Threat Level: green Handler on Duty: Remco Verhoef

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-Cache-Status
Accept-Ranges
Pragma
Link
X-Powered-By
ETag
Expect-CT
X-XSS-Protection
CF-RAY
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-UA-Compatible
X-Amz-Cf-Id
P3P
X-Cache-Hits
Alt-Svc
X-Served-By
CF-Ray
X-Xss-Protection
X-Timer
X-Download-Options
X-Varnish
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Check
X-Adblock-Key
X-Request-ID
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-Generator
X-Cacheable
X-Kinja-Server-Push
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Iinfo
X-Content-Security-Policy
P3p
Status
Content-Encoding
X-AspNetMvc-Version
X-CDN
Upgrade
X-Envoy-Upstream-Service-Time
X-Drupal-Dynamic-Cache
Access-Control-Max-Age
Access-Control-Expose-Headers
Keep-Alive
X-Via
X-Ws-Request-Id
Feature-Policy
X-Age
X-Cache-Group
X-Server
X-Backend
X-Amz-Request-Id
X-Hacker
X-Robots-Tag
X-Amz-Id-2
X-UA-Device
X-AH-Environment
Request-Context
X-Proxy-Cache
EagleId
X-Turbo-Charged-By
X-Server-Powered-By
Server-Timing
X-Nginx-Cache-Status
X-Template
Grace
X-Dns-Prefetch-Control
Host-Header
X-Language
Report-To
X-Rq
X-Page-Speed
Xkey
X-OneAgent-JS-Injection
X-Varnish-Cache
X-Ua-Compatible
X-Pingback
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
Cf-Railgun
X-LiteSpeed-Cache
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Amz-Version-Id
X-Buckets
X-Vhost
X-Host
X-WebKit-CSP
X-Backend-Server
NEL
X-Server-Id
X-Dispatcher
X-Device
Accept-CH-Lifetime
Surrogate-Control
X-Node
X-Ruxit-JS-Agent
Request-Id
Accept-CH
Content-Location
X-Response-Time
EagleEye-TraceId
X-Cache-Lookup
X-Akam-SW-Version
X-Origin-Cache
X-Ac
Allow
X-Readtime
X-Mod-Pagespeed
Rating
X-HW
X-Country
X-Application-Context
X-Cloud-Trace-Context
X-ORACLE-DMS-ECID
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Edge-Control
X-ORACLE-DMS-RID
Pinterest-Generated-By
X-MS-InvokeApp
X-Cnection
X-PC
X-Vname
X-TtlSet
X-Country-Code
X-CST
X-Varnish-TTL
X-DataDome
X-GitHub-Request-Id
X-Content-Type
X-ASPNET-VERSION
X-D2id
X-Clacks-Overhead
X-Server-Name
X-Trace
Pagespeed
Display
X-Middleton-Display
X-Middleton-Response
X-Sol
Response
X-FastCGI-Cache
MS-Author-Via
X-Origin-Upstream-Status
X-Pinterest-Rid
Pinterest-Version
X-TTL
X-B3-TraceId
Fusion-Content-Id
Fusion-Component-Id
Fusion-Deployment-Id
Fusion-Source
Fusion-Template-Id
Fusion-Content-Source
X-Vcap-Request-Id
X-Px
X-Rack-Cache
