Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-Cache-Status
Link
Accept-Ranges
CF-RAY
ETag
Expect-CT
Pragma
X-Powered-By
X-XSS-Protection
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
Alt-Svc
X-Served-By
X-Xss-Protection
X-Download-Options
X-Request-Id
X-Timer
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Check
X-Cache-Status
X-Generator
X-Cacheable
Timing-Allow-Origin
X-Content-Security-Policy
X-Iinfo
Feature-Policy
Status
X-Envoy-Upstream-Service-Time
Content-Encoding
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
X-CDN
X-AspNetMvc-Version
P3p
Upgrade
X-Via
CF-Ray
X-Ws-Request-Id
Access-Control-Max-Age
X-Request-ID
Server-Timing
EagleId
X-Cache-Group
Keep-Alive
X-Turbo-Charged-By
Request-Context
X-Age
X-Server-Powered-By
X-UA-Device
X-Proxy-Cache
X-AH-Environment
X-Backend
X-Robots-Tag
X-Hacker
Report-To
X-Amz-Request-Id
Host-Header
X-Server
X-Amz-Id-2
X-Dns-Prefetch-Control
Grace
X-LiteSpeed-Cache
X-Rq
X-Nginx-Cache-Status
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-WebKit-CSP
X-Page-Speed
X-Vhost
EagleEye-TraceId
X-Amz-Version-Id
X-Ua-Compatible
X-OneAgent-JS-Injection
X-Pingback
X-Dispatcher
X-Device
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
NEL
X-Cache-Spec
X-Host
X-Server-Id
Cf-Railgun
X-Node
X-Backend-Server
Accept-CH
X-Readtime
Surrogate-Control
X-Akam-SW-Version
Request-Id
X-Response-Time
X-HW
Xkey
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Application-Context
Content-Location
X-Ruxit-JS-Agent
Rating
X-B3-TraceId
Accept-Ch-Lifetime
X-Country
Accept-CH-Lifetime
X-Cache-Lookup
X-Cloud-Trace-Context
X-Trace
X-Url
X-Ac
X-Content-Type
Allow
X-Vname
X-TtlSet
X-PC
X-Varnish-TTL
X-Clacks-Overhead
X-Mod-Pagespeed
Edge-Control
X-FastCGI-Cache
X-ESI
X-Server-Name
Fastly-Restarts
Cache-Tag
Service-Worker-Allowed
X-VARITI-CCR
X-Rack-Cache
X-Element-Page-Cache
Verso
X-Aws-Lambda-Call-Status
X-Upstream
X-MS-InvokeApp
MS-Author-Via
X-GitHub-Request-Id
X-Amz-Rid
Public-Key-Pins
X-Vcap-Request-Id
X-Dw-Request-Base-Id
X-Cached
X-Client-IP
X-D2id
X-Abt-Application-Version
X-Cache-TTL
X-Cnection
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
X-Px
X-Origin-Cache
Arr-Disable-Session-Affinity
X-Country-Code
X-Navigation-Version
RTSS
Access-Control-Request-Method
X-Powered-By-Plesk
X-Goog-Hash
X-NF-Request-ID
X-Instrumentation
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
X-GoogleNews-Bot
X-Kinja-Revision
X-Kinja-Server
X-Use-Magma
X-Cdn-Fetch
X-Kinja-Build
