Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
X-Frame-Options
Expires
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
CF-Cache-Status
Cf-Request-Id
ETag
Accept-Ranges
Expect-CT
CF-RAY
Pragma
X-Powered-By
X-Cache
Via
Age
X-XSS-Protection
Content-Security-Policy
Alt-Svc
Report-To
NEL
Referrer-Policy
Access-Control-Allow-Origin
X-Xss-Protection
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
Accept-CH
X-Served-By
P3P
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Request-Id
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
CF-Ray
Content-Security-Policy-Report-Only
X-DNS-Prefetch-Control
X-Runtime
X-AspNet-Version
X-Drupal-Cache
P3p
Server-Timing
X-Generator
X-Cache-Status
X-Cacheable
X-Envoy-Upstream-Service-Time
Timing-Allow-Origin
X-Iinfo
X-FRAME-OPTIONS
Permissions-Policy
X-Drupal-Dynamic-Cache
X-Request-ID
X-Ua-Compatible
X-Content-Security-Policy
Feature-Policy
Access-Control-Expose-Headers
Upgrade
Content-Encoding
Status
X-CDN
X-AspNetMvc-Version
Access-Control-Max-Age
Host-Header
Cf-Edge-Cache
X-Robots-Tag
Request-Context
X-Amz-Request-Id
X-Check
X-Backend
X-Amz-Id-2
Accept-CH-Lifetime
X-Hacker
Cf-Apo-Via
X-Cache-Group
X-Turbo-Charged-By
X-Proxy-Cache
X-Age
Keep-Alive
X-Rq
X-Via
EagleId
X-UA-Device
X-Server
X-Dispatcher
X-Vhost
X-Amz-Version-Id
X-AH-Environment
X-Ws-Request-Id
X-Litespeed-Cache
X-Varnish-Cache
X-OneAgent-JS-Injection
Grace
X-Server-Powered-By
X-WebKit-CSP
X-Swift-CacheTime
X-Swift-SaveTime
X-Pingback
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
Ali-Swift-Global-Savetime
Allow
X-Dns-Prefetch-Control
X-Cache-Lookup
Xkey
X-Page-Speed
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Cloud-Trace-Context
X-Device
X-Backend-Server
X-Akam-SW-Version
X-Host
EagleEye-TraceId
Surrogate-Control
X-Response-Time
X-Readtime
Cf-Railgun
X-Server-Id
X-Node
X-HW
X-Ruxit-JS-Agent
Request-Id
X-Country
X-Url
X-Nginx-Cache-Status
Content-Location
X-Content-Type
Cache-Tag
X-Country-Code
X-Nginx-Upstream-Cache-Status
X-Trace
Service-Worker-Allowed
X-Clacks-Overhead
Fastly-Restarts
X-Application-Context
Cross-Origin-Opener-Policy
X-NWS-LOG-UUID
X-Amz-Server-Side-Encryption
X-Rack-Cache
X-Times
X-LiteSpeed-Cache
X-Vname
X-TtlSet
X-PC
X-Edge
X-Midtier
X-Mcache
Surrogate-Key
Rating
X-Server-Name
X-Cache-TTL
Pagespeed
X-Middleton-Display
Display
X-Sol
X-Browser-Type
X-Cnection
X-Element-Page-Cache
X-Abt-Application-Version
X-Kinja
X-Kinja-Revision
X-GoogleNews-Bot
X-Exp-Id
X-Cdn-Fetch
X-Exp-Variant
X-Kinja-Server
X-Kinja-Build
X-Powered-By-Plesk
X-ESI
Nginx-Cache
X-GitHub-Request-Id
Edge-Control
X-Vcap-Request-Id
X-D2id
X-Ser
