Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Pragma
Link
X-Powered-By
ETag
Expect-CT
X-XSS-Protection
CF-RAY
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-UA-Compatible
X-Amz-Cf-Id
P3P
X-Cache-Hits
X-Xss-Protection
Alt-Svc
X-Served-By
CF-Ray
X-Timer
X-Download-Options
X-Varnish
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Check
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Request-ID
X-Cache-Status
X-Generator
X-Cacheable
X-Kinja-Server-Push
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Iinfo
X-Content-Security-Policy
P3p
X-AspNetMvc-Version
Status
Content-Encoding
X-CDN
Upgrade
X-Envoy-Upstream-Service-Time
X-Drupal-Dynamic-Cache
Access-Control-Max-Age
Access-Control-Expose-Headers
Keep-Alive
X-Via
X-Ws-Request-Id
Feature-Policy
X-Age
X-Cache-Group
X-Backend
X-Server
X-Hacker
X-Amz-Request-Id
X-Robots-Tag
X-Amz-Id-2
X-AH-Environment
X-UA-Device
EagleId
Request-Context
X-Proxy-Cache
X-Template
X-Turbo-Charged-By
X-Language
X-Server-Powered-By
Server-Timing
X-Nginx-Cache-Status
Grace
Host-Header
X-Dns-Prefetch-Control
Report-To
X-Rq
X-Page-Speed
Xkey
X-OneAgent-JS-Injection
X-Varnish-Cache
X-Ua-Compatible
X-Pingback
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
Cf-Railgun
X-Buckets
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Amz-Version-Id
X-LiteSpeed-Cache
X-Vhost
X-WebKit-CSP
X-Host
X-Backend-Server
NEL
X-Server-Id
X-Dispatcher
X-Device
Surrogate-Control
X-Node
Accept-CH-Lifetime
X-Ruxit-JS-Agent
Request-Id
Content-Location
Accept-CH
X-Response-Time
EagleEye-TraceId
X-Cache-Lookup
X-Akam-SW-Version
X-Origin-Cache
X-Ac
Allow
X-Readtime
Rating
X-Mod-Pagespeed
X-HW
X-Cloud-Trace-Context
X-Application-Context
X-Country
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
Edge-Control
Pinterest-Generated-By
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Vname
X-TtlSet
X-PC
X-MS-InvokeApp
X-Cnection
X-Country-Code
X-DataDome
X-Varnish-TTL
X-Content-Type
X-CST
X-GitHub-Request-Id
X-D2id
X-Clacks-Overhead
X-ASPNET-VERSION
X-Origin-Upstream-Status
X-Trace
X-Middleton-Display
Response
Display
X-Middleton-Response
Pagespeed
X-Sol
Pinterest-Version
X-Pinterest-Rid
X-Server-Name
Fusion-Deployment-Id
Fusion-Source
Fusion-Content-Source
Fusion-Content-Id
Fusion-Template-Id
Fusion-Component-Id
MS-Author-Via
X-FastCGI-Cache
X-Vcap-Request-Id
X-Abt-Application-Version
X-Px
X-Navigation-Version
X-Rack-Cache
