Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Pragma
Link
X-Powered-By
ETag
Expect-CT
X-XSS-Protection
CF-RAY
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-UA-Compatible
X-Amz-Cf-Id
P3P
X-Cache-Hits
X-Xss-Protection
Alt-Svc
X-Served-By
CF-Ray
X-Timer
X-Download-Options
X-Varnish
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Check
X-Adblock-Key
X-Request-ID
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-Generator
X-Cacheable
X-Kinja-Server-Push
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Iinfo
X-Content-Security-Policy
P3p
X-AspNetMvc-Version
Status
Content-Encoding
X-CDN
Upgrade
X-Envoy-Upstream-Service-Time
X-Drupal-Dynamic-Cache
Access-Control-Max-Age
Access-Control-Expose-Headers
Keep-Alive
X-Via
X-Ws-Request-Id
Feature-Policy
X-Age
X-Cache-Group
X-Backend
X-Server
X-Hacker
X-Amz-Request-Id
X-Robots-Tag
X-Amz-Id-2
X-AH-Environment
X-UA-Device
EagleId
Request-Context
X-Proxy-Cache
X-Template
X-Turbo-Charged-By
X-Language
X-Server-Powered-By
Server-Timing
X-Nginx-Cache-Status
Grace
Host-Header
X-Dns-Prefetch-Control
Report-To
X-Rq
X-Page-Speed
Xkey
X-OneAgent-JS-Injection
X-Varnish-Cache
X-Ua-Compatible
X-Pingback
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
Cf-Railgun
X-Buckets
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Amz-Version-Id
X-LiteSpeed-Cache
X-Vhost
X-WebKit-CSP
X-Host
X-Backend-Server
NEL
X-Server-Id
X-Dispatcher
X-Device
Surrogate-Control
X-Node
Accept-CH-Lifetime
X-Ruxit-JS-Agent
Request-Id
Content-Location
Accept-CH
X-Response-Time
EagleEye-TraceId
X-Cache-Lookup
X-Akam-SW-Version
X-Origin-Cache
X-Ac
Allow
X-Readtime
Rating
X-Mod-Pagespeed
X-HW
X-Cloud-Trace-Context
X-Application-Context
X-Country
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
Edge-Control
Pinterest-Generated-By
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Vname
X-TtlSet
X-PC
X-MS-InvokeApp
X-Cnection
X-Country-Code
X-DataDome
X-Varnish-TTL
X-Content-Type
X-GitHub-Request-Id
X-CST
X-D2id
X-Clacks-Overhead
X-ASPNET-VERSION
X-Origin-Upstream-Status
X-Trace
X-Middleton-Display
Response
Display
X-Middleton-Response
Pagespeed
X-Sol
Pinterest-Version
X-Pinterest-Rid
X-Server-Name
Fusion-Deployment-Id
Fusion-Source
Fusion-Content-Source
Fusion-Content-Id
Fusion-Template-Id
Fusion-Component-Id
MS-Author-Via
X-FastCGI-Cache
X-Vcap-Request-Id
X-Abt-Application-Version
X-Px
X-Navigation-Version
X-Rack-Cache
