Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Pragma
Link
X-Powered-By
ETag
Expect-CT
X-XSS-Protection
CF-RAY
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-UA-Compatible
X-Amz-Cf-Id
P3P
X-Cache-Hits
X-Xss-Protection
Alt-Svc
X-Served-By
CF-Ray
X-Timer
X-Download-Options
X-Varnish
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Check
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Request-ID
X-Cache-Status
X-Generator
X-Cacheable
X-Kinja-Server-Push
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Iinfo
X-Content-Security-Policy
P3p
X-AspNetMvc-Version
Status
Content-Encoding
X-CDN
Upgrade
X-Envoy-Upstream-Service-Time
X-Drupal-Dynamic-Cache
Access-Control-Max-Age
Access-Control-Expose-Headers
Keep-Alive
X-Via
X-Ws-Request-Id
Feature-Policy
X-Age
X-Cache-Group
X-Backend
X-Server
X-Hacker
X-Amz-Request-Id
X-Robots-Tag
X-Amz-Id-2
X-AH-Environment
X-UA-Device
Request-Context
EagleId
X-Proxy-Cache
X-Template
X-Turbo-Charged-By
X-Language
X-Server-Powered-By
Server-Timing
X-Nginx-Cache-Status
Grace
Host-Header
X-Dns-Prefetch-Control
Report-To
X-Rq
X-Page-Speed
Xkey
X-OneAgent-JS-Injection
X-Varnish-Cache
X-Ua-Compatible
X-Pingback
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
Cf-Railgun
X-Buckets
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Amz-Version-Id
X-LiteSpeed-Cache
X-Vhost
X-WebKit-CSP
X-Host
NEL
X-Backend-Server
X-Server-Id
X-Dispatcher
X-Device
Surrogate-Control
X-Node
Accept-CH-Lifetime
X-Ruxit-JS-Agent
Request-Id
Content-Location
Accept-CH
X-Response-Time
EagleEye-TraceId
X-Cache-Lookup
X-Akam-SW-Version
X-Origin-Cache
X-Ac
Allow
X-Readtime
Rating
X-HW
X-Mod-Pagespeed
X-Cloud-Trace-Context
X-Application-Context
X-Country
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
Edge-Control
Pinterest-Generated-By
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Vname
X-TtlSet
X-PC
X-MS-InvokeApp
X-Cnection
X-Country-Code
X-DataDome
X-Varnish-TTL
X-GitHub-Request-Id
X-CST
X-Content-Type
X-D2id
X-Clacks-Overhead
X-ASPNET-VERSION
X-Origin-Upstream-Status
X-Trace
X-Middleton-Display
Response
Display
X-Middleton-Response
Pagespeed
X-Sol
Pinterest-Version
X-Pinterest-Rid
X-Server-Name
Fusion-Deployment-Id
Fusion-Source
Fusion-Content-Source
Fusion-Content-Id
Fusion-Template-Id
Fusion-Component-Id
MS-Author-Via
X-FastCGI-Cache
X-Abt-Application-Version
X-Vcap-Request-Id
X-Navigation-Version
X-Px
X-Rack-Cache