X-Exp-Id
X-Kinja
X-Exp-Variant
Accept-Ch
X-Powered-CMS
X-Version
AR-CACHE
AR-ATIME
AR-Request-ID
AR-PoweredBy
AR-SID
X-Language
X-Sol
X-Middleton-Display
Display
Pagespeed
X-Amz-Server-Side-Encryption
Response
X-Middleton-Response
X-MSEdge-Ref
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-LLID
X-Kinsta-Cache
X-Edge-Location-Klb
X-Edge
Nginx-Cache
X-TTL
MRF-Tech
X-B3-TraceId-Primal
X-Template
Mrf-Cache-Status
X-RateLimit-Remaining
X-Protected-By
X-Shield-Request-Id
X-Jurisdiction
X-HP-Trace-Id
X-HP-Webp
TCN
X-T
X-Forwarded-For
S
X-Content-Security-Policy-Report-Only
X-Id
X-Mg-S
Content-MD5
X-Aspnetmvc-Version
Edge-Cache-Tag
Fastcgi-Cache
X-Mid
X-CST
Realpath
SPIisLatency
SPRequestDuration
Front-End-Https
X-Recruiting
X-MCACHE
X-Request-Received
X-Ttl
X-Request-Processing-Time
Filters
X-Pinterest-Rid
Pinterest-Version
Pinterest-Generated-By
Server-Node
X-Ua-Browser
X-Ab
X-Content
X-Correlation-Id
X-DynaTrace
Server-Name
X-Frontend
X-ECACHE
X-Ruxit-Js-Agent
X-NWS-LOG-UUID
X-HS-Cache-Config
X-HS-Content-Id
X-HS-Hub-Id
SPRequestGuid
X-SharePointHealthScore
X-HS-Combine-CSS
X-Yandex-Sdch-Disable
X-Ezoic-Cdn
X-Parallel-Accel
Fusion-Content-Source
Fusion-Source
Fusion-Content-Id
Fusion-Template-Id
Fusion-Deployment-Id
X-Ser
Fusion-Component-Id
X-Hits
Alternate-Protocol
X-Cache-Key
X-Tt-Trace-Tag
X-Tt-Trace-Host
MicrosoftSharePointTeamServices
X-Content-Options
X-Buckets
Cache-Tags
X-Page-Id
X-B3-Sampled
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Git-Hash
Host
Cleartype
Charset
X-Fastly-Request-Id
X-Www-Served-By
X-Geo-Country
X-DIS-Request-ID
X-Daa-Tunnel
X-Amzn-Trace-Id
X-Debug-Info
X-Content-Digest
X-Accel-Expires
X-Amz-Replication-Status
Filterid
X-Varnish-Age
X-FB-Debug
X-Az
X-AppVersion
X-Activity-Id
X-Ratelimit-Limit
X-Forwarded-Proto
X-Hostname
X-VCache
X-Upgrade-Enabled
TP-Cache
TP-L2-Cache
X-Rid
X-Grace
X-N
Cross-Origin-Opener-Policy
Access-Control-Allow-Method
X-Origin-Server
X-XRDS-LOCATION
X-Nginx-Upstream-Cache-Status
X-WebKit-CSP-Report-Only
X-F-Cache
X-LB-Cache
X-Mobile-URL
ServerID
X-Route-Name
X-Request-Guid
X-Providence-Cookie
X-Flags
X-Aspnet-Duration-Ms
X-Is-Crawler
X-Whom
X-Goog-Generation
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-Goog-Stored-Content-Encoding
X-TT
X-Goog-Metageneration
Viewport
X-Tb
X-App-Environment
X-Varnish-Grace
Node
X-Seen-By
Payment
X-FW-Serve
X-FW-Server
X-FW-Static
X-FW-Type
X-Type
X-FW-Hash
X-Distributor
X-FW-Dynamic
X-Server-ID
Paypal-Debug-Id
