Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-Cache-Status
Accept-Ranges
Pragma
Link
X-Powered-By
ETag
X-XSS-Protection
Expect-CT
CF-RAY
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-UA-Compatible
X-Amz-Cf-Id
P3P
X-Cache-Hits
Alt-Svc
X-Served-By
CF-Ray
X-Timer
X-Download-Options
X-Varnish
Access-Control-Allow-Headers
X-Xss-Protection
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Check
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Request-ID
X-Cache-Status
X-Generator
X-Cacheable
X-Kinja-Server-Push
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Iinfo
X-Content-Security-Policy
P3p
Content-Encoding
Status
X-CDN
X-AspNetMvc-Version
X-Envoy-Upstream-Service-Time
Upgrade
X-Drupal-Dynamic-Cache
Access-Control-Max-Age
Access-Control-Expose-Headers
Keep-Alive
X-Via
X-Ws-Request-Id
Feature-Policy
X-Age
X-Cache-Group
X-Server
X-Backend
X-Amz-Request-Id
X-Hacker
X-Amz-Id-2
X-Robots-Tag
Request-Context
X-AH-Environment
X-UA-Device
X-Proxy-Cache
EagleId
X-Turbo-Charged-By
X-Server-Powered-By
Server-Timing
X-Nginx-Cache-Status
Grace
Host-Header
X-Dns-Prefetch-Control
Report-To
X-Template
X-Language
X-Rq
Xkey
X-Page-Speed
X-Varnish-Cache
X-Ua-Compatible
X-OneAgent-JS-Injection
X-Pingback
X-Swift-CacheTime
X-Swift-SaveTime
Cf-Railgun
Ali-Swift-Global-Savetime
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Amz-Version-Id
X-LiteSpeed-Cache
X-Vhost
X-Buckets
X-Host
X-WebKit-CSP
NEL
X-Backend-Server
X-Server-Id
X-Device
X-Dispatcher
Accept-CH-Lifetime
Surrogate-Control
X-Node
Accept-CH
Request-Id
X-Ruxit-JS-Agent
Content-Location
EagleEye-TraceId
X-Response-Time
X-Akam-SW-Version
X-Cache-Lookup
Allow
X-Origin-Cache
X-Ac
X-Readtime
X-Mod-Pagespeed
Rating
X-HW
X-Country
X-Application-Context
X-Cloud-Trace-Context
X-ORACLE-DMS-ECID
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Edge-Control
Pinterest-Generated-By
X-MS-InvokeApp
X-CST
X-ORACLE-DMS-RID
X-PC
X-TtlSet
X-Vname
X-Cnection
X-Country-Code
X-Varnish-TTL
X-DataDome
X-GitHub-Request-Id
X-Content-Type
X-ASPNET-VERSION
X-FastCGI-Cache
X-D2id
X-Clacks-Overhead
X-TTL
Response
X-Middleton-Display
Pagespeed
X-Middleton-Response
Display
X-Sol
X-Server-Name
MS-Author-Via
X-Trace
Pinterest-Version
X-Pinterest-Rid
X-Origin-Upstream-Status
X-B3-TraceId
X-Vcap-Request-Id
X-Rack-Cache
X-Px
X-Abt-Application-Version
X-ESI
X-Navigation-Version
Fusion-Content-Source
Fusion-Deployment-Id
Fusion-Template-Id
