Threat Level: green Handler on Duty: Daniel Wesemann

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
X-Frame-Options
Expires
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
CF-Cache-Status
Cf-Request-Id
ETag
Accept-Ranges
Expect-CT
CF-RAY
Pragma
X-Powered-By
X-Cache
Via
X-XSS-Protection
Age
Content-Security-Policy
Alt-Svc
Report-To
NEL
Referrer-Policy
Access-Control-Allow-Origin
X-Xss-Protection
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
X-Served-By
P3P
X-Download-Options
X-Timer
X-Request-Id
Accept-CH
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
CF-Ray
Content-Security-Policy-Report-Only
X-DNS-Prefetch-Control
X-Runtime
X-AspNet-Version
P3p
X-Drupal-Cache
Server-Timing
X-Generator
X-Cache-Status
X-Cacheable
X-Envoy-Upstream-Service-Time
X-FRAME-OPTIONS
Timing-Allow-Origin
X-Iinfo
Permissions-Policy
X-Drupal-Dynamic-Cache
X-Ua-Compatible
X-Content-Security-Policy
Feature-Policy
Access-Control-Expose-Headers
Upgrade
X-Request-ID
Content-Encoding
Status
X-CDN
X-Check
X-AspNetMvc-Version
Access-Control-Max-Age
Host-Header
Cf-Edge-Cache
X-Robots-Tag
Request-Context
X-Amz-Request-Id
X-Backend
X-Amz-Id-2
X-Hacker
Cf-Apo-Via
X-Turbo-Charged-By
X-Cache-Group
X-Proxy-Cache
Keep-Alive
X-Rq
X-Via
X-Age
EagleId
X-UA-Device
X-Server
X-Dispatcher
X-Vhost
X-Amz-Version-Id
X-AH-Environment
Accept-CH-Lifetime
X-Ws-Request-Id
X-Litespeed-Cache
X-Varnish-Cache
Grace
X-Server-Powered-By
X-OneAgent-JS-Injection
X-Pingback
X-Swift-CacheTime
X-Swift-SaveTime
X-WebKit-CSP
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Dns-Prefetch-Control
Allow
Ali-Swift-Global-Savetime
X-Cache-Lookup
X-Page-Speed
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Cloud-Trace-Context
Xkey
X-Device
X-Backend-Server
X-Akam-SW-Version
X-Host
EagleEye-TraceId
Surrogate-Control
X-Response-Time
X-Readtime
Cf-Railgun
X-Node
X-HW
X-Ruxit-JS-Agent
X-Server-Id
Request-Id
X-Country
X-Nginx-Cache-Status
X-Url
X-LiteSpeed-Cache
Content-Location
X-Content-Type
Cache-Tag
X-Nginx-Upstream-Cache-Status
X-Clacks-Overhead
X-Application-Context
Service-Worker-Allowed
Fastly-Restarts
X-NWS-LOG-UUID
X-Trace
Cross-Origin-Opener-Policy
X-Country-Code
X-Amz-Server-Side-Encryption
X-Rack-Cache
X-Times
X-PC
X-Vname
X-TtlSet
X-Midtier
X-Mcache
X-Edge
Surrogate-Key
Rating
X-Cache-TTL
X-Sol
Pagespeed
Display
X-Middleton-Display
X-Browser-Type
X-Server-Name
X-Cnection
X-Element-Page-Cache
X-Abt-Application-Version
X-Exp-Variant
X-Exp-Id
X-Kinja-Server
X-Kinja
X-GoogleNews-Bot
X-Kinja-Revision
X-Kinja-Build
X-Cdn-Fetch
Nginx-Cache
X-ESI
X-Powered-By-Plesk
X-GitHub-Request-Id
Edge-Control
X-ECACHE
X-Ser
