Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
X-Frame-Options
Expires
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
CF-Cache-Status
Cf-Request-Id
ETag
Accept-Ranges
Expect-CT
CF-RAY
Pragma
X-Powered-By
X-Cache
Via
Age
X-XSS-Protection
Content-Security-Policy
Report-To
Alt-Svc
NEL
Referrer-Policy
Access-Control-Allow-Origin
X-Xss-Protection
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
X-Served-By
X-Download-Options
P3P
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
CF-Ray
Content-Security-Policy-Report-Only
X-Runtime
X-DNS-Prefetch-Control
P3p
X-AspNet-Version
X-Drupal-Cache
Server-Timing
X-Generator
X-Cache-Status
X-Cacheable
Accept-CH
X-Envoy-Upstream-Service-Time
X-Request-ID
X-FRAME-OPTIONS
Timing-Allow-Origin
X-Iinfo
X-Drupal-Dynamic-Cache
Permissions-Policy
X-Content-Security-Policy
Access-Control-Expose-Headers
Feature-Policy
X-Check
Upgrade
Content-Encoding
Status
X-CDN
X-Ua-Compatible
X-AspNetMvc-Version
Access-Control-Max-Age
Host-Header
Cf-Edge-Cache
Request-Context
X-Robots-Tag
X-Amz-Request-Id
X-Amz-Id-2
X-Backend
X-Hacker
X-Turbo-Charged-By
Cf-Apo-Via
X-Cache-Group
X-Proxy-Cache
Keep-Alive
X-Via
X-Rq
X-Age
EagleId
X-Server
X-Dispatcher
X-UA-Device
X-Vhost
X-Amz-Version-Id
X-AH-Environment
X-Ws-Request-Id
X-Dns-Prefetch-Control
Accept-CH-Lifetime
X-Varnish-Cache
Grace
X-Server-Powered-By
X-WebKit-CSP
Allow
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Pingback
X-Swift-CacheTime
X-Swift-SaveTime
X-Litespeed-Cache
X-Cache-Lookup
X-OneAgent-JS-Injection
Ali-Swift-Global-Savetime
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Page-Speed
X-Cloud-Trace-Context
X-Device
X-Backend-Server
EagleEye-TraceId
X-Akam-SW-Version
X-Host
Surrogate-Control
X-Response-Time
Xkey
Cf-Railgun
X-LiteSpeed-Cache
X-Readtime
X-Node
X-HW
X-Server-Id
Request-Id
X-Ruxit-JS-Agent
X-Country
X-Url
X-Nginx-Cache-Status
X-Content-Type
X-NWS-LOG-UUID
Cache-Tag
X-Application-Context
Content-Location
X-Nginx-Upstream-Cache-Status
X-Clacks-Overhead
Service-Worker-Allowed
X-Trace
X-Amz-Server-Side-Encryption
Cross-Origin-Opener-Policy
Fastly-Restarts
X-Times
X-Country-Code
X-Rack-Cache
X-TtlSet
X-PC
X-Vname
X-Midtier
X-Edge
X-Mcache
Rating
Surrogate-Key
X-Server-Name
X-Browser-Type
Pagespeed
X-Sol
X-Middleton-Display
Display
X-Cache-TTL
X-Cnection
X-Abt-Application-Version
X-Element-Page-Cache
X-Kinja-Server
X-Kinja-Revision
X-Cdn-Fetch
X-GoogleNews-Bot
X-Kinja
X-Kinja-Build
X-Exp-Variant
X-Exp-Id
X-ESI
Nginx-Cache
X-Oneagent-Js-Injection
X-Powered-By-Plesk
X-Ser
X-GitHub-Request-Id
Edge-Control
X-ECACHE
X-D2id
Verso
X-Ac
X-Vcap-Request-Id
