Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Pragma
X-Powered-By
ETag
Link
Expect-CT
X-XSS-Protection
Via
CF-RAY
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
Alt-Svc
X-Served-By
X-Xss-Protection
CF-Ray
X-Timer
X-Varnish
X-Download-Options
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
Content-Security-Policy-Report-Only
X-Request-ID
X-Drupal-Cache
X-Check
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-Generator
X-Cacheable
P3p
X-Kinja-Server-Push
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Iinfo
X-Content-Security-Policy
Status
X-AspNetMvc-Version
Content-Encoding
Upgrade
X-CDN
X-Drupal-Dynamic-Cache
X-Envoy-Upstream-Service-Time
Access-Control-Max-Age
Access-Control-Expose-Headers
Keep-Alive
X-Via
X-Template
X-Ws-Request-Id
X-Language
X-Dns-Prefetch-Control
Feature-Policy
X-Age
X-Backend
X-Cache-Group
X-Hacker
X-Server
X-Amz-Request-Id
X-Robots-Tag
X-Amz-Id-2
X-AH-Environment
EagleId
X-Proxy-Cache
X-UA-Device
Request-Context
X-Turbo-Charged-By
X-Server-Powered-By
Server-Timing
X-Nginx-Cache-Status
Host-Header
Grace
X-Buckets
Report-To
Xkey
X-Page-Speed
X-Rq
X-OneAgent-JS-Injection
X-Varnish-Cache
X-Pingback
X-Swift-SaveTime
X-Swift-CacheTime
X-LiteSpeed-Cache
Ali-Swift-Global-Savetime
Cf-Railgun
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Amz-Version-Id
X-Vhost
Cf-Bgj
X-WebKit-CSP
X-Host
X-Dispatcher
X-Backend-Server
NEL
X-Device
X-Node
Surrogate-Control
X-Ruxit-JS-Agent
X-Server-Id
X-Response-Time
Content-Location
X-Cache-Lookup
Request-Id
X-Origin-Cache
X-Akam-SW-Version
X-Ac
Accept-CH-Lifetime
EagleEye-TraceId
X-ASPNET-VERSION
X-Country
Accept-CH
X-Mod-Pagespeed
X-HW
Rating
X-Readtime
X-Cloud-Trace-Context
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-Application-Context
Pinterest-Generated-By
Allow
Edge-Control
X-Country-Code
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Vname
X-TtlSet
X-PC
X-DataDome
X-Url
X-Varnish-TTL
X-Cnection
X-Origin-Upstream-Status
X-MS-InvokeApp
X-GitHub-Request-Id
X-Content-Type
Fusion-Template-Id
Fusion-Content-Id
Fusion-Component-Id
Fusion-Deployment-Id
Fusion-Content-Source
Fusion-Source
X-D2id
X-Clacks-Overhead
X-Trace
X-Abt-Application-Version
Pagespeed
Display
Pinterest-Version
Response
X-Middleton-Response
X-Pinterest-Rid
X-Middleton-Display
X-Sol
X-Server-Name
X-ESI
X-Vcap-Request-Id
X-Px
X-Navigation-Version
X-FTR-Request-ID
X-Rack-Cache
X-B3-TraceId
Verso