X-Abt-Application-Version
X-ESI
X-Navigation-Version
X-Url
Service-Worker-Allowed
Verso
Arr-Disable-Session-Affinity
X-Client-IP
X-Cache-TTL
X-Cached
X-Fastly-Request-ID
X-Element-Page-Cache
X-DynaTrace
X-FTR-Request-ID
X-Dw-Request-Base-Id
X-Webkit-CSP
X-SharePointHealthScore
SPRequestGuid
X-VARITI-CCR
X-Kinja-Server
X-Use-Magma
X-Kinja-Revision
X-Kinja-Build
X-Exp-Variant
X-Kinja
X-Exp-Id
X-Cdn-Fetch
X-GoogleNews-Bot
X-Powered-By-Plesk
X-Goog-Hash
X-Upstream
Fastly-Restarts
X-NF-Request-ID
AR-ATIME
AR-Request-ID
AR-CACHE
AR-PoweredBy
X-Debug
Content-MD5
Ar-Sid
X-MSEdge-Ref
SPIisLatency
SPRequestDuration
X-Forwarded-Proto
X-Pinterest-Direct
X-Powered-CMS
X-Version
Access-Control-Request-Method
X-Release
X-Amz-Rid
X-T
X-XRDS-Location
X-Jurisdiction
S
X-Edge
X-Content-Digest
TCN
RTSS
TP-Cache
TP-L2-Cache
Public-Key-Pins
X-Ezoic-Cdn
Cache-Tag
X-Litespeed-Cache
Front-End-Https
X-Cache-Key
X-MCACHE
X-Mid
X-Yandex-Sdch-Disable
X-Node-Name
Server-Node
X-Mg-S
X-Amz-Server-Side-Encryption
X-Request-Processing-Time
X-Request-Received
Fastcgi-Cache
X-Recruiting
MRF-Tech
Mrf-Cache-Status
X-B3-TraceId-Primal
X-SRCache-Store-Status
X-HP-Webp
X-SRCache-Fetch-Status
X-Amzn-Trace-Id
X-Accel-Expires
X-Ser
X-PressLabs-Stats
X-Kinsta-Cache
X-Grace
X-Ttl
X-NWS-LOG-UUID
X-Request-Handler-Origin-Region
X-Microsite
Accept-Ch
X-Origin-Server
X-Varnish-Age
Accept-Charset
MicrosoftSharePointTeamServices
ServerID
X-Logged-In
X-DIS-Request-ID
X-Page-Id
Edge-Cache-Tag
Cf-Bgj
X-Shield-Request-Id
X-Ratelimit-Remaining
Host
Nginx-Cache
X-ECACHE
X-Content-Security-Policy-Report-Only
X-Cache-Hit
X-Hits
Powered-By-ChinaCache
Cache-Tags
X-B
X-Forwarded-For
X-Hostname
X-F-Cache
X-LB-Cache
X-Server-ID
X-Mobile-URL
X-Respond-Thread
Cleartype
X-Activity-Id
X-AppVersion
X-Az
X-Git-Hash
X-Cached-By
Realpath
X-N
X-Cache-Age
X-Content-Options
X-Upgrade-Enabled
Alternate-Protocol
X-Ratelimit-Limit
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Type
X-Amz-Meta-S3cmd-Attrs
DynaTrace
X-Request-Guid
X-Rid
X-App-Environment
X-Load-Cache
X-Varnish-Backend
Paypal-Debug-Id
X-Jobs
Fastcgi-Useragent
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-Cache-Status
X-FTR-Realm
Access-Control-Allow-Method
X-Country-Code-Real
X-FTR-DC
X-FTR-Backend
X-FTR-Expires
X-Seen-By
X-WebKit-CSP-Report-Only
X-Proxy
X-HS-Content-Id
X-HS-Hub-Id
X-HS-Cache-Config
Charset
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-HS-Combine-CSS
X-Goog-Metageneration
