Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-Cache-Status
Link
Accept-Ranges
CF-RAY
ETag
X-XSS-Protection
Expect-CT
Pragma
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
Alt-Svc
X-UA-Compatible
X-Served-By
X-Xss-Protection
X-Download-Options
X-Request-Id
X-Timer
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Check
X-Cache-Status
X-Generator
X-Cacheable
Timing-Allow-Origin
X-Content-Security-Policy
X-Iinfo
Feature-Policy
Status
X-Envoy-Upstream-Service-Time
Content-Encoding
Access-Control-Expose-Headers
P3p
X-Drupal-Dynamic-Cache
X-CDN
X-AspNetMvc-Version
Upgrade
X-Via
CF-Ray
X-Ws-Request-Id
Access-Control-Max-Age
X-Request-ID
Server-Timing
EagleId
Keep-Alive
X-Cache-Group
X-Turbo-Charged-By
Request-Context
X-Age
X-Server-Powered-By
X-Proxy-Cache
X-UA-Device
X-Ua-Compatible
X-AH-Environment
X-Backend
X-Hacker
X-Robots-Tag
Report-To
X-Amz-Request-Id
X-Server
Host-Header
X-Amz-Id-2
Grace
X-LiteSpeed-Cache
X-Rq
X-Nginx-Cache-Status
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-Dns-Prefetch-Control
X-WebKit-CSP
X-Page-Speed
X-Vhost
EagleEye-TraceId
X-Amz-Version-Id
X-OneAgent-JS-Injection
X-Pingback
X-Dispatcher
X-Device
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Cache-Spec
NEL
X-Host
X-Server-Id
Cf-Railgun
X-Backend-Server
X-Node
X-Readtime
Accept-CH
X-Akam-SW-Version
Surrogate-Control
Request-Id
X-Response-Time
X-HW
Xkey
Accept-Ch-Lifetime
X-Application-Context
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Content-Location
Rating
X-Ruxit-JS-Agent
X-Country
X-B3-TraceId
X-Cache-Lookup
X-Cloud-Trace-Context
X-Trace
X-Ac
Accept-CH-Lifetime
X-Content-Type
X-Url
Allow
X-TtlSet
X-PC
X-Vname
X-Varnish-TTL
X-Clacks-Overhead
X-Mod-Pagespeed
Edge-Control
X-ESI
X-FastCGI-Cache
X-Server-Name
Fastly-Restarts
Cache-Tag
Service-Worker-Allowed
X-VARITI-CCR
X-Rack-Cache
Verso
X-Element-Page-Cache
X-MS-InvokeApp
X-GitHub-Request-Id
X-Upstream
MS-Author-Via
Accept-Ch
X-Amz-Rid
X-Aws-Lambda-Call-Status
X-Vcap-Request-Id
Public-Key-Pins
X-Cached
X-Dw-Request-Base-Id
X-Client-IP
X-D2id
X-Abt-Application-Version
X-Cache-TTL
X-Cnection
X-Origin-Cache
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-Px
Arr-Disable-Session-Affinity
X-Navigation-Version
Access-Control-Request-Method
RTSS
X-Country-Code
X-Powered-By-Plesk
X-NF-Request-ID
X-Goog-Hash
X-Instrumentation
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
X-Kinja-Build
X-Kinja
X-Cdn-Fetch
X-Exp-Variant
X-GoogleNews-Bot
