Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
X-Frame-Options
Expires
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
Accept-Ranges
Expect-CT
CF-RAY
Pragma
X-Powered-By
X-Cache
Via
Age
X-XSS-Protection
Content-Security-Policy
Report-To
Alt-Svc
NEL
Referrer-Policy
Access-Control-Allow-Origin
X-Xss-Protection
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
X-Served-By
P3P
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
CF-Ray
Content-Security-Policy-Report-Only
X-Runtime
X-DNS-Prefetch-Control
P3p
X-AspNet-Version
X-Drupal-Cache
Server-Timing
X-Generator
X-Cache-Status
X-Cacheable
X-Envoy-Upstream-Service-Time
Timing-Allow-Origin
X-Request-ID
X-FRAME-OPTIONS
X-Iinfo
X-Drupal-Dynamic-Cache
Permissions-Policy
X-Content-Security-Policy
Access-Control-Expose-Headers
X-Check
Feature-Policy
Upgrade
Content-Encoding
Status
X-CDN
X-Ua-Compatible
X-AspNetMvc-Version
Access-Control-Max-Age
Host-Header
Cf-Edge-Cache
Accept-CH
X-Robots-Tag
Request-Context
X-Amz-Request-Id
X-Amz-Id-2
X-Backend
X-Hacker
X-Turbo-Charged-By
Cf-Apo-Via
X-Cache-Group
X-Proxy-Cache
Keep-Alive
X-Via
X-Rq
X-Age
EagleId
X-Server
X-Dispatcher
X-UA-Device
X-Vhost
X-Amz-Version-Id
X-AH-Environment
X-Dns-Prefetch-Control
X-Ws-Request-Id
Accept-CH-Lifetime
X-Varnish-Cache
Grace
Accept-Ch
X-Server-Powered-By
X-Litespeed-Cache
X-WebKit-CSP
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Pingback
Allow
X-Swift-SaveTime
X-Swift-CacheTime
X-Cache-Lookup
Ali-Swift-Global-Savetime
X-OneAgent-JS-Injection
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Page-Speed
X-Cloud-Trace-Context
X-Device
X-Backend-Server
EagleEye-TraceId
X-Akam-SW-Version
X-Host
Surrogate-Control
X-Response-Time
Xkey
Cf-Railgun
X-Readtime
X-Node
X-HW
X-Server-Id
X-LiteSpeed-Cache
X-Ruxit-JS-Agent
Request-Id
X-Country
X-Url
X-Nginx-Cache-Status
X-Content-Type
X-NWS-LOG-UUID
Cache-Tag
X-Application-Context
Content-Location
X-Nginx-Upstream-Cache-Status
X-Clacks-Overhead
Service-Worker-Allowed
X-Trace
X-Amz-Server-Side-Encryption
Cross-Origin-Opener-Policy
Fastly-Restarts
X-Times
X-Country-Code
X-Rack-Cache
X-PC
X-Vname
X-TtlSet
X-Midtier
X-Edge
X-Mcache
Rating
Surrogate-Key
X-Oneagent-Js-Injection
Accept-Ch-Lifetime
X-Server-Name
X-Browser-Type
X-Sol
Display
Pagespeed
X-Middleton-Display
X-Cnection
X-Abt-Application-Version
X-Element-Page-Cache
X-Kinja
X-Exp-Variant
X-Exp-Id
X-Cdn-Fetch
X-Kinja-Build
X-GoogleNews-Bot
X-Kinja-Revision
X-Kinja-Server
X-ESI
X-Cache-TTL
Nginx-Cache
X-Ser
X-Powered-By-Plesk
X-GitHub-Request-Id
Edge-Control
X-D2id
Verso
X-Ac
X-Vcap-Request-Id
X-Dw-Request-Base-Id
X-ECACHE
