Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
X-Frame-Options
Expires
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
CF-Cache-Status
Cf-Request-Id
ETag
Accept-Ranges
Expect-CT
CF-RAY
Pragma
X-Powered-By
X-Cache
Via
Age
X-XSS-Protection
Content-Security-Policy
Report-To
Alt-Svc
NEL
Referrer-Policy
Access-Control-Allow-Origin
X-Xss-Protection
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
X-Served-By
X-Download-Options
P3P
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
CF-Ray
Content-Security-Policy-Report-Only
X-Runtime
X-DNS-Prefetch-Control
P3p
X-AspNet-Version
X-Drupal-Cache
Server-Timing
X-Generator
X-Cache-Status
Accept-CH
X-Cacheable
X-Envoy-Upstream-Service-Time
X-Request-ID
X-FRAME-OPTIONS
Timing-Allow-Origin
X-Iinfo
X-Drupal-Dynamic-Cache
Permissions-Policy
X-Content-Security-Policy
Access-Control-Expose-Headers
Feature-Policy
X-Check
Upgrade
Content-Encoding
Status
X-CDN
X-Ua-Compatible
X-AspNetMvc-Version
Access-Control-Max-Age
Host-Header
Cf-Edge-Cache
X-Robots-Tag
Request-Context
X-Amz-Request-Id
X-Amz-Id-2
X-Backend
X-Hacker
X-Turbo-Charged-By
Cf-Apo-Via
X-Cache-Group
X-Proxy-Cache
Keep-Alive
X-Via
X-Rq
X-Age
X-Server
EagleId
X-Dispatcher
X-UA-Device
X-Vhost
X-Amz-Version-Id
X-AH-Environment
X-Ws-Request-Id
X-Dns-Prefetch-Control
Accept-CH-Lifetime
X-Varnish-Cache
Grace
X-Server-Powered-By
X-WebKit-CSP
X-Pingback
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
Allow
X-Swift-CacheTime
X-Swift-SaveTime
X-Litespeed-Cache
X-OneAgent-JS-Injection
X-Cache-Lookup
Ali-Swift-Global-Savetime
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Page-Speed
X-Cloud-Trace-Context
X-Device
X-Backend-Server
EagleEye-TraceId
X-Akam-SW-Version
X-Host
Surrogate-Control
X-Response-Time
Xkey
Cf-Railgun
X-LiteSpeed-Cache
X-Readtime
X-Node
X-Server-Id
X-HW
Request-Id
X-Ruxit-JS-Agent
X-Country
X-Url
X-Nginx-Cache-Status
X-Content-Type
Cache-Tag
X-NWS-LOG-UUID
X-Application-Context
Content-Location
X-Nginx-Upstream-Cache-Status
X-Clacks-Overhead
Service-Worker-Allowed
X-Trace
Cross-Origin-Opener-Policy
X-Amz-Server-Side-Encryption
Fastly-Restarts
X-Times
X-Country-Code
X-Rack-Cache
X-PC
X-TtlSet
X-Vname
X-Edge
X-Mcache
X-Midtier
Rating
Surrogate-Key
X-Server-Name
X-Browser-Type
Pagespeed
X-Middleton-Display
Display
X-Sol
X-Cache-TTL
X-Cnection
X-Element-Page-Cache
X-Abt-Application-Version
X-Kinja
X-Cdn-Fetch
X-Exp-Variant
X-Exp-Id
X-Kinja-Build
X-GoogleNews-Bot
X-Kinja-Revision
X-Kinja-Server
X-ESI
Nginx-Cache
X-Oneagent-Js-Injection
X-Ser
X-GitHub-Request-Id
X-Powered-By-Plesk
Edge-Control
X-ECACHE
X-D2id
Verso
X-Ac