X-App-Server
DC
X-Origin-Upstream-Status
X-User-Agent
Fastcgi-Useragent
X-NGENIX-Cache
X-Oneagent-Js-Injection
X-Cache-Control
Country
Accept-Charset
X-Wix-Request-Id
X-Cache-Rule
X-Logged-In
X-Litespeed-Cache
X-Cache-Age
Version
X-Microsite
X-Request-Handler-Origin-Region
X-Webkit-Csp
X-Via-JSL
X-Webkit-CSP
X-Drupal-Cache-Tags
X-DataDome
Referer-Policy
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Browser-Type
X-Cluster-Name
X-Varnish-Backend
X-Contextid
X-Signature
X-B-Cache
Refresh
X-Load-Cache
Cache-Status
X-Node-Name
X-Response-Served-From
X-Original-Request-Id
X-Tec-Api-Root
Access-Control-Request-Headers
X-Tec-Api-Version
Amp-Access-Control-Allow-Source-Origin
X-Tec-Api-Origin
X-Mobile
SD-X-WS
X-Page-View
X-Proxy-Cache-Status
X-Vgn-Hpd-Reason
X-Rendered-As
X-Cache-Expired-At
X-Jobs
X-Cacheable-TTL
X-Cache-Action
X-Real-IP
X-Is-Bot
X-IPLB-Instance
X-B
X-Debug
VIX-Pulpo-Upstream-Status
X-RemovedCookies
X-ProcessESI
VIX-Pulpo-Node
X-Revision
NGB
X-UUID
X-Device-Type
X-Yottaa-Metrics
X-Instance
X-Yottaa-Optimizations
X-Ratelimit-Reset
X-Proxy
X-Rule
X-Fastly-Request-ID
X-G
X-Cache-Time
Surrogate-Key
X-Drupal-Cache-Contexts
Akamai-GRN
X-Framework
X-Debug-IsConnected
X-Debug-IsPreview
X-FW-Version
X-Fastcgi-Cache
CF-IPCountry
X-Air-Hostname
X-Air-Trace-Id
X-Air-Source
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
DynaTrace
SID
Liferay-Portal
X-XRDS-Location
X-Oracle-Dms-Ecid
X-PressLabs-Stats
X-Azure-Ref
X-Oracle-Dms-Rid
X-Presslabs-Stats
GEO-INFO
Healthy
Count-Hit
X-Cache-Operation
Frame-Options
X-Source
X-Ms-Request-Id
X-Ms-Version
X-Nginx-Cache
X-Accel-Buffering
X-CDN-Forward
MS-CV
X-RTag
Uber-Trace-Id
Ms-Operation-Id
X-APP-VERSION
X-EdgeConnect-Cache-Status
X-Environment-Context
X-L-Path
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
X-Tumblr-Pixel
Xserver
X-Tumblr-User
Countrycode
X-Varnish-Server
X-Zen-Fury
X-Cache-Hit
X-Cache-NGX
X-Mode
X-Backend-Name
Ec-Rule-Version
X-Region
Cross-Origin-Window-Policy
X-Forwarded-Host
X-Servername
X-IPS-LoggedIn
X-Content-Powered-By
Backend
Protected
X-Cache-TTL-Remaining
Meta-Geo
X-Detected-As
X-Cache-Type
X-JoinUs
X-Rewrite-Enabled
X-RN-RSRV
X-UPSTREAM-Address
X-SaId
X-ShopId
X-Varnish-Beresp-Grace
Apigw-Requestid
X-ShardId
X-Generation-Time
Country-Code
X-Shopify-Stage
X-Hosted-By
X-Sorting-Hat-PodId
X-Routing-Service
X-Debug-Cache
X-Cache-Server
X-Extlb
X-Sorting-Hat-ShopId
X-Redis-Cache
X-Uri
X-Tid
X-Zipkin-Id
Section-Io-Cache
X-Human
X-Cache-Grace
