Threat Level: green Handler on Duty: Jim Clausing

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
X-Frame-Options
Expires
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
Accept-Ranges
Expect-CT
CF-RAY
Pragma
X-Powered-By
X-Cache
Via
X-XSS-Protection
Age
Content-Security-Policy
Report-To
Alt-Svc
NEL
Referrer-Policy
Access-Control-Allow-Origin
X-Xss-Protection
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
X-Served-By
P3P
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
CF-Ray
Content-Security-Policy-Report-Only
X-Runtime
X-DNS-Prefetch-Control
X-AspNet-Version
P3p
X-Drupal-Cache
X-Generator
Server-Timing
X-Cache-Status
X-Cacheable
X-Envoy-Upstream-Service-Time
X-Request-ID
X-FRAME-OPTIONS
Timing-Allow-Origin
X-Iinfo
X-Drupal-Dynamic-Cache
X-Check
Permissions-Policy
X-Content-Security-Policy
Access-Control-Expose-Headers
Feature-Policy
Upgrade
Content-Encoding
Status
X-Ua-Compatible
X-CDN
X-AspNetMvc-Version
Access-Control-Max-Age
Host-Header
Cf-Edge-Cache
X-Robots-Tag
Request-Context
X-Amz-Request-Id
X-Amz-Id-2
Accept-CH
X-Backend
X-Hacker
X-Turbo-Charged-By
X-Cache-Group
Cf-Apo-Via
X-Proxy-Cache
Keep-Alive
X-Via
X-Rq
X-Age
EagleId
X-Server
X-Dispatcher
X-UA-Device
X-Vhost
X-Amz-Version-Id
X-AH-Environment
Accept-CH-Lifetime
X-Ws-Request-Id
X-Dns-Prefetch-Control
X-Varnish-Cache
Grace
X-Server-Powered-By
X-Litespeed-Cache
X-WebKit-CSP
Allow
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Pingback
X-Swift-CacheTime
X-Swift-SaveTime
X-Cache-Lookup
X-OneAgent-JS-Injection
Ali-Swift-Global-Savetime
X-Page-Speed
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Device
X-Backend-Server
EagleEye-TraceId
X-Akam-SW-Version
X-Cloud-Trace-Context
X-Host
X-Response-Time
Surrogate-Control
Cf-Railgun
X-Readtime
X-Node
X-Server-Id
X-HW
X-LiteSpeed-Cache
Xkey
X-Ruxit-JS-Agent
Request-Id
X-Country
X-Url
X-Nginx-Cache-Status
X-NWS-LOG-UUID
X-Application-Context
X-Content-Type
Cache-Tag
X-Nginx-Upstream-Cache-Status
Content-Location
X-Clacks-Overhead
Service-Worker-Allowed
X-Trace
X-Amz-Server-Side-Encryption
Fastly-Restarts
Cross-Origin-Opener-Policy
X-Times
X-TtlSet
X-Rack-Cache
X-Vname
X-PC
X-Mcache
X-Edge
X-Midtier
X-Country-Code
Rating
Surrogate-Key
X-Server-Name
X-Browser-Type
X-Sol
X-Middleton-Display
Pagespeed
Display
X-Cache-TTL
X-Cnection
X-Element-Page-Cache
X-Abt-Application-Version
X-Kinja-Build
X-Cdn-Fetch
X-Kinja
X-Exp-Variant
X-Exp-Id
X-Kinja-Server
X-Kinja-Revision
X-GoogleNews-Bot
X-ESI
X-Oneagent-Js-Injection
X-Ser
Nginx-Cache
X-GitHub-Request-Id
Edge-Control
X-Powered-By-Plesk
X-D2id
Verso
X-Ac
X-Vcap-Request-Id
X-Dw-Request-Base-Id