X-ARC
X-MS-InvokeApp
X-Client-IP
X-ORACLE-DMS-RID
X-Amz-Rid
X-Middleton-Response
Response
X-Daa-Tunnel
X-Navigation-Version
X-CST
X-Goog-Hash
X-Powered-CMS
X-Upstream
X-B3-TraceId
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-PDP-UNCACHING-HASH
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
X-Instrumentation
X-Edge-Location-Klb
X-Kinsta-Cache
X-Forwarded-For
X-Amzn-Trace-Id
X-Server-ID
X-Cache-Key
X-Wormhole-Sdk
AR-PoweredBy
AR-Request-ID
AR-ATIME
AR-SID
X-Ua-Device
RTSS
X-Ruxit-Js-Agent
X-Ttl
X-Mod-Pagespeed
X-NF-Request-ID
SPRequestDuration
X-Ratelimit-Limit
SPIisLatency
Edge-Cache-Tag
X-FastCGI-Cache
Cache-Status
X-ORACLE-DMS-ECID
X-Version
Public-Key-Pins
X-Mg-S
X-Ratelimit-Remaining
AR-CACHE
X-Ezoic-Cdn
X-Content-Digest
Cross-Origin-Resource-Policy
X-SharePointHealthScore
Realpath
SPRequestGuid
S
X-Shield-Request-Id
X-MSEdge-Ref
Fastcgi-Cache
X-T
X-Cached
X-Recruiting
X-Accel-Expires
X-Varnish-TTL
X-Fastly-Request-ID
X-Distributor
Access-Control-Request-Method
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
Front-End-Https
X-Newrelic-App-Data
TP-Cache
X-Correlation-Id
Count-Hit
X-Debug
Arr-Disable-Session-Affinity
X-Request-Processing-Time
X-HS-Content-Id
X-HS-Cache-Config
X-Request-Received
X-HS-Hub-Id
Server-Node
MicrosoftSharePointTeamServices
X-Ua-Browser
X-Azure-Ref
X-Id
X-LLID
X-Content-Security-Policy-Report-Only
X-VARITI-CCR
X-HS-Combine-CSS
X-PressLabs-Stats
X-Frontend
Cache-Tags
X-Cluster-Name
X-Ismobilevalue
X-Hits
X-TTL
X-GUploader-UploadID
Payment
X-Amz-Replication-Status
X-LB-Cache
Origin-Trial
X-Varnish-Backend
X-Goog-Metageneration
X-Forwarded-Proto
X-Protected-By
X-Request-Handler-Origin-Region
X-Microsite
Cleartype
X-FB-Debug
X-Git-Hash
X-Unique-Id
X-Logged-In
Host
X-Az
Pinterest-Generated-By
X-AppVersion
Pinterest-Version
X-Activity-Id
Filterid
Content-Disposition
X-Pinterest-Rid
X-Varnish-Server
X-Ratelimit-Reset
X-Www-Served-By
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-Hostname
X-NGENIX-Cache
X-Nf-Request-Id
X-App-Server
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Page-Id
X-Jurisdiction
X-HP-Webp
X-HP-Trace-Id
X-DIS-Request-ID
X-Geo-Country
X-Fastcgi-Cache
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
X-Cambria-Cache-Control
Access-Control-Allow-Method
Akamai-GRN
X-Load-Cache
X-Origin-Server
X-Varnish-Ttl
X-Xrds-Location
Retry-After
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
X-Template
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Generation
X-Upgrade-Enabled
X-RateLimit-Remaining
X-Aspnet-Version
Viewport
MS-Author-Via
X-Type
Section-Io-Cache
X-ASPNET-VERSION
