Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-Cache-Status
Accept-Ranges
Pragma
Link
X-Powered-By
ETag
X-XSS-Protection
Expect-CT
CF-RAY
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-UA-Compatible
X-Amz-Cf-Id
P3P
X-Cache-Hits
Alt-Svc
X-Served-By
CF-Ray
X-Timer
X-Download-Options
X-Varnish
Access-Control-Allow-Headers
X-Xss-Protection
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Check
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Request-ID
X-Cache-Status
X-Generator
X-Cacheable
X-Kinja-Server-Push
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Iinfo
X-Content-Security-Policy
P3p
Content-Encoding
Status
X-CDN
X-AspNetMvc-Version
X-Envoy-Upstream-Service-Time
Upgrade
X-Drupal-Dynamic-Cache
Access-Control-Max-Age
Access-Control-Expose-Headers
Keep-Alive
X-Via
X-Ws-Request-Id
Feature-Policy
X-Age
X-Cache-Group
X-Server
X-Backend
X-Amz-Request-Id
X-Hacker
X-Amz-Id-2
X-Robots-Tag
Request-Context
X-UA-Device
X-AH-Environment
X-Proxy-Cache
EagleId
X-Turbo-Charged-By
X-Server-Powered-By
Server-Timing
X-Nginx-Cache-Status
Grace
Host-Header
X-Dns-Prefetch-Control
Report-To
X-Template
X-Language
X-Rq
Xkey
X-Page-Speed
X-Varnish-Cache
X-Ua-Compatible
X-OneAgent-JS-Injection
X-Pingback
X-Swift-CacheTime
X-Swift-SaveTime
Cf-Railgun
Ali-Swift-Global-Savetime
X-LiteSpeed-Cache
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Amz-Version-Id
X-Vhost
X-Buckets
X-Host
X-WebKit-CSP
NEL
X-Backend-Server
X-Server-Id
X-Dispatcher
X-Device
Accept-CH-Lifetime
Surrogate-Control
X-Node
Accept-CH
Request-Id
X-Ruxit-JS-Agent
Content-Location
EagleEye-TraceId
X-Response-Time
X-Akam-SW-Version
X-Cache-Lookup
Allow
X-Origin-Cache
X-Ac
X-Readtime
X-Country
X-Mod-Pagespeed
Rating
X-HW
X-Application-Context
X-Cloud-Trace-Context
X-ORACLE-DMS-ECID
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Edge-Control
Pinterest-Generated-By
X-MS-InvokeApp
X-CST
X-ORACLE-DMS-RID
X-Vname
X-PC
X-Cnection
X-TtlSet
X-Country-Code
X-Varnish-TTL
X-DataDome
X-GitHub-Request-Id
X-Content-Type
X-ASPNET-VERSION
X-FastCGI-Cache
X-D2id
X-Clacks-Overhead
X-TTL
Response
Display
X-Middleton-Display
X-Middleton-Response
Pagespeed
X-Sol
X-Server-Name
X-Trace
MS-Author-Via
Pinterest-Version
X-Pinterest-Rid
X-ESI
X-Origin-Upstream-Status
X-Vcap-Request-Id
X-Px
X-Rack-Cache
X-Abt-Application-Version
X-Navigation-Version
Fusion-Content-Id
Fusion-Component-Id
Fusion-Template-Id
Fusion-Source