Service-Worker-Allowed
Verso
X-TTL
X-B3-TraceId
X-ESI
X-Url
X-DynaTrace
X-Fastly-Request-ID
Arr-Disable-Session-Affinity
X-Client-IP
X-Element-Page-Cache
X-Cached
X-Cache-TTL
X-FTR-Request-ID
Cf-Bgj
X-Webkit-CSP
X-Dw-Request-Base-Id
X-SharePointHealthScore
X-VARITI-CCR
SPRequestGuid
X-Powered-By-Plesk
X-Kinja-Build
X-Kinja-Revision
X-Kinja
X-GoogleNews-Bot
X-Exp-Id
X-Cdn-Fetch
X-Exp-Variant
X-Goog-Hash
X-Use-Magma
X-Kinja-Server
X-Upstream
X-NF-Request-ID
Fastly-Restarts
AR-CACHE
AR-Request-ID
AR-PoweredBy
AR-ATIME
X-Debug
Ar-Sid
Content-MD5
X-MSEdge-Ref
X-Forwarded-Proto
X-Pinterest-Direct
X-Powered-CMS
X-Litespeed-Cache
X-Version
SPIisLatency
SPRequestDuration
X-XRDS-Location
Access-Control-Request-Method
X-T
X-Release
X-Amz-Rid
X-Jurisdiction
S
X-Content-Digest
X-Edge
TCN
RTSS
TP-L2-Cache
TP-Cache
Public-Key-Pins
Cache-Tag
X-Ezoic-Cdn
X-Cache-Key
Front-End-Https
X-MCACHE
X-Node-Name
X-Mid
X-Yandex-Sdch-Disable
Server-Node
X-Request-Processing-Time
X-Request-Received
Fastcgi-Cache
X-Ttl
X-Mg-S
X-Amz-Server-Side-Encryption
X-Recruiting
X-Amzn-Trace-Id
X-Accel-Expires
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Ser
X-Kinsta-Cache
X-HP-Webp
X-NWS-LOG-UUID
X-Grace
X-Microsite
X-Request-Handler-Origin-Region
X-PressLabs-Stats
Accept-Ch
X-Origin-Server
Accept-Charset
X-Logged-In
X-Varnish-Age
ServerID
X-DIS-Request-ID
X-Ratelimit-Remaining
MicrosoftSharePointTeamServices
X-Page-Id
X-Cache-Hit
Host
Nginx-Cache
Edge-Cache-Tag
X-Shield-Request-Id
X-ECACHE
X-Content-Security-Policy-Report-Only
X-Hits
X-B
X-Hostname
X-Mobile-URL
X-F-Cache
X-Server-ID
Cache-Tags
Powered-By-ChinaCache
X-LB-Cache
Realpath
X-Activity-Id
X-AppVersion
X-Az
X-Git-Hash
Cleartype
Alternate-Protocol
X-N
X-Ratelimit-Limit
X-Cached-By
X-Content-Options
X-Respond-Thread
X-Cache-Age
X-Type
X-URL
X-Upgrade-Enabled
DynaTrace
X-App-Environment
X-Jobs
X-Kong-Upstream-Latency
X-Load-Cache
X-Kong-Proxy-Latency
X-Varnish-Backend
Paypal-Debug-Id
X-Rid
X-Request-Guid
X-FTR-Cache-Status
X-FTR-Backend-Server
X-Country-Code-Real
X-FTR-Realm
X-FTR-DC
X-FTR-Backend
X-FTR-Balancer
X-Forwarded-For
X-Amz-Meta-S3cmd-Attrs
Fastcgi-Useragent
X-Seen-By
X-FTR-Expires
Access-Control-Allow-Method
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-WebKit-CSP-Report-Only
X-Proxy
X-FireWall-Port
X-Zen-Fury
X-GUploader-UploadID
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Storage-Class
X-HS-Cache-Config
