Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
X-Frame-Options
Expires
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
Accept-Ranges
Expect-CT
CF-RAY
Pragma
X-Powered-By
X-Cache
Via
X-XSS-Protection
Age
Content-Security-Policy
Report-To
Alt-Svc
NEL
Referrer-Policy
Access-Control-Allow-Origin
X-Xss-Protection
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
X-Served-By
P3P
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-Varnish
CF-Ray
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
Content-Security-Policy-Report-Only
X-Runtime
X-DNS-Prefetch-Control
X-AspNet-Version
X-Drupal-Cache
X-Generator
Server-Timing
X-Cache-Status
P3p
X-Cacheable
X-Envoy-Upstream-Service-Time
Timing-Allow-Origin
X-Request-ID
X-FRAME-OPTIONS
X-Iinfo
X-Check
X-Drupal-Dynamic-Cache
Permissions-Policy
X-Content-Security-Policy
X-Ua-Compatible
Access-Control-Expose-Headers
Feature-Policy
Upgrade
Content-Encoding
Status
X-CDN
Accept-CH
X-AspNetMvc-Version
Access-Control-Max-Age
Host-Header
Cf-Edge-Cache
X-Robots-Tag
X-Amz-Request-Id
Request-Context
X-Amz-Id-2
Accept-CH-Lifetime
X-Backend
X-Hacker
X-Turbo-Charged-By
X-Cache-Group
Keep-Alive
X-Proxy-Cache
Cf-Apo-Via
X-Via
X-Rq
EagleId
X-Age
X-Server
X-UA-Device
X-Dispatcher
X-Vhost
X-Amz-Version-Id
X-AH-Environment
X-Ws-Request-Id
X-Dns-Prefetch-Control
X-Varnish-Cache
Grace
X-Server-Powered-By
X-Litespeed-Cache
X-WebKit-CSP
Allow
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Swift-SaveTime
X-Swift-CacheTime
X-Pingback
X-OneAgent-JS-Injection
X-Cache-Lookup
Ali-Swift-Global-Savetime
X-Page-Speed
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Device
EagleEye-TraceId
X-Backend-Server
X-Akam-SW-Version
X-Host
X-Response-Time
Surrogate-Control
X-Cloud-Trace-Context
Cf-Railgun
X-Readtime
X-Server-Id
X-Node
X-HW
X-LiteSpeed-Cache
X-Ruxit-JS-Agent
Xkey
Request-Id
X-Country
X-Nginx-Cache-Status
X-Url
X-Application-Context
X-NWS-LOG-UUID
X-Content-Type
Content-Location
Cache-Tag
X-Nginx-Upstream-Cache-Status
X-Clacks-Overhead
X-Trace
Service-Worker-Allowed
X-Amz-Server-Side-Encryption
Cross-Origin-Opener-Policy
Fastly-Restarts
X-Times
X-Vname
X-TtlSet
X-PC
X-Edge
X-Midtier
X-Mcache
X-Rack-Cache
X-Country-Code
Rating
Surrogate-Key
X-Browser-Type
X-ESI
X-Cache-TTL
X-Middleton-Display
X-Sol
Pagespeed
Display
X-Server-Name
X-Abt-Application-Version
X-Cnection
X-Element-Page-Cache
X-Exp-Id
X-Kinja-Build
X-Kinja
X-GoogleNews-Bot
X-Kinja-Revision
X-Cdn-Fetch
X-Kinja-Server
X-Exp-Variant
X-Ser
Edge-Control
X-Powered-By-Plesk
X-GitHub-Request-Id
Nginx-Cache
X-Oneagent-Js-Injection
X-D2id
Verso
X-Ac
X-Dw-Request-Base-Id
X-ARC
