Threat Level: green Handler on Duty: Jim Clausing

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
X-Frame-Options
Expires
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
Accept-Ranges
Expect-CT
CF-RAY
Pragma
X-Powered-By
X-Cache
X-XSS-Protection
Via
Age
Content-Security-Policy
Report-To
Alt-Svc
NEL
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Xss-Protection
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
X-Served-By
P3P
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Request-Id
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
CF-Ray
Content-Security-Policy-Report-Only
X-Runtime
X-DNS-Prefetch-Control
X-AspNet-Version
P3p
X-Drupal-Cache
X-Generator
Server-Timing
X-Cache-Status
X-Request-ID
X-Cacheable
X-Envoy-Upstream-Service-Time
X-FRAME-OPTIONS
Timing-Allow-Origin
X-Iinfo
X-Drupal-Dynamic-Cache
X-Check
Permissions-Policy
X-Content-Security-Policy
Access-Control-Expose-Headers
Feature-Policy
Upgrade
Content-Encoding
Status
X-Ua-Compatible
X-CDN
X-AspNetMvc-Version
Access-Control-Max-Age
Host-Header
Cf-Edge-Cache
X-Robots-Tag
Request-Context
X-Amz-Request-Id
X-Amz-Id-2
X-Backend
Accept-CH
X-Hacker
X-Turbo-Charged-By
X-Cache-Group
Cf-Apo-Via
X-Proxy-Cache
Keep-Alive
X-Via
X-Rq
EagleId
X-Server
X-Age
X-Dispatcher
X-UA-Device
X-Dns-Prefetch-Control
X-Vhost
X-Amz-Version-Id
X-AH-Environment
Accept-CH-Lifetime
X-Ws-Request-Id
X-Varnish-Cache
Grace
X-Server-Powered-By
X-Litespeed-Cache
X-WebKit-CSP
Allow
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Swift-CacheTime
X-Swift-SaveTime
X-Pingback
X-Cache-Lookup
X-OneAgent-JS-Injection
Ali-Swift-Global-Savetime
X-Page-Speed
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Device
X-Backend-Server
EagleEye-TraceId
X-Cloud-Trace-Context
X-Akam-SW-Version
X-Host
X-Response-Time
Surrogate-Control
Cf-Railgun
X-Readtime
X-Node
X-HW
X-LiteSpeed-Cache
X-Server-Id
X-Ruxit-JS-Agent
Xkey
Request-Id
X-Country
X-Nginx-Cache-Status
X-Url
X-NWS-LOG-UUID
X-Application-Context
X-Content-Type
Cache-Tag
X-Nginx-Upstream-Cache-Status
Content-Location
X-Clacks-Overhead
Service-Worker-Allowed
X-Trace
X-Amz-Server-Side-Encryption
Fastly-Restarts
Cross-Origin-Opener-Policy
X-Times
X-Vname
X-PC
X-TtlSet
X-Rack-Cache
X-Midtier
X-Mcache
X-Edge
X-Country-Code
Rating
Surrogate-Key
X-Server-Name
X-Browser-Type
X-Sol
Pagespeed
Display
X-Middleton-Display
X-Cache-TTL
X-Cnection
X-Element-Page-Cache
X-Abt-Application-Version
X-Exp-Variant
X-Cdn-Fetch
X-Exp-Id
X-GoogleNews-Bot
X-Kinja-Server
X-Kinja-Build
X-Kinja-Revision
X-Kinja
X-ESI
X-Oneagent-Js-Injection
X-Ser
Nginx-Cache
X-GitHub-Request-Id