Fusion-Deployment-Id
Fusion-Content-Source
Service-Worker-Allowed
X-B3-TraceId
X-Url
Verso
Arr-Disable-Session-Affinity
X-Client-IP
X-Cache-TTL
X-Cached
X-Element-Page-Cache
X-Dw-Request-Base-Id
X-Fastly-Request-ID
X-FTR-Request-ID
X-Webkit-CSP
SPRequestGuid
X-SharePointHealthScore
X-DynaTrace
X-VARITI-CCR
X-Kinja-Build
X-GoogleNews-Bot
X-Exp-Id
X-Cdn-Fetch
X-Exp-Variant
X-Kinja
X-Kinja-Revision
X-Use-Magma
X-Kinja-Server
X-Goog-Hash
X-Powered-By-Plesk
X-Upstream
X-NF-Request-ID
X-Pinterest-Direct
Fastly-Restarts
AR-ATIME
AR-Request-ID
AR-CACHE
AR-PoweredBy
Ar-Sid
SPIisLatency
SPRequestDuration
X-Debug
X-MSEdge-Ref
Content-MD5
X-Powered-CMS
X-Forwarded-Proto
X-Amz-Rid
X-Release
Access-Control-Request-Method
X-XRDS-Location
X-Version
X-T
X-Jurisdiction
S
X-Edge
X-Content-Digest
TCN
RTSS
Public-Key-Pins
X-Ezoic-Cdn
TP-Cache
TP-L2-Cache
Cache-Tag
X-Cache-Key
Front-End-Https
X-Litespeed-Cache
X-MCACHE
X-Mid
X-Mg-S
X-Amz-Server-Side-Encryption
X-Node-Name
Server-Node
X-Yandex-Sdch-Disable
X-HP-Webp
Fastcgi-Cache
Mrf-Cache-Status
MRF-Tech
X-Request-Processing-Time
X-B3-TraceId-Primal
X-Request-Received
X-Recruiting
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-PressLabs-Stats
X-Amzn-Trace-Id
X-Grace
X-Accel-Expires
X-Kinsta-Cache
X-Ser
MicrosoftSharePointTeamServices
X-Microsite
X-Request-Handler-Origin-Region
Accept-Ch
X-Varnish-Age
X-Origin-Server
Accept-Charset
X-NWS-LOG-UUID
X-DIS-Request-ID
Edge-Cache-Tag
ServerID
X-Logged-In
X-Content-Security-Policy-Report-Only
X-Ttl
Host
Nginx-Cache
X-Shield-Request-Id
Powered-By-ChinaCache
X-ECACHE
X-Page-Id
X-Forwarded-For
X-Ratelimit-Remaining
X-Cache-Hit
X-Hits
Cache-Tags
X-F-Cache
X-LB-Cache
Cleartype
X-Hostname
X-Server-ID
X-Respond-Thread
X-B
X-Activity-Id
X-Mobile-URL
X-Az
X-AppVersion
X-N
X-Git-Hash
X-Upgrade-Enabled
Realpath
X-Amz-Meta-S3cmd-Attrs
X-Cached-By
X-Kong-Proxy-Latency
X-Cache-Age
X-Kong-Upstream-Latency
X-Aspnetmvc-Version
X-Content-Options
DynaTrace
X-Type
X-Load-Cache
X-Rid
X-Request-Guid
X-App-Environment
Alternate-Protocol
X-Ratelimit-Limit
Paypal-Debug-Id
X-Varnish-Backend
X-Jobs
Access-Control-Allow-Method
Fastcgi-Useragent
X-FTR-Cache-Status
X-FTR-DC
X-FTR-Realm
X-Country-Code-Real
X-FTR-Backend-Server
X-FTR-Backend
X-FTR-Balancer
X-FTR-Expires
Charset
X-WebKit-CSP-Report-Only
X-Seen-By
X-Oneagent-Js-Injection
X-Proxy
X-HS-Hub-Id
X-HS-Cache-Config
X-HS-Content-Id
X-HS-Combine-CSS
X-Goog-Metageneration
X-GUploader-UploadID
