Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
CF-Cache-Status
Cf-Request-Id
ETag
Accept-Ranges
Expect-CT
CF-RAY
Pragma
X-Powered-By
X-Cache
Via
Age
X-XSS-Protection
Content-Security-Policy
Alt-Svc
Report-To
NEL
Referrer-Policy
X-Xss-Protection
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
Accept-CH
X-Served-By
P3P
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Request-Id
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-FRAME-OPTIONS
Access-Control-Allow-Credentials
CF-Ray
X-DNS-Prefetch-Control
Content-Security-Policy-Report-Only
X-Runtime
X-AspNet-Version
P3p
X-Drupal-Cache
Server-Timing
X-Generator
X-Cache-Status
X-Cacheable
X-Envoy-Upstream-Service-Time
Timing-Allow-Origin
X-Ua-Compatible
X-Iinfo
Permissions-Policy
X-Drupal-Dynamic-Cache
X-Request-ID
X-Content-Security-Policy
Feature-Policy
Access-Control-Expose-Headers
Upgrade
Content-Encoding
Status
X-CDN
X-AspNetMvc-Version
Access-Control-Max-Age
Host-Header
Cf-Edge-Cache
X-Robots-Tag
Request-Context
X-Amz-Request-Id
X-Check
X-Backend
X-Amz-Id-2
Accept-CH-Lifetime
X-Hacker
Cf-Apo-Via
X-Cache-Group
X-Turbo-Charged-By
X-Proxy-Cache
Keep-Alive
X-Age
X-Rq
X-Via
EagleId
X-UA-Device
X-Server
X-Dispatcher
X-Vhost
X-Amz-Version-Id
X-AH-Environment
X-Ws-Request-Id
X-Litespeed-Cache
X-Varnish-Cache
X-OneAgent-JS-Injection
Grace
X-Server-Powered-By
X-WebKit-CSP
X-Swift-SaveTime
X-Swift-CacheTime
X-Pingback
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
Ali-Swift-Global-Savetime
Allow
X-Cache-Lookup
Xkey
X-Page-Speed
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Cloud-Trace-Context
X-Device
X-Backend-Server
X-Dns-Prefetch-Control
X-Akam-SW-Version
X-Host
EagleEye-TraceId
Surrogate-Control
X-Response-Time
X-Readtime
Cf-Railgun
X-Server-Id
X-Node
X-HW
X-Ruxit-JS-Agent
Request-Id
X-Country
X-Url
X-Nginx-Cache-Status
Content-Location
X-Content-Type
Cache-Tag
X-Country-Code
X-Nginx-Upstream-Cache-Status
X-Trace
Service-Worker-Allowed
X-Clacks-Overhead
Fastly-Restarts
X-Application-Context
Cross-Origin-Opener-Policy
X-NWS-LOG-UUID
X-Amz-Server-Side-Encryption
X-Rack-Cache
X-Times
X-LiteSpeed-Cache
X-Vname
X-TtlSet
X-PC
X-Edge
X-Midtier
X-Mcache
Surrogate-Key
Rating
X-Server-Name
X-Cache-TTL
Pagespeed
X-Middleton-Display
Display
X-Sol
X-Browser-Type
X-Cnection
X-Element-Page-Cache
X-Abt-Application-Version
X-Kinja
X-Kinja-Build
X-GoogleNews-Bot
X-Exp-Id
X-Cdn-Fetch
X-Exp-Variant
X-Kinja-Server
X-Kinja-Revision
X-Powered-By-Plesk
X-ESI
Nginx-Cache
X-GitHub-Request-Id
X-ECACHE
Edge-Control
X-Vcap-Request-Id
X-D2id
X-Ser
Verso
X-Ac
X-MS-InvokeApp
X-ORACLE-DMS-RID
X-Client-IP
