X-CSRF-Token
X-Px
X-Amz-Meta-S3cmd-Attrs
X-Cache-Age
X-WP-CF-Super-Cache-Active
X-Mobile
X-Contextid
X-Akamai-Edgescape
X-Backend-Name
TCN
X-Tumblr-Pixel-1
X-Proxy
X-App-Environment
X-ProcessESI
X-Status
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Tumblr-User
X-RM-Cache-TTL
X-RemovedCookies
X-Debug-Info
X-Environment-Context
X-L-Path
X-Instance
X-NYM-Debug-Backend
X-Adobe-Loc
X-Framework
X-FW-Dynamic
X-FW-Serve
X-FW-Hash
NGB
SD-X-WS
X-Adobe-Content
Cross-Origin-Window-Policy
X-Debug-IsConnected
Access-Control-Request-Headers
X-Debug-IsPreview
X-FW-Server
X-Mg-Request-UUID
X-UUID
X-Node-Name
X-Proxy-Cache-Info
X-Rule
X-FW-Version
X-G
X-FW-Type
X-FW-Static
X-Storage
X-Varnish-Grace
X-Region
Ms-Operation-Id
MS-CV
X-Tec-Api-Version
X-Tec-Api-Root
X-Cacheable-TTL
X-Tec-Api-Origin
X-Edge-Location
DC
X-HS-Prerendered
X-Is-Bot
X-ServerID
X-RTag
X-HTML-Minification-Powered-By
X-Rendered-As
GEO-INFO
X-Content-Powered-By
X-Cache-Time
X-Datadog-Trace-Id
X-EdgeConnect-Cache-Status
X-Datadog-Sampling-Priority
X-Datadog-Sampled
X-Yottaa-Optimizations
X-Datadog-Parent-Id
X-Yottaa-Metrics
X-Seen-By
Upgrade-Insecure-Requests
Charset
Protected
Paypal-Debug-Id
X-Whom
X-User-Agent
Countrycode
OT-Force-Account-Verify
Webserver
X-Lambda-Id
Refresh
Front
X-TT-LOGID
Section-Io-Id
Cross-Origin-Embedder-Policy-Report-Only
X-Response-Served-From
X-Original-Request-Id
X-WebKit-CSP-Report-Only
X-VHOST
X-ECache
X-TraceId
Priority
X-Reqid
X-Amzn-Remapped-Content-Length
Alternate-Protocol
X-IPS-LoggedIn
X-VC
SRV
X-Akamai-Request-ID2
X-AB
X-B3-Traceid
X-Fastly-Request-Id
Xet-Cookie
X-N
Country
X-Server-W
X-Time
X-WP-CF-Super-Cache-Cookies-Bypass
Backend
Liferay-Portal
X-Cache-Status-Check
X-B3-SpanId
X-CCDN-Origin-Time
X-Hcs-Proxy-Type
X-CCDN-CacheTTL
X-Real-IP
X-XRDS-Location
X-Mode
X-Hl-Ver
Onion-Location
X-Rn-Rsrv
ServerID
TWC-Connection-Speed
X-Tb
X-Rewrite-Enabled
Webcakes-Region
TWC-Device-Class
TWC-Locale-Group
X-JoinUs
Environment
TWC-GeoIP-LatLong
TWC-Privacy
TWC-GeoIP-Country
X-Origin-Hint
Webcakes-App-Version
Webcakes-App-Name
X-SaId
X-Cache-Host
X-VC-Cache
X-Tumblr-Pixel-2
Filters
Meta-Geo
X-UPSTREAM-Address
X-Cache-Expired-At
X-Scope-Id
Fastcgi-Useragent
DB-Nickname
From-Origin
X-Format
Property-Id
X-FB-TRIP-ID
X-Fetched-On
Expiry
Web-Mar-Node
X-Accel-Version
X-Forwarded-Host
X-Hosted-By
Uber-Trace-Id
X-Cache-Action
X-Frame-Option
X-SayCDN-TTL
X-Request-URI
X-Redis-Cache
X-Restarts
X-Web-Node
Mn-Server-Ip
X-Cluster-Node
X-Skip-Cache
X-Connection-Hash
