Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Pragma
X-Powered-By
ETag
Link
Expect-CT
X-XSS-Protection
Via
CF-RAY
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
P3P
X-Cache-Hits
Alt-Svc
X-Served-By
CF-Ray
X-Xss-Protection
X-Timer
X-Varnish
X-Download-Options
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Check
X-Request-ID
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-Generator
X-Cacheable
X-Kinja-Server-Push
Timing-Allow-Origin
P3p
X-DNS-Prefetch-Control
X-Iinfo
X-Content-Security-Policy
Status
X-AspNetMvc-Version
Content-Encoding
Upgrade
X-CDN
X-Drupal-Dynamic-Cache
Access-Control-Max-Age
X-Envoy-Upstream-Service-Time
Access-Control-Expose-Headers
Keep-Alive
X-Template
X-Via
X-Dns-Prefetch-Control
X-Language
X-Ws-Request-Id
Feature-Policy
X-Age
X-Backend
X-Cache-Group
X-Hacker
X-Server
X-Amz-Request-Id
X-Robots-Tag
X-Amz-Id-2
X-AH-Environment
X-UA-Device
EagleId
X-Proxy-Cache
Request-Context
X-Turbo-Charged-By
X-Server-Powered-By
Server-Timing
X-Nginx-Cache-Status
Host-Header
Grace
X-Buckets
Report-To
Xkey
X-Page-Speed
X-Rq
X-OneAgent-JS-Injection
X-Varnish-Cache
X-Pingback
X-LiteSpeed-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
Cf-Railgun
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Vhost
X-Amz-Version-Id
Cf-Bgj
X-WebKit-CSP
X-Host
X-Dispatcher
X-Backend-Server
X-Device
NEL
X-Node
Surrogate-Control
X-Ruxit-JS-Agent
X-Cache-Lookup
X-Server-Id
Content-Location
X-Response-Time
Request-Id
X-Origin-Cache
X-Akam-SW-Version
Accept-CH-Lifetime
X-Ac
X-ASPNET-VERSION
EagleEye-TraceId
X-Country
Accept-CH
X-HW
X-Mod-Pagespeed
Rating
X-Readtime
X-Cloud-Trace-Context
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-Application-Context
Pinterest-Generated-By
Edge-Control
Allow
X-Country-Code
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Vname
X-TtlSet
X-PC
X-DataDome
X-Url
X-Varnish-TTL
X-Cnection
X-Origin-Upstream-Status
X-MS-InvokeApp
X-GitHub-Request-Id
Fusion-Deployment-Id
Fusion-Content-Source
Fusion-Component-Id
Fusion-Source
Fusion-Content-Id
X-Content-Type
Fusion-Template-Id
X-D2id
X-Clacks-Overhead
X-Trace
X-ESI
X-Abt-Application-Version
X-Server-Name
Response
Pinterest-Version
X-Pinterest-Rid
Display
X-Sol
Pagespeed
X-Middleton-Response
X-Middleton-Display
X-Vcap-Request-Id
X-Px
X-Navigation-Version
X-FTR-Request-ID
X-Rack-Cache
Verso
X-B3-TraceId
X-DynaTrace
X-Cached
Service-Worker-Allowed
X-Webkit-CSP
