Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-Cache-Status
Accept-Ranges
Pragma
Link
X-Powered-By
ETag
X-XSS-Protection
Expect-CT
CF-RAY
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-UA-Compatible
X-Amz-Cf-Id
P3P
X-Cache-Hits
Alt-Svc
X-Served-By
CF-Ray
X-Timer
X-Download-Options
X-Varnish
Access-Control-Allow-Headers
X-Xss-Protection
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Check
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Request-ID
X-Cache-Status
X-Generator
X-Cacheable
X-Kinja-Server-Push
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Iinfo
X-Content-Security-Policy
P3p
Content-Encoding
Status
X-CDN
X-AspNetMvc-Version
X-Envoy-Upstream-Service-Time
Upgrade
X-Drupal-Dynamic-Cache
Access-Control-Max-Age
Access-Control-Expose-Headers
Keep-Alive
X-Via
X-Ws-Request-Id
Feature-Policy
X-Age
X-Cache-Group
X-Server
X-Backend
X-Amz-Request-Id
X-Hacker
X-Amz-Id-2
X-Robots-Tag
X-Dns-Prefetch-Control
Request-Context
X-UA-Device
X-Proxy-Cache
EagleId
X-Turbo-Charged-By
X-AH-Environment
X-Server-Powered-By
Server-Timing
X-Nginx-Cache-Status
Grace
Host-Header
Report-To
X-Template
X-Language
X-Rq
Xkey
X-Page-Speed
X-Varnish-Cache
X-Ua-Compatible
X-OneAgent-JS-Injection
X-Pingback
X-Swift-CacheTime
X-Swift-SaveTime
Cf-Railgun
Ali-Swift-Global-Savetime
X-LiteSpeed-Cache
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Amz-Version-Id
X-Vhost
X-Buckets
X-Host
X-WebKit-CSP
X-Backend-Server
NEL
X-Dispatcher
X-Device
X-Server-Id
Surrogate-Control
X-Node
Request-Id
X-Ruxit-JS-Agent
Accept-CH-Lifetime
Content-Location
EagleEye-TraceId
Accept-CH
X-Response-Time
X-Akam-SW-Version
X-Cache-Lookup
Allow
X-Origin-Cache
X-Ac
X-Readtime
X-Country
X-Mod-Pagespeed
Rating
X-HW
X-Application-Context
X-Cloud-Trace-Context
X-ORACLE-DMS-ECID
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Edge-Control
Pinterest-Generated-By
X-MS-InvokeApp
X-CST
X-ORACLE-DMS-RID
X-Vname
X-PC
X-Cnection
X-TtlSet
X-Country-Code
X-Varnish-TTL
X-DataDome
X-GitHub-Request-Id
X-Content-Type
X-ASPNET-VERSION
X-FastCGI-Cache
X-D2id
X-Clacks-Overhead
X-TTL
X-Sol
X-Middleton-Response
X-Middleton-Display
Display
Pagespeed
Response
MS-Author-Via
X-Server-Name
X-Trace
Pinterest-Version
X-Pinterest-Rid
X-ESI
X-Origin-Upstream-Status
X-B3-TraceId
X-Url
X-Vcap-Request-Id
X-Px
X-Rack-Cache
X-Abt-Application-Version
X-Navigation-Version
Fusion-Source
Fusion-Deployment-Id
Fusion-Template-Id