X-ARC
X-Client-IP
X-MS-InvokeApp
X-ECACHE
X-Aspnet-Version
X-ORACLE-DMS-RID
X-Daa-Tunnel
X-B3-TraceId
X-CST
X-Navigation-Version
X-Amz-Rid
X-Goog-Hash
Response
X-Upstream
X-Middleton-Response
X-Powered-CMS
X-Instrumentation
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-PDP-UNCACHING-HASH
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
X-Kinsta-Cache
X-Edge-Location-Klb
Accept-Ch-Lifetime
X-Ua-Device
AR-PoweredBy
AR-ATIME
AR-Request-ID
AR-SID
X-Amzn-Trace-Id
X-Cache-Key
X-Forwarded-For
X-Ratelimit-Limit
X-Ttl
X-NF-Request-ID
X-Wormhole-Sdk
RTSS
X-Mod-Pagespeed
X-Server-ID
SPRequestDuration
SPIisLatency
Edge-Cache-Tag
Cache-Status
X-Ratelimit-Remaining
X-Version
X-ORACLE-DMS-ECID
Public-Key-Pins
AR-CACHE
X-Ruxit-Js-Agent
X-FastCGI-Cache
X-Mg-S
X-Ezoic-Cdn
Cross-Origin-Resource-Policy
S
Realpath
X-SharePointHealthScore
X-Content-Digest
SPRequestGuid
X-MSEdge-Ref
X-Shield-Request-Id
Fastcgi-Cache
X-T
X-Cached
X-Recruiting
X-Accel-Expires
Access-Control-Request-Method
X-Distributor
X-Varnish-TTL
X-Fastly-Request-ID
X-Newrelic-App-Data
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
Front-End-Https
TP-Cache
X-Correlation-Id
Arr-Disable-Session-Affinity
Count-Hit
X-Debug
X-Request-Received
X-Request-Processing-Time
X-HS-Hub-Id
MicrosoftSharePointTeamServices
X-HS-Cache-Config
X-HS-Content-Id
X-Id
X-Content-Security-Policy-Report-Only
Server-Node
X-Ua-Browser
X-LLID
X-Azure-Ref
X-VARITI-CCR
X-HS-Combine-CSS
X-Frontend
X-PressLabs-Stats
Cache-Tags
X-Cluster-Name
X-Ismobilevalue
X-Hits
Accept-Ch
Payment
X-Amz-Replication-Status
X-LB-Cache
X-GUploader-UploadID
X-Varnish-Backend
X-Forwarded-Proto
X-Goog-Metageneration
X-TTL
X-Request-Handler-Origin-Region
X-Microsite
X-Protected-By
Filterid
Host
X-FB-Debug
X-Git-Hash
Cleartype
X-Unique-Id
X-Logged-In
X-Varnish-Server
X-Www-Served-By
X-AppVersion
X-Az
Content-Disposition
X-Activity-Id
X-Ratelimit-Reset
X-App-Server
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Hostname
X-NGENIX-Cache
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Fastcgi-Cache
X-Jurisdiction
Origin-Trial
X-HP-Webp
X-HP-Trace-Id
X-Page-Id
X-Varnish-Ttl
X-DIS-Request-ID
X-B3-TraceId-Primal
X-Pinterest-Rid
MRF-Tech
Mrf-Cache-Status
Pinterest-Version
Pinterest-Generated-By
X-Geo-Country
Access-Control-Allow-Method
X-Origin-Server
X-Nf-Request-Id
Retry-After
X-Load-Cache
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
X-ASPNET-VERSION
X-Cambria-Cache-Control
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Upgrade-Enabled
Akamai-GRN
MS-Author-Via
X-Template
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