MS-Author-Via
X-Element-Page-Cache
X-Fastly-Request-ID
X-Client-IP
Arr-Disable-Session-Affinity
X-Cache-TTL
X-Dw-Request-Base-Id
X-TTL
X-Powered-By-Plesk
Content-MD5
X-Upstream
X-Version
AR-PoweredBy
AR-CACHE
AR-ATIME
AR-Request-ID
X-SharePointHealthScore
SPRequestGuid
X-Forwarded-Proto
X-FastCGI-Cache
Ar-Sid
Fastly-Restarts
X-NF-Request-ID
X-Debug
X-CST
X-VARITI-CCR
X-Kinja
X-GoogleNews-Bot
X-Kinja-Build
X-Kinja-Revision
Accept-Ch
X-Kinja-Server
X-Exp-Variant
X-Exp-Id
X-Cdn-Fetch
X-Use-Magma
X-T
X-Goog-Hash
X-Jurisdiction
Access-Control-Request-Method
X-XRDS-Location
X-Powered-CMS
X-MSEdge-Ref
TP-L2-Cache
TP-Cache
X-Release
X-Content-Digest
X-Edge
S
SPIisLatency
SPRequestDuration
X-Amz-Rid
TCN
X-Ttl
X-Pinterest-Direct
RTSS
X-NWS-LOG-UUID
Cache-Tag
X-Server-ID
X-PressLabs-Stats
Public-Key-Pins
X-Ezoic-Cdn
X-Node-Name
Fastcgi-Cache
X-Yandex-Sdch-Disable
X-Request-Received
X-Request-Processing-Time
X-Cache-Key
X-MCACHE
X-Mid
Server-Node
X-Accel-Expires
Front-End-Https
X-Amzn-Trace-Id
X-Logged-In
X-Ratelimit-Remaining
X-Ser
X-Kinsta-Cache
X-Recruiting
X-Request-Handler-Origin-Region
X-Cache-Hit
X-Microsite
ServerID
X-Origin-Server
X-Page-Id
Accept-Charset
Mrf-Cache-Status
X-B3-TraceId-Primal
MRF-Tech
X-SRCache-Fetch-Status
X-SRCache-Store-Status
Host
X-Mg-S
Alternate-Protocol
X-B
Accept-Ch-Lifetime
X-Varnish-Age
X-Content-Security-Policy-Report-Only
X-ECACHE
X-Grace
X-Shield-Request-Id
X-Mobile-URL
X-Forwarded-For
X-Hostname
X-DIS-Request-ID
X-Amz-Server-Side-Encryption
Nginx-Cache
X-Ratelimit-Limit
Edge-Cache-Tag
Filterid
X-FTR-DC
X-FTR-Cache-Status
X-Country-Code-Real
X-FTR-Backend
X-FTR-Balancer
X-FTR-Realm
X-FTR-Backend-Server
X-FTR-Expires
X-FireWall-Port
X-HP-Webp
Realpath
X-Seen-By
X-Content-Options
X-Load-Cache
X-Hits
X-Git-Hash
X-LB-Cache
X-F-Cache
X-Az
X-AppVersion
X-Activity-Id
X-Jobs
X-N
X-Request-Guid
X-App-Environment
X-Type
MicrosoftSharePointTeamServices
X-Varnish-Backend
Paypal-Debug-Id
X-Rid
X-Varnish-Grace
Fastcgi-Useragent
X-Daa-Tunnel
Cache-Tags
X-Zen-Fury
X-WebKit-CSP-Report-Only
X-Id
DynaTrace
X-Proxy
X-TEC-API-ORIGIN
X-Upgrade-Enabled
Cleartype
X-TEC-API-VERSION
X-TEC-API-ROOT
Access-Control-Allow-Method
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Cached-By
X-FB-Debug
X-App-Server
X-Akamai-Edgescape
X-Cache-Age
Powered-By-ChinaCache
X-Amz-Meta-S3cmd-Attrs
DC
X-Geo-Country
X-Cache-Rule
X-Cache-Operation
X-Correlation-ID
