Threat Level: green Handler on Duty: Jim Clausing

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
X-Frame-Options
Expires
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
Accept-Ranges
Expect-CT
CF-RAY
Pragma
X-Powered-By
X-Cache
Via
X-XSS-Protection
Age
Content-Security-Policy
Report-To
Alt-Svc
NEL
Referrer-Policy
Access-Control-Allow-Origin
X-Xss-Protection
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
X-Served-By
P3P
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Request-Id
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
CF-Ray
Content-Security-Policy-Report-Only
X-Runtime
X-DNS-Prefetch-Control
X-AspNet-Version
X-Drupal-Cache
X-Generator
Server-Timing
X-Cache-Status
P3p
X-Cacheable
X-Request-ID
X-Envoy-Upstream-Service-Time
Timing-Allow-Origin
X-FRAME-OPTIONS
X-Iinfo
X-Drupal-Dynamic-Cache
X-Check
Permissions-Policy
X-Content-Security-Policy
Access-Control-Expose-Headers
Feature-Policy
Upgrade
Content-Encoding
Status
X-CDN
X-Ua-Compatible
X-AspNetMvc-Version
Access-Control-Max-Age
Host-Header
Cf-Edge-Cache
Accept-CH
X-Robots-Tag
Request-Context
X-Amz-Request-Id
X-Amz-Id-2
X-Backend
X-Hacker
X-Turbo-Charged-By
X-Proxy-Cache
Keep-Alive
Cf-Apo-Via
X-Via
X-Cache-Group
X-Rq
EagleId
X-Age
X-Server
Accept-CH-Lifetime
X-UA-Device
X-Dispatcher
X-Vhost
X-Amz-Version-Id
X-AH-Environment
X-Ws-Request-Id
X-Dns-Prefetch-Control
X-Varnish-Cache
Grace
X-Server-Powered-By
X-WebKit-CSP
X-Litespeed-Cache
X-Swift-CacheTime
X-Swift-SaveTime
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
Allow
X-Pingback
X-OneAgent-JS-Injection
X-Cache-Lookup
Ali-Swift-Global-Savetime
X-Page-Speed
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Device
EagleEye-TraceId
X-Backend-Server
X-Akam-SW-Version
X-Host
X-Cloud-Trace-Context
X-Response-Time
Surrogate-Control
Cf-Railgun
X-Readtime
X-LiteSpeed-Cache
X-Server-Id
X-Node
X-HW
X-Ruxit-JS-Agent
Xkey
Request-Id
X-Country
X-Url
X-Nginx-Cache-Status
X-NWS-LOG-UUID
X-Application-Context
X-Content-Type
Cache-Tag
Content-Location
X-Nginx-Upstream-Cache-Status
X-Clacks-Overhead
Service-Worker-Allowed
X-Trace
X-Amz-Server-Side-Encryption
Cross-Origin-Opener-Policy
Fastly-Restarts
X-Times
X-PC
X-TtlSet
X-Vname
X-Rack-Cache
X-Midtier
X-Mcache
X-Edge
X-Country-Code
Rating
Surrogate-Key
X-Server-Name
X-Browser-Type
X-Sol
X-Middleton-Display
Display
Pagespeed
X-Cnection
X-Element-Page-Cache
X-Abt-Application-Version
X-Exp-Id
X-Cdn-Fetch
X-GoogleNews-Bot
X-Exp-Variant
X-Kinja-Revision
X-Kinja-Build
X-Kinja-Server
X-ESI
X-Kinja
X-Cache-TTL
X-Ser
X-GitHub-Request-Id
Nginx-Cache
Edge-Control
X-Powered-By-Plesk
