Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-Cache-Status
Accept-Ranges
Pragma
Link
X-Powered-By
ETag
X-XSS-Protection
Expect-CT
CF-RAY
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-UA-Compatible
X-Amz-Cf-Id
P3P
X-Cache-Hits
Alt-Svc
X-Served-By
CF-Ray
X-Timer
X-Download-Options
X-Varnish
Access-Control-Allow-Headers
X-Xss-Protection
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Check
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Request-ID
X-Cache-Status
X-Generator
X-Cacheable
X-DNS-Prefetch-Control
X-Kinja-Server-Push
Timing-Allow-Origin
X-Iinfo
X-Content-Security-Policy
P3p
Content-Encoding
Status
X-CDN
X-AspNetMvc-Version
X-Envoy-Upstream-Service-Time
Upgrade
X-Drupal-Dynamic-Cache
Access-Control-Max-Age
Access-Control-Expose-Headers
Keep-Alive
X-Via
X-Ws-Request-Id
Feature-Policy
X-Age
X-Cache-Group
X-Server
X-Backend
X-Amz-Request-Id
X-Hacker
X-Amz-Id-2
X-Robots-Tag
X-AH-Environment
X-UA-Device
Request-Context
X-Proxy-Cache
EagleId
X-Turbo-Charged-By
Server-Timing
X-Server-Powered-By
Grace
X-Nginx-Cache-Status
X-Dns-Prefetch-Control
Host-Header
Report-To
X-Template
X-Language
X-Rq
Xkey
X-Page-Speed
X-Varnish-Cache
X-Ua-Compatible
X-OneAgent-JS-Injection
X-Pingback
X-Swift-CacheTime
X-Swift-SaveTime
Cf-Railgun
Ali-Swift-Global-Savetime
X-LiteSpeed-Cache
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Amz-Version-Id
X-Vhost
X-Buckets
X-Host
X-WebKit-CSP
NEL
X-Backend-Server
X-Server-Id
X-Dispatcher
X-Device
Accept-CH-Lifetime
Surrogate-Control
X-Node
Accept-CH
Request-Id
X-Ruxit-JS-Agent
Content-Location
EagleEye-TraceId
X-Response-Time
X-Akam-SW-Version
X-Cache-Lookup
Allow
X-Origin-Cache
X-Ac
X-Readtime
X-Country
X-Mod-Pagespeed
Rating
X-HW
X-Application-Context
X-Cloud-Trace-Context
X-ORACLE-DMS-ECID
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Edge-Control
Pinterest-Generated-By
X-MS-InvokeApp
X-CST
X-ORACLE-DMS-RID
X-Cnection
X-PC
X-TtlSet
X-Vname
X-Country-Code
X-Varnish-TTL
X-DataDome
X-GitHub-Request-Id
X-Content-Type
X-ASPNET-VERSION
X-FastCGI-Cache
X-Clacks-Overhead
X-D2id
X-TTL
X-Trace
X-Server-Name
X-Middleton-Display
Response
Display
Pagespeed
X-Middleton-Response
X-Sol
MS-Author-Via
X-Pinterest-Rid
Pinterest-Version
X-ESI
X-Origin-Upstream-Status
X-Vcap-Request-Id
X-Px
X-Rack-Cache
X-Abt-Application-Version
Fusion-Content-Source
Fusion-Content-Id
Fusion-Deployment-Id
Fusion-Source
Fusion-Template-Id
X-Navigation-Version
