Threat Level: green Handler on Duty: Remco Verhoef

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-Cache-Status
Accept-Ranges
Pragma
Link
X-Powered-By
ETag
Expect-CT
X-XSS-Protection
CF-RAY
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-UA-Compatible
X-Amz-Cf-Id
P3P
X-Cache-Hits
Alt-Svc
X-Served-By
CF-Ray
X-Xss-Protection
X-Timer
X-Download-Options
X-Varnish
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Check
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Request-ID
X-Cache-Status
X-Generator
X-Cacheable
X-Kinja-Server-Push
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Iinfo
X-Content-Security-Policy
P3p
Status
Content-Encoding
X-AspNetMvc-Version
X-CDN
Upgrade
X-Envoy-Upstream-Service-Time
X-Drupal-Dynamic-Cache
Access-Control-Max-Age
Access-Control-Expose-Headers
Keep-Alive
X-Via
X-Ws-Request-Id
Feature-Policy
X-Age
X-Cache-Group
X-Server
X-Backend
X-Amz-Request-Id
X-Hacker
X-Robots-Tag
X-Amz-Id-2
X-AH-Environment
X-UA-Device
Request-Context
X-Proxy-Cache
EagleId
X-Turbo-Charged-By
X-Server-Powered-By
Server-Timing
X-Nginx-Cache-Status
X-Template
Grace
X-Dns-Prefetch-Control
Host-Header
X-Language
Report-To
X-Rq
X-Page-Speed
Xkey
X-Varnish-Cache
X-Ua-Compatible
X-OneAgent-JS-Injection
X-Pingback
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
Cf-Railgun
X-LiteSpeed-Cache
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Amz-Version-Id
X-Buckets
X-Vhost
X-Host
X-WebKit-CSP
NEL
X-Backend-Server
X-Server-Id
X-Dispatcher
X-Device
Surrogate-Control
Accept-CH-Lifetime
X-Node
Request-Id
Accept-CH
Content-Location
X-Ruxit-JS-Agent
X-Response-Time
EagleEye-TraceId
X-Cache-Lookup
X-Akam-SW-Version
X-Origin-Cache
X-Ac
Allow
X-Readtime
X-Mod-Pagespeed
Rating
X-HW
X-Application-Context
X-Cloud-Trace-Context
X-Country
X-ORACLE-DMS-ECID
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-ORACLE-DMS-RID
Edge-Control
Pinterest-Generated-By
X-MS-InvokeApp
X-PC
X-Vname
X-TtlSet
X-Cnection
X-Country-Code
X-CST
X-Varnish-TTL
X-DataDome
X-GitHub-Request-Id
X-Content-Type
X-ASPNET-VERSION
X-Clacks-Overhead
X-D2id
X-Server-Name
X-Trace
X-Middleton-Response
X-Sol
X-Middleton-Display
Response
Display
Pagespeed
X-FastCGI-Cache
MS-Author-Via
Pinterest-Version
X-Pinterest-Rid
X-Origin-Upstream-Status
X-B3-TraceId
Fusion-Content-Id
Fusion-Deployment-Id
Fusion-Template-Id
Fusion-Source
Fusion-Component-Id
Fusion-Content-Source
X-Vcap-Request-Id
X-Abt-Application-Version
