Threat Level: green Handler on Duty: Jim Clausing

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
X-Frame-Options
Expires
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
Accept-Ranges
Expect-CT
CF-RAY
Pragma
X-Powered-By
X-XSS-Protection
X-Cache
Via
Age
Content-Security-Policy
Report-To
Alt-Svc
NEL
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Xss-Protection
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
X-Served-By
P3P
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Request-Id
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
CF-Ray
Content-Security-Policy-Report-Only
X-Runtime
X-DNS-Prefetch-Control
X-AspNet-Version
X-Drupal-Cache
X-Generator
Server-Timing
X-Cache-Status
P3p
X-Cacheable
X-Request-ID
X-Envoy-Upstream-Service-Time
Timing-Allow-Origin
X-FRAME-OPTIONS
X-Iinfo
X-Drupal-Dynamic-Cache
X-Check
Permissions-Policy
X-Content-Security-Policy
Access-Control-Expose-Headers
Feature-Policy
Upgrade
Content-Encoding
Status
X-CDN
X-Ua-Compatible
X-AspNetMvc-Version
Access-Control-Max-Age
Host-Header
Cf-Edge-Cache
Accept-CH
X-Robots-Tag
Request-Context
X-Amz-Request-Id
X-Amz-Id-2
X-Backend
X-Hacker
X-Turbo-Charged-By
X-Cache-Group
X-Proxy-Cache
Keep-Alive
Cf-Apo-Via
X-Via
X-Rq
EagleId
X-Age
X-Server
Accept-CH-Lifetime
X-UA-Device
X-Dispatcher
X-Vhost
X-Amz-Version-Id
X-AH-Environment
X-Dns-Prefetch-Control
X-Ws-Request-Id
X-Varnish-Cache
Grace
X-Server-Powered-By
X-Litespeed-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Allow
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Pingback
X-OneAgent-JS-Injection
X-WebKit-CSP
X-Cache-Lookup
Ali-Swift-Global-Savetime
X-Page-Speed
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Device
X-Backend-Server
EagleEye-TraceId
X-Akam-SW-Version
X-Host
X-Cloud-Trace-Context
X-Response-Time
Surrogate-Control
Cf-Railgun
X-Readtime
X-LiteSpeed-Cache
X-Node
X-HW
X-Server-Id
X-Ruxit-JS-Agent
Xkey
Request-Id
X-Country
X-Nginx-Cache-Status
X-Url
X-NWS-LOG-UUID
X-Application-Context
X-Content-Type
Cache-Tag
Content-Location
X-Nginx-Upstream-Cache-Status
X-Clacks-Overhead
Service-Worker-Allowed
X-Amz-Server-Side-Encryption
X-Trace
Cross-Origin-Opener-Policy
Fastly-Restarts
X-Times
X-Vname
X-PC
X-TtlSet
X-Rack-Cache
X-Midtier
X-Mcache
X-Edge
X-Country-Code
Rating
Surrogate-Key
X-Server-Name
X-Browser-Type
Display
X-Sol
X-Middleton-Display
Pagespeed
X-Cache-TTL
X-Cnection
X-Element-Page-Cache
X-Abt-Application-Version
X-Kinja
X-GoogleNews-Bot
X-Kinja-Build
X-Kinja-Server
X-Kinja-Revision
X-Exp-Variant
X-Exp-Id
X-ESI
X-Cdn-Fetch
X-Ser
Nginx-Cache
X-GitHub-Request-Id
X-Powered-By-Plesk
Edge-Control
