Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Pragma
X-Powered-By
ETag
Link
Expect-CT
X-XSS-Protection
Via
Age
CF-RAY
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-Xss-Protection
Alt-Svc
X-Served-By
CF-Ray
X-Timer
X-Varnish
X-Download-Options
Access-Control-Allow-Methods
Access-Control-Allow-Headers
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Adblock-Key
X-Check
X-Permitted-Cross-Domain-Policies
X-Request-ID
X-Cache-Status
X-Generator
P3p
X-Cacheable
X-DNS-Prefetch-Control
X-Kinja-Server-Push
Timing-Allow-Origin
X-Iinfo
X-Content-Security-Policy
Status
X-AspNetMvc-Version
Upgrade
X-Template
Content-Encoding
X-Language
X-CDN
Access-Control-Max-Age
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
X-Envoy-Upstream-Service-Time
Keep-Alive
X-Via
X-Ws-Request-Id
X-Buckets
X-Age
Feature-Policy
X-Backend
X-AH-Environment
X-UA-Device
X-Hacker
X-Robots-Tag
X-Cache-Group
EagleId
X-Server
X-Amz-Request-Id
X-Amz-Id-2
X-Proxy-Cache
X-Turbo-Charged-By
X-Server-Powered-By
Request-Context
Server-Timing
Host-Header
X-Nginx-Cache-Status
Grace
Xkey
X-Dns-Prefetch-Control
Report-To
X-Page-Speed
X-Rq
Cf-Bgj
X-LiteSpeed-Cache
X-Varnish-Cache
X-OneAgent-JS-Injection
X-Pingback
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
Cf-Railgun
X-WebKit-CSP
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Amz-Version-Id
X-Vhost
NEL
X-Dispatcher
X-Host
X-Backend-Server
X-Device
X-Node
Surrogate-Control
X-Cache-Lookup
X-Origin-Cache
X-Response-Time
X-Ruxit-JS-Agent
Content-Location
X-Akam-SW-Version
Request-Id
X-ASPNET-VERSION
X-Ac
X-Server-Id
Akamai-Age-Ms
X-Country
X-Mod-Pagespeed
X-HW
Rating
EagleEye-TraceId
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-Readtime
Accept-CH
X-Cloud-Trace-Context
Accept-CH-Lifetime
Pinterest-Generated-By
X-Application-Context
X-Origin-Upstream-Status
X-DataDome
Edge-Control
X-Country-Code
X-Vname
X-Url
X-TtlSet
X-PC
Fusion-Content-Id
Fusion-Content-Source
Fusion-Source
Fusion-Template-Id
Fusion-Component-Id
Fusion-Deployment-Id
X-Varnish-TTL
X-Cnection
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-D2id
X-GitHub-Request-Id
X-Server-Name
X-MS-InvokeApp
X-Clacks-Overhead
X-ESI
X-Content-Type
X-Navigation-Version
X-FTR-Request-ID
X-Abt-Application-Version
Verso
X-Vcap-Request-Id
Accept-Ch
X-Trace
X-Px
X-Pinterest-Rid
Pinterest-Version
Allow
X-Middleton-Response
X-Sol
Display
Pagespeed
Response
X-Middleton-Display
X-Cached
X-Element-Page-Cache
X-Rack-Cache
X-DynaTrace
X-Fastly-Request-ID
Service-Worker-Allowed
X-B3-TraceId
Accept-Ch-Lifetime
X-Server-ID
X-Client-IP
X-Cache-TTL
X-Powered-By-Plesk
X-Version
MS-Author-Via
Arr-Disable-Session-Affinity
X-TTL
X-Forwarded-Proto
X-T
X-Upstream
X-NF-Request-ID
X-Debug
Content-MD5
Fastly-Restarts
X-SharePointHealthScore
