Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Link
Cf-Request-Id
CF-Cache-Status
Accept-Ranges
CF-RAY
ETag
Expect-CT
Pragma
X-Powered-By
X-XSS-Protection
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-UA-Compatible
X-Cache-Hits
Alt-Svc
P3P
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Varnish
X-Request-Id
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Check
X-Cache-Status
X-Generator
X-Cacheable
Timing-Allow-Origin
P3p
X-Request-ID
X-Content-Security-Policy
X-Iinfo
Status
Feature-Policy
X-Envoy-Upstream-Service-Time
Content-Encoding
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
X-CDN
X-AspNetMvc-Version
Upgrade
X-Via
CF-Ray
X-Ws-Request-Id
Access-Control-Max-Age
Server-Timing
EagleId
Keep-Alive
X-Cache-Group
X-Turbo-Charged-By
Request-Context
X-Age
X-Server-Powered-By
X-Proxy-Cache
X-UA-Device
X-AH-Environment
X-Backend
X-Hacker
X-Robots-Tag
Report-To
X-Amz-Request-Id
X-LiteSpeed-Cache
Host-Header
X-Server
X-Dns-Prefetch-Control
X-Amz-Id-2
Grace
X-Rq
X-Nginx-Cache-Status
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-WebKit-CSP
X-Page-Speed
X-Vhost
EagleEye-TraceId
X-Amz-Version-Id
X-OneAgent-JS-Injection
X-Pingback
X-Dispatcher
X-Device
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Cache-Spec
NEL
X-Server-Id
X-Host
X-Backend-Server
X-Node
Cf-Railgun
X-Readtime
Accept-CH
X-Akam-SW-Version
Surrogate-Control
Request-Id
X-Response-Time
X-HW
X-Language
Xkey
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Template
X-Application-Context
X-Ruxit-JS-Agent
Accept-Ch-Lifetime
Content-Location
Rating
X-Ua-Compatible
X-Country
X-B3-TraceId
X-Cache-Lookup
X-Cloud-Trace-Context
X-Buckets
X-Ac
X-Url
X-Content-Type
X-Trace
Allow
X-Vname
X-TtlSet
X-PC
Accept-CH-Lifetime
X-Mod-Pagespeed
X-Clacks-Overhead
Edge-Control
X-Varnish-TTL
Cache-Tag
X-ESI
X-FastCGI-Cache
Fastly-Restarts
X-Rack-Cache
X-Server-Name
X-VARITI-CCR
Service-Worker-Allowed
X-Element-Page-Cache
Verso
X-MS-InvokeApp
X-GitHub-Request-Id
X-Upstream
X-Amz-Rid
MS-Author-Via
Public-Key-Pins
X-Vcap-Request-Id
X-Dw-Request-Base-Id
Accept-Ch
X-Cached
X-Client-IP
X-Abt-Application-Version
X-D2id
X-Origin-Cache
X-Country-Code
Arr-Disable-Session-Affinity
X-Px
X-Cnection
X-Goog-Hash
X-Aws-Lambda-Call-Status
X-Powered-By-Plesk
Access-Control-Request-Method
X-Cache-TTL
X-Version
X-NF-Request-ID
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
X-Instrumentation
X-Navigation-Version
RTSS
X-Amz-Server-Side-Encryption