X-Oneagent-Js-Injection
X-D2id
Verso
X-Ac
X-ARC
X-Vcap-Request-Id
X-Dw-Request-Base-Id
X-Client-IP
X-MS-InvokeApp
X-ORACLE-DMS-RID
X-Daa-Tunnel
Accept-Ch-Lifetime
X-Upstream
X-Navigation-Version
X-Amz-Rid
X-Goog-Hash
X-CST
X-Aspnet-Version
Response
X-Middleton-Response
X-Powered-CMS
X-B3-TraceId
X-PDP-UNCACHING-HASH
X-Erf-Bev-Bev-Is-Generated
X-Server-Lifecycle-Phase
X-Instrumentation
X-Kraken-Loop-Name
X-Ttl
X-Erf-Bev-Bev
X-Edge-Location-Klb
X-Kinsta-Cache
X-ECACHE
AR-PoweredBy
AR-ATIME
AR-SID
AR-Request-ID
X-Server-ID
X-Amzn-Trace-Id
X-Cache-Key
X-NF-Request-ID
X-Forwarded-For
X-Ua-Device
X-Mod-Pagespeed
RTSS
X-Wormhole-Sdk
X-Ratelimit-Limit
SPIisLatency
SPRequestDuration
Edge-Cache-Tag
Cache-Status
X-ORACLE-DMS-ECID
X-Version
AR-CACHE
X-FastCGI-Cache
X-Mg-S
Public-Key-Pins
X-Ratelimit-Remaining
X-Ruxit-Js-Agent
X-Ezoic-Cdn
S
Cross-Origin-Resource-Policy
Realpath
SPRequestGuid
X-SharePointHealthScore
X-MSEdge-Ref
X-Shield-Request-Id
Fastcgi-Cache
X-T
X-Content-Digest
X-Cached
X-Recruiting
X-Accel-Expires
Access-Control-Request-Method
Accept-Ch
X-Distributor
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
TP-Cache
X-Correlation-Id
Front-End-Https
Arr-Disable-Session-Affinity
X-Debug
X-Request-Processing-Time
X-Request-Received
Count-Hit
X-Id
X-Newrelic-App-Data
X-HS-Hub-Id
X-HS-Cache-Config
X-HS-Content-Id
X-Content-Security-Policy-Report-Only
Server-Node
X-Ua-Browser
MicrosoftSharePointTeamServices
X-LLID
X-VARITI-CCR
X-HS-Combine-CSS
X-Azure-Ref
X-Frontend
X-Varnish-TTL
X-Fastly-Request-ID
X-PressLabs-Stats
X-Cluster-Name
Cache-Tags
X-Ismobilevalue
X-Hits
Payment
X-Amz-Replication-Status
X-LB-Cache
X-Forwarded-Proto
X-GUploader-UploadID
X-Varnish-Backend
X-Goog-Metageneration
X-Varnish-Ttl
X-Request-Handler-Origin-Region
X-Microsite
X-Protected-By
X-Git-Hash
Filterid
X-FB-Debug
Cleartype
X-Logged-In
X-Unique-Id
X-Varnish-Server
Host
X-Www-Served-By
X-Activity-Id
X-Az
X-AppVersion
Content-Disposition
X-Ratelimit-Reset
X-App-Server
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-Hostname
X-NGENIX-Cache
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Jurisdiction
X-HP-Webp
X-HP-Trace-Id
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
X-DIS-Request-ID
X-Page-Id
X-TTL
Access-Control-Allow-Method
X-Fastcgi-Cache
X-Geo-Country
Origin-Trial
Retry-After
Pinterest-Version
X-Origin-Server
Pinterest-Generated-By
X-Pinterest-Rid
X-Load-Cache
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
X-Upgrade-Enabled
X-Goog-Storage-Class
X-RateLimit-Remaining
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Generation
MS-Author-Via
X-Nf-Request-Id
Accept-Charset
Akamai-GRN