X-Powered-By-Plesk
Edge-Control
X-D2id
Verso
X-Ac
X-Vcap-Request-Id
X-Dw-Request-Base-Id
X-ARC
Accept-Ch-Lifetime
X-Client-IP
X-MS-InvokeApp
X-ECACHE
X-Aspnet-Version
X-Daa-Tunnel
X-B3-TraceId
X-CST
X-Navigation-Version
X-Amz-Rid
X-Goog-Hash
Response
X-Middleton-Response
X-Upstream
X-Powered-CMS
X-ORACLE-DMS-RID
X-Kraken-Loop-Name
X-Erf-Bev-Bev
X-Instrumentation
X-Erf-Bev-Bev-Is-Generated
X-Server-Lifecycle-Phase
X-PDP-UNCACHING-HASH
X-Server-ID
X-Kinsta-Cache
X-Edge-Location-Klb
X-Ttl
X-NF-Request-ID
X-Ua-Device
AR-SID
AR-Request-ID
AR-PoweredBy
AR-ATIME
X-Amzn-Trace-Id
X-Cache-Key
X-Forwarded-For
X-Wormhole-Sdk
RTSS
X-Mod-Pagespeed
X-Ratelimit-Limit
SPIisLatency
SPRequestDuration
Edge-Cache-Tag
Cache-Status
X-Ratelimit-Remaining
X-Version
X-Ruxit-Js-Agent
Public-Key-Pins
AR-CACHE
X-Mg-S
X-ORACLE-DMS-ECID
X-Ezoic-Cdn
Cross-Origin-Resource-Policy
S
Realpath
SPRequestGuid
X-SharePointHealthScore
X-FastCGI-Cache
X-Content-Digest
X-Shield-Request-Id
X-MSEdge-Ref
X-T
Fastcgi-Cache
X-Cached
X-Recruiting
Accept-Ch
X-Accel-Expires
Access-Control-Request-Method
X-Distributor
X-Fastly-Request-ID
X-Newrelic-App-Data
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
Front-End-Https
TP-Cache
X-Correlation-Id
Count-Hit
X-Debug
Arr-Disable-Session-Affinity
X-Request-Processing-Time
X-Request-Received
X-HS-Hub-Id
X-HS-Cache-Config
X-HS-Content-Id
X-Id
X-Varnish-TTL
Server-Node
X-Content-Security-Policy-Report-Only
MicrosoftSharePointTeamServices
X-Ua-Browser
X-LLID
X-Azure-Ref
X-VARITI-CCR
X-HS-Combine-CSS
X-Frontend
X-Ah-Environment
X-PressLabs-Stats
X-Cluster-Name
Cache-Tags
X-Ismobilevalue
X-Hits
Payment
X-Amz-Replication-Status
X-LB-Cache
X-GUploader-UploadID
X-Forwarded-Proto
X-Varnish-Backend
X-Goog-Metageneration
X-Fastcgi-Cache
X-Microsite
X-Request-Handler-Origin-Region
X-Protected-By
X-FB-Debug
Host
Filterid
X-Git-Hash
X-Logged-In
X-Unique-Id
Cleartype
X-Varnish-Server
X-Az
Content-Disposition
X-Activity-Id
X-AppVersion
X-Www-Served-By
X-Varnish-Ttl
X-Ratelimit-Reset
X-Tt-Trace-Tag
X-App-Server
X-Tt-Trace-Host
X-Hostname
X-NGENIX-Cache
X-Amz-Apigw-Id
X-Amzn-RequestId
X-TTL
Origin-Trial
X-HP-Webp
X-HP-Trace-Id
X-Jurisdiction
X-DIS-Request-ID
X-Page-Id
X-B3-TraceId-Primal
Pinterest-Generated-By
Mrf-Cache-Status
X-Pinterest-Rid
Pinterest-Version
MRF-Tech
X-Geo-Country
Access-Control-Allow-Method
X-Origin-Server
Retry-After
X-Load-Cache
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
X-ASPNET-VERSION
X-Cambria-Cache-Control
X-Upgrade-Enabled
X-Goog-Storage-Class
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
Akamai-GRN
MS-Author-Via