X-MS-InvokeApp
X-Client-IP
X-Dw-Request-Base-Id
X-ARC
X-ORACLE-DMS-RID
X-B3-TraceId
X-CST
X-Amz-Rid
X-Middleton-Response
Response
X-Daa-Tunnel
X-Powered-CMS
X-Navigation-Version
X-Goog-Hash
X-Upstream
X-Edge-Location-Klb
X-Kraken-Loop-Name
X-Erf-Bev-Bev-Is-Generated
X-PDP-UNCACHING-HASH
X-Kinsta-Cache
X-Instrumentation
X-Erf-Bev-Bev
X-Server-Lifecycle-Phase
Accept-Ch-Lifetime
X-Wormhole-Sdk
X-Ua-Device
X-Forwarded-For
X-Amzn-Trace-Id
X-Ruxit-Js-Agent
X-Cache-Key
RTSS
X-NF-Request-ID
AR-ATIME
AR-PoweredBy
AR-Request-ID
AR-SID
X-Ratelimit-Limit
SPIisLatency
SPRequestDuration
X-Ratelimit-Remaining
X-FastCGI-Cache
X-Server-ID
X-Mod-Pagespeed
Edge-Cache-Tag
Cache-Status
Public-Key-Pins
X-Version
X-Ttl
X-Mg-S
X-Ezoic-Cdn
X-ORACLE-DMS-ECID
AR-CACHE
Cross-Origin-Resource-Policy
SPRequestGuid
X-SharePointHealthScore
X-Content-Digest
Realpath
S
X-Shield-Request-Id
X-T
X-Fastly-Request-ID
Fastcgi-Cache
X-MSEdge-Ref
X-Cached
X-Varnish-TTL
X-Recruiting
X-Accel-Expires
Front-End-Https
X-Distributor
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
Access-Control-Request-Method
X-TTL
X-Newrelic-App-Data
TP-Cache
Count-Hit
X-Correlation-Id
X-Debug
X-Request-Received
MicrosoftSharePointTeamServices
X-Id
X-Request-Processing-Time
Arr-Disable-Session-Affinity
X-HS-Content-Id
X-HS-Cache-Config
X-Azure-Ref
X-HS-Hub-Id
X-Ua-Browser
Server-Node
X-Content-Security-Policy-Report-Only
X-LLID
X-VARITI-CCR
X-Frontend
X-HS-Combine-CSS
Cache-Tags
X-PressLabs-Stats
X-Cluster-Name
X-Ismobilevalue
Origin-Trial
X-Hits
Accept-Ch
Payment
X-Amz-Replication-Status
X-GUploader-UploadID
X-Varnish-Backend
X-LB-Cache
X-Goog-Metageneration
X-Forwarded-Proto
X-Microsite
X-Protected-By
X-Request-Handler-Origin-Region
Host
X-Unique-Id
X-Pinterest-Rid
Pinterest-Version
Pinterest-Generated-By
X-FB-Debug
X-Logged-In
X-Git-Hash
X-Varnish-Server
X-Activity-Id
X-AppVersion
Filterid
Content-Disposition
X-Az
Cleartype
X-Www-Served-By
X-Ratelimit-Reset
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-NGENIX-Cache
X-Hostname
X-App-Server
X-Amzn-RequestId
X-DIS-Request-ID
X-Amz-Apigw-Id
X-HP-Webp
X-Cambria-Cache-Control
X-Page-Id
X-HP-Trace-Id
X-Jurisdiction
X-Nf-Request-Id
X-Xrds-Location
X-Geo-Country
MRF-Tech
Mrf-Cache-Status
X-B3-TraceId-Primal
Akamai-GRN
Access-Control-Allow-Method
X-Aspnet-Version
X-Load-Cache
X-WP-CF-Super-Cache
X-Template
X-Origin-Server
X-WP-CF-Super-Cache-Cache-Control
Retry-After
X-ASPNET-VERSION
X-Fastcgi-Cache
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Upgrade-Enabled
X-Goog-Storage-Class
X-Varnish-Ttl
Frame-Options
X-Type
X-Ah-Environment
MS-Author-Via