Decoy-Debug-Key
Decoy-Debug-Status
X-Sql-Count
Eomportal-Instance
X-Alternate-Cache-Key
Decoy-Debug-TTL
X-Sql-Duration-Ms
X-Proxied
X-Status
X-Storage
Url
X-UA-Device-Type
X-ApacheServer
X-BYPASS-REASON
X-Soup
X-FB-TRIP-ID
X-NCache
X-ProxyCache-Key
X-PHP-Backend
X-PERF
X-No-Session
X-Origin-Date
X-ProxyCache-Status
Cache-Tv-Group
X-Site-Version
Mn-Server-Ip
X-Via-Fastly
X-Microcachable
X-Format
X-ServerID
Fastly-SSL
Cache-Name
TWC-GeoIP-LatLong
TWC-Connection-Speed
X-Web-Node
TWC-Locale-Group
Property-Id
Selected-Fe
TWC-Device-Class
TWC-GeoIP-Country
X-Cluster-Node
X-Server-W
X-Section
X-SayCDN-TTL
X-Proxy-Build
X-PCL
X-NYM-Debug-Backend
X-OCL
X-Origin-Hint
X-Say-TTL
X-Say-Cacheable
X-Access
Webcakes-App-Version
Webcakes-App-Name
X-Adobe-Content
X-Adobe-Loc
X-Cache-Host
X-Timing-Wait
X-Akamai-Edgescape
TWC-Privacy
Webcakes-Region
X-Content-Age
DB-Nickname
X-Varnishpool
X-R9-Blue-Green-Version
X-Hl-Ver
OT-Force-Account-Verify
X-Hyper-Cache
Azure-InstanceId
Azure-Version
Azure-SlotName
Azure-SiteName
Azure-RegionName
X-Pubstack
X-RateLimit-Limit
Content-Secure-Policy
X-Be
X-TIME
CDN-EdgeStorageId
CDN-Cache
CDN-PullZone
CDN-CachedAt
CDN-RequestId
X-LSADC-Cache
CDN-RequestCountryCode
CDN-Uid
SRV
X-Ua
X-Trace-Id
X-Ratelimit-Remaining
Content-Disposition
LB
X-NewRelic-App-Data
X-Azure-Ref-OriginShield
X-Generated-By
WPO-Cache-Message
WPO-Cache-Status
X-Dc
X-SRV
X-Cached-By
Source
Cache
X-Nginx-Cache-Key
X-Unique-Id
X-Bc-Bl
X-LAGOON
X-App-Version
Xet-Cookie
X-Auto-Login
Cache-Hits
Retry-After
X-TT-LOGID
Mime-Version
X-Origin-CC
X-HTML-Minification-Powered-By
X-Varnish-Hits
X-Origin-TTL
X-GEO
X-Loop
X-Platform-Server
X-TNCMS
X-Varnish-Hostname
X-S-Maxage
Onion-Location
X-Akamai-Transformed
X-Amz-Meta-S3cmd-Attrs
X-Xfnlog-Site
X-Cache-Remote
X-Cdn
X-Tumblr-Pixel-3
X-Tumblr-Pixel-2
X-Cache-Tags
HostName
Web-Mar-Node
X-Proto
Webserver
Upgrade-Insecure-Requests
X-Varnish-Cache-Hits
X-Request-Time
X-CSRF-Token
X-Cache-Var-Map
X-Cache-Var
ServedBy
X-Time-Microsecs
X-Tenant
X-AOL-HN
X-Endurance-Cache-Level
X-LJ-Flow-ID
X-Time
X-VWS-Id
X-Edge-Location
X-AWS-Id
X-EC-Lua
N-Cache
From-Origin
WP-Super-Cache
X-Request-Host
X-GG-Cache-Date
X-B3-SpanId
X-FireWall-Port
CloudFront-Viewer-Country
X-ECache
X-Mg-Request-UUID
X-Via-NSCOPI
X-Origin-Response-Time
X-Amz-Apigw-Id
X-PHP-Host
X-Amzn-RequestId
X-Labrador-Cache-Channel
Expiry
X-A-Dam
X-A-Ccd
X-A
Fastcgi-X-Cache-Version
X-Rojux
DCR-Processing-Time-Ms
X-Aed
X-S
DCR-Decision-By
X-A-Wwc
X-A-Dgt
