Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
X-Frame-Options
Expires
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
Accept-Ranges
Expect-CT
CF-RAY
Pragma
X-Powered-By
X-Cache
Via
Age
X-XSS-Protection
Content-Security-Policy
Report-To
Alt-Svc
NEL
Referrer-Policy
X-Xss-Protection
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
X-Served-By
P3P
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Request-Id
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
CF-Ray
Content-Security-Policy-Report-Only
X-Runtime
X-DNS-Prefetch-Control
P3p
X-AspNet-Version
X-Drupal-Cache
Server-Timing
X-Generator
X-Cache-Status
X-Cacheable
X-Request-ID
X-Envoy-Upstream-Service-Time
Timing-Allow-Origin
X-FRAME-OPTIONS
X-Iinfo
X-Drupal-Dynamic-Cache
Permissions-Policy
X-Content-Security-Policy
Access-Control-Expose-Headers
X-Check
Feature-Policy
Upgrade
Content-Encoding
Status
Accept-CH
X-CDN
X-Ua-Compatible
X-AspNetMvc-Version
Access-Control-Max-Age
Host-Header
Cf-Edge-Cache
X-Robots-Tag
Request-Context
X-Amz-Request-Id
X-Amz-Id-2
X-Backend
X-Hacker
X-Turbo-Charged-By
Cf-Apo-Via
X-Cache-Group
X-Proxy-Cache
Keep-Alive
X-Via
X-Rq
X-Age
X-Server
EagleId
X-Dispatcher
X-UA-Device
X-Vhost
X-Amz-Version-Id
X-AH-Environment
X-Ws-Request-Id
Accept-CH-Lifetime
X-Dns-Prefetch-Control
X-Varnish-Cache
Grace
X-Server-Powered-By
X-WebKit-CSP
X-Litespeed-Cache
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Pingback
Allow
X-Swift-SaveTime
X-Swift-CacheTime
X-OneAgent-JS-Injection
X-Cache-Lookup
Ali-Swift-Global-Savetime
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Page-Speed
X-Cloud-Trace-Context
X-Device
X-Backend-Server
EagleEye-TraceId
X-Akam-SW-Version
X-Host
X-Response-Time
Surrogate-Control
Xkey
Cf-Railgun
X-Readtime
X-LiteSpeed-Cache
X-Server-Id
X-Node
X-HW
X-Ruxit-JS-Agent
Request-Id
X-Country
X-Url
X-Nginx-Cache-Status
X-Content-Type
Cache-Tag
X-NWS-LOG-UUID
X-Application-Context
Content-Location
X-Nginx-Upstream-Cache-Status
X-Clacks-Overhead
Service-Worker-Allowed
X-Trace
Cross-Origin-Opener-Policy
X-Amz-Server-Side-Encryption
Fastly-Restarts
X-Times
X-Country-Code
X-Rack-Cache
X-Vname
X-PC
X-TtlSet
X-Edge
X-Mcache
X-Midtier
Rating
Surrogate-Key
X-Server-Name
X-Browser-Type
Pagespeed
X-Sol
Display
X-Middleton-Display
X-Cache-TTL
X-Cnection
X-Abt-Application-Version
X-Element-Page-Cache
X-GoogleNews-Bot
X-Exp-Id
X-Exp-Variant
X-Kinja
X-Cdn-Fetch
X-Kinja-Build
X-Kinja-Server
X-Kinja-Revision
X-ESI
Nginx-Cache
X-Ser
X-Powered-By-Plesk
X-GitHub-Request-Id
X-Oneagent-Js-Injection
Edge-Control
X-ECACHE
X-D2id
Verso
X-Ac
X-Vcap-Request-Id
X-MS-InvokeApp