Accept-Charset
Fastly-SIE
X-Fb-Rlafr
Frame-Options
Fastly-SWR
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-Content-Options
X-TEC-API-ROOT
X-B3-Sampled
X-TT
Version
X-Cache-Control
X-Grace
X-Ah-Environment
Content-MD5
X-B
Amp-Access-Control-Allow-Source-Origin
X-Request-Guid
X-Trace-Id
X-Revision
X-SRCache-Fetch-Status
X-Envoy-Decorator-Operation
X-Vcl-Version
X-SRCache-Store-Status
X-Rid
Healthy
X-Device-Type
X-Source
X-Origin-Cache
X-Magnolia-Registration
X-Cdn
X-Amz-Meta-S3cmd-Attrs
X-Cache-Age
X-Contextid
Server-Name
X-CSRF-Token
X-WP-CF-Super-Cache-Active
X-Language
X-Px
X-Mobile
X-Webkit-CSP
TCN
X-Backend-Name
X-Aspnetmvc-Version
X-Buckets
X-Tec-Api-Origin
X-Tec-Api-Root
X-Tec-Api-Version
X-Proxy
X-Tumblr-User
X-Tumblr-Pixel
X-Tumblr-Pixel-1
DC
X-Tumblr-Pixel-0
X-RemovedCookies
X-ProcessESI
X-Akamai-Edgescape
X-App-Environment
X-Storage
X-Rule
X-Varnish-Grace
X-Mg-Request-UUID
X-L-Path
X-RM-Cache-TTL
X-Framework
X-Status
X-Environment-Context
X-Debug-Info
Access-Control-Request-Headers
Trailer
X-Instance
SD-X-WS
NGB
X-Region
X-ServerID
Cross-Origin-Window-Policy
X-Proxy-Cache-Info
X-NYM-Debug-Backend
X-Content-Powered-By
X-FW-Type
X-FW-Hash
X-FW-Serve
X-FW-Server
X-FW-Dynamic
X-FW-Version
X-FW-Static
X-Node-Name
X-Debug-IsConnected
X-Debug-IsPreview
X-Cacheable-TTL
X-HTML-Minification-Powered-By
X-FTR-Request-ID
X-UUID
X-Seen-By
Ms-Operation-Id
MS-CV
GEO-INFO
X-Is-Bot
X-Rendered-As
X-RTag
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Adobe-Content
X-Datadog-Sampling-Priority
X-Datadog-Trace-Id
X-Datadog-Parent-Id
X-Datadog-Sampled
X-G
X-Adobe-Loc
X-EdgeConnect-Cache-Status
Paypal-Debug-Id
X-Cache-Time
Upgrade-Insecure-Requests
X-ECache
X-User-Agent
Countrycode
Webserver
Charset
X-Edge-Location
X-HS-Prerendered
Front
Protected
X-Whom
X-B3-Traceid
OT-Force-Account-Verify
X-TT-LOGID
X-WebKit-CSP-Report-Only
X-Lambda-Id
Refresh
X-Fastly-Request-Id
Section-Io-Id
X-VC
X-TraceId
X-IPS-LoggedIn
X-N
X-Cache-Status-Check
X-Reqid
X-Akamai-Request-ID2
Priority
X-VHOST
X-Amzn-Remapped-Content-Length
Country
X-AB
X-Time
X-Original-Request-Id
Cross-Origin-Embedder-Policy-Report-Only
Alternate-Protocol
X-Response-Served-From
Backend
X-WP-CF-Super-Cache-Cookies-Bypass
SRV
Xet-Cookie
Liferay-Portal
X-Hl-Ver
X-Server-W
X-Hcs-Proxy-Type
X-CCDN-Origin-Time
X-CCDN-CacheTTL
X-B3-SpanId
X-Mode
Onion-Location
X-Real-IP
X-Rn-Rsrv
X-Auth-Group-Type
X-Accel-Version
X-Rewrite-Enabled
X-JoinUs
X-Frame-Option
X-FB-TRIP-ID
X-Tumblr-Pixel-2
X-Web-Node
X-UPSTREAM-Address
ServerID
Meta-Geo
X-Skip-Cache
Accept-Language
X-Fetched-On
X-Tb
X-Cache-Host
X-SaId
From-Origin
