Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-RAY
CF-Cache-Status
Accept-Ranges
Link
Pragma
X-XSS-Protection
ETag
Expect-CT
X-Powered-By
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
Alt-Svc
X-UA-Compatible
X-Served-By
X-Timer
X-Download-Options
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Xss-Protection
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Request-ID
X-Check
X-Cache-Status
X-Generator
X-DNS-Prefetch-Control
X-Cacheable
Timing-Allow-Origin
P3p
X-Content-Security-Policy
X-FRAME-OPTIONS
X-Iinfo
Status
Content-Encoding
Feature-Policy
X-AspNetMvc-Version
X-CDN
Upgrade
Access-Control-Expose-Headers
X-Envoy-Upstream-Service-Time
X-Ua-Compatible
X-Drupal-Dynamic-Cache
Access-Control-Max-Age
X-Via
Keep-Alive
Server-Timing
X-Robots-Tag
X-Dns-Prefetch-Control
Request-Context
X-Ws-Request-Id
X-Server
X-AH-Environment
X-Age
X-Hacker
X-Turbo-Charged-By
X-Proxy-Cache
X-Server-Powered-By
X-Cache-Group
X-Backend
Host-Header
EagleId
X-Nginx-Cache-Status
X-Amz-Request-Id
X-Amz-Id-2
Report-To
X-Rq
X-UA-Device
X-Varnish-Cache
Grace
X-Page-Speed
X-LiteSpeed-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-Device
X-Pingback
X-Server-Id
EagleEye-TraceId
X-Vhost
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
Cf-Railgun
X-Amz-Version-Id
X-OneAgent-JS-Injection
X-Host
X-Dispatcher
NEL
X-CST
X-Node
Allow
Surrogate-Control
X-Cache-Spec
X-WebKit-CSP
Request-Id
X-Backend-Server
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Response-Time
X-Akam-SW-Version
X-Readtime
Xkey
X-HW
Accept-Ch-Lifetime
X-Country
Accept-CH
Content-Location
X-Ac
X-Application-Context
X-Language
X-Ruxit-JS-Agent
Rating
X-Template
MS-Author-Via
X-Webkit-CSP
X-Url
X-Cache-Lookup
X-Mod-Pagespeed
X-Cloud-Trace-Context
Accept-Ch
X-B3-TraceId
Edge-Control
X-Vname
X-TtlSet
X-PC
X-Clacks-Overhead
X-ESI
X-MS-InvokeApp
X-Varnish-TTL
X-Trace
X-GitHub-Request-Id
X-Content-Type
Fastly-Restarts
X-Cnection
X-Origin-Cache
X-Rack-Cache
X-ASPNET-VERSION
X-D2id
X-Exp-Id
Arr-Disable-Session-Affinity
X-Cdn-Fetch
X-Exp-Variant
X-Kinja-Revision
X-Use-Magma
X-Kinja-Build
X-Kinja-Server
X-Kinja
X-GoogleNews-Bot
X-Country-Code
Verso
X-Goog-Hash
X-VARITI-CCR
X-Cached
Accept-CH-Lifetime
X-Server-Name
X-Powered-By-Plesk
X-Vcap-Request-Id
X-Navigation-Version
Cache-Tag
X-Client-IP
X-Amz-Rid
X-Abt-Application-Version
X-FastCGI-Cache
Service-Worker-Allowed
X-Fastly-Request-ID
X-Buckets
X-Middleton-Response