X-Dw-Request-Base-Id
X-ARC
X-Client-IP
X-ORACLE-DMS-RID
X-B3-TraceId
X-CST
X-Amz-Rid
X-Middleton-Response
Response
X-Navigation-Version
X-Daa-Tunnel
X-Goog-Hash
X-Powered-CMS
X-Upstream
X-PDP-UNCACHING-HASH
X-Erf-Bev-Bev-Is-Generated
X-Instrumentation
X-Server-Lifecycle-Phase
X-Erf-Bev-Bev
X-Kraken-Loop-Name
X-Kinsta-Cache
X-Edge-Location-Klb
X-Amzn-Trace-Id
X-Forwarded-For
X-Cache-Key
X-Wormhole-Sdk
Accept-Ch-Lifetime
X-Ua-Device
X-Ratelimit-Limit
RTSS
AR-ATIME
AR-SID
AR-Request-ID
AR-PoweredBy
SPIisLatency
SPRequestDuration
X-Mod-Pagespeed
X-NF-Request-ID
Edge-Cache-Tag
Cache-Status
X-Server-ID
X-Version
Public-Key-Pins
X-Ttl
X-Mg-S
X-ORACLE-DMS-ECID
X-FastCGI-Cache
X-Ratelimit-Remaining
AR-CACHE
X-Ruxit-Js-Agent
X-Ezoic-Cdn
Cross-Origin-Resource-Policy
X-Content-Digest
SPRequestGuid
X-SharePointHealthScore
Realpath
S
X-MSEdge-Ref
X-Shield-Request-Id
X-T
Fastcgi-Cache
X-Varnish-TTL
X-Cached
X-Fastly-Request-ID
X-Recruiting
X-Accel-Expires
X-Distributor
Front-End-Https
Access-Control-Request-Method
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Newrelic-App-Data
TP-Cache
X-Debug
Count-Hit
X-Correlation-Id
X-Request-Processing-Time
X-Request-Received
Arr-Disable-Session-Affinity
X-HS-Hub-Id
X-Id
X-HS-Cache-Config
X-TTL
X-HS-Content-Id
MicrosoftSharePointTeamServices
Server-Node
X-Azure-Ref
X-Ua-Browser
X-Content-Security-Policy-Report-Only
X-LLID
X-VARITI-CCR
X-HS-Combine-CSS
X-PressLabs-Stats
X-Frontend
X-Cluster-Name
X-Ismobilevalue
Cache-Tags
X-Hits
X-GUploader-UploadID
Payment
X-Amz-Replication-Status
Origin-Trial
X-LB-Cache
X-Varnish-Backend
X-Goog-Metageneration
Accept-Ch
X-Protected-By
X-Forwarded-Proto
X-Request-Handler-Origin-Region
X-Microsite
Host
X-Git-Hash
X-FB-Debug
Cleartype
X-Unique-Id
X-Logged-In
Content-Disposition
X-Activity-Id
X-AppVersion
Filterid
X-Az
Pinterest-Version
X-Varnish-Server
Pinterest-Generated-By
X-Pinterest-Rid
X-Www-Served-By
X-Fastcgi-Cache
X-Ratelimit-Reset
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-Hostname
X-Nf-Request-Id
X-App-Server
X-NGENIX-Cache
X-Amzn-RequestId
X-Amz-Apigw-Id
X-HP-Webp
X-Jurisdiction
X-DIS-Request-ID
X-HP-Trace-Id
X-Page-Id
X-Geo-Country
X-Cambria-Cache-Control
Mrf-Cache-Status
MRF-Tech
X-B3-TraceId-Primal
Access-Control-Allow-Method
Akamai-GRN
X-Xrds-Location
X-Load-Cache
X-Origin-Server
Retry-After
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
X-Upgrade-Enabled
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Goog-Generation
X-RateLimit-Remaining
X-Template
X-Aspnet-Version
MS-Author-Via
X-Type
X-ASPNET-VERSION
Fastly-SIE
Viewport
Fastly-SWR
Section-Io-Cache
X-Fb-Rlafr