X-HS-Content-Id
X-Akamai-Edgescape
X-HS-Hub-Id
X-HS-Combine-CSS
X-FB-Debug
X-B3-Sampled
Filterid
X-Correlation-ID
Charset
X-Varnish-Grace
X-Daa-Tunnel
X-IPLB-Instance
X-B-Cache
X-Signature
X-VCache
X-AOL-HN
Healthy
DC
X-Debug-Info
Filters
X-Host-Name
X-Mobile
X-Whom
MS-CV
AMP-Access-Control-Allow-Source-Origin
X-Region
X-User-Agent
X-App-Server
X-Geo-Country
X-Cache-Operation
X-Frontend
Viewport
X-Cache-Rule
X-Original-Request-Id
Payment
X-Response-Served-From
X-Accel-Buffering
Liferay-Portal
X-Instance
X-Distributor
X-Acc-Debug-Context
X-UUID
X-HTML-Minification-Powered-By
X-FW-Type
X-Tumblr-Pixel
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-FW-Static
X-Content-Powered-By
X-FW-Dynamic
X-Rule
X-Cacheable-TTL
X-Cache-Time
Surrogate-Key
X-Tumblr-User
X-FW-Serve
X-FW-Hash
X-FW-Server
X-Tumblr-Pixel-0
Refresh
X-Protected-By
Accept-Ch-Lifetime
X-Amz-Replication-Status
X-Via-JSL
S-Cnection
X-Wix-Request-Id
Content-Disposition
X-Rendered-As
X-Is-Bot
X-Cache-Expired-At
Section-Io-Cache
X-Hyper-Cache
X-Pinterest-Sli-Endpoint-Name
X-Amzn-RequestId
CACHE
X-Pinterest-Sli-Response-Type
X-Amz-Apigw-Id
X-Pinterest-Sli-Latency-Threshold
GEO-INFO
X-Id
Version
X-Backend-Name
X-Cache-Action
X-Sucuri-ID
Datacenter
X-Endurance-Cache-Level
Nel
X-XRDS-LOCATION
X-Ua
X-Cache-Server
Server-Name
PB-RID
Arc-Version
PB-PID
Retry-After
X-Ah-Environment
X-Oneagent-Js-Injection
X-Tec-Api-Origin
X-Air-Hostname
X-Tec-Api-Root
X-Source
X-Tec-Api-Version
Akamai-Age-Ms
X-App-Version
X-Unique-Id
X-EdgeConnect-Cache-Status
X-Real-IP
Eomportal-Instance
Referer-Policy
X-Varnish-Server
X-Environment-Context
X-L-Path
X-RemovedCookies
X-ProcessESI
X-Framework
Frame-Options
X-Sucuri-Cache
NGB
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Revision
Ms-Operation-Id
X-Drupal-Cache-Contexts
X-RTag
X-Cache-Control
X-WA-Info
X-ES-SERVER
X-Esi
X-Azure-Ref
Webserver
X-Proxy-Cache-Status
Meta-Geo
X-RN-RSRV
X-Drupal-Cache-Tags
X-Cache-Var-Map
X-Cache-Var
Countrycode
X-Mode
X-GeoIP
X-CDN-Forward
X-Cache-TTL-Remaining
Cache-Tv-Group
X-TIME
X-Cache-Host
X-BYPASS-REASON
X-Correlation-Id
X-Time-Microsecs
X-ProxyCache-Key
X-ProxyCache-Status
X-Qloud-Router
X-R9-Blue-Green-Version
X-Xfnlog-Site
X-NewRelic-App-Data
DB-Nickname
X-VWS-Id
X-TNCMS
X-Origin-Hint
Property-Id
X-OCL
TWC-Connection-Speed
X-NYM-Debug-Backend
X-Status
X-PCL
Ec-Rule-Version
Cross-Origin-Window-Policy
X-PHP-Host
Mn-Server-Ip
X-Server-W