Service-Worker-Allowed
X-TTL
Verso
X-B3-TraceId
X-ESI
X-Url
X-DynaTrace
X-Fastly-Request-ID
Arr-Disable-Session-Affinity
X-Client-IP
X-Element-Page-Cache
X-Cached
X-Cache-TTL
X-FTR-Request-ID
Cf-Bgj
X-Webkit-CSP
X-Dw-Request-Base-Id
X-SharePointHealthScore
SPRequestGuid
X-Powered-By-Plesk
X-VARITI-CCR
X-Kinja-Revision
X-Kinja-Build
X-Kinja
X-GoogleNews-Bot
X-Exp-Id
X-Exp-Variant
X-Cdn-Fetch
X-Goog-Hash
X-Kinja-Server
X-Use-Magma
X-Upstream
X-NF-Request-ID
Fastly-Restarts
AR-CACHE
AR-ATIME
AR-Request-ID
AR-PoweredBy
X-Debug
Ar-Sid
Content-MD5
X-MSEdge-Ref
X-Pinterest-Direct
X-Forwarded-Proto
X-Powered-CMS
X-Version
SPIisLatency
SPRequestDuration
X-Litespeed-Cache
X-XRDS-Location
Access-Control-Request-Method
X-T
X-Release
X-Amz-Rid
X-Jurisdiction
X-Content-Digest
S
X-Edge
TCN
RTSS
TP-L2-Cache
TP-Cache
Public-Key-Pins
Cache-Tag
X-Ezoic-Cdn
X-Cache-Key
Front-End-Https
X-Node-Name
X-Yandex-Sdch-Disable
X-MCACHE
X-Mid
Server-Node
X-Request-Processing-Time
X-Request-Received
Fastcgi-Cache
X-Ttl
X-Mg-S
X-Amz-Server-Side-Encryption
X-Recruiting
X-Amzn-Trace-Id
X-Accel-Expires
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Ser
X-Kinsta-Cache
X-HP-Webp
X-NWS-LOG-UUID
X-Grace
X-Microsite
X-Request-Handler-Origin-Region
X-PressLabs-Stats
Accept-Ch
X-Origin-Server
Accept-Charset
X-Varnish-Age
X-Logged-In
ServerID
X-DIS-Request-ID
X-Ratelimit-Remaining
MicrosoftSharePointTeamServices
X-Page-Id
X-Cache-Hit
Host
Nginx-Cache
Edge-Cache-Tag
X-Shield-Request-Id
X-ECACHE
X-Content-Security-Policy-Report-Only
X-Hits
X-B
X-Hostname
X-Mobile-URL
X-F-Cache
X-Server-ID
Cache-Tags
Powered-By-ChinaCache
X-LB-Cache
Realpath
X-Activity-Id
X-AppVersion
X-Az
X-Git-Hash
Cleartype
Alternate-Protocol
X-N
X-Ratelimit-Limit
X-Cached-By
X-Content-Options
X-Respond-Thread
X-Cache-Age
X-Type
X-URL
X-Upgrade-Enabled
DynaTrace
X-App-Environment
X-Jobs
X-Kong-Upstream-Latency
X-Load-Cache
X-Kong-Proxy-Latency
Paypal-Debug-Id
X-Request-Guid
X-Varnish-Backend
X-Rid
X-FTR-Cache-Status
X-FTR-Backend-Server
X-Country-Code-Real
X-FTR-Realm
X-FTR-DC
X-FTR-Backend
X-FTR-Balancer
X-Forwarded-For
X-Amz-Meta-S3cmd-Attrs
Fastcgi-Useragent
X-Seen-By
X-FTR-Expires
Access-Control-Allow-Method
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Proxy
X-WebKit-CSP-Report-Only
X-FireWall-Port
X-Zen-Fury
X-GUploader-UploadID
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Storage-Class
X-HS-Cache-Config
