Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Pragma
X-Powered-By
ETag
Link
Expect-CT
X-XSS-Protection
Via
CF-RAY
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
P3P
X-Cache-Hits
Alt-Svc
X-Served-By
X-Xss-Protection
CF-Ray
X-Timer
X-Varnish
X-Download-Options
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
Content-Security-Policy-Report-Only
X-Request-ID
X-Drupal-Cache
X-Check
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-Generator
X-Cacheable
X-Kinja-Server-Push
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Iinfo
P3p
X-Content-Security-Policy
Status
X-AspNetMvc-Version
Content-Encoding
Upgrade
X-CDN
X-Drupal-Dynamic-Cache
X-Envoy-Upstream-Service-Time
Access-Control-Max-Age
Access-Control-Expose-Headers
Keep-Alive
X-Via
X-Template
X-Ws-Request-Id
X-Language
Feature-Policy
X-Age
X-Dns-Prefetch-Control
X-Backend
X-Cache-Group
X-Hacker
X-Server
X-Amz-Request-Id
X-Robots-Tag
X-Amz-Id-2
X-AH-Environment
X-UA-Device
EagleId
X-Proxy-Cache
Request-Context
X-Turbo-Charged-By
X-Server-Powered-By
Server-Timing
X-Nginx-Cache-Status
Host-Header
Grace
X-Buckets
Report-To
Xkey
X-Page-Speed
X-Rq
X-OneAgent-JS-Injection
X-Varnish-Cache
X-Pingback
X-Swift-CacheTime
X-Swift-SaveTime
X-LiteSpeed-Cache
Ali-Swift-Global-Savetime
Cf-Railgun
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Amz-Version-Id
X-Vhost
Cf-Bgj
X-WebKit-CSP
X-Host
X-Dispatcher
X-Backend-Server
NEL
X-Device
X-Node
Surrogate-Control
X-Ruxit-JS-Agent
X-Server-Id
Content-Location
X-Response-Time
X-Cache-Lookup
Request-Id
X-Origin-Cache
Accept-CH-Lifetime
X-Akam-SW-Version
X-Ac
EagleEye-TraceId
Accept-CH
X-ASPNET-VERSION
X-Country
Rating
X-Mod-Pagespeed
X-Readtime
X-HW
X-Cloud-Trace-Context
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
X-Application-Context
Pinterest-Generated-By
Allow
Edge-Control
X-EdgeConnect-MidMile-RTT
X-Country-Code
X-EdgeConnect-Origin-MEX-Latency
X-Vname
X-PC
X-TtlSet
X-DataDome
X-Url
X-Varnish-TTL
X-Cnection
X-Origin-Upstream-Status
X-MS-InvokeApp
X-Content-Type
Fusion-Content-Source
Fusion-Content-Id
Fusion-Component-Id
Fusion-Deployment-Id
Fusion-Source
X-GitHub-Request-Id
Fusion-Template-Id
X-D2id
X-Clacks-Overhead
X-Trace
X-Abt-Application-Version
X-Pinterest-Rid
Pinterest-Version
X-Middleton-Display
X-Middleton-Response
Display
Pagespeed
X-Sol
Response
X-Px
X-Vcap-Request-Id
X-Navigation-Version
X-Rack-Cache
X-Server-Name
X-FTR-Request-ID
Verso
X-ESI
