Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
X-Frame-Options
Expires
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
Accept-Ranges
Expect-CT
CF-RAY
Pragma
X-Powered-By
X-Cache
Via
Age
X-XSS-Protection
Content-Security-Policy
Report-To
Alt-Svc
NEL
Referrer-Policy
X-Xss-Protection
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
X-Served-By
P3P
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
CF-Ray
Content-Security-Policy-Report-Only
X-Runtime
X-DNS-Prefetch-Control
P3p
X-AspNet-Version
X-Drupal-Cache
Server-Timing
X-Generator
X-Cache-Status
X-Cacheable
X-Envoy-Upstream-Service-Time
Timing-Allow-Origin
X-Request-ID
X-FRAME-OPTIONS
X-Iinfo
X-Drupal-Dynamic-Cache
Permissions-Policy
X-Content-Security-Policy
Access-Control-Expose-Headers
X-Check
Feature-Policy
Upgrade
Content-Encoding
Status
Accept-CH
X-CDN
X-Ua-Compatible
X-AspNetMvc-Version
Access-Control-Max-Age
Host-Header
Cf-Edge-Cache
X-Robots-Tag
Request-Context
X-Amz-Request-Id
X-Amz-Id-2
X-Backend
X-Hacker
X-Turbo-Charged-By
Cf-Apo-Via
X-Cache-Group
X-Proxy-Cache
Keep-Alive
X-Via
X-Rq
X-Age
X-Server
EagleId
X-Dispatcher
X-UA-Device
X-Vhost
X-Amz-Version-Id
X-AH-Environment
X-Ws-Request-Id
Accept-CH-Lifetime
X-Dns-Prefetch-Control
X-Varnish-Cache
Grace
X-Server-Powered-By
X-Litespeed-Cache
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Pingback
Allow
X-Swift-CacheTime
X-Swift-SaveTime
X-OneAgent-JS-Injection
X-WebKit-CSP
X-Cache-Lookup
Ali-Swift-Global-Savetime
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Page-Speed
X-Cloud-Trace-Context
X-Device
X-Backend-Server
EagleEye-TraceId
X-Akam-SW-Version
X-Host
X-Response-Time
Surrogate-Control
Xkey
Cf-Railgun
X-Readtime
X-LiteSpeed-Cache
X-Server-Id
X-Node
X-HW
X-Ruxit-JS-Agent
Request-Id
X-Country
X-Url
X-Nginx-Cache-Status
X-Content-Type
X-NWS-LOG-UUID
Cache-Tag
X-Application-Context
Content-Location
X-Nginx-Upstream-Cache-Status
X-Clacks-Overhead
Service-Worker-Allowed
X-Trace
X-Amz-Server-Side-Encryption
Cross-Origin-Opener-Policy
Fastly-Restarts
X-Times
X-Country-Code
X-Rack-Cache
X-PC
X-Vname
X-TtlSet
X-Edge
X-Midtier
X-Mcache
Rating
Surrogate-Key
X-Server-Name
X-Browser-Type
X-Sol
Display
X-Middleton-Display
Pagespeed
X-Cache-TTL
X-Cnection
X-Abt-Application-Version
X-Element-Page-Cache
X-Exp-Variant
X-Exp-Id
X-GoogleNews-Bot
X-Kinja
X-Kinja-Revision
X-Kinja-Build
X-Cdn-Fetch
X-Kinja-Server
X-ESI
Nginx-Cache
X-Ser
X-Powered-By-Plesk
X-GitHub-Request-Id
X-Oneagent-Js-Injection
Edge-Control
X-ECACHE
X-D2id
X-Ac
Verso
X-Vcap-Request-Id
X-MS-InvokeApp
X-Dw-Request-Base-Id
X-ARC
X-Client-IP
X-ORACLE-DMS-RID