X-Oneagent-Js-Injection
X-D2id
Verso
X-Ac
X-Vcap-Request-Id
X-Dw-Request-Base-Id
X-ARC
X-Client-IP
X-MS-InvokeApp
X-ORACLE-DMS-RID
Accept-Ch-Lifetime
X-Daa-Tunnel
X-Navigation-Version
X-Upstream
X-Amz-Rid
X-Goog-Hash
X-Aspnet-Version
Response
X-Middleton-Response
X-Powered-CMS
X-CST
X-B3-TraceId
X-Erf-Bev-Bev-Is-Generated
X-Instrumentation
X-Ttl
X-Server-Lifecycle-Phase
X-PDP-UNCACHING-HASH
X-Kraken-Loop-Name
X-Erf-Bev-Bev
X-Kinsta-Cache
X-Edge-Location-Klb
X-ECACHE
AR-PoweredBy
AR-Request-ID
AR-SID
AR-ATIME
X-Cache-Key
X-Amzn-Trace-Id
X-NF-Request-ID
X-Forwarded-For
X-Ratelimit-Limit
X-Ua-Device
X-Mod-Pagespeed
X-Wormhole-Sdk
RTSS
SPIisLatency
SPRequestDuration
Edge-Cache-Tag
Cache-Status
X-Ratelimit-Remaining
X-Server-ID
X-ORACLE-DMS-ECID
X-Version
AR-CACHE
X-FastCGI-Cache
X-Mg-S
Public-Key-Pins
X-Ruxit-Js-Agent
X-Ezoic-Cdn
Cross-Origin-Resource-Policy
S
Realpath
X-MSEdge-Ref
X-Shield-Request-Id
SPRequestGuid
X-SharePointHealthScore
X-Content-Digest
Fastcgi-Cache
X-T
X-Cached
X-Recruiting
Access-Control-Request-Method
X-Accel-Expires
Accept-Ch
X-Distributor
X-Newrelic-App-Data
X-Correlation-Id
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
TP-Cache
Arr-Disable-Session-Affinity
Count-Hit
X-Debug
Front-End-Https
X-HS-Hub-Id
X-HS-Cache-Config
X-Request-Processing-Time
X-HS-Content-Id
X-Request-Received
X-Content-Security-Policy-Report-Only
Server-Node
X-Id
X-Ua-Browser
MicrosoftSharePointTeamServices
X-LLID
X-VARITI-CCR
X-Azure-Ref
X-HS-Combine-CSS
X-Frontend
X-Varnish-TTL
X-Fastly-Request-ID
X-PressLabs-Stats
X-Cluster-Name
Cache-Tags
X-Ismobilevalue
X-Hits
Payment
X-Amz-Replication-Status
X-LB-Cache
X-Varnish-Backend
X-GUploader-UploadID
X-Forwarded-Proto
X-Goog-Metageneration
X-Varnish-Ttl
X-Microsite
X-Request-Handler-Origin-Region
X-Protected-By
Host
X-Git-Hash
Filterid
X-FB-Debug
X-Unique-Id
X-Logged-In
Cleartype
X-Varnish-Server
Content-Disposition
X-Activity-Id
X-Az
X-AppVersion
X-Ratelimit-Reset
X-Www-Served-By
X-Hostname
X-Tt-Trace-Tag
X-App-Server
X-Tt-Trace-Host
X-NGENIX-Cache
X-Amzn-RequestId
X-Amz-Apigw-Id
X-HP-Trace-Id
X-HP-Webp
X-Jurisdiction
Mrf-Cache-Status
MRF-Tech
X-B3-TraceId-Primal
X-Page-Id
Access-Control-Allow-Method
X-Fastcgi-Cache
X-DIS-Request-ID
X-TTL
X-Geo-Country
X-Pinterest-Rid
Retry-After
Pinterest-Generated-By
Pinterest-Version
X-Origin-Server
Origin-Trial
X-Load-Cache
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
X-Upgrade-Enabled
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Goog-Generation
X-Nf-Request-Id
Accept-Charset
Akamai-GRN
MS-Author-Via
X-ASPNET-VERSION
X-Cambria-Cache-Control
X-Type
Section-Io-Cache