X-Vcap-Request-Id
X-MS-InvokeApp
X-Client-IP
X-Dw-Request-Base-Id
X-ARC
X-ORACLE-DMS-RID
X-B3-TraceId
X-Middleton-Response
Response
X-Amz-Rid
X-CST
X-Goog-Hash
X-Powered-CMS
X-Daa-Tunnel
X-Navigation-Version
X-Upstream
X-Erf-Bev-Bev-Is-Generated
X-Server-Lifecycle-Phase
X-PDP-UNCACHING-HASH
X-Edge-Location-Klb
X-Kraken-Loop-Name
X-Kinsta-Cache
X-Erf-Bev-Bev
X-Instrumentation
Accept-Ch-Lifetime
X-Wormhole-Sdk
X-Ua-Device
X-Forwarded-For
X-Amzn-Trace-Id
X-Ruxit-Js-Agent
X-Cache-Key
RTSS
X-NF-Request-ID
AR-PoweredBy
AR-SID
AR-Request-ID
AR-ATIME
X-Ratelimit-Limit
X-FastCGI-Cache
SPIisLatency
SPRequestDuration
X-Ratelimit-Remaining
X-Server-ID
X-Mod-Pagespeed
Edge-Cache-Tag
Cache-Status
Public-Key-Pins
X-Version
X-Mg-S
X-Ttl
X-Ezoic-Cdn
X-ORACLE-DMS-ECID
AR-CACHE
X-Content-Digest
X-SharePointHealthScore
Cross-Origin-Resource-Policy
SPRequestGuid
Realpath
S
X-Fastly-Request-ID
X-Shield-Request-Id
X-MSEdge-Ref
Fastcgi-Cache
X-T
X-Cached
X-Varnish-TTL
X-Recruiting
X-Accel-Expires
X-Distributor
Front-End-Https
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
Access-Control-Request-Method
X-TTL
TP-Cache
X-Newrelic-App-Data
X-Debug
X-Correlation-Id
Count-Hit
MicrosoftSharePointTeamServices
X-Request-Processing-Time
X-Id
X-Azure-Ref
X-Request-Received
X-HS-Hub-Id
X-Ua-Browser
X-HS-Content-Id
X-HS-Cache-Config
Arr-Disable-Session-Affinity
Server-Node
X-Content-Security-Policy-Report-Only
X-LLID
X-VARITI-CCR
X-HS-Combine-CSS
X-Frontend
Cache-Tags
X-PressLabs-Stats
X-Cluster-Name
X-Ismobilevalue
Origin-Trial
X-Hits
Accept-Ch
Payment
X-GUploader-UploadID
X-Amz-Replication-Status
X-Varnish-Backend
X-Goog-Metageneration
X-LB-Cache
X-Forwarded-Proto
X-Protected-By
X-Request-Handler-Origin-Region
Pinterest-Version
X-Pinterest-Rid
X-Microsite
Pinterest-Generated-By
Host
X-Unique-Id
Cleartype
X-Git-Hash
X-FB-Debug
X-Logged-In
X-Varnish-Server
Content-Disposition
X-Www-Served-By
X-AppVersion
X-Az
Filterid
X-Activity-Id
X-Ratelimit-Reset
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-NGENIX-Cache
X-Hostname
X-App-Server
X-Page-Id
X-Amzn-RequestId
X-DIS-Request-ID
X-Amz-Apigw-Id
X-HP-Webp
X-Cambria-Cache-Control
X-Jurisdiction
X-HP-Trace-Id
X-Xrds-Location
X-Nf-Request-Id
X-Geo-Country
Akamai-GRN
Mrf-Cache-Status
MRF-Tech
X-B3-TraceId-Primal
Access-Control-Allow-Method
X-Template
X-Load-Cache
X-Origin-Server
X-Aspnet-Version
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
Retry-After
X-ASPNET-VERSION
X-Fastcgi-Cache
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Goog-Storage-Class
X-Upgrade-Enabled
X-Varnish-Ttl
Frame-Options
X-Type
MS-Author-Via
X-Ah-Environment
