Threat Level: green Handler on Duty: Jim Clausing

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
X-Frame-Options
Expires
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
Accept-Ranges
Expect-CT
CF-RAY
Pragma
X-Powered-By
X-Cache
X-XSS-Protection
Via
Age
Content-Security-Policy
Report-To
Alt-Svc
NEL
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Xss-Protection
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
X-Served-By
P3P
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
CF-Ray
Content-Security-Policy-Report-Only
X-Runtime
X-DNS-Prefetch-Control
X-AspNet-Version
X-Drupal-Cache
X-Generator
Server-Timing
P3p
X-Cache-Status
X-Cacheable
X-Envoy-Upstream-Service-Time
X-Request-ID
X-FRAME-OPTIONS
Timing-Allow-Origin
X-Iinfo
X-Drupal-Dynamic-Cache
X-Check
Permissions-Policy
X-Ua-Compatible
X-Content-Security-Policy
Access-Control-Expose-Headers
Feature-Policy
Upgrade
Content-Encoding
Status
X-CDN
X-AspNetMvc-Version
Access-Control-Max-Age
Host-Header
Cf-Edge-Cache
X-Robots-Tag
Request-Context
X-Amz-Request-Id
X-Amz-Id-2
Accept-CH
X-Backend
X-Hacker
X-Turbo-Charged-By
X-Cache-Group
Cf-Apo-Via
X-Proxy-Cache
Keep-Alive
X-Via
X-Rq
EagleId
X-Server
X-Age
X-Dispatcher
X-UA-Device
X-Vhost
X-Amz-Version-Id
X-AH-Environment
Accept-CH-Lifetime
X-Ws-Request-Id
X-Dns-Prefetch-Control
X-Varnish-Cache
Grace
X-Server-Powered-By
X-Litespeed-Cache
X-WebKit-CSP
X-Pantheon-Styx-Hostname
Allow
X-Styx-Req-Id
X-Swift-CacheTime
X-Swift-SaveTime
X-Pingback
X-Cache-Lookup
X-OneAgent-JS-Injection
Ali-Swift-Global-Savetime
X-Page-Speed
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Device
X-Backend-Server
EagleEye-TraceId
X-Akam-SW-Version
X-Cloud-Trace-Context
X-Host
X-Response-Time
Surrogate-Control
Cf-Railgun
X-Readtime
X-Node
X-HW
X-LiteSpeed-Cache
X-Server-Id
X-Ruxit-JS-Agent
Xkey
Request-Id
X-Country
X-Url
X-Nginx-Cache-Status
X-NWS-LOG-UUID
X-Application-Context
X-Content-Type
Cache-Tag
Content-Location
X-Nginx-Upstream-Cache-Status
X-Clacks-Overhead
Service-Worker-Allowed
X-Trace
X-Amz-Server-Side-Encryption
Fastly-Restarts
Cross-Origin-Opener-Policy
X-Times
X-Vname
X-PC
X-TtlSet
X-Rack-Cache
X-Edge
X-Midtier
X-Mcache
X-Country-Code
Rating
Surrogate-Key
X-Server-Name
X-Browser-Type
X-Sol
Display
Pagespeed
X-Middleton-Display
X-Cache-TTL
X-Abt-Application-Version
X-Element-Page-Cache
X-Cnection
X-Kinja
X-Kinja-Revision
X-Kinja-Server
X-GoogleNews-Bot
X-Kinja-Build
X-Exp-Id
X-Cdn-Fetch
X-Exp-Variant
X-ESI
X-Oneagent-Js-Injection
X-Ser
Nginx-Cache
X-GitHub-Request-Id
Edge-Control
X-Powered-By-Plesk
X-D2id
Verso
X-Ac
X-Dw-Request-Base-Id
