Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Pragma
X-Powered-By
Link
ETag
Expect-CT
X-XSS-Protection
Via
CF-RAY
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
P3P
X-Cache-Hits
X-Xss-Protection
Alt-Svc
X-Served-By
CF-Ray
X-Timer
X-Varnish
X-Download-Options
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
Content-Security-Policy-Report-Only
X-Request-ID
X-Drupal-Cache
X-Check
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-Generator
X-Cacheable
X-Kinja-Server-Push
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Iinfo
P3p
X-Content-Security-Policy
Status
X-AspNetMvc-Version
Content-Encoding
X-CDN
Upgrade
X-Envoy-Upstream-Service-Time
X-Drupal-Dynamic-Cache
Access-Control-Max-Age
Access-Control-Expose-Headers
Keep-Alive
X-Via
X-Ws-Request-Id
Feature-Policy
X-Template
X-Language
X-Age
X-Dns-Prefetch-Control
X-Backend
X-Cache-Group
X-Hacker
X-Server
X-Amz-Request-Id
X-Robots-Tag
X-Amz-Id-2
X-AH-Environment
X-UA-Device
EagleId
X-Proxy-Cache
Request-Context
X-Turbo-Charged-By
X-Server-Powered-By
Server-Timing
X-Nginx-Cache-Status
Host-Header
Grace
Report-To
Xkey
X-Buckets
X-Page-Speed
X-Rq
X-OneAgent-JS-Injection
X-Varnish-Cache
X-Pingback
X-Swift-SaveTime
X-Swift-CacheTime
X-LiteSpeed-Cache
Ali-Swift-Global-Savetime
Cf-Railgun
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Amz-Version-Id
X-Vhost
X-WebKit-CSP
X-Host
X-Backend-Server
X-Dispatcher
NEL
X-Device
X-Node
X-Server-Id
Surrogate-Control
X-Ruxit-JS-Agent
Cf-Bgj
Content-Location
X-Response-Time
Request-Id
Accept-CH-Lifetime
X-Cache-Lookup
X-Origin-Cache
X-Akam-SW-Version
Accept-CH
EagleEye-TraceId
X-Ac
X-ASPNET-VERSION
X-Readtime
X-Country
Rating
X-Mod-Pagespeed
X-HW
X-Cloud-Trace-Context
Allow
X-Application-Context
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
Pinterest-Generated-By
Edge-Control
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Country-Code
X-Vname
X-PC
X-TtlSet
X-DataDome
X-Varnish-TTL
X-Cnection
X-MS-InvokeApp
X-Url
X-Origin-Upstream-Status
X-Content-Type
X-GitHub-Request-Id
Fusion-Source
Fusion-Template-Id
Fusion-Deployment-Id
Fusion-Content-Source
Fusion-Content-Id
Fusion-Component-Id
X-Clacks-Overhead
X-D2id
X-Trace
Pinterest-Version
X-Pinterest-Rid
Response
Pagespeed
Display
X-Middleton-Display
X-Middleton-Response
X-Sol
X-Abt-Application-Version
X-Px
X-Vcap-Request-Id
X-Rack-Cache
X-Navigation-Version
X-Server-Name
Verso
X-FTR-Request-ID