X-TT
Frame-Options
Accept-Charset
X-Cache-Control
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-Content-Options
Version
X-B3-Sampled
X-Varnish-Ttl
X-B
X-Grace
X-Ah-Environment
Content-MD5
X-Request-Guid
X-Revision
X-Trace-Id
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Vcl-Version
X-Envoy-Decorator-Operation
X-Rid
Healthy
X-Device-Type
X-Magnolia-Registration
X-Source
Amp-Access-Control-Allow-Source-Origin
X-Origin-Cache
X-Amz-Meta-S3cmd-Attrs
X-Cdn
X-Cache-Age
X-Contextid
X-CSRF-Token
Server-Name
X-WP-CF-Super-Cache-Active
X-Px
X-Mobile
X-Webkit-CSP
X-Language
X-Backend-Name
X-Aspnetmvc-Version
X-Buckets
X-Tec-Api-Origin
X-Tec-Api-Version
X-Tec-Api-Root
X-Proxy
DC
X-ProcessESI
X-App-Environment
X-Akamai-Edgescape
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
X-Tumblr-User
X-RemovedCookies
X-RM-Cache-TTL
X-Tumblr-Pixel
X-Storage
X-Environment-Context
TCN
X-Rule
X-Framework
X-Debug-Info
X-L-Path
X-Varnish-Grace
X-Status
X-Mg-Request-UUID
Access-Control-Request-Headers
X-FW-Dynamic
X-ServerID
X-Cacheable-TTL
X-Content-Powered-By
X-Proxy-Cache-Info
X-Region
X-NYM-Debug-Backend
SD-X-WS
NGB
X-UUID
X-Instance
X-Node-Name
X-G
X-FW-Version
X-FW-Type
X-FW-Static
X-FW-Server
X-HTML-Minification-Powered-By
X-FW-Hash
X-Debug-IsConnected
X-Debug-IsPreview
X-Adobe-Loc
X-FW-Serve
X-Adobe-Content
X-FTR-Request-ID
X-RTag
Cross-Origin-Window-Policy
Ms-Operation-Id
X-Rendered-As
X-Datadog-Sampling-Priority
X-Is-Bot
X-Datadog-Trace-Id
GEO-INFO
MS-CV
X-Seen-By
X-Datadog-Sampled
X-Datadog-Parent-Id
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Cache-Time
X-EdgeConnect-Cache-Status
Paypal-Debug-Id
Upgrade-Insecure-Requests
Trailer
X-User-Agent
Countrycode
Webserver
Charset
Protected
X-Edge-Location
X-HS-Prerendered
Front
X-Whom
OT-Force-Account-Verify
X-WebKit-CSP-Report-Only
X-TT-LOGID
X-Lambda-Id
Refresh
Section-Io-Id
X-VC
X-TraceId
X-IPS-LoggedIn
X-Cache-Status-Check
Priority
X-Reqid
X-N
X-AB
X-Akamai-Request-ID2
X-ECache
Country
Alternate-Protocol
X-VHOST
X-Time
X-Amzn-Remapped-Content-Length
X-Original-Request-Id
X-Response-Served-From
Backend
Cross-Origin-Embedder-Policy-Report-Only
SRV
X-B3-SpanId
Xet-Cookie
X-Server-W
X-Fastly-Request-Id
X-B3-Traceid
X-WP-CF-Super-Cache-Cookies-Bypass
X-Hl-Ver
Liferay-Portal
X-Hcs-Proxy-Type
X-CCDN-Origin-Time
X-CCDN-CacheTTL
X-Mode
X-Real-IP
Onion-Location
Fastcgi-Useragent
X-JoinUs
Filters
X-Origin-Date
X-FB-TRIP-ID
X-Tb
X-UPSTREAM-Address
X-Frame-Option
X-Fetched-On
From-Origin
X-Tumblr-Pixel-2
X-Skip-Cache
X-Scope-Id
X-Auth-Group-Type
Accept-Language
X-Accel-Version
X-Rewrite-Enabled
X-Rn-Rsrv
X-Web-Node
