Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
X-Frame-Options
Expires
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
CF-Cache-Status
Cf-Request-Id
ETag
Accept-Ranges
Expect-CT
CF-RAY
Pragma
X-Powered-By
X-Cache
Via
Age
X-XSS-Protection
Content-Security-Policy
Alt-Svc
Report-To
NEL
Referrer-Policy
X-Xss-Protection
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
Accept-CH
X-UA-Compatible
X-Served-By
X-Download-Options
P3P
X-Timer
Access-Control-Allow-Headers
X-Request-Id
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
CF-Ray
Content-Security-Policy-Report-Only
X-Runtime
X-DNS-Prefetch-Control
P3p
X-AspNet-Version
X-Drupal-Cache
Server-Timing
X-Generator
X-Cache-Status
X-Cacheable
X-Envoy-Upstream-Service-Time
X-Ua-Compatible
X-FRAME-OPTIONS
Timing-Allow-Origin
X-Iinfo
Permissions-Policy
X-Drupal-Dynamic-Cache
X-Request-ID
X-Content-Security-Policy
Feature-Policy
Access-Control-Expose-Headers
Upgrade
Content-Encoding
Status
X-CDN
Accept-CH-Lifetime
Access-Control-Max-Age
X-AspNetMvc-Version
Host-Header
Cf-Edge-Cache
X-Robots-Tag
Request-Context
X-Amz-Request-Id
X-Backend
X-Amz-Id-2
X-Hacker
X-UA-Device
Cf-Apo-Via
X-Cache-Group
X-Turbo-Charged-By
X-Proxy-Cache
X-Age
Keep-Alive
X-Rq
EagleId
X-Via
X-Vhost
X-Dispatcher
X-Server
X-Check
X-Amz-Version-Id
X-AH-Environment
X-Ws-Request-Id
X-Litespeed-Cache
X-Varnish-Cache
Grace
X-OneAgent-JS-Injection
X-Server-Powered-By
X-WebKit-CSP
X-Swift-CacheTime
X-Swift-SaveTime
X-Pingback
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
Ali-Swift-Global-Savetime
Allow
X-Dns-Prefetch-Control
Xkey
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Cache-Lookup
X-Page-Speed
X-Cloud-Trace-Context
X-Device
X-Backend-Server
X-Akam-SW-Version
X-Host
Surrogate-Control
EagleEye-TraceId
X-Response-Time
X-Readtime
Cf-Railgun
X-HW
X-Node
X-Server-Id
Request-Id
X-Ruxit-JS-Agent
X-Country
X-Nginx-Cache-Status
X-Url
Content-Location
X-Country-Code
X-Content-Type
Cache-Tag
X-Nginx-Upstream-Cache-Status
Fastly-Restarts
X-Trace
Service-Worker-Allowed
X-Clacks-Overhead
Cross-Origin-Opener-Policy
X-Application-Context
X-NWS-LOG-UUID
X-Rack-Cache
X-Amz-Server-Side-Encryption
X-LiteSpeed-Cache
X-Times
X-PC
X-Vname
X-TtlSet
Surrogate-Key
X-Mcache
X-Midtier
X-Edge
Rating
X-Server-Name
X-Cache-TTL
Display
Pagespeed
X-Sol
X-Middleton-Display
X-Cnection
X-Element-Page-Cache
X-Browser-Type
X-Powered-By-Plesk
X-Abt-Application-Version
X-Kinja-Revision
X-Kinja-Server
X-Kinja-Build
X-Exp-Variant
X-Exp-Id
X-GoogleNews-Bot
X-Kinja
X-Cdn-Fetch
X-GitHub-Request-Id
X-ESI
Nginx-Cache
Edge-Control
X-Vcap-Request-Id