MS-Author-Via
Service-Worker-Allowed
X-DynaTrace
X-B3-TraceId
X-Element-Page-Cache
X-Fastly-Request-ID
X-Cached
X-ESI
X-Client-IP
X-CST
X-Webkit-CSP
Arr-Disable-Session-Affinity
X-FastCGI-Cache
X-Cache-TTL
X-TTL
X-Dw-Request-Base-Id
X-Powered-By-Plesk
X-Upstream
Content-MD5
X-SharePointHealthScore
X-VARITI-CCR
SPRequestGuid
Fastly-Restarts
AR-ATIME
X-NF-Request-ID
AR-Request-ID
AR-PoweredBy
X-Goog-Hash
AR-CACHE
X-Version
X-Debug
Ar-Sid
X-GoogleNews-Bot
X-Kinja
X-Kinja-Build
X-Use-Magma
X-Kinja-Revision
X-Exp-Variant
X-Kinja-Server
X-Exp-Id
X-Cdn-Fetch
X-Forwarded-Proto
X-T
X-MSEdge-Ref
Access-Control-Request-Method
X-XRDS-Location
X-Powered-CMS
X-Jurisdiction
X-Release
X-Content-Digest
SPRequestDuration
SPIisLatency
X-Pinterest-Direct
S
TP-Cache
TP-L2-Cache
X-Amz-Rid
X-Edge
TCN
RTSS
Accept-Ch
Cache-Tag
X-Ttl
Public-Key-Pins
X-Ezoic-Cdn
X-Node-Name
X-Yandex-Sdch-Disable
Fastcgi-Cache
X-NWS-LOG-UUID
X-Cache-Key
X-Request-Received
X-Mid
X-MCACHE
X-Request-Processing-Time
Server-Node
Front-End-Https
X-PressLabs-Stats
X-Accel-Expires
X-Amzn-Trace-Id
X-Recruiting
X-Kinsta-Cache
X-Ser
X-Request-Handler-Origin-Region
X-Microsite
Mrf-Cache-Status
X-B3-TraceId-Primal
MRF-Tech
ServerID
X-Server-ID
X-Ratelimit-Remaining
X-SRCache-Fetch-Status
X-Logged-In
X-SRCache-Store-Status
X-Origin-Server
X-Mg-S
Accept-Charset
X-Cache-Hit
X-Page-Id
X-Amz-Server-Side-Encryption
X-Grace
Host
X-Varnish-Age
X-Content-Security-Policy-Report-Only
X-B
X-ECACHE
X-DIS-Request-ID
X-HP-Webp
Nginx-Cache
X-Shield-Request-Id
X-Mobile-URL
X-Hostname
Edge-Cache-Tag
Alternate-Protocol
X-Ratelimit-Limit
X-Hits
Realpath
X-F-Cache
MicrosoftSharePointTeamServices
X-Git-Hash
X-FTR-Backend
X-FTR-Balancer
X-FTR-Realm
X-FTR-DC
X-FTR-Cache-Status
X-FTR-Backend-Server
X-Country-Code-Real
X-LB-Cache
X-FTR-Expires
X-Content-Options
X-Az
X-AppVersion
X-Activity-Id
X-Seen-By
X-Forwarded-For
X-N
X-FireWall-Port
Cache-Tags
X-Jobs
X-Request-Guid
Filterid
X-Load-Cache
Paypal-Debug-Id
X-Type
X-Rid
X-App-Environment
X-Varnish-Backend
Fastcgi-Useragent
Cleartype
X-Kong-Upstream-Latency
DynaTrace
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-Cached-By
X-WebKit-CSP-Report-Only
X-TEC-API-ROOT
X-Kong-Proxy-Latency
X-Upgrade-Enabled
X-Cache-Age
Access-Control-Allow-Method
X-Zen-Fury
X-Varnish-Grace
X-Proxy
Powered-By-ChinaCache
Accept-Ch-Lifetime
X-Daa-Tunnel
X-FB-Debug
X-Amz-Meta-S3cmd-Attrs
X-Litespeed-Cache
