Threat Level: green Handler on Duty: Jim Clausing

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
X-Frame-Options
Expires
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
Accept-Ranges
Expect-CT
CF-RAY
Pragma
X-Powered-By
X-Cache
Via
Age
X-XSS-Protection
Content-Security-Policy
Report-To
Alt-Svc
NEL
Referrer-Policy
Access-Control-Allow-Origin
X-Xss-Protection
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
X-Served-By
P3P
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
CF-Ray
Content-Security-Policy-Report-Only
X-Runtime
X-DNS-Prefetch-Control
X-AspNet-Version
X-Drupal-Cache
P3p
Server-Timing
X-Generator
X-Cache-Status
X-Cacheable
X-Envoy-Upstream-Service-Time
Timing-Allow-Origin
X-Request-ID
X-FRAME-OPTIONS
X-Iinfo
X-Drupal-Dynamic-Cache
Permissions-Policy
X-Check
X-Content-Security-Policy
Access-Control-Expose-Headers
Feature-Policy
Upgrade
Content-Encoding
Status
X-CDN
X-Ua-Compatible
X-AspNetMvc-Version
Access-Control-Max-Age
Host-Header
Cf-Edge-Cache
X-Robots-Tag
Request-Context
X-Amz-Request-Id
X-Amz-Id-2
Accept-CH
X-Backend
X-Hacker
X-Turbo-Charged-By
X-Cache-Group
Cf-Apo-Via
X-Proxy-Cache
Keep-Alive
X-Via
X-Rq
X-Age
X-Server
EagleId
X-Dispatcher
X-UA-Device
X-Vhost
X-Amz-Version-Id
X-AH-Environment
Accept-CH-Lifetime
X-Ws-Request-Id
X-Dns-Prefetch-Control
X-Varnish-Cache
Grace
X-Server-Powered-By
X-Litespeed-Cache
X-Pingback
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
Allow
X-Swift-SaveTime
X-Swift-CacheTime
X-OneAgent-JS-Injection
X-WebKit-CSP
X-Cache-Lookup
Ali-Swift-Global-Savetime
X-Page-Speed
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Device
X-Backend-Server
EagleEye-TraceId
X-Cloud-Trace-Context
X-Akam-SW-Version
X-Host
X-Response-Time
Surrogate-Control
Cf-Railgun
X-Readtime
X-LiteSpeed-Cache
X-Server-Id
X-Node
Xkey
X-HW
X-Ruxit-JS-Agent
Request-Id
X-Country
X-Url
X-Nginx-Cache-Status
X-NWS-LOG-UUID
X-Content-Type
X-Application-Context
Cache-Tag
X-Nginx-Upstream-Cache-Status
Content-Location
X-Clacks-Overhead
Service-Worker-Allowed
X-Trace
X-Amz-Server-Side-Encryption
Fastly-Restarts
Cross-Origin-Opener-Policy
X-Times
X-Rack-Cache
X-Vname
X-TtlSet
X-PC
X-Country-Code
X-Mcache
X-Edge
X-Midtier
Rating
Surrogate-Key
X-Server-Name
X-Browser-Type
Display
X-Sol
X-Middleton-Display
Pagespeed
X-Cache-TTL
X-Cnection
X-Abt-Application-Version
X-Element-Page-Cache
X-Cdn-Fetch
X-Kinja
X-GoogleNews-Bot
X-Exp-Variant
X-Exp-Id
X-Kinja-Build
X-Kinja-Revision
X-Kinja-Server
X-ESI
X-Ser
Nginx-Cache
X-GitHub-Request-Id
X-Powered-By-Plesk
Edge-Control
X-Oneagent-Js-Injection
X-D2id
Verso
X-Ac
X-Vcap-Request-Id