Fusion-Component-Id
Service-Worker-Allowed
X-B3-TraceId
X-Url
Verso
Arr-Disable-Session-Affinity
X-Client-IP
X-Cache-TTL
X-Cached
X-Element-Page-Cache
X-Dw-Request-Base-Id
X-FTR-Request-ID
X-Webkit-CSP
X-Fastly-Request-ID
X-SharePointHealthScore
SPRequestGuid
X-DynaTrace
X-VARITI-CCR
X-Exp-Variant
X-Cdn-Fetch
X-GoogleNews-Bot
X-Kinja-Revision
X-Use-Magma
X-Kinja-Server
X-Kinja-Build
X-Kinja
X-Exp-Id
X-Powered-By-Plesk
X-Goog-Hash
X-Upstream
X-NF-Request-ID
X-Pinterest-Direct
Fastly-Restarts
AR-CACHE
AR-Request-ID
AR-ATIME
AR-PoweredBy
SPRequestDuration
X-Debug
Ar-Sid
SPIisLatency
X-MSEdge-Ref
Content-MD5
X-Forwarded-Proto
X-Powered-CMS
X-Amz-Rid
X-Release
Access-Control-Request-Method
X-XRDS-Location
X-Version
X-Jurisdiction
X-T
S
X-Edge
X-Content-Digest
TCN
RTSS
Public-Key-Pins
TP-Cache
TP-L2-Cache
X-Ezoic-Cdn
Cache-Tag
X-Cache-Key
Front-End-Https
X-Litespeed-Cache
X-Mid
X-MCACHE
X-Mg-S
X-Amz-Server-Side-Encryption
Server-Node
X-Node-Name
X-Yandex-Sdch-Disable
X-HP-Webp
Fastcgi-Cache
X-Request-Received
X-Request-Processing-Time
MRF-Tech
Mrf-Cache-Status
X-Recruiting
X-B3-TraceId-Primal
X-SRCache-Fetch-Status
X-PressLabs-Stats
X-SRCache-Store-Status
X-Amzn-Trace-Id
X-Accel-Expires
X-Grace
X-Kinsta-Cache
X-Ser
MicrosoftSharePointTeamServices
X-Microsite
X-Request-Handler-Origin-Region
Accept-Ch
X-Origin-Server
X-Varnish-Age
X-NWS-LOG-UUID
Accept-Charset
X-DIS-Request-ID
Edge-Cache-Tag
ServerID
X-Ttl
X-Content-Security-Policy-Report-Only
X-Logged-In
Nginx-Cache
X-Shield-Request-Id
Host
X-Page-Id
X-ECACHE
X-Forwarded-For
Powered-By-ChinaCache
X-Hits
X-Ratelimit-Remaining
Cache-Tags
X-Cache-Hit
X-F-Cache
X-Hostname
X-LB-Cache
X-Respond-Thread
X-Server-ID
X-AppVersion
X-Mobile-URL
X-Activity-Id
X-B
Cleartype
X-Az
X-Git-Hash
X-N
X-Upgrade-Enabled
X-Amz-Meta-S3cmd-Attrs
Realpath
X-Cached-By
X-Cache-Age
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Aspnetmvc-Version
X-Content-Options
X-Type
X-Load-Cache
X-Rid
Alternate-Protocol
X-Request-Guid
Paypal-Debug-Id
X-App-Environment
DynaTrace
X-Ratelimit-Limit
X-Varnish-Backend
Fastcgi-Useragent
X-Country-Code-Real
Access-Control-Allow-Method
X-FTR-Backend
X-FTR-Balancer
X-FTR-Realm
X-FTR-DC
X-FTR-Cache-Status
X-FTR-Backend-Server
X-Jobs
X-WebKit-CSP-Report-Only
X-FTR-Expires
Charset
X-Seen-By
X-Oneagent-Js-Injection
X-HS-Content-Id
X-HS-Cache-Config
X-Proxy
X-HS-Hub-Id
X-HS-Combine-CSS
X-B3-Sampled
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-GUploader-UploadID