X-Akamai-Edgescape
X-Respond-Thread
X-Correlation-ID
X-Goog-Storage-Class
X-App-Server
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-GUploader-UploadID
X-Geo-Country
X-HS-Content-Id
X-HS-Hub-Id
X-HS-Cache-Config
DC
X-HS-Combine-CSS
X-B3-Sampled
X-Cache-Rule
X-Cache-Operation
X-Host-Name
X-B-Cache
X-Signature
X-Debug-Info
X-AOL-HN
X-Content-Powered-By
X-IPLB-Instance
X-User-Agent
MS-CV
X-Whom
X-Id
X-Accel-Buffering
X-Region
Healthy
X-Original-Request-Id
X-Response-Served-From
Content-Disposition
AMP-Access-Control-Allow-Source-Origin
X-Frontend
X-Mobile
X-Wix-Request-Id
Payment
X-FW-Dynamic
X-Distributor
X-FW-Hash
X-FW-Server
X-Rule
X-FW-Type
X-FW-Static
X-UUID
X-FW-Serve
X-Cacheable-TTL
X-Instance
X-HTML-Minification-Powered-By
Refresh
X-Tumblr-Pixel-2
X-Tumblr-Pixel
X-Tumblr-User
X-Is-Bot
X-VCache
X-Rendered-As
X-Cache-Time
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
Filters
Charset
Surrogate-Key
Liferay-Portal
X-Ua
X-Endurance-Cache-Level
Viewport
X-Amz-Apigw-Id
X-Amzn-RequestId
Datacenter
Akamai-Age-Ms
X-Acc-Debug-Context
X-Protected-By
X-Via-JSL
S-Cnection
NGB
X-Backend-Name
Countrycode
X-Hyper-Cache
PB-PID
Arc-Version
PB-RID
Nel
X-XRDS-LOCATION
X-App-Version
X-Esi
X-Amz-Replication-Status
X-Cache-Expired-At
X-Varnish-Server
X-Ah-Environment
Section-Io-Cache
X-Tec-Api-Version
X-Cache-Server
X-Oneagent-Js-Injection
X-Cache-Action
X-Tec-Api-Origin
X-Tec-Api-Root
GEO-INFO
Retry-After
Version
X-Sucuri-ID
X-Source
Referer-Policy
X-EdgeConnect-Cache-Status
X-Azure-Ref
X-NewRelic-App-Data
X-WA-Info
Eomportal-Instance
X-Cache-Control
X-Unique-Id
X-PHP-Backend
X-Framework
Server-Name
X-Proxy-Cache-Status
X-RemovedCookies
X-L-Path
X-Real-IP
X-Environment-Context
X-ProcessESI
X-Air-Hostname
X-Yottaa-Optimizations
Frame-Options
X-Yottaa-Metrics
Ms-Operation-Id
X-RTag
X-Revision
Meta-Geo
X-Cache-Var-Map
X-Cache-Var
X-ES-SERVER
X-RN-RSRV
X-Mode
X-From
X-ProxyCache-Status
X-Cache-TTL-Remaining
X-ProxyCache-Key
X-GeoIP
X-BYPASS-REASON
X-Drupal-Cache-Contexts
X-Time-Microsecs
X-URL
X-Cache-Host
X-Xfnlog-Site
X-DynaTrace-JS-Agent
X-Cluster
Cross-Origin-Window-Policy
X-Sucuri-Cache
X-FW-Version
Ec-Rule-Version
X-Loop
X-Status
X-TNCMS
Cache-Tv-Group
DB-Nickname
X-Qloud-Router
X-PHP-Host
X-Labrador-Cache-Channel
X-OCL
X-PCL
X-Hosted-By
X-R9-Blue-Green-Version
X-Redis-Cache
X-Correlation-Id
X-Proxied
X-Locale
X-Routing-Service
X-Server-W
X-VWS-Id
