Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
X-Frame-Options
Expires
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
Accept-Ranges
Expect-CT
CF-RAY
Pragma
X-Powered-By
X-Cache
Via
Age
X-XSS-Protection
Content-Security-Policy
Report-To
Alt-Svc
NEL
Referrer-Policy
Access-Control-Allow-Origin
X-Xss-Protection
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
X-Served-By
P3P
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
CF-Ray
Content-Security-Policy-Report-Only
X-Runtime
X-DNS-Prefetch-Control
P3p
X-AspNet-Version
X-Drupal-Cache
Server-Timing
X-Generator
X-Cache-Status
X-Cacheable
X-Envoy-Upstream-Service-Time
Timing-Allow-Origin
X-Request-ID
X-FRAME-OPTIONS
X-Iinfo
X-Drupal-Dynamic-Cache
Accept-CH
Permissions-Policy
X-Content-Security-Policy
Access-Control-Expose-Headers
Feature-Policy
X-Check
Upgrade
Content-Encoding
Status
X-CDN
X-Ua-Compatible
X-AspNetMvc-Version
Access-Control-Max-Age
Host-Header
Cf-Edge-Cache
X-Robots-Tag
Request-Context
X-Amz-Request-Id
X-Amz-Id-2
X-Backend
X-Hacker
X-Turbo-Charged-By
Cf-Apo-Via
X-Cache-Group
X-Proxy-Cache
Keep-Alive
X-Via
X-Rq
X-Age
EagleId
X-Server
X-Dispatcher
X-UA-Device
X-Vhost
X-Amz-Version-Id
X-AH-Environment
Accept-CH-Lifetime
X-Ws-Request-Id
X-Dns-Prefetch-Control
X-Varnish-Cache
Grace
X-Server-Powered-By
X-Litespeed-Cache
X-WebKit-CSP
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Pingback
Allow
X-Swift-CacheTime
X-Swift-SaveTime
X-OneAgent-JS-Injection
X-Cache-Lookup
Ali-Swift-Global-Savetime
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Page-Speed
X-Cloud-Trace-Context
X-Device
X-Backend-Server
EagleEye-TraceId
X-Akam-SW-Version
X-Host
Surrogate-Control
X-Response-Time
Xkey
Cf-Railgun
X-Readtime
X-Server-Id
X-Node
X-HW
X-Ruxit-JS-Agent
X-LiteSpeed-Cache
Request-Id
X-Country
X-Url
X-Nginx-Cache-Status
X-Content-Type
Cache-Tag
X-NWS-LOG-UUID
X-Application-Context
Content-Location
X-Nginx-Upstream-Cache-Status
X-Clacks-Overhead
Service-Worker-Allowed
X-Trace
X-Amz-Server-Side-Encryption
Cross-Origin-Opener-Policy
Fastly-Restarts
X-Times
X-Country-Code
X-Rack-Cache
X-PC
X-TtlSet
X-Vname
X-Mcache
X-Edge
X-Midtier
Rating
Surrogate-Key
X-Server-Name
X-Browser-Type
X-Sol
Display
Pagespeed
X-Middleton-Display
X-Cache-TTL
X-Cnection
X-Element-Page-Cache
X-Abt-Application-Version
X-Kinja-Server
X-Kinja-Revision
X-Exp-Variant
X-Exp-Id
X-Kinja
X-GoogleNews-Bot
X-Kinja-Build
X-Cdn-Fetch
X-ESI
Nginx-Cache
X-Ser
X-Powered-By-Plesk
X-GitHub-Request-Id
X-Oneagent-Js-Injection
Edge-Control
X-D2id
Verso
X-Ac
X-Vcap-Request-Id
X-MS-InvokeApp
X-Dw-Request-Base-Id
X-ECACHE
X-ARC
X-Client-IP