X-Scope-Id
Filters
X-Origin-Date
Fastcgi-Useragent
X-BYPASS-REASON
X-Connection-Hash
X-Webstats-RespID
X-ProxyCache-Key
X-ProxyCache-Status
TWC-Privacy
TWC-Locale-Group
X-Cluster-Node
X-Cache-Action
Uber-Trace-Id
X-Origin-TTL
X-Say-Cacheable
X-Say-TTL
TWC-GeoIP-Country
TWC-GeoIP-LatLong
Property-Id
X-Origin-CC
TWC-Connection-Speed
X-SayCDN-TTL
TWC-Device-Class
Webcakes-App-Name
X-Restarts
X-Varnish-Cache-Hits
X-VC-Cache
Expiry
Webcakes-App-Version
X-Request-URI
Webcakes-Region
X-Logging-Id
X-Origin-Hint
X-Redis-Cache
X-Hosted-By
Atl-Traceid
X-Format
X-Varnish-Age
X-Cache-Expired-At
X-IPLB-Request-ID
X-R9-Blue-Green-Version
X-Director
X-IPLB-Instance
X-Httpd
Apigw-Requestid
X-Handled-By
X-Served-From
X-Soup
X-Varnish-Beresp-Grace
X-Forwarded-Host
DB-Nickname
Mn-Server-Ip
X-Tncms
Web-Mar-Node
X-Vcache
X-Cms-Context
X-Loop
X-Adobe-Source
X-Cluster
X-Labrador-Cache-Channel
ServedBy
X-Proxy-Build
X-Wix-Request-Id
Selected-Fe
Environment
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-PHP-Host
X-Timing-Wait
X-Routing-Service
X-Proxied
X-Extlb
X-Generated-By
X-Servername
Url
X-Detected-As
X-Zipkin-Id
X-Cloudmap
X-LSADC-Cache
X-Nginx-Cache
X-Origin
Cross-Origin-Embedder-Policy
X-Rocket-Nginx-Serving-Static
X-Lagoon
X-Via-JSL
N-Cache
X-S
Referer-Policy
Xserver
X-DataDome
X-DynaTrace
X-Hit
X-SRV
X-XRDS-Location
X-Ms-Version
X-Ms-Request-Id
X-Tumblr-Pixel-3
LB
X-Xfnlog-Site
WPO-Cache-Status
X-Webkit-Csp
WPO-Cache-Message
X-NWS-UUID-VERIFY
X-Azure-Ref-OriginShield
Source
Surrogated-Key
CF-IPCountry
X-Cache-Debug
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-VCT
X-RateLimit-Limit
X-Worker
X-Proxy-Cache-Status
X-RCS-CacheZone
X-App-Version
X-Upstream-Ht
X-Upstream-Ct
X-UA
CDN-RequestId
X-Sucuri-Cache
X-Generation-Time
X-F-Cache
X-No-Session
Node
X-Cdn-Origin
X-Urbn-Site-Id
X-Urbn-Context-Path
Locale
X-Signature
X-Tcp-Rtt
X-Drupal-Cache-Tags
X-Sucuri-ID
X-Drupal-Cache-Contexts
X-B-Cache
X-Geo-Region
X-Browser-Name
Cross-Origin-Opener-Policy-Report-Only
X-RID
X-Is-Desktop
Ohc-File-Size
X-Is-Mobile
X-Is-Supported-Browser
X-Is-Tablet
X-XRDS-LOCATION
X-CLOUD-TRACE-CONTEXT
AMP-Access-Control-Allow-Source-Origin
X-MP-GENERATED-AT
X-ShopId
X-ShardId
X-Sorting-Hat-ShopId
X-NODE
X-Storefront-Renderer-Rendered
X-Sorting-Hat-PodId
X-Shopify-Stage
X-Alternate-Cache-Key
X-Tx-Id
X-NGINX-Cache
X-Service
X-ElasticPress-Query
X-Locale
X-Cache-Rule
X-Cache-Operation
X-Origin-Response-Time
X-Origin-Expires
X-Org
X-Varnish-Beresp-Ttl
X-Mvc-Supplant-Cachable
Sslversion
X-Loc
DCR-Decision-By
X-Origin-Time
DCR-Processing-Time-Ms
X-Nyt-Route
X-Rojux
X-Proxy-CacheRZ
X-Request-Time