X-Vcap-Request-Id
X-Client-IP
X-MS-InvokeApp
X-ORACLE-DMS-RID
X-Daa-Tunnel
X-Ttl
X-B3-TraceId
X-Navigation-Version
X-Upstream
X-Amz-Rid
X-Goog-Hash
X-Aspnet-Version
X-CST
X-Powered-CMS
Response
X-Middleton-Response
X-Kraken-Loop-Name
X-Instrumentation
X-Server-Lifecycle-Phase
X-Erf-Bev-Bev-Is-Generated
X-PDP-UNCACHING-HASH
X-Erf-Bev-Bev
X-Edge-Location-Klb
X-Kinsta-Cache
AR-SID
AR-PoweredBy
AR-Request-ID
AR-ATIME
X-ECACHE
X-Cache-Key
X-NF-Request-ID
X-Amzn-Trace-Id
X-Ratelimit-Limit
Accept-Ch-Lifetime
X-Forwarded-For
X-Ua-Device
RTSS
X-Mod-Pagespeed
X-FastCGI-Cache
X-Wormhole-Sdk
SPRequestDuration
SPIisLatency
AR-CACHE
Edge-Cache-Tag
X-Ratelimit-Remaining
X-Server-ID
Cache-Status
X-Version
X-ORACLE-DMS-ECID
X-Mg-S
Public-Key-Pins
X-Ruxit-Js-Agent
Cross-Origin-Resource-Policy
S
X-Ezoic-Cdn
Realpath
X-SharePointHealthScore
SPRequestGuid
X-MSEdge-Ref
X-Shield-Request-Id
X-T
Fastcgi-Cache
X-Content-Digest
X-Cached
X-Recruiting
X-Accel-Expires
Access-Control-Request-Method
X-Distributor
X-Newrelic-App-Data
X-Varnish-TTL
X-Correlation-Id
TP-Cache
X-Kong-Upstream-Latency
Arr-Disable-Session-Affinity
Count-Hit
X-Kong-Proxy-Latency
Front-End-Https
X-Request-Received
X-Debug
X-Id
X-Request-Processing-Time
Server-Node
X-Content-Security-Policy-Report-Only
X-Ua-Browser
X-HS-Hub-Id
X-HS-Content-Id
X-VARITI-CCR
X-HS-Cache-Config
MicrosoftSharePointTeamServices
X-LLID
X-Frontend
X-HS-Combine-CSS
X-Azure-Ref
X-Fastly-Request-ID
Cache-Tags
X-Cluster-Name
X-Ismobilevalue
X-PressLabs-Stats
Payment
X-Forwarded-Proto
X-LB-Cache
X-Amz-Replication-Status
X-Varnish-Backend
X-GUploader-UploadID
X-Goog-Metageneration
X-Hits
Accept-Ch
Filterid
X-Request-Handler-Origin-Region
X-Microsite
X-Git-Hash
X-Unique-Id
Host
X-FB-Debug
X-Protected-By
Cleartype
X-Logged-In
X-Www-Served-By
X-Ratelimit-Reset
X-Varnish-Server
X-AppVersion
X-Az
X-Activity-Id
X-App-Server
Content-Disposition
X-Hostname
X-Varnish-Ttl
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-Amz-Apigw-Id
X-NGENIX-Cache
X-Amzn-RequestId
Mrf-Cache-Status
X-Jurisdiction
X-HP-Webp
X-HP-Trace-Id
X-B3-TraceId-Primal
MRF-Tech
X-Geo-Country
Access-Control-Allow-Method
Retry-After
X-Page-Id
X-Origin-Server
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-DIS-Request-ID
X-Load-Cache
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
MS-Author-Via
X-Goog-Stored-Content-Length
X-Upgrade-Enabled
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
Accept-Charset
X-Nf-Request-Id
X-Type
Section-Io-Cache
Fastly-SWR
Fastly-SIE
X-ASPNET-VERSION
X-Pinterest-Rid
X-Fb-Rlafr
Pinterest-Generated-By
Viewport
Pinterest-Version
Akamai-GRN
X-TTL
X-TT