X-Goog-Storage-Class
X-Zen-Fury
X-GUploader-UploadID
X-Goog-Stored-Content-Length
X-Akamai-Edgescape
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-URL
X-TEC-API-VERSION
X-B3-Sampled
X-FireWall-Port
Filters
X-VCache
X-FB-Debug
X-IPLB-Instance
X-Daa-Tunnel
X-Signature
X-B-Cache
Filterid
X-Varnish-Grace
X-Debug-Info
Healthy
X-AOL-HN
X-Whom
MS-CV
X-Host-Name
Viewport
X-Correlation-ID
X-Mobile
X-Geo-Country
X-Region
X-User-Agent
DC
Payment
X-Frontend
X-App-Server
Liferay-Portal
X-Cache-Operation
X-Response-Served-From
X-Accel-Buffering
X-Original-Request-Id
X-Cache-Rule
AMP-Access-Control-Allow-Source-Origin
X-Instance
X-UUID
X-Distributor
X-HTML-Minification-Powered-By
Surrogate-Key
X-Rule
X-Tumblr-Pixel-2
X-FW-Serve
X-Tumblr-Pixel-1
X-FW-Static
X-Tumblr-User
X-FW-Server
X-FW-Hash
X-FW-Type
X-Amz-Replication-Status
X-FW-Dynamic
X-Cache-Time
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Cacheable-TTL
X-Protected-By
CACHE
X-Content-Powered-By
Refresh
Accept-Ch-Lifetime
S-Cnection
Section-Io-Cache
X-Via-JSL
X-Acc-Debug-Context
X-Cache-Expired-At
X-Id
X-Wix-Request-Id
Version
X-Is-Bot
X-Rendered-As
Content-Disposition
X-Tec-Api-Root
X-Cache-Action
X-Tec-Api-Version
X-Hyper-Cache
GEO-INFO
X-Tec-Api-Origin
X-Backend-Name
X-Sucuri-ID
X-Amz-Apigw-Id
X-Amzn-RequestId
Server-Name
Nel
X-XRDS-LOCATION
X-Endurance-Cache-Level
Retry-After
X-Air-Hostname
Datacenter
PB-RID
PB-PID
Arc-Version
X-Ah-Environment
X-Ua
X-Cache-Server
X-Source
X-Oneagent-Js-Injection
X-App-Version
Eomportal-Instance
X-Real-IP
X-Unique-Id
X-L-Path
X-Environment-Context
X-ProcessESI
X-RemovedCookies
X-EdgeConnect-Cache-Status
X-Yottaa-Optimizations
Frame-Options
X-Pinterest-Sli-Latency-Threshold
X-Pinterest-Sli-Endpoint-Name
X-Revision
Referer-Policy
X-Yottaa-Metrics
X-Pinterest-Sli-Response-Type
X-Correlation-Id
X-Framework
X-Drupal-Cache-Contexts
X-RTag
X-Sucuri-Cache
Ms-Operation-Id
X-Varnish-Server
Countrycode
X-Cache-Spec
X-Drupal-Cache-Tags
X-Cache-Control
NGB
X-WA-Info
X-Cache-Var-Map
X-ES-SERVER
Meta-Geo
X-Cache-Var
Webserver
X-RN-RSRV
Akamai-Age-Ms
X-Proxy-Cache-Status
X-Time-Microsecs
X-Mode
X-ProxyCache-Status
Cache-Tv-Group
X-Cache-Host
X-TIME
X-Qloud-Router
X-Cache-TTL-Remaining
X-BYPASS-REASON
X-Xfnlog-Site
X-ProxyCache-Key
X-Azure-Ref
X-R9-Blue-Green-Version
DB-Nickname
X-CDN-Forward
X-GeoIP
Ec-Rule-Version
X-Contextid
Cross-Origin-Window-Policy
X-Is-Crawler
X-PHP-Host
X-PCL
X-Cluster
X-Redis-Cache
X-VWS-Id
X-Status