X-SaId
Meta-Geo
X-VC-Cache
Environment
ServerID
X-Connection-Hash
Uber-Trace-Id
X-Cache-Host
X-BYPASS-REASON
X-Cache-Action
X-Director
Expiry
Atl-Traceid
X-Origin-TTL
X-Origin-CC
X-R9-Blue-Green-Version
TWC-Privacy
TWC-Locale-Group
X-SayCDN-TTL
X-Say-TTL
Webcakes-App-Name
X-Say-Cacheable
TWC-GeoIP-LatLong
X-Varnish-Age
TWC-Device-Class
Property-Id
X-Webstats-RespID
X-Varnish-Cache-Hits
TWC-GeoIP-Country
TWC-Connection-Speed
Webcakes-App-Version
X-Origin-Hint
X-Format
X-IPLB-Request-ID
X-IPLB-Instance
X-Hosted-By
X-Redis-Cache
X-Logging-Id
X-ProxyCache-Key
X-Cache-Expired-At
Webcakes-Region
X-ProxyCache-Status
DB-Nickname
Web-Mar-Node
X-Forwarded-Host
X-Soup
X-Loop
X-PHP-Host
X-Cluster-Node
X-Cms-Context
X-Httpd
X-Labrador-Cache-Channel
X-Request-URI
X-Restarts
X-Tncms
X-Varnish-Beresp-Grace
X-Handled-By
X-Served-From
X-Adobe-Source
Mn-Server-Ip
X-Vcache
X-Wix-Request-Id
Selected-Fe
X-Cluster
X-Proxy-Build
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
Apigw-Requestid
X-Timing-Wait
Url
X-Servername
X-Detected-As
X-Cloudmap
X-Zipkin-Id
X-Origin
X-S
X-Routing-Service
X-Proxied
ServedBy
X-Extlb
X-SRV
X-LSADC-Cache
Cross-Origin-Embedder-Policy
Referer-Policy
X-Rocket-Nginx-Serving-Static
X-Generated-By
X-DynaTrace
X-Via-JSL
N-Cache
X-Lagoon
X-Hit
X-Ms-Request-Id
X-Ms-Version
X-Nginx-Cache
Xserver
X-XRDS-Location
X-Tumblr-Pixel-3
X-Xfnlog-Site
X-Webkit-Csp
X-NWS-UUID-VERIFY
WPO-Cache-Status
X-DataDome
X-Azure-Ref-OriginShield
WPO-Cache-Message
Source
Surrogated-Key
LB
X-RateLimit-Limit-Second
X-Worker
X-Cache-Debug
X-RateLimit-Remaining-Second
X-VCT
X-App-Version
X-RCS-CacheZone
X-Proxy-Cache-Status
CF-IPCountry
AMP-Access-Control-Allow-Source-Origin
X-Upstream-Ht
X-Upstream-Ct
X-Sucuri-Cache
CDN-RequestId
X-Generation-Time
X-Is-Tablet
X-Is-Supported-Browser
X-Is-Mobile
X-Is-Desktop
X-Browser-Name
X-Tcp-Rtt
X-Geo-Region
X-F-Cache
Node
X-Urbn-Site-Id
Locale
X-No-Session
X-Urbn-Context-Path
X-Cdn-Origin
X-UA
X-RID
Cross-Origin-Opener-Policy-Report-Only
X-Signature
X-Drupal-Cache-Contexts
X-NGINX-Cache
Ohc-File-Size
X-Drupal-Cache-Tags
X-Sucuri-ID
X-B-Cache
X-XRDS-LOCATION
X-CLOUD-TRACE-CONTEXT
X-RateLimit-Limit
X-NODE
X-Shopify-Stage
X-MP-GENERATED-AT
X-Sorting-Hat-PodId
X-ShopId
X-Sorting-Hat-ShopId
X-ShardId
X-Storefront-Renderer-Rendered
X-Alternate-Cache-Key
X-Cdn-Forward
X-ElasticPress-Query
X-Service
X-Locale
X-Cache-Rule
X-Cache-Operation
X-FC-Vary-Parameters
XkeyRZ
X-A-Dgt
Mail-Subject
X-Ig-Origin-Region
X-A-Dcw
MD5-Digest
X-A-Dam
X-A-Ccd
Meta-Geo-Continent
X-Varnish-Authentication
X-Thinkindot-L3
X-TIM-N
X-Varnish-CookieHashed-On
X-Varnish-Remaining-TTL