X-Dw-Request-Base-Id
SPRequestGuid
AR-CACHE
AR-ATIME
AR-Request-ID
AR-PoweredBy
Ar-Sid
X-VARITI-CCR
X-Jurisdiction
X-Cdn-Fetch
X-Exp-Variant
X-GoogleNews-Bot
X-Exp-Id
X-Kinja-Server
X-Use-Magma
X-Kinja
X-Kinja-Revision
X-Kinja-Build
X-Goog-Hash
Access-Control-Request-Method
X-Powered-CMS
X-Content-Digest
TP-L2-Cache
TP-Cache
X-PressLabs-Stats
X-XRDS-Location
X-NWS-LOG-UUID
X-Release
X-Edge
X-MSEdge-Ref
RTSS
X-Ttl
X-Amz-Rid
SPIisLatency
SPRequestDuration
Public-Key-Pins
Cache-Tag
TCN
Fastcgi-Cache
X-Request-Received
X-Request-Processing-Time
S
X-Yandex-Sdch-Disable
X-FastCGI-Cache
X-Accel-Expires
X-Cache-Hit
X-MCACHE
X-Mid
X-Ezoic-Cdn
ServerID
Server-Node
X-Logged-In
X-Amzn-Trace-Id
X-Cache-Key
X-Node-Name
X-ECACHE
X-Ratelimit-Remaining
Alternate-Protocol
Front-End-Https
X-Request-Handler-Origin-Region
X-Microsite
X-Pinterest-Direct
X-Ser
X-Recruiting
X-Webkit-CSP
X-Origin-Server
X-Page-Id
X-Kinsta-Cache
X-B
X-Mobile-URL
Host
Accept-Charset
X-Ratelimit-Limit
Realpath
X-Hostname
X-FTR-Backend-Server
X-FTR-Expires
X-FireWall-Port
X-FTR-DC
X-FTR-Balancer
X-FTR-Cache-Status
X-FTR-Backend
X-FTR-Realm
X-Country-Code-Real
X-SRCache-Store-Status
X-Content-Security-Policy-Report-Only
X-SRCache-Fetch-Status
Nginx-Cache
Filterid
X-Seen-By
X-Forwarded-For
X-Load-Cache
X-Jobs
X-B3-TraceId-Primal
X-Varnish-Age
Mrf-Cache-Status
MRF-Tech
X-Id
X-CST
X-Content-Options
X-DIS-Request-ID
X-Shield-Request-Id
X-Az
X-Daa-Tunnel
X-AppVersion
X-Activity-Id
X-Correlation-ID
Paypal-Debug-Id
X-Zen-Fury
X-Type
X-App-Environment
X-F-Cache
X-LB-Cache
Edge-Cache-Tag
X-Rid
X-Git-Hash
X-Varnish-Backend
X-N
X-Varnish-Grace
X-Grace
X-Request-Guid
X-Amz-Server-Side-Encryption
X-FB-Debug
X-Hits
X-App-Server
Fastcgi-Useragent
X-Proxy
AMP-Access-Control-Allow-Source-Origin
X-Cdn
DC
X-Akamai-Edgescape
X-WebKit-CSP-Report-Only
Content-Disposition
X-Hp-Webp
X-Endurance-Cache-Level
Cache-Tags
X-Content-Powered-By
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
DynaTrace
X-Cache-Operation
X-Cache-Rule
Access-Control-Allow-Method
X-Upgrade-Enabled
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Mg-S
X-Geo-Country
X-VCache
Cleartype
X-Wix-Request-Id
MicrosoftSharePointTeamServices
X-Cached-By
X-XRDS-LOCATION
X-Accel-Buffering
Refresh
X-Response-Served-From
X-Amz-Meta-S3cmd-Attrs
Powered
X-Original-Request-Id
X-IPLB-Instance
X-B3-Sampled
MS-CV
X-Amzn-RequestId
X-Amz-Apigw-Id
X-User-Agent
X-HS-Hub-Id
X-AOL-HN
X-HS-Content-Id
X-HS-Cache-Config
X-HS-Combine-CSS
X-Fastcgi-Cache
NGB
X-B-Cache
Payment
Healthy
X-Tumblr-Pixel
X-Tumblr-User
X-Tumblr-Pixel-0
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Storage-Class
X-GUploader-UploadID
X-Goog-Stored-Content-Encoding
X-Region
X-Rule
X-Signature
X-Goog-Stored-Content-Length
X-Whom
X-FW-Hash
