Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
X-Frame-Options
Expires
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
CF-Cache-Status
Cf-Request-Id
ETag
Accept-Ranges
Expect-CT
CF-RAY
Pragma
X-Powered-By
X-Cache
Via
Age
X-XSS-Protection
Content-Security-Policy
Report-To
Alt-Svc
NEL
Referrer-Policy
Access-Control-Allow-Origin
X-Xss-Protection
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
X-Served-By
X-Download-Options
P3P
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
CF-Ray
Content-Security-Policy-Report-Only
X-Runtime
X-DNS-Prefetch-Control
P3p
X-AspNet-Version
X-Drupal-Cache
Server-Timing
X-Generator
X-Cache-Status
X-Cacheable
X-Envoy-Upstream-Service-Time
Accept-CH
X-Request-ID
X-FRAME-OPTIONS
Timing-Allow-Origin
X-Iinfo
X-Drupal-Dynamic-Cache
Permissions-Policy
X-Content-Security-Policy
Access-Control-Expose-Headers
Feature-Policy
X-Check
Upgrade
Content-Encoding
Status
X-CDN
X-Ua-Compatible
X-AspNetMvc-Version
Access-Control-Max-Age
Host-Header
Cf-Edge-Cache
X-Robots-Tag
Request-Context
X-Amz-Request-Id
X-Amz-Id-2
X-Backend
X-Hacker
X-Turbo-Charged-By
Cf-Apo-Via
X-Cache-Group
X-Proxy-Cache
Keep-Alive
X-Via
X-Rq
X-Age
EagleId
X-Server
X-Dispatcher
X-Vhost
X-UA-Device
X-Amz-Version-Id
X-AH-Environment
X-Ws-Request-Id
X-Dns-Prefetch-Control
Accept-CH-Lifetime
X-Varnish-Cache
Grace
X-Server-Powered-By
X-Litespeed-Cache
X-WebKit-CSP
X-Pingback
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
Allow
X-Swift-CacheTime
X-Swift-SaveTime
X-OneAgent-JS-Injection
X-Cache-Lookup
Ali-Swift-Global-Savetime
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Page-Speed
X-Cloud-Trace-Context
X-Device
X-Backend-Server
EagleEye-TraceId
X-Akam-SW-Version
X-Host
Surrogate-Control
X-Response-Time
Xkey
Cf-Railgun
X-Readtime
X-HW
X-LiteSpeed-Cache
X-Node
X-Server-Id
X-Ruxit-JS-Agent
Request-Id
X-Country
X-Url
X-Nginx-Cache-Status
Cache-Tag
X-NWS-LOG-UUID
X-Content-Type
X-Application-Context
Content-Location
X-Nginx-Upstream-Cache-Status
X-Clacks-Overhead
Service-Worker-Allowed
X-Trace
Cross-Origin-Opener-Policy
X-Amz-Server-Side-Encryption
Fastly-Restarts
X-Times
X-Country-Code
X-Rack-Cache
X-Vname
X-PC
X-TtlSet
X-Midtier
X-Mcache
X-Edge
Rating
Surrogate-Key
X-Server-Name
X-Browser-Type
X-Middleton-Display
X-Sol
Pagespeed
Display
X-Cache-TTL
X-Cnection
X-Abt-Application-Version
X-Kinja
X-Cdn-Fetch
X-Kinja-Server
X-Kinja-Build
X-Kinja-Revision
X-Exp-Variant
X-Element-Page-Cache
X-Exp-Id
X-GoogleNews-Bot
X-ESI
Nginx-Cache
X-Oneagent-Js-Injection
X-Ser
X-GitHub-Request-Id
X-Powered-By-Plesk
Edge-Control
X-ECACHE
Verso
X-D2id