X-Zipkin-Id
Mn-Server-Ip
X-Site-Version
X-LJ-Flow-ID
X-Detected-As
X-NYM-Debug-Backend
X-AWS-Id
X-Human
X-Hl-Ver
Uber-Trace-Id
X-Amzn-Remapped-Content-Length
Selected-Fe
X-Debug-Cache
X-Proxy-Build
Property-Id
X-Format
X-Access
Webcakes-Region
X-Handled-By
X-Origin-Hint
X-ServerID
X-Section
Webcakes-App-Version
Webcakes-App-Name
TWC-Device-Class
TWC-Connection-Speed
TWC-GeoIP-Country
TWC-GeoIP-LatLong
TWC-Privacy
TWC-Locale-Group
X-Timing-Wait
X-Via-Fastly
Powered
X-ATG-Version
X-CDN-Forward
X-Proto
X-Time
X-Drupal-Cache-Tags
X-Be
X-Contextid
X-Cache-PHP
CACHE
X-No-Session
X-BCube-Filmed-By
X-Generated-By
X-FB-TRIP-ID
X-Ratelimit-Reset
X-Fastcgi-Cache
X-Device-Type
X-CSRF-Token
FSS-Cache
From-Origin
X-Varnish-Cache-Hits
X-SaId
Cache
X-FTR-Cache-Host
Webserver
X-JoinUs
X-NC
X-Hp-Webp
X-Adobe-Loc
X-Adobe-Content
CF-Cached-On
X-NCache
OT-Force-Account-Verify
X-Oss-Hash-Crc64ecma
X-Pinterest-Sli-Endpoint-Name
X-Origin
X-Pinterest-Sli-Response-Type
X-Oss-Server-Time
X-Oss-Storage-Class
X-Pinterest-Sli-Latency-Threshold
X-Oss-Request-Id
X-Oss-Object-Type
VIX-Pulpo-Node
X-TT
VIX-Pulpo-Upstream-Status
X-AIR-PT
Azure-Version
Azure-InstanceId
Azure-SlotName
Azure-RegionName
Azure-SiteName
X-Tt-Trace-Tag
X-GoCache-CacheStatus
X-Akamai-Transformed
X-Tt-Trace-Host
X-TIME
X-NWS-UUID-VERIFY
X-Aspnet-Duration-Ms
X-Providence-Cookie
X-Is-Crawler
X-Route-Name
X-Flags
Access-Control-Request-Headers
Upgrade-Insecure-Requests
X-IPS-LoggedIn
X-APP-VERSION
X-Adobe-Source
X-CCM
SD-X-WS
X-IP
X-TA-CDN-Provider
X-Alternate-Cache-Key
X-Shopify-Stage
X-Sorting-Hat-ShopId
X-Storefront-Renderer-Rendered
X-Sorting-Hat-PodId
X-Cache-2
X-ShardId
X-ShopId
X-ApacheServer
X-EIG-Tracking-Id
X-Cache-Grace
X-Bc-Bl
X-Forwarded-Host
X-Cache-Enabled
X-PERF
X-Pubstack
X-EC-Lua
Decoy-Debug-Key
X-Storage
X-Backend-Host
X-Web-Node
Decoy-Debug-Status
X-Tumblr-Pixel-3
X-G
Cache-Status
Decoy-Debug-TTL
X-Say-TTL
X-Backend-TTL
X-ECache
X-LAGOON
X-Cluster-Name
X-SayCDN-TTL
X-Say-Cacheable
X-Soup
Fastly-SSL
Node
X-Cache-Backend
X-Ruxit-Js-Agent
X-Varnishpool
X-Viewer-Country
X-Request-UUID
X-B-Cookie
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
X-UPSTREAM-Address
X-Rewrite-Enabled
X-A-Dcw
Fastcgi-X-Cache-Version
MD5-Digest
X-S
X-Worker
X-S-Cookie
X-ScT
X-A-Wwc
X-Twitter-Response-Tags
X-A-Dgt
X-Transaction
X-Trv-Group
X-Aed
X-Vdms-Path
X-External-Request-Id
X-VG-WebCache
X-VG-WebServer
X-D
X-Application