X-Tumblr-Pixel-1
X-FW-Serve
X-FW-Dynamic
X-Distributor
X-Host-Name
X-HTML-Minification-Powered-By
X-FW-Type
X-FW-Static
X-FW-Server
X-Cache-Time
X-UUID
X-Tumblr-Pixel-2
X-Instance
X-Is-Bot
Datacenter
X-Cacheable-TTL
X-Rendered-As
X-Frontend
Arc-Version
PB-PID
PB-RID
Countrycode
X-Varnish-Server
X-Mobile
X-Debug-Info
Surrogate-Key
X-Cache-Age
X-Ua
X-HP-Webp
X-DynaTrace-JS-Agent
X-PHP-Backend
X-Tec-Api-Origin
X-Tec-Api-Root
X-Oneagent-Js-Injection
X-Tec-Api-Version
X-NewRelic-App-Data
X-Azure-Ref
X-Backend-Name
X-Via-JSL
X-Cache-Server
S-Cnection
Cache
X-FTR-Cache-Host
X-App-Version
X-WA-Info
Powered-By-ChinaCache
X-Protected-By
X-Hyper-Cache
Referer-Policy
X-Cache-Control
Webserver
X-Respond-Thread
Filters
Retry-After
From-Origin
Charset
Liferay-Portal
Viewport
X-Time
X-EdgeConnect-Cache-Status
X-Cache-Expired-At
X-Proxy-Cache-Status
X-RemovedCookies
X-ProcessESI
X-Cache-Var-Map
X-Cache-Action
X-ES-SERVER
Eomportal-Instance
X-GeoIP
X-FB-TRIP-ID
Section-Io-Cache
X-Source
X-Cache-Var
X-R9-Blue-Green-Version
Meta-Geo
X-Mode
X-RN-RSRV
X-Revision
X-Debug-Cache
X-Qloud-Router
X-Framework
X-From
X-Sucuri-ID
X-Device-Type
X-Server-W
X-RTag
X-Amz-Replication-Status
X-Ruxit-Js-Agent
Ms-Operation-Id
Property-Id
X-Locale
X-PCL
X-Time-Microsecs
X-Origin-Hint
X-ProxyCache-Key
Mn-Server-Ip
DB-Nickname
X-VWS-Id
X-Ratelimit-Reset
X-ProxyCache-Status
X-Site-Version
TWC-Connection-Speed
X-OCL
Webcakes-Region
Webcakes-App-Version
Webcakes-App-Name
X-LJ-Flow-ID
X-BYPASS-REASON
X-Via-Fastly
X-AWS-Id
TWC-Privacy
X-Environment-Context
TWC-GeoIP-Country
TWC-Device-Class
X-L-Path
TWC-GeoIP-LatLong
TWC-Locale-Group
X-Amzn-Remapped-Content-Length
X-ServerID
X-FW-Version
X-Handled-By
X-Proxied
X-Status
Selected-Fe
X-Hl-Ver
X-Proxy-Build
X-Cache-Host
X-Routing-Service
Cross-Origin-Window-Policy
X-Acc-Debug-Context
Cache-Tv-Group
X-Timing-Wait
X-CSRF-Token
X-Zipkin-Id
X-Real-IP
X-Be
X-Xfnlog-Site
X-Human
X-Redis-Cache
X-PHP-Host
X-Section
X-SaId
X-NYM-Debug-Backend
X-Labrador-Cache-Channel
X-Cluster
X-Access
X-JoinUs
X-Varnish-Cache-Hits
X-Yottaa-Optimizations
X-Hosted-By
X-Format
X-Yottaa-Metrics
X-Proto
Uber-Trace-Id
X-Generated-By
X-Loop
X-TNCMS
X-TA-CDN-Provider
Ec-Rule-Version
X-Detected-As
X-BCube-Filmed-By
X-NWS-UUID-VERIFY
CF-Cached-On
Frame-Options
X-Origin
X-Cache-TTL-Remaining
Server-Name
X-ATG-Version
X-No-Session
X-NCache
Version
X-Cache-PHP
X-Contextid
X-URL
FSS-Cache
X-EIG-Tracking-Id
X-Instart-Request-ID
X-Sucuri-Cache
X-Air-Hostname
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Drupal-Cache-Contexts
X-Drupal-Cache-Tags
X-IPS-LoggedIn
X-EC-Lua
X-Vgn-Hpd-Variations-Key
X-Vgn-Hpd-Cached
X-Cache-Enabled
GEO-INFO
Now
X-IP
X-Unique-Id
X-Tumblr-Pixel-3
X-CACHE-AGE
X-Bc-Bl
X-Akamai-Transformed
Time
X-Litespeed-Cache