X-D2id
Verso
X-Vcap-Request-Id
X-Ac
X-MS-InvokeApp
X-Client-IP
X-B3-TraceId
X-ARC
X-Dw-Request-Base-Id
Response
X-Middleton-Response
X-Amz-Rid
X-CST
X-Oneagent-Js-Injection
X-ORACLE-DMS-RID
X-Goog-Hash
X-Powered-CMS
X-Wormhole-Sdk
X-Navigation-Version
X-Server-ID
X-Ratelimit-Limit
X-Edge-Location-Klb
X-Kinsta-Cache
X-Upstream
X-Kraken-Loop-Name
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-PDP-UNCACHING-HASH
X-Instrumentation
X-Server-Lifecycle-Phase
Accept-Ch-Lifetime
X-Forwarded-For
X-Amzn-Trace-Id
X-Ratelimit-Remaining
X-Daa-Tunnel
RTSS
X-Cache-Key
X-FastCGI-Cache
SPIisLatency
SPRequestDuration
X-NF-Request-ID
X-Mod-Pagespeed
AR-ATIME
AR-SID
AR-Request-ID
AR-PoweredBy
Edge-Cache-Tag
Cache-Status
Public-Key-Pins
X-Ruxit-Js-Agent
X-Ezoic-Cdn
X-Version
X-Content-Digest
X-ORACLE-DMS-ECID
X-Ttl
X-Mg-S
SPRequestGuid
X-SharePointHealthScore
S
Realpath
X-Fastly-Request-ID
Cross-Origin-Resource-Policy
X-MSEdge-Ref
X-T
X-Shield-Request-Id
AR-CACHE
Fastcgi-Cache
X-Recruiting
X-Cached
X-Ua-Device
X-Accel-Expires
Front-End-Https
X-Varnish-TTL
X-Kong-Upstream-Latency
X-Distributor
X-Kong-Proxy-Latency
Origin-Trial
X-TTL
X-Azure-Ref
Access-Control-Request-Method
TP-Cache
X-Newrelic-App-Data
X-Request-Processing-Time
Arr-Disable-Session-Affinity
X-Request-Received
X-Id
Count-Hit
X-Ua-Browser
X-Debug
X-HS-Hub-Id
X-HS-Cache-Config
X-HS-Content-Id
Pinterest-Generated-By
Pinterest-Version
X-Pinterest-Rid
X-LLID
Server-Node
MicrosoftSharePointTeamServices
X-Content-Security-Policy-Report-Only
Cache-Tags
X-Ismobilevalue
X-Cluster-Name
X-PressLabs-Stats
X-VARITI-CCR
X-Frontend
X-Correlation-Id
X-HS-Combine-CSS
X-Aspnetmvc-Version
X-GUploader-UploadID
Accept-Ch
X-Varnish-Backend
X-Amz-Replication-Status
Payment
X-NGENIX-Cache
X-Protected-By
X-Xrds-Location
X-Goog-Metageneration
X-Hits
X-Microsite
X-Request-Handler-Origin-Region
X-LB-Cache
X-Unique-Id
X-Nf-Request-Id
Cleartype
X-Varnish-Server
X-FB-Debug
X-FTR-Request-ID
X-Activity-Id
X-Az
X-Logged-In
X-Www-Served-By
X-Git-Hash
X-AppVersion
X-Forwarded-Proto
Host
X-Tt-Trace-Host
Content-Disposition
X-Ratelimit-Reset
X-Tt-Trace-Tag
X-Page-Id
X-Hostname
Filterid
Akamai-GRN
X-DIS-Request-ID
X-Cambria-Cache-Control
X-Jurisdiction
X-HP-Trace-Id
X-HP-Webp
X-Amzn-RequestId
X-Amz-Apigw-Id
X-App-Server
X-Template
X-Geo-Country
Mrf-Cache-Status
MRF-Tech
X-B3-TraceId-Primal
X-Aspnet-Version
Frame-Options
X-Fastcgi-Cache
X-ASPNET-VERSION
Access-Control-Allow-Method
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Origin-Server
X-Goog-Storage-Class
X-Goog-Generation
Amp-Access-Control-Allow-Source-Origin
X-Varnish-Ttl
X-Upgrade-Enabled