X-Content-Options
Fastly-SIE
Fastly-SWR
Section-Io-Cache
Viewport
Accept-Charset
X-Fb-Rlafr
X-TT
Version
X-Cache-Control
X-B3-Sampled
X-B
X-Grace
Content-MD5
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
Amp-Access-Control-Allow-Source-Origin
X-Rid
X-Request-Guid
X-Revision
X-Trace-Id
X-Envoy-Decorator-Operation
X-Cdn
X-Device-Type
Healthy
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Source
X-Origin-Cache
X-Magnolia-Registration
X-Vcl-Version
X-RateLimit-Remaining
X-Amz-Meta-S3cmd-Attrs
X-Cache-Age
Server-Name
X-Webkit-CSP
X-Aspnetmvc-Version
X-Contextid
X-Language
X-CSRF-Token
X-Tec-Api-Root
X-WP-CF-Super-Cache-Active
X-Tec-Api-Version
X-Tec-Api-Origin
X-Px
X-Mobile
X-Buckets
Trailer
X-Backend-Name
TCN
X-FTR-Request-ID
X-Akamai-Edgescape
X-Proxy
X-Status
X-Tumblr-Pixel
X-App-Environment
X-RM-Cache-TTL
X-ProcessESI
X-Tumblr-Pixel-0
X-RemovedCookies
X-Tumblr-Pixel-1
X-Tumblr-User
X-Region
DC
X-Environment-Context
X-Debug-Info
X-L-Path
X-Mg-Request-UUID
X-Framework
X-NYM-Debug-Backend
X-Instance
X-Storage
Access-Control-Request-Headers
X-Rule
X-FW-Server
X-FW-Dynamic
X-FW-Serve
GEO-INFO
X-Debug-IsPreview
X-Content-Powered-By
X-Adobe-Loc
X-Adobe-Content
SD-X-WS
NGB
X-Cacheable-TTL
Cross-Origin-Window-Policy
X-FW-Static
X-Debug-IsConnected
X-FW-Hash
X-FW-Type
X-UUID
X-ServerID
X-Node-Name
X-G
X-FW-Version
X-Varnish-Grace
X-Proxy-Cache-Info
X-Datadog-Trace-Id
X-Datadog-Sampled
X-RTag
X-Datadog-Sampling-Priority
X-Rendered-As
X-Seen-By
MS-CV
Ms-Operation-Id
X-Is-Bot
X-Datadog-Parent-Id
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Cache-Time
X-EdgeConnect-Cache-Status
Upgrade-Insecure-Requests
Paypal-Debug-Id
X-Edge-Location
X-HTML-Minification-Powered-By
X-HS-Prerendered
Charset
X-User-Agent
Countrycode
Protected
Webserver
X-Whom
Front
OT-Force-Account-Verify
X-Lambda-Id
Refresh
X-WebKit-CSP-Report-Only
Section-Io-Id
X-TraceId
X-VC
X-VHOST
X-ECache
X-IPS-LoggedIn
X-TT-LOGID
X-Original-Request-Id
Cross-Origin-Embedder-Policy-Report-Only
X-Reqid
X-Response-Served-From
Priority
X-AB
X-N
Alternate-Protocol
X-Amzn-Remapped-Content-Length
SRV
X-Akamai-Request-ID2
X-Cache-Status-Check
Country
X-B3-Traceid
X-Time
Backend
Xet-Cookie
X-WP-CF-Super-Cache-Cookies-Bypass
X-Server-W
Liferay-Portal
X-B3-SpanId
X-Hl-Ver
X-CCDN-Origin-Time
X-Hcs-Proxy-Type
X-CCDN-CacheTTL
X-Mode
X-Real-IP
Onion-Location
X-Frame-Option
X-UPSTREAM-Address
X-FB-TRIP-ID
X-Fetched-On
X-Format
X-SaId
X-JoinUs
X-Rewrite-Enabled
X-Origin-Date
X-VC-Cache
X-Origin-Hint
X-Skip-Cache
X-Scope-Id
X-Rn-Rsrv
X-Tumblr-Pixel-2
X-Web-Node
TWC-GeoIP-LatLong
X-Tb
TWC-Locale-Group
