Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
X-Frame-Options
Expires
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
Accept-Ranges
Expect-CT
CF-RAY
Pragma
X-Powered-By
X-Cache
Via
X-XSS-Protection
Age
Content-Security-Policy
Report-To
Alt-Svc
NEL
Referrer-Policy
Access-Control-Allow-Origin
X-Xss-Protection
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
X-Served-By
P3P
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Request-Id
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
CF-Ray
Content-Security-Policy-Report-Only
X-Runtime
X-DNS-Prefetch-Control
X-AspNet-Version
X-Drupal-Cache
X-Generator
Server-Timing
X-Cache-Status
P3p
X-Cacheable
X-Request-ID
X-Envoy-Upstream-Service-Time
Timing-Allow-Origin
X-FRAME-OPTIONS
X-Iinfo
X-Check
X-Drupal-Dynamic-Cache
Permissions-Policy
X-Content-Security-Policy
X-Ua-Compatible
Access-Control-Expose-Headers
Feature-Policy
Upgrade
Content-Encoding
Status
X-CDN
X-AspNetMvc-Version
Accept-CH
Access-Control-Max-Age
Host-Header
Cf-Edge-Cache
X-Robots-Tag
X-Amz-Request-Id
Request-Context
X-Amz-Id-2
X-Backend
Accept-CH-Lifetime
X-Hacker
X-Turbo-Charged-By
X-Cache-Group
Keep-Alive
X-Proxy-Cache
Cf-Apo-Via
X-Via
X-Rq
EagleId
X-Age
X-Server
X-UA-Device
X-Dispatcher
X-Vhost
X-Amz-Version-Id
X-AH-Environment
X-Ws-Request-Id
X-Dns-Prefetch-Control
X-Varnish-Cache
Grace
X-Server-Powered-By
X-Litespeed-Cache
X-WebKit-CSP
Allow
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Swift-CacheTime
X-Swift-SaveTime
X-Pingback
X-OneAgent-JS-Injection
X-Cache-Lookup
Ali-Swift-Global-Savetime
X-Page-Speed
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Device
EagleEye-TraceId
X-Backend-Server
X-Akam-SW-Version
X-Host
X-Response-Time
Surrogate-Control
X-Cloud-Trace-Context
Cf-Railgun
X-Readtime
X-Server-Id
X-Node
X-HW
X-LiteSpeed-Cache
X-Ruxit-JS-Agent
Xkey
Request-Id
X-Country
X-Nginx-Cache-Status
X-Url
X-Application-Context
X-NWS-LOG-UUID
X-Content-Type
Content-Location
Cache-Tag
X-Nginx-Upstream-Cache-Status
X-Clacks-Overhead
Service-Worker-Allowed
X-Trace
X-Amz-Server-Side-Encryption
Cross-Origin-Opener-Policy
Fastly-Restarts
X-Times
X-PC
X-TtlSet
X-Vname
X-Rack-Cache
X-Mcache
X-Edge
X-Midtier
X-Country-Code
Rating
Surrogate-Key
X-Browser-Type
X-ESI
X-Cache-TTL
Display
X-Middleton-Display
Pagespeed
X-Abt-Application-Version
X-Sol
X-Server-Name
X-Cnection
X-Element-Page-Cache
X-Kinja-Revision
X-Kinja-Server
X-Kinja
X-GoogleNews-Bot
X-Exp-Id
X-Kinja-Build
X-Cdn-Fetch
X-Exp-Variant
X-Ser
Edge-Control
X-Powered-By-Plesk
Nginx-Cache
X-GitHub-Request-Id
X-Oneagent-Js-Injection
X-D2id
Verso
X-Ac
X-Dw-Request-Base-Id
