Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-Cache-Status
Accept-Ranges
Pragma
Link
X-Powered-By
ETag
X-XSS-Protection
Expect-CT
CF-RAY
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-UA-Compatible
X-Amz-Cf-Id
P3P
X-Cache-Hits
Alt-Svc
X-Served-By
CF-Ray
X-Timer
X-Download-Options
X-Varnish
Access-Control-Allow-Headers
X-Xss-Protection
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Check
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Request-ID
X-Cache-Status
X-Generator
X-Cacheable
X-Kinja-Server-Push
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Iinfo
X-Content-Security-Policy
P3p
Content-Encoding
Status
X-CDN
X-AspNetMvc-Version
X-Envoy-Upstream-Service-Time
Upgrade
X-Drupal-Dynamic-Cache
Access-Control-Max-Age
Access-Control-Expose-Headers
Keep-Alive
X-Via
X-Ws-Request-Id
Feature-Policy
X-Age
X-Cache-Group
X-Server
X-Backend
X-Amz-Request-Id
X-Hacker
X-Robots-Tag
X-Amz-Id-2
Request-Context
X-UA-Device
X-AH-Environment
X-Proxy-Cache
EagleId
X-Turbo-Charged-By
X-Server-Powered-By
Server-Timing
X-Nginx-Cache-Status
Grace
Host-Header
X-Dns-Prefetch-Control
Report-To
X-Template
X-Language
X-Rq
Xkey
X-Page-Speed
X-Varnish-Cache
X-Ua-Compatible
X-OneAgent-JS-Injection
X-Pingback
X-Swift-CacheTime
X-Swift-SaveTime
Cf-Railgun
Ali-Swift-Global-Savetime
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Amz-Version-Id
X-LiteSpeed-Cache
X-Vhost
X-Buckets
X-Host
X-WebKit-CSP
NEL
X-Backend-Server
X-Server-Id
X-Dispatcher
X-Device
Accept-CH-Lifetime
Surrogate-Control
X-Node
Accept-CH
Request-Id
X-Ruxit-JS-Agent
Content-Location
EagleEye-TraceId
X-Response-Time
X-Akam-SW-Version
X-Cache-Lookup
Allow
X-Origin-Cache
X-Ac
X-Readtime
X-Mod-Pagespeed
Rating
X-HW
X-Country
X-Application-Context
X-Cloud-Trace-Context
X-ORACLE-DMS-ECID
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Edge-Control
Pinterest-Generated-By
X-MS-InvokeApp
X-CST
X-ORACLE-DMS-RID
X-TtlSet
X-Vname
X-PC
X-Cnection
X-Country-Code
X-Varnish-TTL
X-DataDome
X-GitHub-Request-Id
X-Content-Type
X-ASPNET-VERSION
X-FastCGI-Cache
X-D2id
X-Clacks-Overhead
X-TTL
Display
Response
Pagespeed
X-Middleton-Display
X-Sol
X-Middleton-Response
MS-Author-Via
X-Trace
X-Server-Name
Pinterest-Version
X-Pinterest-Rid
X-B3-TraceId
X-Origin-Upstream-Status
X-Vcap-Request-Id
X-Px
X-Rack-Cache
X-Abt-Application-Version
X-Navigation-Version
X-ESI
Fusion-Template-Id
Fusion-Content-Id
Fusion-Content-Source
