Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Pragma
X-Powered-By
ETag
Link
Expect-CT
X-XSS-Protection
Via
Age
X-Cache
CF-RAY
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
P3P
X-Cache-Hits
CF-Ray
Alt-Svc
X-Served-By
X-Xss-Protection
X-Timer
X-Varnish
X-Download-Options
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Check
X-Adblock-Key
X-Request-ID
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-Generator
X-Cacheable
X-Kinja-Server-Push
Timing-Allow-Origin
X-FRAME-OPTIONS
X-DNS-Prefetch-Control
X-Iinfo
P3p
X-Content-Security-Policy
Status
X-AspNetMvc-Version
Content-Encoding
Upgrade
X-CDN
X-Drupal-Dynamic-Cache
X-Envoy-Upstream-Service-Time
Access-Control-Max-Age
Access-Control-Expose-Headers
Keep-Alive
X-Via
X-Template
X-Ws-Request-Id
X-Language
X-Dns-Prefetch-Control
Feature-Policy
X-Age
X-Backend
X-Cache-Group
X-Hacker
X-Server
X-Amz-Request-Id
X-Robots-Tag
X-Amz-Id-2
X-AH-Environment
EagleId
X-UA-Device
X-Proxy-Cache
Request-Context
X-Turbo-Charged-By
X-Server-Powered-By
Server-Timing
X-Nginx-Cache-Status
Host-Header
Grace
X-Buckets
Report-To
Xkey
X-Page-Speed
X-Rq
X-OneAgent-JS-Injection
X-Varnish-Cache
X-Pingback
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
Cf-Railgun
X-LiteSpeed-Cache
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Amz-Version-Id
X-Vhost
Cf-Bgj
X-Host
X-WebKit-CSP
X-Dispatcher
X-Backend-Server
NEL
X-Device
X-Node
Surrogate-Control
X-Ruxit-JS-Agent
X-Server-Id
X-Response-Time
Content-Location
X-Cache-Lookup
Request-Id
X-Origin-Cache
X-Akam-SW-Version
X-Ac
Accept-CH-Lifetime
EagleEye-TraceId
X-ASPNET-VERSION
X-Country
Accept-CH
X-HW
X-Mod-Pagespeed
X-Readtime
Rating
X-Cloud-Trace-Context
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
X-Application-Context
Pinterest-Generated-By
Allow
Edge-Control
X-Country-Code
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-TtlSet
X-PC
X-Vname
X-DataDome
X-Url
X-Varnish-TTL
X-Cnection
X-Origin-Upstream-Status
X-MS-InvokeApp
X-GitHub-Request-Id
X-Content-Type
Fusion-Template-Id
Fusion-Deployment-Id
Fusion-Component-Id
Fusion-Content-Id
Fusion-Content-Source
Fusion-Source
X-D2id
X-Clacks-Overhead
X-Trace
X-Abt-Application-Version
Response
Display
Pagespeed
X-Middleton-Display
X-Sol
X-Middleton-Response
X-Pinterest-Rid
Pinterest-Version
X-Server-Name
X-Webkit-CSP
X-ESI
X-Vcap-Request-Id
X-Px
X-Navigation-Version
X-FTR-Request-ID
X-Rack-Cache
X-B3-TraceId
Verso