X-ARC
X-Vcap-Request-Id
X-Client-IP
X-MS-InvokeApp
X-Daa-Tunnel
Accept-Ch-Lifetime
X-B3-TraceId
X-Navigation-Version
X-Upstream
X-Aspnet-Version
X-ORACLE-DMS-RID
X-Goog-Hash
X-Amz-Rid
X-CST
X-Powered-CMS
X-Middleton-Response
Response
X-Kraken-Loop-Name
X-PDP-UNCACHING-HASH
X-Erf-Bev-Bev
X-Server-Lifecycle-Phase
X-Erf-Bev-Bev-Is-Generated
X-Instrumentation
X-Edge-Location-Klb
X-Ttl
X-Kinsta-Cache
AR-Request-ID
AR-SID
AR-ATIME
AR-PoweredBy
X-ECACHE
X-Cache-Key
X-NF-Request-ID
X-Amzn-Trace-Id
X-Ratelimit-Limit
X-Ua-Device
X-Forwarded-For
RTSS
X-Mod-Pagespeed
X-FastCGI-Cache
X-Wormhole-Sdk
SPRequestDuration
SPIisLatency
AR-CACHE
Edge-Cache-Tag
X-Ratelimit-Remaining
X-Server-ID
Cache-Status
X-Version
X-Mg-S
Public-Key-Pins
X-ORACLE-DMS-ECID
X-Ruxit-Js-Agent
Cross-Origin-Resource-Policy
S
X-Ezoic-Cdn
Realpath
SPRequestGuid
X-SharePointHealthScore
X-T
X-Shield-Request-Id
X-MSEdge-Ref
X-Content-Digest
Fastcgi-Cache
X-Cached
X-Recruiting
X-Accel-Expires
Access-Control-Request-Method
Accept-Ch
X-Distributor
X-Newrelic-App-Data
X-Varnish-TTL
X-Correlation-Id
TP-Cache
X-Kong-Proxy-Latency
Arr-Disable-Session-Affinity
Count-Hit
X-Kong-Upstream-Latency
X-Debug
X-Request-Received
X-Request-Processing-Time
Front-End-Https
X-Id
Server-Node
X-Ua-Browser
X-HS-Content-Id
X-HS-Hub-Id
X-HS-Cache-Config
X-Content-Security-Policy-Report-Only
X-LLID
MicrosoftSharePointTeamServices
X-VARITI-CCR
X-Frontend
X-HS-Combine-CSS
X-Azure-Ref
X-PressLabs-Stats
X-Fastly-Request-ID
Cache-Tags
X-Ismobilevalue
X-Cluster-Name
Payment
X-Forwarded-Proto
X-LB-Cache
X-Amz-Replication-Status
X-Varnish-Backend
X-Hits
X-GUploader-UploadID
X-Goog-Metageneration
Filterid
X-Microsite
X-Request-Handler-Origin-Region
X-Git-Hash
Host
X-Unique-Id
Cleartype
X-Protected-By
X-FB-Debug
X-Www-Served-By
X-Varnish-Server
X-Ratelimit-Reset
X-Logged-In
X-Az
X-Activity-Id
X-AppVersion
X-App-Server
Content-Disposition
X-Hostname
X-Varnish-Ttl
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-NGENIX-Cache
X-Amz-Apigw-Id
X-Amzn-RequestId
X-HP-Webp
X-HP-Trace-Id
X-B3-TraceId-Primal
X-Jurisdiction
MRF-Tech
Mrf-Cache-Status
X-Geo-Country
X-TTL
Retry-After
Access-Control-Allow-Method
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Page-Id
X-Origin-Server
X-DIS-Request-ID
X-Load-Cache
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
X-Upgrade-Enabled
MS-Author-Via
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
Accept-Charset
X-Goog-Storage-Class
X-Nf-Request-Id
X-Type
Section-Io-Cache
Fastly-SWR
X-ASPNET-VERSION
Fastly-SIE
Viewport
X-Pinterest-Rid
Pinterest-Version
Pinterest-Generated-By
X-TT
X-Fb-Rlafr