X-B3-TraceId
X-Amz-Rid
X-CST
X-Middleton-Response
Response
X-Daa-Tunnel
X-Goog-Hash
X-Navigation-Version
X-Powered-CMS
X-Upstream
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-PDP-UNCACHING-HASH
X-Instrumentation
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
X-Edge-Location-Klb
X-Kinsta-Cache
X-Amzn-Trace-Id
X-Forwarded-For
X-Cache-Key
X-Wormhole-Sdk
Accept-Ch-Lifetime
AR-ATIME
X-Ratelimit-Limit
AR-SID
RTSS
AR-PoweredBy
AR-Request-ID
X-Ua-Device
SPRequestDuration
SPIisLatency
X-NF-Request-ID
X-Mod-Pagespeed
X-FastCGI-Cache
Edge-Cache-Tag
Cache-Status
X-ORACLE-DMS-ECID
X-Server-ID
X-Version
X-Ttl
Public-Key-Pins
X-Mg-S
X-Ratelimit-Remaining
AR-CACHE
X-Ruxit-Js-Agent
X-Ezoic-Cdn
X-Content-Digest
Cross-Origin-Resource-Policy
SPRequestGuid
X-SharePointHealthScore
S
Realpath
X-Shield-Request-Id
X-T
Fastcgi-Cache
X-MSEdge-Ref
X-Varnish-TTL
X-Cached
X-Fastly-Request-ID
X-Recruiting
X-Accel-Expires
X-Distributor
Front-End-Https
Access-Control-Request-Method
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Newrelic-App-Data
TP-Cache
X-Debug
Count-Hit
X-Correlation-Id
X-Request-Processing-Time
Arr-Disable-Session-Affinity
X-Request-Received
X-HS-Hub-Id
X-HS-Content-Id
X-TTL
MicrosoftSharePointTeamServices
X-HS-Cache-Config
Server-Node
X-Id
X-Azure-Ref
X-Ua-Browser
X-LLID
X-Content-Security-Policy-Report-Only
X-HS-Combine-CSS
X-VARITI-CCR
X-Frontend
X-PressLabs-Stats
Cache-Tags
X-Cluster-Name
X-Ismobilevalue
X-Hits
X-GUploader-UploadID
Payment
X-Amz-Replication-Status
Origin-Trial
X-Varnish-Backend
X-LB-Cache
X-Goog-Metageneration
Accept-Ch
X-Protected-By
X-Forwarded-Proto
X-Request-Handler-Origin-Region
X-Microsite
Cleartype
Host
X-FB-Debug
X-Git-Hash
X-Unique-Id
X-Logged-In
X-AppVersion
X-Varnish-Server
X-Activity-Id
X-Www-Served-By
X-Az
Content-Disposition
Filterid
X-Pinterest-Rid
Pinterest-Generated-By
X-Ratelimit-Reset
Pinterest-Version
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Hostname
X-NGENIX-Cache
X-App-Server
X-Nf-Request-Id
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Jurisdiction
X-DIS-Request-ID
X-HP-Webp
X-HP-Trace-Id
X-Page-Id
X-Cambria-Cache-Control
Mrf-Cache-Status
X-B3-TraceId-Primal
X-Fastcgi-Cache
X-Geo-Country
MRF-Tech
X-Webkit-CSP
X-Xrds-Location
Akamai-GRN
Access-Control-Allow-Method
X-Load-Cache
X-Origin-Server
Retry-After
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
X-Template
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Upgrade-Enabled
X-Goog-Storage-Class
X-RateLimit-Remaining
X-Aspnet-Version
MS-Author-Via
Viewport
Fastly-SWR
Accept-Charset
X-ASPNET-VERSION
Fastly-SIE
Section-Io-Cache