Service-Worker-Allowed
X-DynaTrace
MS-Author-Via
X-Cached
X-Fastly-Request-ID
X-Element-Page-Cache
X-Client-IP
X-Cache-TTL
Arr-Disable-Session-Affinity
X-TTL
Accept-Ch
X-Dw-Request-Base-Id
X-Powered-By-Plesk
X-CST
X-FastCGI-Cache
Content-MD5
X-SharePointHealthScore
SPRequestGuid
X-Upstream
AR-PoweredBy
AR-ATIME
X-Version
AR-CACHE
AR-Request-ID
Ar-Sid
X-Forwarded-Proto
Fastly-Restarts
X-NF-Request-ID
X-Debug
X-VARITI-CCR
X-GoogleNews-Bot
X-Kinja
X-Kinja-Build
X-Kinja-Server
X-Exp-Variant
X-Kinja-Revision
X-Use-Magma
X-Exp-Id
X-Cdn-Fetch
X-Goog-Hash
X-T
X-XRDS-Location
Access-Control-Request-Method
X-Jurisdiction
X-Powered-CMS
X-MSEdge-Ref
X-Release
TP-L2-Cache
TP-Cache
X-Content-Digest
X-Edge
S
SPIisLatency
SPRequestDuration
X-Amz-Rid
TCN
X-Pinterest-Direct
RTSS
Cache-Tag
X-Ttl
Public-Key-Pins
X-NWS-LOG-UUID
X-Ezoic-Cdn
X-Server-ID
X-Node-Name
Fastcgi-Cache
X-PressLabs-Stats
X-Yandex-Sdch-Disable
X-Request-Received
X-Request-Processing-Time
X-Mid
X-Cache-Key
X-MCACHE
Server-Node
Front-End-Https
X-Accel-Expires
Accept-Ch-Lifetime
X-Amzn-Trace-Id
X-Logged-In
X-Ratelimit-Remaining
X-Recruiting
X-Kinsta-Cache
X-Request-Handler-Origin-Region
X-Microsite
X-Ser
X-Cache-Hit
ServerID
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
X-SRCache-Fetch-Status
X-Page-Id
X-SRCache-Store-Status
X-Origin-Server
Accept-Charset
Host
X-Litespeed-Cache
X-Amz-Server-Side-Encryption
X-Grace
X-B
Alternate-Protocol
X-ECACHE
X-Mg-S
X-Varnish-Age
X-Content-Security-Policy-Report-Only
X-DIS-Request-ID
X-Mobile-URL
X-Hostname
X-Shield-Request-Id
Nginx-Cache
Edge-Cache-Tag
X-Ratelimit-Limit
X-HP-Webp
X-Country-Code-Real
X-Forwarded-For
X-FTR-Backend
X-FTR-DC
Realpath
X-FTR-Realm
X-FTR-Cache-Status
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-Expires
X-Hits
X-Content-Options
X-FireWall-Port
X-Seen-By
X-LB-Cache
X-Git-Hash
X-F-Cache
X-Load-Cache
Filterid
X-Az
X-AppVersion
X-Activity-Id
X-Jobs
MicrosoftSharePointTeamServices
X-Request-Guid
X-N
X-Type
X-App-Environment
X-Varnish-Backend
Cache-Tags
Fastcgi-Useragent
X-Rid
Paypal-Debug-Id
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Varnish-Grace
DynaTrace
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Upgrade-Enabled
X-Zen-Fury
Access-Control-Allow-Method
X-Daa-Tunnel
X-Proxy
X-Cached-By
Cleartype
X-WebKit-CSP-Report-Only
X-Id
X-FB-Debug
X-Cache-Age
X-Amz-Meta-S3cmd-Attrs
Powered-By-ChinaCache
X-App-Server
X-Akamai-Edgescape