Akamai-GRN
Origin-Trial
X-Cache-Control
X-Fastcgi-Cache
Amp-Access-Control-Allow-Source-Origin
Content-MD5
X-B
X-Content-Options
X-Ah-Environment
X-Grace
X-B3-Sampled
X-Cambria-Cache-Control
X-Template
Version
X-SRCache-Fetch-Status
X-Request-Guid
X-SRCache-Store-Status
X-RateLimit-Remaining
X-Origin-Cache
X-Revision
X-ECache
X-Amz-Meta-S3cmd-Attrs
TCN
X-Trace-Id
X-Vcl-Version
Frame-Options
Healthy
X-Envoy-Decorator-Operation
X-Contextid
X-Magnolia-Registration
X-Cdn
X-CSRF-Token
X-Device-Type
X-Source
X-Fastly-Request-Id
X-WP-CF-Super-Cache-Active
DC
Server-Name
X-Aspnetmvc-Version
X-Webkit-CSP
X-Px
X-Proxy
X-Seen-By
X-Varnish-Grace
X-Backend-Name
X-Mobile
X-Tumblr-User
X-App-Environment
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
X-Xrds-Location
X-RM-Cache-TTL
X-Tumblr-Pixel
X-ProcessESI
X-RemovedCookies
X-Debug-Info
X-Status
X-Storage
Cross-Origin-Window-Policy
NGB
Access-Control-Request-Headers
X-NYM-Debug-Backend
X-Region
X-Mg-Request-UUID
X-Instance
X-Rule
X-ServerID
X-UUID
X-L-Path
X-G
X-Environment-Context
X-Cacheable-TTL
X-Adobe-Loc
X-Adobe-Content
SD-X-WS
X-Framework
X-Debug-IsConnected
X-Debug-IsPreview
X-FW-Server
X-FW-Static
X-FW-Dynamic
X-FW-Hash
X-FW-Serve
X-Proxy-Cache-Info
X-Node-Name
X-Is-Bot
Paypal-Debug-Id
X-Rendered-As
X-Akamai-Edgescape
X-FW-Type
X-FW-Version
X-Cache-Age
X-Rid
X-Datadog-Trace-Id
X-Datadog-Sampling-Priority
X-Datadog-Sampled
X-HTML-Minification-Powered-By
GEO-INFO
X-Yottaa-Metrics
X-Content-Powered-By
X-RTag
Ms-Operation-Id
MS-CV
X-Yottaa-Optimizations
X-Datadog-Parent-Id
X-User-Agent
X-CLOUD-TRACE-CONTEXT
X-Language
X-Cache-Time
X-EdgeConnect-Cache-Status
Front
Webserver
Upgrade-Insecure-Requests
X-Buckets
Charset
X-WebKit-CSP-Report-Only
Countrycode
Protected
X-Whom
OT-Force-Account-Verify
X-N
X-IPS-LoggedIn
X-Tec-Api-Version
X-Tec-Api-Origin
X-Tec-Api-Root
X-Akamai-Request-ID2
X-Lambda-Id
X-AB
Country
X-Edge-Location
Section-Io-Id
X-Time
X-Cache-Status-Check
X-TT-LOGID
Refresh
X-B3-SpanId
X-VHOST
Trailer
X-VC
Priority
X-Via-JSL
X-CCDN-Origin-Time
X-Hcs-Proxy-Type
X-Hl-Ver
X-CCDN-CacheTTL
Alternate-Protocol
Backend
X-XRDS-LOCATION
X-Reqid
X-Amzn-Remapped-Content-Length
X-WP-CF-Super-Cache-Cookies-Bypass
X-B3-Traceid
X-HS-Prerendered
Accept-Language
VIX-Pulpo-Upstream-Status
Xet-Cookie
VIX-Pulpo-Node
X-Wix-Request-Id
Liferay-Portal
X-DataDome
Onion-Location
X-Fetched-On
X-Accel-Version
X-SaId
X-Rn-Rsrv
X-Auth-Group-Type
X-Cache-Host
X-Request-URI
ServerID
X-Tb
X-Origin-Date
Filters
X-JoinUs
X-Generated-By
From-Origin
X-FB-TRIP-ID
X-Frame-Option
Uber-Trace-Id
Environment
Meta-Geo
Fastcgi-Useragent
X-Rewrite-Enabled
