Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
X-Frame-Options
Expires
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
CF-Cache-Status
Cf-Request-Id
ETag
Accept-Ranges
Expect-CT
CF-RAY
Pragma
X-Powered-By
X-Cache
Via
Age
X-XSS-Protection
Content-Security-Policy
Report-To
Alt-Svc
NEL
Referrer-Policy
Access-Control-Allow-Origin
X-Xss-Protection
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
X-Served-By
X-Download-Options
P3P
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
CF-Ray
P3p
Content-Security-Policy-Report-Only
X-Runtime
X-DNS-Prefetch-Control
X-AspNet-Version
X-Drupal-Cache
Server-Timing
X-Generator
X-Cache-Status
X-Cacheable
Accept-CH
X-Envoy-Upstream-Service-Time
X-Request-ID
X-FRAME-OPTIONS
Timing-Allow-Origin
X-Iinfo
X-Drupal-Dynamic-Cache
Permissions-Policy
X-Content-Security-Policy
Access-Control-Expose-Headers
Feature-Policy
X-Check
Upgrade
Content-Encoding
Status
X-CDN
X-Ua-Compatible
X-AspNetMvc-Version
Access-Control-Max-Age
Host-Header
Cf-Edge-Cache
X-Robots-Tag
Request-Context
X-Amz-Request-Id
X-Amz-Id-2
X-Backend
X-Hacker
X-Turbo-Charged-By
Cf-Apo-Via
X-Cache-Group
X-Proxy-Cache
Keep-Alive
X-Via
X-Rq
X-Age
X-Server
EagleId
X-Dispatcher
X-UA-Device
X-Vhost
X-Amz-Version-Id
X-AH-Environment
X-Ws-Request-Id
X-Dns-Prefetch-Control
X-Varnish-Cache
Grace
X-Server-Powered-By
X-Litespeed-Cache
Accept-CH-Lifetime
X-WebKit-CSP
X-Pingback
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
Allow
X-Swift-CacheTime
X-Swift-SaveTime
X-Cache-Lookup
Ali-Swift-Global-Savetime
X-OneAgent-JS-Injection
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Page-Speed
X-Cloud-Trace-Context
X-Device
X-Backend-Server
EagleEye-TraceId
X-Akam-SW-Version
X-Host
Surrogate-Control
X-Response-Time
Xkey
Cf-Railgun
X-Readtime
X-Node
X-HW
X-LiteSpeed-Cache
X-Server-Id
Request-Id
X-Ruxit-JS-Agent
X-Country
X-Url
X-Nginx-Cache-Status
X-Content-Type
Cache-Tag
X-NWS-LOG-UUID
X-Application-Context
Content-Location
X-Nginx-Upstream-Cache-Status
X-Clacks-Overhead
Service-Worker-Allowed
X-Trace
Accept-Ch-Lifetime
Cross-Origin-Opener-Policy
X-Amz-Server-Side-Encryption
Fastly-Restarts
X-Country-Code
X-Times
X-Rack-Cache
X-PC
X-Vname
X-TtlSet
X-Mcache
X-Edge
X-Midtier
X-Oneagent-Js-Injection
Rating
Surrogate-Key
X-Server-Name
X-Browser-Type
X-Middleton-Display
X-Sol
Display
Pagespeed
X-Cache-TTL
X-Cnection
X-Element-Page-Cache
X-Abt-Application-Version
X-Kinja
X-Exp-Id
X-Kinja-Build
X-Kinja-Revision
X-Cdn-Fetch
X-GoogleNews-Bot
X-Exp-Variant
X-Kinja-Server
X-ESI
Nginx-Cache
X-Ser
X-Powered-By-Plesk
X-GitHub-Request-Id
Edge-Control
X-ECACHE
Verso
X-D2id
