Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
X-Frame-Options
Expires
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
Accept-Ranges
Expect-CT
CF-RAY
Pragma
X-Powered-By
X-Cache
Via
Age
X-XSS-Protection
Content-Security-Policy
Report-To
Alt-Svc
NEL
Referrer-Policy
X-Xss-Protection
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
X-Served-By
P3P
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Request-Id
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
CF-Ray
Content-Security-Policy-Report-Only
X-Runtime
X-DNS-Prefetch-Control
P3p
X-AspNet-Version
X-Drupal-Cache
Server-Timing
X-Generator
X-Cache-Status
X-Request-ID
X-Cacheable
X-Envoy-Upstream-Service-Time
Timing-Allow-Origin
X-FRAME-OPTIONS
X-Iinfo
X-Drupal-Dynamic-Cache
Accept-CH
Permissions-Policy
X-Content-Security-Policy
Access-Control-Expose-Headers
Feature-Policy
X-Check
Upgrade
Content-Encoding
Status
X-CDN
X-Ua-Compatible
X-AspNetMvc-Version
Access-Control-Max-Age
Host-Header
Cf-Edge-Cache
X-Robots-Tag
Request-Context
X-Amz-Request-Id
X-Amz-Id-2
X-Backend
X-Hacker
X-Turbo-Charged-By
Cf-Apo-Via
X-Cache-Group
X-Proxy-Cache
Keep-Alive
X-Via
X-Rq
X-Age
EagleId
X-Server
X-Dispatcher
X-UA-Device
X-Vhost
X-Amz-Version-Id
X-AH-Environment
Accept-CH-Lifetime
X-Ws-Request-Id
X-Dns-Prefetch-Control
X-Varnish-Cache
Grace
X-Server-Powered-By
X-Litespeed-Cache
X-WebKit-CSP
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Pingback
Allow
X-Swift-CacheTime
X-Swift-SaveTime
X-OneAgent-JS-Injection
X-Cache-Lookup
Ali-Swift-Global-Savetime
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Page-Speed
X-Cloud-Trace-Context
X-Device
X-Backend-Server
EagleEye-TraceId
X-Akam-SW-Version
X-Host
Surrogate-Control
X-Response-Time
Xkey
Cf-Railgun
X-Readtime
X-Server-Id
X-Node
X-HW
X-Ruxit-JS-Agent
X-LiteSpeed-Cache
Request-Id
X-Country
X-Url
X-Nginx-Cache-Status
X-Content-Type
Cache-Tag
X-NWS-LOG-UUID
X-Application-Context
Content-Location
X-Nginx-Upstream-Cache-Status
X-Clacks-Overhead
Service-Worker-Allowed
X-Trace
X-Amz-Server-Side-Encryption
Cross-Origin-Opener-Policy
Fastly-Restarts
X-Times
X-Country-Code
X-Rack-Cache
X-PC
X-Vname
X-TtlSet
X-Edge
X-Mcache
X-Midtier
Rating
Surrogate-Key
X-Server-Name
X-Browser-Type
X-Sol
X-Middleton-Display
Pagespeed
Display
X-Cache-TTL
X-Cnection
X-Abt-Application-Version
X-Element-Page-Cache
X-Exp-Variant
X-Kinja-Revision
X-Kinja-Build
X-Kinja
X-Kinja-Server
X-Exp-Id
X-Cdn-Fetch
X-GoogleNews-Bot
X-ESI
Nginx-Cache
X-Ser
X-Powered-By-Plesk
X-GitHub-Request-Id
X-Oneagent-Js-Injection
Edge-Control
X-D2id
Verso
X-Ac
X-Vcap-Request-Id
X-ECACHE
X-MS-InvokeApp
X-ARC