Accept-Charset
X-Ah-Environment
Fastly-SIE
Section-Io-Cache
X-Type
Fastly-SWR
Viewport
X-Fb-Rlafr
X-TT
X-Cache-Control
X-B3-Sampled
X-Content-Options
X-RateLimit-Remaining
X-B
X-Grace
Version
Content-MD5
Frame-Options
X-Xrds-Location
X-Request-Guid
X-Revision
X-Trace-Id
X-SRCache-Fetch-Status
X-SRCache-Store-Status
Amp-Access-Control-Allow-Source-Origin
X-Vcl-Version
X-Amz-Meta-S3cmd-Attrs
Healthy
X-Cdn
X-Envoy-Decorator-Operation
X-Origin-Cache
X-Magnolia-Registration
X-Device-Type
X-Contextid
X-Source
X-CSRF-Token
TCN
X-Webkit-CSP
X-Rid
X-Aspnetmvc-Version
X-Cache-Age
X-WP-CF-Super-Cache-Active
Server-Name
X-Backend-Name
X-Px
X-Mobile
DC
X-Proxy
X-Language
X-ProcessESI
X-App-Environment
X-RemovedCookies
X-RM-Cache-TTL
X-Tumblr-Pixel
X-Tumblr-Pixel-1
X-Varnish-Grace
X-Buckets
X-Tumblr-User
X-Seen-By
X-Tumblr-Pixel-0
Access-Control-Request-Headers
X-Framework
X-Akamai-Edgescape
X-Storage
X-Status
X-Environment-Context
X-Mg-Request-UUID
X-Debug-Info
X-Rule
X-L-Path
X-FW-Static
X-FW-Type
X-FW-Version
X-Debug-IsPreview
X-Instance
X-UUID
X-HTML-Minification-Powered-By
NGB
X-Adobe-Loc
X-Adobe-Content
X-Cacheable-TTL
X-Content-Powered-By
X-Debug-IsConnected
X-FW-Dynamic
X-FW-Hash
Cross-Origin-Window-Policy
X-Node-Name
SD-X-WS
X-FW-Serve
X-FW-Server
X-G
X-ServerID
X-Proxy-Cache-Info
X-Region
X-NYM-Debug-Backend
GEO-INFO
MS-CV
Ms-Operation-Id
X-Tec-Api-Root
X-EdgeConnect-Cache-Status
X-Tec-Api-Version
X-Tec-Api-Origin
X-Rendered-As
X-Is-Bot
X-Datadog-Sampled
X-Datadog-Sampling-Priority
X-Datadog-Trace-Id
X-Datadog-Parent-Id
X-RTag
X-Yottaa-Metrics
X-Yottaa-Optimizations
Paypal-Debug-Id
X-ECache
X-User-Agent
X-Cache-Time
Upgrade-Insecure-Requests
Webserver
Trailer
Countrycode
Front
Charset
Protected
X-Fastly-Request-Id
X-Whom
X-WebKit-CSP-Report-Only
OT-Force-Account-Verify
X-Edge-Location
X-Lambda-Id
X-TT-LOGID
X-VC
X-N
Refresh
Section-Io-Id
X-IPS-LoggedIn
X-HS-Prerendered
X-VHOST
X-AB
X-Akamai-Request-ID2
X-Cache-Status-Check
Country
Priority
X-Reqid
X-Time
X-B3-Traceid
Alternate-Protocol
X-Amzn-Remapped-Content-Length
Backend
X-B3-SpanId
X-CCDN-Origin-Time
Xet-Cookie
X-WP-CF-Super-Cache-Cookies-Bypass
X-Hl-Ver
X-CCDN-CacheTTL
X-Hcs-Proxy-Type
Liferay-Portal
X-CLOUD-TRACE-CONTEXT
X-Server-W
X-Response-Served-From
X-Original-Request-Id
Accept-Language
SRV
Onion-Location
X-Mode
X-Via-JSL
X-Real-IP
ServerID
X-Origin-Date
X-Tumblr-Pixel-2
X-Accel-Version
X-Cache-Host
X-JoinUs
X-Auth-Group-Type
X-Wix-Request-Id
X-Web-Node
Environment
X-VC-Cache
X-UPSTREAM-Address
X-Fetched-On
X-FB-TRIP-ID
X-Frame-Option
Filters
From-Origin
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Tb