X-Ac
X-Vcap-Request-Id
X-MS-InvokeApp
X-Client-IP
X-Dw-Request-Base-Id
X-ARC
X-ORACLE-DMS-RID
X-Amz-Rid
X-Middleton-Response
Response
X-CST
X-Goog-Hash
X-Daa-Tunnel
X-Powered-CMS
X-Navigation-Version
X-Upstream
X-PDP-UNCACHING-HASH
X-Erf-Bev-Bev-Is-Generated
X-Edge-Location-Klb
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
X-Instrumentation
X-Erf-Bev-Bev
X-Kinsta-Cache
X-Server-ID
X-B3-TraceId
X-Wormhole-Sdk
X-Ua-Device
X-Forwarded-For
X-Amzn-Trace-Id
X-Ruxit-Js-Agent
X-Cache-Key
RTSS
X-NF-Request-ID
AR-SID
AR-Request-ID
AR-PoweredBy
AR-ATIME
X-Ratelimit-Limit
SPIisLatency
SPRequestDuration
X-Ratelimit-Remaining
X-Mod-Pagespeed
Edge-Cache-Tag
Cache-Status
X-ORACLE-DMS-ECID
X-FastCGI-Cache
Public-Key-Pins
X-Version
X-Mg-S
X-Ttl
X-Ezoic-Cdn
AR-CACHE
X-Content-Digest
Cross-Origin-Resource-Policy
SPRequestGuid
X-SharePointHealthScore
Realpath
S
X-Fastly-Request-ID
X-Shield-Request-Id
X-MSEdge-Ref
Fastcgi-Cache
X-T
X-Cached
X-Varnish-TTL
X-Recruiting
X-Accel-Expires
X-Distributor
Front-End-Https
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
Access-Control-Request-Method
X-TTL
TP-Cache
X-Newrelic-App-Data
X-Correlation-Id
X-Debug
Count-Hit
X-Azure-Ref
X-Id
X-Request-Processing-Time
MicrosoftSharePointTeamServices
X-Request-Received
Arr-Disable-Session-Affinity
X-Ua-Browser
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Cache-Config
Server-Node
X-LLID
X-Content-Security-Policy-Report-Only
X-VARITI-CCR
X-HS-Combine-CSS
X-Frontend
Cache-Tags
X-Cluster-Name
X-Ismobilevalue
X-Hits
X-PressLabs-Stats
Origin-Trial
Accept-Ch
Payment
X-GUploader-UploadID
X-Amz-Replication-Status
X-Varnish-Backend
X-LB-Cache
X-Goog-Metageneration
X-Forwarded-Proto
X-Protected-By
Pinterest-Generated-By
X-Request-Handler-Origin-Region
Pinterest-Version
X-Pinterest-Rid
X-Microsite
Host
X-Unique-Id
X-Git-Hash
X-FB-Debug
Cleartype
X-Varnish-Server
X-Logged-In
Content-Disposition
X-AppVersion
X-Www-Served-By
X-Activity-Id
X-Az
Filterid
X-Ratelimit-Reset
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-NGENIX-Cache
X-Hostname
X-App-Server
X-Fastcgi-Cache
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Page-Id
X-DIS-Request-ID
X-HP-Webp
X-Jurisdiction
X-Cambria-Cache-Control
X-HP-Trace-Id
X-Xrds-Location
X-Nf-Request-Id
X-Geo-Country
Akamai-GRN
Mrf-Cache-Status
MRF-Tech
X-B3-TraceId-Primal
Access-Control-Allow-Method
X-Aspnet-Version
X-Origin-Server
X-Template
X-Load-Cache
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
X-ASPNET-VERSION
Retry-After
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Upgrade-Enabled
X-TEC-API-ORIGIN
X-Goog-Generation