X-DynaTrace
MS-Author-Via
Service-Worker-Allowed
X-Cached
X-Fastly-Request-ID
X-Element-Page-Cache
X-Webkit-CSP
X-Client-IP
Arr-Disable-Session-Affinity
X-Cache-TTL
X-TTL
Accept-Ch
X-Dw-Request-Base-Id
X-Powered-By-Plesk
X-CST
Content-MD5
X-Upstream
SPRequestGuid
X-SharePointHealthScore
AR-CACHE
AR-Request-ID
X-Version
AR-PoweredBy
AR-ATIME
Fastly-Restarts
Ar-Sid
X-NF-Request-ID
X-Forwarded-Proto
X-VARITI-CCR
X-Debug
X-Kinja
X-GoogleNews-Bot
X-Kinja-Build
X-Kinja-Revision
X-Use-Magma
X-Kinja-Server
X-Exp-Variant
X-Exp-Id
X-Cdn-Fetch
X-Goog-Hash
X-FastCGI-Cache
X-T
X-XRDS-Location
X-Jurisdiction
Access-Control-Request-Method
X-Powered-CMS
X-MSEdge-Ref
X-Release
TP-L2-Cache
TP-Cache
X-Content-Digest
SPRequestDuration
X-Edge
SPIisLatency
S
X-Amz-Rid
X-Pinterest-Direct
TCN
RTSS
X-Ttl
Cache-Tag
Public-Key-Pins
X-NWS-LOG-UUID
X-Ezoic-Cdn
X-Server-ID
X-Node-Name
Fastcgi-Cache
X-PressLabs-Stats
X-Yandex-Sdch-Disable
X-Request-Received
X-Request-Processing-Time
X-Mid
X-Cache-Key
X-MCACHE
Server-Node
Front-End-Https
X-Accel-Expires
Accept-Ch-Lifetime
X-Amzn-Trace-Id
X-Logged-In
X-Kinsta-Cache
X-Ratelimit-Remaining
X-Recruiting
X-Ser
X-Request-Handler-Origin-Region
X-Microsite
ServerID
X-Cache-Hit
Mrf-Cache-Status
X-B3-TraceId-Primal
MRF-Tech
X-SRCache-Store-Status
X-SRCache-Fetch-Status
Accept-Charset
X-Origin-Server
X-Page-Id
X-Mg-S
Host
X-Amz-Server-Side-Encryption
X-Grace
X-ECACHE
Alternate-Protocol
X-B
X-Content-Security-Policy-Report-Only
X-Varnish-Age
X-DIS-Request-ID
X-Mobile-URL
X-Hostname
X-Shield-Request-Id
Nginx-Cache
Edge-Cache-Tag
X-Ratelimit-Limit
X-Forwarded-For
X-HP-Webp
X-FTR-Balancer
X-FTR-Cache-Status
X-FTR-DC
X-FTR-Backend-Server
X-FTR-Backend
Realpath
X-Country-Code-Real
X-FTR-Realm
X-FTR-Expires
X-Hits
X-Content-Options
X-F-Cache
X-FireWall-Port
X-LB-Cache
X-Git-Hash
X-Seen-By
X-Load-Cache
Filterid
X-AppVersion
X-Az
X-Activity-Id
X-Jobs
MicrosoftSharePointTeamServices
X-Request-Guid
X-App-Environment
X-N
X-Type
Paypal-Debug-Id
Cache-Tags
Fastcgi-Useragent
X-Rid
X-Varnish-Backend
X-TEC-API-ROOT
X-TEC-API-VERSION
X-WebKit-CSP-Report-Only
X-TEC-API-ORIGIN
X-Varnish-Grace
Cleartype
X-Upgrade-Enabled
X-Zen-Fury
DynaTrace
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Daa-Tunnel
X-Proxy
Access-Control-Allow-Method
X-Cached-By
X-FB-Debug
X-Id
X-Cache-Age
X-Litespeed-Cache
Powered-By-ChinaCache
X-Akamai-Edgescape
X-Amz-Meta-S3cmd-Attrs
X-App-Server