X-Vdms-Version
X-Rojux
X-ARC
X-Connection-Hash
X-PAYTM-SRV-ID
X-CF-Lambda-Version
Machine
X-CF-Lambda-Fn
DCR-Decision-By
Apple-News-Services-Handled
Apple-News-Services-Host
X-A
X-TX-ID
Rendered-Blocks
Apple-News-Services-Parsed-Url
Host-ID
Apple-News-Services-Request-Url
DCR-Processing-Time-Ms
X-Destination
X-A-Ccd
X-A-Dam
X-PBS-Appsvrname
Xc-Version
Meta-Geo-Continent
X-RCS-CacheZone
Mobile-Detection-Method
X-Processor
X-Cache-NE
X-Cdn
Country
X-B3-Traceid
X-Cache-Config
X-DPWN-IS-SECURE
X-Variation
CDN-Uid
Fastly-SIE
X-Micro-Cache
X-Platform-Server
X-Generation-Time
X-Servername
Fastly-SWR
X-Rebelmouse-Cache-Control
X-Fmm-Version
X-Envoy-Decorator-Operation
CloudFront-Viewer-Country
X-Fastly-Cache
CDN-Cache
CDN-PullZone
Is-Eu
X-Rebelmouse-Surrogate-Control
X-WADP-Cache
CDN-CachedAt
X-Varnish-Beresp-Ttl
X-Cache-Bucket
CDN-EdgeStorageId
X-Varnish-Beresp-Status
X-Ms-Version
X-Varnish-Beresp-Grace
X-Ms-Request-Id
CDN-RequestCountryCode
Adler-Geo
CDN-RequestId
X-VG-TLSProxy
Platform
X-Clara-WADP
Backend
X-Request-Start
Fastly-Drupal-HTML
X-Policy
L
X-Owner
Country-Code
Origin
C-Via
Rt-Fastcgi-Cache
X-Platform
Akamai-GRN
X-Request-Host
X-Render-Time
X-Cache-NGX
X-Auto-Login
X-Cms-Context
X-Li-Fabric
X-DefElseHash
X-Clientip
X-CS
X-Varnish-CookieHashed-On
X-Vgn-Hpd-Cached
X-Esi-Check
X-DefHash
X-Li-Pop
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
X-Microcachable
X-Method
X-Core-Value
X-LI-UUID
X-Skip-Cache
X-Core-Mission
X-Fastly-Backend
X-Vgn-Hpd-Variations-Key
X-Gzip
X-Wikidot-Backend
X-Backend-State
Gh-Request-Id
X-Old-Content-Length
X-Slack-Backend
X-Thanos
X-Varnish-Cacheable
X-Wikidot-Static-Cache
X-HS-Content-Campaign-Id
X-Cache-Id
X-Bip
X-Irp-Debug
X-UA
X-Page-View
X-OVcl
Wxu-Next-Commit
PFcat
X-OVcl-Cache
X-Level-Front-Cache
X-Gamma-Serve
NM-Fastcgi-Cache
X-Generated-On
X-Hash
X-HN
Surrogated-Key
X-Dispatcher-Server
X-Content-Age
X-Amz-Meta-Cb-Modifiedtime
X-Cache-Tags
X-Accel-Expires-Debug
X-JWT-State
Fastly-Backend-Name
AKAMAI
X-Mvc-Supplant-Cachable
X-Webstats-RespID
X-Cache-Date
Wxu-Next-Region
X-CUA
X-Minions-Version
X-Has-Esi
X-DC
X-Is-Gdpr
X-VarnishDD-TTL
X-Date
Wxu-Next-Hostname
X-Varnish-Ttl
X-SN
X-Developers
X-NGENIX-Cache
X-CGP
X-Csrf-Jwt
X-Eu-Site
X-Wa
Time
HA-Ipaddr
X-Req
X-Reqid
X-Up
CacheControlHeader
X-Geo-Header
Ha-Gx-Prefs
X-Session-Fingerprint
X-Cache-Debug
X-Location
L5d-Success-Class
X-COUNTRY
X-Cache-URL
Pagetype