X-Px
X-Rack-Cache
X-Navigation-Version
Service-Worker-Allowed
X-Url
Verso
X-TTL
X-ESI
Arr-Disable-Session-Affinity
X-Client-IP
X-Cache-TTL
X-Element-Page-Cache
X-Cached
X-Fastly-Request-ID
X-DynaTrace
X-Dw-Request-Base-Id
X-FTR-Request-ID
X-Webkit-CSP
X-VARITI-CCR
X-SharePointHealthScore
SPRequestGuid
X-Exp-Variant
X-Exp-Id
X-Cdn-Fetch
X-GoogleNews-Bot
X-Kinja-Revision
X-Kinja-Server
X-Kinja-Build
X-Kinja
X-Use-Magma
X-Powered-By-Plesk
X-Goog-Hash
X-Upstream
X-NF-Request-ID
Fastly-Restarts
AR-ATIME
AR-PoweredBy
AR-CACHE
X-Debug
AR-Request-ID
Ar-Sid
Content-MD5
X-Pinterest-Direct
X-MSEdge-Ref
SPRequestDuration
SPIisLatency
X-Forwarded-Proto
X-Powered-CMS
X-Version
X-Release
Access-Control-Request-Method
X-Amz-Rid
X-XRDS-Location
X-T
X-Jurisdiction
X-Edge
S
X-Content-Digest
TCN
RTSS
TP-Cache
TP-L2-Cache
Public-Key-Pins
Cache-Tag
X-Ezoic-Cdn
X-Litespeed-Cache
X-Cache-Key
Front-End-Https
X-MCACHE
X-Mid
X-Node-Name
X-Yandex-Sdch-Disable
Server-Node
X-Ttl
X-Mg-S
X-Request-Processing-Time
X-Amz-Server-Side-Encryption
X-Request-Received
Fastcgi-Cache
X-Recruiting
MRF-Tech
Mrf-Cache-Status
X-B3-TraceId-Primal
X-HP-Webp
X-Amzn-Trace-Id
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Accel-Expires
X-Ser
X-Kinsta-Cache
X-PressLabs-Stats
X-Grace
X-Microsite
X-NWS-LOG-UUID
X-Request-Handler-Origin-Region
Accept-Ch
X-Origin-Server
MicrosoftSharePointTeamServices
X-Varnish-Age
Accept-Charset
ServerID
X-Logged-In
X-DIS-Request-ID
X-Page-Id
Cf-Bgj
Host
Edge-Cache-Tag
Nginx-Cache
X-ECACHE
X-Ratelimit-Remaining
X-Shield-Request-Id
X-Content-Security-Policy-Report-Only
X-Cache-Hit
X-Hits
Powered-By-ChinaCache
Cache-Tags
X-Hostname
X-B
X-F-Cache
X-Mobile-URL
X-Server-ID
X-LB-Cache
X-Respond-Thread
Cleartype
Realpath
X-Activity-Id
X-AppVersion
X-Az
X-Git-Hash
X-Cached-By
X-Forwarded-For
X-Upgrade-Enabled
X-N
X-Cache-Age
Alternate-Protocol
X-Content-Options
X-Ratelimit-Limit
DynaTrace
X-Type
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Amz-Meta-S3cmd-Attrs
Paypal-Debug-Id
X-Rid
X-Request-Guid
X-App-Environment
X-Load-Cache
X-Jobs
X-Varnish-Backend
Fastcgi-Useragent
X-FTR-Backend
X-Country-Code-Real
Access-Control-Allow-Method
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-Realm
X-FTR-DC
X-FTR-Cache-Status
X-FTR-Expires
X-Seen-By
X-Proxy
X-WebKit-CSP-Report-Only
Charset
X-Oneagent-Js-Injection
X-HS-Content-Id
X-Goog-Stored-Content-Length
X-HS-Cache-Config
X-HS-Hub-Id
X-Goog-Stored-Content-Encoding