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Varnish-Ttl
Frame-Options
MS-Author-Via
X-Type
Accept-Charset
Fastly-SWR
X-Ah-Environment
Viewport
Fastly-SIE
Section-Io-Cache
X-Content-Options
Version
X-Fb-Rlafr
X-TT
X-Cache-Control
X-B3-Sampled
X-B
Content-MD5
X-Grace
Amp-Access-Control-Allow-Source-Origin
X-Rid
X-Request-Guid
X-Revision
X-Trace-Id
X-Envoy-Decorator-Operation
X-Cdn
X-Device-Type
Healthy
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Source
X-Vcl-Version
X-Origin-Cache
X-Magnolia-Registration
X-RateLimit-Remaining
X-Amz-Meta-S3cmd-Attrs
X-Cache-Age
Server-Name
X-Aspnetmvc-Version
X-Webkit-CSP
X-Contextid
X-Language
X-CSRF-Token
X-Px
X-WP-CF-Super-Cache-Active
X-Buckets
X-Mobile
X-Backend-Name
TCN
Trailer
X-FTR-Request-ID
X-Proxy
X-Akamai-Edgescape
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
X-App-Environment
X-RemovedCookies
X-Tumblr-Pixel
X-Status
X-ProcessESI
X-RM-Cache-TTL
X-Tumblr-User
X-Storage
X-Framework
X-Mg-Request-UUID
X-Environment-Context
DC
X-L-Path
X-Region
X-NYM-Debug-Backend
X-Rule
X-Instance
X-Debug-Info
Access-Control-Request-Headers
X-Debug-IsConnected
X-HTML-Minification-Powered-By
Cross-Origin-Window-Policy
X-Varnish-Grace
GEO-INFO
X-UUID
NGB
X-Debug-IsPreview
SD-X-WS
X-ServerID
X-Cacheable-TTL
X-Content-Powered-By
X-FW-Dynamic
X-Adobe-Loc
X-Proxy-Cache-Info
X-FW-Serve
X-Node-Name
X-FW-Hash
X-Adobe-Content
X-FW-Server
X-FW-Type
X-G
X-FW-Version
X-FW-Static
X-Tec-Api-Origin
X-Datadog-Trace-Id
X-Datadog-Sampled
Ms-Operation-Id
X-Datadog-Parent-Id
MS-CV
X-Is-Bot
X-Seen-By
X-Rendered-As
X-RTag
X-Tec-Api-Version
X-Tec-Api-Root
X-Datadog-Sampling-Priority
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Cache-Time
Upgrade-Insecure-Requests
X-EdgeConnect-Cache-Status
Paypal-Debug-Id
X-Edge-Location
Charset
X-HS-Prerendered
X-User-Agent
Webserver
Protected
Countrycode
X-B3-Traceid
X-Whom
Front
OT-Force-Account-Verify
X-Lambda-Id
Refresh
X-WebKit-CSP-Report-Only
Section-Io-Id
X-TraceId
X-VC
X-VHOST
X-ECache
X-TT-LOGID
X-IPS-LoggedIn
X-Reqid
Cross-Origin-Embedder-Policy-Report-Only
X-Original-Request-Id
X-Response-Served-From
Priority
X-Cache-Status-Check
X-AB
Alternate-Protocol
X-Akamai-Request-ID2
X-N
X-Amzn-Remapped-Content-Length
SRV
Country
X-Time
Xet-Cookie
Backend
X-WP-CF-Super-Cache-Cookies-Bypass
X-Server-W
Liferay-Portal
X-B3-SpanId
X-Hl-Ver
X-CCDN-CacheTTL
X-Hcs-Proxy-Type
X-CCDN-Origin-Time
X-Mode
X-Real-IP
Onion-Location
X-Web-Node
X-Accel-Version
Filters
X-Cache-Host
X-Auth-Group-Type
Fastcgi-Useragent
Webcakes-Region
X-Cache-Expired-At
Webcakes-App-Version
TWC-GeoIP-LatLong
TWC-GeoIP-Country