Meta-Geo
X-Rewrite-Enabled
X-Scope-Id
X-Skip-Cache
X-SaId
X-Rn-Rsrv
Cross-Origin-Embedder-Policy-Report-Only
Fastcgi-Useragent
X-ProxyCache-Status
X-Origin-Hint
X-ProxyCache-Key
X-R9-Blue-Green-Version
X-Logging-Id
X-IPLB-Request-ID
X-Hosted-By
X-IPLB-Instance
X-Redis-Cache
X-Request-URI
X-Varnish-Age
X-Varnish-Cache-Hits
X-Webstats-RespID
X-SayCDN-TTL
X-Say-TTL
X-Restarts
X-Say-Cacheable
X-Format
X-Director
TWC-GeoIP-LatLong
TWC-Locale-Group
TWC-Privacy
TWC-GeoIP-Country
TWC-Connection-Speed
Expiry
Property-Id
Uber-Trace-Id
Webcakes-App-Name
X-Cache-Expired-At
X-Cluster-Node
X-Connection-Hash
X-Cache-Action
X-BYPASS-REASON
Webcakes-App-Version
Webcakes-Region
Atl-Traceid
TWC-Device-Class
Mn-Server-Ip
X-PHP-Host
X-Loop
X-Served-From
Apigw-Requestid
X-Varnish-Beresp-Grace
X-Tncms
Web-Mar-Node
X-Labrador-Cache-Channel
X-Forwarded-Host
X-Cms-Context
X-Generated-By
X-Handled-By
X-Httpd
X-Adobe-Source
X-Vcache
X-Soup
DB-Nickname
X-Timing-Wait
X-Proxy-Build
Selected-Fe
X-S
Url
X-Servername
X-Extlb
X-Origin-TTL
X-TraceId
X-Origin
X-FTR-Request-ID
X-Detected-As
X-Proxied
X-Routing-Service
X-Zipkin-Id
ServedBy
X-Cluster
X-Cloudmap
X-Origin-CC
Referer-Policy
N-Cache
X-LSADC-Cache
Xserver
X-Nginx-Cache
X-SRV
X-Rocket-Nginx-Serving-Static
X-DataDome
X-XRDS-Location
X-Lagoon
X-Hit
X-Webkit-Csp
LB
Cross-Origin-Embedder-Policy
X-Ms-Version
X-Ms-Request-Id
X-DynaTrace
X-Xfnlog-Site
X-XRDS-LOCATION
X-NWS-UUID-VERIFY
X-Tumblr-Pixel-3
CF-IPCountry
X-RID
X-Upstream-Ht
X-Upstream-Ct
X-VCT
X-Cache-Debug
Source
X-Azure-Ref-OriginShield
X-RCS-CacheZone
WPO-Cache-Status
WPO-Cache-Message
X-Proxy-Cache-Status
Surrogated-Key
X-RateLimit-Remaining-Second
X-Worker
X-RateLimit-Limit-Second
CDN-RequestId
X-UA
X-Is-Desktop
X-Is-Mobile
X-Is-Tablet
X-Geo-Region
X-Is-Supported-Browser
X-Tcp-Rtt
X-Browser-Name
X-Urbn-Context-Path
X-Signature
X-No-Session
Locale
X-B-Cache
X-Urbn-Site-Id
X-F-Cache
X-Sucuri-Cache
X-Generation-Time
Node
X-App-Version
X-Cdn-Origin
AMP-Access-Control-Allow-Source-Origin
X-RateLimit-Limit
X-Sucuri-ID
X-NODE
X-Drupal-Cache-Contexts
X-Drupal-Cache-Tags
X-Sorting-Hat-PodId
X-Shopify-Stage
X-Sorting-Hat-ShopId
X-ShopId
X-ShardId
X-Storefront-Renderer-Rendered
X-NGINX-Cache
X-Alternate-Cache-Key
X-Cdn-Forward
X-Locale
X-MP-GENERATED-AT
Ohc-File-Size
Cross-Origin-Opener-Policy-Report-Only
X-Tx-Id
X-Cache-Operation
X-Cache-Rule
X-Site-Version
X-A-Ccd
X-A
X-GeoIP
X-GeoIP-City
X-GeoCode
Rendered-Blocks
X-Origin-Time
Candidate-Md5Url
Redirect-Candidate
X-Origin-Response-Time
X-Service
X-Path
X-Proxy-CacheRZ
Host-ID
X-GeoCountry
X-Origin-Expires
