Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Link
Cf-Request-Id
CF-Cache-Status
Accept-Ranges
CF-RAY
ETag
X-XSS-Protection
Expect-CT
Pragma
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-UA-Compatible
X-Cache-Hits
Alt-Svc
P3P
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Varnish
X-Request-Id
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Check
X-Cache-Status
X-Generator
X-Cacheable
Timing-Allow-Origin
X-Request-ID
P3p
X-Content-Security-Policy
X-Iinfo
Status
Feature-Policy
X-Envoy-Upstream-Service-Time
Content-Encoding
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
X-CDN
X-AspNetMvc-Version
Upgrade
X-Via
CF-Ray
Access-Control-Max-Age
X-Ws-Request-Id
Server-Timing
EagleId
Keep-Alive
X-Cache-Group
X-Turbo-Charged-By
Request-Context
X-Age
X-Server-Powered-By
X-Proxy-Cache
X-UA-Device
X-AH-Environment
X-Backend
X-Hacker
X-Robots-Tag
Report-To
X-Amz-Request-Id
Host-Header
X-LiteSpeed-Cache
X-Server
X-Dns-Prefetch-Control
X-Amz-Id-2
Grace
X-Rq
X-Nginx-Cache-Status
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-WebKit-CSP
X-Page-Speed
X-Vhost
X-OneAgent-JS-Injection
EagleEye-TraceId
X-Amz-Version-Id
X-Pingback
X-Dispatcher
X-Device
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Cache-Spec
NEL
X-Server-Id
X-Host
X-Backend-Server
X-Node
Cf-Railgun
X-Readtime
Accept-CH
X-Akam-SW-Version
Surrogate-Control
Request-Id
X-Response-Time
X-HW
X-Language
Xkey
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Accept-Ch-Lifetime
X-Template
X-Application-Context
Content-Location
Rating
X-Ruxit-JS-Agent
X-Ua-Compatible
X-Country
X-B3-TraceId
X-Cloud-Trace-Context
X-Cache-Lookup
X-Ac
X-Buckets
X-Content-Type
Allow
X-Trace
X-Url
X-PC
X-Vname
X-TtlSet
Accept-CH-Lifetime
X-Mod-Pagespeed
X-Varnish-TTL
X-Clacks-Overhead
Edge-Control
X-FastCGI-Cache
Cache-Tag
X-ESI
Fastly-Restarts
X-Rack-Cache
X-Server-Name
Service-Worker-Allowed
X-VARITI-CCR
X-Element-Page-Cache
Verso
X-MS-InvokeApp
X-GitHub-Request-Id
X-Upstream
Accept-Ch
X-Amz-Rid
MS-Author-Via
X-Vcap-Request-Id
Public-Key-Pins
X-Dw-Request-Base-Id
X-Cached
X-Client-IP
X-D2id
X-Abt-Application-Version
X-Origin-Cache
X-Cache-TTL
Arr-Disable-Session-Affinity
X-Country-Code
X-Cnection
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-Powered-By-Plesk
X-Px
X-Aws-Lambda-Call-Status
Access-Control-Request-Method
X-Goog-Hash
X-NF-Request-ID
X-Navigation-Version
X-Version
X-Instrumentation
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
RTSS