Fusion-Content-Id
Fusion-Source
Fusion-Component-Id
Service-Worker-Allowed
X-Url
Verso
Arr-Disable-Session-Affinity
X-Client-IP
X-Cache-TTL
X-Cached
X-Element-Page-Cache
X-Dw-Request-Base-Id
X-Fastly-Request-ID
X-FTR-Request-ID
X-Webkit-CSP
X-SharePointHealthScore
X-DynaTrace
SPRequestGuid
X-VARITI-CCR
X-Exp-Id
X-Exp-Variant
X-Kinja-Build
X-Use-Magma
X-Kinja-Server
X-Kinja-Revision
X-Kinja
X-GoogleNews-Bot
X-Cdn-Fetch
X-Goog-Hash
X-Powered-By-Plesk
X-Upstream
X-Pinterest-Direct
X-NF-Request-ID
Fastly-Restarts
AR-CACHE
AR-ATIME
AR-PoweredBy
AR-Request-ID
Ar-Sid
X-Debug
SPRequestDuration
SPIisLatency
X-MSEdge-Ref
Content-MD5
X-Powered-CMS
X-Amz-Rid
X-Forwarded-Proto
X-Litespeed-Cache
X-Release
Access-Control-Request-Method
X-XRDS-Location
X-Version
X-T
X-Jurisdiction
S
X-Edge
X-Content-Digest
TCN
RTSS
Public-Key-Pins
X-Ezoic-Cdn
TP-L2-Cache
TP-Cache
Cache-Tag
X-Cache-Key
Front-End-Https
X-MCACHE
X-Mid
X-Amz-Server-Side-Encryption
X-Mg-S
X-Node-Name
Server-Node
X-Yandex-Sdch-Disable
X-HP-Webp
Fastcgi-Cache
X-Request-Received
MRF-Tech
Mrf-Cache-Status
X-Request-Processing-Time
X-B3-TraceId-Primal
X-Recruiting
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Amzn-Trace-Id
X-Accel-Expires
X-Kinsta-Cache
X-Grace
X-Ser
X-PressLabs-Stats
MicrosoftSharePointTeamServices
X-Request-Handler-Origin-Region
X-Microsite
Accept-Ch
X-Origin-Server
X-Varnish-Age
X-NWS-LOG-UUID
Accept-Charset
X-DIS-Request-ID
Edge-Cache-Tag
ServerID
X-Logged-In
X-Ttl
X-Content-Security-Policy-Report-Only
X-Shield-Request-Id
Nginx-Cache
Powered-By-ChinaCache
Host
X-ECACHE
X-Page-Id
X-Ratelimit-Remaining
X-Hits
X-Cache-Hit
Cache-Tags
X-Forwarded-For
X-F-Cache
X-Hostname
X-LB-Cache
Cleartype
X-Server-ID
X-Respond-Thread
X-B
X-Mobile-URL
X-Az
X-AppVersion
X-Activity-Id
X-N
X-Git-Hash
X-Upgrade-Enabled
Realpath
X-Cached-By
X-Cache-Age
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Amz-Meta-S3cmd-Attrs
X-Aspnetmvc-Version
X-Content-Options
X-Type
DynaTrace
X-Load-Cache
Paypal-Debug-Id
X-App-Environment
X-Request-Guid
X-Rid
X-Varnish-Backend
X-Ratelimit-Limit
Alternate-Protocol
X-Jobs
Fastcgi-Useragent
Access-Control-Allow-Method
X-FTR-Realm
X-FTR-DC
X-FTR-Backend-Server
X-Country-Code-Real
X-FTR-Cache-Status
X-FTR-Backend
X-FTR-Balancer
Charset
X-FTR-Expires
X-Seen-By
X-WebKit-CSP-Report-Only
X-Oneagent-Js-Injection
X-HS-Cache-Config
X-Proxy
X-HS-Content-Id
X-HS-Hub-Id
X-HS-Combine-CSS
X-Goog-Storage-Class
