Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-Cache-Status
Accept-Ranges
Pragma
Link
X-Powered-By
ETag
X-XSS-Protection
Expect-CT
CF-RAY
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-UA-Compatible
X-Amz-Cf-Id
X-Cache-Hits
P3P
Alt-Svc
X-Served-By
CF-Ray
X-Timer
X-Download-Options
X-Xss-Protection
X-Varnish
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Check
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Request-ID
X-Cache-Status
X-Generator
X-Cacheable
X-Kinja-Server-Push
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Iinfo
P3p
X-Content-Security-Policy
Status
Content-Encoding
X-CDN
X-AspNetMvc-Version
Upgrade
X-Envoy-Upstream-Service-Time
X-Drupal-Dynamic-Cache
Access-Control-Max-Age
Access-Control-Expose-Headers
Keep-Alive
X-Via
X-Ws-Request-Id
Feature-Policy
X-Age
X-Cache-Group
X-Server
X-Backend
X-Amz-Request-Id
X-Hacker
X-Amz-Id-2
X-Robots-Tag
Request-Context
X-UA-Device
X-AH-Environment
X-Proxy-Cache
EagleId
X-Turbo-Charged-By
X-Server-Powered-By
X-Dns-Prefetch-Control
Server-Timing
X-Nginx-Cache-Status
Grace
Host-Header
X-Template
Report-To
X-Language
X-Rq
Xkey
X-Page-Speed
X-Varnish-Cache
X-Ua-Compatible
X-OneAgent-JS-Injection
X-Pingback
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
Cf-Railgun
X-LiteSpeed-Cache
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Amz-Version-Id
X-Vhost
X-Buckets
X-Host
X-WebKit-CSP
X-Backend-Server
NEL
X-Server-Id
X-Dispatcher
X-Device
Surrogate-Control
Accept-CH-Lifetime
X-Node
Request-Id
X-Ruxit-JS-Agent
Accept-CH
Content-Location
EagleEye-TraceId
X-Response-Time
X-Akam-SW-Version
X-Cache-Lookup
X-Origin-Cache
X-Ac
Allow
X-Readtime
X-Country
Rating
X-Mod-Pagespeed
X-HW
X-Cloud-Trace-Context
X-Application-Context
X-ORACLE-DMS-ECID
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Edge-Control
Pinterest-Generated-By
X-MS-InvokeApp
X-ORACLE-DMS-RID
X-CST
X-PC
X-Vname
X-TtlSet
X-Cnection
X-Country-Code
X-DataDome
X-Varnish-TTL
X-ASPNET-VERSION
X-GitHub-Request-Id
X-Content-Type
X-FastCGI-Cache
X-D2id
X-Clacks-Overhead
X-Trace
Response
Display
X-Middleton-Display
X-Middleton-Response
X-Sol
Pagespeed
X-Server-Name
MS-Author-Via
X-TTL
Pinterest-Version
X-Pinterest-Rid
X-Origin-Upstream-Status
X-ESI
X-B3-TraceId
X-Url
X-Vcap-Request-Id
X-Px
X-Rack-Cache
X-Abt-Application-Version
Fusion-Content-Source
Fusion-Source
X-Navigation-Version
Fusion-Content-Id
Fusion-Template-Id