Service-Worker-Allowed
X-DynaTrace
MS-Author-Via
X-B3-TraceId
X-Element-Page-Cache
X-Cached
X-Fastly-Request-ID
X-Client-IP
X-Webkit-CSP
Arr-Disable-Session-Affinity
X-Cache-TTL
X-TTL
X-Dw-Request-Base-Id
X-Powered-By-Plesk
X-FastCGI-Cache
X-CST
Content-MD5
X-Upstream
X-Version
SPRequestGuid
AR-PoweredBy
AR-CACHE
X-SharePointHealthScore
Fastly-Restarts
X-Forwarded-Proto
X-NF-Request-ID
AR-ATIME
AR-Request-ID
X-Debug
X-VARITI-CCR
Ar-Sid
X-Goog-Hash
X-Kinja
X-Kinja-Revision
X-Use-Magma
X-Kinja-Server
X-Exp-Variant
X-Kinja-Build
X-GoogleNews-Bot
X-Exp-Id
X-Cdn-Fetch
X-T
Accept-Ch
X-XRDS-Location
Access-Control-Request-Method
X-Powered-CMS
X-MSEdge-Ref
X-Jurisdiction
X-Release
X-Content-Digest
TP-L2-Cache
TP-Cache
S
X-Edge
X-Amz-Rid
SPRequestDuration
SPIisLatency
TCN
X-Pinterest-Direct
RTSS
X-Ttl
Cache-Tag
X-NWS-LOG-UUID
Public-Key-Pins
X-Node-Name
X-Ezoic-Cdn
X-Server-ID
Fastcgi-Cache
X-PressLabs-Stats
X-Yandex-Sdch-Disable
X-Request-Processing-Time
X-Request-Received
X-MCACHE
X-Mid
X-Cache-Key
Server-Node
Front-End-Https
X-Accel-Expires
X-Amzn-Trace-Id
X-Recruiting
X-Kinsta-Cache
X-Ratelimit-Remaining
X-Request-Handler-Origin-Region
X-Microsite
X-Ser
X-Logged-In
ServerID
X-Cache-Hit
MRF-Tech
X-B3-TraceId-Primal
X-Origin-Server
Mrf-Cache-Status
X-Page-Id
Accept-Charset
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Mg-S
Host
X-Grace
X-Amz-Server-Side-Encryption
X-Content-Security-Policy-Report-Only
X-B
X-Varnish-Age
X-ECACHE
Alternate-Protocol
X-DIS-Request-ID
Nginx-Cache
X-Hostname
X-Shield-Request-Id
Accept-Ch-Lifetime
Edge-Cache-Tag
X-Ratelimit-Limit
X-Mobile-URL
X-Forwarded-For
Realpath
X-FTR-Realm
X-FTR-Balancer
X-FTR-DC
X-FTR-Backend-Server
X-FTR-Backend
X-Country-Code-Real
X-FTR-Cache-Status
X-FTR-Expires
X-Hits
X-Seen-By
X-F-Cache
X-Git-Hash
X-FireWall-Port
Filterid
X-LB-Cache
X-Content-Options
X-Activity-Id
X-AppVersion
X-Az
X-Load-Cache
X-HP-Webp
X-Jobs
X-N
X-Request-Guid
MicrosoftSharePointTeamServices
X-App-Environment
X-Type
X-Varnish-Backend
Cache-Tags
Paypal-Debug-Id
X-Rid
Fastcgi-Useragent
X-WebKit-CSP-Report-Only
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Varnish-Grace
X-Upgrade-Enabled
Cleartype
X-Daa-Tunnel
X-Zen-Fury
DynaTrace
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Proxy
Access-Control-Allow-Method
X-Cached-By
X-FB-Debug
X-Litespeed-Cache
X-Cache-Age
X-Akamai-Edgescape
X-App-Server
Powered-By-ChinaCache
X-Amz-Meta-S3cmd-Attrs