X-Middleton-Display
Pagespeed
Display
Response
X-Sol
X-Litespeed-Cache
X-ORACLE-DMS-ECID
RTSS
Access-Control-Request-Method
X-Element-Page-Cache
X-MSEdge-Ref
X-Cache-TTL
X-Powered-CMS
X-NF-Request-ID
X-Dw-Request-Base-Id
Public-Key-Pins
X-Ttl
X-Upstream
X-Version
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-TTL
X-Edge
S
X-LLID
X-Kinsta-Cache
Mrf-Cache-Status
X-B3-TraceId-Primal
MRF-Tech
SPRequestDuration
SPIisLatency
X-Ruxit-Js-Agent
Realpath
X-Accel-Expires
SPRequestGuid
X-SharePointHealthScore
X-HP-Webp
X-T
X-ECACHE
X-Jurisdiction
X-Oneagent-Js-Injection
X-Px
X-Correlation-Id
X-Release
X-MCACHE
X-Mid
X-PressLabs-Stats
X-Forwarded-Proto
X-Mg-S
Charset
X-Content-Security-Policy-Report-Only
X-Edge-Location-Klb
X-Recruiting
X-Shield-Request-Id
X-Ezoic-Cdn
TP-L2-Cache
TP-Cache
Edge-Cache-Tag
X-Pinterest-Rid
Pinterest-Generated-By
Pinterest-Version
Fastcgi-Cache
X-Id
X-Amz-Server-Side-Encryption
X-Content-Digest
X-Request-Processing-Time
Filters
X-Request-Received
Cache-Tags
X-DynaTrace
Content-MD5
X-Logged-In
Alternate-Protocol
Server-Node
X-Instrumentation
X-ORACLE-DMS-RID
X-Server-Lifecycle-Phase
X-Kraken-Routeconfig-Destination
X-Kraken-Loop-Name
X-Forwarded-For
Front-End-Https
Nginx-Cache
X-XRDS-LOCATION
Server-Name
X-WebKit-CSP-Report-Only
X-Origin-Upstream-Status
X-Amzn-Trace-Id
AR-PoweredBy
AR-Request-ID
AR-CACHE
Fusion-Content-Source
Fusion-Source
Fusion-Deployment-Id
AR-ATIME
Fusion-Template-Id
Fusion-Content-Id
Fusion-Component-Id
Ar-Sid
X-Origin-Server
X-Grace
X-Fastcgi-Cache
X-Amz-Replication-Status
X-Geo-Country
X-Contextid
X-Rid
X-AppVersion
Host
X-Az
X-F-Cache
X-Activity-Id
X-HS-Hub-Id
X-HS-Content-Id
X-Goog-Metageneration
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-Goog-Generation
X-HS-Cache-Config
X-Goog-Stored-Content-Encoding
X-Cache-Key
X-HS-Combine-CSS
Cleartype
TCN
X-Www-Served-By
X-Protected-By
X-Frontend
Section-Io-Cache
X-LB-Cache
X-Debug-Info
MicrosoftSharePointTeamServices
X-Ser
X-Hostname
X-Tec-Api-Origin
X-Browser-Type
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Tec-Api-Root
X-Tec-Api-Version
X-Microsite
X-Request-Handler-Origin-Region
X-Cache-Age
X-Page-Id
X-Git-Hash
X-RateLimit-Remaining
X-Varnish-Age
X-Aspnetmvc-Version
Accept-Charset
X-Respond-Thread
X-Hits
X-Upgrade-Enabled
X-Source
X-DIS-Request-ID
ServerID
X-Mobile-URL
X-VCache
Paypal-Debug-Id
X-NWS-LOG-UUID
X-N
X-Content-Options
X-Varnish-Backend