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-Powered-CMS
Pagespeed
Display
X-Middleton-Display
X-Sol
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Kinja-Server
X-Kinja-Revision
X-Use-Magma
X-GoogleNews-Bot
X-Exp-Id
X-Cdn-Fetch
X-Kinja-Build
X-Exp-Variant
X-Kinja
Response
X-Middleton-Response
X-LLID
X-MSEdge-Ref
X-Edge
X-Edge-Location-Klb
X-Kinsta-Cache
AR-PoweredBy
AR-ATIME
AR-CACHE
AR-SID
AR-Request-ID
X-B3-TraceId-Primal
MRF-Tech
Nginx-Cache
Mrf-Cache-Status
X-Shield-Request-Id
S
X-HP-Webp
X-Jurisdiction
Content-MD5
X-HP-Trace-Id
X-CST
X-RateLimit-Remaining
X-T
X-Protected-By
X-TTL
X-Forwarded-For
TCN
X-Content-Security-Policy-Report-Only
X-Aspnetmvc-Version
X-Mg-S
X-Id
X-Mid
X-MCACHE
Fastcgi-Cache
Realpath
Front-End-Https
SPRequestDuration
SPIisLatency
Edge-Cache-Tag
X-Parallel-Accel
X-Recruiting
X-Ttl
X-Request-Processing-Time
X-Request-Received
X-Correlation-Id
Pinterest-Generated-By
Pinterest-Version
X-Pinterest-Rid
Server-Node
Filters
Fusion-Source
Fusion-Template-Id
Fusion-Deployment-Id
Fusion-Content-Source
Fusion-Component-Id
X-DynaTrace
Fusion-Content-Id
X-Ab
X-SharePointHealthScore
SPRequestGuid
X-Ua-Browser
X-Content
X-Ezoic-Cdn
X-ECACHE
Server-Name
Alternate-Protocol
X-Frontend
X-NWS-LOG-UUID
X-HS-Content-Id
X-HS-Combine-CSS
X-HS-Hub-Id
X-HS-Cache-Config
X-Accel-Expires
X-Hits
X-Yandex-Sdch-Disable
X-Tt-Trace-Host
X-Tt-Trace-Tag
MicrosoftSharePointTeamServices
X-Content-Options
X-Ruxit-Js-Agent
X-Page-Id
X-Cache-Key
X-Git-Hash
Cache-Tags
Host
Cleartype
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-B3-Sampled
Charset
X-Www-Served-By
X-Ser
X-Geo-Country
X-Content-Digest
X-Forwarded-Proto
TP-Cache
TP-L2-Cache
Filterid
X-Amz-Replication-Status
X-VCache
X-Hostname
X-Varnish-Age
X-DIS-Request-ID
X-Debug-Info
X-Daa-Tunnel
X-Amzn-Trace-Id
X-Fastly-Request-Id
X-AppVersion
X-Az
X-Activity-Id
X-Rid
X-Upgrade-Enabled
Access-Control-Allow-Method
X-Grace
X-Origin-Server
X-XRDS-LOCATION
X-Microsite
X-Request-Handler-Origin-Region
X-N
X-LB-Cache
X-FB-Debug
X-Origin-Upstream-Status
X-Nginx-Upstream-Cache-Status
X-Mobile-URL
ServerID
X-Aspnet-Duration-Ms
X-Providence-Cookie
X-Request-Guid
X-Route-Name
X-Is-Crawler
X-Flags
X-TT
X-Server-ID
X-F-Cache
X-Whom
X-NGENIX-Cache
Cross-Origin-Opener-Policy
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-Goog-Metageneration
X-Goog-Generation
X-App-Environment
X-Tb
X-Varnish-Grace
Viewport
X-Distributor
X-App-Server
Payment
X-WebKit-CSP-Report-Only