X-HS-Content-Id
X-Akamai-Edgescape
X-HS-Hub-Id
X-HS-Combine-CSS
X-FB-Debug
X-B3-Sampled
Filterid
X-Correlation-ID
Charset
X-Varnish-Grace
X-Daa-Tunnel
X-IPLB-Instance
X-VCache
X-Signature
X-B-Cache
DC
X-Host-Name
Healthy
X-AOL-HN
X-Debug-Info
X-Mobile
Filters
X-Whom
AMP-Access-Control-Allow-Source-Origin
X-Region
X-App-Server
MS-CV
X-User-Agent
X-Cache-Operation
Viewport
X-Geo-Country
X-Frontend
X-Cache-Rule
Payment
X-Accel-Buffering
Liferay-Portal
X-UUID
X-Distributor
X-Acc-Debug-Context
X-Instance
X-HTML-Minification-Powered-By
X-FW-Server
X-FW-Static
X-FW-Type
X-FW-Serve
X-Original-Request-Id
X-FW-Dynamic
X-FW-Hash
X-Cache-Time
Surrogate-Key
X-Response-Served-From
X-Cacheable-TTL
X-Tumblr-Pixel-1
Refresh
X-Tumblr-Pixel-0
X-Content-Powered-By
X-Tumblr-Pixel-2
X-Tumblr-Pixel
X-Rule
X-Tumblr-User
X-Protected-By
Accept-Ch-Lifetime
X-Amz-Replication-Status
S-Cnection
X-Via-JSL
Content-Disposition
X-Wix-Request-Id
X-Is-Bot
X-Rendered-As
X-Cache-Expired-At
Section-Io-Cache
X-Pinterest-Sli-Endpoint-Name
X-Pinterest-Sli-Latency-Threshold
X-Amz-Apigw-Id
X-Hyper-Cache
X-Amzn-RequestId
CACHE
X-Pinterest-Sli-Response-Type
Version
GEO-INFO
X-Id
X-Sucuri-ID
X-Cache-Action
X-Endurance-Cache-Level
Datacenter
X-Backend-Name
Nel
X-Ua
X-XRDS-LOCATION
X-Cache-Server
PB-RID
Server-Name
Arc-Version
PB-PID
Retry-After
X-Ah-Environment
X-Air-Hostname
X-Oneagent-Js-Injection
X-Tec-Api-Origin
X-Tec-Api-Version
Akamai-Age-Ms
X-Tec-Api-Root
X-Source
X-App-Version
X-Unique-Id
X-EdgeConnect-Cache-Status
Eomportal-Instance
X-Real-IP
X-L-Path
X-Environment-Context
X-RemovedCookies
X-Varnish-Server
X-ProcessESI
Referer-Policy
X-Yottaa-Optimizations
X-Sucuri-Cache
Frame-Options
X-Framework
NGB
X-Revision
X-Yottaa-Metrics
X-Drupal-Cache-Contexts
Ms-Operation-Id
X-RTag
X-Cache-Control
X-WA-Info
X-Esi
X-Azure-Ref
X-ES-SERVER
X-Cache-Var
X-RN-RSRV
Meta-Geo
X-Drupal-Cache-Tags
X-Proxy-Cache-Status
Webserver
X-Cache-Var-Map
Countrycode
X-Mode
X-GeoIP
X-CDN-Forward
X-Cache-Host
X-TIME
X-Correlation-Id
X-Cache-TTL-Remaining
X-Time-Microsecs
X-Xfnlog-Site
X-R9-Blue-Green-Version
X-NewRelic-App-Data
DB-Nickname
X-Qloud-Router
Cache-Tv-Group
X-OCL
X-LJ-Flow-ID
X-Loop
X-Origin-Hint
X-NYM-Debug-Backend
X-TNCMS
X-PHP-Host
X-ProxyCache-Status
X-ProxyCache-Key
X-Redis-Cache
X-Server-W
X-Labrador-Cache-Channel
X-Status
X-PCL
X-VWS-Id
X-FW-Version
TWC-Device-Class
TWC-GeoIP-Country
TWC-GeoIP-LatLong