Cluster
X-Aed
X-Vdms-Version
X-Mvc-Supplant-Cachable
Gannett-Cam-Experience-Id
X-GeoIP-City
X-Rojux
X-Proxied-Request
Ngx.Var.Host
X-GeoIP
X-Varnish-CookieINHashed-On
X-Tx-Id
X-A-Wwc
X-A
X-Scheme
X-PAYTM-SRV-ID
BehaviorPad-Version
Azure-Version
Azure-SiteName
Azure-SlotName
X-Path
Candidate-Md5Url
TDXMobile
X-Origin-Time
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
X-Origin-Expires
X-Origin-Response-Time
Azure-RegionName
Azure-InstanceId
X-GeoCode
X-Nyt-Route
X-Platform-Server
Odigeo-Trace-Id
X-AK-Request-ID
We-Hiring
Cdnsip
X-Shield-Cache-Expires
Cdncip
X-ScT
A
X-GeoCountry
X-Org
X-Gdpr
X-Aicache-OS
X-Debug-Cache-Store
X-DefElseHash
X-We-Are-Hiring
X-Proxy-CacheRZ
Origin
X-Vtex-Remote-Cache
X-Request-Time
X-Cache-NE
X-Vmg-Version
X-HS-CF-Cache-Status
X-Depends
X-Cache-Info
X-DefHash
Rendered-Blocks
Sslversion
X-Jobs
X-Conf
X-Loc
Fastly-Backend-Name
Fastly-GeoIP-CountryCode
X-Contensis-Viewer-Groups
X-Site-Version
X-D
X-Debug-Cache-Fetch
Host-ID
Redirect-Candidate
Expect-Staple
X-Internal-TTL
X-Developer
Content-Secure-Policy
X-App-Name
X-Ec-GeoHdr
X-Backend-Instance
X-Bc-Bl
X-Ec-Fail
X-Amz-Storage-Class
X-INCAP-ABP
X-Epic-Correlation-Id
Xc-Version
X-Varnish-Beresp-Ttl
X-Ig-Push-State
X-Mly-Id
Lang
X-Proto
DCR-Decision-By
X-Cache-Aspx
X-Bug-Bounty
X-BCube-Filmed-By
Origin-Agent-Cluster
Producers
DCR-Processing-Time-Ms
X-DPWN-IS-SECURE
X-Cache-Hit
X-Pad
Mime-Version
Release
X-Pool
X-Powered-By-VTEX-Cache
Platform
X-Policy
RNT-Time
RNT-Machine
Origin-EX
Origin-CC
Product
X-Platform
Req-Svc-Chain
Server-Host
X-Cache-Bucket
X-Date
X-Dispatcher-Server
X-Ec-Custom-Error
X-Edge-Server
X-Irp-Debug
X-Core-Value
X-Level-Front-Cache
X-Clientip
X-Content-Age
X-Esi-Check
X-Fastly-Backend
X-Generated-On
X-Gzip
X-GeoIP-Country-Code
X-GeoIP-Region-Code
X-Gamma-Serve
X-Hash
X-Human
X-Fmm-Version
X-HS-Content-Campaign-Id
X-Cdn-Srv
X-Location
Web-Mar-Region
X-NMSegId
X-Accel-Expires-Debug
X-Acquia-Purge-Cdn-Unconfigured
X-Node-Id
V-Age
Tube-Got-Eval
Tube-Got-Results
Tube-Return
X-Amz-Meta-Cb-Modifiedtime
X-Auto-Login
X-Cache-Id
X-Cached-By
X-CacheTTL
X-Cache-Grace
X-Bl-Debug
X-Micro-Cache
X-B3-Trace-ID
X-BBC-Edge-Cache-Status
Tube-Get-Contents
X-Slack-Shared-Secret-Outcome
X-Access
X-Akamai-Device-Characteristics
NM-Fastcgi-Cache
X-Eu-Site
X-AB-Test
X-HN
X-VTEX-Cache-Server
Wxu-Next-Hostname
Wxu-Next-Region
X-Via-Fastly
X-Csrf-Jwt
X-UA-Device-Type
X-Tb-Optimization-Total-Bytes-Saved
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-V-Cache
X-Var-Ttl
X-VG-WebCache
X-Varnishpool
X-Varnish-Director
X-VTEX-Cache-Time
X-GoCache-CacheStatus
Yak-Timeinfo
Ha-Gx-Prefs
