Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-Cache-Status
Link
Accept-Ranges
CF-RAY
ETag
Expect-CT
Pragma
X-Powered-By
X-XSS-Protection
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
Alt-Svc
X-Served-By
X-Xss-Protection
X-Download-Options
X-Request-Id
X-Timer
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Check
X-Cache-Status
X-Generator
X-Cacheable
Timing-Allow-Origin
X-Content-Security-Policy
X-Iinfo
Feature-Policy
Status
X-Envoy-Upstream-Service-Time
Content-Encoding
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
X-CDN
X-AspNetMvc-Version
P3p
Upgrade
X-Via
CF-Ray
X-Ws-Request-Id
Access-Control-Max-Age
X-Request-ID
Server-Timing
EagleId
X-Cache-Group
Keep-Alive
X-Turbo-Charged-By
Request-Context
X-Age
X-Server-Powered-By
X-UA-Device
X-Proxy-Cache
X-AH-Environment
X-Backend
X-Robots-Tag
X-Hacker
Report-To
X-Amz-Request-Id
Host-Header
X-Server
X-Amz-Id-2
X-Dns-Prefetch-Control
Grace
X-LiteSpeed-Cache
X-Rq
X-Nginx-Cache-Status
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-WebKit-CSP
X-Page-Speed
X-Vhost
EagleEye-TraceId
X-Amz-Version-Id
X-Ua-Compatible
X-OneAgent-JS-Injection
X-Pingback
X-Device
X-Dispatcher
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
NEL
X-Cache-Spec
X-Host
X-Server-Id
Cf-Railgun
X-Node
X-Backend-Server
Accept-CH
X-Readtime
Surrogate-Control
X-Akam-SW-Version
Request-Id
X-Response-Time
X-HW
Xkey
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Application-Context
Content-Location
X-Ruxit-JS-Agent
Rating
X-B3-TraceId
Accept-Ch-Lifetime
X-Country
Accept-CH-Lifetime
X-Cache-Lookup
X-Cloud-Trace-Context
X-Trace
X-Url
X-Ac
X-Content-Type
Allow
X-Vname
X-TtlSet
X-PC
X-Varnish-TTL
X-Clacks-Overhead
X-Mod-Pagespeed
Edge-Control
X-FastCGI-Cache
X-ESI
X-Server-Name
Fastly-Restarts
Cache-Tag
X-VARITI-CCR
Service-Worker-Allowed
X-Rack-Cache
Verso
X-Element-Page-Cache
X-Aws-Lambda-Call-Status
X-Upstream
X-MS-InvokeApp
X-GitHub-Request-Id
MS-Author-Via
X-Amz-Rid
Public-Key-Pins
X-Vcap-Request-Id
X-Cached
X-Dw-Request-Base-Id
X-Client-IP
X-D2id
X-Abt-Application-Version
X-Cache-TTL
X-Cnection
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-Px
Arr-Disable-Session-Affinity
X-Origin-Cache
X-Country-Code
RTSS
X-Navigation-Version
Access-Control-Request-Method
X-Powered-By-Plesk
X-Goog-Hash
X-NF-Request-ID
X-Kraken-Loop-Name
X-Instrumentation
X-Server-Lifecycle-Phase
X-Cdn-Fetch
X-Kinja
X-Exp-Variant
X-GoogleNews-Bot
X-Kinja-Server
X-Use-Magma
X-Kinja-Revision