TWC-Privacy
X-Origin-TTL
TWC-GeoIP-Country
Environment
ServerID
TWC-Device-Class
X-Origin-CC
Webcakes-App-Name
Meta-Geo
Filters
Fastcgi-Useragent
X-Auth-Group-Type
X-Cache-Expired-At
Property-Id
X-Accel-Version
Webcakes-App-Version
Webcakes-Region
From-Origin
X-Cache-Host
TWC-Connection-Speed
Expiry
X-IPLB-Instance
X-Hosted-By
Mn-Server-Ip
X-R9-Blue-Green-Version
Atl-Traceid
X-IPLB-Request-ID
X-ProxyCache-Status
X-Nginx-Cache
DB-Nickname
X-Webstats-RespID
X-Varnish-Age
X-Forwarded-Host
Uber-Trace-Id
X-Cluster-Node
X-Restarts
X-Connection-Hash
X-Request-URI
X-Director
X-Cache-Action
X-BYPASS-REASON
X-SayCDN-TTL
Web-Mar-Node
X-Say-TTL
X-Redis-Cache
X-Say-Cacheable
X-ProxyCache-Key
X-Varnish-Cache-Hits
Accept-Language
X-Logging-Id
X-PHP-Host
X-Varnish-Beresp-Grace
X-Tncms
X-Soup
Apigw-Requestid
X-Fastly-Request-Id
X-Adobe-Source
X-Cms-Context
X-Loop
X-Served-From
X-Vcache
X-Handled-By
X-Httpd
X-Labrador-Cache-Channel
ServedBy
Selected-Fe
Url
X-Servername
X-Cluster
X-Proxy-Build
X-Timing-Wait
X-Wix-Request-Id
X-Rocket-Nginx-Serving-Static
X-Origin
X-Proxied
X-Cloudmap
VIX-Pulpo-Node
X-Routing-Service
X-Zipkin-Id
X-Generated-By
X-Detected-As
X-S
X-Extlb
VIX-Pulpo-Upstream-Status
X-DataDome
X-LSADC-Cache
Cross-Origin-Embedder-Policy
Referer-Policy
X-Hit
N-Cache
X-DynaTrace
X-XRDS-Location
Xserver
X-Ms-Version
X-Ms-Request-Id
X-Webkit-Csp
X-Via-JSL
X-Tumblr-Pixel-3
X-Xfnlog-Site
X-SRV
X-Lagoon
WPO-Cache-Message
LB
WPO-Cache-Status
X-Azure-Ref-OriginShield
Source
X-NWS-UUID-VERIFY
Surrogated-Key
X-App-Version
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Worker
CF-IPCountry
X-Cache-Debug
X-VCT
X-RCS-CacheZone
X-Proxy-Cache-Status
X-Upstream-Ct
X-Generation-Time
X-Sucuri-Cache
X-Upstream-Ht
Cross-Origin-Opener-Policy-Report-Only
X-Is-Desktop
X-Is-Tablet
X-Geo-Region
X-F-Cache
X-Is-Mobile
X-Is-Supported-Browser
X-Tcp-Rtt
Ohc-File-Size
X-Browser-Name
Node
X-Sucuri-ID
Locale
X-Urbn-Site-Id
X-No-Session
X-Urbn-Context-Path
X-Cdn-Origin
X-Drupal-Cache-Tags
X-Drupal-Cache-Contexts
X-RateLimit-Limit
X-B-Cache
X-Signature
X-UA
X-NODE
X-Tx-Id
CDN-RequestId
X-MP-GENERATED-AT
X-Varnish-Beresp-Ttl
X-Shopify-Stage
X-Sorting-Hat-PodId
X-ShopId
X-ShardId
X-Alternate-Cache-Key
X-Sorting-Hat-ShopId
X-Storefront-Renderer-Rendered
X-RID
X-Service
X-Cache-Rule
X-Cache-Operation
X-ElasticPress-Query
X-Locale
X-HS-CF-Cache-Status
AMP-Access-Control-Allow-Source-Origin
X-Varnish-CookieHashed-On
TDXMobile
X-Varnish-Authentication
X-TIM-N
X-Thinkindot-L3
X-Varnish-CookieINHashed-On
Rendered-Blocks
Producers
X-VarnishDD-TTL
Redirect-Candidate
X-Varnish-Remaining-TTL