X-ORACLE-DMS-RID
X-Amz-Rid
X-Middleton-Response
Response
X-CST
X-Daa-Tunnel
X-Goog-Hash
X-Navigation-Version
X-Powered-CMS
X-Upstream
X-B3-TraceId
X-Erf-Bev-Bev-Is-Generated
X-Instrumentation
X-PDP-UNCACHING-HASH
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
X-Erf-Bev-Bev
X-Edge-Location-Klb
X-Kinsta-Cache
X-Amzn-Trace-Id
X-Forwarded-For
X-Wormhole-Sdk
X-Cache-Key
Accept-Ch-Lifetime
AR-Request-ID
X-Ua-Device
AR-ATIME
X-Ratelimit-Limit
AR-PoweredBy
AR-SID
RTSS
SPIisLatency
X-Ttl
SPRequestDuration
X-NF-Request-ID
X-Mod-Pagespeed
Edge-Cache-Tag
X-FastCGI-Cache
Cache-Status
X-Ratelimit-Remaining
X-ORACLE-DMS-ECID
X-Server-ID
X-Version
Public-Key-Pins
X-Mg-S
AR-CACHE
X-Ruxit-Js-Agent
X-Ezoic-Cdn
X-Content-Digest
Cross-Origin-Resource-Policy
X-SharePointHealthScore
SPRequestGuid
Realpath
S
X-Shield-Request-Id
X-MSEdge-Ref
X-T
Fastcgi-Cache
X-Cached
X-Recruiting
X-Accel-Expires
X-Varnish-TTL
X-Fastly-Request-ID
X-Distributor
Front-End-Https
Access-Control-Request-Method
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Newrelic-App-Data
TP-Cache
X-Debug
X-Correlation-Id
Count-Hit
Arr-Disable-Session-Affinity
X-Request-Processing-Time
X-Request-Received
X-Id
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Cache-Config
MicrosoftSharePointTeamServices
X-Azure-Ref
Server-Node
X-Ua-Browser
X-Content-Security-Policy-Report-Only
X-LLID
X-VARITI-CCR
X-HS-Combine-CSS
X-PressLabs-Stats
X-Frontend
X-Cluster-Name
Cache-Tags
X-Ismobilevalue
X-TTL
X-Hits
Payment
X-GUploader-UploadID
X-Amz-Replication-Status
Origin-Trial
X-LB-Cache
X-Varnish-Backend
X-Goog-Metageneration
Accept-Ch
X-Protected-By
X-Forwarded-Proto
X-Microsite
X-Request-Handler-Origin-Region
Cleartype
X-Git-Hash
X-FB-Debug
Host
X-Unique-Id
X-Logged-In
Filterid
Pinterest-Version
X-Az
X-Pinterest-Rid
X-Www-Served-By
X-Varnish-Server
X-AppVersion
Pinterest-Generated-By
Content-Disposition
X-Activity-Id
X-Ratelimit-Reset
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Nf-Request-Id
X-Hostname
X-App-Server
X-NGENIX-Cache
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Page-Id
X-HP-Webp
X-HP-Trace-Id
X-DIS-Request-ID
X-Jurisdiction
X-Geo-Country
Mrf-Cache-Status
X-B3-TraceId-Primal
X-Fastcgi-Cache
X-Cambria-Cache-Control
MRF-Tech
Access-Control-Allow-Method
X-Xrds-Location
Akamai-GRN
X-Load-Cache
X-Origin-Server
X-Varnish-Ttl
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
Retry-After
X-Template
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Goog-Generation
X-Upgrade-Enabled
X-Aspnet-Version
MS-Author-Via
Fastly-SWR
Accept-Charset
Fastly-SIE
X-ASPNET-VERSION
Section-Io-Cache