X-Amz-Rid
X-Middleton-Response
Response
X-ARC
X-Ratelimit-Limit
X-Dw-Request-Base-Id
X-CST
X-Wormhole-Sdk
X-B3-TraceId
X-Powered-CMS
X-Goog-Hash
X-Navigation-Version
X-Edge-Location-Klb
X-Kinsta-Cache
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Instrumentation
X-Kraken-Loop-Name
X-PDP-UNCACHING-HASH
X-Server-Lifecycle-Phase
X-Upstream
X-Ratelimit-Remaining
X-Forwarded-For
X-Amzn-Trace-Id
X-Ruxit-Js-Agent
X-Cache-Key
RTSS
SPIisLatency
SPRequestDuration
X-Daa-Tunnel
X-FastCGI-Cache
X-Mod-Pagespeed
Edge-Cache-Tag
AR-ATIME
AR-PoweredBy
AR-Request-ID
AR-SID
Cache-Status
Public-Key-Pins
X-Server-ID
X-Content-Digest
X-Ezoic-Cdn
X-Oneagent-Js-Injection
X-Ttl
X-Version
Accept-Ch-Lifetime
X-Mg-S
X-NF-Request-ID
X-ORACLE-DMS-ECID
SPRequestGuid
X-SharePointHealthScore
S
Realpath
X-T
X-MSEdge-Ref
X-Shield-Request-Id
Fastcgi-Cache
Cross-Origin-Resource-Policy
X-Recruiting
AR-CACHE
Origin-Trial
X-Fastly-Request-ID
X-Cached
Front-End-Https
X-Accel-Expires
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Distributor
X-Ua-Device
X-FTR-Request-ID
X-Azure-Ref
X-Pinterest-Rid
Pinterest-Generated-By
Pinterest-Version
Access-Control-Request-Method
TP-Cache
Arr-Disable-Session-Affinity
X-Request-Processing-Time
X-Request-Received
X-Newrelic-App-Data
Count-Hit
X-Debug
X-Id
X-HS-Cache-Config
X-HS-Hub-Id
X-HS-Content-Id
X-TTL
X-Ua-Browser
X-LLID
X-Nf-Request-Id
X-Xrds-Location
Server-Node
X-Ismobilevalue
Cache-Tags
X-Content-Security-Policy-Report-Only
X-Cluster-Name
MicrosoftSharePointTeamServices
X-PressLabs-Stats
X-Correlation-Id
X-VARITI-CCR
X-Frontend
X-Hits
X-Varnish-TTL
X-GUploader-UploadID
X-Varnish-Backend
X-HS-Combine-CSS
X-Aspnetmvc-Version
X-NGENIX-Cache
X-Amz-Replication-Status
X-Protected-By
Payment
X-Goog-Metageneration
Accept-Ch
X-Microsite
X-Request-Handler-Origin-Region
X-Varnish-Ttl
Akamai-GRN
Cleartype
X-LB-Cache
X-Unique-Id
X-FB-Debug
X-Activity-Id
X-Git-Hash
X-Varnish-Server
X-Logged-In
X-Az
X-AppVersion
X-Www-Served-By
X-Ratelimit-Reset
X-Page-Id
X-Tt-Trace-Host
X-Tt-Trace-Tag
Content-Disposition
X-Hostname
Host
Filterid
X-DIS-Request-ID
X-Forwarded-Proto
X-HP-Webp
X-HP-Trace-Id
X-Jurisdiction
X-Cambria-Cache-Control
X-Amzn-RequestId
X-Amz-Apigw-Id
X-App-Server
X-Fastcgi-Cache
X-Template
X-Geo-Country
Frame-Options
X-B3-TraceId-Primal
Mrf-Cache-Status
MRF-Tech
Trailer
X-TraceId
Amp-Access-Control-Allow-Source-Origin
Access-Control-Allow-Method
X-Goog-Storage-Class
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Aspnet-Version
X-Load-Cache
X-WP-CF-Super-Cache-Cache-Control
Version
X-Origin-Server
X-WP-CF-Super-Cache
X-Type
Viewport