X-Vcap-Request-Id
X-ARC
Accept-Ch-Lifetime
X-Client-IP
X-MS-InvokeApp
X-ECACHE
X-Aspnet-Version
X-ORACLE-DMS-RID
X-B3-TraceId
X-Daa-Tunnel
X-CST
X-Navigation-Version
X-Amz-Rid
X-Upstream
X-Goog-Hash
X-Powered-CMS
X-Middleton-Response
Response
X-Kraken-Loop-Name
X-Instrumentation
X-Erf-Bev-Bev
X-Server-Lifecycle-Phase
X-Erf-Bev-Bev-Is-Generated
X-PDP-UNCACHING-HASH
X-Kinsta-Cache
X-Edge-Location-Klb
X-Server-ID
X-Ttl
X-NF-Request-ID
X-Ua-Device
AR-PoweredBy
AR-ATIME
AR-SID
AR-Request-ID
X-Cache-Key
X-Amzn-Trace-Id
X-Forwarded-For
X-Wormhole-Sdk
X-Ratelimit-Limit
RTSS
X-Mod-Pagespeed
X-Ratelimit-Remaining
SPIisLatency
SPRequestDuration
Cache-Status
Edge-Cache-Tag
X-Version
X-ORACLE-DMS-ECID
Public-Key-Pins
X-Ruxit-Js-Agent
AR-CACHE
X-Mg-S
X-Ezoic-Cdn
Cross-Origin-Resource-Policy
S
Realpath
SPRequestGuid
X-SharePointHealthScore
X-FastCGI-Cache
X-Shield-Request-Id
X-Content-Digest
X-T
Fastcgi-Cache
X-MSEdge-Ref
X-Cached
X-Recruiting
X-Accel-Expires
Access-Control-Request-Method
X-Fastly-Request-ID
X-Distributor
X-Newrelic-App-Data
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
Front-End-Https
TP-Cache
X-Correlation-Id
X-Debug
Count-Hit
X-Request-Processing-Time
Arr-Disable-Session-Affinity
X-Request-Received
X-Id
X-HS-Hub-Id
X-Content-Security-Policy-Report-Only
X-HS-Content-Id
Server-Node
X-HS-Cache-Config
X-Varnish-TTL
MicrosoftSharePointTeamServices
X-Ua-Browser
X-LLID
X-Azure-Ref
X-VARITI-CCR
X-HS-Combine-CSS
X-Frontend
Cache-Tags
X-Cluster-Name
X-Ismobilevalue
X-Hits
X-PressLabs-Stats
Payment
Accept-Ch
X-Amz-Replication-Status
X-GUploader-UploadID
X-LB-Cache
X-Varnish-Backend
X-Forwarded-Proto
X-Goog-Metageneration
X-Fastcgi-Cache
X-Microsite
X-Request-Handler-Origin-Region
X-FB-Debug
X-Git-Hash
Host
X-Protected-By
Filterid
X-Varnish-Server
X-Www-Served-By
Content-Disposition
X-Unique-Id
Cleartype
X-Logged-In
X-Varnish-Ttl
X-Ratelimit-Reset
X-Activity-Id
X-AppVersion
X-Az
X-Tt-Trace-Tag
X-App-Server
X-Tt-Trace-Host
X-Hostname
X-NGENIX-Cache
X-TTL
X-Amz-Apigw-Id
X-Amzn-RequestId
X-HP-Webp
Origin-Trial
X-HP-Trace-Id
X-Jurisdiction
X-DIS-Request-ID
X-Page-Id
X-Pinterest-Rid
Pinterest-Generated-By
Mrf-Cache-Status
X-B3-TraceId-Primal
Pinterest-Version
MRF-Tech
X-Geo-Country
Access-Control-Allow-Method
X-Origin-Server
Retry-After
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
X-Load-Cache
X-Cambria-Cache-Control
X-ASPNET-VERSION
X-Goog-Storage-Class
X-Upgrade-Enabled
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
Akamai-GRN
X-TEC-API-ROOT
X-TEC-API-VERSION
MS-Author-Via
X-Template
X-TEC-API-ORIGIN
Accept-Charset
Fastly-SWR
