Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
X-Frame-Options
Expires
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
CF-Cache-Status
Cf-Request-Id
ETag
Accept-Ranges
Expect-CT
CF-RAY
Pragma
X-Powered-By
X-Cache
Via
Age
X-XSS-Protection
Content-Security-Policy
Report-To
Alt-Svc
NEL
Referrer-Policy
Access-Control-Allow-Origin
X-Xss-Protection
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
X-Served-By
X-Download-Options
P3P
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
CF-Ray
Content-Security-Policy-Report-Only
X-Runtime
P3p
X-DNS-Prefetch-Control
X-AspNet-Version
X-Drupal-Cache
Server-Timing
X-Generator
X-Cache-Status
X-Cacheable
X-Envoy-Upstream-Service-Time
X-Request-ID
X-FRAME-OPTIONS
Timing-Allow-Origin
X-Iinfo
X-Drupal-Dynamic-Cache
Permissions-Policy
X-Content-Security-Policy
Access-Control-Expose-Headers
Feature-Policy
X-Check
Upgrade
Content-Encoding
Status
X-CDN
X-Ua-Compatible
X-AspNetMvc-Version
Access-Control-Max-Age
Host-Header
Cf-Edge-Cache
X-Robots-Tag
Request-Context
X-Amz-Request-Id
X-Amz-Id-2
Accept-CH
X-Backend
X-Hacker
X-Turbo-Charged-By
Cf-Apo-Via
X-Cache-Group
X-Proxy-Cache
Accept-Ch
Keep-Alive
X-Via
X-Rq
X-Age
EagleId
X-Server
X-Dispatcher
X-UA-Device
X-Vhost
X-Dns-Prefetch-Control
X-Amz-Version-Id
X-AH-Environment
X-Ws-Request-Id
X-Varnish-Cache
Grace
X-Server-Powered-By
Accept-CH-Lifetime
X-WebKit-CSP
X-Pingback
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
Allow
X-Swift-SaveTime
X-Swift-CacheTime
X-Litespeed-Cache
X-OneAgent-JS-Injection
X-Cache-Lookup
Ali-Swift-Global-Savetime
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Page-Speed
X-Cloud-Trace-Context
X-Device
X-Backend-Server
X-Akam-SW-Version
EagleEye-TraceId
X-Host
Surrogate-Control
X-Response-Time
Xkey
Cf-Railgun
X-LiteSpeed-Cache
X-Readtime
X-Node
X-HW
X-Server-Id
X-Ruxit-JS-Agent
Request-Id
X-Country
X-Nginx-Cache-Status
X-Url
X-Content-Type
Cache-Tag
X-NWS-LOG-UUID
X-Application-Context
Content-Location
X-Nginx-Upstream-Cache-Status
X-Clacks-Overhead
Service-Worker-Allowed
X-Trace
X-Amz-Server-Side-Encryption
Cross-Origin-Opener-Policy
Fastly-Restarts
Accept-Ch-Lifetime
X-Times
X-Country-Code
X-Rack-Cache
X-Vname
X-PC
X-TtlSet
X-Mcache
X-Edge
X-Midtier
Rating
Surrogate-Key
X-Browser-Type
Pagespeed
X-Sol
X-Middleton-Display
Display
X-Cache-TTL
X-Cnection
X-Server-Name
X-Element-Page-Cache
X-Abt-Application-Version
X-GoogleNews-Bot
X-Exp-Variant
X-Cdn-Fetch
X-Kinja
X-Exp-Id
X-Kinja-Build
X-Kinja-Revision
X-Kinja-Server
X-ESI
Nginx-Cache
X-Oneagent-Js-Injection
X-Ser
X-GitHub-Request-Id
X-Powered-By-Plesk
Edge-Control
X-ECACHE