Verso
X-D2id
X-Ac
X-Ser
X-MS-InvokeApp
X-ORACLE-DMS-RID
X-Ratelimit-Limit
X-Client-IP
X-ECACHE
X-Amz-Rid
Response
X-Middleton-Response
X-Wormhole-Sdk
X-ARC
X-CST
X-Powered-CMS
X-Dw-Request-Base-Id
X-Goog-Hash
X-Navigation-Version
X-Kinsta-Cache
X-Edge-Location-Klb
X-Ratelimit-Remaining
X-Server-ID
X-Kraken-Loop-Name
X-Instrumentation
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Server-Lifecycle-Phase
X-Upstream
X-PDP-UNCACHING-HASH
X-Ruxit-Js-Agent
X-B3-TraceId
X-Forwarded-For
X-Amzn-Trace-Id
X-FastCGI-Cache
SPIisLatency
SPRequestDuration
X-Cache-Key
RTSS
X-Oneagent-Js-Injection
X-Mod-Pagespeed
X-Daa-Tunnel
Edge-Cache-Tag
Cache-Status
AR-Request-ID
AR-SID
AR-ATIME
AR-PoweredBy
Public-Key-Pins
X-Content-Digest
X-Ezoic-Cdn
X-Version
X-Ttl
Origin-Trial
SPRequestGuid
X-SharePointHealthScore
X-Mg-S
X-ORACLE-DMS-ECID
Realpath
S
X-FTR-Request-ID
X-NF-Request-ID
X-MSEdge-Ref
X-Shield-Request-Id
X-T
X-Fastly-Request-ID
Fastcgi-Cache
X-Recruiting
Front-End-Https
Cross-Origin-Resource-Policy
X-Kong-Upstream-Latency
AR-CACHE
X-Kong-Proxy-Latency
X-Accel-Expires
X-Cached
X-Distributor
X-Pinterest-Rid
Pinterest-Version
Pinterest-Generated-By
X-Xrds-Location
X-Azure-Ref
Access-Control-Request-Method
X-Nf-Request-Id
X-TTL
Arr-Disable-Session-Affinity
TP-Cache
X-Request-Received
X-Request-Processing-Time
X-Ua-Browser
X-HS-Content-Id
X-Id
Count-Hit
X-HS-Hub-Id
X-HS-Cache-Config
X-Debug
X-Correlation-Id
X-LLID
Cache-Tags
X-Ismobilevalue
X-Cluster-Name
Server-Node
X-Content-Security-Policy-Report-Only
X-Varnish-TTL
X-Newrelic-App-Data
X-PressLabs-Stats
MicrosoftSharePointTeamServices
Akamai-GRN
X-Aspnetmvc-Version
X-VARITI-CCR
X-Frontend
X-NGENIX-Cache
Accept-Ch-Lifetime
X-GUploader-UploadID
X-Hits
X-Varnish-Backend
Accept-Ch
X-Amz-Replication-Status
X-Protected-By
X-HS-Combine-CSS
X-Goog-Metageneration
Payment
X-Request-Handler-Origin-Region
X-Microsite
X-Page-Id
X-Ratelimit-Reset
X-Unique-Id
X-LB-Cache
Cleartype
X-Git-Hash
X-FB-Debug
X-Varnish-Server
X-Www-Served-By
X-Activity-Id
X-AppVersion
X-Logged-In
X-Az
X-Tt-Trace-Tag
X-Hostname
X-Tt-Trace-Host
Content-Disposition
X-Varnish-Ttl
X-DIS-Request-ID
X-HP-Webp
X-Jurisdiction
X-HP-Trace-Id
Host
X-Cambria-Cache-Control
Filterid
X-Forwarded-Proto
X-TraceId
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Template
Amp-Access-Control-Allow-Source-Origin
X-App-Server
X-Geo-Country
Frame-Options
X-Aspnet-Version
X-Fastcgi-Cache
Trailer
Version
X-ASPNET-VERSION
X-B3-TraceId-Primal
Mrf-Cache-Status
MRF-Tech
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
Access-Control-Allow-Method
Accept-Charset
X-Type