X-Fastcgi-Cache
Origin-Trial
X-Cache-Control
Amp-Access-Control-Allow-Source-Origin
X-Grace
Content-MD5
X-Content-Options
X-Ah-Environment
X-B
X-B3-Sampled
X-Cambria-Cache-Control
X-Template
Version
X-SRCache-Store-Status
X-RateLimit-Remaining
X-Request-Guid
X-SRCache-Fetch-Status
X-Revision
X-Origin-Cache
X-ECache
X-Amz-Meta-S3cmd-Attrs
X-Trace-Id
TCN
X-Vcl-Version
Frame-Options
Healthy
X-Contextid
X-Envoy-Decorator-Operation
X-Magnolia-Registration
X-Cdn
X-Device-Type
X-CSRF-Token
X-Source
X-Fastly-Request-Id
X-WP-CF-Super-Cache-Active
DC
Server-Name
X-Backend-Name
X-Aspnetmvc-Version
X-Webkit-CSP
X-Proxy
X-Seen-By
X-Px
X-Varnish-Grace
X-Mobile
X-Xrds-Location
X-ProcessESI
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
X-App-Environment
X-RemovedCookies
X-Tumblr-User
X-Tumblr-Pixel
X-RM-Cache-TTL
X-Rule
X-Debug-Info
X-Mg-Request-UUID
X-Storage
X-Framework
X-Status
X-L-Path
Access-Control-Request-Headers
Cross-Origin-Window-Policy
NGB
X-Rid
X-NYM-Debug-Backend
SD-X-WS
X-Cacheable-TTL
X-Environment-Context
X-Debug-IsConnected
X-G
X-Debug-IsPreview
X-UUID
X-Region
X-ServerID
X-Instance
X-Adobe-Loc
X-Adobe-Content
X-Akamai-Edgescape
Paypal-Debug-Id
X-Content-Powered-By
X-FW-Type
X-HTML-Minification-Powered-By
X-Is-Bot
X-FW-Dynamic
X-FW-Server
X-Rendered-As
X-Proxy-Cache-Info
X-FW-Serve
X-FW-Hash
X-FW-Static
X-Node-Name
X-FW-Version
X-Cache-Age
GEO-INFO
X-RTag
X-Datadog-Sampling-Priority
X-Datadog-Sampled
X-User-Agent
X-Datadog-Parent-Id
Ms-Operation-Id
MS-CV
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Datadog-Trace-Id
X-CLOUD-TRACE-CONTEXT
X-Language
Front
Webserver
X-EdgeConnect-Cache-Status
X-Cache-Time
Upgrade-Insecure-Requests
X-Buckets
Charset
X-WebKit-CSP-Report-Only
Countrycode
Protected
X-Whom
X-N
OT-Force-Account-Verify
X-Tec-Api-Origin
X-IPS-LoggedIn
X-Tec-Api-Version
X-Tec-Api-Root
X-Akamai-Request-ID2
X-Cache-Status-Check
X-Lambda-Id
X-AB
Section-Io-Id
Country
X-Edge-Location
X-Time
Refresh
Trailer
Priority
X-TT-LOGID
X-VHOST
X-B3-SpanId
X-VC
X-Hcs-Proxy-Type
X-Hl-Ver
X-CCDN-CacheTTL
X-CCDN-Origin-Time
X-Via-JSL
X-Amzn-Remapped-Content-Length
Backend
X-WP-CF-Super-Cache-Cookies-Bypass
Alternate-Protocol
X-Reqid
X-XRDS-LOCATION
X-B3-Traceid
X-HS-Prerendered
Accept-Language
Xet-Cookie
Liferay-Portal
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Wix-Request-Id
X-DataDome
Onion-Location
X-Cache-Host
X-Auth-Group-Type
X-Origin-Date
X-Accel-Version
X-Frame-Option
X-UPSTREAM-Address
X-Rewrite-Enabled
X-Generated-By
X-Tumblr-Pixel-2
X-Fetched-On
X-FB-TRIP-ID
X-JoinUs
X-Tb
X-SaId
Filters
Fastcgi-Useragent
Environment
From-Origin
X-Request-URI
