Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Pragma
X-Powered-By
ETag
Link
Expect-CT
X-XSS-Protection
Via
Age
CF-RAY
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-Xss-Protection
Alt-Svc
X-Served-By
CF-Ray
X-Timer
X-Varnish
X-Download-Options
Access-Control-Allow-Methods
Access-Control-Allow-Headers
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Adblock-Key
X-Check
X-Permitted-Cross-Domain-Policies
X-Request-ID
X-Cache-Status
X-Generator
P3p
X-Cacheable
X-Kinja-Server-Push
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Iinfo
X-Content-Security-Policy
Status
X-AspNetMvc-Version
Upgrade
X-Template
Content-Encoding
X-Language
X-CDN
Access-Control-Max-Age
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
X-Envoy-Upstream-Service-Time
Keep-Alive
X-Via
X-Ws-Request-Id
X-Buckets
X-Age
Feature-Policy
X-Backend
X-AH-Environment
X-UA-Device
X-Hacker
X-Cache-Group
X-Robots-Tag
EagleId
X-Amz-Request-Id
X-Amz-Id-2
X-Server
X-Proxy-Cache
X-Dns-Prefetch-Control
X-Turbo-Charged-By
X-Server-Powered-By
Request-Context
Server-Timing
Host-Header
X-Nginx-Cache-Status
Grace
Xkey
Report-To
X-Page-Speed
X-Rq
Cf-Bgj
X-LiteSpeed-Cache
X-Varnish-Cache
X-OneAgent-JS-Injection
X-Pingback
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
Cf-Railgun
X-WebKit-CSP
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Amz-Version-Id
X-Vhost
X-Dispatcher
X-Host
NEL
X-Device
X-Backend-Server
X-Node
Surrogate-Control
X-Cache-Lookup
X-Origin-Cache
X-Response-Time
X-Ruxit-JS-Agent
Content-Location
X-Akam-SW-Version
Request-Id
X-ASPNET-VERSION
X-Ac
X-Server-Id
Akamai-Age-Ms
X-Country
X-Mod-Pagespeed
X-HW
Rating
EagleEye-TraceId
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
X-Readtime
X-Cloud-Trace-Context
Accept-CH-Lifetime
Pinterest-Generated-By
X-Application-Context
X-Origin-Upstream-Status
Edge-Control
Accept-CH
X-Country-Code
X-DataDome
X-Url
X-PC
X-TtlSet
X-Vname
Fusion-Content-Id
Fusion-Content-Source
Fusion-Template-Id
Fusion-Component-Id
Fusion-Source
Fusion-Deployment-Id
X-Varnish-TTL
X-Cnection
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-D2id
X-ESI
X-GitHub-Request-Id
X-Server-Name
X-MS-InvokeApp
Accept-Ch
X-Clacks-Overhead
X-Content-Type
X-Navigation-Version
X-FTR-Request-ID
X-Abt-Application-Version
Verso
X-Vcap-Request-Id
X-Trace
X-Px
Pinterest-Version
X-Pinterest-Rid
Allow
X-B3-TraceId
X-Sol
X-Middleton-Display
Response
Pagespeed
Display
X-Middleton-Response
X-Cached
X-Element-Page-Cache
X-DynaTrace
X-Rack-Cache
Service-Worker-Allowed
X-Fastly-Request-ID
Accept-Ch-Lifetime
X-TTL
X-Server-ID
X-Client-IP
X-Cache-TTL
X-Powered-By-Plesk
X-Version
MS-Author-Via
Arr-Disable-Session-Affinity
X-Forwarded-Proto
X-T
X-Upstream
X-NF-Request-ID
X-Debug
Content-MD5
Fastly-Restarts