X-Varnish-Grace
X-Request-Guid
X-Signature
X-XRDS-Location
X-Is-Crawler
X-Aspnet-Duration-Ms
X-B-Cache
X-Flags
X-Providence-Cookie
X-Route-Name
X-B3-Sampled
X-FB-Debug
X-Kong-Proxy-Latency
X-Whom
Nel
Healthy
Payment
Access-Control-Allow-Method
X-Kong-Upstream-Latency
X-Cache-Action
X-App-Environment
X-TT
X-Seen-By
Viewport
Node
X-CACHE-GROUP
X-Daa-Tunnel
X-AOL-HN
X-Type
X-Load-Cache
Fastcgi-Useragent
MS-CV
Version
X-Server-ID
DC
X-Mobile
X-Cache-Expired-At
Filterid
X-IPLB-Instance
X-Distributor
X-Webkit-Csp
X-HTML-Minification-Powered-By
X-Cache-Control
DynaTrace
X-Yandex-Sdch-Disable
X-FireWall-Port
SRV
Retry-After
X-Debug
X-Response-Served-From
X-Original-Request-Id
X-Real-IP
X-Instance
Refresh
X-Jobs
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
X-Proxy-Cache-Status
X-Tumblr-User
X-Tumblr-Pixel
X-UUID
X-RemovedCookies
X-Accel-Buffering
NGB
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-ProcessESI
X-Varnish-Server
Ms-Operation-Id
X-Device-Type
X-RTag
X-Debug-IsPreview
X-Content-Powered-By
X-Debug-IsConnected
X-Ab
X-Page-View
X-IPS-LoggedIn
X-Region
X-Proxy
X-Cluster-Name
Cache
X-Cache-Time
X-Framework
X-Cacheable-TTL
Access-Control-Request-Headers
X-B
Uber-Trace-Id
Frame-Options
X-Adobe-Loc
X-G
X-Adobe-Content
X-Wix-Request-Id
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-User-Agent
X-FW-Dynamic
X-FW-Static
X-Zen-Fury
X-FW-Server
X-FW-Type
X-FW-Hash
X-FW-Serve
Countrycode
Section-Origin-Responded
X-Time
X-App-Version
Section-Io-Id
X-Cache-Hit
Section-Io-Origin-Time-Seconds
Section-Io-Origin-Status
Surrogate-Key
Cache-Status
X-Oracle-Dms-Rid
X-Vgn-Hpd-Reason
X-Nginx-Cache
X-Drupal-Cache-Tags
Eomportal-Instance
X-NGENIX-Cache
Country
AMP-Access-Control-Allow-Source-Origin
X-App-Server
X-Is-Bot
X-Azure-Ref
X-Rendered-As
X-TA-CDN-Provider
X-EdgeConnect-Cache-Status
X-RateLimit-Limit
CF-IPCountry
X-Drupal-Cache-Contexts
S-Cnection
X-Rule
X-Mg-Request-UUID
X-Cache-Rule
X-Ms-Version
X-Ms-Request-Id
Liferay-Portal
Referer-Policy
X-Tumblr-Pixel-2
X-Proxy-Build
X-Timing-Wait
Meta-Geo
X-SaId
Selected-Fe
X-RN-RSRV
X-Varnishpool
X-Yottaa-Metrics
X-ES-SERVER
From-Origin
X-Yottaa-Optimizations
X-UPSTREAM-Address
X-JoinUs
X-TNCMS
X-Via-Fastly
X-Sorting-Hat-ShopId
X-ShardId
X-Cached-By
X-Xfnlog-Site
X-Sorting-Hat-PodId
X-ShopId
X-PHP-Backend
X-CDN-Forward
X-Endurance-Cache-Level
X-Cache-TTL-Remaining
X-Handled-By
SD-X-WS
X-Shopify-Stage
Country-Code
X-Loop