X-Type
Section-Io-Cache
X-Ah-Environment
Fastly-SIE
X-TT
X-Fb-Rlafr
X-Cache-Control
Viewport
X-Content-Options
X-B3-Sampled
Content-MD5
X-B
Version
X-Grace
Frame-Options
X-Xrds-Location
Amp-Access-Control-Allow-Source-Origin
X-Nf-Request-Id
X-Request-Guid
X-Revision
X-Trace-Id
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Vcl-Version
X-Cdn
X-Amz-Meta-S3cmd-Attrs
Healthy
X-Envoy-Decorator-Operation
TCN
X-Origin-Cache
X-Device-Type
X-RateLimit-Remaining
X-Magnolia-Registration
X-Contextid
X-Source
X-CSRF-Token
X-Aspnetmvc-Version
X-Rid
X-Webkit-CSP
X-WP-CF-Super-Cache-Active
X-Cache-Age
Server-Name
X-Backend-Name
X-Px
DC
X-Mobile
X-Proxy
X-Language
X-RemovedCookies
X-ProcessESI
X-Buckets
X-App-Environment
X-RM-Cache-TTL
X-Varnish-Grace
X-Tumblr-Pixel-1
X-Tumblr-User
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Environment-Context
X-Seen-By
X-Framework
X-Akamai-Edgescape
X-Debug-Info
X-Storage
X-L-Path
X-Mg-Request-UUID
X-Status
Access-Control-Request-Headers
X-HTML-Minification-Powered-By
X-Content-Powered-By
X-Debug-IsConnected
NGB
X-Adobe-Content
X-Adobe-Loc
SD-X-WS
X-Debug-IsPreview
X-Cacheable-TTL
X-FW-Type
X-NYM-Debug-Backend
X-Node-Name
X-Proxy-Cache-Info
X-Region
X-UUID
X-ServerID
X-Instance
X-G
X-FW-Serve
X-FW-Hash
X-FW-Server
X-FW-Static
X-FW-Version
X-FW-Dynamic
Cross-Origin-Window-Policy
X-Tec-Api-Version
X-Tec-Api-Root
X-Tec-Api-Origin
X-Is-Bot
X-Rendered-As
GEO-INFO
X-Rule
X-Yottaa-Optimizations
MS-CV
Paypal-Debug-Id
Ms-Operation-Id
X-Yottaa-Metrics
X-Datadog-Parent-Id
X-Datadog-Trace-Id
X-RTag
X-Datadog-Sampling-Priority
X-Datadog-Sampled
X-ECache
X-User-Agent
X-Cache-Time
X-EdgeConnect-Cache-Status
Upgrade-Insecure-Requests
Webserver
Trailer
Front
Charset
Countrycode
Protected
X-Fastly-Request-Id
X-Whom
OT-Force-Account-Verify
X-Edge-Location
X-Lambda-Id
X-TT-LOGID
X-VC
X-WebKit-CSP-Report-Only
Refresh
X-N
Section-Io-Id
X-VHOST
X-IPS-LoggedIn
X-Akamai-Request-ID2
X-Cache-Status-Check
X-HS-Prerendered
X-AB
Country
Priority
X-Time
X-B3-Traceid
Backend
Alternate-Protocol
X-B3-SpanId
X-Reqid
X-Amzn-Remapped-Content-Length
X-CCDN-Origin-Time
X-CCDN-CacheTTL
X-Hl-Ver
X-Hcs-Proxy-Type
X-WP-CF-Super-Cache-Cookies-Bypass
Xet-Cookie
Liferay-Portal
X-Server-W
X-CLOUD-TRACE-CONTEXT
X-Response-Served-From
X-Original-Request-Id
SRV
X-Via-JSL
X-Mode
Accept-Language
VIX-Pulpo-Upstream-Status
X-Accel-Version
Meta-Geo
VIX-Pulpo-Node
X-Tumblr-Pixel-2
Filters
X-Tb
X-JoinUs
X-SaId
Environment
X-Rewrite-Enabled
X-Cache-Host
X-Real-IP
Onion-Location
X-FB-TRIP-ID
X-Skip-Cache
X-Origin-Date
X-Rn-Rsrv
X-Wix-Request-Id
X-VC-Cache
X-Fetched-On