X-Kinja-Build
X-Exp-Id
Accept-Ch
X-Powered-CMS
X-Version
AR-Request-ID
AR-SID
AR-CACHE
AR-ATIME
AR-PoweredBy
X-Language
Display
X-Sol
X-Middleton-Display
Pagespeed
X-Amz-Server-Side-Encryption
Response
X-Middleton-Response
X-MSEdge-Ref
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-LLID
X-Kinsta-Cache
X-Edge-Location-Klb
X-Edge
Nginx-Cache
X-TTL
Mrf-Cache-Status
X-Template
X-B3-TraceId-Primal
MRF-Tech
X-Protected-By
X-RateLimit-Remaining
X-Shield-Request-Id
X-Jurisdiction
X-HP-Trace-Id
X-HP-Webp
TCN
X-T
X-Forwarded-For
X-Content-Security-Policy-Report-Only
S
X-Id
X-Mg-S
Content-MD5
X-Aspnetmvc-Version
Edge-Cache-Tag
X-Mid
Fastcgi-Cache
Realpath
X-CST
SPIisLatency
SPRequestDuration
Front-End-Https
X-Recruiting
X-MCACHE
X-Request-Received
X-Request-Processing-Time
Pinterest-Generated-By
X-Ttl
Pinterest-Version
X-Pinterest-Rid
Filters
Server-Node
X-Ua-Browser
X-Ab
X-Content
X-Correlation-Id
X-DynaTrace
Server-Name
X-Frontend
X-Ruxit-Js-Agent
X-ECACHE
X-NWS-LOG-UUID
X-HS-Cache-Config
X-HS-Content-Id
X-HS-Hub-Id
SPRequestGuid
X-SharePointHealthScore
X-HS-Combine-CSS
X-Yandex-Sdch-Disable
X-Parallel-Accel
X-Ezoic-Cdn
Fusion-Content-Id
Fusion-Content-Source
Fusion-Component-Id
Fusion-Deployment-Id
X-Ser
Fusion-Template-Id
Fusion-Source
X-Hits
Alternate-Protocol
X-Cache-Key
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-Content-Options
MicrosoftSharePointTeamServices
X-Buckets
X-Page-Id
Cache-Tags
X-Git-Hash
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
Host
Charset
X-Fastly-Request-Id
Cleartype
X-B3-Sampled
X-Www-Served-By
X-Geo-Country
X-DIS-Request-ID
X-Daa-Tunnel
X-Accel-Expires
X-Content-Digest
X-Debug-Info
X-Amzn-Trace-Id
X-Amz-Replication-Status
Filterid
X-Varnish-Age
X-Az
X-AppVersion
X-Activity-Id
X-Ratelimit-Limit
X-FB-Debug
X-Forwarded-Proto
X-Hostname
X-VCache
X-Upgrade-Enabled
TP-Cache
TP-L2-Cache
X-Rid
X-Grace
X-N
Cross-Origin-Opener-Policy
Access-Control-Allow-Method
X-Origin-Server
X-WebKit-CSP-Report-Only
X-XRDS-LOCATION
X-F-Cache
X-Nginx-Upstream-Cache-Status
X-LB-Cache
X-Mobile-URL
ServerID
X-Route-Name
X-Request-Guid
X-Providence-Cookie
X-Flags
X-Aspnet-Duration-Ms
X-Is-Crawler
X-Whom
X-Goog-Generation
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-Goog-Stored-Content-Encoding
X-TT
X-Goog-Metageneration
Viewport
X-Tb
X-App-Environment
X-Varnish-Grace
Node
X-Seen-By
Payment
X-FW-Serve
X-FW-Server
X-FW-Static
X-FW-Type
X-Type
X-FW-Hash
X-Distributor
X-FW-Dynamic
Paypal-Debug-Id