X-Shield-Cache-Expires
Sslversion
X-Section
X-Proxy-CacheRZ
X-Request-Time
X-Proxied-Request
Wxu-Next-Hostname
X-A
Wxu-Next-Region
Wxu-Next-Commit
X-Rojux
User-Agent
Thinkindot-CacheControl-Type
W
X-ScT
We-Hiring
X-Scheme
X-Vdms-Version
PFcat
Fastly-GeoIP-CountryCode
Fastly-Backend-Name
Gannett-Cam-Experience-Id
Ha-Gx-Prefs
Host-ID
HA-Ipaddr
Expect-Staple
DCR-Processing-Time-Ms
Cdncip
Candidate-Md5Url
Cdnsip
Cluster
DCR-Decision-By
Content-Secure-Policy
XkeyRZ
L
Ngx.Var.Host
X-Vtex-Remote-Cache
Odigeo-Trace-Id
Origin
Origin-Agent-Cluster
X-Vmg-Version
X-We-Are-Hiring
Xc-Version
Lang
L5d-Success-Class
Mail-Subject
MD5-Digest
Meta-Geo-Continent
X-A-Ccd
X-A-Dcw
X-App-Name
X-Ec-Fail
X-DPWN-IS-SECURE
X-Developer
X-Backend-Instance
X-Depends
X-Ec-GeoHdr
X-Epic-Correlation-Id
X-GeoCode
X-GeoCountry
X-Amz-Storage-Class
X-Gdpr
X-Eu-Site
X-FC-Vary-Parameters
X-DefHash
X-DefElseHash
X-CGP
X-Conf
Cache-Provider
X-Cache-NE
X-Bug-Bounty
X-Cache-Info
X-Contensis-Viewer-Groups
X-Csrf-Jwt
X-BCube-Filmed-By
X-Bc-Bl
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-D
X-GeoIP
X-GeoIP-City
X-Origin-Response-Time
X-Origin-Time
X-AB-Test
X-Access
X-Org
X-Origin-Expires
X-Path
X-A-Wwc
X-A-Dgt
X-Cache-Aspx
X-Proto
X-Platform-Server
X-PAYTM-SRV-ID
X-Op-Id-All
X-Nyt-Route
X-Aicache-OS
X-Ig-Push-State
X-AK-Request-ID
X-Akamai-Device-Characteristics
X-HN
X-Ig-Origin-Region
X-INCAP-ABP
X-Internal-TTL
X-Mly-Id
X-Mvc-Supplant-Cachable
X-Loc
X-Aed
X-Jobs
X-A-Dam
Thinkindot-CacheControl
Azure-RegionName
Azure-SlotName
Azure-Version
Azure-InstanceId
Apple-News-Services-Request-Url
Apple-News-Services-Handled
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
X-NGINX-Cache
Azure-SiteName
BehaviorPad-Version
X-Cache-Hit
Akamai-Mon-Iucid-Del
X-Site-Version
Mime-Version
Cache
X-XRDS-LOCATION
V-Age
X-Location
X-Cdn-Srv
X-Level-Front-Cache
Web-Mar-Region
X-Human
X-HS-Content-Campaign-Id
X-Irp-Debug
Cache-Key
RNT-Machine
Req-Svc-Chain
X-Micro-Cache
X-Req
X-Node-Id
X-Powered-By-VTEX-Cache
X-NodeID
X-Platform
X-Pool
X-NMSegId
Tube-Get-Contents
Server-Host
X-Policy
Tube-Return
Tube-Got-Results
Tube-Got-Eval
X-Hash
RNT-Time
X-Generated-On
X-Cache-Bucket
X-Cache-Grace
X-Pad
X-Bl-Debug
X-BBC-Edge-Cache-Status
X-Date
X-Cache-Id
X-Core-Value
X-Cached-By
X-CacheTTL
X-Clientip
X-Content-Age
X-Content-Length
X-Dispatcher-Server
X-B3-Trace-ID
X-GeoIP-Country-Code
X-Gamma-Serve
X-Acquia-Purge-Cdn-Unconfigured
X-GeoIP-Region-Code
X-GoCache-CacheStatus
X-Accel-Expires-Debug
X-Fmm-Version
X-Fastly-Backend
X-Ec-Custom-Error
X-Auto-Login
X-Edge-Server
X-Esi-Check
X-Amz-Meta-Cb-Modifiedtime
X-Gzip
X-SB
