Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Pragma
X-Powered-By
ETag
Link
Expect-CT
X-XSS-Protection
Via
CF-RAY
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
P3P
X-Cache-Hits
Alt-Svc
X-Served-By
CF-Ray
X-Xss-Protection
X-Timer
X-Varnish
X-Download-Options
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Check
X-Adblock-Key
X-Request-ID
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-Generator
X-Cacheable
X-Kinja-Server-Push
Timing-Allow-Origin
P3p
X-DNS-Prefetch-Control
X-Iinfo
X-Content-Security-Policy
Status
X-AspNetMvc-Version
Content-Encoding
Upgrade
X-CDN
X-Drupal-Dynamic-Cache
Access-Control-Max-Age
X-Envoy-Upstream-Service-Time
Access-Control-Expose-Headers
Keep-Alive
X-Template
X-Via
X-Language
X-Dns-Prefetch-Control
X-Ws-Request-Id
Feature-Policy
X-Age
X-Backend
X-Cache-Group
X-Hacker
X-Server
X-Amz-Request-Id
X-Robots-Tag
X-Amz-Id-2
X-AH-Environment
X-UA-Device
EagleId
X-Proxy-Cache
Request-Context
X-Turbo-Charged-By
X-Server-Powered-By
Server-Timing
Host-Header
X-Nginx-Cache-Status
Grace
X-Buckets
Report-To
Xkey
X-Page-Speed
X-Rq
X-OneAgent-JS-Injection
X-Varnish-Cache
X-Pingback
X-LiteSpeed-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
Cf-Railgun
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Vhost
X-Amz-Version-Id
Cf-Bgj
X-Host
X-WebKit-CSP
X-Dispatcher
X-Backend-Server
X-Device
NEL
X-Node
Surrogate-Control
X-Ruxit-JS-Agent
X-Cache-Lookup
X-Server-Id
Content-Location
X-Response-Time
Request-Id
X-Origin-Cache
X-Akam-SW-Version
Accept-CH-Lifetime
X-Ac
X-ASPNET-VERSION
EagleEye-TraceId
X-Country
Accept-CH
X-HW
X-Mod-Pagespeed
Rating
X-Readtime
X-Cloud-Trace-Context
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
X-Application-Context
Pinterest-Generated-By
Edge-Control
X-Country-Code
Allow
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-DataDome
X-TtlSet
X-Vname
X-PC
X-Url
X-Varnish-TTL
X-Cnection
X-Origin-Upstream-Status
X-MS-InvokeApp
X-GitHub-Request-Id
Fusion-Content-Id
Fusion-Template-Id
Fusion-Source
Fusion-Component-Id
Fusion-Deployment-Id
Fusion-Content-Source
X-Content-Type
X-D2id
X-Clacks-Overhead
X-Trace
X-ESI
X-Abt-Application-Version
X-Server-Name
Pinterest-Version
X-Pinterest-Rid
X-Middleton-Display
X-Middleton-Response
Response
X-Sol
Display
Pagespeed
X-Px
X-Navigation-Version
X-Vcap-Request-Id
X-FTR-Request-ID
X-Rack-Cache
Verso
X-B3-TraceId
X-DynaTrace
X-Cached
Service-Worker-Allowed