Verso
X-Ac
X-MS-InvokeApp
X-ECACHE
X-ORACLE-DMS-RID
X-Client-IP
X-Amz-Rid
X-Middleton-Response
Response
X-ARC
X-Ratelimit-Limit
X-Dw-Request-Base-Id
X-CST
X-Wormhole-Sdk
X-B3-TraceId
X-Powered-CMS
X-Goog-Hash
X-Navigation-Version
X-Kinsta-Cache
X-Edge-Location-Klb
X-Erf-Bev-Bev
X-Instrumentation
X-Erf-Bev-Bev-Is-Generated
X-Kraken-Loop-Name
X-PDP-UNCACHING-HASH
X-Server-Lifecycle-Phase
X-Upstream
X-Ratelimit-Remaining
X-Forwarded-For
X-Amzn-Trace-Id
X-Ruxit-Js-Agent
RTSS
X-Cache-Key
SPIisLatency
SPRequestDuration
X-Daa-Tunnel
X-FastCGI-Cache
X-Mod-Pagespeed
Edge-Cache-Tag
AR-ATIME
AR-PoweredBy
AR-Request-ID
AR-SID
Cache-Status
Public-Key-Pins
X-Server-ID
X-Content-Digest
X-Oneagent-Js-Injection
X-Ezoic-Cdn
X-Ttl
X-Version
Accept-Ch-Lifetime
X-Mg-S
X-ORACLE-DMS-ECID
SPRequestGuid
X-SharePointHealthScore
S
Realpath
X-T
X-Shield-Request-Id
X-MSEdge-Ref
Fastcgi-Cache
Cross-Origin-Resource-Policy
X-Recruiting
AR-CACHE
Origin-Trial
X-NF-Request-ID
X-Fastly-Request-ID
X-Accel-Expires
Front-End-Https
X-Cached
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Distributor
X-Ua-Device
X-Nf-Request-Id
X-FTR-Request-ID
X-Azure-Ref
Pinterest-Generated-By
Pinterest-Version
X-Pinterest-Rid
Access-Control-Request-Method
TP-Cache
Arr-Disable-Session-Affinity
X-Request-Processing-Time
X-Request-Received
X-Newrelic-App-Data
Count-Hit
X-HS-Content-Id
X-Id
X-HS-Cache-Config
X-Debug
X-TTL
X-HS-Hub-Id
X-Ua-Browser
X-LLID
X-Xrds-Location
Server-Node
Cache-Tags
X-Ismobilevalue
X-Content-Security-Policy-Report-Only
X-Cluster-Name
MicrosoftSharePointTeamServices
X-PressLabs-Stats
X-Correlation-Id
X-VARITI-CCR
X-Frontend
X-Hits
X-Varnish-TTL
X-GUploader-UploadID
X-Varnish-Backend
X-HS-Combine-CSS
X-Aspnetmvc-Version
X-NGENIX-Cache
X-Amz-Replication-Status
X-Protected-By
Payment
X-Goog-Metageneration
Accept-Ch
X-Microsite
X-Request-Handler-Origin-Region
X-Varnish-Ttl
Akamai-GRN
X-LB-Cache
X-Unique-Id
Cleartype
X-FB-Debug
X-Activity-Id
X-Varnish-Server
X-Www-Served-By
X-Git-Hash
X-Logged-In
X-AppVersion
X-Az
Content-Disposition
X-Page-Id
X-Ratelimit-Reset
X-Tt-Trace-Host
X-Hostname
X-Tt-Trace-Tag
Host
X-Forwarded-Proto
Filterid
X-DIS-Request-ID
X-HP-Trace-Id
X-Cambria-Cache-Control
X-Jurisdiction
X-HP-Webp
X-Amz-Apigw-Id
X-Amzn-RequestId
X-App-Server
X-Fastcgi-Cache
X-Template
X-Geo-Country
Frame-Options
MRF-Tech
Mrf-Cache-Status
X-B3-TraceId-Primal
Trailer
X-TraceId
Amp-Access-Control-Allow-Source-Origin
Access-Control-Allow-Method
X-Goog-Generation
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Load-Cache
X-Aspnet-Version
X-WP-CF-Super-Cache-Cache-Control
X-Origin-Server
Version