X-UPSTREAM-Address
X-Auth-Group-Type
X-Frame-Option
X-Web-Node
Fastcgi-Useragent
From-Origin
ServerID
TWC-Privacy
X-Cache-Expired-At
X-Cluster-Node
Uber-Trace-Id
X-Cache-Action
Webcakes-App-Name
Webcakes-Region
X-BYPASS-REASON
Webcakes-App-Version
TWC-Locale-Group
Atl-Traceid
Property-Id
Expiry
TWC-Connection-Speed
TWC-Device-Class
TWC-GeoIP-LatLong
TWC-GeoIP-Country
X-Connection-Hash
X-Generated-By
X-Varnish-Cache-Hits
X-Scope-Id
X-Varnish-Age
X-Director
X-Nginx-Cache
X-ProxyCache-Key
X-SayCDN-TTL
X-Redis-Cache
X-Restarts
X-Say-Cacheable
X-Webstats-RespID
X-Say-TTL
X-Request-URI
X-Origin-Hint
X-ProxyCache-Status
X-Hosted-By
X-Format
X-IPLB-Request-ID
X-IPLB-Instance
X-Logging-Id
X-PHP-Host
X-Vcache
X-Varnish-Beresp-Grace
X-Httpd
Cross-Origin-Embedder-Policy-Report-Only
X-Cms-Context
Apigw-Requestid
Mn-Server-Ip
X-Loop
X-Forwarded-Host
X-Handled-By
X-R9-Blue-Green-Version
X-Served-From
X-Adobe-Source
X-Tncms
X-DataDome
X-Labrador-Cache-Channel
X-Soup
Web-Mar-Node
DB-Nickname
Selected-Fe
X-Timing-Wait
X-Proxy-Build
X-Proxied
X-Detected-As
X-S
X-Cluster
X-Routing-Service
X-Zipkin-Id
X-Servername
X-Origin
X-Extlb
X-Cloudmap
ServedBy
Url
X-Origin-CC
X-Origin-TTL
Referer-Policy
LB
X-SRV
Xserver
N-Cache
X-LSADC-Cache
X-Lagoon
X-Rocket-Nginx-Serving-Static
X-XRDS-Location
X-Hit
Cross-Origin-Embedder-Policy
CF-IPCountry
X-Webkit-Csp
X-Ms-Request-Id
X-Ms-Version
X-TraceId
X-Xfnlog-Site
X-DynaTrace
X-Tumblr-Pixel-3
X-XRDS-LOCATION
X-UA
CDN-RequestId
X-Upstream-Ct
X-NWS-UUID-VERIFY
X-RID
X-Upstream-Ht
Source
X-Cache-Debug
X-VCT
X-Azure-Ref-OriginShield
WPO-Cache-Message
WPO-Cache-Status
X-Proxy-Cache-Status
X-RCS-CacheZone
Surrogated-Key
X-FTR-Request-ID
X-RateLimit-Remaining-Second
X-Worker
X-RateLimit-Limit-Second
X-Is-Supported-Browser
X-Geo-Region
X-Is-Mobile
X-Is-Desktop
X-Tcp-Rtt
X-Browser-Name
X-Is-Tablet
Locale
X-B-Cache
X-No-Session
X-Urbn-Site-Id
X-Urbn-Context-Path
X-F-Cache
X-Signature
X-Generation-Time
X-Sucuri-Cache
Node
X-App-Version
X-Cdn-Origin
X-RateLimit-Limit
X-Drupal-Cache-Tags
X-Drupal-Cache-Contexts
X-NODE
X-Sucuri-ID
X-Sorting-Hat-PodId
X-Shopify-Stage
X-Sorting-Hat-ShopId
X-Storefront-Renderer-Rendered
X-Tx-Id
X-Alternate-Cache-Key
X-ShardId
X-ShopId
X-Cdn-Forward
X-Locale
X-MP-GENERATED-AT
Ohc-File-Size
X-Cache-Rule
X-Cache-Operation
X-Site-Version
X-GeoCode
Content-Secure-Policy
X-GeoCountry
Rendered-Blocks
Redirect-Candidate
X-Cache-NE
Cluster
X-Bc-Bl
X-GeoIP
X-BCube-Filmed-By
X-Vmg-Version
X-A-Dcw
Candidate-Md5Url
X-A-Dam
Producers
X-Ig-Origin-Region
X-A-Dgt
DCR-Processing-Time-Ms
X-Ig-Push-State
X-GeoIP-City
X-Cache-Aspx
