Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
X-Frame-Options
Expires
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
CF-Cache-Status
Cf-Request-Id
ETag
Accept-Ranges
Expect-CT
CF-RAY
Pragma
X-Powered-By
X-Cache
Via
Age
X-XSS-Protection
Content-Security-Policy
Report-To
Alt-Svc
NEL
Referrer-Policy
X-Xss-Protection
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
X-Served-By
X-Download-Options
P3P
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
CF-Ray
Accept-CH
Content-Security-Policy-Report-Only
P3p
X-Runtime
X-DNS-Prefetch-Control
X-AspNet-Version
X-Drupal-Cache
Server-Timing
X-Generator
X-Cache-Status
X-Cacheable
X-Envoy-Upstream-Service-Time
Timing-Allow-Origin
X-Request-ID
X-FRAME-OPTIONS
X-Iinfo
X-Drupal-Dynamic-Cache
Permissions-Policy
X-Content-Security-Policy
Access-Control-Expose-Headers
Feature-Policy
Upgrade
X-Check
Content-Encoding
Status
X-CDN
X-Ua-Compatible
X-AspNetMvc-Version
Access-Control-Max-Age
Host-Header
Cf-Edge-Cache
X-Robots-Tag
Request-Context
X-Amz-Request-Id
X-Amz-Id-2
X-Backend
X-Hacker
X-Turbo-Charged-By
Cf-Apo-Via
X-Cache-Group
X-Proxy-Cache
Keep-Alive
X-Via
X-Rq
X-Age
EagleId
X-Server
X-Dispatcher
X-UA-Device
X-Vhost
X-Amz-Version-Id
X-AH-Environment
X-Dns-Prefetch-Control
Accept-CH-Lifetime
X-Ws-Request-Id
X-Varnish-Cache
Grace
X-Server-Powered-By
X-WebKit-CSP
X-Pingback
X-Litespeed-Cache
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
Allow
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-Cache-Lookup
X-OneAgent-JS-Injection
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Page-Speed
X-Cloud-Trace-Context
X-Device
X-Backend-Server
EagleEye-TraceId
X-Akam-SW-Version
X-Host
Xkey
Surrogate-Control
X-Response-Time
Cf-Railgun
X-Readtime
X-LiteSpeed-Cache
X-Server-Id
X-Node
X-HW
Request-Id
X-Ruxit-JS-Agent
X-Country
X-Nginx-Cache-Status
X-Url
X-Content-Type
Cache-Tag
Content-Location
X-NWS-LOG-UUID
X-Application-Context
X-Nginx-Upstream-Cache-Status
X-Clacks-Overhead
Service-Worker-Allowed
X-Trace
Cross-Origin-Opener-Policy
Fastly-Restarts
X-Amz-Server-Side-Encryption
X-Country-Code
X-Rack-Cache
X-Times
X-Vname
X-PC
X-TtlSet
X-Mcache
X-Midtier
X-Edge
Rating
Surrogate-Key
X-Oneagent-Js-Injection
X-Browser-Type
X-Sol
X-Cache-TTL
X-Middleton-Display
Display
Pagespeed
X-Server-Name
X-Cnection
X-Element-Page-Cache
X-Abt-Application-Version
X-ESI
Nginx-Cache
X-Cdn-Fetch
X-Kinja-Revision
X-Kinja-Server
X-Kinja-Build
X-Kinja
X-Exp-Variant
X-GoogleNews-Bot
X-Exp-Id
X-Powered-By-Plesk
X-GitHub-Request-Id
X-Ser
Edge-Control
X-ECACHE
Verso
X-D2id
X-Ac
X-Vcap-Request-Id
X-MS-InvokeApp
X-Client-IP