X-WP-CF-Super-Cache-Cache-Control
X-Load-Cache
X-WP-CF-Super-Cache
Fastly-SWR
X-Upgrade-Enabled
Fastly-SIE
X-Ah-Environment
X-Content-Options
Viewport
Section-Io-Cache
X-Origin-Server
X-Fb-Rlafr
X-Envoy-Decorator-Operation
X-TT
X-B3-Sampled
X-B
X-Cache-Control
X-Source
X-Grace
X-Cache-Age
MS-Author-Via
Retry-After
X-Rid
Content-MD5
Server-Name
X-Device-Type
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Vcl-Version
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Tec-Api-Version
X-Language
X-Tec-Api-Origin
X-TEC-API-VERSION
X-Tec-Api-Root
X-Cdn
X-Px
X-Request-Guid
X-Buckets
X-HS-Prerendered
X-Magnolia-Registration
X-Trace-Id
X-Revision
X-Mobile
TCN
Healthy
X-EdgeConnect-Cache-Status
X-Akamai-Edgescape
X-Varnish-Grace
X-B3-Traceid
X-WP-CF-Super-Cache-Active
X-Backend-Name
Protected
X-Response-Served-From
X-Instance
X-Original-Request-Id
X-RM-Cache-TTL
X-App-Environment
SD-X-WS
X-Status
X-Debug-Info
X-Tumblr-Pixel-1
X-Rule
X-ServerID
GEO-INFO
X-Rendered-As
Cross-Origin-Embedder-Policy-Report-Only
Charset
X-Tumblr-Pixel
X-NYM-Debug-Backend
X-Tumblr-User
X-Origin-Cache
X-Is-Bot
X-Tumblr-Pixel-0
X-ProcessESI
X-RemovedCookies
Upgrade-Insecure-Requests
Access-Control-Request-Headers
X-Edge-Location
X-Adobe-Loc
X-Cache-Time
X-Adobe-Content
Cross-Origin-Window-Policy
NGB
X-Region
X-FW-Static
X-UUID
X-FW-Type
X-Storage
X-Cacheable-TTL
X-FW-Server
X-FW-Serve
X-Environment-Context
X-Framework
X-FW-Dynamic
X-FW-Hash
X-L-Path
X-FW-Version
X-Node-Name
X-Mg-Request-UUID
X-Datadog-Sampled
X-Datadog-Parent-Id
X-Content-Powered-By
X-Debug-IsConnected
X-Debug-IsPreview
X-RTag
X-Proxy
X-Yottaa-Optimizations
Ms-Operation-Id
X-Datadog-Trace-Id
X-Yottaa-Metrics
X-Datadog-Sampling-Priority
X-Proxy-Cache-Info
MS-CV
X-Contextid
X-CSRF-Token
X-G
Refresh
X-ECache
X-Whom
X-Ua-Device
OT-Force-Account-Verify
X-Lambda-Id
X-Amz-Meta-S3cmd-Attrs
Webserver
Countrycode
Section-Io-Id
X-FTR-Backend
DC
X-FTR-Balancer
Paypal-Debug-Id
X-User-Agent
X-FTR-Expires
X-FTR-Cache-Status
X-FTR-Backend-Server
X-Country-Code-Real
X-Reqid
X-Amzn-Remapped-Content-Length
X-HTML-Minification-Powered-By
X-Seen-By
X-VC
X-RateLimit-Remaining
X-Hcs-Proxy-Type
X-CCDN-Origin-Time
Front
X-CCDN-CacheTTL
Priority
X-TT-LOGID
Alternate-Protocol
X-Server-W
SRV
X-WebKit-CSP-Report-Only
X-Real-IP
X-DataDome
X-WP-CF-Super-Cache-Cookies-Bypass
X-IPS-LoggedIn
X-Time
X-Akamai-Request-ID2
Liferay-Portal
Cross-Origin-Opener-Policy-Report-Only
X-Origin-CC
X-Origin-TTL
X-N
X-AB
Backend
X-Mode
Country
X-Rocket-Nginx-Serving-Static
X-Cache-Status-Check
Onion-Location
WPO-Cache-Status
Xet-Cookie
X-B3-SpanId