X-Template
Fastly-SIE
Viewport
Fastly-SWR
X-Fb-Rlafr
X-TT
X-Cache-Control
X-B3-Sampled
Content-MD5
X-Content-Options
X-TEC-API-ORIGIN
X-Grace
X-TEC-API-VERSION
X-Ah-Environment
X-TEC-API-ROOT
Version
X-B
Frame-Options
X-RateLimit-Remaining
X-Request-Guid
X-ECache
X-Trace-Id
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Revision
Amp-Access-Control-Allow-Source-Origin
X-Vcl-Version
X-Amz-Meta-S3cmd-Attrs
Healthy
X-Envoy-Decorator-Operation
TCN
X-Origin-Cache
X-Device-Type
X-Contextid
X-Magnolia-Registration
X-Cdn
X-Xrds-Location
X-Source
X-CSRF-Token
X-WP-CF-Super-Cache-Active
X-Fastly-Request-Id
X-Cache-Age
Server-Name
X-Aspnetmvc-Version
X-Backend-Name
X-Rid
X-Webkit-CSP
DC
X-Tec-Api-Origin
X-Tec-Api-Root
X-Mobile
X-Proxy
X-Tec-Api-Version
X-Px
X-Seen-By
X-Varnish-Grace
X-Tumblr-Pixel
X-ProcessESI
X-App-Environment
X-Tumblr-Pixel-0
X-RemovedCookies
X-Tumblr-Pixel-1
X-Tumblr-User
X-Status
X-Debug-Info
X-Mg-Request-UUID
X-L-Path
X-Storage
X-Environment-Context
X-Rule
Access-Control-Request-Headers
X-RM-Cache-TTL
X-Framework
X-Debug-IsPreview
X-Debug-IsConnected
X-FW-Dynamic
X-Content-Powered-By
X-HTML-Minification-Powered-By
NGB
Cross-Origin-Window-Policy
X-FW-Hash
X-Language
SD-X-WS
X-Cacheable-TTL
X-FW-Type
X-NYM-Debug-Backend
X-Proxy-Cache-Info
X-Region
X-ServerID
X-FW-Serve
X-Node-Name
X-FW-Version
X-Akamai-Edgescape
X-FW-Server
X-Instance
X-FW-Static
GEO-INFO
X-RTag
X-Datadog-Sampled
X-UUID
MS-CV
Ms-Operation-Id
X-Datadog-Parent-Id
X-Datadog-Trace-Id
X-Rendered-As
X-Is-Bot
X-Datadog-Sampling-Priority
Paypal-Debug-Id
X-Yottaa-Metrics
X-Buckets
X-Adobe-Loc
X-G
X-Yottaa-Optimizations
X-Adobe-Content
X-User-Agent
X-CLOUD-TRACE-CONTEXT
X-Cache-Time
X-EdgeConnect-Cache-Status
Countrycode
Upgrade-Insecure-Requests
Webserver
Front
X-WebKit-CSP-Report-Only
Trailer
Charset
X-B3-Traceid
Protected
X-Whom
OT-Force-Account-Verify
X-N
X-Lambda-Id
X-TT-LOGID
X-Edge-Location
X-VC
Section-Io-Id
X-IPS-LoggedIn
Refresh
X-Cache-Status-Check
X-Akamai-Request-ID2
Priority
Country
X-AB
X-Time
X-HS-Prerendered
X-VHOST
X-CACHE-GROUP
X-Reqid
X-Hcs-Proxy-Type
Backend
X-Amzn-Remapped-Content-Length
X-CCDN-CacheTTL
X-CCDN-Origin-Time
X-WP-CF-Super-Cache-Cookies-Bypass
X-Hl-Ver
Xet-Cookie
Alternate-Protocol
X-XRDS-LOCATION
Liferay-Portal
X-B3-SpanId
X-Via-JSL
X-Server-W
Onion-Location
Accept-Language
X-Wix-Request-Id
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Mode
X-SaId
X-FB-TRIP-ID
X-Real-IP
X-Fetched-On
X-Rewrite-Enabled
Meta-Geo
X-Rn-Rsrv
X-Web-Node
X-Tumblr-Pixel-2
From-Origin
X-Auth-Group-Type
X-Frame-Option
Filters
X-Accel-Version
Fastcgi-Useragent
X-Tb