DC
X-Server-ID
X-App-Server
X-Origin-Upstream-Status
X-User-Agent
Fastcgi-Useragent
X-NGENIX-Cache
X-Oneagent-Js-Injection
X-Cache-Control
Country
Accept-Charset
X-Wix-Request-Id
X-Cache-Rule
X-Logged-In
X-Litespeed-Cache
Version
X-Cache-Age
X-Microsite
X-Request-Handler-Origin-Region
X-Webkit-Csp
X-Webkit-CSP
X-Drupal-Cache-Tags
Referer-Policy
X-DataDome
X-Via-JSL
X-Erf-Bev-Bev-Is-Generated
X-Browser-Type
X-Erf-Bev-Bev
X-Varnish-Backend
X-Cluster-Name
X-Contextid
X-Signature
Refresh
X-B-Cache
Cache-Status
X-Load-Cache
X-Response-Served-From
X-Original-Request-Id
X-Tec-Api-Root
X-Tec-Api-Origin
Access-Control-Request-Headers
X-Tec-Api-Version
Amp-Access-Control-Allow-Source-Origin
X-Mobile
X-Node-Name
SD-X-WS
X-Vgn-Hpd-Reason
X-Proxy-Cache-Status
X-Page-View
X-Rendered-As
X-Cache-Expired-At
X-Jobs
X-Cacheable-TTL
X-Cache-Action
X-Real-IP
X-Is-Bot
X-IPLB-Instance
X-B
X-Debug
VIX-Pulpo-Upstream-Status
X-RemovedCookies
X-ProcessESI
VIX-Pulpo-Node
X-Revision
NGB
X-UUID
X-Device-Type
X-Yottaa-Metrics
X-Instance
X-Yottaa-Optimizations
X-Ratelimit-Reset
X-Proxy
X-Rule
X-Fastly-Request-ID
X-G
X-Cache-Time
Surrogate-Key
X-Drupal-Cache-Contexts
Akamai-GRN
X-Framework
X-Debug-IsConnected
X-Debug-IsPreview
X-FW-Version
X-Fastcgi-Cache
CF-IPCountry
X-Air-Hostname
X-Air-Trace-Id
X-Air-Source
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
DynaTrace
SID
Liferay-Portal
X-XRDS-Location
X-Oracle-Dms-Ecid
X-PressLabs-Stats
X-Azure-Ref
X-Oracle-Dms-Rid
X-Presslabs-Stats
GEO-INFO
Healthy
Count-Hit
X-Cache-Operation
Frame-Options
X-Source
X-Ms-Request-Id
X-Ms-Version
X-Nginx-Cache
X-Accel-Buffering
X-CDN-Forward
MS-CV
X-RTag
Uber-Trace-Id
Ms-Operation-Id
X-APP-VERSION
X-EdgeConnect-Cache-Status
X-Environment-Context
X-L-Path
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
X-Tumblr-Pixel
Xserver
X-Tumblr-User
Countrycode
X-Varnish-Server
X-Zen-Fury
X-Cache-Hit
X-Cache-NGX
X-Mode
X-Backend-Name
Ec-Rule-Version
X-Region
Cross-Origin-Window-Policy
X-Servername
X-IPS-LoggedIn
X-Forwarded-Host
Protected
X-Content-Powered-By
Backend
X-Cache-TTL-Remaining
Meta-Geo
X-Detected-As
X-Cache-Type
X-JoinUs
X-UPSTREAM-Address
X-SaId
X-RN-RSRV
X-Rewrite-Enabled
Section-Io-Cache
Apigw-Requestid
X-Human
X-Cache-Server
X-Generation-Time
X-Extlb
X-Routing-Service
Country-Code
Decoy-Debug-TTL
X-Proxied
X-Uri
X-Zipkin-Id
Decoy-Debug-Key
X-Tid
X-Sql-Count
Decoy-Debug-Status
X-Redis-Cache
X-Debug-Cache
X-Sql-Duration-Ms
X-FB-TRIP-ID
X-Alternate-Cache-Key