Fusion-Content-Id
Fusion-Content-Source
Fusion-Component-Id
Service-Worker-Allowed
Verso
Arr-Disable-Session-Affinity
X-Client-IP
X-Cache-TTL
X-Element-Page-Cache
X-Cached
X-Dw-Request-Base-Id
X-FTR-Request-ID
X-Fastly-Request-ID
X-Webkit-CSP
X-DynaTrace
SPRequestGuid
X-SharePointHealthScore
X-VARITI-CCR
X-Cdn-Fetch
X-Kinja-Build
X-Kinja
X-GoogleNews-Bot
X-Exp-Id
X-Exp-Variant
X-Kinja-Revision
X-Use-Magma
X-Kinja-Server
X-Goog-Hash
X-Powered-By-Plesk
X-Upstream
X-NF-Request-ID
X-Pinterest-Direct
Fastly-Restarts
AR-ATIME
AR-Request-ID
AR-CACHE
AR-PoweredBy
Ar-Sid
SPIisLatency
SPRequestDuration
X-Debug
Content-MD5
X-MSEdge-Ref
X-Powered-CMS
X-Forwarded-Proto
X-Amz-Rid
Access-Control-Request-Method
X-Release
X-XRDS-Location
X-Version
X-Jurisdiction
X-T
S
X-Edge
X-Content-Digest
TCN
RTSS
Public-Key-Pins
X-Ezoic-Cdn
TP-L2-Cache
TP-Cache
Cache-Tag
Accept-Ch
Front-End-Https
X-Cache-Key
X-Litespeed-Cache
X-MCACHE
X-Mid
X-Amz-Server-Side-Encryption
X-Mg-S
Server-Node
X-Node-Name
X-Yandex-Sdch-Disable
X-HP-Webp
Fastcgi-Cache
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
X-Request-Processing-Time
X-Request-Received
X-Recruiting
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-PressLabs-Stats
X-Amzn-Trace-Id
X-Accel-Expires
X-Grace
X-Kinsta-Cache
X-Ser
X-Server-ID
MicrosoftSharePointTeamServices
X-Microsite
X-Request-Handler-Origin-Region
X-Origin-Server
X-Varnish-Age
X-NWS-LOG-UUID
Accept-Charset
X-DIS-Request-ID
ServerID
X-Logged-In
Edge-Cache-Tag
X-Ttl
X-Content-Security-Policy-Report-Only
Nginx-Cache
X-Shield-Request-Id
Host
X-Page-Id
X-ECACHE
Powered-By-ChinaCache
X-Forwarded-For
X-Ratelimit-Remaining
X-Hits
X-Cache-Hit
Cache-Tags
X-LB-Cache
X-F-Cache
Cleartype
X-Hostname
X-B
X-Respond-Thread
X-Mobile-URL
X-Az
X-Activity-Id
X-AppVersion
X-N
X-Git-Hash
X-Upgrade-Enabled
X-Cached-By
Realpath
X-Amz-Meta-S3cmd-Attrs
X-Cache-Age
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Ah-Environment
X-Aspnetmvc-Version
X-Content-Options
Accept-Ch-Lifetime
X-Load-Cache
X-Type
DynaTrace
X-Rid
X-Varnish-Backend
Alternate-Protocol
X-App-Environment
Paypal-Debug-Id
X-Request-Guid
X-Ratelimit-Limit
X-Jobs
Access-Control-Allow-Method
Fastcgi-Useragent
X-FTR-Backend-Server
X-FTR-Backend
X-Country-Code-Real
X-FTR-Balancer
X-FTR-Cache-Status
X-FTR-Realm
X-FTR-DC
Charset
X-FTR-Expires
X-WebKit-CSP-Report-Only
X-Seen-By
X-Oneagent-Js-Injection
Nel
X-HS-Cache-Config
X-HS-Content-Id
X-HS-Hub-Id