DC
X-Geo-Country
X-HS-Content-Id
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-HS-Hub-Id
X-GUploader-UploadID
X-HS-Cache-Config
X-Respond-Thread
X-Cache-Rule
X-Cache-Operation
X-Host-Name
X-HS-Combine-CSS
X-B3-Sampled
X-Content-Powered-By
X-User-Agent
Content-Disposition
X-AOL-HN
X-IPLB-Instance
X-Signature
X-B-Cache
X-Accel-Buffering
X-Whom
X-Original-Request-Id
X-Correlation-ID
X-Response-Served-From
X-Debug-Info
Healthy
MS-CV
X-Region
X-Wix-Request-Id
AMP-Access-Control-Allow-Source-Origin
X-HTML-Minification-Powered-By
Payment
X-Frontend
X-Distributor
X-VCache
X-UUID
X-Rule
X-Cacheable-TTL
X-Mobile
Akamai-Age-Ms
X-FW-Type
X-FW-Server
X-FW-Hash
X-Is-Bot
X-FW-Dynamic
X-FW-Serve
X-FW-Static
X-Ua
X-Rendered-As
X-Instance
X-Endurance-Cache-Level
X-Cache-Time
X-Tumblr-User
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Tumblr-Pixel-2
Refresh
X-Tumblr-Pixel-1
Datacenter
Surrogate-Key
X-Amz-Apigw-Id
X-Amzn-RequestId
NGB
Filters
Charset
X-App-Version
X-Via-JSL
Countrycode
X-Fastcgi-Cache
Liferay-Portal
S-Cnection
Viewport
X-Protected-By
X-Acc-Debug-Context
PB-RID
PB-PID
Arc-Version
X-Backend-Name
X-Varnish-Server
X-XRDS-LOCATION
Nel
X-Hyper-Cache
X-Cache-Expired-At
X-Ah-Environment
X-Cache-Server
X-Tec-Api-Version
X-Amz-Replication-Status
X-Oneagent-Js-Injection
X-Tec-Api-Root
X-Tec-Api-Origin
Section-Io-Cache
X-Cache-Action
Retry-After
X-PHP-Backend
X-NewRelic-App-Data
X-Azure-Ref
X-Sucuri-ID
X-Source
Referer-Policy
X-EdgeConnect-Cache-Status
Version
X-WA-Info
X-Proxy-Cache-Status
X-Cache-Control
X-Correlation-Id
GEO-INFO
Eomportal-Instance
X-Real-IP
X-RemovedCookies
X-ProcessESI
X-Environment-Context
X-L-Path
X-Framework
X-Yottaa-Optimizations
X-Time
X-Yottaa-Metrics
X-Cache-Var-Map
X-Air-Hostname
Frame-Options
X-Cache-Var
Ms-Operation-Id
X-RN-RSRV
Meta-Geo
X-RTag
X-ES-SERVER
X-DynaTrace-JS-Agent
Server-Name
X-Mode
X-From
Powered
X-GeoIP
X-Revision
X-ProxyCache-Status
X-R9-Blue-Green-Version
X-Xfnlog-Site
X-Qloud-Router
X-ProxyCache-Key
X-BYPASS-REASON
X-Cache-Host
X-Cache-TTL-Remaining
X-VWS-Id
X-TNCMS
X-Cluster
X-LJ-Flow-ID
X-Human
X-Labrador-Cache-Channel
Cache-Tv-Group
X-Hosted-By
Cross-Origin-Window-Policy
X-Loop
X-OCL
X-PCL
Mn-Server-Ip
X-Time-Microsecs
DB-Nickname
Ec-Rule-Version
Uber-Trace-Id
X-PHP-Host
X-AWS-Id
X-FB-TRIP-ID
X-Proxy-Build
X-Proxied
X-Redis-Cache
X-Server-W
X-Zipkin-Id
X-Timing-Wait
X-Site-Version
X-Drupal-Cache-Contexts