HA-Ipaddr
L
Apple-News-Services-Handled
Apple-News-Services-Host
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Cache-Provider
L5d-Success-Class
PFcat
X-VarnishDD-TTL
X-Section
X-Op-Id-All
X-Wikidot-Backend
X-Wikidot-Static-Cache
User-Agent
W
Wxu-Next-Commit
X-Sn-Servicetimems
X-CGP
X-Req
Content-Script-Type
X-SB
IsBot
Click-Count-Error
X-Slack-Backend
Debug
Cdn-Request-Time
Click-Count-Action-Start
Cdn-Host
DSUID
Content-Style-Type
Cache
X-SD-PageType
Esi-Enabled
X-SIPLIST1
Cache-Key
Gh-Request-Id
Canary
NGX
X-Litespeed-Tag
Akamai-Mon-Iucid-Del
X-Newrelic-Synthetics
CDN-RequestPullSuccess
Sid
X-Men
CDN-Uid
X-Gen-Mode
X-ORCA-Accelerator
X-Request-Start
Req-ID
X-CUA
X-Hnp-Log
X-NodeID
X-Request-Host
Fl-Custom-Application
CDN-RequestCountryCode
X-Mvc-Supplant-OutputCached
CDN-Cache
CDCHOST
Pramga
X-VG-TLSProxy
X-Varnish-Beresp-Status
User-Cache-Control
X-Thanos
X-Server-IP
CDN-CachedAt
CDN-EdgeStorageId
X-Block-Status
CDN-RequestPullCode
X-Viewer-Country
X-Cache-FS-Status
Country-Code
X-Bip
X-Content-Length
CDN-PullZone
Ssr
ServerName
Fastly-SSL
X-Pubstack
XM
X-Api-Version
X-Dc
TP-L2-Cache
X-Varnish-Hits
X-Optimistic-Header
X-Cs
X-HOST
X-VServer
X-LB-NoCache
X-TA-CDN-Provider
X-Refresh
X-Cache-Date
X-CACHE-GROUP
X-Geolocation
X-GEO
X-External-Request-Id
X-Application
X-APP
X-S-Cookie
X-IsAdmin
Proxy-Firewall
X-B-Cookie
X-Destination
X-Nananana
X-Via-Edge
X-Via-SSL
True-Client-Country-4JS
X-HITS
Edge-Copy-Time
X-Via-CDN
Fastly-Drupal-Html
X-Zen-Fury
X-AWS-Id
Cdn-Requestid
X-LJ-Flow-ID
X-VWS-Id
X-LiteSpeed-Tag
Server-Hostname
X-Via-Poph
X-Via-Popv
C-Via
Sever-Int
CloudFront-Viewer-Country
X-Via-Popn
Server-Ext
X-User
X-Test
X-Servedbyhost
X-HA-Backend
X-Endurance-Cache-Level
X-ZONE
X-Provided-By
X-Air-Pt
X-LiteSpeed-Cache-Control
X-AIR-PT
X-Zone
Adler-Geo
GeoIP-Latitude
Fastly-Drupal-HTML
X-LB-ID
Is-Eu
X-RequestId
X-B3-Spanid
Ohc-Cache-HIT
X-DynaTrace-JS-Agent
X-DC
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-Backend
X-Country-Code-Real
X-FTR-Expires
X-FTR-Cache-Status
X-Datadome
X-CDN-Forward
X-Nginx-Cache-Key
X-VC-TTL
HostName
X-B3-Parentspanid
X-Dispatcher-Number
Server-ID
X-Nc
X-Webkit-Csp-Report-Only
WZWS-RAY
X-Wa
S-Rt
GeoIp-Country-Code
Cdn
X-Presslabs-Stats
X-Tt-Logid
X-Custom-Header
Cache-Tv-Group
X-Geo-Header
WP-Super-Cache
X-TH-Server
X-URL
X-COUNTRY
X-Vgn-Hpd-Reason
X-Oracle-Dms-Ecid
T-Server
X-CS
X-Resp-Is-Stale
X-Pass-Why
X-ND-Cache
True-Client-IP
X-CACHE-AGE
X-Parent-Response-Time
X-Srv
Vc-Max-Age
X-Cache-Server
X-Old-Content-Length
X-Moov-T
X-Moov-Xdn-Caching-Status
X-CMSURLCustom
X-Moov-Xdn-Version
X-HubSpot-Correlation-Id
SID