X-WP-CF-Super-Cache-Cache-Control
Version
X-Load-Cache
MS-Author-Via
X-WP-CF-Super-Cache
X-Type
X-Ah-Environment
Fastly-SWR
Fastly-SIE
Viewport
X-Content-Options
Retry-After
Section-Io-Cache
X-Fb-Rlafr
X-Cache-Control
Accept-Charset
X-TT
X-B
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-B3-Sampled
X-TEC-API-ROOT
X-Grace
Content-MD5
X-Rid
Trailer
X-Envoy-Decorator-Operation
X-Source
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Vcl-Version
X-Request-Guid
X-Cdn
X-Device-Type
X-Trace-Id
X-Revision
Server-Name
X-TraceId
X-Language
X-Magnolia-Registration
Healthy
X-Buckets
X-Cache-Age
X-Px
X-Mobile
X-Webkit-CSP
X-Tec-Api-Origin
X-Tec-Api-Version
X-Tec-Api-Root
X-Origin-Cache
X-WP-CF-Super-Cache-Active
X-HS-Prerendered
TCN
X-Backend-Name
X-CSRF-Token
X-Akamai-Edgescape
X-EdgeConnect-Cache-Status
X-Contextid
X-Amz-Meta-S3cmd-Attrs
X-RM-Cache-TTL
X-App-Environment
X-Varnish-Grace
X-Status
X-Rule
X-Tumblr-User
X-NYM-Debug-Backend
X-L-Path
X-ProcessESI
X-Debug-Info
X-Tumblr-Pixel
X-RemovedCookies
X-Environment-Context
X-Instance
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
Access-Control-Request-Headers
X-Region
Cross-Origin-Window-Policy
SD-X-WS
X-FW-Serve
X-FW-Version
X-Proxy
X-FW-Server
X-FW-Hash
X-Cache-Time
X-FW-Type
X-FW-Static
X-Edge-Location
X-Mg-Request-UUID
NGB
X-Framework
X-Storage
X-Node-Name
X-ServerID
GEO-INFO
X-UUID
X-FW-Dynamic
X-Proxy-Cache-Info
X-Adobe-Loc
X-Debug-IsPreview
Ms-Operation-Id
Protected
X-Is-Bot
X-Adobe-Content
X-Debug-IsConnected
X-Cacheable-TTL
X-Datadog-Sampling-Priority
X-Datadog-Sampled
X-RTag
X-Datadog-Parent-Id
MS-CV
X-Content-Powered-By
X-Datadog-Trace-Id
X-Rendered-As
Charset
X-G
X-Yottaa-Optimizations
X-Yottaa-Metrics
Upgrade-Insecure-Requests
X-RateLimit-Remaining
X-HTML-Minification-Powered-By
X-Whom
DC
Cross-Origin-Embedder-Policy-Report-Only
X-Response-Served-From
Countrycode
X-Original-Request-Id
Paypal-Debug-Id
Refresh
X-User-Agent
X-Seen-By
OT-Force-Account-Verify
X-Lambda-Id
Webserver
Section-Io-Id
Front
X-Reqid
X-ECache
X-WebKit-CSP-Report-Only
X-VHOST
X-Amzn-Remapped-Content-Length
X-TT-LOGID
Alternate-Protocol
X-VC
SRV
X-IPS-LoggedIn
X-B3-Traceid
X-Server-W
X-Akamai-Request-ID2
X-Hcs-Proxy-Type
X-CCDN-Origin-Time
X-CCDN-CacheTTL
Priority
X-AB
X-WP-CF-Super-Cache-Cookies-Bypass
Country
X-Cache-Status-Check
X-B3-SpanId
Liferay-Portal
X-Real-IP
X-Time
X-N
Backend
X-Nginx-Cache
X-Mode
X-XRDS-Location
Onion-Location
TWC-Device-Class
Xet-Cookie
TWC-GeoIP-Country
X-Format
X-UPSTREAM-Address
ServerID
X-SaId
X-Origin-Hint
X-FB-TRIP-ID
X-Rewrite-Enabled
TWC-Locale-Group
TWC-Privacy
Webcakes-App-Name
Environment