X-Scope-Id
X-Tumblr-Pixel-2
X-Skip-Cache
X-XRDS-Location
X-Web-Node
X-UPSTREAM-Address
X-VC-Cache
X-Director
X-Varnish-Cache-Hits
TWC-GeoIP-Country
TWC-GeoIP-LatLong
TWC-Device-Class
Property-Id
Expiry
X-Format
X-R9-Blue-Green-Version
X-Origin-Hint
X-Hosted-By
X-Varnish-Age
TWC-Connection-Speed
X-Connection-Hash
X-Say-TTL
X-Say-Cacheable
TWC-Locale-Group
X-SayCDN-TTL
X-Cache-Expired-At
Webcakes-Region
X-Cache-Action
X-Redis-Cache
Webcakes-App-Name
TWC-Privacy
Webcakes-App-Version
LB
X-Server-W
X-Vcache
X-Restarts
X-BYPASS-REASON
X-Logging-Id
X-IPLB-Instance
X-IPLB-Request-ID
X-Cluster-Node
X-Loop
Web-Mar-Node
X-Adobe-Source
Apigw-Requestid
X-Forwarded-Host
Atl-Traceid
X-Cms-Context
X-Webstats-RespID
X-Labrador-Cache-Channel
X-Real-IP
X-RID
X-ProxyCache-Key
X-Mode
X-ProxyCache-Status
X-Tncms
X-PHP-Host
X-Soup
X-Varnish-Beresp-Grace
X-Httpd
X-Served-From
X-Handled-By
Mn-Server-Ip
Url
X-Detected-As
ServedBy
X-Servername
Xserver
X-Origin
X-Cluster
X-SRV
X-S
DB-Nickname
X-Nginx-Cache
X-Response-Served-From
X-Original-Request-Id
Selected-Fe
X-Origin-CC
X-Proxy-Build
Referer-Policy
X-Timing-Wait
SRV
X-Origin-TTL
CF-IPCountry
X-Zipkin-Id
X-Extlb
N-Cache
X-Proxied
X-Routing-Service
X-Lagoon
X-Cloudmap
X-Hit
Cross-Origin-Embedder-Policy-Report-Only
X-LSADC-Cache
X-Rocket-Nginx-Serving-Static
X-Upstream-Ht
X-Upstream-Ct
X-UA
CDN-RequestId
X-Xfnlog-Site
X-Ms-Request-Id
Cross-Origin-Embedder-Policy
X-Ms-Version
X-Webkit-Csp
X-Cache-Debug
X-Tumblr-Pixel-3
X-RCS-CacheZone
X-Proxy-Cache-Status
X-NWS-UUID-VERIFY
X-VCT
Source
X-Azure-Ref-OriginShield
X-F-Cache
X-B-Cache
X-DynaTrace
X-Signature
X-Is-Desktop
X-Tcp-Rtt
X-Browser-Name
X-Is-Mobile
X-Geo-Region
X-Is-Supported-Browser
X-TraceId
Surrogated-Key
X-Is-Tablet
X-RateLimit-Remaining-Second
X-Urbn-Site-Id
WPO-Cache-Message
Locale
X-RateLimit-Limit-Second
X-Urbn-Context-Path
X-Worker
WPO-Cache-Status
X-No-Session
Node
X-Sucuri-Cache
X-Generation-Time
X-Cdn-Origin
X-ShopId
X-Storefront-Renderer-Rendered
X-Alternate-Cache-Key
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-Shopify-Stage
X-ShardId
X-FTR-Request-ID
TP-L2-Cache
X-Sucuri-ID
X-RateLimit-Limit
X-Locale
X-Drupal-Cache-Contexts
X-Tx-Id
X-NODE
X-Cdn-Forward
X-Optimistic-Header
X-Site-Version
X-Drupal-Cache-Tags
X-NGINX-Cache
X-Cache-Operation
X-Service
X-App-Version
X-Cache-Rule
X-Epic-Correlation-Id
Fastly-Backend-Name
X-FC-Vary-Parameters
X-Gdpr
X-DefElseHash
Gannett-Cam-Experience-Id
X-Viewer-Country
Fastly-GeoIP-CountryCode
X-ElasticPress-Query
Xc-Version
X-DPWN-IS-SECURE
X-Developer
X-Vtex-Remote-Cache
X-Depends
X-Debug-Cache-Store
X-Ec-GeoHdr