Node
X-FW-Dynamic
X-FW-Static
X-FW-Serve
X-FW-Hash
X-FW-Server
X-FW-Type
DC
Paypal-Debug-Id
X-Cache-Control
X-PressLabs-Stats
X-Seen-By
X-Logged-In
Fastcgi-Useragent
X-Oneagent-Js-Injection
X-Type
X-Cache-Age
X-User-Agent
Accept-Charset
Country
X-Fastcgi-Cache
X-Webkit-CSP
X-Fastly-Request-ID
X-Cache-Rule
X-Erf-Bev-Bev
X-Wix-Request-Id
X-Browser-Type
Version
X-Erf-Bev-Bev-Is-Generated
X-Varnish-Backend
X-Oracle-Dms-Ecid
X-Oracle-Dms-Rid
X-Load-Cache
X-Node-Name
X-Cache-Action
X-DataDome
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
Refresh
X-IPLB-Instance
Referer-Policy
X-Via-JSL
X-Drupal-Cache-Tags
X-Response-Served-From
Access-Control-Request-Headers
SD-X-WS
Cache-Status
X-Vgn-Hpd-Reason
X-Original-Request-Id
X-Page-View
Amp-Access-Control-Allow-Source-Origin
X-Jobs
X-Rendered-As
X-Cacheable-TTL
X-Proxy-Cache-Status
X-Real-IP
X-Is-Bot
X-Signature
NGB
X-B-Cache
DynaTrace
X-Revision
X-UUID
X-B
X-Cache-Expired-At
VIX-Pulpo-Upstream-Status
X-Contextid
VIX-Pulpo-Node
X-Ratelimit-Limit
X-Device-Type
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Drupal-Cache-Contexts
X-RemovedCookies
Liferay-Portal
X-ProcessESI
X-Debug
X-Cluster-Name
X-Framework
X-G
X-Debug-IsConnected
X-Proxy
Surrogate-Key
X-Debug-IsPreview
X-Mobile
X-Rule
X-Cache-Time
X-Instance
Akamai-GRN
X-Azure-Ref
Healthy
X-FW-Version
CF-IPCountry
X-Air-Source
X-Air-Hostname
X-Air-Trace-Id
SID
X-Source
X-Tec-Api-Origin
X-Tec-Api-Root
X-Tec-Api-Version
X-Ms-Request-Id
X-Ms-Version
Frame-Options
X-Cache-Hit
X-Nginx-Cache
MS-CV
Ms-Operation-Id
X-RTag
Section-Io-Cache
X-CDN-Forward
X-Environment-Context
Countrycode
X-L-Path
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-XRDS-Location
X-Tumblr-Pixel-1
Xserver
X-Tumblr-User
X-Varnish-Server
Count-Hit
X-RateLimit-Limit
X-Cache-Operation
GEO-INFO
X-Region
X-APP-VERSION
Uber-Trace-Id
X-Servername
X-Forwarded-Host
X-EdgeConnect-Cache-Status
X-Content-Powered-By
X-Litespeed-Cache
X-Accel-Buffering
X-Mode
X-Backend-Name
X-IPS-LoggedIn
Cross-Origin-Window-Policy
Backend
X-Zen-Fury
X-Adobe-Loc
X-Adobe-Content
Ec-Rule-Version
X-Alternate-Cache-Key
X-RN-RSRV
X-Sorting-Hat-PodId
X-Shopify-Stage
X-UPSTREAM-Address
X-SaId
Meta-Geo
X-JoinUs
X-Detected-As
X-ShardId
X-ShopId
X-Sorting-Hat-ShopId
X-Cache-Type
X-Uri
X-Redis-Cache
X-Sql-Duration-Ms
X-Debug-Cache
X-Generation-Time
X-Cache-TTL-Remaining
X-Varnish-Beresp-Grace
X-Human
X-Cache-Grace
X-Microcachable
X-Sql-Count
Country-Code
X-Hosted-By
X-ProxyCache-Key