X-Id
X-Geo-Country
DC
X-Goog-Storage-Class
X-Goog-Generation
X-Host-Name
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-GUploader-UploadID
X-Goog-Stored-Content-Length
X-Cache-Rule
X-Cache-Operation
X-Respond-Thread
X-HS-Hub-Id
X-HS-Cache-Config
X-HS-Content-Id
X-HS-Combine-CSS
X-B3-Sampled
X-Content-Powered-By
Content-Disposition
X-Signature
X-AOL-HN
X-B-Cache
X-User-Agent
X-IPLB-Instance
X-Response-Served-From
X-Original-Request-Id
MS-CV
X-Debug-Info
X-Correlation-ID
X-Accel-Buffering
X-Whom
X-Region
Healthy
X-Wix-Request-Id
Payment
AMP-Access-Control-Allow-Source-Origin
Akamai-Age-Ms
X-Frontend
X-FW-Dynamic
X-FW-Type
X-FW-Static
X-Rule
X-Mobile
X-UUID
X-VCache
X-FW-Hash
X-Cacheable-TTL
X-FW-Serve
X-FW-Server
X-Distributor
X-Instance
X-HTML-Minification-Powered-By
X-Is-Bot
X-Rendered-As
X-Ua
X-Endurance-Cache-Level
X-Cache-Time
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
X-Tumblr-Pixel
Refresh
X-Tumblr-Pixel-2
X-Tumblr-User
Datacenter
X-Amz-Apigw-Id
Surrogate-Key
X-Amzn-RequestId
NGB
Filters
X-Via-JSL
Charset
X-Acc-Debug-Context
X-Protected-By
Liferay-Portal
Countrycode
Viewport
S-Cnection
Arc-Version
PB-RID
PB-PID
X-Backend-Name
X-Varnish-Server
X-XRDS-LOCATION
Nel
X-App-Version
X-Hyper-Cache
X-Cache-Expired-At
X-Ah-Environment
X-Tec-Api-Version
X-Tec-Api-Root
X-Tec-Api-Origin
X-Amz-Replication-Status
X-Oneagent-Js-Injection
X-Cache-Server
Section-Io-Cache
X-Cache-Action
Retry-After
X-PHP-Backend
X-Azure-Ref
X-NewRelic-App-Data
X-Sucuri-ID
X-Source
Referer-Policy
X-EdgeConnect-Cache-Status
Version
X-WA-Info
GEO-INFO
X-Proxy-Cache-Status
X-Cache-Control
X-Fastcgi-Cache
X-Correlation-Id
Eomportal-Instance
X-Environment-Context
X-Framework
X-RemovedCookies
X-L-Path
X-Real-IP
X-ProcessESI
X-Yottaa-Optimizations
X-Yottaa-Metrics
Ms-Operation-Id
Server-Name
X-Unique-Id
X-ES-SERVER
X-Time
Meta-Geo
X-RTag
X-Air-Hostname
Frame-Options
X-RN-RSRV
X-Cache-Var
X-Cache-Var-Map
Powered
X-Esi
X-Revision
X-Mode
X-From
X-Xfnlog-Site
X-ProxyCache-Key
X-Time-Microsecs
X-Cache-TTL-Remaining
X-Cache-Host
X-GeoIP
X-BYPASS-REASON
X-ProxyCache-Status
X-Qloud-Router
X-Loop
Cache-Tv-Group
Cross-Origin-Window-Policy
X-PHP-Host
X-OCL
X-PCL
X-TNCMS
Uber-Trace-Id
X-Labrador-Cache-Channel
Ec-Rule-Version
X-FW-Version
X-R9-Blue-Green-Version
X-Cluster
X-DynaTrace-JS-Agent
X-Hosted-By
DB-Nickname
X-Drupal-Cache-Contexts
Mn-Server-Ip
X-Debug-Cache
X-Zipkin-Id
X-AWS-Id
X-Site-Version