Webcakes-App-Version
Property-Id
TWC-GeoIP-LatLong
Webcakes-Region
X-Rn-Rsrv
TWC-Connection-Speed
X-JoinUs
Filters
Fastcgi-Useragent
X-Cache-Host
X-Tumblr-Pixel-2
Meta-Geo
X-Accel-Version
X-Hosted-By
X-Hl-Ver
X-Restarts
X-Cache-Expired-At
X-Redis-Cache
X-IPLB-Instance
Web-Mar-Node
Uber-Trace-Id
X-Cache-Action
X-Varnish-Age
X-Skip-Cache
X-R9-Blue-Green-Version
X-Say-Cacheable
X-Origin-Date
X-VC-Cache
DB-Nickname
X-IPLB-Request-ID
X-Connection-Hash
X-Frame-Option
X-Fetched-On
X-Rocket-Nginx-Serving-Static
From-Origin
X-Say-TTL
Mn-Server-Ip
X-Cluster-Node
Expiry
X-SayCDN-TTL
X-Tb
X-Scope-Id
Atl-Traceid
Apigw-Requestid
X-PHP-Host
X-Tncms
X-Varnish-Beresp-Grace
X-Soup
X-Fastly-Request-Id
X-Vcache
X-Varnish-Cache-Hits
X-Logging-Id
X-Httpd
X-Director
X-Cms-Context
X-ProxyCache-Key
X-Forwarded-Host
X-Handled-By
X-Webstats-RespID
X-Web-Node
X-Request-URI
X-Origin-CC
X-Origin-TTL
X-ProxyCache-Status
X-Labrador-Cache-Channel
X-Loop
X-BYPASS-REASON
X-Served-From
Selected-Fe
X-Servername
X-Cluster
X-Adobe-Source
Url
X-Proxy-Build
X-Auth-Group-Type
X-Timing-Wait
ServedBy
X-Extlb
Accept-Language
X-Cloudmap
Cross-Origin-Embedder-Policy
X-Zipkin-Id
X-Origin
X-S
X-Routing-Service
X-Proxied
X-DynaTrace
X-Detected-As
X-Ms-Version
X-DataDome
Referer-Policy
X-Hit
WPO-Cache-Status
WPO-Cache-Message
X-Ms-Request-Id
X-Tumblr-Pixel-3
N-Cache
X-Generated-By
X-SRV
Cross-Origin-Opener-Policy-Report-Only
X-LSADC-Cache
X-Lagoon
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
Xserver
X-Azure-Ref-OriginShield
X-Wix-Request-Id
Surrogated-Key
X-RateLimit-Remaining-Second
X-Worker
X-RateLimit-Limit-Second
X-Xfnlog-Site
X-Webkit-Csp
Ohc-File-Size
X-App-Version
X-Sucuri-Cache
Source
LB
X-Generation-Time
X-HS-CF-Cache-Status
X-NWS-UUID-VERIFY
X-Country-Code-Real
X-FTR-Backend
X-FTR-Cache-Status
X-FTR-Expires
X-FTR-Backend-Server
CF-IPCountry
X-FTR-Balancer
X-Drupal-Cache-Contexts
X-Drupal-Cache-Tags
X-RCS-CacheZone
X-Cache-Debug
X-Cdn-Origin
CDN-RequestId
Node
X-VCT
X-F-Cache
X-MP-GENERATED-AT
X-Cache-Hit
X-Sucuri-ID
X-Via-JSL
X-Is-Supported-Browser
X-Is-Tablet
X-Is-Mobile
X-Is-Desktop
X-NODE
X-Geo-Region
X-Tcp-Rtt
X-Proxy-Cache-Status
X-Browser-Name
X-Varnish-Beresp-Ttl
X-No-Session
X-Urbn-Site-Id
X-Urbn-Context-Path
X-Tx-Id
Locale
X-Signature
X-TA-CDN-Provider
X-B-Cache
X-Upstream-Ct
X-Cache-Rule
X-Upstream-Ht
Cache
X-Mly-Id
X-ElasticPress-Query
X-UA
X-Cache-Operation
Origin
MD5-Digest
Meta-Geo-Continent
Ngx.Var.Host
Odigeo-Trace-Id
Lang
Mail-Subject
L5d-Success-Class
Fastly-GeoIP-CountryCode
Apple-News-Services-Request-Url
Apple-News-Services-Host
PFcat
Cluster
Candidate-Md5Url
Apple-News-Services-Handled