X-Proxy
X-HS-Combine-CSS
X-Goog-Generation
X-Goog-Metageneration
X-GUploader-UploadID
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-B3-Sampled
X-VCache
Filters
X-Akamai-Edgescape
X-Zen-Fury
X-IPLB-Instance
X-B-Cache
X-Signature
Viewport
X-FB-Debug
MS-CV
Healthy
X-Debug-Info
X-Mobile
X-Whom
X-FireWall-Port
X-AOL-HN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Host-Name
X-Daa-Tunnel
X-Region
X-Varnish-Grace
DC
X-Geo-Country
Payment
X-User-Agent
Filterid
Liferay-Portal
X-Frontend
X-Response-Served-From
X-Original-Request-Id
X-Accel-Buffering
CACHE
X-Amz-Replication-Status
X-Cache-Operation
X-Cache-Rule
X-HTML-Minification-Powered-By
AMP-Access-Control-Allow-Source-Origin
Surrogate-Key
X-UUID
X-Tumblr-User
X-Correlation-ID
X-Tumblr-Pixel-2
X-App-Server
X-Tumblr-Pixel-1
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Instance
X-Distributor
X-FW-Static
X-FW-Dynamic
X-FW-Server
X-FW-Serve
X-FW-Hash
X-Cache-Time
X-FW-Type
X-Rule
X-Cacheable-TTL
X-Tec-Api-Version
X-Tec-Api-Root
X-Tec-Api-Origin
Refresh
X-Protected-By
X-URL
Section-Io-Cache
X-Id
S-Cnection
X-Via-JSL
X-Cache-Expired-At
X-Content-Powered-By
Version
X-Cache-Spec
X-Cache-Action
X-Wix-Request-Id
X-Is-Bot
X-Rendered-As
GEO-INFO
Server-Name
X-Acc-Debug-Context
X-Hyper-Cache
X-Backend-Name
X-Sucuri-ID
Content-Disposition
X-Amz-Apigw-Id
X-Ua
X-XRDS-LOCATION
X-Correlation-Id
X-Amzn-RequestId
Retry-After
X-Air-Hostname
X-Cache-Server
X-Endurance-Cache-Level
PB-PID
Arc-Version
PB-RID
X-Source
X-Real-IP
X-Framework
Eomportal-Instance
X-RemovedCookies
X-Unique-Id
X-Environment-Context
X-ProcessESI
X-L-Path
X-App-Version
X-EdgeConnect-Cache-Status
X-Yottaa-Metrics
X-Yottaa-Optimizations
Datacenter
X-Revision
Ms-Operation-Id
X-RTag
X-Drupal-Cache-Contexts
X-Sucuri-Cache
Frame-Options
Referer-Policy
X-Pinterest-Sli-Latency-Threshold
X-Pinterest-Sli-Response-Type
X-Pinterest-Sli-Endpoint-Name
Countrycode
Webserver
X-Providence-Cookie
X-Is-Crawler
X-Flags
X-Route-Name
X-Aspnet-Duration-Ms
X-Drupal-Cache-Tags
X-RN-RSRV
X-Cache-Var
X-ES-SERVER
Meta-Geo
X-Cache-Var-Map
X-Cache-Control
X-LLID
X-Varnish-Server
X-ProxyCache-Status
X-Proxy-Cache-Status
X-BYPASS-REASON
X-WA-Info
X-Mode
X-ProxyCache-Key
X-Xfnlog-Site
X-Cache-Host
X-Hl-Ver
X-Time-Microsecs
X-R9-Blue-Green-Version
X-Qloud-Router
Cache-Tv-Group
Property-Id
X-Origin-Hint
X-OCL
X-Contextid
TWC-Connection-Speed
X-PCL
TWC-Device-Class
X-NYM-Debug-Backend
X-Be