X-Use-Magma
X-Kinja-Revision
X-Exp-Id
X-Kinja-Server
X-Powered-CMS
X-Version
X-Language
AR-Request-ID
AR-SID
AR-PoweredBy
AR-CACHE
AR-ATIME
Display
Pagespeed
X-Middleton-Display
X-Sol
X-Amz-Server-Side-Encryption
X-Middleton-Response
Response
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-MSEdge-Ref
X-LLID
X-Edge
X-TTL
X-Kinsta-Cache
X-Edge-Location-Klb
Nginx-Cache
X-Template
Mrf-Cache-Status
MRF-Tech
X-B3-TraceId-Primal
X-RateLimit-Remaining
X-Protected-By
X-Jurisdiction
X-HP-Webp
X-HP-Trace-Id
X-Shield-Request-Id
TCN
X-T
S
X-Forwarded-For
X-Content-Security-Policy-Report-Only
X-Aspnetmvc-Version
X-Id
Content-MD5
X-Mg-S
X-Mid
Edge-Cache-Tag
Realpath
Fastcgi-Cache
SPIisLatency
SPRequestDuration
Front-End-Https
X-MCACHE
X-CST
X-Recruiting
X-Request-Received
X-Request-Processing-Time
Pinterest-Generated-By
Pinterest-Version
X-Pinterest-Rid
Filters
Server-Node
X-Content
X-Ab
X-Ua-Browser
Server-Name
X-DynaTrace
X-Frontend
X-Ruxit-Js-Agent
X-Ttl
X-ECACHE
SPRequestGuid
X-SharePointHealthScore
X-NWS-LOG-UUID
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Cache-Config
X-Parallel-Accel
X-HS-Combine-CSS
X-Correlation-Id
X-Yandex-Sdch-Disable
Fusion-Deployment-Id
Fusion-Content-Source
Fusion-Source
Fusion-Template-Id
X-Ezoic-Cdn
Fusion-Content-Id
Fusion-Component-Id
X-Cache-Key
X-Hits
Alternate-Protocol
X-Ser
X-Content-Options
X-Buckets
X-Tt-Trace-Tag
X-Tt-Trace-Host
MicrosoftSharePointTeamServices
Cache-Tags
X-Kong-Upstream-Latency
Charset
X-Page-Id
X-B3-Sampled
Host
X-Kong-Proxy-Latency
X-Git-Hash
Cleartype
X-Www-Served-By
X-Geo-Country
X-DIS-Request-ID
X-Daa-Tunnel
X-Accel-Expires
X-Amzn-Trace-Id
X-Debug-Info
X-Amz-Replication-Status
X-Varnish-Age
X-Content-Digest
Filterid
X-Fastly-Request-Id
X-Az
X-Activity-Id
X-Hostname
X-AppVersion
X-Forwarded-Proto
X-FB-Debug
TP-L2-Cache
X-VCache
TP-Cache
X-Upgrade-Enabled
X-Rid
X-N
Access-Control-Allow-Method
X-Grace
X-Origin-Server
Cross-Origin-Opener-Policy
X-Nginx-Upstream-Cache-Status
X-LB-Cache
X-Mobile-URL
X-F-Cache
X-Route-Name
X-Request-Guid
X-Is-Crawler
X-Flags
X-Providence-Cookie
X-Aspnet-Duration-Ms
X-Server-ID
X-XRDS-LOCATION
X-Whom
ServerID
X-TT
X-Varnish-Grace
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
Node
X-Goog-Generation
X-Goog-Storage-Class
X-Tb
X-WebKit-CSP-Report-Only
X-App-Environment
X-Type
X-FW-Serve
X-FW-Dynamic
X-FW-Hash
X-FW-Static
X-FW-Server
Viewport
Payment
X-App-Server
X-FW-Type
Paypal-Debug-Id
DC
X-Distributor
X-Seen-By