Protected
X-Storefront-Renderer-Rendered
X-R9-Blue-Green-Version
X-Cache-Server
X-No-Session
X-Alternate-Cache-Key
X-Backend-Host
Xserver
TWC-Device-Class
TWC-Connection-Speed
TWC-GeoIP-Country
ServedBy
TWC-GeoIP-LatLong
Webcakes-App-Name
TWC-Privacy
TWC-Locale-Group
Property-Id
Cache-Tv-Group
Azure-RegionName
Azure-InstanceId
Akamai-GRN
Azure-SiteName
Azure-SlotName
Webcakes-App-Version
Cache-Name
Azure-Version
Fastly-SSL
Webcakes-Region
X-Say-Cacheable
X-S-Maxage
X-Request-Time
X-Say-TTL
X-SayCDN-TTL
X-VWS-Id
X-Varnish-Hostname
X-Server-W
X-Proto
X-PCL
X-Cache-PHP
X-Be
X-AWS-Id
X-Human
X-LJ-Flow-ID
X-Origin-Hint
X-OCL
X-NYM-Debug-Backend
X-L-Path
X-Pubstack
X-Node-Name
X-Environment-Context
X-Cache-Operation
X-Labrador-Cache-Channel
X-Access
X-LAGOON
X-Hyper-Cache
X-Hl-Ver
X-BYPASS-REASON
X-Dc
X-Format
X-Backend-Name
X-PHP-Host
X-CACHE-KEY
X-Sql-Duration-Ms
X-Status
X-Section
X-Redis-Cache
X-ProxyCache-Key
X-ProxyCache-Status
X-RCS-CacheZone
X-Origin-Date
X-Sql-Count
Decoy-Debug-TTL
Decoy-Debug-Key
Decoy-Debug-Status
X-FB-TRIP-ID
Mn-Server-Ip
X-GG-Cache-Date
X-Hosted-By
X-Akamai-Edgescape
X-Uri
Apigw-Requestid
X-UA-Device-Type
X-Adobe-Source
X-Varnish-Beresp-Grace
X-PERF
X-ApacheServer
X-Web-Node
X-Trace-Id
X-WA-Info
X-Content-Age
X-MP-GENERATED-AT
X-ATG-Version
X-B3-SpanId
X-Ua-Device
X-FW-Version
X-Cache-Enabled
X-Revision
X-SRV
X-CSRF-Token
X-Soup
X-Mode
X-Edge-Location
X-Info
Backend
X-ServerID
Amp-Access-Control-Allow-Source-Origin
X-Time-Microsecs
Who
X-Tumblr-Pixel-3
X-CS
X-Bc-Bl
X-Cache-Type
X-Cache-NGX
X-TT-LOGID
X-Microcachable
X-Datadome
X-Varnish-Beresp-Status
X-Debug-Cache
X-Akamai-Transformed
X-Detected-As
X-Platform
X-Proxied
X-Routing-Service
X-Zipkin-Id
X-CLOUD-TRACE-CONTEXT
X-Azure-Ref-OriginShield
X-Cdn
Tcn
X-Storage
X-Via-JSL
Web-Mar-Node
X-Cache-Host
Geo-Info
DataCenter
X-Generation-Time
X-Varnish-Cache-Hits
X-Amzn-Remapped-Content-Length
X-Amz-Apigw-Id
X-Aws-Lambda-Call-Status
X-Amzn-RequestId
X-Unique-ID
Server-Info
X-Locale
X-Extlb
X-Ratelimit-Limit
X-APP-VERSION
X-Varnish-Hits
X-Site-Version
X-DataDome
Cross-Origin-Opener-Policy
OT-Force-Account-Verify
X-Pass-Why
X-Origin-TTL
X-B3-Traceid
X-Ratelimit-Remaining
X-AIR-PT
X-Origin-CC
X-PAYTM-SRV-ID
Rendered-Blocks
X-PBS-Appsvrname
X-Vtex-Remote-Cache
X-Proxy-Upstream
X-External-Request-Id
X-Air-Hostname
X-Bip
X-Geo-Header
X-Generated-On
Surrogated-Key
X-Air-Source
X-Air-Trace-Id
X-Processor