X-Ac
X-Vcap-Request-Id
X-MS-InvokeApp
X-Client-IP
X-Dw-Request-Base-Id
X-ARC
X-B3-TraceId
Response
X-Amz-Rid
X-Middleton-Response
X-CST
X-Goog-Hash
X-Navigation-Version
X-Powered-CMS
X-Daa-Tunnel
X-ORACLE-DMS-RID
X-Upstream
X-Edge-Location-Klb
X-Erf-Bev-Bev
X-Kinsta-Cache
X-Instrumentation
X-PDP-UNCACHING-HASH
X-Erf-Bev-Bev-Is-Generated
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
X-Server-ID
X-NF-Request-ID
Accept-Ch-Lifetime
X-Wormhole-Sdk
X-Ua-Device
X-Forwarded-For
X-Amzn-Trace-Id
X-Cache-Key
RTSS
AR-SID
AR-Request-ID
AR-ATIME
AR-PoweredBy
X-Ratelimit-Limit
SPRequestDuration
SPIisLatency
X-Ratelimit-Remaining
X-Mod-Pagespeed
Edge-Cache-Tag
X-Ttl
Cache-Status
X-FastCGI-Cache
X-Version
Public-Key-Pins
X-Ruxit-Js-Agent
X-Mg-S
X-Ezoic-Cdn
X-ORACLE-DMS-ECID
AR-CACHE
X-Content-Digest
Cross-Origin-Resource-Policy
SPRequestGuid
X-SharePointHealthScore
Realpath
S
X-Fastly-Request-ID
X-MSEdge-Ref
Fastcgi-Cache
X-Shield-Request-Id
X-T
X-Cached
X-Varnish-TTL
X-Recruiting
X-Accel-Expires
X-Distributor
Front-End-Https
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
Access-Control-Request-Method
X-Newrelic-App-Data
TP-Cache
X-Correlation-Id
Count-Hit
X-Azure-Ref
MicrosoftSharePointTeamServices
X-Debug
X-Request-Received
X-Id
X-Request-Processing-Time
X-HS-Hub-Id
X-HS-Cache-Config
X-HS-Content-Id
Arr-Disable-Session-Affinity
X-Ua-Browser
Server-Node
X-Content-Security-Policy-Report-Only
X-LLID
X-VARITI-CCR
X-Frontend
X-HS-Combine-CSS
Cache-Tags
X-PressLabs-Stats
X-TTL
X-Cluster-Name
X-Ismobilevalue
X-Ah-Environment
Origin-Trial
X-Hits
Accept-Ch
Payment
X-GUploader-UploadID
X-Amz-Replication-Status
X-Varnish-Backend
X-Goog-Metageneration
X-LB-Cache
X-Forwarded-Proto
X-Protected-By
X-Request-Handler-Origin-Region
Pinterest-Generated-By
X-Pinterest-Rid
Pinterest-Version
X-Microsite
Host
X-Unique-Id
Cleartype
X-Git-Hash
X-FB-Debug
X-Logged-In
X-Varnish-Server
Content-Disposition
X-Www-Served-By
X-AppVersion
X-Az
Filterid
X-Activity-Id
X-Ratelimit-Reset
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-NGENIX-Cache
X-Hostname
X-App-Server
X-Fastcgi-Cache
X-Page-Id
X-DIS-Request-ID
X-Cambria-Cache-Control
X-HP-Trace-Id
X-Amz-Apigw-Id
X-HP-Webp
X-Jurisdiction
X-Amzn-RequestId
X-Xrds-Location
X-Geo-Country
Akamai-GRN
Mrf-Cache-Status
MRF-Tech
X-B3-TraceId-Primal
Access-Control-Allow-Method
X-Load-Cache
X-Origin-Server
X-Aspnet-Version
X-Template
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
X-ASPNET-VERSION
Retry-After
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-TEC-API-ROOT
X-Upgrade-Enabled
X-Varnish-Ttl
Accept-Charset