X-Amz-Server-Side-Encryption
X-Powered-CMS
X-Sol
X-Middleton-Display
Display
Pagespeed
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Middleton-Response
Response
X-Kinja-Server
X-Use-Magma
X-Kinja-Revision
X-GoogleNews-Bot
X-Kinja-Build
X-Cdn-Fetch
X-Exp-Id
X-Exp-Variant
X-Kinja
X-MSEdge-Ref
X-LLID
X-Edge
X-Edge-Location-Klb
X-Kinsta-Cache
X-TTL
Nginx-Cache
AR-SID
AR-Request-ID
AR-PoweredBy
AR-CACHE
AR-ATIME
X-B3-TraceId-Primal
Mrf-Cache-Status
MRF-Tech
X-Shield-Request-Id
S
X-Jurisdiction
Content-MD5
X-T
X-CST
X-HP-Trace-Id
X-HP-Webp
X-Protected-By
X-Forwarded-For
X-Content-Security-Policy-Report-Only
TCN
X-Aspnetmvc-Version
X-Id
X-Mg-S
X-Mid
Fastcgi-Cache
X-MCACHE
X-RateLimit-Remaining
Realpath
Edge-Cache-Tag
SPIisLatency
Front-End-Https
SPRequestDuration
X-Parallel-Accel
X-Recruiting
X-Request-Received
X-Request-Processing-Time
Filters
Pinterest-Generated-By
X-Pinterest-Rid
Fusion-Deployment-Id
Fusion-Template-Id
Server-Node
Fusion-Content-Source
Fusion-Source
Fusion-Content-Id
Fusion-Component-Id
Pinterest-Version
X-DynaTrace
X-Ua-Browser
X-Content
X-Ab
SPRequestGuid
X-SharePointHealthScore
X-Ruxit-Js-Agent
X-Correlation-Id
X-Ezoic-Cdn
X-Ttl
Server-Name
X-ECACHE
Alternate-Protocol
X-NWS-LOG-UUID
X-HS-Hub-Id
X-HS-Combine-CSS
X-HS-Cache-Config
X-HS-Content-Id
X-Frontend
X-Accel-Expires
X-Hits
X-Yandex-Sdch-Disable
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Content-Options
X-Cache-Key
MicrosoftSharePointTeamServices
Cache-Tags
X-Page-Id
Host
X-Git-Hash
Charset
X-Kong-Proxy-Latency
X-Webkit-CSP
X-Kong-Upstream-Latency
Cleartype
X-B3-Sampled
X-Www-Served-By
X-Geo-Country
X-Ser
X-Amz-Replication-Status
X-Content-Digest
TP-Cache
TP-L2-Cache
X-Forwarded-Proto
Filterid
X-VCache
X-Amzn-Trace-Id
X-Varnish-Age
X-AppVersion
X-Hostname
X-Az
X-Activity-Id
X-Daa-Tunnel
X-DIS-Request-ID
X-Debug-Info
X-Fastly-Request-Id
X-Rid
X-Upgrade-Enabled
X-Origin-Server
Access-Control-Allow-Method
X-Grace
X-Request-Handler-Origin-Region
X-N
X-Origin-Upstream-Status
X-Microsite
X-XRDS-LOCATION
X-FB-Debug
X-LB-Cache
X-Nginx-Upstream-Cache-Status
ServerID
X-Mobile-URL
X-Providence-Cookie
X-Is-Crawler
X-Aspnet-Duration-Ms
X-Flags
X-Route-Name
X-Request-Guid
X-Server-ID
X-Whom
X-TT
X-F-Cache
X-Goog-Generation
Cross-Origin-Opener-Policy
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-NGENIX-Cache
X-Goog-Storage-Class
X-GUploader-UploadID
X-Goog-Stored-Content-Encoding
X-Varnish-Grace
X-App-Server
X-Tb
X-App-Environment