X-Cache-Bucket
User-Cache-Control
X-Magnolia-Registration
X-Cluster-Node
X-CF-Lambda-Fn
Mobile-Detection-Method
CDN-Uid
X-Location
CDN-RequestId
CDN-RequestCountryCode
CDN-EdgeStorageId
CDN-PullZone
Host-ID
Content-Disposition
Fastly-Backend-Name
Expiry
X-NAPM-TraceId
DCR-Processing-Time-Ms
DCR-Decision-By
CDN-CachedAt
CDN-Cache
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Apple-News-Services-Handled
T-Server
Odigeo-Trace-Id
Apple-News-Services-Request-Url
Meta-Geo-Continent
M-TraceId
CDCHOST
X-Level-Front-Cache
MD5-Digest
BehaviorPad-Version
A
X-Ratelimit-Reset
X-Aed
X-A-Dam
X-Cms-Context
X-A-Dcw
X-A-Dgt
X-Session-Fingerprint
X-A-Ccd
Ec-Rule-Version
X-Vtex-Processado-Em
X-A
X-Cache-NE
X-Service
X-A-Wwc
X-Vdms-Version
X-Thanos
X-Developer
X-VG-WebServer
Fastcgi-X-Cache-Version
X-VG-WebCache
X-Sucuri-ID
X-Core-Value
X-EC-Lua
X-Destination
X-Connection-Hash
X-SRCache-Key
X-D
X-Application
X-TX-ID
X-BCube-Filmed-By
X-B-Cookie
X-S-Cookie
X-Rewrite-Enabled
X-CF-Lambda-Version
X-Vdms-Path
X-ScT
X-Rojux
X-S
X-From
X-ARC
X-Varnish-Beresp-Ttl
X-Cluster
X-Tb
Count-Hit
X-Parallel-Accel
X-Date
X-Envoy-Decorator-Operation
X-Backend-State
Gh-Request-Id
Fastly-SIE
X-Generated-By
X-Fastly-Cache
X-Developers
X-Gamma-Serve
Fastly-SWR
X-Forwarded-Site
X-Men
X-Micro-Cache
Location
Memcached
X-HN
X-Hash
UCS
X-Epic-Correlation-Id
Path
PFcat
X-Cache-Debug
Req-Svc-Chain
Pics-Label
X-Clara-WADP
Pagetype
X-Aicache-OS
X-Has-Esi
X-Clientip
X-GoCache-CacheStatus
X-JWT-State
X-Is-Gdpr
X-Branch-Name
X-Fmm-Version
Server-Host
X-Cache-Info
X-Accel-Expires-Debug
X-Req
X-Var-Ttl
X-TrackingId
X-Served-From
X-Varnish-Url
Cache-Host
X-Origin
CacheControlHeader
X-Platform-Server
X-Scheme
X-Rebelmouse-Surrogate-Control
X-Amz-Meta-S3cmd-Attrs
Esi-Enabled
X-Rebelmouse-Cache-Control
X-Request-Host
X-Request-UUID
X-Request-URI
X-VarnishDD-TTL
AKAMAI
Cmstype
X-VG-TLSProxy
X-NU-AKA-ACS-Version
Cmsid
X-WADP-Cache
X-Servername
X-Cache-Grace
X-NWS-UUID-VERIFY
Upgrade-Insecure-Requests
We-Hiring
X-Wikidot-Static-Cache
Wxu-Next-Region
Wxu-Next-Hostname
Wxu-Next-Commit
X-Device-Os
X-Gen-Mode
State
X-Generated-In
X-Csrf-Jwt
My-App
X-Wikidot-Backend
X-Rocket-Build-Number
X-Sigma
X-Variation
X-CGP
X-Esi-Check
X-Block-Status
X-DPWN-IS-SECURE
X-VC-Cache
Webserver
X-Cache-Tags
Thinkindot-CacheControl-Type
X-Thinkindot-L3
X-Slack-Backend
X-Sigma-Backend
X-Cache-Id
X-SVT-ORM-RULES
X-Fastly-Backend
X-Eu-Site
X-SVT-ORM-VERSION