X-Content-Options
Frame-Options
X-Type
MS-Author-Via
Fastly-SIE
Fastly-SWR
Section-Io-Cache
Viewport
Version
X-TT
X-Fb-Rlafr
X-Cache-Control
X-Nf-Request-Id
X-B3-Sampled
X-B
X-Grace
Content-MD5
Amp-Access-Control-Allow-Source-Origin
X-Request-Guid
X-Rid
X-Revision
X-Trace-Id
X-Envoy-Decorator-Operation
X-Vcl-Version
X-Cdn
X-Device-Type
Healthy
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Source
X-Origin-Cache
X-Magnolia-Registration
X-RateLimit-Remaining
X-Amz-Meta-S3cmd-Attrs
X-Cache-Age
Server-Name
X-Contextid
X-Aspnetmvc-Version
X-Webkit-CSP
X-CSRF-Token
X-Language
X-Px
X-WP-CF-Super-Cache-Active
X-Buckets
X-Mobile
X-Backend-Name
Trailer
TCN
X-FTR-Request-ID
X-Akamai-Edgescape
X-Proxy
X-App-Environment
X-RM-Cache-TTL
X-ProcessESI
X-Status
X-RemovedCookies
DC
X-Tumblr-Pixel-1
X-Framework
X-Region
X-NYM-Debug-Backend
X-Debug-Info
X-Environment-Context
X-L-Path
X-Mg-Request-UUID
X-Instance
Access-Control-Request-Headers
X-Storage
X-Rule
X-Tumblr-Pixel
X-Tumblr-User
X-Tumblr-Pixel-0
X-FW-Static
X-FW-Server
X-Debug-IsPreview
X-FW-Hash
GEO-INFO
X-FW-Dynamic
Cross-Origin-Window-Policy
NGB
X-Adobe-Loc
X-Adobe-Content
X-Cacheable-TTL
X-HTML-Minification-Powered-By
X-Content-Powered-By
X-FW-Type
X-Debug-IsConnected
X-FW-Serve
X-Node-Name
X-ServerID
X-UUID
X-Varnish-Grace
X-Proxy-Cache-Info
X-G
X-FW-Version
X-Tec-Api-Root
X-Datadog-Parent-Id
X-Datadog-Sampled
X-Rendered-As
X-Seen-By
X-Tec-Api-Origin
Ms-Operation-Id
X-Datadog-Sampling-Priority
MS-CV
X-RTag
X-Tec-Api-Version
X-Datadog-Trace-Id
X-Is-Bot
SD-X-WS
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Cache-Time
Upgrade-Insecure-Requests
X-EdgeConnect-Cache-Status
Paypal-Debug-Id
X-Edge-Location
X-HS-Prerendered
Charset
X-User-Agent
Countrycode
Protected
Webserver
X-Whom
Front
OT-Force-Account-Verify
X-Lambda-Id
Refresh
X-TT-LOGID
Section-Io-Id
X-TraceId
X-VHOST
X-ECache
X-VC
X-WebKit-CSP-Report-Only
X-IPS-LoggedIn
X-Response-Served-From
Cross-Origin-Embedder-Policy-Report-Only
X-Reqid
X-Original-Request-Id
Priority
Alternate-Protocol
X-Akamai-Request-ID2
X-Cache-Status-Check
X-AB
X-N
SRV
Country
X-Amzn-Remapped-Content-Length
X-B3-Traceid
X-Time
Backend
Xet-Cookie
X-Server-W
X-B3-SpanId
Liferay-Portal
X-WP-CF-Super-Cache-Cookies-Bypass
X-Hcs-Proxy-Type
X-CCDN-CacheTTL
X-Hl-Ver
X-CCDN-Origin-Time
X-Mode
X-Real-IP
Onion-Location
X-FB-TRIP-ID
X-Cache-Host
X-Fetched-On
X-Skip-Cache
X-UPSTREAM-Address
X-Format
X-Rewrite-Enabled
X-VC-Cache
X-Frame-Option
X-Rn-Rsrv
X-JoinUs
X-Origin-Hint
X-Scope-Id
X-SaId
X-Origin-Date
Webcakes-Region
TWC-GeoIP-Country
X-Origin-TTL
X-Tb
TWC-GeoIP-LatLong