X-ARC
X-Dw-Request-Base-Id
X-ORACLE-DMS-RID
X-B3-TraceId
X-Amz-Rid
Response
X-Middleton-Response
X-CST
X-Powered-CMS
X-Navigation-Version
X-Goog-Hash
X-Daa-Tunnel
X-Upstream
X-Kinsta-Cache
X-Edge-Location-Klb
X-Instrumentation
X-Kraken-Loop-Name
X-PDP-UNCACHING-HASH
X-Server-Lifecycle-Phase
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Wormhole-Sdk
X-Forwarded-For
X-Amzn-Trace-Id
X-NF-Request-ID
Accept-Ch-Lifetime
X-Cache-Key
X-Ua-Device
RTSS
X-Ratelimit-Limit
X-FastCGI-Cache
AR-PoweredBy
AR-Request-ID
AR-SID
AR-ATIME
SPIisLatency
SPRequestDuration
X-Ruxit-Js-Agent
X-Mod-Pagespeed
Edge-Cache-Tag
X-Ratelimit-Remaining
Cache-Status
X-Server-ID
Public-Key-Pins
X-Version
X-Ttl
X-Mg-S
X-ORACLE-DMS-ECID
X-Ezoic-Cdn
X-Content-Digest
AR-CACHE
SPRequestGuid
X-SharePointHealthScore
X-Varnish-TTL
Realpath
Cross-Origin-Resource-Policy
S
X-Fastly-Request-ID
X-Shield-Request-Id
X-T
X-MSEdge-Ref
Fastcgi-Cache
X-Cached
X-Recruiting
X-Accel-Expires
X-Distributor
Front-End-Https
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
Access-Control-Request-Method
TP-Cache
X-Newrelic-App-Data
X-Request-Received
X-Correlation-Id
X-Request-Processing-Time
X-Debug
MicrosoftSharePointTeamServices
X-Ua-Browser
X-Azure-Ref
Count-Hit
X-Id
X-TTL
Arr-Disable-Session-Affinity
X-HS-Cache-Config
X-HS-Content-Id
X-HS-Hub-Id
Server-Node
X-LLID
X-Content-Security-Policy-Report-Only
X-VARITI-CCR
Cache-Tags
X-HS-Combine-CSS
X-Frontend
Origin-Trial
X-Cluster-Name
X-Ismobilevalue
X-PressLabs-Stats
Payment
X-GUploader-UploadID
Pinterest-Version
Pinterest-Generated-By
X-Amz-Replication-Status
X-Pinterest-Rid
X-Hits
X-Varnish-Backend
X-LB-Cache
Accept-Ch
X-Goog-Metageneration
X-Request-Handler-Origin-Region
X-Microsite
X-Unique-Id
X-Forwarded-Proto
X-Protected-By
Cleartype
X-Git-Hash
Host
X-FB-Debug
X-Varnish-Server
X-Logged-In
X-NGENIX-Cache
X-Ratelimit-Reset
X-Www-Served-By
Filterid
Content-Disposition
X-AppVersion
X-Az
X-Activity-Id
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Hostname
X-App-Server
X-Amz-Apigw-Id
X-DIS-Request-ID
X-Page-Id
X-Amzn-RequestId
X-Jurisdiction
X-Cambria-Cache-Control
X-HP-Webp
X-HP-Trace-Id
Akamai-GRN
X-Geo-Country
MRF-Tech
X-B3-TraceId-Primal
Mrf-Cache-Status
X-Xrds-Location
X-Nf-Request-Id
X-Template
Access-Control-Allow-Method
X-Origin-Server
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Load-Cache
X-Upgrade-Enabled
Retry-After
X-Aspnet-Version
X-Goog-Storage-Class
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
Frame-Options
X-Type
MS-Author-Via
Section-Io-Cache
Fastly-SIE
X-ASPNET-VERSION
Fastly-SWR
Viewport
Accept-Charset
