Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
X-Frame-Options
Expires
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
Accept-Ranges
Expect-CT
CF-RAY
Pragma
X-Powered-By
X-Cache
Via
Age
X-XSS-Protection
Content-Security-Policy
Report-To
Alt-Svc
NEL
Referrer-Policy
X-Xss-Protection
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
X-Served-By
X-Download-Options
P3P
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
CF-Ray
Content-Security-Policy-Report-Only
P3p
X-Runtime
X-DNS-Prefetch-Control
X-AspNet-Version
X-Drupal-Cache
Server-Timing
X-Generator
X-Cache-Status
X-Cacheable
X-Envoy-Upstream-Service-Time
Timing-Allow-Origin
X-Request-ID
X-FRAME-OPTIONS
X-Iinfo
X-Drupal-Dynamic-Cache
Permissions-Policy
X-Content-Security-Policy
Access-Control-Expose-Headers
Feature-Policy
X-Check
Upgrade
Content-Encoding
Status
Accept-CH
X-CDN
X-Ua-Compatible
X-AspNetMvc-Version
Access-Control-Max-Age
Host-Header
Cf-Edge-Cache
X-Robots-Tag
Request-Context
X-Amz-Request-Id
X-Amz-Id-2
X-Backend
X-Hacker
X-Turbo-Charged-By
Cf-Apo-Via
X-Cache-Group
X-Proxy-Cache
Keep-Alive
X-Via
X-Rq
X-Age
EagleId
X-Server
X-Dispatcher
X-UA-Device
X-Vhost
X-Amz-Version-Id
X-AH-Environment
X-Ws-Request-Id
Accept-CH-Lifetime
X-Dns-Prefetch-Control
X-Varnish-Cache
Grace
X-Server-Powered-By
X-Litespeed-Cache
X-WebKit-CSP
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Pingback
Allow
X-Swift-SaveTime
X-Swift-CacheTime
X-OneAgent-JS-Injection
X-Cache-Lookup
Ali-Swift-Global-Savetime
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Page-Speed
X-Cloud-Trace-Context
X-Device
X-Backend-Server
EagleEye-TraceId
X-Akam-SW-Version
X-Host
Surrogate-Control
X-Response-Time
Xkey
Cf-Railgun
X-Readtime
X-Server-Id
X-Node
X-HW
X-Ruxit-JS-Agent
X-LiteSpeed-Cache
Request-Id
X-Country
X-Url
X-Nginx-Cache-Status
X-Content-Type
X-NWS-LOG-UUID
Cache-Tag
X-Application-Context
Content-Location
X-Nginx-Upstream-Cache-Status
X-Clacks-Overhead
Service-Worker-Allowed
X-Trace
X-Amz-Server-Side-Encryption
Cross-Origin-Opener-Policy
Fastly-Restarts
X-Times
X-Country-Code
X-Rack-Cache
X-TtlSet
X-Vname
X-PC
X-Edge
X-Mcache
X-Midtier
Rating
Surrogate-Key
X-Server-Name
X-Browser-Type
Display
X-Sol
Pagespeed
X-Middleton-Display
X-Cache-TTL
X-Cnection
X-Abt-Application-Version
X-Element-Page-Cache
X-Cdn-Fetch
X-GoogleNews-Bot
X-Kinja-Server
X-Kinja
X-Kinja-Revision
X-Exp-Variant
X-Exp-Id
X-Kinja-Build
X-ESI
Nginx-Cache
X-Ser
X-Powered-By-Plesk
X-GitHub-Request-Id
X-Oneagent-Js-Injection
Edge-Control
X-ECACHE
X-D2id
Verso
X-Ac
X-Vcap-Request-Id
X-Dw-Request-Base-Id
X-MS-InvokeApp
X-ARC
X-Client-IP