Service-Worker-Allowed
Verso
X-TTL
X-B3-TraceId
X-Url
X-DynaTrace
X-Fastly-Request-ID
X-Client-IP
Arr-Disable-Session-Affinity
X-Element-Page-Cache
X-ESI
X-Cache-TTL
X-Cached
X-FTR-Request-ID
Cf-Bgj
X-Webkit-CSP
X-Dw-Request-Base-Id
X-VARITI-CCR
X-Powered-By-Plesk
X-SharePointHealthScore
SPRequestGuid
X-Kinja-Build
X-Kinja-Revision
X-Kinja
X-Exp-Variant
X-Exp-Id
X-GoogleNews-Bot
X-Cdn-Fetch
X-Goog-Hash
X-Use-Magma
X-Kinja-Server
X-Upstream
X-NF-Request-ID
Fastly-Restarts
AR-ATIME
AR-Request-ID
AR-PoweredBy
AR-CACHE
X-Debug
Content-MD5
Ar-Sid
X-MSEdge-Ref
X-Forwarded-Proto
X-Pinterest-Direct
X-Powered-CMS
X-Litespeed-Cache
X-Version
SPIisLatency
SPRequestDuration
X-XRDS-Location
Access-Control-Request-Method
X-T
X-Release
X-Amz-Rid
X-Jurisdiction
S
X-Content-Digest
X-Edge
TCN
RTSS
TP-L2-Cache
TP-Cache
Public-Key-Pins
Cache-Tag
X-Ezoic-Cdn
X-Cache-Key
Front-End-Https
X-MCACHE
X-Node-Name
X-Mid
X-Yandex-Sdch-Disable
Server-Node
X-Request-Processing-Time
X-Request-Received
Fastcgi-Cache
X-Ttl
X-Mg-S
X-Amz-Server-Side-Encryption
X-Recruiting
X-Amzn-Trace-Id
X-Accel-Expires
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Ser
X-Kinsta-Cache
X-HP-Webp
X-NWS-LOG-UUID
X-Grace
X-Microsite
X-Request-Handler-Origin-Region
X-PressLabs-Stats
Accept-Ch
X-Origin-Server
Accept-Charset
X-Logged-In
X-Varnish-Age
ServerID
X-DIS-Request-ID
X-Ratelimit-Remaining
MicrosoftSharePointTeamServices
X-Page-Id
X-Cache-Hit
Host
Nginx-Cache
Edge-Cache-Tag
X-Shield-Request-Id
X-ECACHE
X-Content-Security-Policy-Report-Only
X-Hits
X-B
X-Hostname
X-Mobile-URL
X-F-Cache
X-Server-ID
Cache-Tags
Powered-By-ChinaCache
X-LB-Cache
Realpath
X-Activity-Id
X-AppVersion
X-Az
X-Git-Hash
Cleartype
X-N
Alternate-Protocol
X-Cached-By
X-Content-Options
X-Ratelimit-Limit
X-Respond-Thread
X-Cache-Age
X-Type
X-URL
X-Upgrade-Enabled
DynaTrace
X-App-Environment
X-Jobs
X-Kong-Upstream-Latency
Paypal-Debug-Id
X-Kong-Proxy-Latency
X-Varnish-Backend
X-Rid
X-Request-Guid
X-Load-Cache
X-FTR-Cache-Status
X-FTR-Balancer
X-Country-Code-Real
X-FTR-Realm
X-FTR-DC
X-FTR-Backend
X-FTR-Backend-Server
X-Forwarded-For
X-Amz-Meta-S3cmd-Attrs
Fastcgi-Useragent
X-FTR-Expires
X-Seen-By
Access-Control-Allow-Method
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-Proxy
X-WebKit-CSP-Report-Only
X-FireWall-Port
X-Zen-Fury
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-GUploader-UploadID
X-Goog-Generation
X-Goog-Storage-Class