X-VTEX-Cache-Server
A
Gh-Request-Id
X-VTEX-Cache-Time
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-Viewer-Country
X-Via-Fastly
X-Varnish-Director
X-Var-Ttl
X-Varnishpool
X-VG-WebCache
Release
Fastly-SSL
Esi-Enabled
X-ORCA-Accelerator
Click-Count-Action-Start
Cdn-Request-Time
Cdn-Host
Canary
CDCHOST
Click-Count-Error
Fl-Custom-Application
Debug
DSUID
Content-Style-Type
Content-Script-Type
Yak-Timeinfo
X-V-Cache
IsBot
X-Sn-Servicetimems
Origin-EX
Origin-CC
X-SVT-ORM-RULES
X-Slack-Shared-Secret-Outcome
Platform
X-Cdn-Forward
X-SD-PageType
Product
X-SIPLIST1
X-SVT-ORM-VERSION
X-Slack-Backend
NM-Fastcgi-Cache
NGX
X-Tb-Optimization-Total-Bytes-Saved
X-UA-Device-Type
X-Block-Status
X-CUA
CDN-RequestCountryCode
CDN-RequestPullCode
CDN-RequestPullSuccess
X-Server-IP
CDN-Uid
X-Bip
CDN-PullZone
CDN-Cache
User-Cache-Control
Req-ID
CDN-CachedAt
CDN-EdgeStorageId
X-Request-Start
X-Varnish-Beresp-Status
X-Cache-FS-Status
X-Request-Host
X-Gen-Mode
Pramga
Ssr
X-VG-TLSProxy
X-Mvc-Supplant-OutputCached
X-Thanos
X-Men
XM
X-Pubstack
Country-Code
X-Hnp-Log
ServerName
X-Newrelic-Synthetics
X-VServer
X-Varnish-Hits
Sid
X-LB-NoCache
X-Litespeed-Tag
X-TA-CDN-Provider
X-Optimistic-Header
X-HOST
X-Cache-Date
X-Geolocation
X-CACHE-GROUP
TP-L2-Cache
X-Cs
Cdn-Requestid
X-Destination
X-B-Cookie
X-S-Cookie
X-External-Request-Id
X-Application
X-Refresh
X-IsAdmin
X-Api-Version
X-Oracle-Dms-Ecid
X-Dc
X-CLOUD-TRACE-CONTEXT
X-GEO
X-HITS
X-Via-SSL
Proxy-Firewall
CloudFront-Viewer-Country
X-Via-CDN
X-Servedbyhost
Edge-Copy-Time
X-Via-Edge
X-Zen-Fury
X-Nananana
Fastly-Drupal-HTML
X-CDN-Forward
X-LiteSpeed-Tag
True-Client-Country-4JS
GeoIP-Latitude
X-User
X-RequestId
X-APP
X-DC
X-ZONE
Server-Ext
X-VWS-Id
Server-Hostname
X-AIR-PT
Sever-Int
X-LiteSpeed-Cache-Control
X-Via-Popn
X-B3-Spanid
Server-ID
X-HA-Backend
X-Via-Poph
X-AWS-Id
X-LJ-Flow-ID
X-Via-Popv
X-Test
X-Tt-Logid
C-Via
X-FTR-Expires
X-FTR-Balancer
X-FTR-Cache-Status
X-FTR-Backend-Server
X-FTR-Backend
X-Endurance-Cache-Level
Ohc-Cache-HIT
X-Country-Code-Real
X-Air-Pt
X-Provided-By
Is-Eu
Adler-Geo
X-VC-TTL
X-Wa
X-LB-ID
X-Nc
Fastly-Drupal-Html
X-Zone
X-DynaTrace-JS-Agent
X-Webkit-Csp-Report-Only
X-Dispatcher-Number
X-Nginx-Cache-Key
X-B3-Parentspanid
HostName
Cdn
X-Srv
X-Presslabs-Stats
X-URL
X-Vgn-Hpd-Reason
WP-Super-Cache
WZWS-RAY
X-TH-Server
X-COUNTRY
S-Rt
X-CS
X-Custom-Header
T-Server
GeoIp-Country-Code
X-Moov-T
X-Moov-Xdn-Version
X-Geo-Header
X-Pass-Why
X-Moov-Xdn-Caching-Status
Cache-Tv-Group
X-CACHE-AGE
X-Datadome
X-ND-Cache
X-Old-Content-Length
X-Fpc
X-Resp-Is-Stale
SID
X-API-Version
X-Parent-Response-Time
X-HubSpot-Correlation-Id