X-Cache-Grace
Url
X-UA-Device-Type
X-ApacheServer
X-Storage
X-BYPASS-REASON
X-Hosted-By
X-Sorting-Hat-ShopId
X-ProxyCache-Status
X-Soup
Eomportal-Instance
X-ServerID
X-ProxyCache-Key
X-No-Session
X-Origin-Date
Cache-Name
X-PERF
X-PHP-Backend
X-NCache
Fastly-SSL
Mn-Server-Ip
X-Varnish-Beresp-Grace
X-Sorting-Hat-PodId
X-Via-Fastly
X-Shopify-Stage
X-Format
X-ShopId
X-ShardId
Cache-Tv-Group
X-Microcachable
TWC-Locale-Group
TWC-GeoIP-LatLong
TWC-Connection-Speed
Property-Id
TWC-Privacy
X-Web-Node
Selected-Fe
TWC-Device-Class
TWC-GeoIP-Country
X-Cluster-Node
X-Server-W
X-Section
X-SayCDN-TTL
X-Say-TTL
X-Proxy-Build
X-PCL
X-NYM-Debug-Backend
X-OCL
X-Origin-Hint
X-Site-Version
X-Say-Cacheable
X-Adobe-Content
Webcakes-Region
Webcakes-App-Version
X-Adobe-Loc
X-Akamai-Edgescape
X-Status
X-Cache-Host
X-Timing-Wait
Webcakes-App-Name
X-Access
X-Pubstack
X-Hyper-Cache
OT-Force-Account-Verify
X-Hl-Ver
X-Content-Age
Azure-InstanceId
X-R9-Blue-Green-Version
Azure-Version
DB-Nickname
Azure-SlotName
Azure-SiteName
X-Varnishpool
Azure-RegionName
Content-Secure-Policy
X-RateLimit-Limit
X-Be
X-TIME
SRV
CDN-CachedAt
CDN-Cache
X-Ua
CDN-PullZone
CDN-EdgeStorageId
X-LSADC-Cache
CDN-RequestId
CDN-Uid
CDN-RequestCountryCode
X-Generated-By
X-Azure-Ref-OriginShield
LB
X-NewRelic-App-Data
X-Trace-Id
X-Ratelimit-Remaining
WPO-Cache-Message
Content-Disposition
WPO-Cache-Status
X-SRV
Source
Cache
X-Nginx-Cache-Key
X-Dc
X-Unique-Id
X-Cached-By
X-Bc-Bl
X-LAGOON
X-App-Version
X-TT-LOGID
Xet-Cookie
Cache-Hits
Retry-After
X-Auto-Login
X-GEO
X-Origin-TTL
X-Origin-CC
X-Varnish-Hits
X-HTML-Minification-Powered-By
Mime-Version
X-Platform-Server
X-Loop
X-Varnish-Hostname
X-TNCMS
X-Amz-Meta-S3cmd-Attrs
X-S-Maxage
Onion-Location
X-Akamai-Transformed
X-Xfnlog-Site
X-Cache-Remote
X-Cdn
Web-Mar-Node
HostName
X-Tumblr-Pixel-2
X-Cache-Tags
X-Tumblr-Pixel-3
Webserver
X-Varnish-Cache-Hits
X-Proto
Upgrade-Insecure-Requests
X-CSRF-Token
X-Request-Time
ServedBy
X-Cache-Var
X-Cache-Var-Map
X-Time-Microsecs
X-Tenant
X-AOL-HN
X-Endurance-Cache-Level
X-VWS-Id
X-AWS-Id
X-EC-Lua
X-LJ-Flow-ID
X-Time
N-Cache
X-Edge-Location
From-Origin
X-GG-Cache-Date
WP-Super-Cache
X-Request-Host
X-FireWall-Port
CloudFront-Viewer-Country
X-ECache
X-Mg-Request-UUID
X-Via-NSCOPI
X-B3-SpanId
X-Origin-Response-Time
X-Labrador-Cache-Channel
X-PHP-Host
X-Amz-Apigw-Id
X-Amzn-RequestId
X-A-Dam
X-A-Dgt
X-A-Dcw
X-A-Wwc
X-Rojux
X-S
X-Aed
X-A-Ccd
V-Age
X-A
User-Cache-Control
Pramga
A
Meta-Geo-Continent