X-Fastcgi-Cache
X-TT
X-Content-Options
Version
X-Fb-Rlafr
X-Cache-Control
Content-MD5
X-Grace
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
X-B3-Sampled
X-B
X-Ah-Environment
X-Rid
Amp-Access-Control-Allow-Source-Origin
X-Request-Guid
X-RateLimit-Remaining
X-Envoy-Decorator-Operation
X-Vcl-Version
X-Trace-Id
X-Revision
X-FTR-Request-ID
X-Source
X-Varnish-Ttl
X-Device-Type
X-SRCache-Store-Status
X-SRCache-Fetch-Status
Healthy
X-Cdn
Server-Name
X-Magnolia-Registration
X-Origin-Cache
X-Amz-Meta-S3cmd-Attrs
X-Language
Trailer
X-Contextid
X-CSRF-Token
X-Cache-Age
X-Mobile
X-Buckets
X-WP-CF-Super-Cache-Active
X-Px
X-Aspnetmvc-Version
X-Webkit-CSP
X-Backend-Name
X-Proxy
X-Tumblr-Pixel-0
X-Status
X-Tumblr-Pixel
X-ProcessESI
X-RemovedCookies
X-RM-Cache-TTL
X-Akamai-Edgescape
X-Tumblr-Pixel-1
X-Tumblr-User
X-App-Environment
X-Rule
X-Debug-Info
X-Instance
X-Framework
X-Mg-Request-UUID
X-NYM-Debug-Backend
X-Environment-Context
TCN
X-L-Path
X-Varnish-Grace
NGB
GEO-INFO
SD-X-WS
X-Debug-IsConnected
X-FW-Version
X-FW-Type
X-G
X-ServerID
X-Storage
X-FW-Static
X-FW-Server
X-Debug-IsPreview
X-Adobe-Loc
X-FW-Dynamic
X-FW-Hash
X-FW-Serve
X-Adobe-Content
X-HTML-Minification-Powered-By
DC
X-Is-Bot
X-UUID
X-Cacheable-TTL
X-Content-Powered-By
Cross-Origin-Window-Policy
Access-Control-Request-Headers
X-Rendered-As
X-Region
X-Proxy-Cache-Info
MS-CV
X-EdgeConnect-Cache-Status
X-Datadog-Sampling-Priority
X-RTag
X-Node-Name
X-Datadog-Trace-Id
X-Datadog-Sampled
X-Datadog-Parent-Id
Ms-Operation-Id
X-Seen-By
X-Yottaa-Metrics
X-Cache-Time
X-Yottaa-Optimizations
X-Edge-Location
Upgrade-Insecure-Requests
X-HS-Prerendered
Paypal-Debug-Id
Charset
X-Tec-Api-Origin
X-Tec-Api-Version
X-Tec-Api-Root
Protected
X-User-Agent
Webserver
X-Whom
Countrycode
OT-Force-Account-Verify
Front
X-TT-LOGID
X-Lambda-Id
Refresh
Section-Io-Id
X-WebKit-CSP-Report-Only
Cross-Origin-Embedder-Policy-Report-Only
X-Reqid
X-IPS-LoggedIn
X-TraceId
X-Original-Request-Id
X-Response-Served-From
Priority
Alternate-Protocol
SRV
X-Amzn-Remapped-Content-Length
X-VC
X-AB
X-VHOST
X-ECache
X-Akamai-Request-ID2
X-N
X-Cache-Status-Check
Country
X-Time
X-Server-W
Xet-Cookie
Backend
X-B3-SpanId
X-B3-Traceid
X-WP-CF-Super-Cache-Cookies-Bypass
Liferay-Portal
X-Hl-Ver
X-CCDN-Origin-Time
X-CCDN-CacheTTL
X-Hcs-Proxy-Type
X-Real-IP
X-Mode
Onion-Location
Environment
Property-Id
TWC-GeoIP-LatLong
TWC-GeoIP-Country
X-Rn-Rsrv
X-SaId
X-Rewrite-Enabled
TWC-Locale-Group
X-Origin-Date
X-JoinUs
X-Origin-Hint
TWC-Connection-Speed
TWC-Device-Class
X-Format
X-Cache-Expired-At
X-VC-Cache
X-Cache-Host
Webcakes-Region
Webcakes-App-Version