X-Ec-Fail
X-DefHash
Expect-Staple
DCR-Decision-By
BehaviorPad-Version
X-BCube-Filmed-By
X-Bc-Bl
Azure-Version
Azure-SlotName
Azure-RegionName
Azure-SiteName
Cdnsip
Candidate-Md5Url
X-AK-Request-ID
X-Aicache-OS
X-Aed
X-Amz-Storage-Class
X-App-Name
X-Backend-Instance
Cdncip
Azure-InstanceId
X-A-Wwc
X-A-Ccd
X-Contensis-Viewer-Groups
X-Conf
We-Hiring
DCR-Processing-Time-Ms
X-A
X-D
X-A-Dam
Content-Secure-Policy
Cluster
X-A-Dgt
X-Cache-Aspx
X-A-Dcw
A
X-Cache-NE
X-Cache-Info
X-Debug-Cache-Fetch
X-Ig-Origin-Region
Sslversion
X-Proxy-CacheRZ
X-Proxied-Request
X-Request-Time
X-Rojux
X-ScT
X-Scheme
X-Proto
Ngx.Var.Host
X-GeoCode
X-Origin-Response-Time
X-PAYTM-SRV-ID
X-We-Are-Hiring
TDXMobile
X-Platform-Server
Odigeo-Trace-Id
X-Shield-Cache-Expires
Redirect-Candidate
X-Varnish-Remaining-TTL
X-Varnish-Director
X-Vdms-Version
XkeyRZ
X-VG-WebCache
Producers
Cache
X-Varnish-CookieINHashed-On
X-Thinkindot-L3
Origin-Agent-Cluster
X-TIM-N
Rendered-Blocks
X-Varnish-CookieHashed-On
X-Varnish-Authentication
X-Origin-Expires
X-Origin-Time
X-INCAP-ABP
X-GeoCountry
X-Jobs
X-Ig-Push-State
X-GeoIP
Host-ID
X-GeoIP-City
X-Org
X-Vmg-Version
X-Internal-TTL
X-Loc
MD5-Digest
X-Nyt-Route
Thinkindot-CacheControl
Mail-Subject
Thinkindot-CacheControl-Type
Lang
X-Mly-Id
Meta-Geo-Continent
Mime-Version
X-LiteSpeed-Tag
V-Age
User-Agent
X-Access
Tube-Return
Web-Mar-Region
Wxu-Next-Commit
W
Tube-Get-Contents
Wxu-Next-Hostname
X-Acquia-Purge-Cdn-Unconfigured
X-VTEX-Cache-Server
Wxu-Next-Region
Server-Host
X-Accel-Expires-Debug
Tube-Got-Eval
Req-Svc-Chain
RNT-Machine
RNT-Time
Tube-Got-Results
X-Eu-Site
X-Mvc-Supplant-OutputCached
X-Mvc-Supplant-Cachable
X-NMSegId
X-Op-Id-All
X-Pool
X-Micro-Cache
X-Location
X-HN
X-Hash
X-HS-Content-Campaign-Id
X-Human
X-Level-Front-Cache
X-Powered-By-VTEX-Cache
X-Req
X-Tb-Optimization-Total-Bytes-Saved
X-SVT-ORM-VERSION
X-V-Cache
X-VarnishDD-TTL
X-VG-TLSProxy
X-SVT-ORM-RULES
X-Sn-Servicetimems
X-SD-PageType
X-Section
X-Slack-Backend
X-Slack-Shared-Secret-Outcome
X-Gzip
X-GoCache-CacheStatus
X-CacheTTL
X-Cache-Id
X-CGP
X-Content-Age
X-Core-Value
X-Cache-Grace
X-Cache-Bucket
X-B3-Trace-ID
X-BBC-Edge-Cache-Status
X-Bl-Debug
X-Bug-Bounty
X-Csrf-Jwt
X-Date
X-Gamma-Serve
X-Fmm-Version
X-Generated-On
X-GeoIP-Country-Code
X-GeoIP-Region-Code
X-Fastly-Backend
Product
X-Dispatcher-Server
X-Ec-Custom-Error
X-Edge-Server
X-Esi-Check
X-Akamai-Device-Characteristics
NGX
Content-Style-Type
Content-Script-Type
Click-Count-Error
X-VTEX-Cache-Time
Debug
AMP-Access-Control-Allow-Source-Origin
HA-Ipaddr
Ha-Gx-Prefs
Esi-Enabled
Cdn-Request-Time
Cdn-Host
Apple-News-Services-Host
Apple-News-Services-Handled