BehaviorPad-Version
X-ND-Cache
DSUID
X-A-Dcw
User-Cache-Control
X-Planisys-CDN-TTL
X-PAYTM-SRV-ID
Rendered-Blocks
X-Hnp-Log
Redirect-Candidate
X-S-Cookie
X-PBS-Appsvrname
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
Sslversion
X-Ig-Push-State
Mobile-Detection-Method
A
Meta-Geo-Continent
Pramga
Odigeo-Trace-Id
Surrogated-Key
X-Processor
Origin
X-Orig-Expires
V-Age
X-ScT
X-Ckpd-Fst-Backend
X-CF-Lambda-Version
X-TIM-N
X-VG-WebCache
X-Cluster
X-CF-Lambda-Fn
X-SVT-ORM-VERSION
X-SRCache-Key
X-Cache-NE
X-Forwarded-Path
X-Correlation-ID
X-External-Request-Id
X-Conf
X-Destination
X-Developer
X-M-Reqid
X-M-Log
X-V-Cache
X-D
X-Connection-Hash
X-Vdms-Version
X-Qnm-Cache
X-Vdms-Path
X-Vtex-Processado-Em
X-SVT-ORM-RULES
X-Session-Fingerprint
X-B-Cookie
Nel
X-Shop-Environment
X-Block-Status
Xc-Version
X-ARC
X-NAPM-TraceId
X-Gen-Mode
X-Application
X-SD-PageType
X-Vtex-Remote-Cache
X-Ftr-Request-Id
X-Cache-Date
X-Slack-Backend
X-NWS-UUID-VERIFY
X-Cache-Enabled
X-MP-GENERATED-AT
X-RCS-CacheZone
X-Handled-By
L
X-Li-Fabric
Host-ID
X-LI-UUID
Gh-Request-Id
X-Li-Pop
X-Date
Fastcgi-Cache-TTL
X-Epic-Correlation-Id
Svr
X-Cache-Info
X-Device-Os
X-Mvc-Supplant-Cachable
True-Client-Country-4JS
X-Location
X-Men
X-Hash
Ssr
Wxu-Next-Region
X-Fastly-Cache
X-Cdn-Srv
X-Cache-Bucket
Wxu-Next-Hostname
X-Geo-Header
Wxu-Next-Commit
X-Fetched-On
X-Forwarded-Site
X-Gdpr
Release
State
Origin-CC
Origin-EX
Traceparent
X-Core-Mission
X-Accel-Expires-Debug
X-Nyt-Route
AKAMAI
X-Old-Content-Length
X-CACHE-KEY
X-Webstats-RespID
X-VServer
Fastly-Drupal-Html
Vix-Hermes-Req-Id
X-Sucuri-ID
X-Sucuri-Cache
X-Server-IP
X-Owner
X-Skip-Cache
X-Policy
X-Origin-Time
X-Proxy-Upstream
X-Origin-Expires
X-Zone
X-Served-From
X-Rocket-Nginx-Serving-Static
X-Varnish-Beresp-Status
Cmsid
CDCHOST
X-Locale
X-NodeID
Server-Info
CacheControlHeader
Cmstype
X-Aicache-OS
X-Scheme
Arc-Country
X-Reqid
AMP-Access-Control-Allow-Source-Origin
Environment
X-Magnolia-Registration
X-VC-Cache
X-Bip
X-Gamma-Serve
X-Adobe-Source
X-ATG-Version
X-Branch-Name
X-Request-URI
X-Backend-State
X-Generated-On
X-Viewer-Country
X-BBC-Edge-Cache-Status
X-Rocket-Build-Number
X-Storefront-Renderer-Rendered
X-Csrf-Jwt
X-VarnishDD-TTL
X-Core-Value
X-VG-TLSProxy
X-UnsetCookies
X-Datadog-Parent-Id
X-Datadog-Sampling-Priority
X-Envoy-Decorator-Operation
X-Eu-Site
X-Developers
X-Datadog-Trace-Id
X-TrackingId
X-Fastly-Backend
X-Sn-Servicetimems
X-Cache-Id
X-Cache-Debug
X-Sigma-Backend
X-Request-Start
X-Cdn-Origin