X-Origin-Date
X-Varnish-Age
X-Say-TTL
X-Say-Cacheable
Apigw-Requestid
X-Rocket-Nginx-Serving-Static
Atl-Traceid
X-Webstats-RespID
X-Httpd
X-Soup
X-Origin-TTL
X-Vcache
X-Tncms
X-Adobe-Source
X-Cms-Context
Accept-Language
X-Director
X-Nginx-Cache
X-IPLB-Instance
X-Varnish-Cache-Hits
X-Loop
X-Logging-Id
X-Labrador-Cache-Channel
X-IPLB-Request-ID
X-R9-Blue-Green-Version
X-Origin-CC
X-PHP-Host
X-BYPASS-REASON
Url
X-Cluster
X-Auth-Group-Type
X-Timing-Wait
X-Varnish-Beresp-Grace
X-ProxyCache-Status
X-ProxyCache-Key
X-Proxy-Build
X-Servername
X-Handled-By
Selected-Fe
X-Detected-As
X-Cloudmap
Cross-Origin-Embedder-Policy
X-Extlb
X-Origin
X-Zipkin-Id
X-Served-From
X-Routing-Service
ServedBy
X-Proxied
X-DynaTrace
Referer-Policy
X-S
X-DataDome
X-LSADC-Cache
X-Generated-By
X-Wix-Request-Id
X-Hit
X-SRV
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
N-Cache
X-Ms-Version
X-Ms-Request-Id
X-Lagoon
Xserver
X-Tumblr-Pixel-3
X-Webkit-Csp
WPO-Cache-Message
WPO-Cache-Status
X-Xfnlog-Site
X-Azure-Ref-OriginShield
Source
Surrogated-Key
LB
X-Worker
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Via-JSL
X-App-Version
Cross-Origin-Opener-Policy-Report-Only
X-Cache-Debug
X-RCS-CacheZone
X-NWS-UUID-VERIFY
X-Sucuri-Cache
CF-IPCountry
X-Generation-Time
X-VCT
Ohc-File-Size
X-Proxy-Cache-Status
Node
X-F-Cache
CDN-RequestId
X-Cdn-Origin
X-Sucuri-ID
X-Drupal-Cache-Tags
X-Drupal-Cache-Contexts
X-Is-Mobile
X-Is-Supported-Browser
X-Geo-Region
X-Is-Tablet
X-Tcp-Rtt
X-Upstream-Ct
X-UA
X-Is-Desktop
X-Upstream-Ht
X-Browser-Name
X-Urbn-Site-Id
Locale
X-Urbn-Context-Path
X-No-Session
X-B-Cache
X-NODE
X-Signature
X-MP-GENERATED-AT
X-HS-CF-Cache-Status
X-Tx-Id
X-Varnish-Beresp-Ttl
X-ShopId
X-Service
X-Shopify-Stage
X-Cache-Hit
X-Alternate-Cache-Key
X-TA-CDN-Provider
X-Sorting-Hat-PodId
X-ShardId
X-Sorting-Hat-ShopId
X-Storefront-Renderer-Rendered
X-Cache-Operation
X-ElasticPress-Query
X-Litespeed-Tag
Cache-Provider
BehaviorPad-Version
TDXMobile
Candidate-Md5Url
Cache
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
User-Agent
Wxu-Next-Commit
Apple-News-Services-Handled
W
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
We-Hiring
Apple-News-Services-Request-Url
Rendered-Blocks
Odigeo-Trace-Id
Fl-Custom-Application
Origin
Fastly-GeoIP-CountryCode
Ngx.Var.Host
Wxu-Next-Hostname
MD5-Digest
Lang
Host-ID
Meta-Geo-Continent
Fastly-Backend-Name
Expect-Staple
Cluster
Mail-Subject
Cdnsip
Sslversion
Redirect-Candidate
Content-Secure-Policy
PFcat
DCR-Processing-Time-Ms