X-A-Wwc
DCR-Decision-By
Azure-InstanceId
X-Conf
X-Developer
X-Depends
Cdncip
X-DPWN-IS-SECURE
Azure-SlotName
Cdnsip
X-DefHash
X-DefElseHash
X-Amz-Storage-Class
X-App-Name
X-D
X-Debug-Cache-Fetch
X-Debug-Cache-Store
Azure-Version
X-Ec-Fail
Azure-SiteName
X-Aed
Azure-RegionName
X-Contensis-Viewer-Groups
A
X-FC-Vary-Parameters
X-Aicache-OS
X-AK-Request-ID
BehaviorPad-Version
X-Ec-GeoHdr
X-Epic-Correlation-Id
X-INCAP-ABP
X-Cache-Info
X-Backend-Instance
Xc-Version
X-Platform-Server
Origin-Agent-Cluster
AMP-Access-Control-Allow-Source-Origin
XkeyRZ
We-Hiring
X-PAYTM-SRV-ID
Mail-Subject
X-Origin-Response-Time
X-Service
MD5-Digest
X-Path
Host-ID
X-Proxied-Request
X-Varnish-CookieHashed-On
X-Varnish-CookieINHashed-On
X-Scheme
X-ScT
Lang
X-Rojux
X-Request-Time
X-Varnish-Remaining-TTL
X-Proxy-CacheRZ
X-Varnish-Authentication
X-NGINX-Cache
Sslversion
X-We-Are-Hiring
X-Origin-Expires
X-A-Ccd
X-Internal-TTL
Fastly-GeoIP-CountryCode
X-Mvc-Supplant-OutputCached
X-Mvc-Supplant-Cachable
X-Jobs
Expect-Staple
X-Vdms-Version
X-Mly-Id
X-Loc
X-A
Gannett-Cam-Experience-Id
X-Org
Ngx.Var.Host
Cross-Origin-Opener-Policy-Report-Only
X-Vtex-Remote-Cache
Odigeo-Trace-Id
Meta-Geo-Continent
X-TIM-N
X-Bug-Bounty
Mime-Version
X-Optimistic-Header
X-Varnish-Beresp-Ttl
X-BBC-Edge-Cache-Status
X-Bl-Debug
X-Auto-Login
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
Tube-Get-Contents
X-B3-Trace-ID
X-Akamai-Device-Characteristics
RNT-Machine
X-Acquia-Purge-Cdn-Unconfigured
Release
Wxu-Next-Commit
Req-Svc-Chain
X-Accel-Expires-Debug
TDXMobile
Wxu-Next-Region
Wxu-Next-Hostname
Product
Web-Mar-Region
Tube-Return
X-Amz-Meta-Cb-Modifiedtime
Tube-Got-Results
Server-Host
User-Agent
RNT-Time
W
V-Age
Tube-Got-Eval
X-GeoIP-Country-Code
X-Section
X-SD-PageType
X-SB
X-Shield-Cache-Expires
X-Slack-Backend
X-Sn-Servicetimems
X-Slack-Shared-Secret-Outcome
X-Req
X-Proto
X-Origin-Time
X-Op-Id-All
X-Platform
X-Policy
X-Powered-By-VTEX-Cache
X-Pool
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-VTEX-Cache-Time
X-Varnishpool
X-VG-WebCache
X-Via-Fastly
X-VTEX-Cache-Server
X-Viewer-Country
X-VarnishDD-TTL
X-Varnish-Director
X-Wikidot-Backend
X-Tb-Optimization-Total-Bytes-Saved
X-Thinkindot-L3
X-UA-Device-Type
X-Var-Ttl
X-V-Cache
X-Nyt-Route
X-Node-Id
X-Dispatcher-Server
X-Date
X-Ec-Custom-Error
X-Edge-Server
X-Eu-Site
X-Esi-Check
X-Csrf-Jwt
X-Core-Value
X-Cache-Id
X-Cache-Grace
X-Cached-By
X-CacheTTL
X-Content-Age
X-CGP
X-Fastly-Backend
X-Fmm-Version
X-Human
X-HN
X-Wikidot-Static-Cache
X-Location
X-NMSegId
X-Micro-Cache
X-Hash
X-Gzip
X-Gdpr
X-Gamma-Serve
Origin
Yak-Timeinfo
X-GoCache-CacheStatus