Fusion-Source
Fusion-Deployment-Id
Fusion-Component-Id
Service-Worker-Allowed
X-Url
Verso
Arr-Disable-Session-Affinity
X-Client-IP
X-Cache-TTL
X-Element-Page-Cache
X-Cached
X-Dw-Request-Base-Id
X-Fastly-Request-ID
X-FTR-Request-ID
X-Webkit-CSP
SPRequestGuid
X-DynaTrace
X-SharePointHealthScore
X-VARITI-CCR
X-Cdn-Fetch
X-GoogleNews-Bot
X-Exp-Variant
X-Use-Magma
X-Kinja
X-Kinja-Server
X-Exp-Id
X-Kinja-Revision
X-Kinja-Build
X-Goog-Hash
X-Powered-By-Plesk
X-Upstream
X-Pinterest-Direct
X-NF-Request-ID
Fastly-Restarts
AR-PoweredBy
AR-ATIME
AR-Request-ID
AR-CACHE
Ar-Sid
X-Debug
SPRequestDuration
SPIisLatency
Content-MD5
X-MSEdge-Ref
X-Litespeed-Cache
X-Powered-CMS
X-Forwarded-Proto
X-Amz-Rid
Access-Control-Request-Method
X-Release
X-Version
X-XRDS-Location
X-T
X-Jurisdiction
S
X-Edge
X-Content-Digest
TCN
RTSS
Public-Key-Pins
X-Ezoic-Cdn
TP-L2-Cache
TP-Cache
Cache-Tag
X-Cache-Key
Front-End-Https
X-MCACHE
X-Mid
X-Amz-Server-Side-Encryption
X-Mg-S
Server-Node
X-Node-Name
X-Yandex-Sdch-Disable
X-HP-Webp
Fastcgi-Cache
Mrf-Cache-Status
X-Request-Processing-Time
X-Request-Received
X-B3-TraceId-Primal
MRF-Tech
X-Recruiting
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Amzn-Trace-Id
X-Grace
X-Accel-Expires
X-Kinsta-Cache
X-Ser
X-PressLabs-Stats
MicrosoftSharePointTeamServices
X-Request-Handler-Origin-Region
X-Microsite
Accept-Ch
X-Origin-Server
X-Varnish-Age
Accept-Charset
X-NWS-LOG-UUID
X-DIS-Request-ID
Edge-Cache-Tag
ServerID
X-Logged-In
X-Ttl
X-Content-Security-Policy-Report-Only
Host
X-Shield-Request-Id
Nginx-Cache
Powered-By-ChinaCache
X-Page-Id
X-ECACHE
X-Ratelimit-Remaining
X-Cache-Hit
X-Hits
Cache-Tags
X-Forwarded-For
X-LB-Cache
X-F-Cache
Cleartype
X-Hostname
X-Respond-Thread
X-Server-ID
X-B
X-Activity-Id
X-Az
X-AppVersion
X-Mobile-URL
X-Git-Hash
X-N
X-Upgrade-Enabled
Realpath
X-Cached-By
X-Amz-Meta-S3cmd-Attrs
X-Kong-Upstream-Latency
X-Cache-Age
X-Kong-Proxy-Latency
X-Aspnetmvc-Version
X-Content-Options
X-Type
X-Rid
X-Load-Cache
DynaTrace
Alternate-Protocol
X-Varnish-Backend
Paypal-Debug-Id
X-Ratelimit-Limit
X-Request-Guid
X-App-Environment
X-Jobs
Access-Control-Allow-Method
Fastcgi-Useragent
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-Backend
X-FTR-Realm
X-FTR-Cache-Status
X-FTR-DC
X-Country-Code-Real
X-FTR-Expires
X-WebKit-CSP-Report-Only
Charset
X-Seen-By
X-Oneagent-Js-Injection
X-HS-Hub-Id
X-HS-Cache-Config
X-HS-Content-Id
X-Proxy
X-HS-Combine-CSS
X-Goog-Metageneration