Mn-Server-Ip
X-Origin-Hint
X-OCL
X-Labrador-Cache-Channel
X-Human
X-Handled-By
X-LJ-Flow-ID
X-Hl-Ver
X-FW-Version
X-NYM-Debug-Backend
X-Server-W
X-AWS-Id
TWC-Locale-Group
TWC-Privacy
Webcakes-App-Name
X-Route-Name
TWC-GeoIP-LatLong
TWC-GeoIP-Country
Property-Id
TWC-Connection-Speed
TWC-Device-Class
X-Providence-Cookie
Webcakes-App-Version
Webcakes-Region
X-Flags
X-Aspnet-Duration-Ms
X-Amzn-Remapped-Content-Length
X-Loop
X-TNCMS
Selected-Fe
X-Hosted-By
X-Timing-Wait
X-Be
X-Section
X-Proxy-Build
X-FB-TRIP-ID
X-Format
X-Proto
X-ServerID
X-Access
X-Proxied
X-NewRelic-App-Data
X-From
X-Detected-As
X-Routing-Service
X-Via-Fastly
X-Zipkin-Id
X-No-Session
X-Adobe-Content
X-Adobe-Loc
X-TT
X-Site-Version
X-Locale
Uber-Trace-Id
X-AIR-PT
X-Tt-Trace-Host
FSS-Cache
X-DynaTrace-JS-Agent
X-Tt-Trace-Tag
X-Cache-PHP
X-LLID
X-Generated-By
X-Device-Type
X-ATG-Version
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Ratelimit-Reset
X-Debug-Cache
X-BCube-Filmed-By
X-NC
Upgrade-Insecure-Requests
X-PHP-Backend
Azure-Version
X-Esi
Azure-RegionName
Azure-InstanceId
Azure-SlotName
Azure-SiteName
Access-Control-Request-Headers
X-Varnish-Cache-Hits
X-Aspnetmvc-Version
X-CSRF-Token
OT-Force-Account-Verify
From-Origin
X-ID
X-UPSTREAM-Address
X-NCache
Cache-Status
X-CCM
X-Adobe-Source
SD-X-WS
X-GoCache-CacheStatus
X-Origin
X-Oss-Storage-Class
X-Oss-Request-Id
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Page-View
X-Oss-Server-Time
CF-Cached-On
X-Backend-TTL
X-COUNTRY
X-Cache-2
X-G
X-Akamai-Transformed
X-Varnishpool
X-LAGOON
X-Soup
X-Storefront-Renderer-Rendered
X-Sorting-Hat-ShopId
X-ShopId
X-Alternate-Cache-Key
X-Shopify-Stage
X-Sorting-Hat-PodId
X-ShardId
X-Pubstack
X-PERF
Powered
X-APP-VERSION
X-Say-TTL
X-Storage
X-SaId
X-SayCDN-TTL
X-Forwarded-Host
X-Cluster-Name
Decoy-Debug-Status
Decoy-Debug-Key
Country
Decoy-Debug-TTL
Fastly-SSL
X-Cache-Grace
X-ApacheServer
X-Backend-Host
SRV
X-Say-Cacheable
X-JoinUs
X-Web-Node
Node
X-FTR-Cache-Host
X-Time
X-IP
Cache
X-ECache
X-Ruxit-Js-Agent
X-TX-ID
X-Via-CDN
X-Viewer-Country
X-Cache-Enabled
X-GEO
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-VG-WebCache
X-PAYTM-SRV-ID
Apple-News-Services-Parsed-Url
X-Destination
X-PBS-Appsvrname
X-CF-Lambda-Version
X-Cache-NE
DCR-Processing-Time-Ms
X-Vdms-Path
X-CF-Lambda-Fn
X-Vtex-Processado-Em
Meta-Geo-Continent
Host-ID
X-Worker
X-A-Ccd
X-A
X-D
X-Connection-Hash
X-Vdms-Version
Apple-News-Services-Handled
DCR-Decision-By
Apple-News-Services-Host