SPRequestGuid
X-Dw-Request-Base-Id
X-SharePointHealthScore
AR-ATIME
Ar-Sid
AR-CACHE
AR-Request-ID
AR-PoweredBy
X-VARITI-CCR
X-Jurisdiction
X-Exp-Variant
X-Exp-Id
X-Kinja-Build
X-GoogleNews-Bot
X-Use-Magma
X-Kinja-Server
X-Cdn-Fetch
X-Kinja
X-Kinja-Revision
Access-Control-Request-Method
X-Goog-Hash
X-Powered-CMS
X-Content-Digest
TP-L2-Cache
TP-Cache
X-PressLabs-Stats
X-XRDS-Location
X-Release
X-NWS-LOG-UUID
X-Edge
X-MSEdge-Ref
RTSS
X-Amz-Rid
SPIisLatency
SPRequestDuration
Cache-Tag
Public-Key-Pins
Fastcgi-Cache
TCN
X-Request-Received
X-Request-Processing-Time
S
X-Yandex-Sdch-Disable
X-FastCGI-Cache
X-Accel-Expires
X-Mid
X-MCACHE
X-Cache-Hit
X-Ezoic-Cdn
X-Ttl
ServerID
Server-Node
X-Logged-In
X-Amzn-Trace-Id
X-Cache-Key
X-Node-Name
X-Ratelimit-Remaining
Alternate-Protocol
Front-End-Https
X-Microsite
X-Request-Handler-Origin-Region
X-Ser
X-Pinterest-Direct
X-ECACHE
X-Webkit-CSP
X-Recruiting
X-Origin-Server
X-Kinsta-Cache
X-Page-Id
X-B
X-Mobile-URL
Host
Accept-Charset
X-Ratelimit-Limit
Realpath
X-Forwarded-For
X-Hostname
X-FTR-Backend-Server
X-Country-Code-Real
X-FTR-Balancer
X-FTR-Backend
X-FTR-DC
X-FireWall-Port
X-FTR-Realm
X-FTR-Expires
X-FTR-Cache-Status
X-Content-Security-Policy-Report-Only
X-SRCache-Store-Status
X-SRCache-Fetch-Status
Nginx-Cache
X-Load-Cache
X-Seen-By
Filterid
X-Jobs
X-Varnish-Age
Mrf-Cache-Status
X-B3-TraceId-Primal
MRF-Tech
X-CST
X-Content-Options
X-Id
X-DIS-Request-ID
X-Shield-Request-Id
X-Activity-Id
X-Az
X-AppVersion
X-Daa-Tunnel
Paypal-Debug-Id
X-Zen-Fury
X-F-Cache
X-App-Environment
X-Type
Edge-Cache-Tag
X-LB-Cache
X-Rid
X-Git-Hash
X-Varnish-Backend
X-N
X-Varnish-Grace
X-Grace
X-Request-Guid
X-Correlation-ID
X-FB-Debug
X-Hits
X-Amz-Server-Side-Encryption
X-App-Server
X-Proxy
Fastcgi-Useragent
AMP-Access-Control-Allow-Source-Origin
X-Cdn
DC
X-Akamai-Edgescape
X-WebKit-CSP-Report-Only
Content-Disposition
X-Endurance-Cache-Level
Cache-Tags
X-Hp-Webp
X-Content-Powered-By
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
DynaTrace
X-Cache-Rule
X-Cache-Operation
Access-Control-Allow-Method
X-Upgrade-Enabled
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Mg-S
X-VCache
X-Geo-Country
Cleartype
MicrosoftSharePointTeamServices
X-Wix-Request-Id
X-Cached-By
Powered
X-Original-Request-Id
X-Response-Served-From
Refresh
X-Accel-Buffering
X-Amz-Meta-S3cmd-Attrs
X-XRDS-LOCATION
X-IPLB-Instance
X-B3-Sampled
NGB
X-User-Agent
MS-CV
X-Amz-Apigw-Id
X-Fastcgi-Cache
X-HS-Combine-CSS
X-HS-Cache-Config
X-HS-Content-Id
X-HS-Hub-Id
X-AOL-HN
X-Amzn-RequestId
X-Tumblr-Pixel
X-Tumblr-User
Healthy
Payment
X-Region
X-Rule
X-B-Cache
X-Signature
X-Tumblr-Pixel-0
X-GUploader-UploadID
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-Host-Name
X-Whom
X-HTML-Minification-Powered-By