X-Orig-Expires
Mobile-Detection-Method
Odigeo-Trace-Id
BehaviorPad-Version
Fastcgi-X-Cache-Version
DCR-Decision-By
X-NAPM-TraceId
DCR-Processing-Time-Ms
DSUID
Expiry
Origin
X-PAYTM-SRV-ID
Rendered-Blocks
Redirect-Candidate
X-Hnp-Log
X-Processor
Sslversion
X-Planisys-CDN-TTL
X-S-Cookie
X-PBS-Appsvrname
X-Ig-Push-State
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
Surrogated-Key
X-ScT
X-Ckpd-Fst-Backend
X-CF-Lambda-Version
X-VG-WebCache
X-TIM-N
X-Cluster
X-SVT-ORM-VERSION
X-Correlation-ID
X-Cache-NE
X-SRCache-Key
X-Forwarded-Path
X-CF-Lambda-Fn
X-External-Request-Id
X-Conf
X-Destination
X-Developer
X-M-Reqid
X-M-Log
X-V-Cache
X-D
X-Connection-Hash
X-Vdms-Version
X-Qnm-Cache
X-Vdms-Path
X-Vtex-Processado-Em
X-SVT-ORM-RULES
Nel
X-B-Cookie
X-Shop-Environment
X-Ftr-Request-Id
X-Vtex-Remote-Cache
X-ARC
X-Application
X-ND-Cache
X-Gen-Mode
Xc-Version
X-SD-PageType
X-Block-Status
X-Session-Fingerprint
X-RCS-CacheZone
X-Cache-Enabled
X-MP-GENERATED-AT
X-NWS-UUID-VERIFY
X-Handled-By
Gh-Request-Id
X-LI-UUID
Host-ID
X-Li-Fabric
L
X-Li-Pop
Fastcgi-Cache-TTL
X-Device-Os
X-Epic-Correlation-Id
X-Cache-Info
Traceparent
X-Mvc-Supplant-Cachable
X-Men
True-Client-Country-4JS
State
X-Location
X-Accel-Expires-Debug
Ssr
Wxu-Next-Region
X-Cdn-Srv
X-Fetched-On
X-Fastly-Cache
Wxu-Next-Hostname
X-Geo-Header
Wxu-Next-Commit
Release
X-Cache-Date
X-Forwarded-Site
X-Gdpr
X-Hash
X-Cache-Bucket
Origin-CC
Origin-EX
Svr
X-Core-Mission
X-Date
X-Nyt-Route
X-Slack-Backend
Cmstype
X-Scheme
Vix-Hermes-Req-Id
X-Origin-Time
X-Origin-Expires
X-Zone
X-Served-From
X-Sucuri-Cache
X-VServer
X-Sucuri-ID
AKAMAI
X-Policy
X-CACHE-KEY
X-Aicache-OS
Arc-Country
X-NodeID
CacheControlHeader
CDCHOST
Cmsid
X-Varnish-Beresp-Status
X-Proxy-Upstream
X-Server-IP
X-Skip-Cache
X-Owner
Server-Info
X-Rocket-Nginx-Serving-Static
X-Old-Content-Length
X-Webstats-RespID
X-Magnolia-Registration
Environment
Fastly-Drupal-Html
X-Reqid
AMP-Access-Control-Allow-Source-Origin
X-GeoIP
X-Request-Start
X-Backend-State
X-BBC-Edge-Cache-Status
Web-Mar-Region
X-Rocket-Build-Number
X-Request-URI
X-ATG-Version
X-VC-Cache
X-Generated-On
X-Adobe-Source
X-Viewer-Country
X-Cache-Debug
X-VarnishDD-TTL
X-Csrf-Jwt
X-Core-Value
X-VG-TLSProxy
X-Datadog-Parent-Id
X-Datadog-Sampling-Priority
X-Envoy-Decorator-Operation
X-Eu-Site
X-Developers
X-Datadog-Trace-Id
X-UnsetCookies
X-TrackingId
X-Cache-Id
X-Sigma-Backend
X-Branch-Name
X-Sigma
X-Storefront-Renderer-Rendered
X-TH-Server
X-Fastly-Backend