X-Type
X-Fb-Rlafr
Frame-Options
X-TT
X-TEC-API-ORIGIN
X-Content-Options
X-Cache-Control
X-TEC-API-ROOT
X-TEC-API-VERSION
X-B3-Sampled
Version
X-Varnish-Ttl
X-B
X-Grace
X-Ah-Environment
Content-MD5
X-Request-Guid
X-Envoy-Decorator-Operation
X-Vcl-Version
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Revision
X-Trace-Id
X-Rid
Healthy
X-Device-Type
X-Source
Amp-Access-Control-Allow-Source-Origin
X-Magnolia-Registration
X-Cdn
X-Origin-Cache
X-Amz-Meta-S3cmd-Attrs
X-Cache-Age
Server-Name
X-Contextid
X-CSRF-Token
X-WP-CF-Super-Cache-Active
X-Language
X-Px
X-Mobile
X-Backend-Name
X-Aspnetmvc-Version
X-Buckets
X-Proxy
X-Tec-Api-Origin
X-Tec-Api-Version
X-Tec-Api-Root
X-App-Environment
DC
X-Tumblr-Pixel
X-ProcessESI
X-Tumblr-Pixel-1
X-RM-Cache-TTL
X-Tumblr-User
X-Akamai-Edgescape
X-Tumblr-Pixel-0
X-RemovedCookies
X-Debug-Info
X-Varnish-Grace
Access-Control-Request-Headers
TCN
X-Storage
X-Status
X-Rule
X-Framework
X-Mg-Request-UUID
X-FW-Dynamic
X-Node-Name
X-HTML-Minification-Powered-By
X-Adobe-Loc
X-L-Path
X-FW-Hash
SD-X-WS
X-Adobe-Content
NGB
Cross-Origin-Window-Policy
X-Cacheable-TTL
X-FTR-Request-ID
X-Instance
X-Proxy-Cache-Info
X-FW-Type
X-Region
X-NYM-Debug-Backend
X-Content-Powered-By
X-G
X-FW-Static
X-FW-Server
X-FW-Serve
X-Debug-IsConnected
X-FW-Version
X-Debug-IsPreview
X-UUID
X-ServerID
X-Environment-Context
Ms-Operation-Id
MS-CV
X-Datadog-Trace-Id
X-RTag
X-Datadog-Sampling-Priority
X-Datadog-Parent-Id
X-Datadog-Sampled
X-Rendered-As
X-Seen-By
GEO-INFO
X-Is-Bot
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Cache-Time
X-EdgeConnect-Cache-Status
Upgrade-Insecure-Requests
Paypal-Debug-Id
Trailer
X-User-Agent
Countrycode
Webserver
Protected
Charset
X-Edge-Location
X-HS-Prerendered
Front
X-Whom
OT-Force-Account-Verify
X-WebKit-CSP-Report-Only
X-TT-LOGID
X-Lambda-Id
Refresh
X-VC
Section-Io-Id
X-TraceId
X-IPS-LoggedIn
Priority
X-Cache-Status-Check
X-N
X-Reqid
X-AB
X-Akamai-Request-ID2
X-Amzn-Remapped-Content-Length
X-ECache
Country
X-Time
X-VHOST
Alternate-Protocol
X-Original-Request-Id
X-Response-Served-From
Cross-Origin-Embedder-Policy-Report-Only
X-B3-SpanId
SRV
Backend
X-B3-Traceid
X-Fastly-Request-Id
X-WP-CF-Super-Cache-Cookies-Bypass
X-Server-W
Xet-Cookie
X-Hcs-Proxy-Type
X-Hl-Ver
X-CCDN-CacheTTL
X-CCDN-Origin-Time
Liferay-Portal
X-Mode
X-Real-IP
Onion-Location
X-Cache-Host
Environment
X-Tb
X-Fetched-On
X-FB-TRIP-ID
Fastcgi-Useragent
Meta-Geo
From-Origin
ServerID
X-Accel-Version
Filters
X-Auth-Group-Type
X-JoinUs
X-SaId
X-Scope-Id
X-Origin-Date
X-Rn-Rsrv
X-Rewrite-Enabled
X-Skip-Cache
X-Frame-Option
X-VC-Cache
X-UPSTREAM-Address