X-Redis-Cache
X-Loop
X-LJ-Flow-ID
TWC-Locale-Group
TWC-GeoIP-LatLong
TWC-GeoIP-Country
X-AWS-Id
X-Amzn-Remapped-Content-Length
TWC-Privacy
Webcakes-Region
X-Cluster
X-FW-Version
X-Human
X-Labrador-Cache-Channel
X-Hosted-By
X-Hl-Ver
TWC-Device-Class
X-Handled-By
Webcakes-App-Name
Webcakes-App-Version
X-Format
X-From
X-Locale
X-No-Session
X-FB-TRIP-ID
X-Detected-As
Selected-Fe
X-Access
X-Be
X-Proto
X-Proxied
X-Site-Version
X-Timing-Wait
X-Via-Fastly
X-ServerID
X-Section
X-Proxy-Build
X-COUNTRY
X-Routing-Service
X-Contextid
X-Zipkin-Id
X-DynaTrace-JS-Agent
Uber-Trace-Id
X-Aspnet-Duration-Ms
X-PHP-Backend
X-Providence-Cookie
X-Flags
X-Cache-PHP
X-Adobe-Content
X-Adobe-Loc
X-Debug-Cache
X-Route-Name
X-Is-Crawler
X-ATG-Version
X-Device-Type
X-Generated-By
FSS-Cache
X-AIR-PT
X-Ratelimit-Reset
X-TT
X-BCube-Filmed-By
X-NC
X-Tt-Trace-Tag
X-Tt-Trace-Host
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Varnish-Cache-Hits
Azure-InstanceId
Azure-SlotName
Azure-SiteName
Azure-Version
Upgrade-Insecure-Requests
Azure-RegionName
X-Cache-Spec
From-Origin
Access-Control-Request-Headers
X-ID
OT-Force-Account-Verify
X-LLID
X-CSRF-Token
X-NCache
X-Oss-Object-Type
X-Oss-Server-Time
X-Oss-Storage-Class
X-Oss-Hash-Crc64ecma
X-Oss-Request-Id
Powered
X-Origin
X-GoCache-CacheStatus
X-Akamai-Transformed
X-Cache-2
X-CCM
X-UPSTREAM-Address
X-JoinUs
CF-Cached-On
X-Adobe-Source
SD-X-WS
X-SaId
X-APP-VERSION
X-Backend-TTL
X-Sorting-Hat-PodId
X-Alternate-Cache-Key
X-Shopify-Stage
X-LAGOON
X-ShardId
X-ShopId
X-Sorting-Hat-ShopId
Cache-Status
X-Storefront-Renderer-Rendered
X-Varnishpool
X-PERF
Country
X-Fastcgi-Cache
X-Soup
X-Forwarded-Host
X-ApacheServer
X-Page-View
X-Cache-Grace
X-Pubstack
X-B3-Traceid
X-Backend-Host
Cache
X-G
X-Time
X-Say-Cacheable
X-SayCDN-TTL
X-Storage
X-Web-Node
X-Cluster-Name
Node
X-Say-TTL
Decoy-Debug-Key
Decoy-Debug-Status
Fastly-SSL
Decoy-Debug-TTL
X-FTR-Cache-Host
X-IP
SRV
X-Cache-Enabled
X-ECache
X-NWS-UUID-VERIFY
X-Tumblr-Pixel-3
X-TX-ID
X-TA-CDN-Provider
X-Ruxit-Js-Agent
X-IPS-LoggedIn
X-Viewer-Country
Apple-News-Services-Request-Url
X-CF-Lambda-Fn
X-Cache-NE
Apple-News-Services-Handled
Apple-News-Services-Host
X-S
X-CF-Lambda-Version
X-ScT
X-S-Cookie
Machine
X-Vdms-Version
X-Destination
MD5-Digest
X-D
X-Trv-Group
Rendered-Blocks
Meta-Geo-Continent
X-External-Request-Id
X-VG-WebServer
X-Vtex-Processado-Em
X-VG-WebCache
Mobile-Detection-Method
X-Vdms-Path
