Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
CF-RAY
Cf-Request-Id
CF-Cache-Status
Accept-Ranges
Link
Pragma
ETag
X-XSS-Protection
Expect-CT
X-Powered-By
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
Alt-Svc
X-Served-By
X-Timer
X-Download-Options
Access-Control-Allow-Headers
X-Varnish
X-Xss-Protection
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-Request-ID
X-Drupal-Cache
X-Check
X-Cache-Status
X-Generator
X-DNS-Prefetch-Control
X-Cacheable
Timing-Allow-Origin
P3p
X-Content-Security-Policy
X-FRAME-OPTIONS
X-Iinfo
Status
Content-Encoding
Feature-Policy
X-AspNetMvc-Version
X-CDN
Access-Control-Expose-Headers
Upgrade
X-Envoy-Upstream-Service-Time
X-Drupal-Dynamic-Cache
Access-Control-Max-Age
X-Via
Keep-Alive
X-Dns-Prefetch-Control
X-Robots-Tag
Server-Timing
Request-Context
X-Server
X-Ws-Request-Id
X-AH-Environment
X-Ua-Compatible
X-Age
X-Hacker
X-Turbo-Charged-By
X-Proxy-Cache
X-Server-Powered-By
X-Cache-Group
X-Backend
Host-Header
X-Nginx-Cache-Status
EagleId
X-Amz-Request-Id
X-Amz-Id-2
Report-To
X-Rq
X-LiteSpeed-Cache
X-Varnish-Cache
Grace
X-Page-Speed
X-UA-Device
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-Device
X-Pingback
X-Server-Id
EagleEye-TraceId
X-Vhost
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
Cf-Railgun
X-Amz-Version-Id
X-Host
X-Dispatcher
X-OneAgent-JS-Injection
NEL
X-CST
X-Node
Allow
Surrogate-Control
X-Cache-Spec
Request-Id
X-Backend-Server
X-WebKit-CSP
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Response-Time
X-Akam-SW-Version
X-Readtime
Accept-CH
Xkey
X-HW
X-Country
X-Ac
Content-Location
X-Application-Context
X-Language
Accept-Ch-Lifetime
X-Webkit-CSP
X-Template
Rating
MS-Author-Via
X-Url
X-Cloud-Trace-Context
X-Cache-Lookup
X-Mod-Pagespeed
X-Ruxit-JS-Agent
Edge-Control
X-PC
X-TtlSet
X-Vname
X-Clacks-Overhead
X-B3-TraceId
X-ESI
X-MS-InvokeApp
X-Trace
X-Varnish-TTL
X-GitHub-Request-Id
Accept-CH-Lifetime
X-Content-Type
Fastly-Restarts
X-ASPNET-VERSION
X-Cnection
Accept-Ch
X-Origin-Cache
X-Rack-Cache
X-D2id
X-GoogleNews-Bot
X-Use-Magma
X-Kinja
X-Exp-Id
X-Exp-Variant
X-Kinja-Revision
X-Cdn-Fetch
Arr-Disable-Session-Affinity
X-Kinja-Server
X-Kinja-Build
Verso
X-Country-Code
X-VARITI-CCR
X-Goog-Hash
X-Cached
X-Server-Name
X-Vcap-Request-Id
X-Powered-By-Plesk
X-FastCGI-Cache
X-Navigation-Version
Cache-Tag
X-Client-IP
X-Amz-Rid
X-Abt-Application-Version
Service-Worker-Allowed
X-Buckets