X-Labrador-Cache-Channel
Ec-Rule-Version
X-Cache-TTL-Remaining
X-LJ-Flow-ID
X-No-Session
Cross-Origin-Window-Policy
Mn-Server-Ip
TWC-GeoIP-Country
X-Redis-Cache
X-Cluster
X-Server-W
X-FW-Version
Webcakes-App-Name
X-Human
X-Handled-By
X-ServerID
X-Proto
X-VWS-Id
X-AWS-Id
TWC-GeoIP-LatLong
X-Amzn-Remapped-Content-Length
TWC-Locale-Group
Webcakes-App-Version
X-PHP-Host
TWC-Privacy
Webcakes-Region
X-NewRelic-App-Data
X-CDN-Forward
X-TIME
X-DynaTrace-JS-Agent
NGB
X-Format
X-Hosted-By
X-FB-TRIP-ID
DB-Nickname
X-Locale
X-TT
X-Access
Akamai-Age-Ms
X-Via-Fastly
Selected-Fe
X-Proxy-Build
X-Timing-Wait
X-TNCMS
X-Status
X-Proxied
X-Routing-Service
X-Section
X-Site-Version
X-Loop
X-Zipkin-Id
X-GeoIP
X-Adobe-Loc
X-Azure-Ref
X-Adobe-Content
X-Detected-As
X-From
X-Tt-Trace-Tag
X-AIR-PT
X-Tt-Trace-Host
Upgrade-Insecure-Requests
Cf-Bgj
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
Uber-Trace-Id
FSS-Cache
X-Device-Type
X-Debug-Cache
X-Cache-PHP
X-ATG-Version
X-NC
X-Generated-By
X-Ratelimit-Reset
X-BCube-Filmed-By
Azure-SlotName
Azure-Version
Azure-SiteName
Azure-RegionName
Azure-InstanceId
Access-Control-Request-Headers
X-CSRF-Token
X-UPSTREAM-Address
X-PHP-Backend
X-Varnish-Cache-Hits
X-Page-View
X-ID
OT-Force-Account-Verify
Cache-Status
From-Origin
X-Akamai-Transformed
X-CCM
SD-X-WS
X-Adobe-Source
X-NCache
X-GoCache-CacheStatus
X-Backend-TTL
SRV
X-G
X-Oss-Hash-Crc64ecma
X-Oss-Storage-Class
X-Oss-Object-Type
X-Varnishpool
X-Oss-Server-Time
X-Oss-Request-Id
X-LAGOON
X-Origin
X-Cluster-Name
X-Cache-2
X-Storefront-Renderer-Rendered
X-Soup
X-Cache-Grace
X-ApacheServer
X-Sorting-Hat-ShopId
X-Alternate-Cache-Key
X-Sorting-Hat-PodId
X-Forwarded-Host
X-Pubstack
Country
X-ShardId
X-Shopify-Stage
X-ShopId
X-PERF
Decoy-Debug-Status
Decoy-Debug-TTL
X-Storage
Fastly-SSL
Decoy-Debug-Key
X-Say-TTL
X-Web-Node
X-SayCDN-TTL
X-Say-Cacheable
CF-Cached-On
X-APP-VERSION
X-Backend-Host
Node
X-FTR-Cache-Host
X-Via-CDN
X-Time
X-Esi
X-GEO
X-JoinUs
X-SaId
Cache
X-ECache
X-IP
X-Viewer-Country
X-Ruxit-Js-Agent
Powered
X-TX-ID
X-EC-Lua
Xc-Version
X-Vtex-Remote-Cache
X-Vtex-Processado-Em
X-External-Request-Id
X-Worker
X-Application
X-RCS-CacheZone
X-Processor
X-A-Wwc
X-Cache-NE
X-ARC
X-VG-WebServer
X-B-Cookie
X-Rojux
X-ScT
X-Connection-Hash
X-Vdms-Path
X-CF-Lambda-Version
X-Trv-Group
X-Session-Fingerprint
X-CF-Lambda-Fn
X-D
X-Vdms-Version
X-Cache-Enabled
X-A-Dgt
X-Rewrite-Enabled
X-S
X-VG-WebCache
X-S-Cookie
X-Destination
