Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-RAY
CF-Cache-Status
Accept-Ranges
Link
Pragma
ETag
X-XSS-Protection
Expect-CT
X-Powered-By
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
Alt-Svc
X-Served-By
X-Timer
X-Download-Options
Access-Control-Allow-Headers
X-Varnish
X-Xss-Protection
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
X-Adblock-Key
X-Request-ID
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Check
X-Cache-Status
X-Generator
X-DNS-Prefetch-Control
X-Cacheable
Timing-Allow-Origin
P3p
X-Content-Security-Policy
X-FRAME-OPTIONS
X-Iinfo
Status
Content-Encoding
Feature-Policy
X-AspNetMvc-Version
X-CDN
Access-Control-Expose-Headers
Upgrade
X-Envoy-Upstream-Service-Time
X-Drupal-Dynamic-Cache
Access-Control-Max-Age
X-Via
Keep-Alive
X-Dns-Prefetch-Control
X-Robots-Tag
Server-Timing
Request-Context
X-Server
X-Ws-Request-Id
X-AH-Environment
X-Ua-Compatible
X-Age
X-Hacker
X-Turbo-Charged-By
X-Proxy-Cache
X-Server-Powered-By
X-Cache-Group
X-Backend
Host-Header
EagleId
X-Nginx-Cache-Status
X-Amz-Request-Id
X-Amz-Id-2
Report-To
X-Rq
X-LiteSpeed-Cache
X-Varnish-Cache
Grace
X-Page-Speed
X-UA-Device
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-Device
X-Pingback
EagleEye-TraceId
X-Vhost
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
Cf-Railgun
X-Server-Id
X-Amz-Version-Id
X-OneAgent-JS-Injection
X-Host
X-Dispatcher
NEL
X-CST
X-Node
Allow
Surrogate-Control
X-Cache-Spec
Request-Id
X-Backend-Server
X-WebKit-CSP
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Response-Time
X-Akam-SW-Version
X-Readtime
Xkey
Accept-CH
X-HW
X-Country
Accept-Ch-Lifetime
X-Ac
Content-Location
X-Application-Context
X-Language
X-Webkit-CSP
Rating
X-Template
MS-Author-Via
X-Ruxit-JS-Agent
X-Url
X-Cloud-Trace-Context
X-Cache-Lookup
X-Mod-Pagespeed
X-B3-TraceId
Edge-Control
X-PC
X-TtlSet
X-Vname
Accept-Ch
X-Clacks-Overhead
X-ESI
X-MS-InvokeApp
X-Trace
X-Varnish-TTL
X-GitHub-Request-Id
X-Content-Type
Fastly-Restarts
X-ASPNET-VERSION
X-Cnection
X-Origin-Cache
X-Rack-Cache
X-D2id
X-Kinja-Server
X-Use-Magma
Arr-Disable-Session-Affinity
X-Kinja-Revision
X-Kinja-Build
X-Exp-Variant
X-GoogleNews-Bot
X-Kinja
X-Exp-Id
X-Cdn-Fetch
Verso
X-Country-Code
X-VARITI-CCR
X-Goog-Hash
Accept-CH-Lifetime
X-Cached
X-Server-Name
X-Vcap-Request-Id
X-Powered-By-Plesk
X-FastCGI-Cache
X-Navigation-Version
Cache-Tag
X-Client-IP
X-Amz-Rid
X-Abt-Application-Version
Service-Worker-Allowed