X-Middleton-Response
X-Sol
X-Middleton-Display
Pagespeed
Display
Response
X-ORACLE-DMS-ECID
RTSS
X-Fastly-Request-ID
Access-Control-Request-Method
X-Element-Page-Cache
X-MSEdge-Ref
X-Cache-TTL
X-Powered-CMS
X-Ttl
X-NF-Request-ID
X-Oneagent-Js-Injection
X-Dw-Request-Base-Id
Public-Key-Pins
X-Upstream
X-Ruxit-Js-Agent
X-Version
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Edge
S
X-Kinsta-Cache
X-LLID
MRF-Tech
X-TTL
X-B3-TraceId-Primal
Mrf-Cache-Status
SPIisLatency
Realpath
SPRequestDuration
X-Accel-Expires
X-SharePointHealthScore
SPRequestGuid
X-Px
X-Jurisdiction
X-T
X-HP-Webp
X-Correlation-Id
X-Mid
X-MCACHE
X-Forwarded-Proto
X-Edge-Location-Klb
X-Release
X-PressLabs-Stats
X-Mg-S
X-ECACHE
X-Litespeed-Cache
Charset
X-Content-Security-Policy-Report-Only
X-Recruiting
X-Shield-Request-Id
Edge-Cache-Tag
X-Ezoic-Cdn
TP-L2-Cache
TP-Cache
Pinterest-Generated-By
X-Pinterest-Rid
Pinterest-Version
Fastcgi-Cache
X-DynaTrace
X-Amz-Server-Side-Encryption
X-Id
X-ORACLE-DMS-RID
X-Kraken-Loop-Name
X-Content-Digest
X-Kraken-Routeconfig-Destination
X-Instrumentation
X-Server-Lifecycle-Phase
X-Request-Processing-Time
X-Request-Received
Filters
Cache-Tags
Alternate-Protocol
Server-Node
X-Logged-In
Content-MD5
Front-End-Https
Nginx-Cache
X-Forwarded-For
Server-Name
X-WebKit-CSP-Report-Only
X-Cache-Key
X-Origin-Upstream-Status
X-Amzn-Trace-Id
Fusion-Deployment-Id
Fusion-Template-Id
Fusion-Component-Id
Fusion-Content-Id
Fusion-Content-Source
Fusion-Source
TCN
X-Origin-Server
AR-Request-ID
AR-ATIME
Ar-Sid
AR-PoweredBy
AR-CACHE
X-XRDS-LOCATION
X-Grace
X-Contextid
X-Amz-Replication-Status
X-Geo-Country
X-F-Cache
X-Rid
X-Az
X-AppVersion
Host
X-Activity-Id
X-HS-Content-Id
X-HS-Hub-Id
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Metageneration
X-Goog-Generation
X-HS-Cache-Config
X-GUploader-UploadID
Cleartype
X-HS-Combine-CSS
X-Hostname
X-Www-Served-By
X-Frontend
X-Protected-By
X-Fastcgi-Cache
Section-Io-Cache
X-LB-Cache
X-XRDS-Location
X-Debug-Info
X-Ser
MicrosoftSharePointTeamServices
X-Erf-Bev-Bev-Is-Generated
X-Browser-Type
X-RateLimit-Remaining
X-Erf-Bev-Bev
X-Aspnetmvc-Version
X-Tec-Api-Origin
X-Tec-Api-Root
X-Page-Id
X-Tec-Api-Version
X-Microsite
X-Request-Handler-Origin-Region
X-Git-Hash
X-Cache-Age
Accept-Charset
X-Varnish-Age
X-Respond-Thread
X-Source
X-Hits
X-Upgrade-Enabled
X-DIS-Request-ID
Nel
ServerID
X-VCache
Paypal-Debug-Id
X-Mobile-URL
X-Varnish-Backend