TWC-Connection-Speed
Property-Id
Cross-Origin-Window-Policy
Ec-Rule-Version
Mn-Server-Ip
TWC-Locale-Group
TWC-Privacy
X-Cluster
X-Handled-By
X-Hosted-By
X-BYPASS-REASON
X-AWS-Id
Webcakes-App-Name
Webcakes-Region
X-Amzn-Remapped-Content-Length
X-Human
Webcakes-App-Version
X-Proto
X-No-Session
X-Locale
X-Proxy-Build
X-Routing-Service
X-ServerID
X-Section
X-Contextid
X-From
X-Access
Selected-Fe
X-Be
X-Detected-As
X-Format
X-FB-TRIP-ID
X-Site-Version
X-Proxied
X-Via-Fastly
X-Timing-Wait
X-Zipkin-Id
X-COUNTRY
X-DynaTrace-JS-Agent
X-Hl-Ver
Uber-Trace-Id
X-Cache-PHP
X-Debug-Cache
X-Adobe-Content
X-Adobe-Loc
X-Aspnet-Duration-Ms
X-Flags
X-Route-Name
X-PHP-Backend
X-Providence-Cookie
X-Is-Crawler
X-ATG-Version
FSS-Cache
X-AIR-PT
X-Device-Type
X-Generated-By
X-BCube-Filmed-By
X-TT
X-Ratelimit-Reset
X-NC
VIX-Pulpo-Upstream-Status
X-Tt-Trace-Tag
X-Tt-Trace-Host
VIX-Pulpo-Node
X-Varnish-Cache-Hits
Azure-RegionName
Azure-Version
Azure-SiteName
Azure-InstanceId
Azure-SlotName
X-Cache-Spec
Upgrade-Insecure-Requests
From-Origin
Access-Control-Request-Headers
X-LLID
X-ID
OT-Force-Account-Verify
X-NCache
X-CSRF-Token
Powered
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Origin
X-Oss-Request-Id
X-Oss-Server-Time
X-Oss-Storage-Class
X-Akamai-Transformed
X-GoCache-CacheStatus
X-Cache-2
CF-Cached-On
X-CCM
SD-X-WS
X-SaId
X-UPSTREAM-Address
X-Adobe-Source
X-JoinUs
X-Backend-TTL
X-APP-VERSION
X-Sorting-Hat-PodId
X-Storefront-Renderer-Rendered
X-Sorting-Hat-ShopId
X-Alternate-Cache-Key
Cache-Status
X-LAGOON
X-Shopify-Stage
X-Varnishpool
X-ShopId
X-ShardId
X-Cache-Grace
X-G
X-Forwarded-Host
X-ApacheServer
X-PERF
X-Soup
X-Page-View
X-Backend-Host
X-Fastcgi-Cache
X-B3-Traceid
Country
X-Pubstack
Cache
Fastly-SSL
Node
Decoy-Debug-TTL
X-Web-Node
Decoy-Debug-Key
Decoy-Debug-Status
X-Storage
X-SayCDN-TTL
X-Time
X-Say-Cacheable
X-Say-TTL
X-FTR-Cache-Host
X-IP
X-Cluster-Name
SRV
X-NWS-UUID-VERIFY
X-Cache-Enabled
X-ECache
X-IPS-LoggedIn
X-Tumblr-Pixel-3
X-Ruxit-Js-Agent
X-Viewer-Country
X-TA-CDN-Provider
X-TX-ID
Apple-News-Services-Host
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-PAYTM-SRV-ID
Meta-Geo-Continent
X-PBS-Appsvrname
Apple-News-Services-Request-Url
X-Trv-Group
Apple-News-Services-Parsed-Url
Mobile-Detection-Method
X-ScT
X-RCS-CacheZone
X-Rewrite-Enabled
DCR-Decision-By
DCR-Processing-Time-Ms
X-Request-UUID
Fastcgi-X-Cache-Version
X-Rojux
X-S
Apple-News-Services-Handled