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Template
Accept-Charset
Fastly-SWR
Section-Io-Cache
X-Type
Fastly-SIE
X-TT
X-Fb-Rlafr
Viewport
X-Cache-Control
X-RateLimit-Remaining
X-B3-Sampled
X-Content-Options
X-Grace
Version
X-B
Content-MD5
Frame-Options
Amp-Access-Control-Allow-Source-Origin
X-Xrds-Location
X-Nf-Request-Id
X-Request-Guid
X-Revision
X-Trace-Id
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Vcl-Version
Healthy
X-Cdn
X-Amz-Meta-S3cmd-Attrs
X-Envoy-Decorator-Operation
TCN
X-Magnolia-Registration
X-Origin-Cache
X-Device-Type
X-Contextid
X-Source
X-CSRF-Token
X-Aspnetmvc-Version
X-Webkit-CSP
X-Rid
X-WP-CF-Super-Cache-Active
X-Cache-Age
Server-Name
X-Px
X-Backend-Name
X-Mobile
DC
X-Proxy
X-Language
X-Tumblr-Pixel
X-Seen-By
X-Tumblr-Pixel-0
X-Varnish-Grace
X-RM-Cache-TTL
X-RemovedCookies
X-Tumblr-Pixel-1
X-App-Environment
X-ProcessESI
X-Buckets
X-Tumblr-User
X-Framework
X-Environment-Context
X-Debug-Info
X-Rule
Access-Control-Request-Headers
X-L-Path
X-Status
X-Mg-Request-UUID
X-Storage
X-Akamai-Edgescape
X-FW-Static
X-Instance
X-Region
SD-X-WS
X-NYM-Debug-Backend
X-HTML-Minification-Powered-By
NGB
X-Node-Name
X-Proxy-Cache-Info
X-FW-Version
X-FW-Dynamic
X-Adobe-Loc
X-UUID
X-Cacheable-TTL
X-Content-Powered-By
X-Debug-IsConnected
X-Debug-IsPreview
X-FW-Type
X-Adobe-Content
X-FW-Hash
Cross-Origin-Window-Policy
X-G
X-FW-Serve
X-FW-Server
X-ServerID
X-Datadog-Parent-Id
X-Datadog-Trace-Id
X-RTag
X-Datadog-Sampled
GEO-INFO
X-Rendered-As
X-Is-Bot
X-Tec-Api-Root
X-Datadog-Sampling-Priority
Ms-Operation-Id
MS-CV
X-Tec-Api-Version
X-Tec-Api-Origin
X-ECache
X-Yottaa-Metrics
X-Yottaa-Optimizations
Paypal-Debug-Id
X-User-Agent
X-EdgeConnect-Cache-Status
X-Cache-Time
Upgrade-Insecure-Requests
Trailer
Webserver
Countrycode
Front
Charset
Protected
X-Fastly-Request-Id
X-Whom
OT-Force-Account-Verify
X-Edge-Location
X-Lambda-Id
X-TT-LOGID
X-WebKit-CSP-Report-Only
Refresh
X-N
X-VC
Section-Io-Id
X-IPS-LoggedIn
X-HS-Prerendered
X-VHOST
X-AB
X-Akamai-Request-ID2
X-Cache-Status-Check
Country
Priority
X-Reqid
X-B3-Traceid
X-Time
Alternate-Protocol
X-Amzn-Remapped-Content-Length
Backend
X-B3-SpanId
X-Hcs-Proxy-Type
X-WP-CF-Super-Cache-Cookies-Bypass
X-CCDN-Origin-Time
X-Hl-Ver
X-CCDN-CacheTTL
Xet-Cookie
Liferay-Portal
X-Server-W
X-CLOUD-TRACE-CONTEXT
X-Original-Request-Id
X-Response-Served-From
X-Mode
Onion-Location
X-Via-JSL
Accept-Language
SRV
X-FB-TRIP-ID
X-Fetched-On
X-Wix-Request-Id
Cross-Origin-Embedder-Policy-Report-Only
X-UPSTREAM-Address
Filters
X-Skip-Cache
X-Real-IP
X-Web-Node
Meta-Geo
From-Origin
X-Rn-Rsrv
X-Tumblr-Pixel-2
Fastcgi-Useragent
X-Frame-Option
X-Tb
X-Accel-Version