Content-Disposition
X-Content-Powered-By
X-Host-Name
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-Goog-Stored-Content-Encoding
X-HS-Cache-Config
X-Goog-Metageneration
X-Goog-Storage-Class
X-Goog-Generation
X-Respond-Thread
X-HS-Hub-Id
X-HS-Content-Id
X-User-Agent
X-HS-Combine-CSS
X-IPLB-Instance
X-B3-Sampled
X-Original-Request-Id
X-Response-Served-From
X-Accel-Buffering
X-AOL-HN
X-B-Cache
X-Signature
X-Wix-Request-Id
X-Debug-Info
X-Whom
MS-CV
Healthy
X-Region
Akamai-Age-Ms
AMP-Access-Control-Allow-Source-Origin
X-HTML-Minification-Powered-By
Payment
X-FW-Static
X-Is-Bot
X-FW-Type
X-FW-Server
X-FW-Dynamic
X-Rendered-As
X-Distributor
X-FW-Hash
X-FW-Serve
X-Cacheable-TTL
X-UUID
X-VCache
X-Rule
X-Ua
X-Frontend
X-Cache-Time
X-Instance
X-Endurance-Cache-Level
X-Mobile
Refresh
Datacenter
NGB
X-Tumblr-Pixel-1
X-Tumblr-User
X-Tumblr-Pixel-0
X-Tumblr-Pixel-2
X-Tumblr-Pixel
X-Amzn-RequestId
X-Amz-Apigw-Id
Surrogate-Key
X-Via-JSL
Countrycode
X-XRDS-LOCATION
X-Acc-Debug-Context
X-Protected-By
S-Cnection
Nel
X-App-Version
Arc-Version
Liferay-Portal
PB-PID
Viewport
PB-RID
Filters
X-Varnish-Server
Charset
X-Backend-Name
X-Ah-Environment
X-Hyper-Cache
X-Tec-Api-Origin
X-Oneagent-Js-Injection
X-Tec-Api-Root
X-Tec-Api-Version
X-PHP-Backend
X-Cache-Expired-At
X-Cache-Server
X-Azure-Ref
Retry-After
Section-Io-Cache
X-NewRelic-App-Data
X-Amz-Replication-Status
X-Fastcgi-Cache
X-Cache-Action
X-Litespeed-Cache
Referer-Policy
X-Source
X-WA-Info
X-Proxy-Cache-Status
X-DynaTrace-JS-Agent
X-Sucuri-ID
X-EdgeConnect-Cache-Status
X-Cache-Control
GEO-INFO
Version
Eomportal-Instance
Powered
X-RemovedCookies
X-ProcessESI
X-Framework
X-Real-IP
X-L-Path
X-Environment-Context
X-Yottaa-Optimizations
X-Cache-Var
X-RN-RSRV
X-Yottaa-Metrics
X-ES-SERVER
Meta-Geo
X-Cache-Var-Map
X-Unique-Id
X-RTag
X-Revision
Ms-Operation-Id
Frame-Options
X-Time
X-From
X-Air-Hostname
X-Mode
X-GeoIP
X-BYPASS-REASON
Uber-Trace-Id
X-ProxyCache-Key
X-ProxyCache-Status
X-Correlation-Id
X-Qloud-Router
X-Time-Microsecs
X-Cache-Host
X-Xfnlog-Site
X-Cache-TTL-Remaining
X-R9-Blue-Green-Version
X-TNCMS
DB-Nickname
Cache-Tv-Group
X-VWS-Id
X-Server-W
Cross-Origin-Window-Policy
X-Loop
X-Hosted-By
X-Human
Server-Name
X-FW-Version
X-Debug-Cache
X-AWS-Id
X-Cluster
X-Labrador-Cache-Channel
X-LJ-Flow-ID
Ec-Rule-Version
X-FB-TRIP-ID
X-PHP-Host
X-PCL
X-OCL
Mn-Server-Ip
X-Hp-Webp
X-Zipkin-Id
X-Status
X-Proxy-Build
TWC-GeoIP-LatLong