Machine
X-Processor
Host-ID
X-Connection-Hash
MD5-Digest
X-D
X-Worker
Xc-Version
X-A-Wwc
X-Aed
X-VG-WebCache
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-Vtex-Remote-Cache
X-A-Dgt
X-A-Dcw
X-VG-WebServer
X-A
X-Vdms-Version
X-A-Ccd
X-Cache-NE
X-A-Dam
X-Vdms-Path
X-Varnish-Beresp-Ttl
X-Vtex-Processado-Em
Rendered-Blocks
X-ARC
X-EC-Lua
X-Cdn
X-Session-Fingerprint
CDN-RequestCountryCode
Fastly-SIE
CDN-RequestId
X-B3-Spanid
CDN-Cache
X-Cms-Context
X-Cache-Bucket
Platform
X-Via-CDN
CDN-CachedAt
CDN-EdgeStorageId
X-Platform-Server
X-Application
CDN-Uid
X-Destination
Adler-Geo
X-Auto-Login
X-Rebelmouse-Surrogate-Control
X-Generation-Time
X-Bc-Bl
X-WADP-Cache
X-DPWN-IS-SECURE
X-Clara-WADP
X-B-Cookie
X-Cache-Backend
CloudFront-Viewer-Country
X-Rebelmouse-Cache-Control
X-DefHash
X-Fmm-Version
X-Microcachable
X-External-Request-Id
Is-Eu
X-Servername
CDN-PullZone
X-Envoy-Decorator-Operation
X-Fastly-Cache
X-Core-Value
X-Varnish-CookieHashed-On
X-Varnish-CookieINHashed-On
X-Varnish-Remaining-TTL
X-CUA
X-Micro-Cache
X-Variation
X-GEO
X-Ms-Request-Id
X-DefElseHash
Fastly-SWR
X-Ms-Version
X-VG-TLSProxy
X-S-Cookie
X-Cache-Debug
Backend
X-Cache-Config
X-DC
X-Is-Gdpr
X-Level-Front-Cache
X-Owner
X-OVcl-Cache
X-Method
Wxu-Next-Region
Wxu-Next-Hostname
Wxu-Next-Commit
X-HN
X-HS-Content-Campaign-Id
X-Location
PFcat
Origin
X-LI-UUID
Rt-Fastcgi-Cache
Fastly-Drupal-HTML
Fastly-Backend-Name
X-Cache-Date
L
X-JWT-State
X-Backend-State
X-Li-Fabric
X-Bip
X-Cache-NGX
Gh-Request-Id
X-Branch-Name
NM-Fastcgi-Cache
X-Li-Pop
X-Clientip
X-Old-Content-Length
X-OVcl
X-Cache-Id
X-SN
X-Slack-Backend
X-Dispatcher-Server
X-Thanos
X-Skip-Cache
X-Generated-On
X-Core-Mission
X-Gamma-Serve
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-VarnishDD-TTL
X-CS
X-Developers
X-Webstats-RespID
X-Geo-Header
X-Varnish-Cacheable
X-Gzip
X-Fastly-Backend
X-Hash
AKAMAI
X-Request-Host
X-Esi-Check
Akamai-GRN
C-Via
X-Has-Esi
CacheControlHeader
X-UA
X-Twitter-Response-Tags
X-Eu-Site
Pagetype
X-Irp-Debug
X-CGP
X-EIG-Tracking-Id
X-Varnish-Ttl
X-Transaction
X-Policy
X-Platform
X-Csrf-Jwt
X-Cache-Tags
Ha-Gx-Prefs
X-Content-Age
HA-Ipaddr
L5d-Success-Class
X-Request-Start
X-Reqid
X-Hp-Webp
X-Wa
X-Render-Time
X-Minions-Version
X-Refresh
X-Mvc-Supplant-Cachable
X-PF-Uncompressing
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Presslabs-Stats
X-Ftr-Cache-Host
X-Aicache-OS
FSS-Proxy
Country-Code