Fastly-SIE
Fastly-SWR
X-Upgrade-Enabled
X-ASPNET-VERSION
Section-Io-Cache
Accept-Charset
X-Content-Options
X-Fb-Rlafr
X-TT
Retry-After
X-B
X-B3-Sampled
X-Cache-Control
X-Grace
X-Rid
X-Ah-Environment
X-Envoy-Decorator-Operation
X-Source
MS-Author-Via
Content-MD5
X-Tec-Api-Origin
X-Tec-Api-Root
X-Tec-Api-Version
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Cache-Age
X-Device-Type
X-Vcl-Version
Server-Name
X-Request-Guid
X-Magnolia-Registration
X-Trace-Id
X-Language
X-Revision
X-Px
X-Cdn
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-Buckets
X-Mobile
Healthy
TCN
X-HS-Prerendered
X-WP-CF-Super-Cache-Active
X-EdgeConnect-Cache-Status
X-Webkit-CSP
X-Backend-Name
X-Akamai-Edgescape
X-CSRF-Token
X-Varnish-Grace
X-App-Environment
Protected
X-RM-Cache-TTL
X-FW-Server
X-FW-Serve
X-Rule
X-Environment-Context
X-Tumblr-Pixel-0
X-Status
X-FW-Dynamic
X-Tumblr-User
X-Origin-Cache
X-ProcessESI
X-Tumblr-Pixel
X-FW-Version
X-L-Path
X-FW-Type
X-Debug-Info
X-RemovedCookies
X-Contextid
X-FW-Static
X-FW-Hash
X-Tumblr-Pixel-1
X-NYM-Debug-Backend
X-Storage
X-Mg-Request-UUID
X-Node-Name
X-Proxy-Cache-Info
Access-Control-Request-Headers
NGB
SD-X-WS
X-UUID
X-Framework
X-ServerID
X-Cache-Time
X-Instance
Cross-Origin-Window-Policy
Charset
Ms-Operation-Id
MS-CV
X-Datadog-Sampling-Priority
X-Debug-IsConnected
X-Proxy
X-Region
GEO-INFO
X-RTag
X-Debug-IsPreview
X-Adobe-Content
X-Adobe-Loc
X-Datadog-Sampled
X-Datadog-Parent-Id
X-Datadog-Trace-Id
X-Rendered-As
X-Is-Bot
X-Content-Powered-By
X-Cacheable-TTL
X-Amz-Meta-S3cmd-Attrs
X-Edge-Location
X-Original-Request-Id
X-G
X-Yottaa-Metrics
Upgrade-Insecure-Requests
X-Response-Served-From
X-Yottaa-Optimizations
Cross-Origin-Embedder-Policy-Report-Only
X-Whom
Refresh
Webserver
OT-Force-Account-Verify
Countrycode
DC
Paypal-Debug-Id
X-B3-Traceid
X-RateLimit-Remaining
X-Lambda-Id
X-User-Agent
Section-Io-Id
X-Seen-By
X-HTML-Minification-Powered-By
X-Reqid
Front
X-VC
X-Amzn-Remapped-Content-Length
X-WebKit-CSP-Report-Only
Alternate-Protocol
X-Hcs-Proxy-Type
X-CCDN-Origin-Time
X-CCDN-CacheTTL
X-Server-W
Priority
X-TT-LOGID
X-VHOST
X-ECache
X-IPS-LoggedIn
SRV
X-Real-IP
X-Akamai-Request-ID2
X-Time
X-WP-CF-Super-Cache-Cookies-Bypass
X-AB
X-Cache-Status-Check
Country
Liferay-Portal
X-Fastly-Request-Id
X-FTR-Cache-Status
X-FTR-Expires
X-FTR-Balancer
X-N
X-Country-Code-Real
Backend
X-FTR-Backend-Server
X-Mode
X-FTR-Backend
Xet-Cookie
X-B3-SpanId
X-Nginx-Cache
Onion-Location
Filters
X-FB-TRIP-ID
Environment
X-UPSTREAM-Address
X-Tumblr-Pixel-2
X-Rn-Rsrv
Fastcgi-Useragent
X-Rocket-Nginx-Serving-Static
X-SaId
X-JoinUs
X-Rewrite-Enabled