X-Distributor
Viewport
Payment
X-FW-Dynamic
X-FW-Hash
X-WebKit-CSP-Report-Only
X-FW-Serve
X-FW-Static
X-FW-Server
X-FW-Type
DC
Paypal-Debug-Id
Node
X-PressLabs-Stats
X-Cache-Control
X-Logged-In
X-Seen-By
Fastcgi-Useragent
X-Type
X-User-Agent
X-Cache-Age
Country
Accept-Charset
X-Ratelimit-Limit
X-Fastly-Request-ID
X-Cache-Rule
X-Varnish-Backend
Version
X-Load-Cache
X-Wix-Request-Id
X-Erf-Bev-Bev
X-Browser-Type
X-Erf-Bev-Bev-Is-Generated
X-Node-Name
X-Cache-Action
Refresh
X-IPLB-Instance
X-Via-JSL
Referer-Policy
Access-Control-Request-Headers
X-Response-Served-From
X-Drupal-Cache-Tags
X-Original-Request-Id
SD-X-WS
X-Vgn-Hpd-Reason
Cache-Status
X-Page-View
X-Jobs
X-DataDome
X-Rendered-As
X-UUID
X-Real-IP
X-Proxy-Cache-Status
X-Is-Bot
X-Cacheable-TTL
VIX-Pulpo-Upstream-Status
X-Revision
VIX-Pulpo-Node
X-B-Cache
NGB
X-B
X-Cache-Expired-At
X-Contextid
DynaTrace
X-Cluster-Name
X-ProcessESI
X-Debug
X-RemovedCookies
X-Signature
X-Tec-Api-Version
X-Tec-Api-Origin
X-Fastcgi-Cache
X-Tec-Api-Root
Liferay-Portal
X-Mobile
X-Proxy
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Rule
X-Drupal-Cache-Contexts
X-Device-Type
X-Cache-Time
Surrogate-Key
X-Debug-IsConnected
X-Debug-IsPreview
X-Instance
X-Framework
Akamai-GRN
X-G
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-FW-Version
X-Azure-Ref
Amp-Access-Control-Allow-Source-Origin
Healthy
X-Air-Hostname
SID
X-Air-Trace-Id
X-Air-Source
X-Source
X-Oracle-Dms-Rid
X-Oracle-Dms-Ecid
CF-IPCountry
X-Ms-Request-Id
X-Ms-Version
Frame-Options
X-Oneagent-Js-Injection
Ms-Operation-Id
MS-CV
X-Cache-Hit
X-RTag
X-Nginx-Cache
Section-Io-Cache
X-CDN-Forward
X-Tumblr-User
X-Tumblr-Pixel-1
Countrycode
X-Environment-Context
X-Tumblr-Pixel
X-L-Path
X-Tumblr-Pixel-0
Xserver
X-Varnish-Server
X-XRDS-Location
Count-Hit
X-Cache-Operation
X-Region
GEO-INFO
X-APP-VERSION
Uber-Trace-Id
X-EdgeConnect-Cache-Status
X-Servername
X-Forwarded-Host
X-Content-Powered-By
X-Litespeed-Cache
X-Backend-Name
X-Mode
X-Accel-Buffering
Cross-Origin-Window-Policy
X-IPS-LoggedIn
Backend
Ec-Rule-Version
X-Adobe-Content
X-Adobe-Loc
X-Zen-Fury
X-Sorting-Hat-PodId
X-JoinUs
X-Ratelimit-Reset
X-Sorting-Hat-ShopId
X-Alternate-Cache-Key
X-SaId
X-ShardId
X-Shopify-Stage
X-RN-RSRV
Meta-Geo
X-Detected-As
X-UPSTREAM-Address
X-ShopId
X-Sql-Duration-Ms
X-Microcachable
X-Generation-Time
Eomportal-Instance
X-Cache-Server
X-Varnish-Beresp-Grace
Country-Code
X-Sql-Count
X-Hosted-By
X-Human
X-Cache-Type
X-Cache-Grace
X-Redis-Cache
X-Debug-Cache