Viewport
X-Type
X-TT
X-Fb-Rlafr
Frame-Options
X-TEC-API-ORIGIN
X-Content-Options
X-TEC-API-VERSION
X-Cache-Control
X-TEC-API-ROOT
X-B3-Sampled
Version
X-Grace
X-B
X-Ah-Environment
Content-MD5
X-RateLimit-Remaining
Amp-Access-Control-Allow-Source-Origin
X-Request-Guid
X-Trace-Id
X-Revision
X-SRCache-Store-Status
X-Vcl-Version
X-Envoy-Decorator-Operation
X-SRCache-Fetch-Status
X-Rid
Healthy
X-Device-Type
X-Source
X-Magnolia-Registration
X-Origin-Cache
X-Cdn
X-Amz-Meta-S3cmd-Attrs
X-Cache-Age
Server-Name
X-Contextid
X-CSRF-Token
X-WP-CF-Super-Cache-Active
X-Px
X-Language
X-Mobile
X-Webkit-CSP
X-Backend-Name
X-Aspnetmvc-Version
TCN
X-Buckets
X-Tec-Api-Root
X-Tec-Api-Origin
X-Tec-Api-Version
X-Proxy
X-Tumblr-Pixel-1
X-Akamai-Edgescape
X-Tumblr-Pixel-0
X-App-Environment
DC
X-Tumblr-Pixel
X-Tumblr-User
X-RemovedCookies
X-RM-Cache-TTL
X-ProcessESI
X-Mg-Request-UUID
X-Debug-Info
X-Storage
X-Varnish-Grace
X-Status
X-Framework
Access-Control-Request-Headers
X-Rule
Trailer
X-L-Path
X-Environment-Context
X-Debug-IsConnected
X-Debug-IsPreview
X-Node-Name
SD-X-WS
X-NYM-Debug-Backend
X-Content-Powered-By
X-Cacheable-TTL
X-FW-Static
X-G
X-Region
X-Instance
NGB
X-Adobe-Content
X-Proxy-Cache-Info
X-FW-Hash
X-FW-Serve
X-Adobe-Loc
X-UUID
X-FTR-Request-ID
X-FW-Dynamic
X-FW-Server
X-ServerID
X-FW-Type
Cross-Origin-Window-Policy
X-HTML-Minification-Powered-By
X-FW-Version
X-Datadog-Sampled
X-Datadog-Sampling-Priority
X-Datadog-Parent-Id
X-Is-Bot
GEO-INFO
X-RTag
X-Datadog-Trace-Id
X-Seen-By
MS-CV
X-Rendered-As
Ms-Operation-Id
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-EdgeConnect-Cache-Status
X-Cache-Time
Paypal-Debug-Id
Upgrade-Insecure-Requests
X-User-Agent
X-ECache
Charset
Countrycode
Webserver
Protected
X-HS-Prerendered
X-Edge-Location
X-Whom
Front
OT-Force-Account-Verify
X-B3-Traceid
X-Lambda-Id
X-WebKit-CSP-Report-Only
X-TT-LOGID
Refresh
X-Fastly-Request-Id
Section-Io-Id
X-VC
X-TraceId
X-IPS-LoggedIn
X-N
X-Akamai-Request-ID2
X-Cache-Status-Check
X-Reqid
Priority
X-AB
X-VHOST
X-Amzn-Remapped-Content-Length
X-Time
Country
Alternate-Protocol
X-Response-Served-From
Cross-Origin-Embedder-Policy-Report-Only
Backend
X-Original-Request-Id
X-WP-CF-Super-Cache-Cookies-Bypass
X-Server-W
Xet-Cookie
X-Hl-Ver
X-Hcs-Proxy-Type
X-CCDN-CacheTTL
X-CCDN-Origin-Time
Liferay-Portal
SRV
X-Real-IP
X-Mode
X-B3-SpanId
Onion-Location
X-Accel-Version
X-Frame-Option
X-FB-TRIP-ID
X-Tumblr-Pixel-2
X-UPSTREAM-Address
X-SaId
Filters
Fastcgi-Useragent
From-Origin
Meta-Geo
ServerID
X-Rewrite-Enabled
X-Rn-Rsrv
X-Skip-Cache
X-Cache-Host
X-Tb
X-Scope-Id
X-Auth-Group-Type
Environment
X-Fetched-On
X-JoinUs