Meta-Geo
ServerID
X-Cache-Host
X-Say-Cacheable
X-R9-Blue-Green-Version
X-Say-TTL
X-Hosted-By
X-Redis-Cache
X-Fetched-On
X-Varnish-Age
X-Hl-Ver
X-Origin-TTL
X-Restarts
DB-Nickname
Expiry
X-SayCDN-TTL
TWC-GeoIP-Country
TWC-Device-Class
TWC-Privacy
X-Labrador-Cache-Channel
X-IPLB-Request-ID
X-IPLB-Instance
X-Connection-Hash
X-PHP-Host
X-Tb
TWC-Connection-Speed
X-Origin-Hint
X-Origin-Date
X-Accel-Version
X-Origin-CC
X-Skip-Cache
TWC-GeoIP-LatLong
X-Scope-Id
X-Frame-Option
Webcakes-App-Name
Uber-Trace-Id
X-VC-Cache
Property-Id
From-Origin
TWC-Locale-Group
Webcakes-Region
X-Cache-Action
Webcakes-App-Version
X-Format
X-Web-Node
X-Tncms
X-Soup
X-Handled-By
Mn-Server-Ip
Atl-Traceid
X-Varnish-Beresp-Grace
X-Vcache
X-Cms-Context
X-Varnish-Cache-Hits
X-Logging-Id
X-Httpd
X-ProxyCache-Key
X-Loop
X-ProxyCache-Status
Web-Mar-Node
X-Webstats-RespID
X-Director
X-BYPASS-REASON
X-Cache-Expired-At
Apigw-Requestid
X-Cluster-Node
X-Forwarded-Host
X-Served-From
Selected-Fe
X-Timing-Wait
ServedBy
X-Adobe-Source
X-DataDome
X-Cluster
X-Auth-Group-Type
Cross-Origin-Opener-Policy-Report-Only
WPO-Cache-Message
WPO-Cache-Status
X-DynaTrace
X-Proxy-Build
X-Cloudmap
X-Extlb
X-Routing-Service
X-Zipkin-Id
X-Servername
X-S
X-Ms-Version
Url
X-Request-URI
X-Ms-Request-Id
X-Detected-As
X-Proxied
X-Origin
Cross-Origin-Embedder-Policy
Accept-Language
X-Tumblr-Pixel-3
Referer-Policy
N-Cache
X-Hit
X-Azure-Ref-OriginShield
X-Generated-By
Surrogated-Key
X-XRDS-Location
X-LSADC-Cache
X-SRV
Ohc-File-Size
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Worker
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
Xserver
X-Resp-Is-Stale
X-Wix-Request-Id
X-Sucuri-Cache
X-Generation-Time
LB
X-HS-CF-Cache-Status
X-Lagoon
X-Xfnlog-Site
X-Drupal-Cache-Contexts
Source
X-Drupal-Cache-Tags
X-App-Version
X-Cache-Hit
X-Cdn-Origin
X-NWS-UUID-VERIFY
CF-IPCountry
X-MP-GENERATED-AT
X-F-Cache
X-Sucuri-ID
X-Cache-Debug
X-TA-CDN-Provider
Node
X-VCT
X-RCS-CacheZone
CDN-RequestId
X-Tx-Id
X-Is-Mobile
X-Is-Supported-Browser
X-Tcp-Rtt
X-Is-Desktop
X-Is-Tablet
X-Geo-Region
X-Browser-Name
X-No-Session
Cache
X-Mly-Id
Locale
X-Cache-Rule
X-NODE
X-Urbn-Context-Path
X-Urbn-Site-Id
X-Signature
X-B-Cache
X-Pad
X-Varnish-Beresp-Ttl
X-Via-JSL
X-ElasticPress-Query
X-INCAP-ABP
X-Cache-Operation
X-Litespeed-Tag
Edge-Copy-Time
X-Via-CDN
X-Via-SSL
X-Via-Edge
X-Proxy-Cache-Status
X-CDN-Forward
MD5-Digest
X-Ec-Fail
X-A-Dam
X-DPWN-IS-SECURE
Meta-Geo-Continent
Mail-Subject
X-Debug-Cache-Fetch
Origin
X-Debug-Cache-Store
X-Developer
Lang
X-Ec-GeoHdr
Odigeo-Trace-Id
DCR-Decision-By
DCR-Processing-Time-Ms
Expect-Staple