X-Scope-Id
ServerID
Meta-Geo
X-Rn-Rsrv
Uber-Trace-Id
X-Skip-Cache
X-Web-Node
X-VC-Cache
X-XRDS-Location
Webcakes-App-Name
X-R9-Blue-Green-Version
TWC-Privacy
Webcakes-App-Version
Webcakes-Region
X-SayCDN-TTL
X-Redis-Cache
TWC-Locale-Group
TWC-GeoIP-LatLong
Expiry
X-ProxyCache-Key
Property-Id
TWC-Connection-Speed
TWC-GeoIP-Country
TWC-Device-Class
X-Origin-Hint
X-BYPASS-REASON
X-Director
X-Say-Cacheable
X-Format
X-Varnish-Age
X-Varnish-Cache-Hits
X-Varnish-Beresp-Grace
X-Connection-Hash
X-ProxyCache-Status
X-Cache-Action
X-Cache-Expired-At
X-Hosted-By
X-Say-TTL
LB
X-Server-W
X-Restarts
X-Real-IP
X-Adobe-Source
X-Forwarded-Host
X-Labrador-Cache-Channel
X-Handled-By
X-Logging-Id
X-Loop
X-PHP-Host
X-Cms-Context
Web-Mar-Node
Atl-Traceid
X-IPLB-Instance
X-Mode
X-Cluster-Node
Apigw-Requestid
X-RID
X-IPLB-Request-ID
X-Webstats-RespID
X-Tncms
X-Soup
X-Vcache
Mn-Server-Ip
X-Httpd
X-Served-From
ServedBy
X-Detected-As
X-Servername
Url
X-Response-Served-From
X-SRV
X-Origin
DB-Nickname
X-Original-Request-Id
Xserver
X-S
X-Cluster
X-Proxy-Build
Referer-Policy
X-Origin-CC
X-Origin-TTL
CF-IPCountry
Selected-Fe
X-Timing-Wait
SRV
X-Proxied
N-Cache
X-Routing-Service
X-Lagoon
X-Extlb
X-Zipkin-Id
X-Cloudmap
X-Rocket-Nginx-Serving-Static
X-Hit
X-LSADC-Cache
Cross-Origin-Embedder-Policy-Report-Only
X-Nginx-Cache
X-Upstream-Ht
X-Upstream-Ct
X-Xfnlog-Site
CDN-RequestId
X-UA
Cross-Origin-Embedder-Policy
X-Ms-Version
X-Ms-Request-Id
X-Webkit-Csp
X-Cache-Debug
X-Tumblr-Pixel-3
X-RCS-CacheZone
X-Proxy-Cache-Status
Source
X-NWS-UUID-VERIFY
X-VCT
X-Azure-Ref-OriginShield
X-F-Cache
X-B-Cache
X-Signature
X-DynaTrace
X-Is-Desktop
X-Is-Mobile
X-Is-Supported-Browser
X-Is-Tablet
X-Geo-Region
X-Browser-Name
X-TraceId
X-Tcp-Rtt
Surrogated-Key
X-RateLimit-Limit-Second
Locale
X-Urbn-Context-Path
WPO-Cache-Message
X-Worker
WPO-Cache-Status
X-Urbn-Site-Id
X-RateLimit-Remaining-Second
X-No-Session
Node
X-Generation-Time
X-Cdn-Origin
X-NGINX-Cache
X-Sucuri-Cache
X-ShopId
X-ShardId
X-Shopify-Stage
X-Alternate-Cache-Key
X-Storefront-Renderer-Rendered
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-FTR-Request-ID
X-Sucuri-ID
X-RateLimit-Limit
TP-L2-Cache
X-Drupal-Cache-Contexts
X-Locale
X-Tx-Id
X-NODE
X-Cdn-Forward
X-Site-Version
X-Drupal-Cache-Tags
X-Optimistic-Header
X-Cache-Operation
X-Service
X-App-Version
X-Cache-Rule
X-Org
X-Origin-Time
X-Origin-Response-Time
Thinkindot-CacheControl-Type
A
Sslversion
X-Ec-GeoHdr
X-Ec-Fail
TDXMobile
Thinkindot-CacheControl
X-PAYTM-SRV-ID
X-DPWN-IS-SECURE
X-Ig-Origin-Region
X-Mvc-Supplant-Cachable
X-Mvc-Supplant-OutputCached
X-Internal-TTL
X-Jobs
X-Loc
X-Developer
X-INCAP-ABP