Fastly-SIE
X-ASPNET-VERSION
Section-Io-Cache
Fastly-SWR
X-Fb-Rlafr
X-Template
Viewport
X-Type
X-TT
X-Cambria-Cache-Control
X-Cache-Control
X-B3-Sampled
Content-MD5
X-B
X-Grace
X-Content-Options
X-Ah-Environment
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
Version
Frame-Options
X-ECache
X-Request-Guid
X-SRCache-Fetch-Status
X-Trace-Id
X-SRCache-Store-Status
X-Revision
Amp-Access-Control-Allow-Source-Origin
X-Xrds-Location
X-Amz-Meta-S3cmd-Attrs
X-Vcl-Version
Healthy
X-Envoy-Decorator-Operation
TCN
X-Origin-Cache
X-Magnolia-Registration
X-Contextid
X-Device-Type
X-Cdn
X-Source
X-WP-CF-Super-Cache-Active
X-Fastly-Request-Id
X-CSRF-Token
X-Cache-Age
X-Webkit-CSP
DC
Server-Name
X-Rid
X-Aspnetmvc-Version
X-Backend-Name
X-Tec-Api-Root
X-Tec-Api-Origin
X-Mobile
X-Tec-Api-Version
X-Proxy
X-Px
X-Varnish-Grace
X-Seen-By
X-Tumblr-Pixel-1
X-RemovedCookies
X-ProcessESI
X-App-Environment
X-RM-Cache-TTL
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Tumblr-User
X-Framework
Access-Control-Request-Headers
X-Mg-Request-UUID
X-Debug-Info
X-Status
X-Storage
X-Rule
X-HTML-Minification-Powered-By
X-Cacheable-TTL
X-Content-Powered-By
X-FW-Serve
X-Proxy-Cache-Info
X-Region
X-NYM-Debug-Backend
X-Node-Name
X-FW-Hash
X-FW-Dynamic
X-Environment-Context
X-L-Path
X-FW-Server
X-FW-Static
X-Instance
X-Adobe-Content
SD-X-WS
NGB
X-G
X-Adobe-Loc
X-FW-Type
X-UUID
X-FW-Version
Cross-Origin-Window-Policy
X-Language
MS-CV
Ms-Operation-Id
X-Akamai-Edgescape
X-Rendered-As
X-Debug-IsConnected
GEO-INFO
X-Is-Bot
X-Debug-IsPreview
X-RTag
X-ServerID
Paypal-Debug-Id
X-Yottaa-Optimizations
X-Datadog-Sampled
X-Yottaa-Metrics
X-Datadog-Trace-Id
X-Buckets
X-Datadog-Parent-Id
X-Datadog-Sampling-Priority
X-User-Agent
X-Webkit-Csp
X-CLOUD-TRACE-CONTEXT
X-EdgeConnect-Cache-Status
Webserver
Upgrade-Insecure-Requests
Countrycode
X-Cache-Time
Front
Charset
Protected
X-WebKit-CSP-Report-Only
X-B3-Traceid
Trailer
X-Whom
X-Edge-Location
X-TT-LOGID
X-Lambda-Id
OT-Force-Account-Verify
X-VC
X-N
Refresh
X-IPS-LoggedIn
Section-Io-Id
Priority
X-Cache-Status-Check
X-Akamai-Request-ID2
Country
X-AB
X-VHOST
X-HS-Prerendered
X-Time
X-Reqid
X-Hcs-Proxy-Type
X-CCDN-CacheTTL
X-Amzn-Remapped-Content-Length
X-CCDN-Origin-Time
Backend
X-Hl-Ver
Xet-Cookie
X-WP-CF-Super-Cache-Cookies-Bypass
Alternate-Protocol
Liferay-Portal
X-B3-SpanId
X-Via-JSL
VIX-Pulpo-Node
X-Server-W
X-Wix-Request-Id
X-Mode
VIX-Pulpo-Upstream-Status
Onion-Location
Meta-Geo
Fastcgi-Useragent
X-UPSTREAM-Address
X-Tumblr-Pixel-2
From-Origin
X-Fetched-On
X-Auth-Group-Type
X-Skip-Cache
Filters
X-Accel-Version
X-Tb
X-FB-TRIP-ID
ServerID
X-VC-Cache
X-Origin-Date
X-Web-Node