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-Goog-Generation
X-B3-Sampled
X-VCache
X-Zen-Fury
X-Akamai-Edgescape
Filters
X-IPLB-Instance
X-URL
X-Signature
X-B-Cache
X-FB-Debug
Viewport
X-Debug-Info
X-Mobile
X-Whom
Healthy
X-AOL-HN
X-FireWall-Port
MS-CV
X-Host-Name
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Varnish-Grace
X-Daa-Tunnel
X-Region
DC
AMP-Access-Control-Allow-Source-Origin
X-Geo-Country
Payment
X-User-Agent
Liferay-Portal
Filterid
X-Frontend
X-Accel-Buffering
X-Response-Served-From
X-Original-Request-Id
X-Cache-Rule
X-Cache-Operation
CACHE
X-Amz-Replication-Status
X-HTML-Minification-Powered-By
Surrogate-Key
X-Instance
X-UUID
X-Distributor
X-Correlation-ID
X-App-Server
X-Tumblr-Pixel-1
X-FW-Serve
X-FW-Hash
X-FW-Dynamic
X-Tumblr-User
X-Cache-Time
X-Tumblr-Pixel-0
X-FW-Server
X-Tumblr-Pixel-2
X-FW-Type
X-FW-Static
X-Tumblr-Pixel
X-Cacheable-TTL
Section-Io-Cache
X-Tec-Api-Root
X-Tec-Api-Origin
X-Tec-Api-Version
X-Rule
Refresh
X-Protected-By
Accept-Ch-Lifetime
X-Id
S-Cnection
X-Cache-Expired-At
X-Via-JSL
X-Content-Powered-By
Version
X-Cache-Spec
X-Cache-Action
GEO-INFO
X-Wix-Request-Id
Server-Name
X-Rendered-As
X-Hyper-Cache
X-Acc-Debug-Context
X-Is-Bot
X-Sucuri-ID
X-Backend-Name
Content-Disposition
Retry-After
X-Amzn-RequestId
X-Ua
Nel
X-Amz-Apigw-Id
X-Correlation-Id
X-XRDS-LOCATION
X-Air-Hostname
X-Endurance-Cache-Level
X-Ah-Environment
X-Cache-Server
PB-PID
PB-RID
Arc-Version
X-Source
X-Environment-Context
Eomportal-Instance
X-RemovedCookies
X-Real-IP
X-Unique-Id
X-Framework
X-L-Path
X-ProcessESI
X-Revision
X-EdgeConnect-Cache-Status
X-Yottaa-Metrics
X-Yottaa-Optimizations
Datacenter
X-Sucuri-Cache
X-Drupal-Cache-Contexts
Frame-Options
Referer-Policy
X-Pinterest-Sli-Endpoint-Name
X-Pinterest-Sli-Latency-Threshold
X-Pinterest-Sli-Response-Type
X-RTag
Ms-Operation-Id
Webserver
Countrycode
X-App-Version
X-Aspnet-Duration-Ms
X-Flags
X-TIME
X-Is-Crawler
X-Drupal-Cache-Tags
X-Providence-Cookie
X-Route-Name
Meta-Geo
X-Cache-Var-Map
X-RN-RSRV
X-Cache-Control
X-Varnish-Server
X-ES-SERVER
X-Cache-Var
X-LLID
X-WA-Info
X-Mode
X-Proxy-Cache-Status
X-R9-Blue-Green-Version
X-Qloud-Router
X-ProxyCache-Status
X-ProxyCache-Key
X-BYPASS-REASON
X-Xfnlog-Site
X-Cache-Host
X-Time-Microsecs
Cache-Tv-Group
X-Cache-TTL-Remaining
X-Amzn-Remapped-Content-Length
X-VWS-Id
Webcakes-App-Version
X-Cluster
X-AWS-Id
X-Server-W
X-Redis-Cache
X-PHP-Host
TWC-Device-Class