TWC-GeoIP-Country
TWC-Device-Class
X-Detected-As
TWC-Locale-Group
TWC-Privacy
X-Amzn-Remapped-Content-Length
Webcakes-Region
Webcakes-App-Version
Webcakes-App-Name
X-Hl-Ver
TWC-Connection-Speed
X-Proxied
X-Redis-Cache
X-Routing-Service
X-Site-Version
Property-Id
X-Origin-Hint
X-Locale
Selected-Fe
X-NYM-Debug-Backend
X-Timing-Wait
X-Handled-By
X-CSRF-Token
X-Be
X-BCube-Filmed-By
X-Access
X-Format
X-Drupal-Cache-Contexts
X-Generated-By
X-Via-Fastly
X-Section
X-Ratelimit-Reset
X-Proto
X-Device-Type
X-ServerID
Cache
FSS-Cache
X-Cache-PHP
X-Sucuri-Cache
X-SaId
X-ATG-Version
X-No-Session
X-JoinUs
X-FTR-Cache-Host
X-Contextid
X-Drupal-Cache-Tags
Webserver
From-Origin
X-Varnish-Cache-Hits
X-CDN-Forward
X-URL
X-NCache
CF-Cached-On
X-Origin
X-NWS-UUID-VERIFY
X-Adobe-Loc
OT-Force-Account-Verify
X-Adobe-Content
X-NC
X-AIR-PT
X-Oss-Server-Time
X-Oss-Hash-Crc64ecma
CACHE
X-Oss-Object-Type
X-Oss-Request-Id
X-Oss-Storage-Class
X-TA-CDN-Provider
X-GoCache-CacheStatus
Azure-SlotName
Azure-SiteName
Azure-InstanceId
X-IPS-LoggedIn
X-TT
Azure-Version
X-Tt-Trace-Tag
X-Tt-Trace-Host
Azure-RegionName
X-EIG-Tracking-Id
X-Akamai-Transformed
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Bc-Bl
X-IP
X-Cache-Enabled
X-TIME
X-EC-Lua
X-Esi
X-Adobe-Source
X-APP-VERSION
Access-Control-Request-Headers
SD-X-WS
X-ECache
X-CCM
X-Backend-Host
X-Cache-2
X-Ruxit-Js-Agent
X-Shopify-Stage
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-ShopId
X-ShardId
X-Tumblr-Pixel-3
X-Storefront-Renderer-Rendered
Upgrade-Insecure-Requests
X-Cache-Backend
X-Alternate-Cache-Key
X-Cdn
X-ApacheServer
X-Viewer-Country
X-Soup
Node
X-Pubstack
X-Backend-TTL
X-Vgn-Hpd-Cached
X-Vgn-Hpd-Variations-Key
X-Forwarded-Host
X-Cache-Grace
X-PERF
X-Vtex-Processado-Em
DCR-Processing-Time-Ms
X-Request-UUID
X-PAYTM-SRV-ID
X-A-Dgt
X-Vtex-Remote-Cache
X-Varnishpool
X-PBS-Appsvrname
X-Storage
X-Say-Cacheable
Apple-News-Services-Request-Url
X-Cluster-Name
Decoy-Debug-Status
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Cache-Status
X-G
Apple-News-Services-Handled
X-Connection-Hash
Decoy-Debug-TTL
Decoy-Debug-Key
X-Say-TTL
X-SayCDN-TTL
X-Web-Node
X-External-Request-Id
Fastly-SSL
X-D
DCR-Decision-By
Fastcgi-X-Cache-Version
X-Aed
X-Aspnet-Duration-Ms
Mobile-Detection-Method
X-RCS-CacheZone
X-Flags
X-Is-Crawler
Meta-Geo-Continent
X-Route-Name
X-Providence-Cookie
X-Cache-NE
X-VG-WebServer
X-Vdms-Version
X-Transaction
X-S