X-Dw-Request-Base-Id
X-ARC
X-ECACHE
X-MS-InvokeApp
X-Client-IP
X-ORACLE-DMS-RID
X-B3-TraceId
X-Daa-Tunnel
X-CST
X-Amz-Rid
Response
X-Middleton-Response
X-Navigation-Version
X-Goog-Hash
X-Aspnet-Version
X-Upstream
X-Powered-CMS
X-Erf-Bev-Bev-Is-Generated
X-Kraken-Loop-Name
X-PDP-UNCACHING-HASH
X-Server-Lifecycle-Phase
X-Instrumentation
X-Erf-Bev-Bev
X-Kinsta-Cache
X-Edge-Location-Klb
X-Amzn-Trace-Id
X-Cache-Key
X-Forwarded-For
AR-Request-ID
AR-PoweredBy
AR-ATIME
AR-SID
Accept-Ch-Lifetime
X-Ratelimit-Limit
X-Ua-Device
X-Wormhole-Sdk
RTSS
X-Mod-Pagespeed
X-NF-Request-ID
SPIisLatency
SPRequestDuration
X-Ttl
Edge-Cache-Tag
Cache-Status
X-FastCGI-Cache
X-Server-ID
X-ORACLE-DMS-ECID
X-Version
X-Mg-S
Public-Key-Pins
AR-CACHE
X-Ratelimit-Remaining
X-Ezoic-Cdn
X-Ruxit-Js-Agent
Cross-Origin-Resource-Policy
X-Content-Digest
S
X-SharePointHealthScore
SPRequestGuid
Realpath
X-Shield-Request-Id
X-T
X-MSEdge-Ref
Fastcgi-Cache
X-Cached
X-Recruiting
X-Varnish-TTL
X-Accel-Expires
X-Fastly-Request-ID
Access-Control-Request-Method
X-Distributor
X-Newrelic-App-Data
X-Kong-Upstream-Latency
Front-End-Https
X-Kong-Proxy-Latency
TP-Cache
X-Correlation-Id
Arr-Disable-Session-Affinity
X-Debug
MicrosoftSharePointTeamServices
X-Request-Received
X-Request-Processing-Time
Count-Hit
X-HS-Cache-Config
X-HS-Hub-Id
X-HS-Content-Id
X-Id
Server-Node
X-Ua-Browser
X-Content-Security-Policy-Report-Only
X-LLID
X-Azure-Ref
X-VARITI-CCR
X-HS-Combine-CSS
X-Frontend
X-PressLabs-Stats
Cache-Tags
X-Cluster-Name
X-Ismobilevalue
X-Hits
X-TTL
Payment
X-Amz-Replication-Status
X-GUploader-UploadID
X-LB-Cache
X-Varnish-Backend
X-Goog-Metageneration
X-Forwarded-Proto
Accept-Ch
X-Request-Handler-Origin-Region
X-Microsite
X-Protected-By
X-FB-Debug
X-Git-Hash
Host
Filterid
X-Logged-In
X-Unique-Id
Cleartype
Content-Disposition
X-AppVersion
X-Varnish-Server
X-Www-Served-By
X-Activity-Id
X-Az
X-Ratelimit-Reset
X-Tt-Trace-Host
X-Tt-Trace-Tag
Origin-Trial
X-App-Server
X-Hostname
X-NGENIX-Cache
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Nf-Request-Id
X-Pinterest-Rid
Pinterest-Generated-By
Pinterest-Version
X-Jurisdiction
X-HP-Trace-Id
X-HP-Webp
X-Page-Id
X-DIS-Request-ID
MRF-Tech
X-B3-TraceId-Primal
Mrf-Cache-Status
X-Fastcgi-Cache
X-Geo-Country
X-Webkit-CSP
Access-Control-Allow-Method
X-Origin-Server
X-Varnish-Ttl
Retry-After
X-WP-CF-Super-Cache
Akamai-GRN
X-WP-CF-Super-Cache-Cache-Control
X-Load-Cache
X-Cambria-Cache-Control
X-RateLimit-Remaining
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Upgrade-Enabled
X-Template
MS-Author-Via
Accept-Charset
Fastly-SWR
Fastly-SIE
X-ASPNET-VERSION