X-Nyt-Route
X-ElasticPress-Query
We-Hiring
X-Depends
X-Ig-Push-State
X-Mly-Id
Candidate-Md5Url
Expect-Staple
Fastly-Backend-Name
Fastly-GeoIP-CountryCode
MD5-Digest
Meta-Geo-Continent
DCR-Decision-By
DCR-Processing-Time-Ms
Mail-Subject
X-Gdpr
Host-ID
X-GeoCountry
X-GeoCode
Lang
X-GeoIP
Gannett-Cam-Experience-Id
X-GeoIP-City
Ngx.Var.Host
Content-Secure-Policy
BehaviorPad-Version
X-Epic-Correlation-Id
Rendered-Blocks
Azure-Version
Azure-SlotName
Azure-RegionName
Azure-SiteName
Redirect-Candidate
Producers
Odigeo-Trace-Id
Cluster
Origin-Agent-Cluster
Cdnsip
X-FC-Vary-Parameters
Cdncip
Azure-InstanceId
X-Origin-Expires
X-Debug-Cache-Store
X-Shield-Cache-Expires
X-App-Name
X-Debug-Cache-Fetch
X-Backend-Instance
X-Vdms-Version
X-Amz-Storage-Class
X-D
X-Scheme
X-Rojux
X-AK-Request-ID
Xc-Version
XkeyRZ
X-Cache-NE
X-Cache-Info
X-Varnish-Authentication
X-Bug-Bounty
X-Varnish-CookieINHashed-On
X-Varnish-CookieHashed-On
X-Cache-Aspx
X-We-Are-Hiring
X-Varnish-Director
X-Bc-Bl
X-Varnish-Remaining-TTL
X-BCube-Filmed-By
X-Thinkindot-L3
X-TIM-N
X-Request-Time
X-ScT
X-A-Dcw
X-A-Dam
X-Aicache-OS
X-A-Wwc
X-Proxied-Request
X-Proto
X-A-Ccd
X-Vtex-Remote-Cache
X-DefHash
X-Contensis-Viewer-Groups
X-Conf
X-A
X-Platform-Server
X-Proxy-CacheRZ
X-A-Dgt
X-DefElseHash
Cache
X-VG-WebCache
X-Viewer-Country
X-Vmg-Version
X-Aed
Mime-Version
X-LiteSpeed-Tag
X-Core-Value
X-CacheTTL
NM-Fastcgi-Cache
X-Csrf-Jwt
PFcat
X-Cache-Bucket
X-Cache-Grace
X-Fastly-Backend
X-CGP
X-Cache-Id
X-Generated-On
NGX
X-Fmm-Version
X-Gamma-Serve
L5d-Success-Class
RNT-Machine
Tube-Got-Results
X-Accel-Expires-Debug
X-Access
X-Acquia-Purge-Cdn-Unconfigured
Tube-Get-Contents
Tube-Got-Eval
Tube-Return
User-Agent
L
Wxu-Next-Region
Wxu-Next-Commit
Web-Mar-Region
V-Age
W
X-Dispatcher-Server
X-Akamai-Device-Characteristics
X-Bl-Debug
Req-Svc-Chain
Release
X-Esi-Check
X-Eu-Site
Product
X-Date
X-BBC-Edge-Cache-Status
X-B3-Trace-ID
X-Ec-Custom-Error
X-Edge-Server
Server-Host
Wxu-Next-Hostname
RNT-Time
Platform
Cache-Key
X-Pad
X-Op-Id-All
HA-Ipaddr
X-Platform
X-Policy
X-Pubstack
X-Powered-By-VTEX-Cache
X-Pool
X-Micro-Cache
X-Location
X-Hash
X-Gzip
X-GoCache-CacheStatus
X-HN
X-HS-Content-Campaign-Id
X-Level-Front-Cache
X-Human
X-Req
AMP-Access-Control-Allow-Source-Origin
X-VG-TLSProxy
X-VarnishDD-TTL
X-Varnish-Beresp-Status
X-Via-Fastly
X-VTEX-Cache-Server
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-VTEX-Cache-Time
X-V-Cache
X-Tb-Optimization-Total-Bytes-Saved
X-Slack-Backend
X-Section
X-SD-PageType
X-Slack-Shared-Secret-Outcome
X-Sn-Servicetimems
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-MP-GENERATED-AT
X-NMSegId