X-ORACLE-DMS-RID
X-B3-TraceId
X-Amz-Rid
X-Middleton-Response
Response
X-CST
X-Daa-Tunnel
X-Goog-Hash
X-Navigation-Version
X-Powered-CMS
X-Upstream
X-Instrumentation
X-Kraken-Loop-Name
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Server-Lifecycle-Phase
X-PDP-UNCACHING-HASH
X-Kinsta-Cache
X-Edge-Location-Klb
X-Amzn-Trace-Id
X-Forwarded-For
X-Wormhole-Sdk
X-Cache-Key
Accept-Ch-Lifetime
AR-PoweredBy
AR-ATIME
AR-Request-ID
X-Ua-Device
RTSS
X-Ratelimit-Limit
AR-SID
SPIisLatency
SPRequestDuration
X-Mod-Pagespeed
X-NF-Request-ID
Edge-Cache-Tag
X-FastCGI-Cache
Cache-Status
X-ORACLE-DMS-ECID
X-Server-ID
X-Version
Public-Key-Pins
X-Ttl
X-Mg-S
X-Ratelimit-Remaining
AR-CACHE
X-Ruxit-Js-Agent
X-Ezoic-Cdn
Cross-Origin-Resource-Policy
X-Content-Digest
X-SharePointHealthScore
SPRequestGuid
S
Realpath
X-MSEdge-Ref
X-Shield-Request-Id
X-T
Fastcgi-Cache
X-Varnish-TTL
X-Cached
X-Fastly-Request-ID
X-Recruiting
X-Accel-Expires
X-Distributor
Access-Control-Request-Method
Front-End-Https
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Newrelic-App-Data
TP-Cache
Count-Hit
X-Correlation-Id
X-Debug
X-Request-Received
Arr-Disable-Session-Affinity
X-Request-Processing-Time
X-Id
X-TTL
X-HS-Cache-Config
X-HS-Hub-Id
X-HS-Content-Id
MicrosoftSharePointTeamServices
Server-Node
X-Azure-Ref
X-Ua-Browser
X-Content-Security-Policy-Report-Only
X-LLID
X-VARITI-CCR
X-HS-Combine-CSS
X-PressLabs-Stats
X-Frontend
Cache-Tags
X-Cluster-Name
X-Ismobilevalue
X-Hits
X-GUploader-UploadID
Payment
X-Amz-Replication-Status
Origin-Trial
X-LB-Cache
X-Varnish-Backend
X-Goog-Metageneration
Accept-Ch
X-Protected-By
X-Forwarded-Proto
X-Microsite
X-Request-Handler-Origin-Region
Host
X-Git-Hash
Cleartype
X-FB-Debug
X-Unique-Id
X-Logged-In
X-Activity-Id
X-AppVersion
Filterid
Content-Disposition
Pinterest-Version
Pinterest-Generated-By
X-Pinterest-Rid
X-Az
X-Varnish-Server
X-Www-Served-By
X-Ratelimit-Reset
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-App-Server
X-Nf-Request-Id
X-Hostname
X-NGENIX-Cache
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Jurisdiction
X-HP-Webp
X-HP-Trace-Id
X-Page-Id
X-DIS-Request-ID
X-Geo-Country
X-Fastcgi-Cache
X-B3-TraceId-Primal
MRF-Tech
X-Cambria-Cache-Control
Mrf-Cache-Status
X-Xrds-Location
Akamai-GRN
Access-Control-Allow-Method
X-Load-Cache
X-Origin-Server
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
Retry-After
X-Template
X-Goog-Generation
X-Goog-Storage-Class
X-Upgrade-Enabled
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-RateLimit-Remaining
X-Aspnet-Version
MS-Author-Via
Section-Io-Cache
Fastly-SWR
Accept-Charset
Viewport