X-WP-CF-Super-Cache
Fastly-SWR
Fastly-SIE
X-ASPNET-VERSION
X-Type
X-Upgrade-Enabled
Accept-Charset
Viewport
Section-Io-Cache
X-Fb-Rlafr
X-TT
X-Content-Options
X-B
X-Grace
Retry-After
X-Cache-Control
X-B3-Sampled
X-Rid
X-Ah-Environment
X-Envoy-Decorator-Operation
MS-Author-Via
X-Source
Content-MD5
X-Tec-Api-Origin
X-Tec-Api-Root
X-Tec-Api-Version
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Cache-Age
Server-Name
X-Vcl-Version
X-Device-Type
X-Request-Guid
X-Magnolia-Registration
X-Trace-Id
X-Revision
X-Language
X-TEC-API-VERSION
X-Cdn
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Px
X-Buckets
X-Mobile
Healthy
TCN
X-HS-Prerendered
X-EdgeConnect-Cache-Status
X-WP-CF-Super-Cache-Active
X-Webkit-CSP
X-Backend-Name
X-Akamai-Edgescape
X-CSRF-Token
X-Varnish-Grace
X-App-Environment
X-RM-Cache-TTL
Protected
X-Contextid
X-FW-Type
X-Origin-Cache
X-Debug-Info
X-Status
X-Rule
X-Environment-Context
X-Tumblr-User
X-FW-Server
X-FW-Serve
X-Tumblr-Pixel-0
X-FW-Hash
X-Tumblr-Pixel-1
X-FW-Dynamic
X-RemovedCookies
X-Tumblr-Pixel
X-ProcessESI
X-L-Path
X-FW-Static
X-FW-Version
X-UUID
NGB
X-Instance
X-ServerID
X-Mg-Request-UUID
X-NYM-Debug-Backend
Access-Control-Request-Headers
Cross-Origin-Window-Policy
X-Node-Name
X-Proxy-Cache-Info
X-Cache-Time
X-Framework
X-Storage
SD-X-WS
X-Datadog-Parent-Id
X-Debug-IsPreview
X-Adobe-Content
Charset
X-Datadog-Sampling-Priority
X-Debug-IsConnected
X-RTag
X-Content-Powered-By
X-Adobe-Loc
X-Is-Bot
X-Datadog-Sampled
Ms-Operation-Id
MS-CV
X-Rendered-As
X-Region
GEO-INFO
X-Datadog-Trace-Id
X-Cacheable-TTL
X-Amz-Meta-S3cmd-Attrs
X-Edge-Location
Upgrade-Insecure-Requests
X-G
X-Response-Served-From
X-Proxy
X-Original-Request-Id
X-Yottaa-Optimizations
X-Yottaa-Metrics
Cross-Origin-Embedder-Policy-Report-Only
X-Whom
Refresh
OT-Force-Account-Verify
Webserver
DC
X-ECache
Countrycode
Paypal-Debug-Id
X-B3-Traceid
X-Lambda-Id
X-RateLimit-Remaining
X-User-Agent
X-Seen-By
Section-Io-Id
X-HTML-Minification-Powered-By
X-Reqid
Front
X-VC
X-Amzn-Remapped-Content-Length
X-WebKit-CSP-Report-Only
X-Hcs-Proxy-Type
X-CCDN-Origin-Time
Alternate-Protocol
X-CCDN-CacheTTL
X-Server-W
Priority
X-VHOST
X-IPS-LoggedIn
X-Real-IP
SRV
X-WP-CF-Super-Cache-Cookies-Bypass
X-Akamai-Request-ID2
X-AB
X-Time
X-Fastly-Request-Id
Country
X-TT-LOGID
X-Cache-Status-Check
Liferay-Portal
X-FTR-Backend
X-FTR-Balancer
X-FTR-Backend-Server
Backend
X-FTR-Cache-Status
X-Country-Code-Real
X-N
X-FTR-Expires
X-Mode
X-B3-SpanId
Xet-Cookie
X-DataDome
Onion-Location
X-Nginx-Cache
X-Tumblr-Pixel-2
Meta-Geo
X-SaId
X-Rn-Rsrv
Filters
Environment
X-UPSTREAM-Address
X-FB-TRIP-ID
Fastcgi-Useragent