Environment
X-Cache-Host
X-SaId
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-JoinUs
X-VC-Cache
X-Auth-Group-Type
X-Origin-Date
ServerID
X-Scope-Id
X-Rewrite-Enabled
TWC-Device-Class
TWC-Locale-Group
X-Connection-Hash
TWC-GeoIP-LatLong
TWC-GeoIP-Country
TWC-Connection-Speed
Uber-Trace-Id
X-BYPASS-REASON
X-Cache-Action
X-Cache-Expired-At
X-Cluster-Node
Webcakes-Region
Webcakes-App-Version
Property-Id
Expiry
TWC-Privacy
Webcakes-App-Name
Atl-Traceid
X-ProxyCache-Key
X-Redis-Cache
X-Request-URI
X-R9-Blue-Green-Version
X-Nginx-Cache
X-Origin-Hint
X-Restarts
X-Say-Cacheable
X-Varnish-Cache-Hits
X-Varnish-Age
X-SayCDN-TTL
X-Say-TTL
X-Webstats-RespID
X-Logging-Id
X-ProxyCache-Status
X-Director
X-Generated-By
X-Hosted-By
X-IPLB-Request-ID
X-Format
X-IPLB-Instance
X-Handled-By
X-Varnish-Beresp-Grace
X-Labrador-Cache-Channel
X-Served-From
X-Vcache
X-Forwarded-Host
X-Cms-Context
Apigw-Requestid
Web-Mar-Node
X-Adobe-Source
X-PHP-Host
X-Soup
X-Loop
X-Httpd
X-Tncms
Mn-Server-Ip
X-DataDome
Selected-Fe
DB-Nickname
X-Timing-Wait
X-Proxy-Build
X-Extlb
X-S
X-Cloudmap
X-Proxied
X-Origin
X-Servername
X-Detected-As
ServedBy
X-Cluster
X-Routing-Service
X-Zipkin-Id
Url
X-Origin-TTL
X-Origin-CC
LB
Referer-Policy
X-LSADC-Cache
N-Cache
X-SRV
Xserver
X-Lagoon
X-Rocket-Nginx-Serving-Static
X-XRDS-Location
X-Hit
Cross-Origin-Embedder-Policy
CF-IPCountry
X-Webkit-Csp
X-Ms-Version
X-TraceId
X-Xfnlog-Site
X-Ms-Request-Id
X-DynaTrace
X-NWS-UUID-VERIFY
X-Tumblr-Pixel-3
X-XRDS-LOCATION
X-RateLimit-Limit
X-UA
X-Upstream-Ct
CDN-RequestId
X-RID
X-Upstream-Ht
X-VCT
X-Azure-Ref-OriginShield
X-Cache-Debug
Source
WPO-Cache-Status
WPO-Cache-Message
X-Proxy-Cache-Status
X-RCS-CacheZone
Surrogated-Key
X-FTR-Request-ID
X-RateLimit-Remaining-Second
X-Worker
X-RateLimit-Limit-Second
X-Geo-Region
X-Is-Desktop
X-Tcp-Rtt
X-Is-Supported-Browser
X-Is-Mobile
X-Is-Tablet
X-Browser-Name
X-No-Session
X-Urbn-Context-Path
X-Urbn-Site-Id
X-F-Cache
X-B-Cache
X-Signature
Locale
X-Sucuri-Cache
X-Generation-Time
Node
X-Cdn-Origin
X-App-Version
X-Drupal-Cache-Contexts
X-Sucuri-ID
X-Drupal-Cache-Tags
X-NODE
X-Tx-Id
X-ShopId
X-Sorting-Hat-ShopId
X-ShardId
X-Alternate-Cache-Key
X-Storefront-Renderer-Rendered
X-Shopify-Stage
X-Sorting-Hat-PodId
X-Cdn-Forward
X-Locale
X-MP-GENERATED-AT
Ohc-File-Size
Cross-Origin-Opener-Policy-Report-Only
X-Cache-Rule
X-Site-Version
X-Cache-Operation
X-A-Wwc
X-Service
X-Gdpr
X-Ig-Origin-Region
Fastly-GeoIP-CountryCode
X-GeoCountry
Producers
X-GeoIP
X-GeoIP-City
Expect-Staple
Fastly-Backend-Name
X-A-Dgt
X-ElasticPress-Query
X-GeoCode
Rendered-Blocks
X-Epic-Correlation-Id
Azure-SiteName