X-HS-Content-Id
X-HS-Cache-Config
X-Akamai-Edgescape
X-HS-Hub-Id
X-HS-Combine-CSS
Filterid
X-FB-Debug
X-Correlation-ID
X-B3-Sampled
X-Daa-Tunnel
Charset
X-Varnish-Grace
X-Signature
X-VCache
X-B-Cache
X-IPLB-Instance
X-AOL-HN
X-Debug-Info
DC
Healthy
Filters
X-Host-Name
X-Mobile
MS-CV
X-Region
X-Whom
AMP-Access-Control-Allow-Source-Origin
X-App-Server
X-User-Agent
X-Cache-Operation
Viewport
X-Frontend
X-Geo-Country
X-Cache-Rule
X-Accel-Buffering
X-Original-Request-Id
Payment
X-Response-Served-From
Liferay-Portal
X-Distributor
X-Instance
X-UUID
X-Acc-Debug-Context
X-Tumblr-Pixel-0
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-FW-Serve
X-Cacheable-TTL
X-FW-Dynamic
Surrogate-Key
X-HTML-Minification-Powered-By
X-Cache-Time
X-FW-Hash
X-Tumblr-User
X-FW-Type
X-Tumblr-Pixel
X-FW-Static
X-FW-Server
X-Rule
X-Content-Powered-By
X-Protected-By
Refresh
Accept-Ch-Lifetime
X-Amz-Replication-Status
X-Via-JSL
S-Cnection
X-Is-Bot
Content-Disposition
X-Wix-Request-Id
X-Rendered-As
X-Cache-Expired-At
Section-Io-Cache
CACHE
X-Pinterest-Sli-Endpoint-Name
X-Pinterest-Sli-Latency-Threshold
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Pinterest-Sli-Response-Type
X-Hyper-Cache
X-Id
GEO-INFO
X-Backend-Name
Version
X-Cache-Action
X-Sucuri-ID
X-Endurance-Cache-Level
X-Esi
Datacenter
Nel
X-XRDS-LOCATION
X-Ua
Server-Name
PB-RID
PB-PID
X-Cache-Server
Arc-Version
Retry-After
X-Ah-Environment
Akamai-Age-Ms
X-Tec-Api-Version
X-Air-Hostname
X-Source
X-Tec-Api-Root
X-Tec-Api-Origin
X-Oneagent-Js-Injection
X-App-Version
X-EdgeConnect-Cache-Status
X-Unique-Id
X-Real-IP
Eomportal-Instance
X-Framework
Referer-Policy
X-Environment-Context
X-RemovedCookies
X-L-Path
X-ProcessESI
X-Varnish-Server
X-Yottaa-Metrics
X-Yottaa-Optimizations
NGB
X-Revision
Frame-Options
X-Sucuri-Cache
X-RTag
X-Drupal-Cache-Contexts
Ms-Operation-Id
Countrycode
X-Cache-Control
X-WA-Info
X-ES-SERVER
X-Azure-Ref
X-Cache-Var
X-RN-RSRV
Meta-Geo
X-Drupal-Cache-Tags
X-Proxy-Cache-Status
X-Cache-Var-Map
X-Mode
X-GeoIP
X-CDN-Forward
X-Cache-TTL-Remaining
Cache-Tv-Group
X-TIME
X-Cache-Host
X-BYPASS-REASON
X-Correlation-Id
X-Time-Microsecs
X-ProxyCache-Key
X-ProxyCache-Status
X-Qloud-Router
X-R9-Blue-Green-Version
X-Xfnlog-Site
X-NewRelic-App-Data
DB-Nickname
X-VWS-Id
X-TNCMS
X-Origin-Hint
Property-Id
X-OCL
TWC-Connection-Speed
X-NYM-Debug-Backend
X-Status
X-PCL
Ec-Rule-Version
Cross-Origin-Window-Policy
X-PHP-Host
Mn-Server-Ip