X-Hl-Ver
WPO-Cache-Message
Fastcgi-Useragent
X-Origin-Hint
X-Redis-Cache
X-Rn-Rsrv
X-Rewrite-Enabled
X-Say-TTL
Environment
X-Say-Cacheable
X-SaId
X-SayCDN-TTL
TWC-GeoIP-LatLong
X-Tumblr-Pixel-2
Filters
Webcakes-App-Name
Web-Mar-Node
TWC-Privacy
Webcakes-Region
X-Cache-Action
X-FB-TRIP-ID
X-Format
X-UPSTREAM-Address
X-JoinUs
X-Cache-Host
TWC-Locale-Group
Webcakes-App-Version
ServerID
Property-Id
TWC-Connection-Speed
Meta-Geo
TWC-GeoIP-Country
TWC-Device-Class
Expiry
X-Fetched-On
DB-Nickname
X-Director
X-Detected-As
From-Origin
X-Handled-By
X-Scope-Id
X-IPLB-Request-ID
X-IPLB-Instance
X-Hosted-By
X-Origin-Date
X-Frame-Option
X-Cms-Context
X-Accel-Version
X-Loop
Mn-Server-Ip
X-R9-Blue-Green-Version
X-Restarts
X-Labrador-Cache-Channel
X-PHP-Host
Uber-Trace-Id
X-Cluster-Node
X-DynaTrace
X-Cache-Expired-At
X-Connection-Hash
X-Soup
X-Nginx-Cache
X-Tncms
X-VC-Cache
X-Varnish-Age
X-Skip-Cache
X-Tb
X-Vcache
X-Webstats-RespID
Url
X-Adobe-Source
X-Ms-Version
Atl-Traceid
X-ProxyCache-Key
X-ProxyCache-Status
X-Logging-Id
X-Ms-Request-Id
X-BYPASS-REASON
X-Forwarded-Host
X-Web-Node
X-Varnish-Cache-Hits
X-Httpd
X-Varnish-Beresp-Grace
X-Servername
Apigw-Requestid
Selected-Fe
X-Served-From
X-Auth-Group-Type
X-Tumblr-Pixel-3
X-Cluster
X-Resp-Is-Stale
ServedBy
X-Fastly-Request-Id
Ohc-File-Size
X-Timing-Wait
X-Proxy-Build
X-Origin
X-Routing-Service
Cross-Origin-Embedder-Policy
X-S
X-Extlb
X-Cloudmap
X-Zipkin-Id
X-Proxied
X-Hit
Referer-Policy
X-Request-URI
X-Webkit-CSP
Accept-Language
N-Cache
X-Azure-Ref-OriginShield
X-SRV
X-LSADC-Cache
X-HS-CF-Cache-Status
Surrogated-Key
X-Worker
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
LB
X-Generated-By
X-Sucuri-Cache
X-Lagoon
X-Generation-Time
X-App-Version
Xserver
X-Cache-Hit
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Xfnlog-Site
X-Drupal-Cache-Tags
X-TA-CDN-Provider
X-Drupal-Cache-Contexts
CF-IPCountry
X-Webkit-Csp
X-Sucuri-ID
X-XRDS-Location
X-Wix-Request-Id
X-Cdn-Origin
Source
X-CDN-Forward
X-MP-GENERATED-AT
X-Tx-Id
X-NWS-UUID-VERIFY
X-F-Cache
Node
X-Cache-Debug
CDN-RequestId
X-RCS-CacheZone
X-NODE
X-VCT
X-Mly-Id
Cache
X-Cache-Rule
X-Via-Edge
X-Via-SSL
X-Via-CDN
Edge-Copy-Time
X-Is-Tablet
X-Urbn-Context-Path
X-Tcp-Rtt
X-Urbn-Site-Id
X-Is-Supported-Browser
X-Is-Mobile
Locale
X-Browser-Name
X-Is-Desktop
X-Geo-Region
X-INCAP-ABP
X-No-Session
X-Varnish-Beresp-Ttl
X-Pad
X-B-Cache
Cache-Provider
X-Oracle-Dms-Ecid
Ohc-Cache-HIT
X-Signature
X-ElasticPress-Query
Wxu-Next-Hostname
Web-Mar-Region
Wxu-Next-Commit
Sslversion
Redirect-Candidate
Rendered-Blocks
Producers
W
We-Hiring
X-A-Dcw
X-Aed
X-Access
X-Aicache-OS