Azure-SlotName
Azure-Version
BehaviorPad-Version
Azure-RegionName
Azure-InstanceId
X-App-Name
X-Contensis-Viewer-Groups
X-Conf
Cdnsip
Cdncip
X-BCube-Filmed-By
X-Cache-Aspx
X-Bug-Bounty
X-Bc-Bl
X-Cache-Info
X-Backend-Instance
X-Cache-NE
Candidate-Md5Url
X-Amz-Storage-Class
X-D
X-We-Are-Hiring
Content-Secure-Policy
X-Ec-GeoHdr
X-AK-Request-ID
X-Aicache-OS
DCR-Processing-Time-Ms
X-FC-Vary-Parameters
DCR-Decision-By
X-Ec-Fail
X-DPWN-IS-SECURE
X-Debug-Cache-Fetch
Cluster
A
X-Debug-Cache-Store
X-DefElseHash
X-Developer
X-Depends
X-DefHash
X-Aed
X-Mly-Id
X-Scheme
Lang
X-ScT
X-Shield-Cache-Expires
Mail-Subject
TDXMobile
X-Rojux
X-Request-Time
Sslversion
AMP-Access-Control-Allow-Source-Origin
X-Proto
X-Proxied-Request
X-NGINX-Cache
X-Proxy-CacheRZ
MD5-Digest
XkeyRZ
X-Varnish-CookieHashed-On
X-Varnish-Authentication
X-Varnish-CookieINHashed-On
X-Varnish-Remaining-TTL
Thinkindot-CacheControl-Type
X-Vdms-Version
Origin-Agent-Cluster
Xc-Version
Thinkindot-CacheControl
Meta-Geo-Continent
Ngx.Var.Host
X-Thinkindot-L3
Odigeo-Trace-Id
X-TIM-N
X-Platform-Server
We-Hiring
X-A-Dam
X-A-Dcw
X-Mvc-Supplant-Cachable
X-Mvc-Supplant-OutputCached
X-A
Host-ID
X-Loc
Gannett-Cam-Experience-Id
X-INCAP-ABP
X-Ig-Push-State
X-Internal-TTL
Redirect-Candidate
X-Jobs
X-Vtex-Remote-Cache
X-Nyt-Route
X-A-Ccd
X-Origin-Response-Time
X-Origin-Expires
X-Origin-Time
X-Path
X-PAYTM-SRV-ID
X-Org
X-Vmg-Version
X-Optimistic-Header
Mime-Version
X-Varnish-Beresp-Ttl
Web-Mar-Region
V-Age
X-Acquia-Purge-Cdn-Unconfigured
Tube-Got-Eval
X-BBC-Edge-Cache-Status
Wxu-Next-Hostname
W
RNT-Machine
Tube-Get-Contents
X-B3-Trace-ID
Wxu-Next-Commit
RNT-Time
X-Auto-Login
User-Agent
X-Bl-Debug
X-Akamai-Device-Characteristics
X-Accel-Expires-Debug
Wxu-Next-Region
Req-Svc-Chain
Server-Host
X-Amz-Meta-Cb-Modifiedtime
Tube-Return
Tube-Got-Results
X-Human
X-Slack-Backend
X-Section
X-Slack-Shared-Secret-Outcome
X-Sn-Servicetimems
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-SD-PageType
X-SB
X-Platform
X-Op-Id-All
X-Policy
X-Pool
X-Req
X-Powered-By-VTEX-Cache
X-Tb-Optimization-Total-Bytes-Saved
X-UA-Device-Type
X-VTEX-Cache-Time
X-VTEX-Cache-Server
X-Wikidot-Backend
X-Wikidot-Static-Cache
Origin
Yak-Timeinfo
X-Viewer-Country
X-Via-Fastly
X-Var-Ttl
X-V-Cache
X-Varnish-Director
X-VarnishDD-TTL
X-VG-WebCache
X-Varnishpool
X-Node-Id
X-NMSegId
X-Date
X-Csrf-Jwt
X-Dispatcher-Server
X-Ec-Custom-Error
X-Esi-Check
X-Edge-Server
X-Core-Value
X-Content-Age
X-Cache-Id
X-Cache-Grace
X-Cached-By
X-CacheTTL
X-Clientip
X-CGP
X-Eu-Site
X-Fastly-Backend
X-HN
X-Hash
X-HS-Content-Campaign-Id
X-Level-Front-Cache
X-Micro-Cache
X-Location