X-Origin-CC
TWC-Connection-Speed
Property-Id
ServerID
Environment
TWC-Locale-Group
From-Origin
X-Web-Node
Fastcgi-Useragent
X-Accel-Version
X-Auth-Group-Type
Meta-Geo
Webcakes-App-Version
TWC-Privacy
Webcakes-App-Name
Filters
X-Cache-Expired-At
TWC-Device-Class
X-R9-Blue-Green-Version
Atl-Traceid
X-ProxyCache-Status
X-ProxyCache-Key
Mn-Server-Ip
X-Redis-Cache
X-Request-URI
X-Say-TTL
X-SayCDN-TTL
X-Say-Cacheable
X-Webstats-RespID
X-Restarts
Uber-Trace-Id
Web-Mar-Node
X-Forwarded-Host
X-Director
X-Hosted-By
X-IPLB-Instance
X-IPLB-Request-ID
X-Connection-Hash
X-Cluster-Node
DB-Nickname
X-BYPASS-REASON
X-Cache-Action
X-Logging-Id
X-Nginx-Cache
Expiry
Accept-Language
X-Varnish-Cache-Hits
X-Tumblr-Pixel-2
X-Handled-By
Apigw-Requestid
X-Tncms
X-Fastly-Request-Id
X-Adobe-Source
X-Labrador-Cache-Channel
X-Loop
X-Varnish-Age
X-PHP-Host
X-Vcache
X-Httpd
X-Served-From
X-Soup
X-Varnish-Beresp-Grace
ServedBy
X-Wix-Request-Id
X-Timing-Wait
X-Proxy-Build
X-NODE
X-Cms-Context
X-Cluster
X-Servername
Url
Selected-Fe
X-Extlb
X-Detected-As
X-Origin
X-Generated-By
X-Cloudmap
X-Routing-Service
VIX-Pulpo-Upstream-Status
X-S
VIX-Pulpo-Node
X-Proxied
X-Zipkin-Id
Referer-Policy
Cross-Origin-Embedder-Policy
X-LSADC-Cache
X-Hit
X-DataDome
X-SRV
X-Rocket-Nginx-Serving-Static
X-DynaTrace
Xserver
X-XRDS-Location
X-Lagoon
X-Ms-Request-Id
X-Ms-Version
N-Cache
X-Via-JSL
X-Webkit-Csp
X-Xfnlog-Site
X-Tumblr-Pixel-3
WPO-Cache-Status
LB
WPO-Cache-Message
X-Azure-Ref-OriginShield
Source
X-NWS-UUID-VERIFY
Surrogated-Key
X-App-Version
CF-IPCountry
X-Cache-Debug
X-VCT
X-RCS-CacheZone
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Proxy-Cache-Status
X-Worker
X-Sucuri-Cache
X-Upstream-Ct
X-Upstream-Ht
X-Generation-Time
X-UA
Cross-Origin-Opener-Policy-Report-Only
X-Geo-Region
X-Is-Desktop
X-Is-Supported-Browser
X-Is-Tablet
Node
Ohc-File-Size
X-F-Cache
X-Is-Mobile
CDN-RequestId
X-Tcp-Rtt
X-Browser-Name
X-Drupal-Cache-Tags
X-Drupal-Cache-Contexts
X-Sucuri-ID
Locale
X-Urbn-Site-Id
X-Urbn-Context-Path
X-No-Session
X-Signature
X-RateLimit-Limit
X-B-Cache
X-Cdn-Origin
X-MP-GENERATED-AT
X-Varnish-Beresp-Ttl
X-Tx-Id
X-Sorting-Hat-PodId
X-RID
X-Storefront-Renderer-Rendered
X-Sorting-Hat-ShopId
X-Alternate-Cache-Key
X-ShopId
X-Shopify-Stage
X-ShardId
X-Locale
X-Cache-Rule
X-Cache-Operation
X-HS-CF-Cache-Status
AMP-Access-Control-Allow-Source-Origin
X-Service
Lang
L
L5d-Success-Class
X-Access
HA-Ipaddr
Gannett-Cam-Experience-Id
Cdnsip
Content-Secure-Policy
Cdncip
Candidate-Md5Url
Cache-Provider
DCR-Decision-By
DCR-Processing-Time-Ms
Mail-Subject
Fastly-GeoIP-CountryCode