X-Amzn-Remapped-Content-Length
X-Server-W
X-LJ-Flow-ID
X-Status
X-Human
X-Detected-As
X-Hl-Ver
X-Locale
X-Proxied
X-Redis-Cache
X-VWS-Id
X-NYM-Debug-Backend
X-Routing-Service
X-Origin-Hint
X-Proxy-Build
X-Sucuri-Cache
X-Timing-Wait
X-Via-Fastly
X-Handled-By
X-CSRF-Token
Webcakes-App-Name
Webcakes-App-Version
Webcakes-Region
TWC-Privacy
TWC-Connection-Speed
TWC-Device-Class
TWC-GeoIP-LatLong
TWC-Locale-Group
TWC-GeoIP-Country
X-Access
X-Format
X-Section
Selected-Fe
Property-Id
X-Generated-By
X-Cache-PHP
X-ServerID
X-Proto
X-Ratelimit-Reset
X-Be
X-BCube-Filmed-By
X-FB-TRIP-ID
X-Hp-Webp
X-Contextid
X-Drupal-Cache-Tags
X-Device-Type
X-No-Session
X-ATG-Version
Cache
FSS-Cache
X-JoinUs
X-SaId
X-CDN-Forward
X-Varnish-Cache-Hits
From-Origin
X-FTR-Cache-Host
Webserver
CACHE
X-Adobe-Content
X-NCache
X-Adobe-Loc
X-Origin
X-NC
CF-Cached-On
X-URL
OT-Force-Account-Verify
X-NWS-UUID-VERIFY
X-Oss-Server-Time
X-TT
X-Oss-Storage-Class
X-Oss-Request-Id
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
Azure-RegionName
Azure-SiteName
Azure-InstanceId
Azure-Version
X-GoCache-CacheStatus
X-Tt-Trace-Host
Azure-SlotName
X-Tt-Trace-Tag
X-TA-CDN-Provider
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Akamai-Transformed
X-IPS-LoggedIn
X-AIR-PT
X-IP
X-APP-VERSION
X-EIG-Tracking-Id
X-Bc-Bl
Access-Control-Request-Headers
SD-X-WS
X-Adobe-Source
X-CCM
X-EC-Lua
Upgrade-Insecure-Requests
X-Cache-Enabled
X-TIME
X-ShardId
X-Cache-2
X-Route-Name
X-Providence-Cookie
X-ShopId
X-Shopify-Stage
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-Is-Crawler
X-Storefront-Renderer-Rendered
X-Alternate-Cache-Key
X-Flags
X-Aspnet-Duration-Ms
X-ApacheServer
X-ECache
X-PERF
X-Forwarded-Host
X-Pubstack
X-Cache-Backend
X-Backend-Host
X-Cache-Grace
X-Tumblr-Pixel-3
X-Backend-TTL
X-Pinterest-Sli-Latency-Threshold
X-Pinterest-Sli-Response-Type
Node
X-Pinterest-Sli-Endpoint-Name
X-Storage
X-Say-Cacheable
Cache-Status
X-Web-Node
X-Ruxit-Js-Agent
X-SayCDN-TTL
X-Say-TTL
Decoy-Debug-Key
Decoy-Debug-Status
X-Cluster-Name
Fastly-SSL
X-Viewer-Country
Decoy-Debug-TTL
X-Soup
X-Connection-Hash
Apple-News-Services-Parsed-Url
X-CF-Lambda-Version
X-Varnishpool
X-External-Request-Id
X-G
X-Destination
X-CF-Lambda-Fn
Apple-News-Services-Request-Url
Apple-News-Services-Host
Apple-News-Services-Handled
X-D
X-Cache-NE
DCR-Decision-By
X-Twitter-Response-Tags
X-Trv-Group
X-A-Wwc
X-Vdms-Path
X-VG-WebCache
X-Vdms-Version
X-Transaction