Fusion-Deployment-Id
Fusion-Component-Id
Service-Worker-Allowed
Verso
Arr-Disable-Session-Affinity
X-Client-IP
X-Cache-TTL
X-Cached
X-Webkit-CSP
X-Element-Page-Cache
X-Dw-Request-Base-Id
X-FTR-Request-ID
X-Fastly-Request-ID
X-DynaTrace
SPRequestGuid
X-SharePointHealthScore
X-VARITI-CCR
X-Kinja-Build
X-Kinja
X-Exp-Variant
X-GoogleNews-Bot
X-Exp-Id
X-Kinja-Revision
X-Use-Magma
X-Kinja-Server
X-Cdn-Fetch
X-Goog-Hash
X-Powered-By-Plesk
X-Upstream
X-NF-Request-ID
Fastly-Restarts
X-Pinterest-Direct
AR-CACHE
AR-Request-ID
AR-ATIME
AR-PoweredBy
Ar-Sid
X-Debug
SPIisLatency
Content-MD5
SPRequestDuration
X-MSEdge-Ref
X-Forwarded-Proto
X-Powered-CMS
Access-Control-Request-Method
X-Release
X-Version
X-Amz-Rid
X-XRDS-Location
X-T
X-Jurisdiction
S
X-Edge
X-Content-Digest
TCN
RTSS
TP-Cache
TP-L2-Cache
Public-Key-Pins
X-Ezoic-Cdn
Cache-Tag
X-Litespeed-Cache
X-Cache-Key
Front-End-Https
X-Mid
X-MCACHE
X-Node-Name
Server-Node
X-Mg-S
X-Yandex-Sdch-Disable
X-Amz-Server-Side-Encryption
X-HP-Webp
X-Request-Received
Fastcgi-Cache
X-Request-Processing-Time
Mrf-Cache-Status
X-B3-TraceId-Primal
MRF-Tech
X-Recruiting
X-SRCache-Fetch-Status
X-PressLabs-Stats
X-SRCache-Store-Status
X-Accel-Expires
X-Amzn-Trace-Id
X-Grace
X-Ser
X-Kinsta-Cache
Accept-Ch
X-Microsite
X-Request-Handler-Origin-Region
MicrosoftSharePointTeamServices
X-NWS-LOG-UUID
X-Origin-Server
X-Varnish-Age
X-Ttl
Accept-Charset
X-DIS-Request-ID
X-Logged-In
ServerID
Edge-Cache-Tag
Host
X-Page-Id
Nginx-Cache
X-Shield-Request-Id
X-Content-Security-Policy-Report-Only
X-ECACHE
Powered-By-ChinaCache
X-Cache-Hit
X-Forwarded-For
X-Ratelimit-Remaining
X-Server-ID
X-Hits
Cache-Tags
X-F-Cache
X-LB-Cache
X-B
Cleartype
X-Hostname
X-Respond-Thread
X-Mobile-URL
X-AppVersion
X-Activity-Id
X-Az
X-Aspnetmvc-Version
X-Git-Hash
X-N
X-Upgrade-Enabled
Realpath
X-Cached-By
X-Amz-Meta-S3cmd-Attrs
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Content-Options
X-Cache-Age
Alternate-Protocol
DynaTrace
X-Type
X-Rid
X-Ratelimit-Limit
X-Load-Cache
Paypal-Debug-Id
X-App-Environment
X-Varnish-Backend
X-Request-Guid
Access-Control-Allow-Method
X-Jobs
X-Oneagent-Js-Injection
Fastcgi-Useragent
X-FTR-Backend
X-Country-Code-Real
X-FTR-DC
X-FTR-Realm
X-FTR-Balancer
X-FTR-Cache-Status
X-FTR-Backend-Server
X-FTR-Expires
X-Seen-By
X-WebKit-CSP-Report-Only
X-Proxy
Charset
X-HS-Content-Id
X-HS-Cache-Config
X-HS-Hub-Id
X-HS-Combine-CSS