Fastcgi-Useragent
Webcakes-App-Name
TWC-Privacy
X-FB-TRIP-ID
X-Scope-Id
From-Origin
Meta-Geo
X-Tumblr-Pixel-2
X-UPSTREAM-Address
X-Fetched-On
Filters
ServerID
X-Cluster-Node
X-Cache-Action
X-Connection-Hash
X-Forwarded-Host
X-Frame-Option
X-Accel-Version
X-XRDS-Location
Expiry
Mn-Server-Ip
Uber-Trace-Id
Web-Mar-Node
X-Hosted-By
X-IPLB-Instance
X-SayCDN-TTL
X-Say-TTL
X-Skip-Cache
X-Web-Node
X-Webstats-RespID
X-Say-Cacheable
X-Restarts
X-IPLB-Request-ID
X-R9-Blue-Green-Version
X-Redis-Cache
X-Request-URI
X-Tb
DB-Nickname
Accept-Language
X-Director
X-Soup
X-PHP-Host
X-ProxyCache-Key
X-Varnish-Beresp-Grace
X-Cms-Context
X-Adobe-Source
X-BYPASS-REASON
X-ProxyCache-Status
X-Handled-By
X-Varnish-Cache-Hits
X-Varnish-Age
X-Labrador-Cache-Channel
Apigw-Requestid
X-Tncms
X-Cluster
X-Origin-TTL
X-Auth-Group-Type
X-Logging-Id
X-Served-From
X-Origin-CC
X-Loop
ServedBy
X-Rocket-Nginx-Serving-Static
X-Httpd
Atl-Traceid
X-Vcache
X-Detected-As
X-S
Url
X-Servername
X-Wix-Request-Id
VIX-Pulpo-Upstream-Status
X-Cloudmap
X-Hit
X-Generated-By
X-LSADC-Cache
Cross-Origin-Embedder-Policy
X-SRV
VIX-Pulpo-Node
X-Proxied
X-Zipkin-Id
X-Routing-Service
X-Fastly-Request-Id
X-Extlb
X-Timing-Wait
Referer-Policy
X-Proxy-Build
Selected-Fe
N-Cache
X-Origin
X-DynaTrace
X-Lagoon
Xserver
X-Ms-Version
X-Ms-Request-Id
X-Tumblr-Pixel-3
X-DataDome
X-Nginx-Cache
X-Xfnlog-Site
X-Via-JSL
X-Azure-Ref-OriginShield
X-Webkit-Csp
Source
LB
X-NWS-UUID-VERIFY
WPO-Cache-Status
WPO-Cache-Message
X-Worker
X-App-Version
Surrogated-Key
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-RCS-CacheZone
X-Cache-Debug
CF-IPCountry
X-Generation-Time
Cross-Origin-Opener-Policy-Report-Only
X-Sucuri-Cache
X-Proxy-Cache-Status
Ohc-File-Size
X-F-Cache
X-VCT
X-UA
X-Tcp-Rtt
X-Browser-Name
X-Upstream-Ht
X-Geo-Region
X-Cdn-Origin
X-Is-Desktop
X-Drupal-Cache-Tags
X-Drupal-Cache-Contexts
X-Is-Supported-Browser
X-Is-Mobile
X-Sucuri-ID
X-Upstream-Ct
Node
X-Is-Tablet
X-No-Session
X-Urbn-Site-Id
Locale
X-Urbn-Context-Path
X-NGINX-Cache
CDN-RequestId
X-B-Cache
X-Signature
X-MP-GENERATED-AT
X-Varnish-Beresp-Ttl
X-RateLimit-Limit
AMP-Access-Control-Allow-Source-Origin
X-NODE
X-Storefront-Renderer-Rendered
X-ShardId
X-ShopId
X-Shopify-Stage
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Tx-Id
X-Alternate-Cache-Key
X-HS-CF-Cache-Status
X-Cache-Hit
X-Service
X-ElasticPress-Query
X-Locale
X-Cache-Operation
X-RID
Cdncip
Host-ID
Cdnsip
X-Varnish-Authentication
X-Debug-Cache-Store
X-Ig-Origin-Region
X-DefElseHash
X-Varnish-CookieHashed-On
HA-Ipaddr
X-INCAP-ABP
X-Ig-Push-State
X-Varnish-CookieINHashed-On
Expect-Staple
X-Mly-Id
Ha-Gx-Prefs