X-ASPNET-VERSION
X-Type
Fastly-SIE
X-TT
X-Fb-Rlafr
Frame-Options
X-Content-Options
X-Cache-Control
Version
X-B3-Sampled
X-B
X-Varnish-Ttl
X-Grace
Content-MD5
X-Ah-Environment
X-Request-Guid
X-Revision
X-Trace-Id
X-Vcl-Version
X-Envoy-Decorator-Operation
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Rid
X-Device-Type
Healthy
X-Source
Amp-Access-Control-Allow-Source-Origin
X-Cdn
X-Amz-Meta-S3cmd-Attrs
X-Origin-Cache
X-Magnolia-Registration
X-Cache-Age
Server-Name
X-Contextid
X-CSRF-Token
X-WP-CF-Super-Cache-Active
X-Px
X-Language
X-Mobile
X-Webkit-CSP
X-Aspnetmvc-Version
X-Backend-Name
X-Buckets
X-Proxy
X-ProcessESI
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
X-Tumblr-User
X-Tumblr-Pixel
X-RM-Cache-TTL
X-App-Environment
DC
X-Akamai-Edgescape
X-RemovedCookies
X-Mg-Request-UUID
Access-Control-Request-Headers
X-L-Path
X-Status
X-Storage
X-Framework
TCN
X-Debug-Info
X-Environment-Context
X-Rule
X-Varnish-Grace
X-NYM-Debug-Backend
X-Node-Name
X-HTML-Minification-Powered-By
NGB
SD-X-WS
X-FW-Server
X-Proxy-Cache-Info
X-FW-Static
Cross-Origin-Window-Policy
X-FW-Version
X-G
X-Adobe-Content
X-ServerID
X-Cacheable-TTL
X-Content-Powered-By
X-Debug-IsConnected
X-Debug-IsPreview
X-Instance
X-FW-Type
X-Region
X-FW-Serve
X-FW-Hash
X-FW-Dynamic
X-UUID
X-Adobe-Loc
X-FTR-Request-ID
MS-CV
X-Datadog-Sampling-Priority
X-RTag
X-Rendered-As
X-Is-Bot
X-Datadog-Trace-Id
GEO-INFO
Ms-Operation-Id
X-Seen-By
X-Datadog-Sampled
X-Datadog-Parent-Id
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Cache-Time
X-EdgeConnect-Cache-Status
Trailer
Upgrade-Insecure-Requests
Paypal-Debug-Id
X-Tec-Api-Root
X-Tec-Api-Origin
X-User-Agent
X-Tec-Api-Version
Webserver
Countrycode
Charset
Protected
X-HS-Prerendered
X-Edge-Location
Front
X-Whom
OT-Force-Account-Verify
X-WebKit-CSP-Report-Only
X-TT-LOGID
X-Lambda-Id
Refresh
Section-Io-Id
X-VC
X-TraceId
X-IPS-LoggedIn
X-Akamai-Request-ID2
X-Reqid
X-AB
X-N
X-Cache-Status-Check
Priority
X-Time
Alternate-Protocol
Country
X-VHOST
X-ECache
X-Amzn-Remapped-Content-Length
X-Original-Request-Id
X-Response-Served-From
Backend
Cross-Origin-Embedder-Policy-Report-Only
SRV
X-B3-SpanId
Xet-Cookie
X-WP-CF-Super-Cache-Cookies-Bypass
X-B3-Traceid
X-Server-W
X-Fastly-Request-Id
Liferay-Portal
X-Hl-Ver
X-Hcs-Proxy-Type
X-CCDN-CacheTTL
X-CCDN-Origin-Time
X-Mode
X-Real-IP
Onion-Location
Fastcgi-Useragent
X-JoinUs
Filters
X-Auth-Group-Type
From-Origin
X-FB-TRIP-ID
X-Rewrite-Enabled
X-Skip-Cache
X-Accel-Version
X-Frame-Option
X-Rn-Rsrv
X-Fetched-On
X-Tb
X-Cache-Host
X-VC-Cache
Accept-Language
X-Origin-Date
X-UPSTREAM-Address
X-Web-Node
Environment