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Goog-Generation
X-Zen-Fury
X-Akamai-Edgescape
X-VCache
X-IPLB-Instance
Filters
X-URL
Healthy
X-B-Cache
MS-CV
X-Debug-Info
X-Signature
X-Mobile
X-Whom
Viewport
X-FireWall-Port
X-FB-Debug
X-Host-Name
X-AOL-HN
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
DC
X-Varnish-Grace
AMP-Access-Control-Allow-Source-Origin
X-Daa-Tunnel
X-Region
X-Geo-Country
X-User-Agent
Payment
Filterid
Liferay-Portal
X-Original-Request-Id
X-Response-Served-From
X-Accel-Buffering
X-Frontend
X-Cache-Operation
X-Cache-Rule
X-Amz-Replication-Status
X-HTML-Minification-Powered-By
X-Tumblr-Pixel-0
CACHE
X-Tumblr-Pixel
Surrogate-Key
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-UUID
X-Correlation-ID
X-Tumblr-User
X-Distributor
X-Instance
X-Rule
X-FW-Static
X-FW-Type
X-FW-Dynamic
X-Cache-Time
X-FW-Serve
X-FW-Hash
X-App-Server
X-FW-Server
X-Tec-Api-Origin
X-Tec-Api-Root
X-Tec-Api-Version
S-Cnection
Accept-Ch-Lifetime
X-Cacheable-TTL
Section-Io-Cache
X-Id
Refresh
X-Protected-By
X-Via-JSL
X-Cache-Expired-At
X-Content-Powered-By
X-Cache-Spec
Version
X-Cache-Action
X-Wix-Request-Id
GEO-INFO
X-Acc-Debug-Context
X-Hyper-Cache
X-Backend-Name
X-Rendered-As
X-Is-Bot
Server-Name
X-Sucuri-ID
Content-Disposition
Retry-After
Nel
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Ua
X-Correlation-Id
X-XRDS-LOCATION
X-Air-Hostname
X-Ah-Environment
X-Cache-Server
X-Endurance-Cache-Level
PB-RID
PB-PID
X-Source
Arc-Version
X-Framework
Webserver
X-L-Path
X-RemovedCookies
X-Environment-Context
X-Unique-Id
X-ProcessESI
X-Real-IP
X-Revision
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-EdgeConnect-Cache-Status
X-Drupal-Cache-Contexts
Referer-Policy
Ms-Operation-Id
X-RTag
Eomportal-Instance
X-Pinterest-Sli-Response-Type
X-Pinterest-Sli-Endpoint-Name
X-Pinterest-Sli-Latency-Threshold
X-Sucuri-Cache
Datacenter
Frame-Options
X-App-Version
X-TIME
X-Flags
X-Is-Crawler
X-Providence-Cookie
X-Route-Name
X-Aspnet-Duration-Ms
X-Drupal-Cache-Tags
Countrycode
X-Cache-Var-Map
X-LLID
X-Cache-Control
X-RN-RSRV
Meta-Geo
X-Cache-Var
X-Proxy-Cache-Status
X-ProxyCache-Key
X-BYPASS-REASON
X-Mode
X-ProxyCache-Status
X-Varnish-Server
X-Hl-Ver
X-Xfnlog-Site
X-Qloud-Router
X-Cache-Host
Cache-Tv-Group
X-WA-Info
X-R9-Blue-Green-Version
X-Time-Microsecs
X-ES-SERVER
X-NYM-Debug-Backend
X-No-Session
X-OCL
X-Proto
X-Origin-Hint
Webcakes-App-Version
TWC-Privacy