X-VG-WebCache
Rendered-Blocks
X-Application
X-Rewrite-Enabled
X-S-Cookie
X-ScT
X-Processor
X-Vdms-Path
Host-ID
X-Twitter-Response-Tags
X-B-Cookie
X-A-Ccd
X-ARC
X-A
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-Worker
Xc-Version
X-Trv-Group
X-Rojux
X-A-Dam
X-A-Dcw
Machine
X-A-Wwc
X-Destination
MD5-Digest
X-Cache-Config
X-TX-ID
X-VG-TLSProxy
X-Generation-Time
X-Fmm-Version
X-Fastly-Cache
Adler-Geo
X-Variation
X-Rebelmouse-Cache-Control
Surrogated-Key
X-DPWN-IS-SECURE
X-Envoy-Decorator-Operation
X-LAGOON
X-Rebelmouse-Surrogate-Control
X-Date
X-Accel-Expires-Debug
X-Cache-Bucket
CDN-CachedAt
CDN-Cache
X-Ms-Version
X-Servername
CDN-EdgeStorageId
CloudFront-Viewer-Country
CDN-RequestId
CDN-PullZone
X-Micro-Cache
X-Ms-Request-Id
CDN-Uid
X-WADP-Cache
Fastly-SIE
X-Clara-WADP
Is-Eu
Platform
Fastly-SWR
CDN-RequestCountryCode
Time
X-Varnish-Beresp-Ttl
X-Varnish-Beresp-Grace
X-NGENIX-Cache
Backend
X-UA
Country
X-Varnish-Beresp-Status
Wxu-Next-Hostname
Wxu-Next-Region
Fastly-Drupal-HTML
Gh-Request-Id
Country-Code
X-Auto-Login
Wxu-Next-Commit
L
X-Cache-NGX
X-Core-Mission
C-Via
X-CUA
X-Cache-Id
X-Core-Value
Origin
NM-Fastcgi-Cache
Rt-Fastcgi-Cache
X-Bip
Akamai-GRN
X-Clientip
X-Cms-Context
X-Backend-State
X-Li-Pop
X-Varnish-Cacheable
X-Li-Fabric
X-LI-UUID
X-Up
X-Wikidot-Backend
X-Varnish-Ttl
X-Policy
X-Platform
X-Method
X-Owner
X-Old-Content-Length
X-OVcl
X-UPSTREAM-Address
X-Wikidot-Static-Cache
X-Microcachable
X-Minions-Version
X-Render-Time
X-Irp-Debug
X-Fastly-Backend
X-Slack-Backend
X-SN
X-Skip-Cache
X-Esi-Check
X-Dispatcher-Server
X-Platform-Server
X-Thanos
X-Request-Start
X-Req
X-HS-Content-Campaign-Id
X-Hash
X-Webstats-RespID
X-Gzip
X-Request-Host
X-OVcl-Cache
Now
L5d-Success-Class
X-Cache-Tags
X-DefElseHash
Mail-Subject
Memcached
X-VarnishDD-TTL
Ufe-Result
We-Hiring
X-Reqid
X-Amz-Meta-Cb-Modifiedtime
X-Varnish-Remaining-TTL
X-Cache-Date
X-Varnish-CookieHashed-On
PFcat
X-Varnish-CookieINHashed-On
X-DefHash
X-Cdn-Srv
X-JWT-State
X-Is-Gdpr
X-Content-Age
CacheControlHeader
X-CS
X-Mvc-Supplant-Cachable
X-HN
X-Has-Esi
X-Eu-Site
X-Edge-Location
X-Gamma-Serve
X-Generated-On
AKAMAI
X-Csrf-Jwt
X-CGP
X-Level-Front-Cache
Fastly-Backend-Name
Ha-Gx-Prefs
Group
X-Developers
HA-Ipaddr
X-Cache-URL
X-CACHE-AGE
Pagetype
X-Wa
X-Location
X-Geo-Header
X-Proxy-Upstream
FSS-Proxy
X-Aicache-OS
X-Pinterest-Sli-Response-Type
X-Pinterest-Sli-Latency-Threshold
X-Pinterest-Sli-Endpoint-Name
