Threat Level: green Handler on Duty: Bojan Zdrnja

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-XSS-Protection
X-Powered-By
Pragma
CF-Cache-Status
Link
CF-RAY
ETag
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-UA-Compatible
X-Served-By
X-Varnish
Alt-Svc
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
X-Request-Id
Access-Control-Allow-Credentials
X-Runtime
X-FRAME-OPTIONS
X-Drupal-Cache
X-Adblock-Key
X-Check
X-Request-ID
X-Cache-Status
X-Generator
Content-Security-Policy-Report-Only
X-Permitted-Cross-Domain-Policies
X-Cacheable
X-Template
X-Language
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Iinfo
X-AspNetMvc-Version
X-Ua-Compatible
X-Buckets
Status
X-Content-Security-Policy
X-CDN
Content-Encoding
Upgrade
Access-Control-Expose-Headers
Access-Control-Max-Age
Keep-Alive
X-Kinja-Server-Push
X-Xss-Protection
X-Drupal-Dynamic-Cache
X-Turbo-Charged-By
Xkey
X-Pass-Why
X-Cache-Group
P3p
X-AH-Environment
X-Envoy-Upstream-Service-Time
CF-Ray
X-Backend
X-Age
X-Server
X-Via
X-Robots-Tag
X-Server-Powered-By
X-Amz-Request-Id
X-Amz-Id-2
X-Page-Speed
X-Pingback
EagleId
X-Proxy-Cache
X-Nginx-Cache-Status
X-UA-Device
X-Hacker
Request-Context
X-Ws-Request-Id
X-Varnish-Cache
Feature-Policy
Server-Timing
Grace
Cf-Railgun
X-Swift-SaveTime
X-Swift-CacheTime
X-Amz-Version-Id
Ali-Swift-Global-Savetime
X-Dns-Prefetch-Control
X-LiteSpeed-Cache
Report-To
X-Server-Id
X-Rq
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-WebKit-CSP
X-Host
X-Device
EagleEye-TraceId
X-OneAgent-JS-Injection
Content-Location
X-Response-Time
X-Origin-Cache
X-Node
X-Ac
Surrogate-Control
X-Vhost
X-Readtime
Request-Id
X-Backend-Server
X-Cloud-Trace-Context
X-Dispatcher
X-Origin-Upstream-Status
X-ORACLE-DMS-ECID
X-Cnection
X-HW
X-DataDome
X-Application-Context
X-ORACLE-DMS-RID
Fusion-Template-Id
Fusion-Content-Id
Fusion-Content-Source
Fusion-Source
Fusion-Component-Id
NEL
X-Mod-Pagespeed
X-Cache-Lookup
Edge-Control
X-Rack-Cache
Rating
X-Country
X-Akam-SW-Version
Pinterest-Generated-By
X-Clacks-Overhead
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Ruxit-JS-Agent
X-DynaTrace
X-Country-Code
X-Varnish-TTL
Allow
X-Instart-Request-ID
X-Goog-Hash
X-TtlSet
X-PC
X-Vname
Accept-Ch
X-TTL
X-ESI
X-FTR-Request-ID
Verso
X-Url
X-Powered-By-Plesk
Service-Worker-Allowed
Content-MD5
Accept-Ch-Lifetime
X-Forwarded-Proto
X-Version
X-MS-InvokeApp
X-GitHub-Request-Id
X-Kinja-Revision
X-Kinja-Server
X-Use-Magma
X-Kinja-Build
X-Kinja
X-Exp-Variant
X-GoogleNews-Bot
X-Cdn-Fetch
X-Exp-Id
Edge-Cache-Tag
X-B3-TraceId
RTSS
X-Px
Ar-Sid
AR-Request-ID
AR-PoweredBy
AR-ATIME
AR-CACHE
X-D2id
X-Debug
X-Abt-Application-Version
Charset
X-NF-Request-ID
SPRequestGuid
X-Server-Name
X-Amz-Server-Side-Encryption
X-Vcache
X-Powered-CMS
X-Accel-Expires
X-Cached