BehaviorPad-Version
Cache-Provider
Content-Secure-Policy
DCR-Decision-By
Fl-Custom-Application
Ha-Gx-Prefs
HA-Ipaddr
Fastly-Backend-Name
Expect-Staple
DCR-Processing-Time-Ms
X-INCAP-ABP
Apple-News-Services-Parsed-Url
Host-ID
X-A-Wwc
X-Ig-Push-State
X-Ig-Origin-Region
X-Jobs
X-Mvc-Supplant-Cachable
X-Op-Id-All
X-Nyt-Route
X-HN
X-GeoCountry
X-Ec-GeoHdr
X-Ec-Fail
X-Eu-Site
X-FC-Vary-Parameters
X-GeoCode
X-Gdpr
X-ORCA-Accelerator
X-Org
X-TIM-N
X-Section
X-VarnishDD-TTL
X-Vdms-Version
Xc-Version
X-Vtex-Remote-Cache
X-ScT
X-Rojux
X-Path
X-Origin-Time
X-PAYTM-SRV-ID
X-Platform-Server
X-Proxied-Request
X-Proto
X-DPWN-IS-SECURE
X-Developer
X-A
Wxu-Next-Region
X-A-Ccd
X-A-Dcw
X-AB-Test
X-A-Dgt
Wxu-Next-Hostname
Wxu-Next-Commit
Rendered-Blocks
Redirect-Candidate
Sslversion
User-Agent
We-Hiring
W
X-Access
X-Aed
X-Conf
X-CGP
X-Csrf-Jwt
X-D
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-Cache-NE
X-Cache-Info
X-App-Name
X-Aicache-OS
X-Backend-Instance
X-Bc-Bl
X-Bug-Bounty
X-BCube-Filmed-By
Producers
X-A-Dam
X-ShardId
X-Shopify-Stage
X-ShopId
X-Sorting-Hat-PodId
X-Alternate-Cache-Key
X-Storefront-Renderer-Rendered
X-Sorting-Hat-ShopId
X-CDN-Forward
Mime-Version
X-Policy
X-Powered-By-VTEX-Cache
X-Req
V-Age
X-Litespeed-Tag
Web-Mar-Region
X-Resp-Is-Stale
X-Service
X-AK-Request-ID
X-Akamai-Device-Characteristics
X-Amz-Meta-Cb-Modifiedtime
X-NodeID
X-Origin-Expires
X-Accel-Expires-Debug
X-Request-Time
X-Platform
Thinkindot-CacheControl-Type
Req-Svc-Chain
RNT-Machine
RNT-Time
Product
Platform
NM-Fastcgi-Cache
Origin-Agent-Cluster
X-Slack-Shared-Secret-Outcome
X-Fastly-Backend
X-Node-Id
X-SD-PageType
X-Scheme
Thinkindot-CacheControl
TDXMobile
X-Slack-Backend
X-Shield-Cache-Expires
X-SB
X-NMSegId
X-GeoIP-Region-Code
X-DefElseHash
X-DefHash
X-Depends
X-GoCache-CacheStatus
X-Date
X-HS-Content-Campaign-Id
X-Hash
X-Gzip
X-GeoIP-Country-Code
X-Dispatcher-Server
X-Fmm-Version
X-Epic-Correlation-Id
X-Esi-Check
X-Gamma-Serve
X-Generated-On
X-GeoIP-City
X-GeoIP
X-Edge-Server
X-Core-Value
X-Content-Length
X-BBC-Edge-Cache-Status
X-Location
X-Locale
X-Cache-Aspx
X-Micro-Cache
X-B3-Trace-ID
X-Thinkindot-L3
X-Auto-Login
X-Mvc-Supplant-OutputCached
X-Cache-Grace
X-Cache-Id
X-Irp-Debug
X-Clientip
X-Contensis-Viewer-Groups
X-Cdn-Srv
X-CacheTTL
X-Loc
X-Level-Front-Cache
X-Cached-By
X-Amz-Storage-Class
Server-Host
Azure-RegionName
Azure-InstanceId
Azure-SiteName
Azure-SlotName
Azure-Version
X-VTEX-Cache-Server
Debug
X-Wikidot-Static-Cache
X-Varnishpool
X-We-Are-Hiring
Esi-Enabled
X-VTEX-Cache-Time
Content-Style-Type
X-VServer
X-VG-WebCache
Cdn-Host
Cdnsip
Cdncip
Cdn-Request-Time
X-Via-Fastly
CDCHOST