X-Webkit-CSP
MS-Author-Via
X-Element-Page-Cache
X-Fastly-Request-ID
X-Client-IP
Arr-Disable-Session-Affinity
X-Cache-TTL
X-Dw-Request-Base-Id
X-Powered-By-Plesk
X-TTL
Content-MD5
X-Upstream
X-Version
X-SharePointHealthScore
SPRequestGuid
AR-PoweredBy
AR-Request-ID
AR-ATIME
X-Forwarded-Proto
AR-CACHE
Fastly-Restarts
Ar-Sid
X-FastCGI-Cache
X-NF-Request-ID
X-Debug
X-VARITI-CCR
X-Exp-Variant
X-GoogleNews-Bot
X-Exp-Id
X-Use-Magma
X-Kinja-Server
X-Kinja-Build
X-Kinja
X-Kinja-Revision
X-Cdn-Fetch
X-CST
Accept-Ch
X-T
X-Goog-Hash
X-Jurisdiction
X-Powered-CMS
Access-Control-Request-Method
X-XRDS-Location
X-MSEdge-Ref
TP-Cache
TP-L2-Cache
X-Release
X-Content-Digest
S
X-Edge
SPRequestDuration
SPIisLatency
TCN
X-Amz-Rid
X-Ttl
X-Pinterest-Direct
RTSS
X-NWS-LOG-UUID
Cache-Tag
X-Server-ID
X-PressLabs-Stats
Public-Key-Pins
X-Node-Name
X-Ezoic-Cdn
Fastcgi-Cache
X-Yandex-Sdch-Disable
X-Request-Received
X-Request-Processing-Time
X-Cache-Key
Server-Node
X-Mid
X-MCACHE
X-Accel-Expires
Front-End-Https
X-Amzn-Trace-Id
X-Logged-In
X-Ser
X-Microsite
X-Request-Handler-Origin-Region
X-Recruiting
X-Cache-Hit
ServerID
X-Kinsta-Cache
X-Ratelimit-Remaining
X-Origin-Server
X-Page-Id
Mrf-Cache-Status
MRF-Tech
X-B3-TraceId-Primal
Accept-Charset
X-SRCache-Fetch-Status
X-SRCache-Store-Status
Host
X-Mg-S
Alternate-Protocol
Accept-Ch-Lifetime
X-B
X-Content-Security-Policy-Report-Only
X-Varnish-Age
X-Forwarded-For
X-Mobile-URL
X-ECACHE
X-Grace
X-Shield-Request-Id
X-Hostname
Nginx-Cache
X-Amz-Server-Side-Encryption
X-DIS-Request-ID
X-Ratelimit-Limit
Edge-Cache-Tag
X-FTR-Cache-Status
X-FTR-DC
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-Backend
X-Country-Code-Real
Filterid
X-FTR-Realm
X-FTR-Expires
X-FireWall-Port
Realpath
X-HP-Webp
X-Seen-By
X-Load-Cache
X-Content-Options
X-Git-Hash
X-Hits
X-F-Cache
X-LB-Cache
X-AppVersion
X-Activity-Id
X-Az
X-N
X-App-Environment
X-Jobs
X-Request-Guid
X-Type
MicrosoftSharePointTeamServices
Fastcgi-Useragent
Paypal-Debug-Id
X-Varnish-Backend
X-Varnish-Grace
X-Rid
X-Daa-Tunnel
Cache-Tags
X-WebKit-CSP-Report-Only
X-Zen-Fury
X-Id
X-Upgrade-Enabled
X-Proxy
X-TEC-API-ROOT
X-Kong-Proxy-Latency
DynaTrace
Cleartype
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-Kong-Upstream-Latency
Access-Control-Allow-Method
X-Cached-By
X-FB-Debug
X-Akamai-Edgescape
X-App-Server
X-Amz-Meta-S3cmd-Attrs
X-Cache-Age
DC
X-Geo-Country
X-Cache-Operation
X-Cache-Rule
Powered-By-ChinaCache