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-Goog-Generation
X-GUploader-UploadID
X-B3-Sampled
X-Zen-Fury
X-VCache
X-Akamai-Edgescape
Filters
X-IPLB-Instance
X-FireWall-Port
X-FB-Debug
X-B-Cache
X-Signature
Healthy
MS-CV
X-Whom
X-Mobile
Viewport
X-Debug-Info
Filterid
X-Varnish-Grace
X-Daa-Tunnel
X-AOL-HN
X-Host-Name
DC
X-Region
X-Geo-Country
X-User-Agent
AMP-Access-Control-Allow-Source-Origin
Liferay-Portal
X-TEC-API-ORIGIN
X-Correlation-ID
Payment
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Response-Served-From
X-Frontend
X-Original-Request-Id
X-Accel-Buffering
X-Cache-Operation
X-Cache-Rule
X-URL
X-Tec-Api-Version
X-Tec-Api-Root
X-Tec-Api-Origin
X-Id
Accept-Ch-Lifetime
X-HTML-Minification-Powered-By
X-App-Server
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-UUID
X-Tumblr-User
Surrogate-Key
X-Tumblr-Pixel-0
X-Amz-Replication-Status
X-Instance
X-Tumblr-Pixel
X-Distributor
X-FW-Static
X-FW-Dynamic
X-FW-Server
X-FW-Hash
X-FW-Serve
X-FW-Type
X-Rule
X-Cache-Time
Refresh
CACHE
X-Protected-By
X-Cacheable-TTL
S-Cnection
X-Content-Powered-By
Section-Io-Cache
X-Acc-Debug-Context
X-Cache-Expired-At
X-Via-JSL
Version
X-Rendered-As
X-Wix-Request-Id
X-Is-Bot
X-Cache-Action
X-Hyper-Cache
GEO-INFO
Nel
X-Sucuri-ID
X-Backend-Name
X-XRDS-LOCATION
Content-Disposition
Server-Name
X-Amz-Apigw-Id
X-Ua
X-Amzn-RequestId
X-Ah-Environment
X-Air-Hostname
Retry-After
PB-PID
X-Endurance-Cache-Level
X-Cache-Server
PB-RID
Arc-Version
X-Pinterest-Sli-Response-Type
X-Correlation-Id
X-Pinterest-Sli-Endpoint-Name
X-Pinterest-Sli-Latency-Threshold
X-Source
X-Real-IP
X-Framework
Datacenter
Eomportal-Instance
X-RemovedCookies
Webserver
X-L-Path
X-ProcessESI
X-Environment-Context
X-Unique-Id
X-Sucuri-Cache
Referer-Policy
X-Yottaa-Optimizations
X-EdgeConnect-Cache-Status
X-Yottaa-Metrics
X-Revision
X-Cache-Spec
X-App-Version
X-Drupal-Cache-Contexts
Frame-Options
X-RTag
Ms-Operation-Id
Countrycode
X-Drupal-Cache-Tags
X-Varnish-Server
X-RN-RSRV
X-TIME
X-Cache-Control
X-Cache-Var
NGB
X-Providence-Cookie
X-Flags
X-Aspnet-Duration-Ms
X-ES-SERVER
X-Route-Name
X-Is-Crawler
X-Proxy-Cache-Status
Meta-Geo
X-Cache-Var-Map
X-WA-Info
X-BYPASS-REASON
Akamai-Age-Ms
X-ProxyCache-Key
X-ProxyCache-Status
X-Mode
X-Hl-Ver
Cache-Tv-Group
X-Cache-Host
X-Time-Microsecs
X-R9-Blue-Green-Version
X-Qloud-Router
X-Xfnlog-Site
X-GeoIP
X-Amzn-Remapped-Content-Length
X-LJ-Flow-ID
X-No-Session
X-NYM-Debug-Backend
X-Labrador-Cache-Channel