X-D2id
Verso
X-Ac
X-Vcap-Request-Id
X-MS-InvokeApp
X-Client-IP
X-Dw-Request-Base-Id
X-ARC
X-B3-TraceId
X-Middleton-Response
X-Amz-Rid
Response
X-CST
X-Goog-Hash
X-Navigation-Version
X-Daa-Tunnel
X-Powered-CMS
X-ORACLE-DMS-RID
X-Upstream
X-Server-Lifecycle-Phase
X-Erf-Bev-Bev-Is-Generated
X-Kinsta-Cache
X-Erf-Bev-Bev
X-Edge-Location-Klb
X-Kraken-Loop-Name
X-Instrumentation
X-PDP-UNCACHING-HASH
X-NF-Request-ID
X-Wormhole-Sdk
X-Ua-Device
X-Forwarded-For
X-Amzn-Trace-Id
X-Cache-Key
RTSS
AR-SID
AR-ATIME
AR-PoweredBy
AR-Request-ID
X-Ratelimit-Limit
X-FastCGI-Cache
SPIisLatency
SPRequestDuration
X-Ratelimit-Remaining
X-Server-ID
X-Mod-Pagespeed
Edge-Cache-Tag
Cache-Status
X-Version
Public-Key-Pins
X-Ruxit-Js-Agent
X-Mg-S
X-Ttl
X-Ezoic-Cdn
X-ORACLE-DMS-ECID
AR-CACHE
X-Content-Digest
X-SharePointHealthScore
Cross-Origin-Resource-Policy
SPRequestGuid
Realpath
X-Varnish-TTL
S
X-Fastly-Request-ID
X-MSEdge-Ref
X-Shield-Request-Id
X-T
Fastcgi-Cache
X-Cached
X-Recruiting
X-Accel-Expires
X-Distributor
Front-End-Https
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
Access-Control-Request-Method
X-TTL
X-Newrelic-App-Data
TP-Cache
X-Correlation-Id
X-Debug
Count-Hit
X-Id
X-Azure-Ref
MicrosoftSharePointTeamServices
X-Request-Received
X-Request-Processing-Time
X-Ua-Browser
X-HS-Cache-Config
Arr-Disable-Session-Affinity
X-HS-Hub-Id
X-HS-Content-Id
Server-Node
X-Content-Security-Policy-Report-Only
X-LLID
X-VARITI-CCR
X-HS-Combine-CSS
X-Frontend
X-PressLabs-Stats
Cache-Tags
X-Cluster-Name
X-Ismobilevalue
Origin-Trial
X-GUploader-UploadID
Payment
X-Amz-Replication-Status
X-Varnish-Backend
X-LB-Cache
X-Goog-Metageneration
X-Forwarded-Proto
X-Hits
X-Protected-By
Pinterest-Version
X-Pinterest-Rid
X-Request-Handler-Origin-Region
X-Microsite
Pinterest-Generated-By
X-Unique-Id
Host
X-FB-Debug
Cleartype
X-Git-Hash
X-Logged-In
X-Varnish-Server
Content-Disposition
X-Activity-Id
X-Www-Served-By
X-AppVersion
Filterid
X-Az
X-Ratelimit-Reset
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-NGENIX-Cache
X-Hostname
X-App-Server
X-Amz-Apigw-Id
X-DIS-Request-ID
X-Amzn-RequestId
X-Page-Id
X-Cambria-Cache-Control
X-HP-Webp
X-HP-Trace-Id
X-Jurisdiction
X-Geo-Country
Akamai-GRN
MRF-Tech
Mrf-Cache-Status
X-B3-TraceId-Primal
Access-Control-Allow-Method
X-Aspnet-Version
X-Load-Cache
X-Template
X-Origin-Server
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
X-Xrds-Location
Retry-After
X-ASPNET-VERSION
X-Fastcgi-Cache
X-Upgrade-Enabled
X-TEC-API-ORIGIN
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Goog-Storage-Class
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Type