X-VC-Cache
X-Web-Node
X-Origin-Date
Accept-Language
X-SayCDN-TTL
X-Cache-Action
Property-Id
TWC-Connection-Speed
X-R9-Blue-Green-Version
TWC-GeoIP-Country
TWC-GeoIP-LatLong
X-Cluster-Node
TWC-Device-Class
X-Redis-Cache
X-Origin-TTL
X-Say-Cacheable
X-Request-URI
Atl-Traceid
X-ProxyCache-Status
Expiry
X-Varnish-Age
X-Restarts
X-Varnish-Cache-Hits
X-Webstats-RespID
TWC-Locale-Group
X-Logging-Id
X-BYPASS-REASON
X-ProxyCache-Key
X-Say-TTL
X-Origin-CC
X-IPLB-Instance
X-Origin-Hint
X-Hosted-By
Webcakes-Region
TWC-Privacy
X-Cache-Expired-At
X-Director
X-IPLB-Request-ID
Uber-Trace-Id
X-Format
Webcakes-App-Version
X-Connection-Hash
Webcakes-App-Name
Mn-Server-Ip
X-PHP-Host
X-Varnish-Beresp-Grace
X-Handled-By
X-Served-From
X-Loop
X-Forwarded-Host
DB-Nickname
X-Soup
X-Tncms
X-Labrador-Cache-Channel
Web-Mar-Node
X-Cms-Context
X-Httpd
Apigw-Requestid
X-Vcache
X-Adobe-Source
ServedBy
Selected-Fe
X-Cluster
VIX-Pulpo-Node
X-Timing-Wait
X-Proxy-Build
X-Wix-Request-Id
VIX-Pulpo-Upstream-Status
X-Zipkin-Id
X-Extlb
X-Cloudmap
X-Detected-As
Url
X-Origin
X-Servername
X-Routing-Service
X-S
X-Proxied
X-Generated-By
X-LSADC-Cache
X-SRV
X-Rocket-Nginx-Serving-Static
Referer-Policy
Cross-Origin-Embedder-Policy
X-Lagoon
X-Via-JSL
N-Cache
X-DynaTrace
X-Hit
X-DataDome
Xserver
X-Ms-Request-Id
X-Ms-Version
X-Nginx-Cache
X-Tumblr-Pixel-3
X-XRDS-Location
LB
X-Xfnlog-Site
WPO-Cache-Status
X-Webkit-Csp
WPO-Cache-Message
X-Azure-Ref-OriginShield
X-NWS-UUID-VERIFY
Source
CF-IPCountry
Surrogated-Key
X-RateLimit-Limit-Second
X-Worker
X-VCT
X-RateLimit-Remaining-Second
X-Cache-Debug
X-Proxy-Cache-Status
X-RCS-CacheZone
X-Upstream-Ht
X-Upstream-Ct
X-UA
X-Generation-Time
X-Sucuri-Cache
CDN-RequestId
X-Is-Mobile
X-Is-Tablet
X-Browser-Name
X-Tcp-Rtt
X-Is-Supported-Browser
X-Is-Desktop
X-Geo-Region
X-App-Version
X-F-Cache
X-Urbn-Site-Id
X-Urbn-Context-Path
X-No-Session
Node
X-Cdn-Origin
Locale
X-Signature
X-Drupal-Cache-Contexts
X-Drupal-Cache-Tags
X-Sucuri-ID
X-B-Cache
X-NGINX-Cache
X-RID
Cross-Origin-Opener-Policy-Report-Only
Ohc-File-Size
X-CLOUD-TRACE-CONTEXT
X-XRDS-LOCATION
X-RateLimit-Limit
AMP-Access-Control-Allow-Source-Origin
X-MP-GENERATED-AT
X-Shopify-Stage
X-ShopId
X-Sorting-Hat-PodId
X-Storefront-Renderer-Rendered
X-Sorting-Hat-ShopId
X-ShardId
X-NODE
X-Alternate-Cache-Key
X-Tx-Id
X-Service
X-ElasticPress-Query
X-Locale
X-Cache-Rule
X-Cache-Operation
Rendered-Blocks
X-Vtex-Remote-Cache
X-Varnish-Remaining-TTL
X-Vdms-Version
Origin-Agent-Cluster
X-A-Dcw
Producers
Redirect-Candidate
Sslversion
Thinkindot-CacheControl
X-TIM-N
Thinkindot-CacheControl-Type
X-Varnish-Authentication
TDXMobile