Host-ID
X-Rewrite-Enabled
X-Request-UUID
X-Rojux
X-S
X-Application
X-ScT
X-A-Dgt
X-VG-WebServer
Xc-Version
X-Worker
Meta-Geo-Continent
Mobile-Detection-Method
Rendered-Blocks
X-A
X-A-Ccd
X-A-Dam
X-Vtex-Remote-Cache
X-Vtex-Processado-Em
Machine
X-A-Dcw
MD5-Digest
X-ARC
X-S-Cookie
Fastcgi-X-Cache-Version
X-Processor
X-B3-Traceid
X-B-Cookie
X-PBS-Appsvrname
DCR-Processing-Time-Ms
X-RCS-CacheZone
X-PAYTM-SRV-ID
X-TX-ID
X-LAGOON
X-Vgn-Hpd-Cached
X-Cdn
X-Cache-Config
X-Vgn-Hpd-Variations-Key
CDN-EdgeStorageId
X-Cache-Bucket
CDN-PullZone
Country
CDN-CachedAt
Is-Eu
X-VG-TLSProxy
X-Variation
X-Ms-Version
X-Ms-Request-Id
X-Rebelmouse-Surrogate-Control
CDN-RequestCountryCode
X-Micro-Cache
CloudFront-Viewer-Country
X-WADP-Cache
CDN-RequestId
Platform
CDN-Cache
X-Servername
X-Fmm-Version
X-Fastly-Cache
CDN-Uid
X-Rebelmouse-Cache-Control
Fastly-SIE
Adler-Geo
Fastly-SWR
X-Aed
X-Generation-Time
X-Envoy-Decorator-Operation
X-Clara-WADP
X-DPWN-IS-SECURE
X-UPSTREAM-Address
Backend
Akamai-GRN
X-Cms-Context
Rt-Fastcgi-Cache
X-Cache-Id
Fastly-Drupal-HTML
Origin
X-Backend-State
L
Gh-Request-Id
X-Clientip
X-Accel-Expires-Debug
X-Cache-NGX
Country-Code
X-Bip
C-Via
X-Auto-Login
X-HS-Content-Campaign-Id
X-Microcachable
X-Owner
X-Platform
X-Policy
X-Method
X-LI-UUID
X-Irp-Debug
X-Li-Fabric
X-Li-Pop
X-Render-Time
X-Request-Host
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-Platform-Server
X-Varnish-Cacheable
X-Thanos
X-Request-Start
X-Skip-Cache
X-Slack-Backend
Surrogated-Key
X-Old-Content-Length
X-Esi-Check
X-Date
X-Core-Value
X-Gzip
X-Core-Mission
X-Fastly-Backend
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-Varnish-Beresp-Ttl
X-CS
X-NGENIX-Cache
X-UA
Time
X-Req
X-Developers
X-Dispatcher-Server
AKAMAI
X-Amz-Meta-Cb-Modifiedtime
PFcat
X-CUA
X-Varnish-CookieHashed-On
X-DefElseHash
X-DefHash
X-Webstats-RespID
Wxu-Next-Region
X-Up
Wxu-Next-Hostname
X-VarnishDD-TTL
X-SN
X-Gamma-Serve
X-Varnish-Remaining-TTL
X-Cache-Date
X-Varnish-CookieINHashed-On
Fastly-Backend-Name
X-Level-Front-Cache
X-JWT-State
X-Hash
X-Has-Esi
X-Is-Gdpr
X-HN
X-Generated-On
X-OVcl-Cache
Wxu-Next-Commit
NM-Fastcgi-Cache
X-Minions-Version
X-OVcl
X-Mvc-Supplant-Cachable
X-Content-Age
X-Varnish-Ttl
Now
X-DC
We-Hiring
Ufe-Result
X-Reqid
X-Location
X-Geo-Header
X-Cdn-Srv
X-Cache-Tags
X-CGP
X-Eu-Site
X-Wa
X-Aicache-OS
X-Edge-Location
X-Csrf-Jwt
X-Cache-URL
L5d-Success-Class
Mail-Subject
CacheControlHeader
HA-Ipaddr