X-Content-Options
X-Fb-Rlafr
X-TT
Fastly-SIE
Accept-Charset
Version
Fastly-SWR
Section-Io-Cache
Viewport
X-Cache-Control
X-B3-Sampled
X-B
Content-MD5
X-Grace
X-TEC-API-ORIGIN
X-TEC-API-VERSION
Amp-Access-Control-Allow-Source-Origin
X-TEC-API-ROOT
X-Rid
X-Request-Guid
X-Trace-Id
X-Revision
X-Envoy-Decorator-Operation
X-Cdn
X-Device-Type
Healthy
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Source
X-Magnolia-Registration
X-Origin-Cache
X-Vcl-Version
X-RateLimit-Remaining
X-Amz-Meta-S3cmd-Attrs
X-Cache-Age
Server-Name
X-Contextid
X-Webkit-CSP
X-Aspnetmvc-Version
X-CSRF-Token
X-Language
X-WP-CF-Super-Cache-Active
X-Tec-Api-Root
X-Tec-Api-Version
X-Px
X-Tec-Api-Origin
X-Mobile
X-Buckets
X-Backend-Name
TCN
Trailer
X-Akamai-Edgescape
X-Proxy
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
X-ProcessESI
X-Tumblr-User
X-RemovedCookies
X-Tumblr-Pixel
X-Rule
Access-Control-Request-Headers
X-RM-Cache-TTL
X-Status
X-Environment-Context
X-Region
X-Debug-Info
X-NYM-Debug-Backend
X-L-Path
X-G
X-Framework
X-Cacheable-TTL
X-App-Environment
X-FTR-Request-ID
X-Adobe-Content
X-Mg-Request-UUID
SD-X-WS
X-Node-Name
DC
X-ServerID
X-Storage
X-Varnish-Grace
Cross-Origin-Window-Policy
X-Instance
X-Content-Powered-By
X-UUID
X-Adobe-Loc
X-Debug-IsConnected
X-Debug-IsPreview
X-Seen-By
X-RTag
X-Datadog-Sampling-Priority
X-Datadog-Trace-Id
X-Datadog-Sampled
X-Datadog-Parent-Id
X-Proxy-Cache-Info
GEO-INFO
Ms-Operation-Id
MS-CV
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Cache-Time
NGB
X-FW-Static
X-Rendered-As
X-FW-Server
X-FW-Hash
X-Is-Bot
X-FW-Type
X-FW-Dynamic
X-FW-Version
X-FW-Serve
Upgrade-Insecure-Requests
X-EdgeConnect-Cache-Status
X-Edge-Location
X-HTML-Minification-Powered-By
X-HS-Prerendered
Charset
Paypal-Debug-Id
Protected
X-User-Agent
Countrycode
Webserver
X-Whom
Front
OT-Force-Account-Verify
X-Lambda-Id
X-WebKit-CSP-Report-Only
Section-Io-Id
Refresh
X-VC
X-TraceId
X-ECache
X-VHOST
X-TT-LOGID
X-Original-Request-Id
X-Response-Served-From
X-Reqid
Cross-Origin-Embedder-Policy-Report-Only
X-IPS-LoggedIn
Priority
SRV
X-Akamai-Request-ID2
X-Amzn-Remapped-Content-Length
X-AB
X-Cache-Status-Check
X-N
Country
Alternate-Protocol
X-B3-Traceid
X-Time
Xet-Cookie
X-WP-CF-Super-Cache-Cookies-Bypass
Backend
X-Server-W
X-Hcs-Proxy-Type
X-CCDN-Origin-Time
Liferay-Portal
X-Hl-Ver
X-CCDN-CacheTTL
X-Mode
X-Real-IP
X-B3-SpanId
Onion-Location
X-Origin-CC
TWC-Locale-Group
TWC-GeoIP-LatLong
TWC-Privacy
Webcakes-App-Name
Webcakes-Region
Webcakes-App-Version
TWC-GeoIP-Country
TWC-Connection-Speed
Filters
Fastcgi-Useragent
From-Origin
Meta-Geo
Property-Id
X-Auth-Group-Type
