Threat Level: green Handler on Duty: Jim Clausing

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
X-Frame-Options
Expires
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
Accept-Ranges
Expect-CT
CF-RAY
Pragma
X-Powered-By
X-Cache
X-XSS-Protection
Via
Age
Content-Security-Policy
Report-To
Alt-Svc
NEL
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Xss-Protection
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
X-Served-By
P3P
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
CF-Ray
Content-Security-Policy-Report-Only
X-Runtime
X-DNS-Prefetch-Control
X-AspNet-Version
P3p
X-Drupal-Cache
X-Generator
Server-Timing
X-Cache-Status
X-Cacheable
X-Envoy-Upstream-Service-Time
X-Request-ID
X-FRAME-OPTIONS
Timing-Allow-Origin
X-Iinfo
X-Drupal-Dynamic-Cache
X-Check
Permissions-Policy
X-Content-Security-Policy
Access-Control-Expose-Headers
Feature-Policy
Upgrade
Content-Encoding
Status
X-Ua-Compatible
X-CDN
X-AspNetMvc-Version
Access-Control-Max-Age
Host-Header
Cf-Edge-Cache
X-Robots-Tag
Request-Context
X-Amz-Request-Id
X-Amz-Id-2
Accept-CH
X-Backend
X-Hacker
X-Turbo-Charged-By
X-Cache-Group
Cf-Apo-Via
X-Proxy-Cache
Keep-Alive
X-Via
X-Rq
EagleId
X-Server
X-Age
X-Dispatcher
X-UA-Device
X-Vhost
X-Dns-Prefetch-Control
X-Amz-Version-Id
X-AH-Environment
Accept-CH-Lifetime
X-Ws-Request-Id
X-Varnish-Cache
Grace
X-Server-Powered-By
X-Litespeed-Cache
X-WebKit-CSP
Allow
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Swift-CacheTime
X-Swift-SaveTime
X-Pingback
X-Cache-Lookup
Ali-Swift-Global-Savetime
X-OneAgent-JS-Injection
X-Page-Speed
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Device
X-Backend-Server
EagleEye-TraceId
X-Akam-SW-Version
X-Cloud-Trace-Context
X-Host
X-Response-Time
Surrogate-Control
Cf-Railgun
X-Readtime
X-Node
X-HW
X-LiteSpeed-Cache
X-Server-Id
Xkey
Request-Id
X-Ruxit-JS-Agent
X-Country
X-Url
X-Nginx-Cache-Status
X-NWS-LOG-UUID
X-Application-Context
X-Content-Type
Cache-Tag
Content-Location
X-Nginx-Upstream-Cache-Status
X-Clacks-Overhead
Service-Worker-Allowed
X-Trace
X-Amz-Server-Side-Encryption
Fastly-Restarts
Cross-Origin-Opener-Policy
X-Times
X-Vname
X-TtlSet
X-PC
X-Rack-Cache
X-Edge
X-Mcache
X-Midtier
X-Oneagent-Js-Injection
X-Country-Code
Rating
Surrogate-Key
X-Server-Name
X-Browser-Type
Pagespeed
Display
X-Sol
X-Middleton-Display
X-Cache-TTL
X-Cnection
X-Element-Page-Cache
X-Abt-Application-Version
X-Cdn-Fetch
X-Kinja
X-Kinja-Build
X-Kinja-Revision
X-Kinja-Server
X-Exp-Id
X-GoogleNews-Bot
X-Exp-Variant
X-ESI
X-Ser
Nginx-Cache
X-GitHub-Request-Id
Edge-Control
X-Powered-By-Plesk
X-D2id
Verso
X-Ac
X-Vcap-Request-Id