X-GUploader-UploadID
X-Zen-Fury
X-Goog-Storage-Class
X-Goog-Generation
X-Goog-Metageneration
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-B3-Sampled
X-HS-Combine-CSS
X-URL
X-Akamai-Edgescape
X-FireWall-Port
X-VCache
Filters
X-FB-Debug
X-IPLB-Instance
X-Signature
X-Daa-Tunnel
X-B-Cache
Filterid
X-Mobile
X-Debug-Info
X-AOL-HN
Healthy
X-Varnish-Grace
X-Whom
X-Host-Name
MS-CV
DC
X-Correlation-ID
Viewport
X-Geo-Country
X-Region
AMP-Access-Control-Allow-Source-Origin
Payment
X-User-Agent
X-Cache-Rule
X-Response-Served-From
X-Cache-Operation
Liferay-Portal
X-Accel-Buffering
X-Original-Request-Id
X-App-Server
X-Frontend
X-UUID
X-Instance
X-Distributor
Surrogate-Key
X-HTML-Minification-Powered-By
X-FW-Type
X-FW-Server
X-FW-Hash
X-FW-Dynamic
X-Cacheable-TTL
X-FW-Serve
X-FW-Static
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
X-Tumblr-User
X-Amz-Replication-Status
X-Tumblr-Pixel
X-Tumblr-Pixel-2
X-Rule
X-Cache-Time
CACHE
X-Protected-By
Refresh
Accept-Ch-Lifetime
X-Content-Powered-By
X-Acc-Debug-Context
S-Cnection
X-Via-JSL
Section-Io-Cache
X-Cache-Expired-At
X-Id
X-Wix-Request-Id
X-Rendered-As
X-Is-Bot
Version
Content-Disposition
X-Tec-Api-Version
GEO-INFO
X-Cache-Action
X-Tec-Api-Root
X-Tec-Api-Origin
X-Hyper-Cache
X-Backend-Name
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Sucuri-ID
Server-Name
X-XRDS-LOCATION
Nel
X-Endurance-Cache-Level
Retry-After
PB-RID
Arc-Version
X-Air-Hostname
PB-PID
X-Cache-Server
X-Ua
Datacenter
X-Ah-Environment
X-Source
X-App-Version
X-Real-IP
Eomportal-Instance
X-Unique-Id
X-Environment-Context
X-ProcessESI
X-L-Path
X-EdgeConnect-Cache-Status
X-Framework
X-RemovedCookies
Referer-Policy
X-Yottaa-Optimizations
X-Correlation-Id
X-Pinterest-Sli-Response-Type
X-Pinterest-Sli-Latency-Threshold
X-Yottaa-Metrics
X-Revision
Frame-Options
X-Pinterest-Sli-Endpoint-Name
Ms-Operation-Id
X-Sucuri-Cache
X-Drupal-Cache-Contexts
X-RTag
X-Varnish-Server
X-TIME
Countrycode
X-Cache-Control
NGB
X-Esi
X-Cache-Spec
X-Drupal-Cache-Tags
X-RN-RSRV
X-Cache-Var
X-WA-Info
Meta-Geo
X-ES-SERVER
X-Cache-Var-Map
Webserver
Akamai-Age-Ms
X-Proxy-Cache-Status
X-Mode
X-ProxyCache-Key
X-BYPASS-REASON
Cache-Tv-Group
DB-Nickname
X-ProxyCache-Status
X-Qloud-Router
X-Cache-Host
X-Xfnlog-Site
X-CDN-Forward
X-Cache-TTL-Remaining
X-Time-Microsecs
X-R9-Blue-Green-Version
X-Azure-Ref
TWC-Connection-Speed
X-Contextid
Mn-Server-Ip
X-Labrador-Cache-Channel
TWC-GeoIP-Country
X-Human