X-Server-W
X-Redis-Cache
X-Loop
X-LJ-Flow-ID
TWC-Locale-Group
TWC-GeoIP-LatLong
TWC-GeoIP-Country
X-AWS-Id
X-Amzn-Remapped-Content-Length
TWC-Privacy
Webcakes-Region
X-Cluster
X-FW-Version
X-Human
X-Labrador-Cache-Channel
X-Hosted-By
X-Hl-Ver
TWC-Device-Class
X-Handled-By
Webcakes-App-Name
Webcakes-App-Version
X-From
X-Site-Version
X-Zipkin-Id
X-Access
X-Detected-As
Webserver
X-Routing-Service
X-COUNTRY
X-Locale
X-Via-Fastly
X-Proxy-Build
X-ServerID
X-Proto
X-Timing-Wait
X-Contextid
Selected-Fe
X-Section
X-Proxied
X-Format
X-FB-TRIP-ID
X-No-Session
X-Be
X-DynaTrace-JS-Agent
Uber-Trace-Id
X-Providence-Cookie
X-Cache-PHP
X-Flags
X-Is-Crawler
X-Route-Name
X-Debug-Cache
X-Aspnet-Duration-Ms
X-Adobe-Content
X-PHP-Backend
X-Adobe-Loc
FSS-Cache
X-ATG-Version
X-AIR-PT
X-Device-Type
X-Generated-By
X-TT
X-BCube-Filmed-By
X-Ratelimit-Reset
X-NC
X-Tt-Trace-Tag
X-Tt-Trace-Host
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Varnish-Cache-Hits
Azure-SlotName
Azure-Version
Azure-SiteName
Upgrade-Insecure-Requests
Azure-RegionName
Azure-InstanceId
From-Origin
X-Cache-Spec
Access-Control-Request-Headers
X-LLID
X-ID
OT-Force-Account-Verify
X-NCache
X-CSRF-Token
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Oss-Server-Time
X-Oss-Request-Id
Powered
X-Origin
X-Oss-Storage-Class
X-Cache-2
X-GoCache-CacheStatus
X-Akamai-Transformed
CF-Cached-On
X-JoinUs
SD-X-WS
X-UPSTREAM-Address
X-Adobe-Source
X-CCM
X-SaId
X-APP-VERSION
X-Backend-TTL
X-ShopId
X-Shopify-Stage
X-Sorting-Hat-PodId
X-Alternate-Cache-Key
X-Sorting-Hat-ShopId
X-LAGOON
X-Storefront-Renderer-Rendered
X-ShardId
X-Varnishpool
Cache-Status
X-Soup
X-B3-Traceid
X-Fastcgi-Cache
Cache
Country
X-ApacheServer
X-G
X-Backend-Host
X-Cache-Grace
X-Page-View
X-Pubstack
X-Forwarded-Host
X-PERF
Decoy-Debug-Status
Decoy-Debug-Key
Decoy-Debug-TTL
Fastly-SSL
Node
X-Time
X-Web-Node
X-Say-TTL
X-Say-Cacheable
X-SayCDN-TTL
X-Cluster-Name
X-Storage
X-FTR-Cache-Host
X-IP
X-Cache-Enabled
SRV
X-NWS-UUID-VERIFY
X-ECache
X-Ruxit-Js-Agent
X-Viewer-Country
X-IPS-LoggedIn
X-Tumblr-Pixel-3
X-TA-CDN-Provider
X-TX-ID
Xc-Version
X-External-Request-Id
Mobile-Detection-Method
X-VG-WebCache
X-VG-WebServer
X-A-Ccd
X-A-Dam
X-A
X-D
Host-ID
MD5-Digest
X-Vtex-Remote-Cache
X-Destination
X-Vtex-Processado-Em
Machine
Meta-Geo-Continent
Rendered-Blocks
X-Worker
X-A-Dgt
X-ScT
X-S-Cookie
X-S
X-PBS-Appsvrname
Apple-News-Services-Handled
Apple-News-Services-Host