Frame-Options
MS-Author-Via
Accept-Charset
Section-Io-Cache
Viewport
Fastly-SWR
Fastly-SIE
X-Content-Options
X-Ah-Environment
X-Fb-Rlafr
Version
X-TT
X-Nf-Request-Id
X-Cache-Control
X-B3-Sampled
X-B
X-Grace
Amp-Access-Control-Allow-Source-Origin
Content-MD5
X-Rid
X-Varnish-Ttl
X-Request-Guid
X-Revision
X-Trace-Id
X-Vcl-Version
X-Envoy-Decorator-Operation
X-Cdn
Healthy
X-SRCache-Store-Status
X-Device-Type
X-SRCache-Fetch-Status
X-Source
X-Magnolia-Registration
X-Origin-Cache
X-RateLimit-Remaining
X-Amz-Meta-S3cmd-Attrs
Server-Name
X-Contextid
X-Webkit-CSP
X-Aspnetmvc-Version
X-Language
X-CSRF-Token
X-WP-CF-Super-Cache-Active
X-Px
X-Mobile
X-Buckets
X-Backend-Name
TCN
Trailer
X-Cache-Age
X-FTR-Request-ID
X-Akamai-Edgescape
X-Proxy
X-App-Environment
X-Status
X-ProcessESI
X-Tumblr-User
X-RemovedCookies
X-RM-Cache-TTL
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
X-Tumblr-Pixel
DC
X-L-Path
X-NYM-Debug-Backend
X-Region
X-Rule
X-Instance
X-Storage
X-Mg-Request-UUID
X-Framework
X-Environment-Context
X-Debug-Info
Access-Control-Request-Headers
X-Varnish-Grace
X-FW-Dynamic
X-HTML-Minification-Powered-By
X-Adobe-Loc
X-Cacheable-TTL
X-Debug-IsConnected
X-UUID
X-Debug-IsPreview
X-ServerID
X-Proxy-Cache-Info
X-Content-Powered-By
Cross-Origin-Window-Policy
X-FW-Static
X-FW-Server
X-FW-Type
X-G
GEO-INFO
X-FW-Serve
X-Node-Name
SD-X-WS
X-FW-Version
NGB
X-FW-Hash
X-Adobe-Content
MS-CV
Ms-Operation-Id
X-Rendered-As
X-Tec-Api-Root
X-Datadog-Parent-Id
X-Is-Bot
X-Datadog-Sampled
X-Datadog-Trace-Id
X-Tec-Api-Origin
X-Tec-Api-Version
X-RTag
X-Datadog-Sampling-Priority
X-Seen-By
X-Yottaa-Optimizations
X-Cache-Time
X-Yottaa-Metrics
Upgrade-Insecure-Requests
X-EdgeConnect-Cache-Status
X-HS-Prerendered
X-Edge-Location
Paypal-Debug-Id
Charset
X-User-Agent
Protected
Countrycode
X-Whom
Front
OT-Force-Account-Verify
Webserver
X-Lambda-Id
Refresh
X-TT-LOGID
Section-Io-Id
X-WebKit-CSP-Report-Only
X-ECache
X-VHOST
X-IPS-LoggedIn
X-Reqid
Cross-Origin-Embedder-Policy-Report-Only
X-Response-Served-From
X-Original-Request-Id
X-VC
X-Amzn-Remapped-Content-Length
X-AB
X-Cache-Status-Check
Alternate-Protocol
X-N
X-Akamai-Request-ID2
Priority
SRV
Country
X-B3-Traceid
X-Time
Backend
X-Server-W
X-WP-CF-Super-Cache-Cookies-Bypass
Xet-Cookie
Liferay-Portal
X-B3-SpanId
X-Hl-Ver
X-CCDN-Origin-Time
X-Hcs-Proxy-Type
X-TraceId
X-XRDS-Location
X-CCDN-CacheTTL
X-Real-IP
X-Mode
Onion-Location
X-Cache-Expired-At
Webcakes-App-Name
X-Accel-Version
X-Auth-Group-Type
X-Cache-Host
Webcakes-Region
Webcakes-App-Version
TWC-Device-Class
Fastcgi-Useragent
X-Origin-CC
X-Origin-TTL
Filters
Meta-Geo
Property-Id
X-Tb