Fastly-Backend-Name
Expect-Staple
Ha-Gx-Prefs
Odigeo-Trace-Id
We-Hiring
Wxu-Next-Commit
X-A-Wwc
W
User-Agent
Wxu-Next-Hostname
Wxu-Next-Region
X-A-Dam
X-A-Dgt
X-A-Ccd
X-A
Thinkindot-CacheControl-Type
TDXMobile
X-A-Dcw
Origin
Ngx.Var.Host
X-AB-Test
Meta-Geo-Continent
Origin-Agent-Cluster
PFcat
Sslversion
Rendered-Blocks
Redirect-Candidate
Producers
MD5-Digest
X-Cache-NE
X-Path
X-Origin-Time
X-Origin-Response-Time
X-PAYTM-SRV-ID
X-Platform-Server
X-Proxy-CacheRZ
X-Proxied-Request
X-Proto
X-Origin-Expires
X-Op-Id-All
X-Jobs
X-Internal-TTL
X-INCAP-ABP
X-Loc
X-Mly-Id
X-Nyt-Route
X-Mvc-Supplant-Cachable
X-Request-Time
X-Rojux
X-Vdms-Version
X-VarnishDD-TTL
X-Varnish-Remaining-TTL
X-Vmg-Version
X-Vtex-Remote-Cache
XkeyRZ
Xc-Version
X-We-Are-Hiring
X-Varnish-CookieINHashed-On
X-Varnish-CookieHashed-On
X-Section
X-ScT
X-Scheme
X-Shield-Cache-Expires
X-Thinkindot-L3
X-Varnish-Authentication
X-TIM-N
X-Ig-Push-State
X-Ig-Origin-Region
BehaviorPad-Version
X-Cache-Info
X-Cache-Aspx
X-CGP
X-Conf
X-D
X-Csrf-Jwt
X-Contensis-Viewer-Groups
X-Bug-Bounty
X-BCube-Filmed-By
X-Akamai-Device-Characteristics
X-AK-Request-ID
X-Aicache-OS
X-Amz-Storage-Class
X-App-Name
X-Bc-Bl
X-Backend-Instance
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-GeoCode
X-Gdpr
X-FC-Vary-Parameters
X-GeoCountry
X-GeoIP
X-HN
X-GeoIP-City
X-Eu-Site
X-Epic-Correlation-Id
X-Depends
X-DefHash
X-DefElseHash
X-Developer
X-DPWN-IS-SECURE
X-Ec-GeoHdr
X-Ec-Fail
X-Aed
Thinkindot-CacheControl
Apple-News-Services-Parsed-Url
Azure-SiteName
X-NGINX-Cache
Apple-News-Services-Handled
Azure-SlotName
Apple-News-Services-Request-Url
Azure-RegionName
Azure-InstanceId
Azure-Version
Apple-News-Services-Host
X-XRDS-LOCATION
X-ElasticPress-Query
Mime-Version
X-Site-Version
Akamai-Mon-Iucid-Del
X-Cache-Hit
X-Clientip
X-Content-Age
X-Content-Length
X-Cdn-Srv
X-CacheTTL
X-Cache-Grace
X-Cache-Id
X-Cached-By
X-Core-Value
X-Date
X-Esi-Check
X-Fastly-Backend
X-Fmm-Version
X-Edge-Server
X-Ec-Custom-Error
X-Wikidot-Backend
X-Dispatcher-Server
X-Cache-Bucket
X-Pad
Web-Mar-Region
X-ORCA-Accelerator
Fl-Custom-Application
V-Age
Tube-Return
Tube-Got-Eval
Tube-Got-Results
X-Accel-Expires-Debug
X-Acquia-Purge-Cdn-Unconfigured
X-Wikidot-Static-Cache
X-BBC-Edge-Cache-Status
X-Bl-Debug
X-B3-Trace-ID
X-Auto-Login
X-Amz-Meta-Cb-Modifiedtime
Yak-Timeinfo
X-Gamma-Serve
X-Generated-On
X-Cdn-Forward
X-SIPLIST1
X-Varnishpool
X-VG-WebCache
X-Via-Fastly
X-Policy
X-Pool
X-Powered-By-VTEX-Cache
X-Slack-Backend
X-Slack-Shared-Secret-Outcome
X-UA-Device-Type
X-Varnish-Director
X-Var-Ttl
X-Tb-Optimization-Total-Bytes-Saved
X-SVT-ORM-VERSION