Ha-Gx-Prefs
Group
Memcached
X-CACHE-AGE
X-Page-View
X-Session-Fingerprint
X-Cache-Debug
X-LB-ID
X-Proxy-Upstream
Pagetype
UCS
FSS-Proxy
X-Refresh
X-Via-Popn
X-Via-Poph
X-Branch-Name
X-B3-Spanid
X-NODE
SRV
X-Agile-Age
X-GEO
X-PF-Uncompressing
X-Agile
X-Agile-Id
X-ZONE
X-BC
X-LI-Proto
NGX
X-Mvc-Supplant-OutputCached
X-Servedbyhost
X-RateLimit-Remaining
HostName
X-Ftr-Cache-Host
X-Via-CDN
X-Debug-Cache-Store
X-SERVER-NAME
M-TraceId
Hostname
X-Debug-Cache-Fetch
X-Nginx-Cache
X-Datadome
X-Ua-Device
Xserver
X-Dc
Arc-Country
X-Varnish-Hostname
X-ID
X-Check-Cacheable
X-Instart-Request-ID
X-SERVER
X-Cdn-Forward
X-Sql-Count
X-Sql-Duration-Ms
X-NU-AKA-ACS-Version
Cdn-Host
X-FPC
X-Request-Time
Cdn-Request-Time
X-VCL-Version
X-SRV
X-Edge-Server
VivaBuild
Viewtype
WebServer
X-Cache-Remote
X-LiteSpeed-Cache-Control
X-Bc
X-Cluster-Node
X-RunCloud-Cache
X-Dynatrace-Js-Agent
X-Zone
X-Via-Ucdn
Srv
X-LLID
X-COUNTRY
X-Via-SSL
X-Via-Edge
X-APP
X-Via-Popv
X-Action
X-CF-Powered-By
Memory
X-Www-Served-By
Edge-Copy-Time
X-UnsetCookies
SID
X-FORWARDED-FOR
WWW-Authenticate
X-RPS
X-HS-Status
X-Svr
On-Server
X-RPM
X-DW
X-DB
X-DI
X-DSS
X-Vgn-Hpd-Ssi
X-RSL
X-S-Maxage
Cache-Hits
X-Cs
NtCoent-Length
ProcessTime
ServedBy
X-NGINX-Cache
Actual-Object-TTL
X-ORACLE-APMCS-REQUEST-ID
X-Srv
GeoIp-Country-Code
X-CSRF-TOKEN
Geoip-Latitude
Apigw-Requestid
X-Oss-Cdn-Auth
XServer
X-MP-GENERATED-AT
X-Presslabs-Stats
X-Geo
X-Vcache
T-Server
Server-Info
X-We-Are-Hiring
Geo-Info
X-Unique-ID
X-Pass-Why
Ohc-File-Size
X-Hit
User-Agent
Processtime
X-Akamai-Request-ID2
Sid
Amp-Access-Control-Allow-Source-Origin
W
GeoIP-Latitude
GeoIP-Country-Code
X-MSEdge-Features
X-MSEdge-Flight
LB
X-Epic-Correlation-Id
CF-IPCountry
X-Tb
Pics-Label
S-Rt
Server-Host
X-Erf-Stays-Bingo-Pdp-Web
Protected
X-Varnish-Hits
X-HOST
X-Envoy-Upstream-Healthchecked-Cluster
WZWS-RAY
N-Cache
X-SB
Magicmarker
X-VC
X-FC-Vary-Parameters
X-HITS
X-Uri
X-Vcl-Version
X-Pjax-Url
X-Info
Accept-Language
X-Cache-Hfrom
X-Erf-Bev-Bev
X-Cache-Hm
Cdn
X-Erf-Bev-Bev-Is-Generated
X-Mobile-Rewrite
X-Fpc
X-Nc
X-Webkit-CSP-Report-Only
Ohc-Cache-HIT
X-Fastly-Country-Code
X-Newrelic-Synthetics
A
CDN
X-Key
Cteonnt-Length
Esi-Enabled
Tracecode
X-CACHE-KEY
X-Acc-Rdl
Origin-Cache-Control
Origin-Edge-Control
X-Newrelic-App-Data
X-TT-LOGID
Lb
User-Cache-Control
DSUID
Section-Io-Id
Odigeo-Trace-Id
X-Provided-By
Section-Origin-Responded
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