X-GUploader-UploadID
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Generation
X-B3-Sampled
X-VCache
Filters
X-Akamai-Edgescape
X-Zen-Fury
X-IPLB-Instance
X-URL
X-Signature
X-B-Cache
X-Mobile
MS-CV
X-Debug-Info
X-Whom
Viewport
X-FB-Debug
Healthy
X-FireWall-Port
X-AOL-HN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Host-Name
X-TEC-API-ORIGIN
X-Varnish-Grace
X-Region
X-Daa-Tunnel
AMP-Access-Control-Allow-Source-Origin
DC
X-Geo-Country
X-User-Agent
Payment
Liferay-Portal
X-Frontend
Filterid
X-Response-Served-From
X-Accel-Buffering
X-Original-Request-Id
X-Cache-Rule
X-Cache-Operation
CACHE
X-Amz-Replication-Status
Surrogate-Key
X-HTML-Minification-Powered-By
X-Distributor
X-Instance
X-UUID
X-Tumblr-Pixel
X-Tumblr-Pixel-2
X-Tumblr-User
X-Tumblr-Pixel-1
X-Correlation-ID
X-App-Server
X-Tumblr-Pixel-0
X-FW-Static
X-FW-Type
X-FW-Serve
X-FW-Server
X-Rule
X-FW-Dynamic
X-Cache-Time
X-FW-Hash
Refresh
X-Cacheable-TTL
X-Protected-By
Section-Io-Cache
X-Tec-Api-Version
X-Tec-Api-Origin
X-Tec-Api-Root
Accept-Ch-Lifetime
S-Cnection
X-Id
X-Via-JSL
X-Cache-Expired-At
X-Content-Powered-By
Version
X-Cache-Spec
X-Cache-Action
X-Is-Bot
X-Wix-Request-Id
X-Rendered-As
Server-Name
X-Hyper-Cache
GEO-INFO
X-Acc-Debug-Context
X-Backend-Name
X-Sucuri-ID
Content-Disposition
Retry-After
X-Amz-Apigw-Id
X-Air-Hostname
Nel
X-Correlation-Id
X-Ua
X-XRDS-LOCATION
X-Amzn-RequestId
X-Endurance-Cache-Level
PB-RID
X-Ah-Environment
PB-PID
Arc-Version
X-Cache-Server
X-Source
X-Real-IP
X-Framework
X-Environment-Context
X-L-Path
X-ProcessESI
X-RemovedCookies
Eomportal-Instance
X-Unique-Id
X-Revision
X-Yottaa-Metrics
X-EdgeConnect-Cache-Status
Datacenter
X-Yottaa-Optimizations
X-Pinterest-Sli-Endpoint-Name
X-Pinterest-Sli-Response-Type
X-Pinterest-Sli-Latency-Threshold
Ms-Operation-Id
Frame-Options
Referer-Policy
X-Sucuri-Cache
X-RTag
X-Drupal-Cache-Contexts
Countrycode
Webserver
X-App-Version
X-Drupal-Cache-Tags
X-Providence-Cookie
X-Route-Name
X-TIME
X-Flags
X-Aspnet-Duration-Ms
X-Is-Crawler
X-ES-SERVER
X-Cache-Var-Map
X-RN-RSRV
X-Cache-Control
X-Varnish-Server
Meta-Geo
X-LLID
X-Cache-Var
X-Proxy-Cache-Status
X-BYPASS-REASON
X-Mode
X-ProxyCache-Status
X-WA-Info
X-ProxyCache-Key
X-Hl-Ver
X-Xfnlog-Site
Cache-Tv-Group
X-Cache-Host
X-R9-Blue-Green-Version
X-Qloud-Router
X-Time-Microsecs
X-Contextid
TWC-Privacy
Mn-Server-Ip
Property-Id
TWC-Connection-Speed
TWC-GeoIP-Country
TWC-GeoIP-LatLong
Ec-Rule-Version