X-Uri
X-Cache-TTL-Remaining
Apigw-Requestid
Cache-Name
Url
Mn-Server-Ip
X-BYPASS-REASON
Decoy-Debug-TTL
Decoy-Debug-Status
Decoy-Debug-Key
Cache-Tv-Group
X-Tid
X-FB-TRIP-ID
X-ProxyCache-Status
X-ProxyCache-Key
X-Via-Fastly
X-UA-Device-Type
X-Status
X-Site-Version
X-Storage
X-PHP-Backend
X-ServerID
X-RateLimit-Limit
X-Origin-Date
X-No-Session
X-NCache
X-Cache-Host
X-Web-Node
X-Origin-Hint
X-R9-Blue-Green-Version
X-Format
X-Proxy-Build
Fastly-SSL
X-Timing-Wait
X-PCL
X-OCL
Selected-Fe
X-SayCDN-TTL
Webcakes-App-Name
X-Say-TTL
Webcakes-Region
X-Say-Cacheable
X-Akamai-Edgescape
TWC-Privacy
TWC-Locale-Group
Protected
Property-Id
TWC-Connection-Speed
TWC-Device-Class
TWC-GeoIP-LatLong
TWC-GeoIP-Country
DB-Nickname
Webcakes-App-Version
X-Time
OT-Force-Account-Verify
X-Pubstack
X-Routing-Service
X-ApacheServer
X-Varnishpool
X-Server-W
X-Cache-NGX
X-PERF
X-Extlb
X-Access
X-Hl-Ver
X-Azure-Ref-OriginShield
X-Zipkin-Id
X-NYM-Debug-Backend
X-Proxied
X-Section
Azure-SiteName
X-Rewrite-Enabled
Azure-SlotName
Azure-RegionName
Azure-InstanceId
Azure-Version
X-Be
Content-Secure-Policy
X-Cluster-Node
X-LSADC-Cache
Source
X-Soup
X-App-Version
X-Webkit-Csp
X-Ua
X-Content-Age
X-HTML-Minification-Powered-By
X-Cache-Var-Map
X-Cache-Var
CDN-Uid
X-Cached-By
CDN-CachedAt
CDN-EdgeStorageId
CDN-PullZone
X-NewRelic-App-Data
CDN-RequestCountryCode
CDN-RequestId
CDN-Cache
Content-Disposition
X-Amz-Meta-S3cmd-Attrs
X-TT-LOGID
X-Dc
X-SRV
X-Generated-By
Cache
SRV
X-LAGOON
X-Hyper-Cache
X-Bc-Bl
X-TNCMS
X-Varnish-Hits
X-Varnish-Hostname
Webserver
X-Loop
X-Unique-Id
Onion-Location
X-Presslabs-Stats
X-S-Maxage
X-Nginx-Cache-Key
X-Auto-Login
Retry-After
Cache-Hits
X-Trace-Id
X-Tumblr-Pixel-2
X-GEO
Xet-Cookie
X-Origin-CC
X-Tumblr-Pixel-3
Web-Mar-Node
X-Origin-TTL
X-Ratelimit-Remaining
X-Proto
X-Cdn
LB
X-M-Reqid
X-M-Log
X-Time-Microsecs
X-Tenant
X-Qnm-Cache
X-Endurance-Cache-Level
X-Akamai-Transformed
X-Platform-Server
X-Edge-Location
X-CSRF-Token
HostName
X-CACHE-KEY
X-VWS-Id
X-LJ-Flow-ID
X-GG-Cache-Date
X-AWS-Id
CloudFront-Viewer-Country
X-Mg-Request-UUID
X-ECache
Mime-Version
X-B3-SpanId
N-Cache
AMP-Access-Control-Allow-Source-Origin
X-Xrds-Location
X-Amz-Apigw-Id
X-Labrador-Cache-Channel
X-Xfnlog-Site
X-PHP-Host
X-Amzn-RequestId
X-Cache-Tags
WPO-Cache-Message
WPO-Cache-Status
X-Storefront-Renderer-Rendered
X-Cache-Remote
X-RCS-CacheZone
Upgrade-Insecure-Requests
X-Varnish-Cache-Hits
X-Correlation-ID
ServedBy
X-Handled-By
Nel
X-Request-Time
X-Locale