X-Thinkindot-L3
X-Thanos
X-CGP
X-Bip
We-Hiring
X-Platform
PFcat
X-Irp-Debug
Apple-News-Services-Request-Url
X-Esi-Check
Fastly-GeoIP-CountryCode
Machine
X-HS-Content-Campaign-Id
Req-Svc-Chain
Ha-Gx-Prefs
X-Level-Front-Cache
L5d-Success-Class
Locid
Mail-Subject
Apple-News-Services-Handled
Apple-News-Services-Host
X-GeoIP-City
HA-Ipaddr
Apple-News-Services-Parsed-Url
X-Locale
Server-Host
Thinkindot-CacheControl-Type
Thinkindot-Control
X-Req
X-HN
Thinkindot-CacheControl
X-Node-Id
X-RateLimit-Limit-Second
X-Gzip
X-RateLimit-Remaining-Second
TDXMobile
X-Variation
X-NU-AKA-ACS-Version
Is-Eu
Cf-Device-Type
X-DPWN-IS-SECURE
X-DefHash
X-DefElseHash
X-Loc
Fastly-SIE
Fastly-SWR
X-Varnish-CookieINHashed-On
X-Varnish-Remaining-TTL
X-Varnish-CookieHashed-On
X-Sn-Servicetimems
X-Amzn-Remapped-Content-Length
X-Worker
X-Qloud-Router
X-Pod-Name
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-Response-By
X-Has-Esi
X-Region-Sid
X-Backend-TTL
Memcached
X-Gamma-Serve
Adler-Geo
X-FC-Vary-Parameters
X-Cdn-Origin
Platform
NGX
X-Is-Gdpr
X-Origin
X-JWT-State
NM-Fastcgi-Cache
X-Datadome
X-Xrds-Location
X-Mvc-Supplant-OutputCached
X-GeoIP-Country-Code
X-GeoIP-Region-Code
X-Cache-Config
X-Tx-Id
X-Ua-Device
X-CLOUD-TRACE-CONTEXT
X-Varnish-Beresp-Ttl
X-CS
X-NC
X-API-Version
X-TraceId
S-Rt
Pics-Label
CDN
X-LB-ID
Datacenter
X-Generated-In
Magicmarker
X-TA-CDN-Provider
X-Up
X-Trace-ID
Candidate-Md5Url
Ms-Author-Via
X-Restarts
X-Tt-Logid
Kp-EeAlive
X-Vc
X-Tb-Optimization-Total-Bytes-Saved
X-Http-Reason
Memory
Env
X-Akamai-Request-ID2
NtCoent-Length
X-LB-NoCache
Time
X-Edge-Pop
X-DynaTrace-JS-Agent
X-RPM
X-RPS
X-DB
X-Wix-Viewer-Type
X-DW
X-DSS
WWW-Authenticate
X-DI
X-Varnish-Ttl
X-Cache-Backend
X-Via-Poph
X-RSL
X-Via-Popn
WebServer
Edge-Cache
GeoIp-Country-Code
X-Refresh
X-Via-Popv
X-Optimistic-Header
On-Server
X-Parent-Response-Time
Esi-Enabled
X-Action
X-CacheTTL
X-Minions-Version
X-DC
Accept-Language
X-Varnish-Beresp-TTL
X-Cs
X-Esi
C-Via
X-Service
X-Dynatrace
X-Servedbyhost
X-Srv
X-Unique-ID
X-MSEdge-Flight
X-Cache-PHP
X-MSEdge-Features
X-HA-Backend
X-TX-ID
X-Newrelic-Synthetics
Locale
X-Urbn-Site-Id
Server-ID
X-Urbn-Context-Path
X-ZONE
X-Cache-Status-Check
X-VCL-Version
X-Ec-GeoHdr
X-Render-Time
X-Ec-Fail
X-User
X-App
X-LI-Proto
X-Cache-Ttl
X-Li-Proto
X-URL
X-Fpc
X-FPC
Test
X-Webkit-Csp-Report-Only
Proxy-Connection
X-LiteSpeed-Cache-Control
X-Traceid
X-Vcl-Version
X-B3-Spanid
Cdncip
Cdnsip
X-AK-Request-ID
Server-Id
X-Webkit-CSP-Report-Only
X-Info