X-GeoIP-Region-Code
X-Cache-Bucket
X-Access
Content-Style-Type
Debug
Content-Script-Type
X-Pad
Click-Count-Error
Esi-Enabled
Fastly-Backend-Name
L
HA-Ipaddr
Ha-Gx-Prefs
Gh-Request-Id
Click-Count-Action-Start
Cdn-Request-Time
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Apple-News-Services-Handled
X-ElasticPress-Query
Cache
Cdn-Host
Canary
Cache-Provider
Cache-Key
L5d-Success-Class
DSUID
NGX
PFcat
Platform
NM-Fastcgi-Cache
Origin-EX
Origin-CC
TP-L2-Cache
CDN-Cache
X-Block-Status
CDCHOST
CDN-CachedAt
CDN-RequestCountryCode
CDN-RequestPullCode
X-Hnp-Log
X-Request-Start
CDN-PullZone
Pramga
CDN-EdgeStorageId
X-Bip
X-Irp-Debug
X-Clientip
X-Newrelic-Synthetics
X-Cache-Hit
X-Content-Length
X-VG-TLSProxy
X-Varnish-Beresp-Status
X-Gen-Mode
X-HS-Content-Campaign-Id
Req-ID
X-SIPLIST1
X-Generated-On
X-Cache-FS-Status
CDN-RequestPullSuccess
X-Men
X-Level-Front-Cache
Ssr
X-CUA
X-Thanos
X-Server-IP
IsBot
X-NodeID
User-Cache-Control
X-Pubstack
Fastly-SSL
ServerName
Country-Code
X-AB-Test
CDN-Uid
X-Request-Host
X-Cdn-Srv
X-LiteSpeed-Tag
Akamai-Mon-Iucid-Del
X-HOST
Fl-Custom-Application
XM
X-ORCA-Accelerator
Sid
X-Api-Version
X-CACHE-GROUP
X-Varnish-Hits
X-LiteSpeed-Cache-Control
X-Cs
X-Dc
X-GEO
X-VServer
X-TA-CDN-Provider
X-LJ-Flow-ID
X-VWS-Id
X-AWS-Id
X-LB-NoCache
True-Client-Country-4JS
X-HS-CF-Cache-Status
X-Air-Pt
X-Refresh
X-HITS
X-Cache-Date
GeoIP-Latitude
X-Nananana
X-Test
X-Geolocation
CloudFront-Viewer-Country
X-Servedbyhost
Server-Ext
X-RequestId
Proxy-Firewall
X-Provided-By
Sever-Int
Server-Hostname
C-Via
Fastly-Drupal-HTML
Edge-Copy-Time
X-Application
X-APP
X-B-Cookie
X-External-Request-Id
X-Destination
X-Via-CDN
Is-Eu
X-IsAdmin
Adler-Geo
X-DC
X-Via-Edge
X-Via-SSL
X-Presslabs-Stats
X-S-Cookie
X-B3-Parentspanid
X-B3-Spanid
X-HA-Backend
X-Webkit-Csp-Report-Only
X-Nginx-Cache-Key
X-Zone
X-Dispatcher-Number
X-Zen-Fury
X-Via-Popn
X-Via-Poph
X-Via-Popv
S-Rt
X-LB-ID
WZWS-RAY
X-User
X-ZONE
X-Wa
X-Litespeed-Tag
X-Nc
Fastly-Drupal-Html
Cache-Tv-Group
X-Endurance-Cache-Level
T-Server
X-Custom-Header
HostName
X-Geo-Header
Server-ID
X-Tt-Logid
Cdn
Cdn-Requestid
X-DynaTrace-JS-Agent
X-CDN-Forward
X-AIR-PT
X-Oracle-Dms-Ecid
X-Pass-Why
X-COUNTRY
X-URL
X-ND-Cache
X-CS
Ohc-Cache-HIT
SID
X-Cache-Server
Vc-Max-Age
GeoIp-Country-Code
X-CMSURLCustom
X-HubSpot-Correlation-Id
X-Parent-Response-Time
X-Srv
X-CACHE-AGE
X-VC-TTL
WP-Super-Cache
X-Vgn-Hpd-Reason
X-DataCenter
X-Fpc
X-TH-Server
X-Moov-T
X-Moov-Xdn-Version
X-Moov-Xdn-Caching-Status
Resin-Trace
True-Client-IP
X-NewRelic-App-Data
Vix-Hermes-Req-Id
X-Old-Content-Length
Pics-Label
Powered-By
X-API-Version