X-Sn-Servicetimems
X-SVT-ORM-RULES
X-Platform
X-Viewer-Country
X-Hash
X-HS-Content-Campaign-Id
X-Human
X-Gzip
X-GoCache-CacheStatus
X-GeoIP-Country-Code
X-GeoIP-Region-Code
Tube-Get-Contents
X-Level-Front-Cache
X-Org
X-VTEX-Cache-Time
X-VTEX-Cache-Server
X-NodeID
X-NMSegId
X-Location
X-Micro-Cache
X-V-Cache
X-Irp-Debug
RNT-Machine
Cdn-Request-Time
Esi-Enabled
Origin-EX
Origin-CC
Server-Host
IsBot
Product
Cdn-Host
Platform
Release
Fastly-SSL
CDCHOST
Canary
Host-ID
Cache
Req-Svc-Chain
Cache-Key
Gh-Request-Id
RNT-Time
Debug
Click-Count-Error
Cluster
A
Content-Style-Type
Content-Script-Type
DSUID
NGX
NM-Fastcgi-Cache
Click-Count-Action-Start
Country-Code
X-Cache-FS-Status
X-Req
X-Server-IP
X-SD-PageType
X-SB
X-Gen-Mode
X-Request-Start
X-Request-Host
CDN-Cache
X-Hnp-Log
Pramga
X-Pubstack
X-Varnish-Beresp-Status
X-VG-TLSProxy
CDN-RequestCountryCode
X-CUA
CDN-RequestPullSuccess
CDN-PullZone
CDN-RequestPullCode
CDN-EdgeStorageId
X-Thanos
CDN-Uid
CDN-CachedAt
X-Block-Status
User-Cache-Control
X-Bip
X-Mvc-Supplant-OutputCached
X-Node-Id
Req-ID
X-Men
ServerName
XM
Ssr
X-Newrelic-Synthetics
X-LB-NoCache
X-TA-CDN-Provider
X-HOST
X-VServer
X-Optimistic-Header
X-Litespeed-Tag
X-Varnish-Hits
X-CACHE-GROUP
X-Geolocation
X-Cache-Date
TP-L2-Cache
X-Cs
Sid
X-B-Cookie
X-IsAdmin
X-External-Request-Id
X-Destination
X-S-Cookie
X-Refresh
X-Application
X-Api-Version
X-Oracle-Dms-Ecid
X-Dc
X-CLOUD-TRACE-CONTEXT
X-APP
X-HITS
X-Via-Edge
X-GEO
Edge-Copy-Time
Proxy-Firewall
X-Nananana
X-Via-CDN
X-Zen-Fury
X-Via-SSL
X-Servedbyhost
CloudFront-Viewer-Country
Fastly-Drupal-HTML
X-LiteSpeed-Tag
X-CDN-Forward
Cdn-Requestid
X-User
X-RequestId
True-Client-Country-4JS
GeoIP-Latitude
X-DC
X-ZONE
X-LiteSpeed-Cache-Control
X-HA-Backend
C-Via
X-Via-Popv
X-LJ-Flow-ID
X-Via-Popn
Sever-Int
X-AIR-PT
X-VWS-Id
Server-ID
Server-Hostname
Server-Ext
X-Webkit-Csp-Report-Only
X-Via-Poph
X-AWS-Id
X-B3-Spanid
X-Test
X-Endurance-Cache-Level
X-FTR-Cache-Status
X-FTR-Balancer
X-FTR-Expires
Ohc-Cache-HIT
X-FTR-Backend-Server
X-Country-Code-Real
X-FTR-Backend
X-Nc
X-Air-Pt
X-Wa
Adler-Geo
X-VC-TTL
X-Provided-By
X-LB-ID
Fastly-Drupal-Html
Is-Eu
X-Zone
X-Dispatcher-Number
HostName
X-B3-Parentspanid
X-Nginx-Cache-Key
X-Presslabs-Stats
Cdn
X-Tt-Logid
X-DynaTrace-JS-Agent
X-URL
X-COUNTRY
X-TH-Server
WP-Super-Cache
WZWS-RAY
X-Vgn-Hpd-Reason
X-CS
S-Rt
X-Geo-Header
X-Resp-Is-Stale
SID
X-Moov-Xdn-Caching-Status
GeoIp-Country-Code
T-Server
X-Moov-T
X-Custom-Header
X-Moov-Xdn-Version
Cache-Tv-Group
X-Srv
X-CACHE-AGE
X-Pass-Why
X-ND-Cache
X-DataCenter
X-Old-Content-Length
X-Fpc
X-Datadome
X-HubSpot-Correlation-Id