X-ServerID
X-ProxyCache-Status
Mn-Server-Ip
X-Origin-Date
X-PHP-Backend
Eomportal-Instance
X-BYPASS-REASON
X-Tid
Cache-Name
X-NCache
X-Cache-Host
X-Site-Version
X-No-Session
X-Status
X-Cache-Server
X-Via-Fastly
Url
X-UA-Device-Type
X-Storage
Apigw-Requestid
X-FB-TRIP-ID
DB-Nickname
X-Timing-Wait
X-Time
X-Proxy-Build
Decoy-Debug-Key
X-Say-TTL
X-Web-Node
Decoy-Debug-TTL
X-Akamai-Edgescape
Cache-Tv-Group
X-SayCDN-TTL
Decoy-Debug-Status
Selected-Fe
X-Say-Cacheable
Fastly-SSL
X-OCL
X-Proxied
X-Origin-Hint
X-PERF
OT-Force-Account-Verify
X-PCL
TWC-Privacy
Webcakes-Region
X-Extlb
Webcakes-App-Version
Webcakes-App-Name
X-Varnishpool
X-ApacheServer
X-Hl-Ver
X-Format
X-Azure-Ref-OriginShield
X-Rewrite-Enabled
X-Zipkin-Id
Property-Id
TWC-Locale-Group
X-R9-Blue-Green-Version
Protected
X-Routing-Service
TWC-GeoIP-LatLong
X-Pubstack
TWC-GeoIP-Country
TWC-Device-Class
TWC-Connection-Speed
X-Cache-NGX
X-Access
Source
X-LSADC-Cache
X-Section
X-NYM-Debug-Backend
Content-Secure-Policy
X-Server-W
Azure-InstanceId
X-Soup
Azure-SlotName
Azure-RegionName
Azure-Version
Azure-SiteName
X-Be
X-Cluster-Node
X-App-Version
X-Webkit-Csp
X-Content-Age
X-SRV
X-Ratelimit-Reset
X-HTML-Minification-Powered-By
CDN-PullZone
CDN-EdgeStorageId
CDN-Uid
X-Cache-Var-Map
CDN-RequestCountryCode
CDN-RequestId
X-Cached-By
CDN-CachedAt
X-Cache-Var
CDN-Cache
X-Ua
X-NewRelic-App-Data
X-Amz-Meta-S3cmd-Attrs
X-TT-LOGID
Content-Disposition
Cache
X-LAGOON
SRV
X-Generated-By
X-Bc-Bl
X-Hyper-Cache
X-Varnish-Hits
X-Varnish-Hostname
X-TNCMS
Webserver
X-Loop
Onion-Location
X-S-Maxage
X-Presslabs-Stats
X-Unique-Id
X-Dc
X-Nginx-Cache-Key
X-GEO
X-Auto-Login
Cache-Hits
Web-Mar-Node
X-Origin-CC
Retry-After
X-Origin-TTL
X-Proto
X-Cdn
Xet-Cookie
X-Tumblr-Pixel-2
LB
X-Tumblr-Pixel-3
X-M-Log
X-Time-Microsecs
X-Akamai-Transformed
X-Tenant
X-M-Reqid
X-Qnm-Cache
Mime-Version
X-Edge-Location
X-CSRF-Token
X-Platform-Server
X-VWS-Id
X-Endurance-Cache-Level
X-LJ-Flow-ID
X-GG-Cache-Date
X-AWS-Id
X-Trace-Id
X-CACHE-KEY
HostName
CloudFront-Viewer-Country
X-ECache
X-B3-SpanId
N-Cache
X-Amzn-RequestId
X-Xrds-Location
X-Xfnlog-Site
X-Labrador-Cache-Channel
X-Amz-Apigw-Id
X-PHP-Host
WPO-Cache-Status
X-Cache-Tags
X-Mg-Request-UUID
WPO-Cache-Message
X-Cache-Remote
X-Storefront-Renderer-Rendered
Upgrade-Insecure-Requests
X-RCS-CacheZone
ServedBy
X-Varnish-Cache-Hits
X-Request-Time
Nel
X-Origin-Response-Time
X-Locale
X-AOL-HN
X-Adobe-Source
Surrogated-Key
State
X-Vdms-Path
User-Cache-Control