X-Dw-Request-Base-Id
X-ARC
Accept-Ch-Lifetime
X-Client-IP
X-MS-InvokeApp
X-ECACHE
X-ORACLE-DMS-RID
X-Aspnet-Version
X-Daa-Tunnel
X-CST
X-Navigation-Version
X-Amz-Rid
X-Upstream
X-Goog-Hash
Response
X-Middleton-Response
X-Powered-CMS
X-Instrumentation
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
X-PDP-UNCACHING-HASH
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Kinsta-Cache
X-Edge-Location-Klb
X-Server-ID
X-B3-TraceId
X-Ua-Device
AR-PoweredBy
AR-ATIME
AR-Request-ID
AR-SID
X-Amzn-Trace-Id
X-Cache-Key
X-Ruxit-Js-Agent
X-Forwarded-For
X-Ratelimit-Limit
X-Ttl
X-NF-Request-ID
X-Wormhole-Sdk
RTSS
X-Mod-Pagespeed
X-Ratelimit-Remaining
SPIisLatency
SPRequestDuration
Edge-Cache-Tag
Cache-Status
X-Version
X-ORACLE-DMS-ECID
AR-CACHE
Public-Key-Pins
X-Mg-S
X-Ezoic-Cdn
Cross-Origin-Resource-Policy
S
Realpath
SPRequestGuid
X-SharePointHealthScore
X-FastCGI-Cache
X-Shield-Request-Id
X-Content-Digest
X-MSEdge-Ref
Fastcgi-Cache
X-T
X-Cached
X-Recruiting
X-Accel-Expires
Access-Control-Request-Method
X-Distributor
X-Fastly-Request-ID
X-Newrelic-App-Data
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
Front-End-Https
TP-Cache
X-Correlation-Id
X-Debug
Count-Hit
X-Request-Processing-Time
X-Request-Received
Arr-Disable-Session-Affinity
X-HS-Hub-Id
X-Id
X-HS-Content-Id
X-HS-Cache-Config
MicrosoftSharePointTeamServices
X-Content-Security-Policy-Report-Only
Server-Node
X-Varnish-TTL
X-Ua-Browser
X-Azure-Ref
X-LLID
X-VARITI-CCR
X-HS-Combine-CSS
X-Frontend
Cache-Tags
X-Cluster-Name
X-Ismobilevalue
X-Hits
X-PressLabs-Stats
Payment
Accept-Ch
X-Amz-Replication-Status
X-LB-Cache
X-GUploader-UploadID
X-Forwarded-Proto
X-Varnish-Backend
X-Goog-Metageneration
X-TTL
X-Fastcgi-Cache
X-Microsite
X-Request-Handler-Origin-Region
X-Protected-By
Filterid
Host
X-FB-Debug
X-Git-Hash
X-Logged-In
X-Unique-Id
Cleartype
X-Varnish-Server
Content-Disposition
X-Www-Served-By
X-Activity-Id
X-Az
X-AppVersion
X-Varnish-Ttl
X-Ratelimit-Reset
X-App-Server
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-Hostname
X-NGENIX-Cache
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Jurisdiction
X-HP-Webp
X-HP-Trace-Id
Origin-Trial
X-Page-Id
X-DIS-Request-ID
Pinterest-Generated-By
X-Pinterest-Rid
Pinterest-Version
Mrf-Cache-Status
X-B3-TraceId-Primal
MRF-Tech
X-Geo-Country
Access-Control-Allow-Method
Retry-After
X-Origin-Server
X-Nf-Request-Id
X-Load-Cache
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
X-ASPNET-VERSION
X-Cambria-Cache-Control
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Upgrade-Enabled
Akamai-GRN
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Template