X-NGENIX-Cache
X-Ratelimit-Limit
X-Origin-Upstream-Status
X-User-Agent
Fastcgi-Useragent
Country
X-Oneagent-Js-Injection
Accept-Charset
X-Cache-Control
X-Litespeed-Cache
X-Logged-In
X-Microsite
X-Cache-Rule
X-Request-Handler-Origin-Region
X-Wix-Request-Id
X-Webkit-CSP
Version
X-Cache-Age
X-Fastly-Request-ID
X-DataDome
X-Erf-Bev-Bev-Is-Generated
X-Via-JSL
X-Browser-Type
X-Erf-Bev-Bev
X-Varnish-Backend
Referer-Policy
X-Drupal-Cache-Tags
Refresh
X-Tec-Api-Root
X-Tec-Api-Version
X-Tec-Api-Origin
X-Cluster-Name
X-Contextid
X-Load-Cache
X-Node-Name
X-Response-Served-From
X-Mobile
X-Signature
X-Original-Request-Id
Access-Control-Request-Headers
SD-X-WS
X-B-Cache
Cache-Status
X-Vgn-Hpd-Reason
X-Jobs
X-Real-IP
X-Cache-Expired-At
X-Cacheable-TTL
X-Fastcgi-Cache
X-RemovedCookies
X-Proxy-Cache-Status
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Rendered-As
X-IPLB-Instance
X-ProcessESI
X-Debug
X-Cache-Action
X-B
Amp-Access-Control-Allow-Source-Origin
X-Is-Bot
X-Page-View
X-Proxy
X-UUID
X-Instance
X-Device-Type
X-Revision
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-G
NGB
X-Rule
X-Cache-Time
Surrogate-Key
X-Drupal-Cache-Contexts
X-Framework
X-Debug-IsConnected
X-Debug-IsPreview
Akamai-GRN
X-FW-Version
X-Air-Source
X-Air-Hostname
X-Air-Trace-Id
SID
DynaTrace
X-Oracle-Dms-Rid
X-Oracle-Dms-Ecid
CF-IPCountry
X-PressLabs-Stats
Liferay-Portal
X-Ratelimit-Reset
X-Azure-Ref
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-Nginx-Cache
Healthy
GEO-INFO
Frame-Options
X-CDN-Forward
X-Source
Count-Hit
X-Ms-Request-Id
X-Ms-Version
X-Presslabs-Stats
X-RTag
MS-CV
Ms-Operation-Id
X-Cache-Operation
X-XRDS-Location
Uber-Trace-Id
X-Accel-Buffering
X-EdgeConnect-Cache-Status
X-APP-VERSION
X-Tumblr-User
Xserver
X-L-Path
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
X-Tumblr-Pixel
X-Environment-Context
Countrycode
X-Zen-Fury
X-Varnish-Server
X-Cache-Hit
X-Backend-Name
Ec-Rule-Version
X-Mode
X-Cache-NGX
Cross-Origin-Window-Policy
X-Forwarded-Host
X-RateLimit-Limit
X-Region
X-Servername
X-IPS-LoggedIn
X-Content-Powered-By
Backend
X-UPSTREAM-Address
Protected
X-JoinUs
X-SaId
X-Rewrite-Enabled
X-Cache-TTL-Remaining
X-Detected-As
X-RN-RSRV
X-Cache-Type
Meta-Geo
X-NewRelic-App-Data
X-Proxied
X-Sorting-Hat-ShopId
X-Alternate-Cache-Key
Section-Io-Cache
X-Cache-Server
X-Varnish-Beresp-Grace
X-Extlb
X-Shopify-Stage
X-Sorting-Hat-PodId
X-Tid
X-Routing-Service
Fastly-SSL
X-Generation-Time
Apigw-Requestid
Eomportal-Instance
X-ShardId