Producers
DCR-Decision-By
Cdncip
X-Backend-Instance
X-Mly-Id
X-Vmg-Version
X-Loc
X-Nyt-Route
X-Op-Id-All
X-Org
X-ORCA-Accelerator
X-Jobs
X-INCAP-ABP
X-GeoIP
X-GeoCountry
X-GeoIP-City
X-HN
X-Ig-Push-State
X-Ig-Origin-Region
X-Origin-Expires
X-Origin-Time
X-Thinkindot-L3
X-Shield-Cache-Expires
X-Section
X-TIM-N
X-Varnish-Authentication
X-Varnish-CookieINHashed-On
X-Varnish-CookieHashed-On
X-ScT
X-Rojux
X-Vdms-Version
X-Path
X-PAYTM-SRV-ID
X-Platform-Server
X-VarnishDD-TTL
X-Proxied-Request
X-GeoCode
X-Gdpr
X-AK-Request-ID
X-Aicache-OS
X-Aed
X-Akamai-Device-Characteristics
X-App-Name
X-Bc-Bl
X-Varnish-Remaining-TTL
Xc-Version
X-Access
X-A-Dam
X-A
X-A-Dcw
X-A-Dgt
X-AB-Test
X-A-Wwc
X-BCube-Filmed-By
X-Cache-Aspx
X-Depends
X-DefHash
X-DefElseHash
X-Developer
X-DPWN-IS-SECURE
X-Ec-GeoHdr
X-Ec-Fail
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-Cache-NE
X-Cache-Info
X-Conf
X-Vtex-Remote-Cache
X-D
X-Contensis-Viewer-Groups
Wxu-Next-Region
X-A-Ccd
X-Locale
X-Cache-Rule
AMP-Access-Control-Allow-Source-Origin
Mime-Version
Akamai-Mon-Iucid-Del
X-NGINX-Cache
Req-Svc-Chain
X-Dispatcher-Server
X-Date
X-Core-Value
X-Clientip
X-Content-Age
X-Content-Length
X-Csrf-Jwt
X-Edge-Server
X-FC-Vary-Parameters
X-Fmm-Version
X-Gamma-Serve
X-Fastly-Backend
X-Eu-Site
X-Epic-Correlation-Id
X-Esi-Check
X-CGP
X-Cached-By
X-Amz-Meta-Cb-Modifiedtime
X-Amz-Storage-Class
X-Auto-Login
X-Accel-Expires-Debug
X-Site-Version
Server-Host
V-Age
Web-Mar-Region
X-B3-Trace-ID
X-BBC-Edge-Cache-Status
X-Cache-Id
X-Generated-On
RNT-Time
RNT-Machine
X-Cache-Grace
X-Bl-Debug
X-Bug-Bounty
X-Cache-Bucket
X-Cdn-Srv
X-GeoIP-Country-Code
X-SVT-ORM-VERSION
X-Tb-Optimization-Total-Bytes-Saved
X-UA-Device-Type
X-V-Cache
X-SVT-ORM-RULES
X-Sn-Servicetimems
X-SIPLIST1
X-Slack-Backend
X-Slack-Shared-Secret-Outcome
X-Varnish-Director
X-Varnishpool
X-We-Are-Hiring
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-VTEX-Cache-Time
X-VTEX-Cache-Server
X-VG-WebCache
X-Via-Fastly
X-Viewer-Country
X-SD-PageType
X-Scheme
X-Irp-Debug
X-Level-Front-Cache
X-Location
X-Micro-Cache
X-Internal-TTL
X-Hash
X-GeoIP-Region-Code
X-GoCache-CacheStatus
X-Gzip
X-Mvc-Supplant-Cachable
X-NMSegId
X-Req
X-Request-Time
X-SB
X-Proto
X-Powered-By-VTEX-Cache
X-Node-Id
X-NodeID
X-Origin-Response-Time
Product
X-HS-Content-Campaign-Id
Azure-SlotName
NM-Fastcgi-Cache
Azure-SiteName
Cdn-Host
Azure-InstanceId
Content-Script-Type
Azure-Version
Origin-EX
Origin-Agent-Cluster
HA-Ipaddr
Cdn-Request-Time
CDCHOST
Cache-Key