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Generation
X-B3-Sampled
Filters
X-Zen-Fury
X-VCache
X-Akamai-Edgescape
X-URL
X-IPLB-Instance
X-B-Cache
X-Signature
X-FB-Debug
X-Whom
X-Debug-Info
X-Mobile
Healthy
MS-CV
Viewport
X-AOL-HN
X-FireWall-Port
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-Host-Name
X-TEC-API-ROOT
AMP-Access-Control-Allow-Source-Origin
X-Varnish-Grace
X-Region
DC
X-Daa-Tunnel
X-Geo-Country
Payment
X-User-Agent
X-Frontend
Filterid
Liferay-Portal
X-Accel-Buffering
X-Response-Served-From
X-Original-Request-Id
X-Cache-Operation
X-Amz-Replication-Status
CACHE
X-Cache-Rule
Surrogate-Key
X-HTML-Minification-Powered-By
X-Tumblr-User
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-UUID
X-Instance
X-Tumblr-Pixel-0
X-Correlation-ID
X-App-Server
X-Tumblr-Pixel
X-Distributor
X-Cache-Time
X-FW-Serve
X-FW-Dynamic
X-FW-Hash
X-FW-Type
X-FW-Static
X-FW-Server
X-Rule
X-Tec-Api-Origin
Section-Io-Cache
X-Cacheable-TTL
X-Tec-Api-Root
X-Tec-Api-Version
X-Protected-By
Refresh
S-Cnection
Accept-Ch-Lifetime
X-Id
X-Via-JSL
X-Cache-Expired-At
X-Content-Powered-By
Version
X-Cache-Spec
X-Cache-Action
X-Hyper-Cache
GEO-INFO
X-Is-Bot
Server-Name
X-Acc-Debug-Context
X-Rendered-As
X-Wix-Request-Id
X-Backend-Name
X-Sucuri-ID
Content-Disposition
X-Amzn-RequestId
X-Amz-Apigw-Id
Retry-After
Nel
X-Air-Hostname
X-XRDS-LOCATION
X-Correlation-Id
X-Ua
X-Endurance-Cache-Level
X-Ah-Environment
Arc-Version
PB-PID
X-Cache-Server
PB-RID
X-Source
X-Real-IP
X-Framework
X-Unique-Id
Eomportal-Instance
X-RemovedCookies
X-ProcessESI
X-L-Path
X-Environment-Context
Webserver
X-EdgeConnect-Cache-Status
X-Revision
X-Yottaa-Metrics
X-Yottaa-Optimizations
Datacenter
X-RTag
X-Drupal-Cache-Contexts
X-Sucuri-Cache
Frame-Options
Ms-Operation-Id
X-Pinterest-Sli-Endpoint-Name
X-Pinterest-Sli-Response-Type
Referer-Policy
X-Pinterest-Sli-Latency-Threshold
X-App-Version
X-Providence-Cookie
X-Aspnet-Duration-Ms
X-Flags
X-Is-Crawler
X-Route-Name
X-TIME
X-Drupal-Cache-Tags
Countrycode
Meta-Geo
X-Varnish-Server
X-ES-SERVER
X-RN-RSRV
X-Cache-Var
X-Cache-Control
X-Cache-Var-Map
X-LLID
X-BYPASS-REASON
X-WA-Info
X-Proxy-Cache-Status
X-ProxyCache-Status
X-ProxyCache-Key
X-Mode
Cache-Tv-Group
X-Xfnlog-Site
X-Hl-Ver
X-Time-Microsecs
X-Cache-Host
X-Qloud-Router
X-R9-Blue-Green-Version
X-FW-Version
X-Handled-By
X-Human
X-OCL
X-Cache-TTL-Remaining
X-LJ-Flow-ID
X-No-Session
X-Labrador-Cache-Channel
X-NYM-Debug-Backend