SRV
X-LB-ID
X-Cdn-Srv
X-B3-Spanid
X-Branch-Name
FSS-Proxy
X-Edge-Location
Now
Ufe-Result
We-Hiring
UCS
Mail-Subject
Memcached
X-Refresh
Group
X-GEO
X-Proxy-Upstream
X-Via-Popn
X-Via-Poph
X-Aicache-OS
X-NODE
X-ID
X-PF-Uncompressing
X-Via-CDN
X-CACHE-AGE
Hostname
X-Agile-Id
X-Mvc-Supplant-OutputCached
X-Servedbyhost
X-Ftr-Cache-Host
NGX
X-Agile
X-Agile-Age
X-LI-Proto
X-RateLimit-Remaining
X-SERVER-NAME
X-LLID
X-Nginx-Cache
X-ZONE
X-BC
X-Debug-Cache-Fetch
X-Debug-Cache-Store
HostName
X-Datadome
M-TraceId
X-Sql-Duration-Ms
X-Ua-Device
X-Check-Cacheable
X-SRV
X-Sql-Count
X-Dc
X-FORWARDED-FOR
X-Cache-Remote
Xserver
X-FPC
X-Varnish-Hostname
X-NU-AKA-ACS-Version
X-SERVER
X-VCL-Version
X-Presslabs-Stats
Arc-Country
WebServer
X-Request-Time
X-LiteSpeed-Cache-Control
X-Www-Served-By
X-Via-SSL
X-CF-Powered-By
Edge-Copy-Time
X-Via-Edge
Viewtype
X-Edge-Server
VivaBuild
X-Cluster-Node
Cdn-Host
X-Bc
Cdn-Request-Time
X-Zone
Cache-Hits
X-S-Maxage
X-Cdn-Forward
SID
X-APP
On-Server
X-Svr
X-Via-Ucdn
ServedBy
XServer
X-Via-Popv
X-RunCloud-Cache
X-Action
Srv
X-UnsetCookies
X-CSRF-TOKEN
X-DB
X-RSL
X-DI
X-Cs
X-RPS
Geoip-Latitude
X-HS-Status
X-DSS
X-Instart-Request-ID
X-DW
NtCoent-Length
GeoIp-Country-Code
X-Dynatrace-Js-Agent
X-RPM
Memory
WWW-Authenticate
X-MP-GENERATED-AT
ProcessTime
X-NGINX-Cache
X-Erf-Stays-Bingo-Pdp-Web
T-Server
X-Vgn-Hpd-Ssi
X-Srv
X-Oss-Cdn-Auth
Apigw-Requestid
X-Vcache
X-Pass-Why
Ohc-File-Size
X-We-Are-Hiring
X-MSEdge-Flight
X-MSEdge-Features
Server-Info
User-Agent
X-Geo
Server-Host
W
Processtime
Pics-Label
Protected
X-Varnish-Hits
LB
X-ORACLE-APMCS-REQUEST-ID
X-Hit
Actual-Object-TTL
X-SB
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-VC
CF-IPCountry
WZWS-RAY
X-Tb
GeoIP-Country-Code
X-Akamai-Request-ID2
GeoIP-Latitude
N-Cache
S-Rt
Magicmarker
Amp-Access-Control-Allow-Source-Origin
Sid
X-Uri
X-HOST
X-Unique-ID
Geo-Info
X-Epic-Correlation-Id
X-Envoy-Upstream-Healthchecked-Cluster
X-Info
X-Acc-Rdl
Ohc-Cache-HIT
X-HITS
X-Cache-Hfrom
X-Pjax-Url
X-Newrelic-App-Data
X-Vcl-Version
X-Cache-Hm
CDN
Accept-Language
X-Webkit-CSP-Report-Only
X-Fastly-Country-Code
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
Odigeo-Trace-Id
DSUID
X-Provided-By
Section-Io-Id
Tracecode
Cdn
Esi-Enabled
X-FC-Vary-Parameters
X-Fpc
X-TT-LOGID
A
User-Cache-Control
Section-Io-Origin-Status
Cteonnt-Length
Cache-Name
X-Mobile-Rewrite
X-CACHE-KEY
Lb
Ssr
X-Key
X-UA-Device-Type
X-Nc