X-Rewrite-Enabled
ServerID
X-JoinUs
X-Rocket-Nginx-Serving-Static
X-Cache-Host
X-Frame-Option
X-Accel-Version
X-Hl-Ver
X-Connection-Hash
X-Format
X-Origin-Date
X-PHP-Host
X-Fetched-On
X-Origin-Hint
X-Origin-CC
X-Origin-TTL
X-R9-Blue-Green-Version
Expiry
X-Restarts
DB-Nickname
X-Tb
X-Labrador-Cache-Channel
X-IPLB-Request-ID
X-IPLB-Instance
X-Hosted-By
X-Skip-Cache
X-VC-Cache
TWC-GeoIP-Country
TWC-Device-Class
X-Varnish-Age
TWC-Privacy
TWC-Locale-Group
X-Say-TTL
X-Cache-Action
Property-Id
Webcakes-Region
X-Redis-Cache
X-Scope-Id
X-Say-Cacheable
From-Origin
TWC-GeoIP-LatLong
Webcakes-App-Version
Uber-Trace-Id
TWC-Connection-Speed
Webcakes-App-Name
X-SayCDN-TTL
X-Tncms
X-Httpd
X-Logging-Id
X-Handled-By
X-Loop
Web-Mar-Node
X-Director
X-Cms-Context
X-Soup
X-Webstats-RespID
X-Cache-Expired-At
X-Varnish-Beresp-Grace
Mn-Server-Ip
X-Vcache
X-BYPASS-REASON
X-Cluster-Node
X-Varnish-Cache-Hits
Apigw-Requestid
Atl-Traceid
X-ProxyCache-Key
X-ProxyCache-Status
X-Web-Node
X-Forwarded-Host
X-DynaTrace
X-Proxy-Build
X-Auth-Group-Type
X-Timing-Wait
X-Served-From
WPO-Cache-Status
Selected-Fe
X-Adobe-Source
WPO-Cache-Message
Cross-Origin-Opener-Policy-Report-Only
X-Cluster
X-Extlb
X-Cloudmap
ServedBy
X-S
Url
X-Zipkin-Id
X-Ms-Request-Id
X-Routing-Service
X-Ms-Version
X-Request-URI
X-Servername
X-Origin
X-Detected-As
X-Proxied
X-Tumblr-Pixel-3
Accept-Language
Referer-Policy
N-Cache
Cross-Origin-Embedder-Policy
X-Hit
X-LSADC-Cache
X-Azure-Ref-OriginShield
X-Generated-By
Surrogated-Key
X-XRDS-Location
X-SRV
Ohc-File-Size
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Worker
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
Xserver
X-Resp-Is-Stale
X-Wix-Request-Id
X-Sucuri-Cache
X-Generation-Time
X-HS-CF-Cache-Status
LB
X-Lagoon
X-Xfnlog-Site
X-App-Version
Source
X-Drupal-Cache-Tags
X-Drupal-Cache-Contexts
X-Cdn-Origin
X-Cache-Hit
X-NWS-UUID-VERIFY
CF-IPCountry
X-Cache-Debug
X-Sucuri-ID
X-F-Cache
X-MP-GENERATED-AT
Node
X-TA-CDN-Provider
X-RCS-CacheZone
X-VCT
CDN-RequestId
X-Tx-Id
X-Is-Mobile
X-Is-Supported-Browser
X-Is-Tablet
X-Is-Desktop
X-Browser-Name
X-Geo-Region
X-Tcp-Rtt
X-Cache-Rule
X-NODE
Locale
X-No-Session
Cache
X-Urbn-Site-Id
X-Mly-Id
X-Urbn-Context-Path
X-Varnish-Beresp-Ttl
X-Signature
X-Pad
X-B-Cache
X-ElasticPress-Query
X-Via-JSL
X-INCAP-ABP
X-Via-SSL
X-Via-Edge
X-Via-CDN
Edge-Copy-Time
X-Litespeed-Tag
X-CDN-Forward
X-Proxy-Cache-Status
X-Cache-Operation
Mail-Subject
Origin
Producers
Ngx.Var.Host
MD5-Digest
Meta-Geo-Continent
Fastly-GeoIP-CountryCode
DCR-Processing-Time-Ms
Candidate-Md5Url
DCR-Decision-By
Cluster
Redirect-Candidate
BehaviorPad-Version
Expect-Staple
Host-ID