Environment
TWC-GeoIP-LatLong
TWC-Locale-Group
TWC-GeoIP-Country
From-Origin
ServerID
TWC-Connection-Speed
TWC-Privacy
X-Format
X-Scope-Id
X-Skip-Cache
X-JoinUs
X-UPSTREAM-Address
X-Origin-Date
X-Origin-Hint
X-Rewrite-Enabled
X-Rn-Rsrv
X-SaId
X-Frame-Option
X-Tumblr-Pixel-2
X-VC-Cache
X-FB-TRIP-ID
X-Fetched-On
X-Web-Node
X-Restarts
Accept-Language
DB-Nickname
X-Webstats-RespID
X-Say-Cacheable
X-Say-TTL
Mn-Server-Ip
Expiry
X-Varnish-Age
X-Request-URI
X-Nginx-Cache
Atl-Traceid
X-Varnish-Cache-Hits
X-SayCDN-TTL
X-Redis-Cache
X-Hosted-By
X-Connection-Hash
X-IPLB-Request-ID
X-Forwarded-Host
X-BYPASS-REASON
X-Cluster-Node
X-Director
X-Cache-Action
Web-Mar-Node
X-IPLB-Instance
X-Logging-Id
X-ProxyCache-Key
X-R9-Blue-Green-Version
X-ProxyCache-Status
Uber-Trace-Id
X-PHP-Host
X-Vcache
X-Cms-Context
X-Loop
X-Adobe-Source
X-Labrador-Cache-Channel
X-Tncms
X-Httpd
X-Handled-By
X-Served-From
Apigw-Requestid
X-Varnish-Beresp-Grace
X-Soup
X-Fastly-Request-Id
X-Servername
ServedBy
Url
X-Proxy-Build
X-Cluster
Selected-Fe
X-Wix-Request-Id
X-Timing-Wait
X-Zipkin-Id
VIX-Pulpo-Node
X-Detected-As
X-Cloudmap
X-Extlb
X-Generated-By
X-Origin
X-Routing-Service
X-S
VIX-Pulpo-Upstream-Status
X-Proxied
Cross-Origin-Embedder-Policy
X-LSADC-Cache
X-Hit
X-Rocket-Nginx-Serving-Static
X-DataDome
Referer-Policy
N-Cache
X-DynaTrace
X-SRV
X-Lagoon
Xserver
X-Ms-Version
X-Ms-Request-Id
X-Tumblr-Pixel-3
X-Webkit-Csp
X-Via-JSL
X-Xfnlog-Site
WPO-Cache-Message
WPO-Cache-Status
LB
X-Azure-Ref-OriginShield
X-NWS-UUID-VERIFY
Source
Surrogated-Key
X-RateLimit-Remaining-Second
X-App-Version
X-Worker
X-RateLimit-Limit-Second
CF-IPCountry
X-VCT
X-RCS-CacheZone
X-Cache-Debug
X-Proxy-Cache-Status
X-Upstream-Ct
X-Upstream-Ht
X-Sucuri-Cache
X-Generation-Time
X-UA
Cross-Origin-Opener-Policy-Report-Only
Ohc-File-Size
X-Tcp-Rtt
Node
X-Is-Tablet
X-Geo-Region
X-Is-Supported-Browser
X-Is-Desktop
CDN-RequestId
X-Is-Mobile
X-F-Cache
X-Browser-Name
X-Urbn-Context-Path
Locale
X-Drupal-Cache-Contexts
X-Drupal-Cache-Tags
X-Urbn-Site-Id
X-Cdn-Origin
X-Sucuri-ID
X-No-Session
X-B-Cache
X-RateLimit-Limit
X-Signature
X-NODE
X-Varnish-Beresp-Ttl
X-Tx-Id
X-MP-GENERATED-AT
X-Shopify-Stage
X-ShardId
X-RID
X-ShopId
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Storefront-Renderer-Rendered
X-Alternate-Cache-Key
X-HS-CF-Cache-Status
X-Service
X-ElasticPress-Query
X-Cache-Operation
X-Cache-Rule
X-Locale
AMP-Access-Control-Allow-Source-Origin
Azure-InstanceId
Azure-RegionName
X-Ig-Origin-Region
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Apple-News-Services-Handled
Apple-News-Services-Host
Azure-SiteName
X-DPWN-IS-SECURE