X-Fastly-Request-ID
X-Buckets
Display
X-Middleton-Display
Response
X-Middleton-Response
X-Sol
Pagespeed
X-ORACLE-DMS-ECID
X-Ttl
RTSS
Access-Control-Request-Method
X-Element-Page-Cache
X-Cache-TTL
X-MSEdge-Ref
X-Powered-CMS
X-NF-Request-ID
X-Dw-Request-Base-Id
Public-Key-Pins
X-Upstream
X-Version
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Edge
S
X-Kinsta-Cache
X-LLID
Mrf-Cache-Status
MRF-Tech
X-B3-TraceId-Primal
X-Ruxit-Js-Agent
X-Oneagent-Js-Injection
SPRequestDuration
SPIisLatency
Realpath
X-Accel-Expires
SPRequestGuid
X-SharePointHealthScore
X-Px
X-T
X-Jurisdiction
X-HP-Webp
X-TTL
X-MCACHE
X-Mid
X-Correlation-Id
X-Forwarded-Proto
X-PressLabs-Stats
X-Edge-Location-Klb
X-Release
X-Mg-S
X-ECACHE
Charset
X-Litespeed-Cache
X-Content-Security-Policy-Report-Only
X-Recruiting
X-Shield-Request-Id
TP-L2-Cache
Edge-Cache-Tag
TP-Cache
X-Ezoic-Cdn
X-Pinterest-Rid
Pinterest-Version
Pinterest-Generated-By
Fastcgi-Cache
X-DynaTrace
X-Amz-Server-Side-Encryption
X-Id
X-ORACLE-DMS-RID
X-Content-Digest
X-Kraken-Routeconfig-Destination
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
X-Instrumentation
X-Request-Processing-Time
Filters
X-Request-Received
Cache-Tags
Server-Node
Content-MD5
Alternate-Protocol
X-Logged-In
Front-End-Https
Nginx-Cache
X-Forwarded-For
Server-Name
X-WebKit-CSP-Report-Only
X-Cache-Key
X-Origin-Upstream-Status
X-Amzn-Trace-Id
Fusion-Component-Id
Fusion-Template-Id
Fusion-Content-Id
Fusion-Content-Source
Fusion-Source
Fusion-Deployment-Id
TCN
X-Origin-Server
Ar-Sid
AR-Request-ID
AR-CACHE
AR-PoweredBy
AR-ATIME
X-Grace
X-XRDS-LOCATION
X-Contextid
X-Amz-Replication-Status
X-Geo-Country
X-Rid
X-F-Cache
X-AppVersion
X-Activity-Id
Host
X-Az
X-Server-ID
X-Goog-Stored-Content-Length
X-HS-Content-Id
X-Goog-Storage-Class
X-HS-Cache-Config
X-GUploader-UploadID
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Generation
X-HS-Hub-Id
X-HS-Combine-CSS
Cleartype
X-Hostname
X-Www-Served-By
X-Protected-By
X-Frontend
X-Fastcgi-Cache
X-RateLimit-Remaining
Section-Io-Cache
X-XRDS-Location
X-LB-Cache
X-Debug-Info
X-Ser
MicrosoftSharePointTeamServices
X-Erf-Bev-Bev-Is-Generated
X-Browser-Type
X-Erf-Bev-Bev
X-Aspnetmvc-Version
X-Request-Handler-Origin-Region
X-Tec-Api-Root
X-Tec-Api-Origin
X-Tec-Api-Version
X-Microsite
X-Page-Id
X-Git-Hash
X-Cache-Age
Accept-Charset
X-Varnish-Age
X-Respond-Thread
X-Source
X-Hits
X-Upgrade-Enabled
Nel
ServerID
X-DIS-Request-ID