X-Proxied-Request
X-Platform-Server
X-Proto
X-Cache-NE
X-PAYTM-SRV-ID
X-Cache-Aspx
X-Path
X-Debug-Cache-Fetch
X-Cache-Info
X-Depends
Content-Secure-Policy
Azure-RegionName
Azure-SiteName
Azure-InstanceId
X-FC-Vary-Parameters
Cdncip
X-Developer
Azure-SlotName
Azure-Version
Candidate-Md5Url
X-Ec-Fail
X-Ec-GeoHdr
X-Epic-Correlation-Id
BehaviorPad-Version
Cdnsip
X-Gdpr
X-D
Cluster
X-Ig-Origin-Region
X-Ig-Push-State
X-Internal-TTL
X-INCAP-ABP
X-Conf
X-GeoIP-City
X-GeoCode
X-Contensis-Viewer-Groups
X-GeoCountry
X-GeoIP
X-Scheme
X-Jobs
Gannett-Cam-Experience-Id
Origin
XkeyRZ
Origin-Agent-Cluster
X-AK-Request-ID
X-Aicache-OS
X-ScT
X-Amz-Storage-Class
X-Vmg-Version
X-App-Name
X-Vtex-Remote-Cache
X-We-Are-Hiring
Odigeo-Trace-Id
X-Aed
X-Site-Version
We-Hiring
X-A
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
TDXMobile
X-A-Ccd
Rendered-Blocks
X-A-Dgt
X-A-Wwc
X-A-Dcw
Redirect-Candidate
X-A-Dam
Ngx.Var.Host
Xc-Version
Host-ID
X-BCube-Filmed-By
X-Thinkindot-L3
X-TIM-N
X-Bug-Bounty
X-Debug-Cache-Store
Expect-Staple
X-Shield-Cache-Expires
Fastly-Backend-Name
Fastly-GeoIP-CountryCode
X-Bc-Bl
X-HS-CF-Cache-Status
Mail-Subject
X-Varnish-Authentication
X-Backend-Instance
MD5-Digest
Lang
Meta-Geo-Continent
X-Vdms-Version
X-Cache-Hit
X-Cdn-Forward
Mime-Version
X-Pad
X-Cached-By
Web-Mar-Region
V-Age
Tube-Got-Eval
X-Date
Tube-Get-Contents
Tube-Got-Results
Tube-Return
X-Content-Age
X-BBC-Edge-Cache-Status
X-Acquia-Purge-Cdn-Unconfigured
X-Clientip
X-Cdn-Srv
X-CacheTTL
X-Accel-Expires-Debug
X-Auto-Login
X-B3-Trace-ID
X-Amz-Meta-Cb-Modifiedtime
X-Bl-Debug
X-Cache-Grace
X-Cache-Bucket
X-Location
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Cache-Provider
Ha-Gx-Prefs
L
HA-Ipaddr
Apple-News-Services-Handled
Yak-Timeinfo
X-VG-WebCache
X-Varnishpool
X-Varnish-Remaining-TTL
X-Via-Fastly
X-Viewer-Country
X-Wikidot-Static-Cache
X-Wikidot-Backend
L5d-Success-Class
PFcat
X-Eu-Site
X-Csrf-Jwt
X-CGP
X-HN
X-Op-Id-All
X-VarnishDD-TTL
X-Section
X-Akamai-Device-Characteristics
X-Access
W
User-Agent
Wxu-Next-Commit
Wxu-Next-Hostname
X-AB-Test
Wxu-Next-Region
X-Varnish-Director
X-Varnish-CookieINHashed-On
X-HS-Content-Campaign-Id
X-Hash
X-GoCache-CacheStatus
X-Human
X-Irp-Debug
X-Mly-Id
X-Level-Front-Cache
X-GeoIP-Region-Code
X-GeoIP-Country-Code
X-Ec-Custom-Error
X-DPWN-IS-SECURE
X-Fastly-Backend
X-Fmm-Version
X-Generated-On
X-Gamma-Serve
X-Node-Id
X-Policy
X-Tb-Optimization-Total-Bytes-Saved
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-UA-Device-Type
X-V-Cache
X-Varnish-CookieHashed-On
X-Var-Ttl
X-Sn-Servicetimems
X-Slack-Shared-Secret-Outcome
X-Req
X-Pool
X-SB
X-SD-PageType