Mobile-Detection-Method
Machine
MD5-Digest
X-Rojux
X-Rewrite-Enabled
X-A-Wwc
X-ARC
Xc-Version
Rendered-Blocks
X-S-Cookie
X-S
X-ScT
X-VG-WebServer
X-Application
X-Session-Fingerprint
X-B-Cookie
X-Aed
X-A-Dam
Apple-News-Services-Request-Url
X-Trv-Group
Fastcgi-X-Cache-Version
X-Vtex-Remote-Cache
X-A-Dcw
X-RCS-CacheZone
X-Processor
X-External-Request-Id
X-Request-UUID
X-Tumblr-Pixel-3
X-A-Dgt
X-EC-Lua
X-Cdn
X-Cache-Config
X-IPS-LoggedIn
X-NWS-UUID-VERIFY
CDN-EdgeStorageId
Fastly-SWR
Platform
Fastly-SIE
CDN-Cache
CDN-RequestCountryCode
Gh-Request-Id
CDN-Uid
CDN-RequestId
Adler-Geo
CDN-CachedAt
Is-Eu
X-Fastly-Cache
X-Varnish-CookieINHashed-On
CDN-PullZone
X-Varnish-CookieHashed-On
X-Varnish-Remaining-TTL
X-DPWN-IS-SECURE
X-DefHash
X-VG-TLSProxy
X-Fmm-Version
X-Generation-Time
X-Rebelmouse-Cache-Control
X-Microcachable
X-Platform-Server
X-Rebelmouse-Surrogate-Control
X-Auto-Login
X-Variation
X-Servername
X-DefElseHash
X-Envoy-Decorator-Operation
X-Clara-WADP
X-Varnish-Beresp-Ttl
X-CUA
X-Cache-Bucket
X-Cache-Debug
X-Varnish-Beresp-Status
X-Cms-Context
X-Core-Value
X-WADP-Cache
X-Varnish-Beresp-Grace
Backend
X-Old-Content-Length
X-OVcl-Cache
L
X-OVcl
X-Irp-Debug
X-Wikidot-Static-Cache
X-Policy
X-Platform
Fastly-Backend-Name
X-Webstats-RespID
NM-Fastcgi-Cache
X-VarnishDD-TTL
CloudFront-Viewer-Country
X-Varnish-Cacheable
X-Wikidot-Backend
X-Request-Start
Fastly-Drupal-HTML
X-SN
X-Request-Host
X-Li-Pop
X-Dispatcher-Server
X-Developers
X-Esi-Check
X-Fastly-Backend
X-Gamma-Serve
Wxu-Next-Commit
Wxu-Next-Hostname
Wxu-Next-Region
X-Branch-Name
X-Backend-State
X-Cache-Date
X-Cache-NGX
X-Clientip
X-Gzip
X-Has-Esi
X-Micro-Cache
X-Location
X-Ms-Request-Id
X-Ms-Version
PFcat
Rt-Fastcgi-Cache
X-LI-UUID
X-HS-Content-Campaign-Id
X-HN
X-Is-Gdpr
X-JWT-State
X-Li-Fabric
Origin
X-Cache-Id
Akamai-GRN
X-Fastcgi-Cache
C-Via
X-B3-Spanid
CacheControlHeader
X-UA
X-Cache-Backend
X-B3-Traceid
X-Bc-Bl
X-Owner
X-Render-Time
X-Skip-Cache
X-Slack-Backend
X-Method
X-Varnish-Ttl
X-Geo-Header
X-Generated-On
X-Hash
X-Reqid
X-Thanos
X-Level-Front-Cache
X-Bip
AKAMAI
X-CGP
X-Csrf-Jwt
X-Eu-Site
X-Mvc-Supplant-Cachable
X-DC
X-Cache-Remote
X-Cache-Tags
Ha-Gx-Prefs
X-Core-Mission
X-Content-Age
Pagetype
HA-Ipaddr
L5d-Success-Class
X-CS
X-Sql-Count
X-Sql-Duration-Ms
X-Transaction
X-Refresh
X-PF-Uncompressing
X-Twitter-Response-Tags
X-Wa
X-EIG-Tracking-Id
X-TA-CDN-Provider
X-Minions-Version
UCS
X-Aicache-OS
FSS-Proxy
X-SRV
X-Ftr-Cache-Host