X-Tumblr-Pixel-2
Accept-Language
X-Web-Node
X-Webstats-RespID
Property-Id
TWC-GeoIP-Country
X-Origin-CC
Webcakes-App-Version
Webcakes-Region
X-Cache-Expired-At
X-Origin-Hint
X-Origin-TTL
Webcakes-App-Name
X-Varnish-Cache-Hits
TWC-GeoIP-LatLong
TWC-Locale-Group
TWC-Privacy
TWC-Device-Class
Expiry
X-Cluster-Node
X-IPLB-Request-ID
X-Cache-Action
X-IPLB-Instance
X-Connection-Hash
X-Hosted-By
X-Director
X-BYPASS-REASON
X-Logging-Id
X-Redis-Cache
X-Restarts
Atl-Traceid
X-R9-Blue-Green-Version
X-ProxyCache-Status
X-ProxyCache-Key
Uber-Trace-Id
X-Varnish-Age
TWC-Connection-Speed
X-Tncms
X-Served-From
X-SayCDN-TTL
Apigw-Requestid
X-Varnish-Beresp-Grace
X-Format
Web-Mar-Node
Mn-Server-Ip
X-Say-TTL
X-Say-Cacheable
X-Httpd
X-Handled-By
X-Cms-Context
X-Labrador-Cache-Channel
X-Loop
X-Request-URI
X-Adobe-Source
X-PHP-Host
X-Forwarded-Host
X-Vcache
DB-Nickname
X-Wix-Request-Id
VIX-Pulpo-Upstream-Status
X-Timing-Wait
X-Soup
ServedBy
Selected-Fe
X-Proxy-Build
VIX-Pulpo-Node
X-Cluster
X-Origin
X-Extlb
Url
X-Cloudmap
X-Routing-Service
X-Servername
X-S
X-Generated-By
X-Zipkin-Id
X-Proxied
X-Detected-As
X-LSADC-Cache
X-SRV
Referer-Policy
Cross-Origin-Embedder-Policy
X-DynaTrace
X-Lagoon
X-Rocket-Nginx-Serving-Static
N-Cache
X-Via-JSL
X-Hit
Xserver
X-Ms-Version
X-Nginx-Cache
X-Ms-Request-Id
X-XRDS-Location
X-Tumblr-Pixel-3
X-Xfnlog-Site
WPO-Cache-Message
WPO-Cache-Status
X-Webkit-Csp
X-NWS-UUID-VERIFY
X-DataDome
X-Azure-Ref-OriginShield
Source
Surrogated-Key
LB
X-RateLimit-Limit-Second
X-VCT
X-RateLimit-Remaining-Second
X-Worker
X-Cache-Debug
X-App-Version
X-Proxy-Cache-Status
X-RCS-CacheZone
CF-IPCountry
AMP-Access-Control-Allow-Source-Origin
X-Upstream-Ct
X-Upstream-Ht
X-Sucuri-Cache
X-Generation-Time
X-Is-Mobile
X-Browser-Name
X-Tcp-Rtt
X-Is-Tablet
X-Is-Supported-Browser
X-Is-Desktop
X-Geo-Region
X-F-Cache
Locale
X-No-Session
X-Urbn-Context-Path
X-Urbn-Site-Id
Node
X-Cdn-Origin
X-Sucuri-ID
X-Signature
X-UA
X-NGINX-Cache
X-RID
X-Drupal-Cache-Contexts
Cross-Origin-Opener-Policy-Report-Only
X-Drupal-Cache-Tags
Ohc-File-Size
X-B-Cache
X-XRDS-LOCATION
CDN-RequestId
X-CLOUD-TRACE-CONTEXT
X-MP-GENERATED-AT
X-RateLimit-Limit
X-NODE
X-ShardId
X-ShopId
X-Shopify-Stage
X-Alternate-Cache-Key
X-Storefront-Renderer-Rendered
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Varnish-Beresp-Ttl
X-Locale
X-ElasticPress-Query
X-Service
X-Cdn-Forward
X-Cache-Operation
X-Cache-Rule
Redirect-Candidate
X-Varnish-CookieHashed-On
X-Varnish-Authentication
X-Tx-Id
X-Varnish-CookieINHashed-On
X-Varnish-Remaining-TTL
X-PAYTM-SRV-ID
X-D
X-Ig-Origin-Region
X-Bug-Bounty
Rendered-Blocks
X-Conf
Producers