TWC-Connection-Speed
ServerID
TWC-Locale-Group
TWC-Privacy
X-VC-Cache
Webcakes-App-Name
Meta-Geo
From-Origin
X-Format
X-Rewrite-Enabled
X-Rn-Rsrv
X-Origin-Hint
Property-Id
X-Tb
Environment
X-Origin-CC
X-Origin-TTL
X-Origin-Date
X-JoinUs
X-Tumblr-Pixel-2
X-UPSTREAM-Address
X-Fetched-On
X-Frame-Option
X-Skip-Cache
X-SaId
X-Scope-Id
X-FB-TRIP-ID
TWC-Device-Class
X-Connection-Hash
X-Cluster-Node
X-Director
X-Forwarded-Host
X-IPLB-Instance
X-Hosted-By
X-Cache-Action
X-BYPASS-REASON
Expiry
Atl-Traceid
Mn-Server-Ip
Uber-Trace-Id
Web-Mar-Node
X-IPLB-Request-ID
X-ProxyCache-Key
X-Varnish-Age
X-SayCDN-TTL
X-Varnish-Cache-Hits
X-Webstats-RespID
DB-Nickname
X-Say-TTL
X-Say-Cacheable
X-R9-Blue-Green-Version
X-ProxyCache-Status
X-Redis-Cache
X-Request-URI
X-Restarts
X-Nginx-Cache
X-Logging-Id
Accept-Language
X-Labrador-Cache-Channel
X-Loop
X-Adobe-Source
X-Httpd
X-Handled-By
X-Cms-Context
Apigw-Requestid
X-Fastly-Request-Id
X-PHP-Host
X-Soup
X-Varnish-Beresp-Grace
X-Vcache
X-Served-From
X-Tncms
X-Wix-Request-Id
ServedBy
X-Proxy-Build
Url
X-Cluster
X-Timing-Wait
Selected-Fe
X-Servername
X-Extlb
X-Rocket-Nginx-Serving-Static
X-Detected-As
X-Zipkin-Id
X-Cloudmap
X-Routing-Service
X-Origin
X-Proxied
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Generated-By
X-S
X-LSADC-Cache
X-Hit
Referer-Policy
Cross-Origin-Embedder-Policy
X-DataDome
N-Cache
X-DynaTrace
Xserver
X-XRDS-Location
X-Lagoon
X-Ms-Request-Id
X-Ms-Version
X-Via-JSL
X-Tumblr-Pixel-3
X-Webkit-Csp
X-Xfnlog-Site
X-SRV
WPO-Cache-Status
WPO-Cache-Message
LB
X-Azure-Ref-OriginShield
Source
X-NWS-UUID-VERIFY
Surrogated-Key
X-Worker
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
CF-IPCountry
X-App-Version
X-RCS-CacheZone
X-Cache-Debug
X-VCT
X-Proxy-Cache-Status
X-Sucuri-Cache
X-Upstream-Ht
X-Upstream-Ct
X-Generation-Time
X-UA
Cross-Origin-Opener-Policy-Report-Only
X-Is-Supported-Browser
X-Tcp-Rtt
X-F-Cache
X-Geo-Region
X-Is-Desktop
X-Is-Mobile
Ohc-File-Size
Node
X-Is-Tablet
X-Browser-Name
X-Drupal-Cache-Contexts
X-Drupal-Cache-Tags
X-Sucuri-ID
Locale
X-No-Session
X-Urbn-Site-Id
X-Urbn-Context-Path
X-Cdn-Origin
X-B-Cache
X-Signature
X-RateLimit-Limit
X-NODE
CDN-RequestId
X-Varnish-Beresp-Ttl
X-Tx-Id
X-MP-GENERATED-AT
X-Storefront-Renderer-Rendered
X-Sorting-Hat-ShopId
X-ShopId
X-Sorting-Hat-PodId
X-ShardId
X-Shopify-Stage
X-RID
X-Alternate-Cache-Key
X-Service
AMP-Access-Control-Allow-Source-Origin
X-Locale
X-Cache-Rule
X-ElasticPress-Query
X-Cache-Operation
X-HS-CF-Cache-Status
X-FC-Vary-Parameters
X-Gdpr
X-Scheme
X-Eu-Site
Thinkindot-CacheControl-Type
X-TIM-N
TDXMobile
Sslversion
X-GeoIP
Producers
X-GeoCountry