X-Host-Name
X-Correlation-ID
Content-Disposition
X-Respond-Thread
X-HS-Content-Id
X-HS-Cache-Config
X-HS-Hub-Id
X-Content-Powered-By
X-User-Agent
X-HS-Combine-CSS
X-Goog-Metageneration
X-Goog-Storage-Class
X-GUploader-UploadID
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-IPLB-Instance
X-B3-Sampled
X-Response-Served-From
X-Accel-Buffering
X-Original-Request-Id
X-Wix-Request-Id
X-Signature
MS-CV
Healthy
X-AOL-HN
X-B-Cache
X-Debug-Info
X-Whom
AMP-Access-Control-Allow-Source-Origin
Akamai-Age-Ms
X-Region
X-HTML-Minification-Powered-By
Payment
X-FW-Dynamic
X-FW-Hash
X-FW-Serve
X-FW-Static
X-FW-Server
X-Distributor
X-Rule
X-Ua
X-UUID
X-FW-Type
X-Endurance-Cache-Level
X-Rendered-As
X-Cacheable-TTL
X-Is-Bot
X-Mobile
X-Cache-Time
X-Instance
Refresh
X-VCache
NGB
X-Frontend
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-Tumblr-User
X-Tumblr-Pixel
X-Tumblr-Pixel-0
Datacenter
X-Amz-Apigw-Id
X-Amzn-RequestId
Surrogate-Key
X-Via-JSL
Countrycode
S-Cnection
X-Acc-Debug-Context
X-XRDS-LOCATION
X-App-Version
Nel
Filters
Viewport
PB-RID
PB-PID
Arc-Version
X-Backend-Name
X-Varnish-Server
X-Protected-By
Liferay-Portal
X-Ah-Environment
Charset
X-Oneagent-Js-Injection
X-Tec-Api-Root
X-Tec-Api-Origin
X-Tec-Api-Version
X-Hyper-Cache
X-PHP-Backend
X-Cache-Expired-At
X-Cache-Server
X-Azure-Ref
Retry-After
X-NewRelic-App-Data
Section-Io-Cache
X-Amz-Replication-Status
X-Litespeed-Cache
X-Cache-Action
X-Fastcgi-Cache
Referer-Policy
X-Sucuri-ID
X-Source
X-DynaTrace-JS-Agent
X-Proxy-Cache-Status
X-Cache-Control
X-WA-Info
GEO-INFO
X-EdgeConnect-Cache-Status
Powered
X-ProcessESI
X-L-Path
X-Environment-Context
X-Framework
Eomportal-Instance
Version
X-RemovedCookies
X-Cache-Var
X-Cache-Var-Map
Meta-Geo
X-Real-IP
X-Yottaa-Optimizations
X-RN-RSRV
X-Yottaa-Metrics
X-Mode
X-Unique-Id
X-Revision
Ms-Operation-Id
X-GeoIP
X-RTag
X-From
X-Time
X-ES-SERVER
X-Xfnlog-Site
X-BYPASS-REASON
X-Air-Hostname
Uber-Trace-Id
X-Cache-Host
X-R9-Blue-Green-Version
X-ProxyCache-Status
X-ProxyCache-Key
X-Time-Microsecs
X-Qloud-Router
X-Correlation-Id
Ec-Rule-Version
DB-Nickname
X-Human
X-OCL
Cache-Tv-Group
X-VWS-Id
Mn-Server-Ip
X-PCL
X-Labrador-Cache-Channel
X-LJ-Flow-ID
X-PHP-Host
Server-Name
X-FB-TRIP-ID
X-Server-W
X-Hp-Webp
X-AWS-Id
X-Cluster
X-Cache-TTL-Remaining
X-FW-Version
X-Debug-Cache
Frame-Options
Property-Id
X-Proxy-Build
X-Proxied
X-Redis-Cache
X-Timing-Wait
X-Routing-Service
X-Origin-Hint