X-Mvc-Supplant-Cachable
Xc-Version
X-Ec-GeoHdr
Sslversion
X-Cache-Rule
X-D
X-Debug-Cache-Fetch
X-DefHash
X-Csrf-Jwt
X-Loc
X-Jobs
Redirect-Candidate
Odigeo-Trace-Id
Lang
Origin
L5d-Success-Class
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
BehaviorPad-Version
Ngx.Var.Host
Mail-Subject
X-Ec-Fail
Candidate-Md5Url
MD5-Digest
Meta-Geo-Continent
Cache-Provider
Apple-News-Services-Host
Apple-News-Services-Handled
X-VarnishDD-TTL
Producers
X-HN
X-Depends
Thinkindot-CacheControl
X-Varnish-Remaining-TTL
X-Vdms-Version
X-Developer
X-GeoCountry
X-GeoCode
PFcat
X-GeoIP
X-DPWN-IS-SECURE
X-GeoIP-City
Rendered-Blocks
TDXMobile
X-Akamai-Device-Characteristics
X-AK-Request-ID
Content-Secure-Policy
X-Platform-Server
X-App-Name
X-Cache-Info
X-Cache-NE
X-Eu-Site
Thinkindot-CacheControl-Type
X-Rojux
X-Aed
X-Aicache-OS
X-Origin-Expires
X-Vmg-Version
DCR-Decision-By
X-Vtex-Remote-Cache
X-Path
X-FC-Vary-Parameters
X-PAYTM-SRV-ID
X-Bug-Bounty
Fastly-Backend-Name
X-Cache-Aspx
X-BCube-Filmed-By
X-Origin-Time
X-Backend-Instance
DCR-Processing-Time-Ms
Fastly-GeoIP-CountryCode
X-Proxied-Request
X-Bc-Bl
X-Proto
X-AB-Test
X-Access
Wxu-Next-Hostname
Wxu-Next-Commit
Wxu-Next-Region
X-Conf
User-Agent
X-Nyt-Route
Cluster
X-CGP
X-Thinkindot-L3
W
X-TA-CDN-Provider
We-Hiring
X-Op-Id-All
X-A
X-Section
X-Gdpr
X-A-Dam
X-A-Dcw
X-ScT
X-A-Wwc
X-A-Dgt
X-Contensis-Viewer-Groups
X-A-Ccd
X-Shield-Cache-Expires
X-Org
X-TIM-N
Akamai-Mon-Iucid-Del
Cache
X-Litespeed-Tag
X-Site-Version
Mime-Version
Gh-Request-Id
L
X-Edge-Server
X-Epic-Correlation-Id
IsBot
X-Esi-Check
Gannett-Cam-Experience-Id
Fastly-SSL
X-VG-WebCache
X-Amz-Meta-Cb-Modifiedtime
X-Amz-Storage-Class
X-Cached-By
X-Cdn-Srv
Web-Mar-Region
X-Cache-Id
X-Auto-Login
X-Cache-Bucket
X-Bl-Debug
X-BBC-Edge-Cache-Status
X-B3-Trace-ID
X-Content-Age
X-Content-Length
Platform
X-Dispatcher-Server
Origin-EX
Origin-CC
Origin-Agent-Cluster
Product
Req-Svc-Chain
X-Core-Value
Server-Host
RNT-Time
RNT-Machine
NM-Fastcgi-Cache
Cdn-Host
X-NMSegId
X-UA-Device-Type
X-Cache-Grace
X-Platform
X-ORCA-Accelerator
X-Tb-Optimization-Total-Bytes-Saved
X-NodeID
X-Mvc-Supplant-OutputCached
X-Micro-Cache
X-Internal-TTL
X-Varnish-Director
X-HS-Content-Campaign-Id
X-Var-Ttl
X-Via-Fastly
Esi-Enabled
X-Location
X-Sn-Servicetimems
X-Slack-Shared-Secret-Outcome
X-VTEX-Cache-Server
X-Pad
X-Req
X-VTEX-Cache-Time
X-Origin-Response-Time
X-Powered-By-VTEX-Cache
X-We-Are-Hiring
X-Policy
X-Request-Time
X-Viewer-Country
X-SIPLIST1
X-Slack-Backend
X-SD-PageType
X-Scheme
X-SB
Fl-Custom-Application
X-Gzip
X-Level-Front-Cache
Azure-SlotName
Azure-SiteName
Azure-RegionName