X-Amz-Meta-Cb-Modifiedtime
XServer
Country-Code
X-NODE
Hostname
NGX
X-Accel-Expires-Debug
X-Www-Served-By
X-Via-Popn
X-Date
Surrogated-Key
X-NU-AKA-ACS-Version
X-Via-Poph
X-S-Maxage
X-NGENIX-Cache
X-Hp-Webp
Cache-Hits
X-Vgn-Hpd-Variations-Key
X-Vgn-Hpd-Cached
X-Mvc-Supplant-OutputCached
X-Edge-Location
X-LB-ID
X-LI-Proto
X-Up
X-Req
X-Servedbyhost
X-RateLimit-Remaining
X-Presslabs-Stats
Protected
X-Nginx-Cache
X-Check-Cacheable
Group
X-Dc
Memcached
Ufe-Result
X-Cache-URL
X-Debug-Cache-Fetch
Mail-Subject
X-Debug-Cache-Store
We-Hiring
X-Cdn-Srv
Time
X-FPC
ServedBy
X-Proxy-Upstream
X-Ua-Device
X-Via-Edge
X-Via-SSL
On-Server
X-Svr
Edge-Copy-Time
X-Varnish-Hostname
HostName
X-CACHE-AGE
Now
GeoIp-Country-Code
Geoip-Latitude
X-Request-Time
X-ZONE
X-Dynatrace-Js-Agent
X-BC
X-Agile-Id
T-Server
X-Agile-Age
X-Agile
X-VCL-Version
X-Pass-Why
X-Webkit-Csp
X-Cluster-Node
X-CSRF-TOKEN
X-Uri
SID
X-FORWARDED-FOR
X-Cs
X-MP-GENERATED-AT
Server-Host
Section-Io-Id
Pics-Label
Section-Io-Origin-Status
X-NGINX-Cache
Section-Origin-Responded
X-Acc-Rdl
Section-Io-Origin-Time-Seconds
N-Cache
M-TraceId
WZWS-RAY
X-Varnish-Hits
X-UnsetCookies
Xserver
Magicmarker
ProcessTime
X-Datadome
X-Via-Popv
X-SB
X-Cdn-Forward
X-VC
X-LiteSpeed-Cache-Control
Ohc-File-Size
X-TT-LOGID
X-Bc
X-Zone
X-HS-Status
X-Srv
Arc-Country
X-Erf-Stays-Bingo-Pdp-Web
X-CF-Powered-By
Apigw-Requestid
DSUID
X-APP
X-Info
Cache-Name
Ohc-Cache-HIT
NtCoent-Length
X-UA-Device-Type
X-We-Are-Hiring
Cdn-Request-Time
Cteonnt-Length
Viewtype
VivaBuild
Cdn-Host
X-Edge-Server
Odigeo-Trace-Id
X-Origin-Date
User-Cache-Control
User-Agent
Memory
WebServer
CF-IPCountry
W
X-Action
Tracecode
X-MSEdge-Flight
X-MSEdge-Features
Processtime
X-Via-Ucdn
X-RunCloud-Cache
Server-Info
Srv
LB
Amp-Access-Control-Allow-Source-Origin
X-Magnolia-Registration
X-DB
X-RPM
X-Tb
WWW-Authenticate
X-DI
X-RPS
Sid
X-DW
X-RSL
X-Oss-Cdn-Auth
X-DSS
Ssr
CountryCode
X-Newrelic-App-Data
X-HOST
S-Rt
CDN
Lfy
X-Vgn-Hpd-Ssi
X-HITS
X-Dynatrace
Vix-Hermes-Req-Id
X-API-Version
Web-Mar-Node
X-Block-Status
X-Cache-Hfrom
X-Cache-Info
X-Contensis-Viewer-Groups
X-Cache-Hm
X-Cache-Expires
X-BBXSRF
X-Vcl-Version
X-Cache-ASPX
X-BBC-Edge-Cache-Status
Sever-Int
IsBot
Locid
X-Pjax-Url
MIME-Version
Instruction
CDCHOST
D-Cc-Upstream
X-Cc-Req-Id
X-Cc-Via
Path
X-VServer
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
Thinkindot-Control
True-Client-Country-4JS
SR-User-Adfree
X-Developer
Server-Ext
Server-Hostname
Server-ID