X-NWS-LOG-UUID
X-Content-Options
X-Varnish-Grace
X-B-Cache
X-Signature
X-CACHE-GROUP
X-Request-Guid
X-Is-Crawler
X-Flags
X-Aspnet-Duration-Ms
X-Route-Name
X-Providence-Cookie
Healthy
X-N
X-FB-Debug
X-Whom
Payment
Access-Control-Allow-Method
X-Kong-Proxy-Latency
X-App-Environment
X-B3-Sampled
X-Kong-Upstream-Latency
X-Cache-Action
X-TT
Viewport
Node
X-Seen-By
X-AOL-HN
X-Daa-Tunnel
X-Type
X-Load-Cache
Fastcgi-Useragent
X-Server-ID
Version
MS-CV
DC
X-Mobile
X-Webkit-Csp
X-Cache-Expired-At
X-Ua-Device
Filterid
X-Distributor
X-HTML-Minification-Powered-By
X-IPLB-Instance
DynaTrace
X-Cache-Control
X-Yandex-Sdch-Disable
SRV
Retry-After
X-Ab
X-FireWall-Port
X-Response-Served-From
X-Original-Request-Id
X-Real-IP
X-Debug
X-Instance
X-Tumblr-User
X-Tumblr-Pixel-1
X-Jobs
X-Proxy-Cache-Status
X-Tumblr-Pixel-0
NGB
X-Tt-Trace-Host
X-UUID
X-Tt-Trace-Tag
X-Tumblr-Pixel
X-Varnish-Server
X-RemovedCookies
X-ProcessESI
X-Accel-Buffering
Refresh
X-Content-Powered-By
X-Debug-IsConnected
X-Page-View
X-Region
X-Device-Type
X-Debug-IsPreview
X-IPS-LoggedIn
Ms-Operation-Id
X-Proxy
X-RTag
Uber-Trace-Id
X-B
X-Framework
VIX-Pulpo-Node
X-Cacheable-TTL
Cache
X-Cache-Time
Frame-Options
VIX-Pulpo-Upstream-Status
Access-Control-Request-Headers
X-Cluster-Name
X-Adobe-Loc
X-Adobe-Content
X-G
X-User-Agent
X-Wix-Request-Id
X-FW-Server
X-FW-Dynamic
X-FW-Type
X-FW-Static
X-Zen-Fury
X-FW-Serve
X-FW-Hash
Countrycode
Section-Io-Id
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
Section-Io-Origin-Status
X-Cache-Hit
Cache-Status
X-Vgn-Hpd-Reason
Surrogate-Key
X-Time
X-App-Version
X-Drupal-Cache-Tags
X-NGENIX-Cache
Eomportal-Instance
Country
X-Nginx-Cache
X-Rendered-As
X-Is-Bot
X-RateLimit-Limit
X-Azure-Ref
X-EdgeConnect-Cache-Status
X-App-Server
X-TA-CDN-Provider
X-Mg-Request-UUID
S-Cnection
X-Oracle-Dms-Rid
CF-IPCountry
X-Rule
X-Ms-Request-Id
X-Ms-Version
X-Drupal-Cache-Contexts
Referer-Policy
X-Cache-Rule
X-CDN-Forward
AMP-Access-Control-Allow-Source-Origin
Liferay-Portal
X-JoinUs
SD-X-WS
X-Tumblr-Pixel-2
X-Varnishpool
From-Origin
Selected-Fe
X-SaId
X-UPSTREAM-Address
X-Proxy-Build
X-ES-SERVER
Meta-Geo
X-RN-RSRV
X-Timing-Wait
X-R9-Blue-Green-Version
X-Handled-By
X-Endurance-Cache-Level
X-Via-Fastly
X-Pubstack
X-Node-Name
X-Xfnlog-Site
X-No-Session
X-Sorting-Hat-ShopId
X-Cache-TTL-Remaining
X-Storefront-Renderer-Rendered
X-Sorting-Hat-PodId
X-Backend-Host
X-TNCMS
X-Shopify-Stage
X-ShopId
ServedBy