X-Varnish-Ttl
Thinkindot-Control
X-Irp-Debug
Adler-Geo
NM-Fastcgi-Cache
Origin
X-Owner
X-Old-Content-Length
Cf-Device-Type
X-LI-UUID
NGX
Arc-Country
X-Origin-Expires
X-Li-Fabric
Mail-Subject
X-Li-Pop
Is-Eu
Thinkindot-CacheControl
Arc-Version
C-Via
PB-PID
PB-RID
X-RateLimit-Limit-Second
TDXMobile
X-Policy
Fastly-Drupal-HTML
X-Gzip
DSUID
X-RateLimit-Remaining-Second
Cache-Key
L
Platform
Ha-Gx-Prefs
HA-Ipaddr
X-HS-Content-Campaign-Id
L5d-Success-Class
X-Mvc-Supplant-Cachable
X-Hnp-Log
Kp-EeAlive
Source
GEO-INFO
X-Forwarded-Host
X-VServer
X-Nginx-Cache-Key
X-Minions-Version
Fastcgi-Cache-TTL
X-Loc
X-Viewer-Country
X-Via-NSCOPI
X-User
X-Fetched-On
X-FC-Vary-Parameters
X-Qloud-Router
X-GeoIP-City
X-DefHash
X-GeoIP
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Varnish-CookieHashed-On
X-Varnish-CookieINHashed-On
X-PF-Uncompressing
X-Skip-Cache
X-Planisys-CDN-Cache
X-SIPLIST1
X-Varnish-Remaining-TTL
Vix-Hermes-Req-Id
Sever-Int
Server-Hostname
True-Client-Country-4JS
Server-Ext
VNS-Cache
Release
VNS-Age
Locid
X-DefElseHash
Svr
IsBot
CPC-Cache
CPC-Age
X-TraceId
SID
X-Goog-Meta-Goog-Reserved-File-Mtime
Url
V-Age
X-Mvc-Supplant-OutputCached
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-OVcl-Cache
NtCoent-Length
X-OVcl
X-PJAX-URL
X-Unique-Id
X-Via-Popn
X-Via-Poph
X-Via-Popv
X-Vc
X-Zone
X-Orig-Expires
X-Tenant
Cf-Bgj
Cache-Hits
DB-Nickname
X-Shop-Environment
S-Rt
X-Refresh
X-Ua
Powered-By-ChinaCache
X-Forwarded-Path
X-Backend-TTL
X-Cache-Ttl
Magicmarker
Cross-Origin-Window-Policy
X-Geo
XServer
Geoip-Latitude
X-Internal-Host
X-NC
GeoIp-Country-Code
X-Ftr-Request-Id
X-LB-ID
MIME-Version
X-ID
Time
Memory
X-Conf
X-NCache
Content-Secure-Policy
X-Method
X-Dispatcher-Server
HostName
X-GEO
WebServer
X-BBC-Edge-Cache-Status
X-ZONE
X-Srv
X-TIME
X-IP
X-Ckpd-Fst-Backend
X-Worker
X-HP-Trace-Id
X-HostName
Server-ID
X-Auto-Login
X-Servedbyhost
Ssr
X-Li-Proto
X-Dynatrace
X-Newrelic-Synthetics
X-Nc
LB
X-V-Cache
X-LSADC-Cache
Hostname
X-Trv-Group
X-Vcl-Version
X-NewRelic-App-Data
X-Rocket-Nginx-Serving-Static
X-Qnm-Cache
X-Render-Time
X-M-Log
X-M-Reqid
Resin-Trace
X-DC
X-APP
X-Node-Id
X-Tb-Optimization-Total-Bytes-Saved
Env
X-Origin-Response-Time
X-Platform-Cluster
X-FTR-Request-ID
X-Tx-Id
X-Cache-Remote
X-Wa
X-Platform-Router
X-Platform-Processor
X-SD-PageType
Ohc-File-Size
X-Traceid
X-Via-CDN
Environment
X-MSEdge-Flight
X-MSEdge-Features
X-WA
X-App
X-CACHE-AGE
X-Datadog-Parent-Id