X-UUID
X-FW-Serve
X-FW-Server
X-FW-Static
X-FW-Type
X-Cache-Time
X-FW-Hash
X-Distributor
X-FW-Dynamic
X-Instance
X-Cacheable-TTL
X-Rendered-As
Datacenter
X-Is-Bot
X-Frontend
PB-RID
Arc-Version
PB-PID
Countrycode
X-Varnish-Server
X-Mobile
Surrogate-Key
X-Debug-Info
X-Ua
X-Cache-Age
X-HP-Webp
X-DynaTrace-JS-Agent
X-Oneagent-Js-Injection
X-Tec-Api-Version
X-PHP-Backend
X-Tec-Api-Origin
X-Tec-Api-Root
X-App-Version
X-NewRelic-App-Data
X-Azure-Ref
X-Backend-Name
X-Via-JSL
Cache
S-Cnection
X-Cache-Server
X-FTR-Cache-Host
X-WA-Info
Powered-By-ChinaCache
X-Protected-By
X-Time
X-Hyper-Cache
Referer-Policy
X-Cache-Control
Webserver
Retry-After
From-Origin
X-Respond-Thread
Filters
Charset
Liferay-Portal
Viewport
X-EdgeConnect-Cache-Status
X-SERVER
X-ProcessESI
X-RemovedCookies
X-Proxy-Cache-Status
X-CSRF-Token
X-Cache-Expired-At
Eomportal-Instance
Meta-Geo
X-Revision
X-GeoIP
X-Cache-Var-Map
X-Cache-Action
X-R9-Blue-Green-Version
Section-Io-Cache
X-Cache-Var
X-RN-RSRV
X-ES-SERVER
X-Source
X-Mode
X-Debug-Cache
X-FB-TRIP-ID
X-Ruxit-Js-Agent
X-Server-W
X-Framework
X-Qloud-Router
X-RTag
X-Amz-Replication-Status
X-Device-Type
X-Sucuri-ID
X-From
Ms-Operation-Id
X-Environment-Context
X-Locale
X-Time-Microsecs
X-Site-Version
X-L-Path
X-Ratelimit-Reset
TWC-GeoIP-Country
TWC-GeoIP-LatLong
TWC-Device-Class
TWC-Connection-Speed
X-PCL
X-Origin-Hint
TWC-Locale-Group
TWC-Privacy
X-AWS-Id
X-BYPASS-REASON
X-LJ-Flow-ID
Webcakes-Region
Webcakes-App-Name
Webcakes-App-Version
Property-Id
X-OCL
X-VWS-Id
X-ProxyCache-Status
DB-Nickname
Mn-Server-Ip
X-Via-Fastly
X-ProxyCache-Key
X-Proxied
X-FW-Version
X-ServerID
Cross-Origin-Window-Policy
X-Hl-Ver
X-Cache-Host
X-Routing-Service
X-Timing-Wait
X-Zipkin-Id
X-Handled-By
X-Proxy-Build
Cache-Tv-Group
X-Status
X-Amzn-Remapped-Content-Length
Selected-Fe
X-Acc-Debug-Context
X-Access
X-Real-IP
X-Format
X-SaId
X-Redis-Cache
X-Section
X-JoinUs
X-Human
X-Cluster
X-Hosted-By
X-Labrador-Cache-Channel
X-Varnish-Cache-Hits
X-Yottaa-Metrics
X-Be
X-Yottaa-Optimizations
X-Proto
X-Xfnlog-Site
X-NYM-Debug-Backend
X-PHP-Host
Uber-Trace-Id
X-Generated-By
X-Loop
Ec-Rule-Version
X-TA-CDN-Provider
X-TNCMS
X-BCube-Filmed-By
X-NWS-UUID-VERIFY
X-Detected-As
X-Origin
CF-Cached-On
Frame-Options
Nel
X-Cache-TTL-Remaining
Server-Name
X-ATG-Version
X-NCache
X-No-Session
Version
X-Cache-PHP
FSS-Cache
X-Sucuri-Cache
X-Instart-Request-ID
X-Contextid
X-EIG-Tracking-Id
X-URL
X-Tt-Trace-Tag
X-Air-Hostname
X-Tt-Trace-Host
X-IPS-LoggedIn
X-Drupal-Cache-Tags
X-Drupal-Cache-Contexts
X-EC-Lua
X-Vgn-Hpd-Variations-Key
X-Vgn-Hpd-Cached
GEO-INFO
Now
X-Cache-Enabled
X-Unique-Id
X-IP
X-Tumblr-Pixel-3
X-Bc-Bl
X-CACHE-AGE
X-Litespeed-Cache
Time
X-Akamai-Transformed
X-TT
X-Backend-Host
X-Cache-Backend
Node
OT-Force-Account-Verify