X-ShardId
X-Yottaa-Metrics
X-Alternate-Cache-Key
X-Loop
X-Yottaa-Optimizations
Country-Code
X-PHP-Backend
Protected
X-Cache-Server
TWC-GeoIP-LatLong
TWC-Locale-Group
TWC-GeoIP-Country
TWC-Connection-Speed
Decoy-Debug-Status
Decoy-Debug-Key
Cache-Tv-Group
Decoy-Debug-TTL
Fastly-SSL
TWC-Privacy
Property-Id
TWC-Device-Class
X-Say-Cacheable
X-VWS-Id
X-Varnish-Hostname
Cache-Name
X-Server-W
X-SayCDN-TTL
X-S-Maxage
X-Request-Time
Azure-SiteName
Azure-RegionName
Azure-SlotName
Azure-Version
X-Human
X-Say-TTL
Azure-InstanceId
X-Be
X-LAGOON
X-AWS-Id
Webcakes-Region
Webcakes-App-Version
X-LJ-Flow-ID
X-NYM-Debug-Backend
X-Proto
X-PCL
X-Origin-Hint
X-OCL
Webcakes-App-Name
X-Cache-PHP
X-Environment-Context
X-L-Path
Akamai-GRN
X-ProxyCache-Status
X-Status
X-Sql-Duration-Ms
X-ProxyCache-Key
X-Redis-Cache
X-RCS-CacheZone
X-BYPASS-REASON
X-Access
X-Cache-Operation
X-Backend-Name
X-Format
X-Sql-Count
X-PHP-Host
Apigw-Requestid
X-Origin-Date
X-Section
X-Labrador-Cache-Channel
X-Hl-Ver
X-Hyper-Cache
X-Dc
X-Uri
X-FB-TRIP-ID
X-Hosted-By
X-PERF
X-Cached-By
X-UA-Device-Type
X-Akamai-Edgescape
X-ApacheServer
X-Adobe-Source
X-Varnish-Beresp-Grace
X-GG-Cache-Date
Mn-Server-Ip
X-Web-Node
Xserver
X-Trace-Id
X-WA-Info
Amp-Access-Control-Allow-Source-Origin
X-MP-GENERATED-AT
X-Content-Age
X-ATG-Version
X-FW-Version
X-B3-SpanId
X-B3-Traceid
X-Revision
X-Cache-Enabled
X-SRV
X-Soup
X-Mode
X-Edge-Location
Backend
X-Time-Microsecs
X-ServerID
X-Tumblr-Pixel-3
X-CSRF-Token
X-Info
X-Cache-Type
X-CACHE-KEY
Who
X-Bc-Bl
X-APP-VERSION
X-Cache-NGX
X-Varnish-Beresp-Status
X-Microcachable
X-Akamai-Transformed
X-Detected-As
X-CS
X-Debug-Cache
X-Proxied
X-Zipkin-Id
X-Azure-Ref-OriginShield
X-Platform
X-Routing-Service
X-Datadome
X-Storage
X-Aws-Lambda-Call-Status
X-Cache-Host
Web-Mar-Node
X-Varnish-Cache-Hits
X-Amzn-RequestId
X-Amzn-Remapped-Content-Length
X-Amz-Apigw-Id
X-Generation-Time
DataCenter
X-TT-LOGID
X-Via-JSL
OT-Force-Account-Verify
X-DataDome
Server-Info
X-Unique-ID
X-Varnish-Hits
X-Cluster-Node
X-Locale
X-Extlb
X-Varnish-Beresp-Ttl
Cross-Origin-Opener-Policy
GEO-INFO
X-Origin-CC
X-Origin-TTL
X-Site-Version
X-Parallel-Accel
Count-Hit
X-Destination
X-Air-Hostname
X-Developer
X-Air-Source
X-D
X-A-Wwc
CDN-EdgeStorageId
CDN-PullZone
CDN-RequestCountryCode
X-From
X-Air-Trace-Id
CDN-CachedAt
CDN-Cache
X-External-Request-Id
Meta-Geo-Continent
CDCHOST
X-Aed
X-Application
X-BCube-Filmed-By