Fl-Custom-Application
Content-Secure-Policy
Fastly-Backend-Name
Lang
X-Aed
X-Ig-Origin-Region
X-Geolocation
X-Ig-Push-State
X-Jobs
X-Mvc-Supplant-Cachable
X-GeoCountry
X-GeoCode
X-Ec-GeoHdr
X-Vtex-Remote-Cache
X-FC-Vary-Parameters
X-Gdpr
X-Nyt-Route
X-Org
X-Rojux
X-ScT
X-Vdms-Version
X-TIM-N
X-Proxied-Request
X-Proto
X-Origin-Time
X-Path
X-PAYTM-SRV-ID
X-Platform-Server
X-Ec-Fail
X-DPWN-IS-SECURE
X-A-Wwc
X-A-Dgt
X-Aicache-OS
X-App-Name
X-Backend-Instance
X-A-Dcw
X-A-Dam
Sslversion
We-Hiring
X-A
X-A-Ccd
X-Bc-Bl
X-BCube-Filmed-By
X-D
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-Developer
X-Conf
Xc-Version
X-Bl-Debug
X-Bug-Bounty
X-Cache-Info
X-Cache-NE
Rendered-Blocks
Odigeo-Trace-Id
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-Storefront-Renderer-Rendered
X-Alternate-Cache-Key
X-Oracle-Dms-Ecid
X-ShopId
X-ShardId
X-Shopify-Stage
X-DefHash
Mime-Version
X-DefElseHash
X-Depends
X-Dispatcher-Server
X-Edge-Server
X-Wikidot-Backend
X-Date
NM-Fastcgi-Cache
X-Contensis-Viewer-Groups
PFcat
X-External-Request-Id
Origin-Agent-Cluster
X-Core-Value
Debug
X-Csrf-Jwt
L5d-Success-Class
X-We-Are-Hiring
Gannett-Cam-Experience-Id
X-VTEX-Cache-Server
X-Fastly-Backend
X-Fmm-Version
X-Gamma-Serve
X-GeoIP-City
X-Generated-On
Gh-Request-Id
Ha-Gx-Prefs
X-Epic-Correlation-Id
X-VTEX-Cache-Time
X-B-Cookie
Platform
X-Esi-Check
HA-Ipaddr
X-Eu-Site
X-GeoIP
Req-Svc-Chain
X-Amz-Storage-Class
W
X-Amz-Meta-Cb-Modifiedtime
X-Cache-Grace
V-Age
X-B3-Trace-ID
X-Auto-Login
User-Agent
Wxu-Next-Commit
Wxu-Next-Hostname
X-Accel-Expires-Debug
X-Access
X-Application
X-AB-Test
Web-Mar-Region
Wxu-Next-Region
X-AK-Request-ID
X-BBC-Edge-Cache-Status
X-VarnishDD-TTL
RNT-Machine
RNT-Time
Server-Host
X-GoCache-CacheStatus
X-CGP
X-Clientip
Product
X-CacheTTL
X-Cached-By
Thinkindot-CacheControl-Type
X-Cache-Date
X-Cache-Aspx
Thinkindot-CacheControl
TDXMobile
X-Cache-Id
X-Destination
X-Wikidot-Static-Cache
X-VServer
X-Origin-Expires
Apple-News-Services-Handled
X-Varnish-Authentication
X-Gzip
X-Platform
X-Var-Ttl
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Azure-SiteName
Azure-SlotName
X-Slack-Backend
Azure-RegionName
Apple-News-Services-Request-Url
Azure-InstanceId
X-Via-Fastly
X-VG-WebCache
X-Shield-Cache-Expires
X-Varnishpool
X-Request-Time
X-HS-Content-Campaign-Id
X-SB
X-Section
X-Req
X-S-Cookie
X-V-Cache
X-Policy
X-Powered-By-VTEX-Cache
X-SD-PageType
X-Thinkindot-L3
X-Scheme
Azure-Version
X-GeoIP-Region-Code
X-GeoIP-Country-Code
Cdnsip
Cdncip
X-Level-Front-Cache
X-Varnish-Remaining-TTL
X-Irp-Debug
X-Slack-Shared-Secret-Outcome
Content-Style-Type
X-Hash
X-HN
Content-Script-Type