X-Origin-Response-Time
X-Adobe-Source
X-AOL-HN
Redirect-Candidate
Pramga
X-Cache-NE
Rendered-Blocks
X-ARC
X-Forwarded-Path
X-CF-Lambda-Version
X-Processor
X-Cache-Date
X-Orig-Expires
X-Hnp-Log
X-Ig-Push-State
X-B-Cookie
A
X-NAPM-TraceId
Fastcgi-X-Cache-Version
BehaviorPad-Version
DCR-Processing-Time-Ms
DCR-Decision-By
DSUID
X-D
Expiry
X-ND-Cache
X-Gen-Mode
X-Planisys-CDN-Cache
X-PBS-Appsvrname
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Ftr-Request-Id
X-PAYTM-SRV-ID
Odigeo-Trace-Id
X-Via-NSCOPI
X-Block-Status
Meta-Geo-Continent
Mobile-Detection-Method
Origin
Surrogated-Key
X-VG-WebCache
X-SVT-ORM-RULES
X-A-Ccd
X-Vdms-Version
X-A
X-Slack-Backend
X-Shop-Environment
User-Cache-Control
X-Developer
X-Destination
X-Vdms-Path
X-SVT-ORM-VERSION
X-Ckpd-Fst-Backend
X-V-Cache
X-Aed
X-CF-Lambda-Fn
X-Cluster
X-TIM-N
X-A-Dam
X-A-Dcw
X-A-Dgt
X-A-Wwc
X-Session-Fingerprint
X-SRCache-Key
X-Request-Host
X-S
X-External-Request-Id
X-Application
X-S-Cookie
Xc-Version
X-Vtex-Processado-Em
X-Conf
X-ScT
X-Rojux
X-Vtex-Remote-Cache
X-VC-Cache
X-SD-PageType
State
X-Fastly-Cache
X-Connection-Hash
Server-Info
Environment
X-TIME
X-ATG-Version
X-MP-GENERATED-AT
X-Reqid
X-Li-Pop
X-Li-Fabric
Release
X-Date
Fastcgi-Cache-TTL
Gh-Request-Id
X-BBC-Edge-Cache-Status
X-Accel-Expires-Debug
X-Hash
L
Vix-Hermes-Req-Id
X-Forwarded-Site
Cmstype
V-Age
Origin-EX
X-Device-Os
Traceparent
Req-Svc-Chain
Wxu-Next-Commit
Origin-CC
Host-ID
X-Fetched-On
X-Geo-Header
Wxu-Next-Region
X-Gdpr
Wxu-Next-Hostname
X-Epic-Correlation-Id
X-Cache-Bucket
X-Proxy-Upstream
Cmsid
X-Core-Mission
X-Cache-Info
X-Policy
X-Owner
X-Nyt-Route
X-Old-Content-Length
X-Origin-Expires
X-Origin-Time
X-Rocket-Nginx-Serving-Static
X-Scheme
X-Sucuri-ID
X-VG-TLSProxy
X-TH-Server
X-Varnish-Beresp-Status
X-Sucuri-Cache
X-VServer
X-Served-From
X-Server-IP
X-Skip-Cache
X-Mvc-Supplant-Cachable
X-Cache-Debug
CacheControlHeader
X-Location
X-Core-Value
AKAMAI
CDCHOST
Arc-Country
X-Men
X-LI-UUID
From-Origin
True-Client-Country-4JS
X-Envoy-Decorator-Operation
X-Sigma
X-Sigma-Backend
X-Developers
X-Datadog-Parent-Id
Thinkindot-CacheControl
TDXMobile
Thinkindot-CacheControl-Type
Thinkindot-Control
Svr
X-Irp-Debug
X-Datadog-Sampling-Priority
X-Thanos
X-VarnishDD-TTL
X-Thinkindot-L3
X-TrackingId
X-Aicache-OS
X-Cdn-Origin
Datacenter
Candidate-Md5Url
We-Hiring
X-Rocket-Build-Number
Web-Mar-Region
X-Sn-Servicetimems
X-Level-Front-Cache
X-Viewer-Country
X-EC-Lua
X-Esi-Check
NGX
X-Branch-Name
Apple-News-Services-Handled