X-PAYTM-SRV-ID
X-Rojux
X-Rewrite-Enabled
X-CF-Lambda-Fn
X-Connection-Hash
X-CF-Lambda-Version
X-RCS-CacheZone
X-Processor
X-Cache-NE
X-Request-UUID
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
X-A-Dcw
Fastcgi-X-Cache-Version
X-A-Wwc
X-Vdms-Path
X-Vdms-Version
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-Aed
X-Application
X-ARC
X-B-Cookie
X-Trv-Group
DCR-Decision-By
X-Varnish-Beresp-Ttl
DCR-Processing-Time-Ms
X-Cache-Config
X-Cdn
X-EC-Lua
X-Cache-Bucket
X-Servername
Adler-Geo
CDN-Cache
CDN-EdgeStorageId
CDN-RequestCountryCode
CDN-PullZone
X-Cache-Debug
CDN-CachedAt
X-Bc-Bl
X-Rebelmouse-Cache-Control
X-Platform-Server
X-Ms-Version
X-Rebelmouse-Surrogate-Control
X-Cms-Context
X-Fmm-Version
X-Clara-WADP
CDN-RequestId
CDN-Uid
X-Via-CDN
X-VG-TLSProxy
Gh-Request-Id
X-WADP-Cache
Is-Eu
X-Session-Fingerprint
Platform
X-B3-Spanid
Fastly-SWR
X-Variation
CloudFront-Viewer-Country
X-Auto-Login
X-Varnish-CookieHashed-On
X-Varnish-CookieINHashed-On
Fastly-SIE
X-Varnish-Remaining-TTL
X-Ms-Request-Id
X-Cache-Backend
X-DefElseHash
X-CUA
X-GEO
X-DefHash
X-Generation-Time
X-Envoy-Decorator-Operation
X-DPWN-IS-SECURE
X-Fastly-Cache
X-Core-Value
X-Micro-Cache
X-Microcachable
X-DC
Backend
X-Wikidot-Backend
X-Gzip
Rt-Fastcgi-Cache
X-OVcl-Cache
X-Varnish-Cacheable
X-Bip
X-Thanos
X-HS-Content-Campaign-Id
X-Backend-State
X-HN
X-Hash
X-Owner
X-OVcl
X-Has-Esi
Fastly-Backend-Name
Wxu-Next-Region
X-Esi-Check
X-Webstats-RespID
X-Generated-On
Wxu-Next-Hostname
L
NM-Fastcgi-Cache
X-Dispatcher-Server
Fastly-Drupal-HTML
X-Platform
X-Old-Content-Length
X-Developers
X-VarnishDD-TTL
X-Geo-Header
X-Irp-Debug
X-LI-UUID
X-Clientip
X-Request-Start
X-Li-Pop
X-Cache-NGX
X-Fastly-Backend
X-Request-Host
X-CS
X-Method
Origin
PFcat
X-Gamma-Serve
X-Wikidot-Static-Cache
X-Location
X-Li-Fabric
X-Cache-Id
Wxu-Next-Commit
X-SN
X-Slack-Backend
C-Via
CacheControlHeader
X-Policy
X-Branch-Name
X-Skip-Cache
X-Is-Gdpr
X-JWT-State
X-Level-Front-Cache
AKAMAI
Akamai-GRN
X-Core-Mission
X-Cache-Date
X-UA
X-Csrf-Jwt
X-Render-Time
X-Content-Age
X-Mvc-Supplant-Cachable
X-Reqid
X-CGP
X-Twitter-Response-Tags
X-Transaction
X-Cache-Tags
X-Eu-Site
L5d-Success-Class
X-EIG-Tracking-Id
X-Varnish-Ttl
HA-Ipaddr
Ha-Gx-Prefs
X-Hp-Webp
X-Refresh
X-Minions-Version
X-Presslabs-Stats
X-Wa
Pagetype
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Aicache-OS
X-Cache-Remote
X-PF-Uncompressing
X-Ftr-Cache-Host
X-Amz-Meta-Cb-Modifiedtime