X-Correlation-ID
X-Geo-Country
X-Cache-Rule
X-Respond-Thread
DC
X-Cache-Operation
X-Host-Name
X-Goog-Generation
X-Goog-Stored-Content-Length
X-HS-Content-Id
X-HS-Hub-Id
X-Goog-Metageneration
X-HS-Cache-Config
X-GUploader-UploadID
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-B3-Sampled
X-Content-Powered-By
X-HS-Combine-CSS
X-User-Agent
Content-Disposition
X-AOL-HN
X-IPLB-Instance
Healthy
X-Original-Request-Id
X-Whom
X-Signature
X-B-Cache
X-Accel-Buffering
MS-CV
X-Debug-Info
X-Response-Served-From
X-Wix-Request-Id
X-Region
AMP-Access-Control-Allow-Source-Origin
X-HTML-Minification-Powered-By
Payment
X-Frontend
X-UUID
X-VCache
X-Distributor
X-Cacheable-TTL
X-Mobile
X-FW-Dynamic
X-Is-Bot
X-FW-Static
X-FW-Hash
X-Rendered-As
X-Ua
X-FW-Serve
X-FW-Type
X-Rule
X-FW-Server
X-Cache-Time
X-Endurance-Cache-Level
Akamai-Age-Ms
X-Instance
Datacenter
Refresh
X-Tumblr-Pixel-1
X-Tumblr-User
X-Tumblr-Pixel-0
X-Tumblr-Pixel-2
X-Tumblr-Pixel
Surrogate-Key
NGB
X-Amzn-RequestId
X-Amz-Apigw-Id
Charset
Filters
Countrycode
X-Via-JSL
Liferay-Portal
X-App-Version
X-Protected-By
X-Acc-Debug-Context
S-Cnection
Arc-Version
PB-PID
PB-RID
Viewport
X-Backend-Name
X-Varnish-Server
X-XRDS-LOCATION
Nel
X-Hyper-Cache
X-Cache-Expired-At
X-Cache-Server
X-Ah-Environment
X-Tec-Api-Version
X-Tec-Api-Root
X-Tec-Api-Origin
X-Oneagent-Js-Injection
X-Amz-Replication-Status
Section-Io-Cache
X-NewRelic-App-Data
Retry-After
X-PHP-Backend
X-Cache-Action
X-Azure-Ref
X-Sucuri-ID
X-Source
X-WA-Info
Referer-Policy
Version
GEO-INFO
X-Cache-Control
X-EdgeConnect-Cache-Status
X-Proxy-Cache-Status
Eomportal-Instance
X-Fastcgi-Cache
X-Real-IP
X-RemovedCookies
X-ProcessESI
X-Yottaa-Optimizations
X-Environment-Context
X-Framework
X-L-Path
X-Yottaa-Metrics
X-RN-RSRV
Ms-Operation-Id
Frame-Options
X-Air-Hostname
Server-Name
Meta-Geo
X-Cache-Var-Map
X-Cache-Var
X-Time
X-RTag
X-DynaTrace-JS-Agent
X-ES-SERVER
X-Mode
Powered
X-GeoIP
X-From
X-Xfnlog-Site
X-Cache-Host
Cache
X-ProxyCache-Key
X-Revision
X-R9-Blue-Green-Version
X-ProxyCache-Status
X-BYPASS-REASON
X-Cache-TTL-Remaining
X-Qloud-Router
X-LJ-Flow-ID
Mn-Server-Ip
X-Time-Microsecs
X-Cluster
Uber-Trace-Id
X-Loop
X-TNCMS
X-AWS-Id
X-PCL
X-Human
Cross-Origin-Window-Policy
Ec-Rule-Version
X-FB-TRIP-ID
X-OCL
X-VWS-Id
Cache-Tv-Group
X-Unique-Id
X-Hosted-By
X-Site-Version
X-Timing-Wait
X-NYM-Debug-Backend
X-Locale
X-Labrador-Cache-Channel
DB-Nickname
X-Zipkin-Id
X-Proxied
X-Proxy-Build