Rendered-Blocks
X-A-Dam
X-A-Wwc
X-TIM-N
X-Aed
X-A-Dgt
X-A-Dcw
X-A
X-A-Ccd
Redirect-Candidate
X-V-Cache
Odigeo-Trace-Id
BehaviorPad-Version
DCR-Decision-By
DCR-Processing-Time-Ms
A
X-Vtex-Processado-Em
Xc-Version
X-Vtex-Remote-Cache
DSUID
Expiry
Mobile-Detection-Method
X-Application
Origin
Meta-Geo-Continent
X-Vdms-Version
X-VG-WebCache
Fastcgi-X-Cache-Version
Pramga
X-Block-Status
X-Hnp-Log
X-Ig-Push-State
X-NAPM-TraceId
X-ND-Cache
X-Gen-Mode
X-ScT
X-Session-Fingerprint
X-SD-PageType
X-Ftr-Request-Id
X-S-Cookie
X-Orig-Expires
X-Planisys-CDN-TTL
X-Processor
X-Request-Host
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-PAYTM-SRV-ID
X-S
X-PBS-Appsvrname
X-Shop-Environment
X-Slack-Backend
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Ckpd-Fst-Backend
X-Cache-NE
X-Cache-Date
X-B-Cookie
X-Rojux
X-SVT-ORM-VERSION
X-Cluster
X-Conf
X-Forwarded-Path
X-SVT-ORM-RULES
X-SRCache-Key
X-Fastly-Cache
X-External-Request-Id
X-D
X-Destination
X-Developer
X-ARC
X-Connection-Hash
X-VC-Cache
X-Handled-By
X-Via-NSCOPI
Environment
AMP-Access-Control-Allow-Source-Origin
X-TIME
Server-Info
Datacenter
X-ATG-Version
Host-ID
X-Gdpr
X-Forwarded-Site
L
X-Device-Os
X-Epic-Correlation-Id
X-Fetched-On
X-Hash
X-Li-Fabric
X-Nyt-Route
X-Old-Content-Length
X-Origin-Expires
X-Mvc-Supplant-Cachable
X-Men
Traceparent
X-LI-UUID
V-Age
X-Date
X-BBC-Edge-Cache-Status
Release
X-Cache-Bucket
Req-Svc-Chain
X-Accel-Expires-Debug
Wxu-Next-Hostname
X-Ratelimit-Remaining
X-Cache-Debug
X-Cache-Info
Vix-Hermes-Req-Id
X-Core-Mission
Origin-CC
X-Origin-Time
Wxu-Next-Commit
Origin-EX
Wxu-Next-Region
X-Li-Pop
X-Owner
X-Varnish-Beresp-Status
X-Rocket-Nginx-Serving-Static
X-Sucuri-Cache
X-Scheme
X-Sucuri-ID
Arc-Country
X-TH-Server
X-Served-From
X-VG-TLSProxy
Cmstype
X-Proxy-Upstream
X-Policy
X-Skip-Cache
X-Server-IP
Cmsid
X-VServer
CDCHOST
X-Varnish-Ttl
From-Origin
X-Reqid
X-MP-GENERATED-AT
X-Branch-Name
X-Sn-Servicetimems
X-Cache-Id
X-Aicache-OS
Web-Mar-Region
We-Hiring
X-Webstats-RespID
True-Client-Country-4JS
X-Viewer-Country
X-VarnishDD-TTL
X-Thanos
X-Sigma-Backend
X-TrackingId
X-Magnolia-Registration
X-Bip
X-Datadog-Trace-Id
X-Gzip
X-Region-Sid
X-GeoIP-City
X-GeoIP
X-Geo-Header
X-HN
X-Irp-Debug
X-Platform
X-Location
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-Req
X-Request-Start
X-Datadog-Sampling-Priority
X-Datadog-Parent-Id
X-Core-Value
X-Cdn-Origin
X-EC-Lua
X-Envoy-Decorator-Operation
X-Gamma-Serve
X-Rocket-Build-Number
X-Fastly-Backend
X-Esi-Check