X-Viewer-Country
X-Vmg-Version
X-Loc
X-Locale
X-Node-Id
X-NMSegId
Canary
Cache-Provider
X-Op-Id-All
X-Varnish-CookieINHashed-On
X-Mvc-Supplant-OutputCached
X-Micro-Cache
Cdn-Host
X-Varnish-CookieHashed-On
Cdn-Request-Time
X-Varnish-Director
X-Location
X-NGINX-Cache
Akamai-Mon-Iucid-Del
X-Upstream-Ct
X-Upstream-Ht
X-Origin-Response-Time
X-Cdn-Srv
User-Cache-Control
Yak-Timeinfo
X-Content-Length
X-Varnish-Beresp-Status
X-IsAdmin
X-Internal-TTL
X-Men
X-NodeID
X-ORCA-Accelerator
X-Pool
X-UA-Device-Type
X-Sn-Servicetimems
X-Cache-FS-Status
X-Request-Start
X-Server-IP
X-VG-TLSProxy
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Akamai-Device-Characteristics
Fastly-SSL
Pramga
X-Thanos
X-Pubstack
X-Bip
X-Acquia-Purge-Cdn-Unconfigured
CDN-RequestPullSuccess
ServerName
CDN-Uid
Click-Count-Action-Start
CDN-RequestPullCode
CDN-RequestCountryCode
CDN-PullZone
X-Content-Age
NGX
Req-ID
Release
Origin-CC
X-Gen-Mode
L
X-GEO
Origin-EX
X-Ec-Custom-Error
Click-Count-Error
Country-Code
DSUID
CDN-EdgeStorageId
X-CUA
X-Hnp-Log
Tube-Return
CDN-CachedAt
X-Request-Host
X-Block-Status
X-Site-Version
Tube-Got-Results
X-Human
CDN-Cache
CDCHOST
Tube-Get-Contents
Tube-Got-Eval
Ohc-Cache-HIT
Sid
X-Tb-Optimization-Total-Bytes-Saved
IsBot
X-Service
Esi-Enabled
X-VC-TTL
X-SIPLIST1
Ssr
XM
X-User
X-UA
X-Varnish-Hits
X-Cs
X-Api-Version
X-LB-NoCache
X-RID
X-HOST
X-Zen-Fury
X-Tt-Logid
Fastly-Drupal-HTML
AMP-Access-Control-Allow-Source-Origin
X-Refresh
X-AIR-PT
X-CACHE-GROUP
Cdn-Requestid
X-ZONE
Cache-Key
GeoIP-Latitude
X-Cdn-Forward
X-Cache-Bucket
A
XkeyRZ
X-Proxy-CacheRZ
X-B3-Spanid
X-DC
X-HITS
X-Servedbyhost
X-RequestId
X-CLOUD-TRACE-CONTEXT
X-TH-Server
X-Vgn-Hpd-Reason
CloudFront-Viewer-Country
X-Newrelic-Synthetics
X-Via-Popv
X-HA-Backend
C-Via
X-Via-Poph
TP-L2-Cache
X-HubSpot-Correlation-Id
X-Wa
X-Via-Popn
X-Nc
X-Dc
X-APP
Server-ID
X-Nananana
X-LB-ID
X-Moov-Xdn-Version
X-Moov-Xdn-Caching-Status
X-Moov-T
X-B3-Parentspanid
X-Old-Content-Length
X-Optimistic-Header
Proxy-Firewall
X-Endurance-Cache-Level
HostName
X-DynaTrace-JS-Agent
X-Ua
X-Webkit-Csp-Report-Only
Fastly-Drupal-Html
X-Parent-Response-Time
Cdn
X-Presslabs-Stats
X-Srv
X-Zone
X-URL
X-COUNTRY
WP-Super-Cache
X-Action
X-LiteSpeed-Tag
True-Client-Country-4JS
N1-Cache
X-Webkit-Csp
X-LiteSpeed-Cache-Control
X-CS
X-Litespeed-Cache-Control
Server-Hostname
X-Air-Pt
X-Vercel-Id
Server-Ext
X-Cache-VC
Sever-Int
X-Thinkindot-L1
Location
X-Vercel-Cache
X-Test
X-CACHE-AGE
GeoIp-Country-Code
Is-Eu
X-Fpc
Adler-Geo
SID
X-API-Version
Cache-Hits
X-Datadome
X-AWS-Id
TWC-GeoIP-City
WZWS-RAY
TWC-GeoIP-DMA
X-Nginx-Cache-Key
X-Dispatcher-Number
X-LJ-Flow-ID