Origin-CC
Content-Style-Type
Azure-RegionName
IsBot
Platform
Gannett-Cam-Experience-Id
Fastly-SSL
Esi-Enabled
L
Debug
Ha-Gx-Prefs
L5d-Success-Class
X-Pool
CDN-RequestPullSuccess
CDN-PullZone
CDN-RequestPullCode
CDN-RequestCountryCode
X-Mvc-Supplant-OutputCached
X-Policy
X-Platform
Gh-Request-Id
X-RID
X-Acquia-Purge-Cdn-Unconfigured
X-CacheTTL
X-Hnp-Log
X-Human
X-Block-Status
X-Gen-Mode
X-Cache-FS-Status
X-HITS
DSUID
NGX
Country-Code
CDN-Uid
X-Men
Click-Count-Action-Start
Click-Count-Error
X-Ec-Custom-Error
CDN-EdgeStorageId
Tube-Get-Contents
X-VG-TLSProxy
Tube-Got-Eval
Tube-Got-Results
XkeyRZ
XM
X-Var-Ttl
Yak-Timeinfo
X-VServer
Req-ID
Pramga
ServerName
Tube-Return
X-Request-Start
X-Request-Host
A
X-Proxy-CacheRZ
CDN-CachedAt
CDN-Cache
Canary
User-Cache-Control
X-Server-IP
X-Cdn-Forward
X-RateLimit-Limit
X-URL
X-Pad
X-Geolocation
X-CUA
Release
X-HOST
X-Bip
X-Thanos
X-LB-NoCache
X-Pubstack
Ssr
X-Varnish-Beresp-Status
X-Varnish-Hits
X-Application
X-Destination
X-B-Cookie
X-Refresh
X-Newrelic-Synthetics
X-IsAdmin
X-External-Request-Id
X-Cache-Date
X-S-Cookie
X-FTR-Backend-Server
X-FTR-Cache-Status
X-FTR-Backend
X-Country-Code-Real
X-FTR-Balancer
X-FTR-Expires
X-CACHE-GROUP
X-CDN-Forward
Sid
X-Optimistic-Header
X-Zen-Fury
X-Via-CDN
X-GEO
TP-L2-Cache
X-Via-SSL
Edge-Copy-Time
X-Nananana
X-Via-Edge
X-CLOUD-TRACE-CONTEXT
X-XRDS-LOCATION
X-User
CloudFront-Viewer-Country
X-Dc
X-APP
X-Servedbyhost
X-Cs
X-ZONE
Cdn-Requestid
Fastly-Drupal-HTML
X-Api-Version
X-Oracle-Dms-Ecid
X-RequestId
X-DC
GeoIP-Latitude
Proxy-Firewall
X-VC-TTL
X-HA-Backend
Ohc-Cache-HIT
C-Via
X-Via-Popn
X-Via-Popv
X-B3-Spanid
Server-ID
X-Via-Poph
True-Client-Country-4JS
X-Endurance-Cache-Level
X-AIR-PT
X-Nc
Server-Hostname
X-CACHE-AGE
X-Wa
Server-Ext
X-Air-Pt
X-Test
X-LiteSpeed-Cache-Control
Fastly-Drupal-Html
Sever-Int
X-LJ-Flow-ID
X-AWS-Id
X-VWS-Id
X-Vgn-Hpd-Reason
Adler-Geo
X-B3-Parentspanid
X-TH-Server
X-Webkit-Csp-Report-Only
X-Resp-Is-Stale
X-LB-ID
X-CS
Is-Eu
X-DynaTrace-JS-Agent
X-SERVER-NAME
Cdn
X-Presslabs-Stats
X-LiteSpeed-Tag
X-Tt-Logid
X-Provided-By
X-Zone
GeoIp-Country-Code
WP-Super-Cache
X-COUNTRY
X-Nginx-Cache-Key
HostName
X-Dispatcher-Number
WZWS-RAY
X-Old-Content-Length
X-Moov-Xdn-Version
X-Moov-Xdn-Caching-Status
X-Moov-T
SID
X-API-Version
X-Datadome
X-Srv
X-Pass-Why
X-Geo-Header
X-Fpc
S-Rt
T-Server
X-DataCenter
X-Custom-Header
X-Parent-Response-Time
X-HubSpot-Correlation-Id
X-NewRelic-App-Data
X-ND-Cache
Cache-Tv-Group
True-Client-IP
X-Thinkindot-L1