X-Correlation-Id
Azure-Version
X-GoCache-CacheStatus
X-RCS-CacheZone
Azure-SlotName
Azure-RegionName
Azure-InstanceId
Azure-SiteName
X-Adobe-Loc
X-Adobe-Content
X-TIME
Access-Control-Request-Headers
X-NGENIX-Cache
X-UA
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Cache-NE
X-Oss-Server-Time
X-Oss-Request-Id
X-Oss-Storage-Class
X-APP-VERSION
X-CDN-Forward
X-Pubstack
X-CCM
X-Adobe-Source
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-Destination
Meta-Geo-Continent
X-External-Request-Id
X-G
MD5-Digest
Machine
DCR-Decision-By
X-Minions-Version
DCR-Processing-Time-Ms
Fastcgi-X-Cache-Version
X-Date
Host-ID
X-Generation-Time
X-CF-Lambda-Version
X-A-Wwc
X-Accel-Expires-Debug
X-Aed
X-A-Dgt
X-A-Dcw
X-A
X-A-Ccd
X-A-Dam
X-Application
X-ARC
Rendered-Blocks
X-Connection-Hash
Mobile-Detection-Method
Surrogated-Key
X-OVcl
X-B-Cookie
X-CF-Lambda-Fn
X-D
X-OVcl-Cache
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
X-Transaction
X-ScT
X-S-Cookie
X-Rojux
X-S
X-Trv-Group
X-Twitter-Response-Tags
X-VG-WebCache
X-VG-WebServer
X-Vtex-Processado-Em
Apple-News-Services-Request-Url
X-Vdms-Version
X-Up
X-Vdms-Path
X-Vtex-Remote-Cache
X-Rewrite-Enabled
X-PAYTM-SRV-ID
X-PBS-Appsvrname
X-Processor
Apple-News-Services-Handled
CloudFront-Viewer-Country
X-Worker
Xc-Version
X-PERF
X-Viewer-Country
X-Varnishpool
X-Sorting-Hat-ShopId
X-Storefront-Renderer-Rendered
X-Alternate-Cache-Key
X-ShopId
X-ShardId
X-Forwarded-Host
X-Shopify-Stage
X-ApacheServer
X-Cache-2
X-Sorting-Hat-PodId
We-Hiring
Wxu-Next-Commit
AKAMAI
NM-Fastcgi-Cache
Mail-Subject
CDN-RequestId
Fastly-SSL
CDN-Uid
CDN-RequestCountryCode
CDN-PullZone
CDN-Cache
CDN-CachedAt
Wxu-Next-Hostname
CDN-EdgeStorageId
CacheControlHeader
X-Fmm-Version
X-Render-Time
X-Req
X-Reqid
X-Platform
X-Owner
X-Micro-Cache
X-Microcachable
X-SN
X-Soup
X-Webstats-RespID
SD-X-WS
X-Request-UUID
X-WADP-Cache
X-VG-TLSProxy
X-Storage
X-Thanos
X-Method
X-Level-Front-Cache
X-Cache-Bucket
X-Cache-Grace
X-Clara-WADP
X-Bip
X-Agile-Id
X-Agile
X-Agile-Age
X-Cms-Context
X-Core-Value
X-Hash
X-HS-Content-Campaign-Id
X-Generated-On
X-Envoy-Decorator-Operation
X-CUA
X-Dispatcher-Server
Wxu-Next-Region
X-Edge-Location
X-Dc
X-TX-ID
X-Varnish-Ttl
HostName
X-Varnish-Beresp-Ttl
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-AIR-PT
Decoy-Debug-TTL
X-Cdn-Forward
Decoy-Debug-Status
Decoy-Debug-Key
Akamai-GRN
HA-Ipaddr
Ha-Gx-Prefs
X-Developers
X-Backend-TTL
L5d-Success-Class
X-Gamma-Serve
Group
Gh-Request-Id
X-HN
Country-Code
X-Geo-Header
Fastly-Drupal-HTML
X-DPWN-IS-SECURE
X-Fastly-Cache
M-TraceId
Fastly-SIE
PFcat
X-VarnishDD-TTL
Ufe-Result
Adler-Geo
Fastly-SWR
Pagetype
X-VHOST
X-Eu-Site
Platform
X-Varnish-Cacheable
Is-Eu
Country
X-Gzip
X-Cache-NGX
X-Servername
X-Cache-Id
Backend
Cache-Status