X-Drupal-Cache-Contexts
X-PHP-Host
X-CSRF-Token
X-Routing-Service
X-Debug-Cache
Selected-Fe
X-Server-W
X-Detected-As
X-Hl-Ver
X-Handled-By
X-FW-Version
TWC-Connection-Speed
TWC-Device-Class
TWC-GeoIP-Country
X-Sucuri-Cache
Property-Id
X-Redis-Cache
X-ServerID
X-Format
X-Be
X-Status
TWC-GeoIP-LatLong
X-Correlation-Id
X-Section
X-Origin-Hint
X-Via-Fastly
X-Amzn-Remapped-Content-Length
TWC-Privacy
TWC-Locale-Group
Webcakes-App-Name
Webcakes-App-Version
X-Access
Webcakes-Region
X-Ratelimit-Reset
X-Cache-PHP
X-Generated-By
X-BCube-Filmed-By
X-Device-Type
X-Hp-Webp
X-Proto
X-No-Session
X-Drupal-Cache-Tags
X-Contextid
FSS-Cache
X-JoinUs
X-SaId
X-ATG-Version
From-Origin
Webserver
X-FTR-Cache-Host
X-Varnish-Cache-Hits
X-Esi
X-CDN-Forward
X-Adobe-Loc
X-Adobe-Content
X-URL
X-NCache
OT-Force-Account-Verify
X-AIR-PT
CF-Cached-On
X-NWS-UUID-VERIFY
X-Origin
X-Oss-Storage-Class
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Oss-Server-Time
X-TT
X-Oss-Request-Id
X-GoCache-CacheStatus
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-TA-CDN-Provider
X-NC
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Akamai-Transformed
X-IPS-LoggedIn
CACHE
Azure-InstanceId
Azure-Version
Azure-RegionName
Azure-SiteName
Azure-SlotName
X-EC-Lua
X-EIG-Tracking-Id
X-IP
X-Bc-Bl
X-CCM
X-Adobe-Source
SD-X-WS
Access-Control-Request-Headers
X-Cache-2
X-Cache-Enabled
X-TIME
X-Storefront-Renderer-Rendered
X-Aspnet-Duration-Ms
X-Flags
X-Shopify-Stage
X-Sorting-Hat-PodId
X-ShopId
X-ShardId
X-Alternate-Cache-Key
X-Sorting-Hat-ShopId
Upgrade-Insecure-Requests
X-Route-Name
X-Providence-Cookie
X-Is-Crawler
Node
X-ECache
X-Cache-Grace
X-ApacheServer
X-Backend-Host
X-Forwarded-Host
X-Cache-Backend
X-APP-VERSION
X-PERF
X-Soup
Cache-Status
Fastly-SSL
X-Say-Cacheable
X-Say-TTL
X-Cluster-Name
X-Pubstack
X-Web-Node
X-Varnishpool
X-Storage
X-Ruxit-Js-Agent
X-SayCDN-TTL
Rendered-Blocks
Decoy-Debug-Key
Machine
Decoy-Debug-Status
Decoy-Debug-TTL
X-RCS-CacheZone
X-G
X-CF-Lambda-Version
X-Processor
Meta-Geo-Continent
X-PAYTM-SRV-ID
X-Tumblr-Pixel-3
X-PBS-Appsvrname
X-S
Host-ID
X-CF-Lambda-Fn
X-External-Request-Id
Mobile-Detection-Method
MD5-Digest
X-Pinterest-Sli-Endpoint-Name
X-A-Ccd
X-A-Dam
X-VG-WebServer
X-VG-WebCache
X-Vtex-Processado-Em
X-Connection-Hash
X-D
X-Vtex-Remote-Cache
X-ARC
X-A
X-Application
X-Vdms-Version
X-Twitter-Response-Tags
X-Aed
X-Trv-Group
X-Transaction
DCR-Decision-By
DCR-Processing-Time-Ms