V-Age
X-Gen-Mode
X-Origin-TTL
X-Request-URI
Geo-Info
X-Unique-ID
X-Origin-Time
X-Nyt-Route
X-Origin-CC
X-Origin-Expires
X-Response-By
X-SD-PageType
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Thinkindot-L3
X-Browser-Type
X-SRCache-Key
X-Server-IP
X-SIPLIST1
X-Node-Id
X-Varnish-Authentication
X-User
X-Hnp-Log
X-Gdpr
X-Nginx-Cache-Key
X-Loc
X-Varnish-Url
X-Matched-Rule
X-Webkit-CSP-Report-Only
X-Geo
X-Hit
X-Swa-Ws
X-Traceid
Cache-Host
X-Var-Ttl
GeoIP-Country-Code
X-Scheme
GeoIP-Latitude
X-Fetched-On
X-GeoIP-City
X-Device-Os
X-Newrelic-Synthetics
X-Fastly-Country-Code
X-FC-Vary-Parameters
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Azure-Ref-OriginShield
X-Generated-In
Pramga
A
Release
X-CACHE-KEY
X-NodeID
X-Trace-Id
X-Sn-Servicetimems
X-Cdn-Origin
X-Akamai-Request-ID2
Lb
Cdn
X-Oracle-Dms-Rid
X-Provided-By
X-Via-NSCOPI
X-Nc
X-Epic-Correlation-Id
Cf-Device-Type
X-Fpc
X-Lb-Id
X-Envoy-Upstream-Healthchecked-Cluster
Source
X-Cache-Tag
X-Origin-Response-Time
X-ServedByHost
FNAC-ModuleRouting
X-Li-Proto
X-Men
Accept-Language
X-Fastly-Request-Id
Cache-Key
X-SERVER-NAME
Expiry
X-Akamai-Pragma-Client-IP
X-Via-PopN
Esi-Enabled
X-Sigma-Backend
X-Sigma
X-Rocket-Build-Number
X-StackifyID
X-Via-PopH
X-Via-PopV
Server-Ttl
Kp-EeAlive
X-Amzn-Remapped-Connection
X-Amzn-Remapped-Date
X-TH-Server
X-Served-From
Actual-Object-TTL
X-ORACLE-APMCS-REQUEST-ID
Cache-Provider
X-Instart-Request-ID
X-Parent-Response-Time
Content-Script-Type
X-Key
X-B3-SpanId
Content-Style-Type
Url
X-Vgn-Hpd-Reason
X-No-Cache
Xkeyi7
X-WA
X-Tt-Logid
X-ServiceProvider
X-Mobile-Rewrite
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-VC-Cache
EpKe-Alive
X-Request-URL
X-Yottaa-OS
X-Batcache
Content-Secure-Policy
Location
X-MiniProfiler-Ids
X-ElasticPress-Query
X-Proxy-Cachei7
X-Agile-Brick-Ok
Req-Svc-Chain
X-Akamai-Request-ID
Tcn
X-Vcache
BehaviorPad-Version
X-ND-Cache
X-B3-Parentspanid
URI
X-Varnish-Beresp-TTL
X-BBC-Origin-Response-Status
Origin-Cache-Control
X-Instart-Info
X-Apw-Hits
Inserted-Into-Cache-At
X-Dispatch
X-Apw-Access-Token
Proxy-Firewall
X-PJAX-URL
X-Apw-Access-Action
X-HostName
X-RateLimit-Limit
Origin-Edge-Control
Who
X-Apw-Access-Object
X-Selected-Scheme
X-Selected-Name
X-Selected-Host-Header
X-Geo-Region
PICS-Label
Resin-Trace
DataCenter
X-Snapshot-Date
X-TrackingId
X-Pf-Uncompressing
X-TraceId
HitType
X-RAMCache
X-Dw-Trace-Id
Cf-Alt-Svc
Mime-Version
NnCoection
Powered-By
Xet-Cookie
Pragrma
Vha6-Origin
X-C