X-Xrds-Location
Section-Io-Cache
X-Fb-Rlafr
Viewport
X-Type
X-TT
X-Cache-Control
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-B3-Sampled
X-Content-Options
X-Grace
X-B
Version
Content-MD5
Frame-Options
X-Ah-Environment
X-Request-Guid
X-Revision
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Trace-Id
X-Vcl-Version
X-Envoy-Decorator-Operation
Healthy
X-Amz-Meta-S3cmd-Attrs
X-Magnolia-Registration
X-Device-Type
X-Origin-Cache
Amp-Access-Control-Allow-Source-Origin
X-Cdn
X-Source
X-Contextid
X-Rid
X-CSRF-Token
X-Cache-Age
Server-Name
X-WP-CF-Super-Cache-Active
TCN
X-Px
X-Aspnetmvc-Version
X-Mobile
X-Backend-Name
X-Language
X-Tec-Api-Version
X-Proxy
X-Tec-Api-Origin
DC
X-Tec-Api-Root
X-Buckets
X-Tumblr-User
X-ProcessESI
X-Varnish-Grace
X-Tumblr-Pixel-0
X-App-Environment
X-RemovedCookies
X-Tumblr-Pixel-1
X-RM-Cache-TTL
X-Tumblr-Pixel
X-Mg-Request-UUID
X-Rule
X-Status
Access-Control-Request-Headers
X-Storage
X-Framework
X-Akamai-Edgescape
X-Seen-By
X-Debug-Info
X-Cacheable-TTL
X-Content-Powered-By
X-Adobe-Content
SD-X-WS
X-Adobe-Loc
X-Environment-Context
X-FW-Version
X-G
X-Debug-IsConnected
X-FW-Static
X-HTML-Minification-Powered-By
X-FW-Server
X-Instance
X-L-Path
Trailer
X-UUID
X-Region
X-Proxy-Cache-Info
X-Node-Name
X-NYM-Debug-Backend
X-FW-Serve
X-FW-Type
NGB
X-ServerID
X-Debug-IsPreview
Cross-Origin-Window-Policy
X-EdgeConnect-Cache-Status
X-FW-Dynamic
X-FW-Hash
GEO-INFO
X-Rendered-As
MS-CV
X-Datadog-Trace-Id
Ms-Operation-Id
X-Datadog-Sampling-Priority
X-Is-Bot
X-Datadog-Parent-Id
X-RTag
X-Datadog-Sampled
X-Yottaa-Metrics
X-Yottaa-Optimizations
Paypal-Debug-Id
X-User-Agent
X-Cache-Time
Upgrade-Insecure-Requests
X-ECache
Webserver
Countrycode
Charset
Front
Protected
X-Whom
X-WebKit-CSP-Report-Only
X-Edge-Location
OT-Force-Account-Verify
X-Fastly-Request-Id
X-TT-LOGID
X-Lambda-Id
X-VC
Refresh
Section-Io-Id
X-N
X-HS-Prerendered
X-IPS-LoggedIn
X-AB
X-Cache-Status-Check
X-Akamai-Request-ID2
X-FTR-Request-ID
X-Reqid
Country
X-VHOST
Priority
X-Amzn-Remapped-Content-Length
X-Time
Alternate-Protocol
X-B3-SpanId
Backend
Xet-Cookie
X-B3-Traceid
X-Hl-Ver
X-WP-CF-Super-Cache-Cookies-Bypass
Liferay-Portal
X-Hcs-Proxy-Type
X-CCDN-CacheTTL
X-CCDN-Origin-Time
X-TraceId
X-Server-W
X-Original-Request-Id
X-Response-Served-From
Cross-Origin-Embedder-Policy-Report-Only
SRV
Onion-Location
Accept-Language
X-Real-IP
X-Mode
X-Scope-Id
X-CLOUD-TRACE-CONTEXT
X-Rewrite-Enabled
X-Fetched-On
X-Frame-Option
X-VC-Cache
Environment
X-FB-TRIP-ID
X-JoinUs
X-Tb
X-Origin-Date
X-Web-Node
X-Cache-Host
X-UPSTREAM-Address
Meta-Geo
From-Origin
X-Rn-Rsrv
X-SaId
X-Tumblr-Pixel-2