X-Human
X-FW-Version
X-Handled-By
X-OCL
X-Origin-Hint
X-ServerID
X-Server-W
X-Redis-Cache
X-VWS-Id
X-Proto
X-PCL
X-PHP-Host
X-Cluster
X-Cache-TTL-Remaining
Property-Id
TWC-Connection-Speed
TWC-Device-Class
Mn-Server-Ip
Ec-Rule-Version
Cross-Origin-Window-Policy
DB-Nickname
TWC-GeoIP-Country
TWC-GeoIP-LatLong
X-AWS-Id
X-Be
Webcakes-App-Version
Webcakes-App-Name
TWC-Locale-Group
TWC-Privacy
X-Contextid
Webcakes-Region
X-DynaTrace-JS-Agent
X-Azure-Ref
X-NewRelic-App-Data
X-Via-Fastly
X-Status
X-TNCMS
X-CDN-Forward
X-Proxy-Build
X-Site-Version
Selected-Fe
X-Routing-Service
X-Format
X-Access
X-FB-TRIP-ID
X-Hosted-By
X-Locale
X-Timing-Wait
X-Proxied
X-Loop
X-Section
X-Zipkin-Id
X-Adobe-Content
X-From
X-Detected-As
X-Adobe-Loc
X-TT
X-LLID
FSS-Cache
X-AIR-PT
Uber-Trace-Id
Cf-Bgj
X-Tt-Trace-Host
X-Tt-Trace-Tag
Upgrade-Insecure-Requests
X-Device-Type
X-Cache-PHP
X-Debug-Cache
X-Generated-By
VIX-Pulpo-Node
X-ATG-Version
VIX-Pulpo-Upstream-Status
X-Ratelimit-Reset
X-BCube-Filmed-By
X-NC
X-PHP-Backend
Azure-Version
Azure-SlotName
Azure-InstanceId
Azure-SiteName
Azure-RegionName
Access-Control-Request-Headers
X-Varnish-Cache-Hits
X-UPSTREAM-Address
X-CSRF-Token
X-Page-View
OT-Force-Account-Verify
From-Origin
X-NCache
X-Akamai-Transformed
X-CCM
X-Adobe-Source
SD-X-WS
Cache-Status
X-GoCache-CacheStatus
X-Oss-Server-Time
X-Oss-Storage-Class
X-Oss-Object-Type
X-Origin
X-Backend-TTL
X-Cache-2
X-Oss-Hash-Crc64ecma
X-Oss-Request-Id
X-Cluster-Name
X-G
X-APP-VERSION
CF-Cached-On
SRV
X-LAGOON
X-Varnishpool
X-ApacheServer
X-Shopify-Stage
X-Sorting-Hat-PodId
X-Alternate-Cache-Key
X-ShardId
X-ShopId
Country
X-Storefront-Renderer-Rendered
X-Cache-Grace
X-PERF
X-Pubstack
X-Sorting-Hat-ShopId
X-Forwarded-Host
X-Soup
X-SayCDN-TTL
Decoy-Debug-Key
Fastly-SSL
X-Say-TTL
Decoy-Debug-TTL
X-Say-Cacheable
X-Storage
Decoy-Debug-Status
X-Backend-Host
X-Esi
X-ID
X-Web-Node
X-FTR-Cache-Host
X-JoinUs
X-SaId
Node
X-ECache
Cache
Powered
X-Via-CDN
X-GEO
X-Ruxit-Js-Agent
X-IP
X-TX-ID
X-Time
X-EC-Lua
X-Viewer-Country
X-A
Rendered-Blocks
X-Vdms-Path
Mobile-Detection-Method
Meta-Geo-Continent
DCR-Processing-Time-Ms
X-Vtex-Processado-Em
X-VG-WebServer
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
X-VG-WebCache
Apple-News-Services-Handled
Machine
MD5-Digest
Host-ID
Fastcgi-X-Cache-Version
DCR-Decision-By
X-Vdms-Version
X-Application
X-Connection-Hash
X-Worker
X-D
X-Request-UUID
X-Rewrite-Enabled