X-Origin-Hint
X-ServerID
X-Contextid
TWC-GeoIP-LatLong
TWC-Locale-Group
TWC-Privacy
TWC-GeoIP-Country
TWC-Device-Class
Property-Id
Ec-Rule-Version
Cross-Origin-Window-Policy
TWC-Connection-Speed
X-Cluster
Webcakes-App-Name
X-Amzn-Remapped-Content-Length
X-AWS-Id
X-VWS-Id
X-Be
X-PHP-Host
X-Proto
Webcakes-App-Version
X-Redis-Cache
X-Server-W
Mn-Server-Ip
X-PCL
Webcakes-Region
X-CDN-Forward
X-DynaTrace-JS-Agent
NGB
X-Format
X-Hosted-By
X-Locale
X-FB-TRIP-ID
X-NewRelic-App-Data
X-TT
X-Access
X-Loop
DB-Nickname
Akamai-Age-Ms
X-Via-Fastly
X-Zipkin-Id
X-Proxy-Build
X-Timing-Wait
X-TNCMS
X-Status
X-Routing-Service
X-Section
X-Site-Version
X-Proxied
Selected-Fe
X-Adobe-Loc
X-GeoIP
X-Azure-Ref
X-Adobe-Content
X-Detected-As
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-From
X-AIR-PT
Uber-Trace-Id
Upgrade-Insecure-Requests
VIX-Pulpo-Upstream-Status
FSS-Cache
VIX-Pulpo-Node
Cf-Bgj
X-Cache-PHP
X-Device-Type
X-Debug-Cache
X-Generated-By
X-ATG-Version
X-NC
X-Ratelimit-Reset
X-BCube-Filmed-By
Azure-RegionName
Azure-InstanceId
Azure-SlotName
Azure-SiteName
Azure-Version
Access-Control-Request-Headers
X-PHP-Backend
X-UPSTREAM-Address
X-Varnish-Cache-Hits
X-Page-View
X-B3-Traceid
X-ID
X-Akamai-Transformed
OT-Force-Account-Verify
Cache-Status
X-CSRF-Token
From-Origin
X-Adobe-Source
SD-X-WS
X-CCM
X-NCache
X-Backend-TTL
X-GoCache-CacheStatus
X-APP-VERSION
SRV
X-G
X-Cache-2
X-Cluster-Name
X-Origin
X-Oss-Hash-Crc64ecma
X-Oss-Storage-Class
X-Oss-Server-Time
X-Oss-Request-Id
X-Oss-Object-Type
X-LAGOON
X-Varnishpool
X-ShopId
X-Pubstack
X-Alternate-Cache-Key
X-Sorting-Hat-ShopId
X-Storefront-Renderer-Rendered
X-Soup
X-Sorting-Hat-PodId
Country
X-Shopify-Stage
X-ShardId
X-ApacheServer
X-PERF
X-Forwarded-Host
X-Cache-Grace
Fastly-SSL
X-Say-Cacheable
X-Web-Node
Decoy-Debug-TTL
Decoy-Debug-Status
X-Storage
Decoy-Debug-Key
X-SayCDN-TTL
X-Say-TTL
CF-Cached-On
X-Backend-Host
Node
X-GEO
X-Esi
X-Via-CDN
X-FTR-Cache-Host
X-JoinUs
X-SaId
Cache
X-IP
X-ECache
X-B3-Spanid
X-Ruxit-Js-Agent
X-Viewer-Country
Powered
X-TX-ID
X-B-Cookie
Apple-News-Services-Parsed-Url
X-Worker
X-A
Xc-Version
Apple-News-Services-Host
Apple-News-Services-Handled
X-External-Request-Id
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-Aed
Rendered-Blocks
X-Application
X-ARC
X-Cache-NE
X-Connection-Hash
X-A-Wwc
X-A-Dcw
X-A-Dam
X-A-Dgt
X-Destination
X-D
X-A-Ccd
Apple-News-Services-Request-Url
X-RCS-CacheZone
X-Processor