Property-Id
X-Human
Webcakes-App-Name
X-PCL
X-LJ-Flow-ID
X-Cluster
TWC-GeoIP-LatLong
TWC-Locale-Group
TWC-GeoIP-Country
TWC-Device-Class
TWC-Connection-Speed
X-Server-W
X-Handled-By
X-AWS-Id
X-Labrador-Cache-Channel
X-PHP-Host
X-Be
X-VWS-Id
X-Amzn-Remapped-Content-Length
X-Redis-Cache
Mn-Server-Ip
X-ServerID
Ec-Rule-Version
X-Contextid
X-FW-Version
Webcakes-Region
X-DynaTrace-JS-Agent
NGB
X-GeoIP
X-Cache-TTL-Remaining
X-Access
DB-Nickname
X-FB-TRIP-ID
X-CDN-Forward
X-Format
X-Site-Version
X-Via-Fastly
X-Zipkin-Id
X-Section
X-Routing-Service
X-Locale
X-Proxied
X-Adobe-Loc
Akamai-Age-Ms
X-Azure-Ref
X-Adobe-Content
X-Status
X-Loop
X-Hosted-By
X-TNCMS
X-TT
X-Tt-Trace-Tag
X-Tt-Trace-Host
Cross-Origin-Window-Policy
X-NewRelic-App-Data
X-Detected-As
X-From
X-Proxy-Build
Selected-Fe
X-AIR-PT
X-Timing-Wait
Upgrade-Insecure-Requests
VIX-Pulpo-Node
Cf-Bgj
VIX-Pulpo-Upstream-Status
Uber-Trace-Id
FSS-Cache
X-Device-Type
X-Debug-Cache
X-Generated-By
X-ATG-Version
X-NC
X-BCube-Filmed-By
X-Cache-PHP
Azure-Version
Azure-SiteName
Azure-SlotName
Azure-RegionName
Azure-InstanceId
X-Ratelimit-Reset
X-UPSTREAM-Address
X-PHP-Backend
Access-Control-Request-Headers
X-Varnish-Cache-Hits
X-Page-View
X-ID
X-CSRF-Token
From-Origin
Cache-Status
X-B3-Traceid
X-Akamai-Transformed
X-NCache
X-CCM
X-Adobe-Source
SD-X-WS
SRV
X-Backend-TTL
X-GoCache-CacheStatus
X-G
X-APP-VERSION
OT-Force-Account-Verify
X-Origin
X-LAGOON
X-Oss-Storage-Class
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Oss-Request-Id
X-Cluster-Name
X-Oss-Server-Time
X-Pubstack
Country
X-ApacheServer
X-PERF
X-Cache-Grace
X-Forwarded-Host
X-Varnishpool
X-Soup
Decoy-Debug-Status
Decoy-Debug-TTL
X-Storage
X-SayCDN-TTL
Decoy-Debug-Key
X-Cache-2
X-Say-Cacheable
Fastly-SSL
X-Web-Node
X-Say-TTL
CF-Cached-On
X-Backend-Host
X-Alternate-Cache-Key
X-Shopify-Stage
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
Node
X-ShardId
X-Storefront-Renderer-Rendered
X-ShopId
X-GEO
X-Via-CDN
X-FTR-Cache-Host
X-Esi
X-SaId
X-JoinUs
X-B3-Spanid
X-ECache
Cache
X-IP
X-Viewer-Country
X-TX-ID
X-Ruxit-Js-Agent
Powered
X-Vdms-Path
X-A-Dgt
Mobile-Detection-Method
X-Vdms-Version
X-A-Dam
X-A-Ccd
X-Vtex-Remote-Cache
X-D
X-Cache-NE
X-CF-Lambda-Fn
X-Connection-Hash
X-CF-Lambda-Version
X-Destination
Rendered-Blocks
X-External-Request-Id
X-VG-WebServer
X-Vtex-Processado-Em
X-A-Wwc
X-A
X-VG-WebCache
Apple-News-Services-Host
X-Application
X-S-Cookie
Meta-Geo-Continent
X-ScT
X-Worker
X-A-Dcw