X-Cache-Expired-At
X-Skip-Cache
X-SaId
X-Tumblr-Pixel-2
X-UPSTREAM-Address
X-Origin-TTL
X-Web-Node
X-Rn-Rsrv
X-Rewrite-Enabled
X-Format
X-Fetched-On
X-JoinUs
X-Origin-Date
X-Origin-Hint
Environment
TWC-Device-Class
X-Nginx-Cache
ServerID
X-Tb
X-FB-TRIP-ID
DB-Nickname
X-Logging-Id
X-Accel-Version
X-Restarts
Uber-Trace-Id
Atl-Traceid
X-VC-Cache
X-Varnish-Cache-Hits
Expiry
X-IPLB-Request-ID
X-Webstats-RespID
X-IPLB-Instance
X-Say-Cacheable
X-Say-TTL
X-SayCDN-TTL
Accept-Language
X-R9-Blue-Green-Version
X-Connection-Hash
X-Forwarded-Host
X-Scope-Id
X-ProxyCache-Status
X-Varnish-Age
X-Cluster-Node
X-BYPASS-REASON
X-Request-URI
X-Cache-Action
X-Frame-Option
Mn-Server-Ip
X-Cache-Host
X-ProxyCache-Key
X-Soup
X-Httpd
X-Fastly-Request-Id
X-Handled-By
X-Redis-Cache
X-Cms-Context
X-Varnish-Beresp-Grace
X-Adobe-Source
Web-Mar-Node
X-Served-From
X-Hosted-By
Apigw-Requestid
X-Director
X-PHP-Host
X-Proxy-Build
X-Vcache
X-Labrador-Cache-Channel
X-Servername
Url
X-Cluster
X-Wix-Request-Id
Selected-Fe
ServedBy
X-Timing-Wait
X-Tncms
X-Loop
X-Detected-As
X-Extlb
X-Origin
X-Cloudmap
X-Generated-By
X-Proxied
X-Routing-Service
X-S
X-Rocket-Nginx-Serving-Static
X-Zipkin-Id
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-LSADC-Cache
Cross-Origin-Embedder-Policy
X-Hit
X-DataDome
N-Cache
X-XRDS-Location
Referer-Policy
Xserver
X-DynaTrace
X-Ms-Request-Id
X-Ms-Version
X-Tumblr-Pixel-3
X-Webkit-Csp
X-Via-JSL
X-Xfnlog-Site
X-SRV
X-Lagoon
WPO-Cache-Message
WPO-Cache-Status
LB
X-Azure-Ref-OriginShield
X-NWS-UUID-VERIFY
Source
X-Worker
CF-IPCountry
X-Cache-Debug
X-RateLimit-Limit-Second
X-App-Version
X-VCT
X-RateLimit-Remaining-Second
X-RCS-CacheZone
Surrogated-Key
X-Proxy-Cache-Status
X-Generation-Time
X-Upstream-Ht
X-Sucuri-Cache
X-Upstream-Ct
Cross-Origin-Opener-Policy-Report-Only
Node
X-Is-Mobile
X-Is-Supported-Browser
X-Is-Tablet
X-Tcp-Rtt
X-Geo-Region
X-Is-Desktop
X-F-Cache
X-Browser-Name
Ohc-File-Size
X-Cdn-Origin
X-Urbn-Site-Id
X-Urbn-Context-Path
X-No-Session
X-Sucuri-ID
Locale
X-Signature
X-RateLimit-Limit
X-B-Cache
X-UA
X-NODE
X-Varnish-Beresp-Ttl
X-MP-GENERATED-AT
X-Drupal-Cache-Contexts
X-Drupal-Cache-Tags
X-Tx-Id
CDN-RequestId
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Storefront-Renderer-Rendered
X-Shopify-Stage
X-RID
X-ShopId
X-Alternate-Cache-Key
X-ShardId
X-Service
X-Cache-Rule
X-ElasticPress-Query
X-HS-CF-Cache-Status
X-Cache-Operation
AMP-Access-Control-Allow-Source-Origin
Ngx.Var.Host
Meta-Geo-Continent
X-Shield-Cache-Expires
Origin-Agent-Cluster
X-Scheme
X-ScT
X-Rojux
X-Request-Time
X-Proto
X-Section
Rendered-Blocks
Origin
PFcat
Producers
Redirect-Candidate