DCR-Decision-By
X-VG-WebCache
X-Vtex-Processado-Em
Machine
X-Vdms-Path
X-Request-UUID
DCR-Processing-Time-Ms
Mobile-Detection-Method
X-PBS-Appsvrname
X-PAYTM-SRV-ID
X-Vtex-Remote-Cache
MD5-Digest
Meta-Geo-Continent
X-VG-WebServer
Fastcgi-X-Cache-Version
X-Rewrite-Enabled
X-Vdms-Version
X-Session-Fingerprint
X-Rojux
X-Cache-Enabled
Host-ID
X-ScT
X-Trv-Group
X-S
X-S-Cookie
X-Erf-Bev-Bev-Is-Generated
X-Cache-Config
X-EC-Lua
X-Time
X-Tumblr-Pixel-3
X-Erf-Bev-Bev
X-Platform
Fastly-SIE
Is-Eu
X-Cache-Bucket
X-Varnish-CookieHashed-On
X-Variation
X-Servername
X-VG-TLSProxy
X-Rebelmouse-Surrogate-Control
Fastly-SWR
X-Cache-Remote
X-Rebelmouse-Cache-Control
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
X-Cache-Debug
X-IPS-LoggedIn
X-Platform-Server
X-WADP-Cache
CDN-RequestCountryCode
Adler-Geo
X-Generation-Time
X-Clara-WADP
X-Ms-Request-Id
X-Fastly-Cache
X-Microcachable
X-Micro-Cache
CDN-CachedAt
CDN-Cache
CDN-EdgeStorageId
X-Auto-Login
X-Irp-Debug
CDN-PullZone
X-Ms-Version
X-Fmm-Version
X-Core-Value
Platform
CDN-RequestId
X-DefHash
X-DefElseHash
X-CUA
X-Cms-Context
X-DPWN-IS-SECURE
Gh-Request-Id
CDN-Uid
CloudFront-Viewer-Country
X-Envoy-Decorator-Operation
Backend
X-Backend-State
L
PFcat
NM-Fastcgi-Cache
Wxu-Next-Region
Origin
Wxu-Next-Hostname
Wxu-Next-Commit
L5d-Success-Class
Rt-Fastcgi-Cache
Pagetype
X-Eu-Site
X-Policy
X-Clientip
X-Wikidot-Backend
X-Mvc-Supplant-Cachable
X-Wikidot-Static-Cache
X-Request-Host
X-LI-UUID
X-Location
X-Request-Start
X-Method
X-Old-Content-Length
X-Cache-NGX
X-VarnishDD-TTL
X-Bip
X-Skip-Cache
X-Varnish-Cacheable
X-Reqid
X-PF-Uncompressing
X-Webstats-RespID
X-OVcl
X-OVcl-Cache
X-Owner
X-Li-Pop
X-Li-Fabric
X-Dispatcher-Server
X-Esi-Check
C-Via
X-Fastly-Backend
X-Developers
X-Csrf-Jwt
X-Cache-Date
X-Cache-Id
X-Cache-Tags
X-CGP
X-Generated-On
X-Geo-Header
X-JWT-State
X-Level-Front-Cache
X-Thanos
X-SN
X-Is-Gdpr
X-HS-Content-Campaign-Id
X-Gzip
X-Has-Esi
X-HN
X-Branch-Name
X-Cache-Backend
HA-Ipaddr
Fastly-Backend-Name
CacheControlHeader
Akamai-GRN
X-Varnish-Beresp-Ttl
X-Varnish-Beresp-Grace
Ha-Gx-Prefs
AKAMAI
X-Varnish-Beresp-Status
X-Sql-Duration-Ms
X-Sql-Count
X-NWS-UUID-VERIFY
X-Render-Time
XServer
X-Slack-Backend
X-Refresh
X-Hash
Fastly-Drupal-HTML
X-Gamma-Serve
X-Varnish-Ttl
X-Content-Age
X-Core-Mission
X-Bc-Bl
UCS
X-COUNTRY
X-Wa
X-DC
X-Www-Served-By
X-CS
FSS-Proxy
X-Transaction
X-Twitter-Response-Tags
X-SRV
Protected
X-UA
X-NU-AKA-ACS-Version
X-EIG-Tracking-Id