X-Origin-Date
X-UPSTREAM-Address
X-Cache-Host
X-Skip-Cache
ServerID
X-JoinUs
X-Scope-Id
Webcakes-App-Name
TWC-GeoIP-Country
Uber-Trace-Id
Webcakes-App-Version
TWC-Locale-Group
TWC-Privacy
TWC-GeoIP-LatLong
TWC-Connection-Speed
X-Cache-Expired-At
X-Cluster-Node
X-Original-Request-Id
X-Response-Served-From
X-Cache-Action
X-BYPASS-REASON
Environment
X-Connection-Hash
X-Director
Webcakes-Region
X-Webstats-RespID
X-Varnish-Cache-Hits
Atl-Traceid
X-VC-Cache
X-ProxyCache-Status
X-IPLB-Instance
X-Varnish-Age
X-Origin-Hint
X-Hosted-By
X-Generated-By
X-ProxyCache-Key
TWC-Device-Class
Property-Id
X-SayCDN-TTL
X-Request-URI
X-Format
X-Logging-Id
X-Restarts
X-Say-TTL
X-Say-Cacheable
X-R9-Blue-Green-Version
X-IPLB-Request-ID
X-Redis-Cache
Expiry
Web-Mar-Node
Apigw-Requestid
X-Labrador-Cache-Channel
X-PHP-Host
X-Httpd
X-Forwarded-Host
X-Vcache
X-Loop
X-Cms-Context
Mn-Server-Ip
X-Served-From
X-Varnish-Beresp-Grace
X-Handled-By
X-DataDome
X-Tncms
X-Soup
Selected-Fe
X-Proxy-Build
X-Adobe-Source
X-Timing-Wait
SRV
Cross-Origin-Embedder-Policy-Report-Only
DB-Nickname
X-Zipkin-Id
X-Cloudmap
X-Servername
X-Routing-Service
X-Proxied
X-Detected-As
X-Extlb
X-Cluster
X-Origin
ServedBy
Url
X-Nginx-Cache
LB
X-Origin-CC
X-Origin-TTL
Xserver
X-LSADC-Cache
X-Rocket-Nginx-Serving-Static
X-S
N-Cache
X-Lagoon
Referer-Policy
CF-IPCountry
X-Hit
X-SRV
X-RID
X-XRDS-Location
X-Xfnlog-Site
Cross-Origin-Embedder-Policy
X-NWS-UUID-VERIFY
X-TraceId
X-Ms-Request-Id
X-Tumblr-Pixel-3
X-Ms-Version
X-Webkit-Csp
CDN-RequestId
X-Upstream-Ct
X-UA
X-Upstream-Ht
X-VCT
X-DynaTrace
X-Cache-Debug
Source
X-Proxy-Cache-Status
X-Azure-Ref-OriginShield
X-RCS-CacheZone
WPO-Cache-Status
WPO-Cache-Message
Surrogated-Key
X-Worker
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-F-Cache
X-B-Cache
X-FTR-Request-ID
X-Signature
X-Urbn-Context-Path
Locale
X-No-Session
X-Urbn-Site-Id
X-Is-Mobile
X-Is-Desktop
X-Geo-Region
X-Is-Supported-Browser
X-Is-Tablet
X-Tcp-Rtt
X-Browser-Name
X-Sucuri-Cache
X-Cdn-Origin
X-Generation-Time
Node
X-Drupal-Cache-Contexts
X-Shopify-Stage
X-Sorting-Hat-ShopId
X-Storefront-Renderer-Rendered
X-Sucuri-ID
X-Alternate-Cache-Key
X-Drupal-Cache-Tags
X-Sorting-Hat-PodId
X-ShopId
X-ShardId
X-Cdn-Forward
AMP-Access-Control-Allow-Source-Origin
X-RateLimit-Limit
X-NODE
X-Locale
X-NGINX-Cache
X-Tx-Id
TP-L2-Cache
X-Site-Version
X-App-Version
X-Cache-Rule
X-MP-GENERATED-AT
X-Cache-Operation
We-Hiring
DCR-Processing-Time-Ms
DCR-Decision-By
Cdncip
Expect-Staple
Candidate-Md5Url
Fastly-Backend-Name
X-A
Azure-Version
Content-Secure-Policy
Cluster
Azure-SlotName
Fastly-GeoIP-CountryCode
Cdnsip
X-A-Dam
X-A-Dcw
X-A-Ccd