Cdn-Request-Time
Cache-Provider
X-Path
Click-Count-Error
Canary
Debug
Content-Style-Type
Cdn-Host
Content-Script-Type
Esi-Enabled
X-Content-Age
X-GeoIP-Country-Code
X-GeoIP-Region-Code
Gh-Request-Id
Ha-Gx-Prefs
Apple-News-Services-Request-Url
Apple-News-Services-Handled
Apple-News-Services-Parsed-Url
Click-Count-Action-Start
Apple-News-Services-Host
Ohc-File-Size
X-Api-Version
X-Air-Pt
X-Varnish-Beresp-Ttl
X-Var-Ttl
CDN-Uid
Yak-Timeinfo
X-Varnishpool
X-Cdn-Srv
Fastly-SSL
X-Clientip
DSUID
Cross-Origin-Opener-Policy-Report-Only
X-Cache-FS-Status
XM
CDN-RequestPullSuccess
Country-Code
CDN-RequestCountryCode
X-Node-Id
Origin-CC
X-NodeID
Origin
CDN-Cache
Origin-EX
X-Men
X-UA-Device-Type
Ssr
X-SB
X-Cached-By
CDN-CachedAt
CDN-EdgeStorageId
CDN-RequestPullCode
X-Auto-Login
X-Amz-Meta-Cb-Modifiedtime
Pramga
X-Request-Host
Sid
CDN-PullZone
X-Cache-Hit
CDCHOST
X-Server-IP
X-Thanos
IsBot
X-CUA
X-Request-Start
Req-ID
X-SIPLIST1
X-Block-Status
X-LiteSpeed-Cache-Control
X-Content-Length
X-HITS
X-Dc
X-Gen-Mode
User-Cache-Control
X-Newrelic-Synthetics
X-Hnp-Log
X-Bip
X-URL
ServerName
Fl-Custom-Application
X-HOST
X-Provided-By
X-Varnish-Hits
X-AB-Test
X-GEO
True-Client-Country-4JS
Akamai-Mon-Iucid-Del
X-AWS-Id
X-LJ-Flow-ID
X-VWS-Id
X-ORCA-Accelerator
GeoIP-Latitude
X-RequestId
X-Irp-Debug
X-Test
X-CACHE-GROUP
X-Cs
C-Via
Adler-Geo
Sever-Int
Proxy-Firewall
Server-Hostname
Server-Ext
X-TA-CDN-Provider
X-APP
Is-Eu
X-VServer
CloudFront-Viewer-Country
X-Refresh
X-Servedbyhost
S-Rt
X-LB-NoCache
X-Dispatcher-Number
X-Nananana
X-B3-Parentspanid
Fastly-Drupal-HTML
X-Presslabs-Stats
WZWS-RAY
X-Geolocation
X-HS-CF-Cache-Status
Edge-Copy-Time
X-DC
Cache-Tv-Group
X-Via-CDN
X-Via-SSL
X-Nginx-Cache-Key
X-Via-Edge
X-Cache-Date
Fastly-Drupal-Html
X-ZONE
X-Custom-Header
X-Via-Popv
X-Via-Popn
X-S-Cookie
X-HA-Backend
X-IsAdmin
X-Destination
X-External-Request-Id
X-B-Cookie
X-Geo-Header
T-Server
X-Via-Poph
X-Application
X-B3-Spanid
X-Pass-Why
X-Endurance-Cache-Level
X-CACHE-AGE
X-ND-Cache
X-Nc
X-Zen-Fury
X-Wa
X-LB-ID
X-Tt-Logid
X-Zone
X-DynaTrace-JS-Agent
X-Webkit-Csp-Report-Only
X-Cache-Server
Vc-Max-Age
X-CS
GeoIp-Country-Code
HostName
X-User
Server-ID
X-CMSURLCustom
Cdn-Requestid
X-Litespeed-Tag
Cdn
X-CDN-Forward
X-COUNTRY
X-SERVER-NAME
X-Oracle-Dms-Ecid
X-Parent-Response-Time
SID
True-Client-IP
X-Srv
Ohc-Cache-HIT
X-AIR-PT
Vix-Hermes-Req-Id
X-HubSpot-Correlation-Id
Powered-By
X-Fpc
Srv
X-DataCenter
X-Varnish-Beresp-TTL
X-VC-TTL
X-APP-VERSION
Resin-Trace
X-Ckpd-Fst-Backend
X-Fastly-Cache
WP-Super-Cache
X-TH-Server
X-Moov-Xdn-Caching-Status
X-Moov-Xdn-Version
X-Vgn-Hpd-Reason
X-NewRelic-App-Data