X-Session-Fingerprint
X-Branch-Name
X-Refresh
UCS
X-Cache-Debug
X-NODE
X-Agile-Id
X-Agile-Age
X-PF-Uncompressing
X-Agile
X-Page-View
X-Via-Popn
X-Via-Poph
X-LB-ID
X-BC
X-DC
X-ZONE
X-B3-Traceid
HostName
X-RateLimit-Remaining
X-B3-Spanid
X-GEO
X-Dc
SRV
X-Servedbyhost
M-TraceId
X-LI-Proto
X-Debug-Cache-Fetch
X-Debug-Cache-Store
NGX
X-Ftr-Cache-Host
X-Datadome
X-Mvc-Supplant-OutputCached
X-Ua-Device
Hostname
X-Instart-Request-ID
X-Via-CDN
Arc-Country
Xserver
X-Cdn-Forward
X-SERVER
VivaBuild
Viewtype
X-Check-Cacheable
Cdn-Request-Time
X-Edge-Server
X-Request-Time
X-Nginx-Cache
X-Varnish-Hostname
Cdn-Host
X-Zone
X-Sql-Duration-Ms
X-Sql-Count
X-Bc
X-NU-AKA-ACS-Version
X-FPC
X-VCL-Version
X-RunCloud-Cache
X-Via-Ucdn
X-SERVER-NAME
Srv
WebServer
X-SRV
X-Action
X-NGINX-Cache
X-APP
Memory
X-Cluster-Node
X-UnsetCookies
X-LiteSpeed-Cache-Control
X-Vgn-Hpd-Ssi
X-Cache-Remote
X-Via-Popv
X-Via-Edge
X-Cs
X-Via-SSL
X-RSL
X-HS-Status
Edge-Copy-Time
X-CF-Powered-By
X-RPM
X-DW
X-DB
X-DI
X-RPS
X-DSS
WWW-Authenticate
X-Www-Served-By
SID
GeoIp-Country-Code
Geoip-Latitude
XServer
ProcessTime
X-CSRF-TOKEN
X-Svr
X-Oss-Cdn-Auth
X-Srv
NtCoent-Length
X-ORACLE-APMCS-REQUEST-ID
On-Server
X-LLID
X-MP-GENERATED-AT
Actual-Object-TTL
ServedBy
X-Geo
X-S-Maxage
X-Vcache
Cache-Hits
Apigw-Requestid
X-Dynatrace-Js-Agent
X-We-Are-Hiring
User-Agent
X-Unique-ID
X-Hit
Geo-Info
X-Akamai-Request-ID2
GeoIP-Country-Code
Amp-Access-Control-Allow-Source-Origin
GeoIP-Latitude
Sid
T-Server
Server-Info
Processtime
W
Ohc-File-Size
X-Pass-Why
LB
X-FORWARDED-FOR
X-MSEdge-Flight
X-ID
X-Epic-Correlation-Id
X-MSEdge-Features
X-HOST
N-Cache
X-Tb
X-Presslabs-Stats
Server-Host
X-Envoy-Upstream-Healthchecked-Cluster
Pics-Label
S-Rt
CF-IPCountry
X-FC-Vary-Parameters
X-HITS
X-Varnish-Hits
Cdn
X-SB
Magicmarker
X-Mobile-Rewrite
Accept-Language
WZWS-RAY
X-Cache-Hfrom
X-Pjax-Url
X-Fpc
X-Cache-Hm
X-Vcl-Version
X-VC
Protected
X-Webkit-CSP-Report-Only
X-Nc
X-Fastly-Country-Code
Esi-Enabled
A
X-Erf-Stays-Bingo-Pdp-Web
CDN
Cteonnt-Length
X-Key
X-Info
X-COUNTRY
X-CACHE-KEY
X-Uri
Ohc-Cache-HIT
X-Newrelic-Synthetics
X-Erf-Bev-Bev-Is-Generated
Origin-Cache-Control
Origin-Edge-Control
X-Erf-Bev-Bev
Lb
X-Newrelic-App-Data
X-Via-NSCOPI
X-Amzn-Remapped-Connection
X-Amzn-Remapped-Date
Tracecode
Proxy-Firewall
User-Cache-Control
X-TT-LOGID
X-Instart-Info
X-Dispatch
X-Acc-Rdl
X-Li-Proto
X-Provided-By
Section-Io-Origin-Time-Seconds
DSUID