X-A-Ccd
X-CF-Lambda-Version
Xc-Version
X-RCS-CacheZone
X-PAYTM-SRV-ID
X-Cache-Enabled
X-External-Request-Id
X-PBS-Appsvrname
X-Processor
X-Destination
X-S
X-Rojux
X-A-Wwc
X-Aed
X-CF-Lambda-Fn
X-A-Dgt
X-A-Dcw
X-B3-Spanid
X-A-Dam
X-Session-Fingerprint
X-Trv-Group
X-S-Cookie
X-B-Cookie
X-Vtex-Remote-Cache
X-ARC
X-ScT
X-Cache-NE
X-Cache-Config
X-Tumblr-Pixel-3
X-WADP-Cache
Gh-Request-Id
Adler-Geo
X-Auto-Login
X-Varnish-Remaining-TTL
X-DefHash
X-Platform-Server
X-DPWN-IS-SECURE
X-DefElseHash
X-CUA
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Core-Value
X-Envoy-Decorator-Operation
X-Platform
X-Irp-Debug
X-Micro-Cache
X-Microcachable
X-Ms-Request-Id
X-Generation-Time
X-Fastly-Cache
X-Ms-Version
X-Fmm-Version
X-Cms-Context
X-Clara-WADP
CDN-Uid
CloudFront-Viewer-Country
Fastly-SIE
CDN-RequestId
CDN-RequestCountryCode
CDN-CachedAt
CDN-EdgeStorageId
CDN-PullZone
Fastly-SWR
X-VG-TLSProxy
X-Variation
X-Servername
X-Cache-Debug
X-Varnish-CookieHashed-On
X-Varnish-CookieINHashed-On
Is-Eu
Platform
CDN-Cache
X-Cache-Bucket
X-IPS-LoggedIn
X-B3-Traceid
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
Backend
PFcat
X-Method
X-Skip-Cache
X-NWS-UUID-VERIFY
NM-Fastcgi-Cache
X-Location
X-Dispatcher-Server
Pagetype
Origin
HA-Ipaddr
X-Varnish-Beresp-Ttl
X-Varnish-Cacheable
X-Esi-Check
X-VarnishDD-TTL
Fastly-Backend-Name
X-Varnish-Beresp-Status
Rt-Fastcgi-Cache
Ha-Gx-Prefs
X-LI-UUID
X-Varnish-Beresp-Grace
L5d-Success-Class
Wxu-Next-Commit
X-Csrf-Jwt
X-Cache-Tags
X-OVcl
X-Cache-Id
X-Varnish-Ttl
X-PF-Uncompressing
X-OVcl-Cache
X-Owner
X-CGP
X-Cache-Date
X-Cache-Backend
Wxu-Next-Region
Wxu-Next-Hostname
X-Eu-Site
X-Developers
X-Mvc-Supplant-Cachable
X-Reqid
X-Branch-Name
X-Old-Content-Length
X-Backend-State
X-Is-Gdpr
L
X-Request-Host
X-Request-Start
X-Thanos
X-Policy
X-Clientip
Akamai-GRN
AKAMAI
X-Cache-NGX
X-Li-Pop
X-Generated-On
X-HS-Content-Campaign-Id
X-Level-Front-Cache
X-JWT-State
X-HN
X-Has-Esi
X-Li-Fabric
X-Geo-Header
X-Gzip
X-Bip
X-SN
X-Cache-Remote
CacheControlHeader
C-Via
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-Webstats-RespID
X-Fastly-Backend
X-Bc-Bl
X-Refresh
X-Slack-Backend
X-Hash
X-Render-Time
X-Sql-Count
X-Gamma-Serve
Fastly-Drupal-HTML
X-Sql-Duration-Ms
X-COUNTRY
X-Core-Mission
X-Content-Age
X-Transaction
X-Twitter-Response-Tags
UCS
XServer
FSS-Proxy
X-Wa
X-UA
X-EIG-Tracking-Id
X-Minions-Version
X-Aicache-OS
X-NODE
X-CS
X-Www-Served-By
X-DC
