Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Pragma
X-Powered-By
ETag
Link
Expect-CT
X-XSS-Protection
Via
Age
CF-RAY
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-Xss-Protection
Alt-Svc
X-Served-By
CF-Ray
X-Timer
X-Varnish
Access-Control-Allow-Methods
X-Download-Options
Access-Control-Allow-Headers
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Adblock-Key
X-Check
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-Request-ID
X-Generator
P3p
X-Cacheable
X-Kinja-Server-Push
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Iinfo
X-Content-Security-Policy
Status
X-AspNetMvc-Version
Upgrade
X-Template
Content-Encoding
X-Language
X-CDN
Access-Control-Max-Age
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
X-Envoy-Upstream-Service-Time
Keep-Alive
X-Via
X-Ws-Request-Id
X-Buckets
X-Age
Feature-Policy
X-Backend
X-AH-Environment
X-UA-Device
X-Hacker
X-Cache-Group
X-Robots-Tag
EagleId
X-Server
X-Amz-Request-Id
X-Amz-Id-2
X-Proxy-Cache
X-Turbo-Charged-By
X-Dns-Prefetch-Control
X-Server-Powered-By
Request-Context
Server-Timing
Host-Header
X-Nginx-Cache-Status
Grace
Xkey
Report-To
X-Page-Speed
X-Rq
Cf-Bgj
X-Varnish-Cache
X-OneAgent-JS-Injection
X-Pingback
X-LiteSpeed-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
Cf-Railgun
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-WebKit-CSP
X-Amz-Version-Id
X-Vhost
NEL
X-Dispatcher
X-Host
X-Backend-Server
X-Device
X-Node
Surrogate-Control
X-Cache-Lookup
X-Origin-Cache
X-Ruxit-JS-Agent
X-Response-Time
Content-Location
X-Akam-SW-Version
Request-Id
X-ASPNET-VERSION
X-Ac
Akamai-Age-Ms
X-Country
X-Server-Id
X-Mod-Pagespeed
X-HW
Rating
EagleEye-TraceId
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
X-Readtime
X-Cloud-Trace-Context
Pinterest-Generated-By
X-Origin-Upstream-Status
X-Application-Context
X-DataDome
Edge-Control
Accept-CH
Accept-CH-Lifetime
X-Country-Code
X-Url
X-TtlSet
X-PC
X-Vname
Fusion-Content-Source
Fusion-Deployment-Id
Fusion-Template-Id
Fusion-Component-Id
Fusion-Source
Fusion-Content-Id
X-Varnish-TTL
X-Cnection
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-D2id
X-ESI
X-GitHub-Request-Id
X-Server-Name
X-MS-InvokeApp
X-Clacks-Overhead
Accept-Ch
X-Content-Type
X-Navigation-Version
X-FTR-Request-ID
X-Abt-Application-Version
Verso
X-Vcap-Request-Id
X-Trace
X-Px
Accept-Ch-Lifetime
X-Server-ID
Pinterest-Version
X-Pinterest-Rid
Pagespeed
X-Middleton-Display
Response
X-Sol
X-Middleton-Response
Display
Allow
X-B3-TraceId
X-Cached
X-Rack-Cache
X-DynaTrace
X-Element-Page-Cache
Service-Worker-Allowed
X-Fastly-Request-ID
X-TTL
X-Client-IP
X-Cache-TTL
X-Powered-By-Plesk
X-Version
MS-Author-Via
X-Forwarded-Proto
Arr-Disable-Session-Affinity
X-T
X-Upstream
X-NF-Request-ID
X-Debug
Content-MD5
Fastly-Restarts
X-Dw-Request-Base-Id