X-TIME
X-TT
X-Backend-Host
X-Cache-Backend
X-Esi
X-APP-VERSION
Node
OT-Force-Account-Verify
Azure-Version
Azure-RegionName
Azure-InstanceId
Azure-SiteName
Azure-SlotName
X-RCS-CacheZone
X-GoCache-CacheStatus
X-Adobe-Loc
X-Adobe-Content
Access-Control-Request-Headers
X-NGENIX-Cache
X-UA
VIX-Pulpo-Node
X-Cache-NE
VIX-Pulpo-Upstream-Status
X-Oss-Server-Time
X-Oss-Storage-Class
X-Oss-Request-Id
X-Oss-Hash-Crc64ecma
X-CDN-Forward
X-Oss-Object-Type
X-Pubstack
X-CCM
X-Adobe-Source
X-CF-Lambda-Version
X-Connection-Hash
X-D
CloudFront-Viewer-Country
DCR-Decision-By
X-B-Cookie
X-CF-Lambda-Fn
X-Date
X-External-Request-Id
X-Minions-Version
Apple-News-Services-Host
Apple-News-Services-Handled
Apple-News-Services-Parsed-Url
X-Generation-Time
X-ARC
Apple-News-Services-Request-Url
X-Destination
X-Aed
Fastcgi-X-Cache-Version
DCR-Processing-Time-Ms
Surrogated-Key
Host-ID
Machine
Meta-Geo-Continent
Mobile-Detection-Method
Rendered-Blocks
X-A
X-OVcl
X-A-Wwc
X-Accel-Expires-Debug
MD5-Digest
X-A-Dgt
X-A-Dcw
X-A-Ccd
X-A-Dam
X-Application
X-G
X-Transaction
X-Trv-Group
X-Twitter-Response-Tags
X-ScT
X-S
X-Rewrite-Enabled
X-Rojux
X-Up
X-Vdms-Path
X-Vtex-Remote-Cache
X-Worker
Xc-Version
X-Vtex-Processado-Em
X-VG-WebServer
X-Vdms-Version
X-VG-WebCache
X-Processor
X-S-Cookie
X-OVcl-Cache
X-PAYTM-SRV-ID
X-PBS-Appsvrname
X-Storefront-Renderer-Rendered
X-PERF
X-Varnishpool
X-Alternate-Cache-Key
X-Viewer-Country
X-ShardId
X-ApacheServer
X-Cache-2
X-Shopify-Stage
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-ShopId
X-Forwarded-Host
AKAMAI
CDN-Cache
Mail-Subject
CDN-CachedAt
X-Microcachable
NM-Fastcgi-Cache
X-Method
X-Micro-Cache
X-VG-TLSProxy
X-Request-UUID
Fastly-SSL
X-Owner
CDN-Uid
CacheControlHeader
CDN-RequestId
X-Webstats-RespID
X-WADP-Cache
SD-X-WS
CDN-EdgeStorageId
CDN-PullZone
CDN-RequestCountryCode
Wxu-Next-Commit
X-Cache-Bucket
X-Cache-Grace
X-Bip
X-Reqid
X-Agile-Id
X-Fmm-Version
X-Req
X-Clara-WADP
X-Render-Time
X-Dispatcher-Server
X-CUA
X-Core-Value
X-Cms-Context
X-Agile-Age
X-Agile
X-Edge-Location
Wxu-Next-Hostname
We-Hiring
X-HS-Content-Campaign-Id
X-Platform
Wxu-Next-Region
X-Hash
X-SN
X-Generated-On
X-Soup
X-Storage
X-Thanos
X-Level-Front-Cache
X-Envoy-Decorator-Operation
X-AIR-PT
X-Varnish-Ttl
X-TX-ID
X-Dc
X-Correlation-Id
X-Varnish-Beresp-Ttl
X-Varnish-Beresp-Grace
HostName
X-Varnish-Beresp-Status
Decoy-Debug-TTL
Decoy-Debug-Status
Decoy-Debug-Key
X-Cdn-Forward
Akamai-GRN
X-Geo-Header
PFcat
Gh-Request-Id
Group
Ha-Gx-Prefs
X-Gzip
Fastly-Drupal-HTML
Country-Code
Country
X-HN
X-Location
X-DPWN-IS-SECURE
HA-Ipaddr
X-Developers
Fastly-SWR
Platform
X-Varnish-Cacheable
X-VarnishDD-TTL
Is-Eu
X-VHOST
X-Eu-Site
X-Gamma-Serve
X-Backend-TTL
L5d-Success-Class
X-Fastly-Cache
M-TraceId
Pagetype
Fastly-SIE
X-Esi-Check
X-Servername