TWC-Device-Class
TWC-Locale-Group
Cross-Origin-Window-Policy
X-Redis-Cache
X-NYM-Debug-Backend
X-OCL
Webcakes-App-Name
X-DynaTrace-JS-Agent
X-Labrador-Cache-Channel
X-LJ-Flow-ID
X-Origin-Hint
X-PCL
X-ServerID
X-VWS-Id
X-Server-W
X-Proto
X-PHP-Host
X-Human
X-No-Session
X-Be
Webcakes-Region
X-AWS-Id
X-Amzn-Remapped-Content-Length
X-CDN-Forward
NGB
Webcakes-App-Version
X-Cache-TTL-Remaining
X-Handled-By
X-Cluster
X-FW-Version
X-Status
X-Site-Version
X-Zipkin-Id
X-TNCMS
X-Via-Fastly
X-Timing-Wait
Selected-Fe
X-Proxy-Build
X-Proxied
X-Loop
X-Format
X-Locale
X-FB-TRIP-ID
DB-Nickname
X-Routing-Service
X-GeoIP
X-Hosted-By
X-Section
X-Access
X-Azure-Ref
X-TT
X-Adobe-Content
X-Adobe-Loc
Akamai-Age-Ms
X-NewRelic-App-Data
X-Detected-As
X-From
X-AIR-PT
X-Tt-Trace-Tag
X-Tt-Trace-Host
FSS-Cache
Cf-Bgj
VIX-Pulpo-Node
Upgrade-Insecure-Requests
VIX-Pulpo-Upstream-Status
Uber-Trace-Id
X-Device-Type
X-Cache-PHP
X-Debug-Cache
X-NC
X-ATG-Version
X-Generated-By
X-BCube-Filmed-By
X-Ratelimit-Reset
X-Esi
Azure-Version
Azure-SiteName
Azure-InstanceId
Azure-SlotName
Azure-RegionName
Access-Control-Request-Headers
X-Varnish-Cache-Hits
X-PHP-Backend
X-UPSTREAM-Address
X-Page-View
X-ID
From-Origin
Cache-Status
OT-Force-Account-Verify
X-CSRF-Token
X-Akamai-Transformed
X-Adobe-Source
SD-X-WS
X-NCache
X-CCM
X-COUNTRY
X-Backend-TTL
SRV
X-GoCache-CacheStatus
X-APP-VERSION
X-G
X-Origin
X-LAGOON
X-Cluster-Name
X-Oss-Storage-Class
X-Varnishpool
X-Oss-Hash-Crc64ecma
X-Cache-2
X-Oss-Object-Type
X-Oss-Request-Id
X-Oss-Server-Time
X-Shopify-Stage
X-Sorting-Hat-PodId
X-Soup
X-Storefront-Renderer-Rendered
X-Sorting-Hat-ShopId
X-PERF
X-ShopId
X-ApacheServer
X-Alternate-Cache-Key
Country
X-Forwarded-Host
X-Cache-Grace
X-ShardId
X-Pubstack
Decoy-Debug-Key
X-Web-Node
Decoy-Debug-Status
Fastly-SSL
X-Say-TTL
X-SayCDN-TTL
X-Storage
Decoy-Debug-TTL
X-Say-Cacheable
X-Backend-Host
CF-Cached-On
Node
X-FTR-Cache-Host
X-GEO
X-Via-CDN
X-JoinUs
X-SaId
X-IP
X-ECache
X-B3-Spanid
Cache
X-Ruxit-Js-Agent
X-Viewer-Country
Powered
X-TX-ID
X-Worker
X-S-Cookie
Meta-Geo-Continent
Mobile-Detection-Method
X-S
Xc-Version
X-ScT
X-A
Rendered-Blocks
X-Rewrite-Enabled
X-A-Dam
X-A-Ccd
X-Rojux
Fastcgi-X-Cache-Version
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
X-VG-WebCache
Apple-News-Services-Host
Apple-News-Services-Handled
X-Vdms-Version
X-Vdms-Path
X-Trv-Group
X-VG-WebServer
X-Session-Fingerprint
Host-ID
Machine
MD5-Digest
X-A-Dcw