X-Scope-Id
Meta-Geo
ServerID
X-SaId
X-Tumblr-Pixel-2
X-Origin-CC
X-BYPASS-REASON
Expiry
Uber-Trace-Id
X-Cluster-Node
X-Connection-Hash
X-Director
X-Origin-TTL
X-Cache-Action
Atl-Traceid
X-R9-Blue-Green-Version
Webcakes-App-Name
X-Varnish-Age
Webcakes-App-Version
X-SayCDN-TTL
X-Say-TTL
Webcakes-Region
X-Varnish-Cache-Hits
X-Webstats-RespID
TWC-GeoIP-Country
TWC-GeoIP-LatLong
TWC-Device-Class
TWC-Connection-Speed
TWC-Privacy
Property-Id
TWC-Locale-Group
X-Say-Cacheable
X-Format
X-Restarts
X-Logging-Id
X-Origin-Hint
X-IPLB-Request-ID
X-IPLB-Instance
X-Cache-Expired-At
X-Request-URI
X-Redis-Cache
X-Hosted-By
X-ProxyCache-Status
X-ProxyCache-Key
DB-Nickname
Web-Mar-Node
Apigw-Requestid
X-Forwarded-Host
X-Tncms
X-Loop
X-Labrador-Cache-Channel
X-Cms-Context
X-Httpd
X-PHP-Host
X-Adobe-Source
X-Varnish-Beresp-Grace
X-Handled-By
X-Soup
X-Served-From
Mn-Server-Ip
X-Vcache
Selected-Fe
X-Timing-Wait
VIX-Pulpo-Upstream-Status
X-Proxy-Build
ServedBy
VIX-Pulpo-Node
X-Cluster
X-Wix-Request-Id
X-Routing-Service
X-Generated-By
X-Cloudmap
X-Detected-As
X-Extlb
X-Origin
X-Proxied
X-S
Url
X-Servername
X-Zipkin-Id
X-LSADC-Cache
X-SRV
Cross-Origin-Embedder-Policy
X-Rocket-Nginx-Serving-Static
Referer-Policy
X-Via-JSL
X-DynaTrace
X-Lagoon
N-Cache
Xserver
X-Hit
X-Ms-Version
X-Ms-Request-Id
X-Nginx-Cache
X-Tumblr-Pixel-3
X-XRDS-Location
X-Xfnlog-Site
WPO-Cache-Message
X-Webkit-Csp
WPO-Cache-Status
X-DataDome
X-Azure-Ref-OriginShield
X-NWS-UUID-VERIFY
Source
Surrogated-Key
LB
X-Cache-Debug
X-RateLimit-Limit-Second
X-VCT
X-RateLimit-Remaining-Second
X-Worker
X-RCS-CacheZone
X-Proxy-Cache-Status
X-App-Version
CF-IPCountry
AMP-Access-Control-Allow-Source-Origin
X-Upstream-Ht
X-Upstream-Ct
X-Sucuri-Cache
X-Generation-Time
X-Tcp-Rtt
X-Is-Tablet
X-Is-Mobile
X-Is-Desktop
X-Is-Supported-Browser
X-Browser-Name
X-Geo-Region
X-F-Cache
Node
Locale
X-Cdn-Origin
X-No-Session
X-Urbn-Context-Path
X-Urbn-Site-Id
X-NGINX-Cache
Cross-Origin-Opener-Policy-Report-Only
X-Drupal-Cache-Contexts
X-B-Cache
X-Signature
X-Sucuri-ID
X-UA
X-RID
Ohc-File-Size
X-Drupal-Cache-Tags
X-CLOUD-TRACE-CONTEXT
X-XRDS-LOCATION
CDN-RequestId
X-MP-GENERATED-AT
X-RateLimit-Limit
X-ShopId
X-Shopify-Stage
X-Sorting-Hat-ShopId
X-Storefront-Renderer-Rendered
X-ShardId
X-Alternate-Cache-Key
X-Sorting-Hat-PodId
X-NODE
X-Varnish-Beresp-Ttl
X-Service
X-Locale
X-ElasticPress-Query
X-Cache-Rule
X-Cache-Operation
Meta-Geo-Continent
Odigeo-Trace-Id
Ngx.Var.Host
X-Varnish-CookieINHashed-On
X-A-Wwc
X-Tx-Id
X-Varnish-Remaining-TTL
Origin-Agent-Cluster
X-Varnish-CookieHashed-On
X-A-Dgt
X-A-Dam
X-A-Ccd
X-A
Mail-Subject
MD5-Digest