X-SaId
X-Rewrite-Enabled
X-Frame-Option
X-JoinUs
X-Rn-Rsrv
X-Scope-Id
Webcakes-Region
X-IPLB-Request-ID
X-R9-Blue-Green-Version
X-IPLB-Instance
Accept-Language
X-ProxyCache-Key
X-Hosted-By
X-Response-Served-From
Environment
X-Cache-Host
Webcakes-App-Version
X-Cache-Expired-At
X-BYPASS-REASON
Uber-Trace-Id
X-Origin-Hint
TWC-Connection-Speed
Property-Id
X-Real-IP
Expiry
Atl-Traceid
TWC-Device-Class
TWC-GeoIP-Country
TWC-Privacy
X-Original-Request-Id
TWC-Locale-Group
TWC-GeoIP-LatLong
X-Logging-Id
X-ProxyCache-Status
Webcakes-App-Name
X-Redis-Cache
X-Connection-Hash
X-Format
X-Webstats-RespID
X-Director
X-Varnish-Age
X-SayCDN-TTL
X-Generated-By
X-Restarts
X-Say-Cacheable
X-Request-URI
X-Cluster-Node
X-Say-TTL
X-Served-From
Web-Mar-Node
X-Varnish-Beresp-Grace
X-Loop
Mn-Server-Ip
X-Vcache
X-Tncms
X-Soup
X-Forwarded-Host
X-Varnish-Cache-Hits
X-Httpd
X-Adobe-Source
X-Cache-Action
X-Cms-Context
X-Handled-By
X-DataDome
SRV
X-Proxy-Build
X-Labrador-Cache-Channel
Cross-Origin-Embedder-Policy-Report-Only
Apigw-Requestid
X-PHP-Host
X-Timing-Wait
Selected-Fe
X-Proxied
DB-Nickname
X-Extlb
X-Detected-As
X-Cloudmap
X-Routing-Service
X-Servername
X-Zipkin-Id
X-S
X-Cluster
ServedBy
Url
X-XRDS-LOCATION
X-Origin
X-Origin-TTL
LB
X-Origin-CC
Referer-Policy
X-SRV
X-LSADC-Cache
Xserver
X-Lagoon
N-Cache
X-Rocket-Nginx-Serving-Static
X-Hit
CF-IPCountry
X-RID
X-Nginx-Cache
X-Xfnlog-Site
X-XRDS-Location
Cross-Origin-Embedder-Policy
X-Ms-Version
X-NWS-UUID-VERIFY
X-TraceId
X-Ms-Request-Id
CDN-RequestId
X-Tumblr-Pixel-3
X-Upstream-Ct
X-DynaTrace
X-Upstream-Ht
X-UA
Source
X-VCT
X-Cache-Debug
X-RCS-CacheZone
X-Proxy-Cache-Status
X-Azure-Ref-OriginShield
X-RateLimit-Limit
WPO-Cache-Status
WPO-Cache-Message
Surrogated-Key
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Worker
X-F-Cache
X-Signature
X-FTR-Request-ID
X-B-Cache
X-No-Session
X-Is-Supported-Browser
X-Is-Desktop
X-Geo-Region
X-Browser-Name
X-Tcp-Rtt
X-Is-Tablet
X-Is-Mobile
X-Sucuri-Cache
Locale
Node
X-Urbn-Context-Path
X-Cdn-Origin
X-Urbn-Site-Id
X-Generation-Time
X-NGINX-Cache
X-Shopify-Stage
X-ShardId
X-ShopId
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-Drupal-Cache-Tags
X-Alternate-Cache-Key
X-Drupal-Cache-Contexts
X-Sucuri-ID
X-Storefront-Renderer-Rendered
AMP-Access-Control-Allow-Source-Origin
X-Cdn-Forward
X-NODE
X-App-Version
X-Locale
X-Tx-Id
X-Site-Version
TP-L2-Cache
X-Cache-Operation
X-Cache-Rule
X-MP-GENERATED-AT
X-A
Azure-SiteName
We-Hiring
X-AK-Request-ID
Azure-RegionName
X-A-Dam
X-Aed
X-A-Dgt
X-A-Dcw
Azure-InstanceId
X-Aicache-OS
X-A-Ccd
Meta-Geo-Continent
Gannett-Cam-Experience-Id
Fastly-GeoIP-CountryCode
Host-ID
Lang