X-Bip
Host-ID
A
X-B-Cookie
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Apple-News-Services-Handled
X-ARC
X-Cache-Bucket
BehaviorPad-Version
MD5-Digest
X-Connection-Hash
User-Cache-Control
X-Core-Value
X-Cms-Context
CDN-RequestId
M-TraceId
X-Cache-NE
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Magnolia-Registration
X-Generated-On
X-Ratelimit-Reset
X-Proxy-Upstream
DCR-Decision-By
Apple-News-Services-Request-Url
X-Session-Fingerprint
X-Processor
X-PBS-Appsvrname
Mobile-Detection-Method
T-Server
X-Sucuri-ID
X-PAYTM-SRV-ID
X-SRCache-Key
X-Service
DCR-Processing-Time-Ms
Expiry
X-Rewrite-Enabled
X-Rojux
X-S-Cookie
X-S
X-ScT
Fastcgi-X-Cache-Version
X-Request-URI
Rendered-Blocks
X-EC-Lua
X-Ratelimit-Limit
Geo-Info
X-NAPM-TraceId
Surrogated-Key
X-Thanos
X-A-Dam
X-A-Ccd
X-VG-WebServer
X-A-Dcw
X-VG-WebCache
X-Vdms-Version
Odigeo-Trace-Id
X-Vdms-Path
X-AIR-PT
X-A-Dgt
X-A
X-Geo-Header
X-Vtex-Remote-Cache
Fastly-Backend-Name
X-Level-Front-Cache
Content-Disposition
CDN-Uid
X-Vtex-Processado-Em
X-Location
X-Varnish-Url
X-Tb
X-Pass-Why
X-Aicache-OS
Path
X-Accel-Expires-Debug
UCS
Server-Host
Memcached
Pics-Label
Pagetype
PFcat
X-JWT-State
X-Request-Host
X-Request-UUID
X-Scheme
X-Served-From
X-Req
X-Rebelmouse-Surrogate-Control
X-Origin
X-Platform-Server
X-Rebelmouse-Cache-Control
X-TrackingId
X-Var-Ttl
Req-Svc-Chain
State
X-Epic-Correlation-Id
My-App
Cache-Host
X-VarnishDD-TTL
X-VG-TLSProxy
X-WADP-Cache
X-NU-AKA-ACS-Version
X-Micro-Cache
X-Developers
X-Envoy-Decorator-Operation
X-Fastly-Cache
X-Fmm-Version
X-Date
X-Clientip
X-Cache-Debug
X-Cache-Info
X-Clara-WADP
X-Forwarded-Site
X-Gamma-Serve
X-Is-Gdpr
Location
X-Men
X-HN
X-Hash
X-Generated-By
X-GoCache-CacheStatus
X-Has-Esi
X-Backend-State
X-Branch-Name
Cmstype
Esi-Enabled
Fastly-SIE
Fastly-SWR
Cmsid
CacheControlHeader
X-Cluster
X-Varnish-Ttl
X-Amz-Meta-S3cmd-Attrs
AKAMAI
Gh-Request-Id
Ec-Rule-Version
Upgrade-Insecure-Requests
X-Servername
X-Wikidot-Backend
X-Wikidot-Static-Cache
Fastcgi-Cache-TTL
X-Csrf-Jwt
Fastly-Drupal-HTML
X-DPWN-IS-SECURE
X-Fastly-Backend
X-Eu-Site
X-Esi-Check
X-CGP
X-Device-Os
Kp-EeAlive
Arc-Country
Adler-Geo
Arc-Version
C-Via
X-Rocket-Build-Number
Origin
X-Block-Status
X-Cache-Tags
L
X-Cache-Id
X-Cache-Grace
X-VC-Cache
X-Variation
Is-Eu
X-Old-Content-Length
X-Mvc-Supplant-Cachable
Ha-Gx-Prefs
X-LI-UUID
X-Origin-Expires
X-Ratelimit-Remaining
X-TX-ID
X-Policy
X-Owner