X-Locale
X-Detected-As
Selected-Fe
X-Debug-Cache
X-FW-Version
X-Handled-By
X-Status
X-Hl-Ver
X-NYM-Debug-Backend
X-Routing-Service
X-CSRF-Token
X-Unique-Id
TWC-GeoIP-Country
TWC-Device-Class
TWC-GeoIP-LatLong
TWC-Locale-Group
X-Section
TWC-Privacy
X-Sucuri-Cache
X-Origin-Hint
X-Format
Property-Id
Webcakes-App-Name
TWC-Connection-Speed
X-ServerID
Webcakes-Region
Webcakes-App-Version
X-Access
X-Amzn-Remapped-Content-Length
X-Via-Fastly
X-Be
X-Ratelimit-Reset
X-Generated-By
X-Device-Type
X-BCube-Filmed-By
X-Proto
X-Hp-Webp
X-Cache-PHP
X-Ua-Device
X-No-Session
X-Contextid
X-Drupal-Cache-Tags
X-ATG-Version
Cache
FSS-Cache
X-JoinUs
Webserver
From-Origin
X-SaId
X-FTR-Cache-Host
X-Varnish-Cache-Hits
X-CDN-Forward
CACHE
X-Esi
X-Adobe-Content
X-Adobe-Loc
X-URL
CF-Cached-On
OT-Force-Account-Verify
X-NCache
X-AIR-PT
X-NWS-UUID-VERIFY
X-Origin
X-TT
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-Oss-Storage-Class
X-Oss-Server-Time
X-Oss-Request-Id
X-TA-CDN-Provider
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-GoCache-CacheStatus
X-Tt-Trace-Tag
X-NC
X-Tt-Trace-Host
X-Akamai-Transformed
Azure-InstanceId
Azure-RegionName
Azure-SiteName
Azure-SlotName
X-IPS-LoggedIn
Azure-Version
X-EIG-Tracking-Id
X-Cache-Enabled
X-EC-Lua
X-IP
X-Adobe-Source
SD-X-WS
Access-Control-Request-Headers
X-CCM
X-Bc-Bl
X-Cache-2
Upgrade-Insecure-Requests
X-TIME
X-Is-Crawler
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Route-Name
X-Storefront-Renderer-Rendered
X-Providence-Cookie
X-Alternate-Cache-Key
X-Flags
X-ShopId
X-Aspnet-Duration-Ms
X-Shopify-Stage
X-ShardId
X-ApacheServer
X-Cache-Grace
X-Soup
X-ECache
X-Tumblr-Pixel-3
X-Pubstack
X-Forwarded-Host
X-APP-VERSION
Node
X-PERF
X-Cache-Backend
X-Backend-Host
X-Say-Cacheable
X-Ruxit-Js-Agent
X-Cluster-Name
X-SayCDN-TTL
X-Varnishpool
X-Storage
Fastly-SSL
Decoy-Debug-Status
Decoy-Debug-Key
Cache-Status
X-Pinterest-Sli-Response-Type
Decoy-Debug-TTL
X-Pinterest-Sli-Latency-Threshold
X-Say-TTL
X-Web-Node
X-Viewer-Country
X-Pinterest-Sli-Endpoint-Name
X-Vtex-Processado-Em
X-ScT
X-Vtex-Remote-Cache
X-VG-WebServer
X-Worker
Xc-Version
X-VG-WebCache
X-Twitter-Response-Tags
X-Trv-Group
X-Transaction
X-Vdms-Version
X-Vdms-Path
X-Processor
X-A-Ccd
Apple-News-Services-Handled
X-A
X-A-Dam
X-A-Dcw
X-Application
X-Aed
X-A-Wwc
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
DCR-Decision-By
DCR-Processing-Time-Ms
Machine
MD5-Digest