Vc-Max-Age
X-DataCenter
X-NewRelic-App-Data
X-CMSURLCustom
X-Cache-Server
True-Client-IP
Pics-Label
Resin-Trace
X-Thinkindot-L1
X-Vercel-Cache
Uri
X-Cache-VC
Location
X-Action
SEZNAM-JOBS-OFFER
True-Client-Ip
X-Vercel-Id
Powered-By
X-Srcache-Fetch-Status
X-Srcache-Store-Status
Vix-Hermes-Req-Id
X-SERVER-NAME
Tcn
X-Ckpd-Fst-Backend
X-Litespeed-Cache-Control
X-TX-ID
N1-Cache
GeoIP-Country-Code
X-Fastly-Cache
X-FPC
Serverhost
X-Varnish-Beresp-TTL
X-Client-Ip
Thinkindot-Control
X-Cache-TTL-Remaining
X-Stale
X-Datacenter
On-Server
X-Dynatrace-Js-Agent
X-Service-Response-Time
Sm-Log-Id
ServerHost
X-Oracle-Dms-Rid
X-Ua
X-APP-VERSION
X-ApacheServer
X-PERF
Srv
X-PHP-Backend
X-Debug-Service
X-Amz-Meta-Opti
Hostname
X-Fastly-Cache-Status
X-WA-Info
Av-Poweredby
X-Proxy-Cache-La3
AKAMAI
X-Render-Time
TWC-GeoIP-Region
TWC-GeoIP-City
Cache-Hits
TWC-GeoIP-DMA
X-Nitro-Cache
Xkey-La3
X-Cdn-Cache-Status
Xkeylog
Server-Id
X-WA
X-Uri
X-NC
X-Air-Hostname
X-Air-Source
X-Air-Trace-Id
X-Ssense-Shipping-Surcharge-Enabled
X-Ssense-Gql
X-VCL-Version
X-Vc
X-Jungle-Id
X-Geo
Cache-Contol
Geoip-Latitude
X-Fastly-Backend-Reqs
Cl-Cache
Magicmarker
Log-Origin
X-Info
X-Ion-Hop
RewriteTeamHook
X-Lb-Id
X-Ee-Request-Date
X-Ee-Request-Id
X-Udemy-Cache-App-Namespace
X-Vary-Devices
X-Ee-Origin
X-Ee-Generated-By
Store-Cloud-Cache
X-Save-Cache
Time-Cloud-Cache
RewriteTestHook
X-Cms-Device
X-Ion-Healthy
X-Cache-Ttl
X-Via-PopV
Cmstype
Lb
X-Via-PopH
My-App
X-App
Cmsid
X-Ha-Backend
Cf-Ipcountry
X-Oracle-DMS-ECID
X-Github-Request-Id
X-Via-PopN
X-Esi
X-IAuth-Set-Uid
X-CDN-Cache-Status
X-From
X-ServedByHost
X-VTEX-Cache-Backend-Header-Time
X-VTEX-Cache-Backend-Connect-Time
X-Up
Cloudfront-Viewer-Country
X-Requestid
X-Akamai-Pragma-Client-IP
CDN
X-V
X-LAGOON
Warning
WWW-Authenticate
X-Traceid
X-Rollout
X-New
WebServer
X-Limited
CacheControlHeader
X-Eligible
X-Correlation-ID
CountryCode
Cneonction
X-Dw-Trace-Id
Machine
X-MSEdge-Features
X-MSEdge-Flight
X-Region-Sid
X-Forwarded-Site
X-Lb-Nocache
X-HS-Status
Reporter
X-Html-Minification-Powered-By
FSS-Cache
X-Check-Cacheable
X-Serial
X-Acquia-Purge-Tags
X-Acquia-Application-UUID
Pragrma
Server-Info
X-Acquia-Application-Trace
X-Akamai-Transformed
X-Acquia-Site
X-Pod
X-Sucuri-Id
X-Akamai-ERRuleID
X-Akamai-ERPolicy
X-Cdn-Request-ID
X-BBC-Origin-Response-Status
Edge-Cache
NtCoent-Length
X-Web-Server
X-Td-Header-From-No-Data
Thinkindot-Cache-Type
X-EC-Lua
X-Elasticpress-Query
X-Platform-Cluster
X-Platform-Processor
X-Platform-Router
X-Orig-Cache-Control
X-Ms-Blob-Type
X-Ms-Lease-Status
X-Ramcache
CF-Cached-On
Timeexpire
X-Tncms-Bot-Tier
X-Ftr-Request-Id