X-SharePointHealthScore
SPRequestGuid
AR-ATIME
AR-CACHE
AR-PoweredBy
AR-Request-ID
Ar-Sid
X-VARITI-CCR
X-Jurisdiction
X-Exp-Variant
X-Kinja-Build
X-GoogleNews-Bot
X-Kinja-Revision
X-Exp-Id
X-Use-Magma
X-Kinja-Server
X-Cdn-Fetch
X-Kinja
Access-Control-Request-Method
X-Goog-Hash
X-Powered-CMS
TP-Cache
TP-L2-Cache
X-Content-Digest
X-XRDS-Location
X-PressLabs-Stats
X-NWS-LOG-UUID
X-Release
X-Edge
X-MSEdge-Ref
X-Webkit-CSP
RTSS
X-Amz-Rid
Public-Key-Pins
SPRequestDuration
SPIisLatency
Cache-Tag
Fastcgi-Cache
TCN
X-Request-Processing-Time
X-Request-Received
S
X-Yandex-Sdch-Disable
X-FastCGI-Cache
X-Mid
X-MCACHE
X-Ttl
X-Accel-Expires
X-Cache-Hit
X-Ezoic-Cdn
Server-Node
X-Logged-In
ServerID
X-Amzn-Trace-Id
X-Cache-Key
X-Node-Name
X-Ratelimit-Remaining
Alternate-Protocol
Front-End-Https
X-Request-Handler-Origin-Region
X-Microsite
X-ECACHE
X-Pinterest-Direct
X-Ser
X-Recruiting
X-Origin-Server
X-Page-Id
X-Kinsta-Cache
X-B
X-Mobile-URL
Host
X-Ratelimit-Limit
Realpath
Accept-Charset
X-Hostname
X-Forwarded-For
X-FTR-Cache-Status
X-FireWall-Port
X-FTR-Backend-Server
X-FTR-Expires
X-FTR-Balancer
X-FTR-DC
X-Country-Code-Real
X-FTR-Realm
X-FTR-Backend
X-Id
X-SRCache-Fetch-Status
X-Content-Security-Policy-Report-Only
X-SRCache-Store-Status
Nginx-Cache
X-Seen-By
X-Load-Cache
Filterid
X-Jobs
Mrf-Cache-Status
MRF-Tech
X-B3-TraceId-Primal
X-Varnish-Age
X-Content-Options
X-CST
X-DIS-Request-ID
X-Shield-Request-Id
X-Daa-Tunnel
X-Az
X-AppVersion
X-Activity-Id
X-Correlation-ID
X-Type
X-Zen-Fury
X-LB-Cache
Paypal-Debug-Id
X-F-Cache
X-Rid
X-App-Environment
Edge-Cache-Tag
X-Varnish-Backend
X-N
X-Git-Hash
X-Grace
X-Varnish-Grace
X-Request-Guid
X-FB-Debug
X-Hits
X-Amz-Server-Side-Encryption
X-App-Server
X-Proxy
Fastcgi-Useragent
AMP-Access-Control-Allow-Source-Origin
X-Cdn
DC
Content-Disposition
X-Akamai-Edgescape
Cache-Tags
X-Hp-Webp
X-Content-Powered-By
X-Endurance-Cache-Level
X-WebKit-CSP-Report-Only
X-Cache-Rule
DynaTrace
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Cache-Operation
Access-Control-Allow-Method
X-Upgrade-Enabled
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Geo-Country
X-VCache
X-Wix-Request-Id
MicrosoftSharePointTeamServices
X-Cached-By
X-Mg-S
Cleartype
Refresh
X-Accel-Buffering
X-Original-Request-Id
Powered
X-Response-Served-From
X-XRDS-LOCATION
X-B3-Sampled
X-IPLB-Instance
X-Amz-Meta-S3cmd-Attrs
X-User-Agent
NGB
X-AOL-HN
MS-CV
X-Fastcgi-Cache
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Rule
Payment
Healthy
X-Region
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Cache-Config
X-HS-Combine-CSS
X-Tumblr-Pixel-0
X-UUID
X-B-Cache
X-Distributor
X-HTML-Minification-Powered-By
X-Tumblr-User
X-Host-Name
X-Whom
X-Goog-Generation
X-Goog-Storage-Class
X-Tumblr-Pixel