X-Mobile-URL
Paypal-Debug-Id
X-VCache
X-Varnish-Backend
X-Content-Options
X-NWS-LOG-UUID
X-Signature
X-Varnish-Grace
X-B-Cache
X-CACHE-GROUP
X-Request-Guid
X-Providence-Cookie
X-Is-Crawler
X-Route-Name
X-Aspnet-Duration-Ms
X-Flags
X-FB-Debug
Payment
X-Whom
Healthy
Access-Control-Allow-Method
X-Kong-Upstream-Latency
X-N
X-B3-Sampled
X-Kong-Proxy-Latency
X-TT
X-Cache-Action
X-App-Environment
Viewport
X-Seen-By
Node
X-AOL-HN
X-Type
X-Daa-Tunnel
X-Load-Cache
Fastcgi-Useragent
Version
MS-CV
DC
X-Mobile
X-Webkit-Csp
X-Cache-Expired-At
Filterid
X-Ua-Device
X-IPLB-Instance
X-Distributor
X-HTML-Minification-Powered-By
DynaTrace
X-Yandex-Sdch-Disable
X-Cache-Control
SRV
Retry-After
X-Ab
X-FireWall-Port
X-Original-Request-Id
X-Response-Served-From
X-Debug
X-Instance
X-Real-IP
X-RemovedCookies
X-Tumblr-Pixel-1
X-Tt-Trace-Tag
X-Jobs
X-Tumblr-Pixel-0
X-Accel-Buffering
X-Tt-Trace-Host
X-Proxy-Cache-Status
X-Tumblr-User
Refresh
X-Varnish-Server
X-UUID
X-ProcessESI
X-Tumblr-Pixel
NGB
Ms-Operation-Id
X-RTag
X-Device-Type
X-Page-View
X-Proxy
X-Content-Powered-By
X-IPS-LoggedIn
X-Region
Cache
X-Debug-IsConnected
X-Cacheable-TTL
X-Debug-IsPreview
X-Framework
Access-Control-Request-Headers
Frame-Options
X-Cache-Time
X-Cluster-Name
X-B
Uber-Trace-Id
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Adobe-Content
X-Adobe-Loc
X-G
X-User-Agent
X-Wix-Request-Id
X-FW-Type
X-FW-Static
X-FW-Server
X-FW-Serve
X-Zen-Fury
X-FW-Hash
X-FW-Dynamic
Countrycode
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
Section-Io-Origin-Status
Section-Io-Id
X-Cache-Hit
Surrogate-Key
Cache-Status
X-Vgn-Hpd-Reason
X-Nginx-Cache
X-Time
X-App-Version
Eomportal-Instance
X-Drupal-Cache-Tags
X-NGENIX-Cache
Country
X-EdgeConnect-Cache-Status
X-Azure-Ref
X-Rendered-As
X-RateLimit-Limit
X-Is-Bot
X-App-Server
X-TA-CDN-Provider
X-Mg-Request-UUID
S-Cnection
X-Oracle-Dms-Rid
X-Ms-Request-Id
X-Ms-Version
X-Drupal-Cache-Contexts
CF-IPCountry
X-Rule
X-CDN-Forward
X-Cache-Rule
Referer-Policy
AMP-Access-Control-Allow-Source-Origin
Liferay-Portal
X-JoinUs
X-UPSTREAM-Address
From-Origin
X-RN-RSRV
Meta-Geo
X-SaId
X-Tumblr-Pixel-2
Selected-Fe
SD-X-WS
X-Timing-Wait
X-Varnishpool
X-Proxy-Build
X-ES-SERVER
X-Cache-Server
X-Alternate-Cache-Key
X-Handled-By
X-Cached-By
X-Backend-Host
X-Endurance-Cache-Level
X-Cache-TTL-Remaining
X-Via-Fastly
X-Loop
X-Storefront-Renderer-Rendered
X-Sorting-Hat-ShopId
ServedBy
X-Xfnlog-Site
Country-Code