MS-Author-Via
Accept-Charset
Fastly-SWR
X-Type
Fastly-SIE
X-Ah-Environment
Section-Io-Cache
X-TT
Viewport
X-Fb-Rlafr
X-Cache-Control
X-Content-Options
X-B3-Sampled
Version
X-B
Content-MD5
X-Grace
X-Xrds-Location
Amp-Access-Control-Allow-Source-Origin
Frame-Options
X-Request-Guid
X-Trace-Id
X-Revision
X-SRCache-Fetch-Status
X-SRCache-Store-Status
Healthy
X-Cdn
X-Amz-Meta-S3cmd-Attrs
X-Envoy-Decorator-Operation
TCN
X-Origin-Cache
X-RateLimit-Remaining
X-Magnolia-Registration
X-Device-Type
X-Vcl-Version
X-Contextid
X-Source
X-CSRF-Token
X-Aspnetmvc-Version
X-Rid
X-Webkit-CSP
X-Cache-Age
X-WP-CF-Super-Cache-Active
Server-Name
X-Backend-Name
X-Px
X-Mobile
DC
X-Language
X-Proxy
X-Seen-By
X-RM-Cache-TTL
X-Varnish-Grace
X-Tumblr-User
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-App-Environment
X-RemovedCookies
X-ProcessESI
X-Tumblr-Pixel-1
X-Buckets
Access-Control-Request-Headers
X-Environment-Context
X-Storage
X-Rule
X-Status
X-Framework
X-Debug-Info
X-L-Path
X-Mg-Request-UUID
X-Akamai-Edgescape
X-Cacheable-TTL
X-Region
X-Content-Powered-By
X-HTML-Minification-Powered-By
X-NYM-Debug-Backend
X-Adobe-Content
SD-X-WS
X-Node-Name
X-ServerID
X-FW-Version
X-Adobe-Loc
X-UUID
X-FW-Serve
X-FW-Hash
X-FW-Server
X-FW-Static
X-FW-Type
X-FW-Dynamic
X-G
Cross-Origin-Window-Policy
X-Proxy-Cache-Info
X-Debug-IsConnected
X-Debug-IsPreview
X-Instance
NGB
X-Tec-Api-Root
GEO-INFO
X-Datadog-Sampled
X-Datadog-Sampling-Priority
X-Datadog-Trace-Id
X-Is-Bot
X-Datadog-Parent-Id
X-Rendered-As
Ms-Operation-Id
X-RTag
MS-CV
X-Tec-Api-Origin
X-Tec-Api-Version
X-ECache
Paypal-Debug-Id
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-EdgeConnect-Cache-Status
X-User-Agent
X-Cache-Time
Upgrade-Insecure-Requests
Trailer
Countrycode
Webserver
X-B3-Traceid
Front
Charset
Protected
X-Fastly-Request-Id
X-Whom
X-WebKit-CSP-Report-Only
X-Edge-Location
OT-Force-Account-Verify
X-Lambda-Id
X-VC
Refresh
Section-Io-Id
X-N
X-VHOST
X-IPS-LoggedIn
X-HS-Prerendered
X-Cache-Status-Check
X-Akamai-Request-ID2
X-AB
Country
Priority
X-TT-LOGID
X-Reqid
X-Time
Backend
Alternate-Protocol
X-Amzn-Remapped-Content-Length
X-B3-SpanId
X-Hcs-Proxy-Type
X-Hl-Ver
X-CCDN-Origin-Time
Xet-Cookie
X-WP-CF-Super-Cache-Cookies-Bypass
X-CCDN-CacheTTL
Liferay-Portal
X-CLOUD-TRACE-CONTEXT
X-Server-W
X-Original-Request-Id
X-Response-Served-From
SRV
X-Via-JSL
Onion-Location
X-Mode
Accept-Language
X-FB-TRIP-ID
X-Skip-Cache
X-Real-IP
Filters
Meta-Geo
Fastcgi-Useragent
X-Fetched-On
X-Auth-Group-Type
X-Cache-Host
X-Accel-Version
X-Tb
X-Wix-Request-Id
Environment
ServerID
X-Frame-Option
X-VC-Cache
From-Origin
Cross-Origin-Embedder-Policy-Report-Only