X-Client-IP
X-Dw-Request-Base-Id
X-ORACLE-DMS-RID
X-Amz-Rid
Response
X-Middleton-Response
X-CST
X-Navigation-Version
X-Goog-Hash
X-Daa-Tunnel
X-Powered-CMS
X-Upstream
X-B3-TraceId
X-Erf-Bev-Bev-Is-Generated
X-Instrumentation
X-Erf-Bev-Bev
X-Kraken-Loop-Name
X-PDP-UNCACHING-HASH
X-Server-Lifecycle-Phase
X-Edge-Location-Klb
X-Kinsta-Cache
X-Forwarded-For
X-Amzn-Trace-Id
X-Wormhole-Sdk
X-Cache-Key
Accept-Ch-Lifetime
X-Ratelimit-Limit
X-Ua-Device
AR-PoweredBy
AR-Request-ID
AR-ATIME
AR-SID
RTSS
X-Ttl
SPRequestDuration
X-NF-Request-ID
SPIisLatency
X-Mod-Pagespeed
Edge-Cache-Tag
Cache-Status
X-FastCGI-Cache
X-Ratelimit-Remaining
X-ORACLE-DMS-ECID
X-Server-ID
X-Version
Public-Key-Pins
X-Mg-S
AR-CACHE
X-Ruxit-Js-Agent
X-Ezoic-Cdn
X-Content-Digest
Cross-Origin-Resource-Policy
S
Realpath
SPRequestGuid
X-SharePointHealthScore
X-MSEdge-Ref
X-Shield-Request-Id
X-T
Fastcgi-Cache
X-Cached
X-Recruiting
X-Accel-Expires
X-Varnish-TTL
X-Fastly-Request-ID
X-Distributor
Front-End-Https
Access-Control-Request-Method
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Newrelic-App-Data
TP-Cache
X-Debug
X-Correlation-Id
Count-Hit
Arr-Disable-Session-Affinity
X-Request-Processing-Time
X-Request-Received
X-Id
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Cache-Config
MicrosoftSharePointTeamServices
X-Azure-Ref
Server-Node
X-Ua-Browser
X-Content-Security-Policy-Report-Only
X-LLID
X-VARITI-CCR
X-HS-Combine-CSS
X-PressLabs-Stats
X-Frontend
X-Cluster-Name
Cache-Tags
X-Ismobilevalue
X-TTL
X-Hits
Payment
X-GUploader-UploadID
X-Amz-Replication-Status
Origin-Trial
X-LB-Cache
X-Varnish-Backend
X-Goog-Metageneration
Accept-Ch
X-Protected-By
X-Forwarded-Proto
X-Microsite
X-Request-Handler-Origin-Region
Cleartype
X-Git-Hash
X-FB-Debug
Host
X-Unique-Id
X-Logged-In
Filterid
X-Varnish-Server
X-AppVersion
X-Www-Served-By
X-Activity-Id
X-Az
Content-Disposition
X-Ratelimit-Reset
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Pinterest-Rid
Pinterest-Generated-By
Pinterest-Version
X-Nf-Request-Id
X-Hostname
X-App-Server
X-NGENIX-Cache
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Page-Id
X-HP-Trace-Id
X-HP-Webp
X-DIS-Request-ID
X-Jurisdiction
X-Geo-Country
X-Fastcgi-Cache
X-Cambria-Cache-Control
X-B3-TraceId-Primal
Mrf-Cache-Status
MRF-Tech
Access-Control-Allow-Method
X-Xrds-Location
Akamai-GRN
X-Load-Cache
X-Origin-Server
X-Varnish-Ttl
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
Retry-After
X-Template
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Goog-Generation
X-Upgrade-Enabled
X-Aspnet-Version
MS-Author-Via
Fastly-SWR
Accept-Charset
Fastly-SIE
X-ASPNET-VERSION
Viewport