X-Gzip
X-GoCache-CacheStatus
X-Gamma-Serve
X-Fmm-Version
X-Generated-On
X-GeoIP-Country-Code
X-GeoIP-Region-Code
X-Cache-Bucket
X-Access
NGX
Apple-News-Services-Parsed-Url
Content-Script-Type
Content-Style-Type
Apple-News-Services-Request-Url
NM-Fastcgi-Cache
Esi-Enabled
Origin-EX
Origin-CC
X-Pad
L5d-Success-Class
Ha-Gx-Prefs
Gh-Request-Id
Apple-News-Services-Handled
Apple-News-Services-Host
HA-Ipaddr
L
Debug
DSUID
Cache-Key
Cache
Click-Count-Error
Product
Cdn-Host
Cdn-Request-Time
Canary
Platform
PFcat
Release
Cache-Provider
Click-Count-Action-Start
TP-L2-Cache
CDN-PullZone
X-Cache-FS-Status
X-Content-Length
CDN-EdgeStorageId
CDN-RequestPullCode
CDN-RequestPullSuccess
CDN-Uid
Country-Code
CDN-RequestCountryCode
X-Bip
X-Block-Status
X-Gen-Mode
X-Varnish-Beresp-Status
X-VG-TLSProxy
ServerName
X-Thanos
Ssr
IsBot
X-Cdn-Srv
X-AB-Test
Req-ID
Pramga
X-SIPLIST1
X-Irp-Debug
X-Server-IP
X-Newrelic-Synthetics
CDN-CachedAt
X-Hnp-Log
CDCHOST
X-Cache-Hit
X-CUA
CDN-Cache
X-Men
X-Request-Host
X-Request-Start
X-Pubstack
X-NodeID
User-Cache-Control
Fastly-SSL
Akamai-Mon-Iucid-Del
X-URL
X-LiteSpeed-Tag
Fl-Custom-Application
X-ORCA-Accelerator
XM
X-HOST
X-Api-Version
Sid
X-CACHE-GROUP
X-Varnish-Hits
X-LiteSpeed-Cache-Control
X-Cs
X-Dc
X-LB-NoCache
X-TA-CDN-Provider
X-HS-CF-Cache-Status
X-VWS-Id
X-GEO
X-AWS-Id
X-LJ-Flow-ID
True-Client-Country-4JS
X-VServer
X-Oracle-Dms-Ecid
X-Air-Pt
X-RequestId
Sever-Int
X-Test
X-Provided-By
Server-Ext
C-Via
X-Cache-Date
X-Geolocation
X-Nananana
X-APP
X-HITS
X-Servedbyhost
X-Refresh
Server-Hostname
Proxy-Firewall
GeoIP-Latitude
CloudFront-Viewer-Country
Fastly-Drupal-HTML
X-Via-SSL
X-Destination
X-External-Request-Id
X-S-Cookie
X-B-Cookie
X-Application
X-Via-CDN
X-IsAdmin
X-DC
X-Via-Edge
Edge-Copy-Time
Is-Eu
Adler-Geo
X-B3-Parentspanid
X-Webkit-Csp-Report-Only
X-Nginx-Cache-Key
X-Dispatcher-Number
X-Zone
X-Zen-Fury
X-HA-Backend
X-Via-Popv
X-Via-Poph
X-Via-Popn
X-B3-Spanid
S-Rt
X-Endurance-Cache-Level
X-ZONE
X-User
X-Nc
X-Litespeed-Tag
X-LB-ID
WZWS-RAY
X-Wa
Fastly-Drupal-Html
Cache-Tv-Group
X-Custom-Header
T-Server
Server-ID
HostName
X-Geo-Header
X-CDN-Forward
Cdn
X-Tt-Logid
X-DynaTrace-JS-Agent
X-Presslabs-Stats
Cdn-Requestid
X-COUNTRY
X-AIR-PT
X-ND-Cache
X-Pass-Why
Ohc-Cache-HIT
X-CS
X-VC-TTL
X-Cache-Server
Vc-Max-Age
SID
X-CMSURLCustom
GeoIp-Country-Code
X-HubSpot-Correlation-Id
X-Srv
X-CACHE-AGE
X-Parent-Response-Time
X-TH-Server
X-Fpc
X-DataCenter
WP-Super-Cache
X-Vgn-Hpd-Reason
Resin-Trace
X-Moov-Xdn-Caching-Status
X-Moov-Xdn-Version
X-Oracle-Dms-Rid
X-NewRelic-App-Data
X-Moov-T
True-Client-IP
X-API-Version
Pics-Label
Vix-Hermes-Req-Id