X-Pass-Why
X-AIR-PT
X-NODE
My-App
X-Fmm-Version
Geoip-Latitude
Cluster
Geo-Info
X-Clara-WADP
X-WADP-Cache
Tcn
X-Clientip
X-Mcache
UCS
X-Oss-Storage-Class
X-CSRF-TOKEN
X-CUA
X-Var-Ttl
Resin-Trace
Tracecode
HIT
Cache-Host
X-Oss-Hash-Crc64ecma
X-Oss-Server-Time
X-Oss-Object-Type
M-TraceId
X-Oss-Request-Id
T-Server
Lfy
X-Ha-Backend
X-From
Fastly-Drupal-HTML
X-LiteSpeed-Tag
X-HostName
Cf-Int-Pingora-Origin-Digest
S-Cnection
Hostname
X-ServedByHost
X-Fragments
Lang
X-ID
Target-Params
Fastly-Backend-Name
X-WP-CF-Super-Cache
X-Micro-Cache
X-Via-PopV
X-Via-PopN
X-Via-PopH
Hit
User-Agent
X-WP-CF-Super-Cache-Cache-Control
Ohc-File-Size
X-COUNTRY
GeoIP-Country-Code
X-Pad
X-NGINX-Cache
X-Dynatrace-Js-Agent
DataCenter
X-Geo
X-RAMCache
X-Backend-Host
ENV
X-Edge-POP
X-Release
X-ElasticPress-Query
MIME-Version
X-BBC-Origin-Response-Status
X-Check-Cacheable
X-Cdn-Forward
Load-Balancing
Section-Io-Id
X-VC
X-Edge-Cache
Section-Origin-Responded
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
X-Api-Version
X-BCube-Filmed-By
X-APP
Lb
X-ServerName
X-Lb-Nocache
Permissions-Policy
X-Fastly-Backend-Reqs
X-HS-Status
Servername
X-Httpd
X-Ucs
X-Proxy-Cache-Info
EpKe-Alive
URI
Cache-Key
X-WA-Info
Path
X-GoCache-CacheStatus
CPC-Age
X-WA
VNS-Cache
X-Lb-Id
CPC-Cache
FSS-Cache
PICS-Label
Uri
Server-Ttl
X-UP
ServerName
Producers
X-Amz-Meta-Cb-Modifiedtime
VNS-Age
Sid
X-TRACE-ID
X-SB
X-Cache-CFC
WZWS-RAY
X-Pool
X-Provided-By
X-Udemy-Cache-App-Namespace
X-RateLimit-Reset
Cneonction
X-ES-SERVER
X-B3-ParentSpanId
X-Nc
Cdn
Ohc-Cache-HIT
X-Cdn-Request-ID
X-Wikidot-Static-Cache
Cteonnt-Length
X-Wikidot-Backend
X-Fastly-Cache-Hits
Vha6-Origin
X-Dw-Trace-Id
X-Akamai-ERPolicy
X-Acquia-Site
X-Apw-Hits
X-Cache-ASPX
X-Akamai-ERRuleID
Shield-Pop
X-Vcache
X-Newrelic-App-Data
X-Ec-Custom-Error
X-Platform-Cluster
X-Platform-Processor
X-Platform-Router
X-Akamai-Request-ID
Cf-Ipcountry
X-Apw-Access-Object
X-Apw-Access-Action
X-Acquia-Application-UUID
X-Apw-Access-Token
X-Acquia-Purge-Tags
X-Yottaa-OS
X-Cms-Context
CF-Cached-On
X-Swift-Error
Pagetype
X-Snapshot-Date
X-PJAX-URL
X-Contensis-Viewer-Groups
X-Acquia-Application-Trace
X-Cache-Ngx
X-Air-Pt
X-Via-Ucdn
X-UA
X-CacheKey
X-Shopify-Generated-Cart-Token
Req-ID
X-CCDN-CacheTTL
X-Akamai-Pragma-Client-IP
X-Hcs-Proxy-Type
X-Scale
X-Logging-Id
X-Te-Duration-Ms
X-CCDN-Origin-Time
X-Te-Count
X-Http-Duration-Ms
X-Http-Count
X-Varnish-Authentication
MD5-Digest
CountryCode
Ngx
X-Last-Modified
X-Miniprofiler-Ids
X-Sentry-ID