Redirect-Candidate
X-GeoCode
Rendered-Blocks
X-Ig-Push-State
X-Epic-Correlation-Id
X-Cache-NE
Wxu-Next-Hostname
X-Conf
X-Cache-Info
X-A
Wxu-Next-Region
X-DPWN-IS-SECURE
Wxu-Next-Commit
W
User-Agent
We-Hiring
X-Ec-GeoHdr
X-Ec-Fail
PFcat
X-GeoIP-City
Fastly-Backend-Name
Expect-Staple
Fastly-GeoIP-CountryCode
Gannett-Cam-Experience-Id
HA-Ipaddr
Ha-Gx-Prefs
DCR-Processing-Time-Ms
DCR-Decision-By
Cdncip
Candidate-Md5Url
Cdnsip
Cluster
Content-Secure-Policy
Host-ID
L
X-CGP
X-Thinkindot-L3
X-HN
Odigeo-Trace-Id
Origin-Agent-Cluster
Origin
Ngx.Var.Host
Meta-Geo-Continent
L5d-Success-Class
X-Ig-Origin-Region
Lang
Mail-Subject
MD5-Digest
X-A-Ccd
X-A-Dam
X-Op-Id-All
X-Nyt-Route
X-Origin-Expires
X-Varnish-CookieINHashed-On
X-We-Are-Hiring
X-Backend-Instance
X-Cache-Aspx
X-Csrf-Jwt
X-Proxied-Request
X-Loc
X-Mly-Id
X-D
X-App-Name
X-Mvc-Supplant-Cachable
X-Proto
X-Vtex-Remote-Cache
X-Varnish-Remaining-TTL
X-Vdms-Version
X-VarnishDD-TTL
X-Origin-Time
X-Contensis-Viewer-Groups
X-ScT
X-Path
X-Vmg-Version
X-Platform-Server
X-Bc-Bl
X-PAYTM-SRV-ID
X-BCube-Filmed-By
X-Bug-Bounty
X-Debug-Cache-Fetch
X-Proxy-CacheRZ
X-Depends
X-Rojux
XkeyRZ
X-Access
X-Varnish-Authentication
X-Aed
X-AB-Test
X-Developer
X-A-Dgt
X-A-Dcw
X-A-Wwc
X-Org
Cache-Provider
X-Section
X-INCAP-ABP
X-Shield-Cache-Expires
X-Jobs
X-AK-Request-ID
X-Akamai-Device-Characteristics
X-Request-Time
X-Amz-Storage-Class
X-Debug-Cache-Store
X-Varnish-CookieHashed-On
X-DefHash
Xc-Version
X-DefElseHash
X-Internal-TTL
X-Aicache-OS
X-Origin-Response-Time
Thinkindot-CacheControl
Azure-RegionName
Azure-InstanceId
Azure-SiteName
Azure-SlotName
Azure-Version
BehaviorPad-Version
Apple-News-Services-Request-Url
Apple-News-Services-Handled
Apple-News-Services-Parsed-Url
X-NGINX-Cache
Apple-News-Services-Host
X-Cache-Hit
X-XRDS-LOCATION
Mime-Version
X-Site-Version
Akamai-Mon-Iucid-Del
X-Fmm-Version
Server-Host
X-Hash
X-Gzip
X-GoCache-CacheStatus
X-UA-Device-Type
X-HS-Content-Campaign-Id
X-Human
X-V-Cache
X-Esi-Check
RNT-Time
X-Fastly-Backend
Web-Mar-Region
Yak-Timeinfo
X-Generated-On
X-Wikidot-Static-Cache
Tube-Return
Tube-Got-Results
Tube-Got-Eval
X-ORCA-Accelerator
X-Gamma-Serve
X-SVT-ORM-VERSION
X-GeoIP-Region-Code
Fl-Custom-Application
X-GeoIP-Country-Code
X-Tb-Optimization-Total-Bytes-Saved
V-Age
Tube-Get-Contents
X-Acquia-Purge-Cdn-Unconfigured
X-Clientip
X-Cache-Bucket
X-Varnishpool
X-Bl-Debug
X-Content-Age
X-Viewer-Country
X-Cache-Grace
X-Cache-Id
X-CacheTTL
X-VG-WebCache
X-Cached-By
X-Via-Fastly
X-Pad
X-Cdn-Srv
X-BBC-Edge-Cache-Status
X-Content-Length
Req-Svc-Chain
X-Wikidot-Backend
X-Dispatcher-Server
X-Accel-Expires-Debug
X-Var-Ttl