X-Core-Mission
X-Skip-Cache
X-Variation
X-Location
X-Cluster-Name
X-CGP
X-Cdn-Srv
X-Cache-URL
X-Rebelmouse-Surrogate-Control
X-Cache-Config
X-Proxy-Upstream
X-Rebelmouse-Cache-Control
X-Amz-Meta-Cb-Modifiedtime
X-Esi-Check
X-Policy
X-Auto-Login
X-Csrf-Jwt
X-RateLimit-Remaining
X-NC
X-SayCDN-TTL
X-Content-Age
UCS
X-Web-Node
X-Say-Cacheable
X-Request-Host
X-Old-Content-Length
X-Irp-Debug
X-Slack-Backend
X-CS
X-Say-TTL
X-Wikidot-Backend
X-Esi
X-Request-Start
X-Clientip
X-Cache-Tags
X-Cache-Date
X-LI-UUID
X-Fastly-Backend
X-JWT-State
X-Is-Gdpr
X-Has-Esi
X-Li-Fabric
X-Li-Pop
X-Backend-State
Rt-Fastcgi-Cache
Fastly-Backend-Name
X-Wikidot-Static-Cache
L
C-Via
Memcached
X-ORACLE-APMCS-REQUEST-ID
X-Ms-Version
Actual-Object-TTL
X-Ms-Request-Id
X-Refresh
X-PF-Uncompressing
X-Mvc-Supplant-Cachable
Origin
Arc-Country
X-NODE
X-LB-ID
X-Wa
X-B3-Spanid
VivaBuild
Viewtype
X-Aicache-OS
X-BC
NGX
X-ZONE
Srv
X-Via-Popn
X-Via-Ucdn
X-RunCloud-Cache
X-Via-Poph
X-Ah-Environment
FSS-Proxy
Geo-Info
X-Platform-Server
X-LAGOON
X-Unique-ID
X-DefHash
X-Varnish-Remaining-TTL
X-Varnish-CookieHashed-On
X-Varnish-CookieINHashed-On
X-DefElseHash
X-Srv
Upgrade-Insecure-Requests
X-Branch-Name
X-Edge-Server
Cdn-Host
X-Mvc-Supplant-OutputCached
Cdn-Request-Time
X-LI-Proto
Memory
X-Servedbyhost
X-Vgn-Hpd-Ssi
X-UPSTREAM-Address
X-ECache
X-Zone
X-Session-Fingerprint
X-Bc
X-Cache-Debug
X-Mobile-Rewrite
X-Geo
X-Request-Time
X-LiteSpeed-Cache-Control
Sid
X-Cluster-Node
Server-Info
X-Action
X-FC-Vary-Parameters
X-APP
X-Nginx-Cache
X-Debug-Cache-Fetch
X-Akamai-Request-ID2
X-Epic-Correlation-Id
X-Debug-Cache-Store
CACHE
Xserver
X-Hit
X-Via-Popv
X-DI
X-RPM
X-FPC
X-CF-Powered-By
X-DSS
X-RPS
X-Cs
X-RSL
X-B3-Traceid
WWW-Authenticate
X-DW
X-DB
X-Varnish-Hostname
X-NGINX-Cache
X-Nc
Apigw-Requestid
X-Route-Name
NtCoent-Length
X-Providence-Cookie
X-Flags
X-Aspnet-Duration-Ms
X-Is-Crawler
X-MP-GENERATED-AT
X-HS-Status
X-Oss-Cdn-Auth
Hostname
X-GEO
X-Vcache
X-DC
GeoIp-Country-Code
X-Vcl-Version
Geoip-Latitude
User-Agent
X-Ftr-Cache-Host
X-Datadome
X-CSRF-TOKEN
XServer
Processtime
X-Check-Cacheable
X-VCL-Version
Origin-Edge-Control
ProcessTime
GeoIP-Latitude
GeoIP-Country-Code
X-SERVER-NAME
Origin-Cache-Control
CF-IPCountry
X-FORWARDED-FOR
X-Key
X-Dynatrace-Js-Agent
X-Dispatch
X-Page-View
Accept-Language
X-Tb
X-NU-AKA-ACS-Version
X-HOST
X-Fpc
X-Envoy-Upstream-Healthchecked-Cluster
Esi-Enabled
X-Via-CDN
X-UnsetCookies
SID
HitType
X-HITS
X-Webkit-CSP-Report-Only
SRV
X-Via-Edge
X-Fastly-Country-Code
Edge-Copy-Time
Cdn
X-Svr
Proxy-Firewall
X-Via-SSL
X-App
X-Cache-Hfrom
W
X-Cache-Hm
WebServer
X-Generated
Fastcgi-Cache-TTL
X-We-Are-Hiring
A
On-Server
X-Www-Served-By
X-Path-Route
X-Pass-Why
X-Sql-Count
X-Sql-Duration-Ms
S-Rt
X-RAMCache
BehaviorPad-Version