X-API-Version
X-Parent-Response-Time
X-Cache-Server
Vc-Max-Age
True-Client-IP
X-NewRelic-App-Data
X-CMSURLCustom
X-Oracle-Dms-Rid
Pics-Label
Resin-Trace
X-Vercel-Cache
Uri
Location
SEZNAM-JOBS-OFFER
X-Action
X-Cache-VC
X-Vercel-Id
X-Thinkindot-L1
True-Client-Ip
Powered-By
X-Srcache-Store-Status
X-Srcache-Fetch-Status
Vix-Hermes-Req-Id
X-SERVER-NAME
Tcn
X-Stale
X-Ckpd-Fst-Backend
GeoIP-Country-Code
X-TX-ID
X-Fastly-Cache
X-FPC
N1-Cache
X-Litespeed-Cache-Control
Serverhost
X-Varnish-Beresp-TTL
X-Client-Ip
X-Dynatrace-Js-Agent
On-Server
X-Cache-TTL-Remaining
Thinkindot-Control
X-APP-VERSION
X-Datacenter
Sm-Log-Id
Srv
ServerHost
X-Service-Response-Time
X-Amz-Meta-Opti
X-WA-Info
TWC-GeoIP-City
Av-Poweredby
TWC-GeoIP-Region
X-Proxy-Cache-La3
TWC-GeoIP-DMA
X-PHP-Backend
AKAMAI
Cache-Hits
X-ApacheServer
X-Debug-Service
Hostname
Xkeylog
X-Fastly-Cache-Status
X-PERF
Xkey-La3
X-Nitro-Cache
X-Cdn-Cache-Status
X-Ua
X-NC
X-Uri
X-Render-Time
Server-Id
X-Air-Hostname
X-WA
X-Air-Trace-Id
X-Air-Source
X-Ssense-Shipping-Surcharge-Enabled
X-Vc
X-Ssense-Gql
X-Lb-Id
X-Ion-Hop
Store-Cloud-Cache
Log-Origin
X-Jungle-Id
X-Ion-Healthy
X-Geo
X-Fastly-Backend-Reqs
X-Info
Time-Cloud-Cache
Cache-Contol
RewriteTestHook
X-Udemy-Cache-App-Namespace
Magicmarker
X-Ee-Request-Date
Cl-Cache
X-Cms-Device
X-Ee-Request-Id
RewriteTeamHook
X-Vary-Devices
Geoip-Latitude
X-Ee-Generated-By
X-Ee-Origin
X-Save-Cache
X-Cache-Ttl
X-Github-Request-Id
X-Oracle-DMS-ECID
Lb
X-Via-PopN
X-Via-PopH
X-Ha-Backend
My-App
Cmstype
X-Via-PopV
Cf-Ipcountry
Cmsid
X-Esi
Cloudfront-Viewer-Country
X-VCL-Version
X-VTEX-Cache-Backend-Connect-Time
X-Up
X-Akamai-Pragma-Client-IP
X-Requestid
X-VTEX-Cache-Backend-Header-Time
X-From
X-CDN-Cache-Status
X-ServedByHost
X-App
X-IAuth-Set-Uid
X-V
CDN
CacheControlHeader
Warning
X-Rollout
WWW-Authenticate
WebServer
X-New
X-Eligible
X-Traceid
X-Limited
CountryCode
X-Correlation-ID
X-LAGOON
X-Forwarded-Site
Machine
X-Dw-Trace-Id
X-Region-Sid
Cneonction
X-MSEdge-Features
X-MSEdge-Flight
Server-Info
Pragrma
X-Akamai-Transformed
FSS-Cache
X-Pod
Reporter
X-Lb-Nocache
X-Serial
X-Acquia-Purge-Tags
X-Acquia-Site
X-Check-Cacheable
X-HS-Status
X-Acquia-Application-UUID
X-Acquia-Application-Trace
X-Sucuri-Id
X-Cdn-Request-ID
X-EC-Lua
X-BBC-Origin-Response-Status
Thinkindot-Cache-Type
X-Td-Header-From-No-Data
NtCoent-Length
Timeexpire
X-Web-Server
X-Tncms-Bot-Tier
X-Akamai-ERRuleID
X-Orig-Cache-Control
X-Ramcache
CF-Cached-On
X-Platform-Cluster
X-Platform-Processor
Edge-Cache
X-Platform-Router
X-Ms-Lease-Status
X-Ftr-Request-Id
X-Ms-Blob-Type
X-Akamai-ERPolicy
X-Elasticpress-Query