X-Be
TWC-GeoIP-Country
X-NYM-Debug-Backend
TWC-Connection-Speed
X-Contextid
Mn-Server-Ip
Ec-Rule-Version
Cross-Origin-Window-Policy
Property-Id
X-OCL
X-Origin-Hint
TWC-Locale-Group
X-Handled-By
X-FW-Version
TWC-Privacy
X-PCL
TWC-GeoIP-LatLong
X-No-Session
X-LJ-Flow-ID
X-Labrador-Cache-Channel
X-Human
Webcakes-App-Name
Webcakes-Region
NGB
X-DynaTrace-JS-Agent
X-CDN-Forward
X-Routing-Service
X-TT
X-ServerID
X-Status
X-Via-Fastly
X-TNCMS
X-Proxied
X-Site-Version
X-Proto
X-NewRelic-App-Data
X-Hosted-By
X-FB-TRIP-ID
X-Format
X-Locale
X-Loop
X-GeoIP
Akamai-Age-Ms
X-Access
DB-Nickname
X-Section
X-Proxy-Build
X-Adobe-Loc
X-Timing-Wait
X-Adobe-Content
X-Azure-Ref
Selected-Fe
X-Zipkin-Id
X-Hl-Ver
X-Detected-As
X-From
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-AIR-PT
VIX-Pulpo-Node
Cf-Bgj
FSS-Cache
Upgrade-Insecure-Requests
Uber-Trace-Id
VIX-Pulpo-Upstream-Status
X-Debug-Cache
X-Cache-PHP
X-ATG-Version
X-Generated-By
X-NC
X-Device-Type
X-Ratelimit-Reset
X-BCube-Filmed-By
Azure-SiteName
Azure-SlotName
Azure-Version
Azure-InstanceId
Azure-RegionName
Access-Control-Request-Headers
X-Esi
X-UPSTREAM-Address
X-PHP-Backend
X-Varnish-Cache-Hits
X-Page-View
X-ID
From-Origin
Cache-Status
X-Akamai-Transformed
OT-Force-Account-Verify
X-CSRF-Token
SD-X-WS
X-CCM
X-NCache
X-Adobe-Source
X-GoCache-CacheStatus
X-Backend-TTL
X-G
X-APP-VERSION
SRV
X-LAGOON
X-Oss-Storage-Class
X-Oss-Request-Id
X-Oss-Object-Type
X-Oss-Server-Time
X-COUNTRY
X-Cache-2
X-Oss-Hash-Crc64ecma
X-Origin
X-Varnishpool
Country
X-Cache-Grace
X-Alternate-Cache-Key
X-ApacheServer
X-Cluster-Name
X-Forwarded-Host
X-ShopId
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Soup
X-Storefront-Renderer-Rendered
X-ShardId
X-Shopify-Stage
X-PERF
X-Pubstack
Decoy-Debug-Key
Decoy-Debug-Status
Decoy-Debug-TTL
X-Web-Node
X-SayCDN-TTL
X-Storage
Fastly-SSL
X-Say-TTL
X-Say-Cacheable
CF-Cached-On
X-Backend-Host
Node
X-GEO
X-Via-CDN
X-FTR-Cache-Host
X-JoinUs
X-SaId
X-IP
X-B3-Spanid
Cache
X-ECache
Powered
X-Ruxit-Js-Agent
X-TX-ID
X-Viewer-Country
X-A-Dcw
X-A-Dgt
X-A-Dam
X-ARC
X-A-Ccd
X-A-Wwc
X-A
X-Aed
X-B-Cookie
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Processor
X-Cache-NE
X-Application
Host-ID
X-External-Request-Id
DCR-Decision-By
DCR-Processing-Time-Ms
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
X-Request-UUID
Apple-News-Services-Handled
Apple-News-Services-Host
Fastcgi-X-Cache-Version
Machine
Rendered-Blocks