X-Skip-Cache
Filters
ServerID
X-Accel-Version
X-Auth-Group-Type
Fastcgi-Useragent
X-IPLB-Instance
X-Director
X-IPLB-Request-ID
X-Cluster-Node
X-Hosted-By
TWC-Locale-Group
Atl-Traceid
X-Connection-Hash
Property-Id
Expiry
TWC-Device-Class
TWC-GeoIP-Country
TWC-GeoIP-LatLong
X-Webstats-RespID
X-Redis-Cache
X-R9-Blue-Green-Version
X-ProxyCache-Status
X-Restarts
X-BYPASS-REASON
X-Varnish-Age
X-Varnish-Cache-Hits
X-ProxyCache-Key
X-Origin-Hint
Webcakes-App-Name
Uber-Trace-Id
TWC-Privacy
X-Cache-Expired-At
Webcakes-App-Version
X-Cache-Action
Webcakes-Region
X-Logging-Id
TWC-Connection-Speed
VIX-Pulpo-Node
X-Wix-Request-Id
VIX-Pulpo-Upstream-Status
X-SayCDN-TTL
X-Served-From
X-Labrador-Cache-Channel
X-Forwarded-Host
X-Say-TTL
X-Say-Cacheable
X-Handled-By
X-Request-URI
X-PHP-Host
X-Httpd
X-Format
X-Varnish-Beresp-Grace
X-Vcache
Web-Mar-Node
Apigw-Requestid
X-Loop
X-Via-JSL
X-Cms-Context
X-Tncms
X-Adobe-Source
Mn-Server-Ip
X-Generated-By
Selected-Fe
X-Proxy-Build
DB-Nickname
X-Timing-Wait
X-Soup
X-Origin-CC
X-Origin-TTL
X-Zipkin-Id
ServedBy
X-Cluster
Url
X-Cloudmap
X-Routing-Service
X-Servername
X-S
X-Proxied
X-Extlb
X-Detected-As
X-Origin
X-SRV
Referer-Policy
X-LSADC-Cache
X-Lagoon
Xserver
N-Cache
X-Rocket-Nginx-Serving-Static
X-Hit
X-Nginx-Cache
Cross-Origin-Embedder-Policy
X-DataDome
X-DynaTrace
X-XRDS-Location
X-Ms-Request-Id
X-Ms-Version
X-Xfnlog-Site
X-Tumblr-Pixel-3
X-Webkit-Csp
X-NWS-UUID-VERIFY
LB
Source
WPO-Cache-Message
X-Azure-Ref-OriginShield
X-XRDS-LOCATION
WPO-Cache-Status
X-Cache-Debug
CF-IPCountry
X-VCT
X-RID
X-Proxy-Cache-Status
X-Upstream-Ht
X-RCS-CacheZone
Surrogated-Key
X-Upstream-Ct
X-Worker
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
AMP-Access-Control-Allow-Source-Origin
X-UA
X-Geo-Region
X-Is-Tablet
X-Is-Supported-Browser
X-Is-Desktop
X-Is-Mobile
X-Tcp-Rtt
CDN-RequestId
X-Browser-Name
Locale
X-B-Cache
X-App-Version
X-Sucuri-Cache
X-Urbn-Site-Id
X-Signature
X-F-Cache
X-No-Session
X-Urbn-Context-Path
X-Generation-Time
X-Cdn-Origin
Node
X-NGINX-Cache
X-Sucuri-ID
X-Drupal-Cache-Contexts
X-Drupal-Cache-Tags
X-Cdn-Forward
X-ShardId
X-Sorting-Hat-PodId
X-Storefront-Renderer-Rendered
X-Sorting-Hat-ShopId
X-Shopify-Stage
X-ShopId
X-RateLimit-Limit
X-Alternate-Cache-Key
X-NODE
X-MP-GENERATED-AT
Cross-Origin-Opener-Policy-Report-Only
X-Locale
Ohc-File-Size
X-Cache-Rule
X-Cache-Operation
X-Site-Version
X-Ec-GeoHdr
Content-Secure-Policy
X-Cache-Aspx
X-Proxy-CacheRZ
X-PAYTM-SRV-ID
X-Ec-Fail
Expect-Staple
X-We-Are-Hiring
X-DPWN-IS-SECURE
X-Vtex-Remote-Cache
X-Varnish-Remaining-TTL
X-Thinkindot-L3
Cluster
X-Tx-Id
X-Varnish-Beresp-Ttl