Azure-SlotName
Cache-Provider
Thinkindot-CacheControl
Candidate-Md5Url
Thinkindot-CacheControl-Type
X-Ec-Fail
Azure-Version
BehaviorPad-Version
X-Conf
X-Ig-Push-State
X-Scheme
X-Developer
X-Mvc-Supplant-Cachable
W
X-We-Are-Hiring
X-Vtex-Remote-Cache
We-Hiring
X-Section
X-Bug-Bounty
X-ScT
X-Jobs
X-Internal-TTL
X-INCAP-ABP
XkeyRZ
Xc-Version
User-Agent
X-Loc
TDXMobile
Sslversion
X-GeoIP-City
Origin
L
Origin-Agent-Cluster
Host-ID
PFcat
Ha-Gx-Prefs
HA-Ipaddr
L5d-Success-Class
Lang
Meta-Geo-Continent
X-GeoCode
Ngx.Var.Host
MD5-Digest
Mail-Subject
X-GeoIP
X-GeoCountry
Gannett-Cam-Experience-Id
Fastly-GeoIP-CountryCode
Cdnsip
X-HN
Cluster
Cdncip
X-FC-Vary-Parameters
Wxu-Next-Commit
X-Epic-Correlation-Id
X-Eu-Site
Rendered-Blocks
Content-Secure-Policy
X-Gdpr
Expect-Staple
Fastly-Backend-Name
Producers
DCR-Processing-Time-Ms
Redirect-Candidate
DCR-Decision-By
X-Ec-GeoHdr
X-Mly-Id
X-Varnish-CookieHashed-On
X-Aicache-OS
X-Aed
X-D
X-Cache-NE
X-Proxied-Request
X-DefHash
X-Vdms-Version
Wxu-Next-Hostname
X-Vmg-Version
X-AB-Test
X-A-Wwc
X-A-Dgt
X-TIM-N
X-Csrf-Jwt
X-Access
X-Contensis-Viewer-Groups
X-DefElseHash
X-Cache-Info
X-VarnishDD-TTL
X-Backend-Instance
X-Varnish-Remaining-TTL
X-Cache-Aspx
X-Bc-Bl
X-Proto
X-BCube-Filmed-By
X-App-Name
X-Amz-Storage-Class
X-Varnish-CookieINHashed-On
X-AK-Request-ID
X-Debug-Cache-Store
X-Akamai-Device-Characteristics
X-Thinkindot-L3
X-Debug-Cache-Fetch
X-NGINX-Cache
X-A-Dcw
X-Varnish-Authentication
X-Proxy-CacheRZ
X-PAYTM-SRV-ID
X-Org
X-CGP
X-Origin-Expires
X-Path
X-Origin-Response-Time
Odigeo-Trace-Id
X-A-Dam
X-Origin-Time
X-Op-Id-All
X-Depends
X-Nyt-Route
X-Platform-Server
X-Request-Time
X-A-Ccd
Wxu-Next-Region
X-A
X-Rojux
X-Shield-Cache-Expires
X-Cache-Hit
Mime-Version
Akamai-Mon-Iucid-Del
X-Site-Version
X-XRDS-LOCATION
X-Amz-Meta-Cb-Modifiedtime
X-Dispatcher-Server
X-Clientip
X-Generated-On
X-Auto-Login
X-B3-Trace-ID
X-BBC-Edge-Cache-Status
Web-Mar-Region
X-Bl-Debug
Platform
X-Cdn-Srv
Origin-CC
X-Content-Length
X-Date
Origin-EX
Release
Tube-Got-Eval
X-Acquia-Purge-Cdn-Unconfigured
X-Edge-Server
X-Esi-Check
Tube-Got-Results
X-Cached-By
X-CacheTTL
X-Core-Value
Tube-Get-Contents
X-Ec-Custom-Error
X-Accel-Expires-Debug
X-Fastly-Backend
Server-Host
X-Cache-Id
X-Gamma-Serve
X-Cache-Grace
Product
X-Cache-Bucket
Tube-Return
Req-Svc-Chain
RNT-Time
X-Content-Age
RNT-Machine
X-Fmm-Version
V-Age
Cache
X-V-Cache
X-SIPLIST1
X-Cdn-Forward
X-UA-Device-Type
X-Policy
X-Pool
X-Var-Ttl
X-Slack-Backend
X-Platform
X-SB
X-Location
X-Level-Front-Cache
X-Irp-Debug
X-Micro-Cache
X-SD-PageType
NM-Fastcgi-Cache
X-Node-Id
X-NMSegId
X-Slack-Shared-Secret-Outcome