Odigeo-Trace-Id
X-TIM-N
Cdnsip
Cdncip
Candidate-Md5Url
Cluster
Content-Secure-Policy
DCR-Decision-By
Xc-Version
Cache-Provider
BehaviorPad-Version
Azure-InstanceId
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Azure-RegionName
Azure-SiteName
Azure-Version
Azure-SlotName
DCR-Processing-Time-Ms
X-Vtex-Remote-Cache
L
X-Varnish-CookieINHashed-On
X-Varnish-Remaining-TTL
X-Varnish-CookieHashed-On
L5d-Success-Class
MD5-Digest
Lang
Host-ID
X-VarnishDD-TTL
Gannett-Cam-Experience-Id
Expect-Staple
X-Vmg-Version
Ha-Gx-Prefs
X-Vdms-Version
HA-Ipaddr
X-Thinkindot-L3
X-Org
X-Developer
X-DPWN-IS-SECURE
X-DefHash
X-Access
X-DefElseHash
X-Aed
X-AB-Test
X-A-Wwc
X-Ec-GeoHdr
X-Epic-Correlation-Id
X-A-Dam
X-Ec-Fail
X-A-Dgt
X-A-Dcw
X-D
X-Csrf-Jwt
X-Aicache-OS
X-Bc-Bl
X-App-Name
X-Amz-Storage-Class
X-Akamai-Device-Characteristics
X-AK-Request-ID
X-BCube-Filmed-By
X-Bug-Bounty
X-CGP
X-Conf
Apple-News-Services-Host
X-Cache-NE
X-Cache-Info
X-Eu-Site
X-FC-Vary-Parameters
X-Nyt-Route
X-Op-Id-All
W
Wxu-Next-Commit
X-Mly-Id
X-Mvc-Supplant-Cachable
Thinkindot-CacheControl-Type
X-Origin-Expires
X-Platform-Server
Thinkindot-CacheControl
X-PAYTM-SRV-ID
X-Origin-Time
X-Origin-Response-Time
X-Loc
Wxu-Next-Hostname
X-GeoIP-City
X-A-Ccd
X-GeoIP
X-GeoCountry
X-Gdpr
X-GeoCode
X-A
X-HN
X-Jobs
Wxu-Next-Region
X-Internal-TTL
X-Ig-Push-State
X-Ig-Origin-Region
TDXMobile
Sslversion
X-NGINX-Cache
Apple-News-Services-Handled
X-Site-Version
X-Locale
Cache
Akamai-Mon-Iucid-Del
X-XRDS-LOCATION
X-NMSegId
RNT-Time
X-Node-Id
Server-Host
X-Location
X-Human
Tube-Got-Eval
Tube-Got-Results
Tube-Get-Contents
X-HS-Content-Campaign-Id
X-INCAP-ABP
RNT-Machine
X-Level-Front-Cache
Req-Svc-Chain
Platform
X-Powered-By-VTEX-Cache
X-Proxied-Request
Origin-EX
X-Proxy-CacheRZ
Origin-CC
X-Pool
X-Policy
X-Cdn-Forward
Tube-Return
Release
X-Path
Product
X-Cached-By
X-NodeID
X-GoCache-CacheStatus
X-BBC-Edge-Cache-Status
X-Content-Length
X-Backend-Instance
X-Auto-Login
X-Debug-Cache-Fetch
X-Core-Value
X-Content-Age
X-Bl-Debug
X-Cdn-Srv
X-CacheTTL
X-Clientip
X-Cache-Bucket
X-Contensis-Viewer-Groups
X-Cache-Aspx
X-Amz-Meta-Cb-Modifiedtime
X-Debug-Cache-Store
X-Cache-Hit
X-Pad
X-Generated-On
We-Hiring
X-Hash
X-Req
X-Gamma-Serve
X-Fmm-Version
X-Dispatcher-Server
X-Depends
X-Ec-Custom-Error
X-Edge-Server
X-Fastly-Backend
X-Acquia-Purge-Cdn-Unconfigured
User-Agent
X-Platform
Fastly-GeoIP-CountryCode
Fastly-Backend-Name
X-VG-WebCache
X-We-Are-Hiring
Click-Count-Error
Click-Count-Action-Start
Content-Script-Type
Fastly-SSL
X-Via-Fastly
XkeyRZ
Esi-Enabled
X-Varnish-Authentication
CDCHOST
Content-Style-Type
Cdn-Host
X-Varnishpool