DCR-Decision-By
X-Varnish-CookieINHashed-On
X-Varnish-CookieHashed-On
X-Bc-Bl
DCR-Processing-Time-Ms
Rendered-Blocks
X-FC-Vary-Parameters
X-Developer
X-Bug-Bounty
X-ElasticPress-Query
Candidate-Md5Url
Redirect-Candidate
Producers
X-TIM-N
Cdnsip
Mail-Subject
X-D
MD5-Digest
A
Xc-Version
Meta-Geo-Continent
X-Vmg-Version
Lang
Azure-Version
BehaviorPad-Version
Azure-SlotName
Azure-SiteName
Azure-InstanceId
Azure-RegionName
XkeyRZ
X-Debug-Cache-Fetch
X-Depends
X-DefHash
Fastly-Backend-Name
Odigeo-Trace-Id
Cdncip
X-Contensis-Viewer-Groups
X-DefElseHash
X-A-Wwc
X-Conf
Ngx.Var.Host
X-Cache-NE
X-Debug-Cache-Store
X-Vdms-Version
Host-ID
X-BCube-Filmed-By
Thinkindot-CacheControl
X-A-Ccd
Thinkindot-CacheControl-Type
X-A
X-AK-Request-ID
TDXMobile
X-Mly-Id
X-Jobs
X-Shield-Cache-Expires
X-Internal-TTL
X-Mvc-Supplant-OutputCached
X-Aicache-OS
X-Mvc-Supplant-Cachable
We-Hiring
X-Scheme
X-Varnish-Authentication
X-Ig-Origin-Region
X-ScT
X-Org
X-INCAP-ABP
X-Aed
X-Ig-Push-State
X-Origin-Expires
X-GeoIP-City
X-Nyt-Route
X-Request-Time
X-Proto
X-A-Dcw
X-Origin-Time
X-Backend-Instance
X-GeoIP
X-Gdpr
X-A-Dgt
X-Path
X-GeoCode
X-Platform-Server
X-Origin-Response-Time
X-Rojux
Sslversion
X-A-Dam
X-Amz-Storage-Class
X-App-Name
X-GeoCountry
X-Newrelic-Synthetics
Mime-Version
X-Cache-Hit
Wxu-Next-Hostname
L
L5d-Success-Class
Debug
X-Cache-Grace
X-Cache-Id
Gannett-Cam-Experience-Id
X-VTEX-Cache-Server
Esi-Enabled
Fastly-GeoIP-CountryCode
X-Cache-Info
Gh-Request-Id
DSUID
Ha-Gx-Prefs
Wxu-Next-Region
X-Accel-Expires-Debug
HA-Ipaddr
X-Proxied-Request
Origin-EX
PFcat
X-VG-WebCache
X-Amz-Meta-Cb-Modifiedtime
Origin-Agent-Cluster
Origin-CC
Platform
X-Auto-Login
Server-Host
RNT-Time
Release
Product
X-Via-Fastly
X-B3-Trace-ID
X-Cache-Bucket
X-Akamai-Device-Characteristics
V-Age
User-Agent
X-Acquia-Purge-Cdn-Unconfigured
W
Web-Mar-Region
X-Viewer-Country
NGX
RNT-Machine
Tube-Get-Contents
NM-Fastcgi-Cache
Tube-Got-Eval
Tube-Got-Results
Tube-Return
Wxu-Next-Commit
X-Wikidot-Static-Cache
X-Generated-On
X-Slack-Shared-Secret-Outcome
X-Gamma-Serve
X-Slack-Backend
X-GeoIP-Country-Code
X-Pool
X-GeoIP-Region-Code
X-Powered-By-VTEX-Cache
X-Sn-Servicetimems
X-Pad
X-Fastly-Backend
X-Eu-Site
X-Esi-Check
X-Cached-By
X-Fmm-Version
X-UA-Device-Type
X-SVT-ORM-VERSION
X-GoCache-CacheStatus
X-Tb-Optimization-Total-Bytes-Saved
X-Var-Ttl
X-Op-Id-All
X-Service
X-Micro-Cache
X-V-Cache
X-Level-Front-Cache
X-Location
X-SB
X-Human
X-Hash
X-Gzip
X-SD-PageType
X-HN
X-Req
X-Policy
X-HS-Content-Campaign-Id
X-Epic-Correlation-Id
X-Varnish-Director
X-Core-Value
X-CGP
X-SVT-ORM-RULES
X-Csrf-Jwt
X-CacheTTL
Cdn-Host