Gannett-Cam-Experience-Id
Odigeo-Trace-Id
Origin-Agent-Cluster
BehaviorPad-Version
Redirect-Candidate
Lang
Azure-RegionName
MD5-Digest
Meta-Geo-Continent
Ngx.Var.Host
Rendered-Blocks
Host-ID
Mail-Subject
Azure-SiteName
Thinkindot-CacheControl
A
Azure-InstanceId
Sslversion
TDXMobile
X-A-Dgt
Thinkindot-CacheControl-Type
X-D
X-Path
X-Origin-Time
X-PAYTM-SRV-ID
X-Platform-Server
X-Proxied-Request
X-Proto
X-Origin-Response-Time
X-Origin-Expires
X-Loc
X-Jobs
X-Mvc-Supplant-Cachable
X-Mvc-Supplant-OutputCached
X-Org
X-Nyt-Route
X-Proxy-CacheRZ
X-Request-Time
X-Vmg-Version
X-Vdms-Version
X-Vtex-Remote-Cache
X-We-Are-Hiring
XkeyRZ
Xc-Version
X-Varnish-Authentication
X-TIM-N
X-Scheme
X-Rojux
X-ScT
X-Shield-Cache-Expires
X-Thinkindot-L3
X-Internal-TTL
X-INCAP-ABP
X-Cache-Aspx
X-Bug-Bounty
X-Cache-Info
X-Cache-NE
X-Contensis-Viewer-Groups
X-Conf
X-BCube-Filmed-By
X-Bc-Bl
X-AK-Request-ID
X-Aicache-OS
X-Amz-Storage-Class
X-App-Name
X-Backend-Instance
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-GeoCountry
X-GeoCode
X-GeoIP
X-GeoIP-City
X-Ig-Push-State
X-Ig-Origin-Region
X-Gdpr
X-FC-Vary-Parameters
X-Developer
X-Depends
X-Ec-Fail
X-Ec-GeoHdr
X-Epic-Correlation-Id
X-Aed
X-A-Wwc
X-Optimistic-Header
X-ElasticPress-Query
Cross-Origin-Opener-Policy-Report-Only
Ohc-File-Size
X-Service
Mime-Version
Cache
PFcat
X-Eu-Site
Origin-CC
Origin-EX
X-Esi-Check
X-DPWN-IS-SECURE
X-DefHash
X-DefElseHash
Release
X-Pad
Producers
X-Dispatcher-Server
X-Ec-Custom-Error
X-Fmm-Version
X-Gzip
X-GoCache-CacheStatus
L5d-Success-Class
L
X-Accel-Expires-Debug
X-Hash
X-GeoIP-Region-Code
X-GeoIP-Country-Code
Req-Svc-Chain
Origin
X-Gamma-Serve
NM-Fastcgi-Cache
X-Generated-On
NGX
X-Fastly-Backend
RNT-Machine
X-B3-Trace-ID
X-Auto-Login
W
V-Age
X-BBC-Edge-Cache-Status
Tube-Return
User-Agent
X-Amz-Meta-Cb-Modifiedtime
Web-Mar-Region
X-Acquia-Purge-Cdn-Unconfigured
X-Access
X-Akamai-Device-Characteristics
Wxu-Next-Region
Wxu-Next-Commit
Wxu-Next-Hostname
Tube-Got-Results
Tube-Got-Eval
X-Content-Age
X-Clientip
X-Csrf-Jwt
Server-Host
X-HS-Content-Campaign-Id
RNT-Time
X-CGP
X-CacheTTL
X-Bl-Debug
Tube-Get-Contents
X-Cache-Bucket
X-Cache-Grace
X-Cached-By
X-Cache-Id
X-Date
X-HN
X-UA-Device-Type
Cache-Key
X-V-Cache
X-Var-Ttl
Apple-News-Services-Request-Url
X-Varnish-CookieHashed-On
Cache-Provider
Canary
X-Human
X-Slack-Backend
X-Sn-Servicetimems
X-SVT-ORM-RULES
X-Tb-Optimization-Total-Bytes-Saved
X-SVT-ORM-VERSION
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
X-VTEX-Cache-Server
X-Viewer-Country
X-VTEX-Cache-Time
X-Wikidot-Backend
Yak-Timeinfo
X-Wikidot-Static-Cache
X-Via-Fastly
X-VG-WebCache