X-UPSTREAM-Address
X-Rn-Rsrv
X-SaId
X-Origin-Date
X-Scope-Id
X-JoinUs
X-Web-Node
X-Tumblr-Pixel-2
X-Rewrite-Enabled
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-ProxyCache-Key
X-Varnish-Cache-Hits
X-Cache-Expired-At
X-Connection-Hash
X-Webstats-RespID
X-Redis-Cache
X-R9-Blue-Green-Version
X-ProxyCache-Status
X-Say-TTL
X-Cluster-Node
X-Say-Cacheable
Uber-Trace-Id
X-BYPASS-REASON
X-SayCDN-TTL
X-Cache-Action
X-Varnish-Age
X-Nginx-Cache
X-Logging-Id
X-Format
Atl-Traceid
X-Director
X-IPLB-Request-ID
Expiry
X-Hosted-By
X-IPLB-Instance
X-Restarts
X-Generated-By
X-Request-URI
Mn-Server-Ip
Webcakes-App-Name
Webcakes-App-Version
Property-Id
Webcakes-Region
TWC-GeoIP-LatLong
TWC-Locale-Group
TWC-GeoIP-Country
TWC-Device-Class
Apigw-Requestid
TWC-Privacy
TWC-Connection-Speed
Web-Mar-Node
X-Served-From
X-DataDome
X-Labrador-Cache-Channel
X-Loop
X-Httpd
X-Forwarded-Host
X-Handled-By
X-Soup
X-Origin-Hint
X-PHP-Host
X-Varnish-Beresp-Grace
X-Tncms
X-Vcache
X-Cms-Context
X-Adobe-Source
X-Timing-Wait
Selected-Fe
DB-Nickname
X-Proxy-Build
X-Zipkin-Id
X-Cloudmap
X-Cluster
X-Routing-Service
X-Extlb
X-Detected-As
X-Proxied
ServedBy
X-Servername
X-S
X-Origin
Url
X-Origin-CC
X-Origin-TTL
Referer-Policy
LB
X-LSADC-Cache
Xserver
N-Cache
X-Rocket-Nginx-Serving-Static
X-Lagoon
X-XRDS-Location
X-Hit
X-Webkit-Csp
Cross-Origin-Embedder-Policy
CF-IPCountry
X-Ms-Version
X-SRV
X-TraceId
X-Ms-Request-Id
X-Xfnlog-Site
X-DynaTrace
X-Tumblr-Pixel-3
X-NWS-UUID-VERIFY
X-XRDS-LOCATION
X-Upstream-Ht
X-RID
X-Upstream-Ct
X-UA
X-Azure-Ref-OriginShield
X-VCT
X-Cache-Debug
Source
X-RCS-CacheZone
WPO-Cache-Status
WPO-Cache-Message
X-Proxy-Cache-Status
Surrogated-Key
X-FTR-Request-ID
X-Worker
CDN-RequestId
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Geo-Region
X-Is-Mobile
X-Is-Tablet
X-Browser-Name
X-Is-Desktop
X-Tcp-Rtt
X-Is-Supported-Browser
Locale
X-B-Cache
X-Urbn-Context-Path
X-Urbn-Site-Id
X-No-Session
X-Signature
X-F-Cache
X-Generation-Time
Node
X-Sucuri-Cache
X-App-Version
X-Cdn-Origin
X-RateLimit-Limit
X-NODE
X-Sucuri-ID
X-Drupal-Cache-Contexts
X-Drupal-Cache-Tags
X-Sorting-Hat-ShopId
X-Alternate-Cache-Key
X-ShopId
X-ShardId
X-Shopify-Stage
X-Storefront-Renderer-Rendered
X-Tx-Id
X-Sorting-Hat-PodId
X-Cdn-Forward
X-Locale
X-MP-GENERATED-AT
Ohc-File-Size
Cross-Origin-Opener-Policy-Report-Only
X-Cache-Operation
X-Cache-Rule
X-Site-Version
X-Debug-Cache-Store
X-Ec-GeoHdr
X-Debug-Cache-Fetch
X-Epic-Correlation-Id
X-FC-Vary-Parameters
X-Ec-Fail
X-Gdpr
X-DefHash
X-Depends
X-Developer
X-GeoIP
X-GeoIP-City
X-DPWN-IS-SECURE
X-GeoCountry
X-DefElseHash
X-GeoCode
X-Bc-Bl