Apple-News-Services-Host
X-Gamma-Serve
X-Platform
X-HS-Content-Campaign-Id
X-HN
X-Generated-On
X-Bip
X-GeoIP-City
X-Gzip
X-GeoIP
Locid
Mail-Subject
Machine
X-Datadog-Trace-Id
Fastly-SWR
X-Req
X-Region-Sid
X-Rebelmouse-Surrogate-Control
X-Fastly-Backend
X-Magnolia-Registration
X-Request-Start
Server-Host
Apple-News-Services-Request-Url
X-Rebelmouse-Cache-Control
Fastly-SIE
X-Webstats-RespID
X-Cache-Config
PFcat
Fastly-GeoIP-CountryCode
X-Cache-Id
Apple-News-Services-Parsed-Url
X-NodeID
X-FireWall-Port
X-CS
X-Cdn-Srv
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Node-Id
X-Qloud-Router
X-Request-URI
X-Worker
X-Variation
X-Varnish-CookieINHashed-On
X-CGP
X-UnsetCookies
X-Varnish-Remaining-TTL
Sslversion
X-Pod-Name
X-FC-Vary-Parameters
X-Has-Esi
X-Eu-Site
X-DPWN-IS-SECURE
X-DefHash
X-Is-Gdpr
X-Csrf-Jwt
X-Origin
X-Varnish-CookieHashed-On
X-NU-AKA-ACS-Version
X-Loc
X-JWT-State
X-DefElseHash
X-Amzn-Remapped-Content-Length
Is-Eu
L5d-Success-Class
Memcached
Platform
HA-Ipaddr
Ha-Gx-Prefs
X-Zone
Adler-Geo
Cf-Device-Type
X-Backend-State
NM-Fastcgi-Cache
X-Varnish-Beresp-Ttl
Fastly-Drupal-Html
X-Response-By
X-Datadome
X-Up
On-Server
Ssr
X-CLOUD-TRACE-CONTEXT
X-Mvc-Supplant-OutputCached
WWW-Authenticate
X-Tx-Id
Esi-Enabled
CDN
WP-Super-Cache
X-API-Version
X-LB-ID
Pics-Label
X-Vc
Ms-Author-Via
X-Generated-In
X-NC
X-Trace-ID
Memory
X-LB-NoCache
NtCoent-Length
X-Backend-TTL
X-Service
X-Refresh
Time
C-Via
X-Cache-Enabled
X-DynaTrace-JS-Agent
X-TA-CDN-Provider
X-URL
X-Cache-PHP
X-Edge-Pop
X-Via-Popn
X-Via-Popv
X-Via-Poph
X-GeoIP-Region-Code
X-GeoIP-Country-Code
X-Dynatrace
X-NWS-UUID-VERIFY
X-Varnish-Ttl
Magicmarker
X-Tb-Optimization-Total-Bytes-Saved
X-Tt-Logid
X-Render-Time
X-TraceId
X-Cache-Status-Check
X-Optimistic-Header
X-DC
Env
GeoIp-Country-Code
X-Parent-Response-Time
X-Servedbyhost
X-CacheTTL
X-Restarts
X-Esi
X-Srv
Kp-EeAlive
X-Info
Server-ID
X-TX-ID
X-ZONE
X-Varnish-Beresp-TTL
X-Unique-ID
S-Rt
X-RSL
X-RPS
X-AIR-PT
X-DW
X-RPM
X-DB
Edge-Cache
X-Action
X-DI
X-Wix-Viewer-Type
X-MSEdge-Flight
X-Cache-Backend
X-MSEdge-Features
X-DSS
Proxy-Connection
X-Cs
X-Webkit-CSP-Report-Only
WebServer
X-Clientip
X-VCL-Version
X-Traceid
X-Newrelic-Synthetics
X-Cache-Ttl
X-HA-Backend
X-Oss-Storage-Class
X-Oss-Server-Time
Cache-Host
X-Oss-Request-Id
HIT
X-Oss-Hash-Crc64ecma
X-LI-Proto
X-App
X-Minions-Version
X-Fpc
UCS
X-Oss-Object-Type
Test
X-Webkit-Csp-Report-Only
S-Cnection
X-Li-Proto
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