X-Sigma
X-NodeID
PFcat
AKAMAI
Fastcgi-Cache-TTL
Fastly-GeoIP-CountryCode
Gh-Request-Id
Fastly-SIE
Apple-News-Services-Handled
Apple-News-Services-Host
Candidate-Md5Url
Locid
CacheControlHeader
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
NGX
Fastly-SWR
Mail-Subject
Svr
Machine
X-CS
X-DPWN-IS-SECURE
Memcached
L5d-Success-Class
X-Developers
X-RateLimit-Limit-Second
X-Eu-Site
X-RateLimit-Remaining-Second
X-Origin
X-FC-Vary-Parameters
X-Qloud-Router
Is-Eu
X-Csrf-Jwt
X-Cache-Config
Ha-Gx-Prefs
NM-Fastcgi-Cache
X-Generated-On
X-HS-Content-Campaign-Id
X-DefElseHash
X-Loc
HA-Ipaddr
X-DefHash
X-Level-Front-Cache
X-CGP
X-NU-AKA-ACS-Version
Platform
X-Tx-Id
X-Varnish-CookieINHashed-On
X-Varnish-Remaining-TTL
X-Thinkindot-L3
X-UnsetCookies
Server-Host
X-Variation
X-Zone
X-Varnish-CookieHashed-On
Sslversion
TDXMobile
Adler-Geo
X-Amzn-Remapped-Content-Length
Thinkindot-Control
X-Backend-State
X-Request-URI
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
X-Node-Id
X-Varnish-Beresp-Ttl
Fastly-Drupal-Html
X-FireWall-Port
X-Correlation-ID
X-Trace-ID
X-Response-By
WWW-Authenticate
X-Cdn-Srv
On-Server
Ssr
X-CLOUD-TRACE-CONTEXT
X-Mvc-Supplant-OutputCached
X-Pod-Name
X-Up
X-Worker
Cf-Device-Type
X-JWT-State
X-Has-Esi
X-Is-Gdpr
Esi-Enabled
WP-Super-Cache
Pics-Label
CDN
X-LB-ID
X-API-Version
Ms-Author-Via
X-Generated-In
X-NC
X-Vc
X-Datadome
X-Refresh
NtCoent-Length
C-Via
Memory
Time
X-LB-NoCache
X-Cache-Enabled
X-Service
X-TA-CDN-Provider
X-GeoIP-Region-Code
X-Cache-PHP
X-DC
X-Via-Popv
X-Via-Popn
X-Via-Poph
X-GeoIP-Country-Code
X-Backend-TTL
X-DynaTrace-JS-Agent
X-Dynatrace
X-Tb-Optimization-Total-Bytes-Saved
Magicmarker
Env
X-NWS-UUID-VERIFY
X-Cache-Ttl
X-Edge-Pop
X-Tt-Logid
X-TraceId
X-Cache-Status-Check
GeoIp-Country-Code
X-Optimistic-Header
X-Render-Time
X-Parent-Response-Time
X-Esi
X-CacheTTL
Kp-EeAlive
X-Servedbyhost
X-Info
X-ZONE
X-Restarts
X-Unique-ID
Server-ID
X-Varnish-Beresp-TTL
S-Rt
X-Wix-Viewer-Type
X-Srv
X-RPS
Edge-Cache
X-DB
X-DSS
X-DI
X-DW
X-RSL
X-Action
X-RPM
X-AIR-PT
X-Cache-Backend
X-TX-ID
X-MSEdge-Features
X-Clientip
X-MSEdge-Flight
WebServer
Proxy-Connection
X-VCL-Version
X-Cs
X-Oss-Object-Type
X-Oss-Request-Id
HIT
X-Traceid
X-App
UCS
X-Webkit-CSP-Report-Only
X-Oss-Server-Time
X-Oss-Hash-Crc64ecma
Cache-Host
X-Fpc
X-HA-Backend
X-Minions-Version
X-Oss-Storage-Class
X-LI-Proto
X-Newrelic-Synthetics
X-URL
X-Li-Proto
S-Cnection
X-Webkit-Csp-Report-Only
Test
X-Http-Reason