X-PAYTM-SRV-ID
X-PBS-Appsvrname
X-D
Mobile-Detection-Method
MD5-Digest
X-Destination
Meta-Geo-Continent
X-Connection-Hash
X-RCS-CacheZone
X-Vtex-Remote-Cache
X-Vtex-Processado-Em
X-Session-Fingerprint
Xc-Version
X-ScT
X-VG-WebServer
X-Trv-Group
X-Vdms-Path
X-Vdms-Version
X-VG-WebCache
X-Cache-Enabled
X-S-Cookie
X-Worker
X-Rojux
X-Rewrite-Enabled
X-S
X-Erf-Bev-Bev-Is-Generated
X-EC-Lua
X-Time
X-Tumblr-Pixel-3
X-Erf-Bev-Bev
X-Core-Value
X-IPS-LoggedIn
Adler-Geo
X-Fmm-Version
X-WADP-Cache
X-Cache-Remote
X-Varnish-CookieINHashed-On
X-Clara-WADP
X-VG-TLSProxy
CDN-Cache
X-Cms-Context
X-Varnish-Remaining-TTL
X-Cache-Debug
CDN-EdgeStorageId
X-DPWN-IS-SECURE
X-Envoy-Decorator-Operation
X-CUA
X-Auto-Login
Is-Eu
X-DefHash
Platform
Fastly-SWR
Fastly-SIE
CDN-PullZone
X-Fastly-Cache
X-DefElseHash
CDN-RequestCountryCode
CDN-RequestId
CloudFront-Viewer-Country
CDN-Uid
CDN-CachedAt
X-Generation-Time
X-Platform-Server
X-Microcachable
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Cache-Bucket
X-Micro-Cache
X-Servername
X-Ms-Version
X-Ms-Request-Id
X-Varnish-CookieHashed-On
X-Variation
Backend
X-Cache-Config
X-Esi-Check
X-Skip-Cache
L
Fastly-Backend-Name
X-Reqid
X-Request-Host
X-Fastly-Backend
X-Thanos
CacheControlHeader
X-Old-Content-Length
X-OVcl
X-Owner
X-Dispatcher-Server
X-SN
X-Cache-Id
Wxu-Next-Region
Wxu-Next-Hostname
Wxu-Next-Commit
X-Cache-NGX
X-Clientip
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-Varnish-Beresp-Ttl
Rt-Fastcgi-Cache
X-Bip
X-Platform
Gh-Request-Id
X-Developers
X-Wikidot-Static-Cache
NM-Fastcgi-Cache
PFcat
Pagetype
Origin
C-Via
X-OVcl-Cache
X-JWT-State
X-Level-Front-Cache
X-Li-Fabric
X-Is-Gdpr
X-VarnishDD-TTL
X-HN
X-HS-Content-Campaign-Id
X-Wikidot-Backend
X-Location
X-Method
X-Branch-Name
X-Cache-Backend
X-Cache-Date
X-LI-UUID
X-Li-Pop
X-Backend-State
X-Has-Esi
X-Irp-Debug
X-Webstats-RespID
Akamai-GRN
X-Gzip
X-Geo-Header
AKAMAI
X-Generated-On
X-Varnish-Cacheable
X-Sql-Count
X-B3-Traceid
X-Sql-Duration-Ms
X-Refresh
X-Csrf-Jwt
X-Request-Start
X-Gamma-Serve
X-NWS-UUID-VERIFY
X-Slack-Backend
X-Mvc-Supplant-Cachable
XServer
X-CGP
X-Core-Mission
Ha-Gx-Prefs
X-PF-Uncompressing
X-Eu-Site
Fastly-Drupal-HTML
HA-Ipaddr
X-Varnish-Ttl
X-Policy
X-Cache-Tags
L5d-Success-Class
X-Hash
X-Content-Age
X-Bc-Bl
X-Wa
X-Render-Time
X-DC
X-Twitter-Response-Tags
FSS-Proxy
X-CS
X-Www-Served-By
X-SRV
UCS
X-Transaction
Protected
X-UA
X-NU-AKA-ACS-Version
X-S-Maxage
Cache-Hits