X-Processor
X-RCS-CacheZone
X-Cache-Enabled
X-Request-UUID
X-Rewrite-Enabled
X-Rojux
X-S
X-Session-Fingerprint
Xc-Version
Machine
Host-ID
X-B-Cookie
Fastcgi-X-Cache-Version
X-Aed
MD5-Digest
DCR-Decision-By
Apple-News-Services-Handled
Apple-News-Services-Request-Url
X-Trv-Group
X-PBS-Appsvrname
Apple-News-Services-Parsed-Url
DCR-Processing-Time-Ms
X-PAYTM-SRV-ID
X-EC-Lua
X-Cache-Config
X-Time
X-Tumblr-Pixel-3
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-ARC
X-Cache-Debug
X-Clara-WADP
X-Cache-Bucket
Gh-Request-Id
CDN-PullZone
Is-Eu
X-Platform
X-Platform-Server
X-Rebelmouse-Cache-Control
X-IPS-LoggedIn
CDN-EdgeStorageId
X-Ms-Request-Id
X-Ms-Version
CDN-Cache
CDN-CachedAt
X-Rebelmouse-Surrogate-Control
CDN-RequestCountryCode
X-VG-TLSProxy
X-Varnish-Remaining-TTL
X-WADP-Cache
CloudFront-Viewer-Country
X-Cache-Remote
X-Varnish-CookieINHashed-On
X-Varnish-CookieHashed-On
X-Servername
CDN-RequestId
X-Variation
CDN-Uid
X-Cms-Context
X-Microcachable
X-DPWN-IS-SECURE
X-Envoy-Decorator-Operation
X-Micro-Cache
Platform
X-DefHash
X-Core-Value
X-CUA
X-DefElseHash
X-Fmm-Version
X-Fastly-Cache
Fastly-SIE
Fastly-SWR
Adler-Geo
X-Irp-Debug
X-Generation-Time
Wxu-Next-Region
Wxu-Next-Commit
L
Wxu-Next-Hostname
HA-Ipaddr
L5d-Success-Class
Pagetype
Origin
Ha-Gx-Prefs
PFcat
NM-Fastcgi-Cache
X-JWT-State
X-OVcl
X-OVcl-Cache
X-Owner
X-PF-Uncompressing
X-Old-Content-Length
X-Mvc-Supplant-Cachable
X-LI-UUID
X-Location
X-Method
X-Reqid
X-Skip-Cache
X-Auto-Login
X-Policy
X-Request-Start
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-Varnish-Cacheable
X-VarnishDD-TTL
X-Webstats-RespID
X-Li-Pop
X-Li-Fabric
X-Csrf-Jwt
X-Developers
X-Dispatcher-Server
X-CGP
X-Cache-Tags
X-Cache-Backend
X-Cache-Date
X-Cache-Id
X-Esi-Check
X-Eu-Site
X-HS-Content-Campaign-Id
X-Is-Gdpr
X-Level-Front-Cache
X-HN
X-Has-Esi
X-Generated-On
X-Geo-Header
X-Gzip
X-Backend-State
X-Branch-Name
CacheControlHeader
Akamai-GRN
AKAMAI
Fastly-Backend-Name
X-Sql-Duration-Ms
Backend
X-Sql-Count
X-Varnish-Beresp-Ttl
X-Thanos
X-Cache-NGX
X-Varnish-Beresp-Status
X-Refresh
X-NWS-UUID-VERIFY
X-Varnish-Beresp-Grace
XServer
X-SN
X-Render-Time
X-Clientip
X-Bip
Rt-Fastcgi-Cache
C-Via
X-Fastly-Backend
X-Request-Host
X-Varnish-Ttl
X-Bc-Bl
X-Core-Mission
X-Gamma-Serve
X-Content-Age
X-Slack-Backend
X-Hash
X-Wa
Fastly-Drupal-HTML
UCS
X-COUNTRY
X-SRV
X-Twitter-Response-Tags
X-Transaction
FSS-Proxy
X-Www-Served-By
X-CS
X-UA
X-DC
X-EIG-Tracking-Id
Cache-Hits