X-NewRelic-App-Data
X-DataCenter
TWC-GeoIP-Region
X-VWS-Id
X-ApacheServer
X-Provided-By
X-RateLimit-Limit
True-Client-IP
X-PERF
Uri
True-Client-Ip
GeoIP-Country-Code
X-Custom-Header
Resin-Trace
SEZNAM-JOBS-OFFER
T-Server
X-Render-Time
X-WA-Info
X-Geo-Header
X-Datacenter
X-Pass-Why
X-ND-Cache
X-Uri
X-Nitro-Cache
X-Varnish-Beresp-TTL
S-Rt
X-SERVER-NAME
X-Ssense-Gql
X-Ssense-Shipping-Surcharge-Enabled
X-Cache-Server
Tcn
X-Stale
Vc-Max-Age
X-CMSURLCustom
Serverhost
X-FPC
X-Ion-Healthy
RewriteTeamHook
X-Ion-Hop
X-Jungle-Id
Cache-Contol
RewriteTestHook
X-Service-Response-Time
Cache-Tv-Group
Sm-Log-Id
X-Client-Ip
X-TX-ID
Log-Origin
Cmstype
Cmsid
Pics-Label
My-App
Srv
X-APP-VERSION
X-Srcache-Store-Status
X-Srcache-Fetch-Status
X-Correlation-ID
X-Dynatrace-Js-Agent
X-Oracle-Dms-Rid
X-From
Powered-By
X-Up
Lb
X-XRDS-LOCATION
Server-Id
Av-Poweredby
X-Debug-Service
Hostname
X-Fastly-Cache-Status
X-Udemy-Cache-App-Namespace
X-Air-Hostname
CacheControlHeader
X-Cdn-Cache-Status
Vix-Hermes-Req-Id
X-Air-Source
X-Air-Trace-Id
Cf-Ipcountry
X-Fastly-Cache
X-Ckpd-Fst-Backend
X-Cache-TTL-Remaining
X-Akamai-Pragma-Client-IP
X-App
X-Vc
X-LAGOON
On-Server
Thinkindot-Control
X-Lb-Id
X-WA
X-NC
X-Cache-Ttl
X-Github-Request-Id
X-Html-Minification-Powered-By
X-Fastly-Backend-Reqs
X-Oracle-DMS-ECID
NtCoent-Length
X-Via-PopN
ServerHost
X-Ha-Backend
X-Via-PopH
X-Via-PopV
X-Esi
X-PHP-Backend
X-ServedByHost
X-VCL-Version
X-Cms-Device
Xkey-La3
X-Ee-Origin
AKAMAI
X-Ee-Request-Id
X-Vary-Devices
Store-Cloud-Cache
Time-Cloud-Cache
Cloudfront-Viewer-Country
X-Amz-Meta-Opti
X-Ee-Generated-By
X-Proxy-Cache-La3
X-Ee-Request-Date
Xkeylog
X-Save-Cache
Origin-Site
Geoip-Latitude
X-SRCache-Key
X-Varnish-Hostname
X-VTEX-Cache-Backend-Connect-Time
X-MSEdge-Flight
X-IAuth-Set-Uid
X-MSEdge-Features
WWW-Authenticate
Epwk-X-Cache
WebServer
X-Traceid
X-Requestid
X-VTEX-Cache-Backend-Header-Time
CountryCode
X-Check-Cacheable
X-Limited
Edge-Cache
X-Lb-Nocache
Cl-Cache
Warning
X-Sucuri-Id
X-HS-Status
Magicmarker
X-Serial
X-Info
Pragrma
X-Wp-Cf-Super-Cache
X-Acquia-Application-Trace
X-Akamai-Transformed
X-Pod
X-Acquia-Application-UUID
X-Acquia-Purge-Tags
X-Dw-Trace-Id
X-Acquia-Site
Reporter
Ms-Author-Via
X-Wp-Cf-Super-Cache-Cache-Control
FSS-Cache
Thinkindot-Cache-Type
X-Td-Header-From-No-Data
YJS-ID
Yjs-Id
X-Lsadc-Cache
X-Web-Server
X-Mg-Cache
Cneonction
X-CDN-Cache-Status
CF-Cached-On
X-Ramcache
X-Geo
X-Platform-Cluster
X-Platform-Router
X-Platform-Processor
X-Ms-Blob-Type
X-Ms-Lease-Status
X-Orig-Cache-Control
X-Elasticpress-Query
X-Akamai-ERRuleID
X-Akamai-ERPolicy
X-Tncms-Bot-Tier
Timeexpire
X-BBC-Origin-Response-Status