X-Zipkin-Id
X-Debug-Cache
X-ShopId
X-Cache-Grace
Country-Code
Decoy-Debug-Key
Cache-Name
Url
X-BYPASS-REASON
Decoy-Debug-TTL
X-ProxyCache-Key
X-ApacheServer
Mn-Server-Ip
Decoy-Debug-Status
X-UA-Device-Type
X-No-Session
X-Format
X-Origin-Date
X-NCache
X-PHP-Backend
X-NYM-Debug-Backend
X-ProxyCache-Status
Cache-Tv-Group
X-PERF
X-ServerID
X-FB-TRIP-ID
X-Uri
X-Sql-Duration-Ms
X-Human
X-Storage
X-Microcachable
X-Sql-Count
X-Via-Fastly
X-Soup
X-Hosted-By
Selected-Fe
X-OCL
Property-Id
X-Proxy-Build
DB-Nickname
X-Section
X-Server-W
TWC-Locale-Group
X-Access
Webcakes-Region
X-Status
X-Adobe-Loc
X-Site-Version
X-Timing-Wait
X-Akamai-Edgescape
Webcakes-App-Version
Webcakes-App-Name
TWC-GeoIP-LatLong
TWC-GeoIP-Country
TWC-Device-Class
X-Origin-Hint
X-Cluster-Node
X-PCL
TWC-Privacy
TWC-Connection-Speed
X-Adobe-Content
SRV
X-Web-Node
OT-Force-Account-Verify
X-Pubstack
X-Varnishpool
X-Redis-Cache
X-Say-TTL
X-SayCDN-TTL
X-R9-Blue-Green-Version
X-Say-Cacheable
X-Cache-Host
X-Hl-Ver
X-Content-Age
Azure-SiteName
X-Hyper-Cache
Azure-SlotName
Azure-RegionName
X-Be
Azure-InstanceId
Azure-Version
X-LSADC-Cache
X-Webkit-Csp
LB
CDN-RequestId
CDN-Uid
CDN-RequestCountryCode
CDN-PullZone
CDN-Cache
CDN-EdgeStorageId
X-Azure-Ref-OriginShield
X-Ua
CDN-CachedAt
Content-Secure-Policy
Content-Disposition
X-Generated-By
Source
WPO-Cache-Message
WPO-Cache-Status
X-Trace-Id
Cache
X-Cached-By
X-TIME
X-Nginx-Cache-Key
X-Unique-Id
X-Dc
X-LAGOON
X-Bc-Bl
X-App-Version
X-TT-LOGID
X-Auto-Login
Cache-Hits
X-SRV
X-Origin-CC
X-Origin-TTL
X-Varnish-Hits
X-HTML-Minification-Powered-By
X-Varnish-Hostname
Xet-Cookie
X-Loop
X-TNCMS
X-Cdn
Retry-After
X-S-Maxage
Onion-Location
X-Platform-Server
X-Akamai-Transformed
X-Ratelimit-Remaining
HostName
X-Time
X-Correlation-ID
Mime-Version
X-GEO
X-Amz-Meta-S3cmd-Attrs
X-Xfnlog-Site
X-Tumblr-Pixel-2
X-Cache-Var
X-Tumblr-Pixel-3
X-CSRF-Token
X-Cache-Var-Map
X-Cache-Remote
X-Proto
X-Cache-Tags
X-Varnish-Cache-Hits
X-Edge-Location
Web-Mar-Node
Upgrade-Insecure-Requests
X-Request-Time
X-Endurance-Cache-Level
X-Tenant
ServedBy
Webserver
X-Time-Microsecs
X-ECache
X-EC-Lua
X-Xrds-Location
X-AOL-HN
X-LJ-Flow-ID
N-Cache
X-VWS-Id
X-AWS-Id
X-GG-Cache-Date
X-FireWall-Port
CloudFront-Viewer-Country
X-Request-Host
X-M-Log
From-Origin
X-M-Reqid
Nel
X-Mg-Request-UUID
X-Qnm-Cache
X-Amzn-RequestId
X-Via-NSCOPI
X-B3-SpanId
X-Amz-Apigw-Id
X-Vdms-Path
BehaviorPad-Version
X-Vdms-Version
X-PBS-Appsvrname
Odigeo-Trace-Id
X-CF-Lambda-Fn
X-Ftr-Request-Id