X-CACHE-KEY
LB
X-COUNTRY
Cteonnt-Length
CDN
Lb
Cache-Hits
Amp-Access-Control-Allow-Source-Origin
Ohc-File-Size
ServedBy
X-Geo-Region
X-TrackingId
Xet-Cookie
Powered-By
X-MSEdge-Features
T-Server
X-Newrelic-App-Data
X-Instart-Info
X-Amzn-Remapped-Connection
X-Amzn-Remapped-Date
X-SRV
X-MSEdge-Flight
X-Pjax-Url
N-Cache
X-Newrelic-Synthetics
X-Cache-Remote
X-S-Maxage
Server-Host
X-ServedByHost
X-Li-Proto
X-Dynatrace
X-Origin-Response-Time
Magicmarker
X-Akamai-Pragma-Client-IP
X-Batcache
X-TH-Server
X-HostName
Pics-Label
Content-Script-Type
Content-Style-Type
X-LiteSpeed-Tag
Cache-Key
WZWS-RAY
Tcn
X-Served-From
X-Via-PopH
Dnion-Transfer-Encoding
X-Via-NSCOPI
X-RateLimit-Limit
Odigeo-Trace-Id
X-StackifyID
Cache-Provider
X-TT-LOGID
X-Region-Sid
X-B3-SpanId
X-Via-PopN
X-Via-PopV
X-SB
Ohc-Cache-HIT
X-Lb-Id
X-VC
User-Cache-Control
X-Presslabs-Stats
X-Cache-Tag
X-Planisys-CDN-Rules
X-WA
X-Planisys-CDN-TTL
X-Varnish-Hits
X-Tt-Logid
Server-Ttl
X-Agile-Brick-Ok
X-ID
Cf-Alt-Svc
X-Info
X-Planisys-CDN-Cache
Load-Balancing
X-Vgn-Hpd-Reason
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Origin-TTL
X-Parent-Response-Time
X-SRCache-Key
GEO-REGION-INFO
X-Origin-CC
AsisCache
X-Developer
Inserted-Into-Cache-At
X-Pf-Uncompressing
X-Magnolia-Registration
Who
X-Tid
X-Yottaa-OS
X-DevSite-Last-Modified
X-Pad
X-Selected-Host-Header
X-Selected-Name
Protected
Section-Io-Id
X-BACKEND-TTL
X-Selected-Scheme
DSUID
Proxy-Connection
X-ElasticPress-Query
Section-Io-Origin-Time-Seconds
CountryCode
Cache-Name
Source
Section-Origin-Responded
Section-Io-Origin-Status
X-UA-Device-Type
Mime-Version
X-MiniProfiler-Ids
Pragrma
X-Uri
X-Apw-Access-Token
X-Dw-Trace-Id
X-Apw-Access-Object
X-Apw-Access-Action
X-PJAX-URL
X-Request-URL
X-Apw-Hits
X-Varnish-Beresp-TTL
PICS-Label
URI
X-C
X-Request-URI
X-Azure-Ref-OriginShield
X-BBXSRF
X-Akamai-Request-ID
Web-Mar-Node
V-Age
Vix-Hermes-Req-Id
X-Block-Status
X-Cache-ASPX
X-Device-Os
X-Fetched-On
X-Contensis-Viewer-Groups
X-Cdn-Request-ID
X-Cache-Info
X-Cdn-Origin
Tracecode
Thinkindot-Control
Locid
MIME-Version
Kp-EeAlive
IsBot
CDCHOST
FNAC-ModuleRouting
Path
Pramga
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
Sever-Int
Server-Hostname
Release
Server-Ext
X-Gen-Mode
X-Generated-In
X-Var-Ttl
X-Varnish-Authentication
X-Trace-Id
X-Thinkindot-L3
X-SVT-ORM-VERSION
X-Swa-Ws
X-Varnish-URL
X-Akamai-ERPolicy
X-Nananana
X-Proxy-Cachei7
Cneonction
X-Fastly-Cache-Hits
X-Akamai-ERRuleID
X-Compress-Hint
X-SVT-ORM-RULES
X-Sn-Servicetimems
X-Logging-Id
X-Matched-Rule
X-Loc
X-Hnp-Log
X-GeoIP-City
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Nginx-Cache-Key
X-NodeID
X-ServiceProvider
X-SIPLIST1
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Origin-Date
X-Origin-Expires
Vha6-Origin