X-Yottaa-Optimizations
X-Yottaa-Metrics
Protected
X-Sorting-Hat-PodId
X-TNCMS
X-Node-Name
X-Shopify-Stage
X-PHP-Backend
X-Pubstack
X-R9-Blue-Green-Version
X-ShopId
X-ShardId
X-No-Session
Decoy-Debug-Status
TWC-GeoIP-LatLong
TWC-GeoIP-Country
TWC-Locale-Group
Decoy-Debug-Key
Property-Id
TWC-Device-Class
TWC-Connection-Speed
TWC-Privacy
Fastly-SSL
Decoy-Debug-TTL
X-Say-Cacheable
X-Varnish-Hostname
X-S-Maxage
X-VWS-Id
Cache-Tv-Group
X-Server-W
X-Request-Time
X-Human
Azure-SiteName
Azure-RegionName
Azure-InstanceId
Azure-SlotName
Azure-Version
X-SayCDN-TTL
X-Say-TTL
X-Be
X-LAGOON
X-AWS-Id
Webcakes-Region
Webcakes-App-Version
X-LJ-Flow-ID
X-NYM-Debug-Backend
X-Proto
X-PCL
X-Origin-Hint
X-OCL
Webcakes-App-Name
X-Cache-PHP
X-Environment-Context
X-L-Path
Akamai-GRN
Cache-Name
X-Status
X-PHP-Host
X-RCS-CacheZone
X-Backend-Name
X-ProxyCache-Key
X-Cache-Operation
X-BYPASS-REASON
X-Origin-Date
X-Sql-Duration-Ms
X-ProxyCache-Status
X-Format
X-Labrador-Cache-Channel
X-Section
X-Redis-Cache
Apigw-Requestid
X-Hyper-Cache
X-Hl-Ver
X-Sql-Count
X-Access
X-UA-Device-Type
X-Uri
X-FB-TRIP-ID
X-Hosted-By
X-ApacheServer
X-Dc
X-PERF
X-Varnish-Beresp-Grace
Mn-Server-Ip
X-Adobe-Source
X-GG-Cache-Date
X-Akamai-Edgescape
X-Web-Node
Xserver
X-Trace-Id
X-WA-Info
X-Content-Age
X-MP-GENERATED-AT
Amp-Access-Control-Allow-Source-Origin
X-ATG-Version
X-FW-Version
X-B3-SpanId
X-Revision
X-Cache-Enabled
X-Soup
X-Edge-Location
X-Mode
X-ServerID
Backend
X-Time-Microsecs
X-Tumblr-Pixel-3
X-CSRF-Token
X-Cache-Type
X-Info
X-CACHE-KEY
Who
X-SRV
X-Bc-Bl
X-APP-VERSION
X-Microcachable
X-Varnish-Beresp-Status
X-Cache-NGX
X-Akamai-Transformed
X-Detected-As
X-CS
X-Debug-Cache
X-Platform
X-Azure-Ref-OriginShield
X-Zipkin-Id
X-Datadome
X-Routing-Service
X-Proxied
X-Storage
X-Aws-Lambda-Call-Status
Web-Mar-Node
X-Cache-Host
X-Varnish-Cache-Hits
DataCenter
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Amzn-Remapped-Content-Length
X-Generation-Time
X-TT-LOGID
X-Via-JSL
X-DataDome
OT-Force-Account-Verify
X-Cluster-Node
Server-Info
X-Unique-ID
X-Extlb
X-Varnish-Hits
X-B3-Traceid
X-Locale
Cross-Origin-Opener-Policy
GEO-INFO
X-Parallel-Accel
X-Origin-TTL
X-Site-Version
X-Origin-CC
Count-Hit
X-Destination
X-Air-Hostname
X-Air-Trace-Id
X-Air-Source
X-Developer
X-D
X-A-Wwc
CDN-EdgeStorageId
CDN-PullZone
X-From
CDN-RequestCountryCode
CDN-CachedAt
Meta-Geo-Continent
CDN-Cache
X-External-Request-Id
CDCHOST
X-CF-Lambda-Version