X-MSEdge-Ref
X-Amz-Rid
Arr-Disable-Session-Affinity
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Sol
X-Middleton-Display
Display
Pagespeed
X-Vcap-Request-Id
Response
X-Middleton-Response
X-Navigation-Version
X-Trace
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Fastcgi-Cache
X-Pinterest-Rid
Pinterest-Version
X-SharePointHealthScore
TCN
X-VARITI-CCR
Realpath
Public-Key-Pins
Cache-Tag
X-Cdn
Access-Control-Request-Method
X-Upstream
X-Client-IP
S
X-DynaTrace-JS-Agent
X-Fastly-Request-ID
MS-Author-Via
X-Ser
X-Shard
SPIisLatency
SPRequestDuration
X-Id
X-Hp-Webp
DynaTrace
X-Ezoic-Cdn
X-Forwarded-For
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
MRF-Tech
X-B3-TraceId-Primal
Mrf-Cache-Status
X-T
X-Amz-Meta-S3cmd-Attrs
X-Amzn-Trace-Id
X-Content-Type
Nginx-Cache
X-Recruiting
Front-End-Https
X-Grace
Fastcgi-Cache
X-Hits
X-Varnish-Age
X-DIS-Request-ID
ServerID
MicrosoftSharePointTeamServices
X-Mobile-URL
X-Dw-Request-Base-Id
NR-ENABLED
X-Element-Page-Cache
X-Content-Digest
X-Node-Name
X-Frontend
X-Goog-Generation
Powered
X-Goog-Metageneration
X-Goog-Storage-Class
X-GUploader-UploadID
X-HS-Cache-Config
X-HS-Content-Id
X-Goog-Stored-Content-Length
X-HS-Combine-CSS
X-Goog-Stored-Content-Encoding
X-HS-Hub-Id
Server-Name
X-Edge-O15-RID
X-FTR-Cache-Status
X-Country-Code-Real
X-FTR-Expires
Nel
Alternate-Protocol
X-Logged-In
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-Backend
X-FTR-Realm
X-FTR-DC
TP-L2-Cache
X-Correlation-Id
TP-Cache
Server-Node
X-Cache-TTL
X-Shield-Request-Id
X-Webapp-Samesite-None-Activated-N
X-XRDS-LOCATION
X-Webkit-Csp
AMP-Access-Control-Allow-Source-Origin
X-Request-Processing-Time
X-Request-Received
X-Microsite
X-Request-Handler-Origin-Region
Upgrade-Insecure-Requests
X-Content-Security-Policy-Report-Only
X-Origin-Server
Refresh
X-Content-Options
X-Page-Id
X-Revision
X-User-Agent
X-Akamai-Edgescape
X-Rid
X-Amzn-RequestId
X-Amz-Apigw-Id
Backend-Timing
X-Varnish-Grace
X-F-Cache
X-Cache-Hit
X-Server-ID
X-ATS-Timestamp
X-Jurisdiction
X-Type
Fastly-Restarts
X-XRDS-Location
X-Pad
X-Analytics
X-Geo-Country
X-Content-Powered-By
X-Activity-Id
X-Az
X-AppVersion
X-N
X-B3-Sampled
X-LB-Cache
X-B
X-Zen-Fury
X-URL
X-Kinsta-Cache
X-FTR-Cache-Host
X-RateLimit-Remaining
X-Cache-Age
PB-PID
PB-RID
X-TT
X-AOL-HN
X-WebKit-CSP-Report-Only
Paypal-Debug-Id
Arc-Version
X-Framework
X-Tumblr-User
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Ruxit-Js-Agent
X-App-Environment
X-Request-Guid
DC
X-Mobile-Rewrite
X-Jobs
X-Instance
Actual-Object-TTL
X-Debug-Info
Access-Control-Allow-Method
X-Signature
X-B-Cache
X-PHP-Backend
X-CST
X-FB-Debug
Cache-Status
FilterID
X-Load-Cache
X-Cache-Action
X-Varnish-Backend
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
Surrogate-Key
X-Git-Hash
Fastcgi-Useragent