X-A-Dcw
X-Vdms-Path
X-A-Dgt
X-A-Wwc
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
X-Pinterest-Sli-Latency-Threshold
X-Pinterest-Sli-Response-Type
X-Rewrite-Enabled
X-Destination
X-B-Cookie
X-Cache-NE
X-S-Cookie
X-Rojux
Xc-Version
Fastcgi-X-Cache-Version
X-Request-UUID
Apple-News-Services-Host
X-Worker
X-ScT
Apple-News-Services-Handled
X-Vgn-Hpd-Cached
X-Vgn-Hpd-Variations-Key
X-Backend-TTL
X-Cdn
X-LAGOON
X-Cache-Config
X-TX-ID
X-Viewer-Country
CDN-PullZone
CDN-EdgeStorageId
X-Generation-Time
CDN-RequestId
CDN-Uid
X-Servername
CDN-RequestCountryCode
Is-Eu
Country
X-Ms-Version
X-DPWN-IS-SECURE
CDN-CachedAt
Fastly-SIE
CloudFront-Viewer-Country
X-Envoy-Decorator-Operation
Adler-Geo
Fastly-SWR
X-Rebelmouse-Surrogate-Control
X-Variation
CDN-Cache
X-VG-TLSProxy
X-Ms-Request-Id
X-Rebelmouse-Cache-Control
Platform
X-Varnish-Beresp-Ttl
X-UPSTREAM-Address
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-Dispatcher-Server
X-Core-Value
X-Core-Mission
Country-Code
C-Via
X-Date
X-Cms-Context
Fastly-Drupal-HTML
X-Fastly-Backend
NM-Fastcgi-Cache
X-Fastly-Cache
X-Cache-NGX
Rt-Fastcgi-Cache
X-Accel-Expires-Debug
X-Bip
X-Thanos
X-Platform
Origin
X-Policy
Surrogated-Key
X-Varnish-Cacheable
Wxu-Next-Commit
X-WADP-Cache
Wxu-Next-Hostname
Wxu-Next-Region
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-Cache-Bucket
X-Backend-State
X-Platform-Server
X-Owner
X-Old-Content-Length
X-Clara-WADP
X-Request-Host
X-Hash
X-Request-Start
X-Slack-Backend
X-Fmm-Version
X-Clientip
X-Skip-Cache
X-Irp-Debug
L
X-Method
X-Micro-Cache
X-Microcachable
X-Minions-Version
X-LI-UUID
X-Li-Pop
X-SN
X-Li-Fabric
Time
X-UA
X-NGENIX-Cache
Backend
HA-Ipaddr
Ha-Gx-Prefs
X-Auto-Login
Gh-Request-Id
X-Amz-Meta-Cb-Modifiedtime
X-CGP
X-Cache-Id
X-Cache-Date
X-Cache-Tags
PFcat
L5d-Success-Class
Fastly-Backend-Name
X-JWT-State
X-OVcl
X-Reqid
X-Varnish-CookieHashed-On
X-DefHash
X-DefElseHash
X-VarnishDD-TTL
X-Level-Front-Cache
X-OVcl-Cache
X-Varnish-Ttl
X-Content-Age
X-Render-Time
X-CS
X-Up
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
X-Req
X-HS-Content-Campaign-Id
X-Is-Gdpr
X-Developers
X-Esi-Check
X-Eu-Site
AKAMAI
Akamai-GRN
X-Csrf-Jwt
CacheControlHeader
X-CUA
X-HN
X-Gamma-Serve
X-Generated-On
X-Webstats-RespID
X-Has-Esi
X-Gzip
Now
Ufe-Result
UCS
X-Wa
We-Hiring
Memcached
X-Location
X-Mvc-Supplant-Cachable
X-Geo-Header
Group
X-Edge-Location
X-Cache-URL
Mail-Subject
Pagetype
X-Aicache-OS
X-Cdn-Srv
X-CACHE-AGE