X-Site-Version
X-Loop
X-Handled-By
X-Hl-Ver
X-Hosted-By
X-TNCMS
TWC-GeoIP-LatLong
X-CSRF-Token
TWC-Privacy
X-Amzn-Remapped-Content-Length
TWC-Locale-Group
TWC-GeoIP-Country
Webcakes-App-Name
Selected-Fe
X-NYM-Debug-Backend
Webcakes-App-Version
X-Zipkin-Id
Webcakes-Region
TWC-Device-Class
TWC-Connection-Speed
X-Locale
X-Status
X-Access
X-BCube-Filmed-By
X-Generated-By
X-ServerID
X-Via-Fastly
X-Section
X-Format
X-Detected-As
X-Proto
X-Drupal-Cache-Contexts
X-Be
X-Device-Type
X-Sucuri-Cache
Cross-Origin-Window-Policy
Cache
X-Cache-PHP
FSS-Cache
X-JoinUs
X-No-Session
X-ATG-Version
X-SaId
X-Ratelimit-Reset
X-FTR-Cache-Host
X-Contextid
X-Drupal-Cache-Tags
From-Origin
Webserver
X-Varnish-Cache-Hits
X-CDN-Forward
X-URL
X-NCache
CF-Cached-On
X-Origin
X-NWS-UUID-VERIFY
X-Adobe-Loc
X-Adobe-Content
X-NC
X-AIR-PT
OT-Force-Account-Verify
X-Oss-Server-Time
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-Oss-Storage-Class
X-Oss-Request-Id
X-TA-CDN-Provider
X-GoCache-CacheStatus
X-Tt-Trace-Tag
Azure-SlotName
Azure-Version
X-TT
CACHE
Azure-SiteName
X-Tt-Trace-Host
X-IPS-LoggedIn
Azure-RegionName
Azure-InstanceId
X-Akamai-Transformed
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-EIG-Tracking-Id
X-Bc-Bl
X-IP
X-Cache-Enabled
X-EC-Lua
X-TIME
X-Esi
Access-Control-Request-Headers
X-Backend-Host
X-APP-VERSION
X-ECache
SD-X-WS
X-CCM
X-Adobe-Source
X-Ruxit-Js-Agent
X-Cache-2
Upgrade-Insecure-Requests
X-Tumblr-Pixel-3
X-Cache-Backend
X-Cdn
X-ApacheServer
X-Alternate-Cache-Key
X-Vgn-Hpd-Cached
X-ShardId
X-Vgn-Hpd-Variations-Key
X-Viewer-Country
X-Backend-TTL
X-Storefront-Renderer-Rendered
X-Cache-Grace
X-ShopId
X-PERF
X-Pubstack
Node
X-Shopify-Stage
X-Forwarded-Host
X-Soup
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-ARC
Apple-News-Services-Host
Apple-News-Services-Handled
Apple-News-Services-Parsed-Url
X-Application
MD5-Digest
X-A-Wwc
Mobile-Detection-Method
X-A-Dgt
Machine
X-A-Dcw
X-B-Cookie
X-Accel-Expires-Debug
X-Aed
X-External-Request-Id
X-G
X-A-Dam
Apple-News-Services-Request-Url
Cache-Status
X-A
X-CF-Lambda-Fn
X-CF-Lambda-Version
Fastly-SSL
X-Cache-NE
X-Storage
X-SayCDN-TTL
X-Say-TTL
X-Say-Cacheable
X-Cluster-Name
DCR-Decision-By
Decoy-Debug-TTL
Fastcgi-X-Cache-Version
X-D
X-Web-Node
X-Date
X-Connection-Hash
DCR-Processing-Time-Ms
X-A-Ccd
Decoy-Debug-Status
Decoy-Debug-Key
X-Varnishpool
X-Destination
Meta-Geo-Continent
X-Rojux
X-Rewrite-Enabled
X-S
X-S-Cookie
X-ScT