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Li-Pop
X-Li-Fabric
X-Gzip
L5d-Success-Class
X-Thinkindot-L3
X-Generated-In
X-Gen-Mode
X-SVT-ORM-VERSION
X-Hnp-Log
X-Slack-Backend
X-Irp-Debug
X-SVT-ORM-RULES
X-HS-Content-Campaign-Id
X-Sigma
X-Viewer-Country
Platform
Wxu-Next-Commit
Wxu-Next-Hostname
Thinkindot-CacheControl
PB-RID
We-Hiring
X-Minions-Version
TDXMobile
Svr
DSUID
Vix-Hermes-Req-Id
Cache-Key
PB-PID
Wxu-Next-Region
Thinkindot-Control
Cf-Device-Type
HA-Ipaddr
True-Client-Country-4JS
Thinkindot-CacheControl-Type
NGX
X-Sigma-Backend
NM-Fastcgi-Cache
Mail-Subject
X-NWS-UUID-VERIFY
Webserver
Source
X-User
CPC-Age
X-Varnish-Remaining-TTL
X-GeoIP
X-Forwarded-Host
X-Varnish-CookieHashed-On
X-Fetched-On
Release
X-Qloud-Router
X-Nginx-Cache-Key
X-PF-Uncompressing
X-Planisys-CDN-Cache
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-SIPLIST1
X-Skip-Cache
Server-Hostname
Sever-Int
CPC-Cache
Server-Ext
X-FC-Vary-Parameters
IsBot
X-GeoIP-City
X-Varnish-CookieINHashed-On
X-DefElseHash
X-DefHash
X-Via-NSCOPI
X-VServer
Locid
VNS-Cache
VNS-Age
V-Age
X-Loc
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
Tcn
X-Mvc-Supplant-OutputCached
NtCoent-Length
X-Unique-Id
Url
X-Goog-Meta-Goog-Reserved-File-Mtime
X-TraceId
X-CLOUD-TRACE-CONTEXT
SID
XServer
X-OVcl
X-Ua
Cache-Hits
X-PJAX-URL
X-OVcl-Cache
S-Rt
X-Forwarded-Path
X-Orig-Expires
X-Vc
X-Shop-Environment
X-Tenant
Powered-By-ChinaCache
X-Via-Poph
MIME-Version
X-Refresh
X-Zone
X-Via-Popn
Cross-Origin-Window-Policy
X-Via-Popv
DB-Nickname
X-Cache-Ttl
Cf-Bgj
X-Backend-TTL
X-Ftr-Request-Id
X-NC
Magicmarker
X-ID
X-TIME
X-Internal-Host
Geoip-Latitude
GeoIp-Country-Code
Memory
X-Conf
X-GEO
Time
Content-Secure-Policy
X-Geo
WebServer
X-LB-ID
X-Dispatcher-Server
X-ZONE
X-BBC-Edge-Cache-Status
X-NCache
X-Method
X-HP-Trace-Id
X-Worker
X-Servedbyhost
Server-ID
X-Ckpd-Fst-Backend
X-Srv
HostName
Hostname
X-Auto-Login
X-IP
X-LSADC-Cache
Ssr
X-V-Cache
X-Newrelic-Synthetics
LB
X-Qnm-Cache
X-Rocket-Nginx-Serving-Static
X-Li-Proto
X-Render-Time
X-NewRelic-App-Data
X-M-Reqid
X-M-Log
X-Tx-Id
X-Wa
X-Nc
X-Platform-Cluster
X-Platform-Router
X-DC
X-Tb-Optimization-Total-Bytes-Saved
X-Trv-Group
X-Platform-Processor
Resin-Trace
X-SD-PageType
X-App
X-Node-Id
X-Cache-Remote
X-Vcl-Version
Ohc-File-Size
X-Traceid
Sid
X-VCL-Version
Env
X-Datadog-Parent-Id
Environment
X-Datadog-Sampling-Priority
X-Datadog-Trace-Id
X-Via-CDN
X-MSEdge-Features