X-Type
X-TT
Section-Io-Cache
X-Fb-Rlafr
Frame-Options
X-TEC-API-ORIGIN
X-Content-Options
X-TEC-API-VERSION
X-Cache-Control
X-TEC-API-ROOT
Version
X-B3-Sampled
X-B
X-Grace
Content-MD5
X-Ah-Environment
X-RateLimit-Remaining
Amp-Access-Control-Allow-Source-Origin
X-Request-Guid
X-Trace-Id
X-Revision
X-SRCache-Store-Status
X-Envoy-Decorator-Operation
X-Vcl-Version
X-SRCache-Fetch-Status
X-Rid
Healthy
X-Device-Type
X-Source
X-Magnolia-Registration
X-Cdn
X-Amz-Meta-S3cmd-Attrs
X-Origin-Cache
X-Cache-Age
Server-Name
X-Contextid
X-CSRF-Token
X-WP-CF-Super-Cache-Active
X-Mobile
X-Language
X-Px
X-Aspnetmvc-Version
X-Webkit-CSP
X-Backend-Name
TCN
X-Buckets
X-Tec-Api-Root
X-Tec-Api-Version
X-Tec-Api-Origin
X-Proxy
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
X-Tumblr-Pixel
DC
X-Tumblr-User
X-App-Environment
X-RemovedCookies
X-Akamai-Edgescape
X-RM-Cache-TTL
X-ProcessESI
X-Debug-Info
X-Status
X-Mg-Request-UUID
X-Varnish-Grace
Access-Control-Request-Headers
X-Framework
X-Environment-Context
X-Rule
X-L-Path
X-Region
X-Adobe-Content
NGB
X-Node-Name
X-NYM-Debug-Backend
X-Adobe-Loc
X-Content-Powered-By
X-Cacheable-TTL
X-G
X-FW-Static
X-FTR-Request-ID
X-Instance
SD-X-WS
X-HTML-Minification-Powered-By
X-FW-Server
X-Storage
X-FW-Hash
X-ServerID
X-UUID
X-FW-Dynamic
X-FW-Version
X-FW-Serve
Cross-Origin-Window-Policy
X-FW-Type
X-Is-Bot
GEO-INFO
X-Datadog-Sampling-Priority
X-Datadog-Sampled
X-Rendered-As
X-Proxy-Cache-Info
X-Datadog-Parent-Id
X-Datadog-Trace-Id
X-Seen-By
MS-CV
Ms-Operation-Id
X-RTag
X-Debug-IsConnected
X-Debug-IsPreview
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-EdgeConnect-Cache-Status
X-Cache-Time
Trailer
Paypal-Debug-Id
Upgrade-Insecure-Requests
X-User-Agent
X-ECache
Charset
Countrycode
Webserver
Protected
X-HS-Prerendered
X-Edge-Location
X-Whom
Front
OT-Force-Account-Verify
X-Lambda-Id
X-B3-Traceid
X-WebKit-CSP-Report-Only
X-TT-LOGID
Refresh
X-Fastly-Request-Id
Section-Io-Id
X-VC
X-TraceId
X-IPS-LoggedIn
X-N
X-Akamai-Request-ID2
X-Cache-Status-Check
Priority
X-AB
Country
X-VHOST
X-Time
Alternate-Protocol
X-Reqid
X-Amzn-Remapped-Content-Length
X-Original-Request-Id
Backend
X-Response-Served-From
Cross-Origin-Embedder-Policy-Report-Only
X-WP-CF-Super-Cache-Cookies-Bypass
X-Server-W
Xet-Cookie
X-Hcs-Proxy-Type
X-Hl-Ver
X-CCDN-CacheTTL
X-CCDN-Origin-Time
Liferay-Portal
SRV
X-Real-IP
X-Mode
X-B3-SpanId
Onion-Location
X-Accel-Version
X-Frame-Option
X-FB-TRIP-ID
X-Tumblr-Pixel-2
X-UPSTREAM-Address
X-SaId
Filters
Fastcgi-Useragent
From-Origin
Meta-Geo
ServerID
X-Rewrite-Enabled
X-Rn-Rsrv
X-Skip-Cache
X-Cache-Host
X-Tb
X-Scope-Id
X-Auth-Group-Type