X-FC-Vary-Parameters
Content-Secure-Policy
Cluster
Producers
X-A-Ccd
X-A
We-Hiring
Ngx.Var.Host
X-A-Dcw
BehaviorPad-Version
X-App-Name
Sslversion
X-Aicache-OS
X-Aed
X-Bug-Bounty
X-Bl-Debug
X-Backend-Instance
X-Bc-Bl
X-BCube-Filmed-By
Fastly-Backend-Name
Candidate-Md5Url
Fl-Custom-Application
Xc-Version
X-Conf
Host-ID
Fastly-GeoIP-CountryCode
X-A-Dgt
Redirect-Candidate
X-A-Wwc
X-Cache-Info
X-Cache-NE
Rendered-Blocks
X-D
X-Vtex-Remote-Cache
X-Nyt-Route
X-Rojux
X-Geolocation
X-PAYTM-SRV-ID
X-Ig-Push-State
X-Platform-Server
X-Vdms-Version
X-Ig-Origin-Region
X-Mvc-Supplant-Cachable
X-ScT
X-Proto
X-GeoCountry
X-TIM-N
X-Proxied-Request
X-Org
X-Origin-Time
X-Gdpr
X-Path
X-Jobs
X-GeoCode
X-Sorting-Hat-PodId
X-Alternate-Cache-Key
X-Shopify-Stage
X-ShopId
X-Oracle-Dms-Ecid
X-Sorting-Hat-ShopId
X-ShardId
X-Storefront-Renderer-Rendered
Wxu-Next-Region
Wxu-Next-Commit
W
Wxu-Next-Hostname
X-Policy
X-B-Cookie
X-Platform
X-Application
Web-Mar-Region
X-Access
X-Accel-Expires-Debug
V-Age
X-VG-WebCache
X-Via-Fastly
X-AB-Test
X-Powered-By-VTEX-Cache
TDXMobile
PFcat
Origin-Agent-Cluster
Platform
X-Thinkindot-L3
X-VarnishDD-TTL
Product
X-V-Cache
X-Var-Ttl
X-Varnish-CookieINHashed-On
X-Varnish-Director
X-Varnish-CookieHashed-On
X-Varnish-Authentication
X-External-Request-Id
X-Shield-Cache-Expires
Req-Svc-Chain
Thinkindot-CacheControl
X-SB
X-Request-Time
Thinkindot-CacheControl-Type
X-Cache-Grace
X-Req
X-Destination
Server-Host
RNT-Time
RNT-Machine
X-Varnishpool
X-Section
X-Scheme
User-Agent
X-BBC-Edge-Cache-Status
X-Hash
X-Depends
X-Dispatcher-Server
X-Gzip
X-GoCache-CacheStatus
X-DefHash
X-DefElseHash
X-Csrf-Jwt
X-Core-Value
X-Date
X-Viewer-Country
X-HN
X-We-Are-Hiring
X-GeoIP-City
X-Eu-Site
X-Esi-Check
X-Fastly-Backend
X-VServer
X-Fmm-Version
X-Generated-On
X-Vmg-Version
X-Edge-Server
X-GeoIP
X-VTEX-Cache-Time
X-VTEX-Cache-Server
X-Epic-Correlation-Id
X-Contensis-Viewer-Groups
X-Irp-Debug
X-NMSegId
X-Node-Id
X-Cache-Aspx
X-Mvc-Supplant-OutputCached
X-Cache-Date
X-Op-Id-All
X-Gamma-Serve
X-Amz-Storage-Class
X-Amz-Meta-Cb-Modifiedtime
X-Origin-Expires
X-Auto-Login
X-B3-Trace-ID
X-Cache-Id
X-Micro-Cache
X-Level-Front-Cache
X-Loc
X-Clientip
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-Locale
X-CGP
X-Location
X-Cached-By
X-CacheTTL
X-Cdn-Srv
X-AK-Request-ID
NM-Fastcgi-Cache
Cdncip
X-GeoIP-Region-Code
Apple-News-Services-Handled
Apple-News-Services-Host
Cdnsip
X-GeoIP-Country-Code
Content-Style-Type
Content-Script-Type
X-S-Cookie
X-HS-Content-Campaign-Id
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Azure-SlotName
Azure-Version
Canary
Cache-Provider
Azure-SiteName