X-MSEdge-Flight
X-APP
X-Origin-Response-Time
X-HITS
X-CACHE-AGE
X-Dynatrace
X-VHOST
X-API-Version
X-Cache-Config
X-Origin-Time
X-Nyt-Route
X-Via-Ucdn
X-BBC-Origin-Response-Status
X-NodeID
X-Reqid
X-HostName
X-FTR-Request-ID
X-Gdpr
X-ServerName
X-Edge-Pop
CF-Cached-On
Cluster
X-Pod-Name
X-WA
X-Varnish-Beresp-TTL
X-Server-IP
Datacenter
X-Correlation-ID
X-DynaTrace-JS-Agent
Viewtype
X-LI-Proto
Cf-Ipcountry
X-ND-Cache
Candidate-Md5Url
X-Wix-Viewer-Type
X-ElasticPress-Query
VivaBuild
Rt-Fastcgi-Cache
X-Cdn-Forward
X-Fastly-Request-Id
Machine
X-HS-Status
X-Cs
Web-Mar-Region
X-Akamai-Pragma-Client-IP
CDN
X-Cache-Var
X-Dynatrace-Js-Agent
X-Cache-Var-Map
X-NGINX-Cache
N-Cache
Server-Id
FSS-Cache
X-ServedByHost
On-Server
X-Lb-Id
X-CSRF-TOKEN
Proxy-Connection
X-Oss-Storage-Class
X-FTR-Balancer
Servername
WZWS-RAY
GeoIP-Latitude
GeoIP-Country-Code
Xc-Version
X-FTR-Backend
X-Swa-Ws
X-URL
X-Oss-Request-Id
X-Via-PopH
X-FTR-Realm
X-Via-PopV
X-Via-PopN
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-FTR-Cache-Status
X-FTR-DC
X-Oss-Server-Time
X-FTR-Backend-Server
X-Check-Cacheable
X-CCM
X-Country-Code-Real
Ohc-Cache-HIT
X-Xrds-Location
X-Esi
X-Fastly-Backend-Reqs
X-IN-APIGATEWAYSSL
Cdn
Tracecode
X-Cache-Backend
Onion-Location
X-IN-APIGATEWAY
WWW-Authenticate
X-EIG-Tracking-Id
X-Varnish-Cacheable
X-VC
X-Pjax-Url
X-ECache
Cteonnt-Length
X-SN
X-Swift-Error
Mime-Version
URI
X-CUA
CountryCode
X-Webkit-CSP-Report-Only
X-Varnish-Authentication
X-Tt-Logid
X-Contensis-Viewer-Groups
X-Cache-ASPX
SR-User-Adfree
X-Fpc
X-FTR-Expires
X-Region-Sid
X-FORWARDED-FOR
Instruction
CACHE
X-Air-Pt
WP-Super-Cache
X-Fastly-Cache-Hits
Ohc-Response-Time
X-DI
X-RSL
Redirect-Candidate
X-RPS
X-RPM
X-DW
X-Request-Start
X-StackifyID
X-UnsetCookies
X-Depends-On
X-TIM-N
X-Tid
X-Webstats-RespID
X-DSS
Server-Ttl
X-Dw-Trace-Id
X-Pf-Uncompressing
X-LiteSpeed-Cache-Control
X-SB
X-ElasticPress-Search
X-Yottaa-OS
X-Snapshot-Date
X-DB
Warning
X-Action
Shield-Pop
X-Provided-By
Xet-Cookie
Vha6-Origin
X-Up
ServerName
Content-Script-Type
X-Acquia-Application-Trace
X-Acquia-Application-UUID
X-Apw-Access-Action
X-Apw-Access-Object
X-Apw-Access-Token
X-Acquia-Purge-Tags
X-Acquia-Site
X-Matched-Rule
X-Core-Mission
X-Cache-Expires
Lfy
X-Apw-Hits
X-Cache-Status-Check
Content-Style-Type
X-C
X-TH-Server
X-MiniProfiler-Ids
X-Mg-Request-Id
X-Hcs-Proxy-Type
CloudFront-Viewer-Country
W
X-CCDN-CacheTTL
X-CCDN-Origin-Time
X-Pad