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
X-Varnish-Remaining-TTL
X-FC-Vary-Parameters
X-Org
X-Vdms-Version
X-ScT
TDXMobile
X-Varnish-CookieINHashed-On
X-Proto
A
Sslversion
X-Varnish-Authentication
X-Varnish-CookieHashed-On
X-DPWN-IS-SECURE
X-Debug-Cache-Store
X-Scheme
X-Rojux
X-Mvc-Supplant-OutputCached
X-ElasticPress-Query
Azure-Version
BehaviorPad-Version
X-Gdpr
Azure-SlotName
Azure-SiteName
X-Nyt-Route
X-TIM-N
X-Ec-Fail
X-Ec-GeoHdr
Azure-RegionName
Azure-InstanceId
We-Hiring
X-Vmg-Version
DCR-Decision-By
X-Cache-Aspx
DCR-Processing-Time-Ms
X-D
Meta-Geo-Continent
X-DefElseHash
X-Bug-Bounty
Ngx.Var.Host
Odigeo-Trace-Id
X-Backend-Instance
X-Bc-Bl
X-BCube-Filmed-By
X-INCAP-ABP
Content-Secure-Policy
X-Cache-Info
X-Ig-Push-State
Fastly-Backend-Name
Expect-Staple
Fastly-GeoIP-CountryCode
X-Conf
Lang
X-Contensis-Viewer-Groups
Mail-Subject
X-Platform-Server
X-Ig-Origin-Region
X-Cache-NE
X-Request-Time
X-Epic-Correlation-Id
MD5-Digest
Cluster
X-Internal-TTL
Cdncip
Gannett-Cam-Experience-Id
X-Aed
X-Aicache-OS
Cdnsip
X-AK-Request-ID
X-Shield-Cache-Expires
Producers
X-A-Dcw
X-A-Dam
X-Mvc-Supplant-Cachable
X-A-Dgt
X-Mly-Id
X-A-Wwc
X-Vtex-Remote-Cache
X-We-Are-Hiring
Origin-Agent-Cluster
X-Proxied-Request
XkeyRZ
X-DefHash
X-Jobs
X-PAYTM-SRV-ID
Xc-Version
X-App-Name
X-Developer
X-Thinkindot-L3
X-Loc
X-Amz-Storage-Class
X-Depends
X-Debug-Cache-Fetch
X-Varnish-Beresp-Ttl
X-Optimistic-Header
Mime-Version
X-Cache-Grace
X-Bl-Debug
NGX
NM-Fastcgi-Cache
X-Cache-Bucket
X-BBC-Edge-Cache-Status
X-Amz-Meta-Cb-Modifiedtime
X-Akamai-Device-Characteristics
Origin-CC
X-Auto-Login
X-B3-Trace-ID
X-Sn-Servicetimems
X-Cache-Id
X-CacheTTL
L5d-Success-Class
X-Core-Value
X-Csrf-Jwt
L
X-Date
X-Edge-Server
X-Content-Age
X-Clientip
X-SVT-ORM-RULES
X-Acquia-Purge-Cdn-Unconfigured
X-SVT-ORM-VERSION
X-CGP
X-Req
X-Cached-By
Origin-EX
User-Agent
X-SB
V-Age
W
RNT-Time
Web-Mar-Region
Tube-Return
Tube-Got-Results
Tube-Get-Contents
X-Ec-Custom-Error
X-Section
Tube-Got-Eval
Server-Host
RNT-Machine
Req-Svc-Chain
Platform
X-Access
X-Slack-Backend
PFcat
X-Slack-Shared-Secret-Outcome
X-Accel-Expires-Debug
Product
Wxu-Next-Hostname
Wxu-Next-Commit
Release
Wxu-Next-Region
X-Dispatcher-Server
X-SD-PageType
Cache
X-Via-Fastly
X-Node-Id
X-Pool
X-Policy
HA-Ipaddr
X-Pad
X-NMSegId
X-Generated-On
X-Powered-By-VTEX-Cache
X-VG-WebCache
X-Var-Ttl
X-V-Cache
X-UA-Device-Type
X-Varnish-Director
X-VarnishDD-TTL
X-Op-Id-All
X-Fmm-Version
X-Varnishpool
X-GeoIP-Country-Code
X-GeoIP-Region-Code
X-Hash
Yak-Timeinfo
X-Level-Front-Cache
Origin
X-Platform
X-Human
X-HS-Content-Campaign-Id
X-HN
X-Gzip
X-Wikidot-Static-Cache