Azure-RegionName
Cdn-Request-Time
Azure-InstanceId
Cdn-Host
Debug
X-SD-PageType
X-Slack-Shared-Secret-Outcome
Gh-Request-Id
X-Varnish-Remaining-TTL
HA-Ipaddr
L5d-Success-Class
Gannett-Cam-Experience-Id
X-Slack-Backend
Ha-Gx-Prefs
Mime-Version
X-Upstream-Ht
X-Upstream-Ct
Akamai-Mon-Iucid-Del
X-NGINX-Cache
X-IsAdmin
X-VG-TLSProxy
X-Pool
X-Internal-TTL
Pramga
X-ORCA-Accelerator
X-UA-Device-Type
X-Akamai-Device-Characteristics
X-NodeID
X-Origin-Response-Time
X-Men
X-Thanos
User-Cache-Control
X-Request-Host
X-Sn-Servicetimems
NGX
X-Content-Length
X-Server-IP
X-SIPLIST1
X-Site-Version
XM
X-SVT-ORM-RULES
X-Cache-FS-Status
X-Hnp-Log
X-Pubstack
X-Request-Start
Fastly-SSL
X-SVT-ORM-VERSION
Yak-Timeinfo
X-Bip
X-Human
Tube-Got-Eval
Tube-Get-Contents
Origin-EX
Tube-Return
Click-Count-Error
Req-ID
Click-Count-Action-Start
Origin-CC
IsBot
X-Ec-Custom-Error
ServerName
DSUID
Release
X-CUA
X-Varnish-Beresp-Status
X-Content-Age
Country-Code
X-Block-Status
Tube-Got-Results
CDN-EdgeStorageId
CDN-PullZone
CDN-RequestCountryCode
CDN-Cache
X-Gen-Mode
X-Acquia-Purge-Cdn-Unconfigured
CDCHOST
CDN-RequestPullCode
CDN-CachedAt
X-GEO
CDN-Uid
L
CDN-RequestPullSuccess
Sid
Ohc-Cache-HIT
Ssr
X-VC-TTL
X-Varnish-Hits
Esi-Enabled
X-Service
X-User
X-Tb-Optimization-Total-Bytes-Saved
X-UA
X-LB-NoCache
X-RID
X-HOST
X-Zen-Fury
X-Cs
X-Api-Version
Fastly-Drupal-HTML
X-CACHE-GROUP
X-Refresh
AMP-Access-Control-Allow-Source-Origin
X-AIR-PT
X-ZONE
Cdn-Requestid
X-Proxy-CacheRZ
XkeyRZ
A
Cache-Key
GeoIP-Latitude
X-Cache-Bucket
X-Cdn-Forward
X-B3-Spanid
X-DC
X-Tt-Logid
X-RequestId
CloudFront-Viewer-Country
X-CLOUD-TRACE-CONTEXT
X-Servedbyhost
X-TH-Server
X-Vgn-Hpd-Reason
X-HITS
X-Newrelic-Synthetics
X-Via-Poph
X-Via-Popv
X-Wa
X-HA-Backend
X-Via-Popn
X-Nc
X-HubSpot-Correlation-Id
TP-L2-Cache
C-Via
X-Dc
Server-ID
X-Old-Content-Length
X-B3-Parentspanid
X-APP
X-Nananana
X-LB-ID
X-Moov-Xdn-Version
X-Moov-T
X-Moov-Xdn-Caching-Status
HostName
X-Endurance-Cache-Level
Proxy-Firewall
X-DynaTrace-JS-Agent
X-Optimistic-Header
X-Ua
X-Webkit-Csp-Report-Only
X-Presslabs-Stats
Cdn
Fastly-Drupal-Html
X-Srv
X-Parent-Response-Time
N1-Cache
X-Action
WP-Super-Cache
X-COUNTRY
X-LiteSpeed-Tag
X-Zone
True-Client-Country-4JS
X-URL
X-LiteSpeed-Cache-Control
X-Webkit-Csp
X-CS
X-Datadome
X-Air-Pt
Location
X-Vercel-Id
X-Vercel-Cache
X-Thinkindot-L1
X-Cache-VC
X-Litespeed-Cache-Control
Sever-Int
Server-Hostname
Server-Ext
X-Test
X-CACHE-AGE
X-Fpc
Is-Eu
Adler-Geo
GeoIp-Country-Code
X-API-Version
Cache-Hits
SID
TWC-GeoIP-DMA
TWC-GeoIP-Region
TWC-GeoIP-City
X-Dispatcher-Number
X-DataCenter
X-VWS-Id
X-AWS-Id
X-NewRelic-App-Data