X-Varnish-Director
Cdn-Request-Time
DSUID
Canary
X-VTEX-Cache-Time
X-UA-Device-Type
X-V-Cache
X-SD-PageType
A
Yak-Timeinfo
X-Viewer-Country
Mail-Subject
X-SB
NM-Fastcgi-Cache
X-ORCA-Accelerator
NGX
Fl-Custom-Application
X-Slack-Backend
X-SIPLIST1
X-SVT-ORM-VERSION
X-VTEX-Cache-Server
X-SVT-ORM-RULES
X-Sn-Servicetimems
Gh-Request-Id
IsBot
X-Slack-Shared-Secret-Outcome
Mime-Version
CDN-EdgeStorageId
X-Esi-Check
CDN-RequestPullCode
CDN-RequestCountryCode
CDN-PullZone
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-Block-Status
XM
X-Cache-FS-Status
X-Cache-Id
X-Cache-Grace
CDN-RequestPullSuccess
X-Bip
X-CUA
X-Date
CDN-Cache
X-B3-Trace-ID
Cache-Key
CDN-CachedAt
X-Gzip
X-Men
X-Micro-Cache
ServerName
Ssr
X-Var-Ttl
X-Irp-Debug
X-Mvc-Supplant-OutputCached
X-Thanos
X-Request-Start
X-Request-Host
X-Server-IP
Pramga
X-Tb-Optimization-Total-Bytes-Saved
Req-ID
X-Hnp-Log
Debug
X-GeoIP-Region-Code
Web-Mar-Region
X-GeoIP-Country-Code
X-VG-TLSProxy
X-Accel-Expires-Debug
X-Gen-Mode
CDN-Uid
X-Pubstack
X-Varnish-Beresp-Status
Country-Code
User-Cache-Control
V-Age
Sid
X-TA-CDN-Provider
X-LB-NoCache
X-Varnish-Hits
X-Litespeed-Tag
X-HOST
X-Optimistic-Header
X-Newrelic-Synthetics
X-Cache-Date
TP-L2-Cache
X-CACHE-GROUP
X-VServer
X-Cs
Cdn-Requestid
X-Application
X-S-Cookie
X-B-Cookie
X-Geolocation
X-IsAdmin
X-External-Request-Id
X-Refresh
X-Destination
X-Api-Version
X-Dc
X-CLOUD-TRACE-CONTEXT
Edge-Copy-Time
CloudFront-Viewer-Country
X-Via-SSL
X-Servedbyhost
X-GEO
X-HITS
X-Zen-Fury
X-Oracle-Dms-Ecid
X-Via-Edge
X-Via-CDN
X-Nananana
X-CDN-Forward
Fastly-Drupal-HTML
X-LiteSpeed-Tag
Proxy-Firewall
X-RequestId
X-DC
X-User
True-Client-Country-4JS
X-APP
GeoIP-Latitude
X-ZONE
X-VWS-Id
X-Via-Poph
Sever-Int
X-Test
X-AIR-PT
X-Via-Popv
C-Via
X-Tt-Logid
X-B3-Spanid
X-Via-Popn
X-HA-Backend
Server-Hostname
Server-Ext
X-LiteSpeed-Cache-Control
Server-ID
X-LJ-Flow-ID
X-AWS-Id
X-Endurance-Cache-Level
Ohc-Cache-HIT
X-Provided-By
X-LB-ID
X-Nc
Fastly-Drupal-Html
Is-Eu
Adler-Geo
X-Wa
X-Air-Pt
X-VC-TTL
X-Country-Code-Real
X-FTR-Expires
X-FTR-Backend
X-FTR-Backend-Server
X-FTR-Cache-Status
X-Zone
X-FTR-Balancer
X-DynaTrace-JS-Agent
X-B3-Parentspanid
X-Nginx-Cache-Key
HostName
X-Webkit-Csp-Report-Only
X-Dispatcher-Number
X-Srv
X-Presslabs-Stats
Cdn
WZWS-RAY
X-URL
X-Vgn-Hpd-Reason
X-COUNTRY
X-TH-Server
X-CS
S-Rt
X-Moov-Xdn-Caching-Status
X-Pass-Why
WP-Super-Cache
X-Moov-Xdn-Version
X-Moov-T
X-Geo-Header
T-Server
X-Custom-Header
GeoIp-Country-Code
Cache-Tv-Group
X-CACHE-AGE
X-Old-Content-Length
X-ND-Cache
X-Fpc
X-Datadome
X-Parent-Response-Time
SID
X-HubSpot-Correlation-Id
X-API-Version
X-Cache-Server