Click-Count-Action-Start
Cache
Cdn-Request-Time
X-Clientip
X-Varnishpool
X-Content-Age
Canary
Cache-Key
Cache-Provider
Click-Count-Error
X-Wikidot-Backend
X-VTEX-Cache-Time
X-Platform
X-Dispatcher-Server
X-Ec-Custom-Error
X-VarnishDD-TTL
X-Edge-Server
Content-Style-Type
Content-Script-Type
X-Date
X-Node-Id
X-NMSegId
X-Loc
Yak-Timeinfo
Origin
X-Optimistic-Header
Sid
X-Thanos
X-Access
X-VG-TLSProxy
X-Men
X-Content-Length
X-BBC-Edge-Cache-Status
X-Gen-Mode
X-Varnish-Beresp-Status
X-Bip
X-Block-Status
X-Bl-Debug
X-CUA
X-Request-Host
X-Section
X-NodeID
X-Cache-FS-Status
X-Pubstack
X-Request-Start
X-Server-IP
X-Hnp-Log
CDN-RequestCountryCode
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Apple-News-Services-Handled
IsBot
X-Cdn-Srv
Pramga
CDCHOST
CDN-Cache
Country-Code
CDN-Uid
CDN-RequestPullSuccess
CDN-PullZone
CDN-EdgeStorageId
CDN-CachedAt
Fastly-SSL
Req-ID
Req-Svc-Chain
CDN-RequestPullCode
ServerName
Ssr
X-SIPLIST1
X-Irp-Debug
User-Cache-Control
X-AB-Test
TP-L2-Cache
Akamai-Mon-Iucid-Del
X-Dc
X-Litespeed-Tag
Fl-Custom-Application
XM
X-ORCA-Accelerator
X-Varnish-Hits
X-Cs
X-HS-CF-Cache-Status
X-HOST
X-Api-Version
X-GEO
X-CACHE-GROUP
X-VServer
X-VWS-Id
X-Refresh
Proxy-Firewall
X-Nananana
X-LB-NoCache
X-APP
X-Cache-Date
X-TA-CDN-Provider
X-Geolocation
X-LiteSpeed-Tag
X-LJ-Flow-ID
X-AWS-Id
True-Client-Country-4JS
X-Air-Pt
X-HITS
C-Via
X-External-Request-Id
X-Provided-By
X-Application
X-IsAdmin
X-S-Cookie
X-B-Cookie
Sever-Int
X-Destination
Server-Ext
X-Test
Server-Hostname
Fastly-Drupal-Html
X-Zone
Cdn-Requestid
X-LiteSpeed-Cache-Control
CloudFront-Viewer-Country
X-HA-Backend
X-Servedbyhost
X-Zen-Fury
X-Via-Edge
X-Via-Popv
X-Via-Popn
X-Via-SSL
Is-Eu
GeoIP-Latitude
Adler-Geo
X-Via-Poph
Edge-Copy-Time
X-RequestId
X-Via-CDN
X-Endurance-Cache-Level
X-Nginx-Cache-Key
X-LB-ID
X-B3-Spanid
Fastly-Drupal-HTML
X-User
X-B3-Parentspanid
X-Dispatcher-Number
X-DC
X-DynaTrace-JS-Agent
S-Rt
WZWS-RAY
HostName
X-ZONE
Cache-Tv-Group
X-AIR-PT
X-Custom-Header
X-Webkit-Csp-Report-Only
X-Geo-Header
X-Nc
T-Server
Server-ID
X-Wa
GeoIp-Country-Code
X-VC-TTL
X-CDN-Forward
Cdn
X-Presslabs-Stats
X-Tt-Logid
Ohc-Cache-HIT
X-HubSpot-Correlation-Id
X-Datadome
X-Oracle-Dms-Ecid
X-URL
X-Pass-Why
X-COUNTRY
X-ND-Cache
X-Parent-Response-Time
X-CS
X-Vgn-Hpd-Reason
X-Cache-Server
X-CMSURLCustom
X-TH-Server
Vc-Max-Age
True-Client-IP
X-CACHE-AGE
X-Srv
X-FTR-Backend-Server
X-FTR-Backend
Resin-Trace
X-FTR-Balancer
X-Moov-Xdn-Version
X-FTR-Cache-Status
X-Moov-Xdn-Caching-Status
X-Moov-T
X-FTR-Expires
WP-Super-Cache
X-Country-Code-Real
SID
X-API-Version
X-Old-Content-Length
X-NewRelic-App-Data
X-DataCenter