X-Varnish-Beresp-TTL
X-Datadome
X-Fastly-Cache
SEZNAM-JOBS-OFFER
Uri
True-Client-Ip
X-Ckpd-Fst-Backend
X-Srcache-Fetch-Status
X-Srcache-Store-Status
Srv
X-APP-VERSION
On-Server
X-SERVER-NAME
X-Vercel-Cache
X-Action
X-FPC
X-Vercel-Id
GeoIP-Country-Code
X-TX-ID
Serverhost
ServerHost
Thinkindot-Control
X-Client-Ip
X-PHP-Backend
X-Stale
X-Cache-VC
AKAMAI
X-Amz-Meta-Opti
X-Thinkindot-L1
Location
X-Cache-TTL-Remaining
X-Air-Source
X-Air-Hostname
X-Air-Trace-Id
X-Dynatrace-Js-Agent
X-Oracle-Dms-Rid
N1-Cache
Server-Id
X-Country-Code-Real
X-FTR-Expires
X-FTR-Backend
X-FTR-Cache-Status
X-FTR-Backend-Server
X-FTR-Balancer
Av-Poweredby
Magicmarker
X-Debug-Service
X-Info
X-Cdn-Cache-Status
Hostname
Cl-Cache
Xkeylog
X-Datacenter
X-PERF
Xkey-La3
X-ApacheServer
X-NC
X-WA
X-Fastly-Backend-Reqs
X-Proxy-Cache-La3
X-Fastly-Cache-Status
Tcn
X-Vc
X-Resp-Is-Stale
X-V
X-Ssense-Gql
X-Ssense-Shipping-Surcharge-Enabled
X-Service-Response-Time
X-Litespeed-Cache-Control
Sm-Log-Id
X-Ee-Request-Date
X-Ee-Request-Id
X-Ee-Generated-By
X-WA-Info
X-Ee-Origin
X-CDN-Cache-Status
X-Geo
X-IAuth-Set-Uid
X-Cms-Device
X-Lb-Id
X-Udemy-Cache-App-Namespace
X-Vary-Devices
X-Save-Cache
X-VTEX-Cache-Backend-Connect-Time
X-Nitro-Cache
Time-Cloud-Cache
X-Render-Time
X-VTEX-Cache-Backend-Header-Time
Store-Cloud-Cache
CDN
X-Cache-Ttl
TWC-GeoIP-DMA
TWC-GeoIP-City
Cache-Hits
X-Eligible
X-New
X-Via-PopH
X-Github-Request-Id
TWC-GeoIP-Region
X-Uri
X-Rollout
X-Oracle-DMS-ECID
X-Via-PopV
X-Via-PopN
X-Ha-Backend
X-Esi
X-Ion-Healthy
X-Limited
X-Jungle-Id
Log-Origin
X-Ion-Hop
RewriteTestHook
Cloudfront-Viewer-Country
Cache-Contol
RewriteTeamHook
Machine
X-Forwarded-Site
X-VCL-Version
X-App
X-ServedByHost
X-Region-Sid
Geoip-Latitude
Server-Info
X-Akamai-Pragma-Client-IP
X-Ua
My-App
Cmstype
Cmsid
WWW-Authenticate
WebServer
Cneonction
X-Lb-Nocache
X-Traceid
X-Correlation-ID
CountryCode
X-From
X-Requestid
Cf-Ipcountry
X-Up
X-Container-Uri
Edge-Cache
X-LAGOON
X-Dw-Trace-Id
X-Git-Commit
X-Ftr-Request-Id
X-MSEdge-Features
Pragrma
X-MSEdge-Flight
X-EC-Lua
CacheControlHeader
Reporter
Lb
X-Cdn-Request-ID
X-Akamai-Transformed
X-SRCache-Key
X-Varnish-Hostname
Permission-Policy
X-HS-Status
X-Acquia-Site
X-Acquia-Purge-Tags
X-Acquia-Application-UUID
X-Acquia-Application-Trace
X-Serial
X-Check-Cacheable
X-Pod
FSS-Cache
X-Sucuri-Id
X-Platform-Router
X-Fastly-Cache-Hits
CF-Cached-On
X-BBC-Origin-Response-Status
X-Platform-Cluster
X-Tncms-Bot-Tier
X-Platform-Processor
X-Orig-Cache-Control
X-Elasticpress-Query
X-Ms-Lease-Status
X-Akamai-ERPolicy
X-Akamai-ERRuleID
X-Ramcache
Warning
PICS-Label
Timeexpire
X-Ms-Blob-Type