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-GUploader-UploadID
X-Signature
X-Cache-Time
X-FW-Serve
X-Rendered-As
Datacenter
X-Cacheable-TTL
X-FW-Static
X-Tumblr-Pixel-1
X-FW-Server
X-FW-Type
X-FW-Hash
X-Tumblr-Pixel-2
X-FW-Dynamic
X-Is-Bot
X-Frontend
X-Instance
Arc-Version
PB-PID
PB-RID
X-DynaTrace-JS-Agent
Countrycode
X-Varnish-Server
X-Mobile
Surrogate-Key
X-Debug-Info
X-Ua
X-HP-Webp
X-Tec-Api-Version
Cache
X-Tec-Api-Root
X-Tec-Api-Origin
X-PHP-Backend
X-Oneagent-Js-Injection
X-App-Version
X-NewRelic-App-Data
X-Backend-Name
X-Azure-Ref
X-Cache-Age
X-FTR-Cache-Host
X-Via-JSL
X-Cache-Server
S-Cnection
X-Litespeed-Cache
X-WA-Info
X-Protected-By
X-Time
Webserver
Powered-By-ChinaCache
X-Cache-Control
Referer-Policy
X-Hyper-Cache
X-Respond-Thread
Retry-After
Filters
From-Origin
Charset
Liferay-Portal
X-RemovedCookies
X-ProcessESI
X-EdgeConnect-Cache-Status
X-CSRF-Token
X-Proxy-Cache-Status
X-Cache-Expired-At
X-GeoIP
X-R9-Blue-Green-Version
X-Cache-Var
X-ES-SERVER
X-RN-RSRV
Meta-Geo
X-Mode
X-Cache-Var-Map
X-Source
X-Debug-Cache
Section-Io-Cache
X-FB-TRIP-ID
Eomportal-Instance
Viewport
X-Sucuri-ID
X-Qloud-Router
X-RTag
X-From
X-Cache-Action
Ms-Operation-Id
X-Ruxit-Js-Agent
X-Device-Type
X-Framework
X-Site-Version
X-Server-W
X-AWS-Id
Mn-Server-Ip
X-ProxyCache-Key
X-VWS-Id
X-PCL
X-OCL
X-Amz-Replication-Status
X-Via-Fastly
X-LJ-Flow-ID
X-ProxyCache-Status
X-Locale
X-BYPASS-REASON
X-Ratelimit-Reset
TWC-Connection-Speed
TWC-Device-Class
Selected-Fe
DB-Nickname
X-Timing-Wait
X-Cache-Host
Cross-Origin-Window-Policy
TWC-GeoIP-Country
Property-Id
X-ServerID
X-Routing-Service
Webcakes-App-Name
X-Proxy-Build
TWC-GeoIP-LatLong
X-Revision
Cache-Tv-Group
X-Proxied
X-Hl-Ver
X-Handled-By
X-Origin-Hint
X-Time-Microsecs
X-Environment-Context
X-Zipkin-Id
TWC-Privacy
Webcakes-Region
TWC-Locale-Group
X-L-Path
Webcakes-App-Version
X-Acc-Debug-Context
X-Format
X-JoinUs
X-Human
X-Varnish-Cache-Hits
X-Access
X-SaId
X-Status
X-Real-IP
X-Section
X-FW-Version
X-Cluster
X-Amzn-Remapped-Content-Length
X-Xfnlog-Site
X-NYM-Debug-Backend
X-Yottaa-Metrics
X-Be
X-Yottaa-Optimizations
X-Redis-Cache
X-PHP-Host
X-Labrador-Cache-Channel
X-Proto
X-Hosted-By
X-Generated-By
X-TNCMS
X-TA-CDN-Provider
Uber-Trace-Id
X-Loop
Ec-Rule-Version
X-NWS-UUID-VERIFY
X-BCube-Filmed-By
X-Detected-As
Frame-Options
X-Cache-TTL-Remaining
Server-Name
X-No-Session
X-ATG-Version
CF-Cached-On
X-NCache
X-Origin
Version
X-Cache-PHP
X-EIG-Tracking-Id
X-Contextid
X-Instart-Request-ID
X-Sucuri-Cache
X-URL
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Air-Hostname
X-CACHE-AGE
X-Drupal-Cache-Contexts
X-Drupal-Cache-Tags
X-IPS-LoggedIn
FSS-Cache
X-EC-Lua
X-Vgn-Hpd-Cached
X-Vgn-Hpd-Variations-Key
Now
X-Cache-Enabled
X-Bc-Bl
X-Akamai-Transformed
X-IP
X-Tumblr-Pixel-3
GEO-INFO
X-TT