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
Section-Io-Origin-Status
X-Akamai-Request-ID2
Section-Io-Id
X-FPC
Lb
X-NODE
X-LiteSpeed-Cache-Control
X-Micro-Cache
User-Agent
X-Vcl-Version
Geo-Info
Tcn
Fastly-Backend-Name
Accept-Language
Server-Id
X-B3-Spanid
X-Backend-Host
X-Ec-GeoHdr
X-Ec-Fail
X-Pad
X-Pass-Why
X-User
X-Release
Fastly-Drupal-HTML
X-HostName
X-Urbn-Context-Path
Locale
X-BCube-Filmed-By
Cf-Int-Pingora-Origin-Digest
X-Check-Cacheable
X-LiteSpeed-Tag
X-Urbn-Site-Id
Resin-Trace
X-APP
X-CSRF-TOKEN
X-BBC-Origin-Response-Status
X-ID
GeoIP-Country-Code
X-ES-SERVER
Hostname
X-Ha-Backend
Hit
Cdncip
M-TraceId
X-Fmm-Version
X-Clara-WADP
X-AK-Request-ID
X-WADP-Cache
Cdnsip
X-ServedByHost
Path
Ohc-File-Size
VNS-Cache
Srv
Cache-Key
EpKe-Alive
CPC-Cache
CPC-Age
VNS-Age
X-Amz-Meta-Cb-Modifiedtime
X-WA-Info
X-WA
X-Dynatrace-Js-Agent
X-Geo
X-RateLimit-Reset
Cluster
MIME-Version
X-Cdn-Forward
X-Edge-POP
X-ElasticPress-Query
ENV
X-Via-PopV
X-Via-PopN
My-App
X-Via-PopH
X-Var-Ttl
X-From
Shield-Pop
X-CUA
Geoip-Latitude
Load-Balancing
X-PJAX-URL
X-Edge-Cache
Tracecode
X-Wikidot-Static-Cache
X-Cms-Context
Lfy
Pagetype
X-HS-Status
X-Wikidot-Backend
X-Api-Version
X-NGINX-Cache
X-Akamai-Pragma-Client-IP
URI
X-CCDN-CacheTTL
X-Hcs-Proxy-Type
X-Fastly-Cache-Hits
MD5-Digest
X-ServerName
X-Ucs
X-CCDN-Origin-Time
X-Via-Ucdn
T-Server
X-Fastly-Backend-Reqs
X-GoCache-CacheStatus
X-Mcache
Sever-Int
Lang
Servername
X-Fragments
X-UP
X-RAMCache
Server-Hostname
X-VG-WebServer
Server-Ext
X-SIPLIST1
IsBot
X-TRACE-ID
X-Dw-Trace-Id
X-B3-ParentSpanId
Cdn
X-WP-CF-Super-Cache-Cache-Control
X-Lb-Id
W
X-Nc
X-WP-CF-Super-Cache
X-VC
Target-Params
Cneonction
X-Cdn-Request-ID
X-Cache-Expires
Ohc-Cache-HIT
WZWS-RAY
X-Acquia-Purge-Tags
X-Cache-ASPX
Uri
X-Swift-Error
X-Platform-Processor
X-Newrelic-App-Data
X-Acquia-Site
X-Acquia-Application-UUID
X-Platform-Router
X-Snapshot-Date
X-Platform-Cluster
X-Contensis-Viewer-Groups
X-Acquia-Application-Trace
Dnion-Transfer-Encoding
Cteonnt-Length
X-Yottaa-OS
X-Apw-Hits
X-Apw-Access-Object
X-Provided-By
X-UA
Vha6-Origin
PICS-Label
CF-Cached-On
X-Akamai-Request-ID
X-Apw-Access-Token
HitType
Cf-Ipcountry
X-Apw-Access-Action
X-Cache-Ngx
Sid
X-Air-Pt
GeoIP-Latitude
X-Last-Modified
X-Akamai-ERPolicy
X-Http-Duration-Ms
X-Te-Duration-Ms
Server-Ttl
X-Akamai-ERRuleID
X-Te-Count
X-B3-Parentspanid
X-Logging-Id
X-Miniprofiler-Ids
Req-ID
X-Lb-Nocache
X-CacheKey
CountryCode
X-Cc-Via
X-Varnish-Authentication
X-Via-CDN
Ngx
X-Sentry-ID
X-Http-Count