Apple-News-Services-Request-Url
Rendered-Blocks
Mobile-Detection-Method
Meta-Geo-Continent
X-ARC
X-B-Cookie
Fastcgi-X-Cache-Version
Host-ID
X-PBS-Appsvrname
X-RCS-CacheZone
X-Request-UUID
X-S
X-Rojux
X-Rewrite-Enabled
X-PAYTM-SRV-ID
X-G
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-Cache-NE
X-Connection-Hash
X-D
X-External-Request-Id
X-Destination
X-S-Cookie
X-A-Dgt
X-Cdn
X-LAGOON
X-Vgn-Hpd-Variations-Key
X-Vgn-Hpd-Cached
X-TX-ID
X-Backend-TTL
X-Cache-Config
X-WADP-Cache
X-Clara-WADP
X-Cache-Bucket
Platform
X-DPWN-IS-SECURE
CDN-Cache
X-Fmm-Version
X-Fastly-Cache
X-VG-TLSProxy
Is-Eu
Adler-Geo
CDN-RequestCountryCode
CDN-PullZone
CDN-EdgeStorageId
CDN-CachedAt
CDN-RequestId
CDN-Uid
Fastly-SWR
Fastly-SIE
CloudFront-Viewer-Country
X-Generation-Time
X-Envoy-Decorator-Operation
X-Ms-Version
X-Servername
Country
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Micro-Cache
X-Variation
X-Ms-Request-Id
Backend
X-UPSTREAM-Address
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Ttl
X-Varnish-Beresp-Status
Wxu-Next-Region
Origin
NM-Fastcgi-Cache
X-Accel-Expires-Debug
X-Owner
Wxu-Next-Commit
Wxu-Next-Hostname
Surrogated-Key
Rt-Fastcgi-Cache
X-Platform-Server
X-Request-Host
X-Skip-Cache
X-Slack-Backend
X-SN
X-Thanos
X-Request-Start
Country-Code
X-Platform
X-Backend-State
Fastly-Drupal-HTML
L
X-Clientip
X-Microcachable
X-Gzip
X-Minions-Version
X-Fastly-Backend
X-Esi-Check
X-Hash
X-HS-Content-Campaign-Id
X-LI-UUID
X-Li-Pop
X-Li-Fabric
X-Irp-Debug
X-Varnish-Cacheable
X-Dispatcher-Server
X-Method
X-Cms-Context
X-Cache-NGX
X-Cache-Id
X-Old-Content-Length
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-Date
X-Core-Value
X-Core-Mission
X-Webstats-RespID
X-Bip
X-Policy
Akamai-GRN
C-Via
Time
X-UA
X-CS
X-NGENIX-Cache
X-Varnish-CookieHashed-On
X-Render-Time
X-JWT-State
X-DefHash
X-Amz-Meta-Cb-Modifiedtime
L5d-Success-Class
X-OVcl-Cache
X-Developers
X-Varnish-CookieINHashed-On
X-DefElseHash
X-Is-Gdpr
CacheControlHeader
X-Csrf-Jwt
X-CUA
X-VarnishDD-TTL
X-Content-Age
PFcat
X-Eu-Site
X-Cache-Tags
X-Up
X-CGP
X-Varnish-Remaining-TTL
X-Mvc-Supplant-Cachable
X-Gamma-Serve
Fastly-Backend-Name
X-Generated-On
X-Varnish-Ttl
X-HN
X-Has-Esi
X-Cache-Date
X-Level-Front-Cache
X-Reqid
X-OVcl
X-Auto-Login
Ha-Gx-Prefs
HA-Ipaddr
X-Req
Gh-Request-Id
AKAMAI
Now
X-DC
UCS
X-Cdn-Srv
Ufe-Result
X-Cache-URL
X-Aicache-OS
We-Hiring
X-Wa
Mail-Subject
Memcached
X-Edge-Location
Group
X-Location
X-Geo-Header