X-Minions-Version
Cache-Hits
X-S-Maxage
X-Aicache-OS
X-Ftr-Cache-Host
Hostname
X-NODE
NGX
Country-Code
X-Fastcgi-Cache
X-Mvc-Supplant-OutputCached
X-Amz-Meta-Cb-Modifiedtime
X-Dc
X-Check-Cacheable
X-Accel-Expires-Debug
X-Servedbyhost
Surrogated-Key
X-Via-Poph
X-Date
X-Via-Popn
X-LI-Proto
X-RateLimit-Remaining
X-TA-CDN-Provider
X-NGENIX-Cache
X-FPC
X-Debug-Cache-Store
We-Hiring
X-Debug-Cache-Fetch
X-Req
On-Server
X-Edge-Location
X-Up
X-Svr
X-Vgn-Hpd-Cached
X-Vgn-Hpd-Variations-Key
ServedBy
Mail-Subject
X-Proxy-Upstream
X-Request-Time
Memcached
X-Cdn-Srv
X-Erf-Stays-Bingo-Pdp-Web
Ufe-Result
GeoIp-Country-Code
Geoip-Latitude
Group
X-Cache-URL
X-LB-ID
X-Ua-Device
X-Varnish-Hostname
X-Via-SSL
X-Via-Edge
Edge-Copy-Time
HostName
X-CACHE-AGE
T-Server
Time
X-Nginx-Cache
X-NGINX-Cache
X-Presslabs-Stats
Now
X-Pass-Why
X-Hp-Webp
Section-Io-Id
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
X-VCL-Version
X-Webkit-Csp
X-Cs
Section-Origin-Responded
X-CSRF-TOKEN
X-Uri
WZWS-RAY
X-ZONE
Server-Host
N-Cache
X-Agile
Pics-Label
X-Cluster-Node
X-BC
X-Agile-Age
X-Agile-Id
X-Varnish-Hits
Magicmarker
X-MP-GENERATED-AT
X-TT-LOGID
X-Acc-Rdl
X-SB
X-VC
SID
Ohc-File-Size
DSUID
X-UnsetCookies
X-CF-Powered-By
X-Info
X-Oracle-Dms-Rid
Cache-Name
X-UA-Device-Type
M-TraceId
X-LiteSpeed-Cache-Control
X-Cdn-Forward
X-Datadome
X-Dynatrace-Js-Agent
X-Bc
X-Dynatrace
Ohc-Cache-HIT
X-Zone
Apigw-Requestid
X-Srv
ProcessTime
X-Via-Popv
X-Origin-Date
X-HS-Status
X-FORWARDED-FOR
Odigeo-Trace-Id
NtCoent-Length
Cteonnt-Length
User-Cache-Control
Xserver
X-APP
Tracecode
X-We-Are-Hiring
Arc-Country
CountryCode
User-Agent
Cdn-Host
X-MSEdge-Flight
S-Rt
Processtime
Viewtype
Ssr
Cdn-Request-Time
X-Via-Ucdn
Sid
X-MSEdge-Features
W
VivaBuild
CF-IPCountry
X-Edge-Server
X-Magnolia-Registration
LB
X-Action
X-RunCloud-Cache
Server-Info
Memory
X-Tb
CDN
Lfy
X-HOST
Srv
X-BBXSRF
CDCHOST
X-DW
X-API-Version
X-VServer
Locid
X-Block-Status
X-BBC-Edge-Cache-Status
X-Cache-Expires
X-DSS
Instruction
X-Gen-Mode
X-Developer
IsBot
Web-Mar-Node
X-Cache-Info
X-Contensis-Viewer-Groups
X-Cache-ASPX
V-Age
X-User
Server-Hostname
X-Varnish-Authentication
X-Varnish-Url
X-Cc-Via
Server-Ext
Path
X-Cc-Req-Id
X-Thinkindot-L3
Sever-Int
SR-User-Adfree
X-Scheme
True-Client-Country-4JS
D-Cc-Upstream
Thinkindot-Control
X-DI
Thinkindot-CacheControl
MIME-Version
Thinkindot-CacheControl-Type
Vix-Hermes-Req-Id
X-Gdpr
X-Request-URI
X-Response-By
X-DB
WWW-Authenticate