X-NU-AKA-ACS-Version
X-Fastcgi-Cache
X-Dc
Country-Code
X-SRV
X-Amz-Meta-Cb-Modifiedtime
X-S-Maxage
Cache-Hits
X-Ftr-Cache-Host
X-Date
NGX
X-Mvc-Supplant-OutputCached
Protected
X-Accel-Expires-Debug
X-RateLimit-Remaining
Surrogated-Key
Hostname
X-Check-Cacheable
X-NGENIX-Cache
X-TA-CDN-Provider
X-Via-Poph
X-Via-Popn
X-Vgn-Hpd-Variations-Key
We-Hiring
X-Servedbyhost
X-Edge-Location
Mail-Subject
X-LI-Proto
X-Up
X-Debug-Cache-Fetch
X-Req
X-Debug-Cache-Store
X-Vgn-Hpd-Cached
X-FPC
Ufe-Result
Edge-Copy-Time
X-LB-ID
Memcached
X-Svr
X-Via-Edge
ServedBy
On-Server
X-Via-SSL
X-Ua-Device
Group
X-Cache-URL
X-Cdn-Srv
X-Proxy-Upstream
X-CACHE-AGE
HostName
Geoip-Latitude
GeoIp-Country-Code
X-Nginx-Cache
X-Varnish-Hostname
Time
X-Request-Time
Now
X-Presslabs-Stats
X-Hp-Webp
X-Webkit-Csp
X-Cs
T-Server
X-Pass-Why
X-NGINX-Cache
X-Agile
X-BC
X-Agile-Age
X-Agile-Id
X-Erf-Stays-Bingo-Pdp-Web
X-ZONE
X-VCL-Version
X-CSRF-TOKEN
X-Uri
Pics-Label
Server-Host
Section-Io-Id
X-Acc-Rdl
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
N-Cache
Section-Io-Origin-Status
WZWS-RAY
X-Cluster-Node
X-UnsetCookies
X-Varnish-Hits
X-LiteSpeed-Cache-Control
X-MP-GENERATED-AT
X-Oracle-Dms-Rid
X-Datadome
Magicmarker
M-TraceId
X-SB
X-VC
X-Cdn-Forward
X-Dynatrace
X-TT-LOGID
SID
Ohc-File-Size
X-Bc
X-Zone
X-Dynatrace-Js-Agent
X-CF-Powered-By
X-Srv
X-HS-Status
DSUID
X-Info
Xserver
Ohc-Cache-HIT
NtCoent-Length
X-FORWARDED-FOR
Cache-Name
X-UA-Device-Type
X-Via-Popv
ProcessTime
Apigw-Requestid
Arc-Country
X-We-Are-Hiring
X-APP
User-Agent
Odigeo-Trace-Id
X-Origin-Date
User-Cache-Control
X-Via-Ucdn
Viewtype
Cdn-Host
Processtime
X-MSEdge-Features
X-MSEdge-Flight
VivaBuild
Tracecode
X-Edge-Server
W
Sid
Cdn-Request-Time
Cteonnt-Length
LB
CF-IPCountry
X-RunCloud-Cache
Ssr
S-Rt
Memory
X-Action
Srv
CountryCode
X-Magnolia-Registration
X-HOST
WWW-Authenticate
Lfy
CDN
Server-Info
X-Oss-Cdn-Auth
X-DB
X-Tb
X-DW
X-RPM
X-RSL
X-DSS
X-RPS
X-DI
X-Fastly-Request-Id
X-HITS
X-Thinkindot-L3
X-BBXSRF
X-Vcl-Version
X-Cache-Expires
Amp-Access-Control-Allow-Source-Origin
X-SD-PageType
X-Cache-Hm
X-SVT-ORM-RULES
X-Cache-Info
X-Cache-ASPX
X-Matched-Rule
X-Block-Status
X-Cc-Req-Id
X-SIPLIST1
True-Client-Country-4JS
X-Scheme
Thinkindot-Control
Thinkindot-CacheControl-Type
X-SRCache-Key
X-Pjax-Url
X-VServer
V-Age
Vix-Hermes-Req-Id
X-Cache-Hfrom
X-BBC-Edge-Cache-Status
Path
X-Cc-Via
X-API-Version
Web-Mar-Node
Server-Ext
X-Server-IP