X-Vtex-Remote-Cache
X-Request-UUID
X-PAYTM-SRV-ID
X-Worker
X-PBS-Appsvrname
X-Processor
Host-ID
X-Vtex-Processado-Em
X-Aspnet-Duration-Ms
X-VG-WebServer
X-Twitter-Response-Tags
X-Vdms-Path
X-Vdms-Version
X-VG-WebCache
X-Trv-Group
X-Transaction
X-Flags
X-Is-Crawler
X-Providence-Cookie
X-Route-Name
Xc-Version
X-RCS-CacheZone
Rendered-Blocks
X-Cache-Config
X-Clara-WADP
X-TX-ID
Adler-Geo
CDN-RequestId
X-Micro-Cache
X-WADP-Cache
X-Servername
Fastly-SWR
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-Cache-Bucket
CDN-RequestCountryCode
X-Fastly-Cache
X-Fmm-Version
CDN-PullZone
X-Variation
X-VG-TLSProxy
X-Envoy-Decorator-Operation
CDN-CachedAt
X-DPWN-IS-SECURE
X-Ms-Version
X-Ms-Request-Id
Is-Eu
CDN-EdgeStorageId
Platform
CDN-Cache
Fastly-SIE
Surrogated-Key
X-Generation-Time
CDN-Uid
CloudFront-Viewer-Country
X-LAGOON
X-UA
Country
X-NGENIX-Cache
Time
C-Via
L
Origin
X-SN
X-Skip-Cache
X-Varnish-Cacheable
NM-Fastcgi-Cache
Gh-Request-Id
X-Auto-Login
X-Backend-State
X-Bip
X-HS-Content-Campaign-Id
Akamai-GRN
X-Thanos
X-Irp-Debug
X-Up
X-Platform-Server
Wxu-Next-Region
X-OVcl
X-Core-Value
X-OVcl-Cache
X-Cms-Context
X-Wikidot-Static-Cache
X-Owner
X-CUA
X-Old-Content-Length
Wxu-Next-Commit
X-Minions-Version
X-Microcachable
X-Dispatcher-Server
Wxu-Next-Hostname
X-Varnish-Ttl
X-Esi-Check
X-Method
X-Platform
X-LI-UUID
X-Request-Start
X-Webstats-RespID
X-Cache-Id
X-UPSTREAM-Address
X-Li-Pop
X-Gzip
X-Req
X-Cache-NGX
X-Policy
X-Li-Fabric
X-Wikidot-Backend
X-Render-Time
Now
X-Varnish-Beresp-Ttl
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
Backend
Ufe-Result
PFcat
Rt-Fastcgi-Cache
We-Hiring
X-HN
X-Reqid
X-Request-Host
X-Mvc-Supplant-Cachable
X-Level-Front-Cache
X-JWT-State
X-Slack-Backend
X-VarnishDD-TTL
X-Varnish-CookieINHashed-On
X-Varnish-Remaining-TTL
X-Varnish-CookieHashed-On
X-DefHash
X-DefElseHash
X-Is-Gdpr
X-Hash
X-Clientip
X-Core-Mission
X-CGP
X-Cdn-Srv
X-Cache-Tags
X-Csrf-Jwt
X-Developers
X-Generated-On
X-Has-Esi
X-Fastly-Backend
X-Eu-Site
X-Edge-Location
X-Cache-Date
X-Cache-URL
Group
Fastly-Drupal-HTML
HA-Ipaddr
Ha-Gx-Prefs
AKAMAI
Country-Code
CacheControlHeader
Mail-Subject
Memcached
Fastly-Backend-Name
L5d-Success-Class
X-CACHE-AGE
X-CS
X-Aicache-OS
X-Amz-Meta-Cb-Modifiedtime
X-Content-Age
X-Geo-Header
FSS-Proxy
X-Gamma-Serve
X-Proxy-Upstream
X-Location
X-Wa
Pagetype
UCS
X-Refresh
X-Cache-Debug
X-Pinterest-Sli-Endpoint-Name
X-Session-Fingerprint