X-Minions-Version
X-Aicache-OS
X-Ftr-Cache-Host
X-S-Maxage
X-NU-AKA-ACS-Version
Protected
X-NODE
X-Fastcgi-Cache
Country-Code
X-Mvc-Supplant-OutputCached
NGX
Hostname
X-Amz-Meta-Cb-Modifiedtime
X-Dc
X-Check-Cacheable
X-LI-Proto
X-Accel-Expires-Debug
Surrogated-Key
X-Servedbyhost
X-Date
X-RateLimit-Remaining
X-NGENIX-Cache
X-TA-CDN-Provider
On-Server
X-Edge-Location
X-Svr
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-Vgn-Hpd-Cached
X-Via-Poph
X-Req
We-Hiring
Mail-Subject
X-Via-Popn
X-Up
X-Vgn-Hpd-Variations-Key
X-FPC
ServedBy
X-Cache-URL
X-Varnish-Hostname
X-LB-ID
Memcached
Group
Ufe-Result
Geoip-Latitude
X-Cdn-Srv
X-Ua-Device
GeoIp-Country-Code
Edge-Copy-Time
X-Proxy-Upstream
X-Erf-Stays-Bingo-Pdp-Web
X-Request-Time
X-Via-Edge
X-Via-SSL
HostName
X-CACHE-AGE
Time
T-Server
X-Nginx-Cache
X-NGINX-Cache
Now
X-Pass-Why
X-Presslabs-Stats
X-Hp-Webp
X-Cs
X-Webkit-Csp
X-VCL-Version
X-Uri
WZWS-RAY
Section-Origin-Responded
Section-Io-Origin-Status
Section-Io-Id
X-CSRF-TOKEN
Section-Io-Origin-Time-Seconds
Server-Host
X-Cluster-Node
X-Agile
N-Cache
X-BC
X-ZONE
Pics-Label
X-Agile-Id
X-Agile-Age
X-Varnish-Hits
X-SB
X-MP-GENERATED-AT
Magicmarker
X-VC
X-Acc-Rdl
X-TT-LOGID
X-UnsetCookies
X-Cdn-Forward
M-TraceId
X-CF-Powered-By
X-LiteSpeed-Cache-Control
X-UA-Device-Type
DSUID
X-Info
X-Oracle-Dms-Rid
X-Datadome
X-Bc
X-Zone
Cache-Name
X-Dynatrace-Js-Agent
Ohc-File-Size
SID
X-Dynatrace
X-Srv
X-HS-Status
Apigw-Requestid
Ohc-Cache-HIT
NtCoent-Length
Cteonnt-Length
X-Origin-Date
User-Cache-Control
Xserver
Odigeo-Trace-Id
X-FORWARDED-FOR
X-We-Are-Hiring
X-Via-Popv
ProcessTime
X-APP
Tracecode
Arc-Country
User-Agent
Cdn-Request-Time
X-Edge-Server
VivaBuild
X-MSEdge-Flight
X-MSEdge-Features
W
Ssr
Sid
Viewtype
Cdn-Host
X-Via-Ucdn
S-Rt
CF-IPCountry
Processtime
CountryCode
X-Magnolia-Registration
LB
X-RunCloud-Cache
CDN
Server-Info
Memory
Lfy
X-Tb
X-Action
Srv
X-HOST
Server-Hostname
Sever-Int
Server-Ext
X-Response-By
X-DW
SR-User-Adfree
Thinkindot-CacheControl
True-Client-Country-4JS
X-SD-PageType
Thinkindot-Control
V-Age
Thinkindot-CacheControl-Type
X-Request-URI
Locid
X-Thinkindot-L3
CDCHOST
X-SRCache-Key
X-User
X-Varnish-Authentication
X-VServer
X-Varnish-Url
X-DB
Instruction
MIME-Version
Path
Web-Mar-Node
X-DI
X-SIPLIST1
IsBot
X-DSS
Vix-Hermes-Req-Id
X-API-Version
X-Hnp-Log
X-Matched-Rule
X-Oss-Cdn-Auth
X-Nginx-Cache-Key
X-Cache-Info
X-Contensis-Viewer-Groups
X-RPM
X-Gen-Mode
X-Gdpr
X-Developer
X-RSL