X-Origin-Time
X-Origin-CC
X-Origin-Expires
X-SD-PageType
X-RPM
X-SRCache-Key
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-SIPLIST1
X-Server-IP
X-RPS
X-RSL
X-Nyt-Route
X-Origin-TTL
X-Node-Id
X-Nginx-Cache-Key
X-Oss-Cdn-Auth
X-Matched-Rule
X-Loc
X-Hnp-Log
X-HITS
X-Fastly-Request-Id
Cache-Host
X-Vgn-Hpd-Ssi
Amp-Access-Control-Allow-Source-Origin
X-Swa-Ws
Release
X-GeoIP-City
Server-ID
X-Cache-Hfrom
X-Generated-In
Pramga
X-Trace-Id
X-Var-Ttl
X-Pjax-Url
X-Azure-Ref-OriginShield
X-Vcl-Version
X-Unique-ID
X-Cdn-Origin
Geo-Info
X-Sn-Servicetimems
X-NodeID
X-Cache-Hm
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Fetched-On
X-Device-Os
WebServer
X-Webkit-CSP-Report-Only
X-Fastly-Country-Code
X-Newrelic-App-Data
X-FC-Vary-Parameters
X-Browser-Type
A
X-Newrelic-Synthetics
X-Traceid
X-Lb-Id
X-Geo
X-CACHE-KEY
X-Hit
GeoIP-Country-Code
Lb
Cf-Device-Type
GeoIP-Latitude
X-Origin-Response-Time
Source
X-Provided-By
Cdn
X-Akamai-Request-ID2
X-Fpc
X-Nc
X-Via-NSCOPI
X-Cache-Tag
X-Envoy-Upstream-Healthchecked-Cluster
X-ServedByHost
FNAC-ModuleRouting
X-Via-PopH
Expiry
X-Li-Proto
X-Epic-Correlation-Id
X-Via-PopN
X-Via-PopV
Server-Ttl
X-Men
X-Akamai-Pragma-Client-IP
Cache-Key
X-Sigma-Backend
Accept-Language
Url
Kp-EeAlive
X-SERVER-NAME
X-Rocket-Build-Number
X-Vgn-Hpd-Reason
X-TH-Server
X-Sigma
X-Served-From
EpKe-Alive
X-Proxy-Cachei7
X-Amzn-Remapped-Date
Content-Style-Type
X-Amzn-Remapped-Connection
Content-Secure-Policy
Content-Script-Type
Location
X-B3-Parentspanid
Xkeyi7
X-BBC-Origin-Response-Status
Esi-Enabled
X-Parent-Response-Time
Cache-Provider
X-StackifyID
X-Akamai-Request-ID
X-No-Cache
X-RateLimit-Limit-Second
X-ORACLE-APMCS-REQUEST-ID
Actual-Object-TTL
X-RateLimit-Remaining-Second
X-ServiceProvider
X-ElasticPress-Query
X-Tt-Logid
X-VC-Cache
X-Request-URL
X-B3-SpanId
URI
X-Agile-Brick-Ok
X-Key
BehaviorPad-Version
X-Yottaa-OS
X-MiniProfiler-Ids
Req-Svc-Chain
X-WA
X-ND-Cache
Tcn
X-Instart-Request-ID
X-Apw-Hits
X-Litespeed-Cache-Control
Inserted-Into-Cache-At
X-RateLimit-Limit
X-TraceId
X-Batcache
X-HostName
Who
X-PJAX-URL
X-Apw-Access-Action
X-Apw-Access-Object
X-Apw-Access-Token
X-TrackingId
X-Varnish-Beresp-TTL
X-Mobile-Rewrite
X-Selected-Host-Header
X-Selected-Name
X-Selected-Scheme
DataCenter
Vha6-Origin
Xet-Cookie
Mime-Version
X-C
Proxy-Firewall
X-Dispatch
X-Instart-Info
Origin-Edge-Control
Origin-Cache-Control
Resin-Trace
X-Snapshot-Date
PICS-Label
Pragrma
NnCoection