X-Ec-Custom-Error
X-Date
X-VTEX-Cache-Time
X-Auto-Login
X-B3-Trace-ID
X-Core-Value
X-Amz-Meta-Cb-Modifiedtime
X-Varnish-Director
X-VTEX-Cache-Server
X-Edge-Server
RNT-Machine
Gh-Request-Id
X-SB
X-Req
Fastly-SSL
DSUID
Esi-Enabled
X-Cdn-Forward
A
X-SD-PageType
X-SIPLIST1
X-NMSegId
X-Node-Id
X-NodeID
Debug
Content-Style-Type
Cdn-Host
Cdn-Request-Time
CDCHOST
Cache
Canary
X-Powered-By-VTEX-Cache
X-Pool
X-Platform
Content-Script-Type
X-Policy
Click-Count-Error
Click-Count-Action-Start
NGX
IsBot
Origin-CC
X-Sn-Servicetimems
Platform
Origin-EX
X-Irp-Debug
Cache-Key
X-Level-Front-Cache
X-Slack-Backend
X-Location
X-SVT-ORM-RULES
Product
X-Micro-Cache
Release
X-Slack-Shared-Secret-Outcome
NM-Fastcgi-Cache
X-Block-Status
CDN-RequestPullSuccess
CDN-Uid
X-Bip
X-Cache-FS-Status
CDN-CachedAt
CDN-Cache
X-VG-TLSProxy
CDN-EdgeStorageId
CDN-PullZone
CDN-RequestCountryCode
X-Hnp-Log
ServerName
CDN-RequestPullCode
X-CUA
X-Men
Req-ID
X-Request-Start
User-Cache-Control
X-Server-IP
XM
X-Mvc-Supplant-OutputCached
X-Thanos
X-Request-Host
X-Gen-Mode
Country-Code
Ssr
X-Pubstack
X-Varnish-Beresp-Status
Pramga
X-Varnish-Hits
X-TA-CDN-Provider
X-Optimistic-Header
X-LB-NoCache
Sid
X-Litespeed-Tag
X-HOST
X-VServer
X-Newrelic-Synthetics
X-CACHE-GROUP
X-Geolocation
X-Cache-Date
TP-L2-Cache
Cdn-Requestid
X-Cs
X-B-Cookie
X-Application
X-Api-Version
X-IsAdmin
X-S-Cookie
X-External-Request-Id
X-Destination
X-Refresh
X-CLOUD-TRACE-CONTEXT
X-Dc
X-Nananana
X-Servedbyhost
X-Zen-Fury
X-HITS
Edge-Copy-Time
X-Via-SSL
X-LiteSpeed-Tag
X-Via-Edge
X-Via-CDN
X-GEO
Proxy-Firewall
CloudFront-Viewer-Country
Fastly-Drupal-HTML
X-CDN-Forward
X-Presslabs-Stats
GeoIP-Latitude
X-APP
X-DC
X-User
True-Client-Country-4JS
X-RequestId
X-ZONE
X-LiteSpeed-Cache-Control
Server-Ext
X-Test
Server-Hostname
Server-ID
X-VWS-Id
X-Via-Popn
X-AIR-PT
X-Via-Popv
X-LJ-Flow-ID
X-Tt-Logid
X-HA-Backend
X-B3-Spanid
X-AWS-Id
X-Via-Poph
C-Via
Sever-Int
X-FTR-Expires
X-Endurance-Cache-Level
X-Country-Code-Real
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-Cache-Status
Ohc-Cache-HIT
X-FTR-Backend
X-Air-Pt
Is-Eu
Adler-Geo
X-Nc
X-Provided-By
X-Wa
X-VC-TTL
X-LB-ID
Fastly-Drupal-Html
X-DynaTrace-JS-Agent
X-Zone
X-B3-Parentspanid
X-Nginx-Cache-Key
X-Webkit-Csp-Report-Only
HostName
X-Dispatcher-Number
Cdn
X-Srv
X-COUNTRY
WP-Super-Cache
WZWS-RAY
X-TH-Server
X-URL
X-Oracle-Dms-Ecid
X-Vgn-Hpd-Reason
X-CS
S-Rt
X-Geo-Header
X-Pass-Why
X-Custom-Header
X-Moov-Xdn-Version
T-Server
GeoIp-Country-Code
X-Moov-T
X-Moov-Xdn-Caching-Status
Cache-Tv-Group
X-Resp-Is-Stale
X-CACHE-AGE
X-ND-Cache
X-Datadome
X-Old-Content-Length
X-Fpc
X-HubSpot-Correlation-Id