X-Varnish-CookieHashed-On
We-Hiring
X-A-Ccd
X-A
X-A-Dam
X-Varnish-CookieINHashed-On
Mail-Subject
Cluster
X-Vmg-Version
Content-Secure-Policy
Azure-InstanceId
DCR-Decision-By
Cdnsip
Cdncip
Azure-SlotName
Azure-SiteName
Azure-Version
BehaviorPad-Version
Candidate-Md5Url
DCR-Processing-Time-Ms
Expect-Staple
X-Platform-Server
Azure-RegionName
Meta-Geo-Continent
Ngx.Var.Host
Odigeo-Trace-Id
Lang
X-A-Dgt
Fastly-Backend-Name
Fastly-GeoIP-CountryCode
Gannett-Cam-Experience-Id
Host-ID
Origin
X-Amz-Storage-Class
X-GeoIP-City
X-GeoIP
X-Ig-Origin-Region
X-Ig-Push-State
X-Internal-TTL
X-INCAP-ABP
X-GeoCountry
X-GeoCode
X-FC-Vary-Parameters
X-Scheme
X-Rojux
X-Request-Time
X-Gdpr
X-Jobs
X-Proxy-CacheRZ
X-Origin-Response-Time
X-Origin-Expires
X-Origin-Time
X-Path
X-PAYTM-SRV-ID
X-Org
X-Nyt-Route
X-Mly-Id
X-Loc
X-Mvc-Supplant-Cachable
X-Proxied-Request
X-Proto
X-ScT
X-Epic-Correlation-Id
X-BCube-Filmed-By
X-Bc-Bl
X-Bug-Bounty
X-Cache-Aspx
X-Cache-Info
X-Backend-Instance
X-App-Name
X-Aicache-OS
X-Aed
X-Thinkindot-L3
X-AK-Request-ID
X-We-Are-Hiring
X-Cache-NE
X-Conf
X-Developer
X-Depends
X-DPWN-IS-SECURE
X-Ec-Fail
X-Ec-GeoHdr
X-DefHash
X-DefElseHash
X-Shield-Cache-Expires
X-Contensis-Viewer-Groups
X-D
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-A-Wwc
MD5-Digest
XkeyRZ
X-Site-Version
X-Varnish-Beresp-Ttl
Xc-Version
X-HS-CF-Cache-Status
X-Cdn-Forward
X-Cache-Hit
X-Pad
Mime-Version
X-UA-Device-Type
X-Hash
Web-Mar-Region
X-V-Cache
Tube-Return
X-Gzip
X-Var-Ttl
V-Age
X-Eu-Site
X-GeoIP-Country-Code
X-Accel-Expires-Debug
X-HN
X-GeoIP-Region-Code
X-GoCache-CacheStatus
Tube-Got-Results
X-Dispatcher-Server
Tube-Get-Contents
RNT-Time
X-Level-Front-Cache
X-Ec-Custom-Error
RNT-Machine
X-CGP
X-Akamai-Device-Characteristics
Req-Svc-Chain
X-Varnish-Director
X-Irp-Debug
X-HS-Content-Campaign-Id
X-Acquia-Purge-Cdn-Unconfigured
X-Edge-Server
X-Human
X-Req
X-Csrf-Jwt
Tube-Got-Eval
X-Wikidot-Backend
X-Sn-Servicetimems
X-Slack-Shared-Secret-Outcome
X-Cdn-Srv
X-CacheTTL
X-Cached-By
X-Newrelic-Synthetics
X-SVT-ORM-RULES
X-Slack-Backend
X-Clientip
X-Esi-Check
X-Core-Value
X-Date
X-Content-Age
X-Fmm-Version
X-SIPLIST1
X-SB
X-Gamma-Serve
X-Cache-Id
X-Generated-On
X-Op-Id-All
X-Auto-Login
X-Tb-Optimization-Total-Bytes-Saved
X-Amz-Meta-Cb-Modifiedtime
X-SD-PageType
Release
X-SVT-ORM-VERSION
X-B3-Trace-ID
X-Cache-Bucket
X-Cache-Grace
X-Bl-Debug
X-VarnishDD-TTL
X-Section
X-BBC-Edge-Cache-Status
X-Fastly-Backend
Server-Host
Cache-Key
Ha-Gx-Prefs
Esi-Enabled
X-Pool
Debug
DSUID
HA-Ipaddr
L
X-Micro-Cache
IsBot
L5d-Success-Class
Gh-Request-Id
X-Powered-By-VTEX-Cache
Canary
Product
X-NMSegId