Host-Header
X-Ttl
MS-CV
X-Cached-By
X-IPLB-Instance
X-B3-Traceid
X-Tt-Trace-Tag
X-SS-Set-Cookie
X-Amz-Replication-Status
X-Contextid
X-Time
X-Cluster
X-Tt-Trace-Host
X-ATG-Version
X-Srv
Frame-Options
X-Response-Served-From
X-Accel-Buffering
Tracecode
NGB
Source
X-FastCGI-Cache
X-Cache-Key
WPE-Backend
Host
Payment
X-Varnish-Server
Eomportal-Instance
X-Trafficlayer-App-Name
X-Trafficlayer-App-Scope
Xserver
X-Region
X-Varnish-Hostname
X-IPS-LoggedIn
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-RequestSource
X-FW-Serve
X-Adobe-Loc
X-Cache-2
X-Adobe-Content
Filters
Cache-Tv-Group
X-Cache-NE
X-Cacheable-TTL
X-FW-Type
X-FW-Static
X-FW-Server
X-FW-Hash
X-GeoIP
X-Cache-Enabled
Accept-CH
X-Mobile
X-TX-ID
X-WA-Info
Cleartype
X-Kong-Upstream-Latency
X-Host-Name
X-Kong-Proxy-Latency
X-Rendered-As
X-Is-Bot
X-NewRelic-App-Data
X-Seen-By
X-EdgeConnect-Cache-Status
X-Oneagent-Js-Injection
X-Cache-Rule
Healthy
X-Cache-Operation
X-Hostname
X-Origin-Response-Time
X-Cache-Control
X-Via-JSL
X-Cache-TTL-Remaining
Cache
X-Presslabs-Stats
Datacenter
X-HTML-Minification-Powered-By
X-VCache
X-Dc
Accept-CH-Lifetime
Ms-Operation-Id
Retry-After
X-RTag
X-ProcessESI
X-ORACLE-APMCS-REQUEST-ID
X-RemovedCookies
X-ORACLE-APMCS-TAG
X-UA
X-Rule
Server-Info
X-CACHE-KEY
X-RateLimit-Limit
From-Origin
Version
X-PressLabs-Stats
X-Status
X-Wix-Request-Id
Liferay-Portal
X-Cache-Server
X-Environment-Context
X-NWS-LOG-UUID
X-L-Path
X-Upgrade-Enabled
X-FireWall-Port
X-Endurance-Cache-Level
X-Source
X-RN-RSRV
X-Cache-Var
X-Path-Route
X-Cache-Var-Map
X-ES-SERVER
Meta-Geo
Selected-Fe
X-Proxy-Build
X-Handled-By
X-Timing-Wait
X-Hyper-Cache
OT-Force-Account-Verify
X-UUID
X-Storage
X-ShardId
X-ShopId
X-Proto
X-Backend-Name
X-Shopify-Stage
X-Goog-Meta-Goog-Reserved-File-Mtime
X-EIG-Tracking-Id
X-Sorting-Hat-PodId
X-Content-Age
X-Tb
X-Sorting-Hat-ShopId
X-Shopify-Generated-Cart-Token
X-Alternate-Cache-Key
Azure-Version
Cache-Tags
Azure-SlotName
X-Human
X-BYPASS-REASON
S-Rt
X-FC-Vary-Parameters
Decoy-Debug-TTL
X-ProxyCache-Status
Decoy-Debug-Status
Decoy-Debug-Key
DB-Nickname
Azure-SiteName
TWC-Locale-Group
X-Cache-Host
X-Qloud-Router
TWC-GeoIP-Country
TWC-Connection-Speed
X-Debug-Cache
TWC-GeoIP-LatLong
X-Pubstack
Azure-InstanceId
Azure-RegionName
Akamai-GRN
X-Cache-Config
X-Hosted-By
X-Format
X-AWS-Id
Webcakes-App-Name
TWC-Privacy
Webcakes-App-Version
Now
Webcakes-Region
X-Redis-Cache
X-JoinUs
X-PCL
Origin-Edge-Control
X-Hl-Ver
Origin-Cache-Control
X-Proxy
Node
X-LJ-Flow-ID
X-Generated-By
TWC-Device-Class
L5d-Success-Class
X-FW-Dynamic
Ec-Rule-Version
X-Akamai-Request-ID2
X-ProxyCache-Key
X-Origin
X-Origin-Hint
NGX
X-Access
X-Akamai-Request-ID
Property-Id
X-Yottaa-Metrics
X-Viewer-Country
X-Request-Time
X-Yottaa-Optimizations
X-Time-Microsecs
X-SaId
X-Vgn-Hpd-Reason