X-Powered-By-VTEX-Cache
X-VTEX-Cache-Server
Fl-Custom-Application
X-Viewer-Country
X-Req
X-VTEX-Cache-Time
Yak-Timeinfo
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-Via-Fastly
X-VG-WebCache
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Sn-Servicetimems
X-Varnish-Director
X-Tb-Optimization-Total-Bytes-Saved
X-ORCA-Accelerator
X-Pad
X-Varnishpool
A
X-NodeID
Cdn-Request-Time
DSUID
X-Gzip
X-Human
Esi-Enabled
Click-Count-Action-Start
Click-Count-Error
X-Hash
Content-Script-Type
Content-Style-Type
Debug
Fastly-SSL
Cdn-Host
IsBot
X-GeoIP-Country-Code
Cache-Key
X-GoCache-CacheStatus
CDCHOST
Gh-Request-Id
X-HS-Content-Campaign-Id
NGX
X-GeoIP-Region-Code
Canary
X-Pubstack
Country-Code
X-Bip
X-Cache-FS-Status
X-CUA
X-Gen-Mode
X-VG-TLSProxy
X-HITS
Pramga
X-Block-Status
X-Thanos
CDN-EdgeStorageId
CDN-CachedAt
ServerName
CDN-PullZone
CDN-RequestPullCode
CDN-RequestCountryCode
Ssr
X-Server-IP
User-Cache-Control
XM
X-Men
X-Mvc-Supplant-OutputCached
CDN-Cache
CDN-RequestPullSuccess
X-Request-Start
CDN-Uid
X-Hnp-Log
X-Newrelic-Synthetics
X-Request-Host
Req-ID
X-Varnish-Beresp-Status
X-URL
X-Varnish-Hits
X-HOST
X-LB-NoCache
X-TA-CDN-Provider
X-VServer
X-Optimistic-Header
X-Litespeed-Tag
TP-L2-Cache
X-Cache-Date
X-Geolocation
X-CACHE-GROUP
Sid
X-Application
X-B-Cookie
X-External-Request-Id
X-S-Cookie
X-IsAdmin
X-Api-Version
X-Refresh
X-Destination
X-Dc
X-CLOUD-TRACE-CONTEXT
X-Oracle-Dms-Ecid
X-Nananana
X-Via-SSL
X-Cs
X-GEO
Proxy-Firewall
X-Zen-Fury
X-Servedbyhost
CloudFront-Viewer-Country
X-Via-CDN
X-Via-Edge
Edge-Copy-Time
X-APP
Fastly-Drupal-HTML
X-CDN-Forward
X-LiteSpeed-Tag
Cdn-Requestid
X-DC
True-Client-Country-4JS
X-User
GeoIP-Latitude
X-RequestId
X-ZONE
X-LiteSpeed-Cache-Control
X-AIR-PT
X-HA-Backend
X-AWS-Id
X-Test
Server-Ext
Server-Hostname
Server-ID
X-LJ-Flow-ID
Sever-Int
X-Via-Popv
X-Via-Popn
C-Via
X-VWS-Id
X-Via-Poph
X-B3-Spanid
X-Endurance-Cache-Level
X-Country-Code-Real
Ohc-Cache-HIT
X-FTR-Backend
X-FTR-Backend-Server
X-FTR-Cache-Status
X-FTR-Expires
X-FTR-Balancer
X-Wa
X-Nc
Is-Eu
Adler-Geo
Fastly-Drupal-Html
X-Provided-By
X-VC-TTL
X-Air-Pt
X-CACHE-AGE
X-LB-ID
X-Zone
X-Nginx-Cache-Key
X-B3-Parentspanid
X-Dispatcher-Number
X-Webkit-Csp-Report-Only
X-CS
X-DynaTrace-JS-Agent
X-Tt-Logid
X-Presslabs-Stats
X-SERVER-NAME
Cdn
GeoIp-Country-Code
X-TH-Server
WP-Super-Cache
X-Vgn-Hpd-Reason
WZWS-RAY
HostName
X-COUNTRY
S-Rt
X-Moov-Xdn-Caching-Status
X-Moov-T
X-Geo-Header
X-Resp-Is-Stale
X-Moov-Xdn-Version
X-Custom-Header
T-Server
SID
Cache-Tv-Group
X-Srv
X-Old-Content-Length
X-Pass-Why
X-Datadome
X-DataCenter
X-Fpc
X-ND-Cache
True-Client-IP