X-Varnish-CookieINHashed-On
Apple-News-Services-Handled
X-Varnish-Director
X-Varnish-Remaining-TTL
X-Varnishpool
X-VarnishDD-TTL
X-Section
X-Slack-Shared-Secret-Outcome
Debug
DSUID
X-Op-Id-All
X-Platform
X-Policy
X-SD-PageType
Content-Style-Type
X-Node-Id
X-NMSegId
Gh-Request-Id
Ha-Gx-Prefs
HA-Ipaddr
Sid
X-Level-Front-Cache
X-Mly-Id
X-Location
Content-Script-Type
X-Pool
Click-Count-Error
X-Req
Click-Count-Action-Start
X-SB
X-Powered-By-VTEX-Cache
X-Micro-Cache
X-Request-Host
X-CUA
X-Dc
X-Server-IP
X-SIPLIST1
X-Newrelic-Synthetics
X-Request-Start
X-Content-Length
X-Varnish-Beresp-Status
X-Block-Status
X-Pubstack
X-Cache-FS-Status
X-Cdn-Srv
X-Edge-Server
X-Gen-Mode
X-Bip
X-Thanos
X-Core-Value
X-Hnp-Log
IsBot
Fastly-SSL
Esi-Enabled
Country-Code
Platform
Pramga
ServerName
Req-ID
Product
CDN-Uid
CDN-RequestPullSuccess
CDN-EdgeStorageId
CDN-CachedAt
CDN-Cache
X-Cache-Hit
Cdn-Host
CDN-PullZone
CDN-RequestPullCode
CDN-RequestCountryCode
Cdn-Request-Time
Ssr
CDCHOST
User-Cache-Control
XM
X-Men
X-VG-TLSProxy
X-Irp-Debug
X-AB-Test
X-LiteSpeed-Tag
X-NodeID
X-Varnish-Beresp-Ttl
X-Api-Version
Akamai-Mon-Iucid-Del
X-HOST
X-Varnish-Hits
X-Air-Pt
Fl-Custom-Application
X-ORCA-Accelerator
X-GEO
X-VWS-Id
X-AWS-Id
X-LJ-Flow-ID
True-Client-Country-4JS
X-Cs
X-Provided-By
X-Test
Proxy-Firewall
X-LB-NoCache
C-Via
X-TA-CDN-Provider
Server-Ext
GeoIP-Latitude
Sever-Int
X-HS-CF-Cache-Status
X-LiteSpeed-Cache-Control
X-VServer
X-RequestId
Server-Hostname
X-APP
X-B3-Spanid
Edge-Copy-Time
X-Cache-Date
X-Servedbyhost
X-B3-Parentspanid
X-Nananana
CloudFront-Viewer-Country
X-Refresh
X-Geolocation
Adler-Geo
Fastly-Drupal-Html
X-HITS
X-Via-CDN
X-Via-Edge
X-Via-SSL
Is-Eu
S-Rt
X-IsAdmin
X-Destination
X-External-Request-Id
X-Nginx-Cache-Key
X-Application
X-Dispatcher-Number
X-S-Cookie
X-B-Cookie
X-ZONE
X-Endurance-Cache-Level
WZWS-RAY
X-Via-Poph
X-Via-Popv
Cache-Tv-Group
X-Via-Popn
Fastly-Drupal-HTML
X-Zen-Fury
X-HA-Backend
X-Zone
X-DC
X-DynaTrace-JS-Agent
X-LB-ID
X-Litespeed-Tag
X-User
X-Wa
X-Nc
T-Server
X-Custom-Header
X-Geo-Header
X-Pass-Why
X-ND-Cache
HostName
X-Webkit-Csp-Report-Only
X-CS
GeoIp-Country-Code
Cdn
X-Tt-Logid
X-Presslabs-Stats
X-CDN-Forward
Cdn-Requestid
Server-ID
X-Srv
Vc-Max-Age
X-CMSURLCustom
X-Oracle-Dms-Ecid
X-COUNTRY
X-URL
X-Cache-Server
X-AIR-PT
X-HubSpot-Correlation-Id
Ohc-Cache-HIT
X-Parent-Response-Time
True-Client-IP
X-VC-TTL
X-Varnish-Beresp-TTL
X-CACHE-AGE
WP-Super-Cache
Resin-Trace
X-DataCenter
X-Vgn-Hpd-Reason
SID
X-Moov-Xdn-Version
X-NewRelic-App-Data
Vix-Hermes-Req-Id
Uri
X-Moov-T
X-APP-VERSION
X-TH-Server
X-Fpc
X-Moov-Xdn-Caching-Status
Powered-By
X-API-Version