X-Thinkindot-L3
X-CGP
X-Thanos
X-TH-Server
X-Sigma
Web-Mar-Region
X-Platform
Fastly-GeoIP-CountryCode
PFcat
X-Irp-Debug
X-Esi-Check
Req-Svc-Chain
L5d-Success-Class
Server-Host
X-HS-Content-Campaign-Id
Apple-News-Services-Request-Url
Ha-Gx-Prefs
Mail-Subject
Machine
Locid
Apple-News-Services-Handled
Apple-News-Services-Host
X-Level-Front-Cache
HA-Ipaddr
Apple-News-Services-Parsed-Url
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Region-Sid
X-HN
We-Hiring
X-GeoIP-City
TDXMobile
X-Gzip
Thinkindot-Control
X-Req
X-GeoIP
X-Node-Id
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
X-DPWN-IS-SECURE
X-NU-AKA-ACS-Version
Cf-Device-Type
Is-Eu
Fastly-SIE
X-Varnish-Remaining-TTL
X-DefElseHash
X-DefHash
X-Varnish-CookieINHashed-On
X-Varnish-CookieHashed-On
X-Variation
X-Loc
Fastly-SWR
X-Origin
X-Rebelmouse-Cache-Control
X-Worker
X-Qloud-Router
X-Pod-Name
X-Amzn-Remapped-Content-Length
X-Rebelmouse-Surrogate-Control
X-Response-By
X-Backend-TTL
X-Has-Esi
Memcached
Platform
X-Is-Gdpr
NGX
Adler-Geo
X-FC-Vary-Parameters
NM-Fastcgi-Cache
X-JWT-State
X-Xrds-Location
X-Datadome
X-GeoIP-Country-Code
X-Mvc-Supplant-OutputCached
X-GeoIP-Region-Code
X-Cache-Config
X-Tx-Id
X-Ua-Device
X-Varnish-Beresp-Ttl
X-Up
X-CLOUD-TRACE-CONTEXT
X-NC
X-CS
X-API-Version
Datacenter
S-Rt
Magicmarker
X-TraceId
X-Generated-In
X-TA-CDN-Provider
X-LB-ID
Pics-Label
CDN
Candidate-Md5Url
X-Restarts
Kp-EeAlive
Ms-Author-Via
X-Tt-Logid
X-Trace-ID
X-Vc
X-Tb-Optimization-Total-Bytes-Saved
Env
X-Akamai-Request-ID2
X-LB-NoCache
NtCoent-Length
X-Http-Reason
Memory
Time
X-Edge-Pop
X-DynaTrace-JS-Agent
X-RPM
X-DW
X-RPS
X-DB
X-Wix-Viewer-Type
X-DSS
X-Cache-Backend
X-Action
WWW-Authenticate
X-DI
X-Varnish-Ttl
X-Via-Poph
X-RSL
On-Server
WebServer
Edge-Cache
X-Refresh
X-Optimistic-Header
X-Via-Popn
GeoIp-Country-Code
X-Via-Popv
X-Parent-Response-Time
Esi-Enabled
X-CacheTTL
X-Minions-Version
Accept-Language
X-DC
X-Varnish-Beresp-TTL
X-Cs
X-Esi
C-Via
X-Service
X-Dynatrace
X-Servedbyhost
X-Srv
Server-ID
X-MSEdge-Flight
X-Cache-PHP
X-MSEdge-Features
X-HA-Backend
X-Unique-ID
X-TX-ID
X-Newrelic-Synthetics
Locale
X-Urbn-Site-Id
X-Urbn-Context-Path
X-ZONE
X-Cache-Status-Check
X-VCL-Version
X-Ec-GeoHdr
X-Render-Time
X-Ec-Fail
X-User
X-App
X-LI-Proto
X-Cache-Ttl
X-Li-Proto
X-Fpc
X-URL
X-FPC
Test
X-Webkit-Csp-Report-Only
Proxy-Connection
X-LiteSpeed-Cache-Control
X-Traceid
X-Vcl-Version
X-B3-Spanid
Cdncip
Cdnsip
X-AK-Request-ID
Server-Id
X-Webkit-CSP-Report-Only
X-Info
X-Pass-Why