X-Pinterest-Sli-Latency-Threshold
X-Branch-Name
X-Pinterest-Sli-Response-Type
X-NODE
X-PF-Uncompressing
X-Agile-Id
X-Page-View
X-Agile-Age
X-Agile
X-LB-ID
X-BC
X-DC
X-ZONE
X-Via-Poph
X-Via-Popn
HostName
X-B3-Spanid
X-B3-Traceid
X-RateLimit-Remaining
X-GEO
SRV
X-LI-Proto
X-Servedbyhost
NGX
X-Debug-Cache-Store
X-Dc
M-TraceId
X-Debug-Cache-Fetch
X-Datadome
X-Ftr-Cache-Host
X-Mvc-Supplant-OutputCached
X-Ua-Device
Hostname
X-Instart-Request-ID
Arc-Country
Xserver
X-SERVER
X-Via-CDN
X-Cdn-Forward
X-Request-Time
X-Check-Cacheable
X-Edge-Server
X-Varnish-Hostname
Cdn-Host
Viewtype
Cdn-Request-Time
X-Nginx-Cache
VivaBuild
X-Sql-Count
X-Sql-Duration-Ms
X-NU-AKA-ACS-Version
X-SERVER-NAME
X-RunCloud-Cache
X-VCL-Version
X-FPC
X-Zone
X-Bc
X-Via-Ucdn
Srv
X-SRV
Memory
X-APP
WebServer
X-Cluster-Node
X-NGINX-Cache
X-Action
X-LiteSpeed-Cache-Control
X-UnsetCookies
X-DI
X-DB
WWW-Authenticate
X-Vgn-Hpd-Ssi
X-DW
X-RPM
X-CF-Powered-By
X-HS-Status
X-RPS
X-Cache-Remote
X-RSL
X-DSS
X-Cs
X-Www-Served-By
X-ORACLE-APMCS-REQUEST-ID
X-Via-SSL
X-Via-Edge
X-Oss-Cdn-Auth
Actual-Object-TTL
X-LLID
X-Via-Popv
XServer
X-Svr
X-Srv
On-Server
GeoIp-Country-Code
Geoip-Latitude
NtCoent-Length
Edge-Copy-Time
X-MP-GENERATED-AT
ServedBy
X-CSRF-TOKEN
Cache-Hits
X-Geo
X-S-Maxage
SID
X-Vcache
X-Dynatrace-Js-Agent
ProcessTime
Apigw-Requestid
X-We-Are-Hiring
X-Unique-ID
User-Agent
X-Hit
Geo-Info
Sid
GeoIP-Latitude
Processtime
GeoIP-Country-Code
W
X-Akamai-Request-ID2
Server-Info
T-Server
Amp-Access-Control-Allow-Source-Origin
LB
X-FORWARDED-FOR
Ohc-File-Size
X-Pass-Why
X-MSEdge-Features
X-ID
X-MSEdge-Flight
X-Epic-Correlation-Id
X-HOST
X-Presslabs-Stats
CF-IPCountry
X-Envoy-Upstream-Healthchecked-Cluster
X-Tb
N-Cache
Server-Host
S-Rt
Pics-Label
X-FC-Vary-Parameters
X-HITS
X-Varnish-Hits
X-Vcl-Version
X-SB
X-VC
X-Cache-Hm
X-Mobile-Rewrite
X-Fpc
X-Cache-Hfrom
Accept-Language
WZWS-RAY
X-Pjax-Url
Magicmarker
Cdn
X-Nc
X-Webkit-CSP-Report-Only
Protected
X-Fastly-Country-Code
X-Key
Cteonnt-Length
CDN
Esi-Enabled
X-Info
X-Erf-Stays-Bingo-Pdp-Web
A
Ohc-Cache-HIT
X-Uri
X-CACHE-KEY
X-COUNTRY
Origin-Cache-Control
Origin-Edge-Control
Lb
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Newrelic-Synthetics
X-Newrelic-App-Data
X-Instart-Info
X-Dispatch
X-Amzn-Remapped-Date
X-TT-LOGID
X-Via-NSCOPI
Proxy-Firewall
Tracecode
X-Amzn-Remapped-Connection
User-Cache-Control
X-Acc-Rdl
Section-Io-Origin-Time-Seconds
X-Geo-Region
X-Li-Proto
Powered-By