Environment
X-Fetched-On
X-JoinUs
X-VC-Cache
X-Web-Node
X-Origin-Date
Accept-Language
X-SayCDN-TTL
X-Cache-Action
Property-Id
TWC-Connection-Speed
X-R9-Blue-Green-Version
TWC-GeoIP-Country
TWC-GeoIP-LatLong
X-Cluster-Node
TWC-Device-Class
X-Redis-Cache
X-Origin-TTL
X-Say-Cacheable
X-Request-URI
Atl-Traceid
X-ProxyCache-Status
Expiry
X-Varnish-Age
X-Restarts
X-Varnish-Cache-Hits
X-Webstats-RespID
TWC-Locale-Group
X-Logging-Id
X-BYPASS-REASON
X-ProxyCache-Key
X-Say-TTL
X-Origin-CC
X-IPLB-Instance
X-Origin-Hint
X-Hosted-By
Webcakes-Region
TWC-Privacy
X-Cache-Expired-At
X-Director
X-IPLB-Request-ID
Uber-Trace-Id
X-Format
Webcakes-App-Version
X-Connection-Hash
Webcakes-App-Name
Mn-Server-Ip
X-PHP-Host
X-Varnish-Beresp-Grace
X-Handled-By
X-Served-From
X-Loop
X-Forwarded-Host
DB-Nickname
X-Soup
Web-Mar-Node
X-Labrador-Cache-Channel
X-Tncms
X-Cms-Context
Apigw-Requestid
X-Vcache
X-Adobe-Source
Selected-Fe
ServedBy
VIX-Pulpo-Upstream-Status
X-Cluster
X-Httpd
VIX-Pulpo-Node
X-Timing-Wait
X-Proxy-Build
X-Wix-Request-Id
X-Zipkin-Id
X-Extlb
X-Cloudmap
X-Detected-As
Url
X-Origin
X-Servername
X-Routing-Service
X-S
X-Proxied
X-Generated-By
X-LSADC-Cache
X-SRV
X-Rocket-Nginx-Serving-Static
Referer-Policy
Cross-Origin-Embedder-Policy
X-Lagoon
X-Via-JSL
N-Cache
X-DynaTrace
X-Hit
X-DataDome
Xserver
X-Ms-Request-Id
X-Ms-Version
X-Nginx-Cache
X-Tumblr-Pixel-3
X-XRDS-Location
LB
X-Xfnlog-Site
WPO-Cache-Status
X-Webkit-Csp
WPO-Cache-Message
X-Azure-Ref-OriginShield
X-NWS-UUID-VERIFY
Source
CF-IPCountry
Surrogated-Key
X-RateLimit-Limit-Second
X-Worker
X-VCT
X-RateLimit-Remaining-Second
X-Cache-Debug
X-Proxy-Cache-Status
X-RCS-CacheZone
X-Upstream-Ht
X-Upstream-Ct
X-UA
X-Generation-Time
X-Sucuri-Cache
CDN-RequestId
X-Is-Mobile
X-Is-Tablet
X-Browser-Name
X-Tcp-Rtt
X-Is-Supported-Browser
X-Is-Desktop
X-Geo-Region
X-App-Version
X-F-Cache
X-Urbn-Site-Id
X-Urbn-Context-Path
X-No-Session
Node
X-Cdn-Origin
Locale
X-Signature
X-Drupal-Cache-Contexts
X-Drupal-Cache-Tags
X-Sucuri-ID
X-B-Cache
X-RID
Cross-Origin-Opener-Policy-Report-Only
X-NGINX-Cache
X-XRDS-LOCATION
X-CLOUD-TRACE-CONTEXT
Ohc-File-Size
X-RateLimit-Limit
X-MP-GENERATED-AT
AMP-Access-Control-Allow-Source-Origin
X-ShardId
X-Shopify-Stage
X-NODE
X-ShopId
X-Alternate-Cache-Key
X-Sorting-Hat-PodId
X-Storefront-Renderer-Rendered
X-Sorting-Hat-ShopId
X-Tx-Id
X-ElasticPress-Query
X-Locale
X-Service
X-Cache-Operation
X-Cache-Rule
Thinkindot-CacheControl-Type
X-Backend-Instance
X-App-Name
Thinkindot-CacheControl
X-BCube-Filmed-By
X-Bc-Bl
We-Hiring
TDXMobile
X-AK-Request-ID
X-A-Wwc
X-A-Dgt
X-A-Dam
X-A-Dcw
X-Aed
X-A-Ccd
Sslversion
X-Aicache-OS
X-A