Ec-Rule-Version
Property-Id
TWC-Device-Class
Webcakes-Region
X-Aspnet-Duration-Ms
X-Flags
X-Is-Crawler
X-Providence-Cookie
X-Cluster
X-FW-Version
X-Hl-Ver
Cross-Origin-Window-Policy
X-PCL
X-PHP-Host
X-Route-Name
X-Origin-Hint
X-Handled-By
TWC-Locale-Group
X-Status
X-NYM-Debug-Backend
TWC-Privacy
Webcakes-App-Name
X-OCL
X-Redis-Cache
X-Amzn-Remapped-Content-Length
Webcakes-App-Version
TWC-GeoIP-LatLong
X-Site-Version
X-Via-Fastly
X-TNCMS
X-Timing-Wait
X-Server-W
X-VWS-Id
X-Zipkin-Id
X-ServerID
X-Proto
X-No-Session
X-Be
X-Section
X-Routing-Service
X-Hosted-By
X-Format
X-FB-TRIP-ID
X-AWS-Id
X-LJ-Flow-ID
X-Locale
X-Proxy-Build
X-Proxied
X-Loop
Selected-Fe
X-Access
X-COUNTRY
X-Detected-As
X-NewRelic-App-Data
X-From
X-GeoIP
X-Adobe-Content
X-Adobe-Loc
X-TT
X-AIR-PT
Uber-Trace-Id
X-Ruxit-Js-Agent
FSS-Cache
X-Cache-PHP
X-Tt-Trace-Host
X-Debug-Cache
X-DynaTrace-JS-Agent
X-Tt-Trace-Tag
X-ATG-Version
X-Generated-By
X-LLID
X-Device-Type
X-Ratelimit-Reset
X-BCube-Filmed-By
VIX-Pulpo-Upstream-Status
X-NC
VIX-Pulpo-Node
Upgrade-Insecure-Requests
X-PHP-Backend
Azure-SiteName
Azure-Version
Azure-InstanceId
Azure-RegionName
Azure-SlotName
Access-Control-Request-Headers
X-Varnish-Cache-Hits
X-Aspnetmvc-Version
OT-Force-Account-Verify
X-ID
From-Origin
X-CSRF-Token
X-UPSTREAM-Address
Cache-Status
X-NCache
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Oss-Request-Id
X-Oss-Storage-Class
X-CCM
X-Origin
X-Oss-Server-Time
X-Page-View
SD-X-WS
X-GoCache-CacheStatus
X-Adobe-Source
X-Akamai-Transformed
CF-Cached-On
X-Backend-TTL
X-Cache-2
X-G
X-LAGOON
X-Varnishpool
X-Sorting-Hat-PodId
Country
X-Soup
X-Storefront-Renderer-Rendered
X-Shopify-Stage
X-Sorting-Hat-ShopId
X-ShardId
X-Forwarded-Host
X-Pubstack
X-Cache-Grace
X-ApacheServer
X-PERF
X-Alternate-Cache-Key
X-ShopId
X-Backend-Host
X-Say-TTL
X-Say-Cacheable
X-SayCDN-TTL
Decoy-Debug-Key
Decoy-Debug-TTL
Decoy-Debug-Status
X-APP-VERSION
X-Cluster-Name
X-SaId
SRV
Powered
X-JoinUs
X-Web-Node
X-Storage
Fastly-SSL
X-FTR-Cache-Host
Node
X-IP
X-ECache
Cache
X-GEO
X-EC-Lua
X-Via-CDN
X-Cache-Enabled
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Viewer-Country
X-TX-ID
X-D
X-Request-UUID
X-Rewrite-Enabled
X-Aed
X-Destination
X-Processor
X-Rojux
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
X-ScT
X-Session-Fingerprint
Apple-News-Services-Handled
X-S-Cookie
X-Application
X-A-Wwc
X-S
X-ARC
Apple-News-Services-Request-Url
Host-ID
X-External-Request-Id
Rendered-Blocks