Pagetype
X-CACHE-AGE
X-Branch-Name
X-Cache-Debug
X-Session-Fingerprint
FSS-Proxy
X-Proxy-Upstream
X-LB-ID
X-Page-View
X-Refresh
X-PF-Uncompressing
X-Via-Popn
X-Via-Poph
X-NODE
HostName
X-GEO
SRV
X-Agile
X-Agile-Age
X-Agile-Id
X-BC
X-ZONE
X-Ftr-Cache-Host
X-LI-Proto
X-Mvc-Supplant-OutputCached
X-Servedbyhost
NGX
X-B3-Traceid
X-RateLimit-Remaining
X-B3-Spanid
M-TraceId
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-Via-CDN
X-Nginx-Cache
Xserver
X-Datadome
X-Cdn-Forward
X-Dc
Hostname
X-Instart-Request-ID
X-Request-Time
X-Varnish-Hostname
Arc-Country
X-Check-Cacheable
X-Sql-Count
X-Sql-Duration-Ms
X-SERVER
X-LLID
Cdn-Request-Time
X-NU-AKA-ACS-Version
Cdn-Host
Viewtype
VivaBuild
X-SRV
X-VCL-Version
X-Edge-Server
X-SERVER-NAME
X-Cluster-Node
X-Bc
X-Via-Ucdn
X-Cache-Remote
X-Zone
X-RunCloud-Cache
X-FPC
Srv
X-COUNTRY
X-LiteSpeed-Cache-Control
X-Via-SSL
X-Action
WebServer
X-APP
X-CF-Powered-By
Edge-Copy-Time
X-Via-Edge
X-Via-Popv
X-Www-Served-By
Memory
X-UnsetCookies
X-FORWARDED-FOR
X-DW
X-DI
NtCoent-Length
X-RPM
X-RPS
X-DB
X-S-Maxage
X-Dynatrace-Js-Agent
X-ID
X-Vgn-Hpd-Ssi
ProcessTime
X-Svr
X-RSL
WWW-Authenticate
X-DSS
Cache-Hits
X-HS-Status
X-Cs
X-MP-GENERATED-AT
ServedBy
X-NGINX-Cache
SID
On-Server
Apigw-Requestid
XServer
X-ORACLE-APMCS-REQUEST-ID
X-CSRF-TOKEN
Geoip-Latitude
X-Oss-Cdn-Auth
X-Presslabs-Stats
Actual-Object-TTL
X-Srv
X-Unique-ID
GeoIp-Country-Code
X-Vcache
X-Geo
GeoIP-Latitude
T-Server
GeoIP-Country-Code
X-We-Are-Hiring
Server-Info
User-Agent
X-Hit
Ohc-File-Size
Geo-Info
X-Pass-Why
W
Processtime
Sid
X-Akamai-Request-ID2
Amp-Access-Control-Allow-Source-Origin
LB
X-MSEdge-Flight
Server-Host
S-Rt
X-MSEdge-Features
X-Erf-Stays-Bingo-Pdp-Web
Pics-Label
N-Cache
X-Epic-Correlation-Id
X-Tb
X-Nc
X-Varnish-Hits
X-HOST
X-VC
X-SB
WZWS-RAY
Magicmarker
CF-IPCountry
X-Envoy-Upstream-Healthchecked-Cluster
Cdn
Protected
X-Fpc
X-HITS
X-FC-Vary-Parameters
X-Vcl-Version
X-Erf-Bev-Bev-Is-Generated
X-Uri
X-Info
Accept-Language
X-Cache-Hfrom
X-Mobile-Rewrite
X-Cache-Hm
X-Pjax-Url
X-Erf-Bev-Bev
X-Webkit-CSP-Report-Only
Ohc-Cache-HIT
CDN
X-Newrelic-Synthetics
X-Key
X-Fastly-Country-Code
Cteonnt-Length
Esi-Enabled
A
X-Acc-Rdl
X-CACHE-KEY
User-Cache-Control
Lb
Tracecode
Origin-Edge-Control
X-B3-SpanId
Origin-Cache-Control
X-Newrelic-App-Data
X-TT-LOGID
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
Section-Io-Origin-Status
DSUID
Section-Io-Id
Odigeo-Trace-Id