X-Cache-Remote
X-Amz-Meta-Cb-Modifiedtime
X-Sql-Duration-Ms
X-Sql-Count
X-Accel-Expires-Debug
X-Via-Popn
XServer
X-Date
X-Via-Poph
Surrogated-Key
Hostname
UCS
X-Vgn-Hpd-Cached
X-Vgn-Hpd-Variations-Key
X-NODE
X-NGENIX-Cache
X-Up
X-FORWARDED-FOR
X-SRV
NGX
X-Req
X-Edge-Location
Group
X-Www-Served-By
X-Cdn-Srv
X-NU-AKA-ACS-Version
X-Mvc-Supplant-OutputCached
X-Cache-URL
Mail-Subject
We-Hiring
Time
X-LB-ID
X-RateLimit-Remaining
Ufe-Result
X-LI-Proto
X-Servedbyhost
Memcached
X-Nginx-Cache
X-FPC
Cache-Hits
X-Debug-Cache-Fetch
Now
X-Proxy-Upstream
X-Debug-Cache-Store
X-S-Maxage
X-Check-Cacheable
Protected
X-Via-Edge
Edge-Copy-Time
X-BC
X-ZONE
X-Via-SSL
X-Ua-Device
X-Varnish-Hostname
X-Dc
X-CSRF-TOKEN
X-CACHE-AGE
HostName
X-Agile
X-Svr
X-Agile-Age
ServedBy
GeoIp-Country-Code
X-Agile-Id
X-Request-Time
On-Server
Geoip-Latitude
X-VCL-Version
X-LiteSpeed-Cache-Control
X-Acc-Rdl
SID
T-Server
M-TraceId
X-Cluster-Node
X-Pass-Why
X-Dynatrace-Js-Agent
X-MP-GENERATED-AT
X-Via-Popv
X-UnsetCookies
Server-Host
X-Uri
Arc-Country
X-Datadome
X-Cs
ProcessTime
N-Cache
NtCoent-Length
Pics-Label
X-HS-Status
X-CF-Powered-By
X-APP
X-Cdn-Forward
Xserver
X-Bc
X-Varnish-Hits
Ohc-File-Size
X-Zone
X-NGINX-Cache
Cdn-Request-Time
Section-Origin-Responded
X-Srv
X-Erf-Stays-Bingo-Pdp-Web
Section-Io-Origin-Time-Seconds
Section-Io-Origin-Status
Section-Io-Id
Apigw-Requestid
Cdn-Host
VivaBuild
Magicmarker
WZWS-RAY
X-SB
X-Edge-Server
Viewtype
X-VC
X-Info
X-Via-Ucdn
X-RunCloud-Cache
X-TT-LOGID
X-Action
Memory
X-We-Are-Hiring
DSUID
Ohc-Cache-HIT
Srv
User-Agent
X-RPM
W
Cache-Name
X-RPS
Server-Info
X-DI
X-RSL
X-DB
Processtime
X-DSS
X-DW
CF-IPCountry
X-MSEdge-Flight
WebServer
WWW-Authenticate
X-MSEdge-Features
X-UA-Device-Type
X-Oss-Cdn-Auth
CountryCode
Odigeo-Trace-Id
LB
X-Origin-Date
Cteonnt-Length
S-Rt
CDN
X-Vgn-Hpd-Ssi
Sid
Tracecode
User-Cache-Control
X-Tb
X-HOST
X-SERVER-NAME
X-Newrelic-App-Data
Ssr
X-HITS
X-Geo
X-Hit
X-Pjax-Url
X-Unique-ID
X-Cache-Hfrom
X-Cache-Hm
Amp-Access-Control-Allow-Source-Origin
X-Vcl-Version
Geo-Info
X-Webkit-CSP-Report-Only
X-Origin-TTL
X-API-Version
Web-Mar-Node
X-VServer
Vix-Hermes-Req-Id
Thinkindot-Control
X-Origin-Time
True-Client-Country-4JS
V-Age
IsBot
X-Cc-Req-Id
X-Magnolia-Registration
X-Scheme
X-Cache-ASPX
Instruction
X-Cc-Via
CDCHOST
X-BBC-Edge-Cache-Status
X-BBXSRF
X-Origin-Expires
X-Matched-Rule
D-Cc-Upstream
Server-ID
Sever-Int
Locid
Server-Hostname