Content-Script-Type
Azure-Version
X-Generated-On
CDCHOST
Canary
Cdn-Request-Time
Cache-Key
Content-Style-Type
Azure-InstanceId
X-GeoIP-Region-Code
Debug
X-Fmm-Version
X-GeoIP-Country-Code
X-XRDS-LOCATION
CDN-Uid
CDN-RequestCountryCode
CDN-RequestPullCode
CDN-RequestPullSuccess
X-Server-IP
X-Wikidot-Backend
X-Pool
CDN-CachedAt
X-Fastly-Backend
CDN-EdgeStorageId
CDN-PullZone
X-Accel-Expires-Debug
X-Proxy-CacheRZ
X-Block-Status
X-CacheTTL
Click-Count-Error
X-Gamma-Serve
Click-Count-Action-Start
CDN-Cache
XkeyRZ
XM
X-Acquia-Purge-Cdn-Unconfigured
X-Pubstack
X-Gen-Mode
X-Clientip
X-VG-TLSProxy
X-Varnish-Beresp-Status
X-Irp-Debug
X-Wikidot-Static-Cache
X-V-Cache
X-Date
X-Cache-FS-Status
X-Cdn-Forward
X-Hash
X-Varnishpool
X-Hnp-Log
X-GoCache-CacheStatus
X-Human
Release
X-SVT-ORM-RULES
X-CUA
User-Cache-Control
X-Node-Id
V-Age
Pramga
X-SVT-ORM-VERSION
X-Thanos
Tube-Return
Tube-Got-Results
X-Ec-Custom-Error
A
NGX
Tube-Get-Contents
X-Bip
Tube-Got-Eval
X-COUNTRY
X-Men
X-LB-NoCache
X-Varnish-Hits
X-VServer
X-Request-Start
X-Request-Host
Yak-Timeinfo
ServerName
DSUID
Country-Code
Ssr
X-HITS
Req-ID
X-URL
X-Newrelic-Synthetics
X-HOST
X-Geolocation
X-Optimistic-Header
TP-L2-Cache
Sid
X-Application
X-S-Cookie
X-External-Request-Id
X-CACHE-GROUP
X-Destination
X-B-Cookie
X-Cache-Date
X-FTR-Balancer
X-FTR-Expires
X-FTR-Backend-Server
X-Country-Code-Real
X-FTR-Cache-Status
X-Refresh
X-FTR-Backend
X-Dc
X-IsAdmin
Cdn-Requestid
X-CDN-Forward
X-Cs
Edge-Copy-Time
X-Api-Version
X-GEO
X-Nananana
X-Via-CDN
X-Zen-Fury
X-Via-SSL
X-APP
X-Via-Edge
X-CLOUD-TRACE-CONTEXT
X-Servedbyhost
CloudFront-Viewer-Country
X-User
Proxy-Firewall
Fastly-Drupal-HTML
X-Oracle-Dms-Ecid
X-AIR-PT
Ohc-Cache-HIT
True-Client-Country-4JS
X-DC
X-Presslabs-Stats
C-Via
Server-ID
GeoIP-Latitude
X-RequestId
Fastly-Drupal-Html
X-Endurance-Cache-Level
X-VC-TTL
X-ZONE
X-Via-Poph
X-Via-Popv
X-Via-Popn
X-LJ-Flow-ID
X-B3-Spanid
X-AWS-Id
X-VWS-Id
X-Test
X-HA-Backend
Server-Ext
Server-Hostname
Sever-Int
X-LiteSpeed-Cache-Control
Is-Eu
X-Nc
X-LiteSpeed-Tag
X-CACHE-AGE
Adler-Geo
X-Provided-By
X-Wa
X-LB-ID
X-Air-Pt
X-Zone
X-DynaTrace-JS-Agent
X-Nginx-Cache-Key
X-Dispatcher-Number
X-Resp-Is-Stale
X-Webkit-Csp-Report-Only
GeoIp-Country-Code
HostName
X-Vgn-Hpd-Reason
X-B3-Parentspanid
X-CS
X-Tt-Logid
Cdn
X-Datadome
X-SERVER-NAME
X-TH-Server
X-Pass-Why
WZWS-RAY
WP-Super-Cache
S-Rt
X-Moov-Xdn-Version
X-Moov-T
X-Old-Content-Length
X-Moov-Xdn-Caching-Status
X-Custom-Header
X-API-Version
X-Geo-Header
T-Server
Cache-Tv-Group
X-Srv
X-HubSpot-Correlation-Id
True-Client-IP
X-Fpc
X-ND-Cache
X-DataCenter
X-Parent-Response-Time
SID
X-NewRelic-App-Data