X-Application
X-BCube-Filmed-By
X-Bip
Host-ID
A
X-B-Cookie
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Apple-News-Services-Handled
X-ARC
X-Cache-Bucket
BehaviorPad-Version
MD5-Digest
X-Connection-Hash
User-Cache-Control
X-Core-Value
X-Cms-Context
X-Aed
M-TraceId
X-Cache-NE
X-CF-Lambda-Fn
CDN-RequestId
X-Magnolia-Registration
X-Generated-On
X-Ratelimit-Reset
X-Proxy-Upstream
DCR-Decision-By
Apple-News-Services-Request-Url
X-SRCache-Key
X-Processor
X-PBS-Appsvrname
Mobile-Detection-Method
T-Server
X-Thanos
X-PAYTM-SRV-ID
X-Sucuri-ID
X-Session-Fingerprint
DCR-Processing-Time-Ms
X-ScT
X-Rewrite-Enabled
X-Rojux
Expiry
X-S
Fastcgi-X-Cache-Version
Geo-Info
X-Request-URI
Rendered-Blocks
X-Service
X-EC-Lua
X-Ratelimit-Limit
X-NAPM-TraceId
Surrogated-Key
X-Vdms-Path
Fastly-Backend-Name
X-A-Dcw
X-A-Dam
X-AIR-PT
CDN-Uid
X-VG-WebServer
X-A-Dgt
Odigeo-Trace-Id
X-Vdms-Version
X-A-Ccd
X-A
X-Varnish-Url
Content-Disposition
X-Geo-Header
X-Vtex-Remote-Cache
X-Vtex-Processado-Em
X-VG-WebCache
X-Level-Front-Cache
X-Location
X-S-Cookie
X-Varnish-Beresp-Ttl
X-Pass-Why
X-Tb
X-Aicache-OS
X-Accel-Expires-Debug
UCS
Path
Pagetype
Server-Host
Pics-Label
Memcached
PFcat
X-JWT-State
X-Request-Host
X-Request-UUID
X-Scheme
X-Served-From
X-Req
X-Rebelmouse-Surrogate-Control
X-Origin
X-Platform-Server
X-Rebelmouse-Cache-Control
X-TrackingId
X-Var-Ttl
Req-Svc-Chain
State
X-Epic-Correlation-Id
My-App
Cache-Host
X-VarnishDD-TTL
X-VG-TLSProxy
X-WADP-Cache
X-NU-AKA-ACS-Version
X-Micro-Cache
X-Developers
X-Envoy-Decorator-Operation
X-Fastly-Cache
X-Fmm-Version
X-Date
X-Clientip
X-Cache-Debug
X-Cache-Info
X-Clara-WADP
X-Forwarded-Site
X-Gamma-Serve
X-Is-Gdpr
Location
X-Men
X-HN
X-Hash
X-Generated-By
X-GoCache-CacheStatus
X-Has-Esi
X-Backend-State
X-Branch-Name
Cmstype
Esi-Enabled
Fastly-SIE
Fastly-SWR
Cmsid
CacheControlHeader
X-Cluster
X-Varnish-Ttl
X-Amz-Meta-S3cmd-Attrs
AKAMAI
Gh-Request-Id
Ec-Rule-Version
Upgrade-Insecure-Requests
X-Servername
C-Via
Fastly-Drupal-HTML
Kp-EeAlive
Arc-Version
Fastcgi-Cache-TTL
Adler-Geo
We-Hiring
Arc-Country
L
Cache-Key
X-SVT-ORM-RULES
HA-Ipaddr
Wxu-Next-Hostname
Origin
Cf-Device-Type
X-Wikidot-Static-Cache
X-TX-ID
Wxu-Next-Commit
X-Block-Status
X-Thinkindot-L3
X-Esi-Check
X-Eu-Site
X-VC-Cache
X-Csrf-Jwt
X-Variation
X-Device-Os
X-DPWN-IS-SECURE
X-Fastly-Backend
X-CGP
X-Cache-Grace
X-Policy
X-Slack-Backend
X-Cache-Id
X-SVT-ORM-VERSION
X-Mvc-Supplant-Cachable
X-Cache-Tags