X-Connection-Hash
Apple-News-Services-Parsed-Url
X-Aed
X-A-Wwc
Fastcgi-X-Cache-Version
X-Vtex-Remote-Cache
DCR-Decision-By
X-Request-UUID
X-ARC
X-Application
X-A-Dgt
X-A-Dcw
X-RCS-CacheZone
Host-ID
X-Processor
X-A
X-A-Ccd
X-PAYTM-SRV-ID
X-PBS-Appsvrname
X-A-Dam
X-Rewrite-Enabled
DCR-Processing-Time-Ms
X-Varnish-Beresp-Ttl
X-Rojux
X-Varnish-Beresp-Grace
Xc-Version
X-B-Cookie
X-Worker
X-Varnish-Beresp-Status
X-Cdn
X-Cache-Config
X-EC-Lua
X-Varnish-CookieINHashed-On
X-Varnish-CookieHashed-On
Adler-Geo
X-Cache-Bucket
X-Variation
Is-Eu
CDN-Cache
CDN-CachedAt
CDN-PullZone
CDN-EdgeStorageId
Gh-Request-Id
X-WADP-Cache
X-Clara-WADP
X-VG-TLSProxy
CloudFront-Viewer-Country
CDN-RequestId
X-Auto-Login
CDN-Uid
X-Via-CDN
CDN-RequestCountryCode
X-Cache-Debug
X-B3-Spanid
X-Cms-Context
Fastly-SWR
Fastly-SIE
X-Varnish-Remaining-TTL
X-CUA
X-Cache-Backend
X-GEO
X-Fmm-Version
X-Fastly-Cache
X-Rebelmouse-Surrogate-Control
X-Servername
X-Bc-Bl
X-Micro-Cache
X-Session-Fingerprint
X-Microcachable
X-Ms-Request-Id
X-Ms-Version
X-Rebelmouse-Cache-Control
X-Generation-Time
X-DefHash
X-DefElseHash
X-Core-Value
Platform
X-Platform-Server
X-Envoy-Decorator-Operation
X-DPWN-IS-SECURE
Backend
X-DC
PFcat
Wxu-Next-Region
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-Backend-State
CacheControlHeader
X-Bip
X-Method
Wxu-Next-Hostname
L
Origin
Fastly-Drupal-HTML
Fastly-Backend-Name
C-Via
NM-Fastcgi-Cache
X-Webstats-RespID
X-CS
X-OVcl-Cache
X-Request-Host
X-Policy
X-Request-Start
X-Platform
X-Old-Content-Length
X-OVcl
X-Owner
X-Level-Front-Cache
X-Skip-Cache
X-Slack-Backend
X-SN
X-Generated-On
X-Clientip
X-Gzip
X-Geo-Header
X-Gamma-Serve
X-Thanos
X-VarnishDD-TTL
Wxu-Next-Commit
X-Varnish-Cacheable
X-Developers
X-Dispatcher-Server
X-Fastly-Backend
X-Esi-Check
X-Has-Esi
X-Hash
Akamai-GRN
AKAMAI
X-JWT-State
X-Core-Mission
X-Li-Fabric
X-Location
X-LI-UUID
X-Li-Pop
X-Cache-Date
X-Is-Gdpr
X-HN
Rt-Fastcgi-Cache
X-HS-Content-Campaign-Id
X-Cache-NGX
X-Cache-Id
X-Irp-Debug
X-Branch-Name
X-UA
X-Csrf-Jwt
Pagetype
X-Mvc-Supplant-Cachable
X-Reqid
X-Render-Time
X-Eu-Site
X-Transaction
X-CGP
X-Content-Age
X-Twitter-Response-Tags
X-Cache-Tags
L5d-Success-Class
HA-Ipaddr
X-EIG-Tracking-Id
X-Varnish-Ttl
Ha-Gx-Prefs
X-Hp-Webp
X-Minions-Version
X-Refresh
X-PF-Uncompressing
X-Wa
X-Presslabs-Stats
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Cache-Remote
Country-Code
FSS-Proxy
X-Aicache-OS
X-Amz-Meta-Cb-Modifiedtime