X-Moov-T
On-Server
Pics-Label
Uri
X-API-Version
X-Old-Content-Length
Thinkindot-Control
SEZNAM-JOBS-OFFER
ServerHost
X-Air-Hostname
X-Srcache-Store-Status
X-Air-Trace-Id
X-Srcache-Fetch-Status
X-Air-Source
X-FPC
X-PHP-Backend
AKAMAI
X-Vercel-Id
X-Vercel-Cache
X-Amz-Meta-Opti
True-Client-Ip
X-Cache-TTL-Remaining
X-TX-ID
Serverhost
X-Datadome
X-Dynatrace-Js-Agent
X-Client-Ip
Magicmarker
X-Thinkindot-L1
X-Action
Location
Server-Id
X-Cache-VC
GeoIP-Country-Code
X-Info
Cl-Cache
X-Oracle-Dms-Rid
Hostname
X-CDN-Cache-Status
X-Vc
N1-Cache
X-NC
X-Cdn-Cache-Status
X-V
X-WA
X-Stale
X-Debug-Service
Av-Poweredby
CDN
X-FTR-Backend-Server
X-FTR-Cache-Status
X-FTR-Expires
X-FTR-Balancer
X-Rollout
X-IAuth-Set-Uid
X-FTR-Backend
X-Eligible
X-Country-Code-Real
X-New
X-Service-Response-Time
Sm-Log-Id
X-Ee-Generated-By
X-Cms-Device
Store-Cloud-Cache
X-Geo
Time-Cloud-Cache
X-Lb-Id
X-Ee-Request-Id
X-Datacenter
X-Region-Sid
X-Fastly-Cache-Status
X-Save-Cache
X-Ee-Request-Date
X-Udemy-Cache-App-Namespace
X-Ee-Origin
X-Vary-Devices
X-VTEX-Cache-Backend-Connect-Time
X-VTEX-Cache-Backend-Header-Time
Machine
X-PERF
X-ApacheServer
X-Forwarded-Site
X-Cache-Ttl
X-Container-Uri
X-Ssense-Gql
X-WA-Info
X-Limited
X-Resp-Is-Stale
Cloudfront-Viewer-Country
X-Oracle-DMS-ECID
X-Github-Request-Id
X-Render-Time
X-Ssense-Shipping-Surcharge-Enabled
X-Git-Commit
Xkey-La3
X-Via-PopH
X-Fastly-Backend-Reqs
X-Proxy-Cache-La3
X-Ha-Backend
X-Nitro-Cache
X-Lb-Nocache
Xkeylog
Server-Info
X-Via-PopV
X-Via-PopN
X-Traceid
X-App
CountryCode
X-VCL-Version
Tcn
X-Litespeed-Cache-Control
X-Uri
X-Ftr-Request-Id
X-ServedByHost
Cache-Hits
TWC-GeoIP-DMA
TWC-GeoIP-City
TWC-GeoIP-Region
Cache-Contol
Log-Origin
Edge-Cache
RewriteTestHook
X-EC-Lua
WWW-Authenticate
Permission-Policy
RewriteTeamHook
X-Jungle-Id
X-Varnish-Hostname
X-Ion-Healthy
X-Akamai-Pragma-Client-IP
Cneonction
Geoip-Latitude
X-MSEdge-Flight
X-SRCache-Key
X-Ion-Hop
X-MSEdge-Features
WebServer
X-Correlation-ID
Pragrma
X-Akamai-Transformed
PICS-Label
My-App
Cmstype
Cmsid
X-LAGOON
X-HS-Status
Reporter
X-Acquia-Application-UUID
X-Dw-Trace-Id
X-From
FSS-Cache
X-Requestid
X-Up
NtCoent-Length
X-Cdn-Request-ID
X-Acquia-Purge-Tags
X-Acquia-Application-Trace
X-Acquia-Site
X-Pod
X-Serial
X-Ua
X-Check-Cacheable
Cf-Ipcountry
X-Sucuri-Id
CacheControlHeader
X-Elasticpress-Query
X-BBC-Origin-Response-Status
X-Platform-Processor
X-Ad-Load-Variation
X-Platform-Router
X-Ramcache
X-Platform-Cluster
CF-Cached-On
X-Web-Server
X-Fastly-Cache-Hits
X-Ms-Blob-Type
X-Ms-Lease-Status
X-Akamai-ERPolicy
X-Akamai-ERRuleID
X-Sqd-Stime
Warning
Timeexpire
X-Tncms-Bot-Tier
X-Sqd-Ctime
X-Orig-Cache-Control