X-CMSURLCustom
Vc-Max-Age
X-Cache-Server
X-Thinkindot-L1
Location
Uri
X-Action
X-Cache-VC
Tcn
Resin-Trace
Pics-Label
SEZNAM-JOBS-OFFER
Powered-By
X-Vercel-Cache
X-Vercel-Id
X-Litespeed-Cache-Control
X-TX-ID
X-Srcache-Fetch-Status
X-Srcache-Store-Status
True-Client-Ip
X-FPC
Vix-Hermes-Req-Id
N1-Cache
Serverhost
X-Ckpd-Fst-Backend
X-Fastly-Cache
X-Varnish-Beresp-TTL
X-Service-Response-Time
Sm-Log-Id
X-Client-Ip
X-Dynatrace-Js-Agent
X-PERF
On-Server
X-ApacheServer
GeoIP-Country-Code
X-Stale
Thinkindot-Control
X-Datacenter
X-Cache-TTL-Remaining
TWC-GeoIP-City
TWC-GeoIP-DMA
TWC-GeoIP-Region
Srv
X-Render-Time
Cache-Hits
Hostname
X-APP-VERSION
X-Oracle-Dms-Rid
ServerHost
X-Ua
X-Vc
X-Traceid
X-Debug-Service
X-Amz-Meta-Opti
AKAMAI
X-Uri
X-Cdn-Cache-Status
X-PHP-Backend
X-WA-Info
X-Nitro-Cache
X-Fastly-Cache-Status
X-NC
Av-Poweredby
X-WA
X-Ssense-Gql
X-Ssense-Shipping-Surcharge-Enabled
Geoip-Latitude
Xkey-La3
X-Air-Trace-Id
X-Proxy-Cache-La3
X-Air-Source
RewriteTeamHook
X-Lb-Id
X-Ion-Hop
X-Air-Hostname
X-Ion-Healthy
X-Jungle-Id
RewriteTestHook
Log-Origin
Server-Id
Cache-Contol
Lb
Xkeylog
My-App
X-Geo
Store-Cloud-Cache
X-Udemy-Cache-App-Namespace
X-Fastly-Backend-Reqs
Cf-Ipcountry
Magicmarker
X-Vary-Devices
X-Save-Cache
X-VTEX-Cache-Backend-Header-Time
X-VTEX-Cache-Backend-Connect-Time
X-Ee-Request-Id
X-Cms-Device
X-Ee-Generated-By
X-Ee-Origin
X-Info
Time-Cloud-Cache
X-Ee-Request-Date
Cl-Cache
X-Cache-Ttl
X-Requestid
X-Ha-Backend
Cmsid
X-From
X-Via-PopH
X-Via-PopN
X-Github-Request-Id
X-ServedByHost
X-Via-PopV
X-Oracle-DMS-ECID
X-Up
Cloudfront-Viewer-Country
Cmstype
X-Esi
X-VCL-Version
CacheControlHeader
X-IAuth-Set-Uid
CountryCode
X-Akamai-Pragma-Client-IP
X-App
X-CDN-Cache-Status
X-Wp-Cf-Super-Cache
X-Wp-Cf-Super-Cache-Cache-Control
CDN
X-V
X-Eligible
X-Rollout
WebServer
X-Limited
WWW-Authenticate
X-New
X-Correlation-ID
X-Dw-Trace-Id
Cneonction
X-LAGOON
X-Region-Sid
Warning
X-Forwarded-Site
X-MSEdge-Flight
Machine
X-MSEdge-Features
X-HS-Status
Reporter
X-Lb-Nocache
X-Acquia-Application-UUID
FSS-Cache
X-Serial
X-Check-Cacheable
X-Acquia-Site
X-Acquia-Purge-Tags
X-Acquia-Application-Trace
Pragrma
Server-Info
Wpo-Cache-Status
X-Akamai-Transformed
X-Pod
Wpo-Cache-Message
X-Sucuri-Id
NtCoent-Length
X-Td-Header-From-No-Data
X-Elasticpress-Query
X-BBC-Origin-Response-Status
Thinkindot-Cache-Type
X-Web-Server
X-Platform-Cluster
Edge-Cache
X-EC-Lua
X-Platform-Router
X-Platform-Processor
CF-Cached-On
X-Ftr-Request-Id
X-Ramcache
X-Ms-Blob-Type
X-Akamai-ERPolicy
X-Akamai-ERRuleID
Timeexpire
X-Cdn-Request-ID
X-Ms-Lease-Status
X-Tncms-Bot-Tier
X-Orig-Cache-Control