Powered-By
X-Old-Content-Length
X-Varnish-Beresp-TTL
X-Fastly-Cache
X-Datadome
Uri
SEZNAM-JOBS-OFFER
X-Ckpd-Fst-Backend
True-Client-Ip
X-Srcache-Fetch-Status
X-Srcache-Store-Status
X-APP-VERSION
Srv
On-Server
X-SERVER-NAME
Thinkindot-Control
X-Action
Serverhost
X-Cache-VC
X-Vercel-Cache
X-FPC
X-Vercel-Id
GeoIP-Country-Code
X-Thinkindot-L1
Location
ServerHost
X-TX-ID
X-Dynatrace-Js-Agent
X-Client-Ip
X-Amz-Meta-Opti
X-PHP-Backend
X-Cache-TTL-Remaining
X-Stale
AKAMAI
X-Air-Hostname
X-Air-Source
X-Air-Trace-Id
Server-Id
N1-Cache
X-FTR-Balancer
X-FTR-Cache-Status
X-FTR-Expires
X-FTR-Backend-Server
X-FTR-Backend
X-Country-Code-Real
Cl-Cache
Magicmarker
X-Info
Av-Poweredby
Hostname
X-Debug-Service
X-Cdn-Cache-Status
X-ApacheServer
X-PERF
X-Datacenter
Xkey-La3
X-Proxy-Cache-La3
X-NC
Xkeylog
X-Fastly-Cache-Status
X-Fastly-Backend-Reqs
X-WA
X-Service-Response-Time
Tcn
Sm-Log-Id
X-Litespeed-Cache-Control
X-V
X-Ssense-Gql
X-Ssense-Shipping-Surcharge-Enabled
X-Resp-Is-Stale
X-Vc
X-Ee-Request-Id
X-Ee-Generated-By
X-Ee-Request-Date
X-Lb-Id
X-Ee-Origin
X-Vary-Devices
X-Geo
X-Render-Time
X-Nitro-Cache
X-Cms-Device
X-Save-Cache
X-Udemy-Cache-App-Namespace
X-WA-Info
X-IAuth-Set-Uid
X-VTEX-Cache-Backend-Header-Time
X-CDN-Cache-Status
Time-Cloud-Cache
Store-Cloud-Cache
X-VTEX-Cache-Backend-Connect-Time
X-Cache-Ttl
CDN
X-Oracle-DMS-ECID
X-New
X-Github-Request-Id
X-Rollout
X-Via-PopV
X-Via-PopN
TWC-GeoIP-DMA
X-Via-PopH
X-Eligible
X-Ha-Backend
X-Uri
Cache-Hits
TWC-GeoIP-City
TWC-GeoIP-Region
X-Esi
Machine
X-Forwarded-Site
X-Jungle-Id
Cache-Contol
X-Ion-Healthy
X-Ion-Hop
RewriteTeamHook
RewriteTestHook
Log-Origin
X-Region-Sid
Geoip-Latitude
Cloudfront-Viewer-Country
X-ServedByHost
X-App
X-Limited
X-VCL-Version
X-Traceid
X-Akamai-Pragma-Client-IP
X-Lb-Nocache
Cmsid
WebServer
My-App
X-Ua
Server-Info
Cmstype
WWW-Authenticate
Cneonction
CountryCode
X-Correlation-ID
X-Requestid
X-Git-Commit
X-Ftr-Request-Id
Edge-Cache
Cf-Ipcountry
X-LAGOON
Pragrma
X-From
X-Up
X-MSEdge-Features
X-MSEdge-Flight
X-Dw-Trace-Id
X-Container-Uri
X-EC-Lua
X-Acquia-Application-UUID
X-Serial
X-Acquia-Purge-Tags
X-Acquia-Application-Trace
Permission-Policy
Reporter
Lb
X-Varnish-Hostname
X-Cdn-Request-ID
X-Check-Cacheable
X-Acquia-Site
X-Akamai-Transformed
CacheControlHeader
FSS-Cache
X-Pod
X-HS-Status
X-SRCache-Key
X-Sucuri-Id
X-Ramcache
X-Tncms-Bot-Tier
X-Platform-Cluster
X-BBC-Origin-Response-Status
X-Elasticpress-Query
Warning
X-Akamai-ERRuleID
CF-Cached-On
X-Platform-Processor
PICS-Label
X-Akamai-ERPolicy
X-Ms-Lease-Status
X-Platform-Router
X-Fastly-Cache-Hits
X-Orig-Cache-Control
X-Ms-Blob-Type
Timeexpire