X-Slack-Backend
X-SIPLIST1
X-DefElseHash
X-DefHash
IsBot
Gh-Request-Id
DSUID
Origin-CC
Origin-EX
X-Newrelic-Synthetics
Release
Producers
Debug
Content-Style-Type
Cache-Key
Click-Count-Action-Start
Canary
Click-Count-Error
Cache
Content-Script-Type
A
Req-Svc-Chain
NGX
RNT-Machine
RNT-Time
Akamai-Mon-Iucid-Del
X-Content-Length
Fastly-SSL
X-Esi-Check
CDCHOST
X-Edge-Server
Fl-Custom-Application
Country-Code
XM
X-Cache-FS-Status
X-Cache-Id
ServerName
X-Gzip
X-Gen-Mode
Ssr
Cdn-Request-Time
CDN-RequestCountryCode
CDN-PullZone
Cdn-Host
CDN-CachedAt
CDN-EdgeStorageId
CDN-RequestPullCode
CDN-RequestPullSuccess
CDN-Uid
Esi-Enabled
X-Core-Value
X-CUA
CDN-Cache
X-ORCA-Accelerator
X-Block-Status
X-Request-Host
X-Server-IP
User-Cache-Control
Sid
X-Pubstack
Platform
X-Thanos
X-VTEX-Cache-Time
X-VTEX-Cache-Server
X-Varnish-Beresp-Status
Product
Pramga
X-Hnp-Log
X-Powered-By-VTEX-Cache
X-Bip
X-Mvc-Supplant-OutputCached
Server-Host
X-NMSegId
X-Dispatcher-Server
X-Platform
NM-Fastcgi-Cache
X-Micro-Cache
X-Varnish-Hits
X-Men
X-VG-TLSProxy
X-Optimistic-Header
X-Request-Start
X-NodeID
X-Dc
X-Api-Version
TP-L2-Cache
Req-ID
X-LB-NoCache
X-VServer
X-Litespeed-Tag
X-HOST
X-TA-CDN-Provider
X-Cache-Date
X-CACHE-GROUP
X-Geolocation
X-Refresh
X-Cs
X-LiteSpeed-Tag
X-IsAdmin
X-Application
X-S-Cookie
X-APP
X-External-Request-Id
X-Destination
X-B-Cookie
Proxy-Firewall
X-GEO
X-Via-CDN
Edge-Copy-Time
X-Servedbyhost
X-Via-Edge
X-HITS
X-Zen-Fury
X-Via-SSL
CloudFront-Viewer-Country
X-B3-Spanid
Fastly-Drupal-Html
True-Client-Country-4JS
X-Nananana
X-LiteSpeed-Cache-Control
X-Zone
X-VWS-Id
Cdn-Requestid
X-AWS-Id
X-LJ-Flow-ID
X-CDN-Forward
Sever-Int
Server-Hostname
C-Via
X-Test
X-RequestId
GeoIP-Latitude
Server-Ext
X-User
X-Provided-By
X-Endurance-Cache-Level
X-AIR-PT
Adler-Geo
X-Via-Popn
X-Air-Pt
X-Via-Poph
Is-Eu
X-Via-Popv
X-HA-Backend
Fastly-Drupal-HTML
Ohc-Cache-HIT
X-DC
X-FTR-Backend-Server
X-FTR-Backend
X-FTR-Balancer
X-FTR-Cache-Status
X-Country-Code-Real
X-FTR-Expires
X-VC-TTL
X-ZONE
X-Nginx-Cache-Key
X-Nc
X-LB-ID
X-Wa
Server-ID
X-B3-Parentspanid
X-Dispatcher-Number
X-DynaTrace-JS-Agent
WZWS-RAY
S-Rt
GeoIp-Country-Code
X-Webkit-Csp-Report-Only
HostName
X-CS
Cdn
X-Presslabs-Stats
X-Tt-Logid
X-Vgn-Hpd-Reason
X-URL
X-COUNTRY
X-Geo-Header
X-Datadome
X-Oracle-Dms-Ecid
X-Srv
Cache-Tv-Group
X-Custom-Header
T-Server
WP-Super-Cache
True-Client-IP
X-Resp-Is-Stale
X-ND-Cache
X-Moov-T
X-Pass-Why
X-Moov-Xdn-Caching-Status
X-Moov-Xdn-Version
X-TH-Server
X-CACHE-AGE
X-Parent-Response-Time
Vc-Max-Age
X-Cache-Server
X-Old-Content-Length
X-DataCenter
X-CMSURLCustom
X-HubSpot-Correlation-Id
SID
X-Fpc