X-Varnish-Authentication
X-A-Dcw
X-TIM-N
X-Org
Sslversion
X-PAYTM-SRV-ID
X-Platform-Server
Cdncip
X-Path
TDXMobile
Candidate-Md5Url
X-Origin-Time
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
Fastly-GeoIP-CountryCode
Cdnsip
X-Proto
DCR-Decision-By
X-Rojux
DCR-Processing-Time-Ms
Content-Secure-Policy
Expect-Staple
X-Scheme
Fastly-Backend-Name
Cluster
Gannett-Cam-Experience-Id
X-Request-Time
X-Origin-Expires
X-Shield-Cache-Expires
Producers
Host-ID
Rendered-Blocks
X-Nyt-Route
We-Hiring
X-Proxy-CacheRZ
Lang
X-Proxied-Request
A
Azure-InstanceId
BehaviorPad-Version
X-Vdms-Version
X-ScT
X-Origin-Response-Time
Redirect-Candidate
Azure-Version
Azure-RegionName
Azure-SiteName
Azure-SlotName
X-Thinkindot-L3
X-Vmg-Version
X-DefHash
X-DefElseHash
X-Depends
X-Developer
X-Ec-Fail
X-DPWN-IS-SECURE
X-Debug-Cache-Fetch
X-D
X-Loc
X-Site-Version
X-Conf
X-Contensis-Viewer-Groups
X-Jobs
Xc-Version
X-Ec-GeoHdr
X-GeoCode
X-Gdpr
X-GeoCountry
X-GeoIP
X-GeoIP-City
X-FC-Vary-Parameters
X-Ig-Origin-Region
X-INCAP-ABP
X-Internal-TTL
X-Epic-Correlation-Id
XkeyRZ
X-Ig-Push-State
X-We-Are-Hiring
X-Debug-Cache-Store
X-Backend-Instance
X-Cache-NE
X-Aicache-OS
Origin
X-Cache-Aspx
X-Mvc-Supplant-Cachable
X-Bc-Bl
X-Cache-Info
X-Aed
X-Amz-Storage-Class
X-HS-CF-Cache-Status
X-App-Name
X-AK-Request-ID
X-Vtex-Remote-Cache
X-BCube-Filmed-By
X-Mly-Id
X-Bug-Bounty
Mime-Version
X-Cache-Hit
X-Cdn-Forward
X-Esi-Check
RNT-Machine
RNT-Time
Release
X-Accel-Expires-Debug
X-Amz-Meta-Cb-Modifiedtime
X-Fastly-Backend
Req-Svc-Chain
X-HS-Content-Campaign-Id
Origin-EX
X-Acquia-Purge-Cdn-Unconfigured
X-GeoIP-Country-Code
Origin-CC
X-GoCache-CacheStatus
X-GeoIP-Region-Code
X-NMSegId
Platform
X-Auto-Login
X-Human
X-Gamma-Serve
X-Generated-On
X-Hash
Product
X-Fmm-Version
X-Policy
X-Level-Front-Cache
X-Clientip
X-Cache-Id
X-Cache-Grace
Tube-Got-Results
Tube-Return
V-Age
X-Cdn-Srv
X-Micro-Cache
X-Node-Id
Web-Mar-Region
X-Cached-By
X-Location
X-CacheTTL
X-Content-Age
X-Core-Value
X-Platform
X-BBC-Edge-Cache-Status
X-B3-Trace-ID
X-Edge-Server
Server-Host
X-Pool
X-Ec-Custom-Error
X-Dispatcher-Server
X-Date
X-Cache-Bucket
Tube-Got-Eval
Tube-Get-Contents
X-Irp-Debug
X-Bl-Debug
X-Powered-By-VTEX-Cache
X-Slack-Shared-Secret-Outcome
X-Akamai-Device-Characteristics
X-CGP
X-HN
X-Viewer-Country
X-Access
X-AB-Test
Wxu-Next-Hostname
X-VTEX-Cache-Server
Wxu-Next-Region
X-Eu-Site
X-Csrf-Jwt
X-V-Cache
X-UA-Device-Type
X-Tb-Optimization-Total-Bytes-Saved
X-SVT-ORM-VERSION
X-Var-Ttl
X-Varnish-Director
X-Via-Fastly
X-VG-WebCache
X-Varnishpool
X-VTEX-Cache-Time
X-Op-Id-All
Ha-Gx-Prefs
Yak-Timeinfo
HA-Ipaddr
L
Apple-News-Services-Handled