Candidate-Md5Url
Mail-Subject
Fastly-Backend-Name
Expect-Staple
DCR-Decision-By
Content-Secure-Policy
DCR-Processing-Time-Ms
Cdnsip
Cdncip
BehaviorPad-Version
X-Amz-Storage-Class
Redirect-Candidate
Producers
Rendered-Blocks
Sslversion
Thinkindot-CacheControl
TDXMobile
Origin-Agent-Cluster
Odigeo-Trace-Id
MD5-Digest
Azure-Version
Cluster
Ngx.Var.Host
Azure-SlotName
Thinkindot-CacheControl-Type
X-DefElseHash
X-Platform-Server
X-PAYTM-SRV-ID
X-Proto
X-Proxied-Request
X-Request-Time
X-Proxy-CacheRZ
X-Path
X-Origin-Time
X-Mvc-Supplant-OutputCached
X-Mvc-Supplant-Cachable
X-Nyt-Route
X-Org
X-Origin-Response-Time
X-Origin-Expires
X-Rojux
X-Scheme
X-Vmg-Version
X-Vdms-Version
X-Vtex-Remote-Cache
X-We-Are-Hiring
XkeyRZ
Xc-Version
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
X-Shield-Cache-Expires
X-ScT
X-Thinkindot-L3
X-TIM-N
X-Varnish-CookieHashed-On
X-Varnish-Authentication
X-Mly-Id
X-Loc
X-D
X-Contensis-Viewer-Groups
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-DefHash
A
X-Conf
X-Cache-NE
X-Bc-Bl
X-Backend-Instance
X-BCube-Filmed-By
X-Bug-Bounty
X-Cache-Info
X-Cache-Aspx
X-Depends
X-Developer
X-GeoIP-City
X-GeoIP
X-Ig-Origin-Region
X-Ig-Push-State
X-Internal-TTL
X-INCAP-ABP
X-GeoCountry
X-GeoCode
X-Ec-Fail
X-DPWN-IS-SECURE
X-Ec-GeoHdr
X-Epic-Correlation-Id
X-Gdpr
X-FC-Vary-Parameters
X-App-Name
X-A-Wwc
X-Service
Ohc-File-Size
X-ElasticPress-Query
Cross-Origin-Opener-Policy-Report-Only
X-Optimistic-Header
Cache
Mime-Version
X-BBC-Edge-Cache-Status
X-Cache-Bucket
X-B3-Trace-ID
X-Bl-Debug
X-Amz-Meta-Cb-Modifiedtime
X-Acquia-Purge-Cdn-Unconfigured
X-Akamai-Device-Characteristics
X-Cache-Grace
X-Auto-Login
X-CGP
X-Date
X-Ec-Custom-Error
X-Edge-Server
X-Eu-Site
X-Csrf-Jwt
X-Core-Value
X-Access
X-Clientip
X-Content-Age
X-CacheTTL
Wxu-Next-Region
Tube-Get-Contents
Tube-Got-Eval
Tube-Got-Results
RNT-Time
RNT-Machine
Product
Release
Req-Svc-Chain
Tube-Return
User-Agent
Wxu-Next-Commit
Wxu-Next-Hostname
X-Fastly-Backend
Web-Mar-Region
X-Pad
Yak-Timeinfo
V-Age
W
X-Accel-Expires-Debug
X-Fmm-Version
X-Sn-Servicetimems
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Tb-Optimization-Total-Bytes-Saved
X-Slack-Shared-Secret-Outcome
X-Slack-Backend
X-SB
X-SD-PageType
X-Section
X-UA-Device-Type
X-V-Cache
X-Varnishpool
X-VG-WebCache
X-Via-Fastly
X-VarnishDD-TTL
X-Wikidot-Backend
X-Var-Ttl
X-Wikidot-Static-Cache
X-Varnish-Director
X-Req
X-Pool
X-GoCache-CacheStatus
X-Hash
X-HN
X-GeoIP-Region-Code
X-GeoIP-Country-Code
X-Gamma-Serve
X-Generated-On
Platform
X-HS-Content-Campaign-Id
X-Human
X-Node-Id
X-Op-Id-All
X-Policy
X-Micro-Cache
X-Location
Sid
X-Jobs
X-Level-Front-Cache
X-Viewer-Country