X-Cache-Id
Backend
X-Cache-Config
X-Skip-Cache
X-Variation
X-CGP
X-Cluster-Name
X-Cdn-Srv
X-Cache-URL
X-Cache-NGX
Ufe-Result
X-Core-Mission
Cache-Status
X-Auto-Login
Adler-Geo
X-Amz-Meta-Cb-Modifiedtime
X-Csrf-Jwt
X-Proxy-Upstream
X-Policy
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-NC
X-RateLimit-Remaining
UCS
X-Web-Node
X-SayCDN-TTL
X-Request-Host
X-Content-Age
X-Old-Content-Length
X-Irp-Debug
X-Say-Cacheable
X-Slack-Backend
X-Say-TTL
X-CS
X-Wikidot-Static-Cache
X-Backend-State
X-Cache-Date
Rt-Fastcgi-Cache
X-LI-UUID
X-Request-Start
X-Cache-Tags
X-Li-Pop
X-JWT-State
X-Has-Esi
X-Fastly-Backend
X-Clientip
X-Li-Fabric
X-Is-Gdpr
Memcached
L
X-Wikidot-Backend
Fastly-Backend-Name
C-Via
Nel
X-ORACLE-APMCS-REQUEST-ID
Origin
Arc-Country
X-Refresh
Actual-Object-TTL
X-Ms-Version
X-Ms-Request-Id
X-Mvc-Supplant-Cachable
X-B3-Spanid
X-NODE
VivaBuild
X-Wa
X-LB-ID
X-PF-Uncompressing
Viewtype
X-Aicache-OS
Srv
NGX
X-ZONE
X-BC
FSS-Proxy
X-RunCloud-Cache
X-Via-Popn
X-Via-Poph
X-Via-Ucdn
Geo-Info
X-LAGOON
X-Platform-Server
X-B3-Traceid
X-Unique-ID
X-DefElseHash
X-Varnish-Remaining-TTL
X-Varnish-CookieHashed-On
X-Varnish-CookieINHashed-On
X-DefHash
Upgrade-Insecure-Requests
X-Srv
X-Edge-Server
Cdn-Request-Time
Memory
X-LI-Proto
X-Branch-Name
Cdn-Host
X-Servedbyhost
X-Vgn-Hpd-Ssi
X-Mvc-Supplant-OutputCached
X-SERVER
X-UPSTREAM-Address
X-Cache-Debug
X-Zone
X-Bc
X-Session-Fingerprint
X-Mobile-Rewrite
X-Geo
X-Request-Time
X-LiteSpeed-Cache-Control
Sid
X-Cluster-Node
Server-Info
X-Epic-Correlation-Id
X-Debug-Cache-Fetch
X-APP
X-FC-Vary-Parameters
X-Debug-Cache-Store
X-FPC
X-Akamai-Request-ID2
X-Nginx-Cache
X-Action
Xserver
X-Hit
CACHE
WWW-Authenticate
X-DB
X-Cs
X-Varnish-Hostname
X-RPS
X-RSL
X-DI
X-DW
X-Via-Popv
X-CF-Powered-By
X-RPM
X-DSS
Apigw-Requestid
X-NGINX-Cache
X-FORWARDED-FOR
X-CSRF-TOKEN
X-ECache
X-Nc
X-Flags
X-Oss-Cdn-Auth
X-Route-Name
X-Providence-Cookie
X-MP-GENERATED-AT
X-Is-Crawler
X-HS-Status
NtCoent-Length
X-Aspnet-Duration-Ms
Hostname
X-GEO
X-DC
X-Vcache
X-Vcl-Version
X-Ftr-Cache-Host
Geoip-Latitude
GeoIp-Country-Code
User-Agent
XServer
X-VCL-Version
Processtime
GeoIP-Latitude
ProcessTime
X-Check-Cacheable
Origin-Edge-Control
X-SERVER-NAME
GeoIP-Country-Code
Origin-Cache-Control
CF-IPCountry
Accept-Language
X-Tb
X-Page-View
X-Key
X-Dynatrace-Js-Agent
X-Dispatch
X-NU-AKA-ACS-Version
X-HOST
Esi-Enabled
X-Envoy-Upstream-Healthchecked-Cluster
X-UnsetCookies
X-Via-CDN
X-Webkit-CSP-Report-Only
SRV
SID
X-HITS
HitType
X-Via-SSL
X-Via-Edge
Proxy-Firewall
W
X-Fastly-Country-Code
X-Svr
X-App
X-Fpc
X-Cache-Hm
X-Cache-Hfrom
Edge-Copy-Time
X-Pass-Why
WebServer
X-RAMCache
CDN
Lb
X-Sql-Count
X-Sql-Duration-Ms
A
X-Path-Route
Fastcgi-Cache-TTL
X-We-Are-Hiring
Cdn
BehaviorPad-Version
X-Generated
X-Www-Served-By