X-OCL
X-Soup
X-ServerID
X-VWS-Id
X-Section
X-Web-Node
X-Say-TTL
X-IP
X-Generated
X-Www-Served-By
X-SayCDN-TTL
X-Say-Cacheable
X-CCM
X-Locale
X-Xfnlog-Site
X-RCS-CacheZone
X-Site-Version
X-NYM-Debug-Backend
X-BCube-Filmed-By
Mn-Server-Ip
X-Varnish-Hits
X-MP-GENERATED-AT
X-TNCMS
X-Cluster-Node
X-Loop
X-Amzn-Remapped-Content-Length
X-Proxy-Cache-Status
X-APP-VERSION
Cache-Name
Viewport
X-App-Server
X-FB-TRIP-ID
X-R9-Blue-Green-Version
Cross-Origin-Window-Policy
X-Detected-As
Uber-Trace-Id
GEO-INFO
X-CS
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
Webserver
Time
X-Akamai-Transformed
X-Drupal-Cache-Tags
Accept-Charset
X-Unique-Id
X-NCache
X-From
X-Cache-Remote
X-Esi
X-UA-Device-Type
X-Edge-Location
Srv
X-TT-TIMESTAMP
X-Cluster-Name
X-Origin-TTL
X-Drupal-Cache-Contexts
X-Origin-CC
Mime-Version
Cache-Key
Country
Accept-Language
X-Mode
X-EC-Lua
Odigeo-Trace-Id
X-B3-Spanid
X-Newrelic-Synthetics
X-Microcachable
Ohc-Cache-HIT
Ohc-File-Size
X-Backend-TTL
X-CDN-Forward
Rt-Fastcgi-Cache
X-No-Session
X-Geo
X-Info
X-CLOUD-TRACE-CONTEXT
X-Forwarded-Host
Proxy-Connection
X-Labrador-Cache-Channel
X-PHP-Host
X-Real-IP
X-UPSTREAM-Address
X-Magnolia-Registration
X-Varnish-Cache-Hits
ServedBy
Content-Disposition
Fastly-SSL
X-Routing-Service
X-Whom
X-Proxied
X-Cache-Time
X-Zipkin-Id
X-ApacheServer
X-PERF
Cf-Ipcountry
X-A-Dam
X-A-Dcw
X-A-Ccd
X-A
VivaBuild
X-A-Dgt
X-A-Wwc
X-ARC
X-B-Cookie
X-Application
X-Aed
X-Accel-Expires-Debug
Viewtype
T-Server
Content-Style-Type
Fastcgi-X-Cache-Version
Content-Script-Type
BehaviorPad-Version
AsisCache
GEO-REGION-INFO
Machine
Powered-By
Rendered-Blocks
Mobile-Detection-Method
Meta-Geo-Continent
MD5-Digest
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Transaction
X-Trv-Group
X-SRCache-Key
X-Session-Fingerprint
X-ScT
X-Twitter-Response-Tags
X-Vdms-Version
X-Vtex-Remote-Cache
Xc-Version
X-Vtex-Processado-Em
X-VG-WebServer
X-VG-WebCache
X-S-Cookie
X-S
X-Destination
X-DPWN-IS-SECURE
X-Date
X-D
X-Connection-Hash
X-G
X-Geo-Header
X-Rewrite-Enabled
X-Rojux
X-Request-UUID
X-Region-Sid
X-GeoIP-Country-Code
X-UnsetCookies
X-External-Request-Id
X-App-Version
Access-Control-Request-Headers
X-Cache-Backend
User-Cache-Control
X-Device-Type
X-Thanos
X-TrackingId
X-Cache-Debug
X-Bip
X-SIPLIST1
X-Sigma-Backend
X-Rocket-Build-Number
X-Auto-Login
X-Via-Fastly
X-Cache-ASPX
X-Contensis-Viewer-Groups
Server-Surrogate-Control
IsBot
X-WebServer
Gh-Request-Id
Environment
W
X-VG-TLSProxy
X-VC-Cache
Server-Cache-Control
X-Sigma
X-CUA
X-Logging-Id
X-Varnish-Authentication
X-Tumblr-Pixel-3
X-B3-Parentspanid
X-C
Web-Mar-Node
X-Debug-Log
X-Developers
X-Debug-Cookies
X-Debug-Cache-Fetch
Wxu-Next-Commit
X-Debug-Cache-Expiry
X-Dispatcher-Server
X-Debug-Cache-Store
X-Distil-CS
V-Age
X-FW-Version
X-Gamma-Serve