X-Cached-By
Click-Count-Action-Start
Click-Count-Error
Content-Script-Type
NGX
HA-Ipaddr
Cdn-Host
Origin
Content-Style-Type
Debug
Gh-Request-Id
Ha-Gx-Prefs
Esi-Enabled
L
DSUID
L5d-Success-Class
Canary
Cdn-Request-Time
Apple-News-Services-Host
Cache-Key
PFcat
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Origin-CC
Origin-EX
Cache-Provider
Apple-News-Services-Handled
Country-Code
X-Block-Status
X-Esi-Check
X-VTEX-Cache-Server
X-Bip
X-VTEX-Cache-Time
X-Gzip
X-Newrelic-Synthetics
X-Cache-Id
X-VG-TLSProxy
Fastly-SSL
X-Varnish-Beresp-Status
X-Cdn-Srv
X-Dispatcher-Server
X-CUA
X-Content-Length
X-Hnp-Log
X-Pubstack
X-Powered-By-VTEX-Cache
CDN-EdgeStorageId
X-Platform
CDN-CachedAt
X-Request-Host
X-SIPLIST1
CDCHOST
CDN-Cache
CDN-PullZone
X-NodeID
CDN-RequestPullCode
X-Cache-Hit
CDN-RequestPullSuccess
CDN-Uid
X-Men
CDN-RequestCountryCode
X-Thanos
X-NMSegId
X-Dc
X-Server-IP
X-Gen-Mode
User-Cache-Control
NM-Fastcgi-Cache
Ssr
IsBot
Server-Host
ServerName
Pramga
X-Cache-FS-Status
X-Varnish-Beresp-Ttl
X-Api-Version
XM
X-LiteSpeed-Tag
X-Irp-Debug
X-AB-Test
Req-ID
X-Request-Start
Akamai-Mon-Iucid-Del
X-HOST
X-ORCA-Accelerator
X-Varnish-Hits
Fl-Custom-Application
X-Air-Pt
X-URL
X-AWS-Id
X-VWS-Id
X-LJ-Flow-ID
X-CACHE-GROUP
True-Client-Country-4JS
X-Cs
X-Provided-By
X-GEO
X-LB-NoCache
X-HS-CF-Cache-Status
X-Nananana
X-LiteSpeed-Cache-Control
X-APP
X-VServer
Server-Ext
X-TA-CDN-Provider
X-RequestId
GeoIP-Latitude
Sever-Int
Server-Hostname
X-Test
C-Via
Proxy-Firewall
X-B3-Spanid
Edge-Copy-Time
Fastly-Drupal-Html
X-Via-Edge
X-Via-CDN
X-HITS
Adler-Geo
X-B3-Parentspanid
Is-Eu
X-Geolocation
CloudFront-Viewer-Country
X-Via-SSL
X-Cache-Date
X-Servedbyhost
X-Refresh
X-S-Cookie
X-Destination
X-External-Request-Id
X-Nginx-Cache-Key
X-IsAdmin
X-Application
X-Dispatcher-Number
S-Rt
X-B-Cookie
X-Endurance-Cache-Level
X-ZONE
X-Zen-Fury
X-Via-Popn
WZWS-RAY
X-HA-Backend
X-Via-Popv
Fastly-Drupal-HTML
Cache-Tv-Group
X-Zone
X-Via-Poph
X-DC
X-Nc
X-LB-ID
T-Server
X-User
X-Wa
X-Geo-Header
X-Litespeed-Tag
X-Custom-Header
X-DynaTrace-JS-Agent
X-Pass-Why
GeoIp-Country-Code
X-ND-Cache
X-CS
X-Webkit-Csp-Report-Only
HostName
Cdn-Requestid
X-Tt-Logid
X-Presslabs-Stats
X-NewRelic-App-Data
Cdn
X-CDN-Forward
X-Cache-Server
Server-ID
X-COUNTRY
X-Oracle-Dms-Ecid
X-AIR-PT
X-CMSURLCustom
Vc-Max-Age
X-HubSpot-Correlation-Id
Ohc-Cache-HIT
X-Parent-Response-Time
True-Client-IP
X-VC-TTL
X-CACHE-AGE
X-Srv
X-Varnish-Beresp-TTL
X-Vgn-Hpd-Reason
X-DataCenter
X-TH-Server
WP-Super-Cache
Resin-Trace
SID
X-Moov-T
Powered-By
Vix-Hermes-Req-Id
X-Moov-Xdn-Version
X-Fpc
X-Moov-Xdn-Caching-Status
Uri
X-API-Version
X-Ckpd-Fst-Backend
Srv