Section-Io-Origin-Status
X-Akamai-Request-ID2
X-Http-Reason
Section-Io-Id
X-Vcl-Version
X-FPC
Lb
X-LiteSpeed-Cache-Control
X-NODE
User-Agent
Accept-Language
Server-Id
X-Micro-Cache
Tcn
Geo-Info
Fastly-Backend-Name
X-B3-Spanid
X-Backend-Host
X-Pass-Why
X-Ec-Fail
X-Pad
X-Ec-GeoHdr
X-User
X-Urbn-Site-Id
X-BCube-Filmed-By
Cf-Int-Pingora-Origin-Digest
Resin-Trace
X-Urbn-Context-Path
X-APP
Locale
X-HostName
X-Release
Fastly-Drupal-HTML
X-LiteSpeed-Tag
X-Check-Cacheable
X-CSRF-TOKEN
GeoIP-Country-Code
X-BBC-Origin-Response-Status
X-ID
X-ES-SERVER
Hostname
MIME-Version
X-AK-Request-ID
X-Clara-WADP
VNS-Age
VNS-Cache
X-Amz-Meta-Cb-Modifiedtime
X-WADP-Cache
Ohc-File-Size
X-Fmm-Version
Cache-Key
EpKe-Alive
Cdncip
X-ServedByHost
X-Ha-Backend
Srv
Path
X-WA-Info
CPC-Cache
M-TraceId
X-WA
Cdnsip
ENV
Hit
CPC-Age
X-Dynatrace-Js-Agent
X-Geo
X-Via-PopV
X-Via-PopN
X-Via-PopH
X-Cdn-Forward
X-ElasticPress-Query
X-Edge-POP
My-App
Cluster
X-Edge-Cache
X-CUA
Tracecode
X-Var-Ttl
Geoip-Latitude
Lfy
X-Cms-Context
X-From
X-HS-Status
X-Wikidot-Backend
X-Wikidot-Static-Cache
Shield-Pop
X-NGINX-Cache
Pagetype
Load-Balancing
X-Api-Version
X-PJAX-URL
X-Akamai-Pragma-Client-IP
X-CCDN-CacheTTL
T-Server
X-CCDN-Origin-Time
MD5-Digest
URI
X-Ucs
X-Hcs-Proxy-Type
X-Via-Ucdn
X-ServerName
Server-Hostname
IsBot
X-GoCache-CacheStatus
Server-Ext
X-Mcache
Cf-Ipcountry
X-SIPLIST1
X-VG-WebServer
Servername
Lang
X-UP
X-Fastly-Cache-Hits
X-Fastly-Backend-Reqs
X-Nc
X-Fragments
X-RAMCache
Sever-Int
X-Dw-Trace-Id
X-TRACE-ID
WZWS-RAY
Ohc-Cache-HIT
X-RateLimit-Reset
Cdn
X-VC
X-Cache-Expires
X-Lb-Id
Target-Params
X-Cdn-Request-ID
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
Cneonction
X-B3-ParentSpanId
W
X-Swift-Error
X-Akamai-Request-ID
X-Apw-Access-Action
X-Provided-By
X-Platform-Processor
X-Acquia-Site
X-Newrelic-App-Data
X-Yottaa-OS
X-Platform-Cluster
X-Snapshot-Date
X-Platform-Router
X-Acquia-Purge-Tags
X-Contensis-Viewer-Groups
X-Cache-ASPX
X-Apw-Access-Token
CF-Cached-On
X-Apw-Hits
Vha6-Origin
X-Acquia-Application-Trace
Cteonnt-Length
HitType
X-Apw-Access-Object
X-Acquia-Application-UUID
PICS-Label
Uri
Dnion-Transfer-Encoding
DataCenter
Sid
X-Cache-Ngx
X-Air-Pt
X-Akamai-ERRuleID
X-Akamai-ERPolicy
Server-Ttl
X-Last-Modified
GeoIP-Latitude
X-Http-Count
X-Te-Count
X-Te-Duration-Ms
X-Http-Duration-Ms
X-Miniprofiler-Ids
X-Varnish-Authentication
X-Cc-Via
X-Lb-Nocache
X-B3-Parentspanid
X-Via-CDN
X-Logging-Id
X-CacheKey
X-Sentry-ID
CountryCode
Req-ID
X-UA
Ngx