X-Provided-By
X-Instart-Info
X-Via-NSCOPI
Cache-Name
X-Dispatch
Ssr
X-Amzn-Remapped-Date
X-Amzn-Remapped-Connection
Proxy-Firewall
X-UA-Device-Type
X-Magnolia-Registration
X-ServedByHost
Lfy
X-Li-Proto
X-Origin-Date
X-StackifyID
Powered-By
X-Geo-Region
X-Cache-Tag
X-Dynatrace
SR-User-Adfree
Server-ID
Server-Hostname
Thinkindot-CacheControl
Sever-Int
Thinkindot-Control
Web-Mar-Node
Vix-Hermes-Req-Id
V-Age
True-Client-Country-4JS
Thinkindot-CacheControl-Type
Release
X-Scheme
X-Thinkindot-L3
X-Cc-Via
X-Cc-Req-Id
D-Cc-Upstream
CDCHOST
FNAC-ModuleRouting
MIME-Version
Path
Locid
IsBot
Instruction
Server-Ext
X-BBXSRF
X-Origin-TTL
X-Request-URI
X-Origin-Time
X-Origin-Expires
X-Nyt-Route
X-Origin-CC
X-Response-By
X-Rocket-Build-Number
X-Sigma-Backend
X-SIPLIST1
X-Sigma
X-Server-IP
X-SD-PageType
X-Node-Id
X-Nginx-Cache-Key
X-Cache-Info
X-Developer
X-Cache-Expires
X-Block-Status
X-BBC-Edge-Cache-Status
X-Gdpr
X-Gen-Mode
X-Loc
X-Matched-Rule
X-Hnp-Log
X-Goog-Meta-Goog-Reserved-File-Mtime
X-GeoIP-City
X-API-Version
X-Men
X-RAMCache
Cache-Key
HitType
X-SVT-ORM-RULES
X-VServer
X-Served-From
Server-Ttl
X-TH-Server
X-Varnish-Url
X-Akamai-Pragma-Client-IP
X-Traceid
X-SVT-ORM-VERSION
X-User
X-SRCache-Key
X-Sn-Servicetimems
X-Cache-ASPX
X-Cdn-Origin
X-Trace-Id
X-Lb-Id
X-Contensis-Viewer-Groups
X-Azure-Ref-OriginShield
Fastcgi-Cache-TTL
X-Fetched-On
X-Via-PopH
X-Via-PopV
X-Via-PopN
X-NodeID
Cache-Provider
X-Parent-Response-Time
X-Generated-In
X-Device-Os
BehaviorPad-Version
Cache-Host
X-TrackingId
X-Swa-Ws
Kp-EeAlive
Pramga
X-Var-Ttl
X-Varnish-Authentication
X-Cache-Spec
X-Generated
X-No-Cache
CountryCode
X-ServiceProvider
X-LiteSpeed-Tag
Req-Svc-Chain
X-Tt-Logid
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Batcache
X-App
Xet-Cookie
X-ElasticPress-Query
X-Agile-Brick-Ok
X-VC-Cache
X-WA
Tcn
Source
X-Varnish-Beresp-TTL
Cf-Device-Type
X-RateLimit-Limit
X-HostName
Who
Dnion-Transfer-Encoding
X-Planisys-CDN-Cache
X-B3-Parentspanid
X-Yottaa-OS
X-PJAX-URL
Inserted-Into-Cache-At
X-Planisys-CDN-TTL
Cf-Alt-Svc
X-Pf-Uncompressing
X-Planisys-CDN-Rules
X-Selected-Name
X-Path-Route
X-Selected-Host-Header
X-Selected-Scheme
X-BBC-Origin-Response-Status
X-BACKEND-TTL
X-C
Mime-Version
Pragrma
X-MiniProfiler-Ids
X-Dw-Trace-Id
X-Proxy-Cachei7
Vha6-Origin
PICS-Label
X-Vgn-Hpd-Reason
X-Request-URL
X-Snapshot-Date
X-Apw-Hits
X-Apw-Access-Token
X-Apw-Access-Action
X-Apw-Access-Object
Resin-Trace