X-Viewer-Country
X-Wikidot-Backend
Wxu-Next-Region
X-Generated-In
X-Origin-Expires
Mail-Subject
X-Gen-Mode
Svr
TDXMobile
X-Sigma-Backend
X-Hnp-Log
PB-PID
L5d-Success-Class
Platform
DSUID
X-Minions-Version
PB-RID
X-Gzip
X-RateLimit-Remaining-Second
Thinkindot-CacheControl
Ha-Gx-Prefs
NM-Fastcgi-Cache
NGX
X-RateLimit-Limit-Second
X-Irp-Debug
Vix-Hermes-Req-Id
Is-Eu
X-Owner
X-Rocket-Build-Number
X-HS-Content-Campaign-Id
Thinkindot-CacheControl-Type
True-Client-Country-4JS
Thinkindot-Control
X-Sigma
Source
Webserver
X-NWS-UUID-VERIFY
X-SIPLIST1
X-Varnish-CookieHashed-On
X-LI-UUID
X-User
X-Skip-Cache
X-Qloud-Router
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Forwarded-Host
X-Fetched-On
X-Li-Fabric
X-GeoIP-City
IsBot
X-Li-Pop
X-GeoIP
X-FC-Vary-Parameters
X-VServer
X-Varnish-CookieINHashed-On
V-Age
VNS-Age
VNS-Cache
X-Nginx-Cache-Key
Locid
CPC-Age
X-Old-Content-Length
Server-Ext
Release
CPC-Cache
Server-Hostname
Sever-Int
X-PF-Uncompressing
X-Loc
X-Via-NSCOPI
X-DefElseHash
X-Varnish-Remaining-TTL
X-Planisys-CDN-Cache
X-DefHash
Tcn
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
NtCoent-Length
X-Mvc-Supplant-OutputCached
Url
X-TraceId
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Unique-Id
X-CLOUD-TRACE-CONTEXT
XServer
SID
X-Tenant
X-Shop-Environment
X-OVcl-Cache
S-Rt
X-Ua
X-Orig-Expires
X-OVcl
Cache-Hits
X-PJAX-URL
Powered-By-ChinaCache
X-Forwarded-Path
X-Vc
X-Via-Popn
MIME-Version
X-Cache-Ttl
Cf-Bgj
DB-Nickname
X-Refresh
Cross-Origin-Window-Policy
X-Via-Popv
X-Ratelimit-Remaining
X-Via-Poph
X-Zone
X-Backend-TTL
X-Ftr-Request-Id
X-NC
Magicmarker
X-ID
X-TIME
X-Conf
X-Srv
Content-Secure-Policy
X-Internal-Host
X-Geo
Geoip-Latitude
Memory
Time
GeoIp-Country-Code
X-GEO
WebServer
X-BBC-Edge-Cache-Status
X-ZONE
X-Dispatcher-Server
X-Method
X-LB-ID
X-NCache
X-HP-Trace-Id
X-Servedbyhost
X-Ckpd-Fst-Backend
X-Worker
HostName
Server-ID
Hostname
X-IP
X-Auto-Login
X-LSADC-Cache
Ssr
X-V-Cache
X-Newrelic-Synthetics
X-NewRelic-App-Data
X-Qnm-Cache
LB
X-M-Log
X-Li-Proto
X-M-Reqid
X-Render-Time
X-Rocket-Nginx-Serving-Static
X-Tx-Id
X-Trv-Group
X-Platform-Processor
X-DC
X-Wa
X-Platform-Cluster
X-Platform-Router
X-Tb-Optimization-Total-Bytes-Saved
X-Nc
X-Vcl-Version
X-SD-PageType
X-App
Resin-Trace
X-Node-Id
X-Cache-Remote
X-Traceid
Ohc-File-Size
X-HITS
Sid
Environment
X-Datadog-Parent-Id
X-CACHE-AGE
X-VCL-Version
X-Via-CDN
X-Origin-Response-Time
Env
X-MSEdge-Features