X-Amz-Storage-Class
Meta-Geo-Continent
Cdnsip
Cdncip
Cluster
Content-Secure-Policy
DCR-Processing-Time-Ms
DCR-Decision-By
Candidate-Md5Url
BehaviorPad-Version
Azure-RegionName
Azure-InstanceId
Azure-SiteName
Azure-SlotName
Azure-Version
Expect-Staple
Fastly-Backend-Name
Odigeo-Trace-Id
Ngx.Var.Host
Origin
Origin-Agent-Cluster
Redirect-Candidate
Producers
X-Bug-Bounty
MD5-Digest
Gannett-Cam-Experience-Id
Fastly-GeoIP-CountryCode
Host-ID
Lang
Mail-Subject
Rendered-Blocks
X-D
X-Proxied-Request
X-Proto
X-Proxy-CacheRZ
X-Request-Time
X-Scheme
X-Rojux
X-Platform-Server
X-PAYTM-SRV-ID
X-Origin-Expires
X-Org
X-Origin-Response-Time
X-Origin-Time
X-Path
X-ScT
X-Shield-Cache-Expires
X-Vtex-Remote-Cache
X-Vmg-Version
X-We-Are-Hiring
Xc-Version
XkeyRZ
X-Vdms-Version
X-Varnish-Remaining-TTL
X-TIM-N
X-Thinkindot-L3
X-Varnish-Authentication
X-Varnish-CookieHashed-On
X-Varnish-CookieINHashed-On
X-Nyt-Route
X-Mvc-Supplant-Cachable
X-Depends
X-DefHash
X-DPWN-IS-SECURE
X-Ec-Fail
X-Ec-GeoHdr
X-DefElseHash
X-Debug-Cache-Store
X-Cache-NE
X-Cache-Info
X-Conf
X-Contensis-Viewer-Groups
X-Debug-Cache-Fetch
X-Epic-Correlation-Id
X-FC-Vary-Parameters
X-Internal-TTL
X-INCAP-ABP
X-Jobs
X-Loc
X-Mly-Id
X-Ig-Push-State
X-Ig-Origin-Region
X-GeoCode
X-Gdpr
X-GeoCountry
X-GeoIP
X-GeoIP-City
X-Cache-Aspx
X-Developer
X-Varnish-Beresp-Ttl
X-HS-CF-Cache-Status
X-Site-Version
X-Pad
X-Cache-Hit
Mime-Version
X-Cdn-Forward
Apple-News-Services-Parsed-Url
X-Newrelic-Synthetics
X-Eu-Site
X-HN
X-Edge-Server
X-Esi-Check
Apple-News-Services-Host
X-Ec-Custom-Error
X-Dispatcher-Server
X-Csrf-Jwt
Apple-News-Services-Request-Url
Tube-Return
Tube-Got-Results
Tube-Get-Contents
Tube-Got-Eval
X-Fastly-Backend
Apple-News-Services-Handled
X-Cache-Grace
Req-Svc-Chain
X-Gamma-Serve
Release
X-Cache-Id
X-Generated-On
X-VarnishDD-TTL
RNT-Machine
X-Op-Id-All
Yak-Timeinfo
X-Section
X-Fmm-Version
RNT-Time
Server-Host
V-Age
Cache-Provider
Ha-Gx-Prefs
HA-Ipaddr
X-Content-Age
W
X-Core-Value
X-Amz-Meta-Cb-Modifiedtime
X-Auto-Login
X-Clientip
User-Agent
L5d-Success-Class
X-Cdn-Srv
X-BBC-Edge-Cache-Status
X-B3-Trace-ID
L
Wxu-Next-Commit
Wxu-Next-Hostname
Web-Mar-Region
X-Akamai-Device-Characteristics
X-Cache-Bucket
X-Wikidot-Static-Cache
X-Cached-By
X-CGP
X-Date
X-CacheTTL
PFcat
Wxu-Next-Region
X-Acquia-Purge-Cdn-Unconfigured
X-Accel-Expires-Debug
X-Access
X-AB-Test
X-Bl-Debug
Product
X-Varnishpool
Click-Count-Action-Start
X-Varnish-Director
X-Req
X-SB
Cdn-Request-Time
Click-Count-Error
X-Powered-By-VTEX-Cache
X-Platform
Debug
X-Wikidot-Backend
X-Policy
X-Pool
Content-Script-Type
Cdn-Host
X-Var-Ttl
X-Sn-Servicetimems
X-Slack-Shared-Secret-Outcome