X-Cache-Backend
Time
X-Unique-Id
Node
X-Backend-Host
OT-Force-Account-Verify
X-Adobe-Content
X-Adobe-Loc
X-RCS-CacheZone
Access-Control-Request-Headers
X-TIME
X-GoCache-CacheStatus
X-UA
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-NGENIX-Cache
X-Cache-NE
X-Oss-Object-Type
Azure-RegionName
Azure-SlotName
Azure-SiteName
Azure-Version
Azure-InstanceId
X-Oss-Request-Id
X-Oss-Server-Time
X-Oss-Storage-Class
X-Oss-Hash-Crc64ecma
X-Adobe-Source
X-APP-VERSION
X-CCM
HostName
X-Cdn-Forward
Apple-News-Services-Handled
X-Vtex-Processado-Em
X-Application
Host-ID
X-ARC
X-Vtex-Remote-Cache
X-Minions-Version
X-VG-WebServer
X-A-Dcw
X-A-Dam
X-PAYTM-SRV-ID
X-A-Dgt
X-CF-Lambda-Version
X-Aed
X-Accel-Expires-Debug
X-A-Wwc
Apple-News-Services-Host
CloudFront-Viewer-Country
Xc-Version
Meta-Geo-Continent
X-D
X-Transaction
X-Connection-Hash
Machine
X-CF-Lambda-Fn
MD5-Digest
X-Date
X-Destination
Apple-News-Services-Parsed-Url
X-Generation-Time
X-PBS-Appsvrname
Apple-News-Services-Request-Url
X-G
X-Worker
Mobile-Detection-Method
X-External-Request-Id
X-B-Cookie
X-VG-WebCache
Rendered-Blocks
X-Rojux
Surrogated-Key
X-Twitter-Response-Tags
X-Up
X-Vdms-Path
X-S-Cookie
X-ScT
X-S
Fastcgi-X-Cache-Version
X-Processor
DCR-Decision-By
X-A-Ccd
X-Vdms-Version
DCR-Processing-Time-Ms
X-Trv-Group
X-Rewrite-Enabled
X-A
X-Varnishpool
X-Alternate-Cache-Key
X-Pubstack
X-ApacheServer
X-Cache-2
X-ShardId
X-PERF
X-Shopify-Stage
X-Sorting-Hat-PodId
X-ShopId
X-Sorting-Hat-ShopId
X-Forwarded-Host
X-Storefront-Renderer-Rendered
X-Cache-Grace
SD-X-WS
X-Request-UUID
X-Correlation-Id
NM-Fastcgi-Cache
X-AIR-PT
Wxu-Next-Hostname
Wxu-Next-Commit
X-Agile-Id
X-Agile-Age
Wxu-Next-Region
X-Agile
AKAMAI
We-Hiring
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Ttl
X-Bip
X-Varnish-Ttl
X-Cache-Bucket
CDN-RequestCountryCode
X-Dc
X-OVcl
X-OVcl-Cache
X-Microcachable
Mail-Subject
X-Hash
X-Level-Front-Cache
X-Owner
X-VG-TLSProxy
X-Soup
X-Storage
X-Thanos
X-SN
X-Reqid
X-Platform
X-Req
CDN-Uid
X-Method
CDN-Cache
X-Dispatcher-Server
X-Generated-On
X-CUA
Fastly-SSL
CacheControlHeader
X-Cms-Context
X-Core-Value
X-Envoy-Decorator-Operation
X-Edge-Location
CDN-EdgeStorageId
CDN-CachedAt
X-TX-ID
CDN-PullZone
CDN-RequestId
Decoy-Debug-TTL
Decoy-Debug-Status
X-CDN-Forward
X-Viewer-Country
Decoy-Debug-Key
X-DPWN-IS-SECURE
L5d-Success-Class
HA-Ipaddr
Group
Ha-Gx-Prefs
Pagetype
PFcat
Gh-Request-Id
X-Csrf-Jwt
X-Geo-Header
X-WADP-Cache
X-HN
X-Webstats-RespID
X-Gamma-Serve
X-Fastly-Cache
X-Fmm-Version
X-HS-Content-Campaign-Id
X-Location
X-VarnishDD-TTL
X-Varnish-Cacheable
X-Render-Time
X-Proxy-Upstream
X-Micro-Cache
X-Policy
X-Eu-Site
X-Developers
X-Auto-Login
Fastly-SWR
Fastly-SIE
X-Amz-Meta-Cb-Modifiedtime
Is-Eu
Ufe-Result
Platform
X-Cache-Config
X-Cache-NGX
X-Cluster-Name