Gannett-Cam-Experience-Id
Fastly-GeoIP-CountryCode
We-Hiring
Host-ID
Lang
Fastly-Backend-Name
Expect-Staple
X-A-Dcw
X-A-Dam
X-A-Ccd
X-A
Thinkindot-CacheControl-Type
Mail-Subject
Sslversion
Origin-Agent-Cluster
Rendered-Blocks
Redirect-Candidate
Odigeo-Trace-Id
TDXMobile
MD5-Digest
Meta-Geo-Continent
Thinkindot-CacheControl
Ngx.Var.Host
DCR-Processing-Time-Ms
DCR-Decision-By
X-Cache-Aspx
X-Bug-Bounty
Candidate-Md5Url
X-BCube-Filmed-By
BehaviorPad-Version
X-Cache-Info
A
X-Contensis-Viewer-Groups
X-Conf
X-Cache-NE
X-Backend-Instance
X-App-Name
Cluster
Content-Secure-Policy
X-A-Wwc
X-A-Dgt
X-Aed
X-Aicache-OS
X-Amz-Storage-Class
Cdncip
Cdnsip
X-AK-Request-ID
X-D
X-ElasticPress-Query
AMP-Access-Control-Allow-Source-Origin
X-Platform-Server
X-Proto
X-Proxied-Request
X-NGINX-Cache
X-Request-Time
X-PAYTM-SRV-ID
X-Path
X-Nyt-Route
X-Mvc-Supplant-OutputCached
X-Org
X-Origin-Expires
X-Origin-Time
X-Origin-Response-Time
X-Rojux
X-Scheme
X-Service
X-Varnish-Remaining-TTL
X-We-Are-Hiring
X-Vtex-Remote-Cache
X-Vmg-Version
X-Vdms-Version
X-Varnish-CookieINHashed-On
X-Varnish-CookieHashed-On
X-Shield-Cache-Expires
X-ScT
X-Thinkindot-L3
X-TIM-N
X-Varnish-Authentication
X-Mvc-Supplant-Cachable
X-Proxy-CacheRZ
Producers
XkeyRZ
X-Loc
X-Ig-Origin-Region
X-Internal-TTL
X-Jobs
X-Ig-Push-State
X-INCAP-ABP
Xc-Version
X-Mly-Id
Mime-Version
X-Optimistic-Header
X-Varnish-Beresp-Ttl
Web-Mar-Region
X-HN
X-HS-Content-Campaign-Id
X-Human
Wxu-Next-Hostname
Wxu-Next-Commit
X-UA-Device-Type
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Sn-Servicetimems
X-Tb-Optimization-Total-Bytes-Saved
X-Wikidot-Backend
X-V-Cache
Wxu-Next-Region
W
X-Var-Ttl
X-Varnish-Director
Server-Host
RNT-Time
X-Viewer-Country
X-Via-Fastly
X-VG-WebCache
RNT-Machine
Req-Svc-Chain
Product
X-VTEX-Cache-Server
Release
X-Hash
X-GeoIP-Region-Code
X-VTEX-Cache-Time
Tube-Got-Results
Tube-Got-Eval
Tube-Return
User-Agent
X-Slack-Shared-Secret-Outcome
Origin
Tube-Get-Contents
X-Varnishpool
X-GeoIP-Country-Code
Yak-Timeinfo
X-VarnishDD-TTL
V-Age
X-Section
X-Platform
X-Wikidot-Static-Cache
X-Date
X-Level-Front-Cache
X-Csrf-Jwt
X-Core-Value
X-CGP
X-Clientip
X-Fmm-Version
X-Content-Age
X-Fastly-Backend
X-Eu-Site
X-Ec-Custom-Error
X-NMSegId
X-Micro-Cache
X-Edge-Server
X-Node-Id
X-Dispatcher-Server
X-Location
X-Op-Id-All
X-Esi-Check
X-CacheTTL
X-Cached-By
X-SB
X-Generated-On
X-Auto-Login
X-B3-Trace-ID
X-Amz-Meta-Cb-Modifiedtime
X-Akamai-Device-Characteristics
X-Slack-Backend
X-Acquia-Purge-Cdn-Unconfigured
X-SD-PageType
X-BBC-Edge-Cache-Status
X-Req
X-Cache-Id
X-Powered-By-VTEX-Cache
X-Pool
X-Policy
X-Cache-Grace
X-Cache-Bucket