Origin
CDCHOST
X-PAYTM-SRV-ID
X-CF-Lambda-Version
X-SVT-ORM-RULES
X-Ckpd-Fst-Backend
X-Forwarded-Path
X-Orig-Expires
Expiry
X-D
X-NAPM-TraceId
X-ND-Cache
L
A
X-Developer
X-Ig-Push-State
X-Destination
WP-Super-Cache
Meta-Geo-Continent
DSUID
X-V-Cache
X-Connection-Hash
X-Origin-Response-Time
X-Conf
Mobile-Detection-Method
Fastcgi-X-Cache-Version
DCR-Decision-By
DCR-Processing-Time-Ms
X-External-Request-Id
X-Cluster
Redirect-Candidate
X-S-Cookie
X-SRCache-Key
Xc-Version
X-S
X-Rojux
X-Vtex-Remote-Cache
X-A
X-ScT
X-Aed
V-Age
X-Session-Fingerprint
X-B-Cookie
X-ARC
X-SD-PageType
X-Application
X-Cache-Date
Surrogated-Key
X-A-Dcw
X-A-Dam
Rendered-Blocks
X-A-Dgt
X-SVT-ORM-VERSION
X-A-Wwc
X-Processor
X-Cache-NE
X-A-Ccd
X-Shop-Environment
X-Vtex-Processado-Em
Sslversion
X-TIM-N
X-VG-WebCache
Pramga
X-PHP-Host
X-RCS-CacheZone
X-Labrador-Cache-Channel
X-MP-GENERATED-AT
X-Handled-By
X-Epic-Correlation-Id
X-Eu-Site
Ssr
X-Envoy-Decorator-Operation
State
Svr
Fastcgi-Cache-TTL
X-Fetched-On
Origin-CC
Cmstype
Cmsid
Release
X-CGP
X-Cache-Bucket
Origin-EX
PFcat
X-Device-Os
Host-ID
HA-Ipaddr
X-Core-Mission
X-Csrf-Jwt
X-Backend-State
User-Cache-Control
L5d-Success-Class
Ha-Gx-Prefs
True-Client-Country-4JS
Wxu-Next-Region
X-Block-Status
Traceparent
Wxu-Next-Hostname
Gh-Request-Id
Wxu-Next-Commit
X-Cdn-Srv
X-Location
X-Rocket-Nginx-Serving-Static
X-Nyt-Route
X-Server-IP
X-Origin-Expires
X-NodeID
X-Aicache-OS
Vix-Hermes-Req-Id
X-LI-UUID
X-Slack-Backend
X-Skip-Cache
X-Origin-Time
X-Owner
X-Request-URI
X-Locale
X-Varnish-Beresp-Status
X-Policy
X-Served-From
X-Planisys-CDN-TTL
X-UnsetCookies
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-VarnishDD-TTL
X-Scheme
X-Li-Pop
X-Geo-Header
AMP-Access-Control-Allow-Source-Origin
AKAMAI
X-Gen-Mode
Arc-Country
CacheControlHeader
X-Sucuri-ID
X-Gdpr
X-Hash
X-Sucuri-Cache
X-Hnp-Log
X-Li-Fabric
X-VServer
X-Storefront-Renderer-Rendered
X-HN
Environment
X-Zone
X-NWS-UUID-VERIFY
X-Cache-Enabled
Server-Info
Fastly-Drupal-Html
X-Branch-Name
X-Thinkindot-L3
X-Rocket-Build-Number
X-Sigma-Backend
X-Sn-Servicetimems
X-Thanos
X-VG-TLSProxy
X-Webstats-RespID
X-Adobe-Source
X-BBC-Edge-Cache-Status
X-Sigma
X-Bip
X-Platform
X-Level-Front-Cache
X-Date
X-Datadog-Trace-Id
X-Datadog-Sampling-Priority
X-Men
X-Developers
X-GeoIP-City
X-Fastly-Backend
X-Fastly-Cache
X-Gamma-Serve
X-Generated-On
X-GeoIP
X-Datadog-Parent-Id
X-Mvc-Supplant-Cachable
X-RateLimit-Remaining-Second
X-Cdn-Origin
X-Cache-Info
X-Region-Sid