X-Page-View
X-Refresh
X-Cache-Debug
X-Session-Fingerprint
FSS-Proxy
X-LB-ID
X-Proxy-Upstream
X-Branch-Name
X-DC
X-Via-Popn
X-PF-Uncompressing
X-Via-Poph
HostName
X-NODE
X-B3-Spanid
X-Agile-Age
SRV
X-Agile
X-Agile-Id
X-GEO
X-BC
X-Ftr-Cache-Host
X-ZONE
X-Servedbyhost
X-B3-Traceid
X-LI-Proto
X-RateLimit-Remaining
NGX
X-Dc
X-Mvc-Supplant-OutputCached
X-Via-CDN
M-TraceId
X-Debug-Cache-Store
X-Nginx-Cache
X-Debug-Cache-Fetch
X-Datadome
Xserver
X-Cdn-Forward
X-Ua-Device
Hostname
Arc-Country
X-Request-Time
X-Check-Cacheable
X-Varnish-Hostname
X-Instart-Request-ID
X-SERVER
X-Sql-Count
X-Sql-Duration-Ms
X-LLID
X-NU-AKA-ACS-Version
VivaBuild
X-Edge-Server
Cdn-Host
Cdn-Request-Time
Viewtype
X-RunCloud-Cache
X-Cluster-Node
X-SERVER-NAME
X-Bc
X-VCL-Version
X-Via-Ucdn
X-FPC
X-Zone
X-COUNTRY
X-LiteSpeed-Cache-Control
X-Cache-Remote
Srv
Memory
Edge-Copy-Time
X-Action
X-Via-Popv
X-Www-Served-By
X-Via-Edge
X-SRV
WebServer
X-Via-SSL
X-APP
X-UnsetCookies
X-FORWARDED-FOR
X-Srv
X-DI
NtCoent-Length
X-S-Maxage
ServedBy
X-DSS
X-DB
WWW-Authenticate
ProcessTime
Cache-Hits
X-Dynatrace-Js-Agent
X-HS-Status
X-CF-Powered-By
X-ID
X-Cs
X-RPS
X-RSL
X-Vgn-Hpd-Ssi
X-MP-GENERATED-AT
X-RPM
X-DW
SID
X-NGINX-Cache
X-Svr
X-Presslabs-Stats
X-ORACLE-APMCS-REQUEST-ID
Apigw-Requestid
Geoip-Latitude
X-Oss-Cdn-Auth
X-CSRF-TOKEN
GeoIp-Country-Code
Actual-Object-TTL
On-Server
X-Unique-ID
XServer
X-Vcache
X-Geo
T-Server
GeoIP-Latitude
Server-Info
X-We-Are-Hiring
GeoIP-Country-Code
Geo-Info
Ohc-File-Size
X-Hit
User-Agent
X-Pass-Why
W
Sid
X-Akamai-Request-ID2
Processtime
Amp-Access-Control-Allow-Source-Origin
LB
X-Webkit-CSP-Report-Only
X-Epic-Correlation-Id
X-MSEdge-Features
X-MSEdge-Flight
Pics-Label
Server-Host
X-Tb
N-Cache
S-Rt
X-Erf-Stays-Bingo-Pdp-Web
X-HOST
X-Varnish-Hits
X-Nc
X-Envoy-Upstream-Healthchecked-Cluster
CF-IPCountry
Magicmarker
Cdn
WZWS-RAY
Protected
X-Fpc
X-SB
X-VC
X-FC-Vary-Parameters
X-HITS
X-Pjax-Url
Accept-Language
X-Cache-Hfrom
X-Cache-Hm
X-Vcl-Version
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Mobile-Rewrite
Ohc-Cache-HIT
X-Uri
X-Key
Esi-Enabled
CDN
Cteonnt-Length
A
X-Info
X-Newrelic-Synthetics
X-Fastly-Country-Code
X-CACHE-KEY
X-Newrelic-App-Data
X-TT-LOGID
Origin-Edge-Control
Origin-Cache-Control
Tracecode
Lb
User-Cache-Control
X-Acc-Rdl
Odigeo-Trace-Id
Section-Io-Origin-Time-Seconds
Section-Io-Origin-Status
Section-Origin-Responded
DSUID
X-Provided-By
Section-Io-Id
X-Via-NSCOPI