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
A
X-Tb-Optimization-Total-Bytes-Saved
X-Slack-Backend
X-SIPLIST1
X-V-Cache
X-SD-PageType
Canary
Cache-Key
X-UA-Device-Type
Cache
DSUID
Content-Style-Type
X-GoCache-CacheStatus
X-Gzip
Origin-CC
X-Viewer-Country
X-Level-Front-Cache
X-Irp-Debug
X-VTEX-Cache-Server
X-HS-Content-Campaign-Id
NM-Fastcgi-Cache
X-Human
X-VTEX-Cache-Time
X-Hash
Origin-EX
X-GeoIP-Region-Code
X-GeoIP-Country-Code
X-NMSegId
X-Node-Id
X-Via-Fastly
Esi-Enabled
Gh-Request-Id
X-Location
IsBot
Platform
X-Micro-Cache
X-VG-WebCache
XM
X-Thanos
X-Gen-Mode
X-Hnp-Log
X-Varnish-Beresp-Status
X-Men
X-Mvc-Supplant-OutputCached
Fastly-SSL
CDCHOST
X-Pubstack
X-CUA
Sid
X-VG-TLSProxy
X-Request-Start
X-Request-Host
X-Server-IP
X-Bip
NGX
X-ORCA-Accelerator
User-Cache-Control
X-Content-Length
CDN-Uid
Pramga
Fl-Custom-Application
ServerName
Ssr
X-NodeID
Req-ID
CDN-RequestPullSuccess
Country-Code
CDN-EdgeStorageId
CDN-RequestPullCode
X-Block-Status
CDN-CachedAt
X-Cache-FS-Status
CDN-Cache
CDN-RequestCountryCode
CDN-PullZone
Akamai-Mon-Iucid-Del
X-Dc
X-Optimistic-Header
TP-L2-Cache
X-Api-Version
X-Varnish-Hits
X-TA-CDN-Provider
X-HOST
X-VServer
X-Litespeed-Tag
X-LB-NoCache
X-CACHE-GROUP
X-Cache-Date
X-Refresh
X-Geolocation
X-GEO
X-Cs
X-External-Request-Id
X-APP
X-Destination
X-IsAdmin
Proxy-Firewall
X-S-Cookie
X-LiteSpeed-Tag
X-Application
X-B-Cookie
X-Nananana
X-Via-SSL
X-HITS
X-Via-Edge
X-B3-Spanid
X-Via-CDN
CloudFront-Viewer-Country
X-Servedbyhost
True-Client-Country-4JS
Fastly-Drupal-Html
X-Zen-Fury
Edge-Copy-Time
X-AWS-Id
X-LiteSpeed-Cache-Control
X-VWS-Id
X-LJ-Flow-ID
Cdn-Requestid
X-Zone
Sever-Int
X-CDN-Forward
X-User
C-Via
GeoIP-Latitude
Server-Ext
Server-Hostname
X-RequestId
X-Test
X-Endurance-Cache-Level
X-Provided-By
Adler-Geo
X-Air-Pt
X-Via-Poph
X-Via-Popn
Fastly-Drupal-HTML
X-AIR-PT
Is-Eu
X-HA-Backend
X-Via-Popv
X-FTR-Expires
X-Country-Code-Real
X-FTR-Backend
X-FTR-Cache-Status
X-FTR-Balancer
X-FTR-Backend-Server
X-DynaTrace-JS-Agent
X-DC
Ohc-Cache-HIT
X-Nginx-Cache-Key
Server-ID
X-ZONE
X-B3-Parentspanid
X-Wa
X-Dispatcher-Number
X-Nc
X-VC-TTL
X-LB-ID
S-Rt
X-Webkit-Csp-Report-Only
X-CS
HostName
GeoIp-Country-Code
WZWS-RAY
X-Tt-Logid
X-Presslabs-Stats
Cdn
X-Vgn-Hpd-Reason
X-Oracle-Dms-Ecid
X-TH-Server
Cache-Tv-Group
X-Custom-Header
X-COUNTRY
T-Server
X-URL
X-Datadome
X-Geo-Header
WP-Super-Cache
X-Moov-Xdn-Caching-Status
X-Moov-Xdn-Version
True-Client-IP
X-ND-Cache
X-Pass-Why
X-Resp-Is-Stale
X-Moov-T
X-Srv
X-CACHE-AGE
X-Parent-Response-Time
X-Old-Content-Length
X-Cache-Server
X-CMSURLCustom
X-DataCenter
Vc-Max-Age
SID
X-HubSpot-Correlation-Id