X-Datadog-Sampling-Priority
Sid
X-Datadog-Trace-Id
X-Reqid
X-HITS
X-DynaTrace-JS-Agent
X-VHOST
X-Varnish-Beresp-TTL
X-VCL-Version
X-Nyt-Route
X-Gdpr
X-Via-Ucdn
X-Cache-Config
X-Origin-Time
X-BBC-Origin-Response-Status
X-API-Version
X-ServerName
X-Server-IP
Cluster
X-Pod-Name
X-Edge-Pop
Viewtype
VivaBuild
CF-Cached-On
X-Cdn-Forward
Rt-Fastcgi-Cache
X-NodeID
X-Correlation-ID
Datacenter
Candidate-Md5Url
X-Wix-Viewer-Type
X-ElasticPress-Query
X-ND-Cache
Cf-Ipcountry
X-HS-Status
Machine
Server-Id
X-LI-Proto
Web-Mar-Region
X-ServedByHost
N-Cache
CDN
X-Akamai-Pragma-Client-IP
On-Server
X-Cache-Var-Map
FSS-Cache
X-Cache-Var
X-Cs
X-Dynatrace-Js-Agent
X-CCM
X-Oss-Server-Time
X-Oss-Request-Id
X-Oss-Object-Type
X-Oss-Storage-Class
X-NGINX-Cache
Proxy-Connection
Xc-Version
X-FTR-Realm
X-Oss-Hash-Crc64ecma
X-FTR-Cache-Status
X-FTR-DC
X-Swa-Ws
X-FTR-Balancer
X-FTR-Backend-Server
X-Country-Code-Real
X-FTR-Backend
GeoIP-Country-Code
X-Check-Cacheable
Tracecode
X-Lb-Id
WZWS-RAY
GeoIP-Latitude
Mime-Version
X-URL
X-Xrds-Location
X-Esi
X-CSRF-TOKEN
Ohc-Cache-HIT
X-Fastly-Backend-Reqs
Onion-Location
WWW-Authenticate
X-Varnish-Cacheable
Cdn
X-Via-PopN
X-Swift-Error
X-Cache-Backend
X-CUA
X-VC
X-Fastly-Request-Id
X-EIG-Tracking-Id
X-Via-PopV
X-Via-PopH
Servername
X-IN-APIGATEWAY
X-Pjax-Url
X-IN-APIGATEWAYSSL
X-FTR-Expires
CountryCode
SR-User-Adfree
URI
Cteonnt-Length
X-Region-Sid
X-SN
Instruction
X-Webkit-CSP-Report-Only
X-Provided-By
X-Air-Pt
CACHE
X-Contensis-Viewer-Groups
X-Varnish-Authentication
X-Cache-ASPX
X-UnsetCookies
X-LiteSpeed-Cache-Control
X-Depends-On
X-FORWARDED-FOR
Server-Ttl
X-TIM-N
X-Request-Start
X-Tid
X-StackifyID
Redirect-Candidate
X-RPS
Shield-Pop
X-Core-Mission
X-DI
X-Action
X-DB
X-DSS
ServerName
X-RSL
X-Fpc
X-RPM
Ohc-Response-Time
X-DW
X-Fastly-Cache-Hits
WP-Super-Cache
X-Dw-Trace-Id
X-Pad
X-SB
X-Snapshot-Date
X-Yottaa-OS
Lfy
CloudFront-Viewer-Country
X-Pf-Uncompressing
X-Matched-Rule
Warning
X-Webstats-RespID
X-ElasticPress-Search
X-Acquia-Purge-Tags
X-Acquia-Site
X-Cache-Expires
X-Acquia-Application-Trace
X-Acquia-Application-UUID
W
X-RAMCache
X-CCDN-CacheTTL
Xet-Cookie
X-CCDN-Origin-Time
X-Hcs-Proxy-Type
X-C
X-Mg-Request-Id
X-FPC
X-Apw-Hits
Content-Style-Type
X-Sn-Servicetimems
Content-Script-Type
X-Tt-Logid
X-Cdn-Origin
X-MiniProfiler-Ids
X-Apw-Access-Action
X-Cdn-Request-ID
X-TH-Server
X-Apw-Access-Token
X-Apw-Access-Object
Vha6-Origin
X-Cache-Status-Check