Apple-News-Services-Host
Apple-News-Services-Request-Url
Cache-Provider
Apple-News-Services-Parsed-Url
L5d-Success-Class
PFcat
X-Wikidot-Backend
X-VarnishDD-TTL
X-Section
X-Gzip
X-Pad
X-Wikidot-Static-Cache
User-Agent
W
Wxu-Next-Commit
X-SVT-ORM-RULES
X-Newrelic-Synthetics
Content-Script-Type
Content-Style-Type
X-Sn-Servicetimems
Click-Count-Error
Cdn-Request-Time
Click-Count-Action-Start
Debug
DSUID
NGX
NM-Fastcgi-Cache
X-Req
IsBot
Esi-Enabled
Gh-Request-Id
Cdn-Host
X-SB
Cache
X-SIPLIST1
X-SD-PageType
Cache-Key
Canary
X-Slack-Backend
X-Litespeed-Tag
Akamai-Mon-Iucid-Del
CDN-CachedAt
User-Cache-Control
Pramga
Fastly-SSL
Fl-Custom-Application
X-ORCA-Accelerator
CDCHOST
X-CUA
X-Request-Host
X-Server-IP
X-Varnish-Beresp-Status
Req-ID
CDN-Cache
XM
X-Hnp-Log
X-Gen-Mode
X-Request-Start
Country-Code
X-Men
X-VG-TLSProxy
CDN-RequestCountryCode
X-Cache-FS-Status
ServerName
X-NodeID
CDN-PullZone
X-Thanos
X-Bip
X-Block-Status
Ssr
CDN-RequestPullCode
Sid
CDN-Uid
CDN-RequestPullSuccess
CDN-EdgeStorageId
X-Content-Length
X-Pubstack
X-Mvc-Supplant-OutputCached
X-Optimistic-Header
X-Api-Version
X-Varnish-Hits
TP-L2-Cache
X-Dc
X-LB-NoCache
X-Cs
X-TA-CDN-Provider
X-HOST
X-VServer
X-CACHE-GROUP
X-Refresh
X-Geolocation
X-Cache-Date
X-GEO
Cdn-Requestid
X-Destination
X-Application
X-B-Cookie
X-IsAdmin
X-APP
X-Nananana
X-External-Request-Id
Proxy-Firewall
X-S-Cookie
X-HITS
X-Zen-Fury
X-Via-Edge
X-Via-SSL
True-Client-Country-4JS
Fastly-Drupal-Html
Edge-Copy-Time
X-Via-CDN
X-AWS-Id
X-CDN-Forward
X-LJ-Flow-ID
X-VWS-Id
X-Via-Poph
CloudFront-Viewer-Country
X-HA-Backend
Server-Hostname
X-Servedbyhost
Server-Ext
Sever-Int
X-Via-Popv
X-User
X-Test
C-Via
X-LiteSpeed-Tag
X-Via-Popn
X-Endurance-Cache-Level
X-Provided-By
X-ZONE
X-Zone
GeoIP-Latitude
Adler-Geo
Is-Eu
Server-ID
X-LiteSpeed-Cache-Control
X-AIR-PT
X-B3-Spanid
X-LB-ID
Fastly-Drupal-HTML
X-RequestId
X-Air-Pt
X-DynaTrace-JS-Agent
Ohc-Cache-HIT
X-DC
X-FTR-Cache-Status
X-FTR-Backend-Server
X-FTR-Backend
X-Country-Code-Real
X-FTR-Expires
X-FTR-Balancer
X-Datadome
X-VC-TTL
HostName
X-Dispatcher-Number
X-Nginx-Cache-Key
X-B3-Parentspanid
X-Wa
GeoIp-Country-Code
X-Nc
WZWS-RAY
X-Webkit-Csp-Report-Only
S-Rt
X-Presslabs-Stats
Cdn
X-Tt-Logid
X-Custom-Header
X-URL
X-Geo-Header
WP-Super-Cache
Cache-Tv-Group
T-Server
X-Vgn-Hpd-Reason
X-COUNTRY
X-TH-Server
X-Oracle-Dms-Ecid
X-CS
X-ND-Cache
X-Resp-Is-Stale
X-Moov-Xdn-Caching-Status
True-Client-IP
X-Moov-Xdn-Version
X-Pass-Why
X-Moov-T
X-Parent-Response-Time
X-CACHE-AGE
X-Srv
Vc-Max-Age
X-Old-Content-Length
X-CMSURLCustom
X-Cache-Server
X-HubSpot-Correlation-Id
SID
X-DataCenter