FSS-Proxy
Country-Code
X-Sql-Duration-Ms
X-Sql-Count
X-Via-Poph
UCS
XServer
X-Date
X-Accel-Expires-Debug
Surrogated-Key
X-Via-Popn
Hostname
X-Vgn-Hpd-Variations-Key
X-Vgn-Hpd-Cached
X-NODE
X-NGENIX-Cache
X-FORWARDED-FOR
X-Up
X-LB-ID
X-Edge-Location
X-Req
NGX
X-SRV
X-Nginx-Cache
X-Cdn-Srv
X-Www-Served-By
X-Mvc-Supplant-OutputCached
Time
X-Servedbyhost
X-Cache-URL
X-NU-AKA-ACS-Version
X-LI-Proto
X-RateLimit-Remaining
Group
Memcached
We-Hiring
Ufe-Result
Mail-Subject
X-S-Maxage
X-Debug-Cache-Fetch
Now
X-Debug-Cache-Store
Cache-Hits
X-Proxy-Upstream
X-FPC
X-Check-Cacheable
Protected
X-BC
X-Ua-Device
Edge-Copy-Time
X-Varnish-Hostname
X-ZONE
X-Via-Edge
X-Via-SSL
X-Dc
HostName
X-CACHE-AGE
X-CSRF-TOKEN
X-Svr
X-Agile-Id
X-Agile
X-Agile-Age
ServedBy
GeoIp-Country-Code
On-Server
Geoip-Latitude
X-Request-Time
X-VCL-Version
X-Acc-Rdl
X-LiteSpeed-Cache-Control
SID
T-Server
M-TraceId
X-Cluster-Node
X-Pass-Why
X-Dynatrace-Js-Agent
X-Via-Popv
X-MP-GENERATED-AT
X-UnsetCookies
Server-Host
X-Cs
X-APP
Arc-Country
Pics-Label
X-Cdn-Forward
NtCoent-Length
N-Cache
X-Datadome
X-CF-Powered-By
X-Uri
ProcessTime
X-HS-Status
Ohc-File-Size
X-Bc
Xserver
WZWS-RAY
X-NGINX-Cache
X-Zone
X-Varnish-Hits
X-Erf-Stays-Bingo-Pdp-Web
Section-Origin-Responded
X-Edge-Server
Cdn-Request-Time
VivaBuild
X-Srv
Viewtype
Cdn-Host
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
Apigw-Requestid
Magicmarker
X-VC
WebServer
X-SB
Section-Io-Id
Memory
X-We-Are-Hiring
X-Action
X-Via-Ucdn
X-Info
X-RunCloud-Cache
X-TT-LOGID
DSUID
User-Agent
Srv
Ohc-Cache-HIT
X-RPS
X-RPM
X-RSL
WWW-Authenticate
X-UA-Device-Type
Cache-Name
Server-Info
X-DB
X-DI
X-DW
X-MSEdge-Features
X-DSS
X-MSEdge-Flight
W
Processtime
CF-IPCountry
X-Oss-Cdn-Auth
Odigeo-Trace-Id
LB
S-Rt
X-Vgn-Hpd-Ssi
Sid
X-Tb
CDN
User-Cache-Control
Cteonnt-Length
Tracecode
X-HOST
X-Newrelic-App-Data
CountryCode
X-SERVER-NAME
X-Origin-Date
Ssr
X-Hit
X-HITS
X-Geo
X-Cache-Hm
X-Vcl-Version
X-Cache-Hfrom
X-Pjax-Url
Amp-Access-Control-Allow-Source-Origin
X-Magnolia-Registration
Lfy
Geo-Info
X-Unique-ID
X-Webkit-CSP-Report-Only
X-Cache-ASPX
X-Block-Status
A
X-BBXSRF
X-Origin-Time
X-Cache-Expires
X-Cache-Info
Thinkindot-CacheControl
Locid
MIME-Version
Path
Server-Ext
D-Cc-Upstream
IsBot
X-Scheme
Instruction
X-Cc-Via
X-Cc-Req-Id
Server-Hostname
Server-ID
V-Age
Vix-Hermes-Req-Id
Web-Mar-Node
X-API-Version
True-Client-Country-4JS
Thinkindot-Control
Sever-Int
SR-User-Adfree