X-Vtex-Remote-Cache
DCR-Decision-By
DCR-Processing-Time-Ms
X-Vtex-Processado-Em
X-Cache-Enabled
X-Request-UUID
X-D
X-Connection-Hash
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-Processor
X-A-Dgt
X-External-Request-Id
X-PAYTM-SRV-ID
X-PBS-Appsvrname
X-Cache-NE
X-Destination
X-RCS-CacheZone
X-A-Wwc
X-Aed
X-ARC
X-Application
X-B-Cookie
X-Cache-Config
X-Erf-Bev-Bev-Is-Generated
X-EC-Lua
X-Time
X-Tumblr-Pixel-3
X-Erf-Bev-Bev
X-Envoy-Decorator-Operation
X-Fastly-Cache
X-Ms-Request-Id
CDN-Cache
X-Rebelmouse-Surrogate-Control
X-DPWN-IS-SECURE
Adler-Geo
X-Microcachable
X-Generation-Time
X-Cache-Remote
X-Irp-Debug
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
X-Variation
X-Micro-Cache
X-Varnish-CookieHashed-On
X-Fmm-Version
X-Platform
X-CUA
Is-Eu
Fastly-SWR
Fastly-SIE
X-Core-Value
X-Cms-Context
X-Cache-Debug
X-Cache-Bucket
X-Clara-WADP
X-Servername
X-DefElseHash
CDN-RequestId
CDN-RequestCountryCode
Platform
CDN-PullZone
CDN-Uid
X-Platform-Server
X-DefHash
X-Rebelmouse-Cache-Control
CloudFront-Viewer-Country
CDN-EdgeStorageId
CDN-CachedAt
X-VG-TLSProxy
X-IPS-LoggedIn
Gh-Request-Id
X-Auto-Login
X-WADP-Cache
X-Ms-Version
Backend
X-Cache-Tags
L
Ha-Gx-Prefs
X-Webstats-RespID
HA-Ipaddr
X-Csrf-Jwt
X-Cache-NGX
Wxu-Next-Commit
X-Developers
X-Thanos
X-Bip
Fastly-Backend-Name
L5d-Success-Class
X-CGP
X-Cache-Date
X-Varnish-Beresp-Status
X-Varnish-Beresp-Ttl
C-Via
Rt-Fastcgi-Cache
Wxu-Next-Region
X-Reqid
X-Varnish-Beresp-Grace
Wxu-Next-Hostname
PFcat
Pagetype
X-Branch-Name
X-Cache-Backend
X-Clientip
X-Backend-State
X-Wikidot-Backend
X-Wikidot-Static-Cache
Origin
NM-Fastcgi-Cache
X-Cache-Id
X-Skip-Cache
X-Policy
X-Generated-On
X-Geo-Header
X-OVcl
X-Varnish-Cacheable
X-Esi-Check
X-Eu-Site
X-Fastly-Backend
X-Mvc-Supplant-Cachable
X-VarnishDD-TTL
X-HS-Content-Campaign-Id
X-Old-Content-Length
X-SN
X-HN
X-JWT-State
X-Gzip
X-Has-Esi
X-Level-Front-Cache
X-Li-Fabric
X-Method
Akamai-GRN
X-Is-Gdpr
X-Request-Host
X-Request-Start
CacheControlHeader
X-Dispatcher-Server
X-Location
AKAMAI
X-Owner
X-Li-Pop
X-OVcl-Cache
X-LI-UUID
X-Sql-Count
X-B3-Traceid
X-Sql-Duration-Ms
XServer
X-NWS-UUID-VERIFY
X-Refresh
X-Gamma-Serve
X-Varnish-Ttl
X-Core-Mission
X-PF-Uncompressing
X-Render-Time
X-Slack-Backend
X-Content-Age
Fastly-Drupal-HTML
X-Hash
X-Bc-Bl
UCS
X-Wa
X-DC
X-CS
FSS-Proxy
X-Transaction
X-SRV
X-Twitter-Response-Tags
X-Www-Served-By
X-UA
Protected
X-Aicache-OS
X-NU-AKA-ACS-Version
X-EIG-Tracking-Id