X-CMSURLCustom
True-Client-IP
Vc-Max-Age
X-NewRelic-App-Data
X-DataCenter
X-Resp-Is-Stale
Resin-Trace
Pics-Label
X-Cache-VC
Location
Uri
SEZNAM-JOBS-OFFER
True-Client-Ip
X-Thinkindot-L1
X-Vercel-Cache
Powered-By
X-Vercel-Id
X-Srcache-Store-Status
X-Srcache-Fetch-Status
X-Action
Vix-Hermes-Req-Id
X-SERVER-NAME
Tcn
X-Ckpd-Fst-Backend
X-TX-ID
X-FPC
X-Litespeed-Cache-Control
X-Fastly-Cache
N1-Cache
Serverhost
GeoIP-Country-Code
X-Varnish-Beresp-TTL
X-Client-Ip
X-Stale
X-Datacenter
X-Cache-TTL-Remaining
On-Server
Thinkindot-Control
Sm-Log-Id
X-Dynatrace-Js-Agent
X-Service-Response-Time
X-PERF
Srv
ServerHost
X-Oracle-Dms-Rid
X-ApacheServer
X-APP-VERSION
X-Ua
Av-Poweredby
X-Cdn-Cache-Status
AKAMAI
X-Fastly-Cache-Status
X-Nitro-Cache
X-Render-Time
X-PHP-Backend
TWC-GeoIP-City
TWC-GeoIP-Region
X-Amz-Meta-Opti
X-Debug-Service
X-WA-Info
TWC-GeoIP-DMA
Hostname
Cache-Hits
X-Air-Trace-Id
X-Uri
X-Air-Hostname
X-NC
X-Air-Source
X-Proxy-Cache-La3
Server-Id
Xkey-La3
Xkeylog
X-WA
X-VCL-Version
X-Ssense-Gql
X-Vc
X-Ssense-Shipping-Surcharge-Enabled
X-Ion-Healthy
X-Lb-Id
X-Udemy-Cache-App-Namespace
X-Fastly-Backend-Reqs
Cl-Cache
X-Geo
X-Jungle-Id
RewriteTestHook
X-Ion-Hop
RewriteTeamHook
X-Vary-Devices
X-Cms-Device
X-Ee-Generated-By
X-Save-Cache
X-Ee-Request-Date
X-Ee-Origin
X-Ee-Request-Id
Time-Cloud-Cache
X-Info
Geoip-Latitude
Magicmarker
Store-Cloud-Cache
Cache-Contol
X-Cache-Ttl
X-App
X-Via-PopN
Lb
My-App
X-Github-Request-Id
X-Oracle-DMS-ECID
Cf-Ipcountry
Cmstype
X-Ha-Backend
Cmsid
X-Via-PopH
Log-Origin
X-Via-PopV
X-Esi
X-Up
X-From
Cloudfront-Viewer-Country
X-Requestid
X-CDN-Cache-Status
X-ServedByHost
X-VTEX-Cache-Backend-Header-Time
X-VTEX-Cache-Backend-Connect-Time
X-IAuth-Set-Uid
X-Akamai-Pragma-Client-IP
CDN
X-V
X-Eligible
X-Rollout
X-New
WebServer
Warning
X-Traceid
X-Limited
WWW-Authenticate
X-Correlation-ID
CountryCode
X-Forwarded-Site
Cneonction
Machine
X-MSEdge-Features
X-Region-Sid
X-LAGOON
CacheControlHeader
X-MSEdge-Flight
X-Dw-Trace-Id
FSS-Cache
X-Serial
X-Akamai-Transformed
Reporter
X-Lb-Nocache
X-Acquia-Application-UUID
X-Acquia-Purge-Tags
X-Acquia-Site
Pragrma
Server-Info
X-Check-Cacheable
X-Acquia-Application-Trace
X-HS-Status
X-Pod
X-Sucuri-Id
X-Html-Minification-Powered-By
NtCoent-Length
X-Cdn-Request-ID
X-EC-Lua
X-BBC-Origin-Response-Status
X-Elasticpress-Query
Thinkindot-Cache-Type
X-Ftr-Request-Id
X-Td-Header-From-No-Data
X-Web-Server
Edge-Cache
X-Platform-Router
X-Platform-Processor
X-Tncms-Bot-Tier
X-Ramcache
X-Ms-Lease-Status
X-Platform-Cluster
Timeexpire
X-Ms-Blob-Type
CF-Cached-On
X-Akamai-ERRuleID
X-Akamai-ERPolicy
X-Orig-Cache-Control