X-Fpc
Powered-By
Pics-Label
X-TX-ID
Vix-Hermes-Req-Id
X-Varnish-Beresp-TTL
SEZNAM-JOBS-OFFER
Uri
X-Ckpd-Fst-Backend
X-FPC
Thinkindot-Control
X-Fastly-Cache
X-Srcache-Store-Status
X-Srcache-Fetch-Status
On-Server
True-Client-Ip
Srv
X-Thinkindot-L1
X-Vercel-Cache
X-Cache-VC
X-APP-VERSION
Location
X-Action
X-Vercel-Id
X-SERVER-NAME
Tcn
X-Litespeed-Cache-Control
ServerHost
X-Resp-Is-Stale
Serverhost
X-Client-Ip
AKAMAI
X-PHP-Backend
GeoIP-Country-Code
N1-Cache
X-Amz-Meta-Opti
X-Cache-TTL-Remaining
X-Air-Source
X-Air-Trace-Id
X-Dynatrace-Js-Agent
X-Air-Hostname
X-Datacenter
X-Stale
X-NC
Request-ID
Server-Id
X-Oracle-Dms-Rid
X-WA
Hostname
Magicmarker
X-ApacheServer
X-Debug-Service
X-PERF
Av-Poweredby
X-Cdn-Cache-Status
X-Ssense-Gql
X-Info
X-Ssense-Shipping-Surcharge-Enabled
Cl-Cache
X-Fastly-Cache-Status
X-Ua
X-Render-Time
X-Nitro-Cache
X-WA-Info
X-V
X-Service-Response-Time
TWC-GeoIP-DMA
TWC-GeoIP-Region
TWC-GeoIP-City
Cache-Hits
Sm-Log-Id
X-Vc
X-IAuth-Set-Uid
X-Ee-Request-Date
X-Ee-Origin
X-Save-Cache
X-Udemy-Cache-App-Namespace
X-Ee-Generated-By
X-Uri
X-Vary-Devices
X-Ee-Request-Id
X-Fastly-Backend-Reqs
X-Cms-Device
X-VTEX-Cache-Backend-Header-Time
X-Geo
X-Lb-Id
X-ServedByHost
Geoip-Latitude
Cloudfront-Viewer-Country
Xkey-La3
X-Proxy-Cache-La3
X-VTEX-Cache-Backend-Connect-Time
Store-Cloud-Cache
Xkeylog
Time-Cloud-Cache
X-CDN-Cache-Status
CDN
X-Cache-Ttl
Cache-Contol
X-Via-PopN
X-Eligible
Cf-Ipcountry
X-Ion-Hop
X-Via-PopH
X-Ion-Healthy
X-Jungle-Id
X-Ha-Backend
Lb
X-Via-PopV
RewriteTeamHook
X-Oracle-DMS-ECID
RewriteTestHook
X-Rollout
X-Github-Request-Id
X-Akamai-Pragma-Client-IP
Log-Origin
X-New
X-Esi
X-Requestid
X-Region-Sid
Cmstype
Cmsid
Machine
X-VCL-Version
My-App
X-Limited
X-App
X-Forwarded-Site
Server-Info
WebServer
X-Lb-Nocache
WWW-Authenticate
X-From
X-Traceid
X-Up
Cneonction
CountryCode
X-Correlation-ID
Warning
X-Dw-Trace-Id
X-EC-Lua
X-LAGOON
Pragrma
Edge-Cache
X-Git-Commit
X-Container-Uri
X-MSEdge-Flight
X-MSEdge-Features
CacheControlHeader
X-Ftr-Request-Id
X-HS-Status
Reporter
X-Acquia-Site
Thinkindot-Cache-Type
X-SRCache-Key
X-Acquia-Application-Trace
X-Td-Header-From-No-Data
X-Cdn-Request-ID
X-Web-Server
Permission-Policy
X-Acquia-Application-UUID
X-Acquia-Purge-Tags
FSS-Cache
X-Pod
X-Varnish-Hostname
X-Akamai-Transformed
X-Check-Cacheable
X-Serial
X-Sucuri-Id
X-Elasticpress-Query
X-BBC-Origin-Response-Status
X-Platform-Processor
X-Platform-Cluster
X-Platform-Router
CF-Cached-On
X-Fastly-Cache-Hits
PICS-Label
X-Ramcache
X-Ms-Blob-Type
X-Akamai-ERPolicy
X-Akamai-ERRuleID
Timeexpire
X-Tncms-Bot-Tier
X-Ms-Lease-Status
X-Orig-Cache-Control