X-Parent-Response-Time
X-API-Version
X-NewRelic-App-Data
Vc-Max-Age
X-CMSURLCustom
X-Cache-Server
X-Oracle-Dms-Rid
X-HubSpot-Correlation-Id
Resin-Trace
Pics-Label
X-Action
Powered-By
X-Cache-VC
Uri
X-Thinkindot-L1
X-Vercel-Id
X-Vercel-Cache
SEZNAM-JOBS-OFFER
Location
X-Srcache-Store-Status
X-Srcache-Fetch-Status
Vix-Hermes-Req-Id
True-Client-Ip
Tcn
Serverhost
N1-Cache
X-Ckpd-Fst-Backend
X-Stale
X-Fastly-Cache
X-FPC
X-Litespeed-Cache-Control
X-TX-ID
X-Dynatrace-Js-Agent
X-Client-Ip
X-Varnish-Beresp-TTL
X-Cache-TTL-Remaining
Thinkindot-Control
GeoIP-Country-Code
On-Server
Eagleeye-Traceid
Sm-Log-Id
X-Service-Response-Time
X-ApacheServer
ServerHost
Srv
X-PERF
X-APP-VERSION
X-Datacenter
Hostname
X-Vc
X-Traceid
Av-Poweredby
AKAMAI
X-Debug-Service
X-PHP-Backend
X-Nitro-Cache
X-Cdn-Cache-Status
X-Amz-Meta-Opti
TWC-GeoIP-City
Cache-Hits
X-Render-Time
X-Proxy-Cache-La3
TWC-GeoIP-DMA
TWC-GeoIP-Region
X-Fastly-Cache-Status
Xkeylog
Xkey-La3
X-WA-Info
X-Uri
X-WA
Server-Id
X-Air-Trace-Id
X-Air-Hostname
X-Air-Source
X-Ua
X-NC
X-Ssense-Shipping-Surcharge-Enabled
X-Ssense-Gql
Log-Origin
Cache-Contol
X-Udemy-Cache-App-Namespace
X-Lb-Id
RewriteTeamHook
RewriteTestHook
X-Ion-Hop
X-Ion-Healthy
X-Jungle-Id
X-Ee-Request-Date
X-Ee-Origin
X-Info
X-Ee-Request-Id
Cl-Cache
X-Ee-Generated-By
X-Geo
Store-Cloud-Cache
Time-Cloud-Cache
X-Cms-Device
X-Vary-Devices
X-Save-Cache
Magicmarker
Geoip-Latitude
X-Fastly-Backend-Reqs
X-Cache-Ttl
X-Via-PopH
X-Ha-Backend
X-Via-PopV
My-App
X-Oracle-DMS-ECID
X-Via-PopN
Cmsid
Lb
Cmstype
Cf-Ipcountry
WebServer
X-Github-Request-Id
X-Esi
X-ServedByHost
X-VTEX-Cache-Backend-Connect-Time
X-VTEX-Cache-Backend-Header-Time
Cloudfront-Viewer-Country
X-Requestid
X-From
X-Akamai-Pragma-Client-IP
X-Up
X-App
X-IAuth-Set-Uid
X-CDN-Cache-Status
X-VCL-Version
X-V
CDN
CacheControlHeader
X-Rollout
X-New
Warning
WWW-Authenticate
X-Eligible
X-Limited
X-Correlation-ID
CountryCode
X-Dw-Trace-Id
X-Region-Sid
X-MSEdge-Flight
Cneonction
X-Forwarded-Site
Machine
X-MSEdge-Features
X-LAGOON
X-Serial
X-Check-Cacheable
Reporter
X-Akamai-Transformed
X-Lb-Nocache
X-HS-Status
FSS-Cache
Pragrma
X-Acquia-Application-UUID
X-Acquia-Purge-Tags
Server-Info
X-Acquia-Site
X-Pod
X-Acquia-Application-Trace
X-Sucuri-Id
X-Elasticpress-Query
NtCoent-Length
X-Web-Server
Thinkindot-Cache-Type
X-BBC-Origin-Response-Status
X-Td-Header-From-No-Data
CF-Cached-On
X-Orig-Cache-Control
Edge-Cache
X-Cdn-Request-ID
X-Tncms-Bot-Tier
X-Ftr-Request-Id
X-Akamai-ERPolicy
X-Akamai-ERRuleID
X-Ms-Lease-Status
X-Ms-Blob-Type
X-Platform-Router
X-Platform-Processor
X-EC-Lua
Timeexpire
X-Ramcache
X-Platform-Cluster