X-Platform-Server
X-Contensis-Viewer-Groups
X-Thinkindot-L3
X-Cache-Aspx
X-TIM-N
X-Ig-Push-State
Odigeo-Trace-Id
X-Jobs
X-Cache-NE
Cdncip
Lang
X-Proto
X-Vtex-Remote-Cache
Mail-Subject
Cdnsip
X-Proxy-CacheRZ
DCR-Decision-By
DCR-Processing-Time-Ms
Expect-Staple
Fastly-Backend-Name
Content-Secure-Policy
Host-ID
Cluster
X-Internal-TTL
MD5-Digest
X-Rojux
X-Request-Time
Azure-InstanceId
A
X-Scheme
X-Shield-Cache-Expires
X-ScT
Azure-RegionName
Azure-SiteName
Ngx.Var.Host
Meta-Geo-Continent
Candidate-Md5Url
X-INCAP-ABP
BehaviorPad-Version
Azure-SlotName
Azure-Version
Origin
X-Origin-Response-Time
X-A
X-Mly-Id
X-A-Ccd
X-We-Are-Hiring
X-A-Dam
X-HS-CF-Cache-Status
We-Hiring
X-Mvc-Supplant-Cachable
X-Ec-Fail
X-Bc-Bl
X-Debug-Cache-Fetch
X-Ec-GeoHdr
X-Backend-Instance
X-A-Dcw
X-A-Dgt
X-Amz-Storage-Class
X-Loc
X-GeoIP-City
X-App-Name
X-GeoCountry
X-GeoCode
X-Gdpr
X-AK-Request-ID
X-FC-Vary-Parameters
X-Vmg-Version
X-A-Wwc
X-Aed
X-Aicache-OS
X-GeoIP
X-Site-Version
TDXMobile
XkeyRZ
X-Vdms-Version
X-Depends
Thinkindot-CacheControl
X-Developer
X-Nyt-Route
Sslversion
X-Path
X-Debug-Cache-Store
X-Origin-Time
X-Origin-Expires
X-Org
X-DefElseHash
Thinkindot-CacheControl-Type
X-DefHash
X-BCube-Filmed-By
Xc-Version
X-DPWN-IS-SECURE
X-Cache-Hit
X-Pad
Mime-Version
X-Amz-Meta-Cb-Modifiedtime
X-Proxied-Request
Platform
X-Location
X-B3-Trace-ID
X-Micro-Cache
RNT-Machine
IsBot
Gannett-Cam-Experience-Id
X-Cache-Bucket
Server-Host
Esi-Enabled
Product
Fastly-GeoIP-CountryCode
Gh-Request-Id
X-Cache-Grace
X-Level-Front-Cache
RNT-Time
X-Acquia-Purge-Cdn-Unconfigured
Origin-Agent-Cluster
Release
Tube-Got-Results
Origin-CC
Tube-Return
Web-Mar-Region
X-Node-Id
V-Age
NM-Fastcgi-Cache
Origin-EX
X-NMSegId
X-Accel-Expires-Debug
X-Pool
X-Policy
X-Platform
X-Bl-Debug
Tube-Got-Eval
Tube-Get-Contents
NGX
X-Powered-By-VTEX-Cache
X-SVT-ORM-RULES
X-Via-Fastly
X-VG-WebCache
X-Wikidot-Static-Cache
L
X-AB-Test
X-Viewer-Country
X-HS-Content-Campaign-Id
X-Wikidot-Backend
X-Ec-Custom-Error
X-Dispatcher-Server
X-Human
User-Agent
L5d-Success-Class
DSUID
X-Varnishpool
W
Wxu-Next-Commit
Wxu-Next-Region
X-Newrelic-Synthetics
Wxu-Next-Hostname
X-Edge-Server
X-Akamai-Device-Characteristics
X-HN
X-Eu-Site
X-Csrf-Jwt
X-GeoIP-Country-Code
X-Gamma-Serve
X-VTEX-Cache-Time
X-VarnishDD-TTL
X-Generated-On
X-Op-Id-All
X-VTEX-Cache-Server
X-GeoIP-Region-Code
X-CGP
X-Esi-Check
X-Epic-Correlation-Id
X-Fastly-Backend
X-Hash
X-GoCache-CacheStatus
X-Fmm-Version
X-Gzip
Yak-Timeinfo
PFcat
Canary
X-Cdn-Srv
Cdn-Host
X-Irp-Debug
Cache-Key
Cache
X-Date
X-SD-PageType
X-SB
Cdn-Request-Time
X-CacheTTL
Content-Script-Type
Content-Style-Type