Resin-Trace
X-Fpc
X-NewRelic-App-Data
X-API-Version
Pics-Label
Uri
X-Varnish-Beresp-TTL
Powered-By
X-Cache-VC
X-Action
X-Thinkindot-L1
X-FPC
X-Vercel-Id
X-Vercel-Cache
Location
Vix-Hermes-Req-Id
SEZNAM-JOBS-OFFER
X-Srcache-Fetch-Status
X-APP-VERSION
X-Srcache-Store-Status
X-TX-ID
X-Ckpd-Fst-Backend
X-Fastly-Cache
True-Client-Ip
Srv
Tcn
X-SERVER-NAME
X-Stale
On-Server
Serverhost
Thinkindot-Control
N1-Cache
X-Litespeed-Cache-Control
X-Client-Ip
ServerHost
GeoIP-Country-Code
Sm-Log-Id
X-Service-Response-Time
X-Dynatrace-Js-Agent
Hostname
X-Cache-TTL-Remaining
X-ApacheServer
X-Datacenter
X-PHP-Backend
AKAMAI
X-Oracle-Dms-Rid
Server-Id
X-PERF
X-Amz-Meta-Opti
X-NC
X-Debug-Service
Xkeylog
X-Nitro-Cache
Cache-Hits
X-WA-Info
X-Fastly-Cache-Status
TWC-GeoIP-Region
TWC-GeoIP-DMA
TWC-GeoIP-City
X-Render-Time
X-Proxy-Cache-La3
Xkey-La3
X-Air-Trace-Id
X-Air-Source
X-Cdn-Cache-Status
X-WA
X-Air-Hostname
Av-Poweredby
X-Info
X-Ua
X-Lb-Id
Magicmarker
Cl-Cache
X-Ssense-Gql
X-Vc
X-Ssense-Shipping-Surcharge-Enabled
Log-Origin
Geoip-Latitude
X-Jungle-Id
RewriteTestHook
X-Uri
X-Ha-Backend
X-Udemy-Cache-App-Namespace
X-Ee-Origin
X-Ion-Hop
X-Via-PopH
RewriteTeamHook
X-Geo
X-Via-PopV
Cache-Contol
X-Fastly-Backend-Reqs
X-Ion-Healthy
X-Vary-Devices
X-Via-PopN
X-Ee-Request-Id
X-Save-Cache
X-Ee-Request-Date
X-Ee-Generated-By
Store-Cloud-Cache
Time-Cloud-Cache
X-Cms-Device
X-Cache-Ttl
Cmstype
Cmsid
My-App
Cloudfront-Viewer-Country
X-Oracle-DMS-ECID
X-V
X-IAuth-Set-Uid
X-CDN-Cache-Status
X-VTEX-Cache-Backend-Header-Time
X-VTEX-Cache-Backend-Connect-Time
Lb
X-Github-Request-Id
X-ServedByHost
Cf-Ipcountry
CDN
X-Esi
X-Rollout
X-Requestid
X-Eligible
X-Limited
X-New
X-App
X-Akamai-Pragma-Client-IP
X-VCL-Version
X-From
Machine
X-Forwarded-Site
Warning
WWW-Authenticate
X-Traceid
X-Up
CacheControlHeader
WebServer
X-Region-Sid
X-Correlation-ID
CountryCode
X-Dw-Trace-Id
X-MSEdge-Flight
X-LAGOON
X-MSEdge-Features
X-Lb-Nocache
Cneonction
Server-Info
Pragrma
Reporter
X-Serial
Edge-Cache
X-Ftr-Request-Id
X-HS-Status
X-EC-Lua
X-Acquia-Site
X-Acquia-Purge-Tags
X-Pod
X-Akamai-Transformed
X-Check-Cacheable
X-Acquia-Application-UUID
X-Acquia-Application-Trace
FSS-Cache
X-Cdn-Request-ID
X-Git-Commit
X-Sucuri-Id
X-Container-Uri
X-Ms-Lease-Status
X-UP
X-Ramcache
X-BBC-Origin-Response-Status
X-Ms-Blob-Type
X-Td-Header-From-No-Data
Thinkindot-Cache-Type
X-Fastly-Cache-Hits
X-Akamai-ERRuleID
X-Web-Server
X-Varnish-Hostname
X-Platform-Router
Timeexpire
X-Orig-Cache-Control
X-Platform-Processor
Permission-Policy
X-SRCache-Key
X-Akamai-ERPolicy
X-Tncms-Bot-Tier
X-Platform-Cluster
CF-Cached-On
X-Elasticpress-Query