X-Bl-Debug
X-Gzip
X-Gamma-Serve
X-Accel-Expires-Debug
X-Access
Click-Count-Error
Content-Script-Type
Click-Count-Action-Start
Cdn-Request-Time
Cdn-Host
Debug
DSUID
HA-Ipaddr
L
Ha-Gx-Prefs
Gh-Request-Id
Esi-Enabled
Canary
Cache-Provider
Apple-News-Services-Request-Url
X-Pad
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Apple-News-Services-Handled
Azure-InstanceId
Azure-RegionName
Cache
Cache-Key
Azure-Version
Azure-SlotName
Azure-SiteName
L5d-Success-Class
Content-Style-Type
NM-Fastcgi-Cache
Origin-CC
PFcat
Origin-EX
Platform
NGX
TP-L2-Cache
CDN-CachedAt
ServerName
CDN-EdgeStorageId
X-Varnish-Beresp-Status
X-Hnp-Log
CDN-RequestCountryCode
X-Cdn-Srv
CDN-Cache
CDN-PullZone
X-Block-Status
X-AB-Test
X-Content-Length
X-Men
Req-ID
X-NodeID
X-Cache-FS-Status
CDCHOST
X-LiteSpeed-Tag
X-Irp-Debug
X-SIPLIST1
X-Bip
CDN-RequestPullCode
Fastly-SSL
X-GoCache-CacheStatus
X-Newrelic-Synthetics
Pramga
CDN-RequestPullSuccess
X-CUA
X-Thanos
User-Cache-Control
X-Gen-Mode
X-Request-Start
X-Server-IP
IsBot
CDN-Uid
X-Pubstack
Country-Code
Ssr
X-Cache-Hit
X-Request-Host
X-VG-TLSProxy
Akamai-Mon-Iucid-Del
Sid
X-HOST
XM
X-ORCA-Accelerator
Fl-Custom-Application
X-Api-Version
X-CACHE-GROUP
X-LiteSpeed-Cache-Control
X-Varnish-Hits
X-Dc
X-Cs
X-VServer
X-TA-CDN-Provider
True-Client-Country-4JS
X-GEO
X-LJ-Flow-ID
X-AWS-Id
X-VWS-Id
X-HS-CF-Cache-Status
X-LB-NoCache
X-Air-Pt
X-Servedbyhost
X-Test
Proxy-Firewall
X-Geolocation
CloudFront-Viewer-Country
Server-Ext
Sever-Int
X-Refresh
Server-Hostname
GeoIP-Latitude
X-Cache-Date
X-Nananana
C-Via
X-Provided-By
X-HITS
X-RequestId
Fastly-Drupal-HTML
X-Presslabs-Stats
Adler-Geo
X-DC
X-B3-Parentspanid
X-Via-CDN
X-APP
Edge-Copy-Time
Is-Eu
X-Via-Edge
X-B-Cookie
X-Application
X-Destination
X-External-Request-Id
X-S-Cookie
X-Via-SSL
X-IsAdmin
X-Nginx-Cache-Key
X-B3-Spanid
X-Tt-Logid
X-Via-Poph
X-Dispatcher-Number
X-Zen-Fury
X-Via-Popn
X-Via-Popv
X-Zone
X-HA-Backend
S-Rt
X-Endurance-Cache-Level
Cdn-Requestid
X-ZONE
X-Litespeed-Tag
Fastly-Drupal-Html
X-User
X-Nc
WZWS-RAY
X-LB-ID
X-Wa
X-DynaTrace-JS-Agent
Cache-Tv-Group
X-Custom-Header
T-Server
X-Webkit-Csp-Report-Only
X-Geo-Header
HostName
Server-ID
X-Srv
X-CDN-Forward
Cdn
X-Oracle-Dms-Ecid
X-COUNTRY
X-AIR-PT
X-Pass-Why
X-URL
X-ND-Cache
Ohc-Cache-HIT
X-CS
GeoIp-Country-Code
X-VC-TTL
X-Cache-Server
X-CMSURLCustom
Vc-Max-Age
X-CACHE-AGE
X-Parent-Response-Time
X-HubSpot-Correlation-Id
WP-Super-Cache
X-Fpc
X-TH-Server
X-Vgn-Hpd-Reason
SID
True-Client-IP
X-NewRelic-App-Data
X-Moov-Xdn-Version
X-Moov-Xdn-Caching-Status
X-DataCenter
Resin-Trace
X-Moov-T
X-API-Version
Pics-Label
X-Old-Content-Length
Vix-Hermes-Req-Id