X-App-Name
X-Application
X-AB-Test
X-A-Wwc
X-A-Ccd
X-A
X-A-Dam
PFcat
X-A-Dgt
Wxu-Next-Region
MD5-Digest
Content-Secure-Policy
Cluster
DCR-Decision-By
DCR-Processing-Time-Ms
Expect-Staple
Candidate-Md5Url
BehaviorPad-Version
Apple-News-Services-Handled
X-Site-Version
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Fastly-Backend-Name
Fastly-GeoIP-CountryCode
X-B-Cookie
Mail-Subject
Meta-Geo-Continent
Ngx.Var.Host
Odigeo-Trace-Id
Lang
L5d-Success-Class
Fl-Custom-Application
Fastly-SSL
Ha-Gx-Prefs
HA-Ipaddr
Host-ID
Origin
X-Bug-Bounty
X-Origin-Time
X-Org
X-Path
X-PAYTM-SRV-ID
X-Platform-Server
X-Op-Id-All
X-Nyt-Route
X-Ig-Origin-Region
X-HS-Content-Campaign-Id
X-Ig-Push-State
X-Jobs
X-Mvc-Supplant-Cachable
X-Proto
X-Proxied-Request
X-VarnishDD-TTL
X-TIM-N
X-Vdms-Version
X-Vtex-Remote-Cache
Xc-Version
X-Slack-Shared-Secret-Outcome
X-Slack-Backend
X-S-Cookie
X-Rojux
X-ScT
X-SD-PageType
X-Section
X-HN
X-Geolocation
X-Csrf-Jwt
X-Conf
X-D
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-CGP
X-Cache-Operation
X-BCube-Filmed-By
X-Bc-Bl
X-Bl-Debug
X-Cache-Info
X-Cache-NE
X-Destination
X-Developer
X-GeoCode
X-Gdpr
X-GeoCountry
X-GeoIP-Country-Code
X-GeoIP-Region-Code
X-FC-Vary-Parameters
X-External-Request-Id
X-DPWN-IS-SECURE
X-Ec-Fail
X-Ec-GeoHdr
X-Eu-Site
X-Backend-Instance
X-Cache-Grace
X-Via-JSL
X-Litespeed-Tag
X-VC-TTL
X-NGINX-Cache
X-Locale
X-CUA
X-Core-Value
X-Date
X-Content-Age
X-CacheTTL
X-Cdn-Srv
X-Clientip
X-DefHash
X-Content-Length
X-Dispatcher-Server
X-Fmm-Version
X-Gamma-Serve
X-Gen-Mode
X-Generated-On
X-Fastly-Backend
X-Esi-Check
X-Ec-Custom-Error
X-Edge-Server
X-Epic-Correlation-Id
X-Cached-By
X-Block-Status
Thinkindot-CacheControl-Type
User-Agent
User-Cache-Control
V-Age
Thinkindot-CacheControl
TDXMobile
RNT-Machine
RNT-Time
Server-Host
X-Accel-Expires-Debug
X-AK-Request-ID
X-BBC-Edge-Cache-Status
X-GEO
X-Cache-Date
X-B3-Trace-ID
X-Auto-Login
X-Akamai-Device-Characteristics
X-Amz-Meta-Cb-Modifiedtime
X-Amz-Storage-Class
X-Cache-Id
X-GeoIP-City
X-Varnish-CookieHashed-On
X-Varnish-CookieINHashed-On
X-Varnish-Director
X-Varnish-Remaining-TTL
X-Var-Ttl
X-V-Cache
X-Scheme
X-Shield-Cache-Expires
X-Thinkindot-L3
X-User
X-Varnishpool
X-VG-WebCache
X-VTEX-Cache-Time
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-Zen-Fury
X-VTEX-Cache-Server
X-VServer
X-Via-Fastly
X-Viewer-Country
X-Vmg-Version
X-SB
X-Request-Time
X-Irp-Debug
X-Level-Front-Cache
X-Loc
X-Location
X-Human
X-Hnp-Log
Req-Svc-Chain
X-GoCache-CacheStatus
X-Gzip
X-Hash
X-Micro-Cache
X-Mvc-Supplant-OutputCached
X-Policy
X-Powered-By-VTEX-Cache
X-Req
X-Request-Host
X-Platform