X-Newrelic-Synthetics
X-Magnolia-Registration
X-Via-NSCOPI
Lfy
X-Amzn-Remapped-Date
X-Origin-Date
X-Amzn-Remapped-Connection
Origin-Cache-Control
X-Cache-Tag
Origin-Edge-Control
Server-ID
Instruction
Server-Hostname
X-VServer
IsBot
X-Dispatch
X-Varnish-Authentication
Thinkindot-CacheControl
X-User
X-Developer
X-Varnish-Url
Proxy-Firewall
Sever-Int
SR-User-Adfree
X-Contensis-Viewer-Groups
X-Cache-ASPX
X-Men
X-API-Version
MIME-Version
X-Gdpr
Locid
X-Scheme
CDCHOST
Vix-Hermes-Req-Id
Web-Mar-Node
Path
True-Client-Country-4JS
X-Block-Status
V-Age
X-Cache-Expires
Server-Ext
X-BBXSRF
X-BBC-Edge-Cache-Status
Release
Thinkindot-Control
FNAC-ModuleRouting
X-Cache-Info
X-ServedByHost
X-SVT-ORM-VERSION
X-StackifyID
X-Origin-Time
X-Origin-TTL
X-Origin-Expires
X-Origin-CC
X-Instart-Info
X-Node-Id
X-Gen-Mode
X-Nyt-Route
X-SVT-ORM-RULES
X-SRCache-Key
X-SD-PageType
X-Sigma-Backend
X-Server-IP
X-Sigma
X-Rocket-Build-Number
X-Response-By
Thinkindot-CacheControl-Type
X-Request-URI
X-SIPLIST1
X-Nginx-Cache-Key
X-Li-Proto
X-Goog-Meta-Goog-Reserved-File-Mtime
X-GeoIP-City
X-Matched-Rule
X-Traceid
X-Hnp-Log
X-Thinkindot-L3
X-Loc
X-Dynatrace
CountryCode
Server-Ttl
X-Azure-Ref-OriginShield
X-Generated-In
X-Geo-Region
X-Served-From
Powered-By
X-Sn-Servicetimems
X-TH-Server
X-Parent-Response-Time
X-Trace-Id
X-Akamai-Pragma-Client-IP
D-Cc-Upstream
X-Cc-Req-Id
Cache-Key
X-Cdn-Origin
X-B3-SpanId
X-Cc-Via
X-NodeID
X-Swa-Ws
X-Var-Ttl
X-Device-Os
X-Fetched-On
X-Via-PopN
X-RAMCache
HitType
Cache-Provider
X-Via-PopV
X-Cache-Spec
X-Lb-Id
Kp-EeAlive
Cache-Host
X-Via-PopH
Pramga
X-No-Cache
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Pf-Uncompressing
X-MiniProfiler-Ids
X-TrackingId
X-VC-Cache
X-Generated
Cf-Device-Type
BehaviorPad-Version
X-Agile-Brick-Ok
X-ServiceProvider
Fastcgi-Cache-TTL
X-LiteSpeed-Tag
X-Batcache
X-Request-URL
X-ElasticPress-Query
X-WA
X-Tt-Logid
Tcn
Who
X-RateLimit-Limit
Xet-Cookie
X-HostName
X-PJAX-URL
X-Yottaa-OS
Req-Svc-Chain
X-Varnish-Beresp-TTL
Source
Dnion-Transfer-Encoding
Cf-Alt-Svc
X-Selected-Name
X-Selected-Scheme
X-Selected-Host-Header
X-App
Pragrma
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
Inserted-Into-Cache-At
Mime-Version
X-B3-Parentspanid
X-Snapshot-Date
X-BBC-Origin-Response-Status
X-Dw-Trace-Id
X-Proxy-Cachei7
PICS-Label
X-Vgn-Hpd-Reason
X-C
X-Apw-Access-Object
X-Apw-Access-Token
Resin-Trace
Vha6-Origin
X-Apw-Hits
X-Apw-Access-Action