Machine
MD5-Digest
Mobile-Detection-Method
X-B-Cookie
X-PAYTM-SRV-ID
X-A
X-A-Ccd
Fastcgi-X-Cache-Version
DCR-Processing-Time-Ms
DCR-Decision-By
X-A-Dgt
X-PBS-Appsvrname
X-A-Dam
X-A-Dcw
Meta-Geo-Continent
X-RCS-CacheZone
X-Worker
X-VG-WebCache
X-Trv-Group
X-VG-WebServer
X-Tumblr-Pixel-3
X-Vdms-Path
X-Vtex-Remote-Cache
X-Connection-Hash
Xc-Version
X-CF-Lambda-Fn
X-Vdms-Version
X-Cache-NE
X-Vtex-Processado-Em
X-CF-Lambda-Version
X-Cdn
X-NWS-UUID-VERIFY
X-Cache-Config
X-Time
X-IPS-LoggedIn
X-B3-Spanid
X-Platform-Server
Is-Eu
X-Ms-Request-Id
X-Varnish-CookieINHashed-On
X-Varnish-Remaining-TTL
X-Ms-Version
CDN-Cache
X-Clara-WADP
X-VG-TLSProxy
Fastly-SIE
Fastly-SWR
CDN-EdgeStorageId
X-Varnish-CookieHashed-On
Gh-Request-Id
CDN-CachedAt
CloudFront-Viewer-Country
CDN-PullZone
X-Generation-Time
X-Rebelmouse-Surrogate-Control
X-Servername
X-DefHash
X-Cms-Context
Adler-Geo
CDN-RequestId
X-DefElseHash
X-CUA
X-Core-Value
X-Cache-Bucket
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-Varnish-Beresp-Ttl
CDN-Uid
X-Cache-Debug
X-Fastly-Cache
X-Micro-Cache
X-Microcachable
X-Rebelmouse-Cache-Control
CDN-RequestCountryCode
Platform
X-WADP-Cache
X-DPWN-IS-SECURE
X-Auto-Login
X-Variation
X-Envoy-Decorator-Operation
X-Fmm-Version
Backend
X-Cache-Backend
X-Backend-State
X-Level-Front-Cache
X-Wikidot-Static-Cache
C-Via
X-Is-Gdpr
X-JWT-State
X-HS-Content-Campaign-Id
X-Generated-On
X-Esi-Check
PFcat
X-Fastly-Backend
Rt-Fastcgi-Cache
X-Developers
Wxu-Next-Region
Wxu-Next-Hostname
Wxu-Next-Commit
Origin
X-Irp-Debug
Fastly-Drupal-HTML
Fastly-Backend-Name
X-Has-Esi
X-Gzip
X-Geo-Header
X-Gamma-Serve
L
Akamai-GRN
X-HN
X-LI-UUID
X-Varnish-Cacheable
X-Fastcgi-Cache
X-Owner
X-OVcl-Cache
X-Clientip
X-OVcl
X-Cache-Date
X-Platform
X-Request-Start
X-Request-Host
X-Cache-NGX
X-Cache-Id
X-Bip
X-Wikidot-Backend
X-Webstats-RespID
X-Location
X-Method
X-VarnishDD-TTL
AKAMAI
X-Li-Fabric
X-Li-Pop
X-Branch-Name
X-Skip-Cache
X-Old-Content-Length
X-Policy
X-Thanos
X-UA
X-Bc-Bl
X-B3-Traceid
X-Render-Time
NM-Fastcgi-Cache
X-Eu-Site
X-CGP
X-Csrf-Jwt
X-Core-Mission
X-Slack-Backend
X-Cache-Tags
Pagetype
X-Dispatcher-Server
X-DC
L5d-Success-Class
X-Cache-Remote
Ha-Gx-Prefs
X-Mvc-Supplant-Cachable
X-Varnish-Ttl
X-SN
X-Reqid
X-Content-Age
HA-Ipaddr
CacheControlHeader
X-CS
X-Transaction
X-Hash
X-Twitter-Response-Tags
X-Sql-Count
XServer
X-PF-Uncompressing
X-Refresh
X-Wa
X-Sql-Duration-Ms
X-EIG-Tracking-Id
FSS-Proxy
X-TA-CDN-Provider
X-Aicache-OS