Thinkindot-CacheControl
X-Origin-CC
X-Unique-ID
X-Nyt-Route
Locid
X-Origin-Expires
X-SVT-ORM-VERSION
X-User
Server-Hostname
D-Cc-Upstream
X-Nginx-Cache-Key
X-Vgn-Hpd-Ssi
X-Loc
Geo-Info
X-Hnp-Log
X-Node-Id
IsBot
X-Origin-Time
SR-User-Adfree
Sever-Int
X-Varnish-Url
X-Response-By
X-Gdpr
X-Gen-Mode
X-Developer
X-Request-URI
Instruction
X-Contensis-Viewer-Groups
MIME-Version
X-Varnish-Authentication
CDCHOST
X-Origin-TTL
X-Webkit-CSP-Report-Only
WebServer
X-Var-Ttl
Server-ID
X-Fastly-Country-Code
X-Swa-Ws
A
X-Generated-In
Pramga
X-Trace-Id
X-Newrelic-App-Data
X-GeoIP-City
X-Goog-Meta-Goog-Reserved-File-Mtime
Release
X-NodeID
X-Sn-Servicetimems
Cache-Host
X-Fetched-On
X-Azure-Ref-OriginShield
X-Newrelic-Synthetics
X-Cdn-Origin
X-Device-Os
X-CACHE-KEY
X-Hit
X-Geo
X-Traceid
X-FC-Vary-Parameters
X-Lb-Id
GeoIP-Country-Code
Lb
GeoIP-Latitude
X-Provided-By
X-Fpc
X-Browser-Type
X-Nc
Source
Cdn
Cf-Device-Type
X-Via-NSCOPI
X-Akamai-Request-ID2
X-Origin-Response-Time
X-Cache-Tag
X-ServedByHost
X-Via-PopV
X-Via-PopN
X-Via-PopH
X-Li-Proto
X-Envoy-Upstream-Healthchecked-Cluster
FNAC-ModuleRouting
X-Men
X-Epic-Correlation-Id
Expiry
X-Akamai-Pragma-Client-IP
X-SERVER-NAME
X-Sigma-Backend
X-Sigma
Cache-Key
X-Rocket-Build-Number
Kp-EeAlive
Accept-Language
X-Served-From
Server-Ttl
X-TH-Server
Url
X-Amzn-Remapped-Connection
X-Parent-Response-Time
X-Vgn-Hpd-Reason
X-Amzn-Remapped-Date
X-StackifyID
Esi-Enabled
Content-Script-Type
Cache-Provider
Content-Style-Type
X-No-Cache
X-WA
X-MiniProfiler-Ids
X-RateLimit-Remaining-Second
X-BBC-Origin-Response-Status
X-B3-Parentspanid
X-ServiceProvider
X-B3-SpanId
X-Key
X-Request-URL
X-Tt-Logid
X-VC-Cache
X-Yottaa-OS
X-RateLimit-Limit-Second
X-ElasticPress-Query
X-ORACLE-APMCS-REQUEST-ID
EpKe-Alive
Content-Secure-Policy
X-Agile-Brick-Ok
Req-Svc-Chain
X-Akamai-Request-ID
Actual-Object-TTL
Xkeyi7
X-Proxy-Cachei7
Location
X-Instart-Request-ID
Tcn
URI
BehaviorPad-Version
X-ND-Cache
X-TraceId
Who
X-PJAX-URL
Inserted-Into-Cache-At
X-HostName
X-Batcache
X-Apw-Access-Action
X-RateLimit-Limit
X-Apw-Hits
X-Apw-Access-Token
X-Apw-Access-Object
X-Varnish-Beresp-TTL
X-Mobile-Rewrite
X-Selected-Scheme
X-Selected-Host-Header
X-Selected-Name
Origin-Edge-Control
DataCenter
X-Litespeed-Cache-Control
X-TrackingId
X-Dispatch
Origin-Cache-Control
X-Snapshot-Date
Proxy-Firewall
Vha6-Origin
Xet-Cookie
X-Instart-Info
PICS-Label
Pragrma
X-C
Resin-Trace
Mime-Version
NnCoection