X-Ckpd-Fst-Backend
X-Old-Content-Length
Srv
X-Fastly-Cache
Pics-Label
X-Datadome
SEZNAM-JOBS-OFFER
On-Server
X-FPC
X-Srcache-Fetch-Status
X-Srcache-Store-Status
X-TX-ID
Thinkindot-Control
ServerHost
True-Client-Ip
X-SERVER-NAME
X-Action
X-Vercel-Id
Location
X-Vercel-Cache
X-Cache-VC
X-Thinkindot-L1
Serverhost
AKAMAI
X-Air-Source
X-PHP-Backend
X-Amz-Meta-Opti
Server-Id
X-Air-Hostname
X-Cache-Ttl
X-Air-Trace-Id
X-Cache-TTL-Remaining
X-Client-Ip
GeoIP-Country-Code
X-Stale
X-Dynatrace-Js-Agent
X-Info
Cl-Cache
X-Litespeed-Cache-Control
Magicmarker
X-Oracle-Dms-Rid
Hostname
X-FTR-Expires
X-FTR-Backend-Server
X-FTR-Cache-Status
X-FTR-Backend
X-Country-Code-Real
X-FTR-Balancer
Av-Poweredby
X-Cdn-Cache-Status
X-WA
X-NC
X-V
X-Debug-Service
N1-Cache
X-Fastly-Cache-Status
X-Proxy-Cache-La3
X-IAuth-Set-Uid
X-Fastly-Backend-Reqs
Xkey-La3
X-CDN-Cache-Status
Xkeylog
X-Lb-Id
X-Datacenter
X-ApacheServer
X-PERF
X-Ssense-Shipping-Surcharge-Enabled
X-Service-Response-Time
X-Ssense-Gql
X-Resp-Is-Stale
Sm-Log-Id
CDN
Tcn
X-Vc
X-Save-Cache
X-Vary-Devices
X-Ee-Request-Id
X-Via-PopN
X-Ee-Request-Date
X-Ee-Origin
X-Geo
X-Render-Time
X-Udemy-Cache-App-Namespace
X-WA-Info
X-Nitro-Cache
X-Ha-Backend
X-Eligible
X-Via-PopH
X-Via-PopV
X-Ee-Generated-By
X-VTEX-Cache-Backend-Header-Time
X-Cms-Device
X-Rollout
X-New
X-VTEX-Cache-Backend-Connect-Time
Time-Cloud-Cache
Store-Cloud-Cache
TWC-GeoIP-DMA
Cloudfront-Viewer-Country
Machine
X-Forwarded-Site
X-Region-Sid
X-Github-Request-Id
Cache-Hits
TWC-GeoIP-City
X-Oracle-DMS-ECID
X-ServedByHost
TWC-GeoIP-Region
X-Uri
X-Limited
X-Esi
X-Ion-Healthy
RewriteTestHook
Geoip-Latitude
X-Ion-Hop
X-Lb-Nocache
X-App
Server-Info
X-VCL-Version
Log-Origin
X-Jungle-Id
Cache-Contol
RewriteTeamHook
X-Git-Commit
X-Container-Uri
X-EC-Lua
X-Traceid
Cmsid
WebServer
Cmstype
Edge-Cache
X-Akamai-Pragma-Client-IP
X-MSEdge-Features
X-Ua
WWW-Authenticate
Cneonction
My-App
X-MSEdge-Flight
X-Ftr-Request-Id
CountryCode
X-Correlation-ID
X-Dw-Trace-Id
X-Varnish-Hostname
Pragrma
Permission-Policy
X-LAGOON
Cf-Ipcountry
X-From
X-SRCache-Key
X-Requestid
X-HS-Status
X-Up
CacheControlHeader
Reporter
X-Acquia-Application-Trace
X-Acquia-Application-UUID
X-Akamai-Transformed
X-Serial
FSS-Cache
X-Acquia-Site
X-Acquia-Purge-Tags
X-Check-Cacheable
X-Cdn-Request-ID
Lb
X-Pod
PICS-Label
X-Sucuri-Id
X-Fastly-Cache-Hits
X-UP
X-Web-Server
X-BBC-Origin-Response-Status
X-Elasticpress-Query
CF-Cached-On
X-Platform-Router
Timeexpire
X-Tncms-Bot-Tier
Warning
X-Akamai-ERPolicy
X-Akamai-ERRuleID
X-Ms-Lease-Status
X-Orig-Cache-Control
X-Platform-Processor
NtCoent-Length
X-Ramcache
X-Ms-Blob-Type
X-Platform-Cluster