X-S-Maxage
X-Minions-Version
Cache-Hits
X-Ftr-Cache-Host
X-NODE
Hostname
X-Fastcgi-Cache
NGX
Country-Code
X-Dc
X-Mvc-Supplant-OutputCached
X-Amz-Meta-Cb-Modifiedtime
X-Presslabs-Stats
X-Check-Cacheable
X-RateLimit-Remaining
X-Via-Poph
X-LI-Proto
X-Accel-Expires-Debug
X-Via-Popn
X-Date
Surrogated-Key
X-Servedbyhost
X-TA-CDN-Provider
X-NGENIX-Cache
X-Vgn-Hpd-Variations-Key
X-Vgn-Hpd-Cached
X-Up
On-Server
X-FPC
ServedBy
X-Edge-Location
X-Debug-Cache-Store
We-Hiring
X-Debug-Cache-Fetch
X-LB-ID
X-Svr
X-Req
Mail-Subject
X-Nginx-Cache
Memcached
X-Via-Edge
X-Ua-Device
X-Via-SSL
X-Proxy-Upstream
X-Request-Time
GeoIp-Country-Code
Ufe-Result
Geoip-Latitude
Edge-Copy-Time
X-Cache-URL
X-Varnish-Hostname
X-Cdn-Srv
Group
X-Erf-Stays-Bingo-Pdp-Web
HostName
X-CACHE-AGE
Time
T-Server
X-Pass-Why
X-Hp-Webp
Now
Section-Io-Origin-Time-Seconds
X-VCL-Version
Section-Io-Origin-Status
X-Webkit-Csp
X-Uri
Section-Origin-Responded
X-Cs
Section-Io-Id
X-CSRF-TOKEN
X-NGINX-Cache
Server-Host
X-Cluster-Node
X-Agile
Pics-Label
X-FORWARDED-FOR
WZWS-RAY
X-BC
X-Agile-Id
X-Agile-Age
N-Cache
X-ZONE
X-Varnish-Hits
Magicmarker
X-MP-GENERATED-AT
X-Acc-Rdl
X-VC
X-SB
X-TT-LOGID
X-UnsetCookies
SID
Ohc-File-Size
DSUID
X-Info
X-CF-Powered-By
Cache-Name
X-UA-Device-Type
X-Datadome
X-Oracle-Dms-Rid
X-Cdn-Forward
M-TraceId
X-LiteSpeed-Cache-Control
Ohc-Cache-HIT
X-Dynatrace-Js-Agent
X-Dynatrace
X-Bc
X-Zone
X-HS-Status
ProcessTime
X-Via-Popv
X-Srv
Apigw-Requestid
X-Origin-Date
Odigeo-Trace-Id
NtCoent-Length
Cteonnt-Length
User-Cache-Control
Xserver
Tracecode
X-We-Are-Hiring
X-APP
Arc-Country
User-Agent
W
CF-IPCountry
Cdn-Host
Cdn-Request-Time
X-Edge-Server
Processtime
S-Rt
Ssr
X-Via-Ucdn
VivaBuild
X-MSEdge-Features
X-MSEdge-Flight
Viewtype
Sid
X-Magnolia-Registration
LB
CDN
Server-Info
X-Tb
X-RunCloud-Cache
X-Action
Lfy
Memory
Srv
CountryCode
X-HOST
WebServer
Web-Mar-Node
X-Developer
X-Cache-Info
X-Block-Status
X-BBXSRF
X-API-Version
X-Cache-ASPX
X-BBC-Edge-Cache-Status
X-Cache-Expires
X-Contensis-Viewer-Groups
X-VServer
Instruction
IsBot
Locid
MIME-Version
CDCHOST
X-Scheme
D-Cc-Upstream
X-Cc-Req-Id
X-Cc-Via
Path
Server-Ext
Thinkindot-Control
True-Client-Country-4JS
V-Age
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
Server-Hostname
Sever-Int
SR-User-Adfree
Vix-Hermes-Req-Id
WWW-Authenticate
X-Server-IP
X-SIPLIST1
X-SRCache-Key
X-RSL
X-SD-PageType
X-Response-By
X-Varnish-Url
X-Varnish-Authentication
X-Request-URI
X-RPS