X-Cache-VC
X-Cache-Server
X-Action
Location
Vc-Max-Age
X-CMSURLCustom
X-Oracle-Dms-Rid
X-Vercel-Id
Resin-Trace
SEZNAM-JOBS-OFFER
Uri
Pics-Label
X-Vercel-Cache
X-Litespeed-Cache-Control
Powered-By
N1-Cache
True-Client-Ip
Tcn
Vix-Hermes-Req-Id
X-FPC
X-TX-ID
Serverhost
X-Varnish-Beresp-TTL
X-Service-Response-Time
X-Dynatrace-Js-Agent
Sm-Log-Id
X-Client-Ip
X-PERF
GeoIP-Country-Code
X-Datacenter
X-ApacheServer
X-Ckpd-Fst-Backend
X-Fastly-Cache
X-Stale
X-Srcache-Store-Status
TWC-GeoIP-Region
TWC-GeoIP-City
TWC-GeoIP-DMA
X-Srcache-Fetch-Status
Cache-Hits
X-Cache-TTL-Remaining
Thinkindot-Control
Hostname
X-Ua
On-Server
Srv
X-WA-Info
X-Render-Time
X-APP-VERSION
X-Traceid
X-Vc
X-Fastly-Cache-Status
Av-Poweredby
X-Nitro-Cache
ServerHost
X-Cdn-Cache-Status
X-Debug-Service
X-Uri
X-Ssense-Shipping-Surcharge-Enabled
X-Ssense-Gql
RewriteTeamHook
Server-Id
X-Ion-Healthy
X-Jungle-Id
X-Ion-Hop
X-WA
Lb
Log-Origin
AKAMAI
Cache-Contol
RewriteTestHook
X-PHP-Backend
X-NC
X-Amz-Meta-Opti
Geoip-Latitude
My-App
X-Air-Trace-Id
X-Air-Source
Cmstype
X-Proxy-Cache-La3
X-Air-Hostname
Cf-Ipcountry
X-VTEX-Cache-Backend-Header-Time
X-Ee-Origin
X-Ee-Generated-By
X-Lb-Id
X-Vary-Devices
X-Ee-Request-Date
X-Ee-Request-Id
X-Save-Cache
X-Cms-Device
Time-Cloud-Cache
Xkey-La3
X-Udemy-Cache-App-Namespace
X-VTEX-Cache-Backend-Connect-Time
Xkeylog
Cmsid
Store-Cloud-Cache
X-Cache-Ttl
Cl-Cache
X-Oracle-DMS-ECID
X-Github-Request-Id
X-From
X-Up
Magicmarker
X-Fastly-Backend-Reqs
X-Via-PopH
X-Via-PopN
X-Via-PopV
X-Info
X-Ha-Backend
WebServer
X-Geo
X-Esi
X-VCL-Version
Cloudfront-Viewer-Country
X-Akamai-Pragma-Client-IP
X-Requestid
X-App
X-ServedByHost
CacheControlHeader
X-IAuth-Set-Uid
WWW-Authenticate
X-CDN-Cache-Status
X-Limited
CountryCode
X-Correlation-ID
CDN
X-New
X-Dw-Trace-Id
X-Rollout
Warning
X-MSEdge-Features
X-MSEdge-Flight
X-V
X-Eligible
X-LAGOON
X-Lb-Nocache
NtCoent-Length
Reporter
Cneonction
X-Region-Sid
Machine
X-Forwarded-Site
X-HS-Status
X-Acquia-Site
X-Acquia-Purge-Tags
FSS-Cache
X-Wp-Cf-Super-Cache-Cache-Control
X-Akamai-Transformed
X-Serial
X-Acquia-Application-UUID
X-Check-Cacheable
X-Acquia-Application-Trace
X-Wp-Cf-Super-Cache
X-Pod
X-Sucuri-Id
Pragrma
X-BBC-Origin-Response-Status
Server-Info
X-Ms-Blob-Type
X-Web-Server
X-Tncms-Bot-Tier
X-Ms-Lease-Status
X-Td-Header-From-No-Data
Thinkindot-Cache-Type
X-Platform-Cluster
X-Akamai-ERRuleID
X-Orig-Cache-Control
CF-Cached-On
X-Akamai-ERPolicy
Timeexpire
X-Elasticpress-Query
X-Platform-Router
X-Platform-Processor
X-Ramcache