Thinkindot-CacheControl-Type
X-BBC-Edge-Cache-Status
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Matched-Rule
CDCHOST
X-User
X-Nyt-Route
X-Nginx-Cache-Key
X-Server-IP
X-Varnish-Authentication
X-Request-URI
GeoIP-Latitude
X-Akamai-Request-ID2
X-Loc
X-Response-By
X-Traceid
GeoIP-Country-Code
X-Origin-TTL
X-Hnp-Log
X-Origin-CC
X-Varnish-Url
X-SIPLIST1
X-Gdpr
X-FC-Vary-Parameters
X-SRCache-Key
X-Newrelic-Synthetics
X-Contensis-Viewer-Groups
X-Developer
X-Gen-Mode
X-Fastly-Country-Code
X-Origin-Expires
X-Node-Id
X-VServer
X-Thinkindot-L3
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-SD-PageType
X-CACHE-KEY
Lb
Pramga
X-Trace-Id
X-Generated-In
X-Fetched-On
X-Epic-Correlation-Id
Cache-Host
X-Device-Os
X-NodeID
X-Envoy-Upstream-Healthchecked-Cluster
X-GeoIP-City
Release
X-Swa-Ws
X-Azure-Ref-OriginShield
X-Sn-Servicetimems
X-Var-Ttl
X-Cdn-Origin
X-Cache-Tag
X-Provided-By
X-Via-NSCOPI
Accept-Language
Cdn
X-Nc
X-Fpc
X-ORACLE-APMCS-REQUEST-ID
Actual-Object-TTL
Cf-Device-Type
FNAC-ModuleRouting
X-Amzn-Remapped-Connection
X-Lb-Id
X-Li-Proto
X-StackifyID
Esi-Enabled
X-Instart-Request-ID
X-ServedByHost
X-Amzn-Remapped-Date
X-Men
Source
X-Vcache
X-Dynatrace
Server-Ttl
Cache-Key
X-Origin-Response-Time
X-Sigma-Backend
X-Key
Kp-EeAlive
X-Rocket-Build-Number
X-Sigma
X-Served-From
X-Akamai-Pragma-Client-IP
X-TH-Server
X-Mobile-Rewrite
X-Via-PopN
X-Via-PopV
Content-Style-Type
Content-Script-Type
Expiry
X-Request-URL
X-Parent-Response-Time
X-Via-PopH
Cache-Provider
X-No-Cache
Location
Origin-Cache-Control
Url
Proxy-Firewall
X-RateLimit-Limit-Second
X-Tt-Logid
X-RateLimit-Remaining-Second
X-ServiceProvider
X-VC-Cache
X-Dispatch
X-Agile-Brick-Ok
X-Geo-Region
Req-Svc-Chain
Origin-Edge-Control
X-ElasticPress-Query
X-MiniProfiler-Ids
X-Yottaa-OS
X-WA
X-Vgn-Hpd-Reason
X-B3-SpanId
Inserted-Into-Cache-At
X-Instart-Info
X-Batcache
Tcn
X-HostName
X-B3-Parentspanid
X-Apw-Access-Action
X-BBC-Origin-Response-Status
Who
Powered-By
X-Varnish-Beresp-TTL
X-PJAX-URL
X-Apw-Hits
X-Apw-Access-Object
URI
X-RAMCache
X-Akamai-Request-ID
HitType
X-Pf-Uncompressing
EpKe-Alive
X-Apw-Access-Token
Cf-Alt-Svc
Content-Secure-Policy
X-RateLimit-Limit
X-Selected-Host-Header
X-Selected-Scheme
X-Selected-Name
Xkeyi7
Resin-Trace
Vha6-Origin
NnCoection
X-Proxy-Cachei7
Pragrma
Fastcgi-Cache-TTL
X-Dw-Trace-Id
X-LiteSpeed-Tag
Dnion-Transfer-Encoding
Mime-Version
Xet-Cookie
X-Snapshot-Date
X-C
PICS-Label