X-Minions-Version
UCS
X-Amz-Meta-Cb-Modifiedtime
X-Ftr-Cache-Host
X-SRV
Country-Code
X-NODE
Hostname
X-Www-Served-By
X-Date
NGX
X-Accel-Expires-Debug
X-NU-AKA-ACS-Version
X-Via-Popn
X-Via-Poph
Surrogated-Key
Cache-Hits
X-Hp-Webp
X-NGENIX-Cache
X-S-Maxage
X-Req
X-Up
X-Edge-Location
X-RateLimit-Remaining
X-Presslabs-Stats
X-Mvc-Supplant-OutputCached
Protected
X-Vgn-Hpd-Variations-Key
X-Vgn-Hpd-Cached
X-LB-ID
X-LI-Proto
X-Servedbyhost
X-Nginx-Cache
X-Check-Cacheable
X-FPC
X-Debug-Cache-Store
Mail-Subject
We-Hiring
X-Debug-Cache-Fetch
X-Cdn-Srv
Group
X-Dc
Ufe-Result
Memcached
X-Cache-URL
Time
X-FORWARDED-FOR
X-Proxy-Upstream
Geoip-Latitude
X-Ua-Device
X-Via-Edge
X-Via-SSL
On-Server
Edge-Copy-Time
X-Svr
X-Varnish-Hostname
ServedBy
HostName
X-CACHE-AGE
Now
X-Request-Time
GeoIp-Country-Code
X-Dynatrace-Js-Agent
X-CSRF-TOKEN
X-ZONE
X-BC
X-Agile-Age
T-Server
X-Agile
X-VCL-Version
X-Agile-Id
X-Webkit-Csp
X-Pass-Why
X-Cluster-Node
X-Acc-Rdl
X-Cs
SID
X-Uri
X-MP-GENERATED-AT
N-Cache
WZWS-RAY
X-NGINX-Cache
Server-Host
Section-Io-Id
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
M-TraceId
Pics-Label
X-UnsetCookies
X-Varnish-Hits
X-Cdn-Forward
X-SB
Magicmarker
X-Datadome
X-Via-Popv
X-LiteSpeed-Cache-Control
ProcessTime
X-VC
X-Bc
X-Zone
Ohc-File-Size
X-TT-LOGID
Arc-Country
Apigw-Requestid
X-HS-Status
X-Info
X-CF-Powered-By
X-APP
X-Srv
X-Erf-Stays-Bingo-Pdp-Web
DSUID
Cache-Name
NtCoent-Length
Xserver
Ohc-Cache-HIT
VivaBuild
Viewtype
X-We-Are-Hiring
Cdn-Host
Cdn-Request-Time
X-UA-Device-Type
X-Edge-Server
Cteonnt-Length
User-Cache-Control
User-Agent
X-Origin-Date
Odigeo-Trace-Id
Processtime
X-Via-Ucdn
Memory
Tracecode
CF-IPCountry
WebServer
X-RunCloud-Cache
X-MSEdge-Flight
X-MSEdge-Features
W
X-Action
Server-Info
LB
Srv
Ssr
S-Rt
X-DSS
X-Oss-Cdn-Auth
X-RPM
X-RPS
Sid
X-RSL
X-DW
CDN
X-DB
WWW-Authenticate
X-Magnolia-Registration
X-DI
X-Tb
X-HOST
CountryCode
X-Newrelic-App-Data
Lfy
X-Vgn-Hpd-Ssi
X-HITS
X-Dynatrace
CDCHOST
Instruction
X-VServer
IsBot
X-Loc
X-SVT-ORM-VERSION
D-Cc-Upstream
X-Thinkindot-L3
X-User
X-SVT-ORM-RULES
X-Hnp-Log
X-Varnish-Authentication
X-Pjax-Url
X-Varnish-Url
X-Cc-Via
X-Cc-Req-Id
X-Scheme
Sever-Int
X-Node-Id
X-BBC-Edge-Cache-Status
X-BBXSRF
X-Nyt-Route
X-Origin-CC
Web-Mar-Node
X-API-Version
X-Origin-Expires
X-Nginx-Cache-Key
X-Gen-Mode
X-Developer
X-Matched-Rule
X-Gdpr
X-Contensis-Viewer-Groups
X-Cache-Info
X-Block-Status
X-Cache-ASPX
X-Cache-Expires
Vix-Hermes-Req-Id
V-Age