X-APP
X-MSEdge-Flight
X-Datadog-Sampling-Priority
X-Dynatrace
X-Datadog-Trace-Id
X-VHOST
X-Varnish-Beresp-TTL
X-BBC-Origin-Response-Status
X-Cache-Config
X-HostName
X-Origin-Time
X-Nyt-Route
X-FTR-Request-ID
X-Reqid
X-Gdpr
X-NodeID
X-Via-Ucdn
X-API-Version
X-ServerName
X-WA
X-Server-IP
X-Pod-Name
X-Edge-Pop
Cluster
CF-Cached-On
X-Correlation-ID
X-DynaTrace-JS-Agent
Datacenter
X-Wix-Viewer-Type
VivaBuild
Rt-Fastcgi-Cache
X-ND-Cache
Viewtype
Cf-Ipcountry
Candidate-Md5Url
X-ElasticPress-Query
X-Cdn-Forward
X-LI-Proto
Web-Mar-Region
Machine
X-HS-Status
X-Cs
X-Dynatrace-Js-Agent
CDN
X-Akamai-Pragma-Client-IP
Server-Id
N-Cache
X-Cache-Var-Map
X-Cache-Var
X-ServedByHost
FSS-Cache
On-Server
Proxy-Connection
X-Lb-Id
X-NGINX-Cache
X-CSRF-TOKEN
X-FTR-Backend
WZWS-RAY
GeoIP-Latitude
GeoIP-Country-Code
X-Oss-Server-Time
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
Servername
Xc-Version
X-Check-Cacheable
X-Swa-Ws
X-FTR-Balancer
X-CCM
X-Oss-Storage-Class
X-Oss-Request-Id
X-FTR-Cache-Status
X-Via-PopN
X-Via-PopV
X-Country-Code-Real
X-Via-PopH
X-URL
X-FTR-DC
X-FTR-Realm
X-FTR-Backend-Server
Ohc-Cache-HIT
X-Xrds-Location
X-Esi
X-VC
Cdn
X-Fastly-Backend-Reqs
X-Cache-Backend
Tracecode
X-Fastly-Request-Id
X-EIG-Tracking-Id
X-Varnish-Cacheable
Onion-Location
WWW-Authenticate
X-IN-APIGATEWAYSSL
X-IN-APIGATEWAY
X-Pjax-Url
X-ECache
Mime-Version
X-CUA
Cteonnt-Length
X-SN
X-Swift-Error
URI
CountryCode
X-Webkit-CSP-Report-Only
X-FORWARDED-FOR
CACHE
X-Varnish-Authentication
X-Tt-Logid
X-Air-Pt
X-Cache-ASPX
X-FTR-Expires
X-Contensis-Viewer-Groups
X-Region-Sid
Instruction
SR-User-Adfree
X-Depends-On
X-Action
X-RPS
X-RPM
X-Fastly-Cache-Hits
Ohc-Response-Time
X-DW
X-DSS
X-UnsetCookies
X-DI
X-DB
Shield-Pop
X-Tid
X-StackifyID
X-RSL
X-Dw-Trace-Id
X-Yottaa-OS
X-Pf-Uncompressing
Server-Ttl
X-TIM-N
Redirect-Candidate
X-Request-Start
Warning
X-Webstats-RespID
WP-Super-Cache
X-Snapshot-Date
X-Fpc
X-ElasticPress-Search
X-SB
X-LiteSpeed-Cache-Control
X-Provided-By
ServerName
Xet-Cookie
X-FPC
Vha6-Origin
X-CCDN-CacheTTL
CloudFront-Viewer-Country
X-Acquia-Application-Trace
X-Cache-Expires
W
Content-Script-Type
X-Acquia-Application-UUID
X-Acquia-Purge-Tags
X-Matched-Rule
X-Core-Mission
Lfy
X-Acquia-Site
Content-Style-Type
X-Apw-Access-Action
X-Mg-Request-Id
X-C
X-TH-Server
X-MiniProfiler-Ids
X-Hcs-Proxy-Type
X-CCDN-Origin-Time
X-Apw-Access-Object
X-Apw-Access-Token
X-Apw-Hits
X-Cache-Status-Check
X-Pad