X-Fastly-Cache
Pics-Label
X-Old-Content-Length
X-APP-VERSION
SEZNAM-JOBS-OFFER
On-Server
X-FPC
X-Datadome
X-Srcache-Store-Status
X-Srcache-Fetch-Status
X-TX-ID
Thinkindot-Control
True-Client-Ip
X-Vercel-Cache
X-Vercel-Id
ServerHost
X-SERVER-NAME
AKAMAI
Serverhost
Server-Id
X-Amz-Meta-Opti
X-Cache-TTL-Remaining
X-Air-Hostname
X-Air-Source
X-Air-Trace-Id
X-Action
Location
X-Cache-VC
X-PHP-Backend
X-Thinkindot-L1
X-Client-Ip
GeoIP-Country-Code
X-Stale
X-Dynatrace-Js-Agent
Hostname
N1-Cache
X-Oracle-Dms-Rid
Magicmarker
Cl-Cache
X-Litespeed-Cache-Control
X-Info
X-Country-Code-Real
X-FTR-Backend
X-FTR-Cache-Status
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-Expires
X-WA
Av-Poweredby
X-NC
X-Cdn-Cache-Status
X-Debug-Service
X-V
X-Lb-Id
Xkey-La3
Xkeylog
X-Datacenter
X-Fastly-Cache-Status
X-Proxy-Cache-La3
X-Fastly-Backend-Reqs
X-ApacheServer
X-PERF
X-IAuth-Set-Uid
X-CDN-Cache-Status
Tcn
X-Resp-Is-Stale
CDN
X-Vc
X-Ssense-Shipping-Surcharge-Enabled
X-Service-Response-Time
X-Ssense-Gql
Sm-Log-Id
X-Vary-Devices
X-Save-Cache
X-Ee-Request-Id
X-Ee-Origin
X-Ee-Request-Date
X-Via-PopV
X-Eligible
X-WA-Info
X-VTEX-Cache-Backend-Header-Time
X-Ee-Generated-By
X-Ha-Backend
X-Via-PopH
X-Udemy-Cache-App-Namespace
X-Geo
X-Via-PopN
X-Nitro-Cache
X-VTEX-Cache-Backend-Connect-Time
X-Rollout
X-Cms-Device
X-Render-Time
Time-Cloud-Cache
Store-Cloud-Cache
X-New
X-Cache-Ttl
TWC-GeoIP-Region
X-ServedByHost
Cloudfront-Viewer-Country
X-Github-Request-Id
X-Uri
X-Oracle-DMS-ECID
TWC-GeoIP-DMA
TWC-GeoIP-City
X-Limited
Machine
X-Region-Sid
X-Forwarded-Site
Cache-Hits
X-Esi
Server-Info
X-App
RewriteTeamHook
Log-Origin
X-Ion-Hop
Geoip-Latitude
X-Lb-Nocache
X-VCL-Version
Cache-Contol
X-Ion-Healthy
RewriteTestHook
X-Jungle-Id
X-Container-Uri
X-Git-Commit
Cneonction
WWW-Authenticate
Cmsid
WebServer
X-Ftr-Request-Id
X-MSEdge-Features
X-MSEdge-Flight
X-Akamai-Pragma-Client-IP
X-EC-Lua
X-Ua
Edge-Cache
My-App
X-Traceid
Cmstype
CountryCode
X-Correlation-ID
Pragrma
X-Varnish-Hostname
X-SRCache-Key
Cf-Ipcountry
X-Dw-Trace-Id
X-Requestid
X-From
X-LAGOON
Permission-Policy
X-HS-Status
Reporter
X-Serial
X-Acquia-Application-UUID
X-Acquia-Purge-Tags
X-Acquia-Application-Trace
X-Up
X-Cdn-Request-ID
Lb
FSS-Cache
X-Acquia-Site
PICS-Label
X-Check-Cacheable
X-Pod
X-Akamai-Transformed
X-Sucuri-Id
X-Elasticpress-Query
X-CSRF-TOKEN
X-BBC-Origin-Response-Status
CacheControlHeader
X-Ramcache
X-Platform-Processor
X-Platform-Router
X-Platform-Cluster
CF-Cached-On
X-Fastly-Cache-Hits
X-Web-Server
X-Ms-Blob-Type
X-Ms-Lease-Status
X-Akamai-ERPolicy
X-Akamai-ERRuleID
Warning
Timeexpire
X-Tncms-Bot-Tier
NtCoent-Length
X-Orig-Cache-Control