Click-Count-Action-Start
Apple-News-Services-Parsed-Url
Cdn-Host
Cdn-Request-Time
Apple-News-Services-Host
Click-Count-Error
X-Viewer-Country
Cache-Provider
Apple-News-Services-Handled
Content-Style-Type
Content-Script-Type
Apple-News-Services-Request-Url
PFcat
Cache
X-AB-Test
Origin-CC
X-Via-Fastly
Wxu-Next-Region
X-Platform
Origin-EX
X-Wikidot-Static-Cache
X-Varnishpool
X-Access
Platform
X-Location
X-VTEX-Cache-Time
X-VTEX-Cache-Server
A
User-Agent
NGX
Yak-Timeinfo
X-VG-WebCache
X-Node-Id
Wxu-Next-Commit
W
NM-Fastcgi-Cache
X-Policy
Wxu-Next-Hostname
Akamai-Mon-Iucid-Del
X-CUA
CDN-PullZone
Sid
CDN-RequestPullCode
CDN-RequestCountryCode
X-Server-IP
CDN-RequestPullSuccess
XM
CDN-Cache
X-ORCA-Accelerator
CDN-CachedAt
CDN-EdgeStorageId
X-Thanos
X-VG-TLSProxy
X-Content-Length
X-Varnish-Beresp-Status
X-Hnp-Log
X-Men
Ssr
X-Request-Host
Req-ID
Pramga
X-Pubstack
ServerName
User-Cache-Control
X-Mvc-Supplant-OutputCached
X-Bip
X-Block-Status
X-Gen-Mode
CDN-Uid
X-Cache-FS-Status
Fl-Custom-Application
Fastly-SSL
X-Request-Start
CDCHOST
Country-Code
X-NodeID
X-Dc
X-Api-Version
X-Varnish-Hits
X-Optimistic-Header
TP-L2-Cache
X-TA-CDN-Provider
X-HOST
X-VServer
X-Litespeed-Tag
X-LB-NoCache
X-CACHE-GROUP
X-Cache-Date
X-Geolocation
X-Refresh
X-GEO
X-Cs
X-LiteSpeed-Tag
X-APP
X-S-Cookie
X-Application
X-External-Request-Id
X-B-Cookie
X-Destination
Proxy-Firewall
X-IsAdmin
X-Nananana
X-Zen-Fury
X-LiteSpeed-Cache-Control
X-Via-CDN
True-Client-Country-4JS
X-Via-Edge
Fastly-Drupal-Html
X-HITS
Edge-Copy-Time
X-Servedbyhost
X-Via-SSL
X-B3-Spanid
CloudFront-Viewer-Country
X-Zone
X-LJ-Flow-ID
X-VWS-Id
X-CDN-Forward
Cdn-Requestid
X-AWS-Id
Server-Hostname
Server-Ext
GeoIP-Latitude
Sever-Int
X-User
X-Test
C-Via
X-RequestId
X-Provided-By
X-Endurance-Cache-Level
X-Air-Pt
X-AIR-PT
X-Via-Popv
Adler-Geo
X-Via-Popn
X-Via-Poph
X-HA-Backend
Fastly-Drupal-HTML
Is-Eu
Ohc-Cache-HIT
X-DynaTrace-JS-Agent
X-FTR-Expires
X-DC
X-FTR-Cache-Status
X-FTR-Balancer
X-Country-Code-Real
X-FTR-Backend
X-FTR-Backend-Server
X-Nc
X-Wa
Server-ID
X-Dispatcher-Number
X-ZONE
X-VC-TTL
X-LB-ID
X-B3-Parentspanid
X-Nginx-Cache-Key
X-Webkit-Csp-Report-Only
S-Rt
WZWS-RAY
X-CS
GeoIp-Country-Code
HostName
Cdn
X-Tt-Logid
X-Presslabs-Stats
X-Oracle-Dms-Ecid
X-Vgn-Hpd-Reason
T-Server
X-COUNTRY
X-URL
X-Custom-Header
Cache-Tv-Group
X-Geo-Header
X-Datadome
X-TH-Server
WP-Super-Cache
X-Moov-T
True-Client-IP
X-Moov-Xdn-Version
X-Moov-Xdn-Caching-Status
X-Pass-Why
X-Resp-Is-Stale
X-ND-Cache
X-CACHE-AGE
X-Srv
X-Parent-Response-Time
X-DataCenter
X-Cache-Server
X-Old-Content-Length
Vc-Max-Age
X-CMSURLCustom
SID
X-HubSpot-Correlation-Id
Resin-Trace