X-LJ-Flow-ID
WZWS-RAY
X-Nginx-Cache-Key
True-Client-Ip
X-Provided-By
True-Client-IP
Uri
X-RateLimit-Limit
X-ApacheServer
X-PERF
GeoIP-Country-Code
SEZNAM-JOBS-OFFER
T-Server
X-Render-Time
X-Datacenter
X-WA-Info
X-Custom-Header
X-Geo-Header
Resin-Trace
X-Pass-Why
X-Uri
X-ND-Cache
X-Nitro-Cache
X-Varnish-Beresp-TTL
S-Rt
X-Ssense-Shipping-Surcharge-Enabled
X-SERVER-NAME
X-Ssense-Gql
X-Jungle-Id
Log-Origin
Serverhost
X-CMSURLCustom
Vc-Max-Age
X-Cache-Server
X-Stale
X-Ion-Hop
Tcn
RewriteTeamHook
RewriteTestHook
Cache-Contol
X-FPC
X-Ion-Healthy
X-Client-Ip
X-Service-Response-Time
Cache-Tv-Group
X-TX-ID
Sm-Log-Id
Cmsid
Pics-Label
My-App
Cmstype
Srv
X-APP-VERSION
X-Srcache-Fetch-Status
X-Correlation-ID
X-Srcache-Store-Status
X-Dynatrace-Js-Agent
Powered-By
X-Up
Lb
X-From
X-Oracle-Dms-Rid
X-XRDS-LOCATION
X-Air-Source
X-Air-Hostname
X-Fastly-Cache-Status
X-Air-Trace-Id
Hostname
X-Debug-Service
Av-Poweredby
X-Udemy-Cache-App-Namespace
CacheControlHeader
X-Cdn-Cache-Status
Vix-Hermes-Req-Id
Server-Id
Cf-Ipcountry
X-Fastly-Cache
X-Cache-TTL-Remaining
X-Ckpd-Fst-Backend
X-Akamai-Pragma-Client-IP
X-App
X-Vc
X-LAGOON
X-Lb-Id
X-NC
Thinkindot-Control
X-WA
On-Server
X-Cache-Ttl
X-Html-Minification-Powered-By
X-Via-PopV
X-Ha-Backend
X-Via-PopH
X-Via-PopN
X-Fastly-Backend-Reqs
NtCoent-Length
X-Oracle-DMS-ECID
ServerHost
X-Github-Request-Id
X-Esi
X-VCL-Version
X-Save-Cache
X-Vary-Devices
X-PHP-Backend
Xkey-La3
AKAMAI
Cloudfront-Viewer-Country
X-Cms-Device
Origin-Site
X-Ee-Origin
X-Amz-Meta-Opti
X-ServedByHost
Geoip-Latitude
Time-Cloud-Cache
Store-Cloud-Cache
X-Requestid
X-Ee-Generated-By
X-Ee-Request-Date
X-Ee-Request-Id
Xkeylog
X-Proxy-Cache-La3
X-VTEX-Cache-Backend-Connect-Time
Epwk-X-Cache
X-SRCache-Key
X-IAuth-Set-Uid
WWW-Authenticate
X-VTEX-Cache-Backend-Header-Time
X-MSEdge-Features
X-Varnish-Hostname
X-Traceid
WebServer
X-MSEdge-Flight
CountryCode
X-Serial
X-Lb-Nocache
X-Check-Cacheable
X-Sucuri-Id
X-Limited
Edge-Cache
X-Info
Cl-Cache
X-HS-Status
Magicmarker
Warning
X-Lsadc-Cache
Pragrma
X-Wp-Cf-Super-Cache-Cache-Control
Ms-Author-Via
X-Akamai-Transformed
X-Acquia-Site
X-Dw-Trace-Id
X-Pod
X-Wp-Cf-Super-Cache
Reporter
FSS-Cache
X-Acquia-Purge-Tags
X-Acquia-Application-UUID
X-Acquia-Application-Trace
X-Web-Server
X-CDN-Cache-Status
X-Mg-Cache
YJS-ID
Yjs-Id
X-Platform-Router
X-Platform-Processor
X-Geo
X-Platform-Cluster
X-Td-Header-From-No-Data
X-Ramcache
Timeexpire
X-Elasticpress-Query
X-Akamai-ERPolicy
X-Akamai-ERRuleID
X-Orig-Cache-Control
Cneonction
X-Tncms-Bot-Tier
CF-Cached-On
X-Ms-Blob-Type
X-Ms-Lease-Status
X-BBC-Origin-Response-Status
Thinkindot-Cache-Type