X-RPM
X-User
X-DSS
X-DW
X-DI
X-DB
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Thinkindot-L3
X-Origin-Time
X-Origin-TTL
X-Loc
X-Matched-Rule
X-Origin-Expires
X-Hnp-Log
X-Gdpr
X-Gen-Mode
X-Nginx-Cache-Key
X-Oss-Cdn-Auth
X-Node-Id
X-Nyt-Route
X-Origin-CC
X-HITS
X-Fastly-Request-Id
X-Trace-Id
X-Generated-In
X-Swa-Ws
X-Cdn-Origin
X-Fetched-On
X-GeoIP-City
Server-ID
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Var-Ttl
X-NodeID
Pramga
X-Sn-Servicetimems
X-Azure-Ref-OriginShield
Release
X-Device-Os
Cache-Host
X-Pjax-Url
X-Cache-Hm
Amp-Access-Control-Allow-Source-Origin
X-Vcl-Version
Geo-Info
X-Unique-ID
X-Cache-Hfrom
X-Vgn-Hpd-Ssi
X-Webkit-CSP-Report-Only
X-Fastly-Country-Code
X-Traceid
A
X-FC-Vary-Parameters
X-Newrelic-Synthetics
X-Browser-Type
X-Newrelic-App-Data
X-Hit
X-Geo
X-CACHE-KEY
X-Lb-Id
Lb
GeoIP-Country-Code
GeoIP-Latitude
Source
Cf-Device-Type
X-Provided-By
X-Origin-Response-Time
Cdn
X-Via-NSCOPI
X-Fpc
X-Akamai-Request-ID2
X-Nc
X-Cache-Tag
Expiry
X-Epic-Correlation-Id
X-Envoy-Upstream-Healthchecked-Cluster
X-Via-PopH
X-ServedByHost
X-Li-Proto
X-Via-PopN
X-Via-PopV
X-Men
Server-Ttl
FNAC-ModuleRouting
X-TH-Server
X-Rocket-Build-Number
Kp-EeAlive
X-Vgn-Hpd-Reason
X-Served-From
X-Akamai-Pragma-Client-IP
Accept-Language
Url
X-SERVER-NAME
Cache-Key
X-Sigma-Backend
X-Sigma
EpKe-Alive
X-Parent-Response-Time
Content-Secure-Policy
Esi-Enabled
X-B3-Parentspanid
X-StackifyID
X-BBC-Origin-Response-Status
Content-Style-Type
X-Amzn-Remapped-Connection
Xkeyi7
X-Proxy-Cachei7
Location
Cache-Provider
X-Amzn-Remapped-Date
Content-Script-Type
X-No-Cache
X-Yottaa-OS
X-Tt-Logid
X-Key
X-RateLimit-Remaining-Second
X-ServiceProvider
X-ORACLE-APMCS-REQUEST-ID
BehaviorPad-Version
X-ND-Cache
URI
X-B3-SpanId
X-ElasticPress-Query
X-Request-URL
X-Akamai-Request-ID
X-Agile-Brick-Ok
Req-Svc-Chain
X-VC-Cache
Actual-Object-TTL
X-MiniProfiler-Ids
X-WA
X-RateLimit-Limit-Second
X-Instart-Request-ID
Tcn
Who
X-PJAX-URL
X-Litespeed-Cache-Control
X-HostName
X-RateLimit-Limit
X-TrackingId
X-TraceId
Inserted-Into-Cache-At
X-Apw-Access-Token
X-Apw-Access-Object
X-Batcache
X-Apw-Hits
X-Varnish-Beresp-TTL
X-Apw-Access-Action
X-Selected-Scheme
X-Selected-Host-Header
X-Selected-Name
X-Mobile-Rewrite
Resin-Trace
DataCenter
Pragrma
Xet-Cookie
X-Snapshot-Date
X-Pf-Uncompressing
PICS-Label
X-C
Mime-Version
Vha6-Origin
Origin-Edge-Control
Origin-Cache-Control
Proxy-Firewall
X-Instart-Info
X-Dispatch
NnCoection