X-MP-GENERATED-AT
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Canary
Cache-Provider
Cache-Key
L
Click-Count-Action-Start
NM-Fastcgi-Cache
Platform
PFcat
X-Wikidot-Backend
X-Path
X-Via-Fastly
L5d-Success-Class
X-Wikidot-Static-Cache
X-Api-Version
Ohc-File-Size
X-Air-Pt
Sid
Yak-Timeinfo
X-Pubstack
Origin
X-Varnish-Beresp-Status
X-Varnish-Beresp-Ttl
CDN-CachedAt
CDN-Cache
X-Request-Host
Release
X-Clientip
X-UA-Device-Type
X-Cdn-Srv
X-Var-Ttl
CDN-EdgeStorageId
X-Amz-Meta-Cb-Modifiedtime
X-Cache-FS-Status
Cross-Origin-Opener-Policy-Report-Only
Pramga
X-Pad
X-Policy
Origin-CC
Ssr
X-SB
X-Platform
XM
Country-Code
Origin-EX
Fastly-SSL
DSUID
X-Varnishpool
CDN-Uid
X-Men
CDN-PullZone
X-Auto-Login
X-Node-Id
X-NodeID
CDN-RequestPullSuccess
CDN-RequestCountryCode
Gh-Request-Id
X-Cached-By
CDN-RequestPullCode
X-Cache-Hit
X-HITS
User-Cache-Control
X-LiteSpeed-Cache-Control
CDCHOST
X-Server-IP
X-Request-Start
X-Dc
IsBot
X-Newrelic-Synthetics
X-Thanos
X-CUA
X-Content-Length
X-Gen-Mode
X-Hnp-Log
Req-ID
X-SIPLIST1
X-Bip
X-Block-Status
X-URL
X-Varnish-Hits
True-Client-Country-4JS
X-Provided-By
Fl-Custom-Application
ServerName
X-HOST
X-AB-Test
X-GEO
X-LJ-Flow-ID
X-AWS-Id
Akamai-Mon-Iucid-Del
X-VWS-Id
X-Irp-Debug
X-Test
GeoIP-Latitude
X-RequestId
X-CACHE-GROUP
X-ORCA-Accelerator
X-Cs
Server-Hostname
C-Via
Adler-Geo
Proxy-Firewall
X-TA-CDN-Provider
Is-Eu
Server-Ext
Sever-Int
X-APP
X-Refresh
X-B3-Parentspanid
X-Nananana
S-Rt
X-VServer
X-Servedbyhost
X-LB-NoCache
X-Dispatcher-Number
CloudFront-Viewer-Country
X-Oracle-Dms-Ecid
Fastly-Drupal-HTML
X-Geolocation
X-Via-Edge
X-Via-SSL
WZWS-RAY
X-DC
X-Nginx-Cache-Key
X-Cache-Date
Edge-Copy-Time
Cache-Tv-Group
X-HS-CF-Cache-Status
X-Via-CDN
X-ZONE
Fastly-Drupal-Html
X-External-Request-Id
X-Via-Popn
T-Server
X-Via-Popv
X-Geo-Header
X-B3-Spanid
X-Custom-Header
X-Via-Poph
X-S-Cookie
X-Destination
X-HA-Backend
X-Application
X-IsAdmin
X-B-Cookie
X-Pass-Why
X-Endurance-Cache-Level
X-ND-Cache
X-Zen-Fury
X-Wa
X-Nc
X-Tt-Logid
X-CACHE-AGE
X-LB-ID
X-DynaTrace-JS-Agent
X-Zone
X-Cache-Server
Vc-Max-Age
X-CMSURLCustom
X-Webkit-Csp-Report-Only
X-CS
HostName
Server-ID
GeoIp-Country-Code
X-User
Cdn-Requestid
X-CDN-Forward
Cdn
X-Litespeed-Tag
X-Presslabs-Stats
X-COUNTRY
X-SERVER-NAME
X-Parent-Response-Time
SID
True-Client-IP
X-AIR-PT
X-Srv
Ohc-Cache-HIT
Powered-By
Vix-Hermes-Req-Id
X-HubSpot-Correlation-Id
X-DataCenter
X-Fpc
Srv
X-Varnish-Beresp-TTL
Resin-Trace
X-NewRelic-App-Data
X-Moov-Xdn-Caching-Status
X-Moov-Xdn-Version
X-Vgn-Hpd-Reason
X-TH-Server
X-Fastly-Cache
X-APP-VERSION
X-VC-TTL
WP-Super-Cache
X-Ckpd-Fst-Backend
X-Moov-T