X-Instart-Info
Ssr
X-Via-NSCOPI
X-Dispatch
Cache-Name
Proxy-Firewall
X-Amzn-Remapped-Connection
X-Amzn-Remapped-Date
X-UA-Device-Type
X-Geo-Region
X-ServedByHost
Powered-By
X-Magnolia-Registration
X-Li-Proto
X-B3-SpanId
Lfy
X-StackifyID
X-Origin-Date
X-Dynatrace
Thinkindot-CacheControl-Type
X-Thinkindot-L3
FNAC-ModuleRouting
X-Traceid
Server-Ext
Server-ID
CDCHOST
X-Scheme
V-Age
Thinkindot-Control
Thinkindot-CacheControl
True-Client-Country-4JS
SR-User-Adfree
Path
X-Varnish-Authentication
X-Varnish-Url
X-VServer
X-Origin-TTL
MIME-Version
Locid
Server-Hostname
Release
IsBot
Sever-Int
X-User
Instruction
X-SRCache-Key
X-Server-IP
X-Response-By
X-SD-PageType
X-Origin-CC
X-Gen-Mode
X-Gdpr
X-Sigma
X-GeoIP-City
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Matched-Rule
X-Nginx-Cache-Key
X-Node-Id
X-Loc
X-Hnp-Log
X-Rocket-Build-Number
X-Nyt-Route
X-Origin-Expires
X-Developer
X-Men
X-BBC-Edge-Cache-Status
X-Request-URI
X-API-Version
X-SVT-ORM-RULES
Web-Mar-Node
X-SVT-ORM-VERSION
X-BBXSRF
X-SIPLIST1
X-Cache-Expires
X-Cache-Info
X-Contensis-Viewer-Groups
X-Origin-Time
X-Cache-ASPX
X-Block-Status
X-Sigma-Backend
Vix-Hermes-Req-Id
Cache-Key
X-RAMCache
X-TH-Server
X-Akamai-Pragma-Client-IP
Server-Ttl
HitType
X-Served-From
X-Cache-Tag
X-NodeID
Cache-Provider
X-Azure-Ref-OriginShield
Fastcgi-Cache-TTL
X-Cc-Via
X-Lb-Id
X-Via-PopH
X-Via-PopN
X-Via-PopV
X-Cdn-Origin
BehaviorPad-Version
X-Parent-Response-Time
X-Sn-Servicetimems
X-Trace-Id
D-Cc-Upstream
X-Cc-Req-Id
X-TrackingId
X-Generated
X-No-Cache
CountryCode
Xet-Cookie
X-RateLimit-Limit-Second
X-Var-Ttl
X-VC-Cache
X-Batcache
Req-Svc-Chain
X-Swa-Ws
X-ServiceProvider
X-LiteSpeed-Tag
X-Fetched-On
X-RateLimit-Remaining-Second
X-Agile-Brick-Ok
X-App
X-Generated-In
Pramga
Kp-EeAlive
X-WA
X-Tt-Logid
Cache-Host
X-ElasticPress-Query
X-Device-Os
X-Cache-Spec
Tcn
X-Varnish-Beresp-TTL
X-HostName
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-RateLimit-Limit
Who
X-Pf-Uncompressing
Dnion-Transfer-Encoding
Cf-Device-Type
X-B3-Parentspanid
X-Yottaa-OS
Cf-Alt-Svc
Inserted-Into-Cache-At
X-PJAX-URL
X-Planisys-CDN-Cache
X-Selected-Host-Header
X-Path-Route
X-Selected-Name
X-Selected-Scheme
X-BBC-Origin-Response-Status
Source
X-Request-URL
X-Snapshot-Date
X-Apw-Access-Object
Vha6-Origin
Pragrma
X-C
Mime-Version
X-Dw-Trace-Id
X-Proxy-Cachei7
PICS-Label
Resin-Trace
X-Apw-Access-Token
X-MiniProfiler-Ids
X-Apw-Access-Action
X-Vgn-Hpd-Reason
X-Apw-Hits