Server-Ext
X-SD-PageType
X-Response-By
Path
X-Server-IP
Locid
MIME-Version
X-SIPLIST1
X-Request-URI
Server-Hostname
Thinkindot-Control
X-Origin-Time
True-Client-Country-4JS
X-Origin-TTL
Thinkindot-CacheControl-Type
Server-ID
SR-User-Adfree
Thinkindot-CacheControl
X-SRCache-Key
X-Cache-Hfrom
X-Vcl-Version
Geo-Info
X-Browser-Type
X-Unique-ID
X-Cache-Hm
Amp-Access-Control-Allow-Source-Origin
X-Webkit-CSP-Report-Only
X-Geo
X-Hit
Cache-Host
X-GeoIP-City
X-NodeID
X-Generated-In
X-Newrelic-Synthetics
X-Goog-Meta-Goog-Reserved-File-Mtime
Release
X-FC-Vary-Parameters
X-Fastly-Country-Code
Pramga
X-Sn-Servicetimems
X-Traceid
X-Fetched-On
X-Var-Ttl
X-Device-Os
X-Cdn-Origin
X-Azure-Ref-OriginShield
X-Trace-Id
X-Swa-Ws
A
X-CACHE-KEY
Lb
GeoIP-Latitude
X-Akamai-Request-ID2
GeoIP-Country-Code
X-Oracle-Dms-Rid
X-Provided-By
X-Nc
X-Lb-Id
Source
X-Envoy-Upstream-Healthchecked-Cluster
Cf-Device-Type
Cdn
X-Epic-Correlation-Id
X-Via-NSCOPI
X-Fpc
X-Origin-Response-Time
X-Cache-Tag
X-Li-Proto
X-ServedByHost
Accept-Language
X-Men
FNAC-ModuleRouting
X-Fastly-Request-Id
X-Amzn-Remapped-Date
Cache-Key
X-Amzn-Remapped-Connection
X-Served-From
X-StackifyID
X-Akamai-Pragma-Client-IP
Server-Ttl
X-SERVER-NAME
X-TH-Server
X-Sigma
Expiry
Esi-Enabled
X-Via-PopH
X-Via-PopN
X-Rocket-Build-Number
Kp-EeAlive
X-Via-PopV
X-Sigma-Backend
X-ORACLE-APMCS-REQUEST-ID
Actual-Object-TTL
X-Key
Content-Script-Type
X-Parent-Response-Time
Content-Style-Type
X-Instart-Request-ID
X-Vgn-Hpd-Reason
Url
Cache-Provider
X-No-Cache
X-Agile-Brick-Ok
X-RateLimit-Remaining-Second
X-Tt-Logid
X-ElasticPress-Query
X-RateLimit-Limit-Second
X-WA
X-Akamai-Request-ID
X-Proxy-Cachei7
Location
X-ServiceProvider
Xkeyi7
X-Yottaa-OS
X-Request-URL
X-B3-SpanId
Content-Secure-Policy
Req-Svc-Chain
X-Mobile-Rewrite
X-VC-Cache
X-Batcache
X-MiniProfiler-Ids
X-Vcache
Tcn
Proxy-Firewall
Who
X-PJAX-URL
Inserted-Into-Cache-At
BehaviorPad-Version
X-Dispatch
X-ND-Cache
X-Apw-Access-Token
X-RateLimit-Limit
URI
X-HostName
EpKe-Alive
X-BBC-Origin-Response-Status
X-Instart-Info
X-Varnish-Beresp-TTL
Origin-Edge-Control
X-B3-Parentspanid
X-Apw-Access-Object
Origin-Cache-Control
X-Apw-Hits
X-Apw-Access-Action
X-Selected-Name
X-Geo-Region
X-Selected-Host-Header
X-Selected-Scheme
X-TrackingId
PICS-Label
X-C
Xet-Cookie
X-Pf-Uncompressing
Pragrma
Mime-Version
DataCenter
X-TraceId
Resin-Trace
Cf-Alt-Svc
HitType
Powered-By
X-RAMCache
NnCoection
X-Dw-Trace-Id
Vha6-Origin
X-Snapshot-Date