X-Core-Mission
X-Clara-WADP
X-CGP
Adler-Geo
X-Cdn-Srv
X-Backend-TTL
M-TraceId
X-Skip-Cache
X-Servername
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Variation
Country
Fastly-Drupal-HTML
Cache-Status
X-VHOST
Country-Code
Akamai-GRN
X-RateLimit-Remaining
X-JWT-State
L
Fastly-Backend-Name
X-Has-Esi
X-Old-Content-Length
X-Wikidot-Static-Cache
X-Esi-Check
UCS
X-Request-Host
X-Li-Pop
X-Is-Gdpr
X-Wikidot-Backend
X-Irp-Debug
X-Say-TTL
X-Say-Cacheable
X-Esi
X-Li-Fabric
X-Web-Node
X-Cache-Id
Rt-Fastcgi-Cache
X-Request-Start
C-Via
X-LI-UUID
X-Fastly-Backend
X-Content-Age
Backend
X-Clientip
X-Gzip
X-Backend-State
X-Slack-Backend
X-Cache-Date
X-SayCDN-TTL
X-Cache-URL
X-Cache-Tags
X-CS
Nel
X-ORACLE-APMCS-REQUEST-ID
Actual-Object-TTL
X-PF-Uncompressing
X-NC
X-Refresh
X-ZONE
X-Ms-Request-Id
X-BC
Origin
X-Ms-Version
X-Mvc-Supplant-Cachable
Memcached
Arc-Country
X-NODE
Geo-Info
X-B3-Spanid
Viewtype
X-Wa
VivaBuild
X-Aicache-OS
X-LB-ID
Srv
NGX
X-Unique-ID
X-Via-Popn
X-Via-Poph
X-RunCloud-Cache
X-Via-Ucdn
FSS-Proxy
X-Platform-Server
X-LAGOON
X-Varnish-CookieINHashed-On
X-Varnish-Remaining-TTL
X-DefHash
X-Varnish-CookieHashed-On
X-DefElseHash
X-Srv
X-Mvc-Supplant-OutputCached
X-LI-Proto
X-Vgn-Hpd-Ssi
Cdn-Host
X-Branch-Name
Upgrade-Insecure-Requests
X-Servedbyhost
Cdn-Request-Time
X-Edge-Server
X-UPSTREAM-Address
X-ECache
X-SERVER
Memory
X-Session-Fingerprint
X-Cache-Debug
X-Mobile-Rewrite
X-LiteSpeed-Cache-Control
X-Request-Time
Sid
Server-Info
X-Bc
X-Zone
X-Cluster-Node
X-Nc
X-Debug-Cache-Fetch
X-Nginx-Cache
X-Epic-Correlation-Id
X-APP
X-Akamai-Request-ID2
X-FC-Vary-Parameters
X-Action
X-Debug-Cache-Store
X-Hit
X-Geo
Xserver
X-DW
X-Via-Popv
X-B3-Traceid
X-Cs
X-RPM
X-DSS
X-FPC
X-RPS
X-Varnish-Hostname
X-DI
X-DB
X-RSL
WWW-Authenticate
X-NGINX-Cache
X-GEO
Apigw-Requestid
X-MP-GENERATED-AT
X-Is-Crawler
NtCoent-Length
X-Oss-Cdn-Auth
X-Aspnet-Duration-Ms
X-HS-Status
X-Flags
X-Providence-Cookie
X-CF-Powered-By
X-Route-Name
X-DC
X-Vcache
GeoIp-Country-Code
Geoip-Latitude
X-Vcl-Version
X-Ftr-Cache-Host
CACHE
X-CSRF-TOKEN
User-Agent
Processtime
XServer
GeoIP-Latitude
ProcessTime
Hostname
Origin-Cache-Control
Origin-Edge-Control
X-Check-Cacheable
X-SERVER-NAME
GeoIP-Country-Code
X-Webkit-CSP-Report-Only
X-FORWARDED-FOR
CF-IPCountry
X-VCL-Version
X-Tb
Accept-Language
X-Key
X-Dispatch
X-Page-View
X-NU-AKA-ACS-Version
X-HOST
Esi-Enabled
X-Envoy-Upstream-Healthchecked-Cluster
X-Via-CDN
X-UnsetCookies
X-Fpc
SRV
X-HITS
HitType
Cdn
Proxy-Firewall
X-App
W
X-Dynatrace-Js-Agent
X-Via-SSL
X-Cache-Hm
X-Fastly-Country-Code
Edge-Copy-Time
X-Cache-Hfrom
X-Via-Edge
SID
X-Www-Served-By
S-Rt
X-We-Are-Hiring
X-Svr
BehaviorPad-Version
X-Generated
Fastcgi-Cache-TTL
X-RAMCache
X-Pass-Why
X-Sql-Duration-Ms
X-Path-Route
On-Server
X-Sql-Count
A
LB