X-Geo-Region
Odigeo-Trace-Id
Section-Io-Id
X-ServedByHost
Section-Io-Origin-Status
X-B3-SpanId
Section-Origin-Responded
Ssr
Powered-By
X-StackifyID
X-Dynatrace
Cache-Name
X-UA-Device-Type
X-Magnolia-Registration
X-Akamai-Pragma-Client-IP
X-TH-Server
Cache-Key
X-Served-From
HitType
Lfy
Server-Ttl
X-RAMCache
X-Lb-Id
X-Cache-Tag
X-Origin-Date
IsBot
Sever-Int
SR-User-Adfree
Path
X-BBXSRF
True-Client-Country-4JS
Server-Ext
Server-Hostname
Server-ID
X-BBC-Edge-Cache-Status
Vix-Hermes-Req-Id
Web-Mar-Node
Thinkindot-CacheControl
V-Age
Locid
MIME-Version
Thinkindot-CacheControl-Type
X-Varnish-Url
X-Varnish-Authentication
X-User
X-VServer
Release
Thinkindot-Control
X-API-Version
X-Thinkindot-L3
X-SIPLIST1
X-Rocket-Build-Number
X-Node-Id
X-Response-By
X-SD-PageType
X-Server-IP
X-Matched-Rule
X-Nginx-Cache-Key
X-Request-URI
X-Nyt-Route
X-Origin-Expires
Instruction
X-Origin-TTL
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Origin-CC
X-Loc
X-Hnp-Log
X-SVT-ORM-RULES
X-SRCache-Key
X-Origin-Time
X-SVT-ORM-VERSION
X-Cache-Info
X-Cache-ASPX
X-Cache-Expires
X-Contensis-Viewer-Groups
X-Sigma-Backend
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Sigma
X-GeoIP-City
X-Gen-Mode
X-Developer
X-Gdpr
X-Block-Status
X-Via-PopN
FNAC-ModuleRouting
Cache-Provider
X-Cc-Via
D-Cc-Upstream
X-TrackingId
Fastcgi-Cache-TTL
BehaviorPad-Version
X-Via-PopH
X-Cc-Req-Id
X-Men
X-Via-PopV
X-Scheme
CDCHOST
X-Generated
CountryCode
X-No-Cache
X-Fetched-On
X-LiteSpeed-Tag
X-Parent-Response-Time
X-Generated-In
X-NodeID
Xet-Cookie
X-App
X-Var-Ttl
X-Agile-Brick-Ok
X-VC-Cache
X-Traceid
X-Trace-Id
X-ElasticPress-Query
X-Sn-Servicetimems
X-Swa-Ws
X-ServiceProvider
X-Batcache
X-Cache-Spec
X-Azure-Ref-OriginShield
X-WA
X-Device-Os
X-Tt-Logid
Pramga
X-Cdn-Origin
Kp-EeAlive
Cache-Host
Tcn
X-HostName
X-Planisys-CDN-Cache
Req-Svc-Chain
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Varnish-Beresp-TTL
X-RateLimit-Limit
Who
X-PJAX-URL
Cf-Alt-Svc
X-Pf-Uncompressing
X-Yottaa-OS
Inserted-Into-Cache-At
Dnion-Transfer-Encoding
X-Path-Route
X-Selected-Name
X-Selected-Scheme
X-Selected-Host-Header
Pragrma
X-Snapshot-Date
X-C
X-CacheTTL
X-TraceId
X-B3-Parentspanid
Cf-Device-Type
X-BBC-Origin-Response-Status
Mime-Version
X-Dw-Trace-Id
X-Apw-Access-Object
X-Apw-Access-Token
X-Apw-Access-Action
X-Proxy-Cachei7
X-Vgn-Hpd-Reason
X-Apw-Hits
Vha6-Origin
X-MiniProfiler-Ids
Source
PICS-Label
X-Request-URL
Resin-Trace