X-Reqid
X-TrackingId
X-RateLimit-Limit-Second
X-Old-Content-Length
X-Core-Value
X-Forwarded-Site
X-Accel-Expires-Debug
X-Proxy-Upstream
X-Request-Start
X-Cache-Debug
Locid
TDXMobile
Thinkindot-CacheControl
Apple-News-Services-Request-Url
Server-Host
Req-Svc-Chain
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Apple-News-Services-Handled
Thinkindot-Control
Thinkindot-CacheControl-Type
X-VC-Cache
X-Magnolia-Registration
NGX
Memcached
X-Qloud-Router
Mail-Subject
NM-Fastcgi-Cache
X-TH-Server
X-Req
X-Esi-Check
X-Pod-Name
X-Response-By
Machine
X-Loc
Cf-Device-Type
X-DefElseHash
X-DefHash
Fastly-SIE
Fastly-GeoIP-CountryCode
X-Rebelmouse-Cache-Control
X-DPWN-IS-SECURE
Is-Eu
X-FC-Vary-Parameters
Fastly-SWR
Platform
X-Worker
X-ATG-Version
X-Is-Gdpr
X-Irp-Debug
X-NU-AKA-ACS-Version
X-JWT-State
We-Hiring
Web-Mar-Region
X-Amzn-Remapped-Content-Length
X-Backend-TTL
X-Node-Id
X-HS-Content-Campaign-Id
X-Viewer-Country
X-Varnish-CookieHashed-On
X-Gzip
X-Variation
X-Rebelmouse-Surrogate-Control
Adler-Geo
X-Varnish-CookieINHashed-On
X-Origin
X-Varnish-Remaining-TTL
X-Cache-Config
X-Has-Esi
X-Cache-Id
X-Ua-Device
X-Varnish-Beresp-Ttl
X-CACHE-KEY
X-CLOUD-TRACE-CONTEXT
X-CS
X-Tx-Id
Pics-Label
X-API-Version
X-Up
X-GeoIP-Region-Code
X-LB-ID
X-GeoIP-Country-Code
X-Mvc-Supplant-OutputCached
X-Generated-In
Datacenter
X-NC
Candidate-Md5Url
CDN
Ms-Author-Via
X-Datadome
X-Trace-ID
S-Rt
Magicmarker
X-Restarts
Kp-EeAlive
X-LB-NoCache
X-DynaTrace-JS-Agent
WWW-Authenticate
X-Varnish-Ttl
Time
X-Vc
X-Via-Popv
X-Via-Poph
WebServer
Memory
X-Via-Popn
X-TraceId
X-Edge-Pop
NtCoent-Length
On-Server
X-Tt-Logid
X-Tb-Optimization-Total-Bytes-Saved
X-URL
X-RSL
X-DI
Esi-Enabled
X-DW
X-Refresh
X-RPS
X-Optimistic-Header
Env
X-RPM
X-DB
X-TA-CDN-Provider
X-DSS
X-Http-Reason
Edge-Cache
X-Action
X-Akamai-Request-ID2
X-Wix-Viewer-Type
X-CacheTTL
X-Cache-Backend
X-Srv
GeoIp-Country-Code
X-DC
X-Servedbyhost
X-Minions-Version
X-Service
X-Esi
C-Via
X-Parent-Response-Time
X-Dynatrace
Server-ID
X-HA-Backend
X-Unique-ID
X-Varnish-Beresp-TTL
X-Cache-PHP
Accept-Language
X-MSEdge-Features
X-MSEdge-Flight
X-Newrelic-Synthetics
X-Cs
X-TX-ID
X-ZONE
X-Render-Time
X-Cache-Status-Check
X-Webkit-CSP-Report-Only
X-Urbn-Context-Path
Locale
X-Urbn-Site-Id
X-Cache-Ttl
X-User
X-Fpc
X-LI-Proto
X-Ec-Fail
X-Ec-GeoHdr
X-Traceid
X-VCL-Version
X-App
Test
X-Webkit-Csp-Report-Only
X-Li-Proto
Proxy-Connection
X-LiteSpeed-Cache-Control
X-FPC
X-B3-Spanid
X-Pass-Why
X-NODE
X-AIR-PT
X-Info