Powered-By
X-Varnish-Beresp-TTL
SEZNAM-JOBS-OFFER
X-Fastly-Cache
X-Datadome
X-Ckpd-Fst-Backend
True-Client-Ip
Uri
X-Srcache-Store-Status
X-Srcache-Fetch-Status
X-APP-VERSION
On-Server
Srv
X-SERVER-NAME
Serverhost
X-Thinkindot-L1
Location
X-Action
X-Cache-VC
GeoIP-Country-Code
X-Vercel-Cache
Thinkindot-Control
X-Vercel-Id
ServerHost
X-TX-ID
X-FPC
X-Client-Ip
X-Amz-Meta-Opti
X-Stale
X-Cache-TTL-Remaining
X-PHP-Backend
AKAMAI
X-Air-Hostname
X-Air-Source
X-Dynatrace-Js-Agent
X-Air-Trace-Id
X-Oracle-Dms-Rid
N1-Cache
Server-Id
X-Country-Code-Real
X-FTR-Balancer
X-FTR-Backend
X-FTR-Backend-Server
X-FTR-Expires
X-FTR-Cache-Status
X-Debug-Service
X-Info
Magicmarker
Cl-Cache
Av-Poweredby
Hostname
X-Datacenter
X-Cdn-Cache-Status
X-PERF
X-ApacheServer
Xkey-La3
X-Fastly-Cache-Status
X-Proxy-Cache-La3
X-Fastly-Backend-Reqs
Xkeylog
X-NC
X-WA
Tcn
X-Service-Response-Time
X-V
X-Ssense-Shipping-Surcharge-Enabled
Sm-Log-Id
X-Ssense-Gql
X-Resp-Is-Stale
X-Litespeed-Cache-Control
X-Vc
X-VCL-Version
X-Ee-Request-Id
X-Ee-Generated-By
X-Ee-Origin
X-Ee-Request-Date
X-Vary-Devices
X-Geo
X-IAuth-Set-Uid
X-CDN-Cache-Status
X-Cms-Device
X-Save-Cache
X-VTEX-Cache-Backend-Connect-Time
Store-Cloud-Cache
X-Udemy-Cache-App-Namespace
X-WA-Info
X-Lb-Id
X-Render-Time
Time-Cloud-Cache
X-Nitro-Cache
X-VTEX-Cache-Backend-Header-Time
X-Cache-Ttl
CDN
X-Oracle-DMS-ECID
X-Uri
X-Github-Request-Id
X-Via-PopV
X-Via-PopH
X-Rollout
X-Via-PopN
X-Ha-Backend
X-App
X-New
X-Eligible
Cache-Hits
TWC-GeoIP-Region
TWC-GeoIP-DMA
X-Esi
TWC-GeoIP-City
Cache-Contol
X-Limited
X-Ion-Healthy
X-Ion-Hop
RewriteTestHook
X-Forwarded-Site
Geoip-Latitude
X-Jungle-Id
X-Region-Sid
Cloudfront-Viewer-Country
RewriteTeamHook
X-ServedByHost
X-Akamai-Pragma-Client-IP
Machine
Log-Origin
Cmstype
X-Lb-Nocache
WWW-Authenticate
Cneonction
WebServer
Server-Info
X-Ua
X-Traceid
My-App
Cmsid
CountryCode
X-Correlation-ID
X-Git-Commit
X-LAGOON
X-From
X-Requestid
X-MSEdge-Features
Pragrma
X-EC-Lua
X-Ftr-Request-Id
X-MSEdge-Flight
X-Container-Uri
X-Dw-Trace-Id
Cf-Ipcountry
Edge-Cache
X-Up
X-Acquia-Site
X-Check-Cacheable
Lb
Reporter
X-Varnish-Hostname
X-Acquia-Purge-Tags
Permission-Policy
X-Acquia-Application-UUID
X-Cdn-Request-ID
X-Akamai-Transformed
X-Serial
X-SRCache-Key
X-HS-Status
CacheControlHeader
X-Acquia-Application-Trace
FSS-Cache
X-Pod
X-Sucuri-Id
X-Elasticpress-Query
X-BBC-Origin-Response-Status
X-Ramcache
X-Platform-Router
X-Fastly-Cache-Hits
X-Platform-Processor
X-Platform-Cluster
PICS-Label
CF-Cached-On
X-Ms-Blob-Type
X-Ms-Lease-Status
X-Akamai-ERPolicy
X-Akamai-ERRuleID
Warning
Timeexpire
X-Tncms-Bot-Tier
X-Orig-Cache-Control