Resin-Trace
X-Fpc
X-DataCenter
X-NewRelic-App-Data
X-API-Version
Pics-Label
Tcn
Uri
X-TX-ID
X-Varnish-Beresp-TTL
X-FPC
X-Thinkindot-L1
Location
X-Litespeed-Cache-Control
Powered-By
X-Action
X-Cache-VC
SEZNAM-JOBS-OFFER
Vix-Hermes-Req-Id
X-Vercel-Id
X-Vercel-Cache
X-Srcache-Fetch-Status
X-Srcache-Store-Status
X-Ckpd-Fst-Backend
X-Fastly-Cache
True-Client-Ip
X-SERVER-NAME
X-Oracle-DMS-ECID
N1-Cache
On-Server
Serverhost
Thinkindot-Control
X-Stale
X-Client-Ip
X-APP-VERSION
Srv
ServerHost
X-Datacenter
GeoIP-Country-Code
X-Service-Response-Time
X-Dynatrace-Js-Agent
Sm-Log-Id
AKAMAI
X-WA
X-Oracle-Dms-Rid
X-Cache-TTL-Remaining
X-Amz-Meta-Opti
X-ApacheServer
X-PHP-Backend
X-PERF
Server-Id
X-NC
X-Ua
X-Fastly-Cache-Status
TWC-GeoIP-Region
X-Proxy-Cache-La3
Xkey-La3
Cache-Hits
TWC-GeoIP-City
Xkeylog
TWC-GeoIP-DMA
X-Air-Source
X-Air-Hostname
X-Render-Time
Hostname
X-WA-Info
X-Cdn-Cache-Status
X-Air-Trace-Id
Av-Poweredby
X-Debug-Service
X-Nitro-Cache
Cl-Cache
X-Info
Magicmarker
Geoip-Latitude
Lb
X-Uri
Cf-Ipcountry
X-Ssense-Gql
X-Ssense-Shipping-Surcharge-Enabled
X-Vc
X-Lb-Id
X-Jungle-Id
X-Udemy-Cache-App-Namespace
Cache-Contol
X-Ion-Healthy
RewriteTestHook
RewriteTeamHook
X-Ion-Hop
Log-Origin
X-Ee-Request-Id
X-Fastly-Backend-Reqs
X-Vary-Devices
X-Geo
X-Ee-Origin
X-Ee-Request-Date
X-Save-Cache
X-ServedByHost
Time-Cloud-Cache
Store-Cloud-Cache
X-Cms-Device
X-Ee-Generated-By
Cloudfront-Viewer-Country
X-Cache-Ttl
X-Github-Request-Id
X-Requestid
X-V
X-CDN-Cache-Status
X-VTEX-Cache-Backend-Header-Time
Cmsid
Cmstype
My-App
X-IAuth-Set-Uid
X-Via-PopN
X-Via-PopV
X-Via-PopH
X-Ha-Backend
X-VTEX-Cache-Backend-Connect-Time
CDN
X-Esi
X-Up
X-New
X-Limited
X-From
X-VCL-Version
X-App
X-Rollout
X-Eligible
X-Akamai-Pragma-Client-IP
WebServer
Warning
WWW-Authenticate
CacheControlHeader
X-Region-Sid
X-Traceid
Machine
X-Forwarded-Site
CountryCode
X-Correlation-ID
Pragrma
Server-Info
X-Dw-Trace-Id
X-LAGOON
Cneonction
X-Lb-Nocache
X-MSEdge-Features
X-MSEdge-Flight
X-EC-Lua
FSS-Cache
X-Akamai-Transformed
X-Check-Cacheable
X-Ftr-Request-Id
Reporter
X-Acquia-Site
X-HS-Status
Edge-Cache
X-Acquia-Application-UUID
X-Acquia-Application-Trace
X-Pod
X-Cdn-Request-ID
X-Serial
X-Acquia-Purge-Tags
X-Sucuri-Id
X-Container-Uri
X-Git-Commit
X-SRCache-Key
X-Web-Server
X-Elasticpress-Query
Thinkindot-Cache-Type
X-BBC-Origin-Response-Status
X-Td-Header-From-No-Data
X-Platform-Processor
CF-Cached-On
Timeexpire
X-Ramcache
X-Tncms-Bot-Tier
X-Ms-Lease-Status
X-Ms-Blob-Type
X-Akamai-ERPolicy
X-Akamai-ERRuleID
Permission-Policy
X-Varnish-Hostname
X-Orig-Cache-Control
X-Platform-Cluster
X-Platform-Router
X-Fastly-Cache-Hits