X-Cache-Id
Debug
X-Req
Click-Count-Error
X-Cached-By
X-Cache-Info
Click-Count-Action-Start
X-SIPLIST1
X-Clientip
X-V-Cache
X-UA-Device-Type
Ha-Gx-Prefs
Cache-Provider
X-Content-Age
X-Varnish-Director
X-Core-Value
X-Var-Ttl
X-Tb-Optimization-Total-Bytes-Saved
HA-Ipaddr
X-Slack-Shared-Secret-Outcome
X-Slack-Backend
X-Auto-Login
X-Sn-Servicetimems
X-SVT-ORM-VERSION
X-Litespeed-Tag
Akamai-Mon-Iucid-Del
X-Hnp-Log
X-CUA
X-BBC-Edge-Cache-Status
X-Cache-FS-Status
X-Bip
X-Block-Status
X-Gen-Mode
CDN-EdgeStorageId
X-Thanos
CDCHOST
Apple-News-Services-Request-Url
Fastly-SSL
X-Server-IP
CDN-PullZone
CDN-CachedAt
X-Request-Start
X-Varnish-Beresp-Status
Apple-News-Services-Parsed-Url
X-VG-TLSProxy
X-Content-Length
X-Access
Sid
XM
X-NodeID
Apple-News-Services-Host
Apple-News-Services-Handled
CDN-RequestCountryCode
CDN-Cache
ServerName
CDN-RequestPullCode
Req-ID
Ssr
Fl-Custom-Application
X-Men
X-Mvc-Supplant-OutputCached
User-Cache-Control
X-ORCA-Accelerator
Req-Svc-Chain
CDN-Uid
X-Request-Host
CDN-RequestPullSuccess
Country-Code
X-Section
Pramga
X-Pubstack
TP-L2-Cache
X-Optimistic-Header
X-Dc
X-Varnish-Hits
X-Api-Version
X-VServer
X-Cs
X-TA-CDN-Provider
X-HOST
X-Geolocation
X-Cache-Date
X-CACHE-GROUP
X-LB-NoCache
X-Refresh
X-GEO
Cdn-Requestid
X-IsAdmin
X-APP
X-S-Cookie
X-B-Cookie
X-Nananana
X-Application
X-External-Request-Id
X-Destination
Proxy-Firewall
True-Client-Country-4JS
X-Zen-Fury
Fastly-Drupal-Html
X-HITS
X-AWS-Id
X-VWS-Id
X-LJ-Flow-ID
X-LiteSpeed-Tag
X-Via-Edge
X-Via-SSL
X-Via-CDN
Edge-Copy-Time
CloudFront-Viewer-Country
C-Via
X-Servedbyhost
Sever-Int
Server-Hostname
X-Test
X-HA-Backend
Server-Ext
X-Via-Popn
X-Via-Popv
X-Via-Poph
X-User
X-Provided-By
X-ZONE
X-Endurance-Cache-Level
X-AIR-PT
Adler-Geo
X-Zone
X-B3-Spanid
Is-Eu
X-LB-ID
Fastly-Drupal-HTML
X-LiteSpeed-Cache-Control
X-Air-Pt
GeoIP-Latitude
X-RequestId
X-FTR-Backend-Server
X-FTR-Balancer
X-CDN-Forward
X-DynaTrace-JS-Agent
Ohc-Cache-HIT
X-DC
X-Datadome
X-FTR-Expires
X-FTR-Cache-Status
X-FTR-Backend
X-Country-Code-Real
HostName
Server-ID
X-Nginx-Cache-Key
X-B3-Parentspanid
X-Dispatcher-Number
X-VC-TTL
X-Webkit-Csp-Report-Only
WZWS-RAY
X-Nc
S-Rt
X-Wa
GeoIp-Country-Code
Cdn
X-Tt-Logid
X-Presslabs-Stats
X-Geo-Header
Cache-Tv-Group
X-URL
X-Custom-Header
X-Vgn-Hpd-Reason
X-TH-Server
X-COUNTRY
T-Server
X-Oracle-Dms-Ecid
X-CS
X-Moov-Xdn-Caching-Status
X-Moov-T
X-Resp-Is-Stale
True-Client-IP
X-Pass-Why
X-Moov-Xdn-Version
WP-Super-Cache
X-ND-Cache
X-CACHE-AGE
X-Parent-Response-Time
X-Srv
X-Cache-Server
X-Old-Content-Length
X-CMSURLCustom
Vc-Max-Age
X-HubSpot-Correlation-Id
SID
Resin-Trace
X-NewRelic-App-Data