X-Request-UUID
X-Aed
MD5-Digest
DCR-Processing-Time-Ms
DCR-Decision-By
Meta-Geo-Continent
Fastcgi-X-Cache-Version
Machine
Host-ID
X-PAYTM-SRV-ID
X-PBS-Appsvrname
X-A-Dcw
Mobile-Detection-Method
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Rendered-Blocks
X-A
X-A-Dam
X-A-Ccd
Apple-News-Services-Request-Url
Apple-News-Services-Handled
X-Erf-Bev-Bev
X-Cache-Config
X-Tumblr-Pixel-3
X-Erf-Bev-Bev-Is-Generated
X-Cache-Remote
X-Variation
Fastly-SIE
Fastly-SWR
X-Varnish-CookieHashed-On
Is-Eu
X-Cache-Debug
Adler-Geo
CDN-Cache
X-B3-Spanid
X-Varnish-Remaining-TTL
CloudFront-Viewer-Country
X-VG-TLSProxy
CDN-PullZone
CDN-Uid
CDN-RequestId
CDN-EdgeStorageId
CDN-CachedAt
X-WADP-Cache
CDN-RequestCountryCode
Platform
Gh-Request-Id
X-Cache-Bucket
X-Varnish-CookieINHashed-On
X-Servername
X-Microcachable
X-Platform-Server
X-Envoy-Decorator-Operation
X-DPWN-IS-SECURE
X-IPS-LoggedIn
X-Ms-Request-Id
X-Fastly-Cache
X-Platform
X-Rebelmouse-Surrogate-Control
X-Generation-Time
X-Fmm-Version
X-Rebelmouse-Cache-Control
X-Micro-Cache
X-DefElseHash
X-DefHash
X-Core-Value
X-Clara-WADP
X-Auto-Login
X-Irp-Debug
X-Cms-Context
X-Ms-Version
X-CUA
Backend
X-Li-Pop
X-LI-UUID
X-Is-Gdpr
X-Level-Front-Cache
X-JWT-State
Pagetype
X-Location
PFcat
HA-Ipaddr
X-Li-Fabric
X-Request-Start
X-Policy
X-Mvc-Supplant-Cachable
L5d-Success-Class
X-Old-Content-Length
L
X-OVcl-Cache
X-OVcl
X-PF-Uncompressing
X-Bip
NM-Fastcgi-Cache
X-Request-Host
X-Method
Rt-Fastcgi-Cache
X-Cache-NGX
X-Clientip
Origin
X-HN
X-Dispatcher-Server
X-Developers
X-Esi-Check
X-Eu-Site
X-Webstats-RespID
X-Fastly-Backend
X-Cache-Date
X-VarnishDD-TTL
X-Skip-Cache
X-Cache-Id
X-Cache-Tags
X-CGP
X-Csrf-Jwt
X-Varnish-Cacheable
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-HS-Content-Campaign-Id
X-Owner
X-Thanos
Wxu-Next-Region
Wxu-Next-Commit
Wxu-Next-Hostname
X-Has-Esi
X-Gzip
X-Cache-Backend
X-Reqid
X-Generated-On
C-Via
X-Geo-Header
X-Backend-State
X-SN
X-Branch-Name
AKAMAI
X-Varnish-Beresp-Status
Akamai-GRN
X-Varnish-Beresp-Grace
CacheControlHeader
Fastly-Backend-Name
X-Varnish-Beresp-Ttl
Ha-Gx-Prefs
X-B3-Traceid
X-Sql-Count
X-Sql-Duration-Ms
X-Gamma-Serve
X-Content-Age
X-Hash
X-Core-Mission
X-Varnish-Ttl
X-Refresh
X-Slack-Backend
Fastly-Drupal-HTML
X-NWS-UUID-VERIFY
X-Render-Time
X-Bc-Bl
UCS
X-Wa
X-COUNTRY
X-DC
XServer
X-Transaction
X-CS
FSS-Proxy
X-Www-Served-By
X-Twitter-Response-Tags
X-SRV
Protected
X-UA
Cache-Hits
X-Aicache-OS