X-RPS
X-Node-Id
X-Loc
X-Block-Status
X-Nyt-Route
X-Origin-Time
X-Cache-Expires
X-BBC-Edge-Cache-Status
X-Cache-ASPX
X-Origin-CC
X-Origin-TTL
WWW-Authenticate
X-HITS
X-Fastly-Request-Id
X-Origin-Expires
D-Cc-Upstream
X-Fetched-On
X-Swa-Ws
X-Trace-Id
X-BBXSRF
X-Generated-In
X-Device-Os
X-Var-Ttl
X-Azure-Ref-OriginShield
X-SVT-ORM-RULES
X-NodeID
X-Cdn-Origin
Pramga
Release
X-Server-IP
X-Sn-Servicetimems
X-GeoIP-City
X-Cc-Via
X-Scheme
X-SVT-ORM-VERSION
Cache-Host
X-Cc-Req-Id
Geo-Info
X-Cache-Hfrom
X-Cache-Hm
X-Unique-ID
X-Vgn-Hpd-Ssi
Amp-Access-Control-Allow-Source-Origin
X-Pjax-Url
X-Vcl-Version
WebServer
X-Webkit-CSP-Report-Only
X-FC-Vary-Parameters
X-Lb-Id
Server-ID
X-Newrelic-App-Data
X-Browser-Type
X-Newrelic-Synthetics
X-Fastly-Country-Code
A
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Geo
X-CACHE-KEY
X-Hit
GeoIP-Latitude
X-Traceid
GeoIP-Country-Code
X-Origin-Response-Time
Cf-Device-Type
Lb
Source
X-Provided-By
X-Nc
X-Via-NSCOPI
X-Akamai-Request-ID2
X-Fpc
Cdn
X-Cache-Tag
X-Men
X-Via-PopV
X-Via-PopH
X-Li-Proto
X-Via-PopN
X-ServedByHost
Expiry
FNAC-ModuleRouting
X-Epic-Correlation-Id
X-Envoy-Upstream-Healthchecked-Cluster
X-SERVER-NAME
Accept-Language
X-Sigma
X-Served-From
X-TH-Server
Kp-EeAlive
Cache-Key
X-Akamai-Pragma-Client-IP
X-Rocket-Build-Number
X-Sigma-Backend
Server-Ttl
Url
Xkeyi7
Cache-Provider
X-Parent-Response-Time
X-Vgn-Hpd-Reason
Content-Style-Type
Content-Secure-Policy
EpKe-Alive
X-Akamai-Request-ID
Content-Script-Type
X-B3-Parentspanid
X-Proxy-Cachei7
X-Amzn-Remapped-Connection
X-BBC-Origin-Response-Status
Esi-Enabled
X-StackifyID
X-Amzn-Remapped-Date
X-No-Cache
X-ND-Cache
X-ServiceProvider
Req-Svc-Chain
Location
X-RateLimit-Remaining-Second
X-VC-Cache
BehaviorPad-Version
X-Agile-Brick-Ok
X-Tt-Logid
X-MiniProfiler-Ids
X-WA
X-Yottaa-OS
X-ElasticPress-Query
Actual-Object-TTL
X-Request-URL
X-ORACLE-APMCS-REQUEST-ID
X-RateLimit-Limit-Second
X-B3-SpanId
X-Key
X-Instart-Request-ID
Tcn
X-TraceId
X-Litespeed-Cache-Control
X-TrackingId
X-HostName
X-PJAX-URL
Who
Inserted-Into-Cache-At
URI
X-Apw-Access-Action
X-RateLimit-Limit
X-Apw-Access-Token
X-Apw-Hits
X-Apw-Access-Object
X-Batcache
X-Varnish-Beresp-TTL
X-Mobile-Rewrite
X-Selected-Scheme
X-Selected-Name
X-Selected-Host-Header
X-Snapshot-Date
DataCenter
Proxy-Firewall
X-Instart-Info
Pragrma
X-Dispatch
Xet-Cookie
Vha6-Origin
Mime-Version
Origin-Cache-Control
X-C
Resin-Trace
Origin-Edge-Control
NnCoection
PICS-Label