X-Fpc
X-NewRelic-App-Data
X-API-Version
Uri
Pics-Label
X-Varnish-Beresp-TTL
X-Action
SEZNAM-JOBS-OFFER
X-Thinkindot-L1
Powered-By
Location
X-Cache-VC
Vix-Hermes-Req-Id
X-Vercel-Cache
X-FPC
X-Vercel-Id
X-TX-ID
X-Srcache-Fetch-Status
X-Srcache-Store-Status
X-APP-VERSION
Srv
X-Ckpd-Fst-Backend
X-Fastly-Cache
True-Client-Ip
X-SERVER-NAME
Tcn
Serverhost
N1-Cache
Thinkindot-Control
X-Litespeed-Cache-Control
X-Stale
On-Server
X-Client-Ip
GeoIP-Country-Code
ServerHost
X-Dynatrace-Js-Agent
X-Service-Response-Time
Sm-Log-Id
X-Amz-Meta-Opti
AKAMAI
X-Cache-TTL-Remaining
X-Oracle-Dms-Rid
X-PERF
X-ApacheServer
Server-Id
X-Datacenter
Hostname
X-PHP-Backend
Xkey-La3
Xkeylog
X-Proxy-Cache-La3
X-NC
X-Nitro-Cache
X-Air-Source
X-Fastly-Cache-Status
X-WA-Info
TWC-GeoIP-Region
Cache-Hits
TWC-GeoIP-City
X-WA
X-Debug-Service
Av-Poweredby
X-Render-Time
TWC-GeoIP-DMA
X-Air-Trace-Id
X-Air-Hostname
X-Cdn-Cache-Status
X-Ua
X-Uri
Cl-Cache
X-Info
Magicmarker
X-Lb-Id
X-Vc
X-Ssense-Shipping-Surcharge-Enabled
X-Ssense-Gql
RewriteTeamHook
RewriteTestHook
X-Ion-Healthy
X-Jungle-Id
X-Ion-Hop
Cache-Contol
Log-Origin
X-Udemy-Cache-App-Namespace
X-Ha-Backend
X-Via-PopH
X-Via-PopN
X-Via-PopV
Time-Cloud-Cache
X-Vary-Devices
Geoip-Latitude
X-Ee-Request-Date
X-Save-Cache
X-Ee-Request-Id
X-Ee-Generated-By
X-Ee-Origin
X-Fastly-Backend-Reqs
X-Cms-Device
X-Geo
Store-Cloud-Cache
X-Cache-Ttl
X-Github-Request-Id
X-Oracle-DMS-ECID
X-IAuth-Set-Uid
My-App
X-ServedByHost
Cmsid
Cmstype
X-V
X-CDN-Cache-Status
Cloudfront-Viewer-Country
Cf-Ipcountry
Lb
X-VTEX-Cache-Backend-Header-Time
X-VTEX-Cache-Backend-Connect-Time
CDN
X-Esi
X-New
X-Akamai-Pragma-Client-IP
X-VCL-Version
X-From
X-App
X-Limited
X-Rollout
X-Eligible
X-Requestid
WebServer
Warning
X-Forwarded-Site
X-Region-Sid
Machine
X-Traceid
X-Up
WWW-Authenticate
CacheControlHeader
CountryCode
X-Correlation-ID
X-Lb-Nocache
Server-Info
Pragrma
X-MSEdge-Flight
X-MSEdge-Features
X-LAGOON
Cneonction
X-Dw-Trace-Id
X-Pod
X-Cdn-Request-ID
X-EC-Lua
X-Acquia-Purge-Tags
X-HS-Status
X-Akamai-Transformed
X-Ftr-Request-Id
X-Acquia-Application-Trace
X-Serial
FSS-Cache
X-Acquia-Application-UUID
X-Acquia-Site
Reporter
X-Check-Cacheable
Edge-Cache
X-Git-Commit
X-Sucuri-Id
X-Container-Uri
NtCoent-Length
X-Web-Server
X-BBC-Origin-Response-Status
X-UP
Thinkindot-Cache-Type
X-Td-Header-From-No-Data
X-Elasticpress-Query
Timeexpire
X-Ms-Blob-Type
X-Ms-Lease-Status
X-Ramcache
X-Platform-Router
X-Platform-Cluster
X-Platform-Processor
X-Tncms-Bot-Tier
CF-Cached-On
X-SRCache-Key
X-Orig-Cache-Control
X-Varnish-Hostname
Permission-Policy
X-Akamai-ERPolicy
X-Akamai-ERRuleID
X-Fastly-Cache-Hits