Section-Origin-Responded
X-B3-SpanId
Section-Io-Id
Ssr
X-ServedByHost
X-Provided-By
Odigeo-Trace-Id
Section-Io-Origin-Status
X-StackifyID
DSUID
X-UA-Device-Type
Cache-Name
X-Dynatrace
X-TH-Server
Lfy
Server-Ttl
X-Magnolia-Registration
Cache-Key
X-Akamai-Pragma-Client-IP
X-Served-From
HitType
X-Lb-Id
X-RAMCache
X-Cache-Tag
X-Nyt-Route
Release
Path
Server-Ext
Server-Hostname
Thinkindot-CacheControl
SR-User-Adfree
Sever-Int
MIME-Version
Locid
CDCHOST
X-Origin-CC
X-Men
X-Sigma-Backend
X-Origin-Time
FNAC-ModuleRouting
Thinkindot-CacheControl-Type
IsBot
Instruction
X-Generated
True-Client-Country-4JS
X-Gen-Mode
X-Gdpr
X-Developer
X-Contensis-Viewer-Groups
X-GeoIP-City
X-Hnp-Log
X-Node-Id
X-Nginx-Cache-Key
X-Matched-Rule
X-Loc
X-Cache-Info
X-Cache-Expires
Web-Mar-Node
Vix-Hermes-Req-Id
V-Age
X-Origin-TTL
X-API-Version
X-BBC-Edge-Cache-Status
X-Cache-ASPX
X-Block-Status
X-BBXSRF
Thinkindot-Control
X-Origin-Date
X-Varnish-Authentication
X-Varnish-Url
X-SD-PageType
X-VServer
X-Rocket-Build-Number
X-User
X-TrackingId
Fastcgi-Cache-TTL
X-SRCache-Key
X-Response-By
Cache-Provider
BehaviorPad-Version
X-RateLimit-Remaining-Second
X-Via-PopH
X-Via-PopN
X-Sigma
X-Via-PopV
X-Server-IP
X-Request-URI
X-RateLimit-Limit-Second
X-SIPLIST1
X-Thinkindot-L3
X-No-Cache
X-LiteSpeed-Tag
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-ElasticPress-Query
X-NodeID
X-Generated-In
X-Goog-Meta-Goog-Reserved-File-Mtime
X-ServiceProvider
X-Sn-Servicetimems
X-Fetched-On
X-Batcache
X-Device-Os
X-Azure-Ref-OriginShield
X-Cdn-Origin
X-Traceid
X-Cc-Via
X-Scheme
Cache-Host
X-VC-Cache
X-Cc-Req-Id
X-Cache-Spec
X-Parent-Response-Time
X-Origin-Expires
D-Cc-Upstream
CountryCode
X-Swa-Ws
Kp-EeAlive
Server-ID
X-Tt-Logid
X-Trace-Id
Xet-Cookie
X-Var-Ttl
X-App
Pramga
X-WA
X-Agile-Brick-Ok
Tcn
Req-Svc-Chain
X-Yottaa-OS
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-Planisys-CDN-TTL
Who
X-PJAX-URL
Inserted-Into-Cache-At
X-HostName
X-Pf-Uncompressing
Dnion-Transfer-Encoding
X-RateLimit-Limit
Cf-Alt-Svc
X-Varnish-Beresp-TTL
X-Selected-Scheme
X-Path-Route
X-Selected-Host-Header
X-Selected-Name
X-CacheTTL
X-TraceId
X-B3-Parentspanid
Cf-Device-Type
X-Proxy-Cachei7
X-BBC-Origin-Response-Status
X-Dw-Trace-Id
X-Apw-Access-Token
X-Apw-Access-Object
X-Apw-Hits
X-Request-URL
X-Snapshot-Date
Source
X-Apw-Access-Action
X-Vgn-Hpd-Reason
X-MiniProfiler-Ids
Resin-Trace
Mime-Version
X-C
PICS-Label
Pragrma
Vha6-Origin