X-Instart-Info
Proxy-Firewall
X-Dispatch
Cache-Name
X-UA-Device-Type
X-Amzn-Remapped-Date
Ssr
X-Amzn-Remapped-Connection
Lfy
X-Origin-Date
X-Li-Proto
X-Magnolia-Registration
X-ServedByHost
Powered-By
X-Geo-Region
X-B3-SpanId
X-StackifyID
X-Dynatrace
X-Cache-Tag
Thinkindot-Control
True-Client-Country-4JS
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
SR-User-Adfree
Vix-Hermes-Req-Id
X-BBXSRF
X-Block-Status
X-BBC-Edge-Cache-Status
X-API-Version
Web-Mar-Node
V-Age
Server-ID
FNAC-ModuleRouting
Instruction
CDCHOST
X-Scheme
X-Cc-Req-Id
X-Cc-Via
IsBot
Locid
Server-Hostname
X-Cache-Expires
Server-Ext
Release
Path
Sever-Int
X-Gen-Mode
X-SD-PageType
X-SIPLIST1
X-Response-By
X-Request-URI
X-Origin-TTL
X-SRCache-Key
X-SVT-ORM-RULES
X-Varnish-Url
X-VServer
X-User
X-Thinkindot-L3
X-SVT-ORM-VERSION
X-Origin-Time
X-Origin-Expires
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Hnp-Log
X-GeoIP-City
D-Cc-Upstream
X-Gdpr
X-Loc
X-Matched-Rule
X-Origin-CC
X-Nyt-Route
X-Node-Id
X-Nginx-Cache-Key
X-Developer
MIME-Version
HitType
Server-Ttl
X-Served-From
X-TH-Server
Cache-Key
X-Akamai-Pragma-Client-IP
X-RAMCache
X-TrackingId
X-Generated-In
X-NodeID
X-Device-Os
X-Contensis-Viewer-Groups
Cache-Provider
X-Cache-ASPX
X-Cache-Info
X-Cdn-Origin
BehaviorPad-Version
X-Parent-Response-Time
X-Traceid
X-Trace-Id
X-Swa-Ws
X-Generated
X-Var-Ttl
X-Lb-Id
X-Varnish-Authentication
X-Via-PopH
X-Via-PopN
X-Server-IP
X-Rocket-Build-Number
X-Sigma
X-Sigma-Backend
X-Sn-Servicetimems
X-Via-PopV
X-Azure-Ref-OriginShield
X-Fetched-On
Fastcgi-Cache-TTL
X-Cache-Spec
X-Men
Cache-Host
Kp-EeAlive
Pramga
CountryCode
X-No-Cache
X-ServiceProvider
X-App
X-Agile-Brick-Ok
X-Tt-Logid
X-ElasticPress-Query
X-VC-Cache
Req-Svc-Chain
X-LiteSpeed-Tag
X-RateLimit-Limit-Second
X-WA
X-Batcache
X-RateLimit-Remaining-Second
Xet-Cookie
Tcn
X-Pf-Uncompressing
X-Varnish-Beresp-TTL
X-B3-Parentspanid
Cf-Device-Type
Source
Who
Cf-Alt-Svc
X-HostName
Dnion-Transfer-Encoding
Inserted-Into-Cache-At
X-Planisys-CDN-Cache
X-PJAX-URL
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Yottaa-OS
X-RateLimit-Limit
X-Selected-Host-Header
X-Path-Route
X-Selected-Name
X-Selected-Scheme
Resin-Trace
X-BBC-Origin-Response-Status
Pragrma
PICS-Label
X-BACKEND-TTL
X-Request-URL
X-Proxy-Cachei7
X-Vgn-Hpd-Reason
Mime-Version
X-Dw-Trace-Id
X-C
X-Apw-Access-Action
X-Apw-Access-Object
Vha6-Origin
X-Apw-Hits
X-Snapshot-Date
X-Apw-Access-Token
X-MiniProfiler-Ids