X-Ftr-Cache-Host
UCS
X-Sql-Duration-Ms
X-Sql-Count
X-Via-Popn
X-Accel-Expires-Debug
Hostname
XServer
Surrogated-Key
X-Date
X-Via-Poph
X-NGENIX-Cache
X-Vgn-Hpd-Variations-Key
X-FORWARDED-FOR
X-NODE
X-Vgn-Hpd-Cached
X-Up
X-Edge-Location
X-SRV
X-LB-ID
NGX
X-Req
X-Nginx-Cache
X-Mvc-Supplant-OutputCached
Memcached
X-LI-Proto
X-RateLimit-Remaining
X-Www-Served-By
Group
Ufe-Result
X-NU-AKA-ACS-Version
We-Hiring
Time
Mail-Subject
X-Cdn-Srv
X-Servedbyhost
X-Cache-URL
Now
Cache-Hits
X-Proxy-Upstream
X-S-Maxage
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-FPC
Protected
X-Check-Cacheable
X-Varnish-Hostname
X-BC
X-ZONE
X-Via-SSL
Edge-Copy-Time
X-Via-Edge
X-Ua-Device
HostName
X-CSRF-TOKEN
X-Dc
X-CACHE-AGE
X-Agile
X-Agile-Age
On-Server
X-Request-Time
X-Svr
ServedBy
Geoip-Latitude
X-Agile-Id
GeoIp-Country-Code
X-VCL-Version
X-Acc-Rdl
SID
X-LiteSpeed-Cache-Control
X-Cluster-Node
X-Pass-Why
T-Server
M-TraceId
X-Dynatrace-Js-Agent
X-Via-Popv
X-MP-GENERATED-AT
X-UnsetCookies
ProcessTime
X-Cdn-Forward
Pics-Label
X-HS-Status
Arc-Country
X-Cs
N-Cache
Server-Host
X-Datadome
NtCoent-Length
X-Uri
X-APP
X-CF-Powered-By
X-Bc
X-Zone
Ohc-File-Size
X-Varnish-Hits
X-NGINX-Cache
WZWS-RAY
Xserver
Apigw-Requestid
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
X-Erf-Stays-Bingo-Pdp-Web
Section-Io-Origin-Status
Section-Io-Id
Cdn-Host
VivaBuild
X-SB
Cdn-Request-Time
X-Edge-Server
X-VC
Magicmarker
Viewtype
X-Srv
X-RunCloud-Cache
X-Via-Ucdn
X-Info
X-We-Are-Hiring
Memory
X-Action
X-TT-LOGID
Ohc-Cache-HIT
DSUID
Srv
CountryCode
User-Agent
Server-Info
X-RPM
X-Oss-Cdn-Auth
X-RPS
CF-IPCountry
X-DB
WebServer
X-RSL
Processtime
X-DSS
X-MSEdge-Flight
X-MSEdge-Features
X-DI
WWW-Authenticate
X-UA-Device-Type
X-DW
Cache-Name
W
LB
Odigeo-Trace-Id
Sid
X-Vgn-Hpd-Ssi
Cteonnt-Length
X-Tb
S-Rt
X-Origin-Date
Tracecode
CDN
User-Cache-Control
X-Newrelic-App-Data
X-SERVER-NAME
X-HOST
Ssr
X-Hit
X-Geo
X-HITS
X-Pjax-Url
X-Cache-Hfrom
X-Vcl-Version
Geo-Info
X-Unique-ID
X-Magnolia-Registration
X-Cache-Hm
Lfy
Amp-Access-Control-Allow-Source-Origin
X-Webkit-CSP-Report-Only
X-Cache-ASPX
A
X-Block-Status
Server-ID
X-Cache-Expires
Server-Hostname
Server-Ext
X-API-Version
X-Cache-Info
MIME-Version
X-SIPLIST1
Web-Mar-Node
Path
X-Cc-Via
X-BBXSRF
True-Client-Country-4JS
X-Cc-Req-Id
IsBot
Thinkindot-Control
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
V-Age
D-Cc-Upstream
X-Scheme
Sever-Int
Locid