X-Origin-Expires
X-NMSegId
X-Node-Id
X-NodeID
X-GeoIP
X-DefElseHash
Content-Style-Type
Debug
Content-Script-Type
Origin-Agent-Cluster
Product
Gannett-Cam-Experience-Id
Pramga
Mime-Version
NM-Fastcgi-Cache
L
Platform
Gh-Request-Id
Cdncip
Cdnsip
Azure-SlotName
Azure-SiteName
Azure-RegionName
Azure-InstanceId
Azure-Version
Canary
CDCHOST
Cdn-Host
Cdn-Request-Time
X-COUNTRY
X-Storefront-Renderer-Rendered
X-Alternate-Cache-Key
X-ShardId
X-Shopify-Stage
X-Proxy-Cache-Status
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-ShopId
X-UA
Akamai-Mon-Iucid-Del
X-Cache-FS-Status
X-Server-IP
Tube-Got-Results
XM
Yak-Timeinfo
CDN-Cache
Tube-Got-Eval
X-Cache-Aspx
X-We-Are-Hiring
CDN-RequestPullSuccess
X-Bip
CDN-RequestCountryCode
X-SIPLIST1
Tube-Get-Contents
Tube-Return
CDN-CachedAt
X-Pubstack
X-VG-TLSProxy
Release
CDN-PullZone
X-Pool
X-Depends
X-Origin-Response-Time
CDN-RequestPullCode
CDN-EdgeStorageId
X-Request-Start
X-Contensis-Viewer-Groups
X-AIR-PT
IsBot
CDN-Uid
NGX
X-UA-Device-Type
Origin-EX
Click-Count-Action-Start
Click-Count-Error
Req-ID
X-Varnish-Authentication
Country-Code
X-Acquia-Purge-Cdn-Unconfigured
X-SVT-ORM-VERSION
X-Men
X-Internal-TTL
X-Thanos
Origin-CC
ServerName
DSUID
X-Sn-Servicetimems
X-IsAdmin
X-SVT-ORM-RULES
X-Varnish-Beresp-Status
X-URL
Ssr
X-Tb-Optimization-Total-Bytes-Saved
X-HOST
X-RID
X-Service
X-Varnish-Hits
Sid
X-ORCA-Accelerator
X-LB-NoCache
X-Upstream-Ht
X-Upstream-Ct
X-CACHE-GROUP
Esi-Enabled
X-VHOST
X-ZONE
X-TH-Server
X-Vgn-Hpd-Reason
GeoIP-Latitude
Fastly-Drupal-HTML
X-HubSpot-Correlation-Id
X-Api-Version
X-Cs
X-Refresh
X-RequestId
X-Cache-Bucket
X-Servedbyhost
X-B3-Spanid
X-HITS
CloudFront-Viewer-Country
X-DC
Cdn-Requestid
X-Nc
X-Wa
X-Moov-Xdn-Caching-Status
X-Moov-Xdn-Version
A
X-Old-Content-Length
X-Moov-T
X-Proxy-CacheRZ
Cache-Key
XkeyRZ
X-Newrelic-Synthetics
X-Tt-Logid
C-Via
X-APP
X-Via-Popv
X-Via-Popn
X-Via-Poph
X-HA-Backend
Server-ID
X-NewRelic-App-Data
X-B3-Parentspanid
X-Nananana
X-Dc
X-Parent-Response-Time
N1-Cache
X-CS
X-Action
X-Cdn-Forward
X-LiteSpeed-Cache-Control
X-LB-ID
X-Webkit-Csp-Report-Only
AMP-Access-Control-Allow-Source-Origin
X-Presslabs-Stats
Fastly-Drupal-Html
X-LiteSpeed-Tag
Proxy-Firewall
HostName
X-DynaTrace-JS-Agent
Location
X-Vercel-Id
X-Cache-VC
X-Thinkindot-L1
X-Vercel-Cache
X-Endurance-Cache-Level
X-Optimistic-Header
Cache-Hits
TWC-GeoIP-DMA
TWC-GeoIP-Region
X-Ua
TWC-GeoIP-City
X-Zone
X-CACHE-AGE
X-Srv
Sever-Int
Server-Ext
Server-Hostname
GeoIp-Country-Code
TP-L2-Cache
X-DataCenter
WP-Super-Cache
True-Client-Country-4JS
SID
X-API-Version
X-Litespeed-Cache-Control
Cdn
X-ApacheServer