X-Vmg-Version
Content-Script-Type
X-Viewer-Country
Canary
Fastly-SSL
X-Wikidot-Backend
X-Varnish-CookieHashed-On
X-Varnish-CookieINHashed-On
X-Varnish-Director
X-Bl-Debug
X-Geolocation
X-Varnish-Authentication
L
Gh-Request-Id
X-Var-Ttl
X-Varnish-Remaining-TTL
Gannett-Cam-Experience-Id
X-V-Cache
Edge-Copy-Time
Akamai-Mon-Iucid-Del
X-Via-SSL
X-Via-Edge
X-Via-CDN
X-Pad
CDN-Cache
X-B-Cookie
X-Destination
CDN-RequestPullCode
X-S-Cookie
X-Gen-Mode
X-External-Request-Id
X-Ec-Custom-Error
CDN-PullZone
CDN-EdgeStorageId
CDN-RequestCountryCode
CDN-CachedAt
X-Cache-Date
Yak-Timeinfo
X-Origin-Response-Time
X-Human
X-Content-Age
X-CUA
XM
X-Internal-TTL
X-IsAdmin
X-Block-Status
X-Bip
X-Application
X-Hnp-Log
X-Cache-FS-Status
X-Men
CDN-RequestPullSuccess
ServerName
X-SIPLIST1
X-Site-Version
Req-ID
X-UA-Device-Type
DSUID
Tube-Got-Eval
Tube-Get-Contents
Country-Code
X-VG-TLSProxy
Release
X-Sn-Servicetimems
IsBot
X-Tb-Optimization-Total-Bytes-Saved
NGX
X-Thanos
Origin-CC
Origin-EX
Pramga
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Varnish-Beresp-Status
Tube-Got-Results
X-Server-IP
X-Request-Start
Click-Count-Error
X-Request-Host
X-HITS
X-Pool
User-Cache-Control
X-Acquia-Purge-Cdn-Unconfigured
Tube-Return
CDN-Uid
Click-Count-Action-Start
X-Pubstack
X-URL
X-RID
X-GEO
X-Varnish-Hits
X-HOST
X-LB-NoCache
X-NGINX-Cache
Ssr
AMP-Access-Control-Allow-Source-Origin
X-Proxy-CacheRZ
X-Zen-Fury
X-Cache-Bucket
X-CACHE-GROUP
Cache-Key
X-User
XkeyRZ
A
X-CLOUD-TRACE-CONTEXT
Sid
Fastly-Drupal-HTML
X-Oracle-Dms-Ecid
Ohc-Cache-HIT
X-VC-TTL
X-Cdn-Forward
X-RequestId
X-Cs
CloudFront-Viewer-Country
X-Refresh
GeoIP-Latitude
X-Servedbyhost
X-ZONE
Cdn-Requestid
X-Newrelic-Synthetics
X-Api-Version
X-Nananana
X-DC
X-Dc
X-APP
X-Optimistic-Header
TP-L2-Cache
X-Via-Popn
C-Via
X-Via-Poph
X-HA-Backend
X-Tt-Logid
Server-ID
X-AIR-PT
X-B3-Spanid
X-Nc
X-Via-Popv
X-Vgn-Hpd-Reason
X-Wa
X-TH-Server
X-B3-Parentspanid
X-LB-ID
X-RateLimit-Limit
X-CACHE-AGE
X-Air-Pt
Proxy-Firewall
X-Endurance-Cache-Level
X-Webkit-Csp-Report-Only
X-Moov-Xdn-Version
True-Client-Country-4JS
X-Old-Content-Length
X-Moov-Xdn-Caching-Status
X-Moov-T
X-CS
X-Presslabs-Stats
X-SERVER-NAME
Fastly-Drupal-Html
Cdn
X-LiteSpeed-Tag
X-COUNTRY
X-Test
HostName
Server-Ext
X-Zone
Server-Hostname
X-DynaTrace-JS-Agent
Sever-Int
X-LiteSpeed-Cache-Control
X-HubSpot-Correlation-Id
X-Parent-Response-Time
WZWS-RAY
X-Datadome
WP-Super-Cache
Is-Eu
SID
X-API-Version
Adler-Geo
X-VWS-Id
X-Srv
X-LJ-Flow-ID
X-AWS-Id
X-Action
X-DataCenter
GeoIp-Country-Code
X-Nginx-Cache-Key
X-Fpc
X-Dispatcher-Number
X-Provided-By
X-Vercel-Id
X-Oracle-Dms-Rid
X-Thinkindot-L1
N1-Cache
X-Vercel-Cache