X-Fpc
Resin-Trace
X-NewRelic-App-Data
X-API-Version
X-TX-ID
Pics-Label
Tcn
Uri
X-Litespeed-Cache-Control
X-Vercel-Id
SEZNAM-JOBS-OFFER
X-Vercel-Cache
Location
Powered-By
Vix-Hermes-Req-Id
X-FPC
X-Thinkindot-L1
X-Cache-VC
X-Action
X-Srcache-Store-Status
X-Srcache-Fetch-Status
X-Varnish-Beresp-TTL
X-Fastly-Cache
True-Client-Ip
X-Ckpd-Fst-Backend
X-SERVER-NAME
Thinkindot-Control
X-Stale
N1-Cache
Serverhost
On-Server
X-APP-VERSION
X-Client-Ip
X-Datacenter
Srv
ServerHost
GeoIP-Country-Code
X-Service-Response-Time
Sm-Log-Id
X-Dynatrace-Js-Agent
X-ApacheServer
X-Amz-Meta-Opti
X-Cache-TTL-Remaining
X-PHP-Backend
X-PERF
X-WA
X-NC
X-Ua
X-Fastly-Cache-Status
X-Oracle-Dms-Rid
AKAMAI
X-Cdn-Cache-Status
X-Nitro-Cache
Xkey-La3
TWC-GeoIP-Region
Av-Poweredby
Cache-Hits
TWC-GeoIP-DMA
TWC-GeoIP-City
Xkeylog
X-Proxy-Cache-La3
X-Debug-Service
X-Air-Source
X-Air-Hostname
Hostname
X-WA-Info
X-Air-Trace-Id
Server-Id
X-Render-Time
Magicmarker
Lb
X-Info
Cl-Cache
Geoip-Latitude
X-Uri
X-Vc
X-Ssense-Gql
Cf-Ipcountry
X-Ssense-Shipping-Surcharge-Enabled
X-Ion-Hop
X-Lb-Id
X-Jungle-Id
X-Udemy-Cache-App-Namespace
X-Ion-Healthy
Log-Origin
Cache-Contol
RewriteTestHook
RewriteTeamHook
X-Ee-Request-Id
Time-Cloud-Cache
Store-Cloud-Cache
X-Fastly-Backend-Reqs
X-Cms-Device
X-Save-Cache
X-Ee-Origin
X-Ee-Request-Date
X-Ee-Generated-By
X-Geo
X-Vary-Devices
X-ServedByHost
Cloudfront-Viewer-Country
X-Cache-Ttl
Cmsid
Cmstype
My-App
X-Via-PopV
X-Via-PopN
X-Github-Request-Id
X-VTEX-Cache-Backend-Connect-Time
X-VTEX-Cache-Backend-Header-Time
X-V
X-Requestid
X-Via-PopH
X-Ha-Backend
X-CDN-Cache-Status
X-Oracle-DMS-ECID
X-IAuth-Set-Uid
X-Esi
CDN
X-Limited
X-Eligible
X-From
X-Akamai-Pragma-Client-IP
X-New
X-VCL-Version
X-Up
X-Rollout
X-App
Machine
Warning
WebServer
X-Region-Sid
X-Forwarded-Site
X-Traceid
WWW-Authenticate
CacheControlHeader
X-Correlation-ID
CountryCode
X-MSEdge-Features
X-LAGOON
Cneonction
Pragrma
X-MSEdge-Flight
X-Lb-Nocache
X-Dw-Trace-Id
Server-Info
X-Acquia-Application-UUID
X-Acquia-Site
Reporter
X-Check-Cacheable
X-Acquia-Purge-Tags
X-HS-Status
FSS-Cache
Edge-Cache
X-Serial
X-Ftr-Request-Id
X-Pod
X-Akamai-Transformed
X-Cdn-Request-ID
X-EC-Lua
X-Acquia-Application-Trace
X-Git-Commit
X-Sucuri-Id
X-Container-Uri
X-Fastly-Cache-Hits
X-Web-Server
X-Elasticpress-Query
X-Td-Header-From-No-Data
Thinkindot-Cache-Type
X-BBC-Origin-Response-Status
X-Platform-Processor
X-Platform-Router
CF-Cached-On
X-Tncms-Bot-Tier
X-Ms-Lease-Status
X-Ramcache
X-Ms-Blob-Type
Timeexpire
X-Akamai-ERPolicy
Permission-Policy
X-Varnish-Hostname
X-Orig-Cache-Control
X-Platform-Cluster
X-Akamai-ERRuleID
X-SRCache-Key