X-Ftr-Cache-Host
X-S-Maxage
X-NU-AKA-ACS-Version
X-Minions-Version
X-EIG-Tracking-Id
X-NODE
Hostname
X-Amz-Meta-Cb-Modifiedtime
X-Dc
NGX
X-Fastcgi-Cache
X-Mvc-Supplant-OutputCached
Country-Code
X-Check-Cacheable
X-Via-Poph
X-LI-Proto
X-Via-Popn
Surrogated-Key
X-RateLimit-Remaining
X-Date
X-Servedbyhost
X-Accel-Expires-Debug
X-NGENIX-Cache
X-TA-CDN-Provider
X-Debug-Cache-Store
We-Hiring
X-Debug-Cache-Fetch
X-Vgn-Hpd-Cached
X-Vgn-Hpd-Variations-Key
X-Req
X-Svr
Mail-Subject
X-Up
X-LB-ID
On-Server
ServedBy
X-Edge-Location
X-Nginx-Cache
X-Cache-URL
X-Cdn-Srv
Edge-Copy-Time
X-Proxy-Upstream
Memcached
X-Erf-Stays-Bingo-Pdp-Web
X-Ua-Device
Group
X-Via-Edge
X-Via-SSL
X-FPC
Ufe-Result
X-Request-Time
X-Varnish-Hostname
X-CACHE-AGE
HostName
Geoip-Latitude
T-Server
Time
GeoIp-Country-Code
X-Hp-Webp
X-Pass-Why
Now
X-Presslabs-Stats
Section-Io-Origin-Status
Section-Io-Id
X-Cs
X-VCL-Version
Section-Io-Origin-Time-Seconds
X-Webkit-Csp
X-Uri
Section-Origin-Responded
X-NGINX-Cache
Pics-Label
X-ZONE
X-BC
N-Cache
WZWS-RAY
X-Cluster-Node
X-Agile
X-Agile-Age
Server-Host
X-Agile-Id
X-CSRF-TOKEN
X-Varnish-Hits
X-Acc-Rdl
X-TT-LOGID
X-VC
X-SB
X-MP-GENERATED-AT
Magicmarker
Ohc-File-Size
SID
DSUID
Xserver
X-UnsetCookies
X-Cdn-Forward
X-CF-Powered-By
X-UA-Device-Type
Ohc-Cache-HIT
Cache-Name
X-Info
X-Oracle-Dms-Rid
X-Datadome
X-HS-Status
X-LiteSpeed-Cache-Control
M-TraceId
X-Bc
X-Zone
X-Dynatrace-Js-Agent
X-Dynatrace
Apigw-Requestid
ProcessTime
X-Via-Popv
X-Origin-Date
X-Srv
Odigeo-Trace-Id
X-FORWARDED-FOR
NtCoent-Length
User-Cache-Control
Arc-Country
X-APP
X-We-Are-Hiring
Tracecode
Cteonnt-Length
User-Agent
S-Rt
X-MSEdge-Features
Processtime
X-Via-Ucdn
Sid
W
X-MSEdge-Flight
Ssr
Cdn-Host
VivaBuild
Viewtype
Cdn-Request-Time
X-Edge-Server
CF-IPCountry
Amp-Access-Control-Allow-Source-Origin
X-Magnolia-Registration
LB
Lfy
Server-Info
X-Tb
Memory
X-RunCloud-Cache
X-Action
WebServer
X-HOST
Srv
CountryCode
X-Server-IP
Sever-Int
SR-User-Adfree
X-SIPLIST1
X-Varnish-Authentication
Server-Hostname
X-DI
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
Vix-Hermes-Req-Id
X-VServer
X-SD-PageType
V-Age
True-Client-Country-4JS
X-Varnish-Url
Thinkindot-Control
Server-Ext
X-User
IsBot
X-Cc-Via
Web-Mar-Node
X-SRCache-Key
X-SVT-ORM-RULES
CDCHOST
Instruction
Locid
X-Cc-Req-Id
Path
X-Thinkindot-L3
D-Cc-Upstream
MIME-Version
X-DB
X-SVT-ORM-VERSION
X-Scheme
X-DW
X-Nyt-Route
X-API-Version
X-RPS
CDN
X-RSL
X-Origin-CC
X-Node-Id