Location
X-Cache-VC
X-NewRelic-App-Data
X-Litespeed-Cache-Control
T-Server
True-Client-Ip
X-Custom-Header
Uri
X-Geo-Header
X-Pass-Why
X-XRDS-LOCATION
X-ND-Cache
S-Rt
X-Ua
SEZNAM-JOBS-OFFER
True-Client-IP
Cache-Hits
TWC-GeoIP-Region
TWC-GeoIP-DMA
TWC-GeoIP-City
X-Cache-Server
X-ApacheServer
Resin-Trace
GeoIP-Country-Code
X-PERF
Cache-Tv-Group
X-Datacenter
Vc-Max-Age
X-CMSURLCustom
Tcn
X-Stale
X-WA-Info
Pics-Label
X-Render-Time
Serverhost
X-Varnish-Beresp-TTL
Sm-Log-Id
X-TX-ID
X-Dynatrace-Js-Agent
X-Service-Response-Time
X-Client-Ip
X-FPC
X-Nitro-Cache
X-Uri
Powered-By
X-Ssense-Gql
X-Correlation-ID
X-Srcache-Store-Status
X-Srcache-Fetch-Status
X-Ssense-Shipping-Surcharge-Enabled
Lb
X-Ion-Hop
X-Ion-Healthy
Cache-Contol
Hostname
Log-Origin
X-Jungle-Id
X-APP-VERSION
RewriteTeamHook
RewriteTestHook
Srv
Vix-Hermes-Req-Id
X-Vc
My-App
X-Fastly-Cache
X-Cdn-Cache-Status
X-Fastly-Cache-Status
Cmstype
X-Cache-TTL-Remaining
X-Ckpd-Fst-Backend
X-Debug-Service
Cmsid
Av-Poweredby
Thinkindot-Control
X-Air-Trace-Id
Server-Id
X-Air-Source
X-Up
X-Air-Hostname
X-From
On-Server
X-Udemy-Cache-App-Namespace
ServerHost
X-NC
X-WA
CacheControlHeader
X-Lb-Id
Cf-Ipcountry
X-Cache-Ttl
X-Ee-Request-Id
X-Ee-Origin
X-Ee-Generated-By
X-Fastly-Backend-Reqs
X-Ee-Request-Date
X-Cms-Device
X-Github-Request-Id
X-Oracle-DMS-ECID
X-Via-PopV
X-Via-PopN
Geoip-Latitude
X-Amz-Meta-Opti
Store-Cloud-Cache
X-Proxy-Cache-La3
X-PHP-Backend
X-Save-Cache
Time-Cloud-Cache
X-App
X-Via-PopH
WebServer
AKAMAI
Xkeylog
X-Akamai-Pragma-Client-IP
X-Ha-Backend
Xkey-La3
X-Vary-Devices
X-Esi
X-VTEX-Cache-Backend-Header-Time
X-VCL-Version
X-VTEX-Cache-Backend-Connect-Time
X-LAGOON
X-Traceid
X-Info
X-Requestid
X-ServedByHost
Cl-Cache
Magicmarker
NtCoent-Length
X-IAuth-Set-Uid
Cloudfront-Viewer-Country
WWW-Authenticate
CountryCode
X-Serial
X-HS-Status
Origin-Site
X-MSEdge-Features
Warning
X-MSEdge-Flight
X-Dw-Trace-Id
X-Limited
X-Check-Cacheable
X-Sucuri-Id
X-Geo
Reporter
Epwk-X-Cache
X-Varnish-Hostname
X-Mg-Cache
X-SRCache-Key
X-Lb-Nocache
X-Wp-Cf-Super-Cache
X-Akamai-Transformed
X-Acquia-Application-Trace
X-Wp-Cf-Super-Cache-Cache-Control
X-Acquia-Site
X-Acquia-Application-UUID
X-Acquia-Purge-Tags
X-Pod
X-Html-Minification-Powered-By
X-CDN-Cache-Status
FSS-Cache
X-Eligible
CF-Cached-On
Edge-Cache
CDN
X-Td-Header-From-No-Data
X-Rollout
X-New
X-Web-Server
X-Lsadc-Cache
Thinkindot-Cache-Type
X-BBC-Origin-Response-Status
Cneonction
X-Tncms-Bot-Tier
Timeexpire
X-Akamai-ERPolicy
X-Akamai-ERRuleID
X-Ms-Lease-Status
X-Ms-Blob-Type
X-Platform-Processor
X-Platform-Cluster
X-Platform-Router
X-Ramcache
X-Elasticpress-Query
X-Orig-Cache-Control