X-AIR-PT
X-NODE
My-App
X-Fmm-Version
Geoip-Latitude
Cluster
Geo-Info
X-Clara-WADP
X-WADP-Cache
Tcn
X-Clientip
X-Mcache
UCS
X-Oss-Storage-Class
X-CSRF-TOKEN
X-CUA
X-Var-Ttl
Resin-Trace
Tracecode
HIT
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Oss-Server-Time
X-Oss-Request-Id
M-TraceId
Cache-Host
T-Server
Lfy
X-Ha-Backend
X-From
Fastly-Drupal-HTML
X-LiteSpeed-Tag
X-HostName
S-Cnection
Cf-Int-Pingora-Origin-Digest
Hostname
X-ServedByHost
X-Fragments
X-ID
Lang
X-COUNTRY
X-WP-CF-Super-Cache
Target-Params
Fastly-Backend-Name
X-Micro-Cache
X-Via-PopN
X-Via-PopH
X-Via-PopV
Hit
Ohc-File-Size
User-Agent
X-WP-CF-Super-Cache-Cache-Control
GeoIP-Country-Code
X-Pad
X-NGINX-Cache
X-Dynatrace-Js-Agent
DataCenter
X-Geo
X-RAMCache
X-Backend-Host
ENV
X-Edge-POP
X-Release
X-ElasticPress-Query
MIME-Version
X-BBC-Origin-Response-Status
X-Cdn-Forward
X-Check-Cacheable
Load-Balancing
Section-Io-Id
X-Edge-Cache
Section-Origin-Responded
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
X-Api-Version
X-APP
X-VC
X-BCube-Filmed-By
Lb
X-ServerName
X-Lb-Nocache
Permissions-Policy
X-Fastly-Backend-Reqs
X-HS-Status
Servername
X-Httpd
X-Ucs
EpKe-Alive
URI
X-Proxy-Cache-Info
X-Provided-By
X-GoCache-CacheStatus
Path
Cache-Key
CPC-Age
X-WA
X-WA-Info
VNS-Cache
X-Lb-Id
CPC-Cache
FSS-Cache
PICS-Label
Uri
Server-Ttl
X-UP
ServerName
X-Amz-Meta-Cb-Modifiedtime
VNS-Age
Producers
Sid
X-TRACE-ID
X-SB
WZWS-RAY
X-Pool
X-Udemy-Cache-App-Namespace
X-Cache-CFC
X-RateLimit-Reset
Cneonction
X-ES-SERVER
X-B3-ParentSpanId
X-Nc
Cdn
Ohc-Cache-HIT
X-Cdn-Request-ID
X-Wikidot-Static-Cache
Cteonnt-Length
X-Wikidot-Backend
X-Fastly-Cache-Hits
Vha6-Origin
X-Dw-Trace-Id
X-Akamai-ERPolicy
X-Acquia-Site
X-Apw-Hits
X-Cache-ASPX
X-Akamai-ERRuleID
Shield-Pop
X-Vcache
X-Newrelic-App-Data
X-Ec-Custom-Error
X-Platform-Cluster
X-Platform-Processor
X-Platform-Router
X-Akamai-Request-ID
Cf-Ipcountry
X-Apw-Access-Object
X-Apw-Access-Action
X-Acquia-Application-UUID
X-Apw-Access-Token
X-Acquia-Purge-Tags
X-Yottaa-OS
X-Cms-Context
CF-Cached-On
X-Swift-Error
Pagetype
X-Snapshot-Date
X-PJAX-URL
X-Contensis-Viewer-Groups
X-Acquia-Application-Trace
X-Air-Pt
X-Cache-Ngx
X-Via-Ucdn
X-UA
X-Scale
Req-ID
X-CCDN-CacheTTL
X-Akamai-Pragma-Client-IP
X-Hcs-Proxy-Type
X-Shopify-Generated-Cart-Token
X-Logging-Id
X-Te-Duration-Ms
X-CCDN-Origin-Time
X-Te-Count
X-Http-Duration-Ms
X-Http-Count
X-Varnish-Authentication
MD5-Digest
CountryCode
X-Sentry-ID
Ngx
X-Last-Modified
X-Miniprofiler-Ids
X-CacheKey