X-Fastly-Cache
X-Eu-Site
X-Distributor
We-Hiring
X-Epic-Correlation-Id
Wxu-Next-Hostname
X-Core-Mission
X-AK-Request-ID
X-Cache-Bucket
X-Agile-Id
X-Block-Status
X-App-Name
X-Backend-State
X-BBXSRF
X-Gen-Mode
X-Agile-Age
X-Cache-Info
X-Clara-WADP
X-Clientip
X-Cms-Context
X-CGP
X-Cdn-Srv
X-Cache-URL
X-Agile
Wxu-Next-Region
X-Instart-Isnd
X-SVT-ORM-RULES
X-Sucuri-Cache
X-SVT-ORM-VERSION
X-Swa-Ws
X-TH-Server
X-Request-URI
X-Req
X-Proxy-Upstream
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Render-Time
X-Trace-Id
X-TT-LOGID
X-We-Are-Hiring
X-Webstats-RespID
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-WADP-Cache
X-VServer
X-Urbn-Context-Path
X-Urbn-Site-Id
X-Uri
X-User
X-Owner
X-OVcl-Cache
X-IN-APIGATEWAYSSL
X-IN-APIGATEWAY
True-Client-Country-4JS
X-Irp-Debug
X-Key
X-Hnp-Log
X-Hit
X-Generation-Time
X-GeoIP-City
X-GoCache-CacheStatus
X-Hash
X-Li-Pop
X-LI-Proto
X-NX-Host
X-Origin-Date
X-Origin-Expires
X-OVcl
X-NodeID
X-Nginx-Cache-Key
X-LI-UUID
X-Location
X-Ms-Request-Id
X-Ms-Version
X-Generated-In
X-Li-Fabric
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
RNT-Time
Apple-News-Services-Handled
FNAC-ModuleRouting
Countrycode
AKAMAI
Apple-News-Services-Request-Url
RNT-Machine
Cdnsip
Request-EU
CDCHOST
Cache-Host
Fastly-Backend-Name
Mail-Subject
Fastly-Soc-X-Request-Id
Ha-Gx-Prefs
HA-Ipaddr
Locale
Cdncip
Locid
Memcached
Country-Code
Server-ID
Server-Int
Kp-EeAlive
IBM-Web2-Location
Request-Country
Heartbleed
Section-Io-Cache
X-Varnish-Beresp-Grace
Geo-Info
X-Varnish-Beresp-Ttl
X-Varnish-Beresp-Status
X-NGENIX-Cache
X-Core-Value
Is-Eu
X-Generated-On
X-Level-Front-Cache
X-ServiceProvider
X-Service
X-S-Maxage
X-Thinkindot-L3
X-Trafficlayer-App-Version
X-Variation
X-Up
X-Reboot
X-Platform-Server
X-Is-Gdpr
X-Internal-Host
X-JWT-State
X-NU-AKA-ACS-Version
Adler-Geo
X-Old-Content-Length
X-Has-Esi
X-Matched-Rule
X-Cache-Tags
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
PFcat
Platform
X-Daa-Tunnel
X-Azure-Ref
Thinkindot-Control
Server-Host
ServerName
X-Refresh
X-Response-By
X-Rebelmouse-Surrogate-Control
Fastly-SWR
X-Rebelmouse-Cache-Control
X-Lb-Id
Fastly-SIE
Cache-Hits
X-Micro-Cache
X-TA-CDN-Provider
HitType
RequestId
X-Servername
X-Server-W
X-SERVER
X-Server-IP
X-Nc
X-Cdn-Forward
X-Nginx-Cache
X-Fetched-On
X-Tb-Optimization-Total-Bytes-Saved
X-CF-Powered-By
X-NC
X-B3-SpanId
ProcessTime
Memory
X-Cdn-Request-ID
Media-Length
X-Parent-Response-Time
X-Tec-Api-Root
X-Pjax-Url
X-CSRF-Token
X-Tec-Api-Origin
X-Tec-Api-Version
X-CSRF-TOKEN
X-BACKEND-TTL
Origin
X-TIME
SRV
User-Agent
X-Wa
TTL
X-Air-Hostname
X-Pf-Uncompressing
Geoip-Latitude
X-NGINX-Cache
GeoIp-Country-Code
Esi-Enabled
X-Cache-Expired-At
X-Vcl-Version
Pragrma
Group
X-Reqid
X-Var-Ttl
X-AIR-PT
X-Correlation-ID
X-Ua
X-Unique-ID
HostName