X-GoCache-CacheStatus
X-Micro-Cache
X-Viewer-Country
X-VTEX-Cache-Server
X-VTEX-Cache-Time
X-Location
X-Wikidot-Backend
Apple-News-Services-Handled
X-Gamma-Serve
Content-Style-Type
Debug
X-Fastly-Backend
Click-Count-Error
Cdn-Request-Time
Click-Count-Action-Start
DSUID
X-Tb-Optimization-Total-Bytes-Saved
Gh-Request-Id
Ha-Gx-Prefs
X-Esi-Check
Esi-Enabled
X-Eu-Site
Cdn-Host
Content-Script-Type
Canary
Cache-Provider
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Apple-News-Services-Request-Url
Cache-Key
X-Newrelic-Synthetics
TP-L2-Cache
X-Cache-Hit
X-Cdn-Srv
Fastly-SSL
X-Bip
Ssr
Sid
CDCHOST
IsBot
X-Block-Status
X-Irp-Debug
X-Content-Length
X-CUA
ServerName
X-AB-Test
X-Pubstack
X-Request-Host
Country-Code
X-Hnp-Log
X-SIPLIST1
X-Request-Start
X-Cache-FS-Status
X-Varnish-Beresp-Status
Pramga
X-Gen-Mode
CDN-PullZone
X-VG-TLSProxy
CDN-EdgeStorageId
CDN-CachedAt
CDN-Cache
X-NodeID
User-Cache-Control
CDN-RequestPullCode
CDN-RequestCountryCode
Req-ID
X-Thanos
X-Men
CDN-Uid
X-Server-IP
CDN-RequestPullSuccess
Akamai-Mon-Iucid-Del
XM
Fl-Custom-Application
X-Dc
X-ORCA-Accelerator
X-HOST
X-Api-Version
X-CACHE-GROUP
X-Varnish-Hits
X-Cs
X-LiteSpeed-Tag
True-Client-Country-4JS
X-LB-NoCache
X-LJ-Flow-ID
X-VWS-Id
X-AWS-Id
X-TA-CDN-Provider
X-VServer
X-HS-CF-Cache-Status
X-GEO
X-Air-Pt
X-Litespeed-Tag
X-Nananana
C-Via
Proxy-Firewall
Server-Ext
X-Refresh
X-HITS
X-Cache-Date
X-Test
Sever-Int
Server-Hostname
X-APP
X-Geolocation
X-Provided-By
X-LiteSpeed-Cache-Control
X-Via-SSL
X-Via-CDN
X-Application
X-B-Cookie
CloudFront-Viewer-Country
X-Via-Edge
Edge-Copy-Time
X-External-Request-Id
X-Servedbyhost
X-RequestId
X-IsAdmin
Adler-Geo
Is-Eu
X-S-Cookie
X-Destination
GeoIP-Latitude
Fastly-Drupal-Html
X-Nginx-Cache-Key
X-HA-Backend
X-Via-Poph
X-B3-Spanid
X-Zen-Fury
X-Dispatcher-Number
X-B3-Parentspanid
X-Zone
Fastly-Drupal-HTML
X-Via-Popn
X-Via-Popv
X-DC
Cdn-Requestid
S-Rt
X-Endurance-Cache-Level
X-LB-ID
X-ZONE
X-User
WZWS-RAY
X-DynaTrace-JS-Agent
Cache-Tv-Group
X-Geo-Header
HostName
T-Server
X-Webkit-Csp-Report-Only
X-Custom-Header
Server-ID
X-Wa
X-Nc
X-CDN-Forward
Cdn
X-Tt-Logid
X-Presslabs-Stats
X-Pass-Why
X-Oracle-Dms-Ecid
GeoIp-Country-Code
X-ND-Cache
X-URL
X-COUNTRY
X-AIR-PT
X-CS
Ohc-Cache-HIT
Vc-Max-Age
X-VC-TTL
X-CMSURLCustom
X-Cache-Server
X-HubSpot-Correlation-Id
X-Srv
X-CACHE-AGE
X-Parent-Response-Time
X-TH-Server
X-Vgn-Hpd-Reason
True-Client-IP
WP-Super-Cache
SID
X-Datadome
X-Moov-Xdn-Version
Resin-Trace
X-NewRelic-App-Data
X-Fpc
X-DataCenter
X-Moov-T
X-Moov-Xdn-Caching-Status
X-API-Version
Pics-Label
X-Old-Content-Length
Powered-By
Vix-Hermes-Req-Id
X-Varnish-Beresp-TTL
SEZNAM-JOBS-OFFER