Server-Id
X-Vcl-Version
Cdncip
X-AK-Request-ID
X-Clientip
Geo-Info
Cdnsip
Tcn
Cache-Host
X-Oss-Storage-Class
HIT
My-App
X-Oss-Server-Time
UCS
X-Oss-Request-Id
M-TraceId
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-Fmm-Version
S-Cnection
Fastly-Drupal-HTML
Geoip-Latitude
Tracecode
X-HostName
Resin-Trace
X-LiteSpeed-Tag
Cf-Int-Pingora-Origin-Digest
X-Clara-WADP
Cluster
X-Var-Ttl
X-WADP-Cache
X-CUA
X-CSRF-TOKEN
X-Ha-Backend
X-ID
X-From
GeoIP-Country-Code
Lfy
T-Server
Hostname
X-Geo
Lang
Fastly-Backend-Name
Hit
X-Fragments
User-Agent
X-Micro-Cache
X-Pad
X-ServedByHost
MIME-Version
Ohc-File-Size
X-Mcache
X-Dynatrace-Js-Agent
X-Via-PopV
X-Via-PopN
DataCenter
X-RAMCache
X-Via-PopH
X-Release
ENV
X-BBC-Origin-Response-Status
X-Backend-Host
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
Target-Params
X-Edge-POP
X-ElasticPress-Query
X-VC
X-BCube-Filmed-By
X-APP
X-Check-Cacheable
Load-Balancing
Section-Io-Origin-Status
X-Cdn-Forward
Section-Origin-Responded
X-Api-Version
Section-Io-Id
X-NGINX-Cache
X-Edge-Cache
Section-Io-Origin-Time-Seconds
Lb
X-Fastly-Backend-Reqs
Servername
X-Ucs
X-ServerName
URI
EpKe-Alive
X-HS-Status
X-Httpd
X-WA
X-Lb-Nocache
X-Proxy-Cache-Info
X-GoCache-CacheStatus
X-WA-Info
Cache-Key
CPC-Age
CPC-Cache
Path
X-UP
Uri
VNS-Cache
X-Amz-Meta-Cb-Modifiedtime
VNS-Age
PICS-Label
Permissions-Policy
X-Nc
FSS-Cache
X-TRACE-ID
Cf-Ipcountry
X-Lb-Id
Server-Ttl
Producers
WZWS-RAY
X-ES-SERVER
ServerName
X-Provided-By
X-RateLimit-Reset
Cdn
X-B3-ParentSpanId
X-Wikidot-Static-Cache
X-Cdn-Request-ID
X-Fastly-Cache-Hits
Ohc-Cache-HIT
Cneonction
X-Wikidot-Backend
Cteonnt-Length
X-Dw-Trace-Id
X-Apw-Hits
X-Apw-Access-Token
Pagetype
X-Apw-Access-Action
X-Acquia-Application-Trace
X-Apw-Access-Object
Shield-Pop
X-Contensis-Viewer-Groups
X-Akamai-ERRuleID
X-Snapshot-Date
X-Cache-ASPX
X-Cms-Context
X-Acquia-Purge-Tags
X-Acquia-Site
X-Acquia-Application-UUID
X-Vcache
Vha6-Origin
X-Swift-Error
X-Pool
X-Yottaa-OS
X-Newrelic-App-Data
X-SB
X-Akamai-ERPolicy
CF-Cached-On
X-PJAX-URL
X-Air-Pt
X-Cache-Ngx
Sid
X-Akamai-Request-ID
X-Platform-Router
X-Cache-CFC
X-Platform-Cluster
X-Platform-Processor
X-Last-Modified
GeoIP-Latitude
X-Udemy-Cache-App-Namespace
X-Hcs-Proxy-Type
Req-ID
X-Via-Ucdn
CountryCode
X-Akamai-Pragma-Client-IP
X-UA
X-Varnish-Authentication
X-Logging-Id
X-CacheKey
X-Miniprofiler-Ids
X-Sentry-ID
X-Http-Count
X-Http-Duration-Ms
X-Te-Count
X-CCDN-CacheTTL
X-CCDN-Origin-Time
Ngx
MD5-Digest
X-Te-Duration-Ms