X-Contensis-Viewer-Groups
X-Loc
X-Hnp-Log
X-Matched-Rule
X-Oss-Cdn-Auth
X-Developer
X-Nginx-Cache-Key
X-RPM
X-Gdpr
X-Response-By
X-Request-URI
X-Block-Status
X-BBXSRF
X-DSS
X-BBC-Edge-Cache-Status
WWW-Authenticate
X-Cache-ASPX
X-Cache-Expires
X-Origin-Expires
X-Origin-Time
X-Gen-Mode
X-Origin-TTL
X-Cache-Info
X-HITS
X-Fastly-Request-Id
X-Generated-In
X-Fetched-On
X-Var-Ttl
X-Swa-Ws
X-Trace-Id
X-NodeID
Pramga
Release
Server-ID
X-Azure-Ref-OriginShield
X-Sn-Servicetimems
X-Cdn-Origin
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Device-Os
Cache-Host
X-GeoIP-City
X-Unique-ID
Geo-Info
X-Pjax-Url
X-Vgn-Hpd-Ssi
X-Cache-Hfrom
X-Cache-Hm
X-Vcl-Version
X-Webkit-CSP-Report-Only
X-Newrelic-Synthetics
X-Browser-Type
GeoIP-Latitude
X-Traceid
A
GeoIP-Country-Code
X-FC-Vary-Parameters
X-Fastly-Country-Code
X-Newrelic-App-Data
X-CACHE-KEY
X-Hit
X-Geo
Lb
Cf-Device-Type
Cdn
X-Fpc
X-Lb-Id
Source
X-Origin-Response-Time
X-Provided-By
X-Nc
X-Akamai-Request-ID2
X-Via-NSCOPI
X-Cache-Tag
X-Via-PopH
X-Via-PopN
X-ServedByHost
FNAC-ModuleRouting
X-Men
X-Via-PopV
X-Li-Proto
X-Epic-Correlation-Id
X-Envoy-Upstream-Healthchecked-Cluster
Expiry
Server-Ttl
X-Sigma
X-Sigma-Backend
X-Vgn-Hpd-Reason
X-Rocket-Build-Number
X-SERVER-NAME
Url
X-TH-Server
X-B3-SpanId
Accept-Language
Kp-EeAlive
X-Served-From
Cache-Key
X-Akamai-Pragma-Client-IP
X-Amzn-Remapped-Connection
X-Parent-Response-Time
X-B3-Parentspanid
X-Amzn-Remapped-Date
X-Proxy-Cachei7
Xkeyi7
Content-Script-Type
Esi-Enabled
Location
EpKe-Alive
X-StackifyID
Content-Secure-Policy
Cache-Provider
X-BBC-Origin-Response-Status
Content-Style-Type
X-No-Cache
X-ServiceProvider
X-RateLimit-Remaining-Second
X-Agile-Brick-Ok
BehaviorPad-Version
X-Yottaa-OS
X-ND-Cache
X-Key
X-MiniProfiler-Ids
X-WA
X-ElasticPress-Query
Actual-Object-TTL
X-ORACLE-APMCS-REQUEST-ID
X-VC-Cache
URI
X-Tt-Logid
Req-Svc-Chain
X-Akamai-Request-ID
X-Request-URL
X-RateLimit-Limit-Second
X-Instart-Request-ID
Tcn
Inserted-Into-Cache-At
X-Apw-Access-Action
X-HostName
X-Apw-Access-Object
X-Apw-Access-Token
Who
X-Varnish-Beresp-TTL
X-Apw-Hits
X-PJAX-URL
X-RateLimit-Limit
X-Batcache
X-TraceId
X-TrackingId
X-Selected-Host-Header
X-Selected-Name
X-Selected-Scheme
X-Mobile-Rewrite
PICS-Label
X-Pad
X-Litespeed-Cache-Control
DataCenter
Pragrma
Origin-Cache-Control
Mime-Version
Origin-Edge-Control
X-Instart-Info
Proxy-Firewall
X-C
Resin-Trace
X-Snapshot-Date
NnCoection
Xet-Cookie
X-Dispatch
Vha6-Origin