X-CACHE-KEY
X-COUNTRY
Cteonnt-Length
Cache-Hits
Amp-Access-Control-Allow-Source-Origin
X-Geo-Region
Ohc-File-Size
X-TrackingId
CDN
ServedBy
Lb
WebServer
Xet-Cookie
X-Amzn-Remapped-Date
N-Cache
X-Pjax-Url
X-Amzn-Remapped-Connection
Powered-By
X-Newrelic-App-Data
T-Server
X-Instart-Info
X-Cache-Remote
X-S-Maxage
X-Li-Proto
Server-Host
X-SRV
X-Newrelic-Synthetics
X-ServedByHost
X-MSEdge-Features
X-MSEdge-Flight
X-Datadome
X-Origin-Response-Time
X-Dynatrace
X-HostName
X-LiteSpeed-Tag
Content-Script-Type
X-Akamai-Pragma-Client-IP
Cache-Key
Pics-Label
X-Served-From
WZWS-RAY
Content-Style-Type
X-Batcache
X-TH-Server
Tcn
Magicmarker
X-Via-NSCOPI
X-TT-LOGID
Ohc-Cache-HIT
Odigeo-Trace-Id
X-Via-PopH
Dnion-Transfer-Encoding
X-Via-PopN
X-Via-PopV
X-Region-Sid
X-VC
Cache-Provider
X-SB
X-StackifyID
X-RateLimit-Limit
User-Cache-Control
X-Lb-Id
X-Cache-Tag
X-Presslabs-Stats
X-Agile-Brick-Ok
Cf-Alt-Svc
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-B3-SpanId
Server-Ttl
X-Varnish-Hits
Load-Balancing
X-Info
X-Planisys-CDN-Cache
X-Tt-Logid
X-WA
X-Vgn-Hpd-Reason
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Pf-Uncompressing
AsisCache
X-SRCache-Key
Inserted-Into-Cache-At
GEO-REGION-INFO
X-Magnolia-Registration
X-Origin-CC
X-DevSite-Last-Modified
X-Parent-Response-Time
Who
X-Tid
X-Pad
X-Developer
X-Origin-TTL
X-Yottaa-OS
DSUID
Cache-Name
X-UA-Device-Type
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
Source
X-BACKEND-TTL
X-ElasticPress-Query
Section-Io-Origin-Status
Section-Io-Id
CountryCode
X-Selected-Host-Header
X-Selected-Name
X-Selected-Scheme
Proxy-Connection
X-Uri
X-PJAX-URL
PICS-Label
Pragrma
X-C
X-MiniProfiler-Ids
Mime-Version
X-Apw-Access-Action
X-Apw-Access-Object
Protected
Ssr
X-Request-URL
X-Varnish-Beresp-TTL
X-Apw-Access-Token
X-Apw-Hits
X-Dw-Trace-Id
X-Fetched-On
X-Azure-Ref-OriginShield
X-BBXSRF
X-Akamai-Request-ID
Web-Mar-Node
V-Age
Vix-Hermes-Req-Id
X-Block-Status
X-Cache-ASPX
X-Device-Os
X-Gen-Mode
X-Contensis-Viewer-Groups
X-Cdn-Request-ID
X-Cache-Info
X-Cdn-Origin
Tracecode
Thinkindot-Control
Locid
MIME-Version
Kp-EeAlive
IsBot
CDCHOST
FNAC-ModuleRouting
Path
Pramga
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
Sever-Int
Server-Hostname
Release
Server-Ext
X-Generated-In
X-GeoIP-City
X-Var-Ttl
X-Varnish-Authentication
X-Trace-Id
X-Thinkindot-L3
X-SVT-ORM-VERSION
X-Swa-Ws
X-Varnish-URL
X-Akamai-ERPolicy
X-Nananana
X-Proxy-Cachei7
Cneonction
X-Fastly-Cache-Hits
X-Akamai-ERRuleID
X-Compress-Hint
X-SVT-ORM-RULES
X-Sn-Servicetimems
X-Matched-Rule
X-Nginx-Cache-Key
X-Logging-Id
X-Loc
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Hnp-Log
X-NodeID
X-Origin-Date
X-ServiceProvider
X-SIPLIST1
X-Request-URI
X-RateLimit-Remaining-Second
X-Origin-Expires
X-RateLimit-Limit-Second
Vha6-Origin