X-Parent-Response-Time
SID
X-API-Version
Vc-Max-Age
True-Client-IP
X-CMSURLCustom
X-Cache-Server
X-DataCenter
X-NewRelic-App-Data
Pics-Label
Resin-Trace
SEZNAM-JOBS-OFFER
Location
X-Action
Uri
X-Cache-VC
Powered-By
X-Vercel-Cache
X-Vercel-Id
True-Client-Ip
X-Thinkindot-L1
X-Srcache-Fetch-Status
X-Srcache-Store-Status
Vix-Hermes-Req-Id
Tcn
X-SERVER-NAME
Serverhost
X-Ckpd-Fst-Backend
X-Stale
N1-Cache
GeoIP-Country-Code
X-TX-ID
X-FPC
X-Litespeed-Cache-Control
X-Fastly-Cache
X-Client-Ip
X-Varnish-Beresp-TTL
X-Datacenter
X-Cache-TTL-Remaining
Thinkindot-Control
On-Server
Sm-Log-Id
X-Dynatrace-Js-Agent
X-Service-Response-Time
ServerHost
Srv
X-PERF
X-Oracle-Dms-Rid
X-ApacheServer
X-APP-VERSION
TWC-GeoIP-DMA
X-PHP-Backend
X-Nitro-Cache
Cache-Hits
AKAMAI
X-Cdn-Cache-Status
X-Fastly-Cache-Status
Hostname
TWC-GeoIP-City
X-Render-Time
TWC-GeoIP-Region
X-WA-Info
X-Amz-Meta-Opti
Xkey-La3
Xkeylog
X-Proxy-Cache-La3
Av-Poweredby
X-Debug-Service
X-NC
X-Ua
Server-Id
X-WA
X-Air-Trace-Id
X-Uri
X-Air-Hostname
X-Air-Source
X-Ssense-Gql
X-Vc
X-VCL-Version
X-Ssense-Shipping-Surcharge-Enabled
RewriteTeamHook
Geoip-Latitude
RewriteTestHook
X-Ion-Healthy
X-Lb-Id
Cl-Cache
Magicmarker
Log-Origin
Cache-Contol
X-Udemy-Cache-App-Namespace
X-Save-Cache
X-Cms-Device
X-Ee-Origin
X-Ee-Request-Date
Time-Cloud-Cache
Store-Cloud-Cache
X-Geo
X-Ion-Hop
X-Fastly-Backend-Reqs
X-Ee-Request-Id
X-Ee-Generated-By
X-Jungle-Id
X-Info
X-Vary-Devices
X-Cache-Ttl
X-Via-PopN
X-Via-PopV
X-Github-Request-Id
X-Oracle-DMS-ECID
My-App
X-Via-PopH
X-App
Cmsid
Cmstype
Lb
X-Ha-Backend
Cf-Ipcountry
X-Esi
Cloudfront-Viewer-Country
X-Requestid
X-Up
X-IAuth-Set-Uid
X-ServedByHost
X-CDN-Cache-Status
X-VTEX-Cache-Backend-Header-Time
X-From
X-VTEX-Cache-Backend-Connect-Time
X-Akamai-Pragma-Client-IP
X-V
CDN
X-Limited
CacheControlHeader
X-New
X-Rollout
WebServer
X-Traceid
Warning
X-Eligible
WWW-Authenticate
CountryCode
X-Correlation-ID
X-Dw-Trace-Id
X-Forwarded-Site
Machine
X-LAGOON
Cneonction
X-Region-Sid
X-MSEdge-Flight
X-MSEdge-Features
Reporter
X-Lb-Nocache
X-HS-Status
X-Acquia-Application-Trace
X-Pod
X-Serial
X-Acquia-Application-UUID
X-Akamai-Transformed
Server-Info
Pragrma
X-Acquia-Purge-Tags
X-Acquia-Site
X-Check-Cacheable
FSS-Cache
X-Sucuri-Id
CF-Cached-On
X-BBC-Origin-Response-Status
X-Web-Server
NtCoent-Length
X-Td-Header-From-No-Data
Thinkindot-Cache-Type
X-EC-Lua
X-Ftr-Request-Id
X-Cdn-Request-ID
X-Platform-Cluster
Edge-Cache
X-Tncms-Bot-Tier
Timeexpire
X-Akamai-ERPolicy
X-Akamai-ERRuleID
X-Orig-Cache-Control
X-Ms-Lease-Status
X-Platform-Processor
X-Platform-Router
X-Ramcache
X-Ms-Blob-Type
X-Elasticpress-Query