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Policy
X-Sucuri-Id
X-Sucuri-ID
Powered-By-ChinaCache
X-Rocket-Nginx-Bypass
S-Cnection
X-Request-Start
PICS-Label
X-COUNTRY
Filterid
Rt-Proxy-Cache
X-Azure-Ref-OriginShield
SN
X-Webkit-CSP
X-Servedbyhost
X-Varnish-Cacheable
X-Litespeed-Cache
Geoip-City
Load-Balancing
Magicmarker
X-Via-Ucdn
X-Method
X-Varnish-Ttl
XServer
X-NWS-UUID-VERIFY
X-Fastly-Country-Code
X-Via-CDN
X-HS-Status
M-TraceId
Ohc-Response-Time
X-FORWARDED-FOR
DSUID
Release
Tcn
X-ServedByHost
X-Developer
Dnion-Transfer-Encoding
X-MServer
X-VCT
X-Sn-Servicetimems
CF-Cached-On
NtCoent-Length
X-Cdn-Origin
X-Cache-Grace
X-Cache-Ttl
X-LAGOON
X-Ocache
X-Be
Cdn
Who
Resin-Trace
X-Node-Id
X-Device-Os
X-Svr
X-Hp-Ccpa-Warning
X-Zone
X-VHOST
X-Ftr-Cache-Host
X-Bc
Vix-Hermes-Req-Id
X-MSEdge-Features
On-Server
X-MSEdge-Flight
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-Oss-Storage-Class
X-Oss-Server-Time
X-Oss-Request-Id
A
Cteonnt-Length
X-Ratelimit-Remaining
Pics-Label
X-APP
X-Request-Host
X-VarnishDD-TTL
X-VCL-Version
X-Configured-By
Cloudfront-Viewer-Country
GeoIP-Country-Code
MIME-Version
X-Oracle-Dms-Rid
X-Beluga-Status
X-WR-MODIFICATION
X-Beluga-Response-Time
SD-X-WS
X-Beluga-Record
X-Beluga-Cache-Status
Ttl
GeoIP-Latitude
X-Beluga-Trace
X-Varnish-Url
X-SD-PageType
X-Beluga-Node
X-Cache-Status-Check
X-DC
X-LiteSpeed-Cache-Control
X-Fastly-Backend-Reqs
X-PF-Uncompressing
GeoIP-City
X-Varnish-URL
X-SN
X-Compress-Hint
X-Cache-Id
X-Newrelic-App-Data
X-Upstream-Ht
X-Upstream-Ct
X-Tid
X-Release
CACHE
X-Ftr-Request-Id
X-SRV
Host-ID
L
X-Via-NSCOPI
X-PJAX-URL
X-Ratelimit-Limit
X-HostName
Hostname
X-BE
X-Scheme
X-Aicache-OS
Processtime
X-Dynatrace
LB
Servername
X-Dynatrace-Js-Agent
X-Swift-Error
Cache-Provider
X-Fastly-Cache-Hits
WebServer
X-ID
X-Slack-Backend
Cache-Cookie-Set-Lfrom
UCS
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
X-Frame-Option
Amp-Access-Control-Allow-Source-Origin
X-Cc-Req-Id
X-Action
X-Ftr-Realm
X-Cc-Via
X-Ftr-Dc
X-DB
D-Cc-Upstream
X-DSS
Requestid
X-RPS
X-RPM
Dynatrace
X-StackifyID
X-DW
X-RSL
X-LB-ID
X-Varnish-Beresp-TTL
X-Ftr-Balancer
CF-IPCountry
Pagetype
X-Ftr-Backend
Lfy
CDN
X-Ftr-Backend-Server
X-Snapshot-Date
X-DI
X-ServerName
X-Branch-Name
X-CACHE-AGE
Proxy-Firewall
X-VC
X-SB
Warning
X-Processor
X-ZONE
X-Server-Time
X-Edge-IP
X-Skip-Cache
X-Apw-Access-Action
Arc-Country
V-Cache
Pramga
X-Dispatch
X-Cache-FS-Status
X-Fastly-Cache-Status
X-Apw-Hits
X-FPC
WZWS-RAY
X-Node-ID
X-Apw-Access-Object
X-Apw-Access-Token
X-PAYTM-SRV-ID
NnCoection
Backend-Name
Correlation-Id
X-App
Lb
X-Litespeed-Cache-Control
X-Hello
X-Flog
X-ABtesting
X-BC
X-Worker
X-Amzn-Remapped-Connection
X-Powered-Y
X-Request-URL
X-Amzn-Remapped-Date
X-ElasticPress-Search
X-Request-Url
WP-Super-Cache
X-Check-Cacheable