X-Fastly-Cache
X-Ckpd-Fst-Backend
Uri
X-Srcache-Fetch-Status
X-TX-ID
X-Srcache-Store-Status
Srv
X-APP-VERSION
True-Client-Ip
X-FPC
Thinkindot-Control
On-Server
X-FTR-Expires
X-FTR-Balancer
X-SERVER-NAME
X-FTR-Backend-Server
X-FTR-Backend
X-Country-Code-Real
X-FTR-Cache-Status
ServerHost
Location
Serverhost
X-Vercel-Id
X-Action
X-Vercel-Cache
X-Cache-VC
X-Thinkindot-L1
X-Client-Ip
X-PHP-Backend
X-Amz-Meta-Opti
X-Cache-TTL-Remaining
AKAMAI
GeoIP-Country-Code
X-Air-Hostname
X-Dynatrace-Js-Agent
X-Air-Source
X-Air-Trace-Id
X-Oracle-Dms-Rid
Server-Id
Tcn
N1-Cache
X-Litespeed-Cache-Control
X-Stale
X-Resp-Is-Stale
X-Cdn-Cache-Status
X-Datacenter
X-WA
Av-Poweredby
X-Debug-Service
X-NC
Magicmarker
Cl-Cache
X-Info
Hostname
X-Fastly-Cache-Status
X-ApacheServer
X-PERF
X-Ssense-Gql
X-Ssense-Shipping-Surcharge-Enabled
X-Vc
Sm-Log-Id
X-Service-Response-Time
X-V
X-Render-Time
X-Ee-Origin
X-Ee-Generated-By
X-CDN-Cache-Status
X-Lb-Id
X-Ee-Request-Date
X-Ee-Request-Id
X-Nitro-Cache
X-Vary-Devices
X-IAuth-Set-Uid
X-Save-Cache
Time-Cloud-Cache
X-Udemy-Cache-App-Namespace
X-WA-Info
X-Cms-Device
X-VTEX-Cache-Backend-Header-Time
X-Proxy-Cache-La3
X-Fastly-Backend-Reqs
Xkey-La3
X-Geo
Xkeylog
Store-Cloud-Cache
X-VTEX-Cache-Backend-Connect-Time
X-Cache-Ttl
CDN
X-Via-PopN
X-Via-PopV
X-Oracle-DMS-ECID
X-Ua
X-New
X-Via-PopH
X-Github-Request-Id
X-Eligible
Cache-Hits
TWC-GeoIP-Region
Cloudfront-Viewer-Country
X-Rollout
X-ServedByHost
Geoip-Latitude
X-Uri
TWC-GeoIP-City
TWC-GeoIP-DMA
X-Ha-Backend
X-Esi
RewriteTeamHook
X-Akamai-Pragma-Client-IP
X-Ion-Healthy
X-Forwarded-Site
RewriteTestHook
Machine
X-VCL-Version
Cache-Contol
X-Limited
X-App
X-Region-Sid
X-Ion-Hop
Log-Origin
X-Jungle-Id
Cf-Ipcountry
My-App
WWW-Authenticate
X-Lb-Nocache
X-Traceid
Lb
Cneonction
Server-Info
X-Requestid
Cmsid
Cmstype
WebServer
CountryCode
X-Correlation-ID
X-Container-Uri
X-Up
X-Dw-Trace-Id
Edge-Cache
X-Git-Commit
X-EC-Lua
X-MSEdge-Flight
Pragrma
X-Ftr-Request-Id
X-From
X-LAGOON
X-MSEdge-Features
Reporter
X-HS-Status
CacheControlHeader
X-Acquia-Application-Trace
X-Acquia-Purge-Tags
X-Acquia-Site
FSS-Cache
X-Serial
X-Acquia-Application-UUID
X-Cdn-Request-ID
X-Varnish-Hostname
X-SRCache-Key
Permission-Policy
X-Akamai-Transformed
X-Check-Cacheable
X-Pod
Warning
X-Sucuri-Id
PICS-Label
X-BBC-Origin-Response-Status
X-Akamai-ERPolicy
X-Akamai-ERRuleID
X-Web-Server
X-Td-Header-From-No-Data
Thinkindot-Cache-Type
Timeexpire
X-Elasticpress-Query
X-Platform-Cluster
X-Platform-Processor
X-Platform-Router
X-Orig-Cache-Control
X-Ms-Blob-Type
X-Ms-Lease-Status
X-Ramcache
CF-Cached-On
X-Tncms-Bot-Tier
X-Fastly-Cache-Hits