MIME-Version
Path
Server-Ext
X-Node-Id
X-Nyt-Route
X-Origin-CC
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
SR-User-Adfree
A
X-Akamai-Request-ID2
X-Nginx-Cache-Key
Lfy
X-FC-Vary-Parameters
X-Block-Status
X-Loc
X-Cache-Expires
X-Hnp-Log
X-SIPLIST1
X-Server-IP
X-SD-PageType
X-Gen-Mode
X-Newrelic-Synthetics
X-SRCache-Key
X-SVT-ORM-RULES
X-Goog-Meta-Goog-Reserved-File-Mtime
X-SVT-ORM-VERSION
X-Varnish-Authentication
X-Traceid
X-User
X-Response-By
X-Fastly-Country-Code
X-Contensis-Viewer-Groups
X-Gdpr
GeoIP-Latitude
X-Cache-Info
X-Request-URI
X-Varnish-Url
X-Thinkindot-L3
X-Developer
GeoIP-Country-Code
X-CACHE-KEY
Cache-Host
X-Envoy-Upstream-Healthchecked-Cluster
X-Var-Ttl
Pramga
Lb
X-Fetched-On
X-Generated-In
X-NodeID
X-Swa-Ws
X-Device-Os
X-Epic-Correlation-Id
X-Trace-Id
X-Cdn-Origin
X-Azure-Ref-OriginShield
X-Sn-Servicetimems
X-Cache-Tag
X-Provided-By
Accept-Language
Release
X-Via-NSCOPI
Cdn
X-GeoIP-City
X-Fpc
X-Nc
Actual-Object-TTL
X-ORACLE-APMCS-REQUEST-ID
Cf-Device-Type
FNAC-ModuleRouting
X-Amzn-Remapped-Date
X-Lb-Id
X-Li-Proto
X-StackifyID
Esi-Enabled
X-Instart-Request-ID
X-ServedByHost
X-Amzn-Remapped-Connection
Source
X-Men
X-Dynatrace
X-Vcache
Server-Ttl
Cache-Key
X-Sigma
X-Key
Kp-EeAlive
X-Rocket-Build-Number
X-Served-From
X-Sigma-Backend
X-Akamai-Pragma-Client-IP
X-TH-Server
X-Mobile-Rewrite
X-Origin-Response-Time
X-Via-PopV
X-Via-PopH
X-Request-URL
X-Parent-Response-Time
Expiry
Content-Script-Type
Content-Style-Type
X-Via-PopN
Cache-Provider
X-No-Cache
Origin-Cache-Control
Location
Url
Proxy-Firewall
X-RateLimit-Limit-Second
X-Tt-Logid
X-RateLimit-Remaining-Second
X-ServiceProvider
X-Dispatch
X-VC-Cache
X-Agile-Brick-Ok
X-Geo-Region
Req-Svc-Chain
Origin-Edge-Control
X-ElasticPress-Query
X-MiniProfiler-Ids
X-Yottaa-OS
X-WA
X-Vgn-Hpd-Reason
X-B3-SpanId
Inserted-Into-Cache-At
X-Instart-Info
X-Batcache
Tcn
X-HostName
X-B3-Parentspanid
X-Apw-Access-Action
X-Apw-Hits
Who
Powered-By
X-Varnish-Beresp-TTL
X-PJAX-URL
X-BBC-Origin-Response-Status
X-Apw-Access-Token
EpKe-Alive
X-RAMCache
URI
HitType
X-Proxy-Cachei7
Content-Secure-Policy
Xkeyi7
Cf-Alt-Svc
X-Apw-Access-Object
X-RateLimit-Limit
X-Selected-Name
X-Selected-Scheme
X-Selected-Host-Header
Vha6-Origin
NnCoection
X-Akamai-Request-ID
Resin-Trace
Pragrma
Fastcgi-Cache-TTL
X-Dw-Trace-Id
X-Pf-Uncompressing
X-LiteSpeed-Tag
Dnion-Transfer-Encoding
Mime-Version
Xet-Cookie
X-Snapshot-Date
X-C
PICS-Label