X-Minions-Version
X-Aicache-OS
X-EIG-Tracking-Id
X-Ftr-Cache-Host
Hostname
X-NODE
X-Amz-Meta-Cb-Modifiedtime
X-Dc
Country-Code
X-Fastcgi-Cache
NGX
X-Check-Cacheable
X-Via-Poph
X-Via-Popn
X-Mvc-Supplant-OutputCached
X-Servedbyhost
X-Date
X-LI-Proto
X-Accel-Expires-Debug
Surrogated-Key
X-RateLimit-Remaining
X-Presslabs-Stats
X-TA-CDN-Provider
X-NGENIX-Cache
X-Edge-Location
X-FPC
Mail-Subject
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-Vgn-Hpd-Variations-Key
On-Server
X-Svr
X-Vgn-Hpd-Cached
X-Req
ServedBy
X-Up
We-Hiring
X-Cdn-Srv
Group
Ufe-Result
X-Ua-Device
X-Proxy-Upstream
GeoIp-Country-Code
X-Varnish-Hostname
X-Nginx-Cache
Geoip-Latitude
X-Cache-URL
X-Erf-Stays-Bingo-Pdp-Web
X-Via-Edge
X-Via-SSL
X-Request-Time
Edge-Copy-Time
X-LB-ID
Memcached
X-CACHE-AGE
HostName
T-Server
Time
Now
X-Pass-Why
X-Hp-Webp
Section-Origin-Responded
X-Webkit-Csp
X-Uri
X-CSRF-TOKEN
X-VCL-Version
Section-Io-Origin-Time-Seconds
X-Cs
Section-Io-Origin-Status
Section-Io-Id
X-NGINX-Cache
X-Agile-Id
N-Cache
Server-Host
X-Agile
X-Cluster-Node
X-ZONE
X-BC
X-Agile-Age
WZWS-RAY
Pics-Label
X-FORWARDED-FOR
X-Varnish-Hits
Magicmarker
X-VC
X-TT-LOGID
X-SB
X-Acc-Rdl
X-UnsetCookies
DSUID
Ohc-File-Size
SID
X-Info
X-Cdn-Forward
Cache-Name
X-Oracle-Dms-Rid
X-Datadome
X-UA-Device-Type
X-CF-Powered-By
X-LiteSpeed-Cache-Control
M-TraceId
X-MP-GENERATED-AT
X-Dynatrace
X-Bc
Ohc-Cache-HIT
X-Dynatrace-Js-Agent
X-Zone
ProcessTime
X-Origin-Date
X-Srv
X-HS-Status
Apigw-Requestid
X-Via-Popv
Xserver
User-Cache-Control
Cteonnt-Length
NtCoent-Length
Odigeo-Trace-Id
Tracecode
X-APP
X-We-Are-Hiring
Arc-Country
User-Agent
X-Via-Ucdn
CF-IPCountry
Viewtype
S-Rt
Ssr
Cdn-Request-Time
Cdn-Host
X-MSEdge-Flight
X-MSEdge-Features
Sid
X-Edge-Server
VivaBuild
W
Processtime
LB
Server-Info
CDN
Memory
X-Tb
X-Action
X-RunCloud-Cache
X-HOST
X-Magnolia-Registration
CountryCode
Srv
X-Origin-Expires
Path
X-Response-By
Web-Mar-Node
Vix-Hermes-Req-Id
True-Client-Country-4JS
V-Age
X-Varnish-Url
X-API-Version
X-Cache-ASPX
X-Node-Id
X-Cache-Expires
X-Block-Status
X-BBXSRF
X-Varnish-Authentication
X-BBC-Edge-Cache-Status
X-DB
Thinkindot-Control
Sever-Int
SR-User-Adfree
X-SVT-ORM-RULES
X-Origin-CC
Server-Hostname
X-Scheme
Server-Ext
X-SD-PageType
Thinkindot-CacheControl
X-User
X-Thinkindot-L3
X-SRCache-Key
X-Oss-Cdn-Auth
Thinkindot-CacheControl-Type
X-Server-IP
X-Nyt-Route
X-Cache-Info
X-DW
X-DSS
IsBot
Lfy
X-RSL
WWW-Authenticate
X-RPS
Instruction