X-Fpc
X-DataCenter
X-API-Version
X-TX-ID
Pics-Label
Tcn
Uri
Vix-Hermes-Req-Id
X-FPC
X-Thinkindot-L1
SEZNAM-JOBS-OFFER
X-Litespeed-Cache-Control
X-Vercel-Id
X-Action
Location
X-Vercel-Cache
X-Cache-VC
Powered-By
X-Srcache-Fetch-Status
X-Srcache-Store-Status
X-Fastly-Cache
X-Varnish-Beresp-TTL
X-Ckpd-Fst-Backend
True-Client-Ip
X-SERVER-NAME
Thinkindot-Control
On-Server
N1-Cache
Serverhost
X-Stale
X-Client-Ip
X-APP-VERSION
X-Datacenter
Srv
GeoIP-Country-Code
ServerHost
Sm-Log-Id
X-Service-Response-Time
X-Dynatrace-Js-Agent
X-NC
X-Oracle-Dms-Rid
X-Cache-TTL-Remaining
X-PERF
X-PHP-Backend
Server-Id
X-Amz-Meta-Opti
AKAMAI
Request-ID
X-WA
X-Ua
X-ApacheServer
X-Air-Trace-Id
X-Debug-Service
Xkeylog
X-Air-Source
Hostname
X-Air-Hostname
X-Fastly-Cache-Status
Av-Poweredby
Cache-Hits
X-WA-Info
Xkey-La3
TWC-GeoIP-Region
X-Cdn-Cache-Status
TWC-GeoIP-DMA
TWC-GeoIP-City
X-Nitro-Cache
X-Render-Time
X-Proxy-Cache-La3
Cl-Cache
Magicmarker
Lb
X-Uri
X-Info
Geoip-Latitude
Cf-Ipcountry
X-Ssense-Gql
X-Vc
X-Ssense-Shipping-Surcharge-Enabled
X-Lb-Id
RewriteTestHook
Log-Origin
Cache-Contol
RewriteTeamHook
X-Udemy-Cache-App-Namespace
X-Ee-Origin
X-Fastly-Backend-Reqs
X-Ion-Healthy
Cloudfront-Viewer-Country
X-Jungle-Id
X-Geo
X-ServedByHost
Store-Cloud-Cache
X-Ion-Hop
X-Cms-Device
X-Ee-Request-Date
X-Save-Cache
X-Ee-Request-Id
X-Vary-Devices
X-Ee-Generated-By
Time-Cloud-Cache
X-Cache-Ttl
Cmstype
My-App
X-Ha-Backend
Cmsid
X-IAuth-Set-Uid
X-Via-PopH
X-CDN-Cache-Status
X-Github-Request-Id
X-VTEX-Cache-Backend-Connect-Time
X-Requestid
X-VTEX-Cache-Backend-Header-Time
X-Oracle-DMS-ECID
X-Via-PopN
X-Via-PopV
X-V
CDN
X-Esi
X-Up
X-From
X-Eligible
X-VCL-Version
X-App
X-Limited
X-New
X-Rollout
X-Akamai-Pragma-Client-IP
X-Forwarded-Site
WebServer
X-Traceid
Warning
X-Region-Sid
CacheControlHeader
Machine
WWW-Authenticate
CountryCode
X-Correlation-ID
Server-Info
X-MSEdge-Features
X-Dw-Trace-Id
X-LAGOON
X-MSEdge-Flight
Pragrma
X-Lb-Nocache
Cneonction
X-HS-Status
Reporter
X-Acquia-Purge-Tags
FSS-Cache
Edge-Cache
X-Serial
X-Check-Cacheable
X-Acquia-Site
X-Acquia-Application-Trace
X-Acquia-Application-UUID
X-Cdn-Request-ID
X-Akamai-Transformed
X-Pod
X-EC-Lua
X-Ftr-Request-Id
X-Container-Uri
X-Sucuri-Id
X-Git-Commit
Thinkindot-Cache-Type
X-Td-Header-From-No-Data
X-Web-Server
X-BBC-Origin-Response-Status
Permission-Policy
X-Elasticpress-Query
X-Varnish-Hostname
X-SRCache-Key
X-Platform-Processor
X-Fastly-Cache-Hits
X-Tncms-Bot-Tier
Timeexpire
X-Akamai-ERPolicy
X-Akamai-ERRuleID
X-Ms-Lease-Status
X-Ms-Blob-Type
X-Platform-Cluster
X-Platform-Router
X-Ramcache
X-Orig-Cache-Control
CF-Cached-On