Instruction
Vix-Hermes-Req-Id
X-BBC-Edge-Cache-Status
SR-User-Adfree
X-Request-URI
X-Origin-CC
X-Response-By
X-SD-PageType
X-Matched-Rule
GeoIP-Country-Code
X-Loc
X-User
X-Origin-Time
X-Hnp-Log
X-Traceid
X-Nginx-Cache-Key
X-Node-Id
X-Server-IP
X-Nyt-Route
X-Newrelic-Synthetics
X-SRCache-Key
X-Akamai-Request-ID2
X-FC-Vary-Parameters
X-Thinkindot-L3
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Origin-Expires
GeoIP-Latitude
X-Origin-TTL
X-VServer
X-Gen-Mode
X-Gdpr
X-Contensis-Viewer-Groups
X-Developer
X-Varnish-Url
X-Fastly-Country-Code
X-Goog-Meta-Goog-Reserved-File-Mtime
CDCHOST
X-Varnish-Authentication
X-CACHE-KEY
X-Fetched-On
Pramga
Release
X-Epic-Correlation-Id
X-NodeID
Cache-Host
X-Azure-Ref-OriginShield
X-Device-Os
X-Cdn-Origin
X-Envoy-Upstream-Healthchecked-Cluster
Lb
X-GeoIP-City
X-Sn-Servicetimems
X-Generated-In
X-Trace-Id
X-Swa-Ws
X-Var-Ttl
X-Cache-Tag
X-Provided-By
X-Via-NSCOPI
X-Nc
X-Fpc
Cdn
Accept-Language
X-ORACLE-APMCS-REQUEST-ID
Actual-Object-TTL
Cf-Device-Type
FNAC-ModuleRouting
X-Amzn-Remapped-Connection
X-Lb-Id
X-Li-Proto
X-StackifyID
Esi-Enabled
X-Instart-Request-ID
X-ServedByHost
X-Amzn-Remapped-Date
X-Men
Source
X-Vcache
X-Dynatrace
Server-Ttl
Cache-Key
X-Origin-Response-Time
X-Sigma-Backend
X-Key
Kp-EeAlive
X-Rocket-Build-Number
X-Sigma
X-Served-From
X-Akamai-Pragma-Client-IP
X-TH-Server
X-Mobile-Rewrite
X-Via-PopN
X-Via-PopV
Content-Style-Type
Content-Script-Type
Expiry
X-Request-URL
X-Parent-Response-Time
X-Via-PopH
Cache-Provider
X-No-Cache
Location
Origin-Cache-Control
Url
Proxy-Firewall
X-RateLimit-Limit-Second
X-Tt-Logid
X-RateLimit-Remaining-Second
X-ServiceProvider
X-VC-Cache
X-Dispatch
X-Agile-Brick-Ok
X-Geo-Region
Req-Svc-Chain
Origin-Edge-Control
X-ElasticPress-Query
X-MiniProfiler-Ids
X-Yottaa-OS
X-WA
X-Vgn-Hpd-Reason
X-B3-SpanId
Inserted-Into-Cache-At
X-Instart-Info
X-Batcache
Tcn
X-Apw-Hits
X-B3-Parentspanid
X-HostName
X-Akamai-Request-ID
Who
X-RateLimit-Limit
X-BBC-Origin-Response-Status
Powered-By
X-Apw-Access-Action
X-PJAX-URL
X-Apw-Access-Token
EpKe-Alive
X-RAMCache
URI
HitType
X-Proxy-Cachei7
Content-Secure-Policy
Xkeyi7
Cf-Alt-Svc
X-Apw-Access-Object
X-Varnish-Beresp-TTL
X-Selected-Name
X-Selected-Scheme
X-Selected-Host-Header
Vha6-Origin
NnCoection
Resin-Trace
Pragrma
Fastcgi-Cache-TTL
X-Dw-Trace-Id
X-Pf-Uncompressing
X-LiteSpeed-Tag
Dnion-Transfer-Encoding
Mime-Version
Xet-Cookie
X-Snapshot-Date
X-C
PICS-Label