X-Test
X-Fpc
X-PERF
X-Air-Pt
True-Client-IP
X-WA-Info
Is-Eu
Adler-Geo
X-Render-Time
X-Dispatcher-Number
Uri
True-Client-Ip
X-Nginx-Cache-Key
Resin-Trace
SEZNAM-JOBS-OFFER
WZWS-RAY
X-Uri
X-Datadome
X-Nitro-Cache
X-Ion-Healthy
X-Ssense-Gql
X-LJ-Flow-ID
X-AWS-Id
GeoIP-Country-Code
X-VWS-Id
X-Datacenter
X-Ion-Hop
RewriteTeamHook
X-Jungle-Id
RewriteTestHook
X-Varnish-Beresp-TTL
X-Ssense-Shipping-Surcharge-Enabled
Cache-Contol
X-CLOUD-TRACE-CONTEXT
X-SERVER-NAME
X-Service-Response-Time
Sm-Log-Id
X-Provided-By
Log-Origin
Tcn
Cmstype
My-App
T-Server
Cmsid
X-Geo-Header
X-Custom-Header
X-FPC
X-Dynatrace-Js-Agent
X-Pass-Why
X-Client-Ip
X-From
X-ND-Cache
X-Up
X-Stale
X-RateLimit-Limit
X-Srcache-Fetch-Status
X-Srcache-Store-Status
Srv
CacheControlHeader
X-Oracle-Dms-Rid
X-Udemy-Cache-App-Namespace
Hostname
X-Cache-Server
X-APP-VERSION
X-CMSURLCustom
Vc-Max-Age
Lb
Serverhost
S-Rt
Av-Poweredby
Server-Id
X-Debug-Service
Pics-Label
X-Fastly-Cache-Status
Cache-Tv-Group
X-TX-ID
Powered-By
X-Air-Source
X-Cdn-Cache-Status
X-App
X-Lb-Id
X-Air-Hostname
X-Air-Trace-Id
X-Vc
X-Via-PopH
X-Ha-Backend
X-Correlation-ID
X-Akamai-Pragma-Client-IP
Cf-Ipcountry
Vix-Hermes-Req-Id
X-Fastly-Backend-Reqs
X-Cache-TTL-Remaining
X-Via-PopN
X-Via-PopV
X-Cache-Ttl
X-Html-Minification-Powered-By
ServerHost
X-WA
X-NC
X-LAGOON
X-Fastly-Cache
Origin-Site
X-Oracle-DMS-ECID
X-Ckpd-Fst-Backend
X-XRDS-LOCATION
X-Esi
Epwk-X-Cache
X-SRCache-Key
NtCoent-Length
Xkeylog
X-Varnish-Hostname
Geoip-Latitude
Thinkindot-Control
On-Server
X-VCL-Version
X-Proxy-Cache-La3
Xkey-La3
Edge-Cache
Cloudfront-Viewer-Country
WWW-Authenticate
X-ServedByHost
WebServer
X-Requestid
X-Traceid
CountryCode
X-Ee-Request-Id
X-Ee-Request-Date
X-Ee-Origin
AKAMAI
X-Vary-Devices
X-PHP-Backend
Pragrma
X-Save-Cache
X-MSEdge-Features
X-Ee-Generated-By
Warning
X-MSEdge-Flight
X-Sucuri-Id
X-HS-Status
X-Amz-Meta-Opti
Store-Cloud-Cache
X-Cms-Device
Time-Cloud-Cache
X-Serial
X-Wp-Cf-Super-Cache
X-IAuth-Set-Uid
X-Wp-Cf-Super-Cache-Cache-Control
X-Akamai-Transformed
YJS-ID
X-Check-Cacheable
X-Region-Sid
X-Forwarded-Site
Ms-Author-Via
X-Rocket-Build-Number
X-Sigma
FSS-Cache
X-Sigma-Backend
X-Cdn-Request-ID
Reporter
X-VTEX-Cache-Backend-Header-Time
Machine
X-Pod
X-CSRF-TOKEN
X-Lb-Nocache
X-VTEX-Cache-Backend-Connect-Time
Yjs-Id
Magicmarker
X-Mg-Cache
X-Lsadc-Cache
Cl-Cache
X-Ms-Blob-Type
X-Orig-Cache-Control
X-Tncms-Bot-Tier
Cneonction
Timeexpire
X-Akamai-ERRuleID
X-Akamai-ERPolicy
X-Limited
X-Elasticpress-Query
Thinkindot-Cache-Type
X-Td-Header-From-No-Data
X-Dw-Trace-Id
X-Info
X-Ms-Lease-Status
X-BBC-Origin-Response-Status
X-Web-Server