X-NewRelic-App-Data
Resin-Trace
X-API-Version
Pics-Label
Uri
X-Varnish-Beresp-TTL
X-Thinkindot-L1
X-Cache-VC
Location
SEZNAM-JOBS-OFFER
Vix-Hermes-Req-Id
Powered-By
X-FPC
X-Action
X-TX-ID
X-Srcache-Fetch-Status
X-Srcache-Store-Status
True-Client-Ip
X-Vercel-Id
X-Ckpd-Fst-Backend
X-Fastly-Cache
X-Vercel-Cache
X-Cache-Ttl
X-SERVER-NAME
Tcn
N1-Cache
On-Server
Serverhost
X-Stale
X-Litespeed-Cache-Control
Thinkindot-Control
X-Client-Ip
X-APP-VERSION
ServerHost
GeoIP-Country-Code
Srv
Sm-Log-Id
X-Dynatrace-Js-Agent
X-Service-Response-Time
Server-Id
X-Datacenter
X-Cache-TTL-Remaining
X-Amz-Meta-Opti
X-Oracle-Dms-Rid
X-PHP-Backend
X-PERF
X-ApacheServer
AKAMAI
Hostname
X-Air-Hostname
X-Proxy-Cache-La3
X-Air-Trace-Id
Xkey-La3
Xkeylog
X-Render-Time
X-Air-Source
X-Cdn-Cache-Status
TWC-GeoIP-Region
TWC-GeoIP-City
Av-Poweredby
TWC-GeoIP-DMA
X-Debug-Service
X-Fastly-Cache-Status
X-Nitro-Cache
X-WA
X-WA-Info
X-NC
Cache-Hits
Magicmarker
X-Lb-Id
X-Ua
Cl-Cache
X-Uri
X-Info
X-Ssense-Shipping-Surcharge-Enabled
X-Ssense-Gql
X-Vc
X-Ha-Backend
Log-Origin
RewriteTestHook
X-Jungle-Id
Cache-Contol
X-Via-PopN
X-Udemy-Cache-App-Namespace
X-Via-PopH
X-Via-PopV
X-Ion-Healthy
RewriteTeamHook
X-Ion-Hop
X-Fastly-Backend-Reqs
Time-Cloud-Cache
X-Ee-Generated-By
X-Geo
X-Save-Cache
X-Ee-Request-Id
X-Ee-Origin
Geoip-Latitude
X-Ee-Request-Date
X-Vary-Devices
X-Cms-Device
Store-Cloud-Cache
Cloudfront-Viewer-Country
X-V
Cmsid
Cmstype
My-App
X-CDN-Cache-Status
Cf-Ipcountry
Lb
X-VTEX-Cache-Backend-Header-Time
X-IAuth-Set-Uid
X-ServedByHost
X-Oracle-DMS-ECID
X-VTEX-Cache-Backend-Connect-Time
X-Github-Request-Id
CDN
X-Esi
X-From
X-VCL-Version
X-New
X-Rollout
X-Limited
X-Requestid
X-Akamai-Pragma-Client-IP
X-App
X-Eligible
Warning
WebServer
X-Traceid
X-Forwarded-Site
X-Region-Sid
X-Up
WWW-Authenticate
Machine
X-Correlation-ID
CountryCode
CacheControlHeader
X-MSEdge-Features
Cneonction
Server-Info
X-Lb-Nocache
X-LAGOON
X-MSEdge-Flight
X-Dw-Trace-Id
Pragrma
X-HS-Status
X-Acquia-Application-UUID
Reporter
X-Acquia-Site
X-Serial
X-Acquia-Purge-Tags
X-Check-Cacheable
X-Acquia-Application-Trace
X-Cdn-Request-ID
FSS-Cache
Edge-Cache
X-Pod
X-EC-Lua
X-Ftr-Request-Id
X-Akamai-Transformed
X-Sucuri-Id
X-Git-Commit
X-Container-Uri
X-UP
X-Web-Server
X-Td-Header-From-No-Data
X-Elasticpress-Query
NtCoent-Length
X-BBC-Origin-Response-Status
Thinkindot-Cache-Type
Timeexpire
X-Ramcache
X-Ms-Blob-Type
X-Platform-Router
X-Platform-Processor
X-Fastly-Cache-Hits
X-Platform-Cluster
X-Ms-Lease-Status
X-Tncms-Bot-Tier
X-SRCache-Key
Permission-Policy
X-Varnish-Hostname
X-Akamai-ERRuleID
CF-Cached-On
X-Akamai-ERPolicy
X-Orig-Cache-Control