On-Server
X-Oracle-Dms-Rid
Uri
Pics-Label
X-API-Version
X-Old-Content-Length
Thinkindot-Control
ServerHost
SEZNAM-JOBS-OFFER
X-Air-Hostname
X-Srcache-Store-Status
X-Air-Trace-Id
X-Srcache-Fetch-Status
X-Air-Source
X-FPC
X-PHP-Backend
AKAMAI
X-Vercel-Id
X-Vercel-Cache
X-Amz-Meta-Opti
True-Client-Ip
X-Cache-TTL-Remaining
X-TX-ID
Serverhost
X-Datadome
X-Dynatrace-Js-Agent
X-Client-Ip
Magicmarker
X-Thinkindot-L1
X-Action
Location
Server-Id
X-Cache-VC
GeoIP-Country-Code
X-Info
Hostname
Cl-Cache
X-CDN-Cache-Status
X-Vc
N1-Cache
X-Cdn-Cache-Status
X-NC
Av-Poweredby
X-Stale
X-V
X-WA
X-Debug-Service
CDN
X-FTR-Expires
X-FTR-Backend-Server
X-FTR-Cache-Status
X-FTR-Balancer
X-IAuth-Set-Uid
X-FTR-Backend
X-Rollout
X-Eligible
X-New
X-Country-Code-Real
Sm-Log-Id
X-Service-Response-Time
X-Ee-Generated-By
Time-Cloud-Cache
Store-Cloud-Cache
X-Ee-Origin
X-Cms-Device
X-Geo
X-Datacenter
X-Udemy-Cache-App-Namespace
X-Region-Sid
X-Fastly-Cache-Status
X-Lb-Id
X-Ee-Request-Id
X-Save-Cache
X-Ee-Request-Date
X-Vary-Devices
X-VTEX-Cache-Backend-Connect-Time
X-ApacheServer
X-VTEX-Cache-Backend-Header-Time
Machine
X-PERF
X-Forwarded-Site
X-Cache-Ttl
X-Git-Commit
X-Github-Request-Id
X-Ssense-Shipping-Surcharge-Enabled
X-WA-Info
Xkeylog
X-Container-Uri
Cloudfront-Viewer-Country
X-Lb-Nocache
X-Render-Time
X-Resp-Is-Stale
X-Ha-Backend
X-Oracle-DMS-ECID
X-Fastly-Backend-Reqs
Xkey-La3
X-Proxy-Cache-La3
Server-Info
X-Nitro-Cache
X-Via-PopV
X-Via-PopN
X-Via-PopH
X-Ssense-Gql
X-Limited
X-Traceid
X-App
X-Litespeed-Cache-Control
Tcn
X-Uri
X-VCL-Version
X-Ftr-Request-Id
X-ServedByHost
CountryCode
Cache-Hits
TWC-GeoIP-City
TWC-GeoIP-DMA
TWC-GeoIP-Region
RewriteTestHook
Log-Origin
RewriteTeamHook
Cache-Contol
X-EC-Lua
WWW-Authenticate
Edge-Cache
X-Jungle-Id
Permission-Policy
X-SRCache-Key
Geoip-Latitude
Cneonction
X-Varnish-Hostname
X-Akamai-Pragma-Client-IP
X-MSEdge-Flight
X-MSEdge-Features
X-Ion-Healthy
WebServer
X-Ion-Hop
X-Correlation-ID
Pragrma
X-LAGOON
X-Akamai-Transformed
PICS-Label
My-App
Cmstype
Cmsid
X-HS-Status
Reporter
X-Acquia-Application-UUID
X-Dw-Trace-Id
X-From
FSS-Cache
X-Requestid
X-Up
NtCoent-Length
X-Cdn-Request-ID
X-Acquia-Purge-Tags
X-Acquia-Application-Trace
X-Acquia-Site
X-Pod
X-Serial
X-Ua
X-Check-Cacheable
Cf-Ipcountry
X-Sucuri-Id
CacheControlHeader
X-Elasticpress-Query
X-BBC-Origin-Response-Status
X-Platform-Processor
X-Ad-Load-Variation
X-Platform-Router
X-Ramcache
X-Platform-Cluster
CF-Cached-On
X-Web-Server
X-Fastly-Cache-Hits
X-Ms-Blob-Type
X-Ms-Lease-Status
X-Akamai-ERPolicy
X-Akamai-ERRuleID
X-Sqd-Stime
Warning
Timeexpire
X-Tncms-Bot-Tier
X-Sqd-Ctime
X-Orig-Cache-Control