On-Server
X-COUNTRY
X-CACHE-KEY
ServedBy
X-Geo-Region
Cteonnt-Length
Amp-Access-Control-Allow-Source-Origin
Ohc-File-Size
X-TrackingId
S-Rt
Cache-Hits
LB
Xet-Cookie
Powered-By
T-Server
N-Cache
X-Newrelic-App-Data
X-Instart-Info
X-Amzn-Remapped-Date
X-SRV
X-MSEdge-Flight
X-MSEdge-Features
X-Amzn-Remapped-Connection
X-Newrelic-Synthetics
X-Cache-Remote
X-S-Maxage
X-Pjax-Url
X-Li-Proto
Server-Host
X-ServedByHost
X-Datadome
X-Dynatrace
X-Origin-Response-Time
X-LiteSpeed-Tag
Magicmarker
X-Akamai-Pragma-Client-IP
Tcn
X-Served-From
Pics-Label
Content-Style-Type
X-Batcache
X-TH-Server
Cache-Key
X-HostName
Content-Script-Type
WZWS-RAY
X-TT-LOGID
Cache-Provider
Dnion-Transfer-Encoding
X-Via-PopV
X-Region-Sid
X-Via-PopN
X-Via-PopH
X-Lb-Id
X-Via-NSCOPI
X-RateLimit-Limit
Odigeo-Trace-Id
X-StackifyID
X-SB
User-Cache-Control
Ohc-Cache-HIT
X-VC
X-Presslabs-Stats
Cf-Alt-Svc
X-B3-SpanId
X-Tt-Logid
X-Agile-Brick-Ok
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-ID
X-WA
X-Varnish-Hits
Load-Balancing
X-Pf-Uncompressing
Server-Ttl
X-Info
X-Planisys-CDN-Cache
X-Vgn-Hpd-Reason
X-Erf-Bev-Bev-Is-Generated
X-Cache-Tag
X-Erf-Bev-Bev
X-Origin-CC
X-Magnolia-Registration
X-PJAX-URL
X-Parent-Response-Time
Who
Inserted-Into-Cache-At
X-Developer
X-Origin-TTL
X-SRCache-Key
X-Pad
AsisCache
X-Tid
X-DevSite-Last-Modified
GEO-REGION-INFO
X-Yottaa-OS
Section-Io-Id
Cache-Name
Proxy-Connection
X-ElasticPress-Query
Section-Io-Origin-Time-Seconds
CountryCode
Source
Section-Origin-Responded
Section-Io-Origin-Status
X-Selected-Name
DSUID
X-BACKEND-TTL
X-Selected-Host-Header
X-Selected-Scheme
Protected
X-UA-Device-Type
X-Apw-Access-Object
X-Varnish-Beresp-TTL
Pragrma
X-Request-URL
X-Apw-Hits
X-Apw-Access-Token
X-Uri
Mime-Version
X-C
X-Apw-Access-Action
X-Dw-Trace-Id
PICS-Label
X-MiniProfiler-Ids
URI
X-Request-URI
X-Azure-Ref-OriginShield
X-BBXSRF
X-Akamai-Request-ID
Web-Mar-Node
V-Age
Vix-Hermes-Req-Id
X-Block-Status
X-Cache-ASPX
X-Device-Os
X-Fetched-On
X-Contensis-Viewer-Groups
X-Cdn-Request-ID
X-Cache-Info
X-Cdn-Origin
Tracecode
Thinkindot-Control
Locid
MIME-Version
Kp-EeAlive
IsBot
CDCHOST
FNAC-ModuleRouting
Path
Pramga
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
Sever-Int
Server-Hostname
Release
Server-Ext
X-Gen-Mode
X-Generated-In
X-Var-Ttl
X-Varnish-Authentication
X-Trace-Id
X-Thinkindot-L3
X-SVT-ORM-VERSION
X-Swa-Ws
X-Varnish-URL
X-Akamai-ERPolicy
X-Nananana
X-Proxy-Cachei7
Cneonction
X-Fastly-Cache-Hits
X-Akamai-ERRuleID
X-Compress-Hint
X-SVT-ORM-RULES
X-Sn-Servicetimems
X-Logging-Id
X-Matched-Rule
X-Loc
X-Hnp-Log
X-GeoIP-City
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Nginx-Cache-Key
X-NodeID
X-ServiceProvider
X-SIPLIST1
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Origin-Date
X-Origin-Expires
Vha6-Origin