X-SIPLIST1
X-VServer
X-DI
CDCHOST
X-Cc-Req-Id
X-Request-URI
X-Gen-Mode
X-Nginx-Cache-Key
X-SVT-ORM-VERSION
X-Origin-TTL
X-Cc-Via
X-RPM
X-Developer
X-Contensis-Viewer-Groups
X-Matched-Rule
X-Origin-Time
X-Loc
WebServer
X-Gdpr
Locid
D-Cc-Upstream
MIME-Version
X-Hnp-Log
X-Fastly-Request-Id
X-HITS
Cache-Host
Pramga
X-Pjax-Url
X-Cache-Hm
X-Swa-Ws
X-Fetched-On
X-Device-Os
X-Vgn-Hpd-Ssi
X-Sn-Servicetimems
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Trace-Id
Amp-Access-Control-Allow-Source-Origin
X-Unique-ID
X-Cdn-Origin
X-NodeID
Server-ID
X-Var-Ttl
Geo-Info
X-Cache-Hfrom
X-Vcl-Version
X-Azure-Ref-OriginShield
X-Webkit-CSP-Report-Only
X-Fastly-Country-Code
X-Browser-Type
A
X-Newrelic-App-Data
X-Generated-In
X-Newrelic-Synthetics
X-GeoIP-City
Release
X-Traceid
X-CACHE-KEY
X-Hit
X-Geo
X-Lb-Id
GeoIP-Country-Code
Cf-Device-Type
Source
X-FC-Vary-Parameters
GeoIP-Latitude
Lb
X-Origin-Response-Time
X-Provided-By
X-Via-NSCOPI
Cdn
X-Akamai-Request-ID2
X-Fpc
X-Nc
X-Cache-Tag
X-Via-PopH
X-Via-PopN
Expiry
X-Epic-Correlation-Id
X-ServedByHost
X-Envoy-Upstream-Healthchecked-Cluster
X-Men
X-Li-Proto
X-Via-PopV
FNAC-ModuleRouting
Server-Ttl
X-Rocket-Build-Number
X-TH-Server
Accept-Language
Kp-EeAlive
Url
X-Sigma
X-SERVER-NAME
X-Vgn-Hpd-Reason
X-Akamai-Pragma-Client-IP
X-Sigma-Backend
Cache-Key
X-Served-From
Content-Secure-Policy
Xkeyi7
EpKe-Alive
X-Parent-Response-Time
Content-Style-Type
Location
X-Proxy-Cachei7
Esi-Enabled
X-Amzn-Remapped-Date
X-BBC-Origin-Response-Status
Content-Script-Type
X-Amzn-Remapped-Connection
X-StackifyID
Cache-Provider
X-B3-Parentspanid
X-No-Cache
X-RateLimit-Limit-Second
X-Akamai-Request-ID
X-ServiceProvider
X-RateLimit-Remaining-Second
URI
X-B3-SpanId
X-Request-URL
X-Yottaa-OS
X-MiniProfiler-Ids
X-WA
Req-Svc-Chain
X-VC-Cache
X-Tt-Logid
X-ElasticPress-Query
X-ORACLE-APMCS-REQUEST-ID
X-ND-Cache
X-Key
X-Agile-Brick-Ok
Actual-Object-TTL
BehaviorPad-Version
X-Instart-Request-ID
Tcn
X-Litespeed-Cache-Control
X-TraceId
X-Batcache
X-HostName
Who
X-RateLimit-Limit
Inserted-Into-Cache-At
X-Apw-Access-Action
X-PJAX-URL
X-Apw-Access-Object
X-Apw-Hits
X-Varnish-Beresp-TTL
X-Apw-Access-Token
X-Selected-Name
X-Selected-Scheme
X-Mobile-Rewrite
X-Selected-Host-Header
Origin-Edge-Control
Origin-Cache-Control
X-TrackingId
Proxy-Firewall
DataCenter
Mime-Version
Pragrma
Xet-Cookie
PICS-Label
X-Snapshot-Date
X-C
Resin-Trace
Vha6-Origin
X-Instart-Info
NnCoection
X-Dispatch